# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Mar 3 2020 14:14:30 # Log Creation Date: 05.05.2020 07:33:07.498 Process: id = "1" image_name = "main.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\main.exe" page_root = "0x31b74000" os_pid = "0x5e0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x454" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\main.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x598 [0056.853] LoadLibraryA (lpLibFileName="kernel32.dll") returned 0x77940000 [0056.854] GetProcAddress (hModule=0x77940000, lpProcName="AddDllDirectory") returned 0x0 [0056.854] GetProcAddress (hModule=0x77940000, lpProcName="AddVectoredContinueHandler") returned 0x77b43ae0 [0056.854] GetProcAddress (hModule=0x77940000, lpProcName="GetQueuedCompletionStatusEx") returned 0x7798c050 [0056.854] GetProcAddress (hModule=0x77940000, lpProcName="LoadLibraryExA") returned 0x7794e3b0 [0056.855] GetProcAddress (hModule=0x77940000, lpProcName="LoadLibraryExW") returned 0x77956640 [0056.855] GetSystemDirectoryA (in: lpBuffer=0x66dfa0, uSize=0x208 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0056.855] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\advapi32.dll") returned 0x7feff550000 [0061.523] GetProcAddress (hModule=0x7feff550000, lpProcName="SystemFunction036") returned 0x7feff551044 [0061.523] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\ntdll.dll") returned 0x77a60000 [0061.523] GetProcAddress (hModule=0x77a60000, lpProcName="NtWaitForSingleObject") returned 0x77ab1350 [0061.523] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\winmm.dll") returned 0x7fef8470000 [0066.524] GetProcAddress (hModule=0x7fef8470000, lpProcName="timeBeginPeriod") returned 0x7fef847a648 [0066.524] GetProcAddress (hModule=0x7fef8470000, lpProcName="timeEndPeriod") returned 0x7fef847a768 [0066.524] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\ws2_32.dll") returned 0x7fefdd80000 [0066.875] GetProcAddress (hModule=0x7fefdd80000, lpProcName="WSAGetOverlappedResult") returned 0x7fefdda7a50 [0066.875] GetProcAddress (hModule=0x77a60000, lpProcName="wine_get_version") returned 0x0 [0066.875] SetErrorMode (uMode=0x2) returned 0x0 [0066.875] SetErrorMode (uMode=0x8003) returned 0x2 [0066.876] RtlAddVectoredExceptionHandler (FirstHandler=0x1, VectoredHandler=0x462290) returned 0x7a8100 [0066.876] RtlAddVectoredContinueHandler (First=0x1, Handler=0x4622a0) returned 0x7a8130 [0066.876] RtlAddVectoredContinueHandler (First=0x0, Handler=0x4622b0) returned 0x7a8160 [0066.876] SetConsoleCtrlHandler (HandlerRoutine=0x4622c0, Add=1) returned 1 [0066.876] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0066.893] GetProcessAffinityMask (in: hProcess=0xffffffffffffffff, lpProcessAffinityMask=0x22fe88, lpSystemAffinityMask=0x22fe80 | out: lpProcessAffinityMask=0x22fe88, lpSystemAffinityMask=0x22fe80) returned 1 [0066.893] GetSystemInfo (in: lpSystemInfo=0x22fef0 | out: lpSystemInfo=0x22fef0*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0066.894] SetProcessPriorityBoost (hProcess=0xffffffffffffffff, bDisablePriorityBoost=1) returned 1 [0066.895] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x3000, flProtect=0x4) returned 0x2d0000 [0066.895] VirtualAlloc (lpAddress=0x0, dwSize=0x20000, flAllocationType=0x2000, flProtect=0x4) returned 0x310000 [0066.895] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x2000, flProtect=0x4) returned 0x1fb0000 [0066.896] VirtualAlloc (lpAddress=0x0, dwSize=0x800000, flAllocationType=0x2000, flProtect=0x4) returned 0x2160000 [0066.896] VirtualAlloc (lpAddress=0x0, dwSize=0x4000000, flAllocationType=0x2000, flProtect=0x4) returned 0x2960000 [0066.898] VirtualAlloc (lpAddress=0x0, dwSize=0x20000000, flAllocationType=0x2000, flProtect=0x4) returned 0x6960000 [0066.913] SystemFunction036 (in: RandomBuffer=0x66d708, RandomBufferLength=0x8 | out: RandomBuffer=0x66d708) returned 1 [0067.021] VirtualAlloc (lpAddress=0xc000000000, dwSize=0x400000, flAllocationType=0x2000, flProtect=0x4) returned 0xc000000000 [0067.021] VirtualAlloc (lpAddress=0x0, dwSize=0x800000, flAllocationType=0x3000, flProtect=0x4) returned 0x26960000 [0067.022] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x330000 [0067.022] VirtualAlloc (lpAddress=0x310000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x310000 [0067.023] VirtualAlloc (lpAddress=0x2030000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x2030000 [0067.023] VirtualAlloc (lpAddress=0x2566000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x2566000 [0067.023] VirtualAlloc (lpAddress=0x4990000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x4990000 [0067.023] VirtualAlloc (lpAddress=0x16ae0000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0x16ae0000 [0067.025] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x4) returned 0x27160000 [0067.026] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x3000, flProtect=0x4) returned 0x370000 [0067.027] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x3000, flProtect=0x4) returned 0x380000 [0067.027] VirtualAlloc (lpAddress=0xc000000000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000000000 [0067.028] VirtualAlloc (lpAddress=0xc000002000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000002000 [0067.028] SystemFunction036 (in: RandomBuffer=0x66daa0, RandomBufferLength=0x80 | out: RandomBuffer=0x66daa0) returned 1 [0067.028] VirtualAlloc (lpAddress=0xc000004000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000004000 [0067.028] VirtualAlloc (lpAddress=0xc000006000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000006000 [0067.029] GetEnvironmentStringsW () returned 0x7ae030* [0067.029] VirtualAlloc (lpAddress=0xc000008000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000008000 [0067.030] VirtualAlloc (lpAddress=0xc00000a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00000a000 [0067.030] VirtualAlloc (lpAddress=0xc00000c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00000c000 [0067.030] VirtualAlloc (lpAddress=0xc00000e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00000e000 [0067.030] VirtualAlloc (lpAddress=0xc000010000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000010000 [0067.031] VirtualAlloc (lpAddress=0xc000012000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000012000 [0067.031] VirtualAlloc (lpAddress=0xc000014000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000014000 [0067.031] FreeEnvironmentStringsW (penv=0x7ae030) returned 1 [0067.031] LoadLibraryA (lpLibFileName="C:\\Windows\\system32\\powrprof.dll") returned 0x7fefb830000 [0070.476] GetProcAddress (hModule=0x7fefb830000, lpProcName="PowerRegisterSuspendResumeNotification") returned 0x0 [0070.478] VirtualAlloc (lpAddress=0xc000016000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000016000 [0070.479] VirtualAlloc (lpAddress=0xc000020000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000020000 [0070.479] VirtualAlloc (lpAddress=0xc000022000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000022000 [0070.484] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x22fe78, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x22fe78*=0x88) returned 1 [0070.484] VirtualQuery (in: lpAddress=0x22fe98, lpBuffer=0x22fe98, dwLength=0x30 | out: lpBuffer=0x22fe98*(BaseAddress=0x22f000, AllocationBase=0x30000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0070.484] VirtualAlloc (lpAddress=0xc00002a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002a000 [0070.484] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0070.484] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00002a380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8c [0070.486] CloseHandle (hObject=0x8c) returned 1 [0070.486] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00002a700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8c [0070.488] CloseHandle (hObject=0x8c) returned 1 [0070.488] VirtualAlloc (lpAddress=0xc00002e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002e000 [0070.489] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0070.489] VirtualAlloc (lpAddress=0xc000038000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000038000 [0070.489] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00002aa80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8c [0070.490] CloseHandle (hObject=0x8c) returned 1 [0070.490] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8c [0070.490] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x94 [0070.491] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0070.494] VirtualAlloc (lpAddress=0xc000086000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000086000 [0070.495] VirtualAlloc (lpAddress=0xc000088000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000088000 [0070.495] VirtualAlloc (lpAddress=0xc00008a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00008a000 [0070.495] VirtualAlloc (lpAddress=0xc00008c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00008c000 [0070.495] VirtualAlloc (lpAddress=0xc00008e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00008e000 [0070.496] VirtualAlloc (lpAddress=0xc000090000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000090000 [0070.496] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0070.496] VirtualAlloc (lpAddress=0xc000096000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000096000 [0070.496] VirtualAlloc (lpAddress=0xc000098000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000098000 [0070.497] VirtualAlloc (lpAddress=0xc00009a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00009a000 [0070.497] VirtualAlloc (lpAddress=0xc00009c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00009c000 [0070.498] VirtualAlloc (lpAddress=0xc00009e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00009e000 [0070.498] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x77940000 [0070.499] VirtualAlloc (lpAddress=0xc000100000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000100000 [0070.499] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0070.499] GetProcAddress (hModule=0x77940000, lpProcName="GetStdHandle") returned 0x7795d750 [0070.499] GetStdHandle (nStdHandle=0xfffffff6) returned 0x3 [0070.499] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0070.500] GetProcAddress (hModule=0x77940000, lpProcName="SetHandleInformation") returned 0x77945bb0 [0070.500] SetHandleInformation (hObject=0x3, dwMask=0x1, dwFlags=0x0) returned 0 [0070.503] SetEvent (hEvent=0xc0) returned 1 [0070.503] GetStdHandle (nStdHandle=0xfffffff5) returned 0x7 [0070.503] SetHandleInformation (hObject=0x7, dwMask=0x1, dwFlags=0x0) returned 0 [0070.503] VirtualAlloc (lpAddress=0xc0000a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a0000 [0070.504] GetStdHandle (nStdHandle=0xfffffff4) returned 0xb [0070.504] SetHandleInformation (hObject=0xb, dwMask=0x1, dwFlags=0x0) returned 0 [0070.504] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0070.504] GetProcAddress (hModule=0x77940000, lpProcName="GetSystemDirectoryW") returned 0x77957120 [0070.505] GetSystemDirectoryW (in: lpBuffer=0xc0000a2000, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0070.505] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0070.505] VirtualAlloc (lpAddress=0xc0000a6000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a6000 [0070.506] VirtualAlloc (lpAddress=0xc0000b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b4000 [0070.506] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0070.507] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\ws2_32.dll") returned 0x7fefdd80000 [0070.507] GetProcAddress (hModule=0x7fefdd80000, lpProcName="WSAStartup") returned 0x7fefdd84980 [0070.507] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0xc000027cf0 | out: lpWSAData=0xc000027cf0) returned 0 [0070.518] GetProcAddress (hModule=0x77940000, lpProcName="CancelIoEx") returned 0x7798c5c0 [0070.518] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0070.518] VirtualAlloc (lpAddress=0xc0000c0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000c0000 [0070.518] VirtualAlloc (lpAddress=0xc0000c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000c8000 [0070.519] GetProcAddress (hModule=0x77940000, lpProcName="SetFileCompletionNotificationModes") returned 0x77990550 [0070.519] GetProcAddress (hModule=0x7fefdd80000, lpProcName="WSAEnumProtocolsW") returned 0x7fefdda8af0 [0070.519] WSAEnumProtocolsW (in: lpiProtocols=0xc0000c2e38, lpProtocolBuffer=0xc0000c2e40, lpdwBufferLength=0xc0000c2e34 | out: lpProtocolBuffer=0xc0000c2e40, lpdwBufferLength=0xc0000c2e34) returned 4 [0070.562] GetProcAddress (hModule=0x77940000, lpProcName="GetConsoleMode") returned 0x77962e60 [0070.562] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0xc0000c7e3c | out: lpMode=0xc0000c7e3c) returned 1 [0070.563] GetProcAddress (hModule=0x77940000, lpProcName="GetFileType") returned 0x77962e00 [0070.563] GetFileType (hFile=0x3) returned 0x2 [0070.563] VirtualAlloc (lpAddress=0xc000106000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000106000 [0070.563] VirtualAlloc (lpAddress=0xc000108000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000108000 [0070.564] VirtualAlloc (lpAddress=0xc00010a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010a000 [0070.564] SetEvent (hEvent=0xb8) returned 1 [0070.564] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x3000, flProtect=0x4) returned 0x28130000 [0070.564] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0xc0000c7e3c | out: lpMode=0xc0000c7e3c) returned 1 [0070.565] GetFileType (hFile=0x7) returned 0x2 [0070.565] VirtualAlloc (lpAddress=0xc0000ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ca000 [0070.566] VirtualAlloc (lpAddress=0xc0000cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000cc000 [0070.566] GetConsoleMode (in: hConsoleHandle=0xb, lpMode=0xc0000c7e3c | out: lpMode=0xc0000c7e3c) returned 1 [0070.567] GetFileType (hFile=0xb) returned 0x2 [0070.567] GetProcAddress (hModule=0x77940000, lpProcName="GetCommandLineW") returned 0x7795c480 [0070.567] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\main.exe\" " [0070.567] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0070.567] VirtualAlloc (lpAddress=0xc0000d0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d0000 [0070.568] VirtualAlloc (lpAddress=0xc0000d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d4000 [0070.569] VirtualAlloc (lpAddress=0xc0000d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d6000 [0070.569] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0070.570] VirtualAlloc (lpAddress=0xc0000da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000da000 [0070.570] GetProcAddress (hModule=0x77940000, lpProcName="GetEnvironmentVariableW") returned 0x779590a0 [0070.570] GetEnvironmentVariableW (in: lpName="GODEBUG", lpBuffer=0xc0000ce0d0, nSize=0x64 | out: lpBuffer="") returned 0x0 [0070.571] CreateIoCompletionPort (FileHandle=0xffffffffffffffff, ExistingCompletionPort=0x0, CompletionKey=0x0, NumberOfConcurrentThreads=0xffffffff) returned 0xdc [0070.571] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0070.571] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll") returned 0x7feff550000 [0070.571] GetProcAddress (hModule=0x7feff550000, lpProcName="CryptAcquireContextW") returned 0x7feff55d98c [0070.572] CryptAcquireContextW (in: phProv=0xc00009e128, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0xc00009e128*=0x7b24a0) returned 1 [0070.944] GetProcAddress (hModule=0x7feff550000, lpProcName="CryptGenRandom") returned 0x7feff55dc60 [0070.944] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x1, pbBuffer=0xc0000a0130 | out: pbBuffer=0xc0000a0130) returned 1 [0070.945] VirtualAlloc (lpAddress=0xc0000de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000de000 [0070.945] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0070.945] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0070.946] VirtualAlloc (lpAddress=0xc0000e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e2000 [0070.946] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0070.947] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0070.947] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0070.947] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0070.948] VirtualAlloc (lpAddress=0xc0000ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ec000 [0070.949] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0070.949] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0070.951] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0070.951] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0070.952] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0070.952] VirtualAlloc (lpAddress=0xc0000f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f4000 [0070.954] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0070.954] VirtualAlloc (lpAddress=0xc0000f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f6000 [0070.955] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0070.956] VirtualAlloc (lpAddress=0xc0000f8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f8000 [0070.997] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0070.997] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0070.999] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0070.999] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0070.999] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0071.001] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.001] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0071.002] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.003] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0071.004] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.005] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.005] VirtualAlloc (lpAddress=0xc000188000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000188000 [0071.006] VirtualAlloc (lpAddress=0xc00018c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00018c000 [0071.007] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.007] VirtualAlloc (lpAddress=0xc00018e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00018e000 [0071.007] VirtualAlloc (lpAddress=0xc000190000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000190000 [0071.008] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.010] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.010] VirtualAlloc (lpAddress=0xc000192000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000192000 [0071.010] VirtualAlloc (lpAddress=0xc000194000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000194000 [0071.010] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0071.012] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.012] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0071.013] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.015] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.015] VirtualAlloc (lpAddress=0xc00019c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019c000 [0071.015] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0071.017] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.017] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0071.019] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.020] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.020] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0071.021] VirtualAlloc (lpAddress=0xc0001a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a8000 [0071.022] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.022] VirtualAlloc (lpAddress=0xc0001aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001aa000 [0071.025] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.026] VirtualAlloc (lpAddress=0xc0001ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ac000 [0071.027] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.027] VirtualAlloc (lpAddress=0xc0001ae000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ae000 [0071.028] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0071.029] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.030] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.031] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0071.031] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0071.032] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.032] VirtualAlloc (lpAddress=0xc0001b8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b8000 [0071.033] VirtualAlloc (lpAddress=0xc0001bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001bc000 [0071.034] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.036] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.036] VirtualAlloc (lpAddress=0xc0001be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001be000 [0071.036] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0071.038] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.038] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0071.039] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.039] VirtualAlloc (lpAddress=0xc0001c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c6000 [0071.041] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.041] VirtualAlloc (lpAddress=0xc0001c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c8000 [0071.042] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.042] VirtualAlloc (lpAddress=0xc0001ca000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ca000 [0071.044] VirtualAlloc (lpAddress=0xc0001ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ce000 [0071.044] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.044] VirtualAlloc (lpAddress=0xc0001d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d0000 [0071.046] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.046] VirtualAlloc (lpAddress=0x0, dwSize=0x15f8f8, flAllocationType=0x3000, flProtect=0x4) returned 0x28170000 [0071.047] VirtualAlloc (lpAddress=0xc0001d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d2000 [0071.049] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.049] VirtualAlloc (lpAddress=0xc0001d4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d4000 [0071.052] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.052] VirtualAlloc (lpAddress=0xc0001d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d8000 [0071.052] VirtualAlloc (lpAddress=0xc0001da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001da000 [0071.053] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.053] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0071.054] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0071.055] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.055] VirtualAlloc (lpAddress=0xc0001e0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e0000 [0071.056] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.057] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0071.058] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.058] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0071.060] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.060] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0071.061] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.062] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0071.063] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.063] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0071.063] VirtualAlloc (lpAddress=0xc0001f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f0000 [0071.065] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.065] VirtualAlloc (lpAddress=0xc0001f2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f2000 [0071.066] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.067] VirtualAlloc (lpAddress=0xc0001f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f6000 [0071.069] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.070] VirtualAlloc (lpAddress=0xc0001f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f8000 [0071.071] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.071] VirtualAlloc (lpAddress=0xc0001fa000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fa000 [0071.072] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.072] VirtualAlloc (lpAddress=0xc0001fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fe000 [0071.073] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.073] VirtualAlloc (lpAddress=0xc000200000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000200000 [0071.075] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.075] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0071.075] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0071.075] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0071.076] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.076] VirtualAlloc (lpAddress=0xc00020a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020a000 [0071.077] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.078] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.078] VirtualAlloc (lpAddress=0xc00020c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020c000 [0071.079] VirtualAlloc (lpAddress=0xc000210000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000210000 [0071.080] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.080] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0071.081] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.082] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.082] VirtualAlloc (lpAddress=0xc000214000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000214000 [0071.082] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0071.083] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.083] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0071.084] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.084] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0071.085] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0071.085] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.085] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0071.087] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.087] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0071.088] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.089] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.089] VirtualAlloc (lpAddress=0xc000226000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000226000 [0071.089] VirtualAlloc (lpAddress=0xc00022a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00022a000 [0071.089] VirtualAlloc (lpAddress=0xc00022c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00022c000 [0071.090] VirtualAlloc (lpAddress=0xc00022e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00022e000 [0071.091] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.091] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0071.091] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0071.092] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.094] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.094] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0071.094] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0071.094] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0071.096] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.096] VirtualAlloc (lpAddress=0xc00023c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023c000 [0071.097] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.098] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.098] VirtualAlloc (lpAddress=0xc00023e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023e000 [0071.098] VirtualAlloc (lpAddress=0xc000242000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000242000 [0071.099] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.100] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0071.101] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.102] VirtualAlloc (lpAddress=0xc000246000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000246000 [0071.102] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.102] VirtualAlloc (lpAddress=0xc000248000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000248000 [0071.103] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.104] VirtualAlloc (lpAddress=0xc00024c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024c000 [0071.104] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0071.105] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.107] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.107] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0071.107] VirtualAlloc (lpAddress=0xc000254000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000254000 [0071.108] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.108] VirtualAlloc (lpAddress=0xc000256000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000256000 [0071.109] VirtualAlloc (lpAddress=0xc000258000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000258000 [0071.110] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.111] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.111] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0071.112] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0071.113] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.114] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0071.115] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.115] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0071.116] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.116] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0071.117] VirtualAlloc (lpAddress=0xc000268000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000268000 [0071.118] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.119] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.119] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0071.120] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.121] VirtualAlloc (lpAddress=0xc00026c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026c000 [0071.121] VirtualAlloc (lpAddress=0xc000270000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000270000 [0071.122] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.123] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.123] VirtualAlloc (lpAddress=0xc000272000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000272000 [0071.124] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.124] VirtualAlloc (lpAddress=0xc000274000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000274000 [0071.125] VirtualAlloc (lpAddress=0xc000278000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000278000 [0071.126] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.126] VirtualAlloc (lpAddress=0xc00027a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027a000 [0071.126] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0071.127] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.128] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0071.129] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.129] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0071.130] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.130] VirtualAlloc (lpAddress=0xc000284000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000284000 [0071.131] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.131] VirtualAlloc (lpAddress=0xc000286000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000286000 [0071.132] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.132] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0071.133] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.134] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0071.134] VirtualAlloc (lpAddress=0xc00028e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028e000 [0071.135] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.135] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0071.135] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0071.136] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.136] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0071.137] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.137] VirtualAlloc (lpAddress=0xc000298000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000298000 [0071.138] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.139] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.139] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0071.140] VirtualAlloc (lpAddress=0xc00029e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029e000 [0071.141] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.141] VirtualAlloc (lpAddress=0xc0002a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a0000 [0071.142] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.142] VirtualAlloc (lpAddress=0xc0002a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a2000 [0071.143] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.143] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0071.144] VirtualAlloc (lpAddress=0xc0002a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a8000 [0071.144] VirtualAlloc (lpAddress=0xc0002aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002aa000 [0071.145] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.145] VirtualAlloc (lpAddress=0xc0002ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ac000 [0071.146] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.147] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.147] VirtualAlloc (lpAddress=0xc0002ae000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ae000 [0071.147] VirtualAlloc (lpAddress=0xc0002b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b2000 [0071.148] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.148] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0071.150] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.152] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.152] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0071.152] VirtualAlloc (lpAddress=0xc0002ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ba000 [0071.154] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.154] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0071.155] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.155] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0071.157] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.157] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0071.158] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0071.159] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.160] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0071.161] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.161] VirtualAlloc (lpAddress=0xc0002c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c8000 [0071.163] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.163] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0071.164] VirtualAlloc (lpAddress=0xc0002ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ce000 [0071.166] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.166] VirtualAlloc (lpAddress=0xc0002d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d0000 [0071.177] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.178] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.179] VirtualAlloc (lpAddress=0xc0002d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d2000 [0071.179] VirtualAlloc (lpAddress=0xc0002d4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d4000 [0071.179] VirtualAlloc (lpAddress=0xc0002d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d8000 [0071.180] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.181] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.182] VirtualAlloc (lpAddress=0xc0002da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002da000 [0071.184] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.184] VirtualAlloc (lpAddress=0xc0002dc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002dc000 [0071.185] VirtualAlloc (lpAddress=0xc0002e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e0000 [0071.186] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.187] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.188] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0071.189] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.189] VirtualAlloc (lpAddress=0xc0002e4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e4000 [0071.189] VirtualAlloc (lpAddress=0xc0002e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e8000 [0071.191] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.191] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0071.193] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0071.193] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.193] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0071.195] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.195] VirtualAlloc (lpAddress=0xc0002f0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f0000 [0071.195] VirtualAlloc (lpAddress=0xc0002f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f4000 [0071.197] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.197] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0071.198] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.198] VirtualAlloc (lpAddress=0xc0002f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f8000 [0071.199] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0071.200] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.200] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0071.202] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.202] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0071.204] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.204] VirtualAlloc (lpAddress=0xc000302000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000302000 [0071.204] VirtualAlloc (lpAddress=0xc000304000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000304000 [0071.206] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.206] VirtualAlloc (lpAddress=0xc000306000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000306000 [0071.209] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.209] VirtualAlloc (lpAddress=0xc00030a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030a000 [0071.210] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.211] VirtualAlloc (lpAddress=0xc00030c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030c000 [0071.212] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.212] VirtualAlloc (lpAddress=0xc00030e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030e000 [0071.214] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.214] VirtualAlloc (lpAddress=0xc000312000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000312000 [0071.216] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.217] VirtualAlloc (lpAddress=0xc000314000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000314000 [0071.217] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.217] VirtualAlloc (lpAddress=0xc000316000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000316000 [0071.218] VirtualAlloc (lpAddress=0xc00031a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031a000 [0071.219] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.220] VirtualAlloc (lpAddress=0xc00031c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031c000 [0071.220] VirtualAlloc (lpAddress=0xc00031e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031e000 [0071.222] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.223] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.223] VirtualAlloc (lpAddress=0xc000320000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000320000 [0071.224] VirtualAlloc (lpAddress=0xc000324000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000324000 [0071.225] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.225] VirtualAlloc (lpAddress=0xc000326000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000326000 [0071.227] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.228] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.228] VirtualAlloc (lpAddress=0xc000328000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000328000 [0071.229] VirtualAlloc (lpAddress=0xc00032c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032c000 [0071.230] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.230] VirtualAlloc (lpAddress=0xc00032e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032e000 [0071.232] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.232] VirtualAlloc (lpAddress=0xc000330000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000330000 [0071.233] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.233] VirtualAlloc (lpAddress=0xc000332000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000332000 [0071.234] VirtualAlloc (lpAddress=0xc000336000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000336000 [0071.235] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.236] VirtualAlloc (lpAddress=0xc000338000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000338000 [0071.237] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.239] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.239] VirtualAlloc (lpAddress=0xc00033a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033a000 [0071.239] VirtualAlloc (lpAddress=0xc00033e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033e000 [0071.241] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.241] VirtualAlloc (lpAddress=0xc000340000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000340000 [0071.243] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.243] VirtualAlloc (lpAddress=0xc000342000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000342000 [0071.247] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.248] VirtualAlloc (lpAddress=0xc000344000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000344000 [0071.248] VirtualAlloc (lpAddress=0xc000348000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000348000 [0071.248] VirtualAlloc (lpAddress=0xc00034a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00034a000 [0071.250] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.251] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.251] VirtualAlloc (lpAddress=0xc00034c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00034c000 [0071.253] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.253] VirtualAlloc (lpAddress=0xc00034e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00034e000 [0071.254] VirtualAlloc (lpAddress=0xc000352000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000352000 [0071.255] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.255] VirtualAlloc (lpAddress=0xc000354000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000354000 [0071.257] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.257] VirtualAlloc (lpAddress=0xc000356000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000356000 [0071.259] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.259] VirtualAlloc (lpAddress=0xc000358000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000358000 [0071.261] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.261] VirtualAlloc (lpAddress=0xc00035c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00035c000 [0071.262] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.262] VirtualAlloc (lpAddress=0xc00035e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00035e000 [0071.263] VirtualAlloc (lpAddress=0xc000360000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000360000 [0071.264] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.264] VirtualAlloc (lpAddress=0xc000362000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000362000 [0071.266] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.266] VirtualAlloc (lpAddress=0xc000366000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000366000 [0071.266] VirtualAlloc (lpAddress=0xc000368000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000368000 [0071.268] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.268] VirtualAlloc (lpAddress=0xc00036a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036a000 [0071.270] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.270] VirtualAlloc (lpAddress=0xc00036c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036c000 [0071.271] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.271] VirtualAlloc (lpAddress=0xc000370000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000370000 [0071.273] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.274] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.274] VirtualAlloc (lpAddress=0xc000372000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000372000 [0071.274] VirtualAlloc (lpAddress=0xc000374000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000374000 [0071.275] VirtualAlloc (lpAddress=0xc000378000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000378000 [0071.277] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.278] VirtualAlloc (lpAddress=0xc00037a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037a000 [0071.279] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.281] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.281] VirtualAlloc (lpAddress=0xc00037c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037c000 [0071.281] VirtualAlloc (lpAddress=0xc000380000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000380000 [0071.283] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.284] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.284] VirtualAlloc (lpAddress=0xc000382000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000382000 [0071.286] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.286] VirtualAlloc (lpAddress=0xc000384000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000384000 [0071.286] VirtualAlloc (lpAddress=0xc000388000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000388000 [0071.288] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.288] VirtualAlloc (lpAddress=0xc00038a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00038a000 [0071.289] VirtualAlloc (lpAddress=0xc00038c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00038c000 [0071.290] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.290] VirtualAlloc (lpAddress=0xc00038e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00038e000 [0071.291] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.291] VirtualAlloc (lpAddress=0xc000390000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000390000 [0071.292] VirtualAlloc (lpAddress=0xc000394000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000394000 [0071.293] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.295] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.295] VirtualAlloc (lpAddress=0xc000396000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000396000 [0071.297] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.297] VirtualAlloc (lpAddress=0xc000398000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000398000 [0071.297] VirtualAlloc (lpAddress=0xc00039c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00039c000 [0071.299] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.300] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.300] VirtualAlloc (lpAddress=0xc00039e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00039e000 [0071.300] VirtualAlloc (lpAddress=0xc0003a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a0000 [0071.302] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.302] VirtualAlloc (lpAddress=0xc0003a2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a2000 [0071.303] VirtualAlloc (lpAddress=0xc0003a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a6000 [0071.304] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.305] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.306] VirtualAlloc (lpAddress=0xc0003a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a8000 [0071.307] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.307] VirtualAlloc (lpAddress=0xc0003aa000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003aa000 [0071.309] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.309] VirtualAlloc (lpAddress=0xc0003ae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ae000 [0071.310] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.311] VirtualAlloc (lpAddress=0xc0003b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003b0000 [0071.311] VirtualAlloc (lpAddress=0xc0003b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003b2000 [0071.312] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.312] VirtualAlloc (lpAddress=0xc0003b4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003b4000 [0071.314] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.314] VirtualAlloc (lpAddress=0xc0003b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003b8000 [0071.314] VirtualAlloc (lpAddress=0xc0003ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ba000 [0071.316] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.316] VirtualAlloc (lpAddress=0xc0003bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003bc000 [0071.318] VirtualAlloc (lpAddress=0xc0003be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003be000 [0071.318] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.318] VirtualAlloc (lpAddress=0xc0003c0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c0000 [0071.318] VirtualAlloc (lpAddress=0xc0003c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c4000 [0071.320] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.320] VirtualAlloc (lpAddress=0xc0003c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c6000 [0071.321] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.322] VirtualAlloc (lpAddress=0xc0003c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c8000 [0071.323] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.323] VirtualAlloc (lpAddress=0xc0003ca000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ca000 [0071.325] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.325] VirtualAlloc (lpAddress=0xc0003ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ce000 [0071.327] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.327] VirtualAlloc (lpAddress=0xc0003d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d0000 [0071.328] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.328] VirtualAlloc (lpAddress=0xc0003d2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d2000 [0071.329] VirtualAlloc (lpAddress=0xc0003d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d6000 [0071.330] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.331] VirtualAlloc (lpAddress=0xc0003d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d8000 [0071.332] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.335] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0000e0000 | out: pbBuffer=0xc0000e0000) returned 1 [0071.335] VirtualAlloc (lpAddress=0xc0003da000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003da000 [0071.349] VirtualAlloc (lpAddress=0xc0003de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003de000 [0071.350] VirtualAlloc (lpAddress=0xc0003e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e0000 [0071.352] VirtualAlloc (lpAddress=0xc0003e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e2000 [0071.354] VirtualAlloc (lpAddress=0xc0003e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e4000 [0071.357] VirtualAlloc (lpAddress=0xc0003e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e6000 [0071.360] VirtualAlloc (lpAddress=0xc0003e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e8000 [0071.362] VirtualAlloc (lpAddress=0xc0003ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ea000 [0071.365] VirtualAlloc (lpAddress=0xc0003ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ec000 [0071.368] VirtualAlloc (lpAddress=0xc0003ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ee000 [0071.369] VirtualAlloc (lpAddress=0xc0003f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f0000 [0071.371] VirtualAlloc (lpAddress=0xc0003f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f2000 [0071.374] VirtualAlloc (lpAddress=0xc0003f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f4000 [0071.377] VirtualAlloc (lpAddress=0xc0003f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f6000 [0071.380] VirtualAlloc (lpAddress=0xc0003f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f8000 [0071.382] VirtualAlloc (lpAddress=0xc0003fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fa000 [0071.389] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.390] VirtualAlloc (lpAddress=0xc0003fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fc000 [0071.391] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.391] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0071.393] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.393] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x400000, flAllocationType=0x2000, flProtect=0x4) returned 0xc000400000 [0071.393] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x20b0000 [0071.394] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0071.395] VirtualAlloc (lpAddress=0xc000404000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000404000 [0071.396] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.396] VirtualAlloc (lpAddress=0xc000406000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000406000 [0071.398] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.398] VirtualAlloc (lpAddress=0xc000408000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000408000 [0071.398] VirtualAlloc (lpAddress=0xc00040a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00040a000 [0071.400] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.400] VirtualAlloc (lpAddress=0xc00040c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00040c000 [0071.400] VirtualAlloc (lpAddress=0xc000410000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000410000 [0071.402] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.403] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.403] VirtualAlloc (lpAddress=0xc000412000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000412000 [0071.405] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.405] VirtualAlloc (lpAddress=0xc000414000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000414000 [0071.405] VirtualAlloc (lpAddress=0xc000416000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000416000 [0071.407] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.407] VirtualAlloc (lpAddress=0xc00041a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00041a000 [0071.409] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.409] VirtualAlloc (lpAddress=0xc00041c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00041c000 [0071.410] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.410] VirtualAlloc (lpAddress=0xc00041e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00041e000 [0071.412] VirtualAlloc (lpAddress=0xc000422000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000422000 [0071.412] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.414] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.414] VirtualAlloc (lpAddress=0xc000424000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000424000 [0071.415] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.415] VirtualAlloc (lpAddress=0xc000426000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000426000 [0071.417] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.417] VirtualAlloc (lpAddress=0xc00042a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00042a000 [0071.418] VirtualAlloc (lpAddress=0xc00042c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00042c000 [0071.418] VirtualAlloc (lpAddress=0xc00042e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00042e000 [0071.420] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.420] VirtualAlloc (lpAddress=0xc000430000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000430000 [0071.421] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.421] VirtualAlloc (lpAddress=0xc000432000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000432000 [0071.423] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.423] VirtualAlloc (lpAddress=0xc000436000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000436000 [0071.425] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.425] VirtualAlloc (lpAddress=0xc000438000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000438000 [0071.427] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.427] VirtualAlloc (lpAddress=0xc00043a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00043a000 [0071.428] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.429] VirtualAlloc (lpAddress=0xc00043e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00043e000 [0071.430] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.430] VirtualAlloc (lpAddress=0xc000440000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000440000 [0071.432] VirtualAlloc (lpAddress=0xc000442000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000442000 [0071.432] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.432] VirtualAlloc (lpAddress=0xc000444000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000444000 [0071.434] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.434] VirtualAlloc (lpAddress=0xc000448000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000448000 [0071.436] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.437] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.437] VirtualAlloc (lpAddress=0xc00044a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00044a000 [0071.438] VirtualAlloc (lpAddress=0xc00044e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00044e000 [0071.439] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.439] VirtualAlloc (lpAddress=0xc000450000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000450000 [0071.441] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.441] VirtualAlloc (lpAddress=0xc000452000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000452000 [0071.443] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.443] VirtualAlloc (lpAddress=0xc000454000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000454000 [0071.443] VirtualAlloc (lpAddress=0xc000458000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000458000 [0071.445] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.445] VirtualAlloc (lpAddress=0xc00045a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00045a000 [0071.445] VirtualAlloc (lpAddress=0xc00045c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00045c000 [0071.447] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.448] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.448] VirtualAlloc (lpAddress=0xc00045e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00045e000 [0071.449] VirtualAlloc (lpAddress=0xc000462000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000462000 [0071.449] VirtualAlloc (lpAddress=0xc000464000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000464000 [0071.452] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.452] VirtualAlloc (lpAddress=0xc000466000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000466000 [0071.454] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.454] VirtualAlloc (lpAddress=0xc000468000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000468000 [0071.456] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.456] VirtualAlloc (lpAddress=0xc00046a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00046a000 [0071.457] VirtualAlloc (lpAddress=0xc00046e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00046e000 [0071.458] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.459] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.459] VirtualAlloc (lpAddress=0xc000470000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000470000 [0071.460] VirtualAlloc (lpAddress=0xc000472000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000472000 [0071.461] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.461] VirtualAlloc (lpAddress=0xc000474000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000474000 [0071.462] VirtualAlloc (lpAddress=0xc000478000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000478000 [0071.464] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.465] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.465] VirtualAlloc (lpAddress=0xc00047a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00047a000 [0071.466] VirtualAlloc (lpAddress=0xc00047c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00047c000 [0071.467] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.467] VirtualAlloc (lpAddress=0xc000480000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000480000 [0071.468] VirtualAlloc (lpAddress=0xc00047e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00047e000 [0071.469] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.471] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.471] VirtualAlloc (lpAddress=0xc000484000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000484000 [0071.472] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.472] VirtualAlloc (lpAddress=0xc000486000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000486000 [0071.472] VirtualAlloc (lpAddress=0xc000488000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000488000 [0071.474] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.474] VirtualAlloc (lpAddress=0xc00048c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00048c000 [0071.476] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.476] VirtualAlloc (lpAddress=0xc00048e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00048e000 [0071.478] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.478] VirtualAlloc (lpAddress=0xc000490000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000490000 [0071.479] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.479] VirtualAlloc (lpAddress=0xc000494000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000494000 [0071.481] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.481] VirtualAlloc (lpAddress=0xc000496000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000496000 [0071.483] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.483] VirtualAlloc (lpAddress=0xc000498000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0071.484] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.485] VirtualAlloc (lpAddress=0xc00049c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00049c000 [0071.485] VirtualAlloc (lpAddress=0xc00049e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00049e000 [0071.489] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.489] VirtualAlloc (lpAddress=0xc0004a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004a0000 [0071.491] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.491] VirtualAlloc (lpAddress=0xc0004a2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004a2000 [0071.491] VirtualAlloc (lpAddress=0xc0004a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004a6000 [0071.492] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.493] VirtualAlloc (lpAddress=0xc0004a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004a8000 [0071.494] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.495] VirtualAlloc (lpAddress=0xc0004aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004aa000 [0071.496] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.496] VirtualAlloc (lpAddress=0xc0004ac000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004ac000 [0071.497] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.498] VirtualAlloc (lpAddress=0xc0004b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004b0000 [0071.499] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.501] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.501] VirtualAlloc (lpAddress=0xc0004b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004b2000 [0071.501] VirtualAlloc (lpAddress=0xc0004b4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004b4000 [0071.501] VirtualAlloc (lpAddress=0xc0004b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004b8000 [0071.503] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.503] VirtualAlloc (lpAddress=0xc0004ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004ba000 [0071.505] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.507] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.507] VirtualAlloc (lpAddress=0xc0004bc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004bc000 [0071.507] VirtualAlloc (lpAddress=0xc0004c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004c0000 [0071.509] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.509] VirtualAlloc (lpAddress=0xc0004c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004c2000 [0071.510] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.512] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.512] VirtualAlloc (lpAddress=0xc0004c4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004c4000 [0071.512] VirtualAlloc (lpAddress=0xc0004c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004c8000 [0071.513] VirtualAlloc (lpAddress=0xc0004ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004ca000 [0071.514] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.514] VirtualAlloc (lpAddress=0xc0004cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004cc000 [0071.515] VirtualAlloc (lpAddress=0xc0004ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004ce000 [0071.516] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.517] VirtualAlloc (lpAddress=0xc0004d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004d0000 [0071.518] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.518] VirtualAlloc (lpAddress=0xc0004d2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004d2000 [0071.519] VirtualAlloc (lpAddress=0xc0004d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004d6000 [0071.519] SetEvent (hEvent=0x9c) returned 1 [0071.519] SetEvent (hEvent=0xa8) returned 1 [0071.519] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0071.520] SetEvent (hEvent=0xb8) returned 1 [0071.521] SetEvent (hEvent=0xa8) returned 1 [0071.521] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0071.521] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0071.522] SetEvent (hEvent=0x9c) returned 1 [0071.522] SetEvent (hEvent=0xa8) returned 1 [0071.522] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0071.522] VirtualAlloc (lpAddress=0xc0004d8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004d8000 [0071.523] SetEvent (hEvent=0xb8) returned 1 [0071.523] SetEvent (hEvent=0xa8) returned 1 [0071.523] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0071.524] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0071.524] SetEvent (hEvent=0x9c) returned 1 [0071.524] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0071.526] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x3000, flProtect=0x4) returned 0x3f0000 [0071.526] VirtualAlloc (lpAddress=0xc000114000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000114000 [0071.528] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.528] VirtualAlloc (lpAddress=0xc000116000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000116000 [0071.528] VirtualAlloc (lpAddress=0xc000118000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000118000 [0071.529] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0071.529] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0071.529] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0071.530] VirtualAlloc (lpAddress=0xc000122000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000122000 [0071.530] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0071.530] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0071.532] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.532] VirtualAlloc (lpAddress=0xc000128000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000128000 [0071.534] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.535] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.535] VirtualAlloc (lpAddress=0xc00012a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00012a000 [0071.535] VirtualAlloc (lpAddress=0xc00012e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00012e000 [0071.537] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.537] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0071.539] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.540] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.540] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0071.540] VirtualAlloc (lpAddress=0xc000136000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000136000 [0071.542] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.542] VirtualAlloc (lpAddress=0xc000138000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000138000 [0071.542] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0071.544] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.545] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.545] VirtualAlloc (lpAddress=0xc00013c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013c000 [0071.546] VirtualAlloc (lpAddress=0xc000140000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000140000 [0071.547] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.548] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.549] VirtualAlloc (lpAddress=0xc000142000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000142000 [0071.550] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.550] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0071.551] VirtualAlloc (lpAddress=0xc000148000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000148000 [0071.551] VirtualAlloc (lpAddress=0xc00014a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014a000 [0071.553] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.554] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.554] VirtualAlloc (lpAddress=0xc00014c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014c000 [0071.554] VirtualAlloc (lpAddress=0xc00014e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014e000 [0071.556] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.556] VirtualAlloc (lpAddress=0xc000150000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000150000 [0071.557] VirtualAlloc (lpAddress=0xc000154000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000154000 [0071.558] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.559] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.559] VirtualAlloc (lpAddress=0xc000156000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000156000 [0071.561] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.561] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0071.562] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0071.563] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.565] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.565] VirtualAlloc (lpAddress=0xc00015e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015e000 [0071.566] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.567] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0071.567] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0071.569] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.569] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0071.570] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.570] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0071.572] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.572] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0071.574] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.574] VirtualAlloc (lpAddress=0xc00016e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016e000 [0071.574] VirtualAlloc (lpAddress=0xc000170000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000170000 [0071.576] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.576] VirtualAlloc (lpAddress=0xc000172000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000172000 [0071.578] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.578] VirtualAlloc (lpAddress=0xc000174000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000174000 [0071.579] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.579] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0071.581] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.581] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0071.581] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0071.583] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.583] VirtualAlloc (lpAddress=0xc000500000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000500000 [0071.585] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.585] VirtualAlloc (lpAddress=0xc00017e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017e000 [0071.585] VirtualAlloc (lpAddress=0xc000504000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000504000 [0071.588] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.588] VirtualAlloc (lpAddress=0xc000506000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000506000 [0071.592] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0071.595] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0071.697] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0071.804] SetEvent (hEvent=0xb8) returned 1 [0071.804] VirtualFree (lpAddress=0xc0004d6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0071.804] VirtualFree (lpAddress=0xc0004d4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0071.804] SwitchToThread () returned 1 [0071.907] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f578, ulCount=0x10, ulNumEntriesRemoved=0x22f54c, dwMilliseconds=0x3b9aca00, fAlertable=0 | out: lpCompletionPortEntries=0x22f578, ulNumEntriesRemoved=0x22f54c) returned 1 [0089.823] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f578, ulCount=0x10, ulNumEntriesRemoved=0x22f54c, dwMilliseconds=0x5, fAlertable=0 | out: lpCompletionPortEntries=0x22f578, ulNumEntriesRemoved=0x22f54c) returned 1 [0089.824] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f578, ulCount=0x10, ulNumEntriesRemoved=0x22f54c, dwMilliseconds=0x5, fAlertable=0 | out: lpCompletionPortEntries=0x22f578, ulNumEntriesRemoved=0x22f54c) returned 0 [0089.832] SetEvent (hEvent=0xa8) returned 1 [0089.832] GetEnvironmentVariableW (in: lpName="USERPROFILE", lpBuffer=0xc0006c80d0, nSize=0x64 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1d [0089.833] GetProcAddress (hModule=0x77940000, lpProcName="WriteConsoleW") returned 0x77953d40 [0089.833] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003482d0*, nNumberOfCharsToWrite=0x28, lpNumberOfCharsWritten=0xc0000bb840, lpReserved=0x0 | out: lpBuffer=0xc0003482d0*, lpNumberOfCharsWritten=0xc0000bb840*=0x28) returned 1 [0089.834] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xc0000bbad8 | out: lpFileInformation=0xc0000bbad8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0089.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.835] GetProcAddress (hModule=0x77940000, lpProcName="FindFirstFileW") returned 0x7795bd80 [0089.835] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0xc0000bb890 | out: lpFindFileData=0xc0000bb890*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0089.836] GetProcAddress (hModule=0x77940000, lpProcName="FindNextFileW") returned 0x77951910 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7cb3aee0, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x7cb3aee0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdb813c40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdb813c40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdb96a8a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdb96a8a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8f3afd80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8f3afd80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8f389c20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0089.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.dat.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0089.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0089.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0089.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0089.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0089.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdbcfc9a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcfc9a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0089.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0089.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0089.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0089.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0089.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0089.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0089.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0089.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdbc18160, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbc18160, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0089.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb8c0 | out: lpFindFileData=0xc0000bb8c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.837] GetProcAddress (hModule=0x77940000, lpProcName="FindClose") returned 0x7795bd60 [0089.837] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0089.838] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata"), fInfoLevelId=0x0, lpFileInformation=0xc0000bba00 | out: lpFileInformation=0xc0000bba00*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0089.838] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.838] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0xc0000bb7b8 | out: lpFindFileData=0xc0000bb7b8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0089.838] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb7e8 | out: lpFindFileData=0xc0000bb7e8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.838] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb7e8 | out: lpFindFileData=0xc0000bb7e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0089.838] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb7e8 | out: lpFindFileData=0xc0000bb7e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0089.838] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb7e8 | out: lpFindFileData=0xc0000bb7e8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdbe2d4a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbe2d4a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0089.838] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb7e8 | out: lpFindFileData=0xc0000bb7e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.838] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0089.838] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb928 | out: lpFileInformation=0xc0000bb928*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0089.839] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.839] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\*", lpFindFileData=0xc0000bb6e0 | out: lpFindFileData=0xc0000bb6e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0089.839] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb710 | out: lpFindFileData=0xc0000bb710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.839] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb710 | out: lpFindFileData=0xc0000bb710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0089.839] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb710 | out: lpFindFileData=0xc0000bb710*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0089.839] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb710 | out: lpFindFileData=0xc0000bb710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Apps", cAlternateFileName="")) returned 1 [0089.839] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb710 | out: lpFindFileData=0xc0000bb710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Deployment", cAlternateFileName="DEPLOY~1")) returned 1 [0089.839] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb710 | out: lpFindFileData=0xc0000bb710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66051ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x66051ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9791f220, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x1a918, dwReserved0=0x0, dwReserved1=0x0, cFileName="GDIPFONTCACHEV1.DAT", cAlternateFileName="GDIPFO~1.DAT")) returned 1 [0089.839] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb710 | out: lpFindFileData=0xc0000bb710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google", cAlternateFileName="")) returned 1 [0089.839] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb710 | out: lpFindFileData=0xc0000bb710*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0089.839] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb710 | out: lpFindFileData=0xc0000bb710*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8de8eaa0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x126da7, dwReserved0=0x0, dwReserved1=0x0, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0089.839] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb710 | out: lpFindFileData=0xc0000bb710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x962f4540, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x962f4540, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0089.839] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb710 | out: lpFindFileData=0xc0000bb710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0089.839] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb710 | out: lpFindFileData=0xc0000bb710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0089.839] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb710 | out: lpFindFileData=0xc0000bb710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x87b86c40, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x87b86c40, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0089.839] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb710 | out: lpFindFileData=0xc0000bb710*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0089.839] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb710 | out: lpFindFileData=0xc0000bb710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VirtualStore", cAlternateFileName="VIRTUA~1")) returned 1 [0089.839] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb710 | out: lpFindFileData=0xc0000bb710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.840] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0089.840] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb850 | out: lpFileInformation=0xc0000bb850*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0089.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.840] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\*", lpFindFileData=0xc0000bb608 | out: lpFindFileData=0xc0000bb608*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0089.840] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb638 | out: lpFindFileData=0xc0000bb638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.840] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb638 | out: lpFindFileData=0xc0000bb638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0089.840] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb638 | out: lpFindFileData=0xc0000bb638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Color", cAlternateFileName="")) returned 1 [0089.840] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb638 | out: lpFindFileData=0xc0000bb638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.840] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0089.840] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb778 | out: lpFileInformation=0xc0000bb778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0089.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.841] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\*", lpFindFileData=0xc0000bb530 | out: lpFindFileData=0xc0000bb530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0089.841] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb560 | out: lpFindFileData=0xc0000bb560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.841] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb560 | out: lpFindFileData=0xc0000bb560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0089.841] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb560 | out: lpFindFileData=0xc0000bb560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.841] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0089.841] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb6a0 | out: lpFileInformation=0xc0000bb6a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0089.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.841] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0xc0000bb458 | out: lpFindFileData=0xc0000bb458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0089.842] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xee135b70, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xee135b70, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.842] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x892c, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeCMapFnt10.lst", cAlternateFileName="ADOBEC~1.LST")) returned 1 [0089.842] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xd9c071a0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x21cdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeSysFnt10.lst", cAlternateFileName="ADOBES~1.LST")) returned 1 [0089.842] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0089.842] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd3b286a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd3b286a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xee0c3750, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharedDataEvents", cAlternateFileName="SHARED~1")) returned 1 [0089.842] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserCache.bin", cAlternateFileName="USERCA~1.BIN")) returned 1 [0089.842] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.843] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0089.843] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb5c8 | out: lpFileInformation=0xc0000bb5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x892c)) returned 1 [0089.844] SetEvent (hEvent=0xb8) returned 1 [0089.845] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb5c8 | out: lpFileInformation=0xc0000bb5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xd9c071a0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x21cdb)) returned 1 [0089.850] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb5c8 | out: lpFileInformation=0xc0000bb5c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0089.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.851] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\*", lpFindFileData=0xc0000bb380 | out: lpFindFileData=0xc0000bb380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0089.851] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xecb5bdd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.851] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xcfc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="AcroFnt10.lst", cAlternateFileName="ACROFN~1.LST")) returned 1 [0089.851] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.851] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0089.851] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb4f0 | out: lpFileInformation=0xc0000bb4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb5bdd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xecb5bdd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe952fcd0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xcfc4)) returned 1 [0089.851] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb5c8 | out: lpFileInformation=0xc0000bb5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd3b286a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd3b286a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xee0c3750, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x1400)) returned 1 [0089.858] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0089.864] VirtualAlloc (lpAddress=0xc0006da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006da000 [0089.864] VirtualAlloc (lpAddress=0xc0006dc000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006dc000 [0089.865] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e4000 [0089.865] VirtualAlloc (lpAddress=0xc0006e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e6000 [0089.865] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb5c8 | out: lpFileInformation=0xc0000bb5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd243f2e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd243f2e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe99341f0, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x12ea5)) returned 1 [0089.866] VirtualAlloc (lpAddress=0xc0006e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e8000 [0089.866] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ea000 [0089.866] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb778 | out: lpFileInformation=0xc0000bb778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0089.866] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.866] VirtualAlloc (lpAddress=0xc0006ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ec000 [0089.867] VirtualAlloc (lpAddress=0xc0006ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ee000 [0089.867] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\*", lpFindFileData=0xc0000bb530 | out: lpFindFileData=0xc0000bb530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0089.867] VirtualAlloc (lpAddress=0xc0006f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006f0000 [0089.867] VirtualAlloc (lpAddress=0xc0006f2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006f2000 [0089.868] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb560 | out: lpFindFileData=0xc0000bb560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce60f420, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.868] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb560 | out: lpFindFileData=0xc0000bb560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce719dc0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x49c, dwReserved0=0x0, dwReserved1=0x0, cFileName="ACECache11.lst", cAlternateFileName="ACECAC~1.LST")) returned 1 [0089.868] VirtualAlloc (lpAddress=0xc0006f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006f6000 [0089.868] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb560 | out: lpFindFileData=0xc0000bb560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0089.868] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb560 | out: lpFindFileData=0xc0000bb560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.868] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0089.868] VirtualAlloc (lpAddress=0xc0006f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006f8000 [0089.868] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb6a0 | out: lpFileInformation=0xc0000bb6a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce60f420, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce719dc0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x49c)) returned 1 [0089.869] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb6a0 | out: lpFileInformation=0xc0000bb6a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0089.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.874] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\*", lpFindFileData=0xc0000bb458 | out: lpFindFileData=0xc0000bb458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0089.874] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xce4463a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.874] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x102a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="wscRGB.icc", cAlternateFileName="")) returned 1 [0089.874] VirtualAlloc (lpAddress=0xc0006fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006fa000 [0089.874] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xa74, dwReserved0=0x0, dwReserved1=0x0, cFileName="wsRGB.icc", cAlternateFileName="")) returned 1 [0089.874] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.875] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0089.875] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb5c8 | out: lpFileInformation=0xc0000bb5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xa74)) returned 1 [0089.875] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb5c8 | out: lpFileInformation=0xc0000bb5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce60f420, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce6f3c60, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xce6f3c60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x102a0)) returned 1 [0089.875] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb850 | out: lpFileInformation=0xc0000bb850*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0089.876] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0xe0 [0089.876] GetFileInformationByHandle (in: hFile=0xe0, lpFileInformation=0xc0000bb7a4 | out: lpFileInformation=0xc0000bb7a4) returned 1 [0089.876] GetFileInformationByHandleEx (in: hFile=0xe0, FileInformationClass=0x9, lpFileInformation=0xc0000bb788, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bb788) returned 1 [0089.876] CloseHandle (hObject=0xe0) returned 1 [0089.876] VirtualAlloc (lpAddress=0xc0006fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006fc000 [0089.876] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb850 | out: lpFileInformation=0xc0000bb850*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0089.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.877] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\*", lpFindFileData=0xc0000bb608 | out: lpFindFileData=0xc0000bb608*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0089.877] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb638 | out: lpFindFileData=0xc0000bb638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.877] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb638 | out: lpFindFileData=0xc0000bb638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2.0", cAlternateFileName="")) returned 1 [0089.877] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb638 | out: lpFindFileData=0xc0000bb638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.877] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0089.877] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb778 | out: lpFileInformation=0xc0000bb778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0089.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.878] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\*", lpFindFileData=0xc0000bb530 | out: lpFindFileData=0xc0000bb530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0089.878] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb560 | out: lpFindFileData=0xc0000bb560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.878] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb560 | out: lpFindFileData=0xc0000bb560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 1 [0089.878] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb560 | out: lpFindFileData=0xc0000bb560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DQQ19BCJ.JAX", cAlternateFileName="")) returned 1 [0089.878] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb560 | out: lpFindFileData=0xc0000bb560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.878] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0089.878] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb6a0 | out: lpFileInformation=0xc0000bb6a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0089.878] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.878] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\*", lpFindFileData=0xc0000bb458 | out: lpFindFileData=0xc0000bb458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0089.879] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65f935c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65f935c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0089.879] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="YVORLGOR.PNT", cAlternateFileName="")) returned 1 [0089.879] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0089.879] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0089.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb5c8 | out: lpFileInformation=0xc0000bb5c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0089.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.882] VirtualAlloc (lpAddress=0xc0006fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006fe000 [0089.883] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\*", lpFindFileData=0xc0000bb380 | out: lpFindFileData=0xc0000bb380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0089.903] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0089.962] SetEvent (hEvent=0x108) returned 1 [0089.962] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0089.964] SetEvent (hEvent=0x114) returned 1 [0089.964] SwitchToThread () returned 1 [0089.966] SetEvent (hEvent=0x114) returned 1 [0089.966] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0089.967] SetEvent (hEvent=0x114) returned 1 [0089.967] SetEvent (hEvent=0x108) returned 1 [0089.967] SetEvent (hEvent=0x120) returned 1 [0089.967] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0089.971] VirtualFree (lpAddress=0xc0006fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0089.972] VirtualFree (lpAddress=0xc0006f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0089.972] VirtualFree (lpAddress=0xc0006f2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0089.972] VirtualFree (lpAddress=0xc0006ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0089.972] VirtualFree (lpAddress=0xc0006d6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0089.973] VirtualFree (lpAddress=0xc0006ce000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0089.973] VirtualFree (lpAddress=0xc0006c8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0089.973] VirtualFree (lpAddress=0xc000592000, dwSize=0x132000, dwFreeType=0x4000) returned 1 [0089.981] VirtualFree (lpAddress=0xc000588000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0089.982] VirtualFree (lpAddress=0xc000580000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0089.982] VirtualFree (lpAddress=0xc000538000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0089.982] VirtualFree (lpAddress=0xc000534000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0089.983] VirtualFree (lpAddress=0xc00051a000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0089.984] VirtualFree (lpAddress=0xc000514000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0089.984] VirtualFree (lpAddress=0xc0004ee000, dwSize=0x1e000, dwFreeType=0x4000) returned 1 [0089.985] VirtualFree (lpAddress=0xc0004e0000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0089.985] VirtualFree (lpAddress=0xc000400000, dwSize=0xd2000, dwFreeType=0x4000) returned 1 [0089.993] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0089.994] VirtualFree (lpAddress=0xc0003f4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0089.994] VirtualFree (lpAddress=0xc0003d8000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0089.995] VirtualFree (lpAddress=0xc0003d4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0089.995] VirtualFree (lpAddress=0xc0003cc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0089.995] VirtualFree (lpAddress=0xc000380000, dwSize=0x4a000, dwFreeType=0x4000) returned 1 [0089.997] VirtualFree (lpAddress=0xc000366000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0089.997] VirtualFree (lpAddress=0xc00035a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0089.998] VirtualFree (lpAddress=0xc000346000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0089.998] VirtualFree (lpAddress=0xc000340000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0089.998] VirtualFree (lpAddress=0xc00033c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0089.998] VirtualFree (lpAddress=0xc00016a000, dwSize=0x1ce000, dwFreeType=0x4000) returned 1 [0090.008] VirtualFree (lpAddress=0xc000124000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0090.009] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.009] VirtualFree (lpAddress=0xc00010c000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0090.010] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.010] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.010] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0090.010] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.011] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.011] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.011] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715", cAlternateFileName="CLICEX~1.000")) returned 1 [0090.011] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", cAlternateFileName="GOOGAP~1.000")) returned 1 [0090.011] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifests", cAlternateFileName="MANIFE~1")) returned 1 [0090.011] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.011] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0090.012] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb4f0 | out: lpFileInformation=0xc0000bb4f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0090.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0090.025] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\*", lpFindFileData=0xc0000bb2a8 | out: lpFindFileData=0xc0000bb2a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0090.025] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.025] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="GOOGLE~1.EXE")) returned 1 [0090.025] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.025] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0090.026] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb418 | out: lpFileInformation=0xc0000bb418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58)) returned 1 [0090.026] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb4f0 | out: lpFileInformation=0xc0000bb4f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0090.042] VirtualAlloc (lpAddress=0xc00055e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00055e000 [0090.043] VirtualAlloc (lpAddress=0xc000560000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000560000 [0090.043] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0090.044] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0xc0000bb2a8 | out: lpFindFileData=0xc0000bb2a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0090.051] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0090.058] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0090.070] SetEvent (hEvent=0x13c) returned 1 [0090.070] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0090.071] SetEvent (hEvent=0x114) returned 1 [0090.071] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0090.079] SetEvent (hEvent=0x13c) returned 1 [0090.079] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0090.085] SetEvent (hEvent=0x13c) returned 1 [0090.085] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0090.086] SetEvent (hEvent=0x114) returned 1 [0090.086] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0090.089] SetEvent (hEvent=0x13c) returned 1 [0090.089] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0090.090] SetEvent (hEvent=0x13c) returned 1 [0090.090] SetEvent (hEvent=0x120) returned 1 [0090.091] VirtualFree (lpAddress=0xc0006fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.091] VirtualFree (lpAddress=0xc0006f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.091] VirtualFree (lpAddress=0xc00037e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.091] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.092] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.092] VirtualFree (lpAddress=0xc00003e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0090.092] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0090.092] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0090.093] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0090.094] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0006dfd04 | out: lpMode=0xc0006dfd04) returned 0 [0090.107] GetFileType (hFile=0xf4) returned 0x1 [0090.108] WriteFile (in: hFile=0xf4, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0xc0006dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc0006dfcec*=0x4a0, lpOverlapped=0x0) returned 1 [0090.109] CloseHandle (hObject=0xf4) returned 1 [0090.110] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0090.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0090.111] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0006dfd64 | out: lpMode=0xc0006dfd64) returned 0 [0090.183] GetFileType (hFile=0xf4) returned 0x1 [0090.183] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc0006dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0090.183] CloseHandle (hObject=0xf4) returned 1 [0090.184] VirtualAlloc (lpAddress=0xc000572000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000572000 [0090.185] VirtualAlloc (lpAddress=0xc000574000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000574000 [0090.185] VirtualAlloc (lpAddress=0xc000576000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000576000 [0090.186] VirtualAlloc (lpAddress=0xc000578000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000578000 [0090.186] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\encry-ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\encry-acecache11.lst"), dwFlags=0x1) returned 1 [0090.224] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0090.258] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xfc [0090.258] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc000113cf4 | out: lpMode=0xc000113cf4) returned 0 [0090.272] GetFileType (hFile=0xfc) returned 0x1 [0090.272] GetFileType (hFile=0xfc) returned 0x1 [0090.272] GetFileInformationByHandle (in: hFile=0xfc, lpFileInformation=0xc000113d44 | out: lpFileInformation=0xc000113d44) returned 1 [0090.272] GetFileInformationByHandleEx (in: hFile=0xfc, FileInformationClass=0x9, lpFileInformation=0xc000113d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000113d28) returned 1 [0090.273] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0090.274] ReadFile (in: hFile=0xfc, lpBuffer=0xc000124000, nNumberOfBytesToRead=0x44d0, lpNumberOfBytesRead=0xc000113c04, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesRead=0xc000113c04*=0x42d0, lpOverlapped=0x0) returned 1 [0090.332] ReadFile (in: hFile=0xfc, lpBuffer=0xc0001282d0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000113c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001282d0*, lpNumberOfBytesRead=0xc000113c04*=0x0, lpOverlapped=0x0) returned 1 [0090.332] CloseHandle (hObject=0xfc) returned 1 [0090.332] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0090.333] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0090.333] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0090.333] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0090.335] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc000113d04 | out: lpMode=0xc000113d04) returned 0 [0090.336] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0090.337] GetFileType (hFile=0xfc) returned 0x1 [0090.337] WriteFile (in: hFile=0xfc, lpBuffer=0xc000128800*, nNumberOfBytesToWrite=0x42e0, lpNumberOfBytesWritten=0xc000113cec, lpOverlapped=0x0 | out: lpBuffer=0xc000128800*, lpNumberOfBytesWritten=0xc000113cec*=0x42e0, lpOverlapped=0x0) returned 1 [0090.339] CloseHandle (hObject=0xfc) returned 1 [0090.341] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0090.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0090.341] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc000113d64 | out: lpMode=0xc000113d64) returned 0 [0090.342] GetFileType (hFile=0xfc) returned 0x1 [0090.342] WriteFile (in: hFile=0xfc, lpBuffer=0xc00003e160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000113d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00003e160*, lpNumberOfBytesWritten=0xc000113d4c*=0x158, lpOverlapped=0x0) returned 1 [0090.342] CloseHandle (hObject=0xfc) returned 1 [0090.346] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\encry-clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\encry-clickonce_bootstrap.exe.cdf-ms"), dwFlags=0x1) returned 1 [0090.347] VirtualFree (lpAddress=0xc000136000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0090.348] VirtualFree (lpAddress=0xc000064000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0090.349] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xfc [0090.350] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc000111cf4 | out: lpMode=0xc000111cf4) returned 0 [0090.351] GetFileType (hFile=0xfc) returned 0x1 [0090.351] GetFileType (hFile=0xfc) returned 0x1 [0090.351] GetFileInformationByHandle (in: hFile=0xfc, lpFileInformation=0xc000111d44 | out: lpFileInformation=0xc000111d44) returned 1 [0090.351] GetFileInformationByHandleEx (in: hFile=0xfc, FileInformationClass=0x9, lpFileInformation=0xc000111d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000111d28) returned 1 [0090.351] ReadFile (in: hFile=0xfc, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x760, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc000111c04*=0x560, lpOverlapped=0x0) returned 1 [0090.389] ReadFile (in: hFile=0xfc, lpBuffer=0xc000094560, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094560*, lpNumberOfBytesRead=0xc000111c04*=0x0, lpOverlapped=0x0) returned 1 [0090.389] CloseHandle (hObject=0xfc) returned 1 [0090.389] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0090.390] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0090.390] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0090.392] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc000111d04 | out: lpMode=0xc000111d04) returned 0 [0090.425] GetFileType (hFile=0xfc) returned 0x1 [0090.425] WriteFile (in: hFile=0xfc, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x570, lpNumberOfBytesWritten=0xc000111cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc000111cec*=0x570, lpOverlapped=0x0) returned 1 [0090.426] CloseHandle (hObject=0xfc) returned 1 [0090.427] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0090.428] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0090.428] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0090.429] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0090.429] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0090.429] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0090.430] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc000111d64 | out: lpMode=0xc000111d64) returned 0 [0090.463] GetFileType (hFile=0xfc) returned 0x1 [0090.464] WriteFile (in: hFile=0xfc, lpBuffer=0xc0000f8420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000111d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000f8420*, lpNumberOfBytesWritten=0xc000111d4c*=0x158, lpOverlapped=0x0) returned 1 [0090.464] CloseHandle (hObject=0xfc) returned 1 [0090.465] VirtualAlloc (lpAddress=0xc00012c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00012c000 [0090.465] VirtualAlloc (lpAddress=0xc00012e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00012e000 [0090.466] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0090.466] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\encry-clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\encry-clickonce_bootstrap_unsigned.manifest"), dwFlags=0x1) returned 1 [0090.468] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0090.479] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0090.479] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0090.480] SetEvent (hEvent=0xc0) returned 1 [0090.480] SetEvent (hEvent=0xb8) returned 1 [0090.480] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00002b180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0090.491] CloseHandle (hObject=0xfc) returned 1 [0090.491] SetEvent (hEvent=0x9c) returned 1 [0090.491] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0090.594] SetEvent (hEvent=0x114) returned 1 [0090.594] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0092.732] SetEvent (hEvent=0x114) returned 1 [0092.732] SetEvent (hEvent=0xb8) returned 1 [0092.732] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0093.128] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0093.128] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000063cf4 | out: lpMode=0xc000063cf4) returned 0 [0093.128] GetFileType (hFile=0xf4) returned 0x1 [0093.128] GetFileType (hFile=0xf4) returned 0x1 [0093.128] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000063d44 | out: lpFileInformation=0xc000063d44) returned 1 [0093.128] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000063d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000063d28) returned 1 [0093.129] VirtualAlloc (lpAddress=0xc00013c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013c000 [0093.129] ReadFile (in: hFile=0xf4, lpBuffer=0xc00013c000, nNumberOfBytesToRead=0x2e0, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013c000*, lpNumberOfBytesRead=0xc000063c04*=0xe0, lpOverlapped=0x0) returned 1 [0093.130] ReadFile (in: hFile=0xf4, lpBuffer=0xc00013c0e0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013c0e0*, lpNumberOfBytesRead=0xc000063c04*=0x0, lpOverlapped=0x0) returned 1 [0093.130] CloseHandle (hObject=0xf4) returned 1 [0093.130] VirtualAlloc (lpAddress=0xc00013e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013e000 [0093.131] VirtualAlloc (lpAddress=0xc000140000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000140000 [0093.131] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0093.132] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000063d04 | out: lpMode=0xc000063d04) returned 0 [0093.133] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0093.134] SetEvent (hEvent=0xb8) returned 1 [0093.134] GetFileType (hFile=0xf4) returned 0x1 [0093.134] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0093.143] WriteFile (in: hFile=0xf4, lpBuffer=0xc00013e1e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000063cec, lpOverlapped=0x0 | out: lpBuffer=0xc00013e1e0*, lpNumberOfBytesWritten=0xc000063cec*=0xf0, lpOverlapped=0x0) returned 1 [0093.144] CloseHandle (hObject=0xf4) returned 1 [0093.145] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0093.145] VirtualAlloc (lpAddress=0xc000142000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000142000 [0093.146] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0093.146] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0093.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0093.147] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000063d64 | out: lpMode=0xc000063d64) returned 0 [0093.155] GetFileType (hFile=0xf4) returned 0x1 [0093.155] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000063d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000063d4c*=0x158, lpOverlapped=0x0) returned 1 [0093.155] CloseHandle (hObject=0xf4) returned 1 [0093.157] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.158] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0093.158] SetEvent (hEvent=0x100) returned 1 [0093.158] SetEvent (hEvent=0x13c) returned 1 [0093.158] SetEvent (hEvent=0x12c) returned 1 [0093.159] VirtualAlloc (lpAddress=0xc00014c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014c000 [0093.214] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.217] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0093.217] SetEvent (hEvent=0x13c) returned 1 [0093.217] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.221] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0093.221] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0093.221] SetEvent (hEvent=0x120) returned 1 [0093.221] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.229] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0093.229] GetFileType (hFile=0xec) returned 0x1 [0093.229] WriteFile (in: hFile=0xec, lpBuffer=0xc0001801e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0000bdcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001801e0*, lpNumberOfBytesWritten=0xc0000bdcec*=0xf0, lpOverlapped=0x0) returned 1 [0093.231] CloseHandle (hObject=0xec) returned 1 [0093.232] VirtualAlloc (lpAddress=0xc000148000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000148000 [0093.232] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0093.232] VirtualAlloc (lpAddress=0xc000154000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000154000 [0093.233] VirtualAlloc (lpAddress=0xc000156000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000156000 [0093.233] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0093.233] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0093.234] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0093.234] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0093.234] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000bdd64 | out: lpMode=0xc0000bdd64) returned 0 [0093.264] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0093.371] SetEvent (hEvent=0x12c) returned 1 [0093.371] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0093.393] SetEvent (hEvent=0x12c) returned 1 [0093.393] SetEvent (hEvent=0x13c) returned 1 [0093.393] SwitchToThread () returned 1 [0093.400] GetFileType (hFile=0x128) returned 0x1 [0093.400] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0093.401] WriteFile (in: hFile=0x128, lpBuffer=0xc000188000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc0004dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000188000*, lpNumberOfBytesWritten=0xc0004dbcec*=0x120, lpOverlapped=0x0) returned 1 [0093.402] CloseHandle (hObject=0x128) returned 1 [0093.404] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0093.404] VirtualAlloc (lpAddress=0xc00020a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020a000 [0093.405] VirtualAlloc (lpAddress=0xc00020c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020c000 [0093.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0093.406] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0004dbd64 | out: lpMode=0xc0004dbd64) returned 0 [0093.412] GetFileType (hFile=0x128) returned 0x1 [0093.412] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0004dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0093.412] CloseHandle (hObject=0x128) returned 1 [0093.413] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.414] GetFileType (hFile=0x148) returned 0x1 [0093.414] GetFileType (hFile=0x148) returned 0x1 [0093.414] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc00010dd44 | out: lpFileInformation=0xc00010dd44) returned 1 [0093.414] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc00010dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010dd28) returned 1 [0093.414] ReadFile (in: hFile=0x148, lpBuffer=0xc00013c300, nNumberOfBytesToRead=0x2d6, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00013c300*, lpNumberOfBytesRead=0xc00010dc04*=0xd6, lpOverlapped=0x0) returned 1 [0093.415] ReadFile (in: hFile=0x148, lpBuffer=0xc00013c3d6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00013c3d6*, lpNumberOfBytesRead=0xc00010dc04*=0x0, lpOverlapped=0x0) returned 1 [0093.415] CloseHandle (hObject=0x148) returned 1 [0093.415] VirtualAlloc (lpAddress=0xc00020e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020e000 [0093.416] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0093.417] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00010dd04 | out: lpMode=0xc00010dd04) returned 0 [0093.421] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0093.425] SwitchToThread () returned 1 [0093.426] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0093.427] SetEvent (hEvent=0x13c) returned 1 [0093.427] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0093.444] SetEvent (hEvent=0x120) returned 1 [0093.444] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0093.580] SetEvent (hEvent=0x13c) returned 1 [0093.580] SetEvent (hEvent=0x120) returned 1 [0093.580] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0093.882] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0093.882] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0093.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0093.883] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0093.884] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0093.884] GetFileType (hFile=0x144) returned 0x1 [0093.884] GetFileType (hFile=0x144) returned 0x1 [0093.884] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0093.884] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0093.884] ReadFile (in: hFile=0x144, lpBuffer=0xc0001de300, nNumberOfBytesToRead=0x2e6, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de300*, lpNumberOfBytesRead=0xc00024dc04*=0xe6, lpOverlapped=0x0) returned 1 [0093.886] ReadFile (in: hFile=0x144, lpBuffer=0xc0001de3e6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de3e6*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0093.886] CloseHandle (hObject=0x144) returned 1 [0093.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0093.887] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00024dd04 | out: lpMode=0xc00024dd04) returned 0 [0093.888] GetFileType (hFile=0x144) returned 0x1 [0093.888] WriteFile (in: hFile=0x144, lpBuffer=0xc0001e03c0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00024dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e03c0*, lpNumberOfBytesWritten=0xc00024dcec*=0xf0, lpOverlapped=0x0) returned 1 [0093.889] CloseHandle (hObject=0x144) returned 1 [0093.894] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0093.894] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0093.895] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0093.895] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0093.895] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0093.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0093.896] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0093.899] GetFileType (hFile=0x144) returned 0x1 [0093.899] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0093.899] CloseHandle (hObject=0x144) returned 1 [0093.902] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.902] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.904] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0093.904] SetEvent (hEvent=0xc0) returned 1 [0093.904] SetEvent (hEvent=0xb8) returned 1 [0093.904] SetEvent (hEvent=0x13c) returned 1 [0093.904] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0093.906] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.912] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.979] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.980] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0093.980] SetEvent (hEvent=0xc0) returned 1 [0093.980] SetEvent (hEvent=0x13c) returned 1 [0093.980] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.987] VirtualAlloc (lpAddress=0xc0001f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f4000 [0093.988] VirtualAlloc (lpAddress=0xc0001f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f6000 [0093.988] VirtualAlloc (lpAddress=0xc0001f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f8000 [0093.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0093.989] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000259cf4 | out: lpMode=0xc000259cf4) returned 0 [0094.000] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.017] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.028] SetEvent (hEvent=0x120) returned 1 [0094.028] SetEvent (hEvent=0x100) returned 1 [0094.028] VirtualAlloc (lpAddress=0xc0001fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fa000 [0094.028] VirtualAlloc (lpAddress=0xc0001fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fc000 [0094.029] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0094.029] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000111cf4 | out: lpMode=0xc000111cf4) returned 0 [0094.029] GetFileType (hFile=0x150) returned 0x1 [0094.029] GetFileType (hFile=0x150) returned 0x1 [0094.029] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000111d44 | out: lpFileInformation=0xc000111d44) returned 1 [0094.029] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000111d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000111d28) returned 1 [0094.029] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0094.030] ReadFile (in: hFile=0x150, lpBuffer=0xc000058000, nNumberOfBytesToRead=0x2de, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesRead=0xc000111c04*=0xde, lpOverlapped=0x0) returned 1 [0094.031] ReadFile (in: hFile=0x150, lpBuffer=0xc0000580de, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000580de*, lpNumberOfBytesRead=0xc000111c04*=0x0, lpOverlapped=0x0) returned 1 [0094.031] CloseHandle (hObject=0x150) returned 1 [0094.031] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0094.032] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0094.032] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0094.033] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0094.034] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000111d04 | out: lpMode=0xc000111d04) returned 0 [0094.034] GetFileType (hFile=0x150) returned 0x1 [0094.034] WriteFile (in: hFile=0x150, lpBuffer=0xc0001e21c0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000111cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e21c0*, lpNumberOfBytesWritten=0xc000111cec*=0xe0, lpOverlapped=0x0) returned 1 [0094.035] CloseHandle (hObject=0x150) returned 1 [0094.040] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0094.040] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0094.041] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000111d64 | out: lpMode=0xc000111d64) returned 0 [0094.051] GetFileType (hFile=0x150) returned 0x1 [0094.051] WriteFile (in: hFile=0x150, lpBuffer=0xc0000522c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000111d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000522c0*, lpNumberOfBytesWritten=0xc000111d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.052] CloseHandle (hObject=0x150) returned 1 [0094.056] VirtualAlloc (lpAddress=0xc0001fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fe000 [0094.057] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0094.057] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.058] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.059] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0094.059] SetEvent (hEvent=0xc0) returned 1 [0094.059] SetEvent (hEvent=0x114) returned 1 [0094.059] SetEvent (hEvent=0x13c) returned 1 [0094.060] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.060] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.061] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.066] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0094.066] SetEvent (hEvent=0x120) returned 1 [0094.066] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.072] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.072] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0094.072] SetEvent (hEvent=0x114) returned 1 [0094.072] SetEvent (hEvent=0x100) returned 1 [0094.073] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.088] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.091] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0094.091] SetEvent (hEvent=0x120) returned 1 [0094.092] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.110] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.112] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0094.112] SetEvent (hEvent=0xc0) returned 1 [0094.112] SetEvent (hEvent=0x13c) returned 1 [0094.112] SetEvent (hEvent=0x100) returned 1 [0094.112] SetEvent (hEvent=0xb8) returned 1 [0094.112] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.115] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.126] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0094.127] SetEvent (hEvent=0x120) returned 1 [0094.127] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.137] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.137] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.137] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0094.137] SetEvent (hEvent=0xc0) returned 1 [0094.138] SetEvent (hEvent=0x114) returned 1 [0094.138] SetEvent (hEvent=0x100) returned 1 [0094.138] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.147] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.154] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0094.154] SetEvent (hEvent=0x100) returned 1 [0094.154] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.161] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.162] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0094.162] SetEvent (hEvent=0xc0) returned 1 [0094.162] SetEvent (hEvent=0xb8) returned 1 [0094.162] SetEvent (hEvent=0x120) returned 1 [0094.162] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.165] SetEvent (hEvent=0x114) returned 1 [0094.165] SetEvent (hEvent=0x13c) returned 1 [0094.165] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.178] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.178] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0094.178] SetEvent (hEvent=0x13c) returned 1 [0094.178] SetEvent (hEvent=0x114) returned 1 [0094.178] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.181] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.182] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0094.182] SetEvent (hEvent=0xc0) returned 1 [0094.182] SetEvent (hEvent=0x13c) returned 1 [0094.183] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.183] SetEvent (hEvent=0xb8) returned 1 [0094.183] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.187] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.188] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0094.188] SetEvent (hEvent=0x120) returned 1 [0094.188] SetEvent (hEvent=0x12c) returned 1 [0094.188] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.191] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0094.191] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0094.203] GetFileType (hFile=0x150) returned 0x1 [0094.204] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0094.204] GetFileType (hFile=0x150) returned 0x1 [0094.204] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0094.204] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0094.204] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0094.205] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0094.205] ReadFile (in: hFile=0x150, lpBuffer=0xc000070000, nNumberOfBytesToRead=0x2cb, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesRead=0xc000247c04*=0xcb, lpOverlapped=0x0) returned 1 [0094.207] ReadFile (in: hFile=0x150, lpBuffer=0xc0000700cb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000700cb*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0094.207] CloseHandle (hObject=0x150) returned 1 [0094.207] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0094.207] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0094.208] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0094.208] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0094.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0094.210] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000247d04 | out: lpMode=0xc000247d04) returned 0 [0094.228] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.231] GetFileType (hFile=0x150) returned 0x1 [0094.231] WriteFile (in: hFile=0x150, lpBuffer=0xc000120000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc000247cec, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesWritten=0xc000247cec*=0xd0, lpOverlapped=0x0) returned 1 [0094.232] CloseHandle (hObject=0x150) returned 1 [0094.233] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0094.233] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0094.234] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0094.234] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0094.235] VirtualAlloc (lpAddress=0xc000134000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000134000 [0094.235] VirtualAlloc (lpAddress=0xc000136000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000136000 [0094.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0094.235] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0094.236] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.237] SetEvent (hEvent=0x13c) returned 1 [0094.237] GetFileType (hFile=0x150) returned 0x1 [0094.237] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.245] WriteFile (in: hFile=0x150, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.245] CloseHandle (hObject=0x150) returned 1 [0094.249] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0094.249] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0094.250] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.251] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.251] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0094.252] SetEvent (hEvent=0xc0) returned 1 [0094.252] SetEvent (hEvent=0x100) returned 1 [0094.252] SetEvent (hEvent=0x114) returned 1 [0094.252] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.257] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.265] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0094.265] SetEvent (hEvent=0x100) returned 1 [0094.265] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.334] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.334] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0094.334] SetEvent (hEvent=0x114) returned 1 [0094.334] SetEvent (hEvent=0x120) returned 1 [0094.334] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0094.335] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.338] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.338] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.340] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.340] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.341] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.341] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0094.341] SetEvent (hEvent=0xc0) returned 1 [0094.341] SetEvent (hEvent=0x13c) returned 1 [0094.341] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.356] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.356] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0094.356] SetEvent (hEvent=0xc0) returned 1 [0094.357] SetEvent (hEvent=0x100) returned 1 [0094.357] SetEvent (hEvent=0x12c) returned 1 [0094.357] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.409] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.409] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.410] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0094.410] SetEvent (hEvent=0x100) returned 1 [0094.410] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.425] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0094.425] SetEvent (hEvent=0x114) returned 1 [0094.425] SetEvent (hEvent=0x120) returned 1 [0094.425] SetEvent (hEvent=0xb8) returned 1 [0094.426] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.427] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.427] SetEvent (hEvent=0x120) returned 1 [0094.427] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.435] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.435] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.436] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.436] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0094.436] SetEvent (hEvent=0x120) returned 1 [0094.436] SetEvent (hEvent=0x12c) returned 1 [0094.436] SetEvent (hEvent=0x13c) returned 1 [0094.436] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.458] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0040*, lpNumberOfCharsWritten=0xc0006e1818*=0x3) returned 1 [0094.462] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.474] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.475] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000bb818, lpReserved=0x0 | out: lpBuffer=0xc000102010*, lpNumberOfCharsWritten=0xc0000bb818*=0x3) returned 1 [0094.477] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000b9818, lpReserved=0x0 | out: lpBuffer=0xc000102016*, lpNumberOfCharsWritten=0xc0000b9818*=0x3) returned 1 [0094.486] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000243818, lpReserved=0x0 | out: lpBuffer=0xc0001020a0*, lpNumberOfCharsWritten=0xc000243818*=0x3) returned 1 [0094.507] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020a6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e3818, lpReserved=0x0 | out: lpBuffer=0xc0001020a6*, lpNumberOfCharsWritten=0xc0006e3818*=0x3) returned 1 [0094.514] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.526] SetEvent (hEvent=0x114) returned 1 [0094.526] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.531] SetEvent (hEvent=0x108) returned 1 [0094.531] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.533] SetEvent (hEvent=0x114) returned 1 [0094.533] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.534] SwitchToThread () returned 1 [0094.535] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.535] SetEvent (hEvent=0x108) returned 1 [0094.535] SetEvent (hEvent=0x13c) returned 1 [0094.535] VirtualFree (lpAddress=0xc0001bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.536] VirtualFree (lpAddress=0xc0001b8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.537] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.537] VirtualFree (lpAddress=0xc0001a8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.537] VirtualFree (lpAddress=0xc00015c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.537] VirtualFree (lpAddress=0xc000158000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.538] VirtualFree (lpAddress=0xc000150000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.538] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.538] VirtualFree (lpAddress=0xc0000ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.538] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.539] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.539] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.539] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.539] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.540] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.540] GetFileType (hFile=0x144) returned 0x1 [0094.540] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc00012dd44 | out: lpFileInformation=0xc00012dd44) returned 1 [0094.540] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc00012dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012dd28) returned 1 [0094.540] ReadFile (in: hFile=0x144, lpBuffer=0xc00014c300, nNumberOfBytesToRead=0x2d1, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00014c300*, lpNumberOfBytesRead=0xc00012dc04*=0xd1, lpOverlapped=0x0) returned 1 [0094.541] ReadFile (in: hFile=0x144, lpBuffer=0xc00014c3d1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00014c3d1*, lpNumberOfBytesRead=0xc00012dc04*=0x0, lpOverlapped=0x0) returned 1 [0094.542] CloseHandle (hObject=0x144) returned 1 [0094.542] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0094.543] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00012dd04 | out: lpMode=0xc00012dd04) returned 0 [0094.558] GetFileType (hFile=0x144) returned 0x1 [0094.559] WriteFile (in: hFile=0x144, lpBuffer=0xc0001440e0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00012dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001440e0*, lpNumberOfBytesWritten=0xc00012dcec*=0xe0, lpOverlapped=0x0) returned 1 [0094.560] CloseHandle (hObject=0x144) returned 1 [0094.564] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0094.565] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0094.565] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0094.566] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0094.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0094.566] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00012dd64 | out: lpMode=0xc00012dd64) returned 0 [0094.571] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.587] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.592] SetEvent (hEvent=0x114) returned 1 [0094.592] VirtualFree (lpAddress=0xc0001cc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.592] VirtualFree (lpAddress=0xc0001c8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.592] VirtualFree (lpAddress=0xc00014c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.593] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.593] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.593] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.593] GetFileType (hFile=0x154) returned 0x1 [0094.593] WriteFile (in: hFile=0x154, lpBuffer=0xc000056000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000067d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesWritten=0xc000067d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.594] CloseHandle (hObject=0x154) returned 1 [0094.596] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\encry-icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\encry-icon_16.png"), dwFlags=0x1) returned 1 [0094.597] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.597] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0094.597] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0094.597] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0094.597] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0094.597] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0094.597] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0094.597] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0094.597] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_GB", cAlternateFileName="")) returned 1 [0094.597] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_US", cAlternateFileName="")) returned 1 [0094.597] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es_419", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="he", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865d1c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ms", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f7db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865f7db0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0094.598] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0094.599] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0094.599] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0094.599] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0094.599] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0094.599] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0094.599] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0094.599] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0094.599] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0094.599] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.599] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.600] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.601] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.602] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.602] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.602] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.602] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.602] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.602] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6)) returned 1 [0094.602] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.602] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.602] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.603] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.603] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.603] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.603] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.603] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108)) returned 1 [0094.612] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.612] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.612] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.612] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.612] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.612] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.612] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.613] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf)) returned 1 [0094.613] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.613] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.613] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.613] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.613] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.613] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.614] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde)) returned 1 [0094.621] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.627] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.628] SetEvent (hEvent=0x108) returned 1 [0094.628] SetEvent (hEvent=0x100) returned 1 [0094.628] SetEvent (hEvent=0x114) returned 1 [0094.628] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.639] VirtualFree (lpAddress=0xc0001ca000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.639] VirtualFree (lpAddress=0xc00015e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.639] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.639] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.640] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.640] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.640] VirtualFree (lpAddress=0xc00006a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0094.641] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.641] VirtualFree (lpAddress=0xc00004c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0094.641] GetFileType (hFile=0x14c) returned 0x1 [0094.641] GetFileType (hFile=0x14c) returned 0x1 [0094.641] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc000129d44 | out: lpFileInformation=0xc000129d44) returned 1 [0094.641] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc000129d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000129d28) returned 1 [0094.641] ReadFile (in: hFile=0x14c, lpBuffer=0xc0000f0300, nNumberOfBytesToRead=0x2ed, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0300*, lpNumberOfBytesRead=0xc000129c04*=0xed, lpOverlapped=0x0) returned 1 [0094.643] ReadFile (in: hFile=0x14c, lpBuffer=0xc0000f03ed, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f03ed*, lpNumberOfBytesRead=0xc000129c04*=0x0, lpOverlapped=0x0) returned 1 [0094.643] CloseHandle (hObject=0x14c) returned 1 [0094.643] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0094.644] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000129d04 | out: lpMode=0xc000129d04) returned 0 [0094.657] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.658] GetFileType (hFile=0x14c) returned 0x1 [0094.658] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000e83c0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000129cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e83c0*, lpNumberOfBytesWritten=0xc000129cec*=0xf0, lpOverlapped=0x0) returned 1 [0094.660] CloseHandle (hObject=0x14c) returned 1 [0094.661] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0094.661] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0094.661] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0094.662] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0094.662] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0094.663] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0094.663] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000129d64 | out: lpMode=0xc000129d64) returned 0 [0094.666] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.674] GetFileType (hFile=0x14c) returned 0x1 [0094.674] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.678] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000129d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000129d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.679] CloseHandle (hObject=0x14c) returned 1 [0094.680] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0094.681] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0094.681] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.682] SwitchToThread () returned 1 [0094.726] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.738] SwitchToThread () returned 1 [0094.742] SetEvent (hEvent=0x120) returned 1 [0094.742] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.745] SetEvent (hEvent=0x108) returned 1 [0094.745] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.750] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.760] SetEvent (hEvent=0x120) returned 1 [0094.760] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.761] SetEvent (hEvent=0x108) returned 1 [0094.761] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.764] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.767] SetEvent (hEvent=0x120) returned 1 [0094.767] SetEvent (hEvent=0x108) returned 1 [0094.767] VirtualFree (lpAddress=0xc0001da000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.767] VirtualFree (lpAddress=0xc00006a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0094.768] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.768] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.769] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010128*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000111818, lpReserved=0x0 | out: lpBuffer=0xc000010128*, lpNumberOfCharsWritten=0xc000111818*=0x3) returned 1 [0094.771] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.776] SetEvent (hEvent=0x120) returned 1 [0094.776] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004d9818, lpReserved=0x0 | out: lpBuffer=0xc000102010*, lpNumberOfCharsWritten=0xc0004d9818*=0x3) returned 1 [0094.782] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0330*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0330*, lpNumberOfCharsWritten=0xc00023f818*=0x3) returned 1 [0094.801] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0336*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000259818, lpReserved=0x0 | out: lpBuffer=0xc0000a0336*, lpNumberOfCharsWritten=0xc000259818*=0x3) returned 1 [0094.807] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.811] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.890] SetEvent (hEvent=0x108) returned 1 [0094.890] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.924] SetEvent (hEvent=0x120) returned 1 [0094.924] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.965] SetEvent (hEvent=0x114) returned 1 [0094.965] SetEvent (hEvent=0x9c) returned 1 [0094.965] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0094.971] VirtualFree (lpAddress=0xc0001f6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0094.971] VirtualFree (lpAddress=0xc0000f4000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0094.972] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.972] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.972] VirtualFree (lpAddress=0xc000050000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0094.973] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0094.973] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00023fcf4 | out: lpMode=0xc00023fcf4) returned 0 [0094.987] GetFileType (hFile=0x144) returned 0x1 [0094.987] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0094.987] GetFileType (hFile=0x144) returned 0x1 [0094.987] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc00023fd44 | out: lpFileInformation=0xc00023fd44) returned 1 [0094.987] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc00023fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023fd28) returned 1 [0094.987] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0094.988] ReadFile (in: hFile=0x144, lpBuffer=0xc0000e6000, nNumberOfBytesToRead=0x2d1, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e6000*, lpNumberOfBytesRead=0xc00023fc04*=0xd1, lpOverlapped=0x0) returned 1 [0094.989] ReadFile (in: hFile=0x144, lpBuffer=0xc0000e60d1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e60d1*, lpNumberOfBytesRead=0xc00023fc04*=0x0, lpOverlapped=0x0) returned 1 [0094.989] CloseHandle (hObject=0x144) returned 1 [0094.989] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0094.989] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0094.989] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0094.990] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0094.991] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00023fd04 | out: lpMode=0xc00023fd04) returned 0 [0094.997] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.006] SetEvent (hEvent=0x108) returned 1 [0095.006] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.015] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.015] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.015] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.016] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.016] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.016] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.016] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.017] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.017] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.017] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.017] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.018] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.018] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0095.019] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000c1cf4 | out: lpMode=0xc0000c1cf4) returned 0 [0095.026] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.032] SetEvent (hEvent=0x108) returned 1 [0095.032] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.036] SetEvent (hEvent=0x114) returned 1 [0095.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0095.036] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000119cf4 | out: lpMode=0xc000119cf4) returned 0 [0095.047] GetFileType (hFile=0x150) returned 0x1 [0095.047] GetFileType (hFile=0x150) returned 0x1 [0095.047] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000119d44 | out: lpFileInformation=0xc000119d44) returned 1 [0095.047] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000119d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000119d28) returned 1 [0095.047] ReadFile (in: hFile=0x150, lpBuffer=0xc000122000, nNumberOfBytesToRead=0x2dd, lpNumberOfBytesRead=0xc000119c04, lpOverlapped=0x0 | out: lpBuffer=0xc000122000*, lpNumberOfBytesRead=0xc000119c04*=0xdd, lpOverlapped=0x0) returned 1 [0095.049] ReadFile (in: hFile=0x150, lpBuffer=0xc0001220dd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000119c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001220dd*, lpNumberOfBytesRead=0xc000119c04*=0x0, lpOverlapped=0x0) returned 1 [0095.049] CloseHandle (hObject=0x150) returned 1 [0095.049] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0095.049] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0095.050] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0095.051] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0095.052] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000119d04 | out: lpMode=0xc000119d04) returned 0 [0095.057] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.058] GetFileType (hFile=0x150) returned 0x1 [0095.058] WriteFile (in: hFile=0x150, lpBuffer=0xc0000fe0e0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000119cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe0e0*, lpNumberOfBytesWritten=0xc000119cec*=0xe0, lpOverlapped=0x0) returned 1 [0095.059] CloseHandle (hObject=0x150) returned 1 [0095.060] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0095.060] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0095.061] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0095.061] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000119d64 | out: lpMode=0xc000119d64) returned 0 [0095.063] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.066] GetFileType (hFile=0x150) returned 0x1 [0095.066] WriteFile (in: hFile=0x150, lpBuffer=0xc0000e8160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000119d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000e8160*, lpNumberOfBytesWritten=0xc000119d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.066] CloseHandle (hObject=0x150) returned 1 [0095.067] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.068] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.075] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.075] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0095.075] SetEvent (hEvent=0xc0) returned 1 [0095.075] SetEvent (hEvent=0x9c) returned 1 [0095.075] SetEvent (hEvent=0x108) returned 1 [0095.075] SetEvent (hEvent=0x100) returned 1 [0095.076] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.080] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.081] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0095.081] SetEvent (hEvent=0x100) returned 1 [0095.081] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.088] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0095.088] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0095.089] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0095.089] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000049cf4 | out: lpMode=0xc000049cf4) returned 0 [0095.102] GetFileType (hFile=0x144) returned 0x1 [0095.103] GetFileType (hFile=0x144) returned 0x1 [0095.103] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000049d44 | out: lpFileInformation=0xc000049d44) returned 1 [0095.103] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000049d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000049d28) returned 1 [0095.103] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0095.103] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0095.104] ReadFile (in: hFile=0x144, lpBuffer=0xc0000ce000, nNumberOfBytesToRead=0x2d7, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesRead=0xc000049c04*=0xd7, lpOverlapped=0x0) returned 1 [0095.105] ReadFile (in: hFile=0x144, lpBuffer=0xc0000ce0d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce0d7*, lpNumberOfBytesRead=0xc000049c04*=0x0, lpOverlapped=0x0) returned 1 [0095.105] CloseHandle (hObject=0x144) returned 1 [0095.105] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0095.105] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0095.105] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0095.106] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0095.106] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0095.107] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000049d04 | out: lpMode=0xc000049d04) returned 0 [0095.120] GetFileType (hFile=0x144) returned 0x1 [0095.120] WriteFile (in: hFile=0x144, lpBuffer=0xc0000e8000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000049cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e8000*, lpNumberOfBytesWritten=0xc000049cec*=0xe0, lpOverlapped=0x0) returned 1 [0095.122] CloseHandle (hObject=0x144) returned 1 [0095.123] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0095.124] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0095.124] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000049d64 | out: lpMode=0xc000049d64) returned 0 [0095.130] GetFileType (hFile=0x144) returned 0x1 [0095.131] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0095.131] WriteFile (in: hFile=0x144, lpBuffer=0xc0000ea000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000049d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea000*, lpNumberOfBytesWritten=0xc000049d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.132] CloseHandle (hObject=0x144) returned 1 [0095.141] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.143] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.150] SetEvent (hEvent=0x120) returned 1 [0095.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0095.150] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0004d9cf4 | out: lpMode=0xc0004d9cf4) returned 0 [0095.158] GetFileType (hFile=0xf4) returned 0x1 [0095.158] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0095.159] GetFileType (hFile=0xf4) returned 0x1 [0095.159] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc0004d9d44 | out: lpFileInformation=0xc0004d9d44) returned 1 [0095.159] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc0004d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004d9d28) returned 1 [0095.159] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0095.160] ReadFile (in: hFile=0xf4, lpBuffer=0xc00017a000, nNumberOfBytesToRead=0x2ce, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00017a000*, lpNumberOfBytesRead=0xc0004d9c04*=0xce, lpOverlapped=0x0) returned 1 [0095.161] ReadFile (in: hFile=0xf4, lpBuffer=0xc00017a0ce, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00017a0ce*, lpNumberOfBytesRead=0xc0004d9c04*=0x0, lpOverlapped=0x0) returned 1 [0095.161] CloseHandle (hObject=0xf4) returned 1 [0095.161] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0095.162] VirtualAlloc (lpAddress=0xc00017e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017e000 [0095.162] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0095.163] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.164] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0004d9d04 | out: lpMode=0xc0004d9d04) returned 0 [0095.171] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.173] GetFileType (hFile=0xf4) returned 0x1 [0095.173] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d80d0*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc0004d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d80d0*, lpNumberOfBytesWritten=0xc0004d9cec*=0xd0, lpOverlapped=0x0) returned 1 [0095.174] CloseHandle (hObject=0xf4) returned 1 [0095.176] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0095.177] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.177] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0004d9d64 | out: lpMode=0xc0004d9d64) returned 0 [0095.178] GetFileType (hFile=0xf4) returned 0x1 [0095.178] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000ea000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea000*, lpNumberOfBytesWritten=0xc0004d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.178] CloseHandle (hObject=0xf4) returned 1 [0095.180] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.181] VirtualFree (lpAddress=0xc00017a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0095.181] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.181] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.182] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.182] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0095.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.182] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00023fd64 | out: lpMode=0xc00023fd64) returned 0 [0095.183] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.186] GetFileType (hFile=0xf4) returned 0x1 [0095.186] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000ea840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea840*, lpNumberOfBytesWritten=0xc00023fd4c*=0x158, lpOverlapped=0x0) returned 1 [0095.186] CloseHandle (hObject=0xf4) returned 1 [0095.188] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.189] SwitchToThread () returned 1 [0095.190] SetEvent (hEvent=0x100) returned 1 [0095.190] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.190] SetEvent (hEvent=0x100) returned 1 [0095.190] SetEvent (hEvent=0x120) returned 1 [0095.190] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0095.191] VirtualFree (lpAddress=0xc000178000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.191] VirtualFree (lpAddress=0xc00013c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.192] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.192] VirtualFree (lpAddress=0xc000122000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.192] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.192] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.193] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.193] VirtualFree (lpAddress=0xc0000ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.193] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.193] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.194] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.194] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.194] GetFileType (hFile=0x150) returned 0x1 [0095.195] GetFileType (hFile=0x150) returned 0x1 [0095.195] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000279d44 | out: lpFileInformation=0xc000279d44) returned 1 [0095.195] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000279d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000279d28) returned 1 [0095.195] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0095.195] ReadFile (in: hFile=0x150, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x2eb, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc000279c04*=0xeb, lpOverlapped=0x0) returned 1 [0095.196] ReadFile (in: hFile=0x150, lpBuffer=0xc0000ee0eb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee0eb*, lpNumberOfBytesRead=0xc000279c04*=0x0, lpOverlapped=0x0) returned 1 [0095.197] CloseHandle (hObject=0x150) returned 1 [0095.197] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0095.197] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0095.198] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000279d04 | out: lpMode=0xc000279d04) returned 0 [0095.199] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.212] GetFileType (hFile=0x150) returned 0x1 [0095.213] WriteFile (in: hFile=0x150, lpBuffer=0xc0000f01e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000279cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000f01e0*, lpNumberOfBytesWritten=0xc000279cec*=0xf0, lpOverlapped=0x0) returned 1 [0095.214] CloseHandle (hObject=0x150) returned 1 [0095.217] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0095.217] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0095.218] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000279d64 | out: lpMode=0xc000279d64) returned 0 [0095.218] GetFileType (hFile=0x150) returned 0x1 [0095.218] WriteFile (in: hFile=0x150, lpBuffer=0xc000132000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000279d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000132000*, lpNumberOfBytesWritten=0xc000279d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.219] CloseHandle (hObject=0x150) returned 1 [0095.227] VirtualAlloc (lpAddress=0xc000142000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000142000 [0095.228] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0095.228] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.229] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.230] SetEvent (hEvent=0x100) returned 1 [0095.230] SetEvent (hEvent=0x120) returned 1 [0095.230] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.231] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.231] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.232] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.232] GetFileType (hFile=0x14c) returned 0x1 [0095.232] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000ea2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000277d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea2c0*, lpNumberOfBytesWritten=0xc000277d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.233] CloseHandle (hObject=0x14c) returned 1 [0095.241] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.242] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.242] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.242] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.242] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.242] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.242] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.243] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5)) returned 1 [0095.243] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.243] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.243] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.243] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.243] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.243] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.243] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd)) returned 1 [0095.252] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.252] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.252] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.253] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.253] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.253] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.253] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.253] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda)) returned 1 [0095.253] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.254] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.254] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.254] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.254] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.254] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.254] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.254] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4)) returned 1 [0095.259] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0095.260] VirtualAlloc (lpAddress=0xc000148000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000148000 [0095.260] VirtualAlloc (lpAddress=0xc00014a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014a000 [0095.261] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.261] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.261] VirtualAlloc (lpAddress=0xc00014c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014c000 [0095.262] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.262] VirtualAlloc (lpAddress=0xc00014e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014e000 [0095.263] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.263] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.263] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.263] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.263] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0)) returned 1 [0095.264] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865d1c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.264] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.264] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865d1c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.264] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865d1c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.264] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.264] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.265] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.265] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf)) returned 1 [0095.272] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.273] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f7db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865f7db0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.273] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.275] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.275] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f7db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865f7db0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.275] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f7db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865f7db0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.275] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f8580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.276] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.276] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f8580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9)) returned 1 [0095.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.276] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.277] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.277] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.277] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0xc3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.277] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.277] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.277] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0xc3)) returned 1 [0095.286] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0095.287] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.288] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.288] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.288] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.288] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.288] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.288] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.288] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5)) returned 1 [0095.289] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.289] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.289] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.289] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.289] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.289] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.289] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.289] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce)) returned 1 [0095.318] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.328] SetEvent (hEvent=0x108) returned 1 [0095.328] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.331] SetEvent (hEvent=0x100) returned 1 [0095.332] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.596] SetEvent (hEvent=0x13c) returned 1 [0095.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0095.597] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0095.598] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.602] SetEvent (hEvent=0x13c) returned 1 [0095.602] GetFileType (hFile=0x14c) returned 0x1 [0095.602] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.611] GetFileType (hFile=0x14c) returned 0x1 [0095.611] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0095.611] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0095.611] ReadFile (in: hFile=0x14c, lpBuffer=0xc000196000, nNumberOfBytesToRead=0x2ce, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc000196000*, lpNumberOfBytesRead=0xc000175c04*=0xce, lpOverlapped=0x0) returned 1 [0095.613] ReadFile (in: hFile=0x14c, lpBuffer=0xc0001960ce, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001960ce*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0095.613] CloseHandle (hObject=0x14c) returned 1 [0095.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0095.614] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000175d04 | out: lpMode=0xc000175d04) returned 0 [0095.621] GetFileType (hFile=0x14c) returned 0x1 [0095.621] WriteFile (in: hFile=0x14c, lpBuffer=0xc000198000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc000175cec, lpOverlapped=0x0 | out: lpBuffer=0xc000198000*, lpNumberOfBytesWritten=0xc000175cec*=0xd0, lpOverlapped=0x0) returned 1 [0095.622] CloseHandle (hObject=0x14c) returned 1 [0095.624] VirtualAlloc (lpAddress=0xc0001c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c6000 [0095.624] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0095.624] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0095.624] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0095.625] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0095.625] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0095.625] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0095.639] GetFileType (hFile=0x14c) returned 0x1 [0095.639] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000ec2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ec2c0*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.639] CloseHandle (hObject=0x14c) returned 1 [0095.640] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0095.641] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0095.641] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.642] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.734] SetEvent (hEvent=0x120) returned 1 [0095.734] SwitchToThread () returned 1 [0095.735] SetEvent (hEvent=0x9c) returned 1 [0095.735] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.783] SetEvent (hEvent=0x9c) returned 1 [0095.783] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.789] SetEvent (hEvent=0x120) returned 1 [0095.789] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.795] SetEvent (hEvent=0x120) returned 1 [0095.795] SetEvent (hEvent=0x9c) returned 1 [0095.795] SetEvent (hEvent=0x114) returned 1 [0095.795] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.801] SwitchToThread () returned 1 [0095.808] SetEvent (hEvent=0x120) returned 1 [0095.808] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.810] SetEvent (hEvent=0xb8) returned 1 [0095.810] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.813] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.832] SetEvent (hEvent=0x120) returned 1 [0095.832] SetEvent (hEvent=0xb8) returned 1 [0095.832] WriteFile (in: hFile=0xfc, lpBuffer=0xc000054000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesWritten=0xc00012dd4c*=0x158, lpOverlapped=0x0) returned 1 [0095.832] CloseHandle (hObject=0xfc) returned 1 [0095.833] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.840] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0095.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xfc [0095.840] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc000069cf4 | out: lpMode=0xc000069cf4) returned 0 [0095.852] GetFileType (hFile=0xfc) returned 0x1 [0095.852] GetFileType (hFile=0xfc) returned 0x1 [0095.852] GetFileInformationByHandle (in: hFile=0xfc, lpFileInformation=0xc000069d44 | out: lpFileInformation=0xc000069d44) returned 1 [0095.852] GetFileInformationByHandleEx (in: hFile=0xfc, FileInformationClass=0x9, lpFileInformation=0xc000069d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000069d28) returned 1 [0095.852] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0095.853] ReadFile (in: hFile=0xfc, lpBuffer=0xc0000f0000, nNumberOfBytesToRead=0x2da, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesRead=0xc000069c04*=0xda, lpOverlapped=0x0) returned 1 [0095.854] ReadFile (in: hFile=0xfc, lpBuffer=0xc0000f00da, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f00da*, lpNumberOfBytesRead=0xc000069c04*=0x0, lpOverlapped=0x0) returned 1 [0095.854] CloseHandle (hObject=0xfc) returned 1 [0095.854] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0095.855] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0095.856] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0095.856] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0095.856] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0095.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0095.858] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc000069d04 | out: lpMode=0xc000069d04) returned 0 [0095.861] GetFileType (hFile=0xfc) returned 0x1 [0095.861] WriteFile (in: hFile=0xfc, lpBuffer=0xc00011e000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000069cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011e000*, lpNumberOfBytesWritten=0xc000069cec*=0xe0, lpOverlapped=0x0) returned 1 [0095.862] CloseHandle (hObject=0xfc) returned 1 [0095.863] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0095.863] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0095.864] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0095.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0095.864] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc000069d64 | out: lpMode=0xc000069d64) returned 0 [0095.868] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.873] GetFileType (hFile=0xfc) returned 0x1 [0095.873] WriteFile (in: hFile=0xfc, lpBuffer=0xc000054000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000069d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesWritten=0xc000069d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.873] CloseHandle (hObject=0xfc) returned 1 [0095.876] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.877] SetEvent (hEvent=0xb8) returned 1 [0095.877] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.891] SetEvent (hEvent=0x100) returned 1 [0095.892] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.923] SetEvent (hEvent=0x114) returned 1 [0095.923] SetEvent (hEvent=0x9c) returned 1 [0095.923] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0095.977] SetEvent (hEvent=0x120) returned 1 [0095.977] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.002] SetEvent (hEvent=0x114) returned 1 [0096.002] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.008] SetEvent (hEvent=0x9c) returned 1 [0096.008] SetEvent (hEvent=0xb8) returned 1 [0096.008] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.036] SetEvent (hEvent=0x13c) returned 1 [0096.036] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.107] SetEvent (hEvent=0x13c) returned 1 [0096.108] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.165] SetEvent (hEvent=0x120) returned 1 [0096.165] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0096.165] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000279cf4 | out: lpMode=0xc000279cf4) returned 0 [0096.170] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.171] SetEvent (hEvent=0xc0) returned 1 [0096.171] SetEvent (hEvent=0x120) returned 1 [0096.171] GetFileType (hFile=0x14c) returned 0x1 [0096.171] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.174] GetFileType (hFile=0x14c) returned 0x1 [0096.174] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc000279d44 | out: lpFileInformation=0xc000279d44) returned 1 [0096.174] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc000279d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000279d28) returned 1 [0096.174] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0096.174] ReadFile (in: hFile=0x14c, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x301, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc000279c04*=0x101, lpOverlapped=0x0) returned 1 [0096.176] ReadFile (in: hFile=0x14c, lpBuffer=0xc00003c101, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c101*, lpNumberOfBytesRead=0xc000279c04*=0x0, lpOverlapped=0x0) returned 1 [0096.176] CloseHandle (hObject=0x14c) returned 1 [0096.176] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0096.176] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0096.177] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000279d04 | out: lpMode=0xc000279d04) returned 0 [0096.189] GetFileType (hFile=0x14c) returned 0x1 [0096.189] WriteFile (in: hFile=0x14c, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000279cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc000279cec*=0x110, lpOverlapped=0x0) returned 1 [0096.190] CloseHandle (hObject=0x14c) returned 1 [0096.191] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0096.192] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0096.192] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0096.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0096.192] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000279d64 | out: lpMode=0xc000279d64) returned 0 [0096.199] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.228] GetFileType (hFile=0x14c) returned 0x1 [0096.228] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0096.229] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000dc000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000279d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesWritten=0xc000279d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.229] CloseHandle (hObject=0x14c) returned 1 [0096.230] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.231] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.233] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.233] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0096.233] SetEvent (hEvent=0xc0) returned 1 [0096.233] VirtualAlloc (lpAddress=0xc0000ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ec000 [0096.234] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00002bc00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x150 [0096.235] CloseHandle (hObject=0x150) returned 1 [0096.235] SetEvent (hEvent=0x15c) returned 1 [0096.235] SetEvent (hEvent=0x108) returned 1 [0096.236] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.244] SetEvent (hEvent=0xfc) returned 1 [0096.244] SetEvent (hEvent=0x108) returned 1 [0096.244] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.245] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.246] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0096.246] SetEvent (hEvent=0xb8) returned 1 [0096.246] SetEvent (hEvent=0x13c) returned 1 [0096.246] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.254] SetEvent (hEvent=0x9c) returned 1 [0096.254] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.278] SetEvent (hEvent=0x12c) returned 1 [0096.278] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.279] SetEvent (hEvent=0x12c) returned 1 [0096.279] SetEvent (hEvent=0x100) returned 1 [0096.279] VirtualFree (lpAddress=0xc000192000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.279] VirtualFree (lpAddress=0xc00017a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0096.279] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.280] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.280] VirtualFree (lpAddress=0xc000142000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.280] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.280] VirtualFree (lpAddress=0xc0000f4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0096.281] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.281] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.281] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.281] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.282] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.282] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.282] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.282] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010078*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e3818, lpReserved=0x0 | out: lpBuffer=0xc000010078*, lpNumberOfCharsWritten=0xc0006e3818*=0x3) returned 1 [0096.284] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.286] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010110*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000275818, lpReserved=0x0 | out: lpBuffer=0xc000010110*, lpNumberOfCharsWritten=0xc000275818*=0x3) returned 1 [0096.288] SetEvent (hEvent=0x100) returned 1 [0096.288] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010116*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00010d818, lpReserved=0x0 | out: lpBuffer=0xc000010116*, lpNumberOfCharsWritten=0xc00010d818*=0x3) returned 1 [0096.289] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.290] SetEvent (hEvent=0x12c) returned 1 [0096.290] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.291] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000257818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc000257818*=0x3) returned 1 [0096.294] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000067818, lpReserved=0x0 | out: lpBuffer=0xc0000a0006*, lpNumberOfCharsWritten=0xc000067818*=0x3) returned 1 [0096.295] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000eb818, lpReserved=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfCharsWritten=0xc0000eb818*=0x3) returned 1 [0096.297] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00010f818, lpReserved=0x0 | out: lpBuffer=0xc000102080*, lpNumberOfCharsWritten=0xc00010f818*=0x3) returned 1 [0096.302] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102086*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc000102086*, lpNumberOfCharsWritten=0xc000241818*=0x3) returned 1 [0096.318] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.322] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a04a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000e7818, lpReserved=0x0 | out: lpBuffer=0xc0000a04a0*, lpNumberOfCharsWritten=0xc0000e7818*=0x3) returned 1 [0096.328] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0096.329] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a04a6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00004b818, lpReserved=0x0 | out: lpBuffer=0xc0000a04a6*, lpNumberOfCharsWritten=0xc00004b818*=0x3) returned 1 [0096.336] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.342] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586320*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000e5818, lpReserved=0x0 | out: lpBuffer=0xc000586320*, lpNumberOfCharsWritten=0xc0000e5818*=0x3) returned 1 [0096.353] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586326*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc000586326*, lpNumberOfCharsWritten=0xc000175818*=0x3) returned 1 [0096.365] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.372] SetEvent (hEvent=0x12c) returned 1 [0096.372] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.432] VirtualFree (lpAddress=0xc000176000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.433] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0096.433] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0096.434] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0096.434] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000049cf4 | out: lpMode=0xc000049cf4) returned 0 [0096.435] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.436] SetEvent (hEvent=0xc0) returned 1 [0096.436] GetFileType (hFile=0x128) returned 0x1 [0096.436] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.441] SetEvent (hEvent=0xb8) returned 1 [0096.441] GetFileType (hFile=0x128) returned 0x1 [0096.441] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.447] SetEvent (hEvent=0xb8) returned 1 [0096.447] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000049d44 | out: lpFileInformation=0xc000049d44) returned 1 [0096.447] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000049d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000049d28) returned 1 [0096.447] ReadFile (in: hFile=0x128, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x305, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc000049c04*=0x105, lpOverlapped=0x0) returned 1 [0096.448] ReadFile (in: hFile=0x128, lpBuffer=0xc0000a2105, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2105*, lpNumberOfBytesRead=0xc000049c04*=0x0, lpOverlapped=0x0) returned 1 [0096.449] CloseHandle (hObject=0x128) returned 1 [0096.449] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0096.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0096.450] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000049d04 | out: lpMode=0xc000049d04) returned 0 [0096.451] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.457] GetFileType (hFile=0x128) returned 0x1 [0096.457] WriteFile (in: hFile=0x128, lpBuffer=0xc00013a120*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000049cec, lpOverlapped=0x0 | out: lpBuffer=0xc00013a120*, lpNumberOfBytesWritten=0xc000049cec*=0x110, lpOverlapped=0x0) returned 1 [0096.459] CloseHandle (hObject=0x128) returned 1 [0096.465] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0096.465] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0096.465] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0096.466] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0096.466] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0096.466] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0096.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0096.467] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000049d64 | out: lpMode=0xc000049d64) returned 0 [0096.477] GetFileType (hFile=0x128) returned 0x1 [0096.477] WriteFile (in: hFile=0x128, lpBuffer=0xc000146580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000049d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000146580*, lpNumberOfBytesWritten=0xc000049d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.478] CloseHandle (hObject=0x128) returned 1 [0096.480] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.481] SwitchToThread () returned 1 [0096.550] SetEvent (hEvent=0x12c) returned 1 [0096.550] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.591] SetEvent (hEvent=0x120) returned 1 [0096.591] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.644] SetEvent (hEvent=0x12c) returned 1 [0096.644] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.657] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0096.657] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0096.657] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0096.658] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0096.658] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0096.658] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0096.658] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0096.659] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00013fcf4 | out: lpMode=0xc00013fcf4) returned 0 [0096.672] GetFileType (hFile=0x16c) returned 0x1 [0096.673] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0096.673] GetFileType (hFile=0x16c) returned 0x1 [0096.673] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc00013fd44 | out: lpFileInformation=0xc00013fd44) returned 1 [0096.673] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc00013fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013fd28) returned 1 [0096.673] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0096.673] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0096.674] ReadFile (in: hFile=0x16c, lpBuffer=0xc000178000, nNumberOfBytesToRead=0x301, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000178000*, lpNumberOfBytesRead=0xc00013fc04*=0x101, lpOverlapped=0x0) returned 1 [0096.675] ReadFile (in: hFile=0x16c, lpBuffer=0xc000178101, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000178101*, lpNumberOfBytesRead=0xc00013fc04*=0x0, lpOverlapped=0x0) returned 1 [0096.675] CloseHandle (hObject=0x16c) returned 1 [0096.675] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0096.675] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0096.675] VirtualAlloc (lpAddress=0xc00017e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017e000 [0096.676] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0096.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0096.677] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00013fd04 | out: lpMode=0xc00013fd04) returned 0 [0096.693] GetFileType (hFile=0x16c) returned 0x1 [0096.694] WriteFile (in: hFile=0x16c, lpBuffer=0xc000104000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc00013fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesWritten=0xc00013fcec*=0x110, lpOverlapped=0x0) returned 1 [0096.695] CloseHandle (hObject=0x16c) returned 1 [0096.697] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0096.697] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0096.698] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00013fd64 | out: lpMode=0xc00013fd64) returned 0 [0096.703] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.706] SetEvent (hEvent=0x120) returned 1 [0096.707] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.707] SetEvent (hEvent=0x120) returned 1 [0096.707] SetEvent (hEvent=0x12c) returned 1 [0096.707] VirtualFree (lpAddress=0xc0001ac000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0096.708] VirtualFree (lpAddress=0xc000176000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0096.708] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.708] VirtualFree (lpAddress=0xc000158000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0096.709] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.709] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.709] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.709] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.710] VirtualFree (lpAddress=0xc0000f2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0096.710] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.710] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.710] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.711] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.711] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.711] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.711] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.712] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.712] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.712] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.712] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.713] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.713] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.713] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.713] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.714] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.714] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.714] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.714] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x152, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.714] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.714] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.714] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0096.715] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x152)) returned 1 [0096.715] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.715] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.715] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.716] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.716] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f7ed20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.716] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.716] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.716] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f7ed20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112)) returned 1 [0096.717] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.719] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.720] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.720] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.720] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.720] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.720] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.720] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c)) returned 1 [0096.721] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.721] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.721] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.721] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.721] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.721] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.722] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.722] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11f)) returned 1 [0096.723] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.728] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0096.728] SetEvent (hEvent=0x120) returned 1 [0096.728] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.728] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.730] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.730] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.730] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.730] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.730] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.730] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.730] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fca810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfd)) returned 1 [0096.731] VirtualAlloc (lpAddress=0xc0000f2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f2000 [0096.731] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.731] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.732] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.732] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.732] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x164, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.732] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.732] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.732] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x164)) returned 1 [0096.739] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.743] SetEvent (hEvent=0x120) returned 1 [0096.813] SetEvent (hEvent=0x120) returned 1 [0096.813] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.814] SetEvent (hEvent=0x120) returned 1 [0096.814] SetEvent (hEvent=0xb8) returned 1 [0096.814] VirtualFree (lpAddress=0xc0001b4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0096.814] VirtualFree (lpAddress=0xc000198000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.815] VirtualFree (lpAddress=0xc00006c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0096.815] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.815] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.815] GetFileType (hFile=0x150) returned 0x1 [0096.816] WriteFile (in: hFile=0x150, lpBuffer=0xc000082200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc00018bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000082200*, lpNumberOfBytesWritten=0xc00018bcec*=0x100, lpOverlapped=0x0) returned 1 [0096.817] CloseHandle (hObject=0x150) returned 1 [0096.820] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0096.821] VirtualAlloc (lpAddress=0xc0001ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ba000 [0096.821] VirtualAlloc (lpAddress=0xc0001bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001bc000 [0096.822] VirtualAlloc (lpAddress=0xc0001be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001be000 [0096.822] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0096.822] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0096.823] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00018bd64 | out: lpMode=0xc00018bd64) returned 0 [0096.823] GetFileType (hFile=0x150) returned 0x1 [0096.823] WriteFile (in: hFile=0x150, lpBuffer=0xc0001466e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001466e0*, lpNumberOfBytesWritten=0xc00018bd4c*=0x158, lpOverlapped=0x0) returned 1 [0096.823] CloseHandle (hObject=0x150) returned 1 [0096.829] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.844] GetFileType (hFile=0x154) returned 0x1 [0096.844] WriteFile (in: hFile=0x154, lpBuffer=0xc000146840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000171d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000146840*, lpNumberOfBytesWritten=0xc000171d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.845] CloseHandle (hObject=0x154) returned 1 [0096.849] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0096.849] VirtualAlloc (lpAddress=0xc0001c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c4000 [0096.850] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\encry-verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\encry-verified_contents.json"), dwFlags=0x1) returned 1 [0096.851] WriteFile (in: hFile=0x128, lpBuffer=0xc000146b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000146b00*, lpNumberOfBytesWritten=0xc00010fd4c*=0x158, lpOverlapped=0x0) returned 1 [0096.851] CloseHandle (hObject=0x128) returned 1 [0096.857] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.857] GetFileType (hFile=0xf4) returned 0x1 [0096.857] WriteFile (in: hFile=0xf4, lpBuffer=0xc00013a000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc0000ebcec, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesWritten=0xc0000ebcec*=0x120, lpOverlapped=0x0) returned 1 [0096.858] CloseHandle (hObject=0xf4) returned 1 [0096.860] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082501 | out: pbBuffer=0xc000082501) returned 1 [0096.860] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0096.861] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000ebd64 | out: lpMode=0xc0000ebd64) returned 0 [0096.867] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.869] SetEvent (hEvent=0x12c) returned 1 [0096.869] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.871] SetEvent (hEvent=0x120) returned 1 [0096.871] SetEvent (hEvent=0x100) returned 1 [0096.871] VirtualFree (lpAddress=0xc0001be000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0096.871] VirtualFree (lpAddress=0xc000190000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0096.872] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.872] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.872] SetEvent (hEvent=0x12c) returned 1 [0096.872] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.881] SetEvent (hEvent=0x100) returned 1 [0096.881] SetEvent (hEvent=0xb8) returned 1 [0096.881] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.888] SetEvent (hEvent=0x100) returned 1 [0096.888] SetEvent (hEvent=0xb8) returned 1 [0096.888] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.898] SetEvent (hEvent=0x12c) returned 1 [0096.898] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.900] SetEvent (hEvent=0x12c) returned 1 [0096.900] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.900] SetEvent (hEvent=0x12c) returned 1 [0096.900] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.900] SetEvent (hEvent=0x12c) returned 1 [0096.901] SetEvent (hEvent=0x100) returned 1 [0096.901] VirtualFree (lpAddress=0xc0001c6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.901] VirtualFree (lpAddress=0xc000132000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.901] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.901] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0096.902] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0096.902] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000e5cf4 | out: lpMode=0xc0000e5cf4) returned 0 [0096.915] GetFileType (hFile=0xec) returned 0x1 [0096.915] GetFileType (hFile=0xec) returned 0x1 [0096.915] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0000e5d44 | out: lpFileInformation=0xc0000e5d44) returned 1 [0096.916] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0000e5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000e5d28) returned 1 [0096.916] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0096.916] ReadFile (in: hFile=0xec, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x30c, lpNumberOfBytesRead=0xc0000e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc0000e5c04*=0x10c, lpOverlapped=0x0) returned 1 [0096.917] ReadFile (in: hFile=0xec, lpBuffer=0xc00009410c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00009410c*, lpNumberOfBytesRead=0xc0000e5c04*=0x0, lpOverlapped=0x0) returned 1 [0096.917] CloseHandle (hObject=0xec) returned 1 [0096.917] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0096.918] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0096.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0096.919] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000e5d04 | out: lpMode=0xc0000e5d04) returned 0 [0096.922] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.930] SetEvent (hEvent=0x12c) returned 1 [0096.930] GetFileType (hFile=0xec) returned 0x1 [0096.930] WriteFile (in: hFile=0xec, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc0000e5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc0000e5cec*=0x110, lpOverlapped=0x0) returned 1 [0096.931] CloseHandle (hObject=0xec) returned 1 [0096.933] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0096.933] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0096.933] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0096.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0096.934] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000e5d64 | out: lpMode=0xc0000e5d64) returned 0 [0096.949] GetFileType (hFile=0xec) returned 0x1 [0096.949] WriteFile (in: hFile=0xec, lpBuffer=0xc0001202c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000e5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001202c0*, lpNumberOfBytesWritten=0xc0000e5d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.950] CloseHandle (hObject=0xec) returned 1 [0096.957] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.958] VirtualFree (lpAddress=0xc0001ca000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0096.958] VirtualFree (lpAddress=0xc0001a4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0096.958] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.959] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.959] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.959] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.959] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.959] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.959] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e)) returned 1 [0096.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.960] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.960] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.960] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x161, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.960] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.960] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x161)) returned 1 [0096.965] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.965] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.965] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.965] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.966] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.966] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117)) returned 1 [0096.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.966] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.966] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.966] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x111, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.967] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.967] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.967] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ff1910, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x111)) returned 1 [0096.971] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.971] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.971] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.971] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.971] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.972] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.972] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.972] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10b)) returned 1 [0096.972] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.972] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.972] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.972] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.972] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0x2bd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0096.972] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.972] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.973] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0x2bd5)) returned 1 [0096.979] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.982] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.983] SetEvent (hEvent=0x12c) returned 1 [0096.983] SetEvent (hEvent=0x120) returned 1 [0096.983] SetEvent (hEvent=0x13c) returned 1 [0096.983] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0096.987] SetEvent (hEvent=0x120) returned 1 [0096.987] VirtualFree (lpAddress=0xc0001bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.987] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.988] VirtualFree (lpAddress=0xc000136000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.988] VirtualFree (lpAddress=0xc000132000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.988] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.989] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.989] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.989] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.989] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.990] VirtualFree (lpAddress=0xc00004e000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0096.990] SetEvent (hEvent=0x13c) returned 1 [0096.990] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.023] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.048] SetEvent (hEvent=0x12c) returned 1 [0097.048] SetEvent (hEvent=0x15c) returned 1 [0097.048] SetEvent (hEvent=0x9c) returned 1 [0097.048] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.136] SetEvent (hEvent=0x15c) returned 1 [0097.136] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.141] SetEvent (hEvent=0x12c) returned 1 [0097.141] SetEvent (hEvent=0xb8) returned 1 [0097.141] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.143] SetEvent (hEvent=0x12c) returned 1 [0097.143] SetEvent (hEvent=0x15c) returned 1 [0097.143] VirtualFree (lpAddress=0xc0001ea000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0097.144] VirtualFree (lpAddress=0xc000176000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.144] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.145] VirtualFree (lpAddress=0xc00015c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.145] VirtualFree (lpAddress=0xc000158000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.145] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.145] VirtualFree (lpAddress=0xc000134000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.146] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.146] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.146] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.146] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.147] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.147] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.147] SetEvent (hEvent=0xb8) returned 1 [0097.147] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.149] SetEvent (hEvent=0x15c) returned 1 [0097.149] SetEvent (hEvent=0xb8) returned 1 [0097.149] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.166] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.169] SetEvent (hEvent=0x12c) returned 1 [0097.170] SetEvent (hEvent=0x13c) returned 1 [0097.170] SetEvent (hEvent=0xb8) returned 1 [0097.170] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.176] SetEvent (hEvent=0x13c) returned 1 [0097.176] SetEvent (hEvent=0x15c) returned 1 [0097.176] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.182] SetEvent (hEvent=0xb8) returned 1 [0097.182] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.183] SetEvent (hEvent=0xb8) returned 1 [0097.183] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.183] SetEvent (hEvent=0xb8) returned 1 [0097.183] SetEvent (hEvent=0x12c) returned 1 [0097.183] VirtualFree (lpAddress=0xc0001fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.184] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.184] VirtualFree (lpAddress=0xc0001da000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.184] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.184] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.185] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.185] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.185] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.186] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.186] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.192] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.192] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0097.192] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0097.192] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0097.192] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0097.192] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0097.192] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0097.192] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0097.192] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="he", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0097.193] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0097.194] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0097.194] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0097.194] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0097.194] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0097.194] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0097.194] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0097.194] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0097.194] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0097.194] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.194] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.195] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.196] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.196] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.196] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.196] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.196] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.196] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.196] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0097.197] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0097.197] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.197] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.204] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.204] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.205] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.205] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.205] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.205] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.205] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.206] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.206] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x851f1e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.206] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.206] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.206] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.206] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x851f1e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.206] VirtualAlloc (lpAddress=0xc000190000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000190000 [0097.207] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.214] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.223] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.223] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.234] SetEvent (hEvent=0x12c) returned 1 [0097.234] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.237] SetEvent (hEvent=0x13c) returned 1 [0097.237] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.238] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0097.238] SetEvent (hEvent=0x9c) returned 1 [0097.238] SetEvent (hEvent=0x13c) returned 1 [0097.239] SetEvent (hEvent=0x15c) returned 1 [0097.239] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.247] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.247] SetEvent (hEvent=0x15c) returned 1 [0097.247] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.252] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0097.252] SetEvent (hEvent=0x12c) returned 1 [0097.252] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.255] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.256] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0097.256] SetEvent (hEvent=0x15c) returned 1 [0097.256] SetEvent (hEvent=0xb8) returned 1 [0097.257] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.257] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.257] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.261] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.261] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0097.261] SetEvent (hEvent=0x15c) returned 1 [0097.261] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.267] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.268] GetFileType (hFile=0xec) returned 0x1 [0097.268] WriteFile (in: hFile=0xec, lpBuffer=0xc000204000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000129d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000204000*, lpNumberOfBytesWritten=0xc000129d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.268] CloseHandle (hObject=0xec) returned 1 [0097.268] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.274] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.277] SetEvent (hEvent=0x15c) returned 1 [0097.277] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.290] SetEvent (hEvent=0x12c) returned 1 [0097.290] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.300] SetEvent (hEvent=0x12c) returned 1 [0097.300] SwitchToThread () returned 1 [0097.303] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0097.303] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000063cf4 | out: lpMode=0xc000063cf4) returned 0 [0097.308] GetFileType (hFile=0xec) returned 0x1 [0097.309] GetFileType (hFile=0xec) returned 0x1 [0097.309] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000063d44 | out: lpFileInformation=0xc000063d44) returned 1 [0097.309] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000063d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000063d28) returned 1 [0097.309] ReadFile (in: hFile=0xec, lpBuffer=0xc0002182c0, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002182c0*, lpNumberOfBytesRead=0xc000063c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.310] ReadFile (in: hFile=0xec, lpBuffer=0xc000218373, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc000218373*, lpNumberOfBytesRead=0xc000063c04*=0x0, lpOverlapped=0x0) returned 1 [0097.310] CloseHandle (hObject=0xec) returned 1 [0097.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.311] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000063d04 | out: lpMode=0xc000063d04) returned 0 [0097.317] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.333] SetEvent (hEvent=0x13c) returned 1 [0097.333] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.348] SetEvent (hEvent=0x12c) returned 1 [0097.348] SetEvent (hEvent=0x120) returned 1 [0097.348] SetEvent (hEvent=0xb8) returned 1 [0097.348] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.352] SetEvent (hEvent=0x12c) returned 1 [0097.352] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.359] SetEvent (hEvent=0x12c) returned 1 [0097.359] VirtualFree (lpAddress=0xc00022c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.359] VirtualFree (lpAddress=0xc000132000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.360] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.360] GetFileType (hFile=0xec) returned 0x1 [0097.360] WriteFile (in: hFile=0xec, lpBuffer=0xc0002200c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000063cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002200c0*, lpNumberOfBytesWritten=0xc000063cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.361] CloseHandle (hObject=0xec) returned 1 [0097.361] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0097.361] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0097.362] VirtualAlloc (lpAddress=0xc000296000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000296000 [0097.362] VirtualAlloc (lpAddress=0xc000298000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000298000 [0097.362] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0097.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.363] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000063d64 | out: lpMode=0xc000063d64) returned 0 [0097.365] GetFileType (hFile=0xec) returned 0x1 [0097.365] WriteFile (in: hFile=0xec, lpBuffer=0xc0002982c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000063d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002982c0*, lpNumberOfBytesWritten=0xc000063d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.366] CloseHandle (hObject=0xec) returned 1 [0097.366] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.366] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.366] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.367] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.367] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.367] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.367] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.367] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.367] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.368] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.368] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.368] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.368] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.368] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.368] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.368] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.368] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.372] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.373] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.373] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.373] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.373] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.373] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.373] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.373] VirtualAlloc (lpAddress=0xc00029c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029c000 [0097.374] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.374] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.374] VirtualAlloc (lpAddress=0xc00029e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029e000 [0097.375] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.375] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.375] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.375] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.375] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.375] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.382] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.383] SetEvent (hEvent=0x120) returned 1 [0097.383] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.407] SetEvent (hEvent=0x13c) returned 1 [0097.407] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.434] SetEvent (hEvent=0x120) returned 1 [0097.434] VirtualAlloc (lpAddress=0xc0001be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001be000 [0097.435] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0097.435] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0097.435] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00016fcf4 | out: lpMode=0xc00016fcf4) returned 0 [0097.439] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.440] SetEvent (hEvent=0xc0) returned 1 [0097.440] SetEvent (hEvent=0x120) returned 1 [0097.440] GetFileType (hFile=0x154) returned 0x1 [0097.440] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.463] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0097.463] GetFileType (hFile=0x154) returned 0x1 [0097.464] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc00016fd44 | out: lpFileInformation=0xc00016fd44) returned 1 [0097.464] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc00016fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00016fd28) returned 1 [0097.464] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0097.464] ReadFile (in: hFile=0x154, lpBuffer=0xc000178000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc00016fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000178000*, lpNumberOfBytesRead=0xc00016fc04*=0xb3, lpOverlapped=0x0) returned 1 [0097.465] ReadFile (in: hFile=0x154, lpBuffer=0xc0001780b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00016fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001780b3*, lpNumberOfBytesRead=0xc00016fc04*=0x0, lpOverlapped=0x0) returned 1 [0097.465] CloseHandle (hObject=0x154) returned 1 [0097.465] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0097.466] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0097.466] VirtualAlloc (lpAddress=0xc00017e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017e000 [0097.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.468] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00016fd04 | out: lpMode=0xc00016fd04) returned 0 [0097.468] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.469] GetFileType (hFile=0x154) returned 0x1 [0097.469] VirtualAlloc (lpAddress=0xc000268000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000268000 [0097.470] WriteFile (in: hFile=0x154, lpBuffer=0xc00017e000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc00016fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00017e000*, lpNumberOfBytesWritten=0xc00016fcec*=0xc0, lpOverlapped=0x0) returned 1 [0097.471] CloseHandle (hObject=0x154) returned 1 [0097.471] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0097.471] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0097.472] VirtualAlloc (lpAddress=0xc00026c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026c000 [0097.472] VirtualAlloc (lpAddress=0xc00026e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026e000 [0097.472] VirtualAlloc (lpAddress=0xc000270000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000270000 [0097.473] VirtualAlloc (lpAddress=0xc000272000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000272000 [0097.473] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0097.474] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0097.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.474] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00016fd64 | out: lpMode=0xc00016fd64) returned 0 [0097.475] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.478] GetFileType (hFile=0x154) returned 0x1 [0097.478] WriteFile (in: hFile=0x154, lpBuffer=0xc00027e2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00016fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00027e2c0*, lpNumberOfBytesWritten=0xc00016fd4c*=0x158, lpOverlapped=0x0) returned 1 [0097.479] CloseHandle (hObject=0x154) returned 1 [0097.479] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.480] GetFileType (hFile=0xec) returned 0x1 [0097.480] GetFileType (hFile=0xec) returned 0x1 [0097.480] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0000c1d44 | out: lpFileInformation=0xc0000c1d44) returned 1 [0097.480] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0000c1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c1d28) returned 1 [0097.480] ReadFile (in: hFile=0xec, lpBuffer=0xc0001782c0, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001782c0*, lpNumberOfBytesRead=0xc0000c1c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.481] ReadFile (in: hFile=0xec, lpBuffer=0xc000178373, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000178373*, lpNumberOfBytesRead=0xc0000c1c04*=0x0, lpOverlapped=0x0) returned 1 [0097.481] CloseHandle (hObject=0xec) returned 1 [0097.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.483] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000c1d04 | out: lpMode=0xc0000c1d04) returned 0 [0097.493] GetFileType (hFile=0xec) returned 0x1 [0097.493] WriteFile (in: hFile=0xec, lpBuffer=0xc000166000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0000c1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000166000*, lpNumberOfBytesWritten=0xc0000c1cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.494] CloseHandle (hObject=0xec) returned 1 [0097.495] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0097.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.495] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000c1d64 | out: lpMode=0xc0000c1d64) returned 0 [0097.501] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.515] SetEvent (hEvent=0x120) returned 1 [0097.515] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.516] SetEvent (hEvent=0x120) returned 1 [0097.516] SetEvent (hEvent=0x13c) returned 1 [0097.516] VirtualFree (lpAddress=0xc00027c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.516] VirtualFree (lpAddress=0xc000268000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.516] VirtualFree (lpAddress=0xc000238000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.517] VirtualFree (lpAddress=0xc00021a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.517] VirtualFree (lpAddress=0xc000206000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.517] VirtualFree (lpAddress=0xc000178000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0097.517] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.518] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.518] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.518] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.518] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.519] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.519] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0097.520] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0097.520] GetFileType (hFile=0x128) returned 0x1 [0097.520] GetFileType (hFile=0x128) returned 0x1 [0097.520] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0097.520] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0097.520] VirtualAlloc (lpAddress=0xc0001c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c6000 [0097.521] ReadFile (in: hFile=0x128, lpBuffer=0xc0001c6000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c6000*, lpNumberOfBytesRead=0xc000247c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.524] ReadFile (in: hFile=0x128, lpBuffer=0xc0001c60b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c60b3*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0097.524] CloseHandle (hObject=0x128) returned 1 [0097.524] VirtualAlloc (lpAddress=0xc0001c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c8000 [0097.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0097.526] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000247d04 | out: lpMode=0xc000247d04) returned 0 [0097.530] GetFileType (hFile=0x128) returned 0x1 [0097.530] WriteFile (in: hFile=0x128, lpBuffer=0xc000166000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000247cec, lpOverlapped=0x0 | out: lpBuffer=0xc000166000*, lpNumberOfBytesWritten=0xc000247cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.532] CloseHandle (hObject=0x128) returned 1 [0097.532] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0097.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0097.532] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0097.540] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.545] SetEvent (hEvent=0x15c) returned 1 [0097.545] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.549] SetEvent (hEvent=0x9c) returned 1 [0097.549] VirtualFree (lpAddress=0xc0002b0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.550] VirtualFree (lpAddress=0xc000262000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.550] VirtualFree (lpAddress=0xc0001c6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.550] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.551] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.551] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0097.551] SetEvent (hEvent=0x15c) returned 1 [0097.551] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.561] SetEvent (hEvent=0x9c) returned 1 [0097.561] SetEvent (hEvent=0x13c) returned 1 [0097.561] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.572] SetEvent (hEvent=0x9c) returned 1 [0097.572] SetEvent (hEvent=0x13c) returned 1 [0097.572] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0097.572] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000bbcf4 | out: lpMode=0xc0000bbcf4) returned 0 [0097.573] GetFileType (hFile=0x144) returned 0x1 [0097.573] GetFileType (hFile=0x144) returned 0x1 [0097.573] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0000bbd44 | out: lpFileInformation=0xc0000bbd44) returned 1 [0097.573] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0000bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bbd28) returned 1 [0097.573] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0097.574] ReadFile (in: hFile=0x144, lpBuffer=0xc000058000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesRead=0xc0000bbc04*=0xb3, lpOverlapped=0x0) returned 1 [0097.575] ReadFile (in: hFile=0x144, lpBuffer=0xc0000580b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000580b3*, lpNumberOfBytesRead=0xc0000bbc04*=0x0, lpOverlapped=0x0) returned 1 [0097.575] CloseHandle (hObject=0x144) returned 1 [0097.575] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0097.576] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0097.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0097.577] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000bbd04 | out: lpMode=0xc0000bbd04) returned 0 [0097.578] GetFileType (hFile=0x144) returned 0x1 [0097.578] WriteFile (in: hFile=0x144, lpBuffer=0xc00017e0c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0000bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00017e0c0*, lpNumberOfBytesWritten=0xc0000bbcec*=0xc0, lpOverlapped=0x0) returned 1 [0097.579] CloseHandle (hObject=0x144) returned 1 [0097.579] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0097.579] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0097.579] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000bbd64 | out: lpMode=0xc0000bbd64) returned 0 [0097.581] GetFileType (hFile=0x144) returned 0x1 [0097.581] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0097.581] CloseHandle (hObject=0x144) returned 1 [0097.581] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.582] GetFileType (hFile=0x128) returned 0x1 [0097.582] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.582] CloseHandle (hObject=0x128) returned 1 [0097.582] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.583] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586448*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00010d818, lpReserved=0x0 | out: lpBuffer=0xc000586448*, lpNumberOfCharsWritten=0xc00010d818*=0x3) returned 1 [0097.584] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.588] SetEvent (hEvent=0x9c) returned 1 [0097.588] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000153818, lpReserved=0x0 | out: lpBuffer=0xc0001021b0*, lpNumberOfCharsWritten=0xc000153818*=0x3) returned 1 [0097.589] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.591] SetEvent (hEvent=0x9c) returned 1 [0097.592] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.593] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000157818, lpReserved=0x0 | out: lpBuffer=0xc0005862c0*, lpNumberOfCharsWritten=0xc000157818*=0x3) returned 1 [0097.595] SwitchToThread () returned 1 [0097.701] SetEvent (hEvent=0x9c) returned 1 [0097.701] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.710] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0097.710] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0097.710] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0097.711] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0097.715] GetFileType (hFile=0xec) returned 0x1 [0097.715] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0097.715] GetFileType (hFile=0xec) returned 0x1 [0097.715] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0097.715] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0097.715] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0097.716] ReadFile (in: hFile=0xec, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc00024dc04*=0xb3, lpOverlapped=0x0) returned 1 [0097.717] ReadFile (in: hFile=0xec, lpBuffer=0xc00006c0b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c0b3*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0097.717] CloseHandle (hObject=0xec) returned 1 [0097.717] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0097.717] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.718] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00024dd04 | out: lpMode=0xc00024dd04) returned 0 [0097.724] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.725] GetFileType (hFile=0xec) returned 0x1 [0097.725] WriteFile (in: hFile=0xec, lpBuffer=0xc00017e0c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc00024dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00017e0c0*, lpNumberOfBytesWritten=0xc00024dcec*=0xc0, lpOverlapped=0x0) returned 1 [0097.726] CloseHandle (hObject=0xec) returned 1 [0097.727] VirtualAlloc (lpAddress=0xc0002d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d8000 [0097.727] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0097.727] VirtualAlloc (lpAddress=0xc0002da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002da000 [0097.727] VirtualAlloc (lpAddress=0xc0002dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002dc000 [0097.728] VirtualAlloc (lpAddress=0xc0002de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002de000 [0097.728] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.728] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0097.729] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.734] GetFileType (hFile=0xec) returned 0x1 [0097.734] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0097.734] CloseHandle (hObject=0xec) returned 1 [0097.734] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.735] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.735] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0097.735] SetEvent (hEvent=0x15c) returned 1 [0097.735] SetEvent (hEvent=0x13c) returned 1 [0097.736] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.738] SetEvent (hEvent=0x13c) returned 1 [0097.738] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.745] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.745] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0097.746] SetEvent (hEvent=0x120) returned 1 [0097.746] SetEvent (hEvent=0x12c) returned 1 [0097.746] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.748] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.748] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.749] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.749] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.749] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.749] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.749] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.750] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.750] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.750] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.750] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.750] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.750] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.757] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.761] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.762] SetEvent (hEvent=0x9c) returned 1 [0097.762] SetEvent (hEvent=0x12c) returned 1 [0097.762] SetEvent (hEvent=0x120) returned 1 [0097.762] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.766] VirtualFree (lpAddress=0xc0002de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.767] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.767] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.767] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.767] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.768] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0097.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0097.768] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00014bcf4 | out: lpMode=0xc00014bcf4) returned 0 [0097.776] GetFileType (hFile=0x154) returned 0x1 [0097.776] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0097.776] GetFileType (hFile=0x154) returned 0x1 [0097.777] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc00014bd44 | out: lpFileInformation=0xc00014bd44) returned 1 [0097.777] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc00014bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014bd28) returned 1 [0097.777] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0097.777] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0097.777] ReadFile (in: hFile=0x154, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc00014bc04*=0xb3, lpOverlapped=0x0) returned 1 [0097.778] ReadFile (in: hFile=0x154, lpBuffer=0xc0000a20b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a20b3*, lpNumberOfBytesRead=0xc00014bc04*=0x0, lpOverlapped=0x0) returned 1 [0097.778] CloseHandle (hObject=0x154) returned 1 [0097.778] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0097.779] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0097.779] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0097.779] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0097.779] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.780] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00014bd04 | out: lpMode=0xc00014bd04) returned 0 [0097.788] GetFileType (hFile=0x154) returned 0x1 [0097.788] WriteFile (in: hFile=0x154, lpBuffer=0xc0000fc000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc00014bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc000*, lpNumberOfBytesWritten=0xc00014bcec*=0xc0, lpOverlapped=0x0) returned 1 [0097.789] CloseHandle (hObject=0x154) returned 1 [0097.789] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0097.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.789] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00014bd64 | out: lpMode=0xc00014bd64) returned 0 [0097.791] GetFileType (hFile=0x154) returned 0x1 [0097.792] WriteFile (in: hFile=0x154, lpBuffer=0xc00005c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesWritten=0xc00014bd4c*=0x158, lpOverlapped=0x0) returned 1 [0097.792] CloseHandle (hObject=0x154) returned 1 [0097.792] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0097.792] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0097.793] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.793] VirtualFree (lpAddress=0xc0002da000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.794] VirtualFree (lpAddress=0xc0001ea000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0097.794] VirtualFree (lpAddress=0xc0001de000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.794] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.795] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.795] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.795] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.795] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.796] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.796] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.796] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.796] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.797] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.797] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.797] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.797] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000602c0, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000602c0*, lpNumberOfBytesRead=0xc0000f3c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.798] ReadFile (in: hFile=0xf4, lpBuffer=0xc000060373, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000060373*, lpNumberOfBytesRead=0xc0000f3c04*=0x0, lpOverlapped=0x0) returned 1 [0097.798] CloseHandle (hObject=0xf4) returned 1 [0097.798] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0097.799] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0097.800] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000f3d04 | out: lpMode=0xc0000f3d04) returned 0 [0097.801] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.803] GetFileType (hFile=0xf4) returned 0x1 [0097.803] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000fc0c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0000f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc0c0*, lpNumberOfBytesWritten=0xc0000f3cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.804] CloseHandle (hObject=0xf4) returned 1 [0097.804] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0097.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0097.804] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000f3d64 | out: lpMode=0xc0000f3d64) returned 0 [0097.807] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.807] SetEvent (hEvent=0x9c) returned 1 [0097.807] GetFileType (hFile=0xf4) returned 0x1 [0097.807] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.817] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0097.817] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0097.818] WriteFile (in: hFile=0xf4, lpBuffer=0xc00006e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesWritten=0xc0000f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.818] CloseHandle (hObject=0xf4) returned 1 [0097.818] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0097.819] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0097.819] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0097.819] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0097.820] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.820] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0097.821] SetEvent (hEvent=0x120) returned 1 [0097.821] SetEvent (hEvent=0x100) returned 1 [0097.821] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0097.822] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.829] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0097.829] SetEvent (hEvent=0x100) returned 1 [0097.829] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.838] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.838] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0097.839] SetEvent (hEvent=0xc0) returned 1 [0097.839] SetEvent (hEvent=0x120) returned 1 [0097.839] SetEvent (hEvent=0x12c) returned 1 [0097.839] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.841] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.844] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.845] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0097.845] SetEvent (hEvent=0x100) returned 1 [0097.845] SetEvent (hEvent=0x120) returned 1 [0097.845] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.847] GetFileType (hFile=0x128) returned 0x1 [0097.847] WriteFile (in: hFile=0x128, lpBuffer=0xc0000fc000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000189cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc000*, lpNumberOfBytesWritten=0xc000189cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.848] CloseHandle (hObject=0x128) returned 1 [0097.848] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0097.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0097.849] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000189d64 | out: lpMode=0xc000189d64) returned 0 [0097.857] GetFileType (hFile=0x128) returned 0x1 [0097.857] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000189d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000189d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.857] CloseHandle (hObject=0x128) returned 1 [0097.858] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.858] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.891] SetEvent (hEvent=0x13c) returned 1 [0097.891] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.897] SetEvent (hEvent=0x13c) returned 1 [0097.897] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.898] SetEvent (hEvent=0x120) returned 1 [0097.898] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.900] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0097.900] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000049cf4 | out: lpMode=0xc000049cf4) returned 0 [0097.908] GetFileType (hFile=0x154) returned 0x1 [0097.908] GetFileType (hFile=0x154) returned 0x1 [0097.908] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc000049d44 | out: lpFileInformation=0xc000049d44) returned 1 [0097.908] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc000049d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000049d28) returned 1 [0097.908] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0097.908] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0097.909] ReadFile (in: hFile=0x154, lpBuffer=0xc000104000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesRead=0xc000049c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.910] ReadFile (in: hFile=0x154, lpBuffer=0xc0001040b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001040b3*, lpNumberOfBytesRead=0xc000049c04*=0x0, lpOverlapped=0x0) returned 1 [0097.910] CloseHandle (hObject=0x154) returned 1 [0097.910] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0097.910] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0097.910] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0097.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.912] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000049d04 | out: lpMode=0xc000049d04) returned 0 [0097.917] GetFileType (hFile=0x154) returned 0x1 [0097.917] WriteFile (in: hFile=0x154, lpBuffer=0xc000120000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000049cec, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesWritten=0xc000049cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.918] CloseHandle (hObject=0x154) returned 1 [0097.919] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0097.919] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0097.919] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0097.919] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0097.920] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0097.920] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0097.921] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.921] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000049d64 | out: lpMode=0xc000049d64) returned 0 [0097.924] GetFileType (hFile=0x154) returned 0x1 [0097.924] WriteFile (in: hFile=0x154, lpBuffer=0xc0001602c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000049d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001602c0*, lpNumberOfBytesWritten=0xc000049d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.924] CloseHandle (hObject=0x154) returned 1 [0097.924] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.925] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.930] SetEvent (hEvent=0x13c) returned 1 [0097.930] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.932] SetEvent (hEvent=0x12c) returned 1 [0097.932] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.936] SetEvent (hEvent=0x13c) returned 1 [0097.936] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.943] SetEvent (hEvent=0x13c) returned 1 [0097.943] SetEvent (hEvent=0x9c) returned 1 [0097.943] SwitchToThread () returned 1 [0097.946] SetEvent (hEvent=0x13c) returned 1 [0097.946] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.948] SetEvent (hEvent=0x12c) returned 1 [0097.948] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.956] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.958] SetEvent (hEvent=0x13c) returned 1 [0097.958] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.969] SetEvent (hEvent=0x13c) returned 1 [0097.969] SetEvent (hEvent=0x9c) returned 1 [0097.969] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.970] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.970] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.970] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.970] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.971] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0097.971] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0097.972] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0097.972] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000139cf4 | out: lpMode=0xc000139cf4) returned 0 [0097.982] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.985] GetFileType (hFile=0xec) returned 0x1 [0097.985] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0097.986] GetFileType (hFile=0xec) returned 0x1 [0097.986] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000139d44 | out: lpFileInformation=0xc000139d44) returned 1 [0097.986] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000139d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000139d28) returned 1 [0097.986] ReadFile (in: hFile=0xec, lpBuffer=0xc0000a22c0, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000139c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a22c0*, lpNumberOfBytesRead=0xc000139c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.987] ReadFile (in: hFile=0xec, lpBuffer=0xc0000a2373, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000139c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2373*, lpNumberOfBytesRead=0xc000139c04*=0x0, lpOverlapped=0x0) returned 1 [0097.987] CloseHandle (hObject=0xec) returned 1 [0097.987] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0097.987] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0097.988] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0097.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.990] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000139d04 | out: lpMode=0xc000139d04) returned 0 [0097.993] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0097.993] SetEvent (hEvent=0x12c) returned 1 [0097.993] GetFileType (hFile=0xec) returned 0x1 [0097.993] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.003] SetEvent (hEvent=0x12c) returned 1 [0098.003] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d8000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000139cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesWritten=0xc000139cec*=0xc0, lpOverlapped=0x0) returned 1 [0098.004] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.009] SetEvent (hEvent=0x12c) returned 1 [0098.009] CloseHandle (hObject=0xec) returned 1 [0098.013] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0098.013] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0098.014] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0098.014] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0098.014] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0098.015] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0098.015] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0098.016] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0098.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0098.016] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000139d64 | out: lpMode=0xc000139d64) returned 0 [0098.017] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.023] GetFileType (hFile=0xec) returned 0x1 [0098.023] WriteFile (in: hFile=0xec, lpBuffer=0xc0000ee2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000139d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee2c0*, lpNumberOfBytesWritten=0xc000139d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.023] CloseHandle (hObject=0xec) returned 1 [0098.024] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0098.024] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0098.025] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0098.026] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.027] SwitchToThread () returned 1 [0098.033] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x840512f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84056110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84056110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.033] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.033] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x840512f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84056110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84056110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.033] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x840512f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84056110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84056110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.034] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84056110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84058820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.034] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.034] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.034] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84056110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84058820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12f)) returned 1 [0098.035] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84062460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84067280, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.035] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84062460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84067280, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.035] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84062460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84067280, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.035] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84067280, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.035] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.035] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.036] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84067280, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5)) returned 1 [0098.039] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.042] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.043] SetEvent (hEvent=0x12c) returned 1 [0098.043] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.043] SetEvent (hEvent=0x12c) returned 1 [0098.043] SetEvent (hEvent=0x13c) returned 1 [0098.043] SetEvent (hEvent=0x9c) returned 1 [0098.043] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.050] SetEvent (hEvent=0x13c) returned 1 [0098.050] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.051] SetEvent (hEvent=0x13c) returned 1 [0098.051] SetEvent (hEvent=0x15c) returned 1 [0098.051] SetEvent (hEvent=0x9c) returned 1 [0098.051] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.056] SwitchToThread () returned 1 [0098.060] SetEvent (hEvent=0x13c) returned 1 [0098.060] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.060] SetEvent (hEvent=0x13c) returned 1 [0098.061] SetEvent (hEvent=0x15c) returned 1 [0098.061] SetEvent (hEvent=0x9c) returned 1 [0098.061] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.066] VirtualFree (lpAddress=0xc000190000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0098.067] VirtualFree (lpAddress=0xc00006c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0098.067] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0098.068] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0098.068] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0098.069] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8406e7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8407f920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8407f920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.069] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.069] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8406e7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8407f920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8407f920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.069] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8406e7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8407f920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8407f920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.069] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8407f920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84082030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.069] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.069] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.069] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0098.070] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0098.070] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8407f920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84082030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda)) returned 1 [0098.070] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8408bc70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84090a90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.071] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8408bc70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84090a90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.071] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8408bc70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84090a90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.071] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84090a90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.071] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.071] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.071] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84090a90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf)) returned 1 [0098.084] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.089] SetEvent (hEvent=0x9c) returned 1 [0098.089] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.094] SetEvent (hEvent=0x9c) returned 1 [0098.094] SetEvent (hEvent=0x100) returned 1 [0098.094] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012f818, lpReserved=0x0 | out: lpBuffer=0xc0000100b0*, lpNumberOfCharsWritten=0xc00012f818*=0x3) returned 1 [0098.098] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100b6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc0000100b6*, lpNumberOfCharsWritten=0xc000117818*=0x3) returned 1 [0098.101] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010120*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00014d818, lpReserved=0x0 | out: lpBuffer=0xc000010120*, lpNumberOfCharsWritten=0xc00014d818*=0x3) returned 1 [0098.108] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.113] SetEvent (hEvent=0x13c) returned 1 [0098.113] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.115] SetEvent (hEvent=0x9c) returned 1 [0098.115] SetEvent (hEvent=0x12c) returned 1 [0098.115] VirtualFree (lpAddress=0xc0002ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.115] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.116] VirtualFree (lpAddress=0xc000144000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.116] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.116] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.116] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.117] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.117] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.117] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.117] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.118] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.118] SetEvent (hEvent=0x13c) returned 1 [0098.118] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.133] SetEvent (hEvent=0x13c) returned 1 [0098.133] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.137] SetEvent (hEvent=0x100) returned 1 [0098.137] SetEvent (hEvent=0x120) returned 1 [0098.137] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.139] SetEvent (hEvent=0x9c) returned 1 [0098.139] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.149] SetEvent (hEvent=0x120) returned 1 [0098.149] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.154] SetEvent (hEvent=0x100) returned 1 [0098.155] SetEvent (hEvent=0x12c) returned 1 [0098.155] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.191] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.200] SetEvent (hEvent=0x100) returned 1 [0098.200] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.202] SetEvent (hEvent=0x120) returned 1 [0098.202] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.223] SetEvent (hEvent=0x100) returned 1 [0098.223] SetEvent (hEvent=0x120) returned 1 [0098.223] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0098.223] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00019dcf4 | out: lpMode=0xc00019dcf4) returned 0 [0098.227] GetFileType (hFile=0x128) returned 0x1 [0098.227] GetFileType (hFile=0x128) returned 0x1 [0098.227] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00019dd44 | out: lpFileInformation=0xc00019dd44) returned 1 [0098.228] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00019dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00019dd28) returned 1 [0098.228] ReadFile (in: hFile=0x128, lpBuffer=0xc0000a2300, nNumberOfBytesToRead=0x2eb, lpNumberOfBytesRead=0xc00019dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2300*, lpNumberOfBytesRead=0xc00019dc04*=0xeb, lpOverlapped=0x0) returned 1 [0098.229] ReadFile (in: hFile=0x128, lpBuffer=0xc0000a23eb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00019dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a23eb*, lpNumberOfBytesRead=0xc00019dc04*=0x0, lpOverlapped=0x0) returned 1 [0098.229] CloseHandle (hObject=0x128) returned 1 [0098.229] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0098.230] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00019dd04 | out: lpMode=0xc00019dd04) returned 0 [0098.238] GetFileType (hFile=0x128) returned 0x1 [0098.238] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d84b0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00019dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d84b0*, lpNumberOfBytesWritten=0xc00019dcec*=0xf0, lpOverlapped=0x0) returned 1 [0098.239] CloseHandle (hObject=0x128) returned 1 [0098.239] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0098.240] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0098.240] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00019dd64 | out: lpMode=0xc00019dd64) returned 0 [0098.246] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.252] SetEvent (hEvent=0x100) returned 1 [0098.252] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.255] SetEvent (hEvent=0x12c) returned 1 [0098.255] VirtualFree (lpAddress=0xc00017a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.256] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.256] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.256] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.256] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.256] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.257] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.257] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.257] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.257] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.258] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102078*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000149818, lpReserved=0x0 | out: lpBuffer=0xc000102078*, lpNumberOfCharsWritten=0xc000149818*=0x3) returned 1 [0098.263] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102150*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000067818, lpReserved=0x0 | out: lpBuffer=0xc000102150*, lpNumberOfCharsWritten=0xc000067818*=0x3) returned 1 [0098.269] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.279] SetEvent (hEvent=0x12c) returned 1 [0098.279] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.294] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.295] SetEvent (hEvent=0x100) returned 1 [0098.295] SetEvent (hEvent=0x15c) returned 1 [0098.295] SetEvent (hEvent=0x12c) returned 1 [0098.296] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.308] VirtualFree (lpAddress=0xc00017e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.308] VirtualFree (lpAddress=0xc00017a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.309] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.309] VirtualFree (lpAddress=0xc000158000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.309] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.309] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.310] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.310] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.311] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.311] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.311] SetEvent (hEvent=0x12c) returned 1 [0098.311] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.369] SetEvent (hEvent=0x100) returned 1 [0098.369] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.376] SetEvent (hEvent=0x100) returned 1 [0098.376] SetEvent (hEvent=0x13c) returned 1 [0098.376] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0098.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0098.377] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0000f9cf4 | out: lpMode=0xc0000f9cf4) returned 0 [0098.378] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.383] SetEvent (hEvent=0x100) returned 1 [0098.383] GetFileType (hFile=0x148) returned 0x1 [0098.384] GetFileType (hFile=0x148) returned 0x1 [0098.384] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc0000f9d44 | out: lpFileInformation=0xc0000f9d44) returned 1 [0098.384] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc0000f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f9d28) returned 1 [0098.384] VirtualAlloc (lpAddress=0xc00020c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020c000 [0098.384] ReadFile (in: hFile=0x148, lpBuffer=0xc00020c000, nNumberOfBytesToRead=0x2e5, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00020c000*, lpNumberOfBytesRead=0xc0000f9c04*=0xe5, lpOverlapped=0x0) returned 1 [0098.386] ReadFile (in: hFile=0x148, lpBuffer=0xc00020c0e5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00020c0e5*, lpNumberOfBytesRead=0xc0000f9c04*=0x0, lpOverlapped=0x0) returned 1 [0098.386] CloseHandle (hObject=0x148) returned 1 [0098.386] VirtualAlloc (lpAddress=0xc00020e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020e000 [0098.386] VirtualAlloc (lpAddress=0xc000210000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000210000 [0098.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0098.388] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0000f9d04 | out: lpMode=0xc0000f9d04) returned 0 [0098.388] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.391] SetEvent (hEvent=0x100) returned 1 [0098.391] GetFileType (hFile=0x148) returned 0x1 [0098.391] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.489] VirtualFree (lpAddress=0xc000210000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.489] VirtualFree (lpAddress=0xc00020c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.489] VirtualFree (lpAddress=0xc000200000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.490] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.490] VirtualFree (lpAddress=0xc00015a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.490] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.490] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.491] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.491] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.491] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.491] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.492] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0098.492] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ce0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d07c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.493] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ce0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d07c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.493] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ce0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d07c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.493] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841d07c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.493] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.493] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.493] VirtualAlloc (lpAddress=0xc000214000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000214000 [0098.494] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841d07c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6)) returned 1 [0098.494] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841d55e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d7cf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.494] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.494] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841d55e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d7cf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.494] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841d55e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d7cf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.495] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841d7cf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.495] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.495] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.495] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841d7cf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2)) returned 1 [0098.500] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841dcb10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841df220, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.500] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841dcb10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841df220, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.500] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841dcb10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841df220, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.500] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841df220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.500] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.500] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.501] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841df220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe)) returned 1 [0098.501] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841eb570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f0390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.501] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.501] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841eb570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f0390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.501] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841eb570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f0390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.501] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841f0390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.501] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.501] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.502] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841f0390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb)) returned 1 [0098.508] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841f51b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f78c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.508] VirtualAlloc (lpAddress=0xc000216000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000216000 [0098.509] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841f51b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f78c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.509] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0098.509] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841f51b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f78c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.509] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841f78c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.509] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.509] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.510] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841f78c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde)) returned 1 [0098.510] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841fc6e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841fedf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.510] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.510] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841fc6e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841fedf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.510] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841fc6e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841fedf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.510] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841fedf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.510] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.510] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841fedf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec)) returned 1 [0098.523] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.534] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84203c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84206320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.534] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.535] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84203c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84206320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.535] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84203c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84206320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.535] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84206320, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.535] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.535] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.535] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84206320, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8)) returned 1 [0098.535] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8420b140, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8420d850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.536] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8420b140, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8420d850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.536] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0098.537] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8420b140, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8420d850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.537] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8420d850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.537] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.537] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.537] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8420d850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a)) returned 1 [0098.541] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.549] SetEvent (hEvent=0x15c) returned 1 [0098.549] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.551] SetEvent (hEvent=0x13c) returned 1 [0098.551] SetEvent (hEvent=0x15c) returned 1 [0098.551] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.591] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.600] SetEvent (hEvent=0x15c) returned 1 [0098.600] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.602] SetEvent (hEvent=0x9c) returned 1 [0098.602] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.605] SwitchToThread () returned 1 [0098.607] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.607] SetEvent (hEvent=0x15c) returned 1 [0098.607] SetEvent (hEvent=0x9c) returned 1 [0098.607] VirtualFree (lpAddress=0xc0001d2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.608] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.608] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.608] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.608] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.609] GetFileType (hFile=0x144) returned 0x1 [0098.609] WriteFile (in: hFile=0x144, lpBuffer=0xc0002042c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002042c0*, lpNumberOfBytesWritten=0xc0001a7d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.609] CloseHandle (hObject=0x144) returned 1 [0098.609] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.610] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0098.610] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000253cf4 | out: lpMode=0xc000253cf4) returned 0 [0098.611] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.612] GetFileType (hFile=0x144) returned 0x1 [0098.612] GetFileType (hFile=0x144) returned 0x1 [0098.612] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000253d44 | out: lpFileInformation=0xc000253d44) returned 1 [0098.612] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000253d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000253d28) returned 1 [0098.612] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0098.613] ReadFile (in: hFile=0x144, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x2eb, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc000253c04*=0xeb, lpOverlapped=0x0) returned 1 [0098.614] ReadFile (in: hFile=0x144, lpBuffer=0xc0001600eb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001600eb*, lpNumberOfBytesRead=0xc000253c04*=0x0, lpOverlapped=0x0) returned 1 [0098.614] CloseHandle (hObject=0x144) returned 1 [0098.614] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0098.615] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000253d04 | out: lpMode=0xc000253d04) returned 0 [0098.616] GetFileType (hFile=0x144) returned 0x1 [0098.616] WriteFile (in: hFile=0x144, lpBuffer=0xc00003c2d0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000253cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c2d0*, lpNumberOfBytesWritten=0xc000253cec*=0xf0, lpOverlapped=0x0) returned 1 [0098.617] CloseHandle (hObject=0x144) returned 1 [0098.617] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0098.617] VirtualAlloc (lpAddress=0xc00022c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00022c000 [0098.618] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0098.618] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000253d64 | out: lpMode=0xc000253d64) returned 0 [0098.619] GetFileType (hFile=0x144) returned 0x1 [0098.619] WriteFile (in: hFile=0x144, lpBuffer=0xc0001d8000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000253d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d8000*, lpNumberOfBytesWritten=0xc000253d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.619] CloseHandle (hObject=0x144) returned 1 [0098.620] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.621] VirtualFree (lpAddress=0xc00015a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.621] WriteFile (in: hFile=0x148, lpBuffer=0xc00020e1e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0000f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00020e1e0*, lpNumberOfBytesWritten=0xc0000f9cec*=0xf0, lpOverlapped=0x0) returned 1 [0098.623] CloseHandle (hObject=0x148) returned 1 [0098.623] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0098.623] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0098.623] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0000f9d64 | out: lpMode=0xc0000f9d64) returned 0 [0098.625] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.627] GetFileType (hFile=0x148) returned 0x1 [0098.627] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0000f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.627] CloseHandle (hObject=0x148) returned 1 [0098.628] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.628] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.640] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.642] SetEvent (hEvent=0x15c) returned 1 [0098.642] SwitchToThread () returned 1 [0098.643] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.647] SetEvent (hEvent=0x15c) returned 1 [0098.647] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.648] SetEvent (hEvent=0x13c) returned 1 [0098.648] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.652] SetEvent (hEvent=0x15c) returned 1 [0098.652] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.658] SetEvent (hEvent=0x15c) returned 1 [0098.658] SetEvent (hEvent=0x9c) returned 1 [0098.658] VirtualFree (lpAddress=0xc00017a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.658] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0098.659] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0004dbcf4 | out: lpMode=0xc0004dbcf4) returned 0 [0098.664] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.669] GetFileType (hFile=0x144) returned 0x1 [0098.669] GetFileType (hFile=0x144) returned 0x1 [0098.669] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0004dbd44 | out: lpFileInformation=0xc0004dbd44) returned 1 [0098.669] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0004dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dbd28) returned 1 [0098.669] ReadFile (in: hFile=0x144, lpBuffer=0xc000036300, nNumberOfBytesToRead=0x2ec, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000036300*, lpNumberOfBytesRead=0xc0004dbc04*=0xec, lpOverlapped=0x0) returned 1 [0098.670] ReadFile (in: hFile=0x144, lpBuffer=0xc0000363ec, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000363ec*, lpNumberOfBytesRead=0xc0004dbc04*=0x0, lpOverlapped=0x0) returned 1 [0098.670] CloseHandle (hObject=0x144) returned 1 [0098.670] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0098.671] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0004dbd04 | out: lpMode=0xc0004dbd04) returned 0 [0098.672] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.677] SetEvent (hEvent=0x13c) returned 1 [0098.677] GetFileType (hFile=0x144) returned 0x1 [0098.677] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.678] WriteFile (in: hFile=0x144, lpBuffer=0xc00003c5a0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0004dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c5a0*, lpNumberOfBytesWritten=0xc0004dbcec*=0xf0, lpOverlapped=0x0) returned 1 [0098.679] CloseHandle (hObject=0x144) returned 1 [0098.679] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0098.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0098.680] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0004dbd64 | out: lpMode=0xc0004dbd64) returned 0 [0098.743] GetFileType (hFile=0x144) returned 0x1 [0098.743] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0004dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.743] CloseHandle (hObject=0x144) returned 1 [0098.743] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.744] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0098.744] SetEvent (hEvent=0x120) returned 1 [0098.744] SetEvent (hEvent=0xb8) returned 1 [0098.744] VirtualAlloc (lpAddress=0xc000190000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000190000 [0098.746] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.752] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.752] SetEvent (hEvent=0xb8) returned 1 [0098.752] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.755] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.755] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.756] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.756] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0098.756] SetEvent (hEvent=0xb8) returned 1 [0098.756] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.777] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.778] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0098.778] SetEvent (hEvent=0xc0) returned 1 [0098.778] SetEvent (hEvent=0x13c) returned 1 [0098.778] SetEvent (hEvent=0x15c) returned 1 [0098.779] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.780] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.780] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.783] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.783] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.784] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0098.784] SetEvent (hEvent=0xc0) returned 1 [0098.784] SetEvent (hEvent=0x13c) returned 1 [0098.784] SetEvent (hEvent=0x15c) returned 1 [0098.784] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.788] SetEvent (hEvent=0x12c) returned 1 [0098.788] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.820] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.827] SetEvent (hEvent=0x12c) returned 1 [0098.827] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.828] SetEvent (hEvent=0x120) returned 1 [0098.828] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.831] SwitchToThread () returned 1 [0098.832] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.836] SetEvent (hEvent=0x12c) returned 1 [0098.836] SetEvent (hEvent=0x13c) returned 1 [0098.836] SetEvent (hEvent=0x120) returned 1 [0098.836] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.838] SetEvent (hEvent=0x12c) returned 1 [0098.838] SetEvent (hEvent=0x13c) returned 1 [0098.838] VirtualFree (lpAddress=0xc000266000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0098.839] VirtualFree (lpAddress=0xc00025a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.839] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.839] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.839] SetEvent (hEvent=0x120) returned 1 [0098.839] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.950] SetEvent (hEvent=0x12c) returned 1 [0098.950] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.969] SetEvent (hEvent=0x13c) returned 1 [0098.969] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.973] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.975] SetEvent (hEvent=0x13c) returned 1 [0098.975] SetEvent (hEvent=0x15c) returned 1 [0098.975] VirtualFree (lpAddress=0xc000226000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.975] VirtualFree (lpAddress=0xc000178000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.975] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.976] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.976] VirtualFree (lpAddress=0xc000158000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.976] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.976] GetFileType (hFile=0x128) returned 0x1 [0098.976] WriteFile (in: hFile=0x128, lpBuffer=0xc00016a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000045d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesWritten=0xc000045d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.976] CloseHandle (hObject=0x128) returned 1 [0098.977] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0098.978] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0098.978] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.981] SetEvent (hEvent=0x13c) returned 1 [0098.981] GetFileType (hFile=0x128) returned 0x1 [0098.981] GetFileType (hFile=0x128) returned 0x1 [0098.981] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0098.981] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0098.982] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0098.982] ReadFile (in: hFile=0x128, lpBuffer=0xc000040000, nNumberOfBytesToRead=0x2d4, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesRead=0xc000175c04*=0xd4, lpOverlapped=0x0) returned 1 [0098.983] ReadFile (in: hFile=0x128, lpBuffer=0xc0000400d4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000400d4*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0098.983] CloseHandle (hObject=0x128) returned 1 [0098.983] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0098.983] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0098.984] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000175d04 | out: lpMode=0xc000175d04) returned 0 [0098.985] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0098.994] GetFileType (hFile=0x128) returned 0x1 [0098.994] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0098.995] WriteFile (in: hFile=0x128, lpBuffer=0xc00005a0e0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000175cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005a0e0*, lpNumberOfBytesWritten=0xc000175cec*=0xe0, lpOverlapped=0x0) returned 1 [0098.996] CloseHandle (hObject=0x128) returned 1 [0098.996] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0098.996] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0098.996] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0098.997] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0098.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0098.997] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0099.009] GetFileType (hFile=0x128) returned 0x1 [0099.009] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.009] CloseHandle (hObject=0x128) returned 1 [0099.010] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0099.010] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0099.010] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.011] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0099.011] SetEvent (hEvent=0x15c) returned 1 [0099.011] SetEvent (hEvent=0x120) returned 1 [0099.011] VirtualAlloc (lpAddress=0xc0001b8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b8000 [0099.013] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.018] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.018] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.019] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0099.019] SetEvent (hEvent=0x120) returned 1 [0099.019] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.026] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.027] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0099.027] SetEvent (hEvent=0xc0) returned 1 [0099.027] SetEvent (hEvent=0x13c) returned 1 [0099.027] SetEvent (hEvent=0xb8) returned 1 [0099.028] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.031] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.031] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0099.032] SetEvent (hEvent=0x13c) returned 1 [0099.032] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.038] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0099.038] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0099.038] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0099.039] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0099.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0099.039] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000191cf4 | out: lpMode=0xc000191cf4) returned 0 [0099.051] GetFileType (hFile=0x150) returned 0x1 [0099.051] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0099.051] GetFileType (hFile=0x150) returned 0x1 [0099.051] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000191d44 | out: lpFileInformation=0xc000191d44) returned 1 [0099.051] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000191d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000191d28) returned 1 [0099.052] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0099.052] ReadFile (in: hFile=0x150, lpBuffer=0xc0000be000, nNumberOfBytesToRead=0x25c, lpNumberOfBytesRead=0xc000191c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesRead=0xc000191c04*=0x5c, lpOverlapped=0x0) returned 1 [0099.053] ReadFile (in: hFile=0x150, lpBuffer=0xc0000be05c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000191c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be05c*, lpNumberOfBytesRead=0xc000191c04*=0x0, lpOverlapped=0x0) returned 1 [0099.053] CloseHandle (hObject=0x150) returned 1 [0099.053] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0099.054] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0099.054] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0099.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.056] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000191d04 | out: lpMode=0xc000191d04) returned 0 [0099.069] GetFileType (hFile=0x150) returned 0x1 [0099.069] WriteFile (in: hFile=0x150, lpBuffer=0xc000344000*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0xc000191cec, lpOverlapped=0x0 | out: lpBuffer=0xc000344000*, lpNumberOfBytesWritten=0xc000191cec*=0x60, lpOverlapped=0x0) returned 1 [0099.071] CloseHandle (hObject=0x150) returned 1 [0099.071] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0099.071] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0099.071] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0099.072] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0099.072] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0099.072] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0099.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.073] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000191d64 | out: lpMode=0xc000191d64) returned 0 [0099.074] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.078] GetFileType (hFile=0x150) returned 0x1 [0099.078] WriteFile (in: hFile=0x150, lpBuffer=0xc0001c22c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000191d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c22c0*, lpNumberOfBytesWritten=0xc000191d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.081] CloseHandle (hObject=0x150) returned 1 [0099.081] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\encry-main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\encry-main.html"), dwFlags=0x1) returned 1 [0099.082] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.091] SetEvent (hEvent=0x120) returned 1 [0099.091] SetEvent (hEvent=0x13c) returned 1 [0099.091] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc0000100c0*, lpNumberOfCharsWritten=0xc0006dd818*=0x3) returned 1 [0099.101] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100c6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc0000100c6*, lpNumberOfCharsWritten=0xc000247818*=0x3) returned 1 [0099.110] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010190*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000bb818, lpReserved=0x0 | out: lpBuffer=0xc000010190*, lpNumberOfCharsWritten=0xc0000bb818*=0x3) returned 1 [0099.116] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.117] SwitchToThread () returned 1 [0099.120] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.127] SetEvent (hEvent=0x120) returned 1 [0099.127] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.133] SetEvent (hEvent=0xb8) returned 1 [0099.133] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.135] SetEvent (hEvent=0x13c) returned 1 [0099.135] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.153] SetEvent (hEvent=0x120) returned 1 [0099.153] SetEvent (hEvent=0x13c) returned 1 [0099.153] SetEvent (hEvent=0x15c) returned 1 [0099.153] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.171] SetEvent (hEvent=0x120) returned 1 [0099.171] SetEvent (hEvent=0x13c) returned 1 [0099.171] SetEvent (hEvent=0x15c) returned 1 [0099.171] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.184] SetEvent (hEvent=0x120) returned 1 [0099.184] SetEvent (hEvent=0xb8) returned 1 [0099.184] SetEvent (hEvent=0x15c) returned 1 [0099.184] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.194] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.200] SetEvent (hEvent=0x120) returned 1 [0099.200] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.200] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0099.200] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0099.201] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0099.201] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000279cf4 | out: lpMode=0xc000279cf4) returned 0 [0099.216] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.221] SetEvent (hEvent=0x120) returned 1 [0099.221] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.223] SetEvent (hEvent=0x9c) returned 1 [0099.223] SetEvent (hEvent=0x13c) returned 1 [0099.223] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.260] SetEvent (hEvent=0x9c) returned 1 [0099.260] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.266] SetEvent (hEvent=0x15c) returned 1 [0099.266] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.309] SetEvent (hEvent=0xb8) returned 1 [0099.309] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.335] SetEvent (hEvent=0x9c) returned 1 [0099.335] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.337] SetEvent (hEvent=0x12c) returned 1 [0099.337] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0099.348] SetEvent (hEvent=0x13c) returned 1 [0099.348] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0100.036] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0100.037] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.038] GetFileType (hFile=0xec) returned 0x1 [0100.038] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.039] GetFileType (hFile=0xec) returned 0x1 [0100.039] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0100.039] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0100.039] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0100.040] ReadFile (in: hFile=0xec, lpBuffer=0xc0001e8000, nNumberOfBytesToRead=0x40b, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e8000*, lpNumberOfBytesRead=0xc000247c04*=0x20b, lpOverlapped=0x0) returned 1 [0100.041] ReadFile (in: hFile=0xec, lpBuffer=0xc0001e820b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e820b*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0100.041] CloseHandle (hObject=0xec) returned 1 [0100.041] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0100.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0100.043] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000247d04 | out: lpMode=0xc000247d04) returned 0 [0100.062] GetFileType (hFile=0xec) returned 0x1 [0100.063] WriteFile (in: hFile=0xec, lpBuffer=0xc00004c000*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0xc000247cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesWritten=0xc000247cec*=0x210, lpOverlapped=0x0) returned 1 [0100.065] CloseHandle (hObject=0xec) returned 1 [0100.065] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0100.065] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0100.066] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0100.066] VirtualAlloc (lpAddress=0xc0001f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f0000 [0100.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0100.067] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0100.076] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.080] SetEvent (hEvent=0x13c) returned 1 [0100.080] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.081] SetEvent (hEvent=0x13c) returned 1 [0100.081] SetEvent (hEvent=0x100) returned 1 [0100.081] VirtualFree (lpAddress=0xc0001f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.081] VirtualFree (lpAddress=0xc0001e8000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0100.082] VirtualFree (lpAddress=0xc000160000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0100.082] VirtualFree (lpAddress=0xc00015a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.082] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.083] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.083] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.083] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.084] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.084] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.084] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.084] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.085] VirtualFree (lpAddress=0xc000052000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0100.085] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.085] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a03c8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00014d818, lpReserved=0x0 | out: lpBuffer=0xc0000a03c8*, lpNumberOfCharsWritten=0xc00014d818*=0x3) returned 1 [0100.088] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0420*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00019b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0420*, lpNumberOfCharsWritten=0xc00019b818*=0x3) returned 1 [0100.097] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0426*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0426*, lpNumberOfCharsWritten=0xc0001a3818*=0x3) returned 1 [0100.101] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.105] SetEvent (hEvent=0x120) returned 1 [0100.105] SetEvent (hEvent=0x13c) returned 1 [0100.105] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.107] SetEvent (hEvent=0x120) returned 1 [0100.107] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.108] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0100.108] SetEvent (hEvent=0xc0) returned 1 [0100.108] SetEvent (hEvent=0x12c) returned 1 [0100.108] SetEvent (hEvent=0x120) returned 1 [0100.108] SetEvent (hEvent=0xb8) returned 1 [0100.109] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.112] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0100.112] SetEvent (hEvent=0x13c) returned 1 [0100.113] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.118] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0100.118] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0100.118] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0100.119] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0100.123] GetFileType (hFile=0x174) returned 0x1 [0100.123] GetFileType (hFile=0x174) returned 0x1 [0100.123] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0100.123] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0100.123] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0100.124] ReadFile (in: hFile=0x174, lpBuffer=0xc00016a000, nNumberOfBytesToRead=0x2b1, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesRead=0xc0006ddc04*=0xb1, lpOverlapped=0x0) returned 1 [0100.128] ReadFile (in: hFile=0x174, lpBuffer=0xc00016a0b1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016a0b1*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0100.129] CloseHandle (hObject=0x174) returned 1 [0100.129] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0100.129] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0100.130] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.131] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0100.143] GetFileType (hFile=0x174) returned 0x1 [0100.143] WriteFile (in: hFile=0x174, lpBuffer=0xc0000a2000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesWritten=0xc0006ddcec*=0xc0, lpOverlapped=0x0) returned 1 [0100.144] CloseHandle (hObject=0x174) returned 1 [0100.144] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0100.144] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0100.145] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0100.146] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0100.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.146] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0100.161] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.170] GetFileType (hFile=0x174) returned 0x1 [0100.170] VirtualAlloc (lpAddress=0xc0001f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f6000 [0100.171] WriteFile (in: hFile=0x174, lpBuffer=0xc0001f6000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001f6000*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0100.171] CloseHandle (hObject=0x174) returned 1 [0100.171] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.172] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.173] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.174] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0100.174] SetEvent (hEvent=0xc0) returned 1 [0100.174] SetEvent (hEvent=0x15c) returned 1 [0100.174] SetEvent (hEvent=0x120) returned 1 [0100.174] SetEvent (hEvent=0x108) returned 1 [0100.174] VirtualAlloc (lpAddress=0xc0001f8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f8000 [0100.176] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.184] SetEvent (hEvent=0x108) returned 1 [0100.184] SetEvent (hEvent=0xfc) returned 1 [0100.184] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.185] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.185] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0100.185] SetEvent (hEvent=0x9c) returned 1 [0100.186] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.186] SetEvent (hEvent=0x100) returned 1 [0100.186] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.190] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.193] SetEvent (hEvent=0x100) returned 1 [0100.193] SetEvent (hEvent=0x12c) returned 1 [0100.193] VirtualFree (lpAddress=0xc0001f2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0100.194] VirtualFree (lpAddress=0xc0001d4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.194] VirtualFree (lpAddress=0xc0001cc000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0100.194] VirtualFree (lpAddress=0xc000176000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0100.195] VirtualFree (lpAddress=0xc000160000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.195] VirtualFree (lpAddress=0xc00015a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.195] VirtualFree (lpAddress=0xc000144000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.196] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.196] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.196] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.196] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.197] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.197] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.197] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.198] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.198] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.198] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.198] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.199] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.199] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.199] SetEvent (hEvent=0x120) returned 1 [0100.199] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.201] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.209] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.212] SetEvent (hEvent=0x100) returned 1 [0100.212] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.221] SetEvent (hEvent=0x100) returned 1 [0100.222] SetEvent (hEvent=0x15c) returned 1 [0100.222] VirtualFree (lpAddress=0xc0001f8000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0100.222] VirtualFree (lpAddress=0xc000166000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.222] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.223] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.223] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.223] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0100.224] GetFileType (hFile=0x144) returned 0x1 [0100.224] GetFileType (hFile=0x144) returned 0x1 [0100.224] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0100.224] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0100.224] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0100.224] ReadFile (in: hFile=0x144, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0x45f, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc0006e1c04*=0x25f, lpOverlapped=0x0) returned 1 [0100.230] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.232] ReadFile (in: hFile=0x144, lpBuffer=0xc00006a25f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a25f*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0100.232] CloseHandle (hObject=0x144) returned 1 [0100.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0100.234] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0100.236] GetFileType (hFile=0x144) returned 0x1 [0100.236] VirtualAlloc (lpAddress=0xc0001d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d8000 [0100.236] WriteFile (in: hFile=0x144, lpBuffer=0xc00006ca00*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006ca00*, lpNumberOfBytesWritten=0xc0006e1cec*=0x260, lpOverlapped=0x0) returned 1 [0100.237] CloseHandle (hObject=0x144) returned 1 [0100.237] VirtualAlloc (lpAddress=0xc0001da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001da000 [0100.238] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0100.238] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0100.238] VirtualAlloc (lpAddress=0xc0001e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e0000 [0100.239] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0100.239] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0100.240] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0100.240] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0100.242] GetFileType (hFile=0x144) returned 0x1 [0100.242] WriteFile (in: hFile=0x144, lpBuffer=0xc000124580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000124580*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.242] CloseHandle (hObject=0x144) returned 1 [0100.242] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.243] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.244] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.244] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.244] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.245] WriteFile (in: hFile=0x148, lpBuffer=0xc000124840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000113d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000124840*, lpNumberOfBytesWritten=0xc000113d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.245] CloseHandle (hObject=0x148) returned 1 [0100.245] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.246] GetFileType (hFile=0x150) returned 0x1 [0100.246] GetFileType (hFile=0x150) returned 0x1 [0100.246] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000135d44 | out: lpFileInformation=0xc000135d44) returned 1 [0100.246] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000135d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000135d28) returned 1 [0100.246] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0100.247] ReadFile (in: hFile=0x150, lpBuffer=0xc0001e8000, nNumberOfBytesToRead=0x2c6, lpNumberOfBytesRead=0xc000135c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e8000*, lpNumberOfBytesRead=0xc000135c04*=0xc6, lpOverlapped=0x0) returned 1 [0100.248] ReadFile (in: hFile=0x150, lpBuffer=0xc0001e80c6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000135c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e80c6*, lpNumberOfBytesRead=0xc000135c04*=0x0, lpOverlapped=0x0) returned 1 [0100.248] CloseHandle (hObject=0x150) returned 1 [0100.248] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0100.249] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0100.250] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000135d04 | out: lpMode=0xc000135d04) returned 0 [0100.255] GetFileType (hFile=0x150) returned 0x1 [0100.255] WriteFile (in: hFile=0x150, lpBuffer=0xc0001ea000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc000135cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001ea000*, lpNumberOfBytesWritten=0xc000135cec*=0xd0, lpOverlapped=0x0) returned 1 [0100.258] CloseHandle (hObject=0x150) returned 1 [0100.259] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0100.260] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0100.260] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0100.261] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0100.261] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000135d64 | out: lpMode=0xc000135d64) returned 0 [0100.266] GetFileType (hFile=0x150) returned 0x1 [0100.266] WriteFile (in: hFile=0x150, lpBuffer=0xc000124c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000135d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000124c60*, lpNumberOfBytesWritten=0xc000135d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.266] CloseHandle (hObject=0x150) returned 1 [0100.266] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.267] SwitchToThread () returned 1 [0100.367] SetEvent (hEvent=0x100) returned 1 [0100.367] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.368] SetEvent (hEvent=0x12c) returned 1 [0100.368] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.369] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.369] VirtualFree (lpAddress=0xc0001da000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.369] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.369] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.370] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.370] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0100.371] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0006e3cf4 | out: lpMode=0xc0006e3cf4) returned 0 [0100.373] GetFileType (hFile=0x150) returned 0x1 [0100.373] GetFileType (hFile=0x150) returned 0x1 [0100.374] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0006e3d44 | out: lpFileInformation=0xc0006e3d44) returned 1 [0100.374] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0006e3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e3d28) returned 1 [0100.374] ReadFile (in: hFile=0x150, lpBuffer=0xc0001ee700, nNumberOfBytesToRead=0x319, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ee700*, lpNumberOfBytesRead=0xc0006e3c04*=0x119, lpOverlapped=0x0) returned 1 [0100.375] ReadFile (in: hFile=0x150, lpBuffer=0xc0001ee819, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ee819*, lpNumberOfBytesRead=0xc0006e3c04*=0x0, lpOverlapped=0x0) returned 1 [0100.375] CloseHandle (hObject=0x150) returned 1 [0100.375] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0100.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0100.377] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0006e3d04 | out: lpMode=0xc0006e3d04) returned 0 [0100.379] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.401] GetFileType (hFile=0x150) returned 0x1 [0100.401] WriteFile (in: hFile=0x150, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc0006e3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc0006e3cec*=0x120, lpOverlapped=0x0) returned 1 [0100.402] CloseHandle (hObject=0x150) returned 1 [0100.402] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0100.403] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0100.403] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0006e3d64 | out: lpMode=0xc0006e3d64) returned 0 [0100.406] GetFileType (hFile=0x150) returned 0x1 [0100.407] WriteFile (in: hFile=0x150, lpBuffer=0xc0001d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d66e0*, lpNumberOfBytesWritten=0xc0006e3d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.407] CloseHandle (hObject=0x150) returned 1 [0100.407] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.408] SwitchToThread () returned 1 [0100.409] SetEvent (hEvent=0x100) returned 1 [0100.409] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.410] SetEvent (hEvent=0x100) returned 1 [0100.410] SetEvent (hEvent=0x12c) returned 1 [0100.410] SetEvent (hEvent=0x120) returned 1 [0100.410] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.411] SetEvent (hEvent=0x12c) returned 1 [0100.411] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.416] SetEvent (hEvent=0x100) returned 1 [0100.416] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.428] SetEvent (hEvent=0x9c) returned 1 [0100.429] SetEvent (hEvent=0x120) returned 1 [0100.429] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.442] SwitchToThread () returned 1 [0100.511] SwitchToThread () returned 1 [0100.511] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.520] SetEvent (hEvent=0x120) returned 1 [0100.520] SwitchToThread () returned 1 [0100.529] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0100.530] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.530] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0100.530] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.530] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.531] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.531] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.531] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.531] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0100.531] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0100.532] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104)) returned 1 [0100.532] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.532] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.533] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.533] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.533] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.533] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.533] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0100.533] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.539] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.543] SetEvent (hEvent=0x100) returned 1 [0100.543] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.614] SetEvent (hEvent=0xb8) returned 1 [0100.614] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0100.614] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0000b7cf4 | out: lpMode=0xc0000b7cf4) returned 0 [0100.617] GetFileType (hFile=0x174) returned 0x1 [0100.617] GetFileType (hFile=0x174) returned 0x1 [0100.617] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0000b7d44 | out: lpFileInformation=0xc0000b7d44) returned 1 [0100.617] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0000b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000b7d28) returned 1 [0100.617] ReadFile (in: hFile=0x174, lpBuffer=0xc00016a700, nNumberOfBytesToRead=0x315, lpNumberOfBytesRead=0xc0000b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016a700*, lpNumberOfBytesRead=0xc0000b7c04*=0x115, lpOverlapped=0x0) returned 1 [0100.619] ReadFile (in: hFile=0x174, lpBuffer=0xc00016a815, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016a815*, lpNumberOfBytesRead=0xc0000b7c04*=0x0, lpOverlapped=0x0) returned 1 [0100.619] CloseHandle (hObject=0x174) returned 1 [0100.619] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.620] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0000b7d04 | out: lpMode=0xc0000b7d04) returned 0 [0100.621] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.625] GetFileType (hFile=0x174) returned 0x1 [0100.625] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.628] WriteFile (in: hFile=0x174, lpBuffer=0xc000166240*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc0000b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000166240*, lpNumberOfBytesWritten=0xc0000b7cec*=0x120, lpOverlapped=0x0) returned 1 [0100.630] CloseHandle (hObject=0x174) returned 1 [0100.630] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0100.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.630] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0000b7d64 | out: lpMode=0xc0000b7d64) returned 0 [0100.631] GetFileType (hFile=0x174) returned 0x1 [0100.631] WriteFile (in: hFile=0x174, lpBuffer=0xc00006c160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006c160*, lpNumberOfBytesWritten=0xc0000b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.631] CloseHandle (hObject=0x174) returned 1 [0100.631] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.632] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.633] SetEvent (hEvent=0x9c) returned 1 [0100.633] SetEvent (hEvent=0xb8) returned 1 [0100.633] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.633] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.633] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0100.634] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0000b9cf4 | out: lpMode=0xc0000b9cf4) returned 0 [0100.634] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.636] GetFileType (hFile=0x174) returned 0x1 [0100.636] GetFileType (hFile=0x174) returned 0x1 [0100.636] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0000b9d44 | out: lpFileInformation=0xc0000b9d44) returned 1 [0100.636] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0000b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000b9d28) returned 1 [0100.636] ReadFile (in: hFile=0x174, lpBuffer=0xc000054000, nNumberOfBytesToRead=0x2c4, lpNumberOfBytesRead=0xc0000b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesRead=0xc0000b9c04*=0xc4, lpOverlapped=0x0) returned 1 [0100.637] ReadFile (in: hFile=0x174, lpBuffer=0xc0000540c4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000540c4*, lpNumberOfBytesRead=0xc0000b9c04*=0x0, lpOverlapped=0x0) returned 1 [0100.637] CloseHandle (hObject=0x174) returned 1 [0100.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.639] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0000b9d04 | out: lpMode=0xc0000b9d04) returned 0 [0100.639] GetFileType (hFile=0x174) returned 0x1 [0100.639] WriteFile (in: hFile=0x174, lpBuffer=0xc000058000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc0000b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesWritten=0xc0000b9cec*=0xd0, lpOverlapped=0x0) returned 1 [0100.641] CloseHandle (hObject=0x174) returned 1 [0100.641] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0100.641] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.641] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0000b9d64 | out: lpMode=0xc0000b9d64) returned 0 [0100.642] GetFileType (hFile=0x174) returned 0x1 [0100.642] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0000b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.642] CloseHandle (hObject=0x174) returned 1 [0100.642] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.643] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.643] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0100.644] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000111cf4 | out: lpMode=0xc000111cf4) returned 0 [0100.656] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.659] GetFileType (hFile=0x174) returned 0x1 [0100.659] GetFileType (hFile=0x174) returned 0x1 [0100.659] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc000111d44 | out: lpFileInformation=0xc000111d44) returned 1 [0100.659] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc000111d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000111d28) returned 1 [0100.659] ReadFile (in: hFile=0x174, lpBuffer=0xc00016a700, nNumberOfBytesToRead=0x325, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016a700*, lpNumberOfBytesRead=0xc000111c04*=0x125, lpOverlapped=0x0) returned 1 [0100.660] ReadFile (in: hFile=0x174, lpBuffer=0xc00016a825, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016a825*, lpNumberOfBytesRead=0xc000111c04*=0x0, lpOverlapped=0x0) returned 1 [0100.660] CloseHandle (hObject=0x174) returned 1 [0100.661] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.662] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000111d04 | out: lpMode=0xc000111d04) returned 0 [0100.664] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.670] SetEvent (hEvent=0x9c) returned 1 [0100.670] GetFileType (hFile=0x174) returned 0x1 [0100.670] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.675] WriteFile (in: hFile=0x174, lpBuffer=0xc00003c780*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0xc000111cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c780*, lpNumberOfBytesWritten=0xc000111cec*=0x130, lpOverlapped=0x0) returned 1 [0100.677] CloseHandle (hObject=0x174) returned 1 [0100.677] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0100.677] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0100.678] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.678] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000111d64 | out: lpMode=0xc000111d64) returned 0 [0100.684] GetFileType (hFile=0x174) returned 0x1 [0100.684] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000111d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000111d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.684] CloseHandle (hObject=0x174) returned 1 [0100.684] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.685] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0100.685] SetEvent (hEvent=0x120) returned 1 [0100.685] SetEvent (hEvent=0x15c) returned 1 [0100.685] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0100.687] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.690] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.691] SetEvent (hEvent=0x15c) returned 1 [0100.691] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.697] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.697] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.697] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0100.697] SetEvent (hEvent=0xc0) returned 1 [0100.697] SetEvent (hEvent=0x9c) returned 1 [0100.698] SetEvent (hEvent=0x15c) returned 1 [0100.698] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.700] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.700] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0100.700] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000063cf4 | out: lpMode=0xc000063cf4) returned 0 [0100.711] GetFileType (hFile=0x174) returned 0x1 [0100.711] GetFileType (hFile=0x174) returned 0x1 [0100.711] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc000063d44 | out: lpFileInformation=0xc000063d44) returned 1 [0100.711] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc000063d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000063d28) returned 1 [0100.711] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0100.711] ReadFile (in: hFile=0x174, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x315, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc000063c04*=0x115, lpOverlapped=0x0) returned 1 [0100.713] ReadFile (in: hFile=0x174, lpBuffer=0xc00006c115, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c115*, lpNumberOfBytesRead=0xc000063c04*=0x0, lpOverlapped=0x0) returned 1 [0100.713] CloseHandle (hObject=0x174) returned 1 [0100.713] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.714] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000063d04 | out: lpMode=0xc000063d04) returned 0 [0100.726] GetFileType (hFile=0x174) returned 0x1 [0100.726] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0100.726] WriteFile (in: hFile=0x174, lpBuffer=0xc00004c120*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc000063cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c120*, lpNumberOfBytesWritten=0xc000063cec*=0x120, lpOverlapped=0x0) returned 1 [0100.728] CloseHandle (hObject=0x174) returned 1 [0100.728] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0100.728] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0100.729] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0100.729] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0100.729] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0100.730] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0100.730] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0100.730] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.730] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000063d64 | out: lpMode=0xc000063d64) returned 0 [0100.736] GetFileType (hFile=0x174) returned 0x1 [0100.736] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000063d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000063d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.736] CloseHandle (hObject=0x174) returned 1 [0100.736] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.737] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.740] SetEvent (hEvent=0xb8) returned 1 [0100.740] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.741] SetEvent (hEvent=0xb8) returned 1 [0100.741] SetEvent (hEvent=0x12c) returned 1 [0100.741] SetEvent (hEvent=0x9c) returned 1 [0100.741] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.742] SetEvent (hEvent=0x12c) returned 1 [0100.742] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.745] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.746] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.746] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.746] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.746] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.747] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.747] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.747] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.747] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.748] VirtualFree (lpAddress=0xc000054000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0100.748] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.748] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.749] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.749] SetEvent (hEvent=0xb8) returned 1 [0100.749] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.798] SwitchToThread () returned 1 [0100.798] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.815] SetEvent (hEvent=0xb8) returned 1 [0100.815] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.817] SetEvent (hEvent=0x120) returned 1 [0100.817] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.822] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.844] SetEvent (hEvent=0xb8) returned 1 [0100.844] SetEvent (hEvent=0x120) returned 1 [0100.844] SwitchToThread () returned 1 [0100.845] SetEvent (hEvent=0xb8) returned 1 [0100.845] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.847] SetEvent (hEvent=0x15c) returned 1 [0100.847] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.850] SetEvent (hEvent=0xb8) returned 1 [0100.850] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.851] SetEvent (hEvent=0xb8) returned 1 [0100.851] SetEvent (hEvent=0x120) returned 1 [0100.851] SetEvent (hEvent=0x15c) returned 1 [0100.851] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.861] SetEvent (hEvent=0x15c) returned 1 [0100.861] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.863] SetEvent (hEvent=0xb8) returned 1 [0100.863] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.867] SetEvent (hEvent=0x120) returned 1 [0100.867] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.912] SetEvent (hEvent=0x12c) returned 1 [0100.912] SetEvent (hEvent=0xb8) returned 1 [0100.912] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.917] SetEvent (hEvent=0x12c) returned 1 [0100.917] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.922] SetEvent (hEvent=0x120) returned 1 [0100.922] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.923] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0100.923] SetEvent (hEvent=0x15c) returned 1 [0100.923] SetEvent (hEvent=0x120) returned 1 [0100.923] SetEvent (hEvent=0xb8) returned 1 [0100.923] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.928] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.928] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.928] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.929] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0100.929] SetEvent (hEvent=0xc0) returned 1 [0100.929] SetEvent (hEvent=0xb8) returned 1 [0100.929] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.933] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0100.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0100.934] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001c9cf4 | out: lpMode=0xc0001c9cf4) returned 0 [0100.940] GetFileType (hFile=0x170) returned 0x1 [0100.940] GetFileType (hFile=0x170) returned 0x1 [0100.940] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc0001c9d44 | out: lpFileInformation=0xc0001c9d44) returned 1 [0100.941] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc0001c9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c9d28) returned 1 [0100.941] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0100.941] ReadFile (in: hFile=0x170, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x2dd, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc0001c9c04*=0xdd, lpOverlapped=0x0) returned 1 [0100.942] ReadFile (in: hFile=0x170, lpBuffer=0xc00004e0dd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e0dd*, lpNumberOfBytesRead=0xc0001c9c04*=0x0, lpOverlapped=0x0) returned 1 [0100.942] CloseHandle (hObject=0x170) returned 1 [0100.942] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0100.943] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0100.943] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0100.944] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001c9d04 | out: lpMode=0xc0001c9d04) returned 0 [0100.957] GetFileType (hFile=0x170) returned 0x1 [0100.957] WriteFile (in: hFile=0x170, lpBuffer=0xc00005a000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0001c9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesWritten=0xc0001c9cec*=0xe0, lpOverlapped=0x0) returned 1 [0100.958] CloseHandle (hObject=0x170) returned 1 [0100.958] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0100.959] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0100.959] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0100.959] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001c9d64 | out: lpMode=0xc0001c9d64) returned 0 [0100.968] GetFileType (hFile=0x170) returned 0x1 [0100.968] WriteFile (in: hFile=0x170, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001c9d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.968] CloseHandle (hObject=0x170) returned 1 [0100.968] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.969] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.970] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0100.970] SetEvent (hEvent=0xc0) returned 1 [0100.970] SetEvent (hEvent=0x9c) returned 1 [0100.970] SetEvent (hEvent=0x100) returned 1 [0100.971] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.973] SetEvent (hEvent=0x100) returned 1 [0100.973] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.979] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.979] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0100.979] SetEvent (hEvent=0xb8) returned 1 [0100.980] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.980] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010100*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000191818, lpReserved=0x0 | out: lpBuffer=0xc000010100*, lpNumberOfCharsWritten=0xc000191818*=0x3) returned 1 [0100.982] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0100.989] SetEvent (hEvent=0xb8) returned 1 [0100.989] SetEvent (hEvent=0x12c) returned 1 [0100.989] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.000] SetEvent (hEvent=0x12c) returned 1 [0101.000] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.002] SetEvent (hEvent=0x120) returned 1 [0101.002] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.035] SetEvent (hEvent=0x12c) returned 1 [0101.035] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.039] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.042] SetEvent (hEvent=0x15c) returned 1 [0101.042] SetEvent (hEvent=0x100) returned 1 [0101.042] SetEvent (hEvent=0x12c) returned 1 [0101.042] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.108] SetEvent (hEvent=0x9c) returned 1 [0101.108] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0101.108] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00022fcf4 | out: lpMode=0xc00022fcf4) returned 0 [0101.109] GetFileType (hFile=0xec) returned 0x1 [0101.109] GetFileType (hFile=0xec) returned 0x1 [0101.109] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00022fd44 | out: lpFileInformation=0xc00022fd44) returned 1 [0101.109] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00022fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022fd28) returned 1 [0101.109] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0101.110] ReadFile (in: hFile=0xec, lpBuffer=0xc000060000, nNumberOfBytesToRead=0x479, lpNumberOfBytesRead=0xc00022fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesRead=0xc00022fc04*=0x279, lpOverlapped=0x0) returned 1 [0101.112] ReadFile (in: hFile=0xec, lpBuffer=0xc000060279, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000060279*, lpNumberOfBytesRead=0xc00022fc04*=0x0, lpOverlapped=0x0) returned 1 [0101.112] CloseHandle (hObject=0xec) returned 1 [0101.112] VirtualAlloc (lpAddress=0xc0001f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f6000 [0101.113] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.114] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00022fd04 | out: lpMode=0xc00022fd04) returned 0 [0101.125] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.129] SetEvent (hEvent=0x9c) returned 1 [0101.129] GetFileType (hFile=0xec) returned 0x1 [0101.129] WriteFile (in: hFile=0xec, lpBuffer=0xc0001ec000*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0xc00022fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001ec000*, lpNumberOfBytesWritten=0xc00022fcec*=0x280, lpOverlapped=0x0) returned 1 [0101.130] CloseHandle (hObject=0xec) returned 1 [0101.130] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0101.130] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.130] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00022fd64 | out: lpMode=0xc00022fd64) returned 0 [0101.133] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.135] GetFileType (hFile=0xec) returned 0x1 [0101.135] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.140] WriteFile (in: hFile=0xec, lpBuffer=0xc0001e6000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001e6000*, lpNumberOfBytesWritten=0xc00022fd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.140] CloseHandle (hObject=0xec) returned 1 [0101.140] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0101.140] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.141] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.146] SetEvent (hEvent=0xb8) returned 1 [0101.146] SetEvent (hEvent=0x12c) returned 1 [0101.146] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.162] SetEvent (hEvent=0xb8) returned 1 [0101.162] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.165] SetEvent (hEvent=0x12c) returned 1 [0101.165] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.168] SetEvent (hEvent=0x9c) returned 1 [0101.168] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.291] SetEvent (hEvent=0x100) returned 1 [0101.291] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0101.292] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0101.295] GetFileType (hFile=0x16c) returned 0x1 [0101.295] GetFileType (hFile=0x16c) returned 0x1 [0101.295] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0101.295] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0101.295] VirtualAlloc (lpAddress=0xc0001e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e0000 [0101.296] ReadFile (in: hFile=0x16c, lpBuffer=0xc0001e0000, nNumberOfBytesToRead=0x46e, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e0000*, lpNumberOfBytesRead=0xc00024dc04*=0x26e, lpOverlapped=0x0) returned 1 [0101.301] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.306] ReadFile (in: hFile=0x16c, lpBuffer=0xc0001e026e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e026e*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0101.306] CloseHandle (hObject=0x16c) returned 1 [0101.306] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0101.306] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0101.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0101.308] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00024dd04 | out: lpMode=0xc00024dd04) returned 0 [0101.320] GetFileType (hFile=0x16c) returned 0x1 [0101.320] WriteFile (in: hFile=0x16c, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xc00024dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc00024dcec*=0x270, lpOverlapped=0x0) returned 1 [0101.322] CloseHandle (hObject=0x16c) returned 1 [0101.322] VirtualAlloc (lpAddress=0xc000268000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000268000 [0101.322] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.322] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0101.323] VirtualAlloc (lpAddress=0xc00026c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026c000 [0101.323] VirtualAlloc (lpAddress=0xc00026e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026e000 [0101.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0101.324] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0101.332] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.344] SetEvent (hEvent=0x100) returned 1 [0101.345] SetEvent (hEvent=0xb8) returned 1 [0101.345] SetEvent (hEvent=0x15c) returned 1 [0101.345] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.350] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.350] SetEvent (hEvent=0x100) returned 1 [0101.350] SetEvent (hEvent=0x120) returned 1 [0101.350] VirtualFree (lpAddress=0xc0001fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.351] VirtualFree (lpAddress=0xc0001e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.351] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.351] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.352] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0101.352] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00014fcf4 | out: lpMode=0xc00014fcf4) returned 0 [0101.352] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.354] GetFileType (hFile=0xec) returned 0x1 [0101.354] GetFileType (hFile=0xec) returned 0x1 [0101.354] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00014fd44 | out: lpFileInformation=0xc00014fd44) returned 1 [0101.354] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00014fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014fd28) returned 1 [0101.354] VirtualAlloc (lpAddress=0xc000272000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000272000 [0101.355] ReadFile (in: hFile=0xec, lpBuffer=0xc000272000, nNumberOfBytesToRead=0x4ae, lpNumberOfBytesRead=0xc00014fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000272000*, lpNumberOfBytesRead=0xc00014fc04*=0x2ae, lpOverlapped=0x0) returned 1 [0101.357] ReadFile (in: hFile=0xec, lpBuffer=0xc0002722ae, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002722ae*, lpNumberOfBytesRead=0xc00014fc04*=0x0, lpOverlapped=0x0) returned 1 [0101.357] CloseHandle (hObject=0xec) returned 1 [0101.357] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0101.357] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.359] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00014fd04 | out: lpMode=0xc00014fd04) returned 0 [0101.359] GetFileType (hFile=0xec) returned 0x1 [0101.359] WriteFile (in: hFile=0xec, lpBuffer=0xc0001f8000*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0xc00014fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001f8000*, lpNumberOfBytesWritten=0xc00014fcec*=0x2b0, lpOverlapped=0x0) returned 1 [0101.361] CloseHandle (hObject=0xec) returned 1 [0101.361] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0101.361] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.361] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0101.362] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0101.362] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.362] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00014fd64 | out: lpMode=0xc00014fd64) returned 0 [0101.369] GetFileType (hFile=0xec) returned 0x1 [0101.369] WriteFile (in: hFile=0xec, lpBuffer=0xc00026e420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00026e420*, lpNumberOfBytesWritten=0xc00014fd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.369] CloseHandle (hObject=0xec) returned 1 [0101.369] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0101.370] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.371] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.371] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0101.371] SetEvent (hEvent=0x15c) returned 1 [0101.372] SetEvent (hEvent=0xb8) returned 1 [0101.372] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0101.373] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.376] SetEvent (hEvent=0x9c) returned 1 [0101.376] SetEvent (hEvent=0x12c) returned 1 [0101.376] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.400] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.401] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.402] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.402] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0101.402] SetEvent (hEvent=0x100) returned 1 [0101.402] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.402] GetFileType (hFile=0x16c) returned 0x1 [0101.403] WriteFile (in: hFile=0x16c, lpBuffer=0xc00026e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00026e000*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.403] CloseHandle (hObject=0x16c) returned 1 [0101.403] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0101.403] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0101.404] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.405] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.406] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0101.406] SetEvent (hEvent=0x12c) returned 1 [0101.407] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.407] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.414] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fe08*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.414] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0101.414] SetEvent (hEvent=0x120) returned 1 [0101.414] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.415] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0101.416] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001cbcf4 | out: lpMode=0xc0001cbcf4) returned 0 [0101.424] GetFileType (hFile=0x170) returned 0x1 [0101.424] GetFileType (hFile=0x170) returned 0x1 [0101.424] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc0001cbd44 | out: lpFileInformation=0xc0001cbd44) returned 1 [0101.425] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc0001cbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cbd28) returned 1 [0101.425] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0101.425] ReadFile (in: hFile=0x170, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x50a, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc0001cbc04*=0x30a, lpOverlapped=0x0) returned 1 [0101.439] ReadFile (in: hFile=0x170, lpBuffer=0xc00006c30a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c30a*, lpNumberOfBytesRead=0xc0001cbc04*=0x0, lpOverlapped=0x0) returned 1 [0101.439] CloseHandle (hObject=0x170) returned 1 [0101.439] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0101.439] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0101.441] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001cbd04 | out: lpMode=0xc0001cbd04) returned 0 [0101.442] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.447] GetFileType (hFile=0x170) returned 0x1 [0101.447] WriteFile (in: hFile=0x170, lpBuffer=0xc00005e000*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xc0001cbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesWritten=0xc0001cbcec*=0x310, lpOverlapped=0x0) returned 1 [0101.449] CloseHandle (hObject=0x170) returned 1 [0101.449] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0101.449] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0101.450] VirtualAlloc (lpAddress=0xc0001d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d4000 [0101.450] VirtualAlloc (lpAddress=0xc0001d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d6000 [0101.451] VirtualAlloc (lpAddress=0xc0001d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d8000 [0101.451] VirtualAlloc (lpAddress=0xc0001da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001da000 [0101.452] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0101.452] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001cbd64 | out: lpMode=0xc0001cbd64) returned 0 [0101.456] GetFileType (hFile=0x170) returned 0x1 [0101.456] WriteFile (in: hFile=0x170, lpBuffer=0xc0001da2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001da2c0*, lpNumberOfBytesWritten=0xc0001cbd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.456] CloseHandle (hObject=0x170) returned 1 [0101.456] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0101.457] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.458] VirtualFree (lpAddress=0xc000176000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0101.458] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.458] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.459] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.459] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.459] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.459] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0101.461] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001a9d04 | out: lpMode=0xc0001a9d04) returned 0 [0101.463] GetFileType (hFile=0x170) returned 0x1 [0101.463] WriteFile (in: hFile=0x170, lpBuffer=0xc0001dc580*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xc0001a9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001dc580*, lpNumberOfBytesWritten=0xc0001a9cec*=0x2a0, lpOverlapped=0x0) returned 1 [0101.465] CloseHandle (hObject=0x170) returned 1 [0101.465] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532601 | out: pbBuffer=0xc000532601) returned 1 [0101.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0101.465] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001a9d64 | out: lpMode=0xc0001a9d64) returned 0 [0101.477] GetFileType (hFile=0x170) returned 0x1 [0101.477] WriteFile (in: hFile=0x170, lpBuffer=0xc0001dadc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001dadc0*, lpNumberOfBytesWritten=0xc0001a9d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.477] CloseHandle (hObject=0x170) returned 1 [0101.477] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0101.479] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001b7cf4 | out: lpMode=0xc0001b7cf4) returned 0 [0101.489] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.492] SetEvent (hEvent=0x15c) returned 1 [0101.492] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.613] SetEvent (hEvent=0x12c) returned 1 [0101.614] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.648] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0101.649] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0101.649] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0101.649] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0000c5cf4 | out: lpMode=0xc0000c5cf4) returned 0 [0101.651] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.652] SetEvent (hEvent=0xc0) returned 1 [0101.652] GetFileType (hFile=0x174) returned 0x1 [0101.652] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.657] GetFileType (hFile=0x174) returned 0x1 [0101.657] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0000c5d44 | out: lpFileInformation=0xc0000c5d44) returned 1 [0101.657] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0000c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c5d28) returned 1 [0101.658] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0101.658] ReadFile (in: hFile=0x174, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x49c, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc0000c5c04*=0x29c, lpOverlapped=0x0) returned 1 [0101.666] ReadFile (in: hFile=0x174, lpBuffer=0xc00003629c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003629c*, lpNumberOfBytesRead=0xc0000c5c04*=0x0, lpOverlapped=0x0) returned 1 [0101.666] CloseHandle (hObject=0x174) returned 1 [0101.666] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0101.667] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0101.667] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0101.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.668] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0000c5d04 | out: lpMode=0xc0000c5d04) returned 0 [0101.677] GetFileType (hFile=0x174) returned 0x1 [0101.677] WriteFile (in: hFile=0x174, lpBuffer=0xc000054000*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xc0000c5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesWritten=0xc0000c5cec*=0x2a0, lpOverlapped=0x0) returned 1 [0101.678] CloseHandle (hObject=0x174) returned 1 [0101.678] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0101.678] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0101.679] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0101.679] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0101.679] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.679] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0000c5d64 | out: lpMode=0xc0000c5d64) returned 0 [0101.685] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.690] GetFileType (hFile=0x174) returned 0x1 [0101.690] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.694] CloseHandle (hObject=0x174) returned 1 [0101.694] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0101.694] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.695] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.714] SetEvent (hEvent=0xb8) returned 1 [0101.714] SetEvent (hEvent=0x100) returned 1 [0101.714] SetEvent (hEvent=0x120) returned 1 [0101.714] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.717] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.721] SetEvent (hEvent=0xb8) returned 1 [0101.721] SetEvent (hEvent=0x100) returned 1 [0101.721] VirtualFree (lpAddress=0xc0001e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.721] VirtualFree (lpAddress=0xc0001d4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.721] VirtualFree (lpAddress=0xc00015a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.722] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.722] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.722] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.722] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.723] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.723] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0101.723] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0101.724] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0101.725] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0006dfd04 | out: lpMode=0xc0006dfd04) returned 0 [0101.728] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.733] GetFileType (hFile=0x128) returned 0x1 [0101.733] WriteFile (in: hFile=0x128, lpBuffer=0xc0000fa000*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xc0006dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesWritten=0xc0006dfcec*=0x310, lpOverlapped=0x0) returned 1 [0101.734] CloseHandle (hObject=0x128) returned 1 [0101.734] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0101.735] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0101.735] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0006dfd64 | out: lpMode=0xc0006dfd64) returned 0 [0101.735] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.737] GetFileType (hFile=0x128) returned 0x1 [0101.737] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0006dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.738] CloseHandle (hObject=0x128) returned 1 [0101.738] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.738] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82863b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82866230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.739] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.739] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82863b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82866230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.739] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82863b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82866230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.739] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82866230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.739] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.739] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.739] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82866230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28a)) returned 1 [0101.739] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8286b050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8286d760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.740] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.740] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8286b050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8286d760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8286b050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8286d760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8286d760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x315, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.740] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.740] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8286d760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x315)) returned 1 [0101.746] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.751] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82872580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82874c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.751] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82872580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82874c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.751] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82872580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82874c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.751] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82874c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.751] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.751] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.751] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0101.752] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0101.752] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82874c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d0)) returned 1 [0101.752] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82879ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8287e8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.753] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82879ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8287e8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.753] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82879ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8287e8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.753] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8287e8d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x253, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.753] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.753] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.753] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8287e8d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x253)) returned 1 [0101.759] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82885e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.759] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82885e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.760] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82885e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.760] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82885e00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x280, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.760] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.760] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.760] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82885e00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab4f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x280)) returned 1 [0101.760] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e9f90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.796] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.803] SetEvent (hEvent=0xb8) returned 1 [0101.803] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.806] SetEvent (hEvent=0x100) returned 1 [0101.806] SetEvent (hEvent=0x12c) returned 1 [0101.806] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.850] SetEvent (hEvent=0xb8) returned 1 [0101.850] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.853] SetEvent (hEvent=0x120) returned 1 [0101.853] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.854] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586508*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000139818, lpReserved=0x0 | out: lpBuffer=0xc000586508*, lpNumberOfCharsWritten=0xc000139818*=0x3) returned 1 [0101.859] SetEvent (hEvent=0x12c) returned 1 [0101.859] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.866] SetEvent (hEvent=0xb8) returned 1 [0101.866] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.867] SetEvent (hEvent=0x12c) returned 1 [0101.910] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.914] SetEvent (hEvent=0xb8) returned 1 [0101.914] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.921] SetEvent (hEvent=0xb8) returned 1 [0101.921] SetEvent (hEvent=0x9c) returned 1 [0101.921] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.921] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.921] VirtualFree (lpAddress=0xc000220000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.921] VirtualFree (lpAddress=0xc0001d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.922] VirtualFree (lpAddress=0xc000158000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.922] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.922] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.922] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.923] VirtualFree (lpAddress=0xc00005a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0101.923] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0101.923] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0101.924] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0101.924] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0101.925] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000249cf4 | out: lpMode=0xc000249cf4) returned 0 [0101.932] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.935] GetFileType (hFile=0x174) returned 0x1 [0101.936] GetFileType (hFile=0x174) returned 0x1 [0101.936] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc000249d44 | out: lpFileInformation=0xc000249d44) returned 1 [0101.936] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc000249d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000249d28) returned 1 [0101.936] ReadFile (in: hFile=0x174, lpBuffer=0xc00006e480, nNumberOfBytesToRead=0x453, lpNumberOfBytesRead=0xc000249c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e480*, lpNumberOfBytesRead=0xc000249c04*=0x253, lpOverlapped=0x0) returned 1 [0101.940] ReadFile (in: hFile=0x174, lpBuffer=0xc00006e6d3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000249c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e6d3*, lpNumberOfBytesRead=0xc000249c04*=0x0, lpOverlapped=0x0) returned 1 [0101.940] CloseHandle (hObject=0x174) returned 1 [0101.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.941] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000249d04 | out: lpMode=0xc000249d04) returned 0 [0101.946] GetFileType (hFile=0x174) returned 0x1 [0101.947] WriteFile (in: hFile=0x174, lpBuffer=0xc000146500*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0xc000249cec, lpOverlapped=0x0 | out: lpBuffer=0xc000146500*, lpNumberOfBytesWritten=0xc000249cec*=0x260, lpOverlapped=0x0) returned 1 [0101.948] CloseHandle (hObject=0x174) returned 1 [0101.948] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.948] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0101.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.949] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000249d64 | out: lpMode=0xc000249d64) returned 0 [0101.954] GetFileType (hFile=0x174) returned 0x1 [0101.954] WriteFile (in: hFile=0x174, lpBuffer=0xc00024e420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000249d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00024e420*, lpNumberOfBytesWritten=0xc000249d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.954] CloseHandle (hObject=0x174) returned 1 [0101.954] VirtualAlloc (lpAddress=0xc00015e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015e000 [0101.954] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_CN\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_cn\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.955] SetEvent (hEvent=0x9c) returned 1 [0101.955] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.960] SetEvent (hEvent=0x12c) returned 1 [0101.960] SetEvent (hEvent=0xb8) returned 1 [0101.960] SetEvent (hEvent=0x9c) returned 1 [0101.960] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.969] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.975] SetEvent (hEvent=0x12c) returned 1 [0101.976] VirtualFree (lpAddress=0xc00015a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0101.976] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.976] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.976] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.976] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.977] GetFileType (hFile=0x128) returned 0x1 [0101.977] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0001b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.977] CloseHandle (hObject=0x128) returned 1 [0101.977] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0101.977] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0101.978] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.979] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0101.979] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0101.979] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82896f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82899680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.980] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.980] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82896f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82899680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.980] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82896f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82899680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.980] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82899680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaae46e00, ftLastWriteTime.dwHighDateTime=0x1cec2fb, nFileSizeHigh=0x0, nFileSizeLow=0x6cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="craw_window.css", cAlternateFileName="CRAW_W~1.CSS")) returned 1 [0101.980] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.980] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.980] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82899680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaae46e00, ftLastWriteTime.dwHighDateTime=0x1cec2fb, nFileSizeHigh=0x0, nFileSizeLow=0x6cd)) returned 1 [0101.980] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8289e4a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828a0bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.981] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.981] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8289e4a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828a0bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.981] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8289e4a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828a0bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.981] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828a0bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0x32a, dwReserved0=0x0, dwReserved1=0x0, cFileName="craw_window.html", cAlternateFileName="CRAW_W~1.HTM")) returned 1 [0101.981] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.981] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.981] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828a0bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0x32a)) returned 1 [0101.986] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0101.997] SetEvent (hEvent=0x12c) returned 1 [0101.997] SetEvent (hEvent=0xb8) returned 1 [0101.997] SetEvent (hEvent=0x100) returned 1 [0101.997] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0102.015] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0102.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0102.031] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000e5cf4 | out: lpMode=0xc0000e5cf4) returned 0 [0102.034] GetFileType (hFile=0x128) returned 0x1 [0102.034] GetFileType (hFile=0x128) returned 0x1 [0102.034] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0000e5d44 | out: lpFileInformation=0xc0000e5d44) returned 1 [0102.034] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0000e5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000e5d28) returned 1 [0102.034] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0102.034] ReadFile (in: hFile=0x128, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0x8cd, lpNumberOfBytesRead=0xc0000e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc0000e5c04*=0x6cd, lpOverlapped=0x0) returned 1 [0102.042] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0102.044] ReadFile (in: hFile=0x128, lpBuffer=0xc00011c6cd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c6cd*, lpNumberOfBytesRead=0xc0000e5c04*=0x0, lpOverlapped=0x0) returned 1 [0102.044] CloseHandle (hObject=0x128) returned 1 [0102.044] SwitchToThread () returned 1 [0102.050] SetEvent (hEvent=0x12c) returned 1 [0102.050] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0102.051] SetEvent (hEvent=0x120) returned 1 [0102.051] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0102.054] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0102.054] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000171cf4 | out: lpMode=0xc000171cf4) returned 0 [0102.063] GetFileType (hFile=0xec) returned 0x1 [0102.063] GetFileType (hFile=0xec) returned 0x1 [0102.063] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000171d44 | out: lpFileInformation=0xc000171d44) returned 1 [0102.063] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000171d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000171d28) returned 1 [0102.063] ReadFile (in: hFile=0xec, lpBuffer=0xc00004c2c0, nNumberOfBytesToRead=0x2a0, lpNumberOfBytesRead=0xc000171c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c2c0*, lpNumberOfBytesRead=0xc000171c04*=0xa0, lpOverlapped=0x0) returned 1 [0102.064] ReadFile (in: hFile=0xec, lpBuffer=0xc00004c360, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000171c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c360*, lpNumberOfBytesRead=0xc000171c04*=0x0, lpOverlapped=0x0) returned 1 [0102.064] CloseHandle (hObject=0xec) returned 1 [0102.065] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0102.066] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000171d04 | out: lpMode=0xc000171d04) returned 0 [0102.069] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0102.124] SetEvent (hEvent=0xb8) returned 1 [0102.124] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0103.416] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x184 [0103.416] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc00019dcf4 | out: lpMode=0xc00019dcf4) returned 0 [0103.420] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0103.435] GetFileType (hFile=0x184) returned 0x1 [0103.435] GetFileType (hFile=0x184) returned 0x1 [0103.435] GetFileInformationByHandle (in: hFile=0x184, lpFileInformation=0xc00019dd44 | out: lpFileInformation=0xc00019dd44) returned 1 [0103.435] GetFileInformationByHandleEx (in: hFile=0x184, FileInformationClass=0x9, lpFileInformation=0xc00019dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00019dd28) returned 1 [0103.435] VirtualAlloc (lpAddress=0xc0002b0000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b0000 [0103.436] ReadFile (in: hFile=0x184, lpBuffer=0xc0002b0000, nNumberOfBytesToRead=0x57a3, lpNumberOfBytesRead=0xc00019dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b0000*, lpNumberOfBytesRead=0xc00019dc04*=0x55a3, lpOverlapped=0x0) returned 1 [0103.473] ReadFile (in: hFile=0x184, lpBuffer=0xc0002b55a3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00019dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b55a3*, lpNumberOfBytesRead=0xc00019dc04*=0x0, lpOverlapped=0x0) returned 1 [0103.473] CloseHandle (hObject=0x184) returned 1 [0103.473] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0103.474] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc00019dd04 | out: lpMode=0xc00019dd04) returned 0 [0103.488] GetFileType (hFile=0x184) returned 0x1 [0103.488] WriteFile (in: hFile=0x184, lpBuffer=0xc000160000*, nNumberOfBytesToWrite=0x55b0, lpNumberOfBytesWritten=0xc00019dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesWritten=0xc00019dcec*=0x55b0, lpOverlapped=0x0) returned 1 [0103.489] CloseHandle (hObject=0x184) returned 1 [0103.489] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532601 | out: pbBuffer=0xc000532601) returned 1 [0103.489] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0103.489] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc00019dd64 | out: lpMode=0xc00019dd64) returned 0 [0103.499] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0103.526] GetFileType (hFile=0x184) returned 0x1 [0103.526] WriteFile (in: hFile=0x184, lpBuffer=0xc000131760*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00019dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000131760*, lpNumberOfBytesWritten=0xc00019dd4c*=0x158, lpOverlapped=0x0) returned 1 [0103.526] CloseHandle (hObject=0x184) returned 1 [0103.526] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.527] SetEvent (hEvent=0x108) returned 1 [0103.527] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0104.587] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0104.595] SetEvent (hEvent=0xb8) returned 1 [0104.595] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.952] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.952] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.953] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.954] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.954] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.955] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.956] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.957] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.957] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.958] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.959] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.959] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.960] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.961] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.962] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.963] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.964] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.964] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.965] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.965] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.966] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.967] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.967] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.968] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.968] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.969] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.969] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.970] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.970] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.970] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.971] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.971] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0107.972] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0114.159] SetEvent (hEvent=0x164) returned 1 [0114.159] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0114.180] SetEvent (hEvent=0x108) returned 1 [0114.180] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0114.185] SetEvent (hEvent=0x15c) returned 1 [0114.185] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0114.194] SetEvent (hEvent=0x114) returned 1 [0114.194] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0114.200] SetEvent (hEvent=0x9c) returned 1 [0114.200] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0114.202] SetEvent (hEvent=0x1a0) returned 1 [0114.202] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0114.208] SetEvent (hEvent=0x13c) returned 1 [0114.208] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0114.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0114.211] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0114.213] GetFileType (hFile=0x1e4) returned 0x1 [0114.213] GetFileType (hFile=0x1e4) returned 0x1 [0114.213] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0114.213] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0114.213] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0114.214] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00007e000, nNumberOfBytesToRead=0x1b98, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesRead=0xc000117c04*=0x1998, lpOverlapped=0x0) returned 1 [0114.218] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00007f998, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007f998*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0114.218] CloseHandle (hObject=0x1e4) returned 1 [0114.218] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0114.219] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0114.262] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0114.270] GetFileType (hFile=0x1ac) returned 0x1 [0114.270] WriteFile (in: hFile=0x1ac, lpBuffer=0xc0002ec000*, nNumberOfBytesToWrite=0x19a0, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002ec000*, lpNumberOfBytesWritten=0xc000117cec*=0x19a0, lpOverlapped=0x0) returned 1 [0114.272] CloseHandle (hObject=0x1ac) returned 1 [0114.276] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0114.353] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1701 | out: pbBuffer=0xc0000e1701) returned 1 [0114.353] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0114.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f4 [0114.354] GetConsoleMode (in: hConsoleHandle=0x1f4, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0114.356] GetFileType (hFile=0x1f4) returned 0x1 [0114.356] WriteFile (in: hFile=0x1f4, lpBuffer=0xc00007d1e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007d1e0*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.356] CloseHandle (hObject=0x1f4) returned 1 [0114.363] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEgCuQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbegcuq[1].jpg"), dwFlags=0x1) returned 1 [0114.510] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0114.511] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0114.514] SetEvent (hEvent=0x1dc) returned 1 [0114.514] SwitchToThread () returned 1 [0114.516] SetEvent (hEvent=0x1dc) returned 1 [0114.516] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0114.521] SetEvent (hEvent=0x1dc) returned 1 [0114.521] SetEvent (hEvent=0x9c) returned 1 [0114.521] SetEvent (hEvent=0x1f8) returned 1 [0114.521] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0115.579] SetEvent (hEvent=0xfc) returned 1 [0115.579] SetEvent (hEvent=0x12c) returned 1 [0115.579] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0115.627] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x214 [0115.628] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0115.628] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0115.654] GetFileType (hFile=0x214) returned 0x1 [0115.654] GetFileType (hFile=0x214) returned 0x1 [0115.654] GetFileInformationByHandle (in: hFile=0x214, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0115.654] GetFileInformationByHandleEx (in: hFile=0x214, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0115.654] ReadFile (in: hFile=0x214, lpBuffer=0xc0002a8a00, nNumberOfBytesToRead=0x2343, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a8a00*, lpNumberOfBytesRead=0xc000241c04*=0x2143, lpOverlapped=0x0) returned 1 [0115.661] ReadFile (in: hFile=0x214, lpBuffer=0xc0002aab43, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002aab43*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0115.661] CloseHandle (hObject=0x214) returned 1 [0115.661] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0115.677] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0115.680] GetFileType (hFile=0x1ec) returned 0x1 [0115.680] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0002aaf00*, nNumberOfBytesToWrite=0x2150, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002aaf00*, lpNumberOfBytesWritten=0xc000241cec*=0x2150, lpOverlapped=0x0) returned 1 [0115.682] CloseHandle (hObject=0x1ec) returned 1 [0115.689] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0115.897] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1901 | out: pbBuffer=0xc0000e1901) returned 1 [0115.897] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0115.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0115.898] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0115.906] GetFileType (hFile=0x2b4) returned 0x1 [0115.906] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000d78c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d78c0*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0115.906] CloseHandle (hObject=0x2b4) returned 1 [0115.911] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBLcCz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbblccz[1].jpg"), dwFlags=0x1) returned 1 [0116.515] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f670, ulCount=0x10, ulNumEntriesRemoved=0x22f644, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f670, ulNumEntriesRemoved=0x22f644) returned 0 [0116.515] SetEvent (hEvent=0x304) returned 1 [0116.515] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fde0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.518] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x22f678, ulCount=0x10, ulNumEntriesRemoved=0x22f64c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x22f678, ulNumEntriesRemoved=0x22f64c) returned 0 [0116.518] SetEvent (hEvent=0x304) returned 1 [0116.518] WaitForMultipleObjects (nCount=0x2, lpHandles=0x22fdf0*=0x8c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.522] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0141.546] SetEvent (hEvent=0x1b4) returned 1 [0141.546] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0141.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3f8 [0141.550] GetConsoleMode (in: hConsoleHandle=0x3f8, lpMode=0xc000381cf4 | out: lpMode=0xc000381cf4) returned 0 [0141.551] GetFileType (hFile=0x3f8) returned 0x1 [0141.551] GetFileType (hFile=0x3f8) returned 0x1 [0141.551] GetFileInformationByHandle (in: hFile=0x3f8, lpFileInformation=0xc000381d44 | out: lpFileInformation=0xc000381d44) returned 1 [0141.551] GetFileInformationByHandleEx (in: hFile=0x3f8, FileInformationClass=0x9, lpFileInformation=0xc000381d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000381d28) returned 1 [0141.551] ReadFile (in: hFile=0x3f8, lpBuffer=0xc0002886c0, nNumberOfBytesToRead=0x218, lpNumberOfBytesRead=0xc000381c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002886c0*, lpNumberOfBytesRead=0xc000381c04*=0x18, lpOverlapped=0x0) returned 1 [0142.531] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0142.886] ReadFile (in: hFile=0x3f8, lpBuffer=0xc0002886d8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000381c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002886d8*, lpNumberOfBytesRead=0xc000381c04*=0x0, lpOverlapped=0x0) returned 1 [0142.886] CloseHandle (hObject=0x3f8) returned 1 [0142.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3f8 [0142.888] GetConsoleMode (in: hConsoleHandle=0x3f8, lpMode=0xc000381d04 | out: lpMode=0xc000381d04) returned 0 [0142.998] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0144.219] GetFileType (hFile=0x3f8) returned 0x1 [0144.219] WriteFile (in: hFile=0x3f8, lpBuffer=0xc0003fc7e0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xc000381cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003fc7e0*, lpNumberOfBytesWritten=0xc000381cec*=0x20, lpOverlapped=0x0) returned 1 [0144.221] CloseHandle (hObject=0x3f8) returned 1 [0144.221] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b201 | out: pbBuffer=0xc00031b201) returned 1 [0144.221] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3f8 [0144.221] GetConsoleMode (in: hConsoleHandle=0x3f8, lpMode=0xc000381d64 | out: lpMode=0xc000381d64) returned 0 [0144.232] GetFileType (hFile=0x3f8) returned 0x1 [0144.232] WriteFile (in: hFile=0x3f8, lpBuffer=0xc000682840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000381d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000682840*, lpNumberOfBytesWritten=0xc000381d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.232] CloseHandle (hObject=0x3f8) returned 1 [0144.232] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\encry-7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\encry-7e4dca80246863e3.customdestinations-ms"), dwFlags=0x1) returned 1 [0144.234] SetEvent (hEvent=0x354) returned 1 [0144.235] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0144.244] SetEvent (hEvent=0xbc0) returned 1 [0144.244] SetEvent (hEvent=0xa20) returned 1 [0144.244] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) returned 0x0 [0144.262] VirtualFree (lpAddress=0xc0002e2000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0144.264] VirtualFree (lpAddress=0xc000180000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0144.265] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.266] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.267] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.268] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0144.269] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0144.270] SetEvent (hEvent=0x9a8) returned 1 [0144.270] WaitForSingleObject (hHandle=0x8c, dwMilliseconds=0xffffffff) Thread: id = 2 os_tid = 0x7b0 [0070.490] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785fea0*=0x90) returned 1 [0070.490] VirtualQuery (in: lpAddress=0x2785fec0, lpBuffer=0x2785fec0, dwLength=0x30 | out: lpBuffer=0x2785fec0*(BaseAddress=0x2785f000, AllocationBase=0x27660000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0070.490] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0070.493] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0070.498] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0070.501] SetEvent (hEvent=0xb8) returned 1 [0070.501] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0070.502] timeEndPeriod (uPeriod=0x1) returned 0x0 [0070.502] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc0 [0070.503] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc4 [0070.503] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0070.503] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0070.503] SetEvent (hEvent=0xb8) returned 1 [0070.503] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0070.504] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0070.563] SetEvent (hEvent=0xb8) returned 1 [0070.563] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0070.565] SetEvent (hEvent=0xa8) returned 1 [0070.565] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0070.567] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0070.569] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0070.717] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0070.718] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0070.931] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.067] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0071.068] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x88, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xe0) returned 1 [0071.068] SuspendThread (hThread=0xe0) returned 0x0 [0071.068] GetThreadContext (in: hThread=0xe0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x287, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000c7520, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x4d65e5, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0071.068] SetThreadContext (hThread=0xe0, lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x287, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000c7518, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x461ec0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0071.068] ResumeThread (hThread=0xe0) returned 0x1 [0071.068] CloseHandle (hObject=0xe0) returned 1 [0071.069] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.165] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0071.165] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.277] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0071.277] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x88, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xe0) returned 1 [0071.277] SuspendThread (hThread=0xe0) returned 0x0 [0071.277] GetThreadContext (in: hThread=0xe0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0xa46, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000c7518, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x4e4363, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0071.277] ResumeThread (hThread=0xe0) returned 0x1 [0071.277] CloseHandle (hObject=0xe0) returned 1 [0071.277] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.388] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0071.389] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.487] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0071.487] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x88, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xe0) returned 1 [0071.487] SuspendThread (hThread=0xe0) returned 0x0 [0071.487] GetThreadContext (in: hThread=0xe0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x287, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000c7520, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x4d66a7, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0071.488] SetThreadContext (hThread=0xe0, lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x287, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000c7518, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x461ec0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0071.489] ResumeThread (hThread=0xe0) returned 0x1 [0071.489] CloseHandle (hObject=0xe0) returned 1 [0071.489] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.519] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0071.519] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.520] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.521] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.522] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.523] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.589] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0071.589] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.590] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.591] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.592] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.595] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.596] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.597] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.696] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0071.696] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x98, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xe8) returned 1 [0071.696] SuspendThread (hThread=0xe8) returned 0x0 [0071.696] GetThreadContext (in: hThread=0xe8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000bb518, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x4e4354, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0071.697] ResumeThread (hThread=0xe8) returned 0x1 [0071.697] CloseHandle (hObject=0xe8) returned 1 [0071.697] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0071.793] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0071.793] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xa4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xe8) returned 1 [0071.793] SuspendThread (hThread=0xe8) returned 0x0 [0071.793] GetThreadContext (in: hThread=0xe8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27c5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0071.907] ResumeThread (hThread=0xe8) returned 0x1 [0071.907] CloseHandle (hObject=0xe8) returned 1 [0071.907] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0072.005] timeEndPeriod (uPeriod=0x1) returned 0x0 [0072.005] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0072.058] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0072.058] SetEvent (hEvent=0x9c) returned 1 [0072.058] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0072.069] timeEndPeriod (uPeriod=0x1) returned 0x0 [0072.069] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0072.434] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0072.434] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0072.446] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0072.462] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0072.463] timeEndPeriod (uPeriod=0x1) returned 0x0 [0072.463] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0089.553] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0089.554] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0089.575] timeEndPeriod (uPeriod=0x1) returned 0x0 [0089.575] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0089.782] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0089.782] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0089.814] timeEndPeriod (uPeriod=0x1) returned 0x0 [0089.814] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0089.823] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0089.823] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0089.834] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0089.852] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00002b500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe0 [0089.860] CloseHandle (hObject=0xe0) returned 1 [0089.860] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0089.869] SetEvent (hEvent=0x9c) returned 1 [0089.870] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0089.881] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00002b880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe4 [0089.899] CloseHandle (hObject=0xe4) returned 1 [0089.899] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000080380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe4 [0089.907] CloseHandle (hObject=0xe4) returned 1 [0089.907] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0089.908] timeEndPeriod (uPeriod=0x1) returned 0x0 [0089.908] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0089.912] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0089.912] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x12c) returned 1 [0089.912] SuspendThread (hThread=0x12c) returned 0x0 [0089.912] GetThreadContext (in: hThread=0x12c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5f728, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab153a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0089.944] ResumeThread (hThread=0x12c) returned 0x1 [0089.944] CloseHandle (hObject=0x12c) returned 1 [0089.944] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000080700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x12c [0089.946] CloseHandle (hObject=0x12c) returned 1 [0089.946] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0089.956] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0089.961] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0089.963] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0089.965] timeEndPeriod (uPeriod=0x1) returned 0x0 [0089.965] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0089.966] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0089.966] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0089.967] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.021] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.042] SetEvent (hEvent=0x108) returned 1 [0090.042] SetEvent (hEvent=0x9c) returned 1 [0090.042] SetEvent (hEvent=0x12c) returned 1 [0090.042] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.051] timeEndPeriod (uPeriod=0x1) returned 0x0 [0090.051] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0090.053] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0090.053] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.070] timeEndPeriod (uPeriod=0x1) returned 0x0 [0090.070] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0090.071] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0090.071] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.085] timeEndPeriod (uPeriod=0x1) returned 0x0 [0090.085] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0090.086] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0090.086] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.089] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.182] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.223] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xf4) returned 1 [0090.223] SuspendThread (hThread=0xf4) returned 0x0 [0090.223] GetThreadContext (in: hThread=0xf4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0090.224] ResumeThread (hThread=0xf4) returned 0x1 [0090.224] CloseHandle (hObject=0xf4) returned 1 [0090.224] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.225] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xf4) returned 1 [0090.225] SuspendThread (hThread=0xf4) returned 0x0 [0090.225] GetThreadContext (in: hThread=0xf4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0090.241] ResumeThread (hThread=0xf4) returned 0x1 [0090.241] CloseHandle (hObject=0xf4) returned 1 [0090.241] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.257] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.272] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.277] timeEndPeriod (uPeriod=0x1) returned 0x0 [0090.277] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0090.277] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0090.278] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.278] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x144) returned 1 [0090.278] SuspendThread (hThread=0x144) returned 0x0 [0090.278] GetThreadContext (in: hThread=0x144, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0090.291] ResumeThread (hThread=0x144) returned 0x1 [0090.291] CloseHandle (hObject=0x144) returned 1 [0090.291] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.331] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.336] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.342] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x128) returned 1 [0090.342] SuspendThread (hThread=0x128) returned 0x0 [0090.342] GetThreadContext (in: hThread=0x128, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0090.355] ResumeThread (hThread=0x128) returned 0x1 [0090.355] CloseHandle (hObject=0x128) returned 1 [0090.355] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.363] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.378] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x148) returned 1 [0090.378] SuspendThread (hThread=0x148) returned 0x0 [0090.378] GetThreadContext (in: hThread=0x148, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0090.379] ResumeThread (hThread=0x148) returned 0x1 [0090.379] CloseHandle (hObject=0x148) returned 1 [0090.379] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.388] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.425] SetEvent (hEvent=0x100) returned 1 [0090.425] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.463] SetEvent (hEvent=0xb8) returned 1 [0090.463] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.479] timeEndPeriod (uPeriod=0x1) returned 0x0 [0090.479] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0090.480] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0090.480] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x88, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x158) returned 1 [0090.480] SuspendThread (hThread=0x158) returned 0x0 [0090.481] GetThreadContext (in: hThread=0x158, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x22f708, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab153a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0090.484] ResumeThread (hThread=0x158) returned 0x1 [0090.484] CloseHandle (hObject=0x158) returned 1 [0090.484] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.491] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.540] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xfc) returned 1 [0090.540] SuspendThread (hThread=0xfc) returned 0x0 [0090.540] GetThreadContext (in: hThread=0xfc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0090.595] ResumeThread (hThread=0xfc) returned 0x1 [0090.595] CloseHandle (hObject=0xfc) returned 1 [0090.595] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.709] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xfc) returned 1 [0090.709] SuspendThread (hThread=0xfc) returned 0x0 [0090.709] GetThreadContext (in: hThread=0xfc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0090.746] ResumeThread (hThread=0xfc) returned 0x1 [0090.746] CloseHandle (hObject=0xfc) returned 1 [0090.746] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.772] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.773] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.775] timeEndPeriod (uPeriod=0x1) returned 0x0 [0090.775] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0090.776] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0090.776] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.785] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.865] timeEndPeriod (uPeriod=0x1) returned 0x0 [0090.865] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0090.869] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0090.869] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0090.959] timeEndPeriod (uPeriod=0x1) returned 0x0 [0090.959] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0090.976] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0090.976] SetEvent (hEvent=0x13c) returned 1 [0090.976] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.024] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xec) returned 1 [0091.025] SwitchToThread () returned 1 [0091.031] SuspendThread (hThread=0xec) returned 0x0 [0091.031] GetThreadContext (in: hThread=0xec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28fcfeb8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.054] ResumeThread (hThread=0xec) returned 0x1 [0091.054] CloseHandle (hObject=0xec) returned 1 [0091.054] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.069] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xec) returned 1 [0091.069] SuspendThread (hThread=0xec) returned 0x0 [0091.070] GetThreadContext (in: hThread=0xec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.092] ResumeThread (hThread=0xec) returned 0x1 [0091.092] CloseHandle (hObject=0xec) returned 1 [0091.092] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.097] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.100] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.139] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.158] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.163] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.167] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.179] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.187] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.189] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.189] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.204] timeEndPeriod (uPeriod=0x1) returned 0x0 [0091.204] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0091.217] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0091.217] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.244] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.318] SetEvent (hEvent=0x120) returned 1 [0091.318] SetEvent (hEvent=0x114) returned 1 [0091.318] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.333] timeEndPeriod (uPeriod=0x1) returned 0x0 [0091.333] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0091.335] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0091.335] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.357] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xec) returned 1 [0091.357] SuspendThread (hThread=0xec) returned 0x0 [0091.357] GetThreadContext (in: hThread=0xec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.367] ResumeThread (hThread=0xec) returned 0x1 [0091.367] CloseHandle (hObject=0xec) returned 1 [0091.367] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.376] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.478] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x144) returned 1 [0091.478] SuspendThread (hThread=0x144) returned 0x0 [0091.478] GetThreadContext (in: hThread=0x144, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.484] ResumeThread (hThread=0x144) returned 0x1 [0091.484] CloseHandle (hObject=0x144) returned 1 [0091.484] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.494] timeEndPeriod (uPeriod=0x1) returned 0x0 [0091.494] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0091.495] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0091.495] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.497] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.563] timeEndPeriod (uPeriod=0x1) returned 0x0 [0091.563] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0091.566] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0091.566] SetEvent (hEvent=0xb8) returned 1 [0091.566] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.611] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.670] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x14c) returned 1 [0091.670] SuspendThread (hThread=0x14c) returned 0x0 [0091.670] GetThreadContext (in: hThread=0x14c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.683] ResumeThread (hThread=0x14c) returned 0x1 [0091.683] CloseHandle (hObject=0x14c) returned 1 [0091.683] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.704] timeEndPeriod (uPeriod=0x1) returned 0x0 [0091.704] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0091.715] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0091.715] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.764] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xf4) returned 1 [0091.764] SuspendThread (hThread=0xf4) returned 0x0 [0091.764] GetThreadContext (in: hThread=0xf4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.803] ResumeThread (hThread=0xf4) returned 0x1 [0091.803] CloseHandle (hObject=0xf4) returned 1 [0091.803] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.803] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xf4) returned 1 [0091.804] SuspendThread (hThread=0xf4) returned 0x0 [0091.804] GetThreadContext (in: hThread=0xf4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.814] ResumeThread (hThread=0xf4) returned 0x1 [0091.814] CloseHandle (hObject=0xf4) returned 1 [0091.814] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.822] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.825] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.831] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x14c) returned 1 [0091.831] SuspendThread (hThread=0x14c) returned 0x0 [0091.832] GetThreadContext (in: hThread=0x14c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.869] ResumeThread (hThread=0x14c) returned 0x1 [0091.870] CloseHandle (hObject=0x14c) returned 1 [0091.870] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.871] timeEndPeriod (uPeriod=0x1) returned 0x0 [0091.871] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0091.929] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0091.929] SetEvent (hEvent=0x100) returned 1 [0091.929] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0091.963] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0091.963] SuspendThread (hThread=0x150) returned 0x0 [0091.963] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0092.162] ResumeThread (hThread=0x150) returned 0x1 [0092.162] CloseHandle (hObject=0x150) returned 1 [0092.162] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.165] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0092.166] SuspendThread (hThread=0x150) returned 0x0 [0092.166] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0092.612] ResumeThread (hThread=0x150) returned 0x1 [0092.613] CloseHandle (hObject=0x150) returned 1 [0092.613] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.623] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.628] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.634] timeEndPeriod (uPeriod=0x1) returned 0x0 [0092.634] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0092.635] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0092.635] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.696] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.704] SetEvent (hEvent=0xb8) returned 1 [0092.704] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.717] SetEvent (hEvent=0x114) returned 1 [0092.717] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.728] timeEndPeriod (uPeriod=0x1) returned 0x0 [0092.728] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0092.731] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0092.731] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.747] timeEndPeriod (uPeriod=0x1) returned 0x0 [0092.747] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0092.747] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0092.748] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.774] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.776] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.781] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.795] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.798] timeEndPeriod (uPeriod=0x1) returned 0x0 [0092.799] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0092.801] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0092.801] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.822] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xec) returned 1 [0092.822] SuspendThread (hThread=0xec) returned 0x0 [0092.822] GetThreadContext (in: hThread=0xec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0092.884] ResumeThread (hThread=0xec) returned 0x1 [0092.884] CloseHandle (hObject=0xec) returned 1 [0092.885] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.896] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.900] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.912] timeEndPeriod (uPeriod=0x1) returned 0x0 [0092.912] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0092.912] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0092.912] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.925] timeEndPeriod (uPeriod=0x1) returned 0x0 [0092.925] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0092.927] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0092.927] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.930] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0092.930] SuspendThread (hThread=0x150) returned 0x0 [0092.930] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0092.939] ResumeThread (hThread=0x150) returned 0x1 [0092.939] CloseHandle (hObject=0x150) returned 1 [0092.939] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0092.980] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xf4) returned 1 [0092.980] SuspendThread (hThread=0xf4) returned 0x0 [0092.980] GetThreadContext (in: hThread=0xf4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0092.989] ResumeThread (hThread=0xf4) returned 0x1 [0092.989] CloseHandle (hObject=0xf4) returned 1 [0092.989] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.002] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.016] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x14c) returned 1 [0093.016] SuspendThread (hThread=0x14c) returned 0x0 [0093.016] GetThreadContext (in: hThread=0x14c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.017] ResumeThread (hThread=0x14c) returned 0x1 [0093.017] CloseHandle (hObject=0x14c) returned 1 [0093.017] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.017] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x14c) returned 1 [0093.017] SuspendThread (hThread=0x14c) returned 0x0 [0093.017] GetThreadContext (in: hThread=0x14c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.038] ResumeThread (hThread=0x14c) returned 0x1 [0093.038] CloseHandle (hObject=0x14c) returned 1 [0093.038] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.048] timeEndPeriod (uPeriod=0x1) returned 0x0 [0093.048] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0093.049] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0093.049] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.053] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.070] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.077] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.093] SetEvent (hEvent=0x114) returned 1 [0093.093] SetEvent (hEvent=0x100) returned 1 [0093.093] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.106] SetEvent (hEvent=0x114) returned 1 [0093.106] SetEvent (hEvent=0x108) returned 1 [0093.107] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.122] SetEvent (hEvent=0x108) returned 1 [0093.122] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.125] timeEndPeriod (uPeriod=0x1) returned 0x0 [0093.125] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0093.127] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0093.127] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.151] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.215] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.217] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.221] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.235] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.264] timeEndPeriod (uPeriod=0x1) returned 0x0 [0093.264] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0093.367] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0093.367] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.390] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x14c) returned 1 [0093.390] SuspendThread (hThread=0x14c) returned 0x0 [0093.390] GetThreadContext (in: hThread=0x14c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.408] ResumeThread (hThread=0x14c) returned 0x1 [0093.408] CloseHandle (hObject=0x14c) returned 1 [0093.408] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.420] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.421] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.425] timeEndPeriod (uPeriod=0x1) returned 0x0 [0093.426] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0093.427] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0093.427] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.442] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.444] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xec) returned 1 [0093.444] SuspendThread (hThread=0xec) returned 0x0 [0093.444] GetThreadContext (in: hThread=0xec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.445] ResumeThread (hThread=0xec) returned 0x1 [0093.445] CloseHandle (hObject=0xec) returned 1 [0093.445] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.447] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xec) returned 1 [0093.447] SuspendThread (hThread=0xec) returned 0x0 [0093.447] GetThreadContext (in: hThread=0xec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.456] ResumeThread (hThread=0xec) returned 0x1 [0093.456] CloseHandle (hObject=0xec) returned 1 [0093.456] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.472] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.534] SetEvent (hEvent=0x114) returned 1 [0093.535] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.581] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x14c) returned 1 [0093.581] SuspendThread (hThread=0x14c) returned 0x0 [0093.581] GetThreadContext (in: hThread=0x14c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28fcfb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.606] ResumeThread (hThread=0x14c) returned 0x1 [0093.606] CloseHandle (hObject=0x14c) returned 1 [0093.606] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.608] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x14c) returned 1 [0093.608] SuspendThread (hThread=0x14c) returned 0x0 [0093.608] GetThreadContext (in: hThread=0x14c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28fcfb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.624] ResumeThread (hThread=0x14c) returned 0x1 [0093.624] CloseHandle (hObject=0x14c) returned 1 [0093.624] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.640] timeEndPeriod (uPeriod=0x1) returned 0x0 [0093.640] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0093.642] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0093.642] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.646] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.668] timeEndPeriod (uPeriod=0x1) returned 0x0 [0093.668] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0093.670] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0093.670] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.721] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.737] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.739] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.746] timeEndPeriod (uPeriod=0x1) returned 0x0 [0093.746] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0093.747] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0093.747] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.748] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.768] timeEndPeriod (uPeriod=0x1) returned 0x0 [0093.768] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0093.769] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0093.769] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.773] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.789] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.814] timeEndPeriod (uPeriod=0x1) returned 0x0 [0093.814] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0093.816] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0093.816] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.817] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.857] timeEndPeriod (uPeriod=0x1) returned 0x0 [0093.857] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0093.858] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0093.858] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xf4) returned 1 [0093.858] SuspendThread (hThread=0xf4) returned 0x0 [0093.858] GetThreadContext (in: hThread=0xf4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.869] ResumeThread (hThread=0xf4) returned 0x1 [0093.869] CloseHandle (hObject=0xf4) returned 1 [0093.869] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.881] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.884] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.887] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.899] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.904] timeEndPeriod (uPeriod=0x1) returned 0x0 [0093.904] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0093.907] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0093.907] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.980] timeEndPeriod (uPeriod=0x1) returned 0x0 [0093.980] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0093.980] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0093.980] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x88, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0093.980] SuspendThread (hThread=0x150) returned 0x0 [0093.981] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x22fae8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0093.982] ResumeThread (hThread=0x150) returned 0x1 [0093.983] CloseHandle (hObject=0x150) returned 1 [0093.983] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0093.989] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.000] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.009] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.018] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.018] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.019] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.019] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.025] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.025] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.027] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.027] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.051] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.059] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.059] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.060] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.060] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.089] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.097] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x88, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x148) returned 1 [0094.097] SuspendThread (hThread=0x148) returned 0x0 [0094.097] GetThreadContext (in: hThread=0x148, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x22fae8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0094.101] ResumeThread (hThread=0x148) returned 0x1 [0094.101] CloseHandle (hObject=0x148) returned 1 [0094.101] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.111] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.111] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.113] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.113] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.115] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.137] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.137] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.138] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.138] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.148] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.161] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.161] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.162] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.162] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.169] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.182] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.182] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.183] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.183] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.183] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.222] SetEvent (hEvent=0xb8) returned 1 [0094.222] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.228] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.229] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.230] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.230] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.251] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.251] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.252] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.252] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.271] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x88, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0094.271] SuspendThread (hThread=0x150) returned 0x0 [0094.271] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x22fae8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0094.295] ResumeThread (hThread=0x150) returned 0x1 [0094.295] CloseHandle (hObject=0x150) returned 1 [0094.295] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.335] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.338] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.341] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.341] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.341] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.341] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.356] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.356] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.357] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.357] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.409] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x88, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x14c) returned 1 [0094.409] SuspendThread (hThread=0x14c) returned 0x0 [0094.409] GetThreadContext (in: hThread=0x14c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x22fad8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0094.410] ResumeThread (hThread=0x14c) returned 0x1 [0094.410] CloseHandle (hObject=0x14c) returned 1 [0094.410] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.411] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x88, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x14c) returned 1 [0094.411] SuspendThread (hThread=0x14c) returned 0x0 [0094.411] GetThreadContext (in: hThread=0x14c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x22fae8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0094.417] ResumeThread (hThread=0x14c) returned 0x1 [0094.417] CloseHandle (hObject=0x14c) returned 1 [0094.417] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.426] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.427] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.435] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.435] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.436] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.436] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x88, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0094.436] SuspendThread (hThread=0x150) returned 0x0 [0094.436] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x22fae8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0094.445] ResumeThread (hThread=0x150) returned 0x1 [0094.445] CloseHandle (hObject=0x150) returned 1 [0094.445] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.461] SetEvent (hEvent=0x120) returned 1 [0094.461] SetEvent (hEvent=0x114) returned 1 [0094.461] SetEvent (hEvent=0x9c) returned 1 [0094.462] SetEvent (hEvent=0x108) returned 1 [0094.462] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.467] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.467] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.468] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.468] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.473] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.499] SetEvent (hEvent=0x13c) returned 1 [0094.499] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.514] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.514] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.515] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.515] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.518] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.532] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.535] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.557] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.570] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.570] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.573] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.573] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.590] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.590] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.591] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.591] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0094.591] SuspendThread (hThread=0x150) returned 0x0 [0094.591] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0094.610] ResumeThread (hThread=0x150) returned 0x1 [0094.610] CloseHandle (hObject=0x150) returned 1 [0094.610] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.620] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.622] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.627] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.627] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.628] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.628] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.637] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.657] SetEvent (hEvent=0x120) returned 1 [0094.657] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.663] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.666] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.667] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.667] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.667] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.675] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.675] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.676] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.676] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.727] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.727] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.727] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.727] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x14c) returned 1 [0094.727] SuspendThread (hThread=0x14c) returned 0x0 [0094.728] GetThreadContext (in: hThread=0x14c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0094.738] ResumeThread (hThread=0x14c) returned 0x1 [0094.738] CloseHandle (hObject=0x14c) returned 1 [0094.738] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.745] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.751] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.760] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.760] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.761] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.761] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.783] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.806] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.809] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.815] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.815] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.862] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.862] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xfc) returned 1 [0094.862] SuspendThread (hThread=0xfc) returned 0x0 [0094.862] GetThreadContext (in: hThread=0xfc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0094.874] ResumeThread (hThread=0xfc) returned 0x1 [0094.874] CloseHandle (hObject=0xfc) returned 1 [0094.874] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.890] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.895] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.896] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.907] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.924] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.933] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.946] SetEvent (hEvent=0x13c) returned 1 [0094.946] SetEvent (hEvent=0x100) returned 1 [0094.946] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.958] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.961] timeEndPeriod (uPeriod=0x1) returned 0x0 [0094.961] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0094.962] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0094.962] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.991] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0094.997] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.006] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.008] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.013] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.026] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.029] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.033] timeEndPeriod (uPeriod=0x1) returned 0x0 [0095.033] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0095.034] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0095.034] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.057] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.070] timeEndPeriod (uPeriod=0x1) returned 0x0 [0095.070] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0095.076] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0095.076] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.102] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.120] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.130] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.143] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x144) returned 1 [0095.143] SuspendThread (hThread=0x144) returned 0x0 [0095.143] GetThreadContext (in: hThread=0x144, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0095.154] ResumeThread (hThread=0x144) returned 0x1 [0095.154] CloseHandle (hObject=0x144) returned 1 [0095.154] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.168] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.172] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.178] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.183] timeEndPeriod (uPeriod=0x1) returned 0x0 [0095.183] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0095.186] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0095.186] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.218] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.230] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0095.230] SuspendThread (hThread=0x150) returned 0x0 [0095.230] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0095.255] ResumeThread (hThread=0x150) returned 0x1 [0095.255] CloseHandle (hObject=0x150) returned 1 [0095.255] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.266] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.272] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.274] timeEndPeriod (uPeriod=0x1) returned 0x0 [0095.274] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0095.274] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0095.274] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.280] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.294] SetEvent (hEvent=0x114) returned 1 [0095.294] SetEvent (hEvent=0x120) returned 1 [0095.295] SetEvent (hEvent=0x13c) returned 1 [0095.295] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.320] SetEvent (hEvent=0x13c) returned 1 [0095.320] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.324] timeEndPeriod (uPeriod=0x1) returned 0x0 [0095.324] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0095.327] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0095.327] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.365] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.381] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.383] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.388] timeEndPeriod (uPeriod=0x1) returned 0x0 [0095.388] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0095.389] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0095.389] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.394] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.415] timeEndPeriod (uPeriod=0x1) returned 0x0 [0095.415] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0095.417] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0095.417] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.422] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.444] timeEndPeriod (uPeriod=0x1) returned 0x0 [0095.444] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0095.447] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0095.447] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.469] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.517] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.529] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x148) returned 1 [0095.529] SuspendThread (hThread=0x148) returned 0x0 [0095.529] GetThreadContext (in: hThread=0x148, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0095.545] ResumeThread (hThread=0x148) returned 0x1 [0095.545] CloseHandle (hObject=0x148) returned 1 [0095.545] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.548] timeEndPeriod (uPeriod=0x1) returned 0x0 [0095.548] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0095.549] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0095.549] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x148) returned 1 [0095.549] SuspendThread (hThread=0x148) returned 0x0 [0095.549] GetThreadContext (in: hThread=0x148, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0095.558] ResumeThread (hThread=0x148) returned 0x1 [0095.558] CloseHandle (hObject=0x148) returned 1 [0095.558] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.575] SetEvent (hEvent=0x120) returned 1 [0095.575] SetEvent (hEvent=0x9c) returned 1 [0095.575] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.587] SetEvent (hEvent=0x9c) returned 1 [0095.587] SetEvent (hEvent=0x120) returned 1 [0095.587] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.594] timeEndPeriod (uPeriod=0x1) returned 0x0 [0095.594] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0095.595] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0095.595] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.597] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.621] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.639] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.655] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.660] timeEndPeriod (uPeriod=0x1) returned 0x0 [0095.660] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0095.661] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0095.662] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.678] timeEndPeriod (uPeriod=0x1) returned 0x0 [0095.678] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0095.679] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0095.679] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.702] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xf4) returned 1 [0095.702] SuspendThread (hThread=0xf4) returned 0x0 [0095.703] GetThreadContext (in: hThread=0xf4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0095.717] ResumeThread (hThread=0xf4) returned 0x1 [0095.717] CloseHandle (hObject=0xf4) returned 1 [0095.717] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.731] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.735] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.747] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x148) returned 1 [0095.747] SuspendThread (hThread=0x148) returned 0x0 [0095.747] GetThreadContext (in: hThread=0x148, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0095.771] ResumeThread (hThread=0x148) returned 0x1 [0095.771] CloseHandle (hObject=0x148) returned 1 [0095.771] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.783] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.788] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.793] timeEndPeriod (uPeriod=0x1) returned 0x0 [0095.794] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0095.794] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0095.794] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x154) returned 1 [0095.795] SuspendThread (hThread=0x154) returned 0x0 [0095.795] GetThreadContext (in: hThread=0x154, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0095.801] ResumeThread (hThread=0x154) returned 0x1 [0095.801] CloseHandle (hObject=0x154) returned 1 [0095.801] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.811] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.817] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.831] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x148) returned 1 [0095.831] SuspendThread (hThread=0x148) returned 0x0 [0095.831] GetThreadContext (in: hThread=0x148, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0095.839] ResumeThread (hThread=0x148) returned 0x1 [0095.839] CloseHandle (hObject=0x148) returned 1 [0095.839] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.852] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.861] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.868] timeEndPeriod (uPeriod=0x1) returned 0x0 [0095.868] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0095.869] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0095.869] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x148) returned 1 [0095.869] SuspendThread (hThread=0x148) returned 0x0 [0095.869] GetThreadContext (in: hThread=0x148, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0095.877] ResumeThread (hThread=0x148) returned 0x1 [0095.877] CloseHandle (hObject=0x148) returned 1 [0095.878] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.891] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.894] timeEndPeriod (uPeriod=0x1) returned 0x0 [0095.894] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0095.895] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0095.895] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.899] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.923] SetEvent (hEvent=0x13c) returned 1 [0095.923] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.926] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.937] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x148) returned 1 [0095.937] SuspendThread (hThread=0x148) returned 0x0 [0095.937] GetThreadContext (in: hThread=0x148, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0095.957] ResumeThread (hThread=0x148) returned 0x1 [0095.957] CloseHandle (hObject=0x148) returned 1 [0095.957] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.972] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.977] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.979] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0095.981] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.001] SetEvent (hEvent=0x8c) returned 1 [0096.001] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.003] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.005] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.005] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.005] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.005] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.012] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.036] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.038] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.039] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.046] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.046] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.047] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.047] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.070] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.070] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.071] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.071] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.079] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x128) returned 1 [0096.079] SuspendThread (hThread=0x128) returned 0x0 [0096.079] GetThreadContext (in: hThread=0x128, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0096.098] ResumeThread (hThread=0x128) returned 0x1 [0096.098] CloseHandle (hObject=0x128) returned 1 [0096.098] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.106] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.109] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.111] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.111] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.111] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.111] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.118] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.130] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.140] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.140] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.141] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.141] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xf4) returned 1 [0096.141] SuspendThread (hThread=0xf4) returned 0x0 [0096.141] GetThreadContext (in: hThread=0xf4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0096.145] ResumeThread (hThread=0xf4) returned 0x1 [0096.145] CloseHandle (hObject=0xf4) returned 1 [0096.145] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.164] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.166] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.171] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.171] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.171] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.171] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.179] SetEvent (hEvent=0x9c) returned 1 [0096.179] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.193] SetEvent (hEvent=0x13c) returned 1 [0096.193] SetEvent (hEvent=0x108) returned 1 [0096.193] SetEvent (hEvent=0x12c) returned 1 [0096.193] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.206] SetEvent (hEvent=0x108) returned 1 [0096.206] SetEvent (hEvent=0x13c) returned 1 [0096.206] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.219] SetEvent (hEvent=0x108) returned 1 [0096.219] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.232] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.232] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.235] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.235] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.256] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.278] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.284] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.284] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.285] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.285] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.286] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.318] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.318] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.320] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.320] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.337] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.337] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.337] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.337] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x164) returned 1 [0096.337] SuspendThread (hThread=0x164) returned 0x0 [0096.337] GetThreadContext (in: hThread=0x164, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0096.343] ResumeThread (hThread=0x164) returned 0x1 [0096.343] CloseHandle (hObject=0x164) returned 1 [0096.344] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.364] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.368] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.373] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.373] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.374] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.375] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x98, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x164) returned 1 [0096.375] SuspendThread (hThread=0x164) returned 0x0 [0096.375] GetThreadContext (in: hThread=0x164, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27a5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0096.383] ResumeThread (hThread=0x164) returned 0x1 [0096.383] CloseHandle (hObject=0x164) returned 1 [0096.383] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.424] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.432] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.435] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.436] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.436] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.437] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.437] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.441] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.441] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.442] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.442] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.473] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.549] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x128) returned 1 [0096.549] SuspendThread (hThread=0x128) returned 0x0 [0096.549] GetThreadContext (in: hThread=0x128, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0096.557] ResumeThread (hThread=0x128) returned 0x1 [0096.557] CloseHandle (hObject=0x128) returned 1 [0096.557] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.562] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x164) returned 1 [0096.562] SuspendThread (hThread=0x164) returned 0x0 [0096.562] GetThreadContext (in: hThread=0x164, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0096.569] ResumeThread (hThread=0x164) returned 0x1 [0096.569] CloseHandle (hObject=0x164) returned 1 [0096.569] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.583] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.591] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.598] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.598] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.599] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.599] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.641] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.641] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.642] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.642] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.644] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.672] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.693] SetEvent (hEvent=0xb8) returned 1 [0096.693] SetEvent (hEvent=0x9c) returned 1 [0096.693] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.703] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.703] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.705] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.705] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.723] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.740] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.740] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.741] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.741] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.813] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.813] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.813] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.813] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x168) returned 1 [0096.813] SuspendThread (hThread=0x168) returned 0x0 [0096.814] GetThreadContext (in: hThread=0x168, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0096.830] ResumeThread (hThread=0x168) returned 0x1 [0096.831] CloseHandle (hObject=0x168) returned 1 [0096.831] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.863] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.867] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.870] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.870] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.870] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.870] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.878] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.878] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.881] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.881] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.898] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.919] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.923] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.923] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.925] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.925] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.961] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xec) returned 1 [0096.961] SuspendThread (hThread=0xec) returned 0x0 [0096.961] GetThreadContext (in: hThread=0xec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0096.970] ResumeThread (hThread=0xec) returned 0x1 [0096.970] CloseHandle (hObject=0xec) returned 1 [0096.971] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.979] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.981] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.983] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.985] timeEndPeriod (uPeriod=0x1) returned 0x0 [0096.985] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0096.985] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0096.985] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0096.987] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.015] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.023] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.027] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.028] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.031] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.031] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.033] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.033] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.057] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.104] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xf4) returned 1 [0097.105] SuspendThread (hThread=0xf4) returned 0x0 [0097.105] GetThreadContext (in: hThread=0xf4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0097.121] ResumeThread (hThread=0xf4) returned 0x1 [0097.121] CloseHandle (hObject=0xf4) returned 1 [0097.121] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.135] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.138] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.141] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.141] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.142] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.142] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.148] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.148] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.148] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.148] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.166] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.166] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.169] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.169] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.192] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.207] SetEvent (hEvent=0x15c) returned 1 [0097.207] SetEvent (hEvent=0x9c) returned 1 [0097.207] SetEvent (hEvent=0x120) returned 1 [0097.208] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.217] SetEvent (hEvent=0x120) returned 1 [0097.217] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.223] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.223] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.226] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.226] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.247] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.257] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.261] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.269] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.271] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.271] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.274] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.274] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.294] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x148) returned 1 [0097.294] SuspendThread (hThread=0x148) returned 0x0 [0097.295] GetThreadContext (in: hThread=0x148, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0097.303] ResumeThread (hThread=0x148) returned 0x1 [0097.303] CloseHandle (hObject=0x148) returned 1 [0097.303] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.313] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.317] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.334] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.334] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.335] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.335] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.346] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.346] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.348] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.348] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.356] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x148) returned 1 [0097.356] SuspendThread (hThread=0x148) returned 0x0 [0097.356] GetThreadContext (in: hThread=0x148, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0097.370] ResumeThread (hThread=0x148) returned 0x1 [0097.370] CloseHandle (hObject=0x148) returned 1 [0097.370] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.377] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.383] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.383] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.383] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.384] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.384] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.391] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.407] SetEvent (hEvent=0x9c) returned 1 [0097.407] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.408] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.417] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xec) returned 1 [0097.417] SuspendThread (hThread=0xec) returned 0x0 [0097.417] GetThreadContext (in: hThread=0xec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0097.426] ResumeThread (hThread=0xec) returned 0x1 [0097.426] CloseHandle (hObject=0xec) returned 1 [0097.426] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.433] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.436] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.439] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.439] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.440] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.441] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.459] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.475] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.475] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.475] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.475] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x144) returned 1 [0097.475] SuspendThread (hThread=0x144) returned 0x0 [0097.476] GetThreadContext (in: hThread=0x144, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0097.483] ResumeThread (hThread=0x144) returned 0x1 [0097.483] CloseHandle (hObject=0x144) returned 1 [0097.483] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.496] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.501] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.515] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xf4) returned 1 [0097.515] SuspendThread (hThread=0xf4) returned 0x0 [0097.515] GetThreadContext (in: hThread=0xf4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0097.526] ResumeThread (hThread=0xf4) returned 0x1 [0097.526] CloseHandle (hObject=0xf4) returned 1 [0097.526] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.535] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.540] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.546] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.546] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.546] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.546] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.549] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.557] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.557] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.561] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.561] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.578] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.590] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.592] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.592] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.593] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.593] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.702] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x98, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xf4) returned 1 [0097.702] SuspendThread (hThread=0xf4) returned 0x0 [0097.702] GetThreadContext (in: hThread=0xf4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27a5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0097.715] ResumeThread (hThread=0xf4) returned 0x1 [0097.715] CloseHandle (hObject=0xf4) returned 1 [0097.715] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.724] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.728] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.730] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.730] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.730] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.730] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.733] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.750] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.757] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.760] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.761] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.761] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.762] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.762] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.764] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.788] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.791] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.801] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.801] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.802] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.802] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.825] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.838] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.838] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.840] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.840] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.860] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.871] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.873] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.876] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.880] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.880] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.882] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.882] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.898] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x148) returned 1 [0097.898] SuspendThread (hThread=0x148) returned 0x0 [0097.898] GetThreadContext (in: hThread=0x148, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28fcfb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0097.903] ResumeThread (hThread=0x148) returned 0x1 [0097.903] CloseHandle (hObject=0x148) returned 1 [0097.903] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.922] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.926] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.930] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.930] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.932] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.932] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.949] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.967] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.974] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0097.983] timeEndPeriod (uPeriod=0x1) returned 0x0 [0097.983] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0097.985] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0097.985] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.004] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.004] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.006] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.006] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.017] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.017] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.018] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.018] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x128) returned 1 [0098.018] SuspendThread (hThread=0x128) returned 0x0 [0098.018] GetThreadContext (in: hThread=0x128, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0098.027] ResumeThread (hThread=0x128) returned 0x1 [0098.027] CloseHandle (hObject=0x128) returned 1 [0098.027] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.039] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.041] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.050] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.050] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.051] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.051] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.084] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.089] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.094] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x98, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xf4) returned 1 [0098.094] SuspendThread (hThread=0xf4) returned 0x0 [0098.094] GetThreadContext (in: hThread=0xf4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27a5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0098.099] ResumeThread (hThread=0xf4) returned 0x1 [0098.099] CloseHandle (hObject=0xf4) returned 1 [0098.099] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.104] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.108] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.113] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.114] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.114] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.114] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.124] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.133] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.137] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.138] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.138] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.139] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.139] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.147] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.160] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.160] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.161] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.161] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x128) returned 1 [0098.161] SuspendThread (hThread=0x128) returned 0x0 [0098.161] GetThreadContext (in: hThread=0x128, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0098.174] ResumeThread (hThread=0x128) returned 0x1 [0098.174] CloseHandle (hObject=0x128) returned 1 [0098.174] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.187] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.191] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.199] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.199] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.201] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.201] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.222] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.222] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.223] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.223] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xf4) returned 1 [0098.223] SuspendThread (hThread=0xf4) returned 0x0 [0098.223] GetThreadContext (in: hThread=0xf4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0098.230] ResumeThread (hThread=0xf4) returned 0x1 [0098.230] CloseHandle (hObject=0xf4) returned 1 [0098.230] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.241] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.247] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.253] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.253] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.255] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.255] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x154) returned 1 [0098.255] SuspendThread (hThread=0x154) returned 0x0 [0098.255] GetThreadContext (in: hThread=0x154, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0098.262] ResumeThread (hThread=0x154) returned 0x1 [0098.262] CloseHandle (hObject=0x154) returned 1 [0098.262] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.275] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.293] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.293] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.295] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.295] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.312] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.349] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.365] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.369] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.378] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.378] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.379] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.379] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.397] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.489] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x128) returned 1 [0098.489] SuspendThread (hThread=0x128) returned 0x0 [0098.489] GetThreadContext (in: hThread=0x128, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0098.507] ResumeThread (hThread=0x128) returned 0x1 [0098.507] CloseHandle (hObject=0x128) returned 1 [0098.508] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.522] SetEvent (hEvent=0x13c) returned 1 [0098.522] SetEvent (hEvent=0x15c) returned 1 [0098.522] SetEvent (hEvent=0x9c) returned 1 [0098.522] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.530] SetEvent (hEvent=0x9c) returned 1 [0098.530] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.541] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.541] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.544] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.544] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.572] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.589] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.591] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.600] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.600] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.602] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.602] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.605] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.619] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.624] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.624] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.626] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.626] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.642] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.663] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.665] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.665] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.667] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.667] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.746] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.752] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.755] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.755] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.756] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.756] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x88, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x154) returned 1 [0098.756] SuspendThread (hThread=0x154) returned 0x0 [0098.756] GetThreadContext (in: hThread=0x154, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x22fae8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0098.766] ResumeThread (hThread=0x154) returned 0x1 [0098.766] CloseHandle (hObject=0x154) returned 1 [0098.766] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.777] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.777] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.779] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.779] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.784] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.784] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.784] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.784] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.803] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.819] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.821] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.827] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.827] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.828] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.828] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.831] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.930] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.935] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.944] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.950] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.952] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.966] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.971] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.975] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.978] timeEndPeriod (uPeriod=0x1) returned 0x0 [0098.978] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0098.979] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0098.979] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0098.984] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.009] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.017] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.019] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.026] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.027] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.028] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.028] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.031] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.062] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.073] SetEvent (hEvent=0x9c) returned 1 [0099.073] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.078] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.091] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0099.091] SuspendThread (hThread=0x150) returned 0x0 [0099.091] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.103] ResumeThread (hThread=0x150) returned 0x1 [0099.103] CloseHandle (hObject=0x150) returned 1 [0099.103] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.113] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.117] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.127] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.127] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.132] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.132] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.151] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.151] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.153] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.153] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.169] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.169] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.170] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.170] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.176] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.188] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.196] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.208] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.218] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.222] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.222] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.222] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.222] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x144) returned 1 [0099.222] SuspendThread (hThread=0x144) returned 0x0 [0099.223] GetThreadContext (in: hThread=0x144, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.224] ResumeThread (hThread=0x144) returned 0x1 [0099.224] CloseHandle (hObject=0x144) returned 1 [0099.224] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.250] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.257] SetEvent (hEvent=0x8c) returned 1 [0099.257] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.260] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.260] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.266] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.266] SetEvent (hEvent=0x12c) returned 1 [0099.266] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.282] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.282] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.283] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.283] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x98, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x144) returned 1 [0099.283] SuspendThread (hThread=0x144) returned 0x0 [0099.283] GetThreadContext (in: hThread=0x144, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27a5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.291] ResumeThread (hThread=0x144) returned 0x1 [0099.291] CloseHandle (hObject=0x144) returned 1 [0099.291] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.297] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.306] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.309] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.315] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.316] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.318] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.332] SetEvent (hEvent=0x13c) returned 1 [0099.332] SetEvent (hEvent=0x120) returned 1 [0099.332] SetEvent (hEvent=0x8c) returned 1 [0099.332] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.335] SetEvent (hEvent=0x8c) returned 1 [0099.335] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.337] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.337] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.346] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.347] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.360] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.360] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.361] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.361] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.378] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.378] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.385] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.385] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.399] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0099.399] SuspendThread (hThread=0x150) returned 0x0 [0099.399] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.404] ResumeThread (hThread=0x150) returned 0x1 [0099.404] CloseHandle (hObject=0x150) returned 1 [0099.404] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.414] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.415] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.423] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.431] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.507] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x128) returned 1 [0099.507] SuspendThread (hThread=0x128) returned 0x0 [0099.507] GetThreadContext (in: hThread=0x128, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.510] ResumeThread (hThread=0x128) returned 0x1 [0099.510] CloseHandle (hObject=0x128) returned 1 [0099.510] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.510] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x128) returned 1 [0099.511] SuspendThread (hThread=0x128) returned 0x0 [0099.511] GetThreadContext (in: hThread=0x128, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.519] ResumeThread (hThread=0x128) returned 0x1 [0099.519] CloseHandle (hObject=0x128) returned 1 [0099.519] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.531] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.532] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.535] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.536] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.536] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.536] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.537] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.540] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.540] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.540] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.540] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.541] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.544] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.552] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.556] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.556] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.558] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.558] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.584] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.590] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x168) returned 1 [0099.590] SuspendThread (hThread=0x168) returned 0x0 [0099.590] GetThreadContext (in: hThread=0x168, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.591] ResumeThread (hThread=0x168) returned 0x1 [0099.591] CloseHandle (hObject=0x168) returned 1 [0099.591] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.592] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x168) returned 1 [0099.592] SuspendThread (hThread=0x168) returned 0x0 [0099.592] GetThreadContext (in: hThread=0x168, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.607] ResumeThread (hThread=0x168) returned 0x1 [0099.607] CloseHandle (hObject=0x168) returned 1 [0099.607] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.623] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.625] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.629] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.629] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.630] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.630] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.637] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.648] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.756] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x16c) returned 1 [0099.756] SuspendThread (hThread=0x16c) returned 0x0 [0099.756] GetThreadContext (in: hThread=0x16c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.771] ResumeThread (hThread=0x16c) returned 0x1 [0099.771] CloseHandle (hObject=0x16c) returned 1 [0099.771] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.783] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.788] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.794] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.794] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.795] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.795] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x144) returned 1 [0099.795] SuspendThread (hThread=0x144) returned 0x0 [0099.795] GetThreadContext (in: hThread=0x144, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.800] ResumeThread (hThread=0x144) returned 0x1 [0099.800] CloseHandle (hObject=0x144) returned 1 [0099.800] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.805] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.805] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.806] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.807] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.809] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.825] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.825] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.827] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.827] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.846] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.868] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.868] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.869] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.869] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.872] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.891] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.899] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.939] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.939] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.946] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.946] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x14c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0099.946] SuspendThread (hThread=0x150) returned 0x0 [0099.946] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2945fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0099.958] ResumeThread (hThread=0x150) returned 0x1 [0099.958] CloseHandle (hObject=0x150) returned 1 [0099.958] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.974] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.978] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.978] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.978] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.978] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.980] timeEndPeriod (uPeriod=0x1) returned 0x0 [0099.980] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0099.981] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0099.981] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0099.984] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.009] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.021] SetEvent (hEvent=0x12c) returned 1 [0100.021] SetEvent (hEvent=0x9c) returned 1 [0100.021] SetEvent (hEvent=0x100) returned 1 [0100.021] SetEvent (hEvent=0xb8) returned 1 [0100.021] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.026] SetEvent (hEvent=0x100) returned 1 [0100.026] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.033] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.033] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.035] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.035] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.037] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.070] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.077] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.081] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x164) returned 1 [0100.081] SuspendThread (hThread=0x164) returned 0x0 [0100.081] GetThreadContext (in: hThread=0x164, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28fcfb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0100.089] ResumeThread (hThread=0x164) returned 0x1 [0100.089] CloseHandle (hObject=0x164) returned 1 [0100.090] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.100] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.102] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.105] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.105] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.106] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.106] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.107] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.107] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.109] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.109] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.139] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.155] SetEvent (hEvent=0x120) returned 1 [0100.155] SetEvent (hEvent=0x12c) returned 1 [0100.156] SetEvent (hEvent=0x9c) returned 1 [0100.156] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.169] SetEvent (hEvent=0x120) returned 1 [0100.169] SetEvent (hEvent=0x108) returned 1 [0100.169] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.173] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.173] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.176] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.176] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.199] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.209] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.209] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.212] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.212] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.230] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.230] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.231] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.231] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.253] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.264] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.366] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.366] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.367] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.367] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x168) returned 1 [0100.367] SuspendThread (hThread=0x168) returned 0x0 [0100.368] GetThreadContext (in: hThread=0x168, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0100.373] ResumeThread (hThread=0x168) returned 0x1 [0100.373] CloseHandle (hObject=0x168) returned 1 [0100.373] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.379] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.379] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.400] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.400] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.416] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.433] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.436] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.436] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.437] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.437] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.440] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.511] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x154) returned 1 [0100.511] SuspendThread (hThread=0x154) returned 0x0 [0100.511] GetThreadContext (in: hThread=0x154, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fde8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0100.512] ResumeThread (hThread=0x154) returned 0x1 [0100.512] CloseHandle (hObject=0x154) returned 1 [0100.512] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.512] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x154) returned 1 [0100.512] SuspendThread (hThread=0x154) returned 0x0 [0100.513] GetThreadContext (in: hThread=0x154, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0100.523] ResumeThread (hThread=0x154) returned 0x1 [0100.523] CloseHandle (hObject=0x154) returned 1 [0100.523] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.538] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.543] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.544] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.544] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.545] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.545] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.554] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.554] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.555] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.555] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.563] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.563] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.564] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.564] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.568] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.568] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.570] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.570] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.583] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.592] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.593] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.593] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.594] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.594] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.599] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.613] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.621] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.621] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.622] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.622] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.625] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.625] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.626] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.627] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.639] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.642] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.656] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.656] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.658] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.658] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.680] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.691] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.697] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.697] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.698] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.698] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.701] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.733] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.737] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.740] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.740] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.740] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.740] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.742] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.742] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.744] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.744] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.749] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.761] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.766] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.766] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.767] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.767] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.782] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.797] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.798] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.803] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.814] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.815] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.816] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.816] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.845] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.845] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.847] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.847] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.850] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.850] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.851] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.851] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.867] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.871] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.871] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.871] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.871] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.873] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.883] SetEvent (hEvent=0x100) returned 1 [0100.883] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.892] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.892] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.894] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.894] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.913] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.928] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.929] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.929] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.929] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.929] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.936] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.950] SetEvent (hEvent=0x120) returned 1 [0100.950] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.961] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.969] timeEndPeriod (uPeriod=0x1) returned 0x0 [0100.970] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0100.971] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0100.971] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0100.989] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.007] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.016] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.027] SetEvent (hEvent=0x8c) returned 1 [0101.027] SetEvent (hEvent=0x9c) returned 1 [0101.028] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.036] SetEvent (hEvent=0x8c) returned 1 [0101.037] SetEvent (hEvent=0x100) returned 1 [0101.037] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.039] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.039] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.041] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.041] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.049] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.062] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.062] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.064] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.064] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.087] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.105] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.109] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.112] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.125] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.125] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.128] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.128] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.144] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.144] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.145] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.145] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.163] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.163] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.165] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.165] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.183] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.183] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.185] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.185] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.206] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.210] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.216] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.216] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.217] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.217] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.244] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.262] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.268] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.275] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.275] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.276] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.276] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x174) returned 1 [0101.276] SuspendThread (hThread=0x174) returned 0x0 [0101.276] GetThreadContext (in: hThread=0x174, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0101.284] ResumeThread (hThread=0x174) returned 0x1 [0101.284] CloseHandle (hObject=0x174) returned 1 [0101.284] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.297] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.301] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.301] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.301] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.301] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.316] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.329] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.335] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.342] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.342] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.344] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.344] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.369] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.377] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.401] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.401] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.402] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.402] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.430] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.441] SetEvent (hEvent=0x15c) returned 1 [0101.441] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.442] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.453] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x16c) returned 1 [0101.453] SuspendThread (hThread=0x16c) returned 0x0 [0101.453] GetThreadContext (in: hThread=0x16c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0101.473] ResumeThread (hThread=0x16c) returned 0x1 [0101.473] CloseHandle (hObject=0x16c) returned 1 [0101.473] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.490] SetEvent (hEvent=0xfc) returned 1 [0101.490] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.492] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.593] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x174) returned 1 [0101.593] SuspendThread (hThread=0x174) returned 0x0 [0101.593] GetThreadContext (in: hThread=0x174, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fde8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0101.596] ResumeThread (hThread=0x174) returned 0x1 [0101.596] CloseHandle (hObject=0x174) returned 1 [0101.596] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.601] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x16c) returned 1 [0101.601] SuspendThread (hThread=0x16c) returned 0x0 [0101.601] GetThreadContext (in: hThread=0x16c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0101.604] ResumeThread (hThread=0x16c) returned 0x1 [0101.604] CloseHandle (hObject=0x16c) returned 1 [0101.604] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.611] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.617] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.629] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x174) returned 1 [0101.629] SuspendThread (hThread=0x174) returned 0x0 [0101.629] GetThreadContext (in: hThread=0x174, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0101.640] ResumeThread (hThread=0x174) returned 0x1 [0101.640] CloseHandle (hObject=0x174) returned 1 [0101.640] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.647] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.650] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.652] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.652] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.652] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.652] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.659] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.679] SetEvent (hEvent=0x12c) returned 1 [0101.680] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.685] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.685] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.688] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.688] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.705] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.720] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.728] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.728] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.730] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.730] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.747] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.796] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.802] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.803] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.803] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.804] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.804] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.806] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.831] SetEvent (hEvent=0x100) returned 1 [0101.831] SetEvent (hEvent=0x8c) returned 1 [0101.831] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.850] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.850] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.853] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.853] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.913] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.917] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.929] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.932] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.932] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.935] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.935] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.958] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.958] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.958] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.958] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.969] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.983] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.987] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0101.994] timeEndPeriod (uPeriod=0x1) returned 0x0 [0101.994] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0101.997] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0101.997] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.008] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x174) returned 1 [0102.008] SuspendThread (hThread=0x174) returned 0x0 [0102.008] GetThreadContext (in: hThread=0x174, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0102.022] ResumeThread (hThread=0x174) returned 0x1 [0102.022] CloseHandle (hObject=0x174) returned 1 [0102.022] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.027] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x174) returned 1 [0102.027] SuspendThread (hThread=0x174) returned 0x0 [0102.027] GetThreadContext (in: hThread=0x174, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0102.033] ResumeThread (hThread=0x174) returned 0x1 [0102.033] CloseHandle (hObject=0x174) returned 1 [0102.033] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.041] SetEvent (hEvent=0xfc) returned 1 [0102.041] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.056] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.068] SetEvent (hEvent=0x100) returned 1 [0102.068] SetEvent (hEvent=0xfc) returned 1 [0102.068] SetEvent (hEvent=0x15c) returned 1 [0102.068] SetEvent (hEvent=0x108) returned 1 [0102.068] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.073] SetEvent (hEvent=0x13c) returned 1 [0102.073] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.082] SetEvent (hEvent=0x114) returned 1 [0102.082] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.093] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xf4) returned 1 [0102.093] SuspendThread (hThread=0xf4) returned 0x0 [0102.093] GetThreadContext (in: hThread=0xf4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870f758, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab153a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0102.098] ResumeThread (hThread=0xf4) returned 0x1 [0102.098] CloseHandle (hObject=0xf4) returned 1 [0102.098] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.099] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xf4) returned 1 [0102.099] SuspendThread (hThread=0xf4) returned 0x0 [0102.100] GetThreadContext (in: hThread=0xf4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870f758, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab153a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0102.106] ResumeThread (hThread=0xf4) returned 0x1 [0102.106] CloseHandle (hObject=0xf4) returned 1 [0102.107] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.111] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x158, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x16c) returned 1 [0102.111] SwitchToThread () returned 1 [0102.112] SuspendThread (hThread=0x16c) returned 0x0 [0102.112] GetThreadContext (in: hThread=0x16c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x291cfcc8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0102.120] ResumeThread (hThread=0x16c) returned 0x1 [0102.120] CloseHandle (hObject=0x16c) returned 1 [0102.120] SetEvent (hEvent=0x164) returned 1 [0102.120] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.124] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.126] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.127] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.127] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.128] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.128] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.131] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.151] SetEvent (hEvent=0x114) returned 1 [0102.151] SetEvent (hEvent=0x100) returned 1 [0102.151] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.159] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.159] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.162] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.162] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.182] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.197] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.197] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.200] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.200] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.215] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.234] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.234] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.236] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.236] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.330] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.330] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.331] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.331] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x144) returned 1 [0102.331] SuspendThread (hThread=0x144) returned 0x0 [0102.331] GetThreadContext (in: hThread=0x144, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0102.341] ResumeThread (hThread=0x144) returned 0x1 [0102.341] CloseHandle (hObject=0x144) returned 1 [0102.341] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.357] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.360] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.368] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.373] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.376] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.385] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.385] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.412] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.412] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.420] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.420] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.421] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.421] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x148) returned 1 [0102.421] SuspendThread (hThread=0x148) returned 0x0 [0102.421] GetThreadContext (in: hThread=0x148, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0102.436] ResumeThread (hThread=0x148) returned 0x1 [0102.436] CloseHandle (hObject=0x148) returned 1 [0102.436] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.442] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.445] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.449] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.449] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.451] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.451] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.476] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.492] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.507] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x14c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x148) returned 1 [0102.507] SuspendThread (hThread=0x148) returned 0x0 [0102.507] GetThreadContext (in: hThread=0x148, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2945fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0102.529] ResumeThread (hThread=0x148) returned 0x1 [0102.529] CloseHandle (hObject=0x148) returned 1 [0102.529] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.568] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.571] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.573] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.574] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.577] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.577] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.578] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.578] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.595] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.595] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.596] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.596] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.622] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.634] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.638] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.645] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.645] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.647] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.647] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.672] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.683] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x170) returned 1 [0102.683] SuspendThread (hThread=0x170) returned 0x0 [0102.683] GetThreadContext (in: hThread=0x170, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28fcfb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0102.686] ResumeThread (hThread=0x170) returned 0x1 [0102.686] CloseHandle (hObject=0x170) returned 1 [0102.686] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.688] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.689] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.690] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.690] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.709] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.726] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.726] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.728] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.728] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.749] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.749] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.752] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.752] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.765] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x168) returned 1 [0102.765] SuspendThread (hThread=0x168) returned 0x0 [0102.765] GetThreadContext (in: hThread=0x168, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28fcfb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0102.775] ResumeThread (hThread=0x168) returned 0x1 [0102.775] CloseHandle (hObject=0x168) returned 1 [0102.775] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.780] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x170) returned 1 [0102.780] SuspendThread (hThread=0x170) returned 0x0 [0102.780] GetThreadContext (in: hThread=0x170, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28fcfb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0102.796] ResumeThread (hThread=0x170) returned 0x1 [0102.796] CloseHandle (hObject=0x170) returned 1 [0102.796] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.803] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.811] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.811] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.818] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.818] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.820] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.820] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.824] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.837] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.844] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.844] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.847] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.847] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.862] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.886] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.893] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.899] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.905] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0102.905] SuspendThread (hThread=0x150) returned 0x0 [0102.905] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28fcfb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0102.923] ResumeThread (hThread=0x150) returned 0x1 [0102.923] CloseHandle (hObject=0x150) returned 1 [0102.923] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.931] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.943] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x144) returned 1 [0102.943] SuspendThread (hThread=0x144) returned 0x0 [0102.943] GetThreadContext (in: hThread=0x144, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28fcfb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0102.947] ResumeThread (hThread=0x144) returned 0x1 [0102.947] CloseHandle (hObject=0x144) returned 1 [0102.947] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.954] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.954] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0102.956] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0102.956] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.979] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.994] SetEvent (hEvent=0x100) returned 1 [0102.994] SetEvent (hEvent=0x12c) returned 1 [0102.994] SetEvent (hEvent=0xfc) returned 1 [0102.994] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0102.998] timeEndPeriod (uPeriod=0x1) returned 0x0 [0102.998] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.003] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.003] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.017] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.017] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.018] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.018] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.036] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.037] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.038] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.038] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.038] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.049] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.071] SetEvent (hEvent=0x13c) returned 1 [0103.071] SetEvent (hEvent=0x15c) returned 1 [0103.072] SetEvent (hEvent=0xb8) returned 1 [0103.072] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.079] SetEvent (hEvent=0x15c) returned 1 [0103.079] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.082] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.082] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.085] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.085] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.103] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.103] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.104] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.104] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.118] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x128) returned 1 [0103.118] SuspendThread (hThread=0x128) returned 0x0 [0103.118] GetThreadContext (in: hThread=0x128, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28fcfb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0103.126] ResumeThread (hThread=0x128) returned 0x1 [0103.126] CloseHandle (hObject=0x128) returned 1 [0103.127] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.129] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.129] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.132] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.132] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.155] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.155] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.158] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.158] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.169] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x128) returned 1 [0103.170] SuspendThread (hThread=0x128) returned 0x0 [0103.170] GetThreadContext (in: hThread=0x128, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28fcfb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0103.175] ResumeThread (hThread=0x128) returned 0x1 [0103.176] CloseHandle (hObject=0x128) returned 1 [0103.176] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.185] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x128) returned 1 [0103.185] SuspendThread (hThread=0x128) returned 0x0 [0103.185] GetThreadContext (in: hThread=0x128, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28fcfb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0103.197] ResumeThread (hThread=0x128) returned 0x1 [0103.197] CloseHandle (hObject=0x128) returned 1 [0103.197] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.207] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.211] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.216] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.216] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.217] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.217] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x144) returned 1 [0103.217] SuspendThread (hThread=0x144) returned 0x0 [0103.217] GetThreadContext (in: hThread=0x144, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28fcfb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0103.229] ResumeThread (hThread=0x144) returned 0x1 [0103.230] CloseHandle (hObject=0x144) returned 1 [0103.230] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.238] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.330] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.330] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.331] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.331] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.335] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.335] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.336] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.336] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.351] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.353] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.356] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.356] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.357] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.357] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.365] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.380] SetEvent (hEvent=0xb8) returned 1 [0103.380] SetEvent (hEvent=0x12c) returned 1 [0103.380] SetEvent (hEvent=0x114) returned 1 [0103.380] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.399] SetEvent (hEvent=0x12c) returned 1 [0103.399] SetEvent (hEvent=0x120) returned 1 [0103.399] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.408] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.411] SetEvent (hEvent=0xf4) returned 1 [0103.411] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.412] SetEvent (hEvent=0xf4) returned 1 [0103.412] SetEvent (hEvent=0x8c) returned 1 [0103.412] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.417] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.420] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.422] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.424] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.425] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.434] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.437] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x154, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x190) returned 1 [0103.437] SuspendThread (hThread=0x190) returned 0x0 [0103.437] GetThreadContext (in: hThread=0x190, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2989fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0103.438] ResumeThread (hThread=0x190) returned 0x1 [0103.438] CloseHandle (hObject=0x190) returned 1 [0103.438] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.446] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.454] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.461] SetEvent (hEvent=0xfc) returned 1 [0103.461] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000081500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x198 [0103.476] CloseHandle (hObject=0x198) returned 1 [0103.476] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.497] SetEvent (hEvent=0xfc) returned 1 [0103.497] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0103.498] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00053e700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x198 [0103.501] CloseHandle (hObject=0x198) returned 1 [0103.501] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.509] SetEvent (hEvent=0xfc) returned 1 [0103.509] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.515] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.515] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.518] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.518] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.534] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.549] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.549] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.550] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.550] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x170, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xec) returned 1 [0103.550] SuspendThread (hThread=0xec) returned 0x0 [0103.550] GetThreadContext (in: hThread=0xec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x29a9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0103.556] ResumeThread (hThread=0xec) returned 0x1 [0103.556] CloseHandle (hObject=0xec) returned 1 [0103.556] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.571] SetEvent (hEvent=0x13c) returned 1 [0103.571] SetEvent (hEvent=0xb8) returned 1 [0103.571] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.589] SetEvent (hEvent=0x15c) returned 1 [0103.589] SetEvent (hEvent=0x12c) returned 1 [0103.589] SetEvent (hEvent=0x108) returned 1 [0103.589] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.596] SetEvent (hEvent=0x12c) returned 1 [0103.596] SetEvent (hEvent=0x15c) returned 1 [0103.596] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.600] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.600] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.602] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.602] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.619] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.638] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.646] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.646] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.648] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.648] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.669] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.681] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.683] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.686] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.686] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.688] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.688] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.690] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.718] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.725] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.733] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x14c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x148) returned 1 [0103.733] SuspendThread (hThread=0x148) returned 0x0 [0103.734] GetThreadContext (in: hThread=0x148, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2945fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0103.748] ResumeThread (hThread=0x148) returned 0x1 [0103.748] CloseHandle (hObject=0x148) returned 1 [0103.748] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.755] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.758] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.766] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.766] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.767] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.767] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x14c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x168) returned 1 [0103.767] SuspendThread (hThread=0x168) returned 0x0 [0103.767] GetThreadContext (in: hThread=0x168, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2945fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0103.769] ResumeThread (hThread=0x168) returned 0x1 [0103.769] CloseHandle (hObject=0x168) returned 1 [0103.769] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.780] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.780] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.780] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.780] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.782] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.809] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.823] SetEvent (hEvent=0x100) returned 1 [0103.823] SetEvent (hEvent=0xf4) returned 1 [0103.823] SetEvent (hEvent=0xb8) returned 1 [0103.823] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.829] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.829] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.832] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.832] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.851] timeEndPeriod (uPeriod=0x1) returned 0x0 [0103.851] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0103.852] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0103.852] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.865] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x174) returned 1 [0103.865] SuspendThread (hThread=0x174) returned 0x0 [0103.865] GetThreadContext (in: hThread=0x174, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0103.875] ResumeThread (hThread=0x174) returned 0x1 [0103.875] CloseHandle (hObject=0x174) returned 1 [0103.875] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.880] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x180) returned 1 [0103.880] SuspendThread (hThread=0x180) returned 0x0 [0103.880] GetThreadContext (in: hThread=0x180, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0103.887] ResumeThread (hThread=0x180) returned 0x1 [0103.887] CloseHandle (hObject=0x180) returned 1 [0103.887] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.894] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0103.900] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.040] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0104.040] SuspendThread (hThread=0x150) returned 0x0 [0104.040] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0104.067] ResumeThread (hThread=0x150) returned 0x1 [0104.067] CloseHandle (hObject=0x150) returned 1 [0104.067] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.072] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.072] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.074] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.074] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.097] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.097] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.099] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.099] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.108] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x174) returned 1 [0104.108] SuspendThread (hThread=0x174) returned 0x0 [0104.108] GetThreadContext (in: hThread=0x174, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0104.118] ResumeThread (hThread=0x174) returned 0x1 [0104.118] CloseHandle (hObject=0x174) returned 1 [0104.118] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.126] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x174) returned 1 [0104.126] SuspendThread (hThread=0x174) returned 0x0 [0104.126] GetThreadContext (in: hThread=0x174, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0104.136] ResumeThread (hThread=0x174) returned 0x1 [0104.136] CloseHandle (hObject=0x174) returned 1 [0104.136] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.142] SetEvent (hEvent=0x114) returned 1 [0104.142] SetEvent (hEvent=0x15c) returned 1 [0104.142] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.149] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.149] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.151] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.151] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.250] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.250] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.250] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.250] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x184) returned 1 [0104.250] SuspendThread (hThread=0x184) returned 0x0 [0104.250] GetThreadContext (in: hThread=0x184, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0104.270] ResumeThread (hThread=0x184) returned 0x1 [0104.270] CloseHandle (hObject=0x184) returned 1 [0104.270] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.292] SetEvent (hEvent=0x13c) returned 1 [0104.292] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.295] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.295] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.298] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.298] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.313] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x128) returned 1 [0104.313] SuspendThread (hThread=0x128) returned 0x0 [0104.313] GetThreadContext (in: hThread=0x128, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0104.324] ResumeThread (hThread=0x128) returned 0x1 [0104.324] CloseHandle (hObject=0x128) returned 1 [0104.325] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.340] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.340] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.342] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.342] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.343] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.353] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0104.353] SuspendThread (hThread=0x150) returned 0x0 [0104.353] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0104.360] ResumeThread (hThread=0x150) returned 0x1 [0104.360] CloseHandle (hObject=0x150) returned 1 [0104.360] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.365] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.365] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.368] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.368] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.399] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.399] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.422] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.422] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x128) returned 1 [0104.422] SuspendThread (hThread=0x128) returned 0x0 [0104.422] GetThreadContext (in: hThread=0x128, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0104.426] ResumeThread (hThread=0x128) returned 0x1 [0104.426] CloseHandle (hObject=0x128) returned 1 [0104.426] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.436] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.436] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.437] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.437] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.462] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.462] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.462] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.462] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.471] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.483] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.483] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.485] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.485] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.510] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.510] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.515] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.515] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x194) returned 1 [0104.515] SuspendThread (hThread=0x194) returned 0x0 [0104.515] GetThreadContext (in: hThread=0x194, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0104.522] ResumeThread (hThread=0x194) returned 0x1 [0104.522] CloseHandle (hObject=0x194) returned 1 [0104.522] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.530] SetEvent (hEvent=0x100) returned 1 [0104.530] SetEvent (hEvent=0x114) returned 1 [0104.530] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.536] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.547] SetEvent (hEvent=0x100) returned 1 [0104.547] SetEvent (hEvent=0xfc) returned 1 [0104.547] SetEvent (hEvent=0x120) returned 1 [0104.547] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.554] SetEvent (hEvent=0x120) returned 1 [0104.554] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.564] SetEvent (hEvent=0x188) returned 1 [0104.564] SetEvent (hEvent=0x12c) returned 1 [0104.564] SetEvent (hEvent=0x1a0) returned 1 [0104.565] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.570] SetEvent (hEvent=0x1a0) returned 1 [0104.570] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.583] SetEvent (hEvent=0x8c) returned 1 [0104.583] SetEvent (hEvent=0x198) returned 1 [0104.583] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.587] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.588] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.589] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.589] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.596] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.609] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1cc) returned 1 [0104.609] SuspendThread (hThread=0x1cc) returned 0x0 [0104.609] GetThreadContext (in: hThread=0x1cc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0104.625] ResumeThread (hThread=0x1cc) returned 0x1 [0104.625] CloseHandle (hObject=0x1cc) returned 1 [0104.625] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.637] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0104.637] SuspendThread (hThread=0x150) returned 0x0 [0104.637] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0104.642] ResumeThread (hThread=0x150) returned 0x1 [0104.642] CloseHandle (hObject=0x150) returned 1 [0104.642] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.645] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.645] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.645] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.646] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1c8) returned 1 [0104.646] SuspendThread (hThread=0x1c8) returned 0x0 [0104.646] GetThreadContext (in: hThread=0x1c8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0104.656] ResumeThread (hThread=0x1c8) returned 0x1 [0104.656] CloseHandle (hObject=0x1c8) returned 1 [0104.656] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.667] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.671] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.671] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.672] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.672] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.677] SetEvent (hEvent=0x15c) returned 1 [0104.677] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.682] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.682] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.684] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.684] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.701] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.702] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.702] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.702] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.720] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.721] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.721] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.722] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.722] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.724] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.746] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.751] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.751] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.752] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.752] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.755] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.755] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.756] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.756] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.774] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.776] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.777] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.783] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.796] SetEvent (hEvent=0xb8) returned 1 [0104.797] SetEvent (hEvent=0x120) returned 1 [0104.797] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.804] SetEvent (hEvent=0x120) returned 1 [0104.804] SetEvent (hEvent=0x108) returned 1 [0104.804] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.807] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.807] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.809] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.809] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.828] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.828] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.829] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.829] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x144) returned 1 [0104.829] SuspendThread (hThread=0x144) returned 0x0 [0104.829] GetThreadContext (in: hThread=0x144, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0104.836] ResumeThread (hThread=0x144) returned 0x1 [0104.836] CloseHandle (hObject=0x144) returned 1 [0104.836] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.846] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.846] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.849] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.849] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.875] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.875] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.878] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.878] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.885] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x148) returned 1 [0104.885] SuspendThread (hThread=0x148) returned 0x0 [0104.885] GetThreadContext (in: hThread=0x148, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0104.888] ResumeThread (hThread=0x148) returned 0x1 [0104.888] CloseHandle (hObject=0x148) returned 1 [0104.888] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.893] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.893] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.894] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.894] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x148) returned 1 [0104.894] SuspendThread (hThread=0x148) returned 0x0 [0104.894] GetThreadContext (in: hThread=0x148, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0104.903] ResumeThread (hThread=0x148) returned 0x1 [0104.903] CloseHandle (hObject=0x148) returned 1 [0104.903] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.912] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.916] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.925] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.927] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.931] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.931] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.932] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.932] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.932] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.937] SetEvent (hEvent=0x164) returned 1 [0104.937] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.946] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.946] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.948] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.948] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.967] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.986] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.992] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.993] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.993] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.994] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.994] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0104.996] timeEndPeriod (uPeriod=0x1) returned 0x0 [0104.996] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0104.997] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0104.997] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.011] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.011] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.012] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.012] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x14c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1c4) returned 1 [0105.012] SuspendThread (hThread=0x1c4) returned 0x0 [0105.012] GetThreadContext (in: hThread=0x1c4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2945fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0105.020] ResumeThread (hThread=0x1c4) returned 0x1 [0105.020] CloseHandle (hObject=0x1c4) returned 1 [0105.020] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.194] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.196] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.196] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.197] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.197] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.205] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.205] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.212] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.226] SetEvent (hEvent=0x108) returned 1 [0105.226] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.241] SetEvent (hEvent=0x164) returned 1 [0105.241] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.245] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.245] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.248] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.248] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.276] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.276] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.277] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.277] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.280] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.296] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.296] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.298] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.298] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.325] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.325] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.328] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.328] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.332] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.332] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.334] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.334] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x98, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1c0) returned 1 [0105.334] SuspendThread (hThread=0x1c0) returned 0x0 [0105.334] GetThreadContext (in: hThread=0x1c0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27a5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0105.348] ResumeThread (hThread=0x1c0) returned 0x1 [0105.348] CloseHandle (hObject=0x1c0) returned 1 [0105.348] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.369] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.373] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.378] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.378] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.378] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.378] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.379] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x98, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x174) returned 1 [0105.379] SuspendThread (hThread=0x174) returned 0x0 [0105.379] GetThreadContext (in: hThread=0x174, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27a5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0105.384] ResumeThread (hThread=0x174) returned 0x1 [0105.384] CloseHandle (hObject=0x174) returned 1 [0105.384] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.390] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.390] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.392] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.392] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.418] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.418] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.418] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.418] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.434] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.626] SetEvent (hEvent=0xf4) returned 1 [0105.626] SetEvent (hEvent=0x114) returned 1 [0105.626] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.630] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.630] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.637] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.637] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.655] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.655] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.656] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.656] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.671] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.679] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.679] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.680] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.680] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b8) returned 1 [0105.680] SuspendThread (hThread=0x1b8) returned 0x0 [0105.680] GetThreadContext (in: hThread=0x1b8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0105.687] ResumeThread (hThread=0x1b8) returned 0x1 [0105.687] CloseHandle (hObject=0x1b8) returned 1 [0105.688] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.702] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.706] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.706] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.708] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.708] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.728] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.741] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.741] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.741] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.742] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0105.742] SuspendThread (hThread=0x150) returned 0x0 [0105.742] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0105.745] ResumeThread (hThread=0x150) returned 0x1 [0105.745] CloseHandle (hObject=0x150) returned 1 [0105.745] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.768] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.782] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.782] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.783] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.784] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b4) returned 1 [0105.784] SuspendThread (hThread=0x1b4) returned 0x0 [0105.784] GetThreadContext (in: hThread=0x1b4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0105.788] ResumeThread (hThread=0x1b4) returned 0x1 [0105.788] CloseHandle (hObject=0x1b4) returned 1 [0105.788] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.810] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.821] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x194) returned 1 [0105.822] SuspendThread (hThread=0x194) returned 0x0 [0105.822] GetThreadContext (in: hThread=0x194, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0105.829] ResumeThread (hThread=0x194) returned 0x1 [0105.829] CloseHandle (hObject=0x194) returned 1 [0105.829] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.835] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.835] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.836] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.836] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.837] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.853] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.853] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.855] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.855] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.872] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.872] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.873] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.873] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.961] timeEndPeriod (uPeriod=0x1) returned 0x0 [0105.961] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0105.962] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0105.962] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x194) returned 1 [0105.962] SuspendThread (hThread=0x194) returned 0x0 [0105.962] GetThreadContext (in: hThread=0x194, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0105.969] ResumeThread (hThread=0x194) returned 0x1 [0105.969] CloseHandle (hObject=0x194) returned 1 [0105.969] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0105.984] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.092] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b4) returned 1 [0106.092] SuspendThread (hThread=0x1b4) returned 0x0 [0106.092] GetThreadContext (in: hThread=0x1b4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0106.094] ResumeThread (hThread=0x1b4) returned 0x1 [0106.094] CloseHandle (hObject=0x1b4) returned 1 [0106.094] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.095] timeEndPeriod (uPeriod=0x1) returned 0x0 [0106.095] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0106.096] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0106.096] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b4) returned 1 [0106.096] SuspendThread (hThread=0x1b4) returned 0x0 [0106.096] GetThreadContext (in: hThread=0x1b4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0106.101] ResumeThread (hThread=0x1b4) returned 0x1 [0106.101] CloseHandle (hObject=0x1b4) returned 1 [0106.101] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.112] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.116] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.121] timeEndPeriod (uPeriod=0x1) returned 0x0 [0106.121] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0106.121] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0106.122] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.123] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.142] timeEndPeriod (uPeriod=0x1) returned 0x0 [0106.143] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0106.146] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0106.146] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.220] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b4) returned 1 [0106.220] SuspendThread (hThread=0x1b4) returned 0x0 [0106.220] GetThreadContext (in: hThread=0x1b4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0106.224] ResumeThread (hThread=0x1b4) returned 0x1 [0106.224] CloseHandle (hObject=0x1b4) returned 1 [0106.224] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.229] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x16c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b4) returned 1 [0106.229] SuspendThread (hThread=0x1b4) returned 0x0 [0106.229] GetThreadContext (in: hThread=0x1b4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2969fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0106.240] ResumeThread (hThread=0x1b4) returned 0x1 [0106.240] CloseHandle (hObject=0x1b4) returned 1 [0106.240] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.250] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.254] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.259] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.278] timeEndPeriod (uPeriod=0x1) returned 0x0 [0106.278] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0106.280] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0106.280] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.304] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.315] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x154, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1c8) returned 1 [0106.315] SuspendThread (hThread=0x1c8) returned 0x0 [0106.315] GetThreadContext (in: hThread=0x1c8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2989fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0106.343] ResumeThread (hThread=0x1c8) returned 0x1 [0106.343] CloseHandle (hObject=0x1c8) returned 1 [0106.343] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.353] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.358] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.362] timeEndPeriod (uPeriod=0x1) returned 0x0 [0106.362] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0106.363] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0106.363] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.368] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.382] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1d8) returned 1 [0106.382] SuspendThread (hThread=0x1d8) returned 0x0 [0106.382] GetThreadContext (in: hThread=0x1d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0106.394] ResumeThread (hThread=0x1d8) returned 0x1 [0106.394] CloseHandle (hObject=0x1d8) returned 1 [0106.394] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.412] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.416] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.426] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x180) returned 1 [0106.426] SuspendThread (hThread=0x180) returned 0x0 [0106.426] GetThreadContext (in: hThread=0x180, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0106.464] ResumeThread (hThread=0x180) returned 0x1 [0106.464] CloseHandle (hObject=0x180) returned 1 [0106.464] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.474] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.481] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.483] timeEndPeriod (uPeriod=0x1) returned 0x0 [0106.483] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0106.484] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0106.484] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.485] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x194) returned 1 [0106.485] SuspendThread (hThread=0x194) returned 0x0 [0106.485] GetThreadContext (in: hThread=0x194, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0106.502] ResumeThread (hThread=0x194) returned 0x1 [0106.502] CloseHandle (hObject=0x194) returned 1 [0106.502] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.509] timeEndPeriod (uPeriod=0x1) returned 0x0 [0106.509] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0106.511] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0106.511] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.611] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x180) returned 1 [0106.611] SuspendThread (hThread=0x180) returned 0x0 [0106.611] GetThreadContext (in: hThread=0x180, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fde8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0106.612] ResumeThread (hThread=0x180) returned 0x1 [0106.612] CloseHandle (hObject=0x180) returned 1 [0106.612] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.620] timeEndPeriod (uPeriod=0x1) returned 0x0 [0106.620] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0106.621] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0106.621] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.622] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.643] timeEndPeriod (uPeriod=0x1) returned 0x0 [0106.643] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0106.644] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0106.644] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.663] timeEndPeriod (uPeriod=0x1) returned 0x0 [0106.663] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0106.665] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0106.665] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.679] timeEndPeriod (uPeriod=0x1) returned 0x0 [0106.679] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0106.681] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0106.681] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.698] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.715] SetEvent (hEvent=0xf4) returned 1 [0106.715] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.720] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.721] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.725] SetEvent (hEvent=0x164) returned 1 [0106.725] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.732] SetEvent (hEvent=0x9c) returned 1 [0106.733] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.742] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.747] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.750] timeEndPeriod (uPeriod=0x1) returned 0x0 [0106.750] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0106.750] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0106.750] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.752] timeEndPeriod (uPeriod=0x1) returned 0x0 [0106.752] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0106.753] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0106.753] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.759] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.778] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.784] SetEvent (hEvent=0x114) returned 1 [0106.784] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.786] timeEndPeriod (uPeriod=0x1) returned 0x0 [0106.786] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0106.789] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0106.789] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.805] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.822] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.823] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.825] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.831] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.833] timeEndPeriod (uPeriod=0x1) returned 0x0 [0106.833] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0106.834] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0106.834] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.839] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.852] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.856] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.870] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.882] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.892] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0106.988] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x14c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xec) returned 1 [0106.988] SuspendThread (hThread=0xec) returned 0x0 [0106.988] GetThreadContext (in: hThread=0xec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2945fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0106.996] ResumeThread (hThread=0xec) returned 0x1 [0106.996] CloseHandle (hObject=0xec) returned 1 [0106.996] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.001] timeEndPeriod (uPeriod=0x1) returned 0x0 [0107.001] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0107.002] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0107.002] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x14c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xec) returned 1 [0107.002] SuspendThread (hThread=0xec) returned 0x0 [0107.002] GetThreadContext (in: hThread=0xec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2945fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0107.006] ResumeThread (hThread=0xec) returned 0x1 [0107.006] CloseHandle (hObject=0xec) returned 1 [0107.006] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.031] SetEvent (hEvent=0x9c) returned 1 [0107.031] SetEvent (hEvent=0xf4) returned 1 [0107.031] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.036] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.045] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.046] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.051] timeEndPeriod (uPeriod=0x1) returned 0x0 [0107.051] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0107.051] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0107.051] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.053] timeEndPeriod (uPeriod=0x1) returned 0x0 [0107.053] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0107.055] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0107.055] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.154] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.162] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.169] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.174] timeEndPeriod (uPeriod=0x1) returned 0x0 [0107.174] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0107.176] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0107.176] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.177] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.216] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.258] SetEvent (hEvent=0x164) returned 1 [0107.258] SetEvent (hEvent=0x108) returned 1 [0107.258] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.287] SetEvent (hEvent=0x164) returned 1 [0107.287] SetEvent (hEvent=0xf4) returned 1 [0107.287] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.291] timeEndPeriod (uPeriod=0x1) returned 0x0 [0107.291] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0107.293] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0107.293] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.329] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.332] timeEndPeriod (uPeriod=0x1) returned 0x0 [0107.332] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0107.333] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0107.333] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.338] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.351] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.356] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.357] timeEndPeriod (uPeriod=0x1) returned 0x0 [0107.357] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0107.358] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0107.358] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.361] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.367] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.375] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.380] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.389] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.393] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.398] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x14c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0107.398] SuspendThread (hThread=0x1b0) returned 0x0 [0107.398] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2945fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0107.407] ResumeThread (hThread=0x1b0) returned 0x1 [0107.407] CloseHandle (hObject=0x1b0) returned 1 [0107.407] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.413] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.415] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.420] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.426] timeEndPeriod (uPeriod=0x1) returned 0x0 [0107.426] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0107.440] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0107.440] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.445] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x14c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1d4) returned 1 [0107.445] SuspendThread (hThread=0x1d4) returned 0x0 [0107.445] GetThreadContext (in: hThread=0x1d4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2945fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0107.465] ResumeThread (hThread=0x1d4) returned 0x1 [0107.465] CloseHandle (hObject=0x1d4) returned 1 [0107.465] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.472] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.475] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.480] timeEndPeriod (uPeriod=0x1) returned 0x0 [0107.480] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0107.480] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0107.480] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.483] timeEndPeriod (uPeriod=0x1) returned 0x0 [0107.483] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0107.484] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0107.484] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.487] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.504] timeEndPeriod (uPeriod=0x1) returned 0x0 [0107.504] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0107.707] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0107.707] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.712] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b4) returned 1 [0107.712] SuspendThread (hThread=0x1b4) returned 0x0 [0107.712] GetThreadContext (in: hThread=0x1b4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0107.718] ResumeThread (hThread=0x1b4) returned 0x1 [0107.718] CloseHandle (hObject=0x1b4) returned 1 [0107.718] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.726] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.729] timeEndPeriod (uPeriod=0x1) returned 0x0 [0107.729] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0107.729] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0107.730] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.738] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.747] SetEvent (hEvent=0x108) returned 1 [0107.747] SetEvent (hEvent=0x9c) returned 1 [0107.747] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.750] SetEvent (hEvent=0x120) returned 1 [0107.750] SetEvent (hEvent=0x164) returned 1 [0107.750] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.755] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.761] SetEvent (hEvent=0x164) returned 1 [0107.762] SetEvent (hEvent=0x1d0) returned 1 [0107.762] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.764] SetEvent (hEvent=0x1d0) returned 1 [0107.764] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.765] SetEvent (hEvent=0x188) returned 1 [0107.765] SetEvent (hEvent=0x100) returned 1 [0107.765] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.768] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.773] SetEvent (hEvent=0x100) returned 1 [0107.774] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.776] timeEndPeriod (uPeriod=0x1) returned 0x0 [0107.776] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0107.778] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0107.778] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.795] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.813] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.822] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.823] SetEvent (hEvent=0x114) returned 1 [0107.824] SetEvent (hEvent=0x15c) returned 1 [0107.824] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.828] timeEndPeriod (uPeriod=0x1) returned 0x0 [0107.828] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0107.831] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0107.831] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.848] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.864] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.865] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.866] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.867] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.868] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.869] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.870] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.872] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.877] timeEndPeriod (uPeriod=0x1) returned 0x0 [0107.877] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0107.879] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0107.879] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.898] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.910] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.911] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.913] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.914] SetEvent (hEvent=0x9c) returned 1 [0107.914] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.915] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.917] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.919] SetEvent (hEvent=0x188) returned 1 [0107.919] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.920] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.921] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.922] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.923] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.924] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.926] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.929] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.930] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.933] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.934] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.935] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.936] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.937] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.938] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.940] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.941] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.942] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.945] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.946] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.947] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.950] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.951] SetEvent (hEvent=0x8c) returned 1 [0107.951] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.952] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.953] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.954] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.955] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.956] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.957] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.958] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.959] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.960] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.961] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.962] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.963] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.964] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.965] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.966] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.967] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.968] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.969] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.970] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.971] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.972] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0107.973] timeEndPeriod (uPeriod=0x1) returned 0x0 [0107.973] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.409] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.409] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.412] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.412] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.413] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.413] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1e4) returned 1 [0108.413] SuspendThread (hThread=0x1e4) returned 0x0 [0108.413] GetThreadContext (in: hThread=0x1e4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0108.420] ResumeThread (hThread=0x1e4) returned 0x1 [0108.420] CloseHandle (hObject=0x1e4) returned 1 [0108.420] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.431] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.431] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.445] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.446] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.451] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.451] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.452] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.452] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.469] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.474] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.475] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.481] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.481] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.484] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.484] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.503] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.518] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.518] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.519] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.519] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.523] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.523] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.525] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.525] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.537] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.537] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.538] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.538] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x170, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xec) returned 1 [0108.538] SuspendThread (hThread=0xec) returned 0x0 [0108.538] GetThreadContext (in: hThread=0xec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x29a9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0108.540] ResumeThread (hThread=0xec) returned 0x1 [0108.540] CloseHandle (hObject=0xec) returned 1 [0108.540] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.566] SetEvent (hEvent=0xf4) returned 1 [0108.566] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.574] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.574] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.575] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.575] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.578] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.592] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.601] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.621] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.625] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.625] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.627] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.627] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.652] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.677] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.686] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.687] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.687] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.688] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.688] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.690] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.713] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.713] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.714] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.714] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.722] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.722] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.723] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.723] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.730] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.730] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.731] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.731] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x158, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x180) returned 1 [0108.731] SuspendThread (hThread=0x180) returned 0x0 [0108.731] GetThreadContext (in: hThread=0x180, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x291cfb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0108.740] ResumeThread (hThread=0x180) returned 0x1 [0108.740] CloseHandle (hObject=0x180) returned 1 [0108.740] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.758] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.760] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.764] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.765] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.765] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.765] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.774] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.800] SetEvent (hEvent=0x1a0) returned 1 [0108.800] SetEvent (hEvent=0x188) returned 1 [0108.800] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.805] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.805] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.806] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.806] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.808] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.825] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.825] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.826] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.826] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x154, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1bc) returned 1 [0108.826] SuspendThread (hThread=0x1bc) returned 0x0 [0108.827] GetThreadContext (in: hThread=0x1bc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2989fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0108.835] ResumeThread (hThread=0x1bc) returned 0x1 [0108.835] CloseHandle (hObject=0x1bc) returned 1 [0108.835] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.843] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.864] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.864] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.866] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.866] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.896] SetEvent (hEvent=0x188) returned 1 [0108.896] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.904] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.904] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.907] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.907] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.947] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x98, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xec) returned 1 [0108.947] SuspendThread (hThread=0xec) returned 0x0 [0108.947] GetThreadContext (in: hThread=0xec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27a5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0108.975] ResumeThread (hThread=0xec) returned 0x1 [0108.975] CloseHandle (hObject=0xec) returned 1 [0108.975] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0108.991] timeEndPeriod (uPeriod=0x1) returned 0x0 [0108.991] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0108.992] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0108.992] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.000] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.011] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.031] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.037] timeEndPeriod (uPeriod=0x1) returned 0x0 [0109.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0109.037] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0109.038] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.040] timeEndPeriod (uPeriod=0x1) returned 0x0 [0109.040] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0109.041] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0109.041] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.046] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.151] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1bc) returned 1 [0109.151] SuspendThread (hThread=0x1bc) returned 0x0 [0109.151] GetThreadContext (in: hThread=0x1bc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0109.166] ResumeThread (hThread=0x1bc) returned 0x1 [0109.166] CloseHandle (hObject=0x1bc) returned 1 [0109.166] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.213] timeEndPeriod (uPeriod=0x1) returned 0x0 [0109.213] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0109.215] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0109.215] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.241] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.256] SetEvent (hEvent=0x188) returned 1 [0109.256] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.269] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.281] SetEvent (hEvent=0x108) returned 1 [0109.281] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.286] timeEndPeriod (uPeriod=0x1) returned 0x0 [0109.286] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0109.288] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0109.288] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.321] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.330] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.351] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.357] timeEndPeriod (uPeriod=0x1) returned 0x0 [0109.357] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0109.357] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0109.357] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.362] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.365] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.368] timeEndPeriod (uPeriod=0x1) returned 0x0 [0109.368] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0109.370] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0109.370] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.393] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.403] timeEndPeriod (uPeriod=0x1) returned 0x0 [0109.403] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0109.405] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0109.405] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.405] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.554] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1dc) returned 1 [0109.554] SuspendThread (hThread=0x1dc) returned 0x0 [0109.555] GetThreadContext (in: hThread=0x1dc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0109.722] ResumeThread (hThread=0x1dc) returned 0x1 [0109.722] CloseHandle (hObject=0x1dc) returned 1 [0109.722] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.728] timeEndPeriod (uPeriod=0x1) returned 0x0 [0109.728] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0109.736] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0109.736] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.753] timeEndPeriod (uPeriod=0x1) returned 0x0 [0109.753] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0109.753] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0109.753] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.763] timeEndPeriod (uPeriod=0x1) returned 0x0 [0109.763] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0109.765] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0109.765] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.792] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.804] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.806] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.821] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1dc) returned 1 [0109.821] SuspendThread (hThread=0x1dc) returned 0x0 [0109.821] GetThreadContext (in: hThread=0x1dc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0109.841] ResumeThread (hThread=0x1dc) returned 0x1 [0109.841] CloseHandle (hObject=0x1dc) returned 1 [0109.842] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.858] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.876] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1dc) returned 1 [0109.876] SuspendThread (hThread=0x1dc) returned 0x0 [0109.876] GetThreadContext (in: hThread=0x1dc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0109.897] ResumeThread (hThread=0x1dc) returned 0x1 [0109.897] CloseHandle (hObject=0x1dc) returned 1 [0109.897] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.902] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xec) returned 1 [0109.902] SuspendThread (hThread=0xec) returned 0x0 [0109.902] GetThreadContext (in: hThread=0xec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0109.911] ResumeThread (hThread=0xec) returned 0x1 [0109.911] CloseHandle (hObject=0xec) returned 1 [0109.911] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.913] timeEndPeriod (uPeriod=0x1) returned 0x0 [0109.913] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0109.918] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0109.919] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.932] timeEndPeriod (uPeriod=0x1) returned 0x0 [0109.932] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0109.933] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0109.933] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b4) returned 1 [0109.933] SuspendThread (hThread=0x1b4) returned 0x0 [0109.933] GetThreadContext (in: hThread=0x1b4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0109.946] ResumeThread (hThread=0x1b4) returned 0x1 [0109.946] CloseHandle (hObject=0x1b4) returned 1 [0109.946] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.960] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.973] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xec) returned 1 [0109.973] SuspendThread (hThread=0xec) returned 0x0 [0109.973] GetThreadContext (in: hThread=0xec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0109.981] ResumeThread (hThread=0xec) returned 0x1 [0109.981] CloseHandle (hObject=0xec) returned 1 [0109.981] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0109.996] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x128) returned 1 [0109.996] SuspendThread (hThread=0x128) returned 0x0 [0109.996] GetThreadContext (in: hThread=0x128, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0110.015] ResumeThread (hThread=0x128) returned 0x1 [0110.015] CloseHandle (hObject=0x128) returned 1 [0110.015] SetEvent (hEvent=0xb8) returned 1 [0110.016] SetEvent (hEvent=0x1a0) returned 1 [0110.016] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.017] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.017] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.018] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.018] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.038] SetEvent (hEvent=0x114) returned 1 [0110.038] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.052] SetEvent (hEvent=0xb8) returned 1 [0110.052] SetEvent (hEvent=0x198) returned 1 [0110.052] SetEvent (hEvent=0x164) returned 1 [0110.052] SetEvent (hEvent=0x13c) returned 1 [0110.052] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.055] SetEvent (hEvent=0x13c) returned 1 [0110.055] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.058] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.058] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.059] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.059] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.079] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.092] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.095] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.098] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.100] SetEvent (hEvent=0xb8) returned 1 [0110.100] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.106] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.114] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.116] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.116] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.128] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.129] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x180) returned 1 [0110.129] SuspendThread (hThread=0x180) returned 0x0 [0110.129] GetThreadContext (in: hThread=0x180, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0110.138] ResumeThread (hThread=0x180) returned 0x1 [0110.138] CloseHandle (hObject=0x180) returned 1 [0110.138] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.152] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.154] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.161] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.164] SetEvent (hEvent=0x114) returned 1 [0110.164] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.165] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.165] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.168] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.168] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.193] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.207] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.212] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.215] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.218] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.218] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.219] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.220] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.237] SetEvent (hEvent=0x188) returned 1 [0110.237] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.255] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.255] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.258] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.258] SetEvent (hEvent=0x114) returned 1 [0110.258] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.383] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.383] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.385] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.385] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.402] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.417] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.421] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.423] SetEvent (hEvent=0x108) returned 1 [0110.423] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.425] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.425] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.428] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.428] SetEvent (hEvent=0x108) returned 1 [0110.428] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.452] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.459] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.460] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.461] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.464] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.468] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.476] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.477] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.477] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.479] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.479] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.498] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.514] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.515] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.515] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.517] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.517] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.534] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.549] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.551] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.553] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.556] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.560] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.565] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.567] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.569] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.570] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.571] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.572] SetEvent (hEvent=0xb8) returned 1 [0110.572] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.574] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.577] SetEvent (hEvent=0x108) returned 1 [0110.577] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.584] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.584] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.584] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.586] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.586] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.602] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.620] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.624] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.625] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.627] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.628] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.629] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.631] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.632] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.636] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.638] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.643] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.644] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.646] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.648] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.650] SetEvent (hEvent=0x9c) returned 1 [0110.650] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.653] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.656] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.660] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.660] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.660] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.662] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.662] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.663] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.678] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.680] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.681] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.683] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.685] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.689] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.692] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.693] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.694] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.695] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.697] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.698] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.700] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.700] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.700] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.702] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.702] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.719] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.734] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.737] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.741] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.746] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.746] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.748] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.749] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.751] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.752] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.753] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.753] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.755] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.755] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.772] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.790] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.793] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.794] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.797] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.799] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.799] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.799] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.801] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.801] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.802] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.819] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.822] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.824] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.825] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.825] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.827] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.827] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.829] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.844] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.851] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.852] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.857] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.860] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.863] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.867] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.867] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.868] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.869] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.885] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.902] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.904] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.907] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.910] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.912] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.921] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.922] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.924] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.927] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.928] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.929] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.930] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.932] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.933] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.934] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.936] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.938] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.942] SetEvent (hEvent=0xfc) returned 1 [0110.942] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.945] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.949] timeEndPeriod (uPeriod=0x1) returned 0x0 [0110.949] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0110.950] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0110.950] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.953] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.972] SetEvent (hEvent=0x1a0) returned 1 [0110.972] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.976] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.984] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.987] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.991] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0110.998] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.000] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.002] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.004] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.007] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.007] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.010] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.013] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.014] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.015] SetEvent (hEvent=0x164) returned 1 [0111.015] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.016] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.018] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.019] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.020] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.021] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.025] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.028] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.030] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.030] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.032] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.034] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.035] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.038] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.041] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.043] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.044] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.046] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.047] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.060] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.060] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.062] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.062] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.078] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.078] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.081] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.081] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.096] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.097] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.099] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.101] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.103] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.107] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.109] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.114] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.116] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.123] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.128] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.131] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.131] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.132] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.132] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.148] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.165] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.168] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.172] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.173] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.175] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.177] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.182] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.183] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.188] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.191] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.193] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.194] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.195] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.197] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.200] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.213] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.216] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.218] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.224] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.226] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.228] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.229] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.231] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.232] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.234] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.236] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.242] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.244] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.246] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.247] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.249] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.250] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.255] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.262] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.264] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.265] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.265] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.266] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.266] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.268] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.283] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.283] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.285] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.285] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.300] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.300] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.302] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.302] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.320] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.321] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.321] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.323] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.323] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.339] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.339] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.344] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.344] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.355] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.357] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.358] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.360] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.363] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.367] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.368] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.368] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.370] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.370] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.389] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.401] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.403] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.405] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.410] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.412] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.414] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.415] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.418] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.423] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.425] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.426] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.426] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.428] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.428] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.466] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.467] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.469] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.469] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.469] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.471] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.471] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.487] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.487] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.489] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.489] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.503] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.503] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.504] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.504] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.505] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.521] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.527] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.529] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.530] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.532] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.535] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.535] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.538] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.540] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.543] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.545] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.545] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.546] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.548] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.549] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.551] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.551] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.552] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.552] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.568] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.585] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.587] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.588] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.589] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.592] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.597] SetEvent (hEvent=0x164) returned 1 [0111.597] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.601] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.605] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.607] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.610] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.651] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.654] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.655] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.658] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.662] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.667] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.673] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.673] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.673] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.675] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.675] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.694] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.710] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.712] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.713] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.714] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.716] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.719] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.721] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.724] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.729] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.730] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.732] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.735] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.736] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.741] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.743] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.749] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.750] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.751] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.753] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.755] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.759] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.761] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.765] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.768] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.770] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.774] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.776] SetEvent (hEvent=0x1a0) returned 1 [0111.776] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.779] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.781] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.786] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.788] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.788] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.788] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.790] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.790] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.807] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.825] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.826] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.827] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.828] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.828] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.831] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.831] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.847] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.847] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.848] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.848] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.864] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.866] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.867] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.868] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.868] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.870] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.870] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.886] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.904] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.906] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.910] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.912] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.915] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.915] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.916] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.916] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.935] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.948] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.948] timeEndPeriod (uPeriod=0x1) returned 0x0 [0111.948] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0111.950] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0111.950] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.952] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.967] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.969] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.972] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.983] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.991] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0111.995] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.001] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.003] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.005] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.005] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.007] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.007] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.026] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.038] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.042] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x98, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1e4) returned 1 [0112.043] SuspendThread (hThread=0x1e4) returned 0x0 [0112.043] GetThreadContext (in: hThread=0x1e4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27a5fdf8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0112.044] ResumeThread (hThread=0x1e4) returned 0x1 [0112.044] CloseHandle (hObject=0x1e4) returned 1 [0112.044] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.045] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.047] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.050] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.057] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.060] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.061] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.063] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.065] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.068] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.069] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.070] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.073] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.078] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.081] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.083] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.085] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.086] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.090] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.091] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.093] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.109] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.111] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.112] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.120] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.121] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.124] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.125] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.128] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.130] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.134] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.139] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.140] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.141] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.144] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.147] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.149] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.150] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.156] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.158] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.159] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.166] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.168] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.170] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.171] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.173] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.173] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.174] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.174] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.176] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.176] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.195] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.209] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.215] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.217] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.219] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.220] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.221] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.223] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.223] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.225] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.225] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.227] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.256] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.260] SetEvent (hEvent=0xb8) returned 1 [0112.260] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.262] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.262] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.265] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.265] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.280] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.340] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.340] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.341] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.341] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.349] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.349] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.350] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.350] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.366] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.371] SetEvent (hEvent=0x164) returned 1 [0112.371] SetEvent (hEvent=0x13c) returned 1 [0112.371] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.381] SetEvent (hEvent=0x9c) returned 1 [0112.381] SetEvent (hEvent=0x120) returned 1 [0112.381] SetEvent (hEvent=0x198) returned 1 [0112.381] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.393] SetEvent (hEvent=0x198) returned 1 [0112.393] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.400] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.407] SetEvent (hEvent=0x120) returned 1 [0112.407] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.415] SetEvent (hEvent=0x120) returned 1 [0112.416] SetEvent (hEvent=0x108) returned 1 [0112.416] SetEvent (hEvent=0x114) returned 1 [0112.416] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.420] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.423] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.427] SetEvent (hEvent=0x114) returned 1 [0112.427] SetEvent (hEvent=0x108) returned 1 [0112.427] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.430] SetEvent (hEvent=0x108) returned 1 [0112.430] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.436] SetEvent (hEvent=0x108) returned 1 [0112.436] SetEvent (hEvent=0x120) returned 1 [0112.436] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.439] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.440] SetEvent (hEvent=0x120) returned 1 [0112.440] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.442] SetEvent (hEvent=0x120) returned 1 [0112.442] SetEvent (hEvent=0x108) returned 1 [0112.442] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.445] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.475] SetEvent (hEvent=0x108) returned 1 [0112.475] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.478] SetEvent (hEvent=0x108) returned 1 [0112.478] SetEvent (hEvent=0x120) returned 1 [0112.478] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.481] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.483] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.484] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.485] SetEvent (hEvent=0x120) returned 1 [0112.485] SetEvent (hEvent=0x108) returned 1 [0112.485] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.488] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.493] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.494] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.495] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.497] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.499] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.501] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.502] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.503] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.504] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.505] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.506] SetEvent (hEvent=0xf4) returned 1 [0112.506] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.509] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.511] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.511] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.513] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.515] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.516] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.518] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.536] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x19c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x194) returned 1 [0112.536] SuspendThread (hThread=0x194) returned 0x0 [0112.536] GetThreadContext (in: hThread=0x194, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x29c9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0112.537] ResumeThread (hThread=0x194) returned 0x1 [0112.537] CloseHandle (hObject=0x194) returned 1 [0112.537] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.538] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.538] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.541] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.541] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.561] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.561] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.563] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.563] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.572] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.574] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.574] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.576] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.576] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.594] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.594] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.598] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.598] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.700] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1bc) returned 1 [0112.700] SuspendThread (hThread=0x1bc) returned 0x0 [0112.700] GetThreadContext (in: hThread=0x1bc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fdf8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0112.703] ResumeThread (hThread=0x1bc) returned 0x1 [0112.703] CloseHandle (hObject=0x1bc) returned 1 [0112.703] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.709] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.711] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.717] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.720] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.721] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.723] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.728] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.731] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.734] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.737] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.742] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.743] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.744] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.748] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.748] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.750] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.753] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.756] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.760] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.768] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.774] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.776] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.777] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.777] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.780] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.780] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.799] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.813] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.815] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.815] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.817] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.817] SetEvent (hEvent=0x108) returned 1 [0112.817] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.819] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.824] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.828] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.829] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.832] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.836] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.839] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.841] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.842] SetEvent (hEvent=0x108) returned 1 [0112.842] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.845] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.847] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.856] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.858] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.860] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.862] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.863] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.865] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.867] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.869] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.871] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.873] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.875] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.878] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.882] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.883] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.883] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.885] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.885] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.886] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.886] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.886] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.886] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.904] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.908] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.908] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.910] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.910] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.931] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.947] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.947] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.948] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.948] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x98, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1d4) returned 1 [0112.948] SuspendThread (hThread=0x1d4) returned 0x0 [0112.948] GetThreadContext (in: hThread=0x1d4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27a5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0112.956] ResumeThread (hThread=0x1d4) returned 0x1 [0112.956] CloseHandle (hObject=0x1d4) returned 1 [0112.956] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.959] timeEndPeriod (uPeriod=0x1) returned 0x0 [0112.959] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0112.960] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0112.960] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.962] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.982] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.989] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.993] SetEvent (hEvent=0x164) returned 1 [0112.993] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0112.997] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.002] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.007] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.009] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.012] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.014] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.017] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.020] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.022] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.023] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.024] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.025] timeEndPeriod (uPeriod=0x1) returned 0x0 [0113.025] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0113.026] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0113.026] SetEvent (hEvent=0xf4) returned 1 [0113.026] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.045] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.062] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.064] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.065] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.067] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.069] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.071] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.074] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.076] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.079] timeEndPeriod (uPeriod=0x1) returned 0x0 [0113.079] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0113.080] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0113.080] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.082] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.180] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x158, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b4) returned 1 [0113.180] SuspendThread (hThread=0x1b4) returned 0x0 [0113.181] GetThreadContext (in: hThread=0x1b4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x291cfdf8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0113.184] ResumeThread (hThread=0x1b4) returned 0x1 [0113.184] CloseHandle (hObject=0x1b4) returned 1 [0113.184] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.186] timeEndPeriod (uPeriod=0x1) returned 0x0 [0113.186] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0113.189] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0113.189] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.206] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.223] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.229] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.234] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.236] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.238] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.241] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.243] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.245] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.246] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.247] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.248] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.252] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.254] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.255] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.256] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.258] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.261] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.263] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.266] timeEndPeriod (uPeriod=0x1) returned 0x0 [0113.266] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0113.267] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0113.267] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.277] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.302] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.304] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.307] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.308] timeEndPeriod (uPeriod=0x1) returned 0x0 [0113.308] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0113.311] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0113.312] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.327] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.344] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.345] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.351] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.353] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.355] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.358] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.359] timeEndPeriod (uPeriod=0x1) returned 0x0 [0113.359] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0113.361] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0113.361] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.386] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.393] timeEndPeriod (uPeriod=0x1) returned 0x0 [0113.393] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0113.400] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0113.400] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.417] SetEvent (hEvent=0x9c) returned 1 [0113.417] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.428] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.429] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.437] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.440] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.443] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.445] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.447] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.449] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.450] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.451] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.452] timeEndPeriod (uPeriod=0x1) returned 0x0 [0113.452] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0113.466] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0113.466] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.471] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x104, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0113.471] SuspendThread (hThread=0x1b0) returned 0x0 [0113.471] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2850fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0113.481] ResumeThread (hThread=0x1b0) returned 0x1 [0113.481] CloseHandle (hObject=0x1b0) returned 1 [0113.481] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.492] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.504] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.505] timeEndPeriod (uPeriod=0x1) returned 0x0 [0113.505] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0113.508] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0113.508] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.523] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.540] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.540] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.542] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.544] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.547] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.549] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.550] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.551] SetEvent (hEvent=0x15c) returned 1 [0113.551] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.553] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.556] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.559] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.562] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.568] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.569] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.572] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.573] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.576] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.579] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.582] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.584] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.589] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.591] SetEvent (hEvent=0x198) returned 1 [0113.591] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.595] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.597] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.598] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.601] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.603] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.611] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.614] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.614] timeEndPeriod (uPeriod=0x1) returned 0x0 [0113.614] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0113.616] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0113.616] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.634] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.649] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.652] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.654] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.656] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.657] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.658] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.660] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.662] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.668] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.670] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.672] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.674] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.675] SetEvent (hEvent=0x164) returned 1 [0113.675] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.677] timeEndPeriod (uPeriod=0x1) returned 0x0 [0113.677] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0113.681] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0113.681] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.695] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.801] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.805] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.810] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.816] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.837] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.848] timeEndPeriod (uPeriod=0x1) returned 0x0 [0113.848] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0113.855] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0113.855] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.867] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.882] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.887] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.890] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.891] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.902] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.904] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.906] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.908] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.912] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.915] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.920] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.921] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.922] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.924] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.926] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.927] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.928] timeEndPeriod (uPeriod=0x1) returned 0x0 [0113.928] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0113.929] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0113.929] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.931] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.947] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.950] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.952] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.960] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.968] timeEndPeriod (uPeriod=0x1) returned 0x0 [0113.968] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0113.970] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0113.970] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0113.988] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.003] SetEvent (hEvent=0xb8) returned 1 [0114.003] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.005] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.006] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.009] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.013] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.014] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.016] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.018] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.024] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.027] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.030] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.031] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.035] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.038] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.043] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.044] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.050] SwitchToThread () returned 1 [0114.051] WaitForSingleObject (hHandle=0xc0, dwMilliseconds=0xffffffff) returned 0x0 [0114.052] timeEndPeriod (uPeriod=0x1) returned 0x0 [0114.052] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0114.056] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0114.056] SetEvent (hEvent=0x15c) returned 1 [0114.057] SetEvent (hEvent=0x9c) returned 1 [0114.057] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.072] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.089] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.100] SetEvent (hEvent=0x164) returned 1 [0114.100] SetEvent (hEvent=0x9c) returned 1 [0114.100] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.103] SetEvent (hEvent=0x15c) returned 1 [0114.103] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.113] SetEvent (hEvent=0x114) returned 1 [0114.113] SetEvent (hEvent=0x13c) returned 1 [0114.113] SetEvent (hEvent=0xf4) returned 1 [0114.113] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.122] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.137] SetEvent (hEvent=0x1a0) returned 1 [0114.137] SetEvent (hEvent=0xfc) returned 1 [0114.137] SetEvent (hEvent=0x188) returned 1 [0114.137] SetEvent (hEvent=0x12c) returned 1 [0114.137] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.142] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.154] SetEvent (hEvent=0x1d0) returned 1 [0114.154] SetEvent (hEvent=0x100) returned 1 [0114.154] SetEvent (hEvent=0x8c) returned 1 [0114.154] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00053ee00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1d8 [0114.160] CloseHandle (hObject=0x1d8) returned 1 [0114.160] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.169] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.177] SetEvent (hEvent=0x8c) returned 1 [0114.177] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.180] SetEvent (hEvent=0x8c) returned 1 [0114.180] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0114.181] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000080e00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x128 [0114.185] CloseHandle (hObject=0x128) returned 1 [0114.186] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.188] SetEvent (hEvent=0x8c) returned 1 [0114.188] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.194] SetEvent (hEvent=0x8c) returned 1 [0114.194] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.201] SetEvent (hEvent=0x8c) returned 1 [0114.201] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.204] SetEvent (hEvent=0x8c) returned 1 [0114.204] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.208] SetEvent (hEvent=0x8c) returned 1 [0114.208] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.212] SetEvent (hEvent=0x1d4) returned 1 [0114.213] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000081880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1c4 [0114.216] CloseHandle (hObject=0x1c4) returned 1 [0114.216] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.220] SetEvent (hEvent=0x1d4) returned 1 [0114.220] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.224] SetEvent (hEvent=0x1d4) returned 1 [0114.224] SetEvent (hEvent=0x1c4) returned 1 [0114.224] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.226] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.231] SetEvent (hEvent=0x1c4) returned 1 [0114.231] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.234] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.238] SetEvent (hEvent=0x1c4) returned 1 [0114.238] SetEvent (hEvent=0x1d4) returned 1 [0114.238] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00053f180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xec [0114.239] CloseHandle (hObject=0xec) returned 1 [0114.239] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.244] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.251] SetEvent (hEvent=0xec) returned 1 [0114.251] SetEvent (hEvent=0x1d4) returned 1 [0114.251] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.255] SetEvent (hEvent=0x1d4) returned 1 [0114.255] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.257] SetEvent (hEvent=0x1d4) returned 1 [0114.257] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.263] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.272] SetEvent (hEvent=0xec) returned 1 [0114.272] SetEvent (hEvent=0x1c4) returned 1 [0114.272] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.276] SetEvent (hEvent=0x1c4) returned 1 [0114.276] SetEvent (hEvent=0xec) returned 1 [0114.276] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.278] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.282] SetEvent (hEvent=0xec) returned 1 [0114.282] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.284] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.288] SetEvent (hEvent=0xec) returned 1 [0114.288] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.290] SetEvent (hEvent=0xec) returned 1 [0114.290] SetEvent (hEvent=0x1c4) returned 1 [0114.290] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.294] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.296] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.297] SetEvent (hEvent=0x1c4) returned 1 [0114.297] SetEvent (hEvent=0xec) returned 1 [0114.297] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00053f500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1e0 [0114.351] CloseHandle (hObject=0x1e0) returned 1 [0114.351] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.355] SetEvent (hEvent=0xec) returned 1 [0114.355] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.358] SetEvent (hEvent=0xec) returned 1 [0114.358] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.363] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.365] SetEvent (hEvent=0xec) returned 1 [0114.365] SetEvent (hEvent=0x1f8) returned 1 [0114.365] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.367] SetEvent (hEvent=0x1f8) returned 1 [0114.367] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.369] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.373] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.381] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.385] timeEndPeriod (uPeriod=0x1) returned 0x0 [0114.385] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0114.387] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0114.387] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x214) returned 1 [0114.387] SuspendThread (hThread=0x214) returned 0x0 [0114.387] GetThreadContext (in: hThread=0x214, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0114.389] ResumeThread (hThread=0x214) returned 0x1 [0114.389] CloseHandle (hObject=0x214) returned 1 [0114.389] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.412] SetEvent (hEvent=0x1f8) returned 1 [0114.412] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.424] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.425] timeEndPeriod (uPeriod=0x1) returned 0x0 [0114.425] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0114.432] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0114.432] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.443] SetEvent (hEvent=0x1d4) returned 1 [0114.443] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.459] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.463] timeEndPeriod (uPeriod=0x1) returned 0x0 [0114.463] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0114.478] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0114.479] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.481] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1b8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1ac) returned 1 [0114.481] SuspendThread (hThread=0x1ac) returned 0x0 [0114.481] GetThreadContext (in: hThread=0x1ac, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2a29fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0114.489] ResumeThread (hThread=0x1ac) returned 0x1 [0114.489] CloseHandle (hObject=0x1ac) returned 1 [0114.489] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.496] timeEndPeriod (uPeriod=0x1) returned 0x0 [0114.496] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0114.498] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0114.498] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.501] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.515] timeEndPeriod (uPeriod=0x1) returned 0x0 [0114.515] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0114.521] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0114.521] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.718] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1b8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x208) returned 1 [0114.718] SuspendThread (hThread=0x208) returned 0x0 [0114.718] GetThreadContext (in: hThread=0x208, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2a29fde8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0114.720] ResumeThread (hThread=0x208) returned 0x1 [0114.720] CloseHandle (hObject=0x208) returned 1 [0114.720] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.721] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1b8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x208) returned 1 [0114.721] SuspendThread (hThread=0x208) returned 0x0 [0114.721] GetThreadContext (in: hThread=0x208, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2a29fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0114.727] ResumeThread (hThread=0x208) returned 0x1 [0114.727] CloseHandle (hObject=0x208) returned 1 [0114.727] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.731] timeEndPeriod (uPeriod=0x1) returned 0x0 [0114.731] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0114.742] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0114.742] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.749] timeEndPeriod (uPeriod=0x1) returned 0x0 [0114.749] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0114.751] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0114.751] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.766] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.769] timeEndPeriod (uPeriod=0x1) returned 0x0 [0114.769] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0114.770] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0114.770] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.771] timeEndPeriod (uPeriod=0x1) returned 0x0 [0114.771] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0114.772] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0114.772] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.790] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.797] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.804] timeEndPeriod (uPeriod=0x1) returned 0x0 [0114.804] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0114.810] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0114.810] SetEvent (hEvent=0xfc) returned 1 [0114.810] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.825] timeEndPeriod (uPeriod=0x1) returned 0x0 [0114.825] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0114.826] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0114.827] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.841] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1b8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x150) returned 1 [0114.841] SuspendThread (hThread=0x150) returned 0x0 [0114.841] GetThreadContext (in: hThread=0x150, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2a29fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0114.847] ResumeThread (hThread=0x150) returned 0x1 [0114.847] CloseHandle (hObject=0x150) returned 1 [0114.847] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.853] SetEvent (hEvent=0x1d0) returned 1 [0114.853] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.859] SetEvent (hEvent=0x1d0) returned 1 [0114.860] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.861] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.875] SetEvent (hEvent=0xfc) returned 1 [0114.875] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.886] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.888] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.890] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.893] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.898] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.901] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.904] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.906] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.907] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.907] timeEndPeriod (uPeriod=0x1) returned 0x0 [0114.907] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0114.908] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0114.908] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.908] timeEndPeriod (uPeriod=0x1) returned 0x0 [0114.908] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0114.909] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0114.909] SetEvent (hEvent=0x198) returned 1 [0114.909] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.912] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.926] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.932] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.934] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.936] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.948] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.949] timeEndPeriod (uPeriod=0x1) returned 0x0 [0114.949] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0114.952] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0114.952] SetEvent (hEvent=0x198) returned 1 [0114.952] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0114.967] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.068] timeEndPeriod (uPeriod=0x1) returned 0x0 [0115.068] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0115.069] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0115.069] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.090] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.102] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.108] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.111] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.114] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.115] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.121] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.125] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.127] SetEvent (hEvent=0xfc) returned 1 [0115.127] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.131] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.134] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.136] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.138] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.140] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.147] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.155] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.156] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1f4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b4) returned 1 [0115.156] SuspendThread (hThread=0x1b4) returned 0x0 [0115.156] GetThreadContext (in: hThread=0x1b4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2aa9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0115.166] ResumeThread (hThread=0x1b4) returned 0x1 [0115.167] CloseHandle (hObject=0x1b4) returned 1 [0115.167] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.167] timeEndPeriod (uPeriod=0x1) returned 0x0 [0115.167] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0115.170] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0115.170] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.195] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.204] timeEndPeriod (uPeriod=0x1) returned 0x0 [0115.204] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0115.206] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0115.206] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.225] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.242] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.243] timeEndPeriod (uPeriod=0x1) returned 0x0 [0115.243] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0115.245] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0115.245] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.269] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.278] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.281] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.284] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.288] timeEndPeriod (uPeriod=0x1) returned 0x0 [0115.288] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0115.291] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0115.291] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.307] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.340] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.344] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.345] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.348] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.352] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.356] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.359] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.362] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.364] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.368] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.371] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.377] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.378] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.379] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.381] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.384] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.385] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.391] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.392] timeEndPeriod (uPeriod=0x1) returned 0x0 [0115.392] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0115.395] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0115.396] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.410] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.426] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.427] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.429] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.433] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.442] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x208) returned 1 [0115.442] SuspendThread (hThread=0x208) returned 0x0 [0115.442] GetThreadContext (in: hThread=0x208, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0115.447] ResumeThread (hThread=0x208) returned 0x1 [0115.447] CloseHandle (hObject=0x208) returned 1 [0115.447] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.449] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.457] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.459] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.461] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.488] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.496] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.498] timeEndPeriod (uPeriod=0x1) returned 0x0 [0115.498] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0115.500] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0115.501] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.529] SetEvent (hEvent=0x120) returned 1 [0115.529] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.534] timeEndPeriod (uPeriod=0x1) returned 0x0 [0115.535] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0115.539] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0115.539] SetEvent (hEvent=0x1d0) returned 1 [0115.539] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.560] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.572] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.578] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.579] timeEndPeriod (uPeriod=0x1) returned 0x0 [0115.579] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0115.580] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0115.580] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.581] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.599] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.605] SetEvent (hEvent=0x12c) returned 1 [0115.605] SetEvent (hEvent=0xfc) returned 1 [0115.605] SetEvent (hEvent=0x120) returned 1 [0115.605] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.608] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.613] SetEvent (hEvent=0xfc) returned 1 [0115.613] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.615] SetEvent (hEvent=0xfc) returned 1 [0115.615] SetEvent (hEvent=0x12c) returned 1 [0115.615] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.622] SetEvent (hEvent=0xfc) returned 1 [0115.622] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.626] SetEvent (hEvent=0x1d0) returned 1 [0115.626] SetEvent (hEvent=0x8c) returned 1 [0115.626] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.628] SetEvent (hEvent=0x1d0) returned 1 [0115.628] SetEvent (hEvent=0xf4) returned 1 [0115.628] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.635] SetEvent (hEvent=0x1d0) returned 1 [0115.635] SetEvent (hEvent=0x9c) returned 1 [0115.637] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.641] SetEvent (hEvent=0x1d0) returned 1 [0115.641] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.650] SetEvent (hEvent=0x1a0) returned 1 [0115.650] SetEvent (hEvent=0x13c) returned 1 [0115.650] SetEvent (hEvent=0x114) returned 1 [0115.650] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.654] SetEvent (hEvent=0x13c) returned 1 [0115.654] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.661] SetEvent (hEvent=0x1a0) returned 1 [0115.661] SetEvent (hEvent=0x164) returned 1 [0115.661] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.666] SetEvent (hEvent=0x1a0) returned 1 [0115.666] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.668] SetEvent (hEvent=0x188) returned 1 [0115.668] SetEvent (hEvent=0x15c) returned 1 [0115.669] SetEvent (hEvent=0x1d4) returned 1 [0115.669] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.670] SetEvent (hEvent=0x15c) returned 1 [0115.670] SetEvent (hEvent=0x188) returned 1 [0115.670] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.675] SetEvent (hEvent=0x15c) returned 1 [0115.675] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.680] SetEvent (hEvent=0x100) returned 1 [0115.680] SetEvent (hEvent=0x108) returned 1 [0115.680] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.686] SetEvent (hEvent=0x100) returned 1 [0115.686] SetEvent (hEvent=0xec) returned 1 [0115.686] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.691] SetEvent (hEvent=0x100) returned 1 [0115.691] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000081c00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1ec [0115.697] CloseHandle (hObject=0x1ec) returned 1 [0115.697] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.700] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.702] SetEvent (hEvent=0x100) returned 1 [0115.702] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00053f880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x194 [0115.705] CloseHandle (hObject=0x194) returned 1 [0115.705] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.709] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.716] SetEvent (hEvent=0x100) returned 1 [0115.716] VirtualAlloc (lpAddress=0xc000268000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000268000 [0115.717] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000268000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x144 [0115.721] CloseHandle (hObject=0x144) returned 1 [0115.721] SetEvent (hEvent=0x100) returned 1 [0115.721] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.725] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0115.726] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0115.726] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00013a000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x230 [0115.738] CloseHandle (hObject=0x230) returned 1 [0115.738] SetEvent (hEvent=0x234) returned 1 [0115.738] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.741] VirtualAlloc (lpAddress=0xc00019c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019c000 [0115.742] VirtualAlloc (lpAddress=0xc00019e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019e000 [0115.742] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00019c000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x230 [0115.752] CloseHandle (hObject=0x230) returned 1 [0115.753] SetEvent (hEvent=0x24c) returned 1 [0115.753] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.797] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000268380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x254 [0115.804] CloseHandle (hObject=0x254) returned 1 [0115.804] SetEvent (hEvent=0x258) returned 1 [0115.804] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.808] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00013a380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x260 [0115.812] CloseHandle (hObject=0x260) returned 1 [0115.813] SetEvent (hEvent=0x264) returned 1 [0115.813] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.818] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00019c380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x270 [0115.833] CloseHandle (hObject=0x270) returned 1 [0115.833] SetEvent (hEvent=0x274) returned 1 [0115.833] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.836] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000268700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x270 [0115.852] CloseHandle (hObject=0x270) returned 1 [0115.852] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00053fc00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x270 [0115.857] CloseHandle (hObject=0x270) returned 1 [0115.857] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.864] SetEvent (hEvent=0x26c) returned 1 [0115.864] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.871] SetEvent (hEvent=0x26c) returned 1 [0115.871] VirtualAlloc (lpAddress=0xc0002c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c2000 [0115.872] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c2000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x208 [0115.874] CloseHandle (hObject=0x208) returned 1 [0115.874] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.878] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.882] SetEvent (hEvent=0x26c) returned 1 [0115.882] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c2380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x1e8 [0115.884] CloseHandle (hObject=0x1e8) returned 1 [0115.884] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.886] SetEvent (hEvent=0x26c) returned 1 [0115.886] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00013a700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x298 [0115.887] CloseHandle (hObject=0x298) returned 1 [0115.887] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.890] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.897] SetEvent (hEvent=0x2a8) returned 1 [0115.897] SetEvent (hEvent=0x26c) returned 1 [0115.897] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.906] SetEvent (hEvent=0x26c) returned 1 [0115.906] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.911] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.914] SetEvent (hEvent=0x26c) returned 1 [0115.914] SetEvent (hEvent=0x2a8) returned 1 [0115.914] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.915] SetEvent (hEvent=0x2a8) returned 1 [0115.915] SetEvent (hEvent=0x26c) returned 1 [0115.915] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.918] SetEvent (hEvent=0x26c) returned 1 [0115.918] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.924] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.929] SetEvent (hEvent=0x2a8) returned 1 [0115.929] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.932] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.935] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1b8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x22c) returned 1 [0115.935] SuspendThread (hThread=0x22c) returned 0x0 [0115.935] GetThreadContext (in: hThread=0x22c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2a29f728, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab153a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0115.941] ResumeThread (hThread=0x22c) returned 0x1 [0115.941] CloseHandle (hObject=0x22c) returned 1 [0115.941] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.941] SetEvent (hEvent=0x2a8) returned 1 [0115.941] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.943] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.945] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x294, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2c0) returned 1 [0115.945] SuspendThread (hThread=0x2c0) returned 0x0 [0115.945] GetThreadContext (in: hThread=0x2c0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2c29fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0115.951] ResumeThread (hThread=0x2c0) returned 0x1 [0115.951] CloseHandle (hObject=0x2c0) returned 1 [0115.951] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.953] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x294, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2c0) returned 1 [0115.953] SuspendThread (hThread=0x2c0) returned 0x0 [0115.953] GetThreadContext (in: hThread=0x2c0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2c29fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0115.954] ResumeThread (hThread=0x2c0) returned 0x1 [0115.954] CloseHandle (hObject=0x2c0) returned 1 [0115.954] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.957] timeEndPeriod (uPeriod=0x1) returned 0x0 [0115.957] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0115.958] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0115.958] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x294, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1ec) returned 1 [0115.958] SuspendThread (hThread=0x1ec) returned 0x0 [0115.958] GetThreadContext (in: hThread=0x1ec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2c29fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0115.962] ResumeThread (hThread=0x1ec) returned 0x1 [0115.962] CloseHandle (hObject=0x1ec) returned 1 [0115.962] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.978] SetEvent (hEvent=0x114) returned 1 [0115.978] SetEvent (hEvent=0x15c) returned 1 [0115.979] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.981] SetEvent (hEvent=0x114) returned 1 [0115.981] SetEvent (hEvent=0x9c) returned 1 [0115.981] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.986] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.994] SetEvent (hEvent=0x114) returned 1 [0115.994] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0115.996] SetEvent (hEvent=0x114) returned 1 [0115.996] SetEvent (hEvent=0x274) returned 1 [0115.996] SetEvent (hEvent=0x188) returned 1 [0115.996] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.000] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.004] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.007] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.008] SetEvent (hEvent=0x188) returned 1 [0116.008] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.009] SetEvent (hEvent=0x114) returned 1 [0116.009] SetEvent (hEvent=0x264) returned 1 [0116.009] SetEvent (hEvent=0x258) returned 1 [0116.009] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.013] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.016] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.018] SetEvent (hEvent=0x258) returned 1 [0116.019] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.021] SetEvent (hEvent=0x264) returned 1 [0116.021] SetEvent (hEvent=0x114) returned 1 [0116.021] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.028] SetEvent (hEvent=0x264) returned 1 [0116.028] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.034] SetEvent (hEvent=0x148) returned 1 [0116.035] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.038] SetEvent (hEvent=0x148) returned 1 [0116.039] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.063] SetEvent (hEvent=0x2b0) returned 1 [0116.063] SetEvent (hEvent=0x234) returned 1 [0116.063] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.066] SetEvent (hEvent=0x234) returned 1 [0116.066] SetEvent (hEvent=0x148) returned 1 [0116.066] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.069] SetEvent (hEvent=0x148) returned 1 [0116.069] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.077] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.080] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.082] timeEndPeriod (uPeriod=0x1) returned 0x0 [0116.082] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0116.083] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0116.083] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.086] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.100] SetEvent (hEvent=0x1e8) returned 1 [0116.100] SetEvent (hEvent=0x234) returned 1 [0116.100] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.101] SetEvent (hEvent=0x234) returned 1 [0116.102] SetEvent (hEvent=0x1f8) returned 1 [0116.102] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.107] SetEvent (hEvent=0x1f8) returned 1 [0116.107] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.111] SetEvent (hEvent=0x1a0) returned 1 [0116.111] SetEvent (hEvent=0x1dc) returned 1 [0116.111] SetEvent (hEvent=0x2a8) returned 1 [0116.111] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.114] SetEvent (hEvent=0x2a8) returned 1 [0116.114] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.118] SetEvent (hEvent=0x1dc) returned 1 [0116.118] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.122] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00019ca80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2fc [0116.124] CloseHandle (hObject=0x2fc) returned 1 [0116.124] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c2700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x2fc [0116.125] CloseHandle (hObject=0x2fc) returned 1 [0116.125] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.128] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00019ce00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x308 [0116.133] CloseHandle (hObject=0x308) returned 1 [0116.133] SetEvent (hEvent=0x318) returned 1 [0116.133] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.139] SetEvent (hEvent=0x318) returned 1 [0116.139] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.142] SetEvent (hEvent=0x318) returned 1 [0116.142] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.149] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00019d180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x330 [0116.153] CloseHandle (hObject=0x330) returned 1 [0116.153] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c2a80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x330 [0116.154] CloseHandle (hObject=0x330) returned 1 [0116.155] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.157] timeEndPeriod (uPeriod=0x1) returned 0x0 [0116.157] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0116.159] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0116.159] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x34c) returned 1 [0116.159] SuspendThread (hThread=0x34c) returned 0x0 [0116.159] GetThreadContext (in: hThread=0x34c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0f758, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab153a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0116.164] ResumeThread (hThread=0x34c) returned 0x1 [0116.164] CloseHandle (hObject=0x34c) returned 1 [0116.164] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.178] SetEvent (hEvent=0x354) returned 1 [0116.178] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.193] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x33c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x370) returned 1 [0116.193] SuspendThread (hThread=0x370) returned 0x0 [0116.193] GetThreadContext (in: hThread=0x370, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d09fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0116.204] ResumeThread (hThread=0x370) returned 0x1 [0116.204] CloseHandle (hObject=0x370) returned 1 [0116.204] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.209] timeEndPeriod (uPeriod=0x1) returned 0x0 [0116.209] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0116.210] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0116.210] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x33c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x254) returned 1 [0116.210] SuspendThread (hThread=0x254) returned 0x0 [0116.210] GetThreadContext (in: hThread=0x254, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0116.212] ResumeThread (hThread=0x254) returned 0x1 [0116.212] CloseHandle (hObject=0x254) returned 1 [0116.212] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.232] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.236] SetEvent (hEvent=0x12c) returned 1 [0116.236] SetEvent (hEvent=0x340) returned 1 [0116.237] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.241] timeEndPeriod (uPeriod=0x1) returned 0x0 [0116.241] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0116.244] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0116.244] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.263] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.275] SetEvent (hEvent=0x198) returned 1 [0116.275] SetEvent (hEvent=0x334) returned 1 [0116.275] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.281] SetEvent (hEvent=0x30c) returned 1 [0116.281] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.288] SetEvent (hEvent=0x148) returned 1 [0116.288] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.293] SetEvent (hEvent=0x148) returned 1 [0116.293] SetEvent (hEvent=0x35c) returned 1 [0116.293] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.296] SetEvent (hEvent=0x148) returned 1 [0116.296] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.300] SetEvent (hEvent=0x364) returned 1 [0116.300] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.303] SetEvent (hEvent=0x354) returned 1 [0116.303] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.307] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00019dc00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x37c [0116.309] CloseHandle (hObject=0x37c) returned 1 [0116.309] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.310] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c2e00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x37c [0116.317] CloseHandle (hObject=0x37c) returned 1 [0116.317] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.320] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00013ae00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x37c [0116.322] CloseHandle (hObject=0x37c) returned 1 [0116.322] SetEvent (hEvent=0x388) returned 1 [0116.322] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.326] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.329] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000268a80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x320 [0116.333] CloseHandle (hObject=0x320) returned 1 [0116.333] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.335] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.338] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00013b180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x390 [0116.341] CloseHandle (hObject=0x390) returned 1 [0116.341] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c3180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x390 [0116.343] CloseHandle (hObject=0x390) returned 1 [0116.343] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.344] SetEvent (hEvent=0x39c) returned 1 [0116.344] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.349] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000268e00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x304 [0116.356] CloseHandle (hObject=0x304) returned 1 [0116.356] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.361] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00013b500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x304 [0116.368] CloseHandle (hObject=0x304) returned 1 [0116.368] SetEvent (hEvent=0x3b0) returned 1 [0116.368] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c3500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x304 [0116.369] CloseHandle (hObject=0x304) returned 1 [0116.369] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.377] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.382] SetEvent (hEvent=0x304) returned 1 [0116.382] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.387] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.389] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.416] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x28c) returned 1 [0116.416] SuspendThread (hThread=0x28c) returned 0x0 [0116.416] GetThreadContext (in: hThread=0x28c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fdf8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0116.417] ResumeThread (hThread=0x28c) returned 0x1 [0116.417] CloseHandle (hObject=0x28c) returned 1 [0116.417] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.420] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.422] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.422] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.429] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.431] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.432] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.435] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.437] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.442] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.446] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.447] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.448] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.450] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.509] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.509] timeEndPeriod (uPeriod=0x1) returned 0x0 [0116.509] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0116.512] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0116.512] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.527] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.544] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.545] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.546] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.547] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.549] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.550] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.556] timeEndPeriod (uPeriod=0x1) returned 0x0 [0116.556] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0116.558] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0116.558] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.573] timeEndPeriod (uPeriod=0x1) returned 0x0 [0116.573] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0116.575] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0116.575] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.589] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.591] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.595] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.596] timeEndPeriod (uPeriod=0x1) returned 0x0 [0116.596] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0116.597] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0116.597] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.599] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.617] timeEndPeriod (uPeriod=0x1) returned 0x0 [0116.618] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0116.619] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0116.619] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.620] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.635] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.636] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.637] timeEndPeriod (uPeriod=0x1) returned 0x0 [0116.637] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0116.638] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0116.638] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.640] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.656] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.658] timeEndPeriod (uPeriod=0x1) returned 0x0 [0116.658] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0116.660] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0116.660] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.661] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.677] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.677] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.681] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.683] timeEndPeriod (uPeriod=0x1) returned 0x0 [0116.683] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0116.684] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0116.684] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.686] timeEndPeriod (uPeriod=0x1) returned 0x0 [0116.686] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0116.688] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0116.688] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.788] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x224, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2e8) returned 1 [0116.788] SuspendThread (hThread=0x2e8) returned 0x0 [0116.788] GetThreadContext (in: hThread=0x2e8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2b09fdf8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0116.789] ResumeThread (hThread=0x2e8) returned 0x1 [0116.789] CloseHandle (hObject=0x2e8) returned 1 [0116.789] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.791] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.793] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.797] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.801] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.802] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.806] timeEndPeriod (uPeriod=0x1) returned 0x0 [0116.806] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0116.807] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0116.807] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0116.918] timeEndPeriod (uPeriod=0x1) returned 0x0 [0116.918] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0116.924] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0116.924] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.025] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.027] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.031] timeEndPeriod (uPeriod=0x1) returned 0x0 [0117.031] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0117.032] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0117.033] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.142] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.145] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.147] timeEndPeriod (uPeriod=0x1) returned 0x0 [0117.147] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0117.150] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0117.150] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.165] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.182] timeEndPeriod (uPeriod=0x1) returned 0x0 [0117.182] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0117.183] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0117.183] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.202] timeEndPeriod (uPeriod=0x1) returned 0x0 [0117.202] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0117.203] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0117.204] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.227] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.238] timeEndPeriod (uPeriod=0x1) returned 0x0 [0117.238] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0117.240] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0117.240] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.256] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x378, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x384) returned 1 [0117.256] SuspendThread (hThread=0x384) returned 0x0 [0117.256] GetThreadContext (in: hThread=0x384, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2da9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0117.263] ResumeThread (hThread=0x384) returned 0x1 [0117.263] CloseHandle (hObject=0x384) returned 1 [0117.263] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.278] SetEvent (hEvent=0x304) returned 1 [0117.278] SetEvent (hEvent=0x9c) returned 1 [0117.278] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.284] SetEvent (hEvent=0x9c) returned 1 [0117.284] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.288] SetEvent (hEvent=0x9c) returned 1 [0117.288] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.295] SetEvent (hEvent=0x304) returned 1 [0117.295] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.304] SetEvent (hEvent=0x304) returned 1 [0117.304] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.313] SetEvent (hEvent=0x320) returned 1 [0117.314] SetEvent (hEvent=0x198) returned 1 [0117.314] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.319] SetEvent (hEvent=0x320) returned 1 [0117.319] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.323] SetEvent (hEvent=0xb8) returned 1 [0117.323] SetEvent (hEvent=0x3c0) returned 1 [0117.323] SetEvent (hEvent=0x1f8) returned 1 [0117.323] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.329] SetEvent (hEvent=0x1f8) returned 1 [0117.329] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.337] SetEvent (hEvent=0x30c) returned 1 [0117.337] SetEvent (hEvent=0x12c) returned 1 [0117.337] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.346] SetEvent (hEvent=0x30c) returned 1 [0117.346] SetEvent (hEvent=0x28c) returned 1 [0117.346] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.349] SetEvent (hEvent=0x28c) returned 1 [0117.349] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.352] SetEvent (hEvent=0x1a0) returned 1 [0117.352] SetEvent (hEvent=0x2b0) returned 1 [0117.352] SetEvent (hEvent=0x364) returned 1 [0117.352] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.355] SetEvent (hEvent=0x364) returned 1 [0117.355] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.357] SetEvent (hEvent=0x1a0) returned 1 [0117.357] SetEvent (hEvent=0x354) returned 1 [0117.357] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.360] SetEvent (hEvent=0x354) returned 1 [0117.361] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.365] SetEvent (hEvent=0x120) returned 1 [0117.365] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.368] SetEvent (hEvent=0x148) returned 1 [0117.368] SetEvent (hEvent=0x334) returned 1 [0117.368] SetEvent (hEvent=0x35c) returned 1 [0117.368] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.371] SetEvent (hEvent=0x35c) returned 1 [0117.371] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.378] SetEvent (hEvent=0x324) returned 1 [0117.378] SetEvent (hEvent=0x234) returned 1 [0117.378] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.382] SetEvent (hEvent=0x234) returned 1 [0117.383] SetEvent (hEvent=0x318) returned 1 [0117.383] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.386] SetEvent (hEvent=0x234) returned 1 [0117.386] SetEvent (hEvent=0x258) returned 1 [0117.386] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.390] SetEvent (hEvent=0x258) returned 1 [0117.390] SetEvent (hEvent=0x2a8) returned 1 [0117.390] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.393] SetEvent (hEvent=0x2a8) returned 1 [0117.393] SetEvent (hEvent=0x1e8) returned 1 [0117.393] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.396] SetEvent (hEvent=0x2a8) returned 1 [0117.396] SetEvent (hEvent=0x114) returned 1 [0117.396] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.401] SetEvent (hEvent=0x114) returned 1 [0117.401] SetEvent (hEvent=0x188) returned 1 [0117.401] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.409] SetEvent (hEvent=0x188) returned 1 [0117.409] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.418] SetEvent (hEvent=0x29c) returned 1 [0117.418] SetEvent (hEvent=0x144) returned 1 [0117.418] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.437] SetEvent (hEvent=0x29c) returned 1 [0117.437] SetEvent (hEvent=0x13c) returned 1 [0117.437] SetEvent (hEvent=0x15c) returned 1 [0117.437] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.441] SetEvent (hEvent=0x15c) returned 1 [0117.441] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.446] SetEvent (hEvent=0x13c) returned 1 [0117.446] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.450] SetEvent (hEvent=0x274) returned 1 [0117.450] SetEvent (hEvent=0x1b4) returned 1 [0117.450] SetEvent (hEvent=0xec) returned 1 [0117.451] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.453] SetEvent (hEvent=0xec) returned 1 [0117.453] SetEvent (hEvent=0x274) returned 1 [0117.453] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.459] SetEvent (hEvent=0x274) returned 1 [0117.459] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.478] SetEvent (hEvent=0x264) returned 1 [0117.478] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.483] SetEvent (hEvent=0x24c) returned 1 [0117.483] SetEvent (hEvent=0x208) returned 1 [0117.483] SetEvent (hEvent=0xfc) returned 1 [0117.483] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.488] SetEvent (hEvent=0xfc) returned 1 [0117.488] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.499] SetEvent (hEvent=0x24c) returned 1 [0117.499] SetEvent (hEvent=0x100) returned 1 [0117.499] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.507] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.516] SetEvent (hEvent=0x100) returned 1 [0117.516] SetEvent (hEvent=0x24c) returned 1 [0117.516] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.519] SetEvent (hEvent=0x24c) returned 1 [0117.520] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.524] SetEvent (hEvent=0x24c) returned 1 [0117.524] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.531] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.533] SetEvent (hEvent=0x24c) returned 1 [0117.533] SetEvent (hEvent=0x100) returned 1 [0117.534] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.541] SetEvent (hEvent=0x100) returned 1 [0117.541] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.544] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.547] SetEvent (hEvent=0x100) returned 1 [0117.547] SetEvent (hEvent=0x24c) returned 1 [0117.548] SetEvent (hEvent=0x26c) returned 1 [0117.548] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.554] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.559] SetEvent (hEvent=0x26c) returned 1 [0117.559] SetEvent (hEvent=0x24c) returned 1 [0117.559] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.561] SetEvent (hEvent=0x24c) returned 1 [0117.561] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.577] SetEvent (hEvent=0x24c) returned 1 [0117.577] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.596] SetEvent (hEvent=0x24c) returned 1 [0117.596] SetEvent (hEvent=0x26c) returned 1 [0117.597] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.603] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.610] SetEvent (hEvent=0x26c) returned 1 [0117.610] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.614] SetEvent (hEvent=0x26c) returned 1 [0117.614] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.620] SetEvent (hEvent=0x26c) returned 1 [0117.621] SetEvent (hEvent=0x24c) returned 1 [0117.621] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.624] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.626] SetEvent (hEvent=0x24c) returned 1 [0117.626] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.632] SetEvent (hEvent=0x26c) returned 1 [0117.632] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.637] SetEvent (hEvent=0x26c) returned 1 [0117.637] SetEvent (hEvent=0x24c) returned 1 [0117.637] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.672] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.679] SetEvent (hEvent=0x24c) returned 1 [0117.679] SetEvent (hEvent=0x26c) returned 1 [0117.680] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.681] SetEvent (hEvent=0x24c) returned 1 [0117.681] SetEvent (hEvent=0x100) returned 1 [0117.681] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.685] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.689] SetEvent (hEvent=0x100) returned 1 [0117.689] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.691] SetEvent (hEvent=0x100) returned 1 [0117.691] SetEvent (hEvent=0x24c) returned 1 [0117.691] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.695] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.700] SetEvent (hEvent=0x24c) returned 1 [0117.700] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.704] SetEvent (hEvent=0x24c) returned 1 [0117.704] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.707] SetEvent (hEvent=0x24c) returned 1 [0117.707] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.709] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.712] SetEvent (hEvent=0x24c) returned 1 [0117.712] SetEvent (hEvent=0x100) returned 1 [0117.712] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.715] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.718] SetEvent (hEvent=0x100) returned 1 [0117.718] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.724] SetEvent (hEvent=0x100) returned 1 [0117.724] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.726] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.730] SetEvent (hEvent=0x100) returned 1 [0117.730] SetEvent (hEvent=0x24c) returned 1 [0117.730] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.736] SetEvent (hEvent=0x24c) returned 1 [0117.736] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.740] SetEvent (hEvent=0x24c) returned 1 [0117.740] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.744] SetEvent (hEvent=0x24c) returned 1 [0117.744] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.746] timeEndPeriod (uPeriod=0x1) returned 0x0 [0117.746] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0117.752] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0117.752] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.766] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.784] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.788] SetEvent (hEvent=0x364) returned 1 [0117.788] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.796] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.815] SetEvent (hEvent=0x3c8) returned 1 [0117.815] SetEvent (hEvent=0x120) returned 1 [0117.815] SetEvent (hEvent=0x188) returned 1 [0117.815] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.822] SetEvent (hEvent=0x120) returned 1 [0117.822] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.828] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.830] SetEvent (hEvent=0x3c8) returned 1 [0117.830] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.833] SetEvent (hEvent=0x2a8) returned 1 [0117.833] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.835] SetEvent (hEvent=0x144) returned 1 [0117.835] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.838] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.839] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.840] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.875] timeEndPeriod (uPeriod=0x1) returned 0x0 [0117.875] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0117.934] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0117.934] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.942] timeEndPeriod (uPeriod=0x1) returned 0x0 [0117.942] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0117.943] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0117.943] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.957] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.962] SetEvent (hEvent=0x1dc) returned 1 [0117.962] SetEvent (hEvent=0xb8) returned 1 [0117.962] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.965] SetEvent (hEvent=0x334) returned 1 [0117.965] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.966] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.971] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.972] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.973] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.974] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.975] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.976] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.980] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.985] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.991] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.995] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0117.995] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.000] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.001] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.001] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.011] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.012] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.019] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.035] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.038] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.038] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.038] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.041] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.041] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.057] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.073] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.076] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.078] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.080] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.080] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.082] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.082] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.181] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.181] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.182] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.182] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.183] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.282] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x214, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2e4) returned 1 [0118.282] SuspendThread (hThread=0x2e4) returned 0x0 [0118.282] GetThreadContext (in: hThread=0x2e4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2b89fdf8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0118.282] ResumeThread (hThread=0x2e4) returned 0x1 [0118.283] CloseHandle (hObject=0x2e4) returned 1 [0118.283] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.284] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.286] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.288] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.288] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.290] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.290] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.399] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.399] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.401] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.401] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.418] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.418] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.420] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.420] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.558] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.560] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.560] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.561] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.561] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.562] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.562] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.567] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.567] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.581] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.581] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.582] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.582] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.601] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.620] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.622] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.622] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.624] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.624] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.646] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.656] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.656] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.657] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.657] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.662] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.662] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.664] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.664] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.687] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.693] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.709] SetEvent (hEvent=0x274) returned 1 [0118.709] SetEvent (hEvent=0x334) returned 1 [0118.709] SetEvent (hEvent=0x1dc) returned 1 [0118.709] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.715] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.730] SetEvent (hEvent=0x264) returned 1 [0118.730] SetEvent (hEvent=0xb8) returned 1 [0118.730] SetEvent (hEvent=0x30c) returned 1 [0118.730] SetEvent (hEvent=0x144) returned 1 [0118.730] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.735] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.744] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.751] SetEvent (hEvent=0x2a8) returned 1 [0118.751] SetEvent (hEvent=0x188) returned 1 [0118.751] SetEvent (hEvent=0x364) returned 1 [0118.751] SetEvent (hEvent=0x234) returned 1 [0118.751] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.754] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.762] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.772] SetEvent (hEvent=0x120) returned 1 [0118.772] SetEvent (hEvent=0x208) returned 1 [0118.772] SetEvent (hEvent=0x29c) returned 1 [0118.772] SetEvent (hEvent=0x26c) returned 1 [0118.772] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.778] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.785] SetEvent (hEvent=0x114) returned 1 [0118.785] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.792] SetEvent (hEvent=0x15c) returned 1 [0118.792] SetEvent (hEvent=0x35c) returned 1 [0118.792] SetEvent (hEvent=0x1e8) returned 1 [0118.792] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.797] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.806] SetEvent (hEvent=0x35c) returned 1 [0118.806] SetEvent (hEvent=0x354) returned 1 [0118.807] SetEvent (hEvent=0x324) returned 1 [0118.807] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.813] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.818] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.820] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.821] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.821] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.822] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.822] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.839] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.855] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.857] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.867] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x218, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x230) returned 1 [0118.867] SuspendThread (hThread=0x230) returned 0x0 [0118.867] GetThreadContext (in: hThread=0x230, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e89fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0118.876] ResumeThread (hThread=0x230) returned 0x1 [0118.876] CloseHandle (hObject=0x230) returned 1 [0118.876] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.884] SetEvent (hEvent=0x13c) returned 1 [0118.884] SetEvent (hEvent=0x29c) returned 1 [0118.884] SetEvent (hEvent=0x30c) returned 1 [0118.884] SetEvent (hEvent=0xb8) returned 1 [0118.884] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.886] SetEvent (hEvent=0xb8) returned 1 [0118.886] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.899] SetEvent (hEvent=0x30c) returned 1 [0118.899] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.905] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.905] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.906] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.906] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.926] SetEvent (hEvent=0x30c) returned 1 [0118.926] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.949] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.955] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.958] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.958] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.959] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.959] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x330, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2e8) returned 1 [0118.959] SuspendThread (hThread=0x2e8) returned 0x0 [0118.959] GetThreadContext (in: hThread=0x2e8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2ce9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0118.969] ResumeThread (hThread=0x2e8) returned 0x1 [0118.969] CloseHandle (hObject=0x2e8) returned 1 [0118.970] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.976] SetEvent (hEvent=0x334) returned 1 [0118.976] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.978] SetEvent (hEvent=0x334) returned 1 [0118.978] SetEvent (hEvent=0x144) returned 1 [0118.978] SetEvent (hEvent=0x114) returned 1 [0118.978] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.979] timeEndPeriod (uPeriod=0x1) returned 0x0 [0118.979] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0118.980] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0118.980] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.983] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0118.999] SetEvent (hEvent=0x28c) returned 1 [0118.999] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.003] SetEvent (hEvent=0x114) returned 1 [0119.003] SetEvent (hEvent=0x29c) returned 1 [0119.003] SetEvent (hEvent=0x188) returned 1 [0119.003] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.008] SetEvent (hEvent=0x188) returned 1 [0119.008] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.011] SetEvent (hEvent=0x114) returned 1 [0119.011] SetEvent (hEvent=0x1b4) returned 1 [0119.011] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.014] SetEvent (hEvent=0x1b4) returned 1 [0119.014] SetEvent (hEvent=0x258) returned 1 [0119.014] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.017] SetEvent (hEvent=0x258) returned 1 [0119.017] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.021] SetEvent (hEvent=0x9c) returned 1 [0119.021] SetEvent (hEvent=0xfc) returned 1 [0119.021] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.025] SetEvent (hEvent=0x9c) returned 1 [0119.025] SetEvent (hEvent=0x320) returned 1 [0119.025] SetEvent (hEvent=0x148) returned 1 [0119.025] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.030] SetEvent (hEvent=0x148) returned 1 [0119.030] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.033] SetEvent (hEvent=0x320) returned 1 [0119.033] SetEvent (hEvent=0x198) returned 1 [0119.033] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.037] SetEvent (hEvent=0x320) returned 1 [0119.038] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.041] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.044] SetEvent (hEvent=0x3c0) returned 1 [0119.044] SetEvent (hEvent=0x3c4) returned 1 [0119.044] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.046] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.051] SetEvent (hEvent=0x3c4) returned 1 [0119.051] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.059] SetEvent (hEvent=0x3c0) returned 1 [0119.059] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.062] SetEvent (hEvent=0x3c0) returned 1 [0119.062] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.064] SetEvent (hEvent=0x3c0) returned 1 [0119.064] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.066] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.069] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.071] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.076] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.080] SetEvent (hEvent=0x234) returned 1 [0119.080] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.081] SetEvent (hEvent=0x234) returned 1 [0119.081] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.083] SetEvent (hEvent=0x234) returned 1 [0119.083] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.087] SetEvent (hEvent=0x234) returned 1 [0119.087] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.089] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.091] SetEvent (hEvent=0x234) returned 1 [0119.091] SetEvent (hEvent=0x388) returned 1 [0119.091] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.098] SetEvent (hEvent=0x388) returned 1 [0119.098] SetEvent (hEvent=0x234) returned 1 [0119.098] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.103] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.106] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.108] SetEvent (hEvent=0x234) returned 1 [0119.108] SetEvent (hEvent=0x388) returned 1 [0119.108] SetEvent (hEvent=0x3c0) returned 1 [0119.108] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.110] timeEndPeriod (uPeriod=0x1) returned 0x0 [0119.110] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0119.112] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0119.112] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.135] timeEndPeriod (uPeriod=0x1) returned 0x0 [0119.135] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0119.136] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0119.136] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.145] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.148] SetEvent (hEvent=0x1a0) returned 1 [0119.148] SetEvent (hEvent=0x318) returned 1 [0119.148] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.150] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.151] SetEvent (hEvent=0x1a0) returned 1 [0119.151] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.153] SetEvent (hEvent=0x148) returned 1 [0119.153] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.156] SetEvent (hEvent=0x148) returned 1 [0119.156] SetEvent (hEvent=0x9c) returned 1 [0119.156] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.157] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.159] SetEvent (hEvent=0x9c) returned 1 [0119.159] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.161] SetEvent (hEvent=0x9c) returned 1 [0119.161] SetEvent (hEvent=0x148) returned 1 [0119.161] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.163] SetEvent (hEvent=0x9c) returned 1 [0119.163] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.165] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.170] SetEvent (hEvent=0x9c) returned 1 [0119.170] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.174] SetEvent (hEvent=0x9c) returned 1 [0119.174] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.177] SetEvent (hEvent=0x9c) returned 1 [0119.177] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.178] SetEvent (hEvent=0x9c) returned 1 [0119.178] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.180] SetEvent (hEvent=0x9c) returned 1 [0119.180] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.181] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.182] SetEvent (hEvent=0x9c) returned 1 [0119.182] SetEvent (hEvent=0x3c0) returned 1 [0119.182] SetEvent (hEvent=0x2b0) returned 1 [0119.182] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.184] SetEvent (hEvent=0x2b0) returned 1 [0119.184] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.188] SetEvent (hEvent=0x3c0) returned 1 [0119.188] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.190] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.190] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.192] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.192] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.194] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.195] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.196] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.197] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.198] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.200] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.202] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.204] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.205] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.205] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.206] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.209] timeEndPeriod (uPeriod=0x1) returned 0x0 [0119.209] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0119.214] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0119.214] SetEvent (hEvent=0x2b0) returned 1 [0119.214] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.236] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.244] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.246] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.247] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.249] timeEndPeriod (uPeriod=0x1) returned 0x0 [0119.249] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0119.251] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0119.251] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.267] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.284] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.286] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.289] timeEndPeriod (uPeriod=0x1) returned 0x0 [0119.289] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0119.292] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0119.292] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.392] timeEndPeriod (uPeriod=0x1) returned 0x0 [0119.392] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0119.394] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0119.394] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.491] timeEndPeriod (uPeriod=0x1) returned 0x0 [0119.491] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0119.507] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0119.507] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.511] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.568] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.568] timeEndPeriod (uPeriod=0x1) returned 0x0 [0119.568] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0119.569] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0119.569] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.571] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.672] timeEndPeriod (uPeriod=0x1) returned 0x0 [0119.672] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0119.674] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0119.674] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.777] timeEndPeriod (uPeriod=0x1) returned 0x0 [0119.777] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0119.778] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0119.778] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.882] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.885] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.887] timeEndPeriod (uPeriod=0x1) returned 0x0 [0119.887] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0119.889] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0119.889] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.905] timeEndPeriod (uPeriod=0x1) returned 0x0 [0119.905] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0119.906] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0119.906] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.922] timeEndPeriod (uPeriod=0x1) returned 0x0 [0119.922] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0119.924] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0119.924] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.925] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0119.946] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x19c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2d8) returned 1 [0119.946] SuspendThread (hThread=0x2d8) returned 0x0 [0119.946] GetThreadContext (in: hThread=0x2d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x29c9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0120.007] ResumeThread (hThread=0x2d8) returned 0x1 [0120.008] CloseHandle (hObject=0x2d8) returned 1 [0120.008] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.013] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.013] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0120.016] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0120.016] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.047] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.047] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0120.074] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0120.074] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x19c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x384) returned 1 [0120.074] SuspendThread (hThread=0x384) returned 0x0 [0120.074] GetThreadContext (in: hThread=0x384, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x29c9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0120.077] ResumeThread (hThread=0x384) returned 0x1 [0120.077] CloseHandle (hObject=0x384) returned 1 [0120.077] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.088] SetEvent (hEvent=0x364) returned 1 [0120.088] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.098] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.106] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.106] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0120.107] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0120.107] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x244, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3dc) returned 1 [0120.107] SuspendThread (hThread=0x3dc) returned 0x0 [0120.107] GetThreadContext (in: hThread=0x3dc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d89fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0120.113] ResumeThread (hThread=0x3dc) returned 0x1 [0120.113] CloseHandle (hObject=0x3dc) returned 1 [0120.113] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.130] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.132] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.132] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0120.133] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0120.133] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.134] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.160] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.163] SetEvent (hEvent=0x144) returned 1 [0120.163] SetEvent (hEvent=0x39c) returned 1 [0120.163] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.165] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.165] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0120.168] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0120.168] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.196] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.215] SetEvent (hEvent=0x12c) returned 1 [0120.215] SetEvent (hEvent=0xfc) returned 1 [0120.215] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.223] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.223] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0120.227] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0120.227] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.250] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1f0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0120.250] SuspendThread (hThread=0x1b0) returned 0x0 [0120.250] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2b49fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0120.273] ResumeThread (hThread=0x1b0) returned 0x1 [0120.273] CloseHandle (hObject=0x1b0) returned 1 [0120.273] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.278] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.278] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0120.281] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0120.281] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.310] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.311] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0120.314] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0120.314] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.338] SetEvent (hEvent=0x12c) returned 1 [0120.338] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.351] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.351] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0120.353] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0120.353] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.372] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.372] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0120.372] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0120.372] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.395] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.396] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.396] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0120.397] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0120.397] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.402] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.402] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0120.403] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0120.403] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.414] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x98, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2d8) returned 1 [0120.414] SuspendThread (hThread=0x2d8) returned 0x0 [0120.414] GetThreadContext (in: hThread=0x2d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27a5fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0120.427] ResumeThread (hThread=0x2d8) returned 0x1 [0120.427] CloseHandle (hObject=0x2d8) returned 1 [0120.427] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.432] SetEvent (hEvent=0x144) returned 1 [0120.432] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.440] SetEvent (hEvent=0x1a0) returned 1 [0120.441] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.451] SetEvent (hEvent=0x1a0) returned 1 [0120.451] SetEvent (hEvent=0x12c) returned 1 [0120.451] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.462] SetEvent (hEvent=0xfc) returned 1 [0120.462] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.470] SetEvent (hEvent=0xfc) returned 1 [0120.470] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.482] SetEvent (hEvent=0x258) returned 1 [0120.482] SetEvent (hEvent=0x39c) returned 1 [0120.482] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.488] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.523] SetEvent (hEvent=0x30c) returned 1 [0120.523] SetEvent (hEvent=0x364) returned 1 [0120.523] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.530] SetEvent (hEvent=0x30c) returned 1 [0120.530] SetEvent (hEvent=0x3c4) returned 1 [0120.530] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.535] SetEvent (hEvent=0x3c4) returned 1 [0120.535] SetEvent (hEvent=0x114) returned 1 [0120.535] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.538] SetEvent (hEvent=0x114) returned 1 [0120.538] SetEvent (hEvent=0x324) returned 1 [0120.538] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.542] SetEvent (hEvent=0x114) returned 1 [0120.542] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.551] SetEvent (hEvent=0x3c8) returned 1 [0120.551] SetEvent (hEvent=0xec) returned 1 [0120.551] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.582] SetEvent (hEvent=0xec) returned 1 [0120.582] SetEvent (hEvent=0x24c) returned 1 [0120.582] SetEvent (hEvent=0x320) returned 1 [0120.582] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.588] SetEvent (hEvent=0x320) returned 1 [0120.588] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.593] SetEvent (hEvent=0xec) returned 1 [0120.594] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.599] SetEvent (hEvent=0x1b4) returned 1 [0120.599] SetEvent (hEvent=0x208) returned 1 [0120.599] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.605] SetEvent (hEvent=0x208) returned 1 [0120.606] SetEvent (hEvent=0x334) returned 1 [0120.606] SetEvent (hEvent=0x13c) returned 1 [0120.606] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.611] SetEvent (hEvent=0x13c) returned 1 [0120.611] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.616] SetEvent (hEvent=0x114) returned 1 [0120.616] SetEvent (hEvent=0x208) returned 1 [0120.616] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.618] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.620] SetEvent (hEvent=0x208) returned 1 [0120.620] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.624] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.627] SetEvent (hEvent=0x208) returned 1 [0120.627] SetEvent (hEvent=0x114) returned 1 [0120.627] SetEvent (hEvent=0x354) returned 1 [0120.627] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.629] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.633] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.636] SetEvent (hEvent=0x354) returned 1 [0120.637] SetEvent (hEvent=0x114) returned 1 [0120.637] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.642] SetEvent (hEvent=0x114) returned 1 [0120.642] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.645] SetEvent (hEvent=0x114) returned 1 [0120.645] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.649] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.654] SetEvent (hEvent=0x114) returned 1 [0120.654] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.657] SetEvent (hEvent=0x114) returned 1 [0120.657] SetEvent (hEvent=0x354) returned 1 [0120.657] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.658] SetEvent (hEvent=0x354) returned 1 [0120.659] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.664] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.665] SetEvent (hEvent=0x354) returned 1 [0120.665] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.666] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.668] SetEvent (hEvent=0x354) returned 1 [0120.668] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.671] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.674] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.675] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.679] SetEvent (hEvent=0x114) returned 1 [0120.679] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.686] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.691] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.692] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.695] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.697] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.698] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.700] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.701] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.704] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.705] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.726] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.727] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.727] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0120.730] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0120.730] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.747] SetEvent (hEvent=0x208) returned 1 [0120.747] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.769] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.770] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.771] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.777] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.791] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.793] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.793] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.851] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.855] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.855] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0120.864] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0120.864] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.875] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.889] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.889] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0120.891] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0120.891] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.892] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.911] timeEndPeriod (uPeriod=0x1) returned 0x0 [0120.911] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0120.913] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0120.914] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.930] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.951] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.953] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.963] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.968] SetEvent (hEvent=0xfc) returned 1 [0120.968] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.974] SetEvent (hEvent=0x1a0) returned 1 [0120.974] SetEvent (hEvent=0x1b4) returned 1 [0120.974] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.978] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.989] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0120.998] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.000] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.001] SetEvent (hEvent=0x1b4) returned 1 [0121.001] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.005] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.023] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.027] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.032] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.034] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.035] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.036] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.041] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.047] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.050] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.053] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.066] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.081] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.084] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.085] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.090] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.099] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.100] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.105] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.108] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.109] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.111] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.125] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x244, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3cc) returned 1 [0121.125] SuspendThread (hThread=0x3cc) returned 0x0 [0121.125] GetThreadContext (in: hThread=0x3cc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d89fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0121.129] ResumeThread (hThread=0x3cc) returned 0x1 [0121.129] CloseHandle (hObject=0x3cc) returned 1 [0121.129] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.131] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.132] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.137] timeEndPeriod (uPeriod=0x1) returned 0x0 [0121.137] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0121.140] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0121.140] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.155] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.176] timeEndPeriod (uPeriod=0x1) returned 0x0 [0121.177] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0121.181] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0121.181] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.196] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.211] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.212] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.221] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.226] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.231] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.234] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.236] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.238] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.240] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.243] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.245] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.248] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.257] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.261] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.262] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.263] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.270] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.272] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.276] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.277] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.278] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.281] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.284] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.285] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.286] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.289] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.294] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.300] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.301] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.303] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.307] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.308] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.315] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.318] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.320] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.323] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.325] SetEvent (hEvent=0x354) returned 1 [0121.326] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.327] timeEndPeriod (uPeriod=0x1) returned 0x0 [0121.327] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0121.331] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0121.331] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.346] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.365] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.365] timeEndPeriod (uPeriod=0x1) returned 0x0 [0121.366] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0121.367] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0121.367] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.369] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.385] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.385] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.387] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.389] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.392] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.393] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.394] timeEndPeriod (uPeriod=0x1) returned 0x0 [0121.394] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0121.410] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0121.410] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.412] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x350, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3cc) returned 1 [0121.412] SuspendThread (hThread=0x3cc) returned 0x0 [0121.412] GetThreadContext (in: hThread=0x3cc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d29fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0121.428] ResumeThread (hThread=0x3cc) returned 0x1 [0121.428] CloseHandle (hObject=0x3cc) returned 1 [0121.428] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.430] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.432] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.440] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.442] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.445] timeEndPeriod (uPeriod=0x1) returned 0x0 [0121.446] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0121.447] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0121.447] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.449] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.465] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.473] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.475] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.477] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.479] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.481] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.493] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.495] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.498] timeEndPeriod (uPeriod=0x1) returned 0x0 [0121.498] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0121.499] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0121.499] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.504] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.536] SetEvent (hEvent=0x1b4) returned 1 [0121.536] SetEvent (hEvent=0x30c) returned 1 [0121.536] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.572] SetEvent (hEvent=0xfc) returned 1 [0121.572] SetEvent (hEvent=0x114) returned 1 [0121.572] SetEvent (hEvent=0x3c8) returned 1 [0121.572] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.578] timeEndPeriod (uPeriod=0x1) returned 0x0 [0121.578] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0121.581] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0121.581] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.646] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x14c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3dc) returned 1 [0121.646] SuspendThread (hThread=0x3dc) returned 0x0 [0121.646] GetThreadContext (in: hThread=0x3dc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2945fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0121.664] ResumeThread (hThread=0x3dc) returned 0x1 [0121.664] CloseHandle (hObject=0x3dc) returned 1 [0121.664] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.676] timeEndPeriod (uPeriod=0x1) returned 0x0 [0121.676] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0121.677] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0121.677] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.694] timeEndPeriod (uPeriod=0x1) returned 0x0 [0121.694] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0121.695] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0121.695] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.715] timeEndPeriod (uPeriod=0x1) returned 0x0 [0121.715] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0121.716] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0121.716] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.750] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x14c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2e8) returned 1 [0121.750] SuspendThread (hThread=0x2e8) returned 0x0 [0121.750] GetThreadContext (in: hThread=0x2e8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2945fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0121.765] ResumeThread (hThread=0x2e8) returned 0x1 [0121.765] CloseHandle (hObject=0x2e8) returned 1 [0121.765] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.810] SetEvent (hEvent=0x13c) returned 1 [0121.810] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.813] timeEndPeriod (uPeriod=0x1) returned 0x0 [0121.813] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0121.815] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0121.815] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0121.878] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x19c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3d8) returned 1 [0121.878] SuspendThread (hThread=0x3d8) returned 0x0 [0121.878] GetThreadContext (in: hThread=0x3d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x29c9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0122.019] ResumeThread (hThread=0x3d8) returned 0x1 [0122.019] CloseHandle (hObject=0x3d8) returned 1 [0122.019] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.172] timeEndPeriod (uPeriod=0x1) returned 0x0 [0122.172] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0122.173] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0122.173] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.236] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.242] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.244] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.255] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x244, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2e8) returned 1 [0122.255] SuspendThread (hThread=0x2e8) returned 0x0 [0122.255] GetThreadContext (in: hThread=0x2e8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d89fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0122.264] ResumeThread (hThread=0x2e8) returned 0x1 [0122.264] CloseHandle (hObject=0x2e8) returned 1 [0122.264] SetEvent (hEvent=0x3c8) returned 1 [0122.264] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.272] SetEvent (hEvent=0x3c8) returned 1 [0122.272] SetEvent (hEvent=0x30c) returned 1 [0122.272] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.277] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.289] SetEvent (hEvent=0x30c) returned 1 [0122.289] SetEvent (hEvent=0x114) returned 1 [0122.289] SetEvent (hEvent=0xec) returned 1 [0122.289] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.294] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.297] timeEndPeriod (uPeriod=0x1) returned 0x0 [0122.297] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0122.298] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0122.298] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.302] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.343] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.346] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.347] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.354] timeEndPeriod (uPeriod=0x1) returned 0x0 [0122.354] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0122.356] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0122.356] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.429] SetEvent (hEvent=0x114) returned 1 [0122.429] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.473] timeEndPeriod (uPeriod=0x1) returned 0x0 [0122.473] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0122.475] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0122.475] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.488] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.496] timeEndPeriod (uPeriod=0x1) returned 0x0 [0122.496] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0122.497] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0122.497] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x370) returned 1 [0122.497] SuspendThread (hThread=0x370) returned 0x0 [0122.497] GetThreadContext (in: hThread=0x370, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0122.552] ResumeThread (hThread=0x370) returned 0x1 [0122.552] CloseHandle (hObject=0x370) returned 1 [0122.552] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.560] timeEndPeriod (uPeriod=0x1) returned 0x0 [0122.560] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0122.569] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0122.569] SetEvent (hEvent=0x3c0) returned 1 [0122.569] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.624] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.626] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.636] timeEndPeriod (uPeriod=0x1) returned 0x0 [0122.636] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0122.637] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0122.637] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2e8) returned 1 [0122.637] SuspendThread (hThread=0x2e8) returned 0x0 [0122.637] GetThreadContext (in: hThread=0x2e8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0122.681] ResumeThread (hThread=0x2e8) returned 0x1 [0122.681] CloseHandle (hObject=0x2e8) returned 1 [0122.681] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.734] SetEvent (hEvent=0x12c) returned 1 [0122.734] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.739] timeEndPeriod (uPeriod=0x1) returned 0x0 [0122.739] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0122.741] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0122.742] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.803] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.807] SetEvent (hEvent=0x1b4) returned 1 [0122.807] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.811] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.818] SetEvent (hEvent=0x1b4) returned 1 [0122.818] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.821] timeEndPeriod (uPeriod=0x1) returned 0x0 [0122.821] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0122.827] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0122.827] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.854] timeEndPeriod (uPeriod=0x1) returned 0x0 [0122.854] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0122.855] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0122.855] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.866] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.881] timeEndPeriod (uPeriod=0x1) returned 0x0 [0122.881] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0122.918] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0122.918] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2f0) returned 1 [0122.918] SuspendThread (hThread=0x2f0) returned 0x0 [0122.918] GetThreadContext (in: hThread=0x2f0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0122.930] ResumeThread (hThread=0x2f0) returned 0x1 [0122.930] CloseHandle (hObject=0x2f0) returned 1 [0122.931] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.953] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0122.961] timeEndPeriod (uPeriod=0x1) returned 0x0 [0122.961] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0122.962] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0122.962] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.003] timeEndPeriod (uPeriod=0x1) returned 0x0 [0123.003] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0123.011] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0123.011] SetEvent (hEvent=0x3c0) returned 1 [0123.011] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.026] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.050] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.167] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.195] SwitchToThread () returned 1 [0123.196] WaitForSingleObject (hHandle=0xc0, dwMilliseconds=0xffffffff) returned 0x0 [0123.215] timeEndPeriod (uPeriod=0x1) returned 0x0 [0123.216] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0123.218] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0123.218] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.268] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.291] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x244, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2f0) returned 1 [0123.291] SuspendThread (hThread=0x2f0) returned 0x0 [0123.291] GetThreadContext (in: hThread=0x2f0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d89fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0123.300] ResumeThread (hThread=0x2f0) returned 0x1 [0123.300] CloseHandle (hObject=0x2f0) returned 1 [0123.301] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.378] timeEndPeriod (uPeriod=0x1) returned 0x0 [0123.378] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0123.381] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0123.381] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.412] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x244, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2e8) returned 1 [0123.412] SuspendThread (hThread=0x2e8) returned 0x0 [0123.412] GetThreadContext (in: hThread=0x2e8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d89fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0123.460] ResumeThread (hThread=0x2e8) returned 0x1 [0123.460] CloseHandle (hObject=0x2e8) returned 1 [0123.460] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.461] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x244, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2e8) returned 1 [0123.461] SuspendThread (hThread=0x2e8) returned 0x0 [0123.461] GetThreadContext (in: hThread=0x2e8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d89fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0123.519] ResumeThread (hThread=0x2e8) returned 0x1 [0123.519] CloseHandle (hObject=0x2e8) returned 1 [0123.519] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.565] timeEndPeriod (uPeriod=0x1) returned 0x0 [0123.565] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0123.567] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0123.567] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.626] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x244, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2f0) returned 1 [0123.627] SwitchToThread () returned 1 [0123.627] WaitForSingleObject (hHandle=0xc0, dwMilliseconds=0xffffffff) returned 0x0 [0123.627] SuspendThread (hThread=0x2f0) returned 0x0 [0123.627] GetThreadContext (in: hThread=0x2f0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d89fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0123.725] ResumeThread (hThread=0x2f0) returned 0x1 [0123.725] CloseHandle (hObject=0x2f0) returned 1 [0123.725] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.728] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x244, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3d8) returned 1 [0123.728] SuspendThread (hThread=0x3d8) returned 0x0 [0123.728] GetThreadContext (in: hThread=0x3d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d89fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0123.751] ResumeThread (hThread=0x3d8) returned 0x1 [0123.751] CloseHandle (hObject=0x3d8) returned 1 [0123.751] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.757] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.763] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.797] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.800] SetEvent (hEvent=0x354) returned 1 [0123.800] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.806] SetEvent (hEvent=0x12c) returned 1 [0123.807] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.813] SetEvent (hEvent=0x3c8) returned 1 [0123.813] SetEvent (hEvent=0x1a0) returned 1 [0123.813] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.819] SetEvent (hEvent=0x1b4) returned 1 [0123.819] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.829] SetEvent (hEvent=0xec) returned 1 [0123.829] SetEvent (hEvent=0x114) returned 1 [0123.829] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.840] SetEvent (hEvent=0x320) returned 1 [0123.840] SetEvent (hEvent=0x334) returned 1 [0123.840] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.849] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.859] timeEndPeriod (uPeriod=0x1) returned 0x0 [0123.859] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0123.862] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0123.862] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.879] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.896] timeEndPeriod (uPeriod=0x1) returned 0x0 [0123.896] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0123.908] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0123.908] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.914] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0123.914] SuspendThread (hThread=0x36c) returned 0x0 [0123.914] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0123.920] ResumeThread (hThread=0x36c) returned 0x1 [0123.921] CloseHandle (hObject=0x36c) returned 1 [0123.921] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0123.990] timeEndPeriod (uPeriod=0x1) returned 0x0 [0123.990] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0123.993] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0123.993] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.007] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0124.007] SuspendThread (hThread=0x36c) returned 0x0 [0124.008] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0124.056] ResumeThread (hThread=0x36c) returned 0x1 [0124.056] CloseHandle (hObject=0x36c) returned 1 [0124.057] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.084] timeEndPeriod (uPeriod=0x1) returned 0x0 [0124.084] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0124.086] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0124.086] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.164] timeEndPeriod (uPeriod=0x1) returned 0x0 [0124.164] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0124.429] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0124.429] SetEvent (hEvent=0xec) returned 1 [0124.429] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.484] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3d8) returned 1 [0124.484] SuspendThread (hThread=0x3d8) returned 0x0 [0124.485] GetThreadContext (in: hThread=0x3d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0124.513] ResumeThread (hThread=0x3d8) returned 0x1 [0124.513] CloseHandle (hObject=0x3d8) returned 1 [0124.513] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.524] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.526] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.532] timeEndPeriod (uPeriod=0x1) returned 0x0 [0124.532] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0124.535] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0124.535] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.578] timeEndPeriod (uPeriod=0x1) returned 0x0 [0124.578] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0124.583] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0124.583] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.686] timeEndPeriod (uPeriod=0x1) returned 0x0 [0124.686] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0124.689] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0124.689] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3d8) returned 1 [0124.689] SuspendThread (hThread=0x3d8) returned 0x0 [0124.689] GetThreadContext (in: hThread=0x3d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0124.697] ResumeThread (hThread=0x3d8) returned 0x1 [0124.697] CloseHandle (hObject=0x3d8) returned 1 [0124.697] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.707] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.833] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.846] SetEvent (hEvent=0xec) returned 1 [0124.846] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.847] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.862] timeEndPeriod (uPeriod=0x1) returned 0x0 [0124.863] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0124.864] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0124.864] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0124.865] SuspendThread (hThread=0x1b0) returned 0x0 [0124.865] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2de9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0124.875] ResumeThread (hThread=0x1b0) returned 0x1 [0124.876] CloseHandle (hObject=0x1b0) returned 1 [0124.876] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.882] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.903] timeEndPeriod (uPeriod=0x1) returned 0x0 [0124.903] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0124.905] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0124.905] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0124.905] SuspendThread (hThread=0x1b0) returned 0x0 [0124.905] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2de9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0124.922] ResumeThread (hThread=0x1b0) returned 0x1 [0124.922] CloseHandle (hObject=0x1b0) returned 1 [0124.922] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.927] timeEndPeriod (uPeriod=0x1) returned 0x0 [0124.927] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0124.929] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0124.929] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0124.932] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0125.000] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0125.100] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x23c) returned 1 [0125.100] SuspendThread (hThread=0x23c) returned 0x0 [0125.100] GetThreadContext (in: hThread=0x23c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2de9fde8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0125.227] ResumeThread (hThread=0x23c) returned 0x1 [0125.227] CloseHandle (hObject=0x23c) returned 1 [0125.227] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0125.269] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3d8) returned 1 [0125.269] SuspendThread (hThread=0x3d8) returned 0x0 [0125.269] GetThreadContext (in: hThread=0x3d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2de9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0125.424] ResumeThread (hThread=0x3d8) returned 0x1 [0125.424] CloseHandle (hObject=0x3d8) returned 1 [0125.424] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0125.431] timeEndPeriod (uPeriod=0x1) returned 0x0 [0125.432] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0125.435] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0125.435] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0125.503] timeEndPeriod (uPeriod=0x1) returned 0x0 [0125.503] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0125.505] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0125.505] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0125.532] timeEndPeriod (uPeriod=0x1) returned 0x0 [0125.532] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0125.533] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0125.533] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0125.545] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x23c) returned 1 [0125.545] SuspendThread (hThread=0x23c) returned 0x0 [0125.545] GetThreadContext (in: hThread=0x23c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2de9fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0125.591] ResumeThread (hThread=0x23c) returned 0x1 [0125.591] CloseHandle (hObject=0x23c) returned 1 [0125.591] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0125.594] timeEndPeriod (uPeriod=0x1) returned 0x0 [0125.594] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0125.595] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0125.595] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2e8) returned 1 [0125.595] SuspendThread (hThread=0x2e8) returned 0x0 [0125.596] GetThreadContext (in: hThread=0x2e8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2de9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0125.603] ResumeThread (hThread=0x2e8) returned 0x1 [0125.604] CloseHandle (hObject=0x2e8) returned 1 [0125.604] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0125.618] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0125.623] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0125.640] timeEndPeriod (uPeriod=0x1) returned 0x0 [0125.640] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0125.643] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0125.643] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0125.712] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x384) returned 1 [0125.712] SuspendThread (hThread=0x384) returned 0x0 [0125.712] GetThreadContext (in: hThread=0x384, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2de9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0125.812] ResumeThread (hThread=0x384) returned 0x1 [0125.812] CloseHandle (hObject=0x384) returned 1 [0125.813] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0125.915] SwitchToThread () returned 1 [0125.997] WaitForSingleObject (hHandle=0xc0, dwMilliseconds=0xffffffff) returned 0x0 [0126.046] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.065] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3d8) returned 1 [0126.065] SuspendThread (hThread=0x3d8) returned 0x0 [0126.065] GetThreadContext (in: hThread=0x3d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2de9fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0126.072] ResumeThread (hThread=0x3d8) returned 0x1 [0126.072] CloseHandle (hObject=0x3d8) returned 1 [0126.072] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.152] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3d8) returned 1 [0126.152] SuspendThread (hThread=0x3d8) returned 0x0 [0126.152] GetThreadContext (in: hThread=0x3d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2de9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0126.206] ResumeThread (hThread=0x3d8) returned 0x1 [0126.206] CloseHandle (hObject=0x3d8) returned 1 [0126.206] SetEvent (hEvent=0x114) returned 1 [0126.206] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.211] SetEvent (hEvent=0x114) returned 1 [0126.211] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.214] timeEndPeriod (uPeriod=0x1) returned 0x0 [0126.214] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0126.215] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0126.215] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.217] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.276] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.430] SetEvent (hEvent=0x30c) returned 1 [0126.430] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.434] timeEndPeriod (uPeriod=0x1) returned 0x0 [0126.434] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0126.435] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0126.436] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.572] timeEndPeriod (uPeriod=0x1) returned 0x0 [0126.572] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0126.586] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0126.586] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0126.586] SuspendThread (hThread=0x1b0) returned 0x0 [0126.586] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0126.597] ResumeThread (hThread=0x1b0) returned 0x1 [0126.597] CloseHandle (hObject=0x1b0) returned 1 [0126.597] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.636] SetEvent (hEvent=0x13c) returned 1 [0126.636] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.649] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2e8) returned 1 [0126.649] SuspendThread (hThread=0x2e8) returned 0x0 [0126.649] GetThreadContext (in: hThread=0x2e8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0126.650] ResumeThread (hThread=0x2e8) returned 0x1 [0126.650] CloseHandle (hObject=0x2e8) returned 1 [0126.650] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.654] timeEndPeriod (uPeriod=0x1) returned 0x0 [0126.654] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0126.655] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0126.655] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0126.655] SuspendThread (hThread=0x1b0) returned 0x0 [0126.655] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0126.695] ResumeThread (hThread=0x1b0) returned 0x1 [0126.695] CloseHandle (hObject=0x1b0) returned 1 [0126.695] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.711] timeEndPeriod (uPeriod=0x1) returned 0x0 [0126.711] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0126.714] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0126.714] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.731] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.746] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.747] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.748] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.749] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.750] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.751] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.752] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.754] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.755] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.757] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.759] SetEvent (hEvent=0x114) returned 1 [0126.759] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.765] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.769] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.776] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.780] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.791] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x350, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2bc) returned 1 [0126.791] SuspendThread (hThread=0x2bc) returned 0x0 [0126.791] GetThreadContext (in: hThread=0x2bc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d29fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0126.853] ResumeThread (hThread=0x2bc) returned 0x1 [0126.853] CloseHandle (hObject=0x2bc) returned 1 [0126.853] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.874] timeEndPeriod (uPeriod=0x1) returned 0x0 [0126.874] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0126.878] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0126.878] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.905] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x350, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2bc) returned 1 [0126.905] SuspendThread (hThread=0x2bc) returned 0x0 [0126.905] GetThreadContext (in: hThread=0x2bc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d29fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0126.912] ResumeThread (hThread=0x2bc) returned 0x1 [0126.912] CloseHandle (hObject=0x2bc) returned 1 [0126.912] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.924] timeEndPeriod (uPeriod=0x1) returned 0x0 [0126.924] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0126.925] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0126.925] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x350, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2bc) returned 1 [0126.925] SuspendThread (hThread=0x2bc) returned 0x0 [0126.925] GetThreadContext (in: hThread=0x2bc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d29fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0126.928] ResumeThread (hThread=0x2bc) returned 0x1 [0126.928] CloseHandle (hObject=0x2bc) returned 1 [0126.928] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.943] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.947] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.951] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.965] timeEndPeriod (uPeriod=0x1) returned 0x0 [0126.965] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0126.967] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0126.967] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0126.983] timeEndPeriod (uPeriod=0x1) returned 0x0 [0126.983] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0126.985] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0126.985] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.022] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.026] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.036] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.043] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.043] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.045] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.045] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x350, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3d8) returned 1 [0127.046] SuspendThread (hThread=0x3d8) returned 0x0 [0127.046] GetThreadContext (in: hThread=0x3d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d29fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.050] ResumeThread (hThread=0x3d8) returned 0x1 [0127.050] CloseHandle (hObject=0x3d8) returned 1 [0127.050] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.071] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.071] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.072] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.072] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.080] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.085] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.085] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.086] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.086] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.098] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.098] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.099] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.099] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.110] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.110] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.111] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.111] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x350, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3cc) returned 1 [0127.111] SuspendThread (hThread=0x3cc) returned 0x0 [0127.112] GetThreadContext (in: hThread=0x3cc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d29fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.117] ResumeThread (hThread=0x3cc) returned 0x1 [0127.117] CloseHandle (hObject=0x3cc) returned 1 [0127.117] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.130] SetEvent (hEvent=0x3c8) returned 1 [0127.130] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.132] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.132] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.133] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.133] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.137] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.237] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.237] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.278] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.278] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x384) returned 1 [0127.278] SuspendThread (hThread=0x384) returned 0x0 [0127.278] GetThreadContext (in: hThread=0x384, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.293] ResumeThread (hThread=0x384) returned 0x1 [0127.293] CloseHandle (hObject=0x384) returned 1 [0127.293] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.306] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.315] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.363] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x370) returned 1 [0127.363] SuspendThread (hThread=0x370) returned 0x0 [0127.363] GetThreadContext (in: hThread=0x370, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.408] ResumeThread (hThread=0x370) returned 0x1 [0127.408] CloseHandle (hObject=0x370) returned 1 [0127.408] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.414] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.420] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.426] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.426] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.427] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.427] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2bc) returned 1 [0127.427] SuspendThread (hThread=0x2bc) returned 0x0 [0127.427] GetThreadContext (in: hThread=0x2bc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.456] ResumeThread (hThread=0x2bc) returned 0x1 [0127.456] CloseHandle (hObject=0x2bc) returned 1 [0127.456] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.468] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.476] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.479] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.479] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.480] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.480] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x370) returned 1 [0127.480] SuspendThread (hThread=0x370) returned 0x0 [0127.480] GetThreadContext (in: hThread=0x370, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.502] ResumeThread (hThread=0x370) returned 0x1 [0127.502] CloseHandle (hObject=0x370) returned 1 [0127.502] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.527] SetEvent (hEvent=0x13c) returned 1 [0127.527] SetEvent (hEvent=0x3c8) returned 1 [0127.527] SetEvent (hEvent=0x1a0) returned 1 [0127.527] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.531] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.531] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.533] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.533] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.545] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.551] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.552] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.572] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.572] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x384) returned 1 [0127.572] SuspendThread (hThread=0x384) returned 0x0 [0127.573] GetThreadContext (in: hThread=0x384, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.591] ResumeThread (hThread=0x384) returned 0x1 [0127.591] CloseHandle (hObject=0x384) returned 1 [0127.591] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.605] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.608] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.608] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.609] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.609] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.611] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.639] SetEvent (hEvent=0x324) returned 1 [0127.639] SetEvent (hEvent=0x30c) returned 1 [0127.639] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.642] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.642] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.645] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.645] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.663] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.663] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.663] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.663] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.684] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.689] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.689] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.690] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.690] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.698] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.718] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.765] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.765] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.768] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.768] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.791] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x23c) returned 1 [0127.791] SuspendThread (hThread=0x23c) returned 0x0 [0127.791] GetThreadContext (in: hThread=0x23c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.805] ResumeThread (hThread=0x23c) returned 0x1 [0127.805] CloseHandle (hObject=0x23c) returned 1 [0127.805] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.819] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.826] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.860] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2bc) returned 1 [0127.860] SuspendThread (hThread=0x2bc) returned 0x0 [0127.860] GetThreadContext (in: hThread=0x2bc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.876] ResumeThread (hThread=0x2bc) returned 0x1 [0127.876] CloseHandle (hObject=0x2bc) returned 1 [0127.876] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.886] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.886] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.887] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.887] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.958] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3d8) returned 1 [0127.958] SuspendThread (hThread=0x3d8) returned 0x0 [0127.958] GetThreadContext (in: hThread=0x3d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0127.959] ResumeThread (hThread=0x3d8) returned 0x1 [0127.959] CloseHandle (hObject=0x3d8) returned 1 [0127.959] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.966] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.966] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.967] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.967] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.977] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0127.987] timeEndPeriod (uPeriod=0x1) returned 0x0 [0127.987] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0127.988] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0127.988] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.009] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x370) returned 1 [0128.009] SuspendThread (hThread=0x370) returned 0x0 [0128.009] GetThreadContext (in: hThread=0x370, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0128.025] ResumeThread (hThread=0x370) returned 0x1 [0128.025] CloseHandle (hObject=0x370) returned 1 [0128.025] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.037] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.040] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.046] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2bc) returned 1 [0128.046] SuspendThread (hThread=0x2bc) returned 0x0 [0128.047] GetThreadContext (in: hThread=0x2bc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0128.064] ResumeThread (hThread=0x2bc) returned 0x1 [0128.064] CloseHandle (hObject=0x2bc) returned 1 [0128.064] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.078] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.080] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.091] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x23c) returned 1 [0128.091] SuspendThread (hThread=0x23c) returned 0x0 [0128.092] GetThreadContext (in: hThread=0x23c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0128.114] ResumeThread (hThread=0x23c) returned 0x1 [0128.114] CloseHandle (hObject=0x23c) returned 1 [0128.114] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.121] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.128] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.132] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x370) returned 1 [0128.132] SuspendThread (hThread=0x370) returned 0x0 [0128.132] GetThreadContext (in: hThread=0x370, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0128.154] ResumeThread (hThread=0x370) returned 0x1 [0128.154] CloseHandle (hObject=0x370) returned 1 [0128.154] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.161] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.164] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.167] timeEndPeriod (uPeriod=0x1) returned 0x0 [0128.167] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0128.168] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0128.168] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.169] timeEndPeriod (uPeriod=0x1) returned 0x0 [0128.169] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0128.171] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0128.171] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.198] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.216] SetEvent (hEvent=0x1a0) returned 1 [0128.216] SetEvent (hEvent=0x30c) returned 1 [0128.216] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.220] timeEndPeriod (uPeriod=0x1) returned 0x0 [0128.221] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0128.223] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0128.223] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.242] timeEndPeriod (uPeriod=0x1) returned 0x0 [0128.242] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0128.252] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0128.252] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.256] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x200, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2bc) returned 1 [0128.256] SuspendThread (hThread=0x2bc) returned 0x0 [0128.256] GetThreadContext (in: hThread=0x2bc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2c69fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0128.260] ResumeThread (hThread=0x2bc) returned 0x1 [0128.260] CloseHandle (hObject=0x2bc) returned 1 [0128.260] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.273] timeEndPeriod (uPeriod=0x1) returned 0x0 [0128.273] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0128.274] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0128.274] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.277] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.291] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.295] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.300] timeEndPeriod (uPeriod=0x1) returned 0x0 [0128.300] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0128.303] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0128.303] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.330] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.354] SetEvent (hEvent=0x1a0) returned 1 [0128.354] SetEvent (hEvent=0x324) returned 1 [0128.354] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.374] SetEvent (hEvent=0x1a0) returned 1 [0128.374] SetEvent (hEvent=0x354) returned 1 [0128.374] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.378] timeEndPeriod (uPeriod=0x1) returned 0x0 [0128.378] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0128.380] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0128.380] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.407] timeEndPeriod (uPeriod=0x1) returned 0x0 [0128.407] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0128.408] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0128.408] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.411] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x370) returned 1 [0128.411] SuspendThread (hThread=0x370) returned 0x0 [0128.411] GetThreadContext (in: hThread=0x370, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0128.430] ResumeThread (hThread=0x370) returned 0x1 [0128.430] CloseHandle (hObject=0x370) returned 1 [0128.430] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.444] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.456] SetEvent (hEvent=0x354) returned 1 [0128.457] SetEvent (hEvent=0x1b4) returned 1 [0128.457] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.469] SetEvent (hEvent=0x39c) returned 1 [0128.469] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.481] SetEvent (hEvent=0x39c) returned 1 [0128.481] SetEvent (hEvent=0xfc) returned 1 [0128.481] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.487] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.489] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.492] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.493] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.495] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.495] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.497] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.499] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.500] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.503] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.505] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.508] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.522] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.527] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.529] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.530] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.531] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.532] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.533] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.534] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.535] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.536] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.537] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.539] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.540] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.540] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.542] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.543] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.545] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.552] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.553] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.567] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.568] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.569] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.570] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.570] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.572] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.573] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.574] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.575] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.576] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.577] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.578] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.580] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.582] SetEvent (hEvent=0x208) returned 1 [0128.582] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.583] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.585] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.592] SetEvent (hEvent=0x24c) returned 1 [0128.592] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.593] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.594] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.595] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0128.596] timeEndPeriod (uPeriod=0x1) returned 0x0 [0128.596] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0130.423] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0130.423] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0130.424] timeEndPeriod (uPeriod=0x1) returned 0x0 [0130.424] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0130.605] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0130.605] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0130.663] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0130.751] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2b4) returned 1 [0130.751] SuspendThread (hThread=0x2b4) returned 0x0 [0130.751] GetThreadContext (in: hThread=0x2b4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0130.777] ResumeThread (hThread=0x2b4) returned 0x1 [0130.777] CloseHandle (hObject=0x2b4) returned 1 [0130.777] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0130.784] timeEndPeriod (uPeriod=0x1) returned 0x0 [0130.784] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0130.788] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0130.788] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0130.802] timeEndPeriod (uPeriod=0x1) returned 0x0 [0130.803] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0130.806] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0130.806] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3d8) returned 1 [0130.806] SuspendThread (hThread=0x3d8) returned 0x0 [0130.806] GetThreadContext (in: hThread=0x3d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0130.817] ResumeThread (hThread=0x3d8) returned 0x1 [0130.817] CloseHandle (hObject=0x3d8) returned 1 [0130.817] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0130.840] SetEvent (hEvent=0x3c0) returned 1 [0130.840] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0130.851] timeEndPeriod (uPeriod=0x1) returned 0x0 [0130.851] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0130.853] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0130.853] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0130.896] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2b4) returned 1 [0130.896] SuspendThread (hThread=0x2b4) returned 0x0 [0130.896] GetThreadContext (in: hThread=0x2b4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0130.898] ResumeThread (hThread=0x2b4) returned 0x1 [0130.898] CloseHandle (hObject=0x2b4) returned 1 [0130.898] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0130.900] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2b4) returned 1 [0130.900] SuspendThread (hThread=0x2b4) returned 0x0 [0130.900] GetThreadContext (in: hThread=0x2b4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0130.911] ResumeThread (hThread=0x2b4) returned 0x1 [0130.911] CloseHandle (hObject=0x2b4) returned 1 [0130.911] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0130.918] timeEndPeriod (uPeriod=0x1) returned 0x0 [0130.918] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0130.921] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0130.921] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0130.950] timeEndPeriod (uPeriod=0x1) returned 0x0 [0130.950] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0130.952] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0130.952] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0130.978] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0130.984] SetEvent (hEvent=0x39c) returned 1 [0130.985] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0130.989] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0130.991] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0130.993] SetEvent (hEvent=0x12c) returned 1 [0130.993] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.003] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.010] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.017] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.020] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.025] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.030] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.034] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.035] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.036] SetEvent (hEvent=0x3c0) returned 1 [0131.036] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.039] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.043] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.043] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.044] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.045] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.049] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.065] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.067] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.069] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.071] SetEvent (hEvent=0x258) returned 1 [0131.071] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.073] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.076] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.077] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.079] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.080] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.080] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.083] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.084] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.084] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.086] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.087] SetEvent (hEvent=0x258) returned 1 [0131.087] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.089] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.094] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.097] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.098] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.112] timeEndPeriod (uPeriod=0x1) returned 0x0 [0131.112] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0131.116] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0131.116] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.135] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.149] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.152] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.153] timeEndPeriod (uPeriod=0x1) returned 0x0 [0131.153] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0131.156] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0131.156] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.171] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.190] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.196] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.202] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.204] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.206] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.210] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.211] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.215] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.216] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.220] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.220] timeEndPeriod (uPeriod=0x1) returned 0x0 [0131.221] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0131.224] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0131.224] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.239] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.256] SetEvent (hEvent=0x39c) returned 1 [0131.256] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.257] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.267] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.276] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.277] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.280] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.283] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.287] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.291] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.295] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.296] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.298] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.305] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.308] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.309] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.313] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.315] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.316] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.317] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.320] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.322] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.327] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.332] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.336] SetEvent (hEvent=0x39c) returned 1 [0131.337] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.342] timeEndPeriod (uPeriod=0x1) returned 0x0 [0131.342] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0131.344] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0131.344] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.360] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.417] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.426] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.434] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.435] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.442] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.452] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.468] timeEndPeriod (uPeriod=0x1) returned 0x0 [0131.475] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0131.542] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0131.542] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.552] timeEndPeriod (uPeriod=0x1) returned 0x0 [0131.552] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0131.555] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0131.555] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.566] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.586] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.595] timeEndPeriod (uPeriod=0x1) returned 0x0 [0131.595] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0131.598] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0131.598] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.615] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.633] SetEvent (hEvent=0x148) returned 1 [0131.633] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.639] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.641] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.642] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.643] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.644] timeEndPeriod (uPeriod=0x1) returned 0x0 [0131.644] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0131.648] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0131.648] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.663] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.679] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.681] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.683] timeEndPeriod (uPeriod=0x1) returned 0x0 [0131.684] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0131.684] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0131.684] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.692] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.706] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.714] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.719] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.723] SetEvent (hEvent=0x1b4) returned 1 [0131.723] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.726] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.728] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.729] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.731] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.733] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.736] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.740] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.740] timeEndPeriod (uPeriod=0x1) returned 0x0 [0131.741] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0131.743] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0131.743] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.760] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.776] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.777] timeEndPeriod (uPeriod=0x1) returned 0x0 [0131.777] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0131.779] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0131.780] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.796] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.812] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.816] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.819] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.822] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.826] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.830] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.831] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.834] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.835] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.837] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.840] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.843] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.852] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.855] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.857] timeEndPeriod (uPeriod=0x1) returned 0x0 [0131.857] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0131.858] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0131.858] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.862] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.877] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.878] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.879] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.881] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.884] SetEvent (hEvent=0x12c) returned 1 [0131.884] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.886] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.888] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.890] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0131.915] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x200, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x370) returned 1 [0131.915] SuspendThread (hThread=0x370) returned 0x0 [0131.915] GetThreadContext (in: hThread=0x370, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2c69fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0132.006] ResumeThread (hThread=0x370) returned 0x1 [0132.006] CloseHandle (hObject=0x370) returned 1 [0132.006] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.007] timeEndPeriod (uPeriod=0x1) returned 0x0 [0132.007] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0132.010] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0132.010] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.025] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.045] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.049] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.050] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.055] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.056] timeEndPeriod (uPeriod=0x1) returned 0x0 [0132.056] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0132.059] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0132.059] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.074] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.091] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.092] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.094] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.095] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.100] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.101] timeEndPeriod (uPeriod=0x1) returned 0x0 [0132.101] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0132.104] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0132.104] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.123] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.137] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.139] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.140] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.146] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.149] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.151] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.153] SetEvent (hEvent=0x1b4) returned 1 [0132.153] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.156] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.160] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.161] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.166] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.167] timeEndPeriod (uPeriod=0x1) returned 0x0 [0132.167] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0132.170] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0132.170] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.186] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.203] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.210] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.211] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.212] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.218] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.219] timeEndPeriod (uPeriod=0x1) returned 0x0 [0132.219] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0132.222] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0132.222] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.240] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.254] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.257] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.258] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.262] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.263] timeEndPeriod (uPeriod=0x1) returned 0x0 [0132.263] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0132.265] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0132.265] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.283] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.299] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.345] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.418] timeEndPeriod (uPeriod=0x1) returned 0x0 [0132.418] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0132.424] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0132.424] SetEvent (hEvent=0x1b4) returned 1 [0132.424] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.437] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.451] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.454] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.455] timeEndPeriod (uPeriod=0x1) returned 0x0 [0132.455] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0132.458] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0132.458] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.474] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.489] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.492] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.495] SetEvent (hEvent=0x320) returned 1 [0132.495] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.499] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.502] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.505] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.507] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.513] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.516] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.519] SetEvent (hEvent=0x320) returned 1 [0132.519] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.522] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.525] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.527] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.532] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.535] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.555] SetEvent (hEvent=0x320) returned 1 [0132.555] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.564] SetEvent (hEvent=0x12c) returned 1 [0132.564] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.594] SetEvent (hEvent=0x39c) returned 1 [0132.594] SetEvent (hEvent=0x3c4) returned 1 [0132.594] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.608] timeEndPeriod (uPeriod=0x1) returned 0x0 [0132.608] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0132.612] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0132.612] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.654] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.664] SetEvent (hEvent=0x24c) returned 1 [0132.665] SetEvent (hEvent=0x148) returned 1 [0132.665] SetEvent (hEvent=0x1b4) returned 1 [0132.665] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.673] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.677] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.778] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.786] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.797] SetEvent (hEvent=0x324) returned 1 [0132.797] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.809] SetEvent (hEvent=0x354) returned 1 [0132.809] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.814] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.817] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.821] timeEndPeriod (uPeriod=0x1) returned 0x0 [0132.821] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0132.822] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0132.822] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.839] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.844] SetEvent (hEvent=0x13c) returned 1 [0132.844] SetEvent (hEvent=0x320) returned 1 [0132.844] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.848] SetEvent (hEvent=0x13c) returned 1 [0132.848] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.857] SetEvent (hEvent=0x3c8) returned 1 [0132.857] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.862] SetEvent (hEvent=0x3c8) returned 1 [0132.862] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.865] SetEvent (hEvent=0x1a0) returned 1 [0132.865] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.867] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.871] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.874] timeEndPeriod (uPeriod=0x1) returned 0x0 [0132.875] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0132.877] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0132.878] SetEvent (hEvent=0x30c) returned 1 [0132.878] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.897] timeEndPeriod (uPeriod=0x1) returned 0x0 [0132.897] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0132.899] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0132.899] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.908] timeEndPeriod (uPeriod=0x1) returned 0x0 [0132.908] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0132.911] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0132.911] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x23c) returned 1 [0132.911] SuspendThread (hThread=0x23c) returned 0x0 [0132.911] GetThreadContext (in: hThread=0x23c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2de9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0132.914] ResumeThread (hThread=0x23c) returned 0x1 [0132.914] CloseHandle (hObject=0x23c) returned 1 [0132.914] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.928] SetEvent (hEvent=0x354) returned 1 [0132.928] SetEvent (hEvent=0xfc) returned 1 [0132.928] SetEvent (hEvent=0x114) returned 1 [0132.928] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.954] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.958] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.961] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.964] SetEvent (hEvent=0x1a0) returned 1 [0132.964] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.966] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.969] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.972] SetEvent (hEvent=0xec) returned 1 [0132.972] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.974] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.977] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.979] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.979] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.980] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.981] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.982] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.983] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.985] SetEvent (hEvent=0x208) returned 1 [0132.985] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.989] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.993] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.996] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.998] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.998] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0132.999] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.000] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.002] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.006] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.006] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.019] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.019] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.021] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.021] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.036] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.036] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.037] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.037] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.052] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.052] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.054] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.054] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.073] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.178] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.179] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.179] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.180] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.180] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.183] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.183] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.184] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.184] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.287] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x240) returned 1 [0133.287] SuspendThread (hThread=0x240) returned 0x0 [0133.287] GetThreadContext (in: hThread=0x240, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fdf8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0133.289] ResumeThread (hThread=0x240) returned 0x1 [0133.289] CloseHandle (hObject=0x240) returned 1 [0133.289] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.295] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.300] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.302] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.303] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.303] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.305] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.305] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.409] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.409] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.412] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.412] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.427] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.427] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.429] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.429] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.442] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.443] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.444] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.448] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.451] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.453] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.458] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.461] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.465] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.467] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.468] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.468] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.471] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.471] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.487] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.501] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.501] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.505] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.505] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.522] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.535] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.535] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.537] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.537] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.554] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.569] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.572] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.598] SetEvent (hEvent=0x334) returned 1 [0133.598] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.602] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.602] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.604] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.610] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.611] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.613] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.627] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.627] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.628] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.628] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.629] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.649] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.657] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.661] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.662] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.664] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.665] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.667] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.670] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.673] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.678] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.679] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.679] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.683] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.683] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.698] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.698] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.701] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.701] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.714] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.716] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.716] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.716] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.716] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.724] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.736] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.743] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.745] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.745] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.746] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.748] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.750] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.753] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.758] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.760] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.766] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.770] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.771] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.774] SetEvent (hEvent=0x39c) returned 1 [0133.774] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.778] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.782] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.784] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.786] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.788] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.796] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.797] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.799] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.800] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.803] SetEvent (hEvent=0x1a0) returned 1 [0133.803] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.805] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.808] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.810] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.811] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.815] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.816] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.816] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.819] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.819] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.837] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.850] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.852] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.856] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.859] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.861] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.863] SetEvent (hEvent=0x334) returned 1 [0133.863] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.867] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.871] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.873] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.879] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.880] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.880] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.883] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.883] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.901] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.915] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.917] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.918] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.923] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.926] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.928] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.931] SetEvent (hEvent=0xec) returned 1 [0133.931] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.934] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.938] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.940] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.945] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.946] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.946] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.949] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.949] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.983] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.988] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0133.988] timeEndPeriod (uPeriod=0x1) returned 0x0 [0133.989] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0133.991] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0133.991] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.007] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.025] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.026] timeEndPeriod (uPeriod=0x1) returned 0x0 [0134.026] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0134.029] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0134.029] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.045] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.060] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.065] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.066] timeEndPeriod (uPeriod=0x1) returned 0x0 [0134.066] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0134.069] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0134.069] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.087] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.101] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.104] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.110] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.110] timeEndPeriod (uPeriod=0x1) returned 0x0 [0134.110] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0134.113] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0134.113] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.132] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.147] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.148] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.154] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.155] timeEndPeriod (uPeriod=0x1) returned 0x0 [0134.155] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0134.158] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0134.158] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.192] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.205] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x19c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2f0) returned 1 [0134.205] SuspendThread (hThread=0x2f0) returned 0x0 [0134.205] GetThreadContext (in: hThread=0x2f0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x29c9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0134.229] ResumeThread (hThread=0x2f0) returned 0x1 [0134.229] CloseHandle (hObject=0x2f0) returned 1 [0134.229] SetEvent (hEvent=0x114) returned 1 [0134.229] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.239] SetEvent (hEvent=0x1a0) returned 1 [0134.239] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.252] timeEndPeriod (uPeriod=0x1) returned 0x0 [0134.252] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0134.257] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0134.257] SetEvent (hEvent=0x354) returned 1 [0134.257] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.274] timeEndPeriod (uPeriod=0x1) returned 0x0 [0134.274] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0134.276] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0134.276] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0134.276] SuspendThread (hThread=0x1b0) returned 0x0 [0134.276] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0134.283] ResumeThread (hThread=0x1b0) returned 0x1 [0134.283] CloseHandle (hObject=0x1b0) returned 1 [0134.283] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.305] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.307] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.311] timeEndPeriod (uPeriod=0x1) returned 0x0 [0134.311] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0134.312] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0134.312] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.325] timeEndPeriod (uPeriod=0x1) returned 0x0 [0134.325] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0134.327] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0134.327] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.333] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x240) returned 1 [0134.333] SuspendThread (hThread=0x240) returned 0x0 [0134.334] GetThreadContext (in: hThread=0x240, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0134.334] ResumeThread (hThread=0x240) returned 0x1 [0134.335] CloseHandle (hObject=0x240) returned 1 [0134.335] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.341] timeEndPeriod (uPeriod=0x1) returned 0x0 [0134.341] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0134.342] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0134.342] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.343] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.363] timeEndPeriod (uPeriod=0x1) returned 0x0 [0134.363] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0134.366] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0134.366] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.400] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0134.400] SuspendThread (hThread=0x1b0) returned 0x0 [0134.400] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0134.453] ResumeThread (hThread=0x1b0) returned 0x1 [0134.453] CloseHandle (hObject=0x1b0) returned 1 [0134.453] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.506] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0134.506] SuspendThread (hThread=0x1b0) returned 0x0 [0134.506] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0134.538] ResumeThread (hThread=0x1b0) returned 0x1 [0134.538] CloseHandle (hObject=0x1b0) returned 1 [0134.538] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.553] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.557] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.562] timeEndPeriod (uPeriod=0x1) returned 0x0 [0134.562] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0134.563] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0134.563] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.603] timeEndPeriod (uPeriod=0x1) returned 0x0 [0134.603] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0134.604] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0134.604] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.605] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.635] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.653] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.661] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.712] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1e4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0134.712] SuspendThread (hThread=0x1b0) returned 0x0 [0134.712] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2a89fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0134.802] ResumeThread (hThread=0x1b0) returned 0x1 [0134.802] CloseHandle (hObject=0x1b0) returned 1 [0134.802] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.813] timeEndPeriod (uPeriod=0x1) returned 0x0 [0134.813] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0134.816] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0134.816] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.844] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.854] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.883] SetEvent (hEvent=0x114) returned 1 [0134.883] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.891] timeEndPeriod (uPeriod=0x1) returned 0x0 [0134.891] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0134.893] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0134.893] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.916] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.924] timeEndPeriod (uPeriod=0x1) returned 0x0 [0134.924] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0134.925] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0134.925] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.930] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0134.948] timeEndPeriod (uPeriod=0x1) returned 0x0 [0134.948] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0134.949] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0134.949] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.072] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.172] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0135.172] SuspendThread (hThread=0x1b0) returned 0x0 [0135.173] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fe68, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x461683, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0135.174] ResumeThread (hThread=0x1b0) returned 0x1 [0135.174] CloseHandle (hObject=0x1b0) returned 1 [0135.174] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.273] timeEndPeriod (uPeriod=0x1) returned 0x0 [0135.273] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0135.639] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0135.639] SetEvent (hEvent=0x334) returned 1 [0135.639] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.666] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.667] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.675] timeEndPeriod (uPeriod=0x1) returned 0x0 [0135.675] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0135.676] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0135.676] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.679] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.700] SetEvent (hEvent=0x39c) returned 1 [0135.700] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.722] SetEvent (hEvent=0x12c) returned 1 [0135.722] SetEvent (hEvent=0x24c) returned 1 [0135.723] SetEvent (hEvent=0x3c8) returned 1 [0135.723] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.733] SetEvent (hEvent=0x3c8) returned 1 [0135.733] SetEvent (hEvent=0x24c) returned 1 [0135.733] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.739] SetEvent (hEvent=0x24c) returned 1 [0135.739] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.743] timeEndPeriod (uPeriod=0x1) returned 0x0 [0135.743] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0135.746] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0135.746] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.762] timeEndPeriod (uPeriod=0x1) returned 0x0 [0135.762] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0135.763] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0135.763] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2f0) returned 1 [0135.763] SuspendThread (hThread=0x2f0) returned 0x0 [0135.763] GetThreadContext (in: hThread=0x2f0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0135.766] ResumeThread (hThread=0x2f0) returned 0x1 [0135.766] CloseHandle (hObject=0x2f0) returned 1 [0135.766] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.791] timeEndPeriod (uPeriod=0x1) returned 0x0 [0135.791] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0135.793] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0135.793] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.798] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.814] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.815] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.817] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.818] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.819] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0135.820] timeEndPeriod (uPeriod=0x1) returned 0x0 [0135.820] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0136.124] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0136.124] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0136.139] timeEndPeriod (uPeriod=0x1) returned 0x0 [0136.139] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0136.141] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0136.141] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0136.155] timeEndPeriod (uPeriod=0x1) returned 0x0 [0136.155] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0136.157] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0136.157] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x240) returned 1 [0136.157] SuspendThread (hThread=0x240) returned 0x0 [0136.157] GetThreadContext (in: hThread=0x240, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0136.166] ResumeThread (hThread=0x240) returned 0x1 [0136.166] CloseHandle (hObject=0x240) returned 1 [0136.166] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0136.215] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0136.319] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x330, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0136.319] SuspendThread (hThread=0x1b0) returned 0x0 [0136.319] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2ce9fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0136.529] ResumeThread (hThread=0x1b0) returned 0x1 [0136.529] CloseHandle (hObject=0x1b0) returned 1 [0136.529] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0136.673] timeEndPeriod (uPeriod=0x1) returned 0x0 [0136.673] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0136.878] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0136.878] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x330, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2f4) returned 1 [0136.878] SuspendThread (hThread=0x2f4) returned 0x0 [0136.878] GetThreadContext (in: hThread=0x2f4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2ce9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0136.901] ResumeThread (hThread=0x2f4) returned 0x1 [0136.901] CloseHandle (hObject=0x2f4) returned 1 [0136.901] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0136.997] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x330, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0136.997] SuspendThread (hThread=0x36c) returned 0x0 [0136.997] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2ce9fdf8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0136.998] ResumeThread (hThread=0x36c) returned 0x1 [0136.998] CloseHandle (hObject=0x36c) returned 1 [0136.998] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0136.999] timeEndPeriod (uPeriod=0x1) returned 0x0 [0137.000] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0137.095] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0137.095] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x330, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0137.095] SuspendThread (hThread=0x36c) returned 0x0 [0137.095] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00013fd38, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x4922c2, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0137.111] ResumeThread (hThread=0x36c) returned 0x1 [0137.111] CloseHandle (hObject=0x36c) returned 1 [0137.111] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0137.160] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0137.165] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0137.173] timeEndPeriod (uPeriod=0x1) returned 0x0 [0137.173] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0137.174] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0137.174] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x14c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3dc) returned 1 [0137.174] SuspendThread (hThread=0x3dc) returned 0x0 [0137.174] GetThreadContext (in: hThread=0x3dc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2945fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0137.181] ResumeThread (hThread=0x3dc) returned 0x1 [0137.181] CloseHandle (hObject=0x3dc) returned 1 [0137.182] SetEvent (hEvent=0x354) returned 1 [0137.182] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0137.293] SwitchToThread () returned 1 [0137.294] WaitForSingleObject (hHandle=0xc0, dwMilliseconds=0xffffffff) returned 0x0 [0137.298] timeEndPeriod (uPeriod=0x1) returned 0x0 [0137.298] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0137.300] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0137.300] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0137.410] SwitchToThread () returned 1 [0137.509] WaitForSingleObject (hHandle=0xc0, dwMilliseconds=0xffffffff) returned 0x0 [0137.797] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x384) returned 1 [0137.797] SuspendThread (hThread=0x384) returned 0x0 [0137.797] GetThreadContext (in: hThread=0x384, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0137.897] ResumeThread (hThread=0x384) returned 0x1 [0137.897] CloseHandle (hObject=0x384) returned 1 [0137.897] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0137.915] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0138.016] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x384) returned 1 [0138.016] SwitchToThread () returned 1 [0138.016] WaitForSingleObject (hHandle=0xc0, dwMilliseconds=0xffffffff) returned 0x0 [0138.017] SwitchToThread () returned 1 [0138.018] SuspendThread (hThread=0x384) returned 0x0 [0138.018] GetThreadContext (in: hThread=0x384, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0138.120] ResumeThread (hThread=0x384) returned 0x1 [0138.120] CloseHandle (hObject=0x384) returned 1 [0138.120] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0138.126] SwitchToThread () returned 1 [0138.127] timeEndPeriod (uPeriod=0x1) returned 0x0 [0138.127] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0138.139] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0138.139] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2cc) returned 1 [0138.139] SuspendThread (hThread=0x2cc) returned 0x0 [0138.139] GetThreadContext (in: hThread=0x2cc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0138.141] ResumeThread (hThread=0x2cc) returned 0x1 [0138.141] CloseHandle (hObject=0x2cc) returned 1 [0138.141] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0138.426] SetEvent (hEvent=0x30c) returned 1 [0138.426] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2cc) returned 1 [0138.426] SuspendThread (hThread=0x2cc) returned 0x0 [0138.426] GetThreadContext (in: hThread=0x2cc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fc78, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab149a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0138.544] ResumeThread (hThread=0x2cc) returned 0x1 [0138.544] CloseHandle (hObject=0x2cc) returned 1 [0138.544] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0138.558] SetEvent (hEvent=0x334) returned 1 [0138.558] SetEvent (hEvent=0xec) returned 1 [0138.558] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0138.570] timeEndPeriod (uPeriod=0x1) returned 0x0 [0138.570] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0138.613] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0138.613] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0138.621] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2cc) returned 1 [0138.621] SuspendThread (hThread=0x2cc) returned 0x0 [0138.621] GetThreadContext (in: hThread=0x2cc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0138.628] ResumeThread (hThread=0x2cc) returned 0x1 [0138.628] CloseHandle (hObject=0x2cc) returned 1 [0138.628] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0138.711] timeEndPeriod (uPeriod=0x1) returned 0x0 [0138.711] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0138.713] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0138.713] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0138.748] timeEndPeriod (uPeriod=0x1) returned 0x0 [0138.748] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0138.748] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0138.748] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2cc) returned 1 [0138.749] SuspendThread (hThread=0x2cc) returned 0x0 [0138.749] GetThreadContext (in: hThread=0x2cc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0138.762] ResumeThread (hThread=0x2cc) returned 0x1 [0138.762] CloseHandle (hObject=0x2cc) returned 1 [0138.762] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0138.787] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0138.802] SetEvent (hEvent=0x39c) returned 1 [0138.802] SetEvent (hEvent=0x324) returned 1 [0138.803] SetEvent (hEvent=0xec) returned 1 [0138.803] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0138.809] timeEndPeriod (uPeriod=0x1) returned 0x0 [0138.809] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0138.815] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0138.815] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0138.829] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x350, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x240) returned 1 [0138.829] SuspendThread (hThread=0x240) returned 0x0 [0138.829] GetThreadContext (in: hThread=0x240, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d29fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0138.832] ResumeThread (hThread=0x240) returned 0x1 [0138.832] CloseHandle (hObject=0x240) returned 1 [0138.832] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0138.847] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0138.853] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0138.941] timeEndPeriod (uPeriod=0x1) returned 0x0 [0138.941] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0139.149] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0139.149] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2cc) returned 1 [0139.149] SuspendThread (hThread=0x2cc) returned 0x0 [0139.149] GetThreadContext (in: hThread=0x2cc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0139.282] ResumeThread (hThread=0x2cc) returned 0x1 [0139.283] CloseHandle (hObject=0x2cc) returned 1 [0139.283] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0139.562] timeEndPeriod (uPeriod=0x1) returned 0x0 [0139.562] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0139.632] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0139.632] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0139.649] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2cc) returned 1 [0139.649] SuspendThread (hThread=0x2cc) returned 0x0 [0139.649] GetThreadContext (in: hThread=0x2cc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0139.698] ResumeThread (hThread=0x2cc) returned 0x1 [0139.698] CloseHandle (hObject=0x2cc) returned 1 [0139.698] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0139.735] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2cc) returned 1 [0139.735] SuspendThread (hThread=0x2cc) returned 0x0 [0139.735] GetThreadContext (in: hThread=0x2cc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0139.779] ResumeThread (hThread=0x2cc) returned 0x1 [0139.779] CloseHandle (hObject=0x2cc) returned 1 [0139.779] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0139.798] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0139.807] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0139.819] timeEndPeriod (uPeriod=0x1) returned 0x0 [0139.819] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0139.835] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0139.835] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2f4) returned 1 [0139.835] SuspendThread (hThread=0x2f4) returned 0x0 [0139.836] GetThreadContext (in: hThread=0x2f4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0139.849] ResumeThread (hThread=0x2f4) returned 0x1 [0139.849] CloseHandle (hObject=0x2f4) returned 1 [0139.849] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0139.865] timeEndPeriod (uPeriod=0x1) returned 0x0 [0139.865] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0139.867] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0139.868] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0139.902] timeEndPeriod (uPeriod=0x1) returned 0x0 [0139.902] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0139.916] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0139.916] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1ec) returned 1 [0139.916] SuspendThread (hThread=0x1ec) returned 0x0 [0139.916] GetThreadContext (in: hThread=0x1ec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0139.944] ResumeThread (hThread=0x1ec) returned 0x1 [0139.944] CloseHandle (hObject=0x1ec) returned 1 [0139.944] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0139.960] timeEndPeriod (uPeriod=0x1) returned 0x0 [0139.960] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0139.977] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0139.977] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.009] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1ec) returned 1 [0140.009] SuspendThread (hThread=0x1ec) returned 0x0 [0140.010] GetThreadContext (in: hThread=0x1ec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0140.027] ResumeThread (hThread=0x1ec) returned 0x1 [0140.027] CloseHandle (hObject=0x1ec) returned 1 [0140.027] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.029] timeEndPeriod (uPeriod=0x1) returned 0x0 [0140.029] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.044] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0140.044] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1ec) returned 1 [0140.044] SuspendThread (hThread=0x1ec) returned 0x0 [0140.045] GetThreadContext (in: hThread=0x1ec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0140.065] ResumeThread (hThread=0x1ec) returned 0x1 [0140.065] CloseHandle (hObject=0x1ec) returned 1 [0140.065] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.075] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.085] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.090] timeEndPeriod (uPeriod=0x1) returned 0x0 [0140.090] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.106] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0140.106] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0140.106] SuspendThread (hThread=0x36c) returned 0x0 [0140.106] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0140.127] ResumeThread (hThread=0x36c) returned 0x1 [0140.127] CloseHandle (hObject=0x36c) returned 1 [0140.127] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.149] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.156] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.158] timeEndPeriod (uPeriod=0x1) returned 0x0 [0140.158] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.159] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0140.159] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1ec) returned 1 [0140.159] SuspendThread (hThread=0x1ec) returned 0x0 [0140.159] GetThreadContext (in: hThread=0x1ec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0140.166] ResumeThread (hThread=0x1ec) returned 0x1 [0140.166] CloseHandle (hObject=0x1ec) returned 1 [0140.166] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.190] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.194] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.200] timeEndPeriod (uPeriod=0x1) returned 0x0 [0140.200] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.201] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0140.201] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0140.201] SuspendThread (hThread=0x36c) returned 0x0 [0140.201] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0140.305] ResumeThread (hThread=0x36c) returned 0x1 [0140.305] CloseHandle (hObject=0x36c) returned 1 [0140.305] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.428] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x390, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0140.428] SuspendThread (hThread=0x36c) returned 0x0 [0140.428] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e09fe48, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0140.451] ResumeThread (hThread=0x36c) returned 0x1 [0140.451] CloseHandle (hObject=0x36c) returned 1 [0140.451] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.467] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.469] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.471] timeEndPeriod (uPeriod=0x1) returned 0x0 [0140.471] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.472] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0140.472] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.479] timeEndPeriod (uPeriod=0x1) returned 0x0 [0140.479] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.481] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0140.481] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.495] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.521] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.538] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x350, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x240) returned 1 [0140.538] SuspendThread (hThread=0x240) returned 0x0 [0140.538] GetThreadContext (in: hThread=0x240, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d29fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0140.559] ResumeThread (hThread=0x240) returned 0x1 [0140.560] CloseHandle (hObject=0x240) returned 1 [0140.560] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.583] SetEvent (hEvent=0xec) returned 1 [0140.583] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.598] SetEvent (hEvent=0xec) returned 1 [0140.598] SetEvent (hEvent=0xfc) returned 1 [0140.598] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.613] SetEvent (hEvent=0xfc) returned 1 [0140.613] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.617] timeEndPeriod (uPeriod=0x1) returned 0x0 [0140.617] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.619] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0140.619] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.623] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.677] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.699] timeEndPeriod (uPeriod=0x1) returned 0x0 [0140.699] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.700] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0140.701] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x240) returned 1 [0140.701] SuspendThread (hThread=0x240) returned 0x0 [0140.701] GetThreadContext (in: hThread=0x240, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0140.702] ResumeThread (hThread=0x240) returned 0x1 [0140.702] CloseHandle (hObject=0x240) returned 1 [0140.702] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.730] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.732] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.742] timeEndPeriod (uPeriod=0x1) returned 0x0 [0140.742] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.743] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0140.744] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2cc) returned 1 [0140.744] SuspendThread (hThread=0x2cc) returned 0x0 [0140.744] GetThreadContext (in: hThread=0x2cc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0140.753] ResumeThread (hThread=0x2cc) returned 0x1 [0140.753] CloseHandle (hObject=0x2cc) returned 1 [0140.753] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.762] timeEndPeriod (uPeriod=0x1) returned 0x0 [0140.762] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.763] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0140.763] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.781] timeEndPeriod (uPeriod=0x1) returned 0x0 [0140.781] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.782] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0140.782] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.808] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.819] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x240) returned 1 [0140.819] SuspendThread (hThread=0x240) returned 0x0 [0140.819] GetThreadContext (in: hThread=0x240, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0140.819] ResumeThread (hThread=0x240) returned 0x1 [0140.819] CloseHandle (hObject=0x240) returned 1 [0140.819] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.823] timeEndPeriod (uPeriod=0x1) returned 0x0 [0140.823] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.825] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0140.825] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.842] timeEndPeriod (uPeriod=0x1) returned 0x0 [0140.842] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.843] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0140.843] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.860] timeEndPeriod (uPeriod=0x1) returned 0x0 [0140.860] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.862] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0140.862] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.879] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.893] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.903] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.906] timeEndPeriod (uPeriod=0x1) returned 0x0 [0140.906] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.906] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0140.906] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2f4) returned 1 [0140.906] SuspendThread (hThread=0x2f4) returned 0x0 [0140.906] GetThreadContext (in: hThread=0x2f4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2de9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0140.918] ResumeThread (hThread=0x2f4) returned 0x1 [0140.918] CloseHandle (hObject=0x2f4) returned 1 [0140.918] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.923] timeEndPeriod (uPeriod=0x1) returned 0x0 [0140.923] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0140.924] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0140.924] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.925] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.942] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.944] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0140.975] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.000] SetEvent (hEvent=0xfc) returned 1 [0141.000] SetEvent (hEvent=0x324) returned 1 [0141.000] SetEvent (hEvent=0x354) returned 1 [0141.000] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.011] SetEvent (hEvent=0x39c) returned 1 [0141.011] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.025] SetEvent (hEvent=0x334) returned 1 [0141.025] SetEvent (hEvent=0x114) returned 1 [0141.025] SetEvent (hEvent=0x24c) returned 1 [0141.025] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.037] SetEvent (hEvent=0x1a0) returned 1 [0141.037] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.047] SetEvent (hEvent=0x1b4) returned 1 [0141.047] SetEvent (hEvent=0x148) returned 1 [0141.047] SetEvent (hEvent=0x3c0) returned 1 [0141.048] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.054] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.069] SetEvent (hEvent=0x13c) returned 1 [0141.069] SetEvent (hEvent=0x258) returned 1 [0141.069] SetEvent (hEvent=0x320) returned 1 [0141.069] SetEvent (hEvent=0x208) returned 1 [0141.069] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.075] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.090] SetEvent (hEvent=0x3c4) returned 1 [0141.090] SetEvent (hEvent=0x144) returned 1 [0141.090] SetEvent (hEvent=0x198) returned 1 [0141.090] SetEvent (hEvent=0x364) returned 1 [0141.090] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.107] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.117] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.131] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x350, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x308) returned 1 [0141.131] SuspendThread (hThread=0x308) returned 0x0 [0141.131] GetThreadContext (in: hThread=0x308, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d29fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0141.134] ResumeThread (hThread=0x308) returned 0x1 [0141.134] CloseHandle (hObject=0x308) returned 1 [0141.134] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.192] timeEndPeriod (uPeriod=0x1) returned 0x0 [0141.192] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0141.193] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0141.193] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x350, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x240) returned 1 [0141.193] SuspendThread (hThread=0x240) returned 0x0 [0141.193] GetThreadContext (in: hThread=0x240, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d29fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0141.210] ResumeThread (hThread=0x240) returned 0x1 [0141.210] CloseHandle (hObject=0x240) returned 1 [0141.210] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.266] timeEndPeriod (uPeriod=0x1) returned 0x0 [0141.266] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0141.268] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0141.268] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.442] timeEndPeriod (uPeriod=0x1) returned 0x0 [0141.442] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0141.443] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0141.443] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x350, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x240) returned 1 [0141.443] SuspendThread (hThread=0x240) returned 0x0 [0141.443] GetThreadContext (in: hThread=0x240, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d29fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0141.447] ResumeThread (hThread=0x240) returned 0x1 [0141.447] CloseHandle (hObject=0x240) returned 1 [0141.447] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.451] SetEvent (hEvent=0x114) returned 1 [0141.451] SetEvent (hEvent=0x320) returned 1 [0141.451] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.454] SetEvent (hEvent=0x320) returned 1 [0141.454] SetEvent (hEvent=0x1b4) returned 1 [0141.454] SetEvent (hEvent=0x39c) returned 1 [0141.454] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.461] SetEvent (hEvent=0x39c) returned 1 [0141.461] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.465] SetEvent (hEvent=0x1a0) returned 1 [0141.465] SetEvent (hEvent=0x12c) returned 1 [0141.465] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.483] SetEvent (hEvent=0x318) returned 1 [0141.484] SetEvent (hEvent=0x3c4) returned 1 [0141.484] SetEvent (hEvent=0x29c) returned 1 [0141.484] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.487] SetEvent (hEvent=0x29c) returned 1 [0141.488] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.490] SetEvent (hEvent=0x1f8) returned 1 [0141.490] SetEvent (hEvent=0x120) returned 1 [0141.490] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.492] SetEvent (hEvent=0x120) returned 1 [0141.492] SetEvent (hEvent=0x35c) returned 1 [0141.492] SetEvent (hEvent=0x274) returned 1 [0141.492] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.494] SetEvent (hEvent=0x274) returned 1 [0141.494] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.496] SetEvent (hEvent=0x120) returned 1 [0141.496] SetEvent (hEvent=0x264) returned 1 [0141.496] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.497] SetEvent (hEvent=0x264) returned 1 [0141.497] SetEvent (hEvent=0x28c) returned 1 [0141.497] SetEvent (hEvent=0x1e8) returned 1 [0141.497] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.500] SetEvent (hEvent=0x1e8) returned 1 [0141.500] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.501] SetEvent (hEvent=0x264) returned 1 [0141.501] SetEvent (hEvent=0xb8) returned 1 [0141.501] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.502] SetEvent (hEvent=0xb8) returned 1 [0141.503] SetEvent (hEvent=0x188) returned 1 [0141.503] SetEvent (hEvent=0x2a8) returned 1 [0141.503] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.506] SetEvent (hEvent=0x2a8) returned 1 [0141.506] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.509] SetEvent (hEvent=0xb8) returned 1 [0141.509] SetEvent (hEvent=0x2b0) returned 1 [0141.509] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.510] SetEvent (hEvent=0x2b0) returned 1 [0141.510] SetEvent (hEvent=0x1dc) returned 1 [0141.510] SetEvent (hEvent=0x26c) returned 1 [0141.510] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.513] SetEvent (hEvent=0x26c) returned 1 [0141.513] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.520] SetEvent (hEvent=0x2b0) returned 1 [0141.521] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.523] SetEvent (hEvent=0x15c) returned 1 [0141.523] SetEvent (hEvent=0x388) returned 1 [0141.523] SetEvent (hEvent=0x234) returned 1 [0141.523] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.530] SetEvent (hEvent=0x234) returned 1 [0141.530] SetEvent (hEvent=0x340) returned 1 [0141.530] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.537] SetEvent (hEvent=0x304) returned 1 [0141.537] SetEvent (hEvent=0x164) returned 1 [0141.537] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.539] SetEvent (hEvent=0x164) returned 1 [0141.539] SetEvent (hEvent=0x1d4) returned 1 [0141.539] SetEvent (hEvent=0x100) returned 1 [0141.539] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.541] SetEvent (hEvent=0x100) returned 1 [0141.541] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.545] SetEvent (hEvent=0xf4) returned 1 [0141.545] SetEvent (hEvent=0x8c) returned 1 [0141.545] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.548] SetEvent (hEvent=0x8c) returned 1 [0141.548] SetEvent (hEvent=0x1d0) returned 1 [0141.548] SetEvent (hEvent=0x1c4) returned 1 [0141.548] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.551] SetEvent (hEvent=0x1c4) returned 1 [0141.551] SetEvent (hEvent=0x108) returned 1 [0141.551] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.555] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.558] SetEvent (hEvent=0x3b0) returned 1 [0141.558] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000269180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x408 [0141.560] CloseHandle (hObject=0x408) returned 1 [0141.560] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.564] VirtualAlloc (lpAddress=0xc000324000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000324000 [0141.565] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c3880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x408 [0141.567] CloseHandle (hObject=0x408) returned 1 [0141.567] SetEvent (hEvent=0x414) returned 1 [0141.567] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.571] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0141.572] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00013b880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x41c [0141.575] CloseHandle (hObject=0x41c) returned 1 [0141.575] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.577] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0141.577] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0141.578] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000b8000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x41c [0141.580] CloseHandle (hObject=0x41c) returned 1 [0141.581] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000269500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x41c [0141.585] CloseHandle (hObject=0x41c) returned 1 [0141.585] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.587] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c3c00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x434 [0141.597] CloseHandle (hObject=0x434) returned 1 [0141.597] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.599] SetEvent (hEvent=0x43c) returned 1 [0141.599] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000b8380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x434 [0141.605] CloseHandle (hObject=0x434) returned 1 [0141.605] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.607] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000269880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x434 [0141.610] CloseHandle (hObject=0x434) returned 1 [0141.610] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.613] SetEvent (hEvent=0x458) returned 1 [0141.613] VirtualAlloc (lpAddress=0xc000328000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000328000 [0141.614] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000328000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x460 [0141.618] CloseHandle (hObject=0x460) returned 1 [0141.618] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.619] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000b8700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x460 [0141.622] CloseHandle (hObject=0x460) returned 1 [0141.622] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000269c00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x460 [0141.625] CloseHandle (hObject=0x460) returned 1 [0141.625] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.627] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00013bc00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x474 [0141.629] CloseHandle (hObject=0x474) returned 1 [0141.629] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.634] SetEvent (hEvent=0x47c) returned 1 [0141.634] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000b8a80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x474 [0141.638] CloseHandle (hObject=0x474) returned 1 [0141.638] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.640] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0141.641] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c6000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x474 [0141.643] CloseHandle (hObject=0x474) returned 1 [0141.643] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.645] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0141.645] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000112000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x474 [0141.647] CloseHandle (hObject=0x474) returned 1 [0141.647] SetEvent (hEvent=0x49c) returned 1 [0141.647] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.651] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000b8e00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4a4 [0141.657] CloseHandle (hObject=0x4a4) returned 1 [0141.657] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.658] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c6380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4a4 [0141.660] CloseHandle (hObject=0x4a4) returned 1 [0141.660] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.661] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000112380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4a4 [0141.666] CloseHandle (hObject=0x4a4) returned 1 [0141.666] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000328380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4a4 [0141.668] CloseHandle (hObject=0x4a4) returned 1 [0141.668] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.670] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000b9180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4c4 [0141.673] CloseHandle (hObject=0x4c4) returned 1 [0141.673] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0141.673] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c6700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4c4 [0141.676] CloseHandle (hObject=0x4c4) returned 1 [0141.676] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.680] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.681] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000112700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4dc [0141.681] CloseHandle (hObject=0x4dc) returned 1 [0141.681] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000328700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4dc [0141.682] CloseHandle (hObject=0x4dc) returned 1 [0141.683] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000b9500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4dc [0141.685] CloseHandle (hObject=0x4dc) returned 1 [0141.685] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.689] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c6a80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4ec [0141.719] CloseHandle (hObject=0x4ec) returned 1 [0141.719] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.724] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000112a80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4ec [0141.728] CloseHandle (hObject=0x4ec) returned 1 [0141.728] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000328a80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x4ec [0141.731] CloseHandle (hObject=0x4ec) returned 1 [0141.731] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.734] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000b9880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x504 [0141.737] CloseHandle (hObject=0x504) returned 1 [0141.737] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c6e00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x504 [0141.749] CloseHandle (hObject=0x504) returned 1 [0141.749] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.756] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000112e00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x514 [0141.759] CloseHandle (hObject=0x514) returned 1 [0141.759] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.761] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000328e00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x514 [0141.764] CloseHandle (hObject=0x514) returned 1 [0141.764] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000b9c00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x514 [0141.765] CloseHandle (hObject=0x514) returned 1 [0141.765] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.768] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c7180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x52c [0141.774] CloseHandle (hObject=0x52c) returned 1 [0141.774] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.782] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000113180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x52c [0141.785] CloseHandle (hObject=0x52c) returned 1 [0141.785] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.794] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000329180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x52c [0141.797] CloseHandle (hObject=0x52c) returned 1 [0141.797] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0141.798] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000d8000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x52c [0141.804] CloseHandle (hObject=0x52c) returned 1 [0141.804] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.806] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c7500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x54c [0141.809] CloseHandle (hObject=0x54c) returned 1 [0141.809] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.811] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000113500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x54c [0141.813] CloseHandle (hObject=0x54c) returned 1 [0141.813] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.818] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000329500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x54c [0141.820] CloseHandle (hObject=0x54c) returned 1 [0141.820] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000d8380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x54c [0141.822] CloseHandle (hObject=0x54c) returned 1 [0141.822] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.826] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c7880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x56c [0141.828] CloseHandle (hObject=0x56c) returned 1 [0141.829] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.833] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000113880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x56c [0141.835] CloseHandle (hObject=0x56c) returned 1 [0141.835] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.836] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000329880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x56c [0141.838] CloseHandle (hObject=0x56c) returned 1 [0141.838] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000d8700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x56c [0141.847] CloseHandle (hObject=0x56c) returned 1 [0141.847] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.853] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0002c7c00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x594 [0141.857] CloseHandle (hObject=0x594) returned 1 [0141.858] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.860] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000113c00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x59c [0141.861] CloseHandle (hObject=0x59c) returned 1 [0141.861] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000329c00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x59c [0141.863] CloseHandle (hObject=0x59c) returned 1 [0141.863] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.865] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000d8a80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5a4 [0141.870] CloseHandle (hObject=0x5a4) returned 1 [0141.870] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0141.871] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0001de000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5a4 [0141.875] CloseHandle (hObject=0x5a4) returned 1 [0141.875] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.879] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.881] VirtualAlloc (lpAddress=0xc000286000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000286000 [0141.882] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000286000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5bc [0141.886] CloseHandle (hObject=0x5bc) returned 1 [0141.886] VirtualAlloc (lpAddress=0xc00033e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033e000 [0141.887] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00033e000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5bc [0141.889] CloseHandle (hObject=0x5bc) returned 1 [0141.889] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.891] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000d8e00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5c4 [0141.895] CloseHandle (hObject=0x5c4) returned 1 [0141.895] SetEvent (hEvent=0x5cc) returned 1 [0141.895] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.898] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.900] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000286380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5dc [0141.901] CloseHandle (hObject=0x5dc) returned 1 [0141.901] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00033e380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5dc [0141.903] CloseHandle (hObject=0x5dc) returned 1 [0141.903] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.905] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000d9180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5e4 [0141.907] CloseHandle (hObject=0x5e4) returned 1 [0141.907] SetEvent (hEvent=0x5ec) returned 1 [0141.907] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.910] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.912] SetEvent (hEvent=0x5ec) returned 1 [0141.913] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00033e700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5f8 [0141.915] CloseHandle (hObject=0x5f8) returned 1 [0141.915] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.917] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000d9500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x5f8 [0141.918] CloseHandle (hObject=0x5f8) returned 1 [0141.919] SetEvent (hEvent=0x604) returned 1 [0141.919] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.921] SetEvent (hEvent=0x604) returned 1 [0141.921] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.924] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00033ea80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x614 [0141.928] CloseHandle (hObject=0x614) returned 1 [0141.928] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.931] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000d9880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x614 [0141.933] CloseHandle (hObject=0x614) returned 1 [0141.933] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0001de380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x614 [0141.938] CloseHandle (hObject=0x614) returned 1 [0141.938] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.940] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000286700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x624 [0141.942] CloseHandle (hObject=0x624) returned 1 [0141.942] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.946] SetEvent (hEvent=0x62c) returned 1 [0141.946] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0000d9c00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x624 [0141.949] CloseHandle (hObject=0x624) returned 1 [0141.949] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.952] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0001de700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x624 [0141.955] CloseHandle (hObject=0x624) returned 1 [0141.955] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.956] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000286a80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x624 [0141.959] CloseHandle (hObject=0x624) returned 1 [0141.959] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00033ee00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x624 [0141.963] CloseHandle (hObject=0x624) returned 1 [0141.963] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.966] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0141.968] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000208000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x654 [0141.973] CloseHandle (hObject=0x654) returned 1 [0141.973] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0001dea80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x654 [0141.977] CloseHandle (hObject=0x654) returned 1 [0141.977] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.984] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000286e00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x668 [0141.987] CloseHandle (hObject=0x668) returned 1 [0141.987] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0141.991] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00033f180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x66c [0141.995] CloseHandle (hObject=0x66c) returned 1 [0141.995] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000208380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x66c [0142.000] CloseHandle (hObject=0x66c) returned 1 [0142.000] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.002] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0001dee00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x67c [0142.005] CloseHandle (hObject=0x67c) returned 1 [0142.005] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.007] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000287180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x67c [0142.013] CloseHandle (hObject=0x67c) returned 1 [0142.013] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.016] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00033f500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x67c [0142.018] CloseHandle (hObject=0x67c) returned 1 [0142.019] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000208700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x67c [0142.023] CloseHandle (hObject=0x67c) returned 1 [0142.023] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.027] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0001df180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x69c [0142.030] CloseHandle (hObject=0x69c) returned 1 [0142.030] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.031] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000287500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x69c [0142.033] CloseHandle (hObject=0x69c) returned 1 [0142.033] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.034] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00033f880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x69c [0142.037] CloseHandle (hObject=0x69c) returned 1 [0142.037] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0142.038] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000208a80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x69c [0142.045] CloseHandle (hObject=0x69c) returned 1 [0142.045] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.054] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0001df500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6bc [0142.057] CloseHandle (hObject=0x6bc) returned 1 [0142.057] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.065] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000287880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6bc [0142.067] CloseHandle (hObject=0x6bc) returned 1 [0142.067] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.069] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00033fc00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6bc [0142.071] CloseHandle (hObject=0x6bc) returned 1 [0142.071] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000208e00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6bc [0142.075] CloseHandle (hObject=0x6bc) returned 1 [0142.075] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.077] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0001df880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6dc [0142.079] CloseHandle (hObject=0x6dc) returned 1 [0142.079] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.085] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000287c00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6dc [0142.087] CloseHandle (hObject=0x6dc) returned 1 [0142.087] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.089] VirtualAlloc (lpAddress=0xc000370000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000370000 [0142.089] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000370000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6dc [0142.091] CloseHandle (hObject=0x6dc) returned 1 [0142.091] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000209180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6dc [0142.094] CloseHandle (hObject=0x6dc) returned 1 [0142.094] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.096] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0001dfc00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6fc [0142.098] CloseHandle (hObject=0x6fc) returned 1 [0142.098] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.108] VirtualAlloc (lpAddress=0xc000530000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000530000 [0142.109] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000530000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6fc [0142.111] CloseHandle (hObject=0x6fc) returned 1 [0142.111] VirtualAlloc (lpAddress=0xc000374000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000374000 [0142.112] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000370380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x6fc [0142.113] CloseHandle (hObject=0x6fc) returned 1 [0142.113] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.115] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000209500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x714 [0142.118] CloseHandle (hObject=0x714) returned 1 [0142.119] VirtualAlloc (lpAddress=0xc000584000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000584000 [0142.120] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000584000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x714 [0142.122] CloseHandle (hObject=0x714) returned 1 [0142.122] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.124] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.125] VirtualAlloc (lpAddress=0xc000538000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000538000 [0142.127] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000530380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x72c [0142.129] CloseHandle (hObject=0x72c) returned 1 [0142.129] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000370700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x72c [0142.130] CloseHandle (hObject=0x72c) returned 1 [0142.130] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.137] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000209880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x734 [0142.139] CloseHandle (hObject=0x734) returned 1 [0142.139] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000584380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x734 [0142.143] CloseHandle (hObject=0x734) returned 1 [0142.143] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.145] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.147] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000530700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x74c [0142.148] CloseHandle (hObject=0x74c) returned 1 [0142.148] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000370a80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x74c [0142.149] CloseHandle (hObject=0x74c) returned 1 [0142.149] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.151] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000209c00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x754 [0142.153] CloseHandle (hObject=0x754) returned 1 [0142.153] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000584700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x754 [0142.154] CloseHandle (hObject=0x754) returned 1 [0142.154] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.155] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.158] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000530a80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x76c [0142.159] CloseHandle (hObject=0x76c) returned 1 [0142.159] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000370e00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x76c [0142.160] CloseHandle (hObject=0x76c) returned 1 [0142.160] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.162] VirtualAlloc (lpAddress=0xc000602000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000602000 [0142.163] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000602000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x774 [0142.165] CloseHandle (hObject=0x774) returned 1 [0142.165] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000584a80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x774 [0142.168] CloseHandle (hObject=0x774) returned 1 [0142.168] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.169] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.171] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000530e00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x78c [0142.171] CloseHandle (hObject=0x78c) returned 1 [0142.172] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000371180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x78c [0142.175] CloseHandle (hObject=0x78c) returned 1 [0142.175] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.177] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000602380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x794 [0142.180] CloseHandle (hObject=0x794) returned 1 [0142.180] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000584e00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x794 [0142.187] CloseHandle (hObject=0x794) returned 1 [0142.187] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.188] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000531180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7a4 [0142.191] CloseHandle (hObject=0x7a4) returned 1 [0142.191] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.192] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000371500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7a4 [0142.193] CloseHandle (hObject=0x7a4) returned 1 [0142.193] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000602700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7a4 [0142.195] CloseHandle (hObject=0x7a4) returned 1 [0142.195] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.196] VirtualAlloc (lpAddress=0xc00058a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058a000 [0142.198] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000585180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7bc [0142.200] CloseHandle (hObject=0x7bc) returned 1 [0142.200] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.201] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000531500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7bc [0142.203] CloseHandle (hObject=0x7bc) returned 1 [0142.203] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.207] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000371880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7bc [0142.209] CloseHandle (hObject=0x7bc) returned 1 [0142.209] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000602a80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7bc [0142.211] CloseHandle (hObject=0x7bc) returned 1 [0142.211] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.212] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000585500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7dc [0142.215] CloseHandle (hObject=0x7dc) returned 1 [0142.215] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.221] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000531880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7dc [0142.224] CloseHandle (hObject=0x7dc) returned 1 [0142.224] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.227] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000371c00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7dc [0142.230] CloseHandle (hObject=0x7dc) returned 1 [0142.230] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000602e00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7dc [0142.232] CloseHandle (hObject=0x7dc) returned 1 [0142.232] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.234] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000585880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7fc [0142.237] CloseHandle (hObject=0x7fc) returned 1 [0142.237] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.239] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000531c00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7fc [0142.241] CloseHandle (hObject=0x7fc) returned 1 [0142.241] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.243] VirtualAlloc (lpAddress=0xc00068e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00068e000 [0142.244] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00068e000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7fc [0142.246] CloseHandle (hObject=0x7fc) returned 1 [0142.247] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000603180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x7fc [0142.248] CloseHandle (hObject=0x7fc) returned 1 [0142.248] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.251] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000585c00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x820 [0142.254] CloseHandle (hObject=0x820) returned 1 [0142.254] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.255] VirtualAlloc (lpAddress=0xc00053a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00053a000 [0142.257] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00053a000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x820 [0142.259] CloseHandle (hObject=0x820) returned 1 [0142.259] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.260] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00068e380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x820 [0142.262] CloseHandle (hObject=0x820) returned 1 [0142.262] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000603500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x820 [0142.266] CloseHandle (hObject=0x820) returned 1 [0142.266] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.273] VirtualAlloc (lpAddress=0xc0005fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005fa000 [0142.274] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0005fa000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x840 [0142.277] CloseHandle (hObject=0x840) returned 1 [0142.277] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.278] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00053a380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x840 [0142.281] CloseHandle (hObject=0x840) returned 1 [0142.281] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00068e700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x840 [0142.285] CloseHandle (hObject=0x840) returned 1 [0142.286] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.292] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000603880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x858 [0142.295] CloseHandle (hObject=0x858) returned 1 [0142.295] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0005fa380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x858 [0142.299] CloseHandle (hObject=0x858) returned 1 [0142.299] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.301] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.309] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00053a700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x870 [0142.310] CloseHandle (hObject=0x870) returned 1 [0142.310] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00068ea80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x870 [0142.311] CloseHandle (hObject=0x870) returned 1 [0142.311] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.314] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000603c00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x878 [0142.319] CloseHandle (hObject=0x878) returned 1 [0142.319] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc0005fa700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x878 [0142.322] CloseHandle (hObject=0x878) returned 1 [0142.322] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.325] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00053aa80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x888 [0142.328] CloseHandle (hObject=0x888) returned 1 [0142.328] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.329] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00068ee00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x888 [0142.331] CloseHandle (hObject=0x888) returned 1 [0142.331] SetEvent (hEvent=0x898) returned 1 [0142.331] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.332] SetEvent (hEvent=0x898) returned 1 [0142.332] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.341] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00053ae00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x8a8 [0142.345] CloseHandle (hObject=0x8a8) returned 1 [0142.345] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.347] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.347] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.348] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.349] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.350] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.351] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.352] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.353] timeEndPeriod (uPeriod=0x1) returned 0x0 [0142.353] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0142.469] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0142.469] SetEvent (hEvent=0x8ac) returned 1 [0142.469] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.506] timeEndPeriod (uPeriod=0x1) returned 0x0 [0142.506] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0142.636] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0142.636] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.826] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x194, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xc7c) returned 1 [0142.827] SuspendThread (hThread=0xc7c) returned 0x0 [0142.827] GetThreadContext (in: hThread=0xc7c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2ae9fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0142.837] ResumeThread (hThread=0xc7c) returned 0x1 [0142.837] CloseHandle (hObject=0xc7c) returned 1 [0142.837] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.842] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x194, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xc7c) returned 1 [0142.842] SuspendThread (hThread=0xc7c) returned 0x0 [0142.842] GetThreadContext (in: hThread=0xc7c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2ae9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0142.845] ResumeThread (hThread=0xc7c) returned 0x1 [0142.845] CloseHandle (hObject=0xc7c) returned 1 [0142.845] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.853] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.874] SetEvent (hEvent=0xf4) returned 1 [0142.874] SetEvent (hEvent=0xfc) returned 1 [0142.874] SetEvent (hEvent=0x304) returned 1 [0142.874] SetEvent (hEvent=0x828) returned 1 [0142.874] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.885] SetEvent (hEvent=0x304) returned 1 [0142.885] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0142.998] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.000] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.012] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x204, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x370) returned 1 [0143.012] SuspendThread (hThread=0x370) returned 0x0 [0143.012] GetThreadContext (in: hThread=0x370, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2be9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0143.027] ResumeThread (hThread=0x370) returned 0x1 [0143.027] CloseHandle (hObject=0x370) returned 1 [0143.027] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.038] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.038] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.041] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.041] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.062] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.062] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.062] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.062] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x204, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x260) returned 1 [0143.062] SuspendThread (hThread=0x260) returned 0x0 [0143.063] GetThreadContext (in: hThread=0x260, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2be9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0143.071] ResumeThread (hThread=0x260) returned 0x1 [0143.071] CloseHandle (hObject=0x260) returned 1 [0143.071] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.085] SetEvent (hEvent=0x258) returned 1 [0143.085] SetEvent (hEvent=0x334) returned 1 [0143.085] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.090] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.090] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.092] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.092] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.109] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.109] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.110] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.110] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2f0) returned 1 [0143.110] SuspendThread (hThread=0x2f0) returned 0x0 [0143.110] GetThreadContext (in: hThread=0x2f0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2de9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0143.114] ResumeThread (hThread=0x2f0) returned 0x1 [0143.114] CloseHandle (hObject=0x2f0) returned 1 [0143.114] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.124] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.173] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2f0) returned 1 [0143.173] SuspendThread (hThread=0x2f0) returned 0x0 [0143.173] GetThreadContext (in: hThread=0x2f0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2de9fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0143.186] ResumeThread (hThread=0x2f0) returned 0x1 [0143.186] CloseHandle (hObject=0x2f0) returned 1 [0143.187] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.199] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.199] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.200] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.200] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x4fc) returned 1 [0143.200] SuspendThread (hThread=0x4fc) returned 0x0 [0143.200] GetThreadContext (in: hThread=0x4fc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2de9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0143.215] ResumeThread (hThread=0x4fc) returned 0x1 [0143.215] CloseHandle (hObject=0x4fc) returned 1 [0143.215] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.221] SetEvent (hEvent=0x3c8) returned 1 [0143.221] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.232] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.232] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.236] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.236] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.258] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.258] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.258] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.258] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.281] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.291] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.295] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.300] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.301] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.312] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.327] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.336] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.341] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x468, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x46c) returned 1 [0143.341] SuspendThread (hThread=0x46c) returned 0x0 [0143.341] GetThreadContext (in: hThread=0x46c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2fd3fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0143.349] ResumeThread (hThread=0x46c) returned 0x1 [0143.349] CloseHandle (hObject=0x46c) returned 1 [0143.349] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.369] SetEvent (hEvent=0xac0) returned 1 [0143.369] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.373] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.373] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.376] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.376] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.395] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.395] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.396] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.396] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x7a8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x7ac) returned 1 [0143.396] SuspendThread (hThread=0x7ac) returned 0x0 [0143.396] GetThreadContext (in: hThread=0x7ac, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3c13fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0143.404] ResumeThread (hThread=0x7ac) returned 0x1 [0143.404] CloseHandle (hObject=0x7ac) returned 1 [0143.404] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.418] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.418] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.418] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.418] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.422] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.431] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.432] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.433] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.434] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.434] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x648, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x64c) returned 1 [0143.434] SuspendThread (hThread=0x64c) returned 0x0 [0143.434] GetThreadContext (in: hThread=0x64c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3693fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0143.448] ResumeThread (hThread=0x64c) returned 0x1 [0143.448] CloseHandle (hObject=0x64c) returned 1 [0143.448] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.463] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.472] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x648, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x64c) returned 1 [0143.472] SuspendThread (hThread=0x64c) returned 0x0 [0143.472] GetThreadContext (in: hThread=0x64c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3693fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0143.481] ResumeThread (hThread=0x64c) returned 0x1 [0143.481] CloseHandle (hObject=0x64c) returned 1 [0143.481] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.491] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.491] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.492] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.492] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.498] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.524] SetEvent (hEvent=0x9f8) returned 1 [0143.524] SetEvent (hEvent=0x164) returned 1 [0143.524] SetEvent (hEvent=0x414) returned 1 [0143.524] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.527] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.528] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.530] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.530] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.549] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.550] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.550] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.550] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2e0) returned 1 [0143.550] SuspendThread (hThread=0x2e0) returned 0x0 [0143.550] GetThreadContext (in: hThread=0x2e0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0143.556] ResumeThread (hThread=0x2e0) returned 0x1 [0143.556] CloseHandle (hObject=0x2e0) returned 1 [0143.556] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.562] SetEvent (hEvent=0x120) returned 1 [0143.562] SetEvent (hEvent=0x164) returned 1 [0143.562] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.565] SetEvent (hEvent=0x164) returned 1 [0143.565] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.573] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.578] SetEvent (hEvent=0x164) returned 1 [0143.578] SetEvent (hEvent=0x120) returned 1 [0143.578] SetEvent (hEvent=0x414) returned 1 [0143.578] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.580] SetEvent (hEvent=0x414) returned 1 [0143.580] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.588] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.594] SetEvent (hEvent=0x414) returned 1 [0143.595] SetEvent (hEvent=0x120) returned 1 [0143.595] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.601] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.602] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.607] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.607] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.621] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.641] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.643] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.647] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.651] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.659] SetEvent (hEvent=0x49c) returned 1 [0143.659] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.664] SetEvent (hEvent=0x49c) returned 1 [0143.664] SetEvent (hEvent=0x47c) returned 1 [0143.664] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.668] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.687] SetEvent (hEvent=0x47c) returned 1 [0143.687] SetEvent (hEvent=0x49c) returned 1 [0143.687] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.689] SetEvent (hEvent=0x49c) returned 1 [0143.689] SetEvent (hEvent=0x47c) returned 1 [0143.689] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.692] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.695] SetEvent (hEvent=0x47c) returned 1 [0143.695] SetEvent (hEvent=0x49c) returned 1 [0143.695] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.699] SetEvent (hEvent=0x49c) returned 1 [0143.700] SetEvent (hEvent=0x47c) returned 1 [0143.700] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.701] SetEvent (hEvent=0x47c) returned 1 [0143.701] SetEvent (hEvent=0x49c) returned 1 [0143.701] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.704] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.708] SetEvent (hEvent=0x49c) returned 1 [0143.708] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.714] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.714] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.730] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.730] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.738] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x698) returned 1 [0143.738] SuspendThread (hThread=0x698) returned 0x0 [0143.738] GetThreadContext (in: hThread=0x698, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28fcfb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0143.743] ResumeThread (hThread=0x698) returned 0x1 [0143.743] CloseHandle (hObject=0x698) returned 1 [0143.743] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.749] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.756] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.762] SetEvent (hEvent=0x13c) returned 1 [0143.762] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.770] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.770] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.774] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.774] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.792] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.810] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.813] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.819] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.826] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.831] SetEvent (hEvent=0x234) returned 1 [0143.831] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.834] SetEvent (hEvent=0x234) returned 1 [0143.834] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.836] SetEvent (hEvent=0x234) returned 1 [0143.836] SetEvent (hEvent=0x148) returned 1 [0143.836] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.839] SetEvent (hEvent=0x148) returned 1 [0143.839] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.842] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.847] SetEvent (hEvent=0x148) returned 1 [0143.847] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.852] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.852] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.857] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.857] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.871] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.871] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.873] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.873] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x244, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x5c4) returned 1 [0143.873] SuspendThread (hThread=0x5c4) returned 0x0 [0143.873] GetThreadContext (in: hThread=0x5c4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d89fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0143.952] ResumeThread (hThread=0x5c4) returned 0x1 [0143.952] CloseHandle (hObject=0x5c4) returned 1 [0143.952] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.958] SetEvent (hEvent=0x3c0) returned 1 [0143.958] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.964] SetEvent (hEvent=0x3c0) returned 1 [0143.964] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.968] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.968] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.970] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.970] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0143.989] timeEndPeriod (uPeriod=0x1) returned 0x0 [0143.989] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0143.990] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0143.991] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.005] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.005] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.006] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.006] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.009] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.027] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x73c) returned 1 [0144.027] SuspendThread (hThread=0x73c) returned 0x0 [0144.027] GetThreadContext (in: hThread=0x73c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0144.036] ResumeThread (hThread=0x73c) returned 0x1 [0144.036] CloseHandle (hObject=0x73c) returned 1 [0144.036] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.038] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.038] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.038] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.038] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x7b4) returned 1 [0144.039] SuspendThread (hThread=0x7b4) returned 0x0 [0144.039] GetThreadContext (in: hThread=0x7b4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0144.059] ResumeThread (hThread=0x7b4) returned 0x1 [0144.059] CloseHandle (hObject=0x7b4) returned 1 [0144.059] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.068] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.068] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.069] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.069] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.071] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.089] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.089] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.090] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.090] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1ec) returned 1 [0144.090] SuspendThread (hThread=0x1ec) returned 0x0 [0144.090] GetThreadContext (in: hThread=0x1ec, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0144.099] ResumeThread (hThread=0x1ec) returned 0x1 [0144.099] CloseHandle (hObject=0x1ec) returned 1 [0144.099] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.110] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.110] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.113] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.113] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.139] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.147] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x7e8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x51c) returned 1 [0144.147] SuspendThread (hThread=0x51c) returned 0x0 [0144.148] GetThreadContext (in: hThread=0x51c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3d13fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0144.161] ResumeThread (hThread=0x51c) returned 0x1 [0144.161] CloseHandle (hObject=0x51c) returned 1 [0144.161] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.164] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.164] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.166] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.166] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x7e8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x6f8) returned 1 [0144.166] SuspendThread (hThread=0x6f8) returned 0x0 [0144.166] GetThreadContext (in: hThread=0x6f8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3d13fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0144.180] ResumeThread (hThread=0x6f8) returned 0x1 [0144.180] CloseHandle (hObject=0x6f8) returned 1 [0144.180] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.190] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.190] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.193] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.193] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.216] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x7e8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2c4) returned 1 [0144.216] SuspendThread (hThread=0x2c4) returned 0x0 [0144.216] GetThreadContext (in: hThread=0x2c4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3d13fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0144.224] ResumeThread (hThread=0x2c4) returned 0x1 [0144.225] CloseHandle (hObject=0x2c4) returned 1 [0144.225] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.240] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.240] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.241] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.241] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.243] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.262] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x7e8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x308) returned 1 [0144.262] SuspendThread (hThread=0x308) returned 0x0 [0144.262] GetThreadContext (in: hThread=0x308, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3d13fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0144.281] ResumeThread (hThread=0x308) returned 0x1 [0144.281] CloseHandle (hObject=0x308) returned 1 [0144.281] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.294] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.295] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.303] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.309] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.309] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.310] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.310] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.313] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.332] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.332] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.335] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.335] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.354] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.354] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.355] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.355] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.371] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.372] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.376] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.376] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.377] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.377] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.387] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.394] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.401] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.402] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.403] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.403] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.404] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.426] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.431] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.431] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.432] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.432] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.481] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x4a4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x4c0) returned 1 [0144.481] SuspendThread (hThread=0x4c0) returned 0x0 [0144.481] GetThreadContext (in: hThread=0x4c0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x30f3fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0144.482] ResumeThread (hThread=0x4c0) returned 0x1 [0144.482] CloseHandle (hObject=0x4c0) returned 1 [0144.482] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.494] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.494] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.495] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.495] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.497] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.501] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.508] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.508] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.509] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.509] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x4a4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x4ac) returned 1 [0144.509] SuspendThread (hThread=0x4ac) returned 0x0 [0144.510] GetThreadContext (in: hThread=0x4ac, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x30f3fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0144.516] ResumeThread (hThread=0x4ac) returned 0x1 [0144.516] CloseHandle (hObject=0x4ac) returned 1 [0144.516] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.527] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.556] SetEvent (hEvent=0x3c8) returned 1 [0144.556] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.559] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.559] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.561] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.561] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.580] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x88c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x470) returned 1 [0144.580] SuspendThread (hThread=0x470) returned 0x0 [0144.580] GetThreadContext (in: hThread=0x470, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3f93fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0144.581] ResumeThread (hThread=0x470) returned 0x1 [0144.581] CloseHandle (hObject=0x470) returned 1 [0144.581] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.600] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.605] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.605] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.606] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.606] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.625] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.625] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.626] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.627] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.632] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.632] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.633] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.633] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.659] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.662] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.662] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.663] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.663] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.672] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.680] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.689] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.689] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.690] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.690] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x180, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x5a0) returned 1 [0144.690] SuspendThread (hThread=0x5a0) returned 0x0 [0144.690] GetThreadContext (in: hThread=0x5a0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2a69fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0144.707] ResumeThread (hThread=0x5a0) returned 0x1 [0144.707] CloseHandle (hObject=0x5a0) returned 1 [0144.707] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.714] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.714] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.738] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.739] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.752] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.752] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.753] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.753] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.778] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.778] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.781] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.781] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.786] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.795] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.795] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.796] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.796] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x5dc, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x694) returned 1 [0144.796] SuspendThread (hThread=0x694) returned 0x0 [0144.796] GetThreadContext (in: hThread=0x694, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3553fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0144.803] ResumeThread (hThread=0x694) returned 0x1 [0144.803] CloseHandle (hObject=0x694) returned 1 [0144.803] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.813] SetEvent (hEvent=0x3c4) returned 1 [0144.813] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.820] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.822] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.823] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.823] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.826] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.826] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.862] SetEvent (hEvent=0xae0) returned 1 [0144.862] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.865] SetEvent (hEvent=0xae0) returned 1 [0144.865] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.866] SetEvent (hEvent=0xae0) returned 1 [0144.866] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.868] SetEvent (hEvent=0xae0) returned 1 [0144.868] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.884] SetEvent (hEvent=0xae0) returned 1 [0144.884] SetEvent (hEvent=0xb10) returned 1 [0144.884] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.886] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.891] SetEvent (hEvent=0xb10) returned 1 [0144.891] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.895] SetEvent (hEvent=0xb10) returned 1 [0144.895] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.899] SetEvent (hEvent=0xb10) returned 1 [0144.899] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.901] SetEvent (hEvent=0xb10) returned 1 [0144.901] SetEvent (hEvent=0xae0) returned 1 [0144.901] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.902] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.902] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.906] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.906] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.931] timeEndPeriod (uPeriod=0x1) returned 0x0 [0144.931] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0144.932] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0144.932] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.953] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0144.958] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.029] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.113] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.259] SetEvent (hEvent=0x254) returned 1 [0145.259] SetEvent (hEvent=0xb20) returned 1 [0145.259] SetEvent (hEvent=0xa78) returned 1 [0145.259] SetEvent (hEvent=0x100) returned 1 [0145.259] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.274] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.287] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.317] SetEvent (hEvent=0x100) returned 1 [0145.317] SetEvent (hEvent=0xa78) returned 1 [0145.317] SetEvent (hEvent=0xb20) returned 1 [0145.317] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.321] SetEvent (hEvent=0xb20) returned 1 [0145.321] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.337] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.341] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.342] timeEndPeriod (uPeriod=0x1) returned 0x0 [0145.342] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0145.343] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0145.343] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.366] SetEvent (hEvent=0xb20) returned 1 [0145.366] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.370] timeEndPeriod (uPeriod=0x1) returned 0x0 [0145.370] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0145.372] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0145.372] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.374] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.378] timeEndPeriod (uPeriod=0x1) returned 0x0 [0145.378] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0145.380] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0145.380] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.404] SetEvent (hEvent=0xb20) returned 1 [0145.404] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.416] SetEvent (hEvent=0xa78) returned 1 [0145.416] SetEvent (hEvent=0x1c4) returned 1 [0145.416] SetEvent (hEvent=0xa38) returned 1 [0145.416] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.418] SetEvent (hEvent=0xa38) returned 1 [0145.419] SetEvent (hEvent=0x1c4) returned 1 [0145.419] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.428] SetEvent (hEvent=0x1c4) returned 1 [0145.428] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.447] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.449] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.455] timeEndPeriod (uPeriod=0x1) returned 0x0 [0145.455] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0145.456] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0145.456] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.457] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.489] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.495] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.503] SetEvent (hEvent=0x320) returned 1 [0145.503] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.512] SetEvent (hEvent=0xbd0) returned 1 [0145.512] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.516] timeEndPeriod (uPeriod=0x1) returned 0x0 [0145.517] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0145.520] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0145.520] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.547] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.556] timeEndPeriod (uPeriod=0x1) returned 0x0 [0145.557] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0145.560] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0145.560] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x41c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2b4) returned 1 [0145.560] SuspendThread (hThread=0x2b4) returned 0x0 [0145.560] GetThreadContext (in: hThread=0x2b4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f33fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0145.570] ResumeThread (hThread=0x2b4) returned 0x1 [0145.570] CloseHandle (hObject=0x2b4) returned 1 [0145.570] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.578] SetEvent (hEvent=0xbc8) returned 1 [0145.578] SetEvent (hEvent=0x8f8) returned 1 [0145.578] SetEvent (hEvent=0x920) returned 1 [0145.578] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.596] SetEvent (hEvent=0x920) returned 1 [0145.596] SetEvent (hEvent=0x114) returned 1 [0145.596] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.601] SetEvent (hEvent=0x920) returned 1 [0145.601] SetEvent (hEvent=0x9e8) returned 1 [0145.601] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.607] timeEndPeriod (uPeriod=0x1) returned 0x0 [0145.607] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0145.610] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0145.610] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.629] timeEndPeriod (uPeriod=0x1) returned 0x0 [0145.629] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0145.630] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0145.630] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x698) returned 1 [0145.630] SuspendThread (hThread=0x698) returned 0x0 [0145.630] GetThreadContext (in: hThread=0x698, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3233fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0145.649] ResumeThread (hThread=0x698) returned 0x1 [0145.649] CloseHandle (hObject=0x698) returned 1 [0145.649] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.673] SetEvent (hEvent=0x920) returned 1 [0145.673] SetEvent (hEvent=0x9e8) returned 1 [0145.673] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.680] SetEvent (hEvent=0xec) returned 1 [0145.680] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.798] SetEvent (hEvent=0x1f8) returned 1 [0145.798] SetEvent (hEvent=0xc1c) returned 1 [0145.798] SetEvent (hEvent=0xa70) returned 1 [0145.799] SetEvent (hEvent=0xb48) returned 1 [0145.799] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.803] timeEndPeriod (uPeriod=0x1) returned 0x0 [0145.803] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0145.809] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0145.809] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.824] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1e4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x454) returned 1 [0145.824] SuspendThread (hThread=0x454) returned 0x0 [0145.824] GetThreadContext (in: hThread=0x454, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2a89fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0145.833] ResumeThread (hThread=0x454) returned 0x1 [0145.833] CloseHandle (hObject=0x454) returned 1 [0145.833] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.840] SetEvent (hEvent=0xb48) returned 1 [0145.840] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.844] SetEvent (hEvent=0x264) returned 1 [0145.844] SetEvent (hEvent=0x39c) returned 1 [0145.845] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.853] SetEvent (hEvent=0x39c) returned 1 [0145.853] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.859] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.866] SetEvent (hEvent=0xb48) returned 1 [0145.867] SetEvent (hEvent=0x264) returned 1 [0145.867] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.870] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.881] SetEvent (hEvent=0x264) returned 1 [0145.881] SetEvent (hEvent=0xb48) returned 1 [0145.882] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.889] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.897] SetEvent (hEvent=0xb48) returned 1 [0145.897] SetEvent (hEvent=0xc24) returned 1 [0145.897] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.911] SetEvent (hEvent=0xc24) returned 1 [0145.911] SetEvent (hEvent=0xb48) returned 1 [0145.911] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.917] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.925] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.927] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.933] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.937] SetEvent (hEvent=0xa58) returned 1 [0145.937] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.943] SetEvent (hEvent=0xbd8) returned 1 [0145.944] SetEvent (hEvent=0xc80) returned 1 [0145.944] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.948] SetEvent (hEvent=0xc80) returned 1 [0145.948] SetEvent (hEvent=0xbd8) returned 1 [0145.948] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.952] timeEndPeriod (uPeriod=0x1) returned 0x0 [0145.952] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0145.955] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0145.955] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.975] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x420, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x6c4) returned 1 [0145.975] SuspendThread (hThread=0x6c4) returned 0x0 [0145.975] GetThreadContext (in: hThread=0x6c4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2ef3fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0145.983] ResumeThread (hThread=0x6c4) returned 0x1 [0145.983] CloseHandle (hObject=0x6c4) returned 1 [0145.983] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0145.988] timeEndPeriod (uPeriod=0x1) returned 0x0 [0145.989] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0145.991] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0145.991] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x420, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x5c4) returned 1 [0145.991] SuspendThread (hThread=0x5c4) returned 0x0 [0145.991] GetThreadContext (in: hThread=0x5c4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2ef3fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0146.002] ResumeThread (hThread=0x5c4) returned 0x1 [0146.003] CloseHandle (hObject=0x5c4) returned 1 [0146.003] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.009] SetEvent (hEvent=0x320) returned 1 [0146.009] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.028] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.035] timeEndPeriod (uPeriod=0x1) returned 0x0 [0146.035] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0146.036] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0146.036] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.074] timeEndPeriod (uPeriod=0x1) returned 0x0 [0146.074] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0146.076] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0146.076] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.077] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.096] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.104] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.114] SetEvent (hEvent=0xc54) returned 1 [0146.114] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.119] timeEndPeriod (uPeriod=0x1) returned 0x0 [0146.119] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0146.122] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0146.122] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.138] timeEndPeriod (uPeriod=0x1) returned 0x0 [0146.138] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0146.140] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0146.140] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x6c8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x768) returned 1 [0146.140] SuspendThread (hThread=0x768) returned 0x0 [0146.140] GetThreadContext (in: hThread=0x768, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3893fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0146.145] ResumeThread (hThread=0x768) returned 0x1 [0146.145] CloseHandle (hObject=0x768) returned 1 [0146.145] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.161] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.171] timeEndPeriod (uPeriod=0x1) returned 0x0 [0146.171] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0146.173] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0146.173] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x6c8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x710) returned 1 [0146.173] SuspendThread (hThread=0x710) returned 0x0 [0146.173] GetThreadContext (in: hThread=0x710, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3893fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0146.176] ResumeThread (hThread=0x710) returned 0x1 [0146.176] CloseHandle (hObject=0x710) returned 1 [0146.176] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.189] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.204] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.205] SetEvent (hEvent=0xa80) returned 1 [0146.205] SetEvent (hEvent=0x9e8) returned 1 [0146.205] SetEvent (hEvent=0x8f8) returned 1 [0146.205] SetEvent (hEvent=0xb58) returned 1 [0146.205] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.213] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.229] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.233] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.245] timeEndPeriod (uPeriod=0x1) returned 0x0 [0146.245] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0146.247] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0146.247] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x84c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x880) returned 1 [0146.247] SuspendThread (hThread=0x880) returned 0x0 [0146.247] GetThreadContext (in: hThread=0x880, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3e93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0146.256] ResumeThread (hThread=0x880) returned 0x1 [0146.256] CloseHandle (hObject=0x880) returned 1 [0146.256] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.266] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.279] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x84c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x880) returned 1 [0146.279] SuspendThread (hThread=0x880) returned 0x0 [0146.279] GetThreadContext (in: hThread=0x880, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3e93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0146.288] ResumeThread (hThread=0x880) returned 0x1 [0146.288] CloseHandle (hObject=0x880) returned 1 [0146.288] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.293] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.302] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.307] timeEndPeriod (uPeriod=0x1) returned 0x0 [0146.307] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0146.311] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0146.311] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x84c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x7f8) returned 1 [0146.311] SuspendThread (hThread=0x7f8) returned 0x0 [0146.311] GetThreadContext (in: hThread=0x7f8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3e93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0146.316] ResumeThread (hThread=0x7f8) returned 0x1 [0146.316] CloseHandle (hObject=0x7f8) returned 1 [0146.316] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.328] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.341] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x84c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x848) returned 1 [0146.341] SuspendThread (hThread=0x848) returned 0x0 [0146.341] GetThreadContext (in: hThread=0x848, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3e93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0146.343] ResumeThread (hThread=0x848) returned 0x1 [0146.343] CloseHandle (hObject=0x848) returned 1 [0146.343] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.358] timeEndPeriod (uPeriod=0x1) returned 0x0 [0146.358] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0146.361] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0146.361] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.382] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x84c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x880) returned 1 [0146.383] SuspendThread (hThread=0x880) returned 0x0 [0146.383] GetThreadContext (in: hThread=0x880, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3e93fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0146.405] ResumeThread (hThread=0x880) returned 0x1 [0146.405] CloseHandle (hObject=0x880) returned 1 [0146.405] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.413] timeEndPeriod (uPeriod=0x1) returned 0x0 [0146.413] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0146.416] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0146.416] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x84c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0146.416] SuspendThread (hThread=0x36c) returned 0x0 [0146.416] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3e93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0146.440] ResumeThread (hThread=0x36c) returned 0x1 [0146.441] CloseHandle (hObject=0x36c) returned 1 [0146.441] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.457] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.463] SetEvent (hEvent=0xc24) returned 1 [0146.463] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.466] SetEvent (hEvent=0x1f8) returned 1 [0146.466] SetEvent (hEvent=0xc80) returned 1 [0146.466] SetEvent (hEvent=0x448) returned 1 [0146.466] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.470] timeEndPeriod (uPeriod=0x1) returned 0x0 [0146.470] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0146.473] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0146.473] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.514] timeEndPeriod (uPeriod=0x1) returned 0x0 [0146.514] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0146.515] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0146.515] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x484, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x42c) returned 1 [0146.515] SuspendThread (hThread=0x42c) returned 0x0 [0146.515] GetThreadContext (in: hThread=0x42c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3033fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0146.567] ResumeThread (hThread=0x42c) returned 0x1 [0146.567] CloseHandle (hObject=0x42c) returned 1 [0146.568] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.603] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.611] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.639] timeEndPeriod (uPeriod=0x1) returned 0x0 [0146.639] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0146.640] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0146.640] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.646] SetEvent (hEvent=0x2f4) returned 1 [0146.646] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.669] SetEvent (hEvent=0xc24) returned 1 [0146.669] SetEvent (hEvent=0x264) returned 1 [0146.669] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.712] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.851] timeEndPeriod (uPeriod=0x1) returned 0x0 [0146.851] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0146.854] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0146.854] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x464) returned 1 [0146.854] SuspendThread (hThread=0x464) returned 0x0 [0146.854] GetThreadContext (in: hThread=0x464, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f73fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0146.872] ResumeThread (hThread=0x464) returned 0x1 [0146.872] CloseHandle (hObject=0x464) returned 1 [0146.872] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.889] timeEndPeriod (uPeriod=0x1) returned 0x0 [0146.889] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0146.892] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0146.892] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.929] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x804, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x494) returned 1 [0146.929] SuspendThread (hThread=0x494) returned 0x0 [0146.929] GetThreadContext (in: hThread=0x494, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3d73fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0146.938] ResumeThread (hThread=0x494) returned 0x1 [0146.939] CloseHandle (hObject=0x494) returned 1 [0146.939] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0146.940] timeEndPeriod (uPeriod=0x1) returned 0x0 [0146.940] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0146.942] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0146.942] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x804, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x40c) returned 1 [0146.942] SuspendThread (hThread=0x40c) returned 0x0 [0146.942] GetThreadContext (in: hThread=0x40c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3d73fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0146.963] ResumeThread (hThread=0x40c) returned 0x1 [0146.963] CloseHandle (hObject=0x40c) returned 1 [0146.963] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.006] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.011] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.041] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x804, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2e4) returned 1 [0147.041] SuspendThread (hThread=0x2e4) returned 0x0 [0147.041] GetThreadContext (in: hThread=0x2e4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3d73fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0147.084] ResumeThread (hThread=0x2e4) returned 0x1 [0147.084] CloseHandle (hObject=0x2e4) returned 1 [0147.084] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.090] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.099] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.110] timeEndPeriod (uPeriod=0x1) returned 0x0 [0147.110] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0147.114] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0147.114] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x804, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x8a4) returned 1 [0147.114] SuspendThread (hThread=0x8a4) returned 0x0 [0147.114] GetThreadContext (in: hThread=0x8a4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3d73fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0147.119] ResumeThread (hThread=0x8a4) returned 0x1 [0147.119] CloseHandle (hObject=0x8a4) returned 1 [0147.119] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.149] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.181] timeEndPeriod (uPeriod=0x1) returned 0x0 [0147.181] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0147.241] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0147.241] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x804, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x8a4) returned 1 [0147.241] SuspendThread (hThread=0x8a4) returned 0x0 [0147.241] GetThreadContext (in: hThread=0x8a4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3d73fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0147.283] ResumeThread (hThread=0x8a4) returned 0x1 [0147.283] CloseHandle (hObject=0x8a4) returned 1 [0147.284] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.296] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.300] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.304] timeEndPeriod (uPeriod=0x1) returned 0x0 [0147.304] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0147.305] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0147.305] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.319] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.328] SetEvent (hEvent=0x1f8) returned 1 [0147.328] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.334] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.339] SetEvent (hEvent=0x1f8) returned 1 [0147.339] SetEvent (hEvent=0xbd8) returned 1 [0147.339] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.345] timeEndPeriod (uPeriod=0x1) returned 0x0 [0147.345] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0147.350] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0147.350] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.381] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x688, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x8a0) returned 1 [0147.381] SuspendThread (hThread=0x8a0) returned 0x0 [0147.382] GetThreadContext (in: hThread=0x8a0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3793fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0147.388] ResumeThread (hThread=0x8a0) returned 0x1 [0147.388] CloseHandle (hObject=0x8a0) returned 1 [0147.388] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.423] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.429] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.442] timeEndPeriod (uPeriod=0x1) returned 0x0 [0147.442] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0147.444] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0147.444] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x688, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x880) returned 1 [0147.444] SuspendThread (hThread=0x880) returned 0x0 [0147.444] GetThreadContext (in: hThread=0x880, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3793fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0147.455] ResumeThread (hThread=0x880) returned 0x1 [0147.455] CloseHandle (hObject=0x880) returned 1 [0147.455] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.465] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.603] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x670, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2e4) returned 1 [0147.603] SuspendThread (hThread=0x2e4) returned 0x0 [0147.603] GetThreadContext (in: hThread=0x2e4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3733fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0147.708] ResumeThread (hThread=0x2e4) returned 0x1 [0147.709] CloseHandle (hObject=0x2e4) returned 1 [0147.709] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.826] SwitchToThread () returned 1 [0147.830] WaitForSingleObject (hHandle=0xc0, dwMilliseconds=0xffffffff) returned 0x0 [0147.843] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x670, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2e4) returned 1 [0147.843] SuspendThread (hThread=0x2e4) returned 0x0 [0147.843] GetThreadContext (in: hThread=0x2e4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3733fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0147.850] ResumeThread (hThread=0x2e4) returned 0x1 [0147.850] CloseHandle (hObject=0x2e4) returned 1 [0147.850] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.851] SetEvent (hEvent=0xa20) returned 1 [0147.851] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.852] SetEvent (hEvent=0xa20) returned 1 [0147.852] SetEvent (hEvent=0x318) returned 1 [0147.852] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.857] SetEvent (hEvent=0x1f8) returned 1 [0147.857] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.861] SetEvent (hEvent=0x1f8) returned 1 [0147.861] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.868] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.878] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.881] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.913] SetEvent (hEvent=0x264) returned 1 [0147.913] SetEvent (hEvent=0x324) returned 1 [0147.913] SetEvent (hEvent=0x304) returned 1 [0147.914] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.919] SetEvent (hEvent=0xb68) returned 1 [0147.919] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.928] timeEndPeriod (uPeriod=0x1) returned 0x0 [0147.928] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0147.931] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0147.931] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.951] timeEndPeriod (uPeriod=0x1) returned 0x0 [0147.951] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0147.952] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0147.952] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x214, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0xc7c) returned 1 [0147.952] SuspendThread (hThread=0xc7c) returned 0x0 [0147.952] GetThreadContext (in: hThread=0xc7c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2b89fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0147.972] ResumeThread (hThread=0xc7c) returned 0x1 [0147.972] CloseHandle (hObject=0xc7c) returned 1 [0147.972] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.974] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.978] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.982] timeEndPeriod (uPeriod=0x1) returned 0x0 [0147.982] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0147.983] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0147.983] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0147.988] timeEndPeriod (uPeriod=0x1) returned 0x0 [0147.988] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0147.990] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0147.990] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.001] timeEndPeriod (uPeriod=0x1) returned 0x0 [0148.001] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0148.002] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0148.002] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x214, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x68c) returned 1 [0148.002] SuspendThread (hThread=0x68c) returned 0x0 [0148.002] GetThreadContext (in: hThread=0x68c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2b89fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0148.008] ResumeThread (hThread=0x68c) returned 0x1 [0148.008] CloseHandle (hObject=0x68c) returned 1 [0148.008] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.023] SetEvent (hEvent=0x920) returned 1 [0148.023] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.032] SetEvent (hEvent=0xc64) returned 1 [0148.032] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.040] SetEvent (hEvent=0x100) returned 1 [0148.040] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.044] SetEvent (hEvent=0x8d0) returned 1 [0148.044] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.050] SetEvent (hEvent=0xb58) returned 1 [0148.050] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.055] SetEvent (hEvent=0x8f8) returned 1 [0148.055] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.062] SetEvent (hEvent=0x9e8) returned 1 [0148.062] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.064] SetEvent (hEvent=0xa80) returned 1 [0148.064] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.070] SetEvent (hEvent=0x9a0) returned 1 [0148.070] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.076] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.077] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.078] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.079] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.081] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.082] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.083] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.084] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.086] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.089] timeEndPeriod (uPeriod=0x1) returned 0x0 [0148.089] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0148.092] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0148.092] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.108] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.128] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.131] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.132] timeEndPeriod (uPeriod=0x1) returned 0x0 [0148.132] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0148.135] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0148.135] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.152] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.167] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.169] timeEndPeriod (uPeriod=0x1) returned 0x0 [0148.169] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0148.171] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0148.171] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.226] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.235] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.237] SetEvent (hEvent=0xab8) returned 1 [0148.238] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.250] SetEvent (hEvent=0xae0) returned 1 [0148.250] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.253] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.254] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.255] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.257] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.258] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.261] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.262] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.262] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.263] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.264] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.266] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.266] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.267] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.268] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.269] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.270] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.271] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.272] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.273] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.275] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.276] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.277] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.278] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.279] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.280] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.281] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.282] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.283] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.284] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.285] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.287] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.288] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.289] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.290] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.291] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.292] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.293] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.294] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.295] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.296] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.297] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.298] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.301] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.302] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.303] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.304] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.305] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.306] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.307] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.308] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.309] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.310] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.311] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.312] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.313] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.314] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.315] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.316] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.320] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.322] timeEndPeriod (uPeriod=0x1) returned 0x0 [0148.322] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0148.497] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0148.497] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0148.864] SetEvent (hEvent=0xbf0) returned 1 [0148.864] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.016] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3a4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x728) returned 1 [0149.016] SuspendThread (hThread=0x728) returned 0x0 [0149.016] GetThreadContext (in: hThread=0x728, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e29fbb8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab149a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0149.022] ResumeThread (hThread=0x728) returned 0x1 [0149.022] CloseHandle (hObject=0x728) returned 1 [0149.023] SetEvent (hEvent=0xbf0) returned 1 [0149.023] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.131] SetEvent (hEvent=0xbf0) returned 1 [0149.131] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3a4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x728) returned 1 [0149.131] SuspendThread (hThread=0x728) returned 0x0 [0149.131] GetThreadContext (in: hThread=0x728, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e29fe68, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x461683, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0149.133] ResumeThread (hThread=0x728) returned 0x1 [0149.133] CloseHandle (hObject=0x728) returned 1 [0149.133] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.233] SetEvent (hEvent=0xbf0) returned 1 [0149.233] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3a4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2b4) returned 1 [0149.233] SuspendThread (hThread=0x2b4) returned 0x0 [0149.233] GetThreadContext (in: hThread=0x2b4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e29fe68, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x461683, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0149.234] ResumeThread (hThread=0x2b4) returned 0x1 [0149.234] CloseHandle (hObject=0x2b4) returned 1 [0149.234] SetEvent (hEvent=0xbf0) returned 1 [0149.234] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.238] SwitchToThread () returned 1 [0149.240] timeEndPeriod (uPeriod=0x1) returned 0x0 [0149.240] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0149.315] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0149.315] SetEvent (hEvent=0xbf0) returned 1 [0149.315] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.350] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.356] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.360] timeEndPeriod (uPeriod=0x1) returned 0x0 [0149.360] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0149.364] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0149.364] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.380] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.397] SetEvent (hEvent=0xbe8) returned 1 [0149.397] SetEvent (hEvent=0x3c4) returned 1 [0149.397] SetEvent (hEvent=0xbf0) returned 1 [0149.397] SetEvent (hEvent=0x9a0) returned 1 [0149.397] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.399] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.400] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.401] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.402] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.404] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.419] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.454] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.458] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.559] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x84c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x854) returned 1 [0149.559] SuspendThread (hThread=0x854) returned 0x0 [0149.559] GetThreadContext (in: hThread=0x854, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3e93fe08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0149.610] ResumeThread (hThread=0x854) returned 0x1 [0149.611] CloseHandle (hObject=0x854) returned 1 [0149.611] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.618] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.620] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.635] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.636] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.637] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.645] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.653] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.655] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.660] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.661] timeEndPeriod (uPeriod=0x1) returned 0x0 [0149.661] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0149.663] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0149.663] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.680] timeEndPeriod (uPeriod=0x1) returned 0x0 [0149.680] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0149.685] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0149.685] SetEvent (hEvent=0x9a0) returned 1 [0149.686] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.704] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.705] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.707] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.710] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.728] SetEvent (hEvent=0xa38) returned 1 [0149.728] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.730] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.732] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.738] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.739] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.741] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.746] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.835] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0149.940] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.138] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.238] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.252] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.257] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.259] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.361] SetEvent (hEvent=0xc24) returned 1 [0150.361] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1e4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x284) returned 1 [0150.361] SuspendThread (hThread=0x284) returned 0x0 [0150.361] GetThreadContext (in: hThread=0x284, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2a89fe08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0150.376] ResumeThread (hThread=0x284) returned 0x1 [0150.376] CloseHandle (hObject=0x284) returned 1 [0150.376] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.380] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.383] SetEvent (hEvent=0xec) returned 1 [0150.383] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.390] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.391] SetEvent (hEvent=0xec) returned 1 [0150.391] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.394] timeEndPeriod (uPeriod=0x1) returned 0x0 [0150.394] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0150.396] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0150.396] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.419] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.429] SetEvent (hEvent=0x898) returned 1 [0150.429] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.438] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.440] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.442] SetEvent (hEvent=0xec) returned 1 [0150.442] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.446] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.450] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.455] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.467] SetEvent (hEvent=0xb50) returned 1 [0150.468] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.476] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.479] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.482] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.504] SetEvent (hEvent=0xa78) returned 1 [0150.504] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.509] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.520] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.530] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.535] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.570] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.582] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.586] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.596] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.599] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.600] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.604] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.607] timeEndPeriod (uPeriod=0x1) returned 0x0 [0150.607] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0150.611] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0150.611] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.630] SetEvent (hEvent=0xa38) returned 1 [0150.630] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.641] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.642] timeEndPeriod (uPeriod=0x1) returned 0x0 [0150.642] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0150.685] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0150.685] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.734] timeEndPeriod (uPeriod=0x1) returned 0x0 [0150.734] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0150.737] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0150.737] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.738] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.756] timeEndPeriod (uPeriod=0x1) returned 0x0 [0150.756] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0150.757] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0150.758] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.760] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.777] timeEndPeriod (uPeriod=0x1) returned 0x0 [0150.777] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0150.781] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0150.781] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.795] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x784, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x424) returned 1 [0150.795] SuspendThread (hThread=0x424) returned 0x0 [0150.795] GetThreadContext (in: hThread=0x424, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3b93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0150.798] ResumeThread (hThread=0x424) returned 0x1 [0150.798] CloseHandle (hObject=0x424) returned 1 [0150.798] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.817] timeEndPeriod (uPeriod=0x1) returned 0x0 [0150.817] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0150.819] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0150.819] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.840] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.854] timeEndPeriod (uPeriod=0x1) returned 0x0 [0150.854] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0150.857] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0150.857] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.956] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x784, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x728) returned 1 [0150.956] SuspendThread (hThread=0x728) returned 0x0 [0150.956] GetThreadContext (in: hThread=0x728, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3b93fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0150.958] ResumeThread (hThread=0x728) returned 0x1 [0150.958] CloseHandle (hObject=0x728) returned 1 [0150.958] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0150.969] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x784, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x668) returned 1 [0150.970] SuspendThread (hThread=0x668) returned 0x0 [0150.970] GetThreadContext (in: hThread=0x668, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3b93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0150.970] ResumeThread (hThread=0x668) returned 0x1 [0150.971] CloseHandle (hObject=0x668) returned 1 [0150.971] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.015] timeEndPeriod (uPeriod=0x1) returned 0x0 [0151.015] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0151.018] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0151.018] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.038] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x784, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x4d8) returned 1 [0151.039] SuspendThread (hThread=0x4d8) returned 0x0 [0151.039] GetThreadContext (in: hThread=0x4d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3b93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0151.073] ResumeThread (hThread=0x4d8) returned 0x1 [0151.073] CloseHandle (hObject=0x4d8) returned 1 [0151.073] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.188] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.193] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.198] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x784, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x374) returned 1 [0151.198] SuspendThread (hThread=0x374) returned 0x0 [0151.198] GetThreadContext (in: hThread=0x374, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3b93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0151.232] ResumeThread (hThread=0x374) returned 0x1 [0151.232] CloseHandle (hObject=0x374) returned 1 [0151.232] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.246] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.250] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.255] timeEndPeriod (uPeriod=0x1) returned 0x0 [0151.255] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0151.256] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0151.256] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x784, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x780) returned 1 [0151.256] SuspendThread (hThread=0x780) returned 0x0 [0151.256] GetThreadContext (in: hThread=0x780, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3b93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0151.272] ResumeThread (hThread=0x780) returned 0x1 [0151.272] CloseHandle (hObject=0x780) returned 1 [0151.272] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.291] SetEvent (hEvent=0xa40) returned 1 [0151.291] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.295] timeEndPeriod (uPeriod=0x1) returned 0x0 [0151.295] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0151.297] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0151.297] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.319] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x450, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x7c4) returned 1 [0151.319] SuspendThread (hThread=0x7c4) returned 0x0 [0151.319] GetThreadContext (in: hThread=0x7c4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f93fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0151.343] ResumeThread (hThread=0x7c4) returned 0x1 [0151.343] CloseHandle (hObject=0x7c4) returned 1 [0151.343] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.360] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x450, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x7c4) returned 1 [0151.360] SuspendThread (hThread=0x7c4) returned 0x0 [0151.360] GetThreadContext (in: hThread=0x7c4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0151.388] ResumeThread (hThread=0x7c4) returned 0x1 [0151.388] CloseHandle (hObject=0x7c4) returned 1 [0151.388] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.405] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.415] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x450, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x7c4) returned 1 [0151.415] SuspendThread (hThread=0x7c4) returned 0x0 [0151.415] GetThreadContext (in: hThread=0x7c4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f93fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0151.452] ResumeThread (hThread=0x7c4) returned 0x1 [0151.452] CloseHandle (hObject=0x7c4) returned 1 [0151.452] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.463] timeEndPeriod (uPeriod=0x1) returned 0x0 [0151.463] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0151.465] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0151.465] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x450, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2bc) returned 1 [0151.465] SuspendThread (hThread=0x2bc) returned 0x0 [0151.465] GetThreadContext (in: hThread=0x2bc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0151.491] ResumeThread (hThread=0x2bc) returned 0x1 [0151.491] CloseHandle (hObject=0x2bc) returned 1 [0151.491] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.507] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.528] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x450, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2bc) returned 1 [0151.528] SuspendThread (hThread=0x2bc) returned 0x0 [0151.528] GetThreadContext (in: hThread=0x2bc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f93fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0151.601] ResumeThread (hThread=0x2bc) returned 0x1 [0151.601] CloseHandle (hObject=0x2bc) returned 1 [0151.602] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.611] timeEndPeriod (uPeriod=0x1) returned 0x0 [0151.611] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0151.614] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0151.614] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x450, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3fc) returned 1 [0151.614] SuspendThread (hThread=0x3fc) returned 0x0 [0151.614] GetThreadContext (in: hThread=0x3fc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0151.633] ResumeThread (hThread=0x3fc) returned 0x1 [0151.633] CloseHandle (hObject=0x3fc) returned 1 [0151.633] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.655] timeEndPeriod (uPeriod=0x1) returned 0x0 [0151.655] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0151.660] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0151.660] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.680] timeEndPeriod (uPeriod=0x1) returned 0x0 [0151.680] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0151.684] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0151.684] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x450, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3f0) returned 1 [0151.684] SuspendThread (hThread=0x3f0) returned 0x0 [0151.684] GetThreadContext (in: hThread=0x3f0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0151.707] ResumeThread (hThread=0x3f0) returned 0x1 [0151.708] CloseHandle (hObject=0x3f0) returned 1 [0151.708] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.751] timeEndPeriod (uPeriod=0x1) returned 0x0 [0151.751] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0151.754] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0151.754] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.775] timeEndPeriod (uPeriod=0x1) returned 0x0 [0151.775] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0151.779] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0151.779] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x450, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x568) returned 1 [0151.779] SuspendThread (hThread=0x568) returned 0x0 [0151.779] GetThreadContext (in: hThread=0x568, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0151.814] ResumeThread (hThread=0x568) returned 0x1 [0151.814] CloseHandle (hObject=0x568) returned 1 [0151.814] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.828] timeEndPeriod (uPeriod=0x1) returned 0x0 [0151.828] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0151.831] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0151.831] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.869] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x450, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x568) returned 1 [0151.869] SuspendThread (hThread=0x568) returned 0x0 [0151.870] GetThreadContext (in: hThread=0x568, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f93fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0151.951] ResumeThread (hThread=0x568) returned 0x1 [0151.951] CloseHandle (hObject=0x568) returned 1 [0151.952] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0151.967] timeEndPeriod (uPeriod=0x1) returned 0x0 [0151.967] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0151.969] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0151.969] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x450, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x510) returned 1 [0151.969] SuspendThread (hThread=0x510) returned 0x0 [0151.969] GetThreadContext (in: hThread=0x510, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0152.022] ResumeThread (hThread=0x510) returned 0x1 [0152.022] CloseHandle (hObject=0x510) returned 1 [0152.023] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.038] timeEndPeriod (uPeriod=0x1) returned 0x0 [0152.038] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0152.042] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0152.042] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.101] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x450, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2cc) returned 1 [0152.101] SuspendThread (hThread=0x2cc) returned 0x0 [0152.101] GetThreadContext (in: hThread=0x2cc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f93fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0152.118] ResumeThread (hThread=0x2cc) returned 0x1 [0152.118] CloseHandle (hObject=0x2cc) returned 1 [0152.118] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.127] timeEndPeriod (uPeriod=0x1) returned 0x0 [0152.127] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0152.129] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0152.129] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x450, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x704) returned 1 [0152.130] SuspendThread (hThread=0x704) returned 0x0 [0152.130] GetThreadContext (in: hThread=0x704, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f93fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0152.139] ResumeThread (hThread=0x704) returned 0x1 [0152.139] CloseHandle (hObject=0x704) returned 1 [0152.139] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.154] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.172] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x350, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x284) returned 1 [0152.172] SuspendThread (hThread=0x284) returned 0x0 [0152.172] GetThreadContext (in: hThread=0x284, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d29fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0152.175] ResumeThread (hThread=0x284) returned 0x1 [0152.175] CloseHandle (hObject=0x284) returned 1 [0152.175] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.176] timeEndPeriod (uPeriod=0x1) returned 0x0 [0152.176] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0152.272] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0152.272] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x350, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x284) returned 1 [0152.272] SuspendThread (hThread=0x284) returned 0x0 [0152.272] GetThreadContext (in: hThread=0x284, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2d29fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0152.288] ResumeThread (hThread=0x284) returned 0x1 [0152.288] CloseHandle (hObject=0x284) returned 1 [0152.288] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.306] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.308] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.318] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.330] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x854) returned 1 [0152.330] SuspendThread (hThread=0x854) returned 0x0 [0152.330] GetThreadContext (in: hThread=0x854, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0152.346] ResumeThread (hThread=0x854) returned 0x1 [0152.346] CloseHandle (hObject=0x854) returned 1 [0152.346] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.356] timeEndPeriod (uPeriod=0x1) returned 0x0 [0152.356] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0152.358] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0152.358] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x854) returned 1 [0152.358] SuspendThread (hThread=0x854) returned 0x0 [0152.358] GetThreadContext (in: hThread=0x854, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0152.384] ResumeThread (hThread=0x854) returned 0x1 [0152.384] CloseHandle (hObject=0x854) returned 1 [0152.384] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.392] timeEndPeriod (uPeriod=0x1) returned 0x0 [0152.392] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0152.395] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0152.395] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.426] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x568) returned 1 [0152.426] SuspendThread (hThread=0x568) returned 0x0 [0152.426] GetThreadContext (in: hThread=0x568, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0152.459] ResumeThread (hThread=0x568) returned 0x1 [0152.459] CloseHandle (hObject=0x568) returned 1 [0152.459] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.573] timeEndPeriod (uPeriod=0x1) returned 0x0 [0152.574] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0152.700] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0152.700] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x568) returned 1 [0152.700] SuspendThread (hThread=0x568) returned 0x0 [0152.701] GetThreadContext (in: hThread=0x568, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0152.805] ResumeThread (hThread=0x568) returned 0x1 [0152.805] CloseHandle (hObject=0x568) returned 1 [0152.805] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.880] timeEndPeriod (uPeriod=0x1) returned 0x0 [0152.880] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0152.892] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0152.892] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.914] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0152.931] timeEndPeriod (uPeriod=0x1) returned 0x0 [0152.931] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0152.945] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0152.945] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x740) returned 1 [0152.945] SuspendThread (hThread=0x740) returned 0x0 [0152.945] GetThreadContext (in: hThread=0x740, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0152.996] ResumeThread (hThread=0x740) returned 0x1 [0152.996] CloseHandle (hObject=0x740) returned 1 [0152.996] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.059] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.079] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x424) returned 1 [0153.079] SuspendThread (hThread=0x424) returned 0x0 [0153.079] GetThreadContext (in: hThread=0x424, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0153.187] ResumeThread (hThread=0x424) returned 0x1 [0153.187] CloseHandle (hObject=0x424) returned 1 [0153.187] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.197] timeEndPeriod (uPeriod=0x1) returned 0x0 [0153.197] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0153.199] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0153.199] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x53c) returned 1 [0153.199] SuspendThread (hThread=0x53c) returned 0x0 [0153.199] GetThreadContext (in: hThread=0x53c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0153.221] ResumeThread (hThread=0x53c) returned 0x1 [0153.221] CloseHandle (hObject=0x53c) returned 1 [0153.222] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.274] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.277] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.292] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x678) returned 1 [0153.292] SuspendThread (hThread=0x678) returned 0x0 [0153.292] GetThreadContext (in: hThread=0x678, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0153.332] ResumeThread (hThread=0x678) returned 0x1 [0153.332] CloseHandle (hObject=0x678) returned 1 [0153.332] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.355] timeEndPeriod (uPeriod=0x1) returned 0x0 [0153.355] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0153.358] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0153.358] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.375] timeEndPeriod (uPeriod=0x1) returned 0x0 [0153.375] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0153.376] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0153.376] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x678) returned 1 [0153.376] SuspendThread (hThread=0x678) returned 0x0 [0153.376] GetThreadContext (in: hThread=0x678, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0153.379] ResumeThread (hThread=0x678) returned 0x1 [0153.379] CloseHandle (hObject=0x678) returned 1 [0153.379] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.396] timeEndPeriod (uPeriod=0x1) returned 0x0 [0153.396] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0153.399] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0153.400] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.418] timeEndPeriod (uPeriod=0x1) returned 0x0 [0153.418] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0153.419] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0153.419] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x5c4) returned 1 [0153.419] SuspendThread (hThread=0x5c4) returned 0x0 [0153.419] GetThreadContext (in: hThread=0x5c4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0153.449] ResumeThread (hThread=0x5c4) returned 0x1 [0153.450] CloseHandle (hObject=0x5c4) returned 1 [0153.450] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.468] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.491] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x720) returned 1 [0153.491] SuspendThread (hThread=0x720) returned 0x0 [0153.491] GetThreadContext (in: hThread=0x720, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0153.531] ResumeThread (hThread=0x720) returned 0x1 [0153.531] CloseHandle (hObject=0x720) returned 1 [0153.531] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.544] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x5c4) returned 1 [0153.545] SuspendThread (hThread=0x5c4) returned 0x0 [0153.545] GetThreadContext (in: hThread=0x5c4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0153.566] ResumeThread (hThread=0x5c4) returned 0x1 [0153.567] CloseHandle (hObject=0x5c4) returned 1 [0153.567] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.588] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.608] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x720) returned 1 [0153.608] SuspendThread (hThread=0x720) returned 0x0 [0153.608] GetThreadContext (in: hThread=0x720, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0153.631] ResumeThread (hThread=0x720) returned 0x1 [0153.631] CloseHandle (hObject=0x720) returned 1 [0153.631] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.694] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x720) returned 1 [0153.694] SuspendThread (hThread=0x720) returned 0x0 [0153.694] GetThreadContext (in: hThread=0x720, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0153.772] ResumeThread (hThread=0x720) returned 0x1 [0153.772] CloseHandle (hObject=0x720) returned 1 [0153.772] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.822] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.827] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.857] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x5c4) returned 1 [0153.857] SuspendThread (hThread=0x5c4) returned 0x0 [0153.857] GetThreadContext (in: hThread=0x5c4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0153.935] ResumeThread (hThread=0x5c4) returned 0x1 [0153.935] CloseHandle (hObject=0x5c4) returned 1 [0153.935] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.968] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.978] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x4d8) returned 1 [0153.978] SuspendThread (hThread=0x4d8) returned 0x0 [0153.978] GetThreadContext (in: hThread=0x4d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0153.991] ResumeThread (hThread=0x4d8) returned 0x1 [0153.991] CloseHandle (hObject=0x4d8) returned 1 [0153.992] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0153.993] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x4d8) returned 1 [0153.993] SuspendThread (hThread=0x4d8) returned 0x0 [0153.993] GetThreadContext (in: hThread=0x4d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0154.033] ResumeThread (hThread=0x4d8) returned 0x1 [0154.033] CloseHandle (hObject=0x4d8) returned 1 [0154.034] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.079] timeEndPeriod (uPeriod=0x1) returned 0x0 [0154.079] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0154.084] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0154.084] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.106] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x710) returned 1 [0154.106] SuspendThread (hThread=0x710) returned 0x0 [0154.106] GetThreadContext (in: hThread=0x710, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0154.180] ResumeThread (hThread=0x710) returned 0x1 [0154.180] CloseHandle (hObject=0x710) returned 1 [0154.180] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.204] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.218] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x8a4) returned 1 [0154.218] SuspendThread (hThread=0x8a4) returned 0x0 [0154.218] GetThreadContext (in: hThread=0x8a4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0154.231] ResumeThread (hThread=0x8a4) returned 0x1 [0154.231] CloseHandle (hObject=0x8a4) returned 1 [0154.231] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.236] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x4d8) returned 1 [0154.236] SuspendThread (hThread=0x4d8) returned 0x0 [0154.236] GetThreadContext (in: hThread=0x4d8, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0154.319] ResumeThread (hThread=0x4d8) returned 0x1 [0154.319] CloseHandle (hObject=0x4d8) returned 1 [0154.319] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.334] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.347] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x770) returned 1 [0154.347] SuspendThread (hThread=0x770) returned 0x0 [0154.347] GetThreadContext (in: hThread=0x770, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0154.358] ResumeThread (hThread=0x770) returned 0x1 [0154.358] CloseHandle (hObject=0x770) returned 1 [0154.359] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.361] timeEndPeriod (uPeriod=0x1) returned 0x0 [0154.361] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0154.363] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0154.363] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x770) returned 1 [0154.363] SuspendThread (hThread=0x770) returned 0x0 [0154.363] GetThreadContext (in: hThread=0x770, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0154.392] ResumeThread (hThread=0x770) returned 0x1 [0154.393] CloseHandle (hObject=0x770) returned 1 [0154.393] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.443] SwitchToThread () returned 1 [0154.444] WaitForSingleObject (hHandle=0xc0, dwMilliseconds=0xffffffff) returned 0x0 [0154.448] timeEndPeriod (uPeriod=0x1) returned 0x0 [0154.448] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0154.451] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0154.451] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.468] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x79c) returned 1 [0154.468] SuspendThread (hThread=0x79c) returned 0x0 [0154.468] GetThreadContext (in: hThread=0x79c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0154.483] ResumeThread (hThread=0x79c) returned 0x1 [0154.483] CloseHandle (hObject=0x79c) returned 1 [0154.484] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.552] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.594] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2fc) returned 1 [0154.594] SuspendThread (hThread=0x2fc) returned 0x0 [0154.594] GetThreadContext (in: hThread=0x2fc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0154.667] ResumeThread (hThread=0x2fc) returned 0x1 [0154.667] CloseHandle (hObject=0x2fc) returned 1 [0154.667] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.704] timeEndPeriod (uPeriod=0x1) returned 0x0 [0154.704] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0154.729] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0154.729] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2fc) returned 1 [0154.729] SuspendThread (hThread=0x2fc) returned 0x0 [0154.729] GetThreadContext (in: hThread=0x2fc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0154.751] ResumeThread (hThread=0x2fc) returned 0x1 [0154.751] CloseHandle (hObject=0x2fc) returned 1 [0154.751] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.793] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.799] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.870] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x6a4) returned 1 [0154.870] SuspendThread (hThread=0x6a4) returned 0x0 [0154.870] GetThreadContext (in: hThread=0x6a4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0154.925] ResumeThread (hThread=0x6a4) returned 0x1 [0154.925] CloseHandle (hObject=0x6a4) returned 1 [0154.925] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.950] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.960] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0154.990] timeEndPeriod (uPeriod=0x1) returned 0x0 [0154.990] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0154.993] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0154.993] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x5a0) returned 1 [0154.993] SuspendThread (hThread=0x5a0) returned 0x0 [0154.993] GetThreadContext (in: hThread=0x5a0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0155.002] ResumeThread (hThread=0x5a0) returned 0x1 [0155.002] CloseHandle (hObject=0x5a0) returned 1 [0155.002] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0155.068] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0155.120] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x5a0) returned 1 [0155.120] SuspendThread (hThread=0x5a0) returned 0x0 [0155.120] GetThreadContext (in: hThread=0x5a0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0155.181] ResumeThread (hThread=0x5a0) returned 0x1 [0155.182] CloseHandle (hObject=0x5a0) returned 1 [0155.182] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0155.202] timeEndPeriod (uPeriod=0x1) returned 0x0 [0155.202] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0155.207] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0155.207] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x640, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x7c4) returned 1 [0155.207] SuspendThread (hThread=0x7c4) returned 0x0 [0155.207] GetThreadContext (in: hThread=0x7c4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3673fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0155.251] ResumeThread (hThread=0x7c4) returned 0x1 [0155.252] CloseHandle (hObject=0x7c4) returned 1 [0155.252] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0155.263] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0155.279] SetEvent (hEvent=0x208) returned 1 [0155.279] SetEvent (hEvent=0x1b4) returned 1 [0155.279] SetEvent (hEvent=0xa80) returned 1 [0155.279] SetEvent (hEvent=0x9e8) returned 1 [0155.280] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0155.285] timeEndPeriod (uPeriod=0x1) returned 0x0 [0155.285] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0155.292] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0155.292] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0155.359] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x634, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2fc) returned 1 [0155.359] SuspendThread (hThread=0x2fc) returned 0x0 [0155.359] GetThreadContext (in: hThread=0x2fc, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3653fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0155.373] ResumeThread (hThread=0x2fc) returned 0x1 [0155.373] CloseHandle (hObject=0x2fc) returned 1 [0155.374] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0155.388] timeEndPeriod (uPeriod=0x1) returned 0x0 [0155.388] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0155.390] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0155.390] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x634, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x7c4) returned 1 [0155.390] SuspendThread (hThread=0x7c4) returned 0x0 [0155.390] GetThreadContext (in: hThread=0x7c4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3653fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0155.542] ResumeThread (hThread=0x7c4) returned 0x1 [0155.542] CloseHandle (hObject=0x7c4) returned 1 [0155.542] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0155.835] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0155.963] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x634, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x404) returned 1 [0155.963] SuspendThread (hThread=0x404) returned 0x0 [0155.963] GetThreadContext (in: hThread=0x404, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3653fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0156.051] ResumeThread (hThread=0x404) returned 0x1 [0156.051] CloseHandle (hObject=0x404) returned 1 [0156.051] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0156.083] timeEndPeriod (uPeriod=0x1) returned 0x0 [0156.083] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0156.086] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0156.086] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x634, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x6a4) returned 1 [0156.086] SuspendThread (hThread=0x6a4) returned 0x0 [0156.086] GetThreadContext (in: hThread=0x6a4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3653fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0156.188] ResumeThread (hThread=0x6a4) returned 0x1 [0156.188] CloseHandle (hObject=0x6a4) returned 1 [0156.188] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0156.233] SetEvent (hEvent=0x9f0) returned 1 [0156.234] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0156.275] timeEndPeriod (uPeriod=0x1) returned 0x0 [0156.275] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0156.287] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0156.287] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0156.306] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x6a4) returned 1 [0156.306] SuspendThread (hThread=0x6a4) returned 0x0 [0156.306] GetThreadContext (in: hThread=0x6a4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0156.439] ResumeThread (hThread=0x6a4) returned 0x1 [0156.439] CloseHandle (hObject=0x6a4) returned 1 [0156.439] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0156.543] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x6a4) returned 1 [0156.543] SuspendThread (hThread=0x6a4) returned 0x0 [0156.543] GetThreadContext (in: hThread=0x6a4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0156.694] ResumeThread (hThread=0x6a4) returned 0x1 [0156.694] CloseHandle (hObject=0x6a4) returned 1 [0156.694] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0156.802] SwitchToThread () returned 1 [0156.904] WaitForSingleObject (hHandle=0xc0, dwMilliseconds=0xffffffff) returned 0x0 [0156.934] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 1 [0156.934] PostQueuedCompletionStatus (CompletionPort=0xdc, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0156.934] PostQueuedCompletionStatus (CompletionPort=0xdc, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0156.934] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0157.039] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 1 [0157.039] PostQueuedCompletionStatus (CompletionPort=0xdc, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0157.039] PostQueuedCompletionStatus (CompletionPort=0xdc, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0157.039] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x848) returned 1 [0157.039] SuspendThread (hThread=0x848) returned 0x0 [0157.039] GetThreadContext (in: hThread=0x848, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0157.041] ResumeThread (hThread=0x848) returned 0x1 [0157.041] CloseHandle (hObject=0x848) returned 1 [0157.041] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0157.043] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x848) returned 1 [0157.043] SuspendThread (hThread=0x848) returned 0x0 [0157.043] GetThreadContext (in: hThread=0x848, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0157.073] ResumeThread (hThread=0x848) returned 0x1 [0157.073] CloseHandle (hObject=0x848) returned 1 [0157.073] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0157.125] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0157.133] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0157.163] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0157.163] SuspendThread (hThread=0x1b0) returned 0x0 [0157.163] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0157.244] ResumeThread (hThread=0x1b0) returned 0x1 [0157.245] CloseHandle (hObject=0x1b0) returned 1 [0157.245] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0157.306] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0157.346] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x728) returned 1 [0157.347] SuspendThread (hThread=0x728) returned 0x0 [0157.347] GetThreadContext (in: hThread=0x728, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0157.529] ResumeThread (hThread=0x728) returned 0x1 [0157.529] CloseHandle (hObject=0x728) returned 1 [0157.529] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0157.580] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0157.580] SuspendThread (hThread=0x1b0) returned 0x0 [0157.580] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fde8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0157.582] ResumeThread (hThread=0x1b0) returned 0x1 [0157.582] CloseHandle (hObject=0x1b0) returned 1 [0157.582] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0157.587] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0157.587] SuspendThread (hThread=0x1b0) returned 0x0 [0157.587] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0157.610] ResumeThread (hThread=0x1b0) returned 0x1 [0157.610] CloseHandle (hObject=0x1b0) returned 1 [0157.610] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0157.641] timeEndPeriod (uPeriod=0x1) returned 0x0 [0157.641] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0x7a6) returned 0x0 [0157.650] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0157.650] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0157.684] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x6a4) returned 1 [0157.684] SuspendThread (hThread=0x6a4) returned 0x0 [0157.684] GetThreadContext (in: hThread=0x6a4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0157.695] ResumeThread (hThread=0x6a4) returned 0x1 [0157.695] CloseHandle (hObject=0x6a4) returned 1 [0157.695] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0157.700] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0157.701] SuspendThread (hThread=0x36c) returned 0x0 [0157.701] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0157.750] ResumeThread (hThread=0x36c) returned 0x1 [0157.750] CloseHandle (hObject=0x36c) returned 1 [0157.750] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0157.760] timeEndPeriod (uPeriod=0x1) returned 0x0 [0157.760] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0x735) returned 0x0 [0157.772] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0157.773] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0157.832] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3e0) returned 1 [0157.833] SuspendThread (hThread=0x3e0) returned 0x0 [0157.833] GetThreadContext (in: hThread=0x3e0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0157.965] ResumeThread (hThread=0x3e0) returned 0x1 [0157.966] CloseHandle (hObject=0x3e0) returned 1 [0157.966] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0157.970] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0157.970] SuspendThread (hThread=0x36c) returned 0x0 [0157.970] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0158.084] ResumeThread (hThread=0x36c) returned 0x1 [0158.084] CloseHandle (hObject=0x36c) returned 1 [0158.084] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0158.146] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0158.185] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3e0) returned 1 [0158.185] SuspendThread (hThread=0x3e0) returned 0x0 [0158.185] GetThreadContext (in: hThread=0x3e0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0158.304] ResumeThread (hThread=0x3e0) returned 0x1 [0158.305] CloseHandle (hObject=0x3e0) returned 1 [0158.305] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0158.306] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3e0) returned 1 [0158.306] SuspendThread (hThread=0x3e0) returned 0x0 [0158.306] GetThreadContext (in: hThread=0x3e0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0158.352] ResumeThread (hThread=0x3e0) returned 0x1 [0158.352] CloseHandle (hObject=0x3e0) returned 1 [0158.353] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0158.380] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0158.399] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0158.399] SuspendThread (hThread=0x36c) returned 0x0 [0158.399] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0158.438] ResumeThread (hThread=0x36c) returned 0x1 [0158.438] CloseHandle (hObject=0x36c) returned 1 [0158.438] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0158.440] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0158.440] SuspendThread (hThread=0x36c) returned 0x0 [0158.440] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0158.484] ResumeThread (hThread=0x36c) returned 0x1 [0158.484] CloseHandle (hObject=0x36c) returned 1 [0158.484] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0158.505] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0158.542] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x6a4) returned 1 [0158.542] SuspendThread (hThread=0x6a4) returned 0x0 [0158.542] GetThreadContext (in: hThread=0x6a4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0158.627] ResumeThread (hThread=0x6a4) returned 0x1 [0158.627] CloseHandle (hObject=0x6a4) returned 1 [0158.627] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0158.632] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0158.632] SuspendThread (hThread=0x36c) returned 0x0 [0158.632] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0158.658] ResumeThread (hThread=0x36c) returned 0x1 [0158.659] CloseHandle (hObject=0x36c) returned 1 [0158.659] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0158.675] timeEndPeriod (uPeriod=0x1) returned 0x0 [0158.675] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0x3d3) returned 0x0 [0158.683] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0158.683] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0158.785] timeEndPeriod (uPeriod=0x1) returned 0x0 [0158.785] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0x36a) returned 0x0 [0158.788] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0158.788] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3e0) returned 1 [0158.789] SuspendThread (hThread=0x3e0) returned 0x0 [0158.789] GetThreadContext (in: hThread=0x3e0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0158.827] ResumeThread (hThread=0x3e0) returned 0x1 [0158.827] CloseHandle (hObject=0x3e0) returned 1 [0158.827] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0158.842] timeEndPeriod (uPeriod=0x1) returned 0x0 [0158.842] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0x331) returned 0x0 [0158.846] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0158.846] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0158.915] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x6a4) returned 1 [0158.915] SuspendThread (hThread=0x6a4) returned 0x0 [0158.915] GetThreadContext (in: hThread=0x6a4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0158.982] ResumeThread (hThread=0x6a4) returned 0x1 [0158.982] CloseHandle (hObject=0x6a4) returned 1 [0158.983] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0158.985] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x6a4) returned 1 [0158.985] SuspendThread (hThread=0x6a4) returned 0x0 [0158.985] GetThreadContext (in: hThread=0x6a4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0159.009] ResumeThread (hThread=0x6a4) returned 0x1 [0159.009] CloseHandle (hObject=0x6a4) returned 1 [0159.009] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.030] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.070] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0159.070] SuspendThread (hThread=0x1b0) returned 0x0 [0159.070] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0159.122] ResumeThread (hThread=0x1b0) returned 0x1 [0159.123] CloseHandle (hObject=0x1b0) returned 1 [0159.123] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.130] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x6a4) returned 1 [0159.130] SuspendThread (hThread=0x6a4) returned 0x0 [0159.130] GetThreadContext (in: hThread=0x6a4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0159.161] ResumeThread (hThread=0x6a4) returned 0x1 [0159.161] CloseHandle (hObject=0x6a4) returned 1 [0159.161] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.213] timeEndPeriod (uPeriod=0x1) returned 0x0 [0159.213] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0x1d7) returned 0x0 [0159.220] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0159.220] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.285] timeEndPeriod (uPeriod=0x1) returned 0x0 [0159.285] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0x18f) returned 0x0 [0159.336] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0159.336] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3e0) returned 1 [0159.336] SuspendThread (hThread=0x3e0) returned 0x0 [0159.336] GetThreadContext (in: hThread=0x3e0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0159.359] ResumeThread (hThread=0x3e0) returned 0x1 [0159.359] CloseHandle (hObject=0x3e0) returned 1 [0159.360] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.398] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.410] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0159.410] SuspendThread (hThread=0x36c) returned 0x0 [0159.410] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0159.454] ResumeThread (hThread=0x36c) returned 0x1 [0159.454] CloseHandle (hObject=0x36c) returned 1 [0159.454] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.456] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0159.456] SuspendThread (hThread=0x36c) returned 0x0 [0159.456] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0159.482] ResumeThread (hThread=0x36c) returned 0x1 [0159.482] CloseHandle (hObject=0x36c) returned 1 [0159.482] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.521] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.541] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0159.542] SuspendThread (hThread=0x1b0) returned 0x0 [0159.542] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0159.585] ResumeThread (hThread=0x1b0) returned 0x1 [0159.585] CloseHandle (hObject=0x1b0) returned 1 [0159.585] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.591] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0159.591] SuspendThread (hThread=0x36c) returned 0x0 [0159.592] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0159.625] ResumeThread (hThread=0x36c) returned 0x1 [0159.625] CloseHandle (hObject=0x36c) returned 1 [0159.625] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.632] timeEndPeriod (uPeriod=0x1) returned 0x0 [0159.632] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0x3c) returned 0x0 [0159.636] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0159.636] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.656] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0159.656] SuspendThread (hThread=0x1b0) returned 0x0 [0159.656] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0159.663] ResumeThread (hThread=0x1b0) returned 0x1 [0159.663] CloseHandle (hObject=0x1b0) returned 1 [0159.663] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.712] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.766] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0159.766] SetEvent (hEvent=0x1b4) returned 1 [0159.766] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.802] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0159.803] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0159.803] SuspendThread (hThread=0x36c) returned 0x0 [0159.803] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0159.835] ResumeThread (hThread=0x36c) returned 0x1 [0159.835] CloseHandle (hObject=0x36c) returned 1 [0159.835] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.843] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0159.843] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x1b0) returned 1 [0159.843] SuspendThread (hThread=0x1b0) returned 0x0 [0159.843] GetThreadContext (in: hThread=0x1b0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2f53fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0159.872] ResumeThread (hThread=0x1b0) returned 0x1 [0159.872] CloseHandle (hObject=0x1b0) returned 1 [0159.872] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.905] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0159.905] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.936] timeEndPeriod (uPeriod=0x1) returned 0x0 [0159.936] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0159.937] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0159.937] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0159.937] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.944] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0159.956] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0159.956] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x78c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3e0) returned 1 [0159.956] SuspendThread (hThread=0x3e0) returned 0x0 [0159.956] GetThreadContext (in: hThread=0x3e0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3bb3fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0160.152] ResumeThread (hThread=0x3e0) returned 0x1 [0160.152] CloseHandle (hObject=0x3e0) returned 1 [0160.152] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.156] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.156] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x78c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0160.156] SuspendThread (hThread=0x36c) returned 0x0 [0160.156] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3bb3fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0160.177] ResumeThread (hThread=0x36c) returned 0x1 [0160.177] CloseHandle (hObject=0x36c) returned 1 [0160.178] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.242] timeEndPeriod (uPeriod=0x1) returned 0x0 [0160.243] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0160.302] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0160.302] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.302] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.319] timeEndPeriod (uPeriod=0x1) returned 0x0 [0160.319] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0160.321] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0160.321] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.322] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x78c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3e0) returned 1 [0160.322] SuspendThread (hThread=0x3e0) returned 0x0 [0160.322] GetThreadContext (in: hThread=0x3e0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3bb3fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0160.366] ResumeThread (hThread=0x3e0) returned 0x1 [0160.366] CloseHandle (hObject=0x3e0) returned 1 [0160.366] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.391] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.391] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.413] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.413] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x78c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3e0) returned 1 [0160.413] SuspendThread (hThread=0x3e0) returned 0x0 [0160.413] GetThreadContext (in: hThread=0x3e0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3bb3fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0160.495] ResumeThread (hThread=0x3e0) returned 0x1 [0160.495] CloseHandle (hObject=0x3e0) returned 1 [0160.495] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.501] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.501] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x78c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0160.501] SuspendThread (hThread=0x36c) returned 0x0 [0160.501] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3bb3fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0160.525] ResumeThread (hThread=0x36c) returned 0x1 [0160.525] CloseHandle (hObject=0x36c) returned 1 [0160.526] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.588] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.589] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.598] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.624] timeEndPeriod (uPeriod=0x1) returned 0x0 [0160.624] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0160.627] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0160.627] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.627] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x78c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3e0) returned 1 [0160.627] SuspendThread (hThread=0x3e0) returned 0x0 [0160.627] GetThreadContext (in: hThread=0x3e0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3bb3fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0160.648] ResumeThread (hThread=0x3e0) returned 0x1 [0160.648] CloseHandle (hObject=0x3e0) returned 1 [0160.649] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.683] timeEndPeriod (uPeriod=0x1) returned 0x0 [0160.683] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0160.687] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0160.687] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.687] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.721] timeEndPeriod (uPeriod=0x1) returned 0x0 [0160.721] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0160.725] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0160.725] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.725] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x78c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x7c4) returned 1 [0160.725] SuspendThread (hThread=0x7c4) returned 0x0 [0160.725] GetThreadContext (in: hThread=0x7c4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3bb3fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0160.745] ResumeThread (hThread=0x7c4) returned 0x1 [0160.745] CloseHandle (hObject=0x7c4) returned 1 [0160.745] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.789] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.789] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.799] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.815] timeEndPeriod (uPeriod=0x1) returned 0x0 [0160.815] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0160.817] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0160.817] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.817] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x78c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0160.817] SuspendThread (hThread=0x36c) returned 0x0 [0160.817] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3bb3fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0160.822] ResumeThread (hThread=0x36c) returned 0x1 [0160.822] CloseHandle (hObject=0x36c) returned 1 [0160.822] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.845] timeEndPeriod (uPeriod=0x1) returned 0x0 [0160.845] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0160.850] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0160.850] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.850] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.870] timeEndPeriod (uPeriod=0x1) returned 0x0 [0160.870] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0160.872] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0160.872] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.872] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.888] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.888] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.908] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.908] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x634, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x7c4) returned 1 [0160.908] SuspendThread (hThread=0x7c4) returned 0x0 [0160.908] GetThreadContext (in: hThread=0x7c4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3653fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0160.962] ResumeThread (hThread=0x7c4) returned 0x1 [0160.962] CloseHandle (hObject=0x7c4) returned 1 [0160.962] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0160.973] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0160.973] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x634, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x7a0) returned 1 [0160.973] SuspendThread (hThread=0x7a0) returned 0x0 [0160.973] GetThreadContext (in: hThread=0x7a0, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3653fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0160.995] ResumeThread (hThread=0x7a0) returned 0x1 [0160.995] CloseHandle (hObject=0x7a0) returned 1 [0160.995] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.018] timeEndPeriod (uPeriod=0x1) returned 0x0 [0161.019] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0161.025] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0161.025] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.025] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.045] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.045] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x634, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0161.046] SuspendThread (hThread=0x36c) returned 0x0 [0161.046] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3653fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0161.095] ResumeThread (hThread=0x36c) returned 0x1 [0161.095] CloseHandle (hObject=0x36c) returned 1 [0161.095] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.099] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.099] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x634, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0161.099] SuspendThread (hThread=0x36c) returned 0x0 [0161.099] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3653fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0161.155] ResumeThread (hThread=0x36c) returned 0x1 [0161.155] CloseHandle (hObject=0x36c) returned 1 [0161.155] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.163] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.163] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.171] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.174] timeEndPeriod (uPeriod=0x1) returned 0x0 [0161.174] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0161.175] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0161.175] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.175] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x634, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x36c) returned 1 [0161.175] SuspendThread (hThread=0x36c) returned 0x0 [0161.175] GetThreadContext (in: hThread=0x36c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3653fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0161.221] ResumeThread (hThread=0x36c) returned 0x1 [0161.221] CloseHandle (hObject=0x36c) returned 1 [0161.221] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.223] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.223] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.226] SetEvent (hEvent=0x208) returned 1 [0161.226] SetEvent (hEvent=0xa80) returned 1 [0161.226] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.232] SetEvent (hEvent=0x100) returned 1 [0161.232] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.234] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.234] SetEvent (hEvent=0x9f0) returned 1 [0161.234] SetEvent (hEvent=0xbd0) returned 1 [0161.234] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.238] SetEvent (hEvent=0x9a8) returned 1 [0161.238] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.242] SetEvent (hEvent=0x920) returned 1 [0161.242] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.243] SetEvent (hEvent=0x3b0) returned 1 [0161.243] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.244] SetEvent (hEvent=0x264) returned 1 [0161.244] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.248] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.248] SetEvent (hEvent=0x8e8) returned 1 [0161.248] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.250] SetEvent (hEvent=0x304) returned 1 [0161.250] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.252] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.261] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.261] SetEvent (hEvent=0x324) returned 1 [0161.261] SetEvent (hEvent=0xa68) returned 1 [0161.261] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.265] SetEvent (hEvent=0xc80) returned 1 [0161.265] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.266] SetEvent (hEvent=0xab8) returned 1 [0161.267] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.268] SetEvent (hEvent=0xb40) returned 1 [0161.268] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.270] SetEvent (hEvent=0xc5c) returned 1 [0161.271] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.274] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.274] SetEvent (hEvent=0xa38) returned 1 [0161.275] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.276] SetEvent (hEvent=0x274) returned 1 [0161.276] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.309] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.309] SetEvent (hEvent=0xb68) returned 1 [0161.309] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.321] SetEvent (hEvent=0x1a0) returned 1 [0161.321] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.322] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.322] SetEvent (hEvent=0xb50) returned 1 [0161.322] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.325] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.327] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.331] timeEndPeriod (uPeriod=0x1) returned 0x0 [0161.331] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0161.333] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0161.333] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.354] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.354] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.364] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.364] SetEvent (hEvent=0x8f8) returned 1 [0161.364] SetEvent (hEvent=0xbd8) returned 1 [0161.365] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.372] SetEvent (hEvent=0xa20) returned 1 [0161.372] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.373] SetEvent (hEvent=0xa20) returned 1 [0161.373] SetEvent (hEvent=0x114) returned 1 [0161.373] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.380] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.380] SetEvent (hEvent=0xb60) returned 1 [0161.380] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.382] SetEvent (hEvent=0xa10) returned 1 [0161.382] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.383] SetEvent (hEvent=0xb70) returned 1 [0161.383] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.386] SetEvent (hEvent=0x9c8) returned 1 [0161.386] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.390] SetEvent (hEvent=0xb38) returned 1 [0161.390] SetEvent (hEvent=0xb18) returned 1 [0161.390] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.392] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.392] SetEvent (hEvent=0xa60) returned 1 [0161.392] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.395] SetEvent (hEvent=0xbb0) returned 1 [0161.395] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.396] SetEvent (hEvent=0xc14) returned 1 [0161.396] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.399] SetEvent (hEvent=0x968) returned 1 [0161.399] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.400] SetEvent (hEvent=0x1f8) returned 1 [0161.400] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.404] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.404] SetEvent (hEvent=0xb20) returned 1 [0161.405] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.409] SetEvent (hEvent=0xc6c) returned 1 [0161.409] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.415] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.415] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.417] SetEvent (hEvent=0x990) returned 1 [0161.417] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.418] SetEvent (hEvent=0x990) returned 1 [0161.418] SetEvent (hEvent=0xa50) returned 1 [0161.418] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.420] SetEvent (hEvent=0xa48) returned 1 [0161.420] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.421] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.422] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.423] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.426] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.426] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.427] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.429] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.431] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.432] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.433] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.434] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.435] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.467] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.467] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.470] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.471] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.473] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.474] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.484] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.485] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.486] SetEvent (hEvent=0xac8) returned 1 [0161.486] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.488] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.490] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.492] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.494] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.496] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.496] SetEvent (hEvent=0xae0) returned 1 [0161.496] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.498] SetEvent (hEvent=0xac8) returned 1 [0161.498] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.501] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.503] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.504] SetEvent (hEvent=0xae0) returned 1 [0161.504] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.509] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.509] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.515] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.519] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.523] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.523] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.525] SetEvent (hEvent=0xb80) returned 1 [0161.525] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.528] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.531] SetEvent (hEvent=0xa88) returned 1 [0161.531] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.533] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.534] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.534] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.536] SetEvent (hEvent=0x960) returned 1 [0161.536] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.537] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.539] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.540] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.543] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.544] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.545] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.545] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.546] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.549] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.555] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.560] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.560] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.561] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.563] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.564] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.565] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.568] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.569] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.573] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.573] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.575] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.577] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.578] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.579] SetEvent (hEvent=0x9b8) returned 1 [0161.579] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.581] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.582] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.585] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.585] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.586] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.588] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.589] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.591] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.592] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.593] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.602] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.602] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.606] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.608] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.610] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.611] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.619] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.619] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.620] SetEvent (hEvent=0x9b8) returned 1 [0161.621] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.623] SetEvent (hEvent=0xc74) returned 1 [0161.624] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.625] SetEvent (hEvent=0x9b8) returned 1 [0161.625] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.626] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.628] SetEvent (hEvent=0xc74) returned 1 [0161.628] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.629] SetEvent (hEvent=0x9b8) returned 1 [0161.629] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.631] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.631] SetEvent (hEvent=0xc74) returned 1 [0161.631] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.633] SetEvent (hEvent=0x9b8) returned 1 [0161.633] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.635] SetEvent (hEvent=0xc74) returned 1 [0161.635] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.739] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.739] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.748] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.750] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.754] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.754] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.756] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.757] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.763] SetEvent (hEvent=0x2f4) returned 1 [0161.763] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.765] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.765] SetEvent (hEvent=0x35c) returned 1 [0161.765] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.769] SetEvent (hEvent=0xa58) returned 1 [0161.769] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.775] SetEvent (hEvent=0x320) returned 1 [0161.775] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.777] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.777] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.778] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.779] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.781] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.783] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.784] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.786] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.788] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.788] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.789] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.790] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.793] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.794] SetEvent (hEvent=0x320) returned 1 [0161.794] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.796] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.797] SetEvent (hEvent=0x980) returned 1 [0161.797] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.799] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.799] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.800] SetEvent (hEvent=0x320) returned 1 [0161.800] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.803] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.804] SetEvent (hEvent=0x980) returned 1 [0161.804] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.805] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.808] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.810] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.810] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.811] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.813] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.814] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.815] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.817] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.818] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.819] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.820] SetEvent (hEvent=0xa08) returned 1 [0161.820] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.821] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.821] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.822] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.823] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.824] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.825] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.826] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.827] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.829] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.830] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.834] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.834] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.835] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.837] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.838] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.840] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.841] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.842] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.843] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.845] timeEndPeriod (uPeriod=0x1) returned 0x0 [0161.845] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0161.904] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0161.904] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0161.905] SetEvent (hEvent=0xa08) returned 1 [0161.905] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0161.910] timeEndPeriod (uPeriod=0x1) returned 0x0 [0161.910] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0162.429] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0162.429] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2785f680, ulCount=0x10, ulNumEntriesRemoved=0x2785f654, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2785f680, ulNumEntriesRemoved=0x2785f654) returned 0 [0162.429] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0162.609] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0162.611] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0162.702] timeEndPeriod (uPeriod=0x1) returned 0x0 [0162.703] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0162.752] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0162.752] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0162.924] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x78c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x568) returned 1 [0162.924] SuspendThread (hThread=0x568) returned 0x0 [0162.924] GetThreadContext (in: hThread=0x568, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3bb3fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0162.932] ResumeThread (hThread=0x568) returned 0x1 [0162.932] CloseHandle (hObject=0x568) returned 1 [0162.932] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0162.937] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x78c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x2e4) returned 1 [0162.937] SuspendThread (hThread=0x2e4) returned 0x0 [0162.937] GetThreadContext (in: hThread=0x2e4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3bb3fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0162.976] ResumeThread (hThread=0x2e4) returned 0x1 [0162.976] CloseHandle (hObject=0x2e4) returned 1 [0162.977] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.020] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.062] SetEvent (hEvent=0x254) returned 1 [0163.062] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.105] SetEvent (hEvent=0x254) returned 1 [0163.105] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.122] timeEndPeriod (uPeriod=0x1) returned 0x0 [0163.122] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0163.128] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0163.128] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.184] timeEndPeriod (uPeriod=0x1) returned 0x0 [0163.184] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0163.187] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0163.187] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x834, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x53c) returned 1 [0163.187] SuspendThread (hThread=0x53c) returned 0x0 [0163.187] GetThreadContext (in: hThread=0x53c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3e33fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0163.271] ResumeThread (hThread=0x53c) returned 0x1 [0163.271] CloseHandle (hObject=0x53c) returned 1 [0163.272] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.279] timeEndPeriod (uPeriod=0x1) returned 0x0 [0163.279] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0163.283] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0163.283] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.316] timeEndPeriod (uPeriod=0x1) returned 0x0 [0163.316] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0163.320] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0163.320] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.352] timeEndPeriod (uPeriod=0x1) returned 0x0 [0163.352] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0163.358] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0163.358] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.381] timeEndPeriod (uPeriod=0x1) returned 0x0 [0163.382] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0163.387] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0163.387] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.418] timeEndPeriod (uPeriod=0x1) returned 0x0 [0163.418] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0163.424] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0163.424] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.449] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x834, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x40c) returned 1 [0163.449] SuspendThread (hThread=0x40c) returned 0x0 [0163.449] GetThreadContext (in: hThread=0x40c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3e33fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0163.468] ResumeThread (hThread=0x40c) returned 0x1 [0163.468] CloseHandle (hObject=0x40c) returned 1 [0163.468] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.469] timeEndPeriod (uPeriod=0x1) returned 0x0 [0163.469] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0163.471] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0163.471] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.487] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.503] SetEvent (hEvent=0x9e8) returned 1 [0163.503] SetEvent (hEvent=0x1b4) returned 1 [0163.504] SetEvent (hEvent=0x354) returned 1 [0163.504] SetEvent (hEvent=0x100) returned 1 [0163.504] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.505] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.506] SetEvent (hEvent=0xa30) returned 1 [0163.506] SetEvent (hEvent=0xa68) returned 1 [0163.506] SetEvent (hEvent=0xc80) returned 1 [0163.507] SetEvent (hEvent=0xab8) returned 1 [0163.507] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.509] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.510] SetEvent (hEvent=0xb40) returned 1 [0163.511] SetEvent (hEvent=0xc5c) returned 1 [0163.511] SetEvent (hEvent=0xa38) returned 1 [0163.521] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.523] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.567] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x688, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x40c) returned 1 [0163.567] SuspendThread (hThread=0x40c) returned 0x0 [0163.567] GetThreadContext (in: hThread=0x40c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3793fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0163.569] ResumeThread (hThread=0x40c) returned 0x1 [0163.569] CloseHandle (hObject=0x40c) returned 1 [0163.569] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.577] SetEvent (hEvent=0x114) returned 1 [0163.578] SetEvent (hEvent=0xc1c) returned 1 [0163.580] SetEvent (hEvent=0xc64) returned 1 [0163.581] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.587] SetEvent (hEvent=0xb48) returned 1 [0163.588] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.592] SetEvent (hEvent=0xb50) returned 1 [0163.593] SetEvent (hEvent=0x318) returned 1 [0163.596] SetEvent (hEvent=0xc44) returned 1 [0163.599] SetEvent (hEvent=0xb38) returned 1 [0163.601] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.602] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.603] SetEvent (hEvent=0xbb0) returned 1 [0163.603] SetEvent (hEvent=0xb70) returned 1 [0163.604] SetEvent (hEvent=0xa60) returned 1 [0163.604] SetEvent (hEvent=0xb18) returned 1 [0163.608] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.608] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.610] SetEvent (hEvent=0xa10) returned 1 [0163.610] SetEvent (hEvent=0xb20) returned 1 [0163.617] SetEvent (hEvent=0x1f8) returned 1 [0163.621] SetEvent (hEvent=0x968) returned 1 [0163.623] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.625] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.626] SetEvent (hEvent=0xc14) returned 1 [0163.630] SetEvent (hEvent=0xb60) returned 1 [0163.633] SetEvent (hEvent=0xa50) returned 1 [0163.639] SetEvent (hEvent=0x990) returned 1 [0163.656] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.657] SetEvent (hEvent=0x28c) returned 1 [0163.669] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.669] SetEvent (hEvent=0xc6c) returned 1 [0163.671] SetEvent (hEvent=0x9c8) returned 1 [0163.674] SetEvent (hEvent=0xb80) returned 1 [0163.678] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.679] SetEvent (hEvent=0xc04) returned 1 [0163.681] SetEvent (hEvent=0x208) returned 1 [0163.683] SetEvent (hEvent=0xa80) returned 1 [0163.688] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.689] SetEvent (hEvent=0xbd0) returned 1 [0163.689] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.690] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.691] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.692] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.693] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.693] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.695] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.696] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.697] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.698] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.699] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0163.700] timeEndPeriod (uPeriod=0x1) returned 0x0 [0163.700] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0166.152] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0166.152] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.307] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.702] timeEndPeriod (uPeriod=0x1) returned 0x0 [0166.702] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0166.746] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0166.746] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.755] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.780] SetEvent (hEvent=0xb48) returned 1 [0166.780] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.784] SetEvent (hEvent=0xb38) returned 1 [0166.784] SetEvent (hEvent=0xc44) returned 1 [0166.784] SetEvent (hEvent=0x980) returned 1 [0166.784] SetEvent (hEvent=0x318) returned 1 [0166.785] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.829] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.835] SetEvent (hEvent=0x980) returned 1 [0166.835] SetEvent (hEvent=0xc44) returned 1 [0166.835] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.836] SetEvent (hEvent=0xc44) returned 1 [0166.836] SetEvent (hEvent=0x980) returned 1 [0166.836] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.843] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.847] SetEvent (hEvent=0x980) returned 1 [0166.848] SetEvent (hEvent=0xc44) returned 1 [0166.848] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.849] SetEvent (hEvent=0xc44) returned 1 [0166.849] SetEvent (hEvent=0x980) returned 1 [0166.849] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.856] SetEvent (hEvent=0x980) returned 1 [0166.856] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.867] SetEvent (hEvent=0x980) returned 1 [0166.867] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.870] SetEvent (hEvent=0x980) returned 1 [0166.870] SetEvent (hEvent=0xc44) returned 1 [0166.870] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.895] SetEvent (hEvent=0xc44) returned 1 [0166.895] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.901] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.904] SetEvent (hEvent=0xc44) returned 1 [0166.905] SetEvent (hEvent=0x980) returned 1 [0166.905] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.908] SetEvent (hEvent=0x980) returned 1 [0166.908] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.914] SetEvent (hEvent=0x980) returned 1 [0166.914] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.918] timeEndPeriod (uPeriod=0x1) returned 0x0 [0166.918] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0166.922] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0166.922] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.978] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x654, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x7c4) returned 1 [0166.978] SuspendThread (hThread=0x7c4) returned 0x0 [0166.978] GetThreadContext (in: hThread=0x7c4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x36f3fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0166.988] ResumeThread (hThread=0x7c4) returned 0x1 [0166.988] CloseHandle (hObject=0x7c4) returned 1 [0166.988] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0166.991] timeEndPeriod (uPeriod=0x1) returned 0x0 [0166.991] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0166.995] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0166.995] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x654, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x6a4) returned 1 [0166.996] SuspendThread (hThread=0x6a4) returned 0x0 [0166.996] GetThreadContext (in: hThread=0x6a4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x36f3fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0167.005] ResumeThread (hThread=0x6a4) returned 0x1 [0167.005] CloseHandle (hObject=0x6a4) returned 1 [0167.005] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.011] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.028] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x654, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x6a4) returned 1 [0167.028] SuspendThread (hThread=0x6a4) returned 0x0 [0167.028] GetThreadContext (in: hThread=0x6a4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x36f3fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0167.034] ResumeThread (hThread=0x6a4) returned 0x1 [0167.034] CloseHandle (hObject=0x6a4) returned 1 [0167.034] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.036] timeEndPeriod (uPeriod=0x1) returned 0x0 [0167.036] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0167.042] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0167.042] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x654, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x6a4) returned 1 [0167.042] SuspendThread (hThread=0x6a4) returned 0x0 [0167.042] GetThreadContext (in: hThread=0x6a4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x36f3fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0167.068] ResumeThread (hThread=0x6a4) returned 0x1 [0167.068] CloseHandle (hObject=0x6a4) returned 1 [0167.068] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.073] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.078] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.083] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x654, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x6a4) returned 1 [0167.083] SuspendThread (hThread=0x6a4) returned 0x0 [0167.083] GetThreadContext (in: hThread=0x6a4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x36f3fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0167.105] ResumeThread (hThread=0x6a4) returned 0x1 [0167.105] CloseHandle (hObject=0x6a4) returned 1 [0167.105] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.110] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.112] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.117] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.132] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.135] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.139] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.142] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.145] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.147] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.149] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.155] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.157] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.160] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.161] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.165] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.166] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.169] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.173] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.174] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.176] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.177] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.179] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.181] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.185] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.189] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.191] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.193] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.196] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.200] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.202] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.207] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.214] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.215] timeEndPeriod (uPeriod=0x1) returned 0x0 [0167.215] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0167.220] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0167.220] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.280] timeEndPeriod (uPeriod=0x1) returned 0x0 [0167.280] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0167.288] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0167.288] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.318] timeEndPeriod (uPeriod=0x1) returned 0x0 [0167.318] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0167.327] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0167.327] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x844, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x3e4) returned 1 [0167.327] SuspendThread (hThread=0x3e4) returned 0x0 [0167.327] GetThreadContext (in: hThread=0x3e4, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3e73fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0167.353] ResumeThread (hThread=0x3e4) returned 0x1 [0167.353] CloseHandle (hObject=0x3e4) returned 1 [0167.353] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.361] timeEndPeriod (uPeriod=0x1) returned 0x0 [0167.362] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0167.374] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0167.375] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.400] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x844, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x70c) returned 1 [0167.400] SuspendThread (hThread=0x70c) returned 0x0 [0167.400] GetThreadContext (in: hThread=0x70c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3e73fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0167.408] ResumeThread (hThread=0x70c) returned 0x1 [0167.408] CloseHandle (hObject=0x70c) returned 1 [0167.408] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.410] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x844, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x70c) returned 1 [0167.410] SuspendThread (hThread=0x70c) returned 0x0 [0167.410] GetThreadContext (in: hThread=0x70c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3e73fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0167.419] ResumeThread (hThread=0x70c) returned 0x1 [0167.419] CloseHandle (hObject=0x70c) returned 1 [0167.419] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.425] timeEndPeriod (uPeriod=0x1) returned 0x0 [0167.425] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0167.431] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0167.431] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.443] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x844, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x70c) returned 1 [0167.443] SuspendThread (hThread=0x70c) returned 0x0 [0167.444] GetThreadContext (in: hThread=0x70c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3e73fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0167.467] ResumeThread (hThread=0x70c) returned 0x1 [0167.468] CloseHandle (hObject=0x70c) returned 1 [0167.468] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.476] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.479] timeEndPeriod (uPeriod=0x1) returned 0x0 [0167.479] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2785fdf8*=0xc0, bWaitAll=0, dwMilliseconds=0xea60) returned 0x0 [0167.484] timeBeginPeriod (uPeriod=0x1) returned 0x0 [0167.484] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.509] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x774, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2785f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2785f928*=0x70c) returned 1 [0167.509] SuspendThread (hThread=0x70c) returned 0x0 [0167.509] GetThreadContext (in: hThread=0x70c, lpContext=0x2785f940 | out: lpContext=0x2785f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3b73fb18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0167.554] ResumeThread (hThread=0x70c) returned 0x1 [0167.554] CloseHandle (hObject=0x70c) returned 1 [0167.554] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.557] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.558] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.565] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.566] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.568] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.572] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.575] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.578] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.580] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.581] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.584] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.586] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.588] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.589] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.591] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.595] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.596] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.599] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.600] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.602] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.603] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.606] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.607] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.612] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.614] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.615] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.617] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) returned 0x102 [0167.622] NtWaitForSingleObject (Object=0xffffffffffffffff, Alertable=0, Time=0x2785fe70) Thread: id = 3 os_tid = 0x780 [0070.491] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a5fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a5fea0*=0x98) returned 1 [0070.491] VirtualQuery (in: lpAddress=0x27a5fec0, lpBuffer=0x27a5fec0, dwLength=0x30 | out: lpBuffer=0x27a5fec0*(BaseAddress=0x27a5f000, AllocationBase=0x27860000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0070.491] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x3000, flProtect=0x4) returned 0x3b0000 [0070.491] VirtualAlloc (lpAddress=0xc000080000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000080000 [0070.492] VirtualAlloc (lpAddress=0xc000082000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000082000 [0070.492] VirtualAlloc (lpAddress=0xc000084000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000084000 [0070.492] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000080000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x9c [0070.493] CloseHandle (hObject=0x9c) returned 1 [0070.493] SetEvent (hEvent=0x8c) returned 1 [0070.493] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9c [0070.493] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa0 [0070.493] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0070.565] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0071.520] SetEvent (hEvent=0xb8) returned 1 [0071.520] SetEvent (hEvent=0x8c) returned 1 [0071.520] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0071.521] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0071.522] SetEvent (hEvent=0xb8) returned 1 [0071.522] SetEvent (hEvent=0x8c) returned 1 [0071.522] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0071.524] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0071.588] SetEvent (hEvent=0xa8) returned 1 [0071.589] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x88, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a5f840, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a5f840*=0xe0) returned 1 [0071.589] SuspendThread (hThread=0xe0) returned 0x0 [0071.589] GetThreadContext (in: hThread=0xe0, lpContext=0x27a5f850 | out: lpContext=0x27a5f850*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000c7518, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x4e43a8, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0071.590] ResumeThread (hThread=0xe0) returned 0x1 [0071.590] CloseHandle (hObject=0xe0) returned 1 [0071.591] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x88, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27a5f840, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27a5f840*=0xe0) returned 1 [0071.591] SuspendThread (hThread=0xe0) returned 0x0 [0071.591] GetThreadContext (in: hThread=0xe0, lpContext=0x27a5f850 | out: lpContext=0x27a5f850*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0000c7518, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x4e43a8, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0071.591] SetEvent (hEvent=0xb8) returned 1 [0071.591] ResumeThread (hThread=0xe0) returned 0x1 [0071.591] CloseHandle (hObject=0xe0) returned 1 [0071.591] SwitchToThread () returned 1 [0071.592] SetEvent (hEvent=0x8c) returned 1 [0071.593] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0071.594] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0071.594] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0071.595] SwitchToThread () returned 1 [0071.595] SwitchToThread () returned 1 [0071.596] SwitchToThread () returned 1 [0071.596] SwitchToThread () returned 1 [0071.596] SwitchToThread () returned 1 [0071.596] SwitchToThread () returned 1 [0071.597] SwitchToThread () returned 1 [0071.598] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.598] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x3000, flProtect=0x4) returned 0x282d0000 [0071.598] VirtualAlloc (lpAddress=0xc000580000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000580000 [0071.599] VirtualAlloc (lpAddress=0xc000582000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000582000 [0071.599] VirtualAlloc (lpAddress=0xc000586000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000586000 [0071.599] VirtualAlloc (lpAddress=0xc000588000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000588000 [0071.600] VirtualAlloc (lpAddress=0xc00058a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058a000 [0071.600] VirtualAlloc (lpAddress=0xc00058c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058c000 [0071.600] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0071.600] VirtualAlloc (lpAddress=0xc000590000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000590000 [0071.601] VirtualAlloc (lpAddress=0xc000592000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000592000 [0071.601] VirtualAlloc (lpAddress=0xc000594000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000594000 [0071.603] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.603] VirtualAlloc (lpAddress=0xc000596000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000596000 [0071.605] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.606] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.606] VirtualAlloc (lpAddress=0xc000598000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000598000 [0071.607] VirtualAlloc (lpAddress=0xc00059c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00059c000 [0071.608] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.608] VirtualAlloc (lpAddress=0xc00059e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00059e000 [0071.610] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.612] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.612] VirtualAlloc (lpAddress=0xc0005a0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005a0000 [0071.612] VirtualAlloc (lpAddress=0xc0005a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005a4000 [0071.614] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.614] VirtualAlloc (lpAddress=0xc0005a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005a6000 [0071.616] VirtualAlloc (lpAddress=0xc0005a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005a8000 [0071.616] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.618] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.618] VirtualAlloc (lpAddress=0xc0005aa000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005aa000 [0071.618] VirtualAlloc (lpAddress=0xc0005ae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005ae000 [0071.620] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.622] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.622] VirtualAlloc (lpAddress=0xc0005b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005b0000 [0071.624] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.624] VirtualAlloc (lpAddress=0xc0005b2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005b2000 [0071.624] VirtualAlloc (lpAddress=0xc0005b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005b6000 [0071.625] VirtualAlloc (lpAddress=0xc0005b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005b8000 [0071.626] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.628] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.628] VirtualAlloc (lpAddress=0xc0005ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005ba000 [0071.629] VirtualAlloc (lpAddress=0xc0005bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005bc000 [0071.630] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.630] VirtualAlloc (lpAddress=0xc0005be000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005be000 [0071.631] VirtualAlloc (lpAddress=0xc0005c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005c2000 [0071.633] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.634] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.634] VirtualAlloc (lpAddress=0xc0005c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005c4000 [0071.636] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.636] VirtualAlloc (lpAddress=0xc0005c6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005c6000 [0071.638] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.638] VirtualAlloc (lpAddress=0xc0005ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005ca000 [0071.640] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.640] VirtualAlloc (lpAddress=0xc0005cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005cc000 [0071.641] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.641] VirtualAlloc (lpAddress=0xc0005ce000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005ce000 [0071.642] VirtualAlloc (lpAddress=0xc0005d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005d2000 [0071.643] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.643] VirtualAlloc (lpAddress=0xc0005d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005d4000 [0071.645] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.645] VirtualAlloc (lpAddress=0xc0005d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005d6000 [0071.647] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.647] VirtualAlloc (lpAddress=0xc0005d8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005d8000 [0071.648] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.649] VirtualAlloc (lpAddress=0xc0005dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005dc000 [0071.649] VirtualAlloc (lpAddress=0xc0005de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005de000 [0071.650] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.651] VirtualAlloc (lpAddress=0xc0005e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005e0000 [0071.652] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.652] VirtualAlloc (lpAddress=0xc0005e2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005e2000 [0071.654] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.654] VirtualAlloc (lpAddress=0xc0005e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005e6000 [0071.656] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.656] VirtualAlloc (lpAddress=0xc0005e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005e8000 [0071.657] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.657] VirtualAlloc (lpAddress=0xc0005ea000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005ea000 [0071.658] VirtualAlloc (lpAddress=0xc0005ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005ee000 [0071.659] VirtualAlloc (lpAddress=0xc0005f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005f0000 [0071.660] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.660] VirtualAlloc (lpAddress=0xc0005f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005f2000 [0071.661] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.663] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.663] VirtualAlloc (lpAddress=0xc0005f4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005f4000 [0071.663] VirtualAlloc (lpAddress=0xc0005f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005f8000 [0071.665] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.665] VirtualAlloc (lpAddress=0xc0005fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005fa000 [0071.667] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.668] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.668] VirtualAlloc (lpAddress=0xc0005fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005fc000 [0071.668] VirtualAlloc (lpAddress=0xc000600000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000600000 [0071.669] VirtualAlloc (lpAddress=0xc0005fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005fe000 [0071.671] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.671] VirtualAlloc (lpAddress=0xc000604000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000604000 [0071.673] VirtualAlloc (lpAddress=0xc000606000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000606000 [0071.673] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.675] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.675] VirtualAlloc (lpAddress=0xc000608000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000608000 [0071.675] VirtualAlloc (lpAddress=0xc00060c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00060c000 [0071.677] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.678] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.678] VirtualAlloc (lpAddress=0xc00060e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00060e000 [0071.680] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.680] VirtualAlloc (lpAddress=0xc000610000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000610000 [0071.680] VirtualAlloc (lpAddress=0xc000614000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000614000 [0071.682] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.682] VirtualAlloc (lpAddress=0xc000616000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000616000 [0071.684] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.684] VirtualAlloc (lpAddress=0xc000618000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000618000 [0071.685] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.685] VirtualAlloc (lpAddress=0xc00061a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00061a000 [0071.686] VirtualAlloc (lpAddress=0xc00061e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00061e000 [0071.687] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.689] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.689] VirtualAlloc (lpAddress=0xc000620000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000620000 [0071.691] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.691] VirtualAlloc (lpAddress=0xc000622000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000622000 [0071.691] VirtualAlloc (lpAddress=0xc000626000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000626000 [0071.693] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.694] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.695] VirtualAlloc (lpAddress=0xc000628000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000628000 [0071.695] VirtualAlloc (lpAddress=0xc00062a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00062a000 [0071.697] SetEvent (hEvent=0xa8) returned 1 [0071.698] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.698] VirtualAlloc (lpAddress=0xc00062c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00062c000 [0071.699] VirtualAlloc (lpAddress=0xc00062e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00062e000 [0071.699] VirtualAlloc (lpAddress=0xc000632000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000632000 [0071.701] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.702] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.702] VirtualAlloc (lpAddress=0xc000634000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000634000 [0071.704] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.704] VirtualAlloc (lpAddress=0xc000636000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000636000 [0071.706] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.706] VirtualAlloc (lpAddress=0xc00063a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00063a000 [0071.707] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.708] VirtualAlloc (lpAddress=0xc00063c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00063c000 [0071.709] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.709] VirtualAlloc (lpAddress=0xc00063e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00063e000 [0071.711] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.711] VirtualAlloc (lpAddress=0xc000642000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000642000 [0071.711] VirtualAlloc (lpAddress=0xc000644000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000644000 [0071.713] VirtualAlloc (lpAddress=0xc000646000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000646000 [0071.713] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.713] VirtualAlloc (lpAddress=0xc000648000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000648000 [0071.715] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.715] VirtualAlloc (lpAddress=0xc00064a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00064a000 [0071.717] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.717] VirtualAlloc (lpAddress=0xc00064e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00064e000 [0071.718] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.719] VirtualAlloc (lpAddress=0xc000650000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000650000 [0071.719] VirtualAlloc (lpAddress=0xc000652000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000652000 [0071.720] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.721] VirtualAlloc (lpAddress=0xc000654000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000654000 [0071.722] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.722] VirtualAlloc (lpAddress=0xc000658000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000658000 [0071.723] VirtualAlloc (lpAddress=0xc00065a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00065a000 [0071.724] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.724] VirtualAlloc (lpAddress=0xc00065c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00065c000 [0071.726] VirtualAlloc (lpAddress=0xc00065e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00065e000 [0071.726] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.726] VirtualAlloc (lpAddress=0xc000660000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000660000 [0071.728] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.728] VirtualAlloc (lpAddress=0xc000664000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000664000 [0071.730] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.731] VirtualAlloc (lpAddress=0xc000666000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000666000 [0071.732] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.732] VirtualAlloc (lpAddress=0xc000668000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000668000 [0071.740] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.740] VirtualAlloc (lpAddress=0xc00066c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00066c000 [0071.742] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.743] VirtualAlloc (lpAddress=0xc00066e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00066e000 [0071.744] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.744] VirtualAlloc (lpAddress=0xc000670000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000670000 [0071.744] VirtualAlloc (lpAddress=0xc000674000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000674000 [0071.747] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.747] VirtualAlloc (lpAddress=0xc000676000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000676000 [0071.748] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.750] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.750] VirtualAlloc (lpAddress=0xc000678000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000678000 [0071.750] VirtualAlloc (lpAddress=0xc00067c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00067c000 [0071.750] VirtualAlloc (lpAddress=0xc00067e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00067e000 [0071.752] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.752] VirtualAlloc (lpAddress=0xc000680000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000680000 [0071.754] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.755] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.755] VirtualAlloc (lpAddress=0xc000682000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000682000 [0071.756] VirtualAlloc (lpAddress=0xc000686000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000686000 [0071.757] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.757] VirtualAlloc (lpAddress=0xc000688000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000688000 [0071.759] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.759] VirtualAlloc (lpAddress=0xc00068a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00068a000 [0071.761] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.761] VirtualAlloc (lpAddress=0xc00068c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00068c000 [0071.761] VirtualAlloc (lpAddress=0xc000690000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000690000 [0071.763] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.763] VirtualAlloc (lpAddress=0xc000692000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000692000 [0071.764] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.766] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.766] VirtualAlloc (lpAddress=0xc000694000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000694000 [0071.766] VirtualAlloc (lpAddress=0xc000698000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000698000 [0071.768] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.768] VirtualAlloc (lpAddress=0xc00069a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00069a000 [0071.770] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.771] VirtualAlloc (lpAddress=0xc00069c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00069c000 [0071.771] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.771] VirtualAlloc (lpAddress=0xc00069e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00069e000 [0071.772] VirtualAlloc (lpAddress=0xc0006a0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006a0000 [0071.772] VirtualAlloc (lpAddress=0xc0006a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006a4000 [0071.772] VirtualAlloc (lpAddress=0xc0006a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006a6000 [0071.774] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.774] VirtualAlloc (lpAddress=0xc0006a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006a8000 [0071.776] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.777] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.777] VirtualAlloc (lpAddress=0xc0006aa000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006aa000 [0071.777] VirtualAlloc (lpAddress=0xc0006ae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ae000 [0071.779] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.780] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.781] VirtualAlloc (lpAddress=0xc0006b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006b0000 [0071.782] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.782] VirtualAlloc (lpAddress=0xc0006b2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006b2000 [0071.783] VirtualAlloc (lpAddress=0xc0006b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006b6000 [0071.784] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.784] VirtualAlloc (lpAddress=0xc0006b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006b8000 [0071.786] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.786] VirtualAlloc (lpAddress=0xc0006ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ba000 [0071.788] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.788] VirtualAlloc (lpAddress=0xc0006bc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006bc000 [0071.788] VirtualAlloc (lpAddress=0xc0006c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006c0000 [0071.790] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.791] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.791] VirtualAlloc (lpAddress=0xc0006c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006c2000 [0071.792] VirtualAlloc (lpAddress=0xc0006c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006c4000 [0071.792] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0071.793] SetEvent (hEvent=0xa8) returned 1 [0071.793] SetEvent (hEvent=0x8c) returned 1 [0071.794] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.798] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.799] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.801] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.802] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.803] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.808] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.811] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.812] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.813] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.815] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.816] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.817] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.818] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.820] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.821] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.822] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.824] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.825] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.826] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.827] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.829] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.830] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.831] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.832] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.833] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.834] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.835] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.835] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.837] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.838] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.839] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.840] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.840] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.841] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.842] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.843] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.844] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.845] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.845] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.846] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.847] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.848] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.849] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.849] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.850] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.852] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.853] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.854] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.855] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.856] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.857] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.857] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.858] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.859] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.860] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.861] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.862] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.862] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.863] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.864] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.865] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.866] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.867] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.868] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.869] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.870] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.871] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.873] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.873] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.874] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.875] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.876] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.877] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.878] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.880] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.881] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.882] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.883] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.884] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.886] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.887] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.888] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.892] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.894] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.895] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.896] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.898] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.899] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.900] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.901] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.902] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.903] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.904] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.905] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.905] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.906] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.918] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.918] VirtualAlloc (lpAddress=0xc000044000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000044000 [0071.919] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.919] VirtualAlloc (lpAddress=0xc000046000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000046000 [0071.920] VirtualAlloc (lpAddress=0xc00004a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004a000 [0071.921] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.922] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.922] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0071.922] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0071.924] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.924] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0071.924] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0071.925] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.926] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.926] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0071.927] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0071.928] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.928] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0071.928] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0071.929] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.929] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0071.931] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.931] VirtualAlloc (lpAddress=0xc000062000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000062000 [0071.932] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.932] VirtualAlloc (lpAddress=0xc000064000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000064000 [0071.932] VirtualAlloc (lpAddress=0xc000068000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000068000 [0071.934] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.934] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0071.935] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.935] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0071.936] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.936] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0071.937] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0071.938] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.938] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.939] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0071.940] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.940] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0071.940] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0071.941] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.942] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.942] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0071.943] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0071.944] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.945] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.946] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.947] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.948] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.949] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.950] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.951] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.951] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.952] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.953] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.954] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.955] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.956] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.958] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.959] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.959] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.960] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.961] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.962] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.963] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.964] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.965] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.966] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.967] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.968] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.968] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.969] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.970] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.971] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.972] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.973] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.973] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.974] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.975] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.976] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.977] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.977] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.978] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.979] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.980] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.981] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.982] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.983] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.984] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.985] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.986] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.987] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.987] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.988] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.989] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.990] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.991] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.991] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.992] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.993] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.994] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.995] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.996] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.997] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.998] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0071.999] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.001] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.002] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.002] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.003] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.004] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.004] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0072.064] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0072.068] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0072.068] SetEvent (hEvent=0x108) returned 1 [0072.068] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0072.069] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0072.435] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0089.858] SetEvent (hEvent=0x8c) returned 1 [0089.858] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0089.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\ACECache11.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\acecache11.lst"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0089.880] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0006dfcf4 | out: lpMode=0xc0006dfcf4) returned 0 [0089.897] GetFileType (hFile=0xec) returned 0x1 [0089.897] GetFileType (hFile=0xec) returned 0x1 [0089.897] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0006dfd44 | out: lpFileInformation=0xc0006dfd44) returned 1 [0089.898] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0006dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006dfd28) returned 1 [0089.898] ReadFile (in: hFile=0xec, lpBuffer=0xc000362000, nNumberOfBytesToRead=0x69c, lpNumberOfBytesRead=0xc0006dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000362000*, lpNumberOfBytesRead=0xc0006dfc04*=0x49c, lpOverlapped=0x0) returned 1 [0089.907] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0089.964] ReadFile (in: hFile=0xec, lpBuffer=0xc00036249c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00036249c*, lpNumberOfBytesRead=0xc0006dfc04*=0x0, lpOverlapped=0x0) returned 1 [0089.964] CloseHandle (hObject=0xec) returned 1 [0089.964] SetEvent (hEvent=0x120) returned 1 [0089.964] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0090.050] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0090.053] SetEvent (hEvent=0x114) returned 1 [0090.053] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0090.259] SetEvent (hEvent=0x120) returned 1 [0090.272] SetEvent (hEvent=0x108) returned 1 [0090.272] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0090.277] SetEvent (hEvent=0x120) returned 1 [0090.277] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0090.278] SetEvent (hEvent=0x120) returned 1 [0090.278] SetEvent (hEvent=0x108) returned 1 [0090.278] SetEvent (hEvent=0x13c) returned 1 [0090.278] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0090.291] GetFileType (hFile=0xf8) returned 0x1 [0090.291] GetFileType (hFile=0xf8) returned 0x1 [0090.291] GetFileInformationByHandle (in: hFile=0xf8, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0090.291] GetFileInformationByHandleEx (in: hFile=0xf8, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0090.292] VirtualAlloc (lpAddress=0xc00014a000, dwSize=0x116000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014a000 [0090.315] ReadFile (in: hFile=0xf8, lpBuffer=0xc00014a000, nNumberOfBytesToRead=0x114158, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00014a000*, lpNumberOfBytesRead=0xc0006ddc04*=0x113f58, lpOverlapped=0x0) returned 1 [0090.478] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0090.495] ReadFile (in: hFile=0xf8, lpBuffer=0xc00025df58, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00025df58*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0090.495] CloseHandle (hObject=0xf8) returned 1 [0090.496] VirtualAlloc (lpAddress=0xc000800000, dwSize=0x400000, flAllocationType=0x2000, flProtect=0x4) returned 0xc000800000 [0090.497] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x291d0000 [0090.497] VirtualAlloc (lpAddress=0xc0006fc000, dwSize=0x114000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.498] VirtualAlloc (lpAddress=0xc0006fc000, dwSize=0x114000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.498] VirtualAlloc (lpAddress=0xc0006fc000, dwSize=0x8a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006fc000 [0090.500] VirtualAlloc (lpAddress=0xc000786000, dwSize=0x8a000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.500] VirtualAlloc (lpAddress=0xc000786000, dwSize=0x45000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000786000 [0090.501] VirtualAlloc (lpAddress=0xc0007cb000, dwSize=0x45000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.501] VirtualAlloc (lpAddress=0xc0007cb000, dwSize=0x22000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007cb000 [0090.501] VirtualAlloc (lpAddress=0xc0007ed000, dwSize=0x23000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.501] VirtualAlloc (lpAddress=0xc0007ed000, dwSize=0x11000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ed000 [0090.502] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.502] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.502] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.502] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fe000 [0090.502] VirtualAlloc (lpAddress=0xc000800000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0090.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf8 [0090.540] GetConsoleMode (in: hConsoleHandle=0xf8, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0090.541] GetFileType (hFile=0xf8) returned 0x1 [0090.541] WriteFile (in: hFile=0xf8, lpBuffer=0xc0006fc000*, nNumberOfBytesToWrite=0x113f60, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc0006fc000*, lpNumberOfBytesWritten=0xc0006ddcec*=0x113f60, lpOverlapped=0x0) returned 1 [0090.566] CloseHandle (hObject=0xf8) returned 1 [0090.593] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0090.594] SetEvent (hEvent=0x120) returned 1 [0090.594] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0093.128] SetEvent (hEvent=0xb8) returned 1 [0093.128] SetEvent (hEvent=0x12c) returned 1 [0093.128] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.466] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.468] SetEvent (hEvent=0xb8) returned 1 [0094.468] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.474] SetEvent (hEvent=0x120) returned 1 [0094.474] SetEvent (hEvent=0x114) returned 1 [0094.474] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.622] SetEvent (hEvent=0x108) returned 1 [0094.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xfc [0094.622] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc0000bbcf4 | out: lpMode=0xc0000bbcf4) returned 0 [0094.626] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.627] SetEvent (hEvent=0xc0) returned 1 [0094.627] SetEvent (hEvent=0x108) returned 1 [0094.627] GetFileType (hFile=0xfc) returned 0x1 [0094.628] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.644] VirtualAlloc (lpAddress=0xc0000f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f4000 [0094.644] GetFileType (hFile=0xfc) returned 0x1 [0094.644] GetFileInformationByHandle (in: hFile=0xfc, lpFileInformation=0xc0000bbd44 | out: lpFileInformation=0xc0000bbd44) returned 1 [0094.644] GetFileInformationByHandleEx (in: hFile=0xfc, FileInformationClass=0x9, lpFileInformation=0xc0000bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bbd28) returned 1 [0094.644] VirtualAlloc (lpAddress=0xc0000f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f6000 [0094.645] ReadFile (in: hFile=0xfc, lpBuffer=0xc0000f6000, nNumberOfBytesToRead=0x2cf, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f6000*, lpNumberOfBytesRead=0xc0000bbc04*=0xcf, lpOverlapped=0x0) returned 1 [0094.645] ReadFile (in: hFile=0xfc, lpBuffer=0xc0000f60cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f60cf*, lpNumberOfBytesRead=0xc0000bbc04*=0x0, lpOverlapped=0x0) returned 1 [0094.646] CloseHandle (hObject=0xfc) returned 1 [0094.646] VirtualAlloc (lpAddress=0xc0000f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f8000 [0094.646] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0094.646] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0094.647] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0094.647] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0094.647] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0094.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0094.648] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc0000bbd04 | out: lpMode=0xc0000bbd04) returned 0 [0094.657] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.663] SetEvent (hEvent=0x114) returned 1 [0094.663] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.666] SetEvent (hEvent=0x114) returned 1 [0094.666] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.667] SetEvent (hEvent=0x114) returned 1 [0094.667] SetEvent (hEvent=0x120) returned 1 [0094.667] SetEvent (hEvent=0x8c) returned 1 [0094.667] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.678] SetEvent (hEvent=0x114) returned 1 [0094.678] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.745] SetEvent (hEvent=0x120) returned 1 [0094.745] SetEvent (hEvent=0x8c) returned 1 [0094.745] SetEvent (hEvent=0x114) returned 1 [0094.745] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.762] SetEvent (hEvent=0x120) returned 1 [0094.762] SetEvent (hEvent=0x8c) returned 1 [0094.762] SetEvent (hEvent=0x114) returned 1 [0094.762] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.772] SetEvent (hEvent=0x120) returned 1 [0094.772] SetEvent (hEvent=0x108) returned 1 [0094.772] SetEvent (hEvent=0x8c) returned 1 [0094.772] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.782] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.789] SetEvent (hEvent=0x120) returned 1 [0094.790] GetFileType (hFile=0xfc) returned 0x1 [0094.790] WriteFile (in: hFile=0xfc, lpBuffer=0xc00004c000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc0000bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesWritten=0xc0000bbcec*=0xd0, lpOverlapped=0x0) returned 1 [0094.791] CloseHandle (hObject=0xfc) returned 1 [0094.799] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0094.799] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0094.799] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0094.800] VirtualAlloc (lpAddress=0xc0000ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ec000 [0094.800] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0094.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0094.801] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc0000bbd64 | out: lpMode=0xc0000bbd64) returned 0 [0094.806] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.809] GetFileType (hFile=0xfc) returned 0x1 [0094.809] WriteFile (in: hFile=0xfc, lpBuffer=0xc0000ee2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee2c0*, lpNumberOfBytesWritten=0xc0000bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0094.809] CloseHandle (hObject=0xfc) returned 1 [0094.810] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.811] SetEvent (hEvent=0x114) returned 1 [0094.811] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.890] SetEvent (hEvent=0x120) returned 1 [0094.890] SetEvent (hEvent=0x100) returned 1 [0094.890] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.895] SetEvent (hEvent=0x120) returned 1 [0094.895] SwitchToThread () returned 1 [0094.895] SetEvent (hEvent=0x120) returned 1 [0094.895] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.896] SetEvent (hEvent=0x108) returned 1 [0094.896] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.906] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c5818, lpReserved=0x0 | out: lpBuffer=0xc0005861a0*, lpNumberOfCharsWritten=0xc0000c5818*=0x3) returned 1 [0094.924] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.931] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0094.932] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000103d8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000249818, lpReserved=0x0 | out: lpBuffer=0xc0000103d8*, lpNumberOfCharsWritten=0xc000249818*=0x3) returned 1 [0094.936] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586320*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004db818, lpReserved=0x0 | out: lpBuffer=0xc000586320*, lpNumberOfCharsWritten=0xc0004db818*=0x3) returned 1 [0094.946] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.960] SetEvent (hEvent=0x114) returned 1 [0094.960] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.963] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586326*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00027b818, lpReserved=0x0 | out: lpBuffer=0xc000586326*, lpNumberOfCharsWritten=0xc00027b818*=0x3) returned 1 [0094.965] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.968] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.970] SetEvent (hEvent=0x114) returned 1 [0094.970] SetEvent (hEvent=0x8c) returned 1 [0094.970] SetEvent (hEvent=0x100) returned 1 [0094.970] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0094.997] SetEvent (hEvent=0x114) returned 1 [0094.997] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.026] SetEvent (hEvent=0x100) returned 1 [0095.026] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.054] SetEvent (hEvent=0x114) returned 1 [0095.054] VirtualFree (lpAddress=0xc000178000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0095.055] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.055] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.055] VirtualFree (lpAddress=0xc0000ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.055] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.056] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.056] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.056] SetEvent (hEvent=0x100) returned 1 [0095.056] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.057] SetEvent (hEvent=0x114) returned 1 [0095.057] SwitchToThread () returned 1 [0095.063] SetEvent (hEvent=0x114) returned 1 [0095.063] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.063] SetEvent (hEvent=0x114) returned 1 [0095.063] SetEvent (hEvent=0x100) returned 1 [0095.063] SetEvent (hEvent=0x8c) returned 1 [0095.063] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.074] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.076] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000113818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc000113818*=0x3) returned 1 [0095.080] SetEvent (hEvent=0x100) returned 1 [0095.080] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.107] VirtualAlloc (lpAddress=0xc000134000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000134000 [0095.108] VirtualAlloc (lpAddress=0xc000136000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000136000 [0095.108] VirtualAlloc (lpAddress=0xc000138000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000138000 [0095.109] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0095.109] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0095.109] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000279cf4 | out: lpMode=0xc000279cf4) returned 0 [0095.124] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.143] SetEvent (hEvent=0x100) returned 1 [0095.143] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.144] SetEvent (hEvent=0x100) returned 1 [0095.144] SetEvent (hEvent=0x8c) returned 1 [0095.144] VirtualFree (lpAddress=0xc000134000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0095.144] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.145] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.145] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.146] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.146] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.147] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.147] VirtualFree (lpAddress=0xc00005c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.147] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.148] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.148] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.148] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.148] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.149] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0095.150] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000277cf4 | out: lpMode=0xc000277cf4) returned 0 [0095.151] GetFileType (hFile=0x14c) returned 0x1 [0095.151] GetFileType (hFile=0x14c) returned 0x1 [0095.151] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc000277d44 | out: lpFileInformation=0xc000277d44) returned 1 [0095.151] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc000277d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000277d28) returned 1 [0095.151] ReadFile (in: hFile=0x14c, lpBuffer=0xc000130000, nNumberOfBytesToRead=0x317, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc000130000*, lpNumberOfBytesRead=0xc000277c04*=0x117, lpOverlapped=0x0) returned 1 [0095.152] ReadFile (in: hFile=0x14c, lpBuffer=0xc000130117, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc000130117*, lpNumberOfBytesRead=0xc000277c04*=0x0, lpOverlapped=0x0) returned 1 [0095.152] CloseHandle (hObject=0x14c) returned 1 [0095.152] VirtualAlloc (lpAddress=0xc0000ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ec000 [0095.152] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0095.153] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000277d04 | out: lpMode=0xc000277d04) returned 0 [0095.164] GetFileType (hFile=0x14c) returned 0x1 [0095.164] WriteFile (in: hFile=0x14c, lpBuffer=0xc000122000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc000277cec, lpOverlapped=0x0 | out: lpBuffer=0xc000122000*, lpNumberOfBytesWritten=0xc000277cec*=0x120, lpOverlapped=0x0) returned 1 [0095.165] CloseHandle (hObject=0x14c) returned 1 [0095.167] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0095.167] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0095.167] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000277d64 | out: lpMode=0xc000277d64) returned 0 [0095.172] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.177] SetEvent (hEvent=0x100) returned 1 [0095.177] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.182] SetEvent (hEvent=0x100) returned 1 [0095.183] SetEvent (hEvent=0x120) returned 1 [0095.183] SwitchToThread () returned 1 [0095.183] SetEvent (hEvent=0x100) returned 1 [0095.184] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.186] SetEvent (hEvent=0x8c) returned 1 [0095.186] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.212] SetEvent (hEvent=0x100) returned 1 [0095.212] SetEvent (hEvent=0x120) returned 1 [0095.212] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0095.256] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000253cf4 | out: lpMode=0xc000253cf4) returned 0 [0095.266] GetFileType (hFile=0x150) returned 0x1 [0095.266] GetFileType (hFile=0x150) returned 0x1 [0095.266] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000253d44 | out: lpFileInformation=0xc000253d44) returned 1 [0095.266] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000253d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000253d28) returned 1 [0095.266] VirtualAlloc (lpAddress=0xc000152000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000152000 [0095.267] ReadFile (in: hFile=0x150, lpBuffer=0xc000152000, nNumberOfBytesToRead=0x2d5, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc000152000*, lpNumberOfBytesRead=0xc000253c04*=0xd5, lpOverlapped=0x0) returned 1 [0095.268] ReadFile (in: hFile=0x150, lpBuffer=0xc0001520d5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001520d5*, lpNumberOfBytesRead=0xc000253c04*=0x0, lpOverlapped=0x0) returned 1 [0095.268] CloseHandle (hObject=0x150) returned 1 [0095.268] VirtualAlloc (lpAddress=0xc000154000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000154000 [0095.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0095.270] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000253d04 | out: lpMode=0xc000253d04) returned 0 [0095.272] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.273] SetEvent (hEvent=0x100) returned 1 [0095.273] GetFileType (hFile=0x150) returned 0x1 [0095.274] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.295] VirtualAlloc (lpAddress=0xc000156000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000156000 [0095.295] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0095.296] WriteFile (in: hFile=0x150, lpBuffer=0xc000154000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000253cec, lpOverlapped=0x0 | out: lpBuffer=0xc000154000*, lpNumberOfBytesWritten=0xc000253cec*=0xe0, lpOverlapped=0x0) returned 1 [0095.297] CloseHandle (hObject=0x150) returned 1 [0095.298] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0095.299] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0095.299] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0095.300] VirtualAlloc (lpAddress=0xc00015e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015e000 [0095.300] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0095.301] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0095.301] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0095.302] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0095.302] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000253d64 | out: lpMode=0xc000253d64) returned 0 [0095.320] GetFileType (hFile=0x150) returned 0x1 [0095.320] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000253d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000253d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.320] CloseHandle (hObject=0x150) returned 1 [0095.323] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.324] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.325] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0095.325] SetEvent (hEvent=0xc0) returned 1 [0095.325] SetEvent (hEvent=0xb8) returned 1 [0095.325] SetEvent (hEvent=0x114) returned 1 [0095.325] SetEvent (hEvent=0x13c) returned 1 [0095.325] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0095.327] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.331] SetEvent (hEvent=0x8c) returned 1 [0095.331] SetEvent (hEvent=0xb8) returned 1 [0095.331] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.332] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.333] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0095.333] SetEvent (hEvent=0x100) returned 1 [0095.333] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.333] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xfc [0095.333] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc00010dcf4 | out: lpMode=0xc00010dcf4) returned 0 [0095.336] GetFileType (hFile=0xfc) returned 0x1 [0095.337] GetFileType (hFile=0xfc) returned 0x1 [0095.337] GetFileInformationByHandle (in: hFile=0xfc, lpFileInformation=0xc00010dd44 | out: lpFileInformation=0xc00010dd44) returned 1 [0095.337] GetFileInformationByHandleEx (in: hFile=0xfc, FileInformationClass=0x9, lpFileInformation=0xc00010dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010dd28) returned 1 [0095.337] VirtualAlloc (lpAddress=0xc00016e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016e000 [0095.337] ReadFile (in: hFile=0xfc, lpBuffer=0xc00016e000, nNumberOfBytesToRead=0x2e4, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016e000*, lpNumberOfBytesRead=0xc00010dc04*=0xe4, lpOverlapped=0x0) returned 1 [0095.338] ReadFile (in: hFile=0xfc, lpBuffer=0xc00016e0e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016e0e4*, lpNumberOfBytesRead=0xc00010dc04*=0x0, lpOverlapped=0x0) returned 1 [0095.338] CloseHandle (hObject=0xfc) returned 1 [0095.339] VirtualAlloc (lpAddress=0xc000170000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000170000 [0095.339] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0095.340] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc00010dd04 | out: lpMode=0xc00010dd04) returned 0 [0095.360] GetFileType (hFile=0xfc) returned 0x1 [0095.360] WriteFile (in: hFile=0xfc, lpBuffer=0xc0001701e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00010dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001701e0*, lpNumberOfBytesWritten=0xc00010dcec*=0xf0, lpOverlapped=0x0) returned 1 [0095.361] CloseHandle (hObject=0xfc) returned 1 [0095.362] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0095.362] VirtualAlloc (lpAddress=0xc000172000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000172000 [0095.363] VirtualAlloc (lpAddress=0xc000174000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000174000 [0095.364] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0095.364] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0095.364] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0095.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0095.365] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc00010dd64 | out: lpMode=0xc00010dd64) returned 0 [0095.376] GetFileType (hFile=0xfc) returned 0x1 [0095.376] WriteFile (in: hFile=0xfc, lpBuffer=0xc00011c420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c420*, lpNumberOfBytesWritten=0xc00010dd4c*=0x158, lpOverlapped=0x0) returned 1 [0095.377] CloseHandle (hObject=0xfc) returned 1 [0095.380] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.381] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.417] SetEvent (hEvent=0x114) returned 1 [0095.417] SetEvent (hEvent=0x100) returned 1 [0095.417] SetEvent (hEvent=0x120) returned 1 [0095.418] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.528] SetEvent (hEvent=0x100) returned 1 [0095.528] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.587] SetEvent (hEvent=0x100) returned 1 [0095.587] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.594] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.596] SetEvent (hEvent=0x114) returned 1 [0095.596] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.598] SetEvent (hEvent=0x13c) returned 1 [0095.598] SetEvent (hEvent=0x8c) returned 1 [0095.598] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.604] SetEvent (hEvent=0x100) returned 1 [0095.604] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.604] VirtualFree (lpAddress=0xc00019c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.604] VirtualFree (lpAddress=0xc000190000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0095.605] VirtualFree (lpAddress=0xc000176000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.605] VirtualFree (lpAddress=0xc000154000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.605] VirtualFree (lpAddress=0xc00014c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.605] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.605] VirtualFree (lpAddress=0xc000142000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.606] VirtualFree (lpAddress=0xc00013a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0095.606] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.606] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0095.607] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.607] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.607] VirtualFree (lpAddress=0xc0000f2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0095.607] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.608] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.608] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.608] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.609] VirtualFree (lpAddress=0xc00005a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0095.609] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.609] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.610] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.610] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.610] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.610] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0095.611] SetEvent (hEvent=0x120) returned 1 [0095.611] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.654] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.660] SetEvent (hEvent=0x120) returned 1 [0095.660] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.662] SetEvent (hEvent=0x114) returned 1 [0095.662] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.665] SwitchToThread () returned 1 [0095.670] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.675] SetEvent (hEvent=0x120) returned 1 [0095.675] SetEvent (hEvent=0x100) returned 1 [0095.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0095.675] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000243cf4 | out: lpMode=0xc000243cf4) returned 0 [0095.678] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.679] GetFileType (hFile=0x14c) returned 0x1 [0095.679] GetFileType (hFile=0x14c) returned 0x1 [0095.679] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc000243d44 | out: lpFileInformation=0xc000243d44) returned 1 [0095.680] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc000243d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000243d28) returned 1 [0095.680] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0095.680] ReadFile (in: hFile=0x14c, lpBuffer=0xc000054000, nNumberOfBytesToRead=0x2d6, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesRead=0xc000243c04*=0xd6, lpOverlapped=0x0) returned 1 [0095.681] ReadFile (in: hFile=0x14c, lpBuffer=0xc0000540d6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000540d6*, lpNumberOfBytesRead=0xc000243c04*=0x0, lpOverlapped=0x0) returned 1 [0095.681] CloseHandle (hObject=0x14c) returned 1 [0095.681] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0095.681] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0095.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0095.682] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000243d04 | out: lpMode=0xc000243d04) returned 0 [0095.689] GetFileType (hFile=0x14c) returned 0x1 [0095.689] WriteFile (in: hFile=0x14c, lpBuffer=0xc0001b81c0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000243cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001b81c0*, lpNumberOfBytesWritten=0xc000243cec*=0xe0, lpOverlapped=0x0) returned 1 [0095.690] CloseHandle (hObject=0x14c) returned 1 [0095.692] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0095.693] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0095.693] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0095.694] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0095.694] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0095.694] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0095.695] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0095.695] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0095.695] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0095.696] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000243d64 | out: lpMode=0xc000243d64) returned 0 [0095.703] GetFileType (hFile=0x14c) returned 0x1 [0095.703] WriteFile (in: hFile=0x14c, lpBuffer=0xc000040000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000243d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesWritten=0xc000243d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.703] CloseHandle (hObject=0x14c) returned 1 [0095.704] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.705] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.706] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.706] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.706] GetFileType (hFile=0x148) returned 0x1 [0095.706] WriteFile (in: hFile=0x148, lpBuffer=0xc0001b8000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001b8000*, lpNumberOfBytesWritten=0xc000117cec*=0xe0, lpOverlapped=0x0) returned 1 [0095.707] CloseHandle (hObject=0x148) returned 1 [0095.709] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0095.709] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0095.709] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0095.710] GetFileType (hFile=0x148) returned 0x1 [0095.711] WriteFile (in: hFile=0x148, lpBuffer=0xc0000406e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000406e0*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.711] CloseHandle (hObject=0x148) returned 1 [0095.712] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0095.712] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0095.713] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.714] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0095.714] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.714] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\*", lpFindFileData=0xc0000750f8 | out: lpFindFileData=0xc0000750f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.718] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.718] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a33, dwReserved0=0x0, dwReserved1=0x0, cFileName="128.png", cAlternateFileName="")) returned 1 [0095.718] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8716c790, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0095.718] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0095.718] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x87015b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0095.718] VirtualAlloc (lpAddress=0xc00017e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017e000 [0095.718] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.718] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.719] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a33)) returned 1 [0095.732] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.732] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.735] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.739] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_GB", cAlternateFileName="")) returned 1 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_US", cAlternateFileName="")) returned 1 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es_419", cAlternateFileName="")) returned 1 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eu", cAlternateFileName="")) returned 1 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0095.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="he", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ms", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0095.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fc9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fc9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fc9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0095.742] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0095.742] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0095.742] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0095.742] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0095.742] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0095.742] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86fef9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87015b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87015b30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0095.742] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.742] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.743] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0095.743] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0095.744] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0095.744] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.746] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.746] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.746] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.746] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.746] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.746] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116)) returned 1 [0095.755] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0095.755] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.756] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.756] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.756] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.756] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.756] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.756] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.756] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13f)) returned 1 [0095.757] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.757] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.757] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.757] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.757] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.757] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.757] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109)) returned 1 [0095.765] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.765] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.765] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.765] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.765] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.765] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.765] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103)) returned 1 [0095.766] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.766] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.766] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.767] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.767] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.767] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.767] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4da50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf3)) returned 1 [0095.775] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.775] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.775] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0095.776] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.776] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.776] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.776] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.776] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.776] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100)) returned 1 [0095.776] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.777] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.777] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.777] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x149, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.777] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.777] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.777] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x149)) returned 1 [0095.783] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.788] SetEvent (hEvent=0x100) returned 1 [0095.788] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.789] SetEvent (hEvent=0x114) returned 1 [0095.789] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.795] SetEvent (hEvent=0x8c) returned 1 [0095.795] SetEvent (hEvent=0xb8) returned 1 [0095.795] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.811] SetEvent (hEvent=0x120) returned 1 [0095.811] SetEvent (hEvent=0x8c) returned 1 [0095.811] SetEvent (hEvent=0x114) returned 1 [0095.811] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.860] SetEvent (hEvent=0x114) returned 1 [0095.860] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.892] SetEvent (hEvent=0x120) returned 1 [0095.892] SetEvent (hEvent=0xb8) returned 1 [0095.892] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.894] SetEvent (hEvent=0x120) returned 1 [0095.894] SwitchToThread () returned 1 [0095.895] SetEvent (hEvent=0x120) returned 1 [0095.895] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.895] SetEvent (hEvent=0x120) returned 1 [0095.895] SetEvent (hEvent=0xb8) returned 1 [0095.895] SetEvent (hEvent=0x100) returned 1 [0095.895] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.900] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0095.900] VirtualAlloc (lpAddress=0xc00013c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013c000 [0095.901] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0095.901] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000187cf4 | out: lpMode=0xc000187cf4) returned 0 [0095.910] GetFileType (hFile=0xec) returned 0x1 [0095.910] GetFileType (hFile=0xec) returned 0x1 [0095.910] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000187d44 | out: lpFileInformation=0xc000187d44) returned 1 [0095.910] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000187d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000187d28) returned 1 [0095.910] VirtualAlloc (lpAddress=0xc00013e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013e000 [0095.910] ReadFile (in: hFile=0xec, lpBuffer=0xc00013e000, nNumberOfBytesToRead=0x28f, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013e000*, lpNumberOfBytesRead=0xc000187c04*=0x8f, lpOverlapped=0x0) returned 1 [0095.912] ReadFile (in: hFile=0xec, lpBuffer=0xc00013e08f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013e08f*, lpNumberOfBytesRead=0xc000187c04*=0x0, lpOverlapped=0x0) returned 1 [0095.912] CloseHandle (hObject=0xec) returned 1 [0095.912] VirtualAlloc (lpAddress=0xc000142000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000142000 [0095.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0095.914] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000187d04 | out: lpMode=0xc000187d04) returned 0 [0095.923] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.926] SetEvent (hEvent=0x114) returned 1 [0095.926] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.948] SetEvent (hEvent=0x114) returned 1 [0095.948] SetEvent (hEvent=0x13c) returned 1 [0095.948] SwitchToThread () returned 1 [0095.955] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0095.955] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0095.956] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0095.956] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0095.956] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0095.957] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000065cf4 | out: lpMode=0xc000065cf4) returned 0 [0095.966] GetFileType (hFile=0x128) returned 0x1 [0095.966] GetFileType (hFile=0x128) returned 0x1 [0095.966] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000065d44 | out: lpFileInformation=0xc000065d44) returned 1 [0095.966] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000065d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000065d28) returned 1 [0095.966] VirtualAlloc (lpAddress=0xc0000f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f2000 [0095.967] ReadFile (in: hFile=0x128, lpBuffer=0xc0000f2000, nNumberOfBytesToRead=0x2f3, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f2000*, lpNumberOfBytesRead=0xc000065c04*=0xf3, lpOverlapped=0x0) returned 1 [0095.968] ReadFile (in: hFile=0x128, lpBuffer=0xc0000f20f3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f20f3*, lpNumberOfBytesRead=0xc000065c04*=0x0, lpOverlapped=0x0) returned 1 [0095.968] CloseHandle (hObject=0x128) returned 1 [0095.968] VirtualAlloc (lpAddress=0xc0000f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f4000 [0095.969] VirtualAlloc (lpAddress=0xc0000f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f6000 [0095.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0095.970] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000065d04 | out: lpMode=0xc000065d04) returned 0 [0095.977] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.978] SetEvent (hEvent=0x13c) returned 1 [0095.978] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0095.983] VirtualFree (lpAddress=0xc0001ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.983] VirtualFree (lpAddress=0xc0001e0000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0095.984] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.984] VirtualFree (lpAddress=0xc000190000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0095.985] VirtualFree (lpAddress=0xc00014c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.985] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.985] VirtualFree (lpAddress=0xc0000f2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0095.985] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.986] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.986] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.986] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.987] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.987] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.987] GetFileType (hFile=0x150) returned 0x1 [0095.987] WriteFile (in: hFile=0x150, lpBuffer=0xc00015c000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc0004dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc00015c000*, lpNumberOfBytesWritten=0xc0004dfcec*=0x110, lpOverlapped=0x0) returned 1 [0095.988] CloseHandle (hObject=0x150) returned 1 [0095.990] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0095.990] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0095.990] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0004dfd64 | out: lpMode=0xc0004dfd64) returned 0 [0096.001] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.004] SetEvent (hEvent=0x13c) returned 1 [0096.004] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.006] SetEvent (hEvent=0x13c) returned 1 [0096.006] SetEvent (hEvent=0x8c) returned 1 [0096.006] SetEvent (hEvent=0x114) returned 1 [0096.006] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.012] VirtualFree (lpAddress=0xc0001f2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.013] VirtualFree (lpAddress=0xc0001ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.013] VirtualFree (lpAddress=0xc00015c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.013] VirtualFree (lpAddress=0xc000146000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0096.014] VirtualFree (lpAddress=0xc000132000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0096.014] GetFileType (hFile=0x144) returned 0x1 [0096.014] WriteFile (in: hFile=0x144, lpBuffer=0xc00005a3c0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0000e9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005a3c0*, lpNumberOfBytesWritten=0xc0000e9cec*=0xf0, lpOverlapped=0x0) returned 1 [0096.015] CloseHandle (hObject=0x144) returned 1 [0096.016] VirtualAlloc (lpAddress=0xc000150000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000150000 [0096.017] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0096.017] VirtualAlloc (lpAddress=0xc000152000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000152000 [0096.017] VirtualAlloc (lpAddress=0xc000154000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000154000 [0096.018] VirtualAlloc (lpAddress=0xc000156000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000156000 [0096.018] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0096.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0096.019] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000e9d64 | out: lpMode=0xc0000e9d64) returned 0 [0096.028] GetFileType (hFile=0x144) returned 0x1 [0096.028] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0096.029] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0096.029] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0096.029] WriteFile (in: hFile=0x144, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000e9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc0000e9d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.030] CloseHandle (hObject=0x144) returned 1 [0096.031] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0096.032] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0096.032] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.033] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.106] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0096.107] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0096.107] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0096.109] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.111] SetEvent (hEvent=0xc0) returned 1 [0096.111] GetFileType (hFile=0x150) returned 0x1 [0096.111] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.114] GetFileType (hFile=0x150) returned 0x1 [0096.114] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0096.114] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0096.114] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0096.115] ReadFile (in: hFile=0x150, lpBuffer=0xc0000e0000, nNumberOfBytesToRead=0x349, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e0000*, lpNumberOfBytesRead=0xc00024dc04*=0x149, lpOverlapped=0x0) returned 1 [0096.116] ReadFile (in: hFile=0x150, lpBuffer=0xc0000e0149, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e0149*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0096.116] CloseHandle (hObject=0x150) returned 1 [0096.116] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0096.117] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0096.118] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00024dd04 | out: lpMode=0xc00024dd04) returned 0 [0096.128] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.135] GetFileType (hFile=0x150) returned 0x1 [0096.135] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0xc00024dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00024dcec*=0x150, lpOverlapped=0x0) returned 1 [0096.136] CloseHandle (hObject=0x150) returned 1 [0096.138] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0096.138] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0096.139] VirtualAlloc (lpAddress=0xc0000f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f2000 [0096.139] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0096.139] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0096.140] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.153] GetFileType (hFile=0x150) returned 0x1 [0096.153] VirtualAlloc (lpAddress=0xc0000f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f4000 [0096.153] WriteFile (in: hFile=0x150, lpBuffer=0xc0000f4000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000f4000*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0096.154] CloseHandle (hObject=0x150) returned 1 [0096.155] VirtualAlloc (lpAddress=0xc0000f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f6000 [0096.155] VirtualAlloc (lpAddress=0xc0000f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f8000 [0096.156] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.157] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586290*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000253818, lpReserved=0x0 | out: lpBuffer=0xc000586290*, lpNumberOfCharsWritten=0xc000253818*=0x3) returned 1 [0096.164] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.170] SetEvent (hEvent=0x100) returned 1 [0096.170] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.193] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0096.193] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000047cf4 | out: lpMode=0xc000047cf4) returned 0 [0096.199] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.259] GetFileType (hFile=0x148) returned 0x1 [0096.259] GetFileType (hFile=0x148) returned 0x1 [0096.259] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000047d44 | out: lpFileInformation=0xc000047d44) returned 1 [0096.259] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000047d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000047d28) returned 1 [0096.260] ReadFile (in: hFile=0x148, lpBuffer=0xc000142000, nNumberOfBytesToRead=0x303, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc000142000*, lpNumberOfBytesRead=0xc000047c04*=0x103, lpOverlapped=0x0) returned 1 [0096.261] ReadFile (in: hFile=0x148, lpBuffer=0xc000142103, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc000142103*, lpNumberOfBytesRead=0xc000047c04*=0x0, lpOverlapped=0x0) returned 1 [0096.261] CloseHandle (hObject=0x148) returned 1 [0096.261] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0096.261] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0096.262] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0096.263] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000047d04 | out: lpMode=0xc000047d04) returned 0 [0096.277] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.320] SetEvent (hEvent=0x12c) returned 1 [0096.320] SetEvent (hEvent=0x15c) returned 1 [0096.321] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0096.321] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0096.321] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0096.322] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00010dcf4 | out: lpMode=0xc00010dcf4) returned 0 [0096.328] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.336] SetEvent (hEvent=0x12c) returned 1 [0096.336] GetFileType (hFile=0xf4) returned 0x1 [0096.336] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.338] GetFileType (hFile=0xf4) returned 0x1 [0096.338] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc00010dd44 | out: lpFileInformation=0xc00010dd44) returned 1 [0096.338] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc00010dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010dd28) returned 1 [0096.338] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0096.339] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x308, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc00010dc04*=0x108, lpOverlapped=0x0) returned 1 [0096.340] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000a2108, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2108*, lpNumberOfBytesRead=0xc00010dc04*=0x0, lpOverlapped=0x0) returned 1 [0096.340] CloseHandle (hObject=0xf4) returned 1 [0096.340] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0096.340] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0096.342] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00010dd04 | out: lpMode=0xc00010dd04) returned 0 [0096.344] GetFileType (hFile=0xf4) returned 0x1 [0096.344] WriteFile (in: hFile=0xf4, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc00010dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc00010dcec*=0x110, lpOverlapped=0x0) returned 1 [0096.345] CloseHandle (hObject=0xf4) returned 1 [0096.348] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0096.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0096.349] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00010dd64 | out: lpMode=0xc00010dd64) returned 0 [0096.361] GetFileType (hFile=0xf4) returned 0x1 [0096.361] WriteFile (in: hFile=0xf4, lpBuffer=0xc000146420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000146420*, lpNumberOfBytesWritten=0xc00010dd4c*=0x158, lpOverlapped=0x0) returned 1 [0096.361] CloseHandle (hObject=0xf4) returned 1 [0096.362] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.363] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0096.363] SetEvent (hEvent=0x15c) returned 1 [0096.363] SetEvent (hEvent=0xb8) returned 1 [0096.363] SetEvent (hEvent=0x13c) returned 1 [0096.364] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.368] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.368] SetEvent (hEvent=0xb8) returned 1 [0096.368] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.373] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.373] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.374] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.374] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0096.374] SetEvent (hEvent=0x12c) returned 1 [0096.374] SetEvent (hEvent=0xb8) returned 1 [0096.374] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.402] GetFileType (hFile=0x154) returned 0x1 [0096.402] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0096.402] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0096.403] WriteFile (in: hFile=0x154, lpBuffer=0xc000051000*, nNumberOfBytesToWrite=0x2b60, lpNumberOfBytesWritten=0xc000171cec, lpOverlapped=0x0 | out: lpBuffer=0xc000051000*, lpNumberOfBytesWritten=0xc000171cec*=0x2b60, lpOverlapped=0x0) returned 1 [0096.407] CloseHandle (hObject=0x154) returned 1 [0096.413] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0096.414] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0096.414] VirtualAlloc (lpAddress=0xc0000f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f4000 [0096.414] VirtualAlloc (lpAddress=0xc0000f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f6000 [0096.415] VirtualAlloc (lpAddress=0xc0000f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f8000 [0096.415] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0096.416] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0096.416] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0096.416] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000171d64 | out: lpMode=0xc000171d64) returned 0 [0096.431] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.435] SetEvent (hEvent=0x8c) returned 1 [0096.436] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.591] SetEvent (hEvent=0x100) returned 1 [0096.591] SetEvent (hEvent=0x12c) returned 1 [0096.591] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.643] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.643] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.643] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.643] SetEvent (hEvent=0x120) returned 1 [0096.643] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.703] SetEvent (hEvent=0x120) returned 1 [0096.703] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.706] SetEvent (hEvent=0x100) returned 1 [0096.706] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.706] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.718] SetEvent (hEvent=0x120) returned 1 [0096.718] SetEvent (hEvent=0x12c) returned 1 [0096.718] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0096.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0096.719] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000045cf4 | out: lpMode=0xc000045cf4) returned 0 [0096.723] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.724] GetFileType (hFile=0x144) returned 0x1 [0096.724] GetFileType (hFile=0x144) returned 0x1 [0096.724] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000045d44 | out: lpFileInformation=0xc000045d44) returned 1 [0096.724] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000045d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000045d28) returned 1 [0096.724] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0096.724] ReadFile (in: hFile=0x144, lpBuffer=0xc0001b6000, nNumberOfBytesToRead=0x352, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b6000*, lpNumberOfBytesRead=0xc000045c04*=0x152, lpOverlapped=0x0) returned 1 [0096.726] ReadFile (in: hFile=0x144, lpBuffer=0xc0001b6152, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b6152*, lpNumberOfBytesRead=0xc000045c04*=0x0, lpOverlapped=0x0) returned 1 [0096.726] CloseHandle (hObject=0x144) returned 1 [0096.726] VirtualAlloc (lpAddress=0xc0001b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b8000 [0096.726] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0096.727] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000045d04 | out: lpMode=0xc000045d04) returned 0 [0096.728] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.743] SetEvent (hEvent=0x8c) returned 1 [0096.743] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.867] SetEvent (hEvent=0xb8) returned 1 [0096.867] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.980] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0096.980] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0096.981] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.982] SetEvent (hEvent=0x12c) returned 1 [0096.982] GetFileType (hFile=0xec) returned 0x1 [0096.982] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0096.990] SetEvent (hEvent=0x12c) returned 1 [0096.990] GetFileType (hFile=0xec) returned 0x1 [0096.990] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0096.990] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0096.991] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0096.991] ReadFile (in: hFile=0xec, lpBuffer=0xc0000dc000, nNumberOfBytesToRead=0x364, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesRead=0xc000175c04*=0x164, lpOverlapped=0x0) returned 1 [0096.992] ReadFile (in: hFile=0xec, lpBuffer=0xc0000dc164, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc164*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0096.992] CloseHandle (hObject=0xec) returned 1 [0096.992] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0096.993] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0096.993] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0096.994] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000175d04 | out: lpMode=0xc000175d04) returned 0 [0096.994] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.002] GetFileType (hFile=0xec) returned 0x1 [0097.002] WriteFile (in: hFile=0xec, lpBuffer=0xc0000f0000*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0xc000175cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesWritten=0xc000175cec*=0x170, lpOverlapped=0x0) returned 1 [0097.003] CloseHandle (hObject=0xec) returned 1 [0097.004] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0097.004] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0097.004] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0097.005] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0097.005] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0097.005] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0097.006] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0097.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.006] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0097.015] GetFileType (hFile=0xec) returned 0x1 [0097.015] WriteFile (in: hFile=0xec, lpBuffer=0xc0001462c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001462c0*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.016] CloseHandle (hObject=0xec) returned 1 [0097.016] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.016] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0097.016] SetEvent (hEvent=0x8c) returned 1 [0097.017] SetEvent (hEvent=0x15c) returned 1 [0097.017] VirtualAlloc (lpAddress=0xc000190000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000190000 [0097.018] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.023] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.023] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.027] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.027] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.028] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.028] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0097.028] SetEvent (hEvent=0x12c) returned 1 [0097.028] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.031] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.031] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0097.031] SetEvent (hEvent=0xc0) returned 1 [0097.031] SetEvent (hEvent=0x13c) returned 1 [0097.031] SetEvent (hEvent=0x15c) returned 1 [0097.033] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.033] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.033] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.039] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0097.039] SetEvent (hEvent=0x13c) returned 1 [0097.039] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.042] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0097.042] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0097.043] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0097.043] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0097.043] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00023fcf4 | out: lpMode=0xc00023fcf4) returned 0 [0097.047] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.053] SetEvent (hEvent=0x12c) returned 1 [0097.053] GetFileType (hFile=0xec) returned 0x1 [0097.053] GetFileType (hFile=0xec) returned 0x1 [0097.053] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00023fd44 | out: lpFileInformation=0xc00023fd44) returned 1 [0097.053] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00023fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023fd28) returned 1 [0097.053] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0097.054] ReadFile (in: hFile=0xec, lpBuffer=0xc0001ec000, nNumberOfBytesToRead=0x317, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ec000*, lpNumberOfBytesRead=0xc00023fc04*=0x117, lpOverlapped=0x0) returned 1 [0097.055] ReadFile (in: hFile=0xec, lpBuffer=0xc0001ec117, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ec117*, lpNumberOfBytesRead=0xc00023fc04*=0x0, lpOverlapped=0x0) returned 1 [0097.055] CloseHandle (hObject=0xec) returned 1 [0097.055] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0097.055] VirtualAlloc (lpAddress=0xc0001f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f0000 [0097.056] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.057] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00023fd04 | out: lpMode=0xc00023fd04) returned 0 [0097.102] GetFileType (hFile=0xec) returned 0x1 [0097.102] WriteFile (in: hFile=0xec, lpBuffer=0xc0001e4000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc00023fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e4000*, lpNumberOfBytesWritten=0xc00023fcec*=0x120, lpOverlapped=0x0) returned 1 [0097.104] CloseHandle (hObject=0xec) returned 1 [0097.104] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0097.104] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.104] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00023fd64 | out: lpMode=0xc00023fd64) returned 0 [0097.113] GetFileType (hFile=0xec) returned 0x1 [0097.113] WriteFile (in: hFile=0xec, lpBuffer=0xc0001e6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001e6580*, lpNumberOfBytesWritten=0xc00023fd4c*=0x158, lpOverlapped=0x0) returned 1 [0097.114] CloseHandle (hObject=0xec) returned 1 [0097.114] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.114] GetFileType (hFile=0x154) returned 0x1 [0097.115] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc0004d9d44 | out: lpFileInformation=0xc0004d9d44) returned 1 [0097.115] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc0004d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004d9d28) returned 1 [0097.115] ReadFile (in: hFile=0x154, lpBuffer=0xc00016ae00, nNumberOfBytesToRead=0x30b, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016ae00*, lpNumberOfBytesRead=0xc0004d9c04*=0x10b, lpOverlapped=0x0) returned 1 [0097.116] ReadFile (in: hFile=0x154, lpBuffer=0xc00016af0b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016af0b*, lpNumberOfBytesRead=0xc0004d9c04*=0x0, lpOverlapped=0x0) returned 1 [0097.116] CloseHandle (hObject=0x154) returned 1 [0097.116] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.117] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0004d9d04 | out: lpMode=0xc0004d9d04) returned 0 [0097.121] GetFileType (hFile=0x154) returned 0x1 [0097.121] WriteFile (in: hFile=0x154, lpBuffer=0xc0003d25a0*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc0004d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d25a0*, lpNumberOfBytesWritten=0xc0004d9cec*=0x110, lpOverlapped=0x0) returned 1 [0097.123] CloseHandle (hObject=0x154) returned 1 [0097.123] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0501 | out: pbBuffer=0xc0000e0501) returned 1 [0097.123] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0097.124] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.124] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0004d9d64 | out: lpMode=0xc0004d9d64) returned 0 [0097.135] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.138] GetFileType (hFile=0x154) returned 0x1 [0097.138] WriteFile (in: hFile=0x154, lpBuffer=0xc000146000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000146000*, lpNumberOfBytesWritten=0xc0004d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.139] CloseHandle (hObject=0x154) returned 1 [0097.139] VirtualAlloc (lpAddress=0xc0001f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f8000 [0097.139] VirtualAlloc (lpAddress=0xc0001fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fa000 [0097.140] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.141] SetEvent (hEvent=0x13c) returned 1 [0097.141] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.216] SetEvent (hEvent=0xb8) returned 1 [0097.216] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.227] SetEvent (hEvent=0xb8) returned 1 [0097.227] SetEvent (hEvent=0x100) returned 1 [0097.227] SetEvent (hEvent=0x15c) returned 1 [0097.227] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.234] SetEvent (hEvent=0xb8) returned 1 [0097.234] SetEvent (hEvent=0x120) returned 1 [0097.234] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.239] SetEvent (hEvent=0x12c) returned 1 [0097.239] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.408] SetEvent (hEvent=0x12c) returned 1 [0097.408] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.434] SetEvent (hEvent=0x12c) returned 1 [0097.434] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.439] SetEvent (hEvent=0x120) returned 1 [0097.439] SetEvent (hEvent=0x8c) returned 1 [0097.439] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.441] SetEvent (hEvent=0x120) returned 1 [0097.441] SetEvent (hEvent=0x15c) returned 1 [0097.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0097.441] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0004dfcf4 | out: lpMode=0xc0004dfcf4) returned 0 [0097.449] GetFileType (hFile=0x148) returned 0x1 [0097.449] GetFileType (hFile=0x148) returned 0x1 [0097.449] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc0004dfd44 | out: lpFileInformation=0xc0004dfd44) returned 1 [0097.449] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc0004dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dfd28) returned 1 [0097.449] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0097.450] ReadFile (in: hFile=0x148, lpBuffer=0xc0001c2000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c2000*, lpNumberOfBytesRead=0xc0004dfc04*=0xb3, lpOverlapped=0x0) returned 1 [0097.451] ReadFile (in: hFile=0x148, lpBuffer=0xc0001c20b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c20b3*, lpNumberOfBytesRead=0xc0004dfc04*=0x0, lpOverlapped=0x0) returned 1 [0097.451] CloseHandle (hObject=0x148) returned 1 [0097.451] VirtualAlloc (lpAddress=0xc0001c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c4000 [0097.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0097.452] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0004dfd04 | out: lpMode=0xc0004dfd04) returned 0 [0097.459] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.469] SetEvent (hEvent=0x8c) returned 1 [0097.469] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.501] SetEvent (hEvent=0x8c) returned 1 [0097.501] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.540] SetEvent (hEvent=0x120) returned 1 [0097.540] SetEvent (hEvent=0x8c) returned 1 [0097.540] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.545] SetEvent (hEvent=0x120) returned 1 [0097.545] SwitchToThread () returned 1 [0097.546] SetEvent (hEvent=0x120) returned 1 [0097.546] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.547] SetEvent (hEvent=0x120) returned 1 [0097.547] SetEvent (hEvent=0x8c) returned 1 [0097.547] SetEvent (hEvent=0x13c) returned 1 [0097.547] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.557] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.561] SetEvent (hEvent=0x120) returned 1 [0097.561] SetEvent (hEvent=0x8c) returned 1 [0097.561] SetEvent (hEvent=0x15c) returned 1 [0097.561] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.562] SwitchToThread () returned 1 [0097.564] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.568] SetEvent (hEvent=0x13c) returned 1 [0097.568] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.569] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0097.569] SetEvent (hEvent=0x13c) returned 1 [0097.569] SetEvent (hEvent=0x8c) returned 1 [0097.570] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.573] SetEvent (hEvent=0x15c) returned 1 [0097.573] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.578] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.578] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0097.578] SetEvent (hEvent=0x15c) returned 1 [0097.578] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.584] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.584] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0097.584] SetEvent (hEvent=0x120) returned 1 [0097.585] SetEvent (hEvent=0x13c) returned 1 [0097.585] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.588] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.589] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.590] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0097.590] SetEvent (hEvent=0x120) returned 1 [0097.590] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.590] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00012dd4c*=0x158, lpOverlapped=0x0) returned 1 [0097.591] CloseHandle (hObject=0xf4) returned 1 [0097.591] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.591] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.592] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0097.592] SetEvent (hEvent=0xc0) returned 1 [0097.592] SetEvent (hEvent=0x8c) returned 1 [0097.592] SetEvent (hEvent=0x13c) returned 1 [0097.593] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.596] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.701] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.702] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0097.702] SetEvent (hEvent=0x120) returned 1 [0097.702] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.723] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0097.723] SetEvent (hEvent=0x100) returned 1 [0097.723] SetEvent (hEvent=0x13c) returned 1 [0097.723] SetEvent (hEvent=0x12c) returned 1 [0097.724] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.725] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.725] SetEvent (hEvent=0x13c) returned 1 [0097.725] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.729] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.729] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.730] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0097.730] SetEvent (hEvent=0xc0) returned 1 [0097.730] SetEvent (hEvent=0x120) returned 1 [0097.730] SetEvent (hEvent=0x13c) returned 1 [0097.730] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.733] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.733] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0097.733] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00023dcf4 | out: lpMode=0xc00023dcf4) returned 0 [0097.735] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.739] GetFileType (hFile=0x128) returned 0x1 [0097.739] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0097.739] GetFileType (hFile=0x128) returned 0x1 [0097.739] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00023dd44 | out: lpFileInformation=0xc00023dd44) returned 1 [0097.739] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00023dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023dd28) returned 1 [0097.739] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0097.739] ReadFile (in: hFile=0x128, lpBuffer=0xc0001de000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de000*, lpNumberOfBytesRead=0xc00023dc04*=0xb3, lpOverlapped=0x0) returned 1 [0097.740] ReadFile (in: hFile=0x128, lpBuffer=0xc0001de0b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de0b3*, lpNumberOfBytesRead=0xc00023dc04*=0x0, lpOverlapped=0x0) returned 1 [0097.740] CloseHandle (hObject=0x128) returned 1 [0097.741] VirtualAlloc (lpAddress=0xc0001e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e0000 [0097.741] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0097.741] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0097.742] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00023dd04 | out: lpMode=0xc00023dd04) returned 0 [0097.743] GetFileType (hFile=0x128) returned 0x1 [0097.743] WriteFile (in: hFile=0x128, lpBuffer=0xc00017e180*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc00023dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00017e180*, lpNumberOfBytesWritten=0xc00023dcec*=0xc0, lpOverlapped=0x0) returned 1 [0097.744] CloseHandle (hObject=0x128) returned 1 [0097.744] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0097.744] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0097.744] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0097.745] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00023dd64 | out: lpMode=0xc00023dd64) returned 0 [0097.745] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.753] GetFileType (hFile=0x128) returned 0x1 [0097.753] WriteFile (in: hFile=0x128, lpBuffer=0xc0001e42c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001e42c0*, lpNumberOfBytesWritten=0xc00023dd4c*=0x158, lpOverlapped=0x0) returned 1 [0097.753] CloseHandle (hObject=0x128) returned 1 [0097.753] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0097.754] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0097.754] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.755] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0097.755] SetEvent (hEvent=0x15c) returned 1 [0097.755] SetEvent (hEvent=0x12c) returned 1 [0097.755] SetEvent (hEvent=0x100) returned 1 [0097.755] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0097.757] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.759] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.759] SetEvent (hEvent=0x12c) returned 1 [0097.759] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.761] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.761] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.762] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.762] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0097.762] SetEvent (hEvent=0x8c) returned 1 [0097.762] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.762] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0097.763] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000f7cf4 | out: lpMode=0xc0000f7cf4) returned 0 [0097.764] GetFileType (hFile=0x144) returned 0x1 [0097.764] GetFileType (hFile=0x144) returned 0x1 [0097.764] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0000f7d44 | out: lpFileInformation=0xc0000f7d44) returned 1 [0097.764] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0000f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f7d28) returned 1 [0097.764] ReadFile (in: hFile=0x144, lpBuffer=0xc0001de000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de000*, lpNumberOfBytesRead=0xc0000f7c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.765] ReadFile (in: hFile=0x144, lpBuffer=0xc0001de0b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de0b3*, lpNumberOfBytesRead=0xc0000f7c04*=0x0, lpOverlapped=0x0) returned 1 [0097.765] CloseHandle (hObject=0x144) returned 1 [0097.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0097.766] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000f7d04 | out: lpMode=0xc0000f7d04) returned 0 [0097.774] GetFileType (hFile=0x144) returned 0x1 [0097.774] WriteFile (in: hFile=0x144, lpBuffer=0xc00017e0c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0000f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00017e0c0*, lpNumberOfBytesWritten=0xc0000f7cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.775] CloseHandle (hObject=0x144) returned 1 [0097.775] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0097.775] VirtualAlloc (lpAddress=0xc0001f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f2000 [0097.775] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0097.776] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000f7d64 | out: lpMode=0xc0000f7d64) returned 0 [0097.785] GetFileType (hFile=0x144) returned 0x1 [0097.785] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.785] CloseHandle (hObject=0x144) returned 1 [0097.785] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.786] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0097.786] SetEvent (hEvent=0x12c) returned 1 [0097.786] SetEvent (hEvent=0x13c) returned 1 [0097.786] VirtualAlloc (lpAddress=0xc0001f4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f4000 [0097.788] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.791] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.791] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0097.791] SetEvent (hEvent=0x13c) returned 1 [0097.791] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.801] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.801] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.802] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.802] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0097.802] SetEvent (hEvent=0xc0) returned 1 [0097.802] SetEvent (hEvent=0x12c) returned 1 [0097.802] SetEvent (hEvent=0x120) returned 1 [0097.802] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.804] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.807] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.807] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0097.807] SetEvent (hEvent=0x12c) returned 1 [0097.807] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0097.808] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000189cf4 | out: lpMode=0xc000189cf4) returned 0 [0097.811] GetFileType (hFile=0x128) returned 0x1 [0097.811] GetFileType (hFile=0x128) returned 0x1 [0097.811] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000189d44 | out: lpFileInformation=0xc000189d44) returned 1 [0097.811] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000189d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000189d28) returned 1 [0097.811] ReadFile (in: hFile=0x128, lpBuffer=0xc000060000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesRead=0xc000189c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.812] ReadFile (in: hFile=0x128, lpBuffer=0xc0000600b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000600b3*, lpNumberOfBytesRead=0xc000189c04*=0x0, lpOverlapped=0x0) returned 1 [0097.812] CloseHandle (hObject=0x128) returned 1 [0097.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0097.813] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000189d04 | out: lpMode=0xc000189d04) returned 0 [0097.824] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.859] SetEvent (hEvent=0x13c) returned 1 [0097.859] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.860] SetEvent (hEvent=0x13c) returned 1 [0097.860] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.861] SetEvent (hEvent=0x13c) returned 1 [0097.861] SetEvent (hEvent=0x100) returned 1 [0097.861] VirtualFree (lpAddress=0xc0002ee000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.861] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.861] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.862] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.862] WriteFile (in: hFile=0x148, lpBuffer=0xc00017e000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0000b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00017e000*, lpNumberOfBytesWritten=0xc0000b7cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.863] CloseHandle (hObject=0x148) returned 1 [0097.863] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0097.863] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0097.863] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0000b7d64 | out: lpMode=0xc0000b7d64) returned 0 [0097.864] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.865] GetFileType (hFile=0x148) returned 0x1 [0097.865] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.865] CloseHandle (hObject=0x148) returned 1 [0097.865] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.866] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.870] SetEvent (hEvent=0x13c) returned 1 [0097.870] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.871] SetEvent (hEvent=0x100) returned 1 [0097.871] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.873] SetEvent (hEvent=0x13c) returned 1 [0097.873] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.880] SetEvent (hEvent=0x13c) returned 1 [0097.880] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.882] SetEvent (hEvent=0x100) returned 1 [0097.882] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.886] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.922] SetEvent (hEvent=0x13c) returned 1 [0097.922] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.932] SetEvent (hEvent=0x13c) returned 1 [0097.932] SetEvent (hEvent=0x8c) returned 1 [0097.932] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.946] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.948] SetEvent (hEvent=0x13c) returned 1 [0097.949] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.954] SetEvent (hEvent=0x13c) returned 1 [0097.954] SetEvent (hEvent=0x8c) returned 1 [0097.954] SwitchToThread () returned 1 [0097.956] SetEvent (hEvent=0x13c) returned 1 [0097.956] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.958] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.982] SetEvent (hEvent=0x12c) returned 1 [0097.982] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.985] SetEvent (hEvent=0x8c) returned 1 [0097.985] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0097.990] SetEvent (hEvent=0x100) returned 1 [0097.990] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.040] SetEvent (hEvent=0x12c) returned 1 [0098.040] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0098.040] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000171cf4 | out: lpMode=0xc000171cf4) returned 0 [0098.041] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.042] GetFileType (hFile=0x128) returned 0x1 [0098.042] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.049] GetFileType (hFile=0x128) returned 0x1 [0098.049] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.052] SetEvent (hEvent=0x13c) returned 1 [0098.052] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000171d44 | out: lpFileInformation=0xc000171d44) returned 1 [0098.052] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000171d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000171d28) returned 1 [0098.052] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0098.052] ReadFile (in: hFile=0x128, lpBuffer=0xc000058000, nNumberOfBytesToRead=0x32f, lpNumberOfBytesRead=0xc000171c04, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesRead=0xc000171c04*=0x12f, lpOverlapped=0x0) returned 1 [0098.054] ReadFile (in: hFile=0x128, lpBuffer=0xc00005812f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000171c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005812f*, lpNumberOfBytesRead=0xc000171c04*=0x0, lpOverlapped=0x0) returned 1 [0098.054] CloseHandle (hObject=0x128) returned 1 [0098.054] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0098.054] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0098.054] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0098.055] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000171d04 | out: lpMode=0xc000171d04) returned 0 [0098.060] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.061] GetFileType (hFile=0x128) returned 0x1 [0098.061] WriteFile (in: hFile=0x128, lpBuffer=0xc00004c000*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0xc000171cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesWritten=0xc000171cec*=0x130, lpOverlapped=0x0) returned 1 [0098.063] CloseHandle (hObject=0x128) returned 1 [0098.063] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0098.063] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0098.063] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000171d64 | out: lpMode=0xc000171d64) returned 0 [0098.078] GetFileType (hFile=0x128) returned 0x1 [0098.078] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000171d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000171d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.078] CloseHandle (hObject=0x128) returned 1 [0098.078] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.079] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0098.079] SetEvent (hEvent=0x15c) returned 1 [0098.079] SetEvent (hEvent=0x100) returned 1 [0098.079] VirtualAlloc (lpAddress=0xc000190000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000190000 [0098.081] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.087] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.087] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.089] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.089] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0098.089] SetEvent (hEvent=0x8c) returned 1 [0098.089] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.103] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.103] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0098.103] SetEvent (hEvent=0x15c) returned 1 [0098.103] SetEvent (hEvent=0x12c) returned 1 [0098.104] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.108] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.108] SetEvent (hEvent=0x12c) returned 1 [0098.108] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.113] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.113] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.114] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.114] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0098.114] SetEvent (hEvent=0x12c) returned 1 [0098.114] SetEvent (hEvent=0x8c) returned 1 [0098.115] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.120] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0098.121] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84097fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8409cde0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.121] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.121] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84097fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8409cde0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.121] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84097fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8409cde0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.121] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8409cde0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.121] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.122] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.122] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8409cde0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdc)) returned 1 [0098.122] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841147f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84116f00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.123] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841147f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84116f00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.123] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841147f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84116f00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.123] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84116f00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.123] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.123] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.123] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84116f00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x130)) returned 1 [0098.132] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.134] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8411bd20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84120b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.135] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.135] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8411bd20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84120b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.135] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8411bd20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84120b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.135] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84120b40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.135] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.135] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.135] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84120b40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5)) returned 1 [0098.135] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8412a780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8412ce90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.136] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.136] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8412a780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8412ce90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.136] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8412a780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8412ce90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.136] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8412ce90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.136] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.136] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.136] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8412ce90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5)) returned 1 [0098.138] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.141] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84131cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841343c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.142] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84131cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841343c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.142] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84131cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841343c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.142] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841343c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.142] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.142] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.142] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841343c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5)) returned 1 [0098.142] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841391e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8413b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.143] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.143] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841391e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8413b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.143] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841391e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8413b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.143] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8413b8f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.143] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.143] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.143] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8413b8f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5)) returned 1 [0098.149] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.155] SwitchToThread () returned 1 [0098.160] SetEvent (hEvent=0x100) returned 1 [0098.160] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.161] SetEvent (hEvent=0x15c) returned 1 [0098.161] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.168] GetFileType (hFile=0x154) returned 0x1 [0098.168] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc000143d44 | out: lpFileInformation=0xc000143d44) returned 1 [0098.168] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc000143d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000143d28) returned 1 [0098.169] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0098.169] ReadFile (in: hFile=0x154, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x2dc, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc000143c04*=0xdc, lpOverlapped=0x0) returned 1 [0098.170] ReadFile (in: hFile=0x154, lpBuffer=0xc0000360dc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000360dc*, lpNumberOfBytesRead=0xc000143c04*=0x0, lpOverlapped=0x0) returned 1 [0098.170] CloseHandle (hObject=0x154) returned 1 [0098.170] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0098.171] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0098.171] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0098.172] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000143d04 | out: lpMode=0xc000143d04) returned 0 [0098.179] GetFileType (hFile=0x154) returned 0x1 [0098.180] WriteFile (in: hFile=0x154, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000143cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc000143cec*=0xe0, lpOverlapped=0x0) returned 1 [0098.181] CloseHandle (hObject=0x154) returned 1 [0098.181] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0098.181] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0098.181] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0098.182] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0098.182] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0098.182] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0098.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0098.183] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000143d64 | out: lpMode=0xc000143d64) returned 0 [0098.189] GetFileType (hFile=0x154) returned 0x1 [0098.189] WriteFile (in: hFile=0x154, lpBuffer=0xc000070580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000143d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000070580*, lpNumberOfBytesWritten=0xc000143d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.189] CloseHandle (hObject=0x154) returned 1 [0098.190] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.190] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.202] SetEvent (hEvent=0x100) returned 1 [0098.202] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0098.202] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0098.203] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0098.203] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00014dcf4 | out: lpMode=0xc00014dcf4) returned 0 [0098.207] GetFileType (hFile=0x154) returned 0x1 [0098.207] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0098.208] GetFileType (hFile=0x154) returned 0x1 [0098.208] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc00014dd44 | out: lpFileInformation=0xc00014dd44) returned 1 [0098.208] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc00014dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014dd28) returned 1 [0098.208] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0098.208] ReadFile (in: hFile=0x154, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x2e2, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc00014dc04*=0xe2, lpOverlapped=0x0) returned 1 [0098.209] ReadFile (in: hFile=0x154, lpBuffer=0xc0000a20e2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a20e2*, lpNumberOfBytesRead=0xc00014dc04*=0x0, lpOverlapped=0x0) returned 1 [0098.209] CloseHandle (hObject=0x154) returned 1 [0098.209] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0098.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0098.211] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00014dd04 | out: lpMode=0xc00014dd04) returned 0 [0098.216] GetFileType (hFile=0x154) returned 0x1 [0098.216] WriteFile (in: hFile=0x154, lpBuffer=0xc0000d81e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00014dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d81e0*, lpNumberOfBytesWritten=0xc00014dcec*=0xf0, lpOverlapped=0x0) returned 1 [0098.217] CloseHandle (hObject=0x154) returned 1 [0098.217] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0098.217] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0098.218] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0098.218] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0098.218] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00014dd64 | out: lpMode=0xc00014dd64) returned 0 [0098.222] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.224] GetFileType (hFile=0x154) returned 0x1 [0098.224] WriteFile (in: hFile=0x154, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00014dd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.224] CloseHandle (hObject=0x154) returned 1 [0098.224] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.225] SetEvent (hEvent=0x15c) returned 1 [0098.225] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.247] SetEvent (hEvent=0x8c) returned 1 [0098.247] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.269] SetEvent (hEvent=0x12c) returned 1 [0098.269] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.530] SetEvent (hEvent=0x12c) returned 1 [0098.530] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.540] SetEvent (hEvent=0x12c) returned 1 [0098.540] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.545] SetEvent (hEvent=0x120) returned 1 [0098.545] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.549] SetEvent (hEvent=0x12c) returned 1 [0098.549] SetEvent (hEvent=0xb8) returned 1 [0098.549] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.591] SetEvent (hEvent=0x15c) returned 1 [0098.591] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.591] SetEvent (hEvent=0x15c) returned 1 [0098.591] SetEvent (hEvent=0x8c) returned 1 [0098.591] VirtualFree (lpAddress=0xc000228000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.592] VirtualFree (lpAddress=0xc00021e000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0098.592] VirtualFree (lpAddress=0xc0001d6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.592] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0098.593] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.593] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.593] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.594] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.594] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.594] VirtualFree (lpAddress=0xc00006a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0098.595] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.595] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.595] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.595] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.596] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.596] GetFileType (hFile=0xec) returned 0x1 [0098.596] GetFileType (hFile=0xec) returned 0x1 [0098.596] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00012bd44 | out: lpFileInformation=0xc00012bd44) returned 1 [0098.596] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00012bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012bd28) returned 1 [0098.596] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0098.597] ReadFile (in: hFile=0xec, lpBuffer=0xc000146000, nNumberOfBytesToRead=0x2df, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000146000*, lpNumberOfBytesRead=0xc00012bc04*=0xdf, lpOverlapped=0x0) returned 1 [0098.598] ReadFile (in: hFile=0xec, lpBuffer=0xc0001460df, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001460df*, lpNumberOfBytesRead=0xc00012bc04*=0x0, lpOverlapped=0x0) returned 1 [0098.598] CloseHandle (hObject=0xec) returned 1 [0098.598] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0098.598] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0098.600] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00012bd04 | out: lpMode=0xc00012bd04) returned 0 [0098.600] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.602] GetFileType (hFile=0xec) returned 0x1 [0098.602] WriteFile (in: hFile=0xec, lpBuffer=0xc00015a000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00012bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00015a000*, lpNumberOfBytesWritten=0xc00012bcec*=0xe0, lpOverlapped=0x0) returned 1 [0098.604] CloseHandle (hObject=0xec) returned 1 [0098.604] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0098.604] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0098.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0098.604] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00012bd64 | out: lpMode=0xc00012bd64) returned 0 [0098.605] GetFileType (hFile=0xec) returned 0x1 [0098.605] WriteFile (in: hFile=0xec, lpBuffer=0xc0001d8000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d8000*, lpNumberOfBytesWritten=0xc00012bd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.605] CloseHandle (hObject=0xec) returned 1 [0098.605] VirtualAlloc (lpAddress=0xc00022a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00022a000 [0098.606] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.607] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.610] SetEvent (hEvent=0x15c) returned 1 [0098.610] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.612] SetEvent (hEvent=0x8c) returned 1 [0098.612] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.616] SwitchToThread () returned 1 [0098.619] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.624] SetEvent (hEvent=0x15c) returned 1 [0098.624] SetEvent (hEvent=0x13c) returned 1 [0098.624] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0098.624] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000151cf4 | out: lpMode=0xc000151cf4) returned 0 [0098.625] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.629] SetEvent (hEvent=0x15c) returned 1 [0098.629] GetFileType (hFile=0x144) returned 0x1 [0098.629] GetFileType (hFile=0x144) returned 0x1 [0098.629] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000151d44 | out: lpFileInformation=0xc000151d44) returned 1 [0098.629] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000151d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000151d28) returned 1 [0098.629] ReadFile (in: hFile=0x144, lpBuffer=0xc000160300, nNumberOfBytesToRead=0x2cf, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc000160300*, lpNumberOfBytesRead=0xc000151c04*=0xcf, lpOverlapped=0x0) returned 1 [0098.630] ReadFile (in: hFile=0x144, lpBuffer=0xc0001603cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001603cf*, lpNumberOfBytesRead=0xc000151c04*=0x0, lpOverlapped=0x0) returned 1 [0098.630] CloseHandle (hObject=0x144) returned 1 [0098.630] VirtualAlloc (lpAddress=0xc00022e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00022e000 [0098.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0098.632] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000151d04 | out: lpMode=0xc000151d04) returned 0 [0098.632] GetFileType (hFile=0x144) returned 0x1 [0098.633] WriteFile (in: hFile=0x144, lpBuffer=0xc00022e000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc000151cec, lpOverlapped=0x0 | out: lpBuffer=0xc00022e000*, lpNumberOfBytesWritten=0xc000151cec*=0xd0, lpOverlapped=0x0) returned 1 [0098.634] CloseHandle (hObject=0x144) returned 1 [0098.634] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0098.634] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0098.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0098.635] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000151d64 | out: lpMode=0xc000151d64) returned 0 [0098.639] GetFileType (hFile=0x144) returned 0x1 [0098.639] WriteFile (in: hFile=0x144, lpBuffer=0xc0001d82c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000151d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d82c0*, lpNumberOfBytesWritten=0xc000151d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.639] CloseHandle (hObject=0x144) returned 1 [0098.639] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.640] SwitchToThread () returned 1 [0098.640] SetEvent (hEvent=0x15c) returned 1 [0098.640] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.642] SetEvent (hEvent=0x13c) returned 1 [0098.642] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.649] SetEvent (hEvent=0x15c) returned 1 [0098.649] SetEvent (hEvent=0x8c) returned 1 [0098.649] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.664] SetEvent (hEvent=0x13c) returned 1 [0098.664] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.668] SetEvent (hEvent=0x8c) returned 1 [0098.668] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0098.672] SetEvent (hEvent=0x15c) returned 1 [0098.672] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.075] SetEvent (hEvent=0x8c) returned 1 [0099.075] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.116] SetEvent (hEvent=0x13c) returned 1 [0099.116] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.216] SetEvent (hEvent=0x120) returned 1 [0099.216] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.221] SetEvent (hEvent=0x120) returned 1 [0099.222] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.223] SetEvent (hEvent=0x120) returned 1 [0099.223] SetEvent (hEvent=0x8c) returned 1 [0099.223] SetEvent (hEvent=0x15c) returned 1 [0099.223] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.225] VirtualFree (lpAddress=0xc0001b8000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0099.225] VirtualFree (lpAddress=0xc00017c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.225] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.225] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.226] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.226] VirtualFree (lpAddress=0xc00005c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.226] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.226] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.226] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.227] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0099.227] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000275cf4 | out: lpMode=0xc000275cf4) returned 0 [0099.233] GetFileType (hFile=0x144) returned 0x1 [0099.233] GetFileType (hFile=0x144) returned 0x1 [0099.233] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000275d44 | out: lpFileInformation=0xc000275d44) returned 1 [0099.233] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000275d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000275d28) returned 1 [0099.233] ReadFile (in: hFile=0x144, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x303, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc000275c04*=0x103, lpOverlapped=0x0) returned 1 [0099.234] ReadFile (in: hFile=0x144, lpBuffer=0xc00003c103, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c103*, lpNumberOfBytesRead=0xc000275c04*=0x0, lpOverlapped=0x0) returned 1 [0099.234] CloseHandle (hObject=0x144) returned 1 [0099.234] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0099.234] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0099.235] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000275d04 | out: lpMode=0xc000275d04) returned 0 [0099.245] GetFileType (hFile=0x144) returned 0x1 [0099.245] WriteFile (in: hFile=0x144, lpBuffer=0xc0001e0d80*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000275cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e0d80*, lpNumberOfBytesWritten=0xc000275cec*=0x110, lpOverlapped=0x0) returned 1 [0099.246] CloseHandle (hObject=0x144) returned 1 [0099.246] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0099.246] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0099.247] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0099.247] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000275d64 | out: lpMode=0xc000275d64) returned 0 [0099.256] GetFileType (hFile=0x144) returned 0x1 [0099.256] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000275d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000275d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.256] CloseHandle (hObject=0x144) returned 1 [0099.256] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.260] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.261] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0099.262] SetEvent (hEvent=0xc0) returned 1 [0099.262] SetEvent (hEvent=0x8c) returned 1 [0099.262] SetEvent (hEvent=0xb8) returned 1 [0099.263] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.270] SetEvent (hEvent=0x15c) returned 1 [0099.270] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.282] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.283] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0099.283] SetEvent (hEvent=0xc0) returned 1 [0099.283] SetEvent (hEvent=0x15c) returned 1 [0099.283] SetEvent (hEvent=0x120) returned 1 [0099.283] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.296] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0099.296] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0099.297] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0099.297] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000f7cf4 | out: lpMode=0xc0000f7cf4) returned 0 [0099.300] GetFileType (hFile=0x144) returned 0x1 [0099.300] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0099.301] GetFileType (hFile=0x144) returned 0x1 [0099.301] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0000f7d44 | out: lpFileInformation=0xc0000f7d44) returned 1 [0099.301] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0000f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f7d28) returned 1 [0099.301] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0099.302] ReadFile (in: hFile=0x144, lpBuffer=0xc0001f62c0, nNumberOfBytesToRead=0x2a7, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001f62c0*, lpNumberOfBytesRead=0xc0000f7c04*=0xa7, lpOverlapped=0x0) returned 1 [0099.303] ReadFile (in: hFile=0x144, lpBuffer=0xc0001f6367, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001f6367*, lpNumberOfBytesRead=0xc0000f7c04*=0x0, lpOverlapped=0x0) returned 1 [0099.303] CloseHandle (hObject=0x144) returned 1 [0099.303] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0099.303] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0099.304] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000f7d04 | out: lpMode=0xc0000f7d04) returned 0 [0099.309] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.316] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.316] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0099.317] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0099.317] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001c7cf4 | out: lpMode=0xc0001c7cf4) returned 0 [0099.319] GetFileType (hFile=0x174) returned 0x1 [0099.319] GetFileType (hFile=0x174) returned 0x1 [0099.319] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0001c7d44 | out: lpFileInformation=0xc0001c7d44) returned 1 [0099.319] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0001c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c7d28) returned 1 [0099.319] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0099.319] ReadFile (in: hFile=0x174, lpBuffer=0xc00013a000, nNumberOfBytesToRead=0x2bb, lpNumberOfBytesRead=0xc0001c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesRead=0xc0001c7c04*=0xbb, lpOverlapped=0x0) returned 1 [0099.320] ReadFile (in: hFile=0x174, lpBuffer=0xc00013a0bb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013a0bb*, lpNumberOfBytesRead=0xc0001c7c04*=0x0, lpOverlapped=0x0) returned 1 [0099.320] CloseHandle (hObject=0x174) returned 1 [0099.320] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0099.321] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0099.322] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001c7d04 | out: lpMode=0xc0001c7d04) returned 0 [0099.332] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.337] GetFileType (hFile=0x174) returned 0x1 [0099.337] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.352] SetEvent (hEvent=0x100) returned 1 [0099.352] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.531] SetEvent (hEvent=0x15c) returned 1 [0099.531] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.624] SetEvent (hEvent=0x120) returned 1 [0099.624] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0099.625] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000115cf4 | out: lpMode=0xc000115cf4) returned 0 [0099.628] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.629] SetEvent (hEvent=0xc0) returned 1 [0099.629] SetEvent (hEvent=0x120) returned 1 [0099.629] GetFileType (hFile=0x174) returned 0x1 [0099.630] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.648] SetEvent (hEvent=0x100) returned 1 [0099.648] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.787] SetEvent (hEvent=0x15c) returned 1 [0099.787] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.807] SetEvent (hEvent=0x120) returned 1 [0099.807] SetEvent (hEvent=0xfc) returned 1 [0099.807] SetEvent (hEvent=0x13c) returned 1 [0099.807] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.847] SetEvent (hEvent=0x15c) returned 1 [0099.847] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.872] SetEvent (hEvent=0x120) returned 1 [0099.872] SetEvent (hEvent=0x13c) returned 1 [0099.872] SetEvent (hEvent=0x12c) returned 1 [0099.872] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.880] SetEvent (hEvent=0x120) returned 1 [0099.880] SetEvent (hEvent=0x15c) returned 1 [0099.880] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.891] SetEvent (hEvent=0xfc) returned 1 [0099.891] SetEvent (hEvent=0x12c) returned 1 [0099.891] SetEvent (hEvent=0x120) returned 1 [0099.891] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.966] SetEvent (hEvent=0xfc) returned 1 [0099.967] SetEvent (hEvent=0x120) returned 1 [0099.967] SetEvent (hEvent=0x12c) returned 1 [0099.967] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0099.981] VirtualFree (lpAddress=0xc0001d0000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0099.982] VirtualFree (lpAddress=0xc0001cc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.982] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.982] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.982] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.983] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.983] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.983] SetEvent (hEvent=0x15c) returned 1 [0099.983] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0100.025] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00013fcf4 | out: lpMode=0xc00013fcf4) returned 0 [0100.031] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.038] SetEvent (hEvent=0xb8) returned 1 [0100.038] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.169] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0100.169] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000c3cf4 | out: lpMode=0xc0000c3cf4) returned 0 [0100.172] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.185] SetEvent (hEvent=0x8c) returned 1 [0100.185] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.186] SetEvent (hEvent=0x8c) returned 1 [0100.186] SetEvent (hEvent=0x12c) returned 1 [0100.186] SetEvent (hEvent=0x15c) returned 1 [0100.186] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.262] SetEvent (hEvent=0x100) returned 1 [0100.262] SwitchToThread () returned 1 [0100.366] SetEvent (hEvent=0x100) returned 1 [0100.366] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.401] SetEvent (hEvent=0x100) returned 1 [0100.401] SetEvent (hEvent=0x12c) returned 1 [0100.401] SetEvent (hEvent=0x120) returned 1 [0100.401] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.416] SetEvent (hEvent=0x12c) returned 1 [0100.416] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.423] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.425] SetEvent (hEvent=0x12c) returned 1 [0100.425] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.425] SetEvent (hEvent=0x12c) returned 1 [0100.426] SetEvent (hEvent=0x8c) returned 1 [0100.426] SetEvent (hEvent=0x100) returned 1 [0100.426] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.435] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.439] SetEvent (hEvent=0x12c) returned 1 [0100.439] SetEvent (hEvent=0x8c) returned 1 [0100.439] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.440] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.440] SetEvent (hEvent=0x100) returned 1 [0100.440] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.539] SetEvent (hEvent=0x8c) returned 1 [0100.539] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.543] SetEvent (hEvent=0xb8) returned 1 [0100.543] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.592] SetEvent (hEvent=0x120) returned 1 [0100.593] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.594] SetEvent (hEvent=0x120) returned 1 [0100.594] SetEvent (hEvent=0x15c) returned 1 [0100.594] SetEvent (hEvent=0xb8) returned 1 [0100.594] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.602] VirtualFree (lpAddress=0xc00015a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.603] VirtualFree (lpAddress=0xc00005a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0100.603] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0100.603] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0448*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0448*, lpNumberOfCharsWritten=0xc0000f9818*=0x3) returned 1 [0100.613] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.620] SetEvent (hEvent=0x12c) returned 1 [0100.620] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0100.621] SetEvent (hEvent=0xb8) returned 1 [0100.621] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.625] SetEvent (hEvent=0x12c) returned 1 [0100.625] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.625] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0100.625] SetEvent (hEvent=0xc0) returned 1 [0100.625] SetEvent (hEvent=0x12c) returned 1 [0100.625] SetEvent (hEvent=0x120) returned 1 [0100.626] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.630] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.632] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0100.632] SetEvent (hEvent=0x8c) returned 1 [0100.632] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.634] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.634] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0100.635] SetEvent (hEvent=0xb8) returned 1 [0100.635] SetEvent (hEvent=0x12c) returned 1 [0100.635] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.639] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.641] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0100.641] SetEvent (hEvent=0xb8) returned 1 [0100.641] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.655] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.655] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.656] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.656] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0100.657] SetEvent (hEvent=0xc0) returned 1 [0100.657] SetEvent (hEvent=0x12c) returned 1 [0100.657] SetEvent (hEvent=0x120) returned 1 [0100.658] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.662] SetEvent (hEvent=0x120) returned 1 [0100.662] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.670] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.670] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0100.670] SetEvent (hEvent=0xb8) returned 1 [0100.670] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.671] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010490*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000151818, lpReserved=0x0 | out: lpBuffer=0xc000010490*, lpNumberOfCharsWritten=0xc000151818*=0x3) returned 1 [0100.678] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010496*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00010f818, lpReserved=0x0 | out: lpBuffer=0xc000010496*, lpNumberOfCharsWritten=0xc00010f818*=0x3) returned 1 [0100.687] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0100.688] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000104a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00013d818, lpReserved=0x0 | out: lpBuffer=0xc0000104a0*, lpNumberOfCharsWritten=0xc00013d818*=0x3) returned 1 [0100.691] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.697] SetEvent (hEvent=0x8c) returned 1 [0100.697] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.698] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862d0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004db818, lpReserved=0x0 | out: lpBuffer=0xc0005862d0*, lpNumberOfCharsWritten=0xc0004db818*=0x3) returned 1 [0100.701] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862d6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00004b818, lpReserved=0x0 | out: lpBuffer=0xc0005862d6*, lpNumberOfCharsWritten=0xc00004b818*=0x3) returned 1 [0100.714] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586310*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000277818, lpReserved=0x0 | out: lpBuffer=0xc000586310*, lpNumberOfCharsWritten=0xc000277818*=0x3) returned 1 [0100.733] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586330*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00027b818, lpReserved=0x0 | out: lpBuffer=0xc000586330*, lpNumberOfCharsWritten=0xc00027b818*=0x3) returned 1 [0100.737] SetEvent (hEvent=0x8c) returned 1 [0100.738] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863b8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023f818, lpReserved=0x0 | out: lpBuffer=0xc0005863b8*, lpNumberOfCharsWritten=0xc00023f818*=0x3) returned 1 [0100.740] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.742] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.744] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102140*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001af818, lpReserved=0x0 | out: lpBuffer=0xc000102140*, lpNumberOfCharsWritten=0xc0001af818*=0x3) returned 1 [0100.749] SetEvent (hEvent=0x120) returned 1 [0100.750] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102146*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000249818, lpReserved=0x0 | out: lpBuffer=0xc000102146*, lpNumberOfCharsWritten=0xc000249818*=0x3) returned 1 [0100.751] SetEvent (hEvent=0x120) returned 1 [0100.751] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.758] SetEvent (hEvent=0x12c) returned 1 [0100.758] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.761] SetEvent (hEvent=0x12c) returned 1 [0100.761] SetEvent (hEvent=0xb8) returned 1 [0100.761] SetEvent (hEvent=0x120) returned 1 [0100.761] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.767] SetEvent (hEvent=0x12c) returned 1 [0100.767] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.767] SetEvent (hEvent=0x12c) returned 1 [0100.767] SetEvent (hEvent=0xb8) returned 1 [0100.768] SetEvent (hEvent=0x120) returned 1 [0100.768] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.784] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0100.784] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0100.785] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0100.785] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0100.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0100.786] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000277cf4 | out: lpMode=0xc000277cf4) returned 0 [0100.797] SetEvent (hEvent=0x12c) returned 1 [0100.797] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.868] SetEvent (hEvent=0x12c) returned 1 [0100.868] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.894] SetEvent (hEvent=0xb8) returned 1 [0100.894] SetEvent (hEvent=0x100) returned 1 [0100.894] SetEvent (hEvent=0x12c) returned 1 [0100.894] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.900] SetEvent (hEvent=0xb8) returned 1 [0100.900] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.904] SetEvent (hEvent=0xb8) returned 1 [0100.904] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.905] SetEvent (hEvent=0xb8) returned 1 [0100.905] SetEvent (hEvent=0x12c) returned 1 [0100.905] SetEvent (hEvent=0x120) returned 1 [0100.905] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.906] SetEvent (hEvent=0x12c) returned 1 [0100.906] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.907] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0100.907] VirtualFree (lpAddress=0xc000178000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0100.908] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.908] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.908] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.909] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.909] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.909] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.909] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.910] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.910] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.910] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.911] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.911] SetEvent (hEvent=0x120) returned 1 [0100.911] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.969] SetEvent (hEvent=0x8c) returned 1 [0100.969] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.971] SetEvent (hEvent=0x120) returned 1 [0100.971] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.973] SetEvent (hEvent=0xb8) returned 1 [0100.973] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0100.987] SetEvent (hEvent=0x12c) returned 1 [0100.987] SetEvent (hEvent=0x8c) returned 1 [0100.987] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.001] SetEvent (hEvent=0xb8) returned 1 [0101.001] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.035] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a9818, lpReserved=0x0 | out: lpBuffer=0xc000586018*, lpNumberOfCharsWritten=0xc0001a9818*=0x3) returned 1 [0101.039] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.050] SetEvent (hEvent=0x120) returned 1 [0101.050] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0101.050] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.064] SetEvent (hEvent=0x15c) returned 1 [0101.064] SetEvent (hEvent=0x12c) returned 1 [0101.064] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0101.065] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0101.068] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.069] GetFileType (hFile=0xec) returned 0x1 [0101.069] GetFileType (hFile=0xec) returned 0x1 [0101.069] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0101.069] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0101.069] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0101.069] ReadFile (in: hFile=0xec, lpBuffer=0xc0000fe000, nNumberOfBytesToRead=0x469, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesRead=0xc000117c04*=0x269, lpOverlapped=0x0) returned 1 [0101.072] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.077] ReadFile (in: hFile=0xec, lpBuffer=0xc0000fe269, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe269*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0101.077] CloseHandle (hObject=0xec) returned 1 [0101.077] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0101.077] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0101.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.079] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0101.087] GetFileType (hFile=0xec) returned 0x1 [0101.087] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0101.088] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0101.088] WriteFile (in: hFile=0xec, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc000117cec*=0x270, lpOverlapped=0x0) returned 1 [0101.090] CloseHandle (hObject=0xec) returned 1 [0101.090] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0101.090] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0101.090] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.090] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0101.101] GetFileType (hFile=0xec) returned 0x1 [0101.101] WriteFile (in: hFile=0xec, lpBuffer=0xc0001e6420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001e6420*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.101] CloseHandle (hObject=0xec) returned 1 [0101.101] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0101.102] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0101.102] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.103] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0101.103] SetEvent (hEvent=0x100) returned 1 [0101.103] SetEvent (hEvent=0xb8) returned 1 [0101.103] SetEvent (hEvent=0x8c) returned 1 [0101.104] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.108] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.108] SetEvent (hEvent=0xb8) returned 1 [0101.109] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.111] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.111] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0101.112] SetEvent (hEvent=0x12c) returned 1 [0101.112] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.122] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.122] GetFileType (hFile=0x174) returned 0x1 [0101.122] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0001a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.122] CloseHandle (hObject=0x174) returned 1 [0101.122] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0101.123] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0101.123] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0101.124] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\encry-manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\encry-manifest.json"), dwFlags=0x1) returned 1 [0101.124] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.125] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.125] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0101.125] SetEvent (hEvent=0xc0) returned 1 [0101.125] SetEvent (hEvent=0xb8) returned 1 [0101.125] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0101.128] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.128] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.133] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.134] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0101.134] SetEvent (hEvent=0x12c) returned 1 [0101.134] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0101.134] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000e7cf4 | out: lpMode=0xc0000e7cf4) returned 0 [0101.135] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.142] SetEvent (hEvent=0xb8) returned 1 [0101.142] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.142] SetEvent (hEvent=0xb8) returned 1 [0101.142] SetEvent (hEvent=0x12c) returned 1 [0101.142] VirtualFree (lpAddress=0xc0001f8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.143] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.143] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0101.143] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00012fcf4 | out: lpMode=0xc00012fcf4) returned 0 [0101.144] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.146] GetFileType (hFile=0xec) returned 0x1 [0101.146] GetFileType (hFile=0xec) returned 0x1 [0101.146] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00012fd44 | out: lpFileInformation=0xc00012fd44) returned 1 [0101.146] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00012fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012fd28) returned 1 [0101.146] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0101.147] ReadFile (in: hFile=0xec, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x4b8, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc00012fc04*=0x2b8, lpOverlapped=0x0) returned 1 [0101.148] ReadFile (in: hFile=0xec, lpBuffer=0xc00004e2b8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e2b8*, lpNumberOfBytesRead=0xc00012fc04*=0x0, lpOverlapped=0x0) returned 1 [0101.149] CloseHandle (hObject=0xec) returned 1 [0101.149] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0101.149] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.150] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00012fd04 | out: lpMode=0xc00012fd04) returned 0 [0101.151] GetFileType (hFile=0xec) returned 0x1 [0101.151] WriteFile (in: hFile=0xec, lpBuffer=0xc00005e580*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0xc00012fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00005e580*, lpNumberOfBytesWritten=0xc00012fcec*=0x2c0, lpOverlapped=0x0) returned 1 [0101.152] CloseHandle (hObject=0xec) returned 1 [0101.152] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0101.152] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0101.152] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0101.153] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0101.153] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.153] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00012fd64 | out: lpMode=0xc00012fd64) returned 0 [0101.157] GetFileType (hFile=0xec) returned 0x1 [0101.157] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00012fd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.157] CloseHandle (hObject=0xec) returned 1 [0101.157] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0101.158] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82752420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.160] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82752420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.160] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82752420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.160] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.160] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.160] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.160] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269)) returned 1 [0101.161] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82759950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8275c060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.161] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.161] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82759950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8275c060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.161] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82759950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8275c060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.161] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8275c060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x26e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.161] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.161] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.162] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\it\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8275c060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x26e)) returned 1 [0101.163] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.170] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.177] SetEvent (hEvent=0xb8) returned 1 [0101.177] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.178] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.178] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0101.179] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001cfcf4 | out: lpMode=0xc0001cfcf4) returned 0 [0101.183] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.185] GetFileType (hFile=0xec) returned 0x1 [0101.185] GetFileType (hFile=0xec) returned 0x1 [0101.185] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0001cfd44 | out: lpFileInformation=0xc0001cfd44) returned 1 [0101.185] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0001cfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cfd28) returned 1 [0101.186] ReadFile (in: hFile=0xec, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x4c4, lpNumberOfBytesRead=0xc0001cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc0001cfc04*=0x2c4, lpOverlapped=0x0) returned 1 [0101.190] ReadFile (in: hFile=0xec, lpBuffer=0xc00004e2c4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e2c4*, lpNumberOfBytesRead=0xc0001cfc04*=0x0, lpOverlapped=0x0) returned 1 [0101.190] CloseHandle (hObject=0xec) returned 1 [0101.190] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0101.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.191] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001cfd04 | out: lpMode=0xc0001cfd04) returned 0 [0101.195] GetFileType (hFile=0xec) returned 0x1 [0101.195] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0101.195] WriteFile (in: hFile=0xec, lpBuffer=0xc000040000*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0xc0001cfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesWritten=0xc0001cfcec*=0x2d0, lpOverlapped=0x0) returned 1 [0101.197] CloseHandle (hObject=0xec) returned 1 [0101.197] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0101.197] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0101.197] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0101.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.198] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001cfd64 | out: lpMode=0xc0001cfd64) returned 0 [0101.206] GetFileType (hFile=0xec) returned 0x1 [0101.206] WriteFile (in: hFile=0xec, lpBuffer=0xc0000602c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000602c0*, lpNumberOfBytesWritten=0xc0001cfd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.206] CloseHandle (hObject=0xec) returned 1 [0101.206] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0101.207] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0101.207] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.208] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.267] SetEvent (hEvent=0x100) returned 1 [0101.267] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.274] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.275] SetEvent (hEvent=0x100) returned 1 [0101.275] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.276] SetEvent (hEvent=0x100) returned 1 [0101.276] SetEvent (hEvent=0xb8) returned 1 [0101.276] SetEvent (hEvent=0x15c) returned 1 [0101.276] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.284] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0101.285] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0101.285] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0101.285] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00022dcf4 | out: lpMode=0xc00022dcf4) returned 0 [0101.290] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.292] GetFileType (hFile=0x174) returned 0x1 [0101.292] GetFileType (hFile=0x174) returned 0x1 [0101.292] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc00022dd44 | out: lpFileInformation=0xc00022dd44) returned 1 [0101.292] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc00022dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022dd28) returned 1 [0101.292] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0101.293] ReadFile (in: hFile=0x174, lpBuffer=0xc0001de000, nNumberOfBytesToRead=0x5ad, lpNumberOfBytesRead=0xc00022dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de000*, lpNumberOfBytesRead=0xc00022dc04*=0x3ad, lpOverlapped=0x0) returned 1 [0101.298] ReadFile (in: hFile=0x174, lpBuffer=0xc0001de3ad, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de3ad*, lpNumberOfBytesRead=0xc00022dc04*=0x0, lpOverlapped=0x0) returned 1 [0101.298] CloseHandle (hObject=0x174) returned 1 [0101.298] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0101.298] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0101.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.300] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00022dd04 | out: lpMode=0xc00022dd04) returned 0 [0101.301] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.316] GetFileType (hFile=0x174) returned 0x1 [0101.316] WriteFile (in: hFile=0x174, lpBuffer=0xc0001e4000*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0xc00022dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e4000*, lpNumberOfBytesWritten=0xc00022dcec*=0x3b0, lpOverlapped=0x0) returned 1 [0101.317] CloseHandle (hObject=0x174) returned 1 [0101.317] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0101.318] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0101.318] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0101.318] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0101.319] VirtualAlloc (lpAddress=0xc0001f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f0000 [0101.319] VirtualAlloc (lpAddress=0xc0001f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f2000 [0101.319] VirtualAlloc (lpAddress=0xc0001f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f4000 [0101.320] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.320] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00022dd64 | out: lpMode=0xc00022dd64) returned 0 [0101.330] GetFileType (hFile=0x174) returned 0x1 [0101.330] WriteFile (in: hFile=0x174, lpBuffer=0xc0001f22c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001f22c0*, lpNumberOfBytesWritten=0xc00022dd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.330] CloseHandle (hObject=0x174) returned 1 [0101.330] VirtualAlloc (lpAddress=0xc0001f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f6000 [0101.331] VirtualAlloc (lpAddress=0xc0001f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f8000 [0101.331] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.332] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.377] SetEvent (hEvent=0xb8) returned 1 [0101.377] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.442] SetEvent (hEvent=0xb8) returned 1 [0101.442] SetEvent (hEvent=0x12c) returned 1 [0101.442] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.491] SetEvent (hEvent=0x8c) returned 1 [0101.491] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.651] SetEvent (hEvent=0xb8) returned 1 [0101.651] SetEvent (hEvent=0x8c) returned 1 [0101.651] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.688] SetEvent (hEvent=0xb8) returned 1 [0101.688] SetEvent (hEvent=0x12c) returned 1 [0101.688] SetEvent (hEvent=0x8c) returned 1 [0101.688] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.696] SetEvent (hEvent=0xb8) returned 1 [0101.696] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.701] SetEvent (hEvent=0xb8) returned 1 [0101.701] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.702] SetEvent (hEvent=0x120) returned 1 [0101.702] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.705] SwitchToThread () returned 1 [0101.707] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.708] SetEvent (hEvent=0xb8) returned 1 [0101.708] SetEvent (hEvent=0x100) returned 1 [0101.708] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.709] VirtualFree (lpAddress=0xc000144000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.709] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.709] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.709] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.709] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.710] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0101.710] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0101.710] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0101.711] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001efcf4 | out: lpMode=0xc0001efcf4) returned 0 [0101.713] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.714] GetFileType (hFile=0x174) returned 0x1 [0101.714] GetFileType (hFile=0x174) returned 0x1 [0101.714] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0001efd44 | out: lpFileInformation=0xc0001efd44) returned 1 [0101.714] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0001efd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001efd28) returned 1 [0101.714] ReadFile (in: hFile=0x174, lpBuffer=0xc00011c580, nNumberOfBytesToRead=0x52c, lpNumberOfBytesRead=0xc0001efc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c580*, lpNumberOfBytesRead=0xc0001efc04*=0x32c, lpOverlapped=0x0) returned 1 [0101.717] ReadFile (in: hFile=0x174, lpBuffer=0xc00011c8ac, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001efc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c8ac*, lpNumberOfBytesRead=0xc0001efc04*=0x0, lpOverlapped=0x0) returned 1 [0101.717] CloseHandle (hObject=0x174) returned 1 [0101.717] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.718] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001efd04 | out: lpMode=0xc0001efd04) returned 0 [0101.719] GetFileType (hFile=0x174) returned 0x1 [0101.719] WriteFile (in: hFile=0x174, lpBuffer=0xc00015c700*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0xc0001efcec, lpOverlapped=0x0 | out: lpBuffer=0xc00015c700*, lpNumberOfBytesWritten=0xc0001efcec*=0x330, lpOverlapped=0x0) returned 1 [0101.720] CloseHandle (hObject=0x174) returned 1 [0101.720] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.720] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001efd64 | out: lpMode=0xc0001efd64) returned 0 [0101.728] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.731] SetEvent (hEvent=0xb8) returned 1 [0101.731] GetFileType (hFile=0x174) returned 0x1 [0101.731] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0101.731] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0101.731] WriteFile (in: hFile=0x174, lpBuffer=0xc000036000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001efd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesWritten=0xc0001efd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.731] CloseHandle (hObject=0x174) returned 1 [0101.732] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0101.732] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0101.732] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.733] SetEvent (hEvent=0x120) returned 1 [0101.733] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.742] SetEvent (hEvent=0xb8) returned 1 [0101.742] SetEvent (hEvent=0x100) returned 1 [0101.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0101.742] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0101.743] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.743] GetFileType (hFile=0x128) returned 0x1 [0101.743] GetFileType (hFile=0x128) returned 0x1 [0101.744] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0101.744] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0101.744] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0101.744] ReadFile (in: hFile=0x128, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x48a, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc000241c04*=0x28a, lpOverlapped=0x0) returned 1 [0101.747] ReadFile (in: hFile=0x128, lpBuffer=0xc00004c28a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c28a*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0101.747] CloseHandle (hObject=0x128) returned 1 [0101.747] SwitchToThread () returned 1 [0101.748] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0101.748] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0101.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0101.749] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0101.754] GetFileType (hFile=0x128) returned 0x1 [0101.754] WriteFile (in: hFile=0x128, lpBuffer=0xc000164000*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc000164000*, lpNumberOfBytesWritten=0xc000241cec*=0x290, lpOverlapped=0x0) returned 1 [0101.754] CloseHandle (hObject=0x128) returned 1 [0101.755] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0101.755] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.755] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0101.755] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0101.756] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0101.756] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0101.761] GetFileType (hFile=0x128) returned 0x1 [0101.761] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.761] CloseHandle (hObject=0x128) returned 1 [0101.761] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0101.783] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\tr\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.784] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0101.784] SetEvent (hEvent=0xfc) returned 1 [0101.784] SetEvent (hEvent=0x100) returned 1 [0101.784] SetEvent (hEvent=0x12c) returned 1 [0101.795] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.802] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.802] SetEvent (hEvent=0x100) returned 1 [0101.802] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.803] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.803] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.804] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0101.804] SetEvent (hEvent=0x100) returned 1 [0101.804] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.805] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0101.805] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000257cf4 | out: lpMode=0xc000257cf4) returned 0 [0101.806] GetFileType (hFile=0x170) returned 0x1 [0101.807] GetFileType (hFile=0x170) returned 0x1 [0101.807] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc000257d44 | out: lpFileInformation=0xc000257d44) returned 1 [0101.807] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc000257d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000257d28) returned 1 [0101.807] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0101.807] ReadFile (in: hFile=0x170, lpBuffer=0xc000176000, nNumberOfBytesToRead=0x64b, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc000176000*, lpNumberOfBytesRead=0xc000257c04*=0x44b, lpOverlapped=0x0) returned 1 [0101.814] ReadFile (in: hFile=0x170, lpBuffer=0xc00017644b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc00017644b*, lpNumberOfBytesRead=0xc000257c04*=0x0, lpOverlapped=0x0) returned 1 [0101.814] CloseHandle (hObject=0x170) returned 1 [0101.815] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0101.815] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0101.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0101.817] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000257d04 | out: lpMode=0xc000257d04) returned 0 [0101.825] GetFileType (hFile=0x170) returned 0x1 [0101.825] WriteFile (in: hFile=0x170, lpBuffer=0xc00017c000*, nNumberOfBytesToWrite=0x450, lpNumberOfBytesWritten=0xc000257cec, lpOverlapped=0x0 | out: lpBuffer=0xc00017c000*, lpNumberOfBytesWritten=0xc000257cec*=0x450, lpOverlapped=0x0) returned 1 [0101.826] CloseHandle (hObject=0x170) returned 1 [0101.826] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.826] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0101.826] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0101.827] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000257d64 | out: lpMode=0xc000257d64) returned 0 [0101.836] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.854] GetFileType (hFile=0x170) returned 0x1 [0101.854] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0101.855] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0101.855] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0101.856] WriteFile (in: hFile=0x170, lpBuffer=0xc00005c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000257d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesWritten=0xc000257d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.856] CloseHandle (hObject=0x170) returned 1 [0101.856] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0101.857] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0101.857] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0101.857] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0101.858] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.859] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.910] SetEvent (hEvent=0xb8) returned 1 [0101.910] SetEvent (hEvent=0x8c) returned 1 [0101.910] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.932] SetEvent (hEvent=0x12c) returned 1 [0101.932] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.935] SetEvent (hEvent=0x8c) returned 1 [0101.935] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.937] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0101.938] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0101.938] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0101.938] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0101.939] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0101.939] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0101.939] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000129cf4 | out: lpMode=0xc000129cf4) returned 0 [0101.941] GetFileType (hFile=0x170) returned 0x1 [0101.941] GetFileType (hFile=0x170) returned 0x1 [0101.941] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc000129d44 | out: lpFileInformation=0xc000129d44) returned 1 [0101.941] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc000129d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000129d28) returned 1 [0101.941] VirtualAlloc (lpAddress=0xc0001f2000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f2000 [0101.945] ReadFile (in: hFile=0x170, lpBuffer=0xc0001f2000, nNumberOfBytesToRead=0x32c2e, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001f2000*, lpNumberOfBytesRead=0xc000129c04*=0x32a2e, lpOverlapped=0x0) returned 1 [0101.954] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.958] SetEvent (hEvent=0xc0) returned 1 [0101.958] SetEvent (hEvent=0x12c) returned 1 [0101.958] ReadFile (in: hFile=0x170, lpBuffer=0xc000224a2e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc000224a2e*, lpNumberOfBytesRead=0xc000129c04*=0x0, lpOverlapped=0x0) returned 1 [0101.958] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.960] SetEvent (hEvent=0x12c) returned 1 [0101.961] CloseHandle (hObject=0x170) returned 1 [0101.961] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0101.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0101.968] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000129d04 | out: lpMode=0xc000129d04) returned 0 [0101.970] GetFileType (hFile=0x170) returned 0x1 [0101.970] WriteFile (in: hFile=0x170, lpBuffer=0xc000280000*, nNumberOfBytesToWrite=0x32a30, lpNumberOfBytesWritten=0xc000129cec, lpOverlapped=0x0 | out: lpBuffer=0xc000280000*, lpNumberOfBytesWritten=0xc000129cec*=0x32a30, lpOverlapped=0x0) returned 1 [0101.973] CloseHandle (hObject=0x170) returned 1 [0101.974] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.974] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0101.974] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0101.974] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000129d64 | out: lpMode=0xc000129d64) returned 0 [0101.983] GetFileType (hFile=0x170) returned 0x1 [0101.983] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0101.983] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0101.983] WriteFile (in: hFile=0x170, lpBuffer=0xc0000fe000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000129d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesWritten=0xc000129d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.983] CloseHandle (hObject=0x170) returned 1 [0101.984] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0101.984] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0101.984] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\encry-craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\encry-craw_background.js"), dwFlags=0x1) returned 1 [0101.985] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0101.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0101.986] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000143cf4 | out: lpMode=0xc000143cf4) returned 0 [0101.987] GetFileType (hFile=0x170) returned 0x1 [0101.987] GetFileType (hFile=0x170) returned 0x1 [0101.987] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc000143d44 | out: lpFileInformation=0xc000143d44) returned 1 [0101.987] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc000143d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000143d28) returned 1 [0101.987] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0101.988] ReadFile (in: hFile=0x170, lpBuffer=0xc000280000, nNumberOfBytesToRead=0x3b259, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc000280000*, lpNumberOfBytesRead=0xc000143c04*=0x3b059, lpOverlapped=0x0) returned 1 [0101.995] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0101.997] ReadFile (in: hFile=0x170, lpBuffer=0xc0002bb059, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002bb059*, lpNumberOfBytesRead=0xc000143c04*=0x0, lpOverlapped=0x0) returned 1 [0101.997] CloseHandle (hObject=0x170) returned 1 [0101.998] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0101.998] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0102.002] VirtualAlloc (lpAddress=0x0, dwSize=0x40000, flAllocationType=0x3000, flProtect=0x4) returned 0x29460000 [0102.003] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.006] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000143d04 | out: lpMode=0xc000143d04) returned 0 [0102.009] GetFileType (hFile=0x170) returned 0x1 [0102.009] WriteFile (in: hFile=0x170, lpBuffer=0xc0002bc000*, nNumberOfBytesToWrite=0x3b060, lpNumberOfBytesWritten=0xc000143cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002bc000*, lpNumberOfBytesWritten=0xc000143cec*=0x3b060, lpOverlapped=0x0) returned 1 [0102.014] CloseHandle (hObject=0x170) returned 1 [0102.014] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0102.014] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0102.015] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0102.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.015] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000143d64 | out: lpMode=0xc000143d64) returned 0 [0102.020] GetFileType (hFile=0x170) returned 0x1 [0102.020] WriteFile (in: hFile=0x170, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000143d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000143d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.021] CloseHandle (hObject=0x170) returned 1 [0102.021] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\encry-craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\encry-craw_window.js"), dwFlags=0x1) returned 1 [0102.021] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0102.030] SetEvent (hEvent=0x12c) returned 1 [0102.030] SetEvent (hEvent=0x8c) returned 1 [0102.030] SwitchToThread () returned 1 [0102.031] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828a32c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.031] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828a32c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.038] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828a32c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.038] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828a80e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828aa7f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0x112dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="flapper.gif", cAlternateFileName="")) returned 1 [0102.038] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828af610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1109, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0102.038] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828c7cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x22c, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0102.038] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828ccad0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828ccad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="topbar_floating_button.png", cAlternateFileName="TOPBAR~1.PNG")) returned 1 [0102.038] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828cf1e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d18f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xfc, dwReserved0=0x0, dwReserved1=0x0, cFileName="topbar_floating_button_close.png", cAlternateFileName="TOPBAR~2.PNG")) returned 1 [0102.038] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828d6710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d6710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="topbar_floating_button_hover.png", cAlternateFileName="TOPBAR~3.PNG")) returned 1 [0102.038] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828d8e20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d8e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa6, dwReserved0=0x0, dwReserved1=0x0, cFileName="topbar_floating_button_maximize.png", cAlternateFileName="TOPBAR~4.PNG")) returned 1 [0102.038] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828ddc40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828ddc40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="topbar_floating_button_pressed.png", cAlternateFileName="TOF9E1~1.PNG")) returned 1 [0102.038] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.038] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.039] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828a80e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828aa7f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0x112dc)) returned 1 [0102.040] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828af610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1109)) returned 1 [0102.041] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828c7cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x22c)) returned 1 [0102.043] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0102.044] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0102.045] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0102.045] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828ccad0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828ccad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0)) returned 1 [0102.045] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828cf1e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d18f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xfc)) returned 1 [0102.046] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828d6710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d6710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0)) returned 1 [0102.046] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828d8e20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828d8e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa6)) returned 1 [0102.046] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0102.047] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828ddc40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828ddc40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe7591500, ftLastWriteTime.dwHighDateTime=0x1ce931e, nFileSizeHigh=0x0, nFileSizeLow=0xa0)) returned 1 [0102.047] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826545a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e2a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aa3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52a)) returned 1 [0102.047] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0102.048] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0102.048] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.049] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.049] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0102.049] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\*", lpFindFileData=0xc0000751d0 | out: lpFindFileData=0xc0000751d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.049] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0102.050] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.050] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8.1_0", cAlternateFileName="")) returned 1 [0102.050] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.050] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.050] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.057] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0102.057] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.057] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\*", lpFindFileData=0xc0000750f8 | out: lpFindFileData=0xc0000750f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.068] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0102.100] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.100] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x180f, dwReserved0=0x0, dwReserved1=0x0, cFileName="128.png", cAlternateFileName="")) returned 1 [0102.100] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x869b0fb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x310, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0102.100] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0102.100] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ae0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ae0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0102.100] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.101] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.102] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86d1bfb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x180f)) returned 1 [0102.104] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.105] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.105] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.107] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.107] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0102.107] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0102.107] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0102.107] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0102.107] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0102.107] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0102.107] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0102.107] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0102.108] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0102.109] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0102.109] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0102.109] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="se", cAlternateFileName="")) returned 1 [0102.109] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0102.109] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0102.109] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0102.109] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0102.109] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0102.109] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0102.109] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0102.109] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0102.109] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0102.109] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.109] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.110] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.122] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0102.127] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.127] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0102.131] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.131] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.131] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x138, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.132] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.132] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.132] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x138)) returned 1 [0102.140] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.141] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.141] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.141] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.141] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x124, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.141] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.141] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.141] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x124)) returned 1 [0102.141] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.148] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.148] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.148] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.148] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.148] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.148] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe)) returned 1 [0102.156] VirtualAlloc (lpAddress=0xc00026c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026c000 [0102.157] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0102.157] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.158] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.158] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.158] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.158] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.158] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.158] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.158] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9)) returned 1 [0102.160] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0102.164] SetEvent (hEvent=0x108) returned 1 [0102.164] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0102.568] SetEvent (hEvent=0x114) returned 1 [0102.568] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.013] SetEvent (hEvent=0x13c) returned 1 [0103.013] SetEvent (hEvent=0x108) returned 1 [0103.013] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.019] SetEvent (hEvent=0x13c) returned 1 [0103.019] SetEvent (hEvent=0x12c) returned 1 [0103.019] SetEvent (hEvent=0x108) returned 1 [0103.019] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.029] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.029] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.029] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.029] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0103.030] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.030] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0103.031] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.031] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.031] VirtualFree (lpAddress=0xc000052000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0103.032] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.032] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0103.033] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0103.033] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000277cf4 | out: lpMode=0xc000277cf4) returned 0 [0103.036] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.038] SetEvent (hEvent=0xc0) returned 1 [0103.038] SetEvent (hEvent=0x108) returned 1 [0103.038] GetFileType (hFile=0x170) returned 0x1 [0103.038] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.049] GetFileType (hFile=0x170) returned 0x1 [0103.049] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc000277d44 | out: lpFileInformation=0xc000277d44) returned 1 [0103.049] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc000277d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000277d28) returned 1 [0103.049] VirtualAlloc (lpAddress=0xc000292000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0103.051] ReadFile (in: hFile=0x170, lpBuffer=0xc000292000, nNumberOfBytesToRead=0x48f5, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc000292000*, lpNumberOfBytesRead=0xc000277c04*=0x46f5, lpOverlapped=0x0) returned 1 [0103.066] ReadFile (in: hFile=0x170, lpBuffer=0xc0002966f5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002966f5*, lpNumberOfBytesRead=0xc000277c04*=0x0, lpOverlapped=0x0) returned 1 [0103.066] CloseHandle (hObject=0x170) returned 1 [0103.066] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0103.066] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0103.067] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0103.067] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0103.069] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0103.069] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0103.070] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0103.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0103.071] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000277d04 | out: lpMode=0xc000277d04) returned 0 [0103.072] GetFileType (hFile=0x170) returned 0x1 [0103.072] WriteFile (in: hFile=0x170, lpBuffer=0xc0002c0000*, nNumberOfBytesToWrite=0x4700, lpNumberOfBytesWritten=0xc000277cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002c0000*, lpNumberOfBytesWritten=0xc000277cec*=0x4700, lpOverlapped=0x0) returned 1 [0103.074] CloseHandle (hObject=0x170) returned 1 [0103.074] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0103.075] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0103.075] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0103.075] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0103.076] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0103.076] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0103.077] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0103.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0103.077] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000277d64 | out: lpMode=0xc000277d64) returned 0 [0103.079] GetFileType (hFile=0x170) returned 0x1 [0103.079] WriteFile (in: hFile=0x170, lpBuffer=0xc0000ee580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000277d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee580*, lpNumberOfBytesWritten=0xc000277d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.079] CloseHandle (hObject=0x170) returned 1 [0103.080] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.081] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.082] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.082] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0103.082] SetEvent (hEvent=0xc0) returned 1 [0103.083] SetEvent (hEvent=0x15c) returned 1 [0103.083] SetEvent (hEvent=0x13c) returned 1 [0103.083] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0103.085] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.089] SetEvent (hEvent=0x13c) returned 1 [0103.089] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.094] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.094] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0103.095] SetEvent (hEvent=0xfc) returned 1 [0103.095] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.099] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0103.100] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0103.100] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000253cf4 | out: lpMode=0xc000253cf4) returned 0 [0103.103] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.117] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.119] SetEvent (hEvent=0x13c) returned 1 [0103.119] SetEvent (hEvent=0x100) returned 1 [0103.119] VirtualFree (lpAddress=0xc0002a0000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0103.120] VirtualFree (lpAddress=0xc000234000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.120] VirtualFree (lpAddress=0xc000230000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.120] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.121] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.121] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.121] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.121] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.122] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.122] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0103.123] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0103.124] GetFileType (hFile=0xec) returned 0x1 [0103.124] GetFileType (hFile=0xec) returned 0x1 [0103.124] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0103.124] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0103.124] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0103.125] ReadFile (in: hFile=0xec, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x3f7a, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc0006ddc04*=0x3d7a, lpOverlapped=0x0) returned 1 [0103.129] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.132] ReadFile (in: hFile=0xec, lpBuffer=0xc00025dd7a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00025dd7a*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0103.132] CloseHandle (hObject=0xec) returned 1 [0103.132] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0103.134] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0103.138] GetFileType (hFile=0xec) returned 0x1 [0103.138] WriteFile (in: hFile=0xec, lpBuffer=0xc00005e000*, nNumberOfBytesToWrite=0x3d80, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesWritten=0xc0006ddcec*=0x3d80, lpOverlapped=0x0) returned 1 [0103.140] CloseHandle (hObject=0xec) returned 1 [0103.140] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0103.140] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0103.140] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0103.143] GetFileType (hFile=0xec) returned 0x1 [0103.143] WriteFile (in: hFile=0xec, lpBuffer=0xc0001de580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001de580*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0103.143] CloseHandle (hObject=0xec) returned 1 [0103.143] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.144] VirtualFree (lpAddress=0xc000238000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.145] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.145] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.145] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.146] GetFileType (hFile=0x150) returned 0x1 [0103.146] GetFileType (hFile=0x150) returned 0x1 [0103.146] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0001b3d44 | out: lpFileInformation=0xc0001b3d44) returned 1 [0103.146] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0001b3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b3d28) returned 1 [0103.146] ReadFile (in: hFile=0x150, lpBuffer=0xc00007a000, nNumberOfBytesToRead=0x2d2, lpNumberOfBytesRead=0xc0001b3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesRead=0xc0001b3c04*=0xd2, lpOverlapped=0x0) returned 1 [0103.147] ReadFile (in: hFile=0x150, lpBuffer=0xc00007a0d2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a0d2*, lpNumberOfBytesRead=0xc0001b3c04*=0x0, lpOverlapped=0x0) returned 1 [0103.147] CloseHandle (hObject=0x150) returned 1 [0103.147] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0103.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0103.149] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001b3d04 | out: lpMode=0xc0001b3d04) returned 0 [0103.155] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.160] GetFileType (hFile=0x150) returned 0x1 [0103.161] WriteFile (in: hFile=0x150, lpBuffer=0xc00007c000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0001b3cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesWritten=0xc0001b3cec*=0xe0, lpOverlapped=0x0) returned 1 [0103.162] CloseHandle (hObject=0x150) returned 1 [0103.162] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0103.162] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0103.162] VirtualAlloc (lpAddress=0xc000268000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000268000 [0103.163] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0103.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0103.164] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001b3d64 | out: lpMode=0xc0001b3d64) returned 0 [0103.170] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.174] GetFileType (hFile=0x150) returned 0x1 [0103.174] WriteFile (in: hFile=0x150, lpBuffer=0xc0001df340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001df340*, lpNumberOfBytesWritten=0xc0001b3d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.174] CloseHandle (hObject=0x150) returned 1 [0103.174] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.175] SwitchToThread () returned 1 [0103.184] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.193] SetEvent (hEvent=0x13c) returned 1 [0103.193] GetFileType (hFile=0x144) returned 0x1 [0103.193] GetFileType (hFile=0x144) returned 0x1 [0103.193] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000253d44 | out: lpFileInformation=0xc000253d44) returned 1 [0103.193] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000253d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000253d28) returned 1 [0103.193] ReadFile (in: hFile=0x144, lpBuffer=0xc00020a000, nNumberOfBytesToRead=0x425d, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc00020a000*, lpNumberOfBytesRead=0xc000253c04*=0x405d, lpOverlapped=0x0) returned 1 [0103.198] ReadFile (in: hFile=0x144, lpBuffer=0xc00020e05d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc00020e05d*, lpNumberOfBytesRead=0xc000253c04*=0x0, lpOverlapped=0x0) returned 1 [0103.198] CloseHandle (hObject=0x144) returned 1 [0103.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0103.199] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000253d04 | out: lpMode=0xc000253d04) returned 0 [0103.207] GetFileType (hFile=0x144) returned 0x1 [0103.207] WriteFile (in: hFile=0x144, lpBuffer=0xc000213000*, nNumberOfBytesToWrite=0x4060, lpNumberOfBytesWritten=0xc000253cec, lpOverlapped=0x0 | out: lpBuffer=0xc000213000*, lpNumberOfBytesWritten=0xc000253cec*=0x4060, lpOverlapped=0x0) returned 1 [0103.209] CloseHandle (hObject=0x144) returned 1 [0103.209] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0103.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0103.210] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000253d64 | out: lpMode=0xc000253d64) returned 0 [0103.212] GetFileType (hFile=0x144) returned 0x1 [0103.212] WriteFile (in: hFile=0x144, lpBuffer=0xc00016af20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000253d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016af20*, lpNumberOfBytesWritten=0xc000253d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.212] CloseHandle (hObject=0x144) returned 1 [0103.212] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.213] SwitchToThread () returned 1 [0103.216] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.218] SetEvent (hEvent=0x13c) returned 1 [0103.218] SetEvent (hEvent=0xfc) returned 1 [0103.218] SetEvent (hEvent=0x100) returned 1 [0103.218] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.241] SetEvent (hEvent=0xfc) returned 1 [0103.241] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.340] SetEvent (hEvent=0x15c) returned 1 [0103.340] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0103.340] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000193cf4 | out: lpMode=0xc000193cf4) returned 0 [0103.342] GetFileType (hFile=0x144) returned 0x1 [0103.342] GetFileType (hFile=0x144) returned 0x1 [0103.343] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000193d44 | out: lpFileInformation=0xc000193d44) returned 1 [0103.343] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000193d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000193d28) returned 1 [0103.343] ReadFile (in: hFile=0x144, lpBuffer=0xc00020a000, nNumberOfBytesToRead=0x42d4, lpNumberOfBytesRead=0xc000193c04, lpOverlapped=0x0 | out: lpBuffer=0xc00020a000*, lpNumberOfBytesRead=0xc000193c04*=0x40d4, lpOverlapped=0x0) returned 1 [0103.500] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.528] ReadFile (in: hFile=0x144, lpBuffer=0xc00020e0d4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000193c04, lpOverlapped=0x0 | out: lpBuffer=0xc00020e0d4*, lpNumberOfBytesRead=0xc000193c04*=0x0, lpOverlapped=0x0) returned 1 [0103.528] CloseHandle (hObject=0x144) returned 1 [0103.528] SetEvent (hEvent=0x15c) returned 1 [0103.528] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.530] SetEvent (hEvent=0x188) returned 1 [0103.530] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0103.530] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001b9cf4 | out: lpMode=0xc0001b9cf4) returned 0 [0103.533] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.549] SetEvent (hEvent=0x13c) returned 1 [0103.549] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.551] SetEvent (hEvent=0x188) returned 1 [0103.551] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0103.551] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001adcf4 | out: lpMode=0xc0001adcf4) returned 0 [0103.555] GetFileType (hFile=0x174) returned 0x1 [0103.555] GetFileType (hFile=0x174) returned 0x1 [0103.555] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0001add44 | out: lpFileInformation=0xc0001add44) returned 1 [0103.555] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0001add28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001add28) returned 1 [0103.555] ReadFile (in: hFile=0x174, lpBuffer=0xc00029e000, nNumberOfBytesToRead=0x42db, lpNumberOfBytesRead=0xc0001adc04, lpOverlapped=0x0 | out: lpBuffer=0xc00029e000*, lpNumberOfBytesRead=0xc0001adc04*=0x40db, lpOverlapped=0x0) returned 1 [0103.571] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.596] ReadFile (in: hFile=0x174, lpBuffer=0xc0002a20db, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001adc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a20db*, lpNumberOfBytesRead=0xc0001adc04*=0x0, lpOverlapped=0x0) returned 1 [0103.596] CloseHandle (hObject=0x174) returned 1 [0103.596] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0103.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0103.598] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001add04 | out: lpMode=0xc0001add04) returned 0 [0103.600] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.608] GetFileType (hFile=0x174) returned 0x1 [0103.608] WriteFile (in: hFile=0x174, lpBuffer=0xc000213000*, nNumberOfBytesToWrite=0x40e0, lpNumberOfBytesWritten=0xc0001adcec, lpOverlapped=0x0 | out: lpBuffer=0xc000213000*, lpNumberOfBytesWritten=0xc0001adcec*=0x40e0, lpOverlapped=0x0) returned 1 [0103.610] CloseHandle (hObject=0x174) returned 1 [0103.610] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0103.610] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0103.610] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0103.610] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001add64 | out: lpMode=0xc0001add64) returned 0 [0103.616] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.622] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.630] SetEvent (hEvent=0x114) returned 1 [0103.630] SetEvent (hEvent=0x100) returned 1 [0103.630] SetEvent (hEvent=0x164) returned 1 [0103.630] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.638] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.645] SetEvent (hEvent=0x114) returned 1 [0103.645] SwitchToThread () returned 1 [0103.646] SetEvent (hEvent=0x114) returned 1 [0103.646] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.648] SetEvent (hEvent=0x164) returned 1 [0103.648] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.651] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.658] SetEvent (hEvent=0x114) returned 1 [0103.658] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.660] SetEvent (hEvent=0xfc) returned 1 [0103.660] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.664] SetEvent (hEvent=0x100) returned 1 [0103.664] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.706] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0103.707] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0103.707] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0103.708] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0103.708] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0103.708] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0103.709] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x168 [0103.709] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000161cf4 | out: lpMode=0xc000161cf4) returned 0 [0103.721] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.727] SetEvent (hEvent=0xfc) returned 1 [0103.727] GetFileType (hFile=0x168) returned 0x1 [0103.727] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0103.727] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0103.727] GetFileType (hFile=0x168) returned 0x1 [0103.727] GetFileInformationByHandle (in: hFile=0x168, lpFileInformation=0xc000161d44 | out: lpFileInformation=0xc000161d44) returned 1 [0103.727] GetFileInformationByHandleEx (in: hFile=0x168, FileInformationClass=0x9, lpFileInformation=0xc000161d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000161d28) returned 1 [0103.728] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0103.728] VirtualAlloc (lpAddress=0xc00028e000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028e000 [0103.728] ReadFile (in: hFile=0x168, lpBuffer=0xc00028e000, nNumberOfBytesToRead=0x5793, lpNumberOfBytesRead=0xc000161c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028e000*, lpNumberOfBytesRead=0xc000161c04*=0x5593, lpOverlapped=0x0) returned 1 [0103.737] ReadFile (in: hFile=0x168, lpBuffer=0xc000293593, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000161c04, lpOverlapped=0x0 | out: lpBuffer=0xc000293593*, lpNumberOfBytesRead=0xc000161c04*=0x0, lpOverlapped=0x0) returned 1 [0103.737] CloseHandle (hObject=0x168) returned 1 [0103.737] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0103.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0103.739] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000161d04 | out: lpMode=0xc000161d04) returned 0 [0103.748] GetFileType (hFile=0x168) returned 0x1 [0103.748] WriteFile (in: hFile=0x168, lpBuffer=0xc000294000*, nNumberOfBytesToWrite=0x55a0, lpNumberOfBytesWritten=0xc000161cec, lpOverlapped=0x0 | out: lpBuffer=0xc000294000*, lpNumberOfBytesWritten=0xc000161cec*=0x55a0, lpOverlapped=0x0) returned 1 [0103.750] CloseHandle (hObject=0x168) returned 1 [0103.750] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082b01 | out: pbBuffer=0xc000082b01) returned 1 [0103.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0103.750] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000161d64 | out: lpMode=0xc000161d64) returned 0 [0103.755] GetFileType (hFile=0x168) returned 0x1 [0103.755] WriteFile (in: hFile=0x168, lpBuffer=0xc0001318c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000161d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001318c0*, lpNumberOfBytesWritten=0xc000161d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.756] CloseHandle (hObject=0x168) returned 1 [0103.756] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.757] SwitchToThread () returned 1 [0103.759] SetEvent (hEvent=0x100) returned 1 [0103.759] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.767] SetEvent (hEvent=0x100) returned 1 [0103.767] SetEvent (hEvent=0x108) returned 1 [0103.767] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.782] SetEvent (hEvent=0xfc) returned 1 [0103.782] SetEvent (hEvent=0x100) returned 1 [0103.782] SetEvent (hEvent=0x108) returned 1 [0103.782] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.786] SetEvent (hEvent=0xfc) returned 1 [0103.786] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.794] SetEvent (hEvent=0xfc) returned 1 [0103.794] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.795] SwitchToThread () returned 1 [0103.795] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.803] SetEvent (hEvent=0x108) returned 1 [0103.803] VirtualAlloc (lpAddress=0xc0002b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b0000 [0103.804] VirtualAlloc (lpAddress=0xc0002b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b2000 [0103.804] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0103.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0103.805] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001bbcf4 | out: lpMode=0xc0001bbcf4) returned 0 [0103.816] GetFileType (hFile=0x180) returned 0x1 [0103.816] GetFileType (hFile=0x180) returned 0x1 [0103.816] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc0001bbd44 | out: lpFileInformation=0xc0001bbd44) returned 1 [0103.817] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc0001bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bbd28) returned 1 [0103.817] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0103.818] ReadFile (in: hFile=0x180, lpBuffer=0xc0002b6000, nNumberOfBytesToRead=0x7499, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b6000*, lpNumberOfBytesRead=0xc0001bbc04*=0x7299, lpOverlapped=0x0) returned 1 [0103.834] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.845] SetEvent (hEvent=0x100) returned 1 [0103.845] ReadFile (in: hFile=0x180, lpBuffer=0xc0002bd299, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002bd299*, lpNumberOfBytesRead=0xc0001bbc04*=0x0, lpOverlapped=0x0) returned 1 [0103.845] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.860] CloseHandle (hObject=0x180) returned 1 [0103.860] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0103.860] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0103.861] VirtualAlloc (lpAddress=0xc00031a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031a000 [0103.862] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0103.864] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001bbd04 | out: lpMode=0xc0001bbd04) returned 0 [0103.867] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.871] GetFileType (hFile=0x180) returned 0x1 [0103.871] WriteFile (in: hFile=0x180, lpBuffer=0xc00031a000*, nNumberOfBytesToWrite=0x72a0, lpNumberOfBytesWritten=0xc0001bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00031a000*, lpNumberOfBytesWritten=0xc0001bbcec*=0x72a0, lpOverlapped=0x0) returned 1 [0103.873] CloseHandle (hObject=0x180) returned 1 [0103.873] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0103.873] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0103.874] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0103.874] VirtualAlloc (lpAddress=0xc000268000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000268000 [0103.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0103.875] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001bbd64 | out: lpMode=0xc0001bbd64) returned 0 [0103.878] GetFileType (hFile=0x180) returned 0x1 [0103.878] WriteFile (in: hFile=0x180, lpBuffer=0xc000236580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000236580*, lpNumberOfBytesWritten=0xc0001bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0103.878] CloseHandle (hObject=0x180) returned 1 [0103.878] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\encry-computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\encry-computed_hashes.json"), dwFlags=0x1) returned 1 [0103.879] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0103.880] SetEvent (hEvent=0xf4) returned 1 [0103.880] SetEvent (hEvent=0x13c) returned 1 [0103.880] VirtualFree (lpAddress=0xc000262000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.881] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.881] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.881] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.881] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0103.882] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000185cf4 | out: lpMode=0xc000185cf4) returned 0 [0103.883] GetFileType (hFile=0x128) returned 0x1 [0103.883] GetFileType (hFile=0x128) returned 0x1 [0103.883] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000185d44 | out: lpFileInformation=0xc000185d44) returned 1 [0103.883] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000185d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000185d28) returned 1 [0103.883] VirtualAlloc (lpAddress=0xc000322000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000322000 [0103.885] ReadFile (in: hFile=0x128, lpBuffer=0xc000322000, nNumberOfBytesToRead=0x5424, lpNumberOfBytesRead=0xc000185c04, lpOverlapped=0x0 | out: lpBuffer=0xc000322000*, lpNumberOfBytesRead=0xc000185c04*=0x5224, lpOverlapped=0x0) returned 1 [0103.900] ReadFile (in: hFile=0x128, lpBuffer=0xc000327224, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000185c04, lpOverlapped=0x0 | out: lpBuffer=0xc000327224*, lpNumberOfBytesRead=0xc000185c04*=0x0, lpOverlapped=0x0) returned 1 [0103.900] CloseHandle (hObject=0x128) returned 1 [0103.900] VirtualAlloc (lpAddress=0xc00038c000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00038c000 [0103.902] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0103.903] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000185d04 | out: lpMode=0xc000185d04) returned 0 [0104.043] GetFileType (hFile=0x128) returned 0x1 [0104.043] WriteFile (in: hFile=0x128, lpBuffer=0xc00038c000*, nNumberOfBytesToWrite=0x5230, lpNumberOfBytesWritten=0xc000185cec, lpOverlapped=0x0 | out: lpBuffer=0xc00038c000*, lpNumberOfBytesWritten=0xc000185cec*=0x5230, lpOverlapped=0x0) returned 1 [0104.045] CloseHandle (hObject=0x128) returned 1 [0104.045] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0104.045] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0104.045] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000185d64 | out: lpMode=0xc000185d64) returned 0 [0104.059] GetFileType (hFile=0x128) returned 0x1 [0104.059] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d7340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000185d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7340*, lpNumberOfBytesWritten=0xc000185d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.059] CloseHandle (hObject=0x128) returned 1 [0104.059] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\encry-messages.json"), dwFlags=0x1) returned 1 [0104.060] SwitchToThread () returned 1 [0104.067] SetEvent (hEvent=0x108) returned 1 [0104.067] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.074] SetEvent (hEvent=0x108) returned 1 [0104.074] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.076] SwitchToThread () returned 1 [0104.080] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.097] SetEvent (hEvent=0xf4) returned 1 [0104.097] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.105] SetEvent (hEvent=0x13c) returned 1 [0104.105] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.112] SetEvent (hEvent=0x108) returned 1 [0104.112] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.128] SetEvent (hEvent=0xf4) returned 1 [0104.128] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0104.129] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001e9cf4 | out: lpMode=0xc0001e9cf4) returned 0 [0104.133] GetFileType (hFile=0x180) returned 0x1 [0104.133] GetFileType (hFile=0x180) returned 0x1 [0104.134] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc0001e9d44 | out: lpFileInformation=0xc0001e9d44) returned 1 [0104.134] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc0001e9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001e9d28) returned 1 [0104.134] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0104.134] ReadFile (in: hFile=0x180, lpBuffer=0xc00005c000, nNumberOfBytesToRead=0x1c1d, lpNumberOfBytesRead=0xc0001e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesRead=0xc0001e9c04*=0x1a1d, lpOverlapped=0x0) returned 1 [0104.143] ReadFile (in: hFile=0x180, lpBuffer=0xc00005da1d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005da1d*, lpNumberOfBytesRead=0xc0001e9c04*=0x0, lpOverlapped=0x0) returned 1 [0104.143] CloseHandle (hObject=0x180) returned 1 [0104.143] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0104.143] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0104.144] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0104.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0104.146] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001e9d04 | out: lpMode=0xc0001e9d04) returned 0 [0104.149] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.250] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.250] SetEvent (hEvent=0x108) returned 1 [0104.250] SetEvent (hEvent=0x164) returned 1 [0104.251] SetEvent (hEvent=0xb8) returned 1 [0104.251] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.270] SwitchToThread () returned 1 [0104.281] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.281] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.282] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.282] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0xf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.282] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.282] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.282] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0104.282] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x3b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.282] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x1d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.282] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.282] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.282] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.282] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ff000 [0104.283] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x3a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0104.288] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0104.289] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0104.289] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0104.292] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc00020fd04 | out: lpMode=0xc00020fd04) returned 0 [0104.295] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.302] SetEvent (hEvent=0xb8) returned 1 [0104.302] GetFileType (hFile=0x184) returned 0x1 [0104.302] WriteFile (in: hFile=0x184, lpBuffer=0xc0003fe000*, nNumberOfBytesToWrite=0x3a260, lpNumberOfBytesWritten=0xc00020fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesWritten=0xc00020fcec*=0x3a260, lpOverlapped=0x0) returned 1 [0104.308] CloseHandle (hObject=0x184) returned 1 [0104.308] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0104.308] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0104.308] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0104.309] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0104.309] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0104.309] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0104.310] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0104.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0104.310] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc00020fd64 | out: lpMode=0xc00020fd64) returned 0 [0104.312] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.322] GetFileType (hFile=0x184) returned 0x1 [0104.322] WriteFile (in: hFile=0x184, lpBuffer=0xc0000be580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be580*, lpNumberOfBytesWritten=0xc00020fd4c*=0x158, lpOverlapped=0x0) returned 1 [0104.322] CloseHandle (hObject=0x184) returned 1 [0104.323] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-cast_route_details.js"), dwFlags=0x1) returned 1 [0104.324] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x184 [0104.324] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc00028bcf4 | out: lpMode=0xc00028bcf4) returned 0 [0104.325] GetFileType (hFile=0x184) returned 0x1 [0104.325] GetFileType (hFile=0x184) returned 0x1 [0104.325] GetFileInformationByHandle (in: hFile=0x184, lpFileInformation=0xc00028bd44 | out: lpFileInformation=0xc00028bd44) returned 1 [0104.326] GetFileInformationByHandleEx (in: hFile=0x184, FileInformationClass=0x9, lpFileInformation=0xc00028bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00028bd28) returned 1 [0104.326] VirtualAlloc (lpAddress=0xc00043a000, dwSize=0x8e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00043a000 [0104.338] ReadFile (in: hFile=0x184, lpBuffer=0xc00043a000, nNumberOfBytesToRead=0x8c2bf, lpNumberOfBytesRead=0xc00028bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00043a000*, lpNumberOfBytesRead=0xc00028bc04*=0x8c0bf, lpOverlapped=0x0) returned 1 [0104.373] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.377] ReadFile (in: hFile=0x184, lpBuffer=0xc0004c60bf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00028bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004c60bf*, lpNumberOfBytesRead=0xc00028bc04*=0x0, lpOverlapped=0x0) returned 1 [0104.377] CloseHandle (hObject=0x184) returned 1 [0104.377] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0104.378] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0104.378] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x8e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0104.390] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0104.391] VirtualAlloc (lpAddress=0xc0002f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f0000 [0104.391] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0104.398] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc00028bd04 | out: lpMode=0xc00028bd04) returned 0 [0104.399] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.437] SetEvent (hEvent=0xc0) returned 1 [0104.437] SetEvent (hEvent=0xb8) returned 1 [0104.437] GetFileType (hFile=0x184) returned 0x1 [0104.437] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.443] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0104.444] WriteFile (in: hFile=0x184, lpBuffer=0xc00058e000*, nNumberOfBytesToWrite=0x8c0c0, lpNumberOfBytesWritten=0xc00028bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesWritten=0xc00028bcec*=0x8c0c0, lpOverlapped=0x0) returned 1 [0104.457] CloseHandle (hObject=0x184) returned 1 [0104.457] VirtualAlloc (lpAddress=0xc0002f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f4000 [0104.458] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0104.458] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0104.459] VirtualAlloc (lpAddress=0xc0002f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f8000 [0104.459] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0104.459] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0104.460] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0104.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0104.460] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc00028bd64 | out: lpMode=0xc00028bd64) returned 0 [0104.462] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.483] SetEvent (hEvent=0xc0) returned 1 [0104.483] SetEvent (hEvent=0xf4) returned 1 [0104.483] GetFileType (hFile=0x184) returned 0x1 [0104.483] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.509] SetEvent (hEvent=0x108) returned 1 [0104.509] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.515] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0120*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0120*, lpNumberOfCharsWritten=0xc00018b818*=0x3) returned 1 [0104.517] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0126*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000171818, lpReserved=0x0 | out: lpBuffer=0xc0000a0126*, lpNumberOfCharsWritten=0xc000171818*=0x3) returned 1 [0104.522] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0330*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001bf818, lpReserved=0x0 | out: lpBuffer=0xc0000a0330*, lpNumberOfCharsWritten=0xc0001bf818*=0x3) returned 1 [0104.531] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0336*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0336*, lpNumberOfCharsWritten=0xc00023d818*=0x3) returned 1 [0104.536] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a03b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015f818, lpReserved=0x0 | out: lpBuffer=0xc0000a03b0*, lpNumberOfCharsWritten=0xc00015f818*=0x3) returned 1 [0104.547] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.657] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010110*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000271818, lpReserved=0x0 | out: lpBuffer=0xc000010110*, lpNumberOfCharsWritten=0xc000271818*=0x3) returned 1 [0104.667] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.671] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010116*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000e5818, lpReserved=0x0 | out: lpBuffer=0xc000010116*, lpNumberOfCharsWritten=0xc0000e5818*=0x3) returned 1 [0104.672] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.720] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862c8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000189818, lpReserved=0x0 | out: lpBuffer=0xc0005862c8*, lpNumberOfCharsWritten=0xc000189818*=0x3) returned 1 [0104.720] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.722] SetEvent (hEvent=0xf4) returned 1 [0104.722] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.722] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0120*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001eb818, lpReserved=0x0 | out: lpBuffer=0xc0000a0120*, lpNumberOfCharsWritten=0xc0001eb818*=0x3) returned 1 [0104.724] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0126*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001c7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0126*, lpNumberOfCharsWritten=0xc0001c7818*=0x3) returned 1 [0104.737] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a03b8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004d9818, lpReserved=0x0 | out: lpBuffer=0xc0000a03b8*, lpNumberOfCharsWritten=0xc0004d9818*=0x3) returned 1 [0104.742] SetEvent (hEvent=0xb8) returned 1 [0104.742] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a05f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015d818, lpReserved=0x0 | out: lpBuffer=0xc0000a05f0*, lpNumberOfCharsWritten=0xc00015d818*=0x3) returned 1 [0104.749] SetEvent (hEvent=0xb8) returned 1 [0104.749] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00026f818, lpReserved=0x0 | out: lpBuffer=0xc000102060*, lpNumberOfCharsWritten=0xc00026f818*=0x3) returned 1 [0104.752] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.763] SetEvent (hEvent=0x120) returned 1 [0104.763] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010110*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a3818, lpReserved=0x0 | out: lpBuffer=0xc000010110*, lpNumberOfCharsWritten=0xc0001a3818*=0x3) returned 1 [0104.766] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.767] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.769] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000159818, lpReserved=0x0 | out: lpBuffer=0xc0000101b0*, lpNumberOfCharsWritten=0xc000159818*=0x3) returned 1 [0104.774] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.776] SetEvent (hEvent=0x164) returned 1 [0104.776] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.777] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000273818, lpReserved=0x0 | out: lpBuffer=0xc000102040*, lpNumberOfCharsWritten=0xc000273818*=0x3) returned 1 [0104.778] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102046*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc000102046*, lpNumberOfCharsWritten=0xc000247818*=0x3) returned 1 [0104.786] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102060*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001bd818, lpReserved=0x0 | out: lpBuffer=0xc000102060*, lpNumberOfCharsWritten=0xc0001bd818*=0x4) returned 1 [0104.801] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102068*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00014b818, lpReserved=0x0 | out: lpBuffer=0xc000102068*, lpNumberOfCharsWritten=0xc00014b818*=0x3) returned 1 [0104.806] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.828] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0104.828] SetEvent (hEvent=0xf4) returned 1 [0104.828] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.829] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0120*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000279818, lpReserved=0x0 | out: lpBuffer=0xc0000a0120*, lpNumberOfCharsWritten=0xc000279818*=0x4) returned 1 [0104.830] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0128*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000f3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0128*, lpNumberOfCharsWritten=0xc0000f3818*=0x4) returned 1 [0104.837] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a03b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000035818, lpReserved=0x0 | out: lpBuffer=0xc0000a03b0*, lpNumberOfCharsWritten=0xc000035818*=0x4) returned 1 [0104.846] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.855] SetEvent (hEvent=0xf4) returned 1 [0104.855] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a03b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00017b818, lpReserved=0x0 | out: lpBuffer=0xc0000a03b8*, lpNumberOfCharsWritten=0xc00017b818*=0x4) returned 1 [0104.861] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102060*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001db818, lpReserved=0x0 | out: lpBuffer=0xc000102060*, lpNumberOfCharsWritten=0xc0001db818*=0x4) returned 1 [0104.874] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000177818, lpReserved=0x0 | out: lpBuffer=0xc0001020c0*, lpNumberOfCharsWritten=0xc000177818*=0x4) returned 1 [0104.876] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.886] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020c8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001d9818, lpReserved=0x0 | out: lpBuffer=0xc0001020c8*, lpNumberOfCharsWritten=0xc0001d9818*=0x4) returned 1 [0104.887] SetEvent (hEvent=0x108) returned 1 [0104.887] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102150*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001f5818, lpReserved=0x0 | out: lpBuffer=0xc000102150*, lpNumberOfCharsWritten=0xc0001f5818*=0x4) returned 1 [0104.892] SetEvent (hEvent=0x108) returned 1 [0104.893] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102158*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001f9818, lpReserved=0x0 | out: lpBuffer=0xc000102158*, lpNumberOfCharsWritten=0xc0001f9818*=0x4) returned 1 [0104.894] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.904] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102060*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001f7818, lpReserved=0x0 | out: lpBuffer=0xc000102060*, lpNumberOfCharsWritten=0xc0001f7818*=0x4) returned 1 [0104.907] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.912] SetEvent (hEvent=0xf4) returned 1 [0104.912] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0408*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001f3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0408*, lpNumberOfCharsWritten=0xc0001f3818*=0x4) returned 1 [0104.916] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100f0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001ff818, lpReserved=0x0 | out: lpBuffer=0xc0000100f0*, lpNumberOfCharsWritten=0xc0001ff818*=0x4) returned 1 [0104.923] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100f8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00017d818, lpReserved=0x0 | out: lpBuffer=0xc0000100f8*, lpNumberOfCharsWritten=0xc00017d818*=0x4) returned 1 [0104.927] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.930] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00014d818, lpReserved=0x0 | out: lpBuffer=0xc0000101b0*, lpNumberOfCharsWritten=0xc00014d818*=0x4) returned 1 [0104.931] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.946] SetEvent (hEvent=0xb8) returned 1 [0104.946] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.949] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001fb818, lpReserved=0x0 | out: lpBuffer=0xc0005862c0*, lpNumberOfCharsWritten=0xc0001fb818*=0x4) returned 1 [0104.952] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862c8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000179818, lpReserved=0x0 | out: lpBuffer=0xc0005862c8*, lpNumberOfCharsWritten=0xc000179818*=0x4) returned 1 [0104.955] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0104.956] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0104.956] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000207818, lpReserved=0x0 | out: lpBuffer=0xc0005862e0*, lpNumberOfCharsWritten=0xc000207818*=0x4) returned 1 [0104.958] SetEvent (hEvent=0xf4) returned 1 [0104.958] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862e8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000f7818, lpReserved=0x0 | out: lpBuffer=0xc0005862e8*, lpNumberOfCharsWritten=0xc0000f7818*=0x4) returned 1 [0104.959] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.961] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.962] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862f0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000065818, lpReserved=0x0 | out: lpBuffer=0xc0005862f0*, lpNumberOfCharsWritten=0xc000065818*=0x4) returned 1 [0104.966] SetEvent (hEvent=0x108) returned 1 [0104.966] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862f8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00013f818, lpReserved=0x0 | out: lpBuffer=0xc0005862f8*, lpNumberOfCharsWritten=0xc00013f818*=0x4) returned 1 [0104.970] SetEvent (hEvent=0x108) returned 1 [0104.970] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000155818, lpReserved=0x0 | out: lpBuffer=0xc0000100b0*, lpNumberOfCharsWritten=0xc000155818*=0x4) returned 1 [0104.973] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.974] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100f0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000209818, lpReserved=0x0 | out: lpBuffer=0xc0000100f0*, lpNumberOfCharsWritten=0xc000209818*=0x4) returned 1 [0104.983] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000eb818, lpReserved=0x0 | out: lpBuffer=0xc0005863e0*, lpNumberOfCharsWritten=0xc0000eb818*=0x4) returned 1 [0104.987] SetEvent (hEvent=0x164) returned 1 [0104.987] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586410*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001d5818, lpReserved=0x0 | out: lpBuffer=0xc000586410*, lpNumberOfCharsWritten=0xc0001d5818*=0x4) returned 1 [0104.992] SetEvent (hEvent=0x164) returned 1 [0104.992] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100f8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000201818, lpReserved=0x0 | out: lpBuffer=0xc0000100f8*, lpNumberOfCharsWritten=0xc000201818*=0x4) returned 1 [0104.993] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0104.999] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01c8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000049818, lpReserved=0x0 | out: lpBuffer=0xc0000a01c8*, lpNumberOfCharsWritten=0xc000049818*=0x4) returned 1 [0105.005] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001fd818, lpReserved=0x0 | out: lpBuffer=0xc0000101b8*, lpNumberOfCharsWritten=0xc0001fd818*=0x4) returned 1 [0105.009] SetEvent (hEvent=0x120) returned 1 [0105.009] VirtualAlloc (lpAddress=0xc0003f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f8000 [0105.010] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a03c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00026d818, lpReserved=0x0 | out: lpBuffer=0xc0000a03c0*, lpNumberOfCharsWritten=0xc00026d818*=0x4) returned 1 [0105.011] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.023] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000259818, lpReserved=0x0 | out: lpBuffer=0xc0005863b0*, lpNumberOfCharsWritten=0xc000259818*=0x4) returned 1 [0105.025] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.193] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0105.193] SetEvent (hEvent=0xfc) returned 1 [0105.193] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000c1818, lpReserved=0x0 | out: lpBuffer=0xc0005863b8*, lpNumberOfCharsWritten=0xc0000c1818*=0x4) returned 1 [0105.196] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.198] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.200] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc0000a01c0*, lpNumberOfCharsWritten=0xc0006e1818*=0x4) returned 1 [0105.205] SetEvent (hEvent=0xb8) returned 1 [0105.205] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.221] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0105.222] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0105.222] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0105.223] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0105.223] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0105.223] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0105.224] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000129cf4 | out: lpMode=0xc000129cf4) returned 0 [0105.233] GetFileType (hFile=0x1e4) returned 0x1 [0105.233] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0105.234] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0105.234] GetFileType (hFile=0x1e4) returned 0x1 [0105.234] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc000129d44 | out: lpFileInformation=0xc000129d44) returned 1 [0105.234] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc000129d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000129d28) returned 1 [0105.234] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0105.235] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0105.235] ReadFile (in: hFile=0x1e4, lpBuffer=0xc000224000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc000224000*, lpNumberOfBytesRead=0xc000129c04*=0x0, lpOverlapped=0x0) returned 1 [0105.235] CloseHandle (hObject=0x1e4) returned 1 [0105.235] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0105.236] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0105.236] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0105.236] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager-journal"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0105.237] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000129d04 | out: lpMode=0xc000129d04) returned 0 [0105.245] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.260] SetEvent (hEvent=0xb8) returned 1 [0105.260] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.260] SetEvent (hEvent=0xb8) returned 1 [0105.260] SetEvent (hEvent=0xf4) returned 1 [0105.261] SetEvent (hEvent=0x120) returned 1 [0105.261] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.266] VirtualFree (lpAddress=0xc00037c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.266] VirtualFree (lpAddress=0xc000372000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0105.267] VirtualFree (lpAddress=0xc000294000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0105.267] VirtualFree (lpAddress=0xc000262000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.267] VirtualFree (lpAddress=0xc00025a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0105.268] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.268] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.268] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.269] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0105.269] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.269] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.269] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.270] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.270] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.270] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.270] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.271] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.271] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.271] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.271] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.272] SetEvent (hEvent=0xfc) returned 1 [0105.272] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.280] SetEvent (hEvent=0x120) returned 1 [0105.280] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.280] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.297] SetEvent (hEvent=0x108) returned 1 [0105.297] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.298] SetEvent (hEvent=0xb8) returned 1 [0105.299] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.300] SetEvent (hEvent=0x120) returned 1 [0105.300] SwitchToThread () returned 1 [0105.304] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.305] SetEvent (hEvent=0x108) returned 1 [0105.305] SetEvent (hEvent=0x120) returned 1 [0105.305] SetEvent (hEvent=0xfc) returned 1 [0105.305] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.320] GetFileType (hFile=0x174) returned 0x1 [0105.320] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0105.320] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000275d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000275d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.321] CloseHandle (hObject=0x174) returned 1 [0105.321] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0105.321] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0105.322] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\encry-messages.json"), dwFlags=0x1) returned 1 [0105.323] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.326] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0105.326] SetEvent (hEvent=0xc0) returned 1 [0105.326] SetEvent (hEvent=0x120) returned 1 [0105.326] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0105.328] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.329] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.332] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.334] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.334] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0105.334] SetEvent (hEvent=0xfc) returned 1 [0105.334] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.368] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0105.368] SetEvent (hEvent=0x164) returned 1 [0105.368] SetEvent (hEvent=0xf4) returned 1 [0105.368] SetEvent (hEvent=0xb8) returned 1 [0105.369] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.373] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.373] SetEvent (hEvent=0xb8) returned 1 [0105.373] SetEvent (hEvent=0x114) returned 1 [0105.373] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.377] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.377] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.378] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0105.378] SetEvent (hEvent=0x114) returned 1 [0105.378] SetEvent (hEvent=0xb8) returned 1 [0105.379] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.390] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.391] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.391] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0105.391] SetEvent (hEvent=0xfc) returned 1 [0105.391] SetEvent (hEvent=0x114) returned 1 [0105.392] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.397] SetEvent (hEvent=0x114) returned 1 [0105.397] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.418] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.418] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.419] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0105.419] SetEvent (hEvent=0xf4) returned 1 [0105.419] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.419] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0105.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0105.420] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0002a1cf4 | out: lpMode=0xc0002a1cf4) returned 0 [0105.424] GetFileType (hFile=0x174) returned 0x1 [0105.424] GetFileType (hFile=0x174) returned 0x1 [0105.424] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0002a1d44 | out: lpFileInformation=0xc0002a1d44) returned 1 [0105.424] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0002a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a1d28) returned 1 [0105.424] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0105.425] ReadFile (in: hFile=0x174, lpBuffer=0xc0002fe000, nNumberOfBytesToRead=0x11200, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fe000*, lpNumberOfBytesRead=0xc0002a1c04*=0x11000, lpOverlapped=0x0) returned 1 [0105.438] ReadFile (in: hFile=0x174, lpBuffer=0xc00030f000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030f000*, lpNumberOfBytesRead=0xc0002a1c04*=0x0, lpOverlapped=0x0) returned 1 [0105.438] CloseHandle (hObject=0x174) returned 1 [0105.438] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0105.439] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0105.439] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0105.439] VirtualAlloc (lpAddress=0xc000320000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000320000 [0105.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0105.442] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0002a1d04 | out: lpMode=0xc0002a1d04) returned 0 [0105.628] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.639] GetFileType (hFile=0x174) returned 0x1 [0105.639] WriteFile (in: hFile=0x174, lpBuffer=0xc000320000*, nNumberOfBytesToWrite=0x11010, lpNumberOfBytesWritten=0xc0002a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000320000*, lpNumberOfBytesWritten=0xc0002a1cec*=0x11010, lpOverlapped=0x0) returned 1 [0105.642] CloseHandle (hObject=0x174) returned 1 [0105.642] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0105.642] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0105.642] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0105.643] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0105.643] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0105.644] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0105.644] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0105.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0105.645] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0002a1d64 | out: lpMode=0xc0002a1d64) returned 0 [0105.650] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.655] SetEvent (hEvent=0xc0) returned 1 [0105.655] SetEvent (hEvent=0x108) returned 1 [0105.655] GetFileType (hFile=0x174) returned 0x1 [0105.655] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.669] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0002a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.669] CloseHandle (hObject=0x174) returned 1 [0105.669] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-web data"), dwFlags=0x1) returned 1 [0105.670] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.679] SetEvent (hEvent=0xf4) returned 1 [0105.679] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.680] SetEvent (hEvent=0xf4) returned 1 [0105.680] SetEvent (hEvent=0x108) returned 1 [0105.680] SetEvent (hEvent=0x120) returned 1 [0105.680] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.688] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0105.688] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0105.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b8 [0105.689] GetConsoleMode (in: hConsoleHandle=0x1b8, lpMode=0xc0000c1cf4 | out: lpMode=0xc0000c1cf4) returned 0 [0105.695] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.697] GetFileType (hFile=0x1b8) returned 0x1 [0105.697] GetFileType (hFile=0x1b8) returned 0x1 [0105.697] GetFileInformationByHandle (in: hFile=0x1b8, lpFileInformation=0xc0000c1d44 | out: lpFileInformation=0xc0000c1d44) returned 1 [0105.697] GetFileInformationByHandleEx (in: hFile=0x1b8, FileInformationClass=0x9, lpFileInformation=0xc0000c1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c1d28) returned 1 [0105.697] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0105.698] ReadFile (in: hFile=0x1b8, lpBuffer=0xc0002e2000, nNumberOfBytesToRead=0x8200, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesRead=0xc0000c1c04*=0x8000, lpOverlapped=0x0) returned 1 [0105.705] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.707] SetEvent (hEvent=0xc0) returned 1 [0105.707] SetEvent (hEvent=0xf4) returned 1 [0105.707] ReadFile (in: hFile=0x1b8, lpBuffer=0xc0002ea000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ea000*, lpNumberOfBytesRead=0xc0000c1c04*=0x0, lpOverlapped=0x0) returned 1 [0105.707] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.721] SetEvent (hEvent=0xf4) returned 1 [0105.721] CloseHandle (hObject=0x1b8) returned 1 [0105.721] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.731] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0105.732] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0105.732] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0105.733] VirtualAlloc (lpAddress=0xc0002f4000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f4000 [0105.734] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0105.734] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0105.735] GetConsoleMode (in: hConsoleHandle=0x1b8, lpMode=0xc0000c1d04 | out: lpMode=0xc0000c1d04) returned 0 [0105.736] GetFileType (hFile=0x1b8) returned 0x1 [0105.736] WriteFile (in: hFile=0x1b8, lpBuffer=0xc0002f4000*, nNumberOfBytesToWrite=0x8010, lpNumberOfBytesWritten=0xc0000c1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f4000*, lpNumberOfBytesWritten=0xc0000c1cec*=0x8010, lpOverlapped=0x0) returned 1 [0105.738] CloseHandle (hObject=0x1b8) returned 1 [0105.738] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0105.738] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0105.738] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0105.739] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0105.740] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0105.740] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0105.740] GetConsoleMode (in: hConsoleHandle=0x1b8, lpMode=0xc0000c1d64 | out: lpMode=0xc0000c1d64) returned 0 [0105.741] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.749] GetFileType (hFile=0x1b8) returned 0x1 [0105.749] WriteFile (in: hFile=0x1b8, lpBuffer=0xc0000ce2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce2c0*, lpNumberOfBytesWritten=0xc0000c1d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.750] CloseHandle (hObject=0x1b8) returned 1 [0105.750] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\encry-Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\encry-suggested sites~.feed-ms"), dwFlags=0x1) returned 1 [0105.751] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0105.751] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0105.752] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0105.752] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b8 [0105.752] GetConsoleMode (in: hConsoleHandle=0x1b8, lpMode=0xc0001a9cf4 | out: lpMode=0xc0001a9cf4) returned 0 [0105.766] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.771] GetFileType (hFile=0x1b8) returned 0x1 [0105.771] GetFileType (hFile=0x1b8) returned 0x1 [0105.771] GetFileInformationByHandle (in: hFile=0x1b8, lpFileInformation=0xc0001a9d44 | out: lpFileInformation=0xc0001a9d44) returned 1 [0105.771] GetFileInformationByHandleEx (in: hFile=0x1b8, FileInformationClass=0x9, lpFileInformation=0xc0001a9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a9d28) returned 1 [0105.771] VirtualAlloc (lpAddress=0xc00039a000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00039a000 [0105.775] ReadFile (in: hFile=0x1b8, lpBuffer=0xc00039a000, nNumberOfBytesToRead=0x2afeb, lpNumberOfBytesRead=0xc0001a9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00039a000*, lpNumberOfBytesRead=0xc0001a9c04*=0x2adeb, lpOverlapped=0x0) returned 1 [0105.783] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.784] ReadFile (in: hFile=0x1b8, lpBuffer=0xc0003c4deb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003c4deb*, lpNumberOfBytesRead=0xc0001a9c04*=0x0, lpOverlapped=0x0) returned 1 [0105.784] CloseHandle (hObject=0x1b8) returned 1 [0105.784] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0105.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0105.788] GetConsoleMode (in: hConsoleHandle=0x1b8, lpMode=0xc0001a9d04 | out: lpMode=0xc0001a9d04) returned 0 [0105.802] GetFileType (hFile=0x1b8) returned 0x1 [0105.802] WriteFile (in: hFile=0x1b8, lpBuffer=0xc0002e2000*, nNumberOfBytesToWrite=0x2adf0, lpNumberOfBytesWritten=0xc0001a9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesWritten=0xc0001a9cec*=0x2adf0, lpOverlapped=0x0) returned 1 [0105.806] CloseHandle (hObject=0x1b8) returned 1 [0105.806] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0105.806] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0105.806] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0105.807] GetConsoleMode (in: hConsoleHandle=0x1b8, lpMode=0xc0001a9d64 | out: lpMode=0xc0001a9d64) returned 0 [0105.819] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.824] SetEvent (hEvent=0xf4) returned 1 [0105.824] GetFileType (hFile=0x1b8) returned 0x1 [0105.824] WriteFile (in: hFile=0x1b8, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0001a9d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.824] CloseHandle (hObject=0x1b8) returned 1 [0105.824] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0105.825] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0105.825] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0105.825] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0105.826] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-mirroring_common.js"), dwFlags=0x1) returned 1 [0105.826] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.835] SetEvent (hEvent=0xf4) returned 1 [0105.835] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.836] SetEvent (hEvent=0x108) returned 1 [0105.836] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.839] SwitchToThread () returned 1 [0105.839] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.840] SetEvent (hEvent=0xf4) returned 1 [0105.840] SetEvent (hEvent=0x120) returned 1 [0105.840] VirtualFree (lpAddress=0xc000446000, dwSize=0x48000, dwFreeType=0x4000) returned 1 [0105.842] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.842] VirtualFree (lpAddress=0xc00025a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0105.842] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.842] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.843] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.843] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.843] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.843] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.843] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.844] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0105.844] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.844] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.844] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.845] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.845] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.845] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.845] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x194 [0105.846] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0001afcf4 | out: lpMode=0xc0001afcf4) returned 0 [0105.852] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.856] SetEvent (hEvent=0xf4) returned 1 [0105.856] GetFileType (hFile=0x194) returned 0x1 [0105.856] GetFileType (hFile=0x194) returned 0x1 [0105.856] GetFileInformationByHandle (in: hFile=0x194, lpFileInformation=0xc0001afd44 | out: lpFileInformation=0xc0001afd44) returned 1 [0105.856] GetFileInformationByHandleEx (in: hFile=0x194, FileInformationClass=0x9, lpFileInformation=0xc0001afd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001afd28) returned 1 [0105.856] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0105.857] ReadFile (in: hFile=0x194, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x2c4, lpNumberOfBytesRead=0xc0001afc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc0001afc04*=0xc4, lpOverlapped=0x0) returned 1 [0105.858] ReadFile (in: hFile=0x194, lpBuffer=0xc00003c0c4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001afc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c0c4*, lpNumberOfBytesRead=0xc0001afc04*=0x0, lpOverlapped=0x0) returned 1 [0105.858] CloseHandle (hObject=0x194) returned 1 [0105.858] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0105.858] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0105.859] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0105.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0105.860] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0001afd04 | out: lpMode=0xc0001afd04) returned 0 [0105.864] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.867] GetFileType (hFile=0x194) returned 0x1 [0105.867] WriteFile (in: hFile=0x194, lpBuffer=0xc00005e000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc0001afcec, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesWritten=0xc0001afcec*=0xd0, lpOverlapped=0x0) returned 1 [0105.868] CloseHandle (hObject=0x194) returned 1 [0105.868] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0105.868] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0105.868] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0105.869] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0105.869] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0105.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0105.870] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0001afd64 | out: lpMode=0xc0001afd64) returned 0 [0105.872] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.877] GetFileType (hFile=0x194) returned 0x1 [0105.877] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0105.877] WriteFile (in: hFile=0x194, lpBuffer=0xc000056000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001afd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesWritten=0xc0001afd4c*=0x158, lpOverlapped=0x0) returned 1 [0105.880] CloseHandle (hObject=0x194) returned 1 [0105.880] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0105.880] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0105.881] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\encry-LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\encry-log"), dwFlags=0x1) returned 1 [0105.961] SetEvent (hEvent=0xf4) returned 1 [0105.961] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.962] SetEvent (hEvent=0xf4) returned 1 [0105.962] SetEvent (hEvent=0x120) returned 1 [0105.962] VirtualFree (lpAddress=0xc000394000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0105.962] VirtualFree (lpAddress=0xc000340000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.963] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.963] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.963] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.964] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.964] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.964] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.964] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.965] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0105.966] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000213cf4 | out: lpMode=0xc000213cf4) returned 0 [0105.967] GetFileType (hFile=0x1b4) returned 0x1 [0105.967] GetFileType (hFile=0x1b4) returned 0x1 [0105.967] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000213d44 | out: lpFileInformation=0xc000213d44) returned 1 [0105.967] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000213d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000213d28) returned 1 [0105.967] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0105.968] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000213c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc000213c04*=0x0, lpOverlapped=0x0) returned 1 [0105.968] CloseHandle (hObject=0x1b4) returned 1 [0105.968] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0105.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs-journal"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0105.969] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000213d04 | out: lpMode=0xc000213d04) returned 0 [0105.976] GetFileType (hFile=0x1b4) returned 0x1 [0105.976] WriteFile (in: hFile=0x1b4, lpBuffer=0xc000586530*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000213cec, lpOverlapped=0x0 | out: lpBuffer=0xc000586530*, lpNumberOfBytesWritten=0xc000213cec*=0x10, lpOverlapped=0x0) returned 1 [0105.977] CloseHandle (hObject=0x1b4) returned 1 [0105.978] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0105.978] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0105.978] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs-journal"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0105.979] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000213d64 | out: lpMode=0xc000213d64) returned 0 [0105.984] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0105.988] GetFileType (hFile=0x1b4) returned 0x1 [0105.988] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000213d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000213d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.988] CloseHandle (hObject=0x1b4) returned 1 [0105.988] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0105.989] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0105.989] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Origin Bound Certs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-origin bound certs-journal"), dwFlags=0x1) returned 1 [0106.093] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.094] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.095] SetEvent (hEvent=0xf4) returned 1 [0106.095] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.096] SetEvent (hEvent=0xf4) returned 1 [0106.096] SetEvent (hEvent=0x120) returned 1 [0106.096] SetEvent (hEvent=0x108) returned 1 [0106.096] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.101] GetFileType (hFile=0x1e4) returned 0x1 [0106.101] WriteFile (in: hFile=0x1e4, lpBuffer=0xc000102170*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000129cec, lpOverlapped=0x0 | out: lpBuffer=0xc000102170*, lpNumberOfBytesWritten=0xc000129cec*=0x10, lpOverlapped=0x0) returned 1 [0106.102] CloseHandle (hObject=0x1e4) returned 1 [0106.103] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0106.103] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager-journal"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0106.103] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000129d64 | out: lpMode=0xc000129d64) returned 0 [0106.112] GetFileType (hFile=0x1e4) returned 0x1 [0106.113] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000129d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc000129d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.113] CloseHandle (hObject=0x1e4) returned 1 [0106.113] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0106.113] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0106.114] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-QuotaManager-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-quotamanager-journal"), dwFlags=0x1) returned 1 [0106.115] SwitchToThread () returned 1 [0106.116] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.121] SetEvent (hEvent=0xf4) returned 1 [0106.121] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.122] SetEvent (hEvent=0xf4) returned 1 [0106.122] SetEvent (hEvent=0x164) returned 1 [0106.122] SetEvent (hEvent=0x120) returned 1 [0106.122] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.123] SetEvent (hEvent=0x164) returned 1 [0106.123] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.126] VirtualFree (lpAddress=0xc00021a000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0106.126] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.126] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0106.127] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.127] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.127] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.128] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.128] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.128] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.128] SetEvent (hEvent=0x120) returned 1 [0106.128] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.254] SetEvent (hEvent=0xf4) returned 1 [0106.254] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.314] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.340] SwitchToThread () returned 1 [0106.347] GetFileType (hFile=0x1d8) returned 0x1 [0106.347] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0106.348] GetFileType (hFile=0x1d8) returned 0x1 [0106.348] GetFileInformationByHandle (in: hFile=0x1d8, lpFileInformation=0xc0002d9d44 | out: lpFileInformation=0xc0002d9d44) returned 1 [0106.348] GetFileInformationByHandleEx (in: hFile=0x1d8, FileInformationClass=0x9, lpFileInformation=0xc0002d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d9d28) returned 1 [0106.348] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0106.348] ReadFile (in: hFile=0x1d8, lpBuffer=0xc00013a000, nNumberOfBytesToRead=0x478, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesRead=0xc0002d9c04*=0x278, lpOverlapped=0x0) returned 1 [0106.357] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.358] ReadFile (in: hFile=0x1d8, lpBuffer=0xc00013a278, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013a278*, lpNumberOfBytesRead=0xc0002d9c04*=0x0, lpOverlapped=0x0) returned 1 [0106.358] CloseHandle (hObject=0x1d8) returned 1 [0106.358] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0106.359] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0106.359] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0106.360] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0106.360] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0106.361] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0106.362] GetConsoleMode (in: hConsoleHandle=0x1d8, lpMode=0xc0002d9d04 | out: lpMode=0xc0002d9d04) returned 0 [0106.363] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.375] GetFileType (hFile=0x1d8) returned 0x1 [0106.375] WriteFile (in: hFile=0x1d8, lpBuffer=0xc00016a000*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0xc0002d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesWritten=0xc0002d9cec*=0x280, lpOverlapped=0x0) returned 1 [0106.377] CloseHandle (hObject=0x1d8) returned 1 [0106.377] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0106.377] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0106.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0106.378] GetConsoleMode (in: hConsoleHandle=0x1d8, lpMode=0xc0002d9d64 | out: lpMode=0xc0002d9d64) returned 0 [0106.378] GetFileType (hFile=0x1d8) returned 0x1 [0106.378] WriteFile (in: hFile=0x1d8, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0002d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.378] CloseHandle (hObject=0x1d8) returned 1 [0106.379] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0106.379] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0106.380] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0106.380] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0106.381] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-transportsecurity"), dwFlags=0x1) returned 1 [0106.382] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.382] SetEvent (hEvent=0x108) returned 1 [0106.382] SetEvent (hEvent=0x164) returned 1 [0106.382] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.383] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.383] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.383] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.384] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.384] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.384] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.384] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.385] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x194 [0106.385] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0002dfcf4 | out: lpMode=0xc0002dfcf4) returned 0 [0106.391] GetFileType (hFile=0x194) returned 0x1 [0106.391] GetFileType (hFile=0x194) returned 0x1 [0106.391] GetFileInformationByHandle (in: hFile=0x194, lpFileInformation=0xc0002dfd44 | out: lpFileInformation=0xc0002dfd44) returned 1 [0106.391] GetFileInformationByHandleEx (in: hFile=0x194, FileInformationClass=0x9, lpFileInformation=0xc0002dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002dfd28) returned 1 [0106.391] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0106.393] ReadFile (in: hFile=0x194, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x7200, lpNumberOfBytesRead=0xc0002dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0002dfc04*=0x7000, lpOverlapped=0x0) returned 1 [0106.409] ReadFile (in: hFile=0x194, lpBuffer=0xc000237000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000237000*, lpNumberOfBytesRead=0xc0002dfc04*=0x0, lpOverlapped=0x0) returned 1 [0106.409] CloseHandle (hObject=0x194) returned 1 [0106.409] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0106.410] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0106.410] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0106.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0106.412] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0002dfd04 | out: lpMode=0xc0002dfd04) returned 0 [0106.416] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.421] GetFileType (hFile=0x194) returned 0x1 [0106.421] WriteFile (in: hFile=0x194, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0x7010, lpNumberOfBytesWritten=0xc0002dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc0002dfcec*=0x7010, lpOverlapped=0x0) returned 1 [0106.423] CloseHandle (hObject=0x194) returned 1 [0106.423] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0106.423] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0106.423] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0106.424] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0106.424] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0106.425] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0106.425] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0106.425] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0002dfd64 | out: lpMode=0xc0002dfd64) returned 0 [0106.451] GetFileType (hFile=0x194) returned 0x1 [0106.451] WriteFile (in: hFile=0x194, lpBuffer=0xc0001202c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001202c0*, lpNumberOfBytesWritten=0xc0002dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0106.451] CloseHandle (hObject=0x194) returned 1 [0106.451] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0106.451] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0106.452] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\encry-Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\encry-microsoft at work~.feed-ms"), dwFlags=0x1) returned 1 [0106.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x194 [0106.453] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0001fdcf4 | out: lpMode=0xc0001fdcf4) returned 0 [0106.460] GetFileType (hFile=0x194) returned 0x1 [0106.460] GetFileType (hFile=0x194) returned 0x1 [0106.460] GetFileInformationByHandle (in: hFile=0x194, lpFileInformation=0xc0001fdd44 | out: lpFileInformation=0xc0001fdd44) returned 1 [0106.460] GetFileInformationByHandleEx (in: hFile=0x194, FileInformationClass=0x9, lpFileInformation=0xc0001fdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fdd28) returned 1 [0106.460] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0106.460] ReadFile (in: hFile=0x194, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc0001fdc04*=0x0, lpOverlapped=0x0) returned 1 [0106.460] CloseHandle (hObject=0x194) returned 1 [0106.461] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0106.461] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0001fdd04 | out: lpMode=0xc0001fdd04) returned 0 [0106.466] GetFileType (hFile=0x194) returned 0x1 [0106.466] WriteFile (in: hFile=0x194, lpBuffer=0xc000102360*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0001fdcec, lpOverlapped=0x0 | out: lpBuffer=0xc000102360*, lpNumberOfBytesWritten=0xc0001fdcec*=0x10, lpOverlapped=0x0) returned 1 [0106.468] CloseHandle (hObject=0x194) returned 1 [0106.468] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0106.468] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0106.468] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0001fdd64 | out: lpMode=0xc0001fdd64) returned 0 [0106.477] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.481] GetFileType (hFile=0x194) returned 0x1 [0106.481] WriteFile (in: hFile=0x194, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc0001fdd4c*=0x158, lpOverlapped=0x0) returned 1 [0106.482] CloseHandle (hObject=0x194) returned 1 [0106.482] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\encry-fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\encry-fwlink[1]"), dwFlags=0x1) returned 1 [0106.483] SetEvent (hEvent=0x164) returned 1 [0106.483] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.715] SetEvent (hEvent=0x108) returned 1 [0106.715] SetEvent (hEvent=0x120) returned 1 [0106.716] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.722] SetEvent (hEvent=0x108) returned 1 [0106.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0106.722] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00013fcf4 | out: lpMode=0xc00013fcf4) returned 0 [0106.726] GetFileType (hFile=0x1e4) returned 0x1 [0106.726] GetFileType (hFile=0x1e4) returned 0x1 [0106.726] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc00013fd44 | out: lpFileInformation=0xc00013fd44) returned 1 [0106.727] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc00013fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013fd28) returned 1 [0106.727] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0106.727] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00006e000, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesRead=0xc00013fc04*=0x43, lpOverlapped=0x0) returned 1 [0106.728] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00006e043, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e043*, lpNumberOfBytesRead=0xc00013fc04*=0x0, lpOverlapped=0x0) returned 1 [0106.728] CloseHandle (hObject=0x1e4) returned 1 [0106.728] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0106.728] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0106.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.729] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini\\*", lpFindFileData=0xc00013fa08 | out: lpFindFileData=0xc00013fa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0106.729] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00013f720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0106.729] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0106.730] VirtualFree (lpAddress=0xc00028e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.730] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0106.730] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.730] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.731] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.731] SetEvent (hEvent=0xfc) returned 1 [0106.731] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.739] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0106.739] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001efd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc0001efd4c*=0x158, lpOverlapped=0x0) returned 1 [0106.739] CloseHandle (hObject=0x1bc) returned 1 [0106.739] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0106.740] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0106.740] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0106.740] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-secure preferences"), dwFlags=0x1) returned 1 [0106.741] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0106.741] SetEvent (hEvent=0x114) returned 1 [0106.742] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.747] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.747] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.749] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.749] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.750] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0106.750] SetEvent (hEvent=0xc0) returned 1 [0106.750] SetEvent (hEvent=0x120) returned 1 [0106.750] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.751] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0106.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0106.751] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00015dcf4 | out: lpMode=0xc00015dcf4) returned 0 [0106.752] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.761] SetEvent (hEvent=0x164) returned 1 [0106.761] GetFileType (hFile=0xec) returned 0x1 [0106.761] GetFileType (hFile=0xec) returned 0x1 [0106.761] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00015dd44 | out: lpFileInformation=0xc00015dd44) returned 1 [0106.761] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00015dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015dd28) returned 1 [0106.761] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0106.762] ReadFile (in: hFile=0xec, lpBuffer=0xc0000fc000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc000*, lpNumberOfBytesRead=0xc00015dc04*=0x0, lpOverlapped=0x0) returned 1 [0106.762] CloseHandle (hObject=0xec) returned 1 [0106.762] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db-journal"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0106.762] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00015dd04 | out: lpMode=0xc00015dd04) returned 0 [0106.764] GetFileType (hFile=0xec) returned 0x1 [0106.764] WriteFile (in: hFile=0xec, lpBuffer=0xc000010410*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc00015dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000010410*, lpNumberOfBytesWritten=0xc00015dcec*=0x10, lpOverlapped=0x0) returned 1 [0106.765] CloseHandle (hObject=0xec) returned 1 [0106.786] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.790] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0901 | out: pbBuffer=0xc0000e0901) returned 1 [0106.790] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0106.790] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0106.791] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0106.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db-journal"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0106.791] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00015dd64 | out: lpMode=0xc00015dd64) returned 0 [0106.793] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.796] SetEvent (hEvent=0xfc) returned 1 [0106.796] GetFileType (hFile=0x1b0) returned 0x1 [0106.796] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.803] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000094000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesWritten=0xc00015dd4c*=0x158, lpOverlapped=0x0) returned 1 [0106.803] CloseHandle (hObject=0x1b0) returned 1 [0106.803] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0106.804] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0106.804] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-previews_opt_out.db-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-previews_opt_out.db-journal"), dwFlags=0x1) returned 1 [0106.805] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.812] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.813] SetEvent (hEvent=0x114) returned 1 [0106.813] SwitchToThread () returned 1 [0106.815] SetEvent (hEvent=0xfc) returned 1 [0106.815] SetEvent (hEvent=0x114) returned 1 [0106.815] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.823] SetEvent (hEvent=0x114) returned 1 [0106.823] SetEvent (hEvent=0x164) returned 1 [0106.823] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.832] SetEvent (hEvent=0xfc) returned 1 [0106.832] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.834] SetEvent (hEvent=0x164) returned 1 [0106.834] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.836] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.850] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.856] SetEvent (hEvent=0xfc) returned 1 [0106.856] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.862] SetEvent (hEvent=0xfc) returned 1 [0106.862] SetEvent (hEvent=0x114) returned 1 [0106.862] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.863] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.863] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.863] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.863] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.864] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.864] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.864] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.864] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.864] VirtualFree (lpAddress=0xc000052000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0106.865] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.865] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.865] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0106.866] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0106.866] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0106.866] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0106.867] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004dbcf4 | out: lpMode=0xc0004dbcf4) returned 0 [0106.875] GetFileType (hFile=0x1b0) returned 0x1 [0106.875] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0106.875] GetFileType (hFile=0x1b0) returned 0x1 [0106.875] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0004dbd44 | out: lpFileInformation=0xc0004dbd44) returned 1 [0106.876] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0004dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dbd28) returned 1 [0106.876] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000f0000, nNumberOfBytesToRead=0x20d, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesRead=0xc0004dbc04*=0xd, lpOverlapped=0x0) returned 1 [0106.877] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000f000d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f000d*, lpNumberOfBytesRead=0xc0004dbc04*=0x0, lpOverlapped=0x0) returned 1 [0106.877] CloseHandle (hObject=0x1b0) returned 1 [0106.877] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0106.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0106.878] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004dbd04 | out: lpMode=0xc0004dbd04) returned 0 [0106.889] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0106.989] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.036] SetEvent (hEvent=0x114) returned 1 [0107.036] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.046] SetEvent (hEvent=0x120) returned 1 [0107.046] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.474] SetEvent (hEvent=0xfc) returned 1 [0107.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0107.474] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0001bbcf4 | out: lpMode=0xc0001bbcf4) returned 0 [0107.479] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.480] SetEvent (hEvent=0xc0) returned 1 [0107.480] SetEvent (hEvent=0xfc) returned 1 [0107.480] GetFileType (hFile=0x1d4) returned 0x1 [0107.480] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.482] SetEvent (hEvent=0x114) returned 1 [0107.482] GetFileType (hFile=0x1d4) returned 0x1 [0107.482] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.487] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc0001bbd44 | out: lpFileInformation=0xc0001bbd44) returned 1 [0107.488] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc0001bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bbd28) returned 1 [0107.488] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0107.488] ReadFile (in: hFile=0x1d4, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x637, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc0001bbc04*=0x437, lpOverlapped=0x0) returned 1 [0107.491] ReadFile (in: hFile=0x1d4, lpBuffer=0xc00004c437, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c437*, lpNumberOfBytesRead=0xc0001bbc04*=0x0, lpOverlapped=0x0) returned 1 [0107.492] CloseHandle (hObject=0x1d4) returned 1 [0107.492] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0107.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0107.493] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0001bbd04 | out: lpMode=0xc0001bbd04) returned 0 [0107.496] GetFileType (hFile=0x1d4) returned 0x1 [0107.496] WriteFile (in: hFile=0x1d4, lpBuffer=0xc00016a000*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xc0001bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesWritten=0xc0001bbcec*=0x440, lpOverlapped=0x0) returned 1 [0107.497] CloseHandle (hObject=0x1d4) returned 1 [0107.497] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0107.497] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0107.498] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0107.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0107.498] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0001bbd64 | out: lpMode=0xc0001bbd64) returned 0 [0107.502] GetFileType (hFile=0x1d4) returned 0x1 [0107.502] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0107.502] CloseHandle (hObject=0x1d4) returned 1 [0107.502] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\encry-12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\encry-12_all_video.wpl"), dwFlags=0x1) returned 1 [0107.503] SwitchToThread () returned 1 [0107.700] SetEvent (hEvent=0x114) returned 1 [0107.700] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.707] SetEvent (hEvent=0xf4) returned 1 [0107.707] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.711] SetEvent (hEvent=0xb8) returned 1 [0107.711] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.748] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0107.749] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0107.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0107.749] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000219cf4 | out: lpMode=0xc000219cf4) returned 0 [0107.753] GetFileType (hFile=0x1d4) returned 0x1 [0107.753] GetFileType (hFile=0x1d4) returned 0x1 [0107.753] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc000219d44 | out: lpFileInformation=0xc000219d44) returned 1 [0107.753] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc000219d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000219d28) returned 1 [0107.753] ReadFile (in: hFile=0x1d4, lpBuffer=0xc000078000, nNumberOfBytesToRead=0x51d, lpNumberOfBytesRead=0xc000219c04, lpOverlapped=0x0 | out: lpBuffer=0xc000078000*, lpNumberOfBytesRead=0xc000219c04*=0x31d, lpOverlapped=0x0) returned 1 [0107.757] ReadFile (in: hFile=0x1d4, lpBuffer=0xc00007831d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000219c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007831d*, lpNumberOfBytesRead=0xc000219c04*=0x0, lpOverlapped=0x0) returned 1 [0107.757] CloseHandle (hObject=0x1d4) returned 1 [0107.757] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0107.758] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0107.758] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0107.758] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0107.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0107.767] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000219d04 | out: lpMode=0xc000219d04) returned 0 [0107.769] GetFileType (hFile=0x1e4) returned 0x1 [0107.769] WriteFile (in: hFile=0x1e4, lpBuffer=0xc000060000*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0xc000219cec, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesWritten=0xc000219cec*=0x320, lpOverlapped=0x0) returned 1 [0107.770] CloseHandle (hObject=0x1e4) returned 1 [0107.776] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.784] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0107.784] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0107.784] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0107.784] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0107.785] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000219d64 | out: lpMode=0xc000219d64) returned 0 [0107.790] GetFileType (hFile=0x1e4) returned 0x1 [0107.790] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000219d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000219d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.790] CloseHandle (hObject=0x1e4) returned 1 [0107.793] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\encry-05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\encry-05_pictures_taken_in_the_last_month.wpl"), dwFlags=0x1) returned 1 [0107.881] SetEvent (hEvent=0xb8) returned 1 [0107.881] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.891] SetEvent (hEvent=0x15c) returned 1 [0107.891] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.893] SetEvent (hEvent=0x114) returned 1 [0107.893] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.896] SetEvent (hEvent=0xf4) returned 1 [0107.896] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.899] SetEvent (hEvent=0x15c) returned 1 [0107.899] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.899] SetEvent (hEvent=0x15c) returned 1 [0107.899] SetEvent (hEvent=0xf4) returned 1 [0107.899] SetEvent (hEvent=0xb8) returned 1 [0107.899] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.915] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.916] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.917] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0107.918] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102030*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002d3818, lpReserved=0x0 | out: lpBuffer=0xc000102030*, lpNumberOfCharsWritten=0xc0002d3818*=0x4) returned 1 [0107.919] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0107.919] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102038*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00020d818, lpReserved=0x0 | out: lpBuffer=0xc000102038*, lpNumberOfCharsWritten=0xc00020d818*=0x4) returned 1 [0107.920] SetEvent (hEvent=0x188) returned 1 [0107.920] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102040*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002df818, lpReserved=0x0 | out: lpBuffer=0xc000102040*, lpNumberOfCharsWritten=0xc0002df818*=0x4) returned 1 [0107.920] SetEvent (hEvent=0x188) returned 1 [0107.920] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102048*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001fd818, lpReserved=0x0 | out: lpBuffer=0xc000102048*, lpNumberOfCharsWritten=0xc0001fd818*=0x4) returned 1 [0107.921] SetEvent (hEvent=0x188) returned 1 [0107.921] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102060*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001ab818, lpReserved=0x0 | out: lpBuffer=0xc000102060*, lpNumberOfCharsWritten=0xc0001ab818*=0x4) returned 1 [0107.922] SetEvent (hEvent=0x188) returned 1 [0107.922] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102068*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00022f818, lpReserved=0x0 | out: lpBuffer=0xc000102068*, lpNumberOfCharsWritten=0xc00022f818*=0x4) returned 1 [0107.922] SetEvent (hEvent=0x188) returned 1 [0107.922] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102070*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000115818, lpReserved=0x0 | out: lpBuffer=0xc000102070*, lpNumberOfCharsWritten=0xc000115818*=0x4) returned 1 [0107.923] SetEvent (hEvent=0x188) returned 1 [0107.923] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102078*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0006df818, lpReserved=0x0 | out: lpBuffer=0xc000102078*, lpNumberOfCharsWritten=0xc0006df818*=0x4) returned 1 [0107.924] SetEvent (hEvent=0x188) returned 1 [0107.924] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102080*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002a3818, lpReserved=0x0 | out: lpBuffer=0xc000102080*, lpNumberOfCharsWritten=0xc0002a3818*=0x4) returned 1 [0107.924] SetEvent (hEvent=0x188) returned 1 [0107.925] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0107.925] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102088*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002cd818, lpReserved=0x0 | out: lpBuffer=0xc000102088*, lpNumberOfCharsWritten=0xc0002cd818*=0x4) returned 1 [0107.926] SetEvent (hEvent=0x188) returned 1 [0107.926] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102090*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002cb818, lpReserved=0x0 | out: lpBuffer=0xc000102090*, lpNumberOfCharsWritten=0xc0002cb818*=0x4) returned 1 [0107.927] SetEvent (hEvent=0x188) returned 1 [0107.927] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102098*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001f7818, lpReserved=0x0 | out: lpBuffer=0xc000102098*, lpNumberOfCharsWritten=0xc0001f7818*=0x4) returned 1 [0107.927] SetEvent (hEvent=0x188) returned 1 [0107.927] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000133818, lpReserved=0x0 | out: lpBuffer=0xc0001020b0*, lpNumberOfCharsWritten=0xc000133818*=0x4) returned 1 [0107.928] SetEvent (hEvent=0x188) returned 1 [0107.928] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00029d818, lpReserved=0x0 | out: lpBuffer=0xc0001020b8*, lpNumberOfCharsWritten=0xc00029d818*=0x4) returned 1 [0107.929] SetEvent (hEvent=0x188) returned 1 [0107.929] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0107.929] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000074000*, nNumberOfCharsToWrite=0x6f, lpNumberOfCharsWritten=0xc00013f808, lpReserved=0x0 | out: lpBuffer=0xc000074000*, lpNumberOfCharsWritten=0xc00013f808*=0x6f) returned 1 [0107.930] SetEvent (hEvent=0x188) returned 1 [0107.930] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0107.930] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0107.930] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0107.931] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0107.931] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0107.931] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0107.932] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0108.406] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.411] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00013fd64 | out: lpMode=0xc00013fd64) returned 0 [0108.412] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.431] GetFileType (hFile=0xec) returned 0x1 [0108.431] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.446] SetEvent (hEvent=0xb8) returned 1 [0108.446] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc00013fd4c*=0x158, lpOverlapped=0x0) returned 1 [0108.447] CloseHandle (hObject=0xec) returned 1 [0108.448] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0108.450] SetEvent (hEvent=0x188) returned 1 [0108.450] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.473] SetEvent (hEvent=0x188) returned 1 [0108.473] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.529] SetEvent (hEvent=0xf4) returned 1 [0108.529] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.538] SetEvent (hEvent=0xf4) returned 1 [0108.538] SetEvent (hEvent=0x164) returned 1 [0108.538] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.575] SetEvent (hEvent=0x188) returned 1 [0108.575] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.580] SetEvent (hEvent=0xb8) returned 1 [0108.580] SetEvent (hEvent=0x188) returned 1 [0108.581] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.591] SetEvent (hEvent=0x164) returned 1 [0108.591] SetEvent (hEvent=0x15c) returned 1 [0108.591] SetEvent (hEvent=0xf4) returned 1 [0108.591] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.628] SetEvent (hEvent=0xf4) returned 1 [0108.628] SetEvent (hEvent=0x188) returned 1 [0108.628] SetEvent (hEvent=0xb8) returned 1 [0108.628] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.685] SetEvent (hEvent=0xf4) returned 1 [0108.685] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.698] SetEvent (hEvent=0x188) returned 1 [0108.698] SetEvent (hEvent=0x164) returned 1 [0108.698] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.714] SetEvent (hEvent=0x188) returned 1 [0108.714] VirtualFree (lpAddress=0xc000300000, dwSize=0x22000, dwFreeType=0x4000) returned 1 [0108.716] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.716] VirtualFree (lpAddress=0xc00021a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0108.716] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.717] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.717] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.717] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000238018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d9818, lpReserved=0x0 | out: lpBuffer=0xc000238018*, lpNumberOfCharsWritten=0xc0002d9818*=0x2) returned 1 [0108.722] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.726] SwitchToThread () returned 1 [0108.729] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.731] SetEvent (hEvent=0x164) returned 1 [0108.731] VirtualFree (lpAddress=0xc000368000, dwSize=0x22000, dwFreeType=0x4000) returned 1 [0108.733] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.733] VirtualFree (lpAddress=0xc0002e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.733] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.733] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.734] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.734] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.734] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.734] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.735] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc00024d818*=0x2) returned 1 [0108.742] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0108.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0108.742] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001bdcf4 | out: lpMode=0xc0001bdcf4) returned 0 [0108.758] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.761] GetFileType (hFile=0x1bc) returned 0x1 [0108.761] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0108.761] GetFileType (hFile=0x1bc) returned 0x1 [0108.761] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0001bdd44 | out: lpFileInformation=0xc0001bdd44) returned 1 [0108.761] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0001bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bdd28) returned 1 [0108.761] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0108.762] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0108.762] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000168000, nNumberOfBytesToRead=0x662, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000168000*, lpNumberOfBytesRead=0xc0001bdc04*=0x462, lpOverlapped=0x0) returned 1 [0108.765] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.805] SetEvent (hEvent=0x164) returned 1 [0108.805] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000168462, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000168462*, lpNumberOfBytesRead=0xc0001bdc04*=0x0, lpOverlapped=0x0) returned 1 [0108.805] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.825] CloseHandle (hObject=0x1bc) returned 1 [0108.825] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.833] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0108.834] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0108.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0108.835] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001bdd04 | out: lpMode=0xc0001bdd04) returned 0 [0108.839] GetFileType (hFile=0x128) returned 0x1 [0108.839] WriteFile (in: hFile=0x128, lpBuffer=0xc0001e4000*, nNumberOfBytesToWrite=0x470, lpNumberOfBytesWritten=0xc0001bdcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e4000*, lpNumberOfBytesWritten=0xc0001bdcec*=0x470, lpOverlapped=0x0) returned 1 [0108.841] CloseHandle (hObject=0x128) returned 1 [0108.841] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0108.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0108.841] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001bdd64 | out: lpMode=0xc0001bdd64) returned 0 [0108.843] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.851] GetFileType (hFile=0x128) returned 0x1 [0108.851] WriteFile (in: hFile=0x128, lpBuffer=0xc0000742c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000742c0*, lpNumberOfBytesWritten=0xc0001bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0108.851] CloseHandle (hObject=0x128) returned 1 [0108.851] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\encry-mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\encry-mapisvc.inf"), dwFlags=0x1) returned 1 [0108.852] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.857] SetEvent (hEvent=0x164) returned 1 [0108.857] SetEvent (hEvent=0x15c) returned 1 [0108.857] VirtualFree (lpAddress=0xc0002fc000, dwSize=0x3a000, dwFreeType=0x4000) returned 1 [0108.859] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.860] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.860] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.860] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.860] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.861] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.861] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.861] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.861] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d1818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc0002d1818*=0x2) returned 1 [0108.864] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.871] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0108.872] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001e6000*, nNumberOfCharsToWrite=0x6d, lpNumberOfCharsWritten=0xc00014d808, lpReserved=0x0 | out: lpBuffer=0xc0001e6000*, lpNumberOfCharsWritten=0xc00014d808*=0x6d) returned 1 [0108.875] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0108.876] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0108.876] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0108.876] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0108.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0108.877] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00014dd64 | out: lpMode=0xc00014dd64) returned 0 [0108.878] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.897] GetFileType (hFile=0x1bc) returned 0x1 [0108.897] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0108.898] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0108.898] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc00014dd4c*=0x158, lpOverlapped=0x0) returned 1 [0108.899] CloseHandle (hObject=0x1bc) returned 1 [0108.899] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0108.899] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0108.899] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0108.900] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0108.900] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0108.903] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.906] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.906] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0108.906] SetEvent (hEvent=0xf4) returned 1 [0108.906] SetEvent (hEvent=0x188) returned 1 [0108.906] SetEvent (hEvent=0x1a0) returned 1 [0108.907] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.917] SetEvent (hEvent=0xb8) returned 1 [0108.917] SetEvent (hEvent=0x188) returned 1 [0108.917] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.946] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0108.946] SetEvent (hEvent=0x188) returned 1 [0108.946] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.990] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0108.991] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.991] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0108.991] SetEvent (hEvent=0xc0) returned 1 [0108.992] SetEvent (hEvent=0x15c) returned 1 [0108.992] SetEvent (hEvent=0x164) returned 1 [0108.992] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.999] SetEvent (hEvent=0xf4) returned 1 [0108.999] SetEvent (hEvent=0x108) returned 1 [0108.999] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.008] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.008] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0109.008] SetEvent (hEvent=0x188) returned 1 [0109.008] SetEvent (hEvent=0xb8) returned 1 [0109.008] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.010] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0109.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0109.010] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0109.028] GetFileType (hFile=0x180) returned 0x1 [0109.028] GetFileType (hFile=0x180) returned 0x1 [0109.028] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0109.028] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0109.029] ReadFile (in: hFile=0x180, lpBuffer=0xc00003e2c0, nNumberOfBytesToRead=0x2ae, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003e2c0*, lpNumberOfBytesRead=0xc00024dc04*=0xae, lpOverlapped=0x0) returned 1 [0109.030] ReadFile (in: hFile=0x180, lpBuffer=0xc00003e36e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003e36e*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0109.030] CloseHandle (hObject=0x180) returned 1 [0109.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.030] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\desktop.ini\\*", lpFindFileData=0xc00024da08 | out: lpFindFileData=0xc00024da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.030] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00024d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0109.030] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0109.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0109.278] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000269cf4 | out: lpMode=0xc000269cf4) returned 0 [0109.285] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0109.289] GetFileType (hFile=0x1b0) returned 0x1 [0109.289] GetFileType (hFile=0x1b0) returned 0x1 [0109.289] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000269d44 | out: lpFileInformation=0xc000269d44) returned 1 [0109.289] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000269d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000269d28) returned 1 [0109.289] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000104000, nNumberOfBytesToRead=0x291, lpNumberOfBytesRead=0xc000269c04, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesRead=0xc000269c04*=0x91, lpOverlapped=0x0) returned 1 [0109.290] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000104091, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000269c04, lpOverlapped=0x0 | out: lpBuffer=0xc000104091*, lpNumberOfBytesRead=0xc000269c04*=0x0, lpOverlapped=0x0) returned 1 [0109.290] CloseHandle (hObject=0x1b0) returned 1 [0109.290] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0109.291] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.291] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini\\*", lpFindFileData=0xc000269a08 | out: lpFindFileData=0xc000269a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.291] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0109.292] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000269720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0109.292] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0109.292] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0109.292] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0109.293] SetEvent (hEvent=0x15c) returned 1 [0109.293] SetEvent (hEvent=0xf4) returned 1 [0109.293] VirtualFree (lpAddress=0xc000800000, dwSize=0x1f0000, dwFreeType=0x4000) returned 1 [0109.305] VirtualFree (lpAddress=0xc0007ec000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0109.306] VirtualFree (lpAddress=0xc000346000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0109.307] VirtualFree (lpAddress=0xc00033e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0109.307] VirtualFree (lpAddress=0xc000300000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0109.308] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.308] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.309] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.309] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0109.309] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0109.310] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.310] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.310] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0109.310] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.311] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.311] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.311] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.312] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.312] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.312] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.312] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.313] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.313] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.313] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.314] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.314] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0109.314] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.314] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0109.315] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001adcf4 | out: lpMode=0xc0001adcf4) returned 0 [0109.321] GetFileType (hFile=0x1b0) returned 0x1 [0109.321] GetFileType (hFile=0x1b0) returned 0x1 [0109.321] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0001add44 | out: lpFileInformation=0xc0001add44) returned 1 [0109.321] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0001add28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001add28) returned 1 [0109.322] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000fe000, nNumberOfBytesToRead=0x218, lpNumberOfBytesRead=0xc0001adc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesRead=0xc0001adc04*=0x18, lpOverlapped=0x0) returned 1 [0109.323] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000fe018, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001adc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe018*, lpNumberOfBytesRead=0xc0001adc04*=0x0, lpOverlapped=0x0) returned 1 [0109.323] CloseHandle (hObject=0x1b0) returned 1 [0109.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.323] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db\\*", lpFindFileData=0xc0001ada08 | out: lpFindFileData=0xc0001ada08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.323] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x4c8, dwLanguageId=0x409, lpBuffer=0xc0001ad720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The requested operation cannot be performed on a file with a user-mapped section open.\r\n") returned 0x58 [0109.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0109.324] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000285cf4 | out: lpMode=0xc000285cf4) returned 0 [0109.331] GetFileType (hFile=0x1b0) returned 0x1 [0109.331] GetFileType (hFile=0x1b0) returned 0x1 [0109.331] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000285d44 | out: lpFileInformation=0xc000285d44) returned 1 [0109.331] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000285d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000285d28) returned 1 [0109.331] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000fe480, nNumberOfBytesToRead=0x218, lpNumberOfBytesRead=0xc000285c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe480*, lpNumberOfBytesRead=0xc000285c04*=0x18, lpOverlapped=0x0) returned 1 [0109.332] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000fe498, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000285c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe498*, lpNumberOfBytesRead=0xc000285c04*=0x0, lpOverlapped=0x0) returned 1 [0109.332] CloseHandle (hObject=0x1b0) returned 1 [0109.332] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.332] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db\\*", lpFindFileData=0xc000285a08 | out: lpFindFileData=0xc000285a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.333] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x4c8, dwLanguageId=0x409, lpBuffer=0xc000285720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The requested operation cannot be performed on a file with a user-mapped section open.\r\n") returned 0x58 [0109.333] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b7a8160, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2b7a8160, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0109.333] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0109.333] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0109.333] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0109.334] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0109.334] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0109.336] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0109.336] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0109.336] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c153ac0, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2c153ac0, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0109.337] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.337] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\*", lpFindFileData=0xc0002212a8 | out: lpFindFileData=0xc0002212a8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c153ac0, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2c153ac0, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0109.557] SwitchToThread () returned 1 [0109.704] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0109.728] SetEvent (hEvent=0xc0) returned 1 [0109.728] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c153ac0, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2c153ac0, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0109.728] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0109.740] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0109.740] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0109.740] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0109.741] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0109.741] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0109.743] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b7a8160, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2b7a8160, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0109.743] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.744] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\*", lpFindFileData=0xc0002212a8 | out: lpFindFileData=0xc0002212a8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b7a8160, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2b7a8160, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0109.749] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b7a8160, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2b7a8160, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0109.749] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0109.749] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0109.749] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0109.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0109.750] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c153ac0, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2c153ac0, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0109.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.751] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\*", lpFindFileData=0xc0002212a8 | out: lpFindFileData=0xc0002212a8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c153ac0, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2c153ac0, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0109.753] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0109.758] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c153ac0, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2c153ac0, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0109.758] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0109.758] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0109.758] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0109.758] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0109.759] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0109.760] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e570c75, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0109.761] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe2a9ffc0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0109.761] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0109.761] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0109.762] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.MSO" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.mso"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x2dbf3370, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2dbf3370, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x2dbf3370, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0109.763] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0109.774] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0109.777] SetEvent (hEvent=0x1a0) returned 1 [0109.777] VirtualFree (lpAddress=0xc00025a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.777] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.777] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.777] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.778] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.778] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.778] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.778] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.779] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.779] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.779] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.779] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.780] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.780] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0109.781] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00015dcf4 | out: lpMode=0xc00015dcf4) returned 0 [0109.792] GetFileType (hFile=0x128) returned 0x1 [0109.792] GetFileType (hFile=0x128) returned 0x1 [0109.792] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00015dd44 | out: lpFileInformation=0xc00015dd44) returned 1 [0109.792] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00015dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015dd28) returned 1 [0109.792] ReadFile (in: hFile=0x128, lpBuffer=0xc000074000, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc00015dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000074000*, lpNumberOfBytesRead=0xc00015dc04*=0x43, lpOverlapped=0x0) returned 1 [0109.793] ReadFile (in: hFile=0x128, lpBuffer=0xc000074043, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000074043*, lpNumberOfBytesRead=0xc00015dc04*=0x0, lpOverlapped=0x0) returned 1 [0109.793] CloseHandle (hObject=0x128) returned 1 [0109.793] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0109.794] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.794] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0109.794] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini\\*", lpFindFileData=0xc00015da08 | out: lpFindFileData=0xc00015da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.794] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00015d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0109.794] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0109.795] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000104000*, nNumberOfCharsToWrite=0x90, lpNumberOfCharsWritten=0xc00015d808, lpReserved=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfCharsWritten=0xc00015d808*=0x90) returned 1 [0109.804] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0109.809] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0109.810] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0109.811] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0109.811] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0109.811] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0109.811] VirtualAlloc (lpAddress=0xc0002a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a6000 [0109.812] VirtualAlloc (lpAddress=0xc0002a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a8000 [0109.812] VirtualAlloc (lpAddress=0xc0002aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002aa000 [0109.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0109.813] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00015dd64 | out: lpMode=0xc00015dd64) returned 0 [0109.822] GetFileType (hFile=0x128) returned 0x1 [0109.822] WriteFile (in: hFile=0x128, lpBuffer=0xc00004e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesWritten=0xc00015dd4c*=0x158, lpOverlapped=0x0) returned 1 [0109.822] CloseHandle (hObject=0x128) returned 1 [0109.823] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0109.823] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0109.824] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0109.824] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\X9OHK109\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0109.825] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0109.826] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0109.826] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000199cf4 | out: lpMode=0xc000199cf4) returned 0 [0109.840] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0109.846] GetFileType (hFile=0x128) returned 0x1 [0109.846] GetFileType (hFile=0x128) returned 0x1 [0109.847] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000199d44 | out: lpFileInformation=0xc000199d44) returned 1 [0109.847] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000199d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000199d28) returned 1 [0109.847] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x4a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0109.853] ReadFile (in: hFile=0x128, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x48194, lpNumberOfBytesRead=0xc000199c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc000199c04*=0x47f94, lpOverlapped=0x0) returned 1 [0109.863] ReadFile (in: hFile=0x128, lpBuffer=0xc00038df94, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000199c04, lpOverlapped=0x0 | out: lpBuffer=0xc00038df94*, lpNumberOfBytesRead=0xc000199c04*=0x0, lpOverlapped=0x0) returned 1 [0109.863] CloseHandle (hObject=0x128) returned 1 [0109.863] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x48000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.864] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x48000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.864] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.864] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.864] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.864] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.864] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0109.864] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x46000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0109.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0109.875] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000199d04 | out: lpMode=0xc000199d04) returned 0 [0109.884] GetFileType (hFile=0x128) returned 0x1 [0109.884] WriteFile (in: hFile=0x128, lpBuffer=0xc0003fe000*, nNumberOfBytesToWrite=0x47fa0, lpNumberOfBytesWritten=0xc000199cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesWritten=0xc000199cec*=0x47fa0, lpOverlapped=0x0) returned 1 [0109.891] CloseHandle (hObject=0x128) returned 1 [0109.891] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0109.892] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0109.892] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0109.893] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0109.893] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0109.893] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0109.894] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000199d64 | out: lpMode=0xc000199d64) returned 0 [0109.895] GetFileType (hFile=0x128) returned 0x1 [0109.895] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000199d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc000199d4c*=0x158, lpOverlapped=0x0) returned 1 [0109.895] CloseHandle (hObject=0x128) returned 1 [0109.895] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\encry-2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing\\encry-2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat"), dwFlags=0x1) returned 1 [0109.897] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0109.912] SwitchToThread () returned 1 [0109.913] SetEvent (hEvent=0x108) returned 1 [0109.913] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0109.919] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002d9818, lpReserved=0x0 | out: lpBuffer=0xc000010080*, lpNumberOfCharsWritten=0xc0002d9818*=0x3) returned 1 [0109.921] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010086*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc000010086*, lpNumberOfCharsWritten=0xc000247818*=0x3) returned 1 [0109.931] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0109.933] SetEvent (hEvent=0x108) returned 1 [0109.933] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0109.933] SetEvent (hEvent=0x15c) returned 1 [0109.933] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0109.944] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0109.945] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0109.947] GetFileType (hFile=0xec) returned 0x1 [0109.947] GetFileType (hFile=0xec) returned 0x1 [0109.947] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0109.947] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0109.951] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x3a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0109.956] ReadFile (in: hFile=0xec, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x39f41, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc000247c04*=0x39d41, lpOverlapped=0x0) returned 1 [0109.964] ReadFile (in: hFile=0xec, lpBuffer=0xc00037fd41, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc00037fd41*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0109.964] CloseHandle (hObject=0xec) returned 1 [0109.965] VirtualAlloc (lpAddress=0xc000380000, dwSize=0x3a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000380000 [0109.971] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0109.978] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000247d04 | out: lpMode=0xc000247d04) returned 0 [0109.982] GetFileType (hFile=0x1dc) returned 0x1 [0109.982] WriteFile (in: hFile=0x1dc, lpBuffer=0xc000380000*, nNumberOfBytesToWrite=0x39d50, lpNumberOfBytesWritten=0xc000247cec, lpOverlapped=0x0 | out: lpBuffer=0xc000380000*, lpNumberOfBytesWritten=0xc000247cec*=0x39d50, lpOverlapped=0x0) returned 1 [0109.988] CloseHandle (hObject=0x1dc) returned 1 [0109.989] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0109.989] VirtualAlloc (lpAddress=0xc0002c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c2000 [0109.989] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0109.992] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0109.993] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0109.993] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0109.993] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0110.002] GetFileType (hFile=0x1dc) returned 0x1 [0110.002] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0002e22c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002e22c0*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.003] CloseHandle (hObject=0x1dc) returned 1 [0110.003] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-28-8f3193-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-28-8f3193-f30905ea[1]"), dwFlags=0x1) returned 1 [0110.086] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0110.086] SetEvent (hEvent=0x1a0) returned 1 [0110.086] SetEvent (hEvent=0xb8) returned 1 [0110.086] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0110.088] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.092] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.092] SetEvent (hEvent=0xb8) returned 1 [0110.092] SetEvent (hEvent=0x13c) returned 1 [0110.092] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.093] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.093] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.095] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.095] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0110.095] SetEvent (hEvent=0x13c) returned 1 [0110.095] SetEvent (hEvent=0x1a0) returned 1 [0110.095] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.097] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.097] GetFileType (hFile=0xec) returned 0x1 [0110.097] WriteFile (in: hFile=0xec, lpBuffer=0xc0003ca000*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0xc000195cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003ca000*, lpNumberOfBytesWritten=0xc000195cec*=0x140, lpOverlapped=0x0) returned 1 [0110.098] CloseHandle (hObject=0xec) returned 1 [0110.102] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.116] SetEvent (hEvent=0x13c) returned 1 [0110.116] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.170] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.173] SetEvent (hEvent=0xf4) returned 1 [0110.173] SetEvent (hEvent=0x114) returned 1 [0110.173] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.174] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.174] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.174] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.175] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.175] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.175] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.176] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0110.176] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.176] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000036000*, nNumberOfCharsToWrite=0x148, lpNumberOfCharsWritten=0xc000283808, lpReserved=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfCharsWritten=0xc000283808*=0x148) returned 1 [0110.180] SetEvent (hEvent=0x114) returned 1 [0110.180] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.182] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0110.182] SetEvent (hEvent=0x114) returned 1 [0110.192] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.193] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.195] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.196] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0110.196] SetEvent (hEvent=0x114) returned 1 [0110.196] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.199] SetEvent (hEvent=0xf4) returned 1 [0110.199] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.220] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.222] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.223] SetEvent (hEvent=0x188) returned 1 [0110.223] SetEvent (hEvent=0xfc) returned 1 [0110.223] VirtualFree (lpAddress=0xc0002ac000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.223] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.223] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.224] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.224] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.224] SwitchToThread () returned 1 [0110.225] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.226] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.227] SetEvent (hEvent=0xfc) returned 1 [0110.227] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0110.227] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0110.228] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000143cf4 | out: lpMode=0xc000143cf4) returned 0 [0110.229] GetFileType (hFile=0x1bc) returned 0x1 [0110.229] GetFileType (hFile=0x1bc) returned 0x1 [0110.229] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000143d44 | out: lpFileInformation=0xc000143d44) returned 1 [0110.229] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000143d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000143d28) returned 1 [0110.229] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0110.230] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00007c000, nNumberOfBytesToRead=0x3d0, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesRead=0xc000143c04*=0x1d0, lpOverlapped=0x0) returned 1 [0110.233] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00007c1d0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c1d0*, lpNumberOfBytesRead=0xc000143c04*=0x0, lpOverlapped=0x0) returned 1 [0110.233] CloseHandle (hObject=0x1bc) returned 1 [0110.233] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0110.234] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.249] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000143d04 | out: lpMode=0xc000143d04) returned 0 [0110.253] GetFileType (hFile=0x1bc) returned 0x1 [0110.253] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000036000*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0xc000143cec, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesWritten=0xc000143cec*=0x1e0, lpOverlapped=0x0) returned 1 [0110.255] CloseHandle (hObject=0x1bc) returned 1 [0110.257] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0110.257] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.257] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000143d64 | out: lpMode=0xc000143d64) returned 0 [0110.259] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.260] GetFileType (hFile=0x1bc) returned 0x1 [0110.260] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000143d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000143d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.260] CloseHandle (hObject=0x1bc) returned 1 [0110.264] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BB1CcOi[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bb1ccoi[1].png"), dwFlags=0x1) returned 1 [0110.424] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.425] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.425] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0110.425] SetEvent (hEvent=0xc0) returned 1 [0110.426] SetEvent (hEvent=0xfc) returned 1 [0110.426] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.428] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.428] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.430] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0110.430] SetEvent (hEvent=0x13c) returned 1 [0110.430] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.434] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0110.435] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0110.435] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0110.436] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0110.437] GetFileType (hFile=0x1bc) returned 0x1 [0110.437] GetFileType (hFile=0x1bc) returned 0x1 [0110.437] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0110.437] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0110.437] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0110.438] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000078000, nNumberOfBytesToRead=0x321, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc000078000*, lpNumberOfBytesRead=0xc000175c04*=0x121, lpOverlapped=0x0) returned 1 [0110.452] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000078121, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc000078121*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0110.453] CloseHandle (hObject=0x1bc) returned 1 [0110.453] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0110.453] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0110.454] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.455] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000175d04 | out: lpMode=0xc000175d04) returned 0 [0110.455] GetFileType (hFile=0x1b4) returned 0x1 [0110.455] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0xc000175cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc000175cec*=0x130, lpOverlapped=0x0) returned 1 [0110.457] CloseHandle (hObject=0x1b4) returned 1 [0110.457] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0401 | out: pbBuffer=0xc0000e0401) returned 1 [0110.457] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.457] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0110.458] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0110.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.459] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0110.459] GetFileType (hFile=0x1b4) returned 0x1 [0110.460] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.460] CloseHandle (hObject=0x1b4) returned 1 [0110.460] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BB5kTiV[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bb5ktiv[1].png"), dwFlags=0x1) returned 1 [0110.504] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.504] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0110.504] SetEvent (hEvent=0x108) returned 1 [0110.504] SetEvent (hEvent=0x198) returned 1 [0110.505] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.509] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0110.509] SetEvent (hEvent=0x198) returned 1 [0110.509] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.514] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.530] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.540] SetEvent (hEvent=0xb8) returned 1 [0110.540] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.544] SetEvent (hEvent=0xb8) returned 1 [0110.544] SetEvent (hEvent=0x13c) returned 1 [0110.544] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.544] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.544] VirtualFree (lpAddress=0xc000076000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.545] VirtualFree (lpAddress=0xc000070000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.545] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00014d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc00014d818*=0x2) returned 1 [0110.547] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.554] SetEvent (hEvent=0x108) returned 1 [0110.554] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0110.555] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000275cf4 | out: lpMode=0xc000275cf4) returned 0 [0110.556] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0110.557] GetFileType (hFile=0x1b4) returned 0x1 [0110.557] GetFileType (hFile=0x1b4) returned 0x1 [0110.557] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000275d44 | out: lpFileInformation=0xc000275d44) returned 1 [0110.557] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000275d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000275d28) returned 1 [0110.557] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0110.558] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0x2ab9, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc000275c04*=0x28b9, lpOverlapped=0x0) returned 1 [0110.561] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0001e48b9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e48b9*, lpNumberOfBytesRead=0xc000275c04*=0x0, lpOverlapped=0x0) returned 1 [0110.561] CloseHandle (hObject=0x1b4) returned 1 [0110.561] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0110.561] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0110.562] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.567] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000275d04 | out: lpMode=0xc000275d04) returned 0 [0110.567] GetFileType (hFile=0x1b4) returned 0x1 [0110.567] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x28c0, lpNumberOfBytesWritten=0xc000275cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc000275cec*=0x28c0, lpOverlapped=0x0) returned 1 [0110.569] CloseHandle (hObject=0x1b4) returned 1 [0110.569] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0110.570] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0110.570] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.570] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000275d64 | out: lpMode=0xc000275d64) returned 0 [0110.571] GetFileType (hFile=0x1b4) returned 0x1 [0110.571] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000275d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000275d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.571] CloseHandle (hObject=0x1b4) returned 1 [0110.571] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBNiEo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbnieo[1].jpg"), dwFlags=0x1) returned 1 [0110.615] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0110.615] SetEvent (hEvent=0xfc) returned 1 [0110.615] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.617] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.620] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0110.620] SetEvent (hEvent=0x108) returned 1 [0110.620] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.624] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.624] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.644] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.652] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.660] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.669] SetEvent (hEvent=0xfc) returned 1 [0110.670] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.672] SetEvent (hEvent=0xfc) returned 1 [0110.672] SetEvent (hEvent=0x13c) returned 1 [0110.672] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.672] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.673] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.673] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.673] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.673] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.674] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc000247818*=0x2) returned 1 [0110.676] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.684] SetEvent (hEvent=0x108) returned 1 [0110.684] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0110.686] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0000bbcf4 | out: lpMode=0xc0000bbcf4) returned 0 [0110.686] GetFileType (hFile=0x1bc) returned 0x1 [0110.686] GetFileType (hFile=0x1bc) returned 0x1 [0110.686] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0000bbd44 | out: lpFileInformation=0xc0000bbd44) returned 1 [0110.686] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0000bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bbd28) returned 1 [0110.687] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0110.687] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0xb24, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc0000bbc04*=0x924, lpOverlapped=0x0) returned 1 [0110.692] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00003c924, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c924*, lpNumberOfBytesRead=0xc0000bbc04*=0x0, lpOverlapped=0x0) returned 1 [0110.692] CloseHandle (hObject=0x1bc) returned 1 [0110.692] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0110.692] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.695] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0000bbd04 | out: lpMode=0xc0000bbd04) returned 0 [0110.695] GetFileType (hFile=0x1bc) returned 0x1 [0110.695] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000036000*, nNumberOfBytesToWrite=0x930, lpNumberOfBytesWritten=0xc0000bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesWritten=0xc0000bbcec*=0x930, lpOverlapped=0x0) returned 1 [0110.697] CloseHandle (hObject=0x1bc) returned 1 [0110.697] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0201 | out: pbBuffer=0xc0000e0201) returned 1 [0110.697] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0110.698] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.698] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0000bbd64 | out: lpMode=0xc0000bbd64) returned 0 [0110.699] GetFileType (hFile=0x1bc) returned 0x1 [0110.699] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.699] CloseHandle (hObject=0x1bc) returned 1 [0110.700] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBQxzx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbqxzx[1].jpg"), dwFlags=0x1) returned 1 [0110.733] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0110.733] SetEvent (hEvent=0x108) returned 1 [0110.734] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.736] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.736] SetEvent (hEvent=0x1a0) returned 1 [0110.736] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.741] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.741] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0110.741] SetEvent (hEvent=0x1a0) returned 1 [0110.741] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.746] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.746] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.762] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.769] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.775] SetEvent (hEvent=0xfc) returned 1 [0110.775] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.775] SetEvent (hEvent=0xfc) returned 1 [0110.775] SetEvent (hEvent=0x13c) returned 1 [0110.775] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.776] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.776] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.776] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.777] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.777] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.777] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.777] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.778] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.778] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.778] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d7818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0002d7818*=0x2) returned 1 [0110.780] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.785] SetEvent (hEvent=0x108) returned 1 [0110.785] SetEvent (hEvent=0x13c) returned 1 [0110.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0110.786] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0001a7cf4 | out: lpMode=0xc0001a7cf4) returned 0 [0110.787] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0110.787] GetFileType (hFile=0x1b4) returned 0x1 [0110.787] GetFileType (hFile=0x1b4) returned 0x1 [0110.787] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc0001a7d44 | out: lpFileInformation=0xc0001a7d44) returned 1 [0110.788] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc0001a7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a7d28) returned 1 [0110.788] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000a2a80, nNumberOfBytesToRead=0x9d8, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2a80*, lpNumberOfBytesRead=0xc0001a7c04*=0x7d8, lpOverlapped=0x0) returned 1 [0110.790] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000a3258, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a3258*, lpNumberOfBytesRead=0xc0001a7c04*=0x0, lpOverlapped=0x0) returned 1 [0110.790] CloseHandle (hObject=0x1b4) returned 1 [0110.790] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0110.791] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0110.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.794] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0001a7d04 | out: lpMode=0xc0001a7d04) returned 0 [0110.794] GetFileType (hFile=0x1b4) returned 0x1 [0110.795] WriteFile (in: hFile=0x1b4, lpBuffer=0xc000076000*, nNumberOfBytesToWrite=0x7e0, lpNumberOfBytesWritten=0xc0001a7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000076000*, lpNumberOfBytesWritten=0xc0001a7cec*=0x7e0, lpOverlapped=0x0) returned 1 [0110.796] CloseHandle (hObject=0x1b4) returned 1 [0110.796] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0110.796] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0110.797] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.797] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0001a7d64 | out: lpMode=0xc0001a7d64) returned 0 [0110.797] GetFileType (hFile=0x1b4) returned 0x1 [0110.797] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001a7d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.798] CloseHandle (hObject=0x1b4) returned 1 [0110.798] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBVxM8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbvxm8[1].jpg"), dwFlags=0x1) returned 1 [0110.830] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0110.830] SetEvent (hEvent=0x108) returned 1 [0110.831] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.833] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.835] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0110.836] SetEvent (hEvent=0x1a0) returned 1 [0110.836] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.838] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.873] SetEvent (hEvent=0xfc) returned 1 [0110.873] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0110.874] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.874] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.875] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.875] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.875] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.875] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.876] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.876] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.876] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000bb818, lpReserved=0x0 | out: lpBuffer=0xc000060018*, lpNumberOfCharsWritten=0xc0000bb818*=0x2) returned 1 [0110.880] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.881] SetEvent (hEvent=0xfc) returned 1 [0110.881] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0110.881] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0110.882] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001b7cf4 | out: lpMode=0xc0001b7cf4) returned 0 [0110.883] GetFileType (hFile=0x1bc) returned 0x1 [0110.883] GetFileType (hFile=0x1bc) returned 0x1 [0110.883] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0001b7d44 | out: lpFileInformation=0xc0001b7d44) returned 1 [0110.883] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0001b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b7d28) returned 1 [0110.883] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0110.883] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000074000, nNumberOfBytesToRead=0x938, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000074000*, lpNumberOfBytesRead=0xc0001b7c04*=0x738, lpOverlapped=0x0) returned 1 [0110.899] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000074738, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000074738*, lpNumberOfBytesRead=0xc0001b7c04*=0x0, lpOverlapped=0x0) returned 1 [0110.899] CloseHandle (hObject=0x1bc) returned 1 [0110.899] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0110.899] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0110.900] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0110.900] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.900] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.911] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001b7d04 | out: lpMode=0xc0001b7d04) returned 0 [0110.914] GetFileType (hFile=0x1bc) returned 0x1 [0110.914] WriteFile (in: hFile=0x1bc, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x740, lpNumberOfBytesWritten=0xc0001b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc0001b7cec*=0x740, lpOverlapped=0x0) returned 1 [0110.916] CloseHandle (hObject=0x1bc) returned 1 [0110.922] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001001 | out: pbBuffer=0xc000001001) returned 1 [0110.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.922] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001b7d64 | out: lpMode=0xc0001b7d64) returned 0 [0110.922] GetFileType (hFile=0x1bc) returned 0x1 [0110.923] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0001b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.923] CloseHandle (hObject=0x1bc) returned 1 [0110.924] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBC095c[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbc095c[1].jpg"), dwFlags=0x1) returned 1 [0110.943] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.943] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0110.944] SetEvent (hEvent=0xfc) returned 1 [0110.944] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0110.945] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.945] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.949] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0110.949] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.951] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0110.951] SetEvent (hEvent=0xfc) returned 1 [0110.951] SetEvent (hEvent=0x13c) returned 1 [0110.951] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.960] VirtualFree (lpAddress=0xc00004e000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0110.960] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0110.961] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0110.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0110.962] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00026fcf4 | out: lpMode=0xc00026fcf4) returned 0 [0110.969] GetFileType (hFile=0x1dc) returned 0x1 [0110.969] GetFileType (hFile=0x1dc) returned 0x1 [0110.969] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc00026fd44 | out: lpFileInformation=0xc00026fd44) returned 1 [0110.970] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc00026fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026fd28) returned 1 [0110.970] VirtualAlloc (lpAddress=0xc0002ba000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ba000 [0110.971] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0002ba000, nNumberOfBytesToRead=0x340d, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ba000*, lpNumberOfBytesRead=0xc00026fc04*=0x320d, lpOverlapped=0x0) returned 1 [0110.979] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0002bd20d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002bd20d*, lpNumberOfBytesRead=0xc00026fc04*=0x0, lpOverlapped=0x0) returned 1 [0110.979] CloseHandle (hObject=0x1dc) returned 1 [0110.979] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0110.979] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0110.980] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0110.980] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.004] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00026fd04 | out: lpMode=0xc00026fd04) returned 0 [0111.005] GetFileType (hFile=0x1dc) returned 0x1 [0111.005] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0002bd500*, nNumberOfBytesToWrite=0x3210, lpNumberOfBytesWritten=0xc00026fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002bd500*, lpNumberOfBytesWritten=0xc00026fcec*=0x3210, lpOverlapped=0x0) returned 1 [0111.007] CloseHandle (hObject=0x1dc) returned 1 [0111.008] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001601 | out: pbBuffer=0xc000001601) returned 1 [0111.008] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0111.008] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.009] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00026fd64 | out: lpMode=0xc00026fd64) returned 0 [0111.010] GetFileType (hFile=0x1dc) returned 0x1 [0111.010] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0111.011] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d71e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d71e0*, lpNumberOfBytesWritten=0xc00026fd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.011] CloseHandle (hObject=0x1dc) returned 1 [0111.013] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbc0tci[1].jpg"), dwFlags=0x1) returned 1 [0111.077] SwitchToThread () returned 1 [0111.078] SetEvent (hEvent=0xb8) returned 1 [0111.078] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.081] SetEvent (hEvent=0xb8) returned 1 [0111.081] SetEvent (hEvent=0x13c) returned 1 [0111.081] SetEvent (hEvent=0xfc) returned 1 [0111.081] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.088] SetEvent (hEvent=0x164) returned 1 [0111.088] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.167] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.172] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.183] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.188] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.214] SetEvent (hEvent=0x164) returned 1 [0111.214] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.216] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0111.217] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00013fcf4 | out: lpMode=0xc00013fcf4) returned 0 [0111.218] GetFileType (hFile=0x1dc) returned 0x1 [0111.218] GetFileType (hFile=0x1dc) returned 0x1 [0111.218] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc00013fd44 | out: lpFileInformation=0xc00013fd44) returned 1 [0111.218] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc00013fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013fd28) returned 1 [0111.218] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0111.219] ReadFile (in: hFile=0x1dc, lpBuffer=0xc000056000, nNumberOfBytesToRead=0x89a, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesRead=0xc00013fc04*=0x69a, lpOverlapped=0x0) returned 1 [0111.224] ReadFile (in: hFile=0x1dc, lpBuffer=0xc00005669a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005669a*, lpNumberOfBytesRead=0xc00013fc04*=0x0, lpOverlapped=0x0) returned 1 [0111.224] CloseHandle (hObject=0x1dc) returned 1 [0111.224] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0111.225] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0111.225] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.227] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00013fd04 | out: lpMode=0xc00013fd04) returned 0 [0111.228] GetFileType (hFile=0x1dc) returned 0x1 [0111.228] WriteFile (in: hFile=0x1dc, lpBuffer=0xc00016a000*, nNumberOfBytesToWrite=0x6a0, lpNumberOfBytesWritten=0xc00013fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesWritten=0xc00013fcec*=0x6a0, lpOverlapped=0x0) returned 1 [0111.229] CloseHandle (hObject=0x1dc) returned 1 [0111.229] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082501 | out: pbBuffer=0xc000082501) returned 1 [0111.230] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0111.230] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.230] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00013fd64 | out: lpMode=0xc00013fd64) returned 0 [0111.231] GetFileType (hFile=0x1dc) returned 0x1 [0111.231] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00013fd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.231] CloseHandle (hObject=0x1dc) returned 1 [0111.232] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEdqEy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbedqey[1].jpg"), dwFlags=0x1) returned 1 [0111.271] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.271] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0111.271] SetEvent (hEvent=0x164) returned 1 [0111.271] SetEvent (hEvent=0x1a0) returned 1 [0111.271] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0111.273] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.277] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0111.277] SetEvent (hEvent=0x1a0) returned 1 [0111.277] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.283] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.299] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.308] SetEvent (hEvent=0xb8) returned 1 [0111.308] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.311] SetEvent (hEvent=0xb8) returned 1 [0111.311] SetEvent (hEvent=0xfc) returned 1 [0111.311] VirtualFree (lpAddress=0xc00007a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.312] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.312] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000215818, lpReserved=0x0 | out: lpBuffer=0xc000060010*, lpNumberOfCharsWritten=0xc000215818*=0x2) returned 1 [0111.314] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.321] SetEvent (hEvent=0x164) returned 1 [0111.321] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.323] SetEvent (hEvent=0x164) returned 1 [0111.323] SwitchToThread () returned 1 [0111.323] SetEvent (hEvent=0xfc) returned 1 [0111.323] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0111.324] SetEvent (hEvent=0x164) returned 1 [0111.324] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0111.324] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000215cf4 | out: lpMode=0xc000215cf4) returned 0 [0111.325] GetFileType (hFile=0x1bc) returned 0x1 [0111.325] GetFileType (hFile=0x1bc) returned 0x1 [0111.325] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000215d44 | out: lpFileInformation=0xc000215d44) returned 1 [0111.325] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000215d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000215d28) returned 1 [0111.325] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0111.327] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x210e, lpNumberOfBytesRead=0xc000215c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc000215c04*=0x1f0e, lpOverlapped=0x0) returned 1 [0111.330] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00025bf0e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000215c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025bf0e*, lpNumberOfBytesRead=0xc000215c04*=0x0, lpOverlapped=0x0) returned 1 [0111.330] CloseHandle (hObject=0x1bc) returned 1 [0111.330] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0111.331] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0111.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0111.333] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000215d04 | out: lpMode=0xc000215d04) returned 0 [0111.334] GetFileType (hFile=0x1bc) returned 0x1 [0111.334] WriteFile (in: hFile=0x1bc, lpBuffer=0xc00004c000*, nNumberOfBytesToWrite=0x1f10, lpNumberOfBytesWritten=0xc000215cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesWritten=0xc000215cec*=0x1f10, lpOverlapped=0x0) returned 1 [0111.335] CloseHandle (hObject=0x1bc) returned 1 [0111.336] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0111.336] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0111.336] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0111.337] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.337] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000215d64 | out: lpMode=0xc000215d64) returned 0 [0111.338] GetFileType (hFile=0x1dc) returned 0x1 [0111.338] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000215d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000215d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.338] CloseHandle (hObject=0x1dc) returned 1 [0111.341] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0111.342] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0111.342] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0111.342] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0111.343] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEg9QV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbeg9qv[1].jpg"), dwFlags=0x1) returned 1 [0111.375] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.375] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0111.375] SetEvent (hEvent=0x164) returned 1 [0111.375] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0111.376] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.377] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.378] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0111.378] SetEvent (hEvent=0x1a0) returned 1 [0111.378] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.389] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.410] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.418] SetEvent (hEvent=0xb8) returned 1 [0111.418] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.424] SetEvent (hEvent=0xb8) returned 1 [0111.424] SetEvent (hEvent=0xfc) returned 1 [0111.424] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.425] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586038*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00013f818, lpReserved=0x0 | out: lpBuffer=0xc000586038*, lpNumberOfCharsWritten=0xc00013f818*=0x2) returned 1 [0111.426] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.433] SetEvent (hEvent=0xfc) returned 1 [0111.433] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0111.434] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0111.435] GetFileType (hFile=0x1dc) returned 0x1 [0111.435] GetFileType (hFile=0x1dc) returned 0x1 [0111.435] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0111.435] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0111.435] ReadFile (in: hFile=0x1dc, lpBuffer=0xc00050d980, nNumberOfBytesToRead=0x191b, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesRead=0xc000247c04*=0x171b, lpOverlapped=0x0) returned 1 [0111.437] ReadFile (in: hFile=0x1dc, lpBuffer=0xc00050f09b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc00050f09b*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0111.437] CloseHandle (hObject=0x1dc) returned 1 [0111.437] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0111.438] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.442] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000247d04 | out: lpMode=0xc000247d04) returned 0 [0111.443] GetFileType (hFile=0x1dc) returned 0x1 [0111.443] WriteFile (in: hFile=0x1dc, lpBuffer=0xc00006a000*, nNumberOfBytesToWrite=0x1720, lpNumberOfBytesWritten=0xc000247cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesWritten=0xc000247cec*=0x1720, lpOverlapped=0x0) returned 1 [0111.465] CloseHandle (hObject=0x1dc) returned 1 [0111.466] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0111.466] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0111.466] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0111.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.467] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0111.467] GetFileType (hFile=0x1dc) returned 0x1 [0111.467] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.468] CloseHandle (hObject=0x1dc) returned 1 [0111.468] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEgtcS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbegtcs[1].jpg"), dwFlags=0x1) returned 1 [0111.502] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.503] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0111.503] SetEvent (hEvent=0xc0) returned 1 [0111.503] SetEvent (hEvent=0x164) returned 1 [0111.503] SetEvent (hEvent=0x1a0) returned 1 [0111.504] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.505] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.505] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0111.505] SetEvent (hEvent=0x1a0) returned 1 [0111.505] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.510] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.527] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.538] SetEvent (hEvent=0xb8) returned 1 [0111.538] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.541] SetEvent (hEvent=0xb8) returned 1 [0111.541] SetEvent (hEvent=0xfc) returned 1 [0111.541] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0111.542] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.542] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.542] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.543] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001b7818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc0001b7818*=0x2) returned 1 [0111.544] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.550] SetEvent (hEvent=0x164) returned 1 [0111.550] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0111.553] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001cdcf4 | out: lpMode=0xc0001cdcf4) returned 0 [0111.553] GetFileType (hFile=0x1e4) returned 0x1 [0111.553] GetFileType (hFile=0x1e4) returned 0x1 [0111.553] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc0001cdd44 | out: lpFileInformation=0xc0001cdd44) returned 1 [0111.554] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc0001cdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cdd28) returned 1 [0111.554] ReadFile (in: hFile=0x1e4, lpBuffer=0xc000050000, nNumberOfBytesToRead=0x5b9, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesRead=0xc0001cdc04*=0x3b9, lpOverlapped=0x0) returned 1 [0111.557] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0000503b9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000503b9*, lpNumberOfBytesRead=0xc0001cdc04*=0x0, lpOverlapped=0x0) returned 1 [0111.557] CloseHandle (hObject=0x1e4) returned 1 [0111.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.559] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001cdd04 | out: lpMode=0xc0001cdd04) returned 0 [0111.559] GetFileType (hFile=0x1e4) returned 0x1 [0111.559] WriteFile (in: hFile=0x1e4, lpBuffer=0xc000054000*, nNumberOfBytesToWrite=0x3c0, lpNumberOfBytesWritten=0xc0001cdcec, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesWritten=0xc0001cdcec*=0x3c0, lpOverlapped=0x0) returned 1 [0111.561] CloseHandle (hObject=0x1e4) returned 1 [0111.561] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082501 | out: pbBuffer=0xc000082501) returned 1 [0111.562] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0111.562] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.562] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001cdd64 | out: lpMode=0xc0001cdd64) returned 0 [0111.563] GetFileType (hFile=0x1dc) returned 0x1 [0111.563] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001cdd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.563] CloseHandle (hObject=0x1dc) returned 1 [0111.564] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0111.565] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0111.565] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0111.565] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBiyCq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbiycq[1].png"), dwFlags=0x1) returned 1 [0111.590] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0111.590] SetEvent (hEvent=0xb8) returned 1 [0111.590] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.592] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.592] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0111.592] SetEvent (hEvent=0xb8) returned 1 [0111.592] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.600] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.600] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0111.600] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001a5cf4 | out: lpMode=0xc0001a5cf4) returned 0 [0111.603] GetFileType (hFile=0x1dc) returned 0x1 [0111.603] GetFileType (hFile=0x1dc) returned 0x1 [0111.603] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc0001a5d44 | out: lpFileInformation=0xc0001a5d44) returned 1 [0111.603] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc0001a5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a5d28) returned 1 [0111.603] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0111.604] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x3ab7, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc0001a5c04*=0x38b7, lpOverlapped=0x0) returned 1 [0111.607] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0000a58b7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a58b7*, lpNumberOfBytesRead=0xc0001a5c04*=0x0, lpOverlapped=0x0) returned 1 [0111.607] CloseHandle (hObject=0x1dc) returned 1 [0111.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.609] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001a5d04 | out: lpMode=0xc0001a5d04) returned 0 [0111.649] GetFileType (hFile=0x180) returned 0x1 [0111.649] WriteFile (in: hFile=0x180, lpBuffer=0xc0000e4000*, nNumberOfBytesToWrite=0x38c0, lpNumberOfBytesWritten=0xc0001a5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesWritten=0xc0001a5cec*=0x38c0, lpOverlapped=0x0) returned 1 [0111.650] CloseHandle (hObject=0x180) returned 1 [0111.652] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532501 | out: pbBuffer=0xc000532501) returned 1 [0111.652] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0111.652] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0111.653] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0111.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.653] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001a5d64 | out: lpMode=0xc0001a5d64) returned 0 [0111.655] GetFileType (hFile=0x180) returned 0x1 [0111.655] WriteFile (in: hFile=0x180, lpBuffer=0xc0000ea2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea2c0*, lpNumberOfBytesWritten=0xc0001a5d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.655] CloseHandle (hObject=0x180) returned 1 [0111.656] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0111.656] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBwGan9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbwgan9[1].jpg"), dwFlags=0x1) returned 1 [0111.700] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.700] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0111.700] SetEvent (hEvent=0x164) returned 1 [0111.700] SetEvent (hEvent=0xfc) returned 1 [0111.701] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.705] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0111.706] SetEvent (hEvent=0xfc) returned 1 [0111.706] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.710] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.730] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.742] SetEvent (hEvent=0x1a0) returned 1 [0111.742] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.745] SetEvent (hEvent=0x1a0) returned 1 [0111.745] SetEvent (hEvent=0xb8) returned 1 [0111.745] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.746] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.746] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.746] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.747] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.747] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.747] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.748] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.748] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586190*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000bd818, lpReserved=0x0 | out: lpBuffer=0xc000586190*, lpNumberOfCharsWritten=0xc0000bd818*=0x2) returned 1 [0111.750] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.759] SetEvent (hEvent=0x164) returned 1 [0111.759] SetEvent (hEvent=0xb8) returned 1 [0111.759] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0111.760] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0111.760] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00010dcf4 | out: lpMode=0xc00010dcf4) returned 0 [0111.761] GetFileType (hFile=0x180) returned 0x1 [0111.761] GetFileType (hFile=0x180) returned 0x1 [0111.761] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc00010dd44 | out: lpFileInformation=0xc00010dd44) returned 1 [0111.761] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc00010dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010dd28) returned 1 [0111.761] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0111.763] ReadFile (in: hFile=0x180, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x23e7, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc00010dc04*=0x21e7, lpOverlapped=0x0) returned 1 [0111.766] ReadFile (in: hFile=0x180, lpBuffer=0xc00025c1e7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00025c1e7*, lpNumberOfBytesRead=0xc00010dc04*=0x0, lpOverlapped=0x0) returned 1 [0111.766] CloseHandle (hObject=0x180) returned 1 [0111.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.770] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00010dd04 | out: lpMode=0xc00010dd04) returned 0 [0111.771] GetFileType (hFile=0x180) returned 0x1 [0111.771] WriteFile (in: hFile=0x180, lpBuffer=0xc00025c500*, nNumberOfBytesToWrite=0x21f0, lpNumberOfBytesWritten=0xc00010dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00025c500*, lpNumberOfBytesWritten=0xc00010dcec*=0x21f0, lpOverlapped=0x0) returned 1 [0111.772] CloseHandle (hObject=0x180) returned 1 [0111.772] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0111.773] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0111.773] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.773] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00010dd64 | out: lpMode=0xc00010dd64) returned 0 [0111.774] GetFileType (hFile=0x180) returned 0x1 [0111.774] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00010dd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.774] CloseHandle (hObject=0x180) returned 1 [0111.774] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-adServer[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-adserver[1].htm"), dwFlags=0x1) returned 1 [0111.810] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0111.810] SetEvent (hEvent=0x164) returned 1 [0111.811] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.813] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.816] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0111.816] SetEvent (hEvent=0xfc) returned 1 [0111.816] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.818] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.838] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.850] SetEvent (hEvent=0xb8) returned 1 [0111.850] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.853] SetEvent (hEvent=0xb8) returned 1 [0111.853] SetEvent (hEvent=0x1a0) returned 1 [0111.853] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.854] VirtualFree (lpAddress=0xc000070000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.854] VirtualFree (lpAddress=0xc00004c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.855] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.855] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.855] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861a0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001a5818, lpReserved=0x0 | out: lpBuffer=0xc0005861a0*, lpNumberOfCharsWritten=0xc0001a5818*=0x2) returned 1 [0111.858] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.868] SetEvent (hEvent=0x164) returned 1 [0111.868] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.870] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0111.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0111.871] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001a5cf4 | out: lpMode=0xc0001a5cf4) returned 0 [0111.872] GetFileType (hFile=0x1e4) returned 0x1 [0111.872] GetFileType (hFile=0x1e4) returned 0x1 [0111.872] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc0001a5d44 | out: lpFileInformation=0xc0001a5d44) returned 1 [0111.872] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc0001a5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a5d28) returned 1 [0111.872] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0111.873] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x4939, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc0001a5c04*=0x4739, lpOverlapped=0x0) returned 1 [0111.878] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00025e739, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025e739*, lpNumberOfBytesRead=0xc0001a5c04*=0x0, lpOverlapped=0x0) returned 1 [0111.878] CloseHandle (hObject=0x1e4) returned 1 [0111.878] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0111.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.882] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001a5d04 | out: lpMode=0xc0001a5d04) returned 0 [0111.882] GetFileType (hFile=0x1e4) returned 0x1 [0111.882] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0x4740, lpNumberOfBytesWritten=0xc0001a5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc0001a5cec*=0x4740, lpOverlapped=0x0) returned 1 [0111.884] CloseHandle (hObject=0x1e4) returned 1 [0111.884] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0111.884] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.885] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001a5d64 | out: lpMode=0xc0001a5d64) returned 0 [0111.885] GetFileType (hFile=0x1e4) returned 0x1 [0111.885] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000586e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000586e0*, lpNumberOfBytesWritten=0xc0001a5d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.886] CloseHandle (hObject=0x1e4) returned 1 [0111.887] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot"), dwFlags=0x1) returned 1 [0111.937] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.937] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0111.937] SetEvent (hEvent=0x164) returned 1 [0111.937] SetEvent (hEvent=0xfc) returned 1 [0111.938] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.943] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0111.944] SetEvent (hEvent=0xfc) returned 1 [0111.944] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.947] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0111.983] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.008] SetEvent (hEvent=0x164) returned 1 [0112.008] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.012] SetEvent (hEvent=0x164) returned 1 [0112.012] SetEvent (hEvent=0xb8) returned 1 [0112.012] VirtualFree (lpAddress=0xc000346000, dwSize=0x3a000, dwFreeType=0x4000) returned 1 [0112.013] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x3a000, dwFreeType=0x4000) returned 1 [0112.015] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.015] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.016] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.016] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0006dd818*=0x2) returned 1 [0112.019] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.029] SetEvent (hEvent=0x1a0) returned 1 [0112.029] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.034] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0112.035] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0112.035] GetFileType (hFile=0x1e4) returned 0x1 [0112.035] GetFileType (hFile=0x1e4) returned 0x1 [0112.035] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0112.036] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0112.036] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0112.036] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0xea2, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc0006ddc04*=0xca2, lpOverlapped=0x0) returned 1 [0112.039] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00006cca2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006cca2*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0112.039] CloseHandle (hObject=0x1e4) returned 1 [0112.039] SwitchToThread () returned 1 [0112.044] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0112.045] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0112.047] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0112.048] GetFileType (hFile=0x1bc) returned 0x1 [0112.048] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000070000*, nNumberOfBytesToWrite=0xcb0, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesWritten=0xc0006ddcec*=0xcb0, lpOverlapped=0x0) returned 1 [0112.049] CloseHandle (hObject=0x1bc) returned 1 [0112.050] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0112.051] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0112.051] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0112.051] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0112.052] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0112.057] GetFileType (hFile=0x1bc) returned 0x1 [0112.057] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.058] CloseHandle (hObject=0x1bc) returned 1 [0112.060] MoveFileExW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]"), dwFlags=0x1) returned 1 [0112.110] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0112.110] SetEvent (hEvent=0x1a0) returned 1 [0112.111] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.112] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0112.112] SetEvent (hEvent=0x1a0) returned 1 [0112.112] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.119] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.139] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.157] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.177] SetEvent (hEvent=0x164) returned 1 [0112.177] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.178] SetEvent (hEvent=0x164) returned 1 [0112.178] SetEvent (hEvent=0xfc) returned 1 [0112.178] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0040*, lpNumberOfCharsWritten=0xc0006e1818*=0x2) returned 1 [0112.179] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.185] SetEvent (hEvent=0xfc) returned 1 [0112.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\plusone[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\plusone[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0112.185] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0112.186] GetFileType (hFile=0x180) returned 0x1 [0112.186] GetFileType (hFile=0x180) returned 0x1 [0112.186] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0112.186] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0112.186] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0112.187] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0112.188] ReadFile (in: hFile=0x180, lpBuffer=0xc000230000, nNumberOfBytesToRead=0xa132, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0006e1c04*=0x9f32, lpOverlapped=0x0) returned 1 [0112.192] ReadFile (in: hFile=0x180, lpBuffer=0xc000239f32, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000239f32*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0112.192] CloseHandle (hObject=0x180) returned 1 [0112.192] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0112.192] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0112.193] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0112.194] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0112.194] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0112.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\plusone[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\plusone[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0112.200] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0112.200] GetFileType (hFile=0x180) returned 0x1 [0112.200] WriteFile (in: hFile=0x180, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x9f40, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc0006e1cec*=0x9f40, lpOverlapped=0x0) returned 1 [0112.202] CloseHandle (hObject=0x180) returned 1 [0112.203] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0112.203] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0112.203] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\plusone[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\plusone[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0112.203] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0112.204] GetFileType (hFile=0x180) returned 0x1 [0112.204] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.205] CloseHandle (hObject=0x180) returned 1 [0112.205] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\plusone[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\plusone[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-plusone[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-plusone[1].js"), dwFlags=0x1) returned 1 [0112.261] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.262] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.262] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0112.262] SetEvent (hEvent=0xc0) returned 1 [0112.262] SetEvent (hEvent=0xb8) returned 1 [0112.262] SetEvent (hEvent=0x1a0) returned 1 [0112.263] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.266] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.266] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0112.266] SetEvent (hEvent=0x1a0) returned 1 [0112.266] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.272] SetEvent (hEvent=0x15c) returned 1 [0112.272] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0112.385] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000063cf4 | out: lpMode=0xc000063cf4) returned 0 [0112.393] GetFileType (hFile=0x1b4) returned 0x1 [0112.393] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0112.394] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0112.394] GetFileType (hFile=0x1b4) returned 0x1 [0112.394] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000063d44 | out: lpFileInformation=0xc000063d44) returned 1 [0112.394] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000063d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000063d28) returned 1 [0112.394] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0112.395] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000124000, nNumberOfBytesToRead=0x448, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesRead=0xc000063c04*=0x248, lpOverlapped=0x0) returned 1 [0112.401] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000124248, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc000124248*, lpNumberOfBytesRead=0xc000063c04*=0x0, lpOverlapped=0x0) returned 1 [0112.401] CloseHandle (hObject=0x1b4) returned 1 [0112.401] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0112.401] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0112.402] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0112.402] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0112.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0112.422] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000063d04 | out: lpMode=0xc000063d04) returned 0 [0112.424] GetFileType (hFile=0x1bc) returned 0x1 [0112.424] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000162000*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0xc000063cec, lpOverlapped=0x0 | out: lpBuffer=0xc000162000*, lpNumberOfBytesWritten=0xc000063cec*=0x250, lpOverlapped=0x0) returned 1 [0112.426] CloseHandle (hObject=0x1bc) returned 1 [0112.436] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.446] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532d01 | out: pbBuffer=0xc000532d01) returned 1 [0112.446] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0112.470] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0112.471] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0112.471] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0112.471] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0112.472] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0112.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0112.473] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000063d64 | out: lpMode=0xc000063d64) returned 0 [0112.475] GetFileType (hFile=0x1e4) returned 0x1 [0112.476] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0003002c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000063d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0003002c0*, lpNumberOfBytesWritten=0xc000063d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.476] CloseHandle (hObject=0x1e4) returned 1 [0112.480] VirtualAlloc (lpAddress=0xc000302000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000302000 [0112.481] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-AA61AKN[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-aa61akn[2].png"), dwFlags=0x1) returned 1 [0112.552] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.561] SetEvent (hEvent=0xb8) returned 1 [0112.561] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.563] SetEvent (hEvent=0xb8) returned 1 [0112.563] SetEvent (hEvent=0x13c) returned 1 [0112.563] SetEvent (hEvent=0xf4) returned 1 [0112.563] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.565] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.566] SetEvent (hEvent=0xb8) returned 1 [0112.567] SetEvent (hEvent=0xf4) returned 1 [0112.567] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000063818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc000063818*=0x3) returned 1 [0112.568] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.572] SetEvent (hEvent=0xb8) returned 1 [0112.572] SwitchToThread () returned 1 [0112.573] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.600] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.601] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.604] SetEvent (hEvent=0xb8) returned 1 [0112.604] SetEvent (hEvent=0x108) returned 1 [0112.604] SwitchToThread () returned 1 [0112.700] SwitchToThread () returned 1 [0112.703] SetEvent (hEvent=0x114) returned 1 [0112.703] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.711] SetEvent (hEvent=0xb8) returned 1 [0112.711] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.712] SetEvent (hEvent=0xb8) returned 1 [0112.712] SetEvent (hEvent=0x120) returned 1 [0112.712] VirtualFree (lpAddress=0xc00031c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.712] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.713] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.713] VirtualFree (lpAddress=0xc000232000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.713] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0030*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001fb818, lpReserved=0x0 | out: lpBuffer=0xc0000a0030*, lpNumberOfCharsWritten=0xc0001fb818*=0x2) returned 1 [0112.717] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.733] SetEvent (hEvent=0x1a0) returned 1 [0112.733] SetEvent (hEvent=0x120) returned 1 [0112.733] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0112.734] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0112.734] GetFileType (hFile=0x1d4) returned 0x1 [0112.734] VirtualAlloc (lpAddress=0xc000396000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000396000 [0112.735] GetFileType (hFile=0x1d4) returned 0x1 [0112.735] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0112.735] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0112.735] ReadFile (in: hFile=0x1d4, lpBuffer=0xc00038c400, nNumberOfBytesToRead=0x3aa, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00038c400*, lpNumberOfBytesRead=0xc0006ddc04*=0x1aa, lpOverlapped=0x0) returned 1 [0112.738] ReadFile (in: hFile=0x1d4, lpBuffer=0xc00038c5aa, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00038c5aa*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0112.738] CloseHandle (hObject=0x1d4) returned 1 [0112.738] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0112.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0112.744] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0112.745] GetFileType (hFile=0x1d4) returned 0x1 [0112.745] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0002c4000*, nNumberOfBytesToWrite=0x1b0, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002c4000*, lpNumberOfBytesWritten=0xc0006ddcec*=0x1b0, lpOverlapped=0x0) returned 1 [0112.746] CloseHandle (hObject=0x1d4) returned 1 [0112.746] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0112.746] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0112.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0112.747] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0112.747] GetFileType (hFile=0x1d4) returned 0x1 [0112.747] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.747] CloseHandle (hObject=0x1d4) returned 1 [0112.748] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BB8jcOr[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bb8jcor[2].png"), dwFlags=0x1) returned 1 [0112.802] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.803] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0112.803] SetEvent (hEvent=0x1a0) returned 1 [0112.803] VirtualAlloc (lpAddress=0xc0002f8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f8000 [0112.805] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.806] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.808] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0112.808] SetEvent (hEvent=0x114) returned 1 [0112.808] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.813] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.813] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.818] SetEvent (hEvent=0x120) returned 1 [0112.819] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.825] SetEvent (hEvent=0x120) returned 1 [0112.825] SetEvent (hEvent=0x108) returned 1 [0112.825] VirtualFree (lpAddress=0xc000326000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.825] VirtualFree (lpAddress=0xc000322000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.826] VirtualFree (lpAddress=0xc0002f8000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.826] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.826] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586038*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc000586038*, lpNumberOfCharsWritten=0xc000117818*=0x2) returned 1 [0112.828] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.843] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.846] SetEvent (hEvent=0xb8) returned 1 [0112.846] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.852] SetEvent (hEvent=0xb8) returned 1 [0112.852] SetEvent (hEvent=0x120) returned 1 [0112.852] VirtualFree (lpAddress=0xc0003b4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.853] VirtualFree (lpAddress=0xc0003b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.853] VirtualFree (lpAddress=0xc0003a6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.853] VirtualFree (lpAddress=0xc00034e000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.854] VirtualFree (lpAddress=0xc000342000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.854] VirtualFree (lpAddress=0xc000054000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.855] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.855] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.855] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.855] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000289818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000289818*=0x2) returned 1 [0112.856] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.864] SetEvent (hEvent=0x120) returned 1 [0112.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0112.865] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000159cf4 | out: lpMode=0xc000159cf4) returned 0 [0112.865] GetFileType (hFile=0x1bc) returned 0x1 [0112.865] GetFileType (hFile=0x1bc) returned 0x1 [0112.865] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000159d44 | out: lpFileInformation=0xc000159d44) returned 1 [0112.866] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000159d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000159d28) returned 1 [0112.866] VirtualAlloc (lpAddress=0xc0003ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ce000 [0112.866] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0003ce000, nNumberOfBytesToRead=0x911, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003ce000*, lpNumberOfBytesRead=0xc000159c04*=0x711, lpOverlapped=0x0) returned 1 [0112.868] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0003ce711, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003ce711*, lpNumberOfBytesRead=0xc000159c04*=0x0, lpOverlapped=0x0) returned 1 [0112.868] CloseHandle (hObject=0x1bc) returned 1 [0112.868] VirtualAlloc (lpAddress=0xc0003d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d4000 [0112.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0112.871] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000159d04 | out: lpMode=0xc000159d04) returned 0 [0112.871] GetFileType (hFile=0x1bc) returned 0x1 [0112.871] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0003d4000*, nNumberOfBytesToWrite=0x720, lpNumberOfBytesWritten=0xc000159cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d4000*, lpNumberOfBytesWritten=0xc000159cec*=0x720, lpOverlapped=0x0) returned 1 [0112.873] CloseHandle (hObject=0x1bc) returned 1 [0112.873] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0112.874] VirtualAlloc (lpAddress=0xc0003d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d8000 [0112.874] VirtualAlloc (lpAddress=0xc0003da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003da000 [0112.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0112.875] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000159d64 | out: lpMode=0xc000159d64) returned 0 [0112.875] GetFileType (hFile=0x1bc) returned 0x1 [0112.875] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0003da2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000159d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0003da2c0*, lpNumberOfBytesWritten=0xc000159d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.875] CloseHandle (hObject=0x1bc) returned 1 [0112.876] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBImKX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbimkx[1].jpg"), dwFlags=0x1) returned 1 [0112.919] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.920] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0112.920] SetEvent (hEvent=0x1a0) returned 1 [0112.920] SetEvent (hEvent=0x114) returned 1 [0112.920] VirtualAlloc (lpAddress=0xc0003dc000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003dc000 [0112.921] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.928] SetEvent (hEvent=0x114) returned 1 [0112.928] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.947] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.948] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0112.948] SetEvent (hEvent=0xc0) returned 1 [0112.948] SetEvent (hEvent=0x15c) returned 1 [0112.948] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.959] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.960] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0112.960] SetEvent (hEvent=0xc0) returned 1 [0112.960] SetEvent (hEvent=0x15c) returned 1 [0112.960] SetEvent (hEvent=0x114) returned 1 [0112.960] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.962] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0112.962] SetEvent (hEvent=0x114) returned 1 [0112.962] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.967] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0112.967] SetEvent (hEvent=0xb8) returned 1 [0112.967] SetEvent (hEvent=0x198) returned 1 [0112.967] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.981] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0112.982] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000133cf4 | out: lpMode=0xc000133cf4) returned 0 [0112.984] GetFileType (hFile=0x128) returned 0x1 [0112.984] VirtualAlloc (lpAddress=0xc0003e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e4000 [0112.984] GetFileType (hFile=0x128) returned 0x1 [0112.984] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000133d44 | out: lpFileInformation=0xc000133d44) returned 1 [0112.985] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000133d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000133d28) returned 1 [0112.985] VirtualAlloc (lpAddress=0xc0003e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e6000 [0112.985] ReadFile (in: hFile=0x128, lpBuffer=0xc00050d980, nNumberOfBytesToRead=0x18bf, lpNumberOfBytesRead=0xc000133c04, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesRead=0xc000133c04*=0x16bf, lpOverlapped=0x0) returned 1 [0112.989] ReadFile (in: hFile=0x128, lpBuffer=0xc00050f03f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000133c04, lpOverlapped=0x0 | out: lpBuffer=0xc00050f03f*, lpNumberOfBytesRead=0xc000133c04*=0x0, lpOverlapped=0x0) returned 1 [0112.989] CloseHandle (hObject=0x128) returned 1 [0112.989] VirtualAlloc (lpAddress=0xc0003e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e8000 [0112.990] VirtualAlloc (lpAddress=0xc0003ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ea000 [0112.990] VirtualAlloc (lpAddress=0xc0003ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ec000 [0112.991] VirtualAlloc (lpAddress=0xc0003ee000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ee000 [0112.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0113.012] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000133d04 | out: lpMode=0xc000133d04) returned 0 [0113.013] GetFileType (hFile=0x1b4) returned 0x1 [0113.013] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0003ee000*, nNumberOfBytesToWrite=0x16c0, lpNumberOfBytesWritten=0xc000133cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003ee000*, lpNumberOfBytesWritten=0xc000133cec*=0x16c0, lpOverlapped=0x0) returned 1 [0113.014] CloseHandle (hObject=0x1b4) returned 1 [0113.015] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0113.015] VirtualAlloc (lpAddress=0xc0003f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f4000 [0113.016] VirtualAlloc (lpAddress=0xc0003f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f6000 [0113.016] VirtualAlloc (lpAddress=0xc0003f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f8000 [0113.017] VirtualAlloc (lpAddress=0xc0003fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fa000 [0113.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0113.017] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000133d64 | out: lpMode=0xc000133d64) returned 0 [0113.017] GetFileType (hFile=0x180) returned 0x1 [0113.018] WriteFile (in: hFile=0x180, lpBuffer=0xc00037af20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000133d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00037af20*, lpNumberOfBytesWritten=0xc000133d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.018] CloseHandle (hObject=0x180) returned 1 [0113.020] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBPmXJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbpmxj[1].jpg"), dwFlags=0x1) returned 1 [0113.083] VirtualFree (lpAddress=0xc0003f4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.083] VirtualFree (lpAddress=0xc000376000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.083] VirtualFree (lpAddress=0xc000370000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.083] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.084] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010058*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000159818, lpReserved=0x0 | out: lpBuffer=0xc000010058*, lpNumberOfCharsWritten=0xc000159818*=0x2) returned 1 [0113.182] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.266] SetEvent (hEvent=0x198) returned 1 [0113.266] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.267] SetEvent (hEvent=0x198) returned 1 [0113.267] SetEvent (hEvent=0x114) returned 1 [0113.267] SetEvent (hEvent=0xb8) returned 1 [0113.267] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.277] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.281] SetEvent (hEvent=0x15c) returned 1 [0113.281] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.281] SetEvent (hEvent=0x15c) returned 1 [0113.281] SetEvent (hEvent=0x198) returned 1 [0113.282] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.282] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.282] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.282] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.283] VirtualFree (lpAddress=0xc000076000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.283] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.283] VirtualFree (lpAddress=0xc00006a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.284] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.298] VirtualFree (lpAddress=0xc00004c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.299] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.299] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.300] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001d3818, lpReserved=0x0 | out: lpBuffer=0xc000586018*, lpNumberOfCharsWritten=0xc0001d3818*=0x2) returned 1 [0113.302] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.308] SetEvent (hEvent=0x164) returned 1 [0113.308] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.312] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0113.312] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001d3cf4 | out: lpMode=0xc0001d3cf4) returned 0 [0113.313] GetFileType (hFile=0x128) returned 0x1 [0113.313] GetFileType (hFile=0x128) returned 0x1 [0113.313] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0001d3d44 | out: lpFileInformation=0xc0001d3d44) returned 1 [0113.313] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0001d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d3d28) returned 1 [0113.313] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0113.314] ReadFile (in: hFile=0x128, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0xbb9, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc0001d3c04*=0x9b9, lpOverlapped=0x0) returned 1 [0113.318] ReadFile (in: hFile=0x128, lpBuffer=0xc00003c9b9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c9b9*, lpNumberOfBytesRead=0xc0001d3c04*=0x0, lpOverlapped=0x0) returned 1 [0113.318] CloseHandle (hObject=0x128) returned 1 [0113.318] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0113.318] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0113.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0113.321] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001d3d04 | out: lpMode=0xc0001d3d04) returned 0 [0113.321] GetFileType (hFile=0x128) returned 0x1 [0113.321] WriteFile (in: hFile=0x128, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x9c0, lpNumberOfBytesWritten=0xc0001d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc0001d3cec*=0x9c0, lpOverlapped=0x0) returned 1 [0113.322] CloseHandle (hObject=0x128) returned 1 [0113.323] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0113.323] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0113.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.324] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001d3d64 | out: lpMode=0xc0001d3d64) returned 0 [0113.324] GetFileType (hFile=0xec) returned 0x1 [0113.324] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.324] CloseHandle (hObject=0xec) returned 1 [0113.328] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBnhZY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbnhzy[1].jpg"), dwFlags=0x1) returned 1 [0113.359] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.360] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0113.360] SetEvent (hEvent=0xc0) returned 1 [0113.360] SetEvent (hEvent=0x164) returned 1 [0113.360] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0113.361] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.362] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.362] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.364] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.365] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0113.365] SetEvent (hEvent=0x164) returned 1 [0113.365] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.366] SetEvent (hEvent=0x108) returned 1 [0113.366] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.372] SetEvent (hEvent=0x120) returned 1 [0113.372] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.376] SetEvent (hEvent=0x198) returned 1 [0113.376] SetEvent (hEvent=0x164) returned 1 [0113.376] SetEvent (hEvent=0x108) returned 1 [0113.376] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.393] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.418] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.429] SetEvent (hEvent=0x15c) returned 1 [0113.429] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.429] SetEvent (hEvent=0x15c) returned 1 [0113.430] SetEvent (hEvent=0x198) returned 1 [0113.430] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0113.430] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0113.431] VirtualFree (lpAddress=0xc000160000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0113.431] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.432] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.432] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.432] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.433] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.433] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.433] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.434] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.434] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.434] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.435] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.435] VirtualFree (lpAddress=0xc000054000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.435] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.436] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.436] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000205818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc000205818*=0x2) returned 1 [0113.437] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.438] SetEvent (hEvent=0x198) returned 1 [0113.438] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0113.439] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0113.439] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000205cf4 | out: lpMode=0xc000205cf4) returned 0 [0113.441] GetFileType (hFile=0xec) returned 0x1 [0113.441] GetFileType (hFile=0xec) returned 0x1 [0113.441] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000205d44 | out: lpFileInformation=0xc000205d44) returned 1 [0113.441] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000205d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000205d28) returned 1 [0113.441] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0113.441] ReadFile (in: hFile=0xec, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x9e1, lpNumberOfBytesRead=0xc000205c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc000205c04*=0x7e1, lpOverlapped=0x0) returned 1 [0113.444] ReadFile (in: hFile=0xec, lpBuffer=0xc00003c7e1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000205c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c7e1*, lpNumberOfBytesRead=0xc000205c04*=0x0, lpOverlapped=0x0) returned 1 [0113.444] CloseHandle (hObject=0xec) returned 1 [0113.444] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0113.444] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0113.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.447] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000205d04 | out: lpMode=0xc000205d04) returned 0 [0113.447] GetFileType (hFile=0xec) returned 0x1 [0113.447] WriteFile (in: hFile=0xec, lpBuffer=0xc000040000*, nNumberOfBytesToWrite=0x7f0, lpNumberOfBytesWritten=0xc000205cec, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesWritten=0xc000205cec*=0x7f0, lpOverlapped=0x0) returned 1 [0113.448] CloseHandle (hObject=0xec) returned 1 [0113.449] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0113.449] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0113.449] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0113.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.450] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000205d64 | out: lpMode=0xc000205d64) returned 0 [0113.450] GetFileType (hFile=0xec) returned 0x1 [0113.450] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000205d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000205d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.451] CloseHandle (hObject=0xec) returned 1 [0113.451] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBC05rl[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbc05rl[2].jpg"), dwFlags=0x1) returned 1 [0113.520] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0113.520] SetEvent (hEvent=0x108) returned 1 [0113.521] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.523] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0113.523] SetEvent (hEvent=0x108) returned 1 [0113.523] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.529] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0113.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0113.530] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0002a3cf4 | out: lpMode=0xc0002a3cf4) returned 0 [0113.534] GetFileType (hFile=0xec) returned 0x1 [0113.534] GetFileType (hFile=0xec) returned 0x1 [0113.534] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0002a3d44 | out: lpFileInformation=0xc0002a3d44) returned 1 [0113.534] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0002a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a3d28) returned 1 [0113.534] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0113.535] ReadFile (in: hFile=0xec, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x220e, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc0002a3c04*=0x200e, lpOverlapped=0x0) returned 1 [0113.539] ReadFile (in: hFile=0xec, lpBuffer=0xc00025c00e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025c00e*, lpNumberOfBytesRead=0xc0002a3c04*=0x0, lpOverlapped=0x0) returned 1 [0113.539] CloseHandle (hObject=0xec) returned 1 [0113.539] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0113.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.542] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0002a3d04 | out: lpMode=0xc0002a3d04) returned 0 [0113.542] GetFileType (hFile=0x1b0) returned 0x1 [0113.542] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00025c500*, nNumberOfBytesToWrite=0x2010, lpNumberOfBytesWritten=0xc0002a3cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025c500*, lpNumberOfBytesWritten=0xc0002a3cec*=0x2010, lpOverlapped=0x0) returned 1 [0113.544] CloseHandle (hObject=0x1b0) returned 1 [0113.545] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532501 | out: pbBuffer=0xc000532501) returned 1 [0113.545] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0113.545] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0113.546] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0113.546] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0113.547] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0113.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.547] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0002a3d64 | out: lpMode=0xc0002a3d64) returned 0 [0113.548] GetFileType (hFile=0x1b0) returned 0x1 [0113.548] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d82c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d82c0*, lpNumberOfBytesWritten=0xc0002a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.548] CloseHandle (hObject=0x1b0) returned 1 [0113.549] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0113.549] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbc0g7a[1].jpg"), dwFlags=0x1) returned 1 [0113.598] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.599] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0113.599] SetEvent (hEvent=0x15c) returned 1 [0113.599] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0113.600] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.601] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.602] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.603] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.603] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0113.603] SetEvent (hEvent=0xb8) returned 1 [0113.603] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.611] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.611] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.634] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.642] SetEvent (hEvent=0x164) returned 1 [0113.642] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.645] SetEvent (hEvent=0x164) returned 1 [0113.645] SetEvent (hEvent=0x108) returned 1 [0113.645] VirtualFree (lpAddress=0xc000166000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.646] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.646] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.647] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.647] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.647] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002cb818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc0002cb818*=0x2) returned 1 [0113.649] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.658] SetEvent (hEvent=0x15c) returned 1 [0113.658] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.661] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0113.661] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000205cf4 | out: lpMode=0xc000205cf4) returned 0 [0113.662] GetFileType (hFile=0xec) returned 0x1 [0113.662] GetFileType (hFile=0xec) returned 0x1 [0113.662] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000205d44 | out: lpFileInformation=0xc000205d44) returned 1 [0113.663] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000205d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000205d28) returned 1 [0113.663] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0113.663] ReadFile (in: hFile=0xec, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0xcfe, lpNumberOfBytesRead=0xc000205c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc000205c04*=0xafe, lpOverlapped=0x0) returned 1 [0113.669] ReadFile (in: hFile=0xec, lpBuffer=0xc00011cafe, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000205c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011cafe*, lpNumberOfBytesRead=0xc000205c04*=0x0, lpOverlapped=0x0) returned 1 [0113.669] CloseHandle (hObject=0xec) returned 1 [0113.669] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.671] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000205d04 | out: lpMode=0xc000205d04) returned 0 [0113.672] GetFileType (hFile=0xec) returned 0x1 [0113.672] WriteFile (in: hFile=0xec, lpBuffer=0xc000160000*, nNumberOfBytesToWrite=0xb00, lpNumberOfBytesWritten=0xc000205cec, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesWritten=0xc000205cec*=0xb00, lpOverlapped=0x0) returned 1 [0113.673] CloseHandle (hObject=0xec) returned 1 [0113.674] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082501 | out: pbBuffer=0xc000082501) returned 1 [0113.674] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0113.675] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000205d64 | out: lpMode=0xc000205d64) returned 0 [0113.675] GetFileType (hFile=0x128) returned 0x1 [0113.675] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0113.676] WriteFile (in: hFile=0x128, lpBuffer=0xc00013a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000205d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesWritten=0xc000205d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.676] CloseHandle (hObject=0x128) returned 1 [0113.680] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0113.680] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0113.681] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEdMci[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbedmci[1].jpg"), dwFlags=0x1) returned 1 [0113.860] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.861] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0113.861] SetEvent (hEvent=0x15c) returned 1 [0113.861] SetEvent (hEvent=0xb8) returned 1 [0113.861] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0113.862] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.867] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0113.867] SetEvent (hEvent=0xb8) returned 1 [0113.867] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.873] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.902] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.912] SetEvent (hEvent=0x108) returned 1 [0113.912] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.918] SetEvent (hEvent=0x108) returned 1 [0113.918] SetEvent (hEvent=0x164) returned 1 [0113.918] VirtualFree (lpAddress=0xc000160000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.918] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.919] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.919] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.919] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0020*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00029d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0020*, lpNumberOfCharsWritten=0xc00029d818*=0x2) returned 1 [0113.920] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.928] SetEvent (hEvent=0x15c) returned 1 [0113.928] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.929] SetEvent (hEvent=0x15c) returned 1 [0113.929] SwitchToThread () returned 1 [0113.930] SetEvent (hEvent=0x164) returned 1 [0113.930] SetEvent (hEvent=0x15c) returned 1 [0113.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0113.931] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001b5cf4 | out: lpMode=0xc0001b5cf4) returned 0 [0113.931] GetFileType (hFile=0x1b0) returned 0x1 [0113.932] GetFileType (hFile=0x1b0) returned 0x1 [0113.932] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0001b5d44 | out: lpFileInformation=0xc0001b5d44) returned 1 [0113.932] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0001b5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b5d28) returned 1 [0113.932] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00007a000, nNumberOfBytesToRead=0x1f26, lpNumberOfBytesRead=0xc0001b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesRead=0xc0001b5c04*=0x1d26, lpOverlapped=0x0) returned 1 [0113.937] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00007bd26, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007bd26*, lpNumberOfBytesRead=0xc0001b5c04*=0x0, lpOverlapped=0x0) returned 1 [0113.937] CloseHandle (hObject=0x1b0) returned 1 [0113.937] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0113.937] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0113.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.940] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001b5d04 | out: lpMode=0xc0001b5d04) returned 0 [0113.940] GetFileType (hFile=0x1b0) returned 0x1 [0113.940] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00003e000*, nNumberOfBytesToWrite=0x1d30, lpNumberOfBytesWritten=0xc0001b5cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003e000*, lpNumberOfBytesWritten=0xc0001b5cec*=0x1d30, lpOverlapped=0x0) returned 1 [0113.942] CloseHandle (hObject=0x1b0) returned 1 [0113.943] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0113.943] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0113.943] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.943] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001b5d64 | out: lpMode=0xc0001b5d64) returned 0 [0113.944] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.947] SetEvent (hEvent=0xb8) returned 1 [0113.948] GetFileType (hFile=0x1b0) returned 0x1 [0113.948] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001b5d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.948] CloseHandle (hObject=0x1b0) returned 1 [0113.951] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0113.959] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEeFp3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbeefp3[1].jpg"), dwFlags=0x1) returned 1 [0114.014] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0114.014] SetEvent (hEvent=0xb8) returned 1 [0114.015] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0114.016] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.017] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0114.017] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0114.017] SetEvent (hEvent=0xb8) returned 1 [0114.018] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.024] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0114.035] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0114.043] SetEvent (hEvent=0x108) returned 1 [0114.043] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0114.050] SwitchToThread () returned 1 [0114.051] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0114.059] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0114.069] SetEvent (hEvent=0x15c) returned 1 [0114.069] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.071] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0114.071] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0114.071] SetEvent (hEvent=0x15c) returned 1 [0114.071] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0114.072] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.073] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.077] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.078] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0114.078] SetEvent (hEvent=0x15c) returned 1 [0114.078] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.078] SetEvent (hEvent=0x108) returned 1 [0114.078] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0114.088] SetEvent (hEvent=0xb8) returned 1 [0114.089] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0114.102] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0114.103] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000f3cf4 | out: lpMode=0xc0000f3cf4) returned 0 [0114.107] GetFileType (hFile=0xec) returned 0x1 [0114.107] GetFileType (hFile=0xec) returned 0x1 [0114.107] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0000f3d44 | out: lpFileInformation=0xc0000f3d44) returned 1 [0114.107] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0000f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f3d28) returned 1 [0114.108] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0114.109] ReadFile (in: hFile=0xec, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0xadf, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc0000f3c04*=0x8df, lpOverlapped=0x0) returned 1 [0114.116] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0114.201] ReadFile (in: hFile=0xec, lpBuffer=0xc00011c8df, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c8df*, lpNumberOfBytesRead=0xc0000f3c04*=0x0, lpOverlapped=0x0) returned 1 [0114.201] CloseHandle (hObject=0xec) returned 1 [0114.201] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0114.202] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0114.226] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0114.256] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0xc0000f3d04 | out: lpMode=0xc0000f3d04) returned 0 [0114.259] GetFileType (hFile=0x1ac) returned 0x1 [0114.259] WriteFile (in: hFile=0x1ac, lpBuffer=0xc0002c0000*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0xc0000f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002c0000*, lpNumberOfBytesWritten=0xc0000f3cec*=0x8e0, lpOverlapped=0x0) returned 1 [0114.260] CloseHandle (hObject=0x1ac) returned 1 [0114.266] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1001 | out: pbBuffer=0xc0000e1001) returned 1 [0114.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0114.267] GetConsoleMode (in: hConsoleHandle=0x1e8, lpMode=0xc0000f3d64 | out: lpMode=0xc0000f3d64) returned 0 [0114.274] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0114.296] GetFileType (hFile=0x1e8) returned 0x1 [0114.296] WriteFile (in: hFile=0x1e8, lpBuffer=0xc0000d71e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d71e0*, lpNumberOfBytesWritten=0xc0000f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.296] CloseHandle (hObject=0x1e8) returned 1 [0114.346] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0114.368] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0114.368] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEgLzV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbeglzv[1].jpg"), dwFlags=0x1) returned 1 [0114.521] SetEvent (hEvent=0xf4) returned 1 [0114.521] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0114.522] SwitchToThread () returned 1 [0114.715] VirtualFree (lpAddress=0xc0003bc000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.716] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000155818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc000155818*=0x3) returned 1 [0114.719] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0115.578] SetEvent (hEvent=0x1d0) returned 1 [0115.579] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0115.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1f0 [0115.641] GetConsoleMode (in: hConsoleHandle=0x1f0, lpMode=0xc0001a3cf4 | out: lpMode=0xc0001a3cf4) returned 0 [0115.646] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0115.656] GetFileType (hFile=0x1f0) returned 0x1 [0115.656] GetFileType (hFile=0x1f0) returned 0x1 [0115.656] GetFileInformationByHandle (in: hFile=0x1f0, lpFileInformation=0xc0001a3d44 | out: lpFileInformation=0xc0001a3d44) returned 1 [0115.656] GetFileInformationByHandleEx (in: hFile=0x1f0, FileInformationClass=0x9, lpFileInformation=0xc0001a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a3d28) returned 1 [0115.656] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0115.657] ReadFile (in: hFile=0x1f0, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0x8e8, lpNumberOfBytesRead=0xc0001a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc0001a3c04*=0x6e8, lpOverlapped=0x0) returned 1 [0115.662] ReadFile (in: hFile=0x1f0, lpBuffer=0xc00011c6e8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c6e8*, lpNumberOfBytesRead=0xc0001a3c04*=0x0, lpOverlapped=0x0) returned 1 [0115.662] CloseHandle (hObject=0x1f0) returned 1 [0115.662] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0115.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0115.686] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0115.834] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc0001a3d04 | out: lpMode=0xc0001a3d04) returned 0 [0115.847] GetFileType (hFile=0x210) returned 0x1 [0115.847] WriteFile (in: hFile=0x210, lpBuffer=0xc000124000*, nNumberOfBytesToWrite=0x6f0, lpNumberOfBytesWritten=0xc0001a3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesWritten=0xc0001a3cec*=0x6f0, lpOverlapped=0x0) returned 1 [0115.848] CloseHandle (hObject=0x210) returned 1 [0115.855] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1101 | out: pbBuffer=0xc0000e1101) returned 1 [0115.855] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0115.856] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x27c [0115.856] GetConsoleMode (in: hConsoleHandle=0x27c, lpMode=0xc0001a3d64 | out: lpMode=0xc0001a3d64) returned 0 [0115.859] GetFileType (hFile=0x27c) returned 0x1 [0115.859] WriteFile (in: hFile=0x27c, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc0001a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0115.859] CloseHandle (hObject=0x27c) returned 1 [0115.871] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0115.957] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0115.958] SetEvent (hEvent=0x144) returned 1 [0115.958] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0115.985] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d4 [0115.985] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc000049cf4 | out: lpMode=0xc000049cf4) returned 0 [0115.992] GetFileType (hFile=0x2d4) returned 0x1 [0115.992] GetFileType (hFile=0x2d4) returned 0x1 [0115.992] GetFileInformationByHandle (in: hFile=0x2d4, lpFileInformation=0xc000049d44 | out: lpFileInformation=0xc000049d44) returned 1 [0115.992] GetFileInformationByHandleEx (in: hFile=0x2d4, FileInformationClass=0x9, lpFileInformation=0xc000049d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000049d28) returned 1 [0115.993] ReadFile (in: hFile=0x2d4, lpBuffer=0xc00034aa00, nNumberOfBytesToRead=0x2236, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc00034aa00*, lpNumberOfBytesRead=0xc000049c04*=0x2036, lpOverlapped=0x0) returned 1 [0115.995] ReadFile (in: hFile=0x2d4, lpBuffer=0xc00034ca36, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc00034ca36*, lpNumberOfBytesRead=0xc000049c04*=0x0, lpOverlapped=0x0) returned 1 [0115.995] CloseHandle (hObject=0x2d4) returned 1 [0115.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0116.079] GetConsoleMode (in: hConsoleHandle=0x2d0, lpMode=0xc000049d04 | out: lpMode=0xc000049d04) returned 0 [0116.080] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0116.114] GetFileType (hFile=0x2d0) returned 0x1 [0116.114] WriteFile (in: hFile=0x2d0, lpBuffer=0xc00034cf00*, nNumberOfBytesToWrite=0x2040, lpNumberOfBytesWritten=0xc000049cec, lpOverlapped=0x0 | out: lpBuffer=0xc00034cf00*, lpNumberOfBytesWritten=0xc000049cec*=0x2040, lpOverlapped=0x0) returned 1 [0116.116] CloseHandle (hObject=0x2d0) returned 1 [0116.119] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a901 | out: pbBuffer=0xc00031a901) returned 1 [0116.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f8 [0116.119] GetConsoleMode (in: hConsoleHandle=0x2f8, lpMode=0xc000049d64 | out: lpMode=0xc000049d64) returned 0 [0116.123] GetFileType (hFile=0x2f8) returned 0x1 [0116.123] WriteFile (in: hFile=0x2f8, lpBuffer=0xc00035cf20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000049d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00035cf20*, lpNumberOfBytesWritten=0xc000049d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.123] CloseHandle (hObject=0x2f8) returned 1 [0116.126] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBC06ZQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbc06zq[1].jpg"), dwFlags=0x1) returned 1 [0116.657] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000271818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc000271818*=0x3) returned 1 [0116.659] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0116.661] SetEvent (hEvent=0x188) returned 1 [0116.661] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0116.662] SetEvent (hEvent=0x188) returned 1 [0116.662] SetEvent (hEvent=0x2b0) returned 1 [0116.662] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.663] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000049818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc000049818*=0x3) returned 1 [0116.664] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0116.665] SetEvent (hEvent=0x258) returned 1 [0116.665] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0116.665] SetEvent (hEvent=0x258) returned 1 [0116.666] SetEvent (hEvent=0x2b0) returned 1 [0116.666] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00026f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc00026f818*=0x3) returned 1 [0116.666] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0116.668] SetEvent (hEvent=0x2b0) returned 1 [0116.668] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0116.669] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d0 [0116.670] GetConsoleMode (in: hConsoleHandle=0x2d0, lpMode=0xc00026fcf4 | out: lpMode=0xc00026fcf4) returned 0 [0116.670] GetFileType (hFile=0x2d0) returned 0x1 [0116.670] GetFileType (hFile=0x2d0) returned 0x1 [0116.670] GetFileInformationByHandle (in: hFile=0x2d0, lpFileInformation=0xc00026fd44 | out: lpFileInformation=0xc00026fd44) returned 1 [0116.670] GetFileInformationByHandleEx (in: hFile=0x2d0, FileInformationClass=0x9, lpFileInformation=0xc00026fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026fd28) returned 1 [0116.670] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0116.671] ReadFile (in: hFile=0x2d0, lpBuffer=0xc000054000, nNumberOfBytesToRead=0xb52, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesRead=0xc00026fc04*=0x952, lpOverlapped=0x0) returned 1 [0116.674] ReadFile (in: hFile=0x2d0, lpBuffer=0xc000054952, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000054952*, lpNumberOfBytesRead=0xc00026fc04*=0x0, lpOverlapped=0x0) returned 1 [0116.674] CloseHandle (hObject=0x2d0) returned 1 [0116.674] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0116.675] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0116.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0116.795] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc00026fd04 | out: lpMode=0xc00026fd04) returned 0 [0116.797] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0116.802] GetFileType (hFile=0x308) returned 0x1 [0116.802] WriteFile (in: hFile=0x308, lpBuffer=0xc00007a000*, nNumberOfBytesToWrite=0x960, lpNumberOfBytesWritten=0xc00026fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesWritten=0xc00026fcec*=0x960, lpOverlapped=0x0) returned 1 [0116.804] CloseHandle (hObject=0x308) returned 1 [0116.806] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0116.809] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0116.809] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0116.809] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0116.810] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0116.810] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0116.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0116.811] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc00026fd64 | out: lpMode=0xc00026fd64) returned 0 [0116.812] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0116.815] GetFileType (hFile=0x23c) returned 0x1 [0116.815] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0116.816] WriteFile (in: hFile=0x23c, lpBuffer=0xc00006e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesWritten=0xc00026fd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.816] CloseHandle (hObject=0x23c) returned 1 [0116.818] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0116.818] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0116.819] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbeetuf[1].jpg"), dwFlags=0x1) returned 1 [0117.166] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0117.180] SetEvent (hEvent=0x1dc) returned 1 [0117.180] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0117.183] SetEvent (hEvent=0x39c) returned 1 [0117.183] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0117.186] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0117.187] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0117.187] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d4 [0117.188] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc00020bcf4 | out: lpMode=0xc00020bcf4) returned 0 [0117.190] GetFileType (hFile=0x2d4) returned 0x1 [0117.190] GetFileType (hFile=0x2d4) returned 0x1 [0117.190] GetFileInformationByHandle (in: hFile=0x2d4, lpFileInformation=0xc00020bd44 | out: lpFileInformation=0xc00020bd44) returned 1 [0117.190] GetFileInformationByHandleEx (in: hFile=0x2d4, FileInformationClass=0x9, lpFileInformation=0xc00020bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020bd28) returned 1 [0117.190] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0117.191] ReadFile (in: hFile=0x2d4, lpBuffer=0xc0000e4000, nNumberOfBytesToRead=0xbb7, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesRead=0xc00020bc04*=0x9b7, lpOverlapped=0x0) returned 1 [0117.196] ReadFile (in: hFile=0x2d4, lpBuffer=0xc0000e49b7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e49b7*, lpNumberOfBytesRead=0xc00020bc04*=0x0, lpOverlapped=0x0) returned 1 [0117.196] CloseHandle (hObject=0x2d4) returned 1 [0117.196] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0117.196] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0117.197] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0117.198] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc00020bd04 | out: lpMode=0xc00020bd04) returned 0 [0117.202] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0117.215] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0117.216] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000133818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc000133818*=0x2) returned 1 [0117.217] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0004*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00029d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0004*, lpNumberOfCharsWritten=0xc00029d818*=0x2) returned 1 [0117.223] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.224] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00026f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc00026f818*=0x2) returned 1 [0117.234] SetEvent (hEvent=0x39c) returned 1 [0117.234] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0117.240] SetEvent (hEvent=0x39c) returned 1 [0117.240] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0117.249] SetEvent (hEvent=0x3c8) returned 1 [0117.249] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0117.283] SetEvent (hEvent=0x340) returned 1 [0117.283] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0117.288] SetEvent (hEvent=0x1dc) returned 1 [0117.288] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0117.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3bc [0117.293] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc0001c9cf4 | out: lpMode=0xc0001c9cf4) returned 0 [0117.295] GetFileType (hFile=0x3bc) returned 0x1 [0117.295] GetFileType (hFile=0x3bc) returned 0x1 [0117.295] GetFileInformationByHandle (in: hFile=0x3bc, lpFileInformation=0xc0001c9d44 | out: lpFileInformation=0xc0001c9d44) returned 1 [0117.295] GetFileInformationByHandleEx (in: hFile=0x3bc, FileInformationClass=0x9, lpFileInformation=0xc0001c9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c9d28) returned 1 [0117.295] ReadFile (in: hFile=0x3bc, lpBuffer=0xc00006e000, nNumberOfBytesToRead=0x1e7e, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesRead=0xc0001c9c04*=0x1c7e, lpOverlapped=0x0) returned 1 [0117.304] ReadFile (in: hFile=0x3bc, lpBuffer=0xc00006fc7e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006fc7e*, lpNumberOfBytesRead=0xc0001c9c04*=0x0, lpOverlapped=0x0) returned 1 [0117.305] CloseHandle (hObject=0x3bc) returned 1 [0117.305] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0117.326] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0117.355] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001c9d04 | out: lpMode=0xc0001c9d04) returned 0 [0117.357] GetFileType (hFile=0x1b0) returned 0x1 [0117.357] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000074000*, nNumberOfBytesToWrite=0x1c80, lpNumberOfBytesWritten=0xc0001c9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000074000*, lpNumberOfBytesWritten=0xc0001c9cec*=0x1c80, lpOverlapped=0x0) returned 1 [0117.358] CloseHandle (hObject=0x1b0) returned 1 [0117.361] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0601 | out: pbBuffer=0xc0002f0601) returned 1 [0117.361] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0117.362] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0117.362] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001c9d64 | out: lpMode=0xc0001c9d64) returned 0 [0117.365] GetFileType (hFile=0x36c) returned 0x1 [0117.366] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0117.366] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000d71e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d71e0*, lpNumberOfBytesWritten=0xc0001c9d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.366] CloseHandle (hObject=0x36c) returned 1 [0117.369] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0117.445] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEgEH3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbegeh3[1].jpg"), dwFlags=0x1) returned 1 [0118.039] SetEvent (hEvent=0xc0) returned 1 [0118.039] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0118.039] SetEvent (hEvent=0x24c) returned 1 [0118.039] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0118.041] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.041] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0118.041] SetEvent (hEvent=0x24c) returned 1 [0118.042] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.043] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0118.059] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0118.063] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0118.073] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0118.080] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0118.083] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0118.181] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.022] SetEvent (hEvent=0x12c) returned 1 [0119.022] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0119.029] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00012bcf4 | out: lpMode=0xc00012bcf4) returned 0 [0119.030] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.116] SetEvent (hEvent=0x120) returned 1 [0119.116] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.118] SetEvent (hEvent=0x120) returned 1 [0119.118] SetEvent (hEvent=0x3c8) returned 1 [0119.118] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.124] SetEvent (hEvent=0x35c) returned 1 [0119.124] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.127] SetEvent (hEvent=0x120) returned 1 [0119.127] VirtualFree (lpAddress=0xc0002e2000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0119.128] VirtualFree (lpAddress=0xc00029a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.128] VirtualFree (lpAddress=0xc000290000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.128] VirtualFree (lpAddress=0xc000280000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0119.129] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.129] VirtualFree (lpAddress=0xc000266000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.129] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.130] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.130] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0119.130] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.131] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.131] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.131] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.132] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0119.132] VirtualFree (lpAddress=0xc00006a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0119.132] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.133] SetEvent (hEvent=0x198) returned 1 [0119.133] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.157] SetEvent (hEvent=0x13c) returned 1 [0119.157] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.159] SetEvent (hEvent=0xec) returned 1 [0119.160] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.162] SetEvent (hEvent=0x1b4) returned 1 [0119.162] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.165] SetEvent (hEvent=0x3c4) returned 1 [0119.165] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.173] SetEvent (hEvent=0x258) returned 1 [0119.173] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.177] SetEvent (hEvent=0x3c8) returned 1 [0119.177] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.178] SetEvent (hEvent=0x324) returned 1 [0119.178] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.180] SetEvent (hEvent=0xfc) returned 1 [0119.180] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.181] SetEvent (hEvent=0x114) returned 1 [0119.181] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.183] SetEvent (hEvent=0x364) returned 1 [0119.183] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.216] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.223] SetEvent (hEvent=0x15c) returned 1 [0119.223] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.224] SetEvent (hEvent=0x15c) returned 1 [0119.224] SetEvent (hEvent=0x2b0) returned 1 [0119.224] VirtualFree (lpAddress=0xc0002fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0119.224] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0119.225] VirtualFree (lpAddress=0xc0002be000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0119.225] VirtualFree (lpAddress=0xc00025a000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0119.226] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0119.226] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0119.227] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.227] VirtualFree (lpAddress=0xc000218000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.228] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.228] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.229] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0119.229] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0119.230] VirtualFree (lpAddress=0xc000160000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0119.230] VirtualFree (lpAddress=0xc00010c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0119.231] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.231] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0119.232] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.232] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0119.233] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.233] VirtualFree (lpAddress=0xc000076000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0119.233] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0119.234] VirtualFree (lpAddress=0xc00004c000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0119.235] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.235] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010050*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc000010050*, lpNumberOfCharsWritten=0xc000175818*=0x3) returned 1 [0119.236] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.251] SetEvent (hEvent=0x26c) returned 1 [0119.252] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.252] SetEvent (hEvent=0x26c) returned 1 [0119.252] SetEvent (hEvent=0x2b0) returned 1 [0119.252] VirtualFree (lpAddress=0xc0002f2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.253] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.253] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.254] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0119.254] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.254] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.255] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.255] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0119.255] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001f9818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc0001f9818*=0x3) returned 1 [0119.256] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.259] SetEvent (hEvent=0x1dc) returned 1 [0119.259] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.260] SetEvent (hEvent=0x1dc) returned 1 [0119.260] SetEvent (hEvent=0x2b0) returned 1 [0119.260] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.261] VirtualFree (lpAddress=0xc000072000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0119.261] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0119.261] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010068*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00017d818, lpReserved=0x0 | out: lpBuffer=0xc000010068*, lpNumberOfCharsWritten=0xc00017d818*=0x3) returned 1 [0119.263] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.264] SetEvent (hEvent=0x2a8) returned 1 [0119.264] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.265] SetEvent (hEvent=0x2a8) returned 1 [0119.266] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.267] SetEvent (hEvent=0x2a8) returned 1 [0119.267] SetEvent (hEvent=0x2b0) returned 1 [0119.267] SetEvent (hEvent=0x1e8) returned 1 [0119.267] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.268] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.268] SetEvent (hEvent=0x2a8) returned 1 [0119.268] SetEvent (hEvent=0x1e8) returned 1 [0119.268] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001f5818, lpReserved=0x0 | out: lpBuffer=0xc0005863a0*, lpNumberOfCharsWritten=0xc0001f5818*=0x3) returned 1 [0119.269] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.272] SetEvent (hEvent=0xb8) returned 1 [0119.272] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.273] SetEvent (hEvent=0xb8) returned 1 [0119.273] SetEvent (hEvent=0x1e8) returned 1 [0119.273] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc0006e1818*=0x3) returned 1 [0119.274] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.275] SetEvent (hEvent=0x1e8) returned 1 [0119.275] VirtualAlloc (lpAddress=0xc0002cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002cc000 [0119.276] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x284 [0119.277] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0119.277] GetFileType (hFile=0x284) returned 0x1 [0119.277] GetFileType (hFile=0x284) returned 0x1 [0119.277] GetFileInformationByHandle (in: hFile=0x284, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0119.277] GetFileInformationByHandleEx (in: hFile=0x284, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0119.277] ReadFile (in: hFile=0x284, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x2869, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc0006e1c04*=0x2669, lpOverlapped=0x0) returned 1 [0119.279] ReadFile (in: hFile=0x284, lpBuffer=0xc00004e669, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e669*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0119.279] CloseHandle (hObject=0x284) returned 1 [0119.280] VirtualAlloc (lpAddress=0xc0002ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ce000 [0119.280] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0119.282] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0119.519] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0119.519] GetFileType (hFile=0x3dc) returned 0x1 [0119.520] WriteFile (in: hFile=0x3dc, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x2670, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc0006e1cec*=0x2670, lpOverlapped=0x0) returned 1 [0119.521] CloseHandle (hObject=0x3dc) returned 1 [0119.521] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0101 | out: pbBuffer=0xc0002f0101) returned 1 [0119.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0119.521] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0119.522] GetFileType (hFile=0x3dc) returned 0x1 [0119.522] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.522] CloseHandle (hObject=0x3dc) returned 1 [0119.522] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBE972F[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbe972f[1].jpg"), dwFlags=0x1) returned 1 [0119.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3dc [0119.922] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00018bcf4 | out: lpMode=0xc00018bcf4) returned 0 [0119.923] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.933] GetFileType (hFile=0x3dc) returned 0x1 [0119.933] GetFileType (hFile=0x3dc) returned 0x1 [0119.933] GetFileInformationByHandle (in: hFile=0x3dc, lpFileInformation=0xc00018bd44 | out: lpFileInformation=0xc00018bd44) returned 1 [0119.933] GetFileInformationByHandleEx (in: hFile=0x3dc, FileInformationClass=0x9, lpFileInformation=0xc00018bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018bd28) returned 1 [0119.933] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0119.935] ReadFile (in: hFile=0x3dc, lpBuffer=0xc0000b6000, nNumberOfBytesToRead=0x31e3, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesRead=0xc00018bc04*=0x2fe3, lpOverlapped=0x0) returned 1 [0119.939] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0119.958] ReadFile (in: hFile=0x3dc, lpBuffer=0xc0000b8fe3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b8fe3*, lpNumberOfBytesRead=0xc00018bc04*=0x0, lpOverlapped=0x0) returned 1 [0119.959] CloseHandle (hObject=0x3dc) returned 1 [0119.959] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0119.959] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0119.961] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0119.961] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0119.962] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0119.963] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00018bd04 | out: lpMode=0xc00018bd04) returned 0 [0120.004] GetFileType (hFile=0x3dc) returned 0x1 [0120.004] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0120.005] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0000e4000*, nNumberOfBytesToWrite=0x2ff0, lpNumberOfBytesWritten=0xc00018bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesWritten=0xc00018bcec*=0x2ff0, lpOverlapped=0x0) returned 1 [0120.006] CloseHandle (hObject=0x3dc) returned 1 [0120.006] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0120.006] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0120.007] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0120.007] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00018bd64 | out: lpMode=0xc00018bd64) returned 0 [0120.011] GetFileType (hFile=0x3dc) returned 0x1 [0120.011] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00018bd4c*=0x158, lpOverlapped=0x0) returned 1 [0120.011] CloseHandle (hObject=0x3dc) returned 1 [0120.011] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEdrqt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbedrqt[1].jpg"), dwFlags=0x1) returned 1 [0120.013] SetEvent (hEvent=0x30c) returned 1 [0120.013] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.017] SetEvent (hEvent=0x1a0) returned 1 [0120.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d8 [0120.018] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc000173cf4 | out: lpMode=0xc000173cf4) returned 0 [0120.028] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.029] GetFileType (hFile=0x2d8) returned 0x1 [0120.029] GetFileType (hFile=0x2d8) returned 0x1 [0120.029] GetFileInformationByHandle (in: hFile=0x2d8, lpFileInformation=0xc000173d44 | out: lpFileInformation=0xc000173d44) returned 1 [0120.029] GetFileInformationByHandleEx (in: hFile=0x2d8, FileInformationClass=0x9, lpFileInformation=0xc000173d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000173d28) returned 1 [0120.030] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0120.031] ReadFile (in: hFile=0x2d8, lpBuffer=0xc000180000, nNumberOfBytesToRead=0x2f32, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesRead=0xc000173c04*=0x2d32, lpOverlapped=0x0) returned 1 [0120.073] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.082] ReadFile (in: hFile=0x2d8, lpBuffer=0xc000182d32, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc000182d32*, lpNumberOfBytesRead=0xc000173c04*=0x0, lpOverlapped=0x0) returned 1 [0120.082] CloseHandle (hObject=0x2d8) returned 1 [0120.082] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0120.083] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0120.083] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0120.084] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc000173d04 | out: lpMode=0xc000173d04) returned 0 [0120.089] GetFileType (hFile=0x2d8) returned 0x1 [0120.089] WriteFile (in: hFile=0x2d8, lpBuffer=0xc000183000*, nNumberOfBytesToWrite=0x2d40, lpNumberOfBytesWritten=0xc000173cec, lpOverlapped=0x0 | out: lpBuffer=0xc000183000*, lpNumberOfBytesWritten=0xc000173cec*=0x2d40, lpOverlapped=0x0) returned 1 [0120.090] CloseHandle (hObject=0x2d8) returned 1 [0120.090] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a101 | out: pbBuffer=0xc00028a101) returned 1 [0120.090] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0120.091] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0120.091] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0120.092] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0120.092] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0120.093] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0120.093] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0120.093] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc000173d64 | out: lpMode=0xc000173d64) returned 0 [0120.096] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.103] SetEvent (hEvent=0x3c0) returned 1 [0120.103] GetFileType (hFile=0x2d8) returned 0x1 [0120.103] WriteFile (in: hFile=0x2d8, lpBuffer=0xc0001242c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000173d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001242c0*, lpNumberOfBytesWritten=0xc000173d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.103] CloseHandle (hObject=0x2d8) returned 1 [0120.104] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0120.104] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEf6s4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbef6s4[1].jpg"), dwFlags=0x1) returned 1 [0120.105] SetEvent (hEvent=0x258) returned 1 [0120.105] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.107] SetEvent (hEvent=0x3c0) returned 1 [0120.107] SetEvent (hEvent=0x148) returned 1 [0120.107] SetEvent (hEvent=0x30c) returned 1 [0120.107] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.114] SetEvent (hEvent=0x258) returned 1 [0120.114] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.120] SetEvent (hEvent=0x3c0) returned 1 [0120.120] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.124] SetEvent (hEvent=0x3c0) returned 1 [0120.124] SetEvent (hEvent=0x30c) returned 1 [0120.124] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.125] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.125] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.126] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.126] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.126] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.127] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.127] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0120.128] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000173818, lpReserved=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfCharsWritten=0xc000173818*=0x3) returned 1 [0120.132] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.134] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0120.135] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.141] SetEvent (hEvent=0x364) returned 1 [0120.142] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0120.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0120.143] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000277cf4 | out: lpMode=0xc000277cf4) returned 0 [0120.149] GetFileType (hFile=0x174) returned 0x1 [0120.149] GetFileType (hFile=0x174) returned 0x1 [0120.149] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc000277d44 | out: lpFileInformation=0xc000277d44) returned 1 [0120.149] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc000277d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000277d28) returned 1 [0120.149] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0120.150] ReadFile (in: hFile=0x174, lpBuffer=0xc000168000, nNumberOfBytesToRead=0xb16, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc000168000*, lpNumberOfBytesRead=0xc000277c04*=0x916, lpOverlapped=0x0) returned 1 [0120.311] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.325] ReadFile (in: hFile=0x174, lpBuffer=0xc000168916, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc000168916*, lpNumberOfBytesRead=0xc000277c04*=0x0, lpOverlapped=0x0) returned 1 [0120.325] CloseHandle (hObject=0x174) returned 1 [0120.325] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0120.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0120.327] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000277d04 | out: lpMode=0xc000277d04) returned 0 [0120.336] GetFileType (hFile=0x174) returned 0x1 [0120.336] WriteFile (in: hFile=0x174, lpBuffer=0xc00026a000*, nNumberOfBytesToWrite=0x920, lpNumberOfBytesWritten=0xc000277cec, lpOverlapped=0x0 | out: lpBuffer=0xc00026a000*, lpNumberOfBytesWritten=0xc000277cec*=0x920, lpOverlapped=0x0) returned 1 [0120.338] CloseHandle (hObject=0x174) returned 1 [0120.338] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0501 | out: pbBuffer=0xc0002f0501) returned 1 [0120.338] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0120.338] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000277d64 | out: lpMode=0xc000277d64) returned 0 [0120.349] GetFileType (hFile=0x174) returned 0x1 [0120.349] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000277d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000277d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.349] CloseHandle (hObject=0x174) returned 1 [0120.350] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEgsWA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbegswa[1].jpg"), dwFlags=0x1) returned 1 [0120.351] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.352] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0120.352] SetEvent (hEvent=0xc0) returned 1 [0120.352] SetEvent (hEvent=0x364) returned 1 [0120.352] SetEvent (hEvent=0x12c) returned 1 [0120.352] SetEvent (hEvent=0x39c) returned 1 [0120.353] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.366] SetEvent (hEvent=0x39c) returned 1 [0120.366] SetEvent (hEvent=0x12c) returned 1 [0120.366] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.371] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.372] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.373] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0120.373] SetEvent (hEvent=0x258) returned 1 [0120.373] SetEvent (hEvent=0x1a0) returned 1 [0120.373] SetEvent (hEvent=0x12c) returned 1 [0120.373] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0120.377] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc00020fcf4 | out: lpMode=0xc00020fcf4) returned 0 [0120.383] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.395] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.401] SetEvent (hEvent=0x144) returned 1 [0120.401] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe30*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.402] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0120.402] SetEvent (hEvent=0xc0) returned 1 [0120.403] SetEvent (hEvent=0x198) returned 1 [0120.403] SetEvent (hEvent=0x144) returned 1 [0120.403] SetEvent (hEvent=0x3c0) returned 1 [0120.403] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.413] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.414] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.414] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0120.414] SetEvent (hEvent=0x198) returned 1 [0120.414] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.430] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0120.431] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0120.431] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d8 [0120.432] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc0001c9cf4 | out: lpMode=0xc0001c9cf4) returned 0 [0120.432] GetFileType (hFile=0x2d8) returned 0x1 [0120.432] GetFileType (hFile=0x2d8) returned 0x1 [0120.432] GetFileInformationByHandle (in: hFile=0x2d8, lpFileInformation=0xc0001c9d44 | out: lpFileInformation=0xc0001c9d44) returned 1 [0120.433] GetFileInformationByHandleEx (in: hFile=0x2d8, FileInformationClass=0x9, lpFileInformation=0xc0001c9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c9d28) returned 1 [0120.433] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0120.436] ReadFile (in: hFile=0x2d8, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x1ffaf, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc0001c9c04*=0x1fdaf, lpOverlapped=0x0) returned 1 [0120.442] ReadFile (in: hFile=0x2d8, lpBuffer=0xc000365daf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000365daf*, lpNumberOfBytesRead=0xc0001c9c04*=0x0, lpOverlapped=0x0) returned 1 [0120.442] CloseHandle (hObject=0x2d8) returned 1 [0120.442] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0120.442] VirtualAlloc (lpAddress=0xc000366000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000366000 [0120.446] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0120.462] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc0001c9d04 | out: lpMode=0xc0001c9d04) returned 0 [0120.470] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.476] GetFileType (hFile=0x2d8) returned 0x1 [0120.476] WriteFile (in: hFile=0x2d8, lpBuffer=0xc000366000*, nNumberOfBytesToWrite=0x1fdb0, lpNumberOfBytesWritten=0xc0001c9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000366000*, lpNumberOfBytesWritten=0xc0001c9cec*=0x1fdb0, lpOverlapped=0x0) returned 1 [0120.480] CloseHandle (hObject=0x2d8) returned 1 [0120.488] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0101 | out: pbBuffer=0xc0002f0101) returned 1 [0120.488] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0120.489] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0120.489] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0120.490] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0120.490] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc0001c9d64 | out: lpMode=0xc0001c9d64) returned 0 [0120.523] GetFileType (hFile=0x3dc) returned 0x1 [0120.523] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0001c9d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.524] CloseHandle (hObject=0x3dc) returned 1 [0120.530] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-benefits-1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-benefits-1[1].jpg"), dwFlags=0x1) returned 1 [0120.772] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f698, ulCount=0x10, ulNumEntriesRemoved=0x27a5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f698, ulNumEntriesRemoved=0x27a5f66c) returned 0 [0120.772] SetEvent (hEvent=0x148) returned 1 [0120.772] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0120.774] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe08*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.777] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.777] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27a5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27a5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27a5f6a0, ulNumEntriesRemoved=0x27a5f674) returned 0 [0120.777] SetEvent (hEvent=0x148) returned 1 [0120.778] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27a5fe18*=0x9c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.791] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0120.791] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0141.119] SetEvent (hEvent=0x354) returned 1 [0141.119] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0141.119] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0141.120] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0141.120] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1WwC7yDS7iD6Z0TXpq.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1wwc7yds7id6z0txpq.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0141.121] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000257cf4 | out: lpMode=0xc000257cf4) returned 0 [0141.131] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0141.489] GetFileType (hFile=0x174) returned 0x1 [0141.489] GetFileType (hFile=0x174) returned 0x1 [0141.489] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc000257d44 | out: lpFileInformation=0xc000257d44) returned 1 [0141.489] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc000257d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000257d28) returned 1 [0141.489] ReadFile (in: hFile=0x174, lpBuffer=0xc000120480, nNumberOfBytesToRead=0x407, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc000120480*, lpNumberOfBytesRead=0xc000257c04*=0x207, lpOverlapped=0x0) returned 1 [0142.485] ReadFile (in: hFile=0x174, lpBuffer=0xc000120687, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc000120687*, lpNumberOfBytesRead=0xc000257c04*=0x0, lpOverlapped=0x0) returned 1 [0142.485] CloseHandle (hObject=0x174) returned 1 [0142.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1WwC7yDS7iD6Z0TXpq.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1wwc7yds7id6z0txpq.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0142.487] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000257d04 | out: lpMode=0xc000257d04) returned 0 [0142.531] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0143.000] GetFileType (hFile=0x174) returned 0x1 [0143.001] WriteFile (in: hFile=0x174, lpBuffer=0xc000184b40*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0xc000257cec, lpOverlapped=0x0 | out: lpBuffer=0xc000184b40*, lpNumberOfBytesWritten=0xc000257cec*=0x210, lpOverlapped=0x0) returned 1 [0143.002] CloseHandle (hObject=0x174) returned 1 [0143.002] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0143.002] VirtualAlloc (lpAddress=0xc000720000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000720000 [0143.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1WwC7yDS7iD6Z0TXpq.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1wwc7yds7id6z0txpq.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0143.004] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000257d64 | out: lpMode=0xc000257d64) returned 0 [0143.012] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0144.276] GetFileType (hFile=0x174) returned 0x1 [0144.276] WriteFile (in: hFile=0x174, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000257d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc000257d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.277] CloseHandle (hObject=0x174) returned 1 [0144.277] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0144.278] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1WwC7yDS7iD6Z0TXpq.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1wwc7yds7id6z0txpq.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-1WwC7yDS7iD6Z0TXpq.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-1wwc7yds7id6z0txpq.lnk"), dwFlags=0x1) returned 1 [0144.280] SetEvent (hEvent=0x39c) returned 1 [0144.280] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0144.294] SetEvent (hEvent=0xbc0) returned 1 [0144.294] SetEvent (hEvent=0x980) returned 1 [0144.295] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0144.304] SetEvent (hEvent=0xbc0) returned 1 [0144.304] SetEvent (hEvent=0x978) returned 1 [0144.304] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0144.314] SetEvent (hEvent=0xbc0) returned 1 [0144.314] SetEvent (hEvent=0xb48) returned 1 [0144.314] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0144.322] SetEvent (hEvent=0xa70) returned 1 [0144.322] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0144.329] SetEvent (hEvent=0x1c4) returned 1 [0144.329] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) returned 0x0 [0144.336] SetEvent (hEvent=0x12c) returned 1 [0144.336] WaitForSingleObject (hHandle=0x9c, dwMilliseconds=0xffffffff) Thread: id = 4 os_tid = 0x2a8 [0070.493] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27c5fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27c5fea0*=0xa4) returned 1 [0070.493] VirtualQuery (in: lpAddress=0x27c5fec0, lpBuffer=0x27c5fec0, dwLength=0x30 | out: lpBuffer=0x27c5fec0*(BaseAddress=0x27c5f000, AllocationBase=0x27a60000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0070.493] VirtualAlloc (lpAddress=0xc00003a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003a000 [0070.494] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa8 [0070.494] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac [0070.494] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0070.565] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0071.520] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0071.521] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0071.522] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0071.524] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0071.590] SetEvent (hEvent=0xb8) returned 1 [0071.590] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x98, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27c5f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27c5f928*=0xe8) returned 1 [0071.590] SwitchToThread () returned 1 [0071.591] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0071.597] SuspendThread (hThread=0xe8) returned 0x0 [0071.597] GetThreadContext (in: hThread=0xe8, lpContext=0x27c5f940 | out: lpContext=0x27c5f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27a5feb8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0071.597] ResumeThread (hThread=0xe8) returned 0x1 [0071.597] CloseHandle (hObject=0xe8) returned 1 [0071.597] SetEvent (hEvent=0xb8) returned 1 [0071.597] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27c5fe08*=0xa8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0071.697] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0071.697] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27c5fe08*=0xa8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0071.792] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0071.792] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27c5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27c5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27c5f6a0, ulNumEntriesRemoved=0x27c5f674) returned 0 [0071.792] SetEvent (hEvent=0x9c) returned 1 [0071.793] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27c5fe18*=0xa8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0072.004] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27c5fe30*=0xa8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0072.005] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27c5f698, ulCount=0x10, ulNumEntriesRemoved=0x27c5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27c5f698, ulNumEntriesRemoved=0x27c5f66c) returned 0 [0072.005] SetEvent (hEvent=0xc0) returned 1 [0072.005] SetEvent (hEvent=0xb8) returned 1 [0072.005] VirtualAlloc (lpAddress=0xc0004e0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004e0000 [0072.006] VirtualAlloc (lpAddress=0x0, dwSize=0x10000, flAllocationType=0x3000, flProtect=0x4) returned 0x780000 [0072.007] VirtualAlloc (lpAddress=0xc0004e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004e8000 [0072.007] VirtualAlloc (lpAddress=0xc0004ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004ea000 [0072.007] VirtualAlloc (lpAddress=0xc0004ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004ec000 [0072.007] VirtualAlloc (lpAddress=0xc0004ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004ee000 [0072.008] VirtualAlloc (lpAddress=0xc0004f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004f0000 [0072.009] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.009] VirtualAlloc (lpAddress=0xc0004f2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004f2000 [0072.009] VirtualAlloc (lpAddress=0xc0004f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004f6000 [0072.010] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.011] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.011] VirtualAlloc (lpAddress=0xc0004f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004f8000 [0072.012] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.012] VirtualAlloc (lpAddress=0xc0004fa000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004fa000 [0072.013] VirtualAlloc (lpAddress=0xc0004fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004fe000 [0072.014] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.014] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.015] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.016] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.017] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.017] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.018] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.019] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.020] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.022] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.023] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.024] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.025] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.026] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.027] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.027] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x80, pbBuffer=0xc0003c4f80 | out: pbBuffer=0xc0003c4f80) returned 1 [0072.049] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xc0003e6000, nSize=0x64 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0072.049] GetProcAddress (hModule=0x77940000, lpProcName="GetFileAttributesExW") returned 0x7794b7a0 [0072.049] GetFileAttributesExW (in: lpFileName="powershell.com" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.com"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.050] GetProcAddress (hModule=0x77940000, lpProcName="CreateFileW") returned 0x77951870 [0072.050] CreateFileW (lpFileName="powershell.com" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.com"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.050] GetFileAttributesExW (in: lpFileName="powershell.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.050] CreateFileW (lpFileName="powershell.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.exe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.050] GetFileAttributesExW (in: lpFileName="powershell.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.bat"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.050] CreateFileW (lpFileName="powershell.bat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.bat"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.050] GetFileAttributesExW (in: lpFileName="powershell.cmd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.cmd"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.050] CreateFileW (lpFileName="powershell.cmd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.cmd"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.050] GetFileAttributesExW (in: lpFileName="powershell.vbs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.vbs"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.050] CreateFileW (lpFileName="powershell.vbs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.vbs"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.050] GetFileAttributesExW (in: lpFileName="powershell.vbe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.vbe"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.050] CreateFileW (lpFileName="powershell.vbe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.vbe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.051] GetFileAttributesExW (in: lpFileName="powershell.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.js"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.051] CreateFileW (lpFileName="powershell.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.js"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.051] GetFileAttributesExW (in: lpFileName="powershell.jse" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.jse"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.051] CreateFileW (lpFileName="powershell.jse" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.jse"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.051] GetFileAttributesExW (in: lpFileName="powershell.wsf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.wsf"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.051] CreateFileW (lpFileName="powershell.wsf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.wsf"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.051] GetFileAttributesExW (in: lpFileName="powershell.wsh" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.wsh"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.051] CreateFileW (lpFileName="powershell.wsh" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.wsh"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.051] GetFileAttributesExW (in: lpFileName="powershell.msc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.msc"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.051] CreateFileW (lpFileName="powershell.msc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\powershell.msc"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.051] GetEnvironmentVariableW (in: lpName="path", lpBuffer=0xc0003e60d0, nSize=0x64 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0072.051] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\powershell.com" (normalized: "c:\\windows\\system32\\powershell.com"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.052] CreateFileW (lpFileName="C:\\Windows\\system32\\powershell.com" (normalized: "c:\\windows\\system32\\powershell.com"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.052] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\powershell.exe" (normalized: "c:\\windows\\system32\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.052] CreateFileW (lpFileName="C:\\Windows\\system32\\powershell.exe" (normalized: "c:\\windows\\system32\\powershell.exe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.052] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\powershell.bat" (normalized: "c:\\windows\\system32\\powershell.bat"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.052] CreateFileW (lpFileName="C:\\Windows\\system32\\powershell.bat" (normalized: "c:\\windows\\system32\\powershell.bat"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.052] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\powershell.cmd" (normalized: "c:\\windows\\system32\\powershell.cmd"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.052] CreateFileW (lpFileName="C:\\Windows\\system32\\powershell.cmd" (normalized: "c:\\windows\\system32\\powershell.cmd"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.052] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\powershell.vbs" (normalized: "c:\\windows\\system32\\powershell.vbs"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.052] CreateFileW (lpFileName="C:\\Windows\\system32\\powershell.vbs" (normalized: "c:\\windows\\system32\\powershell.vbs"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.052] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\powershell.vbe" (normalized: "c:\\windows\\system32\\powershell.vbe"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.052] CreateFileW (lpFileName="C:\\Windows\\system32\\powershell.vbe" (normalized: "c:\\windows\\system32\\powershell.vbe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.053] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\powershell.js" (normalized: "c:\\windows\\system32\\powershell.js"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.053] CreateFileW (lpFileName="C:\\Windows\\system32\\powershell.js" (normalized: "c:\\windows\\system32\\powershell.js"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.053] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\powershell.jse" (normalized: "c:\\windows\\system32\\powershell.jse"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.053] CreateFileW (lpFileName="C:\\Windows\\system32\\powershell.jse" (normalized: "c:\\windows\\system32\\powershell.jse"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.053] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\powershell.wsf" (normalized: "c:\\windows\\system32\\powershell.wsf"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.053] CreateFileW (lpFileName="C:\\Windows\\system32\\powershell.wsf" (normalized: "c:\\windows\\system32\\powershell.wsf"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.053] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\powershell.wsh" (normalized: "c:\\windows\\system32\\powershell.wsh"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.053] CreateFileW (lpFileName="C:\\Windows\\system32\\powershell.wsh" (normalized: "c:\\windows\\system32\\powershell.wsh"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.053] GetFileAttributesExW (in: lpFileName="C:\\Windows\\system32\\powershell.msc" (normalized: "c:\\windows\\system32\\powershell.msc"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.053] CreateFileW (lpFileName="C:\\Windows\\system32\\powershell.msc" (normalized: "c:\\windows\\system32\\powershell.msc"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.053] GetFileAttributesExW (in: lpFileName="C:\\Windows\\powershell.com" (normalized: "c:\\windows\\powershell.com"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.054] CreateFileW (lpFileName="C:\\Windows\\powershell.com" (normalized: "c:\\windows\\powershell.com"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.054] GetFileAttributesExW (in: lpFileName="C:\\Windows\\powershell.exe" (normalized: "c:\\windows\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.054] CreateFileW (lpFileName="C:\\Windows\\powershell.exe" (normalized: "c:\\windows\\powershell.exe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.054] GetFileAttributesExW (in: lpFileName="C:\\Windows\\powershell.bat" (normalized: "c:\\windows\\powershell.bat"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.054] CreateFileW (lpFileName="C:\\Windows\\powershell.bat" (normalized: "c:\\windows\\powershell.bat"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.054] GetFileAttributesExW (in: lpFileName="C:\\Windows\\powershell.cmd" (normalized: "c:\\windows\\powershell.cmd"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.054] CreateFileW (lpFileName="C:\\Windows\\powershell.cmd" (normalized: "c:\\windows\\powershell.cmd"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.054] GetFileAttributesExW (in: lpFileName="C:\\Windows\\powershell.vbs" (normalized: "c:\\windows\\powershell.vbs"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.054] CreateFileW (lpFileName="C:\\Windows\\powershell.vbs" (normalized: "c:\\windows\\powershell.vbs"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.054] GetFileAttributesExW (in: lpFileName="C:\\Windows\\powershell.vbe" (normalized: "c:\\windows\\powershell.vbe"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.054] CreateFileW (lpFileName="C:\\Windows\\powershell.vbe" (normalized: "c:\\windows\\powershell.vbe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.055] GetFileAttributesExW (in: lpFileName="C:\\Windows\\powershell.js" (normalized: "c:\\windows\\powershell.js"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.055] CreateFileW (lpFileName="C:\\Windows\\powershell.js" (normalized: "c:\\windows\\powershell.js"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.055] GetFileAttributesExW (in: lpFileName="C:\\Windows\\powershell.jse" (normalized: "c:\\windows\\powershell.jse"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.055] CreateFileW (lpFileName="C:\\Windows\\powershell.jse" (normalized: "c:\\windows\\powershell.jse"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.055] GetFileAttributesExW (in: lpFileName="C:\\Windows\\powershell.wsf" (normalized: "c:\\windows\\powershell.wsf"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.055] CreateFileW (lpFileName="C:\\Windows\\powershell.wsf" (normalized: "c:\\windows\\powershell.wsf"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.055] GetFileAttributesExW (in: lpFileName="C:\\Windows\\powershell.wsh" (normalized: "c:\\windows\\powershell.wsh"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.055] CreateFileW (lpFileName="C:\\Windows\\powershell.wsh" (normalized: "c:\\windows\\powershell.wsh"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.055] GetFileAttributesExW (in: lpFileName="C:\\Windows\\powershell.msc" (normalized: "c:\\windows\\powershell.msc"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.055] CreateFileW (lpFileName="C:\\Windows\\powershell.msc" (normalized: "c:\\windows\\powershell.msc"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.055] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.com" (normalized: "c:\\windows\\system32\\wbem\\powershell.com"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.055] CreateFileW (lpFileName="C:\\Windows\\System32\\Wbem\\powershell.com" (normalized: "c:\\windows\\system32\\wbem\\powershell.com"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.056] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe" (normalized: "c:\\windows\\system32\\wbem\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.056] CreateFileW (lpFileName="C:\\Windows\\System32\\Wbem\\powershell.exe" (normalized: "c:\\windows\\system32\\wbem\\powershell.exe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.056] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.bat" (normalized: "c:\\windows\\system32\\wbem\\powershell.bat"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.056] CreateFileW (lpFileName="C:\\Windows\\System32\\Wbem\\powershell.bat" (normalized: "c:\\windows\\system32\\wbem\\powershell.bat"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.056] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.cmd" (normalized: "c:\\windows\\system32\\wbem\\powershell.cmd"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.056] CreateFileW (lpFileName="C:\\Windows\\System32\\Wbem\\powershell.cmd" (normalized: "c:\\windows\\system32\\wbem\\powershell.cmd"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.056] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.vbs" (normalized: "c:\\windows\\system32\\wbem\\powershell.vbs"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.056] CreateFileW (lpFileName="C:\\Windows\\System32\\Wbem\\powershell.vbs" (normalized: "c:\\windows\\system32\\wbem\\powershell.vbs"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.056] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.vbe" (normalized: "c:\\windows\\system32\\wbem\\powershell.vbe"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.056] CreateFileW (lpFileName="C:\\Windows\\System32\\Wbem\\powershell.vbe" (normalized: "c:\\windows\\system32\\wbem\\powershell.vbe"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.056] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.js" (normalized: "c:\\windows\\system32\\wbem\\powershell.js"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.056] CreateFileW (lpFileName="C:\\Windows\\System32\\Wbem\\powershell.js" (normalized: "c:\\windows\\system32\\wbem\\powershell.js"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.057] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.jse" (normalized: "c:\\windows\\system32\\wbem\\powershell.jse"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.057] CreateFileW (lpFileName="C:\\Windows\\System32\\Wbem\\powershell.jse" (normalized: "c:\\windows\\system32\\wbem\\powershell.jse"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.057] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.wsf" (normalized: "c:\\windows\\system32\\wbem\\powershell.wsf"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.057] CreateFileW (lpFileName="C:\\Windows\\System32\\Wbem\\powershell.wsf" (normalized: "c:\\windows\\system32\\wbem\\powershell.wsf"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.057] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.wsh" (normalized: "c:\\windows\\system32\\wbem\\powershell.wsh"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.057] CreateFileW (lpFileName="C:\\Windows\\System32\\Wbem\\powershell.wsh" (normalized: "c:\\windows\\system32\\wbem\\powershell.wsh"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.057] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\powershell.msc" (normalized: "c:\\windows\\system32\\wbem\\powershell.msc"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.057] CreateFileW (lpFileName="C:\\Windows\\System32\\Wbem\\powershell.msc" (normalized: "c:\\windows\\system32\\wbem\\powershell.msc"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.057] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.com" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.com"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0072.057] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.com" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.com"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0xffffffffffffffff [0072.057] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb990 | out: lpFileInformation=0xc0000bb990*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1 [0072.060] VirtualAlloc (lpAddress=0xc0006c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006c6000 [0072.061] VirtualAlloc (lpAddress=0xc0006c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006c8000 [0072.061] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0xc0006c8000, nSize=0x64 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0072.061] VirtualAlloc (lpAddress=0xc0006ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ca000 [0072.061] VirtualAlloc (lpAddress=0xc0006cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006cc000 [0072.062] VirtualAlloc (lpAddress=0xc0006ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ce000 [0072.062] VirtualAlloc (lpAddress=0xc0006d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006d0000 [0072.062] VirtualAlloc (lpAddress=0xc0006d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006d2000 [0072.062] VirtualAlloc (lpAddress=0xc0006d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006d4000 [0072.062] VirtualAlloc (lpAddress=0xc0006d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006d6000 [0072.063] VirtualAlloc (lpAddress=0xc0006d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006d8000 [0072.063] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb778 | out: lpFileInformation=0xc0000bb778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82dd7f7c, ftCreationTime.dwHighDateTime=0x1ca0414, ftLastAccessTime.dwLowDateTime=0x82dd7f7c, ftLastAccessTime.dwHighDateTime=0x1ca0414, ftLastWriteTime.dwLowDateTime=0xe84fc9b0, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x73a00)) returned 1 [0072.063] CreateFileW (lpFileName="NUL" (normalized: "\\device\\null"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xe4 [0072.063] GetConsoleMode (in: hConsoleHandle=0xe4, lpMode=0xc0000bbb8c | out: lpMode=0xc0000bbb8c) returned 0 [0072.064] GetFileType (hFile=0xe4) returned 0x2 [0072.064] GetProcAddress (hModule=0x77940000, lpProcName="CreatePipe") returned 0x77944a10 [0072.064] CreatePipe (in: hReadPipe=0xc0000bbc20, hWritePipe=0xc0000bbc28, lpPipeAttributes=0x0, nSize=0x0 | out: hReadPipe=0xc0000bbc20*=0xe0, hWritePipe=0xc0000bbc28*=0xec) returned 1 [0072.065] CreatePipe (in: hReadPipe=0xc0000bbc20, hWritePipe=0xc0000bbc28, lpPipeAttributes=0x0, nSize=0x0 | out: hReadPipe=0xc0000bbc20*=0xf0, hWritePipe=0xc0000bbc28*=0xf4) returned 1 [0072.065] GetProcAddress (hModule=0x77940000, lpProcName="GetEnvironmentStringsW") returned 0x77956d00 [0072.065] GetEnvironmentStringsW () returned 0x7b2a60* [0072.065] GetProcAddress (hModule=0x77940000, lpProcName="FreeEnvironmentStringsW") returned 0x77956d20 [0072.065] FreeEnvironmentStringsW (penv=0x7b2a60) returned 1 [0072.066] GetProcAddress (hModule=0x77940000, lpProcName="GetCurrentProcess") returned 0x77955cf0 [0072.066] GetCurrentProcess () returned 0xffffffffffffffff [0072.066] GetProcAddress (hModule=0x77940000, lpProcName="DuplicateHandle") returned 0x77955d10 [0072.066] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0xc00009e4a0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xc00009e4a0*=0xf8) returned 1 [0072.066] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0xc00009e4a8, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xc00009e4a8*=0xfc) returned 1 [0072.066] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0xc00009e4b0, dwDesiredAccess=0x0, bInheritHandle=1, dwOptions=0x2 | out: lpTargetHandle=0xc00009e4b0*=0x100) returned 1 [0072.066] GetProcAddress (hModule=0x77940000, lpProcName="CreateProcessW") returned 0x77961bb0 [0072.066] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpCommandLine="powershell [Environment]::GetLogicalDrives()", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x400, lpEnvironment=0xc000352000, lpCurrentDirectory=0x0, lpStartupInfo=0xc0000bbb50*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xf8, hStdOutput=0xfc, hStdError=0x100), lpProcessInformation=0xc0000bba60 | out: lpCommandLine="powershell [Environment]::GetLogicalDrives()", lpProcessInformation=0xc0000bba60*(hProcess=0x114, hThread=0x110, dwProcessId=0x15c, dwThreadId=0x5dc)) returned 1 [0072.428] SetEvent (hEvent=0xc0) returned 1 [0072.428] GetProcAddress (hModule=0x77940000, lpProcName="CloseHandle") returned 0x77962f80 [0072.428] CloseHandle (hObject=0x110) returned 1 [0072.428] CloseHandle (hObject=0x100) returned 1 [0072.428] CloseHandle (hObject=0xfc) returned 1 [0072.428] CloseHandle (hObject=0xf8) returned 1 [0072.429] CloseHandle (hObject=0xe4) returned 1 [0072.429] CancelIoEx (hFile=0xec, lpOverlapped=0x0) returned 0 [0072.429] CloseHandle (hObject=0xec) returned 1 [0072.429] CancelIoEx (hFile=0xf4, lpOverlapped=0x0) returned 0 [0072.429] CloseHandle (hObject=0xf4) returned 1 [0072.429] SetEvent (hEvent=0x108) returned 1 [0072.429] GetProcAddress (hModule=0x77940000, lpProcName="WaitForSingleObject") returned 0x77962b20 [0072.429] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0089.822] SetEvent (hEvent=0xc0) returned 1 [0089.822] GetProcAddress (hModule=0x77940000, lpProcName="GetExitCodeProcess") returned 0x779512b0 [0089.822] GetExitCodeProcess (in: hProcess=0x114, lpExitCode=0xc0000bbd74 | out: lpExitCode=0xc0000bbd74*=0x0) returned 1 [0089.823] GetProcAddress (hModule=0x77940000, lpProcName="GetProcessTimes") returned 0x77944380 [0089.823] GetProcessTimes (in: hProcess=0x114, lpCreationTime=0xc00000e560, lpExitTime=0xc00000e568, lpKernelTime=0xc00000e570, lpUserTime=0xc00000e578 | out: lpCreationTime=0xc00000e560, lpExitTime=0xc00000e568, lpKernelTime=0xc00000e570, lpUserTime=0xc00000e578) returned 1 [0089.823] CloseHandle (hObject=0x114) returned 1 [0089.823] PostQueuedCompletionStatus (CompletionPort=0xdc, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0089.823] PostQueuedCompletionStatus (CompletionPort=0xdc, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0089.823] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0089.834] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27c5f5a0, ulCount=0x10, ulNumEntriesRemoved=0x27c5f574, dwMilliseconds=0x3b9aca00, fAlertable=0 | out: lpCompletionPortEntries=0x27c5f5a0, ulNumEntriesRemoved=0x27c5f574) returned 1 [0156.573] SwitchToThread () returned 1 [0156.592] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\OkUCx.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\okucx.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\encry-OkUCx.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\encry-okucx.ots"), dwFlags=0x1) returned 1 [0156.594] GetFileType (hFile=0x5d8) returned 0x1 [0156.594] WriteFile (in: hFile=0x5d8, lpBuffer=0xc000050000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesWritten=0xc00026dd4c*=0x158, lpOverlapped=0x0) returned 1 [0156.594] CloseHandle (hObject=0x5d8) returned 1 [0156.594] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yhJPwSlO2BlhGko_W58.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yhjpwslo2blhgko_w58.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-yhJPwSlO2BlhGko_W58.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-yhjpwslo2blhgko_w58.xlsx"), dwFlags=0x1) returned 1 [0156.596] GetFileType (hFile=0x3d0) returned 0x1 [0156.596] WriteFile (in: hFile=0x3d0, lpBuffer=0xc0000502c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000197d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000502c0*, lpNumberOfBytesWritten=0xc000197d4c*=0x158, lpOverlapped=0x0) returned 1 [0156.596] CloseHandle (hObject=0x3d0) returned 1 [0156.596] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wOX68Cxezv6Oloa.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wox68cxezv6oloa.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-wOX68Cxezv6Oloa.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-wox68cxezv6oloa.pptx"), dwFlags=0x1) returned 1 [0156.598] GetFileType (hFile=0x1b0) returned 0x1 [0156.598] GetFileType (hFile=0x1b0) returned 0x1 [0156.598] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00018bd44 | out: lpFileInformation=0xc00018bd44) returned 1 [0156.598] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00018bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018bd28) returned 1 [0156.599] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0156.600] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x240000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.600] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x240000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.601] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x120000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.601] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x90000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e4000 [0156.606] VirtualAlloc (lpAddress=0xc000774000, dwSize=0x1b0000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.606] VirtualAlloc (lpAddress=0xc000774000, dwSize=0xd8000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.606] VirtualAlloc (lpAddress=0xc000774000, dwSize=0x6c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000774000 [0156.609] VirtualAlloc (lpAddress=0xc0007e0000, dwSize=0x144000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.610] VirtualAlloc (lpAddress=0xc0007e0000, dwSize=0xa2000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.610] VirtualAlloc (lpAddress=0xc0007e0000, dwSize=0x51000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.610] VirtualAlloc (lpAddress=0xc0007e0000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.610] VirtualAlloc (lpAddress=0xc0007e0000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007e0000 [0156.611] VirtualAlloc (lpAddress=0xc0007f4000, dwSize=0x130000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.611] VirtualAlloc (lpAddress=0xc0007f4000, dwSize=0x98000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.612] VirtualAlloc (lpAddress=0xc0007f4000, dwSize=0x4c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.612] VirtualAlloc (lpAddress=0xc0007f4000, dwSize=0x26000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.612] VirtualAlloc (lpAddress=0xc0007f4000, dwSize=0x13000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.612] VirtualAlloc (lpAddress=0xc0007f4000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007f4000 [0156.614] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x127000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.614] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x93000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.614] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x49000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.615] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.615] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.615] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.615] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.615] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fd000 [0156.617] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x125000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.617] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x92000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.617] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x49000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.617] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.617] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.617] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.617] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.617] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0156.617] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ff000 [0156.619] VirtualAlloc (lpAddress=0xc000800000, dwSize=0x124000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0156.709] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0006e4000, nNumberOfBytesToRead=0x23f200, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0006e4000*, lpNumberOfBytesRead=0xc00018bc04*=0x23f000, lpOverlapped=0x0) returned 1 [0156.792] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000923000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000923000*, lpNumberOfBytesRead=0xc00018bc04*=0x0, lpOverlapped=0x0) returned 1 [0156.792] CloseHandle (hObject=0x1b0) returned 1 [0156.792] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0156.794] VirtualAlloc (lpAddress=0xc000924000, dwSize=0x240000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000924000 [0156.919] SwitchToThread () returned 1 [0156.920] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0156.924] SetEvent (hEvent=0x43c) returned 1 [0156.924] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0156.934] SwitchToThread () returned 1 [0157.039] SwitchToThread () returned 1 [0157.041] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27c5f5a0, ulCount=0x10, ulNumEntriesRemoved=0x27c5f574, dwMilliseconds=0x9d8, fAlertable=0 | out: lpCompletionPortEntries=0x27c5f5a0, ulNumEntriesRemoved=0x27c5f574) returned 1 [0157.041] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27c5f5a0, ulCount=0x10, ulNumEntriesRemoved=0x27c5f574, dwMilliseconds=0x9d8, fAlertable=0 | out: lpCompletionPortEntries=0x27c5f5a0, ulNumEntriesRemoved=0x27c5f574) returned 0 [0159.713] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0159.801] SetEvent (hEvent=0xb58) returned 1 [0159.801] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0159.906] SetEvent (hEvent=0x1b4) returned 1 [0159.906] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0159.945] SetEvent (hEvent=0x254) returned 1 [0159.945] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0160.791] SetEvent (hEvent=0xb58) returned 1 [0160.792] SetEvent (hEvent=0x43c) returned 1 [0160.792] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0160.812] SetEvent (hEvent=0xb58) returned 1 [0160.812] SetEvent (hEvent=0x9e8) returned 1 [0160.812] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0160.818] SetEvent (hEvent=0xb58) returned 1 [0160.818] SetEvent (hEvent=0x254) returned 1 [0160.818] SetEvent (hEvent=0x1b4) returned 1 [0160.818] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0160.823] VirtualFree (lpAddress=0xc0005b4000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0160.825] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0160.826] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0160.827] VirtualFree (lpAddress=0xc000212000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0160.828] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.828] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.829] SwitchToThread () returned 1 [0160.842] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0160.843] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0160.844] SetEvent (hEvent=0xb58) returned 1 [0160.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\icpx0TggJcrh30S.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\icpx0tggjcrh30s.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0160.845] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0160.854] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000311cf4 | out: lpMode=0xc000311cf4) returned 0 [0160.865] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0160.870] SetEvent (hEvent=0xc0) returned 1 [0160.871] GetFileType (hFile=0x36c) returned 0x1 [0160.871] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0160.877] GetFileType (hFile=0x36c) returned 0x1 [0160.877] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0160.909] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc000311d44 | out: lpFileInformation=0xc000311d44) returned 1 [0160.909] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc000311d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000311d28) returned 1 [0160.909] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0160.910] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0160.914] ReadFile (in: hFile=0x36c, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xf562, lpNumberOfBytesRead=0xc000311c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc000311c04*=0xf362, lpOverlapped=0x0) returned 1 [0160.916] ReadFile (in: hFile=0x36c, lpBuffer=0xc000221362, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000311c04, lpOverlapped=0x0 | out: lpBuffer=0xc000221362*, lpNumberOfBytesRead=0xc000311c04*=0x0, lpOverlapped=0x0) returned 1 [0160.916] CloseHandle (hObject=0x36c) returned 1 [0160.916] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0160.917] VirtualAlloc (lpAddress=0xc000498000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0160.921] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0160.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\icpx0TggJcrh30S.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\icpx0tggjcrh30s.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0160.925] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000311d04 | out: lpMode=0xc000311d04) returned 0 [0160.944] GetFileType (hFile=0x36c) returned 0x1 [0160.944] WriteFile (in: hFile=0x36c, lpBuffer=0xc000498000*, nNumberOfBytesToWrite=0xf370, lpNumberOfBytesWritten=0xc000311cec, lpOverlapped=0x0 | out: lpBuffer=0xc000498000*, lpNumberOfBytesWritten=0xc000311cec*=0xf370, lpOverlapped=0x0) returned 1 [0160.949] CloseHandle (hObject=0x36c) returned 1 [0160.949] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0160.950] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0160.951] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\icpx0TggJcrh30S.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\icpx0tggjcrh30s.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0160.951] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000311d64 | out: lpMode=0xc000311d64) returned 0 [0160.963] GetFileType (hFile=0x36c) returned 0x1 [0160.963] WriteFile (in: hFile=0x36c, lpBuffer=0xc000050420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000311d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050420*, lpNumberOfBytesWritten=0xc000311d4c*=0x158, lpOverlapped=0x0) returned 1 [0160.963] CloseHandle (hObject=0x36c) returned 1 [0160.963] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0160.964] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\icpx0TggJcrh30S.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\icpx0tggjcrh30s.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\encry-icpx0TggJcrh30S.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\encry-icpx0tggjcrh30s.jpg"), dwFlags=0x1) returned 1 [0160.966] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0160.982] SetEvent (hEvent=0x1b4) returned 1 [0160.982] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0160.983] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0160.984] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\0OwJbeK2.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\0owjbek2.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7c4 [0160.985] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc00032dcf4 | out: lpMode=0xc00032dcf4) returned 0 [0160.996] GetFileType (hFile=0x7c4) returned 0x1 [0160.996] GetFileType (hFile=0x7c4) returned 0x1 [0160.997] GetFileInformationByHandle (in: hFile=0x7c4, lpFileInformation=0xc00032dd44 | out: lpFileInformation=0xc00032dd44) returned 1 [0160.997] GetFileInformationByHandleEx (in: hFile=0x7c4, FileInformationClass=0x9, lpFileInformation=0xc00032dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00032dd28) returned 1 [0160.997] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0161.002] ReadFile (in: hFile=0x7c4, lpBuffer=0xc00058e000, nNumberOfBytesToRead=0x16b05, lpNumberOfBytesRead=0xc00032dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesRead=0xc00032dc04*=0x16905, lpOverlapped=0x0) returned 1 [0161.005] ReadFile (in: hFile=0x7c4, lpBuffer=0xc0005a4905, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00032dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0005a4905*, lpNumberOfBytesRead=0xc00032dc04*=0x0, lpOverlapped=0x0) returned 1 [0161.005] CloseHandle (hObject=0x7c4) returned 1 [0161.005] VirtualAlloc (lpAddress=0xc0005a6000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005a6000 [0161.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\0OwJbeK2.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\0owjbek2.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0161.013] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc00032dd04 | out: lpMode=0xc00032dd04) returned 0 [0161.020] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0161.035] GetFileType (hFile=0x7c4) returned 0x1 [0161.035] WriteFile (in: hFile=0x7c4, lpBuffer=0xc0005a6000*, nNumberOfBytesToWrite=0x16910, lpNumberOfBytesWritten=0xc00032dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0005a6000*, lpNumberOfBytesWritten=0xc00032dcec*=0x16910, lpOverlapped=0x0) returned 1 [0161.040] CloseHandle (hObject=0x7c4) returned 1 [0161.040] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0161.040] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\0OwJbeK2.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\0owjbek2.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0161.040] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc00032dd64 | out: lpMode=0xc00032dd64) returned 0 [0161.046] GetFileType (hFile=0x7c4) returned 0x1 [0161.046] WriteFile (in: hFile=0x7c4, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00032dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc00032dd4c*=0x158, lpOverlapped=0x0) returned 1 [0161.046] CloseHandle (hObject=0x7c4) returned 1 [0161.046] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0161.048] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0161.049] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\0OwJbeK2.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\0owjbek2.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\encry-0OwJbeK2.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\encry-0owjbek2.png"), dwFlags=0x1) returned 1 [0161.095] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0161.099] SetEvent (hEvent=0x9e8) returned 1 [0161.099] SetEvent (hEvent=0xb58) returned 1 [0161.099] VirtualFree (lpAddress=0xc00058e000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0161.102] VirtualFree (lpAddress=0xc000542000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0161.104] VirtualFree (lpAddress=0xc000498000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0161.105] VirtualFree (lpAddress=0xc00025a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0161.106] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0161.107] VirtualFree (lpAddress=0xc000212000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0161.108] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0161.109] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.110] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.112] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.113] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.114] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.115] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.116] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.117] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.118] GetFileType (hFile=0x79c) returned 0x1 [0161.118] WriteFile (in: hFile=0x79c, lpBuffer=0xc000050000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesWritten=0xc00026fd4c*=0x158, lpOverlapped=0x0) returned 1 [0161.118] CloseHandle (hObject=0x79c) returned 1 [0161.119] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4qXpp.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4qxpp.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\encry-4qXpp.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\encry-4qxpp.m4a"), dwFlags=0x1) returned 1 [0161.121] GetFileType (hFile=0x2fc) returned 0x1 [0161.121] WriteFile (in: hFile=0x2fc, lpBuffer=0xc0000502c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000502c0*, lpNumberOfBytesWritten=0xc00013dd4c*=0x158, lpOverlapped=0x0) returned 1 [0161.122] CloseHandle (hObject=0x2fc) returned 1 [0161.122] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0161.123] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\encry-RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\encry-recentplaces.lnk"), dwFlags=0x1) returned 1 [0161.125] GetFileType (hFile=0x780) returned 0x1 [0161.125] WriteFile (in: hFile=0x780, lpBuffer=0xc000050420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000031d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050420*, lpNumberOfBytesWritten=0xc000031d4c*=0x158, lpOverlapped=0x0) returned 1 [0161.126] CloseHandle (hObject=0x780) returned 1 [0161.126] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PQC qu7jynQj.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pqc qu7jynqj.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-PQC qu7jynQj.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-pqc qu7jynqj.docx"), dwFlags=0x1) returned 1 [0161.128] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c8090*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000141808, lpReserved=0x0 | out: lpBuffer=0xc0000c8090*, lpNumberOfCharsWritten=0xc000141808*=0x11) returned 1 [0161.153] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-My Pictures" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-my pictures"), dwFlags=0x1) returned 1 [0162.428] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0162.609] SetEvent (hEvent=0xc0c) returned 1 [0162.609] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0162.611] SetEvent (hEvent=0xc0c) returned 1 [0162.611] SetEvent (hEvent=0xae0) returned 1 [0162.612] VirtualFree (lpAddress=0xc00074e000, dwSize=0x9a000, dwFreeType=0x4000) returned 1 [0162.621] VirtualFree (lpAddress=0xc0006e4000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0162.623] VirtualFree (lpAddress=0xc000690000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0162.625] VirtualFree (lpAddress=0xc000660000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0162.627] VirtualFree (lpAddress=0xc000638000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0162.629] VirtualFree (lpAddress=0xc000604000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0162.631] VirtualFree (lpAddress=0xc0005f2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0162.632] VirtualFree (lpAddress=0xc0005e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.633] VirtualFree (lpAddress=0xc0005b0000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0162.634] VirtualFree (lpAddress=0xc00057a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0162.635] VirtualFree (lpAddress=0xc0004cc000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0162.636] VirtualFree (lpAddress=0xc000440000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0162.637] VirtualFree (lpAddress=0xc000408000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0162.638] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.639] VirtualFree (lpAddress=0xc0003f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.640] VirtualFree (lpAddress=0xc0003d4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.641] VirtualFree (lpAddress=0xc0003ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.642] VirtualFree (lpAddress=0xc0003c8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.643] VirtualFree (lpAddress=0xc000332000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.643] VirtualFree (lpAddress=0xc000326000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.644] VirtualFree (lpAddress=0xc00031e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0162.645] VirtualFree (lpAddress=0xc00030a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0162.646] VirtualFree (lpAddress=0xc0002b4000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0162.647] VirtualFree (lpAddress=0xc000294000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.648] VirtualFree (lpAddress=0xc00028c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0162.649] VirtualFree (lpAddress=0xc000288000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.650] VirtualFree (lpAddress=0xc000280000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0162.651] VirtualFree (lpAddress=0xc00027c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.652] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.653] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0162.655] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0162.655] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.656] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0162.658] VirtualFree (lpAddress=0xc000226000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.658] VirtualFree (lpAddress=0xc000212000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0162.660] VirtualFree (lpAddress=0xc000206000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.660] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.661] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.662] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.663] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.664] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.665] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0162.666] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0162.667] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.668] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0162.669] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0162.669] VirtualFree (lpAddress=0xc000110000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.670] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0162.671] VirtualFree (lpAddress=0xc0000c0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0162.672] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.673] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.674] VirtualFree (lpAddress=0xc000076000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0162.675] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.676] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.677] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0162.678] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.679] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.679] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.680] GetFileType (hFile=0x3d4) returned 0x1 [0162.681] GetFileType (hFile=0x3d4) returned 0x1 [0162.681] GetFileInformationByHandle (in: hFile=0x3d4, lpFileInformation=0xc00012dd44 | out: lpFileInformation=0xc00012dd44) returned 1 [0162.681] GetFileInformationByHandleEx (in: hFile=0x3d4, FileInformationClass=0x9, lpFileInformation=0xc00012dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012dd28) returned 1 [0162.681] VirtualAlloc (lpAddress=0xc000604000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000604000 [0162.687] ReadFile (in: hFile=0x3d4, lpBuffer=0xc000604000, nNumberOfBytesToRead=0x164c6, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000604000*, lpNumberOfBytesRead=0xc00012dc04*=0x162c6, lpOverlapped=0x0) returned 1 [0162.690] ReadFile (in: hFile=0x3d4, lpBuffer=0xc00061a2c6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00061a2c6*, lpNumberOfBytesRead=0xc00012dc04*=0x0, lpOverlapped=0x0) returned 1 [0162.690] CloseHandle (hObject=0x3d4) returned 1 [0162.691] VirtualAlloc (lpAddress=0xc00074e000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00074e000 [0162.697] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\LLYs3yiQVYC_7Z9szy.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\llys3yiqvyc_7z9szy.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d4 [0162.701] GetConsoleMode (in: hConsoleHandle=0x3d4, lpMode=0xc00012dd04 | out: lpMode=0xc00012dd04) returned 0 [0162.703] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0162.762] GetFileType (hFile=0x3d4) returned 0x1 [0162.762] WriteFile (in: hFile=0x3d4, lpBuffer=0xc00074e000*, nNumberOfBytesToWrite=0x162d0, lpNumberOfBytesWritten=0xc00012dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00074e000*, lpNumberOfBytesWritten=0xc00012dcec*=0x162d0, lpOverlapped=0x0) returned 1 [0162.766] CloseHandle (hObject=0x3d4) returned 1 [0162.766] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0162.766] GetFileType (hFile=0x454) returned 0x1 [0162.766] GetFileType (hFile=0x568) returned 0x1 [0162.767] GetFileType (hFile=0x40c) returned 0x1 [0162.767] GetFileType (hFile=0x750) returned 0x1 [0162.767] GetFileType (hFile=0x890) returned 0x1 [0162.767] GetFileType (hFile=0x808) returned 0x1 [0162.767] GetFileType (hFile=0x768) returned 0x1 [0162.767] GetFileType (hFile=0x374) returned 0x1 [0162.768] GetFileType (hFile=0x748) returned 0x1 [0162.768] GetFileType (hFile=0x36c) returned 0x1 [0162.768] GetFileType (hFile=0x3e0) returned 0x1 [0162.768] GetFileType (hFile=0x2fc) returned 0x1 [0162.768] GetFileType (hFile=0x79c) returned 0x1 [0162.768] GetFileType (hFile=0x7c4) returned 0x1 [0162.768] GetFileType (hFile=0x7a0) returned 0x1 [0162.768] GetFileType (hFile=0x6a4) returned 0x1 [0162.768] GetFileType (hFile=0x848) returned 0x1 [0162.768] GetFileType (hFile=0x3d0) returned 0x1 [0162.768] GetFileType (hFile=0x1b0) returned 0x1 [0162.768] GetFileType (hFile=0x5d8) returned 0x1 [0162.768] GetFileType (hFile=0x384) returned 0x1 [0162.769] GetFileType (hFile=0x770) returned 0x1 [0162.769] GetFileType (hFile=0x8a4) returned 0x1 [0162.769] GetFileType (hFile=0x4d8) returned 0x1 [0162.769] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002be280*, nNumberOfCharsToWrite=0x93, lpNumberOfCharsWritten=0xc0002e5808, lpReserved=0x0 | out: lpBuffer=0xc0002be280*, lpNumberOfCharsWritten=0xc0002e5808*=0x93) returned 1 [0162.924] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0162.932] SetEvent (hEvent=0xc0c) returned 1 [0162.932] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0162.977] GetFileType (hFile=0x2bc) returned 0x1 [0162.977] GetFileType (hFile=0x2bc) returned 0x1 [0162.977] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc00024bd44 | out: lpFileInformation=0xc00024bd44) returned 1 [0162.977] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc00024bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024bd28) returned 1 [0162.978] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0162.979] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000050000, nNumberOfBytesToRead=0x843, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesRead=0xc00024bc04*=0x643, lpOverlapped=0x0) returned 1 [0162.981] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000050643, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000050643*, lpNumberOfBytesRead=0xc00024bc04*=0x0, lpOverlapped=0x0) returned 1 [0162.981] CloseHandle (hObject=0x2bc) returned 1 [0162.981] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\Zy3m6BoJYB p.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\zy3m6bojyb p.ots"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0162.983] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00024bd04 | out: lpMode=0xc00024bd04) returned 0 [0163.020] GetFileType (hFile=0x2bc) returned 0x1 [0163.021] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000e8700*, nNumberOfBytesToWrite=0x650, lpNumberOfBytesWritten=0xc00024bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e8700*, lpNumberOfBytesWritten=0xc00024bcec*=0x650, lpOverlapped=0x0) returned 1 [0163.022] CloseHandle (hObject=0x2bc) returned 1 [0163.023] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0163.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\Zy3m6BoJYB p.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\zy3m6bojyb p.ots"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0163.023] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00024bd64 | out: lpMode=0xc00024bd64) returned 0 [0163.064] GetFileType (hFile=0x2bc) returned 0x1 [0163.064] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc00024bd4c*=0x158, lpOverlapped=0x0) returned 1 [0163.064] CloseHandle (hObject=0x2bc) returned 1 [0163.065] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0163.066] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0163.067] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\Zy3m6BoJYB p.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\zy3m6bojyb p.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\encry-Zy3m6BoJYB p.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\encry-zy3m6bojyb p.ots"), dwFlags=0x1) returned 1 [0163.071] GetFileType (hFile=0x3bc) returned 0x1 [0163.071] GetFileType (hFile=0x3bc) returned 0x1 [0163.071] GetFileInformationByHandle (in: hFile=0x3bc, lpFileInformation=0xc0002add44 | out: lpFileInformation=0xc0002add44) returned 1 [0163.071] GetFileInformationByHandleEx (in: hFile=0x3bc, FileInformationClass=0x9, lpFileInformation=0xc0002add28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002add28) returned 1 [0163.071] ReadFile (in: hFile=0x3bc, lpBuffer=0xc0005a4500, nNumberOfBytesToRead=0x217e, lpNumberOfBytesRead=0xc0002adc04, lpOverlapped=0x0 | out: lpBuffer=0xc0005a4500*, lpNumberOfBytesRead=0xc0002adc04*=0x1f7e, lpOverlapped=0x0) returned 1 [0163.072] ReadFile (in: hFile=0x3bc, lpBuffer=0xc0005a647e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002adc04, lpOverlapped=0x0 | out: lpBuffer=0xc0005a647e*, lpNumberOfBytesRead=0xc0002adc04*=0x0, lpOverlapped=0x0) returned 1 [0163.072] CloseHandle (hObject=0x3bc) returned 1 [0163.073] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0163.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\1nrsYWYoyXhGH4G0oF8.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\1nrsywyoyxhgh4g0of8.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0163.075] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc0002add04 | out: lpMode=0xc0002add04) returned 0 [0163.106] GetFileType (hFile=0x3bc) returned 0x1 [0163.106] WriteFile (in: hFile=0x3bc, lpBuffer=0xc000076000*, nNumberOfBytesToWrite=0x1f80, lpNumberOfBytesWritten=0xc0002adcec, lpOverlapped=0x0 | out: lpBuffer=0xc000076000*, lpNumberOfBytesWritten=0xc0002adcec*=0x1f80, lpOverlapped=0x0) returned 1 [0163.108] CloseHandle (hObject=0x3bc) returned 1 [0163.108] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1701 | out: pbBuffer=0xc0000e1701) returned 1 [0163.108] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\1nrsYWYoyXhGH4G0oF8.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\1nrsywyoyxhgh4g0of8.wav"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0163.108] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc0002add64 | out: lpMode=0xc0002add64) returned 0 [0163.122] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0163.133] GetFileType (hFile=0x3bc) returned 0x1 [0163.133] WriteFile (in: hFile=0x3bc, lpBuffer=0xc000124580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002add4c, lpOverlapped=0x0 | out: lpBuffer=0xc000124580*, lpNumberOfBytesWritten=0xc0002add4c*=0x158, lpOverlapped=0x0) returned 1 [0163.133] CloseHandle (hObject=0x3bc) returned 1 [0163.133] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0163.134] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0163.135] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\1nrsYWYoyXhGH4G0oF8.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\1nrsywyoyxhgh4g0of8.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\encry-1nrsYWYoyXhGH4G0oF8.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\encry-1nrsywyoyxhgh4g0of8.wav"), dwFlags=0x1) returned 1 [0163.137] SwitchToThread () returned 1 [0163.182] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0163.259] SetEvent (hEvent=0x254) returned 1 [0163.259] GetFileType (hFile=0x2b4) returned 0x1 [0163.259] GetFileType (hFile=0x2b4) returned 0x1 [0163.259] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc0002a5d44 | out: lpFileInformation=0xc0002a5d44) returned 1 [0163.259] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc0002a5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a5d28) returned 1 [0163.259] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0163.260] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0163.262] ReadFile (in: hFile=0x2b4, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x9b71, lpNumberOfBytesRead=0xc0002a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0002a5c04*=0x9971, lpOverlapped=0x0) returned 1 [0163.264] ReadFile (in: hFile=0x2b4, lpBuffer=0xc000239971, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000239971*, lpNumberOfBytesRead=0xc0002a5c04*=0x0, lpOverlapped=0x0) returned 1 [0163.264] CloseHandle (hObject=0x2b4) returned 1 [0163.264] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0163.266] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0163.267] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0163.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\fB7kA7Be.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\fb7ka7be.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0163.271] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0002a5d04 | out: lpMode=0xc0002a5d04) returned 0 [0163.272] GetFileType (hFile=0x2b4) returned 0x1 [0163.272] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0002b4000*, nNumberOfBytesToWrite=0x9980, lpNumberOfBytesWritten=0xc0002a5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b4000*, lpNumberOfBytesWritten=0xc0002a5cec*=0x9980, lpOverlapped=0x0) returned 1 [0163.275] CloseHandle (hObject=0x2b4) returned 1 [0163.275] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0163.275] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0163.277] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0163.278] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\fB7kA7Be.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\fb7ka7be.m4a"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0163.278] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0002a5d64 | out: lpMode=0xc0002a5d64) returned 0 [0163.279] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0163.285] GetFileType (hFile=0x2b4) returned 0x1 [0163.285] WriteFile (in: hFile=0x2b4, lpBuffer=0xc000124420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000124420*, lpNumberOfBytesWritten=0xc0002a5d4c*=0x158, lpOverlapped=0x0) returned 1 [0163.285] CloseHandle (hObject=0x2b4) returned 1 [0163.285] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\fB7kA7Be.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\fb7ka7be.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\encry-fB7kA7Be.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\encry-fb7ka7be.m4a"), dwFlags=0x1) returned 1 [0163.287] SwitchToThread () returned 1 [0163.288] SetEvent (hEvent=0xc0c) returned 1 [0163.288] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0163.289] SetEvent (hEvent=0xc0c) returned 1 [0163.289] SetEvent (hEvent=0x8d0) returned 1 [0163.290] VirtualFree (lpAddress=0xc000334000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.290] VirtualFree (lpAddress=0xc000318000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.291] VirtualFree (lpAddress=0xc0002b4000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0163.292] VirtualFree (lpAddress=0xc00025a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.293] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0163.293] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.294] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0163.295] VirtualFree (lpAddress=0xc000226000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.296] VirtualFree (lpAddress=0xc000212000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0163.297] VirtualFree (lpAddress=0xc000206000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.298] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.298] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.299] VirtualFree (lpAddress=0xc000180000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0163.300] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.300] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.301] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.302] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.302] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.303] GetFileType (hFile=0x3e4) returned 0x1 [0163.303] GetFileType (hFile=0x3e4) returned 0x1 [0163.303] GetFileInformationByHandle (in: hFile=0x3e4, lpFileInformation=0xc000481d44 | out: lpFileInformation=0xc000481d44) returned 1 [0163.303] GetFileInformationByHandleEx (in: hFile=0x3e4, FileInformationClass=0x9, lpFileInformation=0xc000481d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000481d28) returned 1 [0163.304] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0163.305] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0163.307] ReadFile (in: hFile=0x3e4, lpBuffer=0xc00025e000, nNumberOfBytesToRead=0x4ba4, lpNumberOfBytesRead=0xc000481c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025e000*, lpNumberOfBytesRead=0xc000481c04*=0x49a4, lpOverlapped=0x0) returned 1 [0163.308] ReadFile (in: hFile=0x3e4, lpBuffer=0xc0002629a4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000481c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002629a4*, lpNumberOfBytesRead=0xc000481c04*=0x0, lpOverlapped=0x0) returned 1 [0163.308] CloseHandle (hObject=0x3e4) returned 1 [0163.309] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0163.309] VirtualAlloc (lpAddress=0xc0005d6000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005d6000 [0163.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\7A0bSuhSHPgM.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\7a0bsuhshpgm.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e4 [0163.315] GetConsoleMode (in: hConsoleHandle=0x3e4, lpMode=0xc000481d04 | out: lpMode=0xc000481d04) returned 0 [0163.317] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0163.321] GetFileType (hFile=0x3e4) returned 0x1 [0163.321] WriteFile (in: hFile=0x3e4, lpBuffer=0xc0005d6000*, nNumberOfBytesToWrite=0x49b0, lpNumberOfBytesWritten=0xc000481cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005d6000*, lpNumberOfBytesWritten=0xc000481cec*=0x49b0, lpOverlapped=0x0) returned 1 [0163.323] CloseHandle (hObject=0x3e4) returned 1 [0163.324] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0163.324] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0163.325] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\7A0bSuhSHPgM.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\7a0bsuhshpgm.wav"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e4 [0163.325] GetConsoleMode (in: hConsoleHandle=0x3e4, lpMode=0xc000481d64 | out: lpMode=0xc000481d64) returned 0 [0163.326] GetFileType (hFile=0x3e4) returned 0x1 [0163.326] WriteFile (in: hFile=0x3e4, lpBuffer=0xc000124000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000481d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesWritten=0xc000481d4c*=0x158, lpOverlapped=0x0) returned 1 [0163.327] CloseHandle (hObject=0x3e4) returned 1 [0163.327] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0163.328] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0163.329] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0163.330] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\7A0bSuhSHPgM.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\7a0bsuhshpgm.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\encry-7A0bSuhSHPgM.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\encry-7a0bsuhshpgm.wav"), dwFlags=0x1) returned 1 [0163.332] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0163.333] SetEvent (hEvent=0xc0c) returned 1 [0163.333] SetEvent (hEvent=0x8d0) returned 1 [0163.334] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.334] VirtualFree (lpAddress=0xc00025c000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0163.335] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.336] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.337] GetFileType (hFile=0x70c) returned 0x1 [0163.337] GetFileType (hFile=0x70c) returned 0x1 [0163.337] GetFileInformationByHandle (in: hFile=0x70c, lpFileInformation=0xc000115d44 | out: lpFileInformation=0xc000115d44) returned 1 [0163.337] GetFileInformationByHandleEx (in: hFile=0x70c, FileInformationClass=0x9, lpFileInformation=0xc000115d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000115d28) returned 1 [0163.337] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0163.338] VirtualAlloc (lpAddress=0xc0005e4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005e4000 [0163.341] ReadFile (in: hFile=0x70c, lpBuffer=0xc0005e4000, nNumberOfBytesToRead=0x102b7, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005e4000*, lpNumberOfBytesRead=0xc000115c04*=0x100b7, lpOverlapped=0x0) returned 1 [0163.343] ReadFile (in: hFile=0x70c, lpBuffer=0xc0005f40b7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005f40b7*, lpNumberOfBytesRead=0xc000115c04*=0x0, lpOverlapped=0x0) returned 1 [0163.343] CloseHandle (hObject=0x70c) returned 1 [0163.343] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0163.344] VirtualAlloc (lpAddress=0xc000604000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000604000 [0163.348] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\4pWNhvf6lh.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\4pwnhvf6lh.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x70c [0163.351] GetConsoleMode (in: hConsoleHandle=0x70c, lpMode=0xc000115d04 | out: lpMode=0xc000115d04) returned 0 [0163.354] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0163.359] GetFileType (hFile=0x70c) returned 0x1 [0163.359] WriteFile (in: hFile=0x70c, lpBuffer=0xc000604000*, nNumberOfBytesToWrite=0x100c0, lpNumberOfBytesWritten=0xc000115cec, lpOverlapped=0x0 | out: lpBuffer=0xc000604000*, lpNumberOfBytesWritten=0xc000115cec*=0x100c0, lpOverlapped=0x0) returned 1 [0163.363] CloseHandle (hObject=0x70c) returned 1 [0163.363] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0301 | out: pbBuffer=0xc0002f0301) returned 1 [0163.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\4pWNhvf6lh.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\4pwnhvf6lh.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x70c [0163.364] GetConsoleMode (in: hConsoleHandle=0x70c, lpMode=0xc000115d64 | out: lpMode=0xc000115d64) returned 0 [0163.365] GetFileType (hFile=0x70c) returned 0x1 [0163.365] WriteFile (in: hFile=0x70c, lpBuffer=0xc000124160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000115d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000124160*, lpNumberOfBytesWritten=0xc000115d4c*=0x158, lpOverlapped=0x0) returned 1 [0163.365] CloseHandle (hObject=0x70c) returned 1 [0163.365] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0163.366] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\4pWNhvf6lh.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\4pwnhvf6lh.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\encry-4pWNhvf6lh.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\encry-4pwnhvf6lh.mp3"), dwFlags=0x1) returned 1 [0163.368] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0163.370] SetEvent (hEvent=0xc0c) returned 1 [0163.370] SetEvent (hEvent=0x8d0) returned 1 [0163.370] VirtualFree (lpAddress=0xc0005d6000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0163.372] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.373] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.374] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.375] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.375] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.376] GetFileType (hFile=0x5a0) returned 0x1 [0163.376] WriteFile (in: hFile=0x5a0, lpBuffer=0xc000542000*, nNumberOfBytesToWrite=0x15bd0, lpNumberOfBytesWritten=0xc00015fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesWritten=0xc00015fcec*=0x15bd0, lpOverlapped=0x0) returned 1 [0163.380] CloseHandle (hObject=0x5a0) returned 1 [0163.380] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0163.381] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\QtgFSWvjw70Lo7.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\qtgfswvjw70lo7.wav"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0 [0163.381] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc00015fd64 | out: lpMode=0xc00015fd64) returned 0 [0163.384] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0163.388] GetFileType (hFile=0x5a0) returned 0x1 [0163.388] WriteFile (in: hFile=0x5a0, lpBuffer=0xc000120420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000120420*, lpNumberOfBytesWritten=0xc00015fd4c*=0x158, lpOverlapped=0x0) returned 1 [0163.388] CloseHandle (hObject=0x5a0) returned 1 [0163.389] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\QtgFSWvjw70Lo7.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\qtgfswvjw70lo7.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\encry-QtgFSWvjw70Lo7.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\encry-qtgfswvjw70lo7.wav"), dwFlags=0x1) returned 1 [0163.390] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0163.418] SetEvent (hEvent=0xc0c) returned 1 [0163.418] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0163.424] SetEvent (hEvent=0x8d0) returned 1 [0163.424] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0163.431] SwitchToThread () returned 1 [0163.448] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0163.449] SetEvent (hEvent=0xc0c) returned 1 [0163.449] SetEvent (hEvent=0x8d0) returned 1 [0163.449] VirtualFree (lpAddress=0xc000542000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0163.451] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.452] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.453] WriteFile (in: hFile=0x890, lpBuffer=0xc0001202c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000453d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001202c0*, lpNumberOfBytesWritten=0xc000453d4c*=0x158, lpOverlapped=0x0) returned 1 [0163.457] CloseHandle (hObject=0x890) returned 1 [0163.458] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0163.459] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0163.465] WriteFile (in: hFile=0x808, lpBuffer=0xc000120420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00043fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000120420*, lpNumberOfBytesWritten=0xc00043fd4c*=0x158, lpOverlapped=0x0) returned 1 [0166.122] CloseHandle (hObject=0x808) returned 1 [0166.712] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) returned 0x0 [0166.830] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0166.831] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0166.833] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0166.834] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0167.396] WaitForSingleObject (hHandle=0xa8, dwMilliseconds=0xffffffff) Thread: id = 5 os_tid = 0x7c8 [0070.498] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27e5fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27e5fea0*=0xb4) returned 1 [0070.498] VirtualQuery (in: lpAddress=0x27e5fec0, lpBuffer=0x27e5fec0, dwLength=0x30 | out: lpBuffer=0x27e5fec0*(BaseAddress=0x27e5f000, AllocationBase=0x27c60000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0070.498] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb8 [0070.498] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbc [0070.498] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0070.501] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0070.504] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0070.563] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0070.565] SetEvent (hEvent=0x9c) returned 1 [0070.565] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0071.520] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0071.521] SetEvent (hEvent=0x9c) returned 1 [0071.521] SetEvent (hEvent=0x8c) returned 1 [0071.521] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0071.522] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0071.523] SetEvent (hEvent=0x9c) returned 1 [0071.523] SetEvent (hEvent=0x8c) returned 1 [0071.524] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0071.591] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xa4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27e5f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27e5f928*=0xe4) returned 1 [0071.591] SwitchToThread () returned 1 [0071.591] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0071.592] SuspendThread (hThread=0xe4) returned 0x0 [0071.592] GetThreadContext (in: hThread=0xe4, lpContext=0x27e5f940 | out: lpContext=0x27e5f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27c5f668, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab135a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0071.595] SetEvent (hEvent=0xa8) returned 1 [0071.595] ResumeThread (hThread=0xe4) returned 0x1 [0071.595] CloseHandle (hObject=0xe4) returned 1 [0071.595] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xa4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27e5f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27e5f928*=0xe4) returned 1 [0071.595] SuspendThread (hThread=0xe4) returned 0x0 [0071.595] GetThreadContext (in: hThread=0xe4, lpContext=0x27e5f940 | out: lpContext=0x27e5f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27c5f668, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab135a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0071.596] ResumeThread (hThread=0xe4) returned 0x1 [0071.596] CloseHandle (hObject=0xe4) returned 1 [0071.596] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xa4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27e5f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27e5f928*=0xe4) returned 1 [0071.596] SuspendThread (hThread=0xe4) returned 0x0 [0071.596] GetThreadContext (in: hThread=0xe4, lpContext=0x27e5f940 | out: lpContext=0x27e5f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27c5f668, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab135a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0071.596] ResumeThread (hThread=0xe4) returned 0x1 [0071.597] CloseHandle (hObject=0xe4) returned 1 [0071.597] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0071.696] SetEvent (hEvent=0xa8) returned 1 [0071.696] SetEvent (hEvent=0x8c) returned 1 [0071.697] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0071.907] SwitchToThread () returned 1 [0072.005] SetEvent (hEvent=0xa8) returned 1 [0072.005] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0072.059] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00002ae00, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe8 [0072.064] CloseHandle (hObject=0xe8) returned 1 [0072.064] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0072.069] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0072.435] SetEvent (hEvent=0x9c) returned 1 [0072.435] ReadFile (in: hFile=0xf0, lpBuffer=0xc0003f4000, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0xc0004dfdac, lpOverlapped=0x0 | out: lpBuffer=0xc0003f4000, lpNumberOfBytesRead=0xc0004dfdac*=0x0, lpOverlapped=0x0) returned 0 [0089.737] CancelIoEx (hFile=0xf0, lpOverlapped=0x0) returned 0 [0089.737] CloseHandle (hObject=0xf0) returned 1 [0089.737] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0089.845] SetEvent (hEvent=0x108) returned 1 [0089.846] GetProcAddress (hModule=0x77940000, lpProcName="GetTimeZoneInformation") returned 0x779433c0 [0089.846] GetTimeZoneInformation (in: lpTimeZoneInformation=0xc00004b9bc | out: lpTimeZoneInformation=0xc00004b9bc) returned 0x1 [0089.848] VirtualAlloc (lpAddress=0xc00050c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00050c000 [0089.849] VirtualAlloc (lpAddress=0xc000514000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000514000 [0089.849] VirtualAlloc (lpAddress=0xc000516000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000516000 [0089.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x114 [0089.850] GetConsoleMode (in: hConsoleHandle=0x114, lpMode=0xc00004bcf4 | out: lpMode=0xc00004bcf4) returned 0 [0089.853] GetFileType (hFile=0x114) returned 0x1 [0089.853] VirtualAlloc (lpAddress=0xc000518000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000518000 [0089.854] GetFileType (hFile=0x114) returned 0x1 [0089.854] GetProcAddress (hModule=0x77940000, lpProcName="GetFileInformationByHandle") returned 0x779501f0 [0089.854] GetFileInformationByHandle (in: hFile=0x114, lpFileInformation=0xc00004bd44 | out: lpFileInformation=0xc00004bd44) returned 1 [0089.854] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\kernel32.dll") returned 0x77940000 [0089.854] GetProcAddress (hModule=0x77940000, lpProcName="GetFileInformationByHandleEx") returned 0x77951e50 [0089.855] GetFileInformationByHandleEx (in: hFile=0x114, FileInformationClass=0x9, lpFileInformation=0xc00004bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00004bd28) returned 1 [0089.855] VirtualAlloc (lpAddress=0xc00051a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00051a000 [0089.855] VirtualAlloc (lpAddress=0xc00051c000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00051c000 [0089.856] ReadFile (in: hFile=0x114, lpBuffer=0xc00051c000, nNumberOfBytesToRead=0x8b2c, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00051c000*, lpNumberOfBytesRead=0xc00004bc04*=0x892c, lpOverlapped=0x0) returned 1 [0089.861] ReadFile (in: hFile=0x114, lpBuffer=0xc00052492c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00052492c*, lpNumberOfBytesRead=0xc00004bc04*=0x0, lpOverlapped=0x0) returned 1 [0089.861] CloseHandle (hObject=0x114) returned 1 [0089.861] VirtualAlloc (lpAddress=0xc000526000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000526000 [0089.862] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0089.864] GetConsoleMode (in: hConsoleHandle=0x114, lpMode=0xc00004bd04 | out: lpMode=0xc00004bd04) returned 0 [0089.873] GetFileType (hFile=0x114) returned 0x1 [0089.873] GetProcAddress (hModule=0x77940000, lpProcName="WriteFile") returned 0x779635a0 [0089.884] WriteFile (in: hFile=0x114, lpBuffer=0xc000526000*, nNumberOfBytesToWrite=0x8930, lpNumberOfBytesWritten=0xc00004bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000526000*, lpNumberOfBytesWritten=0xc00004bcec*=0x8930, lpOverlapped=0x0) returned 1 [0089.886] CloseHandle (hObject=0x114) returned 1 [0089.894] VirtualAlloc (lpAddress=0xc000532000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000532000 [0089.895] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0089.895] VirtualAlloc (lpAddress=0xc000534000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000534000 [0089.896] VirtualAlloc (lpAddress=0xc000536000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000536000 [0089.896] VirtualAlloc (lpAddress=0xc000538000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000538000 [0089.897] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0089.897] GetConsoleMode (in: hConsoleHandle=0x114, lpMode=0xc00004bd64 | out: lpMode=0xc00004bd64) returned 0 [0089.903] GetFileType (hFile=0x114) returned 0x1 [0089.903] WriteFile (in: hFile=0x114, lpBuffer=0xc000516840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00004bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000516840*, lpNumberOfBytesWritten=0xc00004bd4c*=0x158, lpOverlapped=0x0) returned 1 [0089.903] CloseHandle (hObject=0x114) returned 1 [0089.905] GetProcAddress (hModule=0x77940000, lpProcName="MoveFileExW") returned 0x77943060 [0089.905] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobecmapfnt10.lst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\encry-AdobeCMapFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\encry-adobecmapfnt10.lst"), dwFlags=0x1) returned 1 [0089.906] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0089.907] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0089.908] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0089.909] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0089.909] SetEvent (hEvent=0xc0) returned 1 [0089.909] SetEvent (hEvent=0x114) returned 1 [0089.909] SetEvent (hEvent=0x120) returned 1 [0089.910] VirtualAlloc (lpAddress=0xc00053e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00053e000 [0089.911] VirtualAlloc (lpAddress=0xc000540000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000540000 [0089.911] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00053e000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x128 [0089.947] CloseHandle (hObject=0x128) returned 1 [0089.947] WriteFile (in: hFile=0xf0, lpBuffer=0xc000148000*, nNumberOfBytesToWrite=0x21ce0, lpNumberOfBytesWritten=0xc0004d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000148000*, lpNumberOfBytesWritten=0xc0004d9cec*=0x21ce0, lpOverlapped=0x0) returned 1 [0089.951] CloseHandle (hObject=0xf0) returned 1 [0089.955] SetEvent (hEvent=0x100) returned 1 [0089.955] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0090.478] SetEvent (hEvent=0x8c) returned 1 [0090.479] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0090.481] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0090.483] SwitchToThread () returned 1 [0090.484] SwitchToThread () returned 1 [0090.484] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x88, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x27e5f840, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x27e5f840*=0x158) returned 1 [0090.484] SuspendThread (hThread=0x158) returned 0x0 [0090.484] GetThreadContext (in: hThread=0x158, lpContext=0x27e5f850 | out: lpContext=0x27e5f850*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x22f708, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab153a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0090.484] ResumeThread (hThread=0x158) returned 0x1 [0090.484] CloseHandle (hObject=0x158) returned 1 [0090.490] SwitchToThread () returned 1 [0090.491] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0090.540] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.596] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0090.709] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0090.709] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0090.709] SetEvent (hEvent=0x100) returned 1 [0090.709] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.770] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0090.770] SetEvent (hEvent=0x114) returned 1 [0090.770] SetEvent (hEvent=0x120) returned 1 [0090.771] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0090.773] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0090.773] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.775] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.775] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0090.775] SetEvent (hEvent=0xc0) returned 1 [0090.775] SetEvent (hEvent=0x120) returned 1 [0090.775] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0090.776] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0090.776] GetFileType (hFile=0x14c) returned 0x1 [0090.776] WriteFile (in: hFile=0x14c, lpBuffer=0xc000078000*, nNumberOfBytesToWrite=0x2e40, lpNumberOfBytesWritten=0xc000119cec, lpOverlapped=0x0 | out: lpBuffer=0xc000078000*, lpNumberOfBytesWritten=0xc000119cec*=0x2e40, lpOverlapped=0x0) returned 1 [0090.778] CloseHandle (hObject=0x14c) returned 1 [0090.781] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0090.782] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0090.782] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0090.783] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0090.784] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0090.784] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000119d64 | out: lpMode=0xc000119d64) returned 0 [0090.839] GetFileType (hFile=0x14c) returned 0x1 [0090.839] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000119d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000119d4c*=0x158, lpOverlapped=0x0) returned 1 [0090.839] CloseHandle (hObject=0x14c) returned 1 [0090.863] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0090.864] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\encry-goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\encry-goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), dwFlags=0x1) returned 1 [0090.865] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.867] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0090.867] SetEvent (hEvent=0xc0) returned 1 [0090.867] SetEvent (hEvent=0x120) returned 1 [0090.867] SetEvent (hEvent=0x13c) returned 1 [0090.867] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0090.869] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.872] SetEvent (hEvent=0x13c) returned 1 [0090.872] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.874] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0090.874] SetEvent (hEvent=0x120) returned 1 [0090.874] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.958] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.959] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0090.959] SetEvent (hEvent=0xc0) returned 1 [0090.959] SetEvent (hEvent=0x100) returned 1 [0090.962] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0090.963] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0090.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0090.976] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0000c3d04 | out: lpMode=0xc0000c3d04) returned 0 [0090.978] GetFileType (hFile=0x14c) returned 0x1 [0090.978] WriteFile (in: hFile=0x14c, lpBuffer=0xc00014a000*, nNumberOfBytesToWrite=0x1140c0, lpNumberOfBytesWritten=0xc0000c3cec, lpOverlapped=0x0 | out: lpBuffer=0xc00014a000*, lpNumberOfBytesWritten=0xc0000c3cec*=0x1140c0, lpOverlapped=0x0) returned 1 [0091.002] CloseHandle (hObject=0x14c) returned 1 [0091.027] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0091.028] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0091.028] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0091.028] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0091.029] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0091.029] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0091.030] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0000c3d64 | out: lpMode=0xc0000c3d64) returned 0 [0091.032] GetFileType (hFile=0x14c) returned 0x1 [0091.032] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000c3d4c*=0x158, lpOverlapped=0x0) returned 1 [0091.032] CloseHandle (hObject=0x14c) returned 1 [0091.050] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0091.051] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\encry-GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\encry-googleupdatesetup.exe"), dwFlags=0x1) returned 1 [0091.053] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.054] SetEvent (hEvent=0x100) returned 1 [0091.054] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.062] SetEvent (hEvent=0x100) returned 1 [0091.062] SetEvent (hEvent=0x120) returned 1 [0091.062] WriteFile (in: hFile=0xf4, lpBuffer=0xc000126000*, nNumberOfBytesToWrite=0x3c60, lpNumberOfBytesWritten=0xc000049cec, lpOverlapped=0x0 | out: lpBuffer=0xc000126000*, lpNumberOfBytesWritten=0xc000049cec*=0x3c60, lpOverlapped=0x0) returned 1 [0091.064] CloseHandle (hObject=0xf4) returned 1 [0091.068] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0091.069] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0091.069] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0091.069] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000049d64 | out: lpMode=0xc000049d64) returned 0 [0091.071] GetFileType (hFile=0xf4) returned 0x1 [0091.071] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000502c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000049d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000502c0*, lpNumberOfBytesWritten=0xc000049d4c*=0x158, lpOverlapped=0x0) returned 1 [0091.071] CloseHandle (hObject=0xf4) returned 1 [0091.079] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0091.080] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\encry-clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\encry-clickonce_bootstrap.exe"), dwFlags=0x1) returned 1 [0091.081] WriteFile (in: hFile=0x150, lpBuffer=0xc000050580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050580*, lpNumberOfBytesWritten=0xc0000c1d4c*=0x158, lpOverlapped=0x0) returned 1 [0091.081] CloseHandle (hObject=0x150) returned 1 [0091.088] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\encry-clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\encry-clickonce_bootstrap.exe.manifest"), dwFlags=0x1) returned 1 [0091.090] ReadFile (in: hFile=0x154, lpBuffer=0xc0000b8000, nNumberOfBytesToRead=0x10e0, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b8000*, lpNumberOfBytesRead=0xc00010fc04*=0xee0, lpOverlapped=0x0) returned 1 [0091.094] ReadFile (in: hFile=0x154, lpBuffer=0xc0000b8ee0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b8ee0*, lpNumberOfBytesRead=0xc00010fc04*=0x0, lpOverlapped=0x0) returned 1 [0091.094] CloseHandle (hObject=0x154) returned 1 [0091.094] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0091.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0091.096] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00010fd04 | out: lpMode=0xc00010fd04) returned 0 [0091.097] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.100] SetEvent (hEvent=0x100) returned 1 [0091.100] SwitchToThread () returned 1 [0091.100] SetEvent (hEvent=0x100) returned 1 [0091.101] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.101] SetEvent (hEvent=0x100) returned 1 [0091.101] SetEvent (hEvent=0x120) returned 1 [0091.101] VirtualFree (lpAddress=0xc000800000, dwSize=0x112000, dwFreeType=0x4000) returned 1 [0091.107] VirtualFree (lpAddress=0xc0006ea000, dwSize=0x116000, dwFreeType=0x4000) returned 1 [0091.115] VirtualFree (lpAddress=0xc00058e000, dwSize=0x116000, dwFreeType=0x4000) returned 1 [0091.121] VirtualFree (lpAddress=0xc00027c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0091.121] VirtualFree (lpAddress=0xc000272000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.121] VirtualFree (lpAddress=0xc00014a000, dwSize=0x116000, dwFreeType=0x4000) returned 1 [0091.127] VirtualFree (lpAddress=0xc000144000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0091.127] VirtualFree (lpAddress=0xc000126000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0091.128] VirtualFree (lpAddress=0xc000122000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.128] VirtualFree (lpAddress=0xc0000ec000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0091.128] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.128] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.128] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0091.129] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.129] VirtualFree (lpAddress=0xc00007a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0091.129] VirtualFree (lpAddress=0xc000062000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0091.129] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0091.130] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.130] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0091.130] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0091.130] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0091.132] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0091.143] GetFileType (hFile=0xec) returned 0x1 [0091.143] WriteFile (in: hFile=0xec, lpBuffer=0xc00005a000*, nNumberOfBytesToWrite=0x38c0, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesWritten=0xc000117cec*=0x38c0, lpOverlapped=0x0) returned 1 [0091.144] CloseHandle (hObject=0xec) returned 1 [0091.148] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0091.149] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0091.149] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0091.149] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0091.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0091.150] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0091.162] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.166] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.180] VirtualAlloc (lpAddress=0xc0000f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f8000 [0091.181] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0091.181] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0006dfcf4 | out: lpMode=0xc0006dfcf4) returned 0 [0091.188] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.189] SetEvent (hEvent=0x108) returned 1 [0091.189] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.189] SetEvent (hEvent=0x108) returned 1 [0091.189] SetEvent (hEvent=0x13c) returned 1 [0091.190] VirtualFree (lpAddress=0xc0006d4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.190] VirtualFree (lpAddress=0xc000122000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.190] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.190] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.191] VirtualFree (lpAddress=0xc0000f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.191] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.191] VirtualFree (lpAddress=0xc00007a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0091.191] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.192] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0091.192] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.192] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0091.193] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004d9818, lpReserved=0x0 | out: lpBuffer=0xc000586030*, lpNumberOfCharsWritten=0xc0004d9818*=0x3) returned 1 [0091.204] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.218] SetEvent (hEvent=0x13c) returned 1 [0091.218] SwitchToThread () returned 1 [0091.218] SetEvent (hEvent=0x13c) returned 1 [0091.218] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.220] SetEvent (hEvent=0x13c) returned 1 [0091.220] SetEvent (hEvent=0x12c) returned 1 [0091.220] SetEvent (hEvent=0x108) returned 1 [0091.220] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.238] GetFileType (hFile=0x148) returned 0x1 [0091.238] GetFileType (hFile=0x148) returned 0x1 [0091.238] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc0006e3d44 | out: lpFileInformation=0xc0006e3d44) returned 1 [0091.238] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc0006e3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e3d28) returned 1 [0091.239] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0091.239] ReadFile (in: hFile=0x148, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x228, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc0006e3c04*=0x28, lpOverlapped=0x0) returned 1 [0091.241] ReadFile (in: hFile=0x148, lpBuffer=0xc0000fa028, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa028*, lpNumberOfBytesRead=0xc0006e3c04*=0x0, lpOverlapped=0x0) returned 1 [0091.241] CloseHandle (hObject=0x148) returned 1 [0091.241] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0091.241] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0091.242] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0091.242] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0091.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0091.244] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0006e3d04 | out: lpMode=0xc0006e3d04) returned 0 [0091.310] GetFileType (hFile=0x148) returned 0x1 [0091.310] WriteFile (in: hFile=0x148, lpBuffer=0xc000094000*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0xc0006e3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesWritten=0xc0006e3cec*=0x30, lpOverlapped=0x0) returned 1 [0091.312] CloseHandle (hObject=0x148) returned 1 [0091.317] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0091.317] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0091.317] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0091.317] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0091.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0091.318] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0006e3d64 | out: lpMode=0xc0006e3d64) returned 0 [0091.332] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.350] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.478] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.495] SetEvent (hEvent=0x108) returned 1 [0091.496] SetEvent (hEvent=0x120) returned 1 [0091.496] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.563] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.568] GetFileType (hFile=0x148) returned 0x1 [0091.568] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0006e3d4c*=0x158, lpOverlapped=0x0) returned 1 [0091.568] CloseHandle (hObject=0x148) returned 1 [0091.572] VirtualAlloc (lpAddress=0xc000172000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000172000 [0091.573] VirtualAlloc (lpAddress=0xc000174000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000174000 [0091.573] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\encry-settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\encry-settings.dat"), dwFlags=0x1) returned 1 [0091.574] GetFileType (hFile=0xec) returned 0x1 [0091.574] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00004bd44 | out: lpFileInformation=0xc00004bd44) returned 1 [0091.574] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00004bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00004bd28) returned 1 [0091.574] SetEvent (hEvent=0x12c) returned 1 [0091.574] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.715] SetEvent (hEvent=0x120) returned 1 [0091.715] SetEvent (hEvent=0x13c) returned 1 [0091.715] SetEvent (hEvent=0x108) returned 1 [0091.715] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.823] SetEvent (hEvent=0x12c) returned 1 [0091.823] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.831] SetEvent (hEvent=0x120) returned 1 [0091.831] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.868] SwitchToThread () returned 1 [0091.870] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.871] SetEvent (hEvent=0x120) returned 1 [0091.871] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0091.929] SetEvent (hEvent=0x12c) returned 1 [0091.929] SetEvent (hEvent=0x108) returned 1 [0091.929] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0092.627] SetEvent (hEvent=0x108) returned 1 [0092.627] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0092.716] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010068*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c7818, lpReserved=0x0 | out: lpBuffer=0xc000010068*, lpNumberOfCharsWritten=0xc0000c7818*=0x3) returned 1 [0092.728] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0092.733] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010070*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc000010070*, lpNumberOfCharsWritten=0xc0006dd818*=0x3) returned 1 [0092.734] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0092.748] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000115818, lpReserved=0x0 | out: lpBuffer=0xc000010080*, lpNumberOfCharsWritten=0xc000115818*=0x3) returned 1 [0092.755] SetEvent (hEvent=0x100) returned 1 [0092.755] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586038*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c5818, lpReserved=0x0 | out: lpBuffer=0xc000586038*, lpNumberOfCharsWritten=0xc0000c5818*=0x3) returned 1 [0092.757] SetEvent (hEvent=0x100) returned 1 [0092.757] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0092.764] VirtualFree (lpAddress=0xc000176000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.765] VirtualFree (lpAddress=0xc000144000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0092.765] VirtualFree (lpAddress=0xc000138000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.765] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.766] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.766] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.766] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0092.767] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.767] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000a03d0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc00012fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a03d0*, lpNumberOfBytesWritten=0xc00012fcec*=0x10, lpOverlapped=0x0) returned 1 [0092.768] CloseHandle (hObject=0xf4) returned 1 [0092.771] VirtualAlloc (lpAddress=0xc000148000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000148000 [0092.771] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0092.771] VirtualAlloc (lpAddress=0xc00014a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014a000 [0092.772] VirtualAlloc (lpAddress=0xc00014c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014c000 [0092.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\lock"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0092.772] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00012fd64 | out: lpMode=0xc00012fd64) returned 0 [0092.775] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0092.777] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0092.801] SetEvent (hEvent=0x114) returned 1 [0092.801] SetEvent (hEvent=0x100) returned 1 [0092.801] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0092.802] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0092.802] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0092.803] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0092.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0092.803] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc00012dcf4 | out: lpMode=0xc00012dcf4) returned 0 [0092.804] GetFileType (hFile=0x14c) returned 0x1 [0092.804] VirtualAlloc (lpAddress=0xc000154000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000154000 [0092.805] GetFileType (hFile=0x14c) returned 0x1 [0092.805] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc00012dd44 | out: lpFileInformation=0xc00012dd44) returned 1 [0092.805] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc00012dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012dd28) returned 1 [0092.805] VirtualAlloc (lpAddress=0xc000156000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000156000 [0092.805] ReadFile (in: hFile=0x14c, lpBuffer=0xc000156000, nNumberOfBytesToRead=0x229, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000156000*, lpNumberOfBytesRead=0xc00012dc04*=0x29, lpOverlapped=0x0) returned 1 [0092.806] ReadFile (in: hFile=0x14c, lpBuffer=0xc000156029, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000156029*, lpNumberOfBytesRead=0xc00012dc04*=0x0, lpOverlapped=0x0) returned 1 [0092.806] CloseHandle (hObject=0x14c) returned 1 [0092.806] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0092.807] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0092.807] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0092.807] VirtualAlloc (lpAddress=0xc00015e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015e000 [0092.808] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0092.808] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0092.809] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0092.810] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc00012dd04 | out: lpMode=0xc00012dd04) returned 0 [0092.810] GetFileType (hFile=0x14c) returned 0x1 [0092.810] WriteFile (in: hFile=0x14c, lpBuffer=0xc00015c000*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0xc00012dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00015c000*, lpNumberOfBytesWritten=0xc00012dcec*=0x30, lpOverlapped=0x0) returned 1 [0092.811] CloseHandle (hObject=0x14c) returned 1 [0092.818] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0092.819] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0092.819] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0092.819] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0092.820] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0092.820] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0092.820] VirtualAlloc (lpAddress=0xc00016e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016e000 [0092.821] VirtualAlloc (lpAddress=0xc000170000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000170000 [0092.821] VirtualAlloc (lpAddress=0xc000172000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000172000 [0092.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0092.821] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc00012dd64 | out: lpMode=0xc00012dd64) returned 0 [0092.822] GetFileType (hFile=0x14c) returned 0x1 [0092.822] WriteFile (in: hFile=0x14c, lpBuffer=0xc0001722c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001722c0*, lpNumberOfBytesWritten=0xc00012dd4c*=0x158, lpOverlapped=0x0) returned 1 [0092.822] CloseHandle (hObject=0x14c) returned 1 [0092.830] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0092.831] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\encry-MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\encry-manifest-000001"), dwFlags=0x1) returned 1 [0092.832] VirtualFree (lpAddress=0xc00014e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0092.833] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0092.833] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0092.833] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.834] GetFileType (hFile=0x150) returned 0x1 [0092.834] GetFileType (hFile=0x150) returned 0x1 [0092.834] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0092.834] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0092.834] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0092.835] ReadFile (in: hFile=0x150, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x29a, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc000117c04*=0x9a, lpOverlapped=0x0) returned 1 [0092.836] ReadFile (in: hFile=0x150, lpBuffer=0xc00004c09a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c09a*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0092.836] CloseHandle (hObject=0x150) returned 1 [0092.836] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0092.837] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0092.837] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0092.838] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0092.839] GetFileType (hFile=0x150) returned 0x1 [0092.839] WriteFile (in: hFile=0x150, lpBuffer=0xc0003d0000*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d0000*, lpNumberOfBytesWritten=0xc000117cec*=0xa0, lpOverlapped=0x0) returned 1 [0092.840] CloseHandle (hObject=0x150) returned 1 [0092.868] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0092.868] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0092.868] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0092.885] GetFileType (hFile=0x150) returned 0x1 [0092.885] WriteFile (in: hFile=0x150, lpBuffer=0xc0001726e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001726e0*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0092.885] CloseHandle (hObject=0x150) returned 1 [0092.888] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0092.889] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0092.890] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\encry-LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\encry-log"), dwFlags=0x1) returned 1 [0092.890] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0092.891] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000115cf4 | out: lpMode=0xc000115cf4) returned 0 [0092.896] GetFileType (hFile=0x150) returned 0x1 [0092.896] GetFileType (hFile=0x150) returned 0x1 [0092.896] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000115d44 | out: lpFileInformation=0xc000115d44) returned 1 [0092.896] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000115d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000115d28) returned 1 [0092.896] ReadFile (in: hFile=0x150, lpBuffer=0xc0001578c0, nNumberOfBytesToRead=0x210, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001578c0*, lpNumberOfBytesRead=0xc000115c04*=0x10, lpOverlapped=0x0) returned 1 [0092.897] ReadFile (in: hFile=0x150, lpBuffer=0xc0001578d0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001578d0*, lpNumberOfBytesRead=0xc000115c04*=0x0, lpOverlapped=0x0) returned 1 [0092.897] CloseHandle (hObject=0x150) returned 1 [0092.897] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0092.899] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000115d04 | out: lpMode=0xc000115d04) returned 0 [0092.900] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0092.900] GetFileType (hFile=0x150) returned 0x1 [0092.900] WriteFile (in: hFile=0x150, lpBuffer=0xc0003fc360*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xc000115cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003fc360*, lpNumberOfBytesWritten=0xc000115cec*=0x20, lpOverlapped=0x0) returned 1 [0092.901] CloseHandle (hObject=0x150) returned 1 [0092.909] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0092.909] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0092.909] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0092.910] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0092.910] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0092.911] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000115d64 | out: lpMode=0xc000115d64) returned 0 [0092.912] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0092.921] GetFileType (hFile=0x150) returned 0x1 [0092.921] WriteFile (in: hFile=0x150, lpBuffer=0xc0000ce2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000115d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce2c0*, lpNumberOfBytesWritten=0xc000115d4c*=0x158, lpOverlapped=0x0) returned 1 [0092.921] CloseHandle (hObject=0x150) returned 1 [0092.924] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\encry-CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\encry-current"), dwFlags=0x1) returned 1 [0092.925] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.926] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0092.926] SetEvent (hEvent=0xc0) returned 1 [0092.926] SetEvent (hEvent=0x13c) returned 1 [0092.926] SetEvent (hEvent=0x12c) returned 1 [0092.927] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.929] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.980] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0092.980] SetEvent (hEvent=0x114) returned 1 [0092.980] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.000] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0093.001] SetEvent (hEvent=0x12c) returned 1 [0093.001] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0093.002] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.015] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.017] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0093.017] SetEvent (hEvent=0x120) returned 1 [0093.017] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.047] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.049] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0093.049] SetEvent (hEvent=0xc0) returned 1 [0093.049] SetEvent (hEvent=0x12c) returned 1 [0093.049] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.050] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.053] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.054] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0093.054] SetEvent (hEvent=0x12c) returned 1 [0093.054] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.061] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0093.076] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0093.076] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0093.076] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0093.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0093.077] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0006dfcf4 | out: lpMode=0xc0006dfcf4) returned 0 [0093.087] GetFileType (hFile=0xf4) returned 0x1 [0093.087] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0093.088] GetFileType (hFile=0xf4) returned 0x1 [0093.088] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc0006dfd44 | out: lpFileInformation=0xc0006dfd44) returned 1 [0093.088] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc0006dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006dfd28) returned 1 [0093.088] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0093.088] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0093.089] ReadFile (in: hFile=0xf4, lpBuffer=0xc00005a000, nNumberOfBytesToRead=0x310, lpNumberOfBytesRead=0xc0006dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesRead=0xc0006dfc04*=0x110, lpOverlapped=0x0) returned 1 [0093.090] ReadFile (in: hFile=0xf4, lpBuffer=0xc00005a110, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a110*, lpNumberOfBytesRead=0xc0006dfc04*=0x0, lpOverlapped=0x0) returned 1 [0093.090] CloseHandle (hObject=0xf4) returned 1 [0093.090] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0093.091] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0093.091] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0093.091] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0093.092] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0093.093] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0006dfd04 | out: lpMode=0xc0006dfd04) returned 0 [0093.105] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0093.107] GetFileType (hFile=0xf4) returned 0x1 [0093.107] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc0006dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc0006dfcec*=0x120, lpOverlapped=0x0) returned 1 [0093.109] CloseHandle (hObject=0xf4) returned 1 [0093.112] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0093.113] VirtualAlloc (lpAddress=0xc0000ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ec000 [0093.113] VirtualAlloc (lpAddress=0xc0000f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f4000 [0093.113] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0093.114] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0093.114] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0006dfd64 | out: lpMode=0xc0006dfd64) returned 0 [0093.122] GetFileType (hFile=0xf4) returned 0x1 [0093.122] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000fc2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc2c0*, lpNumberOfBytesWritten=0xc0006dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0093.123] CloseHandle (hObject=0xf4) returned 1 [0093.124] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.125] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.126] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0093.126] SetEvent (hEvent=0xc0) returned 1 [0093.126] SetEvent (hEvent=0x8c) returned 1 [0093.126] SetEvent (hEvent=0x108) returned 1 [0093.126] SetEvent (hEvent=0x9c) returned 1 [0093.126] VirtualAlloc (lpAddress=0xc000200000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000200000 [0093.127] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.133] SetEvent (hEvent=0x13c) returned 1 [0093.133] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.134] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.134] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0093.134] SetEvent (hEvent=0x120) returned 1 [0093.134] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.135] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.135] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.135] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.135] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.135] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.135] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6)) returned 1 [0093.147] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.147] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.148] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.148] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.148] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.148] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.148] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.148] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7)) returned 1 [0093.148] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.215] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0093.217] SetEvent (hEvent=0x120) returned 1 [0093.217] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0093.421] SetEvent (hEvent=0x13c) returned 1 [0093.421] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0093.444] SetEvent (hEvent=0x12c) returned 1 [0093.444] SetEvent (hEvent=0x13c) returned 1 [0093.444] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0093.580] SetEvent (hEvent=0x100) returned 1 [0093.580] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0093.883] SetEvent (hEvent=0x120) returned 1 [0093.883] SetEvent (hEvent=0x13c) returned 1 [0093.883] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0093.884] SetEvent (hEvent=0x120) returned 1 [0093.884] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0093.902] SetEvent (hEvent=0x8c) returned 1 [0093.903] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0093.907] SetEvent (hEvent=0x120) returned 1 [0093.907] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0093.981] SetEvent (hEvent=0x13c) returned 1 [0093.981] SetEvent (hEvent=0x120) returned 1 [0093.981] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0094.007] SetEvent (hEvent=0x8c) returned 1 [0094.007] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0094.113] SetEvent (hEvent=0x8c) returned 1 [0094.113] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0094.114] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0094.114] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0094.115] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0094.115] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0000c5cf4 | out: lpMode=0xc0000c5cf4) returned 0 [0094.115] GetFileType (hFile=0x148) returned 0x1 [0094.115] GetFileType (hFile=0x148) returned 0x1 [0094.116] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc0000c5d44 | out: lpFileInformation=0xc0000c5d44) returned 1 [0094.116] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc0000c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c5d28) returned 1 [0094.116] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0094.116] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0094.116] ReadFile (in: hFile=0x148, lpBuffer=0xc000040000, nNumberOfBytesToRead=0x2de, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesRead=0xc0000c5c04*=0xde, lpOverlapped=0x0) returned 1 [0094.118] ReadFile (in: hFile=0x148, lpBuffer=0xc0000400de, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000400de*, lpNumberOfBytesRead=0xc0000c5c04*=0x0, lpOverlapped=0x0) returned 1 [0094.118] CloseHandle (hObject=0x148) returned 1 [0094.118] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0094.118] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0094.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0094.120] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0000c5d04 | out: lpMode=0xc0000c5d04) returned 0 [0094.120] GetFileType (hFile=0x148) returned 0x1 [0094.120] WriteFile (in: hFile=0x148, lpBuffer=0xc0002680e0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0000c5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002680e0*, lpNumberOfBytesWritten=0xc0000c5cec*=0xe0, lpOverlapped=0x0) returned 1 [0094.121] CloseHandle (hObject=0x148) returned 1 [0094.124] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0094.124] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0094.125] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0094.125] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0094.126] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0094.126] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0094.126] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0000c5d64 | out: lpMode=0xc0000c5d64) returned 0 [0094.127] GetFileType (hFile=0x148) returned 0x1 [0094.127] WriteFile (in: hFile=0x148, lpBuffer=0xc0000dc160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc160*, lpNumberOfBytesWritten=0xc0000c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.127] CloseHandle (hObject=0x148) returned 1 [0094.128] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.130] VirtualFree (lpAddress=0xc0001fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.130] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.130] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.130] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.131] GetFileType (hFile=0x144) returned 0x1 [0094.131] GetFileType (hFile=0x144) returned 0x1 [0094.131] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000249d44 | out: lpFileInformation=0xc000249d44) returned 1 [0094.131] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000249d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000249d28) returned 1 [0094.131] ReadFile (in: hFile=0x144, lpBuffer=0xc000040300, nNumberOfBytesToRead=0x2e9, lpNumberOfBytesRead=0xc000249c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040300*, lpNumberOfBytesRead=0xc000249c04*=0xe9, lpOverlapped=0x0) returned 1 [0094.132] ReadFile (in: hFile=0x144, lpBuffer=0xc0000403e9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000249c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000403e9*, lpNumberOfBytesRead=0xc000249c04*=0x0, lpOverlapped=0x0) returned 1 [0094.132] CloseHandle (hObject=0x144) returned 1 [0094.132] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0094.134] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000249d04 | out: lpMode=0xc000249d04) returned 0 [0094.137] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0094.139] GetFileType (hFile=0x144) returned 0x1 [0094.139] WriteFile (in: hFile=0x144, lpBuffer=0xc0000503c0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000249cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000503c0*, lpNumberOfBytesWritten=0xc000249cec*=0xf0, lpOverlapped=0x0) returned 1 [0094.140] CloseHandle (hObject=0x144) returned 1 [0094.146] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0094.146] VirtualAlloc (lpAddress=0xc000270000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000270000 [0094.147] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0094.147] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000249d64 | out: lpMode=0xc000249d64) returned 0 [0094.148] GetFileType (hFile=0x144) returned 0x1 [0094.148] WriteFile (in: hFile=0x144, lpBuffer=0xc0000dc420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000249d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc420*, lpNumberOfBytesWritten=0xc000249d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.148] CloseHandle (hObject=0x144) returned 1 [0094.153] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.154] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0094.161] SetEvent (hEvent=0x8c) returned 1 [0094.161] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0094.163] SetEvent (hEvent=0x100) returned 1 [0094.163] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0094.166] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0094.184] SetEvent (hEvent=0x8c) returned 1 [0094.184] SetEvent (hEvent=0x120) returned 1 [0094.184] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0094.228] SetEvent (hEvent=0x13c) returned 1 [0094.228] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0094.230] VirtualFree (lpAddress=0xc000272000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.230] VirtualAlloc (lpAddress=0xc000122000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000122000 [0094.231] SetEvent (hEvent=0x8c) returned 1 [0094.231] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0094.236] SetEvent (hEvent=0x12c) returned 1 [0094.236] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0094.427] SetEvent (hEvent=0x8c) returned 1 [0094.427] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0094.427] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00012dcf4 | out: lpMode=0xc00012dcf4) returned 0 [0094.434] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0094.435] SetEvent (hEvent=0xc0) returned 1 [0094.435] SetEvent (hEvent=0x8c) returned 1 [0094.436] GetFileType (hFile=0x144) returned 0x1 [0094.436] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0094.469] VirtualFree (lpAddress=0xc00013e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0094.469] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.470] SetEvent (hEvent=0x12c) returned 1 [0094.470] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0094.473] SetEvent (hEvent=0x100) returned 1 [0094.474] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.327] SetEvent (hEvent=0x8c) returned 1 [0095.327] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.332] SetEvent (hEvent=0x9c) returned 1 [0095.332] SetEvent (hEvent=0x13c) returned 1 [0095.332] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.383] SetEvent (hEvent=0x114) returned 1 [0095.383] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.383] SetEvent (hEvent=0x114) returned 1 [0095.383] SetEvent (hEvent=0x120) returned 1 [0095.383] VirtualFree (lpAddress=0xc00016e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0095.384] VirtualFree (lpAddress=0xc00014c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.384] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.384] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.385] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.385] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.385] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.385] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.386] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.386] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.386] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.386] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.387] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.387] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xfc [0095.388] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc000257cf4 | out: lpMode=0xc000257cf4) returned 0 [0095.388] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.390] GetFileType (hFile=0xfc) returned 0x1 [0095.390] GetFileType (hFile=0xfc) returned 0x1 [0095.390] GetFileInformationByHandle (in: hFile=0xfc, lpFileInformation=0xc000257d44 | out: lpFileInformation=0xc000257d44) returned 1 [0095.390] GetFileInformationByHandleEx (in: hFile=0xfc, FileInformationClass=0x9, lpFileInformation=0xc000257d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000257d28) returned 1 [0095.390] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0095.390] ReadFile (in: hFile=0xfc, lpBuffer=0xc0000d8000, nNumberOfBytesToRead=0x2dd, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesRead=0xc000257c04*=0xdd, lpOverlapped=0x0) returned 1 [0095.392] ReadFile (in: hFile=0xfc, lpBuffer=0xc0000d80dd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d80dd*, lpNumberOfBytesRead=0xc000257c04*=0x0, lpOverlapped=0x0) returned 1 [0095.392] CloseHandle (hObject=0xfc) returned 1 [0095.392] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0095.392] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0095.393] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc000257d04 | out: lpMode=0xc000257d04) returned 0 [0095.394] GetFileType (hFile=0xfc) returned 0x1 [0095.394] WriteFile (in: hFile=0xfc, lpBuffer=0xc000154000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000257cec, lpOverlapped=0x0 | out: lpBuffer=0xc000154000*, lpNumberOfBytesWritten=0xc000257cec*=0xe0, lpOverlapped=0x0) returned 1 [0095.395] CloseHandle (hObject=0xfc) returned 1 [0095.398] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0095.399] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0095.399] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0095.399] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0095.399] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0095.400] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc000257d64 | out: lpMode=0xc000257d64) returned 0 [0095.400] GetFileType (hFile=0xfc) returned 0x1 [0095.400] WriteFile (in: hFile=0xfc, lpBuffer=0xc0000ce160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000257d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce160*, lpNumberOfBytesWritten=0xc000257d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.400] CloseHandle (hObject=0xfc) returned 1 [0095.405] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.406] VirtualFree (lpAddress=0xc0001c6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.407] VirtualFree (lpAddress=0xc000174000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.407] VirtualFree (lpAddress=0xc00015e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.407] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.408] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.408] WriteFile (in: hFile=0x14c, lpBuffer=0xc000050000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc000067cec, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesWritten=0xc000067cec*=0xd0, lpOverlapped=0x0) returned 1 [0095.409] CloseHandle (hObject=0x14c) returned 1 [0095.412] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0095.413] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0095.413] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000067d64 | out: lpMode=0xc000067d64) returned 0 [0095.416] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.418] GetFileType (hFile=0x14c) returned 0x1 [0095.418] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000067d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000067d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.418] CloseHandle (hObject=0x14c) returned 1 [0095.420] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.421] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.444] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.447] SetEvent (hEvent=0x114) returned 1 [0095.447] SwitchToThread () returned 1 [0095.450] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.455] SetEvent (hEvent=0x114) returned 1 [0095.455] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.456] SetEvent (hEvent=0x100) returned 1 [0095.456] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.458] SetEvent (hEvent=0x114) returned 1 [0095.458] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.459] SetEvent (hEvent=0x114) returned 1 [0095.459] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.460] SetEvent (hEvent=0x114) returned 1 [0095.460] SetEvent (hEvent=0x120) returned 1 [0095.460] SetEvent (hEvent=0x100) returned 1 [0095.460] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.474] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0095.475] VirtualAlloc (lpAddress=0xc000122000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000122000 [0095.475] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.476] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.476] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.476] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.476] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.476] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.476] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0095.477] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0095.477] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0)) returned 1 [0095.478] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.478] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.479] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.479] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.479] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.479] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.479] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5)) returned 1 [0095.517] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0095.517] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0095.518] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0095.518] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.519] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.519] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0095.520] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.520] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.520] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.520] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0095.520] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a)) returned 1 [0095.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.521] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.521] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.521] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.521] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.522] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd)) returned 1 [0095.529] SetEvent (hEvent=0x13c) returned 1 [0095.529] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.530] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.530] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.530] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.530] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.530] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.530] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda)) returned 1 [0095.530] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0095.531] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.531] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.531] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.532] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.532] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.532] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.532] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf8)) returned 1 [0095.536] VirtualAlloc (lpAddress=0xc0000f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f6000 [0095.536] SetEvent (hEvent=0x13c) returned 1 [0095.536] VirtualAlloc (lpAddress=0xc0000f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f8000 [0095.537] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0095.537] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0095.537] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.538] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.538] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0095.538] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.538] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0095.539] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0095.539] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.539] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.539] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.539] VirtualAlloc (lpAddress=0xc000142000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000142000 [0095.540] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.540] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0095.540] VirtualAlloc (lpAddress=0xc00014c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014c000 [0095.541] VirtualAlloc (lpAddress=0xc000154000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000154000 [0095.541] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6)) returned 1 [0095.543] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.543] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.543] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.543] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.543] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.543] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.543] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe)) returned 1 [0095.545] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.546] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.546] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.546] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.546] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.546] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.546] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.546] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3)) returned 1 [0095.547] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.547] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.547] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.547] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.547] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.547] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.547] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108)) returned 1 [0095.549] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.551] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.551] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.551] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.551] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.551] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.551] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.551] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.551] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1)) returned 1 [0095.552] VirtualAlloc (lpAddress=0xc00015e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015e000 [0095.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.553] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.553] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.553] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.553] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.553] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce)) returned 1 [0095.559] VirtualAlloc (lpAddress=0xc00016e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016e000 [0095.559] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.560] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.560] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.560] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.560] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.560] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.560] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.561] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce)) returned 1 [0095.561] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.570] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.570] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0095.570] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.570] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.570] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x0, dwReserved1=0x0, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0095.570] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0095.570] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.570] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.571] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160)) returned 1 [0095.581] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x2b56)) returned 1 [0095.582] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc8d)) returned 1 [0095.582] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0095.583] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8f)) returned 1 [0095.583] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x5c)) returned 1 [0095.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x5b)) returned 1 [0095.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5)) returned 1 [0095.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.585] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\*", lpFindFileData=0xc0000751d0 | out: lpFindFileData=0xc0000751d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.585] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.585] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="14.1_0", cAlternateFileName="")) returned 1 [0095.585] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.585] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.586] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.588] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.598] SetEvent (hEvent=0x100) returned 1 [0095.598] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.784] SetEvent (hEvent=0x120) returned 1 [0095.784] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0095.784] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000063cf4 | out: lpMode=0xc000063cf4) returned 0 [0095.788] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.789] GetFileType (hFile=0x148) returned 0x1 [0095.789] GetFileType (hFile=0x148) returned 0x1 [0095.789] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000063d44 | out: lpFileInformation=0xc000063d44) returned 1 [0095.789] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000063d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000063d28) returned 1 [0095.789] ReadFile (in: hFile=0x148, lpBuffer=0xc00004e300, nNumberOfBytesToRead=0x300, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e300*, lpNumberOfBytesRead=0xc000063c04*=0x100, lpOverlapped=0x0) returned 1 [0095.791] ReadFile (in: hFile=0x148, lpBuffer=0xc00004e400, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e400*, lpNumberOfBytesRead=0xc000063c04*=0x0, lpOverlapped=0x0) returned 1 [0095.791] CloseHandle (hObject=0x148) returned 1 [0095.791] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0095.792] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0095.792] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0095.793] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000063d04 | out: lpMode=0xc000063d04) returned 0 [0095.794] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.801] GetFileType (hFile=0x148) returned 0x1 [0095.801] WriteFile (in: hFile=0x148, lpBuffer=0xc00015d7a0*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000063cec, lpOverlapped=0x0 | out: lpBuffer=0xc00015d7a0*, lpNumberOfBytesWritten=0xc000063cec*=0x110, lpOverlapped=0x0) returned 1 [0095.803] CloseHandle (hObject=0x148) returned 1 [0095.804] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0095.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0095.805] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000063d64 | out: lpMode=0xc000063d64) returned 0 [0095.808] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.811] GetFileType (hFile=0x148) returned 0x1 [0095.811] WriteFile (in: hFile=0x148, lpBuffer=0xc0000542c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000063d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000542c0*, lpNumberOfBytesWritten=0xc000063d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.811] CloseHandle (hObject=0x148) returned 1 [0095.812] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.813] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.838] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0095.838] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00018dcf4 | out: lpMode=0xc00018dcf4) returned 0 [0095.848] GetFileType (hFile=0x154) returned 0x1 [0095.848] VirtualAlloc (lpAddress=0xc0000ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ec000 [0095.849] GetFileType (hFile=0x154) returned 0x1 [0095.849] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc00018dd44 | out: lpFileInformation=0xc00018dd44) returned 1 [0095.849] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc00018dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018dd28) returned 1 [0095.849] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0095.849] ReadFile (in: hFile=0x154, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x4d5, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc00018dc04*=0x2d5, lpOverlapped=0x0) returned 1 [0095.858] ReadFile (in: hFile=0x154, lpBuffer=0xc0000ee2d5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee2d5*, lpNumberOfBytesRead=0xc00018dc04*=0x0, lpOverlapped=0x0) returned 1 [0095.859] CloseHandle (hObject=0x154) returned 1 [0095.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0095.860] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00018dd04 | out: lpMode=0xc00018dd04) returned 0 [0095.864] GetFileType (hFile=0x154) returned 0x1 [0095.865] WriteFile (in: hFile=0x154, lpBuffer=0xc0000f0300*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0xc00018dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0300*, lpNumberOfBytesWritten=0xc00018dcec*=0x2e0, lpOverlapped=0x0) returned 1 [0095.866] CloseHandle (hObject=0x154) returned 1 [0095.867] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0095.867] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0095.867] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00018dd64 | out: lpMode=0xc00018dd64) returned 0 [0095.868] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.880] GetFileType (hFile=0x154) returned 0x1 [0095.880] WriteFile (in: hFile=0x154, lpBuffer=0xc0000542c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000542c0*, lpNumberOfBytesWritten=0xc00018dd4c*=0x158, lpOverlapped=0x0) returned 1 [0095.880] CloseHandle (hObject=0x154) returned 1 [0095.884] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\encry-manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\encry-manifest.json"), dwFlags=0x1) returned 1 [0095.885] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0095.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0095.887] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000171cf4 | out: lpMode=0xc000171cf4) returned 0 [0095.891] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.894] SetEvent (hEvent=0x114) returned 1 [0095.894] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.896] SetEvent (hEvent=0x9c) returned 1 [0095.896] VirtualFree (lpAddress=0xc000140000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.896] VirtualFree (lpAddress=0xc000132000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.897] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.897] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.897] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.897] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.898] VirtualFree (lpAddress=0xc0001d8000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0095.898] SetEvent (hEvent=0x114) returned 1 [0095.898] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.923] SetEvent (hEvent=0x100) returned 1 [0095.923] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.977] SetEvent (hEvent=0x114) returned 1 [0095.977] SetEvent (hEvent=0x9c) returned 1 [0095.977] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.978] SetEvent (hEvent=0x114) returned 1 [0095.978] SwitchToThread () returned 1 [0095.979] SetEvent (hEvent=0x114) returned 1 [0095.979] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0095.979] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100d0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c3818, lpReserved=0x0 | out: lpBuffer=0xc0000100d0*, lpNumberOfCharsWritten=0xc0000c3818*=0x3) returned 1 [0095.981] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100d6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000049818, lpReserved=0x0 | out: lpBuffer=0xc0000100d6*, lpNumberOfCharsWritten=0xc000049818*=0x3) returned 1 [0096.001] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.003] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0478*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004d9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0478*, lpNumberOfCharsWritten=0xc0004d9818*=0x3) returned 1 [0096.005] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.019] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102050*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000111818, lpReserved=0x0 | out: lpBuffer=0xc000102050*, lpNumberOfCharsWritten=0xc000111818*=0x3) returned 1 [0096.033] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0096.034] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102068*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023f818, lpReserved=0x0 | out: lpBuffer=0xc000102068*, lpNumberOfCharsWritten=0xc00023f818*=0x3) returned 1 [0096.037] SetEvent (hEvent=0x120) returned 1 [0096.037] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0096.037] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0096.038] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.047] SetEvent (hEvent=0x114) returned 1 [0096.047] SetEvent (hEvent=0x13c) returned 1 [0096.047] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.071] SetEvent (hEvent=0x114) returned 1 [0096.071] SetEvent (hEvent=0x120) returned 1 [0096.071] SwitchToThread () returned 1 [0096.078] SetEvent (hEvent=0x114) returned 1 [0096.078] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.098] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0096.098] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0096.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0096.099] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00012bcf4 | out: lpMode=0xc00012bcf4) returned 0 [0096.106] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.110] SetEvent (hEvent=0x100) returned 1 [0096.110] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.113] SetEvent (hEvent=0x120) returned 1 [0096.113] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.113] VirtualFree (lpAddress=0xc000158000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.113] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.113] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.114] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.114] SetEvent (hEvent=0x100) returned 1 [0096.114] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.130] SetEvent (hEvent=0x120) returned 1 [0096.130] SetEvent (hEvent=0x13c) returned 1 [0096.130] SetEvent (hEvent=0x100) returned 1 [0096.130] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.135] SetEvent (hEvent=0x114) returned 1 [0096.135] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.141] SetEvent (hEvent=0x114) returned 1 [0096.141] SetEvent (hEvent=0x9c) returned 1 [0096.142] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.165] SetEvent (hEvent=0x9c) returned 1 [0096.165] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.170] SetEvent (hEvent=0x120) returned 1 [0096.170] SetEvent (hEvent=0x8c) returned 1 [0096.170] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.172] SetEvent (hEvent=0x120) returned 1 [0096.173] SetEvent (hEvent=0x100) returned 1 [0096.173] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0096.173] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00018fcf4 | out: lpMode=0xc00018fcf4) returned 0 [0096.185] GetFileType (hFile=0x150) returned 0x1 [0096.185] GetFileType (hFile=0x150) returned 0x1 [0096.186] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00018fd44 | out: lpFileInformation=0xc00018fd44) returned 1 [0096.186] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00018fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018fd28) returned 1 [0096.186] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0096.186] ReadFile (in: hFile=0x150, lpBuffer=0xc000070000, nNumberOfBytesToRead=0x2fc, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesRead=0xc00018fc04*=0xfc, lpOverlapped=0x0) returned 1 [0096.187] ReadFile (in: hFile=0x150, lpBuffer=0xc0000700fc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000700fc*, lpNumberOfBytesRead=0xc00018fc04*=0x0, lpOverlapped=0x0) returned 1 [0096.187] CloseHandle (hObject=0x150) returned 1 [0096.187] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0096.188] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00018fd04 | out: lpMode=0xc00018fd04) returned 0 [0096.199] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.209] GetFileType (hFile=0x150) returned 0x1 [0096.209] WriteFile (in: hFile=0x150, lpBuffer=0xc000000500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc00018fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000000500*, lpNumberOfBytesWritten=0xc00018fcec*=0x100, lpOverlapped=0x0) returned 1 [0096.210] CloseHandle (hObject=0x150) returned 1 [0096.213] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0096.213] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0096.213] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00018fd64 | out: lpMode=0xc00018fd64) returned 0 [0096.223] GetFileType (hFile=0x150) returned 0x1 [0096.223] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc00018fd4c*=0x158, lpOverlapped=0x0) returned 1 [0096.224] CloseHandle (hObject=0x150) returned 1 [0096.227] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.232] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.245] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.246] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x164 [0096.246] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc000155cf4 | out: lpMode=0xc000155cf4) returned 0 [0096.247] GetFileType (hFile=0x164) returned 0x1 [0096.247] GetFileType (hFile=0x164) returned 0x1 [0096.247] GetFileInformationByHandle (in: hFile=0x164, lpFileInformation=0xc000155d44 | out: lpFileInformation=0xc000155d44) returned 1 [0096.247] GetFileInformationByHandleEx (in: hFile=0x164, FileInformationClass=0x9, lpFileInformation=0xc000155d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000155d28) returned 1 [0096.247] ReadFile (in: hFile=0x164, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x316, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc000155c04*=0x116, lpOverlapped=0x0) returned 1 [0096.248] ReadFile (in: hFile=0x164, lpBuffer=0xc00003c116, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c116*, lpNumberOfBytesRead=0xc000155c04*=0x0, lpOverlapped=0x0) returned 1 [0096.248] CloseHandle (hObject=0x164) returned 1 [0096.248] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0096.253] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc000155d04 | out: lpMode=0xc000155d04) returned 0 [0096.256] GetFileType (hFile=0x164) returned 0x1 [0096.256] WriteFile (in: hFile=0x164, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc000155cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc000155cec*=0x120, lpOverlapped=0x0) returned 1 [0096.258] CloseHandle (hObject=0x164) returned 1 [0096.259] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0096.259] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0096.259] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc000155d64 | out: lpMode=0xc000155d64) returned 0 [0096.270] GetFileType (hFile=0x164) returned 0x1 [0096.270] WriteFile (in: hFile=0x164, lpBuffer=0xc0001466e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000155d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001466e0*, lpNumberOfBytesWritten=0xc000155d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.270] CloseHandle (hObject=0x164) returned 1 [0096.272] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.273] VirtualFree (lpAddress=0xc000166000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.274] VirtualFree (lpAddress=0xc00015c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.274] VirtualFree (lpAddress=0xc000148000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0096.274] VirtualFree (lpAddress=0xc00013e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.275] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.275] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.275] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.275] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.276] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.276] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.276] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.276] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.277] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.277] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.277] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.277] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.328] SetEvent (hEvent=0x12c) returned 1 [0096.328] SetEvent (hEvent=0x9c) returned 1 [0096.328] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.338] SetEvent (hEvent=0x9c) returned 1 [0096.338] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.342] SetEvent (hEvent=0x100) returned 1 [0096.342] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.366] SetEvent (hEvent=0x8c) returned 1 [0096.367] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.373] SetEvent (hEvent=0x9c) returned 1 [0096.373] SetEvent (hEvent=0x13c) returned 1 [0096.373] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.375] SetEvent (hEvent=0x9c) returned 1 [0096.375] SetEvent (hEvent=0x12c) returned 1 [0096.375] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0096.375] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000153cf4 | out: lpMode=0xc000153cf4) returned 0 [0096.380] GetFileType (hFile=0x128) returned 0x1 [0096.380] GetFileType (hFile=0x128) returned 0x1 [0096.380] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000153d44 | out: lpFileInformation=0xc000153d44) returned 1 [0096.380] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000153d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000153d28) returned 1 [0096.380] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0096.380] ReadFile (in: hFile=0x128, lpBuffer=0xc0001a2000, nNumberOfBytesToRead=0x302, lpNumberOfBytesRead=0xc000153c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a2000*, lpNumberOfBytesRead=0xc000153c04*=0x102, lpOverlapped=0x0) returned 1 [0096.381] ReadFile (in: hFile=0x128, lpBuffer=0xc0001a2102, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000153c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a2102*, lpNumberOfBytesRead=0xc000153c04*=0x0, lpOverlapped=0x0) returned 1 [0096.381] CloseHandle (hObject=0x128) returned 1 [0096.381] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0096.382] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0096.383] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000153d04 | out: lpMode=0xc000153d04) returned 0 [0096.390] GetFileType (hFile=0x128) returned 0x1 [0096.390] WriteFile (in: hFile=0x128, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000153cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc000153cec*=0x110, lpOverlapped=0x0) returned 1 [0096.392] CloseHandle (hObject=0x128) returned 1 [0096.400] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0096.401] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0096.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0096.401] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000153d64 | out: lpMode=0xc000153d64) returned 0 [0096.424] GetFileType (hFile=0x128) returned 0x1 [0096.424] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000153d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000153d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.425] CloseHandle (hObject=0x128) returned 1 [0096.429] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.430] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0096.430] SetEvent (hEvent=0x15c) returned 1 [0096.430] SetEvent (hEvent=0x8c) returned 1 [0096.430] SetEvent (hEvent=0x120) returned 1 [0096.431] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.434] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.434] SetEvent (hEvent=0x120) returned 1 [0096.435] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.436] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.436] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.437] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.437] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0096.437] SetEvent (hEvent=0x12c) returned 1 [0096.437] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.438] GetFileType (hFile=0x150) returned 0x1 [0096.438] WriteFile (in: hFile=0x150, lpBuffer=0xc000146000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000157d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000146000*, lpNumberOfBytesWritten=0xc000157d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.438] CloseHandle (hObject=0x150) returned 1 [0096.439] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.440] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.441] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0096.441] SetEvent (hEvent=0xc0) returned 1 [0096.441] SetEvent (hEvent=0x100) returned 1 [0096.442] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.447] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.451] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.451] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0096.451] SetEvent (hEvent=0x100) returned 1 [0096.451] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.452] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0096.452] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00018bcf4 | out: lpMode=0xc00018bcf4) returned 0 [0096.467] GetFileType (hFile=0x150) returned 0x1 [0096.467] GetFileType (hFile=0x150) returned 0x1 [0096.467] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00018bd44 | out: lpFileInformation=0xc00018bd44) returned 1 [0096.468] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00018bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018bd28) returned 1 [0096.468] VirtualAlloc (lpAddress=0xc0001a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a8000 [0096.468] ReadFile (in: hFile=0x150, lpBuffer=0xc0001a8000, nNumberOfBytesToRead=0x2fb, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a8000*, lpNumberOfBytesRead=0xc00018bc04*=0xfb, lpOverlapped=0x0) returned 1 [0096.469] ReadFile (in: hFile=0x150, lpBuffer=0xc0001a80fb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a80fb*, lpNumberOfBytesRead=0xc00018bc04*=0x0, lpOverlapped=0x0) returned 1 [0096.469] CloseHandle (hObject=0x150) returned 1 [0096.470] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0096.471] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00018bd04 | out: lpMode=0xc00018bd04) returned 0 [0096.550] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.569] GetFileType (hFile=0x144) returned 0x1 [0096.569] WriteFile (in: hFile=0x144, lpBuffer=0xc000146000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000189d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000146000*, lpNumberOfBytesWritten=0xc000189d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.569] CloseHandle (hObject=0x144) returned 1 [0096.571] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0096.571] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.572] GetFileType (hFile=0x148) returned 0x1 [0096.572] WriteFile (in: hFile=0x148, lpBuffer=0xc00013a000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000047cec, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesWritten=0xc000047cec*=0x110, lpOverlapped=0x0) returned 1 [0096.573] CloseHandle (hObject=0x148) returned 1 [0096.576] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0096.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0096.577] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000047d64 | out: lpMode=0xc000047d64) returned 0 [0096.583] GetFileType (hFile=0x148) returned 0x1 [0096.583] WriteFile (in: hFile=0x148, lpBuffer=0xc00006e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000047d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesWritten=0xc000047d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.584] CloseHandle (hObject=0x148) returned 1 [0096.589] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0096.589] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0096.590] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.591] SwitchToThread () returned 1 [0096.592] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.598] SetEvent (hEvent=0x100) returned 1 [0096.598] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.599] SetEvent (hEvent=0x100) returned 1 [0096.599] SetEvent (hEvent=0x12c) returned 1 [0096.599] SetEvent (hEvent=0x120) returned 1 [0096.599] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.642] SetEvent (hEvent=0x12c) returned 1 [0096.642] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.643] SetEvent (hEvent=0x100) returned 1 [0096.643] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.703] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.706] SetEvent (hEvent=0x120) returned 1 [0096.706] SetEvent (hEvent=0x9c) returned 1 [0096.706] SetEvent (hEvent=0x12c) returned 1 [0096.706] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.723] SetEvent (hEvent=0x120) returned 1 [0096.723] SetEvent (hEvent=0x8c) returned 1 [0096.723] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.729] SetEvent (hEvent=0x120) returned 1 [0096.729] SetEvent (hEvent=0x12c) returned 1 [0096.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0096.729] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000149cf4 | out: lpMode=0xc000149cf4) returned 0 [0096.739] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.743] SwitchToThread () returned 1 [0096.812] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.823] SetEvent (hEvent=0x12c) returned 1 [0096.823] SwitchToThread () returned 1 [0096.842] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0230*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000b9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0230*, lpNumberOfCharsWritten=0xc0000b9818*=0x3) returned 1 [0096.867] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.868] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000243818, lpReserved=0x0 | out: lpBuffer=0xc0001021b0*, lpNumberOfCharsWritten=0xc000243818*=0x3) returned 1 [0096.870] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.873] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586290*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000173818, lpReserved=0x0 | out: lpBuffer=0xc000586290*, lpNumberOfCharsWritten=0xc000173818*=0x3) returned 1 [0096.878] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.884] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0096.885] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000185818, lpReserved=0x0 | out: lpBuffer=0xc0000100b0*, lpNumberOfCharsWritten=0xc000185818*=0x3) returned 1 [0096.887] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.894] SetEvent (hEvent=0x12c) returned 1 [0096.894] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.897] VirtualFree (lpAddress=0xc00019c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0096.897] VirtualFree (lpAddress=0xc000134000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.898] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.898] SetEvent (hEvent=0x120) returned 1 [0096.898] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.925] SetEvent (hEvent=0x12c) returned 1 [0096.925] SetEvent (hEvent=0x120) returned 1 [0096.925] SetEvent (hEvent=0x8c) returned 1 [0096.925] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.980] SetEvent (hEvent=0x100) returned 1 [0096.980] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0096.982] SetEvent (hEvent=0x8c) returned 1 [0096.982] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.136] SetEvent (hEvent=0x12c) returned 1 [0097.136] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0097.137] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0097.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0097.138] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00004bcf4 | out: lpMode=0xc00004bcf4) returned 0 [0097.141] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.142] SetEvent (hEvent=0x12c) returned 1 [0097.142] GetFileType (hFile=0xec) returned 0x1 [0097.142] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.148] SetEvent (hEvent=0x12c) returned 1 [0097.148] GetFileType (hFile=0xec) returned 0x1 [0097.148] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.152] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00004bd44 | out: lpFileInformation=0xc00004bd44) returned 1 [0097.152] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00004bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00004bd28) returned 1 [0097.152] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0097.152] ReadFile (in: hFile=0xec, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x5ec, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc00004bc04*=0x3ec, lpOverlapped=0x0) returned 1 [0097.161] ReadFile (in: hFile=0xec, lpBuffer=0xc00004c3ec, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c3ec*, lpNumberOfBytesRead=0xc00004bc04*=0x0, lpOverlapped=0x0) returned 1 [0097.162] CloseHandle (hObject=0xec) returned 1 [0097.162] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0097.162] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.163] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00004bd04 | out: lpMode=0xc00004bd04) returned 0 [0097.166] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.171] SetEvent (hEvent=0x12c) returned 1 [0097.171] GetFileType (hFile=0xec) returned 0x1 [0097.171] WriteFile (in: hFile=0xec, lpBuffer=0xc00007a000*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0xc00004bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesWritten=0xc00004bcec*=0x3f0, lpOverlapped=0x0) returned 1 [0097.172] CloseHandle (hObject=0xec) returned 1 [0097.173] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0097.173] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.173] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00004bd64 | out: lpMode=0xc00004bd64) returned 0 [0097.174] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.176] GetFileType (hFile=0xec) returned 0x1 [0097.176] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00004bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00004bd4c*=0x158, lpOverlapped=0x0) returned 1 [0097.176] CloseHandle (hObject=0xec) returned 1 [0097.176] VirtualAlloc (lpAddress=0xc0001fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fe000 [0097.177] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\encry-manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\encry-manifest.json"), dwFlags=0x1) returned 1 [0097.178] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.178] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0097.178] SetEvent (hEvent=0x13c) returned 1 [0097.178] SetEvent (hEvent=0x15c) returned 1 [0097.179] SetEvent (hEvent=0x8c) returned 1 [0097.179] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.183] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.183] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0097.183] SetEvent (hEvent=0x8c) returned 1 [0097.183] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.187] GetFileType (hFile=0x148) returned 0x1 [0097.187] GetFileType (hFile=0x148) returned 0x1 [0097.187] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000149d44 | out: lpFileInformation=0xc000149d44) returned 1 [0097.188] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000149d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000149d28) returned 1 [0097.188] ReadFile (in: hFile=0x148, lpBuffer=0xc000040000, nNumberOfBytesToRead=0x31f, lpNumberOfBytesRead=0xc000149c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesRead=0xc000149c04*=0x11f, lpOverlapped=0x0) returned 1 [0097.189] ReadFile (in: hFile=0x148, lpBuffer=0xc00004011f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000149c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004011f*, lpNumberOfBytesRead=0xc000149c04*=0x0, lpOverlapped=0x0) returned 1 [0097.189] CloseHandle (hObject=0x148) returned 1 [0097.189] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0097.190] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000149d04 | out: lpMode=0xc000149d04) returned 0 [0097.198] GetFileType (hFile=0x148) returned 0x1 [0097.198] WriteFile (in: hFile=0x148, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc000149cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc000149cec*=0x120, lpOverlapped=0x0) returned 1 [0097.199] CloseHandle (hObject=0x148) returned 1 [0097.199] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0097.199] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0097.200] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0097.200] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000149d64 | out: lpMode=0xc000149d64) returned 0 [0097.208] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.221] GetFileType (hFile=0x148) returned 0x1 [0097.221] VirtualAlloc (lpAddress=0xc000192000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000192000 [0097.221] WriteFile (in: hFile=0x148, lpBuffer=0xc000192000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000149d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000192000*, lpNumberOfBytesWritten=0xc000149d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.222] CloseHandle (hObject=0x148) returned 1 [0097.222] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.223] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.224] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.224] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0097.224] SetEvent (hEvent=0xc0) returned 1 [0097.224] SetEvent (hEvent=0x120) returned 1 [0097.224] SetEvent (hEvent=0x9c) returned 1 [0097.224] VirtualAlloc (lpAddress=0xc000194000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000194000 [0097.226] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.230] SetEvent (hEvent=0x9c) returned 1 [0097.231] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.234] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.235] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0097.235] SetEvent (hEvent=0x13c) returned 1 [0097.235] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.235] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586200*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c7818, lpReserved=0x0 | out: lpBuffer=0xc000586200*, lpNumberOfCharsWritten=0xc0000c7818*=0x3) returned 1 [0097.238] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.247] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.257] SetEvent (hEvent=0x8c) returned 1 [0097.257] SetEvent (hEvent=0x15c) returned 1 [0097.257] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.271] SetEvent (hEvent=0x12c) returned 1 [0097.271] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.274] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0097.275] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000e7cf4 | out: lpMode=0xc0000e7cf4) returned 0 [0097.277] GetFileType (hFile=0xec) returned 0x1 [0097.277] GetFileType (hFile=0xec) returned 0x1 [0097.277] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0000e7d44 | out: lpFileInformation=0xc0000e7d44) returned 1 [0097.277] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0000e7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000e7d28) returned 1 [0097.277] ReadFile (in: hFile=0xec, lpBuffer=0xc000138000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc0000e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000138000*, lpNumberOfBytesRead=0xc0000e7c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.278] ReadFile (in: hFile=0xec, lpBuffer=0xc0001380b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001380b3*, lpNumberOfBytesRead=0xc0000e7c04*=0x0, lpOverlapped=0x0) returned 1 [0097.278] CloseHandle (hObject=0xec) returned 1 [0097.279] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0097.279] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.280] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000e7d04 | out: lpMode=0xc0000e7d04) returned 0 [0097.286] GetFileType (hFile=0xec) returned 0x1 [0097.286] WriteFile (in: hFile=0xec, lpBuffer=0xc00013a000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0000e7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesWritten=0xc0000e7cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.287] CloseHandle (hObject=0xec) returned 1 [0097.287] VirtualAlloc (lpAddress=0xc00028a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028a000 [0097.288] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0097.288] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0097.288] VirtualAlloc (lpAddress=0xc00028e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028e000 [0097.288] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0097.289] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0097.290] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.290] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000e7d64 | out: lpMode=0xc0000e7d64) returned 0 [0097.295] GetFileType (hFile=0xec) returned 0x1 [0097.295] WriteFile (in: hFile=0xec, lpBuffer=0xc00022a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000e7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00022a2c0*, lpNumberOfBytesWritten=0xc0000e7d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.295] CloseHandle (hObject=0xec) returned 1 [0097.295] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.296] VirtualFree (lpAddress=0xc000204000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.296] VirtualFree (lpAddress=0xc000194000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0097.297] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.297] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0097.297] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.297] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000185d64 | out: lpMode=0xc000185d64) returned 0 [0097.300] GetFileType (hFile=0xec) returned 0x1 [0097.300] WriteFile (in: hFile=0xec, lpBuffer=0xc00022a6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000185d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00022a6e0*, lpNumberOfBytesWritten=0xc000185d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.301] CloseHandle (hObject=0xec) returned 1 [0097.301] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.301] SwitchToThread () returned 1 [0097.304] GetFileType (hFile=0x144) returned 0x1 [0097.304] GetFileType (hFile=0x144) returned 0x1 [0097.304] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000111d44 | out: lpFileInformation=0xc000111d44) returned 1 [0097.304] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000111d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000111d28) returned 1 [0097.304] ReadFile (in: hFile=0x144, lpBuffer=0xc000228e00, nNumberOfBytesToRead=0x311, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc000228e00*, lpNumberOfBytesRead=0xc000111c04*=0x111, lpOverlapped=0x0) returned 1 [0097.306] ReadFile (in: hFile=0x144, lpBuffer=0xc000228f11, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc000228f11*, lpNumberOfBytesRead=0xc000111c04*=0x0, lpOverlapped=0x0) returned 1 [0097.306] CloseHandle (hObject=0x144) returned 1 [0097.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0097.307] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000111d04 | out: lpMode=0xc000111d04) returned 0 [0097.313] GetFileType (hFile=0x144) returned 0x1 [0097.314] WriteFile (in: hFile=0x144, lpBuffer=0xc000222480*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc000111cec, lpOverlapped=0x0 | out: lpBuffer=0xc000222480*, lpNumberOfBytesWritten=0xc000111cec*=0x120, lpOverlapped=0x0) returned 1 [0097.315] CloseHandle (hObject=0x144) returned 1 [0097.315] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0097.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0097.315] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000111d64 | out: lpMode=0xc000111d64) returned 0 [0097.318] GetFileType (hFile=0x144) returned 0x1 [0097.318] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000111d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000111d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.318] CloseHandle (hObject=0x144) returned 1 [0097.318] VirtualAlloc (lpAddress=0xc00022c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00022c000 [0097.319] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.333] SwitchToThread () returned 1 [0097.334] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.340] SetEvent (hEvent=0x12c) returned 1 [0097.340] SetEvent (hEvent=0x120) returned 1 [0097.340] VirtualFree (lpAddress=0xc000292000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.341] VirtualFree (lpAddress=0xc000288000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.341] VirtualFree (lpAddress=0xc000228000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.341] VirtualFree (lpAddress=0xc00021c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.342] VirtualFree (lpAddress=0xc00020c000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0097.342] VirtualFree (lpAddress=0xc0001a6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.342] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.343] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.343] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.343] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.343] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.344] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.344] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.344] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.344] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.344] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.344] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.344] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.345] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.345] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.345] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.345] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.345] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.345] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.345] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.345] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.347] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.351] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.382] SetEvent (hEvent=0x8c) returned 1 [0097.382] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.408] SetEvent (hEvent=0x120) returned 1 [0097.408] SetEvent (hEvent=0x15c) returned 1 [0097.408] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.434] SetEvent (hEvent=0x13c) returned 1 [0097.434] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0097.460] SetEvent (hEvent=0x8c) returned 1 [0097.460] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.545] SetEvent (hEvent=0x12c) returned 1 [0098.545] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x164 [0098.545] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc000047cf4 | out: lpMode=0xc000047cf4) returned 0 [0098.549] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.550] GetFileType (hFile=0x164) returned 0x1 [0098.550] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.551] GetFileType (hFile=0x164) returned 0x1 [0098.552] GetFileInformationByHandle (in: hFile=0x164, lpFileInformation=0xc000047d44 | out: lpFileInformation=0xc000047d44) returned 1 [0098.552] GetFileInformationByHandleEx (in: hFile=0x164, FileInformationClass=0x9, lpFileInformation=0xc000047d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000047d28) returned 1 [0098.552] ReadFile (in: hFile=0x164, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x2db, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc000047c04*=0xdb, lpOverlapped=0x0) returned 1 [0098.553] ReadFile (in: hFile=0x164, lpBuffer=0xc00004c0db, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c0db*, lpNumberOfBytesRead=0xc000047c04*=0x0, lpOverlapped=0x0) returned 1 [0098.553] CloseHandle (hObject=0x164) returned 1 [0098.553] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0098.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0098.555] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc000047d04 | out: lpMode=0xc000047d04) returned 0 [0098.569] GetFileType (hFile=0x164) returned 0x1 [0098.569] WriteFile (in: hFile=0x164, lpBuffer=0xc000124000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000047cec, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesWritten=0xc000047cec*=0xe0, lpOverlapped=0x0) returned 1 [0098.570] CloseHandle (hObject=0x164) returned 1 [0098.570] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0098.571] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0098.571] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0098.571] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0098.572] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0098.572] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc000047d64 | out: lpMode=0xc000047d64) returned 0 [0098.584] GetFileType (hFile=0x164) returned 0x1 [0098.584] WriteFile (in: hFile=0x164, lpBuffer=0xc0001d82c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000047d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d82c0*, lpNumberOfBytesWritten=0xc000047d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.587] CloseHandle (hObject=0x164) returned 1 [0098.587] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.589] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.672] SetEvent (hEvent=0x12c) returned 1 [0098.672] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.751] SetEvent (hEvent=0x8c) returned 1 [0098.751] SetEvent (hEvent=0x12c) returned 1 [0098.752] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.755] SetEvent (hEvent=0x8c) returned 1 [0098.755] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.756] SetEvent (hEvent=0x8c) returned 1 [0098.756] SetEvent (hEvent=0x12c) returned 1 [0098.756] SetEvent (hEvent=0x13c) returned 1 [0098.756] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.766] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102220*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000115818, lpReserved=0x0 | out: lpBuffer=0xc000102220*, lpNumberOfCharsWritten=0xc000115818*=0x3) returned 1 [0098.777] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.780] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102226*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00014f818, lpReserved=0x0 | out: lpBuffer=0xc000102226*, lpNumberOfCharsWritten=0xc00014f818*=0x3) returned 1 [0098.784] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.787] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0480*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000e7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0480*, lpNumberOfCharsWritten=0xc0000e7818*=0x3) returned 1 [0098.797] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0486*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000185818, lpReserved=0x0 | out: lpBuffer=0xc0000a0486*, lpNumberOfCharsWritten=0xc000185818*=0x3) returned 1 [0098.812] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a04b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000069818, lpReserved=0x0 | out: lpBuffer=0xc0000a04b0*, lpNumberOfCharsWritten=0xc000069818*=0x3) returned 1 [0098.820] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.828] SetEvent (hEvent=0x12c) returned 1 [0098.828] SetEvent (hEvent=0x8c) returned 1 [0098.828] VirtualAlloc (lpAddress=0xc000270000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000270000 [0098.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0098.829] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00012fcf4 | out: lpMode=0xc00012fcf4) returned 0 [0098.831] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.832] GetFileType (hFile=0x16c) returned 0x1 [0098.832] GetFileType (hFile=0x16c) returned 0x1 [0098.832] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc00012fd44 | out: lpFileInformation=0xc00012fd44) returned 1 [0098.832] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc00012fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012fd28) returned 1 [0098.832] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0098.832] ReadFile (in: hFile=0x16c, lpBuffer=0xc000144000, nNumberOfBytesToRead=0x2e3, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000144000*, lpNumberOfBytesRead=0xc00012fc04*=0xe3, lpOverlapped=0x0) returned 1 [0098.833] ReadFile (in: hFile=0x16c, lpBuffer=0xc0001440e3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001440e3*, lpNumberOfBytesRead=0xc00012fc04*=0x0, lpOverlapped=0x0) returned 1 [0098.833] CloseHandle (hObject=0x16c) returned 1 [0098.833] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0098.834] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00012fd04 | out: lpMode=0xc00012fd04) returned 0 [0098.835] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.839] SwitchToThread () returned 1 [0098.930] SwitchToThread () returned 1 [0098.930] SetEvent (hEvent=0x12c) returned 1 [0098.930] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.935] SetEvent (hEvent=0x120) returned 1 [0098.935] GetFileType (hFile=0x174) returned 0x1 [0098.935] WriteFile (in: hFile=0x174, lpBuffer=0xc0002261e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00019fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002261e0*, lpNumberOfBytesWritten=0xc00019fcec*=0xf0, lpOverlapped=0x0) returned 1 [0098.936] CloseHandle (hObject=0x174) returned 1 [0098.937] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0098.937] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0098.937] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0098.937] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0098.938] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0098.938] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0098.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0098.938] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00019fd64 | out: lpMode=0xc00019fd64) returned 0 [0098.944] GetFileType (hFile=0x174) returned 0x1 [0098.944] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00019fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00019fd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.944] CloseHandle (hObject=0x174) returned 1 [0098.945] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.945] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0098.945] SetEvent (hEvent=0x8c) returned 1 [0098.945] SetEvent (hEvent=0x15c) returned 1 [0098.945] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0098.947] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.950] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.950] SetEvent (hEvent=0x15c) returned 1 [0098.950] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.952] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.952] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.953] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0098.953] SetEvent (hEvent=0x15c) returned 1 [0098.953] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0098.954] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001abcf4 | out: lpMode=0xc0001abcf4) returned 0 [0098.955] GetFileType (hFile=0x174) returned 0x1 [0098.955] GetFileType (hFile=0x174) returned 0x1 [0098.955] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0001abd44 | out: lpFileInformation=0xc0001abd44) returned 1 [0098.955] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0001abd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001abd28) returned 1 [0098.955] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0098.956] ReadFile (in: hFile=0x174, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x2d4, lpNumberOfBytesRead=0xc0001abc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc0001abc04*=0xd4, lpOverlapped=0x0) returned 1 [0098.956] ReadFile (in: hFile=0x174, lpBuffer=0xc00004e0d4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001abc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e0d4*, lpNumberOfBytesRead=0xc0001abc04*=0x0, lpOverlapped=0x0) returned 1 [0098.957] CloseHandle (hObject=0x174) returned 1 [0098.957] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0098.957] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0098.958] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001abd04 | out: lpMode=0xc0001abd04) returned 0 [0098.966] GetFileType (hFile=0x174) returned 0x1 [0098.966] WriteFile (in: hFile=0x174, lpBuffer=0xc00005a000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0001abcec, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesWritten=0xc0001abcec*=0xe0, lpOverlapped=0x0) returned 1 [0098.968] CloseHandle (hObject=0x174) returned 1 [0098.968] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0098.968] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0098.968] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0098.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0098.969] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001abd64 | out: lpMode=0xc0001abd64) returned 0 [0098.971] GetFileType (hFile=0x174) returned 0x1 [0098.971] WriteFile (in: hFile=0x174, lpBuffer=0xc00007a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001abd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007a2c0*, lpNumberOfBytesWritten=0xc0001abd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.971] CloseHandle (hObject=0x174) returned 1 [0098.971] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0098.971] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0098.972] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.972] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.980] SetEvent (hEvent=0x13c) returned 1 [0098.980] SetEvent (hEvent=0x15c) returned 1 [0098.980] SetEvent (hEvent=0x8c) returned 1 [0098.980] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.985] SetEvent (hEvent=0x12c) returned 1 [0098.985] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0098.989] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.990] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.990] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.990] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.990] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.990] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.990] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.991] VirtualFree (lpAddress=0xc000052000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0098.991] GetFileType (hFile=0x144) returned 0x1 [0098.991] GetFileType (hFile=0x144) returned 0x1 [0098.991] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0098.991] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0098.991] ReadFile (in: hFile=0x144, lpBuffer=0xc000040300, nNumberOfBytesToRead=0x2fe, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040300*, lpNumberOfBytesRead=0xc000117c04*=0xfe, lpOverlapped=0x0) returned 1 [0098.993] ReadFile (in: hFile=0x144, lpBuffer=0xc0000403fe, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000403fe*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0098.993] CloseHandle (hObject=0x144) returned 1 [0098.993] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0098.993] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0098.993] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0098.994] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0099.005] GetFileType (hFile=0x144) returned 0x1 [0099.005] WriteFile (in: hFile=0x144, lpBuffer=0xc0000e0100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e0100*, lpNumberOfBytesWritten=0xc000117cec*=0x100, lpOverlapped=0x0) returned 1 [0099.006] CloseHandle (hObject=0x144) returned 1 [0099.006] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0099.007] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0201 | out: pbBuffer=0xc0000e0201) returned 1 [0099.007] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0099.007] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0099.008] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0099.008] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0099.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0099.009] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0099.016] GetFileType (hFile=0x144) returned 0x1 [0099.016] WriteFile (in: hFile=0x144, lpBuffer=0xc00011c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c2c0*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.016] CloseHandle (hObject=0x144) returned 1 [0099.016] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.019] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.028] SetEvent (hEvent=0x8c) returned 1 [0099.028] SetEvent (hEvent=0x13c) returned 1 [0099.028] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.039] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0099.040] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0099.040] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0099.041] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0099.041] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0099.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0099.042] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000193cf4 | out: lpMode=0xc000193cf4) returned 0 [0099.056] GetFileType (hFile=0x16c) returned 0x1 [0099.056] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0099.057] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0099.057] GetFileType (hFile=0x16c) returned 0x1 [0099.057] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc000193d44 | out: lpFileInformation=0xc000193d44) returned 1 [0099.057] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc000193d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000193d28) returned 1 [0099.057] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0099.058] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0099.058] ReadFile (in: hFile=0x16c, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x25f, lpNumberOfBytesRead=0xc000193c04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc000193c04*=0x5f, lpOverlapped=0x0) returned 1 [0099.059] ReadFile (in: hFile=0x16c, lpBuffer=0xc00016005f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000193c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016005f*, lpNumberOfBytesRead=0xc000193c04*=0x0, lpOverlapped=0x0) returned 1 [0099.059] CloseHandle (hObject=0x16c) returned 1 [0099.060] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0099.060] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0099.060] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0099.061] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0099.062] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000193d04 | out: lpMode=0xc000193d04) returned 0 [0099.073] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.075] GetFileType (hFile=0x16c) returned 0x1 [0099.075] WriteFile (in: hFile=0x16c, lpBuffer=0xc000086120*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0xc000193cec, lpOverlapped=0x0 | out: lpBuffer=0xc000086120*, lpNumberOfBytesWritten=0xc000193cec*=0x60, lpOverlapped=0x0) returned 1 [0099.076] CloseHandle (hObject=0x16c) returned 1 [0099.076] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0099.076] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0099.077] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0099.077] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0099.077] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0099.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0099.078] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000193d64 | out: lpMode=0xc000193d64) returned 0 [0099.083] GetFileType (hFile=0x16c) returned 0x1 [0099.083] WriteFile (in: hFile=0x16c, lpBuffer=0xc0001782c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000193d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001782c0*, lpNumberOfBytesWritten=0xc000193d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.083] CloseHandle (hObject=0x16c) returned 1 [0099.083] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\encry-main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\encry-main.js"), dwFlags=0x1) returned 1 [0099.086] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.086] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.087] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.087] VirtualFree (lpAddress=0xc00015a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.087] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.087] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.088] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.088] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.088] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.088] VirtualFree (lpAddress=0xc00006a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0099.089] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0099.089] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.089] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.090] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.090] VirtualAlloc (lpAddress=0xc0001c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c4000 [0099.090] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0099.091] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc0001a9cf4 | out: lpMode=0xc0001a9cf4) returned 0 [0099.093] GetFileType (hFile=0x16c) returned 0x1 [0099.093] GetFileType (hFile=0x16c) returned 0x1 [0099.093] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc0001a9d44 | out: lpFileInformation=0xc0001a9d44) returned 1 [0099.094] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc0001a9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a9d28) returned 1 [0099.094] ReadFile (in: hFile=0x16c, lpBuffer=0xc000176700, nNumberOfBytesToRead=0x360, lpNumberOfBytesRead=0xc0001a9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000176700*, lpNumberOfBytesRead=0xc0001a9c04*=0x160, lpOverlapped=0x0) returned 1 [0099.095] ReadFile (in: hFile=0x16c, lpBuffer=0xc000176860, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000176860*, lpNumberOfBytesRead=0xc0001a9c04*=0x0, lpOverlapped=0x0) returned 1 [0099.095] CloseHandle (hObject=0x16c) returned 1 [0099.095] VirtualAlloc (lpAddress=0xc0001c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c6000 [0099.095] VirtualAlloc (lpAddress=0xc0001c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c8000 [0099.096] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0099.097] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc0001a9d04 | out: lpMode=0xc0001a9d04) returned 0 [0099.103] GetFileType (hFile=0x16c) returned 0x1 [0099.103] WriteFile (in: hFile=0x16c, lpBuffer=0xc0001c8000*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0xc0001a9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001c8000*, lpNumberOfBytesWritten=0xc0001a9cec*=0x170, lpOverlapped=0x0) returned 1 [0099.104] CloseHandle (hObject=0x16c) returned 1 [0099.104] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0099.104] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0099.105] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc0001a9d64 | out: lpMode=0xc0001a9d64) returned 0 [0099.113] GetFileType (hFile=0x16c) returned 0x1 [0099.113] WriteFile (in: hFile=0x16c, lpBuffer=0xc0001786e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001786e0*, lpNumberOfBytesWritten=0xc0001a9d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.113] CloseHandle (hObject=0x16c) returned 1 [0099.113] VirtualAlloc (lpAddress=0xc0001ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ca000 [0099.114] VirtualAlloc (lpAddress=0xc0001cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001cc000 [0099.114] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\encry-computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\encry-computed_hashes.json"), dwFlags=0x1) returned 1 [0099.115] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0099.116] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc0004dfcf4 | out: lpMode=0xc0004dfcf4) returned 0 [0099.117] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.118] GetFileType (hFile=0x16c) returned 0x1 [0099.118] GetFileType (hFile=0x16c) returned 0x1 [0099.118] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc0004dfd44 | out: lpFileInformation=0xc0004dfd44) returned 1 [0099.118] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc0004dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dfd28) returned 1 [0099.118] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0099.119] ReadFile (in: hFile=0x16c, lpBuffer=0xc000056000, nNumberOfBytesToRead=0x1578, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesRead=0xc0004dfc04*=0x1378, lpOverlapped=0x0) returned 1 [0099.131] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.133] ReadFile (in: hFile=0x16c, lpBuffer=0xc000057378, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000057378*, lpNumberOfBytesRead=0xc0004dfc04*=0x0, lpOverlapped=0x0) returned 1 [0099.133] CloseHandle (hObject=0x16c) returned 1 [0099.133] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0099.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0099.135] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc0004dfd04 | out: lpMode=0xc0004dfd04) returned 0 [0099.137] GetFileType (hFile=0x16c) returned 0x1 [0099.137] WriteFile (in: hFile=0x16c, lpBuffer=0xc0000d1500*, nNumberOfBytesToWrite=0x1380, lpNumberOfBytesWritten=0xc0004dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesWritten=0xc0004dfcec*=0x1380, lpOverlapped=0x0) returned 1 [0099.139] CloseHandle (hObject=0x16c) returned 1 [0099.139] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0099.140] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0099.140] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0099.140] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc0004dfd64 | out: lpMode=0xc0004dfd64) returned 0 [0099.143] GetFileType (hFile=0x16c) returned 0x1 [0099.144] WriteFile (in: hFile=0x16c, lpBuffer=0xc0001782c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001782c0*, lpNumberOfBytesWritten=0xc0004dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0099.144] CloseHandle (hObject=0x16c) returned 1 [0099.144] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0099.144] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0099.145] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\encry-128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\encry-128.png"), dwFlags=0x1) returned 1 [0099.146] VirtualFree (lpAddress=0xc0001ca000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.147] VirtualFree (lpAddress=0xc0001c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.147] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.147] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.147] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.148] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.148] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0099.149] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000195cf4 | out: lpMode=0xc000195cf4) returned 0 [0099.151] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.154] GetFileType (hFile=0x16c) returned 0x1 [0099.154] GetFileType (hFile=0x16c) returned 0x1 [0099.154] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc000195d44 | out: lpFileInformation=0xc000195d44) returned 1 [0099.154] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc000195d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000195d28) returned 1 [0099.154] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0099.154] ReadFile (in: hFile=0x16c, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0xf47, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc000195c04*=0xd47, lpOverlapped=0x0) returned 1 [0099.158] ReadFile (in: hFile=0x16c, lpBuffer=0xc00006cd47, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006cd47*, lpNumberOfBytesRead=0xc000195c04*=0x0, lpOverlapped=0x0) returned 1 [0099.158] CloseHandle (hObject=0x16c) returned 1 [0099.158] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0099.159] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0099.160] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000195d04 | out: lpMode=0xc000195d04) returned 0 [0099.161] GetFileType (hFile=0x16c) returned 0x1 [0099.161] WriteFile (in: hFile=0x16c, lpBuffer=0xc000164000*, nNumberOfBytesToWrite=0xd50, lpNumberOfBytesWritten=0xc000195cec, lpOverlapped=0x0 | out: lpBuffer=0xc000164000*, lpNumberOfBytesWritten=0xc000195cec*=0xd50, lpOverlapped=0x0) returned 1 [0099.162] CloseHandle (hObject=0x16c) returned 1 [0099.162] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0099.162] VirtualAlloc (lpAddress=0xc0001d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d6000 [0099.162] VirtualAlloc (lpAddress=0xc0001d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d8000 [0099.163] VirtualAlloc (lpAddress=0xc0001da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001da000 [0099.163] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0099.163] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000195d64 | out: lpMode=0xc000195d64) returned 0 [0099.169] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.171] GetFileType (hFile=0x16c) returned 0x1 [0099.171] WriteFile (in: hFile=0x16c, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000195d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc000195d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.173] CloseHandle (hObject=0x16c) returned 1 [0099.173] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\encry-icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\encry-icon_128.png"), dwFlags=0x1) returned 1 [0099.174] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.182] SetEvent (hEvent=0x120) returned 1 [0099.182] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.184] SetEvent (hEvent=0x13c) returned 1 [0099.184] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.187] SetEvent (hEvent=0x8c) returned 1 [0099.187] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.216] SetEvent (hEvent=0x8c) returned 1 [0099.216] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.266] SetEvent (hEvent=0x9c) returned 1 [0099.267] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0099.267] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0099.267] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0099.268] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0099.268] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0099.268] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0099.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0099.269] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000129cf4 | out: lpMode=0xc000129cf4) returned 0 [0099.271] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.278] GetFileType (hFile=0x16c) returned 0x1 [0099.278] GetFileType (hFile=0x16c) returned 0x1 [0099.278] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc000129d44 | out: lpFileInformation=0xc000129d44) returned 1 [0099.278] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc000129d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000129d28) returned 1 [0099.278] VirtualAlloc (lpAddress=0xc0001f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f6000 [0099.278] ReadFile (in: hFile=0x16c, lpBuffer=0xc0001f6000, nNumberOfBytesToRead=0x2b2, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001f6000*, lpNumberOfBytesRead=0xc000129c04*=0xb2, lpOverlapped=0x0) returned 1 [0099.279] ReadFile (in: hFile=0x16c, lpBuffer=0xc0001f60b2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001f60b2*, lpNumberOfBytesRead=0xc000129c04*=0x0, lpOverlapped=0x0) returned 1 [0099.279] CloseHandle (hObject=0x16c) returned 1 [0099.280] VirtualAlloc (lpAddress=0xc0001f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f8000 [0099.280] VirtualAlloc (lpAddress=0xc0001fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fa000 [0099.280] VirtualAlloc (lpAddress=0xc0001fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fc000 [0099.280] VirtualAlloc (lpAddress=0xc0001fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fe000 [0099.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0099.282] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000129d04 | out: lpMode=0xc000129d04) returned 0 [0099.282] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.311] GetFileType (hFile=0x16c) returned 0x1 [0099.311] WriteFile (in: hFile=0x16c, lpBuffer=0xc0001fe000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000129cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001fe000*, lpNumberOfBytesWritten=0xc000129cec*=0xc0, lpOverlapped=0x0) returned 1 [0099.312] CloseHandle (hObject=0x16c) returned 1 [0099.312] VirtualAlloc (lpAddress=0xc0001cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001cc000 [0099.312] VirtualAlloc (lpAddress=0xc0001ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ce000 [0099.313] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0099.313] VirtualAlloc (lpAddress=0xc0001d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d0000 [0099.313] VirtualAlloc (lpAddress=0xc0001d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d2000 [0099.314] VirtualAlloc (lpAddress=0xc0001d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d4000 [0099.314] VirtualAlloc (lpAddress=0xc0001d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d6000 [0099.314] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0099.315] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000129d64 | out: lpMode=0xc000129d64) returned 0 [0099.316] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.352] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.362] SetEvent (hEvent=0x12c) returned 1 [0099.362] SetEvent (hEvent=0x100) returned 1 [0099.362] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.379] SetEvent (hEvent=0x12c) returned 1 [0099.379] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.385] SetEvent (hEvent=0x15c) returned 1 [0099.385] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.396] SetEvent (hEvent=0x13c) returned 1 [0099.396] SwitchToThread () returned 1 [0099.400] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.406] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.408] SetEvent (hEvent=0x12c) returned 1 [0099.408] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.408] SetEvent (hEvent=0x12c) returned 1 [0099.408] SetEvent (hEvent=0x100) returned 1 [0099.408] SetEvent (hEvent=0x15c) returned 1 [0099.408] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.411] SetEvent (hEvent=0x100) returned 1 [0099.411] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.414] SetEvent (hEvent=0x12c) returned 1 [0099.414] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.432] SetEvent (hEvent=0x12c) returned 1 [0099.432] SwitchToThread () returned 1 [0099.506] SwitchToThread () returned 1 [0099.508] SetEvent (hEvent=0x12c) returned 1 [0099.508] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.515] SetEvent (hEvent=0x15c) returned 1 [0099.515] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0099.515] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.515] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.515] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.515] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.515] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.515] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.516] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2)) returned 1 [0099.516] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.516] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.516] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.517] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xac, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.517] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.517] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.517] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xac)) returned 1 [0099.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.523] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.523] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.523] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.523] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.523] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.523] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11e)) returned 1 [0099.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.524] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.524] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0099.525] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.525] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.525] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.525] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.525] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.525] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13e)) returned 1 [0099.531] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.536] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.537] SetEvent (hEvent=0x12c) returned 1 [0099.537] SetEvent (hEvent=0x100) returned 1 [0099.537] SetEvent (hEvent=0x15c) returned 1 [0099.537] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.540] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.544] SetEvent (hEvent=0x120) returned 1 [0099.544] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.558] SetEvent (hEvent=0x120) returned 1 [0099.558] SetEvent (hEvent=0x13c) returned 1 [0099.559] SetEvent (hEvent=0x12c) returned 1 [0099.559] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.587] SetEvent (hEvent=0x15c) returned 1 [0099.587] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.624] SetEvent (hEvent=0x100) returned 1 [0099.624] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0099.645] SetEvent (hEvent=0x9c) returned 1 [0099.645] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0100.026] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000065cf4 | out: lpMode=0xc000065cf4) returned 0 [0100.033] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.038] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.039] SetEvent (hEvent=0x120) returned 1 [0100.039] SetEvent (hEvent=0x12c) returned 1 [0100.039] SetEvent (hEvent=0x8c) returned 1 [0100.039] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.077] SetEvent (hEvent=0x13c) returned 1 [0100.077] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.101] SetEvent (hEvent=0x100) returned 1 [0100.101] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.112] SetEvent (hEvent=0x8c) returned 1 [0100.112] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.131] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0100.131] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0100.132] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0100.132] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0100.133] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0100.133] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0100.133] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0100.134] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00019bcf4 | out: lpMode=0xc00019bcf4) returned 0 [0100.146] GetFileType (hFile=0x16c) returned 0x1 [0100.146] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0100.147] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0100.147] GetFileType (hFile=0x16c) returned 0x1 [0100.147] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc00019bd44 | out: lpFileInformation=0xc00019bd44) returned 1 [0100.147] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc00019bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00019bd28) returned 1 [0100.147] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0100.148] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0100.148] ReadFile (in: hFile=0x16c, lpBuffer=0xc000162000, nNumberOfBytesToRead=0x2bb, lpNumberOfBytesRead=0xc00019bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000162000*, lpNumberOfBytesRead=0xc00019bc04*=0xbb, lpOverlapped=0x0) returned 1 [0100.150] ReadFile (in: hFile=0x16c, lpBuffer=0xc0001620bb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00019bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001620bb*, lpNumberOfBytesRead=0xc00019bc04*=0x0, lpOverlapped=0x0) returned 1 [0100.150] CloseHandle (hObject=0x16c) returned 1 [0100.150] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0100.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0100.151] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00019bd04 | out: lpMode=0xc00019bd04) returned 0 [0100.161] GetFileType (hFile=0x16c) returned 0x1 [0100.161] WriteFile (in: hFile=0x16c, lpBuffer=0xc00017a000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc00019bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00017a000*, lpNumberOfBytesWritten=0xc00019bcec*=0xc0, lpOverlapped=0x0) returned 1 [0100.163] CloseHandle (hObject=0x16c) returned 1 [0100.163] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0100.163] VirtualAlloc (lpAddress=0xc0001d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d2000 [0100.163] VirtualAlloc (lpAddress=0xc0001d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d4000 [0100.164] VirtualAlloc (lpAddress=0xc0001d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d6000 [0100.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0100.164] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00019bd64 | out: lpMode=0xc00019bd64) returned 0 [0100.170] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.184] SetEvent (hEvent=0x120) returned 1 [0100.185] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.539] SetEvent (hEvent=0x12c) returned 1 [0100.539] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0100.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0100.540] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00012bcf4 | out: lpMode=0xc00012bcf4) returned 0 [0100.543] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.544] SetEvent (hEvent=0xc0) returned 1 [0100.544] GetFileType (hFile=0x174) returned 0x1 [0100.544] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.548] GetFileType (hFile=0x174) returned 0x1 [0100.548] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc00012bd44 | out: lpFileInformation=0xc00012bd44) returned 1 [0100.548] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc00012bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012bd28) returned 1 [0100.549] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0100.549] ReadFile (in: hFile=0x174, lpBuffer=0xc00013a000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesRead=0xc00012bc04*=0xb3, lpOverlapped=0x0) returned 1 [0100.550] ReadFile (in: hFile=0x174, lpBuffer=0xc00013a0b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00013a0b3*, lpNumberOfBytesRead=0xc00012bc04*=0x0, lpOverlapped=0x0) returned 1 [0100.550] CloseHandle (hObject=0x174) returned 1 [0100.550] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0100.551] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0100.551] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.552] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00012bd04 | out: lpMode=0xc00012bd04) returned 0 [0100.555] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.560] GetFileType (hFile=0x174) returned 0x1 [0100.560] WriteFile (in: hFile=0x174, lpBuffer=0xc000146000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc00012bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000146000*, lpNumberOfBytesWritten=0xc00012bcec*=0xc0, lpOverlapped=0x0) returned 1 [0100.562] CloseHandle (hObject=0x174) returned 1 [0100.562] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0100.562] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0100.562] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.562] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00012bd64 | out: lpMode=0xc00012bd64) returned 0 [0100.563] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.568] GetFileType (hFile=0x174) returned 0x1 [0100.568] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.573] WriteFile (in: hFile=0x174, lpBuffer=0xc0001d6420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6420*, lpNumberOfBytesWritten=0xc00012bd4c*=0x158, lpOverlapped=0x0) returned 1 [0100.574] CloseHandle (hObject=0x174) returned 1 [0100.574] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.575] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.582] SetEvent (hEvent=0x120) returned 1 [0100.582] SetEvent (hEvent=0x100) returned 1 [0100.582] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0100.583] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0100.583] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000173cf4 | out: lpMode=0xc000173cf4) returned 0 [0100.587] GetFileType (hFile=0x174) returned 0x1 [0100.587] GetFileType (hFile=0x174) returned 0x1 [0100.587] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc000173d44 | out: lpFileInformation=0xc000173d44) returned 1 [0100.587] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc000173d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000173d28) returned 1 [0100.587] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0100.587] ReadFile (in: hFile=0x174, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x350, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc000173c04*=0x150, lpOverlapped=0x0) returned 1 [0100.589] ReadFile (in: hFile=0x174, lpBuffer=0xc0000ee150, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee150*, lpNumberOfBytesRead=0xc000173c04*=0x0, lpOverlapped=0x0) returned 1 [0100.589] CloseHandle (hObject=0x174) returned 1 [0100.589] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0100.589] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0100.590] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0100.590] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.592] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000173d04 | out: lpMode=0xc000173d04) returned 0 [0100.593] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.597] GetFileType (hFile=0x174) returned 0x1 [0100.598] WriteFile (in: hFile=0x174, lpBuffer=0xc0001d6000*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0xc000173cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6000*, lpNumberOfBytesWritten=0xc000173cec*=0x160, lpOverlapped=0x0) returned 1 [0100.599] CloseHandle (hObject=0x174) returned 1 [0100.599] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0100.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.599] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000173d64 | out: lpMode=0xc000173d64) returned 0 [0100.608] GetFileType (hFile=0x174) returned 0x1 [0100.608] WriteFile (in: hFile=0x174, lpBuffer=0xc0001d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000173d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d66e0*, lpNumberOfBytesWritten=0xc000173d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.609] CloseHandle (hObject=0x174) returned 1 [0100.609] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.610] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0100.610] SetEvent (hEvent=0x100) returned 1 [0100.611] SetEvent (hEvent=0x15c) returned 1 [0100.611] SetEvent (hEvent=0x8c) returned 1 [0100.611] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0100.613] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.617] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.621] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.621] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.622] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0100.622] SetEvent (hEvent=0xc0) returned 1 [0100.622] SetEvent (hEvent=0x12c) returned 1 [0100.622] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.622] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.622] GetFileType (hFile=0x128) returned 0x1 [0100.622] WriteFile (in: hFile=0x128, lpBuffer=0xc0001d62c0*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0xc0000c3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001d62c0*, lpNumberOfBytesWritten=0xc0000c3cec*=0x150, lpOverlapped=0x0) returned 1 [0100.624] CloseHandle (hObject=0x128) returned 1 [0100.624] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0100.624] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0100.624] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000c3d64 | out: lpMode=0xc0000c3d64) returned 0 [0100.625] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.631] SetEvent (hEvent=0x9c) returned 1 [0100.631] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.634] SetEvent (hEvent=0x9c) returned 1 [0100.634] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.636] SetEvent (hEvent=0x8c) returned 1 [0100.636] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.639] SetEvent (hEvent=0x9c) returned 1 [0100.639] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.644] SetEvent (hEvent=0x9c) returned 1 [0100.644] SetEvent (hEvent=0x12c) returned 1 [0100.644] GetFileType (hFile=0x16c) returned 0x1 [0100.644] WriteFile (in: hFile=0x16c, lpBuffer=0xc0001d6000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00019bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6000*, lpNumberOfBytesWritten=0xc00019bd4c*=0x158, lpOverlapped=0x0) returned 1 [0100.645] CloseHandle (hObject=0x16c) returned 1 [0100.645] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0100.645] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0100.646] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.646] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.647] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.647] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.647] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x177, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.647] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.647] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.647] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x177)) returned 1 [0100.647] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.648] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.648] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.648] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.648] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.648] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.648] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.648] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd)) returned 1 [0100.649] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.651] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.651] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.651] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.652] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.652] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.652] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.652] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb0)) returned 1 [0100.652] VirtualAlloc (lpAddress=0xc0001cc000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001cc000 [0100.653] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.653] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.654] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.654] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.654] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.654] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.654] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xd2)) returned 1 [0100.654] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.656] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.664] SwitchToThread () returned 1 [0100.670] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.670] SetEvent (hEvent=0x9c) returned 1 [0100.671] SetEvent (hEvent=0x120) returned 1 [0100.671] SetEvent (hEvent=0x8c) returned 1 [0100.671] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0100.680] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000253cf4 | out: lpMode=0xc000253cf4) returned 0 [0100.690] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.691] GetFileType (hFile=0x170) returned 0x1 [0100.691] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0100.692] GetFileType (hFile=0x170) returned 0x1 [0100.692] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc000253d44 | out: lpFileInformation=0xc000253d44) returned 1 [0100.692] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc000253d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000253d28) returned 1 [0100.692] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0100.692] ReadFile (in: hFile=0x170, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x304, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc000253c04*=0x104, lpOverlapped=0x0) returned 1 [0100.694] ReadFile (in: hFile=0x170, lpBuffer=0xc000036104, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc000036104*, lpNumberOfBytesRead=0xc000253c04*=0x0, lpOverlapped=0x0) returned 1 [0100.694] CloseHandle (hObject=0x170) returned 1 [0100.694] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0100.694] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0100.695] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0100.696] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000253d04 | out: lpMode=0xc000253d04) returned 0 [0100.697] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.707] GetFileType (hFile=0x170) returned 0x1 [0100.707] WriteFile (in: hFile=0x170, lpBuffer=0xc00004c000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000253cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesWritten=0xc000253cec*=0x110, lpOverlapped=0x0) returned 1 [0100.708] CloseHandle (hObject=0x170) returned 1 [0100.708] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0100.709] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0100.709] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0100.710] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0100.710] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0100.710] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000253d64 | out: lpMode=0xc000253d64) returned 0 [0100.722] GetFileType (hFile=0x170) returned 0x1 [0100.722] WriteFile (in: hFile=0x170, lpBuffer=0xc000178420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000253d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000178420*, lpNumberOfBytesWritten=0xc000253d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.722] CloseHandle (hObject=0x170) returned 1 [0100.722] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.723] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0100.723] SetEvent (hEvent=0x15c) returned 1 [0100.723] SetEvent (hEvent=0x120) returned 1 [0100.723] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0100.726] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.735] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.735] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.739] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.739] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.740] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0100.740] SetEvent (hEvent=0xc0) returned 1 [0100.740] SetEvent (hEvent=0x8c) returned 1 [0100.740] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.741] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.741] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0100.741] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001d3cf4 | out: lpMode=0xc0001d3cf4) returned 0 [0100.742] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.751] SetEvent (hEvent=0x12c) returned 1 [0100.751] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.762] SwitchToThread () returned 1 [0100.766] SetEvent (hEvent=0x9c) returned 1 [0100.766] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.770] SetEvent (hEvent=0x9c) returned 1 [0100.771] VirtualFree (lpAddress=0xc000176000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.771] VirtualFree (lpAddress=0xc000160000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0100.771] VirtualFree (lpAddress=0xc000144000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.772] VirtualFree (lpAddress=0xc000054000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0100.772] GetFileType (hFile=0xec) returned 0x1 [0100.772] WriteFile (in: hFile=0xec, lpBuffer=0xc0000fa000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc000255cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesWritten=0xc000255cec*=0xd0, lpOverlapped=0x0) returned 1 [0100.773] CloseHandle (hObject=0xec) returned 1 [0100.774] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0100.774] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0100.774] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0100.775] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0100.775] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0100.775] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0100.776] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0100.776] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000255d64 | out: lpMode=0xc000255d64) returned 0 [0100.786] GetFileType (hFile=0xec) returned 0x1 [0100.786] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000255d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000255d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.786] CloseHandle (hObject=0xec) returned 1 [0100.786] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.787] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0100.787] SetEvent (hEvent=0x8c) returned 1 [0100.787] SetEvent (hEvent=0x15c) returned 1 [0100.787] VirtualAlloc (lpAddress=0xc0001d4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d4000 [0100.793] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.798] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.798] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.802] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.802] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0100.802] SetEvent (hEvent=0x15c) returned 1 [0100.802] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.814] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.814] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.815] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.815] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0100.815] SetEvent (hEvent=0xc0) returned 1 [0100.815] SetEvent (hEvent=0x8c) returned 1 [0100.815] SetEvent (hEvent=0x12c) returned 1 [0100.816] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.822] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.824] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0100.824] SetEvent (hEvent=0x8c) returned 1 [0100.824] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.844] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.845] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.846] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0100.846] SetEvent (hEvent=0xc0) returned 1 [0100.846] SetEvent (hEvent=0x8c) returned 1 [0100.846] SetEvent (hEvent=0x120) returned 1 [0100.847] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.847] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.848] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.850] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.850] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.850] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0100.851] SetEvent (hEvent=0xc0) returned 1 [0100.851] SetEvent (hEvent=0x8c) returned 1 [0100.851] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.852] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0100.852] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00004bcf4 | out: lpMode=0xc00004bcf4) returned 0 [0100.861] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.865] GetFileType (hFile=0x16c) returned 0x1 [0100.865] GetFileType (hFile=0x16c) returned 0x1 [0100.865] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc00004bd44 | out: lpFileInformation=0xc00004bd44) returned 1 [0100.865] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc00004bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00004bd28) returned 1 [0100.865] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0100.866] ReadFile (in: hFile=0x16c, lpBuffer=0xc000178000, nNumberOfBytesToRead=0xcf3, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000178000*, lpNumberOfBytesRead=0xc00004bc04*=0xaf3, lpOverlapped=0x0) returned 1 [0100.868] ReadFile (in: hFile=0x16c, lpBuffer=0xc000178af3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000178af3*, lpNumberOfBytesRead=0xc00004bc04*=0x0, lpOverlapped=0x0) returned 1 [0100.868] CloseHandle (hObject=0x16c) returned 1 [0100.868] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0100.869] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0100.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0100.870] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00004bd04 | out: lpMode=0xc00004bd04) returned 0 [0100.871] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.880] GetFileType (hFile=0x16c) returned 0x1 [0100.880] WriteFile (in: hFile=0x16c, lpBuffer=0xc0001dc000*, nNumberOfBytesToWrite=0xb00, lpNumberOfBytesWritten=0xc00004bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001dc000*, lpNumberOfBytesWritten=0xc00004bcec*=0xb00, lpOverlapped=0x0) returned 1 [0100.881] CloseHandle (hObject=0x16c) returned 1 [0100.881] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0100.882] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0100.882] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0100.882] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0100.883] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0100.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0100.883] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00004bd64 | out: lpMode=0xc00004bd64) returned 0 [0100.889] GetFileType (hFile=0x16c) returned 0x1 [0100.889] WriteFile (in: hFile=0x16c, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00004bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00004bd4c*=0x158, lpOverlapped=0x0) returned 1 [0100.890] CloseHandle (hObject=0x16c) returned 1 [0100.890] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0100.890] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0100.891] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\encry-computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\encry-computed_hashes.json"), dwFlags=0x1) returned 1 [0100.892] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.892] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0100.892] SetEvent (hEvent=0xc0) returned 1 [0100.893] SetEvent (hEvent=0x100) returned 1 [0100.893] SetEvent (hEvent=0x9c) returned 1 [0100.893] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.896] SetEvent (hEvent=0x9c) returned 1 [0100.896] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.904] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.905] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0100.905] SetEvent (hEvent=0x9c) returned 1 [0100.905] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.905] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0100.905] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001a7cf4 | out: lpMode=0xc0001a7cf4) returned 0 [0100.906] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.916] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.927] SetEvent (hEvent=0x8c) returned 1 [0100.927] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.928] SetEvent (hEvent=0x8c) returned 1 [0100.928] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.929] SetEvent (hEvent=0x8c) returned 1 [0100.929] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.929] SetEvent (hEvent=0x8c) returned 1 [0100.929] SetEvent (hEvent=0x15c) returned 1 [0100.929] VirtualFree (lpAddress=0xc0001f4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0100.930] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.930] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.930] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.930] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.931] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.931] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.931] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.931] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.931] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.932] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\*", lpFindFileData=0xc0000750f8 | out: lpFindFileData=0xc0000750f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82651e90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e7880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e7880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.936] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82651e90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e7880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e7880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.936] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82888510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8288ac20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xba221600, ftLastWriteTime.dwHighDateTime=0x1d297b0, nFileSizeHigh=0x0, nFileSizeLow=0x32a2e, dwReserved0=0x0, dwReserved1=0x0, cFileName="craw_background.js", cAlternateFileName="CRAW_B~1.JS")) returned 1 [0100.936] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8288d330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82892150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xba221600, ftLastWriteTime.dwHighDateTime=0x1d297b0, nFileSizeHigh=0x0, nFileSizeLow=0x3b059, dwReserved0=0x0, dwReserved1=0x0, cFileName="craw_window.js", cAlternateFileName="CRAW_W~1.JS")) returned 1 [0100.936] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82896f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82899680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82899680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="css", cAlternateFileName="")) returned 1 [0100.936] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8289e4a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828a0bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828a0bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="html", cAlternateFileName="")) returned 1 [0100.936] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828a32c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82aab310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="images", cAlternateFileName="")) returned 1 [0100.937] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826545a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e2a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aa3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52a, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0100.937] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82665710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828836f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828836f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0100.937] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e9f90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0100.937] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0100.937] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.937] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.938] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82665710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828836f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828836f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.939] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.939] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82665710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828836f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828836f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.950] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0100.951] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82665710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828836f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828836f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.951] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8266a530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8266f350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0100.951] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82676880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8267ddb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0100.951] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826a0090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a27a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826a27a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ac3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826b1200, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826bae40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826c2370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826c7190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ce6c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d0dd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826d0dd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826d8300, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826df830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826df830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_GB", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826e9470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826ebb80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826f30b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826f7ed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es_419", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ff400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82701b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82701b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82709040, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8270de60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82715390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82717aa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8271efd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827216e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827216e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82728c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8272da30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827412b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827439c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827439c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8274aef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274d600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8274d600, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82752420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82752420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82752420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82759950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8275c060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8275c060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82763590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82765ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8276d1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8276f8e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82776e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82779520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8277e340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82783160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82787f80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8278a690, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82791bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827942d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827942d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8279b800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8279df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827a2d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827a5440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827aa260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827af080, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827b3ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b65b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827b65b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0100.952] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827c7720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cc540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827cc540, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0100.953] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827e4be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e72f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827e72f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0100.953] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827f5d50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fab70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827fab70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0100.953] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828095d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8280e3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8280e3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0100.953] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8282b8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828306d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828306d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0100.953] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8284db90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828529b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0100.953] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82863b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82866230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82866230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0100.953] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8286b050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8286d760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8286d760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0100.953] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82872580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82874c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82874c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0100.953] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82879ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8287e8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8287e8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0100.953] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828836f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82885e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82885e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0100.953] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.953] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.954] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0100.954] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0100.955] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0100.955] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8266a530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8266f350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.956] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.956] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8266a530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8266f350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.956] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8266a530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8266f350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.956] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8266f350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x376, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.957] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.957] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.957] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8266f350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8266f350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x376)) returned 1 [0100.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82676880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8267ddb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.966] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82676880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8267ddb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.966] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82676880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8267ddb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.966] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8267ddb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.966] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.966] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8267ddb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8267ddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aab310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c1)) returned 1 [0100.967] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826a0090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a27a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826a27a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.967] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826a0090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a27a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826a27a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.967] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0100.967] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826a0090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a27a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826a27a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.967] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826a27a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x297, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.967] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.967] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.967] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826a27a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826a4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x297)) returned 1 [0100.970] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.977] SwitchToThread () returned 1 [0100.979] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.980] SetEvent (hEvent=0x8c) returned 1 [0100.980] SetEvent (hEvent=0x12c) returned 1 [0100.980] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0100.980] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000151cf4 | out: lpMode=0xc000151cf4) returned 0 [0100.982] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.989] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.991] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0100.997] SetEvent (hEvent=0x12c) returned 1 [0100.997] SetEvent (hEvent=0x8c) returned 1 [0100.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0100.998] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00010fcf4 | out: lpMode=0xc00010fcf4) returned 0 [0101.000] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.004] GetFileType (hFile=0x16c) returned 0x1 [0101.004] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0101.004] GetFileType (hFile=0x16c) returned 0x1 [0101.004] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc00010fd44 | out: lpFileInformation=0xc00010fd44) returned 1 [0101.004] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc00010fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010fd28) returned 1 [0101.004] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0101.005] ReadFile (in: hFile=0x16c, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x576, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc00010fc04*=0x376, lpOverlapped=0x0) returned 1 [0101.009] ReadFile (in: hFile=0x16c, lpBuffer=0xc00004c376, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c376*, lpNumberOfBytesRead=0xc00010fc04*=0x0, lpOverlapped=0x0) returned 1 [0101.009] CloseHandle (hObject=0x16c) returned 1 [0101.009] SwitchToThread () returned 1 [0101.019] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0101.019] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0101.020] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0101.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0101.021] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00010fd04 | out: lpMode=0xc00010fd04) returned 0 [0101.030] GetFileType (hFile=0x16c) returned 0x1 [0101.030] WriteFile (in: hFile=0x16c, lpBuffer=0xc000104380*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0xc00010fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000104380*, lpNumberOfBytesWritten=0xc00010fcec*=0x380, lpOverlapped=0x0) returned 1 [0101.031] CloseHandle (hObject=0x16c) returned 1 [0101.031] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0101.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0101.032] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00010fd64 | out: lpMode=0xc00010fd64) returned 0 [0101.039] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.042] GetFileType (hFile=0x16c) returned 0x1 [0101.042] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0101.042] WriteFile (in: hFile=0x16c, lpBuffer=0xc00021c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00021c000*, lpNumberOfBytesWritten=0xc00010fd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.043] CloseHandle (hObject=0x16c) returned 1 [0101.043] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0101.043] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0101.044] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\bg\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.044] SetEvent (hEvent=0x120) returned 1 [0101.044] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.068] SetEvent (hEvent=0x15c) returned 1 [0101.068] SetEvent (hEvent=0x120) returned 1 [0101.068] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.073] SetEvent (hEvent=0x15c) returned 1 [0101.073] SetEvent (hEvent=0x12c) returned 1 [0101.073] SetEvent (hEvent=0x9c) returned 1 [0101.073] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.107] SetEvent (hEvent=0x15c) returned 1 [0101.108] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.111] SetEvent (hEvent=0x9c) returned 1 [0101.111] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.125] SetEvent (hEvent=0x9c) returned 1 [0101.125] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.128] SetEvent (hEvent=0x9c) returned 1 [0101.128] SetEvent (hEvent=0x15c) returned 1 [0101.128] SetEvent (hEvent=0x8c) returned 1 [0101.128] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.131] SwitchToThread () returned 1 [0101.133] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.135] SetEvent (hEvent=0x12c) returned 1 [0101.135] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.135] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.135] SetEvent (hEvent=0x12c) returned 1 [0101.135] SetEvent (hEvent=0x15c) returned 1 [0101.136] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.141] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.142] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.142] SetEvent (hEvent=0x9c) returned 1 [0101.142] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.144] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.144] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.144] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.144] SetEvent (hEvent=0xc0) returned 1 [0101.144] SetEvent (hEvent=0x12c) returned 1 [0101.144] SetEvent (hEvent=0x8c) returned 1 [0101.145] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.148] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.150] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.150] SetEvent (hEvent=0x12c) returned 1 [0101.151] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.162] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.163] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.163] SetEvent (hEvent=0xc0) returned 1 [0101.163] SetEvent (hEvent=0x8c) returned 1 [0101.163] SetEvent (hEvent=0x15c) returned 1 [0101.165] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.167] SetEvent (hEvent=0x120) returned 1 [0101.167] SetEvent (hEvent=0x100) returned 1 [0101.167] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.173] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.174] SetEvent (hEvent=0x9c) returned 1 [0101.174] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.183] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.183] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.183] SetEvent (hEvent=0xc0) returned 1 [0101.184] SetEvent (hEvent=0x12c) returned 1 [0101.184] SetEvent (hEvent=0x100) returned 1 [0101.185] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.187] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.192] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.192] SetEvent (hEvent=0x12c) returned 1 [0101.192] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.204] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.204] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.204] SetEvent (hEvent=0x100) returned 1 [0101.205] SetEvent (hEvent=0x120) returned 1 [0101.206] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.210] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.210] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.210] SetEvent (hEvent=0x120) returned 1 [0101.210] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.216] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.216] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.216] SetEvent (hEvent=0xc0) returned 1 [0101.216] SetEvent (hEvent=0x100) returned 1 [0101.216] SetEvent (hEvent=0x15c) returned 1 [0101.217] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.219] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.221] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.221] SetEvent (hEvent=0x100) returned 1 [0101.221] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.226] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0101.227] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001abcf4 | out: lpMode=0xc0001abcf4) returned 0 [0101.232] GetFileType (hFile=0x174) returned 0x1 [0101.232] GetFileType (hFile=0x174) returned 0x1 [0101.232] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0001abd44 | out: lpFileInformation=0xc0001abd44) returned 1 [0101.232] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0001abd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001abd28) returned 1 [0101.232] ReadFile (in: hFile=0x174, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x49b, lpNumberOfBytesRead=0xc0001abc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc0001abc04*=0x29b, lpOverlapped=0x0) returned 1 [0101.251] ReadFile (in: hFile=0x174, lpBuffer=0xc00004e29b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001abc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e29b*, lpNumberOfBytesRead=0xc0001abc04*=0x0, lpOverlapped=0x0) returned 1 [0101.251] CloseHandle (hObject=0x174) returned 1 [0101.251] VirtualAlloc (lpAddress=0xc0001fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fc000 [0101.252] VirtualAlloc (lpAddress=0xc0001fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fe000 [0101.252] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0101.253] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0101.253] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.254] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001abd04 | out: lpMode=0xc0001abd04) returned 0 [0101.263] GetFileType (hFile=0x174) returned 0x1 [0101.263] WriteFile (in: hFile=0x174, lpBuffer=0xc0000a2000*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xc0001abcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesWritten=0xc0001abcec*=0x2a0, lpOverlapped=0x0) returned 1 [0101.264] CloseHandle (hObject=0x174) returned 1 [0101.264] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0101.264] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0101.265] VirtualAlloc (lpAddress=0xc0001d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d4000 [0101.265] VirtualAlloc (lpAddress=0xc0001d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d6000 [0101.265] VirtualAlloc (lpAddress=0xc0001d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d8000 [0101.266] VirtualAlloc (lpAddress=0xc0001da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001da000 [0101.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.266] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001abd64 | out: lpMode=0xc0001abd64) returned 0 [0101.268] GetFileType (hFile=0x174) returned 0x1 [0101.268] WriteFile (in: hFile=0x174, lpBuffer=0xc0001da2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001abd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001da2c0*, lpNumberOfBytesWritten=0xc0001abd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.269] CloseHandle (hObject=0x174) returned 1 [0101.269] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0101.269] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.270] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.277] SetEvent (hEvent=0x9c) returned 1 [0101.277] VirtualFree (lpAddress=0xc0001fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.277] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.277] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.277] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.278] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.278] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.278] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.278] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.279] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.279] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.279] VirtualFree (lpAddress=0xc00005c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.279] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.280] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82763590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82765ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.280] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.280] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82763590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82765ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.280] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82763590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82765ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.280] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82765ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.281] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.281] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ja\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82765ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82765ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30a)) returned 1 [0101.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8276d1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8276f8e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.281] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8276d1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8276f8e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.281] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8276d1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8276f8e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.281] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8276f8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.282] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.282] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.282] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8276f8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8276f8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29d)) returned 1 [0101.286] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82776e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82779520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.286] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.286] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82776e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82779520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.286] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82776e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82779520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.286] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82779520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.286] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.286] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.286] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82779520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82779520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ae)) returned 1 [0101.287] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8277e340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82783160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.287] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.287] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8277e340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82783160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.287] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8277e340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82783160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.287] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82783160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.287] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.287] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.287] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82783160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82783160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2bb)) returned 1 [0101.291] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.297] SwitchToThread () returned 1 [0101.301] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.302] SetEvent (hEvent=0x120) returned 1 [0101.302] VirtualFree (lpAddress=0xc0001ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.303] VirtualFree (lpAddress=0xc0001d8000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0101.303] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.303] VirtualFree (lpAddress=0xc000158000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0101.304] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.304] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.304] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.305] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.305] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.305] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.305] SetEvent (hEvent=0x9c) returned 1 [0101.305] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.333] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.342] SetEvent (hEvent=0x100) returned 1 [0101.342] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.344] SetEvent (hEvent=0x120) returned 1 [0101.344] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.347] SetEvent (hEvent=0x8c) returned 1 [0101.347] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.374] SetEvent (hEvent=0x8c) returned 1 [0101.374] SetEvent (hEvent=0x15c) returned 1 [0101.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0101.374] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000067cf4 | out: lpMode=0xc000067cf4) returned 0 [0101.377] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.378] GetFileType (hFile=0xec) returned 0x1 [0101.378] GetFileType (hFile=0xec) returned 0x1 [0101.378] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000067d44 | out: lpFileInformation=0xc000067d44) returned 1 [0101.378] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000067d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000067d28) returned 1 [0101.378] ReadFile (in: hFile=0xec, lpBuffer=0xc000272a00, nNumberOfBytesToRead=0x484, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc000272a00*, lpNumberOfBytesRead=0xc000067c04*=0x284, lpOverlapped=0x0) returned 1 [0101.402] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.407] SetEvent (hEvent=0x8c) returned 1 [0101.407] ReadFile (in: hFile=0xec, lpBuffer=0xc000272c84, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc000272c84*, lpNumberOfBytesRead=0xc000067c04*=0x0, lpOverlapped=0x0) returned 1 [0101.407] CloseHandle (hObject=0xec) returned 1 [0101.407] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0101.408] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0101.408] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0101.409] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.410] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000067d04 | out: lpMode=0xc000067d04) returned 0 [0101.414] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.420] GetFileType (hFile=0xec) returned 0x1 [0101.420] WriteFile (in: hFile=0xec, lpBuffer=0xc000146000*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xc000067cec, lpOverlapped=0x0 | out: lpBuffer=0xc000146000*, lpNumberOfBytesWritten=0xc000067cec*=0x290, lpOverlapped=0x0) returned 1 [0101.422] CloseHandle (hObject=0xec) returned 1 [0101.422] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0101.422] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.422] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0101.423] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0101.423] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0101.424] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0101.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.424] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000067d64 | out: lpMode=0xc000067d64) returned 0 [0101.434] GetFileType (hFile=0xec) returned 0x1 [0101.434] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000067d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000067d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.435] CloseHandle (hObject=0xec) returned 1 [0101.435] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0101.435] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.437] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.437] SetEvent (hEvent=0x100) returned 1 [0101.437] SetEvent (hEvent=0x9c) returned 1 [0101.438] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.442] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.442] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.453] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.453] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.453] SetEvent (hEvent=0x12c) returned 1 [0101.453] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.483] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.483] SetEvent (hEvent=0x9c) returned 1 [0101.483] SetEvent (hEvent=0x100) returned 1 [0101.484] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.491] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.491] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.593] SwitchToThread () returned 1 [0101.596] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.596] SetEvent (hEvent=0x120) returned 1 [0101.596] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.607] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.607] SetEvent (hEvent=0x8c) returned 1 [0101.607] SetEvent (hEvent=0xfc) returned 1 [0101.608] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.614] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.614] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.619] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.619] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.619] SetEvent (hEvent=0x12c) returned 1 [0101.619] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.646] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.646] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.646] SetEvent (hEvent=0x8c) returned 1 [0101.646] SetEvent (hEvent=0xfc) returned 1 [0101.646] SetEvent (hEvent=0x100) returned 1 [0101.647] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.650] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.650] SetEvent (hEvent=0xfc) returned 1 [0101.650] SetEvent (hEvent=0x9c) returned 1 [0101.650] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.652] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.652] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.652] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.652] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.653] SetEvent (hEvent=0x120) returned 1 [0101.653] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.653] GetFileType (hFile=0xec) returned 0x1 [0101.653] GetFileType (hFile=0xec) returned 0x1 [0101.653] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0001bbd44 | out: lpFileInformation=0xc0001bbd44) returned 1 [0101.653] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0001bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bbd28) returned 1 [0101.653] ReadFile (in: hFile=0xec, lpBuffer=0xc000060000, nNumberOfBytesToRead=0x49b, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesRead=0xc0001bbc04*=0x29b, lpOverlapped=0x0) returned 1 [0101.662] ReadFile (in: hFile=0xec, lpBuffer=0xc00006029b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006029b*, lpNumberOfBytesRead=0xc0001bbc04*=0x0, lpOverlapped=0x0) returned 1 [0101.662] CloseHandle (hObject=0xec) returned 1 [0101.662] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0101.662] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0101.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.663] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001bbd04 | out: lpMode=0xc0001bbd04) returned 0 [0101.671] GetFileType (hFile=0xec) returned 0x1 [0101.671] WriteFile (in: hFile=0xec, lpBuffer=0xc0000a2000*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xc0001bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesWritten=0xc0001bbcec*=0x2a0, lpOverlapped=0x0) returned 1 [0101.672] CloseHandle (hObject=0xec) returned 1 [0101.672] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.672] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0101.673] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.673] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001bbd64 | out: lpMode=0xc0001bbd64) returned 0 [0101.683] GetFileType (hFile=0xec) returned 0x1 [0101.683] WriteFile (in: hFile=0xec, lpBuffer=0xc00006c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006c2c0*, lpNumberOfBytesWritten=0xc0001bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.684] CloseHandle (hObject=0xec) returned 1 [0101.684] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0101.684] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.685] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.686] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.686] SetEvent (hEvent=0xc0) returned 1 [0101.686] SetEvent (hEvent=0x12c) returned 1 [0101.686] SetEvent (hEvent=0x9c) returned 1 [0101.686] VirtualAlloc (lpAddress=0xc000200000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000200000 [0101.687] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.690] SetEvent (hEvent=0x9c) returned 1 [0101.690] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.696] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.696] SetEvent (hEvent=0x120) returned 1 [0101.696] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.701] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.701] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.701] SetEvent (hEvent=0x9c) returned 1 [0101.701] SetEvent (hEvent=0x100) returned 1 [0101.702] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.704] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.705] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.707] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.707] SetEvent (hEvent=0x9c) returned 1 [0101.707] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.712] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.713] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.713] SetEvent (hEvent=0x100) returned 1 [0101.713] SetEvent (hEvent=0x8c) returned 1 [0101.714] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.715] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.718] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.718] SetEvent (hEvent=0x8c) returned 1 [0101.718] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.725] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.725] GetFileType (hFile=0x170) returned 0x1 [0101.725] WriteFile (in: hFile=0x170, lpBuffer=0xc00015e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00015e000*, lpNumberOfBytesWritten=0xc0001b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.726] CloseHandle (hObject=0x170) returned 1 [0101.726] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0101.726] VirtualAlloc (lpAddress=0xc00020a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020a000 [0101.726] VirtualAlloc (lpAddress=0xc00020c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020c000 [0101.727] VirtualAlloc (lpAddress=0xc00020e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020e000 [0101.727] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.728] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.728] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.728] SetEvent (hEvent=0xc0) returned 1 [0101.728] SetEvent (hEvent=0x100) returned 1 [0101.728] VirtualAlloc (lpAddress=0xc000210000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000210000 [0101.730] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.730] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.730] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.735] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.735] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.735] SetEvent (hEvent=0x100) returned 1 [0101.736] SetEvent (hEvent=0x120) returned 1 [0101.736] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.740] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.741] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.741] SetEvent (hEvent=0x100) returned 1 [0101.741] SetEvent (hEvent=0x9c) returned 1 [0101.741] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.743] SetEvent (hEvent=0x12c) returned 1 [0101.743] SetEvent (hEvent=0xfc) returned 1 [0101.743] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.745] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.746] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.746] SetEvent (hEvent=0x120) returned 1 [0101.746] SetEvent (hEvent=0x100) returned 1 [0101.746] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.750] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0101.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0101.750] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001edcf4 | out: lpMode=0xc0001edcf4) returned 0 [0101.756] GetFileType (hFile=0x174) returned 0x1 [0101.756] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0101.757] GetFileType (hFile=0x174) returned 0x1 [0101.757] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0001edd44 | out: lpFileInformation=0xc0001edd44) returned 1 [0101.757] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0001edd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001edd28) returned 1 [0101.757] ReadFile (in: hFile=0x174, lpBuffer=0xc00004c500, nNumberOfBytesToRead=0x482, lpNumberOfBytesRead=0xc0001edc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c500*, lpNumberOfBytesRead=0xc0001edc04*=0x282, lpOverlapped=0x0) returned 1 [0101.796] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.804] SetEvent (hEvent=0xc0) returned 1 [0101.804] ReadFile (in: hFile=0x174, lpBuffer=0xc00004c782, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001edc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c782*, lpNumberOfBytesRead=0xc0001edc04*=0x0, lpOverlapped=0x0) returned 1 [0101.804] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.817] CloseHandle (hObject=0x174) returned 1 [0101.817] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0101.818] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0101.818] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0101.819] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0101.819] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.820] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001edd04 | out: lpMode=0xc0001edd04) returned 0 [0101.827] GetFileType (hFile=0x174) returned 0x1 [0101.827] WriteFile (in: hFile=0x174, lpBuffer=0xc00004e000*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xc0001edcec, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesWritten=0xc0001edcec*=0x290, lpOverlapped=0x0) returned 1 [0101.828] CloseHandle (hObject=0x174) returned 1 [0101.828] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0101.828] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0101.829] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0101.829] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0101.830] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0101.830] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.830] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001edd64 | out: lpMode=0xc0001edd64) returned 0 [0101.836] GetFileType (hFile=0x174) returned 0x1 [0101.836] WriteFile (in: hFile=0x174, lpBuffer=0xc0001202c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001edd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001202c0*, lpNumberOfBytesWritten=0xc0001edd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.836] CloseHandle (hObject=0x174) returned 1 [0101.836] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0101.837] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.850] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.851] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.851] SetEvent (hEvent=0xc0) returned 1 [0101.851] SetEvent (hEvent=0x8c) returned 1 [0101.851] SetEvent (hEvent=0x100) returned 1 [0101.851] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0101.853] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.854] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.859] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.859] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.860] SetEvent (hEvent=0x12c) returned 1 [0101.860] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.866] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.866] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0101.866] SetEvent (hEvent=0x8c) returned 1 [0101.866] SetEvent (hEvent=0x9c) returned 1 [0101.867] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.913] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.913] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.916] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0101.916] SetEvent (hEvent=0x8c) returned 1 [0101.917] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.925] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.925] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0101.925] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0101.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.926] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e9f90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.926] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828e7880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e9f90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.926] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828e9f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb7bfbc00, ftLastWriteTime.dwHighDateTime=0x1d297b0, nFileSizeHigh=0x0, nFileSizeLow=0x2dfa, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0101.926] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.926] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.927] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0101.927] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828e9f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e9f90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb7bfbc00, ftLastWriteTime.dwHighDateTime=0x1d297b0, nFileSizeHigh=0x0, nFileSizeLow=0x2dfa)) returned 1 [0101.927] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0101.928] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0101.928] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82888510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8288ac20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xba221600, ftLastWriteTime.dwHighDateTime=0x1d297b0, nFileSizeHigh=0x0, nFileSizeLow=0x32a2e)) returned 1 [0101.928] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8288d330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82892150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xba221600, ftLastWriteTime.dwHighDateTime=0x1d297b0, nFileSizeHigh=0x0, nFileSizeLow=0x3b059)) returned 1 [0101.932] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.939] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.958] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.959] SetEvent (hEvent=0x120) returned 1 [0101.960] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.960] SetEvent (hEvent=0x8c) returned 1 [0101.960] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.987] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.994] SetEvent (hEvent=0x12c) returned 1 [0101.994] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0101.997] SetEvent (hEvent=0x9c) returned 1 [0101.997] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0102.006] SetEvent (hEvent=0x8c) returned 1 [0102.006] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0102.042] SetEvent (hEvent=0x100) returned 1 [0102.042] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0102.044] SetEvent (hEvent=0x12c) returned 1 [0102.044] SetEvent (hEvent=0x120) returned 1 [0102.044] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0102.051] SetEvent (hEvent=0x12c) returned 1 [0102.051] SetEvent (hEvent=0x8c) returned 1 [0102.051] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0102.051] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00015bcf4 | out: lpMode=0xc00015bcf4) returned 0 [0102.055] GetFileType (hFile=0x128) returned 0x1 [0102.055] GetFileType (hFile=0x128) returned 0x1 [0102.055] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00015bd44 | out: lpFileInformation=0xc00015bd44) returned 1 [0102.055] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00015bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015bd28) returned 1 [0102.055] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0102.055] ReadFile (in: hFile=0x128, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x72a, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc00015bc04*=0x52a, lpOverlapped=0x0) returned 1 [0102.066] ReadFile (in: hFile=0x128, lpBuffer=0xc0000ee52a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee52a*, lpNumberOfBytesRead=0xc00015bc04*=0x0, lpOverlapped=0x0) returned 1 [0102.066] CloseHandle (hObject=0x128) returned 1 [0102.066] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0102.066] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0102.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0102.068] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00015bd04 | out: lpMode=0xc00015bd04) returned 0 [0102.069] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0102.125] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0102.125] SetEvent (hEvent=0x100) returned 1 [0102.125] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.037] SetEvent (hEvent=0x108) returned 1 [0103.037] SetEvent (hEvent=0x9c) returned 1 [0103.037] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0103.078] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00019bcf4 | out: lpMode=0xc00019bcf4) returned 0 [0103.081] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.092] GetFileType (hFile=0xec) returned 0x1 [0103.092] GetFileType (hFile=0xec) returned 0x1 [0103.092] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00019bd44 | out: lpFileInformation=0xc00019bd44) returned 1 [0103.092] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00019bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00019bd28) returned 1 [0103.092] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0103.092] ReadFile (in: hFile=0xec, lpBuffer=0xc00028d800, nNumberOfBytesToRead=0x426f, lpNumberOfBytesRead=0xc00019bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00028d800*, lpNumberOfBytesRead=0xc00019bc04*=0x406f, lpOverlapped=0x0) returned 1 [0103.095] ReadFile (in: hFile=0xec, lpBuffer=0xc00029186f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00019bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00029186f*, lpNumberOfBytesRead=0xc00019bc04*=0x0, lpOverlapped=0x0) returned 1 [0103.095] CloseHandle (hObject=0xec) returned 1 [0103.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0103.096] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00019bd04 | out: lpMode=0xc00019bd04) returned 0 [0103.097] GetFileType (hFile=0xec) returned 0x1 [0103.097] WriteFile (in: hFile=0xec, lpBuffer=0xc0002a4800*, nNumberOfBytesToWrite=0x4070, lpNumberOfBytesWritten=0xc00019bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4800*, lpNumberOfBytesWritten=0xc00019bcec*=0x4070, lpOverlapped=0x0) returned 1 [0103.099] CloseHandle (hObject=0xec) returned 1 [0103.099] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0103.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0103.099] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00019bd64 | out: lpMode=0xc00019bd64) returned 0 [0103.103] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.113] GetFileType (hFile=0xec) returned 0x1 [0103.113] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00019bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00019bd4c*=0x158, lpOverlapped=0x0) returned 1 [0103.113] CloseHandle (hObject=0xec) returned 1 [0103.113] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0103.114] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0103.114] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.115] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.132] SetEvent (hEvent=0x13c) returned 1 [0103.132] SetEvent (hEvent=0x108) returned 1 [0103.132] SetEvent (hEvent=0x100) returned 1 [0103.132] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.156] SetEvent (hEvent=0x13c) returned 1 [0103.156] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.158] SetEvent (hEvent=0x100) returned 1 [0103.158] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.170] SetEvent (hEvent=0x108) returned 1 [0103.170] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.395] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0103.396] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0103.396] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0103.396] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0103.397] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0103.397] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0103.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0103.398] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0103.400] GetFileType (hFile=0xec) returned 0x1 [0103.400] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0103.400] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0103.400] GetFileType (hFile=0xec) returned 0x1 [0103.400] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0103.401] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0103.401] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0103.401] VirtualAlloc (lpAddress=0xc00029e000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029e000 [0103.402] ReadFile (in: hFile=0xec, lpBuffer=0xc00029e000, nNumberOfBytesToRead=0x405d, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029e000*, lpNumberOfBytesRead=0xc000117c04*=0x3e5d, lpOverlapped=0x0) returned 1 [0103.462] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.518] ReadFile (in: hFile=0xec, lpBuffer=0xc0002a1e5d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a1e5d*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0103.518] CloseHandle (hObject=0xec) returned 1 [0103.518] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0103.519] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0103.519] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0103.520] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0103.520] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0103.520] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0103.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0103.522] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0103.527] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.539] GetFileType (hFile=0xec) returned 0x1 [0103.539] WriteFile (in: hFile=0xec, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x3e60, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc000117cec*=0x3e60, lpOverlapped=0x0) returned 1 [0103.540] CloseHandle (hObject=0xec) returned 1 [0103.540] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0103.541] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0103.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0103.541] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0103.546] GetFileType (hFile=0xec) returned 0x1 [0103.546] WriteFile (in: hFile=0xec, lpBuffer=0xc000130580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000130580*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.547] CloseHandle (hObject=0xec) returned 1 [0103.547] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.549] SetEvent (hEvent=0x100) returned 1 [0103.549] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ac [0103.576] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0xc00014fcf4 | out: lpMode=0xc00014fcf4) returned 0 [0103.584] GetFileType (hFile=0x1ac) returned 0x1 [0103.584] GetFileType (hFile=0x1ac) returned 0x1 [0103.584] GetFileInformationByHandle (in: hFile=0x1ac, lpFileInformation=0xc00014fd44 | out: lpFileInformation=0xc00014fd44) returned 1 [0103.584] GetFileInformationByHandleEx (in: hFile=0x1ac, FileInformationClass=0x9, lpFileInformation=0xc00014fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014fd28) returned 1 [0103.584] ReadFile (in: hFile=0x1ac, lpBuffer=0xc0002a2800, nNumberOfBytesToRead=0x41dc, lpNumberOfBytesRead=0xc00014fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a2800*, lpNumberOfBytesRead=0xc00014fc04*=0x3fdc, lpOverlapped=0x0) returned 1 [0103.599] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.607] SetEvent (hEvent=0x100) returned 1 [0103.607] ReadFile (in: hFile=0x1ac, lpBuffer=0xc0002a67dc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a67dc*, lpNumberOfBytesRead=0xc00014fc04*=0x0, lpOverlapped=0x0) returned 1 [0103.608] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.622] CloseHandle (hObject=0x1ac) returned 1 [0103.622] SetEvent (hEvent=0x100) returned 1 [0103.622] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.721] SetEvent (hEvent=0x9c) returned 1 [0103.721] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.758] SetEvent (hEvent=0x164) returned 1 [0103.758] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.829] SetEvent (hEvent=0x100) returned 1 [0103.829] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.832] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0103.832] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0103.833] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000287cf4 | out: lpMode=0xc000287cf4) returned 0 [0103.834] GetFileType (hFile=0x174) returned 0x1 [0103.834] GetFileType (hFile=0x174) returned 0x1 [0103.834] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc000287d44 | out: lpFileInformation=0xc000287d44) returned 1 [0103.835] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc000287d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000287d28) returned 1 [0103.835] ReadFile (in: hFile=0x174, lpBuffer=0xc00029e000, nNumberOfBytesToRead=0x4039, lpNumberOfBytesRead=0xc000287c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029e000*, lpNumberOfBytesRead=0xc000287c04*=0x3e39, lpOverlapped=0x0) returned 1 [0103.851] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0103.864] ReadFile (in: hFile=0x174, lpBuffer=0xc0002a1e39, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000287c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a1e39*, lpNumberOfBytesRead=0xc000287c04*=0x0, lpOverlapped=0x0) returned 1 [0103.865] CloseHandle (hObject=0x174) returned 1 [0103.865] SetEvent (hEvent=0x100) returned 1 [0103.865] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.151] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0104.152] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001a1cf4 | out: lpMode=0xc0001a1cf4) returned 0 [0104.153] GetFileType (hFile=0x150) returned 0x1 [0104.153] GetFileType (hFile=0x150) returned 0x1 [0104.153] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0001a1d44 | out: lpFileInformation=0xc0001a1d44) returned 1 [0104.153] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0001a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a1d28) returned 1 [0104.153] VirtualAlloc (lpAddress=0xc000394000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000394000 [0104.156] ReadFile (in: hFile=0x150, lpBuffer=0xc000394000, nNumberOfBytesToRead=0x223da, lpNumberOfBytesRead=0xc0001a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000394000*, lpNumberOfBytesRead=0xc0001a1c04*=0x221da, lpOverlapped=0x0) returned 1 [0104.249] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.262] ReadFile (in: hFile=0x150, lpBuffer=0xc0003b61da, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003b61da*, lpNumberOfBytesRead=0xc0001a1c04*=0x0, lpOverlapped=0x0) returned 1 [0104.262] CloseHandle (hObject=0x150) returned 1 [0104.262] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0104.262] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0104.263] VirtualAlloc (lpAddress=0xc0003d8000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d8000 [0104.266] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0104.267] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0104.270] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001a1d04 | out: lpMode=0xc0001a1d04) returned 0 [0104.274] GetFileType (hFile=0x150) returned 0x1 [0104.275] WriteFile (in: hFile=0x150, lpBuffer=0xc0003d8000*, nNumberOfBytesToWrite=0x221e0, lpNumberOfBytesWritten=0xc0001a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d8000*, lpNumberOfBytesWritten=0xc0001a1cec*=0x221e0, lpOverlapped=0x0) returned 1 [0104.278] CloseHandle (hObject=0x150) returned 1 [0104.278] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0104.278] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0104.279] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0104.279] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0104.280] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0104.280] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0104.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0104.281] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001a1d64 | out: lpMode=0xc0001a1d64) returned 0 [0104.293] GetFileType (hFile=0x150) returned 0x1 [0104.293] WriteFile (in: hFile=0x150, lpBuffer=0xc00005e2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00005e2c0*, lpNumberOfBytesWritten=0xc0001a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.293] CloseHandle (hObject=0x150) returned 1 [0104.293] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0104.293] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\encry-cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\encry-cast_app.js"), dwFlags=0x1) returned 1 [0104.295] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.295] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.295] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0104.296] SetEvent (hEvent=0xc0) returned 1 [0104.296] SetEvent (hEvent=0x13c) returned 1 [0104.296] SetEvent (hEvent=0xf4) returned 1 [0104.296] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0104.298] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.302] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.312] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.313] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0104.313] SetEvent (hEvent=0x13c) returned 1 [0104.313] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.340] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.340] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0104.340] SetEvent (hEvent=0xc0) returned 1 [0104.340] SetEvent (hEvent=0x13c) returned 1 [0104.340] SetEvent (hEvent=0x164) returned 1 [0104.342] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.343] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.344] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.344] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0104.344] SetEvent (hEvent=0x13c) returned 1 [0104.344] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.365] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.366] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0104.366] SetEvent (hEvent=0xc0) returned 1 [0104.366] SetEvent (hEvent=0x13c) returned 1 [0104.366] SetEvent (hEvent=0xf4) returned 1 [0104.367] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.376] SetEvent (hEvent=0xf4) returned 1 [0104.376] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.398] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.422] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0104.422] SetEvent (hEvent=0xc0) returned 1 [0104.422] SetEvent (hEvent=0xf4) returned 1 [0104.422] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.436] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.437] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0104.437] SetEvent (hEvent=0x164) returned 1 [0104.437] SetEvent (hEvent=0x13c) returned 1 [0104.438] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.442] SetEvent (hEvent=0x13c) returned 1 [0104.442] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.461] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.462] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0104.462] SetEvent (hEvent=0xc0) returned 1 [0104.462] SetEvent (hEvent=0x13c) returned 1 [0104.462] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.463] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836af5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8395fd70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8f8)) returned 1 [0104.463] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836b1ce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836b43f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x46039)) returned 1 [0104.463] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0104.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836b6b00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836b9210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x7c33)) returned 1 [0104.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_common.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836c2e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836c5560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x2adeb)) returned 1 [0104.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836ca380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836cf1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x794cf)) returned 1 [0104.465] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836d3fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836d66d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x941)) returned 1 [0104.465] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cce2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80cce2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80db2b00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0104.465] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0104.465] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0104.466] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons-journal"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cce2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80cce2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80e97340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.466] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81c321d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81c321d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81c58330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b2e9)) returned 1 [0104.467] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802fc800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802fc800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87f47590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x19000)) returned 1 [0104.471] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824d3190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824d3190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c3b6860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x142f)) returned 1 [0104.471] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history-journal"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802fc800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802fc800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87f6d6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.471] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.471] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0104.472] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0104.472] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0104.472] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="A058.tmp", cAlternateFileName="")) returned 1 [0104.472] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="A059.tmp", cAlternateFileName="")) returned 1 [0104.472] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0104.472] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0104.472] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a058.tmp"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.472] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a059.tmp"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.473] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.473] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0104.473] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0104.473] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0104.473] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2B03.tmp", cAlternateFileName="")) returned 1 [0104.473] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2B04.tmp", cAlternateFileName="")) returned 1 [0104.473] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0104.473] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0104.473] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b03.tmp"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.483] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b04.tmp"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0104.487] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0104.488] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0104.488] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ghbmnnjooekpmoecnnnilnnbdlolhkhi", cAlternateFileName="GHBMNN~1")) returned 1 [0104.488] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0104.488] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0104.488] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.488] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0104.488] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*", lpFindFileData=0xc0000751d0 | out: lpFindFileData=0xc0000751d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0104.495] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.536] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0104.536] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86513570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0104.536] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0104.536] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0104.536] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97256fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0104.536] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0104.536] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0104.536] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0104.537] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86513570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86513570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86513570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.538] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0104.539] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lock"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.539] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\log"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97256fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4)) returned 1 [0104.539] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29)) returned 1 [0104.539] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83ede170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x90191d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0104.540] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83ede170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x90191d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0104.548] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83ede170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x90191d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0104.548] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90191d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9048b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage", cAlternateFileName="CHROME~1.LOC")) returned 1 [0104.548] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90191d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x904b1a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal", cAlternateFileName="CHROME~2.LOC")) returned 1 [0104.548] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0104.548] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0104.549] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90191d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9048b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3000)) returned 1 [0104.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90191d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x904b1a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80fc7e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80fc7e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8124f5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4800)) returned 1 [0104.555] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80fc7e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80fc7e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8129b860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.555] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82330270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82330270, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x825f0410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c00)) returned 1 [0104.555] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0104.556] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor-journal"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82330270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82330270, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8262ad90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.556] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86263d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86263d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86263d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28)) returned 1 [0104.556] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81d16a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81d16a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x94034050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1400)) returned 1 [0104.557] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs-journal"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81d16a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81d16a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9405a1b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.557] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c43f3e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c446910, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a9d)) returned 1 [0104.565] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.599] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0104.599] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0104.599] VirtualAlloc (lpAddress=0xc000296000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000296000 [0104.600] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x869fc2d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c00)) returned 1 [0104.600] VirtualAlloc (lpAddress=0xc000298000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000298000 [0104.600] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0104.601] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0104.601] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager-journal"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.601] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f846500, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f846500, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb4)) returned 1 [0104.602] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c3f38f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c404a60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8b43)) returned 1 [0104.602] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8218d350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8218d350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82271b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3000)) returned 1 [0104.610] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts-journal"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8218d350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8218d350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x822e3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.610] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84251e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84251e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.610] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0104.610] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84251e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84251e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0104.611] VirtualAlloc (lpAddress=0xc0002c2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c2000 [0104.611] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84251e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84251e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0104.611] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkedcjkdefgpdelpbcmbmeomcjbeemfm", cAlternateFileName="PKEDCJ~1")) returned 1 [0104.611] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0104.611] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0104.612] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0104.612] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.612] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0104.612] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*", lpFindFileData=0xc0000751d0 | out: lpFindFileData=0xc0000751d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0104.628] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0104.628] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8448d2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0104.628] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84254520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0104.628] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84254520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0104.628] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x93935fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc3, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0104.628] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84254520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0104.629] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0104.629] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0104.629] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8448d2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.630] VirtualAlloc (lpAddress=0xc0002c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c8000 [0104.631] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0104.632] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84254520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0104.632] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lock"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84254520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.632] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x93935fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc3)) returned 1 [0104.633] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84254520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29)) returned 1 [0104.633] VirtualAlloc (lpAddress=0xc0002d2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d2000 [0104.634] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d66840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d66840, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8195e7b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5000)) returned 1 [0104.640] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.643] VirtualAlloc (lpAddress=0xc00047c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00047c000 [0104.644] VirtualAlloc (lpAddress=0xc00047e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00047e000 [0104.644] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites-journal"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d8c9a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d8c9a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81984910, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.644] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.654] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88c2e920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x88c2e920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x88c2e920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x278)) returned 1 [0104.655] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80ee3600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80ee3600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6cde50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x20000)) returned 1 [0104.658] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x868593b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x868593b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.658] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0104.658] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x868593b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x868593b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0104.658] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x868593b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x868593b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0104.658] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_crx_aohghmighlieiainnegkcijnfilokake", cAlternateFileName="_CRX_A~1")) returned 1 [0104.658] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0104.658] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0104.658] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0104.659] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\*", lpFindFileData=0xc0000751d0 | out: lpFindFileData=0xc0000751d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0104.659] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0104.659] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28df6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Docs.ico", cAlternateFileName="GOOGLE~1.ICO")) returned 1 [0104.659] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Docs.ico.md5", cAlternateFileName="GOOGLE~1.MD5")) returned 1 [0104.659] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0104.659] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0104.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28df6)) returned 1 [0104.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0104.660] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d370c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11000)) returned 1 [0104.660] VirtualAlloc (lpAddress=0xc00029c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029c000 [0104.660] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d608d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.661] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0104.661] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0104.661] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0104.662] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0104.667] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.672] SetEvent (hEvent=0x108) returned 1 [0104.672] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.672] SetEvent (hEvent=0x1d0) returned 1 [0104.672] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.677] VirtualAlloc (lpAddress=0xc0002da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002da000 [0104.678] VirtualAlloc (lpAddress=0xc0002dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002dc000 [0104.678] VirtualAlloc (lpAddress=0xc0002de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002de000 [0104.678] VirtualAlloc (lpAddress=0xc0002e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e0000 [0104.678] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\transportsecurity"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d8 [0104.679] GetConsoleMode (in: hConsoleHandle=0x1d8, lpMode=0xc0002d9cf4 | out: lpMode=0xc0002d9cf4) returned 0 [0104.682] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.702] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.702] SetEvent (hEvent=0xf4) returned 1 [0104.702] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.705] SetEvent (hEvent=0x164) returned 1 [0104.705] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.713] SetEvent (hEvent=0x9c) returned 1 [0104.713] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.721] SetEvent (hEvent=0xf4) returned 1 [0104.721] SetEvent (hEvent=0xfc) returned 1 [0104.721] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.738] SetEvent (hEvent=0xfc) returned 1 [0104.738] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.749] SetEvent (hEvent=0xfc) returned 1 [0104.749] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.751] SetEvent (hEvent=0xfc) returned 1 [0104.751] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.752] SetEvent (hEvent=0xfc) returned 1 [0104.752] SetEvent (hEvent=0x120) returned 1 [0104.752] SetEvent (hEvent=0xf4) returned 1 [0104.753] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.755] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.757] VirtualFree (lpAddress=0xc0003b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.757] VirtualFree (lpAddress=0xc0003a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.757] VirtualFree (lpAddress=0xc00030c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.758] VirtualFree (lpAddress=0xc0002da000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.758] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.758] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.758] SetEvent (hEvent=0xfc) returned 1 [0104.758] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.761] SetEvent (hEvent=0x120) returned 1 [0104.761] SetEvent (hEvent=0x9c) returned 1 [0104.761] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.773] SetEvent (hEvent=0x164) returned 1 [0104.773] SetEvent (hEvent=0xfc) returned 1 [0104.773] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.776] SetEvent (hEvent=0x164) returned 1 [0104.776] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.778] SetEvent (hEvent=0x164) returned 1 [0104.778] SetEvent (hEvent=0xfc) returned 1 [0104.778] SetEvent (hEvent=0xf4) returned 1 [0104.778] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0104.804] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001a5cf4 | out: lpMode=0xc0001a5cf4) returned 0 [0104.806] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.818] GetFileType (hFile=0x1e4) returned 0x1 [0104.818] GetFileType (hFile=0x1e4) returned 0x1 [0104.818] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc0001a5d44 | out: lpFileInformation=0xc0001a5d44) returned 1 [0104.818] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc0001a5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a5d28) returned 1 [0104.818] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0104.820] ReadFile (in: hFile=0x1e4, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x19200, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc0001a5c04*=0x19000, lpOverlapped=0x0) returned 1 [0104.846] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.850] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00035f000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00035f000*, lpNumberOfBytesRead=0xc0001a5c04*=0x0, lpOverlapped=0x0) returned 1 [0104.850] CloseHandle (hObject=0x1e4) returned 1 [0104.850] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0104.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0104.854] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001a5d04 | out: lpMode=0xc0001a5d04) returned 0 [0104.855] GetFileType (hFile=0x1e4) returned 0x1 [0104.855] WriteFile (in: hFile=0x1e4, lpBuffer=0xc000300000*, nNumberOfBytesToWrite=0x19010, lpNumberOfBytesWritten=0xc0001a5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesWritten=0xc0001a5cec*=0x19010, lpOverlapped=0x0) returned 1 [0104.858] CloseHandle (hObject=0x1e4) returned 1 [0104.858] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0104.858] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0104.859] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0104.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0104.859] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001a5d64 | out: lpMode=0xc0001a5d64) returned 0 [0104.862] GetFileType (hFile=0x1e4) returned 0x1 [0104.862] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000fa000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesWritten=0xc0001a5d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.862] CloseHandle (hObject=0x1e4) returned 1 [0104.862] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-history"), dwFlags=0x1) returned 1 [0104.863] VirtualFree (lpAddress=0xc000400000, dwSize=0x56000, dwFreeType=0x4000) returned 1 [0104.865] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.866] VirtualFree (lpAddress=0xc0003e0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.866] VirtualFree (lpAddress=0xc000332000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0104.866] VirtualFree (lpAddress=0xc0002fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.867] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.867] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.867] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.867] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.868] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.868] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.868] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.868] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.869] WriteFile (in: hFile=0x184, lpBuffer=0xc0000fa420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00028bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa420*, lpNumberOfBytesWritten=0xc00028bd4c*=0x158, lpOverlapped=0x0) returned 1 [0104.869] CloseHandle (hObject=0x184) returned 1 [0104.869] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0104.869] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-angular.js"), dwFlags=0x1) returned 1 [0104.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x184 [0104.871] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0000c7cf4 | out: lpMode=0xc0000c7cf4) returned 0 [0104.875] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.879] GetFileType (hFile=0x184) returned 0x1 [0104.879] GetFileType (hFile=0x184) returned 0x1 [0104.879] GetFileInformationByHandle (in: hFile=0x184, lpFileInformation=0xc0000c7d44 | out: lpFileInformation=0xc0000c7d44) returned 1 [0104.879] GetFileInformationByHandleEx (in: hFile=0x184, FileInformationClass=0x9, lpFileInformation=0xc0000c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c7d28) returned 1 [0104.879] VirtualAlloc (lpAddress=0xc0002da000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002da000 [0104.880] ReadFile (in: hFile=0x184, lpBuffer=0xc0002da000, nNumberOfBytesToRead=0xca78, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002da000*, lpNumberOfBytesRead=0xc0000c7c04*=0xc878, lpOverlapped=0x0) returned 1 [0104.886] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.888] ReadFile (in: hFile=0x184, lpBuffer=0xc0002e6878, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e6878*, lpNumberOfBytesRead=0xc0000c7c04*=0x0, lpOverlapped=0x0) returned 1 [0104.888] CloseHandle (hObject=0x184) returned 1 [0104.888] VirtualAlloc (lpAddress=0xc000320000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000320000 [0104.890] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0104.890] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0104.891] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0104.892] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0000c7d04 | out: lpMode=0xc0000c7d04) returned 0 [0104.893] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.899] GetFileType (hFile=0x184) returned 0x1 [0104.899] WriteFile (in: hFile=0x184, lpBuffer=0xc000320000*, nNumberOfBytesToWrite=0xc880, lpNumberOfBytesWritten=0xc0000c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000320000*, lpNumberOfBytesWritten=0xc0000c7cec*=0xc880, lpOverlapped=0x0) returned 1 [0104.901] CloseHandle (hObject=0x184) returned 1 [0104.901] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0104.902] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0104.902] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0104.902] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0104.902] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0000c7d64 | out: lpMode=0xc0000c7d64) returned 0 [0104.905] GetFileType (hFile=0x184) returned 0x1 [0104.905] WriteFile (in: hFile=0x184, lpBuffer=0xc00016a580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a580*, lpNumberOfBytesWritten=0xc0000c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.905] CloseHandle (hObject=0x184) returned 1 [0104.905] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-common.js"), dwFlags=0x1) returned 1 [0104.906] SwitchToThread () returned 1 [0104.907] SetEvent (hEvent=0xf4) returned 1 [0104.907] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.909] SetEvent (hEvent=0x108) returned 1 [0104.909] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.911] SwitchToThread () returned 1 [0104.916] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.921] SetEvent (hEvent=0xf4) returned 1 [0104.921] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0104.922] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0104.922] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0104.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x184 [0104.923] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc000217cf4 | out: lpMode=0xc000217cf4) returned 0 [0104.926] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.927] GetFileType (hFile=0x184) returned 0x1 [0104.927] GetFileType (hFile=0x184) returned 0x1 [0104.928] GetFileInformationByHandle (in: hFile=0x184, lpFileInformation=0xc000217d44 | out: lpFileInformation=0xc000217d44) returned 1 [0104.928] GetFileInformationByHandleEx (in: hFile=0x184, FileInformationClass=0x9, lpFileInformation=0xc000217d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000217d28) returned 1 [0104.928] ReadFile (in: hFile=0x184, lpBuffer=0xc0003c8000, nNumberOfBytesToRead=0x228, lpNumberOfBytesRead=0xc000217c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003c8000*, lpNumberOfBytesRead=0xc000217c04*=0x28, lpOverlapped=0x0) returned 1 [0104.929] ReadFile (in: hFile=0x184, lpBuffer=0xc0003c8028, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000217c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003c8028*, lpNumberOfBytesRead=0xc000217c04*=0x0, lpOverlapped=0x0) returned 1 [0104.929] CloseHandle (hObject=0x184) returned 1 [0104.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0104.930] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc000217d04 | out: lpMode=0xc000217d04) returned 0 [0104.931] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.934] GetFileType (hFile=0x184) returned 0x1 [0104.934] WriteFile (in: hFile=0x184, lpBuffer=0xc00000a210*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0xc000217cec, lpOverlapped=0x0 | out: lpBuffer=0xc00000a210*, lpNumberOfBytesWritten=0xc000217cec*=0x30, lpOverlapped=0x0) returned 1 [0104.936] CloseHandle (hObject=0x184) returned 1 [0104.936] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0104.937] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0104.937] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc000217d64 | out: lpMode=0xc000217d64) returned 0 [0104.943] GetFileType (hFile=0x184) returned 0x1 [0104.943] WriteFile (in: hFile=0x184, lpBuffer=0xc0000fa420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000217d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa420*, lpNumberOfBytesWritten=0xc000217d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.944] CloseHandle (hObject=0x184) returned 1 [0104.944] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0104.944] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0104.945] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network persistent state"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Network Persistent State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-network persistent state"), dwFlags=0x1) returned 1 [0104.946] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.946] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.947] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0104.947] SetEvent (hEvent=0xc0) returned 1 [0104.947] SetEvent (hEvent=0x164) returned 1 [0104.947] SetEvent (hEvent=0x9c) returned 1 [0104.947] SetEvent (hEvent=0xfc) returned 1 [0104.948] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.952] SetEvent (hEvent=0xfc) returned 1 [0104.952] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.958] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.959] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0104.959] SetEvent (hEvent=0xf4) returned 1 [0104.959] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.959] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0104.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1c0 [0104.960] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0xc000257cf4 | out: lpMode=0xc000257cf4) returned 0 [0104.961] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.967] GetFileType (hFile=0x1c0) returned 0x1 [0104.967] GetFileType (hFile=0x1c0) returned 0x1 [0104.967] GetFileInformationByHandle (in: hFile=0x1c0, lpFileInformation=0xc000257d44 | out: lpFileInformation=0xc000257d44) returned 1 [0104.967] GetFileInformationByHandleEx (in: hFile=0x1c0, FileInformationClass=0x9, lpFileInformation=0xc000257d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000257d28) returned 1 [0104.967] ReadFile (in: hFile=0x1c0, lpBuffer=0xc0000dc000, nNumberOfBytesToRead=0x229, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesRead=0xc000257c04*=0x29, lpOverlapped=0x0) returned 1 [0104.968] ReadFile (in: hFile=0x1c0, lpBuffer=0xc0000dc029, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc029*, lpNumberOfBytesRead=0xc000257c04*=0x0, lpOverlapped=0x0) returned 1 [0104.968] CloseHandle (hObject=0x1c0) returned 1 [0104.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0104.969] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0xc000257d04 | out: lpMode=0xc000257d04) returned 0 [0104.970] GetFileType (hFile=0x1c0) returned 0x1 [0104.970] WriteFile (in: hFile=0x1c0, lpBuffer=0xc00000a210*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0xc000257cec, lpOverlapped=0x0 | out: lpBuffer=0xc00000a210*, lpNumberOfBytesWritten=0xc000257cec*=0x30, lpOverlapped=0x0) returned 1 [0104.971] CloseHandle (hObject=0x1c0) returned 1 [0104.971] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0104.972] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0104.972] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0xc000257d64 | out: lpMode=0xc000257d64) returned 0 [0104.973] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.979] GetFileType (hFile=0x1c0) returned 0x1 [0104.980] WriteFile (in: hFile=0x1c0, lpBuffer=0xc00016a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000257d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesWritten=0xc000257d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.980] CloseHandle (hObject=0x1c0) returned 1 [0104.980] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\manifest-000001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\encry-MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\encry-manifest-000001"), dwFlags=0x1) returned 1 [0104.981] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0104.981] SetEvent (hEvent=0xf4) returned 1 [0104.982] SetEvent (hEvent=0x164) returned 1 [0104.983] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.987] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.987] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.992] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.992] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.993] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0104.993] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0104.993] SetEvent (hEvent=0xc0) returned 1 [0104.993] SetEvent (hEvent=0x164) returned 1 [0104.993] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.994] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0104.994] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0104.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b03.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x184 [0104.995] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0001a7cf4 | out: lpMode=0xc0001a7cf4) returned 0 [0104.996] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0105.002] GetFileType (hFile=0x184) returned 0x1 [0105.002] GetFileType (hFile=0x184) returned 0x1 [0105.002] GetFileInformationByHandle (in: hFile=0x184, lpFileInformation=0xc0001a7d44 | out: lpFileInformation=0xc0001a7d44) returned 1 [0105.002] GetFileInformationByHandleEx (in: hFile=0x184, FileInformationClass=0x9, lpFileInformation=0xc0001a7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a7d28) returned 1 [0105.002] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0105.003] ReadFile (in: hFile=0x184, lpBuffer=0xc000054000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesRead=0xc0001a7c04*=0x0, lpOverlapped=0x0) returned 1 [0105.003] CloseHandle (hObject=0x184) returned 1 [0105.003] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0105.003] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0105.004] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0105.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b03.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0105.004] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0001a7d04 | out: lpMode=0xc0001a7d04) returned 0 [0105.006] GetFileType (hFile=0x184) returned 0x1 [0105.007] WriteFile (in: hFile=0x184, lpBuffer=0xc000586370*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0001a7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000586370*, lpNumberOfBytesWritten=0xc0001a7cec*=0x10, lpOverlapped=0x0) returned 1 [0105.007] CloseHandle (hObject=0x184) returned 1 [0105.008] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0105.008] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0105.008] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0105.009] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0105.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b03.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0105.009] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0001a7d64 | out: lpMode=0xc0001a7d64) returned 0 [0105.011] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0105.018] GetFileType (hFile=0x184) returned 0x1 [0105.018] WriteFile (in: hFile=0x184, lpBuffer=0xc0000fa000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesWritten=0xc0001a7d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.018] CloseHandle (hObject=0x184) returned 1 [0105.018] VirtualAlloc (lpAddress=0xc0003fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fa000 [0105.018] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0105.019] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B03.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b03.tmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\encry-2B03.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\encry-2b03.tmp"), dwFlags=0x1) returned 1 [0105.020] SetEvent (hEvent=0x9c) returned 1 [0105.020] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0105.027] SetEvent (hEvent=0xfc) returned 1 [0105.028] SetEvent (hEvent=0x120) returned 1 [0105.028] SetEvent (hEvent=0x9c) returned 1 [0105.028] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0105.204] SetEvent (hEvent=0x120) returned 1 [0105.204] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0105.205] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0105.206] SetEvent (hEvent=0x120) returned 1 [0105.206] SetEvent (hEvent=0xfc) returned 1 [0105.206] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.206] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.206] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.207] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.207] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.207] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.207] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0105.208] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0105.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1c4 [0105.209] GetConsoleMode (in: hConsoleHandle=0x1c4, lpMode=0xc0001b7cf4 | out: lpMode=0xc0001b7cf4) returned 0 [0105.212] GetFileType (hFile=0x1c4) returned 0x1 [0105.213] GetFileType (hFile=0x1c4) returned 0x1 [0105.213] GetFileInformationByHandle (in: hFile=0x1c4, lpFileInformation=0xc0001b7d44 | out: lpFileInformation=0xc0001b7d44) returned 1 [0105.213] GetFileInformationByHandleEx (in: hFile=0x1c4, FileInformationClass=0x9, lpFileInformation=0xc0001b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b7d28) returned 1 [0105.213] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0105.213] ReadFile (in: hFile=0x1c4, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x2b4, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc0001b7c04*=0xb4, lpOverlapped=0x0) returned 1 [0105.214] ReadFile (in: hFile=0x1c4, lpBuffer=0xc00004c0b4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c0b4*, lpNumberOfBytesRead=0xc0001b7c04*=0x0, lpOverlapped=0x0) returned 1 [0105.214] CloseHandle (hObject=0x1c4) returned 1 [0105.214] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0105.215] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0105.215] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0105.219] GetConsoleMode (in: hConsoleHandle=0x1c4, lpMode=0xc0001b7d04 | out: lpMode=0xc0001b7d04) returned 0 [0105.226] GetFileType (hFile=0x1c4) returned 0x1 [0105.227] WriteFile (in: hFile=0x1c4, lpBuffer=0xc000052000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0001b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfBytesWritten=0xc0001b7cec*=0xc0, lpOverlapped=0x0) returned 1 [0105.228] CloseHandle (hObject=0x1c4) returned 1 [0105.228] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0105.228] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0105.229] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0105.229] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0105.229] GetConsoleMode (in: hConsoleHandle=0x1c4, lpMode=0xc0001b7d64 | out: lpMode=0xc0001b7d64) returned 0 [0105.241] GetFileType (hFile=0x1c4) returned 0x1 [0105.241] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0105.242] WriteFile (in: hFile=0x1c4, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc0001b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.242] CloseHandle (hObject=0x1c4) returned 1 [0105.242] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0105.242] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0105.243] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0105.243] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0105.243] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\readme"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-README" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-readme"), dwFlags=0x1) returned 1 [0105.244] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.245] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0105.245] SetEvent (hEvent=0xc0) returned 1 [0105.245] SetEvent (hEvent=0x164) returned 1 [0105.246] SetEvent (hEvent=0xf4) returned 1 [0105.246] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0105.248] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.251] SetEvent (hEvent=0xf4) returned 1 [0105.251] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.260] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.260] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0105.260] SetEvent (hEvent=0x9c) returned 1 [0105.260] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.261] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1c4 [0105.261] GetConsoleMode (in: hConsoleHandle=0x1c4, lpMode=0xc00012dcf4 | out: lpMode=0xc00012dcf4) returned 0 [0105.263] GetFileType (hFile=0x1c4) returned 0x1 [0105.263] GetFileType (hFile=0x1c4) returned 0x1 [0105.263] GetFileInformationByHandle (in: hFile=0x1c4, lpFileInformation=0xc00012dd44 | out: lpFileInformation=0xc00012dd44) returned 1 [0105.264] GetFileInformationByHandleEx (in: hFile=0x1c4, FileInformationClass=0x9, lpFileInformation=0xc00012dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012dd28) returned 1 [0105.264] VirtualAlloc (lpAddress=0xc000300000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0105.265] ReadFile (in: hFile=0x1c4, lpBuffer=0xc000300000, nNumberOfBytesToRead=0x3200, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesRead=0xc00012dc04*=0x3000, lpOverlapped=0x0) returned 1 [0105.277] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0105.281] ReadFile (in: hFile=0x1c4, lpBuffer=0xc000303000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000303000*, lpNumberOfBytesRead=0xc00012dc04*=0x0, lpOverlapped=0x0) returned 1 [0105.281] CloseHandle (hObject=0x1c4) returned 1 [0105.281] VirtualAlloc (lpAddress=0xc00030a000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030a000 [0105.282] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0105.283] GetConsoleMode (in: hConsoleHandle=0x1c4, lpMode=0xc00012dd04 | out: lpMode=0xc00012dd04) returned 0 [0105.285] GetFileType (hFile=0x1c4) returned 0x1 [0105.285] WriteFile (in: hFile=0x1c4, lpBuffer=0xc00030a000*, nNumberOfBytesToWrite=0x3010, lpNumberOfBytesWritten=0xc00012dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00030a000*, lpNumberOfBytesWritten=0xc00012dcec*=0x3010, lpOverlapped=0x0) returned 1 [0105.287] CloseHandle (hObject=0x1c4) returned 1 [0105.287] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0105.287] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0105.287] GetConsoleMode (in: hConsoleHandle=0x1c4, lpMode=0xc00012dd64 | out: lpMode=0xc00012dd64) returned 0 [0105.289] GetFileType (hFile=0x1c4) returned 0x1 [0105.289] WriteFile (in: hFile=0x1c4, lpBuffer=0xc0000fa000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesWritten=0xc00012dd4c*=0x158, lpOverlapped=0x0) returned 1 [0105.289] CloseHandle (hObject=0x1c4) returned 1 [0105.289] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0105.290] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-shortcuts"), dwFlags=0x1) returned 1 [0105.291] VirtualFree (lpAddress=0xc0002de000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.291] VirtualFree (lpAddress=0xc0002da000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.291] VirtualFree (lpAddress=0xc00028c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0105.291] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0105.292] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.292] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.292] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.293] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.293] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.293] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.293] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.294] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0105.294] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0105.295] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lock"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1c4 [0105.295] GetConsoleMode (in: hConsoleHandle=0x1c4, lpMode=0xc0002cbcf4 | out: lpMode=0xc0002cbcf4) returned 0 [0105.296] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0105.299] GetFileType (hFile=0x1c4) returned 0x1 [0105.299] GetFileType (hFile=0x1c4) returned 0x1 [0105.299] GetFileInformationByHandle (in: hFile=0x1c4, lpFileInformation=0xc0002cbd44 | out: lpFileInformation=0xc0002cbd44) returned 1 [0105.299] GetFileInformationByHandleEx (in: hFile=0x1c4, FileInformationClass=0x9, lpFileInformation=0xc0002cbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002cbd28) returned 1 [0105.299] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0105.300] ReadFile (in: hFile=0x1c4, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc0002cbc04*=0x0, lpOverlapped=0x0) returned 1 [0105.300] CloseHandle (hObject=0x1c4) returned 1 [0105.300] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lock"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0105.300] GetConsoleMode (in: hConsoleHandle=0x1c4, lpMode=0xc0002cbd04 | out: lpMode=0xc0002cbd04) returned 0 [0105.304] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0105.305] SetEvent (hEvent=0x108) returned 1 [0105.305] GetFileType (hFile=0x1c4) returned 0x1 [0105.305] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0105.323] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0105.323] SetEvent (hEvent=0x9c) returned 1 [0105.323] WriteFile (in: hFile=0x1c4, lpBuffer=0xc000586480*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0002cbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000586480*, lpNumberOfBytesWritten=0xc0002cbcec*=0x10, lpOverlapped=0x0) returned 1 [0105.325] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0105.329] SetEvent (hEvent=0x9c) returned 1 [0105.329] CloseHandle (hObject=0x1c4) returned 1 [0105.329] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0105.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lock"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0105.330] GetConsoleMode (in: hConsoleHandle=0x1c4, lpMode=0xc0002cbd64 | out: lpMode=0xc0002cbd64) returned 0 [0105.333] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0105.346] GetFileType (hFile=0x1c4) returned 0x1 [0105.346] WriteFile (in: hFile=0x1c4, lpBuffer=0xc0000fa000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002cbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesWritten=0xc0002cbd4c*=0x158, lpOverlapped=0x0) returned 1 [0105.346] CloseHandle (hObject=0x1c4) returned 1 [0105.347] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\encry-LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\encry-lock"), dwFlags=0x1) returned 1 [0105.348] SetEvent (hEvent=0x108) returned 1 [0105.348] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0105.373] SetEvent (hEvent=0x9c) returned 1 [0105.373] SetEvent (hEvent=0xfc) returned 1 [0105.373] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0105.377] SetEvent (hEvent=0x164) returned 1 [0105.377] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0105.379] SetEvent (hEvent=0x9c) returned 1 [0105.379] SetEvent (hEvent=0x114) returned 1 [0105.379] SetEvent (hEvent=0xfc) returned 1 [0105.379] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.046] SetEvent (hEvent=0x108) returned 1 [0107.046] SetEvent (hEvent=0x114) returned 1 [0107.046] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.063] SetEvent (hEvent=0x114) returned 1 [0107.063] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.070] SetEvent (hEvent=0x114) returned 1 [0107.070] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.071] VirtualFree (lpAddress=0xc0002c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.071] VirtualFree (lpAddress=0xc000292000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.071] VirtualFree (lpAddress=0xc00025c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.071] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.071] VirtualFree (lpAddress=0xc000222000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.072] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.072] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.072] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.072] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.072] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.073] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.073] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.073] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.073] GetFileType (hFile=0x1b0) returned 0x1 [0107.073] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000a0290*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0004dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a0290*, lpNumberOfBytesWritten=0xc0004dbcec*=0x10, lpOverlapped=0x0) returned 1 [0107.074] CloseHandle (hObject=0x1b0) returned 1 [0107.074] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0107.074] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0107.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0107.075] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004dbd64 | out: lpMode=0xc0004dbd64) returned 0 [0107.154] GetFileType (hFile=0x1b0) returned 0x1 [0107.154] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000942c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000942c0*, lpNumberOfBytesWritten=0xc0004dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0107.155] CloseHandle (hObject=0x1b0) returned 1 [0107.155] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0107.155] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0107.156] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\encry-get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\encry-get.adobe[1].xml"), dwFlags=0x1) returned 1 [0107.157] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0107.157] SetEvent (hEvent=0x164) returned 1 [0107.157] SetEvent (hEvent=0xfc) returned 1 [0107.157] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0107.158] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.163] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.164] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0107.164] SetEvent (hEvent=0xfc) returned 1 [0107.164] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.174] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.174] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.174] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.174] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0107.174] SetEvent (hEvent=0xc0) returned 1 [0107.174] SetEvent (hEvent=0xfc) returned 1 [0107.174] SetEvent (hEvent=0x114) returned 1 [0107.176] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.177] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.178] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0107.178] SetEvent (hEvent=0xfc) returned 1 [0107.178] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.183] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0107.183] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0107.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0107.184] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0000b7cf4 | out: lpMode=0xc0000b7cf4) returned 0 [0107.207] GetFileType (hFile=0x1d4) returned 0x1 [0107.207] GetFileType (hFile=0x1d4) returned 0x1 [0107.207] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc0000b7d44 | out: lpFileInformation=0xc0000b7d44) returned 1 [0107.207] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc0000b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000b7d28) returned 1 [0107.208] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0107.209] ReadFile (in: hFile=0x1d4, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x1126c, lpNumberOfBytesRead=0xc0000b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0000b7c04*=0x1106c, lpOverlapped=0x0) returned 1 [0107.252] ReadFile (in: hFile=0x1d4, lpBuffer=0xc0002b506c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b506c*, lpNumberOfBytesRead=0xc0000b7c04*=0x0, lpOverlapped=0x0) returned 1 [0107.252] CloseHandle (hObject=0x1d4) returned 1 [0107.252] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0107.252] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0107.253] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0107.254] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0107.256] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0000b7d04 | out: lpMode=0xc0000b7d04) returned 0 [0107.281] GetFileType (hFile=0x1d4) returned 0x1 [0107.281] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0002b6000*, nNumberOfBytesToWrite=0x11070, lpNumberOfBytesWritten=0xc0000b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b6000*, lpNumberOfBytesWritten=0xc0000b7cec*=0x11070, lpOverlapped=0x0) returned 1 [0107.283] CloseHandle (hObject=0x1d4) returned 1 [0107.284] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0107.284] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0107.284] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0107.284] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0107.285] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0107.285] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0107.286] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0107.286] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0107.286] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0000b7d64 | out: lpMode=0xc0000b7d64) returned 0 [0107.290] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.304] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.305] SetEvent (hEvent=0xfc) returned 1 [0107.305] SetEvent (hEvent=0x114) returned 1 [0107.305] SetEvent (hEvent=0x108) returned 1 [0107.305] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.309] VirtualFree (lpAddress=0xc0006ea000, dwSize=0x106000, dwFreeType=0x4000) returned 1 [0107.315] VirtualFree (lpAddress=0xc00058e000, dwSize=0x106000, dwFreeType=0x4000) returned 1 [0107.322] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0107.323] VirtualFree (lpAddress=0xc00025a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.323] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.323] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.323] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0107.324] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.324] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.325] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.325] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.325] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.325] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.326] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.326] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.326] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.326] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.327] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.327] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.327] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.327] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.328] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.328] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.328] SetEvent (hEvent=0x108) returned 1 [0107.328] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.331] SetEvent (hEvent=0xfc) returned 1 [0107.331] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.333] SetEvent (hEvent=0x114) returned 1 [0107.333] SetEvent (hEvent=0x164) returned 1 [0107.333] SetEvent (hEvent=0x108) returned 1 [0107.333] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.343] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0107.344] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.344] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.344] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.344] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.345] SetEvent (hEvent=0xfc) returned 1 [0107.345] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.350] SetEvent (hEvent=0x114) returned 1 [0107.350] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.354] SetEvent (hEvent=0x120) returned 1 [0107.354] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.359] SetEvent (hEvent=0x164) returned 1 [0107.359] SetEvent (hEvent=0x120) returned 1 [0107.359] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.379] SetEvent (hEvent=0xfc) returned 1 [0107.379] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.386] SetEvent (hEvent=0xfc) returned 1 [0107.386] GetFileType (hFile=0x1d4) returned 0x1 [0107.386] WriteFile (in: hFile=0x1d4, lpBuffer=0xc000250000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000250000*, lpNumberOfBytesWritten=0xc0000b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.386] CloseHandle (hObject=0x1d4) returned 1 [0107.386] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0107.387] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\encry-LocalMLS_3.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\encry-localmls_3.wmdb"), dwFlags=0x1) returned 1 [0107.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0107.388] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0001d3cf4 | out: lpMode=0xc0001d3cf4) returned 0 [0107.392] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.395] GetFileType (hFile=0x1d4) returned 0x1 [0107.395] GetFileType (hFile=0x1d4) returned 0x1 [0107.395] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc0001d3d44 | out: lpFileInformation=0xc0001d3d44) returned 1 [0107.395] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc0001d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d3d28) returned 1 [0107.396] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0107.396] ReadFile (in: hFile=0x1d4, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x31b0, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0001d3c04*=0x2fb0, lpOverlapped=0x0) returned 1 [0107.401] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.405] ReadFile (in: hFile=0x1d4, lpBuffer=0xc0002a6fb0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a6fb0*, lpNumberOfBytesRead=0xc0001d3c04*=0x0, lpOverlapped=0x0) returned 1 [0107.405] CloseHandle (hObject=0x1d4) returned 1 [0107.405] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0107.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0107.407] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0001d3d04 | out: lpMode=0xc0001d3d04) returned 0 [0107.409] GetFileType (hFile=0x1d4) returned 0x1 [0107.409] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0000fa000*, nNumberOfBytesToWrite=0x2fc0, lpNumberOfBytesWritten=0xc0001d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesWritten=0xc0001d3cec*=0x2fc0, lpOverlapped=0x0) returned 1 [0107.410] CloseHandle (hObject=0x1d4) returned 1 [0107.410] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0107.411] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0107.411] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0107.411] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0107.412] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0107.412] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0107.412] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0001d3d64 | out: lpMode=0xc0001d3d64) returned 0 [0107.414] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.417] SetEvent (hEvent=0xfc) returned 1 [0107.417] GetFileType (hFile=0x1d4) returned 0x1 [0107.417] WriteFile (in: hFile=0x1d4, lpBuffer=0xc000074000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000074000*, lpNumberOfBytesWritten=0xc0001d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.418] CloseHandle (hObject=0x1d4) returned 1 [0107.418] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0107.418] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0107.418] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0107.419] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\encry-brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\encry-brndlog.txt"), dwFlags=0x1) returned 1 [0107.420] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.422] SetEvent (hEvent=0xfc) returned 1 [0107.422] SetEvent (hEvent=0xf4) returned 1 [0107.422] VirtualFree (lpAddress=0xc0002a4000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0107.423] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.423] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.423] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0107.424] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.424] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.424] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.424] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.424] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.425] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x410)) returned 1 [0107.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3fc)) returned 1 [0107.438] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x401)) returned 1 [0107.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x427)) returned 1 [0107.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x249)) returned 1 [0107.448] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\12_all_video.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x437)) returned 1 [0107.448] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0107.448] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0107.448] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\*", lpFindFileData=0xc0002212a8 | out: lpFindFileData=0xc0002212a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0107.458] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0107.458] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x414, dwReserved0=0x0, dwReserved1=0x0, cFileName="01_Music_auto_rated_at_5_stars.wpl", cAlternateFileName="01_MUS~1.WPL")) returned 1 [0107.458] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="02_Music_added_in_the_last_month.wpl", cAlternateFileName="02_MUS~1.WPL")) returned 1 [0107.458] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="03_Music_rated_at_4_or_5_stars.wpl", cAlternateFileName="03_MUS~1.WPL")) returned 1 [0107.458] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x504, dwReserved0=0x0, dwReserved1=0x0, cFileName="04_Music_played_in_the_last_month.wpl", cAlternateFileName="04_MUS~1.WPL")) returned 1 [0107.458] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x31d, dwReserved0=0x0, dwReserved1=0x0, cFileName="05_Pictures_taken_in_the_last_month.wpl", cAlternateFileName="05_PIC~1.WPL")) returned 1 [0107.458] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x311, dwReserved0=0x0, dwReserved1=0x0, cFileName="06_Pictures_rated_4_or_5_stars.wpl", cAlternateFileName="06_PIC~1.WPL")) returned 1 [0107.458] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0x0, dwReserved1=0x0, cFileName="07_TV_recorded_in_the_last_week.wpl", cAlternateFileName="07_TV_~1.WPL")) returned 1 [0107.458] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x3fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="08_Video_rated_at_4_or_5_stars.wpl", cAlternateFileName="08_VID~1.WPL")) returned 1 [0107.458] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x401, dwReserved0=0x0, dwReserved1=0x0, cFileName="09_Music_played_the_most.wpl", cAlternateFileName="09_MUS~1.WPL")) returned 1 [0107.459] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x427, dwReserved0=0x0, dwReserved1=0x0, cFileName="10_All_Music.wpl", cAlternateFileName="10_ALL~1.WPL")) returned 1 [0107.459] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x249, dwReserved0=0x0, dwReserved1=0x0, cFileName="11_All_Pictures.wpl", cAlternateFileName="11_ALL~1.WPL")) returned 1 [0107.459] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0x0, dwReserved1=0x0, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 1 [0107.459] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0107.459] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0107.460] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x414)) returned 1 [0107.461] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4ff)) returned 1 [0107.468] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4f3)) returned 1 [0107.468] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x504)) returned 1 [0107.473] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.480] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.481] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0060*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00019f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0060*, lpNumberOfCharsWritten=0xc00019f818*=0x4) returned 1 [0107.481] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0068*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000067818, lpReserved=0x0 | out: lpBuffer=0xc0000a0068*, lpNumberOfCharsWritten=0xc000067818*=0x4) returned 1 [0107.483] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.489] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020e8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000249818, lpReserved=0x0 | out: lpBuffer=0xc0001020e8*, lpNumberOfCharsWritten=0xc000249818*=0x4) returned 1 [0107.493] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102220*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000243818, lpReserved=0x0 | out: lpBuffer=0xc000102220*, lpNumberOfCharsWritten=0xc000243818*=0x4) returned 1 [0107.498] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00013d818, lpReserved=0x0 | out: lpBuffer=0xc0000a01a8*, lpNumberOfCharsWritten=0xc00013d818*=0x4) returned 1 [0107.503] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00010f818, lpReserved=0x0 | out: lpBuffer=0xc0000a02a8*, lpNumberOfCharsWritten=0xc00010f818*=0x4) returned 1 [0107.700] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.714] SetEvent (hEvent=0x108) returned 1 [0107.714] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102248*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00024b818, lpReserved=0x0 | out: lpBuffer=0xc000102248*, lpNumberOfCharsWritten=0xc00024b818*=0x4) returned 1 [0107.718] SetEvent (hEvent=0x108) returned 1 [0107.718] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102250*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00027f818, lpReserved=0x0 | out: lpBuffer=0xc000102250*, lpNumberOfCharsWritten=0xc00027f818*=0x4) returned 1 [0107.720] SetEvent (hEvent=0x108) returned 1 [0107.720] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102258*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc000102258*, lpNumberOfCharsWritten=0xc000175818*=0x4) returned 1 [0107.720] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.721] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.723] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000163818, lpReserved=0x0 | out: lpBuffer=0xc0001020e0*, lpNumberOfCharsWritten=0xc000163818*=0x4) returned 1 [0107.726] SetEvent (hEvent=0xfc) returned 1 [0107.726] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020e8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001b9818, lpReserved=0x0 | out: lpBuffer=0xc0001020e8*, lpNumberOfCharsWritten=0xc0001b9818*=0x4) returned 1 [0107.728] SetEvent (hEvent=0xfc) returned 1 [0107.728] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0060*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004df818, lpReserved=0x0 | out: lpBuffer=0xc0000a0060*, lpNumberOfCharsWritten=0xc0004df818*=0x4) returned 1 [0107.729] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.738] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0180*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00010d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0180*, lpNumberOfCharsWritten=0xc00010d818*=0x4) returned 1 [0107.741] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0188*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00022d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0188*, lpNumberOfCharsWritten=0xc00022d818*=0x4) returned 1 [0107.743] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001a5818, lpReserved=0x0 | out: lpBuffer=0xc0000a01a0*, lpNumberOfCharsWritten=0xc0001a5818*=0x4) returned 1 [0107.744] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00028b818, lpReserved=0x0 | out: lpBuffer=0xc0000a01a8*, lpNumberOfCharsWritten=0xc00028b818*=0x4) returned 1 [0107.745] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000c7818, lpReserved=0x0 | out: lpBuffer=0xc0000a01b0*, lpNumberOfCharsWritten=0xc0000c7818*=0x4) returned 1 [0107.747] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001cd818, lpReserved=0x0 | out: lpBuffer=0xc0000a01b8*, lpNumberOfCharsWritten=0xc0001cd818*=0x4) returned 1 [0107.750] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.760] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0230*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00019d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0230*, lpNumberOfCharsWritten=0xc00019d818*=0x4) returned 1 [0107.763] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0238*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000217818, lpReserved=0x0 | out: lpBuffer=0xc0000a0238*, lpNumberOfCharsWritten=0xc000217818*=0x4) returned 1 [0107.764] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0280*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000183818, lpReserved=0x0 | out: lpBuffer=0xc0000a0280*, lpNumberOfCharsWritten=0xc000183818*=0x4) returned 1 [0107.766] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0107.766] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0288*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000257818, lpReserved=0x0 | out: lpBuffer=0xc0000a0288*, lpNumberOfCharsWritten=0xc000257818*=0x4) returned 1 [0107.768] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc0000a02a0*, lpNumberOfCharsWritten=0xc000241818*=0x4) returned 1 [0107.774] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.780] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0107.781] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000bd818, lpReserved=0x0 | out: lpBuffer=0xc0000a02a8*, lpNumberOfCharsWritten=0xc0000bd818*=0x4) returned 1 [0107.782] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.802] SetEvent (hEvent=0x164) returned 1 [0107.802] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.803] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102010*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000187818, lpReserved=0x0 | out: lpBuffer=0xc000102010*, lpNumberOfCharsWritten=0xc000187818*=0x4) returned 1 [0107.804] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102018*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001a7818, lpReserved=0x0 | out: lpBuffer=0xc000102018*, lpNumberOfCharsWritten=0xc0001a7818*=0x4) returned 1 [0107.813] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102038*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002d7818, lpReserved=0x0 | out: lpBuffer=0xc000102038*, lpNumberOfCharsWritten=0xc0002d7818*=0x4) returned 1 [0107.821] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102090*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001b7818, lpReserved=0x0 | out: lpBuffer=0xc000102090*, lpNumberOfCharsWritten=0xc0001b7818*=0x4) returned 1 [0107.823] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102098*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002cf818, lpReserved=0x0 | out: lpBuffer=0xc000102098*, lpNumberOfCharsWritten=0xc0002cf818*=0x4) returned 1 [0107.827] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102100*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00023f818, lpReserved=0x0 | out: lpBuffer=0xc000102100*, lpNumberOfCharsWritten=0xc00023f818*=0x4) returned 1 [0107.829] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.833] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102108*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00012d818, lpReserved=0x0 | out: lpBuffer=0xc000102108*, lpNumberOfCharsWritten=0xc00012d818*=0x4) returned 1 [0107.834] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.841] SetEvent (hEvent=0x120) returned 1 [0107.841] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000143818, lpReserved=0x0 | out: lpBuffer=0xc0000100d0*, lpNumberOfCharsWritten=0xc000143818*=0x4) returned 1 [0107.842] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000275818, lpReserved=0x0 | out: lpBuffer=0xc0000100d8*, lpNumberOfCharsWritten=0xc000275818*=0x4) returned 1 [0107.844] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002d1818, lpReserved=0x0 | out: lpBuffer=0xc0000a01a0*, lpNumberOfCharsWritten=0xc0002d1818*=0x4) returned 1 [0107.846] SetEvent (hEvent=0x15c) returned 1 [0107.846] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.853] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.853] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.854] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.855] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.856] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.857] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.859] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.860] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.861] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.862] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.863] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.864] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.865] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.866] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.867] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.867] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.868] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.869] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.870] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.872] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.873] SetEvent (hEvent=0xf4) returned 1 [0107.873] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000199818, lpReserved=0x0 | out: lpBuffer=0xc0000100e0*, lpNumberOfCharsWritten=0xc000199818*=0x4) returned 1 [0107.877] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.883] SetEvent (hEvent=0x15c) returned 1 [0107.883] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d6000*, nNumberOfCharsToWrite=0x4c, lpNumberOfCharsWritten=0xc000299808, lpReserved=0x0 | out: lpBuffer=0xc0003d6000*, lpNumberOfCharsWritten=0xc000299808*=0x4c) returned 1 [0107.885] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0107.885] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\*", lpFindFileData=0xc000299a08 | out: lpFindFileData=0xc000299a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0107.885] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000299720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0107.885] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d60a0*, nNumberOfCharsToWrite=0x4c, lpNumberOfCharsWritten=0xc000299808, lpReserved=0x0 | out: lpBuffer=0xc0003d60a0*, lpNumberOfCharsWritten=0xc000299808*=0x4c) returned 1 [0107.890] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0107.890] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0107.890] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\*", lpFindFileData=0xc000299a68 | out: lpFindFileData=0xc000299a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0107.890] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000299720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0107.890] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d6140*, nNumberOfCharsToWrite=0x4c, lpNumberOfCharsWritten=0xc000299808, lpReserved=0x0 | out: lpBuffer=0xc0003d6140*, lpNumberOfCharsWritten=0xc000299808*=0x4c) returned 1 [0107.891] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.896] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0107.897] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0107.897] SetEvent (hEvent=0x15c) returned 1 [0107.897] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00000a390*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000299808, lpReserved=0x0 | out: lpBuffer=0xc00000a390*, lpNumberOfCharsWritten=0xc000299808*=0x11) returned 1 [0107.898] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0107.902] SetEvent (hEvent=0xf4) returned 1 [0107.902] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00000a360*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000299808, lpReserved=0x0 | out: lpBuffer=0xc00000a360*, lpNumberOfCharsWritten=0xc000299808*=0x11) returned 1 [0107.903] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0107.903] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\encry-History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\encry-history"), dwFlags=0x1) returned 1 [0108.403] SetEvent (hEvent=0xc0) returned 1 [0108.403] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0108.403] SetEvent (hEvent=0x12c) returned 1 [0108.403] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0108.405] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.410] SetEvent (hEvent=0x12c) returned 1 [0108.410] SetEvent (hEvent=0x120) returned 1 [0108.410] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.411] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.412] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0108.412] SetEvent (hEvent=0xc0) returned 1 [0108.412] SetEvent (hEvent=0xfc) returned 1 [0108.412] SetEvent (hEvent=0x13c) returned 1 [0108.412] SetEvent (hEvent=0x114) returned 1 [0108.412] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.431] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.432] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.432] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0108.432] SetEvent (hEvent=0xf4) returned 1 [0108.445] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.446] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.450] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.452] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0108.452] SetEvent (hEvent=0x164) returned 1 [0108.452] SetEvent (hEvent=0xf4) returned 1 [0108.453] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.465] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0108.465] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0108.466] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x249)) returned 1 [0108.473] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.474] SetEvent (hEvent=0x164) returned 1 [0108.475] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.476] SetEvent (hEvent=0x164) returned 1 [0108.476] SetEvent (hEvent=0x188) returned 1 [0108.476] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.476] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.476] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.477] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.477] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0108.477] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0108.477] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000143d64 | out: lpMode=0xc000143d64) returned 0 [0108.482] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.485] GetFileType (hFile=0x1bc) returned 0x1 [0108.485] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0108.486] WriteFile (in: hFile=0x1bc, lpBuffer=0xc00016a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000143d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesWritten=0xc000143d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.486] CloseHandle (hObject=0x1bc) returned 1 [0108.486] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0108.487] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0108.487] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0108.487] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0108.488] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\encry-09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\encry-09_music_played_the_most.wpl"), dwFlags=0x1) returned 1 [0108.490] SwitchToThread () returned 1 [0108.490] SetEvent (hEvent=0x164) returned 1 [0108.490] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.491] SetEvent (hEvent=0x164) returned 1 [0108.491] SetEvent (hEvent=0x188) returned 1 [0108.491] SetEvent (hEvent=0xf4) returned 1 [0108.491] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.493] SetEvent (hEvent=0x188) returned 1 [0108.494] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.495] VirtualFree (lpAddress=0xc0002a4000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0108.496] VirtualFree (lpAddress=0xc00028c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.496] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.496] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.497] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.497] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.497] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.497] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.498] SetEvent (hEvent=0x164) returned 1 [0108.498] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.506] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.508] SetEvent (hEvent=0x188) returned 1 [0108.508] SetEvent (hEvent=0x1a0) returned 1 [0108.508] SetEvent (hEvent=0x164) returned 1 [0108.508] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.515] SetEvent (hEvent=0x188) returned 1 [0108.515] SetEvent (hEvent=0xf4) returned 1 [0108.515] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.526] SetEvent (hEvent=0x188) returned 1 [0108.526] SetEvent (hEvent=0x9c) returned 1 [0108.526] SetEvent (hEvent=0x164) returned 1 [0108.526] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.533] SetEvent (hEvent=0x188) returned 1 [0108.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0108.533] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000299cf4 | out: lpMode=0xc000299cf4) returned 0 [0108.536] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.538] GetFileType (hFile=0x180) returned 0x1 [0108.538] GetFileType (hFile=0x180) returned 0x1 [0108.539] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc000299d44 | out: lpFileInformation=0xc000299d44) returned 1 [0108.539] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc000299d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000299d28) returned 1 [0108.539] ReadFile (in: hFile=0x180, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x449, lpNumberOfBytesRead=0xc000299c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc000299c04*=0x249, lpOverlapped=0x0) returned 1 [0108.543] ReadFile (in: hFile=0x180, lpBuffer=0xc00006c249, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000299c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c249*, lpNumberOfBytesRead=0xc000299c04*=0x0, lpOverlapped=0x0) returned 1 [0108.543] CloseHandle (hObject=0x180) returned 1 [0108.543] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0108.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0108.545] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000299d04 | out: lpMode=0xc000299d04) returned 0 [0108.556] GetFileType (hFile=0x180) returned 0x1 [0108.556] WriteFile (in: hFile=0x180, lpBuffer=0xc00003e000*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0xc000299cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003e000*, lpNumberOfBytesWritten=0xc000299cec*=0x250, lpOverlapped=0x0) returned 1 [0108.558] CloseHandle (hObject=0x180) returned 1 [0108.558] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0108.558] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0108.558] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0108.559] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0108.559] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0108.560] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0108.560] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0108.560] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000299d64 | out: lpMode=0xc000299d64) returned 0 [0108.570] GetFileType (hFile=0x180) returned 0x1 [0108.570] WriteFile (in: hFile=0x180, lpBuffer=0xc00005a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000299d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00005a2c0*, lpNumberOfBytesWritten=0xc000299d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.570] CloseHandle (hObject=0x180) returned 1 [0108.570] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0108.571] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\11_all_pictures.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\encry-11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\encry-11_all_pictures.wpl"), dwFlags=0x1) returned 1 [0108.573] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.574] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0108.574] SetEvent (hEvent=0xc0) returned 1 [0108.574] SetEvent (hEvent=0x9c) returned 1 [0108.574] SetEvent (hEvent=0xf4) returned 1 [0108.575] SetEvent (hEvent=0x15c) returned 1 [0108.575] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.578] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.578] SetEvent (hEvent=0x15c) returned 1 [0108.578] SetEvent (hEvent=0x9c) returned 1 [0108.578] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.585] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.585] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0108.586] SetEvent (hEvent=0x188) returned 1 [0108.586] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.586] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0108.587] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001b3cf4 | out: lpMode=0xc0001b3cf4) returned 0 [0108.587] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.595] SetEvent (hEvent=0x164) returned 1 [0108.595] GetFileType (hFile=0x1bc) returned 0x1 [0108.595] GetFileType (hFile=0x1bc) returned 0x1 [0108.595] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0001b3d44 | out: lpFileInformation=0xc0001b3d44) returned 1 [0108.595] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0001b3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b3d28) returned 1 [0108.595] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x22000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0108.599] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000300000, nNumberOfBytesToRead=0x20200, lpNumberOfBytesRead=0xc0001b3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesRead=0xc0001b3c04*=0x20000, lpOverlapped=0x0) returned 1 [0108.610] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000320000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000320000*, lpNumberOfBytesRead=0xc0001b3c04*=0x0, lpOverlapped=0x0) returned 1 [0108.610] CloseHandle (hObject=0x1bc) returned 1 [0108.610] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x22000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0108.615] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0108.619] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001b3d04 | out: lpMode=0xc0001b3d04) returned 0 [0108.625] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.628] GetFileType (hFile=0x1bc) returned 0x1 [0108.628] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000346000*, nNumberOfBytesToWrite=0x20010, lpNumberOfBytesWritten=0xc0001b3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesWritten=0xc0001b3cec*=0x20010, lpOverlapped=0x0) returned 1 [0108.632] CloseHandle (hObject=0x1bc) returned 1 [0108.632] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0108.632] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0108.632] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001b3d64 | out: lpMode=0xc0001b3d64) returned 0 [0108.637] GetFileType (hFile=0x1bc) returned 0x1 [0108.637] WriteFile (in: hFile=0x1bc, lpBuffer=0xc00006c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006c2c0*, lpNumberOfBytesWritten=0xc0001b3d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.638] CloseHandle (hObject=0x1bc) returned 1 [0108.638] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\encry-FSD-CNRY.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\encry-fsd-cnry.fsd"), dwFlags=0x1) returned 1 [0108.672] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0108.672] SetEvent (hEvent=0x9c) returned 1 [0108.672] SetEvent (hEvent=0x1a0) returned 1 [0108.672] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0108.673] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.686] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.686] SetEvent (hEvent=0x1a0) returned 1 [0108.686] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.687] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.687] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.688] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.688] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0108.688] SetEvent (hEvent=0x1a0) returned 1 [0108.688] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.689] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.689] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0108.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\~last~.sharing.xml.obi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0108.690] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000219cf4 | out: lpMode=0xc000219cf4) returned 0 [0108.691] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.708] GetFileType (hFile=0x1bc) returned 0x1 [0108.708] GetFileType (hFile=0x1bc) returned 0x1 [0108.708] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000219d44 | out: lpFileInformation=0xc000219d44) returned 1 [0108.708] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000219d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000219d28) returned 1 [0108.708] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0108.709] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0001c2000, nNumberOfBytesToRead=0x2b9, lpNumberOfBytesRead=0xc000219c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c2000*, lpNumberOfBytesRead=0xc000219c04*=0xb9, lpOverlapped=0x0) returned 1 [0108.710] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0001c20b9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000219c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c20b9*, lpNumberOfBytesRead=0xc000219c04*=0x0, lpOverlapped=0x0) returned 1 [0108.710] CloseHandle (hObject=0x1bc) returned 1 [0108.710] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0108.711] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\~last~.sharing.xml.obi"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0108.712] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000219d04 | out: lpMode=0xc000219d04) returned 0 [0108.713] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.723] GetFileType (hFile=0x1bc) returned 0x1 [0108.724] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0002f80c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000219cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f80c0*, lpNumberOfBytesWritten=0xc000219cec*=0xc0, lpOverlapped=0x0) returned 1 [0108.725] CloseHandle (hObject=0x1bc) returned 1 [0108.725] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000b01 | out: pbBuffer=0xc000000b01) returned 1 [0108.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\~last~.sharing.xml.obi"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0108.725] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000219d64 | out: lpMode=0xc000219d64) returned 0 [0108.726] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.730] GetFileType (hFile=0x1bc) returned 0x1 [0108.730] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.735] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000a4000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000219d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a4000*, lpNumberOfBytesWritten=0xc000219d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.735] CloseHandle (hObject=0x1bc) returned 1 [0108.736] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0108.736] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\~last~.sharing.xml.obi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\encry-~last~.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\encry-~last~.sharing.xml.obi"), dwFlags=0x1) returned 1 [0108.737] GetFileType (hFile=0x128) returned 0x1 [0108.737] WriteFile (in: hFile=0x128, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc0001e9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc0001e9cec*=0x90, lpOverlapped=0x0) returned 1 [0108.738] CloseHandle (hObject=0x128) returned 1 [0108.738] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0108.739] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0108.739] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0108.739] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0108.740] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001e9d64 | out: lpMode=0xc0001e9d64) returned 0 [0108.743] GetFileType (hFile=0x128) returned 0x1 [0108.743] WriteFile (in: hFile=0x128, lpBuffer=0xc0000a4b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001e9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a4b00*, lpNumberOfBytesWritten=0xc0001e9d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.743] CloseHandle (hObject=0x128) returned 1 [0108.743] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0108.744] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0108.744] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\encry-350db95df4cbd94b2a1c300510e12e11.sig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\encry-350db95df4cbd94b2a1c300510e12e11.sig"), dwFlags=0x1) returned 1 [0108.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\publisher"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.745] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0108.745] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher\\*", lpFindFileData=0xc0000c5530 | out: lpFindFileData=0xc0000c5530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb4c1b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.746] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb4c1b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.746] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.746] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.746] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0108.746] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\taskschedulerconfig"), fInfoLevelId=0x0, lpFileInformation=0xc0000c5778 | out: lpFileInformation=0xc0000c5778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3abef650, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3abef650, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3abef650, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\taskschedulerconfig"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.747] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\TaskSchedulerConfig\\*", lpFindFileData=0xc0000c5530 | out: lpFindFileData=0xc0000c5530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3abef650, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3abef650, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3abef650, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.747] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3abef650, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3abef650, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3abef650, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.747] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.747] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.747] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio"), fInfoLevelId=0x0, lpFileInformation=0xc0000c5778 | out: lpFileInformation=0xc0000c5778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x962f4540, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x5ef99320, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x5ef99320, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.748] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\*", lpFindFileData=0xc0000c5530 | out: lpFindFileData=0xc0000c5530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x962f4540, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x5ef99320, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x5ef99320, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.748] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x962f4540, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x5ef99320, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x5ef99320, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.748] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5ef99320, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0x5ef99320, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x5efe55e0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x18ce0, dwReserved0=0x0, dwReserved1=0x0, cFileName="content14.dat", cAlternateFileName="CONTEN~1.DAT")) returned 1 [0108.748] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x976e3d80, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x976e3d80, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x5f055ac0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x1f400, dwReserved0=0x0, dwReserved1=0x0, cFileName="thumbs.dat", cAlternateFileName="")) returned 1 [0108.748] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0108.749] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.749] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0000c56a0 | out: lpFileInformation=0xc0000c56a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5ef99320, ftCreationTime.dwHighDateTime=0x1d305f1, ftLastAccessTime.dwLowDateTime=0x5ef99320, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x5efe55e0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x18ce0)) returned 1 [0108.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0000c56a0 | out: lpFileInformation=0xc0000c56a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x976e3d80, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x976e3d80, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x5f055ac0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x1f400)) returned 1 [0108.750] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows"), fInfoLevelId=0x0, lpFileInformation=0xc0000c5778 | out: lpFileInformation=0xc0000c5778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d1fc80, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0108.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.750] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\*", lpFindFileData=0xc0000c5530 | out: lpFindFileData=0xc0000c5530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d1fc80, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.750] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d1fc80, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.750] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x666948e0, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x666948e0, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x666948e0, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1024", cAlternateFileName="")) returned 1 [0108.750] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x34d50a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x34ef3970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x34ef3970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0108.750] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x926116d0, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x926116d0, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Burn", cAlternateFileName="")) returned 1 [0108.750] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8deb4c00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8deb4c00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Caches", cAlternateFileName="")) returned 1 [0108.750] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Explorer", cAlternateFileName="")) returned 1 [0108.751] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef3b9d6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="GameExplorer", cAlternateFileName="GAMEEX~1")) returned 1 [0108.751] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0108.751] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ringtones", cAlternateFileName="RINGTO~1")) returned 1 [0108.751] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe7138400, ftLastAccessTime.dwHighDateTime=0x1d2e625, ftLastWriteTime.dwLowDateTime=0xe7138400, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0108.751] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd8d1fc80, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d1fc80, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 1 [0108.751] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8f3fc040, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8f3fc040, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsrClass.dat", cAlternateFileName="")) returned 1 [0108.751] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8f3d5ee0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsrClass.dat.LOG1", cAlternateFileName="USRCLA~2.LOG")) returned 1 [0108.751] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9c5705f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsrClass.dat.LOG2", cAlternateFileName="USRCLA~1.LOG")) returned 1 [0108.751] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x962222ec, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf", cAlternateFileName="USRCLA~1.BLF")) returned 1 [0108.751] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x961fc18b, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="USRCLA~2.REG")) returned 1 [0108.751] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x961fc18b, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="USRCLA~1.REG")) returned 1 [0108.751] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WER", cAlternateFileName="")) returned 1 [0108.751] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa734ff0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xa734ff0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xa734ff0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate.log", cAlternateFileName="WINDOW~1.LOG")) returned 1 [0108.751] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000c5560 | out: lpFindFileData=0xc0000c5560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.751] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.751] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1024" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1024"), fInfoLevelId=0x0, lpFileInformation=0xc0000c56a0 | out: lpFileInformation=0xc0000c56a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x666948e0, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x666948e0, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x666948e0, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.759] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.765] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.766] SetEvent (hEvent=0x15c) returned 1 [0108.766] SetEvent (hEvent=0x1a0) returned 1 [0108.766] SetEvent (hEvent=0xf4) returned 1 [0108.766] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.778] VirtualFree (lpAddress=0xc000234000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.778] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0108.779] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.779] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.780] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.780] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.780] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.781] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.781] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.781] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.781] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.782] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.782] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.782] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000143818, lpReserved=0x0 | out: lpBuffer=0xc000586018*, lpNumberOfCharsWritten=0xc000143818*=0x2) returned 1 [0108.801] SetEvent (hEvent=0x9c) returned 1 [0108.801] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.809] SetEvent (hEvent=0x15c) returned 1 [0108.809] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.845] SetEvent (hEvent=0x9c) returned 1 [0108.845] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.867] SetEvent (hEvent=0x164) returned 1 [0108.867] SetEvent (hEvent=0x188) returned 1 [0108.867] SetEvent (hEvent=0x9c) returned 1 [0108.867] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.874] SetEvent (hEvent=0x164) returned 1 [0108.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0108.875] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000179cf4 | out: lpMode=0xc000179cf4) returned 0 [0108.877] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.892] GetFileType (hFile=0xec) returned 0x1 [0108.892] GetFileType (hFile=0xec) returned 0x1 [0108.893] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000179d44 | out: lpFileInformation=0xc000179d44) returned 1 [0108.893] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000179d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000179d28) returned 1 [0108.893] ReadFile (in: hFile=0xec, lpBuffer=0xc00004e2c0, nNumberOfBytesToRead=0x2ae, lpNumberOfBytesRead=0xc000179c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e2c0*, lpNumberOfBytesRead=0xc000179c04*=0xae, lpOverlapped=0x0) returned 1 [0108.894] ReadFile (in: hFile=0xec, lpBuffer=0xc00004e36e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000179c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e36e*, lpNumberOfBytesRead=0xc000179c04*=0x0, lpOverlapped=0x0) returned 1 [0108.894] CloseHandle (hObject=0xec) returned 1 [0108.894] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0108.894] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.895] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini\\*", lpFindFileData=0xc000179a08 | out: lpFindFileData=0xc000179a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0108.895] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000179720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0108.895] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0108.895] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000052000*, nNumberOfCharsToWrite=0x6c, lpNumberOfCharsWritten=0xc000179808, lpReserved=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfCharsWritten=0xc000179808*=0x6c) returned 1 [0108.903] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.917] SetEvent (hEvent=0x164) returned 1 [0108.917] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.918] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0108.972] SwitchToThread () returned 1 [0108.976] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0108.976] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0108.977] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0108.977] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\*", lpFindFileData=0xc0002212a8 | out: lpFindFileData=0xc0002212a8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45c34df0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.977] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45c34df0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.977] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x91, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0108.977] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f0b6db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f0b6db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x432daef0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0108.977] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x45c34df0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45c34df0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSHist012017071220170713", cAlternateFileName="MSHIST~1")) returned 1 [0108.977] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.978] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.978] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0108.978] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x45c34df0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45c34df0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.978] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.978] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0108.979] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0108.979] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0108.980] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\*", lpFindFileData=0xc0002211d0 | out: lpFindFileData=0xc0002211d0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x45c34df0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45c34df0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.980] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x45c34df0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45c34df0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.980] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x45c34df0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0108.980] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.980] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.980] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0108.980] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x45c34df0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0108.981] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0108.981] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0108.982] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x91)) returned 1 [0108.982] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0108.982] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0108.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f0b6db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f0b6db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x432daef0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0108.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x91)) returned 1 [0108.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x91)) returned 1 [0108.983] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0108.984] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Ringtones" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\ringtones"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.984] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Ringtones" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\ringtones"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.985] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0108.985] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Ringtones\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.985] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96dfdac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.985] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.985] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.985] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe7138400, ftLastAccessTime.dwHighDateTime=0x1d2e625, ftLastWriteTime.dwLowDateTime=0xe7138400, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0108.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.986] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe7138400, ftLastAccessTime.dwHighDateTime=0x1d2e625, ftLastWriteTime.dwLowDateTime=0xe7138400, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe7138400, ftLastAccessTime.dwHighDateTime=0x1d2e625, ftLastWriteTime.dwLowDateTime=0xe7138400, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Content.IE5", cAlternateFileName="")) returned 1 [0108.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x2dbf3370, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2dbf3370, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x2dbf3370, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Content.MSO", cAlternateFileName="")) returned 1 [0108.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xe7138400, ftCreationTime.dwHighDateTime=0x1d2e625, ftLastAccessTime.dwLowDateTime=0x27b4c650, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27b4c650, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Content.Word", cAlternateFileName="CONTEN~1.WOR")) returned 1 [0108.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe710360, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0108.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x51445650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51445650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0108.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Virtualized", cAlternateFileName="VIRTUA~1")) returned 1 [0108.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.986] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0108.987] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.987] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.987] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e5e3095, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.987] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3e570c75, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0108.987] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe2a9ffc0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0108.987] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b7a8160, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2b7a8160, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MM5O9XQS", cAlternateFileName="")) returned 1 [0108.987] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c153ac0, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2c153ac0, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PMMR5K9K", cAlternateFileName="")) returned 1 [0108.987] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b7a8160, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2b7a8160, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RIJUQL1C", cAlternateFileName="")) returned 1 [0108.987] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c153ac0, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2c153ac0, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="X9OHK109", cAlternateFileName="")) returned 1 [0108.987] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.987] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b7a8160, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2b7a8160, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.988] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.988] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\*", lpFindFileData=0xc0002212a8 | out: lpFindFileData=0xc0002212a8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b7a8160, ftLastAccessTime.dwHighDateTime=0x1d42023, ftLastWriteTime.dwLowDateTime=0x2b7a8160, ftLastWriteTime.dwHighDateTime=0x1d42023, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.991] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0109.008] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0109.009] SetEvent (hEvent=0x9c) returned 1 [0109.010] SetEvent (hEvent=0x164) returned 1 [0109.010] SetEvent (hEvent=0x1a0) returned 1 [0109.010] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0109.031] SetEvent (hEvent=0x164) returned 1 [0109.032] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0109.036] SetEvent (hEvent=0x1a0) returned 1 [0109.036] SetEvent (hEvent=0x164) returned 1 [0109.036] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0109.040] SetEvent (hEvent=0x164) returned 1 [0109.040] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.040] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0109.040] SetEvent (hEvent=0xc0) returned 1 [0109.040] SetEvent (hEvent=0x164) returned 1 [0109.041] SetEvent (hEvent=0x188) returned 1 [0109.041] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.045] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0109.045] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.150] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0109.150] SetEvent (hEvent=0x1a0) returned 1 [0109.150] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.212] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.213] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0109.213] SetEvent (hEvent=0xc0) returned 1 [0109.213] SetEvent (hEvent=0x1a0) returned 1 [0109.213] SetEvent (hEvent=0x164) returned 1 [0109.213] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0109.215] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.219] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.224] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0109.224] SetEvent (hEvent=0x15c) returned 1 [0109.224] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.239] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0109.239] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000161cf4 | out: lpMode=0xc000161cf4) returned 0 [0109.244] GetFileType (hFile=0x180) returned 0x1 [0109.244] GetFileType (hFile=0x180) returned 0x1 [0109.244] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc000161d44 | out: lpFileInformation=0xc000161d44) returned 1 [0109.244] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc000161d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000161d28) returned 1 [0109.244] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0109.246] ReadFile (in: hFile=0x180, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x6200, lpNumberOfBytesRead=0xc000161c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000161c04*=0x6000, lpOverlapped=0x0) returned 1 [0109.398] ReadFile (in: hFile=0x180, lpBuffer=0xc0002aa000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000161c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002aa000*, lpNumberOfBytesRead=0xc000161c04*=0x0, lpOverlapped=0x0) returned 1 [0109.398] CloseHandle (hObject=0x180) returned 1 [0109.398] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0109.398] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0109.399] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0109.399] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0109.401] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000161d04 | out: lpMode=0xc000161d04) returned 0 [0109.403] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0109.411] GetFileType (hFile=0x180) returned 0x1 [0109.411] WriteFile (in: hFile=0x180, lpBuffer=0xc0002aaa80*, nNumberOfBytesToWrite=0x6010, lpNumberOfBytesWritten=0xc000161cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002aaa80*, lpNumberOfBytesWritten=0xc000161cec*=0x6010, lpOverlapped=0x0) returned 1 [0109.412] CloseHandle (hObject=0x180) returned 1 [0109.413] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0109.413] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0109.413] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000161d64 | out: lpMode=0xc000161d64) returned 0 [0109.554] SwitchToThread () returned 1 [0109.699] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0109.719] GetFileType (hFile=0x180) returned 0x1 [0109.719] WriteFile (in: hFile=0x180, lpBuffer=0xc000146420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000161d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000146420*, lpNumberOfBytesWritten=0xc000161d4c*=0x158, lpOverlapped=0x0) returned 1 [0109.719] CloseHandle (hObject=0x180) returned 1 [0109.719] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0109.719] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0109.720] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0109.720] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\encry-ExplorerStartupLog.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\encry-explorerstartuplog.etl"), dwFlags=0x1) returned 1 [0109.721] SetEvent (hEvent=0x188) returned 1 [0109.722] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0109.754] SetEvent (hEvent=0x108) returned 1 [0109.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0109.755] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000275cf4 | out: lpMode=0xc000275cf4) returned 0 [0109.762] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0109.772] GetFileType (hFile=0x128) returned 0x1 [0109.772] GetFileType (hFile=0x128) returned 0x1 [0109.772] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000275d44 | out: lpFileInformation=0xc000275d44) returned 1 [0109.772] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000275d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000275d28) returned 1 [0109.772] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0109.772] ReadFile (in: hFile=0x128, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc000275c04*=0x43, lpOverlapped=0x0) returned 1 [0109.773] ReadFile (in: hFile=0x128, lpBuffer=0xc00006c043, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c043*, lpNumberOfBytesRead=0xc000275c04*=0x0, lpOverlapped=0x0) returned 1 [0109.773] CloseHandle (hObject=0x128) returned 1 [0109.773] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.774] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0109.774] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini\\*", lpFindFileData=0xc000275a08 | out: lpFindFileData=0xc000275a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.774] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000275720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0109.774] SetEvent (hEvent=0x1a0) returned 1 [0109.774] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0109.805] SetEvent (hEvent=0x1a0) returned 1 [0109.805] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0109.974] SetEvent (hEvent=0x108) returned 1 [0109.974] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0109.994] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.016] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.018] SetEvent (hEvent=0xf4) returned 1 [0110.018] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.022] SetEvent (hEvent=0x1a0) returned 1 [0110.022] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.054] SetEvent (hEvent=0x15c) returned 1 [0110.054] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.064] SetEvent (hEvent=0x114) returned 1 [0110.064] SetEvent (hEvent=0x1a0) returned 1 [0110.065] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.091] SetEvent (hEvent=0x9c) returned 1 [0110.091] SetEvent (hEvent=0x114) returned 1 [0110.091] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.093] SetEvent (hEvent=0x1a0) returned 1 [0110.093] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.099] SetEvent (hEvent=0x108) returned 1 [0110.099] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.102] GetFileType (hFile=0x1dc) returned 0x1 [0110.102] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0002ac000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000275d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ac000*, lpNumberOfBytesWritten=0xc000275d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.103] CloseHandle (hObject=0x1dc) returned 1 [0110.103] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0110.103] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0110.104] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0110.105] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0110.105] SetEvent (hEvent=0x1a0) returned 1 [0110.105] SetEvent (hEvent=0x114) returned 1 [0110.105] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.114] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.114] SetEvent (hEvent=0x114) returned 1 [0110.114] SetEvent (hEvent=0x164) returned 1 [0110.114] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.116] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.116] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.117] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.117] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0110.117] SetEvent (hEvent=0x1a0) returned 1 [0110.117] SetEvent (hEvent=0x164) returned 1 [0110.117] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.140] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.140] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0110.141] SetEvent (hEvent=0x13c) returned 1 [0110.141] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.148] SetEvent (hEvent=0x114) returned 1 [0110.148] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.151] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.152] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0110.152] SetEvent (hEvent=0x164) returned 1 [0110.152] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.153] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.153] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0110.154] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001edcf4 | out: lpMode=0xc0001edcf4) returned 0 [0110.158] GetFileType (hFile=0x1dc) returned 0x1 [0110.158] GetFileType (hFile=0x1dc) returned 0x1 [0110.158] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc0001edd44 | out: lpFileInformation=0xc0001edd44) returned 1 [0110.158] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc0001edd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001edd28) returned 1 [0110.158] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0110.158] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0002fe000, nNumberOfBytesToRead=0x4c8, lpNumberOfBytesRead=0xc0001edc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fe000*, lpNumberOfBytesRead=0xc0001edc04*=0x2c8, lpOverlapped=0x0) returned 1 [0110.163] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0002fe2c8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001edc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fe2c8*, lpNumberOfBytesRead=0xc0001edc04*=0x0, lpOverlapped=0x0) returned 1 [0110.163] CloseHandle (hObject=0x1dc) returned 1 [0110.163] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0110.163] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0110.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0110.181] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.193] SetEvent (hEvent=0x9c) returned 1 [0110.194] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001edd04 | out: lpMode=0xc0001edd04) returned 0 [0110.195] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.205] GetFileType (hFile=0x1dc) returned 0x1 [0110.205] WriteFile (in: hFile=0x1dc, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0xc0001edcec, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc0001edcec*=0x2d0, lpOverlapped=0x0) returned 1 [0110.206] CloseHandle (hObject=0x1dc) returned 1 [0110.208] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0110.208] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0110.208] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0110.209] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0110.209] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0110.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.210] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0001edd64 | out: lpMode=0xc0001edd64) returned 0 [0110.214] GetFileType (hFile=0x1b4) returned 0x1 [0110.214] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001edd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001edd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.215] CloseHandle (hObject=0x1b4) returned 1 [0110.217] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-AA8uCo4[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-aa8uco4[1].png"), dwFlags=0x1) returned 1 [0110.409] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0110.409] SetEvent (hEvent=0x1a0) returned 1 [0110.409] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.411] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0110.411] SetEvent (hEvent=0x13c) returned 1 [0110.411] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.414] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.415] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0110.415] SetEvent (hEvent=0x1a0) returned 1 [0110.415] SetEvent (hEvent=0xfc) returned 1 [0110.416] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.417] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.417] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.421] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.421] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0110.421] SetEvent (hEvent=0x13c) returned 1 [0110.421] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.424] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.424] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.429] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.436] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.464] SetEvent (hEvent=0x198) returned 1 [0110.464] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.468] SetEvent (hEvent=0x198) returned 1 [0110.468] SetEvent (hEvent=0x108) returned 1 [0110.469] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.469] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.469] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.470] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.470] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.470] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.470] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586030*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000203818, lpReserved=0x0 | out: lpBuffer=0xc000586030*, lpNumberOfCharsWritten=0xc000203818*=0x2) returned 1 [0110.477] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.483] SetEvent (hEvent=0x108) returned 1 [0110.483] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0110.483] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0110.483] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0110.484] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00014dcf4 | out: lpMode=0xc00014dcf4) returned 0 [0110.485] GetFileType (hFile=0x128) returned 0x1 [0110.485] GetFileType (hFile=0x128) returned 0x1 [0110.485] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00014dd44 | out: lpFileInformation=0xc00014dd44) returned 1 [0110.485] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00014dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014dd28) returned 1 [0110.485] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0110.485] ReadFile (in: hFile=0x128, lpBuffer=0xc00016c000, nNumberOfBytesToRead=0x368, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c000*, lpNumberOfBytesRead=0xc00014dc04*=0x168, lpOverlapped=0x0) returned 1 [0110.488] ReadFile (in: hFile=0x128, lpBuffer=0xc00016c168, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c168*, lpNumberOfBytesRead=0xc00014dc04*=0x0, lpOverlapped=0x0) returned 1 [0110.488] CloseHandle (hObject=0x128) returned 1 [0110.488] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0110.489] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0110.489] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0110.489] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0110.490] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.496] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00014dd04 | out: lpMode=0xc00014dd04) returned 0 [0110.498] GetFileType (hFile=0x128) returned 0x1 [0110.498] WriteFile (in: hFile=0x128, lpBuffer=0xc000074000*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0xc00014dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000074000*, lpNumberOfBytesWritten=0xc00014dcec*=0x170, lpOverlapped=0x0) returned 1 [0110.499] CloseHandle (hObject=0x128) returned 1 [0110.499] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0110.500] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0110.500] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0110.500] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0110.501] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.501] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00014dd64 | out: lpMode=0xc00014dd64) returned 0 [0110.502] GetFileType (hFile=0x128) returned 0x1 [0110.502] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00014dd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.502] CloseHandle (hObject=0x128) returned 1 [0110.503] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BB74fLs[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bb74fls[1].png"), dwFlags=0x1) returned 1 [0110.537] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.537] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0110.537] SetEvent (hEvent=0x1a0) returned 1 [0110.537] SetEvent (hEvent=0x9c) returned 1 [0110.538] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.543] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0110.543] SetEvent (hEvent=0x9c) returned 1 [0110.543] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.547] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.565] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.573] SetEvent (hEvent=0x198) returned 1 [0110.573] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.574] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0110.575] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000167cf4 | out: lpMode=0xc000167cf4) returned 0 [0110.575] GetFileType (hFile=0x128) returned 0x1 [0110.575] GetFileType (hFile=0x128) returned 0x1 [0110.576] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000167d44 | out: lpFileInformation=0xc000167d44) returned 1 [0110.576] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000167d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000167d28) returned 1 [0110.576] ReadFile (in: hFile=0x128, lpBuffer=0xc00050d980, nNumberOfBytesToRead=0x196d, lpNumberOfBytesRead=0xc000167c04, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesRead=0xc000167c04*=0x176d, lpOverlapped=0x0) returned 1 [0110.582] ReadFile (in: hFile=0x128, lpBuffer=0xc00050f0ed, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000167c04, lpOverlapped=0x0 | out: lpBuffer=0xc00050f0ed*, lpNumberOfBytesRead=0xc000167c04*=0x0, lpOverlapped=0x0) returned 1 [0110.582] CloseHandle (hObject=0x128) returned 1 [0110.582] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0110.582] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0110.584] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.586] SetEvent (hEvent=0xc0) returned 1 [0110.586] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000167d04 | out: lpMode=0xc000167d04) returned 0 [0110.586] GetFileType (hFile=0x128) returned 0x1 [0110.586] WriteFile (in: hFile=0x128, lpBuffer=0xc000168000*, nNumberOfBytesToWrite=0x1770, lpNumberOfBytesWritten=0xc000167cec, lpOverlapped=0x0 | out: lpBuffer=0xc000168000*, lpNumberOfBytesWritten=0xc000167cec*=0x1770, lpOverlapped=0x0) returned 1 [0110.587] CloseHandle (hObject=0x128) returned 1 [0110.588] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0110.588] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0110.588] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0110.589] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.589] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000167d64 | out: lpMode=0xc000167d64) returned 0 [0110.589] GetFileType (hFile=0x128) returned 0x1 [0110.589] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000167d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000167d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.589] CloseHandle (hObject=0x128) returned 1 [0110.590] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbo1mq[1].jpg"), dwFlags=0x1) returned 1 [0110.638] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0110.638] SetEvent (hEvent=0x1a0) returned 1 [0110.638] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.639] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0110.639] SetEvent (hEvent=0x1a0) returned 1 [0110.639] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.644] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.652] SetEvent (hEvent=0x13c) returned 1 [0110.652] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.658] SetEvent (hEvent=0x13c) returned 1 [0110.658] SetEvent (hEvent=0x9c) returned 1 [0110.658] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.658] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.659] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010068*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001bb818, lpReserved=0x0 | out: lpBuffer=0xc000010068*, lpNumberOfCharsWritten=0xc0001bb818*=0x2) returned 1 [0110.660] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.667] SetEvent (hEvent=0xfc) returned 1 [0110.667] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.669] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0110.669] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000185cf4 | out: lpMode=0xc000185cf4) returned 0 [0110.670] GetFileType (hFile=0x1bc) returned 0x1 [0110.670] GetFileType (hFile=0x1bc) returned 0x1 [0110.670] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000185d44 | out: lpFileInformation=0xc000185d44) returned 1 [0110.670] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000185d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000185d28) returned 1 [0110.670] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002a6500, nNumberOfBytesToRead=0x20e7, lpNumberOfBytesRead=0xc000185c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a6500*, lpNumberOfBytesRead=0xc000185c04*=0x1ee7, lpOverlapped=0x0) returned 1 [0110.675] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002a83e7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000185c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a83e7*, lpNumberOfBytesRead=0xc000185c04*=0x0, lpOverlapped=0x0) returned 1 [0110.675] CloseHandle (hObject=0x1bc) returned 1 [0110.675] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.675] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0110.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.678] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000185d04 | out: lpMode=0xc000185d04) returned 0 [0110.678] GetFileType (hFile=0x1bc) returned 0x1 [0110.678] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000050000*, nNumberOfBytesToWrite=0x1ef0, lpNumberOfBytesWritten=0xc000185cec, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesWritten=0xc000185cec*=0x1ef0, lpOverlapped=0x0) returned 1 [0110.680] CloseHandle (hObject=0x1bc) returned 1 [0110.680] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0201 | out: pbBuffer=0xc0000e0201) returned 1 [0110.680] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0110.680] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0110.681] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.681] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000185d64 | out: lpMode=0xc000185d64) returned 0 [0110.682] GetFileType (hFile=0x1bc) returned 0x1 [0110.682] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000185d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000185d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.682] CloseHandle (hObject=0x1bc) returned 1 [0110.683] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBPUFJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbpufj[1].jpg"), dwFlags=0x1) returned 1 [0110.717] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.718] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.718] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0110.718] SetEvent (hEvent=0xfc) returned 1 [0110.718] SetEvent (hEvent=0x108) returned 1 [0110.719] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.724] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0110.724] SetEvent (hEvent=0x108) returned 1 [0110.724] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.726] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.746] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.756] SetEvent (hEvent=0x13c) returned 1 [0110.756] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.759] SetEvent (hEvent=0x13c) returned 1 [0110.759] SetEvent (hEvent=0x9c) returned 1 [0110.759] VirtualFree (lpAddress=0xc0002a4000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0110.760] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.760] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.760] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010080*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001b7818, lpReserved=0x0 | out: lpBuffer=0xc000010080*, lpNumberOfCharsWritten=0xc0001b7818*=0x2) returned 1 [0110.762] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.767] SetEvent (hEvent=0x9c) returned 1 [0110.767] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0110.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0110.768] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001b7cf4 | out: lpMode=0xc0001b7cf4) returned 0 [0110.769] GetFileType (hFile=0x1dc) returned 0x1 [0110.769] GetFileType (hFile=0x1dc) returned 0x1 [0110.769] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc0001b7d44 | out: lpFileInformation=0xc0001b7d44) returned 1 [0110.769] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc0001b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b7d28) returned 1 [0110.769] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0110.770] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0110.770] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0xb7a, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc0001b7c04*=0x97a, lpOverlapped=0x0) returned 1 [0110.772] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0000fa97a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa97a*, lpNumberOfBytesRead=0xc0001b7c04*=0x0, lpOverlapped=0x0) returned 1 [0110.772] CloseHandle (hObject=0x1dc) returned 1 [0110.772] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0110.773] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0110.773] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0110.774] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0110.780] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001b7d04 | out: lpMode=0xc0001b7d04) returned 0 [0110.780] GetFileType (hFile=0x1dc) returned 0x1 [0110.780] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000a2000*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0xc0001b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesWritten=0xc0001b7cec*=0x980, lpOverlapped=0x0) returned 1 [0110.781] CloseHandle (hObject=0x1dc) returned 1 [0110.782] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0110.782] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0110.782] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0110.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0110.783] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001b7d64 | out: lpMode=0xc0001b7d64) returned 0 [0110.784] GetFileType (hFile=0x1dc) returned 0x1 [0110.784] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.784] CloseHandle (hObject=0x1dc) returned 1 [0110.784] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBVJ4r[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbvj4r[1].jpg"), dwFlags=0x1) returned 1 [0110.817] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0110.817] SetEvent (hEvent=0x108) returned 1 [0110.817] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0110.819] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.821] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.821] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0110.821] SetEvent (hEvent=0x108) returned 1 [0110.821] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.824] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.824] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.838] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.843] SetEvent (hEvent=0x13c) returned 1 [0110.843] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.849] SetEvent (hEvent=0x13c) returned 1 [0110.849] VirtualFree (lpAddress=0xc00025a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0110.849] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.850] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.850] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000187818, lpReserved=0x0 | out: lpBuffer=0xc0000a0040*, lpNumberOfCharsWritten=0xc000187818*=0x2) returned 1 [0110.851] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.867] SetEvent (hEvent=0xfc) returned 1 [0110.867] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.869] SetEvent (hEvent=0xfc) returned 1 [0110.869] SetEvent (hEvent=0x13c) returned 1 [0110.869] SetEvent (hEvent=0x1a0) returned 1 [0110.869] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.872] SetEvent (hEvent=0xfc) returned 1 [0110.872] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.873] SetEvent (hEvent=0xfc) returned 1 [0110.873] SetEvent (hEvent=0x9c) returned 1 [0110.873] SetEvent (hEvent=0x1a0) returned 1 [0110.873] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.888] SetEvent (hEvent=0x108) returned 1 [0110.888] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.893] SetEvent (hEvent=0x108) returned 1 [0110.893] SetEvent (hEvent=0x198) returned 1 [0110.893] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.893] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.894] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.894] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.894] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.894] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.895] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.895] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010078*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000bd818, lpReserved=0x0 | out: lpBuffer=0xc000010078*, lpNumberOfCharsWritten=0xc0000bd818*=0x2) returned 1 [0110.901] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.911] SetEvent (hEvent=0x1a0) returned 1 [0110.911] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.916] SetEvent (hEvent=0x1a0) returned 1 [0110.916] SetEvent (hEvent=0x198) returned 1 [0110.916] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0110.917] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.917] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.917] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.918] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.918] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.918] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.919] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.919] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.919] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.919] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.920] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.920] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001a7818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0001a7818*=0x2) returned 1 [0110.921] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0110.924] SetEvent (hEvent=0x198) returned 1 [0110.924] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0110.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0110.925] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001a7cf4 | out: lpMode=0xc0001a7cf4) returned 0 [0110.925] GetFileType (hFile=0x128) returned 0x1 [0110.925] GetFileType (hFile=0x128) returned 0x1 [0110.926] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0001a7d44 | out: lpFileInformation=0xc0001a7d44) returned 1 [0110.926] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0001a7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a7d28) returned 1 [0110.926] ReadFile (in: hFile=0x128, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x2920, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0001a7c04*=0x2720, lpOverlapped=0x0) returned 1 [0110.966] ReadFile (in: hFile=0x128, lpBuffer=0xc000232720, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000232720*, lpNumberOfBytesRead=0xc0001a7c04*=0x0, lpOverlapped=0x0) returned 1 [0110.966] CloseHandle (hObject=0x128) returned 1 [0110.966] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0110.966] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0110.966] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0110.967] VirtualAlloc (lpAddress=0xc0002b0000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b0000 [0110.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.985] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001a7d04 | out: lpMode=0xc0001a7d04) returned 0 [0110.990] GetFileType (hFile=0x128) returned 0x1 [0110.990] WriteFile (in: hFile=0x128, lpBuffer=0xc0002b0000*, nNumberOfBytesToWrite=0x2730, lpNumberOfBytesWritten=0xc0001a7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b0000*, lpNumberOfBytesWritten=0xc0001a7cec*=0x2730, lpOverlapped=0x0) returned 1 [0110.991] CloseHandle (hObject=0x128) returned 1 [0110.992] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532501 | out: pbBuffer=0xc000532501) returned 1 [0110.992] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0110.993] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0110.993] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0110.994] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0110.994] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0110.995] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0110.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0110.995] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001a7d64 | out: lpMode=0xc0001a7d64) returned 0 [0110.998] GetFileType (hFile=0x1dc) returned 0x1 [0110.998] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001a7d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.998] CloseHandle (hObject=0x1dc) returned 1 [0111.000] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0111.001] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBC0lYn[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbc0lyn[1].jpg"), dwFlags=0x1) returned 1 [0111.044] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0111.044] SetEvent (hEvent=0x164) returned 1 [0111.044] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0111.045] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.047] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0111.047] SetEvent (hEvent=0x164) returned 1 [0111.047] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.059] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.059] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.061] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.061] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0111.061] SetEvent (hEvent=0xc0) returned 1 [0111.061] SetEvent (hEvent=0x198) returned 1 [0111.061] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0111.062] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.063] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0111.063] SetEvent (hEvent=0x164) returned 1 [0111.063] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.068] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.068] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0111.068] SetEvent (hEvent=0x198) returned 1 [0111.069] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.070] SetEvent (hEvent=0x198) returned 1 [0111.070] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.074] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0111.074] SetEvent (hEvent=0xfc) returned 1 [0111.075] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.077] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.079] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0111.079] SetEvent (hEvent=0xc0) returned 1 [0111.079] SetEvent (hEvent=0x9c) returned 1 [0111.079] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0111.080] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.082] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.083] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.083] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0111.083] SetEvent (hEvent=0xfc) returned 1 [0111.083] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.086] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.087] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0111.087] SetEvent (hEvent=0x13c) returned 1 [0111.087] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.088] SetEvent (hEvent=0x13c) returned 1 [0111.088] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.091] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0111.091] SetEvent (hEvent=0xfc) returned 1 [0111.091] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.094] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.094] GetFileType (hFile=0x1e4) returned 0x1 [0111.094] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000a2000*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0xc0001a7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesWritten=0xc0001a7cec*=0x8e0, lpOverlapped=0x0) returned 1 [0111.095] CloseHandle (hObject=0x1e4) returned 1 [0111.098] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0111.098] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0111.098] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0111.099] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0111.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.099] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001a7d64 | out: lpMode=0xc0001a7d64) returned 0 [0111.099] GetFileType (hFile=0x1dc) returned 0x1 [0111.099] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001a7d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.100] CloseHandle (hObject=0x1dc) returned 1 [0111.100] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBE97O8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbe97o8[1].jpg"), dwFlags=0x1) returned 1 [0111.153] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0111.154] SetEvent (hEvent=0x1a0) returned 1 [0111.154] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.155] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0111.155] SetEvent (hEvent=0x13c) returned 1 [0111.155] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.160] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.162] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0111.162] SetEvent (hEvent=0x1a0) returned 1 [0111.162] SetEvent (hEvent=0x120) returned 1 [0111.163] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.164] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.164] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.168] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.168] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0111.168] SetEvent (hEvent=0x13c) returned 1 [0111.168] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.172] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.172] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.224] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.236] SetEvent (hEvent=0x1a0) returned 1 [0111.236] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.238] SetEvent (hEvent=0x1a0) returned 1 [0111.239] SetEvent (hEvent=0x164) returned 1 [0111.239] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.239] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.240] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.240] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.240] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.241] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.241] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.241] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000187818, lpReserved=0x0 | out: lpBuffer=0xc000060010*, lpNumberOfCharsWritten=0xc000187818*=0x2) returned 1 [0111.244] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.251] SetEvent (hEvent=0x13c) returned 1 [0111.251] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.254] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0111.254] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000215cf4 | out: lpMode=0xc000215cf4) returned 0 [0111.255] GetFileType (hFile=0x1dc) returned 0x1 [0111.255] GetFileType (hFile=0x1dc) returned 0x1 [0111.255] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc000215d44 | out: lpFileInformation=0xc000215d44) returned 1 [0111.256] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc000215d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000215d28) returned 1 [0111.256] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0111.256] ReadFile (in: hFile=0x1dc, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x26c8, lpNumberOfBytesRead=0xc000215c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc000215c04*=0x24c8, lpOverlapped=0x0) returned 1 [0111.262] ReadFile (in: hFile=0x1dc, lpBuffer=0xc00025c4c8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000215c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025c4c8*, lpNumberOfBytesRead=0xc000215c04*=0x0, lpOverlapped=0x0) returned 1 [0111.262] CloseHandle (hObject=0x1dc) returned 1 [0111.262] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0111.263] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0111.264] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.266] SetEvent (hEvent=0xc0) returned 1 [0111.266] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000215d04 | out: lpMode=0xc000215d04) returned 0 [0111.266] GetFileType (hFile=0x1dc) returned 0x1 [0111.266] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0x24d0, lpNumberOfBytesWritten=0xc000215cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc000215cec*=0x24d0, lpOverlapped=0x0) returned 1 [0111.268] CloseHandle (hObject=0x1dc) returned 1 [0111.268] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0111.268] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0111.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.269] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000215d64 | out: lpMode=0xc000215d64) returned 0 [0111.269] GetFileType (hFile=0x1dc) returned 0x1 [0111.269] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000215d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000215d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.269] CloseHandle (hObject=0x1dc) returned 1 [0111.270] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEeP0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbeep0k[1].jpg"), dwFlags=0x1) returned 1 [0111.306] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.306] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0111.306] SetEvent (hEvent=0x13c) returned 1 [0111.306] SetEvent (hEvent=0x9c) returned 1 [0111.307] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.310] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0111.311] SetEvent (hEvent=0x9c) returned 1 [0111.311] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.313] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.331] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.345] SetEvent (hEvent=0x1a0) returned 1 [0111.345] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.348] SetEvent (hEvent=0x1a0) returned 1 [0111.348] SetEvent (hEvent=0x164) returned 1 [0111.348] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0111.348] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.349] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.349] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.349] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.349] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.350] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010050*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00013f818, lpReserved=0x0 | out: lpBuffer=0xc000010050*, lpNumberOfCharsWritten=0xc00013f818*=0x2) returned 1 [0111.352] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.359] SetEvent (hEvent=0x13c) returned 1 [0111.359] SetEvent (hEvent=0x164) returned 1 [0111.359] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0111.360] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00013fcf4 | out: lpMode=0xc00013fcf4) returned 0 [0111.360] GetFileType (hFile=0x1e4) returned 0x1 [0111.360] GetFileType (hFile=0x1e4) returned 0x1 [0111.360] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc00013fd44 | out: lpFileInformation=0xc00013fd44) returned 1 [0111.360] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc00013fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013fd28) returned 1 [0111.360] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0111.361] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0000a4000, nNumberOfBytesToRead=0x1c59, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a4000*, lpNumberOfBytesRead=0xc00013fc04*=0x1a59, lpOverlapped=0x0) returned 1 [0111.363] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0000a5a59, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a5a59*, lpNumberOfBytesRead=0xc00013fc04*=0x0, lpOverlapped=0x0) returned 1 [0111.363] CloseHandle (hObject=0x1e4) returned 1 [0111.363] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0111.364] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0111.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.369] SetEvent (hEvent=0xc0) returned 1 [0111.369] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00013fd04 | out: lpMode=0xc00013fd04) returned 0 [0111.370] GetFileType (hFile=0x1e4) returned 0x1 [0111.370] WriteFile (in: hFile=0x1e4, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x1a60, lpNumberOfBytesWritten=0xc00013fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc00013fcec*=0x1a60, lpOverlapped=0x0) returned 1 [0111.371] CloseHandle (hObject=0x1e4) returned 1 [0111.371] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0111.371] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0111.372] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.372] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00013fd64 | out: lpMode=0xc00013fd64) returned 0 [0111.372] GetFileType (hFile=0x1e4) returned 0x1 [0111.372] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00013fd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.373] CloseHandle (hObject=0x1e4) returned 1 [0111.373] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbegjfz[1].jpg"), dwFlags=0x1) returned 1 [0111.414] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0111.414] SetEvent (hEvent=0x13c) returned 1 [0111.414] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0111.415] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.418] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.418] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.422] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.422] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0111.423] SetEvent (hEvent=0x9c) returned 1 [0111.423] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.425] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.425] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.443] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.472] SetEvent (hEvent=0x1a0) returned 1 [0111.472] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.475] SetEvent (hEvent=0x1a0) returned 1 [0111.475] SetEvent (hEvent=0x164) returned 1 [0111.475] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.476] VirtualFree (lpAddress=0xc00006a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.476] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.476] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001b7818, lpReserved=0x0 | out: lpBuffer=0xc000586018*, lpNumberOfCharsWritten=0xc0001b7818*=0x2) returned 1 [0111.481] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.487] SetEvent (hEvent=0x13c) returned 1 [0111.487] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.489] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0111.489] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001b7cf4 | out: lpMode=0xc0001b7cf4) returned 0 [0111.490] GetFileType (hFile=0x1dc) returned 0x1 [0111.490] GetFileType (hFile=0x1dc) returned 0x1 [0111.490] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc0001b7d44 | out: lpFileInformation=0xc0001b7d44) returned 1 [0111.490] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc0001b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b7d28) returned 1 [0111.490] ReadFile (in: hFile=0x1dc, lpBuffer=0xc000058000, nNumberOfBytesToRead=0x7e5, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesRead=0xc0001b7c04*=0x5e5, lpOverlapped=0x0) returned 1 [0111.494] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0000585e5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000585e5*, lpNumberOfBytesRead=0xc0001b7c04*=0x0, lpOverlapped=0x0) returned 1 [0111.494] CloseHandle (hObject=0x1dc) returned 1 [0111.494] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0111.495] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0111.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.497] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001b7d04 | out: lpMode=0xc0001b7d04) returned 0 [0111.497] GetFileType (hFile=0x1dc) returned 0x1 [0111.497] WriteFile (in: hFile=0x1dc, lpBuffer=0xc00003e000*, nNumberOfBytesToWrite=0x5f0, lpNumberOfBytesWritten=0xc0001b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003e000*, lpNumberOfBytesWritten=0xc0001b7cec*=0x5f0, lpOverlapped=0x0) returned 1 [0111.498] CloseHandle (hObject=0x1dc) returned 1 [0111.500] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532501 | out: pbBuffer=0xc000532501) returned 1 [0111.500] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0111.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.500] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001b7d64 | out: lpMode=0xc0001b7d64) returned 0 [0111.501] GetFileType (hFile=0x1dc) returned 0x1 [0111.501] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.501] CloseHandle (hObject=0x1dc) returned 1 [0111.502] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEgx5f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbegx5f[1].jpg"), dwFlags=0x1) returned 1 [0111.536] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0111.536] SetEvent (hEvent=0x13c) returned 1 [0111.536] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.538] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.538] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.540] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0111.540] SetEvent (hEvent=0x9c) returned 1 [0111.540] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.543] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.557] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.568] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.570] SetEvent (hEvent=0x1a0) returned 1 [0111.570] SetEvent (hEvent=0x164) returned 1 [0111.570] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.571] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000ee008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc0000ee008*, lpNumberOfCharsWritten=0xc000247818*=0x2) returned 1 [0111.572] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.577] SetEvent (hEvent=0x13c) returned 1 [0111.577] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.579] SetEvent (hEvent=0x13c) returned 1 [0111.579] SetEvent (hEvent=0x164) returned 1 [0111.579] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.579] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.580] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.580] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.580] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00019d818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc00019d818*=0x2) returned 1 [0111.582] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.592] SetEvent (hEvent=0x9c) returned 1 [0111.592] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.597] SetEvent (hEvent=0x9c) returned 1 [0111.597] SetEvent (hEvent=0x1a0) returned 1 [0111.598] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.598] VirtualFree (lpAddress=0xc00006a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.598] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.599] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.599] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.599] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000ee008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001cd818, lpReserved=0x0 | out: lpBuffer=0xc0000ee008*, lpNumberOfCharsWritten=0xc0001cd818*=0x2) returned 1 [0111.601] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.660] SetEvent (hEvent=0xfc) returned 1 [0111.660] SetEvent (hEvent=0x1a0) returned 1 [0111.660] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0111.661] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00022dcf4 | out: lpMode=0xc00022dcf4) returned 0 [0111.662] GetFileType (hFile=0x1e4) returned 0x1 [0111.662] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0111.662] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0111.663] GetFileType (hFile=0x1e4) returned 0x1 [0111.663] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc00022dd44 | out: lpFileInformation=0xc00022dd44) returned 1 [0111.663] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc00022dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022dd28) returned 1 [0111.663] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0111.664] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0111.664] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0001c0000, nNumberOfBytesToRead=0x56c, lpNumberOfBytesRead=0xc00022dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0000*, lpNumberOfBytesRead=0xc00022dc04*=0x36c, lpOverlapped=0x0) returned 1 [0111.667] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0001c036c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c036c*, lpNumberOfBytesRead=0xc00022dc04*=0x0, lpOverlapped=0x0) returned 1 [0111.667] CloseHandle (hObject=0x1e4) returned 1 [0111.667] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0111.668] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0111.668] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0111.668] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0111.669] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.675] SetEvent (hEvent=0xc0) returned 1 [0111.675] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00022dd04 | out: lpMode=0xc00022dd04) returned 0 [0111.676] GetFileType (hFile=0x1e4) returned 0x1 [0111.676] WriteFile (in: hFile=0x1e4, lpBuffer=0xc00005e000*, nNumberOfBytesToWrite=0x370, lpNumberOfBytesWritten=0xc00022dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesWritten=0xc00022dcec*=0x370, lpOverlapped=0x0) returned 1 [0111.677] CloseHandle (hObject=0x1e4) returned 1 [0111.677] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0111.678] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0111.678] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.678] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00022dd64 | out: lpMode=0xc00022dd64) returned 0 [0111.678] GetFileType (hFile=0x1e4) returned 0x1 [0111.679] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00022dd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.679] CloseHandle (hObject=0x1e4) returned 1 [0111.679] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBz3ebk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbz3ebk[1].png"), dwFlags=0x1) returned 1 [0111.720] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.720] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0111.721] SetEvent (hEvent=0xfc) returned 1 [0111.721] SetEvent (hEvent=0x13c) returned 1 [0111.721] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.723] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.723] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0111.723] SetEvent (hEvent=0x13c) returned 1 [0111.724] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.729] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.729] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.749] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.761] SetEvent (hEvent=0x164) returned 1 [0111.761] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.766] SetEvent (hEvent=0x164) returned 1 [0111.766] SetEvent (hEvent=0x1a0) returned 1 [0111.766] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.767] VirtualFree (lpAddress=0xc000050000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.767] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.767] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000126038*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc000126038*, lpNumberOfCharsWritten=0xc000241818*=0x2) returned 1 [0111.769] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.777] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.780] SetEvent (hEvent=0xfc) returned 1 [0111.780] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.783] SetEvent (hEvent=0xfc) returned 1 [0111.783] SetEvent (hEvent=0x164) returned 1 [0111.783] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0111.784] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.784] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.784] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.785] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.785] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.786] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000126000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001a5818, lpReserved=0x0 | out: lpBuffer=0xc000126000*, lpNumberOfCharsWritten=0xc0001a5818*=0x2) returned 1 [0111.788] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.794] SetEvent (hEvent=0x13c) returned 1 [0111.794] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0111.798] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001a5cf4 | out: lpMode=0xc0001a5cf4) returned 0 [0111.799] GetFileType (hFile=0x1bc) returned 0x1 [0111.799] GetFileType (hFile=0x1bc) returned 0x1 [0111.799] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0001a5d44 | out: lpFileInformation=0xc0001a5d44) returned 1 [0111.799] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0001a5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a5d28) returned 1 [0111.799] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0111.799] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00016a000, nNumberOfBytesToRead=0x60b, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesRead=0xc0001a5c04*=0x40b, lpOverlapped=0x0) returned 1 [0111.803] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00016a40b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016a40b*, lpNumberOfBytesRead=0xc0001a5c04*=0x0, lpOverlapped=0x0) returned 1 [0111.803] CloseHandle (hObject=0x1bc) returned 1 [0111.803] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0111.803] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0111.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0111.806] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001a5d04 | out: lpMode=0xc0001a5d04) returned 0 [0111.806] GetFileType (hFile=0x1bc) returned 0x1 [0111.806] WriteFile (in: hFile=0x1bc, lpBuffer=0xc00007c000*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0xc0001a5cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesWritten=0xc0001a5cec*=0x410, lpOverlapped=0x0) returned 1 [0111.807] CloseHandle (hObject=0x1bc) returned 1 [0111.808] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0111.808] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0111.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0111.809] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001a5d64 | out: lpMode=0xc0001a5d64) returned 0 [0111.809] GetFileType (hFile=0x1bc) returned 0x1 [0111.809] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001a5d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.810] CloseHandle (hObject=0x1bc) returned 1 [0111.810] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-async_usersync[1]"), dwFlags=0x1) returned 1 [0111.846] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.847] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0111.847] SetEvent (hEvent=0xc0) returned 1 [0111.847] SetEvent (hEvent=0x13c) returned 1 [0111.847] SetEvent (hEvent=0x9c) returned 1 [0111.848] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.853] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0111.853] SetEvent (hEvent=0x9c) returned 1 [0111.853] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.858] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.878] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.891] SetEvent (hEvent=0xfc) returned 1 [0111.891] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.897] SetEvent (hEvent=0xfc) returned 1 [0111.897] SetEvent (hEvent=0x164) returned 1 [0111.897] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0111.898] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0111.898] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.899] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.899] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.899] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.900] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.900] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861a0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001b9818, lpReserved=0x0 | out: lpBuffer=0xc0005861a0*, lpNumberOfCharsWritten=0xc0001b9818*=0x2) returned 1 [0111.904] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.914] SetEvent (hEvent=0x13c) returned 1 [0111.914] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.916] SetEvent (hEvent=0x13c) returned 1 [0111.917] SwitchToThread () returned 1 [0111.917] SetEvent (hEvent=0x164) returned 1 [0111.917] SetEvent (hEvent=0x13c) returned 1 [0111.917] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0111.918] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001b9cf4 | out: lpMode=0xc0001b9cf4) returned 0 [0111.918] GetFileType (hFile=0x180) returned 0x1 [0111.918] GetFileType (hFile=0x180) returned 0x1 [0111.918] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc0001b9d44 | out: lpFileInformation=0xc0001b9d44) returned 1 [0111.919] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc0001b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b9d28) returned 1 [0111.919] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0111.920] ReadFile (in: hFile=0x180, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x10e6c, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc0001b9c04*=0x10c6c, lpOverlapped=0x0) returned 1 [0111.926] ReadFile (in: hFile=0x180, lpBuffer=0xc00026ac6c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00026ac6c*, lpNumberOfBytesRead=0xc0001b9c04*=0x0, lpOverlapped=0x0) returned 1 [0111.926] CloseHandle (hObject=0x180) returned 1 [0111.927] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0111.927] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0111.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.931] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001b9d04 | out: lpMode=0xc0001b9d04) returned 0 [0111.931] GetFileType (hFile=0x180) returned 0x1 [0111.932] WriteFile (in: hFile=0x180, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0x10c70, lpNumberOfBytesWritten=0xc0001b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc0001b9cec*=0x10c70, lpOverlapped=0x0) returned 1 [0111.934] CloseHandle (hObject=0x180) returned 1 [0111.935] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0111.935] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0111.936] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0111.936] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001b9d64 | out: lpMode=0xc0001b9d64) returned 0 [0111.936] GetFileType (hFile=0x1bc) returned 0x1 [0111.936] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000582c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000582c0*, lpNumberOfBytesWritten=0xc0001b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.936] CloseHandle (hObject=0x1bc) returned 1 [0111.938] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0111.938] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-chrome-new[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-chrome-new[1].jpg"), dwFlags=0x1) returned 1 [0111.968] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.968] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0111.968] SetEvent (hEvent=0xfc) returned 1 [0111.969] SetEvent (hEvent=0x13c) returned 1 [0111.969] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.972] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.972] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0111.972] SetEvent (hEvent=0x13c) returned 1 [0111.972] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.983] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0111.983] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.019] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.035] SetEvent (hEvent=0x1a0) returned 1 [0112.035] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.039] SetEvent (hEvent=0x1a0) returned 1 [0112.039] SetEvent (hEvent=0x164) returned 1 [0112.039] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0112.040] VirtualFree (lpAddress=0xc000160000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.040] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.040] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.041] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.041] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.041] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010060*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00027f818, lpReserved=0x0 | out: lpBuffer=0xc000010060*, lpNumberOfCharsWritten=0xc00027f818*=0x2) returned 1 [0112.043] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.050] SetEvent (hEvent=0xfc) returned 1 [0112.050] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.052] SetEvent (hEvent=0xfc) returned 1 [0112.052] SetEvent (hEvent=0x164) returned 1 [0112.052] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.052] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.053] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.053] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.053] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00024b818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc00024b818*=0x2) returned 1 [0112.058] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.072] SetEvent (hEvent=0x13c) returned 1 [0112.072] SetEvent (hEvent=0x164) returned 1 [0112.072] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0112.073] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00019fcf4 | out: lpMode=0xc00019fcf4) returned 0 [0112.074] GetFileType (hFile=0x1e4) returned 0x1 [0112.074] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0112.074] GetFileType (hFile=0x1e4) returned 0x1 [0112.074] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc00019fd44 | out: lpFileInformation=0xc00019fd44) returned 1 [0112.074] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc00019fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00019fd28) returned 1 [0112.075] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0112.075] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0112.075] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x266, lpNumberOfBytesRead=0xc00019fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc00019fc04*=0x66, lpOverlapped=0x0) returned 1 [0112.078] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0000ee066, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00019fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee066*, lpNumberOfBytesRead=0xc00019fc04*=0x0, lpOverlapped=0x0) returned 1 [0112.078] CloseHandle (hObject=0x1e4) returned 1 [0112.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0112.083] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00019fd04 | out: lpMode=0xc00019fd04) returned 0 [0112.083] GetFileType (hFile=0x1e4) returned 0x1 [0112.083] WriteFile (in: hFile=0x1e4, lpBuffer=0xc000130000*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0xc00019fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000130000*, lpNumberOfBytesWritten=0xc00019fcec*=0x70, lpOverlapped=0x0) returned 1 [0112.085] CloseHandle (hObject=0x1e4) returned 1 [0112.085] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0112.085] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0112.086] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0112.086] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00019fd64 | out: lpMode=0xc00019fd64) returned 0 [0112.086] GetFileType (hFile=0x1e4) returned 0x1 [0112.086] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00019fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00019fd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.090] CloseHandle (hObject=0x1e4) returned 1 [0112.090] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0112.091] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-ie8[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-ie8[1].txt"), dwFlags=0x1) returned 1 [0112.148] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0112.148] SetEvent (hEvent=0x13c) returned 1 [0112.149] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.150] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.150] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0112.150] SetEvent (hEvent=0x13c) returned 1 [0112.150] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.155] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.155] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0112.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\meversion[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\meversion[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0112.156] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0112.157] GetFileType (hFile=0x1e4) returned 0x1 [0112.157] GetFileType (hFile=0x1e4) returned 0x1 [0112.157] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0112.157] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0112.157] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0000d1500, nNumberOfBytesToRead=0x1380, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesRead=0xc000241c04*=0x1180, lpOverlapped=0x0) returned 1 [0112.160] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0000d2680, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d2680*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0112.160] CloseHandle (hObject=0x1e4) returned 1 [0112.160] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0112.161] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\meversion[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\meversion[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0112.167] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0112.168] GetFileType (hFile=0x1e4) returned 0x1 [0112.168] WriteFile (in: hFile=0x1e4, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x1190, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc000241cec*=0x1190, lpOverlapped=0x0) returned 1 [0112.169] CloseHandle (hObject=0x1e4) returned 1 [0112.170] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0112.170] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0112.171] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\meversion[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\meversion[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0112.171] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0112.171] GetFileType (hFile=0x1e4) returned 0x1 [0112.171] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.172] CloseHandle (hObject=0x1e4) returned 1 [0112.172] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0112.172] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\meversion[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\meversion[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-meversion[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-meversion[1]"), dwFlags=0x1) returned 1 [0112.206] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.206] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0112.206] SetEvent (hEvent=0xfc) returned 1 [0112.206] SetEvent (hEvent=0x164) returned 1 [0112.207] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.209] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.209] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0112.209] SetEvent (hEvent=0x164) returned 1 [0112.209] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.215] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.215] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.235] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.261] SetEvent (hEvent=0x9c) returned 1 [0112.262] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.265] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\uhf-west-european-default.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\uhf-west-european-default.min[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0112.266] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00018dcf4 | out: lpMode=0xc00018dcf4) returned 0 [0112.267] GetFileType (hFile=0x1bc) returned 0x1 [0112.267] GetFileType (hFile=0x1bc) returned 0x1 [0112.267] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc00018dd44 | out: lpFileInformation=0xc00018dd44) returned 1 [0112.267] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc00018dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018dd28) returned 1 [0112.267] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0112.268] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x1ca5b, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc00018dc04*=0x1c85b, lpOverlapped=0x0) returned 1 [0112.273] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002c085b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002c085b*, lpNumberOfBytesRead=0xc00018dc04*=0x0, lpOverlapped=0x0) returned 1 [0112.273] CloseHandle (hObject=0x1bc) returned 1 [0112.273] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0112.275] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\uhf-west-european-default.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\uhf-west-european-default.min[1].css"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0112.279] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00018dd04 | out: lpMode=0xc00018dd04) returned 0 [0112.281] GetFileType (hFile=0x1dc) returned 0x1 [0112.281] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0002e2000*, nNumberOfBytesToWrite=0x1c860, lpNumberOfBytesWritten=0xc00018dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesWritten=0xc00018dcec*=0x1c860, lpOverlapped=0x0) returned 1 [0112.283] CloseHandle (hObject=0x1dc) returned 1 [0112.286] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0112.286] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\uhf-west-european-default.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\uhf-west-european-default.min[1].css"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0112.287] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00018dd64 | out: lpMode=0xc00018dd64) returned 0 [0112.291] GetFileType (hFile=0x1dc) returned 0x1 [0112.291] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00018dd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.292] CloseHandle (hObject=0x1dc) returned 1 [0112.292] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\uhf-west-european-default.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\uhf-west-european-default.min[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-uhf-west-european-default.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-uhf-west-european-default.min[1].css"), dwFlags=0x1) returned 1 [0112.293] SwitchToThread () returned 1 [0112.340] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.358] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0112.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0112.359] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00019fcf4 | out: lpMode=0xc00019fcf4) returned 0 [0112.366] GetFileType (hFile=0x1dc) returned 0x1 [0112.366] GetFileType (hFile=0x1dc) returned 0x1 [0112.366] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc00019fd44 | out: lpFileInformation=0xc00019fd44) returned 1 [0112.366] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc00019fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00019fd28) returned 1 [0112.366] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0112.367] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0112.367] ReadFile (in: hFile=0x1dc, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x2b29, lpNumberOfBytesRead=0xc00019fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc00019fc04*=0x2929, lpOverlapped=0x0) returned 1 [0112.372] ReadFile (in: hFile=0x1dc, lpBuffer=0xc00003e929, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00019fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003e929*, lpNumberOfBytesRead=0xc00019fc04*=0x0, lpOverlapped=0x0) returned 1 [0112.372] CloseHandle (hObject=0x1dc) returned 1 [0112.372] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0112.373] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0112.373] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0112.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0112.393] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.422] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00019fd04 | out: lpMode=0xc00019fd04) returned 0 [0112.426] GetFileType (hFile=0xec) returned 0x1 [0112.426] WriteFile (in: hFile=0xec, lpBuffer=0xc0000e4000*, nNumberOfBytesToWrite=0x2930, lpNumberOfBytesWritten=0xc00019fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesWritten=0xc00019fcec*=0x2930, lpOverlapped=0x0) returned 1 [0112.427] CloseHandle (hObject=0xec) returned 1 [0112.436] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.443] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001001 | out: pbBuffer=0xc000001001) returned 1 [0112.443] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0112.443] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0112.444] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0112.444] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0112.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0112.445] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00019fd64 | out: lpMode=0xc00019fd64) returned 0 [0112.446] GetFileType (hFile=0x1e4) returned 0x1 [0112.446] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0002942c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00019fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002942c0*, lpNumberOfBytesWritten=0xc00019fd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.446] CloseHandle (hObject=0x1e4) returned 1 [0112.476] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-1223855322-postmessagerelay[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-1223855322-postmessagerelay[1].js"), dwFlags=0x1) returned 1 [0112.548] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.549] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0112.549] SetEvent (hEvent=0x1a0) returned 1 [0112.549] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0112.550] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.551] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.552] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0112.552] SetEvent (hEvent=0xf4) returned 1 [0112.552] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.561] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.561] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.562] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0112.562] SetEvent (hEvent=0xc0) returned 1 [0112.562] SetEvent (hEvent=0x9c) returned 1 [0112.563] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.565] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.566] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0112.566] SetEvent (hEvent=0x9c) returned 1 [0112.566] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.568] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.569] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0112.569] SetEvent (hEvent=0x164) returned 1 [0112.569] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0112.570] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.571] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.572] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.573] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.575] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.575] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0112.575] SetEvent (hEvent=0xc0) returned 1 [0112.575] SetEvent (hEvent=0x198) returned 1 [0112.576] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.576] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.577] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0112.577] SetEvent (hEvent=0x114) returned 1 [0112.577] SetEvent (hEvent=0x198) returned 1 [0112.578] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.586] SetEvent (hEvent=0x120) returned 1 [0112.586] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.588] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.589] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0112.589] SetEvent (hEvent=0x114) returned 1 [0112.589] SetEvent (hEvent=0x120) returned 1 [0112.589] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.594] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.595] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0112.595] SetEvent (hEvent=0xc0) returned 1 [0112.595] SetEvent (hEvent=0x198) returned 1 [0112.595] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0112.597] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.600] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.601] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0112.601] SetEvent (hEvent=0x9c) returned 1 [0112.601] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.700] SwitchToThread () returned 1 [0112.708] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0112.708] SetEvent (hEvent=0x9c) returned 1 [0112.708] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0112.709] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.711] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.711] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0112.711] SetEvent (hEvent=0x9c) returned 1 [0112.711] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.716] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.742] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.750] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.761] SetEvent (hEvent=0x114) returned 1 [0112.761] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.763] SetEvent (hEvent=0x114) returned 1 [0112.763] SetEvent (hEvent=0x1a0) returned 1 [0112.763] VirtualFree (lpAddress=0xc000396000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.764] VirtualFree (lpAddress=0xc000392000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.764] VirtualFree (lpAddress=0xc00038a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0112.765] VirtualFree (lpAddress=0xc000330000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0112.765] VirtualFree (lpAddress=0xc00032c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.765] VirtualFree (lpAddress=0xc00031e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.765] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.766] VirtualFree (lpAddress=0xc00029a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.766] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.766] VirtualFree (lpAddress=0xc00004c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.767] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.767] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000045818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc000045818*=0x2) returned 1 [0112.768] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.777] SetEvent (hEvent=0x108) returned 1 [0112.777] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.780] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0112.780] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000289cf4 | out: lpMode=0xc000289cf4) returned 0 [0112.781] GetFileType (hFile=0x1b0) returned 0x1 [0112.781] GetFileType (hFile=0x1b0) returned 0x1 [0112.781] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000289d44 | out: lpFileInformation=0xc000289d44) returned 1 [0112.781] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000289d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000289d28) returned 1 [0112.781] VirtualAlloc (lpAddress=0xc0002f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f4000 [0112.782] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0002f4000, nNumberOfBytesToRead=0x434, lpNumberOfBytesRead=0xc000289c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f4000*, lpNumberOfBytesRead=0xc000289c04*=0x234, lpOverlapped=0x0) returned 1 [0112.787] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0002f4234, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000289c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f4234*, lpNumberOfBytesRead=0xc000289c04*=0x0, lpOverlapped=0x0) returned 1 [0112.787] CloseHandle (hObject=0x1b0) returned 1 [0112.787] SwitchToThread () returned 1 [0112.790] VirtualAlloc (lpAddress=0xc0003a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a0000 [0112.790] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0112.793] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000289d04 | out: lpMode=0xc000289d04) returned 0 [0112.793] GetFileType (hFile=0x1b0) returned 0x1 [0112.793] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000322000*, nNumberOfBytesToWrite=0x240, lpNumberOfBytesWritten=0xc000289cec, lpOverlapped=0x0 | out: lpBuffer=0xc000322000*, lpNumberOfBytesWritten=0xc000289cec*=0x240, lpOverlapped=0x0) returned 1 [0112.798] CloseHandle (hObject=0x1b0) returned 1 [0112.799] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0112.800] VirtualAlloc (lpAddress=0xc0003a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a2000 [0112.800] VirtualAlloc (lpAddress=0xc0003a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a4000 [0112.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0112.801] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000289d64 | out: lpMode=0xc000289d64) returned 0 [0112.802] GetFileType (hFile=0x1d4) returned 0x1 [0112.802] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000289d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000289d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.802] CloseHandle (hObject=0x1d4) returned 1 [0112.805] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBB9wH0[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbb9wh0[1].png"), dwFlags=0x1) returned 1 [0112.842] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.843] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0112.843] SetEvent (hEvent=0x108) returned 1 [0112.843] SetEvent (hEvent=0x9c) returned 1 [0112.843] VirtualAlloc (lpAddress=0xc000356000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000356000 [0112.845] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.846] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.847] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0112.847] SetEvent (hEvent=0x9c) returned 1 [0112.847] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.856] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.856] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.882] SetEvent (hEvent=0x114) returned 1 [0112.882] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.892] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.898] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.900] SetEvent (hEvent=0x1a0) returned 1 [0112.900] SetEvent (hEvent=0x164) returned 1 [0112.901] VirtualFree (lpAddress=0xc0003b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.901] VirtualFree (lpAddress=0xc0003ae000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.901] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.902] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.902] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.902] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.902] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000040000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfCharsWritten=0xc000241818*=0x2) returned 1 [0112.904] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.907] SetEvent (hEvent=0x1a0) returned 1 [0112.907] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.910] SetEvent (hEvent=0x1a0) returned 1 [0112.910] SetEvent (hEvent=0x114) returned 1 [0112.910] SetEvent (hEvent=0x108) returned 1 [0112.910] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.928] SetEvent (hEvent=0x120) returned 1 [0112.928] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.962] SetEvent (hEvent=0x15c) returned 1 [0112.962] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0112.971] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0112.972] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc00029dcf4 | out: lpMode=0xc00029dcf4) returned 0 [0112.978] GetFileType (hFile=0x1d4) returned 0x1 [0112.979] GetFileType (hFile=0x1d4) returned 0x1 [0112.979] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc00029dd44 | out: lpFileInformation=0xc00029dd44) returned 1 [0112.979] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc00029dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029dd28) returned 1 [0112.979] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0112.979] ReadFile (in: hFile=0x1d4, lpBuffer=0xc000054000, nNumberOfBytesToRead=0x1e21, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesRead=0xc00029dc04*=0x1c21, lpOverlapped=0x0) returned 1 [0112.982] ReadFile (in: hFile=0x1d4, lpBuffer=0xc000055c21, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000055c21*, lpNumberOfBytesRead=0xc00029dc04*=0x0, lpOverlapped=0x0) returned 1 [0112.983] CloseHandle (hObject=0x1d4) returned 1 [0112.983] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0112.983] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0112.983] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0112.984] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0113.009] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00029dd04 | out: lpMode=0xc00029dd04) returned 0 [0113.010] GetFileType (hFile=0x1b4) returned 0x1 [0113.010] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00005a000*, nNumberOfBytesToWrite=0x1c30, lpNumberOfBytesWritten=0xc00029dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesWritten=0xc00029dcec*=0x1c30, lpOverlapped=0x0) returned 1 [0113.011] CloseHandle (hObject=0x1b4) returned 1 [0113.012] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0b01 | out: pbBuffer=0xc0000e0b01) returned 1 [0113.013] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0113.013] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00029dd64 | out: lpMode=0xc00029dd64) returned 0 [0113.015] GetFileType (hFile=0x180) returned 0x1 [0113.015] WriteFile (in: hFile=0x180, lpBuffer=0xc00037adc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00037adc0*, lpNumberOfBytesWritten=0xc00029dd4c*=0x158, lpOverlapped=0x0) returned 1 [0113.015] CloseHandle (hObject=0x180) returned 1 [0113.018] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBPiby[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbpiby[1].jpg"), dwFlags=0x1) returned 1 [0113.080] SetEvent (hEvent=0x114) returned 1 [0113.080] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.082] SetEvent (hEvent=0x15c) returned 1 [0113.082] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.084] SetEvent (hEvent=0x15c) returned 1 [0113.084] SetEvent (hEvent=0x114) returned 1 [0113.084] SwitchToThread () returned 1 [0113.179] SwitchToThread () returned 1 [0113.183] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.186] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.186] SetEvent (hEvent=0x15c) returned 1 [0113.186] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.189] SetEvent (hEvent=0x15c) returned 1 [0113.189] SetEvent (hEvent=0x114) returned 1 [0113.189] SetEvent (hEvent=0x198) returned 1 [0113.189] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.193] SetEvent (hEvent=0x15c) returned 1 [0113.193] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.194] SetEvent (hEvent=0x15c) returned 1 [0113.194] SetEvent (hEvent=0x114) returned 1 [0113.194] SetEvent (hEvent=0x198) returned 1 [0113.194] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.199] SetEvent (hEvent=0x15c) returned 1 [0113.199] SetEvent (hEvent=0x164) returned 1 [0113.199] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.205] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.249] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.264] SetEvent (hEvent=0x198) returned 1 [0113.264] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.264] SetEvent (hEvent=0x9c) returned 1 [0113.265] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0113.265] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000289cf4 | out: lpMode=0xc000289cf4) returned 0 [0113.266] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.273] GetFileType (hFile=0x128) returned 0x1 [0113.273] GetFileType (hFile=0x128) returned 0x1 [0113.273] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000289d44 | out: lpFileInformation=0xc000289d44) returned 1 [0113.273] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000289d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000289d28) returned 1 [0113.273] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0113.274] ReadFile (in: hFile=0x128, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0xb38, lpNumberOfBytesRead=0xc000289c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc000289c04*=0x938, lpOverlapped=0x0) returned 1 [0113.278] ReadFile (in: hFile=0x128, lpBuffer=0xc00004e938, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000289c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e938*, lpNumberOfBytesRead=0xc000289c04*=0x0, lpOverlapped=0x0) returned 1 [0113.278] CloseHandle (hObject=0x128) returned 1 [0113.278] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0113.278] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0113.279] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0113.301] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000289d04 | out: lpMode=0xc000289d04) returned 0 [0113.302] GetFileType (hFile=0x128) returned 0x1 [0113.302] WriteFile (in: hFile=0x128, lpBuffer=0xc000054000*, nNumberOfBytesToWrite=0x940, lpNumberOfBytesWritten=0xc000289cec, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesWritten=0xc000289cec*=0x940, lpOverlapped=0x0) returned 1 [0113.303] CloseHandle (hObject=0x128) returned 1 [0113.304] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0113.304] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0113.305] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0113.305] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0113.306] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0113.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0113.306] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000289d64 | out: lpMode=0xc000289d64) returned 0 [0113.307] GetFileType (hFile=0x1b4) returned 0x1 [0113.308] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000289d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000289d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.308] CloseHandle (hObject=0x1b4) returned 1 [0113.310] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0113.311] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0113.311] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBZYVP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbzyvp[1].jpg"), dwFlags=0x1) returned 1 [0113.341] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.343] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.343] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0113.343] SetEvent (hEvent=0x15c) returned 1 [0113.344] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.344] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.346] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0113.346] SetEvent (hEvent=0x164) returned 1 [0113.346] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.351] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.351] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.366] SetEvent (hEvent=0x9c) returned 1 [0113.367] VirtualFree (lpAddress=0xc000160000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.367] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.367] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.368] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.368] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.368] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.368] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001d3818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc0001d3818*=0x2) returned 1 [0113.373] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.375] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0113.376] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001a7cf4 | out: lpMode=0xc0001a7cf4) returned 0 [0113.380] GetFileType (hFile=0x128) returned 0x1 [0113.381] GetFileType (hFile=0x128) returned 0x1 [0113.381] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0001a7d44 | out: lpFileInformation=0xc0001a7d44) returned 1 [0113.381] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0001a7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a7d28) returned 1 [0113.381] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0113.382] ReadFile (in: hFile=0x128, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x2c99, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc0001a7c04*=0x2a99, lpOverlapped=0x0) returned 1 [0113.387] ReadFile (in: hFile=0x128, lpBuffer=0xc00003ea99, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003ea99*, lpNumberOfBytesRead=0xc0001a7c04*=0x0, lpOverlapped=0x0) returned 1 [0113.387] CloseHandle (hObject=0x128) returned 1 [0113.387] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0113.388] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0113.388] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0113.388] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0113.389] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0113.400] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001a7d04 | out: lpMode=0xc0001a7d04) returned 0 [0113.402] GetFileType (hFile=0x128) returned 0x1 [0113.402] WriteFile (in: hFile=0x128, lpBuffer=0xc0000e4000*, nNumberOfBytesToWrite=0x2aa0, lpNumberOfBytesWritten=0xc0001a7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesWritten=0xc0001a7cec*=0x2aa0, lpOverlapped=0x0) returned 1 [0113.403] CloseHandle (hObject=0x128) returned 1 [0113.404] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0113.404] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0113.404] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0113.405] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0113.405] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0113.406] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0113.406] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0113.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0113.407] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0001a7d64 | out: lpMode=0xc0001a7d64) returned 0 [0113.408] GetFileType (hFile=0x1b4) returned 0x1 [0113.408] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000dc2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc2c0*, lpNumberOfBytesWritten=0xc0001a7d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.408] CloseHandle (hObject=0x1b4) returned 1 [0113.416] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0113.417] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBC04we[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbc04we[1].jpg"), dwFlags=0x1) returned 1 [0113.476] SwitchToThread () returned 1 [0113.480] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.595] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.603] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.608] SetEvent (hEvent=0x9c) returned 1 [0113.608] SetEvent (hEvent=0x198) returned 1 [0113.608] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0113.608] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.609] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.609] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.610] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.610] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.610] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.610] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.611] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002a3818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc0002a3818*=0x2) returned 1 [0113.613] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.621] SetEvent (hEvent=0x198) returned 1 [0113.621] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0113.621] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0113.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0113.622] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0002a3cf4 | out: lpMode=0xc0002a3cf4) returned 0 [0113.623] GetFileType (hFile=0x128) returned 0x1 [0113.623] GetFileType (hFile=0x128) returned 0x1 [0113.623] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0002a3d44 | out: lpFileInformation=0xc0002a3d44) returned 1 [0113.623] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0002a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a3d28) returned 1 [0113.623] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0113.624] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0113.624] ReadFile (in: hFile=0x128, lpBuffer=0xc000166000, nNumberOfBytesToRead=0xb1d, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000166000*, lpNumberOfBytesRead=0xc0002a3c04*=0x91d, lpOverlapped=0x0) returned 1 [0113.629] ReadFile (in: hFile=0x128, lpBuffer=0xc00016691d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016691d*, lpNumberOfBytesRead=0xc0002a3c04*=0x0, lpOverlapped=0x0) returned 1 [0113.629] CloseHandle (hObject=0x128) returned 1 [0113.629] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0113.629] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0113.635] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0002a3d04 | out: lpMode=0xc0002a3d04) returned 0 [0113.636] GetFileType (hFile=0x128) returned 0x1 [0113.636] WriteFile (in: hFile=0x128, lpBuffer=0xc000040000*, nNumberOfBytesToWrite=0x920, lpNumberOfBytesWritten=0xc0002a3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesWritten=0xc0002a3cec*=0x920, lpOverlapped=0x0) returned 1 [0113.637] CloseHandle (hObject=0x128) returned 1 [0113.638] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0113.638] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0113.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.639] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0002a3d64 | out: lpMode=0xc0002a3d64) returned 0 [0113.639] GetFileType (hFile=0xec) returned 0x1 [0113.639] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0002a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.639] CloseHandle (hObject=0xec) returned 1 [0113.642] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBE7d3b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbe7d3b[1].jpg"), dwFlags=0x1) returned 1 [0113.676] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0113.677] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.678] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0113.678] SetEvent (hEvent=0xc0) returned 1 [0113.678] SetEvent (hEvent=0x164) returned 1 [0113.678] SetEvent (hEvent=0x108) returned 1 [0113.678] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0113.679] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.684] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0113.684] SetEvent (hEvent=0x108) returned 1 [0113.684] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.689] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.837] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.864] SetEvent (hEvent=0x9c) returned 1 [0113.864] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.867] SetEvent (hEvent=0x9c) returned 1 [0113.868] SetEvent (hEvent=0x198) returned 1 [0113.868] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.868] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.869] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.869] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.869] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.869] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.870] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.870] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000205818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc000205818*=0x2) returned 1 [0113.873] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.879] SetEvent (hEvent=0x198) returned 1 [0113.880] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0113.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0113.881] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001f7cf4 | out: lpMode=0xc0001f7cf4) returned 0 [0113.882] GetFileType (hFile=0xec) returned 0x1 [0113.882] GetFileType (hFile=0xec) returned 0x1 [0113.882] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0001f7d44 | out: lpFileInformation=0xc0001f7d44) returned 1 [0113.882] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0001f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f7d28) returned 1 [0113.882] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0113.884] ReadFile (in: hFile=0xec, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x41af, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc0001f7c04*=0x3faf, lpOverlapped=0x0) returned 1 [0113.887] ReadFile (in: hFile=0xec, lpBuffer=0xc00025dfaf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025dfaf*, lpNumberOfBytesRead=0xc0001f7c04*=0x0, lpOverlapped=0x0) returned 1 [0113.887] CloseHandle (hObject=0xec) returned 1 [0113.887] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0113.888] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0113.888] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0113.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.902] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001f7d04 | out: lpMode=0xc0001f7d04) returned 0 [0113.902] GetFileType (hFile=0xec) returned 0x1 [0113.902] WriteFile (in: hFile=0xec, lpBuffer=0xc000102000*, nNumberOfBytesToWrite=0x3fb0, lpNumberOfBytesWritten=0xc0001f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfBytesWritten=0xc0001f7cec*=0x3fb0, lpOverlapped=0x0) returned 1 [0113.904] CloseHandle (hObject=0xec) returned 1 [0113.905] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0113.905] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0113.905] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0113.906] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.906] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001f7d64 | out: lpMode=0xc0001f7d64) returned 0 [0113.907] GetFileType (hFile=0xec) returned 0x1 [0113.907] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.907] CloseHandle (hObject=0xec) returned 1 [0113.908] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEe4Oo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbee4oo[1].png"), dwFlags=0x1) returned 1 [0113.944] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.944] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0113.944] SetEvent (hEvent=0x164) returned 1 [0113.945] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.947] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.950] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.951] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.951] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0113.951] SetEvent (hEvent=0x164) returned 1 [0113.951] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.953] SetEvent (hEvent=0x108) returned 1 [0113.953] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.962] SetEvent (hEvent=0x120) returned 1 [0113.963] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.974] SetEvent (hEvent=0x198) returned 1 [0113.974] SetEvent (hEvent=0x164) returned 1 [0113.974] SetEvent (hEvent=0x108) returned 1 [0113.974] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0113.985] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.004] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.017] SetEvent (hEvent=0x9c) returned 1 [0114.017] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.018] SetEvent (hEvent=0x9c) returned 1 [0114.018] SetEvent (hEvent=0x198) returned 1 [0114.018] VirtualFree (lpAddress=0xc00019a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.018] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.019] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.019] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.020] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.020] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.020] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.020] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.021] VirtualFree (lpAddress=0xc000076000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.021] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.021] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.022] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0114.022] VirtualFree (lpAddress=0xc00004c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0114.024] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010050*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001b5818, lpReserved=0x0 | out: lpBuffer=0xc000010050*, lpNumberOfCharsWritten=0xc0001b5818*=0x2) returned 1 [0114.025] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.025] SetEvent (hEvent=0x198) returned 1 [0114.025] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0114.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0114.026] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001b5cf4 | out: lpMode=0xc0001b5cf4) returned 0 [0114.027] GetFileType (hFile=0xec) returned 0x1 [0114.028] GetFileType (hFile=0xec) returned 0x1 [0114.028] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0001b5d44 | out: lpFileInformation=0xc0001b5d44) returned 1 [0114.028] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0001b5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b5d28) returned 1 [0114.028] VirtualAlloc (lpAddress=0xc000160000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0114.029] ReadFile (in: hFile=0xec, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x3176, lpNumberOfBytesRead=0xc0001b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc0001b5c04*=0x2f76, lpOverlapped=0x0) returned 1 [0114.045] ReadFile (in: hFile=0xec, lpBuffer=0xc000162f76, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000162f76*, lpNumberOfBytesRead=0xc0001b5c04*=0x0, lpOverlapped=0x0) returned 1 [0114.045] CloseHandle (hObject=0xec) returned 1 [0114.045] SwitchToThread () returned 1 [0114.052] SetEvent (hEvent=0x108) returned 1 [0114.052] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.057] SetEvent (hEvent=0x108) returned 1 [0114.057] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0114.057] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0114.058] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0114.058] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0114.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0114.068] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001b5d04 | out: lpMode=0xc0001b5d04) returned 0 [0114.069] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.074] GetFileType (hFile=0x1b0) returned 0x1 [0114.074] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000180000*, nNumberOfBytesToWrite=0x2f80, lpNumberOfBytesWritten=0xc0001b5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesWritten=0xc0001b5cec*=0x2f80, lpOverlapped=0x0) returned 1 [0114.075] CloseHandle (hObject=0x1b0) returned 1 [0114.075] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082501 | out: pbBuffer=0xc000082501) returned 1 [0114.075] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0114.076] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0114.076] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0114.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0114.077] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001b5d64 | out: lpMode=0xc0001b5d64) returned 0 [0114.077] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.092] GetFileType (hFile=0x1b0) returned 0x1 [0114.092] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001b5d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.092] CloseHandle (hObject=0x1b0) returned 1 [0114.093] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0114.093] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0114.093] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0114.094] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0114.094] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEf5Lq[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbef5lq[1].jpg"), dwFlags=0x1) returned 1 [0114.295] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.371] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0114.371] SetEvent (hEvent=0xec) returned 1 [0114.371] SetEvent (hEvent=0x1f8) returned 1 [0114.371] SetEvent (hEvent=0x1c4) returned 1 [0114.371] VirtualAlloc (lpAddress=0xc00030e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030e000 [0114.373] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.381] SetEvent (hEvent=0x1c4) returned 1 [0114.381] SetEvent (hEvent=0x1f8) returned 1 [0114.381] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.385] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.385] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.386] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.386] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0114.386] SetEvent (hEvent=0xc0) returned 1 [0114.386] SetEvent (hEvent=0x1d4) returned 1 [0114.387] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.410] GetFileType (hFile=0x1e0) returned 0x1 [0114.410] WriteFile (in: hFile=0x1e0, lpBuffer=0xc000380000*, nNumberOfBytesToWrite=0x2a40, lpNumberOfBytesWritten=0xc000065cec, lpOverlapped=0x0 | out: lpBuffer=0xc000380000*, lpNumberOfBytesWritten=0xc000065cec*=0x2a40, lpOverlapped=0x0) returned 1 [0114.411] CloseHandle (hObject=0x1e0) returned 1 [0114.412] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0114.413] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0114.413] GetConsoleMode (in: hConsoleHandle=0x1e0, lpMode=0xc000065d64 | out: lpMode=0xc000065d64) returned 0 [0114.413] GetFileType (hFile=0x1e0) returned 0x1 [0114.413] WriteFile (in: hFile=0x1e0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000065d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000065d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.413] CloseHandle (hObject=0x1e0) returned 1 [0114.414] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-DevCMDL2.2.18[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-devcmdl2.2.18[1].eot"), dwFlags=0x1) returned 1 [0114.742] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.748] SwitchToThread () returned 1 [0114.750] SetEvent (hEvent=0x1dc) returned 1 [0114.750] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.752] SetEvent (hEvent=0x198) returned 1 [0114.752] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.759] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0114.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x208 [0114.760] GetConsoleMode (in: hConsoleHandle=0x208, lpMode=0xc000155cf4 | out: lpMode=0xc000155cf4) returned 0 [0114.761] GetFileType (hFile=0x208) returned 0x1 [0114.761] GetFileType (hFile=0x208) returned 0x1 [0114.761] GetFileInformationByHandle (in: hFile=0x208, lpFileInformation=0xc000155d44 | out: lpFileInformation=0xc000155d44) returned 1 [0114.761] GetFileInformationByHandleEx (in: hFile=0x208, FileInformationClass=0x9, lpFileInformation=0xc000155d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000155d28) returned 1 [0114.761] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0114.763] ReadFile (in: hFile=0x208, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x61eb, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000155c04*=0x5feb, lpOverlapped=0x0) returned 1 [0114.769] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.771] SetEvent (hEvent=0x1dc) returned 1 [0114.771] ReadFile (in: hFile=0x208, lpBuffer=0xc0002a9feb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a9feb*, lpNumberOfBytesRead=0xc000155c04*=0x0, lpOverlapped=0x0) returned 1 [0114.772] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.777] CloseHandle (hObject=0x208) returned 1 [0114.777] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.779] SetEvent (hEvent=0x1c4) returned 1 [0114.779] VirtualFree (lpAddress=0xc000336000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.779] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.780] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.780] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.780] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.781] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00018d818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc00018d818*=0x2) returned 1 [0114.787] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0114.787] SetEvent (hEvent=0x198) returned 1 [0114.787] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0114.789] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.797] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.797] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0114.797] SetEvent (hEvent=0x120) returned 1 [0114.797] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.804] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.804] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.807] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.807] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0114.807] SetEvent (hEvent=0xc0) returned 1 [0114.807] SetEvent (hEvent=0x198) returned 1 [0114.808] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.812] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.819] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe30*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.820] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0114.820] SetEvent (hEvent=0x1c4) returned 1 [0114.820] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.820] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0114.821] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf4dbc10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf4dbc10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf4dbc10, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x6f15)) returned 1 [0114.821] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x583e0320, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x583e0320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x583e0320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf6)) returned 1 [0114.825] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0114.834] VirtualAlloc (lpAddress=0xc000364000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000364000 [0114.835] VirtualAlloc (lpAddress=0xc000366000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000366000 [0114.835] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b2b1b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b2b1b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b2b1b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4dd8)) returned 1 [0114.860] SetEvent (hEvent=0x1d0) returned 1 [0114.861] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61341460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61341460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x613675c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c9f6)) returned 1 [0114.909] SetEvent (hEvent=0xc0) returned 1 [0114.909] SetEvent (hEvent=0xfc) returned 1 [0114.909] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x467cf930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2b)) returned 1 [0114.952] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0114.952] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b51310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b51310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b51310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29349)) returned 1 [0115.070] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0115.070] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0115.109] SetEvent (hEvent=0x120) returned 1 [0115.109] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5120a1b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5120a1b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5120a1b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b)) returned 1 [0115.127] SetEvent (hEvent=0x1dc) returned 1 [0115.127] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0115.127] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5101afd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5101afd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5101afd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x24e29)) returned 1 [0115.145] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60b5eb80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60b5eb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60f89200, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf8f5)) returned 1 [0115.180] SetEvent (hEvent=0x1f8) returned 1 [0115.181] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x62410fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x62410fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x62410fc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x34ce)) returned 1 [0115.211] SetEvent (hEvent=0xfc) returned 1 [0115.211] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0115.211] GetFileAttributesExW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53089b90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53089b90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53089b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1254)) returned 1 [0115.231] SetEvent (hEvent=0x1d0) returned 1 [0115.231] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60ef0c80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60ef0c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60f16de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x6a6)) returned 1 [0115.248] SetEvent (hEvent=0x120) returned 1 [0115.248] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0115.249] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\index[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\index[1].htm"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5de2e5c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5de2e5c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5de54720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb6c8)) returned 1 [0115.259] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54fa1af0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54fa1af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54fa1af0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa2)) returned 1 [0115.284] SetEvent (hEvent=0x12c) returned 1 [0115.285] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfbb3b50, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfbb3b50, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfbb3b50, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x67)) returned 1 [0115.300] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0115.303] SetEvent (hEvent=0xfc) returned 1 [0115.303] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0115.304] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0115.304] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\uhf-main.var.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\uhf-main.var.min[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x548efd10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x548efd10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x548efd10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102ea)) returned 1 [0115.345] SetEvent (hEvent=0x1d0) returned 1 [0115.345] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0115.346] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0115.346] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5386c470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5386c470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5386c470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2dd5)) returned 1 [0115.366] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0115.367] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[2]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5386c470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5386c470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5386c470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d29)) returned 1 [0115.395] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0115.395] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0115.395] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[3]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe751ef0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe751ef0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe751ef0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2fa8)) returned 1 [0115.411] SetEvent (hEvent=0x198) returned 1 [0115.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[4]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[4]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe8829f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe8829f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe8829f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2da9)) returned 1 [0115.429] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0115.430] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0115.430] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x527ba6f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x527ba6f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0115.434] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.434] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\*", lpFindFileData=0xc0002211d0 | out: lpFindFileData=0xc0002211d0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x527ba6f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x527ba6f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0115.446] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x527ba6f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x527ba6f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0115.454] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45027e90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45027e90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45027e90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xa756, dwReserved0=0x0, dwReserved1=0x0, cFileName="19619569[1].gif", cAlternateFileName="196195~1.GIF")) returned 1 [0115.454] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54962130, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54962130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x549ae3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x461fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="7962161087[1].js", cAlternateFileName="796216~1.JS")) returned 1 [0115.454] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53017770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53017770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53017770, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14d, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA3DGHW[1].png", cAlternateFileName="AA3DGH~1.PNG")) returned 1 [0115.454] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA3e1pt[2].png", cAlternateFileName="AA3E1P~2.PNG")) returned 1 [0115.454] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45856a30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA42ckd[1].png", cAlternateFileName="AA42CK~1.PNG")) returned 1 [0115.454] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a1fab0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA42eYr[1].png", cAlternateFileName="AA42EY~1.PNG")) returned 1 [0115.454] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45bc29d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x204, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA61ILp[2].png", cAlternateFileName="AA61IL~2.PNG")) returned 1 [0115.454] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50ebbff0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50ebbff0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50ebbff0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA6SNZ6[1].png", cAlternateFileName="AA6SNZ~1.PNG")) returned 1 [0115.454] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454eaa90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454eaa90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454eaa90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAbyinC[1].png", cAlternateFileName="AABYIN~1.PNG")) returned 1 [0115.454] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x340b, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAicW5W[1].jpg", cAlternateFileName="AAICW5~1.JPG")) returned 1 [0115.454] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538925d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538925d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538b8730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x19a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAj0doQ[1].jpg", cAlternateFileName="AAJ0DO~1.JPG")) returned 1 [0115.454] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5159c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5159c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5159c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x35c, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAkqhIf[1].png", cAlternateFileName="AAKQHI~1.PNG")) returned 1 [0115.454] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458308d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x278e, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAmo09p[1].jpg", cAlternateFileName="AAMO09~1.JPG")) returned 1 [0115.454] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45bc29d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x19a, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAmUyV2[1].png", cAlternateFileName="AAMUYV~1.PNG")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAn7gKR[1].png", cAlternateFileName="AAN7GK~1.PNG")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61be2420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61be2420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61be2420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x650, dwReserved0=0x0, dwReserved1=0x0, cFileName="activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm", cAlternateFileName="ACTIVI~1.HTM")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2a0770, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf2a0770, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf2a0770, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2870, dwReserved0=0x0, dwReserved1=0x0, cFileName="adfscript[1]", cAlternateFileName="ADFSCR~1")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf54e030, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf54e030, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf54e030, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xf1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="adfserve[1]", cAlternateFileName="ADFSER~1")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533a9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533a9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533a9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11835, dwReserved0=0x0, dwReserved1=0x0, cFileName="ast[2].js", cAlternateFileName="AST_2_~1.JS")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53d7b330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53d7b330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53d7b330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x543, dwReserved0=0x0, dwReserved1=0x0, cFileName="async_usersync[1]", cAlternateFileName="ASYNC_~1")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5108d3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5108d3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x86e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="b2fd15[1].eot", cAlternateFileName="B2FD15~1.EOT")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45915110, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BB5zDwX[1].png", cAlternateFileName="BB5ZDW~1.PNG")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x227, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBaK3Nm[1].png", cAlternateFileName="BBAK3N~1.PNG")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53337450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2143, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBLcCz[1].jpg", cAlternateFileName="BBBLCC~1.JPG")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5348e0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5348e0b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5348e0b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x912, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBLdzQ[1].jpg", cAlternateFileName="BBBLDZ~1.JPG")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x532eb190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x6e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBO1mQ[1].jpg", cAlternateFileName="BBBO1M~1.JPG")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x537add90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x537add90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x537add90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBO1qB[1].jpg", cAlternateFileName="BBBO1Q~1.JPG")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53194530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x75e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBOIAt[1].jpg", cAlternateFileName="BBBOIA~1.JPG")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539049f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x6dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBOmuh[1].jpg", cAlternateFileName="BBBOMU~1.JPG")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53467f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53467f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5348e0b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9be, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBPK5J[1].jpg", cAlternateFileName="BBBPK5~1.JPG")) returned 1 [0115.455] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53194530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1694, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBPMvJ[1].jpg", cAlternateFileName="BBBPMV~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539e9230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539e9230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53a0f390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x85d, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBUL3E[1].jpg", cAlternateFileName="BBBUL3~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x515e8570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x878, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBUqkT[1].jpg", cAlternateFileName="BBBUQK~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f59090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f59090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f59090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x878, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBUqkT[2].jpg", cAlternateFileName="BBBUQK~2.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x530afcf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x77f, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBX3z0[1].jpg", cAlternateFileName="BBBX3Z~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538b8730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x22b3, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBYEW1[1].jpg", cAlternateFileName="BBBYEW~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ec0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ec0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52ec0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x19cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBYfEH[1].jpg", cAlternateFileName="BBBYFE~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b2bd440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5b2bd440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5b2bd440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ca1, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBZ20W[1].jpg", cAlternateFileName="BBBZ20~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53950cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53950cb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539c30d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1f37, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBzaxY[1].jpg", cAlternateFileName="BBBZAX~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53089b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2131, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBZzuz[1].jpg", cAlternateFileName="BBBZZU~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5530da90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5530da90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5530da90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x370a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC03B1[1].jpg", cAlternateFileName="BBC03B~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51256470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51256470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51256470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x22a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC04o2[1].jpg", cAlternateFileName="BBC04O~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53657130, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53657130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53657130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2036, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC06ZQ[1].jpg", cAlternateFileName="BBC06Z~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b2bd440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5b2bd440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5b2bd440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0ALC[1].jpg", cAlternateFileName="BBC0AL~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e74850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x884, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0BiZ[1].jpg", cAlternateFileName="BBC0BI~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f0cdd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f0cdd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f0cdd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x34d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0FXU[1].jpg", cAlternateFileName="BBC0FX~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61282d80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61282d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61282d80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2fd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0FXU[2].jpg", cAlternateFileName="BBC0FX~2.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e28590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0mkg[1].jpg", cAlternateFileName="BBC0MK~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e9a9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e9a9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e9a9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa7b, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0mkg[2].jpg", cAlternateFileName="BBC0MK~2.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5127c5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5127c5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5127c5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x17af, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0oQi[1].jpg", cAlternateFileName="BBC0OQ~1.JPG")) returned 1 [0115.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fa5350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fa5350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fa5350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf3, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0tCi[1].jpg", cAlternateFileName="BBC0TC~1.JPG")) returned 1 [0115.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459f9950, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459f9950, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459f9950, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x350a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBCM2U2[1].jpg", cAlternateFileName="BBCM2U~1.JPG")) returned 1 [0115.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4593b270, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4593b270, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4593b270, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x68c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBDGTbx[1].jpg", cAlternateFileName="BBDGTB~1.JPG")) returned 1 [0115.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x284, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBDk44m[1].png", cAlternateFileName="BBDK44~1.PNG")) returned 1 [0115.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a6bd70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a6bd70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a6bd70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2d04, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBDWXoC[1].jpg", cAlternateFileName="BBDWXO~1.JPG")) returned 1 [0115.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458c8e50, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x863, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBE3NcH[1].jpg", cAlternateFileName="BBE3NC~1.JPG")) returned 1 [0115.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459ad690, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBE7GLE[1].png", cAlternateFileName="BBE7GL~1.PNG")) returned 1 [0115.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ade190, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ade190, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1c9b, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBE8aLO[1].jpg", cAlternateFileName="BBE8AL~1.JPG")) returned 1 [0115.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a45c10, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x702, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEd5bF[1].jpg", cAlternateFileName="BBED5B~1.JPG")) returned 1 [0115.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50ebbff0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50ebbff0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50ebbff0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xaca8, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEdDNm[1].jpg", cAlternateFileName="BBEDDN~1.JPG")) returned 1 [0115.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458a2cf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x755, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEdpyr[1].jpg", cAlternateFileName="BBEDPY~1.JPG")) returned 1 [0115.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457e4610, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1c72, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEdQdv[1].jpg", cAlternateFileName="BBEDQD~1.JPG")) returned 1 [0115.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xa23, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEe62t[1].jpg", cAlternateFileName="BBEE62~1.JPG")) returned 1 [0115.498] SetEvent (hEvent=0xc0) returned 1 [0115.498] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe4ca790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1ca7, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEedPR[1].jpg", cAlternateFileName="BBEEDP~1.JPG")) returned 1 [0115.498] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe34d9d0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe34d9d0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe34d9d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x9ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEeTpB[1].jpg", cAlternateFileName="BBEETP~1.JPG")) returned 1 [0115.498] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe4ca790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x952, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEeTuf[1].jpg", cAlternateFileName="BBEETU~1.JPG")) returned 1 [0115.498] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b76710, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b76710, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b76710, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x7a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEeU5U[1].jpg", cAlternateFileName="BBEEU5~1.JPG")) returned 1 [0115.498] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x86f, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEf306[1].jpg", cAlternateFileName="BBEF30~1.JPG")) returned 1 [0115.498] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459613d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x828, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEf54R[1].jpg", cAlternateFileName="BBEF54~1.JPG")) returned 1 [0115.498] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4587cb90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4587cb90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4587cb90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3860, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEfBbH[1].jpg", cAlternateFileName="BBEFBB~1.JPG")) returned 1 [0115.498] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457be4b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457be4b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457be4b0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x19a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEfBq0[1].jpg", cAlternateFileName="BBEFBQ~1.JPG")) returned 1 [0115.498] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45bc29d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2619, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEfBrz[1].jpg", cAlternateFileName="BBEFBR~1.JPG")) returned 1 [0115.498] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b76710, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b76710, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b76710, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1f84, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEfXl6[1].jpg", cAlternateFileName="BBEFXL~1.JPG")) returned 1 [0115.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbded7090, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbded7090, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbded7090, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1c7e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgEH3[1].jpg", cAlternateFileName="BBEGEH~1.JPG")) returned 1 [0115.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8f9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgsz3[1].jpg", cAlternateFileName="BBEGSZ~1.JPG")) returned 1 [0115.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4574c090, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x9b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgTxB[1].jpg", cAlternateFileName="BBEGTX~1.JPG")) returned 1 [0115.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45bc29d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x36e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBo1lFJ[2].png", cAlternateFileName="BBO1LF~2.PNG")) returned 1 [0115.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x455f5430, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x455f5430, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x455f5430, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x23f, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBs47TE[1].png", cAlternateFileName="BBS47T~1.PNG")) returned 1 [0115.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45987530, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2cb0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBu9sWQ[1].jpg", cAlternateFileName="BBU9SW~1.JPG")) returned 1 [0115.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45bc29d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x228c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BByazif[2].jpg", cAlternateFileName="BBYAZI~2.JPG")) returned 1 [0115.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b51310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b51310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b51310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf13, dwReserved0=0x0, dwReserved1=0x0, cFileName="bs-components[1].css", cAlternateFileName="BS-COM~1.CSS")) returned 1 [0115.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30be, dwReserved0=0x0, dwReserved1=0x0, cFileName="bs-util[1].css", cAlternateFileName="BS-UTI~1.CSS")) returned 1 [0115.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd97bf10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbd97bf10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbd9a2070, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x254f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="c7-bdbd0d-91cdfbc1[1].txt", cAlternateFileName="C7-BDB~1.TXT")) returned 1 [0115.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x614e4380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x614e4380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x614e4380, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x211dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="cb=gapi[1].loaded_0", cAlternateFileName="CB_GAP~1.LOA")) returned 1 [0115.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x63c04d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63c04d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x63c04d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x653e, dwReserved0=0x0, dwReserved1=0x0, cFileName="cb=gapi[2].loaded_0", cAlternateFileName="CB_GAP~2.LOA")) returned 1 [0115.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x584c4b60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x584c4b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x58510e20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a03f, dwReserved0=0x0, dwReserved1=0x0, cFileName="chrome.min[1].css", cAlternateFileName="CHROME~1.CSS")) returned 1 [0115.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60c69520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60c69520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60c69520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x60c, dwReserved0=0x0, dwReserved1=0x0, cFileName="chrome_throbber_fast_16[1].gif", cAlternateFileName="CHROME~1.GIF")) returned 1 [0115.499] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0115.500] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x55333bf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x55333bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x55333bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="collect[1].gif", cAlternateFileName="COLLEC~1.GIF")) returned 1 [0115.500] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe8f4e10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe8f4e10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe8f4e10, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="ContainerTag[1].js", cAlternateFileName="CONTAI~1.JS")) returned 1 [0115.500] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0115.500] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60d9a020, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60d9a020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60de62e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x48ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula-mac[1].jpg", cAlternateFileName="EULA-M~1.JPG")) returned 1 [0115.500] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61093ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61093ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61093ba0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa84a, dwReserved0=0x0, dwReserved1=0x0, cFileName="ga[1].js", cAlternateFileName="GA_1_~1.JS")) returned 1 [0115.500] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe15e7f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe15e7f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe1f6d70, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1305, dwReserved0=0x0, dwReserved1=0x0, cFileName="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]", cAlternateFileName="GETYPE~1")) returned 1 [0115.501] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0115.502] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x659c6020, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x659c6020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65c99a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6c, dwReserved0=0x0, dwReserved1=0x0, cFileName="GoogleInstaller_de[1].application", cAlternateFileName="GOOGLE~1.APP")) returned 1 [0115.502] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0115.502] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf03f170, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf03f170, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf0652d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x4c9, dwReserved0=0x0, dwReserved1=0x0, cFileName="js[1]", cAlternateFileName="JS_1_~1")) returned 1 [0115.502] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2544b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf2544b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf2544b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x562, dwReserved0=0x0, dwReserved1=0x0, cFileName="js[2]", cAlternateFileName="JS_2_~1")) returned 1 [0115.502] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54feddb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54feddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x550601d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7a43, dwReserved0=0x0, dwReserved1=0x0, cFileName="latest[1].eot", cAlternateFileName="LATEST~1.EOT")) returned 1 [0115.502] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54cce0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54cce0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54d1a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a114, dwReserved0=0x0, dwReserved1=0x0, cFileName="MemMDL2.2.17[1].eot", cAlternateFileName="MEMMDL~1.EOT")) returned 1 [0115.502] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x605b7740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605b7740, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x605b7740, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x46c9, dwReserved0=0x0, dwReserved1=0x0, cFileName="modernizr[1].js", cAlternateFileName="MODERN~1.JS")) returned 1 [0115.502] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457e4610, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xec5, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNIdSync[1].js", cAlternateFileName="MSNIDS~1.JS")) returned 1 [0115.502] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfbb3b50, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfbb3b50, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfbb3b50, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="only[1].htm", cAlternateFileName="ONLY_1~1.HTM")) returned 1 [0115.503] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0115.503] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x6b6d, dwReserved0=0x0, dwReserved1=0x0, cFileName="player[1].js", cAlternateFileName="PLAYER~1.JS")) returned 1 [0115.503] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45856a30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x5f44, dwReserved0=0x0, dwReserved1=0x0, cFileName="player[2].js", cAlternateFileName="PLAYER~2.JS")) returned 1 [0115.503] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfb41730, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfb41730, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfb41730, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x67, dwReserved0=0x0, dwReserved1=0x0, cFileName="tecjslog[1].png", cAlternateFileName="TECJSL~1.PNG")) returned 1 [0115.503] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x692027e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x692027e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69232580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x805a, dwReserved0=0x0, dwReserved1=0x0, cFileName="thankyou[1].htm", cAlternateFileName="THANKY~1.HTM")) returned 1 [0115.503] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x55c14b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x55c14b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x55c14b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x911, dwReserved0=0x0, dwReserved1=0x0, cFileName="th[1].jpg", cAlternateFileName="TH_1_~1.JPG")) returned 1 [0115.503] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0115.503] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0115.505] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0115.505] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45027e90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45027e90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45027e90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xa756)) returned 1 [0115.506] SetEvent (hEvent=0x12c) returned 1 [0115.506] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54962130, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54962130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x549ae3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x461fe)) returned 1 [0115.507] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53017770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53017770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53017770, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14d)) returned 1 [0115.507] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x197)) returned 1 [0115.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45856a30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2c2)) returned 1 [0115.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a1fab0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2c2)) returned 1 [0115.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45bc29d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x204)) returned 1 [0115.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50ebbff0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50ebbff0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50ebbff0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2ed)) returned 1 [0115.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454eaa90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454eaa90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454eaa90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2fc)) returned 1 [0115.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x340b)) returned 1 [0115.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538925d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538925d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538b8730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x19a4)) returned 1 [0115.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5159c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5159c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5159c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x35c)) returned 1 [0115.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45bc29d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x19a)) returned 1 [0115.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458308d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x278e)) returned 1 [0115.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xfe)) returned 1 [0115.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45915110, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2c0)) returned 1 [0115.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLcCz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbblccz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53337450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2143)) returned 1 [0115.523] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0115.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5348e0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5348e0b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5348e0b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x912)) returned 1 [0115.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x532eb190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x6e8)) returned 1 [0115.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x537add90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x537add90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x537add90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36d2)) returned 1 [0115.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53194530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x75e)) returned 1 [0115.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539049f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x6dc)) returned 1 [0115.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53467f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53467f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5348e0b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9be)) returned 1 [0115.525] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53194530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1694)) returned 1 [0115.538] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539e9230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539e9230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53a0f390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x85d)) returned 1 [0115.538] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x515e8570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x878)) returned 1 [0115.538] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f59090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f59090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f59090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x878)) returned 1 [0115.538] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x530afcf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x77f)) returned 1 [0115.540] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0115.545] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538b8730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x22b3)) returned 1 [0115.545] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ec0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ec0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52ec0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x19cf)) returned 1 [0115.545] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b2bd440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5b2bd440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5b2bd440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ca1)) returned 1 [0115.547] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0115.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53089b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2131)) returned 1 [0115.585] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53950cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53950cb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539c30d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1f37)) returned 1 [0115.585] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5530da90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5530da90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5530da90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x370a)) returned 1 [0115.585] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51256470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51256470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51256470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x22a0)) returned 1 [0115.586] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC06ZQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc06zq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53657130, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53657130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53657130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2036)) returned 1 [0115.586] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b2bd440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5b2bd440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5b2bd440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13fd)) returned 1 [0115.586] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e74850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x884)) returned 1 [0115.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f0cdd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f0cdd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f0cdd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x34d8)) returned 1 [0115.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61282d80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61282d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61282d80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2fd1)) returned 1 [0115.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e28590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29c3)) returned 1 [0115.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e9a9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e9a9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e9a9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa7b)) returned 1 [0115.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5127c5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5127c5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5127c5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x17af)) returned 1 [0115.588] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fa5350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fa5350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fa5350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf3)) returned 1 [0115.588] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459f9950, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459f9950, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459f9950, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x350a)) returned 1 [0115.588] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4593b270, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4593b270, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4593b270, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x68c)) returned 1 [0115.588] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0115.589] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a6bd70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a6bd70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a6bd70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2d04)) returned 1 [0115.589] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x284)) returned 1 [0115.589] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458c8e50, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x863)) returned 1 [0115.589] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459ad690, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2b5)) returned 1 [0115.590] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ade190, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ade190, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1c9b)) returned 1 [0115.590] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a45c10, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x702)) returned 1 [0115.590] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50ebbff0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50ebbff0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50ebbff0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xaca8)) returned 1 [0115.628] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0115.667] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457e4610, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1c72)) returned 1 [0115.857] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458a2cf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x755)) returned 1 [0116.008] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xa23)) returned 1 [0116.268] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe34d9d0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe34d9d0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe34d9d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x9ef)) returned 1 [0116.574] SetEvent (hEvent=0xc0) returned 1 [0116.574] SetEvent (hEvent=0x304) returned 1 [0116.575] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0116.575] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetuf[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe4ca790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x952)) returned 1 [0116.667] SetEvent (hEvent=0x9c) returned 1 [0116.667] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0116.668] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b76710, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b76710, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b76710, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x7a9)) returned 1 [0117.158] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0117.159] SetEvent (hEvent=0x1dc) returned 1 [0117.159] SetEvent (hEvent=0x3c4) returned 1 [0117.159] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0117.194] SetEvent (hEvent=0x3c4) returned 1 [0117.194] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0117.205] SetEvent (hEvent=0x39c) returned 1 [0117.205] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0117.214] SetEvent (hEvent=0x304) returned 1 [0117.214] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0117.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x348 [0117.327] GetConsoleMode (in: hConsoleHandle=0x348, lpMode=0xc00026dcf4 | out: lpMode=0xc00026dcf4) returned 0 [0117.330] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0117.386] GetFileType (hFile=0x348) returned 0x1 [0117.386] GetFileType (hFile=0x348) returned 0x1 [0117.386] GetFileInformationByHandle (in: hFile=0x348, lpFileInformation=0xc00026dd44 | out: lpFileInformation=0xc00026dd44) returned 1 [0117.386] GetFileInformationByHandleEx (in: hFile=0x348, FileInformationClass=0x9, lpFileInformation=0xc00026dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026dd28) returned 1 [0117.386] VirtualAlloc (lpAddress=0xc000346000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0117.388] ReadFile (in: hFile=0x348, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x248c, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc00026dc04*=0x228c, lpOverlapped=0x0) returned 1 [0117.394] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0117.508] ReadFile (in: hFile=0x348, lpBuffer=0xc00034828c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00034828c*, lpNumberOfBytesRead=0xc00026dc04*=0x0, lpOverlapped=0x0) returned 1 [0117.508] CloseHandle (hObject=0x348) returned 1 [0117.508] VirtualAlloc (lpAddress=0xc000444000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000444000 [0117.510] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0117.628] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc00026dd04 | out: lpMode=0xc00026dd04) returned 0 [0117.633] GetFileType (hFile=0x3bc) returned 0x1 [0117.633] VirtualAlloc (lpAddress=0xc0004d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004d0000 [0117.633] WriteFile (in: hFile=0x3bc, lpBuffer=0xc000444000*, nNumberOfBytesToWrite=0x2290, lpNumberOfBytesWritten=0xc00026dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000444000*, lpNumberOfBytesWritten=0xc00026dcec*=0x2290, lpOverlapped=0x0) returned 1 [0117.635] CloseHandle (hObject=0x3bc) returned 1 [0117.670] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0117.745] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532b01 | out: pbBuffer=0xc000532b01) returned 1 [0117.745] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0117.764] SetEvent (hEvent=0x30c) returned 1 [0117.764] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0117.935] SetEvent (hEvent=0x1dc) returned 1 [0117.935] SetEvent (hEvent=0x30c) returned 1 [0117.935] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0117.965] GetFileType (hFile=0x2e0) returned 0x1 [0117.965] WriteFile (in: hFile=0x2e0, lpBuffer=0xc000182160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000113d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000182160*, lpNumberOfBytesWritten=0xc000113d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.965] CloseHandle (hObject=0x2e0) returned 1 [0117.966] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-b2fd15[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-b2fd15[1].eot"), dwFlags=0x1) returned 1 [0118.581] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0118.733] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d4 [0118.733] GetConsoleMode (in: hConsoleHandle=0x3d4, lpMode=0xc0000f3cf4 | out: lpMode=0xc0000f3cf4) returned 0 [0118.738] GetFileType (hFile=0x3d4) returned 0x1 [0118.738] GetFileType (hFile=0x3d4) returned 0x1 [0118.738] GetFileInformationByHandle (in: hFile=0x3d4, lpFileInformation=0xc0000f3d44 | out: lpFileInformation=0xc0000f3d44) returned 1 [0118.738] GetFileInformationByHandleEx (in: hFile=0x3d4, FileInformationClass=0x9, lpFileInformation=0xc0000f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f3d28) returned 1 [0118.738] ReadFile (in: hFile=0x3d4, lpBuffer=0xc000094400, nNumberOfBytesToRead=0x3c4, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094400*, lpNumberOfBytesRead=0xc0000f3c04*=0x1c4, lpOverlapped=0x0) returned 1 [0118.746] ReadFile (in: hFile=0x3d4, lpBuffer=0xc0000945c4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000945c4*, lpNumberOfBytesRead=0xc0000f3c04*=0x0, lpOverlapped=0x0) returned 1 [0118.746] CloseHandle (hObject=0x3d4) returned 1 [0118.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d4 [0118.748] GetConsoleMode (in: hConsoleHandle=0x3d4, lpMode=0xc0000f3d04 | out: lpMode=0xc0000f3d04) returned 0 [0118.752] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0118.848] SetEvent (hEvent=0x30c) returned 1 [0118.848] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0118.886] SetEvent (hEvent=0x208) returned 1 [0118.886] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0118.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d4 [0118.899] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0118.905] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0119.007] GetFileType (hFile=0x2d4) returned 0x1 [0119.007] GetFileType (hFile=0x2d4) returned 0x1 [0119.007] GetFileInformationByHandle (in: hFile=0x2d4, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0119.007] GetFileInformationByHandleEx (in: hFile=0x2d4, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0119.007] ReadFile (in: hFile=0x2d4, lpBuffer=0xc0002caa80, nNumberOfBytesToRead=0xa6e, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002caa80*, lpNumberOfBytesRead=0xc0006e1c04*=0x86e, lpOverlapped=0x0) returned 1 [0119.011] ReadFile (in: hFile=0x2d4, lpBuffer=0xc0002cb2ee, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002cb2ee*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0119.011] CloseHandle (hObject=0x2d4) returned 1 [0119.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0119.042] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0119.045] GetFileType (hFile=0x2cc) returned 0x1 [0119.045] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0002fd200*, nNumberOfBytesToWrite=0x870, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002fd200*, lpNumberOfBytesWritten=0xc0006e1cec*=0x870, lpOverlapped=0x0) returned 1 [0119.045] CloseHandle (hObject=0x2cc) returned 1 [0119.051] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a801 | out: pbBuffer=0xc00031a801) returned 1 [0119.051] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x22c [0119.051] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0119.052] GetFileType (hFile=0x22c) returned 0x1 [0119.052] WriteFile (in: hFile=0x22c, lpBuffer=0xc0001c06e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c06e0*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.053] CloseHandle (hObject=0x22c) returned 1 [0119.058] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBC02Gr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbc02gr[1].jpg"), dwFlags=0x1) returned 1 [0119.271] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f698, ulCount=0x10, ulNumEntriesRemoved=0x27e5f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f698, ulNumEntriesRemoved=0x27e5f66c) returned 0 [0119.271] SetEvent (hEvent=0x9c) returned 1 [0119.272] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe08*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.272] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x27e5f6a0, ulCount=0x10, ulNumEntriesRemoved=0x27e5f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x27e5f6a0, ulNumEntriesRemoved=0x27e5f674) returned 0 [0119.272] SetEvent (hEvent=0x9c) returned 1 [0119.272] WaitForMultipleObjects (nCount=0x2, lpHandles=0x27e5fe18*=0xb8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.273] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0119.289] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0119.293] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0119.392] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0141.502] SetEvent (hEvent=0x354) returned 1 [0141.502] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0141.504] SetEvent (hEvent=0x39c) returned 1 [0141.504] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0141.509] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0S4Zi2d7.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0s4zi2d7.ots.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d0 [0141.510] GetConsoleMode (in: hConsoleHandle=0x2d0, lpMode=0xc0002a3cf4 | out: lpMode=0xc0002a3cf4) returned 0 [0141.511] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0141.942] GetFileType (hFile=0x2d0) returned 0x1 [0141.942] GetFileType (hFile=0x2d0) returned 0x1 [0141.942] GetFileInformationByHandle (in: hFile=0x2d0, lpFileInformation=0xc0002a3d44 | out: lpFileInformation=0xc0002a3d44) returned 1 [0141.942] GetFileInformationByHandleEx (in: hFile=0x2d0, FileInformationClass=0x9, lpFileInformation=0xc0002a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a3d28) returned 1 [0141.942] VirtualAlloc (lpAddress=0xc000308000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000308000 [0141.944] ReadFile (in: hFile=0x2d0, lpBuffer=0xc000308000, nNumberOfBytesToRead=0x113f, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000308000*, lpNumberOfBytesRead=0xc0002a3c04*=0xf3f, lpOverlapped=0x0) returned 1 [0142.661] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0143.301] ReadFile (in: hFile=0x2d0, lpBuffer=0xc000308f3f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000308f3f*, lpNumberOfBytesRead=0xc0002a3c04*=0x0, lpOverlapped=0x0) returned 1 [0143.301] CloseHandle (hObject=0x2d0) returned 1 [0143.302] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0S4Zi2d7.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0s4zi2d7.ots.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0143.303] GetConsoleMode (in: hConsoleHandle=0x2d0, lpMode=0xc0002a3d04 | out: lpMode=0xc0002a3d04) returned 0 [0143.312] GetFileType (hFile=0x2d0) returned 0x1 [0143.312] WriteFile (in: hFile=0x2d0, lpBuffer=0xc000653000*, nNumberOfBytesToWrite=0xf40, lpNumberOfBytesWritten=0xc0002a3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000653000*, lpNumberOfBytesWritten=0xc0002a3cec*=0xf40, lpOverlapped=0x0) returned 1 [0143.314] CloseHandle (hObject=0x2d0) returned 1 [0143.314] VirtualAlloc (lpAddress=0xc0006b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006b4000 [0143.315] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0143.315] VirtualAlloc (lpAddress=0xc0006b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006b6000 [0143.316] VirtualAlloc (lpAddress=0xc0006b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006b8000 [0143.318] VirtualAlloc (lpAddress=0xc0006ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ba000 [0143.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0S4Zi2d7.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0s4zi2d7.ots.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0143.319] GetConsoleMode (in: hConsoleHandle=0x2d0, lpMode=0xc0002a3d64 | out: lpMode=0xc0002a3d64) returned 0 [0143.327] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0144.244] GetFileType (hFile=0x2d0) returned 0x1 [0144.244] WriteFile (in: hFile=0x2d0, lpBuffer=0xc000614dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614dc0*, lpNumberOfBytesWritten=0xc0002a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.244] CloseHandle (hObject=0x2d0) returned 1 [0144.245] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0S4Zi2d7.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0s4zi2d7.ots.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-0S4Zi2d7.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-0s4zi2d7.ots.lnk"), dwFlags=0x1) returned 1 [0144.247] SetEvent (hEvent=0xa58) returned 1 [0144.247] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0144.270] VirtualFree (lpAddress=0xc0003d4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.271] VirtualFree (lpAddress=0xc000292000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0144.272] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.273] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0144.274] SetEvent (hEvent=0x9c) returned 1 [0144.274] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0144.294] SetEvent (hEvent=0xc1c) returned 1 [0144.294] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0144.304] SetEvent (hEvent=0xa60) returned 1 [0144.304] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0144.313] SetEvent (hEvent=0xc24) returned 1 [0144.313] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0144.326] VirtualFree (lpAddress=0xc0006f2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.327] VirtualFree (lpAddress=0xc00061a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.328] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.328] SetEvent (hEvent=0xc34) returned 1 [0144.329] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) returned 0x0 [0144.336] SetEvent (hEvent=0x1dc) returned 1 [0144.336] WaitForSingleObject (hHandle=0xb8, dwMilliseconds=0xffffffff) Thread: id = 6 os_tid = 0x364 [0072.067] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2850fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2850fea0*=0x104) returned 1 [0072.068] VirtualQuery (in: lpAddress=0x2850fec0, lpBuffer=0x2850fec0, dwLength=0x30 | out: lpBuffer=0x2850fec0*(BaseAddress=0x2850f000, AllocationBase=0x28310000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0072.068] SetEvent (hEvent=0x9c) returned 1 [0072.068] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x108 [0072.068] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x10c [0072.068] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0072.068] SetEvent (hEvent=0x9c) returned 1 [0072.068] SetEvent (hEvent=0xb8) returned 1 [0072.068] VirtualFree (lpAddress=0xc0004d2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0072.068] SwitchToThread () returned 1 [0072.069] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0072.434] SetEvent (hEvent=0xb8) returned 1 [0072.434] VirtualAlloc (lpAddress=0xc000508000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000508000 [0072.435] GetProcAddress (hModule=0x77940000, lpProcName="ReadFile") returned 0x77951500 [0072.435] ReadFile (in: hFile=0xe0, lpBuffer=0xc000508000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dbd3c, lpOverlapped=0x0 | out: lpBuffer=0xc000508000*, lpNumberOfBytesRead=0xc0004dbd3c*=0x3, lpOverlapped=0x0) returned 1 [0089.547] SetEvent (hEvent=0xc0) returned 1 [0089.548] VirtualAlloc (lpAddress=0xc00050a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00050a000 [0089.549] ReadFile (in: hFile=0xe0, lpBuffer=0xc00050a003, nNumberOfBytesToRead=0x5fd, lpNumberOfBytesRead=0xc0004dbd3c, lpOverlapped=0x0 | out: lpBuffer=0xc00050a003*, lpNumberOfBytesRead=0xc0004dbd3c*=0x2, lpOverlapped=0x0) returned 1 [0089.549] ReadFile (in: hFile=0xe0, lpBuffer=0xc00050a005, nNumberOfBytesToRead=0x5fb, lpNumberOfBytesRead=0xc0004dbd3c, lpOverlapped=0x0 | out: lpBuffer=0xc00050a005, lpNumberOfBytesRead=0xc0004dbd3c*=0x0, lpOverlapped=0x0) returned 0 [0089.736] SetEvent (hEvent=0xc0) returned 1 [0089.736] CancelIoEx (hFile=0xe0, lpOverlapped=0x0) returned 0 [0089.736] CloseHandle (hObject=0xe0) returned 1 [0089.737] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0089.852] SetEvent (hEvent=0x9c) returned 1 [0089.852] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf0 [0089.852] GetConsoleMode (in: hConsoleHandle=0xf0, lpMode=0xc0004d9cf4 | out: lpMode=0xc0004d9cf4) returned 0 [0089.858] GetFileType (hFile=0xf0) returned 0x1 [0089.858] GetFileType (hFile=0xf0) returned 0x1 [0089.858] GetFileInformationByHandle (in: hFile=0xf0, lpFileInformation=0xc0004d9d44 | out: lpFileInformation=0xc0004d9d44) returned 1 [0089.858] GetFileInformationByHandleEx (in: hFile=0xf0, FileInformationClass=0x9, lpFileInformation=0xc0004d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004d9d28) returned 1 [0089.859] ReadFile (in: hFile=0xf0, lpBuffer=0xc000126000, nNumberOfBytesToRead=0x21edb, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000126000*, lpNumberOfBytesRead=0xc0004d9c04*=0x21cdb, lpOverlapped=0x0) returned 1 [0089.870] ReadFile (in: hFile=0xf0, lpBuffer=0xc000147cdb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000147cdb*, lpNumberOfBytesRead=0xc0004d9c04*=0x0, lpOverlapped=0x0) returned 1 [0089.870] CloseHandle (hObject=0xf0) returned 1 [0089.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf0 [0089.873] GetConsoleMode (in: hConsoleHandle=0xf0, lpMode=0xc0004d9d04 | out: lpMode=0xc0004d9d04) returned 0 [0089.881] GetFileType (hFile=0xf0) returned 0x1 [0089.881] VirtualAlloc (lpAddress=0xc000530000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000530000 [0089.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf8 [0089.882] GetConsoleMode (in: hConsoleHandle=0xf8, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0089.900] GetFileType (hFile=0xf8) returned 0x1 [0089.900] GetFileType (hFile=0xf8) returned 0x1 [0089.900] GetFileInformationByHandle (in: hFile=0xf8, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0089.900] GetFileInformationByHandleEx (in: hFile=0xf8, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0089.900] VirtualAlloc (lpAddress=0xc00053a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00053a000 [0089.901] ReadFile (in: hFile=0xf8, lpBuffer=0xc00053a000, nNumberOfBytesToRead=0xc74, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00053a000*, lpNumberOfBytesRead=0xc0006e1c04*=0xa74, lpOverlapped=0x0) returned 1 [0089.907] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0089.964] ReadFile (in: hFile=0xf8, lpBuffer=0xc00053aa74, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00053aa74*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0089.964] CloseHandle (hObject=0xf8) returned 1 [0089.964] SetEvent (hEvent=0x13c) returned 1 [0089.964] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0089.969] SetEvent (hEvent=0x8c) returned 1 [0089.969] SetEvent (hEvent=0x13c) returned 1 [0089.969] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0090.050] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0090.054] SetEvent (hEvent=0x13c) returned 1 [0090.054] SetEvent (hEvent=0x8c) returned 1 [0090.054] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0090.182] SetEvent (hEvent=0x120) returned 1 [0090.182] SwitchToThread () returned 1 [0090.223] SwitchToThread () returned 1 [0090.224] SetEvent (hEvent=0x120) returned 1 [0090.224] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0090.225] SetEvent (hEvent=0x120) returned 1 [0090.225] SetEvent (hEvent=0x13c) returned 1 [0090.225] VirtualFree (lpAddress=0xc000566000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0090.226] VirtualFree (lpAddress=0xc000362000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0090.226] VirtualFree (lpAddress=0xc00010c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0090.227] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.227] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.227] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.227] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.228] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0090.228] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.228] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.228] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a307ea0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap.exe", cAlternateFileName="CLICKO~1.EXE")) returned 1 [0090.228] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap.exe.cdf-ms", cAlternateFileName="")) returned 1 [0090.228] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x354b, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap.exe.manifest", cAlternateFileName="")) returned 1 [0090.229] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap_unsigned.cdf-ms", cAlternateFileName="CLICKO~1.CDF")) returned 1 [0090.229] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x560, dwReserved0=0x0, dwReserved1=0x0, cFileName="clickonce_bootstrap_unsigned.manifest", cAlternateFileName="CLICKO~1.MAN")) returned 1 [0090.229] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58, dwReserved0=0x0, dwReserved1=0x0, cFileName="GoogleUpdateSetup.exe", cAlternateFileName="")) returned 1 [0090.229] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.229] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0090.230] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0090.230] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb418 | out: lpFileInformation=0xc0000bb418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a295a80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x113f58)) returned 1 [0090.231] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb418 | out: lpFileInformation=0xc0000bb418*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a307ea0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c50)) returned 1 [0090.232] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0090.233] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0090.233] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.cdf-ms"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb418 | out: lpFileInformation=0xc0000bb418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42d0)) returned 1 [0090.234] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0090.235] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb418 | out: lpFileInformation=0xc0000bb418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x354b)) returned 1 [0090.236] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb418 | out: lpFileInformation=0xc0000bb418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee0)) returned 1 [0090.237] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.manifest"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb418 | out: lpFileInformation=0xc0000bb418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x560)) returned 1 [0090.237] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0090.238] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0090.238] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb4f0 | out: lpFileInformation=0xc0000bb4f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0090.239] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0090.239] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\*", lpFindFileData=0xc0000bb2a8 | out: lpFindFileData=0xc0000bb2a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0090.244] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65f935c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.244] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms", cAlternateFileName="CLICEX~1.CDF")) returned 1 [0090.244] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x354b, dwReserved0=0x0, dwReserved1=0x0, cFileName="clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest", cAlternateFileName="CLICEX~1.MAN")) returned 1 [0090.244] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x38b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms", cAlternateFileName="GOOGAP~1.CDF")) returned 1 [0090.244] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2e30, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest", cAlternateFileName="GOOGAP~1.MAN")) returned 1 [0090.244] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.244] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0090.245] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb418 | out: lpFileInformation=0xc0000bb418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42d0)) returned 1 [0090.246] VirtualAlloc (lpAddress=0xc000114000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000114000 [0090.247] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb418 | out: lpFileInformation=0xc0000bb418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x354b)) returned 1 [0090.247] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb418 | out: lpFileInformation=0xc0000bb418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x38b0)) returned 1 [0090.248] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb418 | out: lpFileInformation=0xc0000bb418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a37a2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a37a2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a37a2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2e30)) returned 1 [0090.249] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0090.249] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\data"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb6a0 | out: lpFileInformation=0xc0000bb6a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0090.250] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0090.250] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\*", lpFindFileData=0xc0000bb458 | out: lpFindFileData=0xc0000bb458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0090.250] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.250] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CJW3O3KP.BX7", cAlternateFileName="")) returned 1 [0090.250] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.250] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0090.251] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\data\\cjw3o3kp.bx7"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb5c8 | out: lpFileInformation=0xc0000bb5c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0090.251] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\data\\cjw3o3kp.bx7"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0090.251] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\*", lpFindFileData=0xc0000bb380 | out: lpFindFileData=0xc0000bb380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0090.251] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65fb9720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65fb9720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.251] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6NG60CXZ.9GJ", cAlternateFileName="")) returned 1 [0090.251] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.251] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0090.251] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\data\\cjw3o3kp.bx7\\6ng60cxz.9gj"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb4f0 | out: lpFileInformation=0xc0000bb4f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0090.253] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\data\\cjw3o3kp.bx7\\6ng60cxz.9gj"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0090.253] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\*", lpFindFileData=0xc0000bb2a8 | out: lpFindFileData=0xc0000bb2a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0090.253] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65fb9720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.253] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec", cAlternateFileName="GOOGAP~1.000")) returned 1 [0090.253] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0090.254] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb2d8 | out: lpFindFileData=0xc0000bb2d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.254] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0090.254] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\data\\cjw3o3kp.bx7\\6ng60cxz.9gj\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb418 | out: lpFileInformation=0xc0000bb418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0090.258] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0090.277] SetEvent (hEvent=0x13c) returned 1 [0090.277] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0090.278] SetEvent (hEvent=0x9c) returned 1 [0090.279] VirtualFree (lpAddress=0xc0006ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.279] VirtualFree (lpAddress=0xc000574000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0090.279] VirtualFree (lpAddress=0xc00055e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.280] VirtualFree (lpAddress=0xc000062000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.280] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.280] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.280] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0090.281] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.281] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0090.281] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.281] GetFileType (hFile=0x128) returned 0x1 [0090.281] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d1500*, nNumberOfBytesToWrite=0x1410, lpNumberOfBytesWritten=0xc0006e3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesWritten=0xc0006e3cec*=0x1410, lpOverlapped=0x0) returned 1 [0090.283] CloseHandle (hObject=0x128) returned 1 [0090.285] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0090.285] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0090.285] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0006e3d64 | out: lpMode=0xc0006e3d64) returned 0 [0090.318] GetFileType (hFile=0x128) returned 0x1 [0090.318] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006e3d4c*=0x158, lpOverlapped=0x0) returned 1 [0090.318] CloseHandle (hObject=0x128) returned 1 [0090.320] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\encry-SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\encry-shareddataevents"), dwFlags=0x1) returned 1 [0090.321] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00004b818, lpReserved=0x0 | out: lpBuffer=0xc0005861f0*, lpNumberOfCharsWritten=0xc00004b818*=0x3) returned 1 [0090.335] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0090.336] SetEvent (hEvent=0x8c) returned 1 [0090.336] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0090.366] SetEvent (hEvent=0x12c) returned 1 [0090.366] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0090.416] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0090.417] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0090.418] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0090.418] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0090.418] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0000c1cf4 | out: lpMode=0xc0000c1cf4) returned 0 [0090.434] GetFileType (hFile=0x150) returned 0x1 [0090.434] VirtualAlloc (lpAddress=0xc000062000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000062000 [0090.435] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0090.435] GetFileType (hFile=0x150) returned 0x1 [0090.435] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0000c1d44 | out: lpFileInformation=0xc0000c1d44) returned 1 [0090.435] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0000c1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c1d28) returned 1 [0090.435] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0090.436] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0090.436] ReadFile (in: hFile=0x150, lpBuffer=0xc000264000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000264000*, lpNumberOfBytesRead=0xc0000c1c04*=0x0, lpOverlapped=0x0) returned 1 [0090.436] CloseHandle (hObject=0x150) returned 1 [0090.437] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0090.437] VirtualAlloc (lpAddress=0xc000268000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000268000 [0090.437] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0090.438] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0000c1d04 | out: lpMode=0xc0000c1d04) returned 0 [0090.478] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0090.595] SetEvent (hEvent=0x13c) returned 1 [0090.595] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.097] SetEvent (hEvent=0x100) returned 1 [0091.098] SetEvent (hEvent=0xb8) returned 1 [0091.098] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.153] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0091.154] VirtualAlloc (lpAddress=0xc0000f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f4000 [0091.154] VirtualAlloc (lpAddress=0xc0000f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f6000 [0091.154] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0091.154] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0006e3cf4 | out: lpMode=0xc0006e3cf4) returned 0 [0091.162] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.166] SetEvent (hEvent=0x120) returned 1 [0091.167] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.168] SetEvent (hEvent=0x120) returned 1 [0091.168] SetEvent (hEvent=0xb8) returned 1 [0091.168] VirtualFree (lpAddress=0xc0000f4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0091.169] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.169] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.169] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.170] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0091.170] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.170] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.170] VirtualFree (lpAddress=0xc000058000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0091.171] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.171] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.171] GetFileType (hFile=0x154) returned 0x1 [0091.172] WriteFile (in: hFile=0x154, lpBuffer=0xc00004c000*, nNumberOfBytesToWrite=0xef0, lpNumberOfBytesWritten=0xc00010fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesWritten=0xc00010fcec*=0xef0, lpOverlapped=0x0) returned 1 [0091.173] CloseHandle (hObject=0x154) returned 1 [0091.177] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0091.177] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0091.178] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0091.178] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00010fd64 | out: lpMode=0xc00010fd64) returned 0 [0091.181] GetFileType (hFile=0x154) returned 0x1 [0091.181] WriteFile (in: hFile=0x154, lpBuffer=0xc000040580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000040580*, lpNumberOfBytesWritten=0xc00010fd4c*=0x158, lpOverlapped=0x0) returned 1 [0091.182] CloseHandle (hObject=0x154) returned 1 [0091.184] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\encry-clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\encry-clickonce_bootstrap_unsigned.cdf-ms"), dwFlags=0x1) returned 1 [0091.186] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0091.186] SetEvent (hEvent=0x114) returned 1 [0091.186] SetEvent (hEvent=0x12c) returned 1 [0091.187] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.188] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.188] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.189] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.189] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0091.189] SetEvent (hEvent=0xb8) returned 1 [0091.189] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0091.198] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000c7cf4 | out: lpMode=0xc0000c7cf4) returned 0 [0091.210] GetFileType (hFile=0x154) returned 0x1 [0091.210] GetFileType (hFile=0x154) returned 0x1 [0091.210] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc0000c7d44 | out: lpFileInformation=0xc0000c7d44) returned 1 [0091.210] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc0000c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c7d28) returned 1 [0091.210] VirtualAlloc (lpAddress=0xc000128000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000128000 [0091.213] ReadFile (in: hFile=0x154, lpBuffer=0xc000128000, nNumberOfBytesToRead=0x1ab18, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000128000*, lpNumberOfBytesRead=0xc0000c7c04*=0x1a918, lpOverlapped=0x0) returned 1 [0091.219] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.225] ReadFile (in: hFile=0x154, lpBuffer=0xc000142918, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000142918*, lpNumberOfBytesRead=0xc0000c7c04*=0x0, lpOverlapped=0x0) returned 1 [0091.225] CloseHandle (hObject=0x154) returned 1 [0091.225] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0091.225] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0091.228] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0091.228] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0091.230] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000c7d04 | out: lpMode=0xc0000c7d04) returned 0 [0091.248] GetFileType (hFile=0x154) returned 0x1 [0091.248] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0091.248] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0091.249] WriteFile (in: hFile=0x154, lpBuffer=0xc000180000*, nNumberOfBytesToWrite=0x1a920, lpNumberOfBytesWritten=0xc0000c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesWritten=0xc0000c7cec*=0x1a920, lpOverlapped=0x0) returned 1 [0091.253] CloseHandle (hObject=0x154) returned 1 [0091.257] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0091.257] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0091.257] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0091.258] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0091.258] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0091.258] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000c7d64 | out: lpMode=0xc0000c7d64) returned 0 [0091.322] GetFileType (hFile=0x154) returned 0x1 [0091.322] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0091.322] WriteFile (in: hFile=0x154, lpBuffer=0xc00015c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00015c000*, lpNumberOfBytesWritten=0xc0000c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0091.323] CloseHandle (hObject=0x154) returned 1 [0091.326] VirtualAlloc (lpAddress=0xc00015e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015e000 [0091.327] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0091.328] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\encry-GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\encry-gdipfontcachev1.dat"), dwFlags=0x1) returned 1 [0091.332] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.333] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0091.333] SetEvent (hEvent=0xc0) returned 1 [0091.333] SetEvent (hEvent=0x114) returned 1 [0091.333] SetEvent (hEvent=0x120) returned 1 [0091.334] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0091.335] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.350] SetEvent (hEvent=0x120) returned 1 [0091.350] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.356] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.356] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0091.357] SetEvent (hEvent=0x12c) returned 1 [0091.357] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.371] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0091.371] SetEvent (hEvent=0xb8) returned 1 [0091.371] SetEvent (hEvent=0x114) returned 1 [0091.371] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0091.373] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.478] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.478] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.484] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.484] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0091.485] SetEvent (hEvent=0x12c) returned 1 [0091.485] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.494] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.494] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.495] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0091.495] SetEvent (hEvent=0xc0) returned 1 [0091.495] SetEvent (hEvent=0x120) returned 1 [0091.495] SetEvent (hEvent=0xb8) returned 1 [0091.495] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.496] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.496] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.497] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.497] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0091.497] SetEvent (hEvent=0x120) returned 1 [0091.497] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.563] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.564] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0091.564] SetEvent (hEvent=0xc0) returned 1 [0091.564] SetEvent (hEvent=0x120) returned 1 [0091.564] ReadFile (in: hFile=0x14c, lpBuffer=0xc0006ea000, nNumberOfBytesToRead=0x402200, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006ea000*, lpNumberOfBytesRead=0xc000111c04*=0x402000, lpOverlapped=0x0) returned 1 [0091.669] ReadFile (in: hFile=0x14c, lpBuffer=0xc000aec000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc000aec000*, lpNumberOfBytesRead=0xc000111c04*=0x0, lpOverlapped=0x0) returned 1 [0091.670] CloseHandle (hObject=0x14c) returned 1 [0091.670] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.676] SetEvent (hEvent=0x12c) returned 1 [0091.676] ReadFile (in: hFile=0xec, lpBuffer=0xc000060000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesRead=0xc00004bc04*=0x0, lpOverlapped=0x0) returned 1 [0091.677] CloseHandle (hObject=0xec) returned 1 [0091.677] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0091.677] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0091.678] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0091.678] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies-journal"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0091.678] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00004bd04 | out: lpMode=0xc00004bd04) returned 0 [0091.696] GetFileType (hFile=0xec) returned 0x1 [0091.696] WriteFile (in: hFile=0xec, lpBuffer=0xc0000100b0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc00004bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000100b0*, lpNumberOfBytesWritten=0xc00004bcec*=0x10, lpOverlapped=0x0) returned 1 [0091.698] CloseHandle (hObject=0xec) returned 1 [0091.700] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0091.700] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0091.700] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0091.701] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0091.701] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0091.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies-journal"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0091.702] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00004bd64 | out: lpMode=0xc00004bd64) returned 0 [0091.713] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.764] SetEvent (hEvent=0x120) returned 1 [0091.764] SwitchToThread () returned 1 [0091.794] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.807] SetEvent (hEvent=0x13c) returned 1 [0091.807] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.808] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82bed750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x156, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0091.808] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82adc050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82adc050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0091.808] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ad9940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0091.808] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0091.808] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0091.808] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0091.808] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0091.809] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0091.809] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82bed750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x156)) returned 1 [0091.816] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82adc050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82adc050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0091.817] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\lock"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ad9940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0091.823] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.831] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.837] SetEvent (hEvent=0x120) returned 1 [0091.837] SetEvent (hEvent=0xb8) returned 1 [0091.837] VirtualFree (lpAddress=0xc000232000, dwSize=0x82000, dwFreeType=0x4000) returned 1 [0091.841] VirtualFree (lpAddress=0xc000180000, dwSize=0x82000, dwFreeType=0x4000) returned 1 [0091.844] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.845] VirtualFree (lpAddress=0xc0000f4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0091.845] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.845] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.845] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.846] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0091.846] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.846] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.847] VirtualAlloc (lpAddress=0xc000c00000, dwSize=0x800000, flAllocationType=0x2000, flProtect=0x4) returned 0xc000c00000 [0091.847] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x29200000 [0091.848] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x29230000 [0091.848] VirtualAlloc (lpAddress=0xc000aee000, dwSize=0x404000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.848] VirtualAlloc (lpAddress=0xc000aee000, dwSize=0x404000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.848] VirtualAlloc (lpAddress=0xc000aee000, dwSize=0x202000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.849] VirtualAlloc (lpAddress=0xc000aee000, dwSize=0x101000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000aee000 [0091.852] VirtualAlloc (lpAddress=0xc000bef000, dwSize=0x303000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.852] VirtualAlloc (lpAddress=0xc000bef000, dwSize=0x181000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.852] VirtualAlloc (lpAddress=0xc000bef000, dwSize=0xc0000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.852] VirtualAlloc (lpAddress=0xc000bef000, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.852] VirtualAlloc (lpAddress=0xc000bef000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.852] VirtualAlloc (lpAddress=0xc000bef000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.852] VirtualAlloc (lpAddress=0xc000bef000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000bef000 [0091.853] VirtualAlloc (lpAddress=0xc000bfb000, dwSize=0x2f7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.853] VirtualAlloc (lpAddress=0xc000bfb000, dwSize=0x17b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.853] VirtualAlloc (lpAddress=0xc000bfb000, dwSize=0xbd000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.853] VirtualAlloc (lpAddress=0xc000bfb000, dwSize=0x5e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.853] VirtualAlloc (lpAddress=0xc000bfb000, dwSize=0x2f000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.853] VirtualAlloc (lpAddress=0xc000bfb000, dwSize=0x17000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.853] VirtualAlloc (lpAddress=0xc000bfb000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.853] VirtualAlloc (lpAddress=0xc000bfb000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000bfb000 [0091.853] VirtualAlloc (lpAddress=0xc000c00000, dwSize=0x2f2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000c00000 [0091.863] GetFileType (hFile=0xec) returned 0x1 [0091.863] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000049818, lpReserved=0x0 | out: lpBuffer=0xc0001020a0*, lpNumberOfCharsWritten=0xc000049818*=0x3) returned 1 [0091.868] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020a6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c3818, lpReserved=0x0 | out: lpBuffer=0xc0001020a6*, lpNumberOfCharsWritten=0xc0000c3818*=0x3) returned 1 [0091.870] SetEvent (hEvent=0xb8) returned 1 [0091.870] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c1818, lpReserved=0x0 | out: lpBuffer=0xc0001020b0*, lpNumberOfCharsWritten=0xc0000c1818*=0x3) returned 1 [0091.871] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0091.963] SetEvent (hEvent=0x100) returned 1 [0091.963] SwitchToThread () returned 1 [0092.059] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0092.261] SetEvent (hEvent=0x100) returned 1 [0092.261] SetEvent (hEvent=0x12c) returned 1 [0092.261] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102070*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000113818, lpReserved=0x0 | out: lpBuffer=0xc000102070*, lpNumberOfCharsWritten=0xc000113818*=0x3) returned 1 [0092.609] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102076*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00010f818, lpReserved=0x0 | out: lpBuffer=0xc000102076*, lpNumberOfCharsWritten=0xc00010f818*=0x3) returned 1 [0092.621] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc000102080*, lpNumberOfCharsWritten=0xc000117818*=0x3) returned 1 [0092.627] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0092.633] SwitchToThread () returned 1 [0092.634] SetEvent (hEvent=0x100) returned 1 [0092.634] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0092.635] SetEvent (hEvent=0x100) returned 1 [0092.635] SetEvent (hEvent=0x13c) returned 1 [0092.635] SetEvent (hEvent=0x12c) returned 1 [0092.635] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0092.698] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0092.698] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0092.698] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0004dfcf4 | out: lpMode=0xc0004dfcf4) returned 0 [0092.704] GetFileType (hFile=0x150) returned 0x1 [0092.704] VirtualAlloc (lpAddress=0xc000134000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000134000 [0092.704] GetFileType (hFile=0x150) returned 0x1 [0092.705] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0004dfd44 | out: lpFileInformation=0xc0004dfd44) returned 1 [0092.705] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0004dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dfd28) returned 1 [0092.705] VirtualAlloc (lpAddress=0xc000136000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000136000 [0092.705] ReadFile (in: hFile=0x150, lpBuffer=0xc000136000, nNumberOfBytesToRead=0x3d6, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000136000*, lpNumberOfBytesRead=0xc0004dfc04*=0x1d6, lpOverlapped=0x0) returned 1 [0092.706] ReadFile (in: hFile=0x150, lpBuffer=0xc0001361d6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001361d6*, lpNumberOfBytesRead=0xc0004dfc04*=0x0, lpOverlapped=0x0) returned 1 [0092.706] CloseHandle (hObject=0x150) returned 1 [0092.706] VirtualAlloc (lpAddress=0xc000138000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000138000 [0092.707] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0092.707] VirtualAlloc (lpAddress=0xc00013c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013c000 [0092.708] VirtualAlloc (lpAddress=0xc00013e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013e000 [0092.708] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0092.709] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0004dfd04 | out: lpMode=0xc0004dfd04) returned 0 [0092.717] GetFileType (hFile=0x150) returned 0x1 [0092.717] WriteFile (in: hFile=0x150, lpBuffer=0xc00013e000*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0xc0004dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc00013e000*, lpNumberOfBytesWritten=0xc0004dfcec*=0x1e0, lpOverlapped=0x0) returned 1 [0092.719] CloseHandle (hObject=0x150) returned 1 [0092.722] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0092.722] VirtualAlloc (lpAddress=0xc000140000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000140000 [0092.722] VirtualAlloc (lpAddress=0xc000142000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000142000 [0092.723] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0092.723] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0092.723] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0004dfd64 | out: lpMode=0xc0004dfd64) returned 0 [0092.728] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0092.734] SetEvent (hEvent=0x120) returned 1 [0092.734] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0092.735] SetEvent (hEvent=0x120) returned 1 [0092.735] SetEvent (hEvent=0x114) returned 1 [0092.735] SetEvent (hEvent=0x100) returned 1 [0092.735] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0092.748] SetEvent (hEvent=0x120) returned 1 [0092.748] SetEvent (hEvent=0x114) returned 1 [0092.748] SetEvent (hEvent=0x100) returned 1 [0092.748] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0092.756] SetEvent (hEvent=0x120) returned 1 [0092.756] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0092.775] SetEvent (hEvent=0x13c) returned 1 [0092.775] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0093.122] SetEvent (hEvent=0x120) returned 1 [0093.122] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0093.125] SetEvent (hEvent=0xb8) returned 1 [0093.125] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0093.128] SetEvent (hEvent=0x13c) returned 1 [0093.128] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.466] SetEvent (hEvent=0x120) returned 1 [0094.466] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.468] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0094.468] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00004bcf4 | out: lpMode=0xc00004bcf4) returned 0 [0094.470] GetFileType (hFile=0x128) returned 0x1 [0094.470] GetFileType (hFile=0x128) returned 0x1 [0094.470] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00004bd44 | out: lpFileInformation=0xc00004bd44) returned 1 [0094.470] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00004bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00004bd28) returned 1 [0094.470] ReadFile (in: hFile=0x128, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x25c, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc00004bc04*=0x5c, lpOverlapped=0x0) returned 1 [0094.471] ReadFile (in: hFile=0x128, lpBuffer=0xc00003c05c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c05c*, lpNumberOfBytesRead=0xc00004bc04*=0x0, lpOverlapped=0x0) returned 1 [0094.471] CloseHandle (hObject=0x128) returned 1 [0094.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0094.473] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00004bd04 | out: lpMode=0xc00004bd04) returned 0 [0094.473] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.474] SetEvent (hEvent=0x120) returned 1 [0094.474] GetFileType (hFile=0x128) returned 0x1 [0094.475] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.494] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0094.494] WriteFile (in: hFile=0x128, lpBuffer=0xc000344060*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0xc00004bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000344060*, lpNumberOfBytesWritten=0xc00004bcec*=0x60, lpOverlapped=0x0) returned 1 [0094.495] CloseHandle (hObject=0x128) returned 1 [0094.496] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0094.496] VirtualAlloc (lpAddress=0xc0001b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b8000 [0094.497] VirtualAlloc (lpAddress=0xc0001ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ba000 [0094.497] VirtualAlloc (lpAddress=0xc0001bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001bc000 [0094.498] VirtualAlloc (lpAddress=0xc0001be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001be000 [0094.498] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0094.498] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0094.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0094.499] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00004bd64 | out: lpMode=0xc00004bd64) returned 0 [0094.508] GetFileType (hFile=0x128) returned 0x1 [0094.508] WriteFile (in: hFile=0x128, lpBuffer=0xc0001c22c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00004bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c22c0*, lpNumberOfBytesWritten=0xc00004bd4c*=0x158, lpOverlapped=0x0) returned 1 [0094.508] CloseHandle (hObject=0x128) returned 1 [0094.512] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\encry-main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\encry-main.html"), dwFlags=0x1) returned 1 [0094.513] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.514] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0094.514] SetEvent (hEvent=0xc0) returned 1 [0094.514] SetEvent (hEvent=0x13c) returned 1 [0094.514] SetEvent (hEvent=0x100) returned 1 [0094.515] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.518] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.518] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.526] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.527] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0094.527] SetEvent (hEvent=0x114) returned 1 [0094.527] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.531] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.531] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0094.532] SetEvent (hEvent=0x8c) returned 1 [0094.532] SetEvent (hEvent=0x13c) returned 1 [0094.532] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.534] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.535] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0094.535] SetEvent (hEvent=0x8c) returned 1 [0094.535] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.543] GetFileType (hFile=0xec) returned 0x1 [0094.543] WriteFile (in: hFile=0xec, lpBuffer=0xc00014c000*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0xc000113cec, lpOverlapped=0x0 | out: lpBuffer=0xc00014c000*, lpNumberOfBytesWritten=0xc000113cec*=0x2e0, lpOverlapped=0x0) returned 1 [0094.544] CloseHandle (hObject=0xec) returned 1 [0094.552] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0094.553] VirtualAlloc (lpAddress=0xc0001c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c4000 [0094.553] VirtualAlloc (lpAddress=0xc0001c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c6000 [0094.553] VirtualAlloc (lpAddress=0xc0001c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c8000 [0094.554] VirtualAlloc (lpAddress=0xc0001ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ca000 [0094.554] VirtualAlloc (lpAddress=0xc0001cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001cc000 [0094.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0094.555] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000113d64 | out: lpMode=0xc000113d64) returned 0 [0094.566] GetFileType (hFile=0xec) returned 0x1 [0094.566] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000113d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000113d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.567] CloseHandle (hObject=0xec) returned 1 [0094.569] VirtualAlloc (lpAddress=0xc0001ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ce000 [0094.569] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\encry-manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\encry-manifest.json"), dwFlags=0x1) returned 1 [0094.570] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.571] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.571] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0094.571] SetEvent (hEvent=0xc0) returned 1 [0094.571] SetEvent (hEvent=0x120) returned 1 [0094.571] SetEvent (hEvent=0x100) returned 1 [0094.571] VirtualAlloc (lpAddress=0xc0001d0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d0000 [0094.573] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.581] SetEvent (hEvent=0x100) returned 1 [0094.581] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.590] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.591] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0094.591] SetEvent (hEvent=0xc0) returned 1 [0094.591] SetEvent (hEvent=0x114) returned 1 [0094.591] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.619] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0094.619] SetEvent (hEvent=0x120) returned 1 [0094.619] SetEvent (hEvent=0x100) returned 1 [0094.619] SetEvent (hEvent=0x9c) returned 1 [0094.620] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.622] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.622] SetEvent (hEvent=0x100) returned 1 [0094.622] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.627] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.627] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.628] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.628] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0094.628] SetEvent (hEvent=0x8c) returned 1 [0094.628] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.628] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000b7818, lpReserved=0x0 | out: lpBuffer=0xc000102010*, lpNumberOfCharsWritten=0xc0000b7818*=0x3) returned 1 [0094.637] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023d818, lpReserved=0x0 | out: lpBuffer=0xc000102016*, lpNumberOfCharsWritten=0xc00023d818*=0x3) returned 1 [0094.656] VirtualAlloc (lpAddress=0xc0001d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d8000 [0094.656] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc0001020a0*, lpNumberOfCharsWritten=0xc00024d818*=0x3) returned 1 [0094.658] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.664] SetEvent (hEvent=0x9c) returned 1 [0094.664] VirtualAlloc (lpAddress=0xc0001da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001da000 [0094.664] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0094.664] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020a6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc0001020a6*, lpNumberOfCharsWritten=0xc000241818*=0x3) returned 1 [0094.667] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.674] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.677] SetEvent (hEvent=0x120) returned 1 [0094.677] SetEvent (hEvent=0x9c) returned 1 [0094.678] SetEvent (hEvent=0x8c) returned 1 [0094.678] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.682] SetEvent (hEvent=0x120) returned 1 [0094.682] SwitchToThread () returned 1 [0094.727] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.733] SetEvent (hEvent=0x8c) returned 1 [0094.733] SwitchToThread () returned 1 [0094.738] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0094.738] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0094.739] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0094.739] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0000b9cf4 | out: lpMode=0xc0000b9cf4) returned 0 [0094.742] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.746] GetFileType (hFile=0x14c) returned 0x1 [0094.746] GetFileType (hFile=0x14c) returned 0x1 [0094.746] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc0000b9d44 | out: lpFileInformation=0xc0000b9d44) returned 1 [0094.746] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc0000b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000b9d28) returned 1 [0094.746] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0094.746] ReadFile (in: hFile=0x14c, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0x308, lpNumberOfBytesRead=0xc0000b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc0000b9c04*=0x108, lpOverlapped=0x0) returned 1 [0094.748] ReadFile (in: hFile=0x14c, lpBuffer=0xc00006a108, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a108*, lpNumberOfBytesRead=0xc0000b9c04*=0x0, lpOverlapped=0x0) returned 1 [0094.748] CloseHandle (hObject=0x14c) returned 1 [0094.748] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0094.748] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0094.749] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0094.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0094.750] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0000b9d04 | out: lpMode=0xc0000b9d04) returned 0 [0094.751] GetFileType (hFile=0x14c) returned 0x1 [0094.751] WriteFile (in: hFile=0x14c, lpBuffer=0xc000070000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc0000b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesWritten=0xc0000b9cec*=0x110, lpOverlapped=0x0) returned 1 [0094.752] CloseHandle (hObject=0x14c) returned 1 [0094.754] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0094.754] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0094.754] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0094.755] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0094.756] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0094.756] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0094.756] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0000b9d64 | out: lpMode=0xc0000b9d64) returned 0 [0094.760] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.762] GetFileType (hFile=0x14c) returned 0x1 [0094.762] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0000b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.762] CloseHandle (hObject=0x14c) returned 1 [0094.763] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.764] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.770] SetEvent (hEvent=0x120) returned 1 [0094.770] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.772] SetEvent (hEvent=0x114) returned 1 [0094.772] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.775] SetEvent (hEvent=0x9c) returned 1 [0094.776] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.807] SetEvent (hEvent=0x8c) returned 1 [0094.807] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.814] SetEvent (hEvent=0x120) returned 1 [0094.814] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.864] SetEvent (hEvent=0x114) returned 1 [0094.864] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0094.864] VirtualFree (lpAddress=0xc0001e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.865] VirtualFree (lpAddress=0xc0001d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.865] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.865] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0094.865] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.866] GetFileType (hFile=0x148) returned 0x1 [0094.866] WriteFile (in: hFile=0x148, lpBuffer=0xc000144000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000255cec, lpOverlapped=0x0 | out: lpBuffer=0xc000144000*, lpNumberOfBytesWritten=0xc000255cec*=0xe0, lpOverlapped=0x0) returned 1 [0094.867] CloseHandle (hObject=0x148) returned 1 [0094.868] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0094.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0094.869] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000255d64 | out: lpMode=0xc000255d64) returned 0 [0094.875] GetFileType (hFile=0x148) returned 0x1 [0094.875] WriteFile (in: hFile=0x148, lpBuffer=0xc0000ee580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000255d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee580*, lpNumberOfBytesWritten=0xc000255d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.876] CloseHandle (hObject=0x148) returned 1 [0094.881] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.881] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0094.882] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00023dcf4 | out: lpMode=0xc00023dcf4) returned 0 [0094.890] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.891] GetFileType (hFile=0x148) returned 0x1 [0094.891] GetFileType (hFile=0x148) returned 0x1 [0094.891] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc00023dd44 | out: lpFileInformation=0xc00023dd44) returned 1 [0094.891] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc00023dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023dd28) returned 1 [0094.891] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0094.891] ReadFile (in: hFile=0x148, lpBuffer=0xc000058000, nNumberOfBytesToRead=0x2d9, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesRead=0xc00023dc04*=0xd9, lpOverlapped=0x0) returned 1 [0094.892] ReadFile (in: hFile=0x148, lpBuffer=0xc0000580d9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000580d9*, lpNumberOfBytesRead=0xc00023dc04*=0x0, lpOverlapped=0x0) returned 1 [0094.892] CloseHandle (hObject=0x148) returned 1 [0094.892] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0094.893] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0094.893] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0094.893] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0094.894] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00023dd04 | out: lpMode=0xc00023dd04) returned 0 [0094.895] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.899] GetFileType (hFile=0x148) returned 0x1 [0094.899] WriteFile (in: hFile=0x148, lpBuffer=0xc0000a2000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00023dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesWritten=0xc00023dcec*=0xe0, lpOverlapped=0x0) returned 1 [0094.900] CloseHandle (hObject=0x148) returned 1 [0094.903] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0094.903] VirtualAlloc (lpAddress=0xc0001f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f4000 [0094.904] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0094.904] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00023dd64 | out: lpMode=0xc00023dd64) returned 0 [0094.920] GetFileType (hFile=0x148) returned 0x1 [0094.920] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00023dd4c*=0x158, lpOverlapped=0x0) returned 1 [0094.920] CloseHandle (hObject=0x148) returned 1 [0094.921] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.922] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0094.922] SetEvent (hEvent=0x8c) returned 1 [0094.922] SetEvent (hEvent=0x100) returned 1 [0094.922] SetEvent (hEvent=0x13c) returned 1 [0094.922] VirtualAlloc (lpAddress=0xc0001f6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f6000 [0094.923] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.924] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.924] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.933] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.933] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0094.933] SetEvent (hEvent=0x114) returned 1 [0094.933] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.945] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.945] VirtualAlloc (lpAddress=0xc0001fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fe000 [0094.945] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0094.945] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000111cf4 | out: lpMode=0xc000111cf4) returned 0 [0094.953] GetFileType (hFile=0x148) returned 0x1 [0094.954] GetFileType (hFile=0x148) returned 0x1 [0094.954] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000111d44 | out: lpFileInformation=0xc000111d44) returned 1 [0094.954] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000111d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000111d28) returned 1 [0094.954] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0094.954] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0094.954] ReadFile (in: hFile=0x148, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x2ce, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc000111c04*=0xce, lpOverlapped=0x0) returned 1 [0094.955] ReadFile (in: hFile=0x148, lpBuffer=0xc0000a20ce, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a20ce*, lpNumberOfBytesRead=0xc000111c04*=0x0, lpOverlapped=0x0) returned 1 [0094.955] CloseHandle (hObject=0x148) returned 1 [0094.955] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0094.956] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0094.956] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0094.957] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0094.958] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000111d04 | out: lpMode=0xc000111d04) returned 0 [0094.960] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.968] SwitchToThread () returned 1 [0094.968] SetEvent (hEvent=0x114) returned 1 [0094.968] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0094.968] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc0005861a0*, lpNumberOfCharsWritten=0xc000247818*=0x3) returned 1 [0094.970] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861a6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000069818, lpReserved=0x0 | out: lpBuffer=0xc0005861a6*, lpNumberOfCharsWritten=0xc000069818*=0x3) returned 1 [0094.982] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000045818, lpReserved=0x0 | out: lpBuffer=0xc0005861b0*, lpNumberOfCharsWritten=0xc000045818*=0x3) returned 1 [0094.995] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861b6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000257818, lpReserved=0x0 | out: lpBuffer=0xc0005861b6*, lpNumberOfCharsWritten=0xc000257818*=0x3) returned 1 [0094.998] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0095.007] SetEvent (hEvent=0x100) returned 1 [0095.007] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0095.008] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010390*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000253818, lpReserved=0x0 | out: lpBuffer=0xc000010390*, lpNumberOfCharsWritten=0xc000253818*=0x3) returned 1 [0095.013] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010396*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000115818, lpReserved=0x0 | out: lpBuffer=0xc000010396*, lpNumberOfCharsWritten=0xc000115818*=0x3) returned 1 [0095.026] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0095.033] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0095.035] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00004b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc00004b818*=0x3) returned 1 [0095.040] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00010d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0016*, lpNumberOfCharsWritten=0xc00010d818*=0x3) returned 1 [0095.052] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0330*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00010f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0330*, lpNumberOfCharsWritten=0xc00010f818*=0x3) returned 1 [0095.057] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0095.061] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000047818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc000047818*=0x3) returned 1 [0095.063] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0095.074] SetEvent (hEvent=0x8c) returned 1 [0095.074] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0095.078] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.078] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.078] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.079] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.079] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.079] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.079] SetEvent (hEvent=0x114) returned 1 [0095.079] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0095.130] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0095.172] SetEvent (hEvent=0x8c) returned 1 [0095.172] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0095.271] SetEvent (hEvent=0x100) returned 1 [0095.271] SwitchToThread () returned 1 [0095.272] SetEvent (hEvent=0x9c) returned 1 [0095.273] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0095.275] SetEvent (hEvent=0x100) returned 1 [0095.275] SetEvent (hEvent=0x114) returned 1 [0095.275] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0095.275] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000067cf4 | out: lpMode=0xc000067cf4) returned 0 [0095.282] GetFileType (hFile=0x14c) returned 0x1 [0095.282] GetFileType (hFile=0x14c) returned 0x1 [0095.282] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc000067d44 | out: lpFileInformation=0xc000067d44) returned 1 [0095.282] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc000067d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000067d28) returned 1 [0095.282] ReadFile (in: hFile=0x14c, lpBuffer=0xc000152300, nNumberOfBytesToRead=0x2cf, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc000152300*, lpNumberOfBytesRead=0xc000067c04*=0xcf, lpOverlapped=0x0) returned 1 [0095.283] ReadFile (in: hFile=0x14c, lpBuffer=0xc0001523cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001523cf*, lpNumberOfBytesRead=0xc000067c04*=0x0, lpOverlapped=0x0) returned 1 [0095.283] CloseHandle (hObject=0x14c) returned 1 [0095.284] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0095.284] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0095.285] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000067d04 | out: lpMode=0xc000067d04) returned 0 [0095.302] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0095.324] GetFileType (hFile=0x14c) returned 0x1 [0095.324] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0095.331] SetEvent (hEvent=0x120) returned 1 [0095.331] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0096.200] SetEvent (hEvent=0xb8) returned 1 [0096.200] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0096.213] SetEvent (hEvent=0x8c) returned 1 [0096.213] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0096.231] SetEvent (hEvent=0x8c) returned 1 [0096.232] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0096.237] SetEvent (hEvent=0x12c) returned 1 [0096.237] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0096.245] SetEvent (hEvent=0x8c) returned 1 [0096.245] SetEvent (hEvent=0x13c) returned 1 [0096.245] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0099.347] VirtualFree (lpAddress=0xc0001f6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0099.347] VirtualFree (lpAddress=0xc0001f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.347] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.348] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.348] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.348] SetEvent (hEvent=0x100) returned 1 [0099.348] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0100.035] SetEvent (hEvent=0x15c) returned 1 [0100.035] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0100.037] SetEvent (hEvent=0x120) returned 1 [0100.037] SetEvent (hEvent=0x8c) returned 1 [0100.037] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0100.172] SetEvent (hEvent=0x8c) returned 1 [0100.172] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0100.177] SetEvent (hEvent=0x8c) returned 1 [0100.177] SetEvent (hEvent=0x13c) returned 1 [0100.177] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0100.184] SetEvent (hEvent=0x12c) returned 1 [0100.184] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x168 [0102.073] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0001bfcf4 | out: lpMode=0xc0001bfcf4) returned 0 [0102.079] GetFileType (hFile=0x168) returned 0x1 [0102.079] GetFileType (hFile=0x168) returned 0x1 [0102.079] GetFileInformationByHandle (in: hFile=0x168, lpFileInformation=0xc0001bfd44 | out: lpFileInformation=0xc0001bfd44) returned 1 [0102.079] GetFileInformationByHandleEx (in: hFile=0x168, FileInformationClass=0x9, lpFileInformation=0xc0001bfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bfd28) returned 1 [0102.079] ReadFile (in: hFile=0x168, lpBuffer=0xc0000d8000, nNumberOfBytesToRead=0x2fc, lpNumberOfBytesRead=0xc0001bfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesRead=0xc0001bfc04*=0xfc, lpOverlapped=0x0) returned 1 [0102.080] ReadFile (in: hFile=0x168, lpBuffer=0xc0000d80fc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d80fc*, lpNumberOfBytesRead=0xc0001bfc04*=0x0, lpOverlapped=0x0) returned 1 [0102.080] CloseHandle (hObject=0x168) returned 1 [0102.080] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0102.081] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0001bfd04 | out: lpMode=0xc0001bfd04) returned 0 [0102.087] GetFileType (hFile=0x168) returned 0x1 [0102.087] WriteFile (in: hFile=0x168, lpBuffer=0xc000532000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc0001bfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000532000*, lpNumberOfBytesWritten=0xc0001bfcec*=0x100, lpOverlapped=0x0) returned 1 [0102.089] CloseHandle (hObject=0x168) returned 1 [0102.089] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0102.090] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0102.090] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0001bfd64 | out: lpMode=0xc0001bfd64) returned 0 [0102.096] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.126] SetEvent (hEvent=0x114) returned 1 [0102.126] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.162] SetEvent (hEvent=0x114) returned 1 [0102.162] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0102.163] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0102.163] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0102.163] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000271cf4 | out: lpMode=0xc000271cf4) returned 0 [0102.164] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.165] GetFileType (hFile=0x170) returned 0x1 [0102.165] GetFileType (hFile=0x170) returned 0x1 [0102.165] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc000271d44 | out: lpFileInformation=0xc000271d44) returned 1 [0102.165] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc000271d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000271d28) returned 1 [0102.165] ReadFile (in: hFile=0x170, lpBuffer=0xc000294000, nNumberOfBytesToRead=0x2fe, lpNumberOfBytesRead=0xc000271c04, lpOverlapped=0x0 | out: lpBuffer=0xc000294000*, lpNumberOfBytesRead=0xc000271c04*=0xfe, lpOverlapped=0x0) returned 1 [0102.166] ReadFile (in: hFile=0x170, lpBuffer=0xc0002940fe, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000271c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002940fe*, lpNumberOfBytesRead=0xc000271c04*=0x0, lpOverlapped=0x0) returned 1 [0102.166] CloseHandle (hObject=0x170) returned 1 [0102.166] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.167] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000271d04 | out: lpMode=0xc000271d04) returned 0 [0102.167] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.172] GetFileType (hFile=0x170) returned 0x1 [0102.172] WriteFile (in: hFile=0x170, lpBuffer=0xc000532600*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc000271cec, lpOverlapped=0x0 | out: lpBuffer=0xc000532600*, lpNumberOfBytesWritten=0xc000271cec*=0x100, lpOverlapped=0x0) returned 1 [0102.173] CloseHandle (hObject=0x170) returned 1 [0102.174] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0102.174] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0102.174] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0102.174] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.175] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000271d64 | out: lpMode=0xc000271d64) returned 0 [0102.180] GetFileType (hFile=0x170) returned 0x1 [0102.181] WriteFile (in: hFile=0x170, lpBuffer=0xc0000fe000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000271d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesWritten=0xc000271d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.181] CloseHandle (hObject=0x170) returned 1 [0102.181] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ca\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.183] SetEvent (hEvent=0x100) returned 1 [0102.183] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.215] SetEvent (hEvent=0x100) returned 1 [0102.215] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.239] SetEvent (hEvent=0x114) returned 1 [0102.239] SetEvent (hEvent=0x13c) returned 1 [0102.239] SetEvent (hEvent=0x15c) returned 1 [0102.239] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.372] SetEvent (hEvent=0x114) returned 1 [0102.372] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.385] SetEvent (hEvent=0x114) returned 1 [0102.410] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.412] SetEvent (hEvent=0x15c) returned 1 [0102.412] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.416] SetEvent (hEvent=0x100) returned 1 [0102.417] SwitchToThread () returned 1 [0102.420] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.421] SetEvent (hEvent=0x114) returned 1 [0102.422] SetEvent (hEvent=0x100) returned 1 [0102.422] SetEvent (hEvent=0x13c) returned 1 [0102.422] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.444] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.450] SetEvent (hEvent=0x114) returned 1 [0102.450] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.451] SetEvent (hEvent=0x114) returned 1 [0102.451] SetEvent (hEvent=0x13c) returned 1 [0102.451] SetEvent (hEvent=0x100) returned 1 [0102.451] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.454] SetEvent (hEvent=0x114) returned 1 [0102.454] SetEvent (hEvent=0x13c) returned 1 [0102.454] SetEvent (hEvent=0x15c) returned 1 [0102.455] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.459] SetEvent (hEvent=0x114) returned 1 [0102.459] SetEvent (hEvent=0xfc) returned 1 [0102.459] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.502] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0102.526] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00014dcf4 | out: lpMode=0xc00014dcf4) returned 0 [0102.558] GetFileType (hFile=0xec) returned 0x1 [0102.558] GetFileType (hFile=0xec) returned 0x1 [0102.558] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00014dd44 | out: lpFileInformation=0xc00014dd44) returned 1 [0102.558] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00014dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014dd28) returned 1 [0102.558] ReadFile (in: hFile=0xec, lpBuffer=0xc0002ca000, nNumberOfBytesToRead=0x300, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ca000*, lpNumberOfBytesRead=0xc00014dc04*=0x100, lpOverlapped=0x0) returned 1 [0102.560] ReadFile (in: hFile=0xec, lpBuffer=0xc0002ca100, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ca100*, lpNumberOfBytesRead=0xc00014dc04*=0x0, lpOverlapped=0x0) returned 1 [0102.560] CloseHandle (hObject=0xec) returned 1 [0102.560] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0102.561] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00014dd04 | out: lpMode=0xc00014dd04) returned 0 [0102.568] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.572] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.573] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0102.574] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000209cf4 | out: lpMode=0xc000209cf4) returned 0 [0102.575] GetFileType (hFile=0x150) returned 0x1 [0102.575] GetFileType (hFile=0x150) returned 0x1 [0102.575] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000209d44 | out: lpFileInformation=0xc000209d44) returned 1 [0102.575] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000209d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000209d28) returned 1 [0102.575] ReadFile (in: hFile=0x150, lpBuffer=0xc000056000, nNumberOfBytesToRead=0x510, lpNumberOfBytesRead=0xc000209c04, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesRead=0xc000209c04*=0x310, lpOverlapped=0x0) returned 1 [0102.577] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.586] ReadFile (in: hFile=0x150, lpBuffer=0xc000056310, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000209c04, lpOverlapped=0x0 | out: lpBuffer=0xc000056310*, lpNumberOfBytesRead=0xc000209c04*=0x0, lpOverlapped=0x0) returned 1 [0102.586] CloseHandle (hObject=0x150) returned 1 [0102.586] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.591] SetEvent (hEvent=0x100) returned 1 [0102.591] SetEvent (hEvent=0x114) returned 1 [0102.592] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.592] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.592] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.592] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0102.593] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0102.593] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000035cf4 | out: lpMode=0xc000035cf4) returned 0 [0102.595] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.597] GetFileType (hFile=0x150) returned 0x1 [0102.597] GetFileType (hFile=0x150) returned 0x1 [0102.597] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000035d44 | out: lpFileInformation=0xc000035d44) returned 1 [0102.597] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000035d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000035d28) returned 1 [0102.597] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0102.597] ReadFile (in: hFile=0x150, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x2e6, lpNumberOfBytesRead=0xc000035c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc000035c04*=0xe6, lpOverlapped=0x0) returned 1 [0102.598] ReadFile (in: hFile=0x150, lpBuffer=0xc0000940e6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000035c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000940e6*, lpNumberOfBytesRead=0xc000035c04*=0x0, lpOverlapped=0x0) returned 1 [0102.598] CloseHandle (hObject=0x150) returned 1 [0102.598] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.599] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000035d04 | out: lpMode=0xc000035d04) returned 0 [0102.599] GetFileType (hFile=0x150) returned 0x1 [0102.600] WriteFile (in: hFile=0x150, lpBuffer=0xc0001263c0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000035cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001263c0*, lpNumberOfBytesWritten=0xc000035cec*=0xf0, lpOverlapped=0x0) returned 1 [0102.600] CloseHandle (hObject=0x150) returned 1 [0102.601] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0102.601] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0102.601] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.601] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000035d64 | out: lpMode=0xc000035d64) returned 0 [0102.603] GetFileType (hFile=0x150) returned 0x1 [0102.603] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000035d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000035d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.604] CloseHandle (hObject=0x150) returned 1 [0102.604] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.604] SwitchToThread () returned 1 [0102.605] SetEvent (hEvent=0x100) returned 1 [0102.605] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.606] SetEvent (hEvent=0x114) returned 1 [0102.606] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.609] SetEvent (hEvent=0x13c) returned 1 [0102.609] VirtualFree (lpAddress=0xc0002d2000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0102.609] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.609] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.610] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.610] VirtualFree (lpAddress=0xc00004e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.610] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0102.610] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0102.611] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0102.611] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0102.611] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001dbcf4 | out: lpMode=0xc0001dbcf4) returned 0 [0102.617] GetFileType (hFile=0x170) returned 0x1 [0102.617] GetFileType (hFile=0x170) returned 0x1 [0102.617] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc0001dbd44 | out: lpFileInformation=0xc0001dbd44) returned 1 [0102.617] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc0001dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001dbd28) returned 1 [0102.617] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0102.617] ReadFile (in: hFile=0x170, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0x31e, lpNumberOfBytesRead=0xc0001dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc0001dbc04*=0x11e, lpOverlapped=0x0) returned 1 [0102.619] ReadFile (in: hFile=0x170, lpBuffer=0xc00006a11e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a11e*, lpNumberOfBytesRead=0xc0001dbc04*=0x0, lpOverlapped=0x0) returned 1 [0102.619] CloseHandle (hObject=0x170) returned 1 [0102.619] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0102.619] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0102.620] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.621] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001dbd04 | out: lpMode=0xc0001dbd04) returned 0 [0102.629] GetFileType (hFile=0x170) returned 0x1 [0102.629] WriteFile (in: hFile=0x170, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc0001dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc0001dbcec*=0x120, lpOverlapped=0x0) returned 1 [0102.630] CloseHandle (hObject=0x170) returned 1 [0102.630] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0102.631] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0102.631] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0102.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.631] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001dbd64 | out: lpMode=0xc0001dbd64) returned 0 [0102.636] GetFileType (hFile=0x170) returned 0x1 [0102.636] WriteFile (in: hFile=0x170, lpBuffer=0xc00007c580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007c580*, lpNumberOfBytesWritten=0xc0001dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.636] CloseHandle (hObject=0x170) returned 1 [0102.637] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.637] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.647] SetEvent (hEvent=0x100) returned 1 [0102.647] SetEvent (hEvent=0xfc) returned 1 [0102.647] SetEvent (hEvent=0x114) returned 1 [0102.647] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.651] SetEvent (hEvent=0x100) returned 1 [0102.651] SetEvent (hEvent=0x13c) returned 1 [0102.651] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.657] SetEvent (hEvent=0x114) returned 1 [0102.657] VirtualFree (lpAddress=0xc0002e6000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0102.658] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.658] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.658] VirtualFree (lpAddress=0xc00005c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0102.658] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.659] SetEvent (hEvent=0x12c) returned 1 [0102.659] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.675] SetEvent (hEvent=0x114) returned 1 [0102.675] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.754] SetEvent (hEvent=0x13c) returned 1 [0102.754] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0102.754] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0102.755] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0102.755] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0102.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0102.756] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000207cf4 | out: lpMode=0xc000207cf4) returned 0 [0102.762] GetFileType (hFile=0x150) returned 0x1 [0102.762] GetFileType (hFile=0x150) returned 0x1 [0102.762] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000207d44 | out: lpFileInformation=0xc000207d44) returned 1 [0102.762] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000207d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000207d28) returned 1 [0102.762] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0102.763] ReadFile (in: hFile=0x150, lpBuffer=0xc00027c000, nNumberOfBytesToRead=0x4a27, lpNumberOfBytesRead=0xc000207c04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesRead=0xc000207c04*=0x4827, lpOverlapped=0x0) returned 1 [0102.768] ReadFile (in: hFile=0x150, lpBuffer=0xc000280827, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000207c04, lpOverlapped=0x0 | out: lpBuffer=0xc000280827*, lpNumberOfBytesRead=0xc000207c04*=0x0, lpOverlapped=0x0) returned 1 [0102.768] CloseHandle (hObject=0x150) returned 1 [0102.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.770] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000207d04 | out: lpMode=0xc000207d04) returned 0 [0102.775] GetFileType (hFile=0x150) returned 0x1 [0102.775] WriteFile (in: hFile=0x150, lpBuffer=0xc000280a80*, nNumberOfBytesToWrite=0x4830, lpNumberOfBytesWritten=0xc000207cec, lpOverlapped=0x0 | out: lpBuffer=0xc000280a80*, lpNumberOfBytesWritten=0xc000207cec*=0x4830, lpOverlapped=0x0) returned 1 [0102.777] CloseHandle (hObject=0x150) returned 1 [0102.777] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532801 | out: pbBuffer=0xc000532801) returned 1 [0102.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.777] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000207d64 | out: lpMode=0xc000207d64) returned 0 [0102.781] GetFileType (hFile=0x150) returned 0x1 [0102.781] WriteFile (in: hFile=0x150, lpBuffer=0xc0000f0000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000207d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesWritten=0xc000207d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.781] CloseHandle (hObject=0x150) returned 1 [0102.781] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.782] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.782] VirtualFree (lpAddress=0xc0002f4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.782] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.783] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.783] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.783] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.783] GetFileType (hFile=0xec) returned 0x1 [0102.783] WriteFile (in: hFile=0xec, lpBuffer=0xc0002d0000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc00014dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002d0000*, lpNumberOfBytesWritten=0xc00014dcec*=0x110, lpOverlapped=0x0) returned 1 [0102.784] CloseHandle (hObject=0xec) returned 1 [0102.784] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0102.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0102.785] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00014dd64 | out: lpMode=0xc00014dd64) returned 0 [0102.786] GetFileType (hFile=0xec) returned 0x1 [0102.786] WriteFile (in: hFile=0xec, lpBuffer=0xc0000f1760*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000f1760*, lpNumberOfBytesWritten=0xc00014dd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.786] CloseHandle (hObject=0xec) returned 1 [0102.786] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.787] ReadFile (in: hFile=0x148, lpBuffer=0xc000070300, nNumberOfBytesToRead=0x2e8, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000070300*, lpNumberOfBytesRead=0xc0000f7c04*=0xe8, lpOverlapped=0x0) returned 1 [0102.788] ReadFile (in: hFile=0x148, lpBuffer=0xc0000703e8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000703e8*, lpNumberOfBytesRead=0xc0000f7c04*=0x0, lpOverlapped=0x0) returned 1 [0102.788] CloseHandle (hObject=0x148) returned 1 [0102.788] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0102.789] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0000f7d04 | out: lpMode=0xc0000f7d04) returned 0 [0102.796] GetFileType (hFile=0x148) returned 0x1 [0102.796] WriteFile (in: hFile=0x148, lpBuffer=0xc00006a5a0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0000f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006a5a0*, lpNumberOfBytesWritten=0xc0000f7cec*=0xf0, lpOverlapped=0x0) returned 1 [0102.797] CloseHandle (hObject=0x148) returned 1 [0102.797] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532a01 | out: pbBuffer=0xc000532a01) returned 1 [0102.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0102.798] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0000f7d64 | out: lpMode=0xc0000f7d64) returned 0 [0102.803] GetFileType (hFile=0x148) returned 0x1 [0102.803] WriteFile (in: hFile=0x148, lpBuffer=0xc0000f1b80*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000f1b80*, lpNumberOfBytesWritten=0xc0000f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.804] CloseHandle (hObject=0x148) returned 1 [0102.804] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.805] SwitchToThread () returned 1 [0102.805] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.820] SetEvent (hEvent=0x13c) returned 1 [0102.820] SetEvent (hEvent=0x100) returned 1 [0102.820] SwitchToThread () returned 1 [0102.824] SetEvent (hEvent=0x13c) returned 1 [0102.824] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.832] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.834] SetEvent (hEvent=0x13c) returned 1 [0102.834] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.843] SetEvent (hEvent=0x13c) returned 1 [0102.843] SetEvent (hEvent=0x114) returned 1 [0102.843] SwitchToThread () returned 1 [0102.844] SetEvent (hEvent=0x13c) returned 1 [0102.845] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.847] SetEvent (hEvent=0x100) returned 1 [0102.847] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.860] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.862] SetEvent (hEvent=0x13c) returned 1 [0102.862] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.868] SetEvent (hEvent=0x13c) returned 1 [0102.868] SetEvent (hEvent=0x100) returned 1 [0102.868] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.868] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.868] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.869] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.869] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.869] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0102.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0102.870] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000201cf4 | out: lpMode=0xc000201cf4) returned 0 [0102.872] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.873] GetFileType (hFile=0x144) returned 0x1 [0102.874] GetFileType (hFile=0x144) returned 0x1 [0102.874] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000201d44 | out: lpFileInformation=0xc000201d44) returned 1 [0102.874] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000201d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000201d28) returned 1 [0102.874] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0102.874] ReadFile (in: hFile=0x144, lpBuffer=0xc00005a000, nNumberOfBytesToRead=0x2e8, lpNumberOfBytesRead=0xc000201c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesRead=0xc000201c04*=0xe8, lpOverlapped=0x0) returned 1 [0102.875] ReadFile (in: hFile=0x144, lpBuffer=0xc00005a0e8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000201c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a0e8*, lpNumberOfBytesRead=0xc000201c04*=0x0, lpOverlapped=0x0) returned 1 [0102.875] CloseHandle (hObject=0x144) returned 1 [0102.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.876] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000201d04 | out: lpMode=0xc000201d04) returned 0 [0102.881] GetFileType (hFile=0x144) returned 0x1 [0102.881] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0102.881] WriteFile (in: hFile=0x144, lpBuffer=0xc00003c1e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000201cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c1e0*, lpNumberOfBytesWritten=0xc000201cec*=0xf0, lpOverlapped=0x0) returned 1 [0102.882] CloseHandle (hObject=0x144) returned 1 [0102.882] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0102.883] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0102.883] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0102.883] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0102.883] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0102.884] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0102.884] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0102.884] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0102.885] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0102.885] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.885] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000201d64 | out: lpMode=0xc000201d64) returned 0 [0102.887] GetFileType (hFile=0x144) returned 0x1 [0102.887] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000201d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000201d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.888] CloseHandle (hObject=0x144) returned 1 [0102.888] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.889] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.890] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0102.890] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00026dcf4 | out: lpMode=0xc00026dcf4) returned 0 [0102.896] GetFileType (hFile=0x144) returned 0x1 [0102.896] GetFileType (hFile=0x144) returned 0x1 [0102.896] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc00026dd44 | out: lpFileInformation=0xc00026dd44) returned 1 [0102.896] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc00026dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026dd28) returned 1 [0102.896] ReadFile (in: hFile=0x144, lpBuffer=0xc000094300, nNumberOfBytesToRead=0x2de, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000094300*, lpNumberOfBytesRead=0xc00026dc04*=0xde, lpOverlapped=0x0) returned 1 [0102.897] ReadFile (in: hFile=0x144, lpBuffer=0xc0000943de, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000943de*, lpNumberOfBytesRead=0xc00026dc04*=0x0, lpOverlapped=0x0) returned 1 [0102.897] CloseHandle (hObject=0x144) returned 1 [0102.897] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0102.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.899] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00026dd04 | out: lpMode=0xc00026dd04) returned 0 [0102.900] GetFileType (hFile=0x144) returned 0x1 [0102.900] WriteFile (in: hFile=0x144, lpBuffer=0xc000164000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00026dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000164000*, lpNumberOfBytesWritten=0xc00026dcec*=0xe0, lpOverlapped=0x0) returned 1 [0102.901] CloseHandle (hObject=0x144) returned 1 [0102.901] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0102.901] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0102.902] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0102.902] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0102.902] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0102.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.903] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00026dd64 | out: lpMode=0xc00026dd64) returned 0 [0102.905] GetFileType (hFile=0x144) returned 0x1 [0102.905] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00026dd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.905] CloseHandle (hObject=0x144) returned 1 [0102.905] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.906] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.906] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.907] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.907] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.907] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.907] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.908] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.908] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.908] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.908] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.909] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0102.909] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000259cf4 | out: lpMode=0xc000259cf4) returned 0 [0102.913] GetFileType (hFile=0x144) returned 0x1 [0102.913] GetFileType (hFile=0x144) returned 0x1 [0102.914] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000259d44 | out: lpFileInformation=0xc000259d44) returned 1 [0102.914] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000259d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000259d28) returned 1 [0102.914] ReadFile (in: hFile=0x144, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x300, lpNumberOfBytesRead=0xc000259c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc000259c04*=0x100, lpOverlapped=0x0) returned 1 [0102.915] ReadFile (in: hFile=0x144, lpBuffer=0xc000094100, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000259c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094100*, lpNumberOfBytesRead=0xc000259c04*=0x0, lpOverlapped=0x0) returned 1 [0102.915] CloseHandle (hObject=0x144) returned 1 [0102.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.916] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000259d04 | out: lpMode=0xc000259d04) returned 0 [0102.923] GetFileType (hFile=0x144) returned 0x1 [0102.923] WriteFile (in: hFile=0x144, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000259cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc000259cec*=0x110, lpOverlapped=0x0) returned 1 [0102.924] CloseHandle (hObject=0x144) returned 1 [0102.924] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0102.924] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.924] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000259d64 | out: lpMode=0xc000259d64) returned 0 [0102.932] GetFileType (hFile=0x144) returned 0x1 [0102.932] WriteFile (in: hFile=0x144, lpBuffer=0xc0000dc580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000259d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc580*, lpNumberOfBytesWritten=0xc000259d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.932] CloseHandle (hObject=0x144) returned 1 [0102.932] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.933] SwitchToThread () returned 1 [0102.943] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.956] SetEvent (hEvent=0x13c) returned 1 [0102.956] SetEvent (hEvent=0x15c) returned 1 [0102.956] SwitchToThread () returned 1 [0102.957] SetEvent (hEvent=0x13c) returned 1 [0102.957] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0102.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0102.969] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0000c3cf4 | out: lpMode=0xc0000c3cf4) returned 0 [0102.976] GetFileType (hFile=0x148) returned 0x1 [0102.976] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0102.977] GetFileType (hFile=0x148) returned 0x1 [0102.977] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc0000c3d44 | out: lpFileInformation=0xc0000c3d44) returned 1 [0102.977] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc0000c3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c3d28) returned 1 [0102.977] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0102.977] VirtualAlloc (lpAddress=0xc000160000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0102.978] ReadFile (in: hFile=0x148, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x4d63, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc0000c3c04*=0x4b63, lpOverlapped=0x0) returned 1 [0102.988] ReadFile (in: hFile=0x148, lpBuffer=0xc000164b63, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000164b63*, lpNumberOfBytesRead=0xc0000c3c04*=0x0, lpOverlapped=0x0) returned 1 [0102.988] CloseHandle (hObject=0x148) returned 1 [0102.988] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0102.988] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0102.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0102.990] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0000c3d04 | out: lpMode=0xc0000c3d04) returned 0 [0102.997] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.007] GetFileType (hFile=0x148) returned 0x1 [0103.007] WriteFile (in: hFile=0x148, lpBuffer=0xc000165000*, nNumberOfBytesToWrite=0x4b70, lpNumberOfBytesWritten=0xc0000c3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000165000*, lpNumberOfBytesWritten=0xc0000c3cec*=0x4b70, lpOverlapped=0x0) returned 1 [0103.008] CloseHandle (hObject=0x148) returned 1 [0103.009] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0103.009] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0103.009] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0103.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.010] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0000c3d64 | out: lpMode=0xc0000c3d64) returned 0 [0103.013] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.017] GetFileType (hFile=0x148) returned 0x1 [0103.017] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.023] WriteFile (in: hFile=0x148, lpBuffer=0xc0000dc000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesWritten=0xc0000c3d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.023] CloseHandle (hObject=0x148) returned 1 [0103.025] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.026] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.027] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0103.027] SetEvent (hEvent=0xfc) returned 1 [0103.027] SetEvent (hEvent=0x9c) returned 1 [0103.027] SetEvent (hEvent=0x12c) returned 1 [0103.028] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.035] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.035] SetEvent (hEvent=0x12c) returned 1 [0103.035] SetEvent (hEvent=0xb8) returned 1 [0103.036] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.037] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.038] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0103.038] SetEvent (hEvent=0x15c) returned 1 [0103.038] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.039] SetEvent (hEvent=0x100) returned 1 [0103.039] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.044] VirtualFree (lpAddress=0xc00020a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0103.044] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.045] VirtualFree (lpAddress=0xc000160000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0103.045] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.045] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.046] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.046] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.046] VirtualFree (lpAddress=0xc00006a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0103.047] VirtualFree (lpAddress=0xc00005a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.047] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0103.047] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0103.048] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0103.048] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0103.049] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000b9cf4 | out: lpMode=0xc0000b9cf4) returned 0 [0103.061] GetFileType (hFile=0x128) returned 0x1 [0103.061] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0103.062] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0103.062] GetFileType (hFile=0x128) returned 0x1 [0103.062] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0000b9d44 | out: lpFileInformation=0xc0000b9d44) returned 1 [0103.062] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0000b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000b9d28) returned 1 [0103.062] VirtualAlloc (lpAddress=0xc0002a0000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a0000 [0103.064] ReadFile (in: hFile=0x128, lpBuffer=0xc0002a0000, nNumberOfBytesToRead=0x4179, lpNumberOfBytesRead=0xc0000b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a0000*, lpNumberOfBytesRead=0xc0000b9c04*=0x3f79, lpOverlapped=0x0) returned 1 [0103.079] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.086] ReadFile (in: hFile=0x128, lpBuffer=0xc0002a3f79, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a3f79*, lpNumberOfBytesRead=0xc0000b9c04*=0x0, lpOverlapped=0x0) returned 1 [0103.086] CloseHandle (hObject=0x128) returned 1 [0103.086] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0103.086] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0103.087] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0103.087] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0103.088] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0103.089] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000b9d04 | out: lpMode=0xc0000b9d04) returned 0 [0103.091] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.094] SetEvent (hEvent=0x9c) returned 1 [0103.094] GetFileType (hFile=0x128) returned 0x1 [0103.094] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.101] SetEvent (hEvent=0x13c) returned 1 [0103.101] WriteFile (in: hFile=0x128, lpBuffer=0xc00006a000*, nNumberOfBytesToWrite=0x3f80, lpNumberOfBytesWritten=0xc0000b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesWritten=0xc0000b9cec*=0x3f80, lpOverlapped=0x0) returned 1 [0103.102] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.111] CloseHandle (hObject=0x128) returned 1 [0103.111] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0103.111] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0103.112] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0103.112] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0103.112] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000b9d64 | out: lpMode=0xc0000b9d64) returned 0 [0103.115] GetFileType (hFile=0x128) returned 0x1 [0103.115] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0000b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.116] CloseHandle (hObject=0x128) returned 1 [0103.116] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.117] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.127] SwitchToThread () returned 1 [0103.129] SetEvent (hEvent=0x13c) returned 1 [0103.129] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.132] SetEvent (hEvent=0x9c) returned 1 [0103.132] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.134] SwitchToThread () returned 1 [0103.140] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.149] SetEvent (hEvent=0x13c) returned 1 [0103.149] SetEvent (hEvent=0xb8) returned 1 [0103.149] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0103.150] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0103.150] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834608b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83462fc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.150] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834608b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83462fc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.151] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83462fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.151] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.151] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.151] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83462fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f4c)) returned 1 [0103.151] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83467de0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8346cc00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8346cc00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.151] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.151] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83467de0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8346cc00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8346cc00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.152] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83467de0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8346cc00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8346cc00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.152] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8346cc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83471a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4082, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.152] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.152] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.152] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8346cc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83471a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4082)) returned 1 [0103.156] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.174] SetEvent (hEvent=0x100) returned 1 [0103.174] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.211] SetEvent (hEvent=0x100) returned 1 [0103.211] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.241] SetEvent (hEvent=0x13c) returned 1 [0103.241] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0103.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0103.242] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001d1cf4 | out: lpMode=0xc0001d1cf4) returned 0 [0103.245] GetFileType (hFile=0x144) returned 0x1 [0103.245] GetFileType (hFile=0x144) returned 0x1 [0103.245] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0001d1d44 | out: lpFileInformation=0xc0001d1d44) returned 1 [0103.246] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0001d1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d1d28) returned 1 [0103.246] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0103.247] ReadFile (in: hFile=0x144, lpBuffer=0xc00027c000, nNumberOfBytesToRead=0x52f7, lpNumberOfBytesRead=0xc0001d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesRead=0xc0001d1c04*=0x50f7, lpOverlapped=0x0) returned 1 [0103.330] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.331] SetEvent (hEvent=0xc0) returned 1 [0103.331] SetEvent (hEvent=0x13c) returned 1 [0103.331] ReadFile (in: hFile=0x144, lpBuffer=0xc0002810f7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002810f7*, lpNumberOfBytesRead=0xc0001d1c04*=0x0, lpOverlapped=0x0) returned 1 [0103.331] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.334] CloseHandle (hObject=0x144) returned 1 [0103.335] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.340] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0103.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.342] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0001d1d04 | out: lpMode=0xc0001d1d04) returned 0 [0103.344] GetFileType (hFile=0x148) returned 0x1 [0103.344] WriteFile (in: hFile=0x148, lpBuffer=0xc000281500*, nNumberOfBytesToWrite=0x5100, lpNumberOfBytesWritten=0xc0001d1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000281500*, lpNumberOfBytesWritten=0xc0001d1cec*=0x5100, lpOverlapped=0x0) returned 1 [0103.345] CloseHandle (hObject=0x148) returned 1 [0103.345] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0103.345] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0103.346] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0103.346] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.346] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0001d1d64 | out: lpMode=0xc0001d1d64) returned 0 [0103.348] GetFileType (hFile=0x148) returned 0x1 [0103.348] WriteFile (in: hFile=0x148, lpBuffer=0xc0001de420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001de420*, lpNumberOfBytesWritten=0xc0001d1d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.348] CloseHandle (hObject=0x148) returned 1 [0103.348] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.349] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102618*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a1818, lpReserved=0x0 | out: lpBuffer=0xc000102618*, lpNumberOfCharsWritten=0xc0001a1818*=0x3) returned 1 [0103.352] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.356] SetEvent (hEvent=0xfc) returned 1 [0103.356] SetEvent (hEvent=0x15c) returned 1 [0103.356] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102620*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a7818, lpReserved=0x0 | out: lpBuffer=0xc000102620*, lpNumberOfCharsWritten=0xc0001a7818*=0x3) returned 1 [0103.357] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.365] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586330*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00022f818, lpReserved=0x0 | out: lpBuffer=0xc000586330*, lpNumberOfCharsWritten=0xc00022f818*=0x3) returned 1 [0103.376] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586336*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012f818, lpReserved=0x0 | out: lpBuffer=0xc000586336*, lpNumberOfCharsWritten=0xc00012f818*=0x3) returned 1 [0103.385] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.403] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0660*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000185818, lpReserved=0x0 | out: lpBuffer=0xc0000a0660*, lpNumberOfCharsWritten=0xc000185818*=0x3) returned 1 [0103.408] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0103.409] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0666*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00010f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0666*, lpNumberOfCharsWritten=0xc00010f818*=0x3) returned 1 [0103.411] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0670*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00022b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0670*, lpNumberOfCharsWritten=0xc00022b818*=0x3) returned 1 [0103.412] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0676*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cf818, lpReserved=0x0 | out: lpBuffer=0xc0000a0676*, lpNumberOfCharsWritten=0xc0001cf818*=0x3) returned 1 [0103.416] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0680*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000069818, lpReserved=0x0 | out: lpBuffer=0xc0000a0680*, lpNumberOfCharsWritten=0xc000069818*=0x3) returned 1 [0103.420] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.437] SetEvent (hEvent=0x15c) returned 1 [0103.437] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.451] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0103.451] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0103.452] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0103.452] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0103.452] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x194 [0103.453] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc00022bcf4 | out: lpMode=0xc00022bcf4) returned 0 [0103.459] GetFileType (hFile=0x194) returned 0x1 [0103.459] GetFileType (hFile=0x194) returned 0x1 [0103.459] GetFileInformationByHandle (in: hFile=0x194, lpFileInformation=0xc00022bd44 | out: lpFileInformation=0xc00022bd44) returned 1 [0103.459] GetFileInformationByHandleEx (in: hFile=0x194, FileInformationClass=0x9, lpFileInformation=0xc00022bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022bd28) returned 1 [0103.459] ReadFile (in: hFile=0x194, lpBuffer=0xc00028c000, nNumberOfBytesToRead=0x43bf, lpNumberOfBytesRead=0xc00022bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesRead=0xc00022bc04*=0x41bf, lpOverlapped=0x0) returned 1 [0103.474] ReadFile (in: hFile=0x194, lpBuffer=0xc0002901bf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002901bf*, lpNumberOfBytesRead=0xc00022bc04*=0x0, lpOverlapped=0x0) returned 1 [0103.474] CloseHandle (hObject=0x194) returned 1 [0103.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0103.475] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc00022bd04 | out: lpMode=0xc00022bd04) returned 0 [0103.490] GetFileType (hFile=0x194) returned 0x1 [0103.490] WriteFile (in: hFile=0x194, lpBuffer=0xc000299800*, nNumberOfBytesToWrite=0x41c0, lpNumberOfBytesWritten=0xc00022bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000299800*, lpNumberOfBytesWritten=0xc00022bcec*=0x41c0, lpOverlapped=0x0) returned 1 [0103.491] CloseHandle (hObject=0x194) returned 1 [0103.491] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532801 | out: pbBuffer=0xc000532801) returned 1 [0103.491] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0103.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0103.492] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc00022bd64 | out: lpMode=0xc00022bd64) returned 0 [0103.499] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.528] SetEvent (hEvent=0x100) returned 1 [0103.528] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.534] SetEvent (hEvent=0x164) returned 1 [0103.535] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.590] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0103.591] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00010fcf4 | out: lpMode=0xc00010fcf4) returned 0 [0103.598] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.607] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.608] SetEvent (hEvent=0x100) returned 1 [0103.608] SetEvent (hEvent=0x114) returned 1 [0103.608] SetEvent (hEvent=0xfc) returned 1 [0103.608] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.619] SetEvent (hEvent=0x114) returned 1 [0103.619] SetEvent (hEvent=0xb8) returned 1 [0103.619] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.721] SetEvent (hEvent=0xfc) returned 1 [0103.721] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.736] SetEvent (hEvent=0xfc) returned 1 [0103.736] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0103.736] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0103.736] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0103.737] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000283cf4 | out: lpMode=0xc000283cf4) returned 0 [0103.745] GetFileType (hFile=0x128) returned 0x1 [0103.745] GetFileType (hFile=0x128) returned 0x1 [0103.745] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000283d44 | out: lpFileInformation=0xc000283d44) returned 1 [0103.745] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000283d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000283d28) returned 1 [0103.745] VirtualAlloc (lpAddress=0xc000306000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000306000 [0103.746] ReadFile (in: hFile=0x128, lpBuffer=0xc000306000, nNumberOfBytesToRead=0x4af1, lpNumberOfBytesRead=0xc000283c04, lpOverlapped=0x0 | out: lpBuffer=0xc000306000*, lpNumberOfBytesRead=0xc000283c04*=0x48f1, lpOverlapped=0x0) returned 1 [0103.758] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.761] SetEvent (hEvent=0xfc) returned 1 [0103.761] ReadFile (in: hFile=0x128, lpBuffer=0xc00030a8f1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000283c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030a8f1*, lpNumberOfBytesRead=0xc000283c04*=0x0, lpOverlapped=0x0) returned 1 [0103.761] CloseHandle (hObject=0x128) returned 1 [0103.761] VirtualAlloc (lpAddress=0xc000310000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000310000 [0103.762] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0103.766] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000283d04 | out: lpMode=0xc000283d04) returned 0 [0103.766] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.774] GetFileType (hFile=0x128) returned 0x1 [0103.774] WriteFile (in: hFile=0x128, lpBuffer=0xc000310000*, nNumberOfBytesToWrite=0x4900, lpNumberOfBytesWritten=0xc000283cec, lpOverlapped=0x0 | out: lpBuffer=0xc000310000*, lpNumberOfBytesWritten=0xc000283cec*=0x4900, lpOverlapped=0x0) returned 1 [0103.775] CloseHandle (hObject=0x128) returned 1 [0103.775] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0103.775] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0103.776] VirtualAlloc (lpAddress=0xc00029c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029c000 [0103.776] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0103.777] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000283d64 | out: lpMode=0xc000283d64) returned 0 [0103.780] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.784] GetFileType (hFile=0x128) returned 0x1 [0103.784] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000283d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc000283d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.784] CloseHandle (hObject=0x128) returned 1 [0103.784] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.785] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.815] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0103.815] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0103.815] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0103.816] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0103.816] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000211cf4 | out: lpMode=0xc000211cf4) returned 0 [0103.823] GetFileType (hFile=0x150) returned 0x1 [0103.824] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0103.824] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0103.824] GetFileType (hFile=0x150) returned 0x1 [0103.824] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000211d44 | out: lpFileInformation=0xc000211d44) returned 1 [0103.824] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000211d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000211d28) returned 1 [0103.825] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0103.825] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0103.826] ReadFile (in: hFile=0x150, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xaa9c, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc000211c04*=0xa89c, lpOverlapped=0x0) returned 1 [0103.834] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.850] SetEvent (hEvent=0xf4) returned 1 [0103.851] ReadFile (in: hFile=0x150, lpBuffer=0xc00021c89c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021c89c*, lpNumberOfBytesRead=0xc000211c04*=0x0, lpOverlapped=0x0) returned 1 [0103.851] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.856] CloseHandle (hObject=0x150) returned 1 [0103.856] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0103.857] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0103.858] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0103.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0103.859] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000211d04 | out: lpMode=0xc000211d04) returned 0 [0103.865] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.868] GetFileType (hFile=0x150) returned 0x1 [0103.868] WriteFile (in: hFile=0x150, lpBuffer=0xc00028c000*, nNumberOfBytesToWrite=0xa8a0, lpNumberOfBytesWritten=0xc000211cec, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesWritten=0xc000211cec*=0xa8a0, lpOverlapped=0x0) returned 1 [0103.870] CloseHandle (hObject=0x150) returned 1 [0103.870] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0103.870] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0103.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0103.871] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000211d64 | out: lpMode=0xc000211d64) returned 0 [0103.875] GetFileType (hFile=0x150) returned 0x1 [0103.875] WriteFile (in: hFile=0x150, lpBuffer=0xc0002b46e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000211d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002b46e0*, lpNumberOfBytesWritten=0xc000211d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.876] CloseHandle (hObject=0x150) returned 1 [0103.876] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0103.876] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0103.876] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-background_script.js"), dwFlags=0x1) returned 1 [0103.878] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0103.887] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0103.888] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0103.888] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000203cf4 | out: lpMode=0xc000203cf4) returned 0 [0103.894] GetFileType (hFile=0x180) returned 0x1 [0103.894] GetFileType (hFile=0x180) returned 0x1 [0103.895] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc000203d44 | out: lpFileInformation=0xc000203d44) returned 1 [0103.895] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc000203d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000203d28) returned 1 [0103.895] VirtualAlloc (lpAddress=0xc000382000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000382000 [0103.896] ReadFile (in: hFile=0x180, lpBuffer=0xc000382000, nNumberOfBytesToRead=0x4bc1, lpNumberOfBytesRead=0xc000203c04, lpOverlapped=0x0 | out: lpBuffer=0xc000382000*, lpNumberOfBytesRead=0xc000203c04*=0x49c1, lpOverlapped=0x0) returned 1 [0104.040] ReadFile (in: hFile=0x180, lpBuffer=0xc0003869c1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000203c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003869c1*, lpNumberOfBytesRead=0xc000203c04*=0x0, lpOverlapped=0x0) returned 1 [0104.040] CloseHandle (hObject=0x180) returned 1 [0104.041] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0104.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0104.043] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000203d04 | out: lpMode=0xc000203d04) returned 0 [0104.056] GetFileType (hFile=0x180) returned 0x1 [0104.057] WriteFile (in: hFile=0x180, lpBuffer=0xc00028c000*, nNumberOfBytesToWrite=0x49d0, lpNumberOfBytesWritten=0xc000203cec, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesWritten=0xc000203cec*=0x49d0, lpOverlapped=0x0) returned 1 [0104.058] CloseHandle (hObject=0x180) returned 1 [0104.058] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532601 | out: pbBuffer=0xc000532601) returned 1 [0104.058] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0104.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0104.059] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000203d64 | out: lpMode=0xc000203d64) returned 0 [0104.067] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.072] SetEvent (hEvent=0xf4) returned 1 [0104.072] GetFileType (hFile=0x180) returned 0x1 [0104.072] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.075] WriteFile (in: hFile=0x180, lpBuffer=0xc00003d1e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000203d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00003d1e0*, lpNumberOfBytesWritten=0xc000203d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.075] CloseHandle (hObject=0x180) returned 1 [0104.075] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\encry-messages.json"), dwFlags=0x1) returned 1 [0104.076] SwitchToThread () returned 1 [0104.079] SetEvent (hEvent=0xf4) returned 1 [0104.080] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.105] SetEvent (hEvent=0xf4) returned 1 [0104.105] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0104.106] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000219cf4 | out: lpMode=0xc000219cf4) returned 0 [0104.112] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.112] GetFileType (hFile=0xec) returned 0x1 [0104.113] GetFileType (hFile=0xec) returned 0x1 [0104.113] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000219d44 | out: lpFileInformation=0xc000219d44) returned 1 [0104.113] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000219d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000219d28) returned 1 [0104.113] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0104.113] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0104.115] ReadFile (in: hFile=0xec, lpBuffer=0xc00028c000, nNumberOfBytesToRead=0xd017, lpNumberOfBytesRead=0xc000219c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesRead=0xc000219c04*=0xce17, lpOverlapped=0x0) returned 1 [0104.127] ReadFile (in: hFile=0xec, lpBuffer=0xc000298e17, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000219c04, lpOverlapped=0x0 | out: lpBuffer=0xc000298e17*, lpNumberOfBytesRead=0xc000219c04*=0x0, lpOverlapped=0x0) returned 1 [0104.127] CloseHandle (hObject=0xec) returned 1 [0104.127] SwitchToThread () returned 1 [0104.129] VirtualAlloc (lpAddress=0xc0002b0000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b0000 [0104.130] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0104.132] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000219d04 | out: lpMode=0xc000219d04) returned 0 [0104.136] GetFileType (hFile=0x150) returned 0x1 [0104.136] WriteFile (in: hFile=0x150, lpBuffer=0xc0002b0000*, nNumberOfBytesToWrite=0xce20, lpNumberOfBytesWritten=0xc000219cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b0000*, lpNumberOfBytesWritten=0xc000219cec*=0xce20, lpOverlapped=0x0) returned 1 [0104.138] CloseHandle (hObject=0x150) returned 1 [0104.138] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0104.139] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0104.139] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0104.139] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000219d64 | out: lpMode=0xc000219d64) returned 0 [0104.147] GetFileType (hFile=0x150) returned 0x1 [0104.147] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000219d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc000219d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.147] CloseHandle (hObject=0x150) returned 1 [0104.147] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-cast_sender.js"), dwFlags=0x1) returned 1 [0104.148] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.149] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0104.149] SetEvent (hEvent=0xc0) returned 1 [0104.149] SetEvent (hEvent=0xb8) returned 1 [0104.149] SetEvent (hEvent=0x114) returned 1 [0104.150] SetEvent (hEvent=0x15c) returned 1 [0104.151] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.157] SetEvent (hEvent=0x13c) returned 1 [0104.157] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.248] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.250] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0104.250] SetEvent (hEvent=0xc0) returned 1 [0104.250] SetEvent (hEvent=0x9c) returned 1 [0104.250] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.281] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00011b818, lpReserved=0x0 | out: lpBuffer=0xc0005862c0*, lpNumberOfCharsWritten=0xc00011b818*=0x3) returned 1 [0104.295] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.302] SetEvent (hEvent=0x13c) returned 1 [0104.302] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862c6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012d818, lpReserved=0x0 | out: lpBuffer=0xc0005862c6*, lpNumberOfCharsWritten=0xc00012d818*=0x3) returned 1 [0104.311] SetEvent (hEvent=0x13c) returned 1 [0104.311] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0104.311] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0104.312] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586320*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006df818, lpReserved=0x0 | out: lpBuffer=0xc000586320*, lpNumberOfCharsWritten=0xc0006df818*=0x3) returned 1 [0104.313] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.325] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102190*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001ef818, lpReserved=0x0 | out: lpBuffer=0xc000102190*, lpNumberOfCharsWritten=0xc0001ef818*=0x3) returned 1 [0104.340] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.342] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863e0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc0005863e0*, lpNumberOfCharsWritten=0xc000241818*=0x3) returned 1 [0104.343] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102196*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001ed818, lpReserved=0x0 | out: lpBuffer=0xc000102196*, lpNumberOfCharsWritten=0xc0001ed818*=0x3) returned 1 [0104.344] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102170*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000257818, lpReserved=0x0 | out: lpBuffer=0xc000102170*, lpNumberOfCharsWritten=0xc000257818*=0x3) returned 1 [0104.353] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102176*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001af818, lpReserved=0x0 | out: lpBuffer=0xc000102176*, lpNumberOfCharsWritten=0xc0001af818*=0x3) returned 1 [0104.359] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000249818, lpReserved=0x0 | out: lpBuffer=0xc0001021a0*, lpNumberOfCharsWritten=0xc000249818*=0x3) returned 1 [0104.365] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021a6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b7818, lpReserved=0x0 | out: lpBuffer=0xc0001021a6*, lpNumberOfCharsWritten=0xc0001b7818*=0x3) returned 1 [0104.366] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.376] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586410*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000129818, lpReserved=0x0 | out: lpBuffer=0xc000586410*, lpNumberOfCharsWritten=0xc000129818*=0x3) returned 1 [0104.398] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586416*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000149818, lpReserved=0x0 | out: lpBuffer=0xc000586416*, lpNumberOfCharsWritten=0xc000149818*=0x3) returned 1 [0104.422] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.429] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023f818, lpReserved=0x0 | out: lpBuffer=0xc000102010*, lpNumberOfCharsWritten=0xc00023f818*=0x3) returned 1 [0104.436] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.443] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586328*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000143818, lpReserved=0x0 | out: lpBuffer=0xc000586328*, lpNumberOfCharsWritten=0xc000143818*=0x3) returned 1 [0104.461] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000115818, lpReserved=0x0 | out: lpBuffer=0xc0005863b0*, lpNumberOfCharsWritten=0xc000115818*=0x3) returned 1 [0104.462] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.480] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015b818, lpReserved=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfCharsWritten=0xc00015b818*=0x3) returned 1 [0104.483] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.511] SetEvent (hEvent=0xf4) returned 1 [0104.511] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x168 [0104.516] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000067cf4 | out: lpMode=0xc000067cf4) returned 0 [0104.518] GetFileType (hFile=0x168) returned 0x1 [0104.518] GetFileType (hFile=0x168) returned 0x1 [0104.518] GetFileInformationByHandle (in: hFile=0x168, lpFileInformation=0xc000067d44 | out: lpFileInformation=0xc000067d44) returned 1 [0104.518] GetFileInformationByHandleEx (in: hFile=0x168, FileInformationClass=0x9, lpFileInformation=0xc000067d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000067d28) returned 1 [0104.518] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0104.519] ReadFile (in: hFile=0x168, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0xb41, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc000067c04*=0x941, lpOverlapped=0x0) returned 1 [0104.522] ReadFile (in: hFile=0x168, lpBuffer=0xc0001e2941, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2941*, lpNumberOfBytesRead=0xc000067c04*=0x0, lpOverlapped=0x0) returned 1 [0104.522] CloseHandle (hObject=0x168) returned 1 [0104.522] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0104.523] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0104.523] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0104.524] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0104.525] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000067d04 | out: lpMode=0xc000067d04) returned 0 [0104.531] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.577] GetFileType (hFile=0x168) returned 0x1 [0104.577] WriteFile (in: hFile=0x168, lpBuffer=0xc00013a000*, nNumberOfBytesToWrite=0x950, lpNumberOfBytesWritten=0xc000067cec, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesWritten=0xc000067cec*=0x950, lpOverlapped=0x0) returned 1 [0104.581] CloseHandle (hObject=0x168) returned 1 [0104.581] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0104.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0104.582] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000067d64 | out: lpMode=0xc000067d64) returned 0 [0104.585] GetFileType (hFile=0x168) returned 0x1 [0104.585] VirtualAlloc (lpAddress=0xc000302000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000302000 [0104.585] WriteFile (in: hFile=0x168, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000067d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc000067d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.586] CloseHandle (hObject=0x168) returned 1 [0104.586] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_webrtc.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-mirroring_webrtc.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-mirroring_webrtc.js"), dwFlags=0x1) returned 1 [0104.587] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.588] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0104.588] SetEvent (hEvent=0xc0) returned 1 [0104.588] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00053ea80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x168 [0104.589] CloseHandle (hObject=0x168) returned 1 [0104.589] SetEvent (hEvent=0x8c) returned 1 [0104.589] SetEvent (hEvent=0x198) returned 1 [0104.590] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.596] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.637] SetEvent (hEvent=0x13c) returned 1 [0104.637] SetEvent (hEvent=0x198) returned 1 [0104.637] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.643] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.645] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.645] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0104.645] SetEvent (hEvent=0x120) returned 1 [0104.645] SetEvent (hEvent=0xf4) returned 1 [0104.645] SetEvent (hEvent=0x1d0) returned 1 [0104.645] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.663] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0104.663] SetEvent (hEvent=0x15c) returned 1 [0104.663] SetEvent (hEvent=0xf4) returned 1 [0104.664] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.667] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.667] SetEvent (hEvent=0xf4) returned 1 [0104.667] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.671] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.671] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.672] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0104.672] SetEvent (hEvent=0xc0) returned 1 [0104.672] SetEvent (hEvent=0xb8) returned 1 [0104.672] SetEvent (hEvent=0xf4) returned 1 [0104.672] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.676] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.676] VirtualAlloc (lpAddress=0xc000304000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000304000 [0104.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0104.677] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000133cf4 | out: lpMode=0xc000133cf4) returned 0 [0104.682] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.702] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.702] SetEvent (hEvent=0x1d0) returned 1 [0104.702] SetEvent (hEvent=0xb8) returned 1 [0104.703] SetEvent (hEvent=0x120) returned 1 [0104.703] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.713] SetEvent (hEvent=0xf4) returned 1 [0104.713] VirtualFree (lpAddress=0xc00047a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0104.714] VirtualFree (lpAddress=0xc000304000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.714] VirtualFree (lpAddress=0xc00025a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.714] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.714] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.714] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.715] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.715] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.715] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.715] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.716] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.716] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.716] SetEvent (hEvent=0x114) returned 1 [0104.716] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.721] SetEvent (hEvent=0x120) returned 1 [0104.721] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.806] SetEvent (hEvent=0xf4) returned 1 [0104.807] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.809] SetEvent (hEvent=0xfc) returned 1 [0104.810] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.818] SetEvent (hEvent=0x164) returned 1 [0104.818] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.830] SetEvent (hEvent=0x164) returned 1 [0104.830] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.850] SetEvent (hEvent=0xf4) returned 1 [0104.850] SetEvent (hEvent=0xfc) returned 1 [0104.850] SetEvent (hEvent=0x9c) returned 1 [0104.850] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.878] SetEvent (hEvent=0xf4) returned 1 [0104.878] SetEvent (hEvent=0xfc) returned 1 [0104.879] SetEvent (hEvent=0x164) returned 1 [0104.879] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.885] SetEvent (hEvent=0xf4) returned 1 [0104.885] SwitchToThread () returned 1 [0104.887] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.892] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.894] SetEvent (hEvent=0xf4) returned 1 [0104.894] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.894] SetEvent (hEvent=0xf4) returned 1 [0104.894] SetEvent (hEvent=0x164) returned 1 [0104.895] SetEvent (hEvent=0xb8) returned 1 [0104.895] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.903] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0104.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0104.904] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00019dcf4 | out: lpMode=0xc00019dcf4) returned 0 [0104.907] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.910] GetFileType (hFile=0x148) returned 0x1 [0104.910] GetFileType (hFile=0x148) returned 0x1 [0104.910] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc00019dd44 | out: lpFileInformation=0xc00019dd44) returned 1 [0104.910] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc00019dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00019dd28) returned 1 [0104.910] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0104.910] ReadFile (in: hFile=0x148, lpBuffer=0xc00016c000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00019dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c000*, lpNumberOfBytesRead=0xc00019dc04*=0x0, lpOverlapped=0x0) returned 1 [0104.911] CloseHandle (hObject=0x148) returned 1 [0104.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0104.911] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00019dd04 | out: lpMode=0xc00019dd04) returned 0 [0104.912] GetFileType (hFile=0x148) returned 0x1 [0104.912] WriteFile (in: hFile=0x148, lpBuffer=0xc000010250*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc00019dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000010250*, lpNumberOfBytesWritten=0xc00019dcec*=0x10, lpOverlapped=0x0) returned 1 [0104.914] CloseHandle (hObject=0x148) returned 1 [0104.914] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0104.914] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0104.914] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0104.915] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0104.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0104.916] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00019dd64 | out: lpMode=0xc00019dd64) returned 0 [0104.917] GetFileType (hFile=0x148) returned 0x1 [0104.917] WriteFile (in: hFile=0x148, lpBuffer=0xc0000fa420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00019dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa420*, lpNumberOfBytesWritten=0xc00019dd4c*=0x158, lpOverlapped=0x0) returned 1 [0104.917] CloseHandle (hObject=0x148) returned 1 [0104.917] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Login Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-login data-journal"), dwFlags=0x1) returned 1 [0104.918] VirtualFree (lpAddress=0xc0003f0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.918] VirtualFree (lpAddress=0xc000320000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0104.919] VirtualFree (lpAddress=0xc0002da000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0104.919] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0104.920] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0104.920] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0104.921] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000255cf4 | out: lpMode=0xc000255cf4) returned 0 [0104.926] GetFileType (hFile=0x148) returned 0x1 [0104.926] GetFileType (hFile=0x148) returned 0x1 [0104.926] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000255d44 | out: lpFileInformation=0xc000255d44) returned 1 [0104.926] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000255d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000255d28) returned 1 [0104.926] ReadFile (in: hFile=0x148, lpBuffer=0xc00016c200, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000255c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c200*, lpNumberOfBytesRead=0xc000255c04*=0x0, lpOverlapped=0x0) returned 1 [0104.926] CloseHandle (hObject=0x148) returned 1 [0104.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor-journal"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0104.926] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000255d04 | out: lpMode=0xc000255d04) returned 0 [0104.927] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.931] SetEvent (hEvent=0xc0) returned 1 [0104.931] SetEvent (hEvent=0xf4) returned 1 [0104.931] GetFileType (hFile=0x148) returned 0x1 [0104.931] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.939] WriteFile (in: hFile=0x148, lpBuffer=0xc0001021c0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000255cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001021c0*, lpNumberOfBytesWritten=0xc000255cec*=0x10, lpOverlapped=0x0) returned 1 [0104.940] CloseHandle (hObject=0x148) returned 1 [0104.940] VirtualAlloc (lpAddress=0xc000362000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000362000 [0104.941] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0104.941] VirtualAlloc (lpAddress=0xc000364000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000364000 [0104.941] VirtualAlloc (lpAddress=0xc000366000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000366000 [0104.942] VirtualAlloc (lpAddress=0xc000368000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000368000 [0104.942] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor-journal"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0104.943] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000255d64 | out: lpMode=0xc000255d64) returned 0 [0104.946] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.953] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.966] SetEvent (hEvent=0xfc) returned 1 [0104.966] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.969] SetEvent (hEvent=0xfc) returned 1 [0104.970] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.972] SetEvent (hEvent=0xfc) returned 1 [0104.972] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.973] SetEvent (hEvent=0xfc) returned 1 [0104.973] SetEvent (hEvent=0xf4) returned 1 [0104.973] SetEvent (hEvent=0x9c) returned 1 [0104.973] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.976] VirtualFree (lpAddress=0xc00036c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.976] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0104.976] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.977] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.977] GetFileType (hFile=0x1c4) returned 0x1 [0104.977] GetFileType (hFile=0x1c4) returned 0x1 [0104.977] GetFileInformationByHandle (in: hFile=0x1c4, lpFileInformation=0xc0000bdd44 | out: lpFileInformation=0xc0000bdd44) returned 1 [0104.977] GetFileInformationByHandleEx (in: hFile=0x1c4, FileInformationClass=0x9, lpFileInformation=0xc0000bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bdd28) returned 1 [0104.977] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0104.978] ReadFile (in: hFile=0x1c4, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0xb45, lpNumberOfBytesRead=0xc0000bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc0000bdc04*=0x945, lpOverlapped=0x0) returned 1 [0104.986] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.989] SetEvent (hEvent=0xb8) returned 1 [0104.989] ReadFile (in: hFile=0x1c4, lpBuffer=0xc0001e2945, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2945*, lpNumberOfBytesRead=0xc0000bdc04*=0x0, lpOverlapped=0x0) returned 1 [0104.989] CloseHandle (hObject=0x1c4) returned 1 [0104.989] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0104.989] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0104.990] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0104.990] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0104.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0104.992] GetConsoleMode (in: hConsoleHandle=0x1c4, lpMode=0xc0000bdd04 | out: lpMode=0xc0000bdd04) returned 0 [0104.993] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0104.996] GetFileType (hFile=0x1c4) returned 0x1 [0104.996] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.000] WriteFile (in: hFile=0x1c4, lpBuffer=0xc00004e000*, nNumberOfBytesToWrite=0x950, lpNumberOfBytesWritten=0xc0000bdcec, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesWritten=0xc0000bdcec*=0x950, lpOverlapped=0x0) returned 1 [0105.001] CloseHandle (hObject=0x1c4) returned 1 [0105.001] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0105.002] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0105.002] GetConsoleMode (in: hConsoleHandle=0x1c4, lpMode=0xc0000bdd64 | out: lpMode=0xc0000bdd64) returned 0 [0105.005] GetFileType (hFile=0x1c4) returned 0x1 [0105.005] WriteFile (in: hFile=0x1c4, lpBuffer=0xc0000fa6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa6e0*, lpNumberOfBytesWritten=0xc0000bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0105.005] CloseHandle (hObject=0x1c4) returned 1 [0105.005] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\encry-view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\encry-view.js"), dwFlags=0x1) returned 1 [0105.006] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.013] SetEvent (hEvent=0x120) returned 1 [0105.013] VirtualFree (lpAddress=0xc0003d4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.013] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0105.014] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.014] GetFileType (hFile=0x128) returned 0x1 [0105.014] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000187d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000187d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.014] CloseHandle (hObject=0x128) returned 1 [0105.014] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0105.015] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-manifest.json"), dwFlags=0x1) returned 1 [0105.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0105.016] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0002d7cf4 | out: lpMode=0xc0002d7cf4) returned 0 [0105.020] GetFileType (hFile=0x128) returned 0x1 [0105.020] GetFileType (hFile=0x128) returned 0x1 [0105.020] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0002d7d44 | out: lpFileInformation=0xc0002d7d44) returned 1 [0105.020] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0002d7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d7d28) returned 1 [0105.020] ReadFile (in: hFile=0x128, lpBuffer=0xc00007eb40, nNumberOfBytesToRead=0x229, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007eb40*, lpNumberOfBytesRead=0xc0002d7c04*=0x29, lpOverlapped=0x0) returned 1 [0105.022] ReadFile (in: hFile=0x128, lpBuffer=0xc00007eb69, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007eb69*, lpNumberOfBytesRead=0xc0002d7c04*=0x0, lpOverlapped=0x0) returned 1 [0105.022] CloseHandle (hObject=0x128) returned 1 [0105.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0105.023] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0002d7d04 | out: lpMode=0xc0002d7d04) returned 0 [0105.025] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.028] GetFileType (hFile=0x128) returned 0x1 [0105.028] WriteFile (in: hFile=0x128, lpBuffer=0xc00000a210*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0xc0002d7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00000a210*, lpNumberOfBytesWritten=0xc0002d7cec*=0x30, lpOverlapped=0x0) returned 1 [0105.191] CloseHandle (hObject=0x128) returned 1 [0105.192] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0105.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0105.192] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0002d7d64 | out: lpMode=0xc0002d7d64) returned 0 [0105.194] GetFileType (hFile=0x128) returned 0x1 [0105.194] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0002d7d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.195] CloseHandle (hObject=0x128) returned 1 [0105.195] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\manifest-000001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\encry-MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\encry-manifest-000001"), dwFlags=0x1) returned 1 [0105.196] SwitchToThread () returned 1 [0105.197] SetEvent (hEvent=0xfc) returned 1 [0105.197] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.197] SetEvent (hEvent=0xfc) returned 1 [0105.197] SetEvent (hEvent=0x120) returned 1 [0105.197] SetEvent (hEvent=0x9c) returned 1 [0105.197] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.198] SetEvent (hEvent=0x120) returned 1 [0105.199] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.201] VirtualFree (lpAddress=0xc0003fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.201] VirtualFree (lpAddress=0xc000370000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.201] VirtualFree (lpAddress=0xc000368000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.201] VirtualFree (lpAddress=0xc000362000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.202] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0105.202] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.202] VirtualFree (lpAddress=0xc00006a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0105.203] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.203] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.203] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.204] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.204] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.204] SetEvent (hEvent=0xfc) returned 1 [0105.204] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.237] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0105.237] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e0 [0105.238] GetConsoleMode (in: hConsoleHandle=0x1e0, lpMode=0xc0002cfcf4 | out: lpMode=0xc0002cfcf4) returned 0 [0105.245] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.251] GetFileType (hFile=0x1e0) returned 0x1 [0105.252] GetFileType (hFile=0x1e0) returned 0x1 [0105.252] GetFileInformationByHandle (in: hFile=0x1e0, lpFileInformation=0xc0002cfd44 | out: lpFileInformation=0xc0002cfd44) returned 1 [0105.252] GetFileInformationByHandleEx (in: hFile=0x1e0, FileInformationClass=0x9, lpFileInformation=0xc0002cfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002cfd28) returned 1 [0105.252] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0105.252] ReadFile (in: hFile=0x1e0, lpBuffer=0xc0000f0000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesRead=0xc0002cfc04*=0x0, lpOverlapped=0x0) returned 1 [0105.252] CloseHandle (hObject=0x1e0) returned 1 [0105.252] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0105.253] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0105.253] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0105.253] GetConsoleMode (in: hConsoleHandle=0x1e0, lpMode=0xc0002cfd04 | out: lpMode=0xc0002cfd04) returned 0 [0105.256] GetFileType (hFile=0x1e0) returned 0x1 [0105.256] WriteFile (in: hFile=0x1e0, lpBuffer=0xc000010270*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0002cfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000010270*, lpNumberOfBytesWritten=0xc0002cfcec*=0x10, lpOverlapped=0x0) returned 1 [0105.258] CloseHandle (hObject=0x1e0) returned 1 [0105.258] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0105.258] VirtualAlloc (lpAddress=0xc0002da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002da000 [0105.259] VirtualAlloc (lpAddress=0xc0002dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002dc000 [0105.259] VirtualAlloc (lpAddress=0xc0002de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002de000 [0105.259] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0105.260] GetConsoleMode (in: hConsoleHandle=0x1e0, lpMode=0xc0002cfd64 | out: lpMode=0xc0002cfd64) returned 0 [0105.260] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.272] GetFileType (hFile=0x1e0) returned 0x1 [0105.272] WriteFile (in: hFile=0x1e0, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002cfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0002cfd4c*=0x158, lpOverlapped=0x0) returned 1 [0105.272] CloseHandle (hObject=0x1e0) returned 1 [0105.272] VirtualAlloc (lpAddress=0xc0002e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e0000 [0105.273] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\encry-000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\encry-000003.log"), dwFlags=0x1) returned 1 [0105.275] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.278] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0105.278] SetEvent (hEvent=0x9c) returned 1 [0105.278] SetEvent (hEvent=0xf4) returned 1 [0105.278] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0105.280] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.280] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.288] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0105.288] SetEvent (hEvent=0xfc) returned 1 [0105.288] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.296] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.296] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.297] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0105.297] SetEvent (hEvent=0xc0) returned 1 [0105.297] SetEvent (hEvent=0x9c) returned 1 [0105.297] SetEvent (hEvent=0x120) returned 1 [0105.298] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.300] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.305] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.305] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0105.305] SetEvent (hEvent=0x9c) returned 1 [0105.305] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.305] GetFileType (hFile=0x1b8) returned 0x1 [0105.305] GetFileType (hFile=0x1b8) returned 0x1 [0105.306] GetFileInformationByHandle (in: hFile=0x1b8, lpFileInformation=0xc0000e9d44 | out: lpFileInformation=0xc0000e9d44) returned 1 [0105.306] GetFileInformationByHandleEx (in: hFile=0x1b8, FileInformationClass=0x9, lpFileInformation=0xc0000e9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000e9d28) returned 1 [0105.306] ReadFile (in: hFile=0x1b8, lpBuffer=0xc00007e000, nNumberOfBytesToRead=0x23b, lpNumberOfBytesRead=0xc0000e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesRead=0xc0000e9c04*=0x3b, lpOverlapped=0x0) returned 1 [0105.307] ReadFile (in: hFile=0x1b8, lpBuffer=0xc00007e03b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e03b*, lpNumberOfBytesRead=0xc0000e9c04*=0x0, lpOverlapped=0x0) returned 1 [0105.307] CloseHandle (hObject=0x1b8) returned 1 [0105.307] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0105.308] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0105.309] GetConsoleMode (in: hConsoleHandle=0x1b8, lpMode=0xc0000e9d04 | out: lpMode=0xc0000e9d04) returned 0 [0105.317] GetFileType (hFile=0x1b8) returned 0x1 [0105.317] WriteFile (in: hFile=0x1b8, lpBuffer=0xc0006e8000*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0xc0000e9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006e8000*, lpNumberOfBytesWritten=0xc0000e9cec*=0x40, lpOverlapped=0x0) returned 1 [0105.318] CloseHandle (hObject=0x1b8) returned 1 [0105.318] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0105.318] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0105.319] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0105.319] VirtualAlloc (lpAddress=0xc0002f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f0000 [0105.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0105.320] GetConsoleMode (in: hConsoleHandle=0x1b8, lpMode=0xc0000e9d64 | out: lpMode=0xc0000e9d64) returned 0 [0105.325] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.333] SetEvent (hEvent=0xc0) returned 1 [0105.333] GetFileType (hFile=0x1b8) returned 0x1 [0105.333] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.364] WriteFile (in: hFile=0x1b8, lpBuffer=0xc0000fa2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000e9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa2c0*, lpNumberOfBytesWritten=0xc0000e9d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.364] CloseHandle (hObject=0x1b8) returned 1 [0105.364] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0105.365] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0105.365] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0105.365] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\encry-setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\encry-setup.html"), dwFlags=0x1) returned 1 [0105.366] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0105.367] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0105.367] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0105.368] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b8 [0105.368] GetConsoleMode (in: hConsoleHandle=0x1b8, lpMode=0xc00029fcf4 | out: lpMode=0xc00029fcf4) returned 0 [0105.370] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.394] GetFileType (hFile=0x1b8) returned 0x1 [0105.395] GetFileType (hFile=0x1b8) returned 0x1 [0105.395] GetFileInformationByHandle (in: hFile=0x1b8, lpFileInformation=0xc00029fd44 | out: lpFileInformation=0xc00029fd44) returned 1 [0105.395] GetFileInformationByHandleEx (in: hFile=0x1b8, FileInformationClass=0x9, lpFileInformation=0xc00029fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029fd28) returned 1 [0105.395] VirtualAlloc (lpAddress=0xc0002da000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002da000 [0105.396] ReadFile (in: hFile=0x1b8, lpBuffer=0xc0002da000, nNumberOfBytesToRead=0x10a2a, lpNumberOfBytesRead=0xc00029fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002da000*, lpNumberOfBytesRead=0xc00029fc04*=0x1082a, lpOverlapped=0x0) returned 1 [0105.418] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.420] ReadFile (in: hFile=0x1b8, lpBuffer=0xc0002ea82a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ea82a*, lpNumberOfBytesRead=0xc00029fc04*=0x0, lpOverlapped=0x0) returned 1 [0105.420] CloseHandle (hObject=0x1b8) returned 1 [0105.420] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0105.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0105.423] GetConsoleMode (in: hConsoleHandle=0x1b8, lpMode=0xc00029fd04 | out: lpMode=0xc00029fd04) returned 0 [0105.435] GetFileType (hFile=0x1b8) returned 0x1 [0105.435] WriteFile (in: hFile=0x1b8, lpBuffer=0xc0002ec000*, nNumberOfBytesToWrite=0x10830, lpNumberOfBytesWritten=0xc00029fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002ec000*, lpNumberOfBytesWritten=0xc00029fcec*=0x10830, lpOverlapped=0x0) returned 1 [0105.437] CloseHandle (hObject=0x1b8) returned 1 [0105.437] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0105.437] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b8 [0105.437] GetConsoleMode (in: hConsoleHandle=0x1b8, lpMode=0xc00029fd64 | out: lpMode=0xc00029fd64) returned 0 [0105.626] GetFileType (hFile=0x1b8) returned 0x1 [0105.626] WriteFile (in: hFile=0x1b8, lpBuffer=0xc0001242c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001242c0*, lpNumberOfBytesWritten=0xc00029fd4c*=0x158, lpOverlapped=0x0) returned 1 [0105.626] CloseHandle (hObject=0x1b8) returned 1 [0105.627] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0105.627] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\encry-Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\encry-local state"), dwFlags=0x1) returned 1 [0105.628] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.631] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.631] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0105.631] SetEvent (hEvent=0xc0) returned 1 [0105.631] SetEvent (hEvent=0x114) returned 1 [0105.631] SetEvent (hEvent=0xf4) returned 1 [0105.631] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0105.633] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.645] SetEvent (hEvent=0xf4) returned 1 [0105.645] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.655] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.655] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.656] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0105.656] SetEvent (hEvent=0x164) returned 1 [0105.656] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.656] GetFileType (hFile=0x1d4) returned 0x1 [0105.656] GetFileType (hFile=0x1d4) returned 0x1 [0105.656] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc000133d44 | out: lpFileInformation=0xc000133d44) returned 1 [0105.657] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc000133d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000133d28) returned 1 [0105.657] ReadFile (in: hFile=0x1d4, lpBuffer=0xc00007e000, nNumberOfBytesToRead=0x23b, lpNumberOfBytesRead=0xc000133c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesRead=0xc000133c04*=0x3b, lpOverlapped=0x0) returned 1 [0105.658] ReadFile (in: hFile=0x1d4, lpBuffer=0xc00007e03b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000133c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e03b*, lpNumberOfBytesRead=0xc000133c04*=0x0, lpOverlapped=0x0) returned 1 [0105.658] CloseHandle (hObject=0x1d4) returned 1 [0105.658] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0105.658] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0105.660] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000133d04 | out: lpMode=0xc000133d04) returned 0 [0105.660] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.679] SetEvent (hEvent=0xf4) returned 1 [0105.679] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.681] SetEvent (hEvent=0x9c) returned 1 [0105.681] VirtualFree (lpAddress=0xc000320000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0105.682] VirtualFree (lpAddress=0xc00028c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.682] VirtualFree (lpAddress=0xc000238000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.682] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.683] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.683] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.683] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.683] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.684] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.684] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.684] WriteFile (in: hFile=0x194, lpBuffer=0xc000480000*, nNumberOfBytesToWrite=0x5010, lpNumberOfBytesWritten=0xc00024dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000480000*, lpNumberOfBytesWritten=0xc00024dcec*=0x5010, lpOverlapped=0x0) returned 1 [0105.686] CloseHandle (hObject=0x194) returned 1 [0105.686] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0105.686] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0105.686] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0105.686] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0105.689] GetFileType (hFile=0x194) returned 0x1 [0105.689] WriteFile (in: hFile=0x194, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0105.689] CloseHandle (hObject=0x194) returned 1 [0105.689] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-favicons"), dwFlags=0x1) returned 1 [0105.690] GetFileType (hFile=0x180) returned 0x1 [0105.690] WriteFile (in: hFile=0x180, lpBuffer=0xc00021a000*, nNumberOfBytesToWrite=0x1a20, lpNumberOfBytesWritten=0xc0001e9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00021a000*, lpNumberOfBytesWritten=0xc0001e9cec*=0x1a20, lpOverlapped=0x0) returned 1 [0105.691] CloseHandle (hObject=0x180) returned 1 [0105.692] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0105.692] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0105.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0105.692] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001e9d64 | out: lpMode=0xc0001e9d64) returned 0 [0105.695] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.707] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.708] SetEvent (hEvent=0xf4) returned 1 [0105.708] SetEvent (hEvent=0x164) returned 1 [0105.708] SetEvent (hEvent=0x120) returned 1 [0105.708] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.721] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.723] SetEvent (hEvent=0x114) returned 1 [0105.723] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.731] SetEvent (hEvent=0x120) returned 1 [0105.731] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.768] SetEvent (hEvent=0xf4) returned 1 [0105.768] SetEvent (hEvent=0x114) returned 1 [0105.768] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.781] SetEvent (hEvent=0xf4) returned 1 [0105.781] SwitchToThread () returned 1 [0105.783] SetEvent (hEvent=0xf4) returned 1 [0105.783] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.784] SetEvent (hEvent=0xf4) returned 1 [0105.784] SetEvent (hEvent=0x114) returned 1 [0105.784] SetEvent (hEvent=0x9c) returned 1 [0105.784] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.788] VirtualFree (lpAddress=0xc00031c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.789] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.789] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.789] VirtualFree (lpAddress=0xc00021a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0105.789] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.790] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.790] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.790] VirtualFree (lpAddress=0xc000072000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0105.790] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.791] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0105.791] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.791] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0105.791] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0105.792] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a058.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0105.792] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0000e7cf4 | out: lpMode=0xc0000e7cf4) returned 0 [0105.808] GetFileType (hFile=0x1b4) returned 0x1 [0105.808] GetFileType (hFile=0x1b4) returned 0x1 [0105.808] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc0000e7d44 | out: lpFileInformation=0xc0000e7d44) returned 1 [0105.808] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc0000e7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000e7d28) returned 1 [0105.809] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0105.809] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000fe000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesRead=0xc0000e7c04*=0x0, lpOverlapped=0x0) returned 1 [0105.809] CloseHandle (hObject=0x1b4) returned 1 [0105.809] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0105.809] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0105.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a058.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0105.810] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0000e7d04 | out: lpMode=0xc0000e7d04) returned 0 [0105.820] GetFileType (hFile=0x1b4) returned 0x1 [0105.820] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000102d0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0000e7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000102d0*, lpNumberOfBytesWritten=0xc0000e7cec*=0x10, lpOverlapped=0x0) returned 1 [0105.821] CloseHandle (hObject=0x1b4) returned 1 [0105.821] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0105.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a058.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0105.821] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0000e7d64 | out: lpMode=0xc0000e7d64) returned 0 [0105.827] GetFileType (hFile=0x1b4) returned 0x1 [0105.827] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000e7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000e7d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.827] CloseHandle (hObject=0x1b4) returned 1 [0105.827] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0105.827] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0105.827] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A058.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a058.tmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\encry-A058.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\encry-a058.tmp"), dwFlags=0x1) returned 1 [0105.828] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.829] SetEvent (hEvent=0xf4) returned 1 [0105.829] SetEvent (hEvent=0x9c) returned 1 [0105.829] VirtualFree (lpAddress=0xc000400000, dwSize=0x46000, dwFreeType=0x4000) returned 1 [0105.831] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.831] VirtualFree (lpAddress=0xc00039a000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0105.832] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0105.833] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.833] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.833] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.834] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.834] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x194 [0105.834] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc000069cf4 | out: lpMode=0xc000069cf4) returned 0 [0105.835] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.837] GetFileType (hFile=0x194) returned 0x1 [0105.837] GetFileType (hFile=0x194) returned 0x1 [0105.837] GetFileInformationByHandle (in: hFile=0x194, lpFileInformation=0xc000069d44 | out: lpFileInformation=0xc000069d44) returned 1 [0105.837] GetFileInformationByHandleEx (in: hFile=0x194, FileInformationClass=0x9, lpFileInformation=0xc000069d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000069d28) returned 1 [0105.837] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0105.838] ReadFile (in: hFile=0x194, lpBuffer=0xc000056000, nNumberOfBytesToRead=0x3e00, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesRead=0xc000069c04*=0x3c00, lpOverlapped=0x0) returned 1 [0105.840] ReadFile (in: hFile=0x194, lpBuffer=0xc000059c00, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc000059c00*, lpNumberOfBytesRead=0xc000069c04*=0x0, lpOverlapped=0x0) returned 1 [0105.840] CloseHandle (hObject=0x194) returned 1 [0105.840] SwitchToThread () returned 1 [0105.846] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0105.846] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0105.847] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0105.847] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0105.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0105.849] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000069d04 | out: lpMode=0xc000069d04) returned 0 [0105.853] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.861] GetFileType (hFile=0x1b4) returned 0x1 [0105.861] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0105.861] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000ee000*, nNumberOfBytesToWrite=0x3c10, lpNumberOfBytesWritten=0xc000069cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesWritten=0xc000069cec*=0x3c10, lpOverlapped=0x0) returned 1 [0105.862] CloseHandle (hObject=0x1b4) returned 1 [0105.862] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0105.863] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0105.863] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0105.863] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0105.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0105.864] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000069d64 | out: lpMode=0xc000069d64) returned 0 [0105.864] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.872] SetEvent (hEvent=0xf4) returned 1 [0105.872] GetFileType (hFile=0x1b4) returned 0x1 [0105.872] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.875] SetEvent (hEvent=0xf4) returned 1 [0105.875] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000762c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000069d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000762c0*, lpNumberOfBytesWritten=0xc000069d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.876] CloseHandle (hObject=0x1b4) returned 1 [0105.876] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0105.876] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0105.876] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Network Action Predictor" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-network action predictor"), dwFlags=0x1) returned 1 [0105.877] SwitchToThread () returned 1 [0105.961] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0105.969] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001d7818, lpReserved=0x0 | out: lpBuffer=0xc0000a01e0*, lpNumberOfCharsWritten=0xc0001d7818*=0x4) returned 1 [0105.981] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000102f0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000c3818, lpReserved=0x0 | out: lpBuffer=0xc0000102f0*, lpNumberOfCharsWritten=0xc0000c3818*=0x4) returned 1 [0105.985] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010320*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000277818, lpReserved=0x0 | out: lpBuffer=0xc000010320*, lpNumberOfCharsWritten=0xc000277818*=0x4) returned 1 [0106.092] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586560*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000063818, lpReserved=0x0 | out: lpBuffer=0xc000586560*, lpNumberOfCharsWritten=0xc000063818*=0x4) returned 1 [0106.093] SetEvent (hEvent=0x9c) returned 1 [0106.093] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586568*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00019b818, lpReserved=0x0 | out: lpBuffer=0xc000586568*, lpNumberOfCharsWritten=0xc00019b818*=0x4) returned 1 [0106.094] SetEvent (hEvent=0x9c) returned 1 [0106.094] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586570*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000b9818, lpReserved=0x0 | out: lpBuffer=0xc000586570*, lpNumberOfCharsWritten=0xc0000b9818*=0x4) returned 1 [0106.095] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.100] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0210*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000111818, lpReserved=0x0 | out: lpBuffer=0xc0000a0210*, lpNumberOfCharsWritten=0xc000111818*=0x4) returned 1 [0106.110] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0218*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc0000a0218*, lpNumberOfCharsWritten=0xc0006dd818*=0x4) returned 1 [0106.115] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.120] SetEvent (hEvent=0x9c) returned 1 [0106.120] SetEvent (hEvent=0xf4) returned 1 [0106.120] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0220*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000b7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0220*, lpNumberOfCharsWritten=0xc0000b7818*=0x4) returned 1 [0106.121] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.129] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010178*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001b3818, lpReserved=0x0 | out: lpBuffer=0xc000010178*, lpNumberOfCharsWritten=0xc0001b3818*=0x4) returned 1 [0106.130] SetEvent (hEvent=0xf4) returned 1 [0106.130] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.138] SetEvent (hEvent=0x120) returned 1 [0106.138] VirtualAlloc (lpAddress=0xc000342000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000342000 [0106.138] VirtualAlloc (lpAddress=0xc00034e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00034e000 [0106.139] VirtualAlloc (lpAddress=0xc000350000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000350000 [0106.139] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x194 [0106.139] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc000267cf4 | out: lpMode=0xc000267cf4) returned 0 [0106.143] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.217] SetEvent (hEvent=0xf4) returned 1 [0106.217] GetFileType (hFile=0x194) returned 0x1 [0106.217] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0106.217] GetFileType (hFile=0x194) returned 0x1 [0106.217] GetFileInformationByHandle (in: hFile=0x194, lpFileInformation=0xc000267d44 | out: lpFileInformation=0xc000267d44) returned 1 [0106.218] GetFileInformationByHandleEx (in: hFile=0x194, FileInformationClass=0x9, lpFileInformation=0xc000267d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000267d28) returned 1 [0106.218] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0106.218] ReadFile (in: hFile=0x194, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x1600, lpNumberOfBytesRead=0xc000267c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc000267c04*=0x1400, lpOverlapped=0x0) returned 1 [0106.220] ReadFile (in: hFile=0x194, lpBuffer=0xc0000fb400, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000267c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fb400*, lpNumberOfBytesRead=0xc000267c04*=0x0, lpOverlapped=0x0) returned 1 [0106.221] CloseHandle (hObject=0x194) returned 1 [0106.221] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0106.221] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0106.221] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0106.222] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0106.222] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0106.224] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc000267d04 | out: lpMode=0xc000267d04) returned 0 [0106.224] GetFileType (hFile=0x194) returned 0x1 [0106.224] WriteFile (in: hFile=0x194, lpBuffer=0xc0000d1500*, nNumberOfBytesToWrite=0x1410, lpNumberOfBytesWritten=0xc000267cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesWritten=0xc000267cec*=0x1410, lpOverlapped=0x0) returned 1 [0106.225] CloseHandle (hObject=0x194) returned 1 [0106.226] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0106.226] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0106.226] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0106.226] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0106.227] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0106.227] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0106.228] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0106.228] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0106.228] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc000267d64 | out: lpMode=0xc000267d64) returned 0 [0106.229] GetFileType (hFile=0x194) returned 0x1 [0106.229] WriteFile (in: hFile=0x194, lpBuffer=0xc000076000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000267d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000076000*, lpNumberOfBytesWritten=0xc000267d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.229] CloseHandle (hObject=0x194) returned 1 [0106.230] VirtualAlloc (lpAddress=0xc000354000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000354000 [0106.230] VirtualAlloc (lpAddress=0xc000356000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000356000 [0106.230] VirtualAlloc (lpAddress=0xc000358000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000358000 [0106.231] VirtualAlloc (lpAddress=0xc00035a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00035a000 [0106.231] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\encry-Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\encry-safe browsing channel ids"), dwFlags=0x1) returned 1 [0106.232] VirtualFree (lpAddress=0xc000346000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0106.233] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.233] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.234] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.234] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.234] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.234] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x194 [0106.235] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc000263cf4 | out: lpMode=0xc000263cf4) returned 0 [0106.235] GetFileType (hFile=0x194) returned 0x1 [0106.236] GetFileType (hFile=0x194) returned 0x1 [0106.236] GetFileInformationByHandle (in: hFile=0x194, lpFileInformation=0xc000263d44 | out: lpFileInformation=0xc000263d44) returned 1 [0106.236] GetFileInformationByHandleEx (in: hFile=0x194, FileInformationClass=0x9, lpFileInformation=0xc000263d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000263d28) returned 1 [0106.236] VirtualAlloc (lpAddress=0xc00035c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00035c000 [0106.236] ReadFile (in: hFile=0x194, lpBuffer=0xc00035c000, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0xc000263c04, lpOverlapped=0x0 | out: lpBuffer=0xc00035c000*, lpNumberOfBytesRead=0xc000263c04*=0x1c00, lpOverlapped=0x0) returned 1 [0106.244] ReadFile (in: hFile=0x194, lpBuffer=0xc00035dc00, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000263c04, lpOverlapped=0x0 | out: lpBuffer=0xc00035dc00*, lpNumberOfBytesRead=0xc000263c04*=0x0, lpOverlapped=0x0) returned 1 [0106.245] CloseHandle (hObject=0x194) returned 1 [0106.245] VirtualAlloc (lpAddress=0xc00035e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00035e000 [0106.245] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0106.246] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc000263d04 | out: lpMode=0xc000263d04) returned 0 [0106.252] GetFileType (hFile=0x194) returned 0x1 [0106.252] WriteFile (in: hFile=0x194, lpBuffer=0xc00035e000*, nNumberOfBytesToWrite=0x1c10, lpNumberOfBytesWritten=0xc000263cec, lpOverlapped=0x0 | out: lpBuffer=0xc00035e000*, lpNumberOfBytesWritten=0xc000263cec*=0x1c10, lpOverlapped=0x0) returned 1 [0106.253] CloseHandle (hObject=0x194) returned 1 [0106.253] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0106.253] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0106.253] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc000263d64 | out: lpMode=0xc000263d64) returned 0 [0106.256] GetFileType (hFile=0x194) returned 0x1 [0106.256] WriteFile (in: hFile=0x194, lpBuffer=0xc000076840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000263d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000076840*, lpNumberOfBytesWritten=0xc000263d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.256] CloseHandle (hObject=0x194) returned 1 [0106.256] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\encry-Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\encry-safe browsing cookies"), dwFlags=0x1) returned 1 [0106.257] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.278] SetEvent (hEvent=0xf4) returned 1 [0106.278] SwitchToThread () returned 1 [0106.279] SetEvent (hEvent=0xf4) returned 1 [0106.279] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.280] SetEvent (hEvent=0x164) returned 1 [0106.280] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.284] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.287] SetEvent (hEvent=0xf4) returned 1 [0106.287] SetEvent (hEvent=0x120) returned 1 [0106.287] VirtualFree (lpAddress=0xc00035e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0106.287] VirtualFree (lpAddress=0xc000352000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0106.288] VirtualFree (lpAddress=0xc000342000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.288] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.288] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.288] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.288] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.289] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.289] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.289] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.289] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.290] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.290] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.290] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.290] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.290] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.291] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\first run"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0106.291] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00029dcf4 | out: lpMode=0xc00029dcf4) returned 0 [0106.300] GetFileType (hFile=0xec) returned 0x1 [0106.300] GetFileType (hFile=0xec) returned 0x1 [0106.300] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00029dd44 | out: lpFileInformation=0xc00029dd44) returned 1 [0106.300] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00029dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029dd28) returned 1 [0106.300] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0106.300] ReadFile (in: hFile=0xec, lpBuffer=0xc0000f0000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesRead=0xc00029dc04*=0x0, lpOverlapped=0x0) returned 1 [0106.300] CloseHandle (hObject=0xec) returned 1 [0106.300] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0106.301] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0106.301] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\first run"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0106.301] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00029dd04 | out: lpMode=0xc00029dd04) returned 0 [0106.311] GetFileType (hFile=0xec) returned 0x1 [0106.311] WriteFile (in: hFile=0xec, lpBuffer=0xc000010370*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc00029dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000010370*, lpNumberOfBytesWritten=0xc00029dcec*=0x10, lpOverlapped=0x0) returned 1 [0106.312] CloseHandle (hObject=0xec) returned 1 [0106.313] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0106.313] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0106.313] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0106.313] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0106.314] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0106.314] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\first run"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0106.314] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00029dd64 | out: lpMode=0xc00029dd64) returned 0 [0106.326] GetFileType (hFile=0xec) returned 0x1 [0106.326] WriteFile (in: hFile=0xec, lpBuffer=0xc000120420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000120420*, lpNumberOfBytesWritten=0xc00029dd4c*=0x158, lpOverlapped=0x0) returned 1 [0106.326] CloseHandle (hObject=0xec) returned 1 [0106.326] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0106.326] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\first run"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\encry-First Run" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\encry-first run"), dwFlags=0x1) returned 1 [0106.327] VirtualFree (lpAddress=0xc000364000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0106.328] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.328] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.329] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.329] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.329] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.329] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0106.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0106.330] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0002d5cf4 | out: lpMode=0xc0002d5cf4) returned 0 [0106.338] GetFileType (hFile=0xec) returned 0x1 [0106.338] GetFileType (hFile=0xec) returned 0x1 [0106.338] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0002d5d44 | out: lpFileInformation=0xc0002d5d44) returned 1 [0106.338] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0002d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d5d28) returned 1 [0106.338] ReadFile (in: hFile=0xec, lpBuffer=0xc00006cd80, nNumberOfBytesToRead=0x210, lpNumberOfBytesRead=0xc0002d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006cd80*, lpNumberOfBytesRead=0xc0002d5c04*=0x10, lpOverlapped=0x0) returned 1 [0106.339] ReadFile (in: hFile=0xec, lpBuffer=0xc00006cd90, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006cd90*, lpNumberOfBytesRead=0xc0002d5c04*=0x0, lpOverlapped=0x0) returned 1 [0106.339] CloseHandle (hObject=0xec) returned 1 [0106.339] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0106.340] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0002d5d04 | out: lpMode=0xc0002d5d04) returned 0 [0106.346] GetFileType (hFile=0xec) returned 0x1 [0106.346] WriteFile (in: hFile=0xec, lpBuffer=0xc00009e200*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xc0002d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc00009e200*, lpNumberOfBytesWritten=0xc0002d5cec*=0x20, lpOverlapped=0x0) returned 1 [0106.347] CloseHandle (hObject=0xec) returned 1 [0106.347] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0106.347] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0106.347] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0002d5d64 | out: lpMode=0xc0002d5d64) returned 0 [0106.355] GetFileType (hFile=0xec) returned 0x1 [0106.355] WriteFile (in: hFile=0xec, lpBuffer=0xc000120f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000120f20*, lpNumberOfBytesWritten=0xc0002d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.355] CloseHandle (hObject=0xec) returned 1 [0106.355] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico.md5"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\encry-Google Docs.ico.md5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\encry-google docs.ico.md5"), dwFlags=0x1) returned 1 [0106.356] SwitchToThread () returned 1 [0106.358] SetEvent (hEvent=0x120) returned 1 [0106.358] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.365] SetEvent (hEvent=0xfc) returned 1 [0106.366] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.366] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.366] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0106.366] SetEvent (hEvent=0x114) returned 1 [0106.366] SetEvent (hEvent=0xfc) returned 1 [0106.366] SetEvent (hEvent=0xf4) returned 1 [0106.367] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.378] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.382] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0106.382] SetEvent (hEvent=0x9c) returned 1 [0106.382] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.407] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0106.407] SetEvent (hEvent=0xf4) returned 1 [0106.407] SetEvent (hEvent=0xfc) returned 1 [0106.408] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.416] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.416] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.426] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.426] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0106.426] SetEvent (hEvent=0xfc) returned 1 [0106.426] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.472] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0106.472] SetEvent (hEvent=0xf4) returned 1 [0106.472] SetEvent (hEvent=0x114) returned 1 [0106.474] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.480] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.481] SetEvent (hEvent=0x114) returned 1 [0106.481] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.483] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.483] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.484] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0106.484] SetEvent (hEvent=0x114) returned 1 [0106.484] SetEvent (hEvent=0xfc) returned 1 [0106.485] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.509] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.509] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0106.509] SetEvent (hEvent=0xc0) returned 1 [0106.510] SetEvent (hEvent=0x164) returned 1 [0106.510] SetEvent (hEvent=0x114) returned 1 [0106.511] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.514] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.610] SwitchToThread () returned 1 [0106.612] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0106.612] SetEvent (hEvent=0xfc) returned 1 [0106.612] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.620] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.620] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.620] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0106.620] SetEvent (hEvent=0xc0) returned 1 [0106.620] SetEvent (hEvent=0x164) returned 1 [0106.620] SetEvent (hEvent=0x120) returned 1 [0106.621] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.622] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.622] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.627] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0106.627] SetEvent (hEvent=0x164) returned 1 [0106.627] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.642] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.642] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.643] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0106.643] SetEvent (hEvent=0xc0) returned 1 [0106.643] SetEvent (hEvent=0x120) returned 1 [0106.643] SetEvent (hEvent=0x114) returned 1 [0106.644] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.647] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.659] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0106.659] SetEvent (hEvent=0x114) returned 1 [0106.659] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.663] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.664] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0106.664] SetEvent (hEvent=0xc0) returned 1 [0106.664] SetEvent (hEvent=0xfc) returned 1 [0106.664] SetEvent (hEvent=0x120) returned 1 [0106.665] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.669] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.672] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0106.672] SetEvent (hEvent=0x120) returned 1 [0106.673] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.679] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.679] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.679] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0106.679] SetEvent (hEvent=0xc0) returned 1 [0106.680] SetEvent (hEvent=0x120) returned 1 [0106.680] SetEvent (hEvent=0xfc) returned 1 [0106.681] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.683] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.684] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0106.684] SetEvent (hEvent=0x120) returned 1 [0106.684] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.688] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.689] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0106.689] SetEvent (hEvent=0x114) returned 1 [0106.689] SetEvent (hEvent=0xfc) returned 1 [0106.690] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.693] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.697] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0106.698] SetEvent (hEvent=0xfc) returned 1 [0106.698] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.713] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0106.713] SetEvent (hEvent=0x114) returned 1 [0106.713] SetEvent (hEvent=0x9c) returned 1 [0106.714] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.716] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.716] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.720] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.720] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.721] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.721] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0106.721] SetEvent (hEvent=0x120) returned 1 [0106.721] SetEvent (hEvent=0x164) returned 1 [0106.721] SetEvent (hEvent=0x9c) returned 1 [0106.721] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.723] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.723] GetFileType (hFile=0x1b0) returned 0x1 [0106.723] GetFileType (hFile=0x1b0) returned 0x1 [0106.723] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00020bd44 | out: lpFileInformation=0xc00020bd44) returned 1 [0106.723] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00020bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020bd28) returned 1 [0106.723] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0106.724] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0x1600, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc00020bc04*=0x1400, lpOverlapped=0x0) returned 1 [0106.731] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.747] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00011d400, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011d400*, lpNumberOfBytesRead=0xc00020bc04*=0x0, lpOverlapped=0x0) returned 1 [0106.747] CloseHandle (hObject=0x1b0) returned 1 [0106.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0106.749] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00020bd04 | out: lpMode=0xc00020bd04) returned 0 [0106.750] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.752] GetFileType (hFile=0x1b0) returned 0x1 [0106.752] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.759] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d1500*, nNumberOfBytesToWrite=0x1410, lpNumberOfBytesWritten=0xc00020bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesWritten=0xc00020bcec*=0x1410, lpOverlapped=0x0) returned 1 [0106.760] CloseHandle (hObject=0x1b0) returned 1 [0106.760] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0106.760] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0106.760] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0106.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0106.761] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00020bd64 | out: lpMode=0xc00020bd64) returned 0 [0106.762] GetFileType (hFile=0x1b0) returned 0x1 [0106.762] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00020bd4c*=0x158, lpOverlapped=0x0) returned 1 [0106.763] CloseHandle (hObject=0x1b0) returned 1 [0106.763] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0106.763] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0106.763] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-origin bound certs"), dwFlags=0x1) returned 1 [0106.787] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.792] SetEvent (hEvent=0x120) returned 1 [0106.792] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.802] SetEvent (hEvent=0x114) returned 1 [0106.802] SetEvent (hEvent=0xfc) returned 1 [0106.802] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.834] SetEvent (hEvent=0xfc) returned 1 [0106.834] SetEvent (hEvent=0x9c) returned 1 [0106.834] SetEvent (hEvent=0x114) returned 1 [0106.834] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.890] SetEvent (hEvent=0x9c) returned 1 [0106.890] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0106.988] SwitchToThread () returned 1 [0106.992] SetEvent (hEvent=0xfc) returned 1 [0106.992] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.002] SetEvent (hEvent=0xfc) returned 1 [0107.002] SetEvent (hEvent=0x114) returned 1 [0107.002] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0107.003] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000289cf4 | out: lpMode=0xc000289cf4) returned 0 [0107.004] GetFileType (hFile=0x1e4) returned 0x1 [0107.004] GetFileType (hFile=0x1e4) returned 0x1 [0107.004] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc000289d44 | out: lpFileInformation=0xc000289d44) returned 1 [0107.004] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc000289d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000289d28) returned 1 [0107.004] VirtualAlloc (lpAddress=0xc0002e6000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e6000 [0107.005] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0002e6000, nNumberOfBytesToRead=0x31a9, lpNumberOfBytesRead=0xc000289c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e6000*, lpNumberOfBytesRead=0xc000289c04*=0x2fa9, lpOverlapped=0x0) returned 1 [0107.011] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0002e8fa9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000289c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e8fa9*, lpNumberOfBytesRead=0xc000289c04*=0x0, lpOverlapped=0x0) returned 1 [0107.011] CloseHandle (hObject=0x1e4) returned 1 [0107.011] VirtualAlloc (lpAddress=0xc0002f0000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f0000 [0107.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0107.013] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000289d04 | out: lpMode=0xc000289d04) returned 0 [0107.027] GetFileType (hFile=0x1e4) returned 0x1 [0107.027] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0002f0000*, nNumberOfBytesToWrite=0x2fb0, lpNumberOfBytesWritten=0xc000289cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f0000*, lpNumberOfBytesWritten=0xc000289cec*=0x2fb0, lpOverlapped=0x0) returned 1 [0107.029] CloseHandle (hObject=0x1e4) returned 1 [0107.029] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0107.029] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0107.029] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000289d64 | out: lpMode=0xc000289d64) returned 0 [0107.032] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.041] GetFileType (hFile=0x1e4) returned 0x1 [0107.041] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0107.041] WriteFile (in: hFile=0x1e4, lpBuffer=0xc00025e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000289d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00025e000*, lpNumberOfBytesWritten=0xc000289d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.042] CloseHandle (hObject=0x1e4) returned 1 [0107.042] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0107.042] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\encry-brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\encry-brndlog.bak"), dwFlags=0x1) returned 1 [0107.043] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0107.043] SetEvent (hEvent=0x9c) returned 1 [0107.043] SetEvent (hEvent=0xf4) returned 1 [0107.043] SetEvent (hEvent=0xb8) returned 1 [0107.043] VirtualAlloc (lpAddress=0xc00031a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031a000 [0107.045] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.046] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.046] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.050] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.050] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.051] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.051] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0107.051] SetEvent (hEvent=0xc0) returned 1 [0107.051] SetEvent (hEvent=0x164) returned 1 [0107.051] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.052] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.052] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0107.052] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000159cf4 | out: lpMode=0xc000159cf4) returned 0 [0107.053] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.065] GetFileType (hFile=0x180) returned 0x1 [0107.065] GetFileType (hFile=0x180) returned 0x1 [0107.065] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc000159d44 | out: lpFileInformation=0xc000159d44) returned 1 [0107.066] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc000159d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000159d28) returned 1 [0107.066] ReadFile (in: hFile=0x180, lpBuffer=0xc0000d1500, nNumberOfBytesToRead=0x1400, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesRead=0xc000159c04*=0x1200, lpOverlapped=0x0) returned 1 [0107.068] ReadFile (in: hFile=0x180, lpBuffer=0xc0000d2700, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d2700*, lpNumberOfBytesRead=0xc000159c04*=0x0, lpOverlapped=0x0) returned 1 [0107.068] CloseHandle (hObject=0x180) returned 1 [0107.068] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0107.069] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0107.070] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000159d04 | out: lpMode=0xc000159d04) returned 0 [0107.078] GetFileType (hFile=0x180) returned 0x1 [0107.078] WriteFile (in: hFile=0x180, lpBuffer=0xc0000fa000*, nNumberOfBytesToWrite=0x1210, lpNumberOfBytesWritten=0xc000159cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesWritten=0xc000159cec*=0x1210, lpOverlapped=0x0) returned 1 [0107.079] CloseHandle (hObject=0x180) returned 1 [0107.079] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0107.079] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0107.079] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0107.082] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0107.082] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0107.083] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0107.083] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000159d64 | out: lpMode=0xc000159d64) returned 0 [0107.160] GetFileType (hFile=0x180) returned 0x1 [0107.160] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000159d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000159d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.161] CloseHandle (hObject=0x180) returned 1 [0107.161] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\encry-RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\encry-recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat"), dwFlags=0x1) returned 1 [0107.162] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.287] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0107.287] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000111cf4 | out: lpMode=0xc000111cf4) returned 0 [0107.290] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.300] GetFileType (hFile=0x1b0) returned 0x1 [0107.300] GetFileType (hFile=0x1b0) returned 0x1 [0107.300] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000111d44 | out: lpFileInformation=0xc000111d44) returned 1 [0107.300] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000111d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000111d28) returned 1 [0107.300] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0107.300] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00025c000, nNumberOfBytesToRead=0x6ff, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025c000*, lpNumberOfBytesRead=0xc000111c04*=0x4ff, lpOverlapped=0x0) returned 1 [0107.304] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.307] SetEvent (hEvent=0x114) returned 1 [0107.307] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00025c4ff, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025c4ff*, lpNumberOfBytesRead=0xc000111c04*=0x0, lpOverlapped=0x0) returned 1 [0107.307] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.329] CloseHandle (hObject=0x1b0) returned 1 [0107.329] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0107.330] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0107.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0107.331] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000111d04 | out: lpMode=0xc000111d04) returned 0 [0107.332] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.335] GetFileType (hFile=0x1b0) returned 0x1 [0107.335] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0001de000*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0xc000111cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001de000*, lpNumberOfBytesWritten=0xc000111cec*=0x500, lpOverlapped=0x0) returned 1 [0107.337] CloseHandle (hObject=0x1b0) returned 1 [0107.337] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0107.337] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0107.337] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0107.338] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0107.338] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000111d64 | out: lpMode=0xc000111d64) returned 0 [0107.345] GetFileType (hFile=0x1b0) returned 0x1 [0107.345] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000250420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000111d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000250420*, lpNumberOfBytesWritten=0xc000111d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.346] CloseHandle (hObject=0x1b0) returned 1 [0107.346] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\encry-02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\encry-02_music_added_in_the_last_month.wpl"), dwFlags=0x1) returned 1 [0107.347] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.348] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0107.348] SetEvent (hEvent=0xb8) returned 1 [0107.348] SetEvent (hEvent=0x164) returned 1 [0107.349] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0107.350] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.353] SetEvent (hEvent=0x164) returned 1 [0107.353] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.357] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.357] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.357] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0107.357] SetEvent (hEvent=0xc0) returned 1 [0107.357] SetEvent (hEvent=0x164) returned 1 [0107.358] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.358] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0107.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0107.359] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000273cf4 | out: lpMode=0xc000273cf4) returned 0 [0107.361] GetFileType (hFile=0x1b0) returned 0x1 [0107.361] GetFileType (hFile=0x1b0) returned 0x1 [0107.361] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000273d44 | out: lpFileInformation=0xc000273d44) returned 1 [0107.361] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000273d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000273d28) returned 1 [0107.362] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0107.362] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc000273c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc000273c04*=0xe00, lpOverlapped=0x0) returned 1 [0107.367] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000a2e00, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000273c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2e00*, lpNumberOfBytesRead=0xc000273c04*=0x0, lpOverlapped=0x0) returned 1 [0107.367] CloseHandle (hObject=0x1b0) returned 1 [0107.367] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0107.368] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0107.368] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0107.369] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000273d04 | out: lpMode=0xc000273d04) returned 0 [0107.375] GetFileType (hFile=0x1b0) returned 0x1 [0107.375] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000a3000*, nNumberOfBytesToWrite=0xe10, lpNumberOfBytesWritten=0xc000273cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a3000*, lpNumberOfBytesWritten=0xc000273cec*=0xe10, lpOverlapped=0x0) returned 1 [0107.376] CloseHandle (hObject=0x1b0) returned 1 [0107.376] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0107.376] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0107.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0107.376] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000273d64 | out: lpMode=0xc000273d64) returned 0 [0107.380] GetFileType (hFile=0x1b0) returned 0x1 [0107.380] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000273d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000273d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.380] CloseHandle (hObject=0x1b0) returned 1 [0107.380] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\encry-RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\encry-recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwFlags=0x1) returned 1 [0107.381] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0107.382] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.382] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.382] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.382] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.382] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.383] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.383] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.383] GetFileType (hFile=0x1bc) returned 0x1 [0107.383] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000139d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000139d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.384] CloseHandle (hObject=0x1bc) returned 1 [0107.384] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\encry-{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\encry-{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwFlags=0x1) returned 1 [0107.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0107.385] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0000b9cf4 | out: lpMode=0xc0000b9cf4) returned 0 [0107.389] GetFileType (hFile=0x1bc) returned 0x1 [0107.389] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0107.390] GetFileType (hFile=0x1bc) returned 0x1 [0107.390] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0000b9d44 | out: lpFileInformation=0xc0000b9d44) returned 1 [0107.390] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0000b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000b9d28) returned 1 [0107.390] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0107.390] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x6f3, lpNumberOfBytesRead=0xc0000b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc0000b9c04*=0x4f3, lpOverlapped=0x0) returned 1 [0107.393] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0000ee4f3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee4f3*, lpNumberOfBytesRead=0xc0000b9c04*=0x0, lpOverlapped=0x0) returned 1 [0107.393] CloseHandle (hObject=0x1bc) returned 1 [0107.393] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0107.393] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0107.394] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0107.395] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0000b9d04 | out: lpMode=0xc0000b9d04) returned 0 [0107.399] GetFileType (hFile=0x1bc) returned 0x1 [0107.399] WriteFile (in: hFile=0x1bc, lpBuffer=0xc00006e000*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0xc0000b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesWritten=0xc0000b9cec*=0x500, lpOverlapped=0x0) returned 1 [0107.400] CloseHandle (hObject=0x1bc) returned 1 [0107.400] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0107.400] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0107.400] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0000b9d64 | out: lpMode=0xc0000b9d64) returned 0 [0107.401] GetFileType (hFile=0x1bc) returned 0x1 [0107.401] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.402] CloseHandle (hObject=0x1bc) returned 1 [0107.402] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\encry-03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\encry-03_music_rated_at_4_or_5_stars.wpl"), dwFlags=0x1) returned 1 [0107.403] VirtualFree (lpAddress=0xc00028c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.403] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.403] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.403] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0107.404] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.404] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.404] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.404] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0107.405] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00027bcf4 | out: lpMode=0xc00027bcf4) returned 0 [0107.407] GetFileType (hFile=0x1bc) returned 0x1 [0107.407] GetFileType (hFile=0x1bc) returned 0x1 [0107.407] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc00027bd44 | out: lpFileInformation=0xc00027bd44) returned 1 [0107.407] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc00027bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027bd28) returned 1 [0107.407] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0000d1500, nNumberOfBytesToRead=0x1400, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesRead=0xc00027bc04*=0x1200, lpOverlapped=0x0) returned 1 [0107.414] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.415] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0000d2700, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d2700*, lpNumberOfBytesRead=0xc00027bc04*=0x0, lpOverlapped=0x0) returned 1 [0107.415] CloseHandle (hObject=0x1bc) returned 1 [0107.415] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0107.416] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0107.417] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00027bd04 | out: lpMode=0xc00027bd04) returned 0 [0107.420] GetFileType (hFile=0x1bc) returned 0x1 [0107.420] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x1210, lpNumberOfBytesWritten=0xc00027bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc00027bcec*=0x1210, lpOverlapped=0x0) returned 1 [0107.421] CloseHandle (hObject=0x1bc) returned 1 [0107.421] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0107.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0107.422] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00027bd64 | out: lpMode=0xc00027bd64) returned 0 [0107.426] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.440] GetFileType (hFile=0x1bc) returned 0x1 [0107.440] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc00027bd4c*=0x158, lpOverlapped=0x0) returned 1 [0107.440] CloseHandle (hObject=0x1bc) returned 1 [0107.441] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\encry-{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\encry-{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwFlags=0x1) returned 1 [0107.441] SetEvent (hEvent=0x120) returned 1 [0107.441] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.455] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000287818, lpReserved=0x0 | out: lpBuffer=0xc0000101e0*, lpNumberOfCharsWritten=0xc000287818*=0x4) returned 1 [0107.467] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101e8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000045818, lpReserved=0x0 | out: lpBuffer=0xc0000101e8*, lpNumberOfCharsWritten=0xc000045818*=0x4) returned 1 [0107.472] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.480] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.481] SetEvent (hEvent=0xfc) returned 1 [0107.481] SetEvent (hEvent=0x114) returned 1 [0107.481] SetEvent (hEvent=0x9c) returned 1 [0107.481] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.487] SetEvent (hEvent=0xb8) returned 1 [0107.487] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.707] SetEvent (hEvent=0x114) returned 1 [0107.707] SetEvent (hEvent=0x9c) returned 1 [0107.707] SetEvent (hEvent=0xfc) returned 1 [0107.707] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.712] SetEvent (hEvent=0x114) returned 1 [0107.712] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.718] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.719] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.720] SetEvent (hEvent=0x114) returned 1 [0107.720] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.721] SetEvent (hEvent=0x114) returned 1 [0107.721] SetEvent (hEvent=0xf4) returned 1 [0107.721] SetEvent (hEvent=0xb8) returned 1 [0107.721] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.722] SetEvent (hEvent=0xf4) returned 1 [0107.722] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.723] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.723] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.724] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.724] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.724] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.724] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.724] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.725] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.725] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.725] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.725] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.725] SetEvent (hEvent=0x114) returned 1 [0107.726] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.730] SetEvent (hEvent=0xfc) returned 1 [0107.730] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.731] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.731] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.731] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.731] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.732] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.732] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.732] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.732] SetEvent (hEvent=0xb8) returned 1 [0107.732] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.748] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0107.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0107.748] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001a1cf4 | out: lpMode=0xc0001a1cf4) returned 0 [0107.750] GetFileType (hFile=0x1bc) returned 0x1 [0107.750] GetFileType (hFile=0x1bc) returned 0x1 [0107.750] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0001a1d44 | out: lpFileInformation=0xc0001a1d44) returned 1 [0107.750] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0001a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a1d28) returned 1 [0107.750] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0107.751] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0107.751] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0001c0000, nNumberOfBytesToRead=0x601, lpNumberOfBytesRead=0xc0001a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0000*, lpNumberOfBytesRead=0xc0001a1c04*=0x401, lpOverlapped=0x0) returned 1 [0107.756] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0001c0401, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0401*, lpNumberOfBytesRead=0xc0001a1c04*=0x0, lpOverlapped=0x0) returned 1 [0107.756] CloseHandle (hObject=0x1bc) returned 1 [0107.756] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0107.756] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0107.757] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001a1d04 | out: lpMode=0xc0001a1d04) returned 0 [0107.762] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.770] GetFileType (hFile=0x1bc) returned 0x1 [0107.770] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000124000*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0xc0001a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesWritten=0xc0001a1cec*=0x410, lpOverlapped=0x0) returned 1 [0107.771] CloseHandle (hObject=0x1bc) returned 1 [0107.771] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532601 | out: pbBuffer=0xc000532601) returned 1 [0107.771] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0107.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0107.772] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001a1d64 | out: lpMode=0xc0001a1d64) returned 0 [0107.774] GetFileType (hFile=0x1bc) returned 0x1 [0107.774] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0001a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.774] CloseHandle (hObject=0x1bc) returned 1 [0107.774] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\09_music_played_the_most.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\encry-09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\encry-09_music_played_the_most.wpl"), dwFlags=0x1) returned 1 [0107.775] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.776] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0107.776] SetEvent (hEvent=0xc0) returned 1 [0107.776] SetEvent (hEvent=0x100) returned 1 [0107.776] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0107.778] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.778] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.781] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.782] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0107.782] SetEvent (hEvent=0x100) returned 1 [0107.782] SetEvent (hEvent=0x188) returned 1 [0107.782] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0107.783] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00012fcf4 | out: lpMode=0xc00012fcf4) returned 0 [0107.786] GetFileType (hFile=0x1bc) returned 0x1 [0107.786] GetFileType (hFile=0x1bc) returned 0x1 [0107.786] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc00012fd44 | out: lpFileInformation=0xc00012fd44) returned 1 [0107.786] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc00012fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012fd28) returned 1 [0107.786] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000222b00, nNumberOfBytesToRead=0x511, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000222b00*, lpNumberOfBytesRead=0xc00012fc04*=0x311, lpOverlapped=0x0) returned 1 [0107.790] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000222e11, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000222e11*, lpNumberOfBytesRead=0xc00012fc04*=0x0, lpOverlapped=0x0) returned 1 [0107.791] CloseHandle (hObject=0x1bc) returned 1 [0107.791] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0107.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0107.801] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.802] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00012fd04 | out: lpMode=0xc00012fd04) returned 0 [0107.802] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.809] GetFileType (hFile=0x180) returned 0x1 [0107.810] WriteFile (in: hFile=0x180, lpBuffer=0xc000040000*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0xc00012fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesWritten=0xc00012fcec*=0x320, lpOverlapped=0x0) returned 1 [0107.811] CloseHandle (hObject=0x180) returned 1 [0107.815] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0107.816] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0107.816] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00012fd64 | out: lpMode=0xc00012fd64) returned 0 [0107.822] GetFileType (hFile=0x1b0) returned 0x1 [0107.822] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0001c0420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0420*, lpNumberOfBytesWritten=0xc00012fd4c*=0x158, lpOverlapped=0x0) returned 1 [0107.822] CloseHandle (hObject=0x1b0) returned 1 [0107.824] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0107.829] SetEvent (hEvent=0xc0) returned 1 [0107.829] SetEvent (hEvent=0x15c) returned 1 [0107.829] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\encry-06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\encry-06_pictures_rated_4_or_5_stars.wpl"), dwFlags=0x1) returned 1 [0108.409] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0108.417] SetEvent (hEvent=0x164) returned 1 [0108.417] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.001] SetEvent (hEvent=0x9c) returned 1 [0109.001] SetEvent (hEvent=0xb8) returned 1 [0109.001] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.286] SetEvent (hEvent=0x15c) returned 1 [0109.286] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.288] SetEvent (hEvent=0x9c) returned 1 [0109.288] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.328] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0109.328] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0109.329] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020022120200222\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012020022120200222\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0109.329] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000283cf4 | out: lpMode=0xc000283cf4) returned 0 [0109.342] GetFileType (hFile=0x1bc) returned 0x1 [0109.342] GetFileType (hFile=0x1bc) returned 0x1 [0109.342] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000283d44 | out: lpFileInformation=0xc000283d44) returned 1 [0109.342] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000283d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000283d28) returned 1 [0109.343] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0109.343] VirtualAlloc (lpAddress=0xc000312000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000312000 [0109.345] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000312000, nNumberOfBytesToRead=0x10200, lpNumberOfBytesRead=0xc000283c04, lpOverlapped=0x0 | out: lpBuffer=0xc000312000*, lpNumberOfBytesRead=0xc000283c04*=0x10000, lpOverlapped=0x0) returned 1 [0109.346] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000322000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000283c04, lpOverlapped=0x0 | out: lpBuffer=0xc000322000*, lpNumberOfBytesRead=0xc000283c04*=0x0, lpOverlapped=0x0) returned 1 [0109.347] CloseHandle (hObject=0x1bc) returned 1 [0109.347] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0109.347] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0109.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020022120200222\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012020022120200222\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.349] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020022120200222\\index.dat\\*", lpFindFileData=0xc000283a08 | out: lpFindFileData=0xc000283a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.350] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000283720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0109.350] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0109.350] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00014dcf4 | out: lpMode=0xc00014dcf4) returned 0 [0109.352] GetFileType (hFile=0x1bc) returned 0x1 [0109.352] GetFileType (hFile=0x1bc) returned 0x1 [0109.352] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc00014dd44 | out: lpFileInformation=0xc00014dd44) returned 1 [0109.352] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc00014dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014dd28) returned 1 [0109.352] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0109.352] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00016c000, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c000*, lpNumberOfBytesRead=0xc00014dc04*=0x43, lpOverlapped=0x0) returned 1 [0109.354] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00016c043, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c043*, lpNumberOfBytesRead=0xc00014dc04*=0x0, lpOverlapped=0x0) returned 1 [0109.354] CloseHandle (hObject=0x1bc) returned 1 [0109.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.354] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0109.355] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini\\*", lpFindFileData=0xc00014da08 | out: lpFindFileData=0xc00014da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.355] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00014d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0109.355] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.357] SetEvent (hEvent=0x15c) returned 1 [0109.357] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.358] SetEvent (hEvent=0x15c) returned 1 [0109.358] SetEvent (hEvent=0x114) returned 1 [0109.358] SetEvent (hEvent=0xf4) returned 1 [0109.358] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.370] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.373] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.375] SetEvent (hEvent=0xf4) returned 1 [0109.375] SetEvent (hEvent=0x15c) returned 1 [0109.375] VirtualFree (lpAddress=0xc000346000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0109.376] VirtualFree (lpAddress=0xc000312000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0109.376] VirtualFree (lpAddress=0xc00028c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0109.377] VirtualFree (lpAddress=0xc00025c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0109.377] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0109.378] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.378] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.378] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.378] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000238000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc000238000*, lpNumberOfCharsWritten=0xc00024d818*=0x3) returned 1 [0109.391] SetEvent (hEvent=0x15c) returned 1 [0109.391] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060180*, nNumberOfCharsToWrite=0xb6, lpNumberOfCharsWritten=0xc0001bb808, lpReserved=0x0 | out: lpBuffer=0xc000060180*, lpNumberOfCharsWritten=0xc0001bb808*=0xb6) returned 1 [0109.393] SetEvent (hEvent=0x15c) returned 1 [0109.393] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0109.394] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0109.394] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0109.394] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0109.395] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0109.395] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0109.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0109.396] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001bbd64 | out: lpMode=0xc0001bbd64) returned 0 [0109.401] GetFileType (hFile=0x128) returned 0x1 [0109.401] WriteFile (in: hFile=0x128, lpBuffer=0xc0000762c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000762c0*, lpNumberOfBytesWritten=0xc0001bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0109.401] CloseHandle (hObject=0x128) returned 1 [0109.401] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\encry-thumbcache_idx.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\encry-thumbcache_idx.db"), dwFlags=0x1) returned 1 [0109.403] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.404] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0109.404] SetEvent (hEvent=0xc0) returned 1 [0109.404] SetEvent (hEvent=0xf4) returned 1 [0109.404] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.405] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.405] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.413] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0109.413] SetEvent (hEvent=0x198) returned 1 [0109.413] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.554] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.728] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.734] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.735] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0109.735] SetEvent (hEvent=0x15c) returned 1 [0109.735] SetEvent (hEvent=0x188) returned 1 [0109.736] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.739] SetEvent (hEvent=0x188) returned 1 [0109.739] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.753] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.753] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.754] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0109.754] SetEvent (hEvent=0x188) returned 1 [0109.754] SetEvent (hEvent=0xf4) returned 1 [0109.754] SetEvent (hEvent=0xb8) returned 1 [0109.754] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.762] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.764] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.764] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0109.764] SetEvent (hEvent=0xc0) returned 1 [0109.764] SetEvent (hEvent=0x15c) returned 1 [0109.764] SetEvent (hEvent=0xf4) returned 1 [0109.764] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.771] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.771] SetEvent (hEvent=0xf4) returned 1 [0109.771] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.775] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.775] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0109.775] SetEvent (hEvent=0x1a0) returned 1 [0109.775] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.775] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0109.776] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001c0000*, nNumberOfCharsToWrite=0x6e, lpNumberOfCharsWritten=0xc000269808, lpReserved=0x0 | out: lpBuffer=0xc0001c0000*, lpNumberOfCharsWritten=0xc000269808*=0x6e) returned 1 [0109.785] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0109.785] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0109.785] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0109.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0109.786] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000269d64 | out: lpMode=0xc000269d64) returned 0 [0109.799] GetFileType (hFile=0x1b4) returned 0x1 [0109.799] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0109.800] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0109.800] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00004e420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000269d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00004e420*, lpNumberOfBytesWritten=0xc000269d4c*=0x158, lpOverlapped=0x0) returned 1 [0109.801] CloseHandle (hObject=0x1b4) returned 1 [0109.801] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0109.802] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0109.803] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0109.803] SetEvent (hEvent=0xb8) returned 1 [0109.803] SetEvent (hEvent=0xf4) returned 1 [0109.803] SetEvent (hEvent=0x188) returned 1 [0109.804] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.805] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.805] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.820] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.820] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0109.821] SetEvent (hEvent=0x188) returned 1 [0109.821] SetEvent (hEvent=0xf4) returned 1 [0109.821] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.855] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0109.856] SetEvent (hEvent=0x15c) returned 1 [0109.856] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0109.858] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.876] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.876] SetEvent (hEvent=0xf4) returned 1 [0109.876] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.901] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0109.901] SetEvent (hEvent=0x15c) returned 1 [0109.901] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.913] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.914] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0109.914] SetEvent (hEvent=0xc0) returned 1 [0109.914] SetEvent (hEvent=0x9c) returned 1 [0109.914] SetEvent (hEvent=0xf4) returned 1 [0109.915] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0109.916] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.921] SetEvent (hEvent=0xf4) returned 1 [0109.921] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.932] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.932] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.933] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0109.933] SetEvent (hEvent=0xc0) returned 1 [0109.933] SetEvent (hEvent=0x9c) returned 1 [0109.933] SetEvent (hEvent=0x188) returned 1 [0109.933] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.960] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0109.960] SetEvent (hEvent=0xf4) returned 1 [0109.960] SetEvent (hEvent=0x1a0) returned 1 [0109.960] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.973] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0109.973] SetEvent (hEvent=0x1a0) returned 1 [0109.973] SetEvent (hEvent=0xb8) returned 1 [0109.973] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.995] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0109.996] SetEvent (hEvent=0xf4) returned 1 [0109.996] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.016] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.017] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0110.017] SetEvent (hEvent=0xc0) returned 1 [0110.017] SetEvent (hEvent=0xb8) returned 1 [0110.017] SetEvent (hEvent=0x1a0) returned 1 [0110.017] SetEvent (hEvent=0x188) returned 1 [0110.018] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.021] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.021] SetEvent (hEvent=0xb8) returned 1 [0110.021] SetEvent (hEvent=0x114) returned 1 [0110.021] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.026] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.026] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0110.027] SetEvent (hEvent=0x114) returned 1 [0110.027] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0110.032] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000195cf4 | out: lpMode=0xc000195cf4) returned 0 [0110.036] GetFileType (hFile=0x128) returned 0x1 [0110.036] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0110.036] GetFileType (hFile=0x128) returned 0x1 [0110.036] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000195d44 | out: lpFileInformation=0xc000195d44) returned 1 [0110.036] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000195d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000195d28) returned 1 [0110.036] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0110.037] ReadFile (in: hFile=0x128, lpBuffer=0xc00023a000, nNumberOfBytesToRead=0x335, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc00023a000*, lpNumberOfBytesRead=0xc000195c04*=0x135, lpOverlapped=0x0) returned 1 [0110.044] ReadFile (in: hFile=0x128, lpBuffer=0xc00023a135, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc00023a135*, lpNumberOfBytesRead=0xc000195c04*=0x0, lpOverlapped=0x0) returned 1 [0110.044] CloseHandle (hObject=0x128) returned 1 [0110.044] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0110.045] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0110.057] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.067] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000195d04 | out: lpMode=0xc000195d04) returned 0 [0110.068] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.068] SetEvent (hEvent=0x114) returned 1 [0110.068] SetEvent (hEvent=0x198) returned 1 [0110.068] VirtualFree (lpAddress=0xc000300000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0110.069] VirtualFree (lpAddress=0xc0002e4000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0110.069] VirtualFree (lpAddress=0xc0002c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.069] VirtualFree (lpAddress=0xc0002ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.070] VirtualFree (lpAddress=0xc0002b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.070] VirtualFree (lpAddress=0xc0002aa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.070] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.070] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.071] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.071] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.071] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.072] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.072] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.072] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.072] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.073] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.073] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.073] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.073] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.074] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.074] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0110.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0110.075] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00023fcf4 | out: lpMode=0xc00023fcf4) returned 0 [0110.079] GetFileType (hFile=0x1b4) returned 0x1 [0110.079] GetFileType (hFile=0x1b4) returned 0x1 [0110.079] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc00023fd44 | out: lpFileInformation=0xc00023fd44) returned 1 [0110.079] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc00023fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023fd28) returned 1 [0110.079] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0110.079] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00005a000, nNumberOfBytesToRead=0x3cd, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesRead=0xc00023fc04*=0x1cd, lpOverlapped=0x0) returned 1 [0110.088] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00005a1cd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a1cd*, lpNumberOfBytesRead=0xc00023fc04*=0x0, lpOverlapped=0x0) returned 1 [0110.088] CloseHandle (hObject=0x1b4) returned 1 [0110.088] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0110.089] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0110.089] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0110.095] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.102] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00023fd04 | out: lpMode=0xc00023fd04) returned 0 [0110.107] GetFileType (hFile=0x180) returned 0x1 [0110.107] WriteFile (in: hFile=0x180, lpBuffer=0xc0000ce000*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0xc00023fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesWritten=0xc00023fcec*=0x1d0, lpOverlapped=0x0) returned 1 [0110.109] CloseHandle (hObject=0x180) returned 1 [0110.115] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.117] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0110.117] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.139] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0110.139] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0110.140] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0110.140] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00023fd64 | out: lpMode=0xc00023fd64) returned 0 [0110.142] GetFileType (hFile=0x180) returned 0x1 [0110.142] WriteFile (in: hFile=0x180, lpBuffer=0xc0002ac2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ac2c0*, lpNumberOfBytesWritten=0xc00023fd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.143] CloseHandle (hObject=0x180) returned 1 [0110.150] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.151] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-AA42EP9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-aa42ep9[1].png"), dwFlags=0x1) returned 1 [0110.266] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0110.266] SetEvent (hEvent=0xfc) returned 1 [0110.266] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.267] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0110.267] SetEvent (hEvent=0xfc) returned 1 [0110.268] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.382] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.383] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0110.383] SetEvent (hEvent=0xc0) returned 1 [0110.383] SetEvent (hEvent=0x1a0) returned 1 [0110.384] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.385] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.386] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.388] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0110.388] SetEvent (hEvent=0xfc) returned 1 [0110.388] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.393] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.394] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0110.394] SetEvent (hEvent=0x1a0) returned 1 [0110.395] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.395] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.397] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.398] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0110.398] SetEvent (hEvent=0xfc) returned 1 [0110.398] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.399] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.400] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0110.400] SetEvent (hEvent=0x1a0) returned 1 [0110.401] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.404] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.404] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0110.405] SetEvent (hEvent=0x1a0) returned 1 [0110.405] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.409] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.419] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.424] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.428] SetEvent (hEvent=0x1a0) returned 1 [0110.428] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.476] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.485] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.491] SetEvent (hEvent=0x1a0) returned 1 [0110.491] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.491] SetEvent (hEvent=0x1a0) returned 1 [0110.491] SetEvent (hEvent=0x198) returned 1 [0110.492] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.492] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.492] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.492] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.493] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.493] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.493] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.494] VirtualFree (lpAddress=0xc000050000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.494] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.494] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00023f818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc00023f818*=0x2) returned 1 [0110.498] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.504] SetEvent (hEvent=0x9c) returned 1 [0110.504] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.505] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0110.506] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00023fcf4 | out: lpMode=0xc00023fcf4) returned 0 [0110.506] GetFileType (hFile=0x1b4) returned 0x1 [0110.506] GetFileType (hFile=0x1b4) returned 0x1 [0110.506] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc00023fd44 | out: lpFileInformation=0xc00023fd44) returned 1 [0110.506] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc00023fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023fd28) returned 1 [0110.507] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0110.508] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x353f, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc00023fc04*=0x333f, lpOverlapped=0x0) returned 1 [0110.512] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0002a733f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a733f*, lpNumberOfBytesRead=0xc00023fc04*=0x0, lpOverlapped=0x0) returned 1 [0110.512] CloseHandle (hObject=0x1b4) returned 1 [0110.512] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0110.513] VirtualAlloc (lpAddress=0xc0002b2000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b2000 [0110.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.517] SetEvent (hEvent=0xc0) returned 1 [0110.517] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00023fd04 | out: lpMode=0xc00023fd04) returned 0 [0110.517] GetFileType (hFile=0x1b4) returned 0x1 [0110.517] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0002b2000*, nNumberOfBytesToWrite=0x3340, lpNumberOfBytesWritten=0xc00023fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b2000*, lpNumberOfBytesWritten=0xc00023fcec*=0x3340, lpOverlapped=0x0) returned 1 [0110.518] CloseHandle (hObject=0x1b4) returned 1 [0110.519] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0401 | out: pbBuffer=0xc0000e0401) returned 1 [0110.519] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0110.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.519] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00023fd64 | out: lpMode=0xc00023fd64) returned 0 [0110.520] GetFileType (hFile=0x1b4) returned 0x1 [0110.520] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00023fd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.520] CloseHandle (hObject=0x1b4) returned 1 [0110.521] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBIqq8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbiqq8[1].jpg"), dwFlags=0x1) returned 1 [0110.553] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0110.553] SetEvent (hEvent=0x9c) returned 1 [0110.553] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.556] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.556] SetEvent (hEvent=0x13c) returned 1 [0110.556] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.559] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.559] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0110.560] SetEvent (hEvent=0x13c) returned 1 [0110.560] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.565] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.565] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.582] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.611] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.617] SetEvent (hEvent=0x9c) returned 1 [0110.617] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.622] SetEvent (hEvent=0x9c) returned 1 [0110.622] SetEvent (hEvent=0x1a0) returned 1 [0110.622] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0110.623] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.623] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001de008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000275818, lpReserved=0x0 | out: lpBuffer=0xc0001de008*, lpNumberOfCharsWritten=0xc000275818*=0x2) returned 1 [0110.624] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.631] SetEvent (hEvent=0x1a0) returned 1 [0110.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0110.632] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001b7cf4 | out: lpMode=0xc0001b7cf4) returned 0 [0110.633] GetFileType (hFile=0x128) returned 0x1 [0110.633] GetFileType (hFile=0x128) returned 0x1 [0110.633] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0001b7d44 | out: lpFileInformation=0xc0001b7d44) returned 1 [0110.633] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0001b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b7d28) returned 1 [0110.633] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0110.634] ReadFile (in: hFile=0x128, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x2f89, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc0001b7c04*=0x2d89, lpOverlapped=0x0) returned 1 [0110.636] ReadFile (in: hFile=0x128, lpBuffer=0xc0000fcd89, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fcd89*, lpNumberOfBytesRead=0xc0001b7c04*=0x0, lpOverlapped=0x0) returned 1 [0110.636] CloseHandle (hObject=0x128) returned 1 [0110.637] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0110.637] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0110.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.644] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001b7d04 | out: lpMode=0xc0001b7d04) returned 0 [0110.645] GetFileType (hFile=0x128) returned 0x1 [0110.645] WriteFile (in: hFile=0x128, lpBuffer=0xc0000fd000*, nNumberOfBytesToWrite=0x2d90, lpNumberOfBytesWritten=0xc0001b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fd000*, lpNumberOfBytesWritten=0xc0001b7cec*=0x2d90, lpOverlapped=0x0) returned 1 [0110.646] CloseHandle (hObject=0x128) returned 1 [0110.646] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0110.647] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0110.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.647] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001b7d64 | out: lpMode=0xc0001b7d64) returned 0 [0110.648] GetFileType (hFile=0x128) returned 0x1 [0110.648] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.649] CloseHandle (hObject=0x128) returned 1 [0110.649] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBOe7C[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbboe7c[1].jpg"), dwFlags=0x1) returned 1 [0110.683] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.684] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0110.684] SetEvent (hEvent=0x9c) returned 1 [0110.684] SetEvent (hEvent=0x13c) returned 1 [0110.685] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.686] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.686] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0110.686] SetEvent (hEvent=0x13c) returned 1 [0110.686] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.691] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.692] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.709] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.721] SetEvent (hEvent=0xb8) returned 1 [0110.722] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.724] SetEvent (hEvent=0xb8) returned 1 [0110.724] SetEvent (hEvent=0x1a0) returned 1 [0110.724] VirtualFree (lpAddress=0xc000070000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.725] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.725] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.725] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.726] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010070*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000185818, lpReserved=0x0 | out: lpBuffer=0xc000010070*, lpNumberOfCharsWritten=0xc000185818*=0x2) returned 1 [0110.728] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.735] SetEvent (hEvent=0x9c) returned 1 [0110.736] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0110.736] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00022bcf4 | out: lpMode=0xc00022bcf4) returned 0 [0110.737] GetFileType (hFile=0x1b4) returned 0x1 [0110.737] GetFileType (hFile=0x1b4) returned 0x1 [0110.737] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc00022bd44 | out: lpFileInformation=0xc00022bd44) returned 1 [0110.737] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc00022bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022bd28) returned 1 [0110.737] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0110.739] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x2067, lpNumberOfBytesRead=0xc00022bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc00022bc04*=0x1e67, lpOverlapped=0x0) returned 1 [0110.742] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0002a5e67, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a5e67*, lpNumberOfBytesRead=0xc00022bc04*=0x0, lpOverlapped=0x0) returned 1 [0110.742] CloseHandle (hObject=0x1b4) returned 1 [0110.742] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.742] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0110.742] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0110.743] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.747] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00022bd04 | out: lpMode=0xc00022bd04) returned 0 [0110.748] GetFileType (hFile=0x1b4) returned 0x1 [0110.748] WriteFile (in: hFile=0x1b4, lpBuffer=0xc000052000*, nNumberOfBytesToWrite=0x1e70, lpNumberOfBytesWritten=0xc00022bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfBytesWritten=0xc00022bcec*=0x1e70, lpOverlapped=0x0) returned 1 [0110.749] CloseHandle (hObject=0x1b4) returned 1 [0110.750] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000b01 | out: pbBuffer=0xc000000b01) returned 1 [0110.750] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0110.750] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0110.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.751] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00022bd64 | out: lpMode=0xc00022bd64) returned 0 [0110.751] GetFileType (hFile=0x1b4) returned 0x1 [0110.751] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00022bd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.751] CloseHandle (hObject=0x1b4) returned 1 [0110.752] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBVGsM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbvgsm[1].jpg"), dwFlags=0x1) returned 1 [0110.784] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0110.784] SetEvent (hEvent=0x9c) returned 1 [0110.785] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.787] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.790] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0110.790] SetEvent (hEvent=0x13c) returned 1 [0110.790] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.792] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.793] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.807] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.815] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.819] SetEvent (hEvent=0xb8) returned 1 [0110.819] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.822] SetEvent (hEvent=0xb8) returned 1 [0110.822] SetEvent (hEvent=0x1a0) returned 1 [0110.822] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.822] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.822] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.823] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.823] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.823] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0030*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001b7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0030*, lpNumberOfCharsWritten=0xc0001b7818*=0x2) returned 1 [0110.825] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.832] SetEvent (hEvent=0x9c) returned 1 [0110.832] SetEvent (hEvent=0x1a0) returned 1 [0110.832] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0110.832] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0000bdcf4 | out: lpMode=0xc0000bdcf4) returned 0 [0110.833] GetFileType (hFile=0x1b4) returned 0x1 [0110.833] GetFileType (hFile=0x1b4) returned 0x1 [0110.834] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc0000bdd44 | out: lpFileInformation=0xc0000bdd44) returned 1 [0110.834] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc0000bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bdd28) returned 1 [0110.834] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0110.834] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0xad7, lpNumberOfBytesRead=0xc0000bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc0000bdc04*=0x8d7, lpOverlapped=0x0) returned 1 [0110.847] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00011c8d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c8d7*, lpNumberOfBytesRead=0xc0000bdc04*=0x0, lpOverlapped=0x0) returned 1 [0110.847] CloseHandle (hObject=0x1b4) returned 1 [0110.847] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.847] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0110.848] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0110.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.852] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0000bdd04 | out: lpMode=0xc0000bdd04) returned 0 [0110.855] GetFileType (hFile=0x1b4) returned 0x1 [0110.855] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0xc0000bdcec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc0000bdcec*=0x8e0, lpOverlapped=0x0) returned 1 [0110.857] CloseHandle (hObject=0x1b4) returned 1 [0110.857] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0110.857] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0110.857] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0110.858] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0110.858] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0110.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.859] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0000bdd64 | out: lpMode=0xc0000bdd64) returned 0 [0110.860] GetFileType (hFile=0x1b4) returned 0x1 [0110.860] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.860] CloseHandle (hObject=0x1b4) returned 1 [0110.863] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBz9wz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbz9wz[1].jpg"), dwFlags=0x1) returned 1 [0110.886] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0110.886] SetEvent (hEvent=0xfc) returned 1 [0110.886] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.888] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.891] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0110.891] SetEvent (hEvent=0xb8) returned 1 [0110.891] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.896] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.941] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0110.941] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0110.942] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0110.943] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0110.946] SetEvent (hEvent=0x9c) returned 1 [0110.946] GetFileType (hFile=0x1b4) returned 0x1 [0110.946] GetFileType (hFile=0x1b4) returned 0x1 [0110.946] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0110.946] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0110.946] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0110.947] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x1a8f, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000247c04*=0x188f, lpOverlapped=0x0) returned 1 [0110.964] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0002a588f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a588f*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0110.964] CloseHandle (hObject=0x1b4) returned 1 [0110.964] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0110.964] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0110.965] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0110.965] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0110.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0110.982] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000247d04 | out: lpMode=0xc000247d04) returned 0 [0110.985] GetFileType (hFile=0x1dc) returned 0x1 [0110.985] WriteFile (in: hFile=0x1dc, lpBuffer=0xc00050d980*, nNumberOfBytesToWrite=0x1890, lpNumberOfBytesWritten=0xc000247cec, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesWritten=0xc000247cec*=0x1890, lpOverlapped=0x0) returned 1 [0110.987] CloseHandle (hObject=0x1dc) returned 1 [0110.995] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0110.996] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0110.996] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0110.996] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0110.997] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0110.997] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0110.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.998] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0111.000] GetFileType (hFile=0x1bc) returned 0x1 [0111.000] WriteFile (in: hFile=0x1bc, lpBuffer=0xc00006a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006a2c0*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.000] CloseHandle (hObject=0x1bc) returned 1 [0111.005] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0111.005] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBC0rDa[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbc0rda[1].jpg"), dwFlags=0x1) returned 1 [0111.062] SetEvent (hEvent=0x164) returned 1 [0111.062] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0111.070] SetEvent (hEvent=0xfc) returned 1 [0111.070] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.419] SetEvent (hEvent=0x15c) returned 1 [0112.419] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.430] SetEvent (hEvent=0xfc) returned 1 [0112.430] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.436] SetEvent (hEvent=0x1a0) returned 1 [0112.436] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.438] SetEvent (hEvent=0x164) returned 1 [0112.438] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.445] SetEvent (hEvent=0x114) returned 1 [0112.445] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.478] SetEvent (hEvent=0x198) returned 1 [0112.478] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.481] SetEvent (hEvent=0x13c) returned 1 [0112.481] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.487] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.506] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x194 [0112.506] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0001fbcf4 | out: lpMode=0xc0001fbcf4) returned 0 [0112.507] GetFileType (hFile=0x194) returned 0x1 [0112.507] GetFileType (hFile=0x194) returned 0x1 [0112.507] GetFileInformationByHandle (in: hFile=0x194, lpFileInformation=0xc0001fbd44 | out: lpFileInformation=0xc0001fbd44) returned 1 [0112.507] GetFileInformationByHandleEx (in: hFile=0x194, FileInformationClass=0x9, lpFileInformation=0xc0001fbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fbd28) returned 1 [0112.507] ReadFile (in: hFile=0x194, lpBuffer=0xc000076480, nNumberOfBytesToRead=0x41e, lpNumberOfBytesRead=0xc0001fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000076480*, lpNumberOfBytesRead=0xc0001fbc04*=0x21e, lpOverlapped=0x0) returned 1 [0112.509] ReadFile (in: hFile=0x194, lpBuffer=0xc00007669e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007669e*, lpNumberOfBytesRead=0xc0001fbc04*=0x0, lpOverlapped=0x0) returned 1 [0112.509] CloseHandle (hObject=0x194) returned 1 [0112.510] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0112.510] VirtualAlloc (lpAddress=0xc000380000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000380000 [0112.511] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0112.513] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0001fbd04 | out: lpMode=0xc0001fbd04) returned 0 [0112.514] GetFileType (hFile=0x194) returned 0x1 [0112.514] WriteFile (in: hFile=0x194, lpBuffer=0xc000078900*, nNumberOfBytesToWrite=0x220, lpNumberOfBytesWritten=0xc0001fbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000078900*, lpNumberOfBytesWritten=0xc0001fbcec*=0x220, lpOverlapped=0x0) returned 1 [0112.515] CloseHandle (hObject=0x194) returned 1 [0112.515] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000083601 | out: pbBuffer=0xc000083601) returned 1 [0112.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0112.516] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001fbd64 | out: lpMode=0xc0001fbd64) returned 0 [0112.516] GetFileType (hFile=0x1bc) returned 0x1 [0112.516] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d7340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7340*, lpNumberOfBytesWritten=0xc0001fbd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.516] CloseHandle (hObject=0x1bc) returned 1 [0112.520] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-AAfOIDq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-aafoidq[1].png"), dwFlags=0x1) returned 1 [0112.599] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.700] SwitchToThread () returned 1 [0112.701] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0112.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0112.703] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00018dcf4 | out: lpMode=0xc00018dcf4) returned 0 [0112.704] GetFileType (hFile=0x128) returned 0x1 [0112.704] GetFileType (hFile=0x128) returned 0x1 [0112.704] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00018dd44 | out: lpFileInformation=0xc00018dd44) returned 1 [0112.704] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00018dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018dd28) returned 1 [0112.704] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0112.704] ReadFile (in: hFile=0x128, lpBuffer=0xc00024e000, nNumberOfBytesToRead=0x591, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00024e000*, lpNumberOfBytesRead=0xc00018dc04*=0x391, lpOverlapped=0x0) returned 1 [0112.710] ReadFile (in: hFile=0x128, lpBuffer=0xc00024e391, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00024e391*, lpNumberOfBytesRead=0xc00018dc04*=0x0, lpOverlapped=0x0) returned 1 [0112.710] CloseHandle (hObject=0x128) returned 1 [0112.710] VirtualAlloc (lpAddress=0xc00038c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00038c000 [0112.710] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0112.719] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00018dd04 | out: lpMode=0xc00018dd04) returned 0 [0112.720] GetFileType (hFile=0x1b0) returned 0x1 [0112.720] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00038c000*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0xc00018dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00038c000*, lpNumberOfBytesWritten=0xc00018dcec*=0x3a0, lpOverlapped=0x0) returned 1 [0112.721] CloseHandle (hObject=0x1b0) returned 1 [0112.723] VirtualAlloc (lpAddress=0xc00031e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031e000 [0112.724] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0112.724] VirtualAlloc (lpAddress=0xc000320000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000320000 [0112.724] VirtualAlloc (lpAddress=0xc000322000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000322000 [0112.725] VirtualAlloc (lpAddress=0xc000324000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000324000 [0112.725] VirtualAlloc (lpAddress=0xc000326000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000326000 [0112.726] VirtualAlloc (lpAddress=0xc000328000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000328000 [0112.726] VirtualAlloc (lpAddress=0xc00032a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032a000 [0112.726] VirtualAlloc (lpAddress=0xc00032c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032c000 [0112.727] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0112.727] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00018dd64 | out: lpMode=0xc00018dd64) returned 0 [0112.728] GetFileType (hFile=0x128) returned 0x1 [0112.728] WriteFile (in: hFile=0x128, lpBuffer=0xc00032a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00032a2c0*, lpNumberOfBytesWritten=0xc00018dd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.728] CloseHandle (hObject=0x128) returned 1 [0112.729] VirtualAlloc (lpAddress=0xc00032e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032e000 [0112.729] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-AAni8qk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-aani8qk[1].png"), dwFlags=0x1) returned 1 [0112.777] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.778] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0112.778] SetEvent (hEvent=0xc0) returned 1 [0112.778] SetEvent (hEvent=0xb8) returned 1 [0112.778] SetEvent (hEvent=0x1a0) returned 1 [0112.778] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0112.779] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.786] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0112.786] SetEvent (hEvent=0x1a0) returned 1 [0112.786] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.790] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.813] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.818] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.828] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.843] SetEvent (hEvent=0xb8) returned 1 [0112.843] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0112.846] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000205cf4 | out: lpMode=0xc000205cf4) returned 0 [0112.847] GetFileType (hFile=0x128) returned 0x1 [0112.847] GetFileType (hFile=0x128) returned 0x1 [0112.847] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000205d44 | out: lpFileInformation=0xc000205d44) returned 1 [0112.847] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000205d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000205d28) returned 1 [0112.848] VirtualAlloc (lpAddress=0xc0003ba000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ba000 [0112.849] ReadFile (in: hFile=0x128, lpBuffer=0xc0003ba000, nNumberOfBytesToRead=0x2119, lpNumberOfBytesRead=0xc000205c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003ba000*, lpNumberOfBytesRead=0xc000205c04*=0x1f19, lpOverlapped=0x0) returned 1 [0112.851] ReadFile (in: hFile=0x128, lpBuffer=0xc0003bbf19, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000205c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003bbf19*, lpNumberOfBytesRead=0xc000205c04*=0x0, lpOverlapped=0x0) returned 1 [0112.851] CloseHandle (hObject=0x128) returned 1 [0112.851] VirtualAlloc (lpAddress=0xc0003c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c8000 [0112.851] VirtualAlloc (lpAddress=0xc0003cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003cc000 [0112.852] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0112.858] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000205d04 | out: lpMode=0xc000205d04) returned 0 [0112.859] GetFileType (hFile=0x128) returned 0x1 [0112.859] WriteFile (in: hFile=0x128, lpBuffer=0xc0003cc000*, nNumberOfBytesToWrite=0x1f20, lpNumberOfBytesWritten=0xc000205cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003cc000*, lpNumberOfBytesWritten=0xc000205cec*=0x1f20, lpOverlapped=0x0) returned 1 [0112.860] CloseHandle (hObject=0x128) returned 1 [0112.860] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0112.861] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0112.861] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0112.862] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0112.862] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000205d64 | out: lpMode=0xc000205d64) returned 0 [0112.862] GetFileType (hFile=0x128) returned 0x1 [0112.862] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000205d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000205d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.862] CloseHandle (hObject=0x128) returned 1 [0112.863] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBIeNJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbienj[1].jpg"), dwFlags=0x1) returned 1 [0112.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0112.898] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0112.899] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.907] GetFileType (hFile=0x128) returned 0x1 [0112.907] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.913] GetFileType (hFile=0x128) returned 0x1 [0112.913] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0112.913] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0112.914] VirtualAlloc (lpAddress=0xc000362000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000362000 [0112.915] ReadFile (in: hFile=0x128, lpBuffer=0xc000362000, nNumberOfBytesToRead=0x32d2, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc000362000*, lpNumberOfBytesRead=0xc000117c04*=0x30d2, lpOverlapped=0x0) returned 1 [0112.919] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.928] ReadFile (in: hFile=0x128, lpBuffer=0xc0003650d2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003650d2*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0112.929] CloseHandle (hObject=0x128) returned 1 [0112.929] VirtualAlloc (lpAddress=0xc00036c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036c000 [0112.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0112.931] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0112.942] GetFileType (hFile=0x128) returned 0x1 [0112.942] WriteFile (in: hFile=0x128, lpBuffer=0xc000365500*, nNumberOfBytesToWrite=0x30e0, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc000365500*, lpNumberOfBytesWritten=0xc000117cec*=0x30e0, lpOverlapped=0x0) returned 1 [0112.944] CloseHandle (hObject=0x128) returned 1 [0112.944] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0112.944] VirtualAlloc (lpAddress=0xc00036e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036e000 [0112.944] VirtualAlloc (lpAddress=0xc000370000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000370000 [0112.945] VirtualAlloc (lpAddress=0xc000372000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000372000 [0112.945] VirtualAlloc (lpAddress=0xc000374000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000374000 [0112.945] VirtualAlloc (lpAddress=0xc000376000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000376000 [0112.946] VirtualAlloc (lpAddress=0xc000378000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000378000 [0112.946] VirtualAlloc (lpAddress=0xc00037a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037a000 [0112.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0112.947] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0112.948] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.959] SetEvent (hEvent=0x9c) returned 1 [0112.959] GetFileType (hFile=0x128) returned 0x1 [0112.959] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0112.962] WriteFile (in: hFile=0x128, lpBuffer=0xc00037a6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00037a6e0*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.963] CloseHandle (hObject=0x128) returned 1 [0112.966] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBLhTZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbblhtz[1].jpg"), dwFlags=0x1) returned 1 [0113.052] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0113.052] SetEvent (hEvent=0x13c) returned 1 [0113.052] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0113.054] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.054] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0113.054] SetEvent (hEvent=0x13c) returned 1 [0113.054] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.057] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0113.058] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0113.058] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00011bcf4 | out: lpMode=0xc00011bcf4) returned 0 [0113.059] GetFileType (hFile=0x1bc) returned 0x1 [0113.059] GetFileType (hFile=0x1bc) returned 0x1 [0113.059] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc00011bd44 | out: lpFileInformation=0xc00011bd44) returned 1 [0113.059] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc00011bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00011bd28) returned 1 [0113.059] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0113.061] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0xb50, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc00011bc04*=0x950, lpOverlapped=0x0) returned 1 [0113.063] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00011c950, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c950*, lpNumberOfBytesRead=0xc00011bc04*=0x0, lpOverlapped=0x0) returned 1 [0113.063] CloseHandle (hObject=0x1bc) returned 1 [0113.063] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0113.063] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0113.064] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0113.066] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00011bd04 | out: lpMode=0xc00011bd04) returned 0 [0113.067] GetFileType (hFile=0x1bc) returned 0x1 [0113.067] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000126000*, nNumberOfBytesToWrite=0x960, lpNumberOfBytesWritten=0xc00011bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000126000*, lpNumberOfBytesWritten=0xc00011bcec*=0x960, lpOverlapped=0x0) returned 1 [0113.068] CloseHandle (hObject=0x1bc) returned 1 [0113.069] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0113.069] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0113.070] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0113.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0113.070] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00011bd64 | out: lpMode=0xc00011bd64) returned 0 [0113.071] GetFileType (hFile=0x128) returned 0x1 [0113.071] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00011bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00011bd4c*=0x158, lpOverlapped=0x0) returned 1 [0113.071] CloseHandle (hObject=0x128) returned 1 [0113.074] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0113.074] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0113.075] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBVMtX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbvmtx[1].jpg"), dwFlags=0x1) returned 1 [0113.216] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0113.216] SetEvent (hEvent=0x164) returned 1 [0113.216] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0113.217] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.220] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.220] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0113.220] SetEvent (hEvent=0x164) returned 1 [0113.220] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.228] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.228] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.233] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.247] SetEvent (hEvent=0xb8) returned 1 [0113.248] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0113.248] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000151cf4 | out: lpMode=0xc000151cf4) returned 0 [0113.249] GetFileType (hFile=0xec) returned 0x1 [0113.249] GetFileType (hFile=0xec) returned 0x1 [0113.249] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000151d44 | out: lpFileInformation=0xc000151d44) returned 1 [0113.249] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000151d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000151d28) returned 1 [0113.249] VirtualAlloc (lpAddress=0xc000160000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0113.250] ReadFile (in: hFile=0xec, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x261e, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc000151c04*=0x241e, lpOverlapped=0x0) returned 1 [0113.252] ReadFile (in: hFile=0xec, lpBuffer=0xc00016241e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016241e*, lpNumberOfBytesRead=0xc000151c04*=0x0, lpOverlapped=0x0) returned 1 [0113.252] CloseHandle (hObject=0xec) returned 1 [0113.253] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0113.254] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.256] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000151d04 | out: lpMode=0xc000151d04) returned 0 [0113.256] GetFileType (hFile=0xec) returned 0x1 [0113.256] WriteFile (in: hFile=0xec, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x2420, lpNumberOfBytesWritten=0xc000151cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc000151cec*=0x2420, lpOverlapped=0x0) returned 1 [0113.258] CloseHandle (hObject=0xec) returned 1 [0113.258] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000b01 | out: pbBuffer=0xc000000b01) returned 1 [0113.258] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0113.259] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0113.259] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0113.259] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0113.260] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.260] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000151d64 | out: lpMode=0xc000151d64) returned 0 [0113.261] GetFileType (hFile=0xec) returned 0x1 [0113.261] WriteFile (in: hFile=0xec, lpBuffer=0xc00011e2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000151d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011e2c0*, lpNumberOfBytesWritten=0xc000151d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.261] CloseHandle (hObject=0xec) returned 1 [0113.261] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBY98e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbby98e[1].jpg"), dwFlags=0x1) returned 1 [0113.324] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0113.324] SetEvent (hEvent=0x198) returned 1 [0113.324] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0113.326] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.328] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.330] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0113.330] SetEvent (hEvent=0x15c) returned 1 [0113.330] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.334] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.353] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.362] SwitchToThread () returned 1 [0113.363] SetEvent (hEvent=0x164) returned 1 [0113.363] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0113.363] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0113.364] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0113.364] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000289cf4 | out: lpMode=0xc000289cf4) returned 0 [0113.365] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.369] GetFileType (hFile=0x1b4) returned 0x1 [0113.369] GetFileType (hFile=0x1b4) returned 0x1 [0113.370] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000289d44 | out: lpFileInformation=0xc000289d44) returned 1 [0113.370] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000289d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000289d28) returned 1 [0113.370] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0113.371] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x25fb, lpNumberOfBytesRead=0xc000289c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc000289c04*=0x23fb, lpOverlapped=0x0) returned 1 [0113.374] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.383] SetEvent (hEvent=0x198) returned 1 [0113.383] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0002323fb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000289c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002323fb*, lpNumberOfBytesRead=0xc000289c04*=0x0, lpOverlapped=0x0) returned 1 [0113.383] CloseHandle (hObject=0x1b4) returned 1 [0113.384] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0113.384] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0113.386] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0113.386] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0113.392] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000289d04 | out: lpMode=0xc000289d04) returned 0 [0113.393] SetEvent (hEvent=0xc0) returned 1 [0113.393] GetFileType (hFile=0x128) returned 0x1 [0113.393] WriteFile (in: hFile=0x128, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x2400, lpNumberOfBytesWritten=0xc000289cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc000289cec*=0x2400, lpOverlapped=0x0) returned 1 [0113.395] CloseHandle (hObject=0x128) returned 1 [0113.400] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0113.400] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0113.401] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0113.401] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0113.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0113.402] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000289d64 | out: lpMode=0xc000289d64) returned 0 [0113.404] GetFileType (hFile=0x1b4) returned 0x1 [0113.404] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000289d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000289d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.404] CloseHandle (hObject=0x1b4) returned 1 [0113.408] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBC04ok[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbc04ok[1].jpg"), dwFlags=0x1) returned 1 [0113.452] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.452] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0113.464] SetEvent (hEvent=0xc0) returned 1 [0113.464] SetEvent (hEvent=0x198) returned 1 [0113.464] SetEvent (hEvent=0x15c) returned 1 [0113.465] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0113.466] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.471] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0113.471] SetEvent (hEvent=0x15c) returned 1 [0113.471] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.481] SetEvent (hEvent=0x15c) returned 1 [0113.481] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.483] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0113.483] SetEvent (hEvent=0x15c) returned 1 [0113.484] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.485] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.491] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.492] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0113.492] SetEvent (hEvent=0x114) returned 1 [0113.492] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.503] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.504] SetEvent (hEvent=0x164) returned 1 [0113.504] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.514] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.518] SetEvent (hEvent=0x164) returned 1 [0113.518] SetEvent (hEvent=0x15c) returned 1 [0113.518] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.519] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.519] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.519] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001d3818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc0001d3818*=0x2) returned 1 [0113.520] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.521] SetEvent (hEvent=0x9c) returned 1 [0113.521] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.525] SetEvent (hEvent=0x9c) returned 1 [0113.525] SetEvent (hEvent=0x15c) returned 1 [0113.525] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.525] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.526] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.526] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.526] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.527] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.527] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.527] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.528] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000205818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc000205818*=0x2) returned 1 [0113.530] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.552] SetEvent (hEvent=0x164) returned 1 [0113.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0113.552] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000133cf4 | out: lpMode=0xc000133cf4) returned 0 [0113.553] GetFileType (hFile=0x128) returned 0x1 [0113.553] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0113.553] GetFileType (hFile=0x128) returned 0x1 [0113.554] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000133d44 | out: lpFileInformation=0xc000133d44) returned 1 [0113.554] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000133d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000133d28) returned 1 [0113.554] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0113.554] ReadFile (in: hFile=0x128, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x1fcb, lpNumberOfBytesRead=0xc000133c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc000133c04*=0x1dcb, lpOverlapped=0x0) returned 1 [0113.559] ReadFile (in: hFile=0x128, lpBuffer=0xc00004fdcb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000133c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004fdcb*, lpNumberOfBytesRead=0xc000133c04*=0x0, lpOverlapped=0x0) returned 1 [0113.560] CloseHandle (hObject=0x128) returned 1 [0113.560] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0113.560] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0113.561] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0113.561] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0113.562] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0113.569] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000133d04 | out: lpMode=0xc000133d04) returned 0 [0113.570] GetFileType (hFile=0x128) returned 0x1 [0113.570] WriteFile (in: hFile=0x128, lpBuffer=0xc00006a000*, nNumberOfBytesToWrite=0x1dd0, lpNumberOfBytesWritten=0xc000133cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesWritten=0xc000133cec*=0x1dd0, lpOverlapped=0x0) returned 1 [0113.571] CloseHandle (hObject=0x128) returned 1 [0113.572] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0113.572] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0113.572] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0113.573] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000133d64 | out: lpMode=0xc000133d64) returned 0 [0113.573] GetFileType (hFile=0x128) returned 0x1 [0113.573] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000133d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000133d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.573] CloseHandle (hObject=0x128) returned 1 [0113.574] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBC0w1b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbc0w1b[1].jpg"), dwFlags=0x1) returned 1 [0113.626] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0113.626] SetEvent (hEvent=0x198) returned 1 [0113.626] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0113.628] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.630] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0113.630] SetEvent (hEvent=0x198) returned 1 [0113.630] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.634] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.648] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.661] SetEvent (hEvent=0x15c) returned 1 [0113.662] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.665] SetEvent (hEvent=0x15c) returned 1 [0113.666] SetEvent (hEvent=0x164) returned 1 [0113.666] VirtualFree (lpAddress=0xc00025a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.666] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.667] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.667] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.667] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.668] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586020*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002cd818, lpReserved=0x0 | out: lpBuffer=0xc000586020*, lpNumberOfCharsWritten=0xc0002cd818*=0x2) returned 1 [0113.669] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.677] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.682] SetEvent (hEvent=0xb8) returned 1 [0113.682] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.685] SetEvent (hEvent=0xb8) returned 1 [0113.685] SetEvent (hEvent=0x15c) returned 1 [0113.685] VirtualFree (lpAddress=0xc000160000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.685] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.686] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.686] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.686] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.686] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002a3818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc0002a3818*=0x2) returned 1 [0113.689] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.803] SetEvent (hEvent=0x198) returned 1 [0113.803] SetEvent (hEvent=0x15c) returned 1 [0113.803] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0113.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0113.804] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00029dcf4 | out: lpMode=0xc00029dcf4) returned 0 [0113.808] GetFileType (hFile=0x1b0) returned 0x1 [0113.808] GetFileType (hFile=0x1b0) returned 0x1 [0113.808] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00029dd44 | out: lpFileInformation=0xc00029dd44) returned 1 [0113.808] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00029dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029dd28) returned 1 [0113.808] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00050d980, nNumberOfBytesToRead=0x18ca, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesRead=0xc00029dc04*=0x16ca, lpOverlapped=0x0) returned 1 [0113.812] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00050f04a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00050f04a*, lpNumberOfBytesRead=0xc00029dc04*=0x0, lpOverlapped=0x0) returned 1 [0113.812] CloseHandle (hObject=0x1b0) returned 1 [0113.812] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0113.812] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0113.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.855] SetEvent (hEvent=0xc0) returned 1 [0113.855] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00029dd04 | out: lpMode=0xc00029dd04) returned 0 [0113.855] GetFileType (hFile=0x1b0) returned 0x1 [0113.855] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x16d0, lpNumberOfBytesWritten=0xc00029dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc00029dcec*=0x16d0, lpOverlapped=0x0) returned 1 [0113.857] CloseHandle (hObject=0x1b0) returned 1 [0113.857] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0113.857] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0113.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.858] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00029dd64 | out: lpMode=0xc00029dd64) returned 0 [0113.858] GetFileType (hFile=0x1b0) returned 0x1 [0113.858] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00029dd4c*=0x158, lpOverlapped=0x0) returned 1 [0113.859] CloseHandle (hObject=0x1b0) returned 1 [0113.859] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEdckp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbedckp[1].jpg"), dwFlags=0x1) returned 1 [0113.908] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0113.908] SetEvent (hEvent=0x198) returned 1 [0113.908] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0113.910] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.912] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.912] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.915] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0113.915] SetEvent (hEvent=0x9c) returned 1 [0113.915] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.920] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.920] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.938] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.947] SwitchToThread () returned 1 [0113.948] SetEvent (hEvent=0x164) returned 1 [0113.948] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0113.949] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0113.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0113.950] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000159cf4 | out: lpMode=0xc000159cf4) returned 0 [0113.951] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.960] GetFileType (hFile=0x1b0) returned 0x1 [0113.960] GetFileType (hFile=0x1b0) returned 0x1 [0113.961] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000159d44 | out: lpFileInformation=0xc000159d44) returned 1 [0113.961] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000159d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000159d28) returned 1 [0113.961] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0113.961] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000d8000, nNumberOfBytesToRead=0x980, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesRead=0xc000159c04*=0x780, lpOverlapped=0x0) returned 1 [0113.970] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0113.977] SetEvent (hEvent=0x198) returned 1 [0113.977] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000d8780, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8780*, lpNumberOfBytesRead=0xc000159c04*=0x0, lpOverlapped=0x0) returned 1 [0113.977] CloseHandle (hObject=0x1b0) returned 1 [0113.977] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0113.977] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0113.978] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0113.978] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0113.979] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.985] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000159d04 | out: lpMode=0xc000159d04) returned 0 [0113.985] GetFileType (hFile=0xec) returned 0x1 [0113.985] WriteFile (in: hFile=0xec, lpBuffer=0xc0000e4000*, nNumberOfBytesToWrite=0x790, lpNumberOfBytesWritten=0xc000159cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesWritten=0xc000159cec*=0x790, lpOverlapped=0x0) returned 1 [0113.987] CloseHandle (hObject=0xec) returned 1 [0113.988] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0113.989] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0113.989] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0113.989] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0113.990] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.990] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000159d64 | out: lpMode=0xc000159d64) returned 0 [0113.992] GetFileType (hFile=0x1b0) returned 0x1 [0113.992] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000159d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000159d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.992] CloseHandle (hObject=0x1b0) returned 1 [0113.997] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEeGwU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbeegwu[1].jpg"), dwFlags=0x1) returned 1 [0114.042] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0114.042] SetEvent (hEvent=0x9c) returned 1 [0114.043] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.044] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0114.044] SetEvent (hEvent=0x15c) returned 1 [0114.044] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.049] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0114.050] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2850f968, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2850f968*=0xec) returned 1 [0114.050] SuspendThread (hThread=0xec) returned 0x0 [0114.050] GetThreadContext (in: hThread=0xec, lpContext=0x2850f980 | out: lpContext=0x2850f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5fdf8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0114.051] ResumeThread (hThread=0xec) returned 0x1 [0114.051] CloseHandle (hObject=0xec) returned 1 [0114.051] SetEvent (hEvent=0xc0) returned 1 [0114.051] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.053] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0114.053] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0114.053] SetEvent (hEvent=0xc0) returned 1 [0114.053] SetEvent (hEvent=0xb8) returned 1 [0114.054] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.060] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.065] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0114.065] SetEvent (hEvent=0x164) returned 1 [0114.065] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.068] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0114.068] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000151cf4 | out: lpMode=0xc000151cf4) returned 0 [0114.069] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0114.077] SetEvent (hEvent=0x9c) returned 1 [0114.077] GetFileType (hFile=0x128) returned 0x1 [0114.077] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0114.086] GetFileType (hFile=0x128) returned 0x1 [0114.086] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000151d44 | out: lpFileInformation=0xc000151d44) returned 1 [0114.086] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000151d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000151d28) returned 1 [0114.087] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0114.087] ReadFile (in: hFile=0x128, lpBuffer=0xc000056000, nNumberOfBytesToRead=0xc07, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesRead=0xc000151c04*=0xa07, lpOverlapped=0x0) returned 1 [0114.095] ReadFile (in: hFile=0x128, lpBuffer=0xc000056a07, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc000056a07*, lpNumberOfBytesRead=0xc000151c04*=0x0, lpOverlapped=0x0) returned 1 [0114.095] CloseHandle (hObject=0x128) returned 1 [0114.095] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0114.095] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0114.096] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0114.096] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0114.097] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0114.115] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0114.185] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000151d04 | out: lpMode=0xc000151d04) returned 0 [0114.186] GetFileType (hFile=0x1d4) returned 0x1 [0114.186] WriteFile (in: hFile=0x1d4, lpBuffer=0xc00005a000*, nNumberOfBytesToWrite=0xa10, lpNumberOfBytesWritten=0xc000151cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesWritten=0xc000151cec*=0xa10, lpOverlapped=0x0) returned 1 [0114.187] CloseHandle (hObject=0x1d4) returned 1 [0114.192] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0701 | out: pbBuffer=0xc0000e0701) returned 1 [0114.192] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0114.192] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0114.193] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0114.193] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0114.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0114.194] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000151d64 | out: lpMode=0xc000151d64) returned 0 [0114.198] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0114.229] GetFileType (hFile=0x148) returned 0x1 [0114.230] VirtualAlloc (lpAddress=0xc000268000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000268000 [0114.230] WriteFile (in: hFile=0x148, lpBuffer=0xc000268000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000151d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000268000*, lpNumberOfBytesWritten=0xc000151d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.230] CloseHandle (hObject=0x148) returned 1 [0114.232] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEfzSd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbefzsd[1].jpg"), dwFlags=0x1) returned 1 [0114.451] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0114.451] SetEvent (hEvent=0x198) returned 1 [0114.451] VirtualAlloc (lpAddress=0xc00033c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033c000 [0114.452] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.453] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0114.453] SetEvent (hEvent=0x198) returned 1 [0114.453] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.457] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0115.683] GetFileType (hFile=0x210) returned 0x1 [0115.683] WriteFile (in: hFile=0x210, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0xa760, lpNumberOfBytesWritten=0xc0000f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc0000f9cec*=0xa760, lpOverlapped=0x0) returned 1 [0115.685] CloseHandle (hObject=0x210) returned 1 [0115.689] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0115.873] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0115.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0115.874] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc0000f9d64 | out: lpMode=0xc0000f9d64) returned 0 [0115.875] GetFileType (hFile=0x284) returned 0x1 [0115.875] WriteFile (in: hFile=0x284, lpBuffer=0xc0000d74a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d74a0*, lpNumberOfBytesWritten=0xc0000f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0115.875] CloseHandle (hObject=0x284) returned 1 [0115.880] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0115.881] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-19619569[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-19619569[1].gif"), dwFlags=0x1) returned 1 [0116.416] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe30*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.417] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0116.417] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f698, ulCount=0x10, ulNumEntriesRemoved=0x2850f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f698, ulNumEntriesRemoved=0x2850f66c) returned 0 [0116.418] SetEvent (hEvent=0x12c) returned 1 [0116.418] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0116.420] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.421] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0116.421] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe08*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.422] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2850f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2850f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2850f6a0, ulNumEntriesRemoved=0x2850f674) returned 0 [0116.422] SetEvent (hEvent=0x304) returned 1 [0116.422] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2850fe18*=0x108, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.429] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0141.553] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0141.553] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0141.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NosD2-mwYoe_KW3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nosd2-mwyoe_kw3.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x404 [0141.555] GetConsoleMode (in: hConsoleHandle=0x404, lpMode=0xc0003dfcf4 | out: lpMode=0xc0003dfcf4) returned 0 [0141.556] GetFileType (hFile=0x404) returned 0x1 [0141.556] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0141.557] GetFileType (hFile=0x404) returned 0x1 [0141.557] GetFileInformationByHandle (in: hFile=0x404, lpFileInformation=0xc0003dfd44 | out: lpFileInformation=0xc0003dfd44) returned 1 [0141.557] GetFileInformationByHandleEx (in: hFile=0x404, FileInformationClass=0x9, lpFileInformation=0xc0003dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003dfd28) returned 1 [0141.557] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0141.558] ReadFile (in: hFile=0x404, lpBuffer=0xc0000e6000, nNumberOfBytesToRead=0x153c, lpNumberOfBytesRead=0xc0003dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e6000*, lpNumberOfBytesRead=0xc0003dfc04*=0x133c, lpOverlapped=0x0) returned 1 [0142.535] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0143.058] ReadFile (in: hFile=0x404, lpBuffer=0xc0000e733c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e733c*, lpNumberOfBytesRead=0xc0003dfc04*=0x0, lpOverlapped=0x0) returned 1 [0143.058] CloseHandle (hObject=0x404) returned 1 [0143.058] VirtualAlloc (lpAddress=0xc00072a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00072a000 [0143.059] VirtualAlloc (lpAddress=0xc00072e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00072e000 [0143.060] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NosD2-mwYoe_KW3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nosd2-mwyoe_kw3.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0143.061] GetConsoleMode (in: hConsoleHandle=0x404, lpMode=0xc0003dfd04 | out: lpMode=0xc0003dfd04) returned 0 [0143.062] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0144.364] SetEvent (hEvent=0xbc0) returned 1 [0144.364] GetFileType (hFile=0x404) returned 0x1 [0144.364] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0144.824] SetEvent (hEvent=0xc0) returned 1 [0144.824] SetEvent (hEvent=0x3c4) returned 1 [0144.824] WriteFile (in: hFile=0x404, lpBuffer=0xc00072a000*, nNumberOfBytesToWrite=0x1340, lpNumberOfBytesWritten=0xc0003dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc00072a000*, lpNumberOfBytesWritten=0xc0003dfcec*=0x1340, lpOverlapped=0x0) returned 1 [0144.825] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0145.614] CloseHandle (hObject=0x404) returned 1 [0145.619] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0145.620] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0145.620] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0145.621] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0145.622] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0145.623] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0145.625] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0145.626] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0145.627] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NosD2-mwYoe_KW3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nosd2-mwyoe_kw3.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0145.627] GetConsoleMode (in: hConsoleHandle=0x404, lpMode=0xc0003dfd64 | out: lpMode=0xc0003dfd64) returned 0 [0145.629] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0146.143] GetFileType (hFile=0x404) returned 0x1 [0146.143] WriteFile (in: hFile=0x404, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc0003dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.144] CloseHandle (hObject=0x404) returned 1 [0146.149] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0146.271] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0146.272] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NosD2-mwYoe_KW3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nosd2-mwyoe_kw3.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-NosD2-mwYoe_KW3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-nosd2-mwyoe_kw3.lnk"), dwFlags=0x1) returned 1 [0150.663] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0161.739] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) returned 0x0 [0161.748] SetEvent (hEvent=0xa18) returned 1 [0161.748] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060420*, nNumberOfCharsToWrite=0x54, lpNumberOfCharsWritten=0xc000379808, lpReserved=0x0 | out: lpBuffer=0xc000060420*, lpNumberOfCharsWritten=0xc000379808*=0x54) returned 1 [0161.750] SetEvent (hEvent=0xa18) returned 1 [0161.750] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1701 | out: pbBuffer=0xc0000e1701) returned 1 [0161.751] VirtualAlloc (lpAddress=0xc000284000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000284000 [0161.752] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.058] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms\\*", lpFindFileData=0xc000379a68 | out: lpFindFileData=0xc000379a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.058] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000379720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.058] WaitForSingleObject (hHandle=0x108, dwMilliseconds=0xffffffff) Thread: id = 15 os_tid = 0x5bc [0089.880] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2870fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2870fea0*=0xe0) returned 1 [0089.880] VirtualQuery (in: lpAddress=0x2870fec0, lpBuffer=0x2870fec0, dwLength=0x30 | out: lpBuffer=0x2870fec0*(BaseAddress=0x2870f000, AllocationBase=0x28510000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0089.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0089.880] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000047cf4 | out: lpMode=0xc000047cf4) returned 0 [0089.897] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x100 [0089.897] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x110 [0089.897] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0089.959] SetEvent (hEvent=0x8c) returned 1 [0089.959] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0090.462] VirtualAlloc (lpAddress=0xc000064000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000064000 [0090.462] VirtualAlloc (lpAddress=0xc000066000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000066000 [0090.462] VirtualAlloc (lpAddress=0xc000068000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000068000 [0090.463] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap_unsigned.cdf-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0090.463] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00010fcf4 | out: lpMode=0xc00010fcf4) returned 0 [0090.478] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0090.596] SwitchToThread () returned 1 [0090.709] SetEvent (hEvent=0xb8) returned 1 [0090.709] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0090.714] SetEvent (hEvent=0xb8) returned 1 [0090.714] SetEvent (hEvent=0x13c) returned 1 [0090.714] SwitchToThread () returned 1 [0090.739] GetFileType (hFile=0x144) returned 0x1 [0090.739] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0090.740] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00011bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00011bd4c*=0x158, lpOverlapped=0x0) returned 1 [0090.740] CloseHandle (hObject=0x144) returned 1 [0090.745] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\encry-clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\encry-clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms"), dwFlags=0x1) returned 1 [0090.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0090.746] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0090.750] GetFileType (hFile=0x144) returned 0x1 [0090.750] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0090.751] CloseHandle (hObject=0x144) returned 1 [0090.766] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\encry-GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\encry-googleupdatesetup.exe"), dwFlags=0x1) returned 0 [0090.766] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0006dd6e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0090.766] GetFileType (hFile=0x150) returned 0x1 [0090.766] WriteFile (in: hFile=0x150, lpBuffer=0xc0000100c0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0000c1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000100c0*, lpNumberOfBytesWritten=0xc0000c1cec*=0x10, lpOverlapped=0x0) returned 1 [0090.767] CloseHandle (hObject=0x150) returned 1 [0090.769] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0090.769] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0090.769] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe.manifest"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0090.770] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0000c1d64 | out: lpMode=0xc0000c1d64) returned 0 [0090.772] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0090.773] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0090.785] SetEvent (hEvent=0x120) returned 1 [0090.785] VirtualFree (lpAddress=0xc000800000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0090.787] VirtualFree (lpAddress=0xc0006fc000, dwSize=0x104000, dwFreeType=0x4000) returned 1 [0090.805] VirtualFree (lpAddress=0xc0006ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.805] VirtualFree (lpAddress=0xc0006e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.806] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.807] VirtualFree (lpAddress=0xc00014a000, dwSize=0x116000, dwFreeType=0x4000) returned 1 [0090.818] VirtualFree (lpAddress=0xc000132000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0090.818] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.819] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.819] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.819] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.819] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.820] VirtualFree (lpAddress=0xc0000f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.820] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.820] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0090.821] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.821] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.821] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.821] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.822] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.822] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.822] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0090.822] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0090.823] GetFileType (hFile=0x128) returned 0x1 [0090.823] WriteFile (in: hFile=0x128, lpBuffer=0xc000060000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesWritten=0xc00010dd4c*=0x158, lpOverlapped=0x0) returned 1 [0090.823] CloseHandle (hObject=0x128) returned 1 [0090.826] VirtualAlloc (lpAddress=0xc00026c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026c000 [0090.827] VirtualAlloc (lpAddress=0xc00026e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026e000 [0090.827] VirtualAlloc (lpAddress=0xc000270000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000270000 [0090.828] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\encry-clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\encry-clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), dwFlags=0x1) returned 0 [0090.828] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc00010d6e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0090.828] VirtualAlloc (lpAddress=0xc000272000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000272000 [0090.828] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\data\\cjw3o3kp.bx7\\6ng60cxz.9gj\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0090.829] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\*", lpFindFileData=0xc0000bb1d0 | out: lpFindFileData=0xc0000bb1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0090.829] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb200 | out: lpFindFileData=0xc0000bb200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.829] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb200 | out: lpFindFileData=0xc0000bb200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data", cAlternateFileName="")) returned 1 [0090.829] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb200 | out: lpFindFileData=0xc0000bb200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.829] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0090.829] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\data\\cjw3o3kp.bx7\\6ng60cxz.9gj\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\data"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb340 | out: lpFileInformation=0xc0000bb340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0090.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\data\\cjw3o3kp.bx7\\6ng60cxz.9gj\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0090.831] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\Data\\CJW3O3KP.BX7\\6NG60CXZ.9GJ\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\Data\\*", lpFindFileData=0xc0000bb0f8 | out: lpFindFileData=0xc0000bb0f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0090.831] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb128 | out: lpFindFileData=0xc0000bb128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6a3a0420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a3a0420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a3a0420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.831] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb128 | out: lpFindFileData=0xc0000bb128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.831] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0090.831] VirtualAlloc (lpAddress=0xc000274000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000274000 [0090.832] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\deployment"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb850 | out: lpFileInformation=0xc0000bb850*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0090.833] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\deployment"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0090.833] VirtualAlloc (lpAddress=0xc000276000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000276000 [0090.833] VirtualAlloc (lpAddress=0xc000278000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000278000 [0090.834] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Deployment\\*", lpFindFileData=0xc0000bb608 | out: lpFindFileData=0xc0000bb608*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0090.834] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb638 | out: lpFindFileData=0xc0000bb638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x65e16800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6adbe1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6adbe1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.834] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb638 | out: lpFindFileData=0xc0000bb638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.834] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0090.834] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\GDIPFONTCACHEV1.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\gdipfontcachev1.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb850 | out: lpFileInformation=0xc0000bb850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x66051ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x66051ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9791f220, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x1a918)) returned 1 [0090.835] VirtualAlloc (lpAddress=0xc00027a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027a000 [0090.835] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb850 | out: lpFileInformation=0xc0000bb850*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0090.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0090.836] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\*", lpFindFileData=0xc0000bb608 | out: lpFindFileData=0xc0000bb608*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0090.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb638 | out: lpFindFileData=0xc0000bb638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb638 | out: lpFindFileData=0xc0000bb638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Chrome", cAlternateFileName="")) returned 1 [0090.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb638 | out: lpFindFileData=0xc0000bb638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CrashReports", cAlternateFileName="CRASHR~1")) returned 1 [0090.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb638 | out: lpFindFileData=0xc0000bb638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.836] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0090.836] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb778 | out: lpFileInformation=0xc0000bb778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0090.837] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0090.837] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*", lpFindFileData=0xc0000bb530 | out: lpFindFileData=0xc0000bb530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0090.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb560 | out: lpFindFileData=0xc0000bb560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb560 | out: lpFindFileData=0xc0000bb560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Data", cAlternateFileName="USERDA~1")) returned 1 [0090.837] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb560 | out: lpFindFileData=0xc0000bb560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.837] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0090.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb6a0 | out: lpFileInformation=0xc0000bb6a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0090.866] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0090.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0090.870] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0090.871] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*", lpFindFileData=0xc0000bb458 | out: lpFindFileData=0xc0000bb458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0090.873] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.875] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CertificateTransparency", cAlternateFileName="CERTIF~1")) returned 1 [0090.875] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crashpad", cAlternateFileName="")) returned 1 [0090.875] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0090.875] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EVWhitelist", cAlternateFileName="EVWHIT~1")) returned 1 [0090.875] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileTypePolicies", cAlternateFileName="FILETY~1")) returned 1 [0090.875] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f8b8920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f8b8920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f8b8920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="First Run", cAlternateFileName="FIRSTR~1")) returned 1 [0090.875] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85749110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c0bcce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0bf3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1082a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local State", cAlternateFileName="LOCALS~1")) returned 1 [0090.875] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OriginTrials", cAlternateFileName="ORIGIN~1")) returned 1 [0090.875] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PepperFlash", cAlternateFileName="PEPPER~1")) returned 1 [0090.875] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pnacl", cAlternateFileName="")) returned 1 [0090.875] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97f6e8b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Safe Browsing Channel IDs", cAlternateFileName="SAFEBR~3")) returned 1 [0090.875] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97f94a10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Safe Browsing Channel IDs-journal", cAlternateFileName="SAFEBR~4")) returned 1 [0090.875] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8582d950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8582d950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Safe Browsing Cookies", cAlternateFileName="SAFEBR~1")) returned 1 [0090.875] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8582d950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8582d950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Safe Browsing Cookies-journal", cAlternateFileName="SAFEBR~2")) returned 1 [0090.875] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0090.876] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SSLErrorAssistant", cAlternateFileName="SSLERR~1")) returned 1 [0090.876] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SwReporter", cAlternateFileName="SWREPO~1")) returned 1 [0090.876] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 1 [0090.876] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb488 | out: lpFindFileData=0xc0000bb488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.876] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0090.877] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\certificatetransparency"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb5c8 | out: lpFileInformation=0xc0000bb5c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0090.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\certificatetransparency"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0090.880] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*", lpFindFileData=0xc0000bb380 | out: lpFindFileData=0xc0000bb380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0090.880] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.880] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.880] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0090.880] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad"), fInfoLevelId=0x0, lpFileInformation=0xc0000bb5c8 | out: lpFileInformation=0xc0000bb5c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0090.958] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0090.958] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*", lpFindFileData=0xc0000bb380 | out: lpFindFileData=0xc0000bb380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0090.958] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0090.958] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f5beda0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="metadata", cAlternateFileName="")) returned 1 [0090.958] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="reports", cAlternateFileName="")) returned 1 [0090.958] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a6374a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.dat", cAlternateFileName="")) returned 1 [0090.958] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000bb3b0 | out: lpFindFileData=0xc0000bb3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0090.958] SwitchToThread () returned 1 [0090.959] SetEvent (hEvent=0xb8) returned 1 [0090.959] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0090.976] SetEvent (hEvent=0x12c) returned 1 [0090.977] VirtualAlloc (lpAddress=0xc000062000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000062000 [0090.978] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.053] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0091.054] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.054] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0091.055] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0091.055] SetEvent (hEvent=0xb8) returned 1 [0091.055] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.096] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0091.096] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0091.096] SetEvent (hEvent=0x114) returned 1 [0091.096] SetEvent (hEvent=0x12c) returned 1 [0091.096] SetEvent (hEvent=0x108) returned 1 [0091.097] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.098] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0091.098] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.100] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.101] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0091.101] SetEvent (hEvent=0xb8) returned 1 [0091.101] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.132] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000111818, lpReserved=0x0 | out: lpBuffer=0xc000586030*, lpNumberOfCharsWritten=0xc000111818*=0x3) returned 1 [0091.150] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00006c000*, nNumberOfCharsToWrite=0x1a0, lpNumberOfCharsWritten=0xc0006dd808, lpReserved=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfCharsWritten=0xc0006dd808*=0x1a0) returned 1 [0091.162] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0091.162] SetEvent (hEvent=0xb8) returned 1 [0091.162] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0091.823] SetEvent (hEvent=0x120) returned 1 [0091.823] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0091.824] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0091.824] VirtualAlloc (lpAddress=0xc00017e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017e000 [0091.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0091.825] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000067cf4 | out: lpMode=0xc000067cf4) returned 0 [0091.826] GetFileType (hFile=0x128) returned 0x1 [0091.826] GetFileType (hFile=0x128) returned 0x1 [0091.826] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000067d44 | out: lpFileInformation=0xc000067d44) returned 1 [0091.826] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000067d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000067d28) returned 1 [0091.826] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0091.826] ReadFile (in: hFile=0x128, lpBuffer=0xc0000a2b40, nNumberOfBytesToRead=0x210, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2b40*, lpNumberOfBytesRead=0xc000067c04*=0x10, lpOverlapped=0x0) returned 1 [0091.828] ReadFile (in: hFile=0x128, lpBuffer=0xc0000a2b50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2b50*, lpNumberOfBytesRead=0xc000067c04*=0x0, lpOverlapped=0x0) returned 1 [0091.828] CloseHandle (hObject=0x128) returned 1 [0091.828] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0091.828] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0091.829] VirtualAlloc (lpAddress=0xc0000ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ec000 [0091.829] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0091.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0091.831] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000067d04 | out: lpMode=0xc000067d04) returned 0 [0091.832] GetFileType (hFile=0x128) returned 0x1 [0091.832] WriteFile (in: hFile=0x128, lpBuffer=0xc00009e020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xc000067cec, lpOverlapped=0x0 | out: lpBuffer=0xc00009e020*, lpNumberOfBytesWritten=0xc000067cec*=0x20, lpOverlapped=0x0) returned 1 [0091.833] CloseHandle (hObject=0x128) returned 1 [0091.837] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0091.837] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0091.837] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000067d64 | out: lpMode=0xc000067d64) returned 0 [0091.865] GetFileType (hFile=0x128) returned 0x1 [0091.865] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d8420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000067d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8420*, lpNumberOfBytesWritten=0xc000067d4c*=0x158, lpOverlapped=0x0) returned 1 [0091.865] CloseHandle (hObject=0x128) returned 1 [0091.866] GetFileType (hFile=0xf4) returned 0x1 [0091.866] GetFileType (hFile=0xf4) returned 0x1 [0091.866] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000069d44 | out: lpFileInformation=0xc000069d44) returned 1 [0091.866] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000069d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000069d28) returned 1 [0091.866] GetFileType (hFile=0x150) returned 0x1 [0091.866] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d8580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8580*, lpNumberOfBytesWritten=0xc0004dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0091.866] CloseHandle (hObject=0x150) returned 1 [0091.867] VirtualAlloc (lpAddress=0xc000128000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000128000 [0091.868] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0091.868] SwitchToThread () returned 1 [0091.870] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0091.963] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.165] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0092.165] SetEvent (hEvent=0x108) returned 1 [0092.165] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.622] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0092.623] SetEvent (hEvent=0xb8) returned 1 [0092.623] SetEvent (hEvent=0x13c) returned 1 [0092.623] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0092.628] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0092.628] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0092.634] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0092.634] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.634] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0092.634] SetEvent (hEvent=0xc0) returned 1 [0092.634] SetEvent (hEvent=0x108) returned 1 [0092.634] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.635] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\lock"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0092.635] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00012fcf4 | out: lpMode=0xc00012fcf4) returned 0 [0092.697] GetFileType (hFile=0x150) returned 0x1 [0092.697] GetFileType (hFile=0x150) returned 0x1 [0092.697] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00012fd44 | out: lpFileInformation=0xc00012fd44) returned 1 [0092.697] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00012fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012fd28) returned 1 [0092.697] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0092.697] ReadFile (in: hFile=0x150, lpBuffer=0xc0000be000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesRead=0xc00012fc04*=0x0, lpOverlapped=0x0) returned 1 [0092.697] CloseHandle (hObject=0x150) returned 1 [0092.697] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\lock"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0092.728] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0092.732] SetEvent (hEvent=0x120) returned 1 [0092.732] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00012fd04 | out: lpMode=0xc00012fd04) returned 0 [0092.734] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0092.746] SetEvent (hEvent=0x120) returned 1 [0092.746] GetFileType (hFile=0xf4) returned 0x1 [0092.746] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0092.755] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0092.757] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0092.757] SetEvent (hEvent=0x120) returned 1 [0092.757] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0092.760] SetEvent (hEvent=0x120) returned 1 [0092.760] SetEvent (hEvent=0xb8) returned 1 [0092.760] SetEvent (hEvent=0x12c) returned 1 [0092.760] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0092.775] SetEvent (hEvent=0xb8) returned 1 [0092.775] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0092.781] SetEvent (hEvent=0x12c) returned 1 [0092.781] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0092.798] SetEvent (hEvent=0x114) returned 1 [0092.798] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0092.801] SetEvent (hEvent=0x120) returned 1 [0092.801] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0092.804] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0092.899] SetEvent (hEvent=0x12c) returned 1 [0092.899] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.105] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0093.106] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0093.106] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0093.106] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000bdcf4 | out: lpMode=0xc0000bdcf4) returned 0 [0093.114] GetFileType (hFile=0xec) returned 0x1 [0093.114] GetFileType (hFile=0xec) returned 0x1 [0093.114] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0000bdd44 | out: lpFileInformation=0xc0000bdd44) returned 1 [0093.114] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0000bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bdd28) returned 1 [0093.114] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0093.115] ReadFile (in: hFile=0xec, lpBuffer=0xc00007a000, nNumberOfBytesToRead=0x2e0, lpNumberOfBytesRead=0xc0000bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesRead=0xc0000bdc04*=0xe0, lpOverlapped=0x0) returned 1 [0093.117] ReadFile (in: hFile=0xec, lpBuffer=0xc00007a0e0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a0e0*, lpNumberOfBytesRead=0xc0000bdc04*=0x0, lpOverlapped=0x0) returned 1 [0093.117] CloseHandle (hObject=0xec) returned 1 [0093.117] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0093.117] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0093.118] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0093.118] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0093.120] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000bdd04 | out: lpMode=0xc0000bdd04) returned 0 [0093.125] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.133] SetEvent (hEvent=0x120) returned 1 [0093.133] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.215] SetEvent (hEvent=0xb8) returned 1 [0093.215] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.421] SetEvent (hEvent=0x12c) returned 1 [0093.421] SetEvent (hEvent=0x120) returned 1 [0093.421] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.427] SetEvent (hEvent=0x12c) returned 1 [0093.427] VirtualFree (lpAddress=0xc000192000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0093.428] VirtualFree (lpAddress=0xc000184000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.428] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.428] VirtualFree (lpAddress=0xc00015c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.428] VirtualFree (lpAddress=0xc000158000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.429] VirtualFree (lpAddress=0xc000154000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.429] VirtualFree (lpAddress=0xc000148000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.429] VirtualFree (lpAddress=0xc00013c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0093.429] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.429] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.430] VirtualFree (lpAddress=0xc0000f6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.430] GetFileType (hFile=0xec) returned 0x1 [0093.430] WriteFile (in: hFile=0xec, lpBuffer=0xc00015a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00015a000*, lpNumberOfBytesWritten=0xc0000bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0093.430] CloseHandle (hObject=0xec) returned 1 [0093.431] VirtualAlloc (lpAddress=0xc00015e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015e000 [0093.431] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.432] GetFileType (hFile=0x150) returned 0x1 [0093.432] GetFileType (hFile=0x150) returned 0x1 [0093.432] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00012bd44 | out: lpFileInformation=0xc00012bd44) returned 1 [0093.432] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00012bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012bd28) returned 1 [0093.432] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0093.433] ReadFile (in: hFile=0x150, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x2e0, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc00012bc04*=0xe0, lpOverlapped=0x0) returned 1 [0093.434] ReadFile (in: hFile=0x150, lpBuffer=0xc0001600e0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001600e0*, lpNumberOfBytesRead=0xc00012bc04*=0x0, lpOverlapped=0x0) returned 1 [0093.434] CloseHandle (hObject=0x150) returned 1 [0093.434] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0093.434] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0093.435] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00012bd04 | out: lpMode=0xc00012bd04) returned 0 [0093.442] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.445] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.456] SwitchToThread () returned 1 [0093.470] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0093.470] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0093.471] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0093.471] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0093.471] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0093.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0093.472] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0006e3cf4 | out: lpMode=0xc0006e3cf4) returned 0 [0093.534] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.595] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.625] SwitchToThread () returned 1 [0093.640] SetEvent (hEvent=0x13c) returned 1 [0093.640] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.642] SetEvent (hEvent=0x120) returned 1 [0093.642] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.646] SwitchToThread () returned 1 [0093.648] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.654] SetEvent (hEvent=0x12c) returned 1 [0093.654] VirtualFree (lpAddress=0xc000226000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0093.655] VirtualFree (lpAddress=0xc000220000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.655] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0093.656] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.656] VirtualFree (lpAddress=0xc0001aa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0093.657] GetFileType (hFile=0x128) returned 0x1 [0093.657] WriteFile (in: hFile=0x128, lpBuffer=0xc00020e0e0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0000b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00020e0e0*, lpNumberOfBytesWritten=0xc0000b7cec*=0xe0, lpOverlapped=0x0) returned 1 [0093.658] CloseHandle (hObject=0x128) returned 1 [0093.659] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0093.659] VirtualAlloc (lpAddress=0xc0001c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c8000 [0093.660] VirtualAlloc (lpAddress=0xc0001ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ca000 [0093.660] VirtualAlloc (lpAddress=0xc0001cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001cc000 [0093.661] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0093.661] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000b7d64 | out: lpMode=0xc0000b7d64) returned 0 [0093.668] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.673] SetEvent (hEvent=0x120) returned 1 [0093.673] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.674] SetEvent (hEvent=0x120) returned 1 [0093.674] SetEvent (hEvent=0x12c) returned 1 [0093.674] VirtualFree (lpAddress=0xc00020e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.674] VirtualFree (lpAddress=0xc0001c8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.674] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.674] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.675] VirtualFree (lpAddress=0xc0001a6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.675] VirtualFree (lpAddress=0xc0001a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.675] VirtualFree (lpAddress=0xc00017c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.675] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.675] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.676] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.676] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0093.676] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0000bbcf4 | out: lpMode=0xc0000bbcf4) returned 0 [0093.677] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.678] GetFileType (hFile=0x150) returned 0x1 [0093.678] GetFileType (hFile=0x150) returned 0x1 [0093.678] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0000bbd44 | out: lpFileInformation=0xc0000bbd44) returned 1 [0093.678] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0000bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bbd28) returned 1 [0093.678] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0093.678] ReadFile (in: hFile=0x150, lpBuffer=0xc000236000, nNumberOfBytesToRead=0x2d9, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000236000*, lpNumberOfBytesRead=0xc0000bbc04*=0xd9, lpOverlapped=0x0) returned 1 [0093.679] ReadFile (in: hFile=0x150, lpBuffer=0xc0002360d9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002360d9*, lpNumberOfBytesRead=0xc0000bbc04*=0x0, lpOverlapped=0x0) returned 1 [0093.679] CloseHandle (hObject=0x150) returned 1 [0093.679] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0093.680] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0093.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0093.681] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0000bbd04 | out: lpMode=0xc0000bbd04) returned 0 [0093.681] GetFileType (hFile=0x150) returned 0x1 [0093.681] WriteFile (in: hFile=0x150, lpBuffer=0xc00023a000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0000bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00023a000*, lpNumberOfBytesWritten=0xc0000bbcec*=0xe0, lpOverlapped=0x0) returned 1 [0093.682] CloseHandle (hObject=0x150) returned 1 [0093.718] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0093.719] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0093.719] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0093.719] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0093.719] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0093.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0093.720] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0000bbd64 | out: lpMode=0xc0000bbd64) returned 0 [0093.721] GetFileType (hFile=0x150) returned 0x1 [0093.721] WriteFile (in: hFile=0x150, lpBuffer=0xc00017a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00017a2c0*, lpNumberOfBytesWritten=0xc0000bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0093.721] CloseHandle (hObject=0x150) returned 1 [0093.722] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.723] VirtualFree (lpAddress=0xc0001be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.723] VirtualFree (lpAddress=0xc0001ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.724] GetFileType (hFile=0x144) returned 0x1 [0093.724] WriteFile (in: hFile=0x144, lpBuffer=0xc00017a580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00017a580*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0093.724] CloseHandle (hObject=0x144) returned 1 [0093.725] VirtualAlloc (lpAddress=0xc0001ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ce000 [0093.725] VirtualAlloc (lpAddress=0xc0001d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d0000 [0093.725] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.726] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0093.726] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000b9cf4 | out: lpMode=0xc0000b9cf4) returned 0 [0093.727] GetFileType (hFile=0x144) returned 0x1 [0093.727] GetFileType (hFile=0x144) returned 0x1 [0093.727] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0000b9d44 | out: lpFileInformation=0xc0000b9d44) returned 1 [0093.727] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0000b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000b9d28) returned 1 [0093.727] ReadFile (in: hFile=0x144, lpBuffer=0xc000236300, nNumberOfBytesToRead=0x2e1, lpNumberOfBytesRead=0xc0000b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000236300*, lpNumberOfBytesRead=0xc0000b9c04*=0xe1, lpOverlapped=0x0) returned 1 [0093.728] ReadFile (in: hFile=0x144, lpBuffer=0xc0002363e1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002363e1*, lpNumberOfBytesRead=0xc0000b9c04*=0x0, lpOverlapped=0x0) returned 1 [0093.728] CloseHandle (hObject=0x144) returned 1 [0093.728] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0093.729] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000b9d04 | out: lpMode=0xc0000b9d04) returned 0 [0093.730] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.731] GetFileType (hFile=0x144) returned 0x1 [0093.731] WriteFile (in: hFile=0x144, lpBuffer=0xc0002383c0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0000b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002383c0*, lpNumberOfBytesWritten=0xc0000b9cec*=0xf0, lpOverlapped=0x0) returned 1 [0093.732] CloseHandle (hObject=0x144) returned 1 [0093.736] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0093.736] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0093.736] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000b9d64 | out: lpMode=0xc0000b9d64) returned 0 [0093.737] GetFileType (hFile=0x144) returned 0x1 [0093.737] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0000b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0093.737] CloseHandle (hObject=0x144) returned 1 [0093.738] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.739] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.745] SetEvent (hEvent=0x120) returned 1 [0093.746] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.747] SetEvent (hEvent=0x12c) returned 1 [0093.747] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.748] SetEvent (hEvent=0x120) returned 1 [0093.748] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.758] SetEvent (hEvent=0x120) returned 1 [0093.758] SetEvent (hEvent=0x12c) returned 1 [0093.758] VirtualFree (lpAddress=0xc0001cc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.758] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.759] VirtualFree (lpAddress=0xc00017a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.759] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.759] GetFileType (hFile=0xf4) returned 0x1 [0093.759] GetFileType (hFile=0xf4) returned 0x1 [0093.759] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc0006e3d44 | out: lpFileInformation=0xc0006e3d44) returned 1 [0093.759] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc0006e3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e3d28) returned 1 [0093.759] ReadFile (in: hFile=0xf4, lpBuffer=0xc00006a300, nNumberOfBytesToRead=0x2e0, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a300*, lpNumberOfBytesRead=0xc0006e3c04*=0xe0, lpOverlapped=0x0) returned 1 [0093.760] ReadFile (in: hFile=0xf4, lpBuffer=0xc00006a3e0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a3e0*, lpNumberOfBytesRead=0xc0006e3c04*=0x0, lpOverlapped=0x0) returned 1 [0093.760] CloseHandle (hObject=0xf4) returned 1 [0093.760] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0093.761] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0006e3d04 | out: lpMode=0xc0006e3d04) returned 0 [0093.767] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.770] GetFileType (hFile=0xf4) returned 0x1 [0093.770] WriteFile (in: hFile=0xf4, lpBuffer=0xc0002383c0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0006e3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002383c0*, lpNumberOfBytesWritten=0xc0006e3cec*=0xf0, lpOverlapped=0x0) returned 1 [0093.771] CloseHandle (hObject=0xf4) returned 1 [0093.772] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0093.773] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0093.773] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0006e3d64 | out: lpMode=0xc0006e3d64) returned 0 [0093.773] GetFileType (hFile=0xf4) returned 0x1 [0093.774] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0093.774] WriteFile (in: hFile=0xf4, lpBuffer=0xc000244000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000244000*, lpNumberOfBytesWritten=0xc0006e3d4c*=0x158, lpOverlapped=0x0) returned 1 [0093.774] CloseHandle (hObject=0xf4) returned 1 [0093.776] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.777] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.782] SetEvent (hEvent=0x120) returned 1 [0093.782] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.783] SetEvent (hEvent=0x114) returned 1 [0093.783] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.784] SetEvent (hEvent=0x120) returned 1 [0093.784] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.802] SetEvent (hEvent=0x120) returned 1 [0093.802] SetEvent (hEvent=0x114) returned 1 [0093.802] VirtualFree (lpAddress=0xc0001d4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.803] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.803] GetFileType (hFile=0x128) returned 0x1 [0093.803] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0000b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0093.803] CloseHandle (hObject=0x128) returned 1 [0093.807] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.813] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586298*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006df818, lpReserved=0x0 | out: lpBuffer=0xc000586298*, lpNumberOfCharsWritten=0xc0006df818*=0x3) returned 1 [0093.815] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.838] SetEvent (hEvent=0x114) returned 1 [0093.839] SetEvent (hEvent=0x120) returned 1 [0093.839] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.864] SetEvent (hEvent=0x13c) returned 1 [0093.864] VirtualAlloc (lpAddress=0xc0001da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001da000 [0093.865] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0093.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0093.865] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0004d9cf4 | out: lpMode=0xc0004d9cf4) returned 0 [0093.870] GetFileType (hFile=0x128) returned 0x1 [0093.871] GetFileType (hFile=0x128) returned 0x1 [0093.871] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0004d9d44 | out: lpFileInformation=0xc0004d9d44) returned 1 [0093.871] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0004d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004d9d28) returned 1 [0093.871] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0093.871] ReadFile (in: hFile=0x128, lpBuffer=0xc0001de000, nNumberOfBytesToRead=0x2dd, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de000*, lpNumberOfBytesRead=0xc0004d9c04*=0xdd, lpOverlapped=0x0) returned 1 [0093.872] ReadFile (in: hFile=0x128, lpBuffer=0xc0001de0dd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de0dd*, lpNumberOfBytesRead=0xc0004d9c04*=0x0, lpOverlapped=0x0) returned 1 [0093.872] CloseHandle (hObject=0x128) returned 1 [0093.872] VirtualAlloc (lpAddress=0xc0001e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e0000 [0093.873] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0093.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0093.874] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0004d9d04 | out: lpMode=0xc0004d9d04) returned 0 [0093.881] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.887] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.896] SetEvent (hEvent=0x120) returned 1 [0093.896] SetEvent (hEvent=0xb8) returned 1 [0093.897] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.897] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.897] VirtualFree (lpAddress=0xc0001d6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.897] VirtualFree (lpAddress=0xc000174000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.897] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.898] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.898] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.898] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0093.898] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586368*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000063818, lpReserved=0x0 | out: lpBuffer=0xc000586368*, lpNumberOfCharsWritten=0xc000063818*=0x3) returned 1 [0093.906] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0093.906] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000065818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc000065818*=0x3) returned 1 [0093.908] SetEvent (hEvent=0x13c) returned 1 [0093.908] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0093.908] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004db818, lpReserved=0x0 | out: lpBuffer=0xc0000a0016*, lpNumberOfCharsWritten=0xc0004db818*=0x3) returned 1 [0093.912] SetEvent (hEvent=0x13c) returned 1 [0093.912] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586370*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000069818, lpReserved=0x0 | out: lpBuffer=0xc000586370*, lpNumberOfCharsWritten=0xc000069818*=0x3) returned 1 [0093.980] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0093.981] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000111818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000111818*=0x3) returned 1 [0093.986] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000bd818, lpReserved=0x0 | out: lpBuffer=0xc000586006*, lpNumberOfCharsWritten=0xc0000bd818*=0x3) returned 1 [0093.998] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0350*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc0000a0350*, lpNumberOfCharsWritten=0xc0006dd818*=0x3) returned 1 [0094.007] SetEvent (hEvent=0x114) returned 1 [0094.007] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0370*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00010d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0370*, lpNumberOfCharsWritten=0xc00010d818*=0x3) returned 1 [0094.018] SetEvent (hEvent=0x114) returned 1 [0094.018] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.024] SetEvent (hEvent=0x120) returned 1 [0094.025] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.027] SetEvent (hEvent=0x114) returned 1 [0094.027] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.029] SetEvent (hEvent=0x120) returned 1 [0094.029] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.041] SetEvent (hEvent=0x120) returned 1 [0094.041] SetEvent (hEvent=0x114) returned 1 [0094.041] VirtualFree (lpAddress=0xc00025e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.041] VirtualFree (lpAddress=0xc0001e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.042] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.042] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.042] GetFileType (hFile=0x128) returned 0x1 [0094.042] WriteFile (in: hFile=0x128, lpBuffer=0xc0001e2000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0004d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesWritten=0xc0004d9cec*=0xe0, lpOverlapped=0x0) returned 1 [0094.043] CloseHandle (hObject=0x128) returned 1 [0094.048] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0094.048] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0094.049] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0094.049] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0094.049] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0004d9d64 | out: lpMode=0xc0004d9d64) returned 0 [0094.058] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.061] GetFileType (hFile=0x128) returned 0x1 [0094.061] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0094.061] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0094.061] WriteFile (in: hFile=0x128, lpBuffer=0xc0000dc000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesWritten=0xc0004d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.062] CloseHandle (hObject=0x128) returned 1 [0094.065] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.065] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.073] SetEvent (hEvent=0x8c) returned 1 [0094.073] SetEvent (hEvent=0x114) returned 1 [0094.073] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.101] SwitchToThread () returned 1 [0094.110] SetEvent (hEvent=0x8c) returned 1 [0094.111] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.113] SetEvent (hEvent=0x120) returned 1 [0094.113] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.139] SetEvent (hEvent=0x8c) returned 1 [0094.139] SetEvent (hEvent=0x114) returned 1 [0094.139] SetEvent (hEvent=0x120) returned 1 [0094.139] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.154] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.154] SetEvent (hEvent=0x8c) returned 1 [0094.154] SetEvent (hEvent=0xb8) returned 1 [0094.154] VirtualFree (lpAddress=0xc000268000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0094.155] VirtualFree (lpAddress=0xc0000ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.155] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.155] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.155] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.156] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.156] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.156] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.156] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.157] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.157] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.157] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.157] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.157] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110)) returned 1 [0094.157] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.157] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.158] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.158] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.158] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.158] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.158] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3)) returned 1 [0094.158] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.162] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.163] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.163] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.163] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.163] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.163] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.164] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.164] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf)) returned 1 [0094.164] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.164] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.164] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.164] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.164] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.164] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.165] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104)) returned 1 [0094.165] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.170] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.174] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.174] VirtualAlloc (lpAddress=0xc000272000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000272000 [0094.175] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.175] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.175] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.175] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.175] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.175] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2)) returned 1 [0094.175] VirtualAlloc (lpAddress=0xc000274000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000274000 [0094.176] SetEvent (hEvent=0x13c) returned 1 [0094.176] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.176] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.176] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.176] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.177] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.177] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.177] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.177] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104)) returned 1 [0094.177] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.178] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.182] SetEvent (hEvent=0x8c) returned 1 [0094.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.182] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.184] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.184] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.185] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd)) returned 1 [0094.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.185] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.186] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e)) returned 1 [0094.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.187] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.237] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.237] SetEvent (hEvent=0x13c) returned 1 [0094.237] SetEvent (hEvent=0x12c) returned 1 [0094.237] SetEvent (hEvent=0x8c) returned 1 [0094.237] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.251] SetEvent (hEvent=0x8c) returned 1 [0094.251] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.252] SetEvent (hEvent=0x13c) returned 1 [0094.252] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.257] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.277] SetEvent (hEvent=0x8c) returned 1 [0094.277] SwitchToThread () returned 1 [0094.293] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000129818, lpReserved=0x0 | out: lpBuffer=0xc000102020*, lpNumberOfCharsWritten=0xc000129818*=0x3) returned 1 [0094.329] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102026*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012b818, lpReserved=0x0 | out: lpBuffer=0xc000102026*, lpNumberOfCharsWritten=0xc00012b818*=0x3) returned 1 [0094.337] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.340] SetEvent (hEvent=0x13c) returned 1 [0094.340] SetEvent (hEvent=0x8c) returned 1 [0094.340] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.356] SetEvent (hEvent=0x8c) returned 1 [0094.356] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.357] SetEvent (hEvent=0x13c) returned 1 [0094.357] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.409] SwitchToThread () returned 1 [0094.410] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.411] SetEvent (hEvent=0x8c) returned 1 [0094.411] SetEvent (hEvent=0x13c) returned 1 [0094.411] VirtualFree (lpAddress=0xc00018c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.411] VirtualFree (lpAddress=0xc000136000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.412] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.412] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.413] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.413] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.413] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.413] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.413] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.413] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.414] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.414] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed)) returned 1 [0094.414] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.414] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.414] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.415] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.415] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.415] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.415] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.415] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7)) returned 1 [0094.415] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.417] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.417] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.418] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.418] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.418] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.418] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.418] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1)) returned 1 [0094.418] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.426] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.427] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.428] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.428] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.428] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85d166b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x0, dwReserved1=0x0, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0094.428] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0094.428] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.428] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.428] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85d166b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160)) returned 1 [0094.428] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56)) returned 1 [0094.429] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2c)) returned 1 [0094.429] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0094.429] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa0)) returned 1 [0094.429] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b74730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5c)) returned 1 [0094.430] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5f)) returned 1 [0094.430] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5)) returned 1 [0094.430] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0094.431] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0094.431] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0094.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.431] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.432] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0094.432] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0094.432] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\*", lpFindFileData=0xc0000751d0 | out: lpFindFileData=0xc0000751d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.433] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.433] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0.9_0", cAlternateFileName="")) returned 1 [0094.433] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.433] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.433] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.435] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.438] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.438] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\*", lpFindFileData=0xc0000750f8 | out: lpFindFileData=0xc0000750f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.445] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.445] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc8d, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0094.445] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0094.446] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0094.446] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0094.446] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.js", cAlternateFileName="")) returned 1 [0094.446] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0094.446] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0094.446] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0094.446] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.446] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.447] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0094.447] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0094.448] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0094.448] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.460] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.466] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.474] SetEvent (hEvent=0x108) returned 1 [0094.474] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.476] SetEvent (hEvent=0x120) returned 1 [0094.476] SetEvent (hEvent=0x13c) returned 1 [0094.476] SetEvent (hEvent=0x114) returned 1 [0094.477] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.517] SetEvent (hEvent=0x108) returned 1 [0094.517] SetEvent (hEvent=0x13c) returned 1 [0094.517] SetEvent (hEvent=0x114) returned 1 [0094.518] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.573] SetEvent (hEvent=0x108) returned 1 [0094.573] SetEvent (hEvent=0x120) returned 1 [0094.573] SetEvent (hEvent=0x114) returned 1 [0094.573] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.587] SetEvent (hEvent=0x108) returned 1 [0094.587] SetEvent (hEvent=0x13c) returned 1 [0094.587] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.622] SetEvent (hEvent=0x13c) returned 1 [0094.622] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.627] SetEvent (hEvent=0x108) returned 1 [0094.627] SetEvent (hEvent=0x9c) returned 1 [0094.627] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.630] SetEvent (hEvent=0x8c) returned 1 [0094.630] SetEvent (hEvent=0x9c) returned 1 [0094.630] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.658] SetEvent (hEvent=0x8c) returned 1 [0094.658] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.807] SetEvent (hEvent=0x120) returned 1 [0094.807] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0094.808] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0094.808] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0094.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0094.808] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000b7cf4 | out: lpMode=0xc0000b7cf4) returned 0 [0094.811] GetFileType (hFile=0xf4) returned 0x1 [0094.811] GetFileType (hFile=0xf4) returned 0x1 [0094.811] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc0000b7d44 | out: lpFileInformation=0xc0000b7d44) returned 1 [0094.811] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc0000b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000b7d28) returned 1 [0094.811] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0094.812] ReadFile (in: hFile=0xf4, lpBuffer=0xc0001ec000, nNumberOfBytesToRead=0x304, lpNumberOfBytesRead=0xc0000b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ec000*, lpNumberOfBytesRead=0xc0000b7c04*=0x104, lpOverlapped=0x0) returned 1 [0094.813] ReadFile (in: hFile=0xf4, lpBuffer=0xc0001ec104, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ec104*, lpNumberOfBytesRead=0xc0000b7c04*=0x0, lpOverlapped=0x0) returned 1 [0094.813] CloseHandle (hObject=0xf4) returned 1 [0094.813] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0094.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0094.814] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000b7d04 | out: lpMode=0xc0000b7d04) returned 0 [0094.815] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.869] GetFileType (hFile=0xf4) returned 0x1 [0094.869] WriteFile (in: hFile=0xf4, lpBuffer=0xc0003d3200*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc0000b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d3200*, lpNumberOfBytesWritten=0xc0000b7cec*=0x110, lpOverlapped=0x0) returned 1 [0094.870] CloseHandle (hObject=0xf4) returned 1 [0094.872] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0094.872] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0094.873] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0094.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0094.874] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000b7d64 | out: lpMode=0xc0000b7d64) returned 0 [0094.882] GetFileType (hFile=0xf4) returned 0x1 [0094.882] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.882] CloseHandle (hObject=0xf4) returned 1 [0094.884] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.885] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0094.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0094.886] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00024bcf4 | out: lpMode=0xc00024bcf4) returned 0 [0094.890] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.895] SetEvent (hEvent=0x114) returned 1 [0094.895] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.896] SetEvent (hEvent=0x120) returned 1 [0094.896] SetEvent (hEvent=0x9c) returned 1 [0094.896] VirtualFree (lpAddress=0xc0001f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.897] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.897] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.897] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.897] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.897] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.898] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.898] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.898] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.898] SetEvent (hEvent=0x114) returned 1 [0094.898] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.924] SetEvent (hEvent=0x9c) returned 1 [0094.924] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.958] SetEvent (hEvent=0x9c) returned 1 [0094.958] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.962] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0094.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0094.963] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0094.965] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.965] GetFileType (hFile=0xf4) returned 0x1 [0094.965] GetFileType (hFile=0xf4) returned 0x1 [0094.965] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0094.965] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0094.965] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000a2300, nNumberOfBytesToRead=0x2d8, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2300*, lpNumberOfBytesRead=0xc0006e1c04*=0xd8, lpOverlapped=0x0) returned 1 [0094.966] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000a23d8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a23d8*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0094.966] CloseHandle (hObject=0xf4) returned 1 [0094.966] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0094.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0094.968] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0094.968] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.973] GetFileType (hFile=0xf4) returned 0x1 [0094.973] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000e0000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e0000*, lpNumberOfBytesWritten=0xc0006e1cec*=0xe0, lpOverlapped=0x0) returned 1 [0094.974] CloseHandle (hObject=0xf4) returned 1 [0094.980] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0094.981] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0094.981] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0094.981] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0094.982] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0094.982] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0094.982] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0094.991] GetFileType (hFile=0xf4) returned 0x1 [0094.991] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000e8420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000e8420*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.991] CloseHandle (hObject=0xf4) returned 1 [0094.992] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.993] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0094.993] SetEvent (hEvent=0x9c) returned 1 [0094.994] SetEvent (hEvent=0x13c) returned 1 [0094.994] VirtualAlloc (lpAddress=0xc0000f4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f4000 [0094.995] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.998] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0094.998] SetEvent (hEvent=0x13c) returned 1 [0094.998] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.007] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.007] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.007] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.007] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0095.008] SetEvent (hEvent=0x108) returned 1 [0095.008] SetEvent (hEvent=0x13c) returned 1 [0095.008] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.010] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.010] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.010] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.010] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.010] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.011] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.011] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb)) returned 1 [0095.011] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.011] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.012] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.012] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.012] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.012] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.012] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7)) returned 1 [0095.025] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.029] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.029] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.029] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.030] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.030] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.030] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.030] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.030] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd)) returned 1 [0095.030] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.031] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.031] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.031] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.031] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.031] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.031] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117)) returned 1 [0095.033] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.037] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.037] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.037] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.037] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.037] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.037] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.037] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.038] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb)) returned 1 [0095.038] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0095.038] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0095.038] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0095.038] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0095.039] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0095.039] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0095.039] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0095.039] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1)) returned 1 [0095.052] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.057] SetEvent (hEvent=0x108) returned 1 [0095.057] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.065] SetEvent (hEvent=0x9c) returned 1 [0095.065] SetEvent (hEvent=0x108) returned 1 [0095.065] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.080] SetEvent (hEvent=0x8c) returned 1 [0095.080] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.081] SetEvent (hEvent=0x8c) returned 1 [0095.081] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.081] SetEvent (hEvent=0x8c) returned 1 [0095.081] SetEvent (hEvent=0x114) returned 1 [0095.081] VirtualFree (lpAddress=0xc0001fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.081] VirtualFree (lpAddress=0xc0001ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.082] VirtualFree (lpAddress=0xc000132000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.082] VirtualFree (lpAddress=0xc000122000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0095.082] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.083] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.083] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.083] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.083] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.084] GetFileType (hFile=0xf4) returned 0x1 [0095.084] GetFileType (hFile=0xf4) returned 0x1 [0095.084] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc0000c1d44 | out: lpFileInformation=0xc0000c1d44) returned 1 [0095.084] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc0000c1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c1d28) returned 1 [0095.084] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0095.084] ReadFile (in: hFile=0xf4, lpBuffer=0xc00005e000, nNumberOfBytesToRead=0x2d8, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesRead=0xc0000c1c04*=0xd8, lpOverlapped=0x0) returned 1 [0095.086] ReadFile (in: hFile=0xf4, lpBuffer=0xc00005e0d8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005e0d8*, lpNumberOfBytesRead=0xc0000c1c04*=0x0, lpOverlapped=0x0) returned 1 [0095.086] CloseHandle (hObject=0xf4) returned 1 [0095.086] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0095.086] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0095.086] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0095.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.088] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000c1d04 | out: lpMode=0xc0000c1d04) returned 0 [0095.095] GetFileType (hFile=0xf4) returned 0x1 [0095.095] WriteFile (in: hFile=0xf4, lpBuffer=0xc00006e000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0000c1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesWritten=0xc0000c1cec*=0xe0, lpOverlapped=0x0) returned 1 [0095.096] CloseHandle (hObject=0xf4) returned 1 [0095.100] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0095.101] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0095.101] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0095.102] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.102] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000c1d64 | out: lpMode=0xc0000c1d64) returned 0 [0095.116] GetFileType (hFile=0xf4) returned 0x1 [0095.116] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000c1d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.116] CloseHandle (hObject=0xf4) returned 1 [0095.117] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.118] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0095.118] SetEvent (hEvent=0x108) returned 1 [0095.119] SetEvent (hEvent=0x120) returned 1 [0095.119] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0095.120] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.130] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.130] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.143] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.143] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0095.143] SetEvent (hEvent=0x9c) returned 1 [0095.143] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.167] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0095.167] SetEvent (hEvent=0x108) returned 1 [0095.167] SetEvent (hEvent=0x114) returned 1 [0095.168] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.172] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.172] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.177] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.177] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0095.177] SetEvent (hEvent=0x9c) returned 1 [0095.177] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.183] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.183] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.184] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.184] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0095.184] SetEvent (hEvent=0xc0) returned 1 [0095.184] SetEvent (hEvent=0x9c) returned 1 [0095.184] SetEvent (hEvent=0x120) returned 1 [0095.184] VirtualAlloc (lpAddress=0xc000134000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000134000 [0095.185] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.189] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.190] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0095.190] SetEvent (hEvent=0x8c) returned 1 [0095.190] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.199] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.199] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0095.199] SetEvent (hEvent=0x120) returned 1 [0095.199] SetEvent (hEvent=0x9c) returned 1 [0095.200] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.218] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.218] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.229] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0095.230] SetEvent (hEvent=0x8c) returned 1 [0095.230] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.258] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0095.258] SetEvent (hEvent=0x114) returned 1 [0095.258] SetEvent (hEvent=0x108) returned 1 [0095.259] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.271] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.271] SetEvent (hEvent=0x114) returned 1 [0095.271] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.273] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.273] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.274] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0095.274] SetEvent (hEvent=0xc0) returned 1 [0095.274] SetEvent (hEvent=0x114) returned 1 [0095.274] SetEvent (hEvent=0x108) returned 1 [0095.274] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.278] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.278] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0095.278] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0095.279] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0095.279] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0095.279] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00010fcf4 | out: lpMode=0xc00010fcf4) returned 0 [0095.290] GetFileType (hFile=0xf4) returned 0x1 [0095.290] GetFileType (hFile=0xf4) returned 0x1 [0095.290] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc00010fd44 | out: lpFileInformation=0xc00010fd44) returned 1 [0095.290] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc00010fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010fd28) returned 1 [0095.290] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0095.291] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0095.291] ReadFile (in: hFile=0xf4, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0x2d1, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc00010fc04*=0xd1, lpOverlapped=0x0) returned 1 [0095.292] ReadFile (in: hFile=0xf4, lpBuffer=0xc00006a0d1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a0d1*, lpNumberOfBytesRead=0xc00010fc04*=0x0, lpOverlapped=0x0) returned 1 [0095.292] CloseHandle (hObject=0xf4) returned 1 [0095.292] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0095.293] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0095.293] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.294] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00010fd04 | out: lpMode=0xc00010fd04) returned 0 [0095.319] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.324] GetFileType (hFile=0xf4) returned 0x1 [0095.324] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.332] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.333] SetEvent (hEvent=0x9c) returned 1 [0095.333] SetEvent (hEvent=0x120) returned 1 [0095.333] SetEvent (hEvent=0x13c) returned 1 [0095.333] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.340] VirtualFree (lpAddress=0xc000160000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0095.341] VirtualFree (lpAddress=0xc000156000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0095.341] VirtualFree (lpAddress=0xc00014e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0095.342] VirtualFree (lpAddress=0xc000146000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0095.342] VirtualFree (lpAddress=0xc0000f6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.342] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.343] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012f818, lpReserved=0x0 | out: lpBuffer=0xc000102008*, lpNumberOfCharsWritten=0xc00012f818*=0x3) returned 1 [0095.365] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102090*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc000102090*, lpNumberOfCharsWritten=0xc000117818*=0x3) returned 1 [0095.381] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0095.382] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.389] SetEvent (hEvent=0x114) returned 1 [0095.390] SetEvent (hEvent=0x120) returned 1 [0095.390] SwitchToThread () returned 1 [0095.394] SetEvent (hEvent=0x114) returned 1 [0095.394] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.416] SetEvent (hEvent=0x114) returned 1 [0095.416] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.417] SetEvent (hEvent=0xb8) returned 1 [0095.417] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.422] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.430] SetEvent (hEvent=0x114) returned 1 [0095.430] SetEvent (hEvent=0xb8) returned 1 [0095.430] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.430] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.431] WriteFile (in: hFile=0xf4, lpBuffer=0xc0001540e0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00010fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001540e0*, lpNumberOfBytesWritten=0xc00010fcec*=0xe0, lpOverlapped=0x0) returned 1 [0095.432] CloseHandle (hObject=0xf4) returned 1 [0095.433] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0095.434] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0095.434] VirtualAlloc (lpAddress=0xc0000ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ec000 [0095.434] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0095.435] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0095.435] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.436] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00010fd64 | out: lpMode=0xc00010fd64) returned 0 [0095.444] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.447] GetFileType (hFile=0xf4) returned 0x1 [0095.448] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00010fd4c*=0x158, lpOverlapped=0x0) returned 1 [0095.448] CloseHandle (hObject=0xf4) returned 1 [0095.449] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.450] SwitchToThread () returned 1 [0095.450] SetEvent (hEvent=0x114) returned 1 [0095.450] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.450] SetEvent (hEvent=0x114) returned 1 [0095.450] SetEvent (hEvent=0xb8) returned 1 [0095.451] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0095.451] VirtualFree (lpAddress=0xc000154000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.451] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.451] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.452] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.452] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.452] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.452] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.453] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.453] VirtualFree (lpAddress=0xc00005c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.453] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.454] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012d818, lpReserved=0x0 | out: lpBuffer=0xc0000101c0*, lpNumberOfCharsWritten=0xc00012d818*=0x3) returned 1 [0095.455] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.457] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101c6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000129818, lpReserved=0x0 | out: lpBuffer=0xc0000101c6*, lpNumberOfCharsWritten=0xc000129818*=0x3) returned 1 [0095.458] SetEvent (hEvent=0xb8) returned 1 [0095.458] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000243818, lpReserved=0x0 | out: lpBuffer=0xc0000a0060*, lpNumberOfCharsWritten=0xc000243818*=0x3) returned 1 [0095.459] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.468] VirtualAlloc (lpAddress=0xc0000f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f4000 [0095.468] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102090*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000b9818, lpReserved=0x0 | out: lpBuffer=0xc000102090*, lpNumberOfCharsWritten=0xc0000b9818*=0x3) returned 1 [0095.486] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102096*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c7818, lpReserved=0x0 | out: lpBuffer=0xc000102096*, lpNumberOfCharsWritten=0xc0000c7818*=0x3) returned 1 [0095.528] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.535] VirtualAlloc (lpAddress=0xc000134000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000134000 [0095.535] SetEvent (hEvent=0x114) returned 1 [0095.535] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.548] SetEvent (hEvent=0x114) returned 1 [0095.548] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.550] SetEvent (hEvent=0xb8) returned 1 [0095.550] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.554] VirtualAlloc (lpAddress=0xc000136000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000136000 [0095.554] VirtualAlloc (lpAddress=0xc000138000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000138000 [0095.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xfc [0095.555] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc00012dcf4 | out: lpMode=0xc00012dcf4) returned 0 [0095.561] GetFileType (hFile=0xfc) returned 0x1 [0095.561] GetFileType (hFile=0xfc) returned 0x1 [0095.561] GetFileInformationByHandle (in: hFile=0xfc, lpFileInformation=0xc00012dd44 | out: lpFileInformation=0xc00012dd44) returned 1 [0095.562] GetFileInformationByHandleEx (in: hFile=0xfc, FileInformationClass=0x9, lpFileInformation=0xc00012dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012dd28) returned 1 [0095.562] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0095.562] ReadFile (in: hFile=0xfc, lpBuffer=0xc00013a000, nNumberOfBytesToRead=0x2fe, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesRead=0xc00012dc04*=0xfe, lpOverlapped=0x0) returned 1 [0095.563] ReadFile (in: hFile=0xfc, lpBuffer=0xc00013a0fe, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00013a0fe*, lpNumberOfBytesRead=0xc00012dc04*=0x0, lpOverlapped=0x0) returned 1 [0095.563] CloseHandle (hObject=0xfc) returned 1 [0095.563] VirtualAlloc (lpAddress=0xc00013c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013c000 [0095.563] VirtualAlloc (lpAddress=0xc00013e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013e000 [0095.564] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0095.565] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc00012dd04 | out: lpMode=0xc00012dd04) returned 0 [0095.571] GetFileType (hFile=0xfc) returned 0x1 [0095.571] WriteFile (in: hFile=0xfc, lpBuffer=0xc000000700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc00012dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000000700*, lpNumberOfBytesWritten=0xc00012dcec*=0x100, lpOverlapped=0x0) returned 1 [0095.572] CloseHandle (hObject=0xfc) returned 1 [0095.574] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0095.574] VirtualAlloc (lpAddress=0xc000140000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000140000 [0095.574] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0095.575] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0095.575] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc00012dd64 | out: lpMode=0xc00012dd64) returned 0 [0095.586] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.594] GetFileType (hFile=0xfc) returned 0x1 [0095.594] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.598] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.603] SetEvent (hEvent=0x13c) returned 1 [0095.603] SetEvent (hEvent=0x9c) returned 1 [0095.603] SetEvent (hEvent=0x8c) returned 1 [0095.603] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.617] VirtualAlloc (lpAddress=0xc000148000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000148000 [0095.617] VirtualAlloc (lpAddress=0xc00014a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014a000 [0095.618] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0095.618] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0004dfcf4 | out: lpMode=0xc0004dfcf4) returned 0 [0095.630] GetFileType (hFile=0x150) returned 0x1 [0095.630] VirtualAlloc (lpAddress=0xc00014e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014e000 [0095.630] VirtualAlloc (lpAddress=0xc000150000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000150000 [0095.630] GetFileType (hFile=0x150) returned 0x1 [0095.630] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0004dfd44 | out: lpFileInformation=0xc0004dfd44) returned 1 [0095.630] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0004dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dfd28) returned 1 [0095.630] VirtualAlloc (lpAddress=0xc000152000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000152000 [0095.631] ReadFile (in: hFile=0x150, lpBuffer=0xc000152000, nNumberOfBytesToRead=0x30a, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000152000*, lpNumberOfBytesRead=0xc0004dfc04*=0x10a, lpOverlapped=0x0) returned 1 [0095.632] ReadFile (in: hFile=0x150, lpBuffer=0xc00015210a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00015210a*, lpNumberOfBytesRead=0xc0004dfc04*=0x0, lpOverlapped=0x0) returned 1 [0095.632] CloseHandle (hObject=0x150) returned 1 [0095.632] VirtualAlloc (lpAddress=0xc000156000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000156000 [0095.632] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0095.633] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0095.633] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0095.633] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0095.634] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0004dfd04 | out: lpMode=0xc0004dfd04) returned 0 [0095.654] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.662] SetEvent (hEvent=0x120) returned 1 [0095.662] SetEvent (hEvent=0x9c) returned 1 [0095.662] SwitchToThread () returned 1 [0095.665] SetEvent (hEvent=0x120) returned 1 [0095.665] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.678] SetEvent (hEvent=0x120) returned 1 [0095.678] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.679] SetEvent (hEvent=0x9c) returned 1 [0095.679] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.683] SetEvent (hEvent=0x13c) returned 1 [0095.683] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.734] SetEvent (hEvent=0x13c) returned 1 [0095.734] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.735] SetEvent (hEvent=0x120) returned 1 [0095.735] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.761] SetEvent (hEvent=0x120) returned 1 [0095.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0095.761] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000115cf4 | out: lpMode=0xc000115cf4) returned 0 [0095.768] GetFileType (hFile=0x14c) returned 0x1 [0095.768] GetFileType (hFile=0x14c) returned 0x1 [0095.768] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc000115d44 | out: lpFileInformation=0xc000115d44) returned 1 [0095.768] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc000115d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000115d28) returned 1 [0095.768] ReadFile (in: hFile=0x14c, lpBuffer=0xc00003c700, nNumberOfBytesToRead=0x316, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c700*, lpNumberOfBytesRead=0xc000115c04*=0x116, lpOverlapped=0x0) returned 1 [0095.769] ReadFile (in: hFile=0x14c, lpBuffer=0xc00003c816, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c816*, lpNumberOfBytesRead=0xc000115c04*=0x0, lpOverlapped=0x0) returned 1 [0095.769] CloseHandle (hObject=0x14c) returned 1 [0095.769] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0095.771] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000115d04 | out: lpMode=0xc000115d04) returned 0 [0095.778] GetFileType (hFile=0x14c) returned 0x1 [0095.778] WriteFile (in: hFile=0x14c, lpBuffer=0xc00007c360*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc000115cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007c360*, lpNumberOfBytesWritten=0xc000115cec*=0x120, lpOverlapped=0x0) returned 1 [0095.779] CloseHandle (hObject=0x14c) returned 1 [0095.781] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0095.781] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0095.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0095.781] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000115d64 | out: lpMode=0xc000115d64) returned 0 [0095.783] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.788] SetEvent (hEvent=0xb8) returned 1 [0095.788] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.860] SetEvent (hEvent=0x120) returned 1 [0095.860] SwitchToThread () returned 1 [0095.867] SetEvent (hEvent=0x120) returned 1 [0095.867] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.869] SetEvent (hEvent=0x114) returned 1 [0095.869] VirtualFree (lpAddress=0xc000166000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.870] VirtualFree (lpAddress=0xc000138000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.870] VirtualFree (lpAddress=0xc0000f8000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0095.870] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.871] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.871] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.871] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.871] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.872] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0468*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000b7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0468*, lpNumberOfCharsWritten=0xc0000b7818*=0x3) returned 1 [0095.879] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0470*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000255818, lpReserved=0x0 | out: lpBuffer=0xc0000a0470*, lpNumberOfCharsWritten=0xc000255818*=0x3) returned 1 [0095.891] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.892] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010118*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000bb818, lpReserved=0x0 | out: lpBuffer=0xc000010118*, lpNumberOfCharsWritten=0xc0000bb818*=0x3) returned 1 [0095.894] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.898] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0480*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0480*, lpNumberOfCharsWritten=0xc00023d818*=0x3) returned 1 [0095.908] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0486*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0486*, lpNumberOfCharsWritten=0xc00024b818*=0x3) returned 1 [0095.923] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.925] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586292*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc000586292*, lpNumberOfCharsWritten=0xc0006e1818*=0x3) returned 1 [0095.935] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012b818, lpReserved=0x0 | out: lpBuffer=0xc000586030*, lpNumberOfCharsWritten=0xc00012b818*=0x3) returned 1 [0095.948] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc0005862f0*, lpNumberOfCharsWritten=0xc00024d818*=0x3) returned 1 [0095.957] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586308*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000119818, lpReserved=0x0 | out: lpBuffer=0xc000586308*, lpNumberOfCharsWritten=0xc000119818*=0x3) returned 1 [0095.972] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a04d0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c1818, lpReserved=0x0 | out: lpBuffer=0xc0000a04d0*, lpNumberOfCharsWritten=0xc0000c1818*=0x3) returned 1 [0095.977] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.978] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0095.981] SetEvent (hEvent=0x114) returned 1 [0095.981] SetEvent (hEvent=0x9c) returned 1 [0095.981] SetEvent (hEvent=0x13c) returned 1 [0095.981] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.002] SetEvent (hEvent=0xb8) returned 1 [0096.002] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.108] SetEvent (hEvent=0x114) returned 1 [0096.108] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0096.108] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0096.110] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.111] GetFileType (hFile=0x14c) returned 0x1 [0096.111] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.127] VirtualAlloc (lpAddress=0xc00013e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013e000 [0096.128] VirtualAlloc (lpAddress=0xc000140000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000140000 [0096.128] SetEvent (hEvent=0x120) returned 1 [0096.128] GetFileType (hFile=0x14c) returned 0x1 [0096.128] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.131] SetEvent (hEvent=0x120) returned 1 [0096.131] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0096.131] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0096.131] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0096.132] ReadFile (in: hFile=0x14c, lpBuffer=0xc000060000, nNumberOfBytesToRead=0x2f9, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesRead=0xc0006e1c04*=0xf9, lpOverlapped=0x0) returned 1 [0096.133] ReadFile (in: hFile=0x14c, lpBuffer=0xc0000600f9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000600f9*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0096.133] CloseHandle (hObject=0x14c) returned 1 [0096.133] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0096.134] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0096.140] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.142] GetFileType (hFile=0x14c) returned 0x1 [0096.142] WriteFile (in: hFile=0x14c, lpBuffer=0xc000000500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000000500*, lpNumberOfBytesWritten=0xc0006e1cec*=0x100, lpOverlapped=0x0) returned 1 [0096.143] CloseHandle (hObject=0x14c) returned 1 [0096.144] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0096.144] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0096.144] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0096.158] GetFileType (hFile=0x14c) returned 0x1 [0096.158] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.158] CloseHandle (hObject=0x14c) returned 1 [0096.159] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0096.160] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0096.160] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.164] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.171] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.172] SetEvent (hEvent=0x8c) returned 1 [0096.172] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.183] VirtualAlloc (lpAddress=0xc000148000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000148000 [0096.183] VirtualAlloc (lpAddress=0xc00014a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014a000 [0096.184] VirtualAlloc (lpAddress=0xc00014c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014c000 [0096.184] VirtualAlloc (lpAddress=0xc00014e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014e000 [0096.185] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0096.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0096.185] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000189cf4 | out: lpMode=0xc000189cf4) returned 0 [0096.194] GetFileType (hFile=0x144) returned 0x1 [0096.194] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0096.195] GetFileType (hFile=0x144) returned 0x1 [0096.195] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000189d44 | out: lpFileInformation=0xc000189d44) returned 1 [0096.195] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000189d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000189d28) returned 1 [0096.195] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0096.195] ReadFile (in: hFile=0x144, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x304, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc000189c04*=0x104, lpOverlapped=0x0) returned 1 [0096.197] ReadFile (in: hFile=0x144, lpBuffer=0xc000094104, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094104*, lpNumberOfBytesRead=0xc000189c04*=0x0, lpOverlapped=0x0) returned 1 [0096.197] CloseHandle (hObject=0x144) returned 1 [0096.197] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0096.197] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0096.198] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0096.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0096.199] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000189d04 | out: lpMode=0xc000189d04) returned 0 [0096.206] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.245] SetEvent (hEvent=0x15c) returned 1 [0096.245] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.254] SetEvent (hEvent=0x15c) returned 1 [0096.254] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.278] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.284] SetEvent (hEvent=0x12c) returned 1 [0096.284] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.286] SetEvent (hEvent=0x8c) returned 1 [0096.286] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.287] SetEvent (hEvent=0x12c) returned 1 [0096.287] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.289] SetEvent (hEvent=0x12c) returned 1 [0096.289] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.289] SetEvent (hEvent=0x12c) returned 1 [0096.289] SetEvent (hEvent=0x15c) returned 1 [0096.289] SetEvent (hEvent=0x8c) returned 1 [0096.289] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.295] SwitchToThread () returned 1 [0096.296] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.298] SetEvent (hEvent=0x12c) returned 1 [0096.298] SetEvent (hEvent=0x15c) returned 1 [0096.298] VirtualFree (lpAddress=0xc00015a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.298] VirtualAlloc (lpAddress=0xc000196000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000196000 [0096.299] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.299] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.299] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.299] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.299] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.299] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.300] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0096.300] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108)) returned 1 [0096.300] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.301] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.301] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.301] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.301] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x105, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.301] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.301] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.301] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x105)) returned 1 [0096.319] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.330] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0096.330] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.331] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0096.331] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.331] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0096.332] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.332] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.332] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.332] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.333] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0096.333] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0096.333] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102)) returned 1 [0096.334] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.334] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.334] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.334] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x125, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.334] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.334] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.335] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x125)) returned 1 [0096.337] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.349] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0096.349] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.350] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.350] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.350] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.350] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.350] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.350] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.350] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119)) returned 1 [0096.351] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.351] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.351] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.351] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.352] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.352] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.352] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11d)) returned 1 [0096.365] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.369] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.369] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.369] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.369] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.369] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.370] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.370] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.370] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102)) returned 1 [0096.370] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.371] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.371] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.371] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.371] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.371] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.371] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.371] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe)) returned 1 [0096.374] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.376] VirtualAlloc (lpAddress=0xc00013c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013c000 [0096.376] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.377] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.377] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.377] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.377] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.377] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.377] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf2)) returned 1 [0096.378] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.378] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.378] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.378] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f312f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f312f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.378] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.378] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.378] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.378] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f312f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f33230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0xda)) returned 1 [0096.383] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.384] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.384] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0096.384] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.384] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.384] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.384] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.385] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101)) returned 1 [0096.385] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.385] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.385] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.385] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.385] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.385] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.386] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6)) returned 1 [0096.417] VirtualAlloc (lpAddress=0xc000148000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000148000 [0096.418] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.418] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.418] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.418] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.418] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.418] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.419] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.419] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108)) returned 1 [0096.419] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.420] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.420] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.420] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f57450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.420] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.420] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.420] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.420] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f57450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f57c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119)) returned 1 [0096.431] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.436] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.441] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.442] SetEvent (hEvent=0xb8) returned 1 [0096.442] SetEvent (hEvent=0x12c) returned 1 [0096.442] VirtualFree (lpAddress=0xc00019c000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0096.443] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.443] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.443] VirtualFree (lpAddress=0xc0000f4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.444] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.444] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.444] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.444] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.445] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.445] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.445] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.445] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.446] VirtualFree (lpAddress=0xc00004e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0096.446] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.446] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.447] SetEvent (hEvent=0x8c) returned 1 [0096.447] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.451] SwitchToThread () returned 1 [0096.451] SetEvent (hEvent=0xb8) returned 1 [0096.451] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.451] SetEvent (hEvent=0xb8) returned 1 [0096.451] SetEvent (hEvent=0x12c) returned 1 [0096.451] SetEvent (hEvent=0x8c) returned 1 [0096.452] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.471] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0096.471] SetEvent (hEvent=0x120) returned 1 [0096.471] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0096.473] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.549] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.549] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.561] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.562] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0096.562] SetEvent (hEvent=0x12c) returned 1 [0096.562] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.582] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0096.582] SetEvent (hEvent=0x8c) returned 1 [0096.582] SetEvent (hEvent=0x9c) returned 1 [0096.583] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.591] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.591] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.598] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.598] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.598] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.599] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0096.599] SetEvent (hEvent=0xc0) returned 1 [0096.599] SetEvent (hEvent=0xb8) returned 1 [0096.599] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.599] GetFileType (hFile=0xf4) returned 0x1 [0096.638] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc0000ebd44 | out: lpFileInformation=0xc0000ebd44) returned 1 [0096.638] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc0000ebd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000ebd28) returned 1 [0096.638] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x319, lpNumberOfBytesRead=0xc0000ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc0000ebc04*=0x119, lpOverlapped=0x0) returned 1 [0096.639] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000a2119, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2119*, lpNumberOfBytesRead=0xc0000ebc04*=0x0, lpOverlapped=0x0) returned 1 [0096.639] CloseHandle (hObject=0xf4) returned 1 [0096.639] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0096.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0096.641] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000ebd04 | out: lpMode=0xc0000ebd04) returned 0 [0096.641] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.644] SetEvent (hEvent=0x12c) returned 1 [0096.644] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.644] SetEvent (hEvent=0x12c) returned 1 [0096.644] SetEvent (hEvent=0x120) returned 1 [0096.644] VirtualFree (lpAddress=0xc0001aa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.645] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.645] VirtualFree (lpAddress=0xc0000f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.645] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.645] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.645] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.646] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.646] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.646] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.646] VirtualAlloc (lpAddress=0xc0001ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ac000 [0096.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0096.647] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000141cf4 | out: lpMode=0xc000141cf4) returned 0 [0096.651] GetFileType (hFile=0x148) returned 0x1 [0096.651] GetFileType (hFile=0x148) returned 0x1 [0096.651] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000141d44 | out: lpFileInformation=0xc000141d44) returned 1 [0096.651] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000141d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000141d28) returned 1 [0096.651] VirtualAlloc (lpAddress=0xc0001ae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ae000 [0096.651] ReadFile (in: hFile=0x148, lpBuffer=0xc0001ae000, nNumberOfBytesToRead=0x2fe, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ae000*, lpNumberOfBytesRead=0xc000141c04*=0xfe, lpOverlapped=0x0) returned 1 [0096.652] ReadFile (in: hFile=0x148, lpBuffer=0xc0001ae0fe, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ae0fe*, lpNumberOfBytesRead=0xc000141c04*=0x0, lpOverlapped=0x0) returned 1 [0096.652] CloseHandle (hObject=0x148) returned 1 [0096.652] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0096.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0096.653] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000141d04 | out: lpMode=0xc000141d04) returned 0 [0096.663] GetFileType (hFile=0x148) returned 0x1 [0096.663] WriteFile (in: hFile=0x148, lpBuffer=0xc000082300*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc000141cec, lpOverlapped=0x0 | out: lpBuffer=0xc000082300*, lpNumberOfBytesWritten=0xc000141cec*=0x100, lpOverlapped=0x0) returned 1 [0096.664] CloseHandle (hObject=0x148) returned 1 [0096.668] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0096.668] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0096.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0096.668] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000141d64 | out: lpMode=0xc000141d64) returned 0 [0096.686] GetFileType (hFile=0x148) returned 0x1 [0096.687] WriteFile (in: hFile=0x148, lpBuffer=0xc000146580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000141d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000146580*, lpNumberOfBytesWritten=0xc000141d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.687] CloseHandle (hObject=0x148) returned 1 [0096.688] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.702] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.706] SetEvent (hEvent=0x8c) returned 1 [0096.706] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.723] SetEvent (hEvent=0x9c) returned 1 [0096.723] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.741] SetEvent (hEvent=0x120) returned 1 [0096.741] SetEvent (hEvent=0x12c) returned 1 [0096.741] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.742] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.742] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.742] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.743] SetEvent (hEvent=0xb8) returned 1 [0096.743] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.867] SetEvent (hEvent=0x120) returned 1 [0096.867] SetEvent (hEvent=0x8c) returned 1 [0096.867] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.869] SetEvent (hEvent=0x120) returned 1 [0096.869] SwitchToThread () returned 1 [0096.870] SetEvent (hEvent=0x120) returned 1 [0096.870] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.871] SetEvent (hEvent=0xb8) returned 1 [0096.871] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.876] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.881] SetEvent (hEvent=0x120) returned 1 [0096.881] SetEvent (hEvent=0x8c) returned 1 [0096.881] SetEvent (hEvent=0x12c) returned 1 [0096.881] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.884] SwitchToThread () returned 1 [0096.886] SetEvent (hEvent=0x120) returned 1 [0096.886] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.887] SetEvent (hEvent=0x120) returned 1 [0096.887] SetEvent (hEvent=0x8c) returned 1 [0096.887] SetEvent (hEvent=0x12c) returned 1 [0096.887] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.894] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.895] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010130*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000063818, lpReserved=0x0 | out: lpBuffer=0xc000010130*, lpNumberOfCharsWritten=0xc000063818*=0x3) returned 1 [0096.898] SetEvent (hEvent=0x8c) returned 1 [0096.898] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010136*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000181818, lpReserved=0x0 | out: lpBuffer=0xc000010136*, lpNumberOfCharsWritten=0xc000181818*=0x3) returned 1 [0096.900] SetEvent (hEvent=0x8c) returned 1 [0096.900] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.914] SetEvent (hEvent=0x120) returned 1 [0096.914] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0096.914] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0096.914] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0096.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0096.915] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000f9cf4 | out: lpMode=0xc0000f9cf4) returned 0 [0096.922] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.925] GetFileType (hFile=0x128) returned 0x1 [0096.925] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0096.926] GetFileType (hFile=0x128) returned 0x1 [0096.926] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0000f9d44 | out: lpFileInformation=0xc0000f9d44) returned 1 [0096.926] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0000f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f9d28) returned 1 [0096.926] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0096.926] ReadFile (in: hFile=0x128, lpBuffer=0xc000050000, nNumberOfBytesToRead=0x2fd, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesRead=0xc0000f9c04*=0xfd, lpOverlapped=0x0) returned 1 [0096.927] ReadFile (in: hFile=0x128, lpBuffer=0xc0000500fd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000500fd*, lpNumberOfBytesRead=0xc0000f9c04*=0x0, lpOverlapped=0x0) returned 1 [0096.928] CloseHandle (hObject=0x128) returned 1 [0096.928] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0096.928] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0096.928] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0096.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0096.930] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000f9d04 | out: lpMode=0xc0000f9d04) returned 0 [0096.934] GetFileType (hFile=0x128) returned 0x1 [0096.934] VirtualAlloc (lpAddress=0xc000136000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000136000 [0096.934] VirtualAlloc (lpAddress=0xc000138000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000138000 [0096.935] WriteFile (in: hFile=0x128, lpBuffer=0xc000532000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc0000f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000532000*, lpNumberOfBytesWritten=0xc0000f9cec*=0x100, lpOverlapped=0x0) returned 1 [0096.936] CloseHandle (hObject=0x128) returned 1 [0096.947] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0096.947] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0096.947] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0096.947] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0096.948] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0096.948] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0096.948] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0096.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0096.949] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000f9d64 | out: lpMode=0xc0000f9d64) returned 0 [0096.962] GetFileType (hFile=0x128) returned 0x1 [0096.962] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0000f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.962] CloseHandle (hObject=0x128) returned 1 [0096.963] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0096.968] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000067cf4 | out: lpMode=0xc000067cf4) returned 0 [0096.973] GetFileType (hFile=0x128) returned 0x1 [0096.973] GetFileType (hFile=0x128) returned 0x1 [0096.973] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000067d44 | out: lpFileInformation=0xc000067d44) returned 1 [0096.973] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000067d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000067d28) returned 1 [0096.973] ReadFile (in: hFile=0x128, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x30e, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc000067c04*=0x10e, lpOverlapped=0x0) returned 1 [0096.974] ReadFile (in: hFile=0x128, lpBuffer=0xc00009410e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc00009410e*, lpNumberOfBytesRead=0xc000067c04*=0x0, lpOverlapped=0x0) returned 1 [0096.975] CloseHandle (hObject=0x128) returned 1 [0096.975] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0096.975] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0096.976] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000067d04 | out: lpMode=0xc000067d04) returned 0 [0096.979] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0096.981] SetEvent (hEvent=0x120) returned 1 [0096.981] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.231] SetEvent (hEvent=0x8c) returned 1 [0097.231] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.463] SetEvent (hEvent=0x120) returned 1 [0097.463] SetEvent (hEvent=0x13c) returned 1 [0097.463] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.501] SetEvent (hEvent=0x120) returned 1 [0097.501] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.540] SetEvent (hEvent=0x13c) returned 1 [0097.540] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.724] SetEvent (hEvent=0x8c) returned 1 [0097.725] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.758] SetEvent (hEvent=0x9c) returned 1 [0097.758] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0097.758] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0097.759] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0097.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0097.759] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00018fcf4 | out: lpMode=0xc00018fcf4) returned 0 [0097.761] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.762] SetEvent (hEvent=0xc0) returned 1 [0097.762] SetEvent (hEvent=0x9c) returned 1 [0097.762] GetFileType (hFile=0x128) returned 0x1 [0097.762] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.768] GetFileType (hFile=0x128) returned 0x1 [0097.769] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00018fd44 | out: lpFileInformation=0xc00018fd44) returned 1 [0097.769] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00018fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018fd28) returned 1 [0097.769] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0097.769] ReadFile (in: hFile=0x128, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc00018fc04*=0xb3, lpOverlapped=0x0) returned 1 [0097.770] ReadFile (in: hFile=0x128, lpBuffer=0xc0000360b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000360b3*, lpNumberOfBytesRead=0xc00018fc04*=0x0, lpOverlapped=0x0) returned 1 [0097.770] CloseHandle (hObject=0x128) returned 1 [0097.770] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0097.770] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0097.771] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0097.771] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0097.771] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0097.771] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0097.772] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00018fd04 | out: lpMode=0xc00018fd04) returned 0 [0097.780] GetFileType (hFile=0x128) returned 0x1 [0097.781] WriteFile (in: hFile=0x128, lpBuffer=0xc00004c000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc00018fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesWritten=0xc00018fcec*=0xc0, lpOverlapped=0x0) returned 1 [0097.781] CloseHandle (hObject=0x128) returned 1 [0097.782] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0097.782] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0097.782] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0097.782] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0097.783] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0097.783] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0097.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0097.784] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00018fd64 | out: lpMode=0xc00018fd64) returned 0 [0097.789] GetFileType (hFile=0x128) returned 0x1 [0097.790] WriteFile (in: hFile=0x128, lpBuffer=0xc00005c580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00005c580*, lpNumberOfBytesWritten=0xc00018fd4c*=0x158, lpOverlapped=0x0) returned 1 [0097.790] CloseHandle (hObject=0x128) returned 1 [0097.790] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.790] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.825] SetEvent (hEvent=0x8c) returned 1 [0097.825] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.831] SetEvent (hEvent=0x8c) returned 1 [0097.831] SetEvent (hEvent=0x120) returned 1 [0097.831] VirtualFree (lpAddress=0xc0002dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.831] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.831] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.832] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.832] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.832] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0097.832] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010058*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018b818, lpReserved=0x0 | out: lpBuffer=0xc000010058*, lpNumberOfCharsWritten=0xc00018b818*=0x3) returned 1 [0097.838] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.840] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0450*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00013f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0450*, lpNumberOfCharsWritten=0xc00013f818*=0x3) returned 1 [0097.844] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.844] SetEvent (hEvent=0x8c) returned 1 [0097.844] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.845] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000119818, lpReserved=0x0 | out: lpBuffer=0xc0000a01c0*, lpNumberOfCharsWritten=0xc000119818*=0x3) returned 1 [0097.846] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01c6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000045818, lpReserved=0x0 | out: lpBuffer=0xc0000a01c6*, lpNumberOfCharsWritten=0xc000045818*=0x3) returned 1 [0097.856] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010088*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000e5818, lpReserved=0x0 | out: lpBuffer=0xc000010088*, lpNumberOfCharsWritten=0xc0000e5818*=0x3) returned 1 [0097.860] SetEvent (hEvent=0x9c) returned 1 [0097.860] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.864] SetEvent (hEvent=0x13c) returned 1 [0097.864] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.864] SetEvent (hEvent=0x9c) returned 1 [0097.864] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.866] SetEvent (hEvent=0x13c) returned 1 [0097.866] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.866] SetEvent (hEvent=0x13c) returned 1 [0097.866] SetEvent (hEvent=0x9c) returned 1 [0097.866] VirtualFree (lpAddress=0xc000290000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.867] VirtualFree (lpAddress=0xc000270000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.867] VirtualFree (lpAddress=0xc0001fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.867] VirtualFree (lpAddress=0xc0001d0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.867] VirtualFree (lpAddress=0xc00017e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.867] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.868] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.868] GetFileType (hFile=0x154) returned 0x1 [0097.868] GetFileType (hFile=0x154) returned 0x1 [0097.868] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc000155d44 | out: lpFileInformation=0xc000155d44) returned 1 [0097.868] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc000155d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000155d28) returned 1 [0097.868] ReadFile (in: hFile=0x154, lpBuffer=0xc000040000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesRead=0xc000155c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.869] ReadFile (in: hFile=0x154, lpBuffer=0xc0000400b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000400b3*, lpNumberOfBytesRead=0xc000155c04*=0x0, lpOverlapped=0x0) returned 1 [0097.869] CloseHandle (hObject=0x154) returned 1 [0097.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.870] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000155d04 | out: lpMode=0xc000155d04) returned 0 [0097.870] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.872] GetFileType (hFile=0x154) returned 0x1 [0097.872] WriteFile (in: hFile=0x154, lpBuffer=0xc000060000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000155cec, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesWritten=0xc000155cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.873] CloseHandle (hObject=0x154) returned 1 [0097.873] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0097.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.873] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000155d64 | out: lpMode=0xc000155d64) returned 0 [0097.873] GetFileType (hFile=0x154) returned 0x1 [0097.874] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0097.874] WriteFile (in: hFile=0x154, lpBuffer=0xc00005e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000155d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesWritten=0xc000155d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.874] CloseHandle (hObject=0x154) returned 1 [0097.874] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0097.875] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0097.875] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.876] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.876] SetEvent (hEvent=0x13c) returned 1 [0097.877] SetEvent (hEvent=0x9c) returned 1 [0097.877] VirtualFree (lpAddress=0xc000236000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.877] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.877] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.878] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.878] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.878] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.878] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.878] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.878] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.878] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.879] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.879] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.879] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.879] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.879] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.881] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.883] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.883] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.883] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.883] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.884] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.884] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.884] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.884] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.884] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.885] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.885] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.885] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.885] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.885] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.885] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.890] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.894] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.894] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.895] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.895] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.895] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.895] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.895] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.895] SetEvent (hEvent=0x8c) returned 1 [0097.895] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.895] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.895] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.896] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.896] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.896] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.896] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.896] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d75f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.896] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.897] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.903] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.903] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.903] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.903] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.903] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.904] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.904] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0097.904] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.905] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.905] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.905] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.905] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.905] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.905] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.905] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.905] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.906] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.906] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.906] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.906] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x628aed00, ftLastWriteTime.dwHighDateTime=0x1d0f5b2, nFileSizeHigh=0x0, nFileSizeLow=0x2769, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0097.906] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.906] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.906] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x628aed00, ftLastWriteTime.dwHighDateTime=0x1d0f5b2, nFileSizeHigh=0x0, nFileSizeLow=0x2769)) returned 1 [0097.906] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d8)) returned 1 [0097.906] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0097.907] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0097.907] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0097.907] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x844bb8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844c0700, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844c0700, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.915] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0097.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.915] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0097.916] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\*", lpFindFileData=0xc0000751d0 | out: lpFindFileData=0xc0000751d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x844bb8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844c0700, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844c0700, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.916] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0097.916] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x844bb8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844c0700, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844c0700, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.916] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.1_0", cAlternateFileName="")) returned 1 [0097.916] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.916] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.917] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.922] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\*", lpFindFileData=0xc0000750f8 | out: lpFindFileData=0xc0000750f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.958] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8401b790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.958] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84234950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd47, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0097.958] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84239770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0097.958] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8423be80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8423e590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0097.958] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84240ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84240ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.js", cAlternateFileName="")) returned 1 [0097.959] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x840205b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84245ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844aa770, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0097.959] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8402f010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422fb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422fb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0097.959] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0097.959] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.959] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.960] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0097.960] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0097.960] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0097.961] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8402f010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422fb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422fb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.962] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.962] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8402f010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422fb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422fb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.974] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8402f010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422fb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422fb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.974] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84036540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8403b360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0097.974] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x840512f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84056110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84056110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0097.974] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84062460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84067280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84067280, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0097.974] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8406e7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8407f920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8407f920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0097.974] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8408bc70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84090a90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84090a90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0097.974] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84097fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8409cde0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8409cde0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0097.974] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841147f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84116f00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84116f00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0097.974] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8411bd20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84120b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84120b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_GB", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8412a780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8412ce90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8412ce90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_US", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84131cb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841343c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841343c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841391e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8413b8f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8413b8f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es_419", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84140710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84142e20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84147c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414a350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8414a350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84153f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841566a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8415b4c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8415dbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841629f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84165100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="he", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84169f20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8416c630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84171450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84173b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84176270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8417b090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8417feb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841825c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841873e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84189af0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8418e910, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84191020, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84195e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84198550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84198550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8419fa80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a2190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a2190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841a6fb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a96c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ms", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ae4e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b0bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841b5a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b8120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841bcf40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841bf650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841c6b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841c9290, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ce0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d07c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d07c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841d55e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841d7cf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841d7cf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0097.975] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841dcb10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841df220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841df220, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0097.976] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841eb570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f0390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f0390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0097.976] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841f51b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841f78c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841f78c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0097.976] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841fc6e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841fedf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841fedf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0097.976] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84203c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84206320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84206320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0097.976] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8420b140, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8420d850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8420d850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0097.976] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84212670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84212670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0097.976] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84219ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8421c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0097.976] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842210d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x842237e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0097.976] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84228600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0097.976] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84232240, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0097.976] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.976] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.977] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84036540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8403b360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.978] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.978] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84036540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8403b360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.978] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84036540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8403b360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.979] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8403b360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.979] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.979] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.979] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8403b360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8403b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe)) returned 1 [0097.983] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.993] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0097.998] SetEvent (hEvent=0x12c) returned 1 [0097.998] SetEvent (hEvent=0x120) returned 1 [0097.998] SetEvent (hEvent=0x8c) returned 1 [0097.998] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.009] SetEvent (hEvent=0x120) returned 1 [0098.009] SetEvent (hEvent=0x13c) returned 1 [0098.009] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.040] SetEvent (hEvent=0x120) returned 1 [0098.040] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.041] SetEvent (hEvent=0x13c) returned 1 [0098.042] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.086] SetEvent (hEvent=0x9c) returned 1 [0098.086] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.098] SwitchToThread () returned 1 [0098.100] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0098.101] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000ebcf4 | out: lpMode=0xc0000ebcf4) returned 0 [0098.108] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.109] GetFileType (hFile=0x154) returned 0x1 [0098.109] GetFileType (hFile=0x154) returned 0x1 [0098.109] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc0000ebd44 | out: lpFileInformation=0xc0000ebd44) returned 1 [0098.109] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc0000ebd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000ebd28) returned 1 [0098.109] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0098.109] ReadFile (in: hFile=0x154, lpBuffer=0xc00016c000, nNumberOfBytesToRead=0x2e5, lpNumberOfBytesRead=0xc0000ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c000*, lpNumberOfBytesRead=0xc0000ebc04*=0xe5, lpOverlapped=0x0) returned 1 [0098.111] ReadFile (in: hFile=0x154, lpBuffer=0xc00016c0e5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c0e5*, lpNumberOfBytesRead=0xc0000ebc04*=0x0, lpOverlapped=0x0) returned 1 [0098.111] CloseHandle (hObject=0x154) returned 1 [0098.111] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0098.111] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0098.112] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0098.113] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000ebd04 | out: lpMode=0xc0000ebd04) returned 0 [0098.114] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.118] GetFileType (hFile=0x154) returned 0x1 [0098.118] WriteFile (in: hFile=0x154, lpBuffer=0xc0001761e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0000ebcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001761e0*, lpNumberOfBytesWritten=0xc0000ebcec*=0xf0, lpOverlapped=0x0) returned 1 [0098.119] CloseHandle (hObject=0x154) returned 1 [0098.120] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0098.120] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0098.120] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000ebd64 | out: lpMode=0xc0000ebd64) returned 0 [0098.130] GetFileType (hFile=0x154) returned 0x1 [0098.130] WriteFile (in: hFile=0x154, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000ebd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000ebd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.130] CloseHandle (hObject=0x154) returned 1 [0098.130] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.131] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0098.131] SetEvent (hEvent=0x15c) returned 1 [0098.131] SetEvent (hEvent=0x8c) returned 1 [0098.131] SetEvent (hEvent=0x120) returned 1 [0098.132] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.134] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.134] SetEvent (hEvent=0x8c) returned 1 [0098.134] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.137] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.137] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.138] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0098.139] SetEvent (hEvent=0xc0) returned 1 [0098.139] SetEvent (hEvent=0x8c) returned 1 [0098.139] SetEvent (hEvent=0x12c) returned 1 [0098.139] SetEvent (hEvent=0x13c) returned 1 [0098.139] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.144] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.144] GetFileType (hFile=0xf4) returned 0x1 [0098.144] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc00012bd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.144] CloseHandle (hObject=0xf4) returned 1 [0098.144] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0098.145] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0098.145] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.146] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0098.146] SetEvent (hEvent=0x8c) returned 1 [0098.146] SetEvent (hEvent=0x15c) returned 1 [0098.147] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.151] SetEvent (hEvent=0x120) returned 1 [0098.151] SetEvent (hEvent=0x8c) returned 1 [0098.152] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.160] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.161] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0098.161] SetEvent (hEvent=0xc0) returned 1 [0098.161] SetEvent (hEvent=0x9c) returned 1 [0098.161] SetEvent (hEvent=0x12c) returned 1 [0098.161] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.186] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0098.186] SetEvent (hEvent=0x8c) returned 1 [0098.186] SetEvent (hEvent=0x120) returned 1 [0098.186] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.191] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.191] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0098.191] SetEvent (hEvent=0x120) returned 1 [0098.191] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.199] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.199] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.200] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0098.200] SetEvent (hEvent=0xc0) returned 1 [0098.200] SetEvent (hEvent=0x12c) returned 1 [0098.200] SetEvent (hEvent=0x8c) returned 1 [0098.200] SetEvent (hEvent=0x9c) returned 1 [0098.201] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.207] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.221] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.222] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0098.222] SetEvent (hEvent=0xc0) returned 1 [0098.222] SetEvent (hEvent=0x120) returned 1 [0098.222] SetEvent (hEvent=0x8c) returned 1 [0098.223] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.240] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0098.240] SetEvent (hEvent=0x9c) returned 1 [0098.240] SetEvent (hEvent=0x12c) returned 1 [0098.241] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.247] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.247] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.252] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.253] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.254] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0098.254] SetEvent (hEvent=0xc0) returned 1 [0098.254] SetEvent (hEvent=0x12c) returned 1 [0098.255] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.268] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0098.268] SetEvent (hEvent=0x9c) returned 1 [0098.268] SetEvent (hEvent=0x120) returned 1 [0098.268] SetEvent (hEvent=0x13c) returned 1 [0098.268] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.274] SetEvent (hEvent=0x15c) returned 1 [0098.275] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.285] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0098.285] SetEvent (hEvent=0x15c) returned 1 [0098.285] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.293] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.293] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.294] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.294] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0098.294] SetEvent (hEvent=0xc0) returned 1 [0098.294] SetEvent (hEvent=0x15c) returned 1 [0098.294] SetEvent (hEvent=0x8c) returned 1 [0098.295] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.298] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.305] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.305] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0098.305] SetEvent (hEvent=0x13c) returned 1 [0098.306] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0098.306] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00012bcf4 | out: lpMode=0xc00012bcf4) returned 0 [0098.307] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.312] SetEvent (hEvent=0x15c) returned 1 [0098.312] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.312] SetEvent (hEvent=0x15c) returned 1 [0098.312] SetEvent (hEvent=0x12c) returned 1 [0098.312] VirtualFree (lpAddress=0xc00017c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.313] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.313] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.313] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.314] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.314] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.314] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.314] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.314] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.315] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.315] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.315] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0098.316] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0098.316] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000133cf4 | out: lpMode=0xc000133cf4) returned 0 [0098.320] GetFileType (hFile=0xf4) returned 0x1 [0098.320] GetFileType (hFile=0xf4) returned 0x1 [0098.320] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000133d44 | out: lpFileInformation=0xc000133d44) returned 1 [0098.320] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000133d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000133d28) returned 1 [0098.320] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0098.320] ReadFile (in: hFile=0xf4, lpBuffer=0xc00007c000, nNumberOfBytesToRead=0x2ee, lpNumberOfBytesRead=0xc000133c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesRead=0xc000133c04*=0xee, lpOverlapped=0x0) returned 1 [0098.321] ReadFile (in: hFile=0xf4, lpBuffer=0xc00007c0ee, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000133c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c0ee*, lpNumberOfBytesRead=0xc000133c04*=0x0, lpOverlapped=0x0) returned 1 [0098.321] CloseHandle (hObject=0xf4) returned 1 [0098.322] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0098.323] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000133d04 | out: lpMode=0xc000133d04) returned 0 [0098.346] GetFileType (hFile=0xf4) returned 0x1 [0098.346] WriteFile (in: hFile=0xf4, lpBuffer=0xc00003c1e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000133cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c1e0*, lpNumberOfBytesWritten=0xc000133cec*=0xf0, lpOverlapped=0x0) returned 1 [0098.347] CloseHandle (hObject=0xf4) returned 1 [0098.348] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0098.348] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0098.348] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0098.348] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000133d64 | out: lpMode=0xc000133d64) returned 0 [0098.361] GetFileType (hFile=0xf4) returned 0x1 [0098.361] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000133d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000133d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.361] CloseHandle (hObject=0xf4) returned 1 [0098.361] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.363] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0098.363] SetEvent (hEvent=0x13c) returned 1 [0098.363] SetEvent (hEvent=0x8c) returned 1 [0098.363] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0098.365] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.369] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.369] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0098.369] SetEvent (hEvent=0x8c) returned 1 [0098.369] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.377] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.377] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.378] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.378] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0098.378] SetEvent (hEvent=0xc0) returned 1 [0098.378] SetEvent (hEvent=0x13c) returned 1 [0098.378] SetEvent (hEvent=0x12c) returned 1 [0098.379] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.383] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.388] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.389] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0098.389] SetEvent (hEvent=0x13c) returned 1 [0098.389] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.389] GetFileType (hFile=0x128) returned 0x1 [0098.389] WriteFile (in: hFile=0x128, lpBuffer=0xc000204000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00019dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000204000*, lpNumberOfBytesWritten=0xc00019dd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.390] CloseHandle (hObject=0x128) returned 1 [0098.390] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.391] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.391] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0098.391] SetEvent (hEvent=0x12c) returned 1 [0098.391] SetEvent (hEvent=0x13c) returned 1 [0098.392] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.396] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.488] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.488] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0098.488] SetEvent (hEvent=0x12c) returned 1 [0098.488] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.519] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0098.519] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0098.520] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0098.520] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0098.521] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0098.521] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0098.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0098.522] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000045cf4 | out: lpMode=0xc000045cf4) returned 0 [0098.523] GetFileType (hFile=0x128) returned 0x1 [0098.523] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0098.523] VirtualAlloc (lpAddress=0xc00017e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017e000 [0098.524] GetFileType (hFile=0x128) returned 0x1 [0098.524] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000045d44 | out: lpFileInformation=0xc000045d44) returned 1 [0098.524] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000045d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000045d28) returned 1 [0098.524] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0098.524] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0098.525] ReadFile (in: hFile=0x128, lpBuffer=0xc0000ce000, nNumberOfBytesToRead=0x2d5, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesRead=0xc000045c04*=0xd5, lpOverlapped=0x0) returned 1 [0098.526] ReadFile (in: hFile=0x128, lpBuffer=0xc0000ce0d5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce0d5*, lpNumberOfBytesRead=0xc000045c04*=0x0, lpOverlapped=0x0) returned 1 [0098.526] CloseHandle (hObject=0x128) returned 1 [0098.526] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0098.526] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0098.527] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0098.527] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0098.528] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0098.529] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000045d04 | out: lpMode=0xc000045d04) returned 0 [0098.530] GetFileType (hFile=0x128) returned 0x1 [0098.530] WriteFile (in: hFile=0x128, lpBuffer=0xc0000f0000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000045cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesWritten=0xc000045cec*=0xe0, lpOverlapped=0x0) returned 1 [0098.531] CloseHandle (hObject=0x128) returned 1 [0098.531] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0098.532] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0098.532] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0098.532] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0098.533] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0098.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0098.534] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000045d64 | out: lpMode=0xc000045d64) returned 0 [0098.541] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0098.549] SetEvent (hEvent=0x8c) returned 1 [0098.549] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.310] SetEvent (hEvent=0x15c) returned 1 [0099.310] SetEvent (hEvent=0x120) returned 1 [0099.310] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.315] SetEvent (hEvent=0x15c) returned 1 [0099.315] SetEvent (hEvent=0x13c) returned 1 [0099.315] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.317] SetEvent (hEvent=0x15c) returned 1 [0099.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x168 [0099.318] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0001cbcf4 | out: lpMode=0xc0001cbcf4) returned 0 [0099.327] GetFileType (hFile=0x168) returned 0x1 [0099.327] GetFileType (hFile=0x168) returned 0x1 [0099.327] GetFileInformationByHandle (in: hFile=0x168, lpFileInformation=0xc0001cbd44 | out: lpFileInformation=0xc0001cbd44) returned 1 [0099.327] GetFileInformationByHandleEx (in: hFile=0x168, FileInformationClass=0x9, lpFileInformation=0xc0001cbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cbd28) returned 1 [0099.327] ReadFile (in: hFile=0x168, lpBuffer=0xc0001ea000, nNumberOfBytesToRead=0x2b7, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ea000*, lpNumberOfBytesRead=0xc0001cbc04*=0xb7, lpOverlapped=0x0) returned 1 [0099.328] ReadFile (in: hFile=0x168, lpBuffer=0xc0001ea0b7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ea0b7*, lpNumberOfBytesRead=0xc0001cbc04*=0x0, lpOverlapped=0x0) returned 1 [0099.328] CloseHandle (hObject=0x168) returned 1 [0099.328] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0099.329] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0001cbd04 | out: lpMode=0xc0001cbd04) returned 0 [0099.334] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.349] GetFileType (hFile=0x168) returned 0x1 [0099.349] WriteFile (in: hFile=0x168, lpBuffer=0xc0001f2000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0001cbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001f2000*, lpNumberOfBytesWritten=0xc0001cbcec*=0xc0, lpOverlapped=0x0) returned 1 [0099.350] CloseHandle (hObject=0x168) returned 1 [0099.350] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0099.351] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0099.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0099.351] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0001cbd64 | out: lpMode=0xc0001cbd64) returned 0 [0099.352] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.352] GetFileType (hFile=0x168) returned 0x1 [0099.352] WriteFile (in: hFile=0x168, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc0001cbd4c*=0x158, lpOverlapped=0x0) returned 1 [0099.353] CloseHandle (hObject=0x168) returned 1 [0099.353] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.354] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.360] SetEvent (hEvent=0x12c) returned 1 [0099.360] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.361] SetEvent (hEvent=0x15c) returned 1 [0099.361] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.365] SetEvent (hEvent=0x12c) returned 1 [0099.366] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.376] SetEvent (hEvent=0x12c) returned 1 [0099.376] SetEvent (hEvent=0xb8) returned 1 [0099.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x168 [0099.377] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0001b7cf4 | out: lpMode=0xc0001b7cf4) returned 0 [0099.379] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.396] SetEvent (hEvent=0x12c) returned 1 [0099.396] GetFileType (hFile=0x168) returned 0x1 [0099.396] GetFileType (hFile=0x168) returned 0x1 [0099.396] GetFileInformationByHandle (in: hFile=0x168, lpFileInformation=0xc0001b7d44 | out: lpFileInformation=0xc0001b7d44) returned 1 [0099.396] GetFileInformationByHandleEx (in: hFile=0x168, FileInformationClass=0x9, lpFileInformation=0xc0001b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b7d28) returned 1 [0099.396] ReadFile (in: hFile=0x168, lpBuffer=0xc000158300, nNumberOfBytesToRead=0x2cc, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000158300*, lpNumberOfBytesRead=0xc0001b7c04*=0xcc, lpOverlapped=0x0) returned 1 [0099.398] ReadFile (in: hFile=0x168, lpBuffer=0xc0001583cc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001583cc*, lpNumberOfBytesRead=0xc0001b7c04*=0x0, lpOverlapped=0x0) returned 1 [0099.398] CloseHandle (hObject=0x168) returned 1 [0099.398] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0099.399] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0001b7d04 | out: lpMode=0xc0001b7d04) returned 0 [0099.400] GetFileType (hFile=0x168) returned 0x1 [0099.400] WriteFile (in: hFile=0x168, lpBuffer=0xc0001680d0*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc0001b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001680d0*, lpNumberOfBytesWritten=0xc0001b7cec*=0xd0, lpOverlapped=0x0) returned 1 [0099.401] CloseHandle (hObject=0x168) returned 1 [0099.401] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0099.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0099.402] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0001b7d64 | out: lpMode=0xc0001b7d64) returned 0 [0099.405] GetFileType (hFile=0x168) returned 0x1 [0099.405] WriteFile (in: hFile=0x168, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0001b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.405] CloseHandle (hObject=0x168) returned 1 [0099.405] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.406] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.409] SetEvent (hEvent=0xb8) returned 1 [0099.409] VirtualFree (lpAddress=0xc0001d2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.410] VirtualFree (lpAddress=0xc000160000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0099.410] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.410] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.410] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.410] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.411] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0099.411] SetEvent (hEvent=0x15c) returned 1 [0099.411] SetEvent (hEvent=0xb8) returned 1 [0099.411] SetEvent (hEvent=0x13c) returned 1 [0099.411] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0099.413] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.414] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.414] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.416] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.416] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0099.416] SetEvent (hEvent=0x13c) returned 1 [0099.416] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.420] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.420] GetFileType (hFile=0x128) returned 0x1 [0099.420] GetFileType (hFile=0x128) returned 0x1 [0099.420] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000279d44 | out: lpFileInformation=0xc000279d44) returned 1 [0099.420] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000279d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000279d28) returned 1 [0099.420] ReadFile (in: hFile=0x128, lpBuffer=0xc00011e000, nNumberOfBytesToRead=0x284, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011e000*, lpNumberOfBytesRead=0xc000279c04*=0x84, lpOverlapped=0x0) returned 1 [0099.421] ReadFile (in: hFile=0x128, lpBuffer=0xc00011e084, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011e084*, lpNumberOfBytesRead=0xc000279c04*=0x0, lpOverlapped=0x0) returned 1 [0099.421] CloseHandle (hObject=0x128) returned 1 [0099.421] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0099.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0099.423] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000279d04 | out: lpMode=0xc000279d04) returned 0 [0099.429] GetFileType (hFile=0x128) returned 0x1 [0099.429] WriteFile (in: hFile=0x128, lpBuffer=0xc0001dc000*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc000279cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001dc000*, lpNumberOfBytesWritten=0xc000279cec*=0x90, lpOverlapped=0x0) returned 1 [0099.430] CloseHandle (hObject=0x128) returned 1 [0099.430] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0099.431] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0099.431] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0099.431] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0099.431] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000279d64 | out: lpMode=0xc000279d64) returned 0 [0099.433] GetFileType (hFile=0x128) returned 0x1 [0099.434] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000279d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000279d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.434] CloseHandle (hObject=0x128) returned 1 [0099.434] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.508] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.531] SetEvent (hEvent=0x13c) returned 1 [0099.531] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.535] SetEvent (hEvent=0x12c) returned 1 [0099.535] SetEvent (hEvent=0x120) returned 1 [0099.535] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.538] SetEvent (hEvent=0xb8) returned 1 [0099.539] SetEvent (hEvent=0x120) returned 1 [0099.539] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.542] VirtualFree (lpAddress=0xc00017a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.542] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.542] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.542] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.543] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.543] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.543] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.544] SetEvent (hEvent=0x12c) returned 1 [0099.544] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.588] SetEvent (hEvent=0x120) returned 1 [0099.588] SwitchToThread () returned 1 [0099.590] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.601] SwitchToThread () returned 1 [0099.607] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.608] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.608] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.608] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.608] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.608] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.608] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.608] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0099.608] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0099.609] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc8)) returned 1 [0099.609] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.609] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.609] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.610] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.610] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.610] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.610] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.610] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6)) returned 1 [0099.623] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.625] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.625] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.625] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.626] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0099.626] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.626] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x299, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.626] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.626] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.626] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0099.627] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x299)) returned 1 [0099.627] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.627] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.627] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.627] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0099.627] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.628] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.628] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.628] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.628] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb)) returned 1 [0099.629] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.631] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.631] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.631] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.631] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.631] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.631] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.631] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xb2)) returned 1 [0099.632] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.632] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.632] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.632] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.632] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.632] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.632] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.632] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb6)) returned 1 [0099.639] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0099.639] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.640] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.640] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.640] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x16a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.640] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.640] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.640] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebcc80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x16a)) returned 1 [0099.640] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.641] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.641] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.641] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.641] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.641] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.641] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.641] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfb)) returned 1 [0099.644] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.648] SetEvent (hEvent=0x120) returned 1 [0099.760] VirtualFree (lpAddress=0xc0001e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.760] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.760] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.761] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.761] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.761] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.761] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.761] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.762] VirtualFree (lpAddress=0xc00005c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.762] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.762] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.762] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.763] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0238*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00013f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0238*, lpNumberOfCharsWritten=0xc00013f818*=0x3) returned 1 [0099.766] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0280*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000259818, lpReserved=0x0 | out: lpBuffer=0xc0000a0280*, lpNumberOfCharsWritten=0xc000259818*=0x3) returned 1 [0099.772] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0286*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0286*, lpNumberOfCharsWritten=0xc0000f5818*=0x3) returned 1 [0099.784] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001022e0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000eb818, lpReserved=0x0 | out: lpBuffer=0xc0001022e0*, lpNumberOfCharsWritten=0xc0000eb818*=0x3) returned 1 [0099.788] SetEvent (hEvent=0xfc) returned 1 [0099.788] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102310*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004d9818, lpReserved=0x0 | out: lpBuffer=0xc000102310*, lpNumberOfCharsWritten=0xc0004d9818*=0x3) returned 1 [0099.794] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.799] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000157818, lpReserved=0x0 | out: lpBuffer=0xc000102080*, lpNumberOfCharsWritten=0xc000157818*=0x3) returned 1 [0099.803] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102086*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000143818, lpReserved=0x0 | out: lpBuffer=0xc000102086*, lpNumberOfCharsWritten=0xc000143818*=0x3) returned 1 [0099.805] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.810] SetEvent (hEvent=0x13c) returned 1 [0099.810] SetEvent (hEvent=0x120) returned 1 [0099.810] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.813] SetEvent (hEvent=0x120) returned 1 [0099.813] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.814] SetEvent (hEvent=0x13c) returned 1 [0099.814] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.818] SwitchToThread () returned 1 [0099.820] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.822] SetEvent (hEvent=0x120) returned 1 [0099.822] SetEvent (hEvent=0xfc) returned 1 [0099.822] SwitchToThread () returned 1 [0099.825] SetEvent (hEvent=0x120) returned 1 [0099.825] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.827] SetEvent (hEvent=0x13c) returned 1 [0099.827] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.841] SetEvent (hEvent=0x120) returned 1 [0099.841] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.842] SetEvent (hEvent=0xfc) returned 1 [0099.842] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0099.846] SetEvent (hEvent=0x13c) returned 1 [0099.846] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.025] SetEvent (hEvent=0x120) returned 1 [0100.025] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.033] SetEvent (hEvent=0x120) returned 1 [0100.033] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.036] SetEvent (hEvent=0x120) returned 1 [0100.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x164 [0100.036] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc0000bbcf4 | out: lpMode=0xc0000bbcf4) returned 0 [0100.037] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.038] SetEvent (hEvent=0x120) returned 1 [0100.038] GetFileType (hFile=0x164) returned 0x1 [0100.038] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.055] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0100.056] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0100.056] GetFileType (hFile=0x164) returned 0x1 [0100.056] GetFileInformationByHandle (in: hFile=0x164, lpFileInformation=0xc0000bbd44 | out: lpFileInformation=0xc0000bbd44) returned 1 [0100.056] GetFileInformationByHandleEx (in: hFile=0x164, FileInformationClass=0x9, lpFileInformation=0xc0000bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bbd28) returned 1 [0100.056] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0100.057] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0100.057] ReadFile (in: hFile=0x164, lpBuffer=0xc000058000, nNumberOfBytesToRead=0x2cb, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesRead=0xc0000bbc04*=0xcb, lpOverlapped=0x0) returned 1 [0100.059] ReadFile (in: hFile=0x164, lpBuffer=0xc0000580cb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000580cb*, lpNumberOfBytesRead=0xc0000bbc04*=0x0, lpOverlapped=0x0) returned 1 [0100.059] CloseHandle (hObject=0x164) returned 1 [0100.059] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0100.059] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0100.060] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0100.060] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0100.060] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0100.061] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0100.061] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0100.062] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc0000bbd04 | out: lpMode=0xc0000bbd04) returned 0 [0100.074] GetFileType (hFile=0x164) returned 0x1 [0100.074] WriteFile (in: hFile=0x164, lpBuffer=0xc000094000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc0000bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesWritten=0xc0000bbcec*=0xd0, lpOverlapped=0x0) returned 1 [0100.076] CloseHandle (hObject=0x164) returned 1 [0100.076] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0100.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0100.076] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc0000bbd64 | out: lpMode=0xc0000bbd64) returned 0 [0100.079] GetFileType (hFile=0x164) returned 0x1 [0100.079] WriteFile (in: hFile=0x164, lpBuffer=0xc0001306e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001306e0*, lpNumberOfBytesWritten=0xc0000bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0100.079] CloseHandle (hObject=0x164) returned 1 [0100.079] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.080] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.087] SetEvent (hEvent=0x120) returned 1 [0100.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0100.088] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000113cf4 | out: lpMode=0xc000113cf4) returned 0 [0100.093] GetFileType (hFile=0x148) returned 0x1 [0100.093] GetFileType (hFile=0x148) returned 0x1 [0100.094] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000113d44 | out: lpFileInformation=0xc000113d44) returned 1 [0100.094] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000113d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000113d28) returned 1 [0100.094] ReadFile (in: hFile=0x148, lpBuffer=0xc000120e00, nNumberOfBytesToRead=0x347, lpNumberOfBytesRead=0xc000113c04, lpOverlapped=0x0 | out: lpBuffer=0xc000120e00*, lpNumberOfBytesRead=0xc000113c04*=0x147, lpOverlapped=0x0) returned 1 [0100.095] ReadFile (in: hFile=0x148, lpBuffer=0xc000120f47, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000113c04, lpOverlapped=0x0 | out: lpBuffer=0xc000120f47*, lpNumberOfBytesRead=0xc000113c04*=0x0, lpOverlapped=0x0) returned 1 [0100.095] CloseHandle (hObject=0x148) returned 1 [0100.095] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0100.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0100.097] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000113d04 | out: lpMode=0xc000113d04) returned 0 [0100.101] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.102] GetFileType (hFile=0x148) returned 0x1 [0100.102] WriteFile (in: hFile=0x148, lpBuffer=0xc000130840*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0xc000113cec, lpOverlapped=0x0 | out: lpBuffer=0xc000130840*, lpNumberOfBytesWritten=0xc000113cec*=0x150, lpOverlapped=0x0) returned 1 [0100.103] CloseHandle (hObject=0x148) returned 1 [0100.103] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0100.103] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0100.104] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0100.104] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000113d64 | out: lpMode=0xc000113d64) returned 0 [0100.105] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.107] GetFileType (hFile=0x148) returned 0x1 [0100.107] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.112] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.119] SetEvent (hEvent=0xb8) returned 1 [0100.119] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0100.119] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0100.120] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0100.120] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x164 [0100.121] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc0001a3cf4 | out: lpMode=0xc0001a3cf4) returned 0 [0100.134] GetFileType (hFile=0x164) returned 0x1 [0100.134] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0100.135] GetFileType (hFile=0x164) returned 0x1 [0100.135] GetFileInformationByHandle (in: hFile=0x164, lpFileInformation=0xc0001a3d44 | out: lpFileInformation=0xc0001a3d44) returned 1 [0100.135] GetFileInformationByHandleEx (in: hFile=0x164, FileInformationClass=0x9, lpFileInformation=0xc0001a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a3d28) returned 1 [0100.135] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0100.135] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0100.136] ReadFile (in: hFile=0x164, lpBuffer=0xc000052000, nNumberOfBytesToRead=0x2b4, lpNumberOfBytesRead=0xc0001a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfBytesRead=0xc0001a3c04*=0xb4, lpOverlapped=0x0) returned 1 [0100.137] ReadFile (in: hFile=0x164, lpBuffer=0xc0000520b4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000520b4*, lpNumberOfBytesRead=0xc0001a3c04*=0x0, lpOverlapped=0x0) returned 1 [0100.137] CloseHandle (hObject=0x164) returned 1 [0100.137] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0100.137] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0100.138] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0100.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0100.139] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc0001a3d04 | out: lpMode=0xc0001a3d04) returned 0 [0100.152] GetFileType (hFile=0x164) returned 0x1 [0100.152] WriteFile (in: hFile=0x164, lpBuffer=0xc000058000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0001a3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesWritten=0xc0001a3cec*=0xc0, lpOverlapped=0x0) returned 1 [0100.153] CloseHandle (hObject=0x164) returned 1 [0100.154] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0100.154] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0100.154] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0100.155] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0100.155] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0100.155] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc0001a3d64 | out: lpMode=0xc0001a3d64) returned 0 [0100.164] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.189] GetFileType (hFile=0x164) returned 0x1 [0100.189] WriteFile (in: hFile=0x164, lpBuffer=0xc0001d6000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6000*, lpNumberOfBytesWritten=0xc0001a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.189] CloseHandle (hObject=0x164) returned 1 [0100.189] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.190] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.192] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0100.192] SetEvent (hEvent=0x8c) returned 1 [0100.193] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.199] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.201] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0100.201] SetEvent (hEvent=0x15c) returned 1 [0100.201] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.209] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.209] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.210] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0100.210] SetEvent (hEvent=0xc0) returned 1 [0100.210] SetEvent (hEvent=0x15c) returned 1 [0100.210] SetEvent (hEvent=0x8c) returned 1 [0100.210] VirtualAlloc (lpAddress=0xc0001cc000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001cc000 [0100.212] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.219] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0100.219] SetEvent (hEvent=0x8c) returned 1 [0100.220] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.229] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.230] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0100.230] SetEvent (hEvent=0xc0) returned 1 [0100.230] SetEvent (hEvent=0x15c) returned 1 [0100.230] SetEvent (hEvent=0x12c) returned 1 [0100.231] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.234] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.240] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0100.240] SetEvent (hEvent=0x12c) returned 1 [0100.240] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.252] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.252] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0100.252] SetEvent (hEvent=0x15c) returned 1 [0100.252] SetEvent (hEvent=0x9c) returned 1 [0100.253] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.262] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.264] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.366] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.366] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.367] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0100.367] SetEvent (hEvent=0xc0) returned 1 [0100.367] SetEvent (hEvent=0x12c) returned 1 [0100.367] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.379] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.379] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0100.380] SetEvent (hEvent=0xc0) returned 1 [0100.380] SetEvent (hEvent=0x12c) returned 1 [0100.380] SetEvent (hEvent=0x9c) returned 1 [0100.395] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0100.400] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.403] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.408] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.409] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0100.409] SetEvent (hEvent=0x8c) returned 1 [0100.409] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0100.410] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0000ebcf4 | out: lpMode=0xc0000ebcf4) returned 0 [0100.411] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.418] SetEvent (hEvent=0x12c) returned 1 [0100.418] GetFileType (hFile=0x150) returned 0x1 [0100.418] GetFileType (hFile=0x150) returned 0x1 [0100.418] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0000ebd44 | out: lpFileInformation=0xc0000ebd44) returned 1 [0100.418] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0000ebd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000ebd28) returned 1 [0100.418] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0100.419] ReadFile (in: hFile=0x150, lpBuffer=0xc00007a000, nNumberOfBytesToRead=0x2c5, lpNumberOfBytesRead=0xc0000ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesRead=0xc0000ebc04*=0xc5, lpOverlapped=0x0) returned 1 [0100.420] ReadFile (in: hFile=0x150, lpBuffer=0xc00007a0c5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a0c5*, lpNumberOfBytesRead=0xc0000ebc04*=0x0, lpOverlapped=0x0) returned 1 [0100.420] CloseHandle (hObject=0x150) returned 1 [0100.420] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0100.421] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0100.421] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0100.421] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0100.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0100.423] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0000ebd04 | out: lpMode=0xc0000ebd04) returned 0 [0100.425] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.429] GetFileType (hFile=0x150) returned 0x1 [0100.429] WriteFile (in: hFile=0x150, lpBuffer=0xc000040000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc0000ebcec, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesWritten=0xc0000ebcec*=0xd0, lpOverlapped=0x0) returned 1 [0100.430] CloseHandle (hObject=0x150) returned 1 [0100.430] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0100.431] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0100.431] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0100.431] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0100.432] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0100.432] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0100.433] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0100.433] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0000ebd64 | out: lpMode=0xc0000ebd64) returned 0 [0100.436] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.442] SetEvent (hEvent=0x12c) returned 1 [0100.442] SwitchToThread () returned 1 [0100.511] SwitchToThread () returned 1 [0100.512] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.513] SetEvent (hEvent=0x12c) returned 1 [0100.513] SetEvent (hEvent=0x8c) returned 1 [0100.513] VirtualFree (lpAddress=0xc0001ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.513] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.513] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.514] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.514] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.514] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.514] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.515] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.515] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.515] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.515] GetFileType (hFile=0x170) returned 0x1 [0100.516] GetFileType (hFile=0x170) returned 0x1 [0100.516] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc000065d44 | out: lpFileInformation=0xc000065d44) returned 1 [0100.516] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc000065d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000065d28) returned 1 [0100.516] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0100.516] ReadFile (in: hFile=0x170, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x296, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc000065c04*=0x96, lpOverlapped=0x0) returned 1 [0100.518] ReadFile (in: hFile=0x170, lpBuffer=0xc0000fa096, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa096*, lpNumberOfBytesRead=0xc000065c04*=0x0, lpOverlapped=0x0) returned 1 [0100.518] CloseHandle (hObject=0x170) returned 1 [0100.518] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0100.518] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0100.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0100.520] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000065d04 | out: lpMode=0xc000065d04) returned 0 [0100.520] GetFileType (hFile=0x170) returned 0x1 [0100.520] WriteFile (in: hFile=0x170, lpBuffer=0xc0003d6000*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0xc000065cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d6000*, lpNumberOfBytesWritten=0xc000065cec*=0xa0, lpOverlapped=0x0) returned 1 [0100.521] CloseHandle (hObject=0x170) returned 1 [0100.522] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0100.522] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0100.522] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0100.522] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000065d64 | out: lpMode=0xc000065d64) returned 0 [0100.533] GetFileType (hFile=0x170) returned 0x1 [0100.533] WriteFile (in: hFile=0x170, lpBuffer=0xc0001246e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000065d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001246e0*, lpNumberOfBytesWritten=0xc000065d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.534] CloseHandle (hObject=0x170) returned 1 [0100.534] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.535] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0100.536] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0000f5cf4 | out: lpMode=0xc0000f5cf4) returned 0 [0100.539] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.544] SwitchToThread () returned 1 [0100.545] SetEvent (hEvent=0x12c) returned 1 [0100.545] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.545] SetEvent (hEvent=0xb8) returned 1 [0100.546] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.554] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.557] SetEvent (hEvent=0x12c) returned 1 [0100.557] SetEvent (hEvent=0x15c) returned 1 [0100.557] SetEvent (hEvent=0x120) returned 1 [0100.558] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.560] SwitchToThread () returned 1 [0100.563] SetEvent (hEvent=0x12c) returned 1 [0100.563] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.564] SetEvent (hEvent=0x12c) returned 1 [0100.564] SetEvent (hEvent=0x120) returned 1 [0100.564] SetEvent (hEvent=0xb8) returned 1 [0100.564] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.569] SetEvent (hEvent=0x120) returned 1 [0100.569] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.570] VirtualFree (lpAddress=0xc0001f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.570] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.571] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.571] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.571] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.571] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.572] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.572] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.572] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.573] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.573] SetEvent (hEvent=0xb8) returned 1 [0100.573] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.575] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.580] SetEvent (hEvent=0x120) returned 1 [0100.580] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.582] SetEvent (hEvent=0x12c) returned 1 [0100.582] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.586] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.614] SetEvent (hEvent=0x120) returned 1 [0100.614] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.868] SetEvent (hEvent=0x15c) returned 1 [0100.868] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.873] SetEvent (hEvent=0x120) returned 1 [0100.873] SetEvent (hEvent=0xb8) returned 1 [0100.873] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.892] SetEvent (hEvent=0xb8) returned 1 [0100.892] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.894] SetEvent (hEvent=0x15c) returned 1 [0100.894] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.896] SetEvent (hEvent=0x120) returned 1 [0100.896] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.907] SetEvent (hEvent=0x15c) returned 1 [0100.907] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.971] SetEvent (hEvent=0x8c) returned 1 [0100.971] SetEvent (hEvent=0x9c) returned 1 [0100.971] SetEvent (hEvent=0x15c) returned 1 [0100.971] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.977] SetEvent (hEvent=0x8c) returned 1 [0100.977] SetEvent (hEvent=0x12c) returned 1 [0100.977] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0100.983] SetEvent (hEvent=0x120) returned 1 [0100.983] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.039] SetEvent (hEvent=0x15c) returned 1 [0101.039] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.041] SetEvent (hEvent=0xb8) returned 1 [0101.042] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.045] SetEvent (hEvent=0x9c) returned 1 [0101.045] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.068] SetEvent (hEvent=0x9c) returned 1 [0101.068] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.105] VirtualFree (lpAddress=0xc00021c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0101.106] VirtualFree (lpAddress=0xc000216000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.106] VirtualFree (lpAddress=0xc000202000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.106] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.107] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.107] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.107] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.107] SetEvent (hEvent=0x120) returned 1 [0101.107] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.168] SetEvent (hEvent=0xb8) returned 1 [0101.168] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.185] SetEvent (hEvent=0xb8) returned 1 [0101.185] SetEvent (hEvent=0x12c) returned 1 [0101.185] SetEvent (hEvent=0x15c) returned 1 [0101.185] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.210] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.216] SetEvent (hEvent=0xb8) returned 1 [0101.216] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.218] SetEvent (hEvent=0x120) returned 1 [0101.218] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.219] SwitchToThread () returned 1 [0101.221] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.222] SetEvent (hEvent=0xb8) returned 1 [0101.222] SetEvent (hEvent=0x15c) returned 1 [0101.222] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.222] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.222] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.223] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.223] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.223] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.223] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.223] GetFileType (hFile=0x128) returned 0x1 [0101.224] GetFileType (hFile=0x128) returned 0x1 [0101.224] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0000e7d44 | out: lpFileInformation=0xc0000e7d44) returned 1 [0101.224] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0000e7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000e7d28) returned 1 [0101.224] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0101.224] ReadFile (in: hFile=0x128, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x56b, lpNumberOfBytesRead=0xc0000e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc0000e7c04*=0x36b, lpOverlapped=0x0) returned 1 [0101.229] ReadFile (in: hFile=0x128, lpBuffer=0xc0000fa36b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa36b*, lpNumberOfBytesRead=0xc0000e7c04*=0x0, lpOverlapped=0x0) returned 1 [0101.229] CloseHandle (hObject=0x128) returned 1 [0101.229] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0101.229] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0101.230] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0101.230] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0101.230] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0101.231] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000e7d04 | out: lpMode=0xc0000e7d04) returned 0 [0101.241] GetFileType (hFile=0x128) returned 0x1 [0101.241] WriteFile (in: hFile=0x128, lpBuffer=0xc0000ce000*, nNumberOfBytesToWrite=0x370, lpNumberOfBytesWritten=0xc0000e7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesWritten=0xc0000e7cec*=0x370, lpOverlapped=0x0) returned 1 [0101.242] CloseHandle (hObject=0x128) returned 1 [0101.243] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0101.243] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.243] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0101.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0101.244] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000e7d64 | out: lpMode=0xc0000e7d64) returned 0 [0101.258] GetFileType (hFile=0x128) returned 0x1 [0101.258] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000e7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000e7d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.258] CloseHandle (hObject=0x128) returned 1 [0101.258] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0101.258] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0101.259] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.260] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0101.260] SetEvent (hEvent=0x12c) returned 1 [0101.260] SetEvent (hEvent=0x9c) returned 1 [0101.261] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.267] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.267] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.275] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.275] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.276] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.276] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0101.276] SetEvent (hEvent=0xc0) returned 1 [0101.276] SetEvent (hEvent=0x9c) returned 1 [0101.276] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.289] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0101.289] SetEvent (hEvent=0x12c) returned 1 [0101.289] SetEvent (hEvent=0x15c) returned 1 [0101.289] SetEvent (hEvent=0x8c) returned 1 [0101.290] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.295] SetEvent (hEvent=0x120) returned 1 [0101.295] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.300] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.300] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.301] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0101.301] SetEvent (hEvent=0xc0) returned 1 [0101.301] SetEvent (hEvent=0x120) returned 1 [0101.301] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.302] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0101.302] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001a5d04 | out: lpMode=0xc0001a5d04) returned 0 [0101.308] GetFileType (hFile=0x128) returned 0x1 [0101.308] WriteFile (in: hFile=0x128, lpBuffer=0xc0000a2000*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0xc0001a5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesWritten=0xc0001a5cec*=0x2b0, lpOverlapped=0x0) returned 1 [0101.312] CloseHandle (hObject=0x128) returned 1 [0101.312] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0101.312] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0101.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0101.313] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001a5d64 | out: lpMode=0xc0001a5d64) returned 0 [0101.324] GetFileType (hFile=0x128) returned 0x1 [0101.324] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001a5d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.324] CloseHandle (hObject=0x128) returned 1 [0101.324] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0101.325] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.325] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0101.325] SetEvent (hEvent=0xb8) returned 1 [0101.326] SetEvent (hEvent=0x15c) returned 1 [0101.326] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0101.328] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.333] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.333] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0101.333] SetEvent (hEvent=0x15c) returned 1 [0101.333] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.342] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.342] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.343] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0101.343] SetEvent (hEvent=0xc0) returned 1 [0101.343] SetEvent (hEvent=0xb8) returned 1 [0101.343] SetEvent (hEvent=0x8c) returned 1 [0101.344] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.347] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.350] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0101.350] SetEvent (hEvent=0x8c) returned 1 [0101.350] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.352] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.353] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0101.353] SetEvent (hEvent=0x120) returned 1 [0101.353] SetEvent (hEvent=0x15c) returned 1 [0101.354] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.356] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.359] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0101.359] SetEvent (hEvent=0x120) returned 1 [0101.359] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.365] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.365] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0101.365] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82787f80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8278a690, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.366] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.366] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82787f80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8278a690, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.366] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82787f80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8278a690, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.366] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8278a690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x284, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.366] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.366] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.366] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0101.367] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0101.367] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nb\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8278a690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8278a690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x284)) returned 1 [0101.367] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82791bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827942d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827942d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.368] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.368] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82791bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827942d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827942d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.368] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82791bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827942d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827942d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.368] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827942d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827969e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.368] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.368] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.368] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827942d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827969e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282)) returned 1 [0101.371] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.377] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.402] SetEvent (hEvent=0x8c) returned 1 [0101.402] SetEvent (hEvent=0x12c) returned 1 [0101.402] SetEvent (hEvent=0x120) returned 1 [0101.402] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.407] SetEvent (hEvent=0x12c) returned 1 [0101.407] SetEvent (hEvent=0x120) returned 1 [0101.407] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.442] SetEvent (hEvent=0x120) returned 1 [0101.442] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.491] SetEvent (hEvent=0xb8) returned 1 [0101.491] SetEvent (hEvent=0x12c) returned 1 [0101.491] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.650] SetEvent (hEvent=0xb8) returned 1 [0101.650] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0101.650] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001e9cf4 | out: lpMode=0xc0001e9cf4) returned 0 [0101.651] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.652] GetFileType (hFile=0x128) returned 0x1 [0101.652] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.664] VirtualAlloc (lpAddress=0xc0001f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f2000 [0101.664] VirtualAlloc (lpAddress=0xc0001f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f4000 [0101.664] GetFileType (hFile=0x128) returned 0x1 [0101.664] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0001e9d44 | out: lpFileInformation=0xc0001e9d44) returned 1 [0101.664] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0001e9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001e9d28) returned 1 [0101.664] VirtualAlloc (lpAddress=0xc0001f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f6000 [0101.665] VirtualAlloc (lpAddress=0xc0001f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f8000 [0101.665] ReadFile (in: hFile=0x128, lpBuffer=0xc0001f8000, nNumberOfBytesToRead=0x489, lpNumberOfBytesRead=0xc0001e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001f8000*, lpNumberOfBytesRead=0xc0001e9c04*=0x289, lpOverlapped=0x0) returned 1 [0101.673] ReadFile (in: hFile=0x128, lpBuffer=0xc0001f8289, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001f8289*, lpNumberOfBytesRead=0xc0001e9c04*=0x0, lpOverlapped=0x0) returned 1 [0101.673] CloseHandle (hObject=0x128) returned 1 [0101.673] VirtualAlloc (lpAddress=0xc0001fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fa000 [0101.674] VirtualAlloc (lpAddress=0xc0001fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fc000 [0101.674] VirtualAlloc (lpAddress=0xc0001fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fe000 [0101.674] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0101.675] VirtualAlloc (lpAddress=0xc0001d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d6000 [0101.675] VirtualAlloc (lpAddress=0xc0001da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001da000 [0101.676] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0101.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0101.677] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001e9d04 | out: lpMode=0xc0001e9d04) returned 0 [0101.685] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.688] GetFileType (hFile=0x128) returned 0x1 [0101.688] WriteFile (in: hFile=0x128, lpBuffer=0xc0001c2000*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xc0001e9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001c2000*, lpNumberOfBytesWritten=0xc0001e9cec*=0x290, lpOverlapped=0x0) returned 1 [0101.689] CloseHandle (hObject=0x128) returned 1 [0101.689] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0101.689] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0101.690] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0101.690] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001e9d64 | out: lpMode=0xc0001e9d64) returned 0 [0101.695] GetFileType (hFile=0x128) returned 0x1 [0101.695] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001e9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0001e9d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.695] CloseHandle (hObject=0x128) returned 1 [0101.695] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.696] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.702] SetEvent (hEvent=0xb8) returned 1 [0101.703] SetEvent (hEvent=0x9c) returned 1 [0101.703] SwitchToThread () returned 1 [0101.705] SetEvent (hEvent=0xb8) returned 1 [0101.705] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.713] SetEvent (hEvent=0xb8) returned 1 [0101.713] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.714] SetEvent (hEvent=0x9c) returned 1 [0101.714] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.715] SetEvent (hEvent=0x8c) returned 1 [0101.715] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.728] SetEvent (hEvent=0xb8) returned 1 [0101.728] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.730] SetEvent (hEvent=0xb8) returned 1 [0101.730] SetEvent (hEvent=0x12c) returned 1 [0101.730] SetEvent (hEvent=0x9c) returned 1 [0101.730] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.733] SwitchToThread () returned 1 [0101.735] SetEvent (hEvent=0xb8) returned 1 [0101.735] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.736] SetEvent (hEvent=0x8c) returned 1 [0101.736] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.740] SetEvent (hEvent=0xb8) returned 1 [0101.740] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.742] SetEvent (hEvent=0x120) returned 1 [0101.742] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.743] SwitchToThread () returned 1 [0101.743] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.747] SetEvent (hEvent=0xb8) returned 1 [0101.747] SetEvent (hEvent=0x8c) returned 1 [0101.747] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.799] SetEvent (hEvent=0x8c) returned 1 [0101.799] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.803] SetEvent (hEvent=0x9c) returned 1 [0101.803] SetEvent (hEvent=0x12c) returned 1 [0101.803] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.805] SetEvent (hEvent=0x9c) returned 1 [0101.805] SetEvent (hEvent=0x8c) returned 1 [0101.805] SetEvent (hEvent=0x120) returned 1 [0101.805] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.809] VirtualFree (lpAddress=0xc000218000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.809] VirtualFree (lpAddress=0xc000162000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0101.810] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.810] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.810] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.811] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.811] SetEvent (hEvent=0xb8) returned 1 [0101.811] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.850] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.853] SetEvent (hEvent=0xb8) returned 1 [0101.853] SetEvent (hEvent=0x8c) returned 1 [0101.853] SetEvent (hEvent=0x9c) returned 1 [0101.854] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.987] SetEvent (hEvent=0x12c) returned 1 [0101.987] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0101.990] SetEvent (hEvent=0x12c) returned 1 [0101.990] SetEvent (hEvent=0xb8) returned 1 [0101.990] VirtualFree (lpAddress=0xc0001f2000, dwSize=0x34000, dwFreeType=0x4000) returned 1 [0101.991] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.992] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.992] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.992] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.992] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.993] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.993] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.993] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.993] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.993] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0101.994] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000149cf4 | out: lpMode=0xc000149cf4) returned 0 [0101.995] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.006] SetEvent (hEvent=0x12c) returned 1 [0102.006] GetFileType (hFile=0x128) returned 0x1 [0102.006] GetFileType (hFile=0x128) returned 0x1 [0102.006] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000149d44 | out: lpFileInformation=0xc000149d44) returned 1 [0102.007] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000149d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000149d28) returned 1 [0102.007] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0102.007] ReadFile (in: hFile=0x128, lpBuffer=0xc00016c000, nNumberOfBytesToRead=0x4d0, lpNumberOfBytesRead=0xc000149c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c000*, lpNumberOfBytesRead=0xc000149c04*=0x2d0, lpOverlapped=0x0) returned 1 [0102.016] ReadFile (in: hFile=0x128, lpBuffer=0xc00016c2d0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000149c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c2d0*, lpNumberOfBytesRead=0xc000149c04*=0x0, lpOverlapped=0x0) returned 1 [0102.016] CloseHandle (hObject=0x128) returned 1 [0102.016] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0102.016] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0102.017] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0102.017] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0102.018] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0102.018] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0102.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0102.020] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000149d04 | out: lpMode=0xc000149d04) returned 0 [0102.022] GetFileType (hFile=0x128) returned 0x1 [0102.022] WriteFile (in: hFile=0x128, lpBuffer=0xc00004e000*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0xc000149cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesWritten=0xc000149cec*=0x2e0, lpOverlapped=0x0) returned 1 [0102.023] CloseHandle (hObject=0x128) returned 1 [0102.023] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0102.023] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0102.023] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0102.024] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0102.024] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0102.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0102.026] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000149d64 | out: lpMode=0xc000149d64) returned 0 [0102.027] GetFileType (hFile=0x128) returned 0x1 [0102.027] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000149d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000149d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.027] CloseHandle (hObject=0x128) returned 1 [0102.027] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0102.028] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\vi\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.029] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.029] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.029] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586478*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000259818, lpReserved=0x0 | out: lpBuffer=0xc000586478*, lpNumberOfCharsWritten=0xc000259818*=0x3) returned 1 [0102.030] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586480*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f3818, lpReserved=0x0 | out: lpBuffer=0xc000586480*, lpNumberOfCharsWritten=0xc0000f3818*=0x3) returned 1 [0102.033] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586486*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018b818, lpReserved=0x0 | out: lpBuffer=0xc000586486*, lpNumberOfCharsWritten=0xc00018b818*=0x3) returned 1 [0102.041] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.043] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0102.044] SetEvent (hEvent=0x9c) returned 1 [0102.044] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.069] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0102.069] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0102.070] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0102.070] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0102.070] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0102.071] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0102.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0102.072] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00023fcf4 | out: lpMode=0xc00023fcf4) returned 0 [0102.073] GetFileType (hFile=0x150) returned 0x1 [0102.073] GetFileType (hFile=0x150) returned 0x1 [0102.073] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00023fd44 | out: lpFileInformation=0xc00023fd44) returned 1 [0102.073] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00023fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023fd28) returned 1 [0102.073] ReadFile (in: hFile=0x150, lpBuffer=0xc0001682c0, nNumberOfBytesToRead=0x2a0, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001682c0*, lpNumberOfBytesRead=0xc00023fc04*=0xa0, lpOverlapped=0x0) returned 1 [0102.074] ReadFile (in: hFile=0x150, lpBuffer=0xc000168360, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000168360*, lpNumberOfBytesRead=0xc00023fc04*=0x0, lpOverlapped=0x0) returned 1 [0102.075] CloseHandle (hObject=0x150) returned 1 [0102.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.076] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00023fd04 | out: lpMode=0xc00023fd04) returned 0 [0102.082] GetFileType (hFile=0x150) returned 0x1 [0102.082] WriteFile (in: hFile=0x150, lpBuffer=0xc0001660b0*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0xc00023fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001660b0*, lpNumberOfBytesWritten=0xc00023fcec*=0xb0, lpOverlapped=0x0) returned 1 [0102.083] CloseHandle (hObject=0x150) returned 1 [0102.083] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0102.083] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0102.084] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.084] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00023fd64 | out: lpMode=0xc00023fd64) returned 0 [0102.091] GetFileType (hFile=0x150) returned 0x1 [0102.091] WriteFile (in: hFile=0x150, lpBuffer=0xc00016a6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a6e0*, lpNumberOfBytesWritten=0xc00023fd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.091] CloseHandle (hObject=0x150) returned 1 [0102.091] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\encry-topbar_floating_button_hover.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\encry-topbar_floating_button_hover.png"), dwFlags=0x1) returned 1 [0102.092] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0102.093] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000080a80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x150 [0102.112] CloseHandle (hObject=0x150) returned 1 [0102.112] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0102.112] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00015fcf4 | out: lpMode=0xc00015fcf4) returned 0 [0102.117] GetFileType (hFile=0x150) returned 0x1 [0102.117] GetFileType (hFile=0x150) returned 0x1 [0102.117] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00015fd44 | out: lpFileInformation=0xc00015fd44) returned 1 [0102.117] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00015fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015fd28) returned 1 [0102.117] ReadFile (in: hFile=0x150, lpBuffer=0xc000169340, nNumberOfBytesToRead=0x2a6, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000169340*, lpNumberOfBytesRead=0xc00015fc04*=0xa6, lpOverlapped=0x0) returned 1 [0102.118] ReadFile (in: hFile=0x150, lpBuffer=0xc0001693e6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001693e6*, lpNumberOfBytesRead=0xc00015fc04*=0x0, lpOverlapped=0x0) returned 1 [0102.118] CloseHandle (hObject=0x150) returned 1 [0102.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.120] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00015fd04 | out: lpMode=0xc00015fd04) returned 0 [0102.122] GetFileType (hFile=0x150) returned 0x1 [0102.122] WriteFile (in: hFile=0x150, lpBuffer=0xc000166580*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0xc00015fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000166580*, lpNumberOfBytesWritten=0xc00015fcec*=0xb0, lpOverlapped=0x0) returned 1 [0102.123] CloseHandle (hObject=0x150) returned 1 [0102.123] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082b01 | out: pbBuffer=0xc000082b01) returned 1 [0102.123] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.124] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00015fd64 | out: lpMode=0xc00015fd64) returned 0 [0102.124] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.126] SetEvent (hEvent=0x15c) returned 1 [0102.126] GetFileType (hFile=0x150) returned 0x1 [0102.126] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc00015fd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.126] CloseHandle (hObject=0x150) returned 1 [0102.126] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0102.127] SetEvent (hEvent=0xfc) returned 1 [0102.127] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.159] SetEvent (hEvent=0x114) returned 1 [0102.159] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.162] SetEvent (hEvent=0xfc) returned 1 [0102.162] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.164] SetEvent (hEvent=0x114) returned 1 [0102.164] SetEvent (hEvent=0x13c) returned 1 [0102.165] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.168] SetEvent (hEvent=0x114) returned 1 [0102.168] VirtualFree (lpAddress=0xc000288000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.168] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.169] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.169] VirtualFree (lpAddress=0xc000176000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.169] VirtualFree (lpAddress=0xc000166000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.169] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.169] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.170] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.170] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.170] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.170] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.171] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.171] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.171] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.171] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0102.172] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00023dcf4 | out: lpMode=0xc00023dcf4) returned 0 [0102.178] GetFileType (hFile=0x150) returned 0x1 [0102.178] GetFileType (hFile=0x150) returned 0x1 [0102.178] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00023dd44 | out: lpFileInformation=0xc00023dd44) returned 1 [0102.178] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00023dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023dd28) returned 1 [0102.178] VirtualAlloc (lpAddress=0xc0001f2000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f2000 [0102.179] ReadFile (in: hFile=0x150, lpBuffer=0xc0001f2000, nNumberOfBytesToRead=0x1a0f, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001f2000*, lpNumberOfBytesRead=0xc00023dc04*=0x180f, lpOverlapped=0x0) returned 1 [0102.183] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.184] SetEvent (hEvent=0x114) returned 1 [0102.184] ReadFile (in: hFile=0x150, lpBuffer=0xc0001f380f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001f380f*, lpNumberOfBytesRead=0xc00023dc04*=0x0, lpOverlapped=0x0) returned 1 [0102.184] CloseHandle (hObject=0x150) returned 1 [0102.184] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.185] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00023dd04 | out: lpMode=0xc00023dd04) returned 0 [0102.186] GetFileType (hFile=0x150) returned 0x1 [0102.186] WriteFile (in: hFile=0x150, lpBuffer=0xc00050d980*, nNumberOfBytesToWrite=0x1810, lpNumberOfBytesWritten=0xc00023dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesWritten=0xc00023dcec*=0x1810, lpOverlapped=0x0) returned 1 [0102.187] CloseHandle (hObject=0x150) returned 1 [0102.187] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0102.187] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0102.187] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.187] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00023dd64 | out: lpMode=0xc00023dd64) returned 0 [0102.195] GetFileType (hFile=0x150) returned 0x1 [0102.195] WriteFile (in: hFile=0x150, lpBuffer=0xc0000fe420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe420*, lpNumberOfBytesWritten=0xc00023dd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.195] CloseHandle (hObject=0x150) returned 1 [0102.195] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\encry-128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\encry-128.png"), dwFlags=0x1) returned 1 [0102.196] SwitchToThread () returned 1 [0102.198] SetEvent (hEvent=0x114) returned 1 [0102.198] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.200] SetEvent (hEvent=0x13c) returned 1 [0102.200] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.206] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.211] SetEvent (hEvent=0x114) returned 1 [0102.211] SetEvent (hEvent=0x15c) returned 1 [0102.211] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0102.211] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.214] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.216] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.216] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.216] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.216] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.216] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.216] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.217] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0102.217] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0102.217] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec)) returned 1 [0102.224] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.227] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.227] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.227] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.227] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xef, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.227] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.227] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.227] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xef)) returned 1 [0102.227] SetEvent (hEvent=0x13c) returned 1 [0102.228] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.229] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.240] SetEvent (hEvent=0xfc) returned 1 [0102.240] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.348] SetEvent (hEvent=0x114) returned 1 [0102.348] SetEvent (hEvent=0x13c) returned 1 [0102.348] SetEvent (hEvent=0xfc) returned 1 [0102.348] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.372] SetEvent (hEvent=0x13c) returned 1 [0102.372] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.412] SetEvent (hEvent=0x114) returned 1 [0102.412] SetEvent (hEvent=0x108) returned 1 [0102.412] SetEvent (hEvent=0x13c) returned 1 [0102.412] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.420] SetEvent (hEvent=0x15c) returned 1 [0102.420] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.422] VirtualFree (lpAddress=0xc0002b6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0102.423] VirtualFree (lpAddress=0xc0002ae000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.423] VirtualFree (lpAddress=0xc0001fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.423] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.423] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.424] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.424] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.425] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.425] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.425] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.425] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7)) returned 1 [0102.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.425] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.425] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.425] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.426] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.426] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.426] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.426] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10d)) returned 1 [0102.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.442] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0102.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.443] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.443] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0102.443] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.443] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.443] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.443] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100)) returned 1 [0102.446] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0102.446] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0102.447] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0102.447] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.450] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.453] SetEvent (hEvent=0x114) returned 1 [0102.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.453] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.460] VirtualFree (lpAddress=0xc0002b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.460] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.460] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.460] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.461] SwitchToThread () returned 1 [0102.461] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.463] SetEvent (hEvent=0x15c) returned 1 [0102.463] VirtualFree (lpAddress=0xc0002b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.463] VirtualFree (lpAddress=0xc0002aa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.463] VirtualFree (lpAddress=0xc00029e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.464] VirtualFree (lpAddress=0xc000280000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.464] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.464] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.464] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.464] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.465] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.465] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.465] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.465] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0102.466] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0102.467] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0102.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0102.467] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001bdcf4 | out: lpMode=0xc0001bdcf4) returned 0 [0102.476] GetFileType (hFile=0x128) returned 0x1 [0102.476] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0102.477] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0102.477] GetFileType (hFile=0x128) returned 0x1 [0102.477] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0001bdd44 | out: lpFileInformation=0xc0001bdd44) returned 1 [0102.477] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0001bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bdd28) returned 1 [0102.477] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0102.478] ReadFile (in: hFile=0x128, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc0001bdc04*=0x10d, lpOverlapped=0x0) returned 1 [0102.482] ReadFile (in: hFile=0x128, lpBuffer=0xc00003610d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003610d*, lpNumberOfBytesRead=0xc0001bdc04*=0x0, lpOverlapped=0x0) returned 1 [0102.482] CloseHandle (hObject=0x128) returned 1 [0102.482] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0102.483] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0102.483] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0102.484] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0102.485] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001bdd04 | out: lpMode=0xc0001bdd04) returned 0 [0102.501] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.569] SetEvent (hEvent=0x15c) returned 1 [0102.569] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.572] SetEvent (hEvent=0xfc) returned 1 [0102.572] SetEvent (hEvent=0x12c) returned 1 [0102.572] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.576] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.577] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.577] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0102.577] SetEvent (hEvent=0xc0) returned 1 [0102.577] SetEvent (hEvent=0x15c) returned 1 [0102.577] SetEvent (hEvent=0x13c) returned 1 [0102.577] SetEvent (hEvent=0x114) returned 1 [0102.578] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.586] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.586] SetEvent (hEvent=0x114) returned 1 [0102.586] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.589] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0102.589] SetEvent (hEvent=0x108) returned 1 [0102.589] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.595] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.595] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.595] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0102.595] SetEvent (hEvent=0xc0) returned 1 [0102.595] SetEvent (hEvent=0x13c) returned 1 [0102.595] SetEvent (hEvent=0x114) returned 1 [0102.596] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.599] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0102.599] SetEvent (hEvent=0x114) returned 1 [0102.599] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.605] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.605] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0102.605] SetEvent (hEvent=0x108) returned 1 [0102.605] SetEvent (hEvent=0x13c) returned 1 [0102.606] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.607] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.607] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.608] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0102.608] SetEvent (hEvent=0x13c) returned 1 [0102.608] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.608] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0102.608] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00017bcf4 | out: lpMode=0xc00017bcf4) returned 0 [0102.612] GetFileType (hFile=0x150) returned 0x1 [0102.612] GetFileType (hFile=0x150) returned 0x1 [0102.612] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00017bd44 | out: lpFileInformation=0xc00017bd44) returned 1 [0102.612] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00017bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00017bd28) returned 1 [0102.612] ReadFile (in: hFile=0x150, lpBuffer=0xc0002e2000, nNumberOfBytesToRead=0x309, lpNumberOfBytesRead=0xc00017bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesRead=0xc00017bc04*=0x109, lpOverlapped=0x0) returned 1 [0102.613] ReadFile (in: hFile=0x150, lpBuffer=0xc0002e2109, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00017bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2109*, lpNumberOfBytesRead=0xc00017bc04*=0x0, lpOverlapped=0x0) returned 1 [0102.613] CloseHandle (hObject=0x150) returned 1 [0102.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.614] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00017bd04 | out: lpMode=0xc00017bd04) returned 0 [0102.622] GetFileType (hFile=0x150) returned 0x1 [0102.622] WriteFile (in: hFile=0x150, lpBuffer=0xc0002d0120*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc00017bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002d0120*, lpNumberOfBytesWritten=0xc00017bcec*=0x110, lpOverlapped=0x0) returned 1 [0102.623] CloseHandle (hObject=0x150) returned 1 [0102.623] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0102.623] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.624] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00017bd64 | out: lpMode=0xc00017bd64) returned 0 [0102.632] GetFileType (hFile=0x150) returned 0x1 [0102.632] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00017bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00017bd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.632] CloseHandle (hObject=0x150) returned 1 [0102.632] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.633] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0102.633] SetEvent (hEvent=0xfc) returned 1 [0102.633] SetEvent (hEvent=0x12c) returned 1 [0102.634] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.638] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.638] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0102.638] SetEvent (hEvent=0x12c) returned 1 [0102.638] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.644] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.645] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.645] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0102.645] SetEvent (hEvent=0xc0) returned 1 [0102.645] SetEvent (hEvent=0xfc) returned 1 [0102.645] SetEvent (hEvent=0x108) returned 1 [0102.646] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.650] SetEvent (hEvent=0x108) returned 1 [0102.651] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.656] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.656] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0102.656] SetEvent (hEvent=0x114) returned 1 [0102.656] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.657] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0102.657] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001f5cf4 | out: lpMode=0xc0001f5cf4) returned 0 [0102.661] GetFileType (hFile=0x150) returned 0x1 [0102.661] GetFileType (hFile=0x150) returned 0x1 [0102.661] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0001f5d44 | out: lpFileInformation=0xc0001f5d44) returned 1 [0102.661] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0001f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f5d28) returned 1 [0102.661] ReadFile (in: hFile=0x150, lpBuffer=0xc0000ce300, nNumberOfBytesToRead=0x2ea, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce300*, lpNumberOfBytesRead=0xc0001f5c04*=0xea, lpOverlapped=0x0) returned 1 [0102.662] ReadFile (in: hFile=0x150, lpBuffer=0xc0000ce3ea, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce3ea*, lpNumberOfBytesRead=0xc0001f5c04*=0x0, lpOverlapped=0x0) returned 1 [0102.662] CloseHandle (hObject=0x150) returned 1 [0102.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.663] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001f5d04 | out: lpMode=0xc0001f5d04) returned 0 [0102.672] GetFileType (hFile=0x150) returned 0x1 [0102.672] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d84b0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0001f5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d84b0*, lpNumberOfBytesWritten=0xc0001f5cec*=0xf0, lpOverlapped=0x0) returned 1 [0102.673] CloseHandle (hObject=0x150) returned 1 [0102.674] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0102.674] VirtualAlloc (lpAddress=0xc0002f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f8000 [0102.674] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0102.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.675] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001f5d64 | out: lpMode=0xc0001f5d64) returned 0 [0102.676] GetFileType (hFile=0x150) returned 0x1 [0102.676] WriteFile (in: hFile=0x150, lpBuffer=0xc0002fa2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002fa2c0*, lpNumberOfBytesWritten=0xc0001f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.676] CloseHandle (hObject=0x150) returned 1 [0102.676] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.677] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.690] SetEvent (hEvent=0x13c) returned 1 [0102.690] SetEvent (hEvent=0x12c) returned 1 [0102.690] SwitchToThread () returned 1 [0102.694] SetEvent (hEvent=0x13c) returned 1 [0102.694] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.704] SetEvent (hEvent=0x13c) returned 1 [0102.704] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.708] SetEvent (hEvent=0x12c) returned 1 [0102.708] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.728] SetEvent (hEvent=0x13c) returned 1 [0102.728] SetEvent (hEvent=0xfc) returned 1 [0102.728] SetEvent (hEvent=0x12c) returned 1 [0102.728] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.735] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.746] SetEvent (hEvent=0x13c) returned 1 [0102.746] SwitchToThread () returned 1 [0102.749] SetEvent (hEvent=0x13c) returned 1 [0102.750] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.752] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0102.753] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0102.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0102.754] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001fbcf4 | out: lpMode=0xc0001fbcf4) returned 0 [0102.759] GetFileType (hFile=0x174) returned 0x1 [0102.759] GetFileType (hFile=0x174) returned 0x1 [0102.759] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0001fbd44 | out: lpFileInformation=0xc0001fbd44) returned 1 [0102.759] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0001fbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fbd28) returned 1 [0102.759] VirtualAlloc (lpAddress=0xc00020a000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020a000 [0102.760] ReadFile (in: hFile=0x174, lpBuffer=0xc00020a000, nNumberOfBytesToRead=0x47bf, lpNumberOfBytesRead=0xc0001fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00020a000*, lpNumberOfBytesRead=0xc0001fbc04*=0x45bf, lpOverlapped=0x0) returned 1 [0102.766] ReadFile (in: hFile=0x174, lpBuffer=0xc00020e5bf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00020e5bf*, lpNumberOfBytesRead=0xc0001fbc04*=0x0, lpOverlapped=0x0) returned 1 [0102.766] CloseHandle (hObject=0x174) returned 1 [0102.766] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0102.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0102.767] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001fbd04 | out: lpMode=0xc0001fbd04) returned 0 [0102.770] GetFileType (hFile=0x174) returned 0x1 [0102.770] WriteFile (in: hFile=0x174, lpBuffer=0xc00020e800*, nNumberOfBytesToWrite=0x45c0, lpNumberOfBytesWritten=0xc0001fbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00020e800*, lpNumberOfBytesWritten=0xc0001fbcec*=0x45c0, lpOverlapped=0x0) returned 1 [0102.771] CloseHandle (hObject=0x174) returned 1 [0102.772] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0102.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0102.772] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001fbd64 | out: lpMode=0xc0001fbd64) returned 0 [0102.777] GetFileType (hFile=0x174) returned 0x1 [0102.777] WriteFile (in: hFile=0x174, lpBuffer=0xc0000f0dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0dc0*, lpNumberOfBytesWritten=0xc0001fbd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.777] CloseHandle (hObject=0x174) returned 1 [0102.778] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.778] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.789] GetFileType (hFile=0x144) returned 0x1 [0102.790] GetFileType (hFile=0x144) returned 0x1 [0102.790] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000065d44 | out: lpFileInformation=0xc000065d44) returned 1 [0102.790] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000065d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000065d28) returned 1 [0102.790] ReadFile (in: hFile=0x144, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x30c, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc000065c04*=0x10c, lpOverlapped=0x0) returned 1 [0102.791] ReadFile (in: hFile=0x144, lpBuffer=0xc0000a210c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a210c*, lpNumberOfBytesRead=0xc000065c04*=0x0, lpOverlapped=0x0) returned 1 [0102.791] CloseHandle (hObject=0x144) returned 1 [0102.791] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0102.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.792] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000065d04 | out: lpMode=0xc000065d04) returned 0 [0102.798] GetFileType (hFile=0x144) returned 0x1 [0102.798] WriteFile (in: hFile=0x144, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000065cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc000065cec*=0x110, lpOverlapped=0x0) returned 1 [0102.799] CloseHandle (hObject=0x144) returned 1 [0102.799] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0102.799] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0102.799] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0102.800] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.800] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000065d64 | out: lpMode=0xc000065d64) returned 0 [0102.805] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.805] GetFileType (hFile=0x144) returned 0x1 [0102.805] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d89a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000065d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d89a0*, lpNumberOfBytesWritten=0xc000065d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.808] CloseHandle (hObject=0x144) returned 1 [0102.808] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.809] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.818] SetEvent (hEvent=0x13c) returned 1 [0102.818] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.820] SetEvent (hEvent=0x114) returned 1 [0102.820] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.824] SwitchToThread () returned 1 [0102.827] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.829] SetEvent (hEvent=0x13c) returned 1 [0102.829] SetEvent (hEvent=0x108) returned 1 [0102.829] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.829] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.829] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.830] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.830] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.830] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.831] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000209d04 | out: lpMode=0xc000209d04) returned 0 [0102.832] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.834] GetFileType (hFile=0x144) returned 0x1 [0102.834] WriteFile (in: hFile=0x144, lpBuffer=0xc000130700*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0xc000209cec, lpOverlapped=0x0 | out: lpBuffer=0xc000130700*, lpNumberOfBytesWritten=0xc000209cec*=0x320, lpOverlapped=0x0) returned 1 [0102.835] CloseHandle (hObject=0x144) returned 1 [0102.835] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0102.836] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0102.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.837] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000209d64 | out: lpMode=0xc000209d64) returned 0 [0102.837] GetFileType (hFile=0x144) returned 0x1 [0102.837] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000209d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000209d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.837] CloseHandle (hObject=0x144) returned 1 [0102.838] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0102.838] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0102.839] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0102.839] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0102.839] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\encry-manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\encry-manifest.json"), dwFlags=0x1) returned 1 [0102.841] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.841] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.841] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.841] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.842] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.842] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.842] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0102.843] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0102.843] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000ebcf4 | out: lpMode=0xc0000ebcf4) returned 0 [0102.844] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.847] GetFileType (hFile=0x144) returned 0x1 [0102.847] GetFileType (hFile=0x144) returned 0x1 [0102.847] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0000ebd44 | out: lpFileInformation=0xc0000ebd44) returned 1 [0102.847] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0000ebd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000ebd28) returned 1 [0102.848] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0102.848] ReadFile (in: hFile=0x144, lpBuffer=0xc00016c000, nNumberOfBytesToRead=0x2ea, lpNumberOfBytesRead=0xc0000ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c000*, lpNumberOfBytesRead=0xc0000ebc04*=0xea, lpOverlapped=0x0) returned 1 [0102.850] ReadFile (in: hFile=0x144, lpBuffer=0xc00016c0ea, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c0ea*, lpNumberOfBytesRead=0xc0000ebc04*=0x0, lpOverlapped=0x0) returned 1 [0102.850] CloseHandle (hObject=0x144) returned 1 [0102.850] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0102.851] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.852] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000ebd04 | out: lpMode=0xc0000ebd04) returned 0 [0102.852] GetFileType (hFile=0x144) returned 0x1 [0102.852] WriteFile (in: hFile=0x144, lpBuffer=0xc00003c1e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0000ebcec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c1e0*, lpNumberOfBytesWritten=0xc0000ebcec*=0xf0, lpOverlapped=0x0) returned 1 [0102.854] CloseHandle (hObject=0x144) returned 1 [0102.854] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0102.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.854] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000ebd64 | out: lpMode=0xc0000ebd64) returned 0 [0102.858] GetFileType (hFile=0x144) returned 0x1 [0102.859] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000ebd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000ebd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.859] CloseHandle (hObject=0x144) returned 1 [0102.859] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.859] SwitchToThread () returned 1 [0102.860] SetEvent (hEvent=0x13c) returned 1 [0102.860] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.862] SetEvent (hEvent=0x114) returned 1 [0102.862] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.872] SetEvent (hEvent=0x13c) returned 1 [0102.872] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.873] SetEvent (hEvent=0x108) returned 1 [0102.873] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.876] SetEvent (hEvent=0x15c) returned 1 [0102.877] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.899] SetEvent (hEvent=0x15c) returned 1 [0102.899] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.934] SetEvent (hEvent=0x13c) returned 1 [0102.943] SetEvent (hEvent=0x114) returned 1 [0102.943] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0102.997] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.003] SetEvent (hEvent=0x13c) returned 1 [0103.003] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0103.004] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0103.004] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0103.005] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0103.005] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0103.006] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0103.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0103.007] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000063cf4 | out: lpMode=0xc000063cf4) returned 0 [0103.013] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.014] GetFileType (hFile=0x144) returned 0x1 [0103.014] GetFileType (hFile=0x144) returned 0x1 [0103.014] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000063d44 | out: lpFileInformation=0xc000063d44) returned 1 [0103.014] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000063d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000063d28) returned 1 [0103.014] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0103.015] ReadFile (in: hFile=0x144, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x54cb, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc000063c04*=0x52cb, lpOverlapped=0x0) returned 1 [0103.017] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.041] ReadFile (in: hFile=0x144, lpBuffer=0xc0002172cb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002172cb*, lpNumberOfBytesRead=0xc000063c04*=0x0, lpOverlapped=0x0) returned 1 [0103.042] CloseHandle (hObject=0x144) returned 1 [0103.042] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0103.042] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0103.043] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0103.044] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000063d04 | out: lpMode=0xc000063d04) returned 0 [0103.056] GetFileType (hFile=0x144) returned 0x1 [0103.056] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0103.056] WriteFile (in: hFile=0x144, lpBuffer=0xc000217500*, nNumberOfBytesToWrite=0x52d0, lpNumberOfBytesWritten=0xc000063cec, lpOverlapped=0x0 | out: lpBuffer=0xc000217500*, lpNumberOfBytesWritten=0xc000063cec*=0x52d0, lpOverlapped=0x0) returned 1 [0103.058] CloseHandle (hObject=0x144) returned 1 [0103.059] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0103.059] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0103.059] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0103.059] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0103.060] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0103.060] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0103.061] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0103.061] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000063d64 | out: lpMode=0xc000063d64) returned 0 [0103.072] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.081] GetFileType (hFile=0x144) returned 0x1 [0103.081] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.090] WriteFile (in: hFile=0x144, lpBuffer=0xc0001de6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000063d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001de6e0*, lpNumberOfBytesWritten=0xc000063d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.090] CloseHandle (hObject=0x144) returned 1 [0103.090] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.091] SetEvent (hEvent=0xfc) returned 1 [0103.091] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.111] SetEvent (hEvent=0x13c) returned 1 [0103.111] SetEvent (hEvent=0xfc) returned 1 [0103.111] SetEvent (hEvent=0xb8) returned 1 [0103.111] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.117] SetEvent (hEvent=0x13c) returned 1 [0103.117] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.123] SetEvent (hEvent=0x108) returned 1 [0103.123] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0103.124] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000111cf4 | out: lpMode=0xc000111cf4) returned 0 [0103.127] GetFileType (hFile=0x170) returned 0x1 [0103.127] GetFileType (hFile=0x170) returned 0x1 [0103.127] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc000111d44 | out: lpFileInformation=0xc000111d44) returned 1 [0103.127] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc000111d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000111d28) returned 1 [0103.127] ReadFile (in: hFile=0x170, lpBuffer=0xc000284800, nNumberOfBytesToRead=0x4229, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc000284800*, lpNumberOfBytesRead=0xc000111c04*=0x4029, lpOverlapped=0x0) returned 1 [0103.130] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.134] SetEvent (hEvent=0x13c) returned 1 [0103.134] ReadFile (in: hFile=0x170, lpBuffer=0xc000288829, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc000288829*, lpNumberOfBytesRead=0xc000111c04*=0x0, lpOverlapped=0x0) returned 1 [0103.134] CloseHandle (hObject=0x170) returned 1 [0103.134] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0103.135] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0103.135] VirtualAlloc (lpAddress=0xc00020a000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020a000 [0103.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0103.138] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000111d04 | out: lpMode=0xc000111d04) returned 0 [0103.141] GetFileType (hFile=0x170) returned 0x1 [0103.141] WriteFile (in: hFile=0x170, lpBuffer=0xc00020a000*, nNumberOfBytesToWrite=0x4030, lpNumberOfBytesWritten=0xc000111cec, lpOverlapped=0x0 | out: lpBuffer=0xc00020a000*, lpNumberOfBytesWritten=0xc000111cec*=0x4030, lpOverlapped=0x0) returned 1 [0103.142] CloseHandle (hObject=0x170) returned 1 [0103.142] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0103.143] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0103.143] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000111d64 | out: lpMode=0xc000111d64) returned 0 [0103.153] GetFileType (hFile=0x170) returned 0x1 [0103.153] WriteFile (in: hFile=0x170, lpBuffer=0xc0001dedc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000111d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001dedc0*, lpNumberOfBytesWritten=0xc000111d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.153] CloseHandle (hObject=0x170) returned 1 [0103.153] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.154] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0103.154] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc00012bcf4 | out: lpMode=0xc00012bcf4) returned 0 [0103.156] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.164] GetFileType (hFile=0x170) returned 0x1 [0103.164] GetFileType (hFile=0x170) returned 0x1 [0103.164] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc00012bd44 | out: lpFileInformation=0xc00012bd44) returned 1 [0103.164] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc00012bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012bd28) returned 1 [0103.164] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0103.165] ReadFile (in: hFile=0x170, lpBuffer=0xc00021c000, nNumberOfBytesToRead=0x4cfe, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021c000*, lpNumberOfBytesRead=0xc00012bc04*=0x4afe, lpOverlapped=0x0) returned 1 [0103.171] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.180] ReadFile (in: hFile=0x170, lpBuffer=0xc000220afe, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000220afe*, lpNumberOfBytesRead=0xc00012bc04*=0x0, lpOverlapped=0x0) returned 1 [0103.181] CloseHandle (hObject=0x170) returned 1 [0103.181] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0103.181] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0103.181] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0103.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0103.184] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc00012bd04 | out: lpMode=0xc00012bd04) returned 0 [0103.190] GetFileType (hFile=0x170) returned 0x1 [0103.190] WriteFile (in: hFile=0x170, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x4b00, lpNumberOfBytesWritten=0xc00012bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc00012bcec*=0x4b00, lpOverlapped=0x0) returned 1 [0103.191] CloseHandle (hObject=0x170) returned 1 [0103.192] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0103.192] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0103.192] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0103.193] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0103.193] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc00012bd64 | out: lpMode=0xc00012bd64) returned 0 [0103.196] GetFileType (hFile=0x170) returned 0x1 [0103.196] WriteFile (in: hFile=0x170, lpBuffer=0xc0001de420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001de420*, lpNumberOfBytesWritten=0xc00012bd4c*=0x158, lpOverlapped=0x0) returned 1 [0103.196] CloseHandle (hObject=0x170) returned 1 [0103.196] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.197] SwitchToThread () returned 1 [0103.200] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0103.205] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000137d04 | out: lpMode=0xc000137d04) returned 0 [0103.211] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.213] GetFileType (hFile=0x128) returned 0x1 [0103.213] WriteFile (in: hFile=0x128, lpBuffer=0xc000160000*, nNumberOfBytesToWrite=0x3e90, lpNumberOfBytesWritten=0xc000137cec, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesWritten=0xc000137cec*=0x3e90, lpOverlapped=0x0) returned 1 [0103.215] CloseHandle (hObject=0x128) returned 1 [0103.215] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000c01 | out: pbBuffer=0xc000000c01) returned 1 [0103.215] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0103.215] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000137d64 | out: lpMode=0xc000137d64) returned 0 [0103.216] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.226] GetFileType (hFile=0x128) returned 0x1 [0103.226] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000137d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000137d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.226] CloseHandle (hObject=0x128) returned 1 [0103.226] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.228] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000157d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000157d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.228] CloseHandle (hObject=0x148) returned 1 [0103.228] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.229] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0103.229] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0001c5cf4 | out: lpMode=0xc0001c5cf4) returned 0 [0103.234] GetFileType (hFile=0x148) returned 0x1 [0103.234] GetFileType (hFile=0x148) returned 0x1 [0103.234] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc0001c5d44 | out: lpFileInformation=0xc0001c5d44) returned 1 [0103.234] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc0001c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c5d28) returned 1 [0103.234] ReadFile (in: hFile=0x148, lpBuffer=0xc00020a000, nNumberOfBytesToRead=0x4282, lpNumberOfBytesRead=0xc0001c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00020a000*, lpNumberOfBytesRead=0xc0001c5c04*=0x4082, lpOverlapped=0x0) returned 1 [0103.239] ReadFile (in: hFile=0x148, lpBuffer=0xc00020e082, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00020e082*, lpNumberOfBytesRead=0xc0001c5c04*=0x0, lpOverlapped=0x0) returned 1 [0103.239] CloseHandle (hObject=0x148) returned 1 [0103.239] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0103.239] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.241] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0001c5d04 | out: lpMode=0xc0001c5d04) returned 0 [0103.243] GetFileType (hFile=0x148) returned 0x1 [0103.243] WriteFile (in: hFile=0x148, lpBuffer=0xc00020e800*, nNumberOfBytesToWrite=0x4090, lpNumberOfBytesWritten=0xc0001c5cec, lpOverlapped=0x0 | out: lpBuffer=0xc00020e800*, lpNumberOfBytesWritten=0xc0001c5cec*=0x4090, lpOverlapped=0x0) returned 1 [0103.244] CloseHandle (hObject=0x148) returned 1 [0103.245] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0103.245] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.245] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0001c5d64 | out: lpMode=0xc0001c5d64) returned 0 [0103.249] GetFileType (hFile=0x148) returned 0x1 [0103.249] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0103.250] WriteFile (in: hFile=0x148, lpBuffer=0xc0001de160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001de160*, lpNumberOfBytesWritten=0xc0001c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.250] CloseHandle (hObject=0x148) returned 1 [0103.250] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fil\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.330] SetEvent (hEvent=0x108) returned 1 [0103.331] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.331] SetEvent (hEvent=0x13c) returned 1 [0103.331] SetEvent (hEvent=0x15c) returned 1 [0103.331] SetEvent (hEvent=0x108) returned 1 [0103.331] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.335] SetEvent (hEvent=0x15c) returned 1 [0103.335] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.339] SetEvent (hEvent=0x13c) returned 1 [0103.339] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.353] SetEvent (hEvent=0x108) returned 1 [0103.353] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.361] SetEvent (hEvent=0xfc) returned 1 [0103.362] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.362] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.362] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.362] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.362] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.363] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.363] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.363] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.363] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.363] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0103.364] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0103.364] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0103.364] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0103.365] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000191cf4 | out: lpMode=0xc000191cf4) returned 0 [0103.375] GetFileType (hFile=0x148) returned 0x1 [0103.375] GetFileType (hFile=0x148) returned 0x1 [0103.375] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000191d44 | out: lpFileInformation=0xc000191d44) returned 1 [0103.375] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000191d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000191d28) returned 1 [0103.375] ReadFile (in: hFile=0x148, lpBuffer=0xc00020e800, nNumberOfBytesToRead=0x41f2, lpNumberOfBytesRead=0xc000191c04, lpOverlapped=0x0 | out: lpBuffer=0xc00020e800*, lpNumberOfBytesRead=0xc000191c04*=0x3ff2, lpOverlapped=0x0) returned 1 [0103.500] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.529] ReadFile (in: hFile=0x148, lpBuffer=0xc0002127f2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000191c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002127f2*, lpNumberOfBytesRead=0xc000191c04*=0x0, lpOverlapped=0x0) returned 1 [0103.529] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.538] CloseHandle (hObject=0x148) returned 1 [0103.538] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.539] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000191d04 | out: lpMode=0xc000191d04) returned 0 [0103.542] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.549] SetEvent (hEvent=0xc0) returned 1 [0103.549] GetFileType (hFile=0x148) returned 0x1 [0103.549] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.591] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0103.591] WriteFile (in: hFile=0x148, lpBuffer=0xc000052000*, nNumberOfBytesToWrite=0x4000, lpNumberOfBytesWritten=0xc000191cec, lpOverlapped=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfBytesWritten=0xc000191cec*=0x4000, lpOverlapped=0x0) returned 1 [0103.593] CloseHandle (hObject=0x148) returned 1 [0103.594] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0103.594] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0103.594] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0103.594] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0103.595] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0103.595] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0103.595] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0103.595] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0103.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.596] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000191d64 | out: lpMode=0xc000191d64) returned 0 [0103.599] GetFileType (hFile=0x148) returned 0x1 [0103.599] WriteFile (in: hFile=0x148, lpBuffer=0xc00004e420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000191d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00004e420*, lpNumberOfBytesWritten=0xc000191d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.599] CloseHandle (hObject=0x148) returned 1 [0103.599] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.600] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.601] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0103.601] SetEvent (hEvent=0xc0) returned 1 [0103.601] SetEvent (hEvent=0x12c) returned 1 [0103.601] SetEvent (hEvent=0x15c) returned 1 [0103.601] SetEvent (hEvent=0xfc) returned 1 [0103.602] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.603] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.603] SetEvent (hEvent=0x15c) returned 1 [0103.603] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.607] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.608] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0103.608] SetEvent (hEvent=0x114) returned 1 [0103.608] SetEvent (hEvent=0x108) returned 1 [0103.608] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.611] VirtualFree (lpAddress=0xc000262000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.611] VirtualFree (lpAddress=0xc00025a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0103.611] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.612] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.612] VirtualFree (lpAddress=0xc000238000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.612] VirtualFree (lpAddress=0xc000230000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.612] VirtualFree (lpAddress=0xc00021c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.613] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.613] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.613] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.613] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.614] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.614] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.614] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.614] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.615] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.615] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.615] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.615] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.615] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00019d818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc00019d818*=0x4) returned 1 [0103.616] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.622] SetEvent (hEvent=0x164) returned 1 [0103.622] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.628] SetEvent (hEvent=0x114) returned 1 [0103.628] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.629] SetEvent (hEvent=0xfc) returned 1 [0103.630] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.632] SetEvent (hEvent=0x9c) returned 1 [0103.632] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.648] SetEvent (hEvent=0x114) returned 1 [0103.648] SetEvent (hEvent=0x9c) returned 1 [0103.648] SetEvent (hEvent=0xfc) returned 1 [0103.648] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.660] SetEvent (hEvent=0x114) returned 1 [0103.661] SetEvent (hEvent=0x9c) returned 1 [0103.661] SetEvent (hEvent=0x164) returned 1 [0103.661] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.669] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.672] SetEvent (hEvent=0x114) returned 1 [0103.672] SetEvent (hEvent=0x164) returned 1 [0103.672] SwitchToThread () returned 1 [0103.674] SetEvent (hEvent=0x114) returned 1 [0103.674] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.678] SwitchToThread () returned 1 [0103.681] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.688] SetEvent (hEvent=0x114) returned 1 [0103.688] SetEvent (hEvent=0x164) returned 1 [0103.688] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.698] SetEvent (hEvent=0x9c) returned 1 [0103.698] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0103.698] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0103.699] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0103.699] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0103.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ac [0103.700] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0xc000167cf4 | out: lpMode=0xc000167cf4) returned 0 [0103.709] GetFileType (hFile=0x1ac) returned 0x1 [0103.709] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0103.710] GetFileType (hFile=0x1ac) returned 0x1 [0103.710] GetFileInformationByHandle (in: hFile=0x1ac, lpFileInformation=0xc000167d44 | out: lpFileInformation=0xc000167d44) returned 1 [0103.710] GetFileInformationByHandleEx (in: hFile=0x1ac, FileInformationClass=0x9, lpFileInformation=0xc000167d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000167d28) returned 1 [0103.710] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0103.710] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0103.711] ReadFile (in: hFile=0x1ac, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0x583d, lpNumberOfBytesRead=0xc000167c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc000167c04*=0x563d, lpOverlapped=0x0) returned 1 [0103.741] ReadFile (in: hFile=0x1ac, lpBuffer=0xc0001e763d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000167c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e763d*, lpNumberOfBytesRead=0xc000167c04*=0x0, lpOverlapped=0x0) returned 1 [0103.741] CloseHandle (hObject=0x1ac) returned 1 [0103.741] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0103.741] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0103.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0103.743] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0xc000167d04 | out: lpMode=0xc000167d04) returned 0 [0103.751] GetFileType (hFile=0x1ac) returned 0x1 [0103.751] WriteFile (in: hFile=0x1ac, lpBuffer=0xc000300000*, nNumberOfBytesToWrite=0x5640, lpNumberOfBytesWritten=0xc000167cec, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesWritten=0xc000167cec*=0x5640, lpOverlapped=0x0) returned 1 [0103.752] CloseHandle (hObject=0x1ac) returned 1 [0103.752] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0103.752] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0103.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0103.753] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0xc000167d64 | out: lpMode=0xc000167d64) returned 0 [0103.758] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.766] SetEvent (hEvent=0xfc) returned 1 [0103.766] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.767] SetEvent (hEvent=0xfc) returned 1 [0103.767] SetEvent (hEvent=0x9c) returned 1 [0103.767] SetEvent (hEvent=0x114) returned 1 [0103.767] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.769] VirtualFree (lpAddress=0xc000300000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0103.770] VirtualFree (lpAddress=0xc00028c000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0103.770] VirtualFree (lpAddress=0xc000238000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.770] VirtualFree (lpAddress=0xc000234000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.770] VirtualFree (lpAddress=0xc000230000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.771] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0103.771] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.771] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.771] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.772] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.772] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.772] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0103.772] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.773] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.773] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.773] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.773] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.773] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.774] SetEvent (hEvent=0x164) returned 1 [0103.774] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.781] SetEvent (hEvent=0x164) returned 1 [0103.781] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.784] SetEvent (hEvent=0x114) returned 1 [0103.784] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.828] GetFileType (hFile=0x174) returned 0x1 [0103.828] WriteFile (in: hFile=0x174, lpBuffer=0xc0002366e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001add4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002366e0*, lpNumberOfBytesWritten=0xc0001add4c*=0x158, lpOverlapped=0x0) returned 1 [0103.828] CloseHandle (hObject=0x174) returned 1 [0103.828] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.829] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.830] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0103.830] SetEvent (hEvent=0xc0) returned 1 [0103.830] SetEvent (hEvent=0xb8) returned 1 [0103.830] SetEvent (hEvent=0xf4) returned 1 [0103.830] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0103.832] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.836] SetEvent (hEvent=0xf4) returned 1 [0103.836] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.845] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.845] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0103.845] SetEvent (hEvent=0x164) returned 1 [0103.845] SetEvent (hEvent=0x114) returned 1 [0103.845] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.850] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a04f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001e9818, lpReserved=0x0 | out: lpBuffer=0xc0000a04f0*, lpNumberOfCharsWritten=0xc0001e9818*=0x3) returned 1 [0103.851] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.868] SetEvent (hEvent=0x9c) returned 1 [0103.868] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0103.900] SetEvent (hEvent=0xf4) returned 1 [0103.900] SwitchToThread () returned 1 [0104.039] SetEvent (hEvent=0xf4) returned 1 [0104.039] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0104.050] SetEvent (hEvent=0xf4) returned 1 [0104.050] GetFileType (hFile=0x1ac) returned 0x1 [0104.050] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0104.051] WriteFile (in: hFile=0x1ac, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000167d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc000167d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.051] CloseHandle (hObject=0x1ac) returned 1 [0104.051] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0104.052] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0104.052] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\encry-messages.json"), dwFlags=0x1) returned 1 [0104.053] GetFileType (hFile=0x184) returned 0x1 [0104.053] WriteFile (in: hFile=0x184, lpBuffer=0xc00006a000*, nNumberOfBytesToWrite=0x3ec0, lpNumberOfBytesWritten=0xc0000bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesWritten=0xc0000bbcec*=0x3ec0, lpOverlapped=0x0) returned 1 [0104.055] CloseHandle (hObject=0x184) returned 1 [0104.055] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0104.055] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0104.055] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0104.056] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0104.056] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0104.056] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0000bbd64 | out: lpMode=0xc0000bbd64) returned 0 [0104.063] GetFileType (hFile=0x184) returned 0x1 [0104.063] WriteFile (in: hFile=0x184, lpBuffer=0xc00003c840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00003c840*, lpNumberOfBytesWritten=0xc0000bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0104.064] CloseHandle (hObject=0x184) returned 1 [0104.064] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\encry-messages.json"), dwFlags=0x1) returned 1 [0104.065] GetFileType (hFile=0xec) returned 0x1 [0104.065] WriteFile (in: hFile=0xec, lpBuffer=0xc00003cc60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00003cc60*, lpNumberOfBytesWritten=0xc00027dd4c*=0x158, lpOverlapped=0x0) returned 1 [0104.065] CloseHandle (hObject=0xec) returned 1 [0104.065] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\encry-messages.json"), dwFlags=0x1) returned 1 [0104.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0104.066] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00012fcf4 | out: lpMode=0xc00012fcf4) returned 0 [0104.070] GetFileType (hFile=0xec) returned 0x1 [0104.070] GetFileType (hFile=0xec) returned 0x1 [0104.070] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00012fd44 | out: lpFileInformation=0xc00012fd44) returned 1 [0104.070] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00012fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012fd28) returned 1 [0104.070] ReadFile (in: hFile=0xec, lpBuffer=0xc0002a2800, nNumberOfBytesToRead=0x418b, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a2800*, lpNumberOfBytesRead=0xc00012fc04*=0x3f8b, lpOverlapped=0x0) returned 1 [0104.080] ReadFile (in: hFile=0xec, lpBuffer=0xc0002a678b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a678b*, lpNumberOfBytesRead=0xc00012fc04*=0x0, lpOverlapped=0x0) returned 1 [0104.080] CloseHandle (hObject=0xec) returned 1 [0104.080] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0104.081] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0104.082] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00012fd04 | out: lpMode=0xc00012fd04) returned 0 [0104.084] GetFileType (hFile=0xec) returned 0x1 [0104.084] WriteFile (in: hFile=0xec, lpBuffer=0xc000124000*, nNumberOfBytesToWrite=0x3f90, lpNumberOfBytesWritten=0xc00012fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesWritten=0xc00012fcec*=0x3f90, lpOverlapped=0x0) returned 1 [0104.085] CloseHandle (hObject=0xec) returned 1 [0104.086] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0104.086] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0104.086] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00012fd64 | out: lpMode=0xc00012fd64) returned 0 [0104.093] GetFileType (hFile=0xec) returned 0x1 [0104.093] WriteFile (in: hFile=0xec, lpBuffer=0xc000236580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000236580*, lpNumberOfBytesWritten=0xc00012fd4c*=0x158, lpOverlapped=0x0) returned 1 [0104.093] CloseHandle (hObject=0xec) returned 1 [0104.093] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\encry-messages.json"), dwFlags=0x1) returned 1 [0104.094] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0104.095] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0104.095] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83663ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836884d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836884d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0104.096] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83663ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836884d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836884d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0104.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83663ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836884d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836884d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0104.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836661f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836661f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x1a1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="cast_app.css", cAlternateFileName="")) returned 1 [0104.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8366b010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8366d720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x221da, dwReserved0=0x0, dwReserved1=0x0, cFileName="cast_app.js", cAlternateFileName="")) returned 1 [0104.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8366fe30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8366fe30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="cast_app_redirect.js", cAlternateFileName="CAST_A~1.JS")) returned 1 [0104.100] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83674c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83674c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x1bef, dwReserved0=0x0, dwReserved1=0x0, cFileName="chromecast_logo_grey.png", cAlternateFileName="CHROME~1.PNG")) returned 1 [0104.100] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83679a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83679a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="devices.html", cAlternateFileName="DEVICE~1.HTM")) returned 1 [0104.100] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8367c180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8367c180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x828, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.html", cAlternateFileName="INDEX~1.HTM")) returned 1 [0104.100] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83685dc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83685dc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="offers.html", cAlternateFileName="OFFERS~1.HTM")) returned 1 [0104.100] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836884d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8368abe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="setup.html", cAlternateFileName="SETUP~1.HTM")) returned 1 [0104.100] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0104.100] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0104.101] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0104.101] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836661f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836661f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x1a1d)) returned 1 [0104.102] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8366b010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8366d720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x221da)) returned 1 [0104.102] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8366fe30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8366fe30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xf2)) returned 1 [0104.106] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83674c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83674c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x1bef)) returned 1 [0104.107] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83679a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83679a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b)) returned 1 [0104.107] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8367c180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8367c180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x828)) returned 1 [0104.107] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83685dc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83685dc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b)) returned 1 [0104.112] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0104.116] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836884d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8368abe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3b)) returned 1 [0104.116] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368d2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83694820, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0104.117] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0104.117] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368d2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83694820, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0104.117] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368d2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83694820, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0104.117] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8368fa00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8368fa00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x174c, dwReserved0=0x0, dwReserved1=0x0, cFileName="view.html", cAlternateFileName="VIEW~1.HTM")) returned 1 [0104.117] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83694820, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x945, dwReserved0=0x0, dwReserved1=0x0, cFileName="view.js", cAlternateFileName="")) returned 1 [0104.117] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0104.117] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0104.117] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8368fa00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8368fa00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x174c)) returned 1 [0104.118] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83694820, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x945)) returned 1 [0104.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83696f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83699640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xc878)) returned 1 [0104.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8369bd50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8369bd50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xc26)) returned 1 [0104.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836a0b70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836a0b70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x38a8)) returned 1 [0104.125] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0104.125] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836a5990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836a5990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x2b20)) returned 1 [0104.127] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0104.157] SetEvent (hEvent=0x164) returned 1 [0104.158] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0104.495] SetEvent (hEvent=0x9c) returned 1 [0104.495] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0104.531] SetEvent (hEvent=0xb8) returned 1 [0104.531] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0104.551] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0104.551] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0104.552] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0104.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a059.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ac [0104.553] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0xc00022fcf4 | out: lpMode=0xc00022fcf4) returned 0 [0104.558] GetFileType (hFile=0x1ac) returned 0x1 [0104.558] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0104.558] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0104.559] GetFileType (hFile=0x1ac) returned 0x1 [0104.559] GetFileInformationByHandle (in: hFile=0x1ac, lpFileInformation=0xc00022fd44 | out: lpFileInformation=0xc00022fd44) returned 1 [0104.559] GetFileInformationByHandleEx (in: hFile=0x1ac, FileInformationClass=0x9, lpFileInformation=0xc00022fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022fd28) returned 1 [0104.559] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0104.559] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0104.560] ReadFile (in: hFile=0x1ac, lpBuffer=0xc000250000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000250000*, lpNumberOfBytesRead=0xc00022fc04*=0x0, lpOverlapped=0x0) returned 1 [0104.560] CloseHandle (hObject=0x1ac) returned 1 [0104.560] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0104.560] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0104.561] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a059.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0104.561] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0xc00022fd04 | out: lpMode=0xc00022fd04) returned 0 [0104.565] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0104.641] SetEvent (hEvent=0x120) returned 1 [0104.641] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0104.701] SetEvent (hEvent=0xb8) returned 1 [0104.701] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0107.768] SetEvent (hEvent=0x164) returned 1 [0107.768] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0107.775] SetEvent (hEvent=0x108) returned 1 [0107.776] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0107.778] SetEvent (hEvent=0x108) returned 1 [0107.778] SetEvent (hEvent=0x188) returned 1 [0107.778] SetEvent (hEvent=0x1d0) returned 1 [0107.778] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0107.780] SetEvent (hEvent=0x164) returned 1 [0107.780] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0107.782] SetEvent (hEvent=0x120) returned 1 [0107.782] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0107.784] SetEvent (hEvent=0x164) returned 1 [0107.784] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0107.798] SetEvent (hEvent=0x1d0) returned 1 [0107.798] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0107.801] SetEvent (hEvent=0x164) returned 1 [0107.801] SetEvent (hEvent=0xb8) returned 1 [0107.801] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0107.805] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.805] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.806] VirtualFree (lpAddress=0xc000238000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.806] VirtualFree (lpAddress=0xc000222000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.806] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.806] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.806] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.807] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.807] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.807] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.807] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.807] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.808] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.808] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.808] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.808] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.808] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.809] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0107.809] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000163cf4 | out: lpMode=0xc000163cf4) returned 0 [0107.813] GetFileType (hFile=0x1b4) returned 0x1 [0107.814] GetFileType (hFile=0x1b4) returned 0x1 [0107.814] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000163d44 | out: lpFileInformation=0xc000163d44) returned 1 [0107.814] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000163d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000163d28) returned 1 [0107.814] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x610, lpNumberOfBytesRead=0xc000163c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc000163c04*=0x410, lpOverlapped=0x0) returned 1 [0107.822] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00004c410, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000163c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c410*, lpNumberOfBytesRead=0xc000163c04*=0x0, lpOverlapped=0x0) returned 1 [0107.822] CloseHandle (hObject=0x1b4) returned 1 [0107.822] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0107.833] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0107.834] SetEvent (hEvent=0x15c) returned 1 [0107.834] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000163d04 | out: lpMode=0xc000163d04) returned 0 [0107.835] GetFileType (hFile=0x1b0) returned 0x1 [0107.835] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00025c480*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0xc000163cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025c480*, lpNumberOfBytesWritten=0xc000163cec*=0x420, lpOverlapped=0x0) returned 1 [0107.836] CloseHandle (hObject=0x1b0) returned 1 [0107.837] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0107.838] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0107.838] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000163d64 | out: lpMode=0xc000163d64) returned 0 [0107.841] GetFileType (hFile=0x1d4) returned 0x1 [0107.841] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0001c02c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000163d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c02c0*, lpNumberOfBytesWritten=0xc000163d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.841] CloseHandle (hObject=0x1d4) returned 1 [0107.844] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\encry-07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\encry-07_tv_recorded_in_the_last_week.wpl"), dwFlags=0x1) returned 1 [0108.407] SetEvent (hEvent=0x188) returned 1 [0108.407] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0114.158] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b8 [0114.159] GetConsoleMode (in: hConsoleHandle=0x1b8, lpMode=0xc0001d5cf4 | out: lpMode=0xc0001d5cf4) returned 0 [0114.165] GetFileType (hFile=0x1b8) returned 0x1 [0114.165] GetFileType (hFile=0x1b8) returned 0x1 [0114.165] GetFileInformationByHandle (in: hFile=0x1b8, lpFileInformation=0xc0001d5d44 | out: lpFileInformation=0xc0001d5d44) returned 1 [0114.165] GetFileInformationByHandleEx (in: hFile=0x1b8, FileInformationClass=0x9, lpFileInformation=0xc0001d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d5d28) returned 1 [0114.165] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0114.166] ReadFile (in: hFile=0x1b8, lpBuffer=0xc000146000, nNumberOfBytesToRead=0x43b, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000146000*, lpNumberOfBytesRead=0xc0001d5c04*=0x23b, lpOverlapped=0x0) returned 1 [0114.173] ReadFile (in: hFile=0x1b8, lpBuffer=0xc00014623b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00014623b*, lpNumberOfBytesRead=0xc0001d5c04*=0x0, lpOverlapped=0x0) returned 1 [0114.173] CloseHandle (hObject=0x1b8) returned 1 [0114.173] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0114.173] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0114.174] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0114.174] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0114.204] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001d5d04 | out: lpMode=0xc0001d5d04) returned 0 [0114.206] GetFileType (hFile=0xec) returned 0x1 [0114.206] WriteFile (in: hFile=0xec, lpBuffer=0xc00003cb40*, nNumberOfBytesToWrite=0x240, lpNumberOfBytesWritten=0xc0001d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003cb40*, lpNumberOfBytesWritten=0xc0001d5cec*=0x240, lpOverlapped=0x0) returned 1 [0114.207] CloseHandle (hObject=0xec) returned 1 [0114.212] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532c01 | out: pbBuffer=0xc000532c01) returned 1 [0114.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0114.212] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001d5d64 | out: lpMode=0xc0001d5d64) returned 0 [0114.215] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0114.260] GetFileType (hFile=0x174) returned 0x1 [0114.260] WriteFile (in: hFile=0x174, lpBuffer=0xc000040b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000040b00*, lpNumberOfBytesWritten=0xc0001d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.260] CloseHandle (hObject=0x174) returned 1 [0114.265] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBlBV0U[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bblbv0u[1].png"), dwFlags=0x1) returned 1 [0114.462] SwitchToThread () returned 1 [0114.476] SetEvent (hEvent=0x1dc) returned 1 [0114.476] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0114.479] SetEvent (hEvent=0x1dc) returned 1 [0114.479] SetEvent (hEvent=0x1d4) returned 1 [0114.479] SetEvent (hEvent=0x198) returned 1 [0114.479] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0115.682] SetEvent (hEvent=0x114) returned 1 [0115.682] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0115.689] SetEvent (hEvent=0x164) returned 1 [0115.690] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0115.696] SetEvent (hEvent=0x120) returned 1 [0115.696] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0115.705] SetEvent (hEvent=0x13c) returned 1 [0115.705] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0115.721] SetEvent (hEvent=0x198) returned 1 [0115.721] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0115.723] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x228 [0115.724] GetConsoleMode (in: hConsoleHandle=0x228, lpMode=0xc00020fcf4 | out: lpMode=0xc00020fcf4) returned 0 [0115.735] GetFileType (hFile=0x228) returned 0x1 [0115.735] GetFileType (hFile=0x228) returned 0x1 [0115.735] GetFileInformationByHandle (in: hFile=0x228, lpFileInformation=0xc00020fd44 | out: lpFileInformation=0xc00020fd44) returned 1 [0115.735] GetFileInformationByHandleEx (in: hFile=0x228, FileInformationClass=0x9, lpFileInformation=0xc00020fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020fd28) returned 1 [0115.736] ReadFile (in: hFile=0x228, lpBuffer=0xc000294500, nNumberOfBytesToRead=0x4c2, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000294500*, lpNumberOfBytesRead=0xc00020fc04*=0x2c2, lpOverlapped=0x0) returned 1 [0115.739] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0115.888] ReadFile (in: hFile=0x228, lpBuffer=0xc0002947c2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002947c2*, lpNumberOfBytesRead=0xc00020fc04*=0x0, lpOverlapped=0x0) returned 1 [0115.888] CloseHandle (hObject=0x228) returned 1 [0115.888] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0115.888] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0115.937] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0115.956] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00020fd04 | out: lpMode=0xc00020fd04) returned 0 [0115.957] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0116.002] GetFileType (hFile=0x2bc) returned 0x1 [0116.002] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0002c4000*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0xc00020fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002c4000*, lpNumberOfBytesWritten=0xc00020fcec*=0x2d0, lpOverlapped=0x0) returned 1 [0116.004] CloseHandle (hObject=0x2bc) returned 1 [0116.006] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a901 | out: pbBuffer=0xc00031a901) returned 1 [0116.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0116.006] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00020fd64 | out: lpMode=0xc00020fd64) returned 0 [0116.007] GetFileType (hFile=0x2bc) returned 0x1 [0116.007] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc00020fd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.007] CloseHandle (hObject=0x2bc) returned 1 [0116.007] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42eYr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42eyr[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-AA42eYr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-aa42eyr[1].png"), dwFlags=0x1) returned 1 [0116.596] SetEvent (hEvent=0xc0) returned 1 [0116.596] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0116.596] SetEvent (hEvent=0x208) returned 1 [0116.597] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.598] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0116.599] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0116.599] SetEvent (hEvent=0x208) returned 1 [0116.599] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.600] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe30*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.601] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f698, ulCount=0x10, ulNumEntriesRemoved=0x2870f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f698, ulNumEntriesRemoved=0x2870f66c) returned 0 [0116.601] SetEvent (hEvent=0x26c) returned 1 [0116.601] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.602] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe08*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.602] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2870f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2870f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2870f6a0, ulNumEntriesRemoved=0x2870f674) returned 0 [0116.603] SetEvent (hEvent=0x208) returned 1 [0116.603] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2870fe18*=0x100, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.603] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0117.507] SetEvent (hEvent=0x234) returned 1 [0117.507] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0117.519] SetEvent (hEvent=0x120) returned 1 [0117.519] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0117.536] SetEvent (hEvent=0x324) returned 1 [0117.536] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0117.543] SetEvent (hEvent=0x1e8) returned 1 [0117.543] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0117.548] SetEvent (hEvent=0x188) returned 1 [0117.548] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0117.683] SetEvent (hEvent=0x1b4) returned 1 [0117.683] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0117.691] SetEvent (hEvent=0x334) returned 1 [0117.691] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0117.694] SetEvent (hEvent=0x2b0) returned 1 [0117.694] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0117.715] SetEvent (hEvent=0x35c) returned 1 [0117.715] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0117.724] SetEvent (hEvent=0x120) returned 1 [0117.724] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0117.726] SetEvent (hEvent=0x234) returned 1 [0117.726] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0117.734] SetEvent (hEvent=0x264) returned 1 [0117.734] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0117.754] SetEvent (hEvent=0x258) returned 1 [0117.754] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0141.541] SetEvent (hEvent=0x1f8) returned 1 [0141.541] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0141.545] GetFileType (hFile=0x1b0) returned 0x1 [0141.545] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000e4070*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0xc0001b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4070*, lpNumberOfBytesWritten=0xc0001b9cec*=0x70, lpOverlapped=0x0) returned 1 [0142.526] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0143.112] CloseHandle (hObject=0x1b0) returned 1 [0143.112] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0143.112] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0143.112] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001b9d64 | out: lpMode=0xc0001b9d64) returned 0 [0143.116] GetFileType (hFile=0x1b0) returned 0x1 [0143.116] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0006829a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006829a0*, lpNumberOfBytesWritten=0xc0001b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.116] CloseHandle (hObject=0x1b0) returned 1 [0143.116] VirtualAlloc (lpAddress=0xc000654000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000654000 [0143.117] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt"), dwFlags=0x1) returned 1 [0143.119] VirtualFree (lpAddress=0xc0007be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.120] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1701 | out: pbBuffer=0xc0000e1701) returned 1 [0143.120] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0143.120] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00015fd64 | out: lpMode=0xc00015fd64) returned 0 [0143.124] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0144.006] SetEvent (hEvent=0xc0) returned 1 [0144.006] SetEvent (hEvent=0x324) returned 1 [0144.006] GetFileType (hFile=0x1b0) returned 0x1 [0144.006] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0144.739] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc00015fd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.740] CloseHandle (hObject=0x1b0) returned 1 [0144.740] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0144.741] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@api.bing[2].txt"), dwFlags=0x1) returned 1 [0144.743] SetEvent (hEvent=0xac8) returned 1 [0144.743] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0144.752] SetEvent (hEvent=0x1c4) returned 1 [0144.752] SetEvent (hEvent=0x990) returned 1 [0144.752] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0144.754] SetEvent (hEvent=0x1c4) returned 1 [0144.754] SetEvent (hEvent=0x9b8) returned 1 [0144.754] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0144.781] SetEvent (hEvent=0xb80) returned 1 [0144.781] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0144.794] SetEvent (hEvent=0x9b8) returned 1 [0144.794] SetEvent (hEvent=0xb10) returned 1 [0144.794] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0145.273] SetEvent (hEvent=0xc5c) returned 1 [0145.273] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0145.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x880 [0145.320] GetConsoleMode (in: hConsoleHandle=0x880, lpMode=0xc00024bcf4 | out: lpMode=0xc00024bcf4) returned 0 [0145.321] GetFileType (hFile=0x880) returned 0x1 [0145.321] GetFileType (hFile=0x880) returned 0x1 [0145.321] GetFileInformationByHandle (in: hFile=0x880, lpFileInformation=0xc00024bd44 | out: lpFileInformation=0xc00024bd44) returned 1 [0145.321] GetFileInformationByHandleEx (in: hFile=0x880, FileInformationClass=0x9, lpFileInformation=0xc00024bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024bd28) returned 1 [0145.321] ReadFile (in: hFile=0x880, lpBuffer=0xc000260240, nNumberOfBytesToRead=0x204, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000260240*, lpNumberOfBytesRead=0xc00024bc04*=0x4, lpOverlapped=0x0) returned 1 [0145.323] ReadFile (in: hFile=0x880, lpBuffer=0xc000260244, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000260244*, lpNumberOfBytesRead=0xc00024bc04*=0x0, lpOverlapped=0x0) returned 1 [0145.323] CloseHandle (hObject=0x880) returned 1 [0145.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x880 [0145.324] GetConsoleMode (in: hConsoleHandle=0x880, lpMode=0xc00024bd04 | out: lpMode=0xc00024bd04) returned 0 [0145.328] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0145.821] GetFileType (hFile=0x880) returned 0x1 [0145.821] WriteFile (in: hFile=0x880, lpBuffer=0xc000586600*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc00024bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000586600*, lpNumberOfBytesWritten=0xc00024bcec*=0x10, lpOverlapped=0x0) returned 1 [0145.822] CloseHandle (hObject=0x880) returned 1 [0145.822] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0145.823] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x880 [0145.823] GetConsoleMode (in: hConsoleHandle=0x880, lpMode=0xc00024bd64 | out: lpMode=0xc00024bd64) returned 0 [0145.824] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0146.243] SetEvent (hEvent=0xc24) returned 1 [0146.243] GetFileType (hFile=0x880) returned 0x1 [0146.243] WriteFile (in: hFile=0x880, lpBuffer=0xc0000d7600*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7600*, lpNumberOfBytesWritten=0xc00024bd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.243] CloseHandle (hObject=0x880) returned 1 [0146.243] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\encry-Mail Recipient.MAPIMail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\encry-mail recipient.mapimail"), dwFlags=0x1) returned 1 [0146.245] SetEvent (hEvent=0x264) returned 1 [0146.245] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0146.247] SetEvent (hEvent=0xc24) returned 1 [0146.247] VirtualFree (lpAddress=0xc0002a6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.248] VirtualFree (lpAddress=0xc00029a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.249] VirtualFree (lpAddress=0xc00025a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0146.249] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.250] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.251] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.251] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.252] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.253] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.253] SetEvent (hEvent=0xc64) returned 1 [0146.253] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0148.043] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\bmK73ApGWN4iut5fSy.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bmk73apgwn4iut5fsy.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7a0 [0148.044] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0148.045] GetFileType (hFile=0x7a0) returned 0x1 [0148.045] GetFileType (hFile=0x7a0) returned 0x1 [0148.045] GetFileInformationByHandle (in: hFile=0x7a0, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0148.045] GetFileInformationByHandleEx (in: hFile=0x7a0, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0148.045] VirtualAlloc (lpAddress=0xc000556000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000556000 [0148.048] ReadFile (in: hFile=0x7a0, lpBuffer=0xc000556000, nNumberOfBytesToRead=0x61c9, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc000556000*, lpNumberOfBytesRead=0xc000175c04*=0x5fc9, lpOverlapped=0x0) returned 1 [0148.705] ReadFile (in: hFile=0x7a0, lpBuffer=0xc00055bfc9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc00055bfc9*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0148.705] CloseHandle (hObject=0x7a0) returned 1 [0148.706] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0148.707] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\bmK73ApGWN4iut5fSy.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bmk73apgwn4iut5fsy.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x874 [0150.627] GetConsoleMode (in: hConsoleHandle=0x874, lpMode=0xc000175d04 | out: lpMode=0xc000175d04) returned 0 [0150.633] GetFileType (hFile=0x874) returned 0x1 [0150.633] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0150.634] WriteFile (in: hFile=0x874, lpBuffer=0xc0002ca000*, nNumberOfBytesToWrite=0x5fd0, lpNumberOfBytesWritten=0xc000175cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002ca000*, lpNumberOfBytesWritten=0xc000175cec*=0x5fd0, lpOverlapped=0x0) returned 1 [0150.635] CloseHandle (hObject=0x874) returned 1 [0150.732] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0150.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\bmK73ApGWN4iut5fSy.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bmk73apgwn4iut5fsy.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x424 [0150.732] GetConsoleMode (in: hConsoleHandle=0x424, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0150.734] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0150.783] GetFileType (hFile=0x424) returned 0x1 [0150.783] WriteFile (in: hFile=0x424, lpBuffer=0xc000104000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.783] CloseHandle (hObject=0x424) returned 1 [0150.793] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0150.832] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\bmK73ApGWN4iut5fSy.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bmk73apgwn4iut5fsy.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-bmK73ApGWN4iut5fSy.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-bmk73apgwn4iut5fsy.flv"), dwFlags=0x1) returned 1 [0153.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\mEPVZo.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\mepvzo.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5c4 [0153.324] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0001e7cf4 | out: lpMode=0xc0001e7cf4) returned 0 [0153.347] GetFileType (hFile=0x5c4) returned 0x1 [0153.347] GetFileType (hFile=0x5c4) returned 0x1 [0153.347] GetFileInformationByHandle (in: hFile=0x5c4, lpFileInformation=0xc0001e7d44 | out: lpFileInformation=0xc0001e7d44) returned 1 [0153.347] GetFileInformationByHandleEx (in: hFile=0x5c4, FileInformationClass=0x9, lpFileInformation=0xc0001e7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001e7d28) returned 1 [0153.347] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0153.349] ReadFile (in: hFile=0x5c4, lpBuffer=0xc000168000, nNumberOfBytesToRead=0x1de3, lpNumberOfBytesRead=0xc0001e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000168000*, lpNumberOfBytesRead=0xc0001e7c04*=0x1be3, lpOverlapped=0x0) returned 1 [0153.350] ReadFile (in: hFile=0x5c4, lpBuffer=0xc000169be3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000169be3*, lpNumberOfBytesRead=0xc0001e7c04*=0x0, lpOverlapped=0x0) returned 1 [0153.350] CloseHandle (hObject=0x5c4) returned 1 [0153.350] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0153.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\mEPVZo.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\mepvzo.pps"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0153.352] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0001e7d04 | out: lpMode=0xc0001e7d04) returned 0 [0153.356] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0153.364] GetFileType (hFile=0x5c4) returned 0x1 [0153.364] WriteFile (in: hFile=0x5c4, lpBuffer=0xc00016a000*, nNumberOfBytesToWrite=0x1bf0, lpNumberOfBytesWritten=0xc0001e7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesWritten=0xc0001e7cec*=0x1bf0, lpOverlapped=0x0) returned 1 [0153.366] CloseHandle (hObject=0x5c4) returned 1 [0153.366] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1601 | out: pbBuffer=0xc0000e1601) returned 1 [0153.366] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\mEPVZo.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\mepvzo.pps"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0153.367] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0001e7d64 | out: lpMode=0xc0001e7d64) returned 0 [0153.375] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0153.410] GetFileType (hFile=0x5c4) returned 0x1 [0153.410] WriteFile (in: hFile=0x5c4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001e7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0001e7d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.411] CloseHandle (hObject=0x5c4) returned 1 [0153.411] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\mEPVZo.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\mepvzo.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\encry-mEPVZo.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\encry-mepvzo.pps"), dwFlags=0x1) returned 1 [0153.416] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0153.418] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0153.450] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0153.451] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0153.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\C 8U8ApsNoX.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\c 8u8apsnox.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5c4 [0153.454] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc000469cf4 | out: lpMode=0xc000469cf4) returned 0 [0153.468] GetFileType (hFile=0x5c4) returned 0x1 [0153.468] GetFileType (hFile=0x5c4) returned 0x1 [0153.468] GetFileInformationByHandle (in: hFile=0x5c4, lpFileInformation=0xc000469d44 | out: lpFileInformation=0xc000469d44) returned 1 [0153.468] GetFileInformationByHandleEx (in: hFile=0x5c4, FileInformationClass=0x9, lpFileInformation=0xc000469d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000469d28) returned 1 [0153.468] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0153.470] VirtualAlloc (lpAddress=0xc000356000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000356000 [0153.476] ReadFile (in: hFile=0x5c4, lpBuffer=0xc000356000, nNumberOfBytesToRead=0x1804e, lpNumberOfBytesRead=0xc000469c04, lpOverlapped=0x0 | out: lpBuffer=0xc000356000*, lpNumberOfBytesRead=0xc000469c04*=0x17e4e, lpOverlapped=0x0) returned 1 [0153.478] ReadFile (in: hFile=0x5c4, lpBuffer=0xc00036de4e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000469c04, lpOverlapped=0x0 | out: lpBuffer=0xc00036de4e*, lpNumberOfBytesRead=0xc000469c04*=0x0, lpOverlapped=0x0) returned 1 [0153.478] CloseHandle (hObject=0x5c4) returned 1 [0153.479] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0153.480] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0153.481] VirtualAlloc (lpAddress=0xc0004a8000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004a8000 [0153.486] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\C 8U8ApsNoX.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\c 8u8apsnox.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0153.489] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc000469d04 | out: lpMode=0xc000469d04) returned 0 [0153.491] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0153.525] GetFileType (hFile=0x5c4) returned 0x1 [0153.525] WriteFile (in: hFile=0x5c4, lpBuffer=0xc0004a8000*, nNumberOfBytesToWrite=0x17e50, lpNumberOfBytesWritten=0xc000469cec, lpOverlapped=0x0 | out: lpBuffer=0xc0004a8000*, lpNumberOfBytesWritten=0xc000469cec*=0x17e50, lpOverlapped=0x0) returned 1 [0153.529] CloseHandle (hObject=0x5c4) returned 1 [0153.529] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0153.529] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0153.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\C 8U8ApsNoX.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\c 8u8apsnox.pdf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0153.531] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc000469d64 | out: lpMode=0xc000469d64) returned 0 [0153.537] GetFileType (hFile=0x5c4) returned 0x1 [0153.538] WriteFile (in: hFile=0x5c4, lpBuffer=0xc0002851e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000469d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002851e0*, lpNumberOfBytesWritten=0xc000469d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.538] CloseHandle (hObject=0x5c4) returned 1 [0153.538] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0153.539] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0153.540] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\C 8U8ApsNoX.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\c 8u8apsnox.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\encry-C 8U8ApsNoX.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\encry-c 8u8apsnox.pdf"), dwFlags=0x1) returned 1 [0153.544] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0153.545] SetEvent (hEvent=0x9f0) returned 1 [0153.545] SetEvent (hEvent=0x208) returned 1 [0153.545] VirtualFree (lpAddress=0xc000346000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0153.547] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0153.549] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.550] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.550] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.551] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\_wc27dzsWvOBAVe.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\_wc27dzswvobave.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x678 [0153.553] GetConsoleMode (in: hConsoleHandle=0x678, lpMode=0xc000451cf4 | out: lpMode=0xc000451cf4) returned 0 [0153.554] GetFileType (hFile=0x678) returned 0x1 [0153.554] GetFileType (hFile=0x678) returned 0x1 [0153.554] GetFileInformationByHandle (in: hFile=0x678, lpFileInformation=0xc000451d44 | out: lpFileInformation=0xc000451d44) returned 1 [0153.554] GetFileInformationByHandleEx (in: hFile=0x678, FileInformationClass=0x9, lpFileInformation=0xc000451d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000451d28) returned 1 [0153.555] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0153.558] ReadFile (in: hFile=0x678, lpBuffer=0xc000230000, nNumberOfBytesToRead=0xac39, lpNumberOfBytesRead=0xc000451c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc000451c04*=0xaa39, lpOverlapped=0x0) returned 1 [0153.560] ReadFile (in: hFile=0x678, lpBuffer=0xc00023aa39, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000451c04, lpOverlapped=0x0 | out: lpBuffer=0xc00023aa39*, lpNumberOfBytesRead=0xc000451c04*=0x0, lpOverlapped=0x0) returned 1 [0153.560] CloseHandle (hObject=0x678) returned 1 [0153.560] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0153.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\_wc27dzsWvOBAVe.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\_wc27dzswvobave.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x678 [0153.565] GetConsoleMode (in: hConsoleHandle=0x678, lpMode=0xc000451d04 | out: lpMode=0xc000451d04) returned 0 [0153.577] GetFileType (hFile=0x678) returned 0x1 [0153.577] WriteFile (in: hFile=0x678, lpBuffer=0xc0002e2000*, nNumberOfBytesToWrite=0xaa40, lpNumberOfBytesWritten=0xc000451cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesWritten=0xc000451cec*=0xaa40, lpOverlapped=0x0) returned 1 [0153.584] CloseHandle (hObject=0x678) returned 1 [0153.584] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0153.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\_wc27dzsWvOBAVe.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\_wc27dzswvobave.rtf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x678 [0153.585] GetConsoleMode (in: hConsoleHandle=0x678, lpMode=0xc000451d64 | out: lpMode=0xc000451d64) returned 0 [0153.607] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0153.616] GetFileType (hFile=0x678) returned 0x1 [0153.616] WriteFile (in: hFile=0x678, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000451d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc000451d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.616] CloseHandle (hObject=0x678) returned 1 [0153.616] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\_wc27dzsWvOBAVe.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\_wc27dzswvobave.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\encry-_wc27dzsWvOBAVe.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\encry-_wc27dzswvobave.rtf"), dwFlags=0x1) returned 1 [0153.618] SwitchToThread () returned 1 [0153.630] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0153.749] GetFileType (hFile=0x4d8) returned 0x1 [0153.749] WriteFile (in: hFile=0x4d8, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00042dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00042dd4c*=0x158, lpOverlapped=0x0) returned 1 [0153.750] CloseHandle (hObject=0x4d8) returned 1 [0153.750] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\CBj_-_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\cbj_-_.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\encry-CBj_-_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\encry-cbj_-_.docx"), dwFlags=0x1) returned 1 [0153.752] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0153.753] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0153.755] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0153.756] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0153.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\2SDE9RzJoWYu4.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\2sde9rzjowyu4.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4d8 [0153.759] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc0002dbcf4 | out: lpMode=0xc0002dbcf4) returned 0 [0153.777] GetFileType (hFile=0x4d8) returned 0x1 [0153.777] GetFileType (hFile=0x4d8) returned 0x1 [0153.777] GetFileInformationByHandle (in: hFile=0x4d8, lpFileInformation=0xc0002dbd44 | out: lpFileInformation=0xc0002dbd44) returned 1 [0153.777] GetFileInformationByHandleEx (in: hFile=0x4d8, FileInformationClass=0x9, lpFileInformation=0xc0002dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002dbd28) returned 1 [0153.777] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0153.782] ReadFile (in: hFile=0x4d8, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x12d0e, lpNumberOfBytesRead=0xc0002dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc0002dbc04*=0x12b0e, lpOverlapped=0x0) returned 1 [0153.785] ReadFile (in: hFile=0x4d8, lpBuffer=0xc000358b0e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000358b0e*, lpNumberOfBytesRead=0xc0002dbc04*=0x0, lpOverlapped=0x0) returned 1 [0153.785] CloseHandle (hObject=0x4d8) returned 1 [0153.785] VirtualAlloc (lpAddress=0xc00035a000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00035a000 [0153.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\2SDE9RzJoWYu4.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\2sde9rzjowyu4.pps"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8 [0153.792] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc0002dbd04 | out: lpMode=0xc0002dbd04) returned 0 [0153.826] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0153.829] GetFileType (hFile=0x4d8) returned 0x1 [0153.829] WriteFile (in: hFile=0x4d8, lpBuffer=0xc00035a000*, nNumberOfBytesToWrite=0x12b10, lpNumberOfBytesWritten=0xc0002dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00035a000*, lpNumberOfBytesWritten=0xc0002dbcec*=0x12b10, lpOverlapped=0x0) returned 1 [0153.833] CloseHandle (hObject=0x4d8) returned 1 [0153.833] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0153.833] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0153.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\2SDE9RzJoWYu4.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\2sde9rzjowyu4.pps"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8 [0153.835] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc0002dbd64 | out: lpMode=0xc0002dbd64) returned 0 [0153.858] GetFileType (hFile=0x4d8) returned 0x1 [0153.858] WriteFile (in: hFile=0x4d8, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0002dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0153.858] CloseHandle (hObject=0x4d8) returned 1 [0153.858] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0153.860] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0153.861] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\2SDE9RzJoWYu4.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\2sde9rzjowyu4.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\encry-2SDE9RzJoWYu4.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\encry-2sde9rzjowyu4.pps"), dwFlags=0x1) returned 1 [0153.864] VirtualFree (lpAddress=0xc00058e000, dwSize=0x44000, dwFreeType=0x4000) returned 1 [0153.868] VirtualFree (lpAddress=0xc000346000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0153.870] VirtualFree (lpAddress=0xc000230000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0153.871] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.872] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.873] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0153.874] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.875] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.876] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0153.877] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.878] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.879] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.880] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.881] VirtualFree (lpAddress=0xc000050000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0153.882] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\If v7 jC2QExN6bjyff.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\if v7 jc2qexn6bjyff.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4d8 [0153.884] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc0000f7cf4 | out: lpMode=0xc0000f7cf4) returned 0 [0153.893] GetFileType (hFile=0x4d8) returned 0x1 [0153.893] GetFileType (hFile=0x4d8) returned 0x1 [0153.894] GetFileInformationByHandle (in: hFile=0x4d8, lpFileInformation=0xc0000f7d44 | out: lpFileInformation=0xc0000f7d44) returned 1 [0153.894] GetFileInformationByHandleEx (in: hFile=0x4d8, FileInformationClass=0x9, lpFileInformation=0xc0000f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f7d28) returned 1 [0153.894] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0153.898] ReadFile (in: hFile=0x4d8, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x42bd, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc0000f7c04*=0x40bd, lpOverlapped=0x0) returned 1 [0153.900] ReadFile (in: hFile=0x4d8, lpBuffer=0xc00034a0bd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00034a0bd*, lpNumberOfBytesRead=0xc0000f7c04*=0x0, lpOverlapped=0x0) returned 1 [0153.900] CloseHandle (hObject=0x4d8) returned 1 [0153.900] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\If v7 jC2QExN6bjyff.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\if v7 jc2qexn6bjyff.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8 [0153.902] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc0000f7d04 | out: lpMode=0xc0000f7d04) returned 0 [0153.936] GetFileType (hFile=0x4d8) returned 0x1 [0153.936] WriteFile (in: hFile=0x4d8, lpBuffer=0xc00034a800*, nNumberOfBytesToWrite=0x40c0, lpNumberOfBytesWritten=0xc0000f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00034a800*, lpNumberOfBytesWritten=0xc0000f7cec*=0x40c0, lpOverlapped=0x0) returned 1 [0153.938] CloseHandle (hObject=0x4d8) returned 1 [0153.938] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0153.939] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\If v7 jC2QExN6bjyff.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\if v7 jc2qexn6bjyff.doc"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8 [0153.939] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc0000f7d64 | out: lpMode=0xc0000f7d64) returned 0 [0153.968] GetFileType (hFile=0x4d8) returned 0x1 [0153.968] WriteFile (in: hFile=0x4d8, lpBuffer=0xc000284b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284b00*, lpNumberOfBytesWritten=0xc0000f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.969] CloseHandle (hObject=0x4d8) returned 1 [0153.969] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0153.970] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0153.972] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0153.973] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\If v7 jC2QExN6bjyff.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\if v7 jc2qexn6bjyff.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\encry-If v7 jC2QExN6bjyff.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\encry-if v7 jc2qexn6bjyff.doc"), dwFlags=0x1) returned 1 [0153.975] SwitchToThread () returned 1 [0153.979] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.034] SwitchToThread () returned 1 [0154.080] SetEvent (hEvent=0x9f0) returned 1 [0154.080] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.084] SetEvent (hEvent=0x9a8) returned 1 [0154.084] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.089] SwitchToThread () returned 1 [0154.105] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.145] SetEvent (hEvent=0x9f0) returned 1 [0154.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1nIT0zLa0lEY24O0.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1nit0zla0ley24o0.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0154.146] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000389cf4 | out: lpMode=0xc000389cf4) returned 0 [0154.156] GetFileType (hFile=0x2bc) returned 0x1 [0154.156] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0154.158] GetFileType (hFile=0x2bc) returned 0x1 [0154.158] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000389d44 | out: lpFileInformation=0xc000389d44) returned 1 [0154.159] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000389d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000389d28) returned 1 [0154.159] VirtualAlloc (lpAddress=0xc0004a8000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004a8000 [0154.165] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0004a8000, nNumberOfBytesToRead=0x16a60, lpNumberOfBytesRead=0xc000389c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004a8000*, lpNumberOfBytesRead=0xc000389c04*=0x16860, lpOverlapped=0x0) returned 1 [0154.167] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0004be860, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000389c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004be860*, lpNumberOfBytesRead=0xc000389c04*=0x0, lpOverlapped=0x0) returned 1 [0154.168] CloseHandle (hObject=0x2bc) returned 1 [0154.168] VirtualAlloc (lpAddress=0xc0004e0000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004e0000 [0154.177] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1nIT0zLa0lEY24O0.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1nit0zla0ley24o0.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0154.179] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000389d04 | out: lpMode=0xc000389d04) returned 0 [0154.192] GetFileType (hFile=0x2bc) returned 0x1 [0154.193] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0004e0000*, nNumberOfBytesToWrite=0x16870, lpNumberOfBytesWritten=0xc000389cec, lpOverlapped=0x0 | out: lpBuffer=0xc0004e0000*, lpNumberOfBytesWritten=0xc000389cec*=0x16870, lpOverlapped=0x0) returned 1 [0154.197] CloseHandle (hObject=0x2bc) returned 1 [0154.197] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0154.197] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0154.199] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0154.200] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0154.201] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1nIT0zLa0lEY24O0.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1nit0zla0ley24o0.swf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0154.201] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000389d64 | out: lpMode=0xc000389d64) returned 0 [0154.217] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.220] GetFileType (hFile=0x2bc) returned 0x1 [0154.220] WriteFile (in: hFile=0x2bc, lpBuffer=0xc000104580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000389d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104580*, lpNumberOfBytesWritten=0xc000389d4c*=0x158, lpOverlapped=0x0) returned 1 [0154.220] CloseHandle (hObject=0x2bc) returned 1 [0154.221] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0154.222] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1nIT0zLa0lEY24O0.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1nit0zla0ley24o0.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-1nIT0zLa0lEY24O0.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-1nit0zla0ley24o0.swf"), dwFlags=0x1) returned 1 [0154.225] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.320] GetFileType (hFile=0x770) returned 0x1 [0154.320] WriteFile (in: hFile=0x770, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x8460, lpNumberOfBytesWritten=0xc0003ebcec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc0003ebcec*=0x8460, lpOverlapped=0x0) returned 1 [0154.323] CloseHandle (hObject=0x770) returned 1 [0154.324] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0154.324] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\IekXS.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\iekxs.swf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x770 [0154.324] GetConsoleMode (in: hConsoleHandle=0x770, lpMode=0xc0003ebd64 | out: lpMode=0xc0003ebd64) returned 0 [0154.334] GetFileType (hFile=0x770) returned 0x1 [0154.335] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0154.336] WriteFile (in: hFile=0x770, lpBuffer=0xc000104000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003ebd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesWritten=0xc0003ebd4c*=0x158, lpOverlapped=0x0) returned 1 [0154.337] CloseHandle (hObject=0x770) returned 1 [0154.337] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0154.338] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0154.339] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0154.341] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0154.342] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\IekXS.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\iekxs.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\encry-IekXS.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\encry-iekxs.swf"), dwFlags=0x1) returned 1 [0154.345] SwitchToThread () returned 1 [0154.347] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.357] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.359] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.361] SetEvent (hEvent=0x9f0) returned 1 [0154.361] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.363] SetEvent (hEvent=0x9f0) returned 1 [0154.363] SetEvent (hEvent=0x43c) returned 1 [0154.363] SetEvent (hEvent=0x8d0) returned 1 [0154.363] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.393] GetFileType (hFile=0x79c) returned 0x1 [0154.393] WriteFile (in: hFile=0x79c, lpBuffer=0xc00028f500*, nNumberOfBytesToWrite=0x3250, lpNumberOfBytesWritten=0xc000413cec, lpOverlapped=0x0 | out: lpBuffer=0xc00028f500*, lpNumberOfBytesWritten=0xc000413cec*=0x3250, lpOverlapped=0x0) returned 1 [0154.395] CloseHandle (hObject=0x79c) returned 1 [0154.395] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0154.397] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0154.397] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0154.398] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\98_inOjtBT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\98_inojtbt.bmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0154.399] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc000413d64 | out: lpMode=0xc000413d64) returned 0 [0154.443] SwitchToThread () returned 1 [0154.444] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.448] GetFileType (hFile=0x79c) returned 0x1 [0154.448] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.459] WriteFile (in: hFile=0x79c, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000413d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000413d4c*=0x158, lpOverlapped=0x0) returned 1 [0154.460] CloseHandle (hObject=0x79c) returned 1 [0154.460] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\98_inOjtBT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\98_inojtbt.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\encry-98_inOjtBT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\encry-98_inojtbt.bmp"), dwFlags=0x1) returned 1 [0154.462] SwitchToThread () returned 1 [0154.464] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.467] SetEvent (hEvent=0x9f0) returned 1 [0154.467] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.469] SetEvent (hEvent=0x9f0) returned 1 [0154.469] SetEvent (hEvent=0x8d0) returned 1 [0154.469] SetEvent (hEvent=0x43c) returned 1 [0154.469] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.484] GetFileType (hFile=0x768) returned 0x1 [0154.484] GetFileType (hFile=0x768) returned 0x1 [0154.485] GetFileInformationByHandle (in: hFile=0x768, lpFileInformation=0xc00043fd44 | out: lpFileInformation=0xc00043fd44) returned 1 [0154.485] GetFileInformationByHandleEx (in: hFile=0x768, FileInformationClass=0x9, lpFileInformation=0xc00043fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00043fd28) returned 1 [0154.485] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0154.486] ReadFile (in: hFile=0x768, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x392, lpNumberOfBytesRead=0xc00043fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc00043fc04*=0x192, lpOverlapped=0x0) returned 1 [0154.491] ReadFile (in: hFile=0x768, lpBuffer=0xc00006c192, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00043fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c192*, lpNumberOfBytesRead=0xc00043fc04*=0x0, lpOverlapped=0x0) returned 1 [0154.492] CloseHandle (hObject=0x768) returned 1 [0154.492] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0154.495] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0154.501] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0154.502] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0154.509] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini\\*", lpFindFileData=0xc00043fa08 | out: lpFindFileData=0xc00043fa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0154.519] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00043f720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0154.520] WriteFile (in: hFile=0x748, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001cbd4c*=0x158, lpOverlapped=0x0) returned 1 [0154.520] CloseHandle (hObject=0x748) returned 1 [0154.521] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0154.523] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vdvT1tPyjbv-YZK70.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vdvt1tpyjbv-yzk70.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-vdvT1tPyjbv-YZK70.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-vdvt1tpyjbv-yzk70.m4a"), dwFlags=0x1) returned 1 [0154.525] GetFileType (hFile=0x5a0) returned 0x1 [0154.526] WriteFile (in: hFile=0x5a0, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000273d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000273d4c*=0x158, lpOverlapped=0x0) returned 1 [0154.526] CloseHandle (hObject=0x5a0) returned 1 [0154.526] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\encry-lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\encry-lulcit amkdfe.contact"), dwFlags=0x1) returned 1 [0154.528] GetFileType (hFile=0x2fc) returned 0x1 [0154.528] WriteFile (in: hFile=0x2fc, lpBuffer=0xc0002ae000*, nNumberOfBytesToWrite=0x95f0, lpNumberOfBytesWritten=0xc0001f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002ae000*, lpNumberOfBytesWritten=0xc0001f3cec*=0x95f0, lpOverlapped=0x0) returned 1 [0154.531] CloseHandle (hObject=0x2fc) returned 1 [0154.532] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0154.532] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0154.533] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0154.535] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KPl98.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kpl98.mp4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0154.535] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc0001f3d64 | out: lpMode=0xc0001f3d64) returned 0 [0154.552] GetFileType (hFile=0x2fc) returned 0x1 [0154.552] WriteFile (in: hFile=0x2fc, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc0001f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0154.553] CloseHandle (hObject=0x2fc) returned 1 [0154.554] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KPl98.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kpl98.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-KPl98.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-kpl98.mp4"), dwFlags=0x1) returned 1 [0154.556] SwitchToThread () returned 1 [0154.594] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.730] SetEvent (hEvent=0x8d0) returned 1 [0154.730] VirtualFree (lpAddress=0xc00032a000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0154.732] VirtualFree (lpAddress=0xc0002ae000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0154.734] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0154.735] VirtualFree (lpAddress=0xc000072000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0154.736] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0154.737] VirtualFree (lpAddress=0xc000058000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0154.738] VirtualFree (lpAddress=0xc000050000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0154.740] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.740] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.742] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0154.743] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0154.744] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0154.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0154.745] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\*", lpFindFileData=0xc0000696e0 | out: lpFindFileData=0xc0000696e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0154.773] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.773] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0154.774] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0154.774] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0154.774] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0154.774] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0154.774] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.774] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0154.776] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0154.778] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0154.779] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0154.782] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0154.784] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0154.784] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0154.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0154.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86)) returned 1 [0154.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0154.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0154.786] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\*", lpFindFileData=0xc0000696e0 | out: lpFindFileData=0xc0000696e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0154.793] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.862] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0154.862] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get Windows Live.url", cAlternateFileName="GETWIN~1.URL")) returned 1 [0154.862] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Gallery.url", cAlternateFileName="WINDOW~2.URL")) returned 1 [0154.862] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Mail.url", cAlternateFileName="WINDOW~1.URL")) returned 1 [0154.862] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 1 [0154.862] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0154.863] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0154.864] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0154.896] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0154.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0154.991] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0155.120] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0155.121] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0155.154] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192)) returned 1 [0155.154] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links"), fInfoLevelId=0x0, lpFileInformation=0xc000069a00 | out: lpFileInformation=0xc000069a00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.154] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.155] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\*", lpFindFileData=0xc0000697b8 | out: lpFindFileData=0xc0000697b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.155] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.155] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0155.155] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0155.155] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0155.155] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0155.155] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.155] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.156] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1e6)) returned 1 [0155.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3a1)) returned 1 [0155.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b)) returned 1 [0155.204] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0155.288] SetEvent (hEvent=0xc0) returned 1 [0155.288] SetEvent (hEvent=0x9e8) returned 1 [0155.288] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x244)) returned 1 [0155.288] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0155.399] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings"), fInfoLevelId=0x0, lpFileInformation=0xc000069a00 | out: lpFileInformation=0xc000069a00*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0155.399] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x5a0 [0155.399] GetFileInformationByHandle (in: hFile=0x5a0, lpFileInformation=0xc000069954 | out: lpFileInformation=0xc000069954) returned 1 [0155.399] GetFileInformationByHandleEx (in: hFile=0x5a0, FileInformationClass=0x9, lpFileInformation=0xc000069938, dwBufferSize=0x8 | out: lpFileInformation=0xc000069938) returned 1 [0155.399] CloseHandle (hObject=0x5a0) returned 1 [0155.400] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music"), fInfoLevelId=0x0, lpFileInformation=0xc000069a00 | out: lpFileInformation=0xc000069a00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdb96a8a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdb96a8a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.400] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.400] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*", lpFindFileData=0xc0000697b8 | out: lpFindFileData=0xc0000697b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdb96a8a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdb96a8a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.400] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdb96a8a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdb96a8a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.400] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3012910, ftCreationTime.dwHighDateTime=0x1d5e24d, ftLastAccessTime.dwLowDateTime=0xd65700a0, ftLastAccessTime.dwHighDateTime=0x1d5db6a, ftLastWriteTime.dwLowDateTime=0xd65700a0, ftLastWriteTime.dwHighDateTime=0x1d5db6a, nFileSizeHigh=0x0, nFileSizeLow=0x133a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="4qXpp.m4a", cAlternateFileName="")) returned 1 [0155.400] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x703f0c80, ftCreationTime.dwHighDateTime=0x1d5d86e, ftLastAccessTime.dwLowDateTime=0x7dd03080, ftLastAccessTime.dwHighDateTime=0x1d5e337, ftLastWriteTime.dwLowDateTime=0x7dd03080, ftLastWriteTime.dwHighDateTime=0x1d5e337, nFileSizeHigh=0x0, nFileSizeLow=0x150d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="9voZIQI2Tpt4.m4a", cAlternateFileName="9VOZIQ~1.M4A")) returned 1 [0155.400] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0155.400] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9be43ff0, ftCreationTime.dwHighDateTime=0x1d5e1cd, ftLastAccessTime.dwLowDateTime=0x480a060, ftLastAccessTime.dwHighDateTime=0x1d5dfb9, ftLastWriteTime.dwLowDateTime=0x480a060, ftLastWriteTime.dwHighDateTime=0x1d5dfb9, nFileSizeHigh=0x0, nFileSizeLow=0x3fb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="jAmwdJv M_4HsdxN0p.wav", cAlternateFileName="JAMWDJ~1.WAV")) returned 1 [0155.400] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a562af0, ftCreationTime.dwHighDateTime=0x1d5e789, ftLastAccessTime.dwLowDateTime=0x4ff9de80, ftLastAccessTime.dwHighDateTime=0x1d5e126, ftLastWriteTime.dwLowDateTime=0x4ff9de80, ftLastWriteTime.dwHighDateTime=0x1d5e126, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lS65fyrP8XMrnQyKww", cAlternateFileName="LS65FY~1")) returned 1 [0155.401] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b66f620, ftCreationTime.dwHighDateTime=0x1d5ddd5, ftLastAccessTime.dwLowDateTime=0xe8602090, ftLastAccessTime.dwHighDateTime=0x1d5d9f0, ftLastWriteTime.dwLowDateTime=0xe8602090, ftLastWriteTime.dwHighDateTime=0x1d5d9f0, nFileSizeHigh=0x0, nFileSizeLow=0x12054, dwReserved0=0x0, dwReserved1=0x0, cFileName="RgWfaxbyNSn.wav", cAlternateFileName="RGWFAX~1.WAV")) returned 1 [0155.401] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0b69b10, ftCreationTime.dwHighDateTime=0x1d5da98, ftLastAccessTime.dwLowDateTime=0x776f6ed0, ftLastAccessTime.dwHighDateTime=0x1d5e32e, ftLastWriteTime.dwLowDateTime=0x776f6ed0, ftLastWriteTime.dwHighDateTime=0x1d5e32e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="X cLPSc5bC0q", cAlternateFileName="XCLPSC~1")) returned 1 [0155.401] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e421860, ftCreationTime.dwHighDateTime=0x1d5e5bf, ftLastAccessTime.dwLowDateTime=0xf47c8f30, ftLastAccessTime.dwHighDateTime=0x1d5d8e2, ftLastWriteTime.dwLowDateTime=0xf47c8f30, ftLastWriteTime.dwHighDateTime=0x1d5d8e2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XOJvpFkLvx0P7joh8C", cAlternateFileName="XOJVPF~1")) returned 1 [0155.401] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.401] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.401] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4qXpp.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4qxpp.m4a"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3012910, ftCreationTime.dwHighDateTime=0x1d5e24d, ftLastAccessTime.dwLowDateTime=0xd65700a0, ftLastAccessTime.dwHighDateTime=0x1d5db6a, ftLastWriteTime.dwLowDateTime=0xd65700a0, ftLastWriteTime.dwHighDateTime=0x1d5db6a, nFileSizeHigh=0x0, nFileSizeLow=0x133a7)) returned 1 [0155.401] VirtualAlloc (lpAddress=0xc00028e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028e000 [0155.402] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0155.404] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\9voZIQI2Tpt4.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\9voziqi2tpt4.m4a"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x703f0c80, ftCreationTime.dwHighDateTime=0x1d5d86e, ftLastAccessTime.dwLowDateTime=0x7dd03080, ftLastAccessTime.dwHighDateTime=0x1d5e337, ftLastWriteTime.dwLowDateTime=0x7dd03080, ftLastWriteTime.dwHighDateTime=0x1d5e337, nFileSizeHigh=0x0, nFileSizeLow=0x150d7)) returned 1 [0155.404] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0155.405] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RgWfaxbyNSn.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rgwfaxbynsn.wav"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b66f620, ftCreationTime.dwHighDateTime=0x1d5ddd5, ftLastAccessTime.dwLowDateTime=0xe8602090, ftLastAccessTime.dwHighDateTime=0x1d5d9f0, ftLastWriteTime.dwLowDateTime=0xe8602090, ftLastWriteTime.dwHighDateTime=0x1d5d9f0, nFileSizeHigh=0x0, nFileSizeLow=0x12054)) returned 1 [0155.406] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0b69b10, ftCreationTime.dwHighDateTime=0x1d5da98, ftLastAccessTime.dwLowDateTime=0x776f6ed0, ftLastAccessTime.dwHighDateTime=0x1d5e32e, ftLastWriteTime.dwLowDateTime=0x776f6ed0, ftLastWriteTime.dwHighDateTime=0x1d5e32e, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.406] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\*", lpFindFileData=0xc0000696e0 | out: lpFindFileData=0xc0000696e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0b69b10, ftCreationTime.dwHighDateTime=0x1d5da98, ftLastAccessTime.dwLowDateTime=0x776f6ed0, ftLastAccessTime.dwHighDateTime=0x1d5e32e, ftLastWriteTime.dwLowDateTime=0x776f6ed0, ftLastWriteTime.dwHighDateTime=0x1d5e32e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.406] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd0b69b10, ftCreationTime.dwHighDateTime=0x1d5da98, ftLastAccessTime.dwLowDateTime=0x776f6ed0, ftLastAccessTime.dwHighDateTime=0x1d5e32e, ftLastWriteTime.dwLowDateTime=0x776f6ed0, ftLastWriteTime.dwHighDateTime=0x1d5e32e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.406] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbe222b00, ftCreationTime.dwHighDateTime=0x1d5e429, ftLastAccessTime.dwLowDateTime=0x13756420, ftLastAccessTime.dwHighDateTime=0x1d5e581, ftLastWriteTime.dwLowDateTime=0x13756420, ftLastWriteTime.dwHighDateTime=0x1d5e581, nFileSizeHigh=0x0, nFileSizeLow=0x100b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="4pWNhvf6lh.mp3", cAlternateFileName="4PWNHV~1.MP3")) returned 1 [0155.406] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8341e490, ftCreationTime.dwHighDateTime=0x1d5e14e, ftLastAccessTime.dwLowDateTime=0x71785280, ftLastAccessTime.dwHighDateTime=0x1d5e374, ftLastWriteTime.dwLowDateTime=0x71785280, ftLastWriteTime.dwHighDateTime=0x1d5e374, nFileSizeHigh=0x0, nFileSizeLow=0x5215, dwReserved0=0x0, dwReserved1=0x0, cFileName="ed_BIDg3.wav", cAlternateFileName="")) returned 1 [0155.406] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6e4cafc0, ftCreationTime.dwHighDateTime=0x1d5e29d, ftLastAccessTime.dwLowDateTime=0xfa834fb0, ftLastAccessTime.dwHighDateTime=0x1d5da0c, ftLastWriteTime.dwLowDateTime=0xfa834fb0, ftLastWriteTime.dwHighDateTime=0x1d5da0c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eZAa8LdzP4i7tw-W_U", cAlternateFileName="EZAA8L~1")) returned 1 [0155.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1afd210, ftCreationTime.dwHighDateTime=0x1d5e046, ftLastAccessTime.dwLowDateTime=0x9b800ac0, ftLastAccessTime.dwHighDateTime=0x1d5e06b, ftLastWriteTime.dwLowDateTime=0x9b800ac0, ftLastWriteTime.dwHighDateTime=0x1d5e06b, nFileSizeHigh=0x0, nFileSizeLow=0xc0fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="KblR1WYH.mp3", cAlternateFileName="")) returned 1 [0155.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.407] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.407] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\4pWNhvf6lh.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\4pwnhvf6lh.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbe222b00, ftCreationTime.dwHighDateTime=0x1d5e429, ftLastAccessTime.dwLowDateTime=0x13756420, ftLastAccessTime.dwHighDateTime=0x1d5e581, ftLastWriteTime.dwLowDateTime=0x13756420, ftLastWriteTime.dwHighDateTime=0x1d5e581, nFileSizeHigh=0x0, nFileSizeLow=0x100b7)) returned 1 [0155.407] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\KblR1WYH.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\kblr1wyh.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1afd210, ftCreationTime.dwHighDateTime=0x1d5e046, ftLastAccessTime.dwLowDateTime=0x9b800ac0, ftLastAccessTime.dwHighDateTime=0x1d5e06b, ftLastWriteTime.dwLowDateTime=0x9b800ac0, ftLastWriteTime.dwHighDateTime=0x1d5e06b, nFileSizeHigh=0x0, nFileSizeLow=0xc0fd)) returned 1 [0155.407] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6e4cafc0, ftCreationTime.dwHighDateTime=0x1d5e29d, ftLastAccessTime.dwLowDateTime=0xfa834fb0, ftLastAccessTime.dwHighDateTime=0x1d5da0c, ftLastWriteTime.dwLowDateTime=0xfa834fb0, ftLastWriteTime.dwHighDateTime=0x1d5da0c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.407] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.407] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\*", lpFindFileData=0xc000069608 | out: lpFindFileData=0xc000069608*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6e4cafc0, ftCreationTime.dwHighDateTime=0x1d5e29d, ftLastAccessTime.dwLowDateTime=0xfa834fb0, ftLastAccessTime.dwHighDateTime=0x1d5da0c, ftLastWriteTime.dwLowDateTime=0xfa834fb0, ftLastWriteTime.dwHighDateTime=0x1d5da0c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.409] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6e4cafc0, ftCreationTime.dwHighDateTime=0x1d5e29d, ftLastAccessTime.dwLowDateTime=0xfa834fb0, ftLastAccessTime.dwHighDateTime=0x1d5da0c, ftLastWriteTime.dwLowDateTime=0xfa834fb0, ftLastWriteTime.dwHighDateTime=0x1d5da0c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.409] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8566e020, ftCreationTime.dwHighDateTime=0x1d5e56f, ftLastAccessTime.dwLowDateTime=0x269cf140, ftLastAccessTime.dwHighDateTime=0x1d5e7c9, ftLastWriteTime.dwLowDateTime=0x269cf140, ftLastWriteTime.dwHighDateTime=0x1d5e7c9, nFileSizeHigh=0x0, nFileSizeLow=0x49a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="7A0bSuhSHPgM.wav", cAlternateFileName="7A0BSU~1.WAV")) returned 1 [0155.409] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x720e2e30, ftCreationTime.dwHighDateTime=0x1d5df74, ftLastAccessTime.dwLowDateTime=0xf32520, ftLastAccessTime.dwHighDateTime=0x1d5dadd, ftLastWriteTime.dwLowDateTime=0xf32520, ftLastWriteTime.dwHighDateTime=0x1d5dadd, nFileSizeHigh=0x0, nFileSizeLow=0x114dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="b-Rfp5Hen4HuNy07Wh3.mp3", cAlternateFileName="B-RFP5~1.MP3")) returned 1 [0155.409] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd06fb100, ftCreationTime.dwHighDateTime=0x1d5e3ee, ftLastAccessTime.dwLowDateTime=0x35dadf0, ftLastAccessTime.dwHighDateTime=0x1d5d897, ftLastWriteTime.dwLowDateTime=0x35dadf0, ftLastWriteTime.dwHighDateTime=0x1d5d897, nFileSizeHigh=0x0, nFileSizeLow=0x10bac, dwReserved0=0x0, dwReserved1=0x0, cFileName="lBbcWrlgX.m4a", cAlternateFileName="LBBCWR~1.M4A")) returned 1 [0155.409] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.410] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\7A0bSuhSHPgM.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\7a0bsuhshpgm.wav"), fInfoLevelId=0x0, lpFileInformation=0xc000069778 | out: lpFileInformation=0xc000069778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8566e020, ftCreationTime.dwHighDateTime=0x1d5e56f, ftLastAccessTime.dwLowDateTime=0x269cf140, ftLastAccessTime.dwHighDateTime=0x1d5e7c9, ftLastWriteTime.dwLowDateTime=0x269cf140, ftLastWriteTime.dwHighDateTime=0x1d5e7c9, nFileSizeHigh=0x0, nFileSizeLow=0x49a4)) returned 1 [0155.410] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0155.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\b-Rfp5Hen4HuNy07Wh3.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\b-rfp5hen4huny07wh3.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc000069778 | out: lpFileInformation=0xc000069778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x720e2e30, ftCreationTime.dwHighDateTime=0x1d5df74, ftLastAccessTime.dwLowDateTime=0xf32520, ftLastAccessTime.dwHighDateTime=0x1d5dadd, ftLastWriteTime.dwLowDateTime=0xf32520, ftLastWriteTime.dwHighDateTime=0x1d5dadd, nFileSizeHigh=0x0, nFileSizeLow=0x114dd)) returned 1 [0155.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\lBbcWrlgX.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\lbbcwrlgx.m4a"), fInfoLevelId=0x0, lpFileInformation=0xc000069778 | out: lpFileInformation=0xc000069778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd06fb100, ftCreationTime.dwHighDateTime=0x1d5e3ee, ftLastAccessTime.dwLowDateTime=0x35dadf0, ftLastAccessTime.dwHighDateTime=0x1d5d897, ftLastWriteTime.dwLowDateTime=0x35dadf0, ftLastWriteTime.dwHighDateTime=0x1d5d897, nFileSizeHigh=0x0, nFileSizeLow=0x10bac)) returned 1 [0155.412] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\ed_BIDg3.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ed_bidg3.wav"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8341e490, ftCreationTime.dwHighDateTime=0x1d5e14e, ftLastAccessTime.dwLowDateTime=0x71785280, ftLastAccessTime.dwHighDateTime=0x1d5e374, ftLastWriteTime.dwLowDateTime=0x71785280, ftLastWriteTime.dwHighDateTime=0x1d5e374, nFileSizeHigh=0x0, nFileSizeLow=0x5215)) returned 1 [0155.412] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e421860, ftCreationTime.dwHighDateTime=0x1d5e5bf, ftLastAccessTime.dwLowDateTime=0xf47c8f30, ftLastAccessTime.dwHighDateTime=0x1d5d8e2, ftLastWriteTime.dwLowDateTime=0xf47c8f30, ftLastWriteTime.dwHighDateTime=0x1d5d8e2, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.412] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.412] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\*", lpFindFileData=0xc0000696e0 | out: lpFindFileData=0xc0000696e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e421860, ftCreationTime.dwHighDateTime=0x1d5e5bf, ftLastAccessTime.dwLowDateTime=0xf47c8f30, ftLastAccessTime.dwHighDateTime=0x1d5d8e2, ftLastWriteTime.dwLowDateTime=0xf47c8f30, ftLastWriteTime.dwHighDateTime=0x1d5d8e2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.412] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1e421860, ftCreationTime.dwHighDateTime=0x1d5e5bf, ftLastAccessTime.dwLowDateTime=0xf47c8f30, ftLastAccessTime.dwHighDateTime=0x1d5d8e2, ftLastWriteTime.dwLowDateTime=0xf47c8f30, ftLastWriteTime.dwHighDateTime=0x1d5d8e2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.412] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69e26210, ftCreationTime.dwHighDateTime=0x1d5e2f0, ftLastAccessTime.dwLowDateTime=0x69b7cd20, ftLastAccessTime.dwHighDateTime=0x1d5da80, ftLastWriteTime.dwLowDateTime=0x69b7cd20, ftLastWriteTime.dwHighDateTime=0x1d5da80, nFileSizeHigh=0x0, nFileSizeLow=0x9971, dwReserved0=0x0, dwReserved1=0x0, cFileName="fB7kA7Be.m4a", cAlternateFileName="")) returned 1 [0155.412] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7bfed00, ftCreationTime.dwHighDateTime=0x1d5d94f, ftLastAccessTime.dwLowDateTime=0xd6e14a10, ftLastAccessTime.dwHighDateTime=0x1d5dd3d, ftLastWriteTime.dwLowDateTime=0xd6e14a10, ftLastWriteTime.dwHighDateTime=0x1d5dd3d, nFileSizeHigh=0x0, nFileSizeLow=0x1af5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ih6s_VaPthnsN.m4a", cAlternateFileName="IH6S_V~1.M4A")) returned 1 [0155.412] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5aa407c0, ftCreationTime.dwHighDateTime=0x1d5e081, ftLastAccessTime.dwLowDateTime=0xa274b690, ftLastAccessTime.dwHighDateTime=0x1d5e52b, ftLastWriteTime.dwLowDateTime=0xa274b690, ftLastWriteTime.dwHighDateTime=0x1d5e52b, nFileSizeHigh=0x0, nFileSizeLow=0xfa88, dwReserved0=0x0, dwReserved1=0x0, cFileName="IsNsA90uev.wav", cAlternateFileName="ISNSA9~1.WAV")) returned 1 [0155.413] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8929d320, ftCreationTime.dwHighDateTime=0x1d5e3d0, ftLastAccessTime.dwLowDateTime=0xa39f3660, ftLastAccessTime.dwHighDateTime=0x1d5e2c6, ftLastWriteTime.dwLowDateTime=0xa39f3660, ftLastWriteTime.dwHighDateTime=0x1d5e2c6, nFileSizeHigh=0x0, nFileSizeLow=0x162c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LLYs3yiQVYC_7Z9szy.m4a", cAlternateFileName="LLYS3Y~1.M4A")) returned 1 [0155.413] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9be117d0, ftCreationTime.dwHighDateTime=0x1d5e650, ftLastAccessTime.dwLowDateTime=0xcfa87220, ftLastAccessTime.dwHighDateTime=0x1d5dcd7, ftLastWriteTime.dwLowDateTime=0xcfa87220, ftLastWriteTime.dwHighDateTime=0x1d5dcd7, nFileSizeHigh=0x0, nFileSizeLow=0xf459, dwReserved0=0x0, dwReserved1=0x0, cFileName="O6sK.wav", cAlternateFileName="")) returned 1 [0155.413] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c49f290, ftCreationTime.dwHighDateTime=0x1d5db30, ftLastAccessTime.dwLowDateTime=0xca1e0610, ftLastAccessTime.dwHighDateTime=0x1d5dd38, ftLastWriteTime.dwLowDateTime=0xca1e0610, ftLastWriteTime.dwHighDateTime=0x1d5dd38, nFileSizeHigh=0x0, nFileSizeLow=0x15bc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="QtgFSWvjw70Lo7.wav", cAlternateFileName="QTGFSW~1.WAV")) returned 1 [0155.413] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92f8f180, ftCreationTime.dwHighDateTime=0x1d5da1e, ftLastAccessTime.dwLowDateTime=0xfe0de1f0, ftLastAccessTime.dwHighDateTime=0x1d5dcbd, ftLastWriteTime.dwLowDateTime=0xfe0de1f0, ftLastWriteTime.dwHighDateTime=0x1d5dcbd, nFileSizeHigh=0x0, nFileSizeLow=0x153bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="tjkg54Eo9XUb.wav", cAlternateFileName="TJKG54~1.WAV")) returned 1 [0155.413] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4007c480, ftCreationTime.dwHighDateTime=0x1d5d828, ftLastAccessTime.dwLowDateTime=0x99787520, ftLastAccessTime.dwHighDateTime=0x1d5dbf0, ftLastWriteTime.dwLowDateTime=0x99787520, ftLastWriteTime.dwHighDateTime=0x1d5dbf0, nFileSizeHigh=0x0, nFileSizeLow=0xb6b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="TwBqafWEHQ.m4a", cAlternateFileName="TWBQAF~1.M4A")) returned 1 [0155.413] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12da9980, ftCreationTime.dwHighDateTime=0x1d5e6db, ftLastAccessTime.dwLowDateTime=0xecefb150, ftLastAccessTime.dwHighDateTime=0x1d5e7c6, ftLastWriteTime.dwLowDateTime=0xecefb150, ftLastWriteTime.dwHighDateTime=0x1d5e7c6, nFileSizeHigh=0x0, nFileSizeLow=0xe714, dwReserved0=0x0, dwReserved1=0x0, cFileName="YihWu5R2TptPSX1.mp3", cAlternateFileName="YIHWU5~1.MP3")) returned 1 [0155.413] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.413] VirtualAlloc (lpAddress=0xc000296000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000296000 [0155.414] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.414] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\Ih6s_VaPthnsN.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\ih6s_vapthnsn.m4a"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7bfed00, ftCreationTime.dwHighDateTime=0x1d5d94f, ftLastAccessTime.dwLowDateTime=0xd6e14a10, ftLastAccessTime.dwHighDateTime=0x1d5dd3d, ftLastWriteTime.dwLowDateTime=0xd6e14a10, ftLastWriteTime.dwHighDateTime=0x1d5dd3d, nFileSizeHigh=0x0, nFileSizeLow=0x1af5)) returned 1 [0155.414] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\IsNsA90uev.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\isnsa90uev.wav"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5aa407c0, ftCreationTime.dwHighDateTime=0x1d5e081, ftLastAccessTime.dwLowDateTime=0xa274b690, ftLastAccessTime.dwHighDateTime=0x1d5e52b, ftLastWriteTime.dwLowDateTime=0xa274b690, ftLastWriteTime.dwHighDateTime=0x1d5e52b, nFileSizeHigh=0x0, nFileSizeLow=0xfa88)) returned 1 [0155.414] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\LLYs3yiQVYC_7Z9szy.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\llys3yiqvyc_7z9szy.m4a"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8929d320, ftCreationTime.dwHighDateTime=0x1d5e3d0, ftLastAccessTime.dwLowDateTime=0xa39f3660, ftLastAccessTime.dwHighDateTime=0x1d5e2c6, ftLastWriteTime.dwLowDateTime=0xa39f3660, ftLastWriteTime.dwHighDateTime=0x1d5e2c6, nFileSizeHigh=0x0, nFileSizeLow=0x162c6)) returned 1 [0155.415] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\O6sK.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\o6sk.wav"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9be117d0, ftCreationTime.dwHighDateTime=0x1d5e650, ftLastAccessTime.dwLowDateTime=0xcfa87220, ftLastAccessTime.dwHighDateTime=0x1d5dcd7, ftLastWriteTime.dwLowDateTime=0xcfa87220, ftLastWriteTime.dwHighDateTime=0x1d5dcd7, nFileSizeHigh=0x0, nFileSizeLow=0xf459)) returned 1 [0155.415] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\QtgFSWvjw70Lo7.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\qtgfswvjw70lo7.wav"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c49f290, ftCreationTime.dwHighDateTime=0x1d5db30, ftLastAccessTime.dwLowDateTime=0xca1e0610, ftLastAccessTime.dwHighDateTime=0x1d5dd38, ftLastWriteTime.dwLowDateTime=0xca1e0610, ftLastWriteTime.dwHighDateTime=0x1d5dd38, nFileSizeHigh=0x0, nFileSizeLow=0x15bc5)) returned 1 [0155.415] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\TwBqafWEHQ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\twbqafwehq.m4a"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4007c480, ftCreationTime.dwHighDateTime=0x1d5d828, ftLastAccessTime.dwLowDateTime=0x99787520, ftLastAccessTime.dwHighDateTime=0x1d5dbf0, ftLastWriteTime.dwLowDateTime=0x99787520, ftLastWriteTime.dwHighDateTime=0x1d5dbf0, nFileSizeHigh=0x0, nFileSizeLow=0xb6b9)) returned 1 [0155.415] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0155.417] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\YihWu5R2TptPSX1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\yihwu5r2tptpsx1.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12da9980, ftCreationTime.dwHighDateTime=0x1d5e6db, ftLastAccessTime.dwLowDateTime=0xecefb150, ftLastAccessTime.dwHighDateTime=0x1d5e7c6, ftLastWriteTime.dwLowDateTime=0xecefb150, ftLastWriteTime.dwHighDateTime=0x1d5e7c6, nFileSizeHigh=0x0, nFileSizeLow=0xe714)) returned 1 [0155.417] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\fB7kA7Be.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\fb7ka7be.m4a"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69e26210, ftCreationTime.dwHighDateTime=0x1d5e2f0, ftLastAccessTime.dwLowDateTime=0x69b7cd20, ftLastAccessTime.dwHighDateTime=0x1d5da80, ftLastWriteTime.dwLowDateTime=0x69b7cd20, ftLastWriteTime.dwHighDateTime=0x1d5da80, nFileSizeHigh=0x0, nFileSizeLow=0x9971)) returned 1 [0155.417] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\tjkg54Eo9XUb.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\tjkg54eo9xub.wav"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92f8f180, ftCreationTime.dwHighDateTime=0x1d5da1e, ftLastAccessTime.dwLowDateTime=0xfe0de1f0, ftLastAccessTime.dwHighDateTime=0x1d5dcbd, ftLastWriteTime.dwLowDateTime=0xfe0de1f0, ftLastWriteTime.dwHighDateTime=0x1d5dcbd, nFileSizeHigh=0x0, nFileSizeLow=0x153bd)) returned 1 [0155.418] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0155.418] VirtualAlloc (lpAddress=0xc0002ac000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ac000 [0155.420] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\jAmwdJv M_4HsdxN0p.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jamwdjv m_4hsdxn0p.wav"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9be43ff0, ftCreationTime.dwHighDateTime=0x1d5e1cd, ftLastAccessTime.dwLowDateTime=0x480a060, ftLastAccessTime.dwHighDateTime=0x1d5dfb9, ftLastWriteTime.dwLowDateTime=0x480a060, ftLastWriteTime.dwHighDateTime=0x1d5dfb9, nFileSizeHigh=0x0, nFileSizeLow=0x3fb8)) returned 1 [0155.421] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a562af0, ftCreationTime.dwHighDateTime=0x1d5e789, ftLastAccessTime.dwLowDateTime=0x4ff9de80, ftLastAccessTime.dwHighDateTime=0x1d5e126, ftLastWriteTime.dwLowDateTime=0x4ff9de80, ftLastWriteTime.dwHighDateTime=0x1d5e126, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0155.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.421] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\*", lpFindFileData=0xc0000696e0 | out: lpFindFileData=0xc0000696e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a562af0, ftCreationTime.dwHighDateTime=0x1d5e789, ftLastAccessTime.dwLowDateTime=0x4ff9de80, ftLastAccessTime.dwHighDateTime=0x1d5e126, ftLastWriteTime.dwLowDateTime=0x4ff9de80, ftLastWriteTime.dwHighDateTime=0x1d5e126, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.421] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a562af0, ftCreationTime.dwHighDateTime=0x1d5e789, ftLastAccessTime.dwLowDateTime=0x4ff9de80, ftLastAccessTime.dwHighDateTime=0x1d5e126, ftLastWriteTime.dwLowDateTime=0x4ff9de80, ftLastWriteTime.dwHighDateTime=0x1d5e126, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.421] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62f7eea0, ftCreationTime.dwHighDateTime=0x1d5de60, ftLastAccessTime.dwLowDateTime=0x89ace8e0, ftLastAccessTime.dwHighDateTime=0x1d5d927, ftLastWriteTime.dwLowDateTime=0x89ace8e0, ftLastWriteTime.dwHighDateTime=0x1d5d927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pApDKzHUyE", cAlternateFileName="PAPDKZ~1")) returned 1 [0155.421] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa63aa180, ftCreationTime.dwHighDateTime=0x1d5e5d6, ftLastAccessTime.dwLowDateTime=0x61a09b10, ftLastAccessTime.dwHighDateTime=0x1d5e018, ftLastWriteTime.dwLowDateTime=0x61a09b10, ftLastWriteTime.dwHighDateTime=0x1d5e018, nFileSizeHigh=0x0, nFileSizeLow=0xa427, dwReserved0=0x0, dwReserved1=0x0, cFileName="ritr.mp3", cAlternateFileName="")) returned 1 [0155.421] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.422] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.422] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62f7eea0, ftCreationTime.dwHighDateTime=0x1d5de60, ftLastAccessTime.dwLowDateTime=0x89ace8e0, ftLastAccessTime.dwHighDateTime=0x1d5d927, ftLastWriteTime.dwLowDateTime=0x89ace8e0, ftLastWriteTime.dwHighDateTime=0x1d5d927, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.422] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\*", lpFindFileData=0xc000069608 | out: lpFindFileData=0xc000069608*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62f7eea0, ftCreationTime.dwHighDateTime=0x1d5de60, ftLastAccessTime.dwLowDateTime=0x89ace8e0, ftLastAccessTime.dwHighDateTime=0x1d5d927, ftLastWriteTime.dwLowDateTime=0x89ace8e0, ftLastWriteTime.dwHighDateTime=0x1d5d927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.422] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62f7eea0, ftCreationTime.dwHighDateTime=0x1d5de60, ftLastAccessTime.dwLowDateTime=0x89ace8e0, ftLastAccessTime.dwHighDateTime=0x1d5d927, ftLastWriteTime.dwLowDateTime=0x89ace8e0, ftLastWriteTime.dwHighDateTime=0x1d5d927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.422] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6dbce1c0, ftCreationTime.dwHighDateTime=0x1d5e751, ftLastAccessTime.dwLowDateTime=0x9c3d9920, ftLastAccessTime.dwHighDateTime=0x1d5dbaf, ftLastWriteTime.dwLowDateTime=0x9c3d9920, ftLastWriteTime.dwHighDateTime=0x1d5dbaf, nFileSizeHigh=0x0, nFileSizeLow=0x1f7e, dwReserved0=0x0, dwReserved1=0x0, cFileName="1nrsYWYoyXhGH4G0oF8.wav", cAlternateFileName="1NRSYW~1.WAV")) returned 1 [0155.422] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95a48ce0, ftCreationTime.dwHighDateTime=0x1d5e67c, ftLastAccessTime.dwLowDateTime=0x9715720, ftLastAccessTime.dwHighDateTime=0x1d5d84a, ftLastWriteTime.dwLowDateTime=0x9715720, ftLastWriteTime.dwHighDateTime=0x1d5d84a, nFileSizeHigh=0x0, nFileSizeLow=0x18202, dwReserved0=0x0, dwReserved1=0x0, cFileName="G72JCxubkxh.wav", cAlternateFileName="G72JCX~1.WAV")) returned 1 [0155.423] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbfa4be60, ftCreationTime.dwHighDateTime=0x1d5e02e, ftLastAccessTime.dwLowDateTime=0x1ccd58c0, ftLastAccessTime.dwHighDateTime=0x1d5daf5, ftLastWriteTime.dwLowDateTime=0x1ccd58c0, ftLastWriteTime.dwHighDateTime=0x1d5daf5, nFileSizeHigh=0x0, nFileSizeLow=0x17000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hvX0.mp3", cAlternateFileName="")) returned 1 [0155.423] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x489ca720, ftCreationTime.dwHighDateTime=0x1d5e5cd, ftLastAccessTime.dwLowDateTime=0x112636a0, ftLastAccessTime.dwHighDateTime=0x1d5dc02, ftLastWriteTime.dwLowDateTime=0x112636a0, ftLastWriteTime.dwHighDateTime=0x1d5dc02, nFileSizeHigh=0x0, nFileSizeLow=0x120ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="NHHgzTyvVDR.mp3", cAlternateFileName="NHHGZT~1.MP3")) returned 1 [0155.423] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x965f7ef0, ftCreationTime.dwHighDateTime=0x1d5d8c7, ftLastAccessTime.dwLowDateTime=0xaab92cc0, ftLastAccessTime.dwHighDateTime=0x1d5dbba, ftLastWriteTime.dwLowDateTime=0xaab92cc0, ftLastWriteTime.dwHighDateTime=0x1d5dbba, nFileSizeHigh=0x0, nFileSizeLow=0x6e6f, dwReserved0=0x0, dwReserved1=0x0, cFileName="WCcPCD-tittU.wav", cAlternateFileName="WCCPCD~1.WAV")) returned 1 [0155.423] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.423] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.423] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\1nrsYWYoyXhGH4G0oF8.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\1nrsywyoyxhgh4g0of8.wav"), fInfoLevelId=0x0, lpFileInformation=0xc000069778 | out: lpFileInformation=0xc000069778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6dbce1c0, ftCreationTime.dwHighDateTime=0x1d5e751, ftLastAccessTime.dwLowDateTime=0x9c3d9920, ftLastAccessTime.dwHighDateTime=0x1d5dbaf, ftLastWriteTime.dwLowDateTime=0x9c3d9920, ftLastWriteTime.dwHighDateTime=0x1d5dbaf, nFileSizeHigh=0x0, nFileSizeLow=0x1f7e)) returned 1 [0155.423] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\G72JCxubkxh.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\g72jcxubkxh.wav"), fInfoLevelId=0x0, lpFileInformation=0xc000069778 | out: lpFileInformation=0xc000069778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x95a48ce0, ftCreationTime.dwHighDateTime=0x1d5e67c, ftLastAccessTime.dwLowDateTime=0x9715720, ftLastAccessTime.dwHighDateTime=0x1d5d84a, ftLastWriteTime.dwLowDateTime=0x9715720, ftLastWriteTime.dwHighDateTime=0x1d5d84a, nFileSizeHigh=0x0, nFileSizeLow=0x18202)) returned 1 [0155.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\NHHgzTyvVDR.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\nhhgztyvvdr.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc000069778 | out: lpFileInformation=0xc000069778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x489ca720, ftCreationTime.dwHighDateTime=0x1d5e5cd, ftLastAccessTime.dwLowDateTime=0x112636a0, ftLastAccessTime.dwHighDateTime=0x1d5dc02, ftLastWriteTime.dwLowDateTime=0x112636a0, ftLastWriteTime.dwHighDateTime=0x1d5dc02, nFileSizeHigh=0x0, nFileSizeLow=0x120ab)) returned 1 [0155.424] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0155.426] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\WCcPCD-tittU.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\wccpcd-tittu.wav"), fInfoLevelId=0x0, lpFileInformation=0xc000069778 | out: lpFileInformation=0xc000069778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x965f7ef0, ftCreationTime.dwHighDateTime=0x1d5d8c7, ftLastAccessTime.dwLowDateTime=0xaab92cc0, ftLastAccessTime.dwHighDateTime=0x1d5dbba, ftLastWriteTime.dwLowDateTime=0xaab92cc0, ftLastWriteTime.dwHighDateTime=0x1d5dbba, nFileSizeHigh=0x0, nFileSizeLow=0x6e6f)) returned 1 [0155.426] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\hvX0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\hvx0.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc000069778 | out: lpFileInformation=0xc000069778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbfa4be60, ftCreationTime.dwHighDateTime=0x1d5e02e, ftLastAccessTime.dwLowDateTime=0x1ccd58c0, ftLastAccessTime.dwHighDateTime=0x1d5daf5, ftLastWriteTime.dwLowDateTime=0x1ccd58c0, ftLastWriteTime.dwHighDateTime=0x1d5daf5, nFileSizeHigh=0x0, nFileSizeLow=0x17000)) returned 1 [0155.427] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\ritr.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\ritr.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa63aa180, ftCreationTime.dwHighDateTime=0x1d5e5d6, ftLastAccessTime.dwLowDateTime=0x61a09b10, ftLastAccessTime.dwHighDateTime=0x1d5e018, ftLastWriteTime.dwLowDateTime=0x61a09b10, ftLastWriteTime.dwHighDateTime=0x1d5e018, nFileSizeHigh=0x0, nFileSizeLow=0xa427)) returned 1 [0155.427] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents"), fInfoLevelId=0x0, lpFileInformation=0xc000069a00 | out: lpFileInformation=0xc000069a00*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0155.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x5a0 [0155.428] GetFileInformationByHandle (in: hFile=0x5a0, lpFileInformation=0xc000069954 | out: lpFileInformation=0xc000069954) returned 1 [0155.428] GetFileInformationByHandleEx (in: hFile=0x5a0, FileInformationClass=0x9, lpFileInformation=0xc000069938, dwBufferSize=0x8 | out: lpFileInformation=0xc000069938) returned 1 [0155.428] CloseHandle (hObject=0x5a0) returned 1 [0155.428] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0155.430] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), fInfoLevelId=0x0, lpFileInformation=0xc000069a00 | out: lpFileInformation=0xc000069a00*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8f3afd80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8f3afd80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0155.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), fInfoLevelId=0x0, lpFileInformation=0xc000069a00 | out: lpFileInformation=0xc000069a00*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0155.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), fInfoLevelId=0x0, lpFileInformation=0xc000069a00 | out: lpFileInformation=0xc000069a00*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0155.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), fInfoLevelId=0x0, lpFileInformation=0xc000069a00 | out: lpFileInformation=0xc000069a00*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f86da0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f86da0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x40b0f7f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0155.432] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0155.434] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood"), fInfoLevelId=0x0, lpFileInformation=0xc000069a00 | out: lpFileInformation=0xc000069a00*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0155.434] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x5a0 [0155.435] GetFileInformationByHandle (in: hFile=0x5a0, lpFileInformation=0xc000069954 | out: lpFileInformation=0xc000069954) returned 1 [0155.435] GetFileInformationByHandleEx (in: hFile=0x5a0, FileInformationClass=0x9, lpFileInformation=0xc000069938, dwBufferSize=0x8 | out: lpFileInformation=0xc000069938) returned 1 [0155.435] CloseHandle (hObject=0x5a0) returned 1 [0155.435] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures"), fInfoLevelId=0x0, lpFileInformation=0xc000069a00 | out: lpFileInformation=0xc000069a00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdbcfc9a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcfc9a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.435] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.435] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\*", lpFindFileData=0xc0000697b8 | out: lpFindFileData=0xc0000697b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdbcfc9a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcfc9a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdbcfc9a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbcfc9a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2d23e0, ftCreationTime.dwHighDateTime=0x1d5dbcb, ftLastAccessTime.dwLowDateTime=0x878bb450, ftLastAccessTime.dwHighDateTime=0x1d5dc4d, ftLastWriteTime.dwLowDateTime=0x878bb450, ftLastWriteTime.dwHighDateTime=0x1d5dc4d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bba6tvsVHX1ZrSnNfIY", cAlternateFileName="BBA6TV~1")) returned 1 [0155.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0155.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4fff08f0, ftCreationTime.dwHighDateTime=0x1d5d8b2, ftLastAccessTime.dwLowDateTime=0x623af1f0, ftLastAccessTime.dwHighDateTime=0x1d5dbc8, ftLastWriteTime.dwLowDateTime=0x623af1f0, ftLastWriteTime.dwHighDateTime=0x1d5dbc8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SNa_Kj_", cAlternateFileName="")) returned 1 [0155.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabfccc10, ftCreationTime.dwHighDateTime=0x1d5e167, ftLastAccessTime.dwLowDateTime=0xb2461710, ftLastAccessTime.dwHighDateTime=0x1d5dcef, ftLastWriteTime.dwLowDateTime=0xb2461710, ftLastWriteTime.dwHighDateTime=0x1d5dcef, nFileSizeHigh=0x0, nFileSizeLow=0x10471, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ub1qdukJq9owd2F8CO.jpg", cAlternateFileName="UB1QDU~1.JPG")) returned 1 [0155.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c104680, ftCreationTime.dwHighDateTime=0x1d5db94, ftLastAccessTime.dwLowDateTime=0x54a26d60, ftLastAccessTime.dwHighDateTime=0x1d5e236, ftLastWriteTime.dwLowDateTime=0x54a26d60, ftLastWriteTime.dwHighDateTime=0x1d5e236, nFileSizeHigh=0x0, nFileSizeLow=0xe512, dwReserved0=0x0, dwReserved1=0x0, cFileName="WS3nVrMR4-.bmp", cAlternateFileName="WS3NVR~1.BMP")) returned 1 [0155.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x145084d0, ftCreationTime.dwHighDateTime=0x1d5ded1, ftLastAccessTime.dwLowDateTime=0xf1b43300, ftLastAccessTime.dwHighDateTime=0x1d5d7c7, ftLastWriteTime.dwLowDateTime=0xf1b43300, ftLastWriteTime.dwHighDateTime=0x1d5d7c7, nFileSizeHigh=0x0, nFileSizeLow=0xf23, dwReserved0=0x0, dwReserved1=0x0, cFileName="YfH6-Fb2pe.png", cAlternateFileName="YFH6-F~1.PNG")) returned 1 [0155.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc94c1070, ftCreationTime.dwHighDateTime=0x1d5db11, ftLastAccessTime.dwLowDateTime=0x6ffa5670, ftLastAccessTime.dwHighDateTime=0x1d5e6d4, ftLastWriteTime.dwLowDateTime=0x6ffa5670, ftLastWriteTime.dwHighDateTime=0x1d5e6d4, nFileSizeHigh=0x0, nFileSizeLow=0xe9ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="zZGqA7r9Vz.jpg", cAlternateFileName="ZZGQA7~1.JPG")) returned 1 [0155.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000697e8 | out: lpFindFileData=0xc0000697e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.436] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Bba6tvsVHX1ZrSnNfIY" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bba6tvsvhx1zrsnnfiy"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2d23e0, ftCreationTime.dwHighDateTime=0x1d5dbcb, ftLastAccessTime.dwLowDateTime=0x878bb450, ftLastAccessTime.dwHighDateTime=0x1d5dc4d, ftLastWriteTime.dwLowDateTime=0x878bb450, ftLastWriteTime.dwHighDateTime=0x1d5dc4d, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0155.437] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Bba6tvsVHX1ZrSnNfIY" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bba6tvsvhx1zrsnnfiy"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.437] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Bba6tvsVHX1ZrSnNfIY\\*", lpFindFileData=0xc0000696e0 | out: lpFindFileData=0xc0000696e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2d23e0, ftCreationTime.dwHighDateTime=0x1d5dbcb, ftLastAccessTime.dwLowDateTime=0x878bb450, ftLastAccessTime.dwHighDateTime=0x1d5dc4d, ftLastWriteTime.dwLowDateTime=0x878bb450, ftLastWriteTime.dwHighDateTime=0x1d5dc4d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.437] VirtualAlloc (lpAddress=0xc000298000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000298000 [0155.439] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2d23e0, ftCreationTime.dwHighDateTime=0x1d5dbcb, ftLastAccessTime.dwLowDateTime=0x878bb450, ftLastAccessTime.dwHighDateTime=0x1d5dc4d, ftLastWriteTime.dwLowDateTime=0x878bb450, ftLastWriteTime.dwHighDateTime=0x1d5dc4d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.439] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1dc2da10, ftCreationTime.dwHighDateTime=0x1d5e7df, ftLastAccessTime.dwLowDateTime=0xce8e08b0, ftLastAccessTime.dwHighDateTime=0x1d5dbeb, ftLastWriteTime.dwLowDateTime=0xce8e08b0, ftLastWriteTime.dwHighDateTime=0x1d5dbeb, nFileSizeHigh=0x0, nFileSizeLow=0x10bf6, dwReserved0=0x0, dwReserved1=0x0, cFileName="NZuv2Qads 2CLaHFUH.gif", cAlternateFileName="NZUV2Q~1.GIF")) returned 1 [0155.439] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.439] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.440] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Bba6tvsVHX1ZrSnNfIY\\NZuv2Qads 2CLaHFUH.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bba6tvsvhx1zrsnnfiy\\nzuv2qads 2clahfuh.gif"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1dc2da10, ftCreationTime.dwHighDateTime=0x1d5e7df, ftLastAccessTime.dwLowDateTime=0xce8e08b0, ftLastAccessTime.dwHighDateTime=0x1d5dbeb, ftLastWriteTime.dwLowDateTime=0xce8e08b0, ftLastWriteTime.dwHighDateTime=0x1d5dbeb, nFileSizeHigh=0x0, nFileSizeLow=0x10bf6)) returned 1 [0155.440] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_"), fInfoLevelId=0x0, lpFileInformation=0xc000069928 | out: lpFileInformation=0xc000069928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4fff08f0, ftCreationTime.dwHighDateTime=0x1d5d8b2, ftLastAccessTime.dwLowDateTime=0x623af1f0, ftLastAccessTime.dwHighDateTime=0x1d5dbc8, ftLastWriteTime.dwLowDateTime=0x623af1f0, ftLastWriteTime.dwHighDateTime=0x1d5dbc8, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.440] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.440] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\*", lpFindFileData=0xc0000696e0 | out: lpFindFileData=0xc0000696e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4fff08f0, ftCreationTime.dwHighDateTime=0x1d5d8b2, ftLastAccessTime.dwLowDateTime=0x623af1f0, ftLastAccessTime.dwHighDateTime=0x1d5dbc8, ftLastWriteTime.dwLowDateTime=0x623af1f0, ftLastWriteTime.dwHighDateTime=0x1d5dbc8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.441] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4fff08f0, ftCreationTime.dwHighDateTime=0x1d5d8b2, ftLastAccessTime.dwLowDateTime=0x623af1f0, ftLastAccessTime.dwHighDateTime=0x1d5dbc8, ftLastWriteTime.dwLowDateTime=0x623af1f0, ftLastWriteTime.dwHighDateTime=0x1d5dbc8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.441] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf1ea720, ftCreationTime.dwHighDateTime=0x1d5df0b, ftLastAccessTime.dwLowDateTime=0x2d28c600, ftLastAccessTime.dwHighDateTime=0x1d5dd1b, ftLastWriteTime.dwLowDateTime=0x2d28c600, ftLastWriteTime.dwHighDateTime=0x1d5dd1b, nFileSizeHigh=0x0, nFileSizeLow=0xb645, dwReserved0=0x0, dwReserved1=0x0, cFileName="-7NpFxydsa0tJA.png", cAlternateFileName="-7NPFX~1.PNG")) returned 1 [0155.441] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d6db050, ftCreationTime.dwHighDateTime=0x1d5e2e4, ftLastAccessTime.dwLowDateTime=0x9eeeefe0, ftLastAccessTime.dwHighDateTime=0x1d5df04, ftLastWriteTime.dwLowDateTime=0x9eeeefe0, ftLastWriteTime.dwHighDateTime=0x1d5df04, nFileSizeHigh=0x0, nFileSizeLow=0x136fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="88w R.jpg", cAlternateFileName="88WR~1.JPG")) returned 1 [0155.441] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x991e51c0, ftCreationTime.dwHighDateTime=0x1d5dbf1, ftLastAccessTime.dwLowDateTime=0x7696aab0, ftLastAccessTime.dwHighDateTime=0x1d5e652, ftLastWriteTime.dwLowDateTime=0x7696aab0, ftLastWriteTime.dwHighDateTime=0x1d5e652, nFileSizeHigh=0x0, nFileSizeLow=0x5445, dwReserved0=0x0, dwReserved1=0x0, cFileName="iOBn1bkbua7.png", cAlternateFileName="IOBN1B~1.PNG")) returned 1 [0155.441] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0ae64a0, ftCreationTime.dwHighDateTime=0x1d5db36, ftLastAccessTime.dwLowDateTime=0x3a90a50, ftLastAccessTime.dwHighDateTime=0x1d5e636, ftLastWriteTime.dwLowDateTime=0x3a90a50, ftLastWriteTime.dwHighDateTime=0x1d5e636, nFileSizeHigh=0x0, nFileSizeLow=0xafb7, dwReserved0=0x0, dwReserved1=0x0, cFileName="RhM0SUlFme.png", cAlternateFileName="RHM0SU~1.PNG")) returned 1 [0155.441] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef9ef180, ftCreationTime.dwHighDateTime=0x1d5d81d, ftLastAccessTime.dwLowDateTime=0x56809410, ftLastAccessTime.dwHighDateTime=0x1d5e527, ftLastWriteTime.dwLowDateTime=0x56809410, ftLastWriteTime.dwHighDateTime=0x1d5e527, nFileSizeHigh=0x0, nFileSizeLow=0xd331, dwReserved0=0x0, dwReserved1=0x0, cFileName="vfJbgc7tLtAOeJn.png", cAlternateFileName="VFJBGC~1.PNG")) returned 1 [0155.441] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xec65efa0, ftCreationTime.dwHighDateTime=0x1d5de49, ftLastAccessTime.dwLowDateTime=0xc088b850, ftLastAccessTime.dwHighDateTime=0x1d5e7da, ftLastWriteTime.dwLowDateTime=0xc088b850, ftLastWriteTime.dwHighDateTime=0x1d5e7da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VZDot6k", cAlternateFileName="")) returned 1 [0155.441] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcea118d0, ftCreationTime.dwHighDateTime=0x1d5dd1a, ftLastAccessTime.dwLowDateTime=0x3e396480, ftLastAccessTime.dwHighDateTime=0x1d5e299, ftLastWriteTime.dwLowDateTime=0x3e396480, ftLastWriteTime.dwHighDateTime=0x1d5e299, nFileSizeHigh=0x0, nFileSizeLow=0x12c10, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZP3EtF2zN8ybT3QrgX8N.png", cAlternateFileName="ZP3ETF~1.PNG")) returned 1 [0155.441] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6e8939f0, ftCreationTime.dwHighDateTime=0x1d5dc02, ftLastAccessTime.dwLowDateTime=0x52bf53d0, ftLastAccessTime.dwHighDateTime=0x1d5e5cb, ftLastWriteTime.dwLowDateTime=0x52bf53d0, ftLastWriteTime.dwHighDateTime=0x1d5e5cb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zxXR", cAlternateFileName="")) returned 1 [0155.441] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069710 | out: lpFindFileData=0xc000069710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.441] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.442] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\-7NpFxydsa0tJA.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\-7npfxydsa0tja.png"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf1ea720, ftCreationTime.dwHighDateTime=0x1d5df0b, ftLastAccessTime.dwLowDateTime=0x2d28c600, ftLastAccessTime.dwHighDateTime=0x1d5dd1b, ftLastWriteTime.dwLowDateTime=0x2d28c600, ftLastWriteTime.dwHighDateTime=0x1d5dd1b, nFileSizeHigh=0x0, nFileSizeLow=0xb645)) returned 1 [0155.442] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\88w R.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\88w r.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d6db050, ftCreationTime.dwHighDateTime=0x1d5e2e4, ftLastAccessTime.dwLowDateTime=0x9eeeefe0, ftLastAccessTime.dwHighDateTime=0x1d5df04, ftLastWriteTime.dwLowDateTime=0x9eeeefe0, ftLastWriteTime.dwHighDateTime=0x1d5df04, nFileSizeHigh=0x0, nFileSizeLow=0x136fd)) returned 1 [0155.442] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0155.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\RhM0SUlFme.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\rhm0sulfme.png"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0ae64a0, ftCreationTime.dwHighDateTime=0x1d5db36, ftLastAccessTime.dwLowDateTime=0x3a90a50, ftLastAccessTime.dwHighDateTime=0x1d5e636, ftLastWriteTime.dwLowDateTime=0x3a90a50, ftLastWriteTime.dwHighDateTime=0x1d5e636, nFileSizeHigh=0x0, nFileSizeLow=0xafb7)) returned 1 [0155.445] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k"), fInfoLevelId=0x0, lpFileInformation=0xc000069850 | out: lpFileInformation=0xc000069850*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xec65efa0, ftCreationTime.dwHighDateTime=0x1d5de49, ftLastAccessTime.dwLowDateTime=0xc088b850, ftLastAccessTime.dwHighDateTime=0x1d5e7da, ftLastWriteTime.dwLowDateTime=0xc088b850, ftLastWriteTime.dwHighDateTime=0x1d5e7da, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.445] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\*", lpFindFileData=0xc000069608 | out: lpFindFileData=0xc000069608*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xec65efa0, ftCreationTime.dwHighDateTime=0x1d5de49, ftLastAccessTime.dwLowDateTime=0xc088b850, ftLastAccessTime.dwHighDateTime=0x1d5e7da, ftLastWriteTime.dwLowDateTime=0xc088b850, ftLastWriteTime.dwHighDateTime=0x1d5e7da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.445] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xec65efa0, ftCreationTime.dwHighDateTime=0x1d5de49, ftLastAccessTime.dwLowDateTime=0xc088b850, ftLastAccessTime.dwHighDateTime=0x1d5e7da, ftLastWriteTime.dwLowDateTime=0xc088b850, ftLastWriteTime.dwHighDateTime=0x1d5e7da, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.445] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1be60a0, ftCreationTime.dwHighDateTime=0x1d5d7d1, ftLastAccessTime.dwLowDateTime=0x28559350, ftLastAccessTime.dwHighDateTime=0x1d5e3cf, ftLastWriteTime.dwLowDateTime=0x28559350, ftLastWriteTime.dwHighDateTime=0x1d5e3cf, nFileSizeHigh=0x0, nFileSizeLow=0xc6d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="7znj_LIq7Lm-2.gif", cAlternateFileName="7ZNJ_L~1.GIF")) returned 1 [0155.445] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x608480e0, ftCreationTime.dwHighDateTime=0x1d5e282, ftLastAccessTime.dwLowDateTime=0xd50d4e0, ftLastAccessTime.dwHighDateTime=0x1d5e477, ftLastWriteTime.dwLowDateTime=0xd50d4e0, ftLastWriteTime.dwHighDateTime=0x1d5e477, nFileSizeHigh=0x0, nFileSizeLow=0xd614, dwReserved0=0x0, dwReserved1=0x0, cFileName="CyAhUxZ0u2J2NUf.jpg", cAlternateFileName="CYAHUX~1.JPG")) returned 1 [0155.446] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42f88910, ftCreationTime.dwHighDateTime=0x1d5de4d, ftLastAccessTime.dwLowDateTime=0xb988c700, ftLastAccessTime.dwHighDateTime=0x1d5e15b, ftLastWriteTime.dwLowDateTime=0xb988c700, ftLastWriteTime.dwHighDateTime=0x1d5e15b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="G_thYPOc-7akcO8", cAlternateFileName="G_THYP~1")) returned 1 [0155.446] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47b47db0, ftCreationTime.dwHighDateTime=0x1d5dc90, ftLastAccessTime.dwLowDateTime=0x66b36150, ftLastAccessTime.dwHighDateTime=0x1d5e766, ftLastWriteTime.dwLowDateTime=0x66b36150, ftLastWriteTime.dwHighDateTime=0x1d5e766, nFileSizeHigh=0x0, nFileSizeLow=0x7f1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="RRrMZFNcPf9FA.gif", cAlternateFileName="RRRMZF~1.GIF")) returned 1 [0155.446] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069638 | out: lpFindFileData=0xc000069638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.446] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.446] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\7znj_LIq7Lm-2.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\7znj_liq7lm-2.gif"), fInfoLevelId=0x0, lpFileInformation=0xc000069778 | out: lpFileInformation=0xc000069778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1be60a0, ftCreationTime.dwHighDateTime=0x1d5d7d1, ftLastAccessTime.dwLowDateTime=0x28559350, ftLastAccessTime.dwHighDateTime=0x1d5e3cf, ftLastWriteTime.dwLowDateTime=0x28559350, ftLastWriteTime.dwHighDateTime=0x1d5e3cf, nFileSizeHigh=0x0, nFileSizeLow=0xc6d5)) returned 1 [0155.446] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\CyAhUxZ0u2J2NUf.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\cyahuxz0u2j2nuf.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000069778 | out: lpFileInformation=0xc000069778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x608480e0, ftCreationTime.dwHighDateTime=0x1d5e282, ftLastAccessTime.dwLowDateTime=0xd50d4e0, ftLastAccessTime.dwHighDateTime=0x1d5e477, ftLastWriteTime.dwLowDateTime=0xd50d4e0, ftLastWriteTime.dwHighDateTime=0x1d5e477, nFileSizeHigh=0x0, nFileSizeLow=0xd614)) returned 1 [0155.447] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8"), fInfoLevelId=0x0, lpFileInformation=0xc000069778 | out: lpFileInformation=0xc000069778*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42f88910, ftCreationTime.dwHighDateTime=0x1d5de4d, ftLastAccessTime.dwLowDateTime=0xb988c700, ftLastAccessTime.dwHighDateTime=0x1d5e15b, ftLastWriteTime.dwLowDateTime=0xb988c700, ftLastWriteTime.dwHighDateTime=0x1d5e15b, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.447] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.447] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\*", lpFindFileData=0xc000069530 | out: lpFindFileData=0xc000069530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42f88910, ftCreationTime.dwHighDateTime=0x1d5de4d, ftLastAccessTime.dwLowDateTime=0xb988c700, ftLastAccessTime.dwHighDateTime=0x1d5e15b, ftLastWriteTime.dwLowDateTime=0xb988c700, ftLastWriteTime.dwHighDateTime=0x1d5e15b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.447] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069560 | out: lpFindFileData=0xc000069560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42f88910, ftCreationTime.dwHighDateTime=0x1d5de4d, ftLastAccessTime.dwLowDateTime=0xb988c700, ftLastAccessTime.dwHighDateTime=0x1d5e15b, ftLastWriteTime.dwLowDateTime=0xb988c700, ftLastWriteTime.dwHighDateTime=0x1d5e15b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.447] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069560 | out: lpFindFileData=0xc000069560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6bdd90c0, ftCreationTime.dwHighDateTime=0x1d5dc98, ftLastAccessTime.dwLowDateTime=0xd3a42200, ftLastAccessTime.dwHighDateTime=0x1d5e283, ftLastWriteTime.dwLowDateTime=0xd3a42200, ftLastWriteTime.dwHighDateTime=0x1d5e283, nFileSizeHigh=0x0, nFileSizeLow=0x854b, dwReserved0=0x0, dwReserved1=0x0, cFileName="IhGRZo.png", cAlternateFileName="")) returned 1 [0155.448] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069560 | out: lpFindFileData=0xc000069560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3d28480, ftCreationTime.dwHighDateTime=0x1d5d988, ftLastAccessTime.dwLowDateTime=0x837d5830, ftLastAccessTime.dwHighDateTime=0x1d5e154, ftLastWriteTime.dwLowDateTime=0x837d5830, ftLastWriteTime.dwHighDateTime=0x1d5e154, nFileSizeHigh=0x0, nFileSizeLow=0x16a47, dwReserved0=0x0, dwReserved1=0x0, cFileName="IVEiiNEKbFiWetwReL-r.bmp", cAlternateFileName="IVEIIN~1.BMP")) returned 1 [0155.448] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069560 | out: lpFindFileData=0xc000069560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3efe4510, ftCreationTime.dwHighDateTime=0x1d5e7d1, ftLastAccessTime.dwLowDateTime=0xbd968480, ftLastAccessTime.dwHighDateTime=0x1d5d9af, ftLastWriteTime.dwLowDateTime=0xbd968480, ftLastWriteTime.dwHighDateTime=0x1d5d9af, nFileSizeHigh=0x0, nFileSizeLow=0xa700, dwReserved0=0x0, dwReserved1=0x0, cFileName="kEv94GQePX7n.png", cAlternateFileName="KEV94G~1.PNG")) returned 1 [0155.448] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069560 | out: lpFindFileData=0xc000069560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe2547700, ftCreationTime.dwHighDateTime=0x1d5e12a, ftLastAccessTime.dwLowDateTime=0xd708d20, ftLastAccessTime.dwHighDateTime=0x1d5e680, ftLastWriteTime.dwLowDateTime=0xd708d20, ftLastWriteTime.dwHighDateTime=0x1d5e680, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LIcVHKu", cAlternateFileName="")) returned 1 [0155.448] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069560 | out: lpFindFileData=0xc000069560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe758cb00, ftCreationTime.dwHighDateTime=0x1d5df88, ftLastAccessTime.dwLowDateTime=0x88cf5890, ftLastAccessTime.dwHighDateTime=0x1d5e287, ftLastWriteTime.dwLowDateTime=0x88cf5890, ftLastWriteTime.dwHighDateTime=0x1d5e287, nFileSizeHigh=0x0, nFileSizeLow=0xdce7, dwReserved0=0x0, dwReserved1=0x0, cFileName="PF7RnC.bmp", cAlternateFileName="")) returned 1 [0155.448] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069560 | out: lpFindFileData=0xc000069560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53b70aa0, ftCreationTime.dwHighDateTime=0x1d5de12, ftLastAccessTime.dwLowDateTime=0xbdeaeda0, ftLastAccessTime.dwHighDateTime=0x1d5e395, ftLastWriteTime.dwLowDateTime=0xbdeaeda0, ftLastWriteTime.dwHighDateTime=0x1d5e395, nFileSizeHigh=0x0, nFileSizeLow=0x12577, dwReserved0=0x0, dwReserved1=0x0, cFileName="_A5x CK.gif", cAlternateFileName="_A5XCK~1.GIF")) returned 1 [0155.448] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000069560 | out: lpFindFileData=0xc000069560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.448] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.448] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\IVEiiNEKbFiWetwReL-r.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\iveiinekbfiwetwrel-r.bmp"), fInfoLevelId=0x0, lpFileInformation=0xc0000696a0 | out: lpFileInformation=0xc0000696a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3d28480, ftCreationTime.dwHighDateTime=0x1d5d988, ftLastAccessTime.dwLowDateTime=0x837d5830, ftLastAccessTime.dwHighDateTime=0x1d5e154, ftLastWriteTime.dwLowDateTime=0x837d5830, ftLastWriteTime.dwHighDateTime=0x1d5e154, nFileSizeHigh=0x0, nFileSizeLow=0x16a47)) returned 1 [0155.448] VirtualAlloc (lpAddress=0xc000310000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000310000 [0155.450] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\IhGRZo.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\ihgrzo.png"), fInfoLevelId=0x0, lpFileInformation=0xc0000696a0 | out: lpFileInformation=0xc0000696a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6bdd90c0, ftCreationTime.dwHighDateTime=0x1d5dc98, ftLastAccessTime.dwLowDateTime=0xd3a42200, ftLastAccessTime.dwHighDateTime=0x1d5e283, ftLastWriteTime.dwLowDateTime=0xd3a42200, ftLastWriteTime.dwHighDateTime=0x1d5e283, nFileSizeHigh=0x0, nFileSizeLow=0x854b)) returned 1 [0155.451] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku"), fInfoLevelId=0x0, lpFileInformation=0xc0000696a0 | out: lpFileInformation=0xc0000696a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe2547700, ftCreationTime.dwHighDateTime=0x1d5e12a, ftLastAccessTime.dwLowDateTime=0xd708d20, ftLastAccessTime.dwHighDateTime=0x1d5e680, ftLastWriteTime.dwLowDateTime=0xd708d20, ftLastWriteTime.dwHighDateTime=0x1d5e680, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.451] VirtualAlloc (lpAddress=0xc00031c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031c000 [0155.461] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\*", lpFindFileData=0xc000323458 | out: lpFindFileData=0xc000323458*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe2547700, ftCreationTime.dwHighDateTime=0x1d5e12a, ftLastAccessTime.dwLowDateTime=0xd708d20, ftLastAccessTime.dwHighDateTime=0x1d5e680, ftLastWriteTime.dwLowDateTime=0xd708d20, ftLastWriteTime.dwHighDateTime=0x1d5e680, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323488 | out: lpFindFileData=0xc000323488*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe2547700, ftCreationTime.dwHighDateTime=0x1d5e12a, ftLastAccessTime.dwLowDateTime=0xd708d20, ftLastAccessTime.dwHighDateTime=0x1d5e680, ftLastWriteTime.dwLowDateTime=0xd708d20, ftLastWriteTime.dwHighDateTime=0x1d5e680, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323488 | out: lpFindFileData=0xc000323488*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd44198c0, ftCreationTime.dwHighDateTime=0x1d5d836, ftLastAccessTime.dwLowDateTime=0x2d26e960, ftLastAccessTime.dwHighDateTime=0x1d5e5af, ftLastWriteTime.dwLowDateTime=0x2d26e960, ftLastWriteTime.dwHighDateTime=0x1d5e5af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="-S72hWfUsGFs", cAlternateFileName="-S72HW~1")) returned 1 [0155.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323488 | out: lpFindFileData=0xc000323488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e8c2f30, ftCreationTime.dwHighDateTime=0x1d5d7b3, ftLastAccessTime.dwLowDateTime=0xa9e5b70, ftLastAccessTime.dwHighDateTime=0x1d5dd9a, ftLastWriteTime.dwLowDateTime=0xa9e5b70, ftLastWriteTime.dwHighDateTime=0x1d5dd9a, nFileSizeHigh=0x0, nFileSizeLow=0x16905, dwReserved0=0x0, dwReserved1=0x0, cFileName="0OwJbeK2.png", cAlternateFileName="")) returned 1 [0155.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323488 | out: lpFindFileData=0xc000323488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d364ba0, ftCreationTime.dwHighDateTime=0x1d5e6e7, ftLastAccessTime.dwLowDateTime=0x145851a0, ftLastAccessTime.dwHighDateTime=0x1d5dbdf, ftLastWriteTime.dwLowDateTime=0x145851a0, ftLastWriteTime.dwHighDateTime=0x1d5dbdf, nFileSizeHigh=0x0, nFileSizeLow=0x99fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="cLHsCJaGwG6vjGL.bmp", cAlternateFileName="CLHSCJ~1.BMP")) returned 1 [0155.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323488 | out: lpFindFileData=0xc000323488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1651ecb0, ftCreationTime.dwHighDateTime=0x1d5e72d, ftLastAccessTime.dwLowDateTime=0x5dc85c40, ftLastAccessTime.dwHighDateTime=0x1d5e431, ftLastWriteTime.dwLowDateTime=0x5dc85c40, ftLastWriteTime.dwHighDateTime=0x1d5e431, nFileSizeHigh=0x0, nFileSizeLow=0x13ec4, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMjUHDiGq7OE.jpg", cAlternateFileName="MMJUHD~1.JPG")) returned 1 [0155.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323488 | out: lpFindFileData=0xc000323488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c58ec0, ftCreationTime.dwHighDateTime=0x1d5e55a, ftLastAccessTime.dwLowDateTime=0xe9cb48b0, ftLastAccessTime.dwHighDateTime=0x1d5dcb6, ftLastWriteTime.dwLowDateTime=0xe9cb48b0, ftLastWriteTime.dwHighDateTime=0x1d5dcb6, nFileSizeHigh=0x0, nFileSizeLow=0x6cad, dwReserved0=0x0, dwReserved1=0x0, cFileName="RTEhwpoz7DC1cQI8j.jpg", cAlternateFileName="RTEHWP~1.JPG")) returned 1 [0155.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323488 | out: lpFindFileData=0xc000323488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.462] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.462] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs"), fInfoLevelId=0x0, lpFileInformation=0xc0003235c8 | out: lpFileInformation=0xc0003235c8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd44198c0, ftCreationTime.dwHighDateTime=0x1d5d836, ftLastAccessTime.dwLowDateTime=0x2d26e960, ftLastAccessTime.dwHighDateTime=0x1d5e5af, ftLastWriteTime.dwLowDateTime=0x2d26e960, ftLastWriteTime.dwHighDateTime=0x1d5e5af, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.462] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\*", lpFindFileData=0xc000323380 | out: lpFindFileData=0xc000323380*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd44198c0, ftCreationTime.dwHighDateTime=0x1d5d836, ftLastAccessTime.dwLowDateTime=0x2d26e960, ftLastAccessTime.dwHighDateTime=0x1d5e5af, ftLastWriteTime.dwLowDateTime=0x2d26e960, ftLastWriteTime.dwHighDateTime=0x1d5e5af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003233b0 | out: lpFindFileData=0xc0003233b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd44198c0, ftCreationTime.dwHighDateTime=0x1d5d836, ftLastAccessTime.dwLowDateTime=0x2d26e960, ftLastAccessTime.dwHighDateTime=0x1d5e5af, ftLastWriteTime.dwLowDateTime=0x2d26e960, ftLastWriteTime.dwHighDateTime=0x1d5e5af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003233b0 | out: lpFindFileData=0xc0003233b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d976630, ftCreationTime.dwHighDateTime=0x1d5e13b, ftLastAccessTime.dwLowDateTime=0x144ec40, ftLastAccessTime.dwHighDateTime=0x1d5df8b, ftLastWriteTime.dwLowDateTime=0x144ec40, ftLastWriteTime.dwHighDateTime=0x1d5df8b, nFileSizeHigh=0x0, nFileSizeLow=0x18a12, dwReserved0=0x0, dwReserved1=0x0, cFileName="4R9tZtrZGT_1B.bmp", cAlternateFileName="4R9TZT~1.BMP")) returned 1 [0155.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003233b0 | out: lpFindFileData=0xc0003233b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92ca53c0, ftCreationTime.dwHighDateTime=0x1d5dc08, ftLastAccessTime.dwLowDateTime=0x11d31470, ftLastAccessTime.dwHighDateTime=0x1d5d9bd, ftLastWriteTime.dwLowDateTime=0x11d31470, ftLastWriteTime.dwHighDateTime=0x1d5d9bd, nFileSizeHigh=0x0, nFileSizeLow=0xf362, dwReserved0=0x0, dwReserved1=0x0, cFileName="icpx0TggJcrh30S.jpg", cAlternateFileName="ICPX0T~1.JPG")) returned 1 [0155.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003233b0 | out: lpFindFileData=0xc0003233b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa95555b0, ftCreationTime.dwHighDateTime=0x1d5df99, ftLastAccessTime.dwLowDateTime=0x25950df0, ftLastAccessTime.dwHighDateTime=0x1d5e6a7, ftLastWriteTime.dwLowDateTime=0x25950df0, ftLastWriteTime.dwHighDateTime=0x1d5e6a7, nFileSizeHigh=0x0, nFileSizeLow=0x65d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="jHuL_YLH6suGmW.gif", cAlternateFileName="JHUL_Y~1.GIF")) returned 1 [0155.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003233b0 | out: lpFindFileData=0xc0003233b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd87045e0, ftCreationTime.dwHighDateTime=0x1d5db79, ftLastAccessTime.dwLowDateTime=0x22932320, ftLastAccessTime.dwHighDateTime=0x1d5d802, ftLastWriteTime.dwLowDateTime=0x22932320, ftLastWriteTime.dwHighDateTime=0x1d5d802, nFileSizeHigh=0x0, nFileSizeLow=0x100b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="nmnOXj.bmp", cAlternateFileName="")) returned 1 [0155.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003233b0 | out: lpFindFileData=0xc0003233b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb403650, ftCreationTime.dwHighDateTime=0x1d5d951, ftLastAccessTime.dwLowDateTime=0xfc7172a0, ftLastAccessTime.dwHighDateTime=0x1d5e616, ftLastWriteTime.dwLowDateTime=0xfc7172a0, ftLastWriteTime.dwHighDateTime=0x1d5e616, nFileSizeHigh=0x0, nFileSizeLow=0x66ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="plkB4TD2QZSfN1cFlc0.jpg", cAlternateFileName="PLKB4T~1.JPG")) returned 1 [0155.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003233b0 | out: lpFindFileData=0xc0003233b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf778860, ftCreationTime.dwHighDateTime=0x1d5dd2a, ftLastAccessTime.dwLowDateTime=0x98e64ee0, ftLastAccessTime.dwHighDateTime=0x1d5e2a1, ftLastWriteTime.dwLowDateTime=0x98e64ee0, ftLastWriteTime.dwHighDateTime=0x1d5e2a1, nFileSizeHigh=0x0, nFileSizeLow=0x70e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="vOTqYx.bmp", cAlternateFileName="")) returned 1 [0155.463] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003233b0 | out: lpFindFileData=0xc0003233b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.463] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.463] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0155.465] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\4R9tZtrZGT_1B.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\4r9tztrzgt_1b.bmp"), fInfoLevelId=0x0, lpFileInformation=0xc0003234f0 | out: lpFileInformation=0xc0003234f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d976630, ftCreationTime.dwHighDateTime=0x1d5e13b, ftLastAccessTime.dwLowDateTime=0x144ec40, ftLastAccessTime.dwHighDateTime=0x1d5df8b, ftLastWriteTime.dwLowDateTime=0x144ec40, ftLastWriteTime.dwHighDateTime=0x1d5df8b, nFileSizeHigh=0x0, nFileSizeLow=0x18a12)) returned 1 [0155.465] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\icpx0TggJcrh30S.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\icpx0tggjcrh30s.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc0003234f0 | out: lpFileInformation=0xc0003234f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x92ca53c0, ftCreationTime.dwHighDateTime=0x1d5dc08, ftLastAccessTime.dwLowDateTime=0x11d31470, ftLastAccessTime.dwHighDateTime=0x1d5d9bd, ftLastWriteTime.dwLowDateTime=0x11d31470, ftLastWriteTime.dwHighDateTime=0x1d5d9bd, nFileSizeHigh=0x0, nFileSizeLow=0xf362)) returned 1 [0155.465] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\jHuL_YLH6suGmW.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\jhul_ylh6sugmw.gif"), fInfoLevelId=0x0, lpFileInformation=0xc0003234f0 | out: lpFileInformation=0xc0003234f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa95555b0, ftCreationTime.dwHighDateTime=0x1d5df99, ftLastAccessTime.dwLowDateTime=0x25950df0, ftLastAccessTime.dwHighDateTime=0x1d5e6a7, ftLastWriteTime.dwLowDateTime=0x25950df0, ftLastWriteTime.dwHighDateTime=0x1d5e6a7, nFileSizeHigh=0x0, nFileSizeLow=0x65d8)) returned 1 [0155.466] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0155.467] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\nmnOXj.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\nmnoxj.bmp"), fInfoLevelId=0x0, lpFileInformation=0xc0003234f0 | out: lpFileInformation=0xc0003234f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd87045e0, ftCreationTime.dwHighDateTime=0x1d5db79, ftLastAccessTime.dwLowDateTime=0x22932320, ftLastAccessTime.dwHighDateTime=0x1d5d802, ftLastWriteTime.dwLowDateTime=0x22932320, ftLastWriteTime.dwHighDateTime=0x1d5d802, nFileSizeHigh=0x0, nFileSizeLow=0x100b5)) returned 1 [0155.467] VirtualAlloc (lpAddress=0xc00032a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032a000 [0155.469] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0155.470] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\plkB4TD2QZSfN1cFlc0.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\plkb4td2qzsfn1cflc0.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc0003234f0 | out: lpFileInformation=0xc0003234f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb403650, ftCreationTime.dwHighDateTime=0x1d5d951, ftLastAccessTime.dwLowDateTime=0xfc7172a0, ftLastAccessTime.dwHighDateTime=0x1d5e616, ftLastWriteTime.dwLowDateTime=0xfc7172a0, ftLastWriteTime.dwHighDateTime=0x1d5e616, nFileSizeHigh=0x0, nFileSizeLow=0x66ed)) returned 1 [0155.471] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\vOTqYx.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\votqyx.bmp"), fInfoLevelId=0x0, lpFileInformation=0xc0003234f0 | out: lpFileInformation=0xc0003234f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf778860, ftCreationTime.dwHighDateTime=0x1d5dd2a, ftLastAccessTime.dwLowDateTime=0x98e64ee0, ftLastAccessTime.dwHighDateTime=0x1d5e2a1, ftLastWriteTime.dwLowDateTime=0x98e64ee0, ftLastWriteTime.dwHighDateTime=0x1d5e2a1, nFileSizeHigh=0x0, nFileSizeLow=0x70e1)) returned 1 [0155.471] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\0OwJbeK2.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\0owjbek2.png"), fInfoLevelId=0x0, lpFileInformation=0xc0003235c8 | out: lpFileInformation=0xc0003235c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3e8c2f30, ftCreationTime.dwHighDateTime=0x1d5d7b3, ftLastAccessTime.dwLowDateTime=0xa9e5b70, ftLastAccessTime.dwHighDateTime=0x1d5dd9a, ftLastWriteTime.dwLowDateTime=0xa9e5b70, ftLastWriteTime.dwHighDateTime=0x1d5dd9a, nFileSizeHigh=0x0, nFileSizeLow=0x16905)) returned 1 [0155.472] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\MMjUHDiGq7OE.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\mmjuhdigq7oe.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc0003235c8 | out: lpFileInformation=0xc0003235c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1651ecb0, ftCreationTime.dwHighDateTime=0x1d5e72d, ftLastAccessTime.dwLowDateTime=0x5dc85c40, ftLastAccessTime.dwHighDateTime=0x1d5e431, ftLastWriteTime.dwLowDateTime=0x5dc85c40, ftLastWriteTime.dwHighDateTime=0x1d5e431, nFileSizeHigh=0x0, nFileSizeLow=0x13ec4)) returned 1 [0155.472] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0155.474] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\RTEhwpoz7DC1cQI8j.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\rtehwpoz7dc1cqi8j.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc0003235c8 | out: lpFileInformation=0xc0003235c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa6c58ec0, ftCreationTime.dwHighDateTime=0x1d5e55a, ftLastAccessTime.dwLowDateTime=0xe9cb48b0, ftLastAccessTime.dwHighDateTime=0x1d5dcb6, ftLastWriteTime.dwLowDateTime=0xe9cb48b0, ftLastWriteTime.dwHighDateTime=0x1d5dcb6, nFileSizeHigh=0x0, nFileSizeLow=0x6cad)) returned 1 [0155.474] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\cLHsCJaGwG6vjGL.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\clhscjagwg6vjgl.bmp"), fInfoLevelId=0x0, lpFileInformation=0xc0003235c8 | out: lpFileInformation=0xc0003235c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d364ba0, ftCreationTime.dwHighDateTime=0x1d5e6e7, ftLastAccessTime.dwLowDateTime=0x145851a0, ftLastAccessTime.dwHighDateTime=0x1d5dbdf, ftLastWriteTime.dwLowDateTime=0x145851a0, ftLastWriteTime.dwHighDateTime=0x1d5dbdf, nFileSizeHigh=0x0, nFileSizeLow=0x99fa)) returned 1 [0155.475] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\PF7RnC.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\pf7rnc.bmp"), fInfoLevelId=0x0, lpFileInformation=0xc0003236a0 | out: lpFileInformation=0xc0003236a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe758cb00, ftCreationTime.dwHighDateTime=0x1d5df88, ftLastAccessTime.dwLowDateTime=0x88cf5890, ftLastAccessTime.dwHighDateTime=0x1d5e287, ftLastWriteTime.dwLowDateTime=0x88cf5890, ftLastWriteTime.dwHighDateTime=0x1d5e287, nFileSizeHigh=0x0, nFileSizeLow=0xdce7)) returned 1 [0155.475] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\_A5x CK.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\_a5x ck.gif"), fInfoLevelId=0x0, lpFileInformation=0xc0003236a0 | out: lpFileInformation=0xc0003236a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x53b70aa0, ftCreationTime.dwHighDateTime=0x1d5de12, ftLastAccessTime.dwLowDateTime=0xbdeaeda0, ftLastAccessTime.dwHighDateTime=0x1d5e395, ftLastWriteTime.dwLowDateTime=0xbdeaeda0, ftLastWriteTime.dwHighDateTime=0x1d5e395, nFileSizeHigh=0x0, nFileSizeLow=0x12577)) returned 1 [0155.475] VirtualAlloc (lpAddress=0xc00034e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00034e000 [0155.477] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\kEv94GQePX7n.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\kev94gqepx7n.png"), fInfoLevelId=0x0, lpFileInformation=0xc0003236a0 | out: lpFileInformation=0xc0003236a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3efe4510, ftCreationTime.dwHighDateTime=0x1d5e7d1, ftLastAccessTime.dwLowDateTime=0xbd968480, ftLastAccessTime.dwHighDateTime=0x1d5d9af, ftLastWriteTime.dwLowDateTime=0xbd968480, ftLastWriteTime.dwHighDateTime=0x1d5d9af, nFileSizeHigh=0x0, nFileSizeLow=0xa700)) returned 1 [0155.478] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\RRrMZFNcPf9FA.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\rrrmzfncpf9fa.gif"), fInfoLevelId=0x0, lpFileInformation=0xc000323778 | out: lpFileInformation=0xc000323778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47b47db0, ftCreationTime.dwHighDateTime=0x1d5dc90, ftLastAccessTime.dwLowDateTime=0x66b36150, ftLastAccessTime.dwHighDateTime=0x1d5e766, ftLastWriteTime.dwLowDateTime=0x66b36150, ftLastWriteTime.dwHighDateTime=0x1d5e766, nFileSizeHigh=0x0, nFileSizeLow=0x7f1d)) returned 1 [0155.478] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\ZP3EtF2zN8ybT3QrgX8N.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zp3etf2zn8ybt3qrgx8n.png"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcea118d0, ftCreationTime.dwHighDateTime=0x1d5dd1a, ftLastAccessTime.dwLowDateTime=0x3e396480, ftLastAccessTime.dwHighDateTime=0x1d5e299, ftLastWriteTime.dwLowDateTime=0x3e396480, ftLastWriteTime.dwHighDateTime=0x1d5e299, nFileSizeHigh=0x0, nFileSizeLow=0x12c10)) returned 1 [0155.478] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\iOBn1bkbua7.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\iobn1bkbua7.png"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x991e51c0, ftCreationTime.dwHighDateTime=0x1d5dbf1, ftLastAccessTime.dwLowDateTime=0x7696aab0, ftLastAccessTime.dwHighDateTime=0x1d5e652, ftLastWriteTime.dwLowDateTime=0x7696aab0, ftLastWriteTime.dwHighDateTime=0x1d5e652, nFileSizeHigh=0x0, nFileSizeLow=0x5445)) returned 1 [0155.478] VirtualAlloc (lpAddress=0xc000356000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000356000 [0155.480] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\vfJbgc7tLtAOeJn.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vfjbgc7tltaoejn.png"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef9ef180, ftCreationTime.dwHighDateTime=0x1d5d81d, ftLastAccessTime.dwLowDateTime=0x56809410, ftLastAccessTime.dwHighDateTime=0x1d5e527, ftLastWriteTime.dwLowDateTime=0x56809410, ftLastWriteTime.dwHighDateTime=0x1d5e527, nFileSizeHigh=0x0, nFileSizeLow=0xd331)) returned 1 [0155.481] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6e8939f0, ftCreationTime.dwHighDateTime=0x1d5dc02, ftLastAccessTime.dwLowDateTime=0x52bf53d0, ftLastAccessTime.dwHighDateTime=0x1d5e5cb, ftLastWriteTime.dwLowDateTime=0x52bf53d0, ftLastWriteTime.dwHighDateTime=0x1d5e5cb, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.481] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\*", lpFindFileData=0xc000323608 | out: lpFindFileData=0xc000323608*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6e8939f0, ftCreationTime.dwHighDateTime=0x1d5dc02, ftLastAccessTime.dwLowDateTime=0x52bf53d0, ftLastAccessTime.dwHighDateTime=0x1d5e5cb, ftLastWriteTime.dwLowDateTime=0x52bf53d0, ftLastWriteTime.dwHighDateTime=0x1d5e5cb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.482] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323638 | out: lpFindFileData=0xc000323638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6e8939f0, ftCreationTime.dwHighDateTime=0x1d5dc02, ftLastAccessTime.dwLowDateTime=0x52bf53d0, ftLastAccessTime.dwHighDateTime=0x1d5e5cb, ftLastWriteTime.dwLowDateTime=0x52bf53d0, ftLastWriteTime.dwHighDateTime=0x1d5e5cb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.482] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323638 | out: lpFindFileData=0xc000323638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77dc0970, ftCreationTime.dwHighDateTime=0x1d5e6f6, ftLastAccessTime.dwLowDateTime=0xf387f470, ftLastAccessTime.dwHighDateTime=0x1d5daef, ftLastWriteTime.dwLowDateTime=0xf387f470, ftLastWriteTime.dwHighDateTime=0x1d5daef, nFileSizeHigh=0x0, nFileSizeLow=0x133d, dwReserved0=0x0, dwReserved1=0x0, cFileName="a2lzUytuvD.gif", cAlternateFileName="A2LZUY~1.GIF")) returned 1 [0155.482] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323638 | out: lpFindFileData=0xc000323638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb101c910, ftCreationTime.dwHighDateTime=0x1d5daf3, ftLastAccessTime.dwLowDateTime=0xf9bac700, ftLastAccessTime.dwHighDateTime=0x1d5d9f5, ftLastWriteTime.dwLowDateTime=0xf9bac700, ftLastWriteTime.dwHighDateTime=0x1d5d9f5, nFileSizeHigh=0x0, nFileSizeLow=0x6140, dwReserved0=0x0, dwReserved1=0x0, cFileName="ayjS6X.bmp", cAlternateFileName="")) returned 1 [0155.482] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323638 | out: lpFindFileData=0xc000323638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ae4bb20, ftCreationTime.dwHighDateTime=0x1d5e24c, ftLastAccessTime.dwLowDateTime=0x77bbcbf0, ftLastAccessTime.dwHighDateTime=0x1d5e17f, ftLastWriteTime.dwLowDateTime=0x77bbcbf0, ftLastWriteTime.dwHighDateTime=0x1d5e17f, nFileSizeHigh=0x0, nFileSizeLow=0x191f, dwReserved0=0x0, dwReserved1=0x0, cFileName="DaGVD.gif", cAlternateFileName="")) returned 1 [0155.482] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323638 | out: lpFindFileData=0xc000323638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6be0c0f0, ftCreationTime.dwHighDateTime=0x1d5de4c, ftLastAccessTime.dwLowDateTime=0x8e326520, ftLastAccessTime.dwHighDateTime=0x1d5df76, ftLastWriteTime.dwLowDateTime=0x8e326520, ftLastWriteTime.dwHighDateTime=0x1d5df76, nFileSizeHigh=0x0, nFileSizeLow=0x65a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="esOLLOsE8Cg.jpg", cAlternateFileName="ESOLLO~1.JPG")) returned 1 [0155.482] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323638 | out: lpFindFileData=0xc000323638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe8f7630, ftCreationTime.dwHighDateTime=0x1d5e64e, ftLastAccessTime.dwLowDateTime=0x7fffa170, ftLastAccessTime.dwHighDateTime=0x1d5e007, ftLastWriteTime.dwLowDateTime=0x7fffa170, ftLastWriteTime.dwHighDateTime=0x1d5e007, nFileSizeHigh=0x0, nFileSizeLow=0xaa65, dwReserved0=0x0, dwReserved1=0x0, cFileName="F_JGkxr6yc.png", cAlternateFileName="F_JGKX~1.PNG")) returned 1 [0155.482] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323638 | out: lpFindFileData=0xc000323638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.483] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.483] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\DaGVD.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\dagvd.gif"), fInfoLevelId=0x0, lpFileInformation=0xc000323778 | out: lpFileInformation=0xc000323778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ae4bb20, ftCreationTime.dwHighDateTime=0x1d5e24c, ftLastAccessTime.dwLowDateTime=0x77bbcbf0, ftLastAccessTime.dwHighDateTime=0x1d5e17f, ftLastWriteTime.dwLowDateTime=0x77bbcbf0, ftLastWriteTime.dwHighDateTime=0x1d5e17f, nFileSizeHigh=0x0, nFileSizeLow=0x191f)) returned 1 [0155.483] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\F_JGkxr6yc.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\f_jgkxr6yc.png"), fInfoLevelId=0x0, lpFileInformation=0xc000323778 | out: lpFileInformation=0xc000323778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe8f7630, ftCreationTime.dwHighDateTime=0x1d5e64e, ftLastAccessTime.dwLowDateTime=0x7fffa170, ftLastAccessTime.dwHighDateTime=0x1d5e007, ftLastWriteTime.dwLowDateTime=0x7fffa170, ftLastWriteTime.dwHighDateTime=0x1d5e007, nFileSizeHigh=0x0, nFileSizeLow=0xaa65)) returned 1 [0155.483] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\a2lzUytuvD.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\a2lzuytuvd.gif"), fInfoLevelId=0x0, lpFileInformation=0xc000323778 | out: lpFileInformation=0xc000323778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x77dc0970, ftCreationTime.dwHighDateTime=0x1d5e6f6, ftLastAccessTime.dwLowDateTime=0xf387f470, ftLastAccessTime.dwHighDateTime=0x1d5daef, ftLastWriteTime.dwLowDateTime=0xf387f470, ftLastWriteTime.dwHighDateTime=0x1d5daef, nFileSizeHigh=0x0, nFileSizeLow=0x133d)) returned 1 [0155.484] VirtualAlloc (lpAddress=0xc00035e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00035e000 [0155.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\ayjS6X.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\ayjs6x.bmp"), fInfoLevelId=0x0, lpFileInformation=0xc000323778 | out: lpFileInformation=0xc000323778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb101c910, ftCreationTime.dwHighDateTime=0x1d5daf3, ftLastAccessTime.dwLowDateTime=0xf9bac700, ftLastAccessTime.dwHighDateTime=0x1d5d9f5, ftLastWriteTime.dwLowDateTime=0xf9bac700, ftLastWriteTime.dwHighDateTime=0x1d5d9f5, nFileSizeHigh=0x0, nFileSizeLow=0x6140)) returned 1 [0155.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\esOLLOsE8Cg.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\esollose8cg.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000323778 | out: lpFileInformation=0xc000323778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6be0c0f0, ftCreationTime.dwHighDateTime=0x1d5de4c, ftLastAccessTime.dwLowDateTime=0x8e326520, ftLastAccessTime.dwHighDateTime=0x1d5df76, ftLastWriteTime.dwLowDateTime=0x8e326520, ftLastWriteTime.dwHighDateTime=0x1d5df76, nFileSizeHigh=0x0, nFileSizeLow=0x65a8)) returned 1 [0155.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Ub1qdukJq9owd2F8CO.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ub1qdukjq9owd2f8co.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xabfccc10, ftCreationTime.dwHighDateTime=0x1d5e167, ftLastAccessTime.dwLowDateTime=0xb2461710, ftLastAccessTime.dwHighDateTime=0x1d5dcef, ftLastWriteTime.dwLowDateTime=0xb2461710, ftLastWriteTime.dwHighDateTime=0x1d5dcef, nFileSizeHigh=0x0, nFileSizeLow=0x10471)) returned 1 [0155.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\WS3nVrMR4-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ws3nvrmr4-.bmp"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c104680, ftCreationTime.dwHighDateTime=0x1d5db94, ftLastAccessTime.dwLowDateTime=0x54a26d60, ftLastAccessTime.dwHighDateTime=0x1d5e236, ftLastWriteTime.dwLowDateTime=0x54a26d60, ftLastWriteTime.dwHighDateTime=0x1d5e236, nFileSizeHigh=0x0, nFileSizeLow=0xe512)) returned 1 [0155.487] VirtualAlloc (lpAddress=0xc000366000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000366000 [0155.489] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YfH6-Fb2pe.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yfh6-fb2pe.png"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x145084d0, ftCreationTime.dwHighDateTime=0x1d5ded1, ftLastAccessTime.dwLowDateTime=0xf1b43300, ftLastAccessTime.dwHighDateTime=0x1d5d7c7, ftLastWriteTime.dwLowDateTime=0xf1b43300, ftLastWriteTime.dwHighDateTime=0x1d5d7c7, nFileSizeHigh=0x0, nFileSizeLow=0xf23)) returned 1 [0155.489] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0155.490] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\zZGqA7r9Vz.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zzgqa7r9vz.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc94c1070, ftCreationTime.dwHighDateTime=0x1d5db11, ftLastAccessTime.dwLowDateTime=0x6ffa5670, ftLastAccessTime.dwHighDateTime=0x1d5e6d4, ftLastWriteTime.dwLowDateTime=0x6ffa5670, ftLastWriteTime.dwHighDateTime=0x1d5e6d4, nFileSizeHigh=0x0, nFileSizeLow=0xe9ec)) returned 1 [0155.490] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood"), fInfoLevelId=0x0, lpFileInformation=0xc000323a00 | out: lpFileInformation=0xc000323a00*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0155.490] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x5a0 [0155.491] GetFileInformationByHandle (in: hFile=0x5a0, lpFileInformation=0xc000323954 | out: lpFileInformation=0xc000323954) returned 1 [0155.491] GetFileInformationByHandleEx (in: hFile=0x5a0, FileInformationClass=0x9, lpFileInformation=0xc000323938, dwBufferSize=0x8 | out: lpFileInformation=0xc000323938) returned 1 [0155.491] CloseHandle (hObject=0x5a0) returned 1 [0155.491] VirtualAlloc (lpAddress=0xc000376000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000376000 [0155.493] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent"), fInfoLevelId=0x0, lpFileInformation=0xc000323a00 | out: lpFileInformation=0xc000323a00*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0155.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x5a0 [0155.494] GetFileInformationByHandle (in: hFile=0x5a0, lpFileInformation=0xc000323954 | out: lpFileInformation=0xc000323954) returned 1 [0155.494] GetFileInformationByHandleEx (in: hFile=0x5a0, FileInformationClass=0x9, lpFileInformation=0xc000323938, dwBufferSize=0x8 | out: lpFileInformation=0xc000323938) returned 1 [0155.494] CloseHandle (hObject=0x5a0) returned 1 [0155.494] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games"), fInfoLevelId=0x0, lpFileInformation=0xc000323a00 | out: lpFileInformation=0xc000323a00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0155.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.495] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0155.497] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\*", lpFindFileData=0xc0003237b8 | out: lpFindFileData=0xc0003237b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.497] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.497] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0155.497] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.498] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.498] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0155.498] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches"), fInfoLevelId=0x0, lpFileInformation=0xc000323a00 | out: lpFileInformation=0xc000323a00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.498] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\*", lpFindFileData=0xc0003237b8 | out: lpFindFileData=0xc0003237b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0155.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0155.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0155.499] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.499] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.499] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8)) returned 1 [0155.500] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8)) returned 1 [0155.501] VirtualAlloc (lpAddress=0xc0003a8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a8000 [0155.503] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x20c)) returned 1 [0155.503] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto"), fInfoLevelId=0x0, lpFileInformation=0xc000323a00 | out: lpFileInformation=0xc000323a00*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0155.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x5a0 [0155.504] GetFileInformationByHandle (in: hFile=0x5a0, lpFileInformation=0xc000323954 | out: lpFileInformation=0xc000323954) returned 1 [0155.504] GetFileInformationByHandleEx (in: hFile=0x5a0, FileInformationClass=0x9, lpFileInformation=0xc000323938, dwBufferSize=0x8 | out: lpFileInformation=0xc000323938) returned 1 [0155.504] CloseHandle (hObject=0x5a0) returned 1 [0155.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu"), fInfoLevelId=0x0, lpFileInformation=0xc000323a00 | out: lpFileInformation=0xc000323a00*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29129cc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29129cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29129cc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0155.505] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x7c4 [0155.544] GetFileInformationByHandle (in: hFile=0x7c4, lpFileInformation=0xc000323954 | out: lpFileInformation=0xc000323954) returned 1 [0155.544] GetFileInformationByHandleEx (in: hFile=0x7c4, FileInformationClass=0x9, lpFileInformation=0xc000323938, dwBufferSize=0x8 | out: lpFileInformation=0xc000323938) returned 1 [0155.544] CloseHandle (hObject=0x7c4) returned 1 [0155.544] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates"), fInfoLevelId=0x0, lpFileInformation=0xc000323a00 | out: lpFileInformation=0xc000323a00*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x2914fe20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0155.545] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x7c4 [0155.545] GetFileInformationByHandle (in: hFile=0x7c4, lpFileInformation=0xc000323954 | out: lpFileInformation=0xc000323954) returned 1 [0155.545] GetFileInformationByHandleEx (in: hFile=0x7c4, FileInformationClass=0x9, lpFileInformation=0xc000323938, dwBufferSize=0x8 | out: lpFileInformation=0xc000323938) returned 1 [0155.545] CloseHandle (hObject=0x7c4) returned 1 [0155.546] VirtualAlloc (lpAddress=0xc0004a8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004a8000 [0155.548] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos"), fInfoLevelId=0x0, lpFileInformation=0xc000323a00 | out: lpFileInformation=0xc000323a00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdbc18160, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbc18160, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.548] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\*", lpFindFileData=0xc0003237b8 | out: lpFindFileData=0xc0003237b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdbc18160, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbc18160, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.548] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0155.550] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdbc18160, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbc18160, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.550] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f7839e0, ftCreationTime.dwHighDateTime=0x1d5da93, ftLastAccessTime.dwLowDateTime=0x2566c890, ftLastAccessTime.dwHighDateTime=0x1d5e784, ftLastWriteTime.dwLowDateTime=0x2566c890, ftLastWriteTime.dwHighDateTime=0x1d5e784, nFileSizeHigh=0x0, nFileSizeLow=0x7691, dwReserved0=0x0, dwReserved1=0x0, cFileName="4dkRC_taB152.flv", cAlternateFileName="4DKRC_~1.FLV")) returned 1 [0155.550] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0155.551] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe494eac0, ftCreationTime.dwHighDateTime=0x1d5d9cf, ftLastAccessTime.dwLowDateTime=0x34a46f70, ftLastAccessTime.dwHighDateTime=0x1d5de96, ftLastWriteTime.dwLowDateTime=0x34a46f70, ftLastWriteTime.dwHighDateTime=0x1d5de96, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="r8d4hNszM", cAlternateFileName="R8D4HN~1")) returned 1 [0155.551] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd605100, ftCreationTime.dwHighDateTime=0x1d5e0e8, ftLastAccessTime.dwLowDateTime=0x69949310, ftLastAccessTime.dwHighDateTime=0x1d5e457, ftLastWriteTime.dwLowDateTime=0x69949310, ftLastWriteTime.dwHighDateTime=0x1d5e457, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rmSNLUbTcd5Ti", cAlternateFileName="RMSNLU~1")) returned 1 [0155.551] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa3f5d30, ftCreationTime.dwHighDateTime=0x1d5e080, ftLastAccessTime.dwLowDateTime=0x573abd30, ftLastAccessTime.dwHighDateTime=0x1d5e1c2, ftLastWriteTime.dwLowDateTime=0x573abd30, ftLastWriteTime.dwHighDateTime=0x1d5e1c2, nFileSizeHigh=0x0, nFileSizeLow=0xb66f, dwReserved0=0x0, dwReserved1=0x0, cFileName="V7JntJoDcO8ectz.mp4", cAlternateFileName="V7JNTJ~1.MP4")) returned 1 [0155.551] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10039a40, ftCreationTime.dwHighDateTime=0x1d5dc9f, ftLastAccessTime.dwLowDateTime=0xcdb9ae0, ftLastAccessTime.dwHighDateTime=0x1d5db21, ftLastWriteTime.dwLowDateTime=0xcdb9ae0, ftLastWriteTime.dwHighDateTime=0x1d5db21, nFileSizeHigh=0x0, nFileSizeLow=0x1293c, dwReserved0=0x0, dwReserved1=0x0, cFileName="XkaR bZzz.avi", cAlternateFileName="XKARBZ~1.AVI")) returned 1 [0155.551] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2cc0a860, ftCreationTime.dwHighDateTime=0x1d5db39, ftLastAccessTime.dwLowDateTime=0xd5f46f60, ftLastAccessTime.dwHighDateTime=0x1d5e60c, ftLastWriteTime.dwLowDateTime=0xd5f46f60, ftLastWriteTime.dwHighDateTime=0x1d5e60c, nFileSizeHigh=0x0, nFileSizeLow=0x15c03, dwReserved0=0x0, dwReserved1=0x0, cFileName="Y138cXvDjo.mkv", cAlternateFileName="Y138CX~1.MKV")) returned 1 [0155.551] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x770535d0, ftCreationTime.dwHighDateTime=0x1d5dfc1, ftLastAccessTime.dwLowDateTime=0x9bed0, ftLastAccessTime.dwHighDateTime=0x1d5ddb7, ftLastWriteTime.dwLowDateTime=0x9bed0, ftLastWriteTime.dwHighDateTime=0x1d5ddb7, nFileSizeHigh=0x0, nFileSizeLow=0x136ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="YejaMSz7lpMmlIxMVnQ.swf", cAlternateFileName="YEJAMS~1.SWF")) returned 1 [0155.551] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0003237e8 | out: lpFindFileData=0xc0003237e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.551] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.551] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\4dkRC_taB152.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\4dkrc_tab152.flv"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f7839e0, ftCreationTime.dwHighDateTime=0x1d5da93, ftLastAccessTime.dwLowDateTime=0x2566c890, ftLastAccessTime.dwHighDateTime=0x1d5e784, ftLastWriteTime.dwLowDateTime=0x2566c890, ftLastWriteTime.dwHighDateTime=0x1d5e784, nFileSizeHigh=0x0, nFileSizeLow=0x7691)) returned 1 [0155.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\V7JntJoDcO8ectz.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\v7jntjodco8ectz.mp4"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa3f5d30, ftCreationTime.dwHighDateTime=0x1d5e080, ftLastAccessTime.dwLowDateTime=0x573abd30, ftLastAccessTime.dwHighDateTime=0x1d5e1c2, ftLastWriteTime.dwLowDateTime=0x573abd30, ftLastWriteTime.dwHighDateTime=0x1d5e1c2, nFileSizeHigh=0x0, nFileSizeLow=0xb66f)) returned 1 [0155.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XkaR bZzz.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xkar bzzz.avi"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10039a40, ftCreationTime.dwHighDateTime=0x1d5dc9f, ftLastAccessTime.dwLowDateTime=0xcdb9ae0, ftLastAccessTime.dwHighDateTime=0x1d5db21, ftLastWriteTime.dwLowDateTime=0xcdb9ae0, ftLastWriteTime.dwHighDateTime=0x1d5db21, nFileSizeHigh=0x0, nFileSizeLow=0x1293c)) returned 1 [0155.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Y138cXvDjo.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\y138cxvdjo.mkv"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2cc0a860, ftCreationTime.dwHighDateTime=0x1d5db39, ftLastAccessTime.dwLowDateTime=0xd5f46f60, ftLastAccessTime.dwHighDateTime=0x1d5e60c, ftLastWriteTime.dwLowDateTime=0xd5f46f60, ftLastWriteTime.dwHighDateTime=0x1d5e60c, nFileSizeHigh=0x0, nFileSizeLow=0x15c03)) returned 1 [0155.553] VirtualAlloc (lpAddress=0xc0004b0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004b0000 [0155.555] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YejaMSz7lpMmlIxMVnQ.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\yejamsz7lpmmlixmvnq.swf"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x770535d0, ftCreationTime.dwHighDateTime=0x1d5dfc1, ftLastAccessTime.dwLowDateTime=0x9bed0, ftLastAccessTime.dwHighDateTime=0x1d5ddb7, ftLastWriteTime.dwLowDateTime=0x9bed0, ftLastWriteTime.dwHighDateTime=0x1d5ddb7, nFileSizeHigh=0x0, nFileSizeLow=0x136ae)) returned 1 [0155.556] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0155.556] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe494eac0, ftCreationTime.dwHighDateTime=0x1d5d9cf, ftLastAccessTime.dwLowDateTime=0x34a46f70, ftLastAccessTime.dwHighDateTime=0x1d5de96, ftLastWriteTime.dwLowDateTime=0x34a46f70, ftLastWriteTime.dwHighDateTime=0x1d5de96, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.557] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\*", lpFindFileData=0xc0003236e0 | out: lpFindFileData=0xc0003236e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe494eac0, ftCreationTime.dwHighDateTime=0x1d5d9cf, ftLastAccessTime.dwLowDateTime=0x34a46f70, ftLastAccessTime.dwHighDateTime=0x1d5de96, ftLastWriteTime.dwLowDateTime=0x34a46f70, ftLastWriteTime.dwHighDateTime=0x1d5de96, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.557] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe494eac0, ftCreationTime.dwHighDateTime=0x1d5d9cf, ftLastAccessTime.dwLowDateTime=0x34a46f70, ftLastAccessTime.dwHighDateTime=0x1d5de96, ftLastWriteTime.dwLowDateTime=0x34a46f70, ftLastWriteTime.dwHighDateTime=0x1d5de96, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.557] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc30e8690, ftCreationTime.dwHighDateTime=0x1d5e56e, ftLastAccessTime.dwLowDateTime=0x84b09c40, ftLastAccessTime.dwHighDateTime=0x1d5e6df, ftLastWriteTime.dwLowDateTime=0x84b09c40, ftLastWriteTime.dwHighDateTime=0x1d5e6df, nFileSizeHigh=0x0, nFileSizeLow=0xeb49, dwReserved0=0x0, dwReserved1=0x0, cFileName="6aYA.mp4", cAlternateFileName="")) returned 1 [0155.557] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74c1df10, ftCreationTime.dwHighDateTime=0x1d5dfcd, ftLastAccessTime.dwLowDateTime=0xa6c55b70, ftLastAccessTime.dwHighDateTime=0x1d5da48, ftLastWriteTime.dwLowDateTime=0xa6c55b70, ftLastWriteTime.dwHighDateTime=0x1d5da48, nFileSizeHigh=0x0, nFileSizeLow=0x12c23, dwReserved0=0x0, dwReserved1=0x0, cFileName="7KD C2CNEpJN.mp4", cAlternateFileName="7KDC2C~1.MP4")) returned 1 [0155.557] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25edd060, ftCreationTime.dwHighDateTime=0x1d5d7c1, ftLastAccessTime.dwLowDateTime=0xa85eeed0, ftLastAccessTime.dwHighDateTime=0x1d5e36a, ftLastWriteTime.dwLowDateTime=0xa85eeed0, ftLastWriteTime.dwHighDateTime=0x1d5e36a, nFileSizeHigh=0x0, nFileSizeLow=0x146b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="7oLC2.avi", cAlternateFileName="")) returned 1 [0155.558] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b63cff0, ftCreationTime.dwHighDateTime=0x1d5dfd2, ftLastAccessTime.dwLowDateTime=0xef63aca0, ftLastAccessTime.dwHighDateTime=0x1d5d922, ftLastWriteTime.dwLowDateTime=0xef63aca0, ftLastWriteTime.dwHighDateTime=0x1d5d922, nFileSizeHigh=0x0, nFileSizeLow=0x6583, dwReserved0=0x0, dwReserved1=0x0, cFileName="7QI6ij4UJl4T.mp4", cAlternateFileName="7QI6IJ~1.MP4")) returned 1 [0155.558] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2981fc50, ftCreationTime.dwHighDateTime=0x1d5dda3, ftLastAccessTime.dwLowDateTime=0xa66d3970, ftLastAccessTime.dwHighDateTime=0x1d5e1d4, ftLastWriteTime.dwLowDateTime=0xa66d3970, ftLastWriteTime.dwHighDateTime=0x1d5e1d4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_aS6CtfrDr8", cAlternateFileName="_AS6CT~1")) returned 1 [0155.558] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.558] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.558] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\6aYA.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\6aya.mp4"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc30e8690, ftCreationTime.dwHighDateTime=0x1d5e56e, ftLastAccessTime.dwLowDateTime=0x84b09c40, ftLastAccessTime.dwHighDateTime=0x1d5e6df, ftLastWriteTime.dwLowDateTime=0x84b09c40, ftLastWriteTime.dwHighDateTime=0x1d5e6df, nFileSizeHigh=0x0, nFileSizeLow=0xeb49)) returned 1 [0155.559] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\7KD C2CNEpJN.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\7kd c2cnepjn.mp4"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74c1df10, ftCreationTime.dwHighDateTime=0x1d5dfcd, ftLastAccessTime.dwLowDateTime=0xa6c55b70, ftLastAccessTime.dwHighDateTime=0x1d5da48, ftLastWriteTime.dwLowDateTime=0xa6c55b70, ftLastWriteTime.dwHighDateTime=0x1d5da48, nFileSizeHigh=0x0, nFileSizeLow=0x12c23)) returned 1 [0155.559] VirtualAlloc (lpAddress=0xc0004b8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004b8000 [0155.562] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\7QI6ij4UJl4T.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\7qi6ij4ujl4t.mp4"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b63cff0, ftCreationTime.dwHighDateTime=0x1d5dfd2, ftLastAccessTime.dwLowDateTime=0xef63aca0, ftLastAccessTime.dwHighDateTime=0x1d5d922, ftLastWriteTime.dwLowDateTime=0xef63aca0, ftLastWriteTime.dwHighDateTime=0x1d5d922, nFileSizeHigh=0x0, nFileSizeLow=0x6583)) returned 1 [0155.563] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\7oLC2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\7olc2.avi"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25edd060, ftCreationTime.dwHighDateTime=0x1d5d7c1, ftLastAccessTime.dwLowDateTime=0xa85eeed0, ftLastAccessTime.dwHighDateTime=0x1d5e36a, ftLastWriteTime.dwLowDateTime=0xa85eeed0, ftLastWriteTime.dwHighDateTime=0x1d5e36a, nFileSizeHigh=0x0, nFileSizeLow=0x146b8)) returned 1 [0155.563] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2981fc50, ftCreationTime.dwHighDateTime=0x1d5dda3, ftLastAccessTime.dwLowDateTime=0xa66d3970, ftLastAccessTime.dwHighDateTime=0x1d5e1d4, ftLastWriteTime.dwLowDateTime=0xa66d3970, ftLastWriteTime.dwHighDateTime=0x1d5e1d4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.564] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.564] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\*", lpFindFileData=0xc000323608 | out: lpFindFileData=0xc000323608*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2981fc50, ftCreationTime.dwHighDateTime=0x1d5dda3, ftLastAccessTime.dwLowDateTime=0xa66d3970, ftLastAccessTime.dwHighDateTime=0x1d5e1d4, ftLastWriteTime.dwLowDateTime=0xa66d3970, ftLastWriteTime.dwHighDateTime=0x1d5e1d4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.564] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323638 | out: lpFindFileData=0xc000323638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2981fc50, ftCreationTime.dwHighDateTime=0x1d5dda3, ftLastAccessTime.dwLowDateTime=0xa66d3970, ftLastAccessTime.dwHighDateTime=0x1d5e1d4, ftLastWriteTime.dwLowDateTime=0xa66d3970, ftLastWriteTime.dwHighDateTime=0x1d5e1d4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.564] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323638 | out: lpFindFileData=0xc000323638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2885ca90, ftCreationTime.dwHighDateTime=0x1d5e50d, ftLastAccessTime.dwLowDateTime=0x6e24ae40, ftLastAccessTime.dwHighDateTime=0x1d5dd1f, ftLastWriteTime.dwLowDateTime=0x6e24ae40, ftLastWriteTime.dwHighDateTime=0x1d5dd1f, nFileSizeHigh=0x0, nFileSizeLow=0x5460, dwReserved0=0x0, dwReserved1=0x0, cFileName="CfVP2kcsDlqOrsb wuX.mp4", cAlternateFileName="CFVP2K~1.MP4")) returned 1 [0155.565] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323638 | out: lpFindFileData=0xc000323638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2868a70, ftCreationTime.dwHighDateTime=0x1d5e461, ftLastAccessTime.dwLowDateTime=0xc5c10af0, ftLastAccessTime.dwHighDateTime=0x1d5e2d2, ftLastWriteTime.dwLowDateTime=0xc5c10af0, ftLastWriteTime.dwHighDateTime=0x1d5e2d2, nFileSizeHigh=0x0, nFileSizeLow=0x1fb9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jqh94fvtU.mp4", cAlternateFileName="JQH94F~1.MP4")) returned 1 [0155.565] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0155.567] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323638 | out: lpFindFileData=0xc000323638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d6f9070, ftCreationTime.dwHighDateTime=0x1d5ddd3, ftLastAccessTime.dwLowDateTime=0xf26117e0, ftLastAccessTime.dwHighDateTime=0x1d5d953, ftLastWriteTime.dwLowDateTime=0xf26117e0, ftLastWriteTime.dwHighDateTime=0x1d5d953, nFileSizeHigh=0x0, nFileSizeLow=0x80b, dwReserved0=0x0, dwReserved1=0x0, cFileName="QlKeywISbwT_7p T.mkv", cAlternateFileName="QLKEYW~1.MKV")) returned 1 [0155.567] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323638 | out: lpFindFileData=0xc000323638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82e04fd0, ftCreationTime.dwHighDateTime=0x1d5dd6d, ftLastAccessTime.dwLowDateTime=0x37f8c2d0, ftLastAccessTime.dwHighDateTime=0x1d5dbde, ftLastWriteTime.dwLowDateTime=0x37f8c2d0, ftLastWriteTime.dwHighDateTime=0x1d5dbde, nFileSizeHigh=0x0, nFileSizeLow=0xb45f, dwReserved0=0x0, dwReserved1=0x0, cFileName="rQmymTZOi.mp4", cAlternateFileName="RQMYMT~1.MP4")) returned 1 [0155.567] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323638 | out: lpFindFileData=0xc000323638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x364a360, ftCreationTime.dwHighDateTime=0x1d5e5eb, ftLastAccessTime.dwLowDateTime=0x22215ab0, ftLastAccessTime.dwHighDateTime=0x1d5e167, ftLastWriteTime.dwLowDateTime=0x22215ab0, ftLastWriteTime.dwHighDateTime=0x1d5e167, nFileSizeHigh=0x0, nFileSizeLow=0xc891, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tl6eJPwksSzh4C.mp4", cAlternateFileName="TL6EJP~1.MP4")) returned 1 [0155.567] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323638 | out: lpFindFileData=0xc000323638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73bc0a80, ftCreationTime.dwHighDateTime=0x1d5d9bc, ftLastAccessTime.dwLowDateTime=0x13b8fdb0, ftLastAccessTime.dwHighDateTime=0x1d5dfab, ftLastWriteTime.dwLowDateTime=0x13b8fdb0, ftLastWriteTime.dwHighDateTime=0x1d5dfab, nFileSizeHigh=0x0, nFileSizeLow=0x44c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="xk_R3F.swf", cAlternateFileName="")) returned 1 [0155.567] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323638 | out: lpFindFileData=0xc000323638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6440230, ftCreationTime.dwHighDateTime=0x1d5e44e, ftLastAccessTime.dwLowDateTime=0x279c7bc0, ftLastAccessTime.dwHighDateTime=0x1d5d977, ftLastWriteTime.dwLowDateTime=0x279c7bc0, ftLastWriteTime.dwHighDateTime=0x1d5d977, nFileSizeHigh=0x0, nFileSizeLow=0xb160, dwReserved0=0x0, dwReserved1=0x0, cFileName="_tkp Vlu9vP97SBcBC.flv", cAlternateFileName="_TKPVL~1.FLV")) returned 1 [0155.771] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323638 | out: lpFindFileData=0xc000323638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.772] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.772] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\CfVP2kcsDlqOrsb wuX.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\cfvp2kcsdlqorsb wux.mp4"), fInfoLevelId=0x0, lpFileInformation=0xc000323778 | out: lpFileInformation=0xc000323778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2885ca90, ftCreationTime.dwHighDateTime=0x1d5e50d, ftLastAccessTime.dwLowDateTime=0x6e24ae40, ftLastAccessTime.dwHighDateTime=0x1d5dd1f, ftLastWriteTime.dwLowDateTime=0x6e24ae40, ftLastWriteTime.dwHighDateTime=0x1d5dd1f, nFileSizeHigh=0x0, nFileSizeLow=0x5460)) returned 1 [0155.772] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\Jqh94fvtU.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\jqh94fvtu.mp4"), fInfoLevelId=0x0, lpFileInformation=0xc000323778 | out: lpFileInformation=0xc000323778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2868a70, ftCreationTime.dwHighDateTime=0x1d5e461, ftLastAccessTime.dwLowDateTime=0xc5c10af0, ftLastAccessTime.dwHighDateTime=0x1d5e2d2, ftLastWriteTime.dwLowDateTime=0xc5c10af0, ftLastWriteTime.dwHighDateTime=0x1d5e2d2, nFileSizeHigh=0x0, nFileSizeLow=0x1fb9)) returned 1 [0155.772] VirtualAlloc (lpAddress=0xc0004e0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004e0000 [0155.774] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\QlKeywISbwT_7p T.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\qlkeywisbwt_7p t.mkv"), fInfoLevelId=0x0, lpFileInformation=0xc000323778 | out: lpFileInformation=0xc000323778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d6f9070, ftCreationTime.dwHighDateTime=0x1d5ddd3, ftLastAccessTime.dwLowDateTime=0xf26117e0, ftLastAccessTime.dwHighDateTime=0x1d5d953, ftLastWriteTime.dwLowDateTime=0xf26117e0, ftLastWriteTime.dwHighDateTime=0x1d5d953, nFileSizeHigh=0x0, nFileSizeLow=0x80b)) returned 1 [0155.775] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\Tl6eJPwksSzh4C.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\tl6ejpwksszh4c.mp4"), fInfoLevelId=0x0, lpFileInformation=0xc000323778 | out: lpFileInformation=0xc000323778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x364a360, ftCreationTime.dwHighDateTime=0x1d5e5eb, ftLastAccessTime.dwLowDateTime=0x22215ab0, ftLastAccessTime.dwHighDateTime=0x1d5e167, ftLastWriteTime.dwLowDateTime=0x22215ab0, ftLastWriteTime.dwHighDateTime=0x1d5e167, nFileSizeHigh=0x0, nFileSizeLow=0xc891)) returned 1 [0155.775] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\_tkp Vlu9vP97SBcBC.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\_tkp vlu9vp97sbcbc.flv"), fInfoLevelId=0x0, lpFileInformation=0xc000323778 | out: lpFileInformation=0xc000323778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb6440230, ftCreationTime.dwHighDateTime=0x1d5e44e, ftLastAccessTime.dwLowDateTime=0x279c7bc0, ftLastAccessTime.dwHighDateTime=0x1d5d977, ftLastWriteTime.dwLowDateTime=0x279c7bc0, ftLastWriteTime.dwHighDateTime=0x1d5d977, nFileSizeHigh=0x0, nFileSizeLow=0xb160)) returned 1 [0155.776] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\rQmymTZOi.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\rqmymtzoi.mp4"), fInfoLevelId=0x0, lpFileInformation=0xc000323778 | out: lpFileInformation=0xc000323778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82e04fd0, ftCreationTime.dwHighDateTime=0x1d5dd6d, ftLastAccessTime.dwLowDateTime=0x37f8c2d0, ftLastAccessTime.dwHighDateTime=0x1d5dbde, ftLastWriteTime.dwLowDateTime=0x37f8c2d0, ftLastWriteTime.dwHighDateTime=0x1d5dbde, nFileSizeHigh=0x0, nFileSizeLow=0xb45f)) returned 1 [0155.776] VirtualAlloc (lpAddress=0xc0004e8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004e8000 [0155.778] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\xk_R3F.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\xk_r3f.swf"), fInfoLevelId=0x0, lpFileInformation=0xc000323778 | out: lpFileInformation=0xc000323778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73bc0a80, ftCreationTime.dwHighDateTime=0x1d5d9bc, ftLastAccessTime.dwLowDateTime=0x13b8fdb0, ftLastAccessTime.dwHighDateTime=0x1d5dfab, ftLastWriteTime.dwLowDateTime=0x13b8fdb0, ftLastWriteTime.dwHighDateTime=0x1d5dfab, nFileSizeHigh=0x0, nFileSizeLow=0x44c2)) returned 1 [0155.779] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti"), fInfoLevelId=0x0, lpFileInformation=0xc000323928 | out: lpFileInformation=0xc000323928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd605100, ftCreationTime.dwHighDateTime=0x1d5e0e8, ftLastAccessTime.dwLowDateTime=0x69949310, ftLastAccessTime.dwHighDateTime=0x1d5e457, ftLastWriteTime.dwLowDateTime=0x69949310, ftLastWriteTime.dwHighDateTime=0x1d5e457, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0155.779] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0155.779] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\*", lpFindFileData=0xc0003236e0 | out: lpFindFileData=0xc0003236e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd605100, ftCreationTime.dwHighDateTime=0x1d5e0e8, ftLastAccessTime.dwLowDateTime=0x69949310, ftLastAccessTime.dwHighDateTime=0x1d5e457, ftLastWriteTime.dwLowDateTime=0x69949310, ftLastWriteTime.dwHighDateTime=0x1d5e457, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0155.779] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd605100, ftCreationTime.dwHighDateTime=0x1d5e0e8, ftLastAccessTime.dwLowDateTime=0x69949310, ftLastAccessTime.dwHighDateTime=0x1d5e457, ftLastWriteTime.dwLowDateTime=0x69949310, ftLastWriteTime.dwHighDateTime=0x1d5e457, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0155.779] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1290950, ftCreationTime.dwHighDateTime=0x1d5e7ae, ftLastAccessTime.dwLowDateTime=0x4f19db70, ftLastAccessTime.dwHighDateTime=0x1d5e2aa, ftLastWriteTime.dwLowDateTime=0x4f19db70, ftLastWriteTime.dwHighDateTime=0x1d5e2aa, nFileSizeHigh=0x0, nFileSizeLow=0x6fd2, dwReserved0=0x0, dwReserved1=0x0, cFileName="4bT5vX6999HZ.mkv", cAlternateFileName="4BT5VX~1.MKV")) returned 1 [0155.780] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c071660, ftCreationTime.dwHighDateTime=0x1d5e147, ftLastAccessTime.dwLowDateTime=0xf591ca70, ftLastAccessTime.dwHighDateTime=0x1d5e6b1, ftLastWriteTime.dwLowDateTime=0xf591ca70, ftLastWriteTime.dwHighDateTime=0x1d5e6b1, nFileSizeHigh=0x0, nFileSizeLow=0x12208, dwReserved0=0x0, dwReserved1=0x0, cFileName="6m-whhzR4vM.mkv", cAlternateFileName="6M-WHH~1.MKV")) returned 1 [0155.780] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x674eac40, ftCreationTime.dwHighDateTime=0x1d5d7d6, ftLastAccessTime.dwLowDateTime=0xd9c05550, ftLastAccessTime.dwHighDateTime=0x1d5d833, ftLastWriteTime.dwLowDateTime=0xd9c05550, ftLastWriteTime.dwHighDateTime=0x1d5d833, nFileSizeHigh=0x0, nFileSizeLow=0x6e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="7apLvZczBPp2aSR6j.flv", cAlternateFileName="7APLVZ~1.FLV")) returned 1 [0155.780] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0155.781] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbbc226f0, ftCreationTime.dwHighDateTime=0x1d5dc52, ftLastAccessTime.dwLowDateTime=0x442210f0, ftLastAccessTime.dwHighDateTime=0x1d5e5cc, ftLastWriteTime.dwLowDateTime=0x442210f0, ftLastWriteTime.dwHighDateTime=0x1d5e5cc, nFileSizeHigh=0x0, nFileSizeLow=0x183bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="97O9Qr2oKzuINtlG3tb.swf", cAlternateFileName="97O9QR~1.SWF")) returned 1 [0155.781] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbaee91e0, ftCreationTime.dwHighDateTime=0x1d5e045, ftLastAccessTime.dwLowDateTime=0xaf8163b0, ftLastAccessTime.dwHighDateTime=0x1d5df5e, ftLastWriteTime.dwLowDateTime=0xaf8163b0, ftLastWriteTime.dwHighDateTime=0x1d5df5e, nFileSizeHigh=0x0, nFileSizeLow=0x3224, dwReserved0=0x0, dwReserved1=0x0, cFileName="99C5XwNIs.avi", cAlternateFileName="99C5XW~1.AVI")) returned 1 [0155.781] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x811b06a0, ftCreationTime.dwHighDateTime=0x1d5e564, ftLastAccessTime.dwLowDateTime=0x9e721670, ftLastAccessTime.dwHighDateTime=0x1d5e812, ftLastWriteTime.dwLowDateTime=0x9e721670, ftLastWriteTime.dwHighDateTime=0x1d5e812, nFileSizeHigh=0x0, nFileSizeLow=0x18e2d, dwReserved0=0x0, dwReserved1=0x0, cFileName="FfgTdr1eaVS eQs.mkv", cAlternateFileName="FFGTDR~1.MKV")) returned 1 [0155.782] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a678a20, ftCreationTime.dwHighDateTime=0x1d5d7ec, ftLastAccessTime.dwLowDateTime=0xc4bff0f0, ftLastAccessTime.dwHighDateTime=0x1d5dc77, ftLastWriteTime.dwLowDateTime=0xc4bff0f0, ftLastWriteTime.dwHighDateTime=0x1d5dc77, nFileSizeHigh=0x0, nFileSizeLow=0xe688, dwReserved0=0x0, dwReserved1=0x0, cFileName="g518f4w-.flv", cAlternateFileName="")) returned 1 [0155.782] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79538b80, ftCreationTime.dwHighDateTime=0x1d5dcb4, ftLastAccessTime.dwLowDateTime=0x3b198580, ftLastAccessTime.dwHighDateTime=0x1d5e73c, ftLastWriteTime.dwLowDateTime=0x3b198580, ftLastWriteTime.dwHighDateTime=0x1d5e73c, nFileSizeHigh=0x0, nFileSizeLow=0xc051, dwReserved0=0x0, dwReserved1=0x0, cFileName="hLvshZCB9ciVQ3Z8HyO.flv", cAlternateFileName="HLVSHZ~1.FLV")) returned 1 [0155.782] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45879e70, ftCreationTime.dwHighDateTime=0x1d5d865, ftLastAccessTime.dwLowDateTime=0xa58b0bc0, ftLastAccessTime.dwHighDateTime=0x1d5e0a0, ftLastWriteTime.dwLowDateTime=0xa58b0bc0, ftLastWriteTime.dwHighDateTime=0x1d5e0a0, nFileSizeHigh=0x0, nFileSizeLow=0x5932, dwReserved0=0x0, dwReserved1=0x0, cFileName="m6SCx-BQNd.flv", cAlternateFileName="M6SCX-~1.FLV")) returned 1 [0155.782] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe141840, ftCreationTime.dwHighDateTime=0x1d5e2df, ftLastAccessTime.dwLowDateTime=0x8307bb70, ftLastAccessTime.dwHighDateTime=0x1d5dba0, ftLastWriteTime.dwLowDateTime=0x8307bb70, ftLastWriteTime.dwHighDateTime=0x1d5dba0, nFileSizeHigh=0x0, nFileSizeLow=0x5671, dwReserved0=0x0, dwReserved1=0x0, cFileName="oNHryRMM0bAcl8 0.flv", cAlternateFileName="ONHRYR~1.FLV")) returned 1 [0155.782] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ba049c0, ftCreationTime.dwHighDateTime=0x1d5def4, ftLastAccessTime.dwLowDateTime=0x7919180, ftLastAccessTime.dwHighDateTime=0x1d5e66a, ftLastWriteTime.dwLowDateTime=0x7919180, ftLastWriteTime.dwHighDateTime=0x1d5e66a, nFileSizeHigh=0x0, nFileSizeLow=0x19ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="rBgMNoO4indbBosabk.swf", cAlternateFileName="RBGMNO~1.SWF")) returned 1 [0155.782] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9ad4fb0, ftCreationTime.dwHighDateTime=0x1d5d9ec, ftLastAccessTime.dwLowDateTime=0x82f63070, ftLastAccessTime.dwHighDateTime=0x1d5d949, ftLastWriteTime.dwLowDateTime=0x82f63070, ftLastWriteTime.dwHighDateTime=0x1d5d949, nFileSizeHigh=0x0, nFileSizeLow=0xef1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="RqAQO.mkv", cAlternateFileName="")) returned 1 [0155.782] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa71e2b50, ftCreationTime.dwHighDateTime=0x1d5dde1, ftLastAccessTime.dwLowDateTime=0x2d096ce0, ftLastAccessTime.dwHighDateTime=0x1d5e68c, ftLastWriteTime.dwLowDateTime=0x2d096ce0, ftLastWriteTime.dwHighDateTime=0x1d5e68c, nFileSizeHigh=0x0, nFileSizeLow=0x100bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="tCq9.mp4", cAlternateFileName="")) returned 1 [0155.782] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x821c4f30, ftCreationTime.dwHighDateTime=0x1d5d91d, ftLastAccessTime.dwLowDateTime=0x7c1cff50, ftLastAccessTime.dwHighDateTime=0x1d5e505, ftLastWriteTime.dwLowDateTime=0x7c1cff50, ftLastWriteTime.dwHighDateTime=0x1d5e505, nFileSizeHigh=0x0, nFileSizeLow=0x13ae6, dwReserved0=0x0, dwReserved1=0x0, cFileName="w-DmknS18kHsIOAq9rA.swf", cAlternateFileName="W-DMKN~1.SWF")) returned 1 [0155.782] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x545302d0, ftCreationTime.dwHighDateTime=0x1d5e631, ftLastAccessTime.dwLowDateTime=0xc9cda6b0, ftLastAccessTime.dwHighDateTime=0x1d5dd39, ftLastWriteTime.dwLowDateTime=0xc9cda6b0, ftLastWriteTime.dwHighDateTime=0x1d5dd39, nFileSizeHigh=0x0, nFileSizeLow=0xcc1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="YO_gGIZglHHyF 7e.mkv", cAlternateFileName="YO_GGI~1.MKV")) returned 1 [0155.782] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0977340, ftCreationTime.dwHighDateTime=0x1d5de68, ftLastAccessTime.dwLowDateTime=0x3eec7de0, ftLastAccessTime.dwHighDateTime=0x1d5d943, ftLastWriteTime.dwLowDateTime=0x3eec7de0, ftLastWriteTime.dwHighDateTime=0x1d5d943, nFileSizeHigh=0x0, nFileSizeLow=0x24d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Z1ORm.flv", cAlternateFileName="")) returned 1 [0155.782] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000323710 | out: lpFindFileData=0xc000323710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0155.782] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0155.782] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\4bT5vX6999HZ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\4bt5vx6999hz.mkv"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1290950, ftCreationTime.dwHighDateTime=0x1d5e7ae, ftLastAccessTime.dwLowDateTime=0x4f19db70, ftLastAccessTime.dwHighDateTime=0x1d5e2aa, ftLastWriteTime.dwLowDateTime=0x4f19db70, ftLastWriteTime.dwHighDateTime=0x1d5e2aa, nFileSizeHigh=0x0, nFileSizeLow=0x6fd2)) returned 1 [0155.783] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\6m-whhzR4vM.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\6m-whhzr4vm.mkv"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c071660, ftCreationTime.dwHighDateTime=0x1d5e147, ftLastAccessTime.dwLowDateTime=0xf591ca70, ftLastAccessTime.dwHighDateTime=0x1d5e6b1, ftLastWriteTime.dwLowDateTime=0xf591ca70, ftLastWriteTime.dwHighDateTime=0x1d5e6b1, nFileSizeHigh=0x0, nFileSizeLow=0x12208)) returned 1 [0155.783] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\7apLvZczBPp2aSR6j.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\7aplvzczbpp2asr6j.flv"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x674eac40, ftCreationTime.dwHighDateTime=0x1d5d7d6, ftLastAccessTime.dwLowDateTime=0xd9c05550, ftLastAccessTime.dwHighDateTime=0x1d5d833, ftLastWriteTime.dwLowDateTime=0xd9c05550, ftLastWriteTime.dwHighDateTime=0x1d5d833, nFileSizeHigh=0x0, nFileSizeLow=0x6e8)) returned 1 [0155.783] VirtualAlloc (lpAddress=0xc0004f0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004f0000 [0155.786] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\97O9Qr2oKzuINtlG3tb.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\97o9qr2okzuintlg3tb.swf"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbbc226f0, ftCreationTime.dwHighDateTime=0x1d5dc52, ftLastAccessTime.dwLowDateTime=0x442210f0, ftLastAccessTime.dwHighDateTime=0x1d5e5cc, ftLastWriteTime.dwLowDateTime=0x442210f0, ftLastWriteTime.dwHighDateTime=0x1d5e5cc, nFileSizeHigh=0x0, nFileSizeLow=0x183bf)) returned 1 [0155.786] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\99C5XwNIs.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\99c5xwnis.avi"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbaee91e0, ftCreationTime.dwHighDateTime=0x1d5e045, ftLastAccessTime.dwLowDateTime=0xaf8163b0, ftLastAccessTime.dwHighDateTime=0x1d5df5e, ftLastWriteTime.dwLowDateTime=0xaf8163b0, ftLastWriteTime.dwHighDateTime=0x1d5df5e, nFileSizeHigh=0x0, nFileSizeLow=0x3224)) returned 1 [0155.787] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\FfgTdr1eaVS eQs.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\ffgtdr1eavs eqs.mkv"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x811b06a0, ftCreationTime.dwHighDateTime=0x1d5e564, ftLastAccessTime.dwLowDateTime=0x9e721670, ftLastAccessTime.dwHighDateTime=0x1d5e812, ftLastWriteTime.dwLowDateTime=0x9e721670, ftLastWriteTime.dwHighDateTime=0x1d5e812, nFileSizeHigh=0x0, nFileSizeLow=0x18e2d)) returned 1 [0155.787] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\RqAQO.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\rqaqo.mkv"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb9ad4fb0, ftCreationTime.dwHighDateTime=0x1d5d9ec, ftLastAccessTime.dwLowDateTime=0x82f63070, ftLastAccessTime.dwHighDateTime=0x1d5d949, ftLastWriteTime.dwLowDateTime=0x82f63070, ftLastWriteTime.dwHighDateTime=0x1d5d949, nFileSizeHigh=0x0, nFileSizeLow=0xef1f)) returned 1 [0155.787] VirtualAlloc (lpAddress=0xc0004f8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004f8000 [0155.790] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\YO_gGIZglHHyF 7e.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\yo_ggizglhhyf 7e.mkv"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x545302d0, ftCreationTime.dwHighDateTime=0x1d5e631, ftLastAccessTime.dwLowDateTime=0xc9cda6b0, ftLastAccessTime.dwHighDateTime=0x1d5dd39, ftLastWriteTime.dwLowDateTime=0xc9cda6b0, ftLastWriteTime.dwHighDateTime=0x1d5dd39, nFileSizeHigh=0x0, nFileSizeLow=0xcc1b)) returned 1 [0155.790] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\Z1ORm.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\z1orm.flv"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0977340, ftCreationTime.dwHighDateTime=0x1d5de68, ftLastAccessTime.dwLowDateTime=0x3eec7de0, ftLastAccessTime.dwHighDateTime=0x1d5d943, ftLastWriteTime.dwLowDateTime=0x3eec7de0, ftLastWriteTime.dwHighDateTime=0x1d5d943, nFileSizeHigh=0x0, nFileSizeLow=0x24d0)) returned 1 [0155.790] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\g518f4w-.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\g518f4w-.flv"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2a678a20, ftCreationTime.dwHighDateTime=0x1d5d7ec, ftLastAccessTime.dwLowDateTime=0xc4bff0f0, ftLastAccessTime.dwHighDateTime=0x1d5dc77, ftLastWriteTime.dwLowDateTime=0xc4bff0f0, ftLastWriteTime.dwHighDateTime=0x1d5dc77, nFileSizeHigh=0x0, nFileSizeLow=0xe688)) returned 1 [0155.791] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\hLvshZCB9ciVQ3Z8HyO.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\hlvshzcb9civq3z8hyo.flv"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x79538b80, ftCreationTime.dwHighDateTime=0x1d5dcb4, ftLastAccessTime.dwLowDateTime=0x3b198580, ftLastAccessTime.dwHighDateTime=0x1d5e73c, ftLastWriteTime.dwLowDateTime=0x3b198580, ftLastWriteTime.dwHighDateTime=0x1d5e73c, nFileSizeHigh=0x0, nFileSizeLow=0xc051)) returned 1 [0155.791] VirtualAlloc (lpAddress=0xc000500000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000500000 [0155.793] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\m6SCx-BQNd.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\m6scx-bqnd.flv"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x45879e70, ftCreationTime.dwHighDateTime=0x1d5d865, ftLastAccessTime.dwLowDateTime=0xa58b0bc0, ftLastAccessTime.dwHighDateTime=0x1d5e0a0, ftLastWriteTime.dwLowDateTime=0xa58b0bc0, ftLastWriteTime.dwHighDateTime=0x1d5e0a0, nFileSizeHigh=0x0, nFileSizeLow=0x5932)) returned 1 [0155.794] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\oNHryRMM0bAcl8 0.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\onhryrmm0bacl8 0.flv"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe141840, ftCreationTime.dwHighDateTime=0x1d5e2df, ftLastAccessTime.dwLowDateTime=0x8307bb70, ftLastAccessTime.dwHighDateTime=0x1d5dba0, ftLastWriteTime.dwLowDateTime=0x8307bb70, ftLastWriteTime.dwHighDateTime=0x1d5dba0, nFileSizeHigh=0x0, nFileSizeLow=0x5671)) returned 1 [0155.794] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\rBgMNoO4indbBosabk.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\rbgmnoo4indbbosabk.swf"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4ba049c0, ftCreationTime.dwHighDateTime=0x1d5def4, ftLastAccessTime.dwLowDateTime=0x7919180, ftLastAccessTime.dwHighDateTime=0x1d5e66a, ftLastWriteTime.dwLowDateTime=0x7919180, ftLastWriteTime.dwHighDateTime=0x1d5e66a, nFileSizeHigh=0x0, nFileSizeLow=0x19ca)) returned 1 [0155.794] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\tCq9.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\tcq9.mp4"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa71e2b50, ftCreationTime.dwHighDateTime=0x1d5dde1, ftLastAccessTime.dwLowDateTime=0x2d096ce0, ftLastAccessTime.dwHighDateTime=0x1d5e68c, ftLastWriteTime.dwLowDateTime=0x2d096ce0, ftLastWriteTime.dwHighDateTime=0x1d5e68c, nFileSizeHigh=0x0, nFileSizeLow=0x100bd)) returned 1 [0155.795] VirtualAlloc (lpAddress=0xc000514000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000514000 [0155.797] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\w-DmknS18kHsIOAq9rA.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\w-dmkns18khsioaq9ra.swf"), fInfoLevelId=0x0, lpFileInformation=0xc000323850 | out: lpFileInformation=0xc000323850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x821c4f30, ftCreationTime.dwHighDateTime=0x1d5d91d, ftLastAccessTime.dwLowDateTime=0x7c1cff50, ftLastAccessTime.dwHighDateTime=0x1d5e505, ftLastWriteTime.dwLowDateTime=0x7c1cff50, ftLastWriteTime.dwHighDateTime=0x1d5e505, nFileSizeHigh=0x0, nFileSizeLow=0x13ae6)) returned 1 [0155.797] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), fInfoLevelId=0x0, lpFileInformation=0xc000323a00 | out: lpFileInformation=0xc000323a00*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8f389c20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x40000)) returned 1 [0155.797] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), fInfoLevelId=0x0, lpFileInformation=0xc000323a00 | out: lpFileInformation=0xc000323a00*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28f60c40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f60c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28f60c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0155.798] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000323a00 | out: lpFileInformation=0xc000323a00*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28cd94e0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cd94e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14)) returned 1 [0155.798] VirtualAlloc (lpAddress=0xc00051c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00051c000 [0155.800] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0155.801] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0155.802] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0155.803] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0155.804] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0155.805] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7c4 [0155.806] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000521cf4 | out: lpMode=0xc000521cf4) returned 0 [0155.958] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0156.305] SetEvent (hEvent=0x8d0) returned 1 [0156.305] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0161.232] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0538*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000423818, lpReserved=0x0 | out: lpBuffer=0xc0000a0538*, lpNumberOfCharsWritten=0xc000423818*=0x4) returned 1 [0161.233] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a05d0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002e1818, lpReserved=0x0 | out: lpBuffer=0xc0000a05d0*, lpNumberOfCharsWritten=0xc0002e1818*=0x3) returned 1 [0161.235] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a05d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000491818, lpReserved=0x0 | out: lpBuffer=0xc0000a05d8*, lpNumberOfCharsWritten=0xc000491818*=0x4) returned 1 [0161.237] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a05e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001f9818, lpReserved=0x0 | out: lpBuffer=0xc0000a05e0*, lpNumberOfCharsWritten=0xc0001f9818*=0x4) returned 1 [0161.238] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a05e8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001c7818, lpReserved=0x0 | out: lpBuffer=0xc0000a05e8*, lpNumberOfCharsWritten=0xc0001c7818*=0x4) returned 1 [0161.242] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0600*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000189818, lpReserved=0x0 | out: lpBuffer=0xc0000a0600*, lpNumberOfCharsWritten=0xc000189818*=0x4) returned 1 [0161.243] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0608*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002d9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0608*, lpNumberOfCharsWritten=0xc0002d9818*=0x4) returned 1 [0161.244] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0620*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000143818, lpReserved=0x0 | out: lpBuffer=0xc0000a0620*, lpNumberOfCharsWritten=0xc000143818*=0x4) returned 1 [0161.245] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0628*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003ef818, lpReserved=0x0 | out: lpBuffer=0xc0000a0628*, lpNumberOfCharsWritten=0xc0003ef818*=0x4) returned 1 [0161.246] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0161.247] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0640*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00011b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0640*, lpNumberOfCharsWritten=0xc00011b818*=0x4) returned 1 [0161.248] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0648*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00013f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0648*, lpNumberOfCharsWritten=0xc00013f818*=0x4) returned 1 [0161.250] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0650*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000415818, lpReserved=0x0 | out: lpBuffer=0xc0000a0650*, lpNumberOfCharsWritten=0xc000415818*=0x4) returned 1 [0161.251] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0658*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0658*, lpNumberOfCharsWritten=0xc0006e1818*=0x4) returned 1 [0161.252] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d0000*, nNumberOfCharsToWrite=0x4c, lpNumberOfCharsWritten=0xc000271808, lpReserved=0x0 | out: lpBuffer=0xc0003d0000*, lpNumberOfCharsWritten=0xc000271808*=0x4c) returned 1 [0161.256] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a101 | out: pbBuffer=0xc00028a101) returned 1 [0161.256] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0161.257] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0161.259] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0161.260] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0161.261] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x668 [0162.051] GetConsoleMode (in: hConsoleHandle=0x668, lpMode=0xc000271d64 | out: lpMode=0xc000271d64) returned 0 [0162.407] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0162.598] SetEvent (hEvent=0x354) returned 1 [0162.598] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0163.504] WriteFile (in: hFile=0x6a4, lpBuffer=0xc00056c000*, nNumberOfBytesToWrite=0x6fe0, lpNumberOfBytesWritten=0xc0004e9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00056c000*, lpNumberOfBytesWritten=0xc0004e9cec*=0x6fe0, lpOverlapped=0x0) returned 1 [0166.359] CloseHandle (hObject=0x6a4) returned 1 [0166.708] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0166.758] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0166.758] VirtualAlloc (lpAddress=0xc00028e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028e000 [0166.760] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0166.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\4bT5vX6999HZ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\4bt5vx6999hz.mkv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0166.861] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0004e9d64 | out: lpMode=0xc0004e9d64) returned 0 [0166.868] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) returned 0x0 [0166.976] GetFileType (hFile=0x2cc) returned 0x1 [0166.976] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0001851e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004e9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001851e0*, lpNumberOfBytesWritten=0xc0004e9d4c*=0x158, lpOverlapped=0x0) returned 1 [0166.977] CloseHandle (hObject=0x2cc) returned 1 [0166.977] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\4bT5vX6999HZ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\4bt5vx6999hz.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\encry-4bT5vX6999HZ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\encry-4bt5vx6999hz.mkv"), dwFlags=0x1) returned 1 [0167.382] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xffffffff) Thread: id = 16 os_tid = 0x67c [0089.908] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2890fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2890fea0*=0xe4) returned 1 [0089.908] VirtualQuery (in: lpAddress=0x2890fec0, lpBuffer=0x2890fec0, dwLength=0x30 | out: lpBuffer=0x2890fec0*(BaseAddress=0x2890f000, AllocationBase=0x28710000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0089.908] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x114 [0089.908] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x11c [0089.908] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0089.926] SwitchToThread () returned 1 [0089.942] SwitchToThread () returned 1 [0089.945] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xb4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2890f840, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2890f840*=0x134) returned 1 [0089.945] SuspendThread (hThread=0x134) returned 0x0 [0089.945] GetThreadContext (in: hThread=0x134, lpContext=0x2890f850 | out: lpContext=0x2890f850*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x27e5f728, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab153a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0089.946] ResumeThread (hThread=0x134) returned 0x1 [0089.946] CloseHandle (hObject=0x134) returned 1 [0089.946] SwitchToThread () returned 1 [0089.955] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0089.961] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0089.962] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0089.962] SetEvent (hEvent=0x8c) returned 1 [0089.962] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0089.965] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0089.965] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0089.966] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0089.966] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0089.966] SetEvent (hEvent=0x8c) returned 1 [0089.967] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0089.967] GetFileType (hFile=0xf4) returned 0x1 [0089.967] GetFileType (hFile=0xf4) returned 0x1 [0089.967] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000047d44 | out: lpFileInformation=0xc000047d44) returned 1 [0089.967] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000047d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000047d28) returned 1 [0089.968] ReadFile (in: hFile=0xf4, lpBuffer=0xc00036e000, nNumberOfBytesToRead=0xd1c4, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc00036e000*, lpNumberOfBytesRead=0xc000047c04*=0xcfc4, lpOverlapped=0x0) returned 1 [0090.018] ReadFile (in: hFile=0xf4, lpBuffer=0xc00037afc4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc00037afc4*, lpNumberOfBytesRead=0xc000047c04*=0x0, lpOverlapped=0x0) returned 1 [0090.018] CloseHandle (hObject=0xf4) returned 1 [0090.018] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0090.019] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0090.020] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000047d04 | out: lpMode=0xc000047d04) returned 0 [0090.035] GetFileType (hFile=0xf4) returned 0x1 [0090.035] WriteFile (in: hFile=0xf4, lpBuffer=0xc00010c000*, nNumberOfBytesToWrite=0xcfd0, lpNumberOfBytesWritten=0xc000047cec, lpOverlapped=0x0 | out: lpBuffer=0xc00010c000*, lpNumberOfBytesWritten=0xc000047cec*=0xcfd0, lpOverlapped=0x0) returned 1 [0090.037] CloseHandle (hObject=0xf4) returned 1 [0090.039] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0090.039] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0090.039] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0090.039] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0090.040] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0090.040] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0090.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0090.041] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000047d64 | out: lpMode=0xc000047d64) returned 0 [0090.050] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0090.054] GetFileType (hFile=0xf4) returned 0x1 [0090.054] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000047d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000047d4c*=0x158, lpOverlapped=0x0) returned 1 [0090.054] CloseHandle (hObject=0xf4) returned 1 [0090.057] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\acrofnt10.lst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\Cache\\encry-AcroFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\cache\\encry-acrofnt10.lst"), dwFlags=0x1) returned 1 [0090.058] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0090.059] SetEvent (hEvent=0x13c) returned 1 [0090.059] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0090.059] SetEvent (hEvent=0x13c) returned 1 [0090.059] SetEvent (hEvent=0x8c) returned 1 [0090.059] VirtualFree (lpAddress=0xc0006f6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.060] VirtualFree (lpAddress=0xc0006e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.060] VirtualFree (lpAddress=0xc0006d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.060] VirtualFree (lpAddress=0xc000560000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0090.060] VirtualFree (lpAddress=0xc000558000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0090.061] VirtualFree (lpAddress=0xc000542000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0090.061] VirtualFree (lpAddress=0xc000518000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.062] VirtualFree (lpAddress=0xc0004ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.062] VirtualFree (lpAddress=0xc0003f2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.062] VirtualFree (lpAddress=0xc00036e000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0090.063] VirtualFree (lpAddress=0xc000358000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.063] VirtualFree (lpAddress=0xc00033e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.063] VirtualFree (lpAddress=0xc000148000, dwSize=0x22000, dwFreeType=0x4000) returned 1 [0090.064] VirtualFree (lpAddress=0xc00010c000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0090.065] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0090.065] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0090.066] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.066] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.066] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.066] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.067] VirtualFree (lpAddress=0xc00003e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0090.067] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.067] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0090.068] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0090.068] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0090.069] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0090.070] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0090.071] GetFileType (hFile=0xf4) returned 0x1 [0090.072] WriteFile (in: hFile=0xf4, lpBuffer=0xc00003e000*, nNumberOfBytesToWrite=0xa80, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003e000*, lpNumberOfBytesWritten=0xc0006e1cec*=0xa80, lpOverlapped=0x0) returned 1 [0090.073] CloseHandle (hObject=0xf4) returned 1 [0090.076] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0090.078] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0090.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0090.078] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0090.079] GetFileType (hFile=0xf4) returned 0x1 [0090.079] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0090.079] CloseHandle (hObject=0xf4) returned 1 [0090.080] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0090.081] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wsrgb.icc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\encry-wsRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\encry-wsrgb.icc"), dwFlags=0x1) returned 1 [0090.081] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0090.082] SetEvent (hEvent=0x13c) returned 1 [0090.082] SetEvent (hEvent=0x8c) returned 1 [0090.082] VirtualFree (lpAddress=0xc00058e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0090.082] VirtualFree (lpAddress=0xc000556000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.082] VirtualFree (lpAddress=0xc00053a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0090.083] VirtualFree (lpAddress=0xc000536000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.083] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.083] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.083] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0090.084] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.084] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.084] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0090.084] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0006e3cf4 | out: lpMode=0xc0006e3cf4) returned 0 [0090.085] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0090.087] GetFileType (hFile=0xf4) returned 0x1 [0090.087] GetFileType (hFile=0xf4) returned 0x1 [0090.087] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc0006e3d44 | out: lpFileInformation=0xc0006e3d44) returned 1 [0090.087] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc0006e3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e3d28) returned 1 [0090.087] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0090.088] ReadFile (in: hFile=0xf4, lpBuffer=0xc00010c000, nNumberOfBytesToRead=0x1600, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00010c000*, lpNumberOfBytesRead=0xc0006e3c04*=0x1400, lpOverlapped=0x0) returned 1 [0090.090] ReadFile (in: hFile=0xf4, lpBuffer=0xc00010d400, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00010d400*, lpNumberOfBytesRead=0xc0006e3c04*=0x0, lpOverlapped=0x0) returned 1 [0090.090] CloseHandle (hObject=0xf4) returned 1 [0090.090] SwitchToThread () returned 1 [0090.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\SharedDataEvents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\shareddataevents"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0090.096] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0006e3d04 | out: lpMode=0xc0006e3d04) returned 0 [0090.111] SwitchToThread () returned 1 [0090.223] SwitchToThread () returned 1 [0090.224] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0090.242] VirtualAlloc (lpAddress=0xc00057a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00057a000 [0090.242] VirtualAlloc (lpAddress=0xc00057c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00057c000 [0090.243] VirtualAlloc (lpAddress=0xc00057e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00057e000 [0090.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0090.243] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000049cf4 | out: lpMode=0xc000049cf4) returned 0 [0090.257] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0090.272] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0090.335] SetEvent (hEvent=0x108) returned 1 [0090.335] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0090.366] SetEvent (hEvent=0x120) returned 1 [0090.367] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0090.388] SetEvent (hEvent=0x108) returned 1 [0090.388] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0090.388] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000119cf4 | out: lpMode=0xc000119cf4) returned 0 [0090.419] GetFileType (hFile=0x14c) returned 0x1 [0090.419] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0090.419] GetFileType (hFile=0x14c) returned 0x1 [0090.419] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc000119d44 | out: lpFileInformation=0xc000119d44) returned 1 [0090.419] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc000119d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000119d28) returned 1 [0090.419] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0090.420] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0090.421] ReadFile (in: hFile=0x14c, lpBuffer=0xc0000e8000, nNumberOfBytesToRead=0x3030, lpNumberOfBytesRead=0xc000119c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e8000*, lpNumberOfBytesRead=0xc000119c04*=0x2e30, lpOverlapped=0x0) returned 1 [0090.459] ReadFile (in: hFile=0x14c, lpBuffer=0xc0000eae30, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000119c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000eae30*, lpNumberOfBytesRead=0xc000119c04*=0x0, lpOverlapped=0x0) returned 1 [0090.459] CloseHandle (hObject=0x14c) returned 1 [0090.459] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0090.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.manifest"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0090.461] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000119d04 | out: lpMode=0xc000119d04) returned 0 [0090.478] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0090.595] SetEvent (hEvent=0x12c) returned 1 [0090.595] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0090.772] SetEvent (hEvent=0x100) returned 1 [0090.772] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0091.097] SetEvent (hEvent=0x13c) returned 1 [0091.097] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0091.163] SetEvent (hEvent=0x120) returned 1 [0091.163] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0091.188] SetEvent (hEvent=0x13c) returned 1 [0091.188] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0091.333] SetEvent (hEvent=0x108) returned 1 [0091.333] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0091.335] SetEvent (hEvent=0x13c) returned 1 [0091.336] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0091.350] SetEvent (hEvent=0x12c) returned 1 [0091.350] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0091.477] SetEvent (hEvent=0x108) returned 1 [0091.477] SetEvent (hEvent=0x120) returned 1 [0091.477] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0091.823] SetEvent (hEvent=0x13c) returned 1 [0091.823] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0092.728] SetEvent (hEvent=0x120) returned 1 [0092.728] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0092.731] SetEvent (hEvent=0x120) returned 1 [0092.731] SetEvent (hEvent=0x8c) returned 1 [0092.731] SetEvent (hEvent=0x100) returned 1 [0092.731] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0092.732] SetEvent (hEvent=0x108) returned 1 [0092.732] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0092.746] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0092.748] SetEvent (hEvent=0xb8) returned 1 [0092.748] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0092.750] VirtualFree (lpAddress=0xc00017a000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0092.751] VirtualFree (lpAddress=0xc00013a000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0092.751] VirtualFree (lpAddress=0xc000132000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0092.752] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.752] VirtualFree (lpAddress=0xc0000f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.752] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.752] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.753] VirtualFree (lpAddress=0xc00006a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0092.753] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.753] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.754] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.754] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.754] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.754] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.755] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0092.775] SetEvent (hEvent=0x12c) returned 1 [0092.775] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0092.776] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0092.776] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0000c7cf4 | out: lpMode=0xc0000c7cf4) returned 0 [0092.777] GetFileType (hFile=0x14c) returned 0x1 [0092.777] GetFileType (hFile=0x14c) returned 0x1 [0092.777] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc0000c7d44 | out: lpFileInformation=0xc0000c7d44) returned 1 [0092.777] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc0000c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c7d28) returned 1 [0092.777] ReadFile (in: hFile=0x14c, lpBuffer=0xc00014ad80, nNumberOfBytesToRead=0x229, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00014ad80*, lpNumberOfBytesRead=0xc0000c7c04*=0x29, lpOverlapped=0x0) returned 1 [0092.778] ReadFile (in: hFile=0x14c, lpBuffer=0xc00014ada9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00014ada9*, lpNumberOfBytesRead=0xc0000c7c04*=0x0, lpOverlapped=0x0) returned 1 [0092.778] CloseHandle (hObject=0x14c) returned 1 [0092.778] VirtualAlloc (lpAddress=0xc00014e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014e000 [0092.779] VirtualAlloc (lpAddress=0xc000150000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000150000 [0092.779] VirtualAlloc (lpAddress=0xc000152000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000152000 [0092.780] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0092.781] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0000c7d04 | out: lpMode=0xc0000c7d04) returned 0 [0092.781] GetFileType (hFile=0x14c) returned 0x1 [0092.782] WriteFile (in: hFile=0x14c, lpBuffer=0xc00000a1e0*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0xc0000c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00000a1e0*, lpNumberOfBytesWritten=0xc0000c7cec*=0x30, lpOverlapped=0x0) returned 1 [0092.783] CloseHandle (hObject=0x14c) returned 1 [0092.784] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0092.784] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0092.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0092.785] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0000c7d64 | out: lpMode=0xc0000c7d64) returned 0 [0092.795] GetFileType (hFile=0x14c) returned 0x1 [0092.795] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0000c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0092.795] CloseHandle (hObject=0x14c) returned 1 [0092.797] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\encry-MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\encry-manifest-000001"), dwFlags=0x1) returned 1 [0092.798] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.799] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0092.799] SetEvent (hEvent=0xc0) returned 1 [0092.799] SetEvent (hEvent=0x100) returned 1 [0092.799] SetEvent (hEvent=0xb8) returned 1 [0092.799] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0092.801] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.804] SetEvent (hEvent=0x120) returned 1 [0092.804] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.822] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0092.822] SetEvent (hEvent=0x120) returned 1 [0092.822] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.894] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0092.894] SetEvent (hEvent=0x100) returned 1 [0092.894] SetEvent (hEvent=0x13c) returned 1 [0092.894] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0092.895] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0092.899] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0092.900] SetEvent (hEvent=0x13c) returned 1 [0092.900] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0092.911] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0092.911] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0092.912] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0092.912] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0092.912] SetEvent (hEvent=0xc0) returned 1 [0092.912] SetEvent (hEvent=0x13c) returned 1 [0092.912] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0092.913] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000c5cf4 | out: lpMode=0xc0000c5cf4) returned 0 [0092.925] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0092.927] GetFileType (hFile=0xf4) returned 0x1 [0092.927] GetFileType (hFile=0xf4) returned 0x1 [0092.927] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc0000c5d44 | out: lpFileInformation=0xc0000c5d44) returned 1 [0092.927] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc0000c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c5d28) returned 1 [0092.927] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0092.928] ReadFile (in: hFile=0xf4, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x6ad, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc0000c5c04*=0x4ad, lpOverlapped=0x0) returned 1 [0092.930] ReadFile (in: hFile=0xf4, lpBuffer=0xc00004c4ad, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c4ad*, lpNumberOfBytesRead=0xc0000c5c04*=0x0, lpOverlapped=0x0) returned 1 [0092.930] CloseHandle (hObject=0xf4) returned 1 [0092.930] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0092.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0092.931] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000c5d04 | out: lpMode=0xc0000c5d04) returned 0 [0092.932] GetFileType (hFile=0xf4) returned 0x1 [0092.932] WriteFile (in: hFile=0xf4, lpBuffer=0xc000060000*, nNumberOfBytesToWrite=0x4b0, lpNumberOfBytesWritten=0xc0000c5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesWritten=0xc0000c5cec*=0x4b0, lpOverlapped=0x0) returned 1 [0092.933] CloseHandle (hObject=0xf4) returned 1 [0092.938] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0092.938] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0092.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0092.939] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000c5d64 | out: lpMode=0xc0000c5d64) returned 0 [0092.939] GetFileType (hFile=0xf4) returned 0x1 [0092.939] WriteFile (in: hFile=0xf4, lpBuffer=0xc00007a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007a2c0*, lpNumberOfBytesWritten=0xc0000c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0092.939] CloseHandle (hObject=0xf4) returned 1 [0092.978] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0092.979] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\encry-000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\encry-000003.log"), dwFlags=0x1) returned 1 [0092.979] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0092.980] SetEvent (hEvent=0xb8) returned 1 [0092.980] SetEvent (hEvent=0x120) returned 1 [0092.980] VirtualFree (lpAddress=0xc000174000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.981] VirtualFree (lpAddress=0xc00016e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.981] VirtualFree (lpAddress=0xc00015e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.981] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.982] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.982] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0092.982] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.982] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.983] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.983] GetFileType (hFile=0xec) returned 0x1 [0092.983] GetFileType (hFile=0xec) returned 0x1 [0092.983] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000045d44 | out: lpFileInformation=0xc000045d44) returned 1 [0092.983] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000045d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000045d28) returned 1 [0092.983] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0092.984] ReadFile (in: hFile=0xec, lpBuffer=0xc000052000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfBytesRead=0xc000045c04*=0x0, lpOverlapped=0x0) returned 1 [0092.984] CloseHandle (hObject=0xec) returned 1 [0092.984] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\lock"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0092.984] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000045d04 | out: lpMode=0xc000045d04) returned 0 [0092.985] GetFileType (hFile=0xec) returned 0x1 [0092.985] WriteFile (in: hFile=0xec, lpBuffer=0xc000586200*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000045cec, lpOverlapped=0x0 | out: lpBuffer=0xc000586200*, lpNumberOfBytesWritten=0xc000045cec*=0x10, lpOverlapped=0x0) returned 1 [0092.986] CloseHandle (hObject=0xec) returned 1 [0092.988] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0092.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\lock"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0092.989] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000045d64 | out: lpMode=0xc000045d64) returned 0 [0092.991] GetFileType (hFile=0xec) returned 0x1 [0092.991] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000045d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000045d4c*=0x158, lpOverlapped=0x0) returned 1 [0092.992] CloseHandle (hObject=0xec) returned 1 [0092.995] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\encry-LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\encry-lock"), dwFlags=0x1) returned 1 [0092.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aapocclcgogkmnckokdopfmhonfmgoek", cAlternateFileName="AAPOCC~1")) returned 1 [0092.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aohghmighlieiainnegkcijnfilokake", cAlternateFileName="AOHGHM~1")) returned 1 [0092.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="apdfllckaahabafndbhieahigkjlhalf", cAlternateFileName="APDFLL~1")) returned 1 [0092.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81a42ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="blpcfgokakmgnkcojhhkbfbldkacnbeo", cAlternateFileName="BLPCFG~1")) returned 1 [0092.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x844bb8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844c0700, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844c0700, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="felcaaldnbdncclmgdcncolpebgiejap", cAlternateFileName="FELCAA~1")) returned 1 [0092.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x862fc2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86322450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86322450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ghbmnnjooekpmoecnnnilnnbdlolhkhi", cAlternateFileName="GHBMNN~1")) returned 1 [0092.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ab7660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82abeb90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82abeb90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nmmhkkegccagdldgiimedpiccmgmieda", cAlternateFileName="NMMHKK~1")) returned 1 [0092.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x814d6d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pjkljhegncpnkpknbcohdijeoejaedia", cAlternateFileName="PJKLJH~1")) returned 1 [0092.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkedcjkdefgpdelpbcmbmeomcjbeemfm", cAlternateFileName="PKEDCJ~1")) returned 1 [0092.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.996] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0092.997] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0092.998] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0092.998] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.016] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.050] SetEvent (hEvent=0x12c) returned 1 [0093.050] SetEvent (hEvent=0x120) returned 1 [0093.050] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.105] SetEvent (hEvent=0xb8) returned 1 [0093.105] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.120] VirtualAlloc (lpAddress=0xc000136000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000136000 [0093.121] VirtualAlloc (lpAddress=0xc000138000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000138000 [0093.121] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0093.121] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0093.122] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00012bcf4 | out: lpMode=0xc00012bcf4) returned 0 [0093.125] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.133] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.136] SetEvent (hEvent=0x120) returned 1 [0093.136] VirtualFree (lpAddress=0xc000200000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0093.136] VirtualFree (lpAddress=0xc000182000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.137] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.137] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.137] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.137] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.138] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.138] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.138] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.138] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.139] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.139] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.139] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.139] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.140] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.140] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.140] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0093.140] VirtualFree (lpAddress=0xc00004c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0093.141] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.141] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.141] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.142] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0093.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0093.143] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0004dbcf4 | out: lpMode=0xc0004dbcf4) returned 0 [0093.151] GetFileType (hFile=0x128) returned 0x1 [0093.151] GetFileType (hFile=0x128) returned 0x1 [0093.151] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0004dbd44 | out: lpFileInformation=0xc0004dbd44) returned 1 [0093.151] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0004dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dbd28) returned 1 [0093.151] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0093.151] ReadFile (in: hFile=0x128, lpBuffer=0xc000186000, nNumberOfBytesToRead=0x312, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000186000*, lpNumberOfBytesRead=0xc0004dbc04*=0x112, lpOverlapped=0x0) returned 1 [0093.153] ReadFile (in: hFile=0x128, lpBuffer=0xc000186112, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000186112*, lpNumberOfBytesRead=0xc0004dbc04*=0x0, lpOverlapped=0x0) returned 1 [0093.153] CloseHandle (hObject=0x128) returned 1 [0093.153] VirtualAlloc (lpAddress=0xc000188000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000188000 [0093.153] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0093.154] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0004dbd04 | out: lpMode=0xc0004dbd04) returned 0 [0093.215] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.217] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.367] SetEvent (hEvent=0x12c) returned 1 [0093.367] SetEvent (hEvent=0x13c) returned 1 [0093.367] SetEvent (hEvent=0x8c) returned 1 [0093.367] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.421] SetEvent (hEvent=0x8c) returned 1 [0093.421] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.444] SetEvent (hEvent=0x100) returned 1 [0093.444] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.581] SetEvent (hEvent=0x12c) returned 1 [0093.581] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.642] SetEvent (hEvent=0x13c) returned 1 [0093.642] SetEvent (hEvent=0x100) returned 1 [0093.642] SetEvent (hEvent=0x12c) returned 1 [0093.642] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.670] SetEvent (hEvent=0x120) returned 1 [0093.670] SetEvent (hEvent=0x12c) returned 1 [0093.670] SetEvent (hEvent=0x100) returned 1 [0093.670] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.770] SetEvent (hEvent=0x120) returned 1 [0093.770] SetEvent (hEvent=0x12c) returned 1 [0093.770] SetEvent (hEvent=0x13c) returned 1 [0093.770] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.777] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.778] SetEvent (hEvent=0x120) returned 1 [0093.778] SetEvent (hEvent=0x100) returned 1 [0093.778] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.778] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.779] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.779] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.779] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.779] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.779] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.779] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.779] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd)) returned 1 [0093.780] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.780] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.780] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.780] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.780] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.780] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.780] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.780] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec)) returned 1 [0093.781] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.782] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.783] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.815] SetEvent (hEvent=0x120) returned 1 [0093.815] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.816] SetEvent (hEvent=0x13c) returned 1 [0093.816] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.838] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.857] SetEvent (hEvent=0x120) returned 1 [0093.857] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.858] SetEvent (hEvent=0x120) returned 1 [0093.858] SetEvent (hEvent=0x100) returned 1 [0093.858] VirtualFree (lpAddress=0xc000238000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.859] VirtualFree (lpAddress=0xc0001d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.859] VirtualFree (lpAddress=0xc0001d2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.859] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.859] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.860] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.860] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.860] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.860] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.861] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.861] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.861] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.861] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.861] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6)) returned 1 [0093.861] VirtualAlloc (lpAddress=0xc000246000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000246000 [0093.862] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.862] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.862] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.863] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.863] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.863] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.863] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.863] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4)) returned 1 [0093.863] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.866] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.866] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.866] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.866] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.866] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.866] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.866] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe9)) returned 1 [0093.867] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.867] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.867] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.867] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.867] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.867] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.867] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.867] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2)) returned 1 [0093.868] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.875] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0093.876] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.876] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0093.877] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.877] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.877] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.877] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.877] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.877] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd)) returned 1 [0093.877] VirtualAlloc (lpAddress=0xc000252000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000252000 [0093.878] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.878] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.879] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.879] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.879] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.879] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.879] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xcb)) returned 1 [0093.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.881] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0093.884] SetEvent (hEvent=0x8c) returned 1 [0093.884] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.007] SetEvent (hEvent=0x120) returned 1 [0094.007] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.018] SetEvent (hEvent=0x120) returned 1 [0094.018] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.018] SetEvent (hEvent=0x120) returned 1 [0094.018] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.019] SetEvent (hEvent=0x120) returned 1 [0094.019] SetEvent (hEvent=0x100) returned 1 [0094.019] VirtualFree (lpAddress=0xc0001ec000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0094.020] VirtualFree (lpAddress=0xc0001de000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.020] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.020] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.021] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.021] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.021] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.021] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.021] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.021] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.022] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9)) returned 1 [0094.022] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.022] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.022] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.022] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.022] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.022] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.023] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde)) returned 1 [0094.023] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.026] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.029] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.058] SetEvent (hEvent=0x8c) returned 1 [0094.058] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.060] SetEvent (hEvent=0x100) returned 1 [0094.060] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.065] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.072] SetEvent (hEvent=0x8c) returned 1 [0094.072] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.073] SetEvent (hEvent=0x120) returned 1 [0094.073] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.088] SetEvent (hEvent=0x8c) returned 1 [0094.088] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.098] SetEvent (hEvent=0x100) returned 1 [0094.098] SwitchToThread () returned 1 [0094.101] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0094.102] VirtualAlloc (lpAddress=0xc0000ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ec000 [0094.102] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.102] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.103] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.103] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.103] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.103] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.103] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0)) returned 1 [0094.103] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.106] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.106] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.106] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.106] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.106] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.106] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.106] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde)) returned 1 [0094.107] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.111] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.115] SwitchToThread () returned 1 [0094.120] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.137] SetEvent (hEvent=0x8c) returned 1 [0094.137] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.138] SetEvent (hEvent=0xb8) returned 1 [0094.138] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.147] SetEvent (hEvent=0x100) returned 1 [0094.147] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.170] SetEvent (hEvent=0x100) returned 1 [0094.170] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.179] SetEvent (hEvent=0x8c) returned 1 [0094.179] SetEvent (hEvent=0x13c) returned 1 [0094.179] SetEvent (hEvent=0x100) returned 1 [0094.179] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.184] SetEvent (hEvent=0x12c) returned 1 [0094.184] SetEvent (hEvent=0x100) returned 1 [0094.184] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.231] SetEvent (hEvent=0x13c) returned 1 [0094.231] SetEvent (hEvent=0xb8) returned 1 [0094.231] SetEvent (hEvent=0x120) returned 1 [0094.231] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.236] SetEvent (hEvent=0x13c) returned 1 [0094.236] SetEvent (hEvent=0x8c) returned 1 [0094.236] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.253] SetEvent (hEvent=0x8c) returned 1 [0094.253] SetEvent (hEvent=0x100) returned 1 [0094.253] SetEvent (hEvent=0x12c) returned 1 [0094.253] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.337] SetEvent (hEvent=0x13c) returned 1 [0094.338] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.426] SetEvent (hEvent=0x100) returned 1 [0094.426] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.466] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.469] SetEvent (hEvent=0x120) returned 1 [0094.469] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0094.469] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00010fcf4 | out: lpMode=0xc00010fcf4) returned 0 [0094.473] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.474] GetFileType (hFile=0x150) returned 0x1 [0094.474] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.481] GetFileType (hFile=0x150) returned 0x1 [0094.481] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00010fd44 | out: lpFileInformation=0xc00010fd44) returned 1 [0094.481] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00010fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010fd28) returned 1 [0094.481] VirtualAlloc (lpAddress=0xc00014e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014e000 [0094.482] ReadFile (in: hFile=0x150, lpBuffer=0xc00014e000, nNumberOfBytesToRead=0x25f, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00014e000*, lpNumberOfBytesRead=0xc00010fc04*=0x5f, lpOverlapped=0x0) returned 1 [0094.483] ReadFile (in: hFile=0x150, lpBuffer=0xc00014e05f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00014e05f*, lpNumberOfBytesRead=0xc00010fc04*=0x0, lpOverlapped=0x0) returned 1 [0094.483] CloseHandle (hObject=0x150) returned 1 [0094.483] VirtualAlloc (lpAddress=0xc000150000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000150000 [0094.483] VirtualAlloc (lpAddress=0xc000152000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000152000 [0094.484] VirtualAlloc (lpAddress=0xc000154000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000154000 [0094.484] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0094.486] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00010fd04 | out: lpMode=0xc00010fd04) returned 0 [0094.499] GetFileType (hFile=0x150) returned 0x1 [0094.499] WriteFile (in: hFile=0x150, lpBuffer=0xc000344000*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0xc00010fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000344000*, lpNumberOfBytesWritten=0xc00010fcec*=0x60, lpOverlapped=0x0) returned 1 [0094.501] CloseHandle (hObject=0x150) returned 1 [0094.504] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0094.504] VirtualAlloc (lpAddress=0xc000156000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000156000 [0094.505] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0094.505] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0094.506] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0094.506] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0094.506] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00010fd64 | out: lpMode=0xc00010fd64) returned 0 [0094.514] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.520] SetEvent (hEvent=0x108) returned 1 [0094.520] GetFileType (hFile=0x150) returned 0x1 [0094.520] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0094.521] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0094.521] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0094.522] WriteFile (in: hFile=0x150, lpBuffer=0xc000094000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesWritten=0xc00010fd4c*=0x158, lpOverlapped=0x0) returned 1 [0094.522] CloseHandle (hObject=0x150) returned 1 [0094.524] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0094.525] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0094.525] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\encry-main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\encry-main.js"), dwFlags=0x1) returned 1 [0094.526] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.527] SetEvent (hEvent=0x108) returned 1 [0094.527] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.527] SetEvent (hEvent=0x108) returned 1 [0094.527] SetEvent (hEvent=0x8c) returned 1 [0094.527] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.527] VirtualFree (lpAddress=0xc0001ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.528] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.528] VirtualFree (lpAddress=0xc0001aa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.528] VirtualFree (lpAddress=0xc0001a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.528] VirtualFree (lpAddress=0xc00015a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.529] VirtualFree (lpAddress=0xc000152000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0094.529] VirtualFree (lpAddress=0xc00014e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.529] VirtualFree (lpAddress=0xc000122000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.529] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.530] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.530] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.530] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.530] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0094.531] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0004dfcf4 | out: lpMode=0xc0004dfcf4) returned 0 [0094.531] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.533] GetFileType (hFile=0x150) returned 0x1 [0094.533] GetFileType (hFile=0x150) returned 0x1 [0094.533] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0004dfd44 | out: lpFileInformation=0xc0004dfd44) returned 1 [0094.533] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0004dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dfd28) returned 1 [0094.533] ReadFile (in: hFile=0x150, lpBuffer=0xc000054000, nNumberOfBytesToRead=0xf2c, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesRead=0xc0004dfc04*=0xd2c, lpOverlapped=0x0) returned 1 [0094.557] ReadFile (in: hFile=0x150, lpBuffer=0xc000054d2c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000054d2c*, lpNumberOfBytesRead=0xc0004dfc04*=0x0, lpOverlapped=0x0) returned 1 [0094.557] CloseHandle (hObject=0x150) returned 1 [0094.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0094.558] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0004dfd04 | out: lpMode=0xc0004dfd04) returned 0 [0094.571] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.582] GetFileType (hFile=0x150) returned 0x1 [0094.582] WriteFile (in: hFile=0x150, lpBuffer=0xc00004c000*, nNumberOfBytesToWrite=0xd30, lpNumberOfBytesWritten=0xc0004dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesWritten=0xc0004dfcec*=0xd30, lpOverlapped=0x0) returned 1 [0094.583] CloseHandle (hObject=0x150) returned 1 [0094.586] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0094.586] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0094.586] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0004dfd64 | out: lpMode=0xc0004dfd64) returned 0 [0094.587] GetFileType (hFile=0x150) returned 0x1 [0094.587] WriteFile (in: hFile=0x150, lpBuffer=0xc000056580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000056580*, lpNumberOfBytesWritten=0xc0004dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0094.588] CloseHandle (hObject=0x150) returned 1 [0094.589] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\encry-icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\encry-icon_128.png"), dwFlags=0x1) returned 1 [0094.590] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.591] SetEvent (hEvent=0x108) returned 1 [0094.591] SetEvent (hEvent=0x8c) returned 1 [0094.591] SetEvent (hEvent=0x13c) returned 1 [0094.591] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.610] VirtualAlloc (lpAddress=0xc00015e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015e000 [0094.610] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0094.611] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0094.611] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0094.620] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.623] GetFileType (hFile=0x150) returned 0x1 [0094.623] GetFileType (hFile=0x150) returned 0x1 [0094.623] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0094.623] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0094.623] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0094.623] ReadFile (in: hFile=0x150, lpBuffer=0xc0000f0000, nNumberOfBytesToRead=0x2d7, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesRead=0xc000117c04*=0xd7, lpOverlapped=0x0) returned 1 [0094.625] ReadFile (in: hFile=0x150, lpBuffer=0xc0000f00d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f00d7*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0094.625] CloseHandle (hObject=0x150) returned 1 [0094.625] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0094.626] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0094.627] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.630] GetFileType (hFile=0x150) returned 0x1 [0094.630] WriteFile (in: hFile=0x150, lpBuffer=0xc0001440e0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001440e0*, lpNumberOfBytesWritten=0xc000117cec*=0xe0, lpOverlapped=0x0) returned 1 [0094.631] CloseHandle (hObject=0x150) returned 1 [0094.636] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0094.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0094.637] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0094.648] GetFileType (hFile=0x150) returned 0x1 [0094.648] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.649] CloseHandle (hObject=0x150) returned 1 [0094.652] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0094.653] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0094.653] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.654] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0094.654] SetEvent (hEvent=0x100) returned 1 [0094.654] SetEvent (hEvent=0x13c) returned 1 [0094.654] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0094.656] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.658] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.658] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.666] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.666] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.667] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0094.667] SetEvent (hEvent=0xc0) returned 1 [0094.667] SetEvent (hEvent=0x9c) returned 1 [0094.667] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.667] SetEvent (hEvent=0x108) returned 1 [0094.668] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.675] SetEvent (hEvent=0x120) returned 1 [0094.675] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.676] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010120*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024b818, lpReserved=0x0 | out: lpBuffer=0xc000010120*, lpNumberOfCharsWritten=0xc00024b818*=0x3) returned 1 [0094.678] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.727] SetEvent (hEvent=0x120) returned 1 [0094.727] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.728] SetEvent (hEvent=0x120) returned 1 [0094.728] SetEvent (hEvent=0x108) returned 1 [0094.728] VirtualFree (lpAddress=0xc0001c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.728] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0094.729] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.729] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.729] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.729] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.729] GetFileType (hFile=0xf4) returned 0x1 [0094.729] GetFileType (hFile=0xf4) returned 0x1 [0094.729] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000243d44 | out: lpFileInformation=0xc000243d44) returned 1 [0094.730] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000243d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000243d28) returned 1 [0094.730] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0094.730] ReadFile (in: hFile=0xf4, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x2f6, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc000243c04*=0xf6, lpOverlapped=0x0) returned 1 [0094.731] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000940f6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000940f6*, lpNumberOfBytesRead=0xc000243c04*=0x0, lpOverlapped=0x0) returned 1 [0094.731] CloseHandle (hObject=0xf4) returned 1 [0094.731] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0094.731] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0094.733] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000243d04 | out: lpMode=0xc000243d04) returned 0 [0094.733] GetFileType (hFile=0xf4) returned 0x1 [0094.733] WriteFile (in: hFile=0xf4, lpBuffer=0xc000000500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc000243cec, lpOverlapped=0x0 | out: lpBuffer=0xc000000500*, lpNumberOfBytesWritten=0xc000243cec*=0x100, lpOverlapped=0x0) returned 1 [0094.734] CloseHandle (hObject=0xf4) returned 1 [0094.736] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0094.737] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0094.737] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0094.737] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000243d64 | out: lpMode=0xc000243d64) returned 0 [0094.739] GetFileType (hFile=0xf4) returned 0x1 [0094.739] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000243d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000243d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.740] CloseHandle (hObject=0xf4) returned 1 [0094.741] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.743] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.750] SetEvent (hEvent=0x120) returned 1 [0094.751] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.757] SetEvent (hEvent=0x120) returned 1 [0094.757] SetEvent (hEvent=0x8c) returned 1 [0094.757] VirtualFree (lpAddress=0xc000164000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.757] VirtualFree (lpAddress=0xc00011c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0094.758] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.758] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.758] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.758] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.759] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0094.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0094.759] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000c7cf4 | out: lpMode=0xc0000c7cf4) returned 0 [0094.760] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.764] SetEvent (hEvent=0x120) returned 1 [0094.765] GetFileType (hFile=0xf4) returned 0x1 [0094.765] GetFileType (hFile=0xf4) returned 0x1 [0094.765] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc0000c7d44 | out: lpFileInformation=0xc0000c7d44) returned 1 [0094.765] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc0000c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c7d28) returned 1 [0094.765] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0094.765] ReadFile (in: hFile=0xf4, lpBuffer=0xc000056000, nNumberOfBytesToRead=0x2d56, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesRead=0xc0000c7c04*=0x2b56, lpOverlapped=0x0) returned 1 [0094.771] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.772] ReadFile (in: hFile=0xf4, lpBuffer=0xc000058b56, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000058b56*, lpNumberOfBytesRead=0xc0000c7c04*=0x0, lpOverlapped=0x0) returned 1 [0094.772] CloseHandle (hObject=0xf4) returned 1 [0094.772] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0094.774] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0094.775] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000c7d04 | out: lpMode=0xc0000c7d04) returned 0 [0094.777] GetFileType (hFile=0xf4) returned 0x1 [0094.777] WriteFile (in: hFile=0xf4, lpBuffer=0xc000059000*, nNumberOfBytesToWrite=0x2b60, lpNumberOfBytesWritten=0xc0000c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000059000*, lpNumberOfBytesWritten=0xc0000c7cec*=0x2b60, lpOverlapped=0x0) returned 1 [0094.778] CloseHandle (hObject=0xf4) returned 1 [0094.780] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0094.780] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0094.780] VirtualAlloc (lpAddress=0xc0001e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e0000 [0094.781] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0094.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0094.781] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000c7d64 | out: lpMode=0xc0000c7d64) returned 0 [0094.783] GetFileType (hFile=0xf4) returned 0x1 [0094.783] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0000c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.784] CloseHandle (hObject=0xf4) returned 1 [0094.785] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0094.785] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0094.786] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\encry-verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\encry-verified_contents.json"), dwFlags=0x1) returned 1 [0094.786] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.787] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.787] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.787] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.788] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.788] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.788] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.788] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.788] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8)) returned 1 [0094.788] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.788] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.789] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.789] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.789] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.789] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.789] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.789] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9)) returned 1 [0094.803] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.803] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0094.803] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.804] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.804] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.804] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.804] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.804] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104)) returned 1 [0094.804] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.804] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.805] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0094.805] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.805] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.805] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.805] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.805] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0)) returned 1 [0094.807] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.815] SetEvent (hEvent=0x120) returned 1 [0094.815] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.862] SetEvent (hEvent=0x120) returned 1 [0094.862] SetEvent (hEvent=0x108) returned 1 [0094.863] SetEvent (hEvent=0x100) returned 1 [0094.863] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.874] VirtualAlloc (lpAddress=0xc0001f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f0000 [0094.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xfc [0094.875] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0094.887] GetFileType (hFile=0xfc) returned 0x1 [0094.887] GetFileType (hFile=0xfc) returned 0x1 [0094.887] GetFileInformationByHandle (in: hFile=0xfc, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0094.887] GetFileInformationByHandleEx (in: hFile=0xfc, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0094.887] VirtualAlloc (lpAddress=0xc0001f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f2000 [0094.887] ReadFile (in: hFile=0xfc, lpBuffer=0xc0001f2000, nNumberOfBytesToRead=0x2d8, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001f2000*, lpNumberOfBytesRead=0xc00024dc04*=0xd8, lpOverlapped=0x0) returned 1 [0094.888] ReadFile (in: hFile=0xfc, lpBuffer=0xc0001f20d8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001f20d8*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0094.889] CloseHandle (hObject=0xfc) returned 1 [0094.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0094.890] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc00024dd04 | out: lpMode=0xc00024dd04) returned 0 [0094.891] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.895] GetFileType (hFile=0xfc) returned 0x1 [0094.895] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.907] WriteFile (in: hFile=0xfc, lpBuffer=0xc0001440e0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00024dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001440e0*, lpNumberOfBytesWritten=0xc00024dcec*=0xe0, lpOverlapped=0x0) returned 1 [0094.908] CloseHandle (hObject=0xfc) returned 1 [0094.917] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0094.917] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0094.917] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0094.917] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0094.918] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0094.918] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0094.919] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0094.919] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0094.919] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0094.920] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0094.924] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.933] SetEvent (hEvent=0x108) returned 1 [0094.933] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.938] SetEvent (hEvent=0x108) returned 1 [0094.938] VirtualFree (lpAddress=0xc0001f2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.938] VirtualFree (lpAddress=0xc0001ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.938] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.938] VirtualFree (lpAddress=0xc00016e000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0094.939] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.939] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.939] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.939] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.940] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.940] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.940] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.940] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.940] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.941] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.941] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.941] GetFileType (hFile=0xf4) returned 0x1 [0094.941] GetFileType (hFile=0xf4) returned 0x1 [0094.941] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc00024bd44 | out: lpFileInformation=0xc00024bd44) returned 1 [0094.941] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc00024bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024bd28) returned 1 [0094.941] VirtualAlloc (lpAddress=0xc0000f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f4000 [0094.942] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000f4000, nNumberOfBytesToRead=0x2de, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f4000*, lpNumberOfBytesRead=0xc00024bc04*=0xde, lpOverlapped=0x0) returned 1 [0094.943] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000f40de, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f40de*, lpNumberOfBytesRead=0xc00024bc04*=0x0, lpOverlapped=0x0) returned 1 [0094.943] CloseHandle (hObject=0xf4) returned 1 [0094.943] VirtualAlloc (lpAddress=0xc0000f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f6000 [0094.943] VirtualAlloc (lpAddress=0xc0000f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f8000 [0094.943] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0094.944] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0094.945] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00024bd04 | out: lpMode=0xc00024bd04) returned 0 [0094.946] GetFileType (hFile=0xf4) returned 0x1 [0094.946] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000f8000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00024bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000f8000*, lpNumberOfBytesWritten=0xc00024bcec*=0xe0, lpOverlapped=0x0) returned 1 [0094.947] CloseHandle (hObject=0xf4) returned 1 [0094.952] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0094.953] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0094.953] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0094.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0094.953] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00024bd64 | out: lpMode=0xc00024bd64) returned 0 [0094.958] GetFileType (hFile=0xf4) returned 0x1 [0094.958] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000e8420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000e8420*, lpNumberOfBytesWritten=0xc00024bd4c*=0x158, lpOverlapped=0x0) returned 1 [0094.958] CloseHandle (hObject=0xf4) returned 1 [0094.959] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.960] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.961] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.961] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0094.961] SetEvent (hEvent=0xc0) returned 1 [0094.961] SetEvent (hEvent=0x100) returned 1 [0094.961] SetEvent (hEvent=0x9c) returned 1 [0094.961] SetEvent (hEvent=0x13c) returned 1 [0094.961] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0094.962] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.964] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.964] SetEvent (hEvent=0x13c) returned 1 [0094.964] SetEvent (hEvent=0x8c) returned 1 [0094.964] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.968] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.968] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0094.968] SetEvent (hEvent=0x108) returned 1 [0094.968] SetEvent (hEvent=0x9c) returned 1 [0094.968] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.971] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0094.971] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc00012bcf4 | out: lpMode=0xc00012bcf4) returned 0 [0094.984] GetFileType (hFile=0x14c) returned 0x1 [0094.984] GetFileType (hFile=0x14c) returned 0x1 [0094.984] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc00012bd44 | out: lpFileInformation=0xc00012bd44) returned 1 [0094.984] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc00012bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012bd28) returned 1 [0094.984] ReadFile (in: hFile=0x14c, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x2d0, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc00012bc04*=0xd0, lpOverlapped=0x0) returned 1 [0094.985] ReadFile (in: hFile=0x14c, lpBuffer=0xc0000a20d0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a20d0*, lpNumberOfBytesRead=0xc00012bc04*=0x0, lpOverlapped=0x0) returned 1 [0094.985] CloseHandle (hObject=0x14c) returned 1 [0094.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0094.987] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc00012bd04 | out: lpMode=0xc00012bd04) returned 0 [0094.997] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0094.999] GetFileType (hFile=0x14c) returned 0x1 [0094.999] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000e00e0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00012bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e00e0*, lpNumberOfBytesWritten=0xc00012bcec*=0xe0, lpOverlapped=0x0) returned 1 [0095.000] CloseHandle (hObject=0x14c) returned 1 [0095.005] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0095.005] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0095.005] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0095.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0095.006] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc00012bd64 | out: lpMode=0xc00012bd64) returned 0 [0095.007] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.019] GetFileType (hFile=0x14c) returned 0x1 [0095.019] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00012bd4c*=0x158, lpOverlapped=0x0) returned 1 [0095.019] CloseHandle (hObject=0x14c) returned 1 [0095.020] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0095.021] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0095.021] VirtualAlloc (lpAddress=0xc00017e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017e000 [0095.022] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0095.022] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.023] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0095.023] SetEvent (hEvent=0x9c) returned 1 [0095.023] SetEvent (hEvent=0x13c) returned 1 [0095.023] SetEvent (hEvent=0x120) returned 1 [0095.025] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.028] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.028] SetEvent (hEvent=0x13c) returned 1 [0095.029] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.032] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.033] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.034] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.034] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0095.034] SetEvent (hEvent=0x13c) returned 1 [0095.034] SetEvent (hEvent=0x108) returned 1 [0095.034] SetEvent (hEvent=0x8c) returned 1 [0095.034] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.041] GetFileType (hFile=0xfc) returned 0x1 [0095.041] WriteFile (in: hFile=0xfc, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0095.041] CloseHandle (hObject=0xfc) returned 1 [0095.044] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0095.045] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0095.045] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.046] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0095.046] SetEvent (hEvent=0x13c) returned 1 [0095.046] SetEvent (hEvent=0x9c) returned 1 [0095.047] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.056] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.057] SetEvent (hEvent=0x9c) returned 1 [0095.057] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.062] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.063] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0095.063] SetEvent (hEvent=0x9c) returned 1 [0095.063] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.064] GetFileType (hFile=0x144) returned 0x1 [0095.064] WriteFile (in: hFile=0x144, lpBuffer=0xc0000fe000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00023fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesWritten=0xc00023fcec*=0xe0, lpOverlapped=0x0) returned 1 [0095.065] CloseHandle (hObject=0x144) returned 1 [0095.074] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.080] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.089] SetEvent (hEvent=0x9c) returned 1 [0095.090] GetFileType (hFile=0x14c) returned 0x1 [0095.090] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc0000c3d44 | out: lpFileInformation=0xc0000c3d44) returned 1 [0095.090] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc0000c3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c3d28) returned 1 [0095.090] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0095.090] ReadFile (in: hFile=0x14c, lpBuffer=0xc000050000, nNumberOfBytesToRead=0x2db, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesRead=0xc0000c3c04*=0xdb, lpOverlapped=0x0) returned 1 [0095.091] ReadFile (in: hFile=0x14c, lpBuffer=0xc0000500db, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000500db*, lpNumberOfBytesRead=0xc0000c3c04*=0x0, lpOverlapped=0x0) returned 1 [0095.091] CloseHandle (hObject=0x14c) returned 1 [0095.092] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0095.092] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0095.092] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0095.093] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0095.093] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0095.093] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0095.095] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0000c3d04 | out: lpMode=0xc0000c3d04) returned 0 [0095.110] GetFileType (hFile=0x14c) returned 0x1 [0095.110] WriteFile (in: hFile=0x14c, lpBuffer=0xc00005c000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0000c3cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesWritten=0xc0000c3cec*=0xe0, lpOverlapped=0x0) returned 1 [0095.111] CloseHandle (hObject=0x14c) returned 1 [0095.113] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0095.113] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0095.113] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0095.113] VirtualAlloc (lpAddress=0xc000122000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000122000 [0095.114] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0095.114] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0095.115] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0095.115] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0095.116] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0095.116] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0000c3d64 | out: lpMode=0xc0000c3d64) returned 0 [0095.124] GetFileType (hFile=0x14c) returned 0x1 [0095.124] WriteFile (in: hFile=0x14c, lpBuffer=0xc000132580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000132580*, lpNumberOfBytesWritten=0xc0000c3d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.124] CloseHandle (hObject=0x14c) returned 1 [0095.129] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.130] SetEvent (hEvent=0x9c) returned 1 [0095.130] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.172] SetEvent (hEvent=0x100) returned 1 [0095.172] SetEvent (hEvent=0x9c) returned 1 [0095.172] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.271] SetEvent (hEvent=0x120) returned 1 [0095.271] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.273] SetEvent (hEvent=0x100) returned 1 [0095.273] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.274] SetEvent (hEvent=0x8c) returned 1 [0095.274] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.280] VirtualFree (lpAddress=0xc000140000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.280] VirtualFree (lpAddress=0xc000132000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.281] VirtualFree (lpAddress=0xc0000f4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.281] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.281] VirtualFree (lpAddress=0xc000134000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0095.282] SetEvent (hEvent=0x9c) returned 1 [0095.282] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.319] SetEvent (hEvent=0x108) returned 1 [0095.319] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.327] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0095.327] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0006e3cf4 | out: lpMode=0xc0006e3cf4) returned 0 [0095.328] GetFileType (hFile=0x150) returned 0x1 [0095.328] GetFileType (hFile=0x150) returned 0x1 [0095.328] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0006e3d44 | out: lpFileInformation=0xc0006e3d44) returned 1 [0095.328] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0006e3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e3d28) returned 1 [0095.328] ReadFile (in: hFile=0x150, lpBuffer=0xc00006a300, nNumberOfBytesToRead=0x2d9, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a300*, lpNumberOfBytesRead=0xc0006e3c04*=0xd9, lpOverlapped=0x0) returned 1 [0095.329] ReadFile (in: hFile=0x150, lpBuffer=0xc00006a3d9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a3d9*, lpNumberOfBytesRead=0xc0006e3c04*=0x0, lpOverlapped=0x0) returned 1 [0095.330] CloseHandle (hObject=0x150) returned 1 [0095.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0095.331] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0006e3d04 | out: lpMode=0xc0006e3d04) returned 0 [0095.331] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.332] SetEvent (hEvent=0x9c) returned 1 [0095.332] GetFileType (hFile=0x150) returned 0x1 [0095.332] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.348] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0095.349] WriteFile (in: hFile=0x150, lpBuffer=0xc0001541c0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0006e3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001541c0*, lpNumberOfBytesWritten=0xc0006e3cec*=0xe0, lpOverlapped=0x0) returned 1 [0095.350] CloseHandle (hObject=0x150) returned 1 [0095.352] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0095.353] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0095.353] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0095.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0095.354] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0006e3d64 | out: lpMode=0xc0006e3d64) returned 0 [0095.367] GetFileType (hFile=0x150) returned 0x1 [0095.367] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006e3d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.367] CloseHandle (hObject=0x150) returned 1 [0095.371] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.372] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0095.372] SetEvent (hEvent=0x120) returned 1 [0095.372] SetEvent (hEvent=0xb8) returned 1 [0095.372] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0095.374] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.383] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.383] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0095.383] SetEvent (hEvent=0xb8) returned 1 [0095.383] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.388] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.388] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0095.388] SetEvent (hEvent=0xc0) returned 1 [0095.388] SetEvent (hEvent=0x120) returned 1 [0095.388] SetEvent (hEvent=0x100) returned 1 [0095.389] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.393] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.400] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0095.400] SetEvent (hEvent=0x120) returned 1 [0095.400] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.415] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.415] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.416] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.416] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0095.416] SetEvent (hEvent=0xc0) returned 1 [0095.416] SetEvent (hEvent=0x100) returned 1 [0095.416] SetEvent (hEvent=0x9c) returned 1 [0095.417] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.422] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.422] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.425] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0095.425] SetEvent (hEvent=0x100) returned 1 [0095.425] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.444] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.445] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0095.445] SetEvent (hEvent=0xc0) returned 1 [0095.445] SetEvent (hEvent=0x120) returned 1 [0095.445] SetEvent (hEvent=0xb8) returned 1 [0095.445] VirtualAlloc (lpAddress=0xc000188000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000188000 [0095.447] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.450] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.450] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0095.450] SetEvent (hEvent=0x100) returned 1 [0095.450] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.455] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.455] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0095.455] SetEvent (hEvent=0xb8) returned 1 [0095.456] SetEvent (hEvent=0x120) returned 1 [0095.456] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.458] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.459] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.460] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0095.460] SetEvent (hEvent=0xb8) returned 1 [0095.460] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.460] GetFileType (hFile=0x148) returned 0x1 [0095.460] GetFileType (hFile=0x148) returned 0x1 [0095.460] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0095.460] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0095.460] VirtualAlloc (lpAddress=0xc000190000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000190000 [0095.461] ReadFile (in: hFile=0x148, lpBuffer=0xc000190000, nNumberOfBytesToRead=0x2da, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc000190000*, lpNumberOfBytesRead=0xc000241c04*=0xda, lpOverlapped=0x0) returned 1 [0095.462] ReadFile (in: hFile=0x148, lpBuffer=0xc0001900da, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001900da*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0095.462] CloseHandle (hObject=0x148) returned 1 [0095.462] VirtualAlloc (lpAddress=0xc000192000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000192000 [0095.463] VirtualAlloc (lpAddress=0xc000194000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000194000 [0095.463] VirtualAlloc (lpAddress=0xc000196000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000196000 [0095.463] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0095.465] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0095.469] GetFileType (hFile=0x148) returned 0x1 [0095.469] WriteFile (in: hFile=0x148, lpBuffer=0xc000194000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc000194000*, lpNumberOfBytesWritten=0xc000241cec*=0xe0, lpOverlapped=0x0) returned 1 [0095.471] CloseHandle (hObject=0x148) returned 1 [0095.472] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0095.472] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0095.472] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0095.473] VirtualAlloc (lpAddress=0xc00019c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019c000 [0095.473] VirtualAlloc (lpAddress=0xc00019e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019e000 [0095.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0095.474] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0095.487] GetFileType (hFile=0x148) returned 0x1 [0095.487] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.488] CloseHandle (hObject=0x148) returned 1 [0095.494] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.515] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0095.515] SetEvent (hEvent=0x9c) returned 1 [0095.515] SetEvent (hEvent=0x13c) returned 1 [0095.515] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0095.516] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.528] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.528] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.548] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.549] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.549] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0095.549] SetEvent (hEvent=0xc0) returned 1 [0095.549] SetEvent (hEvent=0x100) returned 1 [0095.549] SetEvent (hEvent=0x13c) returned 1 [0095.549] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.568] VirtualAlloc (lpAddress=0xc0001a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a8000 [0095.568] VirtualAlloc (lpAddress=0xc0001aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001aa000 [0095.568] VirtualAlloc (lpAddress=0xc0001ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ac000 [0095.569] VirtualAlloc (lpAddress=0xc0001ae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ae000 [0095.569] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0095.569] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0095.576] GetFileType (hFile=0x148) returned 0x1 [0095.576] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0095.576] GetFileType (hFile=0x148) returned 0x1 [0095.576] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0095.576] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0095.576] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0095.577] ReadFile (in: hFile=0x148, lpBuffer=0xc0001b2000, nNumberOfBytesToRead=0x2d0, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b2000*, lpNumberOfBytesRead=0xc000117c04*=0xd0, lpOverlapped=0x0) returned 1 [0095.578] ReadFile (in: hFile=0x148, lpBuffer=0xc0001b20d0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b20d0*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0095.578] CloseHandle (hObject=0x148) returned 1 [0095.578] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0095.579] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0095.579] VirtualAlloc (lpAddress=0xc0001b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b8000 [0095.579] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0095.581] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0095.587] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.597] SetEvent (hEvent=0xb8) returned 1 [0095.597] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.598] SetEvent (hEvent=0x120) returned 1 [0095.598] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.654] SetEvent (hEvent=0x120) returned 1 [0095.654] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.655] SetEvent (hEvent=0x120) returned 1 [0095.655] SetEvent (hEvent=0x9c) returned 1 [0095.655] VirtualFree (lpAddress=0xc0001c6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.655] VirtualFree (lpAddress=0xc0001ba000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0095.656] VirtualFree (lpAddress=0xc0001b4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.656] VirtualFree (lpAddress=0xc0001a8000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0095.656] VirtualFree (lpAddress=0xc00019e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.657] VirtualFree (lpAddress=0xc000196000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.657] VirtualFree (lpAddress=0xc000156000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0095.657] VirtualFree (lpAddress=0xc00014e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0095.658] VirtualFree (lpAddress=0xc000148000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.658] VirtualFree (lpAddress=0xc000134000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.658] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.658] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.658] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.659] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.659] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0095.660] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000045cf4 | out: lpMode=0xc000045cf4) returned 0 [0095.660] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.662] GetFileType (hFile=0x144) returned 0x1 [0095.662] GetFileType (hFile=0x144) returned 0x1 [0095.662] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000045d44 | out: lpFileInformation=0xc000045d44) returned 1 [0095.662] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000045d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000045d28) returned 1 [0095.662] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0095.663] ReadFile (in: hFile=0x144, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x2dd, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc000045c04*=0xdd, lpOverlapped=0x0) returned 1 [0095.664] ReadFile (in: hFile=0x144, lpBuffer=0xc00004e0dd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e0dd*, lpNumberOfBytesRead=0xc000045c04*=0x0, lpOverlapped=0x0) returned 1 [0095.664] CloseHandle (hObject=0x144) returned 1 [0095.664] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0095.664] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0095.665] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000045d04 | out: lpMode=0xc000045d04) returned 0 [0095.665] GetFileType (hFile=0x144) returned 0x1 [0095.666] WriteFile (in: hFile=0x144, lpBuffer=0xc0001b80e0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000045cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001b80e0*, lpNumberOfBytesWritten=0xc000045cec*=0xe0, lpOverlapped=0x0) returned 1 [0095.666] CloseHandle (hObject=0x144) returned 1 [0095.668] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0095.669] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0095.669] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0095.669] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0095.669] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0095.670] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0095.670] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000045d64 | out: lpMode=0xc000045d64) returned 0 [0095.670] GetFileType (hFile=0x144) returned 0x1 [0095.671] WriteFile (in: hFile=0x144, lpBuffer=0xc000040160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000045d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000040160*, lpNumberOfBytesWritten=0xc000045d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.671] CloseHandle (hObject=0x144) returned 1 [0095.672] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.673] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.673] VirtualFree (lpAddress=0xc0000ec000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0095.674] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.674] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.674] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.674] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.674] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0095.675] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000b9cf4 | out: lpMode=0xc0000b9cf4) returned 0 [0095.675] GetFileType (hFile=0x144) returned 0x1 [0095.675] GetFileType (hFile=0x144) returned 0x1 [0095.675] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0000b9d44 | out: lpFileInformation=0xc0000b9d44) returned 1 [0095.676] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0000b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000b9d28) returned 1 [0095.676] ReadFile (in: hFile=0x144, lpBuffer=0xc00004e300, nNumberOfBytesToRead=0x2f8, lpNumberOfBytesRead=0xc0000b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e300*, lpNumberOfBytesRead=0xc0000b9c04*=0xf8, lpOverlapped=0x0) returned 1 [0095.676] ReadFile (in: hFile=0x144, lpBuffer=0xc00004e3f8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e3f8*, lpNumberOfBytesRead=0xc0000b9c04*=0x0, lpOverlapped=0x0) returned 1 [0095.677] CloseHandle (hObject=0x144) returned 1 [0095.677] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0095.678] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000b9d04 | out: lpMode=0xc0000b9d04) returned 0 [0095.678] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.683] SetEvent (hEvent=0x120) returned 1 [0095.683] GetFileType (hFile=0x144) returned 0x1 [0095.683] WriteFile (in: hFile=0x144, lpBuffer=0xc000000700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc0000b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000000700*, lpNumberOfBytesWritten=0xc0000b9cec*=0x100, lpOverlapped=0x0) returned 1 [0095.684] CloseHandle (hObject=0x144) returned 1 [0095.688] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0095.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0095.689] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000b9d64 | out: lpMode=0xc0000b9d64) returned 0 [0095.696] GetFileType (hFile=0x144) returned 0x1 [0095.696] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0000b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.697] CloseHandle (hObject=0x144) returned 1 [0095.701] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.710] SwitchToThread () returned 1 [0095.717] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0095.717] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000173cf4 | out: lpMode=0xc000173cf4) returned 0 [0095.727] GetFileType (hFile=0xf4) returned 0x1 [0095.727] GetFileType (hFile=0xf4) returned 0x1 [0095.727] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000173d44 | out: lpFileInformation=0xc000173d44) returned 1 [0095.727] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000173d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000173d28) returned 1 [0095.727] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0095.727] ReadFile (in: hFile=0xf4, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x2ce, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc000173c04*=0xce, lpOverlapped=0x0) returned 1 [0095.729] ReadFile (in: hFile=0xf4, lpBuffer=0xc00004e0ce, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e0ce*, lpNumberOfBytesRead=0xc000173c04*=0x0, lpOverlapped=0x0) returned 1 [0095.729] CloseHandle (hObject=0xf4) returned 1 [0095.729] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0095.730] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0095.730] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.731] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000173d04 | out: lpMode=0xc000173d04) returned 0 [0095.735] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.736] GetFileType (hFile=0xf4) returned 0x1 [0095.736] WriteFile (in: hFile=0xf4, lpBuffer=0xc000052000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc000173cec, lpOverlapped=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfBytesWritten=0xc000173cec*=0xd0, lpOverlapped=0x0) returned 1 [0095.737] CloseHandle (hObject=0xf4) returned 1 [0095.738] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0095.738] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0095.739] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.739] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000173d64 | out: lpMode=0xc000173d64) returned 0 [0095.747] GetFileType (hFile=0xf4) returned 0x1 [0095.748] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000173d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000173d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.748] CloseHandle (hObject=0xf4) returned 1 [0095.749] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0095.749] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0095.750] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.751] VirtualFree (lpAddress=0xc0001c8000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0095.751] VirtualFree (lpAddress=0xc0001b8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.751] VirtualFree (lpAddress=0xc000178000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0095.752] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.752] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.753] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0095.753] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000185cf4 | out: lpMode=0xc000185cf4) returned 0 [0095.762] GetFileType (hFile=0xf4) returned 0x1 [0095.762] GetFileType (hFile=0xf4) returned 0x1 [0095.762] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000185d44 | out: lpFileInformation=0xc000185d44) returned 1 [0095.762] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000185d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000185d28) returned 1 [0095.762] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0095.763] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000d8000, nNumberOfBytesToRead=0xe8d, lpNumberOfBytesRead=0xc000185c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesRead=0xc000185c04*=0xc8d, lpOverlapped=0x0) returned 1 [0095.771] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000d8c8d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000185c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8c8d*, lpNumberOfBytesRead=0xc000185c04*=0x0, lpOverlapped=0x0) returned 1 [0095.771] CloseHandle (hObject=0xf4) returned 1 [0095.771] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0095.772] VirtualAlloc (lpAddress=0xc0000f2000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f2000 [0095.773] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.774] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000185d04 | out: lpMode=0xc000185d04) returned 0 [0095.783] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.784] GetFileType (hFile=0xf4) returned 0x1 [0095.784] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000f2000*, nNumberOfBytesToWrite=0xc90, lpNumberOfBytesWritten=0xc000185cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000f2000*, lpNumberOfBytesWritten=0xc000185cec*=0xc90, lpOverlapped=0x0) returned 1 [0095.785] CloseHandle (hObject=0xf4) returned 1 [0095.787] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0095.787] VirtualAlloc (lpAddress=0xc0000f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f8000 [0095.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.787] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000185d64 | out: lpMode=0xc000185d64) returned 0 [0095.788] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.794] SetEvent (hEvent=0xc0) returned 1 [0095.794] SetEvent (hEvent=0x120) returned 1 [0095.794] GetFileType (hFile=0xf4) returned 0x1 [0095.794] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.795] WriteFile (in: hFile=0xf4, lpBuffer=0xc000054000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000185d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesWritten=0xc000185d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.795] CloseHandle (hObject=0xf4) returned 1 [0095.797] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\encry-icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\encry-icon_128.png"), dwFlags=0x1) returned 1 [0095.798] VirtualFree (lpAddress=0xc000132000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.798] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.798] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.798] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.799] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.799] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.799] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.799] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.800] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.800] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.800] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.800] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0095.801] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000181cf4 | out: lpMode=0xc000181cf4) returned 0 [0095.805] GetFileType (hFile=0xf4) returned 0x1 [0095.805] GetFileType (hFile=0xf4) returned 0x1 [0095.805] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000181d44 | out: lpFileInformation=0xc000181d44) returned 1 [0095.805] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000181d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000181d28) returned 1 [0095.805] ReadFile (in: hFile=0xf4, lpBuffer=0xc000138280, nNumberOfBytesToRead=0x25c, lpNumberOfBytesRead=0xc000181c04, lpOverlapped=0x0 | out: lpBuffer=0xc000138280*, lpNumberOfBytesRead=0xc000181c04*=0x5c, lpOverlapped=0x0) returned 1 [0095.806] ReadFile (in: hFile=0xf4, lpBuffer=0xc0001382dc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000181c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001382dc*, lpNumberOfBytesRead=0xc000181c04*=0x0, lpOverlapped=0x0) returned 1 [0095.806] CloseHandle (hObject=0xf4) returned 1 [0095.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.808] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000181d04 | out: lpMode=0xc000181d04) returned 0 [0095.808] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.814] SetEvent (hEvent=0x120) returned 1 [0095.814] GetFileType (hFile=0xf4) returned 0x1 [0095.814] WriteFile (in: hFile=0xf4, lpBuffer=0xc000344000*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0xc000181cec, lpOverlapped=0x0 | out: lpBuffer=0xc000344000*, lpNumberOfBytesWritten=0xc000181cec*=0x60, lpOverlapped=0x0) returned 1 [0095.815] CloseHandle (hObject=0xf4) returned 1 [0095.816] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0095.816] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.817] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000181d64 | out: lpMode=0xc000181d64) returned 0 [0095.817] GetFileType (hFile=0xf4) returned 0x1 [0095.817] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000181d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000181d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.818] CloseHandle (hObject=0xf4) returned 1 [0095.819] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\encry-main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\encry-main.html"), dwFlags=0x1) returned 1 [0095.823] VirtualFree (lpAddress=0xc0001d0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0095.824] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.824] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.827] VirtualFree (lpAddress=0xc000162000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.828] VirtualFree (lpAddress=0xc0000f2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0095.828] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.828] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.829] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.829] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.830] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0095.830] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0095.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0095.831] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00016fcf4 | out: lpMode=0xc00016fcf4) returned 0 [0095.834] GetFileType (hFile=0xf4) returned 0x1 [0095.834] GetFileType (hFile=0xf4) returned 0x1 [0095.834] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc00016fd44 | out: lpFileInformation=0xc00016fd44) returned 1 [0095.835] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc00016fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00016fd28) returned 1 [0095.835] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000f8000, nNumberOfBytesToRead=0x360, lpNumberOfBytesRead=0xc00016fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f8000*, lpNumberOfBytesRead=0xc00016fc04*=0x160, lpOverlapped=0x0) returned 1 [0095.836] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000f8160, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00016fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f8160*, lpNumberOfBytesRead=0xc00016fc04*=0x0, lpOverlapped=0x0) returned 1 [0095.836] CloseHandle (hObject=0xf4) returned 1 [0095.836] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0095.837] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.838] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00016fd04 | out: lpMode=0xc00016fd04) returned 0 [0095.841] GetFileType (hFile=0xf4) returned 0x1 [0095.841] WriteFile (in: hFile=0xf4, lpBuffer=0xc00004e000*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0xc00016fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesWritten=0xc00016fcec*=0x170, lpOverlapped=0x0) returned 1 [0095.842] CloseHandle (hObject=0xf4) returned 1 [0095.847] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0095.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.848] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00016fd64 | out: lpMode=0xc00016fd64) returned 0 [0095.858] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.867] SwitchToThread () returned 1 [0095.868] SetEvent (hEvent=0x120) returned 1 [0095.868] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.869] SetEvent (hEvent=0x120) returned 1 [0095.869] SetEvent (hEvent=0x100) returned 1 [0095.869] SetEvent (hEvent=0x8c) returned 1 [0095.869] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.878] VirtualAlloc (lpAddress=0xc000134000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000134000 [0095.878] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0095.878] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000129cf4 | out: lpMode=0xc000129cf4) returned 0 [0095.888] GetFileType (hFile=0x148) returned 0x1 [0095.888] GetFileType (hFile=0x148) returned 0x1 [0095.888] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000129d44 | out: lpFileInformation=0xc000129d44) returned 1 [0095.888] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000129d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000129d28) returned 1 [0095.888] ReadFile (in: hFile=0x148, lpBuffer=0xc0000f0600, nNumberOfBytesToRead=0x2ce, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0600*, lpNumberOfBytesRead=0xc000129c04*=0xce, lpOverlapped=0x0) returned 1 [0095.889] ReadFile (in: hFile=0x148, lpBuffer=0xc0000f06ce, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f06ce*, lpNumberOfBytesRead=0xc000129c04*=0x0, lpOverlapped=0x0) returned 1 [0095.889] CloseHandle (hObject=0x148) returned 1 [0095.889] VirtualAlloc (lpAddress=0xc000136000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000136000 [0095.890] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0095.891] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000129d04 | out: lpMode=0xc000129d04) returned 0 [0095.892] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.894] SetEvent (hEvent=0xc0) returned 1 [0095.894] GetFileType (hFile=0x148) returned 0x1 [0095.895] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.901] WriteFile (in: hFile=0x148, lpBuffer=0xc000136000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc000129cec, lpOverlapped=0x0 | out: lpBuffer=0xc000136000*, lpNumberOfBytesWritten=0xc000129cec*=0xd0, lpOverlapped=0x0) returned 1 [0095.902] CloseHandle (hObject=0x148) returned 1 [0095.903] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0095.904] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0095.904] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0095.904] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0095.905] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0095.905] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0095.906] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0095.906] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000129d64 | out: lpMode=0xc000129d64) returned 0 [0095.914] GetFileType (hFile=0x148) returned 0x1 [0095.914] WriteFile (in: hFile=0x148, lpBuffer=0xc000054420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000129d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000054420*, lpNumberOfBytesWritten=0xc000129d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.914] CloseHandle (hObject=0x148) returned 1 [0095.915] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0095.916] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0095.916] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.917] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0095.917] SetEvent (hEvent=0xb8) returned 1 [0095.917] SetEvent (hEvent=0x8c) returned 1 [0095.917] VirtualAlloc (lpAddress=0xc000190000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000190000 [0095.919] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.924] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.924] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.935] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.935] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0095.935] SetEvent (hEvent=0x9c) returned 1 [0095.935] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.971] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.971] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0095.971] SetEvent (hEvent=0x8c) returned 1 [0095.971] SetEvent (hEvent=0xb8) returned 1 [0095.971] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0095.972] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.977] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.977] SetEvent (hEvent=0xb8) returned 1 [0095.977] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.978] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.978] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.979] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.979] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0095.979] SetEvent (hEvent=0xb8) returned 1 [0095.979] SetEvent (hEvent=0x100) returned 1 [0095.979] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.981] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0095.981] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0095.981] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000183cf4 | out: lpMode=0xc000183cf4) returned 0 [0095.997] GetFileType (hFile=0x148) returned 0x1 [0095.997] GetFileType (hFile=0x148) returned 0x1 [0095.997] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000183d44 | out: lpFileInformation=0xc000183d44) returned 1 [0095.997] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000183d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000183d28) returned 1 [0095.998] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0095.998] ReadFile (in: hFile=0x148, lpBuffer=0xc00007a000, nNumberOfBytesToRead=0x25b, lpNumberOfBytesRead=0xc000183c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesRead=0xc000183c04*=0x5b, lpOverlapped=0x0) returned 1 [0095.999] ReadFile (in: hFile=0x148, lpBuffer=0xc00007a05b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000183c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a05b*, lpNumberOfBytesRead=0xc000183c04*=0x0, lpOverlapped=0x0) returned 1 [0096.000] CloseHandle (hObject=0x148) returned 1 [0096.000] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0096.001] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000183d04 | out: lpMode=0xc000183d04) returned 0 [0096.002] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0096.005] SetEvent (hEvent=0x13c) returned 1 [0096.005] GetFileType (hFile=0x148) returned 0x1 [0096.005] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0096.009] WriteFile (in: hFile=0x148, lpBuffer=0xc000344000*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0xc000183cec, lpOverlapped=0x0 | out: lpBuffer=0xc000344000*, lpNumberOfBytesWritten=0xc000183cec*=0x60, lpOverlapped=0x0) returned 1 [0096.010] CloseHandle (hObject=0x148) returned 1 [0096.011] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0096.011] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0096.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0096.012] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000183d64 | out: lpMode=0xc000183d64) returned 0 [0096.023] GetFileType (hFile=0x148) returned 0x1 [0096.023] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000183d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000183d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.025] CloseHandle (hObject=0x148) returned 1 [0096.026] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\encry-main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\encry-main.js"), dwFlags=0x1) returned 1 [0096.026] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0096.026] SetEvent (hEvent=0x8c) returned 1 [0096.027] SetEvent (hEvent=0x120) returned 1 [0096.027] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0096.028] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.037] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0096.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.038] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0096.038] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0096.038] SetEvent (hEvent=0x120) returned 1 [0096.039] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.045] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.046] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0096.046] SetEvent (hEvent=0xc0) returned 1 [0096.046] SetEvent (hEvent=0x13c) returned 1 [0096.046] SetEvent (hEvent=0xb8) returned 1 [0096.047] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.047] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0096.048] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.054] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0096.054] SetEvent (hEvent=0x13c) returned 1 [0096.054] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.069] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.070] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0096.070] SetEvent (hEvent=0xc0) returned 1 [0096.070] SetEvent (hEvent=0x120) returned 1 [0096.070] SetEvent (hEvent=0xb8) returned 1 [0096.071] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.077] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.079] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0096.079] SetEvent (hEvent=0x120) returned 1 [0096.079] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.105] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0096.105] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0096.105] SetEvent (hEvent=0x9c) returned 1 [0096.105] SetEvent (hEvent=0x8c) returned 1 [0096.105] SetEvent (hEvent=0x100) returned 1 [0096.106] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.109] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0096.109] SetEvent (hEvent=0x120) returned 1 [0096.109] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.110] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0096.110] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.111] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0096.112] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0096.112] SetEvent (hEvent=0x120) returned 1 [0096.112] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.112] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0096.112] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000259cf4 | out: lpMode=0xc000259cf4) returned 0 [0096.118] GetFileType (hFile=0xec) returned 0x1 [0096.118] GetFileType (hFile=0xec) returned 0x1 [0096.118] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000259d44 | out: lpFileInformation=0xc000259d44) returned 1 [0096.118] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000259d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000259d28) returned 1 [0096.118] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0096.119] ReadFile (in: hFile=0xec, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x33f, lpNumberOfBytesRead=0xc000259c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc000259c04*=0x13f, lpOverlapped=0x0) returned 1 [0096.120] ReadFile (in: hFile=0xec, lpBuffer=0xc00003c13f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000259c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c13f*, lpNumberOfBytesRead=0xc000259c04*=0x0, lpOverlapped=0x0) returned 1 [0096.120] CloseHandle (hObject=0xec) returned 1 [0096.120] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0096.120] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0096.121] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000259d04 | out: lpMode=0xc000259d04) returned 0 [0096.129] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0096.140] SetEvent (hEvent=0x120) returned 1 [0096.140] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0096.141] SetEvent (hEvent=0x120) returned 1 [0096.141] SetEvent (hEvent=0xb8) returned 1 [0096.141] SetEvent (hEvent=0x100) returned 1 [0096.141] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0096.145] VirtualFree (lpAddress=0xc000176000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.145] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.146] VirtualFree (lpAddress=0xc000162000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.146] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.146] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.147] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.147] VirtualAlloc (lpAddress=0xc000142000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000142000 [0096.147] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0096.147] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.148] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.148] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.148] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ec0640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.148] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.148] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.148] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ec0640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101)) returned 1 [0096.149] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.150] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.150] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.150] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.150] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.150] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.150] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104)) returned 1 [0096.163] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0096.166] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0096.166] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0096.167] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0096.167] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.167] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.168] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.168] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0096.168] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.168] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.168] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.168] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.169] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfc)) returned 1 [0096.169] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.169] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.169] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.169] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.169] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.169] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.169] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.170] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116)) returned 1 [0096.179] VirtualAlloc (lpAddress=0xc000150000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000150000 [0096.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.180] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.181] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.181] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ee5030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.181] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x159, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.181] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.181] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.181] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ee5030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ee5030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x159)) returned 1 [0096.181] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.182] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.182] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0b190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86f0b190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.182] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x107, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.182] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.182] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.182] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86f0b190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86f0c130, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x107)) returned 1 [0096.194] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0096.244] SetEvent (hEvent=0x120) returned 1 [0096.244] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.090] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0102.091] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000189cf4 | out: lpMode=0xc000189cf4) returned 0 [0102.096] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.127] SetEvent (hEvent=0x13c) returned 1 [0102.127] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.131] SetEvent (hEvent=0xfc) returned 1 [0102.131] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.145] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.159] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.160] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0102.160] SetEvent (hEvent=0xc0) returned 1 [0102.160] SetEvent (hEvent=0x12c) returned 1 [0102.160] SetEvent (hEvent=0x100) returned 1 [0102.160] SetEvent (hEvent=0x108) returned 1 [0102.160] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0102.162] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.164] SetEvent (hEvent=0xfc) returned 1 [0102.164] SetEvent (hEvent=0x100) returned 1 [0102.164] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.167] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.167] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0102.167] SetEvent (hEvent=0x13c) returned 1 [0102.167] SetEvent (hEvent=0x15c) returned 1 [0102.167] SetEvent (hEvent=0x100) returned 1 [0102.167] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.175] GetFileType (hFile=0x168) returned 0x1 [0102.175] WriteFile (in: hFile=0x168, lpBuffer=0xc00016a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesWritten=0xc0001bfd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.175] CloseHandle (hObject=0x168) returned 1 [0102.176] VirtualAlloc (lpAddress=0xc000210000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000210000 [0102.176] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\encry-topbar_floating_button_close.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\encry-topbar_floating_button_close.png"), dwFlags=0x1) returned 1 [0102.177] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0102.177] SetEvent (hEvent=0x13c) returned 1 [0102.177] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0102.178] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.184] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.185] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0102.185] SetEvent (hEvent=0x13c) returned 1 [0102.185] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.197] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.198] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.198] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0102.198] SetEvent (hEvent=0xc0) returned 1 [0102.198] SetEvent (hEvent=0x100) returned 1 [0102.198] SetEvent (hEvent=0x15c) returned 1 [0102.198] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0102.199] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.203] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.207] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0102.207] SetEvent (hEvent=0x100) returned 1 [0102.207] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.213] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.214] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0102.214] SetEvent (hEvent=0x108) returned 1 [0102.214] SetEvent (hEvent=0x15c) returned 1 [0102.214] SetEvent (hEvent=0xfc) returned 1 [0102.215] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.221] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.228] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.229] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0102.229] SetEvent (hEvent=0x13c) returned 1 [0102.229] SetEvent (hEvent=0x15c) returned 1 [0102.229] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.232] GetFileType (hFile=0xec) returned 0x1 [0102.232] WriteFile (in: hFile=0xec, lpBuffer=0xc00016a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001ebd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesWritten=0xc0001ebd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.232] CloseHandle (hObject=0xec) returned 1 [0102.232] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0102.233] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0102.233] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0102.233] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\encry-topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\encry-topbar_floating_button_pressed.png"), dwFlags=0x1) returned 1 [0102.234] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.235] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0102.235] SetEvent (hEvent=0xc0) returned 1 [0102.235] SetEvent (hEvent=0x13c) returned 1 [0102.235] SetEvent (hEvent=0x108) returned 1 [0102.236] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.240] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.330] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.331] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0102.331] SetEvent (hEvent=0xc0) returned 1 [0102.331] SetEvent (hEvent=0xfc) returned 1 [0102.331] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.345] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.346] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0102.346] SetEvent (hEvent=0x13c) returned 1 [0102.346] SetEvent (hEvent=0x100) returned 1 [0102.346] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0102.348] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.351] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.358] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0102.358] SetEvent (hEvent=0x13c) returned 1 [0102.359] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.365] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.365] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0102.365] SetEvent (hEvent=0x100) returned 1 [0102.365] SetEvent (hEvent=0x108) returned 1 [0102.366] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.373] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.373] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.375] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.375] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0102.375] SetEvent (hEvent=0x13c) returned 1 [0102.376] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.385] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.385] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.411] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.411] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0102.411] SetEvent (hEvent=0xc0) returned 1 [0102.411] SetEvent (hEvent=0x108) returned 1 [0102.411] SetEvent (hEvent=0x100) returned 1 [0102.412] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.416] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.420] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.420] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0102.420] SetEvent (hEvent=0xc0) returned 1 [0102.421] SetEvent (hEvent=0x15c) returned 1 [0102.421] SetEvent (hEvent=0x108) returned 1 [0102.421] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.440] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0102.440] SetEvent (hEvent=0x108) returned 1 [0102.440] SetEvent (hEvent=0xfc) returned 1 [0102.441] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.445] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.445] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.449] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.449] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.450] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.450] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0102.451] SetEvent (hEvent=0xc0) returned 1 [0102.451] SetEvent (hEvent=0x108) returned 1 [0102.451] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.451] GetFileType (hFile=0x150) returned 0x1 [0102.451] WriteFile (in: hFile=0x150, lpBuffer=0xc0002b2000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000273d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002b2000*, lpNumberOfBytesWritten=0xc000273d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.451] CloseHandle (hObject=0x150) returned 1 [0102.452] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.453] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.453] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0102.453] SetEvent (hEvent=0x13c) returned 1 [0102.453] SetEvent (hEvent=0x108) returned 1 [0102.454] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.458] SetEvent (hEvent=0x108) returned 1 [0102.458] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.461] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.461] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0102.462] SetEvent (hEvent=0x15c) returned 1 [0102.462] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0102.462] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00014bcf4 | out: lpMode=0xc00014bcf4) returned 0 [0102.471] GetFileType (hFile=0x150) returned 0x1 [0102.471] GetFileType (hFile=0x150) returned 0x1 [0102.472] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00014bd44 | out: lpFileInformation=0xc00014bd44) returned 1 [0102.472] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00014bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014bd28) returned 1 [0102.472] ReadFile (in: hFile=0x150, lpBuffer=0xc0000ce300, nNumberOfBytesToRead=0x2d7, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce300*, lpNumberOfBytesRead=0xc00014bc04*=0xd7, lpOverlapped=0x0) returned 1 [0102.473] ReadFile (in: hFile=0x150, lpBuffer=0xc0000ce3d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce3d7*, lpNumberOfBytesRead=0xc00014bc04*=0x0, lpOverlapped=0x0) returned 1 [0102.473] CloseHandle (hObject=0x150) returned 1 [0102.473] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0102.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.475] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00014bd04 | out: lpMode=0xc00014bd04) returned 0 [0102.489] GetFileType (hFile=0x150) returned 0x1 [0102.489] WriteFile (in: hFile=0x150, lpBuffer=0xc00023a000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00014bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00023a000*, lpNumberOfBytesWritten=0xc00014bcec*=0xe0, lpOverlapped=0x0) returned 1 [0102.490] CloseHandle (hObject=0x150) returned 1 [0102.490] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0102.490] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0102.491] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0102.491] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0102.491] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0102.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.492] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00014bd64 | out: lpMode=0xc00014bd64) returned 0 [0102.502] GetFileType (hFile=0x150) returned 0x1 [0102.502] WriteFile (in: hFile=0x150, lpBuffer=0xc0000702c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000702c0*, lpNumberOfBytesWritten=0xc00014bd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.503] CloseHandle (hObject=0x150) returned 1 [0102.503] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\en\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.504] VirtualFree (lpAddress=0xc0002c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.504] VirtualFree (lpAddress=0xc0002bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.504] VirtualFree (lpAddress=0xc000232000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0102.505] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.505] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.505] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.506] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.506] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.506] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.506] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0102.507] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000279cf4 | out: lpMode=0xc000279cf4) returned 0 [0102.515] GetFileType (hFile=0x150) returned 0x1 [0102.515] GetFileType (hFile=0x150) returned 0x1 [0102.515] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000279d44 | out: lpFileInformation=0xc000279d44) returned 1 [0102.515] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000279d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000279d28) returned 1 [0102.515] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0102.516] ReadFile (in: hFile=0x150, lpBuffer=0xc000124000, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesRead=0xc000279c04*=0x14c, lpOverlapped=0x0) returned 1 [0102.517] ReadFile (in: hFile=0x150, lpBuffer=0xc00012414c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc00012414c*, lpNumberOfBytesRead=0xc000279c04*=0x0, lpOverlapped=0x0) returned 1 [0102.517] CloseHandle (hObject=0x150) returned 1 [0102.517] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0102.518] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.519] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000279d04 | out: lpMode=0xc000279d04) returned 0 [0102.529] GetFileType (hFile=0x150) returned 0x1 [0102.529] WriteFile (in: hFile=0x150, lpBuffer=0xc000070420*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0xc000279cec, lpOverlapped=0x0 | out: lpBuffer=0xc000070420*, lpNumberOfBytesWritten=0xc000279cec*=0x150, lpOverlapped=0x0) returned 1 [0102.531] CloseHandle (hObject=0x150) returned 1 [0102.531] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0102.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.531] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000279d64 | out: lpMode=0xc000279d64) returned 0 [0102.568] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.570] GetFileType (hFile=0x150) returned 0x1 [0102.570] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000279d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000279d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.570] CloseHandle (hObject=0x150) returned 1 [0102.570] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.571] SetEvent (hEvent=0x13c) returned 1 [0102.571] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.585] SetEvent (hEvent=0x100) returned 1 [0102.585] SetEvent (hEvent=0xfc) returned 1 [0102.585] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.586] SetEvent (hEvent=0x100) returned 1 [0102.586] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.595] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.597] SetEvent (hEvent=0x100) returned 1 [0102.597] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.601] SetEvent (hEvent=0x100) returned 1 [0102.601] SetEvent (hEvent=0x13c) returned 1 [0102.601] VirtualFree (lpAddress=0xc0002c6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.602] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.602] VirtualFree (lpAddress=0xc000266000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.602] VirtualFree (lpAddress=0xc000160000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0102.602] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.603] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.603] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586598*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000153818, lpReserved=0x0 | out: lpBuffer=0xc000586598*, lpNumberOfCharsWritten=0xc000153818*=0x3) returned 1 [0102.605] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.606] SetEvent (hEvent=0x13c) returned 1 [0102.606] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005865d0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012b818, lpReserved=0x0 | out: lpBuffer=0xc0005865d0*, lpNumberOfCharsWritten=0xc00012b818*=0x3) returned 1 [0102.607] SetEvent (hEvent=0x13c) returned 1 [0102.607] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0348*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000173818, lpReserved=0x0 | out: lpBuffer=0xc0000a0348*, lpNumberOfCharsWritten=0xc000173818*=0x3) returned 1 [0102.607] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.612] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102070*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f5818, lpReserved=0x0 | out: lpBuffer=0xc000102070*, lpNumberOfCharsWritten=0xc0000f5818*=0x3) returned 1 [0102.622] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102076*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000b7818, lpReserved=0x0 | out: lpBuffer=0xc000102076*, lpNumberOfCharsWritten=0xc0000b7818*=0x3) returned 1 [0102.631] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00019b818, lpReserved=0x0 | out: lpBuffer=0xc0001020b0*, lpNumberOfCharsWritten=0xc00019b818*=0x3) returned 1 [0102.637] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0518*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000b9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0518*, lpNumberOfCharsWritten=0xc0000b9818*=0x3) returned 1 [0102.643] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010148*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000111818, lpReserved=0x0 | out: lpBuffer=0xc000010148*, lpNumberOfCharsWritten=0xc000111818*=0x3) returned 1 [0102.645] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.651] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000102a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000253818, lpReserved=0x0 | out: lpBuffer=0xc0000102a0*, lpNumberOfCharsWritten=0xc000253818*=0x3) returned 1 [0102.656] SwitchToThread () returned 1 [0102.656] SetEvent (hEvent=0x100) returned 1 [0102.656] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.656] SetEvent (hEvent=0x100) returned 1 [0102.656] SetEvent (hEvent=0x108) returned 1 [0102.657] SetEvent (hEvent=0x13c) returned 1 [0102.657] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.663] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0102.663] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0102.664] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0102.664] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0102.665] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001f7cf4 | out: lpMode=0xc0001f7cf4) returned 0 [0102.675] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.677] GetFileType (hFile=0x174) returned 0x1 [0102.677] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0102.677] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0102.677] GetFileType (hFile=0x174) returned 0x1 [0102.678] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0001f7d44 | out: lpFileInformation=0xc0001f7d44) returned 1 [0102.678] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0001f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f7d28) returned 1 [0102.678] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0102.678] ReadFile (in: hFile=0x174, lpBuffer=0xc000168000, nNumberOfBytesToRead=0x330, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000168000*, lpNumberOfBytesRead=0xc0001f7c04*=0x130, lpOverlapped=0x0) returned 1 [0102.679] ReadFile (in: hFile=0x174, lpBuffer=0xc000168130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000168130*, lpNumberOfBytesRead=0xc0001f7c04*=0x0, lpOverlapped=0x0) returned 1 [0102.679] CloseHandle (hObject=0x174) returned 1 [0102.680] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0102.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0102.681] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001f7d04 | out: lpMode=0xc0001f7d04) returned 0 [0102.683] GetFileType (hFile=0x174) returned 0x1 [0102.683] WriteFile (in: hFile=0x174, lpBuffer=0xc000162140*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0xc0001f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000162140*, lpNumberOfBytesWritten=0xc0001f7cec*=0x140, lpOverlapped=0x0) returned 1 [0102.684] CloseHandle (hObject=0x174) returned 1 [0102.684] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0102.684] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0102.684] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001f7d64 | out: lpMode=0xc0001f7d64) returned 0 [0102.685] GetFileType (hFile=0x174) returned 0x1 [0102.685] WriteFile (in: hFile=0x174, lpBuffer=0xc00005a6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00005a6e0*, lpNumberOfBytesWritten=0xc0001f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.685] CloseHandle (hObject=0x174) returned 1 [0102.685] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.686] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.686] SetEvent (hEvent=0x13c) returned 1 [0102.686] SetEvent (hEvent=0x12c) returned 1 [0102.686] VirtualFree (lpAddress=0xc000144000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.687] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.687] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.687] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.687] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0102.688] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001f3cf4 | out: lpMode=0xc0001f3cf4) returned 0 [0102.689] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.690] GetFileType (hFile=0x170) returned 0x1 [0102.691] GetFileType (hFile=0x170) returned 0x1 [0102.691] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc0001f3d44 | out: lpFileInformation=0xc0001f3d44) returned 1 [0102.691] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc0001f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f3d28) returned 1 [0102.691] ReadFile (in: hFile=0x170, lpBuffer=0xc000054000, nNumberOfBytesToRead=0x302, lpNumberOfBytesRead=0xc0001f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesRead=0xc0001f3c04*=0x102, lpOverlapped=0x0) returned 1 [0102.692] ReadFile (in: hFile=0x170, lpBuffer=0xc000054102, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000054102*, lpNumberOfBytesRead=0xc0001f3c04*=0x0, lpOverlapped=0x0) returned 1 [0102.692] CloseHandle (hObject=0x170) returned 1 [0102.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.693] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001f3d04 | out: lpMode=0xc0001f3d04) returned 0 [0102.694] GetFileType (hFile=0x170) returned 0x1 [0102.694] WriteFile (in: hFile=0x170, lpBuffer=0xc0002d0120*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc0001f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002d0120*, lpNumberOfBytesWritten=0xc0001f3cec*=0x110, lpOverlapped=0x0) returned 1 [0102.695] CloseHandle (hObject=0x170) returned 1 [0102.695] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0102.695] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.695] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001f3d64 | out: lpMode=0xc0001f3d64) returned 0 [0102.696] GetFileType (hFile=0x170) returned 0x1 [0102.696] WriteFile (in: hFile=0x170, lpBuffer=0xc00005a160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00005a160*, lpNumberOfBytesWritten=0xc0001f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.696] CloseHandle (hObject=0x170) returned 1 [0102.696] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0102.697] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.697] VirtualFree (lpAddress=0xc0002fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.698] VirtualFree (lpAddress=0xc0002a8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.698] VirtualFree (lpAddress=0xc000160000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0102.698] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.699] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0102.699] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001ffcf4 | out: lpMode=0xc0001ffcf4) returned 0 [0102.702] GetFileType (hFile=0x170) returned 0x1 [0102.702] GetFileType (hFile=0x170) returned 0x1 [0102.702] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc0001ffd44 | out: lpFileInformation=0xc0001ffd44) returned 1 [0102.702] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc0001ffd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001ffd28) returned 1 [0102.702] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0102.703] ReadFile (in: hFile=0x170, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x2886, lpNumberOfBytesRead=0xc0001ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc0001ffc04*=0x2686, lpOverlapped=0x0) returned 1 [0102.706] ReadFile (in: hFile=0x170, lpBuffer=0xc000162686, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc000162686*, lpNumberOfBytesRead=0xc0001ffc04*=0x0, lpOverlapped=0x0) returned 1 [0102.706] CloseHandle (hObject=0x170) returned 1 [0102.706] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0102.706] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0102.707] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.708] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001ffd04 | out: lpMode=0xc0001ffd04) returned 0 [0102.709] GetFileType (hFile=0x170) returned 0x1 [0102.709] WriteFile (in: hFile=0x170, lpBuffer=0xc000212000*, nNumberOfBytesToWrite=0x2690, lpNumberOfBytesWritten=0xc0001ffcec, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesWritten=0xc0001ffcec*=0x2690, lpOverlapped=0x0) returned 1 [0102.710] CloseHandle (hObject=0x170) returned 1 [0102.710] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0102.711] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0102.711] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.711] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001ffd64 | out: lpMode=0xc0001ffd64) returned 0 [0102.713] GetFileType (hFile=0x170) returned 0x1 [0102.713] WriteFile (in: hFile=0x170, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001ffd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001ffd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.714] CloseHandle (hObject=0x170) returned 1 [0102.714] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0102.714] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\encry-verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\encry-verified_contents.json"), dwFlags=0x1) returned 1 [0102.715] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.717] SetEvent (hEvent=0x13c) returned 1 [0102.717] SetEvent (hEvent=0xfc) returned 1 [0102.717] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.717] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.718] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.718] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.718] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.718] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.719] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.719] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0102.720] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc00017dcf4 | out: lpMode=0xc00017dcf4) returned 0 [0102.726] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.728] GetFileType (hFile=0x170) returned 0x1 [0102.729] GetFileType (hFile=0x170) returned 0x1 [0102.729] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc00017dd44 | out: lpFileInformation=0xc00017dd44) returned 1 [0102.729] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc00017dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00017dd28) returned 1 [0102.729] ReadFile (in: hFile=0x170, lpBuffer=0xc000054000, nNumberOfBytesToRead=0x308, lpNumberOfBytesRead=0xc00017dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesRead=0xc00017dc04*=0x108, lpOverlapped=0x0) returned 1 [0102.730] ReadFile (in: hFile=0x170, lpBuffer=0xc000054108, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00017dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000054108*, lpNumberOfBytesRead=0xc00017dc04*=0x0, lpOverlapped=0x0) returned 1 [0102.730] CloseHandle (hObject=0x170) returned 1 [0102.730] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.731] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc00017dd04 | out: lpMode=0xc00017dd04) returned 0 [0102.732] GetFileType (hFile=0x170) returned 0x1 [0102.732] WriteFile (in: hFile=0x170, lpBuffer=0xc0002f0240*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc00017dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f0240*, lpNumberOfBytesWritten=0xc00017dcec*=0x110, lpOverlapped=0x0) returned 1 [0102.733] CloseHandle (hObject=0x170) returned 1 [0102.733] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0102.733] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0102.734] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0102.734] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0102.734] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.734] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc00017dd64 | out: lpMode=0xc00017dd64) returned 0 [0102.742] GetFileType (hFile=0x170) returned 0x1 [0102.742] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0102.742] WriteFile (in: hFile=0x170, lpBuffer=0xc0000f0000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00017dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesWritten=0xc00017dd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.743] CloseHandle (hObject=0x170) returned 1 [0102.743] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0102.743] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.744] VirtualFree (lpAddress=0xc000212000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0102.745] VirtualFree (lpAddress=0xc000160000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0102.745] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0102.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0102.746] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000179cf4 | out: lpMode=0xc000179cf4) returned 0 [0102.749] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.756] GetFileType (hFile=0x170) returned 0x1 [0102.756] GetFileType (hFile=0x170) returned 0x1 [0102.756] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc000179d44 | out: lpFileInformation=0xc000179d44) returned 1 [0102.756] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc000179d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000179d28) returned 1 [0102.756] ReadFile (in: hFile=0x170, lpBuffer=0xc000070000, nNumberOfBytesToRead=0x2df, lpNumberOfBytesRead=0xc000179c04, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesRead=0xc000179c04*=0xdf, lpOverlapped=0x0) returned 1 [0102.757] ReadFile (in: hFile=0x170, lpBuffer=0xc0000700df, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000179c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000700df*, lpNumberOfBytesRead=0xc000179c04*=0x0, lpOverlapped=0x0) returned 1 [0102.757] CloseHandle (hObject=0x170) returned 1 [0102.757] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0102.758] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.758] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000179d04 | out: lpMode=0xc000179d04) returned 0 [0102.765] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.772] GetFileType (hFile=0x170) returned 0x1 [0102.772] WriteFile (in: hFile=0x170, lpBuffer=0xc000104000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000179cec, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesWritten=0xc000179cec*=0xe0, lpOverlapped=0x0) returned 1 [0102.774] CloseHandle (hObject=0x170) returned 1 [0102.774] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0102.774] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0102.774] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0102.775] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.775] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000179d64 | out: lpMode=0xc000179d64) returned 0 [0102.778] GetFileType (hFile=0x170) returned 0x1 [0102.779] WriteFile (in: hFile=0x170, lpBuffer=0xc0000d8420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000179d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8420*, lpNumberOfBytesWritten=0xc000179d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.779] CloseHandle (hObject=0x170) returned 1 [0102.779] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.780] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.785] SetEvent (hEvent=0x13c) returned 1 [0102.785] SetEvent (hEvent=0x100) returned 1 [0102.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0102.785] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00013fcf4 | out: lpMode=0xc00013fcf4) returned 0 [0102.792] GetFileType (hFile=0x150) returned 0x1 [0102.792] GetFileType (hFile=0x150) returned 0x1 [0102.792] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00013fd44 | out: lpFileInformation=0xc00013fd44) returned 1 [0102.792] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00013fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013fd28) returned 1 [0102.792] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0102.793] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0102.793] ReadFile (in: hFile=0x150, lpBuffer=0xc0001de000, nNumberOfBytesToRead=0x321, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de000*, lpNumberOfBytesRead=0xc00013fc04*=0x121, lpOverlapped=0x0) returned 1 [0102.794] ReadFile (in: hFile=0x150, lpBuffer=0xc0001de121, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de121*, lpNumberOfBytesRead=0xc00013fc04*=0x0, lpOverlapped=0x0) returned 1 [0102.794] CloseHandle (hObject=0x150) returned 1 [0102.794] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0102.794] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0102.795] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.796] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00013fd04 | out: lpMode=0xc00013fd04) returned 0 [0102.800] GetFileType (hFile=0x150) returned 0x1 [0102.800] WriteFile (in: hFile=0x150, lpBuffer=0xc000052500*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0xc00013fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000052500*, lpNumberOfBytesWritten=0xc00013fcec*=0x130, lpOverlapped=0x0) returned 1 [0102.801] CloseHandle (hObject=0x150) returned 1 [0102.801] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0102.801] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0102.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.802] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00013fd64 | out: lpMode=0xc00013fd64) returned 0 [0102.805] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.810] SetEvent (hEvent=0x13c) returned 1 [0102.810] GetFileType (hFile=0x150) returned 0x1 [0102.810] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00013fd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.810] CloseHandle (hObject=0x150) returned 1 [0102.810] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.811] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.811] SetEvent (hEvent=0x13c) returned 1 [0102.812] SetEvent (hEvent=0x100) returned 1 [0102.812] VirtualFree (lpAddress=0xc0002fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.812] VirtualFree (lpAddress=0xc0002f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.812] VirtualFree (lpAddress=0xc0002d0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.813] VirtualFree (lpAddress=0xc00027c000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0102.813] VirtualFree (lpAddress=0xc00020a000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0102.814] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0102.814] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.815] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.815] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.815] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.815] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.816] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.816] VirtualFree (lpAddress=0xc00006a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0102.816] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.817] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.817] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0102.818] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000155cf4 | out: lpMode=0xc000155cf4) returned 0 [0102.818] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.820] GetFileType (hFile=0x150) returned 0x1 [0102.820] GetFileType (hFile=0x150) returned 0x1 [0102.820] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000155d44 | out: lpFileInformation=0xc000155d44) returned 1 [0102.820] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000155d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000155d28) returned 1 [0102.820] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0102.821] ReadFile (in: hFile=0x150, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x2fd, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc000155c04*=0xfd, lpOverlapped=0x0) returned 1 [0102.822] ReadFile (in: hFile=0x150, lpBuffer=0xc00004e0fd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e0fd*, lpNumberOfBytesRead=0xc000155c04*=0x0, lpOverlapped=0x0) returned 1 [0102.822] CloseHandle (hObject=0x150) returned 1 [0102.822] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0102.823] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.824] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000155d04 | out: lpMode=0xc000155d04) returned 0 [0102.824] GetFileType (hFile=0x150) returned 0x1 [0102.824] WriteFile (in: hFile=0x150, lpBuffer=0xc000082200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc000155cec, lpOverlapped=0x0 | out: lpBuffer=0xc000082200*, lpNumberOfBytesWritten=0xc000155cec*=0x100, lpOverlapped=0x0) returned 1 [0102.825] CloseHandle (hObject=0x150) returned 1 [0102.826] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0102.826] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0102.826] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0102.826] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0102.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.827] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000155d64 | out: lpMode=0xc000155d64) returned 0 [0102.827] GetFileType (hFile=0x150) returned 0x1 [0102.827] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000155d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc000155d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.828] CloseHandle (hObject=0x150) returned 1 [0102.828] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.832] SwitchToThread () returned 1 [0102.832] SetEvent (hEvent=0x13c) returned 1 [0102.833] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.834] SetEvent (hEvent=0x100) returned 1 [0102.834] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.844] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.847] SetEvent (hEvent=0x13c) returned 1 [0102.847] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.855] SetEvent (hEvent=0x13c) returned 1 [0102.855] SetEvent (hEvent=0x108) returned 1 [0102.855] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.855] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.855] VirtualFree (lpAddress=0xc000160000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0102.856] VirtualFree (lpAddress=0xc000144000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.856] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.856] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.856] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.857] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.857] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0102.857] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0102.857] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0102.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0102.858] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001d5cf4 | out: lpMode=0xc0001d5cf4) returned 0 [0102.860] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.862] GetFileType (hFile=0x150) returned 0x1 [0102.862] GetFileType (hFile=0x150) returned 0x1 [0102.862] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0001d5d44 | out: lpFileInformation=0xc0001d5d44) returned 1 [0102.862] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0001d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d5d28) returned 1 [0102.862] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0102.863] ReadFile (in: hFile=0x150, lpBuffer=0xc00006e000, nNumberOfBytesToRead=0x344, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesRead=0xc0001d5c04*=0x144, lpOverlapped=0x0) returned 1 [0102.864] ReadFile (in: hFile=0x150, lpBuffer=0xc00006e144, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e144*, lpNumberOfBytesRead=0xc0001d5c04*=0x0, lpOverlapped=0x0) returned 1 [0102.864] CloseHandle (hObject=0x150) returned 1 [0102.864] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0102.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.865] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001d5d04 | out: lpMode=0xc0001d5d04) returned 0 [0102.865] GetFileType (hFile=0x150) returned 0x1 [0102.865] WriteFile (in: hFile=0x150, lpBuffer=0xc000070000*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0xc0001d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesWritten=0xc0001d5cec*=0x150, lpOverlapped=0x0) returned 1 [0102.867] CloseHandle (hObject=0x150) returned 1 [0102.867] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0102.867] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0102.867] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0102.868] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.868] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001d5d64 | out: lpMode=0xc0001d5d64) returned 0 [0102.870] GetFileType (hFile=0x150) returned 0x1 [0102.870] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.870] CloseHandle (hObject=0x150) returned 1 [0102.870] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0102.871] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001fdcf4 | out: lpMode=0xc0001fdcf4) returned 0 [0102.872] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.877] SetEvent (hEvent=0x13c) returned 1 [0102.877] GetFileType (hFile=0x150) returned 0x1 [0102.877] GetFileType (hFile=0x150) returned 0x1 [0102.877] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0001fdd44 | out: lpFileInformation=0xc0001fdd44) returned 1 [0102.877] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0001fdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fdd28) returned 1 [0102.877] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0102.878] ReadFile (in: hFile=0x150, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x2f9, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc0001fdc04*=0xf9, lpOverlapped=0x0) returned 1 [0102.879] ReadFile (in: hFile=0x150, lpBuffer=0xc0000940f9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000940f9*, lpNumberOfBytesRead=0xc0001fdc04*=0x0, lpOverlapped=0x0) returned 1 [0102.879] CloseHandle (hObject=0x150) returned 1 [0102.879] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0102.879] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0102.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.880] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001fdd04 | out: lpMode=0xc0001fdd04) returned 0 [0102.886] GetFileType (hFile=0x150) returned 0x1 [0102.886] WriteFile (in: hFile=0x150, lpBuffer=0xc000000500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc0001fdcec, lpOverlapped=0x0 | out: lpBuffer=0xc000000500*, lpNumberOfBytesWritten=0xc0001fdcec*=0x100, lpOverlapped=0x0) returned 1 [0102.887] CloseHandle (hObject=0x150) returned 1 [0102.887] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0102.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.887] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001fdd64 | out: lpMode=0xc0001fdd64) returned 0 [0102.894] GetFileType (hFile=0x150) returned 0x1 [0102.894] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc0001fdd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.894] CloseHandle (hObject=0x150) returned 1 [0102.894] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0102.894] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0102.895] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.900] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.912] SetEvent (hEvent=0x13c) returned 1 [0102.912] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0102.912] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0102.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0102.913] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0102.919] GetFileType (hFile=0x148) returned 0x1 [0102.919] GetFileType (hFile=0x148) returned 0x1 [0102.919] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0102.919] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0102.919] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0102.920] ReadFile (in: hFile=0x148, lpBuffer=0xc000104000, nNumberOfBytesToRead=0x2e2, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesRead=0xc0006e1c04*=0xe2, lpOverlapped=0x0) returned 1 [0102.921] ReadFile (in: hFile=0x148, lpBuffer=0xc0001040e2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001040e2*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0102.921] CloseHandle (hObject=0x148) returned 1 [0102.921] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0102.921] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0102.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0102.922] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0102.927] GetFileType (hFile=0x148) returned 0x1 [0102.927] WriteFile (in: hFile=0x148, lpBuffer=0xc00011c1e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011c1e0*, lpNumberOfBytesWritten=0xc0006e1cec*=0xf0, lpOverlapped=0x0) returned 1 [0102.928] CloseHandle (hObject=0x148) returned 1 [0102.928] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0102.929] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0102.929] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0102.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0102.930] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0102.933] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.945] SetEvent (hEvent=0x13c) returned 1 [0102.945] GetFileType (hFile=0x148) returned 0x1 [0102.945] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.946] CloseHandle (hObject=0x148) returned 1 [0102.946] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.946] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.947] SetEvent (hEvent=0x13c) returned 1 [0102.947] SetEvent (hEvent=0x15c) returned 1 [0102.947] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.948] VirtualFree (lpAddress=0xc000160000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0102.948] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.949] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.949] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.949] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.950] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.950] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.950] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.950] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.951] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.951] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.951] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.952] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.952] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.952] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.952] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005866a8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000063818, lpReserved=0x0 | out: lpBuffer=0xc0005866a8*, lpNumberOfCharsWritten=0xc000063818*=0x3) returned 1 [0102.954] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0102.957] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005866b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c3818, lpReserved=0x0 | out: lpBuffer=0xc0005866b0*, lpNumberOfCharsWritten=0xc0000c3818*=0x3) returned 1 [0102.957] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005866b6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000255818, lpReserved=0x0 | out: lpBuffer=0xc0005866b6*, lpNumberOfCharsWritten=0xc000255818*=0x3) returned 1 [0102.958] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000102b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d1818, lpReserved=0x0 | out: lpBuffer=0xc0000102b0*, lpNumberOfCharsWritten=0xc0001d1818*=0x3) returned 1 [0102.966] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000102b6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d3818, lpReserved=0x0 | out: lpBuffer=0xc0000102b6*, lpNumberOfCharsWritten=0xc0001d3818*=0x3) returned 1 [0102.972] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010350*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00027b818, lpReserved=0x0 | out: lpBuffer=0xc000010350*, lpNumberOfCharsWritten=0xc00027b818*=0x3) returned 1 [0102.984] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010356*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001c5818, lpReserved=0x0 | out: lpBuffer=0xc000010356*, lpNumberOfCharsWritten=0xc0001c5818*=0x3) returned 1 [0102.993] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010370*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000277818, lpReserved=0x0 | out: lpBuffer=0xc000010370*, lpNumberOfCharsWritten=0xc000277818*=0x3) returned 1 [0102.997] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.016] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0103.017] SetEvent (hEvent=0x15c) returned 1 [0103.017] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0103.019] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000137cf4 | out: lpMode=0xc000137cf4) returned 0 [0103.019] GetFileType (hFile=0x128) returned 0x1 [0103.019] GetFileType (hFile=0x128) returned 0x1 [0103.019] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000137d44 | out: lpFileInformation=0xc000137d44) returned 1 [0103.019] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000137d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000137d28) returned 1 [0103.019] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0103.021] ReadFile (in: hFile=0x128, lpBuffer=0xc000280000, nNumberOfBytesToRead=0x4085, lpNumberOfBytesRead=0xc000137c04, lpOverlapped=0x0 | out: lpBuffer=0xc000280000*, lpNumberOfBytesRead=0xc000137c04*=0x3e85, lpOverlapped=0x0) returned 1 [0103.026] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.036] ReadFile (in: hFile=0x128, lpBuffer=0xc000283e85, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000137c04, lpOverlapped=0x0 | out: lpBuffer=0xc000283e85*, lpNumberOfBytesRead=0xc000137c04*=0x0, lpOverlapped=0x0) returned 1 [0103.036] CloseHandle (hObject=0x128) returned 1 [0103.036] SetEvent (hEvent=0x13c) returned 1 [0103.036] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.399] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0103.399] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00027bcf4 | out: lpMode=0xc00027bcf4) returned 0 [0103.406] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.432] GetFileType (hFile=0x150) returned 0x1 [0103.432] GetFileType (hFile=0x150) returned 0x1 [0103.432] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00027bd44 | out: lpFileInformation=0xc00027bd44) returned 1 [0103.432] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00027bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027bd28) returned 1 [0103.432] ReadFile (in: hFile=0x150, lpBuffer=0xc0002a2800, nNumberOfBytesToRead=0x439f, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a2800*, lpNumberOfBytesRead=0xc00027bc04*=0x419f, lpOverlapped=0x0) returned 1 [0103.472] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.522] ReadFile (in: hFile=0x150, lpBuffer=0xc0002a699f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a699f*, lpNumberOfBytesRead=0xc00027bc04*=0x0, lpOverlapped=0x0) returned 1 [0103.522] CloseHandle (hObject=0x150) returned 1 [0103.522] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0103.522] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0103.523] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0103.523] VirtualAlloc (lpAddress=0xc0002ce000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ce000 [0103.524] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0103.526] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00027bd04 | out: lpMode=0xc00027bd04) returned 0 [0103.527] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.533] SetEvent (hEvent=0x188) returned 1 [0103.533] GetFileType (hFile=0x150) returned 0x1 [0103.533] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.549] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.550] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000067818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000067818*=0x3) returned 1 [0103.552] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cb818, lpReserved=0x0 | out: lpBuffer=0xc000586006*, lpNumberOfCharsWritten=0xc0001cb818*=0x3) returned 1 [0103.556] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586330*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a9818, lpReserved=0x0 | out: lpBuffer=0xc000586330*, lpNumberOfCharsWritten=0xc0001a9818*=0x3) returned 1 [0103.561] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586336*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004df818, lpReserved=0x0 | out: lpBuffer=0xc000586336*, lpNumberOfCharsWritten=0xc0004df818*=0x3) returned 1 [0103.568] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586390*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000229818, lpReserved=0x0 | out: lpBuffer=0xc000586390*, lpNumberOfCharsWritten=0xc000229818*=0x3) returned 1 [0103.571] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586396*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000187818, lpReserved=0x0 | out: lpBuffer=0xc000586396*, lpNumberOfCharsWritten=0xc000187818*=0x3) returned 1 [0103.576] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b1818, lpReserved=0x0 | out: lpBuffer=0xc0005863b0*, lpNumberOfCharsWritten=0xc0001b1818*=0x3) returned 1 [0103.585] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863b6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001bb818, lpReserved=0x0 | out: lpBuffer=0xc0005863b6*, lpNumberOfCharsWritten=0xc0001bb818*=0x3) returned 1 [0103.589] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.607] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.608] SetEvent (hEvent=0x9c) returned 1 [0103.608] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.616] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.616] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0103.616] SetEvent (hEvent=0x13c) returned 1 [0103.617] SetEvent (hEvent=0xf4) returned 1 [0103.617] SetEvent (hEvent=0x108) returned 1 [0103.619] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.621] SetEvent (hEvent=0x164) returned 1 [0103.621] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.622] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.622] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0103.622] SetEvent (hEvent=0x164) returned 1 [0103.622] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.628] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.629] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0103.629] SetEvent (hEvent=0x100) returned 1 [0103.629] SetEvent (hEvent=0x9c) returned 1 [0103.629] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.632] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.638] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0103.638] SetEvent (hEvent=0x9c) returned 1 [0103.638] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.645] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.645] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.646] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0103.646] SetEvent (hEvent=0xc0) returned 1 [0103.646] SetEvent (hEvent=0x9c) returned 1 [0103.646] SetEvent (hEvent=0x100) returned 1 [0103.646] VirtualAlloc (lpAddress=0xc00020a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020a000 [0103.648] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.651] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.654] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0103.654] SetEvent (hEvent=0x164) returned 1 [0103.654] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.658] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.659] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0103.659] SetEvent (hEvent=0x9c) returned 1 [0103.659] SetEvent (hEvent=0x100) returned 1 [0103.660] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.664] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.669] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0103.669] SetEvent (hEvent=0x100) returned 1 [0103.669] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.674] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.675] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0103.675] SetEvent (hEvent=0x100) returned 1 [0103.675] SetEvent (hEvent=0x164) returned 1 [0103.675] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.681] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.683] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0103.683] SetEvent (hEvent=0xfc) returned 1 [0103.683] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.686] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.686] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.687] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0103.687] SetEvent (hEvent=0xc0) returned 1 [0103.687] SetEvent (hEvent=0x164) returned 1 [0103.687] SetEvent (hEvent=0x100) returned 1 [0103.688] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.690] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.690] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0103.690] SetEvent (hEvent=0x164) returned 1 [0103.690] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.697] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0103.698] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000165cf4 | out: lpMode=0xc000165cf4) returned 0 [0103.703] GetFileType (hFile=0x128) returned 0x1 [0103.703] GetFileType (hFile=0x128) returned 0x1 [0103.703] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000165d44 | out: lpFileInformation=0xc000165d44) returned 1 [0103.704] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000165d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000165d28) returned 1 [0103.704] VirtualAlloc (lpAddress=0xc00020a000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020a000 [0103.705] ReadFile (in: hFile=0x128, lpBuffer=0xc00020a000, nNumberOfBytesToRead=0x408b, lpNumberOfBytesRead=0xc000165c04, lpOverlapped=0x0 | out: lpBuffer=0xc00020a000*, lpNumberOfBytesRead=0xc000165c04*=0x3e8b, lpOverlapped=0x0) returned 1 [0103.718] ReadFile (in: hFile=0x128, lpBuffer=0xc00020de8b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000165c04, lpOverlapped=0x0 | out: lpBuffer=0xc00020de8b*, lpNumberOfBytesRead=0xc000165c04*=0x0, lpOverlapped=0x0) returned 1 [0103.719] CloseHandle (hObject=0x128) returned 1 [0103.719] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0103.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0103.720] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000165d04 | out: lpMode=0xc000165d04) returned 0 [0103.725] GetFileType (hFile=0x128) returned 0x1 [0103.725] WriteFile (in: hFile=0x128, lpBuffer=0xc0001c0000*, nNumberOfBytesToWrite=0x3e90, lpNumberOfBytesWritten=0xc000165cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0000*, lpNumberOfBytesWritten=0xc000165cec*=0x3e90, lpOverlapped=0x0) returned 1 [0103.726] CloseHandle (hObject=0x128) returned 1 [0103.726] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0103.726] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0103.727] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000165d64 | out: lpMode=0xc000165d64) returned 0 [0103.734] GetFileType (hFile=0x128) returned 0x1 [0103.734] WriteFile (in: hFile=0x128, lpBuffer=0xc000236000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000165d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000236000*, lpNumberOfBytesWritten=0xc000165d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.734] CloseHandle (hObject=0x128) returned 1 [0103.734] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0103.734] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.735] SwitchToThread () returned 1 [0103.743] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0103.744] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0103.744] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0103.744] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00027dcf4 | out: lpMode=0xc00027dcf4) returned 0 [0103.753] GetFileType (hFile=0xec) returned 0x1 [0103.753] GetFileType (hFile=0xec) returned 0x1 [0103.753] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00027dd44 | out: lpFileInformation=0xc00027dd44) returned 1 [0103.753] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00027dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027dd28) returned 1 [0103.753] ReadFile (in: hFile=0xec, lpBuffer=0xc00029e000, nNumberOfBytesToRead=0x446b, lpNumberOfBytesRead=0xc00027dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00029e000*, lpNumberOfBytesRead=0xc00027dc04*=0x426b, lpOverlapped=0x0) returned 1 [0103.758] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.767] ReadFile (in: hFile=0xec, lpBuffer=0xc0002a226b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a226b*, lpNumberOfBytesRead=0xc00027dc04*=0x0, lpOverlapped=0x0) returned 1 [0103.768] CloseHandle (hObject=0xec) returned 1 [0103.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0103.769] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00027dd04 | out: lpMode=0xc00027dd04) returned 0 [0103.777] GetFileType (hFile=0xec) returned 0x1 [0103.777] WriteFile (in: hFile=0xec, lpBuffer=0xc0002ab800*, nNumberOfBytesToWrite=0x4270, lpNumberOfBytesWritten=0xc00027dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002ab800*, lpNumberOfBytesWritten=0xc00027dcec*=0x4270, lpOverlapped=0x0) returned 1 [0103.778] CloseHandle (hObject=0xec) returned 1 [0103.778] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0103.778] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0103.778] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0103.779] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0103.779] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0103.779] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00027dd64 | out: lpMode=0xc00027dd64) returned 0 [0103.780] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.786] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.787] SetEvent (hEvent=0xfc) returned 1 [0103.787] SetEvent (hEvent=0x9c) returned 1 [0103.787] VirtualFree (lpAddress=0xc000306000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0103.787] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.788] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.788] VirtualFree (lpAddress=0xc00020a000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0103.788] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.789] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.789] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.789] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.789] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.790] GetFileType (hFile=0x180) returned 0x1 [0103.790] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0000f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.790] CloseHandle (hObject=0x180) returned 1 [0103.790] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.791] GetFileType (hFile=0x194) returned 0x1 [0103.791] WriteFile (in: hFile=0x194, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc00022bd4c*=0x158, lpOverlapped=0x0) returned 1 [0103.791] CloseHandle (hObject=0x194) returned 1 [0103.791] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.792] GetFileType (hFile=0x1b0) returned 0x1 [0103.792] GetFileType (hFile=0x1b0) returned 0x1 [0103.792] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00010fd44 | out: lpFileInformation=0xc00010fd44) returned 1 [0103.792] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00010fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010fd28) returned 1 [0103.792] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0103.793] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0x5a3f, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc00010fc04*=0x583f, lpOverlapped=0x0) returned 1 [0103.805] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00012183f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00012183f*, lpNumberOfBytesRead=0xc00010fc04*=0x0, lpOverlapped=0x0) returned 1 [0103.805] CloseHandle (hObject=0x1b0) returned 1 [0103.805] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0103.806] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0103.806] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0103.806] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0103.809] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00010fd04 | out: lpMode=0xc00010fd04) returned 0 [0103.819] GetFileType (hFile=0x1b0) returned 0x1 [0103.819] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000168000*, nNumberOfBytesToWrite=0x5840, lpNumberOfBytesWritten=0xc00010fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000168000*, lpNumberOfBytesWritten=0xc00010fcec*=0x5840, lpOverlapped=0x0) returned 1 [0103.820] CloseHandle (hObject=0x1b0) returned 1 [0103.820] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0103.821] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0103.821] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0103.821] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0103.821] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0103.822] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0103.822] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0103.822] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00010fd64 | out: lpMode=0xc00010fd64) returned 0 [0103.827] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.844] SetEvent (hEvent=0x9c) returned 1 [0103.845] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.846] SetEvent (hEvent=0x100) returned 1 [0103.846] SetEvent (hEvent=0xf4) returned 1 [0103.846] SetEvent (hEvent=0x108) returned 1 [0103.846] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.856] SetEvent (hEvent=0x9c) returned 1 [0103.856] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0103.867] SetEvent (hEvent=0xf4) returned 1 [0103.868] SetEvent (hEvent=0x164) returned 1 [0103.868] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0104.149] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0104.152] VirtualFree (lpAddress=0xc000236000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.152] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.152] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.153] SetEvent (hEvent=0x13c) returned 1 [0104.153] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0104.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x194 [0104.532] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0104.541] GetFileType (hFile=0x194) returned 0x1 [0104.541] GetFileType (hFile=0x194) returned 0x1 [0104.541] GetFileInformationByHandle (in: hFile=0x194, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0104.541] GetFileInformationByHandleEx (in: hFile=0x194, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0104.541] VirtualAlloc (lpAddress=0xc0002ae000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ae000 [0104.543] ReadFile (in: hFile=0x194, lpBuffer=0xc0002ae000, nNumberOfBytesToRead=0x5200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ae000*, lpNumberOfBytesRead=0xc00024dc04*=0x5000, lpOverlapped=0x0) returned 1 [0104.551] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0104.645] SetEvent (hEvent=0xc0) returned 1 [0104.645] ReadFile (in: hFile=0x194, lpBuffer=0xc0002b3000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b3000*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0104.645] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0104.667] CloseHandle (hObject=0x194) returned 1 [0104.668] VirtualAlloc (lpAddress=0xc000480000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000480000 [0104.669] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0104.670] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc00024dd04 | out: lpMode=0xc00024dd04) returned 0 [0104.671] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0104.711] GetFileType (hFile=0x194) returned 0x1 [0104.711] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0104.720] SetEvent (hEvent=0x164) returned 1 [0104.720] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.377] SetEvent (hEvent=0x9c) returned 1 [0105.377] SetEvent (hEvent=0xf4) returned 1 [0105.377] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.379] SetEvent (hEvent=0x120) returned 1 [0105.379] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.382] SetEvent (hEvent=0xf4) returned 1 [0105.382] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.393] SetEvent (hEvent=0x9c) returned 1 [0105.393] SetEvent (hEvent=0xfc) returned 1 [0105.393] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.393] VirtualFree (lpAddress=0xc0002f2000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0105.393] VirtualFree (lpAddress=0xc0002ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.393] VirtualFree (lpAddress=0xc0002ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.394] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.394] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.394] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.394] SetEvent (hEvent=0x120) returned 1 [0105.394] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.417] SetEvent (hEvent=0x9c) returned 1 [0105.417] SetEvent (hEvent=0x164) returned 1 [0105.417] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.420] SetEvent (hEvent=0xf4) returned 1 [0105.420] SetEvent (hEvent=0x164) returned 1 [0105.420] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.630] SetEvent (hEvent=0x108) returned 1 [0105.630] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.637] SetEvent (hEvent=0x9c) returned 1 [0105.637] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.645] SetEvent (hEvent=0x164) returned 1 [0105.645] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.662] SetEvent (hEvent=0x9c) returned 1 [0105.662] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.696] SetEvent (hEvent=0xf4) returned 1 [0105.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x194 [0105.697] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc000259cf4 | out: lpMode=0xc000259cf4) returned 0 [0105.703] GetFileType (hFile=0x194) returned 0x1 [0105.703] GetFileType (hFile=0x194) returned 0x1 [0105.703] GetFileInformationByHandle (in: hFile=0x194, lpFileInformation=0xc000259d44 | out: lpFileInformation=0xc000259d44) returned 1 [0105.703] GetFileInformationByHandleEx (in: hFile=0x194, FileInformationClass=0x9, lpFileInformation=0xc000259d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000259d28) returned 1 [0105.703] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0105.704] ReadFile (in: hFile=0x194, lpBuffer=0xc0002ec000, nNumberOfBytesToRead=0x7200, lpNumberOfBytesRead=0xc000259c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ec000*, lpNumberOfBytesRead=0xc000259c04*=0x7000, lpOverlapped=0x0) returned 1 [0105.707] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.728] ReadFile (in: hFile=0x194, lpBuffer=0xc0002f3000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000259c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f3000*, lpNumberOfBytesRead=0xc000259c04*=0x0, lpOverlapped=0x0) returned 1 [0105.728] CloseHandle (hObject=0x194) returned 1 [0105.728] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0105.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0105.731] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc000259d04 | out: lpMode=0xc000259d04) returned 0 [0105.736] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.741] GetFileType (hFile=0x194) returned 0x1 [0105.741] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.742] WriteFile (in: hFile=0x194, lpBuffer=0xc00021a000*, nNumberOfBytesToWrite=0x7010, lpNumberOfBytesWritten=0xc000259cec, lpOverlapped=0x0 | out: lpBuffer=0xc00021a000*, lpNumberOfBytesWritten=0xc000259cec*=0x7010, lpOverlapped=0x0) returned 1 [0105.744] CloseHandle (hObject=0x194) returned 1 [0105.744] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0105.744] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0105.745] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc000259d64 | out: lpMode=0xc000259d64) returned 0 [0105.753] GetFileType (hFile=0x194) returned 0x1 [0105.753] WriteFile (in: hFile=0x194, lpBuffer=0xc00016a420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000259d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a420*, lpNumberOfBytesWritten=0xc000259d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.753] CloseHandle (hObject=0x194) returned 1 [0105.753] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\encry-Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\encry-web slice gallery~.feed-ms"), dwFlags=0x1) returned 1 [0105.754] GetFileType (hFile=0x1b4) returned 0x1 [0105.754] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00031c000*, nNumberOfBytesToWrite=0x38b0, lpNumberOfBytesWritten=0xc000181cec, lpOverlapped=0x0 | out: lpBuffer=0xc00031c000*, lpNumberOfBytesWritten=0xc000181cec*=0x38b0, lpOverlapped=0x0) returned 1 [0105.755] CloseHandle (hObject=0x1b4) returned 1 [0105.755] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0501 | out: pbBuffer=0xc0000e0501) returned 1 [0105.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0105.756] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000181d64 | out: lpMode=0xc000181d64) returned 0 [0105.767] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.780] GetFileType (hFile=0x1b4) returned 0x1 [0105.780] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000ce420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000181d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce420*, lpNumberOfBytesWritten=0xc000181d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.780] CloseHandle (hObject=0x1b4) returned 1 [0105.780] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-feedback.html"), dwFlags=0x1) returned 1 [0105.781] SetEvent (hEvent=0x120) returned 1 [0105.781] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.784] SetEvent (hEvent=0x108) returned 1 [0105.784] SetEvent (hEvent=0x120) returned 1 [0105.784] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.819] SetEvent (hEvent=0x9c) returned 1 [0105.819] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0105.985] SetEvent (hEvent=0xf4) returned 1 [0105.985] SwitchToThread () returned 1 [0106.092] SetEvent (hEvent=0xf4) returned 1 [0106.092] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.115] SetEvent (hEvent=0x120) returned 1 [0106.115] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.125] SetEvent (hEvent=0x108) returned 1 [0106.126] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.357] SetEvent (hEvent=0x164) returned 1 [0106.357] SetEvent (hEvent=0xfc) returned 1 [0106.357] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.368] SetEvent (hEvent=0x9c) returned 1 [0106.368] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.480] SetEvent (hEvent=0x108) returned 1 [0106.480] SetEvent (hEvent=0xfc) returned 1 [0106.480] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.483] SetEvent (hEvent=0x108) returned 1 [0106.483] SwitchToThread () returned 1 [0106.484] SetEvent (hEvent=0x108) returned 1 [0106.484] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.485] SetEvent (hEvent=0x164) returned 1 [0106.485] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.498] SetEvent (hEvent=0x120) returned 1 [0106.498] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.511] SetEvent (hEvent=0x108) returned 1 [0106.511] SetEvent (hEvent=0x164) returned 1 [0106.511] SetEvent (hEvent=0xfc) returned 1 [0106.511] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.645] SetEvent (hEvent=0x108) returned 1 [0106.645] SetEvent (hEvent=0x120) returned 1 [0106.645] SetEvent (hEvent=0x164) returned 1 [0106.645] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.658] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.660] SetEvent (hEvent=0x108) returned 1 [0106.660] SetEvent (hEvent=0xfc) returned 1 [0106.660] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.660] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.661] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.661] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.661] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.661] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.661] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.662] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0106.662] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0106.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0106.663] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001f7cf4 | out: lpMode=0xc0001f7cf4) returned 0 [0106.664] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.666] GetFileType (hFile=0x1e4) returned 0x1 [0106.666] GetFileType (hFile=0x1e4) returned 0x1 [0106.666] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc0001f7d44 | out: lpFileInformation=0xc0001f7d44) returned 1 [0106.666] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc0001f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f7d28) returned 1 [0106.666] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x210, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc0001f7c04*=0x10, lpOverlapped=0x0) returned 1 [0106.667] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00006c010, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c010*, lpNumberOfBytesRead=0xc0001f7c04*=0x0, lpOverlapped=0x0) returned 1 [0106.667] CloseHandle (hObject=0x1e4) returned 1 [0106.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0106.668] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001f7d04 | out: lpMode=0xc0001f7d04) returned 0 [0106.669] GetFileType (hFile=0x1e4) returned 0x1 [0106.669] WriteFile (in: hFile=0x1e4, lpBuffer=0xc00009e020*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xc0001f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00009e020*, lpNumberOfBytesWritten=0xc0001f7cec*=0x20, lpOverlapped=0x0) returned 1 [0106.670] CloseHandle (hObject=0x1e4) returned 1 [0106.671] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0106.671] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0106.671] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0106.671] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0106.672] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0106.672] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001f7d64 | out: lpMode=0xc0001f7d64) returned 0 [0106.673] GetFileType (hFile=0x1e4) returned 0x1 [0106.673] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.673] CloseHandle (hObject=0x1e4) returned 1 [0106.673] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\encry-CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\encry-current"), dwFlags=0x1) returned 1 [0106.674] VirtualFree (lpAddress=0xc0002c6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.675] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.675] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.675] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.675] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.676] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.676] GetFileType (hFile=0x1d4) returned 0x1 [0106.676] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0006cc000*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0xc000133cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006cc000*, lpNumberOfBytesWritten=0xc000133cec*=0x40, lpOverlapped=0x0) returned 1 [0106.677] CloseHandle (hObject=0x1d4) returned 1 [0106.677] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0106.677] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0106.678] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0106.678] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000133d64 | out: lpMode=0xc000133d64) returned 0 [0106.679] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.681] GetFileType (hFile=0x1d4) returned 0x1 [0106.681] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000133d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000133d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.681] CloseHandle (hObject=0x1d4) returned 1 [0106.682] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0106.682] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0106.682] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\offers.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\encry-offers.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\encry-offers.html"), dwFlags=0x1) returned 1 [0106.683] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.688] SetEvent (hEvent=0x108) returned 1 [0106.688] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.690] SetEvent (hEvent=0x120) returned 1 [0106.690] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.693] SetEvent (hEvent=0xfc) returned 1 [0106.693] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.715] SetEvent (hEvent=0xfc) returned 1 [0106.715] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.747] SetEvent (hEvent=0x9c) returned 1 [0106.747] SetEvent (hEvent=0x120) returned 1 [0106.747] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.753] VirtualFree (lpAddress=0xc0002ac000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0106.754] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.754] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.755] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.755] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.755] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.755] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.756] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.756] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.756] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.756] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.757] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.757] VirtualFree (lpAddress=0xc000078000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.757] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.757] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.758] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.758] SetEvent (hEvent=0x108) returned 1 [0106.758] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.786] SetEvent (hEvent=0xfc) returned 1 [0106.786] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.790] SetEvent (hEvent=0x9c) returned 1 [0106.790] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.791] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0106.792] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0106.792] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0106.792] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000179cf4 | out: lpMode=0xc000179cf4) returned 0 [0106.793] GetFileType (hFile=0xec) returned 0x1 [0106.793] GetFileType (hFile=0xec) returned 0x1 [0106.793] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000179d44 | out: lpFileInformation=0xc000179d44) returned 1 [0106.793] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000179d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000179d28) returned 1 [0106.793] ReadFile (in: hFile=0xec, lpBuffer=0xc0001e2280, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc000179c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2280*, lpNumberOfBytesRead=0xc000179c04*=0x43, lpOverlapped=0x0) returned 1 [0106.794] ReadFile (in: hFile=0xec, lpBuffer=0xc0001e22c3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000179c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e22c3*, lpNumberOfBytesRead=0xc000179c04*=0x0, lpOverlapped=0x0) returned 1 [0106.794] CloseHandle (hObject=0xec) returned 1 [0106.794] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0106.794] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0106.795] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0106.795] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.795] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini\\*", lpFindFileData=0xc000179a08 | out: lpFindFileData=0xc000179a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0106.795] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0106.795] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000179720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0106.796] SetEvent (hEvent=0x9c) returned 1 [0106.796] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.797] SetEvent (hEvent=0x120) returned 1 [0106.797] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.798] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0106.798] SetEvent (hEvent=0xf4) returned 1 [0106.798] SetEvent (hEvent=0x120) returned 1 [0106.798] SetEvent (hEvent=0x108) returned 1 [0106.799] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.805] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.807] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0106.807] SetEvent (hEvent=0xfc) returned 1 [0106.807] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.811] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.812] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0106.812] SetEvent (hEvent=0xfc) returned 1 [0106.812] SetEvent (hEvent=0x9c) returned 1 [0106.813] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.815] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.817] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0106.817] SetEvent (hEvent=0xfc) returned 1 [0106.817] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.820] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.821] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0106.821] SetEvent (hEvent=0x164) returned 1 [0106.821] SetEvent (hEvent=0x9c) returned 1 [0106.822] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.823] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.823] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.824] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.825] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0106.825] SetEvent (hEvent=0x164) returned 1 [0106.825] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.830] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.830] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0106.830] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0106.831] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001bdcf4 | out: lpMode=0xc0001bdcf4) returned 0 [0106.832] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.836] SetEvent (hEvent=0xfc) returned 1 [0106.836] GetFileType (hFile=0xec) returned 0x1 [0106.836] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0106.836] GetFileType (hFile=0xec) returned 0x1 [0106.836] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0001bdd44 | out: lpFileInformation=0xc0001bdd44) returned 1 [0106.836] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0001bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bdd28) returned 1 [0106.836] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0106.837] ReadFile (in: hFile=0xec, lpBuffer=0xc000060000, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesRead=0xc0001bdc04*=0x43, lpOverlapped=0x0) returned 1 [0106.838] ReadFile (in: hFile=0xec, lpBuffer=0xc000060043, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000060043*, lpNumberOfBytesRead=0xc0001bdc04*=0x0, lpOverlapped=0x0) returned 1 [0106.838] CloseHandle (hObject=0xec) returned 1 [0106.838] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0106.838] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0106.838] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0106.839] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0106.839] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.839] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini\\*", lpFindFileData=0xc0001bda08 | out: lpFindFileData=0xc0001bda08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0106.839] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001bd720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0106.839] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.848] SetEvent (hEvent=0xfc) returned 1 [0106.848] SetEvent (hEvent=0x9c) returned 1 [0106.848] SwitchToThread () returned 1 [0106.850] SetEvent (hEvent=0xfc) returned 1 [0106.850] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.856] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0106.873] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0106.873] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0106.874] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0106.874] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0106.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0106.875] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000c5cf4 | out: lpMode=0xc0000c5cf4) returned 0 [0106.886] GetFileType (hFile=0xec) returned 0x1 [0106.886] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0106.887] GetFileType (hFile=0xec) returned 0x1 [0106.887] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0000c5d44 | out: lpFileInformation=0xc0000c5d44) returned 1 [0106.887] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0000c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c5d28) returned 1 [0106.887] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0106.888] ReadFile (in: hFile=0xec, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x8200, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0000c5c04*=0x8000, lpOverlapped=0x0) returned 1 [0106.897] ReadFile (in: hFile=0xec, lpBuffer=0xc000238000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000238000*, lpNumberOfBytesRead=0xc0000c5c04*=0x0, lpOverlapped=0x0) returned 1 [0106.897] CloseHandle (hObject=0xec) returned 1 [0106.897] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0106.898] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0106.898] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0106.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.899] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat\\*", lpFindFileData=0xc0000c5a08 | out: lpFindFileData=0xc0000c5a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0106.899] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0106.900] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000c5720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0106.900] SwitchToThread () returned 1 [0106.989] SwitchToThread () returned 1 [0106.993] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.001] SetEvent (hEvent=0xfc) returned 1 [0107.001] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.002] SetEvent (hEvent=0x164) returned 1 [0107.002] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0107.004] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000139cf4 | out: lpMode=0xc000139cf4) returned 0 [0107.009] GetFileType (hFile=0x1bc) returned 0x1 [0107.009] GetFileType (hFile=0x1bc) returned 0x1 [0107.009] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000139d44 | out: lpFileInformation=0xc000139d44) returned 1 [0107.009] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000139d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000139d28) returned 1 [0107.009] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0000d1500, nNumberOfBytesToRead=0x1400, lpNumberOfBytesRead=0xc000139c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesRead=0xc000139c04*=0x1200, lpOverlapped=0x0) returned 1 [0107.018] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0000d2700, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000139c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d2700*, lpNumberOfBytesRead=0xc000139c04*=0x0, lpOverlapped=0x0) returned 1 [0107.018] CloseHandle (hObject=0x1bc) returned 1 [0107.018] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0107.019] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0107.020] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000139d04 | out: lpMode=0xc000139d04) returned 0 [0107.031] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.039] GetFileType (hFile=0x1bc) returned 0x1 [0107.039] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000300000*, nNumberOfBytesToWrite=0x1210, lpNumberOfBytesWritten=0xc000139cec, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesWritten=0xc000139cec*=0x1210, lpOverlapped=0x0) returned 1 [0107.040] CloseHandle (hObject=0x1bc) returned 1 [0107.040] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082b01 | out: pbBuffer=0xc000082b01) returned 1 [0107.040] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0107.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0107.041] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000139d64 | out: lpMode=0xc000139d64) returned 0 [0107.046] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.050] SetEvent (hEvent=0x108) returned 1 [0107.050] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.053] SetEvent (hEvent=0x164) returned 1 [0107.053] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.053] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0107.053] SetEvent (hEvent=0xc0) returned 1 [0107.054] SetEvent (hEvent=0xfc) returned 1 [0107.054] SetEvent (hEvent=0x164) returned 1 [0107.054] SetEvent (hEvent=0xb8) returned 1 [0107.055] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.067] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0107.067] SetEvent (hEvent=0xb8) returned 1 [0107.067] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.083] GetFileType (hFile=0x1b4) returned 0x1 [0107.083] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0xc30, lpNumberOfBytesWritten=0xc00018dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc00018dcec*=0xc30, lpOverlapped=0x0) returned 1 [0107.084] CloseHandle (hObject=0x1b4) returned 1 [0107.084] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0107.085] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0107.085] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0107.085] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0107.085] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0107.152] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0107.153] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0107.153] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0107.153] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0107.154] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0107.154] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00018dd64 | out: lpMode=0xc00018dd64) returned 0 [0107.162] GetFileType (hFile=0x1b4) returned 0x1 [0107.162] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc00018dd4c*=0x158, lpOverlapped=0x0) returned 1 [0107.162] CloseHandle (hObject=0x1b4) returned 1 [0107.162] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-feedback.css"), dwFlags=0x1) returned 1 [0107.173] SwitchToThread () returned 1 [0107.174] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.176] SetEvent (hEvent=0xb8) returned 1 [0107.176] SwitchToThread () returned 1 [0107.177] SetEvent (hEvent=0xfc) returned 1 [0107.177] SetEvent (hEvent=0xb8) returned 1 [0107.177] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.184] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0107.184] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0107.184] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0107.213] GetFileType (hFile=0x180) returned 0x1 [0107.213] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0107.213] GetFileType (hFile=0x180) returned 0x1 [0107.214] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0107.214] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0107.214] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0107.214] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0107.215] ReadFile (in: hFile=0x180, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x614, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc0006ddc04*=0x414, lpOverlapped=0x0) returned 1 [0107.256] ReadFile (in: hFile=0x180, lpBuffer=0xc00003c414, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c414*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0107.256] CloseHandle (hObject=0x180) returned 1 [0107.256] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0107.257] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0107.257] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0107.257] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0107.258] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0107.286] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.290] GetFileType (hFile=0x180) returned 0x1 [0107.290] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.295] WriteFile (in: hFile=0x180, lpBuffer=0xc0000fa000*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesWritten=0xc0006ddcec*=0x420, lpOverlapped=0x0) returned 1 [0107.296] CloseHandle (hObject=0x180) returned 1 [0107.297] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0107.297] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0107.297] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0107.297] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0107.298] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0107.298] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0107.299] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0107.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0107.299] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0107.302] GetFileType (hFile=0x180) returned 0x1 [0107.302] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0107.302] CloseHandle (hObject=0x180) returned 1 [0107.302] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\encry-01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\encry-01_music_auto_rated_at_5_stars.wpl"), dwFlags=0x1) returned 1 [0107.303] SetEvent (hEvent=0x120) returned 1 [0107.303] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.307] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.307] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0107.307] SetEvent (hEvent=0xb8) returned 1 [0107.307] SetEvent (hEvent=0x164) returned 1 [0107.309] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.329] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.329] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.332] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.332] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.333] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.333] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0107.333] SetEvent (hEvent=0xb8) returned 1 [0107.333] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.334] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0107.334] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0107.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0107.335] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000193cf4 | out: lpMode=0xc000193cf4) returned 0 [0107.338] GetFileType (hFile=0x1b4) returned 0x1 [0107.338] GetFileType (hFile=0x1b4) returned 0x1 [0107.338] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000193d44 | out: lpFileInformation=0xc000193d44) returned 1 [0107.338] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000193d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000193d28) returned 1 [0107.338] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0107.340] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x25f4, lpNumberOfBytesRead=0xc000193c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000193c04*=0x23f4, lpOverlapped=0x0) returned 1 [0107.347] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.351] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0002a63f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000193c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a63f4*, lpNumberOfBytesRead=0xc000193c04*=0x0, lpOverlapped=0x0) returned 1 [0107.351] CloseHandle (hObject=0x1b4) returned 1 [0107.351] VirtualAlloc (lpAddress=0xc0002b0000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b0000 [0107.352] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0107.353] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000193d04 | out: lpMode=0xc000193d04) returned 0 [0107.356] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.357] SetEvent (hEvent=0x108) returned 1 [0107.357] GetFileType (hFile=0x1b4) returned 0x1 [0107.357] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.369] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0002b0000*, nNumberOfBytesToWrite=0x2400, lpNumberOfBytesWritten=0xc000193cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b0000*, lpNumberOfBytesWritten=0xc000193cec*=0x2400, lpOverlapped=0x0) returned 1 [0107.370] CloseHandle (hObject=0x1b4) returned 1 [0107.370] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0107.371] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0107.371] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0107.371] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000193d64 | out: lpMode=0xc000193d64) returned 0 [0107.377] GetFileType (hFile=0x1b4) returned 0x1 [0107.377] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000193d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000193d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.377] CloseHandle (hObject=0x1b4) returned 1 [0107.377] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0107.377] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0107.378] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\encry-frameiconcache.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\encry-frameiconcache.dat"), dwFlags=0x1) returned 1 [0107.379] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.392] SetEvent (hEvent=0xfc) returned 1 [0107.392] SwitchToThread () returned 1 [0107.397] SetEvent (hEvent=0xfc) returned 1 [0107.397] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.401] SetEvent (hEvent=0xfc) returned 1 [0107.401] SetEvent (hEvent=0xb8) returned 1 [0107.401] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.414] SetEvent (hEvent=0x120) returned 1 [0107.414] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.440] SetEvent (hEvent=0xfc) returned 1 [0107.440] SetEvent (hEvent=0xf4) returned 1 [0107.440] SetEvent (hEvent=0xb8) returned 1 [0107.440] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.474] SetEvent (hEvent=0x120) returned 1 [0107.474] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.479] SetEvent (hEvent=0xfc) returned 1 [0107.479] SetEvent (hEvent=0x9c) returned 1 [0107.479] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.482] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.483] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0107.483] SetEvent (hEvent=0xc0) returned 1 [0107.483] SetEvent (hEvent=0x120) returned 1 [0107.483] SetEvent (hEvent=0x108) returned 1 [0107.483] SetEvent (hEvent=0xf4) returned 1 [0107.484] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.487] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.487] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.494] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0107.494] SetEvent (hEvent=0xf4) returned 1 [0107.494] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.503] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.700] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.700] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0107.700] SetEvent (hEvent=0xc0) returned 1 [0107.700] SetEvent (hEvent=0x9c) returned 1 [0107.701] SetEvent (hEvent=0x108) returned 1 [0107.702] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.710] SetEvent (hEvent=0x108) returned 1 [0107.710] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.720] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.720] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0107.720] SetEvent (hEvent=0x108) returned 1 [0107.720] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.721] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0107.721] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000165cf4 | out: lpMode=0xc000165cf4) returned 0 [0107.721] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.726] GetFileType (hFile=0x1bc) returned 0x1 [0107.726] GetFileType (hFile=0x1bc) returned 0x1 [0107.727] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000165d44 | out: lpFileInformation=0xc000165d44) returned 1 [0107.727] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000165d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000165d28) returned 1 [0107.727] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x6f3, lpNumberOfBytesRead=0xc000165c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc000165c04*=0x4f3, lpOverlapped=0x0) returned 1 [0107.729] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.732] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00004c4f3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000165c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c4f3*, lpNumberOfBytesRead=0xc000165c04*=0x0, lpOverlapped=0x0) returned 1 [0107.732] CloseHandle (hObject=0x1bc) returned 1 [0107.732] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0107.733] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0107.733] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0107.733] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0107.734] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0107.735] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000165d04 | out: lpMode=0xc000165d04) returned 0 [0107.738] GetFileType (hFile=0x1bc) returned 0x1 [0107.738] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0001de000*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0xc000165cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001de000*, lpNumberOfBytesWritten=0xc000165cec*=0x500, lpOverlapped=0x0) returned 1 [0107.739] CloseHandle (hObject=0x1bc) returned 1 [0107.739] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0107.740] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0107.740] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0107.740] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000165d64 | out: lpMode=0xc000165d64) returned 0 [0107.741] GetFileType (hFile=0x1bc) returned 0x1 [0107.741] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000165d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000165d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.742] CloseHandle (hObject=0x1bc) returned 1 [0107.743] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\03_music_rated_at_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\encry-03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\encry-03_music_rated_at_4_or_5_stars.wpl"), dwFlags=0x1) returned 1 [0107.798] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.802] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.803] SetEvent (hEvent=0x164) returned 1 [0107.803] SetEvent (hEvent=0x100) returned 1 [0107.803] SetEvent (hEvent=0x108) returned 1 [0107.803] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.828] SetEvent (hEvent=0x108) returned 1 [0107.828] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.831] SetEvent (hEvent=0x15c) returned 1 [0107.831] SetEvent (hEvent=0x120) returned 1 [0107.831] SetEvent (hEvent=0x1d0) returned 1 [0107.831] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.833] SetEvent (hEvent=0x100) returned 1 [0107.833] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.837] SetEvent (hEvent=0x15c) returned 1 [0107.837] SetEvent (hEvent=0x120) returned 1 [0107.837] SetEvent (hEvent=0x1d0) returned 1 [0107.837] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.881] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.884] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.886] SetEvent (hEvent=0x15c) returned 1 [0107.886] SetEvent (hEvent=0x9c) returned 1 [0107.886] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.887] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.887] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.887] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.887] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.888] VirtualFree (lpAddress=0xc000072000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.888] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.888] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.888] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0107.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0107.889] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000143cf4 | out: lpMode=0xc000143cf4) returned 0 [0107.891] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0107.893] GetFileType (hFile=0x1bc) returned 0x1 [0107.893] GetFileType (hFile=0x1bc) returned 0x1 [0107.894] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000143d44 | out: lpFileInformation=0xc000143d44) returned 1 [0107.894] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000143d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000143d28) returned 1 [0107.894] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0107.895] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000058000, nNumberOfBytesToRead=0x601, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesRead=0xc000143c04*=0x401, lpOverlapped=0x0) returned 1 [0107.898] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000058401, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc000058401*, lpNumberOfBytesRead=0xc000143c04*=0x0, lpOverlapped=0x0) returned 1 [0107.898] CloseHandle (hObject=0x1bc) returned 1 [0107.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0107.906] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000143d04 | out: lpMode=0xc000143d04) returned 0 [0107.907] GetFileType (hFile=0x1b4) returned 0x1 [0107.907] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00006a000*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0xc000143cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesWritten=0xc000143cec*=0x410, lpOverlapped=0x0) returned 1 [0107.909] CloseHandle (hObject=0x1b4) returned 1 [0108.408] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0108.411] SetEvent (hEvent=0x13c) returned 1 [0108.411] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0108.413] SetEvent (hEvent=0xb8) returned 1 [0108.413] SetEvent (hEvent=0x1a0) returned 1 [0108.413] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0109.351] SetEvent (hEvent=0x15c) returned 1 [0109.351] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0109.362] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0109.364] SetEvent (hEvent=0x15c) returned 1 [0109.364] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000238020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000049818, lpReserved=0x0 | out: lpBuffer=0xc000238020*, lpNumberOfCharsWritten=0xc000049818*=0x3) returned 1 [0109.368] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0109.371] SetEvent (hEvent=0x108) returned 1 [0109.371] SetEvent (hEvent=0xf4) returned 1 [0109.371] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0109.371] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060000*, nNumberOfCharsToWrite=0xb6, lpNumberOfCharsWritten=0xc0001a1808, lpReserved=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfCharsWritten=0xc0001a1808*=0xb6) returned 1 [0109.373] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0109.374] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0109.374] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0109.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0109.375] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001a1d64 | out: lpMode=0xc0001a1d64) returned 0 [0109.379] GetFileType (hFile=0x1bc) returned 0x1 [0109.379] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0109.716] CloseHandle (hObject=0x1bc) returned 1 [0109.716] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\encry-thumbcache_256.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\encry-thumbcache_256.db"), dwFlags=0x1) returned 1 [0109.718] SetEvent (hEvent=0x1a0) returned 1 [0109.718] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.023] SetEvent (hEvent=0x108) returned 1 [0110.023] SetEvent (hEvent=0x188) returned 1 [0110.023] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.030] SetEvent (hEvent=0x108) returned 1 [0110.030] SetEvent (hEvent=0x188) returned 1 [0110.030] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.042] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0110.043] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00024e000*, nNumberOfCharsToWrite=0x78, lpNumberOfCharsWritten=0xc000175808, lpReserved=0x0 | out: lpBuffer=0xc00024e000*, lpNumberOfCharsWritten=0xc000175808*=0x78) returned 1 [0110.045] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532501 | out: pbBuffer=0xc000532501) returned 1 [0110.046] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0110.046] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0110.048] GetFileType (hFile=0xec) returned 0x1 [0110.048] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.048] CloseHandle (hObject=0xec) returned 1 [0110.048] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0110.049] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0110.049] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\encry-index.dat"), dwFlags=0x1) returned 1 [0110.054] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.057] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.058] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0110.058] SetEvent (hEvent=0xc0) returned 1 [0110.058] SetEvent (hEvent=0x164) returned 1 [0110.058] SetEvent (hEvent=0x13c) returned 1 [0110.059] SetEvent (hEvent=0xb8) returned 1 [0110.059] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.067] SetEvent (hEvent=0x198) returned 1 [0110.067] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.068] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0110.068] SetEvent (hEvent=0x108) returned 1 [0110.068] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.077] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000292120*, nNumberOfCharsToWrite=0x90, lpNumberOfCharsWritten=0xc000275808, lpReserved=0x0 | out: lpBuffer=0xc000292120*, lpNumberOfCharsWritten=0xc000275808*=0x90) returned 1 [0110.082] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0110.082] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0110.082] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0110.082] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0110.083] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.083] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0110.083] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\RIJUQL1C\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0110.084] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000275d64 | out: lpMode=0xc000275d64) returned 0 [0110.089] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.093] SetEvent (hEvent=0x198) returned 1 [0110.093] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.114] SetEvent (hEvent=0xb8) returned 1 [0110.114] SetEvent (hEvent=0x9c) returned 1 [0110.114] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.116] SetEvent (hEvent=0x108) returned 1 [0110.116] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.133] SetEvent (hEvent=0x108) returned 1 [0110.133] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.150] SetEvent (hEvent=0xb8) returned 1 [0110.150] SetEvent (hEvent=0x108) returned 1 [0110.150] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.154] SetEvent (hEvent=0x164) returned 1 [0110.154] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.154] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.155] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.155] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.155] VirtualFree (lpAddress=0xc0002f2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0110.156] SetEvent (hEvent=0x198) returned 1 [0110.156] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.165] SetEvent (hEvent=0xf4) returned 1 [0110.165] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.168] SetEvent (hEvent=0x15c) returned 1 [0110.168] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.170] SetEvent (hEvent=0xf4) returned 1 [0110.170] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.178] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.181] SetEvent (hEvent=0x9c) returned 1 [0110.181] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.193] SetEvent (hEvent=0x9c) returned 1 [0110.193] SetEvent (hEvent=0xf4) returned 1 [0110.193] SetEvent (hEvent=0xb8) returned 1 [0110.193] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.195] SetEvent (hEvent=0x9c) returned 1 [0110.195] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.197] SetEvent (hEvent=0x9c) returned 1 [0110.197] SetEvent (hEvent=0xfc) returned 1 [0110.197] SetEvent (hEvent=0xb8) returned 1 [0110.197] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.238] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.242] SetEvent (hEvent=0xf4) returned 1 [0110.242] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.244] SetEvent (hEvent=0xf4) returned 1 [0110.244] SetEvent (hEvent=0x188) returned 1 [0110.244] SetEvent (hEvent=0xfc) returned 1 [0110.244] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.259] SetEvent (hEvent=0x9c) returned 1 [0110.259] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0110.264] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0111.059] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.420] SetEvent (hEvent=0x1a0) returned 1 [0112.420] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.429] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0112.430] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0112.431] GetFileType (hFile=0x1b4) returned 0x1 [0112.432] GetFileType (hFile=0x1b4) returned 0x1 [0112.432] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0112.432] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0112.432] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0112.432] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000076000, nNumberOfBytesToRead=0x47b, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc000076000*, lpNumberOfBytesRead=0xc000241c04*=0x27b, lpOverlapped=0x0) returned 1 [0112.437] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.473] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00007627b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007627b*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0112.473] CloseHandle (hObject=0x1b4) returned 1 [0112.473] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0112.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0112.485] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.486] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0112.487] GetFileType (hFile=0x1b0) returned 0x1 [0112.487] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000050a00*, nNumberOfBytesToWrite=0x280, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc000050a00*, lpNumberOfBytesWritten=0xc000241cec*=0x280, lpOverlapped=0x0) returned 1 [0112.488] CloseHandle (hObject=0x1b0) returned 1 [0112.494] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0401 | out: pbBuffer=0xc0000e0401) returned 1 [0112.494] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0112.494] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0112.494] GetFileType (hFile=0x1d4) returned 0x1 [0112.495] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0000fe840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe840*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.495] CloseHandle (hObject=0x1d4) returned 1 [0112.495] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-AA7XCQ3[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-aa7xcq3[1].png"), dwFlags=0x1) returned 1 [0112.572] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.574] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.576] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.580] VirtualFree (lpAddress=0xc000382000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.580] VirtualFree (lpAddress=0xc00031a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.580] VirtualFree (lpAddress=0xc0002b4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.581] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.581] VirtualFree (lpAddress=0xc000166000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.581] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004db818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc0004db818*=0x3) returned 1 [0112.585] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00022d818, lpReserved=0x0 | out: lpBuffer=0xc000586018*, lpNumberOfCharsWritten=0xc00022d818*=0x2) returned 1 [0112.587] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.588] VirtualAlloc (lpAddress=0xc00031c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031c000 [0112.589] SetEvent (hEvent=0xb8) returned 1 [0112.589] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.589] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0112.590] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000045cf4 | out: lpMode=0xc000045cf4) returned 0 [0112.592] GetFileType (hFile=0x1b0) returned 0x1 [0112.592] GetFileType (hFile=0x1b0) returned 0x1 [0112.592] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000045d44 | out: lpFileInformation=0xc000045d44) returned 1 [0112.592] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000045d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000045d28) returned 1 [0112.593] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000238700, nNumberOfBytesToRead=0x32c, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc000238700*, lpNumberOfBytesRead=0xc000045c04*=0x12c, lpOverlapped=0x0) returned 1 [0112.597] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00023882c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc00023882c*, lpNumberOfBytesRead=0xc000045c04*=0x0, lpOverlapped=0x0) returned 1 [0112.598] CloseHandle (hObject=0x1b0) returned 1 [0112.598] VirtualAlloc (lpAddress=0xc00038a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00038a000 [0112.598] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0112.604] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000045d04 | out: lpMode=0xc000045d04) returned 0 [0112.699] SwitchToThread () returned 1 [0112.701] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.706] GetFileType (hFile=0x1b0) returned 0x1 [0112.706] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0003ca140*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0xc000045cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003ca140*, lpNumberOfBytesWritten=0xc000045cec*=0x130, lpOverlapped=0x0) returned 1 [0112.707] CloseHandle (hObject=0x1b0) returned 1 [0112.711] SwitchToThread () returned 1 [0112.714] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0112.714] VirtualAlloc (lpAddress=0xc00038e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00038e000 [0112.715] VirtualAlloc (lpAddress=0xc000390000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000390000 [0112.715] VirtualAlloc (lpAddress=0xc000392000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000392000 [0112.716] VirtualAlloc (lpAddress=0xc000394000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000394000 [0112.716] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0112.716] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000045d64 | out: lpMode=0xc000045d64) returned 0 [0112.719] GetFileType (hFile=0x128) returned 0x1 [0112.719] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0112.719] WriteFile (in: hFile=0x128, lpBuffer=0xc000250000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000045d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000250000*, lpNumberOfBytesWritten=0xc000045d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.719] CloseHandle (hObject=0x128) returned 1 [0112.722] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0112.722] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0112.722] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0112.723] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-AAmRY2Q[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-aamry2q[1].png"), dwFlags=0x1) returned 1 [0112.757] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0112.757] SetEvent (hEvent=0xb8) returned 1 [0112.757] VirtualAlloc (lpAddress=0xc000398000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000398000 [0112.758] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.761] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.761] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0112.761] SetEvent (hEvent=0xb8) returned 1 [0112.761] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.768] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.790] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.808] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.811] SetEvent (hEvent=0x9c) returned 1 [0112.811] SetEvent (hEvent=0x108) returned 1 [0112.811] VirtualFree (lpAddress=0xc0003a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.811] VirtualFree (lpAddress=0xc0003a0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.812] VirtualFree (lpAddress=0xc000346000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.812] VirtualFree (lpAddress=0xc0002f4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.812] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010158*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc000010158*, lpNumberOfCharsWritten=0xc0006dd818*=0x2) returned 1 [0112.813] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.817] SetEvent (hEvent=0x120) returned 1 [0112.817] SetEvent (hEvent=0x9c) returned 1 [0112.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0112.818] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0112.821] GetFileType (hFile=0x128) returned 0x1 [0112.821] GetFileType (hFile=0x128) returned 0x1 [0112.821] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0112.821] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0112.822] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0112.822] ReadFile (in: hFile=0x128, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x9c9, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc000241c04*=0x7c9, lpOverlapped=0x0) returned 1 [0112.824] ReadFile (in: hFile=0x128, lpBuffer=0xc0000367c9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000367c9*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0112.824] CloseHandle (hObject=0x128) returned 1 [0112.824] SwitchToThread () returned 1 [0112.827] VirtualAlloc (lpAddress=0xc0003ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ac000 [0112.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0112.832] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0112.834] GetFileType (hFile=0x128) returned 0x1 [0112.835] WriteFile (in: hFile=0x128, lpBuffer=0xc0003ac000*, nNumberOfBytesToWrite=0x7d0, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003ac000*, lpNumberOfBytesWritten=0xc000241cec*=0x7d0, lpOverlapped=0x0) returned 1 [0112.836] CloseHandle (hObject=0x128) returned 1 [0112.836] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0112.836] VirtualAlloc (lpAddress=0xc0003ae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ae000 [0112.837] VirtualAlloc (lpAddress=0xc0003b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003b0000 [0112.837] VirtualAlloc (lpAddress=0xc0003b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003b2000 [0112.838] VirtualAlloc (lpAddress=0xc0003b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003b4000 [0112.838] VirtualAlloc (lpAddress=0xc0003b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003b6000 [0112.839] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0112.839] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0112.839] GetFileType (hFile=0x1b0) returned 0x1 [0112.839] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0003b62c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0003b62c0*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.839] CloseHandle (hObject=0x1b0) returned 1 [0112.841] VirtualAlloc (lpAddress=0xc0003b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003b8000 [0112.841] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBDtcM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbdtcm[1].jpg"), dwFlags=0x1) returned 1 [0112.881] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.883] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.885] SetEvent (hEvent=0x1a0) returned 1 [0112.885] SetEvent (hEvent=0x164) returned 1 [0112.885] SetEvent (hEvent=0x120) returned 1 [0112.885] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.891] SetEvent (hEvent=0xb8) returned 1 [0112.891] SetEvent (hEvent=0x120) returned 1 [0112.891] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.904] SetEvent (hEvent=0xb8) returned 1 [0112.904] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.913] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.922] SetEvent (hEvent=0x9c) returned 1 [0112.922] SetEvent (hEvent=0xb8) returned 1 [0112.922] SetEvent (hEvent=0x108) returned 1 [0112.922] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.931] SetEvent (hEvent=0x9c) returned 1 [0112.931] SetEvent (hEvent=0x15c) returned 1 [0112.931] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.961] SetEvent (hEvent=0x9c) returned 1 [0112.962] SetEvent (hEvent=0xb8) returned 1 [0112.962] SetEvent (hEvent=0x108) returned 1 [0112.962] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0112.963] SetEvent (hEvent=0x9c) returned 1 [0112.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0112.964] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000159cf4 | out: lpMode=0xc000159cf4) returned 0 [0112.967] GetFileType (hFile=0x128) returned 0x1 [0112.967] GetFileType (hFile=0x128) returned 0x1 [0112.967] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000159d44 | out: lpFileInformation=0xc000159d44) returned 1 [0112.967] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000159d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000159d28) returned 1 [0112.967] VirtualAlloc (lpAddress=0xc000072000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0112.968] ReadFile (in: hFile=0x128, lpBuffer=0xc000072000, nNumberOfBytesToRead=0x4af4, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfBytesRead=0xc000159c04*=0x48f4, lpOverlapped=0x0) returned 1 [0112.977] ReadFile (in: hFile=0x128, lpBuffer=0xc0000768f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000768f4*, lpNumberOfBytesRead=0xc000159c04*=0x0, lpOverlapped=0x0) returned 1 [0112.977] CloseHandle (hObject=0x128) returned 1 [0112.977] VirtualAlloc (lpAddress=0xc000160000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0112.978] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0112.994] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000159d04 | out: lpMode=0xc000159d04) returned 0 [0112.998] GetFileType (hFile=0x1d4) returned 0x1 [0112.998] WriteFile (in: hFile=0x1d4, lpBuffer=0xc000160000*, nNumberOfBytesToWrite=0x4900, lpNumberOfBytesWritten=0xc000159cec, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesWritten=0xc000159cec*=0x4900, lpOverlapped=0x0) returned 1 [0112.999] CloseHandle (hObject=0x1d4) returned 1 [0113.006] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0701 | out: pbBuffer=0xc0000e0701) returned 1 [0113.007] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0113.007] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000159d64 | out: lpMode=0xc000159d64) returned 0 [0113.007] GetFileType (hFile=0x1b4) returned 0x1 [0113.007] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00037a9a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000159d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00037a9a0*, lpNumberOfBytesWritten=0xc000159d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.008] CloseHandle (hObject=0x1b4) returned 1 [0113.009] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBPhAr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbphar[1].jpg"), dwFlags=0x1) returned 1 [0113.075] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0113.076] SetEvent (hEvent=0x15c) returned 1 [0113.076] SetEvent (hEvent=0x13c) returned 1 [0113.076] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.076] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.077] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.077] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.077] VirtualFree (lpAddress=0xc00004c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.078] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.078] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001f7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc0001f7818*=0x2) returned 1 [0113.079] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0113.082] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0113.179] SwitchToThread () returned 1 [0113.183] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0113.189] SwitchToThread () returned 1 [0113.192] SetEvent (hEvent=0xb8) returned 1 [0113.192] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0113.196] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0113.198] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0113.198] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0113.198] SetEvent (hEvent=0x198) returned 1 [0113.199] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0113.265] SetEvent (hEvent=0x198) returned 1 [0113.265] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0113.273] SetEvent (hEvent=0x9c) returned 1 [0113.273] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0113.477] SwitchToThread () returned 1 [0113.481] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0113.490] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0113.494] SetEvent (hEvent=0x108) returned 1 [0113.494] SetEvent (hEvent=0x15c) returned 1 [0113.494] VirtualFree (lpAddress=0xc000298000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.495] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.495] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.496] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.496] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.496] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.497] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.497] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001a7818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc0001a7818*=0x2) returned 1 [0113.504] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0113.506] SetEvent (hEvent=0x164) returned 1 [0113.506] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0113.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0113.509] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0002cdcf4 | out: lpMode=0xc0002cdcf4) returned 0 [0113.509] GetFileType (hFile=0x1b0) returned 0x1 [0113.509] GetFileType (hFile=0x1b0) returned 0x1 [0113.509] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0002cdd44 | out: lpFileInformation=0xc0002cdd44) returned 1 [0113.510] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0002cdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002cdd28) returned 1 [0113.510] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0113.510] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x951, lpNumberOfBytesRead=0xc0002cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc0002cdc04*=0x751, lpOverlapped=0x0) returned 1 [0113.515] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00003c751, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c751*, lpNumberOfBytesRead=0xc0002cdc04*=0x0, lpOverlapped=0x0) returned 1 [0113.515] CloseHandle (hObject=0x1b0) returned 1 [0113.515] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0113.516] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0113.516] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0113.517] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0113.517] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.522] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0002cdd04 | out: lpMode=0xc0002cdd04) returned 0 [0113.523] GetFileType (hFile=0xec) returned 0x1 [0113.523] WriteFile (in: hFile=0xec, lpBuffer=0xc000058000*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0xc0002cdcec, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesWritten=0xc0002cdcec*=0x760, lpOverlapped=0x0) returned 1 [0113.525] CloseHandle (hObject=0xec) returned 1 [0113.531] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0113.531] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0113.531] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0113.532] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0113.532] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0113.532] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0113.533] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0113.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.533] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0002cdd64 | out: lpMode=0xc0002cdd64) returned 0 [0113.537] GetFileType (hFile=0x1b0) returned 0x1 [0113.537] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002cdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0002cdd4c*=0x158, lpOverlapped=0x0) returned 1 [0113.538] CloseHandle (hObject=0x1b0) returned 1 [0113.540] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBC0D8i[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbc0d8i[1].jpg"), dwFlags=0x1) returned 1 [0113.584] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0113.584] SetEvent (hEvent=0x15c) returned 1 [0113.584] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0113.586] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.589] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0113.589] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0113.589] SetEvent (hEvent=0x15c) returned 1 [0113.589] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.594] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0113.594] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0114.073] SetEvent (hEvent=0x15c) returned 1 [0114.073] SetEvent (hEvent=0xb8) returned 1 [0114.073] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0114.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0114.120] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000155cf4 | out: lpMode=0xc000155cf4) returned 0 [0114.125] GetFileType (hFile=0x1bc) returned 0x1 [0114.125] GetFileType (hFile=0x1bc) returned 0x1 [0114.125] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000155d44 | out: lpFileInformation=0xc000155d44) returned 1 [0114.125] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000155d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000155d28) returned 1 [0114.125] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0114.127] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x3576, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc000155c04*=0x3376, lpOverlapped=0x0) returned 1 [0114.138] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0114.198] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00025d376, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025d376*, lpNumberOfBytesRead=0xc000155c04*=0x0, lpOverlapped=0x0) returned 1 [0114.198] CloseHandle (hObject=0x1bc) returned 1 [0114.198] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0114.200] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0114.224] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0114.256] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc000155d04 | out: lpMode=0xc000155d04) returned 0 [0114.257] GetFileType (hFile=0x184) returned 0x1 [0114.257] WriteFile (in: hFile=0x184, lpBuffer=0xc0002e2000*, nNumberOfBytesToWrite=0x3380, lpNumberOfBytesWritten=0xc000155cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesWritten=0xc000155cec*=0x3380, lpOverlapped=0x0) returned 1 [0114.259] CloseHandle (hObject=0x184) returned 1 [0114.267] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0114.267] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00026a001 | out: pbBuffer=0xc00026a001) returned 1 [0114.268] VirtualAlloc (lpAddress=0xc000306000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000306000 [0114.268] VirtualAlloc (lpAddress=0xc000308000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000308000 [0114.269] VirtualAlloc (lpAddress=0xc00030a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030a000 [0114.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0114.269] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000155d64 | out: lpMode=0xc000155d64) returned 0 [0114.276] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0114.290] GetFileType (hFile=0x1ec) returned 0x1 [0114.290] WriteFile (in: hFile=0x1ec, lpBuffer=0xc00007cdc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000155d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007cdc0*, lpNumberOfBytesWritten=0xc000155d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.291] CloseHandle (hObject=0x1ec) returned 1 [0114.294] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0114.295] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBzhWWE[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbzhwwe[1].jpg"), dwFlags=0x1) returned 1 [0114.506] SwitchToThread () returned 1 [0114.507] SetEvent (hEvent=0x1dc) returned 1 [0114.507] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0114.509] SetEvent (hEvent=0x1dc) returned 1 [0114.509] SetEvent (hEvent=0x164) returned 1 [0114.509] SetEvent (hEvent=0x13c) returned 1 [0114.509] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0114.510] SetEvent (hEvent=0x8c) returned 1 [0114.510] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0115.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x204 [0115.653] GetConsoleMode (in: hConsoleHandle=0x204, lpMode=0xc000191cf4 | out: lpMode=0xc000191cf4) returned 0 [0115.658] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0115.686] GetFileType (hFile=0x204) returned 0x1 [0115.686] GetFileType (hFile=0x204) returned 0x1 [0115.686] GetFileInformationByHandle (in: hFile=0x204, lpFileInformation=0xc000191d44 | out: lpFileInformation=0xc000191d44) returned 1 [0115.686] GetFileInformationByHandleEx (in: hFile=0x204, FileInformationClass=0x9, lpFileInformation=0xc000191d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000191d28) returned 1 [0115.687] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0115.687] ReadFile (in: hFile=0x204, lpBuffer=0xc000104000, nNumberOfBytesToRead=0x4fc, lpNumberOfBytesRead=0xc000191c04, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesRead=0xc000191c04*=0x2fc, lpOverlapped=0x0) returned 1 [0115.692] ReadFile (in: hFile=0x204, lpBuffer=0xc0001042fc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000191c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001042fc*, lpNumberOfBytesRead=0xc000191c04*=0x0, lpOverlapped=0x0) returned 1 [0115.692] CloseHandle (hObject=0x204) returned 1 [0115.692] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0115.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x22c [0115.725] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc000191d04 | out: lpMode=0xc000191d04) returned 0 [0115.738] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0115.914] GetFileType (hFile=0x22c) returned 0x1 [0115.914] WriteFile (in: hFile=0x22c, lpBuffer=0xc000120000*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0xc000191cec, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesWritten=0xc000191cec*=0x300, lpOverlapped=0x0) returned 1 [0115.915] CloseHandle (hObject=0x22c) returned 1 [0115.918] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0115.955] SetEvent (hEvent=0x15c) returned 1 [0115.955] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0115.959] SetEvent (hEvent=0x29c) returned 1 [0115.959] SetEvent (hEvent=0x13c) returned 1 [0115.959] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0115.980] SetEvent (hEvent=0xec) returned 1 [0115.980] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0115.984] SetEvent (hEvent=0x1b4) returned 1 [0115.984] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0115.995] SetEvent (hEvent=0x26c) returned 1 [0115.995] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0115.997] SetEvent (hEvent=0x1d4) returned 1 [0115.997] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0116.012] SetEvent (hEvent=0x24c) returned 1 [0116.013] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0116.027] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d0 [0116.028] GetConsoleMode (in: hConsoleHandle=0x2d0, lpMode=0xc0000f5cf4 | out: lpMode=0xc0000f5cf4) returned 0 [0116.031] GetFileType (hFile=0x2d0) returned 0x1 [0116.031] GetFileType (hFile=0x2d0) returned 0x1 [0116.031] GetFileInformationByHandle (in: hFile=0x2d0, lpFileInformation=0xc0000f5d44 | out: lpFileInformation=0xc0000f5d44) returned 1 [0116.031] GetFileInformationByHandleEx (in: hFile=0x2d0, FileInformationClass=0x9, lpFileInformation=0xc0000f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f5d28) returned 1 [0116.031] ReadFile (in: hFile=0x2d0, lpBuffer=0xc00029aa80, nNumberOfBytesToRead=0x955, lpNumberOfBytesRead=0xc0000f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029aa80*, lpNumberOfBytesRead=0xc0000f5c04*=0x755, lpOverlapped=0x0) returned 1 [0116.035] ReadFile (in: hFile=0x2d0, lpBuffer=0xc00029b1d5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029b1d5*, lpNumberOfBytesRead=0xc0000f5c04*=0x0, lpOverlapped=0x0) returned 1 [0116.035] CloseHandle (hObject=0x2d0) returned 1 [0116.036] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0116.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0116.117] GetConsoleMode (in: hConsoleHandle=0x254, lpMode=0xc0000f5d04 | out: lpMode=0xc0000f5d04) returned 0 [0116.120] GetFileType (hFile=0x254) returned 0x1 [0116.120] WriteFile (in: hFile=0x254, lpBuffer=0xc0002fe000*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0xc0000f5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002fe000*, lpNumberOfBytesWritten=0xc0000f5cec*=0x760, lpOverlapped=0x0) returned 1 [0116.121] CloseHandle (hObject=0x254) returned 1 [0116.123] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0116.124] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f8 [0116.124] GetConsoleMode (in: hConsoleHandle=0x2f8, lpMode=0xc0000f5d64 | out: lpMode=0xc0000f5d64) returned 0 [0116.125] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0116.181] GetFileType (hFile=0x2f8) returned 0x1 [0116.181] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0116.182] WriteFile (in: hFile=0x2f8, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc0000f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.182] CloseHandle (hObject=0x2f8) returned 1 [0116.192] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdpyr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedpyr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEdpyr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbedpyr[1].jpg"), dwFlags=0x1) returned 1 [0116.675] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0116.676] SetEvent (hEvent=0x2b0) returned 1 [0116.676] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.677] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0116.677] SetEvent (hEvent=0x2b0) returned 1 [0116.677] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.681] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0117.398] SetEvent (hEvent=0x12c) returned 1 [0117.398] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0117.408] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0117.409] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001a5cf4 | out: lpMode=0xc0001a5cf4) returned 0 [0117.412] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0117.607] GetFileType (hFile=0x370) returned 0x1 [0117.607] GetFileType (hFile=0x370) returned 0x1 [0117.607] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc0001a5d44 | out: lpFileInformation=0xc0001a5d44) returned 1 [0117.607] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc0001a5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a5d28) returned 1 [0117.607] VirtualAlloc (lpAddress=0xc0004e0000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004e0000 [0117.608] ReadFile (in: hFile=0x370, lpBuffer=0xc0004e0000, nNumberOfBytesToRead=0x4aba, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004e0000*, lpNumberOfBytesRead=0xc0001a5c04*=0x48ba, lpOverlapped=0x0) returned 1 [0117.612] ReadFile (in: hFile=0x370, lpBuffer=0xc0004e48ba, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004e48ba*, lpNumberOfBytesRead=0xc0001a5c04*=0x0, lpOverlapped=0x0) returned 1 [0117.612] CloseHandle (hObject=0x370) returned 1 [0117.613] VirtualAlloc (lpAddress=0xc0004ea000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004ea000 [0117.614] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0117.766] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0117.778] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001a5d04 | out: lpMode=0xc0001a5d04) returned 0 [0117.779] GetFileType (hFile=0x174) returned 0x1 [0117.779] WriteFile (in: hFile=0x174, lpBuffer=0xc0004ea000*, nNumberOfBytesToWrite=0x48c0, lpNumberOfBytesWritten=0xc0001a5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0004ea000*, lpNumberOfBytesWritten=0xc0001a5cec*=0x48c0, lpOverlapped=0x0) returned 1 [0117.781] CloseHandle (hObject=0x174) returned 1 [0117.786] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0117.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0117.786] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001a5d64 | out: lpMode=0xc0001a5d64) returned 0 [0117.789] GetFileType (hFile=0x174) returned 0x1 [0117.789] WriteFile (in: hFile=0x174, lpBuffer=0xc0001822c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001822c0*, lpNumberOfBytesWritten=0xc0001a5d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.789] CloseHandle (hObject=0x174) returned 1 [0117.816] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0117.823] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-eula-mac[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-eula-mac[1].jpg"), dwFlags=0x1) returned 1 [0118.421] SetEvent (hEvent=0x208) returned 1 [0118.421] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0118.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x284 [0118.790] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc0004d9cf4 | out: lpMode=0xc0004d9cf4) returned 0 [0118.792] GetFileType (hFile=0x284) returned 0x1 [0118.792] GetFileType (hFile=0x284) returned 0x1 [0118.792] GetFileInformationByHandle (in: hFile=0x284, lpFileInformation=0xc0004d9d44 | out: lpFileInformation=0xc0004d9d44) returned 1 [0118.793] GetFileInformationByHandleEx (in: hFile=0x284, FileInformationClass=0x9, lpFileInformation=0xc0004d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004d9d28) returned 1 [0118.793] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0118.793] ReadFile (in: hFile=0x284, lpBuffer=0xc000074000, nNumberOfBytesToRead=0x836, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000074000*, lpNumberOfBytesRead=0xc0004d9c04*=0x636, lpOverlapped=0x0) returned 1 [0118.797] ReadFile (in: hFile=0x284, lpBuffer=0xc000074636, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000074636*, lpNumberOfBytesRead=0xc0004d9c04*=0x0, lpOverlapped=0x0) returned 1 [0118.797] CloseHandle (hObject=0x284) returned 1 [0118.798] VirtualAlloc (lpAddress=0xc000284000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000284000 [0118.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0118.799] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc0004d9d04 | out: lpMode=0xc0004d9d04) returned 0 [0118.807] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0118.858] GetFileType (hFile=0x284) returned 0x1 [0118.858] WriteFile (in: hFile=0x284, lpBuffer=0xc000284000*, nNumberOfBytesToWrite=0x640, lpNumberOfBytesWritten=0xc0004d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000284000*, lpNumberOfBytesWritten=0xc0004d9cec*=0x640, lpOverlapped=0x0) returned 1 [0118.859] CloseHandle (hObject=0x284) returned 1 [0118.859] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a001 | out: pbBuffer=0xc00031a001) returned 1 [0118.860] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0118.860] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0118.860] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc0004d9d64 | out: lpMode=0xc0004d9d64) returned 0 [0118.868] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0118.958] SetEvent (hEvent=0x334) returned 1 [0118.958] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0118.959] SetEvent (hEvent=0x334) returned 1 [0118.959] VirtualFree (lpAddress=0xc0002cc000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0118.960] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.960] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.961] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.961] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.961] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.961] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.962] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.962] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.962] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.963] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.963] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.963] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.964] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.964] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.964] SetEvent (hEvent=0x144) returned 1 [0118.964] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0118.979] SetEvent (hEvent=0x144) returned 1 [0118.979] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0118.981] SetEvent (hEvent=0x144) returned 1 [0118.982] SetEvent (hEvent=0x364) returned 1 [0118.982] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0118.987] SetEvent (hEvent=0x144) returned 1 [0118.987] SetEvent (hEvent=0x28c) returned 1 [0118.987] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0118.989] SetEvent (hEvent=0x15c) returned 1 [0118.989] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0119.003] SetEvent (hEvent=0xb8) returned 1 [0119.003] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0119.012] GetFileType (hFile=0x3dc) returned 0x1 [0119.012] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0000e6000*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0xc00023dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e6000*, lpNumberOfBytesWritten=0xc00023dcec*=0x1e0, lpOverlapped=0x0) returned 1 [0119.012] CloseHandle (hObject=0x3dc) returned 1 [0119.014] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0119.113] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a601 | out: pbBuffer=0xc00031a601) returned 1 [0119.113] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0119.113] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00023dd64 | out: lpMode=0xc00023dd64) returned 0 [0119.115] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0119.181] GetFileType (hFile=0x36c) returned 0x1 [0119.181] WriteFile (in: hFile=0x36c, lpBuffer=0xc0001c1080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c1080*, lpNumberOfBytesWritten=0xc00023dd4c*=0x158, lpOverlapped=0x0) returned 1 [0119.182] CloseHandle (hObject=0x36c) returned 1 [0119.182] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-AA58NQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-aa58nqj[1].png"), dwFlags=0x1) returned 1 [0119.896] SetEvent (hEvent=0x144) returned 1 [0119.896] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.537] SetEvent (hEvent=0x198) returned 1 [0120.537] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.541] SetEvent (hEvent=0x30c) returned 1 [0120.541] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.547] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586588*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002df818, lpReserved=0x0 | out: lpBuffer=0xc000586588*, lpNumberOfCharsWritten=0xc0002df818*=0x3) returned 1 [0120.555] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.611] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0120.612] SetEvent (hEvent=0x24c) returned 1 [0120.612] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.617] SetEvent (hEvent=0xfc) returned 1 [0120.617] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.628] SetEvent (hEvent=0x334) returned 1 [0120.629] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.642] SetEvent (hEvent=0x258) returned 1 [0120.642] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.645] SetEvent (hEvent=0xfc) returned 1 [0120.645] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.648] SetEvent (hEvent=0x13c) returned 1 [0120.649] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.657] SetEvent (hEvent=0x30c) returned 1 [0120.657] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.658] SetEvent (hEvent=0x324) returned 1 [0120.658] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.686] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.705] SetEvent (hEvent=0x148) returned 1 [0120.705] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.705] SetEvent (hEvent=0x148) returned 1 [0120.705] SetEvent (hEvent=0x208) returned 1 [0120.705] VirtualFree (lpAddress=0xc000346000, dwSize=0x5e000, dwFreeType=0x4000) returned 1 [0120.708] VirtualFree (lpAddress=0xc00031c000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0120.709] VirtualFree (lpAddress=0xc0002f8000, dwSize=0x1e000, dwFreeType=0x4000) returned 1 [0120.710] VirtualFree (lpAddress=0xc0002be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.710] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0120.711] VirtualFree (lpAddress=0xc000284000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.712] VirtualFree (lpAddress=0xc000280000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.712] VirtualFree (lpAddress=0xc00027c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.713] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0120.713] VirtualFree (lpAddress=0xc000222000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.714] VirtualFree (lpAddress=0xc000212000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0120.715] VirtualFree (lpAddress=0xc000202000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0120.715] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0120.716] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.716] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0120.716] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0120.717] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.717] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0120.718] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0120.718] VirtualFree (lpAddress=0xc000160000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.718] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.719] VirtualFree (lpAddress=0xc00010c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0120.719] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.719] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0120.720] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.720] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0120.721] VirtualFree (lpAddress=0xc0000b6000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0120.721] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.721] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.722] VirtualFree (lpAddress=0xc00006a000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0120.723] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.723] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.723] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.724] VirtualFree (lpAddress=0xc00003e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.725] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.725] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000031818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc000031818*=0x3) returned 1 [0120.726] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.747] SetEvent (hEvent=0x148) returned 1 [0120.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x308 [0120.748] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc0001f7cf4 | out: lpMode=0xc0001f7cf4) returned 0 [0120.749] GetFileType (hFile=0x308) returned 0x1 [0120.749] GetFileType (hFile=0x308) returned 0x1 [0120.749] GetFileInformationByHandle (in: hFile=0x308, lpFileInformation=0xc0001f7d44 | out: lpFileInformation=0xc0001f7d44) returned 1 [0120.749] GetFileInformationByHandleEx (in: hFile=0x308, FileInformationClass=0x9, lpFileInformation=0xc0001f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f7d28) returned 1 [0120.749] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x3e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0120.756] ReadFile (in: hFile=0x308, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x3c120, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc0001f7c04*=0x3bf20, lpOverlapped=0x0) returned 1 [0120.760] ReadFile (in: hFile=0x308, lpBuffer=0xc000381f20, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000381f20*, lpNumberOfBytesRead=0xc0001f7c04*=0x0, lpOverlapped=0x0) returned 1 [0120.760] CloseHandle (hObject=0x308) returned 1 [0120.760] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0120.761] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0120.761] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0120.761] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0120.761] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0xf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0120.761] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0120.761] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0120.761] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0120.762] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x3b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0120.762] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x1d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0120.762] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0120.762] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0120.762] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0120.762] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ff000 [0120.763] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x3a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0120.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0120.777] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001f7d04 | out: lpMode=0xc0001f7d04) returned 0 [0120.778] GetFileType (hFile=0x1b0) returned 0x1 [0120.778] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0003fe000*, nNumberOfBytesToWrite=0x3bf30, lpNumberOfBytesWritten=0xc0001f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesWritten=0xc0001f7cec*=0x3bf30, lpOverlapped=0x0) returned 1 [0120.783] CloseHandle (hObject=0x1b0) returned 1 [0120.791] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0120.791] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0120.792] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0120.792] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001f7d64 | out: lpMode=0xc0001f7d64) returned 0 [0120.793] GetFileType (hFile=0x1b0) returned 0x1 [0120.793] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.793] CloseHandle (hObject=0x1b0) returned 1 [0120.849] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0120.850] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-chrome-installer.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-chrome-installer.min[1].js"), dwFlags=0x1) returned 1 [0120.941] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.942] SetEvent (hEvent=0x12c) returned 1 [0120.942] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.943] SetEvent (hEvent=0x30c) returned 1 [0120.943] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.951] SwitchToThread () returned 1 [0120.952] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0120.953] SetEvent (hEvent=0x12c) returned 1 [0120.953] SetEvent (hEvent=0x3c0) returned 1 [0120.953] VirtualFree (lpAddress=0xc000330000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0120.954] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.954] VirtualFree (lpAddress=0xc000282000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.955] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.955] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.956] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.956] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.956] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0120.957] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0120.957] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0120.957] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0120.958] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0120.959] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0120.959] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0002a1d64 | out: lpMode=0xc0002a1d64) returned 0 [0120.967] GetFileType (hFile=0x1b0) returned 0x1 [0120.967] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0002a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.967] CloseHandle (hObject=0x1b0) returned 1 [0120.967] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-chrome_logo_2x[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-chrome_logo_2x[1].png"), dwFlags=0x1) returned 1 [0121.050] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0121.050] SetEvent (hEvent=0x13c) returned 1 [0121.050] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0121.052] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.052] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0121.052] SetEvent (hEvent=0x13c) returned 1 [0121.052] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.066] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0121.066] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0121.128] SwitchToThread () returned 1 [0121.129] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0121.578] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0121.582] SetEvent (hEvent=0x354) returned 1 [0121.582] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0122.293] SetEvent (hEvent=0x12c) returned 1 [0122.293] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0122.302] SetEvent (hEvent=0xfc) returned 1 [0122.302] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0122.302] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00023dcf4 | out: lpMode=0xc00023dcf4) returned 0 [0122.303] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0122.304] GetFileType (hFile=0x384) returned 0x1 [0122.304] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0122.356] SetEvent (hEvent=0x354) returned 1 [0122.356] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0122.359] SetEvent (hEvent=0x354) returned 1 [0122.359] SetEvent (hEvent=0x39c) returned 1 [0122.359] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0122.473] SetEvent (hEvent=0x12c) returned 1 [0122.473] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0122.475] SetEvent (hEvent=0x12c) returned 1 [0122.475] SetEvent (hEvent=0xec) returned 1 [0122.475] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0122.488] SetEvent (hEvent=0x30c) returned 1 [0122.489] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0122.954] SetEvent (hEvent=0x354) returned 1 [0122.954] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0123.839] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0123.840] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000197d04 | out: lpMode=0xc000197d04) returned 0 [0123.844] GetFileType (hFile=0x36c) returned 0x1 [0123.844] WriteFile (in: hFile=0x36c, lpBuffer=0xc0002a6500*, nNumberOfBytesToWrite=0x2010, lpNumberOfBytesWritten=0xc000197cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a6500*, lpNumberOfBytesWritten=0xc000197cec*=0x2010, lpOverlapped=0x0) returned 1 [0123.846] CloseHandle (hObject=0x36c) returned 1 [0123.846] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0123.846] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0123.847] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0123.847] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0123.848] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0123.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0123.849] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000197d64 | out: lpMode=0xc000197d64) returned 0 [0123.854] GetFileType (hFile=0x36c) returned 0x1 [0123.854] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000e82c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000197d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000e82c0*, lpNumberOfBytesWritten=0xc000197d4c*=0x158, lpOverlapped=0x0) returned 1 [0123.855] CloseHandle (hObject=0x36c) returned 1 [0123.855] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0123.855] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\encry-edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\encry-edb.chk"), dwFlags=0x1) returned 1 [0123.857] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0123.860] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0123.860] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0123.860] SetEvent (hEvent=0xc0) returned 1 [0123.860] SetEvent (hEvent=0x334) returned 1 [0123.860] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0123.862] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.868] SetEvent (hEvent=0x258) returned 1 [0123.868] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.874] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.876] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0123.876] SetEvent (hEvent=0x3c4) returned 1 [0123.876] SetEvent (hEvent=0x12c) returned 1 [0123.876] SetEvent (hEvent=0x258) returned 1 [0123.876] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0123.878] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0123.878] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\msimgsiz.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\encry-MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\encry-msimgsiz.dat"), dwFlags=0x1) returned 1 [0123.893] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0123.896] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0123.896] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0123.896] SetEvent (hEvent=0xc0) returned 1 [0123.896] SetEvent (hEvent=0x3c0) returned 1 [0123.896] SetEvent (hEvent=0x258) returned 1 [0123.897] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.913] SetEvent (hEvent=0x258) returned 1 [0123.913] SetEvent (hEvent=0x3c0) returned 1 [0123.913] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.924] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0123.924] SetEvent (hEvent=0x1a0) returned 1 [0123.924] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0123.990] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0123.990] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0123.991] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0123.991] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0123.991] SetEvent (hEvent=0xc0) returned 1 [0123.991] SetEvent (hEvent=0x1a0) returned 1 [0123.991] SetEvent (hEvent=0x13c) returned 1 [0123.991] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0123.993] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.007] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.057] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0124.057] SetEvent (hEvent=0xfc) returned 1 [0124.057] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0124.084] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0124.084] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.084] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0124.085] SetEvent (hEvent=0xc0) returned 1 [0124.085] SetEvent (hEvent=0x1a0) returned 1 [0124.085] SetEvent (hEvent=0x13c) returned 1 [0124.086] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.087] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.087] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0124.087] SetEvent (hEvent=0x1a0) returned 1 [0124.087] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.163] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.383] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0124.383] SetEvent (hEvent=0xc0) returned 1 [0124.383] SetEvent (hEvent=0x30c) returned 1 [0124.383] SetEvent (hEvent=0x13c) returned 1 [0124.384] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0124.430] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0124.430] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0124.484] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0124.484] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0124.484] SetEvent (hEvent=0xfc) returned 1 [0124.484] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.522] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0124.522] SetEvent (hEvent=0x13c) returned 1 [0124.522] SetEvent (hEvent=0x30c) returned 1 [0124.522] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0124.523] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0124.526] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0124.526] SetEvent (hEvent=0x30c) returned 1 [0124.526] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0124.532] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0124.532] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0124.535] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0124.535] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0124.535] SetEvent (hEvent=0xec) returned 1 [0124.535] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.577] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0124.582] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0124.582] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0124.582] SetEvent (hEvent=0x39c) returned 1 [0124.582] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.586] SetEvent (hEvent=0x39c) returned 1 [0124.586] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.685] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0124.686] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0124.688] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0124.688] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0124.688] SetEvent (hEvent=0xc0) returned 1 [0124.689] SetEvent (hEvent=0x1a0) returned 1 [0124.689] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.701] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.702] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0124.702] SetEvent (hEvent=0x324) returned 1 [0124.702] SetEvent (hEvent=0x39c) returned 1 [0124.703] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.706] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.710] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0124.710] SetEvent (hEvent=0x39c) returned 1 [0124.710] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0124.830] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0124.830] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0124.831] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0124.831] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0124.832] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0124.833] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0124.833] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0001c7d04 | out: lpMode=0xc0001c7d04) returned 0 [0124.846] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0124.862] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0124.865] SetEvent (hEvent=0x3c8) returned 1 [0124.865] SetEvent (hEvent=0x39c) returned 1 [0124.865] SetEvent (hEvent=0x324) returned 1 [0124.865] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0124.876] SwitchToThread () returned 1 [0124.879] SetEvent (hEvent=0x3c8) returned 1 [0124.880] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0124.883] SetEvent (hEvent=0x324) returned 1 [0124.883] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0124.905] SetEvent (hEvent=0x3c8) returned 1 [0124.905] SetEvent (hEvent=0x324) returned 1 [0124.905] VirtualFree (lpAddress=0xc000368000, dwSize=0x22000, dwFreeType=0x4000) returned 1 [0124.907] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.907] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.907] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.908] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.908] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.909] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.909] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.909] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.910] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.910] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.911] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.911] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0124.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0124.912] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc0002dfcf4 | out: lpMode=0xc0002dfcf4) returned 0 [0124.918] GetFileType (hFile=0x2c4) returned 0x1 [0124.918] GetFileType (hFile=0x2c4) returned 0x1 [0124.918] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc0002dfd44 | out: lpFileInformation=0xc0002dfd44) returned 1 [0124.918] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc0002dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002dfd28) returned 1 [0124.919] VirtualAlloc (lpAddress=0xc00031c000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031c000 [0124.921] ReadFile (in: hFile=0x2c4, lpBuffer=0xc00031c000, nNumberOfBytesToRead=0x10f22, lpNumberOfBytesRead=0xc0002dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00031c000*, lpNumberOfBytesRead=0xc0002dfc04*=0x10d22, lpOverlapped=0x0) returned 1 [0124.936] ReadFile (in: hFile=0x2c4, lpBuffer=0xc00032cd22, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00032cd22*, lpNumberOfBytesRead=0xc0002dfc04*=0x0, lpOverlapped=0x0) returned 1 [0124.936] CloseHandle (hObject=0x2c4) returned 1 [0124.936] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0124.938] SetEvent (hEvent=0x3c8) returned 1 [0124.938] SetEvent (hEvent=0x324) returned 1 [0124.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0124.939] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000035cf4 | out: lpMode=0xc000035cf4) returned 0 [0124.941] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0124.945] GetFileType (hFile=0x3d8) returned 0x1 [0124.945] GetFileType (hFile=0x3d8) returned 0x1 [0124.945] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc000035d44 | out: lpFileInformation=0xc000035d44) returned 1 [0124.945] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc000035d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000035d28) returned 1 [0124.945] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x402000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.945] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x402000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.945] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x201000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.945] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x100000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e4000 [0124.948] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0x302000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.948] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0x181000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.948] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0xc0000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.948] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.948] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.948] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007e4000 [0124.948] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x2ea000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.948] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x175000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.948] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0xba000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.949] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x5d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.949] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x2e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.949] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x17000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.949] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.949] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.949] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fc000 [0124.949] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x2e8000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.949] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x174000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.949] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0xba000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.949] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x5d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.949] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x2e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.949] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x17000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.949] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.950] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.950] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fe000 [0124.950] VirtualAlloc (lpAddress=0xc000800000, dwSize=0x2e6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0124.998] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0006e4000, nNumberOfBytesToRead=0x400200, lpNumberOfBytesRead=0xc000035c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006e4000*, lpNumberOfBytesRead=0xc000035c04*=0x400000, lpOverlapped=0x0) returned 1 [0125.191] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000ae4000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000035c04, lpOverlapped=0x0 | out: lpBuffer=0xc000ae4000*, lpNumberOfBytesRead=0xc000035c04*=0x0, lpOverlapped=0x0) returned 1 [0125.192] CloseHandle (hObject=0x3d8) returned 1 [0125.192] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0125.192] VirtualAlloc (lpAddress=0xc000ae6000, dwSize=0x402000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.192] VirtualAlloc (lpAddress=0xc000ae6000, dwSize=0x402000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.193] VirtualAlloc (lpAddress=0xc000ae6000, dwSize=0x201000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.193] VirtualAlloc (lpAddress=0xc000ae6000, dwSize=0x100000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000ae6000 [0125.196] VirtualAlloc (lpAddress=0xc000be6000, dwSize=0x302000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.196] VirtualAlloc (lpAddress=0xc000be6000, dwSize=0x181000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.196] VirtualAlloc (lpAddress=0xc000be6000, dwSize=0xc0000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.196] VirtualAlloc (lpAddress=0xc000be6000, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.196] VirtualAlloc (lpAddress=0xc000be6000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.196] VirtualAlloc (lpAddress=0xc000be6000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000be6000 [0125.197] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x2ea000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.197] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x175000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.197] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0xba000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.197] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x5d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.197] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x2e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.197] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x17000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.198] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.198] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.198] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000bfe000 [0125.198] VirtualAlloc (lpAddress=0xc000c00000, dwSize=0x2e8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000c00000 [0125.256] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0125.268] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000035d04 | out: lpMode=0xc000035d04) returned 0 [0125.269] GetFileType (hFile=0x23c) returned 0x1 [0125.269] WriteFile (in: hFile=0x23c, lpBuffer=0xc000ae6000*, nNumberOfBytesToWrite=0x400010, lpNumberOfBytesWritten=0xc000035cec, lpOverlapped=0x0 | out: lpBuffer=0xc000ae6000*, lpNumberOfBytesWritten=0xc000035cec*=0x400010, lpOverlapped=0x0) returned 1 [0125.401] CloseHandle (hObject=0x23c) returned 1 [0125.401] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0125.401] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0125.402] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0125.403] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0125.403] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0125.404] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0125.404] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0125.405] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000035d64 | out: lpMode=0xc000035d64) returned 0 [0125.424] GetFileType (hFile=0x23c) returned 0x1 [0125.424] WriteFile (in: hFile=0x23c, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000035d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000035d4c*=0x158, lpOverlapped=0x0) returned 1 [0125.425] CloseHandle (hObject=0x23c) returned 1 [0125.425] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0125.425] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0125.426] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\encry-_CACHE_002_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\encry-_cache_002_"), dwFlags=0x1) returned 1 [0125.427] SwitchToThread () returned 1 [0125.432] SetEvent (hEvent=0x3c8) returned 1 [0125.432] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0125.435] SetEvent (hEvent=0x324) returned 1 [0125.435] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0125.437] SwitchToThread () returned 1 [0125.439] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0125.441] SetEvent (hEvent=0x3c8) returned 1 [0125.441] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0125.442] SetEvent (hEvent=0x1a0) returned 1 [0125.442] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0125.503] SetEvent (hEvent=0x3c8) returned 1 [0125.503] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0125.505] SetEvent (hEvent=0x1a0) returned 1 [0125.505] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0125.511] SetEvent (hEvent=0x3c8) returned 1 [0125.511] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0125.515] SetEvent (hEvent=0x3c8) returned 1 [0125.515] SetEvent (hEvent=0xec) returned 1 [0125.516] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.516] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.516] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.517] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.517] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.517] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.518] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.518] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.518] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.519] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.519] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.519] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0125.521] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x22000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0125.528] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0125.528] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0001d5d04 | out: lpMode=0xc0001d5d04) returned 0 [0125.532] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0125.539] GetFileType (hFile=0x384) returned 0x1 [0125.539] WriteFile (in: hFile=0x384, lpBuffer=0xc000346000*, nNumberOfBytesToWrite=0x20500, lpNumberOfBytesWritten=0xc0001d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesWritten=0xc0001d5cec*=0x20500, lpOverlapped=0x0) returned 1 [0125.543] CloseHandle (hObject=0x384) returned 1 [0125.543] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0125.543] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0125.544] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0125.544] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0125.545] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0125.545] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0001d5d64 | out: lpMode=0xc0001d5d64) returned 0 [0125.580] GetFileType (hFile=0x384) returned 0x1 [0125.580] WriteFile (in: hFile=0x384, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0001d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0125.580] CloseHandle (hObject=0x384) returned 1 [0125.580] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\encry-FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\encry-fcbf5d01"), dwFlags=0x1) returned 1 [0125.582] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0125.593] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0125.595] SetEvent (hEvent=0x3c8) returned 1 [0125.595] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0125.596] SetEvent (hEvent=0x1a0) returned 1 [0125.596] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0125.603] SwitchToThread () returned 1 [0125.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0125.605] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000155cf4 | out: lpMode=0xc000155cf4) returned 0 [0125.607] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0125.608] GetFileType (hFile=0x2e8) returned 0x1 [0125.608] GetFileType (hFile=0x2e8) returned 0x1 [0125.608] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc000155d44 | out: lpFileInformation=0xc000155d44) returned 1 [0125.608] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc000155d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000155d28) returned 1 [0125.608] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0125.610] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0002f6000, nNumberOfBytesToRead=0xfa88, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesRead=0xc000155c04*=0xf888, lpOverlapped=0x0) returned 1 [0125.612] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000305888, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc000305888*, lpNumberOfBytesRead=0xc000155c04*=0x0, lpOverlapped=0x0) returned 1 [0125.613] CloseHandle (hObject=0x2e8) returned 1 [0125.613] VirtualAlloc (lpAddress=0xc000306000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000306000 [0125.615] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0125.617] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000155d04 | out: lpMode=0xc000155d04) returned 0 [0125.618] GetFileType (hFile=0x2e8) returned 0x1 [0125.618] WriteFile (in: hFile=0x2e8, lpBuffer=0xc000306000*, nNumberOfBytesToWrite=0xf890, lpNumberOfBytesWritten=0xc000155cec, lpOverlapped=0x0 | out: lpBuffer=0xc000306000*, lpNumberOfBytesWritten=0xc000155cec*=0xf890, lpOverlapped=0x0) returned 1 [0125.621] CloseHandle (hObject=0x2e8) returned 1 [0125.621] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0125.621] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0125.621] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000155d64 | out: lpMode=0xc000155d64) returned 0 [0125.623] GetFileType (hFile=0x2e8) returned 0x1 [0125.623] WriteFile (in: hFile=0x2e8, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000155d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc000155d4c*=0x158, lpOverlapped=0x0) returned 1 [0125.623] CloseHandle (hObject=0x2e8) returned 1 [0125.623] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\encry-7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\encry-7e0fed01"), dwFlags=0x1) returned 1 [0125.625] VirtualFree (lpAddress=0xc000346000, dwSize=0x36000, dwFreeType=0x4000) returned 1 [0125.626] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0125.627] VirtualFree (lpAddress=0xc00021e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.627] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.628] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.628] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.628] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0125.629] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.629] VirtualFree (lpAddress=0xc00005a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0125.630] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.630] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.630] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.631] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.631] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0125.632] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0125.632] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0125.633] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0001f3cf4 | out: lpMode=0xc0001f3cf4) returned 0 [0125.641] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0125.647] SetEvent (hEvent=0x3c8) returned 1 [0125.647] GetFileType (hFile=0x2e8) returned 0x1 [0125.647] GetFileType (hFile=0x2e8) returned 0x1 [0125.647] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc0001f3d44 | out: lpFileInformation=0xc0001f3d44) returned 1 [0125.647] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc0001f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f3d28) returned 1 [0125.647] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x402000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.647] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x402000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.647] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x201000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.647] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x100000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e4000 [0125.650] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0x302000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.650] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0x181000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.651] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0xc0000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.651] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.651] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.651] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007e4000 [0125.651] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x2ea000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.651] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x175000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.651] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0xba000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.651] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x5d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.652] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x2e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.652] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x17000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.652] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.652] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.652] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fc000 [0125.652] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x2e8000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.652] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x174000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.652] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0xba000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.652] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x5d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.652] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x2e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.652] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x17000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.652] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.652] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.653] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fe000 [0125.653] VirtualAlloc (lpAddress=0xc000800000, dwSize=0x2e6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0125.707] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0006e4000, nNumberOfBytesToRead=0x400200, lpNumberOfBytesRead=0xc0001f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006e4000*, lpNumberOfBytesRead=0xc0001f3c04*=0x400000, lpOverlapped=0x0) returned 1 [0125.897] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000ae4000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000ae4000*, lpNumberOfBytesRead=0xc0001f3c04*=0x0, lpOverlapped=0x0) returned 1 [0125.897] CloseHandle (hObject=0x2e8) returned 1 [0125.897] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0125.897] VirtualAlloc (lpAddress=0xc000ee8000, dwSize=0x402000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000ee8000 [0126.043] SetEvent (hEvent=0x1a0) returned 1 [0126.043] SetEvent (hEvent=0x3c8) returned 1 [0126.043] SetEvent (hEvent=0xec) returned 1 [0126.043] SetEvent (hEvent=0xc0) returned 1 [0126.043] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.065] SetEvent (hEvent=0x1a0) returned 1 [0126.065] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.211] SetEvent (hEvent=0x324) returned 1 [0126.211] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.214] SetEvent (hEvent=0x1b4) returned 1 [0126.214] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.215] VirtualFree (lpAddress=0xc00029a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.215] VirtualFree (lpAddress=0xc000212000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0126.216] VirtualFree (lpAddress=0xc0001e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.216] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0126.217] SetEvent (hEvent=0x3c8) returned 1 [0126.217] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.223] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.274] SetEvent (hEvent=0x354) returned 1 [0126.274] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0126.275] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0126.275] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0126.276] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00022fcf4 | out: lpMode=0xc00022fcf4) returned 0 [0126.427] GetFileType (hFile=0x2bc) returned 0x1 [0126.427] GetFileType (hFile=0x2bc) returned 0x1 [0126.427] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc00022fd44 | out: lpFileInformation=0xc00022fd44) returned 1 [0126.427] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc00022fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022fd28) returned 1 [0126.427] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0126.429] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00027c000, nNumberOfBytesToRead=0xab49, lpNumberOfBytesRead=0xc00022fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesRead=0xc00022fc04*=0xa949, lpOverlapped=0x0) returned 1 [0126.434] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.437] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000286949, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000286949*, lpNumberOfBytesRead=0xc00022fc04*=0x0, lpOverlapped=0x0) returned 1 [0126.437] CloseHandle (hObject=0x2bc) returned 1 [0126.437] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0126.439] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0126.440] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00022fd04 | out: lpMode=0xc00022fd04) returned 0 [0126.572] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.594] GetFileType (hFile=0x2bc) returned 0x1 [0126.594] WriteFile (in: hFile=0x2bc, lpBuffer=0xc00028c000*, nNumberOfBytesToWrite=0xa950, lpNumberOfBytesWritten=0xc00022fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesWritten=0xc00022fcec*=0xa950, lpOverlapped=0x0) returned 1 [0126.596] CloseHandle (hObject=0x2bc) returned 1 [0126.596] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0126.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0126.597] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00022fd64 | out: lpMode=0xc00022fd64) returned 0 [0126.600] GetFileType (hFile=0x2bc) returned 0x1 [0126.600] WriteFile (in: hFile=0x2bc, lpBuffer=0xc00011c580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c580*, lpNumberOfBytesWritten=0xc00022fd4c*=0x158, lpOverlapped=0x0) returned 1 [0126.601] CloseHandle (hObject=0x2bc) returned 1 [0126.601] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\encry-28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\encry-28e95d01"), dwFlags=0x1) returned 1 [0126.602] VirtualFree (lpAddress=0xc000c00000, dwSize=0x2e8000, dwFreeType=0x4000) returned 1 [0126.622] VirtualFree (lpAddress=0xc000ae6000, dwSize=0x11a000, dwFreeType=0x4000) returned 1 [0126.628] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0126.629] VirtualFree (lpAddress=0xc000212000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0126.629] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.629] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0126.634] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001d1cf4 | out: lpMode=0xc0001d1cf4) returned 0 [0126.636] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.640] GetFileType (hFile=0x2bc) returned 0x1 [0126.641] GetFileType (hFile=0x2bc) returned 0x1 [0126.641] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0001d1d44 | out: lpFileInformation=0xc0001d1d44) returned 1 [0126.641] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0001d1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d1d28) returned 1 [0126.641] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0126.646] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xaa0f, lpNumberOfBytesRead=0xc0001d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0001d1c04*=0xa80f, lpOverlapped=0x0) returned 1 [0126.696] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00021c80f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021c80f*, lpNumberOfBytesRead=0xc0001d1c04*=0x0, lpOverlapped=0x0) returned 1 [0126.697] CloseHandle (hObject=0x2bc) returned 1 [0126.697] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0126.698] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0126.700] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001d1d04 | out: lpMode=0xc0001d1d04) returned 0 [0126.711] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.716] GetFileType (hFile=0x2bc) returned 0x1 [0126.716] WriteFile (in: hFile=0x2bc, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0xa810, lpNumberOfBytesWritten=0xc0001d1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc0001d1cec*=0xa810, lpOverlapped=0x0) returned 1 [0126.718] CloseHandle (hObject=0x2bc) returned 1 [0126.719] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0126.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0126.719] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001d1d64 | out: lpMode=0xc0001d1d64) returned 0 [0126.720] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.728] GetFileType (hFile=0x2bc) returned 0x1 [0126.728] WriteFile (in: hFile=0x2bc, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc0001d1d4c*=0x158, lpOverlapped=0x0) returned 1 [0126.728] CloseHandle (hObject=0x2bc) returned 1 [0126.728] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\encry-ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\encry-ecb2dd01"), dwFlags=0x1) returned 1 [0126.730] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0126.730] SetEvent (hEvent=0x1b4) returned 1 [0126.730] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.732] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.733] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.733] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0126.733] SetEvent (hEvent=0x1b4) returned 1 [0126.734] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.734] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.734] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0126.734] SetEvent (hEvent=0x354) returned 1 [0126.734] SetEvent (hEvent=0x324) returned 1 [0126.735] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.739] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.740] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.741] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0126.741] SetEvent (hEvent=0x1b4) returned 1 [0126.741] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.741] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0126.742] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.742] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.743] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.743] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.743] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.744] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.744] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.764] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.766] SetEvent (hEvent=0x1b4) returned 1 [0126.766] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.769] SetEvent (hEvent=0x354) returned 1 [0126.769] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.776] SetEvent (hEvent=0x354) returned 1 [0126.776] SwitchToThread () returned 1 [0126.779] SetEvent (hEvent=0x1b4) returned 1 [0126.779] SetEvent (hEvent=0x354) returned 1 [0126.779] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001f5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc0001f5818*=0x3) returned 1 [0126.789] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000036000*, nNumberOfCharsToWrite=0xb5, lpNumberOfCharsWritten=0xc000177808, lpReserved=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfCharsWritten=0xc000177808*=0xb5) returned 1 [0126.795] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0126.795] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0126.795] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms\\*", lpFindFileData=0xc000177a68 | out: lpFindFileData=0xc000177a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0126.795] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc000177720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0126.795] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00006a000*, nNumberOfCharsToWrite=0xf3, lpNumberOfCharsWritten=0xc000177808, lpReserved=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfCharsWritten=0xc000177808*=0xf3) returned 1 [0126.873] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00000a1e0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000177808, lpReserved=0x0 | out: lpBuffer=0xc00000a1e0*, lpNumberOfCharsWritten=0xc000177808*=0x11) returned 1 [0126.875] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.906] SetEvent (hEvent=0x39c) returned 1 [0126.906] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.926] SetEvent (hEvent=0xec) returned 1 [0126.926] SetEvent (hEvent=0x324) returned 1 [0126.926] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.983] SetEvent (hEvent=0x354) returned 1 [0126.983] SetEvent (hEvent=0xec) returned 1 [0126.983] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0126.985] SetEvent (hEvent=0x354) returned 1 [0126.985] SetEvent (hEvent=0x3c8) returned 1 [0126.985] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0126.986] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000133cf4 | out: lpMode=0xc000133cf4) returned 0 [0126.986] GetFileType (hFile=0x23c) returned 0x1 [0126.987] GetFileType (hFile=0x23c) returned 0x1 [0126.987] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc000133d44 | out: lpFileInformation=0xc000133d44) returned 1 [0126.987] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc000133d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000133d28) returned 1 [0126.987] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0xe6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0127.010] ReadFile (in: hFile=0x23c, lpBuffer=0xc00058e000, nNumberOfBytesToRead=0xe5bf6, lpNumberOfBytesRead=0xc000133c04, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesRead=0xc000133c04*=0xe59f6, lpOverlapped=0x0) returned 1 [0127.277] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0127.320] ReadFile (in: hFile=0x23c, lpBuffer=0xc0006739f6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000133c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006739f6*, lpNumberOfBytesRead=0xc000133c04*=0x0, lpOverlapped=0x0) returned 1 [0127.320] CloseHandle (hObject=0x23c) returned 1 [0127.320] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0127.321] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0127.321] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0xe6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e4000 [0127.348] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0127.349] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0127.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0127.361] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000133d04 | out: lpMode=0xc000133d04) returned 0 [0127.366] GetFileType (hFile=0x23c) returned 0x1 [0127.366] WriteFile (in: hFile=0x23c, lpBuffer=0xc0006e4000*, nNumberOfBytesToWrite=0xe5a00, lpNumberOfBytesWritten=0xc000133cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006e4000*, lpNumberOfBytesWritten=0xc000133cec*=0xe5a00, lpOverlapped=0x0) returned 1 [0127.388] CloseHandle (hObject=0x23c) returned 1 [0127.388] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0401 | out: pbBuffer=0xc0002f0401) returned 1 [0127.388] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0127.388] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000133d64 | out: lpMode=0xc000133d64) returned 0 [0127.402] GetFileType (hFile=0x23c) returned 0x1 [0127.402] WriteFile (in: hFile=0x23c, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000133d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000133d4c*=0x158, lpOverlapped=0x0) returned 1 [0127.402] CloseHandle (hObject=0x23c) returned 1 [0127.402] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\encry-startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\encry-startupcache.4.little"), dwFlags=0x1) returned 1 [0127.403] SetEvent (hEvent=0x13c) returned 1 [0127.403] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0127.419] SetEvent (hEvent=0x354) returned 1 [0127.419] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0127.471] SetEvent (hEvent=0x324) returned 1 [0127.471] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0127.472] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0127.473] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0127.473] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0127.474] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0127.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0127.475] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0002dfcf4 | out: lpMode=0xc0002dfcf4) returned 0 [0127.478] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0127.479] SetEvent (hEvent=0xc0) returned 1 [0127.479] GetFileType (hFile=0x3d8) returned 0x1 [0127.479] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0127.545] GetFileType (hFile=0x3d8) returned 0x1 [0127.545] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc0002dfd44 | out: lpFileInformation=0xc0002dfd44) returned 1 [0127.545] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc0002dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002dfd28) returned 1 [0127.545] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000078000, nNumberOfBytesToRead=0x20c, lpNumberOfBytesRead=0xc0002dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000078000*, lpNumberOfBytesRead=0xc0002dfc04*=0xc, lpOverlapped=0x0) returned 1 [0127.546] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00007800c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007800c*, lpNumberOfBytesRead=0xc0002dfc04*=0x0, lpOverlapped=0x0) returned 1 [0127.546] CloseHandle (hObject=0x3d8) returned 1 [0127.546] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0127.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0127.550] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0002dfd04 | out: lpMode=0xc0002dfd04) returned 0 [0127.552] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0127.679] GetFileType (hFile=0x3d8) returned 0x1 [0127.679] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000a0560*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0002dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a0560*, lpNumberOfBytesWritten=0xc0002dfcec*=0x10, lpOverlapped=0x0) returned 1 [0127.680] CloseHandle (hObject=0x3d8) returned 1 [0127.680] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0127.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0127.680] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0002dfd64 | out: lpMode=0xc0002dfd64) returned 0 [0127.684] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0127.699] GetFileType (hFile=0x3d8) returned 0x1 [0127.699] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000a2160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2160*, lpNumberOfBytesWritten=0xc0002dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0127.699] CloseHandle (hObject=0x3d8) returned 1 [0127.699] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\encry-update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\encry-update.status"), dwFlags=0x1) returned 1 [0127.700] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.703] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0127.703] SetEvent (hEvent=0x1b4) returned 1 [0127.703] SetEvent (hEvent=0x13c) returned 1 [0127.705] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.706] SetEvent (hEvent=0x13c) returned 1 [0127.706] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.718] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0127.718] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0127.718] SetEvent (hEvent=0x13c) returned 1 [0127.718] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.765] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0127.765] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.767] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0127.767] SetEvent (hEvent=0xc0) returned 1 [0127.767] SetEvent (hEvent=0x1a0) returned 1 [0127.767] SetEvent (hEvent=0x3c8) returned 1 [0127.768] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.774] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.790] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0127.790] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0127.791] SetEvent (hEvent=0x1a0) returned 1 [0127.791] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.818] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0127.818] SetEvent (hEvent=0x1b4) returned 1 [0127.818] SetEvent (hEvent=0xec) returned 1 [0127.819] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.826] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0127.826] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.859] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0127.859] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0127.859] SetEvent (hEvent=0x1a0) returned 1 [0127.859] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.886] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.886] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0127.886] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0127.887] SetEvent (hEvent=0xc0) returned 1 [0127.887] SetEvent (hEvent=0x30c) returned 1 [0127.887] SetEvent (hEvent=0xec) returned 1 [0127.887] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.892] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.959] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0127.959] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0127.959] SetEvent (hEvent=0x1a0) returned 1 [0127.959] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.966] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.966] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0127.966] SetEvent (hEvent=0xc0) returned 1 [0127.966] SetEvent (hEvent=0x30c) returned 1 [0127.966] SetEvent (hEvent=0x3c8) returned 1 [0127.967] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.976] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.981] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0127.981] SetEvent (hEvent=0x30c) returned 1 [0127.981] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.987] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0127.987] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.987] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0127.987] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0127.988] SetEvent (hEvent=0xc0) returned 1 [0127.988] SetEvent (hEvent=0x3c8) returned 1 [0127.988] SetEvent (hEvent=0xec) returned 1 [0127.988] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.994] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.007] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0128.007] SetEvent (hEvent=0xec) returned 1 [0128.007] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.035] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0128.035] SetEvent (hEvent=0x3c8) returned 1 [0128.035] SetEvent (hEvent=0x1b4) returned 1 [0128.035] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0128.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0128.039] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.040] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0128.046] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.046] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0128.046] SetEvent (hEvent=0x30c) returned 1 [0128.046] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.077] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0128.077] SetEvent (hEvent=0x1b4) returned 1 [0128.077] SetEvent (hEvent=0x3c8) returned 1 [0128.078] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0128.080] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.080] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0128.091] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.091] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0128.091] SetEvent (hEvent=0xec) returned 1 [0128.091] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.120] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0128.120] SetEvent (hEvent=0x3c8) returned 1 [0128.120] SetEvent (hEvent=0x1b4) returned 1 [0128.121] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0128.128] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.128] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0128.132] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.132] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0128.132] SetEvent (hEvent=0x1b4) returned 1 [0128.132] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.160] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0128.160] SetEvent (hEvent=0x30c) returned 1 [0128.160] SetEvent (hEvent=0x3c8) returned 1 [0128.161] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0128.164] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.164] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0128.167] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.167] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0128.168] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.168] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0128.168] SetEvent (hEvent=0xc0) returned 1 [0128.168] SetEvent (hEvent=0x1a0) returned 1 [0128.168] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.169] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Taqml-.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\taqml-.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0128.169] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0128.169] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.177] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.182] SetEvent (hEvent=0xec) returned 1 [0128.182] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0128.182] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0128.182] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0128.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0128.183] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0001cdcf4 | out: lpMode=0xc0001cdcf4) returned 0 [0128.192] GetFileType (hFile=0x3d8) returned 0x1 [0128.192] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0128.192] GetFileType (hFile=0x3d8) returned 0x1 [0128.192] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc0001cdd44 | out: lpFileInformation=0xc0001cdd44) returned 1 [0128.192] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc0001cdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cdd28) returned 1 [0128.192] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0128.193] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0128.193] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x291, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc0001cdc04*=0x91, lpOverlapped=0x0) returned 1 [0128.194] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000094091, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000094091*, lpNumberOfBytesRead=0xc0001cdc04*=0x0, lpOverlapped=0x0) returned 1 [0128.194] CloseHandle (hObject=0x3d8) returned 1 [0128.195] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0128.195] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0128.196] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.196] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini\\*", lpFindFileData=0xc0001cda08 | out: lpFindFileData=0xc0001cda08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0128.196] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001cd720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0128.196] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0128.197] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0128.197] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\KHoYSi06QkfV4uUC.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\khoysi06qkfv4uuc.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0128.197] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000137cf4 | out: lpMode=0xc000137cf4) returned 0 [0128.211] GetFileType (hFile=0x3d8) returned 0x1 [0128.211] GetFileType (hFile=0x3d8) returned 0x1 [0128.211] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc000137d44 | out: lpFileInformation=0xc000137d44) returned 1 [0128.211] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc000137d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000137d28) returned 1 [0128.211] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0128.212] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0001a0000, nNumberOfBytesToRead=0x7e5d, lpNumberOfBytesRead=0xc000137c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a0000*, lpNumberOfBytesRead=0xc000137c04*=0x7c5d, lpOverlapped=0x0) returned 1 [0128.213] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0001a7c5d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000137c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a7c5d*, lpNumberOfBytesRead=0xc000137c04*=0x0, lpOverlapped=0x0) returned 1 [0128.213] CloseHandle (hObject=0x3d8) returned 1 [0128.214] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0128.214] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\KHoYSi06QkfV4uUC.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\khoysi06qkfv4uuc.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0128.216] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000137d04 | out: lpMode=0xc000137d04) returned 0 [0128.220] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.227] SetEvent (hEvent=0x1b4) returned 1 [0128.227] GetFileType (hFile=0x3d8) returned 0x1 [0128.227] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000202000*, nNumberOfBytesToWrite=0x7c60, lpNumberOfBytesWritten=0xc000137cec, lpOverlapped=0x0 | out: lpBuffer=0xc000202000*, lpNumberOfBytesWritten=0xc000137cec*=0x7c60, lpOverlapped=0x0) returned 1 [0128.229] CloseHandle (hObject=0x3d8) returned 1 [0128.229] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0128.229] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0128.229] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0128.230] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0128.230] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0128.230] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0128.231] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\KHoYSi06QkfV4uUC.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\khoysi06qkfv4uuc.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0128.231] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000137d64 | out: lpMode=0xc000137d64) returned 0 [0128.233] GetFileType (hFile=0x3d8) returned 0x1 [0128.233] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000137d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000137d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.233] CloseHandle (hObject=0x3d8) returned 1 [0128.233] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\KHoYSi06QkfV4uUC.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\khoysi06qkfv4uuc.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-KHoYSi06QkfV4uUC.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-khoysi06qkfv4uuc.flv"), dwFlags=0x1) returned 1 [0128.234] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0128.235] VirtualFree (lpAddress=0xc0001e2000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0128.235] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0128.235] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0128.236] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.236] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.236] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.237] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0128.237] VirtualFree (lpAddress=0xc00010c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.237] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.238] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.238] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.239] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.239] VirtualFree (lpAddress=0xc00007a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0128.239] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.239] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.240] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.240] VirtualFree (lpAddress=0xc000052000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0128.240] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.241] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.241] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.241] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0128.241] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\MmfApa.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\mmfapa.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0128.242] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000141cf4 | out: lpMode=0xc000141cf4) returned 0 [0128.250] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.252] GetFileType (hFile=0x3d8) returned 0x1 [0128.252] GetFileType (hFile=0x3d8) returned 0x1 [0128.252] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc000141d44 | out: lpFileInformation=0xc000141d44) returned 1 [0128.252] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc000141d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000141d28) returned 1 [0128.252] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0128.254] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00027c000, nNumberOfBytesToRead=0x2342, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesRead=0xc000141c04*=0x2142, lpOverlapped=0x0) returned 1 [0128.254] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00027e142, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc00027e142*, lpNumberOfBytesRead=0xc000141c04*=0x0, lpOverlapped=0x0) returned 1 [0128.254] CloseHandle (hObject=0x3d8) returned 1 [0128.254] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\MmfApa.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\mmfapa.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0128.255] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000141d04 | out: lpMode=0xc000141d04) returned 0 [0128.256] GetFileType (hFile=0x3d8) returned 0x1 [0128.256] WriteFile (in: hFile=0x3d8, lpBuffer=0xc00027e500*, nNumberOfBytesToWrite=0x2150, lpNumberOfBytesWritten=0xc000141cec, lpOverlapped=0x0 | out: lpBuffer=0xc00027e500*, lpNumberOfBytesWritten=0xc000141cec*=0x2150, lpOverlapped=0x0) returned 1 [0128.257] CloseHandle (hObject=0x3d8) returned 1 [0128.257] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0128.257] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\MmfApa.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\mmfapa.mp4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0128.258] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000141d64 | out: lpMode=0xc000141d64) returned 0 [0128.258] GetFileType (hFile=0x3d8) returned 0x1 [0128.258] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000244580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000141d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000244580*, lpNumberOfBytesWritten=0xc000141d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.258] CloseHandle (hObject=0x3d8) returned 1 [0128.258] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\MmfApa.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\mmfapa.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-MmfApa.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-mmfapa.mp4"), dwFlags=0x1) returned 1 [0128.259] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.260] SetEvent (hEvent=0x1b4) returned 1 [0128.261] SetEvent (hEvent=0xec) returned 1 [0128.261] VirtualFree (lpAddress=0xc00025a000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0128.261] VirtualFree (lpAddress=0xc000202000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0128.262] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.262] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.262] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.262] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0128.263] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.263] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.264] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.264] GetFileType (hFile=0x2c4) returned 0x1 [0128.264] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc000045d44 | out: lpFileInformation=0xc000045d44) returned 1 [0128.264] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc000045d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000045d28) returned 1 [0128.264] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0128.267] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x18886, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000045c04*=0x18686, lpOverlapped=0x0) returned 1 [0128.268] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0002bc686, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002bc686*, lpNumberOfBytesRead=0xc000045c04*=0x0, lpOverlapped=0x0) returned 1 [0128.268] CloseHandle (hObject=0x2c4) returned 1 [0128.268] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0128.271] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\PBijruVM9GhXBrY K_pi.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pbijruvm9ghxbry k_pi.ods"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0128.272] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000045d04 | out: lpMode=0xc000045d04) returned 0 [0128.273] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.274] GetFileType (hFile=0x2c4) returned 0x1 [0128.274] WriteFile (in: hFile=0x2c4, lpBuffer=0xc0002f6000*, nNumberOfBytesToWrite=0x18690, lpNumberOfBytesWritten=0xc000045cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesWritten=0xc000045cec*=0x18690, lpOverlapped=0x0) returned 1 [0128.277] CloseHandle (hObject=0x2c4) returned 1 [0128.277] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0128.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\PBijruVM9GhXBrY K_pi.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pbijruvm9ghxbry k_pi.ods"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0128.277] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000045d64 | out: lpMode=0xc000045d64) returned 0 [0128.277] GetFileType (hFile=0x2c4) returned 0x1 [0128.277] WriteFile (in: hFile=0x2c4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000045d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000045d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.278] CloseHandle (hObject=0x2c4) returned 1 [0128.278] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0128.278] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\PBijruVM9GhXBrY K_pi.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pbijruvm9ghxbry k_pi.ods"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-PBijruVM9GhXBrY K_pi.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-pbijruvm9ghxbry k_pi.ods"), dwFlags=0x1) returned 1 [0128.279] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.280] SetEvent (hEvent=0x1b4) returned 1 [0128.280] SetEvent (hEvent=0xec) returned 1 [0128.280] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0128.281] VirtualFree (lpAddress=0xc00027c000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0128.282] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.282] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.282] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.282] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.283] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.283] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.283] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2WhwS9v_wbtNy-932dp.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\2whws9v_wbtny-932dp.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0128.284] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc0000f9cf4 | out: lpMode=0xc0000f9cf4) returned 0 [0128.284] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.285] GetFileType (hFile=0x2c4) returned 0x1 [0128.285] GetFileType (hFile=0x2c4) returned 0x1 [0128.285] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc0000f9d44 | out: lpFileInformation=0xc0000f9d44) returned 1 [0128.286] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc0000f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f9d28) returned 1 [0128.286] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0128.287] ReadFile (in: hFile=0x2c4, lpBuffer=0xc000230000, nNumberOfBytesToRead=0xa7ad, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0000f9c04*=0xa5ad, lpOverlapped=0x0) returned 1 [0128.288] ReadFile (in: hFile=0x2c4, lpBuffer=0xc00023a5ad, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00023a5ad*, lpNumberOfBytesRead=0xc0000f9c04*=0x0, lpOverlapped=0x0) returned 1 [0128.288] CloseHandle (hObject=0x2c4) returned 1 [0128.288] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0128.290] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2WhwS9v_wbtNy-932dp.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\2whws9v_wbtny-932dp.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0128.291] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc0000f9d04 | out: lpMode=0xc0000f9d04) returned 0 [0128.292] GetFileType (hFile=0x2c4) returned 0x1 [0128.292] WriteFile (in: hFile=0x2c4, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0xa5b0, lpNumberOfBytesWritten=0xc0000f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc0000f9cec*=0xa5b0, lpOverlapped=0x0) returned 1 [0128.293] CloseHandle (hObject=0x2c4) returned 1 [0128.293] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0128.294] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0128.294] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0128.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2WhwS9v_wbtNy-932dp.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\2whws9v_wbtny-932dp.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0128.294] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc0000f9d64 | out: lpMode=0xc0000f9d64) returned 0 [0128.295] GetFileType (hFile=0x2c4) returned 0x1 [0128.295] WriteFile (in: hFile=0x2c4, lpBuffer=0xc000244000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000244000*, lpNumberOfBytesWritten=0xc0000f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.295] CloseHandle (hObject=0x2c4) returned 1 [0128.295] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2WhwS9v_wbtNy-932dp.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\2whws9v_wbtny-932dp.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-2WhwS9v_wbtNy-932dp.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-2whws9v_wbtny-932dp.mp3"), dwFlags=0x1) returned 1 [0128.297] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0128.298] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0128.298] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0128.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0128.300] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc0000c7cf4 | out: lpMode=0xc0000c7cf4) returned 0 [0128.300] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.303] GetFileType (hFile=0x2c4) returned 0x1 [0128.303] GetFileType (hFile=0x2c4) returned 0x1 [0128.303] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc0000c7d44 | out: lpFileInformation=0xc0000c7d44) returned 1 [0128.303] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc0000c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c7d28) returned 1 [0128.303] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0128.305] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0x8200, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc0000c7c04*=0x8000, lpOverlapped=0x0) returned 1 [0128.306] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0001ea000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ea000*, lpNumberOfBytesRead=0xc0000c7c04*=0x0, lpOverlapped=0x0) returned 1 [0128.306] CloseHandle (hObject=0x2c4) returned 1 [0128.306] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0128.307] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0128.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.307] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0128.308] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0128.308] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat\\*", lpFindFileData=0xc0000c7a08 | out: lpFindFileData=0xc0000c7a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0128.308] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000c7720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0128.308] VirtualFree (lpAddress=0xc00025a000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0128.309] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.309] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.309] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.310] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.310] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0128.310] VirtualFree (lpAddress=0xc000110000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.311] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.311] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.311] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.311] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\l_QbdAynbkuYDRNFl.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\l_qbdaynbkuydrnfl.ots"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0128.312] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc0002d5cf4 | out: lpMode=0xc0002d5cf4) returned 0 [0128.314] GetFileType (hFile=0x2c4) returned 0x1 [0128.314] GetFileType (hFile=0x2c4) returned 0x1 [0128.314] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc0002d5d44 | out: lpFileInformation=0xc0002d5d44) returned 1 [0128.314] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc0002d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d5d28) returned 1 [0128.314] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0128.317] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x1747f, lpNumberOfBytesRead=0xc0002d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0002d5c04*=0x1727f, lpOverlapped=0x0) returned 1 [0128.331] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0002bb27f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002bb27f*, lpNumberOfBytesRead=0xc0002d5c04*=0x0, lpOverlapped=0x0) returned 1 [0128.331] CloseHandle (hObject=0x2c4) returned 1 [0128.331] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0128.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\l_QbdAynbkuYDRNFl.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\l_qbdaynbkuydrnfl.ots"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0128.335] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc0002d5d04 | out: lpMode=0xc0002d5d04) returned 0 [0128.355] GetFileType (hFile=0x2c4) returned 0x1 [0128.355] WriteFile (in: hFile=0x2c4, lpBuffer=0xc000346000*, nNumberOfBytesToWrite=0x17280, lpNumberOfBytesWritten=0xc0002d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesWritten=0xc0002d5cec*=0x17280, lpOverlapped=0x0) returned 1 [0128.357] CloseHandle (hObject=0x2c4) returned 1 [0128.357] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0128.357] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0128.358] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0128.358] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0128.359] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0128.360] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0128.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\l_QbdAynbkuYDRNFl.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\l_qbdaynbkuydrnfl.ots"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0128.360] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc0002d5d64 | out: lpMode=0xc0002d5d64) returned 0 [0128.375] GetFileType (hFile=0x2c4) returned 0x1 [0128.375] WriteFile (in: hFile=0x2c4, lpBuffer=0xc000072580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000072580*, lpNumberOfBytesWritten=0xc0002d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.375] CloseHandle (hObject=0x2c4) returned 1 [0128.375] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\l_QbdAynbkuYDRNFl.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\l_qbdaynbkuydrnfl.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-l_QbdAynbkuYDRNFl.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-l_qbdaynbkuydrnfl.ots"), dwFlags=0x1) returned 1 [0128.377] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0128.378] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0128.378] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0128.378] SetEvent (hEvent=0xc0) returned 1 [0128.378] SetEvent (hEvent=0x354) returned 1 [0128.378] SetEvent (hEvent=0x1a0) returned 1 [0128.378] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0128.380] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.383] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.387] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0128.387] SetEvent (hEvent=0x324) returned 1 [0128.387] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.407] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.407] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0128.407] SetEvent (hEvent=0xc0) returned 1 [0128.407] SetEvent (hEvent=0xec) returned 1 [0128.407] SetEvent (hEvent=0x30c) returned 1 [0128.408] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.409] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.410] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0128.411] SetEvent (hEvent=0xec) returned 1 [0128.411] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.441] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0128.442] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0128.442] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0128.443] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0128.444] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001cfcf4 | out: lpMode=0xc0001cfcf4) returned 0 [0128.450] GetFileType (hFile=0x370) returned 0x1 [0128.450] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0128.451] GetFileType (hFile=0x370) returned 0x1 [0128.451] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc0001cfd44 | out: lpFileInformation=0xc0001cfd44) returned 1 [0128.451] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc0001cfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cfd28) returned 1 [0128.451] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0128.452] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0128.452] ReadFile (in: hFile=0x370, lpBuffer=0xc0000a4000, nNumberOfBytesToRead=0x7fe, lpNumberOfBytesRead=0xc0001cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a4000*, lpNumberOfBytesRead=0xc0001cfc04*=0x5fe, lpOverlapped=0x0) returned 1 [0128.453] ReadFile (in: hFile=0x370, lpBuffer=0xc0000a45fe, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a45fe*, lpNumberOfBytesRead=0xc0001cfc04*=0x0, lpOverlapped=0x0) returned 1 [0128.453] CloseHandle (hObject=0x370) returned 1 [0128.454] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0128.454] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0128.455] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0128.456] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0128.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0130.608] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc0001cfd04 | out: lpMode=0xc0001cfd04) returned 0 [0130.611] GetFileType (hFile=0x23c) returned 0x1 [0130.611] WriteFile (in: hFile=0x23c, lpBuffer=0xc0000ce000*, nNumberOfBytesToWrite=0x600, lpNumberOfBytesWritten=0xc0001cfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesWritten=0xc0001cfcec*=0x600, lpOverlapped=0x0) returned 1 [0130.613] CloseHandle (hObject=0x23c) returned 1 [0130.663] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0132.878] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0132.954] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0132.958] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0132.959] SetEvent (hEvent=0x30c) returned 1 [0132.959] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002625a0*, nNumberOfCharsToWrite=0x8c, lpNumberOfCharsWritten=0xc000243808, lpReserved=0x0 | out: lpBuffer=0xc0002625a0*, lpNumberOfCharsWritten=0xc000243808*=0x8c) returned 1 [0132.962] SetEvent (hEvent=0x30c) returned 1 [0132.962] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0501 | out: pbBuffer=0xc0002f0501) returned 1 [0132.962] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0132.962] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000243d64 | out: lpMode=0xc000243d64) returned 0 [0132.964] GetFileType (hFile=0x2cc) returned 0x1 [0132.964] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0002c4b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000243d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002c4b00*, lpNumberOfBytesWritten=0xc000243d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.964] CloseHandle (hObject=0x2cc) returned 1 [0132.971] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-1daf2884ec4dfa96ba4a58d4dbc9c406"), dwFlags=0x1) returned 1 [0133.305] SetEvent (hEvent=0x324) returned 1 [0133.305] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.237] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0134.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0134.239] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000115cf4 | out: lpMode=0xc000115cf4) returned 0 [0134.251] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.264] SetEvent (hEvent=0x39c) returned 1 [0134.264] GetFileType (hFile=0x2f0) returned 0x1 [0134.264] GetFileType (hFile=0x2f0) returned 0x1 [0134.264] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc000115d44 | out: lpFileInformation=0xc000115d44) returned 1 [0134.265] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc000115d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000115d28) returned 1 [0134.265] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0134.266] ReadFile (in: hFile=0x2f0, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x8200, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc000115c04*=0x8000, lpOverlapped=0x0) returned 1 [0134.273] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.307] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00021a000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021a000*, lpNumberOfBytesRead=0xc000115c04*=0x0, lpOverlapped=0x0) returned 1 [0134.307] CloseHandle (hObject=0x2f0) returned 1 [0134.307] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0134.309] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0134.309] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0134.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.310] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat\\*", lpFindFileData=0xc000115a08 | out: lpFindFileData=0xc000115a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0134.310] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000115720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0134.310] SetEvent (hEvent=0x12c) returned 1 [0134.310] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.327] SetEvent (hEvent=0x12c) returned 1 [0134.327] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.396] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0134.397] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0134.397] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0134.398] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0134.399] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0134.400] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00020bcf4 | out: lpMode=0xc00020bcf4) returned 0 [0134.417] GetFileType (hFile=0x240) returned 0x1 [0134.417] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0134.418] GetFileType (hFile=0x240) returned 0x1 [0134.418] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc00020bd44 | out: lpFileInformation=0xc00020bd44) returned 1 [0134.418] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc00020bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020bd28) returned 1 [0134.418] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0134.419] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x90000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.419] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x90000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.419] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x48000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.419] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.419] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.419] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.419] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.419] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0134.420] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x8e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0134.435] ReadFile (in: hFile=0x240, lpBuffer=0xc0003fe000, nNumberOfBytesToRead=0x8e262, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesRead=0xc00020bc04*=0x8e062, lpOverlapped=0x0) returned 1 [0134.459] ReadFile (in: hFile=0x240, lpBuffer=0xc00048c062, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00048c062*, lpNumberOfBytesRead=0xc00020bc04*=0x0, lpOverlapped=0x0) returned 1 [0134.459] CloseHandle (hObject=0x240) returned 1 [0134.459] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0134.460] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0134.460] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0134.461] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x90000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0134.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0134.486] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00020bd04 | out: lpMode=0xc00020bd04) returned 0 [0134.506] GetFileType (hFile=0x240) returned 0x1 [0134.506] WriteFile (in: hFile=0x240, lpBuffer=0xc00058e000*, nNumberOfBytesToWrite=0x8e070, lpNumberOfBytesWritten=0xc00020bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesWritten=0xc00020bcec*=0x8e070, lpOverlapped=0x0) returned 1 [0134.521] CloseHandle (hObject=0x240) returned 1 [0134.521] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0134.521] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0134.522] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0134.522] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0134.523] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0134.524] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0134.524] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0134.525] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00020bd64 | out: lpMode=0xc00020bd64) returned 0 [0134.527] GetFileType (hFile=0x240) returned 0x1 [0134.527] WriteFile (in: hFile=0x240, lpBuffer=0xc0002022c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002022c0*, lpNumberOfBytesWritten=0xc00020bd4c*=0x158, lpOverlapped=0x0) returned 1 [0134.527] CloseHandle (hObject=0x240) returned 1 [0134.527] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\encry-au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\encry-au.cab"), dwFlags=0x1) returned 1 [0134.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4KM8RoG4CYMjN HTZo.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4km8rog4cymjn htzo.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0134.529] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001f5cf4 | out: lpMode=0xc0001f5cf4) returned 0 [0134.539] GetFileType (hFile=0x240) returned 0x1 [0134.539] GetFileType (hFile=0x240) returned 0x1 [0134.539] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc0001f5d44 | out: lpFileInformation=0xc0001f5d44) returned 1 [0134.539] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc0001f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f5d28) returned 1 [0134.539] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0134.541] ReadFile (in: hFile=0x240, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x11c9d, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0001f5c04*=0x11a9d, lpOverlapped=0x0) returned 1 [0134.543] ReadFile (in: hFile=0x240, lpBuffer=0xc000223a9d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000223a9d*, lpNumberOfBytesRead=0xc0001f5c04*=0x0, lpOverlapped=0x0) returned 1 [0134.543] CloseHandle (hObject=0x240) returned 1 [0134.543] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0134.546] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4KM8RoG4CYMjN HTZo.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4km8rog4cymjn htzo.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0134.548] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001f5d04 | out: lpMode=0xc0001f5d04) returned 0 [0134.553] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.562] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.564] SetEvent (hEvent=0x39c) returned 1 [0134.564] SetEvent (hEvent=0x334) returned 1 [0134.564] SetEvent (hEvent=0xec) returned 1 [0134.564] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.655] SetEvent (hEvent=0xec) returned 1 [0134.655] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.751] SetEvent (hEvent=0xec) returned 1 [0134.751] SetEvent (hEvent=0x324) returned 1 [0134.751] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0134.752] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0134.753] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0002d7cf4 | out: lpMode=0xc0002d7cf4) returned 0 [0134.800] GetFileType (hFile=0x2cc) returned 0x1 [0134.800] GetFileType (hFile=0x2cc) returned 0x1 [0134.800] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc0002d7d44 | out: lpFileInformation=0xc0002d7d44) returned 1 [0134.800] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc0002d7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d7d28) returned 1 [0134.800] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0134.800] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0000e6000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e6000*, lpNumberOfBytesRead=0xc0002d7c04*=0x0, lpOverlapped=0x0) returned 1 [0134.800] CloseHandle (hObject=0x2cc) returned 1 [0134.801] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0134.801] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0134.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0134.802] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0002d7d04 | out: lpMode=0xc0002d7d04) returned 0 [0134.811] GetFileType (hFile=0x2cc) returned 0x1 [0134.811] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000a02e0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0002d7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a02e0*, lpNumberOfBytesWritten=0xc0002d7cec*=0x10, lpOverlapped=0x0) returned 1 [0134.812] CloseHandle (hObject=0x2cc) returned 1 [0134.812] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0134.812] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0134.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0134.813] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0002d7d64 | out: lpMode=0xc0002d7d64) returned 0 [0134.814] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.821] GetFileType (hFile=0x2cc) returned 0x1 [0134.821] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc0002d7d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.821] CloseHandle (hObject=0x2cc) returned 1 [0134.821] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0134.821] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\encry-glob.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\encry-glob.js"), dwFlags=0x1) returned 1 [0134.823] SwitchToThread () returned 1 [0134.823] SetEvent (hEvent=0xec) returned 1 [0134.823] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.823] SetEvent (hEvent=0xec) returned 1 [0134.823] SetEvent (hEvent=0x334) returned 1 [0134.823] SetEvent (hEvent=0x324) returned 1 [0134.823] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.825] SetEvent (hEvent=0x334) returned 1 [0134.825] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.844] SetEvent (hEvent=0xec) returned 1 [0134.844] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.891] SetEvent (hEvent=0xfc) returned 1 [0134.891] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.894] SetEvent (hEvent=0xfc) returned 1 [0134.894] SetEvent (hEvent=0x39c) returned 1 [0134.894] SetEvent (hEvent=0x324) returned 1 [0134.894] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.899] SetEvent (hEvent=0x334) returned 1 [0134.899] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.905] SetEvent (hEvent=0xec) returned 1 [0134.905] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.906] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0134.906] SetEvent (hEvent=0x39c) returned 1 [0134.906] SetEvent (hEvent=0xec) returned 1 [0134.906] SetEvent (hEvent=0x30c) returned 1 [0134.906] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.916] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.916] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.919] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0134.919] SetEvent (hEvent=0xfc) returned 1 [0134.919] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.924] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.925] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0134.925] SetEvent (hEvent=0xc0) returned 1 [0134.925] SetEvent (hEvent=0x324) returned 1 [0134.925] SetEvent (hEvent=0x334) returned 1 [0134.925] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.930] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0134.930] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.933] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0134.934] SetEvent (hEvent=0x324) returned 1 [0134.934] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.948] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.949] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0134.949] SetEvent (hEvent=0xc0) returned 1 [0134.949] SetEvent (hEvent=0x334) returned 1 [0134.949] SetEvent (hEvent=0x30c) returned 1 [0134.949] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.953] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.955] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.955] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0134.955] SetEvent (hEvent=0x334) returned 1 [0134.955] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.956] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0134.957] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc00013fcf4 | out: lpMode=0xc00013fcf4) returned 0 [0134.963] GetFileType (hFile=0x2f4) returned 0x1 [0134.963] GetFileType (hFile=0x2f4) returned 0x1 [0134.963] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc00013fd44 | out: lpFileInformation=0xc00013fd44) returned 1 [0134.963] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc00013fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013fd28) returned 1 [0134.963] VirtualAlloc (lpAddress=0xc001400000, dwSize=0x1c00000, flAllocationType=0x2000, flProtect=0x4) returned 0xc001400000 [0134.967] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x2e8a0000 [0134.967] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x2e8d0000 [0134.968] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x2e900000 [0134.968] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x2e930000 [0134.968] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x2e960000 [0134.969] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x2e990000 [0134.969] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x2e9c0000 [0134.970] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x182c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.970] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x182c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.970] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0xc16000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.970] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x60b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.970] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x305000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.971] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x182000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.971] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0xc1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e4000 [0134.973] VirtualAlloc (lpAddress=0xc0007a5000, dwSize=0x176b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.973] VirtualAlloc (lpAddress=0xc0007a5000, dwSize=0xbb5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.973] VirtualAlloc (lpAddress=0xc0007a5000, dwSize=0x5da000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.974] VirtualAlloc (lpAddress=0xc0007a5000, dwSize=0x2ed000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.974] VirtualAlloc (lpAddress=0xc0007a5000, dwSize=0x176000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.974] VirtualAlloc (lpAddress=0xc0007a5000, dwSize=0xbb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.974] VirtualAlloc (lpAddress=0xc0007a5000, dwSize=0x5d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.974] VirtualAlloc (lpAddress=0xc0007a5000, dwSize=0x2e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007a5000 [0134.975] VirtualAlloc (lpAddress=0xc0007d3000, dwSize=0x173d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.975] VirtualAlloc (lpAddress=0xc0007d3000, dwSize=0xb9e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.975] VirtualAlloc (lpAddress=0xc0007d3000, dwSize=0x5cf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.975] VirtualAlloc (lpAddress=0xc0007d3000, dwSize=0x2e7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.975] VirtualAlloc (lpAddress=0xc0007d3000, dwSize=0x173000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.975] VirtualAlloc (lpAddress=0xc0007d3000, dwSize=0xb9000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.975] VirtualAlloc (lpAddress=0xc0007d3000, dwSize=0x5c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.975] VirtualAlloc (lpAddress=0xc0007d3000, dwSize=0x2e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.975] VirtualAlloc (lpAddress=0xc0007d3000, dwSize=0x17000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007d3000 [0134.976] VirtualAlloc (lpAddress=0xc0007ea000, dwSize=0x1726000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.976] VirtualAlloc (lpAddress=0xc0007ea000, dwSize=0xb93000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.976] VirtualAlloc (lpAddress=0xc0007ea000, dwSize=0x5c9000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.976] VirtualAlloc (lpAddress=0xc0007ea000, dwSize=0x2e4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.976] VirtualAlloc (lpAddress=0xc0007ea000, dwSize=0x172000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.976] VirtualAlloc (lpAddress=0xc0007ea000, dwSize=0xb9000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.976] VirtualAlloc (lpAddress=0xc0007ea000, dwSize=0x5c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.976] VirtualAlloc (lpAddress=0xc0007ea000, dwSize=0x2e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.977] VirtualAlloc (lpAddress=0xc0007ea000, dwSize=0x17000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.977] VirtualAlloc (lpAddress=0xc0007ea000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ea000 [0134.977] VirtualAlloc (lpAddress=0xc0007f5000, dwSize=0x171b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.977] VirtualAlloc (lpAddress=0xc0007f5000, dwSize=0xb8d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.977] VirtualAlloc (lpAddress=0xc0007f5000, dwSize=0x5c6000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.977] VirtualAlloc (lpAddress=0xc0007f5000, dwSize=0x2e3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.977] VirtualAlloc (lpAddress=0xc0007f5000, dwSize=0x171000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.978] VirtualAlloc (lpAddress=0xc0007f5000, dwSize=0xb8000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.978] VirtualAlloc (lpAddress=0xc0007f5000, dwSize=0x5c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.978] VirtualAlloc (lpAddress=0xc0007f5000, dwSize=0x2e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.978] VirtualAlloc (lpAddress=0xc0007f5000, dwSize=0x17000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.978] VirtualAlloc (lpAddress=0xc0007f5000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007f5000 [0134.978] VirtualAlloc (lpAddress=0xc000800000, dwSize=0x1710000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.978] VirtualAlloc (lpAddress=0xc000800000, dwSize=0xb88000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.979] VirtualAlloc (lpAddress=0xc000800000, dwSize=0x5c4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.979] VirtualAlloc (lpAddress=0xc000800000, dwSize=0x2e2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0134.988] VirtualAlloc (lpAddress=0xc000ae2000, dwSize=0x142e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.988] VirtualAlloc (lpAddress=0xc000ae2000, dwSize=0xa17000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.988] VirtualAlloc (lpAddress=0xc000ae2000, dwSize=0x50b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.988] VirtualAlloc (lpAddress=0xc000ae2000, dwSize=0x285000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.988] VirtualAlloc (lpAddress=0xc000ae2000, dwSize=0x142000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.988] VirtualAlloc (lpAddress=0xc000ae2000, dwSize=0xa1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000ae2000 [0134.991] VirtualAlloc (lpAddress=0xc000b83000, dwSize=0x138d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.991] VirtualAlloc (lpAddress=0xc000b83000, dwSize=0x9c6000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.991] VirtualAlloc (lpAddress=0xc000b83000, dwSize=0x4e3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.991] VirtualAlloc (lpAddress=0xc000b83000, dwSize=0x271000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.991] VirtualAlloc (lpAddress=0xc000b83000, dwSize=0x138000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.991] VirtualAlloc (lpAddress=0xc000b83000, dwSize=0x9c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.991] VirtualAlloc (lpAddress=0xc000b83000, dwSize=0x4e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000b83000 [0134.992] VirtualAlloc (lpAddress=0xc000bd1000, dwSize=0x133f000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.992] VirtualAlloc (lpAddress=0xc000bd1000, dwSize=0x99f000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.993] VirtualAlloc (lpAddress=0xc000bd1000, dwSize=0x4cf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.993] VirtualAlloc (lpAddress=0xc000bd1000, dwSize=0x267000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.993] VirtualAlloc (lpAddress=0xc000bd1000, dwSize=0x133000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.993] VirtualAlloc (lpAddress=0xc000bd1000, dwSize=0x99000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.993] VirtualAlloc (lpAddress=0xc000bd1000, dwSize=0x4c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.993] VirtualAlloc (lpAddress=0xc000bd1000, dwSize=0x26000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000bd1000 [0134.994] VirtualAlloc (lpAddress=0xc000bf7000, dwSize=0x1319000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.994] VirtualAlloc (lpAddress=0xc000bf7000, dwSize=0x98c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.994] VirtualAlloc (lpAddress=0xc000bf7000, dwSize=0x4c6000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.994] VirtualAlloc (lpAddress=0xc000bf7000, dwSize=0x263000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.994] VirtualAlloc (lpAddress=0xc000bf7000, dwSize=0x131000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.994] VirtualAlloc (lpAddress=0xc000bf7000, dwSize=0x98000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.994] VirtualAlloc (lpAddress=0xc000bf7000, dwSize=0x4c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.994] VirtualAlloc (lpAddress=0xc000bf7000, dwSize=0x26000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.994] VirtualAlloc (lpAddress=0xc000bf7000, dwSize=0x13000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.994] VirtualAlloc (lpAddress=0xc000bf7000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000bf7000 [0134.995] VirtualAlloc (lpAddress=0xc000c00000, dwSize=0x1310000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.995] VirtualAlloc (lpAddress=0xc000c00000, dwSize=0x988000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0134.995] VirtualAlloc (lpAddress=0xc000c00000, dwSize=0x4c4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000c00000 [0135.026] VirtualAlloc (lpAddress=0xc0010c4000, dwSize=0xe4c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.026] VirtualAlloc (lpAddress=0xc0010c4000, dwSize=0x726000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.026] VirtualAlloc (lpAddress=0xc0010c4000, dwSize=0x393000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.027] VirtualAlloc (lpAddress=0xc0010c4000, dwSize=0x1c9000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0010c4000 [0135.032] VirtualAlloc (lpAddress=0xc00128d000, dwSize=0xc83000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.033] VirtualAlloc (lpAddress=0xc00128d000, dwSize=0x641000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.033] VirtualAlloc (lpAddress=0xc00128d000, dwSize=0x320000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.033] VirtualAlloc (lpAddress=0xc00128d000, dwSize=0x190000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.033] VirtualAlloc (lpAddress=0xc00128d000, dwSize=0xc8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00128d000 [0135.036] VirtualAlloc (lpAddress=0xc001355000, dwSize=0xbbb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.036] VirtualAlloc (lpAddress=0xc001355000, dwSize=0x5dd000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.036] VirtualAlloc (lpAddress=0xc001355000, dwSize=0x2ee000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.036] VirtualAlloc (lpAddress=0xc001355000, dwSize=0x177000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.036] VirtualAlloc (lpAddress=0xc001355000, dwSize=0xbb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.036] VirtualAlloc (lpAddress=0xc001355000, dwSize=0x5d000, flAllocationType=0x1000, flProtect=0x4) returned 0xc001355000 [0135.038] VirtualAlloc (lpAddress=0xc0013b2000, dwSize=0xb5e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.038] VirtualAlloc (lpAddress=0xc0013b2000, dwSize=0x5af000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.038] VirtualAlloc (lpAddress=0xc0013b2000, dwSize=0x2d7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.038] VirtualAlloc (lpAddress=0xc0013b2000, dwSize=0x16b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.038] VirtualAlloc (lpAddress=0xc0013b2000, dwSize=0xb5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.038] VirtualAlloc (lpAddress=0xc0013b2000, dwSize=0x5a000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.038] VirtualAlloc (lpAddress=0xc0013b2000, dwSize=0x2d000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0013b2000 [0135.039] VirtualAlloc (lpAddress=0xc0013df000, dwSize=0xb31000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.040] VirtualAlloc (lpAddress=0xc0013df000, dwSize=0x598000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.040] VirtualAlloc (lpAddress=0xc0013df000, dwSize=0x2cc000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.040] VirtualAlloc (lpAddress=0xc0013df000, dwSize=0x166000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.040] VirtualAlloc (lpAddress=0xc0013df000, dwSize=0xb3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.040] VirtualAlloc (lpAddress=0xc0013df000, dwSize=0x59000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.040] VirtualAlloc (lpAddress=0xc0013df000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.040] VirtualAlloc (lpAddress=0xc0013df000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0013df000 [0135.041] VirtualAlloc (lpAddress=0xc0013f5000, dwSize=0xb1b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.041] VirtualAlloc (lpAddress=0xc0013f5000, dwSize=0x58d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.041] VirtualAlloc (lpAddress=0xc0013f5000, dwSize=0x2c6000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.041] VirtualAlloc (lpAddress=0xc0013f5000, dwSize=0x163000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.041] VirtualAlloc (lpAddress=0xc0013f5000, dwSize=0xb1000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.041] VirtualAlloc (lpAddress=0xc0013f5000, dwSize=0x58000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.041] VirtualAlloc (lpAddress=0xc0013f5000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.041] VirtualAlloc (lpAddress=0xc0013f5000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0135.041] VirtualAlloc (lpAddress=0xc0013f5000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0013f5000 [0135.042] VirtualAlloc (lpAddress=0xc001400000, dwSize=0xb10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc001400000 [0135.634] SetEvent (hEvent=0x324) returned 1 [0135.634] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0135.639] SetEvent (hEvent=0x30c) returned 1 [0135.640] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0135.666] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0135.666] SetEvent (hEvent=0x324) returned 1 [0135.666] SetEvent (hEvent=0xec) returned 1 [0135.666] SetEvent (hEvent=0x39c) returned 1 [0135.666] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0135.667] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0135.667] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.667] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0135.667] SetEvent (hEvent=0x39c) returned 1 [0135.667] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0135.675] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0135.675] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.675] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f698, ulCount=0x10, ulNumEntriesRemoved=0x2890f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f698, ulNumEntriesRemoved=0x2890f66c) returned 0 [0135.675] SetEvent (hEvent=0xc0) returned 1 [0135.675] SetEvent (hEvent=0xfc) returned 1 [0135.675] SetEvent (hEvent=0xec) returned 1 [0135.676] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0135.679] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0135.679] SetEvent (hEvent=0x24c) returned 1 [0135.679] SetEvent (hEvent=0x12c) returned 1 [0135.679] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe08*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.686] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe30*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.686] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2890f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2890f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2890f6a0, ulNumEntriesRemoved=0x2890f674) returned 0 [0135.686] SetEvent (hEvent=0x39c) returned 1 [0135.686] SetEvent (hEvent=0x12c) returned 1 [0135.687] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2890fe18*=0x114, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.695] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000177818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000177818*=0x3) returned 1 [0135.706] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0135.735] SetEvent (hEvent=0x334) returned 1 [0135.735] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0135.747] SetEvent (hEvent=0x39c) returned 1 [0135.747] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0135.762] SetEvent (hEvent=0x324) returned 1 [0135.762] SetEvent (hEvent=0x334) returned 1 [0135.762] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0141.033] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0141.034] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001b9cf4 | out: lpMode=0xc0001b9cf4) returned 0 [0141.040] GetFileType (hFile=0x1b0) returned 0x1 [0141.040] GetFileType (hFile=0x1b0) returned 0x1 [0141.040] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0001b9d44 | out: lpFileInformation=0xc0001b9d44) returned 1 [0141.040] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0001b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b9d28) returned 1 [0141.040] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000d8280, nNumberOfBytesToRead=0x266, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8280*, lpNumberOfBytesRead=0xc0001b9c04*=0x66, lpOverlapped=0x0) returned 1 [0141.042] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000d82e6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d82e6*, lpNumberOfBytesRead=0xc0001b9c04*=0x0, lpOverlapped=0x0) returned 1 [0141.042] CloseHandle (hObject=0x1b0) returned 1 [0141.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0141.043] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001b9d04 | out: lpMode=0xc0001b9d04) returned 0 [0141.048] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0141.192] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0141.193] SetEvent (hEvent=0x24c) returned 1 [0141.193] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0141.445] SetEvent (hEvent=0x354) returned 1 [0141.445] SetEvent (hEvent=0xec) returned 1 [0141.445] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0141.452] VirtualAlloc (lpAddress=0xc000312000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000312000 [0141.453] VirtualAlloc (lpAddress=0xc000314000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000314000 [0141.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2u4kZIIXg6dDX L4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2u4kziixg6ddx l4.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3bc [0141.454] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc000259cf4 | out: lpMode=0xc000259cf4) returned 0 [0141.455] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0141.539] GetFileType (hFile=0x3bc) returned 0x1 [0141.539] GetFileType (hFile=0x3bc) returned 0x1 [0141.539] GetFileInformationByHandle (in: hFile=0x3bc, lpFileInformation=0xc000259d44 | out: lpFileInformation=0xc000259d44) returned 1 [0141.539] GetFileInformationByHandleEx (in: hFile=0x3bc, FileInformationClass=0x9, lpFileInformation=0xc000259d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000259d28) returned 1 [0141.539] ReadFile (in: hFile=0x3bc, lpBuffer=0xc000262700, nNumberOfBytesToRead=0x610, lpNumberOfBytesRead=0xc000259c04, lpOverlapped=0x0 | out: lpBuffer=0xc000262700*, lpNumberOfBytesRead=0xc000259c04*=0x410, lpOverlapped=0x0) returned 1 [0142.519] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0142.839] ReadFile (in: hFile=0x3bc, lpBuffer=0xc000262b10, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000259c04, lpOverlapped=0x0 | out: lpBuffer=0xc000262b10*, lpNumberOfBytesRead=0xc000259c04*=0x0, lpOverlapped=0x0) returned 1 [0142.839] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0143.822] CloseHandle (hObject=0x3bc) returned 1 [0143.822] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0143.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2u4kZIIXg6dDX L4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2u4kziixg6ddx l4.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e4 [0143.848] GetConsoleMode (in: hConsoleHandle=0x3e4, lpMode=0xc000259d04 | out: lpMode=0xc000259d04) returned 0 [0143.852] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0144.385] GetFileType (hFile=0x3e4) returned 0x1 [0144.385] WriteFile (in: hFile=0x3e4, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0xc000259cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc000259cec*=0x420, lpOverlapped=0x0) returned 1 [0144.386] CloseHandle (hObject=0x3e4) returned 1 [0144.386] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533501 | out: pbBuffer=0xc000533501) returned 1 [0144.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2u4kZIIXg6dDX L4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2u4kziixg6ddx l4.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e4 [0144.387] GetConsoleMode (in: hConsoleHandle=0x3e4, lpMode=0xc000259d64 | out: lpMode=0xc000259d64) returned 0 [0144.391] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0144.700] GetFileType (hFile=0x3e4) returned 0x1 [0144.700] WriteFile (in: hFile=0x3e4, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000259d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc000259d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.700] CloseHandle (hObject=0x3e4) returned 1 [0144.700] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0144.701] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2u4kZIIXg6dDX L4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2u4kziixg6ddx l4.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-2u4kZIIXg6dDX L4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-2u4kziixg6ddx l4.lnk"), dwFlags=0x1) returned 1 [0144.703] SetEvent (hEvent=0x968) returned 1 [0144.703] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0144.739] SetEvent (hEvent=0x100) returned 1 [0144.739] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0145.448] SetEvent (hEvent=0x320) returned 1 [0145.448] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0145.520] SetEvent (hEvent=0x8f8) returned 1 [0145.520] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0145.600] GetFileType (hFile=0x728) returned 0x1 [0145.600] WriteFile (in: hFile=0x728, lpBuffer=0xc0002914a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00043dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002914a0*, lpNumberOfBytesWritten=0xc00043dd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.600] CloseHandle (hObject=0x728) returned 1 [0145.607] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0146.103] SetEvent (hEvent=0xec) returned 1 [0146.103] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eLsstNNsEvVxA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\elsstnnsevvxa.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-eLsstNNsEvVxA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-elsstnnsevvxa.lnk"), dwFlags=0x1) returned 1 [0150.669] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0151.297] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NU5PyMWWm9NWMGJd_.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nu5pymwwm9nwmgjd_.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5c4 [0151.298] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc000155cf4 | out: lpMode=0xc000155cf4) returned 0 [0151.304] GetFileType (hFile=0x5c4) returned 0x1 [0151.304] GetFileType (hFile=0x5c4) returned 0x1 [0151.304] GetFileInformationByHandle (in: hFile=0x5c4, lpFileInformation=0xc000155d44 | out: lpFileInformation=0xc000155d44) returned 1 [0151.304] GetFileInformationByHandleEx (in: hFile=0x5c4, FileInformationClass=0x9, lpFileInformation=0xc000155d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000155d28) returned 1 [0151.305] ReadFile (in: hFile=0x5c4, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x47e7, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc000155c04*=0x45e7, lpOverlapped=0x0) returned 1 [0151.306] ReadFile (in: hFile=0x5c4, lpBuffer=0xc00034a5e7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc00034a5e7*, lpNumberOfBytesRead=0xc000155c04*=0x0, lpOverlapped=0x0) returned 1 [0151.306] CloseHandle (hObject=0x5c4) returned 1 [0151.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NU5PyMWWm9NWMGJd_.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nu5pymwwm9nwmgjd_.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0151.308] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc000155d04 | out: lpMode=0xc000155d04) returned 0 [0151.319] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0151.681] SetEvent (hEvent=0xa68) returned 1 [0151.681] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0151.685] SetEvent (hEvent=0xa68) returned 1 [0151.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FwQWWx1OR2 gTb6tE.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fwqwwx1or2 gtb6te.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x494 [0151.686] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc0004ddcf4 | out: lpMode=0xc0004ddcf4) returned 0 [0151.697] GetFileType (hFile=0x494) returned 0x1 [0151.697] GetFileType (hFile=0x494) returned 0x1 [0151.697] GetFileInformationByHandle (in: hFile=0x494, lpFileInformation=0xc0004ddd44 | out: lpFileInformation=0xc0004ddd44) returned 1 [0151.697] GetFileInformationByHandleEx (in: hFile=0x494, FileInformationClass=0x9, lpFileInformation=0xc0004ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004ddd28) returned 1 [0151.697] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0151.700] ReadFile (in: hFile=0x494, lpBuffer=0xc0002b6000, nNumberOfBytesToRead=0x28af, lpNumberOfBytesRead=0xc0004ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b6000*, lpNumberOfBytesRead=0xc0004ddc04*=0x26af, lpOverlapped=0x0) returned 1 [0151.702] ReadFile (in: hFile=0x494, lpBuffer=0xc0002b86af, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b86af*, lpNumberOfBytesRead=0xc0004ddc04*=0x0, lpOverlapped=0x0) returned 1 [0151.702] CloseHandle (hObject=0x494) returned 1 [0151.702] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0151.705] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FwQWWx1OR2 gTb6tE.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fwqwwx1or2 gtb6te.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494 [0151.707] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc0004ddd04 | out: lpMode=0xc0004ddd04) returned 0 [0151.743] GetFileType (hFile=0x494) returned 0x1 [0151.743] WriteFile (in: hFile=0x494, lpBuffer=0xc0002f2000*, nNumberOfBytesToWrite=0x26b0, lpNumberOfBytesWritten=0xc0004ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f2000*, lpNumberOfBytesWritten=0xc0004ddcec*=0x26b0, lpOverlapped=0x0) returned 1 [0151.746] CloseHandle (hObject=0x494) returned 1 [0151.746] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0151.746] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0151.748] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0151.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FwQWWx1OR2 gTb6tE.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fwqwwx1or2 gtb6te.xlsx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494 [0151.749] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc0004ddd64 | out: lpMode=0xc0004ddd64) returned 0 [0151.752] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0152.289] GetFileType (hFile=0x494) returned 0x1 [0152.289] WriteFile (in: hFile=0x494, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0004ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0152.289] CloseHandle (hObject=0x494) returned 1 [0152.289] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FwQWWx1OR2 gTb6tE.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fwqwwx1or2 gtb6te.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-FwQWWx1OR2 gTb6tE.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-fwqwwx1or2 gtb6te.xlsx"), dwFlags=0x1) returned 1 [0152.291] SetEvent (hEvent=0xbd8) returned 1 [0152.291] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0161.378] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0161.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\7oLC2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\7olc2.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3fc [0162.036] GetConsoleMode (in: hConsoleHandle=0x3fc, lpMode=0xc0004b9cf4 | out: lpMode=0xc0004b9cf4) returned 0 [0162.370] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0162.594] SetEvent (hEvent=0x1a0) returned 1 [0162.594] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0163.578] GetFileType (hFile=0x380) returned 0x1 [0163.578] GetFileType (hFile=0x380) returned 0x1 [0163.578] GetFileInformationByHandle (in: hFile=0x380, lpFileInformation=0xc0002a7d44 | out: lpFileInformation=0xc0002a7d44) returned 1 [0166.403] GetFileInformationByHandleEx (in: hFile=0x380, FileInformationClass=0x9, lpFileInformation=0xc0002a7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a7d28) returned 1 [0166.403] VirtualAlloc (lpAddress=0xc000604000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000604000 [0166.408] ReadFile (in: hFile=0x380, lpBuffer=0xc000604000, nNumberOfBytesToRead=0x155bd, lpNumberOfBytesRead=0xc0002a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000604000*, lpNumberOfBytesRead=0xc0002a7c04*=0x153bd, lpOverlapped=0x0) returned 1 [0166.411] ReadFile (in: hFile=0x380, lpBuffer=0xc0006193bd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006193bd*, lpNumberOfBytesRead=0xc0002a7c04*=0x0, lpOverlapped=0x0) returned 1 [0166.411] CloseHandle (hObject=0x380) returned 1 [0166.411] VirtualAlloc (lpAddress=0xc00070c000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00070c000 [0166.417] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\tjkg54Eo9XUb.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\tjkg54eo9xub.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380 [0166.420] GetConsoleMode (in: hConsoleHandle=0x380, lpMode=0xc0002a7d04 | out: lpMode=0xc0002a7d04) returned 0 [0166.484] GetFileType (hFile=0x380) returned 0x1 [0166.484] WriteFile (in: hFile=0x380, lpBuffer=0xc00070c000*, nNumberOfBytesToWrite=0x153c0, lpNumberOfBytesWritten=0xc0002a7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00070c000*, lpNumberOfBytesWritten=0xc0002a7cec*=0x153c0, lpOverlapped=0x0) returned 1 [0166.489] CloseHandle (hObject=0x380) returned 1 [0166.489] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b901 | out: pbBuffer=0xc00031b901) returned 1 [0166.490] VirtualAlloc (lpAddress=0xc000318000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000318000 [0166.491] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\tjkg54Eo9XUb.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\tjkg54eo9xub.wav"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380 [0166.491] GetConsoleMode (in: hConsoleHandle=0x380, lpMode=0xc0002a7d64 | out: lpMode=0xc0002a7d64) returned 0 [0166.501] GetFileType (hFile=0x380) returned 0x1 [0166.501] WriteFile (in: hFile=0x380, lpBuffer=0xc000121e40*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000121e40*, lpNumberOfBytesWritten=0xc0002a7d4c*=0x158, lpOverlapped=0x0) returned 1 [0166.501] CloseHandle (hObject=0x380) returned 1 [0166.501] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\tjkg54Eo9XUb.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\tjkg54eo9xub.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\encry-tjkg54Eo9XUb.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\encry-tjkg54eo9xub.wav"), dwFlags=0x1) returned 1 [0166.993] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0167.067] SetEvent (hEvent=0x254) returned 1 [0167.067] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0167.077] SetEvent (hEvent=0xab8) returned 1 [0167.077] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) returned 0x0 [0167.086] SetEvent (hEvent=0xa10) returned 1 [0167.086] VirtualFree (lpAddress=0xc0003fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.087] VirtualFree (lpAddress=0xc0003d0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0167.088] VirtualFree (lpAddress=0xc000342000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.089] VirtualFree (lpAddress=0xc00033c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.089] VirtualFree (lpAddress=0xc000308000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.090] VirtualFree (lpAddress=0xc0002dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.091] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.092] VirtualFree (lpAddress=0xc000238000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.093] VirtualFree (lpAddress=0xc000202000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.093] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.094] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.095] VirtualFree (lpAddress=0xc0000e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.096] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.097] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.097] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.098] VirtualFree (lpAddress=0xc00005a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0167.099] SwitchToThread () returned 1 [0167.102] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0167.103] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00002c000*, nNumberOfCharsToWrite=0x154, lpNumberOfCharsWritten=0xc0002e5808, lpReserved=0x0 | out: lpBuffer=0xc00002c000*, lpNumberOfCharsWritten=0xc0002e5808*=0x154) returned 1 [0167.106] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a2080*, nNumberOfCharsToWrite=0x40, lpNumberOfCharsWritten=0xc0004ad808, lpReserved=0x0 | out: lpBuffer=0xc0000a2080*, lpNumberOfCharsWritten=0xc0004ad808*=0x40) returned 1 [0167.110] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c80f0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0004ad808, lpReserved=0x0 | out: lpBuffer=0xc0000c80f0*, lpNumberOfCharsWritten=0xc0004ad808*=0x11) returned 1 [0167.113] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00000a1e0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0004ad808, lpReserved=0x0 | out: lpBuffer=0xc00000a1e0*, lpNumberOfCharsWritten=0xc0004ad808*=0x11) returned 1 [0167.121] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-Templates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-templates"), dwFlags=0x1) returned 1 [0167.377] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0xffffffff) Thread: id = 17 os_tid = 0x55c [0089.909] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x28b0fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x28b0fea0*=0x118) returned 1 [0089.909] VirtualQuery (in: lpAddress=0x28b0fec0, lpBuffer=0x28b0fec0, dwLength=0x30 | out: lpBuffer=0x28b0fec0*(BaseAddress=0x28b0f000, AllocationBase=0x28910000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0089.909] SetEvent (hEvent=0xb8) returned 1 [0089.909] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x120 [0089.909] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x124 [0089.909] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0089.927] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.927] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\*", lpFindFileData=0xc0006dd9f8 | out: lpFindFileData=0xc0006dd9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0089.928] GetProcAddress (hModule=0x77940000, lpProcName="FormatMessageW") returned 0x77953840 [0089.928] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000bf720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0089.929] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000e8160*, nNumberOfCharsToWrite=0x55, lpNumberOfCharsWritten=0xc0000bf808, lpReserved=0x0 | out: lpBuffer=0xc0000e8160*, lpNumberOfCharsWritten=0xc0000bf808*=0x55) returned 1 [0089.942] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.942] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\*", lpFindFileData=0xc0000bfa08 | out: lpFindFileData=0xc0000bfa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0089.943] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000bf720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0089.943] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000e8210*, nNumberOfCharsToWrite=0x55, lpNumberOfCharsWritten=0xc0000bf808, lpReserved=0x0 | out: lpBuffer=0xc0000e8210*, lpNumberOfCharsWritten=0xc0000bf808*=0x55) returned 1 [0089.946] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0089.965] SetEvent (hEvent=0xc0) returned 1 [0089.965] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0089.965] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0089.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0089.970] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data\\*", lpFindFileData=0xc0000bfa68 | out: lpFindFileData=0xc0000bfa68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0089.970] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000bf720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0089.970] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000e80b0*, nNumberOfCharsToWrite=0x55, lpNumberOfCharsWritten=0xc0000bf808, lpReserved=0x0 | out: lpBuffer=0xc0000e80b0*, lpNumberOfCharsWritten=0xc0000bf808*=0x55) returned 1 [0090.021] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0006fa000*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0000bf808, lpReserved=0x0 | out: lpBuffer=0xc0006fa000*, lpNumberOfCharsWritten=0xc0000bf808*=0x11) returned 1 [0090.041] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0006fa030*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0000bf808, lpReserved=0x0 | out: lpBuffer=0xc0006fa030*, lpNumberOfCharsWritten=0xc0000bf808*=0x11) returned 1 [0090.050] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.058] SetEvent (hEvent=0x114) returned 1 [0090.058] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.071] SetEvent (hEvent=0x13c) returned 1 [0090.071] SetEvent (hEvent=0x8c) returned 1 [0090.071] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.086] SetEvent (hEvent=0x13c) returned 1 [0090.086] SetEvent (hEvent=0x8c) returned 1 [0090.086] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.097] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0090.098] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0090.098] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0090.098] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0090.099] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Application Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\application data"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\encry-Application Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\encry-application data"), dwFlags=0x1) returned 1 [0090.106] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0090.106] SetEvent (hEvent=0x108) returned 1 [0090.106] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0090.107] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0090.182] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.182] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0090.223] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.225] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0090.225] SetEvent (hEvent=0x108) returned 1 [0090.225] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.256] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0090.257] SetEvent (hEvent=0x12c) returned 1 [0090.257] SetEvent (hEvent=0x8c) returned 1 [0090.257] SetEvent (hEvent=0x9c) returned 1 [0090.257] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0090.272] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.272] SetEvent (hEvent=0x9c) returned 1 [0090.272] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0090.277] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.277] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.278] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0090.278] SetEvent (hEvent=0x9c) returned 1 [0090.278] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.330] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0090.330] SetEvent (hEvent=0x114) returned 1 [0090.330] SetEvent (hEvent=0x12c) returned 1 [0090.331] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0090.336] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.336] SetEvent (hEvent=0x12c) returned 1 [0090.336] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0090.342] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.342] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0090.342] SetEvent (hEvent=0x12c) returned 1 [0090.342] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.361] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0090.361] SetEvent (hEvent=0x108) returned 1 [0090.361] SetEvent (hEvent=0x114) returned 1 [0090.362] VirtualAlloc (lpAddress=0xc0000f2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f2000 [0090.363] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0090.367] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.378] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.379] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0090.379] SetEvent (hEvent=0x12c) returned 1 [0090.379] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.385] GetFileType (hFile=0xf4) returned 0x1 [0090.385] GetFileType (hFile=0xf4) returned 0x1 [0090.385] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000049d44 | out: lpFileInformation=0xc000049d44) returned 1 [0090.385] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000049d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000049d28) returned 1 [0090.386] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0090.386] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x3e50, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc000049c04*=0x3c50, lpOverlapped=0x0) returned 1 [0090.430] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000fdc50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fdc50*, lpNumberOfBytesRead=0xc000049c04*=0x0, lpOverlapped=0x0) returned 1 [0090.430] CloseHandle (hObject=0xf4) returned 1 [0090.430] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0090.431] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0090.431] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0090.432] VirtualAlloc (lpAddress=0xc00012a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00012a000 [0090.432] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\clickonce_bootstrap.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0090.434] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000049d04 | out: lpMode=0xc000049d04) returned 0 [0090.478] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.595] SetEvent (hEvent=0x100) returned 1 [0090.595] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.773] SetEvent (hEvent=0xb8) returned 1 [0090.773] SwitchToThread () returned 1 [0090.773] SetEvent (hEvent=0xb8) returned 1 [0090.773] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.775] SetEvent (hEvent=0xb8) returned 1 [0090.775] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.776] SetEvent (hEvent=0xb8) returned 1 [0090.776] SetEvent (hEvent=0x100) returned 1 [0090.776] SetEvent (hEvent=0x12c) returned 1 [0090.776] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.865] SetEvent (hEvent=0xb8) returned 1 [0090.865] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.869] SetEvent (hEvent=0x100) returned 1 [0090.869] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.873] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.874] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0090.881] SetEvent (hEvent=0xb8) returned 1 [0090.881] SetEvent (hEvent=0x13c) returned 1 [0090.881] VirtualFree (lpAddress=0xc0006fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.882] VirtualFree (lpAddress=0xc000572000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.882] VirtualFree (lpAddress=0xc000274000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0090.885] VirtualFree (lpAddress=0xc00026c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0090.885] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.885] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x22a000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.886] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x22a000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.886] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x115000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ea000 [0090.894] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x115000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.894] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x8a000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.894] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x45000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.894] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x22000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.894] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x11000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.895] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.895] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.895] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0090.895] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ff000 [0090.895] VirtualAlloc (lpAddress=0xc000800000, dwSize=0x114000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0090.936] ReadFile (in: hFile=0x148, lpBuffer=0xc0007fdf60, nNumberOfBytesToRead=0x114550, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0007fdf60*, lpNumberOfBytesRead=0xc0000c3c04*=0x158, lpOverlapped=0x0) returned 1 [0090.937] ReadFile (in: hFile=0x148, lpBuffer=0xc0007fe0b8, nNumberOfBytesToRead=0x1143f8, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0007fe0b8*, lpNumberOfBytesRead=0xc0000c3c04*=0x0, lpOverlapped=0x0) returned 1 [0090.937] CloseHandle (hObject=0x148) returned 1 [0090.937] VirtualAlloc (lpAddress=0xc00014a000, dwSize=0x116000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014a000 [0090.954] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0090.955] GetFileType (hFile=0xf4) returned 0x1 [0090.955] GetFileType (hFile=0x150) returned 0x1 [0090.955] GetFileType (hFile=0x154) returned 0x1 [0090.955] GetFileType (hFile=0x154) returned 0x1 [0090.955] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc00010fd44 | out: lpFileInformation=0xc00010fd44) returned 1 [0090.955] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc00010fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010fd28) returned 1 [0090.955] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0090.956] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586320*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e3818, lpReserved=0x0 | out: lpBuffer=0xc000586320*, lpNumberOfCharsWritten=0xc0006e3818*=0x3) returned 1 [0090.959] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.030] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0288*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000113818, lpReserved=0x0 | out: lpBuffer=0xc0000a0288*, lpNumberOfCharsWritten=0xc000113818*=0x3) returned 1 [0091.053] SetEvent (hEvent=0xb8) returned 1 [0091.053] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.070] VirtualAlloc (lpAddress=0xc0000ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ec000 [0091.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\metadata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0091.071] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000113cf4 | out: lpMode=0xc000113cf4) returned 0 [0091.092] GetFileType (hFile=0x14c) returned 0x1 [0091.093] GetFileType (hFile=0x14c) returned 0x1 [0091.093] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc000113d44 | out: lpFileInformation=0xc000113d44) returned 1 [0091.093] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc000113d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000113d28) returned 1 [0091.093] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0091.093] ReadFile (in: hFile=0x14c, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000113c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc000113c04*=0x0, lpOverlapped=0x0) returned 1 [0091.094] CloseHandle (hObject=0x14c) returned 1 [0091.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\metadata"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0091.094] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000113d04 | out: lpMode=0xc000113d04) returned 0 [0091.097] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.100] VirtualFree (lpAddress=0xc000912000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.100] SwitchToThread () returned 1 [0091.100] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.133] SetEvent (hEvent=0x108) returned 1 [0091.133] GetFileType (hFile=0x14c) returned 0x1 [0091.133] WriteFile (in: hFile=0x14c, lpBuffer=0xc0005862d0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000113cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005862d0*, lpNumberOfBytesWritten=0xc000113cec*=0x10, lpOverlapped=0x0) returned 1 [0091.134] CloseHandle (hObject=0x14c) returned 1 [0091.137] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0091.137] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0091.138] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0091.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\metadata"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0091.138] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000113d64 | out: lpMode=0xc000113d64) returned 0 [0091.155] GetFileType (hFile=0x14c) returned 0x1 [0091.155] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000113d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000113d4c*=0x158, lpOverlapped=0x0) returned 1 [0091.155] CloseHandle (hObject=0x14c) returned 1 [0091.156] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0091.157] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0091.157] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\metadata"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\encry-metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\encry-metadata"), dwFlags=0x1) returned 1 [0091.158] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0091.158] SetEvent (hEvent=0x12c) returned 1 [0091.158] SetEvent (hEvent=0x114) returned 1 [0091.158] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.163] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.163] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.167] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.167] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0091.167] SetEvent (hEvent=0x108) returned 1 [0091.167] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.178] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.178] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0091.178] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0091.179] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000111cf4 | out: lpMode=0xc000111cf4) returned 0 [0091.187] GetFileType (hFile=0x14c) returned 0x1 [0091.187] GetFileType (hFile=0x14c) returned 0x1 [0091.187] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc000111d44 | out: lpFileInformation=0xc000111d44) returned 1 [0091.187] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc000111d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000111d28) returned 1 [0091.187] SwitchToThread () returned 1 [0091.188] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.207] SetEvent (hEvent=0x13c) returned 1 [0091.207] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.217] SetEvent (hEvent=0x13c) returned 1 [0091.217] SetEvent (hEvent=0x12c) returned 1 [0091.217] SetEvent (hEvent=0xb8) returned 1 [0091.217] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.332] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.336] SetEvent (hEvent=0x108) returned 1 [0091.336] SetEvent (hEvent=0x114) returned 1 [0091.336] SetEvent (hEvent=0xb8) returned 1 [0091.336] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.356] SetEvent (hEvent=0x108) returned 1 [0091.356] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.364] SetEvent (hEvent=0x13c) returned 1 [0091.365] SwitchToThread () returned 1 [0091.369] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs"), fInfoLevelId=0x0, lpFileInformation=0xc0000794f0 | out: lpFileInformation=0xc0000794f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c3b6860, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c3b6860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c3b8f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x126)) returned 1 [0091.369] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules"), fInfoLevelId=0x0, lpFileInformation=0xc0000794f0 | out: lpFileInformation=0xc0000794f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0091.369] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0091.370] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*", lpFindFileData=0xc0000792a8 | out: lpFindFileData=0xc0000792a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0091.477] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.478] SetEvent (hEvent=0x108) returned 1 [0091.478] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.494] SetEvent (hEvent=0x108) returned 1 [0091.494] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.495] SetEvent (hEvent=0x12c) returned 1 [0091.495] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.497] SetEvent (hEvent=0x108) returned 1 [0091.497] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.500] SetEvent (hEvent=0x108) returned 1 [0091.500] SetEvent (hEvent=0xb8) returned 1 [0091.500] VirtualFree (lpAddress=0xc000148000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.500] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.500] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0091.500] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.501] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.501] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.501] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.501] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.501] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.502] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.502] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x404000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.502] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x404000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.502] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x202000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.502] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x101000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ea000 [0091.505] VirtualAlloc (lpAddress=0xc0007eb000, dwSize=0x303000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.505] VirtualAlloc (lpAddress=0xc0007eb000, dwSize=0x181000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.505] VirtualAlloc (lpAddress=0xc0007eb000, dwSize=0xc0000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.505] VirtualAlloc (lpAddress=0xc0007eb000, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.505] VirtualAlloc (lpAddress=0xc0007eb000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.505] VirtualAlloc (lpAddress=0xc0007eb000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.505] VirtualAlloc (lpAddress=0xc0007eb000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007eb000 [0091.505] VirtualAlloc (lpAddress=0xc0007f7000, dwSize=0x2f7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.505] VirtualAlloc (lpAddress=0xc0007f7000, dwSize=0x17b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.505] VirtualAlloc (lpAddress=0xc0007f7000, dwSize=0xbd000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.505] VirtualAlloc (lpAddress=0xc0007f7000, dwSize=0x5e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.505] VirtualAlloc (lpAddress=0xc0007f7000, dwSize=0x2f000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.505] VirtualAlloc (lpAddress=0xc0007f7000, dwSize=0x17000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.506] VirtualAlloc (lpAddress=0xc0007f7000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.506] VirtualAlloc (lpAddress=0xc0007f7000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007f7000 [0091.506] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x2f2000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.506] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x179000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.506] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0xbc000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.506] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x5e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.506] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x2f000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.506] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x17000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.506] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.506] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.506] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fc000 [0091.506] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x2f0000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.506] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x178000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.506] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0xbc000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.507] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x5e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.507] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x2f000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.507] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x17000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.507] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.507] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0091.507] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fe000 [0091.507] VirtualAlloc (lpAddress=0xc000800000, dwSize=0x2ee000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0091.560] GetFileType (hFile=0xf4) returned 0x1 [0091.560] GetFileType (hFile=0xec) returned 0x1 [0091.561] GetFileType (hFile=0x150) returned 0x1 [0091.561] GetFileType (hFile=0x150) returned 0x1 [0091.561] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0006dfd44 | out: lpFileInformation=0xc0006dfd44) returned 1 [0091.561] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0006dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006dfd28) returned 1 [0091.561] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0091.561] SwitchToThread () returned 1 [0091.563] SetEvent (hEvent=0x108) returned 1 [0091.563] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.566] SetEvent (hEvent=0x13c) returned 1 [0091.566] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0091.568] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.611] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.611] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.670] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.670] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0091.670] SetEvent (hEvent=0x13c) returned 1 [0091.670] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.704] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.714] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.714] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0091.714] SetEvent (hEvent=0xc0) returned 1 [0091.714] SetEvent (hEvent=0x13c) returned 1 [0091.714] SetEvent (hEvent=0xb8) returned 1 [0091.715] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.763] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.803] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0091.803] SetEvent (hEvent=0x12c) returned 1 [0091.803] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.821] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0091.821] SetEvent (hEvent=0x114) returned 1 [0091.821] SetEvent (hEvent=0xb8) returned 1 [0091.821] SetEvent (hEvent=0x100) returned 1 [0091.822] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.825] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.825] SetEvent (hEvent=0xb8) returned 1 [0091.825] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.831] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.831] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0091.831] SetEvent (hEvent=0x108) returned 1 [0091.831] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.871] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.871] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0091.872] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0091.872] SetEvent (hEvent=0xc0) returned 1 [0091.872] SetEvent (hEvent=0xb8) returned 1 [0091.927] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0091.927] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0091.927] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0091.929] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000111d04 | out: lpMode=0xc000111d04) returned 0 [0091.930] GetFileType (hFile=0x14c) returned 0x1 [0091.930] WriteFile (in: hFile=0x14c, lpBuffer=0xc000aee000*, nNumberOfBytesToWrite=0x402010, lpNumberOfBytesWritten=0xc000111cec, lpOverlapped=0x0 | out: lpBuffer=0xc000aee000*, lpNumberOfBytesWritten=0xc000111cec*=0x402010, lpOverlapped=0x0) returned 1 [0092.025] CloseHandle (hObject=0x14c) returned 1 [0092.163] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0092.163] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0092.163] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0092.164] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0092.164] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0092.164] VirtualAlloc (lpAddress=0xc000122000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000122000 [0092.165] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0092.165] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000111d64 | out: lpMode=0xc000111d64) returned 0 [0092.166] GetFileType (hFile=0x14c) returned 0x1 [0092.166] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000111d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc000111d4c*=0x158, lpOverlapped=0x0) returned 1 [0092.166] CloseHandle (hObject=0x14c) returned 1 [0092.389] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\encry-data_3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\encry-data_3"), dwFlags=0x1) returned 1 [0092.390] VirtualFree (lpAddress=0xc000aec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.390] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00004bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00004bd4c*=0x158, lpOverlapped=0x0) returned 1 [0092.390] CloseHandle (hObject=0xec) returned 1 [0092.614] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-cookies-journal"), dwFlags=0x1) returned 1 [0092.614] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0092.615] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\current"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\encry-CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\encry-current"), dwFlags=0x1) returned 1 [0092.615] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0092.616] ReadFile (in: hFile=0xf4, lpBuffer=0xc00017a000, nNumberOfBytesToRead=0xb200, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc00017a000*, lpNumberOfBytesRead=0xc000069c04*=0xb000, lpOverlapped=0x0) returned 1 [0092.699] ReadFile (in: hFile=0xf4, lpBuffer=0xc000185000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc000185000*, lpNumberOfBytesRead=0xc000069c04*=0x0, lpOverlapped=0x0) returned 1 [0092.699] CloseHandle (hObject=0xf4) returned 1 [0092.699] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0092.700] VirtualAlloc (lpAddress=0xc000186000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0092.701] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0092.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0092.703] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000069d04 | out: lpMode=0xc000069d04) returned 0 [0092.710] GetFileType (hFile=0xf4) returned 0x1 [0092.710] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0092.710] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0092.710] WriteFile (in: hFile=0xf4, lpBuffer=0xc000186000*, nNumberOfBytesToWrite=0xb010, lpNumberOfBytesWritten=0xc000069cec, lpOverlapped=0x0 | out: lpBuffer=0xc000186000*, lpNumberOfBytesWritten=0xc000069cec*=0xb010, lpOverlapped=0x0) returned 1 [0092.712] CloseHandle (hObject=0xf4) returned 1 [0092.715] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0092.715] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0092.715] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0092.715] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000069d64 | out: lpMode=0xc000069d64) returned 0 [0092.724] GetFileType (hFile=0xf4) returned 0x1 [0092.724] WriteFile (in: hFile=0xf4, lpBuffer=0xc00007a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000069d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007a2c0*, lpNumberOfBytesWritten=0xc000069d4c*=0x158, lpOverlapped=0x0) returned 1 [0092.724] CloseHandle (hObject=0xf4) returned 1 [0092.727] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\encry-data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\encry-data_0"), dwFlags=0x1) returned 1 [0092.727] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0092.729] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0092.729] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0092.729] SetEvent (hEvent=0xc0) returned 1 [0092.729] SetEvent (hEvent=0x114) returned 1 [0092.729] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0092.730] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.732] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.734] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.735] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0092.735] SetEvent (hEvent=0x108) returned 1 [0092.735] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.736] GetFileType (hFile=0x150) returned 0x1 [0092.736] WriteFile (in: hFile=0x150, lpBuffer=0xc000144000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000144000*, lpNumberOfBytesWritten=0xc0004dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0092.737] CloseHandle (hObject=0x150) returned 1 [0092.745] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0092.745] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-current session"), dwFlags=0x1) returned 1 [0092.746] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.747] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0092.747] SetEvent (hEvent=0xc0) returned 1 [0092.747] SetEvent (hEvent=0x114) returned 1 [0092.747] SetEvent (hEvent=0x108) returned 1 [0092.747] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.750] SetEvent (hEvent=0x108) returned 1 [0092.750] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.757] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.758] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0092.758] SetEvent (hEvent=0x100) returned 1 [0092.758] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0092.762] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0092.763] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0092.763] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0092.764] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0092.764] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0092.775] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0092.781] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0092.785] SetEvent (hEvent=0x12c) returned 1 [0092.785] SetEvent (hEvent=0x100) returned 1 [0092.785] VirtualFree (lpAddress=0xc00014c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.786] VirtualFree (lpAddress=0xc000148000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.786] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.786] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.786] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.787] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.787] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.787] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.787] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e3818, lpReserved=0x0 | out: lpBuffer=0xc000586030*, lpNumberOfCharsWritten=0xc0006e3818*=0x3) returned 1 [0092.798] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0092.803] VirtualAlloc (lpAddress=0xc0000f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f6000 [0092.804] SetEvent (hEvent=0x12c) returned 1 [0092.804] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0092.810] SetEvent (hEvent=0x114) returned 1 [0092.810] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0092.838] SetEvent (hEvent=0x114) returned 1 [0092.839] SetEvent (hEvent=0x12c) returned 1 [0092.839] SwitchToThread () returned 1 [0092.869] GetFileType (hFile=0xf4) returned 0x1 [0092.869] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00012fd4c*=0x158, lpOverlapped=0x0) returned 1 [0092.869] CloseHandle (hObject=0xf4) returned 1 [0092.882] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\encry-LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\encry-lock"), dwFlags=0x1) returned 1 [0092.883] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010070*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000065818, lpReserved=0x0 | out: lpBuffer=0xc000010070*, lpNumberOfCharsWritten=0xc000065818*=0x3) returned 1 [0092.892] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010076*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00010d818, lpReserved=0x0 | out: lpBuffer=0xc000010076*, lpNumberOfCharsWritten=0xc00010d818*=0x3) returned 1 [0092.899] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0092.900] SwitchToThread () returned 1 [0092.911] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0092.913] SetEvent (hEvent=0x13c) returned 1 [0092.913] VirtualFree (lpAddress=0xc000170000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0092.914] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.914] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.914] VirtualFree (lpAddress=0xc000160000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0092.915] VirtualFree (lpAddress=0xc00015c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.915] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.915] VirtualFree (lpAddress=0xc0000f4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.915] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0092.916] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.916] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.917] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0092.917] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.917] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.917] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.918] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0092.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0092.918] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0092.919] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0092.919] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0092.926] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0092.929] SetEvent (hEvent=0xb8) returned 1 [0092.930] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0092.985] SetEvent (hEvent=0x13c) returned 1 [0092.985] SwitchToThread () returned 1 [0092.990] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0092.991] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0092.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0092.991] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0004d9cf4 | out: lpMode=0xc0004d9cf4) returned 0 [0093.004] SwitchToThread () returned 1 [0093.016] SwitchToThread () returned 1 [0093.016] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.017] SetEvent (hEvent=0xb8) returned 1 [0093.017] SetEvent (hEvent=0x13c) returned 1 [0093.017] VirtualFree (lpAddress=0xc000178000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.018] VirtualFree (lpAddress=0xc000166000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.018] VirtualFree (lpAddress=0xc00015a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.018] VirtualFree (lpAddress=0xc000154000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.019] VirtualFree (lpAddress=0xc0000ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.019] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.019] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0093.019] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.020] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.020] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.020] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.021] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.021] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.021] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.022] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.022] GetFileType (hFile=0xf4) returned 0x1 [0093.022] GetFileType (hFile=0xf4) returned 0x1 [0093.022] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc0004d9d44 | out: lpFileInformation=0xc0004d9d44) returned 1 [0093.022] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc0004d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004d9d28) returned 1 [0093.022] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0093.023] ReadFile (in: hFile=0xf4, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x29a, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc0004d9c04*=0x9a, lpOverlapped=0x0) returned 1 [0093.025] ReadFile (in: hFile=0xf4, lpBuffer=0xc00003c09a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c09a*, lpNumberOfBytesRead=0xc0004d9c04*=0x0, lpOverlapped=0x0) returned 1 [0093.025] CloseHandle (hObject=0xf4) returned 1 [0093.025] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0093.026] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0093.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0093.027] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0004d9d04 | out: lpMode=0xc0004d9d04) returned 0 [0093.030] GetFileType (hFile=0xf4) returned 0x1 [0093.030] WriteFile (in: hFile=0xf4, lpBuffer=0xc0003d0000*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0xc0004d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d0000*, lpNumberOfBytesWritten=0xc0004d9cec*=0xa0, lpOverlapped=0x0) returned 1 [0093.031] CloseHandle (hObject=0xf4) returned 1 [0093.036] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0093.037] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0093.037] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0093.038] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0093.038] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0004d9d64 | out: lpMode=0xc0004d9d64) returned 0 [0093.042] GetFileType (hFile=0xf4) returned 0x1 [0093.042] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0004d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0093.043] CloseHandle (hObject=0xf4) returned 1 [0093.044] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0093.045] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\encry-LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\encry-log"), dwFlags=0x1) returned 1 [0093.046] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586290*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000111818, lpReserved=0x0 | out: lpBuffer=0xc000586290*, lpNumberOfCharsWritten=0xc000111818*=0x3) returned 1 [0093.048] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.053] SetEvent (hEvent=0x12c) returned 1 [0093.053] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.061] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.070] SetEvent (hEvent=0xb8) returned 1 [0093.070] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0093.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0093.071] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000111cf4 | out: lpMode=0xc000111cf4) returned 0 [0093.077] GetFileType (hFile=0x14c) returned 0x1 [0093.077] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0093.078] GetFileType (hFile=0x14c) returned 0x1 [0093.078] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc000111d44 | out: lpFileInformation=0xc000111d44) returned 1 [0093.078] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc000111d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000111d28) returned 1 [0093.078] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0093.078] ReadFile (in: hFile=0x14c, lpBuffer=0xc0000e4000, nNumberOfBytesToRead=0x301, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesRead=0xc000111c04*=0x101, lpOverlapped=0x0) returned 1 [0093.080] ReadFile (in: hFile=0x14c, lpBuffer=0xc0000e4101, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4101*, lpNumberOfBytesRead=0xc000111c04*=0x0, lpOverlapped=0x0) returned 1 [0093.080] CloseHandle (hObject=0x14c) returned 1 [0093.080] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0093.080] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0093.082] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000111d04 | out: lpMode=0xc000111d04) returned 0 [0093.093] GetFileType (hFile=0x14c) returned 0x1 [0093.094] WriteFile (in: hFile=0x14c, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000111cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc000111cec*=0x110, lpOverlapped=0x0) returned 1 [0093.095] CloseHandle (hObject=0x14c) returned 1 [0093.097] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0093.097] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0093.097] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0093.097] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000111d64 | out: lpMode=0xc000111d64) returned 0 [0093.107] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.125] GetFileType (hFile=0x14c) returned 0x1 [0093.125] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.134] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.134] SetEvent (hEvent=0xb8) returned 1 [0093.134] SetEvent (hEvent=0x114) returned 1 [0093.134] SetEvent (hEvent=0x8c) returned 1 [0093.134] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.149] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0093.150] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0093.150] VirtualAlloc (lpAddress=0xc0000f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f8000 [0093.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0093.150] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00010dcf4 | out: lpMode=0xc00010dcf4) returned 0 [0093.215] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.221] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.226] SetEvent (hEvent=0x8c) returned 1 [0093.226] SetEvent (hEvent=0x13c) returned 1 [0093.226] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.226] VirtualFree (lpAddress=0xc000142000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0093.227] VirtualFree (lpAddress=0xc000132000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0093.227] VirtualFree (lpAddress=0xc000120000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0093.227] VirtualFree (lpAddress=0xc0000f4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.228] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.228] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.228] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.229] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.229] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0093.229] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000069cf4 | out: lpMode=0xc000069cf4) returned 0 [0093.264] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.368] GetFileType (hFile=0x144) returned 0x1 [0093.368] GetFileType (hFile=0x144) returned 0x1 [0093.368] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000069d44 | out: lpFileInformation=0xc000069d44) returned 1 [0093.368] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000069d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000069d28) returned 1 [0093.368] ReadFile (in: hFile=0x144, lpBuffer=0xc00013c000, nNumberOfBytesToRead=0x2ea, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013c000*, lpNumberOfBytesRead=0xc000069c04*=0xea, lpOverlapped=0x0) returned 1 [0093.369] ReadFile (in: hFile=0x144, lpBuffer=0xc00013c0ea, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013c0ea*, lpNumberOfBytesRead=0xc000069c04*=0x0, lpOverlapped=0x0) returned 1 [0093.369] CloseHandle (hObject=0x144) returned 1 [0093.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0093.371] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000069d04 | out: lpMode=0xc000069d04) returned 0 [0093.372] GetFileType (hFile=0x144) returned 0x1 [0093.372] WriteFile (in: hFile=0x144, lpBuffer=0xc00013e1e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000069cec, lpOverlapped=0x0 | out: lpBuffer=0xc00013e1e0*, lpNumberOfBytesWritten=0xc000069cec*=0xf0, lpOverlapped=0x0) returned 1 [0093.373] CloseHandle (hObject=0x144) returned 1 [0093.374] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0093.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0093.375] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000069d64 | out: lpMode=0xc000069d64) returned 0 [0093.376] GetFileType (hFile=0x144) returned 0x1 [0093.376] WriteFile (in: hFile=0x144, lpBuffer=0xc00015a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000069d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00015a000*, lpNumberOfBytesWritten=0xc000069d4c*=0x158, lpOverlapped=0x0) returned 1 [0093.376] CloseHandle (hObject=0x144) returned 1 [0093.377] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.378] VirtualFree (lpAddress=0xc00018a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0093.379] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.379] VirtualFree (lpAddress=0xc00014c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0093.379] VirtualFree (lpAddress=0xc0000f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.379] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.380] WriteFile (in: hFile=0x14c, lpBuffer=0xc00015a580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000111d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00015a580*, lpNumberOfBytesWritten=0xc000111d4c*=0x158, lpOverlapped=0x0) returned 1 [0093.380] CloseHandle (hObject=0x14c) returned 1 [0093.383] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.385] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c7818, lpReserved=0x0 | out: lpBuffer=0xc0001020a0*, lpNumberOfCharsWritten=0xc0000c7818*=0x3) returned 1 [0093.394] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020a6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012f818, lpReserved=0x0 | out: lpBuffer=0xc0001020a6*, lpNumberOfCharsWritten=0xc00012f818*=0x3) returned 1 [0093.406] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012d818, lpReserved=0x0 | out: lpBuffer=0xc0001020b0*, lpNumberOfCharsWritten=0xc00012d818*=0x3) returned 1 [0093.418] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020b6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc0001020b6*, lpNumberOfCharsWritten=0xc000117818*=0x3) returned 1 [0093.421] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.425] SetEvent (hEvent=0x12c) returned 1 [0093.425] SwitchToThread () returned 1 [0093.426] SetEvent (hEvent=0x12c) returned 1 [0093.426] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.427] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0093.427] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000b7cf4 | out: lpMode=0xc0000b7cf4) returned 0 [0093.438] GetFileType (hFile=0x128) returned 0x1 [0093.438] GetFileType (hFile=0x128) returned 0x1 [0093.438] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0000b7d44 | out: lpFileInformation=0xc0000b7d44) returned 1 [0093.438] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0000b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000b7d28) returned 1 [0093.438] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0093.439] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0093.439] ReadFile (in: hFile=0x128, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x2de, lpNumberOfBytesRead=0xc0000b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc0000b7c04*=0xde, lpOverlapped=0x0) returned 1 [0093.440] ReadFile (in: hFile=0x128, lpBuffer=0xc00003c0de, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c0de*, lpNumberOfBytesRead=0xc0000b7c04*=0x0, lpOverlapped=0x0) returned 1 [0093.440] CloseHandle (hObject=0x128) returned 1 [0093.440] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0093.440] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0093.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0093.442] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000b7d04 | out: lpMode=0xc0000b7d04) returned 0 [0093.443] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.445] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.451] SetEvent (hEvent=0x100) returned 1 [0093.451] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0093.452] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0093.452] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0093.452] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0093.452] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0093.456] GetFileType (hFile=0x144) returned 0x1 [0093.456] GetFileType (hFile=0x144) returned 0x1 [0093.456] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0093.457] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0093.457] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0093.457] ReadFile (in: hFile=0x144, lpBuffer=0xc00016c000, nNumberOfBytesToRead=0x2dd, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c000*, lpNumberOfBytesRead=0xc0006e1c04*=0xdd, lpOverlapped=0x0) returned 1 [0093.458] ReadFile (in: hFile=0x144, lpBuffer=0xc00016c0dd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c0dd*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0093.458] CloseHandle (hObject=0x144) returned 1 [0093.458] VirtualAlloc (lpAddress=0xc00016e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016e000 [0093.458] VirtualAlloc (lpAddress=0xc000170000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000170000 [0093.459] VirtualAlloc (lpAddress=0xc000172000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000172000 [0093.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0093.460] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0093.472] GetFileType (hFile=0x144) returned 0x1 [0093.472] WriteFile (in: hFile=0x144, lpBuffer=0xc000172000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000172000*, lpNumberOfBytesWritten=0xc0006e1cec*=0xe0, lpOverlapped=0x0) returned 1 [0093.473] CloseHandle (hObject=0x144) returned 1 [0093.477] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0093.477] VirtualAlloc (lpAddress=0xc000174000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000174000 [0093.477] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0093.478] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0093.478] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0093.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0093.479] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0093.535] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.596] SetEvent (hEvent=0x13c) returned 1 [0093.596] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.619] SetEvent (hEvent=0x100) returned 1 [0093.620] GetFileType (hFile=0x148) returned 0x1 [0093.620] WriteFile (in: hFile=0x148, lpBuffer=0xc00020e000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00010dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00020e000*, lpNumberOfBytesWritten=0xc00010dcec*=0xe0, lpOverlapped=0x0) returned 1 [0093.621] CloseHandle (hObject=0x148) returned 1 [0093.622] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0093.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0093.622] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00010dd64 | out: lpMode=0xc00010dd64) returned 0 [0093.625] GetFileType (hFile=0x148) returned 0x1 [0093.625] WriteFile (in: hFile=0x148, lpBuffer=0xc00017a420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00017a420*, lpNumberOfBytesWritten=0xc00010dd4c*=0x158, lpOverlapped=0x0) returned 1 [0093.625] CloseHandle (hObject=0x148) returned 1 [0093.636] VirtualAlloc (lpAddress=0xc0001c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c4000 [0093.637] VirtualAlloc (lpAddress=0xc0001c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c6000 [0093.637] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0093.638] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000129cf4 | out: lpMode=0xc000129cf4) returned 0 [0093.640] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.643] GetFileType (hFile=0x148) returned 0x1 [0093.643] GetFileType (hFile=0x148) returned 0x1 [0093.643] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000129d44 | out: lpFileInformation=0xc000129d44) returned 1 [0093.643] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000129d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000129d28) returned 1 [0093.644] ReadFile (in: hFile=0x148, lpBuffer=0xc0001c0e00, nNumberOfBytesToRead=0x323, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0e00*, lpNumberOfBytesRead=0xc000129c04*=0x123, lpOverlapped=0x0) returned 1 [0093.644] ReadFile (in: hFile=0x148, lpBuffer=0xc0001c0f23, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0f23*, lpNumberOfBytesRead=0xc000129c04*=0x0, lpOverlapped=0x0) returned 1 [0093.644] CloseHandle (hObject=0x148) returned 1 [0093.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0093.646] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000129d04 | out: lpMode=0xc000129d04) returned 0 [0093.646] GetFileType (hFile=0x148) returned 0x1 [0093.646] WriteFile (in: hFile=0x148, lpBuffer=0xc0001a8a00*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0xc000129cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001a8a00*, lpNumberOfBytesWritten=0xc000129cec*=0x130, lpOverlapped=0x0) returned 1 [0093.647] CloseHandle (hObject=0x148) returned 1 [0093.648] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0093.648] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0093.648] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000129d64 | out: lpMode=0xc000129d64) returned 0 [0093.649] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.661] GetFileType (hFile=0x148) returned 0x1 [0093.661] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0093.661] VirtualAlloc (lpAddress=0xc00017e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017e000 [0093.662] WriteFile (in: hFile=0x148, lpBuffer=0xc00017e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000129d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00017e000*, lpNumberOfBytesWritten=0xc000129d4c*=0x158, lpOverlapped=0x0) returned 1 [0093.662] CloseHandle (hObject=0x148) returned 1 [0093.666] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0093.666] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0093.667] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.667] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.668] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0093.668] SetEvent (hEvent=0xc0) returned 1 [0093.668] SetEvent (hEvent=0x12c) returned 1 [0093.668] SetEvent (hEvent=0x114) returned 1 [0093.668] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0093.669] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.673] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.673] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0093.673] SetEvent (hEvent=0x100) returned 1 [0093.674] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.676] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.677] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0093.677] SetEvent (hEvent=0x12c) returned 1 [0093.677] SetEvent (hEvent=0x13c) returned 1 [0093.677] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.681] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.720] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0093.720] SetEvent (hEvent=0x12c) returned 1 [0093.720] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.729] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.730] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0093.730] SetEvent (hEvent=0x12c) returned 1 [0093.730] SetEvent (hEvent=0x13c) returned 1 [0093.730] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.737] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.739] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0093.739] SetEvent (hEvent=0x12c) returned 1 [0093.739] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.745] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.746] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0093.746] SetEvent (hEvent=0xc0) returned 1 [0093.746] SetEvent (hEvent=0x100) returned 1 [0093.746] SetEvent (hEvent=0x13c) returned 1 [0093.747] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.747] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.751] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0093.751] SetEvent (hEvent=0x100) returned 1 [0093.752] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.767] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.768] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0093.768] SetEvent (hEvent=0xc0) returned 1 [0093.768] SetEvent (hEvent=0x12c) returned 1 [0093.768] SetEvent (hEvent=0x114) returned 1 [0093.769] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.773] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.773] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.777] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0093.777] SetEvent (hEvent=0x114) returned 1 [0093.778] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.781] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.782] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0093.782] SetEvent (hEvent=0x100) returned 1 [0093.782] SetEvent (hEvent=0x13c) returned 1 [0093.783] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.784] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.789] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0093.789] SetEvent (hEvent=0x100) returned 1 [0093.789] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.814] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.814] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.815] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0093.815] SetEvent (hEvent=0xc0) returned 1 [0093.815] SetEvent (hEvent=0x114) returned 1 [0093.815] SetEvent (hEvent=0x12c) returned 1 [0093.816] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.817] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.817] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.857] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.857] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.858] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0093.858] SetEvent (hEvent=0xc0) returned 1 [0093.858] SetEvent (hEvent=0x114) returned 1 [0093.858] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.880] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0093.880] SetEvent (hEvent=0x8c) returned 1 [0093.880] SetEvent (hEvent=0x12c) returned 1 [0093.880] SetEvent (hEvent=0xb8) returned 1 [0093.881] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.883] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.883] SetEvent (hEvent=0xb8) returned 1 [0093.883] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.887] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0093.887] SetEvent (hEvent=0x100) returned 1 [0093.887] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.898] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0093.899] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0093.904] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.909] GetFileType (hFile=0x150) returned 0x1 [0093.909] GetFileType (hFile=0x150) returned 0x1 [0093.909] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0093.909] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0093.909] ReadFile (in: hFile=0x150, lpBuffer=0xc0001de000, nNumberOfBytesToRead=0x2e6, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de000*, lpNumberOfBytesRead=0xc000241c04*=0xe6, lpOverlapped=0x0) returned 1 [0093.910] ReadFile (in: hFile=0x150, lpBuffer=0xc0001de0e6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de0e6*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0093.910] CloseHandle (hObject=0x150) returned 1 [0093.910] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0093.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0093.912] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0093.913] GetFileType (hFile=0x150) returned 0x1 [0093.913] WriteFile (in: hFile=0x150, lpBuffer=0xc0001e04b0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e04b0*, lpNumberOfBytesWritten=0xc000241cec*=0xf0, lpOverlapped=0x0) returned 1 [0093.914] CloseHandle (hObject=0x150) returned 1 [0093.980] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0093.985] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0093.985] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0093.985] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0093.985] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0093.986] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0093.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0093.986] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0093.992] GetFileType (hFile=0x144) returned 0x1 [0093.992] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0093.992] CloseHandle (hObject=0x144) returned 1 [0093.996] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.997] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0093.997] SetEvent (hEvent=0xb8) returned 1 [0093.997] SetEvent (hEvent=0x114) returned 1 [0093.997] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0093.998] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.009] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.009] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.018] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.018] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.018] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.019] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0094.019] SetEvent (hEvent=0xc0) returned 1 [0094.019] SetEvent (hEvent=0x114) returned 1 [0094.019] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.024] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.026] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0094.026] SetEvent (hEvent=0xc0) returned 1 [0094.026] SetEvent (hEvent=0x100) returned 1 [0094.027] SetEvent (hEvent=0x8c) returned 1 [0094.027] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.029] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.034] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0094.034] SetEvent (hEvent=0x100) returned 1 [0094.034] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.049] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.049] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0094.050] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0094.051] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0094.051] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000249cf4 | out: lpMode=0xc000249cf4) returned 0 [0094.058] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.066] SetEvent (hEvent=0x8c) returned 1 [0094.066] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.066] SetEvent (hEvent=0x8c) returned 1 [0094.066] SetEvent (hEvent=0x114) returned 1 [0094.066] VirtualFree (lpAddress=0xc000260000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.066] VirtualFree (lpAddress=0xc0001fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.067] VirtualFree (lpAddress=0xc0001fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.067] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.067] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.067] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.067] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.068] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.068] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.068] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.068] GetFileType (hFile=0x148) returned 0x1 [0094.068] GetFileType (hFile=0x148) returned 0x1 [0094.068] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000259d44 | out: lpFileInformation=0xc000259d44) returned 1 [0094.068] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000259d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000259d28) returned 1 [0094.068] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0094.069] ReadFile (in: hFile=0x148, lpBuffer=0xc000264000, nNumberOfBytesToRead=0x2dd, lpNumberOfBytesRead=0xc000259c04, lpOverlapped=0x0 | out: lpBuffer=0xc000264000*, lpNumberOfBytesRead=0xc000259c04*=0xdd, lpOverlapped=0x0) returned 1 [0094.070] ReadFile (in: hFile=0x148, lpBuffer=0xc0002640dd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000259c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002640dd*, lpNumberOfBytesRead=0xc000259c04*=0x0, lpOverlapped=0x0) returned 1 [0094.070] CloseHandle (hObject=0x148) returned 1 [0094.070] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0094.070] VirtualAlloc (lpAddress=0xc000268000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000268000 [0094.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0094.072] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000259d04 | out: lpMode=0xc000259d04) returned 0 [0094.072] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.073] GetFileType (hFile=0x148) returned 0x1 [0094.073] WriteFile (in: hFile=0x148, lpBuffer=0xc000268000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000259cec, lpOverlapped=0x0 | out: lpBuffer=0xc000268000*, lpNumberOfBytesWritten=0xc000259cec*=0xe0, lpOverlapped=0x0) returned 1 [0094.074] CloseHandle (hObject=0x148) returned 1 [0094.087] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0094.087] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0094.088] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0094.088] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000259d64 | out: lpMode=0xc000259d64) returned 0 [0094.089] GetFileType (hFile=0x148) returned 0x1 [0094.089] WriteFile (in: hFile=0x148, lpBuffer=0xc0000dc160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000259d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc160*, lpNumberOfBytesWritten=0xc000259d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.089] CloseHandle (hObject=0x148) returned 1 [0094.090] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0094.090] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.091] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.092] SetEvent (hEvent=0x8c) returned 1 [0094.092] SetEvent (hEvent=0x114) returned 1 [0094.092] VirtualFree (lpAddress=0xc000264000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.092] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.093] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.093] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.093] GetFileType (hFile=0xf4) returned 0x1 [0094.093] GetFileType (hFile=0xf4) returned 0x1 [0094.093] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc00023fd44 | out: lpFileInformation=0xc00023fd44) returned 1 [0094.094] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc00023fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023fd28) returned 1 [0094.094] VirtualAlloc (lpAddress=0xc00026c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026c000 [0094.094] ReadFile (in: hFile=0xf4, lpBuffer=0xc00026c000, nNumberOfBytesToRead=0x2e4, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00026c000*, lpNumberOfBytesRead=0xc00023fc04*=0xe4, lpOverlapped=0x0) returned 1 [0094.095] ReadFile (in: hFile=0xf4, lpBuffer=0xc00026c0e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00026c0e4*, lpNumberOfBytesRead=0xc00023fc04*=0x0, lpOverlapped=0x0) returned 1 [0094.095] CloseHandle (hObject=0xf4) returned 1 [0094.095] VirtualAlloc (lpAddress=0xc00026e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026e000 [0094.096] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0094.097] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00023fd04 | out: lpMode=0xc00023fd04) returned 0 [0094.098] GetFileType (hFile=0xf4) returned 0x1 [0094.098] WriteFile (in: hFile=0xf4, lpBuffer=0xc00026e1e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00023fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00026e1e0*, lpNumberOfBytesWritten=0xc00023fcec*=0xf0, lpOverlapped=0x0) returned 1 [0094.099] CloseHandle (hObject=0xf4) returned 1 [0094.100] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0094.101] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0094.101] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00023fd64 | out: lpMode=0xc00023fd64) returned 0 [0094.107] GetFileType (hFile=0xf4) returned 0x1 [0094.107] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc00023fd4c*=0x158, lpOverlapped=0x0) returned 1 [0094.108] CloseHandle (hObject=0xf4) returned 1 [0094.109] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0094.110] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00010dcf4 | out: lpMode=0xc00010dcf4) returned 0 [0094.111] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.115] SwitchToThread () returned 1 [0094.120] SetEvent (hEvent=0x8c) returned 1 [0094.120] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.134] SetEvent (hEvent=0x8c) returned 1 [0094.134] SetEvent (hEvent=0x114) returned 1 [0094.134] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586370*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000047818, lpReserved=0x0 | out: lpBuffer=0xc000586370*, lpNumberOfCharsWritten=0xc000047818*=0x3) returned 1 [0094.137] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.148] SetEvent (hEvent=0x8c) returned 1 [0094.148] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.163] SetEvent (hEvent=0x8c) returned 1 [0094.163] SetEvent (hEvent=0xb8) returned 1 [0094.163] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0094.163] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0004dbcf4 | out: lpMode=0xc0004dbcf4) returned 0 [0094.166] GetFileType (hFile=0x144) returned 0x1 [0094.166] GetFileType (hFile=0x144) returned 0x1 [0094.166] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0004dbd44 | out: lpFileInformation=0xc0004dbd44) returned 1 [0094.166] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0004dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dbd28) returned 1 [0094.166] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0094.166] ReadFile (in: hFile=0x144, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x2e3, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc0004dbc04*=0xe3, lpOverlapped=0x0) returned 1 [0094.167] ReadFile (in: hFile=0x144, lpBuffer=0xc00006c0e3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c0e3*, lpNumberOfBytesRead=0xc0004dbc04*=0x0, lpOverlapped=0x0) returned 1 [0094.167] CloseHandle (hObject=0x144) returned 1 [0094.167] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0094.168] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0094.168] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0094.169] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0004dbd04 | out: lpMode=0xc0004dbd04) returned 0 [0094.170] GetFileType (hFile=0x144) returned 0x1 [0094.170] WriteFile (in: hFile=0x144, lpBuffer=0xc0000501e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0004dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000501e0*, lpNumberOfBytesWritten=0xc0004dbcec*=0xf0, lpOverlapped=0x0) returned 1 [0094.171] CloseHandle (hObject=0x144) returned 1 [0094.173] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0094.173] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0094.173] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0094.174] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0094.174] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0094.174] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0004dbd64 | out: lpMode=0xc0004dbd64) returned 0 [0094.178] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.179] GetFileType (hFile=0x144) returned 0x1 [0094.179] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0004dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0094.179] CloseHandle (hObject=0x144) returned 1 [0094.180] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.181] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.181] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0094.181] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000253cf4 | out: lpMode=0xc000253cf4) returned 0 [0094.182] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.187] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.188] SetEvent (hEvent=0x13c) returned 1 [0094.188] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.191] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0094.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0094.192] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000047cf4 | out: lpMode=0xc000047cf4) returned 0 [0094.210] GetFileType (hFile=0x14c) returned 0x1 [0094.210] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0094.210] GetFileType (hFile=0x14c) returned 0x1 [0094.211] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc000047d44 | out: lpFileInformation=0xc000047d44) returned 1 [0094.211] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc000047d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000047d28) returned 1 [0094.211] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0094.211] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0094.212] ReadFile (in: hFile=0x14c, lpBuffer=0xc000184000, nNumberOfBytesToRead=0x2dd, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc000184000*, lpNumberOfBytesRead=0xc000047c04*=0xdd, lpOverlapped=0x0) returned 1 [0094.213] ReadFile (in: hFile=0x14c, lpBuffer=0xc0001840dd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001840dd*, lpNumberOfBytesRead=0xc000047c04*=0x0, lpOverlapped=0x0) returned 1 [0094.213] CloseHandle (hObject=0x14c) returned 1 [0094.213] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0094.214] VirtualAlloc (lpAddress=0xc000188000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000188000 [0094.214] VirtualAlloc (lpAddress=0xc00018a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00018a000 [0094.214] VirtualAlloc (lpAddress=0xc00018c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00018c000 [0094.215] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0094.216] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000047d04 | out: lpMode=0xc000047d04) returned 0 [0094.228] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.236] SetEvent (hEvent=0x100) returned 1 [0094.236] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.338] SetEvent (hEvent=0x8c) returned 1 [0094.338] SetEvent (hEvent=0x100) returned 1 [0094.338] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.427] SetEvent (hEvent=0x13c) returned 1 [0094.427] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.434] SetEvent (hEvent=0x8c) returned 1 [0094.435] SetEvent (hEvent=0xb8) returned 1 [0094.435] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.436] SetEvent (hEvent=0x100) returned 1 [0094.436] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.462] GetFileType (hFile=0x128) returned 0x1 [0094.462] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0094.463] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0094.463] WriteFile (in: hFile=0x128, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000115d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc000115d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.463] CloseHandle (hObject=0x128) returned 1 [0094.465] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.466] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.467] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.467] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0094.467] SetEvent (hEvent=0xc0) returned 1 [0094.467] SetEvent (hEvent=0x9c) returned 1 [0094.467] SetEvent (hEvent=0x108) returned 1 [0094.467] SetEvent (hEvent=0x114) returned 1 [0094.468] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.473] SetEvent (hEvent=0xb8) returned 1 [0094.473] SetEvent (hEvent=0x9c) returned 1 [0094.473] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.474] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.475] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0094.475] SetEvent (hEvent=0x8c) returned 1 [0094.475] SetEvent (hEvent=0x100) returned 1 [0094.475] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.478] GetFileType (hFile=0xf4) returned 0x1 [0094.478] GetFileType (hFile=0xf4) returned 0x1 [0094.478] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc00010dd44 | out: lpFileInformation=0xc00010dd44) returned 1 [0094.478] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc00010dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010dd28) returned 1 [0094.478] ReadFile (in: hFile=0xf4, lpBuffer=0xc00014c300, nNumberOfBytesToRead=0x2d9, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00014c300*, lpNumberOfBytesRead=0xc00010dc04*=0xd9, lpOverlapped=0x0) returned 1 [0094.479] ReadFile (in: hFile=0xf4, lpBuffer=0xc00014c3d9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00014c3d9*, lpNumberOfBytesRead=0xc00010dc04*=0x0, lpOverlapped=0x0) returned 1 [0094.479] CloseHandle (hObject=0xf4) returned 1 [0094.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0094.481] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00010dd04 | out: lpMode=0xc00010dd04) returned 0 [0094.488] GetFileType (hFile=0xf4) returned 0x1 [0094.488] WriteFile (in: hFile=0xf4, lpBuffer=0xc0001440e0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00010dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001440e0*, lpNumberOfBytesWritten=0xc00010dcec*=0xe0, lpOverlapped=0x0) returned 1 [0094.489] CloseHandle (hObject=0xf4) returned 1 [0094.492] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0094.493] VirtualAlloc (lpAddress=0xc0000ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ec000 [0094.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0094.493] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00010dd64 | out: lpMode=0xc00010dd64) returned 0 [0094.508] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.518] GetFileType (hFile=0xf4) returned 0x1 [0094.518] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00010dd4c*=0x158, lpOverlapped=0x0) returned 1 [0094.518] CloseHandle (hObject=0xf4) returned 1 [0094.519] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.520] SetEvent (hEvent=0x8c) returned 1 [0094.520] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.570] SetEvent (hEvent=0x108) returned 1 [0094.570] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.573] SetEvent (hEvent=0x13c) returned 1 [0094.573] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.582] SetEvent (hEvent=0x8c) returned 1 [0094.582] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.621] SetEvent (hEvent=0x114) returned 1 [0094.621] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.658] SetEvent (hEvent=0x108) returned 1 [0094.658] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.668] SetEvent (hEvent=0x114) returned 1 [0094.668] VirtualFree (lpAddress=0xc0001d0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0094.668] VirtualFree (lpAddress=0xc0000f4000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0094.669] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.669] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.669] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.670] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.670] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.670] VirtualFree (lpAddress=0xc00004e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.670] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.671] GetFileType (hFile=0x144) returned 0x1 [0094.671] WriteFile (in: hFile=0x144, lpBuffer=0xc000056420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000056420*, lpNumberOfBytesWritten=0xc00012dd4c*=0x158, lpOverlapped=0x0) returned 1 [0094.671] CloseHandle (hObject=0x144) returned 1 [0094.672] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0094.673] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0094.673] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.674] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.675] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0094.675] SetEvent (hEvent=0xc0) returned 1 [0094.675] SetEvent (hEvent=0x114) returned 1 [0094.675] SetEvent (hEvent=0x108) returned 1 [0094.676] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.678] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.678] SetEvent (hEvent=0x108) returned 1 [0094.678] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.726] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.727] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0094.727] SetEvent (hEvent=0xc0) returned 1 [0094.727] SetEvent (hEvent=0x114) returned 1 [0094.727] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.741] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.743] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0094.743] SetEvent (hEvent=0x8c) returned 1 [0094.743] SetEvent (hEvent=0x9c) returned 1 [0094.743] VirtualAlloc (lpAddress=0xc00016e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016e000 [0094.745] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.745] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.745] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.751] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.751] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0094.751] SetEvent (hEvent=0x114) returned 1 [0094.751] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.759] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.760] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.760] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.760] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0094.760] SetEvent (hEvent=0xc0) returned 1 [0094.760] SetEvent (hEvent=0x8c) returned 1 [0094.760] SetEvent (hEvent=0x9c) returned 1 [0094.761] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.764] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.767] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0094.767] SetEvent (hEvent=0x8c) returned 1 [0094.767] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.770] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.771] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0094.771] SetEvent (hEvent=0x108) returned 1 [0094.771] SetEvent (hEvent=0x9c) returned 1 [0094.771] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.775] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.782] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0094.782] SetEvent (hEvent=0x9c) returned 1 [0094.782] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.806] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0094.806] SetEvent (hEvent=0x13c) returned 1 [0094.806] SetEvent (hEvent=0x108) returned 1 [0094.806] SetEvent (hEvent=0x100) returned 1 [0094.806] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.809] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.809] SetEvent (hEvent=0x108) returned 1 [0094.809] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.814] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.814] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.816] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0094.816] SetEvent (hEvent=0xc0) returned 1 [0094.816] SetEvent (hEvent=0x114) returned 1 [0094.816] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.886] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.886] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0094.886] SetEvent (hEvent=0x8c) returned 1 [0094.886] SetEvent (hEvent=0x9c) returned 1 [0094.887] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.890] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.890] SetEvent (hEvent=0x9c) returned 1 [0094.890] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0094.895] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.895] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.895] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0094.895] SetEvent (hEvent=0x9c) returned 1 [0094.896] SetEvent (hEvent=0x100) returned 1 [0094.896] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.904] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0094.904] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.905] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.905] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.905] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.905] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.905] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.905] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.905] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1)) returned 1 [0094.923] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.925] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0094.925] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0094.925] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0094.926] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.927] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.927] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0094.927] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.927] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0094.928] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0094.928] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.928] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.928] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.928] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0094.929] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.929] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0094.929] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0094.930] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce)) returned 1 [0094.930] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.930] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.930] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.930] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.930] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.930] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.931] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce)) returned 1 [0094.934] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.934] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.934] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.934] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.934] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.934] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.934] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8)) returned 1 [0094.935] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.935] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0094.935] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0094.935] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0094.935] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0094.935] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0094.935] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0094.936] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8)) returned 1 [0094.946] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0094.960] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0094.965] SetEvent (hEvent=0x100) returned 1 [0094.965] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.026] SetEvent (hEvent=0x114) returned 1 [0095.026] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0095.027] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0095.027] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0095.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0095.028] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0000c3cf4 | out: lpMode=0xc0000c3cf4) returned 0 [0095.032] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.033] SetEvent (hEvent=0xc0) returned 1 [0095.033] SetEvent (hEvent=0x114) returned 1 [0095.034] GetFileType (hFile=0x14c) returned 0x1 [0095.034] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.057] SetEvent (hEvent=0x8c) returned 1 [0095.057] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.130] SetEvent (hEvent=0x100) returned 1 [0095.130] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.154] GetFileType (hFile=0x148) returned 0x1 [0095.154] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d8000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc000111cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesWritten=0xc000111cec*=0xd0, lpOverlapped=0x0) returned 1 [0095.155] CloseHandle (hObject=0x148) returned 1 [0095.156] VirtualAlloc (lpAddress=0xc00013c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013c000 [0095.157] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0095.157] VirtualAlloc (lpAddress=0xc00013e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013e000 [0095.157] VirtualAlloc (lpAddress=0xc000140000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000140000 [0095.158] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0095.158] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000111d64 | out: lpMode=0xc000111d64) returned 0 [0095.168] GetFileType (hFile=0x148) returned 0x1 [0095.168] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000111d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000111d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.169] CloseHandle (hObject=0x148) returned 1 [0095.169] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0095.170] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0095.170] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.171] SwitchToThread () returned 1 [0095.173] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.183] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.186] SetEvent (hEvent=0x100) returned 1 [0095.186] SwitchToThread () returned 1 [0095.190] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.199] SetEvent (hEvent=0x100) returned 1 [0095.199] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.200] SetEvent (hEvent=0x8c) returned 1 [0095.200] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.218] SetEvent (hEvent=0x100) returned 1 [0095.218] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.245] SetEvent (hEvent=0x9c) returned 1 [0095.245] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100e0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004df818, lpReserved=0x0 | out: lpBuffer=0xc0000100e0*, lpNumberOfCharsWritten=0xc0004df818*=0x3) returned 1 [0095.256] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100e6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000067818, lpReserved=0x0 | out: lpBuffer=0xc0000100e6*, lpNumberOfCharsWritten=0xc000067818*=0x3) returned 1 [0095.271] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.272] SetEvent (hEvent=0x8c) returned 1 [0095.272] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0095.319] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0095.324] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.332] SetEvent (hEvent=0x114) returned 1 [0095.332] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.333] SetEvent (hEvent=0x100) returned 1 [0095.334] SetEvent (hEvent=0x114) returned 1 [0095.334] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.383] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.388] SetEvent (hEvent=0x114) returned 1 [0095.388] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.389] SetEvent (hEvent=0xb8) returned 1 [0095.389] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.394] SwitchToThread () returned 1 [0095.400] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.413] SetEvent (hEvent=0x114) returned 1 [0095.413] SetEvent (hEvent=0x100) returned 1 [0095.413] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xfc [0095.413] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc0000ebcf4 | out: lpMode=0xc0000ebcf4) returned 0 [0095.416] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.422] SetEvent (hEvent=0x114) returned 1 [0095.422] GetFileType (hFile=0xfc) returned 0x1 [0095.422] GetFileType (hFile=0xfc) returned 0x1 [0095.422] GetFileInformationByHandle (in: hFile=0xfc, lpFileInformation=0xc0000ebd44 | out: lpFileInformation=0xc0000ebd44) returned 1 [0095.422] GetFileInformationByHandleEx (in: hFile=0xfc, FileInformationClass=0x9, lpFileInformation=0xc0000ebd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000ebd28) returned 1 [0095.422] ReadFile (in: hFile=0xfc, lpBuffer=0xc0000d8300, nNumberOfBytesToRead=0x2c3, lpNumberOfBytesRead=0xc0000ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8300*, lpNumberOfBytesRead=0xc0000ebc04*=0xc3, lpOverlapped=0x0) returned 1 [0095.424] ReadFile (in: hFile=0xfc, lpBuffer=0xc0000d83c3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d83c3*, lpNumberOfBytesRead=0xc0000ebc04*=0x0, lpOverlapped=0x0) returned 1 [0095.424] CloseHandle (hObject=0xfc) returned 1 [0095.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0095.425] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc0000ebd04 | out: lpMode=0xc0000ebd04) returned 0 [0095.425] GetFileType (hFile=0xfc) returned 0x1 [0095.426] WriteFile (in: hFile=0xfc, lpBuffer=0xc0000500d0*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc0000ebcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000500d0*, lpNumberOfBytesWritten=0xc0000ebcec*=0xd0, lpOverlapped=0x0) returned 1 [0095.427] CloseHandle (hObject=0xfc) returned 1 [0095.428] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0095.429] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0095.429] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0095.429] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0095.430] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc0000ebd64 | out: lpMode=0xc0000ebd64) returned 0 [0095.436] GetFileType (hFile=0xfc) returned 0x1 [0095.436] WriteFile (in: hFile=0xfc, lpBuffer=0xc0000ce2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000ebd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce2c0*, lpNumberOfBytesWritten=0xc0000ebd4c*=0x158, lpOverlapped=0x0) returned 1 [0095.436] CloseHandle (hObject=0xfc) returned 1 [0095.443] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.444] SwitchToThread () returned 1 [0095.445] SetEvent (hEvent=0x114) returned 1 [0095.445] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.447] SetEvent (hEvent=0x100) returned 1 [0095.447] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.456] SetEvent (hEvent=0x114) returned 1 [0095.456] SetEvent (hEvent=0xb8) returned 1 [0095.457] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.465] SetEvent (hEvent=0xb8) returned 1 [0095.465] VirtualFree (lpAddress=0xc000142000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.465] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.466] VirtualFree (lpAddress=0xc0000ec000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.466] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.466] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.466] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0095.467] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0095.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0095.467] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00004bcf4 | out: lpMode=0xc00004bcf4) returned 0 [0095.480] GetFileType (hFile=0xf4) returned 0x1 [0095.480] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0095.480] GetFileType (hFile=0xf4) returned 0x1 [0095.480] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc00004bd44 | out: lpFileInformation=0xc00004bd44) returned 1 [0095.480] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc00004bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00004bd28) returned 1 [0095.480] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0095.481] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0095.481] ReadFile (in: hFile=0xf4, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x2e0, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc00004bc04*=0xe0, lpOverlapped=0x0) returned 1 [0095.483] ReadFile (in: hFile=0xf4, lpBuffer=0xc00004e0e0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e0e0*, lpNumberOfBytesRead=0xc00004bc04*=0x0, lpOverlapped=0x0) returned 1 [0095.483] CloseHandle (hObject=0xf4) returned 1 [0095.483] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0095.483] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0095.484] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0095.484] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.486] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00004bd04 | out: lpMode=0xc00004bd04) returned 0 [0095.523] GetFileType (hFile=0xf4) returned 0x1 [0095.523] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000521e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00004bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000521e0*, lpNumberOfBytesWritten=0xc00004bcec*=0xf0, lpOverlapped=0x0) returned 1 [0095.524] CloseHandle (hObject=0xf4) returned 1 [0095.525] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0095.525] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0095.526] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0095.526] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0095.527] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0095.527] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.528] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00004bd64 | out: lpMode=0xc00004bd64) returned 0 [0095.533] GetFileType (hFile=0xf4) returned 0x1 [0095.533] WriteFile (in: hFile=0xf4, lpBuffer=0xc00007c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00004bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007c2c0*, lpNumberOfBytesWritten=0xc00004bd4c*=0x158, lpOverlapped=0x0) returned 1 [0095.533] CloseHandle (hObject=0xf4) returned 1 [0095.534] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.535] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.587] SetEvent (hEvent=0x13c) returned 1 [0095.587] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.594] SetEvent (hEvent=0x13c) returned 1 [0095.594] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0095.596] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000e5cf4 | out: lpMode=0xc0000e5cf4) returned 0 [0095.597] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.598] GetFileType (hFile=0xf4) returned 0x1 [0095.598] GetFileType (hFile=0xf4) returned 0x1 [0095.598] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc0000e5d44 | out: lpFileInformation=0xc0000e5d44) returned 1 [0095.598] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc0000e5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000e5d28) returned 1 [0095.599] VirtualAlloc (lpAddress=0xc0001ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ba000 [0095.599] ReadFile (in: hFile=0xf4, lpBuffer=0xc0001ba000, nNumberOfBytesToRead=0x308, lpNumberOfBytesRead=0xc0000e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ba000*, lpNumberOfBytesRead=0xc0000e5c04*=0x108, lpOverlapped=0x0) returned 1 [0095.600] ReadFile (in: hFile=0xf4, lpBuffer=0xc0001ba108, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ba108*, lpNumberOfBytesRead=0xc0000e5c04*=0x0, lpOverlapped=0x0) returned 1 [0095.600] CloseHandle (hObject=0xf4) returned 1 [0095.600] VirtualAlloc (lpAddress=0xc0001bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001bc000 [0095.601] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.602] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000e5d04 | out: lpMode=0xc0000e5d04) returned 0 [0095.602] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.618] GetFileType (hFile=0xf4) returned 0x1 [0095.618] WriteFile (in: hFile=0xf4, lpBuffer=0xc0001bc000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc0000e5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001bc000*, lpNumberOfBytesWritten=0xc0000e5cec*=0x110, lpOverlapped=0x0) returned 1 [0095.619] CloseHandle (hObject=0xf4) returned 1 [0095.620] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0095.620] VirtualAlloc (lpAddress=0xc0001be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001be000 [0095.620] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0095.621] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.621] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000e5d64 | out: lpMode=0xc0000e5d64) returned 0 [0095.635] GetFileType (hFile=0xf4) returned 0x1 [0095.635] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000e5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0000e5d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.635] CloseHandle (hObject=0xf4) returned 1 [0095.636] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.637] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0095.637] SetEvent (hEvent=0x9c) returned 1 [0095.637] SetEvent (hEvent=0x114) returned 1 [0095.637] VirtualAlloc (lpAddress=0xc0001c8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c8000 [0095.639] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.654] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.654] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0095.654] SetEvent (hEvent=0x114) returned 1 [0095.655] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.660] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.661] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0095.661] SetEvent (hEvent=0xc0) returned 1 [0095.661] SetEvent (hEvent=0x9c) returned 1 [0095.661] SetEvent (hEvent=0x100) returned 1 [0095.661] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.665] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.670] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0095.670] SetEvent (hEvent=0x9c) returned 1 [0095.670] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.678] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.678] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0095.678] SetEvent (hEvent=0xc0) returned 1 [0095.678] SetEvent (hEvent=0x100) returned 1 [0095.678] SetEvent (hEvent=0x13c) returned 1 [0095.679] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.683] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.696] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0095.696] SetEvent (hEvent=0x13c) returned 1 [0095.696] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.725] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.725] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0095.725] SetEvent (hEvent=0x100) returned 1 [0095.725] SetEvent (hEvent=0x8c) returned 1 [0095.725] VirtualAlloc (lpAddress=0xc0001d0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d0000 [0095.726] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.734] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.734] SetEvent (hEvent=0x100) returned 1 [0095.735] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.747] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0095.747] SetEvent (hEvent=0x100) returned 1 [0095.747] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.782] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0095.782] SetEvent (hEvent=0x13c) returned 1 [0095.782] SetEvent (hEvent=0x8c) returned 1 [0095.782] SetEvent (hEvent=0xb8) returned 1 [0095.782] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.788] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.788] SetEvent (hEvent=0x9c) returned 1 [0095.788] SetEvent (hEvent=0x8c) returned 1 [0095.788] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.793] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.793] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.794] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.794] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0095.794] SetEvent (hEvent=0x8c) returned 1 [0095.794] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.808] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.808] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.808] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0095.808] SetEvent (hEvent=0x8c) returned 1 [0095.808] SetEvent (hEvent=0x9c) returned 1 [0095.809] VirtualAlloc (lpAddress=0xc0001d8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d8000 [0095.810] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.813] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.817] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0095.817] SetEvent (hEvent=0x8c) returned 1 [0095.817] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.850] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.851] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0095.851] SetEvent (hEvent=0x9c) returned 1 [0095.851] SetEvent (hEvent=0x100) returned 1 [0095.852] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.860] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.860] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.867] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.868] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.868] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0095.868] SetEvent (hEvent=0xc0) returned 1 [0095.868] SetEvent (hEvent=0x114) returned 1 [0095.868] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.887] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0095.887] SetEvent (hEvent=0x8c) returned 1 [0095.887] SetEvent (hEvent=0x9c) returned 1 [0095.888] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.892] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.892] SetEvent (hEvent=0x9c) returned 1 [0095.892] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.894] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.894] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.895] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0095.895] SetEvent (hEvent=0x9c) returned 1 [0095.895] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xfc [0095.896] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc0000c7cf4 | out: lpMode=0xc0000c7cf4) returned 0 [0095.906] GetFileType (hFile=0xfc) returned 0x1 [0095.906] GetFileType (hFile=0xfc) returned 0x1 [0095.906] GetFileInformationByHandle (in: hFile=0xfc, lpFileInformation=0xc0000c7d44 | out: lpFileInformation=0xc0000c7d44) returned 1 [0095.906] GetFileInformationByHandleEx (in: hFile=0xfc, FileInformationClass=0x9, lpFileInformation=0xc0000c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c7d28) returned 1 [0095.906] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0095.907] ReadFile (in: hFile=0xfc, lpBuffer=0xc0001c2000, nNumberOfBytesToRead=0x1c33, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c2000*, lpNumberOfBytesRead=0xc0000c7c04*=0x1a33, lpOverlapped=0x0) returned 1 [0095.919] ReadFile (in: hFile=0xfc, lpBuffer=0xc0001c3a33, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c3a33*, lpNumberOfBytesRead=0xc0000c7c04*=0x0, lpOverlapped=0x0) returned 1 [0095.920] CloseHandle (hObject=0xfc) returned 1 [0095.920] VirtualAlloc (lpAddress=0xc0001c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c4000 [0095.920] VirtualAlloc (lpAddress=0xc0001e0000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e0000 [0095.921] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0095.922] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc0000c7d04 | out: lpMode=0xc0000c7d04) returned 0 [0095.925] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.927] GetFileType (hFile=0xfc) returned 0x1 [0095.927] WriteFile (in: hFile=0xfc, lpBuffer=0xc0001e0000*, nNumberOfBytesToWrite=0x1a40, lpNumberOfBytesWritten=0xc0000c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e0000*, lpNumberOfBytesWritten=0xc0000c7cec*=0x1a40, lpOverlapped=0x0) returned 1 [0095.928] CloseHandle (hObject=0xfc) returned 1 [0095.932] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0095.932] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0095.933] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0095.933] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0095.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0095.934] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc0000c7d64 | out: lpMode=0xc0000c7d64) returned 0 [0095.937] GetFileType (hFile=0xfc) returned 0x1 [0095.937] WriteFile (in: hFile=0xfc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.937] CloseHandle (hObject=0xfc) returned 1 [0095.941] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\encry-128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\encry-128.png"), dwFlags=0x1) returned 1 [0095.942] VirtualFree (lpAddress=0xc000142000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.942] VirtualFree (lpAddress=0xc00013a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0095.943] VirtualFree (lpAddress=0xc000134000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.943] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.943] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.943] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0095.944] VirtualFree (lpAddress=0xc00006c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0095.944] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0095.944] GetFileType (hFile=0x14c) returned 0x1 [0095.944] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000115d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000115d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.945] CloseHandle (hObject=0x14c) returned 1 [0095.946] VirtualAlloc (lpAddress=0xc0001f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f0000 [0095.947] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.948] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0095.948] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0095.950] GetFileType (hFile=0x14c) returned 0x1 [0095.950] GetFileType (hFile=0x14c) returned 0x1 [0095.950] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0095.950] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0095.950] ReadFile (in: hFile=0x14c, lpBuffer=0xc0001ee700, nNumberOfBytesToRead=0x309, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ee700*, lpNumberOfBytesRead=0xc0006ddc04*=0x109, lpOverlapped=0x0) returned 1 [0095.952] ReadFile (in: hFile=0x14c, lpBuffer=0xc0001ee809, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ee809*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0095.952] CloseHandle (hObject=0x14c) returned 1 [0095.952] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0095.953] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0095.958] GetFileType (hFile=0x14c) returned 0x1 [0095.959] WriteFile (in: hFile=0x14c, lpBuffer=0xc0003d2360*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2360*, lpNumberOfBytesWritten=0xc0006ddcec*=0x110, lpOverlapped=0x0) returned 1 [0095.960] CloseHandle (hObject=0x14c) returned 1 [0095.961] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0095.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0095.961] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0095.974] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0095.978] SetEvent (hEvent=0x100) returned 1 [0095.978] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.002] SetEvent (hEvent=0x13c) returned 1 [0096.002] SetEvent (hEvent=0x9c) returned 1 [0096.002] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.036] SetEvent (hEvent=0x114) returned 1 [0096.036] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.038] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.039] SetEvent (hEvent=0x114) returned 1 [0096.039] SetEvent (hEvent=0x13c) returned 1 [0096.039] VirtualFree (lpAddress=0xc0001f6000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0096.039] VirtualFree (lpAddress=0xc0001c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.040] VirtualFree (lpAddress=0xc000150000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0096.040] VirtualFree (lpAddress=0xc0000ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.041] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.041] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.041] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.041] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.042] GetFileType (hFile=0xec) returned 0x1 [0096.042] WriteFile (in: hFile=0xec, lpBuffer=0xc000056120*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc000187cec, lpOverlapped=0x0 | out: lpBuffer=0xc000056120*, lpNumberOfBytesWritten=0xc000187cec*=0x90, lpOverlapped=0x0) returned 1 [0096.043] CloseHandle (hObject=0xec) returned 1 [0096.044] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0096.044] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0096.045] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0096.045] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000187d64 | out: lpMode=0xc000187d64) returned 0 [0096.046] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.048] GetFileType (hFile=0xec) returned 0x1 [0096.048] WriteFile (in: hFile=0xec, lpBuffer=0xc000158420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000187d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000158420*, lpNumberOfBytesWritten=0xc000187d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.048] CloseHandle (hObject=0xec) returned 1 [0096.052] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\encry-icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\encry-icon_16.png"), dwFlags=0x1) returned 1 [0096.053] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.070] SetEvent (hEvent=0x114) returned 1 [0096.070] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.071] SetEvent (hEvent=0x13c) returned 1 [0096.071] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.077] SwitchToThread () returned 1 [0096.079] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.079] SetEvent (hEvent=0x114) returned 1 [0096.079] SetEvent (hEvent=0x13c) returned 1 [0096.080] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.080] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.080] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.080] GetFileType (hFile=0x150) returned 0x1 [0096.081] WriteFile (in: hFile=0x150, lpBuffer=0xc000158000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000158000*, lpNumberOfBytesWritten=0xc0004dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0096.081] CloseHandle (hObject=0x150) returned 1 [0096.089] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.090] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.090] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.090] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.090] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e72c10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e72c10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.090] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.090] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.091] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.091] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e74b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9)) returned 1 [0096.091] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.091] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.091] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.092] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e72c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.092] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.092] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.092] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.092] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9)) returned 1 [0096.095] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.095] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.095] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.095] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.095] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.096] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.096] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103)) returned 1 [0096.096] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.096] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.096] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.096] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.097] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.097] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.097] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.097] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103)) returned 1 [0096.101] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.101] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0096.102] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.102] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.102] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e98d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e98d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.102] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.102] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.102] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.103] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e98d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e99540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfb)) returned 1 [0096.103] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0096.103] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0096.103] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0096.103] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ebeed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ebeed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0096.104] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ec0640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0xf3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0096.104] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0096.104] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0096.104] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ebeed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ec0640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xd3d59700, ftLastWriteTime.dwHighDateTime=0x1d10aaf, nFileSizeHigh=0x0, nFileSizeLow=0xf3)) returned 1 [0096.108] SetEvent (hEvent=0xb8) returned 1 [0096.109] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.110] SetEvent (hEvent=0x114) returned 1 [0096.110] SwitchToThread () returned 1 [0096.111] SetEvent (hEvent=0x114) returned 1 [0096.111] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.112] SetEvent (hEvent=0x114) returned 1 [0096.112] SetEvent (hEvent=0xb8) returned 1 [0096.112] SetEvent (hEvent=0x9c) returned 1 [0096.112] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.122] GetFileType (hFile=0xf4) returned 0x1 [0096.122] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0096.122] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0096.122] WriteFile (in: hFile=0xf4, lpBuffer=0xc000164000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00016fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000164000*, lpNumberOfBytesWritten=0xc00016fd4c*=0x158, lpOverlapped=0x0) returned 1 [0096.123] CloseHandle (hObject=0xf4) returned 1 [0096.125] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0096.125] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0096.125] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0096.126] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0096.126] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\encry-computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\encry-computed_hashes.json"), dwFlags=0x1) returned 1 [0096.127] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.129] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.129] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0096.129] SetEvent (hEvent=0xb8) returned 1 [0096.130] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.130] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.130] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.139] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.140] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.140] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0096.140] SetEvent (hEvent=0xc0) returned 1 [0096.140] SetEvent (hEvent=0x114) returned 1 [0096.140] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.161] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.162] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0096.162] SetEvent (hEvent=0x13c) returned 1 [0096.162] SetEvent (hEvent=0xb8) returned 1 [0096.162] SetEvent (hEvent=0x8c) returned 1 [0096.163] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.165] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.165] SetEvent (hEvent=0xb8) returned 1 [0096.166] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.170] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.171] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.171] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0096.171] SetEvent (hEvent=0x100) returned 1 [0096.171] SetEvent (hEvent=0xb8) returned 1 [0096.172] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.178] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.178] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0096.178] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0096.178] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0096.179] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000113cf4 | out: lpMode=0xc000113cf4) returned 0 [0096.193] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.206] GetFileType (hFile=0xf4) returned 0x1 [0096.206] GetFileType (hFile=0xf4) returned 0x1 [0096.206] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000113d44 | out: lpFileInformation=0xc000113d44) returned 1 [0096.206] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000113d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000113d28) returned 1 [0096.206] ReadFile (in: hFile=0xf4, lpBuffer=0xc000060000, nNumberOfBytesToRead=0x303, lpNumberOfBytesRead=0xc000113c04, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesRead=0xc000113c04*=0x103, lpOverlapped=0x0) returned 1 [0096.207] ReadFile (in: hFile=0xf4, lpBuffer=0xc000060103, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000113c04, lpOverlapped=0x0 | out: lpBuffer=0xc000060103*, lpNumberOfBytesRead=0xc000113c04*=0x0, lpOverlapped=0x0) returned 1 [0096.207] CloseHandle (hObject=0xf4) returned 1 [0096.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0096.209] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000113d04 | out: lpMode=0xc000113d04) returned 0 [0096.219] GetFileType (hFile=0xf4) returned 0x1 [0096.219] WriteFile (in: hFile=0xf4, lpBuffer=0xc00006e000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000113cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesWritten=0xc000113cec*=0x110, lpOverlapped=0x0) returned 1 [0096.220] CloseHandle (hObject=0xf4) returned 1 [0096.222] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0096.222] VirtualAlloc (lpAddress=0xc000190000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000190000 [0096.222] VirtualAlloc (lpAddress=0xc000192000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000192000 [0096.223] VirtualAlloc (lpAddress=0xc000194000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000194000 [0096.223] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0096.223] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000113d64 | out: lpMode=0xc000113d64) returned 0 [0096.232] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.245] SetEvent (hEvent=0xb8) returned 1 [0096.245] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.434] SetEvent (hEvent=0xb8) returned 1 [0096.434] SetEvent (hEvent=0x9c) returned 1 [0096.434] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.436] SetEvent (hEvent=0xb8) returned 1 [0096.436] SetEvent (hEvent=0x12c) returned 1 [0096.436] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.549] SetEvent (hEvent=0x100) returned 1 [0096.549] SwitchToThread () returned 1 [0096.550] SetEvent (hEvent=0x100) returned 1 [0096.550] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.567] SetEvent (hEvent=0xb8) returned 1 [0096.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0096.567] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00010fcf4 | out: lpMode=0xc00010fcf4) returned 0 [0096.577] GetFileType (hFile=0x128) returned 0x1 [0096.577] GetFileType (hFile=0x128) returned 0x1 [0096.577] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00010fd44 | out: lpFileInformation=0xc00010fd44) returned 1 [0096.577] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00010fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010fd28) returned 1 [0096.577] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0096.578] ReadFile (in: hFile=0x128, lpBuffer=0xc000070000, nNumberOfBytesToRead=0x325, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesRead=0xc00010fc04*=0x125, lpOverlapped=0x0) returned 1 [0096.579] ReadFile (in: hFile=0x128, lpBuffer=0xc000070125, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000070125*, lpNumberOfBytesRead=0xc00010fc04*=0x0, lpOverlapped=0x0) returned 1 [0096.579] CloseHandle (hObject=0x128) returned 1 [0096.579] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0096.580] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00010fd04 | out: lpMode=0xc00010fd04) returned 0 [0096.591] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.592] GetFileType (hFile=0x128) returned 0x1 [0096.592] WriteFile (in: hFile=0x128, lpBuffer=0xc0003ca140*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0xc00010fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003ca140*, lpNumberOfBytesWritten=0xc00010fcec*=0x130, lpOverlapped=0x0) returned 1 [0096.593] CloseHandle (hObject=0x128) returned 1 [0096.597] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082501 | out: pbBuffer=0xc000082501) returned 1 [0096.597] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0096.597] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0096.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0096.598] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00010fd64 | out: lpMode=0xc00010fd64) returned 0 [0096.598] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.641] GetFileType (hFile=0x128) returned 0x1 [0096.641] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.644] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.649] SetEvent (hEvent=0x8c) returned 1 [0096.649] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0096.649] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0096.650] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0096.650] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0096.650] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x164 [0096.651] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc00013dcf4 | out: lpMode=0xc00013dcf4) returned 0 [0096.659] GetFileType (hFile=0x164) returned 0x1 [0096.659] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0096.659] GetFileType (hFile=0x164) returned 0x1 [0096.659] GetFileInformationByHandle (in: hFile=0x164, lpFileInformation=0xc00013dd44 | out: lpFileInformation=0xc00013dd44) returned 1 [0096.659] GetFileInformationByHandleEx (in: hFile=0x164, FileInformationClass=0x9, lpFileInformation=0xc00013dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013dd28) returned 1 [0096.659] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0096.660] ReadFile (in: hFile=0x164, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x2da, lpNumberOfBytesRead=0xc00013dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc00013dc04*=0xda, lpOverlapped=0x0) returned 1 [0096.661] ReadFile (in: hFile=0x164, lpBuffer=0xc0000ee0da, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee0da*, lpNumberOfBytesRead=0xc00013dc04*=0x0, lpOverlapped=0x0) returned 1 [0096.661] CloseHandle (hObject=0x164) returned 1 [0096.661] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0096.661] VirtualAlloc (lpAddress=0xc0000f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f2000 [0096.661] VirtualAlloc (lpAddress=0xc0000f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f4000 [0096.662] VirtualAlloc (lpAddress=0xc0000f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f6000 [0096.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0096.663] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc00013dd04 | out: lpMode=0xc00013dd04) returned 0 [0096.677] GetFileType (hFile=0x164) returned 0x1 [0096.677] WriteFile (in: hFile=0x164, lpBuffer=0xc0000f6000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00013dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000f6000*, lpNumberOfBytesWritten=0xc00013dcec*=0xe0, lpOverlapped=0x0) returned 1 [0096.678] CloseHandle (hObject=0x164) returned 1 [0096.684] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0096.684] VirtualAlloc (lpAddress=0xc0000f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f8000 [0096.685] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0096.685] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0096.686] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0096.686] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0096.686] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc00013dd64 | out: lpMode=0xc00013dd64) returned 0 [0096.698] GetFileType (hFile=0x164) returned 0x1 [0096.698] WriteFile (in: hFile=0x164, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc00013dd4c*=0x158, lpOverlapped=0x0) returned 1 [0096.698] CloseHandle (hObject=0x164) returned 1 [0096.700] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.701] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.703] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.703] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0096.703] SetEvent (hEvent=0xc0) returned 1 [0096.704] SetEvent (hEvent=0x9c) returned 1 [0096.704] SetEvent (hEvent=0xb8) returned 1 [0096.704] VirtualAlloc (lpAddress=0xc000190000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000190000 [0096.705] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.706] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.707] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0096.707] SetEvent (hEvent=0x8c) returned 1 [0096.707] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.717] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.717] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0096.717] SetEvent (hEvent=0x12c) returned 1 [0096.717] SetEvent (hEvent=0x9c) returned 1 [0096.718] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.722] SetEvent (hEvent=0x100) returned 1 [0096.722] SetEvent (hEvent=0xb8) returned 1 [0096.722] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.727] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.729] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0096.729] SetEvent (hEvent=0x12c) returned 1 [0096.729] SetEvent (hEvent=0xb8) returned 1 [0096.729] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.733] GetFileType (hFile=0x168) returned 0x1 [0096.733] WriteFile (in: hFile=0x168, lpBuffer=0xc000146420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000151d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000146420*, lpNumberOfBytesWritten=0xc000151d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.733] CloseHandle (hObject=0x168) returned 1 [0096.736] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0096.737] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0096.737] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.739] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.740] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.740] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0096.740] SetEvent (hEvent=0xc0) returned 1 [0096.740] SetEvent (hEvent=0x12c) returned 1 [0096.740] SetEvent (hEvent=0x100) returned 1 [0096.741] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.743] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.812] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.813] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0096.813] SetEvent (hEvent=0xc0) returned 1 [0096.813] SetEvent (hEvent=0x8c) returned 1 [0096.813] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.861] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0096.861] SetEvent (hEvent=0x9c) returned 1 [0096.861] SetEvent (hEvent=0x100) returned 1 [0096.861] VirtualAlloc (lpAddress=0xc00019c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019c000 [0096.863] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.867] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.867] SetEvent (hEvent=0x100) returned 1 [0096.867] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.869] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.870] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.870] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0096.870] SetEvent (hEvent=0x100) returned 1 [0096.870] SetEvent (hEvent=0x8c) returned 1 [0096.871] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.874] GetFileType (hFile=0x16c) returned 0x1 [0096.874] WriteFile (in: hFile=0x16c, lpBuffer=0xc000146160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000146160*, lpNumberOfBytesWritten=0xc00013fd4c*=0x158, lpOverlapped=0x0) returned 1 [0096.874] CloseHandle (hObject=0x16c) returned 1 [0096.875] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.876] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.878] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0096.878] SetEvent (hEvent=0xc0) returned 1 [0096.878] SetEvent (hEvent=0x100) returned 1 [0096.878] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0096.881] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.881] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.886] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.887] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0096.887] SetEvent (hEvent=0x100) returned 1 [0096.887] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0096.888] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0096.894] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.899] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.922] SetEvent (hEvent=0x12c) returned 1 [0096.922] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.925] SetEvent (hEvent=0x100) returned 1 [0096.925] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.930] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.964] SetEvent (hEvent=0x12c) returned 1 [0096.964] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0096.964] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000277cf4 | out: lpMode=0xc000277cf4) returned 0 [0096.968] GetFileType (hFile=0x144) returned 0x1 [0096.968] GetFileType (hFile=0x144) returned 0x1 [0096.968] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000277d44 | out: lpFileInformation=0xc000277d44) returned 1 [0096.968] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000277d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000277d28) returned 1 [0096.968] ReadFile (in: hFile=0x144, lpBuffer=0xc000050300, nNumberOfBytesToRead=0x2f3, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc000050300*, lpNumberOfBytesRead=0xc000277c04*=0xf3, lpOverlapped=0x0) returned 1 [0096.969] ReadFile (in: hFile=0x144, lpBuffer=0xc0000503f3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000503f3*, lpNumberOfBytesRead=0xc000277c04*=0x0, lpOverlapped=0x0) returned 1 [0096.969] CloseHandle (hObject=0x144) returned 1 [0096.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0096.970] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000277d04 | out: lpMode=0xc000277d04) returned 0 [0096.976] GetFileType (hFile=0x144) returned 0x1 [0096.976] WriteFile (in: hFile=0x144, lpBuffer=0xc000000700*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc000277cec, lpOverlapped=0x0 | out: lpBuffer=0xc000000700*, lpNumberOfBytesWritten=0xc000277cec*=0x100, lpOverlapped=0x0) returned 1 [0096.977] CloseHandle (hObject=0x144) returned 1 [0096.977] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0096.978] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0096.978] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000277d64 | out: lpMode=0xc000277d64) returned 0 [0096.979] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.982] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.985] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.987] SetEvent (hEvent=0x12c) returned 1 [0096.987] SetEvent (hEvent=0x8c) returned 1 [0096.987] SetEvent (hEvent=0x9c) returned 1 [0096.987] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.994] SwitchToThread () returned 1 [0096.995] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0096.996] SetEvent (hEvent=0x13c) returned 1 [0096.996] VirtualFree (lpAddress=0xc0001d2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0096.996] VirtualFree (lpAddress=0xc0001ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.997] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.997] VirtualFree (lpAddress=0xc000166000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.997] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.997] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.997] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.998] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.998] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.998] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.998] GetFileType (hFile=0x16c) returned 0x1 [0096.998] GetFileType (hFile=0x16c) returned 0x1 [0096.999] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0096.999] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0096.999] ReadFile (in: hFile=0x16c, lpBuffer=0xc0000dc380, nNumberOfBytesToRead=0x319, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc380*, lpNumberOfBytesRead=0xc000117c04*=0x119, lpOverlapped=0x0) returned 1 [0097.000] ReadFile (in: hFile=0x16c, lpBuffer=0xc0000dc499, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc499*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0097.000] CloseHandle (hObject=0x16c) returned 1 [0097.000] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0097.000] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0097.001] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0097.013] GetFileType (hFile=0x16c) returned 0x1 [0097.013] WriteFile (in: hFile=0x16c, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc000117cec*=0x120, lpOverlapped=0x0) returned 1 [0097.014] CloseHandle (hObject=0x16c) returned 1 [0097.014] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0097.014] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0097.014] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0097.014] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0097.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0097.015] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0097.021] GetFileType (hFile=0x16c) returned 0x1 [0097.021] WriteFile (in: hFile=0x16c, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.021] CloseHandle (hObject=0x16c) returned 1 [0097.022] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.022] SetEvent (hEvent=0x13c) returned 1 [0097.022] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.136] SetEvent (hEvent=0x9c) returned 1 [0097.136] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.216] SetEvent (hEvent=0x8c) returned 1 [0097.216] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.223] SetEvent (hEvent=0xb8) returned 1 [0097.223] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.226] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0097.226] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0097.227] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0097.227] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000185cf4 | out: lpMode=0xc000185cf4) returned 0 [0097.227] GetFileType (hFile=0x148) returned 0x1 [0097.227] GetFileType (hFile=0x148) returned 0x1 [0097.228] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000185d44 | out: lpFileInformation=0xc000185d44) returned 1 [0097.228] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000185d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000185d28) returned 1 [0097.228] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0097.228] ReadFile (in: hFile=0x148, lpBuffer=0xc00007a000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000185c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesRead=0xc000185c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.229] ReadFile (in: hFile=0x148, lpBuffer=0xc00007a0b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000185c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a0b3*, lpNumberOfBytesRead=0xc000185c04*=0x0, lpOverlapped=0x0) returned 1 [0097.229] CloseHandle (hObject=0x148) returned 1 [0097.229] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0097.229] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0097.230] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000185d04 | out: lpMode=0xc000185d04) returned 0 [0097.234] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.234] GetFileType (hFile=0x148) returned 0x1 [0097.234] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.237] WriteFile (in: hFile=0x148, lpBuffer=0xc000280000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000185cec, lpOverlapped=0x0 | out: lpBuffer=0xc000280000*, lpNumberOfBytesWritten=0xc000185cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.238] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.247] CloseHandle (hObject=0x148) returned 1 [0097.247] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.274] SetEvent (hEvent=0x8c) returned 1 [0097.274] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.317] SetEvent (hEvent=0x12c) returned 1 [0097.317] SwitchToThread () returned 1 [0097.333] SetEvent (hEvent=0x12c) returned 1 [0097.333] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.346] SetEvent (hEvent=0x12c) returned 1 [0097.346] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.348] SetEvent (hEvent=0x13c) returned 1 [0097.348] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.350] VirtualAlloc (lpAddress=0xc00022e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00022e000 [0097.350] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0097.351] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000275cf4 | out: lpMode=0xc000275cf4) returned 0 [0097.352] GetFileType (hFile=0x144) returned 0x1 [0097.352] GetFileType (hFile=0x144) returned 0x1 [0097.352] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000275d44 | out: lpFileInformation=0xc000275d44) returned 1 [0097.352] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000275d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000275d28) returned 1 [0097.353] ReadFile (in: hFile=0x144, lpBuffer=0xc000138000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc000138000*, lpNumberOfBytesRead=0xc000275c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.354] ReadFile (in: hFile=0x144, lpBuffer=0xc0001380b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001380b3*, lpNumberOfBytesRead=0xc000275c04*=0x0, lpOverlapped=0x0) returned 1 [0097.354] CloseHandle (hObject=0x144) returned 1 [0097.354] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0097.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0097.355] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000275d04 | out: lpMode=0xc000275d04) returned 0 [0097.357] GetFileType (hFile=0x144) returned 0x1 [0097.357] WriteFile (in: hFile=0x144, lpBuffer=0xc000220000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000275cec, lpOverlapped=0x0 | out: lpBuffer=0xc000220000*, lpNumberOfBytesWritten=0xc000275cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.358] CloseHandle (hObject=0x144) returned 1 [0097.358] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0097.359] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0097.359] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000275d64 | out: lpMode=0xc000275d64) returned 0 [0097.364] GetFileType (hFile=0x144) returned 0x1 [0097.364] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000275d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000275d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.364] CloseHandle (hObject=0x144) returned 1 [0097.365] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.365] SwitchToThread () returned 1 [0097.372] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0097.372] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0097.379] GetFileType (hFile=0x148) returned 0x1 [0097.379] GetFileType (hFile=0x148) returned 0x1 [0097.379] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0097.379] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0097.379] ReadFile (in: hFile=0x148, lpBuffer=0xc0001382c0, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001382c0*, lpNumberOfBytesRead=0xc000241c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.380] ReadFile (in: hFile=0x148, lpBuffer=0xc000138373, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc000138373*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0097.380] CloseHandle (hObject=0x148) returned 1 [0097.380] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0097.382] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0097.383] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.383] SetEvent (hEvent=0xc0) returned 1 [0097.383] SetEvent (hEvent=0x12c) returned 1 [0097.384] GetFileType (hFile=0x148) returned 0x1 [0097.384] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.388] WriteFile (in: hFile=0x148, lpBuffer=0xc000220180*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc000220180*, lpNumberOfBytesWritten=0xc000241cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.389] CloseHandle (hObject=0x148) returned 1 [0097.389] VirtualAlloc (lpAddress=0xc0002a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a0000 [0097.390] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0097.390] VirtualAlloc (lpAddress=0xc0002a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a2000 [0097.390] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0097.391] VirtualAlloc (lpAddress=0xc0002a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a6000 [0097.391] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0097.391] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0097.401] GetFileType (hFile=0x148) returned 0x1 [0097.401] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.402] CloseHandle (hObject=0x148) returned 1 [0097.402] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.403] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0097.403] SetEvent (hEvent=0x8c) returned 1 [0097.403] SetEvent (hEvent=0xb8) returned 1 [0097.403] VirtualAlloc (lpAddress=0xc0002a8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a8000 [0097.404] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.408] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.408] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.416] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.416] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0097.416] SetEvent (hEvent=0x12c) returned 1 [0097.417] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.431] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0097.431] SetEvent (hEvent=0xb8) returned 1 [0097.431] SetEvent (hEvent=0x9c) returned 1 [0097.431] SetEvent (hEvent=0x8c) returned 1 [0097.431] VirtualAlloc (lpAddress=0xc0002b0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b0000 [0097.433] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.436] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.436] SetEvent (hEvent=0x9c) returned 1 [0097.436] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.439] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.439] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.440] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.440] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0097.440] SetEvent (hEvent=0x15c) returned 1 [0097.440] SetEvent (hEvent=0x9c) returned 1 [0097.440] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.444] GetFileType (hFile=0x144) returned 0x1 [0097.444] WriteFile (in: hFile=0x144, lpBuffer=0xc000166000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0006e3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000166000*, lpNumberOfBytesWritten=0xc0006e3cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.445] CloseHandle (hObject=0x144) returned 1 [0097.446] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0097.446] VirtualAlloc (lpAddress=0xc0002b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b8000 [0097.446] VirtualAlloc (lpAddress=0xc0002ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ba000 [0097.447] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0097.447] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0097.447] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0006e3d64 | out: lpMode=0xc0006e3d64) returned 0 [0097.456] GetFileType (hFile=0x144) returned 0x1 [0097.457] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006e3d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.457] CloseHandle (hObject=0x144) returned 1 [0097.457] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.458] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0097.458] SetEvent (hEvent=0xb8) returned 1 [0097.458] SetEvent (hEvent=0x12c) returned 1 [0097.458] SetEvent (hEvent=0x100) returned 1 [0097.459] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.468] SetEvent (hEvent=0x15c) returned 1 [0097.468] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.474] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.475] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.475] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0097.475] SetEvent (hEvent=0xc0) returned 1 [0097.475] SetEvent (hEvent=0x15c) returned 1 [0097.475] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.495] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0097.495] SetEvent (hEvent=0x9c) returned 1 [0097.495] SetEvent (hEvent=0x100) returned 1 [0097.496] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.501] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.501] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.515] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.515] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0097.515] SetEvent (hEvent=0x8c) returned 1 [0097.515] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.533] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0097.533] SetEvent (hEvent=0x100) returned 1 [0097.533] SetEvent (hEvent=0x9c) returned 1 [0097.533] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0097.534] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.540] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.540] SetEvent (hEvent=0x9c) returned 1 [0097.540] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.545] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.545] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.546] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0097.546] SetEvent (hEvent=0x9c) returned 1 [0097.546] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.547] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.547] GetFileType (hFile=0x148) returned 0x1 [0097.547] WriteFile (in: hFile=0x148, lpBuffer=0xc0001660c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0004dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001660c0*, lpNumberOfBytesWritten=0xc0004dfcec*=0xc0, lpOverlapped=0x0) returned 1 [0097.548] CloseHandle (hObject=0x148) returned 1 [0097.548] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0097.548] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0097.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0097.549] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0004dfd64 | out: lpMode=0xc0004dfd64) returned 0 [0097.555] GetFileType (hFile=0x148) returned 0x1 [0097.555] WriteFile (in: hFile=0x148, lpBuffer=0xc00027e420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00027e420*, lpNumberOfBytesWritten=0xc0004dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0097.555] CloseHandle (hObject=0x148) returned 1 [0097.555] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.556] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.559] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.559] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0097.559] SetEvent (hEvent=0x9c) returned 1 [0097.559] VirtualAlloc (lpAddress=0xc0002c8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c8000 [0097.561] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.561] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.564] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.565] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0097.565] SetEvent (hEvent=0x13c) returned 1 [0097.565] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.565] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.565] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.565] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.566] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.566] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.566] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.566] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.567] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.567] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.567] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.567] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.567] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.567] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.567] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.569] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.577] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.584] SetEvent (hEvent=0x9c) returned 1 [0097.584] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.585] SetEvent (hEvent=0x15c) returned 1 [0097.585] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.588] SetEvent (hEvent=0x13c) returned 1 [0097.588] SwitchToThread () returned 1 [0097.589] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.590] SetEvent (hEvent=0x9c) returned 1 [0097.590] SetEvent (hEvent=0x13c) returned 1 [0097.590] SetEvent (hEvent=0x8c) returned 1 [0097.590] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.596] SwitchToThread () returned 1 [0097.701] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.706] SetEvent (hEvent=0x9c) returned 1 [0097.706] SetEvent (hEvent=0x8c) returned 1 [0097.706] GetFileType (hFile=0xec) returned 0x1 [0097.706] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0000c1d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.707] CloseHandle (hObject=0xec) returned 1 [0097.707] VirtualAlloc (lpAddress=0xc0002d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d0000 [0097.707] VirtualAlloc (lpAddress=0xc0002d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d2000 [0097.707] VirtualAlloc (lpAddress=0xc0002d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d4000 [0097.707] VirtualAlloc (lpAddress=0xc0002d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d6000 [0097.708] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.709] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586360*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018f818, lpReserved=0x0 | out: lpBuffer=0xc000586360*, lpNumberOfCharsWritten=0xc00018f818*=0x3) returned 1 [0097.713] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586366*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000189818, lpReserved=0x0 | out: lpBuffer=0xc000586366*, lpNumberOfCharsWritten=0xc000189818*=0x3) returned 1 [0097.722] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000257818, lpReserved=0x0 | out: lpBuffer=0xc0005863b0*, lpNumberOfCharsWritten=0xc000257818*=0x3) returned 1 [0097.724] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.729] VirtualAlloc (lpAddress=0xc0001da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001da000 [0097.729] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.730] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0280*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000049818, lpReserved=0x0 | out: lpBuffer=0xc0000a0280*, lpNumberOfCharsWritten=0xc000049818*=0x3) returned 1 [0097.732] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0286*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000047818, lpReserved=0x0 | out: lpBuffer=0xc0000a0286*, lpNumberOfCharsWritten=0xc000047818*=0x3) returned 1 [0097.735] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.737] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00013d818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc00013d818*=0x3) returned 1 [0097.742] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.745] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0097.745] SetEvent (hEvent=0x8c) returned 1 [0097.745] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.746] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000141818, lpReserved=0x0 | out: lpBuffer=0xc0005862c0*, lpNumberOfCharsWritten=0xc000141818*=0x3) returned 1 [0097.747] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862c6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000143818, lpReserved=0x0 | out: lpBuffer=0xc0005862c6*, lpNumberOfCharsWritten=0xc000143818*=0x3) returned 1 [0097.757] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.760] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a04e0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000151818, lpReserved=0x0 | out: lpBuffer=0xc0000a04e0*, lpNumberOfCharsWritten=0xc000151818*=0x3) returned 1 [0097.761] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.763] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000171818, lpReserved=0x0 | out: lpBuffer=0xc000102080*, lpNumberOfCharsWritten=0xc000171818*=0x3) returned 1 [0097.773] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102086*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000259818, lpReserved=0x0 | out: lpBuffer=0xc000102086*, lpNumberOfCharsWritten=0xc000259818*=0x3) returned 1 [0097.784] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102140*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00010f818, lpReserved=0x0 | out: lpBuffer=0xc000102140*, lpNumberOfCharsWritten=0xc00010f818*=0x3) returned 1 [0097.791] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.803] SetEvent (hEvent=0x9c) returned 1 [0097.803] SetEvent (hEvent=0x12c) returned 1 [0097.803] SetEvent (hEvent=0x13c) returned 1 [0097.803] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.807] SetEvent (hEvent=0x8c) returned 1 [0097.807] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.808] SetEvent (hEvent=0x12c) returned 1 [0097.808] VirtualFree (lpAddress=0xc0001da000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.809] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.809] VirtualFree (lpAddress=0xc00005c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.809] VirtualFree (lpAddress=0xc0001f4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.809] SetEvent (hEvent=0x8c) returned 1 [0097.809] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.825] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.838] SetEvent (hEvent=0x8c) returned 1 [0097.838] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.840] SetEvent (hEvent=0x100) returned 1 [0097.840] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.842] SetEvent (hEvent=0x12c) returned 1 [0097.842] SwitchToThread () returned 1 [0097.844] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.846] SetEvent (hEvent=0x8c) returned 1 [0097.846] SetEvent (hEvent=0x12c) returned 1 [0097.846] SetEvent (hEvent=0x13c) returned 1 [0097.846] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.859] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.865] SetEvent (hEvent=0x13c) returned 1 [0097.865] SetEvent (hEvent=0x100) returned 1 [0097.865] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.871] SetEvent (hEvent=0x13c) returned 1 [0097.871] SetEvent (hEvent=0x9c) returned 1 [0097.871] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.882] SetEvent (hEvent=0x13c) returned 1 [0097.882] SetEvent (hEvent=0x9c) returned 1 [0097.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0097.883] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000119cf4 | out: lpMode=0xc000119cf4) returned 0 [0097.886] GetFileType (hFile=0x154) returned 0x1 [0097.886] GetFileType (hFile=0x154) returned 0x1 [0097.886] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc000119d44 | out: lpFileInformation=0xc000119d44) returned 1 [0097.886] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc000119d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000119d28) returned 1 [0097.886] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0097.887] ReadFile (in: hFile=0x154, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000119c04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc000119c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.888] ReadFile (in: hFile=0x154, lpBuffer=0xc0000360b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000119c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000360b3*, lpNumberOfBytesRead=0xc000119c04*=0x0, lpOverlapped=0x0) returned 1 [0097.888] CloseHandle (hObject=0x154) returned 1 [0097.888] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0097.888] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0097.889] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0097.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.890] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000119d04 | out: lpMode=0xc000119d04) returned 0 [0097.891] GetFileType (hFile=0x154) returned 0x1 [0097.891] WriteFile (in: hFile=0x154, lpBuffer=0xc0000600c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000119cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000600c0*, lpNumberOfBytesWritten=0xc000119cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.892] CloseHandle (hObject=0x154) returned 1 [0097.892] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0097.893] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0097.893] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0097.893] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0097.893] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0097.894] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.894] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000119d64 | out: lpMode=0xc000119d64) returned 0 [0097.897] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.899] GetFileType (hFile=0x154) returned 0x1 [0097.899] WriteFile (in: hFile=0x154, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000119d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000119d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.899] CloseHandle (hObject=0x154) returned 1 [0097.899] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.900] SetEvent (hEvent=0x100) returned 1 [0097.900] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.921] SetEvent (hEvent=0x12c) returned 1 [0097.921] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.985] SetEvent (hEvent=0x12c) returned 1 [0097.985] SetEvent (hEvent=0x9c) returned 1 [0097.985] SetEvent (hEvent=0x13c) returned 1 [0097.985] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0097.993] SetEvent (hEvent=0x12c) returned 1 [0097.993] SetEvent (hEvent=0x8c) returned 1 [0097.993] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.003] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.006] SetEvent (hEvent=0x12c) returned 1 [0098.006] SetEvent (hEvent=0x100) returned 1 [0098.006] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.006] VirtualFree (lpAddress=0xc00015c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.007] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.007] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.007] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.007] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.008] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.008] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.008] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.008] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.009] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.009] SetEvent (hEvent=0x8c) returned 1 [0098.009] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.016] SwitchToThread () returned 1 [0098.017] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.019] SetEvent (hEvent=0x13c) returned 1 [0098.019] VirtualFree (lpAddress=0xc000198000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0098.020] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.020] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.020] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.020] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.021] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.021] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.021] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.021] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.022] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.022] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0098.023] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000f5cf4 | out: lpMode=0xc0000f5cf4) returned 0 [0098.029] GetFileType (hFile=0x154) returned 0x1 [0098.029] GetFileType (hFile=0x154) returned 0x1 [0098.029] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc0000f5d44 | out: lpFileInformation=0xc0000f5d44) returned 1 [0098.029] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc0000f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f5d28) returned 1 [0098.029] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0098.029] ReadFile (in: hFile=0x154, lpBuffer=0xc000060000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc0000f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesRead=0xc0000f5c04*=0xb3, lpOverlapped=0x0) returned 1 [0098.031] ReadFile (in: hFile=0x154, lpBuffer=0xc0000600b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000600b3*, lpNumberOfBytesRead=0xc0000f5c04*=0x0, lpOverlapped=0x0) returned 1 [0098.031] CloseHandle (hObject=0x154) returned 1 [0098.031] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0098.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0098.032] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000f5d04 | out: lpMode=0xc0000f5d04) returned 0 [0098.039] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.041] SetEvent (hEvent=0x8c) returned 1 [0098.041] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.133] SetEvent (hEvent=0x100) returned 1 [0098.133] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0098.134] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000143cf4 | out: lpMode=0xc000143cf4) returned 0 [0098.137] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.138] SetEvent (hEvent=0x100) returned 1 [0098.138] GetFileType (hFile=0x154) returned 0x1 [0098.138] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.151] SetEvent (hEvent=0x13c) returned 1 [0098.151] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.152] VirtualFree (lpAddress=0xc000176000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.152] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.153] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.153] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.153] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.153] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.154] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.154] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.154] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.154] SetEvent (hEvent=0x15c) returned 1 [0098.154] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.191] SetEvent (hEvent=0x100) returned 1 [0098.191] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.198] SetEvent (hEvent=0x100) returned 1 [0098.198] SetEvent (hEvent=0x8c) returned 1 [0098.198] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0098.198] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0098.199] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0098.199] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000255cf4 | out: lpMode=0xc000255cf4) returned 0 [0098.200] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.207] SwitchToThread () returned 1 [0098.215] SetEvent (hEvent=0x100) returned 1 [0098.215] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.222] SetEvent (hEvent=0x100) returned 1 [0098.222] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.223] SetEvent (hEvent=0x9c) returned 1 [0098.223] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.225] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.225] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.226] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.226] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.226] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.226] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.227] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0098.227] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0098.227] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00019bcf4 | out: lpMode=0xc00019bcf4) returned 0 [0098.234] GetFileType (hFile=0x154) returned 0x1 [0098.234] GetFileType (hFile=0x154) returned 0x1 [0098.234] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc00019bd44 | out: lpFileInformation=0xc00019bd44) returned 1 [0098.234] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc00019bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00019bd28) returned 1 [0098.235] ReadFile (in: hFile=0x154, lpBuffer=0xc00006e700, nNumberOfBytesToRead=0x31a, lpNumberOfBytesRead=0xc00019bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e700*, lpNumberOfBytesRead=0xc00019bc04*=0x11a, lpOverlapped=0x0) returned 1 [0098.236] ReadFile (in: hFile=0x154, lpBuffer=0xc00006e81a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00019bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e81a*, lpNumberOfBytesRead=0xc00019bc04*=0x0, lpOverlapped=0x0) returned 1 [0098.236] CloseHandle (hObject=0x154) returned 1 [0098.236] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0098.236] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0098.237] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0098.238] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00019bd04 | out: lpMode=0xc00019bd04) returned 0 [0098.244] GetFileType (hFile=0x154) returned 0x1 [0098.244] WriteFile (in: hFile=0x154, lpBuffer=0xc000056240*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc00019bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000056240*, lpNumberOfBytesWritten=0xc00019bcec*=0x120, lpOverlapped=0x0) returned 1 [0098.245] CloseHandle (hObject=0x154) returned 1 [0098.245] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0098.245] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0098.246] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0098.246] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0098.246] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00019bd64 | out: lpMode=0xc00019bd64) returned 0 [0098.251] GetFileType (hFile=0x154) returned 0x1 [0098.251] WriteFile (in: hFile=0x154, lpBuffer=0xc00016a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00019bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a2c0*, lpNumberOfBytesWritten=0xc00019bd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.251] CloseHandle (hObject=0x154) returned 1 [0098.251] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.252] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.269] SetEvent (hEvent=0x15c) returned 1 [0098.269] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.311] SetEvent (hEvent=0x15c) returned 1 [0098.311] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.337] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0098.337] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0098.338] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0098.338] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0098.339] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0098.339] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0098.339] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0098.340] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0098.340] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00010dcf4 | out: lpMode=0xc00010dcf4) returned 0 [0098.353] GetFileType (hFile=0x16c) returned 0x1 [0098.353] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0098.353] GetFileType (hFile=0x16c) returned 0x1 [0098.353] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc00010dd44 | out: lpFileInformation=0xc00010dd44) returned 1 [0098.353] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc00010dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010dd28) returned 1 [0098.353] ReadFile (in: hFile=0x16c, lpBuffer=0xc000194000, nNumberOfBytesToRead=0x2d5, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000194000*, lpNumberOfBytesRead=0xc00010dc04*=0xd5, lpOverlapped=0x0) returned 1 [0098.354] ReadFile (in: hFile=0x16c, lpBuffer=0xc0001940d5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001940d5*, lpNumberOfBytesRead=0xc00010dc04*=0x0, lpOverlapped=0x0) returned 1 [0098.355] CloseHandle (hObject=0x16c) returned 1 [0098.355] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0098.355] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0098.356] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0098.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0098.357] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00010dd04 | out: lpMode=0xc00010dd04) returned 0 [0098.366] GetFileType (hFile=0x16c) returned 0x1 [0098.366] WriteFile (in: hFile=0x16c, lpBuffer=0xc0001b4000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00010dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001b4000*, lpNumberOfBytesWritten=0xc00010dcec*=0xe0, lpOverlapped=0x0) returned 1 [0098.367] CloseHandle (hObject=0x16c) returned 1 [0098.367] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0098.367] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0098.368] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0098.368] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00010dd64 | out: lpMode=0xc00010dd64) returned 0 [0098.369] GetFileType (hFile=0x16c) returned 0x1 [0098.369] WriteFile (in: hFile=0x16c, lpBuffer=0xc000204000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000204000*, lpNumberOfBytesWritten=0xc00010dd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.370] CloseHandle (hObject=0x16c) returned 1 [0098.370] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0098.370] VirtualAlloc (lpAddress=0xc00020a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020a000 [0098.371] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.371] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.372] VirtualFree (lpAddress=0xc000190000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0098.372] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.372] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.373] VirtualFree (lpAddress=0xc00015c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.373] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.373] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.373] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.374] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.374] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.374] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.374] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.375] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.375] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.375] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0098.376] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000277cf4 | out: lpMode=0xc000277cf4) returned 0 [0098.378] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.380] GetFileType (hFile=0x16c) returned 0x1 [0098.380] GetFileType (hFile=0x16c) returned 0x1 [0098.380] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc000277d44 | out: lpFileInformation=0xc000277d44) returned 1 [0098.380] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc000277d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000277d28) returned 1 [0098.380] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0098.381] ReadFile (in: hFile=0x16c, lpBuffer=0xc00007a000, nNumberOfBytesToRead=0x2e0, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesRead=0xc000277c04*=0xe0, lpOverlapped=0x0) returned 1 [0098.382] ReadFile (in: hFile=0x16c, lpBuffer=0xc00007a0e0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a0e0*, lpNumberOfBytesRead=0xc000277c04*=0x0, lpOverlapped=0x0) returned 1 [0098.382] CloseHandle (hObject=0x16c) returned 1 [0098.382] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0098.383] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000277d04 | out: lpMode=0xc000277d04) returned 0 [0098.388] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.388] SetEvent (hEvent=0x100) returned 1 [0098.389] GetFileType (hFile=0x16c) returned 0x1 [0098.389] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.396] SwitchToThread () returned 1 [0098.488] SetEvent (hEvent=0x100) returned 1 [0098.488] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.502] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0098.503] VirtualAlloc (lpAddress=0xc0001b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b8000 [0098.503] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0098.503] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00010fcf4 | out: lpMode=0xc00010fcf4) returned 0 [0098.511] GetFileType (hFile=0x150) returned 0x1 [0098.511] VirtualAlloc (lpAddress=0xc0001ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ba000 [0098.512] GetFileType (hFile=0x150) returned 0x1 [0098.512] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00010fd44 | out: lpFileInformation=0xc00010fd44) returned 1 [0098.512] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00010fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010fd28) returned 1 [0098.512] VirtualAlloc (lpAddress=0xc0001bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001bc000 [0098.512] ReadFile (in: hFile=0x150, lpBuffer=0xc0001bc000, nNumberOfBytesToRead=0x2e6, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001bc000*, lpNumberOfBytesRead=0xc00010fc04*=0xe6, lpOverlapped=0x0) returned 1 [0098.513] ReadFile (in: hFile=0x150, lpBuffer=0xc0001bc0e6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001bc0e6*, lpNumberOfBytesRead=0xc00010fc04*=0x0, lpOverlapped=0x0) returned 1 [0098.513] CloseHandle (hObject=0x150) returned 1 [0098.514] VirtualAlloc (lpAddress=0xc0001be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001be000 [0098.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0098.515] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00010fd04 | out: lpMode=0xc00010fd04) returned 0 [0098.523] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.548] SetEvent (hEvent=0x100) returned 1 [0098.548] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.549] SetEvent (hEvent=0x13c) returned 1 [0098.549] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.672] SetEvent (hEvent=0x13c) returned 1 [0098.672] SetEvent (hEvent=0x8c) returned 1 [0098.672] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.678] SetEvent (hEvent=0x15c) returned 1 [0098.678] SetEvent (hEvent=0x12c) returned 1 [0098.678] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.751] SetEvent (hEvent=0x15c) returned 1 [0098.751] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.820] SetEvent (hEvent=0x12c) returned 1 [0098.820] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.821] SetEvent (hEvent=0x12c) returned 1 [0098.821] SetEvent (hEvent=0x8c) returned 1 [0098.821] VirtualFree (lpAddress=0xc00025c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.821] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.822] VirtualFree (lpAddress=0xc00022c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.822] VirtualFree (lpAddress=0xc0001f4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0098.822] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.823] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.823] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.823] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.823] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.824] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.824] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.824] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842210d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x842237e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.825] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842210d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x842237e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.825] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842210d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x842237e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.825] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x842237e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.825] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.825] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.825] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x842237e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x842237e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3)) returned 1 [0098.825] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84228600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.825] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84228600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.826] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84228600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8422ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.826] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8422ad10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.826] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.826] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.826] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8422ad10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8422ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4)) returned 1 [0098.827] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.829] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84232240, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.830] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.830] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84232240, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.830] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8422fb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84232240, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.830] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84232240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.830] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.830] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.830] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84232240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84232240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4)) returned 1 [0098.830] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.831] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.835] VirtualAlloc (lpAddress=0xc000272000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000272000 [0098.835] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0098.835] SetEvent (hEvent=0x12c) returned 1 [0098.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.835] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.837] SetEvent (hEvent=0x12c) returned 1 [0098.837] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.837] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.930] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.943] VirtualAlloc (lpAddress=0xc0001fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fc000 [0098.943] VirtualAlloc (lpAddress=0xc0001fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fe000 [0098.943] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0098.944] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0098.944] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0098.949] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.952] SetEvent (hEvent=0x13c) returned 1 [0098.952] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.954] SetEvent (hEvent=0x15c) returned 1 [0098.954] SetEvent (hEvent=0x13c) returned 1 [0098.954] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0098.969] SetEvent (hEvent=0x15c) returned 1 [0098.969] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.018] SetEvent (hEvent=0x8c) returned 1 [0099.018] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.019] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.020] SetEvent (hEvent=0x8c) returned 1 [0099.020] SetEvent (hEvent=0x13c) returned 1 [0099.020] VirtualFree (lpAddress=0xc00017c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.020] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.020] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.021] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.021] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.021] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.021] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.022] VirtualFree (lpAddress=0xc000052000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0099.022] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.022] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.025] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0099.026] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001adcf4 | out: lpMode=0xc0001adcf4) returned 0 [0099.027] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.028] GetFileType (hFile=0x144) returned 0x1 [0099.029] GetFileType (hFile=0x144) returned 0x1 [0099.029] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0001add44 | out: lpFileInformation=0xc0001add44) returned 1 [0099.029] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0001add28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001add28) returned 1 [0099.029] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0099.030] ReadFile (in: hFile=0x144, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0x2d56, lpNumberOfBytesRead=0xc0001adc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc0001adc04*=0x2b56, lpOverlapped=0x0) returned 1 [0099.032] ReadFile (in: hFile=0x144, lpBuffer=0xc00006cb56, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001adc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006cb56*, lpNumberOfBytesRead=0xc0001adc04*=0x0, lpOverlapped=0x0) returned 1 [0099.032] CloseHandle (hObject=0x144) returned 1 [0099.032] SwitchToThread () returned 1 [0099.036] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0099.036] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0099.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0099.038] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001add04 | out: lpMode=0xc0001add04) returned 0 [0099.046] GetFileType (hFile=0x128) returned 0x1 [0099.046] WriteFile (in: hFile=0x128, lpBuffer=0xc00006d000*, nNumberOfBytesToWrite=0x2b60, lpNumberOfBytesWritten=0xc0001adcec, lpOverlapped=0x0 | out: lpBuffer=0xc00006d000*, lpNumberOfBytesWritten=0xc0001adcec*=0x2b60, lpOverlapped=0x0) returned 1 [0099.048] CloseHandle (hObject=0x128) returned 1 [0099.048] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0099.048] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0099.049] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0099.049] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0099.049] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0099.049] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0099.050] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0099.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0099.050] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001add64 | out: lpMode=0xc0001add64) returned 0 [0099.066] GetFileType (hFile=0x128) returned 0x1 [0099.066] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001add4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001add4c*=0x158, lpOverlapped=0x0) returned 1 [0099.066] CloseHandle (hObject=0x128) returned 1 [0099.067] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0099.067] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0099.067] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\encry-verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\encry-verified_contents.json"), dwFlags=0x1) returned 1 [0099.068] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.068] SetEvent (hEvent=0x12c) returned 1 [0099.068] SetEvent (hEvent=0x15c) returned 1 [0099.069] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.074] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.074] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.082] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.083] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.083] SetEvent (hEvent=0x8c) returned 1 [0099.083] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.112] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.112] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.112] SetEvent (hEvent=0x9c) returned 1 [0099.112] SetEvent (hEvent=0x15c) returned 1 [0099.113] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.117] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.117] SetEvent (hEvent=0x15c) returned 1 [0099.117] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.120] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.120] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.120] SetEvent (hEvent=0x15c) returned 1 [0099.120] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.127] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.131] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.131] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.131] SetEvent (hEvent=0xc0) returned 1 [0099.131] SetEvent (hEvent=0x8c) returned 1 [0099.131] SetEvent (hEvent=0x13c) returned 1 [0099.132] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.135] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.141] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.141] SetEvent (hEvent=0x13c) returned 1 [0099.141] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.151] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.151] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.152] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.152] SetEvent (hEvent=0xc0) returned 1 [0099.152] SetEvent (hEvent=0x13c) returned 1 [0099.152] SetEvent (hEvent=0x8c) returned 1 [0099.153] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.155] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.160] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.160] SetEvent (hEvent=0x15c) returned 1 [0099.160] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.169] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.169] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.169] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.169] SetEvent (hEvent=0xc0) returned 1 [0099.169] SetEvent (hEvent=0x13c) returned 1 [0099.169] SetEvent (hEvent=0x8c) returned 1 [0099.170] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.174] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.177] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.177] SetEvent (hEvent=0x13c) returned 1 [0099.177] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.182] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.183] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.183] SetEvent (hEvent=0xb8) returned 1 [0099.183] SetEvent (hEvent=0x8c) returned 1 [0099.183] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.186] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.194] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.194] SetEvent (hEvent=0x8c) returned 1 [0099.194] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.201] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.202] GetFileType (hFile=0x144) returned 0x1 [0099.202] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000197d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000197d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.202] CloseHandle (hObject=0x144) returned 1 [0099.202] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0099.202] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0099.203] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0099.203] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\encry-icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\encry-icon_16.png"), dwFlags=0x1) returned 1 [0099.204] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.204] SetEvent (hEvent=0xb8) returned 1 [0099.204] SetEvent (hEvent=0x9c) returned 1 [0099.204] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0099.206] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.216] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.216] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.221] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.221] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.222] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.222] SetEvent (hEvent=0xc0) returned 1 [0099.222] SetEvent (hEvent=0x9c) returned 1 [0099.222] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.231] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0099.232] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0099.232] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0099.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0099.232] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0099.240] GetFileType (hFile=0x16c) returned 0x1 [0099.240] GetFileType (hFile=0x16c) returned 0x1 [0099.240] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0099.240] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0099.240] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0099.241] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0099.241] ReadFile (in: hFile=0x16c, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x2cf, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc00024dc04*=0xcf, lpOverlapped=0x0) returned 1 [0099.242] ReadFile (in: hFile=0x16c, lpBuffer=0xc0000ee0cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee0cf*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0099.242] CloseHandle (hObject=0x16c) returned 1 [0099.243] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0099.243] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0099.243] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0099.244] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0099.244] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0099.245] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00024dd04 | out: lpMode=0xc00024dd04) returned 0 [0099.252] GetFileType (hFile=0x16c) returned 0x1 [0099.252] WriteFile (in: hFile=0x16c, lpBuffer=0xc000036000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc00024dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesWritten=0xc00024dcec*=0xd0, lpOverlapped=0x0) returned 1 [0099.253] CloseHandle (hObject=0x16c) returned 1 [0099.253] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0099.254] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0099.254] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0099.254] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0099.255] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0099.255] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0099.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0099.255] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0099.258] GetFileType (hFile=0x16c) returned 0x1 [0099.259] WriteFile (in: hFile=0x16c, lpBuffer=0xc00005c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00005c2c0*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0099.259] CloseHandle (hObject=0x16c) returned 1 [0099.259] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.261] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.274] SetEvent (hEvent=0xb8) returned 1 [0099.274] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.283] SetEvent (hEvent=0x9c) returned 1 [0099.283] SetEvent (hEvent=0x15c) returned 1 [0099.283] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0099.284] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001bdcf4 | out: lpMode=0xc0001bdcf4) returned 0 [0099.287] GetFileType (hFile=0x150) returned 0x1 [0099.287] GetFileType (hFile=0x150) returned 0x1 [0099.287] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0001bdd44 | out: lpFileInformation=0xc0001bdd44) returned 1 [0099.287] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0001bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bdd28) returned 1 [0099.288] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0099.288] ReadFile (in: hFile=0x150, lpBuffer=0xc000124000, nNumberOfBytesToRead=0x2ff, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesRead=0xc0001bdc04*=0xff, lpOverlapped=0x0) returned 1 [0099.289] ReadFile (in: hFile=0x150, lpBuffer=0xc0001240ff, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001240ff*, lpNumberOfBytesRead=0xc0001bdc04*=0x0, lpOverlapped=0x0) returned 1 [0099.289] CloseHandle (hObject=0x150) returned 1 [0099.289] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.290] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001bdd04 | out: lpMode=0xc0001bdd04) returned 0 [0099.294] GetFileType (hFile=0x150) returned 0x1 [0099.294] WriteFile (in: hFile=0x150, lpBuffer=0xc000000500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc0001bdcec, lpOverlapped=0x0 | out: lpBuffer=0xc000000500*, lpNumberOfBytesWritten=0xc0001bdcec*=0x100, lpOverlapped=0x0) returned 1 [0099.295] CloseHandle (hObject=0x150) returned 1 [0099.295] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0099.295] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0099.296] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.296] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001bdd64 | out: lpMode=0xc0001bdd64) returned 0 [0099.299] GetFileType (hFile=0x150) returned 0x1 [0099.299] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0099.299] CloseHandle (hObject=0x150) returned 1 [0099.299] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.309] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.315] SetEvent (hEvent=0x9c) returned 1 [0099.315] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0099.335] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00023dcf4 | out: lpMode=0xc00023dcf4) returned 0 [0099.337] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.352] SetEvent (hEvent=0xb8) returned 1 [0099.352] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.531] SetEvent (hEvent=0x12c) returned 1 [0099.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0099.532] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000139cf4 | out: lpMode=0xc000139cf4) returned 0 [0099.535] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.536] SetEvent (hEvent=0xc0) returned 1 [0099.536] SetEvent (hEvent=0x12c) returned 1 [0099.536] GetFileType (hFile=0x128) returned 0x1 [0099.536] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.540] SetEvent (hEvent=0xc0) returned 1 [0099.540] SetEvent (hEvent=0x15c) returned 1 [0099.540] GetFileType (hFile=0x128) returned 0x1 [0099.540] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.545] SetEvent (hEvent=0x15c) returned 1 [0099.545] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000139d44 | out: lpFileInformation=0xc000139d44) returned 1 [0099.545] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000139d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000139d28) returned 1 [0099.545] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.545] SetEvent (hEvent=0x15c) returned 1 [0099.545] SetEvent (hEvent=0x12c) returned 1 [0099.545] VirtualFree (lpAddress=0xc0001fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.546] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.546] VirtualFree (lpAddress=0xc000178000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.546] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.546] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.547] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.547] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.547] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.547] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.548] GetFileType (hFile=0x154) returned 0x1 [0099.548] WriteFile (in: hFile=0x154, lpBuffer=0xc0001d0120*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc00018fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001d0120*, lpNumberOfBytesWritten=0xc00018fcec*=0x120, lpOverlapped=0x0) returned 1 [0099.549] CloseHandle (hObject=0x154) returned 1 [0099.549] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0099.549] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0099.550] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0099.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0099.550] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00018fd64 | out: lpMode=0xc00018fd64) returned 0 [0099.554] GetFileType (hFile=0x154) returned 0x1 [0099.554] WriteFile (in: hFile=0x154, lpBuffer=0xc0001d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6580*, lpNumberOfBytesWritten=0xc00018fd4c*=0x158, lpOverlapped=0x0) returned 1 [0099.554] CloseHandle (hObject=0x154) returned 1 [0099.554] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.555] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.556] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.556] SetEvent (hEvent=0xc0) returned 1 [0099.556] SetEvent (hEvent=0x13c) returned 1 [0099.556] SetEvent (hEvent=0xb8) returned 1 [0099.556] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0099.558] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.560] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.567] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.567] SetEvent (hEvent=0x13c) returned 1 [0099.567] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.583] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.583] SetEvent (hEvent=0xb8) returned 1 [0099.583] SetEvent (hEvent=0x100) returned 1 [0099.584] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.590] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.591] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.591] SetEvent (hEvent=0x13c) returned 1 [0099.592] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.622] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.622] SetEvent (hEvent=0xb8) returned 1 [0099.622] SetEvent (hEvent=0x15c) returned 1 [0099.622] SetEvent (hEvent=0x9c) returned 1 [0099.622] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0099.623] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.625] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.625] SetEvent (hEvent=0x15c) returned 1 [0099.625] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.629] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.629] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.630] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.630] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.630] SetEvent (hEvent=0x13c) returned 1 [0099.630] SetEvent (hEvent=0x15c) returned 1 [0099.630] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.632] GetFileType (hFile=0x144) returned 0x1 [0099.633] WriteFile (in: hFile=0x144, lpBuffer=0xc0001e00b0*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0xc00012dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e00b0*, lpNumberOfBytesWritten=0xc00012dcec*=0xb0, lpOverlapped=0x0) returned 1 [0099.634] CloseHandle (hObject=0x144) returned 1 [0099.634] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0099.634] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0099.634] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0099.635] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0099.635] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00012dd64 | out: lpMode=0xc00012dd64) returned 0 [0099.642] GetFileType (hFile=0x144) returned 0x1 [0099.642] WriteFile (in: hFile=0x144, lpBuffer=0xc0001d62c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d62c0*, lpNumberOfBytesWritten=0xc00012dd4c*=0x158, lpOverlapped=0x0) returned 1 [0099.642] CloseHandle (hObject=0x144) returned 1 [0099.642] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.643] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.643] SetEvent (hEvent=0xb8) returned 1 [0099.643] SetEvent (hEvent=0x12c) returned 1 [0099.643] SetEvent (hEvent=0xfc) returned 1 [0099.644] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.648] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.648] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.755] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.755] SetEvent (hEvent=0x15c) returned 1 [0099.755] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.781] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.781] SetEvent (hEvent=0x9c) returned 1 [0099.781] SetEvent (hEvent=0xfc) returned 1 [0099.781] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0099.783] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.788] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.788] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.794] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.794] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.794] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.794] SetEvent (hEvent=0xc0) returned 1 [0099.795] SetEvent (hEvent=0xfc) returned 1 [0099.795] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.805] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.805] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.805] SetEvent (hEvent=0xc0) returned 1 [0099.805] SetEvent (hEvent=0xfc) returned 1 [0099.805] SetEvent (hEvent=0x9c) returned 1 [0099.806] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.809] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.810] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.810] SetEvent (hEvent=0x13c) returned 1 [0099.811] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.813] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.813] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.813] SetEvent (hEvent=0x100) returned 1 [0099.813] SetEvent (hEvent=0xfc) returned 1 [0099.814] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.818] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.820] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.820] SetEvent (hEvent=0x100) returned 1 [0099.820] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.825] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.825] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.825] SetEvent (hEvent=0xc0) returned 1 [0099.825] SetEvent (hEvent=0x100) returned 1 [0099.825] SetEvent (hEvent=0xfc) returned 1 [0099.826] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0099.827] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.829] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.829] SetEvent (hEvent=0xfc) returned 1 [0099.829] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.840] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.841] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.841] SetEvent (hEvent=0x100) returned 1 [0099.841] SetEvent (hEvent=0x15c) returned 1 [0099.842] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.846] SetEvent (hEvent=0x9c) returned 1 [0099.846] SetEvent (hEvent=0x12c) returned 1 [0099.846] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.851] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.852] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.852] SetEvent (hEvent=0x13c) returned 1 [0099.852] SetEvent (hEvent=0x12c) returned 1 [0099.852] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.855] GetFileType (hFile=0x128) returned 0x1 [0099.855] WriteFile (in: hFile=0x128, lpBuffer=0xc000168000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000139cec, lpOverlapped=0x0 | out: lpBuffer=0xc000168000*, lpNumberOfBytesWritten=0xc000139cec*=0xe0, lpOverlapped=0x0) returned 1 [0099.856] CloseHandle (hObject=0x128) returned 1 [0099.856] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0099.857] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0099.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0099.857] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000139d64 | out: lpMode=0xc000139d64) returned 0 [0099.866] GetFileType (hFile=0x128) returned 0x1 [0099.866] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000139d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000139d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.867] CloseHandle (hObject=0x128) returned 1 [0099.867] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.868] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.869] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.870] SetEvent (hEvent=0x13c) returned 1 [0099.870] SetEvent (hEvent=0x9c) returned 1 [0099.870] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0099.872] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.876] SetEvent (hEvent=0x9c) returned 1 [0099.876] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.882] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.882] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.882] SetEvent (hEvent=0x12c) returned 1 [0099.882] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.883] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000153818, lpReserved=0x0 | out: lpBuffer=0xc000102080*, lpNumberOfCharsWritten=0xc000153818*=0x3) returned 1 [0099.885] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.899] SetEvent (hEvent=0x12c) returned 1 [0099.899] SetEvent (hEvent=0xfc) returned 1 [0099.899] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.950] SetEvent (hEvent=0x15c) returned 1 [0099.950] GetFileType (hFile=0xec) returned 0x1 [0099.950] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0xc00023dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00023dcec*=0x150, lpOverlapped=0x0) returned 1 [0099.951] CloseHandle (hObject=0xec) returned 1 [0099.952] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0099.952] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0099.952] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0099.953] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0099.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0099.953] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00023dd64 | out: lpMode=0xc00023dd64) returned 0 [0099.960] GetFileType (hFile=0xec) returned 0x1 [0099.960] WriteFile (in: hFile=0xec, lpBuffer=0xc0001c22c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c22c0*, lpNumberOfBytesWritten=0xc00023dd4c*=0x158, lpOverlapped=0x0) returned 1 [0099.960] CloseHandle (hObject=0xec) returned 1 [0099.960] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.961] SwitchToThread () returned 1 [0099.964] SetEvent (hEvent=0xfc) returned 1 [0099.964] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.966] SetEvent (hEvent=0x15c) returned 1 [0099.966] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.972] SwitchToThread () returned 1 [0099.977] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.979] SetEvent (hEvent=0x12c) returned 1 [0099.979] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.980] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.980] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0099.980] SetEvent (hEvent=0xc0) returned 1 [0099.980] SetEvent (hEvent=0x9c) returned 1 [0099.980] SetEvent (hEvent=0x12c) returned 1 [0099.980] SetEvent (hEvent=0x13c) returned 1 [0099.981] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.984] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0099.984] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.984] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0099.984] SetEvent (hEvent=0xfc) returned 1 [0099.984] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.991] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0099.991] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0099.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0099.992] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000259cf4 | out: lpMode=0xc000259cf4) returned 0 [0100.000] GetFileType (hFile=0xec) returned 0x1 [0100.000] GetFileType (hFile=0xec) returned 0x1 [0100.000] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000259d44 | out: lpFileInformation=0xc000259d44) returned 1 [0100.000] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000259d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000259d28) returned 1 [0100.000] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0100.000] ReadFile (in: hFile=0xec, lpBuffer=0xc000054000, nNumberOfBytesToRead=0x3c2, lpNumberOfBytesRead=0xc000259c04, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesRead=0xc000259c04*=0x1c2, lpOverlapped=0x0) returned 1 [0100.001] ReadFile (in: hFile=0xec, lpBuffer=0xc0000541c2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000259c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000541c2*, lpNumberOfBytesRead=0xc000259c04*=0x0, lpOverlapped=0x0) returned 1 [0100.001] CloseHandle (hObject=0xec) returned 1 [0100.002] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0100.002] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0100.003] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0100.004] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000259d04 | out: lpMode=0xc000259d04) returned 0 [0100.013] GetFileType (hFile=0xec) returned 0x1 [0100.013] WriteFile (in: hFile=0xec, lpBuffer=0xc00005c000*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0xc000259cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesWritten=0xc000259cec*=0x1d0, lpOverlapped=0x0) returned 1 [0100.014] CloseHandle (hObject=0xec) returned 1 [0100.014] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0100.014] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0100.015] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0100.015] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0100.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0100.016] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000259d64 | out: lpMode=0xc000259d64) returned 0 [0100.022] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.032] GetFileType (hFile=0xec) returned 0x1 [0100.032] WriteFile (in: hFile=0xec, lpBuffer=0xc000124000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000259d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesWritten=0xc000259d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.032] CloseHandle (hObject=0xec) returned 1 [0100.032] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.033] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.034] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0100.034] SetEvent (hEvent=0xc0) returned 1 [0100.034] SetEvent (hEvent=0x108) returned 1 [0100.034] SetEvent (hEvent=0x8c) returned 1 [0100.034] SetEvent (hEvent=0x100) returned 1 [0100.035] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.037] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.037] SetEvent (hEvent=0x15c) returned 1 [0100.037] SetEvent (hEvent=0x108) returned 1 [0100.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.038] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.038] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0100.038] SetEvent (hEvent=0xb8) returned 1 [0100.039] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.039] SetEvent (hEvent=0x13c) returned 1 [0100.039] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.045] VirtualFree (lpAddress=0xc0001e0000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0100.046] VirtualFree (lpAddress=0xc0001d6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0100.046] VirtualFree (lpAddress=0xc000166000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0100.046] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.047] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.047] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.047] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.047] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.048] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.048] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.048] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.048] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.048] VirtualFree (lpAddress=0xc00005a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.049] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.049] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.049] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0100.050] GetFileType (hFile=0x148) returned 0x1 [0100.050] GetFileType (hFile=0x148) returned 0x1 [0100.050] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000137d44 | out: lpFileInformation=0xc000137d44) returned 1 [0100.050] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000137d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000137d28) returned 1 [0100.050] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0100.050] ReadFile (in: hFile=0x148, lpBuffer=0xc0000dc000, nNumberOfBytesToRead=0x2c6, lpNumberOfBytesRead=0xc000137c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesRead=0xc000137c04*=0xc6, lpOverlapped=0x0) returned 1 [0100.052] ReadFile (in: hFile=0x148, lpBuffer=0xc0000dc0c6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000137c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc0c6*, lpNumberOfBytesRead=0xc000137c04*=0x0, lpOverlapped=0x0) returned 1 [0100.052] CloseHandle (hObject=0x148) returned 1 [0100.052] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0100.052] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0100.053] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0100.053] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0100.053] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0100.054] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0100.055] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000137d04 | out: lpMode=0xc000137d04) returned 0 [0100.070] GetFileType (hFile=0x148) returned 0x1 [0100.070] WriteFile (in: hFile=0x148, lpBuffer=0xc000036000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc000137cec, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesWritten=0xc000137cec*=0xd0, lpOverlapped=0x0) returned 1 [0100.071] CloseHandle (hObject=0x148) returned 1 [0100.071] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0100.071] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0100.072] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0100.072] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0100.072] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0100.073] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0100.073] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0100.074] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0100.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0100.074] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000137d64 | out: lpMode=0xc000137d64) returned 0 [0100.077] GetFileType (hFile=0x148) returned 0x1 [0100.077] WriteFile (in: hFile=0x148, lpBuffer=0xc000130580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000137d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000130580*, lpNumberOfBytesWritten=0xc000137d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.078] CloseHandle (hObject=0x148) returned 1 [0100.078] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.079] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.090] GetFileType (hFile=0x174) returned 0x1 [0100.090] WriteFile (in: hFile=0x174, lpBuffer=0xc000124000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesWritten=0xc00018bd4c*=0x158, lpOverlapped=0x0) returned 1 [0100.090] CloseHandle (hObject=0x174) returned 1 [0100.091] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0100.091] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.092] WriteFile (in: hFile=0x150, lpBuffer=0xc000124420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000157d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000124420*, lpNumberOfBytesWritten=0xc000157d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.092] CloseHandle (hObject=0x150) returned 1 [0100.092] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.101] SwitchToThread () returned 1 [0100.102] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.105] SetEvent (hEvent=0x13c) returned 1 [0100.105] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.106] SetEvent (hEvent=0x13c) returned 1 [0100.106] SetEvent (hEvent=0x8c) returned 1 [0100.106] SetEvent (hEvent=0x100) returned 1 [0100.106] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.108] SetEvent (hEvent=0x8c) returned 1 [0100.108] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.112] SetEvent (hEvent=0x13c) returned 1 [0100.112] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.165] SetEvent (hEvent=0x8c) returned 1 [0100.165] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.172] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.176] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0100.177] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00014dcf4 | out: lpMode=0xc00014dcf4) returned 0 [0100.180] GetFileType (hFile=0xf4) returned 0x1 [0100.180] GetFileType (hFile=0xf4) returned 0x1 [0100.180] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc00014dd44 | out: lpFileInformation=0xc00014dd44) returned 1 [0100.180] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc00014dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014dd28) returned 1 [0100.180] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0100.181] ReadFile (in: hFile=0xf4, lpBuffer=0xc000060000, nNumberOfBytesToRead=0x2c6, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesRead=0xc00014dc04*=0xc6, lpOverlapped=0x0) returned 1 [0100.182] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000600c6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000600c6*, lpNumberOfBytesRead=0xc00014dc04*=0x0, lpOverlapped=0x0) returned 1 [0100.182] CloseHandle (hObject=0xf4) returned 1 [0100.182] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0100.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0100.183] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00014dd04 | out: lpMode=0xc00014dd04) returned 0 [0100.184] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.185] GetFileType (hFile=0xf4) returned 0x1 [0100.185] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.190] SetEvent (hEvent=0x100) returned 1 [0100.190] WriteFile (in: hFile=0xf4, lpBuffer=0xc00006a000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc00014dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesWritten=0xc00014dcec*=0xd0, lpOverlapped=0x0) returned 1 [0100.191] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.200] SetEvent (hEvent=0x100) returned 1 [0100.200] CloseHandle (hObject=0xf4) returned 1 [0100.200] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0100.200] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0100.201] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00014dd64 | out: lpMode=0xc00014dd64) returned 0 [0100.201] GetFileType (hFile=0xf4) returned 0x1 [0100.201] WriteFile (in: hFile=0xf4, lpBuffer=0xc0001d6000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6000*, lpNumberOfBytesWritten=0xc00014dd4c*=0x158, lpOverlapped=0x0) returned 1 [0100.201] CloseHandle (hObject=0xf4) returned 1 [0100.202] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0100.202] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0100.202] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0100.203] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.204] VirtualFree (lpAddress=0xc0001d2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.204] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.204] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.205] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.205] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.205] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.205] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.206] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.206] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.206] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.206] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.207] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.207] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0100.207] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0100.208] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000049cf4 | out: lpMode=0xc000049cf4) returned 0 [0100.209] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.212] GetFileType (hFile=0xf4) returned 0x1 [0100.212] GetFileType (hFile=0xf4) returned 0x1 [0100.212] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000049d44 | out: lpFileInformation=0xc000049d44) returned 1 [0100.213] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000049d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000049d28) returned 1 [0100.213] ReadFile (in: hFile=0xf4, lpBuffer=0xc00007c2c0, nNumberOfBytesToRead=0x2b2, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c2c0*, lpNumberOfBytesRead=0xc000049c04*=0xb2, lpOverlapped=0x0) returned 1 [0100.214] ReadFile (in: hFile=0xf4, lpBuffer=0xc00007c372, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c372*, lpNumberOfBytesRead=0xc000049c04*=0x0, lpOverlapped=0x0) returned 1 [0100.214] CloseHandle (hObject=0xf4) returned 1 [0100.214] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0100.215] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0100.215] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0100.219] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000049d04 | out: lpMode=0xc000049d04) returned 0 [0100.220] GetFileType (hFile=0xf4) returned 0x1 [0100.220] WriteFile (in: hFile=0xf4, lpBuffer=0xc000040000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000049cec, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesWritten=0xc000049cec*=0xc0, lpOverlapped=0x0) returned 1 [0100.221] CloseHandle (hObject=0xf4) returned 1 [0100.221] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0100.221] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0100.221] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000049d64 | out: lpMode=0xc000049d64) returned 0 [0100.225] GetFileType (hFile=0xf4) returned 0x1 [0100.226] WriteFile (in: hFile=0xf4, lpBuffer=0xc0001d6420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000049d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6420*, lpNumberOfBytesWritten=0xc000049d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.226] CloseHandle (hObject=0xf4) returned 1 [0100.227] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.228] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010488*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a5818, lpReserved=0x0 | out: lpBuffer=0xc000010488*, lpNumberOfCharsWritten=0xc0001a5818*=0x3) returned 1 [0100.230] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.234] SetEvent (hEvent=0x100) returned 1 [0100.234] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0440*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000255818, lpReserved=0x0 | out: lpBuffer=0xc0000a0440*, lpNumberOfCharsWritten=0xc000255818*=0x3) returned 1 [0100.240] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102110*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000133818, lpReserved=0x0 | out: lpBuffer=0xc000102110*, lpNumberOfCharsWritten=0xc000133818*=0x3) returned 1 [0100.253] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010448*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000199818, lpReserved=0x0 | out: lpBuffer=0xc000010448*, lpNumberOfCharsWritten=0xc000199818*=0x3) returned 1 [0100.264] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000104c8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00010d818, lpReserved=0x0 | out: lpBuffer=0xc0000104c8*, lpNumberOfCharsWritten=0xc00010d818*=0x3) returned 1 [0100.366] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.371] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010450*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00019d818, lpReserved=0x0 | out: lpBuffer=0xc000010450*, lpNumberOfCharsWritten=0xc00019d818*=0x3) returned 1 [0100.377] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010456*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a1818, lpReserved=0x0 | out: lpBuffer=0xc000010456*, lpNumberOfCharsWritten=0xc0001a1818*=0x3) returned 1 [0100.379] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.403] SetEvent (hEvent=0x100) returned 1 [0100.403] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010460*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000141818, lpReserved=0x0 | out: lpBuffer=0xc000010460*, lpNumberOfCharsWritten=0xc000141818*=0x3) returned 1 [0100.408] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.411] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.412] VirtualFree (lpAddress=0xc0001ea000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.413] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.413] VirtualFree (lpAddress=0xc0001de000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.413] VirtualFree (lpAddress=0xc0001d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.414] VirtualFree (lpAddress=0xc0001cc000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0100.414] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.414] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100b8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000173818, lpReserved=0x0 | out: lpBuffer=0xc0000100b8*, lpNumberOfCharsWritten=0xc000173818*=0x3) returned 1 [0100.416] SetEvent (hEvent=0x9c) returned 1 [0100.417] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010490*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000b9818, lpReserved=0x0 | out: lpBuffer=0xc000010490*, lpNumberOfCharsWritten=0xc0000b9818*=0x3) returned 1 [0100.423] SetEvent (hEvent=0x9c) returned 1 [0100.423] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010496*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a7818, lpReserved=0x0 | out: lpBuffer=0xc000010496*, lpNumberOfCharsWritten=0xc0001a7818*=0x3) returned 1 [0100.425] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.435] SetEvent (hEvent=0x12c) returned 1 [0100.436] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.438] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102070*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012b818, lpReserved=0x0 | out: lpBuffer=0xc000102070*, lpNumberOfCharsWritten=0xc00012b818*=0x3) returned 1 [0100.440] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102076*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000253818, lpReserved=0x0 | out: lpBuffer=0xc000102076*, lpNumberOfCharsWritten=0xc000253818*=0x3) returned 1 [0100.442] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0100.443] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0100.511] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.523] GetFileType (hFile=0x174) returned 0x1 [0100.523] WriteFile (in: hFile=0x174, lpBuffer=0xc0001d6000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00016fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6000*, lpNumberOfBytesWritten=0xc00016fd4c*=0x158, lpOverlapped=0x0) returned 1 [0100.523] CloseHandle (hObject=0x174) returned 1 [0100.523] VirtualAlloc (lpAddress=0xc0001f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f0000 [0100.524] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0100.524] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.525] GetFileType (hFile=0xec) returned 0x1 [0100.525] WriteFile (in: hFile=0xec, lpBuffer=0xc0001d62c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d62c0*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.526] CloseHandle (hObject=0xec) returned 1 [0100.526] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.527] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0100.527] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0100.528] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0100.528] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0100.529] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000153d04 | out: lpMode=0xc000153d04) returned 0 [0100.538] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.540] GetFileType (hFile=0xec) returned 0x1 [0100.541] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d8000*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0xc000153cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesWritten=0xc000153cec*=0x190, lpOverlapped=0x0) returned 1 [0100.542] CloseHandle (hObject=0xec) returned 1 [0100.542] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0100.542] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0100.542] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000153d64 | out: lpMode=0xc000153d64) returned 0 [0100.543] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.545] GetFileType (hFile=0xec) returned 0x1 [0100.545] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.554] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0100.555] SetEvent (hEvent=0xc0) returned 1 [0100.555] SetEvent (hEvent=0x12c) returned 1 [0100.555] WriteFile (in: hFile=0xec, lpBuffer=0xc0001d6000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000153d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6000*, lpNumberOfBytesWritten=0xc000153d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.555] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.558] SetEvent (hEvent=0x12c) returned 1 [0100.558] CloseHandle (hObject=0xec) returned 1 [0100.558] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0100.559] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0100.559] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.560] SwitchToThread () returned 1 [0100.563] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.568] SetEvent (hEvent=0x100) returned 1 [0100.568] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.569] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0100.569] SetEvent (hEvent=0xc0) returned 1 [0100.569] SetEvent (hEvent=0x100) returned 1 [0100.569] SetEvent (hEvent=0x15c) returned 1 [0100.570] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.575] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.575] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0100.575] SetEvent (hEvent=0x12c) returned 1 [0100.575] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.579] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.580] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0100.580] SetEvent (hEvent=0x100) returned 1 [0100.580] SetEvent (hEvent=0xb8) returned 1 [0100.582] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.586] SetEvent (hEvent=0x15c) returned 1 [0100.586] SetEvent (hEvent=0x9c) returned 1 [0100.586] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.593] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.593] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.594] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0100.594] SetEvent (hEvent=0x9c) returned 1 [0100.594] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.594] GetFileType (hFile=0x170) returned 0x1 [0100.594] GetFileType (hFile=0x170) returned 0x1 [0100.594] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc0000f5d44 | out: lpFileInformation=0xc0000f5d44) returned 1 [0100.594] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc0000f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f5d28) returned 1 [0100.595] ReadFile (in: hFile=0x170, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x2be, lpNumberOfBytesRead=0xc0000f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc0000f5c04*=0xbe, lpOverlapped=0x0) returned 1 [0100.596] ReadFile (in: hFile=0x170, lpBuffer=0xc0001600be, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001600be*, lpNumberOfBytesRead=0xc0000f5c04*=0x0, lpOverlapped=0x0) returned 1 [0100.596] CloseHandle (hObject=0x170) returned 1 [0100.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0100.597] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0000f5d04 | out: lpMode=0xc0000f5d04) returned 0 [0100.600] GetFileType (hFile=0x170) returned 0x1 [0100.600] WriteFile (in: hFile=0x170, lpBuffer=0xc000162000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0000f5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000162000*, lpNumberOfBytesWritten=0xc0000f5cec*=0xc0, lpOverlapped=0x0) returned 1 [0100.601] CloseHandle (hObject=0x170) returned 1 [0100.601] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0100.601] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0100.602] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0100.602] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0100.602] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0000f5d64 | out: lpMode=0xc0000f5d64) returned 0 [0100.613] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.615] GetFileType (hFile=0x170) returned 0x1 [0100.615] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0100.615] WriteFile (in: hFile=0x170, lpBuffer=0xc00006c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesWritten=0xc0000f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.615] CloseHandle (hObject=0x170) returned 1 [0100.615] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.616] SetEvent (hEvent=0x9c) returned 1 [0100.616] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.628] SetEvent (hEvent=0x9c) returned 1 [0100.628] SetEvent (hEvent=0x12c) returned 1 [0100.628] SetEvent (hEvent=0xb8) returned 1 [0100.628] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.658] SetEvent (hEvent=0x9c) returned 1 [0100.658] SetEvent (hEvent=0x12c) returned 1 [0100.658] SetEvent (hEvent=0xb8) returned 1 [0100.658] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.664] SetEvent (hEvent=0x9c) returned 1 [0100.664] SetEvent (hEvent=0x8c) returned 1 [0100.665] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.672] SetEvent (hEvent=0xb8) returned 1 [0100.672] VirtualFree (lpAddress=0xc0001d6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.673] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.673] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.674] VirtualFree (lpAddress=0xc000058000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0100.674] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.674] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.675] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.675] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.675] SetEvent (hEvent=0x12c) returned 1 [0100.675] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.690] SetEvent (hEvent=0xb8) returned 1 [0100.690] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.735] SetEvent (hEvent=0xb8) returned 1 [0100.735] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.749] SetEvent (hEvent=0x12c) returned 1 [0100.749] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.751] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.751] SetEvent (hEvent=0x12c) returned 1 [0100.752] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.752] SetEvent (hEvent=0x12c) returned 1 [0100.752] SetEvent (hEvent=0x9c) returned 1 [0100.752] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.752] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.753] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.753] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0100.753] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.754] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.754] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.754] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.754] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0100.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0100.755] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001d1cf4 | out: lpMode=0xc0001d1cf4) returned 0 [0100.758] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.762] SetEvent (hEvent=0x12c) returned 1 [0100.762] GetFileType (hFile=0x170) returned 0x1 [0100.762] GetFileType (hFile=0x170) returned 0x1 [0100.762] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc0001d1d44 | out: lpFileInformation=0xc0001d1d44) returned 1 [0100.762] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc0001d1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d1d28) returned 1 [0100.762] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0100.762] ReadFile (in: hFile=0x170, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x2b0, lpNumberOfBytesRead=0xc0001d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc0001d1c04*=0xb0, lpOverlapped=0x0) returned 1 [0100.764] ReadFile (in: hFile=0x170, lpBuffer=0xc0000360b0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000360b0*, lpNumberOfBytesRead=0xc0001d1c04*=0x0, lpOverlapped=0x0) returned 1 [0100.764] CloseHandle (hObject=0x170) returned 1 [0100.764] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0100.764] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0100.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0100.766] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001d1d04 | out: lpMode=0xc0001d1d04) returned 0 [0100.767] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.776] GetFileType (hFile=0x170) returned 0x1 [0100.776] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0100.777] WriteFile (in: hFile=0x170, lpBuffer=0xc000040000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0001d1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesWritten=0xc0001d1cec*=0xc0, lpOverlapped=0x0) returned 1 [0100.778] CloseHandle (hObject=0x170) returned 1 [0100.778] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0100.778] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0100.779] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0100.779] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0100.779] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0100.780] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0100.780] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0100.781] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0100.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0100.781] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001d1d64 | out: lpMode=0xc0001d1d64) returned 0 [0100.793] GetFileType (hFile=0x170) returned 0x1 [0100.793] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0100.794] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0100.794] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0100.795] WriteFile (in: hFile=0x170, lpBuffer=0xc00013a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesWritten=0xc0001d1d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.795] CloseHandle (hObject=0x170) returned 1 [0100.795] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0100.795] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_cn\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0100.797] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc00027bcf4 | out: lpMode=0xc00027bcf4) returned 0 [0100.798] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.799] GetFileType (hFile=0x170) returned 0x1 [0100.799] GetFileType (hFile=0x170) returned 0x1 [0100.799] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc00027bd44 | out: lpFileInformation=0xc00027bd44) returned 1 [0100.799] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc00027bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027bd28) returned 1 [0100.799] ReadFile (in: hFile=0x170, lpBuffer=0xc000036580, nNumberOfBytesToRead=0x2aa, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000036580*, lpNumberOfBytesRead=0xc00027bc04*=0xaa, lpOverlapped=0x0) returned 1 [0100.800] ReadFile (in: hFile=0x170, lpBuffer=0xc00003662a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003662a*, lpNumberOfBytesRead=0xc00027bc04*=0x0, lpOverlapped=0x0) returned 1 [0100.800] CloseHandle (hObject=0x170) returned 1 [0100.800] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0100.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0100.802] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc00027bd04 | out: lpMode=0xc00027bd04) returned 0 [0100.803] GetFileType (hFile=0x170) returned 0x1 [0100.803] WriteFile (in: hFile=0x170, lpBuffer=0xc0001440b0*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0xc00027bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001440b0*, lpNumberOfBytesWritten=0xc00027bcec*=0xb0, lpOverlapped=0x0) returned 1 [0100.804] CloseHandle (hObject=0x170) returned 1 [0100.804] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0100.804] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0100.805] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0100.805] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc00027bd64 | out: lpMode=0xc00027bd64) returned 0 [0100.815] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.817] GetFileType (hFile=0x170) returned 0x1 [0100.817] WriteFile (in: hFile=0x170, lpBuffer=0xc000178000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000178000*, lpNumberOfBytesWritten=0xc00027bd4c*=0x158, lpOverlapped=0x0) returned 1 [0100.817] CloseHandle (hObject=0x170) returned 1 [0100.817] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.821] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.845] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.847] SetEvent (hEvent=0xb8) returned 1 [0100.847] SwitchToThread () returned 1 [0100.850] SetEvent (hEvent=0x8c) returned 1 [0100.850] SetEvent (hEvent=0xb8) returned 1 [0100.850] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.852] SetEvent (hEvent=0x8c) returned 1 [0100.852] VirtualFree (lpAddress=0xc000178000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.853] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.853] VirtualFree (lpAddress=0xc00015a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.853] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.853] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.854] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.854] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.854] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.854] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.854] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.855] VirtualFree (lpAddress=0xc0001d4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0100.855] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0100.855] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x356)) returned 1 [0100.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x5b6c)) returned 1 [0100.856] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0100.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5b1)) returned 1 [0100.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xe0)) returned 1 [0100.856] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0100.857] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0100.857] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ab7660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82abeb90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82abeb90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.857] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0100.858] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\*", lpFindFileData=0xc0000751d0 | out: lpFindFileData=0xc0000751d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ab7660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82abeb90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82abeb90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.858] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ab7660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82abeb90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82abeb90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.858] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82651e90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e7880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e7880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.0.0.2_0", cAlternateFileName="100~1.2_0")) returned 1 [0100.858] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.858] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.858] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82651e90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828e7880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828e7880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.861] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.870] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.871] SetEvent (hEvent=0x15c) returned 1 [0100.871] SetEvent (hEvent=0x100) returned 1 [0100.871] SetEvent (hEvent=0x12c) returned 1 [0100.871] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.878] VirtualFree (lpAddress=0xc000158000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.878] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.878] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.878] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.878] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.879] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.879] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.879] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.879] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0100.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0100.880] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0004dbcf4 | out: lpMode=0xc0004dbcf4) returned 0 [0100.887] GetFileType (hFile=0x174) returned 0x1 [0100.887] GetFileType (hFile=0x174) returned 0x1 [0100.887] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0004dbd44 | out: lpFileInformation=0xc0004dbd44) returned 1 [0100.887] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0004dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dbd28) returned 1 [0100.887] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0100.888] ReadFile (in: hFile=0x174, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0x4654, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc0004dbc04*=0x4454, lpOverlapped=0x0) returned 1 [0100.892] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.900] ReadFile (in: hFile=0x174, lpBuffer=0xc0001e6454, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e6454*, lpNumberOfBytesRead=0xc0004dbc04*=0x0, lpOverlapped=0x0) returned 1 [0100.900] CloseHandle (hObject=0x174) returned 1 [0100.900] VirtualAlloc (lpAddress=0xc0001f4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f4000 [0100.901] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.902] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0004dbd04 | out: lpMode=0xc0004dbd04) returned 0 [0100.904] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.906] GetFileType (hFile=0x174) returned 0x1 [0100.906] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.914] WriteFile (in: hFile=0x174, lpBuffer=0xc0001f4000*, nNumberOfBytesToWrite=0x4460, lpNumberOfBytesWritten=0xc0004dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001f4000*, lpNumberOfBytesWritten=0xc0004dbcec*=0x4460, lpOverlapped=0x0) returned 1 [0100.915] CloseHandle (hObject=0x174) returned 1 [0100.915] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0100.915] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0100.916] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.916] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0004dbd64 | out: lpMode=0xc0004dbd64) returned 0 [0100.917] GetFileType (hFile=0x174) returned 0x1 [0100.917] WriteFile (in: hFile=0x174, lpBuffer=0xc000040420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000040420*, lpNumberOfBytesWritten=0xc0004dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0100.918] CloseHandle (hObject=0x174) returned 1 [0100.918] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0100.918] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0100.918] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\encry-verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\encry-verified_contents.json"), dwFlags=0x1) returned 1 [0100.919] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.921] SetEvent (hEvent=0x12c) returned 1 [0100.921] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.921] SetEvent (hEvent=0x12c) returned 1 [0100.921] SetEvent (hEvent=0x8c) returned 1 [0100.921] SetEvent (hEvent=0x15c) returned 1 [0100.922] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.923] SetEvent (hEvent=0x8c) returned 1 [0100.923] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.925] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0100.926] VirtualFree (lpAddress=0xc00015c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.926] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.926] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.926] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.926] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.927] SetEvent (hEvent=0x12c) returned 1 [0100.927] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.959] SetEvent (hEvent=0x9c) returned 1 [0100.959] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0100.960] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0100.960] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0100.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0100.960] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00013dcf4 | out: lpMode=0xc00013dcf4) returned 0 [0100.969] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.971] GetFileType (hFile=0x16c) returned 0x1 [0100.972] GetFileType (hFile=0x16c) returned 0x1 [0100.972] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc00013dd44 | out: lpFileInformation=0xc00013dd44) returned 1 [0100.972] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc00013dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013dd28) returned 1 [0100.972] ReadFile (in: hFile=0x16c, lpBuffer=0xc0000d1500, nNumberOfBytesToRead=0x1303, lpNumberOfBytesRead=0xc00013dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesRead=0xc00013dc04*=0x1103, lpOverlapped=0x0) returned 1 [0100.978] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.979] SetEvent (hEvent=0x8c) returned 1 [0100.979] ReadFile (in: hFile=0x16c, lpBuffer=0xc0000d2603, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d2603*, lpNumberOfBytesRead=0xc00013dc04*=0x0, lpOverlapped=0x0) returned 1 [0100.979] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0100.987] CloseHandle (hObject=0x16c) returned 1 [0100.987] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0100.987] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0100.988] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0100.989] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00013dd04 | out: lpMode=0xc00013dd04) returned 0 [0100.989] GetFileType (hFile=0x16c) returned 0x1 [0100.989] WriteFile (in: hFile=0x16c, lpBuffer=0xc000054000*, nNumberOfBytesToWrite=0x1110, lpNumberOfBytesWritten=0xc00013dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesWritten=0xc00013dcec*=0x1110, lpOverlapped=0x0) returned 1 [0100.990] CloseHandle (hObject=0x16c) returned 1 [0100.991] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0100.991] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0100.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0100.991] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00013dd64 | out: lpMode=0xc00013dd64) returned 0 [0100.992] GetFileType (hFile=0x16c) returned 0x1 [0100.992] WriteFile (in: hFile=0x16c, lpBuffer=0xc00020a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00020a000*, lpNumberOfBytesWritten=0xc00013dd4c*=0x158, lpOverlapped=0x0) returned 1 [0100.992] CloseHandle (hObject=0x16c) returned 1 [0100.992] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\encry-contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\encry-contentscript_bin_prod.js"), dwFlags=0x1) returned 1 [0100.993] VirtualFree (lpAddress=0xc000208000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.993] VirtualFree (lpAddress=0xc000200000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.994] VirtualFree (lpAddress=0xc000158000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.994] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.994] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.994] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.995] VirtualFree (lpAddress=0xc00005c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0100.995] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ac3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826b1200, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.995] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ac3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826b1200, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ac3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826b1200, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826b1200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.996] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826b1200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826b1200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282)) returned 1 [0100.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826bae40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.996] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.996] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826bae40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826bae40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826bae40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.996] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.996] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.997] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826bae40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826bae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2bd)) returned 1 [0100.998] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826c2370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826c7190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.998] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826c2370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826c7190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.998] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826c2370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826c7190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.998] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826c7190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.999] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.999] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\el\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826c7190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826c7190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36b)) returned 1 [0100.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ce6c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d0dd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826d0dd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.999] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.999] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ce6c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d0dd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826d0dd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.999] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ce6c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d0dd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826d0dd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.999] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826d0dd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d34e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.999] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.999] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826d0dd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826d34e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269)) returned 1 [0101.001] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.006] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.009] SetEvent (hEvent=0x12c) returned 1 [0101.010] VirtualFree (lpAddress=0xc00020a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.010] VirtualFree (lpAddress=0xc000206000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.010] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.010] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.010] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.011] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.011] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.011] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.011] VirtualFree (lpAddress=0xc000054000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0101.011] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.012] GetFileType (hFile=0x174) returned 0x1 [0101.012] GetFileType (hFile=0x174) returned 0x1 [0101.012] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0001a1d44 | out: lpFileInformation=0xc0001a1d44) returned 1 [0101.012] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0001a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a1d28) returned 1 [0101.012] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0101.012] ReadFile (in: hFile=0x174, lpBuffer=0xc000040000, nNumberOfBytesToRead=0x7b1, lpNumberOfBytesRead=0xc0001a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesRead=0xc0001a1c04*=0x5b1, lpOverlapped=0x0) returned 1 [0101.021] ReadFile (in: hFile=0x174, lpBuffer=0xc0000405b1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000405b1*, lpNumberOfBytesRead=0xc0001a1c04*=0x0, lpOverlapped=0x0) returned 1 [0101.021] CloseHandle (hObject=0x174) returned 1 [0101.021] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0101.022] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0101.022] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0101.022] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0101.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.023] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001a1d04 | out: lpMode=0xc0001a1d04) returned 0 [0101.032] GetFileType (hFile=0x174) returned 0x1 [0101.032] WriteFile (in: hFile=0x174, lpBuffer=0xc00007c000*, nNumberOfBytesToWrite=0x5c0, lpNumberOfBytesWritten=0xc0001a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesWritten=0xc0001a1cec*=0x5c0, lpOverlapped=0x0) returned 1 [0101.033] CloseHandle (hObject=0x174) returned 1 [0101.033] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.033] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0101.033] VirtualAlloc (lpAddress=0xc0001e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e0000 [0101.033] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0101.034] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0101.034] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0101.034] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0101.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.035] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001a1d64 | out: lpMode=0xc0001a1d64) returned 0 [0101.039] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.050] SetEvent (hEvent=0x15c) returned 1 [0101.050] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.053] SetEvent (hEvent=0x15c) returned 1 [0101.053] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.053] SetEvent (hEvent=0x15c) returned 1 [0101.053] SetEvent (hEvent=0x12c) returned 1 [0101.053] VirtualFree (lpAddress=0xc00020c000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0101.054] VirtualFree (lpAddress=0xc0001e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.054] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.054] VirtualFree (lpAddress=0xc0001d4000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0101.055] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.055] VirtualFree (lpAddress=0xc000178000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0101.055] VirtualFree (lpAddress=0xc000160000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.056] VirtualFree (lpAddress=0xc00015c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.056] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.056] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.057] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.057] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.057] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.058] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.058] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.058] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.058] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.059] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826d8300, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826df830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826df830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.059] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826d8300, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826df830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826df830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.059] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826d8300, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826df830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826df830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.060] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826df830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826e1f40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.060] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.060] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.060] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en_gb\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826df830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826e1f40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269)) returned 1 [0101.060] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826e9470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826ebb80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.060] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.060] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826e9470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826ebb80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.061] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826e9470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826ebb80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.061] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826ebb80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.061] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.061] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.061] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826ebb80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826ebb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b8)) returned 1 [0101.062] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.065] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826f30b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826f7ed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.065] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.065] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826f30b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826f7ed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.065] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826f30b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x826f7ed0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.066] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826f7ed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.066] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.066] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.066] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\es_419\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826f7ed0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x826f7ed0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29b)) returned 1 [0101.066] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ff400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82701b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82701b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.066] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ff400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82701b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82701b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.066] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826ff400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82701b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82701b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.067] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82701b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82704220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x261, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.067] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.067] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.067] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82701b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82704220, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x261)) returned 1 [0101.068] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.071] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0101.071] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0101.072] SetEvent (hEvent=0x15c) returned 1 [0101.072] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82709040, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8270de60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.072] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.073] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82709040, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8270de60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.073] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82709040, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8270de60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.073] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8270de60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.073] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.074] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.074] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8270de60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8270de60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a1)) returned 1 [0101.074] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82715390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82717aa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.074] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82715390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82717aa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.074] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82715390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82717aa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.075] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82717aa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.075] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.075] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.075] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82717aa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82717aa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82aada20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b4)) returned 1 [0101.079] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8271efd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827216e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827216e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.080] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.080] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8271efd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827216e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827216e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.080] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8271efd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827216e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827216e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.080] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827216e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82723df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.080] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.080] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.080] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827216e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82723df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c4)) returned 1 [0101.080] VirtualAlloc (lpAddress=0xc000226000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000226000 [0101.081] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82728c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8272da30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.081] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.082] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82728c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8272da30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.082] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82728c10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8272da30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.082] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8272da30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.082] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.082] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8272da30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8272da30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ad)) returned 1 [0101.091] VirtualAlloc (lpAddress=0xc000228000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000228000 [0101.092] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0101.092] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827412b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827439c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827439c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.092] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.092] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0101.093] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827412b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827439c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827439c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.093] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827412b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827439c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827439c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.093] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827439c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827460d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x279, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.093] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.093] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827439c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827460d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x279)) returned 1 [0101.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8274aef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274d600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8274d600, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.094] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8274aef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274d600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8274d600, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.094] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0101.094] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8274aef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274d600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8274d600, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.095] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8274d600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274fd10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.095] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.095] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.095] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8274d600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8274fd10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab0130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c6)) returned 1 [0101.105] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.109] SetEvent (hEvent=0x12c) returned 1 [0101.109] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.168] SetEvent (hEvent=0x15c) returned 1 [0101.168] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.210] SetEvent (hEvent=0xb8) returned 1 [0101.210] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.211] SetEvent (hEvent=0xb8) returned 1 [0101.211] SetEvent (hEvent=0x100) returned 1 [0101.211] VirtualFree (lpAddress=0xc000262000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.211] VirtualFree (lpAddress=0xc00025a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.211] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.212] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.212] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.212] VirtualFree (lpAddress=0xc00005a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0101.213] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.213] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.213] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.213] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.214] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a05e8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004df818, lpReserved=0x0 | out: lpBuffer=0xc0000a05e8*, lpNumberOfCharsWritten=0xc0004df818*=0x3) returned 1 [0101.216] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.218] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a05f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b5818, lpReserved=0x0 | out: lpBuffer=0xc0000a05f0*, lpNumberOfCharsWritten=0xc0001b5818*=0x3) returned 1 [0101.220] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000195818, lpReserved=0x0 | out: lpBuffer=0xc0000100a0*, lpNumberOfCharsWritten=0xc000195818*=0x3) returned 1 [0101.221] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010180*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000197818, lpReserved=0x0 | out: lpBuffer=0xc000010180*, lpNumberOfCharsWritten=0xc000197818*=0x3) returned 1 [0101.226] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010186*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b1818, lpReserved=0x0 | out: lpBuffer=0xc000010186*, lpNumberOfCharsWritten=0xc0001b1818*=0x3) returned 1 [0101.232] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010200*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001bb818, lpReserved=0x0 | out: lpBuffer=0xc000010200*, lpNumberOfCharsWritten=0xc0001bb818*=0x3) returned 1 [0101.244] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010206*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cb818, lpReserved=0x0 | out: lpBuffer=0xc000010206*, lpNumberOfCharsWritten=0xc0001cb818*=0x3) returned 1 [0101.261] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0101.261] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586436*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc000586436*, lpNumberOfCharsWritten=0xc00024d818*=0x3) returned 1 [0101.267] SetEvent (hEvent=0x9c) returned 1 [0101.267] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586488*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000187818, lpReserved=0x0 | out: lpBuffer=0xc000586488*, lpNumberOfCharsWritten=0xc000187818*=0x3) returned 1 [0101.274] SetEvent (hEvent=0x9c) returned 1 [0101.274] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010240*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b7818, lpReserved=0x0 | out: lpBuffer=0xc000010240*, lpNumberOfCharsWritten=0xc0001b7818*=0x3) returned 1 [0101.275] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.289] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001bd818, lpReserved=0x0 | out: lpBuffer=0xc000102040*, lpNumberOfCharsWritten=0xc0001bd818*=0x3) returned 1 [0101.291] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.294] SetEvent (hEvent=0xb8) returned 1 [0101.294] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.300] SetEvent (hEvent=0x100) returned 1 [0101.300] SwitchToThread () returned 1 [0101.301] SetEvent (hEvent=0x100) returned 1 [0101.301] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.302] SetEvent (hEvent=0x100) returned 1 [0101.302] SetEvent (hEvent=0xb8) returned 1 [0101.302] SetEvent (hEvent=0x8c) returned 1 [0101.302] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.313] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0101.314] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0101.314] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0101.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0101.315] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001adcf4 | out: lpMode=0xc0001adcf4) returned 0 [0101.328] GetFileType (hFile=0xec) returned 0x1 [0101.328] GetFileType (hFile=0xec) returned 0x1 [0101.328] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0001add44 | out: lpFileInformation=0xc0001add44) returned 1 [0101.328] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0001add28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001add28) returned 1 [0101.328] ReadFile (in: hFile=0xec, lpBuffer=0xc0001e0480, nNumberOfBytesToRead=0x469, lpNumberOfBytesRead=0xc0001adc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e0480*, lpNumberOfBytesRead=0xc0001adc04*=0x269, lpOverlapped=0x0) returned 1 [0101.333] ReadFile (in: hFile=0xec, lpBuffer=0xc0001e06e9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001adc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e06e9*, lpNumberOfBytesRead=0xc0001adc04*=0x0, lpOverlapped=0x0) returned 1 [0101.333] CloseHandle (hObject=0xec) returned 1 [0101.334] VirtualAlloc (lpAddress=0xc0001fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fa000 [0101.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.335] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001add04 | out: lpMode=0xc0001add04) returned 0 [0101.342] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.345] GetFileType (hFile=0xec) returned 0x1 [0101.345] WriteFile (in: hFile=0xec, lpBuffer=0xc0001f4000*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xc0001adcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001f4000*, lpNumberOfBytesWritten=0xc0001adcec*=0x270, lpOverlapped=0x0) returned 1 [0101.346] CloseHandle (hObject=0xec) returned 1 [0101.346] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0101.346] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.346] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001add64 | out: lpMode=0xc0001add64) returned 0 [0101.348] GetFileType (hFile=0xec) returned 0x1 [0101.348] WriteFile (in: hFile=0xec, lpBuffer=0xc0001f26e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001add4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001f26e0*, lpNumberOfBytesWritten=0xc0001add4c*=0x158, lpOverlapped=0x0) returned 1 [0101.349] CloseHandle (hObject=0xec) returned 1 [0101.349] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\en\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.350] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.352] SetEvent (hEvent=0x100) returned 1 [0101.352] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.354] SetEvent (hEvent=0x8c) returned 1 [0101.354] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.356] SwitchToThread () returned 1 [0101.357] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.363] SetEvent (hEvent=0x100) returned 1 [0101.363] SetEvent (hEvent=0x15c) returned 1 [0101.363] VirtualFree (lpAddress=0xc000270000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.363] VirtualFree (lpAddress=0xc0001f6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.363] VirtualFree (lpAddress=0xc0001f2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.363] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.364] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0101.364] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0101.365] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001a9cf4 | out: lpMode=0xc0001a9cf4) returned 0 [0101.371] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.374] GetFileType (hFile=0x170) returned 0x1 [0101.374] GetFileType (hFile=0x170) returned 0x1 [0101.374] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc0001a9d44 | out: lpFileInformation=0xc0001a9d44) returned 1 [0101.375] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc0001a9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a9d28) returned 1 [0101.375] ReadFile (in: hFile=0x170, lpBuffer=0xc000272500, nNumberOfBytesToRead=0x49d, lpNumberOfBytesRead=0xc0001a9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000272500*, lpNumberOfBytesRead=0xc0001a9c04*=0x29d, lpOverlapped=0x0) returned 1 [0101.377] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.401] SetEvent (hEvent=0xc0) returned 1 [0101.401] SetEvent (hEvent=0x8c) returned 1 [0101.401] ReadFile (in: hFile=0x170, lpBuffer=0xc00027279d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00027279d*, lpNumberOfBytesRead=0xc0001a9c04*=0x0, lpOverlapped=0x0) returned 1 [0101.401] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.405] SetEvent (hEvent=0x8c) returned 1 [0101.405] CloseHandle (hObject=0x170) returned 1 [0101.405] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.414] SwitchToThread () returned 1 [0101.414] SetEvent (hEvent=0x8c) returned 1 [0101.414] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.414] SetEvent (hEvent=0x8c) returned 1 [0101.414] SetEvent (hEvent=0x12c) returned 1 [0101.414] SetEvent (hEvent=0xb8) returned 1 [0101.414] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.426] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0101.427] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0101.427] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0101.428] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0101.428] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0101.429] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0101.429] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0004dfcf4 | out: lpMode=0xc0004dfcf4) returned 0 [0101.441] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.443] GetFileType (hFile=0x174) returned 0x1 [0101.443] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0101.443] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0101.444] GetFileType (hFile=0x174) returned 0x1 [0101.444] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0004dfd44 | out: lpFileInformation=0xc0004dfd44) returned 1 [0101.444] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0004dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dfd28) returned 1 [0101.444] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0101.445] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0101.445] ReadFile (in: hFile=0x174, lpBuffer=0xc000120000, nNumberOfBytesToRead=0x4bb, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesRead=0xc0004dfc04*=0x2bb, lpOverlapped=0x0) returned 1 [0101.453] ReadFile (in: hFile=0x174, lpBuffer=0xc0001202bb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001202bb*, lpNumberOfBytesRead=0xc0004dfc04*=0x0, lpOverlapped=0x0) returned 1 [0101.453] CloseHandle (hObject=0x174) returned 1 [0101.454] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0101.454] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.455] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0004dfd04 | out: lpMode=0xc0004dfd04) returned 0 [0101.461] GetFileType (hFile=0x174) returned 0x1 [0101.461] WriteFile (in: hFile=0x174, lpBuffer=0xc0001dc000*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0xc0004dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001dc000*, lpNumberOfBytesWritten=0xc0004dfcec*=0x2c0, lpOverlapped=0x0) returned 1 [0101.463] CloseHandle (hObject=0x174) returned 1 [0101.463] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0101.463] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.463] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0004dfd64 | out: lpMode=0xc0004dfd64) returned 0 [0101.473] GetFileType (hFile=0x174) returned 0x1 [0101.474] WriteFile (in: hFile=0x174, lpBuffer=0xc0001dab00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001dab00*, lpNumberOfBytesWritten=0xc0004dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.474] CloseHandle (hObject=0x174) returned 1 [0101.474] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\lv\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.475] VirtualAlloc (lpAddress=0xc0001e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e0000 [0101.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.477] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000229d04 | out: lpMode=0xc000229d04) returned 0 [0101.484] GetFileType (hFile=0x174) returned 0x1 [0101.484] WriteFile (in: hFile=0x174, lpBuffer=0xc0001e0000*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0xc000229cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e0000*, lpNumberOfBytesWritten=0xc000229cec*=0x2d0, lpOverlapped=0x0) returned 1 [0101.486] CloseHandle (hObject=0x174) returned 1 [0101.486] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0101.486] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.486] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0101.487] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0101.487] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0101.488] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0101.488] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0101.489] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.489] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000229d64 | out: lpMode=0xc000229d64) returned 0 [0101.491] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.492] GetFileType (hFile=0x174) returned 0x1 [0101.492] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000229d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000229d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.493] CloseHandle (hObject=0x174) returned 1 [0101.493] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0101.494] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.495] SwitchToThread () returned 1 [0101.593] SwitchToThread () returned 1 [0101.595] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.596] SetEvent (hEvent=0xb8) returned 1 [0101.596] SetEvent (hEvent=0x12c) returned 1 [0101.596] VirtualFree (lpAddress=0xc00027e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.597] VirtualFree (lpAddress=0xc000272000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.597] VirtualFree (lpAddress=0xc0001da000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0101.597] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.598] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.598] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.598] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0101.599] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.599] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.599] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.599] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.600] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.600] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0101.601] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001b1cf4 | out: lpMode=0xc0001b1cf4) returned 0 [0101.601] GetFileType (hFile=0x174) returned 0x1 [0101.601] GetFileType (hFile=0x174) returned 0x1 [0101.601] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0001b1d44 | out: lpFileInformation=0xc0001b1d44) returned 1 [0101.602] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0001b1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b1d28) returned 1 [0101.602] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0101.602] ReadFile (in: hFile=0x174, lpBuffer=0xc000054000, nNumberOfBytesToRead=0x495, lpNumberOfBytesRead=0xc0001b1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesRead=0xc0001b1c04*=0x295, lpOverlapped=0x0) returned 1 [0101.609] ReadFile (in: hFile=0x174, lpBuffer=0xc000054295, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000054295*, lpNumberOfBytesRead=0xc0001b1c04*=0x0, lpOverlapped=0x0) returned 1 [0101.609] CloseHandle (hObject=0x174) returned 1 [0101.609] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0101.609] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.611] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001b1d04 | out: lpMode=0xc0001b1d04) returned 0 [0101.614] GetFileType (hFile=0x174) returned 0x1 [0101.614] WriteFile (in: hFile=0x174, lpBuffer=0xc0000362c0*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xc0001b1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000362c0*, lpNumberOfBytesWritten=0xc0001b1cec*=0x2a0, lpOverlapped=0x0) returned 1 [0101.616] CloseHandle (hObject=0x174) returned 1 [0101.616] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0101.616] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.616] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001b1d64 | out: lpMode=0xc0001b1d64) returned 0 [0101.619] GetFileType (hFile=0x174) returned 0x1 [0101.619] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0001b1d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.620] CloseHandle (hObject=0x174) returned 1 [0101.620] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.621] VirtualFree (lpAddress=0xc0001e0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0101.621] VirtualFree (lpAddress=0xc0001d6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.622] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.622] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.622] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827c7720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cc540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827cc540, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.623] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.623] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827c7720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cc540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827cc540, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.623] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827c7720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cc540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827cc540, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.623] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827cc540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cec50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.623] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.623] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.624] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827cc540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827cec50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30f)) returned 1 [0101.624] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827e4be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e72f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827e72f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.624] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.624] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827e4be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e72f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827e72f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.624] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827e4be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e72f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827e72f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.625] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827e72f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e9a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.625] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.625] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.625] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827e72f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827e9a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29f)) returned 1 [0101.633] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827f5d50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fab70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827fab70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.634] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827f5d50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fab70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827fab70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.634] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827f5d50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fab70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827fab70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.634] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827fab70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fd280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.634] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.634] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.634] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827fab70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827fd280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x282)) returned 1 [0101.635] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0101.635] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828095d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8280e3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8280e3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.636] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828095d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8280e3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8280e3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.636] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x828095d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8280e3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8280e3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.636] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8280e3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82821c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x32c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.636] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.636] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.636] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8280e3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82821c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x32c)) returned 1 [0101.640] VirtualAlloc (lpAddress=0xc0001f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f0000 [0101.641] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8282b8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828306d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828306d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.641] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.641] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8282b8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828306d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828306d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.641] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8282b8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828306d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828306d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.641] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828306d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8283ca20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x289, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.641] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.641] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.641] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828306d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8283ca20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x289)) returned 1 [0101.642] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8284db90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828529b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.642] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8284db90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828529b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.642] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8284db90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x828529b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.642] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828529b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x44b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.642] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.642] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.642] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\th\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x828529b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x828529b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x44b)) returned 1 [0101.648] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.652] SwitchToThread () returned 1 [0101.652] SetEvent (hEvent=0xb8) returned 1 [0101.652] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.653] SetEvent (hEvent=0xb8) returned 1 [0101.653] SetEvent (hEvent=0x12c) returned 1 [0101.653] SetEvent (hEvent=0x8c) returned 1 [0101.653] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.659] GetFileType (hFile=0x170) returned 0x1 [0101.659] GetFileType (hFile=0x170) returned 0x1 [0101.659] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc0001b7d44 | out: lpFileInformation=0xc0001b7d44) returned 1 [0101.660] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc0001b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b7d28) returned 1 [0101.660] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0101.660] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0101.660] ReadFile (in: hFile=0x170, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x482, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc0001b7c04*=0x282, lpOverlapped=0x0) returned 1 [0101.669] ReadFile (in: hFile=0x170, lpBuffer=0xc0000ee282, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee282*, lpNumberOfBytesRead=0xc0001b7c04*=0x0, lpOverlapped=0x0) returned 1 [0101.669] CloseHandle (hObject=0x170) returned 1 [0101.669] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0101.669] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0101.669] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0101.670] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0101.670] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0101.671] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001b7d04 | out: lpMode=0xc0001b7d04) returned 0 [0101.680] GetFileType (hFile=0x170) returned 0x1 [0101.680] WriteFile (in: hFile=0x170, lpBuffer=0xc000124000*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xc0001b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesWritten=0xc0001b7cec*=0x290, lpOverlapped=0x0) returned 1 [0101.681] CloseHandle (hObject=0x170) returned 1 [0101.681] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0101.681] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0101.681] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0101.682] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0101.682] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0101.682] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0101.683] VirtualAlloc (lpAddress=0xc00015e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015e000 [0101.683] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0101.683] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001b7d64 | out: lpMode=0xc0001b7d64) returned 0 [0101.686] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.696] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.697] SetEvent (hEvent=0xb8) returned 1 [0101.697] SetEvent (hEvent=0x9c) returned 1 [0101.697] VirtualFree (lpAddress=0xc0001f2000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0101.697] VirtualFree (lpAddress=0xc0001da000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.697] VirtualFree (lpAddress=0xc0001d6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.698] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.698] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.698] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.698] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.698] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.698] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.699] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.699] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.699] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.699] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.699] VirtualFree (lpAddress=0xc000054000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0101.700] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.700] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.700] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.700] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.700] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0101.701] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00011bcf4 | out: lpMode=0xc00011bcf4) returned 0 [0101.701] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.703] GetFileType (hFile=0x128) returned 0x1 [0101.703] GetFileType (hFile=0x128) returned 0x1 [0101.703] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00011bd44 | out: lpFileInformation=0xc00011bd44) returned 1 [0101.703] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00011bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00011bd28) returned 1 [0101.703] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0101.703] ReadFile (in: hFile=0x128, lpBuffer=0xc0000d8000, nNumberOfBytesToRead=0x49f, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesRead=0xc00011bc04*=0x29f, lpOverlapped=0x0) returned 1 [0101.705] ReadFile (in: hFile=0x128, lpBuffer=0xc0000d829f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d829f*, lpNumberOfBytesRead=0xc00011bc04*=0x0, lpOverlapped=0x0) returned 1 [0101.705] CloseHandle (hObject=0x128) returned 1 [0101.705] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0101.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0101.706] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00011bd04 | out: lpMode=0xc00011bd04) returned 0 [0101.707] GetFileType (hFile=0x128) returned 0x1 [0101.707] WriteFile (in: hFile=0x128, lpBuffer=0xc0000a2000*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xc00011bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesWritten=0xc00011bcec*=0x2a0, lpOverlapped=0x0) returned 1 [0101.708] CloseHandle (hObject=0x128) returned 1 [0101.708] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.708] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0101.708] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00011bd64 | out: lpMode=0xc00011bd64) returned 0 [0101.711] GetFileType (hFile=0x128) returned 0x1 [0101.711] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00011bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00011bd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.711] CloseHandle (hObject=0x128) returned 1 [0101.711] VirtualAlloc (lpAddress=0xc0001e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e0000 [0101.711] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\sk\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.712] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021a8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc0001021a8*, lpNumberOfCharsWritten=0xc000241818*=0x3) returned 1 [0101.713] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.716] SetEvent (hEvent=0xb8) returned 1 [0101.716] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586448*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f7818, lpReserved=0x0 | out: lpBuffer=0xc000586448*, lpNumberOfCharsWritten=0xc0000f7818*=0x3) returned 1 [0101.718] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c1818, lpReserved=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfCharsWritten=0xc0000c1818*=0x3) returned 1 [0101.725] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000257818, lpReserved=0x0 | out: lpBuffer=0xc000102060*, lpNumberOfCharsWritten=0xc000257818*=0x3) returned 1 [0101.728] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.735] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.736] SetEvent (hEvent=0xb8) returned 1 [0101.736] SetEvent (hEvent=0x100) returned 1 [0101.736] VirtualFree (lpAddress=0xc000200000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0101.736] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.737] VirtualFree (lpAddress=0xc00015e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.737] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.737] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b7818, lpReserved=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfCharsWritten=0xc0001b7818*=0x3) returned 1 [0101.741] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.742] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586530*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000155818, lpReserved=0x0 | out: lpBuffer=0xc000586530*, lpNumberOfCharsWritten=0xc000155818*=0x3) returned 1 [0101.743] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.745] SetEvent (hEvent=0xb8) returned 1 [0101.745] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.747] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000129818, lpReserved=0x0 | out: lpBuffer=0xc000102060*, lpNumberOfCharsWritten=0xc000129818*=0x3) returned 1 [0101.749] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102066*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001c7818, lpReserved=0x0 | out: lpBuffer=0xc000102066*, lpNumberOfCharsWritten=0xc0001c7818*=0x3) returned 1 [0101.756] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102090*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001bf818, lpReserved=0x0 | out: lpBuffer=0xc000102090*, lpNumberOfCharsWritten=0xc0001bf818*=0x3) returned 1 [0101.795] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.802] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000102d8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000171818, lpReserved=0x0 | out: lpBuffer=0xc0000102d8*, lpNumberOfCharsWritten=0xc000171818*=0x3) returned 1 [0101.804] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.806] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000115818, lpReserved=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfCharsWritten=0xc000115818*=0x3) returned 1 [0101.813] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000e5818, lpReserved=0x0 | out: lpBuffer=0xc000102006*, lpNumberOfCharsWritten=0xc0000e5818*=0x3) returned 1 [0101.824] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000119818, lpReserved=0x0 | out: lpBuffer=0xc000102040*, lpNumberOfCharsWritten=0xc000119818*=0x3) returned 1 [0101.836] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.854] SetEvent (hEvent=0x12c) returned 1 [0101.854] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.935] SetEvent (hEvent=0x12c) returned 1 [0101.935] SetEvent (hEvent=0x9c) returned 1 [0101.935] SetEvent (hEvent=0xb8) returned 1 [0101.935] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.940] SetEvent (hEvent=0x12c) returned 1 [0101.940] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.949] SetEvent (hEvent=0x12c) returned 1 [0101.949] SetEvent (hEvent=0xb8) returned 1 [0101.949] VirtualFree (lpAddress=0xc000262000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.950] VirtualFree (lpAddress=0xc00025c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.950] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.950] VirtualFree (lpAddress=0xc000162000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0101.951] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.951] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.951] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.951] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.952] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.952] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.952] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000143818, lpReserved=0x0 | out: lpBuffer=0xc000102008*, lpNumberOfCharsWritten=0xc000143818*=0x3) returned 1 [0101.958] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0101.960] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023d818, lpReserved=0x0 | out: lpBuffer=0xc000102080*, lpNumberOfCharsWritten=0xc00023d818*=0x3) returned 1 [0101.969] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004d9818, lpReserved=0x0 | out: lpBuffer=0xc0005861b0*, lpNumberOfCharsWritten=0xc0004d9818*=0x3) returned 1 [0101.975] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0101.975] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000189818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc000189818*=0x3) returned 1 [0101.986] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0102.042] SetEvent (hEvent=0x12c) returned 1 [0102.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0102.042] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000115cf4 | out: lpMode=0xc000115cf4) returned 0 [0102.044] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0102.050] GetFileType (hFile=0x170) returned 0x1 [0102.050] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0102.052] GetFileType (hFile=0x170) returned 0x1 [0102.052] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc000115d44 | out: lpFileInformation=0xc000115d44) returned 1 [0102.052] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc000115d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000115d28) returned 1 [0102.052] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0102.052] ReadFile (in: hFile=0x170, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x52a, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc000115c04*=0x32a, lpOverlapped=0x0) returned 1 [0102.059] ReadFile (in: hFile=0x170, lpBuffer=0xc00016032a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016032a*, lpNumberOfBytesRead=0xc000115c04*=0x0, lpOverlapped=0x0) returned 1 [0102.059] CloseHandle (hObject=0x170) returned 1 [0102.059] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0102.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.060] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000115d04 | out: lpMode=0xc000115d04) returned 0 [0102.068] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0102.125] SetEvent (hEvent=0x12c) returned 1 [0102.125] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0103.407] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x168 [0103.407] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0004dbcf4 | out: lpMode=0xc0004dbcf4) returned 0 [0103.410] GetFileType (hFile=0x168) returned 0x1 [0103.410] GetFileType (hFile=0x168) returned 0x1 [0103.410] GetFileInformationByHandle (in: hFile=0x168, lpFileInformation=0xc0004dbd44 | out: lpFileInformation=0xc0004dbd44) returned 1 [0103.410] GetFileInformationByHandleEx (in: hFile=0x168, FileInformationClass=0x9, lpFileInformation=0xc0004dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dbd28) returned 1 [0103.410] ReadFile (in: hFile=0x168, lpBuffer=0xc000290800, nNumberOfBytesToRead=0x467a, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000290800*, lpNumberOfBytesRead=0xc0004dbc04*=0x447a, lpOverlapped=0x0) returned 1 [0103.467] ReadFile (in: hFile=0x168, lpBuffer=0xc000294c7a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000294c7a*, lpNumberOfBytesRead=0xc0004dbc04*=0x0, lpOverlapped=0x0) returned 1 [0103.467] CloseHandle (hObject=0x168) returned 1 [0103.467] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0103.468] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0103.468] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0103.469] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0004dbd04 | out: lpMode=0xc0004dbd04) returned 0 [0103.482] GetFileType (hFile=0x168) returned 0x1 [0103.482] WriteFile (in: hFile=0x168, lpBuffer=0xc000295000*, nNumberOfBytesToWrite=0x4480, lpNumberOfBytesWritten=0xc0004dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000295000*, lpNumberOfBytesWritten=0xc0004dbcec*=0x4480, lpOverlapped=0x0) returned 1 [0103.483] CloseHandle (hObject=0x168) returned 1 [0103.483] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0103.483] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0103.484] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0103.484] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0103.484] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0103.485] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0103.486] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0103.486] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0004dbd64 | out: lpMode=0xc0004dbd64) returned 0 [0103.499] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0103.605] GetFileType (hFile=0x168) returned 0x1 [0103.605] WriteFile (in: hFile=0x168, lpBuffer=0xc000236c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000236c60*, lpNumberOfBytesWritten=0xc0004dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0103.605] CloseHandle (hObject=0x168) returned 1 [0103.605] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.606] SetEvent (hEvent=0xf4) returned 1 [0103.606] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.554] SetEvent (hEvent=0x164) returned 1 [0104.554] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.563] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0104.564] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\setup.html"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b8 [0104.564] GetConsoleMode (in: hConsoleHandle=0x1b8, lpMode=0xc0000e9cf4 | out: lpMode=0xc0000e9cf4) returned 0 [0104.567] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.643] SetEvent (hEvent=0xf4) returned 1 [0104.643] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.646] SetEvent (hEvent=0x15c) returned 1 [0104.646] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.684] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0104.684] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000215cf4 | out: lpMode=0xc000215cf4) returned 0 [0104.686] GetFileType (hFile=0x150) returned 0x1 [0104.686] GetFileType (hFile=0x150) returned 0x1 [0104.686] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000215d44 | out: lpFileInformation=0xc000215d44) returned 1 [0104.686] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000215d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000215d28) returned 1 [0104.686] ReadFile (in: hFile=0x150, lpBuffer=0xc0003fe000, nNumberOfBytesToRead=0x20200, lpNumberOfBytesRead=0xc000215c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesRead=0xc000215c04*=0x20000, lpOverlapped=0x0) returned 1 [0104.692] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.705] ReadFile (in: hFile=0x150, lpBuffer=0xc00041e000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000215c04, lpOverlapped=0x0 | out: lpBuffer=0xc00041e000*, lpNumberOfBytesRead=0xc000215c04*=0x0, lpOverlapped=0x0) returned 1 [0104.705] CloseHandle (hObject=0x150) returned 1 [0104.705] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x22000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0104.707] VirtualAlloc (lpAddress=0xc0003a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a6000 [0104.707] VirtualAlloc (lpAddress=0xc0003a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a8000 [0104.708] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0104.709] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000215d04 | out: lpMode=0xc000215d04) returned 0 [0104.711] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.721] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.723] SetEvent (hEvent=0xf4) returned 1 [0104.723] SetEvent (hEvent=0x164) returned 1 [0104.723] SetEvent (hEvent=0xfc) returned 1 [0104.723] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.738] SetEvent (hEvent=0x164) returned 1 [0104.738] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.754] SetEvent (hEvent=0xb8) returned 1 [0104.754] SetEvent (hEvent=0x164) returned 1 [0104.754] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.759] SetEvent (hEvent=0xf4) returned 1 [0104.759] SetEvent (hEvent=0xb8) returned 1 [0104.759] SetEvent (hEvent=0x164) returned 1 [0104.759] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.763] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.766] SetEvent (hEvent=0xf4) returned 1 [0104.766] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.766] SetEvent (hEvent=0xf4) returned 1 [0104.766] SetEvent (hEvent=0x164) returned 1 [0104.766] SetEvent (hEvent=0x9c) returned 1 [0104.766] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.768] SetEvent (hEvent=0x164) returned 1 [0104.768] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.770] VirtualFree (lpAddress=0xc000400000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0104.771] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.771] VirtualFree (lpAddress=0xc0003bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.771] VirtualFree (lpAddress=0xc0003b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.771] VirtualFree (lpAddress=0xc0003aa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.772] VirtualFree (lpAddress=0xc00030e000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0104.772] VirtualFree (lpAddress=0xc000306000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.772] VirtualFree (lpAddress=0xc0002f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.772] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.773] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.773] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.773] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.773] SetEvent (hEvent=0xf4) returned 1 [0104.773] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.804] SetEvent (hEvent=0x164) returned 1 [0104.804] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.806] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.810] SetEvent (hEvent=0xf4) returned 1 [0104.810] SetEvent (hEvent=0x108) returned 1 [0104.810] SetEvent (hEvent=0xb8) returned 1 [0104.810] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.822] SetEvent (hEvent=0xf4) returned 1 [0104.822] SetEvent (hEvent=0x9c) returned 1 [0104.822] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.830] SetEvent (hEvent=0xf4) returned 1 [0104.830] SetEvent (hEvent=0x108) returned 1 [0104.830] SetEvent (hEvent=0xfc) returned 1 [0104.830] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0104.999] SetEvent (hEvent=0xfc) returned 1 [0104.999] SetEvent (hEvent=0xb8) returned 1 [0104.999] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.006] SetEvent (hEvent=0xfc) returned 1 [0105.006] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.011] SetEvent (hEvent=0xfc) returned 1 [0105.011] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.012] SetEvent (hEvent=0xfc) returned 1 [0105.012] SetEvent (hEvent=0x108) returned 1 [0105.012] SetEvent (hEvent=0xb8) returned 1 [0105.012] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.020] SwitchToThread () returned 1 [0105.025] SetEvent (hEvent=0xfc) returned 1 [0105.025] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.027] SetEvent (hEvent=0x108) returned 1 [0105.027] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.192] SwitchToThread () returned 1 [0105.196] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.198] SetEvent (hEvent=0x108) returned 1 [0105.198] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.199] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0105.199] SetEvent (hEvent=0x9c) returned 1 [0105.199] SetEvent (hEvent=0x108) returned 1 [0105.199] SetEvent (hEvent=0xb8) returned 1 [0105.200] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.205] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.205] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.205] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0105.205] SetEvent (hEvent=0xb8) returned 1 [0105.205] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.209] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0105.209] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0105.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x184 [0105.210] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc000143cf4 | out: lpMode=0xc000143cf4) returned 0 [0105.219] GetFileType (hFile=0x184) returned 0x1 [0105.219] GetFileType (hFile=0x184) returned 0x1 [0105.219] GetFileInformationByHandle (in: hFile=0x184, lpFileInformation=0xc000143d44 | out: lpFileInformation=0xc000143d44) returned 1 [0105.220] GetFileInformationByHandleEx (in: hFile=0x184, FileInformationClass=0x9, lpFileInformation=0xc000143d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000143d28) returned 1 [0105.220] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0105.220] ReadFile (in: hFile=0x184, lpBuffer=0xc0000be000, nNumberOfBytesToRead=0x1c9d, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesRead=0xc000143c04*=0x1a9d, lpOverlapped=0x0) returned 1 [0105.230] ReadFile (in: hFile=0x184, lpBuffer=0xc0000bfa9d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000bfa9d*, lpNumberOfBytesRead=0xc000143c04*=0x0, lpOverlapped=0x0) returned 1 [0105.230] CloseHandle (hObject=0x184) returned 1 [0105.230] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0105.230] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0105.231] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0105.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0105.233] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc000143d04 | out: lpMode=0xc000143d04) returned 0 [0105.245] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.248] GetFileType (hFile=0x184) returned 0x1 [0105.248] WriteFile (in: hFile=0x184, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x1aa0, lpNumberOfBytesWritten=0xc000143cec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc000143cec*=0x1aa0, lpOverlapped=0x0) returned 1 [0105.249] CloseHandle (hObject=0x184) returned 1 [0105.250] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0105.250] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0105.250] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0105.250] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0105.251] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0105.251] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc000143d64 | out: lpMode=0xc000143d64) returned 0 [0105.253] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.261] GetFileType (hFile=0x184) returned 0x1 [0105.262] WriteFile (in: hFile=0x184, lpBuffer=0xc00016a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000143d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesWritten=0xc000143d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.262] CloseHandle (hObject=0x184) returned 1 [0105.262] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0105.262] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\preferences"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-preferences"), dwFlags=0x1) returned 1 [0105.277] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.280] SetEvent (hEvent=0xfc) returned 1 [0105.280] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.299] SetEvent (hEvent=0x108) returned 1 [0105.299] SetEvent (hEvent=0x9c) returned 1 [0105.299] SetEvent (hEvent=0xfc) returned 1 [0105.299] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.304] SetEvent (hEvent=0xb8) returned 1 [0105.304] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.309] SetEvent (hEvent=0x9c) returned 1 [0105.309] VirtualFree (lpAddress=0xc0003f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.309] VirtualFree (lpAddress=0xc00037e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.310] VirtualFree (lpAddress=0xc00037a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.310] VirtualFree (lpAddress=0xc000300000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0105.311] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0105.311] VirtualFree (lpAddress=0xc0002dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.311] VirtualFree (lpAddress=0xc000266000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.311] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.312] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.313] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.313] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.313] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.313] SetEvent (hEvent=0xb8) returned 1 [0105.314] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.328] SetEvent (hEvent=0x9c) returned 1 [0105.329] SetEvent (hEvent=0xf4) returned 1 [0105.329] SetEvent (hEvent=0xb8) returned 1 [0105.329] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.330] SetEvent (hEvent=0x108) returned 1 [0105.330] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.334] SetEvent (hEvent=0xfc) returned 1 [0105.335] VirtualFree (lpAddress=0xc0002f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.335] VirtualFree (lpAddress=0xc0002ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.335] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.335] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.336] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.336] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.336] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.336] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.337] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.337] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80916060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0105.337] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x804795c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0105.337] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0105.337] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9ab9e110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0105.337] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0105.337] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.337] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.338] VirtualAlloc (lpAddress=0xc0002f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f4000 [0105.338] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0105.339] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80916060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.341] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\current"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x804795c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0105.341] VirtualAlloc (lpAddress=0xc0002f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f8000 [0105.341] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0105.342] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lock"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.342] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9ab9e110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa7)) returned 1 [0105.342] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0105.343] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29)) returned 1 [0105.343] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0105.343] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0105.344] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f8dea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f8dea80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8129b860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0105.344] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0105.345] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0105.345] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db-journal"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x804795c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x804795c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x812c19c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.345] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\evwhitelist"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\evwhitelist"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.351] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0105.351] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.351] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.351] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.351] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.352] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\filetypepolicies"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.352] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\filetypepolicies"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.352] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.352] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.352] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.352] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.352] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\first run"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f8b8920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f8b8920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f8b8920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.352] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\local state"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85749110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c0bcce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0bf3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1082a)) returned 1 [0105.353] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\origintrials"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\origintrials"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.353] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.353] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.353] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.353] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.353] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\pepperflash"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\pepperflash"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.353] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.354] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.354] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.354] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.354] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\sslerrorassistant"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\sslerrorassistant"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.354] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.354] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.354] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.354] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.354] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97f6e8b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1400)) returned 1 [0105.355] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0105.355] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids-journal"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97f94a10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.355] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8582d950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8582d950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00)) returned 1 [0105.356] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies-journal"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8582d950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8582d950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.356] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\swreporter"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\swreporter"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.356] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.356] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.356] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.356] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.357] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\widevinecdm"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.357] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\widevinecdm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.357] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.357] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0105.358] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.358] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.358] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.358] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\pnacl"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\pnacl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.358] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.358] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.358] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.358] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.359] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\crashreports"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.359] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\crashreports"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.359] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\CrashReports\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.359] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b0b7d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6b0b7d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6b0b7d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.359] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.359] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.359] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history"), fInfoLevelId=0x0, lpFileInformation=0xc000075850 | out: lpFileInformation=0xc000075850*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x1c4 [0105.360] GetFileInformationByHandle (in: hFile=0x1c4, lpFileInformation=0xc0000757a4 | out: lpFileInformation=0xc0000757a4) returned 1 [0105.360] GetFileInformationByHandleEx (in: hFile=0x1c4, FileInformationClass=0x9, lpFileInformation=0xc000075788, dwBufferSize=0x8 | out: lpFileInformation=0xc000075788) returned 1 [0105.360] CloseHandle (hObject=0x1c4) returned 1 [0105.360] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0105.361] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), fInfoLevelId=0x0, lpFileInformation=0xc000075850 | out: lpFileInformation=0xc000075850*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8de8eaa0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x126da7)) returned 1 [0105.361] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft"), fInfoLevelId=0x0, lpFileInformation=0xc000075850 | out: lpFileInformation=0xc000075850*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x962f4540, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x962f4540, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0105.361] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.361] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\*", lpFindFileData=0xc000075608 | out: lpFindFileData=0xc000075608*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x962f4540, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x962f4540, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.361] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x962f4540, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x962f4540, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.361] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0105.361] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x32121370, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x32121370, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x32121370, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Event Viewer", cAlternateFileName="EVENTV~1")) returned 1 [0105.361] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds", cAlternateFileName="")) returned 1 [0105.361] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Feeds Cache", cAlternateFileName="FEEDSC~1")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d1d6940, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FORMS", cAlternateFileName="")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd754c00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd754c00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd754c00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IME12", cAlternateFileName="")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP12", cAlternateFileName="")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP8_1", cAlternateFileName="")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP9_0", cAlternateFileName="")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media Player", cAlternateFileName="MEDIAP~1")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4bb72310, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb72310, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3dc40980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8ae80e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8ae80e80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb4c1b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Publisher", cAlternateFileName="PUBLIS~1")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3abef650, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x3abef650, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x3abef650, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskSchedulerConfig", cAlternateFileName="TASKSC~1")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x962f4540, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x5ef99320, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0x5ef99320, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Visio", cAlternateFileName="")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d1fc80, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c881c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Mail", cAlternateFileName="WINDOW~3")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media", cAlternateFileName="WINDOW~2")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Sidebar", cAlternateFileName="WINDOW~1")) returned 1 [0105.362] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.362] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.362] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\credentials"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.362] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\credentials"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.363] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Credentials\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.363] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.363] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.363] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.363] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\event viewer"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x32121370, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x32121370, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x32121370, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.370] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\event viewer"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.380] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Event Viewer\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x32121370, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x32121370, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x32121370, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.380] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x32121370, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x32121370, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x32121370, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.380] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.380] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.380] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d1d6940, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.381] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.381] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d1d6940, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.381] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d1d6940, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.381] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d757c20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x3c0dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="FRMCACHE.DAT", cAlternateFileName="")) returned 1 [0105.381] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.381] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.381] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3d1d6940, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3d1d6940, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3d757c20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x3c0dc)) returned 1 [0105.385] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.390] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.398] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.418] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.616] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.616] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x6e0227e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="FeedsStore.feedsdb-ms", cAlternateFileName="FEEDSS~1.FEE")) returned 1 [0105.616] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Feeds~", cAlternateFileName="MICROS~1")) returned 1 [0105.616] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~", cAlternateFileName="{5588A~1")) returned 1 [0105.616] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.616] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0105.617] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.618] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0105.618] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0105.619] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x6e0227e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a00)) returned 1 [0105.630] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.645] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.646] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\*", lpFindFileData=0xc000075458 | out: lpFindFileData=0xc000075458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.655] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.660] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee3456d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.660] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.671] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeaa2466, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft at Home~.feed-ms", cAlternateFileName="MICROS~2.FEE")) returned 1 [0105.671] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft at Work~.feed-ms", cAlternateFileName="MICROS~1.FEE")) returned 1 [0105.671] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News~.feed-ms", cAlternateFileName="MSNBCN~1.FEE")) returned 1 [0105.671] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.671] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.672] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0105.672] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0105.673] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000)) returned 1 [0105.674] SetEvent (hEvent=0x9c) returned 1 [0105.674] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeaa2466, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000)) returned 1 [0105.674] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Work~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at work~.feed-ms"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000)) returned 1 [0105.675] VirtualAlloc (lpAddress=0xc0002da000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002da000 [0105.676] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.676] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\*", lpFindFileData=0xc000075458 | out: lpFindFileData=0xc000075458*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.676] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0105.677] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff0498b1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.677] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d69eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WebSlices~", cAlternateFileName="WEBSLI~1")) returned 1 [0105.677] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.677] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.677] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d69eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.677] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.677] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d69eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.678] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d69eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.678] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52d69eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6e0227e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Suggested Sites~.feed-ms", cAlternateFileName="SUGGES~1.FEE")) returned 1 [0105.678] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery~.feed-ms", cAlternateFileName="WEBSLI~1.FEE")) returned 1 [0105.678] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.678] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.678] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Suggested Sites~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\suggested sites~.feed-ms"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52d69eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52d69eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6e0227e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0105.680] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.687] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\WebSlices~\\Web Slice Gallery~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\webslices~\\web slice gallery~.feed-ms"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x7000)) returned 1 [0105.693] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.696] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.700] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0105.700] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0105.701] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.701] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.706] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.714] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.714] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1NBUR4HR", cAlternateFileName="")) returned 1 [0105.714] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6ASVN7J7", cAlternateFileName="")) returned 1 [0105.714] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="D68G7BIJ", cAlternateFileName="")) returned 1 [0105.714] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0105.714] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2bc126f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0105.714] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KQMHSVKD", cAlternateFileName="")) returned 1 [0105.714] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.715] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.715] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.717] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.717] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\*", lpFindFileData=0xc000075458 | out: lpFindFileData=0xc000075458*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.717] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.717] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0105.717] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0105.717] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.717] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.717] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0105.717] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\fwlink[1]"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfedc214c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.718] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.718] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0105.718] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\*", lpFindFileData=0xc000075458 | out: lpFindFileData=0xc000075458*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0105.718] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0105.718] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0105.718] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0105.718] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0105.718] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0105.718] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0105.719] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfee8082e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0105.721] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.736] SwitchToThread () returned 1 [0105.741] SetEvent (hEvent=0xf4) returned 1 [0105.741] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.742] SetEvent (hEvent=0xf4) returned 1 [0105.742] SetEvent (hEvent=0x164) returned 1 [0105.742] SetEvent (hEvent=0x114) returned 1 [0105.742] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.745] VirtualFree (lpAddress=0xc000316000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0105.746] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x22000, dwFreeType=0x4000) returned 1 [0105.747] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.747] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.747] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.747] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.748] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.748] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0105.748] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0105.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0105.749] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000229cf4 | out: lpMode=0xc000229cf4) returned 0 [0105.757] GetFileType (hFile=0x150) returned 0x1 [0105.757] GetFileType (hFile=0x150) returned 0x1 [0105.758] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000229d44 | out: lpFileInformation=0xc000229d44) returned 1 [0105.758] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000229d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000229d28) returned 1 [0105.758] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x48000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0105.758] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x48000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0105.758] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0105.758] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0105.758] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0105.758] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0105.758] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0105.759] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x46000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0105.765] ReadFile (in: hFile=0x150, lpBuffer=0xc0003fe000, nNumberOfBytesToRead=0x46239, lpNumberOfBytesRead=0xc000229c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesRead=0xc000229c04*=0x46039, lpOverlapped=0x0) returned 1 [0105.771] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.783] SetEvent (hEvent=0xc0) returned 1 [0105.783] ReadFile (in: hFile=0x150, lpBuffer=0xc000444039, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000229c04, lpOverlapped=0x0 | out: lpBuffer=0xc000444039*, lpNumberOfBytesRead=0xc000229c04*=0x0, lpOverlapped=0x0) returned 1 [0105.783] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.792] CloseHandle (hObject=0x150) returned 1 [0105.792] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0105.793] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0105.793] VirtualAlloc (lpAddress=0xc000446000, dwSize=0x48000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000446000 [0105.798] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0105.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0105.802] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000229d04 | out: lpMode=0xc000229d04) returned 0 [0105.810] GetFileType (hFile=0x150) returned 0x1 [0105.810] WriteFile (in: hFile=0x150, lpBuffer=0xc000446000*, nNumberOfBytesToWrite=0x46040, lpNumberOfBytesWritten=0xc000229cec, lpOverlapped=0x0 | out: lpBuffer=0xc000446000*, lpNumberOfBytesWritten=0xc000229cec*=0x46040, lpOverlapped=0x0) returned 1 [0105.817] CloseHandle (hObject=0x150) returned 1 [0105.817] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0105.817] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0105.818] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0105.818] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0105.818] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0105.818] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0105.819] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0105.819] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000229d64 | out: lpMode=0xc000229d64) returned 0 [0105.822] GetFileType (hFile=0x150) returned 0x1 [0105.822] WriteFile (in: hFile=0x150, lpBuffer=0xc0000ce6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000229d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce6e0*, lpNumberOfBytesWritten=0xc000229d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.822] CloseHandle (hObject=0x150) returned 1 [0105.822] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0105.822] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0105.823] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\material_css_min.css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-material_css_min.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-material_css_min.css"), dwFlags=0x1) returned 1 [0105.824] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.837] SetEvent (hEvent=0xf4) returned 1 [0105.837] SetEvent (hEvent=0x9c) returned 1 [0105.837] SwitchToThread () returned 1 [0105.839] SetEvent (hEvent=0xf4) returned 1 [0105.839] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.852] SetEvent (hEvent=0xf4) returned 1 [0105.852] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.855] SetEvent (hEvent=0xf4) returned 1 [0105.855] SetEvent (hEvent=0x164) returned 1 [0105.855] SetEvent (hEvent=0x9c) returned 1 [0105.856] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.860] SwitchToThread () returned 1 [0105.864] SetEvent (hEvent=0xf4) returned 1 [0105.864] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.865] SetEvent (hEvent=0xf4) returned 1 [0105.865] SetEvent (hEvent=0x164) returned 1 [0105.865] SetEvent (hEvent=0x9c) returned 1 [0105.865] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.872] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.873] SetEvent (hEvent=0xf4) returned 1 [0105.873] SetEvent (hEvent=0x164) returned 1 [0105.873] VirtualFree (lpAddress=0xc00033c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.874] VirtualFree (lpAddress=0xc000332000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0105.874] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0105.874] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.874] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.875] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.875] SetEvent (hEvent=0x108) returned 1 [0105.875] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.877] SwitchToThread () returned 1 [0105.961] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0105.966] SetEvent (hEvent=0x108) returned 1 [0105.966] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0105.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0105.967] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000149cf4 | out: lpMode=0xc000149cf4) returned 0 [0105.972] GetFileType (hFile=0x1bc) returned 0x1 [0105.973] GetFileType (hFile=0x1bc) returned 0x1 [0105.973] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000149d44 | out: lpFileInformation=0xc000149d44) returned 1 [0105.973] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000149d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000149d28) returned 1 [0105.973] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00007e480, nNumberOfBytesToRead=0x210, lpNumberOfBytesRead=0xc000149c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e480*, lpNumberOfBytesRead=0xc000149c04*=0x10, lpOverlapped=0x0) returned 1 [0105.974] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00007e490, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000149c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e490*, lpNumberOfBytesRead=0xc000149c04*=0x0, lpOverlapped=0x0) returned 1 [0105.974] CloseHandle (hObject=0x1bc) returned 1 [0105.974] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0105.975] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0105.975] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0105.976] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000149d04 | out: lpMode=0xc000149d04) returned 0 [0105.981] GetFileType (hFile=0x1bc) returned 0x1 [0105.981] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0003fc040*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xc000149cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003fc040*, lpNumberOfBytesWritten=0xc000149cec*=0x20, lpOverlapped=0x0) returned 1 [0105.983] CloseHandle (hObject=0x1bc) returned 1 [0105.983] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0105.983] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0105.984] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0105.984] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000149d64 | out: lpMode=0xc000149d64) returned 0 [0105.986] GetFileType (hFile=0x1bc) returned 0x1 [0105.986] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000056420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000149d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000056420*, lpNumberOfBytesWritten=0xc000149d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.986] CloseHandle (hObject=0x1bc) returned 1 [0105.986] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0105.987] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\current"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\encry-CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\encry-current"), dwFlags=0x1) returned 1 [0105.988] SwitchToThread () returned 1 [0106.093] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.096] SetEvent (hEvent=0x9c) returned 1 [0106.096] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.097] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.097] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.097] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.097] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.098] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.098] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.098] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.099] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0106.099] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0106.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0106.100] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001efcf4 | out: lpMode=0xc0001efcf4) returned 0 [0106.103] GetFileType (hFile=0x1bc) returned 0x1 [0106.103] GetFileType (hFile=0x1bc) returned 0x1 [0106.103] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0001efd44 | out: lpFileInformation=0xc0001efd44) returned 1 [0106.103] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0001efd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001efd28) returned 1 [0106.103] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0106.104] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00021a000, nNumberOfBytesToRead=0x8d43, lpNumberOfBytesRead=0xc0001efc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021a000*, lpNumberOfBytesRead=0xc0001efc04*=0x8b43, lpOverlapped=0x0) returned 1 [0106.107] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000222b43, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001efc04, lpOverlapped=0x0 | out: lpBuffer=0xc000222b43*, lpNumberOfBytesRead=0xc0001efc04*=0x0, lpOverlapped=0x0) returned 1 [0106.107] CloseHandle (hObject=0x1bc) returned 1 [0106.107] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0106.107] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0106.109] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0106.110] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001efd04 | out: lpMode=0xc0001efd04) returned 0 [0106.115] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.116] GetFileType (hFile=0x1bc) returned 0x1 [0106.116] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x8b50, lpNumberOfBytesWritten=0xc0001efcec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc0001efcec*=0x8b50, lpOverlapped=0x0) returned 1 [0106.118] CloseHandle (hObject=0x1bc) returned 1 [0106.118] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0106.118] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0106.119] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0106.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\secure preferences"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0106.120] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001efd64 | out: lpMode=0xc0001efd64) returned 0 [0106.121] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.123] GetFileType (hFile=0x1bc) returned 0x1 [0106.123] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.129] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.143] SetEvent (hEvent=0xf4) returned 1 [0106.143] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.146] SetEvent (hEvent=0x164) returned 1 [0106.146] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.217] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.235] SetEvent (hEvent=0xf4) returned 1 [0106.235] SetEvent (hEvent=0x164) returned 1 [0106.235] SwitchToThread () returned 1 [0106.237] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0106.238] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0106.239] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0106.239] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000265cf4 | out: lpMode=0xc000265cf4) returned 0 [0106.246] GetFileType (hFile=0xec) returned 0x1 [0106.247] GetFileType (hFile=0xec) returned 0x1 [0106.247] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000265d44 | out: lpFileInformation=0xc000265d44) returned 1 [0106.247] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000265d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000265d28) returned 1 [0106.247] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0106.247] ReadFile (in: hFile=0xec, lpBuffer=0xc0000dc000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000265c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesRead=0xc000265c04*=0x0, lpOverlapped=0x0) returned 1 [0106.247] CloseHandle (hObject=0xec) returned 1 [0106.247] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0106.248] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies-journal"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0106.248] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000265d04 | out: lpMode=0xc000265d04) returned 0 [0106.253] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.257] SetEvent (hEvent=0xf4) returned 1 [0106.257] GetFileType (hFile=0xec) returned 0x1 [0106.257] WriteFile (in: hFile=0xec, lpBuffer=0xc0000a0480*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000265cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a0480*, lpNumberOfBytesWritten=0xc000265cec*=0x10, lpOverlapped=0x0) returned 1 [0106.258] CloseHandle (hObject=0xec) returned 1 [0106.258] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0106.258] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0106.258] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0106.259] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies-journal"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0106.259] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000265d64 | out: lpMode=0xc000265d64) returned 0 [0106.277] GetFileType (hFile=0xec) returned 0x1 [0106.277] WriteFile (in: hFile=0xec, lpBuffer=0xc000076000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000265d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000076000*, lpNumberOfBytesWritten=0xc000265d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.277] CloseHandle (hObject=0xec) returned 1 [0106.277] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\encry-Safe Browsing Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\encry-safe browsing cookies-journal"), dwFlags=0x1) returned 1 [0106.278] SwitchToThread () returned 1 [0106.279] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.281] SetEvent (hEvent=0xf4) returned 1 [0106.281] SwitchToThread () returned 1 [0106.284] SetEvent (hEvent=0x108) returned 1 [0106.284] SetEvent (hEvent=0xf4) returned 1 [0106.284] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.298] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0106.298] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0106.299] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0106.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x194 [0106.299] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0000ebcf4 | out: lpMode=0xc0000ebcf4) returned 0 [0106.305] GetFileType (hFile=0x194) returned 0x1 [0106.305] GetFileType (hFile=0x194) returned 0x1 [0106.305] GetFileInformationByHandle (in: hFile=0x194, lpFileInformation=0xc0000ebd44 | out: lpFileInformation=0xc0000ebd44) returned 1 [0106.306] GetFileInformationByHandleEx (in: hFile=0x194, FileInformationClass=0x9, lpFileInformation=0xc0000ebd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000ebd28) returned 1 [0106.306] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x3e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0106.310] ReadFile (in: hFile=0x194, lpBuffer=0xc0002e2000, nNumberOfBytesToRead=0x3c2dc, lpNumberOfBytesRead=0xc0000ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesRead=0xc0000ebc04*=0x3c0dc, lpOverlapped=0x0) returned 1 [0106.316] ReadFile (in: hFile=0x194, lpBuffer=0xc00031e0dc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc00031e0dc*, lpNumberOfBytesRead=0xc0000ebc04*=0x0, lpOverlapped=0x0) returned 1 [0106.316] CloseHandle (hObject=0x194) returned 1 [0106.316] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0106.316] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x3e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.316] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x3e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.317] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x1f000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.317] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0xf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.317] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.317] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.317] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0106.317] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x3d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.317] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.317] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0xf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.317] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.317] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.317] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ff000 [0106.317] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0106.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0106.326] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0000ebd04 | out: lpMode=0xc0000ebd04) returned 0 [0106.332] GetFileType (hFile=0x194) returned 0x1 [0106.332] WriteFile (in: hFile=0x194, lpBuffer=0xc0003fe000*, nNumberOfBytesToWrite=0x3c0e0, lpNumberOfBytesWritten=0xc0000ebcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesWritten=0xc0000ebcec*=0x3c0e0, lpOverlapped=0x0) returned 1 [0106.337] CloseHandle (hObject=0x194) returned 1 [0106.337] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0106.337] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0106.337] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0000ebd64 | out: lpMode=0xc0000ebd64) returned 0 [0106.344] GetFileType (hFile=0x194) returned 0x1 [0106.344] WriteFile (in: hFile=0x194, lpBuffer=0xc0001209a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000ebd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001209a0*, lpNumberOfBytesWritten=0xc0000ebd4c*=0x158, lpOverlapped=0x0) returned 1 [0106.344] CloseHandle (hObject=0x194) returned 1 [0106.345] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\frmcache.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\FORMS\\encry-FRMCACHE.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\forms\\encry-frmcache.dat"), dwFlags=0x1) returned 1 [0106.345] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x194 [0106.346] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0106.353] GetFileType (hFile=0x194) returned 0x1 [0106.353] GetFileType (hFile=0x194) returned 0x1 [0106.353] GetFileInformationByHandle (in: hFile=0x194, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0106.353] GetFileInformationByHandleEx (in: hFile=0x194, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0106.353] ReadFile (in: hFile=0x194, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x1c00, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc0006e1c04*=0x1a00, lpOverlapped=0x0) returned 1 [0106.358] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.363] SetEvent (hEvent=0xc0) returned 1 [0106.363] SetEvent (hEvent=0x164) returned 1 [0106.363] ReadFile (in: hFile=0x194, lpBuffer=0xc0000a3a00, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a3a00*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0106.363] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.366] CloseHandle (hObject=0x194) returned 1 [0106.366] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.378] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.394] GetFileType (hFile=0x180) returned 0x1 [0106.394] WriteFile (in: hFile=0x180, lpBuffer=0xc0001202c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001e9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001202c0*, lpNumberOfBytesWritten=0xc0001e9d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.395] CloseHandle (hObject=0x180) returned 1 [0106.395] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0106.395] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0106.396] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app.css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\encry-cast_app.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\encry-cast_app.css"), dwFlags=0x1) returned 1 [0106.397] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0106.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0106.398] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000201cf4 | out: lpMode=0xc000201cf4) returned 0 [0106.412] GetFileType (hFile=0x180) returned 0x1 [0106.412] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0106.412] GetFileType (hFile=0x180) returned 0x1 [0106.413] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc000201d44 | out: lpFileInformation=0xc000201d44) returned 1 [0106.413] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc000201d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000201d28) returned 1 [0106.413] ReadFile (in: hFile=0x180, lpBuffer=0xc00005a280, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc000201c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a280*, lpNumberOfBytesRead=0xc000201c04*=0x43, lpOverlapped=0x0) returned 1 [0106.414] ReadFile (in: hFile=0x180, lpBuffer=0xc00005a2c3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000201c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a2c3*, lpNumberOfBytesRead=0xc000201c04*=0x0, lpOverlapped=0x0) returned 1 [0106.414] CloseHandle (hObject=0x180) returned 1 [0106.414] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0106.414] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.414] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini\\*", lpFindFileData=0xc000201a08 | out: lpFindFileData=0xc000201a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0106.414] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000201720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0106.414] VirtualAlloc (lpAddress=0xc0002ac000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ac000 [0106.415] SwitchToThread () returned 1 [0106.416] SetEvent (hEvent=0x9c) returned 1 [0106.416] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.461] SwitchToThread () returned 1 [0106.469] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0106.469] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0106.469] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0106.470] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0006dfcf4 | out: lpMode=0xc0006dfcf4) returned 0 [0106.477] GetFileType (hFile=0x180) returned 0x1 [0106.477] GetFileType (hFile=0x180) returned 0x1 [0106.477] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc0006dfd44 | out: lpFileInformation=0xc0006dfd44) returned 1 [0106.477] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc0006dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006dfd28) returned 1 [0106.477] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0106.478] ReadFile (in: hFile=0x180, lpBuffer=0xc0002b4000, nNumberOfBytesToRead=0x4a00, lpNumberOfBytesRead=0xc0006dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b4000*, lpNumberOfBytesRead=0xc0006dfc04*=0x4800, lpOverlapped=0x0) returned 1 [0106.481] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.484] ReadFile (in: hFile=0x180, lpBuffer=0xc0002b8800, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b8800*, lpNumberOfBytesRead=0xc0006dfc04*=0x0, lpOverlapped=0x0) returned 1 [0106.484] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.505] CloseHandle (hObject=0x180) returned 1 [0106.505] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0106.505] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0106.507] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0006dfd04 | out: lpMode=0xc0006dfd04) returned 0 [0106.509] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.512] GetFileType (hFile=0x180) returned 0x1 [0106.512] WriteFile (in: hFile=0x180, lpBuffer=0xc0002b8a80*, nNumberOfBytesToWrite=0x4810, lpNumberOfBytesWritten=0xc0006dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b8a80*, lpNumberOfBytesWritten=0xc0006dfcec*=0x4810, lpOverlapped=0x0) returned 1 [0106.513] CloseHandle (hObject=0x180) returned 1 [0106.513] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0501 | out: pbBuffer=0xc0000e0501) returned 1 [0106.513] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0106.514] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0106.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0106.514] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0006dfd64 | out: lpMode=0xc0006dfd64) returned 0 [0106.516] GetFileType (hFile=0x180) returned 0x1 [0106.516] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d7340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7340*, lpNumberOfBytesWritten=0xc0006dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0106.516] CloseHandle (hObject=0x180) returned 1 [0106.516] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-login data"), dwFlags=0x1) returned 1 [0106.611] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.622] SetEvent (hEvent=0x108) returned 1 [0106.622] SetEvent (hEvent=0x164) returned 1 [0106.622] SwitchToThread () returned 1 [0106.625] SetEvent (hEvent=0x108) returned 1 [0106.625] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.643] SetEvent (hEvent=0x108) returned 1 [0106.643] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.645] SetEvent (hEvent=0xfc) returned 1 [0106.645] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.647] SetEvent (hEvent=0x114) returned 1 [0106.647] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.665] SetEvent (hEvent=0x108) returned 1 [0106.665] SetEvent (hEvent=0xfc) returned 1 [0106.666] SetEvent (hEvent=0x164) returned 1 [0106.666] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.672] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.678] SetEvent (hEvent=0x108) returned 1 [0106.678] SwitchToThread () returned 1 [0106.679] SetEvent (hEvent=0x108) returned 1 [0106.679] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.681] SetEvent (hEvent=0x114) returned 1 [0106.681] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.684] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.684] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.685] SetEvent (hEvent=0x108) returned 1 [0106.685] SetEvent (hEvent=0x114) returned 1 [0106.685] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.685] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.685] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.686] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.686] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.686] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.686] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.686] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0106.687] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0106.687] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0106.687] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0106.688] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000297cf4 | out: lpMode=0xc000297cf4) returned 0 [0106.688] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.690] GetFileType (hFile=0x1d4) returned 0x1 [0106.690] GetFileType (hFile=0x1d4) returned 0x1 [0106.690] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc000297d44 | out: lpFileInformation=0xc000297d44) returned 1 [0106.690] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc000297d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000297d28) returned 1 [0106.690] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0106.691] ReadFile (in: hFile=0x1d4, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x7200, lpNumberOfBytesRead=0xc000297c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc000297c04*=0x7000, lpOverlapped=0x0) returned 1 [0106.694] ReadFile (in: hFile=0x1d4, lpBuffer=0xc000237000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000297c04, lpOverlapped=0x0 | out: lpBuffer=0xc000237000*, lpNumberOfBytesRead=0xc000297c04*=0x0, lpOverlapped=0x0) returned 1 [0106.695] CloseHandle (hObject=0x1d4) returned 1 [0106.695] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0106.695] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0106.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0106.697] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000297d04 | out: lpMode=0xc000297d04) returned 0 [0106.698] GetFileType (hFile=0x1d4) returned 0x1 [0106.698] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0x7010, lpNumberOfBytesWritten=0xc000297cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc000297cec*=0x7010, lpOverlapped=0x0) returned 1 [0106.699] CloseHandle (hObject=0x1d4) returned 1 [0106.700] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0106.700] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0106.700] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0106.701] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0106.701] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0106.701] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0106.702] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0106.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0106.702] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000297d64 | out: lpMode=0xc000297d64) returned 0 [0106.706] GetFileType (hFile=0x1d4) returned 0x1 [0106.707] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000297d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000297d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.707] CloseHandle (hObject=0x1d4) returned 1 [0106.707] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0106.707] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0106.708] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\microsoft at home~.feed-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\encry-Microsoft at Home~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\encry-microsoft at home~.feed-ms"), dwFlags=0x1) returned 1 [0106.709] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0106.709] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij"), fInfoLevelId=0x0, lpFileInformation=0xc0002bb6a0 | out: lpFileInformation=0xc0002bb6a0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.710] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.710] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\*", lpFindFileData=0xc0002bb458 | out: lpFindFileData=0xc0002bb458*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0106.710] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002bb488 | out: lpFindFileData=0xc0002bb488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.710] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002bb488 | out: lpFindFileData=0xc0002bb488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0106.710] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002bb488 | out: lpFindFileData=0xc0002bb488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0106.710] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002bb488 | out: lpFindFileData=0xc0002bb488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0106.710] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0106.710] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0106.710] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002bb5c8 | out: lpFileInformation=0xc0002bb5c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfea09ee5, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0106.711] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), fInfoLevelId=0x0, lpFileInformation=0xc0002bb5c8 | out: lpFileInformation=0xc0002bb5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xff06fa11, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.711] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd"), fInfoLevelId=0x0, lpFileInformation=0xc0002bb6a0 | out: lpFileInformation=0xc0002bb6a0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.711] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.711] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\*", lpFindFileData=0xc0002bb458 | out: lpFindFileData=0xc0002bb458*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0106.711] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002bb488 | out: lpFindFileData=0xc0002bb488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.711] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002bb488 | out: lpFindFileData=0xc0002bb488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0106.712] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002bb488 | out: lpFindFileData=0xc0002bb488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fwlink[1]", cAlternateFileName="FWLINK~1")) returned 1 [0106.712] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002bb488 | out: lpFindFileData=0xc0002bb488*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0x52d90010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ieonline.microsoft[1]", cAlternateFileName="IEONLI~1.MIC")) returned 1 [0106.712] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002bb488 | out: lpFindFileData=0xc0002bb488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0106.712] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0106.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002bb5c8 | out: lpFileInformation=0xc0002bb5c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0106.715] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.720] SetEvent (hEvent=0x108) returned 1 [0106.720] SetEvent (hEvent=0x164) returned 1 [0106.720] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.721] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000103c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001d3818, lpReserved=0x0 | out: lpBuffer=0xc0000103c0*, lpNumberOfCharsWritten=0xc0001d3818*=0x4) returned 1 [0106.722] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000103c8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000289818, lpReserved=0x0 | out: lpBuffer=0xc0000103c8*, lpNumberOfCharsWritten=0xc000289818*=0x4) returned 1 [0106.731] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000103d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000139818, lpReserved=0x0 | out: lpBuffer=0xc0000103d0*, lpNumberOfCharsWritten=0xc000139818*=0x4) returned 1 [0106.738] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000103d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00027b818, lpReserved=0x0 | out: lpBuffer=0xc0000103d8*, lpNumberOfCharsWritten=0xc00027b818*=0x4) returned 1 [0106.746] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.749] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0106.749] SetEvent (hEvent=0x9c) returned 1 [0106.749] SwitchToThread () returned 1 [0106.750] SetEvent (hEvent=0x9c) returned 1 [0106.750] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.750] SetEvent (hEvent=0x9c) returned 1 [0106.750] SetEvent (hEvent=0x164) returned 1 [0106.750] SetEvent (hEvent=0x108) returned 1 [0106.750] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.752] SetEvent (hEvent=0x164) returned 1 [0106.752] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.758] SetEvent (hEvent=0x9c) returned 1 [0106.758] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.773] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0106.773] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0106.773] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfed03a6b, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.774] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\ieonline.microsoft[1]"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0x52d90010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52d90010, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52d90010, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.774] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0106.774] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9e3d85, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0106.775] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2bc126f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0106.775] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0106.775] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0106.776] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\ime12"), fInfoLevelId=0x0, lpFileInformation=0xc000221778 | out: lpFileInformation=0xc000221778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd754c00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd754c00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd754c00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.776] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\ime12"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.776] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IME12\\*", lpFindFileData=0xc000221530 | out: lpFindFileData=0xc000221530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd754c00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd754c00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd754c00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0106.776] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221560 | out: lpFindFileData=0xc000221560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd754c00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd754c00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd754c00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.777] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221560 | out: lpFindFileData=0xc000221560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0106.777] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0106.777] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\imjp12"), fInfoLevelId=0x0, lpFileInformation=0xc000221778 | out: lpFileInformation=0xc000221778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\imjp12"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.783] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP12\\*", lpFindFileData=0xc000221530 | out: lpFindFileData=0xc000221530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0106.783] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221560 | out: lpFindFileData=0xc000221560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.783] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221560 | out: lpFindFileData=0xc000221560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0106.783] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0106.783] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\imjp8_1"), fInfoLevelId=0x0, lpFileInformation=0xc000221778 | out: lpFileInformation=0xc000221778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.787] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.796] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.796] SetEvent (hEvent=0xfc) returned 1 [0106.796] SetEvent (hEvent=0x114) returned 1 [0106.796] SetEvent (hEvent=0x164) returned 1 [0106.797] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.798] SetEvent (hEvent=0x114) returned 1 [0106.798] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.802] SetEvent (hEvent=0x9c) returned 1 [0106.802] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0106.890] SetEvent (hEvent=0xfc) returned 1 [0106.890] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0106.890] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0106.890] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0106.891] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0106.891] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0106.988] SwitchToThread () returned 1 [0106.989] GetFileType (hFile=0x1d4) returned 0x1 [0106.989] GetFileType (hFile=0x1d4) returned 0x1 [0106.989] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0106.989] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0106.989] VirtualAlloc (lpAddress=0xc0002ae000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ae000 [0106.991] ReadFile (in: hFile=0x1d4, lpBuffer=0xc0002ae000, nNumberOfBytesToRead=0x4200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ae000*, lpNumberOfBytesRead=0xc000117c04*=0x4000, lpOverlapped=0x0) returned 1 [0106.994] ReadFile (in: hFile=0x1d4, lpBuffer=0xc0002b2000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b2000*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0106.994] CloseHandle (hObject=0x1d4) returned 1 [0106.994] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0106.994] VirtualAlloc (lpAddress=0xc00028e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028e000 [0106.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0106.995] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0106.997] GetFileType (hFile=0x1d4) returned 0x1 [0106.997] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0002b2800*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b2800*, lpNumberOfBytesWritten=0xc000117cec*=0x4010, lpOverlapped=0x0) returned 1 [0106.998] CloseHandle (hObject=0x1d4) returned 1 [0106.998] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0106.999] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0106.999] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0106.999] VirtualAlloc (lpAddress=0xc0002c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c2000 [0106.999] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0107.000] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0107.000] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0107.000] VirtualAlloc (lpAddress=0xc0002e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e4000 [0107.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0107.001] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0107.001] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.046] GetFileType (hFile=0x1d4) returned 0x1 [0107.047] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0001dcc60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001dcc60*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.047] CloseHandle (hObject=0x1d4) returned 1 [0107.047] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\encry-MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\encry-msimgsiz.dat"), dwFlags=0x1) returned 1 [0107.048] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0107.048] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000063cf4 | out: lpMode=0xc000063cf4) returned 0 [0107.051] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.053] GetFileType (hFile=0x1d4) returned 0x1 [0107.053] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.063] GetFileType (hFile=0x1d4) returned 0x1 [0107.064] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc000063d44 | out: lpFileInformation=0xc000063d44) returned 1 [0107.064] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc000063d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000063d28) returned 1 [0107.064] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0107.064] ReadFile (in: hFile=0x1d4, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x51d, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc000063c04*=0x31d, lpOverlapped=0x0) returned 1 [0107.067] ReadFile (in: hFile=0x1d4, lpBuffer=0xc00004c31d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c31d*, lpNumberOfBytesRead=0xc000063c04*=0x0, lpOverlapped=0x0) returned 1 [0107.067] CloseHandle (hObject=0x1d4) returned 1 [0107.068] SwitchToThread () returned 1 [0107.075] VirtualAlloc (lpAddress=0xc0002f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f8000 [0107.075] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0107.076] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0107.076] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0107.076] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0107.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0107.078] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000063d04 | out: lpMode=0xc000063d04) returned 0 [0107.158] GetFileType (hFile=0x1d4) returned 0x1 [0107.158] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0002fc000*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0xc000063cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002fc000*, lpNumberOfBytesWritten=0xc000063cec*=0x320, lpOverlapped=0x0) returned 1 [0107.159] CloseHandle (hObject=0x1d4) returned 1 [0107.159] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0107.159] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0107.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0107.160] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000063d64 | out: lpMode=0xc000063d64) returned 0 [0107.164] GetFileType (hFile=0x1d4) returned 0x1 [0107.164] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000063d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000063d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.164] CloseHandle (hObject=0x1d4) returned 1 [0107.164] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\encry-05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\encry-05_pictures_taken_in_the_last_month.wpl"), dwFlags=0x1) returned 1 [0107.165] VirtualFree (lpAddress=0xc00031a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0107.166] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.166] VirtualFree (lpAddress=0xc0002f8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.166] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.166] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0107.167] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.167] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.167] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.167] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.168] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.168] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.168] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.168] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0107.169] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.169] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586038*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00018f818, lpReserved=0x0 | out: lpBuffer=0xc000586038*, lpNumberOfCharsWritten=0xc00018f818*=0x4) returned 1 [0107.174] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.176] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005864b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000197818, lpReserved=0x0 | out: lpBuffer=0xc0005864b0*, lpNumberOfCharsWritten=0xc000197818*=0x4) returned 1 [0107.177] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0180*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001b5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0180*, lpNumberOfCharsWritten=0xc0001b5818*=0x4) returned 1 [0107.178] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000205818, lpReserved=0x0 | out: lpBuffer=0xc0001020d0*, lpNumberOfCharsWritten=0xc000205818*=0x4) returned 1 [0107.182] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000165818, lpReserved=0x0 | out: lpBuffer=0xc0001020d8*, lpNumberOfCharsWritten=0xc000165818*=0x4) returned 1 [0107.206] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102240*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000161818, lpReserved=0x0 | out: lpBuffer=0xc000102240*, lpNumberOfCharsWritten=0xc000161818*=0x4) returned 1 [0107.251] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102248*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000281818, lpReserved=0x0 | out: lpBuffer=0xc000102248*, lpNumberOfCharsWritten=0xc000281818*=0x4) returned 1 [0107.281] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001022c8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00022b818, lpReserved=0x0 | out: lpBuffer=0xc0001022c8*, lpNumberOfCharsWritten=0xc00022b818*=0x4) returned 1 [0107.290] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.294] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0107.294] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010578*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000f9818, lpReserved=0x0 | out: lpBuffer=0xc000010578*, lpNumberOfCharsWritten=0xc0000f9818*=0x4) returned 1 [0107.299] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.304] SetEvent (hEvent=0xfc) returned 1 [0107.304] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.305] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000283818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc000283818*=0x4) returned 1 [0107.305] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586018*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001ad818, lpReserved=0x0 | out: lpBuffer=0xc000586018*, lpNumberOfCharsWritten=0xc0001ad818*=0x4) returned 1 [0107.307] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.332] SetEvent (hEvent=0x114) returned 1 [0107.332] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005864b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00014f818, lpReserved=0x0 | out: lpBuffer=0xc0005864b0*, lpNumberOfCharsWritten=0xc00014f818*=0x4) returned 1 [0107.333] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.345] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102020*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001bb818, lpReserved=0x0 | out: lpBuffer=0xc000102020*, lpNumberOfCharsWritten=0xc0001bb818*=0x4) returned 1 [0107.348] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.356] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010198*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000211818, lpReserved=0x0 | out: lpBuffer=0xc000010198*, lpNumberOfCharsWritten=0xc000211818*=0x4) returned 1 [0107.357] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.364] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0060*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00027d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0060*, lpNumberOfCharsWritten=0xc00027d818*=0x4) returned 1 [0107.371] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0068*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000bb818, lpReserved=0x0 | out: lpBuffer=0xc0000a0068*, lpNumberOfCharsWritten=0xc0000bb818*=0x4) returned 1 [0107.379] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010400*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000185818, lpReserved=0x0 | out: lpBuffer=0xc000010400*, lpNumberOfCharsWritten=0xc000185818*=0x4) returned 1 [0107.386] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0180*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000167818, lpReserved=0x0 | out: lpBuffer=0xc0000a0180*, lpNumberOfCharsWritten=0xc000167818*=0x4) returned 1 [0107.391] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000195818, lpReserved=0x0 | out: lpBuffer=0xc0000a01a0*, lpNumberOfCharsWritten=0xc000195818*=0x4) returned 1 [0107.395] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000203818, lpReserved=0x0 | out: lpBuffer=0xc0000a01a8*, lpNumberOfCharsWritten=0xc000203818*=0x4) returned 1 [0107.400] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00012f818, lpReserved=0x0 | out: lpBuffer=0xc0000101e0*, lpNumberOfCharsWritten=0xc00012f818*=0x4) returned 1 [0107.405] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101e8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000219818, lpReserved=0x0 | out: lpBuffer=0xc0000101e8*, lpNumberOfCharsWritten=0xc000219818*=0x4) returned 1 [0107.409] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010240*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001a1818, lpReserved=0x0 | out: lpBuffer=0xc000010240*, lpNumberOfCharsWritten=0xc0001a1818*=0x4) returned 1 [0107.414] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.417] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0388*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000285818, lpReserved=0x0 | out: lpBuffer=0xc0000a0388*, lpNumberOfCharsWritten=0xc000285818*=0x4) returned 1 [0107.422] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010408*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00020f818, lpReserved=0x0 | out: lpBuffer=0xc000010408*, lpNumberOfCharsWritten=0xc00020f818*=0x4) returned 1 [0107.438] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.445] SetEvent (hEvent=0xfc) returned 1 [0107.445] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.450] SetEvent (hEvent=0xfc) returned 1 [0107.450] SetEvent (hEvent=0x108) returned 1 [0107.450] VirtualFree (lpAddress=0xc000238000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.450] VirtualFree (lpAddress=0xc000230000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0107.451] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.451] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.451] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.452] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0107.452] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0107.452] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0107.453] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000211cf4 | out: lpMode=0xc000211cf4) returned 0 [0107.461] GetFileType (hFile=0x1b4) returned 0x1 [0107.461] GetFileType (hFile=0x1b4) returned 0x1 [0107.461] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000211d44 | out: lpFileInformation=0xc000211d44) returned 1 [0107.461] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000211d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000211d28) returned 1 [0107.461] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0107.462] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000124000, nNumberOfBytesToRead=0x449, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesRead=0xc000211c04*=0x249, lpOverlapped=0x0) returned 1 [0107.463] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000124249, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc000124249*, lpNumberOfBytesRead=0xc000211c04*=0x0, lpOverlapped=0x0) returned 1 [0107.463] CloseHandle (hObject=0x1b4) returned 1 [0107.463] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0107.463] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0107.464] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0107.464] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000211d04 | out: lpMode=0xc000211d04) returned 0 [0107.469] GetFileType (hFile=0x1b4) returned 0x1 [0107.469] WriteFile (in: hFile=0x1b4, lpBuffer=0xc000130000*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0xc000211cec, lpOverlapped=0x0 | out: lpBuffer=0xc000130000*, lpNumberOfBytesWritten=0xc000211cec*=0x250, lpOverlapped=0x0) returned 1 [0107.470] CloseHandle (hObject=0x1b4) returned 1 [0107.470] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0107.470] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0107.471] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0107.471] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0107.471] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000211d64 | out: lpMode=0xc000211d64) returned 0 [0107.473] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.476] GetFileType (hFile=0x1b4) returned 0x1 [0107.476] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0107.477] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000211d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000211d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.477] CloseHandle (hObject=0x1b4) returned 1 [0107.477] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0107.478] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0107.478] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0107.478] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\11_all_pictures.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\encry-11_All_Pictures.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\encry-11_all_pictures.wpl"), dwFlags=0x1) returned 1 [0107.479] SetEvent (hEvent=0xb8) returned 1 [0107.479] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.484] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.484] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.485] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.485] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.485] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.485] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.486] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.486] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.486] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.486] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.486] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.487] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.487] SetEvent (hEvent=0x9c) returned 1 [0107.487] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0107.755] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000287cf4 | out: lpMode=0xc000287cf4) returned 0 [0107.759] GetFileType (hFile=0x1b0) returned 0x1 [0107.759] GetFileType (hFile=0x1b0) returned 0x1 [0107.759] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000287d44 | out: lpFileInformation=0xc000287d44) returned 1 [0107.759] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000287d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000287d28) returned 1 [0107.759] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0107.759] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000ce000, nNumberOfBytesToRead=0x704, lpNumberOfBytesRead=0xc000287c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesRead=0xc000287c04*=0x504, lpOverlapped=0x0) returned 1 [0107.762] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000ce504, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000287c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce504*, lpNumberOfBytesRead=0xc000287c04*=0x0, lpOverlapped=0x0) returned 1 [0107.762] CloseHandle (hObject=0x1b0) returned 1 [0107.762] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0107.762] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0107.769] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.783] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000287d04 | out: lpMode=0xc000287d04) returned 0 [0107.785] GetFileType (hFile=0xec) returned 0x1 [0107.785] WriteFile (in: hFile=0xec, lpBuffer=0xc000222000*, nNumberOfBytesToWrite=0x510, lpNumberOfBytesWritten=0xc000287cec, lpOverlapped=0x0 | out: lpBuffer=0xc000222000*, lpNumberOfBytesWritten=0xc000287cec*=0x510, lpOverlapped=0x0) returned 1 [0107.786] CloseHandle (hObject=0xec) returned 1 [0107.794] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0107.794] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0107.794] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0107.795] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0107.795] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000287d64 | out: lpMode=0xc000287d64) returned 0 [0107.797] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.800] SetEvent (hEvent=0x114) returned 1 [0107.800] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.831] SetEvent (hEvent=0x114) returned 1 [0107.831] SetEvent (hEvent=0xb8) returned 1 [0107.832] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.838] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.838] VirtualFree (lpAddress=0xc00025e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.839] VirtualFree (lpAddress=0xc00025a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.839] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.839] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.840] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.840] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.840] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.842] SetEvent (hEvent=0xf4) returned 1 [0107.842] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0107.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0107.845] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0107.846] GetFileType (hFile=0x1e4) returned 0x1 [0107.846] GetFileType (hFile=0x1e4) returned 0x1 [0107.846] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0107.846] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0107.846] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00005a000, nNumberOfBytesToRead=0x5fc, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesRead=0xc000175c04*=0x3fc, lpOverlapped=0x0) returned 1 [0107.849] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00005a3fc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a3fc*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0107.849] CloseHandle (hObject=0x1e4) returned 1 [0107.849] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0107.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0107.857] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000175d04 | out: lpMode=0xc000175d04) returned 0 [0107.858] GetFileType (hFile=0x1e4) returned 0x1 [0107.858] WriteFile (in: hFile=0x1e4, lpBuffer=0xc000094000*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0xc000175cec, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesWritten=0xc000175cec*=0x400, lpOverlapped=0x0) returned 1 [0107.859] CloseHandle (hObject=0x1e4) returned 1 [0107.861] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082501 | out: pbBuffer=0xc000082501) returned 1 [0107.861] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0107.861] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0107.862] GetFileType (hFile=0x1e4) returned 0x1 [0107.862] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.862] CloseHandle (hObject=0x1e4) returned 1 [0107.864] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\encry-08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\encry-08_video_rated_at_4_or_5_stars.wpl"), dwFlags=0x1) returned 1 [0108.408] SetEvent (hEvent=0x15c) returned 1 [0108.408] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0108.411] SetEvent (hEvent=0xb8) returned 1 [0108.411] SetEvent (hEvent=0xfc) returned 1 [0108.411] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0110.259] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0110.260] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0110.261] SetEvent (hEvent=0xf4) returned 1 [0110.262] SetEvent (hEvent=0x114) returned 1 [0110.262] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.262] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.262] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.262] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.263] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.263] SwitchToThread () returned 1 [0110.264] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0110.265] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0110.382] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0110.396] SetEvent (hEvent=0x1a0) returned 1 [0110.396] SetEvent (hEvent=0x198) returned 1 [0110.396] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0111.016] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0111.022] SetEvent (hEvent=0x164) returned 1 [0111.022] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0111.022] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0111.023] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0111.024] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0111.024] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0111.026] GetFileType (hFile=0x1b0) returned 0x1 [0111.026] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0111.026] GetFileType (hFile=0x1b0) returned 0x1 [0111.026] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0111.026] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0111.027] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0111.027] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0xb68, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc000241c04*=0x968, lpOverlapped=0x0) returned 1 [0111.029] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00025a968, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a968*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0111.029] CloseHandle (hObject=0x1b0) returned 1 [0111.029] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0111.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.035] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0111.036] GetFileType (hFile=0x180) returned 0x1 [0111.036] WriteFile (in: hFile=0x180, lpBuffer=0xc00023a000*, nNumberOfBytesToWrite=0x970, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc00023a000*, lpNumberOfBytesWritten=0xc000241cec*=0x970, lpOverlapped=0x0) returned 1 [0111.037] CloseHandle (hObject=0x180) returned 1 [0111.038] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0601 | out: pbBuffer=0xc0000e0601) returned 1 [0111.038] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0111.039] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0111.039] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0111.039] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0111.040] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0111.040] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0111.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0111.041] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0111.042] GetFileType (hFile=0x1b0) returned 0x1 [0111.042] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0002c42c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002c42c0*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.042] CloseHandle (hObject=0x1b0) returned 1 [0111.043] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0111.043] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBDZoZR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbdzozr[1].jpg"), dwFlags=0x1) returned 1 [0111.114] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0111.114] SetEvent (hEvent=0xfc) returned 1 [0111.115] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.116] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.123] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0111.123] SetEvent (hEvent=0x164) returned 1 [0111.123] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.128] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0111.128] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0111.164] SetEvent (hEvent=0xb8) returned 1 [0111.164] SetEvent (hEvent=0x9c) returned 1 [0111.164] SetEvent (hEvent=0x13c) returned 1 [0111.164] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.391] SetEvent (hEvent=0x1a0) returned 1 [0112.391] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.411] SetEvent (hEvent=0x13c) returned 1 [0112.411] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.419] SetEvent (hEvent=0xb8) returned 1 [0112.419] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.438] SetEvent (hEvent=0x13c) returned 1 [0112.438] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.442] SetEvent (hEvent=0xb8) returned 1 [0112.442] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.445] SetEvent (hEvent=0x9c) returned 1 [0112.445] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.481] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.485] SetEvent (hEvent=0x114) returned 1 [0112.485] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.486] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0112.486] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc00018dcf4 | out: lpMode=0xc00018dcf4) returned 0 [0112.488] GetFileType (hFile=0x1d4) returned 0x1 [0112.488] GetFileType (hFile=0x1d4) returned 0x1 [0112.488] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc00018dd44 | out: lpFileInformation=0xc00018dd44) returned 1 [0112.488] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc00018dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018dd28) returned 1 [0112.488] ReadFile (in: hFile=0x1d4, lpBuffer=0xc00005a900, nNumberOfBytesToRead=0x468, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a900*, lpNumberOfBytesRead=0xc00018dc04*=0x268, lpOverlapped=0x0) returned 1 [0112.493] ReadFile (in: hFile=0x1d4, lpBuffer=0xc00005ab68, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005ab68*, lpNumberOfBytesRead=0xc00018dc04*=0x0, lpOverlapped=0x0) returned 1 [0112.493] CloseHandle (hObject=0x1d4) returned 1 [0112.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0112.497] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00018dd04 | out: lpMode=0xc00018dd04) returned 0 [0112.497] GetFileType (hFile=0x1b0) returned 0x1 [0112.498] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00006e500*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xc00018dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00006e500*, lpNumberOfBytesWritten=0xc00018dcec*=0x270, lpOverlapped=0x0) returned 1 [0112.499] CloseHandle (hObject=0x1b0) returned 1 [0112.499] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533701 | out: pbBuffer=0xc000533701) returned 1 [0112.499] VirtualAlloc (lpAddress=0xc000304000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000304000 [0112.500] VirtualAlloc (lpAddress=0xc000306000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000306000 [0112.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0112.501] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00018dd64 | out: lpMode=0xc00018dd64) returned 0 [0112.501] GetFileType (hFile=0x1b0) returned 0x1 [0112.501] VirtualAlloc (lpAddress=0xc000308000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000308000 [0112.501] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000300b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000300b00*, lpNumberOfBytesWritten=0xc00018dd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.502] CloseHandle (hObject=0x1b0) returned 1 [0112.502] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-AA8Tave[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-aa8tave[1].png"), dwFlags=0x1) returned 1 [0112.585] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.587] SetEvent (hEvent=0xb8) returned 1 [0112.587] SetEvent (hEvent=0x114) returned 1 [0112.587] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.590] SetEvent (hEvent=0xb8) returned 1 [0112.590] SetEvent (hEvent=0x198) returned 1 [0112.590] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.591] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.591] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.591] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586020*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00027f818, lpReserved=0x0 | out: lpBuffer=0xc000586020*, lpNumberOfCharsWritten=0xc00027f818*=0x2) returned 1 [0112.595] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.600] SetEvent (hEvent=0x9c) returned 1 [0112.600] SetEvent (hEvent=0xb8) returned 1 [0112.600] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586024*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc000586024*, lpNumberOfCharsWritten=0xc000241818*=0x2) returned 1 [0112.601] VirtualFree (lpAddress=0xc000386000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.601] VirtualFree (lpAddress=0xc000302000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.602] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.602] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.602] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00018d818, lpReserved=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfCharsWritten=0xc00018d818*=0x2) returned 1 [0112.700] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.717] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.734] SetEvent (hEvent=0x1a0) returned 1 [0112.734] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.738] SetEvent (hEvent=0x1a0) returned 1 [0112.738] SetEvent (hEvent=0xb8) returned 1 [0112.738] VirtualFree (lpAddress=0xc000394000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.739] VirtualFree (lpAddress=0xc000388000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.739] VirtualFree (lpAddress=0xc000328000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.739] VirtualFree (lpAddress=0xc000324000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.740] VirtualFree (lpAddress=0xc0002ea000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.740] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.740] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.741] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.741] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.741] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc0006e1818*=0x2) returned 1 [0112.742] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.749] SetEvent (hEvent=0xb8) returned 1 [0112.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0112.749] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0112.750] GetFileType (hFile=0x1bc) returned 0x1 [0112.750] GetFileType (hFile=0x1bc) returned 0x1 [0112.750] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0112.750] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0112.750] VirtualAlloc (lpAddress=0xc000330000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000330000 [0112.751] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000330000, nNumberOfBytesToRead=0x1e22, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc000330000*, lpNumberOfBytesRead=0xc000117c04*=0x1c22, lpOverlapped=0x0) returned 1 [0112.754] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000331c22, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc000331c22*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0112.754] CloseHandle (hObject=0x1bc) returned 1 [0112.754] VirtualAlloc (lpAddress=0xc000332000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000332000 [0112.755] VirtualAlloc (lpAddress=0xc000334000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000334000 [0112.755] VirtualAlloc (lpAddress=0xc000336000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000336000 [0112.756] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0112.760] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0112.761] GetFileType (hFile=0x1b0) returned 0x1 [0112.761] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000336000*, nNumberOfBytesToWrite=0x1c30, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc000336000*, lpNumberOfBytesWritten=0xc000117cec*=0x1c30, lpOverlapped=0x0) returned 1 [0112.763] CloseHandle (hObject=0x1b0) returned 1 [0112.772] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0112.773] VirtualAlloc (lpAddress=0xc00033c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033c000 [0112.773] VirtualAlloc (lpAddress=0xc00033e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033e000 [0112.774] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0112.774] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0112.774] GetFileType (hFile=0x1b0) returned 0x1 [0112.774] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.775] CloseHandle (hObject=0x1b0) returned 1 [0112.775] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBB8ZbM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbb8zbm[1].jpg"), dwFlags=0x1) returned 1 [0112.815] SetEvent (hEvent=0xc0) returned 1 [0112.815] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0112.815] SetEvent (hEvent=0x114) returned 1 [0112.815] VirtualAlloc (lpAddress=0xc00034e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00034e000 [0112.816] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.818] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.824] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0112.824] SetEvent (hEvent=0x9c) returned 1 [0112.824] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.828] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.856] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.865] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.879] SetEvent (hEvent=0x1a0) returned 1 [0112.879] SetEvent (hEvent=0xb8) returned 1 [0112.880] VirtualAlloc (lpAddress=0xc00035e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00035e000 [0112.880] VirtualAlloc (lpAddress=0xc000360000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000360000 [0112.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0112.881] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000289cf4 | out: lpMode=0xc000289cf4) returned 0 [0112.882] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.884] SetEvent (hEvent=0xc0) returned 1 [0112.884] SetEvent (hEvent=0x1a0) returned 1 [0112.884] GetFileType (hFile=0x1d4) returned 0x1 [0112.884] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.886] SetEvent (hEvent=0xc0) returned 1 [0112.886] SetEvent (hEvent=0x1a0) returned 1 [0112.886] GetFileType (hFile=0x1d4) returned 0x1 [0112.886] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.892] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc000289d44 | out: lpFileInformation=0xc000289d44) returned 1 [0112.892] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc000289d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000289d28) returned 1 [0112.892] VirtualAlloc (lpAddress=0xc000160000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0112.893] ReadFile (in: hFile=0x1d4, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x2769, lpNumberOfBytesRead=0xc000289c04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc000289c04*=0x2569, lpOverlapped=0x0) returned 1 [0112.897] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.899] SetEvent (hEvent=0x1a0) returned 1 [0112.899] ReadFile (in: hFile=0x1d4, lpBuffer=0xc000162569, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000289c04, lpOverlapped=0x0 | out: lpBuffer=0xc000162569*, lpNumberOfBytesRead=0xc000289c04*=0x0, lpOverlapped=0x0) returned 1 [0112.899] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.904] CloseHandle (hObject=0x1d4) returned 1 [0112.904] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0112.905] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0112.907] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0112.909] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000289d04 | out: lpMode=0xc000289d04) returned 0 [0112.912] GetFileType (hFile=0x1d4) returned 0x1 [0112.912] WriteFile (in: hFile=0x1d4, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x2570, lpNumberOfBytesWritten=0xc000289cec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc000289cec*=0x2570, lpOverlapped=0x0) returned 1 [0112.913] CloseHandle (hObject=0x1d4) returned 1 [0112.917] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0401 | out: pbBuffer=0xc0000e0401) returned 1 [0112.917] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0112.918] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0112.918] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0112.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0112.919] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000289d64 | out: lpMode=0xc000289d64) returned 0 [0112.919] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.931] GetFileType (hFile=0x1d4) returned 0x1 [0112.931] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0112.931] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0112.932] WriteFile (in: hFile=0x1d4, lpBuffer=0xc00006a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000289d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesWritten=0xc000289d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.932] CloseHandle (hObject=0x1d4) returned 1 [0112.932] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0112.933] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0112.933] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0112.933] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBL4R9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbl4r9[1].jpg"), dwFlags=0x1) returned 1 [0112.934] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0112.949] SetEvent (hEvent=0x15c) returned 1 [0112.949] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0112.949] VirtualFree (lpAddress=0xc000160000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0112.950] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.951] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0128*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000159818, lpReserved=0x0 | out: lpBuffer=0xc0000a0128*, lpNumberOfCharsWritten=0xc000159818*=0x2) returned 1 [0112.956] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPiby[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpiby[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e28590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c21)) returned 1 [0112.956] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPmXJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbpmxj[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53063a30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x16bf)) returned 1 [0112.957] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e74850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12f9)) returned 1 [0112.957] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5303d8d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5303d8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5303d8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1b08)) returned 1 [0112.991] SetEvent (hEvent=0x198) returned 1 [0112.992] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e29b2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5e29b2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5e29b2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c41)) returned 1 [0113.025] SetEvent (hEvent=0xc0) returned 1 [0113.025] SetEvent (hEvent=0x164) returned 1 [0113.025] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVMtX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvmtx[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x515e8570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x950)) returned 1 [0113.054] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0113.055] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5530da90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5530da90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5530da90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1bba)) returned 1 [0113.183] SetEvent (hEvent=0xb8) returned 1 [0113.183] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0113.183] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5154fff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5154fff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51576150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x76a)) returned 1 [0113.198] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f32f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f32f30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f32f30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x95f)) returned 1 [0113.228] SetEvent (hEvent=0x108) returned 1 [0113.228] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0113.229] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBY98e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbby98e[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533112f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533112f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533112f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x241e)) returned 1 [0113.247] SetEvent (hEvent=0x108) returned 1 [0113.247] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBZYVP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbzyvp[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fcb4b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fcb4b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x938)) returned 1 [0113.264] SetEvent (hEvent=0xb8) returned 1 [0113.264] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBnhZY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbnhzy[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533a9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9b9)) returned 1 [0113.307] SetEvent (hEvent=0x9c) returned 1 [0113.307] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533cf9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533cf9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533cf9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a9)) returned 1 [0113.326] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e74850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x192a)) returned 1 [0113.341] SetEvent (hEvent=0x15c) returned 1 [0113.341] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04ok[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04ok[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538b8730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x23fb)) returned 1 [0113.358] SetEvent (hEvent=0x164) returned 1 [0113.358] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04we[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04we[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539e9230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539e9230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539e9230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a99)) returned 1 [0113.369] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0113.373] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0113.374] SetEvent (hEvent=0x198) returned 1 [0113.374] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e02430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e02430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e28590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3200)) returned 1 [0113.407] SetEvent (hEvent=0x164) returned 1 [0113.407] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ec0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ec0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52ec0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7e1)) returned 1 [0113.437] SetEvent (hEvent=0x9c) returned 1 [0113.438] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0113.438] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ff1610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ff1610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52ff1610, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1b4e)) returned 1 [0113.452] SetEvent (hEvent=0x198) returned 1 [0113.452] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0D8i[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0d8i[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5392ab50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5392ab50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5392ab50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x751)) returned 1 [0113.505] SetEvent (hEvent=0x114) returned 1 [0113.505] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0g7a[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51256470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51256470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51256470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x200e)) returned 1 [0113.528] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0113.529] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0w1b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0w1b[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f7f1f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f7f1f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f7f1f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1dcb)) returned 1 [0113.550] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0113.551] SetEvent (hEvent=0x108) returned 1 [0113.551] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5530da90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5530da90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x55333bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x23ba)) returned 1 [0113.574] SetEvent (hEvent=0x164) returned 1 [0113.574] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0113.574] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xb58)) returned 1 [0113.597] SetEvent (hEvent=0x15c) returned 1 [0113.597] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0113.598] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE7d3b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe7d3b[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a45c10, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x91d)) returned 1 [0113.620] SetEvent (hEvent=0xb8) returned 1 [0113.620] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45583010, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45583010, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x455a9170, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2850)) returned 1 [0113.640] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdMci[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedmci[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45987530, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xafe)) returned 1 [0113.658] SetEvent (hEvent=0x9c) returned 1 [0113.658] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4580a770, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4580a770, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4580a770, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2a48)) returned 1 [0113.675] SetEvent (hEvent=0x108) returned 1 [0113.675] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdckp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedckp[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459613d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x16ca)) returned 1 [0113.803] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458c8e50, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x87f)) returned 1 [0113.860] SetEvent (hEvent=0x15c) returned 1 [0113.860] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe4Oo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee4oo[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4587cb90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4587cb90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4587cb90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3faf)) returned 1 [0113.879] SetEvent (hEvent=0xb8) returned 1 [0113.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b505b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b505b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b505b0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xaa9)) returned 1 [0113.910] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0113.910] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeFp3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeefp3[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454c4930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454c4930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454c4930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1d26)) returned 1 [0113.927] SetEvent (hEvent=0x9c) returned 1 [0113.927] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeGwU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeegwu[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe3bfdf0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe3bfdf0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe3bfdf0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x780)) returned 1 [0113.942] SetEvent (hEvent=0x164) returned 1 [0113.942] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0113.942] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b505b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b505b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b505b0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x7be)) returned 1 [0113.960] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0113.969] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0113.969] SetEvent (hEvent=0xc0) returned 1 [0113.969] SetEvent (hEvent=0x198) returned 1 [0113.969] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459ad690, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3a2a)) returned 1 [0113.996] SetEvent (hEvent=0x164) returned 1 [0113.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEf5Lq[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbef5lq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457e4610, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2f76)) returned 1 [0114.025] SetEvent (hEvent=0xb8) returned 1 [0114.025] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4574c090, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x786)) returned 1 [0114.032] SetEvent (hEvent=0x198) returned 1 [0114.032] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfzSd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefzsd[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xa07)) returned 1 [0114.056] VirtualAlloc (lpAddress=0xc00019e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019e000 [0114.056] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgCuQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegcuq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454eaa90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454eaa90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454eaa90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1998)) returned 1 [0114.070] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0114.083] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454c4930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454c4930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454eaa90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1a65)) returned 1 [0114.083] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbde8add0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbde8add0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbdeb0f30, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5a45)) returned 1 [0114.084] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b2a450, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b2a450, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b2a450, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x388f)) returned 1 [0114.084] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45856a30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1e97)) returned 1 [0114.084] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgLzV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeglzv[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4574c090, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8df)) returned 1 [0114.084] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a45c10, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2b8d)) returned 1 [0114.085] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457721f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457721f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457721f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x201f)) returned 1 [0114.086] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe327870, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe327870, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe34d9d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x6e9)) returned 1 [0114.090] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45856a30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x23bf)) returned 1 [0114.090] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe4ca790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1dc)) returned 1 [0114.090] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1af)) returned 1 [0114.090] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBlBV0U[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bblbv0u[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a45c10, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x23b)) returned 1 [0114.091] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBzhWWE[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbzhwwe[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5159c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5159c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5159c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3376)) returned 1 [0114.091] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0114.091] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54ca7f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54ca7f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54ca7f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a3c)) returned 1 [0114.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\Standard[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\standard[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44f697b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44f697b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44f8f910, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x15429)) returned 1 [0114.284] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0114.369] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf1239b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf1239b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf1239b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7a52)) returned 1 [0114.443] SetEvent (hEvent=0x1f8) returned 1 [0114.443] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53bfe570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bfe570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53c4a830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e3)) returned 1 [0114.493] VirtualAlloc (lpAddress=0xc0002cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002cc000 [0114.493] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53bb22b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bb22b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53bfe570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5feb)) returned 1 [0114.751] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60baae40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60baae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60c433c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13c06)) returned 1 [0114.775] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60b84ce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60b84ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60c1d260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x144cd)) returned 1 [0114.797] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0114.800] SetEvent (hEvent=0xb8) returned 1 [0114.800] SetEvent (hEvent=0x198) returned 1 [0114.800] VirtualFree (lpAddress=0xc0003d8000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.801] VirtualFree (lpAddress=0xc0002fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.801] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0114.802] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.802] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.803] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000277818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc000277818*=0x3) returned 1 [0114.807] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0114.816] VirtualAlloc (lpAddress=0xc0003c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c4000 [0114.816] SetEvent (hEvent=0xb8) returned 1 [0114.816] SetEvent (hEvent=0x1f8) returned 1 [0114.816] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0114.827] VirtualFree (lpAddress=0xc000346000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0114.827] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.828] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.828] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.828] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010058*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00018f818, lpReserved=0x0 | out: lpBuffer=0xc000010058*, lpNumberOfCharsWritten=0xc00018f818*=0x2) returned 1 [0114.830] SetEvent (hEvent=0xb8) returned 1 [0114.830] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0114.836] SetEvent (hEvent=0x1dc) returned 1 [0114.836] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0114.843] SetEvent (hEvent=0x1dc) returned 1 [0114.843] SetEvent (hEvent=0x1d0) returned 1 [0114.843] VirtualFree (lpAddress=0xc00035e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0114.843] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.843] VirtualFree (lpAddress=0xc00006a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0114.844] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010140*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000191818, lpReserved=0x0 | out: lpBuffer=0xc000010140*, lpNumberOfCharsWritten=0xc000191818*=0x2) returned 1 [0114.847] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010144*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000155818, lpReserved=0x0 | out: lpBuffer=0xc000010144*, lpNumberOfCharsWritten=0xc000155818*=0x2) returned 1 [0114.848] VirtualAlloc (lpAddress=0xc000368000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000368000 [0114.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0114.849] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00018dcf4 | out: lpMode=0xc00018dcf4) returned 0 [0114.853] GetFileType (hFile=0x1b4) returned 0x1 [0114.853] GetFileType (hFile=0x1b4) returned 0x1 [0114.853] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc00018dd44 | out: lpFileInformation=0xc00018dd44) returned 1 [0114.853] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc00018dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018dd28) returned 1 [0114.853] VirtualAlloc (lpAddress=0xc00036a000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036a000 [0114.856] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00036a000, nNumberOfBytesToRead=0x146cd, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00036a000*, lpNumberOfBytesRead=0xc00018dc04*=0x144cd, lpOverlapped=0x0) returned 1 [0114.880] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00037e4cd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00037e4cd*, lpNumberOfBytesRead=0xc00018dc04*=0x0, lpOverlapped=0x0) returned 1 [0114.880] CloseHandle (hObject=0x1b4) returned 1 [0114.880] VirtualAlloc (lpAddress=0xc0003c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c8000 [0114.881] VirtualAlloc (lpAddress=0xc0003cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003cc000 [0114.881] VirtualAlloc (lpAddress=0xc0003ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ce000 [0114.881] VirtualAlloc (lpAddress=0xc0003e6000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e6000 [0114.884] VirtualAlloc (lpAddress=0xc0003d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d4000 [0114.884] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0114.885] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0114.885] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0114.891] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00018dd04 | out: lpMode=0xc00018dd04) returned 0 [0114.894] GetFileType (hFile=0x1b4) returned 0x1 [0114.895] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0003e6000*, nNumberOfBytesToWrite=0x144d0, lpNumberOfBytesWritten=0xc00018dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003e6000*, lpNumberOfBytesWritten=0xc00018dcec*=0x144d0, lpOverlapped=0x0) returned 1 [0114.898] CloseHandle (hObject=0x1b4) returned 1 [0114.904] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533001 | out: pbBuffer=0xc000533001) returned 1 [0114.904] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0114.904] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc00018dd64 | out: lpMode=0xc00018dd64) returned 0 [0114.905] GetFileType (hFile=0x214) returned 0x1 [0114.905] WriteFile (in: hFile=0x214, lpBuffer=0xc00006cb00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006cb00*, lpNumberOfBytesWritten=0xc00018dd4c*=0x158, lpOverlapped=0x0) returned 1 [0114.906] CloseHandle (hObject=0x214) returned 1 [0114.907] SetEvent (hEvent=0xc0) returned 1 [0114.907] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-4[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-benefits-4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-benefits-4[1].jpg"), dwFlags=0x1) returned 1 [0115.067] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.072] SetEvent (hEvent=0x1d0) returned 1 [0115.072] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.078] SetEvent (hEvent=0x1d0) returned 1 [0115.078] SetEvent (hEvent=0x1dc) returned 1 [0115.078] VirtualFree (lpAddress=0xc000334000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.079] VirtualFree (lpAddress=0xc0002f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.079] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.079] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.080] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0028*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00018f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0028*, lpNumberOfCharsWritten=0xc00018f818*=0x2) returned 1 [0115.082] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.089] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0115.090] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.091] SetEvent (hEvent=0x1d0) returned 1 [0115.091] SetEvent (hEvent=0x1dc) returned 1 [0115.091] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.091] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0128*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00018d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0128*, lpNumberOfCharsWritten=0xc00018d818*=0x2) returned 1 [0115.092] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.096] SetEvent (hEvent=0xfc) returned 1 [0115.096] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.102] SetEvent (hEvent=0xfc) returned 1 [0115.102] SetEvent (hEvent=0x1dc) returned 1 [0115.102] VirtualFree (lpAddress=0xc0002fa000, dwSize=0x2a000, dwFreeType=0x4000) returned 1 [0115.103] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.104] VirtualFree (lpAddress=0xc000052000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0115.104] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.104] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.105] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc0006dd818*=0x2) returned 1 [0115.108] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.109] SetEvent (hEvent=0x1dc) returned 1 [0115.109] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0115.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0115.111] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004dbcf4 | out: lpMode=0xc0004dbcf4) returned 0 [0115.111] GetFileType (hFile=0x1b0) returned 0x1 [0115.112] GetFileType (hFile=0x1b0) returned 0x1 [0115.112] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0004dbd44 | out: lpFileInformation=0xc0004dbd44) returned 1 [0115.112] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0004dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dbd28) returned 1 [0115.112] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0115.112] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000be000, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesRead=0xc0004dbc04*=0x43, lpOverlapped=0x0) returned 1 [0115.113] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000be043, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be043*, lpNumberOfBytesRead=0xc0004dbc04*=0x0, lpOverlapped=0x0) returned 1 [0115.113] CloseHandle (hObject=0x1b0) returned 1 [0115.113] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0115.114] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0115.122] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0115.122] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini\\*", lpFindFileData=0xc0004dba08 | out: lpFindFileData=0xc0004dba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0115.123] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0004db720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0115.123] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003ca000*, nNumberOfCharsToWrite=0x94, lpNumberOfCharsWritten=0xc0004db808, lpReserved=0x0 | out: lpBuffer=0xc0003ca000*, lpNumberOfCharsWritten=0xc0004db808*=0x94) returned 1 [0115.125] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0115.126] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0115.126] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0115.126] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc0004dbd64 | out: lpMode=0xc0004dbd64) returned 0 [0115.127] GetFileType (hFile=0x214) returned 0x1 [0115.128] WriteFile (in: hFile=0x214, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0004dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0115.128] CloseHandle (hObject=0x214) returned 1 [0115.131] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0115.132] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0115.181] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.181] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0115.181] SetEvent (hEvent=0x1f8) returned 1 [0115.181] SetEvent (hEvent=0xfc) returned 1 [0115.182] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.187] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0115.187] SetEvent (hEvent=0xfc) returned 1 [0115.187] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.203] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.225] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.234] SetEvent (hEvent=0x12c) returned 1 [0115.234] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.236] SetEvent (hEvent=0x12c) returned 1 [0115.236] SetEvent (hEvent=0x1dc) returned 1 [0115.237] VirtualFree (lpAddress=0xc0002a4000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0115.237] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0115.238] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.238] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.238] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0115.239] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.239] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010050*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00018f818, lpReserved=0x0 | out: lpBuffer=0xc000010050*, lpNumberOfCharsWritten=0xc00018f818*=0x2) returned 1 [0115.242] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.249] SetEvent (hEvent=0x1f8) returned 1 [0115.249] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.251] SetEvent (hEvent=0x1f8) returned 1 [0115.251] SwitchToThread () returned 1 [0115.251] SetEvent (hEvent=0x1dc) returned 1 [0115.251] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0115.252] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0115.252] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0115.253] SetEvent (hEvent=0x1f8) returned 1 [0115.253] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0115.253] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00018fcf4 | out: lpMode=0xc00018fcf4) returned 0 [0115.254] GetFileType (hFile=0x1b4) returned 0x1 [0115.254] GetFileType (hFile=0x1b4) returned 0x1 [0115.254] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc00018fd44 | out: lpFileInformation=0xc00018fd44) returned 1 [0115.254] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc00018fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018fd28) returned 1 [0115.254] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00003e000, nNumberOfBytesToRead=0x8a6, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003e000*, lpNumberOfBytesRead=0xc00018fc04*=0x6a6, lpOverlapped=0x0) returned 1 [0115.270] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00003e6a6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003e6a6*, lpNumberOfBytesRead=0xc00018fc04*=0x0, lpOverlapped=0x0) returned 1 [0115.270] CloseHandle (hObject=0x1b4) returned 1 [0115.270] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0115.270] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0115.273] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00018fd04 | out: lpMode=0xc00018fd04) returned 0 [0115.277] GetFileType (hFile=0x1b4) returned 0x1 [0115.277] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00007c000*, nNumberOfBytesToWrite=0x6b0, lpNumberOfBytesWritten=0xc00018fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesWritten=0xc00018fcec*=0x6b0, lpOverlapped=0x0) returned 1 [0115.278] CloseHandle (hObject=0x1b4) returned 1 [0115.279] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0115.279] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0115.279] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00018fd64 | out: lpMode=0xc00018fd64) returned 0 [0115.281] GetFileType (hFile=0x1b4) returned 0x1 [0115.281] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00018fd4c*=0x158, lpOverlapped=0x0) returned 1 [0115.281] CloseHandle (hObject=0x1b4) returned 1 [0115.284] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\google_plus_16dp[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\google_plus_16dp[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-google_plus_16dp[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-google_plus_16dp[1].png"), dwFlags=0x1) returned 1 [0115.319] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0115.319] SetEvent (hEvent=0x1d0) returned 1 [0115.319] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0115.320] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.339] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0115.339] SetEvent (hEvent=0x1d0) returned 1 [0115.339] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.344] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.344] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.370] SetEvent (hEvent=0x1dc) returned 1 [0115.371] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.372] SetEvent (hEvent=0x1dc) returned 1 [0115.372] SetEvent (hEvent=0x198) returned 1 [0115.372] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0115.373] VirtualFree (lpAddress=0xc00025a000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0115.374] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.374] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.374] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.375] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.375] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.375] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.376] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.376] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010158*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000155818, lpReserved=0x0 | out: lpBuffer=0xc000010158*, lpNumberOfCharsWritten=0xc000155818*=0x2) returned 1 [0115.377] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.385] SetEvent (hEvent=0x1f8) returned 1 [0115.385] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.387] SetEvent (hEvent=0x1f8) returned 1 [0115.387] SetEvent (hEvent=0x198) returned 1 [0115.387] VirtualFree (lpAddress=0xc000180000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0115.387] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0115.387] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.388] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.388] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.388] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.389] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.389] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0115.389] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.390] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.390] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000f3818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc0000f3818*=0x2) returned 1 [0115.391] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.396] SetEvent (hEvent=0xfc) returned 1 [0115.396] SetEvent (hEvent=0x198) returned 1 [0115.396] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[2]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x210 [0115.396] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc0000f9cf4 | out: lpMode=0xc0000f9cf4) returned 0 [0115.397] GetFileType (hFile=0x210) returned 0x1 [0115.397] GetFileType (hFile=0x210) returned 0x1 [0115.397] GetFileInformationByHandle (in: hFile=0x210, lpFileInformation=0xc0000f9d44 | out: lpFileInformation=0xc0000f9d44) returned 1 [0115.397] GetFileInformationByHandleEx (in: hFile=0x210, FileInformationClass=0x9, lpFileInformation=0xc0000f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f9d28) returned 1 [0115.397] ReadFile (in: hFile=0x210, lpBuffer=0xc0000b6000, nNumberOfBytesToRead=0x2f29, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesRead=0xc0000f9c04*=0x2d29, lpOverlapped=0x0) returned 1 [0115.399] ReadFile (in: hFile=0x210, lpBuffer=0xc0000b8d29, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b8d29*, lpNumberOfBytesRead=0xc0000f9c04*=0x0, lpOverlapped=0x0) returned 1 [0115.399] CloseHandle (hObject=0x210) returned 1 [0115.400] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[2]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0115.404] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc0000f9d04 | out: lpMode=0xc0000f9d04) returned 0 [0115.405] GetFileType (hFile=0x210) returned 0x1 [0115.405] WriteFile (in: hFile=0x210, lpBuffer=0xc0000b9000*, nNumberOfBytesToWrite=0x2d30, lpNumberOfBytesWritten=0xc0000f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000b9000*, lpNumberOfBytesWritten=0xc0000f9cec*=0x2d30, lpOverlapped=0x0) returned 1 [0115.406] CloseHandle (hObject=0x210) returned 1 [0115.406] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0115.406] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0115.407] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0115.407] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0115.408] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0115.408] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[2]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0115.408] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc0000f9d64 | out: lpMode=0xc0000f9d64) returned 0 [0115.409] GetFileType (hFile=0x210) returned 0x1 [0115.409] WriteFile (in: hFile=0x210, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0115.409] CloseHandle (hObject=0x210) returned 1 [0115.409] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0115.410] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[2]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-v2[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-v2[2]"), dwFlags=0x1) returned 1 [0115.460] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0115.460] SetEvent (hEvent=0x12c) returned 1 [0115.460] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0115.461] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.487] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.487] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0115.487] SetEvent (hEvent=0x12c) returned 1 [0115.487] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.496] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.496] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.526] SetEvent (hEvent=0x198) returned 1 [0115.526] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.534] SetEvent (hEvent=0x1f8) returned 1 [0115.534] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.539] SetEvent (hEvent=0xfc) returned 1 [0115.539] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.544] SetEvent (hEvent=0x1f8) returned 1 [0115.545] SetEvent (hEvent=0x1d0) returned 1 [0115.545] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x208 [0115.548] GetConsoleMode (in: hConsoleHandle=0x208, lpMode=0xc00015fcf4 | out: lpMode=0xc00015fcf4) returned 0 [0115.550] GetFileType (hFile=0x208) returned 0x1 [0115.550] GetFileType (hFile=0x208) returned 0x1 [0115.550] GetFileInformationByHandle (in: hFile=0x208, lpFileInformation=0xc00015fd44 | out: lpFileInformation=0xc00015fd44) returned 1 [0115.550] GetFileInformationByHandleEx (in: hFile=0x208, FileInformationClass=0x9, lpFileInformation=0xc00015fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015fd28) returned 1 [0115.550] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0115.551] ReadFile (in: hFile=0x208, lpBuffer=0xc0000fc000, nNumberOfBytesToRead=0x95e, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc000*, lpNumberOfBytesRead=0xc00015fc04*=0x75e, lpOverlapped=0x0) returned 1 [0115.560] ReadFile (in: hFile=0x208, lpBuffer=0xc0000fc75e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc75e*, lpNumberOfBytesRead=0xc00015fc04*=0x0, lpOverlapped=0x0) returned 1 [0115.560] CloseHandle (hObject=0x208) returned 1 [0115.560] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0115.561] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0115.562] GetConsoleMode (in: hConsoleHandle=0x208, lpMode=0xc00015fd04 | out: lpMode=0xc00015fd04) returned 0 [0115.572] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.580] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.581] SetEvent (hEvent=0xfc) returned 1 [0115.581] SetEvent (hEvent=0x12c) returned 1 [0115.581] SetEvent (hEvent=0x1dc) returned 1 [0115.581] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x204 [0115.608] GetConsoleMode (in: hConsoleHandle=0x204, lpMode=0xc0006dfcf4 | out: lpMode=0xc0006dfcf4) returned 0 [0115.610] GetFileType (hFile=0x204) returned 0x1 [0115.610] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0115.610] GetFileType (hFile=0x204) returned 0x1 [0115.610] GetFileInformationByHandle (in: hFile=0x204, lpFileInformation=0xc0006dfd44 | out: lpFileInformation=0xc0006dfd44) returned 1 [0115.610] GetFileInformationByHandleEx (in: hFile=0x204, FileInformationClass=0x9, lpFileInformation=0xc0006dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006dfd28) returned 1 [0115.610] ReadFile (in: hFile=0x204, lpBuffer=0xc0000b6000, nNumberOfBytesToRead=0x298e, lpNumberOfBytesRead=0xc0006dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesRead=0xc0006dfc04*=0x278e, lpOverlapped=0x0) returned 1 [0115.615] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.623] ReadFile (in: hFile=0x204, lpBuffer=0xc0000b878e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b878e*, lpNumberOfBytesRead=0xc0006dfc04*=0x0, lpOverlapped=0x0) returned 1 [0115.623] CloseHandle (hObject=0x204) returned 1 [0115.623] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0115.624] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x200 [0115.638] GetConsoleMode (in: hConsoleHandle=0x200, lpMode=0xc0006dfd04 | out: lpMode=0xc0006dfd04) returned 0 [0115.642] GetFileType (hFile=0x200) returned 0x1 [0115.642] WriteFile (in: hFile=0x200, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x2790, lpNumberOfBytesWritten=0xc0006dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc0006dfcec*=0x2790, lpOverlapped=0x0) returned 1 [0115.644] CloseHandle (hObject=0x200) returned 1 [0115.652] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0115.699] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001101 | out: pbBuffer=0xc000001101) returned 1 [0115.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0115.699] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0xc0006dfd64 | out: lpMode=0xc0006dfd64) returned 0 [0115.700] GetFileType (hFile=0x1ac) returned 0x1 [0115.700] WriteFile (in: hFile=0x1ac, lpBuffer=0xc0001826e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001826e0*, lpNumberOfBytesWritten=0xc0006dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0115.700] CloseHandle (hObject=0x1ac) returned 1 [0115.704] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmo09p[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamo09p[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-AAmo09p[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-aamo09p[1].jpg"), dwFlags=0x1) returned 1 [0116.157] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.158] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0116.158] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0116.158] SetEvent (hEvent=0xc0) returned 1 [0116.158] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00019d500, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x348 [0116.164] CloseHandle (hObject=0x348) returned 1 [0116.164] SetEvent (hEvent=0x340) returned 1 [0116.164] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00019d880, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x348 [0116.176] CloseHandle (hObject=0x348) returned 1 [0116.177] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x348 [0116.178] GetConsoleMode (in: hConsoleHandle=0x348, lpMode=0xc00010fcf4 | out: lpMode=0xc00010fcf4) returned 0 [0116.180] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0116.205] GetFileType (hFile=0x348) returned 0x1 [0116.205] GetFileType (hFile=0x348) returned 0x1 [0116.205] GetFileInformationByHandle (in: hFile=0x348, lpFileInformation=0xc00010fd44 | out: lpFileInformation=0xc00010fd44) returned 1 [0116.205] GetFileInformationByHandleEx (in: hFile=0x348, FileInformationClass=0x9, lpFileInformation=0xc00010fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010fd28) returned 1 [0116.205] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0116.206] ReadFile (in: hFile=0x348, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x19af, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc00010fc04*=0x17af, lpOverlapped=0x0) returned 1 [0116.209] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0116.214] ReadFile (in: hFile=0x348, lpBuffer=0xc0002317af, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002317af*, lpNumberOfBytesRead=0xc00010fc04*=0x0, lpOverlapped=0x0) returned 1 [0116.214] CloseHandle (hObject=0x348) returned 1 [0116.214] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0116.215] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0116.281] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00010fd04 | out: lpMode=0xc00010fd04) returned 0 [0116.286] GetFileType (hFile=0x240) returned 0x1 [0116.286] WriteFile (in: hFile=0x240, lpBuffer=0xc00004e000*, nNumberOfBytesToWrite=0x17b0, lpNumberOfBytesWritten=0xc00010fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesWritten=0xc00010fcec*=0x17b0, lpOverlapped=0x0) returned 1 [0116.288] CloseHandle (hObject=0x240) returned 1 [0116.290] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0701 | out: pbBuffer=0xc0002f0701) returned 1 [0116.290] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0116.290] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0116.291] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0116.292] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0116.292] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0116.293] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x348 [0116.293] GetConsoleMode (in: hConsoleHandle=0x348, lpMode=0xc00010fd64 | out: lpMode=0xc00010fd64) returned 0 [0116.294] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0116.296] GetFileType (hFile=0x348) returned 0x1 [0116.296] WriteFile (in: hFile=0x348, lpBuffer=0xc0000ce2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce2c0*, lpNumberOfBytesWritten=0xc00010fd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.296] CloseHandle (hObject=0x348) returned 1 [0116.300] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0oQi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0oqi[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBC0oQi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbc0oqi[1].jpg"), dwFlags=0x1) returned 1 [0116.921] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0116.924] SetEvent (hEvent=0x1dc) returned 1 [0116.924] SetEvent (hEvent=0x2b0) returned 1 [0116.924] SwitchToThread () returned 1 [0116.926] SetEvent (hEvent=0x1dc) returned 1 [0116.926] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0116.927] SetEvent (hEvent=0x1dc) returned 1 [0116.927] SetEvent (hEvent=0x2b0) returned 1 [0116.927] SetEvent (hEvent=0x1f8) returned 1 [0116.928] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0117.367] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0117.367] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00018fcf4 | out: lpMode=0xc00018fcf4) returned 0 [0117.368] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0117.520] GetFileType (hFile=0x384) returned 0x1 [0117.520] GetFileType (hFile=0x384) returned 0x1 [0117.520] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc00018fd44 | out: lpFileInformation=0xc00018fd44) returned 1 [0117.520] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc00018fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018fd28) returned 1 [0117.520] ReadFile (in: hFile=0x384, lpBuffer=0xc00032ea80, nNumberOfBytesToRead=0xa6f, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00032ea80*, lpNumberOfBytesRead=0xc00018fc04*=0x86f, lpOverlapped=0x0) returned 1 [0117.524] ReadFile (in: hFile=0x384, lpBuffer=0xc00032f2ef, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00032f2ef*, lpNumberOfBytesRead=0xc00018fc04*=0x0, lpOverlapped=0x0) returned 1 [0117.524] CloseHandle (hObject=0x384) returned 1 [0117.524] VirtualAlloc (lpAddress=0xc00033c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033c000 [0117.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0117.685] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0117.726] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc00018fd04 | out: lpMode=0xc00018fd04) returned 0 [0117.727] GetFileType (hFile=0x1ec) returned 0x1 [0117.727] WriteFile (in: hFile=0x1ec, lpBuffer=0xc00033c000*, nNumberOfBytesToWrite=0x870, lpNumberOfBytesWritten=0xc00018fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00033c000*, lpNumberOfBytesWritten=0xc00018fcec*=0x870, lpOverlapped=0x0) returned 1 [0117.729] CloseHandle (hObject=0x1ec) returned 1 [0117.740] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0117.776] SetEvent (hEvent=0x234) returned 1 [0117.776] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0117.816] SetEvent (hEvent=0x114) returned 1 [0117.816] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0117.823] GetFileType (hFile=0x260) returned 0x1 [0117.823] WriteFile (in: hFile=0x260, lpBuffer=0xc00000a270*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0xc000171cec, lpOverlapped=0x0 | out: lpBuffer=0xc00000a270*, lpNumberOfBytesWritten=0xc000171cec*=0x30, lpOverlapped=0x0) returned 1 [0117.826] CloseHandle (hObject=0x260) returned 1 [0117.829] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001101 | out: pbBuffer=0xc000001101) returned 1 [0117.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0117.830] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc000171d64 | out: lpMode=0xc000171d64) returned 0 [0117.830] GetFileType (hFile=0x3d0) returned 0x1 [0117.830] WriteFile (in: hFile=0x3d0, lpBuffer=0xc0004cec60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000171d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0004cec60*, lpNumberOfBytesWritten=0xc000171d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.830] CloseHandle (hObject=0x3d0) returned 1 [0117.835] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-collect[1].gif"), dwFlags=0x1) returned 1 [0118.429] SetEvent (hEvent=0x234) returned 1 [0118.429] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0118.773] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0118.773] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc00017bcf4 | out: lpMode=0xc00017bcf4) returned 0 [0118.775] GetFileType (hFile=0x2b4) returned 0x1 [0118.775] GetFileType (hFile=0x2b4) returned 0x1 [0118.775] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc00017bd44 | out: lpFileInformation=0xc00017bd44) returned 1 [0118.776] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc00017bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00017bd28) returned 1 [0118.776] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0118.777] ReadFile (in: hFile=0x2b4, lpBuffer=0xc0002e2000, nNumberOfBytesToRead=0x2061, lpNumberOfBytesRead=0xc00017bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesRead=0xc00017bc04*=0x1e61, lpOverlapped=0x0) returned 1 [0118.786] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0118.873] ReadFile (in: hFile=0x2b4, lpBuffer=0xc0002e3e61, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00017bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e3e61*, lpNumberOfBytesRead=0xc00017bc04*=0x0, lpOverlapped=0x0) returned 1 [0118.873] CloseHandle (hObject=0x2b4) returned 1 [0118.873] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0118.873] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0118.874] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0118.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0118.876] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc00017bd04 | out: lpMode=0xc00017bd04) returned 0 [0118.880] GetFileType (hFile=0x2b4) returned 0x1 [0118.880] WriteFile (in: hFile=0x2b4, lpBuffer=0xc00024e000*, nNumberOfBytesToWrite=0x1e70, lpNumberOfBytesWritten=0xc00017bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00024e000*, lpNumberOfBytesWritten=0xc00017bcec*=0x1e70, lpOverlapped=0x0) returned 1 [0118.882] CloseHandle (hObject=0x2b4) returned 1 [0118.882] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a401 | out: pbBuffer=0xc00031a401) returned 1 [0118.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0118.882] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc00017bd64 | out: lpMode=0xc00017bd64) returned 0 [0118.884] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0118.972] GetFileType (hFile=0x2b4) returned 0x1 [0118.972] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00017bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00017bd4c*=0x158, lpOverlapped=0x0) returned 1 [0118.973] CloseHandle (hObject=0x2b4) returned 1 [0118.974] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0118.974] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0118.975] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBO8ow[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbo8ow[1].jpg"), dwFlags=0x1) returned 1 [0119.109] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0119.110] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0119.110] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0119.110] SetEvent (hEvent=0xc0) returned 1 [0119.110] SetEvent (hEvent=0x234) returned 1 [0119.110] SetEvent (hEvent=0x388) returned 1 [0119.111] SetEvent (hEvent=0x3c0) returned 1 [0119.111] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0119.113] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0119.113] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.115] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.117] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0119.117] SetEvent (hEvent=0x3c0) returned 1 [0119.117] SetEvent (hEvent=0x2b0) returned 1 [0119.117] SetEvent (hEvent=0x9c) returned 1 [0119.117] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.121] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.122] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0119.122] SetEvent (hEvent=0x2b0) returned 1 [0119.122] SetEvent (hEvent=0x9c) returned 1 [0119.122] SetEvent (hEvent=0x3c0) returned 1 [0119.123] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.125] SetEvent (hEvent=0x3c0) returned 1 [0119.125] SetEvent (hEvent=0x9c) returned 1 [0119.125] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.134] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.136] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0119.136] SetEvent (hEvent=0x318) returned 1 [0119.136] SetEvent (hEvent=0x148) returned 1 [0119.136] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.138] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBOaeS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbboaes[1].jpg"), dwFlags=0x1) returned 1 [0119.568] SetEvent (hEvent=0xc0) returned 1 [0119.569] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0119.569] SetEvent (hEvent=0x29c) returned 1 [0119.569] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.570] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0119.570] SetEvent (hEvent=0x29c) returned 1 [0119.570] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0119.571] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0119.571] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0141.491] SetEvent (hEvent=0x3c8) returned 1 [0141.492] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0141.493] SetEvent (hEvent=0xfc) returned 1 [0141.493] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0141.496] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\88w R.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\88w r.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e0 [0141.497] GetConsoleMode (in: hConsoleHandle=0x2e0, lpMode=0xc0001a7cf4 | out: lpMode=0xc0001a7cf4) returned 0 [0141.498] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0141.597] GetFileType (hFile=0x2e0) returned 0x1 [0141.597] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0141.598] GetFileType (hFile=0x2e0) returned 0x1 [0141.598] GetFileInformationByHandle (in: hFile=0x2e0, lpFileInformation=0xc0001a7d44 | out: lpFileInformation=0xc0001a7d44) returned 1 [0141.598] GetFileInformationByHandleEx (in: hFile=0x2e0, FileInformationClass=0x9, lpFileInformation=0xc0001a7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a7d28) returned 1 [0141.598] ReadFile (in: hFile=0x2e0, lpBuffer=0xc0002bf900, nNumberOfBytesToRead=0x1074, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002bf900*, lpNumberOfBytesRead=0xc0001a7c04*=0xe74, lpOverlapped=0x0) returned 1 [0142.550] ReadFile (in: hFile=0x2e0, lpBuffer=0xc0002c0774, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002c0774*, lpNumberOfBytesRead=0xc0001a7c04*=0x0, lpOverlapped=0x0) returned 1 [0142.550] CloseHandle (hObject=0x2e0) returned 1 [0142.551] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\88w R.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\88w r.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e0 [0142.552] GetConsoleMode (in: hConsoleHandle=0x2e0, lpMode=0xc0001a7d04 | out: lpMode=0xc0001a7d04) returned 0 [0142.667] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0143.517] GetFileType (hFile=0x2e0) returned 0x1 [0143.517] WriteFile (in: hFile=0x2e0, lpBuffer=0xc00033d000*, nNumberOfBytesToWrite=0xe80, lpNumberOfBytesWritten=0xc0001a7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00033d000*, lpNumberOfBytesWritten=0xc0001a7cec*=0xe80, lpOverlapped=0x0) returned 1 [0143.518] CloseHandle (hObject=0x2e0) returned 1 [0143.518] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0143.518] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\88w R.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\88w r.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e0 [0143.518] GetConsoleMode (in: hConsoleHandle=0x2e0, lpMode=0xc0001a7d64 | out: lpMode=0xc0001a7d64) returned 0 [0143.524] GetFileType (hFile=0x2e0) returned 0x1 [0143.524] WriteFile (in: hFile=0x2e0, lpBuffer=0xc00007ef20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007ef20*, lpNumberOfBytesWritten=0xc0001a7d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.524] CloseHandle (hObject=0x2e0) returned 1 [0143.525] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\88w R.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\88w r.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-88w R.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-88w r.lnk"), dwFlags=0x1) returned 1 [0143.527] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.528] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f698, ulCount=0x10, ulNumEntriesRemoved=0x28b0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f698, ulNumEntriesRemoved=0x28b0f66c) returned 0 [0143.528] SetEvent (hEvent=0xc0) returned 1 [0143.528] SetEvent (hEvent=0x9f8) returned 1 [0143.528] SetEvent (hEvent=0x164) returned 1 [0143.528] SetEvent (hEvent=0x414) returned 1 [0143.530] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.539] SetEvent (hEvent=0x414) returned 1 [0143.539] SetEvent (hEvent=0x164) returned 1 [0143.539] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe08*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.549] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe30*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.550] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28b0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28b0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28b0f6a0, ulNumEntriesRemoved=0x28b0f674) returned 0 [0143.550] SetEvent (hEvent=0xc0) returned 1 [0143.550] SetEvent (hEvent=0x9f8) returned 1 [0143.550] SetEvent (hEvent=0x414) returned 1 [0143.550] SetEvent (hEvent=0x164) returned 1 [0143.550] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28b0fe18*=0x120, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.561] SetEvent (hEvent=0xa00) returned 1 [0143.561] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0143.564] SetEvent (hEvent=0xb28) returned 1 [0143.564] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0143.579] SetEvent (hEvent=0xb30) returned 1 [0143.580] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0143.601] SetEvent (hEvent=0x970) returned 1 [0143.601] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0143.607] SetEvent (hEvent=0x970) returned 1 [0143.608] SetEvent (hEvent=0xb38) returned 1 [0143.608] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0143.614] SetEvent (hEvent=0xbd8) returned 1 [0143.614] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0143.619] SetEvent (hEvent=0xa20) returned 1 [0143.619] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0143.641] SetEvent (hEvent=0xa28) returned 1 [0143.641] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) returned 0x0 [0143.648] SetEvent (hEvent=0xa30) returned 1 [0143.648] WaitForSingleObject (hHandle=0x120, dwMilliseconds=0xffffffff) Thread: id = 18 os_tid = 0x804 [0089.961] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x28d0fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x28d0fea0*=0x134) returned 1 [0089.961] VirtualQuery (in: lpAddress=0x28d0fec0, lpBuffer=0x28d0fec0, dwLength=0x30 | out: lpBuffer=0x28d0fec0*(BaseAddress=0x28d0f000, AllocationBase=0x28b10000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0089.961] SetEvent (hEvent=0x114) returned 1 [0089.962] SetEvent (hEvent=0x9c) returned 1 [0089.962] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x12c [0089.962] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x138 [0089.962] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0090.051] SetEvent (hEvent=0x13c) returned 1 [0090.051] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0090.053] SetEvent (hEvent=0x120) returned 1 [0090.053] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0090.258] SetEvent (hEvent=0x114) returned 1 [0090.258] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0090.335] SetEvent (hEvent=0x120) returned 1 [0090.335] SetEvent (hEvent=0x13c) returned 1 [0090.336] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0090.337] SetEvent (hEvent=0x120) returned 1 [0090.337] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0090.350] SetEvent (hEvent=0x120) returned 1 [0090.350] SetEvent (hEvent=0x13c) returned 1 [0090.350] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0090.350] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0090.350] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00011bcf4 | out: lpMode=0xc00011bcf4) returned 0 [0090.352] GetFileType (hFile=0x144) returned 0x1 [0090.353] GetFileType (hFile=0x144) returned 0x1 [0090.353] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc00011bd44 | out: lpFileInformation=0xc00011bd44) returned 1 [0090.353] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc00011bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00011bd28) returned 1 [0090.353] ReadFile (in: hFile=0x144, lpBuffer=0xc00012d000, nNumberOfBytesToRead=0x4638, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00012d000*, lpNumberOfBytesRead=0xc00011bc04*=0x4438, lpOverlapped=0x0) returned 1 [0090.353] ReadFile (in: hFile=0x144, lpBuffer=0xc000131438, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000131438*, lpNumberOfBytesRead=0xc00011bc04*=0x0, lpOverlapped=0x0) returned 1 [0090.353] CloseHandle (hObject=0x144) returned 1 [0090.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0090.355] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00011bd04 | out: lpMode=0xc00011bd04) returned 0 [0090.358] GetFileType (hFile=0x144) returned 0x1 [0090.358] WriteFile (in: hFile=0x144, lpBuffer=0xc000131800*, nNumberOfBytesToWrite=0x4440, lpNumberOfBytesWritten=0xc00011bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000131800*, lpNumberOfBytesWritten=0xc00011bcec*=0x4440, lpOverlapped=0x0) returned 1 [0090.359] CloseHandle (hObject=0x144) returned 1 [0090.361] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0090.361] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.cdf-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0090.361] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00011bd64 | out: lpMode=0xc00011bd64) returned 0 [0090.366] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0090.378] SetEvent (hEvent=0x120) returned 1 [0090.378] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0090.379] SetEvent (hEvent=0x120) returned 1 [0090.379] SetEvent (hEvent=0x114) returned 1 [0090.379] VirtualFree (lpAddress=0xc000124000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0090.380] VirtualFree (lpAddress=0xc0000e8000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0090.381] VirtualFree (lpAddress=0xc000078000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0090.381] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.382] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.382] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.382] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0090.383] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.383] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0090.383] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\goog...app_baa8013a79450f71_0001.0003_290679d077f4cfec\\googleupdatesetup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0090.384] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0000c3cf4 | out: lpMode=0xc0000c3cf4) returned 0 [0090.392] GetFileType (hFile=0x148) returned 0x1 [0090.392] GetFileType (hFile=0x148) returned 0x1 [0090.392] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc0000c3d44 | out: lpFileInformation=0xc0000c3d44) returned 1 [0090.392] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc0000c3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c3d28) returned 1 [0090.392] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x116000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0090.416] ReadFile (in: hFile=0x148, lpBuffer=0xc00058e000, nNumberOfBytesToRead=0x114158, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesRead=0xc0000c3c04*=0x113f58, lpOverlapped=0x0) returned 1 [0090.479] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0090.596] ReadFile (in: hFile=0x148, lpBuffer=0xc0006a1f58, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006a1f58*, lpNumberOfBytesRead=0xc0000c3c04*=0x8, lpOverlapped=0x0) returned 1 [0090.710] VirtualFree (lpAddress=0xc000260000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0090.710] VirtualFree (lpAddress=0xc00012a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0090.711] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0090.711] VirtualFree (lpAddress=0xc0000f4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0090.711] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.711] VirtualFree (lpAddress=0xc000062000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0090.712] VirtualFree (lpAddress=0xc00005a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0090.712] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0090.713] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0090.713] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0090.713] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf8 [0090.714] GetConsoleMode (in: hConsoleHandle=0xf8, lpMode=0xc0004d9d64 | out: lpMode=0xc0004d9d64) returned 0 [0090.714] GetFileType (hFile=0xf8) returned 0x1 [0090.714] WriteFile (in: hFile=0xf8, lpBuffer=0xc0000f8420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000f8420*, lpNumberOfBytesWritten=0xc0004d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0090.715] CloseHandle (hObject=0xf8) returned 1 [0090.732] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\adobesysfnt10.lst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\encry-AdobeSysFnt10.lst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\encry-adobesysfnt10.lst"), dwFlags=0x1) returned 1 [0090.733] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586208*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c7818, lpReserved=0x0 | out: lpBuffer=0xc000586208*, lpNumberOfCharsWritten=0xc0000c7818*=0x3) returned 1 [0090.746] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586220*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000047818, lpReserved=0x0 | out: lpBuffer=0xc000586220*, lpNumberOfCharsWritten=0xc000047818*=0x3) returned 1 [0090.771] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0130*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0130*, lpNumberOfCharsWritten=0xc0006e1818*=0x3) returned 1 [0090.773] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0090.774] SetEvent (hEvent=0x120) returned 1 [0090.774] VirtualAlloc (lpAddress=0xc000148000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000148000 [0090.774] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0136*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0136*, lpNumberOfCharsWritten=0xc0000c5818*=0x3) returned 1 [0090.775] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0090.838] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006df818, lpReserved=0x0 | out: lpBuffer=0xc0005861f0*, lpNumberOfCharsWritten=0xc0006df818*=0x3) returned 1 [0090.866] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0090.873] SetEvent (hEvent=0x120) returned 1 [0090.873] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.023] SetEvent (hEvent=0x100) returned 1 [0091.023] SetEvent (hEvent=0x120) returned 1 [0091.023] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.097] SetEvent (hEvent=0x120) returned 1 [0091.097] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.163] SetEvent (hEvent=0x108) returned 1 [0091.163] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.188] SetEvent (hEvent=0x108) returned 1 [0091.188] SetEvent (hEvent=0xb8) returned 1 [0091.188] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.218] SwitchToThread () returned 1 [0091.218] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.221] SetEvent (hEvent=0xb8) returned 1 [0091.221] VirtualFree (lpAddress=0xc000148000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.221] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.222] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0091.222] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.222] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.223] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.223] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0091.223] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0091.224] VirtualAlloc (lpAddress=0xc00014a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014a000 [0091.224] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0091.224] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000065cf4 | out: lpMode=0xc000065cf4) returned 0 [0091.244] GetFileType (hFile=0xf4) returned 0x1 [0091.244] GetFileType (hFile=0xf4) returned 0x1 [0091.244] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000065d44 | out: lpFileInformation=0xc000065d44) returned 1 [0091.244] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000065d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000065d28) returned 1 [0091.244] VirtualAlloc (lpAddress=0xc00014c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014c000 [0091.245] VirtualAlloc (lpAddress=0xc00014e000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014e000 [0091.246] ReadFile (in: hFile=0xf4, lpBuffer=0xc00014e000, nNumberOfBytesToRead=0x2200, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc00014e000*, lpNumberOfBytesRead=0xc000065c04*=0x2000, lpOverlapped=0x0) returned 1 [0091.319] ReadFile (in: hFile=0xf4, lpBuffer=0xc000150000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc000150000*, lpNumberOfBytesRead=0xc000065c04*=0x0, lpOverlapped=0x0) returned 1 [0091.319] CloseHandle (hObject=0xf4) returned 1 [0091.319] VirtualAlloc (lpAddress=0xc000224000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0091.320] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0091.321] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000065d04 | out: lpMode=0xc000065d04) returned 0 [0091.333] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.356] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.357] SetEvent (hEvent=0x108) returned 1 [0091.357] SetEvent (hEvent=0x120) returned 1 [0091.357] VirtualFree (lpAddress=0xc000180000, dwSize=0x60000, dwFreeType=0x4000) returned 1 [0091.360] VirtualFree (lpAddress=0xc00014a000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0091.361] VirtualFree (lpAddress=0xc000128000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0091.362] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.362] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0091.362] VirtualFree (lpAddress=0xc0000ec000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0091.362] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.363] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.363] VirtualFree (lpAddress=0xc00004c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0091.363] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.364] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.364] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0091.364] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000c5cf4 | out: lpMode=0xc0000c5cf4) returned 0 [0091.365] GetFileType (hFile=0x154) returned 0x1 [0091.365] GetFileType (hFile=0x154) returned 0x1 [0091.365] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc0000c5d44 | out: lpFileInformation=0xc0000c5d44) returned 1 [0091.365] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc0000c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c5d28) returned 1 [0091.365] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0091.365] ReadFile (in: hFile=0x154, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x1e00, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc0000c5c04*=0x1c00, lpOverlapped=0x0) returned 1 [0091.373] ReadFile (in: hFile=0x154, lpBuffer=0xc00003dc00, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003dc00*, lpNumberOfBytesRead=0xc0000c5c04*=0x0, lpOverlapped=0x0) returned 1 [0091.373] CloseHandle (hObject=0x154) returned 1 [0091.374] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0091.374] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0091.374] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0091.375] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0091.376] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000c5d04 | out: lpMode=0xc0000c5d04) returned 0 [0091.478] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.479] GetFileType (hFile=0x154) returned 0x1 [0091.479] WriteFile (in: hFile=0x154, lpBuffer=0xc0000e4000*, nNumberOfBytesToWrite=0x1c10, lpNumberOfBytesWritten=0xc0000c5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesWritten=0xc0000c5cec*=0x1c10, lpOverlapped=0x0) returned 1 [0091.480] CloseHandle (hObject=0x154) returned 1 [0091.481] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0091.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0091.482] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000c5d64 | out: lpMode=0xc0000c5d64) returned 0 [0091.482] GetFileType (hFile=0x154) returned 0x1 [0091.482] WriteFile (in: hFile=0x154, lpBuffer=0xc0000d89a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d89a0*, lpNumberOfBytesWritten=0xc0000c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0091.482] CloseHandle (hObject=0x154) returned 1 [0091.483] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-cookies"), dwFlags=0x1) returned 1 [0091.484] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.485] SetEvent (hEvent=0x108) returned 1 [0091.485] SetEvent (hEvent=0x120) returned 1 [0091.485] VirtualFree (lpAddress=0xc0001e0000, dwSize=0x44000, dwFreeType=0x4000) returned 1 [0091.487] VirtualFree (lpAddress=0xc000162000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0091.488] VirtualFree (lpAddress=0xc000122000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.488] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0091.488] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.488] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0340*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000045818, lpReserved=0x0 | out: lpBuffer=0xc0000a0340*, lpNumberOfCharsWritten=0xc000045818*=0x3) returned 1 [0091.494] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.496] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0346*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00011b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0346*, lpNumberOfCharsWritten=0xc00011b818*=0x3) returned 1 [0091.498] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e000*, nNumberOfCharsToWrite=0x19a, lpNumberOfCharsWritten=0xc00010d808, lpReserved=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfCharsWritten=0xc00010d808*=0x19a) returned 1 [0091.562] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000119818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc000119818*=0x3) returned 1 [0091.564] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.610] SetEvent (hEvent=0x13c) returned 1 [0091.610] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.683] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0091.694] ReadFile (in: hFile=0x150, lpBuffer=0xc000180000, nNumberOfBytesToRead=0x80370, lpNumberOfBytesRead=0xc0006dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesRead=0xc0006dfc04*=0x80170, lpOverlapped=0x0) returned 1 [0091.713] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.715] ReadFile (in: hFile=0x150, lpBuffer=0xc000200170, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000200170*, lpNumberOfBytesRead=0xc0006dfc04*=0x0, lpOverlapped=0x0) returned 1 [0091.715] CloseHandle (hObject=0x150) returned 1 [0091.715] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0091.716] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0091.716] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0091.717] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0091.755] VirtualAlloc (lpAddress=0xc0000f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f4000 [0091.756] VirtualAlloc (lpAddress=0xc0000f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f6000 [0091.756] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0091.763] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0006dfd04 | out: lpMode=0xc0006dfd04) returned 0 [0091.764] GetFileType (hFile=0x150) returned 0x1 [0091.764] WriteFile (in: hFile=0x150, lpBuffer=0xc000232000*, nNumberOfBytesToWrite=0x80180, lpNumberOfBytesWritten=0xc0006dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000232000*, lpNumberOfBytesWritten=0xc0006dfcec*=0x80180, lpOverlapped=0x0) returned 1 [0091.778] CloseHandle (hObject=0x150) returned 1 [0091.791] VirtualAlloc (lpAddress=0xc0000f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f8000 [0091.791] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0091.791] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0091.792] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0091.792] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0091.793] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0091.793] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0091.793] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0091.794] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0006dfd64 | out: lpMode=0xc0006dfd64) returned 0 [0091.795] GetFileType (hFile=0x150) returned 0x1 [0091.795] WriteFile (in: hFile=0x150, lpBuffer=0xc0000f4580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000f4580*, lpNumberOfBytesWritten=0xc0006dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0091.795] CloseHandle (hObject=0x150) returned 1 [0091.801] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0091.801] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0091.802] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\encry-index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\encry-index"), dwFlags=0x1) returned 1 [0091.803] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.804] SetEvent (hEvent=0x120) returned 1 [0091.804] SetEvent (hEvent=0x108) returned 1 [0091.804] VirtualFree (lpAddress=0xc000224000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0091.804] VirtualFree (lpAddress=0xc000178000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.805] VirtualFree (lpAddress=0xc00016a000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0091.805] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0091.805] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.806] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0091.806] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.806] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.807] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0091.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0091.807] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0004dbcf4 | out: lpMode=0xc0004dbcf4) returned 0 [0091.811] GetFileType (hFile=0x150) returned 0x1 [0091.811] GetFileType (hFile=0x150) returned 0x1 [0091.811] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0004dbd44 | out: lpFileInformation=0xc0004dbd44) returned 1 [0091.811] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0004dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dbd28) returned 1 [0091.811] ReadFile (in: hFile=0x150, lpBuffer=0xc0000ba700, nNumberOfBytesToRead=0x326, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ba700*, lpNumberOfBytesRead=0xc0004dbc04*=0x126, lpOverlapped=0x0) returned 1 [0091.813] ReadFile (in: hFile=0x150, lpBuffer=0xc0000ba826, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ba826*, lpNumberOfBytesRead=0xc0004dbc04*=0x0, lpOverlapped=0x0) returned 1 [0091.813] CloseHandle (hObject=0x150) returned 1 [0091.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0091.814] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0004dbd04 | out: lpMode=0xc0004dbd04) returned 0 [0091.817] GetFileType (hFile=0x150) returned 0x1 [0091.817] WriteFile (in: hFile=0x150, lpBuffer=0xc0003ca000*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0xc0004dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003ca000*, lpNumberOfBytesWritten=0xc0004dbcec*=0x130, lpOverlapped=0x0) returned 1 [0091.818] CloseHandle (hObject=0x150) returned 1 [0091.821] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0091.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0091.821] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0004dbd64 | out: lpMode=0xc0004dbd64) returned 0 [0091.823] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.826] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0091.963] SwitchToThread () returned 1 [0092.059] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0092.609] SwitchToThread () returned 1 [0092.618] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current tabs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Current Tabs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-current tabs"), dwFlags=0x1) returned 1 [0092.618] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0092.620] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0092.621] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0092.621] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00011bcf4 | out: lpMode=0xc00011bcf4) returned 0 [0092.624] GetFileType (hFile=0xec) returned 0x1 [0092.624] GetFileType (hFile=0xec) returned 0x1 [0092.624] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00011bd44 | out: lpFileInformation=0xc00011bd44) returned 1 [0092.624] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00011bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00011bd28) returned 1 [0092.624] ReadFile (in: hFile=0xec, lpBuffer=0xc00011c700, nNumberOfBytesToRead=0x356, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c700*, lpNumberOfBytesRead=0xc00011bc04*=0x156, lpOverlapped=0x0) returned 1 [0092.625] ReadFile (in: hFile=0xec, lpBuffer=0xc00011c856, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c856*, lpNumberOfBytesRead=0xc00011bc04*=0x0, lpOverlapped=0x0) returned 1 [0092.625] CloseHandle (hObject=0xec) returned 1 [0092.625] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0092.626] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0092.627] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00011bd04 | out: lpMode=0xc00011bd04) returned 0 [0092.628] GetFileType (hFile=0xec) returned 0x1 [0092.628] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0xc00011bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc00011bcec*=0x160, lpOverlapped=0x0) returned 1 [0092.629] CloseHandle (hObject=0xec) returned 1 [0092.633] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0092.633] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0092.633] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00011bd64 | out: lpMode=0xc00011bd64) returned 0 [0092.634] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0092.693] GetFileType (hFile=0xec) returned 0x1 [0092.693] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00011bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00011bd4c*=0x158, lpOverlapped=0x0) returned 1 [0092.693] CloseHandle (hObject=0xec) returned 1 [0092.695] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0092.695] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0092.695] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0092.696] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0092.696] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\encry-000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\encry-000003.log"), dwFlags=0x1) returned 1 [0092.758] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0092.773] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0092.773] SetEvent (hEvent=0x108) returned 1 [0092.773] SetEvent (hEvent=0x100) returned 1 [0092.773] SetEvent (hEvent=0x114) returned 1 [0092.773] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0092.774] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0092.776] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0092.776] SetEvent (hEvent=0x100) returned 1 [0092.776] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0092.781] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0092.781] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0092.781] SetEvent (hEvent=0x120) returned 1 [0092.781] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0092.789] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0092.789] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0092.789] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82556720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0092.789] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824d3190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0092.789] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0092.789] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0092.789] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0092.789] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0092.789] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0092.790] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0092.791] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\000003.log"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82556720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4ad)) returned 1 [0092.792] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\current"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824d3190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0092.792] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\lock"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0092.793] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0092.793] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\log"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a)) returned 1 [0092.793] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\manifest-000001"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29)) returned 1 [0092.794] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0092.794] VirtualAlloc (lpAddress=0xc0000f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f4000 [0092.794] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0092.799] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0092.810] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0092.869] SwitchToThread () returned 1 [0092.891] VirtualAlloc (lpAddress=0xc000174000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000174000 [0092.891] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0092.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state\\lock"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0092.892] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000045cf4 | out: lpMode=0xc000045cf4) returned 0 [0092.899] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0092.900] SetEvent (hEvent=0xb8) returned 1 [0092.900] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0092.927] SetEvent (hEvent=0xb8) returned 1 [0092.927] SetEvent (hEvent=0x13c) returned 1 [0092.927] SetEvent (hEvent=0x120) returned 1 [0092.927] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.015] SwitchToThread () returned 1 [0093.016] SetEvent (hEvent=0xb8) returned 1 [0093.016] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.038] SwitchToThread () returned 1 [0093.047] SetEvent (hEvent=0xb8) returned 1 [0093.048] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.049] SetEvent (hEvent=0xb8) returned 1 [0093.049] SetEvent (hEvent=0x114) returned 1 [0093.050] SetEvent (hEvent=0x13c) returned 1 [0093.050] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.053] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.053] SetEvent (hEvent=0xb8) returned 1 [0093.053] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.057] SetEvent (hEvent=0xb8) returned 1 [0093.057] SetEvent (hEvent=0x120) returned 1 [0093.057] VirtualFree (lpAddress=0xc000156000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.058] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.058] VirtualFree (lpAddress=0xc0000f4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.058] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.059] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.059] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0093.059] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.060] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.060] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861a8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000067818, lpReserved=0x0 | out: lpBuffer=0xc0005861a8*, lpNumberOfCharsWritten=0xc000067818*=0x3) returned 1 [0093.068] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004db818, lpReserved=0x0 | out: lpBuffer=0xc0005861b0*, lpNumberOfCharsWritten=0xc0004db818*=0x3) returned 1 [0093.074] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861b6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000069818, lpReserved=0x0 | out: lpBuffer=0xc0005861b6*, lpNumberOfCharsWritten=0xc000069818*=0x3) returned 1 [0093.086] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004df818, lpReserved=0x0 | out: lpBuffer=0xc0005861f0*, lpNumberOfCharsWritten=0xc0004df818*=0x3) returned 1 [0093.103] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586380*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00011b818, lpReserved=0x0 | out: lpBuffer=0xc000586380*, lpNumberOfCharsWritten=0xc00011b818*=0x3) returned 1 [0093.107] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.133] SetEvent (hEvent=0x114) returned 1 [0093.133] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.216] SetEvent (hEvent=0x8c) returned 1 [0093.216] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0093.217] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000065cf4 | out: lpMode=0xc000065cf4) returned 0 [0093.217] GetFileType (hFile=0xf4) returned 0x1 [0093.217] GetFileType (hFile=0xf4) returned 0x1 [0093.217] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000065d44 | out: lpFileInformation=0xc000065d44) returned 1 [0093.218] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000065d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000065d28) returned 1 [0093.218] ReadFile (in: hFile=0xf4, lpBuffer=0xc00013c300, nNumberOfBytesToRead=0x2d7, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013c300*, lpNumberOfBytesRead=0xc000065c04*=0xd7, lpOverlapped=0x0) returned 1 [0093.219] ReadFile (in: hFile=0xf4, lpBuffer=0xc00013c3d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013c3d7*, lpNumberOfBytesRead=0xc000065c04*=0x0, lpOverlapped=0x0) returned 1 [0093.219] CloseHandle (hObject=0xf4) returned 1 [0093.219] VirtualAlloc (lpAddress=0xc00018a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00018a000 [0093.219] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0093.221] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000065d04 | out: lpMode=0xc000065d04) returned 0 [0093.221] GetFileType (hFile=0xf4) returned 0x1 [0093.222] WriteFile (in: hFile=0xf4, lpBuffer=0xc00018a000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000065cec, lpOverlapped=0x0 | out: lpBuffer=0xc00018a000*, lpNumberOfBytesWritten=0xc000065cec*=0xe0, lpOverlapped=0x0) returned 1 [0093.223] CloseHandle (hObject=0xf4) returned 1 [0093.224] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0093.225] VirtualAlloc (lpAddress=0xc00018c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00018c000 [0093.225] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0093.226] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000065d64 | out: lpMode=0xc000065d64) returned 0 [0093.235] GetFileType (hFile=0xf4) returned 0x1 [0093.235] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000065d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000065d4c*=0x158, lpOverlapped=0x0) returned 1 [0093.235] CloseHandle (hObject=0xf4) returned 1 [0093.236] VirtualAlloc (lpAddress=0xc00018e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00018e000 [0093.237] VirtualAlloc (lpAddress=0xc000190000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000190000 [0093.237] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.264] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.329] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0093.329] SetEvent (hEvent=0xc0) returned 1 [0093.329] SetEvent (hEvent=0x13c) returned 1 [0093.329] SetEvent (hEvent=0x114) returned 1 [0093.329] VirtualAlloc (lpAddress=0xc000192000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000192000 [0093.331] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.367] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.367] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.376] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0093.376] SetEvent (hEvent=0x8c) returned 1 [0093.376] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.419] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0093.419] SetEvent (hEvent=0xb8) returned 1 [0093.419] SetEvent (hEvent=0x114) returned 1 [0093.419] SetEvent (hEvent=0x100) returned 1 [0093.419] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0093.420] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.421] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.421] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.425] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.425] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.426] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.426] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0093.426] SetEvent (hEvent=0xc0) returned 1 [0093.426] SetEvent (hEvent=0x8c) returned 1 [0093.426] SetEvent (hEvent=0x120) returned 1 [0093.426] SetEvent (hEvent=0x100) returned 1 [0093.426] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.442] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0093.442] SetEvent (hEvent=0x114) returned 1 [0093.442] SetEvent (hEvent=0x8c) returned 1 [0093.442] SetEvent (hEvent=0xb8) returned 1 [0093.442] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.444] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.444] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.446] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0093.446] SetEvent (hEvent=0x13c) returned 1 [0093.447] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.468] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0093.469] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0093.469] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0093.469] VirtualAlloc (lpAddress=0xc0001a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a8000 [0093.470] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0093.470] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000047cf4 | out: lpMode=0xc000047cf4) returned 0 [0093.528] GetFileType (hFile=0xec) returned 0x1 [0093.528] VirtualAlloc (lpAddress=0xc0001aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001aa000 [0093.529] GetFileType (hFile=0xec) returned 0x1 [0093.529] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000047d44 | out: lpFileInformation=0xc000047d44) returned 1 [0093.529] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000047d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000047d28) returned 1 [0093.529] VirtualAlloc (lpAddress=0xc0001ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ac000 [0093.529] VirtualAlloc (lpAddress=0xc0001ae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ae000 [0093.530] ReadFile (in: hFile=0xec, lpBuffer=0xc0001ae000, nNumberOfBytesToRead=0x2d6, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ae000*, lpNumberOfBytesRead=0xc000047c04*=0xd6, lpOverlapped=0x0) returned 1 [0093.531] ReadFile (in: hFile=0xec, lpBuffer=0xc0001ae0d6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ae0d6*, lpNumberOfBytesRead=0xc000047c04*=0x0, lpOverlapped=0x0) returned 1 [0093.531] CloseHandle (hObject=0xec) returned 1 [0093.531] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0093.531] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0093.531] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0093.532] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0093.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0093.534] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000047d04 | out: lpMode=0xc000047d04) returned 0 [0093.581] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.596] GetFileType (hFile=0xec) returned 0x1 [0093.596] WriteFile (in: hFile=0xec, lpBuffer=0xc0001b6000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000047cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001b6000*, lpNumberOfBytesWritten=0xc000047cec*=0xe0, lpOverlapped=0x0) returned 1 [0093.597] CloseHandle (hObject=0xec) returned 1 [0093.600] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0093.600] VirtualAlloc (lpAddress=0xc0001b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b8000 [0093.600] VirtualAlloc (lpAddress=0xc0001ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ba000 [0093.601] VirtualAlloc (lpAddress=0xc0001bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001bc000 [0093.601] VirtualAlloc (lpAddress=0xc0001be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001be000 [0093.602] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0093.602] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0093.603] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0093.603] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000047d64 | out: lpMode=0xc000047d64) returned 0 [0093.604] GetFileType (hFile=0xec) returned 0x1 [0093.604] WriteFile (in: hFile=0xec, lpBuffer=0xc0001c22c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000047d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c22c0*, lpNumberOfBytesWritten=0xc000047d4c*=0x158, lpOverlapped=0x0) returned 1 [0093.604] CloseHandle (hObject=0xec) returned 1 [0093.605] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.606] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.613] SetEvent (hEvent=0x13c) returned 1 [0093.613] SetEvent (hEvent=0x120) returned 1 [0093.613] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.614] VirtualFree (lpAddress=0xc00021c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.614] VirtualFree (lpAddress=0xc0001a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.614] VirtualFree (lpAddress=0xc00019a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0093.615] VirtualFree (lpAddress=0xc000178000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.615] VirtualFree (lpAddress=0xc00016c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0093.615] VirtualFree (lpAddress=0xc000164000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0093.616] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.616] VirtualFree (lpAddress=0xc00004e000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0093.616] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861b8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000115818, lpReserved=0x0 | out: lpBuffer=0xc0005861b8*, lpNumberOfCharsWritten=0xc000115818*=0x3) returned 1 [0093.623] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c5818, lpReserved=0x0 | out: lpBuffer=0xc0005861f0*, lpNumberOfCharsWritten=0xc0000c5818*=0x3) returned 1 [0093.638] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861f6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000045818, lpReserved=0x0 | out: lpBuffer=0xc0005861f6*, lpNumberOfCharsWritten=0xc000045818*=0x3) returned 1 [0093.640] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.646] SetEvent (hEvent=0x13c) returned 1 [0093.646] SwitchToThread () returned 1 [0093.649] SetEvent (hEvent=0x13c) returned 1 [0093.649] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.649] SetEvent (hEvent=0x13c) returned 1 [0093.649] SetEvent (hEvent=0x100) returned 1 [0093.649] SetEvent (hEvent=0x120) returned 1 [0093.649] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.668] SetEvent (hEvent=0x120) returned 1 [0093.668] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.670] SetEvent (hEvent=0x13c) returned 1 [0093.670] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.673] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.677] SetEvent (hEvent=0x120) returned 1 [0093.677] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.677] SetEvent (hEvent=0x100) returned 1 [0093.677] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.681] SetEvent (hEvent=0x120) returned 1 [0093.681] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.726] SetEvent (hEvent=0x120) returned 1 [0093.726] SetEvent (hEvent=0x13c) returned 1 [0093.726] SwitchToThread () returned 1 [0093.729] SetEvent (hEvent=0x120) returned 1 [0093.729] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.730] SetEvent (hEvent=0x100) returned 1 [0093.730] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.739] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.739] SetEvent (hEvent=0x120) returned 1 [0093.740] SetEvent (hEvent=0x100) returned 1 [0093.740] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.740] VirtualFree (lpAddress=0xc000236000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.740] VirtualFree (lpAddress=0xc0001ce000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.740] VirtualFree (lpAddress=0xc0001bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.741] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.741] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.741] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.741] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.741] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6)) returned 1 [0093.741] VirtualAlloc (lpAddress=0xc00023c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023c000 [0093.742] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.743] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.743] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.743] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.743] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.743] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.743] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0)) returned 1 [0093.743] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.746] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.747] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.767] SetEvent (hEvent=0x120) returned 1 [0093.767] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.769] SetEvent (hEvent=0x100) returned 1 [0093.769] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.773] SetEvent (hEvent=0x114) returned 1 [0093.773] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.816] SetEvent (hEvent=0x120) returned 1 [0093.816] SetEvent (hEvent=0x114) returned 1 [0093.816] SetEvent (hEvent=0x100) returned 1 [0093.817] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0093.883] SetEvent (hEvent=0x114) returned 1 [0093.883] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0094.184] SetEvent (hEvent=0x13c) returned 1 [0094.184] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0094.188] SetEvent (hEvent=0x8c) returned 1 [0094.188] SetEvent (hEvent=0x120) returned 1 [0094.188] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0094.188] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000115cf4 | out: lpMode=0xc000115cf4) returned 0 [0094.192] GetFileType (hFile=0x128) returned 0x1 [0094.192] GetFileType (hFile=0x128) returned 0x1 [0094.192] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000115d44 | out: lpFileInformation=0xc000115d44) returned 1 [0094.192] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000115d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000115d28) returned 1 [0094.192] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0094.192] ReadFile (in: hFile=0x128, lpBuffer=0xc00027c000, nNumberOfBytesToRead=0x30e, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesRead=0xc000115c04*=0x10e, lpOverlapped=0x0) returned 1 [0094.193] ReadFile (in: hFile=0x128, lpBuffer=0xc00027c10e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c10e*, lpNumberOfBytesRead=0xc000115c04*=0x0, lpOverlapped=0x0) returned 1 [0094.194] CloseHandle (hObject=0x128) returned 1 [0094.194] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0094.194] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0094.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0094.195] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000115d04 | out: lpMode=0xc000115d04) returned 0 [0094.216] GetFileType (hFile=0x128) returned 0x1 [0094.216] WriteFile (in: hFile=0x128, lpBuffer=0xc0003d2900*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000115cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2900*, lpNumberOfBytesWritten=0xc000115cec*=0x110, lpOverlapped=0x0) returned 1 [0094.218] CloseHandle (hObject=0x128) returned 1 [0094.220] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0094.220] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0094.221] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0094.221] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0094.222] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000115d64 | out: lpMode=0xc000115d64) returned 0 [0094.228] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0094.236] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0094.238] SetEvent (hEvent=0x100) returned 1 [0094.238] VirtualFree (lpAddress=0xc00027c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.238] VirtualFree (lpAddress=0xc000270000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.239] VirtualFree (lpAddress=0xc000180000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0094.239] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.239] VirtualFree (lpAddress=0xc0000f4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.240] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.240] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.240] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.240] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.241] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.242] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.242] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0094.243] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.243] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.244] VirtualAlloc (lpAddress=0xc000138000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000138000 [0094.244] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0094.244] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000069cf4 | out: lpMode=0xc000069cf4) returned 0 [0094.251] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0094.257] SetEvent (hEvent=0x8c) returned 1 [0094.257] GetFileType (hFile=0xec) returned 0x1 [0094.257] GetFileType (hFile=0xec) returned 0x1 [0094.257] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000069d44 | out: lpFileInformation=0xc000069d44) returned 1 [0094.257] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000069d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000069d28) returned 1 [0094.257] ReadFile (in: hFile=0xec, lpBuffer=0xc000134700, nNumberOfBytesToRead=0x310, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc000134700*, lpNumberOfBytesRead=0xc000069c04*=0x110, lpOverlapped=0x0) returned 1 [0094.258] ReadFile (in: hFile=0xec, lpBuffer=0xc000134810, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc000134810*, lpNumberOfBytesRead=0xc000069c04*=0x0, lpOverlapped=0x0) returned 1 [0094.258] CloseHandle (hObject=0xec) returned 1 [0094.258] VirtualAlloc (lpAddress=0xc0000f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f8000 [0094.259] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0094.259] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0094.260] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000069d04 | out: lpMode=0xc000069d04) returned 0 [0094.266] GetFileType (hFile=0xec) returned 0x1 [0094.266] WriteFile (in: hFile=0xec, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc000069cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc000069cec*=0x120, lpOverlapped=0x0) returned 1 [0094.267] CloseHandle (hObject=0xec) returned 1 [0094.270] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0094.271] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0094.271] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000069d64 | out: lpMode=0xc000069d64) returned 0 [0094.277] GetFileType (hFile=0xec) returned 0x1 [0094.277] WriteFile (in: hFile=0xec, lpBuffer=0xc000136580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000069d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000136580*, lpNumberOfBytesWritten=0xc000069d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.277] CloseHandle (hObject=0xec) returned 1 [0094.284] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.285] GetFileType (hFile=0x144) returned 0x1 [0094.285] GetFileType (hFile=0x144) returned 0x1 [0094.285] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000253d44 | out: lpFileInformation=0xc000253d44) returned 1 [0094.285] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000253d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000253d28) returned 1 [0094.285] ReadFile (in: hFile=0x144, lpBuffer=0xc000196e00, nNumberOfBytesToRead=0x304, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc000196e00*, lpNumberOfBytesRead=0xc000253c04*=0x104, lpOverlapped=0x0) returned 1 [0094.287] ReadFile (in: hFile=0x144, lpBuffer=0xc000196f04, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc000196f04*, lpNumberOfBytesRead=0xc000253c04*=0x0, lpOverlapped=0x0) returned 1 [0094.287] CloseHandle (hObject=0x144) returned 1 [0094.287] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0094.288] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000253d04 | out: lpMode=0xc000253d04) returned 0 [0094.295] GetFileType (hFile=0x144) returned 0x1 [0094.295] WriteFile (in: hFile=0x144, lpBuffer=0xc000124480*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000253cec, lpOverlapped=0x0 | out: lpBuffer=0xc000124480*, lpNumberOfBytesWritten=0xc000253cec*=0x110, lpOverlapped=0x0) returned 1 [0094.296] CloseHandle (hObject=0x144) returned 1 [0094.325] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532601 | out: pbBuffer=0xc000532601) returned 1 [0094.325] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0094.325] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000253d64 | out: lpMode=0xc000253d64) returned 0 [0094.335] GetFileType (hFile=0x144) returned 0x1 [0094.335] WriteFile (in: hFile=0x144, lpBuffer=0xc0000be6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000253d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be6e0*, lpNumberOfBytesWritten=0xc000253d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.336] CloseHandle (hObject=0x144) returned 1 [0094.336] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.337] SwitchToThread () returned 1 [0094.338] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0094.357] SetEvent (hEvent=0x8c) returned 1 [0094.358] SetEvent (hEvent=0x100) returned 1 [0094.358] SwitchToThread () returned 1 [0094.410] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0094.419] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0094.419] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0094.419] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0094.420] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0094.420] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000129cf4 | out: lpMode=0xc000129cf4) returned 0 [0094.426] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0094.435] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0094.437] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0094.437] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000113cf4 | out: lpMode=0xc000113cf4) returned 0 [0094.439] GetFileType (hFile=0xec) returned 0x1 [0094.439] GetFileType (hFile=0xec) returned 0x1 [0094.439] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000113d44 | out: lpFileInformation=0xc000113d44) returned 1 [0094.440] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000113d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000113d28) returned 1 [0094.440] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0094.440] ReadFile (in: hFile=0xec, lpBuffer=0xc000146000, nNumberOfBytesToRead=0x4d5, lpNumberOfBytesRead=0xc000113c04, lpOverlapped=0x0 | out: lpBuffer=0xc000146000*, lpNumberOfBytesRead=0xc000113c04*=0x2d5, lpOverlapped=0x0) returned 1 [0094.449] ReadFile (in: hFile=0xec, lpBuffer=0xc0001462d5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000113c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001462d5*, lpNumberOfBytesRead=0xc000113c04*=0x0, lpOverlapped=0x0) returned 1 [0094.450] CloseHandle (hObject=0xec) returned 1 [0094.450] VirtualAlloc (lpAddress=0xc000148000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000148000 [0094.450] VirtualAlloc (lpAddress=0xc00014a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014a000 [0094.450] VirtualAlloc (lpAddress=0xc00014c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014c000 [0094.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0094.452] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000113d04 | out: lpMode=0xc000113d04) returned 0 [0094.462] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0094.473] SetEvent (hEvent=0x13c) returned 1 [0094.473] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.200] GetFileType (hFile=0x128) returned 0x1 [0096.200] VirtualAlloc (lpAddress=0xc00017e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017e000 [0096.201] GetFileType (hFile=0x128) returned 0x1 [0096.201] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00012bd44 | out: lpFileInformation=0xc00012bd44) returned 1 [0096.201] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00012bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012bd28) returned 1 [0096.201] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0096.201] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0096.202] ReadFile (in: hFile=0x128, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0x2f9, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc00012bc04*=0xf9, lpOverlapped=0x0) returned 1 [0096.203] ReadFile (in: hFile=0x128, lpBuffer=0xc00011c0f9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c0f9*, lpNumberOfBytesRead=0xc00012bc04*=0x0, lpOverlapped=0x0) returned 1 [0096.203] CloseHandle (hObject=0x128) returned 1 [0096.203] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0096.203] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0096.204] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0096.204] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0096.205] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00012bd04 | out: lpMode=0xc00012bd04) returned 0 [0096.213] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.241] GetFileType (hFile=0x128) returned 0x1 [0096.241] WriteFile (in: hFile=0x128, lpBuffer=0xc000082200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc00012bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000082200*, lpNumberOfBytesWritten=0xc00012bcec*=0x100, lpOverlapped=0x0) returned 1 [0096.242] CloseHandle (hObject=0x128) returned 1 [0096.243] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082501 | out: pbBuffer=0xc000082501) returned 1 [0096.243] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0096.244] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0096.244] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00012bd64 | out: lpMode=0xc00012bd64) returned 0 [0096.244] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.254] GetFileType (hFile=0x128) returned 0x1 [0096.254] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00012bd4c*=0x158, lpOverlapped=0x0) returned 1 [0096.254] CloseHandle (hObject=0x128) returned 1 [0096.255] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.269] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0096.269] SetEvent (hEvent=0x100) returned 1 [0096.269] SetEvent (hEvent=0x8c) returned 1 [0096.270] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.278] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.278] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0096.278] SetEvent (hEvent=0x8c) returned 1 [0096.278] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.284] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.284] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0096.284] SetEvent (hEvent=0xc0) returned 1 [0096.284] SetEvent (hEvent=0x100) returned 1 [0096.285] SetEvent (hEvent=0x15c) returned 1 [0096.285] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.286] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.286] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.289] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.289] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0096.289] SetEvent (hEvent=0x100) returned 1 [0096.289] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.290] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.290] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0096.290] SetEvent (hEvent=0x8c) returned 1 [0096.290] SetEvent (hEvent=0x15c) returned 1 [0096.291] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.295] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.297] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0096.297] SetEvent (hEvent=0x100) returned 1 [0096.297] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.303] GetFileType (hFile=0xf4) returned 0x1 [0096.303] WriteFile (in: hFile=0xf4, lpBuffer=0xc000194000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000113d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000194000*, lpNumberOfBytesWritten=0xc000113d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.316] CloseHandle (hObject=0xf4) returned 1 [0096.317] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.318] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.319] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.319] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0096.319] SetEvent (hEvent=0xc0) returned 1 [0096.319] SetEvent (hEvent=0x15c) returned 1 [0096.319] SetEvent (hEvent=0x9c) returned 1 [0096.320] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.322] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.322] SetEvent (hEvent=0xb8) returned 1 [0096.322] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.336] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.337] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0096.337] SetEvent (hEvent=0xc0) returned 1 [0096.337] SetEvent (hEvent=0xb8) returned 1 [0096.337] SetEvent (hEvent=0x15c) returned 1 [0096.337] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.354] GetFileType (hFile=0x144) returned 0x1 [0096.354] WriteFile (in: hFile=0x144, lpBuffer=0xc0000366c0*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000189cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000366c0*, lpNumberOfBytesWritten=0xc000189cec*=0x110, lpOverlapped=0x0) returned 1 [0096.356] CloseHandle (hObject=0x144) returned 1 [0096.360] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0096.361] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0096.361] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000189d64 | out: lpMode=0xc000189d64) returned 0 [0096.365] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.374] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.375] SetEvent (hEvent=0x100) returned 1 [0096.375] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.379] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0096.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x168 [0096.380] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000151cf4 | out: lpMode=0xc000151cf4) returned 0 [0096.386] GetFileType (hFile=0x168) returned 0x1 [0096.386] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0096.387] GetFileType (hFile=0x168) returned 0x1 [0096.387] GetFileInformationByHandle (in: hFile=0x168, lpFileInformation=0xc000151d44 | out: lpFileInformation=0xc000151d44) returned 1 [0096.387] GetFileInformationByHandleEx (in: hFile=0x168, FileInformationClass=0x9, lpFileInformation=0xc000151d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000151d28) returned 1 [0096.387] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0096.387] ReadFile (in: hFile=0x168, lpBuffer=0xc00007a000, nNumberOfBytesToRead=0x31d, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesRead=0xc000151c04*=0x11d, lpOverlapped=0x0) returned 1 [0096.388] ReadFile (in: hFile=0x168, lpBuffer=0xc00007a11d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a11d*, lpNumberOfBytesRead=0xc000151c04*=0x0, lpOverlapped=0x0) returned 1 [0096.388] CloseHandle (hObject=0x168) returned 1 [0096.388] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0096.389] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0096.390] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000151d04 | out: lpMode=0xc000151d04) returned 0 [0096.421] GetFileType (hFile=0x168) returned 0x1 [0096.421] WriteFile (in: hFile=0x168, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc000151cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc000151cec*=0x120, lpOverlapped=0x0) returned 1 [0096.422] CloseHandle (hObject=0x168) returned 1 [0096.424] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0096.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0096.424] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000151d64 | out: lpMode=0xc000151d64) returned 0 [0096.432] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.436] SetEvent (hEvent=0xb8) returned 1 [0096.437] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.437] SetEvent (hEvent=0xb8) returned 1 [0096.437] SetEvent (hEvent=0x100) returned 1 [0096.437] SetEvent (hEvent=0x8c) returned 1 [0096.437] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.447] SetEvent (hEvent=0x100) returned 1 [0096.447] SwitchToThread () returned 1 [0096.451] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.452] SetEvent (hEvent=0x100) returned 1 [0096.452] VirtualFree (lpAddress=0xc0001a6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.453] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.453] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.453] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.454] VirtualFree (lpAddress=0xc0000f6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.454] VirtualFree (lpAddress=0xc0000f2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.454] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.454] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.455] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.455] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.455] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.455] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0096.456] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0096.457] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x164 [0096.457] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc000257cf4 | out: lpMode=0xc000257cf4) returned 0 [0096.474] GetFileType (hFile=0x164) returned 0x1 [0096.474] GetFileType (hFile=0x164) returned 0x1 [0096.474] GetFileInformationByHandle (in: hFile=0x164, lpFileInformation=0xc000257d44 | out: lpFileInformation=0xc000257d44) returned 1 [0096.474] GetFileInformationByHandleEx (in: hFile=0x164, FileInformationClass=0x9, lpFileInformation=0xc000257d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000257d28) returned 1 [0096.474] ReadFile (in: hFile=0x164, lpBuffer=0xc0000a2a80, nNumberOfBytesToRead=0x307, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2a80*, lpNumberOfBytesRead=0xc000257c04*=0x107, lpOverlapped=0x0) returned 1 [0096.475] ReadFile (in: hFile=0x164, lpBuffer=0xc0000a2b87, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2b87*, lpNumberOfBytesRead=0xc000257c04*=0x0, lpOverlapped=0x0) returned 1 [0096.475] CloseHandle (hObject=0x164) returned 1 [0096.475] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0096.476] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0096.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0096.477] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc000257d04 | out: lpMode=0xc000257d04) returned 0 [0096.549] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.550] GetFileType (hFile=0x164) returned 0x1 [0096.550] WriteFile (in: hFile=0x164, lpBuffer=0xc00013a480*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000257cec, lpOverlapped=0x0 | out: lpBuffer=0xc00013a480*, lpNumberOfBytesWritten=0xc000257cec*=0x110, lpOverlapped=0x0) returned 1 [0096.551] CloseHandle (hObject=0x164) returned 1 [0096.556] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0096.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0096.557] GetConsoleMode (in: hConsoleHandle=0x164, lpMode=0xc000257d64 | out: lpMode=0xc000257d64) returned 0 [0096.557] GetFileType (hFile=0x164) returned 0x1 [0096.557] WriteFile (in: hFile=0x164, lpBuffer=0xc0001469a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000257d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001469a0*, lpNumberOfBytesWritten=0xc000257d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.558] CloseHandle (hObject=0x164) returned 1 [0096.560] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.561] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.562] SetEvent (hEvent=0x100) returned 1 [0096.562] SetEvent (hEvent=0x120) returned 1 [0096.562] VirtualFree (lpAddress=0xc0001a8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.563] VirtualFree (lpAddress=0xc000132000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0096.563] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.563] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.564] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.564] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.564] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.564] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.565] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0338*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0338*, lpNumberOfCharsWritten=0xc00012f818*=0x3) returned 1 [0096.567] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0340*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000045818, lpReserved=0x0 | out: lpBuffer=0xc0000a0340*, lpNumberOfCharsWritten=0xc000045818*=0x3) returned 1 [0096.580] VirtualAlloc (lpAddress=0xc0001aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001aa000 [0096.581] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0346*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc0000a0346*, lpNumberOfCharsWritten=0xc000117818*=0x3) returned 1 [0096.591] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.598] SetEvent (hEvent=0xb8) returned 1 [0096.598] SetEvent (hEvent=0x100) returned 1 [0096.598] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.641] SetEvent (hEvent=0xb8) returned 1 [0096.641] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.642] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0096.642] SetEvent (hEvent=0xc0) returned 1 [0096.642] SetEvent (hEvent=0x9c) returned 1 [0096.642] SetEvent (hEvent=0xb8) returned 1 [0096.642] SetEvent (hEvent=0x8c) returned 1 [0096.642] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.644] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.644] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.644] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0096.644] SetEvent (hEvent=0x100) returned 1 [0096.644] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.647] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0096.648] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0096.648] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0096.648] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0096.649] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000143cf4 | out: lpMode=0xc000143cf4) returned 0 [0096.654] GetFileType (hFile=0x144) returned 0x1 [0096.654] GetFileType (hFile=0x144) returned 0x1 [0096.654] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000143d44 | out: lpFileInformation=0xc000143d44) returned 1 [0096.654] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000143d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000143d28) returned 1 [0096.654] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0096.654] ReadFile (in: hFile=0x144, lpBuffer=0xc000050000, nNumberOfBytesToRead=0x2f2, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesRead=0xc000143c04*=0xf2, lpOverlapped=0x0) returned 1 [0096.655] ReadFile (in: hFile=0x144, lpBuffer=0xc0000500f2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000500f2*, lpNumberOfBytesRead=0xc000143c04*=0x0, lpOverlapped=0x0) returned 1 [0096.655] CloseHandle (hObject=0x144) returned 1 [0096.655] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0096.655] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0096.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0096.657] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000143d04 | out: lpMode=0xc000143d04) returned 0 [0096.669] GetFileType (hFile=0x144) returned 0x1 [0096.669] WriteFile (in: hFile=0x144, lpBuffer=0xc000532000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc000143cec, lpOverlapped=0x0 | out: lpBuffer=0xc000532000*, lpNumberOfBytesWritten=0xc000143cec*=0x100, lpOverlapped=0x0) returned 1 [0096.670] CloseHandle (hObject=0x144) returned 1 [0096.671] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0096.671] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0096.671] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0096.672] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0096.672] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0096.672] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000143d64 | out: lpMode=0xc000143d64) returned 0 [0096.689] GetFileType (hFile=0x144) returned 0x1 [0096.689] WriteFile (in: hFile=0x144, lpBuffer=0xc00006e420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000143d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006e420*, lpNumberOfBytesWritten=0xc000143d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.690] CloseHandle (hObject=0x144) returned 1 [0096.692] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.703] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.706] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.717] SetEvent (hEvent=0x120) returned 1 [0096.717] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.718] SetEvent (hEvent=0x8c) returned 1 [0096.718] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.723] SwitchToThread () returned 1 [0096.724] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.729] SetEvent (hEvent=0x8c) returned 1 [0096.729] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.739] SetEvent (hEvent=0x120) returned 1 [0096.739] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.741] SetEvent (hEvent=0x9c) returned 1 [0096.741] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.743] SwitchToThread () returned 1 [0096.812] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.831] GetFileType (hFile=0xec) returned 0x1 [0096.831] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000259d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000259d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.831] CloseHandle (hObject=0xec) returned 1 [0096.839] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0096.839] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.841] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0096.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0096.842] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000119cf4 | out: lpMode=0xc000119cf4) returned 0 [0096.863] GetFileType (hFile=0xec) returned 0x1 [0096.863] GetFileType (hFile=0xec) returned 0x1 [0096.863] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000119d44 | out: lpFileInformation=0xc000119d44) returned 1 [0096.863] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000119d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000119d28) returned 1 [0096.863] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0096.864] ReadFile (in: hFile=0xec, lpBuffer=0xc000132000, nNumberOfBytesToRead=0x302, lpNumberOfBytesRead=0xc000119c04, lpOverlapped=0x0 | out: lpBuffer=0xc000132000*, lpNumberOfBytesRead=0xc000119c04*=0x102, lpOverlapped=0x0) returned 1 [0096.865] ReadFile (in: hFile=0xec, lpBuffer=0xc000132102, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000119c04, lpOverlapped=0x0 | out: lpBuffer=0xc000132102*, lpNumberOfBytesRead=0xc000119c04*=0x0, lpOverlapped=0x0) returned 1 [0096.865] CloseHandle (hObject=0xec) returned 1 [0096.865] VirtualAlloc (lpAddress=0xc000134000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000134000 [0096.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0096.866] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000119d04 | out: lpMode=0xc000119d04) returned 0 [0096.868] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.870] SetEvent (hEvent=0xc0) returned 1 [0096.870] GetFileType (hFile=0xec) returned 0x1 [0096.870] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.877] SetEvent (hEvent=0x120) returned 1 [0096.877] WriteFile (in: hFile=0xec, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000119cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc000119cec*=0x110, lpOverlapped=0x0) returned 1 [0096.878] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.881] SetEvent (hEvent=0x120) returned 1 [0096.881] CloseHandle (hObject=0xec) returned 1 [0096.883] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0096.883] VirtualAlloc (lpAddress=0xc0001c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c6000 [0096.884] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0096.884] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000119d64 | out: lpMode=0xc000119d64) returned 0 [0096.886] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.888] GetFileType (hFile=0xec) returned 0x1 [0096.888] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000119d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000119d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.888] CloseHandle (hObject=0xec) returned 1 [0096.892] VirtualAlloc (lpAddress=0xc0001c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c8000 [0096.893] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.894] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.894] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0096.895] SetEvent (hEvent=0x100) returned 1 [0096.895] SetEvent (hEvent=0xb8) returned 1 [0096.895] SetEvent (hEvent=0x8c) returned 1 [0096.895] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.900] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.900] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.900] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0096.900] SetEvent (hEvent=0x8c) returned 1 [0096.900] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.902] GetFileType (hFile=0x144) returned 0x1 [0096.902] WriteFile (in: hFile=0x144, lpBuffer=0xc000146000*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0xc000045cec, lpOverlapped=0x0 | out: lpBuffer=0xc000146000*, lpNumberOfBytesWritten=0xc000045cec*=0x160, lpOverlapped=0x0) returned 1 [0096.904] CloseHandle (hObject=0x144) returned 1 [0096.911] VirtualAlloc (lpAddress=0xc0001ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ca000 [0096.912] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0096.912] VirtualAlloc (lpAddress=0xc0001cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001cc000 [0096.912] VirtualAlloc (lpAddress=0xc0001ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ce000 [0096.913] VirtualAlloc (lpAddress=0xc0001d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d0000 [0096.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0096.913] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000045d64 | out: lpMode=0xc000045d64) returned 0 [0096.920] GetFileType (hFile=0x144) returned 0x1 [0096.920] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000045d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000045d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.920] CloseHandle (hObject=0x144) returned 1 [0096.921] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.922] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.923] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0096.923] SetEvent (hEvent=0xc0) returned 1 [0096.923] SetEvent (hEvent=0x120) returned 1 [0096.923] SetEvent (hEvent=0xb8) returned 1 [0096.923] VirtualAlloc (lpAddress=0xc0001d2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d2000 [0096.925] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.930] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.949] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0096.949] SetEvent (hEvent=0x120) returned 1 [0096.949] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.978] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.978] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0096.978] SetEvent (hEvent=0x9c) returned 1 [0096.978] SetEvent (hEvent=0xb8) returned 1 [0096.978] SetEvent (hEvent=0x13c) returned 1 [0096.979] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.981] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.981] SetEvent (hEvent=0xb8) returned 1 [0096.981] SetEvent (hEvent=0x15c) returned 1 [0096.981] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.982] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.982] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.983] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0096.983] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0096.983] SetEvent (hEvent=0x8c) returned 1 [0096.983] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.983] GetFileType (hFile=0xf4) returned 0x1 [0096.983] WriteFile (in: hFile=0xf4, lpBuffer=0xc000146000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000ebd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000146000*, lpNumberOfBytesWritten=0xc0000ebd4c*=0x158, lpOverlapped=0x0) returned 1 [0096.984] CloseHandle (hObject=0xf4) returned 1 [0096.984] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.985] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.986] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0096.986] SetEvent (hEvent=0x120) returned 1 [0096.986] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.987] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.994] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.995] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0096.995] SetEvent (hEvent=0x13c) returned 1 [0096.995] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0096.996] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00012fcf4 | out: lpMode=0xc00012fcf4) returned 0 [0097.007] GetFileType (hFile=0xf4) returned 0x1 [0097.007] VirtualAlloc (lpAddress=0xc0001da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001da000 [0097.007] GetFileType (hFile=0xf4) returned 0x1 [0097.007] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc00012fd44 | out: lpFileInformation=0xc00012fd44) returned 1 [0097.007] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc00012fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012fd28) returned 1 [0097.007] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0097.008] ReadFile (in: hFile=0xf4, lpBuffer=0xc0001dc000, nNumberOfBytesToRead=0x312, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001dc000*, lpNumberOfBytesRead=0xc00012fc04*=0x112, lpOverlapped=0x0) returned 1 [0097.009] ReadFile (in: hFile=0xf4, lpBuffer=0xc0001dc112, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001dc112*, lpNumberOfBytesRead=0xc00012fc04*=0x0, lpOverlapped=0x0) returned 1 [0097.009] CloseHandle (hObject=0xf4) returned 1 [0097.009] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0097.010] VirtualAlloc (lpAddress=0xc0001e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e0000 [0097.010] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0097.010] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0097.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0097.012] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00012fd04 | out: lpMode=0xc00012fd04) returned 0 [0097.018] GetFileType (hFile=0xf4) returned 0x1 [0097.018] WriteFile (in: hFile=0xf4, lpBuffer=0xc0001e4000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc00012fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e4000*, lpNumberOfBytesWritten=0xc00012fcec*=0x120, lpOverlapped=0x0) returned 1 [0097.019] CloseHandle (hObject=0xf4) returned 1 [0097.019] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0097.019] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0097.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0097.020] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00012fd64 | out: lpMode=0xc00012fd64) returned 0 [0097.023] GetFileType (hFile=0xf4) returned 0x1 [0097.023] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0097.026] WriteFile (in: hFile=0xf4, lpBuffer=0xc0001e6000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001e6000*, lpNumberOfBytesWritten=0xc00012fd4c*=0x158, lpOverlapped=0x0) returned 1 [0097.026] CloseHandle (hObject=0xf4) returned 1 [0097.026] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.027] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.028] SetEvent (hEvent=0x9c) returned 1 [0097.028] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.028] SetEvent (hEvent=0x9c) returned 1 [0097.028] SetEvent (hEvent=0x13c) returned 1 [0097.028] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.029] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.029] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.029] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.030] VirtualFree (lpAddress=0xc00004e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0097.031] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00014dcf4 | out: lpMode=0xc00014dcf4) returned 0 [0097.031] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.034] GetFileType (hFile=0xf4) returned 0x1 [0097.034] GetFileType (hFile=0xf4) returned 0x1 [0097.034] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc00014dd44 | out: lpFileInformation=0xc00014dd44) returned 1 [0097.034] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc00014dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014dd28) returned 1 [0097.034] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0097.034] ReadFile (in: hFile=0xf4, lpBuffer=0xc0001e8000, nNumberOfBytesToRead=0x2f6, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e8000*, lpNumberOfBytesRead=0xc00014dc04*=0xf6, lpOverlapped=0x0) returned 1 [0097.035] ReadFile (in: hFile=0xf4, lpBuffer=0xc0001e80f6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e80f6*, lpNumberOfBytesRead=0xc00014dc04*=0x0, lpOverlapped=0x0) returned 1 [0097.035] CloseHandle (hObject=0xf4) returned 1 [0097.036] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0097.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0097.037] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00014dd04 | out: lpMode=0xc00014dd04) returned 0 [0097.037] GetFileType (hFile=0xf4) returned 0x1 [0097.037] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000e0100*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc00014dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e0100*, lpNumberOfBytesWritten=0xc00014dcec*=0x100, lpOverlapped=0x0) returned 1 [0097.038] CloseHandle (hObject=0xf4) returned 1 [0097.039] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0201 | out: pbBuffer=0xc0000e0201) returned 1 [0097.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0097.039] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00014dd64 | out: lpMode=0xc00014dd64) returned 0 [0097.039] GetFileType (hFile=0xf4) returned 0x1 [0097.039] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00014dd4c*=0x158, lpOverlapped=0x0) returned 1 [0097.039] CloseHandle (hObject=0xf4) returned 1 [0097.040] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0097.040] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0097.040] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.046] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.047] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0097.047] SetEvent (hEvent=0x15c) returned 1 [0097.047] SetEvent (hEvent=0x8c) returned 1 [0097.047] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.053] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.102] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0097.102] SetEvent (hEvent=0x15c) returned 1 [0097.102] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.134] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.134] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0097.134] SetEvent (hEvent=0x120) returned 1 [0097.134] SetEvent (hEvent=0x8c) returned 1 [0097.134] SetEvent (hEvent=0xb8) returned 1 [0097.135] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.138] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.138] SetEvent (hEvent=0x8c) returned 1 [0097.138] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.141] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.141] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.142] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.143] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0097.143] SetEvent (hEvent=0x15c) returned 1 [0097.143] SetEvent (hEvent=0x8c) returned 1 [0097.143] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.147] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.147] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.148] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0097.148] SetEvent (hEvent=0x15c) returned 1 [0097.149] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.149] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.153] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0097.153] SetEvent (hEvent=0x15c) returned 1 [0097.154] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.165] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.166] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.166] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0097.166] SetEvent (hEvent=0xc0) returned 1 [0097.166] SetEvent (hEvent=0x13c) returned 1 [0097.167] SetEvent (hEvent=0x8c) returned 1 [0097.167] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0097.169] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.171] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.174] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.175] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0097.175] SetEvent (hEvent=0x13c) returned 1 [0097.175] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.175] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0097.175] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000111cf4 | out: lpMode=0xc000111cf4) returned 0 [0097.178] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.182] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.190] SetEvent (hEvent=0x13c) returned 1 [0097.190] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0097.191] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0097.191] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0097.192] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000115cf4 | out: lpMode=0xc000115cf4) returned 0 [0097.201] GetFileType (hFile=0x154) returned 0x1 [0097.201] GetFileType (hFile=0x154) returned 0x1 [0097.202] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc000115d44 | out: lpFileInformation=0xc000115d44) returned 1 [0097.202] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc000115d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000115d28) returned 1 [0097.202] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0097.202] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0097.202] ReadFile (in: hFile=0x154, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0xf4e, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc000115c04*=0xd4e, lpOverlapped=0x0) returned 1 [0097.214] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.235] SetEvent (hEvent=0xb8) returned 1 [0097.235] ReadFile (in: hFile=0x154, lpBuffer=0xc00011cd4e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011cd4e*, lpNumberOfBytesRead=0xc000115c04*=0x0, lpOverlapped=0x0) returned 1 [0097.235] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.244] CloseHandle (hObject=0x154) returned 1 [0097.245] VirtualAlloc (lpAddress=0xc000282000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000282000 [0097.245] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.247] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000115d04 | out: lpMode=0xc000115d04) returned 0 [0097.247] GetFileType (hFile=0x154) returned 0x1 [0097.247] WriteFile (in: hFile=0x154, lpBuffer=0xc000282000*, nNumberOfBytesToWrite=0xd50, lpNumberOfBytesWritten=0xc000115cec, lpOverlapped=0x0 | out: lpBuffer=0xc000282000*, lpNumberOfBytesWritten=0xc000115cec*=0xd50, lpOverlapped=0x0) returned 1 [0097.249] CloseHandle (hObject=0x154) returned 1 [0097.249] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0097.249] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0097.249] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0097.250] VirtualAlloc (lpAddress=0xc00020a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020a000 [0097.250] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.250] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000115d64 | out: lpMode=0xc000115d64) returned 0 [0097.251] GetFileType (hFile=0x154) returned 0x1 [0097.251] WriteFile (in: hFile=0x154, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000115d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000115d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.251] CloseHandle (hObject=0x154) returned 1 [0097.251] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\encry-128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\encry-128.png"), dwFlags=0x1) returned 1 [0097.252] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.252] SetEvent (hEvent=0x8c) returned 1 [0097.252] SetEvent (hEvent=0x15c) returned 1 [0097.253] VirtualFree (lpAddress=0xc000200000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.253] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.253] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.253] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.254] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.254] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.254] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.255] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0097.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0097.255] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00014fcf4 | out: lpMode=0xc00014fcf4) returned 0 [0097.256] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.258] GetFileType (hFile=0x154) returned 0x1 [0097.258] GetFileType (hFile=0x154) returned 0x1 [0097.258] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc00014fd44 | out: lpFileInformation=0xc00014fd44) returned 1 [0097.258] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc00014fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014fd28) returned 1 [0097.258] ReadFile (in: hFile=0x154, lpBuffer=0xc000208700, nNumberOfBytesToRead=0x308, lpNumberOfBytesRead=0xc00014fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000208700*, lpNumberOfBytesRead=0xc00014fc04*=0x108, lpOverlapped=0x0) returned 1 [0097.259] ReadFile (in: hFile=0x154, lpBuffer=0xc000208808, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000208808*, lpNumberOfBytesRead=0xc00014fc04*=0x0, lpOverlapped=0x0) returned 1 [0097.259] CloseHandle (hObject=0x154) returned 1 [0097.259] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.260] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00014fd04 | out: lpMode=0xc00014fd04) returned 0 [0097.261] GetFileType (hFile=0x154) returned 0x1 [0097.261] WriteFile (in: hFile=0x154, lpBuffer=0xc00005a120*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc00014fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00005a120*, lpNumberOfBytesWritten=0xc00014fcec*=0x110, lpOverlapped=0x0) returned 1 [0097.262] CloseHandle (hObject=0x154) returned 1 [0097.262] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0097.263] VirtualAlloc (lpAddress=0xc00019c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019c000 [0097.263] VirtualAlloc (lpAddress=0xc00019e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019e000 [0097.263] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0097.264] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.264] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00014fd64 | out: lpMode=0xc00014fd64) returned 0 [0097.269] GetFileType (hFile=0x154) returned 0x1 [0097.269] WriteFile (in: hFile=0x154, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00014fd4c*=0x158, lpOverlapped=0x0) returned 1 [0097.269] CloseHandle (hObject=0x154) returned 1 [0097.269] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0097.269] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0097.270] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.270] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.271] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0097.271] SetEvent (hEvent=0xc0) returned 1 [0097.271] SetEvent (hEvent=0x120) returned 1 [0097.271] SetEvent (hEvent=0xb8) returned 1 [0097.271] SetEvent (hEvent=0x13c) returned 1 [0097.271] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0097.274] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.280] SetEvent (hEvent=0x8c) returned 1 [0097.280] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.294] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.294] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0097.294] SetEvent (hEvent=0x8c) returned 1 [0097.294] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.311] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0097.311] SetEvent (hEvent=0x15c) returned 1 [0097.311] SetEvent (hEvent=0x120) returned 1 [0097.312] VirtualAlloc (lpAddress=0xc0001ae000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ae000 [0097.313] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.317] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.317] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.334] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.334] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.334] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.334] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0097.334] SetEvent (hEvent=0xc0) returned 1 [0097.335] SetEvent (hEvent=0x13c) returned 1 [0097.335] SetEvent (hEvent=0xb8) returned 1 [0097.335] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.346] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.346] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.347] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0097.347] SetEvent (hEvent=0xc0) returned 1 [0097.347] SetEvent (hEvent=0x120) returned 1 [0097.347] SetEvent (hEvent=0x8c) returned 1 [0097.348] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.350] SetEvent (hEvent=0x8c) returned 1 [0097.350] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.355] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.356] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0097.356] SetEvent (hEvent=0x8c) returned 1 [0097.356] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.376] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0097.376] SetEvent (hEvent=0xb8) returned 1 [0097.376] SetEvent (hEvent=0x15c) returned 1 [0097.376] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0097.377] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.382] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.382] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.383] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.383] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.384] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0097.384] SetEvent (hEvent=0x13c) returned 1 [0097.384] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0097.385] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000187cf4 | out: lpMode=0xc000187cf4) returned 0 [0097.391] GetFileType (hFile=0xec) returned 0x1 [0097.391] GetFileType (hFile=0xec) returned 0x1 [0097.392] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000187d44 | out: lpFileInformation=0xc000187d44) returned 1 [0097.392] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000187d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000187d28) returned 1 [0097.392] ReadFile (in: hFile=0xec, lpBuffer=0xc000138000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc000138000*, lpNumberOfBytesRead=0xc000187c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.393] ReadFile (in: hFile=0xec, lpBuffer=0xc0001380b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001380b3*, lpNumberOfBytesRead=0xc000187c04*=0x0, lpOverlapped=0x0) returned 1 [0097.393] CloseHandle (hObject=0xec) returned 1 [0097.393] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.394] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000187d04 | out: lpMode=0xc000187d04) returned 0 [0097.404] GetFileType (hFile=0xec) returned 0x1 [0097.404] WriteFile (in: hFile=0xec, lpBuffer=0xc000220000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000187cec, lpOverlapped=0x0 | out: lpBuffer=0xc000220000*, lpNumberOfBytesWritten=0xc000187cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.405] CloseHandle (hObject=0xec) returned 1 [0097.406] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0097.406] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0097.406] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0097.407] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.407] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000187d64 | out: lpMode=0xc000187d64) returned 0 [0097.408] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.415] GetFileType (hFile=0xec) returned 0x1 [0097.415] WriteFile (in: hFile=0xec, lpBuffer=0xc00016a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000187d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a2c0*, lpNumberOfBytesWritten=0xc000187d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.415] CloseHandle (hObject=0xec) returned 1 [0097.415] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.416] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.419] SetEvent (hEvent=0x120) returned 1 [0097.419] SetEvent (hEvent=0x15c) returned 1 [0097.419] VirtualFree (lpAddress=0xc0002a0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.419] VirtualFree (lpAddress=0xc00022e000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.420] VirtualFree (lpAddress=0xc000226000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.420] VirtualFree (lpAddress=0xc000222000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.420] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.421] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.421] VirtualFree (lpAddress=0xc00015c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.421] VirtualFree (lpAddress=0xc000138000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.421] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102048*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc000102048*, lpNumberOfCharsWritten=0xc0006e1818*=0x3) returned 1 [0097.425] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102050*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc000102050*, lpNumberOfCharsWritten=0xc00024d818*=0x3) returned 1 [0097.430] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102056*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000113818, lpReserved=0x0 | out: lpBuffer=0xc000102056*, lpNumberOfCharsWritten=0xc000113818*=0x3) returned 1 [0097.434] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.439] SetEvent (hEvent=0x15c) returned 1 [0097.439] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.460] VirtualFree (lpAddress=0xc0002a8000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.460] VirtualFree (lpAddress=0xc000294000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.461] VirtualFree (lpAddress=0xc00028e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.461] VirtualFree (lpAddress=0xc00025a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.461] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.462] VirtualFree (lpAddress=0xc000220000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.462] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.462] VirtualFree (lpAddress=0xc000158000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.462] VirtualFree (lpAddress=0xc000144000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.463] SetEvent (hEvent=0x15c) returned 1 [0097.463] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.725] SetEvent (hEvent=0x9c) returned 1 [0097.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0097.725] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000f3cf4 | out: lpMode=0xc0000f3cf4) returned 0 [0097.729] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.729] SetEvent (hEvent=0x9c) returned 1 [0097.730] GetFileType (hFile=0xf4) returned 0x1 [0097.730] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.735] SetEvent (hEvent=0x8c) returned 1 [0097.735] GetFileType (hFile=0xf4) returned 0x1 [0097.735] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.742] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc0000f3d44 | out: lpFileInformation=0xc0000f3d44) returned 1 [0097.743] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc0000f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f3d28) returned 1 [0097.743] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.747] SetEvent (hEvent=0x8c) returned 1 [0097.747] SetEvent (hEvent=0x13c) returned 1 [0097.747] SetEvent (hEvent=0x9c) returned 1 [0097.747] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.758] SetEvent (hEvent=0x13c) returned 1 [0097.758] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.761] SetEvent (hEvent=0x9c) returned 1 [0097.761] SetEvent (hEvent=0x100) returned 1 [0097.761] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.763] SetEvent (hEvent=0x8c) returned 1 [0097.763] SetEvent (hEvent=0x100) returned 1 [0097.763] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.791] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.801] SetEvent (hEvent=0x9c) returned 1 [0097.801] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.803] SetEvent (hEvent=0x8c) returned 1 [0097.803] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.804] SetEvent (hEvent=0x120) returned 1 [0097.804] SwitchToThread () returned 1 [0097.807] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.808] SetEvent (hEvent=0x9c) returned 1 [0097.808] SetEvent (hEvent=0x120) returned 1 [0097.808] SetEvent (hEvent=0x13c) returned 1 [0097.808] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.813] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0097.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.814] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0097.814] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.814] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.814] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.814] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.814] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.814] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0097.815] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0097.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.816] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.816] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.816] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.816] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.816] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.816] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.816] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.816] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852d6650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852d6650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852d6650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.825] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.840] SetEvent (hEvent=0x8c) returned 1 [0097.840] SetEvent (hEvent=0x120) returned 1 [0097.840] SetEvent (hEvent=0x13c) returned 1 [0097.840] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.844] SetEvent (hEvent=0x100) returned 1 [0097.844] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.849] VirtualFree (lpAddress=0xc0002e0000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0097.849] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.850] VirtualFree (lpAddress=0xc0001fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.850] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.850] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.850] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.850] VirtualFree (lpAddress=0xc000132000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.851] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0097.851] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0097.851] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0097.852] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000155cf4 | out: lpMode=0xc000155cf4) returned 0 [0097.858] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.890] SetEvent (hEvent=0x100) returned 1 [0097.890] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.898] SetEvent (hEvent=0x13c) returned 1 [0097.898] SetEvent (hEvent=0x8c) returned 1 [0097.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0097.899] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000257cf4 | out: lpMode=0xc000257cf4) returned 0 [0097.900] GetFileType (hFile=0x128) returned 0x1 [0097.900] GetFileType (hFile=0x128) returned 0x1 [0097.901] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000257d44 | out: lpFileInformation=0xc000257d44) returned 1 [0097.901] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000257d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000257d28) returned 1 [0097.901] ReadFile (in: hFile=0x128, lpBuffer=0xc0000362c0, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000362c0*, lpNumberOfBytesRead=0xc000257c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.902] ReadFile (in: hFile=0x128, lpBuffer=0xc000036373, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc000036373*, lpNumberOfBytesRead=0xc000257c04*=0x0, lpOverlapped=0x0) returned 1 [0097.902] CloseHandle (hObject=0x128) returned 1 [0097.902] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0097.903] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000257d04 | out: lpMode=0xc000257d04) returned 0 [0097.912] GetFileType (hFile=0x128) returned 0x1 [0097.912] WriteFile (in: hFile=0x128, lpBuffer=0xc000060000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000257cec, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesWritten=0xc000257cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.913] CloseHandle (hObject=0x128) returned 1 [0097.913] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0097.913] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0097.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0097.913] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000257d64 | out: lpMode=0xc000257d64) returned 0 [0097.921] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.925] SetEvent (hEvent=0x13c) returned 1 [0097.925] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.926] SetEvent (hEvent=0x13c) returned 1 [0097.926] SetEvent (hEvent=0x8c) returned 1 [0097.926] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.926] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.927] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.927] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.927] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.927] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.928] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.928] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.928] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.928] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.929] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.929] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0097.930] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000e5cf4 | out: lpMode=0xc0000e5cf4) returned 0 [0097.931] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.932] GetFileType (hFile=0x154) returned 0x1 [0097.932] GetFileType (hFile=0x154) returned 0x1 [0097.933] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc0000e5d44 | out: lpFileInformation=0xc0000e5d44) returned 1 [0097.933] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc0000e5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000e5d28) returned 1 [0097.933] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0097.933] ReadFile (in: hFile=0x154, lpBuffer=0xc0000fc000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc0000e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc000*, lpNumberOfBytesRead=0xc0000e5c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.934] ReadFile (in: hFile=0x154, lpBuffer=0xc0000fc0b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc0b3*, lpNumberOfBytesRead=0xc0000e5c04*=0x0, lpOverlapped=0x0) returned 1 [0097.934] CloseHandle (hObject=0x154) returned 1 [0097.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.936] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000e5d04 | out: lpMode=0xc0000e5d04) returned 0 [0097.936] GetFileType (hFile=0x154) returned 0x1 [0097.936] WriteFile (in: hFile=0x154, lpBuffer=0xc0001200c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0000e5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001200c0*, lpNumberOfBytesWritten=0xc0000e5cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.937] CloseHandle (hObject=0x154) returned 1 [0097.937] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532801 | out: pbBuffer=0xc000532801) returned 1 [0097.937] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.938] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000e5d64 | out: lpMode=0xc0000e5d64) returned 0 [0097.938] GetFileType (hFile=0x154) returned 0x1 [0097.938] WriteFile (in: hFile=0x154, lpBuffer=0xc000160000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000e5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesWritten=0xc0000e5d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.938] CloseHandle (hObject=0x154) returned 1 [0097.938] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0097.939] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0097.939] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.940] VirtualFree (lpAddress=0xc0002ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.940] VirtualFree (lpAddress=0xc000158000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.941] VirtualFree (lpAddress=0xc000144000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.941] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.941] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.941] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.942] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.942] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.942] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0097.943] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00018bcf4 | out: lpMode=0xc00018bcf4) returned 0 [0097.943] GetFileType (hFile=0x154) returned 0x1 [0097.943] GetFileType (hFile=0x154) returned 0x1 [0097.943] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc00018bd44 | out: lpFileInformation=0xc00018bd44) returned 1 [0097.943] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc00018bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018bd28) returned 1 [0097.943] ReadFile (in: hFile=0x154, lpBuffer=0xc0000fc2c0, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc2c0*, lpNumberOfBytesRead=0xc00018bc04*=0xb3, lpOverlapped=0x0) returned 1 [0097.944] ReadFile (in: hFile=0x154, lpBuffer=0xc0000fc373, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc373*, lpNumberOfBytesRead=0xc00018bc04*=0x0, lpOverlapped=0x0) returned 1 [0097.945] CloseHandle (hObject=0x154) returned 1 [0097.945] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.946] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00018bd04 | out: lpMode=0xc00018bd04) returned 0 [0097.946] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0097.949] GetFileType (hFile=0x154) returned 0x1 [0097.949] WriteFile (in: hFile=0x154, lpBuffer=0xc000120000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc00018bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesWritten=0xc00018bcec*=0xc0, lpOverlapped=0x0) returned 1 [0097.950] CloseHandle (hObject=0x154) returned 1 [0097.950] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0097.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.950] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00018bd64 | out: lpMode=0xc00018bd64) returned 0 [0097.951] GetFileType (hFile=0x154) returned 0x1 [0097.951] WriteFile (in: hFile=0x154, lpBuffer=0xc000160000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesWritten=0xc00018bd4c*=0x158, lpOverlapped=0x0) returned 1 [0097.951] CloseHandle (hObject=0x154) returned 1 [0097.951] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.952] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.953] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.953] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.953] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.953] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.954] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0097.954] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000137cf4 | out: lpMode=0xc000137cf4) returned 0 [0097.954] GetFileType (hFile=0x154) returned 0x1 [0097.954] GetFileType (hFile=0x154) returned 0x1 [0097.954] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc000137d44 | out: lpFileInformation=0xc000137d44) returned 1 [0097.955] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc000137d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000137d28) returned 1 [0097.955] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0097.955] ReadFile (in: hFile=0x154, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x4d8, lpNumberOfBytesRead=0xc000137c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc000137c04*=0x2d8, lpOverlapped=0x0) returned 1 [0097.964] ReadFile (in: hFile=0x154, lpBuffer=0xc0000ee2d8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000137c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee2d8*, lpNumberOfBytesRead=0xc000137c04*=0x0, lpOverlapped=0x0) returned 1 [0097.964] CloseHandle (hObject=0x154) returned 1 [0097.964] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0097.965] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0097.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.966] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000137d04 | out: lpMode=0xc000137d04) returned 0 [0097.967] GetFileType (hFile=0x154) returned 0x1 [0097.967] WriteFile (in: hFile=0x154, lpBuffer=0xc0000fa000*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0xc000137cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesWritten=0xc000137cec*=0x2e0, lpOverlapped=0x0) returned 1 [0097.968] CloseHandle (hObject=0x154) returned 1 [0097.968] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0097.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.969] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000137d64 | out: lpMode=0xc000137d64) returned 0 [0097.980] GetFileType (hFile=0x154) returned 0x1 [0097.980] WriteFile (in: hFile=0x154, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000137d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000137d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.980] CloseHandle (hObject=0x154) returned 1 [0097.980] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0097.981] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0097.981] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\encry-manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\encry-manifest.json"), dwFlags=0x1) returned 1 [0097.982] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.984] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0097.984] SetEvent (hEvent=0xc0) returned 1 [0097.984] SetEvent (hEvent=0x9c) returned 1 [0097.984] SetEvent (hEvent=0x120) returned 1 [0097.984] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.990] SetEvent (hEvent=0x120) returned 1 [0097.990] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.993] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.994] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0097.994] SetEvent (hEvent=0x100) returned 1 [0097.994] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.001] GetFileType (hFile=0x128) returned 0x1 [0098.001] WriteFile (in: hFile=0x128, lpBuffer=0xc0000ce000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000257d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesWritten=0xc000257d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.002] CloseHandle (hObject=0x128) returned 1 [0098.002] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.003] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.005] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0098.005] SetEvent (hEvent=0xc0) returned 1 [0098.005] SetEvent (hEvent=0x120) returned 1 [0098.006] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.009] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.017] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.017] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.018] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0098.018] SetEvent (hEvent=0xc0) returned 1 [0098.018] SetEvent (hEvent=0x13c) returned 1 [0098.018] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.036] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0098.036] SetEvent (hEvent=0x100) returned 1 [0098.036] SetEvent (hEvent=0x9c) returned 1 [0098.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.040] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.041] SetEvent (hEvent=0x100) returned 1 [0098.041] SetEvent (hEvent=0x15c) returned 1 [0098.041] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.042] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.043] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0098.043] SetEvent (hEvent=0x8c) returned 1 [0098.043] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.043] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0098.044] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00013fcf4 | out: lpMode=0xc00013fcf4) returned 0 [0098.049] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.056] GetFileType (hFile=0xec) returned 0x1 [0098.056] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0098.056] GetFileType (hFile=0xec) returned 0x1 [0098.056] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00013fd44 | out: lpFileInformation=0xc00013fd44) returned 1 [0098.056] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00013fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013fd28) returned 1 [0098.056] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0098.057] ReadFile (in: hFile=0xec, lpBuffer=0xc000120000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesRead=0xc00013fc04*=0xb3, lpOverlapped=0x0) returned 1 [0098.058] ReadFile (in: hFile=0xec, lpBuffer=0xc0001200b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001200b3*, lpNumberOfBytesRead=0xc00013fc04*=0x0, lpOverlapped=0x0) returned 1 [0098.058] CloseHandle (hObject=0xec) returned 1 [0098.058] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0098.058] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0098.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0098.060] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00013fd04 | out: lpMode=0xc00013fd04) returned 0 [0098.060] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.072] GetFileType (hFile=0xec) returned 0x1 [0098.072] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0098.072] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0098.073] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d8000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc00013fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesWritten=0xc00013fcec*=0xc0, lpOverlapped=0x0) returned 1 [0098.074] CloseHandle (hObject=0xec) returned 1 [0098.074] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0098.074] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0098.074] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0098.075] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0098.075] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0098.075] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0098.076] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0098.076] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0098.076] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0098.077] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0098.077] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0098.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0098.078] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00013fd64 | out: lpMode=0xc00013fd64) returned 0 [0098.085] GetFileType (hFile=0xec) returned 0x1 [0098.085] WriteFile (in: hFile=0xec, lpBuffer=0xc0000a2580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2580*, lpNumberOfBytesWritten=0xc00013fd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.085] CloseHandle (hObject=0xec) returned 1 [0098.085] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.086] SetEvent (hEvent=0x8c) returned 1 [0098.086] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.108] SetEvent (hEvent=0x9c) returned 1 [0098.108] SetEvent (hEvent=0x8c) returned 1 [0098.108] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.113] SetEvent (hEvent=0x9c) returned 1 [0098.113] SwitchToThread () returned 1 [0098.114] SetEvent (hEvent=0x9c) returned 1 [0098.114] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.115] SetEvent (hEvent=0x100) returned 1 [0098.115] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.124] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586330*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f9818, lpReserved=0x0 | out: lpBuffer=0xc000586330*, lpNumberOfCharsWritten=0xc0000f9818*=0x3) returned 1 [0098.133] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.138] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.139] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000253818, lpReserved=0x0 | out: lpBuffer=0xc0005861f0*, lpNumberOfCharsWritten=0xc000253818*=0x3) returned 1 [0098.147] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861f6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000277818, lpReserved=0x0 | out: lpBuffer=0xc0005861f6*, lpNumberOfCharsWritten=0xc000277818*=0x3) returned 1 [0098.150] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586360*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023f818, lpReserved=0x0 | out: lpBuffer=0xc000586360*, lpNumberOfCharsWritten=0xc00023f818*=0x3) returned 1 [0098.152] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.160] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.162] SetEvent (hEvent=0x100) returned 1 [0098.162] SetEvent (hEvent=0x9c) returned 1 [0098.162] VirtualFree (lpAddress=0xc000158000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.162] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.162] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.163] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.163] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.163] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.163] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.164] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.164] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.164] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102070*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012b818, lpReserved=0x0 | out: lpBuffer=0xc000102070*, lpNumberOfCharsWritten=0xc00012b818*=0x3) returned 1 [0098.172] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102076*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000b9818, lpReserved=0x0 | out: lpBuffer=0xc000102076*, lpNumberOfCharsWritten=0xc0000b9818*=0x3) returned 1 [0098.184] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0098.184] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102110*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00004b818, lpReserved=0x0 | out: lpBuffer=0xc000102110*, lpNumberOfCharsWritten=0xc00004b818*=0x3) returned 1 [0098.191] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.201] SetEvent (hEvent=0x15c) returned 1 [0098.202] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.247] SetEvent (hEvent=0x100) returned 1 [0098.247] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.253] SetEvent (hEvent=0x100) returned 1 [0098.253] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.255] SetEvent (hEvent=0x100) returned 1 [0098.255] SetEvent (hEvent=0x8c) returned 1 [0098.255] SetEvent (hEvent=0x15c) returned 1 [0098.255] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.262] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0098.262] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0098.263] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0001a3cf4 | out: lpMode=0xc0001a3cf4) returned 0 [0098.269] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.270] GetFileType (hFile=0x154) returned 0x1 [0098.270] GetFileType (hFile=0x154) returned 0x1 [0098.270] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc0001a3d44 | out: lpFileInformation=0xc0001a3d44) returned 1 [0098.270] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc0001a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a3d28) returned 1 [0098.271] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0098.271] ReadFile (in: hFile=0x154, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x2d0, lpNumberOfBytesRead=0xc0001a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc0001a3c04*=0xd0, lpOverlapped=0x0) returned 1 [0098.272] ReadFile (in: hFile=0x154, lpBuffer=0xc0000360d0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000360d0*, lpNumberOfBytesRead=0xc0001a3c04*=0x0, lpOverlapped=0x0) returned 1 [0098.272] CloseHandle (hObject=0x154) returned 1 [0098.272] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0098.273] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0098.273] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0098.274] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0001a3d04 | out: lpMode=0xc0001a3d04) returned 0 [0098.279] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.282] GetFileType (hFile=0x154) returned 0x1 [0098.282] WriteFile (in: hFile=0x154, lpBuffer=0xc000040000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0001a3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesWritten=0xc0001a3cec*=0xe0, lpOverlapped=0x0) returned 1 [0098.283] CloseHandle (hObject=0x154) returned 1 [0098.283] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0098.283] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0098.284] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0098.284] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0098.284] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0098.284] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0001a3d64 | out: lpMode=0xc0001a3d64) returned 0 [0098.291] GetFileType (hFile=0x154) returned 0x1 [0098.291] WriteFile (in: hFile=0x154, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.291] CloseHandle (hObject=0x154) returned 1 [0098.291] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0098.292] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00004bcf4 | out: lpMode=0xc00004bcf4) returned 0 [0098.293] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.298] SetEvent (hEvent=0x100) returned 1 [0098.298] GetFileType (hFile=0x154) returned 0x1 [0098.298] GetFileType (hFile=0x154) returned 0x1 [0098.298] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc00004bd44 | out: lpFileInformation=0xc00004bd44) returned 1 [0098.298] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc00004bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00004bd28) returned 1 [0098.298] ReadFile (in: hFile=0x154, lpBuffer=0xc000036300, nNumberOfBytesToRead=0x2e5, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000036300*, lpNumberOfBytesRead=0xc00004bc04*=0xe5, lpOverlapped=0x0) returned 1 [0098.300] ReadFile (in: hFile=0x154, lpBuffer=0xc0000363e5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000363e5*, lpNumberOfBytesRead=0xc00004bc04*=0x0, lpOverlapped=0x0) returned 1 [0098.300] CloseHandle (hObject=0x154) returned 1 [0098.300] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0098.301] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00004bd04 | out: lpMode=0xc00004bd04) returned 0 [0098.305] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.307] GetFileType (hFile=0x154) returned 0x1 [0098.307] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.312] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.318] SetEvent (hEvent=0x120) returned 1 [0098.318] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0098.318] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0098.318] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0098.319] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0098.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0098.319] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001a7cf4 | out: lpMode=0xc0001a7cf4) returned 0 [0098.341] GetFileType (hFile=0x144) returned 0x1 [0098.341] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0098.341] GetFileType (hFile=0x144) returned 0x1 [0098.341] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0001a7d44 | out: lpFileInformation=0xc0001a7d44) returned 1 [0098.341] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0001a7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a7d28) returned 1 [0098.341] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0098.342] ReadFile (in: hFile=0x144, lpBuffer=0xc000146000, nNumberOfBytesToRead=0x2d8, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000146000*, lpNumberOfBytesRead=0xc0001a7c04*=0xd8, lpOverlapped=0x0) returned 1 [0098.343] ReadFile (in: hFile=0x144, lpBuffer=0xc0001460d8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001460d8*, lpNumberOfBytesRead=0xc0001a7c04*=0x0, lpOverlapped=0x0) returned 1 [0098.343] CloseHandle (hObject=0x144) returned 1 [0098.343] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0098.344] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0098.344] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0098.344] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0098.345] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0098.346] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001a7d04 | out: lpMode=0xc0001a7d04) returned 0 [0098.357] GetFileType (hFile=0x144) returned 0x1 [0098.357] WriteFile (in: hFile=0x144, lpBuffer=0xc000164000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0001a7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000164000*, lpNumberOfBytesWritten=0xc0001a7cec*=0xe0, lpOverlapped=0x0) returned 1 [0098.358] CloseHandle (hObject=0x144) returned 1 [0098.359] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0098.359] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0098.359] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0098.359] VirtualAlloc (lpAddress=0xc000200000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000200000 [0098.360] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0098.360] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0098.361] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0098.361] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001a7d64 | out: lpMode=0xc0001a7d64) returned 0 [0098.368] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.380] SetEvent (hEvent=0x100) returned 1 [0098.380] SetEvent (hEvent=0x13c) returned 1 [0098.380] SetEvent (hEvent=0x8c) returned 1 [0098.380] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.388] SetEvent (hEvent=0x120) returned 1 [0098.388] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.391] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.392] SetEvent (hEvent=0x120) returned 1 [0098.392] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.396] SwitchToThread () returned 1 [0098.488] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.495] SetEvent (hEvent=0x100) returned 1 [0098.495] SetEvent (hEvent=0x120) returned 1 [0098.496] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0098.496] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0098.496] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0098.497] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0001a1cf4 | out: lpMode=0xc0001a1cf4) returned 0 [0098.504] GetFileType (hFile=0xf4) returned 0x1 [0098.504] GetFileType (hFile=0xf4) returned 0x1 [0098.504] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc0001a1d44 | out: lpFileInformation=0xc0001a1d44) returned 1 [0098.504] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc0001a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a1d28) returned 1 [0098.504] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0098.504] ReadFile (in: hFile=0xf4, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x2d1, lpNumberOfBytesRead=0xc0001a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc0001a1c04*=0xd1, lpOverlapped=0x0) returned 1 [0098.505] ReadFile (in: hFile=0xf4, lpBuffer=0xc00004c0d1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c0d1*, lpNumberOfBytesRead=0xc0001a1c04*=0x0, lpOverlapped=0x0) returned 1 [0098.505] CloseHandle (hObject=0xf4) returned 1 [0098.506] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0098.506] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0098.507] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0001a1d04 | out: lpMode=0xc0001a1d04) returned 0 [0098.515] GetFileType (hFile=0xf4) returned 0x1 [0098.515] WriteFile (in: hFile=0xf4, lpBuffer=0xc00004e000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0001a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesWritten=0xc0001a1cec*=0xe0, lpOverlapped=0x0) returned 1 [0098.517] CloseHandle (hObject=0xf4) returned 1 [0098.517] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0098.517] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0098.517] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0098.518] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0098.518] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0098.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0098.519] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0001a1d64 | out: lpMode=0xc0001a1d64) returned 0 [0098.523] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.538] GetFileType (hFile=0xf4) returned 0x1 [0098.538] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0098.539] WriteFile (in: hFile=0xf4, lpBuffer=0xc0001c0000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0000*, lpNumberOfBytesWritten=0xc0001a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.539] CloseHandle (hObject=0xf4) returned 1 [0098.539] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.540] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.542] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0098.542] SetEvent (hEvent=0xc0) returned 1 [0098.542] SetEvent (hEvent=0x15c) returned 1 [0098.542] SetEvent (hEvent=0x9c) returned 1 [0098.542] SetEvent (hEvent=0xb8) returned 1 [0098.542] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0098.544] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.548] SetEvent (hEvent=0x120) returned 1 [0098.548] SetEvent (hEvent=0x9c) returned 1 [0098.549] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.550] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.550] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0098.550] SetEvent (hEvent=0x13c) returned 1 [0098.550] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.551] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0098.551] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0000b9cf4 | out: lpMode=0xc0000b9cf4) returned 0 [0098.555] GetFileType (hFile=0x170) returned 0x1 [0098.555] GetFileType (hFile=0x170) returned 0x1 [0098.555] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc0000b9d44 | out: lpFileInformation=0xc0000b9d44) returned 1 [0098.555] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc0000b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000b9d28) returned 1 [0098.555] VirtualAlloc (lpAddress=0xc0001ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ca000 [0098.556] ReadFile (in: hFile=0x170, lpBuffer=0xc0001ca000, nNumberOfBytesToRead=0x2dc, lpNumberOfBytesRead=0xc0000b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ca000*, lpNumberOfBytesRead=0xc0000b9c04*=0xdc, lpOverlapped=0x0) returned 1 [0098.557] ReadFile (in: hFile=0x170, lpBuffer=0xc0001ca0dc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ca0dc*, lpNumberOfBytesRead=0xc0000b9c04*=0x0, lpOverlapped=0x0) returned 1 [0098.557] CloseHandle (hObject=0x170) returned 1 [0098.557] VirtualAlloc (lpAddress=0xc0001cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001cc000 [0098.557] VirtualAlloc (lpAddress=0xc0001ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ce000 [0098.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0098.559] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0000b9d04 | out: lpMode=0xc0000b9d04) returned 0 [0098.572] GetFileType (hFile=0x170) returned 0x1 [0098.572] WriteFile (in: hFile=0x170, lpBuffer=0xc0001ce000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0000b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001ce000*, lpNumberOfBytesWritten=0xc0000b9cec*=0xe0, lpOverlapped=0x0) returned 1 [0098.573] CloseHandle (hObject=0x170) returned 1 [0098.574] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0098.574] VirtualAlloc (lpAddress=0xc0001d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d0000 [0098.574] VirtualAlloc (lpAddress=0xc0001d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d2000 [0098.574] VirtualAlloc (lpAddress=0xc0001d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d4000 [0098.575] VirtualAlloc (lpAddress=0xc0001d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d6000 [0098.575] VirtualAlloc (lpAddress=0xc0001d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d8000 [0098.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0098.576] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0000b9d64 | out: lpMode=0xc0000b9d64) returned 0 [0098.589] GetFileType (hFile=0x170) returned 0x1 [0098.589] WriteFile (in: hFile=0x170, lpBuffer=0xc0001d8420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d8420*, lpNumberOfBytesWritten=0xc0000b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.589] CloseHandle (hObject=0x170) returned 1 [0098.590] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.590] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.627] SetEvent (hEvent=0x15c) returned 1 [0098.627] SetEvent (hEvent=0x13c) returned 1 [0098.627] SetEvent (hEvent=0x9c) returned 1 [0098.627] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.668] SetEvent (hEvent=0x13c) returned 1 [0098.668] SetEvent (hEvent=0x9c) returned 1 [0098.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0098.668] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000149cf4 | out: lpMode=0xc000149cf4) returned 0 [0098.672] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.672] GetFileType (hFile=0x150) returned 0x1 [0098.672] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0098.673] GetFileType (hFile=0x150) returned 0x1 [0098.673] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000149d44 | out: lpFileInformation=0xc000149d44) returned 1 [0098.673] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000149d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000149d28) returned 1 [0098.673] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0098.674] ReadFile (in: hFile=0x150, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x2e1, lpNumberOfBytesRead=0xc000149c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc000149c04*=0xe1, lpOverlapped=0x0) returned 1 [0098.675] ReadFile (in: hFile=0x150, lpBuffer=0xc00004c0e1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000149c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c0e1*, lpNumberOfBytesRead=0xc000149c04*=0x0, lpOverlapped=0x0) returned 1 [0098.675] CloseHandle (hObject=0x150) returned 1 [0098.675] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0098.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0098.676] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000149d04 | out: lpMode=0xc000149d04) returned 0 [0098.677] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.690] GetFileType (hFile=0x150) returned 0x1 [0098.690] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0098.690] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0098.691] WriteFile (in: hFile=0x150, lpBuffer=0xc0002262d0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000149cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002262d0*, lpNumberOfBytesWritten=0xc000149cec*=0xf0, lpOverlapped=0x0) returned 1 [0098.692] CloseHandle (hObject=0x150) returned 1 [0098.694] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0098.695] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0098.695] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0098.695] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0098.696] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0098.696] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0098.697] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0098.697] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0098.698] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0098.699] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0098.742] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0098.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0098.742] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000149d64 | out: lpMode=0xc000149d64) returned 0 [0098.751] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.754] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.757] SetEvent (hEvent=0xb8) returned 1 [0098.757] VirtualFree (lpAddress=0xc000232000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0098.757] VirtualFree (lpAddress=0xc0001ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.757] VirtualFree (lpAddress=0xc0001e0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.758] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.758] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.758] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.759] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.759] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.760] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.760] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.760] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.760] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.761] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.761] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.761] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.762] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0098.762] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0098.763] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00023fcf4 | out: lpMode=0xc00023fcf4) returned 0 [0098.772] GetFileType (hFile=0x144) returned 0x1 [0098.772] GetFileType (hFile=0x144) returned 0x1 [0098.772] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc00023fd44 | out: lpFileInformation=0xc00023fd44) returned 1 [0098.772] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc00023fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023fd28) returned 1 [0098.772] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0098.773] ReadFile (in: hFile=0x144, lpBuffer=0xc000262000, nNumberOfBytesToRead=0x2f5, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000262000*, lpNumberOfBytesRead=0xc00023fc04*=0xf5, lpOverlapped=0x0) returned 1 [0098.774] ReadFile (in: hFile=0x144, lpBuffer=0xc0002620f5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002620f5*, lpNumberOfBytesRead=0xc00023fc04*=0x0, lpOverlapped=0x0) returned 1 [0098.774] CloseHandle (hObject=0x144) returned 1 [0098.774] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0098.775] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00023fd04 | out: lpMode=0xc00023fd04) returned 0 [0098.777] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.781] SetEvent (hEvent=0x8c) returned 1 [0098.782] GetFileType (hFile=0x144) returned 0x1 [0098.782] WriteFile (in: hFile=0x144, lpBuffer=0xc000532000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc00023fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000532000*, lpNumberOfBytesWritten=0xc00023fcec*=0x100, lpOverlapped=0x0) returned 1 [0098.783] CloseHandle (hObject=0x144) returned 1 [0098.783] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0098.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0098.783] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00023fd64 | out: lpMode=0xc00023fd64) returned 0 [0098.784] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.799] GetFileType (hFile=0x144) returned 0x1 [0098.799] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0098.800] WriteFile (in: hFile=0x144, lpBuffer=0xc0000fc000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc000*, lpNumberOfBytesWritten=0xc00023fd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.800] CloseHandle (hObject=0x144) returned 1 [0098.800] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0098.800] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0098.801] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.814] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0098.814] SetEvent (hEvent=0x8c) returned 1 [0098.814] SetEvent (hEvent=0x120) returned 1 [0098.815] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.820] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.820] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0098.820] SetEvent (hEvent=0x120) returned 1 [0098.821] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.826] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.827] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0098.827] SetEvent (hEvent=0xc0) returned 1 [0098.827] SetEvent (hEvent=0x8c) returned 1 [0098.827] SetEvent (hEvent=0xb8) returned 1 [0098.828] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.831] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.831] SetEvent (hEvent=0x15c) returned 1 [0098.831] SetEvent (hEvent=0x13c) returned 1 [0098.831] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.834] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.835] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0098.836] SetEvent (hEvent=0x8c) returned 1 [0098.836] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.836] GetFileType (hFile=0x150) returned 0x1 [0098.836] WriteFile (in: hFile=0x150, lpBuffer=0xc00013a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000149d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesWritten=0xc000149d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.836] CloseHandle (hObject=0x150) returned 1 [0098.836] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.837] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.837] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0098.837] SetEvent (hEvent=0x13c) returned 1 [0098.837] SetEvent (hEvent=0x8c) returned 1 [0098.838] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.839] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.930] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.931] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0098.931] SetEvent (hEvent=0x13c) returned 1 [0098.931] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.934] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0430*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000111818, lpReserved=0x0 | out: lpBuffer=0xc0000a0430*, lpNumberOfCharsWritten=0xc000111818*=0x3) returned 1 [0098.941] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0436*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000275818, lpReserved=0x0 | out: lpBuffer=0xc0000a0436*, lpNumberOfCharsWritten=0xc000275818*=0x3) returned 1 [0098.949] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.950] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0098.951] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010198*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000063818, lpReserved=0x0 | out: lpBuffer=0xc000010198*, lpNumberOfCharsWritten=0xc000063818*=0x3) returned 1 [0098.953] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.954] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000129818, lpReserved=0x0 | out: lpBuffer=0xc0000101a0*, lpNumberOfCharsWritten=0xc000129818*=0x3) returned 1 [0098.965] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0550*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc0000a0550*, lpNumberOfCharsWritten=0xc000241818*=0x3) returned 1 [0098.969] SetEvent (hEvent=0x8c) returned 1 [0098.969] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0570*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000187818, lpReserved=0x0 | out: lpBuffer=0xc0000a0570*, lpNumberOfCharsWritten=0xc000187818*=0x3) returned 1 [0098.974] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102220*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c3818, lpReserved=0x0 | out: lpBuffer=0xc000102220*, lpNumberOfCharsWritten=0xc0000c3818*=0x3) returned 1 [0098.978] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.980] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010108*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e3818, lpReserved=0x0 | out: lpBuffer=0xc000010108*, lpNumberOfCharsWritten=0xc0006e3818*=0x3) returned 1 [0098.984] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.985] SetEvent (hEvent=0x13c) returned 1 [0098.985] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0098.985] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010190*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00016f818, lpReserved=0x0 | out: lpBuffer=0xc000010190*, lpNumberOfCharsWritten=0xc00016f818*=0x3) returned 1 [0098.987] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010196*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000065818, lpReserved=0x0 | out: lpBuffer=0xc000010196*, lpNumberOfCharsWritten=0xc000065818*=0x3) returned 1 [0098.997] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000279818, lpReserved=0x0 | out: lpBuffer=0xc0000101a0*, lpNumberOfCharsWritten=0xc000279818*=0x3) returned 1 [0099.013] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0099.014] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0518*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004df818, lpReserved=0x0 | out: lpBuffer=0xc0000a0518*, lpNumberOfCharsWritten=0xc0004df818*=0x3) returned 1 [0099.018] SetEvent (hEvent=0x120) returned 1 [0099.018] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.074] SetEvent (hEvent=0xb8) returned 1 [0099.074] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.270] SetEvent (hEvent=0x13c) returned 1 [0099.270] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0099.310] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001bbcf4 | out: lpMode=0xc0001bbcf4) returned 0 [0099.315] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.322] GetFileType (hFile=0x150) returned 0x1 [0099.322] GetFileType (hFile=0x150) returned 0x1 [0099.322] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0001bbd44 | out: lpFileInformation=0xc0001bbd44) returned 1 [0099.322] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0001bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bbd28) returned 1 [0099.322] VirtualAlloc (lpAddress=0xc0001d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d8000 [0099.323] ReadFile (in: hFile=0x150, lpBuffer=0xc0001d8000, nNumberOfBytesToRead=0x298, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001d8000*, lpNumberOfBytesRead=0xc0001bbc04*=0x98, lpOverlapped=0x0) returned 1 [0099.325] ReadFile (in: hFile=0x150, lpBuffer=0xc0001d8098, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001d8098*, lpNumberOfBytesRead=0xc0001bbc04*=0x0, lpOverlapped=0x0) returned 1 [0099.325] CloseHandle (hObject=0x150) returned 1 [0099.325] VirtualAlloc (lpAddress=0xc0001da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001da000 [0099.325] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.327] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001bbd04 | out: lpMode=0xc0001bbd04) returned 0 [0099.332] GetFileType (hFile=0x150) returned 0x1 [0099.332] WriteFile (in: hFile=0x150, lpBuffer=0xc0003d60a0*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0xc0001bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d60a0*, lpNumberOfBytesWritten=0xc0001bbcec*=0xa0, lpOverlapped=0x0) returned 1 [0099.333] CloseHandle (hObject=0x150) returned 1 [0099.333] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0099.333] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.334] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001bbd64 | out: lpMode=0xc0001bbd64) returned 0 [0099.335] GetFileType (hFile=0x150) returned 0x1 [0099.335] WriteFile (in: hFile=0x150, lpBuffer=0xc0001d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6580*, lpNumberOfBytesWritten=0xc0001bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0099.336] CloseHandle (hObject=0x150) returned 1 [0099.336] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.336] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.337] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.337] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0099.337] SetEvent (hEvent=0xc0) returned 1 [0099.337] SetEvent (hEvent=0x108) returned 1 [0099.338] SetEvent (hEvent=0x8c) returned 1 [0099.338] SetEvent (hEvent=0xfc) returned 1 [0099.346] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.352] SetEvent (hEvent=0x13c) returned 1 [0099.352] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.354] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.354] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0099.354] SetEvent (hEvent=0x15c) returned 1 [0099.354] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.360] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.360] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.360] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0099.360] SetEvent (hEvent=0xc0) returned 1 [0099.360] SetEvent (hEvent=0x100) returned 1 [0099.360] SetEvent (hEvent=0xb8) returned 1 [0099.361] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.365] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.368] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0099.368] SetEvent (hEvent=0x100) returned 1 [0099.368] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.378] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.378] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.381] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0099.381] SetEvent (hEvent=0xc0) returned 1 [0099.381] SetEvent (hEvent=0xb8) returned 1 [0099.381] SetEvent (hEvent=0x13c) returned 1 [0099.382] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.396] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.408] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.408] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0099.408] SetEvent (hEvent=0xb8) returned 1 [0099.408] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.409] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x168 [0099.409] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0000c1cf4 | out: lpMode=0xc0000c1cf4) returned 0 [0099.411] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.415] SetEvent (hEvent=0x100) returned 1 [0099.415] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.424] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0099.425] SetEvent (hEvent=0xb8) returned 1 [0099.425] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0099.426] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.432] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.432] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.507] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.510] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0099.510] SetEvent (hEvent=0x13c) returned 1 [0099.510] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.530] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0099.530] SetEvent (hEvent=0x9c) returned 1 [0099.530] SetEvent (hEvent=0x100) returned 1 [0099.530] SetEvent (hEvent=0x120) returned 1 [0099.530] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.532] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.532] SetEvent (hEvent=0x100) returned 1 [0099.532] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.535] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.535] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.536] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0099.537] SetEvent (hEvent=0xb8) returned 1 [0099.537] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.537] WriteFile (in: hFile=0x174, lpBuffer=0xc0001fe0c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0001c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001fe0c0*, lpNumberOfBytesWritten=0xc0001c7cec*=0xc0, lpOverlapped=0x0) returned 1 [0099.538] CloseHandle (hObject=0x174) returned 1 [0099.538] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0099.538] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0099.538] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001c7d64 | out: lpMode=0xc0001c7d64) returned 0 [0099.540] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.544] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.552] SetEvent (hEvent=0x13c) returned 1 [0099.552] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0099.553] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0099.553] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0099.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0099.554] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001b3cf4 | out: lpMode=0xc0001b3cf4) returned 0 [0099.556] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.561] SetEvent (hEvent=0x120) returned 1 [0099.561] GetFileType (hFile=0x150) returned 0x1 [0099.561] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0099.561] GetFileType (hFile=0x150) returned 0x1 [0099.561] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0001b3d44 | out: lpFileInformation=0xc0001b3d44) returned 1 [0099.561] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0001b3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b3d28) returned 1 [0099.561] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0099.562] ReadFile (in: hFile=0x150, lpBuffer=0xc000144000, nNumberOfBytesToRead=0x309, lpNumberOfBytesRead=0xc0001b3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000144000*, lpNumberOfBytesRead=0xc0001b3c04*=0x109, lpOverlapped=0x0) returned 1 [0099.563] ReadFile (in: hFile=0x150, lpBuffer=0xc000144109, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000144109*, lpNumberOfBytesRead=0xc0001b3c04*=0x0, lpOverlapped=0x0) returned 1 [0099.563] CloseHandle (hObject=0x150) returned 1 [0099.563] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0099.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.564] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001b3d04 | out: lpMode=0xc0001b3d04) returned 0 [0099.567] GetFileType (hFile=0x150) returned 0x1 [0099.567] WriteFile (in: hFile=0x150, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc0001b3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc0001b3cec*=0x110, lpOverlapped=0x0) returned 1 [0099.569] CloseHandle (hObject=0x150) returned 1 [0099.569] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0099.570] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.570] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001b3d64 | out: lpMode=0xc0001b3d64) returned 0 [0099.576] GetFileType (hFile=0x150) returned 0x1 [0099.576] WriteFile (in: hFile=0x150, lpBuffer=0xc0001d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6580*, lpNumberOfBytesWritten=0xc0001b3d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.577] CloseHandle (hObject=0x150) returned 1 [0099.577] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.578] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005866a8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000135818, lpReserved=0x0 | out: lpBuffer=0xc0005866a8*, lpNumberOfCharsWritten=0xc000135818*=0x3) returned 1 [0099.586] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005866d8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000171818, lpReserved=0x0 | out: lpBuffer=0xc0005866d8*, lpNumberOfCharsWritten=0xc000171818*=0x3) returned 1 [0099.589] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.591] SetEvent (hEvent=0x13c) returned 1 [0099.591] SetEvent (hEvent=0x120) returned 1 [0099.591] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.596] SetEvent (hEvent=0x100) returned 1 [0099.596] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0099.597] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0099.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0099.598] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000155cf4 | out: lpMode=0xc000155cf4) returned 0 [0099.601] GetFileType (hFile=0x150) returned 0x1 [0099.602] GetFileType (hFile=0x150) returned 0x1 [0099.602] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000155d44 | out: lpFileInformation=0xc000155d44) returned 1 [0099.602] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000155d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000155d28) returned 1 [0099.602] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0099.602] ReadFile (in: hFile=0x150, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x2ac, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc000155c04*=0xac, lpOverlapped=0x0) returned 1 [0099.603] ReadFile (in: hFile=0x150, lpBuffer=0xc00006c0ac, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c0ac*, lpNumberOfBytesRead=0xc000155c04*=0x0, lpOverlapped=0x0) returned 1 [0099.603] CloseHandle (hObject=0x150) returned 1 [0099.603] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0099.604] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0099.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.605] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000155d04 | out: lpMode=0xc000155d04) returned 0 [0099.610] GetFileType (hFile=0x150) returned 0x1 [0099.610] WriteFile (in: hFile=0x150, lpBuffer=0xc0001e0160*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0xc000155cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e0160*, lpNumberOfBytesWritten=0xc000155cec*=0xb0, lpOverlapped=0x0) returned 1 [0099.611] CloseHandle (hObject=0x150) returned 1 [0099.612] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0099.612] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0099.612] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0099.612] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0099.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.613] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000155d64 | out: lpMode=0xc000155d64) returned 0 [0099.624] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.628] SetEvent (hEvent=0x13c) returned 1 [0099.628] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.645] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0099.645] VirtualFree (lpAddress=0xc000160000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0099.646] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.646] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.646] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.647] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.647] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0099.647] SetEvent (hEvent=0x13c) returned 1 [0099.647] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.847] SetEvent (hEvent=0x120) returned 1 [0099.847] SetEvent (hEvent=0xfc) returned 1 [0099.847] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.852] SetEvent (hEvent=0x120) returned 1 [0099.853] SetEvent (hEvent=0x13c) returned 1 [0099.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0099.853] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000143cf4 | out: lpMode=0xc000143cf4) returned 0 [0099.858] GetFileType (hFile=0x144) returned 0x1 [0099.858] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0099.858] GetFileType (hFile=0x144) returned 0x1 [0099.859] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000143d44 | out: lpFileInformation=0xc000143d44) returned 1 [0099.859] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000143d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000143d28) returned 1 [0099.859] ReadFile (in: hFile=0x144, lpBuffer=0xc000052000, nNumberOfBytesToRead=0x2d9, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfBytesRead=0xc000143c04*=0xd9, lpOverlapped=0x0) returned 1 [0099.860] ReadFile (in: hFile=0x144, lpBuffer=0xc0000520d9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000520d9*, lpNumberOfBytesRead=0xc000143c04*=0x0, lpOverlapped=0x0) returned 1 [0099.860] CloseHandle (hObject=0x144) returned 1 [0099.860] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0099.861] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000143d04 | out: lpMode=0xc000143d04) returned 0 [0099.868] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.877] GetFileType (hFile=0x144) returned 0x1 [0099.877] WriteFile (in: hFile=0x144, lpBuffer=0xc0001680e0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000143cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001680e0*, lpNumberOfBytesWritten=0xc000143cec*=0xe0, lpOverlapped=0x0) returned 1 [0099.878] CloseHandle (hObject=0x144) returned 1 [0099.878] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0099.878] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0099.879] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0099.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0099.879] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000143d64 | out: lpMode=0xc000143d64) returned 0 [0099.880] GetFileType (hFile=0x144) returned 0x1 [0099.880] WriteFile (in: hFile=0x144, lpBuffer=0xc0001c22c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000143d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c22c0*, lpNumberOfBytesWritten=0xc000143d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.880] CloseHandle (hObject=0x144) returned 1 [0099.881] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.881] SwitchToThread () returned 1 [0099.882] SetEvent (hEvent=0x120) returned 1 [0099.882] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.882] SetEvent (hEvent=0x120) returned 1 [0099.883] SetEvent (hEvent=0xfc) returned 1 [0099.883] SetEvent (hEvent=0x15c) returned 1 [0099.883] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.885] SetEvent (hEvent=0xfc) returned 1 [0099.885] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.888] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.889] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.889] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.889] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.890] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.890] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.890] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.890] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.891] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.891] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.891] SetEvent (hEvent=0x15c) returned 1 [0099.891] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.899] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.939] SetEvent (hEvent=0xfc) returned 1 [0099.939] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.946] SetEvent (hEvent=0xfc) returned 1 [0099.946] SetEvent (hEvent=0x120) returned 1 [0099.946] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.946] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.947] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.947] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.947] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.947] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.948] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.948] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.948] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.948] VirtualFree (lpAddress=0xc00005a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.949] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0099.950] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000189cf4 | out: lpMode=0xc000189cf4) returned 0 [0099.953] GetFileType (hFile=0x144) returned 0x1 [0099.954] GetFileType (hFile=0x144) returned 0x1 [0099.954] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000189d44 | out: lpFileInformation=0xc000189d44) returned 1 [0099.954] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000189d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000189d28) returned 1 [0099.954] VirtualAlloc (lpAddress=0xc0001cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001cc000 [0099.954] ReadFile (in: hFile=0x144, lpBuffer=0xc0001cc000, nNumberOfBytesToRead=0x36a, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001cc000*, lpNumberOfBytesRead=0xc000189c04*=0x16a, lpOverlapped=0x0) returned 1 [0099.955] ReadFile (in: hFile=0x144, lpBuffer=0xc0001cc16a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001cc16a*, lpNumberOfBytesRead=0xc000189c04*=0x0, lpOverlapped=0x0) returned 1 [0099.955] CloseHandle (hObject=0x144) returned 1 [0099.955] VirtualAlloc (lpAddress=0xc0001d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d0000 [0099.956] VirtualAlloc (lpAddress=0xc0001d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d2000 [0099.957] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0099.958] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000189d04 | out: lpMode=0xc000189d04) returned 0 [0099.961] GetFileType (hFile=0x144) returned 0x1 [0099.962] WriteFile (in: hFile=0x144, lpBuffer=0xc0001d2000*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0xc000189cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001d2000*, lpNumberOfBytesWritten=0xc000189cec*=0x170, lpOverlapped=0x0) returned 1 [0099.963] CloseHandle (hObject=0x144) returned 1 [0099.963] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0099.963] VirtualAlloc (lpAddress=0xc0001d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d4000 [0099.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0099.963] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000189d64 | out: lpMode=0xc000189d64) returned 0 [0099.964] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.972] SetEvent (hEvent=0xfc) returned 1 [0099.972] GetFileType (hFile=0x144) returned 0x1 [0099.972] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000189d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000189d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.973] CloseHandle (hObject=0x144) returned 1 [0099.973] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.974] SwitchToThread () returned 1 [0099.977] SetEvent (hEvent=0xfc) returned 1 [0099.978] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.978] SetEvent (hEvent=0xfc) returned 1 [0099.978] SetEvent (hEvent=0x120) returned 1 [0099.978] SetEvent (hEvent=0x15c) returned 1 [0099.978] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.980] SetEvent (hEvent=0x120) returned 1 [0099.980] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0099.983] SetEvent (hEvent=0xfc) returned 1 [0099.983] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.022] VirtualAlloc (lpAddress=0xc0001da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001da000 [0100.022] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0100.023] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0100.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x168 [0100.025] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000173cf4 | out: lpMode=0xc000173cf4) returned 0 [0100.026] GetFileType (hFile=0x168) returned 0x1 [0100.026] GetFileType (hFile=0x168) returned 0x1 [0100.026] GetFileInformationByHandle (in: hFile=0x168, lpFileInformation=0xc000173d44 | out: lpFileInformation=0xc000173d44) returned 1 [0100.026] GetFileInformationByHandleEx (in: hFile=0x168, FileInformationClass=0x9, lpFileInformation=0xc000173d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000173d28) returned 1 [0100.026] VirtualAlloc (lpAddress=0xc0001e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e0000 [0100.027] ReadFile (in: hFile=0x168, lpBuffer=0xc0001e0000, nNumberOfBytesToRead=0x3c3, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e0000*, lpNumberOfBytesRead=0xc000173c04*=0x1c3, lpOverlapped=0x0) returned 1 [0100.029] ReadFile (in: hFile=0x168, lpBuffer=0xc0001e01c3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e01c3*, lpNumberOfBytesRead=0xc000173c04*=0x0, lpOverlapped=0x0) returned 1 [0100.029] CloseHandle (hObject=0x168) returned 1 [0100.029] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0100.029] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0100.030] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0100.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0100.031] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000173d04 | out: lpMode=0xc000173d04) returned 0 [0100.033] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.038] SetEvent (hEvent=0x100) returned 1 [0100.038] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.039] SetEvent (hEvent=0x120) returned 1 [0100.039] SetEvent (hEvent=0x100) returned 1 [0100.039] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.077] SetEvent (hEvent=0x8c) returned 1 [0100.077] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.101] SetEvent (hEvent=0x13c) returned 1 [0100.101] SetEvent (hEvent=0x8c) returned 1 [0100.101] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.109] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.109] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.110] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.110] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.110] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.110] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.111] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.111] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.111] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.111] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.112] SetEvent (hEvent=0x100) returned 1 [0100.112] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.165] GetFileType (hFile=0x154) returned 0x1 [0100.165] GetFileType (hFile=0x154) returned 0x1 [0100.165] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc00013fd44 | out: lpFileInformation=0xc00013fd44) returned 1 [0100.165] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc00013fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013fd28) returned 1 [0100.165] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0100.165] ReadFile (in: hFile=0x154, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x2d5, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc00013fc04*=0xd5, lpOverlapped=0x0) returned 1 [0100.167] ReadFile (in: hFile=0x154, lpBuffer=0xc0000ee0d5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee0d5*, lpNumberOfBytesRead=0xc00013fc04*=0x0, lpOverlapped=0x0) returned 1 [0100.167] CloseHandle (hObject=0x154) returned 1 [0100.167] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0100.167] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0100.169] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00013fd04 | out: lpMode=0xc00013fd04) returned 0 [0100.172] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.185] SetEvent (hEvent=0x9c) returned 1 [0100.185] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.186] SetEvent (hEvent=0x8c) returned 1 [0100.186] SetEvent (hEvent=0x120) returned 1 [0100.186] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.200] SetEvent (hEvent=0x8c) returned 1 [0100.200] SetEvent (hEvent=0x15c) returned 1 [0100.200] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.232] SetEvent (hEvent=0x100) returned 1 [0100.232] SetEvent (hEvent=0x15c) returned 1 [0100.232] SetEvent (hEvent=0x120) returned 1 [0100.232] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.240] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.250] SetEvent (hEvent=0x100) returned 1 [0100.250] GetFileType (hFile=0x168) returned 0x1 [0100.250] WriteFile (in: hFile=0x168, lpBuffer=0xc0001e6000*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0xc000173cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e6000*, lpNumberOfBytesWritten=0xc000173cec*=0x1d0, lpOverlapped=0x0) returned 1 [0100.251] CloseHandle (hObject=0x168) returned 1 [0100.251] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0100.252] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0100.252] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000173d64 | out: lpMode=0xc000173d64) returned 0 [0100.261] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.267] GetFileType (hFile=0x168) returned 0x1 [0100.267] WriteFile (in: hFile=0x168, lpBuffer=0xc0001d6420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000173d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6420*, lpNumberOfBytesWritten=0xc000173d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.268] CloseHandle (hObject=0x168) returned 1 [0100.268] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.367] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.368] SetEvent (hEvent=0x100) returned 1 [0100.368] SetEvent (hEvent=0x8c) returned 1 [0100.368] SetEvent (hEvent=0x120) returned 1 [0100.368] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.373] SwitchToThread () returned 1 [0100.379] SetEvent (hEvent=0x100) returned 1 [0100.379] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.400] SetEvent (hEvent=0x8c) returned 1 [0100.401] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.403] SwitchToThread () returned 1 [0100.408] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.410] SetEvent (hEvent=0x8c) returned 1 [0100.410] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.411] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0100.411] SetEvent (hEvent=0x120) returned 1 [0100.411] SetEvent (hEvent=0x8c) returned 1 [0100.411] SetEvent (hEvent=0x9c) returned 1 [0100.412] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.416] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.416] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.425] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.425] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0100.425] SetEvent (hEvent=0x9c) returned 1 [0100.425] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.426] GetFileType (hFile=0x154) returned 0x1 [0100.426] WriteFile (in: hFile=0x154, lpBuffer=0xc0000f0000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00013fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesWritten=0xc00013fcec*=0xe0, lpOverlapped=0x0) returned 1 [0100.427] CloseHandle (hObject=0x154) returned 1 [0100.428] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0100.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0100.428] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00013fd64 | out: lpMode=0xc00013fd64) returned 0 [0100.434] GetFileType (hFile=0x154) returned 0x1 [0100.434] WriteFile (in: hFile=0x154, lpBuffer=0xc0001d6420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6420*, lpNumberOfBytesWritten=0xc00013fd4c*=0x158, lpOverlapped=0x0) returned 1 [0100.434] CloseHandle (hObject=0x154) returned 1 [0100.434] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.435] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.436] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0100.436] SetEvent (hEvent=0xc0) returned 1 [0100.436] SetEvent (hEvent=0x120) returned 1 [0100.436] SetEvent (hEvent=0x9c) returned 1 [0100.437] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.440] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.440] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.511] SwitchToThread () returned 1 [0100.512] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0100.512] SetEvent (hEvent=0x100) returned 1 [0100.512] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.536] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0100.536] SetEvent (hEvent=0x15c) returned 1 [0100.536] SetEvent (hEvent=0x9c) returned 1 [0100.536] SetEvent (hEvent=0xb8) returned 1 [0100.536] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0100.538] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.543] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.543] SetEvent (hEvent=0x9c) returned 1 [0100.543] SetEvent (hEvent=0x15c) returned 1 [0100.543] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.544] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.544] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.545] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.545] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0100.545] SetEvent (hEvent=0x100) returned 1 [0100.545] SetEvent (hEvent=0x15c) returned 1 [0100.545] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.552] GetFileType (hFile=0x150) returned 0x1 [0100.552] WriteFile (in: hFile=0x150, lpBuffer=0xc000124000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000ebd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesWritten=0xc0000ebd4c*=0x158, lpOverlapped=0x0) returned 1 [0100.553] CloseHandle (hObject=0x150) returned 1 [0100.553] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.554] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.555] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0100.555] SetEvent (hEvent=0x100) returned 1 [0100.555] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0100.557] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.558] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.563] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.563] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0100.564] SetEvent (hEvent=0xc0) returned 1 [0100.564] SetEvent (hEvent=0x100) returned 1 [0100.564] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.564] GetFileType (hFile=0x128) returned 0x1 [0100.565] GetFileType (hFile=0x128) returned 0x1 [0100.565] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0000c3d44 | out: lpFileInformation=0xc0000c3d44) returned 1 [0100.565] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0000c3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c3d28) returned 1 [0100.565] ReadFile (in: hFile=0x128, lpBuffer=0xc00004e700, nNumberOfBytesToRead=0x34e, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e700*, lpNumberOfBytesRead=0xc0000c3c04*=0x14e, lpOverlapped=0x0) returned 1 [0100.566] ReadFile (in: hFile=0x128, lpBuffer=0xc00004e84e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e84e*, lpNumberOfBytesRead=0xc0000c3c04*=0x0, lpOverlapped=0x0) returned 1 [0100.566] CloseHandle (hObject=0x128) returned 1 [0100.566] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0100.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0100.568] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000c3d04 | out: lpMode=0xc0000c3d04) returned 0 [0100.568] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.575] SetEvent (hEvent=0x120) returned 1 [0100.575] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.575] SetEvent (hEvent=0x120) returned 1 [0100.575] SetEvent (hEvent=0x100) returned 1 [0100.576] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.576] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.576] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.576] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.577] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.577] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.577] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.577] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.577] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.577] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.577] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4)) returned 1 [0100.578] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.578] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.578] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.578] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.578] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x150, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.578] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.578] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.578] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x150)) returned 1 [0100.579] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.580] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.583] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.584] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.584] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.584] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x115, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.584] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.584] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa2460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x115)) returned 1 [0100.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.585] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.585] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.585] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x125, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.585] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.585] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.585] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x125)) returned 1 [0100.586] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.592] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.593] SetEvent (hEvent=0xc0) returned 1 [0100.593] SetEvent (hEvent=0x120) returned 1 [0100.593] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.593] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.605] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0100.605] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0100.606] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.606] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.606] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.606] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.606] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.606] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcd)) returned 1 [0100.606] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.607] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.607] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.607] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x115, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.607] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.607] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.607] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x115)) returned 1 [0100.608] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.613] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.616] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.621] SetEvent (hEvent=0xb8) returned 1 [0100.621] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.622] SetEvent (hEvent=0xb8) returned 1 [0100.622] SetEvent (hEvent=0x9c) returned 1 [0100.622] SetEvent (hEvent=0x8c) returned 1 [0100.622] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.625] SetEvent (hEvent=0x9c) returned 1 [0100.625] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.627] VirtualFree (lpAddress=0xc000160000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.627] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.627] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.628] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.628] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.628] SetEvent (hEvent=0x8c) returned 1 [0100.628] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.630] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.636] SetEvent (hEvent=0x9c) returned 1 [0100.636] SetEvent (hEvent=0xb8) returned 1 [0100.636] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.656] SetEvent (hEvent=0x9c) returned 1 [0100.656] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.658] SetEvent (hEvent=0x8c) returned 1 [0100.658] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.662] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0100.663] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0100.663] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0100.664] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0100.664] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc0001c5cf4 | out: lpMode=0xc0001c5cf4) returned 0 [0100.665] GetFileType (hFile=0x16c) returned 0x1 [0100.665] GetFileType (hFile=0x16c) returned 0x1 [0100.665] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc0001c5d44 | out: lpFileInformation=0xc0001c5d44) returned 1 [0100.665] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc0001c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c5d28) returned 1 [0100.665] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0100.665] ReadFile (in: hFile=0x16c, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x377, lpNumberOfBytesRead=0xc0001c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc0001c5c04*=0x177, lpOverlapped=0x0) returned 1 [0100.667] ReadFile (in: hFile=0x16c, lpBuffer=0xc0000fa177, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa177*, lpNumberOfBytesRead=0xc0001c5c04*=0x0, lpOverlapped=0x0) returned 1 [0100.667] CloseHandle (hObject=0x16c) returned 1 [0100.667] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0100.667] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0100.668] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0100.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0100.669] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc0001c5d04 | out: lpMode=0xc0001c5d04) returned 0 [0100.670] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.680] GetFileType (hFile=0x16c) returned 0x1 [0100.680] WriteFile (in: hFile=0x16c, lpBuffer=0xc0000f0000*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0xc0001c5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesWritten=0xc0001c5cec*=0x180, lpOverlapped=0x0) returned 1 [0100.682] CloseHandle (hObject=0x16c) returned 1 [0100.682] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0100.682] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0100.682] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0100.683] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0100.683] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0100.683] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0100.684] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc0001c5d64 | out: lpMode=0xc0001c5d64) returned 0 [0100.690] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.696] SetEvent (hEvent=0x9c) returned 1 [0100.696] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.702] VirtualFree (lpAddress=0xc00017a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.702] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.703] VirtualFree (lpAddress=0xc000166000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.703] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.703] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.704] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.704] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.704] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.704] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.705] VirtualFree (lpAddress=0xc000058000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0100.705] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.705] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0100.706] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0100.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0100.707] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000255cf4 | out: lpMode=0xc000255cf4) returned 0 [0100.716] GetFileType (hFile=0xec) returned 0x1 [0100.716] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0100.716] GetFileType (hFile=0xec) returned 0x1 [0100.716] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000255d44 | out: lpFileInformation=0xc000255d44) returned 1 [0100.717] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000255d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000255d28) returned 1 [0100.717] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0100.717] ReadFile (in: hFile=0xec, lpBuffer=0xc0000be000, nNumberOfBytesToRead=0x2cd, lpNumberOfBytesRead=0xc000255c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesRead=0xc000255c04*=0xcd, lpOverlapped=0x0) returned 1 [0100.718] ReadFile (in: hFile=0xec, lpBuffer=0xc0000be0cd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000255c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be0cd*, lpNumberOfBytesRead=0xc000255c04*=0x0, lpOverlapped=0x0) returned 1 [0100.718] CloseHandle (hObject=0xec) returned 1 [0100.719] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0100.719] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0100.720] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0100.720] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0100.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0100.722] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000255d04 | out: lpMode=0xc000255d04) returned 0 [0100.735] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.739] SetEvent (hEvent=0xb8) returned 1 [0100.739] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.742] SetEvent (hEvent=0x8c) returned 1 [0100.742] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.742] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0100.742] SetEvent (hEvent=0xc0) returned 1 [0100.742] SetEvent (hEvent=0x9c) returned 1 [0100.742] SetEvent (hEvent=0x8c) returned 1 [0100.743] SetEvent (hEvent=0x120) returned 1 [0100.743] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.749] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.749] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.751] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.752] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0100.752] SetEvent (hEvent=0x120) returned 1 [0100.752] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.756] GetFileType (hFile=0x128) returned 0x1 [0100.756] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0000c3d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.756] CloseHandle (hObject=0x128) returned 1 [0100.756] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0100.757] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0100.757] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.758] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.758] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0100.759] SetEvent (hEvent=0x9c) returned 1 [0100.759] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0100.761] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.761] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.766] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.767] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0100.767] SetEvent (hEvent=0xc0) returned 1 [0100.767] SetEvent (hEvent=0x9c) returned 1 [0100.767] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.768] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.768] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.768] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaa, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.768] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.768] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.768] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_tw\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaa)) returned 1 [0100.769] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.769] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.769] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.769] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.769] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xc2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.769] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.769] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.770] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fedf50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xc2)) returned 1 [0100.770] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.782] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.782] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.782] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.782] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8636e710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf3, dwReserved0=0x0, dwReserved1=0x0, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0100.782] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x4454, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0100.782] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.783] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.783] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8636e710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf3)) returned 1 [0100.783] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x4454)) returned 1 [0100.783] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1103)) returned 1 [0100.797] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.798] SetEvent (hEvent=0x120) returned 1 [0100.798] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.817] SetEvent (hEvent=0xb8) returned 1 [0100.817] SetEvent (hEvent=0x8c) returned 1 [0100.817] SetEvent (hEvent=0x15c) returned 1 [0100.817] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.864] SetEvent (hEvent=0x15c) returned 1 [0100.864] SetEvent (hEvent=0x8c) returned 1 [0100.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0100.864] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00019dcf4 | out: lpMode=0xc00019dcf4) returned 0 [0100.868] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.870] SetEvent (hEvent=0x15c) returned 1 [0100.871] GetFileType (hFile=0x128) returned 0x1 [0100.871] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.873] GetFileType (hFile=0x128) returned 0x1 [0100.873] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00019dd44 | out: lpFileInformation=0xc00019dd44) returned 1 [0100.873] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00019dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00019dd28) returned 1 [0100.873] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0100.874] ReadFile (in: hFile=0x128, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0x2e0, lpNumberOfBytesRead=0xc00019dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc00019dc04*=0xe0, lpOverlapped=0x0) returned 1 [0100.875] ReadFile (in: hFile=0x128, lpBuffer=0xc00006a0e0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00019dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a0e0*, lpNumberOfBytesRead=0xc00019dc04*=0x0, lpOverlapped=0x0) returned 1 [0100.875] CloseHandle (hObject=0x128) returned 1 [0100.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0100.876] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00019dd04 | out: lpMode=0xc00019dd04) returned 0 [0100.883] GetFileType (hFile=0x128) returned 0x1 [0100.883] WriteFile (in: hFile=0x128, lpBuffer=0xc0000563c0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00019dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000563c0*, lpNumberOfBytesWritten=0xc00019dcec*=0xf0, lpOverlapped=0x0) returned 1 [0100.884] CloseHandle (hObject=0x128) returned 1 [0100.884] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0100.885] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0100.885] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0100.885] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0100.886] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0100.886] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0100.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0100.887] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00019dd64 | out: lpMode=0xc00019dd64) returned 0 [0100.892] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.896] GetFileType (hFile=0x128) returned 0x1 [0100.896] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0100.896] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0100.897] WriteFile (in: hFile=0x128, lpBuffer=0xc000040000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00019dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesWritten=0xc00019dd4c*=0x158, lpOverlapped=0x0) returned 1 [0100.897] CloseHandle (hObject=0x128) returned 1 [0100.897] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0100.897] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0100.898] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\encry-page_embed_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\encry-page_embed_script.js"), dwFlags=0x1) returned 1 [0100.898] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.906] SetEvent (hEvent=0x9c) returned 1 [0100.906] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.906] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0100.906] SetEvent (hEvent=0x100) returned 1 [0100.906] SetEvent (hEvent=0x9c) returned 1 [0100.906] SetEvent (hEvent=0x8c) returned 1 [0100.907] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.913] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.913] SetEvent (hEvent=0x8c) returned 1 [0100.913] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.921] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.921] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0100.921] SetEvent (hEvent=0x120) returned 1 [0100.921] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0100.922] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001a1cf4 | out: lpMode=0xc0001a1cf4) returned 0 [0100.922] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.928] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.944] GetFileType (hFile=0x128) returned 0x1 [0100.944] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0100.944] GetFileType (hFile=0x128) returned 0x1 [0100.945] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0001a7d44 | out: lpFileInformation=0xc0001a7d44) returned 1 [0100.945] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0001a7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a7d28) returned 1 [0100.945] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0100.945] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0100.945] ReadFile (in: hFile=0x128, lpBuffer=0xc000056000, nNumberOfBytesToRead=0x556, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesRead=0xc0001a7c04*=0x356, lpOverlapped=0x0) returned 1 [0100.961] ReadFile (in: hFile=0x128, lpBuffer=0xc000056356, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000056356*, lpNumberOfBytesRead=0xc0001a7c04*=0x0, lpOverlapped=0x0) returned 1 [0100.961] CloseHandle (hObject=0x128) returned 1 [0100.961] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0100.961] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0100.962] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0100.962] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0100.962] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0100.962] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0100.963] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001a7d04 | out: lpMode=0xc0001a7d04) returned 0 [0100.970] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.979] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.981] SetEvent (hEvent=0x15c) returned 1 [0100.982] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.982] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0100.982] SetEvent (hEvent=0x100) returned 1 [0100.982] SetEvent (hEvent=0x15c) returned 1 [0100.982] SetEvent (hEvent=0x9c) returned 1 [0100.983] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.989] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0100.989] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.991] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0100.992] SetEvent (hEvent=0xb8) returned 1 [0100.992] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.000] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.001] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0101.001] SetEvent (hEvent=0x9c) returned 1 [0101.001] SetEvent (hEvent=0x8c) returned 1 [0101.001] SetEvent (hEvent=0x15c) returned 1 [0101.001] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.007] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0101.007] SetEvent (hEvent=0x120) returned 1 [0101.007] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.014] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.014] GetFileType (hFile=0xec) returned 0x1 [0101.014] GetFileType (hFile=0xec) returned 0x1 [0101.014] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000151d44 | out: lpFileInformation=0xc000151d44) returned 1 [0101.014] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000151d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000151d28) returned 1 [0101.014] VirtualAlloc (lpAddress=0xc00020c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020c000 [0101.015] VirtualAlloc (lpAddress=0xc00020e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020e000 [0101.015] ReadFile (in: hFile=0xec, lpBuffer=0xc00020e000, nNumberOfBytesToRead=0x4c1, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc00020e000*, lpNumberOfBytesRead=0xc000151c04*=0x2c1, lpOverlapped=0x0) returned 1 [0101.025] ReadFile (in: hFile=0xec, lpBuffer=0xc00020e2c1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc00020e2c1*, lpNumberOfBytesRead=0xc000151c04*=0x0, lpOverlapped=0x0) returned 1 [0101.025] CloseHandle (hObject=0xec) returned 1 [0101.025] VirtualAlloc (lpAddress=0xc000210000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000210000 [0101.025] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0101.025] VirtualAlloc (lpAddress=0xc000214000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000214000 [0101.026] VirtualAlloc (lpAddress=0xc000216000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000216000 [0101.026] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0101.026] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0101.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.027] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000151d04 | out: lpMode=0xc000151d04) returned 0 [0101.035] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.039] GetFileType (hFile=0xec) returned 0x1 [0101.039] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.045] WriteFile (in: hFile=0xec, lpBuffer=0xc000216000*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0xc000151cec, lpOverlapped=0x0 | out: lpBuffer=0xc000216000*, lpNumberOfBytesWritten=0xc000151cec*=0x2d0, lpOverlapped=0x0) returned 1 [0101.046] CloseHandle (hObject=0xec) returned 1 [0101.046] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0101.047] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0101.047] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0101.047] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0101.047] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0101.048] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0101.048] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0101.049] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0101.049] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0101.049] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000151d64 | out: lpMode=0xc000151d64) returned 0 [0101.050] GetFileType (hFile=0xec) returned 0x1 [0101.050] WriteFile (in: hFile=0xec, lpBuffer=0xc0000dc2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000151d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc2c0*, lpNumberOfBytesWritten=0xc000151d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.051] CloseHandle (hObject=0xec) returned 1 [0101.051] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0101.051] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0101.052] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ca\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.052] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.062] SetEvent (hEvent=0x15c) returned 1 [0101.062] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.064] SetEvent (hEvent=0x120) returned 1 [0101.064] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.068] SwitchToThread () returned 1 [0101.069] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.073] SetEvent (hEvent=0x120) returned 1 [0101.073] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.076] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0101.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0101.077] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc00010dcf4 | out: lpMode=0xc00010dcf4) returned 0 [0101.084] GetFileType (hFile=0x170) returned 0x1 [0101.084] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0101.085] GetFileType (hFile=0x170) returned 0x1 [0101.085] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc00010dd44 | out: lpFileInformation=0xc00010dd44) returned 1 [0101.085] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc00010dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010dd28) returned 1 [0101.085] VirtualAlloc (lpAddress=0xc0001f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f0000 [0101.086] ReadFile (in: hFile=0x170, lpBuffer=0xc0000fe480, nNumberOfBytesToRead=0x461, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe480*, lpNumberOfBytesRead=0xc00010dc04*=0x261, lpOverlapped=0x0) returned 1 [0101.099] ReadFile (in: hFile=0x170, lpBuffer=0xc0000fe6e1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe6e1*, lpNumberOfBytesRead=0xc00010dc04*=0x0, lpOverlapped=0x0) returned 1 [0101.099] CloseHandle (hObject=0x170) returned 1 [0101.099] VirtualAlloc (lpAddress=0xc0001f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f2000 [0101.099] VirtualAlloc (lpAddress=0xc0001f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f4000 [0101.100] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0101.101] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc00010dd04 | out: lpMode=0xc00010dd04) returned 0 [0101.105] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.111] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.115] SetEvent (hEvent=0x9c) returned 1 [0101.115] SetEvent (hEvent=0xb8) returned 1 [0101.115] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0101.115] VirtualFree (lpAddress=0xc000222000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.116] VirtualFree (lpAddress=0xc000218000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.116] VirtualFree (lpAddress=0xc0001ee000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0101.116] VirtualFree (lpAddress=0xc00015e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.116] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.117] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.117] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.117] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.118] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.118] VirtualFree (lpAddress=0xc000054000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0101.118] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.118] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.119] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.119] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.119] GetFileType (hFile=0x128) returned 0x1 [0101.119] WriteFile (in: hFile=0x128, lpBuffer=0xc000104000*, nNumberOfBytesToWrite=0x360, lpNumberOfBytesWritten=0xc0001a7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesWritten=0xc0001a7cec*=0x360, lpOverlapped=0x0) returned 1 [0101.121] CloseHandle (hObject=0x128) returned 1 [0101.121] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0101.121] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0101.121] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0101.122] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001a7d64 | out: lpMode=0xc0001a7d64) returned 0 [0101.125] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.131] GetFileType (hFile=0x128) returned 0x1 [0101.131] VirtualAlloc (lpAddress=0xc0001f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f8000 [0101.131] VirtualAlloc (lpAddress=0xc0001fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fa000 [0101.132] WriteFile (in: hFile=0x128, lpBuffer=0xc0001fa000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001fa000*, lpNumberOfBytesWritten=0xc0001a7d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.132] CloseHandle (hObject=0x128) returned 1 [0101.132] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\encry-dasherSettingSchema.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\encry-dashersettingschema.json"), dwFlags=0x1) returned 1 [0101.133] SwitchToThread () returned 1 [0101.133] SetEvent (hEvent=0x9c) returned 1 [0101.133] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.134] SetEvent (hEvent=0x9c) returned 1 [0101.134] SetEvent (hEvent=0xb8) returned 1 [0101.134] SetEvent (hEvent=0x8c) returned 1 [0101.134] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.135] SetEvent (hEvent=0xb8) returned 1 [0101.135] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.136] VirtualFree (lpAddress=0xc0001f6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.137] VirtualFree (lpAddress=0xc0001e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.137] VirtualFree (lpAddress=0xc000164000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0101.137] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.138] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.138] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.138] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.138] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.139] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.139] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.139] SetEvent (hEvent=0x8c) returned 1 [0101.139] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.142] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.144] SetEvent (hEvent=0xb8) returned 1 [0101.144] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.146] SetEvent (hEvent=0x9c) returned 1 [0101.146] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.148] SetEvent (hEvent=0xb8) returned 1 [0101.148] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.154] SetEvent (hEvent=0xb8) returned 1 [0101.154] SetEvent (hEvent=0x8c) returned 1 [0101.154] VirtualFree (lpAddress=0xc000238000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.154] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.154] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.155] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.155] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.155] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.155] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0101.156] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0101.156] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0101.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0101.157] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000185cf4 | out: lpMode=0xc000185cf4) returned 0 [0101.162] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.166] GetFileType (hFile=0x174) returned 0x1 [0101.166] GetFileType (hFile=0x174) returned 0x1 [0101.166] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc000185d44 | out: lpFileInformation=0xc000185d44) returned 1 [0101.166] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc000185d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000185d28) returned 1 [0101.166] ReadFile (in: hFile=0x174, lpBuffer=0xc00004e500, nNumberOfBytesToRead=0x4bd, lpNumberOfBytesRead=0xc000185c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e500*, lpNumberOfBytesRead=0xc000185c04*=0x2bd, lpOverlapped=0x0) returned 1 [0101.168] ReadFile (in: hFile=0x174, lpBuffer=0xc00004e7bd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000185c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e7bd*, lpNumberOfBytesRead=0xc000185c04*=0x0, lpOverlapped=0x0) returned 1 [0101.168] CloseHandle (hObject=0x174) returned 1 [0101.168] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.170] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000185d04 | out: lpMode=0xc000185d04) returned 0 [0101.174] GetFileType (hFile=0x174) returned 0x1 [0101.174] WriteFile (in: hFile=0x174, lpBuffer=0xc00005e840*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0xc000185cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005e840*, lpNumberOfBytesWritten=0xc000185cec*=0x2c0, lpOverlapped=0x0) returned 1 [0101.175] CloseHandle (hObject=0x174) returned 1 [0101.176] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0101.176] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0101.176] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0101.177] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.177] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000185d64 | out: lpMode=0xc000185d64) returned 0 [0101.179] GetFileType (hFile=0x174) returned 0x1 [0101.179] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000185d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000185d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.179] CloseHandle (hObject=0x174) returned 1 [0101.179] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0101.180] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\de\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.181] SwitchToThread () returned 1 [0101.183] SetEvent (hEvent=0xb8) returned 1 [0101.183] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.185] SetEvent (hEvent=0x9c) returned 1 [0101.185] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.187] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.198] SetEvent (hEvent=0xb8) returned 1 [0101.198] GetFileType (hFile=0x16c) returned 0x1 [0101.198] WriteFile (in: hFile=0x16c, lpBuffer=0xc00005e000*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xc000069cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesWritten=0xc000069cec*=0x290, lpOverlapped=0x0) returned 1 [0101.200] CloseHandle (hObject=0x16c) returned 1 [0101.200] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.200] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0101.200] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0101.201] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0101.201] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0101.201] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0101.202] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0101.202] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000069d64 | out: lpMode=0xc000069d64) returned 0 [0101.208] GetFileType (hFile=0x16c) returned 0x1 [0101.208] WriteFile (in: hFile=0x16c, lpBuffer=0xc000060580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000069d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000060580*, lpNumberOfBytesWritten=0xc000069d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.208] CloseHandle (hObject=0x16c) returned 1 [0101.209] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.209] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.267] SetEvent (hEvent=0x15c) returned 1 [0101.267] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.291] SetEvent (hEvent=0x9c) returned 1 [0101.291] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.377] SetEvent (hEvent=0x8c) returned 1 [0101.377] SetEvent (hEvent=0x120) returned 1 [0101.377] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.405] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.407] SetEvent (hEvent=0x8c) returned 1 [0101.407] SetEvent (hEvent=0x100) returned 1 [0101.407] SetEvent (hEvent=0xb8) returned 1 [0101.407] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.410] VirtualFree (lpAddress=0xc0001f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.411] VirtualFree (lpAddress=0xc0001f4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.411] VirtualFree (lpAddress=0xc0001ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.411] VirtualFree (lpAddress=0xc0001d4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.411] VirtualFree (lpAddress=0xc000160000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0101.412] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.412] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.412] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.413] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.413] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.413] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.413] SwitchToThread () returned 1 [0101.414] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.416] SetEvent (hEvent=0x120) returned 1 [0101.416] VirtualFree (lpAddress=0xc00027c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.416] VirtualFree (lpAddress=0xc00026e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.416] VirtualFree (lpAddress=0xc0001d6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.417] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.417] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.417] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.417] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.418] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.418] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0101.419] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0101.419] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0101.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0101.420] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000229cf4 | out: lpMode=0xc000229cf4) returned 0 [0101.430] GetFileType (hFile=0x16c) returned 0x1 [0101.430] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0101.430] GetFileType (hFile=0x16c) returned 0x1 [0101.430] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc000229d44 | out: lpFileInformation=0xc000229d44) returned 1 [0101.430] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc000229d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000229d28) returned 1 [0101.431] ReadFile (in: hFile=0x16c, lpBuffer=0xc000272000, nNumberOfBytesToRead=0x4c6, lpNumberOfBytesRead=0xc000229c04, lpOverlapped=0x0 | out: lpBuffer=0xc000272000*, lpNumberOfBytesRead=0xc000229c04*=0x2c6, lpOverlapped=0x0) returned 1 [0101.441] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.447] SetEvent (hEvent=0xb8) returned 1 [0101.447] ReadFile (in: hFile=0x16c, lpBuffer=0xc0002722c6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000229c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002722c6*, lpNumberOfBytesRead=0xc000229c04*=0x0, lpOverlapped=0x0) returned 1 [0101.447] CloseHandle (hObject=0x16c) returned 1 [0101.447] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.461] SetEvent (hEvent=0xb8) returned 1 [0101.461] SetEvent (hEvent=0x15c) returned 1 [0101.461] SwitchToThread () returned 1 [0101.469] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8279b800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8279df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.469] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.470] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8279b800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8279df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.470] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8279b800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8279df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.470] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8279df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.470] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.470] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.470] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0101.471] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0101.471] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8279df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8279df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29a)) returned 1 [0101.472] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827a2d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827a5440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.472] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827a2d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827a5440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.472] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827a2d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827a5440, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.472] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827a5440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.472] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.472] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.473] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827a5440, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827a5440, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29b)) returned 1 [0101.480] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827aa260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827af080, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.480] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.480] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827aa260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827af080, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.481] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827aa260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827af080, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.481] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827af080, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x295, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.481] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.481] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.481] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_pt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827af080, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827af080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x295)) returned 1 [0101.481] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827b3ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b65b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827b65b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0101.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0101.482] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827b3ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b65b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827b65b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0101.482] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x827b3ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b65b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x827b65b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0101.482] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827b65b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b8cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0101.482] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0101.482] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0101.482] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ro\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x827b65b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x827b8cc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ab2840, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29c)) returned 1 [0101.491] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.492] SetEvent (hEvent=0xb8) returned 1 [0101.492] SwitchToThread () returned 1 [0101.593] SwitchToThread () returned 1 [0101.594] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.601] SetEvent (hEvent=0x15c) returned 1 [0101.601] SwitchToThread () returned 1 [0101.605] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0101.605] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0101.606] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0101.606] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0101.607] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001bbcf4 | out: lpMode=0xc0001bbcf4) returned 0 [0101.613] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.619] SetEvent (hEvent=0xb8) returned 1 [0101.619] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.632] SetEvent (hEvent=0xb8) returned 1 [0101.632] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586430*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018f818, lpReserved=0x0 | out: lpBuffer=0xc000586430*, lpNumberOfCharsWritten=0xc00018f818*=0x3) returned 1 [0101.639] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586436*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000275818, lpReserved=0x0 | out: lpBuffer=0xc000586436*, lpNumberOfCharsWritten=0xc000275818*=0x3) returned 1 [0101.645] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586440*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b3818, lpReserved=0x0 | out: lpBuffer=0xc000586440*, lpNumberOfCharsWritten=0xc0001b3818*=0x3) returned 1 [0101.648] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.651] SetEvent (hEvent=0x100) returned 1 [0101.651] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.654] SetEvent (hEvent=0x120) returned 1 [0101.654] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.655] VirtualFree (lpAddress=0xc000158000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0101.655] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.656] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.656] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.656] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.656] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.657] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.657] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.657] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.657] SetEvent (hEvent=0x100) returned 1 [0101.657] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.685] SetEvent (hEvent=0xb8) returned 1 [0101.685] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.688] SetEvent (hEvent=0x100) returned 1 [0101.688] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.690] SetEvent (hEvent=0x120) returned 1 [0101.690] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.730] SetEvent (hEvent=0x100) returned 1 [0101.730] SetEvent (hEvent=0x8c) returned 1 [0101.730] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.743] SetEvent (hEvent=0x9c) returned 1 [0101.743] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.799] SetEvent (hEvent=0x9c) returned 1 [0101.799] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0101.800] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0101.800] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0101.800] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0101.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0101.801] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001b7cf4 | out: lpMode=0xc0001b7cf4) returned 0 [0101.803] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.804] SetEvent (hEvent=0x9c) returned 1 [0101.804] GetFileType (hFile=0x128) returned 0x1 [0101.804] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.811] GetFileType (hFile=0x128) returned 0x1 [0101.811] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0001b7d44 | out: lpFileInformation=0xc0001b7d44) returned 1 [0101.811] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0001b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b7d28) returned 1 [0101.811] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0101.812] ReadFile (in: hFile=0x128, lpBuffer=0xc00021c000, nNumberOfBytesToRead=0x515, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021c000*, lpNumberOfBytesRead=0xc0001b7c04*=0x315, lpOverlapped=0x0) returned 1 [0101.820] ReadFile (in: hFile=0x128, lpBuffer=0xc00021c315, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021c315*, lpNumberOfBytesRead=0xc0001b7c04*=0x0, lpOverlapped=0x0) returned 1 [0101.821] CloseHandle (hObject=0x128) returned 1 [0101.821] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0101.821] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0101.821] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0101.822] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0101.822] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0101.822] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0101.823] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0101.824] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001b7d04 | out: lpMode=0xc0001b7d04) returned 0 [0101.831] GetFileType (hFile=0x128) returned 0x1 [0101.831] WriteFile (in: hFile=0x128, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0xc0001b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc0001b7cec*=0x320, lpOverlapped=0x0) returned 1 [0101.832] CloseHandle (hObject=0x128) returned 1 [0101.832] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0101.833] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0101.833] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0101.834] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0101.834] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0101.835] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0101.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0101.835] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001b7d64 | out: lpMode=0xc0001b7d64) returned 0 [0101.850] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.859] SetEvent (hEvent=0xb8) returned 1 [0101.859] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.859] SetEvent (hEvent=0xb8) returned 1 [0101.859] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.860] SetEvent (hEvent=0xb8) returned 1 [0101.860] SetEvent (hEvent=0x8c) returned 1 [0101.860] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0101.860] VirtualFree (lpAddress=0xc000222000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.861] VirtualFree (lpAddress=0xc00021a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0101.861] VirtualFree (lpAddress=0xc000210000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0101.861] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0101.862] VirtualFree (lpAddress=0xc000176000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0101.862] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.862] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.863] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.863] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.863] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.864] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.864] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.864] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.865] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.865] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0101.866] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001afcf4 | out: lpMode=0xc0001afcf4) returned 0 [0101.866] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.911] GetFileType (hFile=0x170) returned 0x1 [0101.911] GetFileType (hFile=0x170) returned 0x1 [0101.911] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc0001afd44 | out: lpFileInformation=0xc0001afd44) returned 1 [0101.911] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc0001afd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001afd28) returned 1 [0101.911] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0101.911] ReadFile (in: hFile=0x170, lpBuffer=0xc00006e000, nNumberOfBytesToRead=0x480, lpNumberOfBytesRead=0xc0001afc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesRead=0xc0001afc04*=0x280, lpOverlapped=0x0) returned 1 [0101.914] ReadFile (in: hFile=0x170, lpBuffer=0xc00006e280, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001afc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e280*, lpNumberOfBytesRead=0xc0001afc04*=0x0, lpOverlapped=0x0) returned 1 [0101.914] CloseHandle (hObject=0x170) returned 1 [0101.914] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0101.915] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0101.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0101.916] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001afd04 | out: lpMode=0xc0001afd04) returned 0 [0101.917] GetFileType (hFile=0x170) returned 0x1 [0101.917] WriteFile (in: hFile=0x170, lpBuffer=0xc00006c2c0*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xc0001afcec, lpOverlapped=0x0 | out: lpBuffer=0xc00006c2c0*, lpNumberOfBytesWritten=0xc0001afcec*=0x290, lpOverlapped=0x0) returned 1 [0101.919] CloseHandle (hObject=0x170) returned 1 [0101.919] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0101.919] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.919] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0101.920] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0101.920] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0101.920] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001afd64 | out: lpMode=0xc0001afd64) returned 0 [0101.929] GetFileType (hFile=0x170) returned 0x1 [0101.929] WriteFile (in: hFile=0x170, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001afd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001afd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.930] CloseHandle (hObject=0x170) returned 1 [0101.930] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0101.930] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0101.931] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_TW\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\zh_tw\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.932] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.933] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0101.933] SetEvent (hEvent=0xc0) returned 1 [0101.933] SetEvent (hEvent=0x9c) returned 1 [0101.933] SetEvent (hEvent=0x120) returned 1 [0101.933] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0101.935] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.937] SetEvent (hEvent=0x120) returned 1 [0101.937] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.946] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0101.946] SetEvent (hEvent=0x120) returned 1 [0101.946] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.958] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.959] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0101.959] SetEvent (hEvent=0xb8) returned 1 [0101.959] SetEvent (hEvent=0x8c) returned 1 [0101.959] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.960] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.969] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0101.969] SetEvent (hEvent=0x8c) returned 1 [0101.969] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.982] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.982] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0101.982] SetEvent (hEvent=0xb8) returned 1 [0101.982] SetEvent (hEvent=0x100) returned 1 [0101.982] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.987] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0101.987] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0101.987] SetEvent (hEvent=0x100) returned 1 [0101.987] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.994] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.996] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0101.996] SetEvent (hEvent=0xc0) returned 1 [0101.996] SetEvent (hEvent=0xb8) returned 1 [0101.996] SetEvent (hEvent=0x8c) returned 1 [0101.997] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.006] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.027] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0102.027] SetEvent (hEvent=0x9c) returned 1 [0102.027] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.036] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0102.036] SetEvent (hEvent=0xb8) returned 1 [0102.036] SetEvent (hEvent=0x120) returned 1 [0102.036] VirtualAlloc (lpAddress=0xc00026c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026c000 [0102.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.042] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.043] SetEvent (hEvent=0xb8) returned 1 [0102.043] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.050] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.051] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0102.051] SetEvent (hEvent=0x8c) returned 1 [0102.051] SetEvent (hEvent=0xb8) returned 1 [0102.051] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.053] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0102.054] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001c7cf4 | out: lpMode=0xc0001c7cf4) returned 0 [0102.061] GetFileType (hFile=0x174) returned 0x1 [0102.061] GetFileType (hFile=0x174) returned 0x1 [0102.061] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0001c7d44 | out: lpFileInformation=0xc0001c7d44) returned 1 [0102.061] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0001c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c7d28) returned 1 [0102.061] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0102.061] VirtualAlloc (lpAddress=0xc0001d4000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d4000 [0102.062] ReadFile (in: hFile=0x174, lpBuffer=0xc0001d4000, nNumberOfBytesToRead=0x2ffa, lpNumberOfBytesRead=0xc0001c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001d4000*, lpNumberOfBytesRead=0xc0001c7c04*=0x2dfa, lpOverlapped=0x0) returned 1 [0102.069] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.126] ReadFile (in: hFile=0x174, lpBuffer=0xc0001d6dfa, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6dfa*, lpNumberOfBytesRead=0xc0001c7c04*=0x0, lpOverlapped=0x0) returned 1 [0102.126] CloseHandle (hObject=0x174) returned 1 [0102.126] SetEvent (hEvent=0x9c) returned 1 [0102.126] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.162] SetEvent (hEvent=0x13c) returned 1 [0102.162] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.569] SetEvent (hEvent=0xfc) returned 1 [0102.569] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0102.569] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0000f7cf4 | out: lpMode=0xc0000f7cf4) returned 0 [0102.572] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.572] SetEvent (hEvent=0xfc) returned 1 [0102.572] GetFileType (hFile=0x148) returned 0x1 [0102.573] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.576] SetEvent (hEvent=0x100) returned 1 [0102.577] GetFileType (hFile=0x148) returned 0x1 [0102.577] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.586] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc0000f7d44 | out: lpFileInformation=0xc0000f7d44) returned 1 [0102.586] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc0000f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f7d28) returned 1 [0102.586] SetEvent (hEvent=0x108) returned 1 [0102.586] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.638] SetEvent (hEvent=0x100) returned 1 [0102.638] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.643] SetEvent (hEvent=0x100) returned 1 [0102.643] SetEvent (hEvent=0xfc) returned 1 [0102.643] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0102.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0102.644] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001f9cf4 | out: lpMode=0xc0001f9cf4) returned 0 [0102.645] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.651] GetFileType (hFile=0x170) returned 0x1 [0102.652] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0102.652] GetFileType (hFile=0x170) returned 0x1 [0102.652] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc0001f9d44 | out: lpFileInformation=0xc0001f9d44) returned 1 [0102.652] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc0001f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f9d28) returned 1 [0102.652] ReadFile (in: hFile=0x170, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0x327, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc0001f9c04*=0x127, lpOverlapped=0x0) returned 1 [0102.653] ReadFile (in: hFile=0x170, lpBuffer=0xc00006a127, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a127*, lpNumberOfBytesRead=0xc0001f9c04*=0x0, lpOverlapped=0x0) returned 1 [0102.653] CloseHandle (hObject=0x170) returned 1 [0102.653] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0102.654] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0102.654] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0102.654] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0102.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.656] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001f9d04 | out: lpMode=0xc0001f9d04) returned 0 [0102.656] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.665] GetFileType (hFile=0x170) returned 0x1 [0102.665] WriteFile (in: hFile=0x170, lpBuffer=0xc00013a000*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0xc0001f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesWritten=0xc0001f9cec*=0x130, lpOverlapped=0x0) returned 1 [0102.666] CloseHandle (hObject=0x170) returned 1 [0102.666] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0102.666] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0102.667] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0102.667] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0102.667] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0102.667] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0102.668] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0102.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.668] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0001f9d64 | out: lpMode=0xc0001f9d64) returned 0 [0102.675] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.681] SetEvent (hEvent=0x13c) returned 1 [0102.681] GetFileType (hFile=0x170) returned 0x1 [0102.681] WriteFile (in: hFile=0x170, lpBuffer=0xc00005a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00005a2c0*, lpNumberOfBytesWritten=0xc0001f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.681] CloseHandle (hObject=0x170) returned 1 [0102.682] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.682] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.688] SetEvent (hEvent=0x13c) returned 1 [0102.688] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.690] SetEvent (hEvent=0x114) returned 1 [0102.690] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.694] SwitchToThread () returned 1 [0102.695] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.699] SetEvent (hEvent=0x13c) returned 1 [0102.699] SetEvent (hEvent=0x100) returned 1 [0102.699] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0102.700] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0102.700] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.700] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0102.701] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*", lpFindFileData=0xc0000751d0 | out: lpFindFileData=0xc0000751d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.701] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.701] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836e0310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5817.313.0.5_0", cAlternateFileName="581731~1.5_0")) returned 1 [0102.701] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.701] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.701] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836e0310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.704] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.711] SetEvent (hEvent=0x13c) returned 1 [0102.712] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.712] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\*", lpFindFileData=0xc0000750f8 | out: lpFindFileData=0xc0000750f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836e0310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.716] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0102.716] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836e0310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.720] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83637bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8363f0f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x8c0bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="angular.js", cAlternateFileName="")) returned 1 [0102.720] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83641800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83643f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xa89c, dwReserved0=0x0, dwReserved1=0x0, cFileName="background_script.js", cAlternateFileName="BACKGR~1.JS")) returned 1 [0102.720] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83646620, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83648d30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x181aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="cast_game_sender.js", cAlternateFileName="CAST_G~1.JS")) returned 1 [0102.720] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8364db50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8364db50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x111e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="cast_route_details.html", cAlternateFileName="CAST_R~1.HTM")) returned 1 [0102.720] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83652970, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83657790, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3a258, dwReserved0=0x0, dwReserved1=0x0, cFileName="cast_route_details.js", cAlternateFileName="CAST_R~1.JS")) returned 1 [0102.720] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8365ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836613d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xce17, dwReserved0=0x0, dwReserved1=0x0, cFileName="cast_sender.js", cAlternateFileName="CAST_S~1.JS")) returned 1 [0102.720] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83663ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836884d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x836884d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cast_setup", cAlternateFileName="CAST_S~1")) returned 1 [0102.720] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8368d2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83694820, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83694820, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cloud_route_details", cAlternateFileName="CLOUD_~1")) returned 1 [0102.720] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83696f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83699640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xc878, dwReserved0=0x0, dwReserved1=0x0, cFileName="common.js", cAlternateFileName="")) returned 1 [0102.720] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8369bd50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8369bd50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xc26, dwReserved0=0x0, dwReserved1=0x0, cFileName="feedback.css", cAlternateFileName="")) returned 1 [0102.720] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836a0b70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836a0b70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x38a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="feedback.html", cAlternateFileName="FEEDBA~1.HTM")) returned 1 [0102.720] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836a5990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836a5990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x2b20, dwReserved0=0x0, dwReserved1=0x0, cFileName="feedback_script.js", cAlternateFileName="FEEDBA~1.JS")) returned 1 [0102.720] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833dcb50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836af5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8395fd70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0102.721] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836b1ce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836b43f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x46039, dwReserved0=0x0, dwReserved1=0x0, cFileName="material_css_min.css", cAlternateFileName="MATERI~1.CSS")) returned 1 [0102.721] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836b6b00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836b9210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x7c33, dwReserved0=0x0, dwReserved1=0x0, cFileName="mirroring_cast_streaming.js", cAlternateFileName="MIRROR~1.JS")) returned 1 [0102.721] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836c2e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836c5560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x2adeb, dwReserved0=0x0, dwReserved1=0x0, cFileName="mirroring_common.js", cAlternateFileName="MIRROR~2.JS")) returned 1 [0102.721] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836ca380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836cf1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x794cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="mirroring_hangouts.js", cAlternateFileName="MIRROR~3.JS")) returned 1 [0102.721] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836d3fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836d66d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x941, dwReserved0=0x0, dwReserved1=0x0, cFileName="mirroring_webrtc.js", cAlternateFileName="MIRROR~4.JS")) returned 1 [0102.721] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e6790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83624340, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83624340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0102.721] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0102.721] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.721] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.722] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e6790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83624340, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83624340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.724] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.724] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0102.724] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e6790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83624340, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83624340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.726] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.731] SetEvent (hEvent=0x13c) returned 1 [0102.731] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e6790, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83624340, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83624340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.735] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e8ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833eb5b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="am", cAlternateFileName="")) returned 1 [0102.735] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833f7900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833fee30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0102.735] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83403c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83406360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83406360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0102.735] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8340b180, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bn", cAlternateFileName="")) returned 1 [0102.735] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340ffa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834126b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834126b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0102.735] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83419be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8341c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8341c2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0102.735] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83425f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83428640, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0102.735] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8342d460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8342fb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8342fb70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0102.735] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83434990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834370a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834370a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0102.735] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8343bec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83440ce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en", cAlternateFileName="")) returned 1 [0102.735] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8344a920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8344d030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0102.735] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83451e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83454560, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0102.735] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83459380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8345ba90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fa", cAlternateFileName="")) returned 1 [0102.735] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834608b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83462fc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83467de0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8346cc00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8346cc00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83476840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83478f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8347dd70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83480480, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gu", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834852a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834879b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8348c7d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8348eee0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83496410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83498b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83498b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a2760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a4e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a7580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834aeab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b11c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834b11c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iw", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834b86f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bae00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834bae00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834c4a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c7150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834c7150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="kn", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834cbf70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ce680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ce680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834d34a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d5bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834d5bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834da9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834dd0e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834dd0e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834e9430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ebb40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ml", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834f0960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834f3070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mr", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834fccb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ff3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ms", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835041e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835068f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nb", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835794e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8357bbf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83580a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83583120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8358f470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359b7c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8359b7c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835969a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a05e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835990b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a5400, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835aa220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b1750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b1750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0102.736] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835b6570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b8c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b8c80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0102.737] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c01b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c01b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0102.737] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c4fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c9df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0102.737] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835cec10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835cec10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0102.737] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835daf60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dd670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0102.737] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dfd80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sw", cAlternateFileName="")) returned 1 [0102.737] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835e4ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835e72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ta", cAlternateFileName="")) returned 1 [0102.737] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835ec0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f0ef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="te", cAlternateFileName="")) returned 1 [0102.737] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835f5d10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f8420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f8420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0102.737] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835fd240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835ff950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835ff950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0102.737] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8360bca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8360e3b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8360e3b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0102.737] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836158e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83617ff0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0102.737] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8361ce10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8361f520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh", cAlternateFileName="")) returned 1 [0102.737] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8362b870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0102.737] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.737] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.738] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e8ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833eb5b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.739] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.739] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e8ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833eb5b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.739] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833e8ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833eb5b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833eb5b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397d230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4827, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.740] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.740] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.740] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\am\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833eb5b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833eb5b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397d230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4827)) returned 1 [0102.746] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833f7900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833fee30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.747] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833f7900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833fee30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.747] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x833f7900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x833fee30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.747] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833fee30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x45bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.747] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.747] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.747] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ar\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x833fee30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x833fee30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x45bf)) returned 1 [0102.747] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83403c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83406360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83406360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.748] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83403c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83406360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83406360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.748] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83403c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83406360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83406360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.748] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83406360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83408a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4b63, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.748] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.748] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.748] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bg\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83406360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83408a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4b63)) returned 1 [0102.750] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.775] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.805] SetEvent (hEvent=0x100) returned 1 [0102.805] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.899] SetEvent (hEvent=0x13c) returned 1 [0102.899] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.934] SetEvent (hEvent=0x15c) returned 1 [0102.934] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0102.997] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0103.003] SetEvent (hEvent=0x108) returned 1 [0103.003] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0103.013] SetEvent (hEvent=0x114) returned 1 [0103.013] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0103.023] SetEvent (hEvent=0x15c) returned 1 [0103.023] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0103.033] SetEvent (hEvent=0x108) returned 1 [0103.033] SetEvent (hEvent=0x114) returned 1 [0103.033] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0103.036] SetEvent (hEvent=0x15c) returned 1 [0103.037] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0103.399] SetEvent (hEvent=0x108) returned 1 [0103.399] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0103.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0103.407] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00004bcf4 | out: lpMode=0xc00004bcf4) returned 0 [0103.409] GetFileType (hFile=0x174) returned 0x1 [0103.409] GetFileType (hFile=0x174) returned 0x1 [0103.409] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc00004bd44 | out: lpFileInformation=0xc00004bd44) returned 1 [0103.409] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc00004bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00004bd28) returned 1 [0103.409] ReadFile (in: hFile=0x174, lpBuffer=0xc000213000, nNumberOfBytesToRead=0x423a, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000213000*, lpNumberOfBytesRead=0xc00004bc04*=0x403a, lpOverlapped=0x0) returned 1 [0103.465] ReadFile (in: hFile=0x174, lpBuffer=0xc00021703a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021703a*, lpNumberOfBytesRead=0xc00004bc04*=0x0, lpOverlapped=0x0) returned 1 [0103.465] CloseHandle (hObject=0x174) returned 1 [0103.466] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0103.467] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00004bd04 | out: lpMode=0xc00004bd04) returned 0 [0103.479] GetFileType (hFile=0x174) returned 0x1 [0103.479] WriteFile (in: hFile=0x174, lpBuffer=0xc0002ab800*, nNumberOfBytesToWrite=0x4040, lpNumberOfBytesWritten=0xc00004bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002ab800*, lpNumberOfBytesWritten=0xc00004bcec*=0x4040, lpOverlapped=0x0) returned 1 [0103.480] CloseHandle (hObject=0x174) returned 1 [0103.480] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0103.480] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0103.480] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00004bd64 | out: lpMode=0xc00004bd64) returned 0 [0103.498] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0103.531] GetFileType (hFile=0x174) returned 0x1 [0103.531] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00004bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00004bd4c*=0x158, lpOverlapped=0x0) returned 1 [0103.531] CloseHandle (hObject=0x174) returned 1 [0103.531] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.532] SetEvent (hEvent=0x114) returned 1 [0103.532] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0103.535] SetEvent (hEvent=0x188) returned 1 [0103.535] SetEvent (hEvent=0xb8) returned 1 [0103.535] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0103.542] VirtualFree (lpAddress=0xc0002b0000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0103.543] VirtualFree (lpAddress=0xc00027c000, dwSize=0x22000, dwFreeType=0x4000) returned 1 [0103.544] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.544] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.544] VirtualFree (lpAddress=0xc000160000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0103.544] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.545] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.545] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.545] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.545] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.545] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.546] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.546] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.546] SetEvent (hEvent=0x9c) returned 1 [0103.546] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0103.590] SetEvent (hEvent=0x9c) returned 1 [0103.590] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0103.600] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0103.602] SetEvent (hEvent=0x188) returned 1 [0103.602] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0104.569] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1c0 [0104.570] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0xc000183cf4 | out: lpMode=0xc000183cf4) returned 0 [0104.577] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0104.640] SetEvent (hEvent=0x1a0) returned 1 [0104.641] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0107.950] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0107.950] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020f0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00011b818, lpReserved=0x0 | out: lpBuffer=0xc0001020f0*, lpNumberOfCharsWritten=0xc00011b818*=0x4) returned 1 [0107.951] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020f8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000289818, lpReserved=0x0 | out: lpBuffer=0xc0001020f8*, lpNumberOfCharsWritten=0xc000289818*=0x4) returned 1 [0107.952] SetEvent (hEvent=0x8c) returned 1 [0107.952] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102100*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc000102100*, lpNumberOfCharsWritten=0xc000117818*=0x4) returned 1 [0107.952] SetEvent (hEvent=0x8c) returned 1 [0107.952] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102108*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001fb818, lpReserved=0x0 | out: lpBuffer=0xc000102108*, lpNumberOfCharsWritten=0xc0001fb818*=0x4) returned 1 [0107.953] SetEvent (hEvent=0x8c) returned 1 [0107.953] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102190*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004db818, lpReserved=0x0 | out: lpBuffer=0xc000102190*, lpNumberOfCharsWritten=0xc0004db818*=0x4) returned 1 [0107.954] SetEvent (hEvent=0x8c) returned 1 [0107.954] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102198*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000063818, lpReserved=0x0 | out: lpBuffer=0xc000102198*, lpNumberOfCharsWritten=0xc000063818*=0x4) returned 1 [0107.954] SetEvent (hEvent=0x8c) returned 1 [0107.954] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00018d818, lpReserved=0x0 | out: lpBuffer=0xc0001021b0*, lpNumberOfCharsWritten=0xc00018d818*=0x4) returned 1 [0107.955] SetEvent (hEvent=0x8c) returned 1 [0107.955] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000159818, lpReserved=0x0 | out: lpBuffer=0xc0001021b8*, lpNumberOfCharsWritten=0xc000159818*=0x4) returned 1 [0107.956] SetEvent (hEvent=0x8c) returned 1 [0107.956] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000151818, lpReserved=0x0 | out: lpBuffer=0xc0001021d0*, lpNumberOfCharsWritten=0xc000151818*=0x4) returned 1 [0107.957] SetEvent (hEvent=0x8c) returned 1 [0107.957] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc0001021d8*, lpNumberOfCharsWritten=0xc0006dd818*=0x4) returned 1 [0107.957] SetEvent (hEvent=0x8c) returned 1 [0107.958] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000111818, lpReserved=0x0 | out: lpBuffer=0xc0001021e0*, lpNumberOfCharsWritten=0xc000111818*=0x4) returned 1 [0107.958] SetEvent (hEvent=0x8c) returned 1 [0107.958] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021e8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00019b818, lpReserved=0x0 | out: lpBuffer=0xc0001021e8*, lpNumberOfCharsWritten=0xc00019b818*=0x4) returned 1 [0107.959] SetEvent (hEvent=0x8c) returned 1 [0107.959] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102220*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000139818, lpReserved=0x0 | out: lpBuffer=0xc000102220*, lpNumberOfCharsWritten=0xc000139818*=0x4) returned 1 [0107.960] SetEvent (hEvent=0x8c) returned 1 [0107.960] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102228*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000193818, lpReserved=0x0 | out: lpBuffer=0xc000102228*, lpNumberOfCharsWritten=0xc000193818*=0x4) returned 1 [0107.960] SetEvent (hEvent=0x8c) returned 1 [0107.961] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102250*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000273818, lpReserved=0x0 | out: lpBuffer=0xc000102250*, lpNumberOfCharsWritten=0xc000273818*=0x4) returned 1 [0107.961] SetEvent (hEvent=0x8c) returned 1 [0107.961] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102258*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000b7818, lpReserved=0x0 | out: lpBuffer=0xc000102258*, lpNumberOfCharsWritten=0xc0000b7818*=0x4) returned 1 [0107.962] SetEvent (hEvent=0x8c) returned 1 [0107.962] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102280*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000b9818, lpReserved=0x0 | out: lpBuffer=0xc000102280*, lpNumberOfCharsWritten=0xc0000b9818*=0x4) returned 1 [0107.963] SetEvent (hEvent=0x8c) returned 1 [0107.963] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102288*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001d3818, lpReserved=0x0 | out: lpBuffer=0xc000102288*, lpNumberOfCharsWritten=0xc0001d3818*=0x4) returned 1 [0107.964] SetEvent (hEvent=0x8c) returned 1 [0107.964] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001022a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00027b818, lpReserved=0x0 | out: lpBuffer=0xc0001022a0*, lpNumberOfCharsWritten=0xc00027b818*=0x4) returned 1 [0107.964] SetEvent (hEvent=0x8c) returned 1 [0107.964] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001022a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000283818, lpReserved=0x0 | out: lpBuffer=0xc0001022a8*, lpNumberOfCharsWritten=0xc000283818*=0x4) returned 1 [0107.965] SetEvent (hEvent=0x8c) returned 1 [0107.965] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001022b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000211818, lpReserved=0x0 | out: lpBuffer=0xc0001022b0*, lpNumberOfCharsWritten=0xc000211818*=0x4) returned 1 [0107.966] SetEvent (hEvent=0x8c) returned 1 [0107.966] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001022b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001bb818, lpReserved=0x0 | out: lpBuffer=0xc0001022b8*, lpNumberOfCharsWritten=0xc0001bb818*=0x4) returned 1 [0107.966] SetEvent (hEvent=0x8c) returned 1 [0107.966] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001022c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00027d818, lpReserved=0x0 | out: lpBuffer=0xc0001022c0*, lpNumberOfCharsWritten=0xc00027d818*=0x4) returned 1 [0107.967] SetEvent (hEvent=0x8c) returned 1 [0107.967] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001022c8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000285818, lpReserved=0x0 | out: lpBuffer=0xc0001022c8*, lpNumberOfCharsWritten=0xc000285818*=0x4) returned 1 [0107.967] SetEvent (hEvent=0x8c) returned 1 [0107.967] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102320*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001a1818, lpReserved=0x0 | out: lpBuffer=0xc000102320*, lpNumberOfCharsWritten=0xc0001a1818*=0x4) returned 1 [0107.968] SetEvent (hEvent=0x8c) returned 1 [0107.968] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102328*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001ad818, lpReserved=0x0 | out: lpBuffer=0xc000102328*, lpNumberOfCharsWritten=0xc0001ad818*=0x4) returned 1 [0107.968] SetEvent (hEvent=0x8c) returned 1 [0107.968] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102340*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000165818, lpReserved=0x0 | out: lpBuffer=0xc000102340*, lpNumberOfCharsWritten=0xc000165818*=0x4) returned 1 [0107.969] SetEvent (hEvent=0x8c) returned 1 [0107.969] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102348*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000161818, lpReserved=0x0 | out: lpBuffer=0xc000102348*, lpNumberOfCharsWritten=0xc000161818*=0x4) returned 1 [0107.969] SetEvent (hEvent=0x8c) returned 1 [0107.969] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102350*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00029b818, lpReserved=0x0 | out: lpBuffer=0xc000102350*, lpNumberOfCharsWritten=0xc00029b818*=0x3) returned 1 [0107.970] SetEvent (hEvent=0x8c) returned 1 [0107.970] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102358*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000263818, lpReserved=0x0 | out: lpBuffer=0xc000102358*, lpNumberOfCharsWritten=0xc000263818*=0x4) returned 1 [0107.970] SetEvent (hEvent=0x8c) returned 1 [0107.970] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000267818, lpReserved=0x0 | out: lpBuffer=0xc0000101a0*, lpNumberOfCharsWritten=0xc000267818*=0x4) returned 1 [0107.970] SetEvent (hEvent=0x8c) returned 1 [0107.971] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000049818, lpReserved=0x0 | out: lpBuffer=0xc0000101a8*, lpNumberOfCharsWritten=0xc000049818*=0x4) returned 1 [0107.971] SetEvent (hEvent=0x8c) returned 1 [0107.971] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102360*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000219818, lpReserved=0x0 | out: lpBuffer=0xc000102360*, lpNumberOfCharsWritten=0xc000219818*=0x3) returned 1 [0107.971] SetEvent (hEvent=0x8c) returned 1 [0107.971] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102368*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000265818, lpReserved=0x0 | out: lpBuffer=0xc000102368*, lpNumberOfCharsWritten=0xc000265818*=0x4) returned 1 [0107.972] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0108.409] SetEvent (hEvent=0xb8) returned 1 [0108.409] SetEvent (hEvent=0x1d0) returned 1 [0108.409] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0108.411] SetEvent (hEvent=0x9c) returned 1 [0108.411] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0114.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ac [0114.142] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0xc00020fcf4 | out: lpMode=0xc00020fcf4) returned 0 [0114.150] GetFileType (hFile=0x1ac) returned 0x1 [0114.150] GetFileType (hFile=0x1ac) returned 0x1 [0114.151] GetFileInformationByHandle (in: hFile=0x1ac, lpFileInformation=0xc00020fd44 | out: lpFileInformation=0xc00020fd44) returned 1 [0114.151] GetFileInformationByHandleEx (in: hFile=0x1ac, FileInformationClass=0x9, lpFileInformation=0xc00020fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020fd28) returned 1 [0114.151] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0114.153] ReadFile (in: hFile=0x1ac, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x25bf, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc00020fc04*=0x23bf, lpOverlapped=0x0) returned 1 [0114.159] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0114.224] ReadFile (in: hFile=0x1ac, lpBuffer=0xc0002323bf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002323bf*, lpNumberOfBytesRead=0xc00020fc04*=0x0, lpOverlapped=0x0) returned 1 [0114.224] CloseHandle (hObject=0x1ac) returned 1 [0114.225] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0114.275] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00020fd04 | out: lpMode=0xc00020fd04) returned 0 [0114.276] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0114.358] GetFileType (hFile=0x174) returned 0x1 [0114.358] WriteFile (in: hFile=0x174, lpBuffer=0xc0002b4500*, nNumberOfBytesToWrite=0x23c0, lpNumberOfBytesWritten=0xc00020fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b4500*, lpNumberOfBytesWritten=0xc00020fcec*=0x23c0, lpOverlapped=0x0) returned 1 [0114.362] CloseHandle (hObject=0x174) returned 1 [0114.367] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0114.381] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00038e101 | out: pbBuffer=0xc00038e101) returned 1 [0114.382] VirtualAlloc (lpAddress=0xc000390000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000390000 [0114.383] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x20c [0114.383] GetConsoleMode (in: hConsoleHandle=0x20c, lpMode=0xc00020fd64 | out: lpMode=0xc00020fd64) returned 0 [0114.385] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0114.388] GetFileType (hFile=0x20c) returned 0x1 [0114.388] WriteFile (in: hFile=0x20c, lpBuffer=0xc000040000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesWritten=0xc00020fd4c*=0x158, lpOverlapped=0x0) returned 1 [0114.388] CloseHandle (hObject=0x20c) returned 1 [0114.410] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgkY6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegky6[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEgkY6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbegky6[1].jpg"), dwFlags=0x1) returned 1 [0114.728] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0114.734] SetEvent (hEvent=0x1dc) returned 1 [0114.735] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0114.742] SetEvent (hEvent=0x198) returned 1 [0114.742] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0114.748] SetEvent (hEvent=0x1dc) returned 1 [0114.748] SetEvent (hEvent=0x198) returned 1 [0114.748] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0114.752] SetEvent (hEvent=0x1dc) returned 1 [0114.752] VirtualFree (lpAddress=0xc00038e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.752] VirtualFree (lpAddress=0xc0002d0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.752] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.753] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.753] VirtualFree (lpAddress=0xc000054000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.754] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.754] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010050*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002a1818, lpReserved=0x0 | out: lpBuffer=0xc000010050*, lpNumberOfCharsWritten=0xc0002a1818*=0x3) returned 1 [0114.757] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0114.760] SetEvent (hEvent=0x1d0) returned 1 [0114.761] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861a8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f3818, lpReserved=0x0 | out: lpBuffer=0xc0005861a8*, lpNumberOfCharsWritten=0xc0000f3818*=0x3) returned 1 [0114.766] SetEvent (hEvent=0x1d0) returned 1 [0114.766] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010056*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020f818, lpReserved=0x0 | out: lpBuffer=0xc000010056*, lpNumberOfCharsWritten=0xc00020f818*=0x3) returned 1 [0114.768] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0114.771] SetEvent (hEvent=0xb8) returned 1 [0114.771] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0114.775] SetEvent (hEvent=0x198) returned 1 [0114.775] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0114.912] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0114.935] SetEvent (hEvent=0x1f8) returned 1 [0114.935] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0114.936] SetEvent (hEvent=0x1f8) returned 1 [0114.936] SetEvent (hEvent=0x198) returned 1 [0114.936] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.937] VirtualFree (lpAddress=0xc0003e0000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0114.938] VirtualFree (lpAddress=0xc0003d4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.938] VirtualFree (lpAddress=0xc0003cc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.938] VirtualFree (lpAddress=0xc0003c8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.938] VirtualFree (lpAddress=0xc000366000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0114.939] VirtualFree (lpAddress=0xc00035c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.940] VirtualFree (lpAddress=0xc0002fa000, dwSize=0x1e000, dwFreeType=0x4000) returned 1 [0114.941] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0114.941] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x1e000, dwFreeType=0x4000) returned 1 [0114.942] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0114.943] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0114.943] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.944] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0114.944] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.945] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.945] VirtualFree (lpAddress=0xc00007a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0114.945] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.945] VirtualFree (lpAddress=0xc00006a000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0114.946] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.946] VirtualFree (lpAddress=0xc000054000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.947] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.947] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001b5818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0001b5818*=0x2) returned 1 [0114.948] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0114.952] SetEvent (hEvent=0x1c4) returned 1 [0114.953] SetEvent (hEvent=0x1f8) returned 1 [0114.953] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0114.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x208 [0114.954] GetConsoleMode (in: hConsoleHandle=0x208, lpMode=0xc00020fcf4 | out: lpMode=0xc00020fcf4) returned 0 [0114.954] GetFileType (hFile=0x208) returned 0x1 [0114.954] GetFileType (hFile=0x208) returned 0x1 [0114.955] GetFileInformationByHandle (in: hFile=0x208, lpFileInformation=0xc00020fd44 | out: lpFileInformation=0xc00020fd44) returned 1 [0114.955] GetFileInformationByHandleEx (in: hFile=0x208, FileInformationClass=0x9, lpFileInformation=0xc00020fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020fd28) returned 1 [0114.955] ReadFile (in: hFile=0x208, lpBuffer=0xc0002f8000, nNumberOfBytesToRead=0x22b, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f8000*, lpNumberOfBytesRead=0xc00020fc04*=0x2b, lpOverlapped=0x0) returned 1 [0114.957] ReadFile (in: hFile=0x208, lpBuffer=0xc0002f802b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f802b*, lpNumberOfBytesRead=0xc00020fc04*=0x0, lpOverlapped=0x0) returned 1 [0114.957] CloseHandle (hObject=0x208) returned 1 [0114.957] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0114.958] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0114.963] GetConsoleMode (in: hConsoleHandle=0x208, lpMode=0xc00020fd04 | out: lpMode=0xc00020fd04) returned 0 [0114.963] GetFileType (hFile=0x208) returned 0x1 [0114.963] WriteFile (in: hFile=0x208, lpBuffer=0xc0000c8000*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0xc00020fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000c8000*, lpNumberOfBytesWritten=0xc00020fcec*=0x30, lpOverlapped=0x0) returned 1 [0114.964] CloseHandle (hObject=0x208) returned 1 [0114.964] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0114.964] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0114.965] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0114.965] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0114.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0114.966] GetConsoleMode (in: hConsoleHandle=0x208, lpMode=0xc00020fd64 | out: lpMode=0xc00020fd64) returned 0 [0114.967] GetFileType (hFile=0x208) returned 0x1 [0114.967] WriteFile (in: hFile=0x208, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00020fd4c*=0x158, lpOverlapped=0x0) returned 1 [0114.967] CloseHandle (hObject=0x208) returned 1 [0114.967] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\collect[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-collect[1].gif"), dwFlags=0x1) returned 1 [0115.114] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0115.114] SetEvent (hEvent=0x1dc) returned 1 [0115.115] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.116] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0115.116] SetEvent (hEvent=0x1dc) returned 1 [0115.116] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.122] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.132] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.145] SetEvent (hEvent=0x1f8) returned 1 [0115.145] SetEvent (hEvent=0xfc) returned 1 [0115.145] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0115.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x210 [0115.146] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc00018fcf4 | out: lpMode=0xc00018fcf4) returned 0 [0115.148] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0115.148] GetFileType (hFile=0x210) returned 0x1 [0115.148] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0115.149] GetFileType (hFile=0x210) returned 0x1 [0115.149] GetFileInformationByHandle (in: hFile=0x210, lpFileInformation=0xc00018fd44 | out: lpFileInformation=0xc00018fd44) returned 1 [0115.149] GetFileInformationByHandleEx (in: hFile=0x210, FileInformationClass=0x9, lpFileInformation=0xc00018fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018fd28) returned 1 [0115.149] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0115.149] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x26000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0115.153] ReadFile (in: hFile=0x210, lpBuffer=0xc0002e2000, nNumberOfBytesToRead=0x25029, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesRead=0xc00018fc04*=0x24e29, lpOverlapped=0x0) returned 1 [0115.161] ReadFile (in: hFile=0x210, lpBuffer=0xc000306e29, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000306e29*, lpNumberOfBytesRead=0xc00018fc04*=0x0, lpOverlapped=0x0) returned 1 [0115.161] CloseHandle (hObject=0x210) returned 1 [0115.161] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0115.161] VirtualAlloc (lpAddress=0xc000308000, dwSize=0x26000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000308000 [0115.166] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0115.170] SetEvent (hEvent=0xc0) returned 1 [0115.170] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00018fd04 | out: lpMode=0xc00018fd04) returned 0 [0115.170] GetFileType (hFile=0x1b4) returned 0x1 [0115.170] WriteFile (in: hFile=0x1b4, lpBuffer=0xc000308000*, nNumberOfBytesToWrite=0x24e30, lpNumberOfBytesWritten=0xc00018fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000308000*, lpNumberOfBytesWritten=0xc00018fcec*=0x24e30, lpOverlapped=0x0) returned 1 [0115.177] CloseHandle (hObject=0x1b4) returned 1 [0115.177] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0115.178] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0115.178] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0115.179] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0115.179] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00018fd64 | out: lpMode=0xc00018fd64) returned 0 [0115.179] GetFileType (hFile=0x1b4) returned 0x1 [0115.179] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00018fd4c*=0x158, lpOverlapped=0x0) returned 1 [0115.179] CloseHandle (hObject=0x1b4) returned 1 [0115.179] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e4-190963-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e4-190963-91cdfbc1[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-e4-190963-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-e4-190963-91cdfbc1[1].txt"), dwFlags=0x1) returned 1 [0115.232] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.232] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0115.232] SetEvent (hEvent=0x1d0) returned 1 [0115.232] SetEvent (hEvent=0x120) returned 1 [0115.233] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.235] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0115.236] SetEvent (hEvent=0x120) returned 1 [0115.236] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.242] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.257] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.261] SetEvent (hEvent=0xfc) returned 1 [0115.261] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.270] SetEvent (hEvent=0xfc) returned 1 [0115.271] SetEvent (hEvent=0x1f8) returned 1 [0115.271] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586038*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0004db818, lpReserved=0x0 | out: lpBuffer=0xc000586038*, lpNumberOfCharsWritten=0xc0004db818*=0x2) returned 1 [0115.272] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.288] SetEvent (hEvent=0x1d0) returned 1 [0115.288] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.291] SetEvent (hEvent=0x1d0) returned 1 [0115.291] SetEvent (hEvent=0x1f8) returned 1 [0115.291] SetEvent (hEvent=0x1dc) returned 1 [0115.291] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.294] SetEvent (hEvent=0x1d0) returned 1 [0115.294] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.295] SetEvent (hEvent=0x1d0) returned 1 [0115.295] SetEvent (hEvent=0xfc) returned 1 [0115.295] SetEvent (hEvent=0x1dc) returned 1 [0115.295] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.344] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.348] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.367] SetEvent (hEvent=0x1dc) returned 1 [0115.367] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0115.368] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001d3cf4 | out: lpMode=0xc0001d3cf4) returned 0 [0115.368] GetFileType (hFile=0x1b0) returned 0x1 [0115.369] GetFileType (hFile=0x1b0) returned 0x1 [0115.369] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0001d3d44 | out: lpFileInformation=0xc0001d3d44) returned 1 [0115.369] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0001d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d3d28) returned 1 [0115.369] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0115.369] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000180000, nNumberOfBytesToRead=0x2fd5, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesRead=0xc0001d3c04*=0x2dd5, lpOverlapped=0x0) returned 1 [0115.372] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000182dd5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000182dd5*, lpNumberOfBytesRead=0xc0001d3c04*=0x0, lpOverlapped=0x0) returned 1 [0115.372] CloseHandle (hObject=0x1b0) returned 1 [0115.372] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0115.379] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001d3d04 | out: lpMode=0xc0001d3d04) returned 0 [0115.380] GetFileType (hFile=0x1b0) returned 0x1 [0115.380] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000183000*, nNumberOfBytesToWrite=0x2de0, lpNumberOfBytesWritten=0xc0001d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000183000*, lpNumberOfBytesWritten=0xc0001d3cec*=0x2de0, lpOverlapped=0x0) returned 1 [0115.381] CloseHandle (hObject=0x1b0) returned 1 [0115.382] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0115.382] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0115.382] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0115.383] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0115.383] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001d3d64 | out: lpMode=0xc0001d3d64) returned 0 [0115.384] GetFileType (hFile=0x1b0) returned 0x1 [0115.384] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000050000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesWritten=0xc0001d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0115.385] CloseHandle (hObject=0x1b0) returned 1 [0115.386] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0115.386] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-v2[1]"), dwFlags=0x1) returned 1 [0115.428] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0115.428] SetEvent (hEvent=0x1f8) returned 1 [0115.429] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.432] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.433] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.442] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.442] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0115.442] SetEvent (hEvent=0xfc) returned 1 [0115.442] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.449] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.449] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.487] SetEvent (hEvent=0x120) returned 1 [0115.487] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.489] SetEvent (hEvent=0x120) returned 1 [0115.489] SetEvent (hEvent=0xfc) returned 1 [0115.489] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0115.490] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0115.490] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.490] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0115.491] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0115.491] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000f9818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc0000f9818*=0x2) returned 1 [0115.497] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.509] SetEvent (hEvent=0xfc) returned 1 [0115.509] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0115.509] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0115.509] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0115.510] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0000f9cf4 | out: lpMode=0xc0000f9cf4) returned 0 [0115.513] GetFileType (hFile=0x1b4) returned 0x1 [0115.513] GetFileType (hFile=0x1b4) returned 0x1 [0115.513] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc0000f9d44 | out: lpFileInformation=0xc0000f9d44) returned 1 [0115.513] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc0000f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f9d28) returned 1 [0115.513] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0115.514] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0115.516] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000230000, nNumberOfBytesToRead=0xa956, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0000f9c04*=0xa756, lpOverlapped=0x0) returned 1 [0115.530] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00023a756, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00023a756*, lpNumberOfBytesRead=0xc0000f9c04*=0x0, lpOverlapped=0x0) returned 1 [0115.530] CloseHandle (hObject=0x1b4) returned 1 [0115.530] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0115.530] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0115.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\19619569[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\19619569[1].gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0115.536] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.544] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc0000f9d04 | out: lpMode=0xc0000f9d04) returned 0 [0115.545] SetEvent (hEvent=0xfc) returned 1 [0115.545] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.548] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0115.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0115.549] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000271cf4 | out: lpMode=0xc000271cf4) returned 0 [0115.552] GetFileType (hFile=0x1b0) returned 0x1 [0115.552] GetFileType (hFile=0x1b0) returned 0x1 [0115.552] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000271d44 | out: lpFileInformation=0xc000271d44) returned 1 [0115.553] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000271d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000271d28) returned 1 [0115.553] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00005e000, nNumberOfBytesToRead=0x38d2, lpNumberOfBytesRead=0xc000271c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesRead=0xc000271c04*=0x36d2, lpOverlapped=0x0) returned 1 [0115.562] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000616d2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000271c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000616d2*, lpNumberOfBytesRead=0xc000271c04*=0x0, lpOverlapped=0x0) returned 1 [0115.562] CloseHandle (hObject=0x1b0) returned 1 [0115.562] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0115.564] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0115.565] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000271d04 | out: lpMode=0xc000271d04) returned 0 [0115.572] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.580] SetEvent (hEvent=0xfc) returned 1 [0115.580] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.580] SetEvent (hEvent=0x1f8) returned 1 [0115.580] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.583] SetEvent (hEvent=0x1c4) returned 1 [0115.583] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.606] SetEvent (hEvent=0x1f8) returned 1 [0115.607] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.621] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e8 [0115.621] GetConsoleMode (in: hConsoleHandle=0x1e8, lpMode=0xc0001d5cf4 | out: lpMode=0xc0001d5cf4) returned 0 [0115.624] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.633] GetFileType (hFile=0x1e8) returned 0x1 [0115.633] GetFileType (hFile=0x1e8) returned 0x1 [0115.633] GetFileInformationByHandle (in: hFile=0x1e8, lpFileInformation=0xc0001d5d44 | out: lpFileInformation=0xc0001d5d44) returned 1 [0115.633] GetFileInformationByHandleEx (in: hFile=0x1e8, FileInformationClass=0x9, lpFileInformation=0xc0001d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d5d28) returned 1 [0115.633] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0115.634] ReadFile (in: hFile=0x1e8, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x2fe, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0001d5c04*=0xfe, lpOverlapped=0x0) returned 1 [0115.641] ReadFile (in: hFile=0x1e8, lpBuffer=0xc0002120fe, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002120fe*, lpNumberOfBytesRead=0xc0001d5c04*=0x0, lpOverlapped=0x0) returned 1 [0115.641] CloseHandle (hObject=0x1e8) returned 1 [0115.641] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0115.661] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0xc0001d5d04 | out: lpMode=0xc0001d5d04) returned 0 [0115.663] GetFileType (hFile=0x1ac) returned 0x1 [0115.663] WriteFile (in: hFile=0x1ac, lpBuffer=0xc000082900*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc0001d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000082900*, lpNumberOfBytesWritten=0xc0001d5cec*=0x100, lpOverlapped=0x0) returned 1 [0115.664] CloseHandle (hObject=0x1ac) returned 1 [0115.669] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0115.738] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000083401 | out: pbBuffer=0xc000083401) returned 1 [0115.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x230 [0115.739] GetConsoleMode (in: hConsoleHandle=0x230, lpMode=0xc0001d5d64 | out: lpMode=0xc0001d5d64) returned 0 [0115.741] GetFileType (hFile=0x230) returned 0x1 [0115.741] WriteFile (in: hFile=0x230, lpBuffer=0xc000266580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000266580*, lpNumberOfBytesWritten=0xc0001d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0115.741] CloseHandle (hObject=0x230) returned 1 [0115.753] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAn7gKR[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aan7gkr[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-AAn7gKR[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-aan7gkr[1].png"), dwFlags=0x1) returned 1 [0116.225] VirtualFree (lpAddress=0xc000362000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0116.226] VirtualFree (lpAddress=0xc00035a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0116.226] VirtualFree (lpAddress=0xc000346000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0116.227] VirtualFree (lpAddress=0xc000336000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.227] VirtualFree (lpAddress=0xc00030a000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0116.228] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.228] VirtualFree (lpAddress=0xc0002ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.229] VirtualFree (lpAddress=0xc0002b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.229] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.230] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0116.230] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.230] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.231] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.231] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586038*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006df818, lpReserved=0x0 | out: lpBuffer=0xc000586038*, lpNumberOfCharsWritten=0xc0006df818*=0x3) returned 1 [0116.232] SetEvent (hEvent=0x340) returned 1 [0116.232] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0116.235] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0116.239] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.241] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0116.241] SetEvent (hEvent=0xc0) returned 1 [0116.241] SetEvent (hEvent=0x340) returned 1 [0116.241] SetEvent (hEvent=0x318) returned 1 [0116.242] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0116.244] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.245] SetEvent (hEvent=0x318) returned 1 [0116.245] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.249] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.249] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0116.250] SetEvent (hEvent=0x318) returned 1 [0116.250] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.258] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0116.259] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3a8 [0116.354] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0116.369] GetConsoleMode (in: hConsoleHandle=0x3a8, lpMode=0xc00018fd04 | out: lpMode=0xc00018fd04) returned 0 [0116.369] GetFileType (hFile=0x3a8) returned 0x1 [0116.369] WriteFile (in: hFile=0x3a8, lpBuffer=0xc0000dc000*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0xc00018fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesWritten=0xc00018fcec*=0x1a0, lpOverlapped=0x0) returned 1 [0116.371] CloseHandle (hObject=0x3a8) returned 1 [0116.382] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f1301 | out: pbBuffer=0xc0002f1301) returned 1 [0116.382] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0116.382] GetConsoleMode (in: hConsoleHandle=0x28c, lpMode=0xc00018fd64 | out: lpMode=0xc00018fd64) returned 0 [0116.382] GetFileType (hFile=0x28c) returned 0x1 [0116.382] WriteFile (in: hFile=0x28c, lpBuffer=0xc0000ce6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce6e0*, lpNumberOfBytesWritten=0xc00018fd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.383] CloseHandle (hObject=0x28c) returned 1 [0116.402] SwitchToThread () returned 1 [0116.417] SetEvent (hEvent=0x108) returned 1 [0116.417] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0116.420] SetEvent (hEvent=0x108) returned 1 [0116.420] SetEvent (hEvent=0x304) returned 1 [0116.420] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0116.421] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-AA3e1pt[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-aa3e1pt[2].png"), dwFlags=0x1) returned 1 [0117.041] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0117.043] SetEvent (hEvent=0x1dc) returned 1 [0117.142] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0117.344] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0117.345] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0117.345] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\GoogleInstaller_de[1].application" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\googleinstaller_de[1].application"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0117.346] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001b5cf4 | out: lpMode=0xc0001b5cf4) returned 0 [0117.347] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0117.402] GetFileType (hFile=0x240) returned 0x1 [0117.403] GetFileType (hFile=0x240) returned 0x1 [0117.403] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc0001b5d44 | out: lpFileInformation=0xc0001b5d44) returned 1 [0117.403] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc0001b5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b5d28) returned 1 [0117.403] VirtualAlloc (lpAddress=0xc000386000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000386000 [0117.404] ReadFile (in: hFile=0x240, lpBuffer=0xc000386000, nNumberOfBytesToRead=0x106c, lpNumberOfBytesRead=0xc0001b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000386000*, lpNumberOfBytesRead=0xc0001b5c04*=0xe6c, lpOverlapped=0x0) returned 1 [0117.410] ReadFile (in: hFile=0x240, lpBuffer=0xc000386e6c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000386e6c*, lpNumberOfBytesRead=0xc0001b5c04*=0x0, lpOverlapped=0x0) returned 1 [0117.410] CloseHandle (hObject=0x240) returned 1 [0117.410] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0117.410] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0117.411] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\GoogleInstaller_de[1].application" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\googleinstaller_de[1].application"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0117.461] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001b5d04 | out: lpMode=0xc0001b5d04) returned 0 [0117.480] GetFileType (hFile=0x1b0) returned 0x1 [0117.480] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00023a000*, nNumberOfBytesToWrite=0xe70, lpNumberOfBytesWritten=0xc0001b5cec, lpOverlapped=0x0 | out: lpBuffer=0xc00023a000*, lpNumberOfBytesWritten=0xc0001b5cec*=0xe70, lpOverlapped=0x0) returned 1 [0117.481] CloseHandle (hObject=0x1b0) returned 1 [0117.497] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b201 | out: pbBuffer=0xc00031b201) returned 1 [0117.497] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\GoogleInstaller_de[1].application" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\googleinstaller_de[1].application"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0117.497] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0001b5d64 | out: lpMode=0xc0001b5d64) returned 0 [0117.507] GetFileType (hFile=0x2f4) returned 0x1 [0117.507] WriteFile (in: hFile=0x2f4, lpBuffer=0xc0000fcdc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fcdc0*, lpNumberOfBytesWritten=0xc0001b5d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.507] CloseHandle (hObject=0x2f4) returned 1 [0117.519] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0117.675] VirtualAlloc (lpAddress=0xc00036c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036c000 [0117.675] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\GoogleInstaller_de[1].application" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\googleinstaller_de[1].application"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-GoogleInstaller_de[1].application" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-googleinstaller_de[1].application"), dwFlags=0x1) returned 1 [0118.084] VirtualFree (lpAddress=0xc0005f0000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0118.084] VirtualFree (lpAddress=0xc00052e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.085] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002a1818, lpReserved=0x0 | out: lpBuffer=0xc000072020*, lpNumberOfCharsWritten=0xc0002a1818*=0x3) returned 1 [0118.181] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0118.182] SetEvent (hEvent=0x274) returned 1 [0118.182] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0118.184] SetEvent (hEvent=0x274) returned 1 [0118.184] SetEvent (hEvent=0xec) returned 1 [0118.184] SwitchToThread () returned 1 [0118.281] SwitchToThread () returned 1 [0118.282] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0118.286] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0118.286] SetEvent (hEvent=0x274) returned 1 [0118.286] SetEvent (hEvent=0x1f8) returned 1 [0118.286] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.287] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010118*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000191818, lpReserved=0x0 | out: lpBuffer=0xc000010118*, lpNumberOfCharsWritten=0xc000191818*=0x3) returned 1 [0118.288] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0118.291] SetEvent (hEvent=0x1f8) returned 1 [0118.291] SetEvent (hEvent=0x274) returned 1 [0118.291] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010138*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc000010138*, lpNumberOfCharsWritten=0xc000241818*=0x3) returned 1 [0118.293] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015b818, lpReserved=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfCharsWritten=0xc00015b818*=0x3) returned 1 [0118.295] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0118.295] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000153818, lpReserved=0x0 | out: lpBuffer=0xc000072006*, lpNumberOfCharsWritten=0xc000153818*=0x3) returned 1 [0118.297] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0118.298] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0118.300] SetEvent (hEvent=0x274) returned 1 [0118.300] SetEvent (hEvent=0x1f8) returned 1 [0118.300] SwitchToThread () returned 1 [0118.399] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0118.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0118.819] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000153cf4 | out: lpMode=0xc000153cf4) returned 0 [0118.820] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0118.886] GetFileType (hFile=0x370) returned 0x1 [0118.886] GetFileType (hFile=0x370) returned 0x1 [0118.886] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc000153d44 | out: lpFileInformation=0xc000153d44) returned 1 [0118.886] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc000153d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000153d28) returned 1 [0118.886] ReadFile (in: hFile=0x370, lpBuffer=0xc00005e000, nNumberOfBytesToRead=0xe20, lpNumberOfBytesRead=0xc000153c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesRead=0xc000153c04*=0xc20, lpOverlapped=0x0) returned 1 [0118.899] ReadFile (in: hFile=0x370, lpBuffer=0xc00005ec20, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000153c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005ec20*, lpNumberOfBytesRead=0xc000153c04*=0x0, lpOverlapped=0x0) returned 1 [0118.899] CloseHandle (hObject=0x370) returned 1 [0118.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0118.900] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000153d04 | out: lpMode=0xc000153d04) returned 0 [0118.905] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0119.025] GetFileType (hFile=0x370) returned 0x1 [0119.025] WriteFile (in: hFile=0x370, lpBuffer=0xc000074000*, nNumberOfBytesToWrite=0xc30, lpNumberOfBytesWritten=0xc000153cec, lpOverlapped=0x0 | out: lpBuffer=0xc000074000*, lpNumberOfBytesWritten=0xc000153cec*=0xc30, lpOverlapped=0x0) returned 1 [0119.027] CloseHandle (hObject=0x370) returned 1 [0119.034] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0119.124] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0119.124] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0119.124] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000153d64 | out: lpMode=0xc000153d64) returned 0 [0119.126] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0119.184] GetFileType (hFile=0x174) returned 0x1 [0119.184] WriteFile (in: hFile=0x174, lpBuffer=0xc0000bc840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000153d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc840*, lpNumberOfBytesWritten=0xc000153d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.184] CloseHandle (hObject=0x174) returned 1 [0119.189] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0119.190] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBZ5vT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbz5vt[1].jpg"), dwFlags=0x1) returned 1 [0119.898] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0119.899] SetEvent (hEvent=0x30c) returned 1 [0119.900] SetEvent (hEvent=0xfc) returned 1 [0119.900] SwitchToThread () returned 1 [0119.901] SetEvent (hEvent=0x30c) returned 1 [0119.901] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0119.902] SetEvent (hEvent=0x30c) returned 1 [0119.902] SetEvent (hEvent=0x364) returned 1 [0119.902] SetEvent (hEvent=0x144) returned 1 [0119.903] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0120.223] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0120.227] SetEvent (hEvent=0x258) returned 1 [0120.227] SetEvent (hEvent=0xfc) returned 1 [0120.227] SetEvent (hEvent=0x144) returned 1 [0120.227] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0120.325] SetEvent (hEvent=0x258) returned 1 [0120.325] SetEvent (hEvent=0xfc) returned 1 [0120.325] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0120.351] SetEvent (hEvent=0x9c) returned 1 [0120.351] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0120.353] SetEvent (hEvent=0x144) returned 1 [0120.353] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0120.371] SetEvent (hEvent=0x9c) returned 1 [0120.371] SetEvent (hEvent=0x1a0) returned 1 [0120.371] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0120.373] SetEvent (hEvent=0x9c) returned 1 [0120.373] SetEvent (hEvent=0x148) returned 1 [0120.373] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0120.383] VirtualFree (lpAddress=0xc000300000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0120.384] VirtualFree (lpAddress=0xc0002bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.385] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0120.386] VirtualFree (lpAddress=0xc000292000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0120.386] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.387] VirtualFree (lpAddress=0xc000222000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.387] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.388] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0120.388] VirtualFree (lpAddress=0xc000198000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.389] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0120.390] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.390] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.391] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.392] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.393] SetEvent (hEvent=0x9c) returned 1 [0120.393] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0120.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0120.460] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001ffcf4 | out: lpMode=0xc0001ffcf4) returned 0 [0120.467] GetFileType (hFile=0x174) returned 0x1 [0120.467] GetFileType (hFile=0x174) returned 0x1 [0120.467] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0001ffd44 | out: lpFileInformation=0xc0001ffd44) returned 1 [0120.467] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0001ffd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001ffd28) returned 1 [0120.467] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0120.468] ReadFile (in: hFile=0x174, lpBuffer=0xc000198000, nNumberOfBytesToRead=0x9d9, lpNumberOfBytesRead=0xc0001ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc000198000*, lpNumberOfBytesRead=0xc0001ffc04*=0x7d9, lpOverlapped=0x0) returned 1 [0120.474] ReadFile (in: hFile=0x174, lpBuffer=0xc0001987d9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001987d9*, lpNumberOfBytesRead=0xc0001ffc04*=0x0, lpOverlapped=0x0) returned 1 [0120.474] CloseHandle (hObject=0x174) returned 1 [0120.474] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0120.474] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0120.475] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0120.475] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0120.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0120.553] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001ffd04 | out: lpMode=0xc0001ffd04) returned 0 [0120.582] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0120.612] GetFileType (hFile=0x240) returned 0x1 [0120.612] WriteFile (in: hFile=0x240, lpBuffer=0xc0001a4000*, nNumberOfBytesToWrite=0x7e0, lpNumberOfBytesWritten=0xc0001ffcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001a4000*, lpNumberOfBytesWritten=0xc0001ffcec*=0x7e0, lpOverlapped=0x0) returned 1 [0120.614] CloseHandle (hObject=0x240) returned 1 [0120.618] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001301 | out: pbBuffer=0xc000001301) returned 1 [0120.619] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0120.619] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001ffd64 | out: lpMode=0xc0001ffd64) returned 0 [0120.620] GetFileType (hFile=0x240) returned 0x1 [0120.620] WriteFile (in: hFile=0x240, lpBuffer=0xc0000d71e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001ffd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d71e0*, lpNumberOfBytesWritten=0xc0001ffd4c*=0x158, lpOverlapped=0x0) returned 1 [0120.620] CloseHandle (hObject=0x240) returned 1 [0120.623] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEeis3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbeeis3[1].jpg"), dwFlags=0x1) returned 1 [0120.890] SetEvent (hEvent=0xc0) returned 1 [0120.890] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0120.890] SetEvent (hEvent=0x148) returned 1 [0120.890] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.891] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0120.891] SetEvent (hEvent=0x39c) returned 1 [0120.892] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.893] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.894] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0120.894] SetEvent (hEvent=0x148) returned 1 [0120.895] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.895] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.896] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0120.896] SetEvent (hEvent=0x334) returned 1 [0120.896] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.898] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.899] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0120.900] SetEvent (hEvent=0x148) returned 1 [0120.900] SetEvent (hEvent=0x39c) returned 1 [0120.900] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.902] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.905] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0120.905] SetEvent (hEvent=0x39c) returned 1 [0120.905] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.911] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.912] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0120.912] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0120.912] SetEvent (hEvent=0xc0) returned 1 [0120.913] SetEvent (hEvent=0x1a0) returned 1 [0120.913] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.915] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.916] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0120.916] SetEvent (hEvent=0x30c) returned 1 [0120.916] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.918] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.918] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0120.918] SetEvent (hEvent=0x39c) returned 1 [0120.919] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.920] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.923] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.924] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0120.924] SetEvent (hEvent=0x1a0) returned 1 [0120.925] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.926] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.927] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0120.927] SetEvent (hEvent=0x1a0) returned 1 [0120.928] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.930] SetEvent (hEvent=0x1a0) returned 1 [0120.930] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.932] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.933] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0120.933] SetEvent (hEvent=0x1b4) returned 1 [0120.933] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.934] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.936] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0120.936] SetEvent (hEvent=0x1a0) returned 1 [0120.936] SetEvent (hEvent=0x1b4) returned 1 [0120.936] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.938] SetEvent (hEvent=0x1b4) returned 1 [0120.938] SetEvent (hEvent=0x1a0) returned 1 [0120.938] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.940] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.941] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0120.941] SetEvent (hEvent=0xfc) returned 1 [0120.941] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.942] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.942] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0120.942] SetEvent (hEvent=0x114) returned 1 [0120.943] SetEvent (hEvent=0x3c0) returned 1 [0120.943] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.951] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.952] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0120.952] SetEvent (hEvent=0x114) returned 1 [0120.952] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.960] VirtualAlloc (lpAddress=0xc000298000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000298000 [0120.960] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0120.961] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54e4ae90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54e4ae90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54e4ae90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269b2)) returned 1 [0120.961] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0120.961] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0120.962] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0120.963] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf7af630, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf7af630, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf821a50, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x4d5b9)) returned 1 [0121.001] SetEvent (hEvent=0x30c) returned 1 [0121.001] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64009240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x64009240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6402f3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5244)) returned 1 [0121.037] SetEvent (hEvent=0x1b4) returned 1 [0121.037] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0121.037] GetFileAttributesExW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe15e7f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe15e7f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe15e7f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1303)) returned 1 [0121.101] SetEvent (hEvent=0x13c) returned 1 [0121.101] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0121.101] GetFileAttributesExW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x530afcf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8c3)) returned 1 [0121.141] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0121.141] GetFileAttributesExW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe138690, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe138690, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe138690, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x972)) returned 1 [0121.158] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\jquery-1.11.1.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\jquery-1.11.1.min[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x510ff810, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510ff810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51125970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1762e)) returned 1 [0121.194] SetEvent (hEvent=0x354) returned 1 [0121.194] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0121.195] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0121.196] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5442d110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5442d110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5442d110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4b8)) returned 1 [0121.225] SetEvent (hEvent=0x30c) returned 1 [0121.225] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0121.226] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[2]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44bd95f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44bd95f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44bd95f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3c1)) returned 1 [0121.255] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[1].eot"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54d66650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54d66650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54e70ff0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7154)) returned 1 [0121.278] SetEvent (hEvent=0x1b4) returned 1 [0121.278] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0121.279] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[2].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[2].eot"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54d8c7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54d8c7b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54e97150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x6e9b)) returned 1 [0121.304] SetEvent (hEvent=0x13c) returned 1 [0121.304] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[3].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[3].eot"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54d8c7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54d8c7b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54e97150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x77b3)) returned 1 [0121.325] SetEvent (hEvent=0xfc) returned 1 [0121.325] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\msn[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\msn[1].htm"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e4e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e4e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53122110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x922)) returned 1 [0121.350] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\rpc_shindig_random[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\rpc_shindig_random[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6378e3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6378e3e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x637b4540, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3112)) returned 1 [0121.374] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\thirdparty[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\thirdparty[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0xbf7d5790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf7d5790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7d5790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.392] SetEvent (hEvent=0x3c0) returned 1 [0121.392] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\uid[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\uid[1].htm"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54a20810, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54a20810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54adeef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa33)) returned 1 [0121.443] SetEvent (hEvent=0x354) returned 1 [0121.444] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0121.444] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0121.445] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\v2[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe5d5130, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe5d5130, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe5d5130, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x3325)) returned 1 [0121.457] SetEvent (hEvent=0x1b4) returned 1 [0121.457] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\wc-addons[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\wc-addons[1].css"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54c35b50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54c35b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54c5bcb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x24fea)) returned 1 [0121.483] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0121.483] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0121.484] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0121.484] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x54000)) returned 1 [0121.484] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0121.485] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0121.485] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\msimgsiz.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51445650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51445650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51445650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0121.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0121.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.487] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0121.487] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.488] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0121.488] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.488] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="C", cAlternateFileName="")) returned 1 [0121.488] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.488] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.488] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.489] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.489] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\*", lpFindFileData=0xc0002212a8 | out: lpFindFileData=0xc0002212a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.489] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.489] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0121.489] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.489] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.489] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0121.490] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0121.490] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c\\users"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.491] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c\\users"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.491] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\*", lpFindFileData=0xc0002211d0 | out: lpFindFileData=0xc0002211d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.491] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.491] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0121.491] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.491] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.491] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.491] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.491] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\*", lpFindFileData=0xc0002210f8 | out: lpFindFileData=0xc0002210f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.492] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221128 | out: lpFindFileData=0xc000221128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.492] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221128 | out: lpFindFileData=0xc000221128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0121.492] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221128 | out: lpFindFileData=0xc000221128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.492] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.492] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata"), fInfoLevelId=0x0, lpFileInformation=0xc000221268 | out: lpFileInformation=0xc000221268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.495] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0121.498] SetEvent (hEvent=0xc0) returned 1 [0121.498] SetEvent (hEvent=0x3c0) returned 1 [0121.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.499] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0121.536] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0121.537] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\*", lpFindFileData=0xc000221020 | out: lpFindFileData=0xc000221020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.537] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221050 | out: lpFindFileData=0xc000221050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.537] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221050 | out: lpFindFileData=0xc000221050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0121.537] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0121.538] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221050 | out: lpFindFileData=0xc000221050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.538] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.538] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming"), fInfoLevelId=0x0, lpFileInformation=0xc000221190 | out: lpFileInformation=0xc000221190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.539] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.539] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0121.539] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0121.540] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*", lpFindFileData=0xc000220f48 | out: lpFindFileData=0xc000220f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.540] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000220f78 | out: lpFindFileData=0xc000220f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.540] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000220f78 | out: lpFindFileData=0xc000220f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0121.540] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000220f78 | out: lpFindFileData=0xc000220f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.540] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.540] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft"), fInfoLevelId=0x0, lpFileInformation=0xc0002210b8 | out: lpFileInformation=0xc0002210b8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.541] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0xc000220e70 | out: lpFindFileData=0xc000220e70*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.541] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000220ea0 | out: lpFindFileData=0xc000220ea0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.541] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000220ea0 | out: lpFindFileData=0xc000220ea0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0121.541] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000220ea0 | out: lpFindFileData=0xc000220ea0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.541] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.541] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0121.542] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0121.542] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0121.543] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows"), fInfoLevelId=0x0, lpFileInformation=0xc000220fe0 | out: lpFileInformation=0xc000220fe0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.543] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\*", lpFindFileData=0xc000220d98 | out: lpFindFileData=0xc000220d98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.544] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000220dc8 | out: lpFindFileData=0xc000220dc8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.544] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000220dc8 | out: lpFindFileData=0xc000220dc8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrivacIE", cAlternateFileName="")) returned 1 [0121.544] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000220dc8 | out: lpFindFileData=0xc000220dc8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.544] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.544] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie"), fInfoLevelId=0x0, lpFileInformation=0xc000220f08 | out: lpFileInformation=0xc000220f08*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.544] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*", lpFindFileData=0xc000220cc0 | out: lpFindFileData=0xc000220cc0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.545] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000220cf0 | out: lpFindFileData=0xc000220cf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.545] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000220cf0 | out: lpFindFileData=0xc000220cf0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0121.545] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000220cf0 | out: lpFindFileData=0xc000220cf0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.545] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.545] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low"), fInfoLevelId=0x0, lpFileInformation=0xc000220e30 | out: lpFileInformation=0xc000220e30*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.545] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\virtualized\\c\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.545] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0121.546] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0121.546] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0121.547] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Virtualized\\C\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*", lpFindFileData=0xc000220be8 | out: lpFindFileData=0xc000220be8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.547] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000220c18 | out: lpFindFileData=0xc000220c18*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f82a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.547] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000220c18 | out: lpFindFileData=0xc000220c18*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.547] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.548] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe710360, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0121.548] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd8d1fc80, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d1fc80, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.549] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd8d1fc80, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d1fc80, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.549] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd8d1fc80, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d1fc80, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.550] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd8d1fc80, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d6bf40, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x70a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Custom.theme", cAlternateFileName="CUSTOM~1.THE")) returned 1 [0121.550] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.550] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\Custom.theme" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes\\custom.theme"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd8d1fc80, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xd8d1fc80, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xd8d6bf40, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x70a)) returned 1 [0121.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8f3fc040, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8f3fc040, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0121.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat.log1"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x8f3d5ee0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x40000)) returned 1 [0121.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat.log2"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9c5705f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.551] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0121.551] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0121.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x962222ec, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0121.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x961fc18b, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0121.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x961fc18b, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0121.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WER" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\wer"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WER" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\wer"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.553] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WER\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.553] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.553] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b9b8e9c, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ERC", cAlternateFileName="")) returned 1 [0121.553] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReportArchive", cAlternateFileName="REPORT~1")) returned 1 [0121.553] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.553] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WER\\ERC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\wer\\erc"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b9b8e9c, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WER\\ERC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\wer\\erc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.554] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WER\\ERC\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b9b8e9c, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.554] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b9b8e9c, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.554] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.554] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WER\\ReportArchive" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\wer\\reportarchive"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WER\\ReportArchive" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\wer\\reportarchive"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.554] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WER\\ReportArchive\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.555] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4d26e3cf, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.555] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.555] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.555] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WindowsUpdate.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\windowsupdate.log"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa734ff0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xa734ff0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xa734ff0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.575] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail"), fInfoLevelId=0x0, lpFileInformation=0xc000221778 | out: lpFileInformation=0xc000221778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c881c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.579] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0121.650] SetEvent (hEvent=0x3c0) returned 1 [0121.650] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0122.244] SetEvent (hEvent=0x3c0) returned 1 [0122.244] SetEvent (hEvent=0x1b4) returned 1 [0122.244] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0122.254] SetEvent (hEvent=0x3c0) returned 1 [0122.254] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3dc [0122.255] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00012dcf4 | out: lpMode=0xc00012dcf4) returned 0 [0122.256] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0122.297] SetEvent (hEvent=0xfc) returned 1 [0122.297] GetFileType (hFile=0x3dc) returned 0x1 [0122.297] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0122.335] GetFileType (hFile=0x3dc) returned 0x1 [0122.336] GetFileInformationByHandle (in: hFile=0x3dc, lpFileInformation=0xc00012dd44 | out: lpFileInformation=0xc00012dd44) returned 1 [0122.336] GetFileInformationByHandleEx (in: hFile=0x3dc, FileInformationClass=0x9, lpFileInformation=0xc00012dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012dd28) returned 1 [0122.336] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0122.338] ReadFile (in: hFile=0x3dc, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x4200, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc00012dc04*=0x4000, lpOverlapped=0x0) returned 1 [0122.345] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0122.359] ReadFile (in: hFile=0x3dc, lpBuffer=0xc0002a8000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a8000*, lpNumberOfBytesRead=0xc00012dc04*=0x0, lpOverlapped=0x0) returned 1 [0122.359] CloseHandle (hObject=0x3dc) returned 1 [0122.359] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0122.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0122.362] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00012dd04 | out: lpMode=0xc00012dd04) returned 0 [0122.368] GetFileType (hFile=0x3dc) returned 0x1 [0122.368] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0002a8800*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0xc00012dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a8800*, lpNumberOfBytesWritten=0xc00012dcec*=0x4010, lpOverlapped=0x0) returned 1 [0122.370] CloseHandle (hObject=0x3dc) returned 1 [0122.370] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0122.370] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0122.371] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0122.371] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0122.372] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0122.372] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00012dd64 | out: lpMode=0xc00012dd64) returned 0 [0122.429] GetFileType (hFile=0x3dc) returned 0x1 [0122.429] WriteFile (in: hFile=0x3dc, lpBuffer=0xc00019a6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00019a6e0*, lpNumberOfBytesWritten=0xc00012dd4c*=0x158, lpOverlapped=0x0) returned 1 [0122.429] CloseHandle (hObject=0x3dc) returned 1 [0122.429] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0122.430] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0122.430] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\encry-WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\encry-windowsmail.pat"), dwFlags=0x1) returned 1 [0122.432] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.474] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0122.474] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0122.474] SetEvent (hEvent=0xc0) returned 1 [0122.474] SetEvent (hEvent=0x13c) returned 1 [0122.474] SetEvent (hEvent=0xfc) returned 1 [0122.474] SetEvent (hEvent=0x114) returned 1 [0122.475] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.480] SetEvent (hEvent=0x114) returned 1 [0122.480] SetEvent (hEvent=0xfc) returned 1 [0122.480] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.495] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.496] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0122.496] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0122.496] SetEvent (hEvent=0xc0) returned 1 [0122.496] SetEvent (hEvent=0x1b4) returned 1 [0122.496] SetEvent (hEvent=0x39c) returned 1 [0122.496] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.560] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.561] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0122.561] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0122.561] SetEvent (hEvent=0xc0) returned 1 [0122.561] SetEvent (hEvent=0x324) returned 1 [0122.566] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0122.567] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0122.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0122.569] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0004dfd04 | out: lpMode=0xc0004dfd04) returned 0 [0122.570] GetFileType (hFile=0x2e8) returned 0x1 [0122.570] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0008f2000*, nNumberOfBytesToWrite=0x206010, lpNumberOfBytesWritten=0xc0004dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0008f2000*, lpNumberOfBytesWritten=0xc0004dfcec*=0x206010, lpOverlapped=0x0) returned 1 [0122.618] CloseHandle (hObject=0x2e8) returned 1 [0122.620] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0122.620] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0122.621] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0122.621] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0122.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0122.622] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0004dfd64 | out: lpMode=0xc0004dfd64) returned 0 [0122.624] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0122.626] GetFileType (hFile=0x2e8) returned 0x1 [0122.626] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d7600*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7600*, lpNumberOfBytesWritten=0xc0004dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0122.626] CloseHandle (hObject=0x2e8) returned 1 [0122.627] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\encry-WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\encry-windowsmail.msmessagestore"), dwFlags=0x1) returned 1 [0122.627] SetEvent (hEvent=0x1b4) returned 1 [0122.627] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0122.637] SetEvent (hEvent=0x324) returned 1 [0122.637] SetEvent (hEvent=0x39c) returned 1 [0122.637] SetEvent (hEvent=0x3c0) returned 1 [0122.637] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0122.739] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0122.742] SwitchToThread () returned 1 [0122.745] SetEvent (hEvent=0x3c0) returned 1 [0122.745] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0122.753] ReadFile (in: hFile=0x2b4, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x80200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc0006ddc04*=0x80000, lpOverlapped=0x0) returned 1 [0122.761] ReadFile (in: hFile=0x2b4, lpBuffer=0xc0003c6000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003c6000*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0122.761] CloseHandle (hObject=0x2b4) returned 1 [0122.769] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.769] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.769] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x41000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.769] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.769] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.769] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.769] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.769] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0122.769] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x80000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0122.780] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0122.780] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms\\*", lpFindFileData=0xc0006dda08 | out: lpFindFileData=0xc0006dda08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0122.780] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0006dd720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0122.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0122.781] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc00017bcf4 | out: lpMode=0xc00017bcf4) returned 0 [0122.805] GetFileType (hFile=0x2b4) returned 0x1 [0122.805] GetFileType (hFile=0x2b4) returned 0x1 [0122.805] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc00017bd44 | out: lpFileInformation=0xc00017bd44) returned 1 [0122.805] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc00017bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00017bd28) returned 1 [0122.805] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0122.806] ReadFile (in: hFile=0x2b4, lpBuffer=0xc000220000, nNumberOfBytesToRead=0x1f51, lpNumberOfBytesRead=0xc00017bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000220000*, lpNumberOfBytesRead=0xc00017bc04*=0x1d51, lpOverlapped=0x0) returned 1 [0122.810] ReadFile (in: hFile=0x2b4, lpBuffer=0xc000221d51, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00017bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000221d51*, lpNumberOfBytesRead=0xc00017bc04*=0x0, lpOverlapped=0x0) returned 1 [0122.811] CloseHandle (hObject=0x2b4) returned 1 [0122.811] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0122.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0122.823] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0122.830] SetEvent (hEvent=0x39c) returned 1 [0122.830] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc00017bd04 | out: lpMode=0xc00017bd04) returned 0 [0122.834] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0122.855] SetEvent (hEvent=0xc0) returned 1 [0122.855] SetEvent (hEvent=0x39c) returned 1 [0122.855] GetFileType (hFile=0x2c4) returned 0x1 [0122.855] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0122.917] SetEvent (hEvent=0x39c) returned 1 [0122.917] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0122.920] SetEvent (hEvent=0x39c) returned 1 [0122.920] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0122.921] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001ffcf4 | out: lpMode=0xc0001ffcf4) returned 0 [0122.926] GetFileType (hFile=0x2cc) returned 0x1 [0122.926] GetFileType (hFile=0x2cc) returned 0x1 [0122.926] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc0001ffd44 | out: lpFileInformation=0xc0001ffd44) returned 1 [0122.926] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc0001ffd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001ffd28) returned 1 [0122.926] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0122.927] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0000f0000, nNumberOfBytesToRead=0x2ed, lpNumberOfBytesRead=0xc0001ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesRead=0xc0001ffc04*=0xed, lpOverlapped=0x0) returned 1 [0122.928] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0000f00ed, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f00ed*, lpNumberOfBytesRead=0xc0001ffc04*=0x0, lpOverlapped=0x0) returned 1 [0122.928] CloseHandle (hObject=0x2cc) returned 1 [0122.928] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0122.930] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001ffd04 | out: lpMode=0xc0001ffd04) returned 0 [0122.936] GetFileType (hFile=0x2cc) returned 0x1 [0122.936] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0002944b0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0001ffcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002944b0*, lpNumberOfBytesWritten=0xc0001ffcec*=0xf0, lpOverlapped=0x0) returned 1 [0122.937] CloseHandle (hObject=0x2cc) returned 1 [0122.937] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0122.937] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0122.937] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0122.938] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0122.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0122.939] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001ffd64 | out: lpMode=0xc0001ffd64) returned 0 [0122.939] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0123.014] GetFileType (hFile=0x2cc) returned 0x1 [0123.014] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001ffd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc0001ffd4c*=0x158, lpOverlapped=0x0) returned 1 [0123.014] CloseHandle (hObject=0x2cc) returned 1 [0123.014] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0123.015] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-green bubbles.htm"), dwFlags=0x1) returned 1 [0123.017] SetEvent (hEvent=0x1b4) returned 1 [0123.017] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0123.025] SetEvent (hEvent=0x3c8) returned 1 [0123.025] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0123.027] SetEvent (hEvent=0x30c) returned 1 [0123.027] SetEvent (hEvent=0x3c0) returned 1 [0123.027] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0123.811] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0123.812] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0123.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0123.813] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0004ddcf4 | out: lpMode=0xc0004ddcf4) returned 0 [0123.815] GetFileType (hFile=0x3cc) returned 0x1 [0123.815] GetFileType (hFile=0x3cc) returned 0x1 [0123.815] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc0004ddd44 | out: lpFileInformation=0xc0004ddd44) returned 1 [0123.815] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc0004ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004ddd28) returned 1 [0123.815] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0123.817] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0xb87e, lpNumberOfBytesRead=0xc0004ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc0004ddc04*=0xb67e, lpOverlapped=0x0) returned 1 [0123.823] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0001ed67e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ed67e*, lpNumberOfBytesRead=0xc0004ddc04*=0x0, lpOverlapped=0x0) returned 1 [0123.823] CloseHandle (hObject=0x3cc) returned 1 [0123.823] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0123.824] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0123.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0123.827] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0004ddd04 | out: lpMode=0xc0004ddd04) returned 0 [0123.830] GetFileType (hFile=0x3cc) returned 0x1 [0123.830] WriteFile (in: hFile=0x3cc, lpBuffer=0xc000212000*, nNumberOfBytesToWrite=0xb680, lpNumberOfBytesWritten=0xc0004ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesWritten=0xc0004ddcec*=0xb680, lpOverlapped=0x0) returned 1 [0123.832] CloseHandle (hObject=0x3cc) returned 1 [0123.832] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0123.833] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0123.833] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0123.834] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0123.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0123.835] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0004ddd64 | out: lpMode=0xc0004ddd64) returned 0 [0123.841] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0123.859] SetEvent (hEvent=0x114) returned 1 [0123.859] GetFileType (hFile=0x3cc) returned 0x1 [0123.859] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0123.875] SetEvent (hEvent=0x114) returned 1 [0123.875] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0123.877] SetEvent (hEvent=0xec) returned 1 [0123.877] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0128.552] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0128.553] SetEvent (hEvent=0x3c4) returned 1 [0128.553] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e090*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020f818, lpReserved=0x0 | out: lpBuffer=0xc00005e090*, lpNumberOfCharsWritten=0xc00020f818*=0x3) returned 1 [0128.567] SetEvent (hEvent=0x3c4) returned 1 [0128.567] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e096*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000135818, lpReserved=0x0 | out: lpBuffer=0xc00005e096*, lpNumberOfCharsWritten=0xc000135818*=0x3) returned 1 [0128.568] SetEvent (hEvent=0x3c4) returned 1 [0128.568] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e0c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000137818, lpReserved=0x0 | out: lpBuffer=0xc00005e0c0*, lpNumberOfCharsWritten=0xc000137818*=0x3) returned 1 [0128.569] SetEvent (hEvent=0x3c4) returned 1 [0128.569] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e0c6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000141818, lpReserved=0x0 | out: lpBuffer=0xc00005e0c6*, lpNumberOfCharsWritten=0xc000141818*=0x3) returned 1 [0128.570] SetEvent (hEvent=0x3c4) returned 1 [0128.570] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e0d0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000045818, lpReserved=0x0 | out: lpBuffer=0xc00005e0d0*, lpNumberOfCharsWritten=0xc000045818*=0x3) returned 1 [0128.571] SetEvent (hEvent=0x3c4) returned 1 [0128.571] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00006c000*, nNumberOfCharsToWrite=0x78, lpNumberOfCharsWritten=0xc0000c7808, lpReserved=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfCharsWritten=0xc0000c7808*=0x78) returned 1 [0128.572] SetEvent (hEvent=0x3c4) returned 1 [0128.572] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0128.572] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0130.617] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0000c7d64 | out: lpMode=0xc0000c7d64) returned 0 [0130.621] GetFileType (hFile=0x3d8) returned 0x1 [0130.621] WriteFile (in: hFile=0x3d8, lpBuffer=0xc00010e580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00010e580*, lpNumberOfBytesWritten=0xc0000c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0130.622] CloseHandle (hObject=0x3d8) returned 1 [0130.623] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0130.624] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0130.624] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0130.625] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0130.625] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0130.626] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\encry-index.dat"), dwFlags=0x1) returned 1 [0130.681] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0130.681] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0130.682] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0001cfd64 | out: lpMode=0xc0001cfd64) returned 0 [0130.752] GetFileType (hFile=0x3d8) returned 0x1 [0130.752] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000186840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000186840*, lpNumberOfBytesWritten=0xc0001cfd4c*=0x158, lpOverlapped=0x0) returned 1 [0130.752] CloseHandle (hObject=0x3d8) returned 1 [0130.753] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-adobearm.log"), dwFlags=0x1) returned 1 [0130.755] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce824760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce824760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe5ab8070, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0130.757] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\search"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.778] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\search"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.778] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\Search\\*", lpFindFileData=0xc0001e9380 | out: lpFindFileData=0xc0001e9380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.778] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.778] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.778] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.778] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd9b6a040, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9b6a040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xde963ca0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0xa5ff)) returned 1 [0130.785] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0130.798] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9778 | out: lpFileInformation=0xc0001e9778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.799] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.799] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\*", lpFindFileData=0xc0001e9530 | out: lpFindFileData=0xc0001e9530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.799] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.799] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dictionaries", cAlternateFileName="DICTIO~1")) returned 1 [0130.799] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.799] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0130.800] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.800] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries"), fInfoLevelId=0x0, lpFileInformation=0xc0001e96a0 | out: lpFileInformation=0xc0001e96a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.805] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0130.813] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0130.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.814] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\*", lpFindFileData=0xc0001e9458 | out: lpFindFileData=0xc0001e9458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.814] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.814] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe Custom Dictionary", cAlternateFileName="ADOBEC~1")) returned 1 [0130.814] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.814] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.814] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0130.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.815] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\*", lpFindFileData=0xc0001e9380 | out: lpFindFileData=0xc0001e9380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="all", cAlternateFileName="")) returned 1 [0130.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeab70f70, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeab70f70, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="brt", cAlternateFileName="")) returned 1 [0130.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="brz", cAlternateFileName="")) returned 1 [0130.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb4758f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb4758f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb4758f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dan", cAlternateFileName="")) returned 1 [0130.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xebdabf50, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xebdabf50, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xebdabf50, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="dut", cAlternateFileName="")) returned 1 [0130.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9487bb0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9487bb0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9487bb0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eng", cAlternateFileName="")) returned 1 [0130.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9d9af90, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9d9af90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9d9af90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="frn", cAlternateFileName="")) returned 1 [0130.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9924650, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9924650, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9924650, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="grm", cAlternateFileName="")) returned 1 [0130.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea6d44d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea6d44d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea6d44d0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="itl", cAlternateFileName="")) returned 1 [0130.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb90f4b0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb90f4b0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb90f4b0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nrw", cAlternateFileName="")) returned 1 [0130.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec2489f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec2489f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec2489f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="prt", cAlternateFileName="")) returned 1 [0130.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea237a30, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea237a30, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea237a30, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="spn", cAlternateFileName="")) returned 1 [0130.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="swd", cAlternateFileName="")) returned 1 [0130.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.831] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.832] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0130.833] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0130.834] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\all"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\all"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.835] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\all\\*", lpFindFileData=0xc0001e92a8 | out: lpFindFileData=0xc0001e92a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.835] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe82613f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe82613f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe82613f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.835] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.835] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.835] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\brt"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeab70f70, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeab70f70, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.846] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\brt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.846] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brt\\*", lpFindFileData=0xc0001e92a8 | out: lpFindFileData=0xc0001e92a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeab70f70, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeab70f70, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.846] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeab70f70, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeab70f70, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeab70f70, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.846] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.846] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.847] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\brz"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.852] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0130.897] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0130.898] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0130.908] SetEvent (hEvent=0x39c) returned 1 [0130.908] GetFileType (hFile=0x3cc) returned 0x1 [0130.908] WriteFile (in: hFile=0x3cc, lpBuffer=0xc00028e500*, nNumberOfBytesToWrite=0x2010, lpNumberOfBytesWritten=0xc00015fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00028e500*, lpNumberOfBytesWritten=0xc00015fcec*=0x2010, lpOverlapped=0x0) returned 1 [0130.910] CloseHandle (hObject=0x3cc) returned 1 [0130.910] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0130.910] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0130.910] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc00015fd64 | out: lpMode=0xc00015fd64) returned 0 [0130.912] GetFileType (hFile=0x3cc) returned 0x1 [0130.912] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc00015fd4c*=0x158, lpOverlapped=0x0) returned 1 [0130.912] CloseHandle (hObject=0x3cc) returned 1 [0130.912] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\encry-ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\encry-readermessages"), dwFlags=0x1) returned 1 [0130.914] GetFileType (hFile=0x2e8) returned 0x1 [0130.914] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0002b0000*, nNumberOfBytesToWrite=0xa600, lpNumberOfBytesWritten=0xc000195cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b0000*, lpNumberOfBytesWritten=0xc000195cec*=0xa600, lpOverlapped=0x0) returned 1 [0130.916] CloseHandle (hObject=0x2e8) returned 1 [0130.916] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0130.916] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0130.916] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000195d64 | out: lpMode=0xc000195d64) returned 0 [0130.919] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0130.922] GetFileType (hFile=0x2e8) returned 0x1 [0130.922] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d74a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000195d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d74a0*, lpNumberOfBytesWritten=0xc000195d4c*=0x158, lpOverlapped=0x0) returned 1 [0130.922] CloseHandle (hObject=0x2e8) returned 1 [0130.922] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\encry-rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\encry-rdrmessage.zip"), dwFlags=0x1) returned 1 [0130.924] SwitchToThread () returned 1 [0130.926] SetEvent (hEvent=0x324) returned 1 [0130.926] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0130.950] SetEvent (hEvent=0x39c) returned 1 [0130.950] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0130.951] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0130.951] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0130.952] SetEvent (hEvent=0xc0) returned 1 [0130.952] SetEvent (hEvent=0x1b4) returned 1 [0130.952] SetEvent (hEvent=0x39c) returned 1 [0130.952] SetEvent (hEvent=0x148) returned 1 [0130.952] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0130.962] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0130.963] SetEvent (hEvent=0x324) returned 1 [0130.963] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0130.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0130.978] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00014dcf4 | out: lpMode=0xc00014dcf4) returned 0 [0130.979] GetFileType (hFile=0x2e8) returned 0x1 [0130.979] GetFileType (hFile=0x2e8) returned 0x1 [0130.979] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc00014dd44 | out: lpFileInformation=0xc00014dd44) returned 1 [0130.979] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc00014dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014dd28) returned 1 [0130.979] ReadFile (in: hFile=0x2e8, lpBuffer=0xc00007c000, nNumberOfBytesToRead=0x3d7, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesRead=0xc00014dc04*=0x1d7, lpOverlapped=0x0) returned 1 [0130.980] ReadFile (in: hFile=0x2e8, lpBuffer=0xc00007c1d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c1d7*, lpNumberOfBytesRead=0xc00014dc04*=0x0, lpOverlapped=0x0) returned 1 [0130.980] CloseHandle (hObject=0x2e8) returned 1 [0130.981] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.990] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B\\*", lpFindFileData=0xc00014da08 | out: lpFindFileData=0xc00014da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0130.990] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00014d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0130.990] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0130.991] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.002] SetEvent (hEvent=0x1b4) returned 1 [0131.002] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.026] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.037] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0131.038] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000195cf4 | out: lpMode=0xc000195cf4) returned 0 [0131.039] GetFileType (hFile=0x2b4) returned 0x1 [0131.039] GetFileType (hFile=0x2b4) returned 0x1 [0131.039] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc000195d44 | out: lpFileInformation=0xc000195d44) returned 1 [0131.039] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc000195d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000195d28) returned 1 [0131.039] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0131.040] ReadFile (in: hFile=0x2b4, lpBuffer=0xc000198000, nNumberOfBytesToRead=0x345, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc000198000*, lpNumberOfBytesRead=0xc000195c04*=0x145, lpOverlapped=0x0) returned 1 [0131.041] ReadFile (in: hFile=0x2b4, lpBuffer=0xc000198145, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc000198145*, lpNumberOfBytesRead=0xc000195c04*=0x0, lpOverlapped=0x0) returned 1 [0131.041] CloseHandle (hObject=0x2b4) returned 1 [0131.041] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0131.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.045] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D\\*", lpFindFileData=0xc000195a08 | out: lpFindFileData=0xc000195a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.046] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000195720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.046] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0131.046] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0131.047] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0131.047] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001b2000*, nNumberOfCharsToWrite=0x8b, lpNumberOfCharsWritten=0xc000195808, lpReserved=0x0 | out: lpBuffer=0xc0001b2000*, lpNumberOfCharsWritten=0xc000195808*=0x8b) returned 1 [0131.049] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0131.049] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0131.050] VirtualAlloc (lpAddress=0xc000282000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000282000 [0131.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0131.050] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000195d64 | out: lpMode=0xc000195d64) returned 0 [0131.065] GetFileType (hFile=0x370) returned 0x1 [0131.066] WriteFile (in: hFile=0x370, lpBuffer=0xc00019a420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000195d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00019a420*, lpNumberOfBytesWritten=0xc000195d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.066] CloseHandle (hObject=0x370) returned 1 [0131.067] VirtualAlloc (lpAddress=0xc000284000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000284000 [0131.068] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-23b523c9e7746f715d33c6527c18eb9d"), dwFlags=0x1) returned 1 [0131.137] SwitchToThread () returned 1 [0131.137] SetEvent (hEvent=0x1b4) returned 1 [0131.138] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.141] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0131.141] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00015fcf4 | out: lpMode=0xc00015fcf4) returned 0 [0131.142] GetFileType (hFile=0x370) returned 0x1 [0131.142] GetFileType (hFile=0x370) returned 0x1 [0131.142] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc00015fd44 | out: lpFileInformation=0xc00015fd44) returned 1 [0131.142] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc00015fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015fd28) returned 1 [0131.142] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0131.143] ReadFile (in: hFile=0x370, lpBuffer=0xc0000e4000, nNumberOfBytesToRead=0xd68, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesRead=0xc00015fc04*=0xb68, lpOverlapped=0x0) returned 1 [0131.147] ReadFile (in: hFile=0x370, lpBuffer=0xc0000e4b68, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4b68*, lpNumberOfBytesRead=0xc00015fc04*=0x0, lpOverlapped=0x0) returned 1 [0131.147] CloseHandle (hObject=0x370) returned 1 [0131.147] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0131.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.157] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1\\*", lpFindFileData=0xc00015fa08 | out: lpFindFileData=0xc00015fa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.158] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00015f720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.158] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc00015f808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc00015f808*=0xac) returned 1 [0131.161] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0131.161] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0131.162] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0131.162] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc00015fd64 | out: lpMode=0xc00015fd64) returned 0 [0131.166] GetFileType (hFile=0x2b4) returned 0x1 [0131.166] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00015fd4c*=0x158, lpOverlapped=0x0) returned 1 [0131.166] CloseHandle (hObject=0x2b4) returned 1 [0131.170] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwFlags=0x1) returned 1 [0131.213] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0131.213] SetEvent (hEvent=0x3c0) returned 1 [0131.213] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0131.214] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.216] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.216] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0131.216] SetEvent (hEvent=0x3c0) returned 1 [0131.216] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.220] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.237] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.245] VirtualAlloc (lpAddress=0xc0002b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b0000 [0131.246] VirtualAlloc (lpAddress=0xc0002b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b2000 [0131.246] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0131.247] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0131.248] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000275cf4 | out: lpMode=0xc000275cf4) returned 0 [0131.252] GetFileType (hFile=0x2bc) returned 0x1 [0131.252] GetFileType (hFile=0x2bc) returned 0x1 [0131.252] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000275d44 | out: lpFileInformation=0xc000275d44) returned 1 [0131.252] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000275d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000275d28) returned 1 [0131.252] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0131.252] VirtualAlloc (lpAddress=0xc0002b8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b8000 [0131.253] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0002b8000, nNumberOfBytesToRead=0x52d, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b8000*, lpNumberOfBytesRead=0xc000275c04*=0x32d, lpOverlapped=0x0) returned 1 [0131.254] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0002b832d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b832d*, lpNumberOfBytesRead=0xc000275c04*=0x0, lpOverlapped=0x0) returned 1 [0131.254] CloseHandle (hObject=0x2bc) returned 1 [0131.254] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0131.254] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0131.255] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0131.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.279] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD\\*", lpFindFileData=0xc000275a08 | out: lpFindFileData=0xc000275a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.279] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000275720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.279] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0131.280] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0131.280] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.282] SetEvent (hEvent=0x1b4) returned 1 [0131.282] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0131.282] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000262000*, nNumberOfCharsToWrite=0x8b, lpNumberOfCharsWritten=0xc000275808, lpReserved=0x0 | out: lpBuffer=0xc000262000*, lpNumberOfCharsWritten=0xc000275808*=0x8b) returned 1 [0131.286] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0131.286] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0131.286] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0131.287] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0131.287] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0131.287] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000275d64 | out: lpMode=0xc000275d64) returned 0 [0131.291] GetFileType (hFile=0x3d8) returned 0x1 [0131.291] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000275d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000275d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.291] CloseHandle (hObject=0x3d8) returned 1 [0131.293] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0131.294] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-696f3de637e6de85b458996d49d759ad"), dwFlags=0x1) returned 1 [0131.346] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.351] SetEvent (hEvent=0x3c0) returned 1 [0131.351] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.352] SetEvent (hEvent=0x3c0) returned 1 [0131.352] SetEvent (hEvent=0x320) returned 1 [0131.352] SetEvent (hEvent=0x148) returned 1 [0131.352] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.671] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.683] SetEvent (hEvent=0x3c0) returned 1 [0131.683] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.689] SetEvent (hEvent=0xfc) returned 1 [0131.689] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.725] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.734] SetEvent (hEvent=0x148) returned 1 [0131.734] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.737] SetEvent (hEvent=0x148) returned 1 [0131.737] SetEvent (hEvent=0x1b4) returned 1 [0131.737] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.737] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.738] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.738] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.738] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.738] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.739] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000275818, lpReserved=0x0 | out: lpBuffer=0xc0000a0018*, lpNumberOfCharsWritten=0xc000275818*=0x2) returned 1 [0131.740] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.746] SetEvent (hEvent=0x1b4) returned 1 [0131.746] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0131.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0131.748] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000137cf4 | out: lpMode=0xc000137cf4) returned 0 [0131.748] GetFileType (hFile=0x2b4) returned 0x1 [0131.748] GetFileType (hFile=0x2b4) returned 0x1 [0131.748] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc000137d44 | out: lpFileInformation=0xc000137d44) returned 1 [0131.748] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc000137d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000137d28) returned 1 [0131.748] ReadFile (in: hFile=0x2b4, lpBuffer=0xc00007c000, nNumberOfBytesToRead=0x3cf, lpNumberOfBytesRead=0xc000137c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesRead=0xc000137c04*=0x1cf, lpOverlapped=0x0) returned 1 [0131.749] ReadFile (in: hFile=0x2b4, lpBuffer=0xc00007c1cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000137c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c1cf*, lpNumberOfBytesRead=0xc000137c04*=0x0, lpOverlapped=0x0) returned 1 [0131.749] CloseHandle (hObject=0x2b4) returned 1 [0131.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.756] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0131.757] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778\\*", lpFindFileData=0xc000137a08 | out: lpFindFileData=0xc000137a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.757] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000137720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.757] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000137808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000137808*=0xac) returned 1 [0131.760] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0131.761] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0131.761] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0131.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0131.762] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000137d64 | out: lpMode=0xc000137d64) returned 0 [0131.762] GetFileType (hFile=0x370) returned 0x1 [0131.762] WriteFile (in: hFile=0x370, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000137d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000137d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.762] CloseHandle (hObject=0x370) returned 1 [0131.768] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwFlags=0x1) returned 1 [0131.802] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.803] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0131.803] SetEvent (hEvent=0x258) returned 1 [0131.803] SetEvent (hEvent=0xfc) returned 1 [0131.803] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.808] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0131.809] SetEvent (hEvent=0xfc) returned 1 [0131.809] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.812] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.854] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.862] SetEvent (hEvent=0x258) returned 1 [0131.862] SetEvent (hEvent=0x148) returned 1 [0131.862] SetEvent (hEvent=0xfc) returned 1 [0131.862] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.877] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.885] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0131.915] SetEvent (hEvent=0x320) returned 1 [0131.915] SwitchToThread () returned 1 [0132.006] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0132.591] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0132.592] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0132.593] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0132.593] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00012bcf4 | out: lpMode=0xc00012bcf4) returned 0 [0132.601] GetFileType (hFile=0x370) returned 0x1 [0132.602] GetFileType (hFile=0x370) returned 0x1 [0132.602] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc00012bd44 | out: lpFileInformation=0xc00012bd44) returned 1 [0132.602] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc00012bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012bd28) returned 1 [0132.602] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0132.602] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0132.603] ReadFile (in: hFile=0x370, lpBuffer=0xc000184000, nNumberOfBytesToRead=0x390, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000184000*, lpNumberOfBytesRead=0xc00012bc04*=0x190, lpOverlapped=0x0) returned 1 [0132.604] ReadFile (in: hFile=0x370, lpBuffer=0xc000184190, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000184190*, lpNumberOfBytesRead=0xc00012bc04*=0x0, lpOverlapped=0x0) returned 1 [0132.604] CloseHandle (hObject=0x370) returned 1 [0132.604] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0132.604] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0132.605] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0132.605] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.605] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220\\*", lpFindFileData=0xc00012ba08 | out: lpFindFileData=0xc00012ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.605] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00012b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.606] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0132.606] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0132.607] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001fbcf4 | out: lpMode=0xc0001fbcf4) returned 0 [0132.608] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0132.625] SetEvent (hEvent=0x3c0) returned 1 [0132.625] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0132.625] SetEvent (hEvent=0x3c0) returned 1 [0132.625] SetEvent (hEvent=0x148) returned 1 [0132.625] SetEvent (hEvent=0x24c) returned 1 [0132.625] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0132.637] VirtualFree (lpAddress=0xc000208000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.637] VirtualFree (lpAddress=0xc000204000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.637] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0132.638] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.638] VirtualFree (lpAddress=0xc000198000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.639] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0132.639] VirtualFree (lpAddress=0xc00010e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.640] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.640] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.641] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.641] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.642] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.642] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0132.643] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.643] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.643] VirtualFree (lpAddress=0xc000074000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0132.644] VirtualFree (lpAddress=0xc00006a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0132.644] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.645] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.645] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.646] VirtualFree (lpAddress=0xc00004c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0132.646] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0132.646] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0132.647] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc00012fcf4 | out: lpMode=0xc00012fcf4) returned 0 [0132.657] GetFileType (hFile=0x3cc) returned 0x1 [0132.657] VirtualAlloc (lpAddress=0xc000214000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000214000 [0132.657] GetFileType (hFile=0x3cc) returned 0x1 [0132.657] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc00012fd44 | out: lpFileInformation=0xc00012fd44) returned 1 [0132.657] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc00012fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012fd28) returned 1 [0132.657] VirtualAlloc (lpAddress=0xc000216000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000216000 [0132.658] ReadFile (in: hFile=0x3cc, lpBuffer=0xc000216000, nNumberOfBytesToRead=0x394, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000216000*, lpNumberOfBytesRead=0xc00012fc04*=0x194, lpOverlapped=0x0) returned 1 [0132.659] ReadFile (in: hFile=0x3cc, lpBuffer=0xc000216194, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000216194*, lpNumberOfBytesRead=0xc00012fc04*=0x0, lpOverlapped=0x0) returned 1 [0132.659] CloseHandle (hObject=0x3cc) returned 1 [0132.659] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0132.659] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0132.660] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0132.661] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.802] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0132.803] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77\\*", lpFindFileData=0xc00012fa08 | out: lpFindFileData=0xc00012fa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.803] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00012f720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.803] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d69a0*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc00012f808, lpReserved=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfCharsWritten=0xc00012f808*=0xad) returned 1 [0132.810] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082b01 | out: pbBuffer=0xc000082b01) returned 1 [0132.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0132.810] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00012fd64 | out: lpMode=0xc00012fd64) returned 0 [0132.816] GetFileType (hFile=0x2e8) returned 0x1 [0132.816] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc00012fd4c*=0x158, lpOverlapped=0x0) returned 1 [0132.816] CloseHandle (hObject=0x2e8) returned 1 [0132.863] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwFlags=0x1) returned 1 [0133.032] SetEvent (hEvent=0x320) returned 1 [0133.032] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0133.033] SetEvent (hEvent=0x1b4) returned 1 [0133.033] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0133.034] SetEvent (hEvent=0x1b4) returned 1 [0133.034] SetEvent (hEvent=0x320) returned 1 [0133.034] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000201818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc000201818*=0x3) returned 1 [0133.036] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0133.039] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0133.041] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0133.044] SwitchToThread () returned 1 [0133.045] SetEvent (hEvent=0x13c) returned 1 [0133.045] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0133.049] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0133.052] SetEvent (hEvent=0x324) returned 1 [0133.052] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0133.054] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012b818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc00012b818*=0x3) returned 1 [0133.056] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010046*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002d9818, lpReserved=0x0 | out: lpBuffer=0xc000010046*, lpNumberOfCharsWritten=0xc0002d9818*=0x3) returned 1 [0133.058] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0133.060] SetEvent (hEvent=0x324) returned 1 [0133.060] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0133.063] SetEvent (hEvent=0x324) returned 1 [0133.063] SetEvent (hEvent=0x3c0) returned 1 [0133.063] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0133.064] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b199f40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b199f40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b199f40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x194)) returned 1 [0133.411] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0133.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefaf7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefaf7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaec313e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x198)) returned 1 [0133.431] SetEvent (hEvent=0x30c) returned 1 [0133.431] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0133.432] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6056b480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6056b480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1ef687a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x182)) returned 1 [0133.459] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0133.459] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x611ea800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x611ea800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaecc9960, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186)) returned 1 [0133.474] SetEvent (hEvent=0x324) returned 1 [0133.474] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58e24200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58e24200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9f5f40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186)) returned 1 [0133.491] SetEvent (hEvent=0x334) returned 1 [0133.491] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61236ac0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61236ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3b0b01a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x182)) returned 1 [0133.506] SetEvent (hEvent=0x39c) returned 1 [0133.506] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5836df00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5836df00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f739c0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182)) returned 1 [0133.523] SetEvent (hEvent=0x1a0) returned 1 [0133.523] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0133.524] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0133.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x62378a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x62378a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9a9c80, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182)) returned 1 [0133.540] SetEvent (hEvent=0x30c) returned 1 [0133.540] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x613675c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x613675c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69bba4a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x186)) returned 1 [0133.556] SetEvent (hEvent=0xec) returned 1 [0133.556] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x63c50fe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63c50fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb100bf40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186)) returned 1 [0133.573] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61021780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61021780, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb1058200, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182)) returned 1 [0133.626] SetEvent (hEvent=0x334) returned 1 [0133.626] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x636a9ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x636a9ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb139e040, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186)) returned 1 [0133.646] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0133.647] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x581f7ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x581f7ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f4d860, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x180)) returned 1 [0133.668] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xec3c5340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec3c5340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xb16257a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x188)) returned 1 [0133.686] SetEvent (hEvent=0x30c) returned 1 [0133.686] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x8064ac00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8064ac00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80670d60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x188)) returned 1 [0133.703] SetEvent (hEvent=0xec) returned 1 [0133.703] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0133.703] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6aa2c0a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6aa2c0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xadf19ae0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x196)) returned 1 [0133.728] SetEvent (hEvent=0x324) returned 1 [0133.728] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0133.729] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0133.730] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbf0dd70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x156)) returned 1 [0133.749] SetEvent (hEvent=0x334) returned 1 [0133.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6a83cec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a83cec0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaebe5120, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x194)) returned 1 [0133.772] SetEvent (hEvent=0x1a0) returned 1 [0133.773] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0133.773] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf3f73d0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf3f73d0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf3f73d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x186)) returned 1 [0133.801] SetEvent (hEvent=0x39c) returned 1 [0133.801] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0133.802] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe06277d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe06277d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xb15d94e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182)) returned 1 [0133.821] SetEvent (hEvent=0xec) returned 1 [0133.821] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0133.822] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe07ca6f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe07ca6f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0x965accc0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x182)) returned 1 [0133.845] SetEvent (hEvent=0x1a0) returned 1 [0133.845] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54bc3730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54bc3730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb11d4fc0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1ae)) returned 1 [0133.863] SetEvent (hEvent=0x324) returned 1 [0133.863] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bfe570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bfe570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe9b34f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1ec)) returned 1 [0133.887] SetEvent (hEvent=0x30c) returned 1 [0133.887] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0133.888] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe04aaa10, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe04aaa10, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xae4e7080, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1a0)) returned 1 [0133.907] SetEvent (hEvent=0x334) returned 1 [0133.907] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0133.907] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefc01b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefc01b00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaa4ee1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x1a0)) returned 1 [0133.930] SetEvent (hEvent=0x39c) returned 1 [0133.930] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0133.931] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54322770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54322770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x204)) returned 1 [0133.952] SetEvent (hEvent=0x1a0) returned 1 [0133.953] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0133.953] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x204)) returned 1 [0133.993] SetEvent (hEvent=0xec) returned 1 [0133.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x56bb3b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x56bb3b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaeca3800, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x192)) returned 1 [0134.010] SetEvent (hEvent=0x324) returned 1 [0134.010] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x682fbd00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x682fbd00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae0bca00, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x18e)) returned 1 [0134.032] SetEvent (hEvent=0x30c) returned 1 [0134.032] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5461c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5461c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf67eb30, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18e)) returned 1 [0134.051] SetEvent (hEvent=0x334) returned 1 [0134.051] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0134.052] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x728c68a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x728c68a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xae63dce0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x194)) returned 1 [0134.072] SetEvent (hEvent=0x39c) returned 1 [0134.072] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0134.073] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x545f6190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x545f6190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69b6e1e0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x198)) returned 1 [0134.093] SetEvent (hEvent=0x1a0) returned 1 [0134.093] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0134.094] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x808d4a70, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x808d4a70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x808d4a70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1a4)) returned 1 [0134.116] SetEvent (hEvent=0xec) returned 1 [0134.116] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0134.117] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x683e0540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x683e0540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f015a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x18e)) returned 1 [0134.138] SetEvent (hEvent=0x324) returned 1 [0134.138] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0134.139] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf312b90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf312b90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf312b90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1a0)) returned 1 [0134.161] SetEvent (hEvent=0x30c) returned 1 [0134.161] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0134.162] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0134.162] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0134.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xfc)) returned 1 [0134.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\ime12"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9778 | out: lpFileInformation=0xc0001e9778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.168] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\ime12"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.168] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0134.168] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0134.169] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IME12\\*", lpFindFileData=0xc0001e9530 | out: lpFindFileData=0xc0001e9530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.169] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.169] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.169] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.169] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\imjp12"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9778 | out: lpFileInformation=0xc0001e9778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.170] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\imjp12"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.170] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP12\\*", lpFindFileData=0xc0001e9530 | out: lpFindFileData=0xc0001e9530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.170] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.170] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.170] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.170] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\imjp8_1"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9778 | out: lpFileInformation=0xc0001e9778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.171] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\imjp8_1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.171] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP8_1\\*", lpFindFileData=0xc0001e9530 | out: lpFindFileData=0xc0001e9530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.171] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.171] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.171] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.171] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\imjp9_0"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9778 | out: lpFileInformation=0xc0001e9778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\imjp9_0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.172] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\IMJP9_0\\*", lpFindFileData=0xc0001e9530 | out: lpFindFileData=0xc0001e9530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.172] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.173] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.173] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9778 | out: lpFileInformation=0xc0001e9778*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5616fca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5616fca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.173] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.173] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\*", lpFindFileData=0xc0001e9530 | out: lpFindFileData=0xc0001e9530*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5616fca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5616fca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.173] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5616fca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5616fca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.173] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DOMStore", cAlternateFileName="")) returned 1 [0134.174] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Services", cAlternateFileName="")) returned 1 [0134.174] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.174] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.174] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0134.174] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0134.175] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore"), fInfoLevelId=0x0, lpFileInformation=0xc0001e96a0 | out: lpFileInformation=0xc0001e96a0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.175] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.175] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\*", lpFindFileData=0xc0001e9458 | out: lpFindFileData=0xc0001e9458*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.175] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0134.176] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.176] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="36USA68T", cAlternateFileName="")) returned 1 [0134.176] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x605dd8a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3O75JDME", cAlternateFileName="")) returned 1 [0134.176] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0134.176] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UV0DUWVB", cAlternateFileName="")) returned 1 [0134.176] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VGMTOI09", cAlternateFileName="")) returned 1 [0134.176] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.176] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.177] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0134.177] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0134.178] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.178] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.178] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\*", lpFindFileData=0xc0001e9380 | out: lpFindFileData=0xc0001e9380*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.178] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.178] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b05050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x0, dwReserved1=0x0, cFileName="imagesrv.adition[1].xml", cAlternateFileName="IMAGES~1.XML")) returned 1 [0134.178] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.178] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.179] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b05050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b05050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b05050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd)) returned 1 [0134.179] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x605dd8a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.192] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0134.193] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0134.194] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0134.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.194] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0134.195] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\*", lpFindFileData=0xc0001e9380 | out: lpFindFileData=0xc0001e9380*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x605dd8a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.195] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0134.196] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0134.196] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x605dd8a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.197] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x605dd8a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x696aec80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x0, dwReserved1=0x0, cFileName="www.google[1].xml", cAlternateFileName="WWWGOO~1.XML")) returned 1 [0134.197] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0134.197] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.197] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0134.198] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.198] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0134.198] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0134.199] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x605dd8a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605dd8a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x696aec80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd)) returned 1 [0134.206] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\uv0duwvb"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.206] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\uv0duwvb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.206] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\UV0DUWVB\\*", lpFindFileData=0xc0001e9380 | out: lpFindFileData=0xc0001e9380*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.206] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.206] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.207] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.207] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.207] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.207] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\*", lpFindFileData=0xc0001e9380 | out: lpFindFileData=0xc0001e9380*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.207] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.207] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x344, dwReserved0=0x0, dwReserved1=0x0, cFileName="www.msn[1].xml", cAlternateFileName="WWWMSN~1.XML")) returned 1 [0134.207] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.207] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.207] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x344)) returned 1 [0134.208] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510b3550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0134.208] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\services"), fInfoLevelId=0x0, lpFileInformation=0xc0001e96a0 | out: lpFileInformation=0xc0001e96a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\services"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.208] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\*", lpFindFileData=0xc0001e9458 | out: lpFindFileData=0xc0001e9458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.208] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5616fca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bf7e690, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bf7e690, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.209] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.209] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.209] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0134.209] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9850 | out: lpFileInformation=0xc0001e9850*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.264] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0134.280] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0134.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.281] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\*", lpFindFileData=0xc0001e9608 | out: lpFindFileData=0xc0001e9608*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.281] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.281] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 1 [0134.281] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.281] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9778 | out: lpFileInformation=0xc0001e9778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.298] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0134.298] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\*", lpFindFileData=0xc0001e9530 | out: lpFindFileData=0xc0001e9530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.299] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.299] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7eea3160, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AU", cAlternateFileName="")) returned 1 [0134.299] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1ea6db0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Deployment", cAlternateFileName="DEPLOY~1")) returned 1 [0134.299] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jre1.7.0_45", cAlternateFileName="JRE17~1.0_4")) returned 1 [0134.299] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.299] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.299] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au"), fInfoLevelId=0x0, lpFileInformation=0xc0001e96a0 | out: lpFileInformation=0xc0001e96a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7eea3160, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.299] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\*", lpFindFileData=0xc0001e9458 | out: lpFindFileData=0xc0001e9458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7eea3160, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.300] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7eea3160, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.300] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7eec92c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x8e062, dwReserved0=0x0, dwReserved1=0x0, cFileName="au.cab", cAlternateFileName="")) returned 1 [0134.300] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7eec92c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2d400, dwReserved0=0x0, dwReserved1=0x0, cFileName="au.msi", cAlternateFileName="")) returned 1 [0134.300] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.300] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.300] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.cab"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7eec92c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x8e062)) returned 1 [0134.306] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0134.311] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0134.313] SetEvent (hEvent=0x39c) returned 1 [0134.313] SetEvent (hEvent=0x334) returned 1 [0134.313] VirtualFree (lpAddress=0xc0001b4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.314] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.314] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.315] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.315] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.315] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.316] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.316] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.317] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.317] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.317] VirtualFree (lpAddress=0xc000072000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.318] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.318] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.319] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.319] GetFileType (hFile=0x240) returned 0x1 [0134.319] WriteFile (in: hFile=0x240, lpBuffer=0xc000126000*, nNumberOfBytesToWrite=0x350, lpNumberOfBytesWritten=0xc000177cec, lpOverlapped=0x0 | out: lpBuffer=0xc000126000*, lpNumberOfBytesWritten=0xc000177cec*=0x350, lpOverlapped=0x0) returned 1 [0134.320] CloseHandle (hObject=0x240) returned 1 [0134.320] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0134.321] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0134.321] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0134.322] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0134.322] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000177d64 | out: lpMode=0xc000177d64) returned 0 [0134.325] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0134.329] GetFileType (hFile=0x240) returned 0x1 [0134.329] WriteFile (in: hFile=0x240, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000177d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000177d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.329] CloseHandle (hObject=0x240) returned 1 [0134.329] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0134.330] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0134.331] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\encry-www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\encry-www.msn[1].xml"), dwFlags=0x1) returned 1 [0134.332] SwitchToThread () returned 1 [0134.334] SetEvent (hEvent=0x39c) returned 1 [0134.334] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0134.343] SetEvent (hEvent=0x334) returned 1 [0134.343] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0134.363] SetEvent (hEvent=0x39c) returned 1 [0134.363] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0134.366] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0134.367] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0134.368] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000063cf4 | out: lpMode=0xc000063cf4) returned 0 [0134.393] GetFileType (hFile=0x2f0) returned 0x1 [0134.393] GetFileType (hFile=0x2f0) returned 0x1 [0134.393] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc000063d44 | out: lpFileInformation=0xc000063d44) returned 1 [0134.393] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc000063d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000063d28) returned 1 [0134.393] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0134.394] ReadFile (in: hFile=0x2f0, lpBuffer=0xc000076000, nNumberOfBytesToRead=0x4cf, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc000076000*, lpNumberOfBytesRead=0xc000063c04*=0x2cf, lpOverlapped=0x0) returned 1 [0134.417] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0134.449] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0000762cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000762cf*, lpNumberOfBytesRead=0xc000063c04*=0x0, lpOverlapped=0x0) returned 1 [0134.450] CloseHandle (hObject=0x2f0) returned 1 [0134.450] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0134.450] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0134.451] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0134.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0134.452] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000063d04 | out: lpMode=0xc000063d04) returned 0 [0134.490] GetFileType (hFile=0x2f0) returned 0x1 [0134.490] WriteFile (in: hFile=0x2f0, lpBuffer=0xc000102000*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0xc000063cec, lpOverlapped=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfBytesWritten=0xc000063cec*=0x2d0, lpOverlapped=0x0) returned 1 [0134.491] CloseHandle (hObject=0x2f0) returned 1 [0134.502] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0134.502] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0134.503] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0134.504] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0134.505] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0134.505] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000063d64 | out: lpMode=0xc000063d64) returned 0 [0134.525] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0134.558] GetFileType (hFile=0x2f0) returned 0x1 [0134.558] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000063d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc000063d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.559] CloseHandle (hObject=0x2f0) returned 1 [0134.559] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\encry-deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\encry-deployment.properties"), dwFlags=0x1) returned 1 [0134.560] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.560] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.561] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.561] SetEvent (hEvent=0x114) returned 1 [0134.561] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0135.682] SetEvent (hEvent=0x114) returned 1 [0135.682] SetEvent (hEvent=0xfc) returned 1 [0135.682] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0135.687] SetEvent (hEvent=0x114) returned 1 [0135.687] SetEvent (hEvent=0x39c) returned 1 [0135.687] SetEvent (hEvent=0xfc) returned 1 [0135.687] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0135.731] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0135.731] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\BEvYNIg0.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bevynig0.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0135.732] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001f9cf4 | out: lpMode=0xc0001f9cf4) returned 0 [0135.733] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0135.751] GetFileType (hFile=0x36c) returned 0x1 [0135.751] GetFileType (hFile=0x36c) returned 0x1 [0135.751] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0001f9d44 | out: lpFileInformation=0xc0001f9d44) returned 1 [0135.751] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0001f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f9d28) returned 1 [0135.751] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0135.752] VirtualAlloc (lpAddress=0xc000306000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000306000 [0135.754] ReadFile (in: hFile=0x36c, lpBuffer=0xc000306000, nNumberOfBytesToRead=0x139e4, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000306000*, lpNumberOfBytesRead=0xc0001f9c04*=0x137e4, lpOverlapped=0x0) returned 1 [0135.756] ReadFile (in: hFile=0x36c, lpBuffer=0xc0003197e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003197e4*, lpNumberOfBytesRead=0xc0001f9c04*=0x0, lpOverlapped=0x0) returned 1 [0135.756] CloseHandle (hObject=0x36c) returned 1 [0135.756] VirtualAlloc (lpAddress=0xc00031c000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031c000 [0135.759] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0135.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\BEvYNIg0.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bevynig0.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0135.761] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001f9d04 | out: lpMode=0xc0001f9d04) returned 0 [0135.762] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0135.784] GetFileType (hFile=0x36c) returned 0x1 [0135.784] WriteFile (in: hFile=0x36c, lpBuffer=0xc00031c000*, nNumberOfBytesToWrite=0x137f0, lpNumberOfBytesWritten=0xc0001f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00031c000*, lpNumberOfBytesWritten=0xc0001f9cec*=0x137f0, lpOverlapped=0x0) returned 1 [0135.787] CloseHandle (hObject=0x36c) returned 1 [0135.787] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0135.788] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0135.788] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0135.788] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0135.789] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0135.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\BEvYNIg0.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bevynig0.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0135.790] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001f9d64 | out: lpMode=0xc0001f9d64) returned 0 [0135.792] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0135.794] SetEvent (hEvent=0x324) returned 1 [0135.794] GetFileType (hFile=0x36c) returned 0x1 [0135.794] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0135.794] CloseHandle (hObject=0x36c) returned 1 [0135.794] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0135.795] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0135.795] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0135.796] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\BEvYNIg0.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bevynig0.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-BEvYNIg0.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-bevynig0.flv"), dwFlags=0x1) returned 1 [0135.797] SwitchToThread () returned 1 [0135.799] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0135.799] SetEvent (hEvent=0x324) returned 1 [0135.800] SetEvent (hEvent=0x334) returned 1 [0135.800] VirtualFree (lpAddress=0xc00031c000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0135.800] VirtualFree (lpAddress=0xc000306000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0135.801] VirtualFree (lpAddress=0xc000208000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.801] VirtualFree (lpAddress=0xc000202000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0135.802] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.802] VirtualFree (lpAddress=0xc000182000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0135.803] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.803] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0135.803] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.804] SwitchToThread () returned 1 [0135.805] SetEvent (hEvent=0x324) returned 1 [0135.805] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0135.806] SetEvent (hEvent=0x324) returned 1 [0135.806] SetEvent (hEvent=0x334) returned 1 [0135.806] SetEvent (hEvent=0x354) returned 1 [0135.806] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0135.814] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0136.147] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0136.148] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0136.148] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0136.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0136.149] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000177cf4 | out: lpMode=0xc000177cf4) returned 0 [0136.155] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0136.163] GetFileType (hFile=0x1ec) returned 0x1 [0136.163] GetFileType (hFile=0x1ec) returned 0x1 [0136.163] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc000177d44 | out: lpFileInformation=0xc000177d44) returned 1 [0136.163] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc000177d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000177d28) returned 1 [0136.163] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0136.164] ReadFile (in: hFile=0x1ec, lpBuffer=0xc000120000, nNumberOfBytesToRead=0x22d, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesRead=0xc000177c04*=0x2d, lpOverlapped=0x0) returned 1 [0136.165] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00012002d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc00012002d*, lpNumberOfBytesRead=0xc000177c04*=0x0, lpOverlapped=0x0) returned 1 [0136.165] CloseHandle (hObject=0x1ec) returned 1 [0136.165] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.165] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f\\*", lpFindFileData=0xc000177a08 | out: lpFindFileData=0xc000177a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0136.165] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000177720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0136.165] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0136.166] SetEvent (hEvent=0x354) returned 1 [0136.166] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0136.314] SetEvent (hEvent=0x354) returned 1 [0136.314] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0136.425] SetEvent (hEvent=0xfc) returned 1 [0136.425] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0137.177] SetEvent (hEvent=0xfc) returned 1 [0137.177] SetEvent (hEvent=0x354) returned 1 [0137.177] SetEvent (hEvent=0x39c) returned 1 [0137.177] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0137.300] SetEvent (hEvent=0x39c) returned 1 [0137.300] SetEvent (hEvent=0x30c) returned 1 [0137.300] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0137.410] VirtualAlloc (lpAddress=0xc00373c000, dwSize=0x400000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00373c000 [0137.792] SetEvent (hEvent=0x354) returned 1 [0137.792] SetEvent (hEvent=0xc0) returned 1 [0137.793] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0137.809] SetEvent (hEvent=0x39c) returned 1 [0137.809] ReadFile (in: hFile=0x2f4, lpBuffer=0xc00373c000, nNumberOfBytesToRead=0x3fe6ab, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00373c000*, lpNumberOfBytesRead=0xc00014bc04*=0x3fe4ab, lpOverlapped=0x0) returned 1 [0137.983] ReadFile (in: hFile=0x2f4, lpBuffer=0xc003b3a4ab, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc003b3a4ab*, lpNumberOfBytesRead=0xc00014bc04*=0x0, lpOverlapped=0x0) returned 1 [0137.983] CloseHandle (hObject=0x2f4) returned 1 [0137.983] VirtualAlloc (lpAddress=0xc003b3c000, dwSize=0x400000, flAllocationType=0x1000, flProtect=0x4) returned 0xc003b3c000 [0138.017] SwitchToThread () returned 1 [0138.018] SetEvent (hEvent=0x334) returned 1 [0138.018] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0138.139] SetEvent (hEvent=0x334) returned 1 [0138.139] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0138.141] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc000211d04 | out: lpMode=0xc000211d04) returned 0 [0138.336] GetFileType (hFile=0x2f4) returned 0x1 [0138.336] WriteFile (in: hFile=0x2f4, lpBuffer=0xc00010c000*, nNumberOfBytesToWrite=0x610, lpNumberOfBytesWritten=0xc000211cec, lpOverlapped=0x0 | out: lpBuffer=0xc00010c000*, lpNumberOfBytesWritten=0xc000211cec*=0x610, lpOverlapped=0x0) returned 1 [0138.337] CloseHandle (hObject=0x2f4) returned 1 [0138.337] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0138.338] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0138.557] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0138.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0138.558] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000211d64 | out: lpMode=0xc000211d64) returned 0 [0138.565] GetFileType (hFile=0x36c) returned 0x1 [0138.565] WriteFile (in: hFile=0x36c, lpBuffer=0xc0001122c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000211d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001122c0*, lpNumberOfBytesWritten=0xc000211d4c*=0x158, lpOverlapped=0x0) returned 1 [0138.565] CloseHandle (hObject=0x36c) returned 1 [0138.566] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\encry-Windows Media Player (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\encry-windows media player (2).lnk"), dwFlags=0x1) returned 1 [0138.569] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0138.612] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0138.612] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0138.612] SetEvent (hEvent=0xc0) returned 1 [0138.612] SetEvent (hEvent=0x334) returned 1 [0138.612] SetEvent (hEvent=0xec) returned 1 [0138.612] SetEvent (hEvent=0x324) returned 1 [0138.613] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0138.620] SetEvent (hEvent=0x3c8) returned 1 [0138.620] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0138.629] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0138.629] SetEvent (hEvent=0x3c8) returned 1 [0138.629] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0138.711] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0138.712] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0138.712] SetEvent (hEvent=0xc0) returned 1 [0138.712] SetEvent (hEvent=0x354) returned 1 [0138.712] SetEvent (hEvent=0x30c) returned 1 [0138.713] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0138.713] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0138.713] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0138.747] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0138.747] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0138.748] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0138.748] SetEvent (hEvent=0xc0) returned 1 [0138.748] SetEvent (hEvent=0x354) returned 1 [0138.748] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0138.770] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0138.770] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0138.771] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000195cf4 | out: lpMode=0xc000195cf4) returned 0 [0138.790] GetFileType (hFile=0x2cc) returned 0x1 [0138.790] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0138.791] GetFileType (hFile=0x2cc) returned 0x1 [0138.791] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc000195d44 | out: lpFileInformation=0xc000195d44) returned 1 [0138.791] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc000195d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000195d28) returned 1 [0138.791] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0138.792] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0000b6000, nNumberOfBytesToRead=0xadd, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesRead=0xc000195c04*=0x8dd, lpOverlapped=0x0) returned 1 [0138.793] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0000b68dd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b68dd*, lpNumberOfBytesRead=0xc000195c04*=0x0, lpOverlapped=0x0) returned 1 [0138.794] CloseHandle (hObject=0x2cc) returned 1 [0138.794] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0138.794] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0138.795] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0138.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0138.797] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000195d04 | out: lpMode=0xc000195d04) returned 0 [0138.808] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0138.816] GetFileType (hFile=0x2cc) returned 0x1 [0138.816] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000e8000*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0xc000195cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e8000*, lpNumberOfBytesWritten=0xc000195cec*=0x8e0, lpOverlapped=0x0) returned 1 [0138.818] CloseHandle (hObject=0x2cc) returned 1 [0138.818] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0401 | out: pbBuffer=0xc0002f0401) returned 1 [0138.818] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0138.819] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0138.819] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0138.820] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0138.820] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0138.821] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000195d64 | out: lpMode=0xc000195d64) returned 0 [0138.824] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0138.826] GetFileType (hFile=0x2cc) returned 0x1 [0138.826] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0138.853] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0138.854] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0001b0000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000195d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001b0000*, lpNumberOfBytesWritten=0xc000195d4c*=0x158, lpOverlapped=0x0) returned 1 [0138.854] CloseHandle (hObject=0x2cc) returned 1 [0138.854] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\encry-Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\encry-google chrome.lnk"), dwFlags=0x1) returned 1 [0138.857] SetEvent (hEvent=0x30c) returned 1 [0138.857] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0139.357] SwitchToThread () returned 1 [0139.616] SetEvent (hEvent=0x39c) returned 1 [0139.616] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0139.648] SetEvent (hEvent=0x3c8) returned 1 [0139.648] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0139.675] SwitchToThread () returned 1 [0139.697] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0139.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0139.769] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0000c5cf4 | out: lpMode=0xc0000c5cf4) returned 0 [0139.781] GetFileType (hFile=0x1ec) returned 0x1 [0139.782] GetFileType (hFile=0x1ec) returned 0x1 [0139.782] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc0000c5d44 | out: lpFileInformation=0xc0000c5d44) returned 1 [0139.782] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc0000c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c5d28) returned 1 [0139.782] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0139.783] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00010c000, nNumberOfBytesToRead=0x672, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00010c000*, lpNumberOfBytesRead=0xc0000c5c04*=0x472, lpOverlapped=0x0) returned 1 [0139.798] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0139.838] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00010c472, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00010c472*, lpNumberOfBytesRead=0xc0000c5c04*=0x0, lpOverlapped=0x0) returned 1 [0139.838] CloseHandle (hObject=0x1ec) returned 1 [0139.838] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0139.839] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0139.840] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0000c5d04 | out: lpMode=0xc0000c5d04) returned 0 [0139.849] GetFileType (hFile=0x1ec) returned 0x1 [0139.849] WriteFile (in: hFile=0x1ec, lpBuffer=0xc000112000*, nNumberOfBytesToWrite=0x480, lpNumberOfBytesWritten=0xc0000c5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000112000*, lpNumberOfBytesWritten=0xc0000c5cec*=0x480, lpOverlapped=0x0) returned 1 [0139.850] CloseHandle (hObject=0x1ec) returned 1 [0139.850] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0139.850] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0139.851] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0139.852] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0139.852] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0139.852] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0000c5d64 | out: lpMode=0xc0000c5d64) returned 0 [0139.866] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0139.897] GetFileType (hFile=0x1ec) returned 0x1 [0139.897] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0139.897] WriteFile (in: hFile=0x1ec, lpBuffer=0xc000094000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesWritten=0xc0000c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0139.897] CloseHandle (hObject=0x1ec) returned 1 [0139.898] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0139.898] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0139.899] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0139.900] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\encry-Templates.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\encry-templates.lnk"), dwFlags=0x1) returned 1 [0139.901] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0139.944] SwitchToThread () returned 1 [0139.960] SetEvent (hEvent=0x39c) returned 1 [0139.960] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0139.977] SetEvent (hEvent=0x324) returned 1 [0139.977] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.010] SwitchToThread () returned 1 [0140.023] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.027] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.029] SetEvent (hEvent=0x39c) returned 1 [0140.029] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.045] SetEvent (hEvent=0x39c) returned 1 [0140.045] SetEvent (hEvent=0x324) returned 1 [0140.045] SetEvent (hEvent=0x3c8) returned 1 [0140.045] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.065] GetFileType (hFile=0x2f0) returned 0x1 [0140.065] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0000fe000*, nNumberOfBytesToWrite=0x9b0, lpNumberOfBytesWritten=0xc0002d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesWritten=0xc0002d9cec*=0x9b0, lpOverlapped=0x0) returned 1 [0140.067] CloseHandle (hObject=0x2f0) returned 1 [0140.067] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0140.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0140.067] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0002d9d64 | out: lpMode=0xc0002d9d64) returned 0 [0140.076] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.085] GetFileType (hFile=0x2f0) returned 0x1 [0140.085] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0140.086] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0001a6000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001a6000*, lpNumberOfBytesWritten=0xc0002d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.087] CloseHandle (hObject=0x2f0) returned 1 [0140.087] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\encry-Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\encry-outlook.xml"), dwFlags=0x1) returned 1 [0140.089] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0140.089] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000155cf4 | out: lpMode=0xc000155cf4) returned 0 [0140.097] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.123] GetFileType (hFile=0x2f0) returned 0x1 [0140.123] GetFileType (hFile=0x2f0) returned 0x1 [0140.123] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc000155d44 | out: lpFileInformation=0xc000155d44) returned 1 [0140.123] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc000155d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000155d28) returned 1 [0140.123] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0140.124] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0001b0000, nNumberOfBytesToRead=0x338, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b0000*, lpNumberOfBytesRead=0xc000155c04*=0x138, lpOverlapped=0x0) returned 1 [0140.125] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0001b0138, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b0138*, lpNumberOfBytesRead=0xc000155c04*=0x0, lpOverlapped=0x0) returned 1 [0140.126] CloseHandle (hObject=0x2f0) returned 1 [0140.126] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0140.126] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.127] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST\\*", lpFindFileData=0xc000155a08 | out: lpFindFileData=0xc000155a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0140.127] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000155720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0140.127] SwitchToThread () returned 1 [0140.147] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206090*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000135818, lpReserved=0x0 | out: lpBuffer=0xc000206090*, lpNumberOfCharsWritten=0xc000135818*=0x3) returned 1 [0140.152] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002060a8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000253818, lpReserved=0x0 | out: lpBuffer=0xc0002060a8*, lpNumberOfCharsWritten=0xc000253818*=0x3) returned 1 [0140.157] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.158] SetEvent (hEvent=0x39c) returned 1 [0140.158] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.159] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000000800*, nNumberOfCharsToWrite=0x79, lpNumberOfCharsWritten=0xc0006e3808, lpReserved=0x0 | out: lpBuffer=0xc000000800*, lpNumberOfCharsWritten=0xc0006e3808*=0x79) returned 1 [0140.160] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0140.161] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0140.161] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0140.162] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0006e3d64 | out: lpMode=0xc0006e3d64) returned 0 [0140.166] GetFileType (hFile=0x2f0) returned 0x1 [0140.166] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0001a62c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001a62c0*, lpNumberOfBytesWritten=0xc0006e3d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.167] CloseHandle (hObject=0x2f0) returned 1 [0140.168] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\encry-index.dat"), dwFlags=0x1) returned 1 [0140.169] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.170] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.170] VirtualFree (lpAddress=0xc000182000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.170] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.171] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.171] VirtualFree (lpAddress=0xc000110000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.171] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.172] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.172] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.172] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.173] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.173] GetFileType (hFile=0x36c) returned 0x1 [0140.173] WriteFile (in: hFile=0x36c, lpBuffer=0xc0001a6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000277d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001a6580*, lpNumberOfBytesWritten=0xc000277d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.174] CloseHandle (hObject=0x36c) returned 1 [0140.174] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0140.174] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0140.175] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0140.177] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0140.178] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0140.178] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0140.179] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000143cf4 | out: lpMode=0xc000143cf4) returned 0 [0140.190] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.194] GetFileType (hFile=0x36c) returned 0x1 [0140.194] GetFileType (hFile=0x36c) returned 0x1 [0140.194] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc000143d44 | out: lpFileInformation=0xc000143d44) returned 1 [0140.194] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc000143d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000143d28) returned 1 [0140.194] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0140.195] ReadFile (in: hFile=0x36c, lpBuffer=0xc0000e4000, nNumberOfBytesToRead=0x218, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesRead=0xc000143c04*=0x18, lpOverlapped=0x0) returned 1 [0140.196] ReadFile (in: hFile=0x36c, lpBuffer=0xc0000e4018, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4018*, lpNumberOfBytesRead=0xc000143c04*=0x0, lpOverlapped=0x0) returned 1 [0140.196] CloseHandle (hObject=0x36c) returned 1 [0140.197] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0140.197] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0140.198] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0140.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.199] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred\\*", lpFindFileData=0xc000143a08 | out: lpFindFileData=0xc000143a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0140.199] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000143720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0140.199] SetEvent (hEvent=0x354) returned 1 [0140.199] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.626] SetEvent (hEvent=0x324) returned 1 [0140.626] SetEvent (hEvent=0x3c8) returned 1 [0140.626] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.631] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.631] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0140.631] SetEvent (hEvent=0xec) returned 1 [0140.631] SetEvent (hEvent=0x30c) returned 1 [0140.631] SetEvent (hEvent=0x354) returned 1 [0140.632] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.677] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.677] SetEvent (hEvent=0x354) returned 1 [0140.677] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.699] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.699] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.700] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0140.700] SetEvent (hEvent=0xc0) returned 1 [0140.700] SetEvent (hEvent=0x324) returned 1 [0140.700] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.726] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0140.726] SetEvent (hEvent=0x354) returned 1 [0140.726] SetEvent (hEvent=0x39c) returned 1 [0140.726] SetEvent (hEvent=0x30c) returned 1 [0140.729] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.731] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.731] SetEvent (hEvent=0x30c) returned 1 [0140.731] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.742] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.742] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.743] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.743] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0140.743] SetEvent (hEvent=0xc0) returned 1 [0140.743] SetEvent (hEvent=0x354) returned 1 [0140.743] SetEvent (hEvent=0xfc) returned 1 [0140.743] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.761] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.761] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.762] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0140.762] SetEvent (hEvent=0xc0) returned 1 [0140.762] SetEvent (hEvent=0x324) returned 1 [0140.762] SetEvent (hEvent=0xfc) returned 1 [0140.763] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.766] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.774] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0140.774] SetEvent (hEvent=0x30c) returned 1 [0140.774] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.780] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.780] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe30*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.781] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.781] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f698, ulCount=0x10, ulNumEntriesRemoved=0x28d0f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f698, ulNumEntriesRemoved=0x28d0f66c) returned 0 [0140.781] SetEvent (hEvent=0xc0) returned 1 [0140.781] SetEvent (hEvent=0x324) returned 1 [0140.782] SetEvent (hEvent=0xfc) returned 1 [0140.782] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.784] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe08*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.785] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28d0f6a0, ulCount=0x10, ulNumEntriesRemoved=0x28d0f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28d0f6a0, ulNumEntriesRemoved=0x28d0f674) returned 0 [0140.785] SetEvent (hEvent=0xfc) returned 1 [0140.785] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28d0fe18*=0x12c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.794] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0140.795] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0140.795] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0140.796] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00027bcf4 | out: lpMode=0xc00027bcf4) returned 0 [0140.804] GetFileType (hFile=0x240) returned 0x1 [0140.804] GetFileType (hFile=0x240) returned 0x1 [0140.804] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc00027bd44 | out: lpFileInformation=0xc00027bd44) returned 1 [0140.804] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc00027bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027bd28) returned 1 [0140.804] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0140.805] ReadFile (in: hFile=0x240, lpBuffer=0xc00005a000, nNumberOfBytesToRead=0x427, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesRead=0xc00027bc04*=0x227, lpOverlapped=0x0) returned 1 [0140.806] ReadFile (in: hFile=0x240, lpBuffer=0xc00005a227, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a227*, lpNumberOfBytesRead=0xc00027bc04*=0x0, lpOverlapped=0x0) returned 1 [0140.806] CloseHandle (hObject=0x240) returned 1 [0140.806] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0140.806] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0140.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0140.808] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00027bd04 | out: lpMode=0xc00027bd04) returned 0 [0140.812] GetFileType (hFile=0x240) returned 0x1 [0140.812] WriteFile (in: hFile=0x240, lpBuffer=0xc000041200*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0xc00027bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000041200*, lpNumberOfBytesWritten=0xc00027bcec*=0x230, lpOverlapped=0x0) returned 1 [0140.812] CloseHandle (hObject=0x240) returned 1 [0140.813] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0140.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0140.813] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00027bd64 | out: lpMode=0xc00027bd64) returned 0 [0140.816] GetFileType (hFile=0x240) returned 0x1 [0140.816] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0140.816] WriteFile (in: hFile=0x240, lpBuffer=0xc0000b6000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesWritten=0xc00027bd4c*=0x158, lpOverlapped=0x0) returned 1 [0140.817] CloseHandle (hObject=0x240) returned 1 [0140.817] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\encry-5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\encry-5p5nrgjn0js_halpmcxz@adobe[3].txt"), dwFlags=0x1) returned 1 [0140.819] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.823] SetEvent (hEvent=0x324) returned 1 [0140.823] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.825] SetEvent (hEvent=0xfc) returned 1 [0140.825] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.828] SwitchToThread () returned 1 [0140.832] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.837] SetEvent (hEvent=0x324) returned 1 [0140.837] SetEvent (hEvent=0x30c) returned 1 [0140.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc0001a35c8 | out: lpFileInformation=0xc0001a35c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1dcf9270, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1dcf9270, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1dcf9270, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x56)) returned 1 [0140.838] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt"), fInfoLevelId=0x0, lpFileInformation=0xc0001a35c8 | out: lpFileInformation=0xc0001a35c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1e5e64f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e5e64f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1e5e64f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x19e)) returned 1 [0140.838] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low"), fInfoLevelId=0x0, lpFileInformation=0xc0001a35c8 | out: lpFileInformation=0xc0001a35c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52878dd0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.842] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.846] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.846] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\*", lpFindFileData=0xc0001a3380 | out: lpFindFileData=0xc0001a3380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52878dd0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.851] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001a33b0 | out: lpFindFileData=0xc0001a33b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52878dd0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.875] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.884] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.885] SetEvent (hEvent=0x3c8) returned 1 [0140.885] SetEvent (hEvent=0x324) returned 1 [0140.885] VirtualFree (lpAddress=0xc00010e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.886] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.886] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.886] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.887] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.887] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.887] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.887] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.888] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0140.888] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0140.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0140.890] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00026dcf4 | out: lpMode=0xc00026dcf4) returned 0 [0140.891] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.893] GetFileType (hFile=0x384) returned 0x1 [0140.893] GetFileType (hFile=0x384) returned 0x1 [0140.893] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc00026dd44 | out: lpFileInformation=0xc00026dd44) returned 1 [0140.893] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc00026dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026dd28) returned 1 [0140.893] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0140.897] ReadFile (in: hFile=0x384, lpBuffer=0xc00011e000, nNumberOfBytesToRead=0x314, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011e000*, lpNumberOfBytesRead=0xc00026dc04*=0x114, lpOverlapped=0x0) returned 1 [0140.898] ReadFile (in: hFile=0x384, lpBuffer=0xc00011e114, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011e114*, lpNumberOfBytesRead=0xc00026dc04*=0x0, lpOverlapped=0x0) returned 1 [0140.898] CloseHandle (hObject=0x384) returned 1 [0140.898] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0140.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0140.900] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00026dd04 | out: lpMode=0xc00026dd04) returned 0 [0140.903] GetFileType (hFile=0x384) returned 0x1 [0140.903] WriteFile (in: hFile=0x384, lpBuffer=0xc000094120*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc00026dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000094120*, lpNumberOfBytesWritten=0xc00026dcec*=0x120, lpOverlapped=0x0) returned 1 [0140.904] CloseHandle (hObject=0x384) returned 1 [0140.904] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0140.904] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0140.905] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0140.905] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0140.905] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00026dd64 | out: lpMode=0xc00026dd64) returned 0 [0140.906] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.919] GetFileType (hFile=0x384) returned 0x1 [0140.919] WriteFile (in: hFile=0x384, lpBuffer=0xc000036000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesWritten=0xc00026dd4c*=0x158, lpOverlapped=0x0) returned 1 [0140.919] CloseHandle (hObject=0x384) returned 1 [0140.920] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\encry-5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\encry-5p5nrgjn0js_halpmcxz@google[2].txt"), dwFlags=0x1) returned 1 [0140.921] SwitchToThread () returned 1 [0140.923] SetEvent (hEvent=0x3c8) returned 1 [0140.923] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.924] SetEvent (hEvent=0xec) returned 1 [0140.924] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.925] SwitchToThread () returned 1 [0140.929] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.933] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.935] SetEvent (hEvent=0x3c8) returned 1 [0140.935] SetEvent (hEvent=0x30c) returned 1 [0140.935] VirtualFree (lpAddress=0xc0001b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.935] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.936] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0140.936] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.937] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.937] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.937] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.938] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.938] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.938] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.939] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.939] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.939] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.940] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.940] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.941] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.941] SwitchToThread () returned 1 [0140.942] SetEvent (hEvent=0x3c8) returned 1 [0140.942] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0140.976] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0140.977] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0140.977] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0140.978] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0140.978] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0140.979] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0140.979] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0004ddcf4 | out: lpMode=0xc0004ddcf4) returned 0 [0141.000] GetFileType (hFile=0x240) returned 0x1 [0141.001] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0141.001] GetFileType (hFile=0x240) returned 0x1 [0141.001] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc0004ddd44 | out: lpFileInformation=0xc0004ddd44) returned 1 [0141.001] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc0004ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004ddd28) returned 1 [0141.001] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0141.002] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0141.003] ReadFile (in: hFile=0x240, lpBuffer=0xc000120000, nNumberOfBytesToRead=0x442, lpNumberOfBytesRead=0xc0004ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesRead=0xc0004ddc04*=0x242, lpOverlapped=0x0) returned 1 [0141.038] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0141.134] ReadFile (in: hFile=0x240, lpBuffer=0xc000120242, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000120242*, lpNumberOfBytesRead=0xc0004ddc04*=0x0, lpOverlapped=0x0) returned 1 [0141.134] CloseHandle (hObject=0x240) returned 1 [0141.134] SetEvent (hEvent=0x39c) returned 1 [0141.134] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0141.466] VirtualFree (lpAddress=0xc00047e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.466] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.467] VirtualFree (lpAddress=0xc0003f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.467] VirtualFree (lpAddress=0xc0003c8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.467] VirtualFree (lpAddress=0xc000302000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0141.468] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.468] VirtualFree (lpAddress=0xc00029a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.469] VirtualFree (lpAddress=0xc000292000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0141.469] VirtualFree (lpAddress=0xc00028e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.470] VirtualFree (lpAddress=0xc000280000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0141.470] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.471] VirtualFree (lpAddress=0xc000232000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0141.471] VirtualFree (lpAddress=0xc000224000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0141.472] VirtualFree (lpAddress=0xc000220000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.472] VirtualFree (lpAddress=0xc000212000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0141.473] VirtualFree (lpAddress=0xc000208000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.473] VirtualFree (lpAddress=0xc000202000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0141.474] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.474] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0141.474] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0141.475] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.475] VirtualFree (lpAddress=0xc000180000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0141.476] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0141.476] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.476] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.476] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.477] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.477] VirtualFree (lpAddress=0xc000110000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0141.477] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.478] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.478] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0141.478] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.479] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.479] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0141.479] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.480] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.480] VirtualFree (lpAddress=0xc000076000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0141.480] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.481] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0141.481] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0141.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zxXR.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zxxr.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x22c [0141.482] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc00049fcf4 | out: lpMode=0xc00049fcf4) returned 0 [0141.484] GetFileType (hFile=0x22c) returned 0x1 [0141.484] GetFileType (hFile=0x22c) returned 0x1 [0141.484] GetFileInformationByHandle (in: hFile=0x22c, lpFileInformation=0xc00049fd44 | out: lpFileInformation=0xc00049fd44) returned 1 [0141.484] GetFileInformationByHandleEx (in: hFile=0x22c, FileInformationClass=0x9, lpFileInformation=0xc00049fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00049fd28) returned 1 [0141.484] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0141.485] ReadFile (in: hFile=0x22c, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0xfd6, lpNumberOfBytesRead=0xc00049fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc00049fc04*=0xdd6, lpOverlapped=0x0) returned 1 [0142.478] ReadFile (in: hFile=0x22c, lpBuffer=0xc00025add6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00049fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00025add6*, lpNumberOfBytesRead=0xc00049fc04*=0x0, lpOverlapped=0x0) returned 1 [0142.478] CloseHandle (hObject=0x22c) returned 1 [0142.479] VirtualAlloc (lpAddress=0xc00061a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00061a000 [0142.480] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zxXR.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zxxr.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x22c [0142.481] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc00049fd04 | out: lpMode=0xc00049fd04) returned 0 [0142.512] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0143.044] GetFileType (hFile=0x22c) returned 0x1 [0143.045] WriteFile (in: hFile=0x22c, lpBuffer=0xc00061a000*, nNumberOfBytesToWrite=0xde0, lpNumberOfBytesWritten=0xc00049fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00061a000*, lpNumberOfBytesWritten=0xc00049fcec*=0xde0, lpOverlapped=0x0) returned 1 [0143.046] CloseHandle (hObject=0x22c) returned 1 [0143.046] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0143.046] VirtualAlloc (lpAddress=0xc0006a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006a6000 [0143.047] VirtualAlloc (lpAddress=0xc0006a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006a8000 [0143.049] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zxXR.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zxxr.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x22c [0143.049] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc00049fd64 | out: lpMode=0xc00049fd64) returned 0 [0143.053] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0144.345] GetFileType (hFile=0x22c) returned 0x1 [0144.345] WriteFile (in: hFile=0x22c, lpBuffer=0xc00007ec60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00049fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007ec60*, lpNumberOfBytesWritten=0xc00049fd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.345] CloseHandle (hObject=0x22c) returned 1 [0144.345] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zxXR.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zxxr.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-zxXR.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-zxxr.lnk"), dwFlags=0x1) returned 1 [0144.347] SetEvent (hEvent=0x3c4) returned 1 [0144.347] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) returned 0x0 [0144.356] SetEvent (hEvent=0x3dc) returned 1 [0144.356] WaitForSingleObject (hHandle=0x12c, dwMilliseconds=0xffffffff) Thread: id = 19 os_tid = 0x814 [0089.956] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x28fcfea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x28fcfea0*=0xf0) returned 1 [0089.956] VirtualQuery (in: lpAddress=0x28fcfec0, lpBuffer=0x28fcfec0, dwLength=0x30 | out: lpBuffer=0x28fcfec0*(BaseAddress=0x28fcf000, AllocationBase=0x28dd0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0089.956] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0089.956] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000c7cf4 | out: lpMode=0xc0000c7cf4) returned 0 [0089.959] GetFileType (hFile=0x128) returned 0x1 [0089.959] GetFileType (hFile=0x128) returned 0x1 [0089.959] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0000c7d44 | out: lpFileInformation=0xc0000c7d44) returned 1 [0089.959] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0000c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c7d28) returned 1 [0089.960] ReadFile (in: hFile=0x128, lpBuffer=0xc0000ea000, nNumberOfBytesToRead=0x104a0, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea000*, lpNumberOfBytesRead=0xc0000c7c04*=0x102a0, lpOverlapped=0x0) returned 1 [0089.963] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x13c [0089.963] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x140 [0089.963] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0089.965] ReadFile (in: hFile=0x128, lpBuffer=0xc0000fa2a0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa2a0*, lpNumberOfBytesRead=0xc0000c7c04*=0x0, lpOverlapped=0x0) returned 1 [0089.965] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0090.013] CloseHandle (hObject=0x128) returned 1 [0090.013] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0090.014] VirtualAlloc (lpAddress=0xc000544000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000544000 [0090.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0090.017] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000c7d04 | out: lpMode=0xc0000c7d04) returned 0 [0090.027] GetFileType (hFile=0x128) returned 0x1 [0090.027] WriteFile (in: hFile=0x128, lpBuffer=0xc000544000*, nNumberOfBytesToWrite=0x102b0, lpNumberOfBytesWritten=0xc0000c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000544000*, lpNumberOfBytesWritten=0xc0000c7cec*=0x102b0, lpOverlapped=0x0) returned 1 [0090.029] CloseHandle (hObject=0x128) returned 1 [0090.032] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0090.033] VirtualAlloc (lpAddress=0xc000556000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000556000 [0090.033] VirtualAlloc (lpAddress=0xc000558000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000558000 [0090.034] VirtualAlloc (lpAddress=0xc00055a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00055a000 [0090.034] VirtualAlloc (lpAddress=0xc00055c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00055c000 [0090.034] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0090.035] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000c7d64 | out: lpMode=0xc0000c7d64) returned 0 [0090.046] GetFileType (hFile=0x128) returned 0x1 [0090.046] WriteFile (in: hFile=0x128, lpBuffer=0xc00055c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00055c2c0*, lpNumberOfBytesWritten=0xc0000c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0090.046] CloseHandle (hObject=0x128) returned 1 [0090.048] VirtualAlloc (lpAddress=0xc000562000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000562000 [0090.049] VirtualAlloc (lpAddress=0xc000564000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000564000 [0090.049] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\wscrgb.icc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Color\\Profiles\\encry-wscRGB.icc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\color\\profiles\\encry-wscrgb.icc"), dwFlags=0x1) returned 1 [0090.050] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.051] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0090.051] SetEvent (hEvent=0xc0) returned 1 [0090.051] SetEvent (hEvent=0x9c) returned 1 [0090.051] SetEvent (hEvent=0x12c) returned 1 [0090.051] SetEvent (hEvent=0x108) returned 1 [0090.052] VirtualAlloc (lpAddress=0xc000566000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000566000 [0090.053] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.058] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.059] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0090.059] SetEvent (hEvent=0x114) returned 1 [0090.059] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.070] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.070] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0090.070] SetEvent (hEvent=0xc0) returned 1 [0090.070] SetEvent (hEvent=0x8c) returned 1 [0090.070] SetEvent (hEvent=0x120) returned 1 [0090.071] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.079] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.081] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0090.081] SetEvent (hEvent=0x114) returned 1 [0090.081] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.085] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.085] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0090.085] SetEvent (hEvent=0xc0) returned 1 [0090.085] SetEvent (hEvent=0x8c) returned 1 [0090.086] SetEvent (hEvent=0x120) returned 1 [0090.086] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.089] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.089] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0090.090] SetEvent (hEvent=0x8c) returned 1 [0090.090] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0090.096] VirtualAlloc (lpAddress=0xc00056e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00056e000 [0090.096] VirtualAlloc (lpAddress=0xc000570000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000570000 [0090.097] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\GoogleUpdateSetup.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715\\googleupdatesetup.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf8 [0090.097] GetConsoleMode (in: hConsoleHandle=0xf8, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0090.223] SwitchToThread () returned 1 [0090.224] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0090.241] SetEvent (hEvent=0x114) returned 1 [0090.241] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0090.241] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000045cf4 | out: lpMode=0xc000045cf4) returned 0 [0090.254] GetFileType (hFile=0xec) returned 0x1 [0090.255] GetFileType (hFile=0xec) returned 0x1 [0090.255] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000045d44 | out: lpFileInformation=0xc000045d44) returned 1 [0090.255] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000045d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000045d28) returned 1 [0090.255] ReadFile (in: hFile=0xec, lpBuffer=0xc000064000, nNumberOfBytesToRead=0x130a5, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc000064000*, lpNumberOfBytesRead=0xc000045c04*=0x12ea5, lpOverlapped=0x0) returned 1 [0090.276] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0090.277] SetEvent (hEvent=0xc0) returned 1 [0090.277] SetEvent (hEvent=0x120) returned 1 [0090.277] ReadFile (in: hFile=0xec, lpBuffer=0xc000076ea5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc000076ea5*, lpNumberOfBytesRead=0xc000045c04*=0x0, lpOverlapped=0x0) returned 1 [0090.277] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0090.286] CloseHandle (hObject=0xec) returned 1 [0090.286] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0090.286] VirtualAlloc (lpAddress=0xc000136000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000136000 [0090.289] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0090.289] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0090.291] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000045d04 | out: lpMode=0xc000045d04) returned 0 [0090.322] GetFileType (hFile=0xec) returned 0x1 [0090.322] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0090.322] WriteFile (in: hFile=0xec, lpBuffer=0xc000136000*, nNumberOfBytesToWrite=0x12eb0, lpNumberOfBytesWritten=0xc000045cec, lpOverlapped=0x0 | out: lpBuffer=0xc000136000*, lpNumberOfBytesWritten=0xc000045cec*=0x12eb0, lpOverlapped=0x0) returned 1 [0090.326] CloseHandle (hObject=0xec) returned 1 [0090.328] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0090.328] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0090.329] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0090.329] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0090.329] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0090.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0090.330] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000045d64 | out: lpMode=0xc000045d64) returned 0 [0090.335] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0090.337] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0090.352] SwitchToThread () returned 1 [0090.356] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0090.356] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0090.357] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0090.357] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0090.357] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00010dcf4 | out: lpMode=0xc00010dcf4) returned 0 [0090.363] GetFileType (hFile=0x128) returned 0x1 [0090.363] GetFileType (hFile=0x128) returned 0x1 [0090.363] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00010dd44 | out: lpFileInformation=0xc00010dd44) returned 1 [0090.363] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00010dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010dd28) returned 1 [0090.364] VirtualAlloc (lpAddress=0xc000136000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000136000 [0090.365] ReadFile (in: hFile=0x128, lpBuffer=0xc000136000, nNumberOfBytesToRead=0x374b, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000136000*, lpNumberOfBytesRead=0xc00010dc04*=0x354b, lpOverlapped=0x0) returned 1 [0090.422] ReadFile (in: hFile=0x128, lpBuffer=0xc00013954b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00013954b*, lpNumberOfBytesRead=0xc00010dc04*=0x0, lpOverlapped=0x0) returned 1 [0090.423] CloseHandle (hObject=0x128) returned 1 [0090.423] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0090.424] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00010dd04 | out: lpMode=0xc00010dd04) returned 0 [0090.438] GetFileType (hFile=0x128) returned 0x1 [0090.438] WriteFile (in: hFile=0x128, lpBuffer=0xc000139800*, nNumberOfBytesToWrite=0x3550, lpNumberOfBytesWritten=0xc00010dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000139800*, lpNumberOfBytesWritten=0xc00010dcec*=0x3550, lpOverlapped=0x0) returned 1 [0090.439] CloseHandle (hObject=0x128) returned 1 [0090.457] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0090.457] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0090.458] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0090.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\clic...exe_baa8013a79450f71_0001.0003_none_855491bb37a51715.manifest"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0090.458] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00010dd64 | out: lpMode=0xc00010dd64) returned 0 [0090.478] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0090.596] SwitchToThread () returned 1 [0090.708] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0090.734] GetFileType (hFile=0xec) returned 0x1 [0090.734] WriteFile (in: hFile=0xec, lpBuffer=0xc000060000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000045d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesWritten=0xc000045d4c*=0x158, lpOverlapped=0x0) returned 1 [0090.735] CloseHandle (hObject=0xec) returned 1 [0090.736] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0090.737] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\usercache.bin"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Adobe\\Acrobat\\10.0\\encry-UserCache.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\adobe\\acrobat\\10.0\\encry-usercache.bin"), dwFlags=0x1) returned 1 [0090.738] VirtualAlloc (lpAddress=0xc000134000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000134000 [0090.739] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0090.739] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0090.747] GetFileType (hFile=0xec) returned 0x1 [0090.747] GetFileType (hFile=0xec) returned 0x1 [0090.747] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0090.747] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0090.747] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0090.748] ReadFile (in: hFile=0xec, lpBuffer=0xc000144000, nNumberOfBytesToRead=0x3ab0, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc000144000*, lpNumberOfBytesRead=0xc000117c04*=0x38b0, lpOverlapped=0x0) returned 1 [0090.772] ReadFile (in: hFile=0xec, lpBuffer=0xc0001478b0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001478b0*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0090.772] CloseHandle (hObject=0xec) returned 1 [0090.772] SwitchToThread () returned 1 [0090.773] SetEvent (hEvent=0x12c) returned 1 [0090.773] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0090.870] SetEvent (hEvent=0xb8) returned 1 [0090.870] SetEvent (hEvent=0x120) returned 1 [0090.870] SetEvent (hEvent=0x12c) returned 1 [0090.870] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0090.873] SetEvent (hEvent=0xb8) returned 1 [0090.873] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0090.958] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0091.023] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x28fcf920, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x28fcf920*=0x128) returned 1 [0091.023] SuspendThread (hThread=0x128) returned 0x0 [0091.023] GetThreadContext (in: hThread=0x128, lpContext=0x28fcf930 | out: lpContext=0x28fcf930*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0091.030] ResumeThread (hThread=0x128) returned 0x1 [0091.031] CloseHandle (hObject=0x128) returned 1 [0091.031] SwitchToThread () returned 1 [0091.055] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0091.055] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\metadata"), fInfoLevelId=0x0, lpFileInformation=0xc0000794f0 | out: lpFileInformation=0xc0000794f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f5beda0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0091.056] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\reports"), fInfoLevelId=0x0, lpFileInformation=0xc0000794f0 | out: lpFileInformation=0xc0000794f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0091.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\reports"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0091.059] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*", lpFindFileData=0xc0000792a8 | out: lpFindFileData=0xc0000792a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0091.059] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000792d8 | out: lpFindFileData=0xc0000792d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.059] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000792d8 | out: lpFindFileData=0xc0000792d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0091.059] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0091.059] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\crashpad\\settings.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0000794f0 | out: lpFileInformation=0xc0000794f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a6374a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x28)) returned 1 [0091.060] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default"), fInfoLevelId=0x0, lpFileInformation=0xc0000795c8 | out: lpFileInformation=0xc0000795c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0091.060] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0091.060] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*", lpFindFileData=0xc000079380 | out: lpFindFileData=0xc000079380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0091.070] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.097] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0091.098] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0091.098] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d406e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d406e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d1e730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0091.098] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d66840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d66840, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d44890, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies-journal", cAlternateFileName="COOKIE~1")) returned 1 [0091.098] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83b08a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83b08a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0b57b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Current Session", cAlternateFileName="CURREN~1")) returned 1 [0091.098] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c3b6860, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c3b6860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c3b8f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x126, dwReserved0=0x0, dwReserved1=0x0, cFileName="Current Tabs", cAlternateFileName="CURREN~2")) returned 1 [0091.098] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_reduction_proxy_leveldb", cAlternateFileName="DATA_R~1")) returned 1 [0091.098] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extension Rules", cAlternateFileName="EXTENS~3")) returned 1 [0091.098] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extension State", cAlternateFileName="EXTENS~2")) returned 1 [0091.098] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extensions", cAlternateFileName="EXTENS~1")) returned 1 [0091.098] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cce2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80cce2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80db2b00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favicons", cAlternateFileName="")) returned 1 [0091.098] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cce2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80cce2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80e97340, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favicons-journal", cAlternateFileName="FAVICO~1")) returned 1 [0091.098] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81c321d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81c321d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81c58330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b2e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Profile.ico", cAlternateFileName="GOOGLE~1.ICO")) returned 1 [0091.098] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802fc800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802fc800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87f47590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x19000, dwReserved0=0x0, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0091.098] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824d3190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824d3190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c3b6860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x142f, dwReserved0=0x0, dwReserved1=0x0, cFileName="History Provider Cache", cAlternateFileName="HISTOR~2")) returned 1 [0091.098] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802fc800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802fc800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x87f6d6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="History-journal", cAlternateFileName="HISTOR~1")) returned 1 [0091.098] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x96ec4eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JumpListIcons", cAlternateFileName="JUMPLI~2")) returned 1 [0091.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85096390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85096390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JumpListIconsOld", cAlternateFileName="JUMPLI~1")) returned 1 [0091.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8642cdf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8642cdf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8642cdf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local Extension Settings", cAlternateFileName="LOCALE~1")) returned 1 [0091.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83ede170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x90191d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x90191d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local Storage", cAlternateFileName="LOCALS~1")) returned 1 [0091.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80fc7e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80fc7e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8124f5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4800, dwReserved0=0x0, dwReserved1=0x0, cFileName="Login Data", cAlternateFileName="LOGIND~1")) returned 1 [0091.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80fc7e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80fc7e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8129b860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Login Data-journal", cAlternateFileName="LOGIND~2")) returned 1 [0091.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82330270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82330270, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x825f0410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Action Predictor", cAlternateFileName="NETWOR~1")) returned 1 [0091.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82330270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82330270, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8262ad90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Action Predictor-journal", cAlternateFileName="NETWOR~2")) returned 1 [0091.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86263d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86263d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86263d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Persistent State", cAlternateFileName="NETWOR~3")) returned 1 [0091.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81d16a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81d16a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x94034050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Origin Bound Certs", cAlternateFileName="ORIGIN~1")) returned 1 [0091.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81d16a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81d16a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9405a1b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Origin Bound Certs-journal", cAlternateFileName="ORIGIN~2")) returned 1 [0091.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c43f3e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c446910, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferences", cAlternateFileName="PREFER~1")) returned 1 [0091.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f8dea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f8dea80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8129b860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="previews_opt_out.db", cAlternateFileName="PREVIE~1.DB")) returned 1 [0091.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x804795c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x804795c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x812c19c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="previews_opt_out.db-journal", cAlternateFileName="PREVIE~1.DB-")) returned 1 [0091.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x869fc2d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="QuotaManager", cAlternateFileName="QUOTAM~1")) returned 1 [0091.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="QuotaManager-journal", cAlternateFileName="QUOTAM~2")) returned 1 [0091.139] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f846500, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f846500, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="README", cAlternateFileName="")) returned 1 [0091.139] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c3f38f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c404a60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8b43, dwReserved0=0x0, dwReserved1=0x0, cFileName="Secure Preferences", cAlternateFileName="SECURE~1")) returned 1 [0091.139] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8218d350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8218d350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82271b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shortcuts", cAlternateFileName="SHORTC~1")) returned 1 [0091.139] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8218d350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8218d350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x822e3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shortcuts-journal", cAlternateFileName="SHORTC~2")) returned 1 [0091.139] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84251e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84251e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sync Extension Settings", cAlternateFileName="SYNCEX~1")) returned 1 [0091.139] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d66840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d66840, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8195e7b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Top Sites", cAlternateFileName="TOPSIT~1")) returned 1 [0091.139] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d8c9a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d8c9a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81984910, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Top Sites-journal", cAlternateFileName="TOPSIT~2")) returned 1 [0091.139] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88c2e920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x88c2e920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x88c2e920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x278, dwReserved0=0x0, dwReserved1=0x0, cFileName="TransportSecurity", cAlternateFileName="TRANSP~1")) returned 1 [0091.139] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80ee3600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80ee3600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6cde50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Visited Links", cAlternateFileName="VISITE~1")) returned 1 [0091.139] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x868593b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x868593b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Applications", cAlternateFileName="WEBAPP~1")) returned 1 [0091.139] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d370c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Data", cAlternateFileName="WEBDAT~1")) returned 1 [0091.139] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d608d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Data-journal", cAlternateFileName="WEBDAT~2")) returned 1 [0091.139] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000793b0 | out: lpFindFileData=0xc0000793b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0091.139] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0091.140] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0091.141] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0091.141] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache"), fInfoLevelId=0x0, lpFileInformation=0xc0000794f0 | out: lpFileInformation=0xc0000794f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0091.159] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0091.159] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0091.159] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0091.160] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*", lpFindFileData=0xc0000792a8 | out: lpFindFileData=0xc0000792a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0091.160] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000792d8 | out: lpFindFileData=0xc0000792d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0091.160] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000792d8 | out: lpFindFileData=0xc0000792d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_0", cAlternateFileName="")) returned 1 [0091.160] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0091.160] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000792d8 | out: lpFindFileData=0xc0000792d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_1", cAlternateFileName="")) returned 1 [0091.160] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000792d8 | out: lpFindFileData=0xc0000792d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_2", cAlternateFileName="")) returned 1 [0091.160] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000792d8 | out: lpFindFileData=0xc0000792d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x402000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_3", cAlternateFileName="")) returned 1 [0091.160] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000792d8 | out: lpFindFileData=0xc0000792d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x80170, dwReserved0=0x0, dwReserved1=0x0, cFileName="index", cAlternateFileName="")) returned 1 [0091.160] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc0000792d8 | out: lpFindFileData=0xc0000792d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0091.160] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0091.160] VirtualAlloc (lpAddress=0xc000122000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000122000 [0091.161] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0091.161] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0"), fInfoLevelId=0x0, lpFileInformation=0xc000079418 | out: lpFileInformation=0xc000079418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb000)) returned 1 [0091.163] VirtualAlloc (lpAddress=0xc000062000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000062000 [0091.164] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0091.165] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0091.165] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1"), fInfoLevelId=0x0, lpFileInformation=0xc000079418 | out: lpFileInformation=0xc000079418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42000)) returned 1 [0091.165] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2"), fInfoLevelId=0x0, lpFileInformation=0xc000079418 | out: lpFileInformation=0xc000079418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0091.166] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_3"), fInfoLevelId=0x0, lpFileInformation=0xc000079418 | out: lpFileInformation=0xc000079418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x402000)) returned 1 [0091.167] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\index"), fInfoLevelId=0x0, lpFileInformation=0xc000079418 | out: lpFileInformation=0xc000079418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x80170)) returned 1 [0091.168] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies"), fInfoLevelId=0x0, lpFileInformation=0xc0000794f0 | out: lpFileInformation=0xc0000794f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d406e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d406e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d1e730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00)) returned 1 [0091.179] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies-journal"), fInfoLevelId=0x0, lpFileInformation=0xc0000794f0 | out: lpFileInformation=0xc0000794f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d66840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d66840, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d44890, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0091.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\current session"), fInfoLevelId=0x0, lpFileInformation=0xc0000794f0 | out: lpFileInformation=0xc0000794f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83b08a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83b08a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0b57b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d6)) returned 1 [0091.188] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0091.189] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0091.198] SetEvent (hEvent=0x120) returned 1 [0091.198] GetFileType (hFile=0xec) returned 0x1 [0091.198] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0091.199] CloseHandle (hObject=0xec) returned 1 [0091.201] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0091.202] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0091.203] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Apps\\2.0\\DQQ19BCJ.JAX\\YVORLGOR.PNT\\manifests\\encry-goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\apps\\2.0\\dqq19bcj.jax\\yvorlgor.pnt\\manifests\\encry-goog...app_baa8013a79450f71_0001.0003_none_677c9e37069a7e2a.cdf-ms"), dwFlags=0x1) returned 1 [0091.204] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0091.208] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0091.208] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0091.208] SetEvent (hEvent=0xc0) returned 1 [0091.208] SetEvent (hEvent=0x120) returned 1 [0091.208] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0091.210] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.217] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.218] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.219] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0091.219] SetEvent (hEvent=0xb8) returned 1 [0091.219] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0091.220] VirtualAlloc (lpAddress=0xc0000ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ec000 [0091.220] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0091.221] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0091.221] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000115cf4 | out: lpMode=0xc000115cf4) returned 0 [0091.230] GetFileType (hFile=0xec) returned 0x1 [0091.230] GetFileType (hFile=0xec) returned 0x1 [0091.231] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000115d44 | out: lpFileInformation=0xc000115d44) returned 1 [0091.231] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000115d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000115d28) returned 1 [0091.231] VirtualAlloc (lpAddress=0xc00019c000, dwSize=0x44000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019c000 [0091.236] ReadFile (in: hFile=0xec, lpBuffer=0xc00019c000, nNumberOfBytesToRead=0x42200, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc00019c000*, lpNumberOfBytesRead=0xc000115c04*=0x42000, lpOverlapped=0x0) returned 1 [0091.263] ReadFile (in: hFile=0xec, lpBuffer=0xc0001de000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de000*, lpNumberOfBytesRead=0xc000115c04*=0x0, lpOverlapped=0x0) returned 1 [0091.263] CloseHandle (hObject=0xec) returned 1 [0091.263] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0091.263] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0091.264] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0091.264] VirtualAlloc (lpAddress=0xc0001e0000, dwSize=0x44000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e0000 [0091.305] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0091.310] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000115d04 | out: lpMode=0xc000115d04) returned 0 [0091.332] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0091.336] GetFileType (hFile=0xec) returned 0x1 [0091.336] WriteFile (in: hFile=0xec, lpBuffer=0xc0001e0000*, nNumberOfBytesToWrite=0x42010, lpNumberOfBytesWritten=0xc000115cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e0000*, lpNumberOfBytesWritten=0xc000115cec*=0x42010, lpOverlapped=0x0) returned 1 [0091.343] CloseHandle (hObject=0xec) returned 1 [0091.349] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0091.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0091.349] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000115d64 | out: lpMode=0xc000115d64) returned 0 [0091.350] GetFileType (hFile=0xec) returned 0x1 [0091.350] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000115d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000115d4c*=0x158, lpOverlapped=0x0) returned 1 [0091.351] CloseHandle (hObject=0xec) returned 1 [0091.354] VirtualAlloc (lpAddress=0xc000122000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000122000 [0091.354] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0091.355] VirtualAlloc (lpAddress=0xc000148000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000148000 [0091.355] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\encry-data_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\encry-data_1"), dwFlags=0x1) returned 1 [0091.356] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0091.368] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0091.368] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0091.369] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00004bcf4 | out: lpMode=0xc00004bcf4) returned 0 [0091.377] SwitchToThread () returned 1 [0091.478] SetEvent (hEvent=0x12c) returned 1 [0091.478] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0091.610] SetEvent (hEvent=0x120) returned 1 [0091.610] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0091.670] SetEvent (hEvent=0x120) returned 1 [0091.670] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0091.671] SetEvent (hEvent=0x120) returned 1 [0091.671] SetEvent (hEvent=0x108) returned 1 [0091.671] WriteFile (in: hFile=0xf4, lpBuffer=0xc000224000*, nNumberOfBytesToWrite=0x2010, lpNumberOfBytesWritten=0xc000065cec, lpOverlapped=0x0 | out: lpBuffer=0xc000224000*, lpNumberOfBytesWritten=0xc000065cec*=0x2010, lpOverlapped=0x0) returned 1 [0091.672] CloseHandle (hObject=0xf4) returned 1 [0091.675] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0091.675] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0091.675] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0091.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0091.676] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000065d64 | out: lpMode=0xc000065d64) returned 0 [0091.678] GetFileType (hFile=0xf4) returned 0x1 [0091.679] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000065d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000065d4c*=0x158, lpOverlapped=0x0) returned 1 [0091.679] CloseHandle (hObject=0xf4) returned 1 [0091.682] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_2"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\encry-data_2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\encry-data_2"), dwFlags=0x1) returned 1 [0091.703] SwitchToThread () returned 1 [0091.714] SetEvent (hEvent=0x120) returned 1 [0091.714] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0091.715] SetEvent (hEvent=0x12c) returned 1 [0091.715] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0091.764] SwitchToThread () returned 1 [0091.794] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0091.814] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0091.815] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0091.816] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cache\\data_0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0091.816] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000069cf4 | out: lpMode=0xc000069cf4) returned 0 [0091.822] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0091.825] SetEvent (hEvent=0x108) returned 1 [0091.826] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0092.628] SetEvent (hEvent=0x100) returned 1 [0092.628] SwitchToThread () returned 1 [0092.633] SetEvent (hEvent=0x100) returned 1 [0092.634] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0092.635] SetEvent (hEvent=0x108) returned 1 [0092.636] VirtualFree (lpAddress=0xc000c00000, dwSize=0x2f2000, dwFreeType=0x4000) returned 1 [0092.654] VirtualFree (lpAddress=0xc000aee000, dwSize=0x112000, dwFreeType=0x4000) returned 1 [0092.661] VirtualFree (lpAddress=0xc000800000, dwSize=0x2ec000, dwFreeType=0x4000) returned 1 [0092.681] VirtualFree (lpAddress=0xc0006ea000, dwSize=0x116000, dwFreeType=0x4000) returned 1 [0092.688] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.688] VirtualFree (lpAddress=0xc000122000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0092.689] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.689] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.689] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0092.690] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.690] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.690] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0092.690] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.691] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.691] VirtualFree (lpAddress=0xc00005a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0092.691] VirtualFree (lpAddress=0xc00004c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0092.691] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0092.692] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0092.692] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\log"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a)) returned 1 [0092.735] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0092.736] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension rules\\manifest-000001"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29)) returned 1 [0092.758] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0092.759] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0092.759] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0092.760] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extension state"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0092.761] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0092.775] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0092.777] SetEvent (hEvent=0x120) returned 1 [0092.777] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0092.899] SetEvent (hEvent=0x114) returned 1 [0092.899] SetEvent (hEvent=0x120) returned 1 [0092.899] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0092.900] SetEvent (hEvent=0x114) returned 1 [0092.900] SwitchToThread () returned 1 [0092.912] SetEvent (hEvent=0x114) returned 1 [0092.912] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0092.913] SetEvent (hEvent=0x114) returned 1 [0092.913] SetEvent (hEvent=0x120) returned 1 [0092.913] SetEvent (hEvent=0xb8) returned 1 [0092.913] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0092.925] SetEvent (hEvent=0xb8) returned 1 [0092.926] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0092.927] SetEvent (hEvent=0x114) returned 1 [0092.927] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0092.929] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0092.989] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006df818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0006df818*=0x3) returned 1 [0093.003] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00004b818, lpReserved=0x0 | out: lpBuffer=0xc000102018*, lpNumberOfCharsWritten=0xc00004b818*=0x3) returned 1 [0093.016] SwitchToThread () returned 1 [0093.016] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.028] SetEvent (hEvent=0x12c) returned 1 [0093.028] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0093.028] VirtualAlloc (lpAddress=0xc0000f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f4000 [0093.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.029] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0093.029] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*", lpFindFileData=0xc0000751d0 | out: lpFindFileData=0xc0000751d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.029] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.029] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0.9_0", cAlternateFileName="")) returned 1 [0093.029] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.029] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.030] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.039] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*", lpFindFileData=0xc0000750f8 | out: lpFindFileData=0xc0000750f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.048] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.050] SetEvent (hEvent=0xb8) returned 1 [0093.050] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.050] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0093.050] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0093.050] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b74730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0093.050] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.js", cAlternateFileName="")) returned 1 [0093.051] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0093.051] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0093.051] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0093.051] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.051] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.052] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.054] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0093.055] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0093.055] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0093.056] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.056] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_GB", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_US", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es_419", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="he", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0093.062] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ms", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0093.063] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.063] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.064] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.065] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.065] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.066] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.066] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.066] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.066] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.066] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0093.067] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101)) returned 1 [0093.067] SetEvent (hEvent=0x120) returned 1 [0093.067] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.067] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.067] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.068] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.068] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.068] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.068] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110)) returned 1 [0093.071] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.072] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.072] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.072] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.072] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.072] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.072] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.072] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0)) returned 1 [0093.073] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.073] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.073] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.073] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.073] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.073] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.074] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0)) returned 1 [0093.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.082] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.083] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.083] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.083] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.083] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.083] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.083] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0)) returned 1 [0093.083] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0093.084] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.084] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.084] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.085] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.085] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.085] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.085] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.085] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea)) returned 1 [0093.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.098] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857e35d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.099] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0093.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.099] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0093.100] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.100] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0093.100] VirtualAlloc (lpAddress=0xc000132000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000132000 [0093.101] VirtualAlloc (lpAddress=0xc000134000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000134000 [0093.101] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857e35d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112)) returned 1 [0093.103] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.107] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.132] SetEvent (hEvent=0x100) returned 1 [0093.132] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.133] SetEvent (hEvent=0xb8) returned 1 [0093.133] SetEvent (hEvent=0x8c) returned 1 [0093.133] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.216] SetEvent (hEvent=0x114) returned 1 [0093.216] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.221] SetEvent (hEvent=0x8c) returned 1 [0093.221] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.264] SetEvent (hEvent=0x12c) returned 1 [0093.264] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.367] SetEvent (hEvent=0x120) returned 1 [0093.367] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.371] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.395] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.395] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.396] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.396] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.396] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.396] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0093.396] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf)) returned 1 [0093.397] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.397] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.397] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.397] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.397] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.397] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.398] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd)) returned 1 [0093.398] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.409] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.409] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.409] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.409] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.409] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.409] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.409] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6)) returned 1 [0093.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.410] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0093.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.410] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.410] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.410] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.411] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.411] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9)) returned 1 [0093.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.420] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.422] VirtualAlloc (lpAddress=0xc000210000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000210000 [0093.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.422] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.422] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0093.423] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.423] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.423] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.423] VirtualAlloc (lpAddress=0xc000216000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000216000 [0093.423] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.423] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0)) returned 1 [0093.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.424] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.424] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.424] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.424] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.424] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde)) returned 1 [0093.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.426] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.435] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.435] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.436] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.436] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.436] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.436] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.436] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0093.436] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0093.436] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1)) returned 1 [0093.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.437] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0093.437] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0093.437] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0093.437] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x123, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0093.437] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0093.437] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0093.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x123)) returned 1 [0093.438] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0093.443] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.445] SetEvent (hEvent=0x12c) returned 1 [0093.445] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.447] SetEvent (hEvent=0x12c) returned 1 [0093.447] SetEvent (hEvent=0x120) returned 1 [0093.447] VirtualFree (lpAddress=0xc000210000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0093.447] VirtualFree (lpAddress=0xc000208000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0093.448] VirtualFree (lpAddress=0xc000188000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.448] VirtualFree (lpAddress=0xc00015e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.448] VirtualFree (lpAddress=0xc00015a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.448] VirtualFree (lpAddress=0xc000156000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.449] VirtualFree (lpAddress=0xc00014a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.449] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.449] VirtualFree (lpAddress=0xc0000ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.449] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.449] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.450] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.450] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.450] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0093.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x14c [0093.451] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0093.453] GetFileType (hFile=0x14c) returned 0x1 [0093.453] GetFileType (hFile=0x14c) returned 0x1 [0093.453] GetFileInformationByHandle (in: hFile=0x14c, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0093.453] GetFileInformationByHandleEx (in: hFile=0x14c, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0093.453] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0093.454] ReadFile (in: hFile=0x14c, lpBuffer=0xc00021e000, nNumberOfBytesToRead=0x2df, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021e000*, lpNumberOfBytesRead=0xc0006ddc04*=0xdf, lpOverlapped=0x0) returned 1 [0093.455] ReadFile (in: hFile=0x14c, lpBuffer=0xc00021e0df, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021e0df*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0093.455] CloseHandle (hObject=0x14c) returned 1 [0093.455] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0093.456] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0093.460] GetFileType (hFile=0x14c) returned 0x1 [0093.460] WriteFile (in: hFile=0x14c, lpBuffer=0xc00020e1c0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc00020e1c0*, lpNumberOfBytesWritten=0xc0006ddcec*=0xe0, lpOverlapped=0x0) returned 1 [0093.461] CloseHandle (hObject=0x14c) returned 1 [0093.464] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0093.464] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0093.465] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0093.467] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0093.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0093.468] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0093.524] GetFileType (hFile=0x14c) returned 0x1 [0093.524] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0093.524] CloseHandle (hObject=0x14c) returned 1 [0093.525] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.526] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0093.526] SetEvent (hEvent=0xb8) returned 1 [0093.526] SetEvent (hEvent=0x8c) returned 1 [0093.526] VirtualAlloc (lpAddress=0xc000226000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000226000 [0093.528] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.581] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.581] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0093.608] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.608] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0093.608] SetEvent (hEvent=0x12c) returned 1 [0093.608] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.640] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.640] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0093.640] SetEvent (hEvent=0xc0) returned 1 [0093.640] SetEvent (hEvent=0x100) returned 1 [0093.640] SetEvent (hEvent=0x114) returned 1 [0093.641] VirtualAlloc (lpAddress=0xc00022e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00022e000 [0093.642] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.646] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.649] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.649] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0093.649] SetEvent (hEvent=0x12c) returned 1 [0093.649] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0093.649] GetFileType (hFile=0x150) returned 0x1 [0093.649] WriteFile (in: hFile=0x150, lpBuffer=0xc0001621e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00012bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001621e0*, lpNumberOfBytesWritten=0xc00012bcec*=0xf0, lpOverlapped=0x0) returned 1 [0093.650] CloseHandle (hObject=0x150) returned 1 [0093.654] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0093.654] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0093.654] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00012bd64 | out: lpMode=0xc00012bd64) returned 0 [0093.668] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.670] GetFileType (hFile=0x150) returned 0x1 [0093.670] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00012bd4c*=0x158, lpOverlapped=0x0) returned 1 [0093.670] CloseHandle (hObject=0x150) returned 1 [0093.672] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.673] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.677] SetEvent (hEvent=0x120) returned 1 [0093.677] SetEvent (hEvent=0x12c) returned 1 [0093.677] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.729] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.730] SetEvent (hEvent=0x120) returned 1 [0093.731] SwitchToThread () returned 1 [0093.737] SetEvent (hEvent=0x12c) returned 1 [0093.737] SetEvent (hEvent=0x120) returned 1 [0093.737] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.747] SetEvent (hEvent=0x120) returned 1 [0093.747] SetEvent (hEvent=0x100) returned 1 [0093.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0093.747] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000243cf4 | out: lpMode=0xc000243cf4) returned 0 [0093.748] GetFileType (hFile=0x144) returned 0x1 [0093.748] GetFileType (hFile=0x144) returned 0x1 [0093.748] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000243d44 | out: lpFileInformation=0xc000243d44) returned 1 [0093.748] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000243d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000243d28) returned 1 [0093.748] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0093.748] ReadFile (in: hFile=0x144, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0x2d0, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc000243c04*=0xd0, lpOverlapped=0x0) returned 1 [0093.749] ReadFile (in: hFile=0x144, lpBuffer=0xc00006a0d0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a0d0*, lpNumberOfBytesRead=0xc000243c04*=0x0, lpOverlapped=0x0) returned 1 [0093.749] CloseHandle (hObject=0x144) returned 1 [0093.749] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0093.750] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0093.750] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0093.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0093.751] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000243d04 | out: lpMode=0xc000243d04) returned 0 [0093.752] GetFileType (hFile=0x144) returned 0x1 [0093.752] WriteFile (in: hFile=0x144, lpBuffer=0xc00006c000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000243cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesWritten=0xc000243cec*=0xe0, lpOverlapped=0x0) returned 1 [0093.753] CloseHandle (hObject=0x144) returned 1 [0093.756] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0093.756] VirtualAlloc (lpAddress=0xc0001d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d2000 [0093.757] VirtualAlloc (lpAddress=0xc0001d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d4000 [0093.757] VirtualAlloc (lpAddress=0xc0001d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d6000 [0093.757] VirtualAlloc (lpAddress=0xc0001d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d8000 [0093.758] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0093.758] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000243d64 | out: lpMode=0xc000243d64) returned 0 [0093.761] GetFileType (hFile=0x144) returned 0x1 [0093.761] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000243d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000243d4c*=0x158, lpOverlapped=0x0) returned 1 [0093.761] CloseHandle (hObject=0x144) returned 1 [0093.765] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.766] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020b8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004d9818, lpReserved=0x0 | out: lpBuffer=0xc0001020b8*, lpNumberOfCharsWritten=0xc0004d9818*=0x3) returned 1 [0093.768] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.773] SetEvent (hEvent=0x120) returned 1 [0093.773] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.783] SetEvent (hEvent=0x120) returned 1 [0093.783] SetEvent (hEvent=0x100) returned 1 [0093.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0093.783] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00023dcf4 | out: lpMode=0xc00023dcf4) returned 0 [0093.784] GetFileType (hFile=0xf4) returned 0x1 [0093.784] GetFileType (hFile=0xf4) returned 0x1 [0093.784] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc00023dd44 | out: lpFileInformation=0xc00023dd44) returned 1 [0093.784] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc00023dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023dd28) returned 1 [0093.784] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0093.785] ReadFile (in: hFile=0xf4, lpBuffer=0xc00007c000, nNumberOfBytesToRead=0x2ec, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesRead=0xc00023dc04*=0xec, lpOverlapped=0x0) returned 1 [0093.786] ReadFile (in: hFile=0xf4, lpBuffer=0xc00007c0ec, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c0ec*, lpNumberOfBytesRead=0xc00023dc04*=0x0, lpOverlapped=0x0) returned 1 [0093.786] CloseHandle (hObject=0xf4) returned 1 [0093.786] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0093.786] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0093.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0093.788] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00023dd04 | out: lpMode=0xc00023dd04) returned 0 [0093.789] GetFileType (hFile=0xf4) returned 0x1 [0093.789] WriteFile (in: hFile=0xf4, lpBuffer=0xc0002381e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00023dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002381e0*, lpNumberOfBytesWritten=0xc00023dcec*=0xf0, lpOverlapped=0x0) returned 1 [0093.790] CloseHandle (hObject=0xf4) returned 1 [0093.802] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0093.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0093.802] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00023dd64 | out: lpMode=0xc00023dd64) returned 0 [0093.815] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.817] GetFileType (hFile=0xf4) returned 0x1 [0093.817] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00023dd4c*=0x158, lpOverlapped=0x0) returned 1 [0093.817] CloseHandle (hObject=0xf4) returned 1 [0093.835] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\encry-messages.json"), dwFlags=0x1) returned 1 [0093.836] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.869] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0093.869] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0093.870] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0093.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0093.870] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00023fcf4 | out: lpMode=0xc00023fcf4) returned 0 [0093.881] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.884] SetEvent (hEvent=0x100) returned 1 [0093.884] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.907] SetEvent (hEvent=0x8c) returned 1 [0093.907] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.912] SetEvent (hEvent=0x8c) returned 1 [0093.912] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.980] SetEvent (hEvent=0x8c) returned 1 [0093.980] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.981] SetEvent (hEvent=0x8c) returned 1 [0093.981] SetEvent (hEvent=0xb8) returned 1 [0093.981] SetEvent (hEvent=0x100) returned 1 [0093.981] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0093.983] VirtualFree (lpAddress=0xc00025a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.983] VirtualFree (lpAddress=0xc0001ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.983] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0093.984] VirtualFree (lpAddress=0xc0001da000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0093.984] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0093.984] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00024bcf4 | out: lpMode=0xc00024bcf4) returned 0 [0093.989] GetFileType (hFile=0x150) returned 0x1 [0093.989] GetFileType (hFile=0x150) returned 0x1 [0093.989] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00024bd44 | out: lpFileInformation=0xc00024bd44) returned 1 [0093.989] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00024bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024bd28) returned 1 [0093.989] ReadFile (in: hFile=0x150, lpBuffer=0xc0001de300, nNumberOfBytesToRead=0x2d2, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de300*, lpNumberOfBytesRead=0xc00024bc04*=0xd2, lpOverlapped=0x0) returned 1 [0093.991] ReadFile (in: hFile=0x150, lpBuffer=0xc0001de3d2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de3d2*, lpNumberOfBytesRead=0xc00024bc04*=0x0, lpOverlapped=0x0) returned 1 [0093.991] CloseHandle (hObject=0x150) returned 1 [0093.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0093.992] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00024bd04 | out: lpMode=0xc00024bd04) returned 0 [0094.000] GetFileType (hFile=0x150) returned 0x1 [0094.000] WriteFile (in: hFile=0x150, lpBuffer=0xc0001e20e0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00024bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e20e0*, lpNumberOfBytesWritten=0xc00024bcec*=0xe0, lpOverlapped=0x0) returned 1 [0094.001] CloseHandle (hObject=0x150) returned 1 [0094.006] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0094.006] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0094.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0094.006] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00024bd64 | out: lpMode=0xc00024bd64) returned 0 [0094.009] GetFileType (hFile=0x150) returned 0x1 [0094.009] WriteFile (in: hFile=0x150, lpBuffer=0xc0000522c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000522c0*, lpNumberOfBytesWritten=0xc00024bd4c*=0x158, lpOverlapped=0x0) returned 1 [0094.009] CloseHandle (hObject=0x150) returned 1 [0094.016] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.017] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.060] SetEvent (hEvent=0x8c) returned 1 [0094.060] SetEvent (hEvent=0x114) returned 1 [0094.060] SetEvent (hEvent=0x120) returned 1 [0094.060] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.113] SetEvent (hEvent=0x114) returned 1 [0094.113] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.170] SetEvent (hEvent=0x8c) returned 1 [0094.170] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.178] SetEvent (hEvent=0x8c) returned 1 [0094.178] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.178] SetEvent (hEvent=0x120) returned 1 [0094.178] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.182] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.183] SetEvent (hEvent=0x8c) returned 1 [0094.183] SetEvent (hEvent=0x114) returned 1 [0094.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0094.183] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00027bcf4 | out: lpMode=0xc00027bcf4) returned 0 [0094.184] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.187] SetEvent (hEvent=0x8c) returned 1 [0094.187] GetFileType (hFile=0x148) returned 0x1 [0094.187] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.188] GetFileType (hFile=0x148) returned 0x1 [0094.188] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc00027bd44 | out: lpFileInformation=0xc00027bd44) returned 1 [0094.189] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc00027bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027bd28) returned 1 [0094.189] ReadFile (in: hFile=0x148, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x2e2, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc00027bc04*=0xe2, lpOverlapped=0x0) returned 1 [0094.189] ReadFile (in: hFile=0x148, lpBuffer=0xc00006c0e2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c0e2*, lpNumberOfBytesRead=0xc00027bc04*=0x0, lpOverlapped=0x0) returned 1 [0094.190] CloseHandle (hObject=0x148) returned 1 [0094.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0094.191] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00027bd04 | out: lpMode=0xc00027bd04) returned 0 [0094.196] GetFileType (hFile=0x148) returned 0x1 [0094.196] WriteFile (in: hFile=0x148, lpBuffer=0xc0000501e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00027bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000501e0*, lpNumberOfBytesWritten=0xc00027bcec*=0xf0, lpOverlapped=0x0) returned 1 [0094.197] CloseHandle (hObject=0x148) returned 1 [0094.201] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0094.201] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0094.202] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0094.202] VirtualAlloc (lpAddress=0xc0000f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f4000 [0094.203] VirtualAlloc (lpAddress=0xc0000f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f6000 [0094.203] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0094.203] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00027bd64 | out: lpMode=0xc00027bd64) returned 0 [0094.222] GetFileType (hFile=0x148) returned 0x1 [0094.222] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00027bd4c*=0x158, lpOverlapped=0x0) returned 1 [0094.222] CloseHandle (hObject=0x148) returned 1 [0094.227] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.228] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.229] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0094.229] SetEvent (hEvent=0xc0) returned 1 [0094.229] SetEvent (hEvent=0xb8) returned 1 [0094.229] SetEvent (hEvent=0x114) returned 1 [0094.230] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.236] SetEvent (hEvent=0x114) returned 1 [0094.236] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.237] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.237] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0094.237] SetEvent (hEvent=0x100) returned 1 [0094.237] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0094.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0094.238] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000045cf4 | out: lpMode=0xc000045cf4) returned 0 [0094.251] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.253] GetFileType (hFile=0x148) returned 0x1 [0094.253] GetFileType (hFile=0x148) returned 0x1 [0094.253] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000045d44 | out: lpFileInformation=0xc000045d44) returned 1 [0094.253] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000045d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000045d28) returned 1 [0094.253] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0094.254] ReadFile (in: hFile=0x148, lpBuffer=0xc00013a000, nNumberOfBytesToRead=0x2e0, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesRead=0xc000045c04*=0xe0, lpOverlapped=0x0) returned 1 [0094.255] ReadFile (in: hFile=0x148, lpBuffer=0xc00013a0e0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013a0e0*, lpNumberOfBytesRead=0xc000045c04*=0x0, lpOverlapped=0x0) returned 1 [0094.255] CloseHandle (hObject=0x148) returned 1 [0094.255] VirtualAlloc (lpAddress=0xc00013c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013c000 [0094.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0094.256] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000045d04 | out: lpMode=0xc000045d04) returned 0 [0094.260] GetFileType (hFile=0x148) returned 0x1 [0094.260] VirtualAlloc (lpAddress=0xc00018e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00018e000 [0094.261] VirtualAlloc (lpAddress=0xc000190000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000190000 [0094.261] WriteFile (in: hFile=0x148, lpBuffer=0xc00013c1e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000045cec, lpOverlapped=0x0 | out: lpBuffer=0xc00013c1e0*, lpNumberOfBytesWritten=0xc000045cec*=0xf0, lpOverlapped=0x0) returned 1 [0094.262] CloseHandle (hObject=0x148) returned 1 [0094.263] VirtualAlloc (lpAddress=0xc000192000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000192000 [0094.264] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0094.264] VirtualAlloc (lpAddress=0xc000194000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000194000 [0094.264] VirtualAlloc (lpAddress=0xc000196000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000196000 [0094.265] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0094.265] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0094.265] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000045d64 | out: lpMode=0xc000045d64) returned 0 [0094.271] GetFileType (hFile=0x148) returned 0x1 [0094.271] WriteFile (in: hFile=0x148, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000045d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc000045d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.271] CloseHandle (hObject=0x148) returned 1 [0094.272] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0094.273] VirtualAlloc (lpAddress=0xc00019c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019c000 [0094.273] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.274] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.275] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.275] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.275] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.275] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.276] VirtualAlloc (lpAddress=0xc00019e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019e000 [0094.276] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0094.276] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000257cf4 | out: lpMode=0xc000257cf4) returned 0 [0094.290] GetFileType (hFile=0x148) returned 0x1 [0094.290] GetFileType (hFile=0x148) returned 0x1 [0094.290] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000257d44 | out: lpFileInformation=0xc000257d44) returned 1 [0094.290] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000257d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000257d28) returned 1 [0094.290] ReadFile (in: hFile=0x148, lpBuffer=0xc000134000, nNumberOfBytesToRead=0x304, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc000134000*, lpNumberOfBytesRead=0xc000257c04*=0x104, lpOverlapped=0x0) returned 1 [0094.291] ReadFile (in: hFile=0x148, lpBuffer=0xc000134104, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc000134104*, lpNumberOfBytesRead=0xc000257c04*=0x0, lpOverlapped=0x0) returned 1 [0094.291] CloseHandle (hObject=0x148) returned 1 [0094.291] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0094.293] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000257d04 | out: lpMode=0xc000257d04) returned 0 [0094.326] GetFileType (hFile=0x148) returned 0x1 [0094.326] WriteFile (in: hFile=0x148, lpBuffer=0xc0003d2120*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000257cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2120*, lpNumberOfBytesWritten=0xc000257cec*=0x110, lpOverlapped=0x0) returned 1 [0094.327] CloseHandle (hObject=0x148) returned 1 [0094.328] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0094.328] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0094.329] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0094.329] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000257d64 | out: lpMode=0xc000257d64) returned 0 [0094.337] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.338] GetFileType (hFile=0x148) returned 0x1 [0094.338] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000257d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000257d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.338] CloseHandle (hObject=0x148) returned 1 [0094.339] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.340] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.341] SetEvent (hEvent=0x8c) returned 1 [0094.341] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.341] SetEvent (hEvent=0x8c) returned 1 [0094.341] SetEvent (hEvent=0x100) returned 1 [0094.341] VirtualFree (lpAddress=0xc000190000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0094.343] VirtualFree (lpAddress=0xc00013a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.343] VirtualFree (lpAddress=0xc000132000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.343] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.343] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.343] VirtualFree (lpAddress=0xc0000f8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.344] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0094.344] GetFileType (hFile=0x14c) returned 0x1 [0094.344] WriteFile (in: hFile=0x14c, lpBuffer=0xc00018c000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000047cec, lpOverlapped=0x0 | out: lpBuffer=0xc00018c000*, lpNumberOfBytesWritten=0xc000047cec*=0xe0, lpOverlapped=0x0) returned 1 [0094.345] CloseHandle (hObject=0x14c) returned 1 [0094.355] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0094.355] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0094.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x14c [0094.356] GetConsoleMode (in: hConsoleHandle=0x14c, lpMode=0xc000047d64 | out: lpMode=0xc000047d64) returned 0 [0094.356] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.358] GetFileType (hFile=0x14c) returned 0x1 [0094.358] WriteFile (in: hFile=0x14c, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000047d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000047d4c*=0x158, lpOverlapped=0x0) returned 1 [0094.358] CloseHandle (hObject=0x14c) returned 1 [0094.360] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\encry-messages.json"), dwFlags=0x1) returned 1 [0094.410] SetEvent (hEvent=0x8c) returned 1 [0094.410] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.416] SetEvent (hEvent=0x12c) returned 1 [0094.416] VirtualAlloc (lpAddress=0xc00013e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013e000 [0094.416] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0094.417] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000255cf4 | out: lpMode=0xc000255cf4) returned 0 [0094.420] GetFileType (hFile=0x148) returned 0x1 [0094.420] GetFileType (hFile=0x148) returned 0x1 [0094.420] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000255d44 | out: lpFileInformation=0xc000255d44) returned 1 [0094.420] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000255d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000255d28) returned 1 [0094.420] VirtualAlloc (lpAddress=0xc000140000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000140000 [0094.421] ReadFile (in: hFile=0x148, lpBuffer=0xc000140000, nNumberOfBytesToRead=0x2df, lpNumberOfBytesRead=0xc000255c04, lpOverlapped=0x0 | out: lpBuffer=0xc000140000*, lpNumberOfBytesRead=0xc000255c04*=0xdf, lpOverlapped=0x0) returned 1 [0094.422] ReadFile (in: hFile=0x148, lpBuffer=0xc0001400df, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000255c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001400df*, lpNumberOfBytesRead=0xc000255c04*=0x0, lpOverlapped=0x0) returned 1 [0094.422] CloseHandle (hObject=0x148) returned 1 [0094.422] VirtualAlloc (lpAddress=0xc000142000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000142000 [0094.423] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0094.423] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0094.424] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000255d04 | out: lpMode=0xc000255d04) returned 0 [0094.426] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.434] SetEvent (hEvent=0x12c) returned 1 [0094.434] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.437] SetEvent (hEvent=0x8c) returned 1 [0094.437] VirtualAlloc (lpAddress=0xc0001a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a8000 [0094.437] VirtualAlloc (lpAddress=0xc0001aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001aa000 [0094.438] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0094.438] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000067cf4 | out: lpMode=0xc000067cf4) returned 0 [0094.441] GetFileType (hFile=0x154) returned 0x1 [0094.441] GetFileType (hFile=0x154) returned 0x1 [0094.441] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc000067d44 | out: lpFileInformation=0xc000067d44) returned 1 [0094.441] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc000067d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000067d28) returned 1 [0094.442] VirtualAlloc (lpAddress=0xc0001ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ac000 [0094.442] VirtualAlloc (lpAddress=0xc0001ae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ae000 [0094.442] ReadFile (in: hFile=0x154, lpBuffer=0xc0001ae000, nNumberOfBytesToRead=0x2a0, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ae000*, lpNumberOfBytesRead=0xc000067c04*=0xa0, lpOverlapped=0x0) returned 1 [0094.443] ReadFile (in: hFile=0x154, lpBuffer=0xc0001ae0a0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ae0a0*, lpNumberOfBytesRead=0xc000067c04*=0x0, lpOverlapped=0x0) returned 1 [0094.443] CloseHandle (hObject=0x154) returned 1 [0094.443] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0094.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0094.445] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000067d04 | out: lpMode=0xc000067d04) returned 0 [0094.452] GetFileType (hFile=0x154) returned 0x1 [0094.453] WriteFile (in: hFile=0x154, lpBuffer=0xc0001b0000*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0xc000067cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001b0000*, lpNumberOfBytesWritten=0xc000067cec*=0xb0, lpOverlapped=0x0) returned 1 [0094.454] CloseHandle (hObject=0x154) returned 1 [0094.456] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0094.456] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0094.457] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0094.457] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0094.458] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000067d64 | out: lpMode=0xc000067d64) returned 0 [0094.462] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.474] SetEvent (hEvent=0x8c) returned 1 [0094.474] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.481] SetEvent (hEvent=0x108) returned 1 [0094.481] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.513] SetEvent (hEvent=0x108) returned 1 [0094.513] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.515] VirtualFree (lpAddress=0xc0001b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.516] VirtualFree (lpAddress=0xc0001ae000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.516] VirtualFree (lpAddress=0xc0001a4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0094.516] VirtualFree (lpAddress=0xc000146000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0094.517] VirtualFree (lpAddress=0xc0000e0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.517] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.517] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0094.517] SetEvent (hEvent=0x120) returned 1 [0094.517] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.520] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.533] SetEvent (hEvent=0x108) returned 1 [0094.533] SetEvent (hEvent=0x8c) returned 1 [0094.533] SwitchToThread () returned 1 [0094.535] SetEvent (hEvent=0x108) returned 1 [0094.535] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.555] SetEvent (hEvent=0x120) returned 1 [0094.555] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0094.555] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0094.556] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0094.556] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0094.556] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00012fcf4 | out: lpMode=0xc00012fcf4) returned 0 [0094.570] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.573] GetFileType (hFile=0xf4) returned 0x1 [0094.573] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0094.574] GetFileType (hFile=0xf4) returned 0x1 [0094.574] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc00012fd44 | out: lpFileInformation=0xc00012fd44) returned 1 [0094.574] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc00012fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012fd28) returned 1 [0094.574] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0094.574] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000e4000, nNumberOfBytesToRead=0x360, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesRead=0xc00012fc04*=0x160, lpOverlapped=0x0) returned 1 [0094.575] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000e4160, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4160*, lpNumberOfBytesRead=0xc00012fc04*=0x0, lpOverlapped=0x0) returned 1 [0094.575] CloseHandle (hObject=0xf4) returned 1 [0094.576] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0094.576] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0094.576] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0094.577] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0094.577] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0094.581] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00012fd04 | out: lpMode=0xc00012fd04) returned 0 [0094.586] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.590] SetEvent (hEvent=0x108) returned 1 [0094.590] GetFileType (hFile=0xf4) returned 0x1 [0094.590] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.604] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000ee000*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0xc00012fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesWritten=0xc00012fcec*=0x170, lpOverlapped=0x0) returned 1 [0094.605] CloseHandle (hObject=0xf4) returned 1 [0094.608] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0094.609] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0094.609] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0094.609] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00012fd64 | out: lpMode=0xc00012fd64) returned 0 [0094.614] GetFileType (hFile=0xf4) returned 0x1 [0094.614] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00012fd4c*=0x158, lpOverlapped=0x0) returned 1 [0094.615] CloseHandle (hObject=0xf4) returned 1 [0094.616] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0094.617] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0094.617] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\encry-computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\encry-computed_hashes.json"), dwFlags=0x1) returned 1 [0094.619] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0094.619] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000243cf4 | out: lpMode=0xc000243cf4) returned 0 [0094.621] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.626] SetEvent (hEvent=0x8c) returned 1 [0094.626] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.658] SetEvent (hEvent=0x114) returned 1 [0094.658] SetEvent (hEvent=0x9c) returned 1 [0094.658] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.807] SetEvent (hEvent=0x9c) returned 1 [0094.807] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.924] SetEvent (hEvent=0x108) returned 1 [0094.924] SetEvent (hEvent=0x114) returned 1 [0094.924] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.958] SetEvent (hEvent=0x120) returned 1 [0094.958] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.964] SetEvent (hEvent=0x114) returned 1 [0094.964] SetEvent (hEvent=0x120) returned 1 [0094.964] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.965] SetEvent (hEvent=0x108) returned 1 [0094.965] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0094.998] SetEvent (hEvent=0x100) returned 1 [0094.998] SetEvent (hEvent=0x8c) returned 1 [0094.998] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.007] SetEvent (hEvent=0x100) returned 1 [0095.007] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.009] SetEvent (hEvent=0x100) returned 1 [0095.009] SetEvent (hEvent=0x8c) returned 1 [0095.010] SetEvent (hEvent=0x114) returned 1 [0095.010] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.026] SetEvent (hEvent=0x8c) returned 1 [0095.026] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.032] SetEvent (hEvent=0x114) returned 1 [0095.032] SetEvent (hEvent=0x120) returned 1 [0095.032] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.034] SetEvent (hEvent=0x100) returned 1 [0095.034] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.054] SetEvent (hEvent=0x120) returned 1 [0095.054] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.319] SetEvent (hEvent=0x100) returned 1 [0095.320] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.324] SetEvent (hEvent=0x9c) returned 1 [0095.324] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.327] SetEvent (hEvent=0x9c) returned 1 [0095.328] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0095.328] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000275cf4 | out: lpMode=0xc000275cf4) returned 0 [0095.331] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.332] GetFileType (hFile=0x144) returned 0x1 [0095.332] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.334] GetFileType (hFile=0x144) returned 0x1 [0095.334] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000275d44 | out: lpFileInformation=0xc000275d44) returned 1 [0095.334] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000275d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000275d28) returned 1 [0095.334] ReadFile (in: hFile=0x144, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0x2d5, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc000275c04*=0xd5, lpOverlapped=0x0) returned 1 [0095.335] ReadFile (in: hFile=0x144, lpBuffer=0xc00006a0d5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a0d5*, lpNumberOfBytesRead=0xc000275c04*=0x0, lpOverlapped=0x0) returned 1 [0095.335] CloseHandle (hObject=0x144) returned 1 [0095.335] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0095.336] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000275d04 | out: lpMode=0xc000275d04) returned 0 [0095.354] GetFileType (hFile=0x144) returned 0x1 [0095.354] WriteFile (in: hFile=0x144, lpBuffer=0xc000154000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000275cec, lpOverlapped=0x0 | out: lpBuffer=0xc000154000*, lpNumberOfBytesWritten=0xc000275cec*=0xe0, lpOverlapped=0x0) returned 1 [0095.355] CloseHandle (hObject=0x144) returned 1 [0095.356] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0095.356] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0095.357] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0095.358] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0095.358] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0095.359] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0095.359] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0095.359] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000275d64 | out: lpMode=0xc000275d64) returned 0 [0095.374] GetFileType (hFile=0x144) returned 0x1 [0095.374] WriteFile (in: hFile=0x144, lpBuffer=0xc00011c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000275d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c2c0*, lpNumberOfBytesWritten=0xc000275d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.374] CloseHandle (hObject=0x144) returned 1 [0095.375] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.376] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.528] SetEvent (hEvent=0x114) returned 1 [0095.528] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.535] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.545] SetEvent (hEvent=0x100) returned 1 [0095.545] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.550] SetEvent (hEvent=0x114) returned 1 [0095.550] SetEvent (hEvent=0x100) returned 1 [0095.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0095.550] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000e7cf4 | out: lpMode=0xc0000e7cf4) returned 0 [0095.555] GetFileType (hFile=0xf4) returned 0x1 [0095.555] GetFileType (hFile=0xf4) returned 0x1 [0095.555] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc0000e7d44 | out: lpFileInformation=0xc0000e7d44) returned 1 [0095.555] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc0000e7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000e7d28) returned 1 [0095.555] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0095.556] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x2e3, lpNumberOfBytesRead=0xc0000e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc0000e7c04*=0xe3, lpOverlapped=0x0) returned 1 [0095.557] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000a20e3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a20e3*, lpNumberOfBytesRead=0xc0000e7c04*=0x0, lpOverlapped=0x0) returned 1 [0095.557] CloseHandle (hObject=0xf4) returned 1 [0095.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.558] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000e7d04 | out: lpMode=0xc0000e7d04) returned 0 [0095.565] GetFileType (hFile=0xf4) returned 0x1 [0095.565] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000522d0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0000e7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000522d0*, lpNumberOfBytesWritten=0xc0000e7cec*=0xf0, lpOverlapped=0x0) returned 1 [0095.566] CloseHandle (hObject=0xf4) returned 1 [0095.567] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0095.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0095.568] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000e7d64 | out: lpMode=0xc0000e7d64) returned 0 [0095.576] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.588] GetFileType (hFile=0xf4) returned 0x1 [0095.588] WriteFile (in: hFile=0xf4, lpBuffer=0xc00007c6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000e7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007c6e0*, lpNumberOfBytesWritten=0xc0000e7d4c*=0x158, lpOverlapped=0x0) returned 1 [0095.588] CloseHandle (hObject=0xf4) returned 1 [0095.593] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.594] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.595] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0095.595] SetEvent (hEvent=0xc0) returned 1 [0095.595] SetEvent (hEvent=0x9c) returned 1 [0095.595] SetEvent (hEvent=0x120) returned 1 [0095.595] SetEvent (hEvent=0x8c) returned 1 [0095.595] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0095.597] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.597] SetEvent (hEvent=0x114) returned 1 [0095.597] SetEvent (hEvent=0x9c) returned 1 [0095.597] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.602] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.603] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0095.603] SetEvent (hEvent=0x100) returned 1 [0095.603] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0095.603] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0095.603] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00012fcf4 | out: lpMode=0xc00012fcf4) returned 0 [0095.614] GetFileType (hFile=0x144) returned 0x1 [0095.614] GetFileType (hFile=0x144) returned 0x1 [0095.614] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc00012fd44 | out: lpFileInformation=0xc00012fd44) returned 1 [0095.614] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc00012fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012fd28) returned 1 [0095.614] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0095.615] ReadFile (in: hFile=0x144, lpBuffer=0xc0000be000, nNumberOfBytesToRead=0x2d5, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesRead=0xc00012fc04*=0xd5, lpOverlapped=0x0) returned 1 [0095.615] ReadFile (in: hFile=0x144, lpBuffer=0xc0000be0d5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be0d5*, lpNumberOfBytesRead=0xc00012fc04*=0x0, lpOverlapped=0x0) returned 1 [0095.615] CloseHandle (hObject=0x144) returned 1 [0095.616] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0095.616] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0095.617] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00012fd04 | out: lpMode=0xc00012fd04) returned 0 [0095.625] GetFileType (hFile=0x144) returned 0x1 [0095.625] WriteFile (in: hFile=0x144, lpBuffer=0xc0001b80e0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00012fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001b80e0*, lpNumberOfBytesWritten=0xc00012fcec*=0xe0, lpOverlapped=0x0) returned 1 [0095.626] CloseHandle (hObject=0x144) returned 1 [0095.627] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0095.627] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0095.628] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0095.629] VirtualAlloc (lpAddress=0xc0000e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e0000 [0095.629] VirtualAlloc (lpAddress=0xc0000ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ec000 [0095.629] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0095.629] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00012fd64 | out: lpMode=0xc00012fd64) returned 0 [0095.642] GetFileType (hFile=0x144) returned 0x1 [0095.642] WriteFile (in: hFile=0x144, lpBuffer=0xc0000ec580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ec580*, lpNumberOfBytesWritten=0xc00012fd4c*=0x158, lpOverlapped=0x0) returned 1 [0095.642] CloseHandle (hObject=0x144) returned 1 [0095.653] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.654] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.679] SetEvent (hEvent=0x120) returned 1 [0095.679] SetEvent (hEvent=0x100) returned 1 [0095.679] SetEvent (hEvent=0x114) returned 1 [0095.679] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.696] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.709] SetEvent (hEvent=0x120) returned 1 [0095.709] SwitchToThread () returned 1 [0095.716] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0095.716] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000e9cf4 | out: lpMode=0xc0000e9cf4) returned 0 [0095.721] GetFileType (hFile=0x144) returned 0x1 [0095.721] GetFileType (hFile=0x144) returned 0x1 [0095.721] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0000e9d44 | out: lpFileInformation=0xc0000e9d44) returned 1 [0095.721] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0000e9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000e9d28) returned 1 [0095.721] ReadFile (in: hFile=0x144, lpBuffer=0xc000054300, nNumberOfBytesToRead=0x2e1, lpNumberOfBytesRead=0xc0000e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000054300*, lpNumberOfBytesRead=0xc0000e9c04*=0xe1, lpOverlapped=0x0) returned 1 [0095.722] ReadFile (in: hFile=0x144, lpBuffer=0xc0000543e1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000543e1*, lpNumberOfBytesRead=0xc0000e9c04*=0x0, lpOverlapped=0x0) returned 1 [0095.723] CloseHandle (hObject=0x144) returned 1 [0095.723] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0095.724] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000e9d04 | out: lpMode=0xc0000e9d04) returned 0 [0095.734] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.735] SetEvent (hEvent=0x114) returned 1 [0095.735] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.783] SetEvent (hEvent=0x114) returned 1 [0095.783] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.925] SetEvent (hEvent=0x120) returned 1 [0095.925] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.953] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0095.954] VirtualAlloc (lpAddress=0xc000148000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000148000 [0095.954] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xfc [0095.955] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc0000bdcf4 | out: lpMode=0xc0000bdcf4) returned 0 [0095.961] GetFileType (hFile=0xfc) returned 0x1 [0095.962] GetFileType (hFile=0xfc) returned 0x1 [0095.962] GetFileInformationByHandle (in: hFile=0xfc, lpFileInformation=0xc0000bdd44 | out: lpFileInformation=0xc0000bdd44) returned 1 [0095.962] GetFileInformationByHandleEx (in: hFile=0xfc, FileInformationClass=0x9, lpFileInformation=0xc0000bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bdd28) returned 1 [0095.962] VirtualAlloc (lpAddress=0xc00014a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014a000 [0095.962] ReadFile (in: hFile=0xfc, lpBuffer=0xc00014a000, nNumberOfBytesToRead=0x303, lpNumberOfBytesRead=0xc0000bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00014a000*, lpNumberOfBytesRead=0xc0000bdc04*=0x103, lpOverlapped=0x0) returned 1 [0095.963] ReadFile (in: hFile=0xfc, lpBuffer=0xc00014a103, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00014a103*, lpNumberOfBytesRead=0xc0000bdc04*=0x0, lpOverlapped=0x0) returned 1 [0095.964] CloseHandle (hObject=0xfc) returned 1 [0095.964] VirtualAlloc (lpAddress=0xc00014c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014c000 [0095.964] VirtualAlloc (lpAddress=0xc00014e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00014e000 [0095.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0095.966] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc0000bdd04 | out: lpMode=0xc0000bdd04) returned 0 [0095.974] GetFileType (hFile=0xfc) returned 0x1 [0095.974] WriteFile (in: hFile=0xfc, lpBuffer=0xc00015c120*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc0000bdcec, lpOverlapped=0x0 | out: lpBuffer=0xc00015c120*, lpNumberOfBytesWritten=0xc0000bdcec*=0x110, lpOverlapped=0x0) returned 1 [0095.975] CloseHandle (hObject=0xfc) returned 1 [0095.976] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0095.976] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xfc [0095.976] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0xc0000bdd64 | out: lpMode=0xc0000bdd64) returned 0 [0095.978] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.978] GetFileType (hFile=0xfc) returned 0x1 [0095.979] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0095.990] WriteFile (in: hFile=0xfc, lpBuffer=0xc000054160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000054160*, lpNumberOfBytesWritten=0xc0000bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0095.991] CloseHandle (hObject=0xfc) returned 1 [0095.993] VirtualAlloc (lpAddress=0xc0001f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f2000 [0095.994] VirtualAlloc (lpAddress=0xc0001f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f4000 [0095.994] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\encry-messages.json"), dwFlags=0x1) returned 1 [0095.995] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0095.995] SetEvent (hEvent=0x100) returned 1 [0095.995] SetEvent (hEvent=0x120) returned 1 [0095.995] VirtualAlloc (lpAddress=0xc0001f6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f6000 [0095.997] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.002] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.002] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0096.004] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.004] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.005] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0096.005] SetEvent (hEvent=0xc0) returned 1 [0096.005] SetEvent (hEvent=0x9c) returned 1 [0096.005] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0096.006] GetFileType (hFile=0x154) returned 0x1 [0096.006] GetFileType (hFile=0x154) returned 0x1 [0096.006] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc000171d44 | out: lpFileInformation=0xc000171d44) returned 1 [0096.006] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc000171d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000171d28) returned 1 [0096.006] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0096.007] ReadFile (in: hFile=0x154, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x2d56, lpNumberOfBytesRead=0xc000171c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc000171c04*=0x2b56, lpOverlapped=0x0) returned 1 [0096.020] ReadFile (in: hFile=0x154, lpBuffer=0xc000050b56, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000171c04, lpOverlapped=0x0 | out: lpBuffer=0xc000050b56*, lpNumberOfBytesRead=0xc000171c04*=0x0, lpOverlapped=0x0) returned 1 [0096.020] CloseHandle (hObject=0x154) returned 1 [0096.021] VirtualAlloc (lpAddress=0xc0001fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fe000 [0096.021] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0096.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0096.023] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000171d04 | out: lpMode=0xc000171d04) returned 0 [0096.036] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.038] SetEvent (hEvent=0x114) returned 1 [0096.038] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.045] SetEvent (hEvent=0x114) returned 1 [0096.046] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.047] SetEvent (hEvent=0x120) returned 1 [0096.047] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.053] SetEvent (hEvent=0x114) returned 1 [0096.053] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.054] SetEvent (hEvent=0x114) returned 1 [0096.054] SetEvent (hEvent=0x120) returned 1 [0096.054] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.054] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0096.055] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.055] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.055] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.056] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.056] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.056] GetFileType (hFile=0x14c) returned 0x1 [0096.056] WriteFile (in: hFile=0x14c, lpBuffer=0xc000158000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000158000*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0096.057] CloseHandle (hObject=0x14c) returned 1 [0096.060] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0096.061] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.062] GetFileType (hFile=0x128) returned 0x1 [0096.062] WriteFile (in: hFile=0x128, lpBuffer=0xc000000500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc000065cec, lpOverlapped=0x0 | out: lpBuffer=0xc000000500*, lpNumberOfBytesWritten=0xc000065cec*=0x100, lpOverlapped=0x0) returned 1 [0096.064] CloseHandle (hObject=0x128) returned 1 [0096.068] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0096.068] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0096.069] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0096.069] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000065d64 | out: lpMode=0xc000065d64) returned 0 [0096.070] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.071] GetFileType (hFile=0x128) returned 0x1 [0096.072] WriteFile (in: hFile=0x128, lpBuffer=0xc0001586e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000065d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001586e0*, lpNumberOfBytesWritten=0xc000065d4c*=0x158, lpOverlapped=0x0) returned 1 [0096.072] CloseHandle (hObject=0x128) returned 1 [0096.076] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\encry-messages.json"), dwFlags=0x1) returned 1 [0096.079] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.093] SetEvent (hEvent=0xb8) returned 1 [0096.093] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586220*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000279818, lpReserved=0x0 | out: lpBuffer=0xc000586220*, lpNumberOfCharsWritten=0xc000279818*=0x3) returned 1 [0096.099] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586226*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000277818, lpReserved=0x0 | out: lpBuffer=0xc000586226*, lpNumberOfCharsWritten=0xc000277818*=0x3) returned 1 [0096.106] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.109] VirtualAlloc (lpAddress=0xc00013c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013c000 [0096.110] SetEvent (hEvent=0x9c) returned 1 [0096.110] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.130] SetEvent (hEvent=0xb8) returned 1 [0096.130] SetEvent (hEvent=0x9c) returned 1 [0096.130] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.165] SetEvent (hEvent=0x114) returned 1 [0096.165] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.200] SetEvent (hEvent=0x120) returned 1 [0096.200] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.213] GetFileType (hFile=0xec) returned 0x1 [0096.214] WriteFile (in: hFile=0xec, lpBuffer=0xc0003ca140*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0xc000259cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003ca140*, lpNumberOfBytesWritten=0xc000259cec*=0x140, lpOverlapped=0x0) returned 1 [0096.215] CloseHandle (hObject=0xec) returned 1 [0096.218] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0096.218] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0096.219] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0096.219] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000259d64 | out: lpMode=0xc000259d64) returned 0 [0096.231] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.245] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.247] SetEvent (hEvent=0x8c) returned 1 [0096.247] SetEvent (hEvent=0x100) returned 1 [0096.247] SetEvent (hEvent=0x12c) returned 1 [0096.247] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.367] SetEvent (hEvent=0x9c) returned 1 [0096.367] VirtualAlloc (lpAddress=0xc00019c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019c000 [0096.367] VirtualAlloc (lpAddress=0xc00019e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019e000 [0096.367] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0096.368] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0096.368] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0000ebcf4 | out: lpMode=0xc0000ebcf4) returned 0 [0096.372] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.374] SetEvent (hEvent=0xc0) returned 1 [0096.374] SetEvent (hEvent=0x9c) returned 1 [0096.374] GetFileType (hFile=0xf4) returned 0x1 [0096.374] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.435] SetEvent (hEvent=0x100) returned 1 [0096.435] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.980] SetEvent (hEvent=0x12c) returned 1 [0096.980] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0096.981] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0004d9cf4 | out: lpMode=0xc0004d9cf4) returned 0 [0096.982] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.985] SetEvent (hEvent=0xc0) returned 1 [0096.985] SetEvent (hEvent=0x12c) returned 1 [0096.985] GetFileType (hFile=0x154) returned 0x1 [0096.985] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.994] SwitchToThread () returned 1 [0096.995] SetEvent (hEvent=0x12c) returned 1 [0096.995] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0096.995] SetEvent (hEvent=0x12c) returned 1 [0096.995] SetEvent (hEvent=0x120) returned 1 [0096.995] SetEvent (hEvent=0x9c) returned 1 [0096.995] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.012] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102070*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012d818, lpReserved=0x0 | out: lpBuffer=0xc000102070*, lpNumberOfCharsWritten=0xc00012d818*=0x3) returned 1 [0097.021] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.027] SetEvent (hEvent=0x12c) returned 1 [0097.027] SetEvent (hEvent=0x9c) returned 1 [0097.027] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.031] SetEvent (hEvent=0x9c) returned 1 [0097.031] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.033] SetEvent (hEvent=0x12c) returned 1 [0097.033] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.037] SwitchToThread () returned 1 [0097.039] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.041] SetEvent (hEvent=0x9c) returned 1 [0097.041] SetEvent (hEvent=0x15c) returned 1 [0097.041] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0097.042] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000253cf4 | out: lpMode=0xc000253cf4) returned 0 [0097.047] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.048] GetFileType (hFile=0x16c) returned 0x1 [0097.048] GetFileType (hFile=0x16c) returned 0x1 [0097.048] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc000253d44 | out: lpFileInformation=0xc000253d44) returned 1 [0097.048] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc000253d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000253d28) returned 1 [0097.048] ReadFile (in: hFile=0x16c, lpBuffer=0xc0000dc700, nNumberOfBytesToRead=0x361, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc700*, lpNumberOfBytesRead=0xc000253c04*=0x161, lpOverlapped=0x0) returned 1 [0097.051] ReadFile (in: hFile=0x16c, lpBuffer=0xc0000dc861, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc861*, lpNumberOfBytesRead=0xc000253c04*=0x0, lpOverlapped=0x0) returned 1 [0097.051] CloseHandle (hObject=0x16c) returned 1 [0097.051] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0097.051] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0097.052] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000253d04 | out: lpMode=0xc000253d04) returned 0 [0097.094] GetFileType (hFile=0x16c) returned 0x1 [0097.094] VirtualAlloc (lpAddress=0xc000134000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000134000 [0097.097] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0097.098] WriteFile (in: hFile=0x16c, lpBuffer=0xc00007a000*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0xc000253cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesWritten=0xc000253cec*=0x170, lpOverlapped=0x0) returned 1 [0097.099] CloseHandle (hObject=0x16c) returned 1 [0097.099] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0097.099] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0097.099] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0097.100] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0097.100] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0097.101] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0097.101] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0097.102] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0097.102] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000253d64 | out: lpMode=0xc000253d64) returned 0 [0097.105] GetFileType (hFile=0x16c) returned 0x1 [0097.105] WriteFile (in: hFile=0x16c, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000253d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000253d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.105] CloseHandle (hObject=0x16c) returned 1 [0097.105] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.106] VirtualFree (lpAddress=0xc0001e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.106] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.107] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.107] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.107] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.107] GetFileType (hFile=0x144) returned 0x1 [0097.108] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000277d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc000277d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.108] CloseHandle (hObject=0x144) returned 1 [0097.108] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.118] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0097.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0097.119] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000b9cf4 | out: lpMode=0xc0000b9cf4) returned 0 [0097.124] GetFileType (hFile=0x144) returned 0x1 [0097.124] GetFileType (hFile=0x144) returned 0x1 [0097.124] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0000b9d44 | out: lpFileInformation=0xc0000b9d44) returned 1 [0097.124] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0000b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000b9d28) returned 1 [0097.124] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0097.125] ReadFile (in: hFile=0x144, lpBuffer=0xc00017a000, nNumberOfBytesToRead=0x2dd5, lpNumberOfBytesRead=0xc0000b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00017a000*, lpNumberOfBytesRead=0xc0000b9c04*=0x2bd5, lpOverlapped=0x0) returned 1 [0097.135] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.142] SetEvent (hEvent=0xc0) returned 1 [0097.142] ReadFile (in: hFile=0x144, lpBuffer=0xc00017cbd5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00017cbd5*, lpNumberOfBytesRead=0xc0000b9c04*=0x0, lpOverlapped=0x0) returned 1 [0097.142] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.148] SetEvent (hEvent=0xc0) returned 1 [0097.148] CloseHandle (hObject=0x144) returned 1 [0097.148] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.150] VirtualAlloc (lpAddress=0xc0001fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fc000 [0097.150] SetEvent (hEvent=0x12c) returned 1 [0097.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0097.151] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000b9d04 | out: lpMode=0xc0000b9d04) returned 0 [0097.154] GetFileType (hFile=0x144) returned 0x1 [0097.154] WriteFile (in: hFile=0x144, lpBuffer=0xc00017d000*, nNumberOfBytesToWrite=0x2be0, lpNumberOfBytesWritten=0xc0000b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00017d000*, lpNumberOfBytesWritten=0xc0000b9cec*=0x2be0, lpOverlapped=0x0) returned 1 [0097.155] CloseHandle (hObject=0x144) returned 1 [0097.155] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0097.155] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0097.156] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0097.156] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0097.157] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0097.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0097.157] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000b9d64 | out: lpMode=0xc0000b9d64) returned 0 [0097.163] GetFileType (hFile=0x144) returned 0x1 [0097.163] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.164] CloseHandle (hObject=0x144) returned 1 [0097.164] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0097.164] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0097.164] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\encry-verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\encry-verified_contents.json"), dwFlags=0x1) returned 1 [0097.165] SwitchToThread () returned 1 [0097.166] SetEvent (hEvent=0x12c) returned 1 [0097.166] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.169] SetEvent (hEvent=0x15c) returned 1 [0097.169] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.171] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.174] SetEvent (hEvent=0x12c) returned 1 [0097.174] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.175] SetEvent (hEvent=0x12c) returned 1 [0097.175] SetEvent (hEvent=0x8c) returned 1 [0097.175] SetEvent (hEvent=0xb8) returned 1 [0097.175] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.178] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.179] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000115818, lpReserved=0x0 | out: lpBuffer=0xc0000100c0*, lpNumberOfCharsWritten=0xc000115818*=0x3) returned 1 [0097.182] SetEvent (hEvent=0x8c) returned 1 [0097.182] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.200] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0097.200] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0097.201] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0097.201] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0097.201] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000129cf4 | out: lpMode=0xc000129cf4) returned 0 [0097.208] GetFileType (hFile=0xec) returned 0x1 [0097.208] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0097.208] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0097.209] GetFileType (hFile=0xec) returned 0x1 [0097.209] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000129d44 | out: lpFileInformation=0xc000129d44) returned 1 [0097.209] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000129d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000129d28) returned 1 [0097.209] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0097.209] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0097.210] ReadFile (in: hFile=0xec, lpBuffer=0xc0000dc000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesRead=0xc000129c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.211] ReadFile (in: hFile=0xec, lpBuffer=0xc0000dc0b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc0b3*, lpNumberOfBytesRead=0xc000129c04*=0x0, lpOverlapped=0x0) returned 1 [0097.211] CloseHandle (hObject=0xec) returned 1 [0097.211] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0097.211] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0097.212] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0097.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.213] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000129d04 | out: lpMode=0xc000129d04) returned 0 [0097.217] GetFileType (hFile=0xec) returned 0x1 [0097.217] WriteFile (in: hFile=0xec, lpBuffer=0xc0000fa000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000129cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesWritten=0xc000129cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.218] CloseHandle (hObject=0xec) returned 1 [0097.218] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0097.218] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0097.219] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0097.219] VirtualAlloc (lpAddress=0xc000200000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000200000 [0097.220] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0097.220] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0097.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.220] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000129d64 | out: lpMode=0xc000129d64) returned 0 [0097.223] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.234] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.235] SetEvent (hEvent=0xb8) returned 1 [0097.235] SetEvent (hEvent=0x8c) returned 1 [0097.235] SetEvent (hEvent=0x120) returned 1 [0097.235] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.238] SetEvent (hEvent=0x8c) returned 1 [0097.238] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.240] VirtualFree (lpAddress=0xc000202000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.240] VirtualFree (lpAddress=0xc000190000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.240] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.241] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.241] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.241] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.242] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.242] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.242] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.242] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.243] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.243] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.243] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.243] VirtualFree (lpAddress=0xc00004e000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.244] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.244] SetEvent (hEvent=0x120) returned 1 [0097.244] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.275] SetEvent (hEvent=0x12c) returned 1 [0097.275] VirtualAlloc (lpAddress=0xc00020c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020c000 [0097.275] VirtualAlloc (lpAddress=0xc00020e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020e000 [0097.276] VirtualAlloc (lpAddress=0xc000210000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000210000 [0097.276] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0097.276] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0097.276] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000069cf4 | out: lpMode=0xc000069cf4) returned 0 [0097.280] GetFileType (hFile=0x154) returned 0x1 [0097.280] VirtualAlloc (lpAddress=0xc000214000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000214000 [0097.281] VirtualAlloc (lpAddress=0xc000216000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000216000 [0097.281] GetFileType (hFile=0x154) returned 0x1 [0097.281] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc000069d44 | out: lpFileInformation=0xc000069d44) returned 1 [0097.281] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc000069d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000069d28) returned 1 [0097.281] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0097.282] ReadFile (in: hFile=0x154, lpBuffer=0xc000218000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc000218000*, lpNumberOfBytesRead=0xc000069c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.283] ReadFile (in: hFile=0x154, lpBuffer=0xc0002180b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002180b3*, lpNumberOfBytesRead=0xc000069c04*=0x0, lpOverlapped=0x0) returned 1 [0097.283] CloseHandle (hObject=0x154) returned 1 [0097.283] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0097.283] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0097.284] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0097.284] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0097.285] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.286] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000069d04 | out: lpMode=0xc000069d04) returned 0 [0097.290] GetFileType (hFile=0x154) returned 0x1 [0097.290] WriteFile (in: hFile=0x154, lpBuffer=0xc000220000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000069cec, lpOverlapped=0x0 | out: lpBuffer=0xc000220000*, lpNumberOfBytesWritten=0xc000069cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.292] CloseHandle (hObject=0x154) returned 1 [0097.292] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0097.292] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0097.292] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0097.292] VirtualAlloc (lpAddress=0xc000226000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000226000 [0097.293] VirtualAlloc (lpAddress=0xc000228000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000228000 [0097.293] VirtualAlloc (lpAddress=0xc00022a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00022a000 [0097.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.294] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000069d64 | out: lpMode=0xc000069d64) returned 0 [0097.298] GetFileType (hFile=0x154) returned 0x1 [0097.298] WriteFile (in: hFile=0x154, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000069d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000069d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.298] CloseHandle (hObject=0x154) returned 1 [0097.298] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.299] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586430*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000bd818, lpReserved=0x0 | out: lpBuffer=0xc000586430*, lpNumberOfCharsWritten=0xc0000bd818*=0x3) returned 1 [0097.302] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586436*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000183818, lpReserved=0x0 | out: lpBuffer=0xc000586436*, lpNumberOfCharsWritten=0xc000183818*=0x3) returned 1 [0097.307] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586440*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000e9818, lpReserved=0x0 | out: lpBuffer=0xc000586440*, lpNumberOfCharsWritten=0xc0000e9818*=0x3) returned 1 [0097.316] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586460*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc000586460*, lpNumberOfCharsWritten=0xc0006dd818*=0x3) returned 1 [0097.333] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.334] SetEvent (hEvent=0x12c) returned 1 [0097.334] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.335] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000187818, lpReserved=0x0 | out: lpBuffer=0xc0000100c0*, lpNumberOfCharsWritten=0xc000187818*=0x3) returned 1 [0097.346] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.348] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102210*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004df818, lpReserved=0x0 | out: lpBuffer=0xc000102210*, lpNumberOfCharsWritten=0xc0004df818*=0x3) returned 1 [0097.351] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100c6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000065818, lpReserved=0x0 | out: lpBuffer=0xc0000100c6*, lpNumberOfCharsWritten=0xc000065818*=0x3) returned 1 [0097.356] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586410*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00016f818, lpReserved=0x0 | out: lpBuffer=0xc000586410*, lpNumberOfCharsWritten=0xc00016f818*=0x3) returned 1 [0097.363] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586416*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000279818, lpReserved=0x0 | out: lpBuffer=0xc000586416*, lpNumberOfCharsWritten=0xc000279818*=0x3) returned 1 [0097.370] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586430*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012b818, lpReserved=0x0 | out: lpBuffer=0xc000586430*, lpNumberOfCharsWritten=0xc00012b818*=0x3) returned 1 [0097.377] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010400*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000155818, lpReserved=0x0 | out: lpBuffer=0xc000010400*, lpNumberOfCharsWritten=0xc000155818*=0x3) returned 1 [0097.383] SwitchToThread () returned 1 [0097.383] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.384] SetEvent (hEvent=0x12c) returned 1 [0097.384] SetEvent (hEvent=0x15c) returned 1 [0097.384] SetEvent (hEvent=0x120) returned 1 [0097.384] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.394] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0097.395] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0097.395] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0097.395] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0097.396] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0097.396] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0097.396] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000c3cf4 | out: lpMode=0xc0000c3cf4) returned 0 [0097.407] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.408] GetFileType (hFile=0x154) returned 0x1 [0097.408] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0097.409] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0097.409] GetFileType (hFile=0x154) returned 0x1 [0097.409] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc0000c3d44 | out: lpFileInformation=0xc0000c3d44) returned 1 [0097.409] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc0000c3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c3d28) returned 1 [0097.409] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0097.410] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0097.410] ReadFile (in: hFile=0x154, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc0000c3c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.412] ReadFile (in: hFile=0x154, lpBuffer=0xc00025a0b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a0b3*, lpNumberOfBytesRead=0xc0000c3c04*=0x0, lpOverlapped=0x0) returned 1 [0097.412] CloseHandle (hObject=0x154) returned 1 [0097.412] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0097.413] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0097.413] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0097.413] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.414] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000c3d04 | out: lpMode=0xc0000c3d04) returned 0 [0097.417] GetFileType (hFile=0x154) returned 0x1 [0097.417] WriteFile (in: hFile=0x154, lpBuffer=0xc000260000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0000c3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000260000*, lpNumberOfBytesWritten=0xc0000c3cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.418] CloseHandle (hObject=0x154) returned 1 [0097.418] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0097.418] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.418] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000c3d64 | out: lpMode=0xc0000c3d64) returned 0 [0097.423] GetFileType (hFile=0x154) returned 0x1 [0097.423] WriteFile (in: hFile=0x154, lpBuffer=0xc00016a6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a6e0*, lpNumberOfBytesWritten=0xc0000c3d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.423] CloseHandle (hObject=0x154) returned 1 [0097.423] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.424] SwitchToThread () returned 1 [0097.426] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.426] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.427] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.427] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.427] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.427] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.427] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.427] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.427] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.427] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.428] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.428] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.428] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.428] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.428] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.428] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.433] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.436] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.436] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.436] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523e0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8523e0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.436] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.437] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.437] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8523e0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8523d900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.437] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.437] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.438] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.438] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.438] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.438] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.438] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.438] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.438] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.440] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.442] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.442] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.442] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.442] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.442] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.442] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.443] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.443] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.443] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.443] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.443] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.443] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.443] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.443] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.453] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0097.453] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.454] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.454] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.454] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.454] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.454] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.454] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.454] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.455] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.455] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.455] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.455] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.455] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.455] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264a00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.455] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85264230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85264230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85264230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.459] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.468] SwitchToThread () returned 1 [0097.469] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.476] SetEvent (hEvent=0x15c) returned 1 [0097.476] VirtualFree (lpAddress=0xc0002b8000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0097.476] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.477] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.477] VirtualFree (lpAddress=0xc0001be000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.477] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.478] VirtualFree (lpAddress=0xc000134000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0097.478] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000279cf4 | out: lpMode=0xc000279cf4) returned 0 [0097.488] GetFileType (hFile=0xf4) returned 0x1 [0097.488] GetFileType (hFile=0xf4) returned 0x1 [0097.488] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000279d44 | out: lpFileInformation=0xc000279d44) returned 1 [0097.488] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000279d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000279d28) returned 1 [0097.488] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0097.488] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0097.489] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc000279c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.490] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000a20b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a20b3*, lpNumberOfBytesRead=0xc000279c04*=0x0, lpOverlapped=0x0) returned 1 [0097.490] CloseHandle (hObject=0xf4) returned 1 [0097.490] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0097.490] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0097.491] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0097.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0097.493] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000279d04 | out: lpMode=0xc000279d04) returned 0 [0097.499] GetFileType (hFile=0xf4) returned 0x1 [0097.499] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d8000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000279cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesWritten=0xc000279cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.500] CloseHandle (hObject=0xf4) returned 1 [0097.500] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0097.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0097.500] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000279d64 | out: lpMode=0xc000279d64) returned 0 [0097.503] GetFileType (hFile=0xf4) returned 0x1 [0097.503] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000279d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000279d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.503] CloseHandle (hObject=0xf4) returned 1 [0097.503] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.515] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.520] SetEvent (hEvent=0x15c) returned 1 [0097.520] SwitchToThread () returned 1 [0097.528] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0097.528] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0097.528] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0097.529] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0097.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0097.530] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0097.540] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.540] GetFileType (hFile=0x144) returned 0x1 [0097.541] GetFileType (hFile=0x144) returned 0x1 [0097.541] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0097.541] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0097.541] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0097.541] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0097.542] ReadFile (in: hFile=0x144, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc0006ddc04*=0xb3, lpOverlapped=0x0) returned 1 [0097.543] ReadFile (in: hFile=0x144, lpBuffer=0xc00003c0b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c0b3*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0097.543] CloseHandle (hObject=0x144) returned 1 [0097.543] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0097.543] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0097.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0097.545] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0097.546] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.552] GetFileType (hFile=0x144) returned 0x1 [0097.552] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d80c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d80c0*, lpNumberOfBytesWritten=0xc0006ddcec*=0xc0, lpOverlapped=0x0) returned 1 [0097.553] CloseHandle (hObject=0x144) returned 1 [0097.553] VirtualAlloc (lpAddress=0xc0001ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ca000 [0097.553] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0097.553] VirtualAlloc (lpAddress=0xc0001cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001cc000 [0097.554] VirtualAlloc (lpAddress=0xc0001ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ce000 [0097.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0097.555] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0097.558] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.562] GetFileType (hFile=0x144) returned 0x1 [0097.562] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0097.563] WriteFile (in: hFile=0x144, lpBuffer=0xc0000a2000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0097.563] CloseHandle (hObject=0x144) returned 1 [0097.563] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0097.563] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.564] SwitchToThread () returned 1 [0097.565] SetEvent (hEvent=0x120) returned 1 [0097.565] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.565] SetEvent (hEvent=0x120) returned 1 [0097.565] SetEvent (hEvent=0x9c) returned 1 [0097.565] SetEvent (hEvent=0x15c) returned 1 [0097.565] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.568] SetEvent (hEvent=0x9c) returned 1 [0097.568] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.570] VirtualFree (lpAddress=0xc0002be000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0097.570] VirtualFree (lpAddress=0xc000176000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.571] VirtualFree (lpAddress=0xc000166000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.571] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.571] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.571] VirtualFree (lpAddress=0xc00004c000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0097.571] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.572] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.572] SetEvent (hEvent=0x15c) returned 1 [0097.572] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.573] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.585] SetEvent (hEvent=0x9c) returned 1 [0097.585] SetEvent (hEvent=0x120) returned 1 [0097.585] SetEvent (hEvent=0x8c) returned 1 [0097.585] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.589] SetEvent (hEvent=0x15c) returned 1 [0097.589] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.591] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.594] SetEvent (hEvent=0x9c) returned 1 [0097.594] SetEvent (hEvent=0x120) returned 1 [0097.594] VirtualFree (lpAddress=0xc00028c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.595] VirtualFree (lpAddress=0xc0001ca000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0097.595] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.595] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.595] SetEvent (hEvent=0x15c) returned 1 [0097.595] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.725] SetEvent (hEvent=0x15c) returned 1 [0097.725] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.729] SetEvent (hEvent=0x9c) returned 1 [0097.729] SetEvent (hEvent=0x12c) returned 1 [0097.729] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.732] SetEvent (hEvent=0x9c) returned 1 [0097.732] SetEvent (hEvent=0x15c) returned 1 [0097.732] SetEvent (hEvent=0x8c) returned 1 [0097.732] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.737] SetEvent (hEvent=0x8c) returned 1 [0097.737] SetEvent (hEvent=0x15c) returned 1 [0097.737] SetEvent (hEvent=0x9c) returned 1 [0097.737] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.742] SetEvent (hEvent=0x8c) returned 1 [0097.742] SetEvent (hEvent=0x120) returned 1 [0097.742] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.751] VirtualFree (lpAddress=0xc0002d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.752] VirtualFree (lpAddress=0xc0002c8000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0097.752] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.752] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0097.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0097.753] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0097.757] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.761] SetEvent (hEvent=0x8c) returned 1 [0097.761] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.791] SetEvent (hEvent=0x9c) returned 1 [0097.791] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.800] SetEvent (hEvent=0x9c) returned 1 [0097.800] SetEvent (hEvent=0x12c) returned 1 [0097.800] VirtualAlloc (lpAddress=0xc0002e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e0000 [0097.800] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0097.801] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000173cf4 | out: lpMode=0xc000173cf4) returned 0 [0097.801] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.805] SetEvent (hEvent=0x9c) returned 1 [0097.805] GetFileType (hFile=0x154) returned 0x1 [0097.805] GetFileType (hFile=0x154) returned 0x1 [0097.805] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc000173d44 | out: lpFileInformation=0xc000173d44) returned 1 [0097.805] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc000173d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000173d28) returned 1 [0097.805] ReadFile (in: hFile=0x154, lpBuffer=0xc000060580, nNumberOfBytesToRead=0x29f, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc000060580*, lpNumberOfBytesRead=0xc000173c04*=0x9f, lpOverlapped=0x0) returned 1 [0097.806] ReadFile (in: hFile=0x154, lpBuffer=0xc00006061f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006061f*, lpNumberOfBytesRead=0xc000173c04*=0x0, lpOverlapped=0x0) returned 1 [0097.806] CloseHandle (hObject=0x154) returned 1 [0097.806] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.807] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000173d04 | out: lpMode=0xc000173d04) returned 0 [0097.807] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.809] GetFileType (hFile=0x154) returned 0x1 [0097.810] WriteFile (in: hFile=0x154, lpBuffer=0xc0003d0140*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0xc000173cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d0140*, lpNumberOfBytesWritten=0xc000173cec*=0xa0, lpOverlapped=0x0) returned 1 [0097.810] CloseHandle (hObject=0x154) returned 1 [0097.811] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0097.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.811] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000173d64 | out: lpMode=0xc000173d64) returned 0 [0097.822] GetFileType (hFile=0x154) returned 0x1 [0097.822] VirtualAlloc (lpAddress=0xc0001fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fc000 [0097.823] WriteFile (in: hFile=0x154, lpBuffer=0xc0001fc000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000173d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001fc000*, lpNumberOfBytesWritten=0xc000173d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.823] CloseHandle (hObject=0x154) returned 1 [0097.823] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0097.824] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000113cf4 | out: lpMode=0xc000113cf4) returned 0 [0097.825] GetFileType (hFile=0x154) returned 0x1 [0097.825] GetFileType (hFile=0x154) returned 0x1 [0097.825] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc000113d44 | out: lpFileInformation=0xc000113d44) returned 1 [0097.825] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc000113d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000113d28) returned 1 [0097.825] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0097.826] VirtualAlloc (lpAddress=0xc0002e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e4000 [0097.826] ReadFile (in: hFile=0x154, lpBuffer=0xc0002e4000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000113c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e4000*, lpNumberOfBytesRead=0xc000113c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.827] ReadFile (in: hFile=0x154, lpBuffer=0xc0002e40b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000113c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e40b3*, lpNumberOfBytesRead=0xc000113c04*=0x0, lpOverlapped=0x0) returned 1 [0097.827] CloseHandle (hObject=0x154) returned 1 [0097.827] VirtualAlloc (lpAddress=0xc0002e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e6000 [0097.827] VirtualAlloc (lpAddress=0xc0002e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e8000 [0097.828] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.829] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000113d04 | out: lpMode=0xc000113d04) returned 0 [0097.829] GetFileType (hFile=0x154) returned 0x1 [0097.829] WriteFile (in: hFile=0x154, lpBuffer=0xc00017e0c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000113cec, lpOverlapped=0x0 | out: lpBuffer=0xc00017e0c0*, lpNumberOfBytesWritten=0xc000113cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.830] CloseHandle (hObject=0x154) returned 1 [0097.830] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0097.830] VirtualAlloc (lpAddress=0xc0001fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fe000 [0097.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0097.831] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc000113d64 | out: lpMode=0xc000113d64) returned 0 [0097.834] GetFileType (hFile=0x154) returned 0x1 [0097.834] WriteFile (in: hFile=0x154, lpBuffer=0xc0001fc420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000113d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001fc420*, lpNumberOfBytesWritten=0xc000113d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.834] CloseHandle (hObject=0x154) returned 1 [0097.834] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.835] GetFileType (hFile=0xec) returned 0x1 [0097.835] GetFileType (hFile=0xec) returned 0x1 [0097.835] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0097.835] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0097.835] ReadFile (in: hFile=0xec, lpBuffer=0xc0002e42c0, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e42c0*, lpNumberOfBytesRead=0xc0006e1c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.836] ReadFile (in: hFile=0xec, lpBuffer=0xc0002e4373, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e4373*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0097.836] CloseHandle (hObject=0xec) returned 1 [0097.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.837] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0097.838] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.842] SetEvent (hEvent=0x8c) returned 1 [0097.842] GetFileType (hFile=0xec) returned 0x1 [0097.842] WriteFile (in: hFile=0xec, lpBuffer=0xc00017e180*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00017e180*, lpNumberOfBytesWritten=0xc0006e1cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.843] CloseHandle (hObject=0xec) returned 1 [0097.843] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0097.843] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0097.843] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0097.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0097.844] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0097.844] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.852] GetFileType (hFile=0xec) returned 0x1 [0097.852] VirtualAlloc (lpAddress=0xc0002f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f0000 [0097.852] WriteFile (in: hFile=0xec, lpBuffer=0xc0002f0000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002f0000*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.853] CloseHandle (hObject=0xec) returned 1 [0097.853] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0097.853] VirtualAlloc (lpAddress=0xc0002f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f4000 [0097.853] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.854] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0097.854] SetEvent (hEvent=0x120) returned 1 [0097.854] SetEvent (hEvent=0x9c) returned 1 [0097.854] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0097.856] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.860] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.860] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0097.860] SetEvent (hEvent=0x9c) returned 1 [0097.861] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.863] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.864] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0097.864] SetEvent (hEvent=0x100) returned 1 [0097.864] SetEvent (hEvent=0x120) returned 1 [0097.864] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.866] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.866] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0097.866] SetEvent (hEvent=0x100) returned 1 [0097.866] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.870] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.870] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0097.870] SetEvent (hEvent=0x9c) returned 1 [0097.870] SetEvent (hEvent=0x120) returned 1 [0097.871] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.873] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.876] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0097.876] SetEvent (hEvent=0x100) returned 1 [0097.876] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.880] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.881] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0097.881] SetEvent (hEvent=0xc0) returned 1 [0097.881] SetEvent (hEvent=0x9c) returned 1 [0097.881] SetEvent (hEvent=0x120) returned 1 [0097.882] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.886] SetEvent (hEvent=0x12c) returned 1 [0097.886] SetEvent (hEvent=0x8c) returned 1 [0097.886] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.897] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.898] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0097.898] SetEvent (hEvent=0x8c) returned 1 [0097.898] SetEvent (hEvent=0x12c) returned 1 [0097.898] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.914] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0097.914] SetEvent (hEvent=0x120) returned 1 [0097.914] SetEvent (hEvent=0x9c) returned 1 [0097.914] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.922] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.922] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.925] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.925] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0097.925] SetEvent (hEvent=0x12c) returned 1 [0097.925] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.930] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.930] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.931] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0097.931] SetEvent (hEvent=0xc0) returned 1 [0097.931] SetEvent (hEvent=0x8c) returned 1 [0097.931] SetEvent (hEvent=0x9c) returned 1 [0097.932] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.932] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.932] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.938] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0097.938] SetEvent (hEvent=0x8c) returned 1 [0097.938] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.946] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.946] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0097.946] SetEvent (hEvent=0x8c) returned 1 [0097.946] SetEvent (hEvent=0x9c) returned 1 [0097.947] VirtualAlloc (lpAddress=0xc000190000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000190000 [0097.948] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.951] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0097.951] SetEvent (hEvent=0x9c) returned 1 [0097.951] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.956] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.957] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0097.957] SetEvent (hEvent=0x9c) returned 1 [0097.957] SetEvent (hEvent=0x8c) returned 1 [0097.958] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0097.966] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0097.967] SetEvent (hEvent=0x8c) returned 1 [0097.967] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0097.972] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.972] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0097.973] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0097.973] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0097.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0097.974] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000135cf4 | out: lpMode=0xc000135cf4) returned 0 [0097.983] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0097.990] GetFileType (hFile=0xf4) returned 0x1 [0097.990] GetFileType (hFile=0xf4) returned 0x1 [0097.990] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000135d44 | out: lpFileInformation=0xc000135d44) returned 1 [0097.991] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000135d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000135d28) returned 1 [0097.991] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0097.991] ReadFile (in: hFile=0xf4, lpBuffer=0xc000198000, nNumberOfBytesToRead=0x2969, lpNumberOfBytesRead=0xc000135c04, lpOverlapped=0x0 | out: lpBuffer=0xc000198000*, lpNumberOfBytesRead=0xc000135c04*=0x2769, lpOverlapped=0x0) returned 1 [0097.994] ReadFile (in: hFile=0xf4, lpBuffer=0xc00019a769, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000135c04, lpOverlapped=0x0 | out: lpBuffer=0xc00019a769*, lpNumberOfBytesRead=0xc000135c04*=0x0, lpOverlapped=0x0) returned 1 [0097.994] CloseHandle (hObject=0xf4) returned 1 [0097.994] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0097.995] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0097.995] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0097.996] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0097.997] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0097.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0097.998] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000135d04 | out: lpMode=0xc000135d04) returned 0 [0097.999] GetFileType (hFile=0xf4) returned 0x1 [0097.999] WriteFile (in: hFile=0xf4, lpBuffer=0xc0001a0000*, nNumberOfBytesToWrite=0x2770, lpNumberOfBytesWritten=0xc000135cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001a0000*, lpNumberOfBytesWritten=0xc000135cec*=0x2770, lpOverlapped=0x0) returned 1 [0098.000] CloseHandle (hObject=0xf4) returned 1 [0098.000] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0098.000] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0098.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0098.001] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000135d64 | out: lpMode=0xc000135d64) returned 0 [0098.005] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.017] SwitchToThread () returned 1 [0098.017] SetEvent (hEvent=0x12c) returned 1 [0098.017] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.018] SetEvent (hEvent=0x12c) returned 1 [0098.019] SetEvent (hEvent=0x120) returned 1 [0098.019] SetEvent (hEvent=0x8c) returned 1 [0098.019] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.027] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000eb818, lpReserved=0x0 | out: lpBuffer=0xc0001020c0*, lpNumberOfCharsWritten=0xc0000eb818*=0x3) returned 1 [0098.037] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020c6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc0001020c6*, lpNumberOfCharsWritten=0xc000175818*=0x3) returned 1 [0098.041] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.042] SetEvent (hEvent=0x8c) returned 1 [0098.042] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.044] SetEvent (hEvent=0x8c) returned 1 [0098.044] VirtualFree (lpAddress=0xc00015a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.045] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.045] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.045] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.045] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.046] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.046] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.046] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.047] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.047] GetFileType (hFile=0xf4) returned 0x1 [0098.047] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000135d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000135d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.047] CloseHandle (hObject=0xf4) returned 1 [0098.047] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0098.048] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0098.048] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\encry-verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\encry-verified_contents.json"), dwFlags=0x1) returned 1 [0098.049] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.050] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.050] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0098.050] SetEvent (hEvent=0xc0) returned 1 [0098.050] SetEvent (hEvent=0x8c) returned 1 [0098.051] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.052] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.060] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.060] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0098.060] SetEvent (hEvent=0x8c) returned 1 [0098.060] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.061] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0098.061] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000259cf4 | out: lpMode=0xc000259cf4) returned 0 [0098.063] GetFileType (hFile=0xf4) returned 0x1 [0098.063] GetFileType (hFile=0xf4) returned 0x1 [0098.063] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000259d44 | out: lpFileInformation=0xc000259d44) returned 1 [0098.063] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000259d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000259d28) returned 1 [0098.063] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0098.064] ReadFile (in: hFile=0xf4, lpBuffer=0xc00007a000, nNumberOfBytesToRead=0x2fe, lpNumberOfBytesRead=0xc000259c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesRead=0xc000259c04*=0xfe, lpOverlapped=0x0) returned 1 [0098.065] ReadFile (in: hFile=0xf4, lpBuffer=0xc00007a0fe, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000259c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a0fe*, lpNumberOfBytesRead=0xc000259c04*=0x0, lpOverlapped=0x0) returned 1 [0098.065] CloseHandle (hObject=0xf4) returned 1 [0098.065] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0098.066] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000259d04 | out: lpMode=0xc000259d04) returned 0 [0098.081] GetFileType (hFile=0xf4) returned 0x1 [0098.081] WriteFile (in: hFile=0xf4, lpBuffer=0xc000532000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc000259cec, lpOverlapped=0x0 | out: lpBuffer=0xc000532000*, lpNumberOfBytesWritten=0xc000259cec*=0x100, lpOverlapped=0x0) returned 1 [0098.083] CloseHandle (hObject=0xf4) returned 1 [0098.083] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0098.083] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0098.084] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0098.084] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000259d64 | out: lpMode=0xc000259d64) returned 0 [0098.087] GetFileType (hFile=0xf4) returned 0x1 [0098.087] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0098.087] WriteFile (in: hFile=0xf4, lpBuffer=0xc00007c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000259d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesWritten=0xc000259d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.088] CloseHandle (hObject=0xf4) returned 1 [0098.088] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.090] VirtualFree (lpAddress=0xc000164000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0098.091] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.091] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.091] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.091] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.092] GetFileType (hFile=0x154) returned 0x1 [0098.092] WriteFile (in: hFile=0x154, lpBuffer=0xc0000d80c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0000f5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d80c0*, lpNumberOfBytesWritten=0xc0000f5cec*=0xc0, lpOverlapped=0x0) returned 1 [0098.093] CloseHandle (hObject=0x154) returned 1 [0098.093] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0098.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0098.094] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc0000f5d64 | out: lpMode=0xc0000f5d64) returned 0 [0098.096] GetFileType (hFile=0x154) returned 0x1 [0098.096] WriteFile (in: hFile=0x154, lpBuffer=0xc0000a2840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2840*, lpNumberOfBytesWritten=0xc0000f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.096] CloseHandle (hObject=0x154) returned 1 [0098.096] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0098.097] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0098.097] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.098] SwitchToThread () returned 1 [0098.100] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0098.100] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00012bcf4 | out: lpMode=0xc00012bcf4) returned 0 [0098.104] GetFileType (hFile=0xf4) returned 0x1 [0098.104] GetFileType (hFile=0xf4) returned 0x1 [0098.104] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc00012bd44 | out: lpFileInformation=0xc00012bd44) returned 1 [0098.104] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc00012bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012bd28) returned 1 [0098.104] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0098.105] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000fc000, nNumberOfBytesToRead=0x2da, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc000*, lpNumberOfBytesRead=0xc00012bc04*=0xda, lpOverlapped=0x0) returned 1 [0098.106] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000fc0da, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc0da*, lpNumberOfBytesRead=0xc00012bc04*=0x0, lpOverlapped=0x0) returned 1 [0098.106] CloseHandle (hObject=0xf4) returned 1 [0098.106] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0098.106] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0098.107] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00012bd04 | out: lpMode=0xc00012bd04) returned 0 [0098.109] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.114] SetEvent (hEvent=0xc0) returned 1 [0098.114] GetFileType (hFile=0xf4) returned 0x1 [0098.114] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.126] WriteFile (in: hFile=0xf4, lpBuffer=0xc00005e000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00012bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesWritten=0xc00012bcec*=0xe0, lpOverlapped=0x0) returned 1 [0098.127] CloseHandle (hObject=0xf4) returned 1 [0098.127] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0098.127] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0098.128] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0098.128] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0098.128] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0098.129] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0098.129] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0098.130] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0098.130] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00012bd64 | out: lpMode=0xc00012bd64) returned 0 [0098.133] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.137] SetEvent (hEvent=0x12c) returned 1 [0098.137] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.141] SetEvent (hEvent=0x100) returned 1 [0098.141] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0098.141] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000153cf4 | out: lpMode=0xc000153cf4) returned 0 [0098.149] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.152] SetEvent (hEvent=0x9c) returned 1 [0098.152] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.269] SetEvent (hEvent=0x100) returned 1 [0098.270] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0098.270] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0001a5cf4 | out: lpMode=0xc0001a5cf4) returned 0 [0098.275] GetFileType (hFile=0xf4) returned 0x1 [0098.275] GetFileType (hFile=0xf4) returned 0x1 [0098.275] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc0001a5d44 | out: lpFileInformation=0xc0001a5d44) returned 1 [0098.275] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc0001a5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a5d28) returned 1 [0098.275] VirtualAlloc (lpAddress=0xc00017e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017e000 [0098.275] ReadFile (in: hFile=0xf4, lpBuffer=0xc00017e000, nNumberOfBytesToRead=0x2dd, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00017e000*, lpNumberOfBytesRead=0xc0001a5c04*=0xdd, lpOverlapped=0x0) returned 1 [0098.276] ReadFile (in: hFile=0xf4, lpBuffer=0xc00017e0dd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00017e0dd*, lpNumberOfBytesRead=0xc0001a5c04*=0x0, lpOverlapped=0x0) returned 1 [0098.276] CloseHandle (hObject=0xf4) returned 1 [0098.277] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0098.277] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0098.277] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0098.278] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0098.279] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0001a5d04 | out: lpMode=0xc0001a5d04) returned 0 [0098.279] GetFileType (hFile=0xf4) returned 0x1 [0098.279] WriteFile (in: hFile=0xf4, lpBuffer=0xc00007a000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0001a5cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesWritten=0xc0001a5cec*=0xe0, lpOverlapped=0x0) returned 1 [0098.280] CloseHandle (hObject=0xf4) returned 1 [0098.280] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0098.281] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0098.281] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0098.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0098.282] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc0001a5d64 | out: lpMode=0xc0001a5d64) returned 0 [0098.285] GetFileType (hFile=0xf4) returned 0x1 [0098.285] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001a5d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.286] CloseHandle (hObject=0xf4) returned 1 [0098.286] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.287] VirtualFree (lpAddress=0xc000176000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.287] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.287] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.288] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.288] GetFileType (hFile=0xec) returned 0x1 [0098.288] GetFileType (hFile=0xec) returned 0x1 [0098.288] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000255d44 | out: lpFileInformation=0xc000255d44) returned 1 [0098.288] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000255d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000255d28) returned 1 [0098.288] ReadFile (in: hFile=0xec, lpBuffer=0xc00017e300, nNumberOfBytesToRead=0x2e5, lpNumberOfBytesRead=0xc000255c04, lpOverlapped=0x0 | out: lpBuffer=0xc00017e300*, lpNumberOfBytesRead=0xc000255c04*=0xe5, lpOverlapped=0x0) returned 1 [0098.289] ReadFile (in: hFile=0xec, lpBuffer=0xc00017e3e5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000255c04, lpOverlapped=0x0 | out: lpBuffer=0xc00017e3e5*, lpNumberOfBytesRead=0xc000255c04*=0x0, lpOverlapped=0x0) returned 1 [0098.290] CloseHandle (hObject=0xec) returned 1 [0098.290] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0098.291] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000255d04 | out: lpMode=0xc000255d04) returned 0 [0098.293] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.296] GetFileType (hFile=0xec) returned 0x1 [0098.296] WriteFile (in: hFile=0xec, lpBuffer=0xc00004c3c0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000255cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c3c0*, lpNumberOfBytesWritten=0xc000255cec*=0xf0, lpOverlapped=0x0) returned 1 [0098.297] CloseHandle (hObject=0xec) returned 1 [0098.297] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0098.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0098.298] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000255d64 | out: lpMode=0xc000255d64) returned 0 [0098.301] GetFileType (hFile=0xec) returned 0x1 [0098.301] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000255d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc000255d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.301] CloseHandle (hObject=0xec) returned 1 [0098.301] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.305] SwitchToThread () returned 1 [0098.305] SetEvent (hEvent=0x100) returned 1 [0098.305] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.306] SetEvent (hEvent=0x100) returned 1 [0098.306] SetEvent (hEvent=0x15c) returned 1 [0098.306] SetEvent (hEvent=0x12c) returned 1 [0098.306] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.307] SetEvent (hEvent=0x15c) returned 1 [0098.307] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.311] SetEvent (hEvent=0x100) returned 1 [0098.311] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.369] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.378] SetEvent (hEvent=0x100) returned 1 [0098.378] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.380] SetEvent (hEvent=0x120) returned 1 [0098.380] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.383] SetEvent (hEvent=0x12c) returned 1 [0098.383] SwitchToThread () returned 1 [0098.388] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.389] SetEvent (hEvent=0x100) returned 1 [0098.389] SetEvent (hEvent=0x12c) returned 1 [0098.389] SetEvent (hEvent=0x8c) returned 1 [0098.389] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.392] SetEvent (hEvent=0x100) returned 1 [0098.392] SetEvent (hEvent=0x12c) returned 1 [0098.392] VirtualFree (lpAddress=0xc000208000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.393] VirtualFree (lpAddress=0xc000202000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.393] VirtualFree (lpAddress=0xc0001b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.393] VirtualFree (lpAddress=0xc000166000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.393] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.394] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.394] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.394] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.395] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.395] VirtualFree (lpAddress=0xc000052000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0098.395] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.396] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.396] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.396] SetEvent (hEvent=0x8c) returned 1 [0098.396] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x168 [0098.529] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0001afcf4 | out: lpMode=0xc0001afcf4) returned 0 [0098.534] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.550] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.550] SetEvent (hEvent=0x12c) returned 1 [0098.550] SetEvent (hEvent=0x8c) returned 1 [0098.551] SetEvent (hEvent=0xb8) returned 1 [0098.551] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.559] VirtualFree (lpAddress=0xc000212000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.560] VirtualFree (lpAddress=0xc0001b6000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0098.561] VirtualFree (lpAddress=0xc00017e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.561] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.561] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.561] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.562] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.562] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.562] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.563] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.563] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.563] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.563] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.564] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0098.564] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0098.564] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00019fcf4 | out: lpMode=0xc00019fcf4) returned 0 [0098.576] GetFileType (hFile=0x174) returned 0x1 [0098.576] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0098.576] GetFileType (hFile=0x174) returned 0x1 [0098.576] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc00019fd44 | out: lpFileInformation=0xc00019fd44) returned 1 [0098.577] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc00019fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00019fd28) returned 1 [0098.577] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0098.577] ReadFile (in: hFile=0x174, lpBuffer=0xc000222000, nNumberOfBytesToRead=0x2e2, lpNumberOfBytesRead=0xc00019fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000222000*, lpNumberOfBytesRead=0xc00019fc04*=0xe2, lpOverlapped=0x0) returned 1 [0098.578] ReadFile (in: hFile=0x174, lpBuffer=0xc0002220e2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00019fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002220e2*, lpNumberOfBytesRead=0xc00019fc04*=0x0, lpOverlapped=0x0) returned 1 [0098.578] CloseHandle (hObject=0x174) returned 1 [0098.578] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0098.579] VirtualAlloc (lpAddress=0xc000226000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000226000 [0098.579] VirtualAlloc (lpAddress=0xc000228000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000228000 [0098.580] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0098.581] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00019fd04 | out: lpMode=0xc00019fd04) returned 0 [0098.590] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.602] SetEvent (hEvent=0x15c) returned 1 [0098.602] SetEvent (hEvent=0x8c) returned 1 [0098.602] SwitchToThread () returned 1 [0098.605] SetEvent (hEvent=0x15c) returned 1 [0098.605] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.612] SetEvent (hEvent=0x15c) returned 1 [0098.612] SetEvent (hEvent=0x9c) returned 1 [0098.612] SwitchToThread () returned 1 [0098.616] SetEvent (hEvent=0x15c) returned 1 [0098.616] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.625] SetEvent (hEvent=0x15c) returned 1 [0098.625] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.627] SetEvent (hEvent=0x8c) returned 1 [0098.627] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.629] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.635] SetEvent (hEvent=0x15c) returned 1 [0098.635] SetEvent (hEvent=0x8c) returned 1 [0098.635] VirtualFree (lpAddress=0xc000204000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.635] VirtualFree (lpAddress=0xc00015c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.636] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0098.636] GetFileType (hFile=0x150) returned 0x1 [0098.636] WriteFile (in: hFile=0x150, lpBuffer=0xc00020e2d0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00010fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00020e2d0*, lpNumberOfBytesWritten=0xc00010fcec*=0xf0, lpOverlapped=0x0) returned 1 [0098.637] CloseHandle (hObject=0x150) returned 1 [0098.637] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0098.637] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0098.638] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0098.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0098.638] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00010fd64 | out: lpMode=0xc00010fd64) returned 0 [0098.640] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.642] GetFileType (hFile=0x150) returned 0x1 [0098.642] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc00010fd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.642] CloseHandle (hObject=0x150) returned 1 [0098.643] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.643] SwitchToThread () returned 1 [0098.644] SetEvent (hEvent=0x15c) returned 1 [0098.644] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.644] SetEvent (hEvent=0x15c) returned 1 [0098.644] SetEvent (hEvent=0x8c) returned 1 [0098.644] VirtualFree (lpAddress=0xc00022e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.645] VirtualFree (lpAddress=0xc00022a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.645] VirtualFree (lpAddress=0xc00020e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.645] VirtualFree (lpAddress=0xc0001d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.645] VirtualFree (lpAddress=0xc000178000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.645] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.646] VirtualFree (lpAddress=0xc000166000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.646] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.646] VirtualFree (lpAddress=0xc000158000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0098.647] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00013dcf4 | out: lpMode=0xc00013dcf4) returned 0 [0098.647] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.649] GetFileType (hFile=0x150) returned 0x1 [0098.649] GetFileType (hFile=0x150) returned 0x1 [0098.649] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00013dd44 | out: lpFileInformation=0xc00013dd44) returned 1 [0098.649] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00013dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013dd28) returned 1 [0098.649] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0098.649] ReadFile (in: hFile=0x150, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x2fe, lpNumberOfBytesRead=0xc00013dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc00013dc04*=0xfe, lpOverlapped=0x0) returned 1 [0098.651] ReadFile (in: hFile=0x150, lpBuffer=0xc0000360fe, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000360fe*, lpNumberOfBytesRead=0xc00013dc04*=0x0, lpOverlapped=0x0) returned 1 [0098.651] CloseHandle (hObject=0x150) returned 1 [0098.651] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0098.652] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00013dd04 | out: lpMode=0xc00013dd04) returned 0 [0098.653] GetFileType (hFile=0x150) returned 0x1 [0098.653] WriteFile (in: hFile=0x150, lpBuffer=0xc000000500*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc00013dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000000500*, lpNumberOfBytesWritten=0xc00013dcec*=0x100, lpOverlapped=0x0) returned 1 [0098.654] CloseHandle (hObject=0x150) returned 1 [0098.654] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0098.654] VirtualAlloc (lpAddress=0xc0001da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001da000 [0098.655] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0098.655] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0098.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0098.656] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00013dd64 | out: lpMode=0xc00013dd64) returned 0 [0098.656] GetFileType (hFile=0x150) returned 0x1 [0098.656] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00013dd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.656] CloseHandle (hObject=0x150) returned 1 [0098.657] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.664] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.665] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0098.665] SetEvent (hEvent=0xc0) returned 1 [0098.665] SetEvent (hEvent=0x9c) returned 1 [0098.665] SetEvent (hEvent=0x12c) returned 1 [0098.666] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0098.667] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.671] SetEvent (hEvent=0xb8) returned 1 [0098.671] SetEvent (hEvent=0x120) returned 1 [0098.671] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.676] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.677] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0098.677] SetEvent (hEvent=0x15c) returned 1 [0098.677] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.678] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0098.678] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00027bcf4 | out: lpMode=0xc00027bcf4) returned 0 [0098.680] GetFileType (hFile=0x148) returned 0x1 [0098.680] GetFileType (hFile=0x148) returned 0x1 [0098.680] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc00027bd44 | out: lpFileInformation=0xc00027bd44) returned 1 [0098.680] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc00027bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027bd28) returned 1 [0098.680] ReadFile (in: hFile=0x148, lpBuffer=0xc00004c300, nNumberOfBytesToRead=0x2de, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c300*, lpNumberOfBytesRead=0xc00027bc04*=0xde, lpOverlapped=0x0) returned 1 [0098.681] ReadFile (in: hFile=0x148, lpBuffer=0xc00004c3de, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c3de*, lpNumberOfBytesRead=0xc00027bc04*=0x0, lpOverlapped=0x0) returned 1 [0098.681] CloseHandle (hObject=0x148) returned 1 [0098.682] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0098.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0098.683] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00027bd04 | out: lpMode=0xc00027bd04) returned 0 [0098.746] GetFileType (hFile=0x148) returned 0x1 [0098.746] WriteFile (in: hFile=0x148, lpBuffer=0xc00023a000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00027bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00023a000*, lpNumberOfBytesWritten=0xc00027bcec*=0xe0, lpOverlapped=0x0) returned 1 [0098.747] CloseHandle (hObject=0x148) returned 1 [0098.748] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0098.748] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0098.748] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0098.749] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0098.749] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0098.749] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0098.750] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0098.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0098.751] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00027bd64 | out: lpMode=0xc00027bd64) returned 0 [0098.752] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.755] SetEvent (hEvent=0xc0) returned 1 [0098.755] SetEvent (hEvent=0x8c) returned 1 [0098.755] GetFileType (hFile=0x148) returned 0x1 [0098.755] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.763] WriteFile (in: hFile=0x148, lpBuffer=0xc0000fc000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc000*, lpNumberOfBytesWritten=0xc00027bd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.763] CloseHandle (hObject=0x148) returned 1 [0098.763] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.764] WriteFile (in: hFile=0x16c, lpBuffer=0xc00003c1e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000277cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c1e0*, lpNumberOfBytesWritten=0xc000277cec*=0xf0, lpOverlapped=0x0) returned 1 [0098.765] CloseHandle (hObject=0x16c) returned 1 [0098.765] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0098.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0098.766] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000277d64 | out: lpMode=0xc000277d64) returned 0 [0098.776] GetFileType (hFile=0x16c) returned 0x1 [0098.776] WriteFile (in: hFile=0x16c, lpBuffer=0xc0000fc580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000277d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc580*, lpNumberOfBytesWritten=0xc000277d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.776] CloseHandle (hObject=0x16c) returned 1 [0098.776] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.777] SwitchToThread () returned 1 [0098.778] SetEvent (hEvent=0x8c) returned 1 [0098.778] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.779] SetEvent (hEvent=0xb8) returned 1 [0098.779] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.781] SwitchToThread () returned 1 [0098.784] SetEvent (hEvent=0x8c) returned 1 [0098.784] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.784] SetEvent (hEvent=0xb8) returned 1 [0098.784] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.788] GetFileType (hFile=0x168) returned 0x1 [0098.789] GetFileType (hFile=0x168) returned 0x1 [0098.789] GetFileInformationByHandle (in: hFile=0x168, lpFileInformation=0xc0001afd44 | out: lpFileInformation=0xc0001afd44) returned 1 [0098.789] GetFileInformationByHandleEx (in: hFile=0x168, FileInformationClass=0x9, lpFileInformation=0xc0001afd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001afd28) returned 1 [0098.789] VirtualAlloc (lpAddress=0xc0001f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f4000 [0098.789] ReadFile (in: hFile=0x168, lpBuffer=0xc0001f4000, nNumberOfBytesToRead=0x2bf, lpNumberOfBytesRead=0xc0001afc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001f4000*, lpNumberOfBytesRead=0xc0001afc04*=0xbf, lpOverlapped=0x0) returned 1 [0098.791] ReadFile (in: hFile=0x168, lpBuffer=0xc0001f40bf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001afc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001f40bf*, lpNumberOfBytesRead=0xc0001afc04*=0x0, lpOverlapped=0x0) returned 1 [0098.791] CloseHandle (hObject=0x168) returned 1 [0098.791] VirtualAlloc (lpAddress=0xc0001f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f6000 [0098.791] VirtualAlloc (lpAddress=0xc0001f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f8000 [0098.791] VirtualAlloc (lpAddress=0xc0001fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fa000 [0098.792] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0098.793] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0001afd04 | out: lpMode=0xc0001afd04) returned 0 [0098.801] GetFileType (hFile=0x168) returned 0x1 [0098.801] WriteFile (in: hFile=0x168, lpBuffer=0xc0001f6000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0001afcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001f6000*, lpNumberOfBytesWritten=0xc0001afcec*=0xc0, lpOverlapped=0x0) returned 1 [0098.802] CloseHandle (hObject=0x168) returned 1 [0098.803] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0098.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0098.803] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0001afd64 | out: lpMode=0xc0001afd64) returned 0 [0098.815] GetFileType (hFile=0x168) returned 0x1 [0098.815] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0098.815] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0098.816] VirtualAlloc (lpAddress=0xc000268000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000268000 [0098.816] WriteFile (in: hFile=0x168, lpBuffer=0xc000268000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001afd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000268000*, lpNumberOfBytesWritten=0xc0001afd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.816] CloseHandle (hObject=0x168) returned 1 [0098.817] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0098.817] VirtualAlloc (lpAddress=0xc00026c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026c000 [0098.817] VirtualAlloc (lpAddress=0xc00026e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026e000 [0098.818] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.818] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.832] SetEvent (hEvent=0x12c) returned 1 [0098.832] SetEvent (hEvent=0x120) returned 1 [0098.832] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.837] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.838] SetEvent (hEvent=0xb8) returned 1 [0098.838] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.839] SwitchToThread () returned 1 [0098.930] SwitchToThread () returned 1 [0098.931] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.931] SetEvent (hEvent=0x12c) returned 1 [0098.931] SetEvent (hEvent=0xb8) returned 1 [0098.931] VirtualFree (lpAddress=0xc00027c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.931] VirtualFree (lpAddress=0xc00026c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0098.932] VirtualFree (lpAddress=0xc000264000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.932] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.932] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.932] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.933] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.933] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.933] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0098.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x168 [0098.934] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000067cf4 | out: lpMode=0xc000067cf4) returned 0 [0098.938] GetFileType (hFile=0x168) returned 0x1 [0098.938] GetFileType (hFile=0x168) returned 0x1 [0098.939] GetFileInformationByHandle (in: hFile=0x168, lpFileInformation=0xc000067d44 | out: lpFileInformation=0xc000067d44) returned 1 [0098.939] GetFileInformationByHandleEx (in: hFile=0x168, FileInformationClass=0x9, lpFileInformation=0xc000067d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000067d28) returned 1 [0098.939] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0098.939] ReadFile (in: hFile=0x168, lpBuffer=0xc000158000, nNumberOfBytesToRead=0x30a, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc000158000*, lpNumberOfBytesRead=0xc000067c04*=0x10a, lpOverlapped=0x0) returned 1 [0098.940] ReadFile (in: hFile=0x168, lpBuffer=0xc00015810a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc00015810a*, lpNumberOfBytesRead=0xc000067c04*=0x0, lpOverlapped=0x0) returned 1 [0098.940] CloseHandle (hObject=0x168) returned 1 [0098.940] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0098.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0098.941] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000067d04 | out: lpMode=0xc000067d04) returned 0 [0098.947] GetFileType (hFile=0x168) returned 0x1 [0098.947] WriteFile (in: hFile=0x168, lpBuffer=0xc00015a000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000067cec, lpOverlapped=0x0 | out: lpBuffer=0xc00015a000*, lpNumberOfBytesWritten=0xc000067cec*=0x110, lpOverlapped=0x0) returned 1 [0098.948] CloseHandle (hObject=0x168) returned 1 [0098.948] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0098.948] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0098.948] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0098.948] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0098.949] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0098.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0098.949] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000067d64 | out: lpMode=0xc000067d64) returned 0 [0098.950] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.953] SetEvent (hEvent=0xb8) returned 1 [0098.953] GetFileType (hFile=0x168) returned 0x1 [0098.953] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.962] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0098.962] WriteFile (in: hFile=0x168, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000067d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000067d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.963] CloseHandle (hObject=0x168) returned 1 [0098.963] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0098.963] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0098.964] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.964] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0098.964] SetEvent (hEvent=0x120) returned 1 [0098.964] SetEvent (hEvent=0x8c) returned 1 [0098.965] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.969] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.969] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.973] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.973] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0098.973] SetEvent (hEvent=0x8c) returned 1 [0098.973] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.978] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.978] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.978] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0098.978] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0098.979] SetEvent (hEvent=0xc0) returned 1 [0098.979] SetEvent (hEvent=0x15c) returned 1 [0098.979] SetEvent (hEvent=0xb8) returned 1 [0098.979] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.981] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.985] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.985] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0098.985] SetEvent (hEvent=0x12c) returned 1 [0098.985] SetEvent (hEvent=0x15c) returned 1 [0098.985] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.988] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x842481d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.988] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x844eed30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x0, dwReserved1=0x0, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0098.988] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8424a8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8424a8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0098.988] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.988] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.988] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x844eed30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844eed30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844eed30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160)) returned 1 [0098.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8424a8e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8424a8e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56)) returned 1 [0099.000] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0099.000] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84234950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd47)) returned 1 [0099.000] VirtualAlloc (lpAddress=0xc000190000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000190000 [0099.001] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84239770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x844b1ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b1ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9d)) returned 1 [0099.002] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8423be80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8423e590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5c)) returned 1 [0099.002] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84240ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84240ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5f)) returned 1 [0099.002] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x840205b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84245ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844aa770, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d6)) returned 1 [0099.002] VirtualAlloc (lpAddress=0xc00017e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017e000 [0099.003] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0099.003] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0099.004] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0099.004] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x862fc2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86322450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86322450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.016] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.019] SetEvent (hEvent=0x8c) returned 1 [0099.019] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.026] SetEvent (hEvent=0x8c) returned 1 [0099.026] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.028] SetEvent (hEvent=0x120) returned 1 [0099.028] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.031] SetEvent (hEvent=0x8c) returned 1 [0099.031] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.032] SetEvent (hEvent=0x8c) returned 1 [0099.032] SetEvent (hEvent=0xb8) returned 1 [0099.032] VirtualFree (lpAddress=0xc00027e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.033] VirtualFree (lpAddress=0xc000166000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.033] VirtualFree (lpAddress=0xc00015c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.033] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.033] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.034] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.034] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.034] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.034] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.035] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0099.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0099.035] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000197cf4 | out: lpMode=0xc000197cf4) returned 0 [0099.042] GetFileType (hFile=0x144) returned 0x1 [0099.042] GetFileType (hFile=0x144) returned 0x1 [0099.042] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000197d44 | out: lpFileInformation=0xc000197d44) returned 1 [0099.042] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000197d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000197d28) returned 1 [0099.042] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0099.043] ReadFile (in: hFile=0x144, lpBuffer=0xc000060000, nNumberOfBytesToRead=0x29d, lpNumberOfBytesRead=0xc000197c04, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesRead=0xc000197c04*=0x9d, lpOverlapped=0x0) returned 1 [0099.044] ReadFile (in: hFile=0x144, lpBuffer=0xc00006009d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000197c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006009d*, lpNumberOfBytesRead=0xc000197c04*=0x0, lpOverlapped=0x0) returned 1 [0099.044] CloseHandle (hObject=0x144) returned 1 [0099.044] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0099.045] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0099.045] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0099.046] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000197d04 | out: lpMode=0xc000197d04) returned 0 [0099.062] GetFileType (hFile=0x144) returned 0x1 [0099.062] WriteFile (in: hFile=0x144, lpBuffer=0xc0003d0000*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0xc000197cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d0000*, lpNumberOfBytesWritten=0xc000197cec*=0xa0, lpOverlapped=0x0) returned 1 [0099.064] CloseHandle (hObject=0x144) returned 1 [0099.064] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0099.064] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0099.065] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0099.065] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0099.065] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0099.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0099.066] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000197d64 | out: lpMode=0xc000197d64) returned 0 [0099.073] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.078] SetEvent (hEvent=0x120) returned 1 [0099.078] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.097] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0099.098] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0099.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.098] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0099.099] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\*", lpFindFileData=0xc0000751d0 | out: lpFindFileData=0xc0000751d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x862fc2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86322450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86322450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x862fc2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86322450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86322450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1.4_0", cAlternateFileName="")) returned 1 [0099.099] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.099] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.099] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.099] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\*", lpFindFileData=0xc0000750f8 | out: lpFindFileData=0xc0000750f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.105] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.105] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1378, dwReserved0=0x0, dwReserved1=0x0, cFileName="128.png", cAlternateFileName="")) returned 1 [0099.105] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1103, dwReserved0=0x0, dwReserved1=0x0, cFileName="contentscript_bin_prod.js", cAlternateFileName="CONTEN~1.JS")) returned 1 [0099.105] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x356, dwReserved0=0x0, dwReserved1=0x0, cFileName="dasherSettingSchema.json", cAlternateFileName="DASHER~1.JSO")) returned 1 [0099.105] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x5b6c, dwReserved0=0x0, dwReserved1=0x0, cFileName="eventpage_bin_prod.js", cAlternateFileName="EVENTP~1.JS")) returned 1 [0099.105] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0099.105] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86012940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="page_embed_script.js", cAlternateFileName="PAGE_E~1.JS")) returned 1 [0099.105] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0099.105] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86012940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8636e710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8636e710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0099.105] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.105] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.107] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x862fc2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1378)) returned 1 [0099.108] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.108] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.108] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.116] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.117] SetEvent (hEvent=0xb8) returned 1 [0099.117] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.133] SetEvent (hEvent=0x120) returned 1 [0099.133] SetEvent (hEvent=0x8c) returned 1 [0099.133] SetEvent (hEvent=0x15c) returned 1 [0099.133] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.140] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.149] SetEvent (hEvent=0x120) returned 1 [0099.149] SwitchToThread () returned 1 [0099.151] SetEvent (hEvent=0x120) returned 1 [0099.152] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.153] SetEvent (hEvent=0xb8) returned 1 [0099.153] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.155] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.169] SetEvent (hEvent=0x120) returned 1 [0099.169] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.171] SetEvent (hEvent=0xb8) returned 1 [0099.171] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.174] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.176] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.178] SetEvent (hEvent=0x120) returned 1 [0099.178] SetEvent (hEvent=0xb8) returned 1 [0099.178] VirtualFree (lpAddress=0xc0001d6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0099.179] VirtualFree (lpAddress=0xc000162000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0099.179] VirtualFree (lpAddress=0xc000158000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.179] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.180] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.180] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.182] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.184] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dd4d90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="af", cAlternateFileName="")) returned 1 [0099.184] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="am", cAlternateFileName="")) returned 1 [0099.184] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ar", cAlternateFileName="")) returned 1 [0099.184] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="az", cAlternateFileName="")) returned 1 [0099.184] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bg", cAlternateFileName="")) returned 1 [0099.184] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bn", cAlternateFileName="")) returned 1 [0099.184] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ca", cAlternateFileName="")) returned 1 [0099.184] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="cs", cAlternateFileName="")) returned 1 [0099.184] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="da", cAlternateFileName="")) returned 1 [0099.184] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="de", cAlternateFileName="")) returned 1 [0099.184] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="el", cAlternateFileName="")) returned 1 [0099.184] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_GB", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en_US", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="es_419", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="et", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eu", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fa", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fi", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fil", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="fr_CA", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gl", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="gu", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hi", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hr", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e95b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e95b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e95b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hu", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="hy", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="id", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="is", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="it", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ebbce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ebbce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ebbce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iw", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ja", cAlternateFileName="")) returned 1 [0099.185] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ka", cAlternateFileName="")) returned 1 [0099.186] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="km", cAlternateFileName="")) returned 1 [0099.186] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="kn", cAlternateFileName="")) returned 1 [0099.186] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ko", cAlternateFileName="")) returned 1 [0099.186] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lo", cAlternateFileName="")) returned 1 [0099.186] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lt", cAlternateFileName="")) returned 1 [0099.188] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lv", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ml", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mn", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="mr", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ms", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ne", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nl", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="no", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pl", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ro", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ru", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="si", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sk", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sl", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sr", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sv", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sw", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ta", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="te", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="th", cAlternateFileName="")) returned 1 [0099.189] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tr", cAlternateFileName="")) returned 1 [0099.190] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uk", cAlternateFileName="")) returned 1 [0099.190] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ur", cAlternateFileName="")) returned 1 [0099.190] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fc6680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fc6680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fc6680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vi", cAlternateFileName="")) returned 1 [0099.190] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0099.190] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_HK", cAlternateFileName="")) returned 1 [0099.190] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0099.190] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fec7e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fec7e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fec7e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zu", cAlternateFileName="")) returned 1 [0099.190] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.190] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0099.190] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.192] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dd4d90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.196] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.196] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dd4d90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.196] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0099.197] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dd4d90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.197] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x84, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.197] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.197] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.197] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0099.198] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dd4d90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dd4d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x84)) returned 1 [0099.198] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.198] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.198] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.199] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.199] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.199] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.199] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x103)) returned 1 [0099.199] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.208] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0099.208] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0099.209] VirtualAlloc (lpAddress=0xc0001e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e0000 [0099.209] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.209] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0099.209] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.210] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.210] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.210] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.210] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.210] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0099.210] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0099.211] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed)) returned 1 [0099.211] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.211] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.212] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.212] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.212] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.212] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.212] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0xa7)) returned 1 [0099.212] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.219] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.219] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.219] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.219] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x114, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.219] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.219] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.219] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x114)) returned 1 [0099.219] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.220] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.220] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.220] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.220] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.220] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.220] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14b)) returned 1 [0099.221] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.222] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.227] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.227] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.227] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfaef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85dfaef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.227] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.227] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.228] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.228] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0099.228] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85dfaef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85dfbe90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf)) returned 1 [0099.228] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0099.229] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.229] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.229] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.229] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.229] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xad, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.229] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.229] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.229] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xad)) returned 1 [0099.230] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.236] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.236] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.236] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.236] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xac, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.236] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.236] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.236] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xac)) returned 1 [0099.236] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.237] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.237] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.237] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0099.237] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.237] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.237] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.237] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.238] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc1)) returned 1 [0099.238] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.247] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.247] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.248] VirtualAlloc (lpAddress=0xc0001f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f0000 [0099.248] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.248] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.248] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.248] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.248] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12a)) returned 1 [0099.249] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.249] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.249] VirtualAlloc (lpAddress=0xc0001f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f2000 [0099.249] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.249] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e23760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e23760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.249] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.250] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.250] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.250] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e256a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb2)) returned 1 [0099.250] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.263] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.263] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.263] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0099.264] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e23760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.264] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.264] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.264] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0099.264] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.264] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109)) returned 1 [0099.265] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.265] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.265] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.265] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.265] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.265] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.265] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.265] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcc)) returned 1 [0099.266] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.269] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.271] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.271] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.271] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.271] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.271] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.271] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.271] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3)) returned 1 [0099.271] VirtualAlloc (lpAddress=0xc0001b8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b8000 [0099.272] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.272] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0099.273] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.273] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.273] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.273] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.273] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.273] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.273] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4)) returned 1 [0099.274] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.275] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.275] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0099.275] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.276] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.276] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x98, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.276] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.276] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x98)) returned 1 [0099.276] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.276] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.276] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.277] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e498c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e498c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.277] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xff, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.277] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.277] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.277] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e4a090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xff)) returned 1 [0099.277] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.282] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.284] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.284] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.284] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e498c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.284] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.284] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.284] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.284] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb7)) returned 1 [0099.285] VirtualAlloc (lpAddress=0xc0001c4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c4000 [0099.285] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.285] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.286] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.286] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.286] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.286] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.286] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.286] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc7)) returned 1 [0099.286] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.305] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.305] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.305] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.305] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.305] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.305] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.305] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e71190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb)) returned 1 [0099.305] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85e6fa20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.310] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.316] SetEvent (hEvent=0x15c) returned 1 [0099.316] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.317] SetEvent (hEvent=0x12c) returned 1 [0099.317] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0099.334] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0001b9cf4 | out: lpMode=0xc0001b9cf4) returned 0 [0099.337] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.351] SetEvent (hEvent=0x9c) returned 1 [0099.351] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.352] SetEvent (hEvent=0x12c) returned 1 [0099.352] SetEvent (hEvent=0x15c) returned 1 [0099.352] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.385] SetEvent (hEvent=0x12c) returned 1 [0099.385] SetEvent (hEvent=0xb8) returned 1 [0099.385] SetEvent (hEvent=0x100) returned 1 [0099.385] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.400] SetEvent (hEvent=0x15c) returned 1 [0099.400] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.414] SetEvent (hEvent=0x100) returned 1 [0099.414] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.416] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.417] SetEvent (hEvent=0x100) returned 1 [0099.417] SetEvent (hEvent=0x12c) returned 1 [0099.417] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.417] VirtualFree (lpAddress=0xc000158000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.418] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.418] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.418] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.418] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.418] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0099.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0099.419] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00014bcf4 | out: lpMode=0xc00014bcf4) returned 0 [0099.426] GetFileType (hFile=0x150) returned 0x1 [0099.426] GetFileType (hFile=0x150) returned 0x1 [0099.426] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00014bd44 | out: lpFileInformation=0xc00014bd44) returned 1 [0099.426] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00014bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014bd28) returned 1 [0099.426] ReadFile (in: hFile=0x150, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0x2ed, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc00014bc04*=0xed, lpOverlapped=0x0) returned 1 [0099.427] ReadFile (in: hFile=0x150, lpBuffer=0xc00006a0ed, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a0ed*, lpNumberOfBytesRead=0xc00014bc04*=0x0, lpOverlapped=0x0) returned 1 [0099.428] CloseHandle (hObject=0x150) returned 1 [0099.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.429] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00014bd04 | out: lpMode=0xc00014bd04) returned 0 [0099.432] GetFileType (hFile=0x150) returned 0x1 [0099.432] WriteFile (in: hFile=0x150, lpBuffer=0xc00006c1e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00014bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00006c1e0*, lpNumberOfBytesWritten=0xc00014bcec*=0xf0, lpOverlapped=0x0) returned 1 [0099.433] CloseHandle (hObject=0x150) returned 1 [0099.433] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0099.433] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.433] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00014bd64 | out: lpMode=0xc00014bd64) returned 0 [0099.507] SwitchToThread () returned 1 [0099.508] GetFileType (hFile=0x150) returned 0x1 [0099.508] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0099.509] WriteFile (in: hFile=0x150, lpBuffer=0xc0001d6000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6000*, lpNumberOfBytesWritten=0xc00014bd4c*=0x158, lpOverlapped=0x0) returned 1 [0099.509] CloseHandle (hObject=0x150) returned 1 [0099.509] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.510] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.511] SetEvent (hEvent=0x12c) returned 1 [0099.511] SetEvent (hEvent=0xb8) returned 1 [0099.511] VirtualFree (lpAddress=0xc000160000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0099.511] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.512] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.512] GetFileType (hFile=0x144) returned 0x1 [0099.512] WriteFile (in: hFile=0x144, lpBuffer=0xc0001e0000*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0xc0000f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e0000*, lpNumberOfBytesWritten=0xc0000f7cec*=0xb0, lpOverlapped=0x0) returned 1 [0099.513] CloseHandle (hObject=0x144) returned 1 [0099.513] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0099.513] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0099.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0099.514] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000f7d64 | out: lpMode=0xc0000f7d64) returned 0 [0099.518] GetFileType (hFile=0x144) returned 0x1 [0099.518] WriteFile (in: hFile=0x144, lpBuffer=0xc0001d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6580*, lpNumberOfBytesWritten=0xc0000f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.518] CloseHandle (hObject=0x144) returned 1 [0099.518] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0099.519] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00012dcf4 | out: lpMode=0xc00012dcf4) returned 0 [0099.526] GetFileType (hFile=0x144) returned 0x1 [0099.526] GetFileType (hFile=0x144) returned 0x1 [0099.526] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc00012dd44 | out: lpFileInformation=0xc00012dd44) returned 1 [0099.526] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc00012dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012dd28) returned 1 [0099.526] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0099.526] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0099.527] ReadFile (in: hFile=0x144, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0x2ac, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc00012dc04*=0xac, lpOverlapped=0x0) returned 1 [0099.528] ReadFile (in: hFile=0x144, lpBuffer=0xc00011c0ac, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c0ac*, lpNumberOfBytesRead=0xc00012dc04*=0x0, lpOverlapped=0x0) returned 1 [0099.528] CloseHandle (hObject=0x144) returned 1 [0099.528] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0099.528] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0099.529] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc00012dd04 | out: lpMode=0xc00012dd04) returned 0 [0099.531] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.535] SetEvent (hEvent=0xb8) returned 1 [0099.535] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.544] SetEvent (hEvent=0x15c) returned 1 [0099.544] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.555] SetEvent (hEvent=0x120) returned 1 [0099.556] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.558] SetEvent (hEvent=0x15c) returned 1 [0099.558] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.560] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.572] SetEvent (hEvent=0x120) returned 1 [0099.572] VirtualFree (lpAddress=0xc0001d0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.572] VirtualFree (lpAddress=0xc000176000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.573] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.573] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0099.573] GetFileType (hFile=0x168) returned 0x1 [0099.573] GetFileType (hFile=0x168) returned 0x1 [0099.574] GetFileInformationByHandle (in: hFile=0x168, lpFileInformation=0xc0000c1d44 | out: lpFileInformation=0xc0000c1d44) returned 1 [0099.574] GetFileInformationByHandleEx (in: hFile=0x168, FileInformationClass=0x9, lpFileInformation=0xc0000c1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c1d28) returned 1 [0099.574] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0099.574] ReadFile (in: hFile=0x168, lpBuffer=0xc00015a000, nNumberOfBytesToRead=0x2ad, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00015a000*, lpNumberOfBytesRead=0xc0000c1c04*=0xad, lpOverlapped=0x0) returned 1 [0099.575] ReadFile (in: hFile=0x168, lpBuffer=0xc00015a0ad, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00015a0ad*, lpNumberOfBytesRead=0xc0000c1c04*=0x0, lpOverlapped=0x0) returned 1 [0099.575] CloseHandle (hObject=0x168) returned 1 [0099.575] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0099.576] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0000c1d04 | out: lpMode=0xc0000c1d04) returned 0 [0099.584] GetFileType (hFile=0x168) returned 0x1 [0099.584] WriteFile (in: hFile=0x168, lpBuffer=0xc0001e0000*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0xc0000c1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e0000*, lpNumberOfBytesWritten=0xc0000c1cec*=0xb0, lpOverlapped=0x0) returned 1 [0099.585] CloseHandle (hObject=0x168) returned 1 [0099.585] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0099.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0099.585] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0000c1d64 | out: lpMode=0xc0000c1d64) returned 0 [0099.588] GetFileType (hFile=0x168) returned 0x1 [0099.588] WriteFile (in: hFile=0x168, lpBuffer=0xc0001d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6b00*, lpNumberOfBytesWritten=0xc0000c1d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.588] CloseHandle (hObject=0x168) returned 1 [0099.588] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.589] SwitchToThread () returned 1 [0099.590] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.591] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.592] SetEvent (hEvent=0x120) returned 1 [0099.592] SetEvent (hEvent=0x12c) returned 1 [0099.592] VirtualFree (lpAddress=0xc00015a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.593] VirtualFree (lpAddress=0xc000144000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.593] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.593] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.594] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.594] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.594] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.594] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0099.595] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.595] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.595] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0099.596] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000257cf4 | out: lpMode=0xc000257cf4) returned 0 [0099.598] GetFileType (hFile=0x148) returned 0x1 [0099.598] GetFileType (hFile=0x148) returned 0x1 [0099.598] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000257d44 | out: lpFileInformation=0xc000257d44) returned 1 [0099.598] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000257d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000257d28) returned 1 [0099.598] ReadFile (in: hFile=0x148, lpBuffer=0xc000052000, nNumberOfBytesToRead=0x31e, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfBytesRead=0xc000257c04*=0x11e, lpOverlapped=0x0) returned 1 [0099.599] ReadFile (in: hFile=0x148, lpBuffer=0xc00005211e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005211e*, lpNumberOfBytesRead=0xc000257c04*=0x0, lpOverlapped=0x0) returned 1 [0099.599] CloseHandle (hObject=0x148) returned 1 [0099.599] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0099.600] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0099.601] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000257d04 | out: lpMode=0xc000257d04) returned 0 [0099.605] GetFileType (hFile=0x148) returned 0x1 [0099.605] WriteFile (in: hFile=0x148, lpBuffer=0xc000054000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc000257cec, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesWritten=0xc000257cec*=0x120, lpOverlapped=0x0) returned 1 [0099.607] CloseHandle (hObject=0x148) returned 1 [0099.607] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0099.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0099.607] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000257d64 | out: lpMode=0xc000257d64) returned 0 [0099.613] GetFileType (hFile=0x148) returned 0x1 [0099.613] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000257d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000257d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.613] CloseHandle (hObject=0x148) returned 1 [0099.613] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.616] GetFileType (hFile=0x16c) returned 0x1 [0099.617] WriteFile (in: hFile=0x16c, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000129d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000129d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.617] CloseHandle (hObject=0x16c) returned 1 [0099.617] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0099.617] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0099.617] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.618] GetFileType (hFile=0x174) returned 0x1 [0099.618] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc0001c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.618] CloseHandle (hObject=0x174) returned 1 [0099.618] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.619] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0099.619] ReadFile (in: hFile=0x128, lpBuffer=0xc000166000, nNumberOfBytesToRead=0x2d2, lpNumberOfBytesRead=0xc000139c04, lpOverlapped=0x0 | out: lpBuffer=0xc000166000*, lpNumberOfBytesRead=0xc000139c04*=0xd2, lpOverlapped=0x0) returned 1 [0099.620] ReadFile (in: hFile=0x128, lpBuffer=0xc0001660d2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000139c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001660d2*, lpNumberOfBytesRead=0xc000139c04*=0x0, lpOverlapped=0x0) returned 1 [0099.620] CloseHandle (hObject=0x128) returned 1 [0099.620] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0099.621] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_ca\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0099.621] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000139d04 | out: lpMode=0xc000139d04) returned 0 [0099.624] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.629] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.630] SetEvent (hEvent=0x100) returned 1 [0099.630] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.635] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0099.636] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0099.636] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0099.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0099.637] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000137cf4 | out: lpMode=0xc000137cf4) returned 0 [0099.644] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.648] SwitchToThread () returned 1 [0099.755] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.767] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0099.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0099.768] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001bfcf4 | out: lpMode=0xc0001bfcf4) returned 0 [0099.774] GetFileType (hFile=0x144) returned 0x1 [0099.774] GetFileType (hFile=0x144) returned 0x1 [0099.774] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0001bfd44 | out: lpFileInformation=0xc0001bfd44) returned 1 [0099.774] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0001bfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bfd28) returned 1 [0099.774] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0099.774] ReadFile (in: hFile=0x144, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x2e3, lpNumberOfBytesRead=0xc0001bfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc0001bfc04*=0xe3, lpOverlapped=0x0) returned 1 [0099.775] ReadFile (in: hFile=0x144, lpBuffer=0xc00004c0e3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c0e3*, lpNumberOfBytesRead=0xc0001bfc04*=0x0, lpOverlapped=0x0) returned 1 [0099.776] CloseHandle (hObject=0x144) returned 1 [0099.776] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0099.777] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001bfd04 | out: lpMode=0xc0001bfd04) returned 0 [0099.785] GetFileType (hFile=0x144) returned 0x1 [0099.785] WriteFile (in: hFile=0x144, lpBuffer=0xc0000541e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0001bfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000541e0*, lpNumberOfBytesWritten=0xc0001bfcec*=0xf0, lpOverlapped=0x0) returned 1 [0099.786] CloseHandle (hObject=0x144) returned 1 [0099.786] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0099.787] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0099.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0099.787] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001bfd64 | out: lpMode=0xc0001bfd64) returned 0 [0099.789] GetFileType (hFile=0x144) returned 0x1 [0099.789] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001bfd4c*=0x158, lpOverlapped=0x0) returned 1 [0099.790] CloseHandle (hObject=0x144) returned 1 [0099.790] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0099.790] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0099.790] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.791] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.795] SetEvent (hEvent=0xfc) returned 1 [0099.795] VirtualFree (lpAddress=0xc000176000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0099.796] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.796] VirtualFree (lpAddress=0xc000158000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.796] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.796] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0099.797] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.797] GetFileType (hFile=0x174) returned 0x1 [0099.797] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc000115d44 | out: lpFileInformation=0xc000115d44) returned 1 [0099.797] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc000115d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000115d28) returned 1 [0099.797] ReadFile (in: hFile=0x174, lpBuffer=0xc000052000, nNumberOfBytesToRead=0x2c8, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfBytesRead=0xc000115c04*=0xc8, lpOverlapped=0x0) returned 1 [0099.798] ReadFile (in: hFile=0x174, lpBuffer=0xc0000520c8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000520c8*, lpNumberOfBytesRead=0xc000115c04*=0x0, lpOverlapped=0x0) returned 1 [0099.798] CloseHandle (hObject=0x174) returned 1 [0099.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0099.799] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000115d04 | out: lpMode=0xc000115d04) returned 0 [0099.801] GetFileType (hFile=0x174) returned 0x1 [0099.801] WriteFile (in: hFile=0x174, lpBuffer=0xc00006c000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc000115cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesWritten=0xc000115cec*=0xd0, lpOverlapped=0x0) returned 1 [0099.802] CloseHandle (hObject=0x174) returned 1 [0099.802] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0099.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0099.803] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000115d64 | out: lpMode=0xc000115d64) returned 0 [0099.805] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.809] GetFileType (hFile=0x174) returned 0x1 [0099.809] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000115d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000115d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.809] CloseHandle (hObject=0x174) returned 1 [0099.809] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.810] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.810] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.811] SetEvent (hEvent=0x120) returned 1 [0099.811] SetEvent (hEvent=0x100) returned 1 [0099.811] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.811] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.811] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.811] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.812] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.812] VirtualFree (lpAddress=0xc000052000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0099.812] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0099.813] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0000e5cf4 | out: lpMode=0xc0000e5cf4) returned 0 [0099.813] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.815] GetFileType (hFile=0x174) returned 0x1 [0099.815] GetFileType (hFile=0x174) returned 0x1 [0099.815] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0000e5d44 | out: lpFileInformation=0xc0000e5d44) returned 1 [0099.815] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0000e5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000e5d28) returned 1 [0099.815] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0099.815] ReadFile (in: hFile=0x174, lpBuffer=0xc0000ce000, nNumberOfBytesToRead=0x2bb, lpNumberOfBytesRead=0xc0000e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesRead=0xc0000e5c04*=0xbb, lpOverlapped=0x0) returned 1 [0099.816] ReadFile (in: hFile=0x174, lpBuffer=0xc0000ce0bb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce0bb*, lpNumberOfBytesRead=0xc0000e5c04*=0x0, lpOverlapped=0x0) returned 1 [0099.816] CloseHandle (hObject=0x174) returned 1 [0099.817] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0099.817] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0099.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0099.818] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0000e5d04 | out: lpMode=0xc0000e5d04) returned 0 [0099.819] GetFileType (hFile=0x174) returned 0x1 [0099.819] WriteFile (in: hFile=0x174, lpBuffer=0xc0000dc000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0000e5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesWritten=0xc0000e5cec*=0xc0, lpOverlapped=0x0) returned 1 [0099.820] CloseHandle (hObject=0x174) returned 1 [0099.820] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0099.820] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0099.820] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0000e5d64 | out: lpMode=0xc0000e5d64) returned 0 [0099.820] GetFileType (hFile=0x174) returned 0x1 [0099.820] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000e5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000e5d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.820] CloseHandle (hObject=0x174) returned 1 [0099.821] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.821] VirtualFree (lpAddress=0xc0001d6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.821] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.822] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.822] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0099.822] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000119cf4 | out: lpMode=0xc000119cf4) returned 0 [0099.823] GetFileType (hFile=0x174) returned 0x1 [0099.823] GetFileType (hFile=0x174) returned 0x1 [0099.823] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc000119d44 | out: lpFileInformation=0xc000119d44) returned 1 [0099.823] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc000119d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000119d28) returned 1 [0099.823] ReadFile (in: hFile=0x174, lpBuffer=0xc0000ce2c0, nNumberOfBytesToRead=0x2b6, lpNumberOfBytesRead=0xc000119c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce2c0*, lpNumberOfBytesRead=0xc000119c04*=0xb6, lpOverlapped=0x0) returned 1 [0099.824] ReadFile (in: hFile=0x174, lpBuffer=0xc0000ce376, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000119c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce376*, lpNumberOfBytesRead=0xc000119c04*=0x0, lpOverlapped=0x0) returned 1 [0099.824] CloseHandle (hObject=0x174) returned 1 [0099.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0099.825] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000119d04 | out: lpMode=0xc000119d04) returned 0 [0099.825] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.827] GetFileType (hFile=0x174) returned 0x1 [0099.828] WriteFile (in: hFile=0x174, lpBuffer=0xc0000dc0c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000119cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc0c0*, lpNumberOfBytesWritten=0xc000119cec*=0xc0, lpOverlapped=0x0) returned 1 [0099.829] CloseHandle (hObject=0x174) returned 1 [0099.829] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0099.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0099.829] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000119d64 | out: lpMode=0xc000119d64) returned 0 [0099.830] GetFileType (hFile=0x174) returned 0x1 [0099.830] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000119d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000119d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.830] CloseHandle (hObject=0x174) returned 1 [0099.830] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.831] VirtualFree (lpAddress=0xc000160000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0099.831] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.831] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.832] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.832] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.832] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0099.833] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0099.834] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00018bd04 | out: lpMode=0xc00018bd04) returned 0 [0099.837] GetFileType (hFile=0x174) returned 0x1 [0099.837] WriteFile (in: hFile=0x174, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xc00018bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc00018bcec*=0x2a0, lpOverlapped=0x0) returned 1 [0099.839] CloseHandle (hObject=0x174) returned 1 [0099.839] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0099.839] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0099.839] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0099.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0099.840] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00018bd64 | out: lpMode=0xc00018bd64) returned 0 [0099.841] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.847] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.852] SetEvent (hEvent=0xfc) returned 1 [0099.852] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.857] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.858] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0099.858] SetEvent (hEvent=0x15c) returned 1 [0099.858] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.872] SetEvent (hEvent=0x15c) returned 1 [0099.872] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.876] SetEvent (hEvent=0xfc) returned 1 [0099.876] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0099.983] SetEvent (hEvent=0x120) returned 1 [0099.984] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0100.005] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0100.005] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0100.005] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0100.006] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc0000f3cf4 | out: lpMode=0xc0000f3cf4) returned 0 [0100.016] GetFileType (hFile=0x16c) returned 0x1 [0100.016] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0100.016] GetFileType (hFile=0x16c) returned 0x1 [0100.017] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc0000f3d44 | out: lpFileInformation=0xc0000f3d44) returned 1 [0100.017] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc0000f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f3d28) returned 1 [0100.017] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0100.017] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0100.017] ReadFile (in: hFile=0x16c, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x32c, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc0000f3c04*=0x12c, lpOverlapped=0x0) returned 1 [0100.019] ReadFile (in: hFile=0x16c, lpBuffer=0xc0000a212c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a212c*, lpNumberOfBytesRead=0xc0000f3c04*=0x0, lpOverlapped=0x0) returned 1 [0100.019] CloseHandle (hObject=0x16c) returned 1 [0100.019] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0100.019] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0100.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0100.021] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc0000f3d04 | out: lpMode=0xc0000f3d04) returned 0 [0100.022] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0100.043] GetFileType (hFile=0x16c) returned 0x1 [0100.043] WriteFile (in: hFile=0x16c, lpBuffer=0xc000164140*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0xc0000f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000164140*, lpNumberOfBytesWritten=0xc0000f3cec*=0x130, lpOverlapped=0x0) returned 1 [0100.044] CloseHandle (hObject=0x16c) returned 1 [0100.044] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0100.044] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0100.045] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0100.045] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc0000f3d64 | out: lpMode=0xc0000f3d64) returned 0 [0100.067] GetFileType (hFile=0x16c) returned 0x1 [0100.067] WriteFile (in: hFile=0x16c, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0000f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.067] CloseHandle (hObject=0x16c) returned 1 [0100.067] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.068] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0100.068] SetEvent (hEvent=0x12c) returned 1 [0100.068] SetEvent (hEvent=0xb8) returned 1 [0100.069] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.077] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0100.077] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.080] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0100.080] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0100.080] SetEvent (hEvent=0x8c) returned 1 [0100.080] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.098] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0100.098] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0100.099] SetEvent (hEvent=0xb8) returned 1 [0100.099] SetEvent (hEvent=0x12c) returned 1 [0100.100] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.101] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0100.101] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.105] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0100.105] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.106] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0100.106] SetEvent (hEvent=0xc0) returned 1 [0100.106] SetEvent (hEvent=0x120) returned 1 [0100.106] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.106] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0100.107] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000135cf4 | out: lpMode=0xc000135cf4) returned 0 [0100.107] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0100.112] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0100.113] SetEvent (hEvent=0x8c) returned 1 [0100.113] SetEvent (hEvent=0x100) returned 1 [0100.113] VirtualFree (lpAddress=0xc0001ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.113] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.113] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.114] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.114] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.114] VirtualFree (lpAddress=0xc00005a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0100.114] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.115] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.115] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.115] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.115] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.115] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.115] VirtualAlloc (lpAddress=0xc0001f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f2000 [0100.116] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb4)) returned 1 [0100.116] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.116] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.116] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.116] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.116] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.116] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.117] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.117] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_br\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb)) returned 1 [0100.117] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.121] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.121] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.121] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.121] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.121] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.121] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.122] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_pt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6)) returned 1 [0100.122] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.122] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.122] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.122] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.122] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.122] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.123] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf)) returned 1 [0100.123] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.140] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.140] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.140] VirtualAlloc (lpAddress=0xc0001f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f4000 [0100.141] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.141] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.141] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.141] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.141] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x119)) returned 1 [0100.141] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.142] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.142] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.142] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x14e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.142] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.142] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.142] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x14e)) returned 1 [0100.142] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.156] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0100.157] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0100.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.157] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.158] VirtualAlloc (lpAddress=0xc0001cc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001cc000 [0100.158] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.158] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.158] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.158] VirtualAlloc (lpAddress=0xc0001d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d0000 [0100.159] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc5)) returned 1 [0100.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.160] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.160] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7a3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f7a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.160] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.160] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.160] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.160] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f7a3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f7b360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbe)) returned 1 [0100.160] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85fa0520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85fa0520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85fa0520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.170] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0100.184] SetEvent (hEvent=0xb8) returned 1 [0100.184] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.081] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0102.081] VirtualAlloc (lpAddress=0xc000200000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000200000 [0102.082] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0102.082] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0004d9cf4 | out: lpMode=0xc0004d9cf4) returned 0 [0102.090] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.128] SetEvent (hEvent=0x15c) returned 1 [0102.128] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.128] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000137818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc000137818*=0x3) returned 1 [0102.131] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000157818, lpReserved=0x0 | out: lpBuffer=0xc0000a0016*, lpNumberOfCharsWritten=0xc000157818*=0x3) returned 1 [0102.134] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc0000a01c0*, lpNumberOfCharsWritten=0xc0006dd818*=0x3) returned 1 [0102.144] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01c6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a3818, lpReserved=0x0 | out: lpBuffer=0xc0000a01c6*, lpNumberOfCharsWritten=0xc0001a3818*=0x3) returned 1 [0102.151] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.163] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102290*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00014d818, lpReserved=0x0 | out: lpBuffer=0xc000102290*, lpNumberOfCharsWritten=0xc00014d818*=0x3) returned 1 [0102.164] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.167] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.168] SetEvent (hEvent=0x108) returned 1 [0102.168] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.182] SetEvent (hEvent=0x114) returned 1 [0102.182] SwitchToThread () returned 1 [0102.184] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.187] SetEvent (hEvent=0x114) returned 1 [0102.187] SetEvent (hEvent=0x15c) returned 1 [0102.188] VirtualFree (lpAddress=0xc000294000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.188] VirtualFree (lpAddress=0xc00028a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.188] VirtualFree (lpAddress=0xc000284000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.188] VirtualFree (lpAddress=0xc000208000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0102.189] VirtualFree (lpAddress=0xc00017a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.189] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.189] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.189] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.190] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.190] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0102.190] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0102.191] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0102.191] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\encry-topbar_floating_button_maximize.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\encry-topbar_floating_button_maximize.png"), dwFlags=0x1) returned 1 [0102.192] GetFileType (hFile=0x144) returned 0x1 [0102.192] GetFileType (hFile=0x144) returned 0x1 [0102.192] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc000189d44 | out: lpFileInformation=0xc000189d44) returned 1 [0102.192] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc000189d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000189d28) returned 1 [0102.192] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0102.194] ReadFile (in: hFile=0x144, lpBuffer=0xc000300000, nNumberOfBytesToRead=0x114dc, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesRead=0xc000189c04*=0x112dc, lpOverlapped=0x0) returned 1 [0102.197] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.200] ReadFile (in: hFile=0x144, lpBuffer=0xc0003112dc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003112dc*, lpNumberOfBytesRead=0xc000189c04*=0x0, lpOverlapped=0x0) returned 1 [0102.200] CloseHandle (hObject=0x144) returned 1 [0102.200] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0102.201] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.203] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000189d04 | out: lpMode=0xc000189d04) returned 0 [0102.203] GetFileType (hFile=0x144) returned 0x1 [0102.203] WriteFile (in: hFile=0x144, lpBuffer=0xc000208000*, nNumberOfBytesToWrite=0x112e0, lpNumberOfBytesWritten=0xc000189cec, lpOverlapped=0x0 | out: lpBuffer=0xc000208000*, lpNumberOfBytesWritten=0xc000189cec*=0x112e0, lpOverlapped=0x0) returned 1 [0102.205] CloseHandle (hObject=0x144) returned 1 [0102.206] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0102.206] VirtualAlloc (lpAddress=0xc0001fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fc000 [0102.206] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.206] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000189d64 | out: lpMode=0xc000189d64) returned 0 [0102.207] GetFileType (hFile=0x144) returned 0x1 [0102.207] WriteFile (in: hFile=0x144, lpBuffer=0xc0000fe000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000189d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesWritten=0xc000189d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.207] CloseHandle (hObject=0x144) returned 1 [0102.207] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\encry-flapper.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\encry-flapper.gif"), dwFlags=0x1) returned 1 [0102.208] VirtualFree (lpAddress=0xc0001f2000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0102.208] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.208] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.209] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.209] GetFileType (hFile=0x128) returned 0x1 [0102.209] WriteFile (in: hFile=0x128, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x6d0, lpNumberOfBytesWritten=0xc0000e5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc0000e5cec*=0x6d0, lpOverlapped=0x0) returned 1 [0102.210] CloseHandle (hObject=0x128) returned 1 [0102.210] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0102.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0102.210] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000e5d64 | out: lpMode=0xc0000e5d64) returned 0 [0102.212] GetFileType (hFile=0x128) returned 0x1 [0102.212] WriteFile (in: hFile=0x128, lpBuffer=0xc0000fe420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000e5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe420*, lpNumberOfBytesWritten=0xc0000e5d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.212] CloseHandle (hObject=0x128) returned 1 [0102.212] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\encry-craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\encry-craw_window.css"), dwFlags=0x1) returned 1 [0102.213] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0102.213] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000159cf4 | out: lpMode=0xc000159cf4) returned 0 [0102.214] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.221] SwitchToThread () returned 1 [0102.225] SetEvent (hEvent=0x114) returned 1 [0102.225] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.228] SetEvent (hEvent=0x114) returned 1 [0102.228] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.229] SetEvent (hEvent=0xfc) returned 1 [0102.229] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.234] SetEvent (hEvent=0x114) returned 1 [0102.234] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.236] VirtualFree (lpAddress=0xc000300000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0102.237] VirtualFree (lpAddress=0xc000296000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.237] VirtualFree (lpAddress=0xc000290000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.237] VirtualFree (lpAddress=0xc000206000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0102.238] VirtualFree (lpAddress=0xc0001fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.238] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.238] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.238] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.239] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.239] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.239] SetEvent (hEvent=0x100) returned 1 [0102.239] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.240] SwitchToThread () returned 1 [0102.330] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.341] SwitchToThread () returned 1 [0102.345] SetEvent (hEvent=0x114) returned 1 [0102.345] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.348] SetEvent (hEvent=0x15c) returned 1 [0102.348] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.351] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.364] SetEvent (hEvent=0x114) returned 1 [0102.364] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.364] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.364] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.364] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.364] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.364] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.364] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\el\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14c)) returned 1 [0102.372] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.375] SetEvent (hEvent=0x114) returned 1 [0102.375] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.381] SetEvent (hEvent=0x114) returned 1 [0102.381] SetEvent (hEvent=0x108) returned 1 [0102.381] GetFileType (hFile=0x128) returned 0x1 [0102.381] GetFileType (hFile=0x128) returned 0x1 [0102.381] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000159d44 | out: lpFileInformation=0xc000159d44) returned 1 [0102.382] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000159d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000159d28) returned 1 [0102.382] ReadFile (in: hFile=0x128, lpBuffer=0xc0001fe000, nNumberOfBytesToRead=0x338, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001fe000*, lpNumberOfBytesRead=0xc000159c04*=0x138, lpOverlapped=0x0) returned 1 [0102.383] ReadFile (in: hFile=0x128, lpBuffer=0xc0001fe138, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001fe138*, lpNumberOfBytesRead=0xc000159c04*=0x0, lpOverlapped=0x0) returned 1 [0102.383] CloseHandle (hObject=0x128) returned 1 [0102.383] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0102.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0102.385] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000159d04 | out: lpMode=0xc000159d04) returned 0 [0102.410] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.417] SetEvent (hEvent=0x114) returned 1 [0102.417] GetFileType (hFile=0x128) returned 0x1 [0102.417] WriteFile (in: hFile=0x128, lpBuffer=0xc0003ca140*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0xc000159cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003ca140*, lpNumberOfBytesWritten=0xc000159cec*=0x140, lpOverlapped=0x0) returned 1 [0102.418] CloseHandle (hObject=0x128) returned 1 [0102.418] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0102.419] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0102.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0102.419] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000159d64 | out: lpMode=0xc000159d64) returned 0 [0102.420] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.426] GetFileType (hFile=0x128) returned 0x1 [0102.426] WriteFile (in: hFile=0x128, lpBuffer=0xc0002b2000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000159d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002b2000*, lpNumberOfBytesWritten=0xc000159d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.430] CloseHandle (hObject=0x128) returned 1 [0102.430] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0102.431] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ar\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.431] GetFileType (hFile=0x150) returned 0x1 [0102.431] GetFileType (hFile=0x150) returned 0x1 [0102.432] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000273d44 | out: lpFileInformation=0xc000273d44) returned 1 [0102.432] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000273d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000273d28) returned 1 [0102.432] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0102.432] ReadFile (in: hFile=0x150, lpBuffer=0xc000070000, nNumberOfBytesToRead=0x2ef, lpNumberOfBytesRead=0xc000273c04, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesRead=0xc000273c04*=0xef, lpOverlapped=0x0) returned 1 [0102.434] ReadFile (in: hFile=0x150, lpBuffer=0xc0000700ef, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000273c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000700ef*, lpNumberOfBytesRead=0xc000273c04*=0x0, lpOverlapped=0x0) returned 1 [0102.434] CloseHandle (hObject=0x150) returned 1 [0102.434] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0102.434] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.435] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000273d04 | out: lpMode=0xc000273d04) returned 0 [0102.437] GetFileType (hFile=0x150) returned 0x1 [0102.438] WriteFile (in: hFile=0x150, lpBuffer=0xc00007a1e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000273cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007a1e0*, lpNumberOfBytesWritten=0xc000273cec*=0xf0, lpOverlapped=0x0) returned 1 [0102.439] CloseHandle (hObject=0x150) returned 1 [0102.439] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0102.439] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0102.439] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0102.440] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000273d64 | out: lpMode=0xc000273d64) returned 0 [0102.444] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.453] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.454] SetEvent (hEvent=0xfc) returned 1 [0102.454] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.459] SetEvent (hEvent=0x100) returned 1 [0102.459] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.502] SetEvent (hEvent=0xfc) returned 1 [0102.502] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.512] SetEvent (hEvent=0xfc) returned 1 [0102.512] SetEvent (hEvent=0x108) returned 1 [0102.512] GetFileType (hFile=0x128) returned 0x1 [0102.512] WriteFile (in: hFile=0x128, lpBuffer=0xc00004e000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc0001bdcec, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesWritten=0xc0001bdcec*=0x110, lpOverlapped=0x0) returned 1 [0102.513] CloseHandle (hObject=0x128) returned 1 [0102.513] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0102.513] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0102.514] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0102.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0102.515] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001bdd64 | out: lpMode=0xc0001bdd64) returned 0 [0102.526] GetFileType (hFile=0x128) returned 0x1 [0102.526] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.527] CloseHandle (hObject=0x128) returned 1 [0102.527] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\es\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.528] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0102.528] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0102.529] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000049cf4 | out: lpMode=0xc000049cf4) returned 0 [0102.562] GetFileType (hFile=0x128) returned 0x1 [0102.562] GetFileType (hFile=0x128) returned 0x1 [0102.562] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000049d44 | out: lpFileInformation=0xc000049d44) returned 1 [0102.562] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000049d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000049d28) returned 1 [0102.562] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0102.562] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0102.563] ReadFile (in: hFile=0x128, lpBuffer=0xc00025e000, nNumberOfBytesToRead=0x2f2, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025e000*, lpNumberOfBytesRead=0xc000049c04*=0xf2, lpOverlapped=0x0) returned 1 [0102.564] ReadFile (in: hFile=0x128, lpBuffer=0xc00025e0f2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025e0f2*, lpNumberOfBytesRead=0xc000049c04*=0x0, lpOverlapped=0x0) returned 1 [0102.564] CloseHandle (hObject=0x128) returned 1 [0102.564] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0102.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0102.566] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000049d04 | out: lpMode=0xc000049d04) returned 0 [0102.570] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.572] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.574] SetEvent (hEvent=0xfc) returned 1 [0102.574] SetEvent (hEvent=0x100) returned 1 [0102.574] SetEvent (hEvent=0x12c) returned 1 [0102.574] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0102.585] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0000f3cf4 | out: lpMode=0xc0000f3cf4) returned 0 [0102.586] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.586] GetFileType (hFile=0x170) returned 0x1 [0102.586] GetFileType (hFile=0x170) returned 0x1 [0102.587] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc0000f3d44 | out: lpFileInformation=0xc0000f3d44) returned 1 [0102.587] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc0000f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f3d28) returned 1 [0102.587] ReadFile (in: hFile=0x170, lpBuffer=0xc000266000, nNumberOfBytesToRead=0x30f, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000266000*, lpNumberOfBytesRead=0xc0000f3c04*=0x10f, lpOverlapped=0x0) returned 1 [0102.588] ReadFile (in: hFile=0x170, lpBuffer=0xc00026610f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00026610f*, lpNumberOfBytesRead=0xc0000f3c04*=0x0, lpOverlapped=0x0) returned 1 [0102.588] CloseHandle (hObject=0x170) returned 1 [0102.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.589] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0000f3d04 | out: lpMode=0xc0000f3d04) returned 0 [0102.589] GetFileType (hFile=0x170) returned 0x1 [0102.589] WriteFile (in: hFile=0x170, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc0000f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc0000f3cec*=0x110, lpOverlapped=0x0) returned 1 [0102.590] CloseHandle (hObject=0x170) returned 1 [0102.590] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0102.590] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0102.591] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0102.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.591] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0000f3d64 | out: lpMode=0xc0000f3d64) returned 0 [0102.593] GetFileType (hFile=0x170) returned 0x1 [0102.593] WriteFile (in: hFile=0x170, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.593] CloseHandle (hObject=0x170) returned 1 [0102.594] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.594] SwitchToThread () returned 1 [0102.595] SetEvent (hEvent=0x100) returned 1 [0102.595] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.596] SetEvent (hEvent=0x108) returned 1 [0102.596] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.605] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.606] SetEvent (hEvent=0x100) returned 1 [0102.606] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.607] SetEvent (hEvent=0x100) returned 1 [0102.607] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.607] SetEvent (hEvent=0x100) returned 1 [0102.607] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.608] SetEvent (hEvent=0x100) returned 1 [0102.608] SetEvent (hEvent=0x108) returned 1 [0102.608] SetEvent (hEvent=0x114) returned 1 [0102.608] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.615] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0102.615] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0102.615] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0102.616] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0102.616] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x168 [0102.616] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000177cf4 | out: lpMode=0xc000177cf4) returned 0 [0102.624] GetFileType (hFile=0x168) returned 0x1 [0102.624] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0102.624] GetFileType (hFile=0x168) returned 0x1 [0102.624] GetFileInformationByHandle (in: hFile=0x168, lpFileInformation=0xc000177d44 | out: lpFileInformation=0xc000177d44) returned 1 [0102.624] GetFileInformationByHandleEx (in: hFile=0x168, FileInformationClass=0x9, lpFileInformation=0xc000177d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000177d28) returned 1 [0102.625] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0102.625] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0102.625] ReadFile (in: hFile=0x168, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x2d2, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc000177c04*=0xd2, lpOverlapped=0x0) returned 1 [0102.627] ReadFile (in: hFile=0x168, lpBuffer=0xc0000a20d2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a20d2*, lpNumberOfBytesRead=0xc000177c04*=0x0, lpOverlapped=0x0) returned 1 [0102.627] CloseHandle (hObject=0x168) returned 1 [0102.627] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0102.627] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0102.628] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0102.628] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0102.628] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0102.629] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000177d04 | out: lpMode=0xc000177d04) returned 0 [0102.634] GetFileType (hFile=0x168) returned 0x1 [0102.634] WriteFile (in: hFile=0x168, lpBuffer=0xc000120000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000177cec, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesWritten=0xc000177cec*=0xe0, lpOverlapped=0x0) returned 1 [0102.635] CloseHandle (hObject=0x168) returned 1 [0102.636] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0102.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0102.636] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000177d64 | out: lpMode=0xc000177d64) returned 0 [0102.639] GetFileType (hFile=0x168) returned 0x1 [0102.639] WriteFile (in: hFile=0x168, lpBuffer=0xc00007c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000177d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesWritten=0xc000177d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.639] CloseHandle (hObject=0x168) returned 1 [0102.639] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.640] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.640] VirtualFree (lpAddress=0xc000268000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.640] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.641] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.641] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.641] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.641] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.641] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.642] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.642] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.642] VirtualFree (lpAddress=0xc00004e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.643] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x168 [0102.643] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0001d9cf4 | out: lpMode=0xc0001d9cf4) returned 0 [0102.645] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.647] GetFileType (hFile=0x168) returned 0x1 [0102.647] GetFileType (hFile=0x168) returned 0x1 [0102.647] GetFileInformationByHandle (in: hFile=0x168, lpFileInformation=0xc0001d9d44 | out: lpFileInformation=0xc0001d9d44) returned 1 [0102.647] GetFileInformationByHandleEx (in: hFile=0x168, FileInformationClass=0x9, lpFileInformation=0xc0001d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d9d28) returned 1 [0102.647] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0102.648] ReadFile (in: hFile=0x168, lpBuffer=0xc0000ce000, nNumberOfBytesToRead=0x2ea, lpNumberOfBytesRead=0xc0001d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesRead=0xc0001d9c04*=0xea, lpOverlapped=0x0) returned 1 [0102.649] ReadFile (in: hFile=0x168, lpBuffer=0xc0000ce0ea, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce0ea*, lpNumberOfBytesRead=0xc0001d9c04*=0x0, lpOverlapped=0x0) returned 1 [0102.649] CloseHandle (hObject=0x168) returned 1 [0102.649] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0102.650] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0102.650] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0001d9d04 | out: lpMode=0xc0001d9d04) returned 0 [0102.651] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.656] GetFileType (hFile=0x168) returned 0x1 [0102.656] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.659] WriteFile (in: hFile=0x168, lpBuffer=0xc0000d81e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0001d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d81e0*, lpNumberOfBytesWritten=0xc0001d9cec*=0xf0, lpOverlapped=0x0) returned 1 [0102.660] CloseHandle (hObject=0x168) returned 1 [0102.660] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0102.660] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0102.660] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0102.660] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc0001d9d64 | out: lpMode=0xc0001d9d64) returned 0 [0102.669] GetFileType (hFile=0x168) returned 0x1 [0102.669] WriteFile (in: hFile=0x168, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.669] CloseHandle (hObject=0x168) returned 1 [0102.669] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.670] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0102.670] SetEvent (hEvent=0x108) returned 1 [0102.670] SetEvent (hEvent=0xfc) returned 1 [0102.670] VirtualAlloc (lpAddress=0xc00020a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020a000 [0102.672] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.681] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.686] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0102.686] SetEvent (hEvent=0x114) returned 1 [0102.686] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.688] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.689] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0102.689] SetEvent (hEvent=0xc0) returned 1 [0102.689] SetEvent (hEvent=0x12c) returned 1 [0102.689] SetEvent (hEvent=0x100) returned 1 [0102.690] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.693] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.695] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0102.696] SetEvent (hEvent=0x12c) returned 1 [0102.696] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.704] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.704] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0102.705] SetEvent (hEvent=0x100) returned 1 [0102.705] SetEvent (hEvent=0xfc) returned 1 [0102.705] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.709] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.709] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.715] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0102.715] SetEvent (hEvent=0x114) returned 1 [0102.715] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.726] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.726] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0102.726] SetEvent (hEvent=0xc0) returned 1 [0102.727] SetEvent (hEvent=0xfc) returned 1 [0102.727] SetEvent (hEvent=0x100) returned 1 [0102.728] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.731] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.735] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0102.735] SetEvent (hEvent=0x100) returned 1 [0102.735] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.749] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.749] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.750] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0102.750] SetEvent (hEvent=0xc0) returned 1 [0102.750] SetEvent (hEvent=0xfc) returned 1 [0102.750] SetEvent (hEvent=0x100) returned 1 [0102.750] SetEvent (hEvent=0x108) returned 1 [0102.750] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0102.752] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.762] SetEvent (hEvent=0xfc) returned 1 [0102.762] SetEvent (hEvent=0x15c) returned 1 [0102.762] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.780] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.780] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0102.780] SetEvent (hEvent=0x114) returned 1 [0102.780] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.802] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0102.802] SetEvent (hEvent=0x12c) returned 1 [0102.802] SetEvent (hEvent=0x15c) returned 1 [0102.803] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.809] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.811] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0102.811] SetEvent (hEvent=0x114) returned 1 [0102.811] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.818] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.819] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0102.819] SetEvent (hEvent=0xc0) returned 1 [0102.819] SetEvent (hEvent=0x100) returned 1 [0102.819] SetEvent (hEvent=0x108) returned 1 [0102.820] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.824] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.824] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.827] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0102.827] SetEvent (hEvent=0x100) returned 1 [0102.827] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.832] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.833] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0102.833] SetEvent (hEvent=0x114) returned 1 [0102.833] SetEvent (hEvent=0x108) returned 1 [0102.834] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.837] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0102.837] SetEvent (hEvent=0x108) returned 1 [0102.837] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.844] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.844] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.845] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0102.845] SetEvent (hEvent=0xc0) returned 1 [0102.845] SetEvent (hEvent=0x108) returned 1 [0102.845] SetEvent (hEvent=0x114) returned 1 [0102.845] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0102.847] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.852] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0102.852] SetEvent (hEvent=0x114) returned 1 [0102.852] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.860] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.860] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0102.860] SetEvent (hEvent=0x100) returned 1 [0102.860] SetEvent (hEvent=0x108) returned 1 [0102.860] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0102.862] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.865] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0102.865] SetEvent (hEvent=0x108) returned 1 [0102.865] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.872] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.872] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0102.872] SetEvent (hEvent=0x100) returned 1 [0102.872] SetEvent (hEvent=0x15c) returned 1 [0102.873] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.876] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.886] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0102.886] SetEvent (hEvent=0x15c) returned 1 [0102.886] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.892] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.893] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0102.893] SetEvent (hEvent=0x100) returned 1 [0102.893] SetEvent (hEvent=0x12c) returned 1 [0102.893] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.899] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.899] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.904] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.904] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0102.904] SetEvent (hEvent=0x114) returned 1 [0102.905] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.930] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0102.930] SetEvent (hEvent=0x12c) returned 1 [0102.930] SetEvent (hEvent=0x100) returned 1 [0102.931] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.943] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.943] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.947] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0102.947] SetEvent (hEvent=0x114) returned 1 [0102.947] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.954] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.954] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0102.954] SetEvent (hEvent=0xc0) returned 1 [0102.954] SetEvent (hEvent=0x15c) returned 1 [0102.954] SetEvent (hEvent=0x108) returned 1 [0102.956] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.956] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.956] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.958] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0102.958] SetEvent (hEvent=0x15c) returned 1 [0102.958] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.967] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0102.967] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0102.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0102.968] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001d7cf4 | out: lpMode=0xc0001d7cf4) returned 0 [0102.972] GetFileType (hFile=0x144) returned 0x1 [0102.972] GetFileType (hFile=0x144) returned 0x1 [0102.972] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0001d7d44 | out: lpFileInformation=0xc0001d7d44) returned 1 [0102.972] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0001d7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d7d28) returned 1 [0102.972] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0102.973] ReadFile (in: hFile=0x144, lpBuffer=0xc0000fe000, nNumberOfBytesToRead=0x2de, lpNumberOfBytesRead=0xc0001d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesRead=0xc0001d7c04*=0xde, lpOverlapped=0x0) returned 1 [0102.974] ReadFile (in: hFile=0x144, lpBuffer=0xc0000fe0de, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe0de*, lpNumberOfBytesRead=0xc0001d7c04*=0x0, lpOverlapped=0x0) returned 1 [0102.974] CloseHandle (hObject=0x144) returned 1 [0102.974] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0102.974] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0102.975] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.976] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001d7d04 | out: lpMode=0xc0001d7d04) returned 0 [0102.984] GetFileType (hFile=0x144) returned 0x1 [0102.984] WriteFile (in: hFile=0x144, lpBuffer=0xc0000a2000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0001d7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesWritten=0xc0001d7cec*=0xe0, lpOverlapped=0x0) returned 1 [0102.985] CloseHandle (hObject=0x144) returned 1 [0102.985] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0102.986] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0102.986] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0102.986] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0102.987] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0102.987] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.987] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001d7d64 | out: lpMode=0xc0001d7d64) returned 0 [0102.994] GetFileType (hFile=0x144) returned 0x1 [0102.994] WriteFile (in: hFile=0x144, lpBuffer=0xc0000582c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000582c0*, lpNumberOfBytesWritten=0xc0001d7d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.994] CloseHandle (hObject=0x144) returned 1 [0102.995] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0102.995] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0102.996] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.997] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.998] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0102.998] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0102.998] SetEvent (hEvent=0xc0) returned 1 [0102.998] SetEvent (hEvent=0x12c) returned 1 [0102.998] SetEvent (hEvent=0xfc) returned 1 [0102.998] SetEvent (hEvent=0x100) returned 1 [0102.998] VirtualAlloc (lpAddress=0xc00020a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020a000 [0103.003] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.012] SetEvent (hEvent=0xfc) returned 1 [0103.012] SetEvent (hEvent=0x12c) returned 1 [0103.013] SetEvent (hEvent=0x9c) returned 1 [0103.013] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.017] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.018] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0103.018] SetEvent (hEvent=0x114) returned 1 [0103.018] SetEvent (hEvent=0x9c) returned 1 [0103.018] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0103.023] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001b3cf4 | out: lpMode=0xc0001b3cf4) returned 0 [0103.026] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.038] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.039] SetEvent (hEvent=0x108) returned 1 [0103.039] SetEvent (hEvent=0x9c) returned 1 [0103.039] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.077] SetEvent (hEvent=0xfc) returned 1 [0103.077] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.086] SetEvent (hEvent=0x9c) returned 1 [0103.086] SetEvent (hEvent=0x15c) returned 1 [0103.086] SetEvent (hEvent=0x100) returned 1 [0103.086] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.091] SetEvent (hEvent=0x9c) returned 1 [0103.091] SetEvent (hEvent=0x108) returned 1 [0103.092] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.101] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.103] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0103.103] SetEvent (hEvent=0xc0) returned 1 [0103.103] SetEvent (hEvent=0xfc) returned 1 [0103.103] SetEvent (hEvent=0x100) returned 1 [0103.104] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.112] SetEvent (hEvent=0x100) returned 1 [0103.113] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.118] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.118] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0103.118] SetEvent (hEvent=0x9c) returned 1 [0103.118] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.128] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.130] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.130] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0103.130] SetEvent (hEvent=0xc0) returned 1 [0103.130] SetEvent (hEvent=0x108) returned 1 [0103.130] SetEvent (hEvent=0xb8) returned 1 [0103.131] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.134] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.141] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0103.141] SetEvent (hEvent=0x108) returned 1 [0103.141] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.155] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.155] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.156] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0103.156] SetEvent (hEvent=0xc0) returned 1 [0103.156] SetEvent (hEvent=0xfc) returned 1 [0103.156] SetEvent (hEvent=0xb8) returned 1 [0103.156] SetEvent (hEvent=0x15c) returned 1 [0103.157] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.167] SetEvent (hEvent=0xb8) returned 1 [0103.167] SetEvent (hEvent=0xfc) returned 1 [0103.167] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.184] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.185] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0103.185] SetEvent (hEvent=0x9c) returned 1 [0103.185] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.205] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0103.205] SetEvent (hEvent=0x108) returned 1 [0103.205] SetEvent (hEvent=0xfc) returned 1 [0103.205] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0103.207] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.211] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.211] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.216] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.216] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.217] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.217] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0103.217] SetEvent (hEvent=0xc0) returned 1 [0103.217] SetEvent (hEvent=0x15c) returned 1 [0103.217] SetEvent (hEvent=0x9c) returned 1 [0103.217] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.236] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.236] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0103.236] SetEvent (hEvent=0x9c) returned 1 [0103.236] SetEvent (hEvent=0x108) returned 1 [0103.237] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.245] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.330] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.330] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.331] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.331] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0103.331] SetEvent (hEvent=0x100) returned 1 [0103.331] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.332] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0103.332] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83496410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83498b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83498b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.332] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.332] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83496410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83498b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83498b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.333] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83496410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83498b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83498b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.333] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83498b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8349d940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.333] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.333] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.333] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83498b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8349d940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40d4)) returned 1 [0103.333] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a2760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a4e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.333] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.333] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a2760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a4e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.333] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a2760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a4e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.334] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834a4e70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e5d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.334] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.334] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.334] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\id\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834a4e70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a4e70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e5d)) returned 1 [0103.335] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.342] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.346] SetEvent (hEvent=0x15c) returned 1 [0103.346] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.347] VirtualFree (lpAddress=0xc000266000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.347] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.347] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.347] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.348] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0103.348] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001d3cf4 | out: lpMode=0xc0001d3cf4) returned 0 [0103.351] GetFileType (hFile=0x128) returned 0x1 [0103.351] GetFileType (hFile=0x128) returned 0x1 [0103.351] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0001d3d44 | out: lpFileInformation=0xc0001d3d44) returned 1 [0103.351] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0001d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d3d28) returned 1 [0103.351] ReadFile (in: hFile=0x128, lpBuffer=0xc000286a00, nNumberOfBytesToRead=0x5279, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000286a00*, lpNumberOfBytesRead=0xc0001d3c04*=0x5079, lpOverlapped=0x0) returned 1 [0103.462] ReadFile (in: hFile=0x128, lpBuffer=0xc00028ba79, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028ba79*, lpNumberOfBytesRead=0xc0001d3c04*=0x0, lpOverlapped=0x0) returned 1 [0103.462] CloseHandle (hObject=0x128) returned 1 [0103.462] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0103.463] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0103.464] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001d3d04 | out: lpMode=0xc0001d3d04) returned 0 [0103.476] GetFileType (hFile=0x128) returned 0x1 [0103.476] WriteFile (in: hFile=0x128, lpBuffer=0xc000281500*, nNumberOfBytesToWrite=0x5080, lpNumberOfBytesWritten=0xc0001d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000281500*, lpNumberOfBytesWritten=0xc0001d3cec*=0x5080, lpOverlapped=0x0) returned 1 [0103.477] CloseHandle (hObject=0x128) returned 1 [0103.477] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0103.477] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0103.478] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0103.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0103.478] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001d3d64 | out: lpMode=0xc0001d3d64) returned 0 [0103.498] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.528] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.529] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00014f818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc00014f818*=0x3) returned 1 [0103.530] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc000586016*, lpNumberOfCharsWritten=0xc00024d818*=0x3) returned 1 [0103.533] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.549] SetEvent (hEvent=0x188) returned 1 [0103.549] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.551] SetEvent (hEvent=0x164) returned 1 [0103.551] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.575] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x184 [0103.575] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0000bbcf4 | out: lpMode=0xc0000bbcf4) returned 0 [0103.580] GetFileType (hFile=0x184) returned 0x1 [0103.580] GetFileType (hFile=0x184) returned 0x1 [0103.580] GetFileInformationByHandle (in: hFile=0x184, lpFileInformation=0xc0000bbd44 | out: lpFileInformation=0xc0000bbd44) returned 1 [0103.580] GetFileInformationByHandleEx (in: hFile=0x184, FileInformationClass=0x9, lpFileInformation=0xc0000bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bbd28) returned 1 [0103.580] ReadFile (in: hFile=0x184, lpBuffer=0xc0002d7000, nNumberOfBytesToRead=0x40bc, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002d7000*, lpNumberOfBytesRead=0xc0000bbc04*=0x3ebc, lpOverlapped=0x0) returned 1 [0103.582] ReadFile (in: hFile=0x184, lpBuffer=0xc0002daebc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002daebc*, lpNumberOfBytesRead=0xc0000bbc04*=0x0, lpOverlapped=0x0) returned 1 [0103.582] CloseHandle (hObject=0x184) returned 1 [0103.582] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0103.583] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0103.584] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0000bbd04 | out: lpMode=0xc0000bbd04) returned 0 [0103.589] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.607] SetEvent (hEvent=0x114) returned 1 [0103.607] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.619] SetEvent (hEvent=0xfc) returned 1 [0103.619] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0103.837] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00020fcf4 | out: lpMode=0xc00020fcf4) returned 0 [0103.839] GetFileType (hFile=0x128) returned 0x1 [0103.839] GetFileType (hFile=0x128) returned 0x1 [0103.839] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00020fd44 | out: lpFileInformation=0xc00020fd44) returned 1 [0103.839] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00020fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020fd28) returned 1 [0103.839] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0103.843] ReadFile (in: hFile=0x128, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x3a458, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc00020fc04*=0x3a258, lpOverlapped=0x0) returned 1 [0103.866] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.878] ReadFile (in: hFile=0x128, lpBuffer=0xc000380258, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000380258*, lpNumberOfBytesRead=0xc00020fc04*=0x0, lpOverlapped=0x0) returned 1 [0103.878] CloseHandle (hObject=0x128) returned 1 [0103.878] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0103.882] SetEvent (hEvent=0x108) returned 1 [0103.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0103.883] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000195cf4 | out: lpMode=0xc000195cf4) returned 0 [0103.888] GetFileType (hFile=0x150) returned 0x1 [0103.888] GetFileType (hFile=0x150) returned 0x1 [0103.888] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000195d44 | out: lpFileInformation=0xc000195d44) returned 1 [0103.888] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000195d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000195d28) returned 1 [0103.889] ReadFile (in: hFile=0x150, lpBuffer=0xc0002a2800, nNumberOfBytesToRead=0x42fd, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a2800*, lpNumberOfBytesRead=0xc000195c04*=0x40fd, lpOverlapped=0x0) returned 1 [0103.890] ReadFile (in: hFile=0x150, lpBuffer=0xc0002a68fd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a68fd*, lpNumberOfBytesRead=0xc000195c04*=0x0, lpOverlapped=0x0) returned 1 [0103.891] CloseHandle (hObject=0x150) returned 1 [0103.891] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0103.892] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000195d04 | out: lpMode=0xc000195d04) returned 0 [0103.897] GetFileType (hFile=0x150) returned 0x1 [0103.897] WriteFile (in: hFile=0x150, lpBuffer=0xc0002a7000*, nNumberOfBytesToWrite=0x4100, lpNumberOfBytesWritten=0xc000195cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a7000*, lpNumberOfBytesWritten=0xc000195cec*=0x4100, lpOverlapped=0x0) returned 1 [0103.899] CloseHandle (hObject=0x150) returned 1 [0103.899] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0103.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0103.899] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000195d64 | out: lpMode=0xc000195d64) returned 0 [0103.903] GetFileType (hFile=0x150) returned 0x1 [0103.904] WriteFile (in: hFile=0x150, lpBuffer=0xc000237080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000195d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000237080*, lpNumberOfBytesWritten=0xc000195d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.904] CloseHandle (hObject=0x150) returned 1 [0103.904] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\encry-messages.json"), dwFlags=0x1) returned 1 [0104.046] VirtualFree (lpAddress=0xc00031a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.046] VirtualFree (lpAddress=0xc0002b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.047] VirtualFree (lpAddress=0xc000268000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.047] VirtualFree (lpAddress=0xc000264000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.047] VirtualFree (lpAddress=0xc00025a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.047] VirtualFree (lpAddress=0xc000212000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0104.048] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.048] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.048] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.049] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.049] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0104.049] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0104.050] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00027fcf4 | out: lpMode=0xc00027fcf4) returned 0 [0104.060] GetFileType (hFile=0x174) returned 0x1 [0104.061] GetFileType (hFile=0x174) returned 0x1 [0104.061] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc00027fd44 | out: lpFileInformation=0xc00027fd44) returned 1 [0104.061] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc00027fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027fd28) returned 1 [0104.061] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0104.061] ReadFile (in: hFile=0x174, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x3f11, lpNumberOfBytesRead=0xc00027fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc00027fc04*=0x3d11, lpOverlapped=0x0) returned 1 [0104.067] ReadFile (in: hFile=0x174, lpBuffer=0xc0000f1d11, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f1d11*, lpNumberOfBytesRead=0xc00027fc04*=0x0, lpOverlapped=0x0) returned 1 [0104.067] CloseHandle (hObject=0x174) returned 1 [0104.067] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0104.068] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0104.069] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0104.070] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00027fd04 | out: lpMode=0xc00027fd04) returned 0 [0104.072] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.076] GetFileType (hFile=0x174) returned 0x1 [0104.076] WriteFile (in: hFile=0x174, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x3d20, lpNumberOfBytesWritten=0xc00027fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc00027fcec*=0x3d20, lpOverlapped=0x0) returned 1 [0104.078] CloseHandle (hObject=0x174) returned 1 [0104.078] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532801 | out: pbBuffer=0xc000532801) returned 1 [0104.079] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0104.079] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0104.079] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00027fd64 | out: lpMode=0xc00027fd64) returned 0 [0104.082] GetFileType (hFile=0x174) returned 0x1 [0104.082] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d7b80*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7b80*, lpNumberOfBytesWritten=0xc00027fd4c*=0x158, lpOverlapped=0x0) returned 1 [0104.082] CloseHandle (hObject=0x174) returned 1 [0104.082] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0104.083] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\encry-messages.json"), dwFlags=0x1) returned 1 [0104.084] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.086] SetEvent (hEvent=0xf4) returned 1 [0104.086] SetEvent (hEvent=0x9c) returned 1 [0104.086] VirtualFree (lpAddress=0xc000382000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0104.087] VirtualFree (lpAddress=0xc000322000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0104.088] VirtualFree (lpAddress=0xc0002b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.088] VirtualFree (lpAddress=0xc00028c000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0104.088] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.089] VirtualFree (lpAddress=0xc00021e000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.089] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.089] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.090] VirtualFree (lpAddress=0xc000058000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.090] GetFileType (hFile=0x1b0) returned 0x1 [0104.090] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc00010fd4c*=0x158, lpOverlapped=0x0) returned 1 [0104.090] CloseHandle (hObject=0x1b0) returned 1 [0104.091] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\encry-messages.json"), dwFlags=0x1) returned 1 [0104.091] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0104.092] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0104.092] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0104.093] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00020dcf4 | out: lpMode=0xc00020dcf4) returned 0 [0104.097] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.108] GetFileType (hFile=0x1b0) returned 0x1 [0104.108] GetFileType (hFile=0x1b0) returned 0x1 [0104.108] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00020dd44 | out: lpFileInformation=0xc00020dd44) returned 1 [0104.109] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00020dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020dd28) returned 1 [0104.109] VirtualAlloc (lpAddress=0xc00031a000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031a000 [0104.110] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00031a000, nNumberOfBytesToRead=0x113e1, lpNumberOfBytesRead=0xc00020dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00031a000*, lpNumberOfBytesRead=0xc00020dc04*=0x111e1, lpOverlapped=0x0) returned 1 [0104.119] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00032b1e1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00032b1e1*, lpNumberOfBytesRead=0xc00020dc04*=0x0, lpOverlapped=0x0) returned 1 [0104.119] CloseHandle (hObject=0x1b0) returned 1 [0104.120] VirtualAlloc (lpAddress=0xc000382000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000382000 [0104.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0104.123] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00020dd04 | out: lpMode=0xc00020dd04) returned 0 [0104.127] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.157] SetEvent (hEvent=0xf4) returned 1 [0104.157] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.158] SetEvent (hEvent=0x108) returned 1 [0104.158] SwitchToThread () returned 1 [0104.248] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.295] SetEvent (hEvent=0xb8) returned 1 [0104.295] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.298] SetEvent (hEvent=0x164) returned 1 [0104.298] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.302] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.311] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.312] SetEvent (hEvent=0xb8) returned 1 [0104.312] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.313] SetEvent (hEvent=0xb8) returned 1 [0104.313] SetEvent (hEvent=0x164) returned 1 [0104.313] SetEvent (hEvent=0x9c) returned 1 [0104.313] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.325] SwitchToThread () returned 1 [0104.340] SetEvent (hEvent=0xb8) returned 1 [0104.340] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.342] SetEvent (hEvent=0x108) returned 1 [0104.342] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.344] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.344] SetEvent (hEvent=0xb8) returned 1 [0104.345] SetEvent (hEvent=0x164) returned 1 [0104.345] VirtualFree (lpAddress=0xc000400000, dwSize=0x3a000, dwFreeType=0x4000) returned 1 [0104.347] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.347] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.347] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.347] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.348] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.348] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.348] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.348] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.349] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.349] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.349] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.350] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.350] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.350] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0104.351] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0104.351] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0104.352] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0104.353] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000287d04 | out: lpMode=0xc000287d04) returned 0 [0104.356] GetFileType (hFile=0x128) returned 0x1 [0104.356] WriteFile (in: hFile=0x128, lpBuffer=0xc0001e2000*, nNumberOfBytesToWrite=0x3e40, lpNumberOfBytesWritten=0xc000287cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesWritten=0xc000287cec*=0x3e40, lpOverlapped=0x0) returned 1 [0104.357] CloseHandle (hObject=0x128) returned 1 [0104.358] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0104.358] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0104.358] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0104.359] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0104.359] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000287d64 | out: lpMode=0xc000287d64) returned 0 [0104.362] GetFileType (hFile=0x128) returned 0x1 [0104.362] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000287d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000287d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.362] CloseHandle (hObject=0x128) returned 1 [0104.363] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\encry-verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\encry-verified_contents.json"), dwFlags=0x1) returned 1 [0104.364] SwitchToThread () returned 1 [0104.366] SetEvent (hEvent=0xb8) returned 1 [0104.366] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.368] SetEvent (hEvent=0x164) returned 1 [0104.368] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.376] SetEvent (hEvent=0x9c) returned 1 [0104.376] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.423] SetEvent (hEvent=0xf4) returned 1 [0104.423] SetEvent (hEvent=0x108) returned 1 [0104.423] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.439] SetEvent (hEvent=0xb8) returned 1 [0104.439] SetEvent (hEvent=0x164) returned 1 [0104.439] SetEvent (hEvent=0x108) returned 1 [0104.439] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.443] SetEvent (hEvent=0xb8) returned 1 [0104.443] SetEvent (hEvent=0xf4) returned 1 [0104.443] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.462] SetEvent (hEvent=0xb8) returned 1 [0104.462] SetEvent (hEvent=0x164) returned 1 [0104.463] SetEvent (hEvent=0xf4) returned 1 [0104.463] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.474] VirtualFree (lpAddress=0xc00043a000, dwSize=0x8e000, dwFreeType=0x4000) returned 1 [0104.478] VirtualFree (lpAddress=0xc0002ea000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.478] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.478] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.478] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.479] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.479] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.479] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.479] SetEvent (hEvent=0x9c) returned 1 [0104.479] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.485] SetEvent (hEvent=0xb8) returned 1 [0104.485] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.492] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0104.493] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0104.493] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0104.493] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0104.494] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0104.494] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0104.495] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001cbcf4 | out: lpMode=0xc0001cbcf4) returned 0 [0104.496] GetFileType (hFile=0x150) returned 0x1 [0104.496] GetFileType (hFile=0x150) returned 0x1 [0104.496] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0001cbd44 | out: lpFileInformation=0xc0001cbd44) returned 1 [0104.496] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0001cbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cbd28) returned 1 [0104.496] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x7a000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.496] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x7a000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.496] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x3d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.496] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.496] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0xf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.496] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.496] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.496] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0104.497] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x79000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.497] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.497] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.497] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0xf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.497] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.497] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.497] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ff000 [0104.497] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x78000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0104.507] ReadFile (in: hFile=0x150, lpBuffer=0xc0003fe000, nNumberOfBytesToRead=0x796cf, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesRead=0xc0001cbc04*=0x794cf, lpOverlapped=0x0) returned 1 [0104.514] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.602] ReadFile (in: hFile=0x150, lpBuffer=0xc0004774cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004774cf*, lpNumberOfBytesRead=0xc0001cbc04*=0x0, lpOverlapped=0x0) returned 1 [0104.603] CloseHandle (hObject=0x150) returned 1 [0104.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0104.608] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001cbd04 | out: lpMode=0xc0001cbd04) returned 0 [0104.614] GetFileType (hFile=0x150) returned 0x1 [0104.614] WriteFile (in: hFile=0x150, lpBuffer=0xc00058e000*, nNumberOfBytesToWrite=0x794d0, lpNumberOfBytesWritten=0xc0001cbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesWritten=0xc0001cbcec*=0x794d0, lpOverlapped=0x0) returned 1 [0104.624] CloseHandle (hObject=0x150) returned 1 [0104.624] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0104.625] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0104.625] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001cbd64 | out: lpMode=0xc0001cbd64) returned 0 [0104.634] GetFileType (hFile=0x150) returned 0x1 [0104.634] WriteFile (in: hFile=0x150, lpBuffer=0xc00016a840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a840*, lpNumberOfBytesWritten=0xc0001cbd4c*=0x158, lpOverlapped=0x0) returned 1 [0104.635] CloseHandle (hObject=0x150) returned 1 [0104.635] VirtualAlloc (lpAddress=0xc000478000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000478000 [0104.635] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_hangouts.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-mirroring_hangouts.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-mirroring_hangouts.js"), dwFlags=0x1) returned 1 [0104.636] VirtualFree (lpAddress=0xc000608000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0104.636] VirtualAlloc (lpAddress=0xc00047a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00047a000 [0104.637] SetEvent (hEvent=0x12c) returned 1 [0104.637] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0104.641] SetEvent (hEvent=0x188) returned 1 [0104.641] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0107.945] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0107.946] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0107.947] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0107.948] SetEvent (hEvent=0x12c) returned 1 [0107.949] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0107.949] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060000*, nNumberOfCharsToWrite=0x64, lpNumberOfCharsWritten=0xc000247808, lpReserved=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfCharsWritten=0xc000247808*=0x64) returned 1 [0107.950] SetEvent (hEvent=0x12c) returned 1 [0107.950] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082b01 | out: pbBuffer=0xc000082b01) returned 1 [0107.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0108.405] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0108.409] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0108.412] SetEvent (hEvent=0xb8) returned 1 [0108.412] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0108.413] SetEvent (hEvent=0x108) returned 1 [0108.413] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.055] SetEvent (hEvent=0xf4) returned 1 [0110.055] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.058] SetEvent (hEvent=0x114) returned 1 [0110.058] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.064] SetEvent (hEvent=0x198) returned 1 [0110.064] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.093] SetEvent (hEvent=0x9c) returned 1 [0110.093] SwitchToThread () returned 1 [0110.095] SetEvent (hEvent=0x9c) returned 1 [0110.095] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.096] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586190*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00027b818, lpReserved=0x0 | out: lpBuffer=0xc000586190*, lpNumberOfCharsWritten=0xc00027b818*=0x3) returned 1 [0110.098] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586196*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000211818, lpReserved=0x0 | out: lpBuffer=0xc000586196*, lpNumberOfCharsWritten=0xc000211818*=0x3) returned 1 [0110.100] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000104000*, nNumberOfCharsToWrite=0x90, lpNumberOfCharsWritten=0xc000265808, lpReserved=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfCharsWritten=0xc000265808*=0x90) returned 1 [0110.106] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0110.106] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0110.106] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0110.107] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0110.107] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0110.107] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000265d64 | out: lpMode=0xc000265d64) returned 0 [0110.115] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.117] SetEvent (hEvent=0xc0) returned 1 [0110.117] GetFileType (hFile=0x1dc) returned 0x1 [0110.117] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.133] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000265d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc000265d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.133] CloseHandle (hObject=0x1dc) returned 1 [0110.134] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0110.134] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0110.135] VirtualFree (lpAddress=0xc0002fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.136] VirtualFree (lpAddress=0xc0002f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.136] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.136] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.137] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.137] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.137] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.137] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.138] SetEvent (hEvent=0x198) returned 1 [0110.138] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.146] SetEvent (hEvent=0xb8) returned 1 [0110.146] SwitchToThread () returned 1 [0110.148] SetEvent (hEvent=0x164) returned 1 [0110.148] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.168] SetEvent (hEvent=0xf4) returned 1 [0110.168] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.169] SetEvent (hEvent=0x9c) returned 1 [0110.169] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0110.169] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000269cf4 | out: lpMode=0xc000269cf4) returned 0 [0110.170] GetFileType (hFile=0x1dc) returned 0x1 [0110.170] GetFileType (hFile=0x1dc) returned 0x1 [0110.170] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc000269d44 | out: lpFileInformation=0xc000269d44) returned 1 [0110.170] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc000269d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000269d28) returned 1 [0110.170] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0110.171] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0110.171] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0001c0000, nNumberOfBytesToRead=0x542, lpNumberOfBytesRead=0xc000269c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0000*, lpNumberOfBytesRead=0xc000269c04*=0x342, lpOverlapped=0x0) returned 1 [0110.179] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0001c0342, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000269c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0342*, lpNumberOfBytesRead=0xc000269c04*=0x0, lpOverlapped=0x0) returned 1 [0110.179] CloseHandle (hObject=0x1dc) returned 1 [0110.179] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0110.179] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0110.180] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.197] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000269d04 | out: lpMode=0xc000269d04) returned 0 [0110.198] GetFileType (hFile=0x1bc) returned 0x1 [0110.198] WriteFile (in: hFile=0x1bc, lpBuffer=0xc00003e000*, nNumberOfBytesToWrite=0x350, lpNumberOfBytesWritten=0xc000269cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003e000*, lpNumberOfBytesWritten=0xc000269cec*=0x350, lpOverlapped=0x0) returned 1 [0110.199] CloseHandle (hObject=0x1bc) returned 1 [0110.210] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0110.210] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0110.211] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0110.211] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0110.212] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0110.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0110.212] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000269d64 | out: lpMode=0xc000269d64) returned 0 [0110.215] GetFileType (hFile=0x1dc) returned 0x1 [0110.215] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0002ac2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000269d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ac2c0*, lpNumberOfBytesWritten=0xc000269d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.215] CloseHandle (hObject=0x1dc) returned 1 [0110.219] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-AAdAVrM[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-aadavrm[1].png"), dwFlags=0x1) returned 1 [0110.411] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.412] SetEvent (hEvent=0xb8) returned 1 [0110.412] SetEvent (hEvent=0x1a0) returned 1 [0110.412] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.413] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.413] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.413] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001ed818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc0001ed818*=0x2) returned 1 [0110.414] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.420] SetEvent (hEvent=0xb8) returned 1 [0110.420] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.423] SetEvent (hEvent=0xb8) returned 1 [0110.423] SetEvent (hEvent=0xfc) returned 1 [0110.423] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000269818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc000269818*=0x2) returned 1 [0110.425] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.429] SetEvent (hEvent=0x9c) returned 1 [0110.429] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.431] SetEvent (hEvent=0x9c) returned 1 [0110.431] SetEvent (hEvent=0xb8) returned 1 [0110.431] VirtualFree (lpAddress=0xc000292000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.432] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.432] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.432] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000143818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000143818*=0x2) returned 1 [0110.436] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.462] SetEvent (hEvent=0x198) returned 1 [0110.462] SetEvent (hEvent=0xb8) returned 1 [0110.462] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0110.462] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0110.463] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0110.463] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00029bcf4 | out: lpMode=0xc00029bcf4) returned 0 [0110.464] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0110.464] GetFileType (hFile=0x1dc) returned 0x1 [0110.464] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0110.465] GetFileType (hFile=0x1dc) returned 0x1 [0110.465] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc00029bd44 | out: lpFileInformation=0xc00029bd44) returned 1 [0110.465] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc00029bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029bd28) returned 1 [0110.465] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0110.465] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0110.466] ReadFile (in: hFile=0x1dc, lpBuffer=0xc000146000, nNumberOfBytesToRead=0x38c, lpNumberOfBytesRead=0xc00029bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000146000*, lpNumberOfBytesRead=0xc00029bc04*=0x18c, lpOverlapped=0x0) returned 1 [0110.468] ReadFile (in: hFile=0x1dc, lpBuffer=0xc00014618c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00014618c*, lpNumberOfBytesRead=0xc00029bc04*=0x0, lpOverlapped=0x0) returned 1 [0110.468] CloseHandle (hObject=0x1dc) returned 1 [0110.468] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0110.478] SetEvent (hEvent=0xc0) returned 1 [0110.478] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00029bd04 | out: lpMode=0xc00029bd04) returned 0 [0110.479] GetFileType (hFile=0x1dc) returned 0x1 [0110.479] WriteFile (in: hFile=0x1dc, lpBuffer=0xc000060000*, nNumberOfBytesToWrite=0x190, lpNumberOfBytesWritten=0xc00029bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesWritten=0xc00029bcec*=0x190, lpOverlapped=0x0) returned 1 [0110.480] CloseHandle (hObject=0x1dc) returned 1 [0110.480] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0110.481] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0110.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0110.481] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00029bd64 | out: lpMode=0xc00029bd64) returned 0 [0110.481] GetFileType (hFile=0x1dc) returned 0x1 [0110.482] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00029bd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.482] CloseHandle (hObject=0x1dc) returned 1 [0110.482] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BB6Ma4a[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bb6ma4a[1].png"), dwFlags=0x1) returned 1 [0110.521] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.522] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0110.522] SetEvent (hEvent=0x198) returned 1 [0110.522] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.523] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.525] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0110.525] SetEvent (hEvent=0x1a0) returned 1 [0110.525] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.530] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.547] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.559] SetEvent (hEvent=0x108) returned 1 [0110.559] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.562] SetEvent (hEvent=0x108) returned 1 [0110.562] SetEvent (hEvent=0xb8) returned 1 [0110.562] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.563] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.563] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.563] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.564] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00023f818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc00023f818*=0x2) returned 1 [0110.565] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.573] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.575] SetEvent (hEvent=0x198) returned 1 [0110.575] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.577] SetEvent (hEvent=0x198) returned 1 [0110.578] SetEvent (hEvent=0xfc) returned 1 [0110.578] VirtualFree (lpAddress=0xc00025a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0110.578] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.579] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.579] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.579] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.579] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.580] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.580] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.580] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010050*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc000010050*, lpNumberOfCharsWritten=0xc000175818*=0x2) returned 1 [0110.584] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.590] SetEvent (hEvent=0xfc) returned 1 [0110.590] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.590] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0110.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0110.591] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001bbcf4 | out: lpMode=0xc0001bbcf4) returned 0 [0110.592] GetFileType (hFile=0x1bc) returned 0x1 [0110.592] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0110.592] GetFileType (hFile=0x1bc) returned 0x1 [0110.593] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0001bbd44 | out: lpFileInformation=0xc0001bbd44) returned 1 [0110.593] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0001bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bbd28) returned 1 [0110.593] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0110.596] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x6418, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0001bbc04*=0x6218, lpOverlapped=0x0) returned 1 [0110.598] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002aa218, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002aa218*, lpNumberOfBytesRead=0xc0001bbc04*=0x0, lpOverlapped=0x0) returned 1 [0110.598] CloseHandle (hObject=0x1bc) returned 1 [0110.598] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0110.598] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0110.599] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0110.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.605] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001bbd04 | out: lpMode=0xc0001bbd04) returned 0 [0110.606] GetFileType (hFile=0x1bc) returned 0x1 [0110.606] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0002aaa80*, nNumberOfBytesToWrite=0x6220, lpNumberOfBytesWritten=0xc0001bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002aaa80*, lpNumberOfBytesWritten=0xc0001bbcec*=0x6220, lpOverlapped=0x0) returned 1 [0110.607] CloseHandle (hObject=0x1bc) returned 1 [0110.612] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0110.612] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0110.612] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0110.612] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0110.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.613] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001bbd64 | out: lpMode=0xc0001bbd64) returned 0 [0110.613] GetFileType (hFile=0x1bc) returned 0x1 [0110.613] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.614] CloseHandle (hObject=0x1bc) returned 1 [0110.614] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBO3tl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbo3tl[1].jpg"), dwFlags=0x1) returned 1 [0110.649] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0110.649] SetEvent (hEvent=0x1a0) returned 1 [0110.650] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.652] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.652] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.656] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0110.656] SetEvent (hEvent=0xb8) returned 1 [0110.656] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.659] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.660] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.676] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.686] SetEvent (hEvent=0x108) returned 1 [0110.686] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.689] SetEvent (hEvent=0x108) returned 1 [0110.689] SetEvent (hEvent=0xfc) returned 1 [0110.689] VirtualFree (lpAddress=0xc0002a4000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0110.690] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.690] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.690] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.691] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.691] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010058*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001b7818, lpReserved=0x0 | out: lpBuffer=0xc000010058*, lpNumberOfCharsWritten=0xc0001b7818*=0x2) returned 1 [0110.693] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.700] SetEvent (hEvent=0x1a0) returned 1 [0110.700] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0110.702] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0001b7cf4 | out: lpMode=0xc0001b7cf4) returned 0 [0110.703] GetFileType (hFile=0x1b4) returned 0x1 [0110.703] GetFileType (hFile=0x1b4) returned 0x1 [0110.703] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc0001b7d44 | out: lpFileInformation=0xc0001b7d44) returned 1 [0110.703] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc0001b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b7d28) returned 1 [0110.703] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0110.704] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000070000, nNumberOfBytesToRead=0x9ae, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesRead=0xc0001b7c04*=0x7ae, lpOverlapped=0x0) returned 1 [0110.708] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000707ae, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000707ae*, lpNumberOfBytesRead=0xc0001b7c04*=0x0, lpOverlapped=0x0) returned 1 [0110.708] CloseHandle (hObject=0x1b4) returned 1 [0110.708] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0110.708] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.709] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.713] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0001b7d04 | out: lpMode=0xc0001b7d04) returned 0 [0110.713] GetFileType (hFile=0x1b4) returned 0x1 [0110.713] WriteFile (in: hFile=0x1b4, lpBuffer=0xc000036000*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0xc0001b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesWritten=0xc0001b7cec*=0x7b0, lpOverlapped=0x0) returned 1 [0110.714] CloseHandle (hObject=0x1b4) returned 1 [0110.715] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532501 | out: pbBuffer=0xc000532501) returned 1 [0110.715] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0110.716] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.716] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001b7d64 | out: lpMode=0xc0001b7d64) returned 0 [0110.717] GetFileType (hFile=0x128) returned 0x1 [0110.717] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.717] CloseHandle (hObject=0x128) returned 1 [0110.719] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0110.719] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0110.720] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0110.720] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0110.720] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBTpvW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbtpvw[1].jpg"), dwFlags=0x1) returned 1 [0110.753] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.754] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0110.754] SetEvent (hEvent=0xc0) returned 1 [0110.754] SetEvent (hEvent=0x1a0) returned 1 [0110.754] SetEvent (hEvent=0xb8) returned 1 [0110.754] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.756] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.756] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0110.756] SetEvent (hEvent=0xb8) returned 1 [0110.756] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.761] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.780] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.787] SetEvent (hEvent=0x108) returned 1 [0110.787] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.792] SetEvent (hEvent=0x108) returned 1 [0110.792] SetEvent (hEvent=0xfc) returned 1 [0110.792] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.792] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0038*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00022b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0038*, lpNumberOfCharsWritten=0xc00022b818*=0x2) returned 1 [0110.793] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.799] SetEvent (hEvent=0x1a0) returned 1 [0110.799] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0110.802] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000187cf4 | out: lpMode=0xc000187cf4) returned 0 [0110.802] GetFileType (hFile=0x128) returned 0x1 [0110.802] GetFileType (hFile=0x128) returned 0x1 [0110.803] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000187d44 | out: lpFileInformation=0xc000187d44) returned 1 [0110.803] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000187d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000187d28) returned 1 [0110.803] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0110.803] ReadFile (in: hFile=0x128, lpBuffer=0xc000058000, nNumberOfBytesToRead=0x1b63, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesRead=0xc000187c04*=0x1963, lpOverlapped=0x0) returned 1 [0110.807] ReadFile (in: hFile=0x128, lpBuffer=0xc000059963, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc000059963*, lpNumberOfBytesRead=0xc000187c04*=0x0, lpOverlapped=0x0) returned 1 [0110.807] CloseHandle (hObject=0x128) returned 1 [0110.807] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0110.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.809] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000187d04 | out: lpMode=0xc000187d04) returned 0 [0110.809] GetFileType (hFile=0x128) returned 0x1 [0110.809] WriteFile (in: hFile=0x128, lpBuffer=0xc00050d980*, nNumberOfBytesToWrite=0x1970, lpNumberOfBytesWritten=0xc000187cec, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesWritten=0xc000187cec*=0x1970, lpOverlapped=0x0) returned 1 [0110.811] CloseHandle (hObject=0x128) returned 1 [0110.811] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0110.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.811] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000187d64 | out: lpMode=0xc000187d64) returned 0 [0110.812] GetFileType (hFile=0x128) returned 0x1 [0110.812] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000187d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000187d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.812] CloseHandle (hObject=0x128) returned 1 [0110.814] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBseMP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbsemp[1].jpg"), dwFlags=0x1) returned 1 [0110.840] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.840] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0110.840] SetEvent (hEvent=0x1a0) returned 1 [0110.840] SetEvent (hEvent=0xb8) returned 1 [0110.840] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0110.842] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.844] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.844] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0110.844] SetEvent (hEvent=0xb8) returned 1 [0110.844] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.850] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.851] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.869] SwitchToThread () returned 1 [0110.871] SetEvent (hEvent=0xb8) returned 1 [0110.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0110.872] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000187cf4 | out: lpMode=0xc000187cf4) returned 0 [0110.872] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.877] GetFileType (hFile=0x1dc) returned 0x1 [0110.877] GetFileType (hFile=0x1dc) returned 0x1 [0110.877] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc000187d44 | out: lpFileInformation=0xc000187d44) returned 1 [0110.877] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc000187d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000187d28) returned 1 [0110.877] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0110.879] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x35a8, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000187c04*=0x33a8, lpOverlapped=0x0) returned 1 [0110.896] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0002a73a8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a73a8*, lpNumberOfBytesRead=0xc000187c04*=0x0, lpOverlapped=0x0) returned 1 [0110.897] CloseHandle (hObject=0x1dc) returned 1 [0110.897] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0110.897] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0110.897] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0110.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.907] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000187d04 | out: lpMode=0xc000187d04) returned 0 [0110.909] GetFileType (hFile=0x1bc) returned 0x1 [0110.909] WriteFile (in: hFile=0x1bc, lpBuffer=0xc00004e000*, nNumberOfBytesToWrite=0x33b0, lpNumberOfBytesWritten=0xc000187cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesWritten=0xc000187cec*=0x33b0, lpOverlapped=0x0) returned 1 [0110.910] CloseHandle (hObject=0x1bc) returned 1 [0110.912] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0110.912] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0110.913] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0110.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.913] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000187d64 | out: lpMode=0xc000187d64) returned 0 [0110.921] GetFileType (hFile=0x1b4) returned 0x1 [0110.921] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000187d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000187d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.921] CloseHandle (hObject=0x1b4) returned 1 [0110.921] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbc06ub[1].jpg"), dwFlags=0x1) returned 1 [0110.940] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.943] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.945] SetEvent (hEvent=0xfc) returned 1 [0110.946] SetEvent (hEvent=0x15c) returned 1 [0110.946] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0110.953] SetEvent (hEvent=0x9c) returned 1 [0110.954] VirtualFree (lpAddress=0xc00025a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0110.954] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.954] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.954] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.955] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.955] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.956] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001b7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0018*, lpNumberOfCharsWritten=0xc0001b7818*=0x2) returned 1 [0110.969] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000187818, lpReserved=0x0 | out: lpBuffer=0xc0000a0040*, lpNumberOfCharsWritten=0xc000187818*=0x2) returned 1 [0110.973] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0110.973] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0110.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0110.974] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0000e5cf4 | out: lpMode=0xc0000e5cf4) returned 0 [0110.976] GetFileType (hFile=0x1bc) returned 0x1 [0110.976] GetFileType (hFile=0x1bc) returned 0x1 [0110.976] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0000e5d44 | out: lpFileInformation=0xc0000e5d44) returned 1 [0110.976] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0000e5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000e5d28) returned 1 [0110.976] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0110.976] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0110.977] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0x2af2, lpNumberOfBytesRead=0xc0000e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc0000e5c04*=0x28f2, lpOverlapped=0x0) returned 1 [0110.991] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00011e8f2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011e8f2*, lpNumberOfBytesRead=0xc0000e5c04*=0x0, lpOverlapped=0x0) returned 1 [0110.992] CloseHandle (hObject=0x1bc) returned 1 [0110.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.010] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0000e5d04 | out: lpMode=0xc0000e5d04) returned 0 [0111.011] GetFileType (hFile=0x1e4) returned 0x1 [0111.011] WriteFile (in: hFile=0x1e4, lpBuffer=0xc000232a80*, nNumberOfBytesToWrite=0x2900, lpNumberOfBytesWritten=0xc0000e5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000232a80*, lpNumberOfBytesWritten=0xc0000e5cec*=0x2900, lpOverlapped=0x0) returned 1 [0111.012] CloseHandle (hObject=0x1e4) returned 1 [0111.013] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082e01 | out: pbBuffer=0xc000082e01) returned 1 [0111.013] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.013] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0000e5d64 | out: lpMode=0xc0000e5d64) returned 0 [0111.014] GetFileType (hFile=0x1dc) returned 0x1 [0111.014] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d7340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000e5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7340*, lpNumberOfBytesWritten=0xc0000e5d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.014] CloseHandle (hObject=0x1dc) returned 1 [0111.015] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBDK7Yy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbdk7yy[1].jpg"), dwFlags=0x1) returned 1 [0111.081] SetEvent (hEvent=0x164) returned 1 [0111.081] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.083] SwitchToThread () returned 1 [0111.083] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.086] SetEvent (hEvent=0xb8) returned 1 [0111.086] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.087] SetEvent (hEvent=0xb8) returned 1 [0111.087] SetEvent (hEvent=0x9c) returned 1 [0111.088] SetEvent (hEvent=0xfc) returned 1 [0111.088] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.089] SetEvent (hEvent=0xb8) returned 1 [0111.089] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0111.089] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000257cf4 | out: lpMode=0xc000257cf4) returned 0 [0111.091] GetFileType (hFile=0x1dc) returned 0x1 [0111.091] GetFileType (hFile=0x1dc) returned 0x1 [0111.091] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc000257d44 | out: lpFileInformation=0xc000257d44) returned 1 [0111.091] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc000257d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000257d28) returned 1 [0111.091] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0000a2900, nNumberOfBytesToRead=0x8e0, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2900*, lpNumberOfBytesRead=0xc000257c04*=0x6e0, lpOverlapped=0x0) returned 1 [0111.096] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0000a2fe0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2fe0*, lpNumberOfBytesRead=0xc000257c04*=0x0, lpOverlapped=0x0) returned 1 [0111.096] CloseHandle (hObject=0x1dc) returned 1 [0111.096] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0111.096] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0111.097] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.101] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000257d04 | out: lpMode=0xc000257d04) returned 0 [0111.101] GetFileType (hFile=0x1e4) returned 0x1 [0111.102] WriteFile (in: hFile=0x1e4, lpBuffer=0xc00004c000*, nNumberOfBytesToWrite=0x6f0, lpNumberOfBytesWritten=0xc000257cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesWritten=0xc000257cec*=0x6f0, lpOverlapped=0x0) returned 1 [0111.103] CloseHandle (hObject=0x1e4) returned 1 [0111.103] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0111.103] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0111.104] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0111.104] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0111.105] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0111.105] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0111.105] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.105] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000257d64 | out: lpMode=0xc000257d64) returned 0 [0111.107] GetFileType (hFile=0x1e4) returned 0x1 [0111.108] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0111.108] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0111.108] WriteFile (in: hFile=0x1e4, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000257d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc000257d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.108] CloseHandle (hObject=0x1e4) returned 1 [0111.109] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0111.110] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBE9wSt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbe9wst[1].jpg"), dwFlags=0x1) returned 1 [0111.155] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.156] SetEvent (hEvent=0xb8) returned 1 [0111.156] SetEvent (hEvent=0x1a0) returned 1 [0111.156] VirtualFree (lpAddress=0xc0002a4000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0111.157] VirtualFree (lpAddress=0xc00025a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.157] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.157] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.158] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.158] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.158] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.159] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.159] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.159] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001a7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc0001a7818*=0x2) returned 1 [0111.160] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.167] SetEvent (hEvent=0xb8) returned 1 [0111.167] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.170] SetEvent (hEvent=0xb8) returned 1 [0111.170] SetEvent (hEvent=0x9c) returned 1 [0111.170] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.170] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.170] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.171] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.171] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.171] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000257818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc000257818*=0x2) returned 1 [0111.172] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.177] SetEvent (hEvent=0xfc) returned 1 [0111.177] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.180] SetEvent (hEvent=0xfc) returned 1 [0111.180] SetEvent (hEvent=0x9c) returned 1 [0111.180] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.180] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.181] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.181] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0111.181] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000183818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc000183818*=0x2) returned 1 [0111.183] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.184] SetEvent (hEvent=0x9c) returned 1 [0111.184] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0111.184] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0111.188] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000183cf4 | out: lpMode=0xc000183cf4) returned 0 [0111.188] GetFileType (hFile=0x1bc) returned 0x1 [0111.188] GetFileType (hFile=0x1bc) returned 0x1 [0111.188] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000183d44 | out: lpFileInformation=0xc000183d44) returned 1 [0111.188] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000183d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000183d28) returned 1 [0111.188] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0111.189] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0xb7b, lpNumberOfBytesRead=0xc000183c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc000183c04*=0x97b, lpOverlapped=0x0) returned 1 [0111.191] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00011c97b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000183c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c97b*, lpNumberOfBytesRead=0xc000183c04*=0x0, lpOverlapped=0x0) returned 1 [0111.191] CloseHandle (hObject=0x1bc) returned 1 [0111.192] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0111.192] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0111.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0111.195] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000183d04 | out: lpMode=0xc000183d04) returned 0 [0111.195] GetFileType (hFile=0x1bc) returned 0x1 [0111.195] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000070000*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0xc000183cec, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesWritten=0xc000183cec*=0x980, lpOverlapped=0x0) returned 1 [0111.196] CloseHandle (hObject=0x1bc) returned 1 [0111.197] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0111.197] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0111.197] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0111.198] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0111.198] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0111.199] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0111.199] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0111.200] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000183d64 | out: lpMode=0xc000183d64) returned 0 [0111.200] GetFileType (hFile=0x1bc) returned 0x1 [0111.200] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0001262c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000183d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001262c0*, lpNumberOfBytesWritten=0xc000183d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.200] CloseHandle (hObject=0x1bc) returned 1 [0111.200] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0111.213] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEdoQv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbedoqv[1].jpg"), dwFlags=0x1) returned 1 [0111.251] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.251] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0111.251] SetEvent (hEvent=0xb8) returned 1 [0111.251] SetEvent (hEvent=0x164) returned 1 [0111.252] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.255] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.255] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0111.255] SetEvent (hEvent=0x164) returned 1 [0111.255] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.261] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.262] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.283] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.292] SetEvent (hEvent=0xfc) returned 1 [0111.292] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.295] SetEvent (hEvent=0xfc) returned 1 [0111.295] SetEvent (hEvent=0x9c) returned 1 [0111.295] VirtualFree (lpAddress=0xc0002b2000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0111.296] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0111.296] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.297] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.297] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.297] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.297] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00026d818, lpReserved=0x0 | out: lpBuffer=0xc000060010*, lpNumberOfCharsWritten=0xc00026d818*=0x2) returned 1 [0111.300] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.306] SetEvent (hEvent=0xb8) returned 1 [0111.306] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0111.308] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00026dcf4 | out: lpMode=0xc00026dcf4) returned 0 [0111.309] GetFileType (hFile=0x1e4) returned 0x1 [0111.309] GetFileType (hFile=0x1e4) returned 0x1 [0111.309] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc00026dd44 | out: lpFileInformation=0xc00026dd44) returned 1 [0111.309] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc00026dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026dd28) returned 1 [0111.309] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0111.309] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x3e4c, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc00026dc04*=0x3c4c, lpOverlapped=0x0) returned 1 [0111.313] ReadFile (in: hFile=0x1e4, lpBuffer=0xc000051c4c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000051c4c*, lpNumberOfBytesRead=0xc00026dc04*=0x0, lpOverlapped=0x0) returned 1 [0111.313] CloseHandle (hObject=0x1e4) returned 1 [0111.313] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0111.313] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0111.314] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.316] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00026dd04 | out: lpMode=0xc00026dd04) returned 0 [0111.316] GetFileType (hFile=0x1e4) returned 0x1 [0111.316] WriteFile (in: hFile=0x1e4, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x3c50, lpNumberOfBytesWritten=0xc00026dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc00026dcec*=0x3c50, lpOverlapped=0x0) returned 1 [0111.317] CloseHandle (hObject=0x1e4) returned 1 [0111.318] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082501 | out: pbBuffer=0xc000082501) returned 1 [0111.318] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0111.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.319] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00026dd64 | out: lpMode=0xc00026dd64) returned 0 [0111.320] GetFileType (hFile=0x1e4) returned 0x1 [0111.320] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00026dd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.320] CloseHandle (hObject=0x1e4) returned 1 [0111.320] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbefjut[1].jpg"), dwFlags=0x1) returned 1 [0111.358] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0111.358] SetEvent (hEvent=0xb8) returned 1 [0111.358] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.360] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.360] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.363] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0111.363] SetEvent (hEvent=0x164) returned 1 [0111.363] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.367] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.367] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.389] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.396] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.403] SetEvent (hEvent=0xfc) returned 1 [0111.403] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.406] SetEvent (hEvent=0xfc) returned 1 [0111.406] SetEvent (hEvent=0x9c) returned 1 [0111.406] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0111.407] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0111.407] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.407] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.408] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.408] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.408] VirtualFree (lpAddress=0xc00004e000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.409] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.409] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000183818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc000183818*=0x2) returned 1 [0111.410] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.416] SetEvent (hEvent=0xb8) returned 1 [0111.416] SetEvent (hEvent=0x9c) returned 1 [0111.416] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0111.417] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0111.417] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000217cf4 | out: lpMode=0xc000217cf4) returned 0 [0111.418] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0111.418] GetFileType (hFile=0x1e4) returned 0x1 [0111.419] GetFileType (hFile=0x1e4) returned 0x1 [0111.419] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc000217d44 | out: lpFileInformation=0xc000217d44) returned 1 [0111.419] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc000217d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000217d28) returned 1 [0111.419] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0111.420] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x46ec, lpNumberOfBytesRead=0xc000217c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc000217c04*=0x44ec, lpOverlapped=0x0) returned 1 [0111.423] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00025e4ec, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000217c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025e4ec*, lpNumberOfBytesRead=0xc000217c04*=0x0, lpOverlapped=0x0) returned 1 [0111.423] CloseHandle (hObject=0x1e4) returned 1 [0111.423] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0111.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.427] SetEvent (hEvent=0xc0) returned 1 [0111.428] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000217d04 | out: lpMode=0xc000217d04) returned 0 [0111.428] GetFileType (hFile=0x1e4) returned 0x1 [0111.428] WriteFile (in: hFile=0x1e4, lpBuffer=0xc00025e800*, nNumberOfBytesToWrite=0x44f0, lpNumberOfBytesWritten=0xc000217cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025e800*, lpNumberOfBytesWritten=0xc000217cec*=0x44f0, lpOverlapped=0x0) returned 1 [0111.429] CloseHandle (hObject=0x1e4) returned 1 [0111.430] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0111.430] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0111.430] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.430] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000217d64 | out: lpMode=0xc000217d64) returned 0 [0111.431] GetFileType (hFile=0x1e4) returned 0x1 [0111.431] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000217d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000217d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.431] CloseHandle (hObject=0x1e4) returned 1 [0111.431] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbegsz3[1].jpg"), dwFlags=0x1) returned 1 [0111.487] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.487] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0111.487] SetEvent (hEvent=0xc0) returned 1 [0111.487] SetEvent (hEvent=0xb8) returned 1 [0111.488] SetEvent (hEvent=0x164) returned 1 [0111.488] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.491] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0111.491] SetEvent (hEvent=0x164) returned 1 [0111.492] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.495] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.510] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.521] SetEvent (hEvent=0xfc) returned 1 [0111.521] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.525] SetEvent (hEvent=0xfc) returned 1 [0111.525] SetEvent (hEvent=0x9c) returned 1 [0111.525] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.525] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.526] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.526] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.526] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586190*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000bb818, lpReserved=0x0 | out: lpBuffer=0xc000586190*, lpNumberOfCharsWritten=0xc0000bb818*=0x2) returned 1 [0111.529] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.537] SetEvent (hEvent=0xb8) returned 1 [0111.537] SetEvent (hEvent=0x9c) returned 1 [0111.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0111.537] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00019dcf4 | out: lpMode=0xc00019dcf4) returned 0 [0111.538] GetFileType (hFile=0x180) returned 0x1 [0111.538] GetFileType (hFile=0x180) returned 0x1 [0111.538] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc00019dd44 | out: lpFileInformation=0xc00019dd44) returned 1 [0111.538] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc00019dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00019dd28) returned 1 [0111.538] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0111.539] ReadFile (in: hFile=0x180, lpBuffer=0xc0000d8000, nNumberOfBytesToRead=0x2f3, lpNumberOfBytesRead=0xc00019dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesRead=0xc00019dc04*=0xf3, lpOverlapped=0x0) returned 1 [0111.544] ReadFile (in: hFile=0x180, lpBuffer=0xc0000d80f3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00019dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d80f3*, lpNumberOfBytesRead=0xc00019dc04*=0x0, lpOverlapped=0x0) returned 1 [0111.544] CloseHandle (hObject=0x180) returned 1 [0111.544] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0111.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.546] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00019dd04 | out: lpMode=0xc00019dd04) returned 0 [0111.546] GetFileType (hFile=0x180) returned 0x1 [0111.546] WriteFile (in: hFile=0x180, lpBuffer=0xc000082800*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc00019dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000082800*, lpNumberOfBytesWritten=0xc00019dcec*=0x100, lpOverlapped=0x0) returned 1 [0111.548] CloseHandle (hObject=0x180) returned 1 [0111.548] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082b01 | out: pbBuffer=0xc000082b01) returned 1 [0111.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.548] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00019dd64 | out: lpMode=0xc00019dd64) returned 0 [0111.549] GetFileType (hFile=0x180) returned 0x1 [0111.549] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00019dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00019dd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.549] CloseHandle (hObject=0x180) returned 1 [0111.550] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBg3ODX[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbg3odx[2].png"), dwFlags=0x1) returned 1 [0111.574] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0111.574] SetEvent (hEvent=0xb8) returned 1 [0111.575] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.578] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0111.578] SetEvent (hEvent=0xb8) returned 1 [0111.578] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.581] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0111.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0111.582] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00028bcf4 | out: lpMode=0xc00028bcf4) returned 0 [0111.583] GetFileType (hFile=0x180) returned 0x1 [0111.584] GetFileType (hFile=0x180) returned 0x1 [0111.584] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc00028bd44 | out: lpFileInformation=0xc00028bd44) returned 1 [0111.584] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc00028bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00028bd28) returned 1 [0111.584] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0111.584] ReadFile (in: hFile=0x180, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x44b, lpNumberOfBytesRead=0xc00028bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc00028bc04*=0x24b, lpOverlapped=0x0) returned 1 [0111.587] ReadFile (in: hFile=0x180, lpBuffer=0xc00006c24b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00028bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c24b*, lpNumberOfBytesRead=0xc00028bc04*=0x0, lpOverlapped=0x0) returned 1 [0111.587] CloseHandle (hObject=0x180) returned 1 [0111.587] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0111.588] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0111.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.591] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00028bd04 | out: lpMode=0xc00028bd04) returned 0 [0111.593] GetFileType (hFile=0x1dc) returned 0x1 [0111.593] WriteFile (in: hFile=0x1dc, lpBuffer=0xc000074000*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0xc00028bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000074000*, lpNumberOfBytesWritten=0xc00028bcec*=0x250, lpOverlapped=0x0) returned 1 [0111.597] CloseHandle (hObject=0x1dc) returned 1 [0111.601] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0111.602] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0111.602] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0111.602] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0111.603] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.603] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00028bd64 | out: lpMode=0xc00028bd64) returned 0 [0111.605] GetFileType (hFile=0x180) returned 0x1 [0111.605] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0111.606] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00028bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00028bd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.606] CloseHandle (hObject=0x180) returned 1 [0111.607] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBnMKeN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbnmken[1].png"), dwFlags=0x1) returned 1 [0111.686] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0111.686] SetEvent (hEvent=0x164) returned 1 [0111.686] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0111.687] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.688] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0111.688] SetEvent (hEvent=0x164) returned 1 [0111.689] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.694] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.710] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.723] SetEvent (hEvent=0xb8) returned 1 [0111.723] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.727] SetEvent (hEvent=0xb8) returned 1 [0111.727] SetEvent (hEvent=0x9c) returned 1 [0111.727] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.727] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.727] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.728] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.728] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00022d818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc00022d818*=0x2) returned 1 [0111.730] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.737] SetEvent (hEvent=0x1a0) returned 1 [0111.737] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.741] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0111.741] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\WebCore.4.19.0.ltr.light.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\webcore.4.19.0.ltr.light.min[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0111.742] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00022dcf4 | out: lpMode=0xc00022dcf4) returned 0 [0111.743] GetFileType (hFile=0x1e4) returned 0x1 [0111.743] GetFileType (hFile=0x1e4) returned 0x1 [0111.744] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc00022dd44 | out: lpFileInformation=0xc00022dd44) returned 1 [0111.744] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc00022dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022dd28) returned 1 [0111.744] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00050d980, nNumberOfBytesToRead=0x1887, lpNumberOfBytesRead=0xc00022dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesRead=0xc00022dc04*=0x1687, lpOverlapped=0x0) returned 1 [0111.749] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00050f007, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00050f007*, lpNumberOfBytesRead=0xc00022dc04*=0x0, lpOverlapped=0x0) returned 1 [0111.749] CloseHandle (hObject=0x1e4) returned 1 [0111.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\WebCore.4.19.0.ltr.light.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\webcore.4.19.0.ltr.light.min[1].css"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.751] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00022dd04 | out: lpMode=0xc00022dd04) returned 0 [0111.752] GetFileType (hFile=0x1e4) returned 0x1 [0111.752] WriteFile (in: hFile=0x1e4, lpBuffer=0xc000052000*, nNumberOfBytesToWrite=0x1690, lpNumberOfBytesWritten=0xc00022dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfBytesWritten=0xc00022dcec*=0x1690, lpOverlapped=0x0) returned 1 [0111.753] CloseHandle (hObject=0x1e4) returned 1 [0111.754] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0111.754] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0111.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\WebCore.4.19.0.ltr.light.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\webcore.4.19.0.ltr.light.min[1].css"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.755] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00022dd64 | out: lpMode=0xc00022dd64) returned 0 [0111.755] GetFileType (hFile=0x1e4) returned 0x1 [0111.756] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00022dd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.756] CloseHandle (hObject=0x1e4) returned 1 [0111.756] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\WebCore.4.19.0.ltr.light.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\webcore.4.19.0.ltr.light.min[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-WebCore.4.19.0.ltr.light.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-webcore.4.19.0.ltr.light.min[1].css"), dwFlags=0x1) returned 1 [0111.794] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.795] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0111.795] SetEvent (hEvent=0xb8) returned 1 [0111.795] SetEvent (hEvent=0x164) returned 1 [0111.795] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.801] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0111.801] SetEvent (hEvent=0x164) returned 1 [0111.801] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.804] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.818] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.832] SetEvent (hEvent=0x1a0) returned 1 [0111.832] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.837] SetEvent (hEvent=0x1a0) returned 1 [0111.837] SetEvent (hEvent=0x9c) returned 1 [0111.837] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc0006dd818*=0x2) returned 1 [0111.838] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.847] SetEvent (hEvent=0xb8) returned 1 [0111.847] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.848] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0111.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0111.850] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0111.850] GetFileType (hFile=0x1e4) returned 0x1 [0111.850] GetFileType (hFile=0x1e4) returned 0x1 [0111.850] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0111.850] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0111.850] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0111.851] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0x2bed, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc0006ddc04*=0x29ed, lpOverlapped=0x0) returned 1 [0111.856] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00011e9ed, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011e9ed*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0111.856] CloseHandle (hObject=0x1e4) returned 1 [0111.856] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0111.856] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0111.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.859] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0111.860] GetFileType (hFile=0x1e4) returned 0x1 [0111.860] WriteFile (in: hFile=0x1e4, lpBuffer=0xc000160000*, nNumberOfBytesToWrite=0x29f0, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesWritten=0xc0006ddcec*=0x29f0, lpOverlapped=0x0) returned 1 [0111.861] CloseHandle (hObject=0x1e4) returned 1 [0111.864] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0111.864] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0111.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.865] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0111.866] GetFileType (hFile=0x1e4) returned 0x1 [0111.866] WriteFile (in: hFile=0x1e4, lpBuffer=0xc000058420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000058420*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.866] CloseHandle (hObject=0x1e4) returned 1 [0111.867] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-benefits-5-mobile[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-benefits-5-mobile[1].png"), dwFlags=0x1) returned 1 [0111.914] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.915] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0111.915] SetEvent (hEvent=0xc0) returned 1 [0111.915] SetEvent (hEvent=0xb8) returned 1 [0111.916] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.917] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.917] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.918] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0111.918] SetEvent (hEvent=0x164) returned 1 [0111.918] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.926] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.948] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.958] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.972] SetEvent (hEvent=0xb8) returned 1 [0111.972] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0111.980] SetEvent (hEvent=0xb8) returned 1 [0111.980] SetEvent (hEvent=0x9c) returned 1 [0111.980] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.981] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.981] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.981] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.982] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010060*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001b9818, lpReserved=0x0 | out: lpBuffer=0xc000010060*, lpNumberOfCharsWritten=0xc0001b9818*=0x2) returned 1 [0111.991] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.005] SetEvent (hEvent=0x164) returned 1 [0112.005] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.007] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0112.008] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00010fcf4 | out: lpMode=0xc00010fcf4) returned 0 [0112.008] GetFileType (hFile=0x1e4) returned 0x1 [0112.008] GetFileType (hFile=0x1e4) returned 0x1 [0112.008] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc00010fd44 | out: lpFileInformation=0xc00010fd44) returned 1 [0112.008] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc00010fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010fd28) returned 1 [0112.009] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0112.010] ReadFile (in: hFile=0x1e4, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x8178, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc00010fc04*=0x7f78, lpOverlapped=0x0) returned 1 [0112.017] ReadFile (in: hFile=0x1e4, lpBuffer=0xc000237f78, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000237f78*, lpNumberOfBytesRead=0xc00010fc04*=0x0, lpOverlapped=0x0) returned 1 [0112.017] CloseHandle (hObject=0x1e4) returned 1 [0112.017] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0112.018] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0112.019] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0112.021] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00010fd04 | out: lpMode=0xc00010fd04) returned 0 [0112.022] GetFileType (hFile=0x1e4) returned 0x1 [0112.022] WriteFile (in: hFile=0x1e4, lpBuffer=0xc000160000*, nNumberOfBytesToWrite=0x7f80, lpNumberOfBytesWritten=0xc00010fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesWritten=0xc00010fcec*=0x7f80, lpOverlapped=0x0) returned 1 [0112.025] CloseHandle (hObject=0x1e4) returned 1 [0112.026] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0112.026] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0112.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0112.027] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00010fd64 | out: lpMode=0xc00010fd64) returned 0 [0112.027] GetFileType (hFile=0x180) returned 0x1 [0112.028] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00010fd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.028] CloseHandle (hObject=0x180) returned 1 [0112.030] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-fallback_728x90[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-fallback_728x90[1].jpg"), dwFlags=0x1) returned 1 [0112.070] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0112.070] SetEvent (hEvent=0xb8) returned 1 [0112.070] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0112.072] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.073] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.077] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0112.078] SetEvent (hEvent=0x164) returned 1 [0112.078] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.081] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.120] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.130] SetEvent (hEvent=0xfc) returned 1 [0112.130] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.136] SetEvent (hEvent=0xfc) returned 1 [0112.136] SetEvent (hEvent=0x9c) returned 1 [0112.137] VirtualFree (lpAddress=0xc000160000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.137] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.137] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.138] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.138] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.138] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00027f818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc00027f818*=0x2) returned 1 [0112.139] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.150] SetEvent (hEvent=0xb8) returned 1 [0112.150] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.151] SetEvent (hEvent=0xb8) returned 1 [0112.151] SetEvent (hEvent=0x9c) returned 1 [0112.151] VirtualFree (lpAddress=0xc00025a000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0112.152] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0112.152] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.152] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.153] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.153] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00019f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc00019f818*=0x2) returned 1 [0112.157] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.174] SetEvent (hEvent=0x164) returned 1 [0112.174] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.176] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\only[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0112.177] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00019fcf4 | out: lpMode=0xc00019fcf4) returned 0 [0112.178] GetFileType (hFile=0x1dc) returned 0x1 [0112.178] GetFileType (hFile=0x1dc) returned 0x1 [0112.178] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc00019fd44 | out: lpFileInformation=0xc00019fd44) returned 1 [0112.178] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc00019fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00019fd28) returned 1 [0112.178] ReadFile (in: hFile=0x1dc, lpBuffer=0xc00007c000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00019fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesRead=0xc00019fc04*=0x0, lpOverlapped=0x0) returned 1 [0112.178] CloseHandle (hObject=0x1dc) returned 1 [0112.178] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\only[1].htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0112.180] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00019fd04 | out: lpMode=0xc00019fd04) returned 0 [0112.180] GetFileType (hFile=0x1dc) returned 0x1 [0112.180] WriteFile (in: hFile=0x1dc, lpBuffer=0xc000586190*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc00019fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000586190*, lpNumberOfBytesWritten=0xc00019fcec*=0x10, lpOverlapped=0x0) returned 1 [0112.182] CloseHandle (hObject=0x1dc) returned 1 [0112.182] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0112.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\only[1].htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0112.182] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00019fd64 | out: lpMode=0xc00019fd64) returned 0 [0112.182] GetFileType (hFile=0x1dc) returned 0x1 [0112.183] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00019fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00019fd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.183] CloseHandle (hObject=0x1dc) returned 1 [0112.183] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\only[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-only[1].htm"), dwFlags=0x1) returned 1 [0112.223] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.224] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.224] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0112.224] SetEvent (hEvent=0xc0) returned 1 [0112.224] SetEvent (hEvent=0x164) returned 1 [0112.224] SetEvent (hEvent=0x1a0) returned 1 [0112.225] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.226] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.226] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0112.227] SetEvent (hEvent=0x1a0) returned 1 [0112.227] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.235] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.272] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.379] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0112.380] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0112.380] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0112.380] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0112.381] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0004dbcf4 | out: lpMode=0xc0004dbcf4) returned 0 [0112.384] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.416] GetFileType (hFile=0x1bc) returned 0x1 [0112.416] GetFileType (hFile=0x1bc) returned 0x1 [0112.416] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0004dbd44 | out: lpFileInformation=0xc0004dbd44) returned 1 [0112.416] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0004dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dbd28) returned 1 [0112.416] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000124480, nNumberOfBytesToRead=0x41b, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000124480*, lpNumberOfBytesRead=0xc0004dbc04*=0x21b, lpOverlapped=0x0) returned 1 [0112.420] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00012469b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00012469b*, lpNumberOfBytesRead=0xc0004dbc04*=0x0, lpOverlapped=0x0) returned 1 [0112.420] CloseHandle (hObject=0x1bc) returned 1 [0112.420] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0112.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0112.431] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.440] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0004dbd04 | out: lpMode=0xc0004dbd04) returned 0 [0112.440] GetFileType (hFile=0xec) returned 0x1 [0112.440] WriteFile (in: hFile=0xec, lpBuffer=0xc000164000*, nNumberOfBytesToWrite=0x220, lpNumberOfBytesWritten=0xc0004dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000164000*, lpNumberOfBytesWritten=0xc0004dbcec*=0x220, lpOverlapped=0x0) returned 1 [0112.442] CloseHandle (hObject=0xec) returned 1 [0112.442] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082c01 | out: pbBuffer=0xc000082c01) returned 1 [0112.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0112.443] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0004dbd64 | out: lpMode=0xc0004dbd64) returned 0 [0112.445] GetFileType (hFile=0xec) returned 0x1 [0112.445] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0004dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.446] CloseHandle (hObject=0xec) returned 1 [0112.476] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.482] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-AA6KizP[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-aa6kizp[2].png"), dwFlags=0x1) returned 1 [0112.563] SetEvent (hEvent=0x1a0) returned 1 [0112.563] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0112.565] SetEvent (hEvent=0x9c) returned 1 [0112.565] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0113.028] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0113.034] SetEvent (hEvent=0x1a0) returned 1 [0113.035] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0113.036] SetEvent (hEvent=0x1a0) returned 1 [0113.036] SetEvent (hEvent=0xf4) returned 1 [0113.036] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.037] VirtualFree (lpAddress=0xc0003fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.037] VirtualFree (lpAddress=0xc0003f6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.037] VirtualFree (lpAddress=0xc0003ea000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0113.038] VirtualFree (lpAddress=0xc0003dc000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0113.038] VirtualFree (lpAddress=0xc00037a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.038] VirtualFree (lpAddress=0xc00036c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.039] VirtualFree (lpAddress=0xc000160000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0113.039] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.040] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.040] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.040] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.040] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.041] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.041] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.041] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.041] VirtualFree (lpAddress=0xc000072000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0113.042] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.043] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.043] VirtualFree (lpAddress=0xc00004c000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0113.044] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.044] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.044] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00011b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc00011b818*=0x2) returned 1 [0113.045] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0113.054] SetEvent (hEvent=0x108) returned 1 [0113.054] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0113.055] SetEvent (hEvent=0x108) returned 1 [0113.055] SetEvent (hEvent=0xf4) returned 1 [0113.055] VirtualFree (lpAddress=0xc0003f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.055] VirtualFree (lpAddress=0xc0003e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.056] VirtualFree (lpAddress=0xc000372000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.056] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.056] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.057] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0028*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc0000a0028*, lpNumberOfCharsWritten=0xc000117818*=0x2) returned 1 [0113.059] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0113.074] SetEvent (hEvent=0x15c) returned 1 [0113.074] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0113.079] SetEvent (hEvent=0x15c) returned 1 [0113.079] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0113.081] SetEvent (hEvent=0x15c) returned 1 [0113.081] SetEvent (hEvent=0xb8) returned 1 [0113.081] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0114.120] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0114.120] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0114.121] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0114.121] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0000f9cf4 | out: lpMode=0xc0000f9cf4) returned 0 [0114.128] GetFileType (hFile=0x1e4) returned 0x1 [0114.128] GetFileType (hFile=0x1e4) returned 0x1 [0114.129] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc0000f9d44 | out: lpFileInformation=0xc0000f9d44) returned 1 [0114.129] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc0000f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f9d28) returned 1 [0114.129] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0114.130] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0114.130] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00013a000, nNumberOfBytesToRead=0x3dc, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesRead=0xc0000f9c04*=0x1dc, lpOverlapped=0x0) returned 1 [0114.138] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0114.210] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00013a1dc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013a1dc*, lpNumberOfBytesRead=0xc0000f9c04*=0x0, lpOverlapped=0x0) returned 1 [0114.210] CloseHandle (hObject=0x1e4) returned 1 [0114.210] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0114.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0114.236] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0000f9d04 | out: lpMode=0xc0000f9d04) returned 0 [0114.238] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0114.285] GetFileType (hFile=0x144) returned 0x1 [0114.285] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d8000*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0xc0000f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesWritten=0xc0000f9cec*=0x1e0, lpOverlapped=0x0) returned 1 [0114.286] CloseHandle (hObject=0x144) returned 1 [0114.289] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00026a401 | out: pbBuffer=0xc00026a401) returned 1 [0114.289] VirtualAlloc (lpAddress=0xc00030c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030c000 [0114.290] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0114.290] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0000f9d64 | out: lpMode=0xc0000f9d64) returned 0 [0114.291] GetFileType (hFile=0x1b0) returned 0x1 [0114.291] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0002686e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002686e0*, lpNumberOfBytesWritten=0xc0000f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.293] CloseHandle (hObject=0x1b0) returned 1 [0114.294] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBghfVy[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbghfvy[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBghfVy[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbghfvy[1].png"), dwFlags=0x1) returned 1 [0114.504] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0114.505] SetEvent (hEvent=0x1dc) returned 1 [0114.505] SetEvent (hEvent=0x164) returned 1 [0114.505] VirtualFree (lpAddress=0xc0002cc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.505] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586208*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006df818, lpReserved=0x0 | out: lpBuffer=0xc000586208*, lpNumberOfCharsWritten=0xc0006df818*=0x3) returned 1 [0114.506] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0114.510] SetEvent (hEvent=0x1dc) returned 1 [0114.510] SwitchToThread () returned 1 [0114.510] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0115.653] SetEvent (hEvent=0x9c) returned 1 [0115.653] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0115.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0115.659] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0002a1cf4 | out: lpMode=0xc0002a1cf4) returned 0 [0115.663] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0115.707] GetFileType (hFile=0x144) returned 0x1 [0115.707] GetFileType (hFile=0x144) returned 0x1 [0115.707] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0002a1d44 | out: lpFileInformation=0xc0002a1d44) returned 1 [0115.707] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0002a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a1d28) returned 1 [0115.707] ReadFile (in: hFile=0x144, lpBuffer=0xc00027f800, nNumberOfBytesToRead=0x360b, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00027f800*, lpNumberOfBytesRead=0xc0002a1c04*=0x340b, lpOverlapped=0x0) returned 1 [0115.715] ReadFile (in: hFile=0x144, lpBuffer=0xc000282c0b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000282c0b*, lpNumberOfBytesRead=0xc0002a1c04*=0x0, lpOverlapped=0x0) returned 1 [0115.715] CloseHandle (hObject=0x144) returned 1 [0115.715] VirtualAlloc (lpAddress=0xc00030a000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030a000 [0115.716] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0115.814] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0115.952] GetConsoleMode (in: hConsoleHandle=0x260, lpMode=0xc0002a1d04 | out: lpMode=0xc0002a1d04) returned 0 [0115.952] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0115.960] GetFileType (hFile=0x260) returned 0x1 [0115.961] WriteFile (in: hFile=0x260, lpBuffer=0xc00030a000*, nNumberOfBytesToWrite=0x3410, lpNumberOfBytesWritten=0xc0002a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00030a000*, lpNumberOfBytesWritten=0xc0002a1cec*=0x3410, lpOverlapped=0x0) returned 1 [0115.962] CloseHandle (hObject=0x260) returned 1 [0115.965] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2201 | out: pbBuffer=0xc0001c2201) returned 1 [0115.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0115.966] GetConsoleMode (in: hConsoleHandle=0x280, lpMode=0xc0002a1d64 | out: lpMode=0xc0002a1d64) returned 0 [0115.967] GetFileType (hFile=0x280) returned 0x1 [0115.967] WriteFile (in: hFile=0x280, lpBuffer=0xc0001822c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001822c0*, lpNumberOfBytesWritten=0xc0002a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0115.968] CloseHandle (hObject=0x280) returned 1 [0115.982] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0116.031] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAicW5W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaicw5w[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-AAicW5W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-aaicw5w[1].jpg"), dwFlags=0x1) returned 1 [0116.612] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0116.613] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0020*, lpNumberOfCharsWritten=0xc0006e1818*=0x3) returned 1 [0116.618] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0116.620] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0116.623] SetEvent (hEvent=0xec) returned 1 [0116.623] SetEvent (hEvent=0x144) returned 1 [0116.623] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.623] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.623] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.624] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002a1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0040*, lpNumberOfCharsWritten=0xc0002a1818*=0x3) returned 1 [0116.624] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0116.626] SetEvent (hEvent=0xec) returned 1 [0116.626] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0116.630] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0116.632] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0116.634] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0116.637] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0116.641] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0116.643] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0116.644] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0117.440] SetEvent (hEvent=0x2b0) returned 1 [0117.440] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0117.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3bc [0117.450] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc000211cf4 | out: lpMode=0xc000211cf4) returned 0 [0117.451] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0117.621] GetFileType (hFile=0x3bc) returned 0x1 [0117.621] GetFileType (hFile=0x3bc) returned 0x1 [0117.621] GetFileInformationByHandle (in: hFile=0x3bc, lpFileInformation=0xc000211d44 | out: lpFileInformation=0xc000211d44) returned 1 [0117.621] GetFileInformationByHandleEx (in: hFile=0x3bc, FileInformationClass=0x9, lpFileInformation=0xc000211d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000211d28) returned 1 [0117.621] ReadFile (in: hFile=0x3bc, lpBuffer=0xc000244500, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc000244500*, lpNumberOfBytesRead=0xc000211c04*=0x43, lpOverlapped=0x0) returned 1 [0117.623] ReadFile (in: hFile=0x3bc, lpBuffer=0xc000244543, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc000244543*, lpNumberOfBytesRead=0xc000211c04*=0x0, lpOverlapped=0x0) returned 1 [0117.623] CloseHandle (hObject=0x3bc) returned 1 [0117.623] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0117.940] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0117.942] SetEvent (hEvent=0xc0) returned 1 [0117.942] SetEvent (hEvent=0x144) returned 1 [0117.942] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini\\*", lpFindFileData=0xc000211a08 | out: lpFindFileData=0xc000211a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0117.943] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0117.953] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000211720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0117.953] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0117.954] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-cb=gapi[1].loaded_0"), dwFlags=0x1) returned 1 [0118.563] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.564] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010118*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc000010118*, lpNumberOfCharsWritten=0xc0006dd818*=0x3) returned 1 [0118.568] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010150*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a5818, lpReserved=0x0 | out: lpBuffer=0xc000010150*, lpNumberOfCharsWritten=0xc0001a5818*=0x3) returned 1 [0118.569] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.569] SetEvent (hEvent=0x274) returned 1 [0118.569] SetEvent (hEvent=0x144) returned 1 [0118.570] VirtualFree (lpAddress=0xc00053c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.570] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.570] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072028*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018f818, lpReserved=0x0 | out: lpBuffer=0xc000072028*, lpNumberOfCharsWritten=0xc00018f818*=0x3) returned 1 [0118.572] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.574] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000720c8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000171818, lpReserved=0x0 | out: lpBuffer=0xc0000720c8*, lpNumberOfCharsWritten=0xc000171818*=0x3) returned 1 [0118.580] SetEvent (hEvent=0x3c8) returned 1 [0118.580] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0118.580] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000720f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001bd818, lpReserved=0x0 | out: lpBuffer=0xc0000720f0*, lpNumberOfCharsWritten=0xc0001bd818*=0x3) returned 1 [0118.581] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.585] SetEvent (hEvent=0x274) returned 1 [0118.585] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.587] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000720e0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000173818, lpReserved=0x0 | out: lpBuffer=0xc0000720e0*, lpNumberOfCharsWritten=0xc000173818*=0x3) returned 1 [0118.587] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000720e6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018b818, lpReserved=0x0 | out: lpBuffer=0xc0000720e6*, lpNumberOfCharsWritten=0xc00018b818*=0x3) returned 1 [0118.588] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010170*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000139818, lpReserved=0x0 | out: lpBuffer=0xc000010170*, lpNumberOfCharsWritten=0xc000139818*=0x3) returned 1 [0118.591] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010140*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001bb818, lpReserved=0x0 | out: lpBuffer=0xc000010140*, lpNumberOfCharsWritten=0xc0001bb818*=0x3) returned 1 [0118.596] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010150*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc000010150*, lpNumberOfCharsWritten=0xc00024d818*=0x3) returned 1 [0118.597] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.603] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00016f818, lpReserved=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfCharsWritten=0xc00016f818*=0x3) returned 1 [0118.606] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.622] SetEvent (hEvent=0x274) returned 1 [0118.622] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.624] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000113818, lpReserved=0x0 | out: lpBuffer=0xc0000a0020*, lpNumberOfCharsWritten=0xc000113818*=0x3) returned 1 [0118.625] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.630] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0026*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000211818, lpReserved=0x0 | out: lpBuffer=0xc0000a0026*, lpNumberOfCharsWritten=0xc000211818*=0x3) returned 1 [0118.633] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0118.634] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc0000a0030*, lpNumberOfCharsWritten=0xc000247818*=0x3) returned 1 [0118.635] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.646] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc00023f818*=0x3) returned 1 [0118.648] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.656] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0118.656] SetEvent (hEvent=0x3c8) returned 1 [0118.656] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.658] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001c9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0020*, lpNumberOfCharsWritten=0xc0001c9818*=0x3) returned 1 [0118.663] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.666] SetEvent (hEvent=0x274) returned 1 [0118.666] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b9818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc0001b9818*=0x3) returned 1 [0118.667] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.675] SetEvent (hEvent=0x24c) returned 1 [0118.675] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000173818, lpReserved=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfCharsWritten=0xc000173818*=0x2) returned 1 [0118.689] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0118.689] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072004*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001bd818, lpReserved=0x0 | out: lpBuffer=0xc000072004*, lpNumberOfCharsWritten=0xc0001bd818*=0x2) returned 1 [0118.696] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0118.696] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0118.697] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0118.697] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0118.698] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0118.698] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3dc [0118.699] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00023dcf4 | out: lpMode=0xc00023dcf4) returned 0 [0118.710] GetFileType (hFile=0x3dc) returned 0x1 [0118.710] GetFileType (hFile=0x3dc) returned 0x1 [0118.710] GetFileInformationByHandle (in: hFile=0x3dc, lpFileInformation=0xc00023dd44 | out: lpFileInformation=0xc00023dd44) returned 1 [0118.710] GetFileInformationByHandleEx (in: hFile=0x3dc, FileInformationClass=0x9, lpFileInformation=0xc00023dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023dd28) returned 1 [0118.710] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0118.710] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0118.711] ReadFile (in: hFile=0x3dc, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x3d0, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc00023dc04*=0x1d0, lpOverlapped=0x0) returned 1 [0118.719] ReadFile (in: hFile=0x3dc, lpBuffer=0xc0000941d0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000941d0*, lpNumberOfBytesRead=0xc00023dc04*=0x0, lpOverlapped=0x0) returned 1 [0118.719] CloseHandle (hObject=0x3dc) returned 1 [0118.719] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0118.720] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0118.720] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0118.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0118.721] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00023dd04 | out: lpMode=0xc00023dd04) returned 0 [0118.731] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.848] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.849] SetEvent (hEvent=0x274) returned 1 [0118.849] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.857] SetEvent (hEvent=0x28c) returned 1 [0118.857] SetEvent (hEvent=0x324) returned 1 [0118.857] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.868] SetEvent (hEvent=0x28c) returned 1 [0118.868] SetEvent (hEvent=0x120) returned 1 [0118.869] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.884] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0118.885] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc00023fcf4 | out: lpMode=0xc00023fcf4) returned 0 [0118.886] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0118.989] GetFileType (hFile=0x3cc) returned 0x1 [0118.989] GetFileType (hFile=0x3cc) returned 0x1 [0118.989] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc00023fd44 | out: lpFileInformation=0xc00023fd44) returned 1 [0118.989] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc00023fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023fd28) returned 1 [0118.990] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0xa9a, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc00023fc04*=0x89a, lpOverlapped=0x0) returned 1 [0118.992] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0000fa89a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa89a*, lpNumberOfBytesRead=0xc00023fc04*=0x0, lpOverlapped=0x0) returned 1 [0118.992] CloseHandle (hObject=0x3cc) returned 1 [0118.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0119.013] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00023fd04 | out: lpMode=0xc00023fd04) returned 0 [0119.015] GetFileType (hFile=0x3dc) returned 0x1 [0119.015] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0002fc900*, nNumberOfBytesToWrite=0x8a0, lpNumberOfBytesWritten=0xc00023fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002fc900*, lpNumberOfBytesWritten=0xc00023fcec*=0x8a0, lpOverlapped=0x0) returned 1 [0119.016] CloseHandle (hObject=0x3dc) returned 1 [0119.018] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a401 | out: pbBuffer=0xc00031a401) returned 1 [0119.018] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0119.019] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0119.019] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0119.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0119.020] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc00023fd64 | out: lpMode=0xc00023fd64) returned 0 [0119.022] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0119.114] GetFileType (hFile=0x2d4) returned 0x1 [0119.114] WriteFile (in: hFile=0x2d4, lpBuffer=0xc0000bcc60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000bcc60*, lpNumberOfBytesWritten=0xc00023fd4c*=0x158, lpOverlapped=0x0) returned 1 [0119.114] CloseHandle (hObject=0x2d4) returned 1 [0119.116] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0119.158] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbc03b1[1].jpg"), dwFlags=0x1) returned 1 [0119.679] SetEvent (hEvent=0x144) returned 1 [0119.679] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0120.607] SetEvent (hEvent=0x12c) returned 1 [0120.607] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0120.615] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3dc [0120.616] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc0001d5cf4 | out: lpMode=0xc0001d5cf4) returned 0 [0120.617] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0120.650] GetFileType (hFile=0x3dc) returned 0x1 [0120.650] GetFileType (hFile=0x3dc) returned 0x1 [0120.650] GetFileInformationByHandle (in: hFile=0x3dc, lpFileInformation=0xc0001d5d44 | out: lpFileInformation=0xc0001d5d44) returned 1 [0120.650] GetFileInformationByHandleEx (in: hFile=0x3dc, FileInformationClass=0x9, lpFileInformation=0xc0001d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d5d28) returned 1 [0120.650] VirtualAlloc (lpAddress=0xc000310000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000310000 [0120.651] ReadFile (in: hFile=0x3dc, lpBuffer=0xc000310000, nNumberOfBytesToRead=0x1b7c, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000310000*, lpNumberOfBytesRead=0xc0001d5c04*=0x197c, lpOverlapped=0x0) returned 1 [0120.655] ReadFile (in: hFile=0x3dc, lpBuffer=0xc00031197c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00031197c*, lpNumberOfBytesRead=0xc0001d5c04*=0x0, lpOverlapped=0x0) returned 1 [0120.655] CloseHandle (hObject=0x3dc) returned 1 [0120.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0120.696] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001d5d04 | out: lpMode=0xc0001d5d04) returned 0 [0120.697] GetFileType (hFile=0x3cc) returned 0x1 [0120.697] WriteFile (in: hFile=0x3cc, lpBuffer=0xc00050d980*, nNumberOfBytesToWrite=0x1980, lpNumberOfBytesWritten=0xc0001d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesWritten=0xc0001d5cec*=0x1980, lpOverlapped=0x0) returned 1 [0120.698] CloseHandle (hObject=0x3cc) returned 1 [0120.699] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f1a01 | out: pbBuffer=0xc0002f1a01) returned 1 [0120.699] VirtualAlloc (lpAddress=0xc000314000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000314000 [0120.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0120.700] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001d5d64 | out: lpMode=0xc0001d5d64) returned 0 [0120.701] GetFileType (hFile=0x3cc) returned 0x1 [0120.701] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0002cf340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002cf340*, lpNumberOfBytesWritten=0xc0001d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.701] CloseHandle (hObject=0x3cc) returned 1 [0120.702] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEfgDi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbefgdi[1].jpg"), dwFlags=0x1) returned 1 [0120.933] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0120.938] SetEvent (hEvent=0x3c0) returned 1 [0120.938] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.042] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.052] SetEvent (hEvent=0x114) returned 1 [0121.052] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.053] SetEvent (hEvent=0x114) returned 1 [0121.053] SetEvent (hEvent=0x354) returned 1 [0121.053] VirtualFree (lpAddress=0xc000346000, dwSize=0x50000, dwFreeType=0x4000) returned 1 [0121.056] VirtualFree (lpAddress=0xc00033c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0121.056] VirtualFree (lpAddress=0xc000336000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.057] VirtualFree (lpAddress=0xc0002ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.057] VirtualFree (lpAddress=0xc0002d0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.058] VirtualFree (lpAddress=0xc0002cc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.058] VirtualFree (lpAddress=0xc0002c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.059] VirtualFree (lpAddress=0xc0002bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.059] VirtualFree (lpAddress=0xc00029a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.059] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.060] VirtualFree (lpAddress=0xc00010c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.060] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.061] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.061] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.061] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.062] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.062] VirtualFree (lpAddress=0xc00004c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0121.063] VirtualFree (lpAddress=0xc00003e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.063] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.064] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002a1818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0002a1818*=0x2) returned 1 [0121.079] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.102] SetEvent (hEvent=0x354) returned 1 [0121.102] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0121.103] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0121.103] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0121.104] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3dc [0121.105] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc0002a1cf4 | out: lpMode=0xc0002a1cf4) returned 0 [0121.105] GetFileType (hFile=0x3dc) returned 0x1 [0121.105] GetFileType (hFile=0x3dc) returned 0x1 [0121.105] GetFileInformationByHandle (in: hFile=0x3dc, lpFileInformation=0xc0002a1d44 | out: lpFileInformation=0xc0002a1d44) returned 1 [0121.105] GetFileInformationByHandleEx (in: hFile=0x3dc, FileInformationClass=0x9, lpFileInformation=0xc0002a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a1d28) returned 1 [0121.105] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0121.106] ReadFile (in: hFile=0x3dc, lpBuffer=0xc0000e4000, nNumberOfBytesToRead=0x1503, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesRead=0xc0002a1c04*=0x1303, lpOverlapped=0x0) returned 1 [0121.126] ReadFile (in: hFile=0x3dc, lpBuffer=0xc0000e5303, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e5303*, lpNumberOfBytesRead=0xc0002a1c04*=0x0, lpOverlapped=0x0) returned 1 [0121.126] CloseHandle (hObject=0x3dc) returned 1 [0121.126] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0121.127] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0121.127] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0121.139] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.143] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0002a1d04 | out: lpMode=0xc0002a1d04) returned 0 [0121.146] GetFileType (hFile=0x1ec) returned 0x1 [0121.146] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000d1500*, nNumberOfBytesToWrite=0x1310, lpNumberOfBytesWritten=0xc0002a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesWritten=0xc0002a1cec*=0x1310, lpOverlapped=0x0) returned 1 [0121.147] CloseHandle (hObject=0x1ec) returned 1 [0121.150] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0121.150] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0121.151] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0121.151] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0121.151] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0002a1d64 | out: lpMode=0xc0002a1d64) returned 0 [0121.152] GetFileType (hFile=0x1ec) returned 0x1 [0121.152] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0002a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0121.152] CloseHandle (hObject=0x1ec) returned 1 [0121.152] MoveFileExW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]"), dwFlags=0x1) returned 1 [0121.211] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0121.211] SetEvent (hEvent=0x30c) returned 1 [0121.212] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.212] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0121.213] SetEvent (hEvent=0x30c) returned 1 [0121.213] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.221] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.221] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.257] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.272] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.281] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.294] SetEvent (hEvent=0x354) returned 1 [0121.294] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.295] SetEvent (hEvent=0x354) returned 1 [0121.295] SetEvent (hEvent=0xfc) returned 1 [0121.295] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.296] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.296] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0121.297] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.297] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.298] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.298] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.298] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.299] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.299] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.300] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010068*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00022f818, lpReserved=0x0 | out: lpBuffer=0xc000010068*, lpNumberOfCharsWritten=0xc00022f818*=0x2) returned 1 [0121.301] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.304] SetEvent (hEvent=0x30c) returned 1 [0121.304] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[2].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[2].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0121.308] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0121.308] GetFileType (hFile=0x2bc) returned 0x1 [0121.309] GetFileType (hFile=0x2bc) returned 0x1 [0121.309] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0121.309] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0121.309] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000e4000, nNumberOfBytesToRead=0x709b, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesRead=0xc000175c04*=0x6e9b, lpOverlapped=0x0) returned 1 [0121.315] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000eae9b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000eae9b*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0121.315] CloseHandle (hObject=0x2bc) returned 1 [0121.316] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0121.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[2].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[2].eot"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0121.320] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000175d04 | out: lpMode=0xc000175d04) returned 0 [0121.321] GetFileType (hFile=0x2bc) returned 0x1 [0121.321] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0001e2000*, nNumberOfBytesToWrite=0x6ea0, lpNumberOfBytesWritten=0xc000175cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesWritten=0xc000175cec*=0x6ea0, lpOverlapped=0x0) returned 1 [0121.322] CloseHandle (hObject=0x2bc) returned 1 [0121.323] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0121.324] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0121.324] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[2].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[2].eot"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.325] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0121.326] GetFileType (hFile=0x1b0) returned 0x1 [0121.326] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0121.326] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000060000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0121.327] CloseHandle (hObject=0x1b0) returned 1 [0121.329] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0121.329] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0121.330] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0121.330] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[2].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[2].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-latest[2].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-latest[2].eot"), dwFlags=0x1) returned 1 [0121.372] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0121.372] SetEvent (hEvent=0x1a0) returned 1 [0121.372] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0121.373] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.375] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.378] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0121.379] SetEvent (hEvent=0x3c0) returned 1 [0121.379] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.384] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.427] SwitchToThread () returned 1 [0121.429] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.453] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.464] SetEvent (hEvent=0x1a0) returned 1 [0121.464] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.469] SetEvent (hEvent=0x1a0) returned 1 [0121.469] SetEvent (hEvent=0xfc) returned 1 [0121.469] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.470] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.470] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0121.470] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.471] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.471] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010080*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0004df818, lpReserved=0x0 | out: lpBuffer=0xc000010080*, lpNumberOfCharsWritten=0xc0004df818*=0x2) returned 1 [0121.475] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.493] SetEvent (hEvent=0x3c0) returned 1 [0121.493] SetEvent (hEvent=0xfc) returned 1 [0121.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0121.494] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001b9cf4 | out: lpMode=0xc0001b9cf4) returned 0 [0121.495] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.500] GetFileType (hFile=0x1ec) returned 0x1 [0121.500] GetFileType (hFile=0x1ec) returned 0x1 [0121.500] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc0001b9d44 | out: lpFileInformation=0xc0001b9d44) returned 1 [0121.500] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc0001b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b9d28) returned 1 [0121.500] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0121.501] ReadFile (in: hFile=0x1ec, lpBuffer=0xc000182000, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000182000*, lpNumberOfBytesRead=0xc0001b9c04*=0x43, lpOverlapped=0x0) returned 1 [0121.502] ReadFile (in: hFile=0x1ec, lpBuffer=0xc000182043, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000182043*, lpNumberOfBytesRead=0xc0001b9c04*=0x0, lpOverlapped=0x0) returned 1 [0121.502] CloseHandle (hObject=0x1ec) returned 1 [0121.502] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.502] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini\\*", lpFindFileData=0xc0001b9a08 | out: lpFindFileData=0xc0001b9a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0121.503] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001b9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0121.503] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000078120*, nNumberOfCharsToWrite=0x8b, lpNumberOfCharsWritten=0xc0001b9808, lpReserved=0x0 | out: lpBuffer=0xc000078120*, lpNumberOfCharsWritten=0xc0001b9808*=0x8b) returned 1 [0121.535] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0121.535] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0121.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0121.536] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001b9d64 | out: lpMode=0xc0001b9d64) returned 0 [0121.565] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.653] SetEvent (hEvent=0x1b4) returned 1 [0121.653] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.716] SetEvent (hEvent=0xfc) returned 1 [0121.717] SetEvent (hEvent=0x3c0) returned 1 [0121.717] SetEvent (hEvent=0x1a0) returned 1 [0121.717] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.762] SetEvent (hEvent=0x1a0) returned 1 [0121.762] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.813] SetEvent (hEvent=0x1a0) returned 1 [0121.813] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.816] SetEvent (hEvent=0x1b4) returned 1 [0121.816] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0121.821] SetEvent (hEvent=0xfc) returned 1 [0121.821] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0122.189] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0122.189] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.190] VirtualFree (lpAddress=0xc0001b4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0122.190] VirtualFree (lpAddress=0xc000184000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.190] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.190] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.191] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0122.191] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.191] SetEvent (hEvent=0x1b4) returned 1 [0122.191] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0122.244] SetEvent (hEvent=0x354) returned 1 [0122.244] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0122.257] SetEvent (hEvent=0x3c0) returned 1 [0122.257] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0122.258] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000189cf4 | out: lpMode=0xc000189cf4) returned 0 [0122.260] GetFileType (hFile=0x240) returned 0x1 [0122.260] GetFileType (hFile=0x240) returned 0x1 [0122.260] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc000189d44 | out: lpFileInformation=0xc000189d44) returned 1 [0122.260] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc000189d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000189d28) returned 1 [0122.260] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0122.261] ReadFile (in: hFile=0x240, lpBuffer=0xc000104000, nNumberOfBytesToRead=0x2ed, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesRead=0xc000189c04*=0xed, lpOverlapped=0x0) returned 1 [0122.262] ReadFile (in: hFile=0x240, lpBuffer=0xc0001040ed, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001040ed*, lpNumberOfBytesRead=0xc000189c04*=0x0, lpOverlapped=0x0) returned 1 [0122.262] CloseHandle (hObject=0x240) returned 1 [0122.262] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0122.263] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0122.263] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0122.264] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000189d04 | out: lpMode=0xc000189d04) returned 0 [0122.267] GetFileType (hFile=0x240) returned 0x1 [0122.267] WriteFile (in: hFile=0x240, lpBuffer=0xc00011c1e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000189cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011c1e0*, lpNumberOfBytesWritten=0xc000189cec*=0xf0, lpOverlapped=0x0) returned 1 [0122.267] CloseHandle (hObject=0x240) returned 1 [0122.268] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0122.268] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0122.268] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0122.269] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0122.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0122.269] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000189d64 | out: lpMode=0xc000189d64) returned 0 [0122.272] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0122.304] SetEvent (hEvent=0xfc) returned 1 [0122.304] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0122.305] SetEvent (hEvent=0xfc) returned 1 [0122.305] SetEvent (hEvent=0x12c) returned 1 [0122.306] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0122.347] SetEvent (hEvent=0x1b4) returned 1 [0122.347] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0122.357] VirtualFree (lpAddress=0xc0001b4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0122.357] VirtualFree (lpAddress=0xc0001a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.357] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.357] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0122.358] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0122.358] SetEvent (hEvent=0x12c) returned 1 [0122.358] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0122.475] SetEvent (hEvent=0x3c0) returned 1 [0122.475] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0122.955] SetEvent (hEvent=0x39c) returned 1 [0122.955] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0122.955] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0122.956] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0122.958] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0000e4000, nNumberOfBytesToRead=0x485, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesRead=0xc000159c04*=0x285, lpOverlapped=0x0) returned 1 [0122.959] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0000e4285, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4285*, lpNumberOfBytesRead=0xc000159c04*=0x0, lpOverlapped=0x0) returned 1 [0122.959] CloseHandle (hObject=0x1ec) returned 1 [0122.959] GetFileType (hFile=0x1b0) returned 0x1 [0122.959] VirtualFree (lpAddress=0xc000218000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0122.960] SetEvent (hEvent=0x3c0) returned 1 [0122.960] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0122.965] SetEvent (hEvent=0x39c) returned 1 [0122.965] SetEvent (hEvent=0x1a0) returned 1 [0122.965] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.012] SetEvent (hEvent=0xfc) returned 1 [0123.012] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.025] SetEvent (hEvent=0x30c) returned 1 [0123.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0123.026] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00016fcf4 | out: lpMode=0xc00016fcf4) returned 0 [0123.027] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.032] GetFileType (hFile=0x36c) returned 0x1 [0123.032] GetFileType (hFile=0x36c) returned 0x1 [0123.032] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc00016fd44 | out: lpFileInformation=0xc00016fd44) returned 1 [0123.032] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc00016fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00016fd28) returned 1 [0123.032] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0123.033] ReadFile (in: hFile=0x36c, lpBuffer=0xc0001a0000, nNumberOfBytesToRead=0x29cf, lpNumberOfBytesRead=0xc00016fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a0000*, lpNumberOfBytesRead=0xc00016fc04*=0x27cf, lpOverlapped=0x0) returned 1 [0123.049] ReadFile (in: hFile=0x36c, lpBuffer=0xc0001a27cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00016fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a27cf*, lpNumberOfBytesRead=0xc00016fc04*=0x0, lpOverlapped=0x0) returned 1 [0123.050] CloseHandle (hObject=0x36c) returned 1 [0123.050] SetEvent (hEvent=0x39c) returned 1 [0123.050] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.230] SetEvent (hEvent=0x3c0) returned 1 [0123.230] SetEvent (hEvent=0x354) returned 1 [0123.230] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.268] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-handprints.jpg"), dwFlags=0x1) returned 1 [0123.282] ReadFile (in: hFile=0x2b4, lpBuffer=0xc000112000, nNumberOfBytesToRead=0x304, lpNumberOfBytesRead=0xc0001c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000112000*, lpNumberOfBytesRead=0xc0001c5c04*=0x104, lpOverlapped=0x0) returned 1 [0123.283] ReadFile (in: hFile=0x2b4, lpBuffer=0xc000112104, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000112104*, lpNumberOfBytesRead=0xc0001c5c04*=0x0, lpOverlapped=0x0) returned 1 [0123.283] CloseHandle (hObject=0x2b4) returned 1 [0123.284] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0123.285] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0123.286] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc00014fcf4 | out: lpMode=0xc00014fcf4) returned 0 [0123.291] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.300] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.301] SetEvent (hEvent=0x3c0) returned 1 [0123.301] SetEvent (hEvent=0xfc) returned 1 [0123.302] VirtualFree (lpAddress=0xc0008f0000, dwSize=0x206000, dwFreeType=0x4000) returned 1 [0123.317] VirtualFree (lpAddress=0xc000288000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.317] VirtualFree (lpAddress=0xc000236000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.318] VirtualFree (lpAddress=0xc000222000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.318] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.319] VirtualFree (lpAddress=0xc00010e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.319] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.319] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.320] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.320] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.321] VirtualAlloc (lpAddress=0xc0008ec000, dwSize=0x202000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0008ec000 [0123.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0123.377] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001d7d04 | out: lpMode=0xc0001d7d04) returned 0 [0123.378] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.381] GetFileType (hFile=0x2f0) returned 0x1 [0123.381] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0008ec000*, nNumberOfBytesToWrite=0x200010, lpNumberOfBytesWritten=0xc0001d7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0008ec000*, lpNumberOfBytesWritten=0xc0001d7cec*=0x200010, lpOverlapped=0x0) returned 1 [0123.457] CloseHandle (hObject=0x2f0) returned 1 [0123.457] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0123.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0123.458] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001d7d64 | out: lpMode=0xc0001d7d64) returned 0 [0123.458] GetFileType (hFile=0x2f0) returned 0x1 [0123.458] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0000dc2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc2c0*, lpNumberOfBytesWritten=0xc0001d7d4c*=0x158, lpOverlapped=0x0) returned 1 [0123.459] CloseHandle (hObject=0x2f0) returned 1 [0123.459] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\encry-edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\encry-edb00001.log"), dwFlags=0x1) returned 1 [0123.460] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.461] SetEvent (hEvent=0x3c0) returned 1 [0123.461] SetEvent (hEvent=0xfc) returned 1 [0123.461] VirtualFree (lpAddress=0xc000c00000, dwSize=0xf8000, dwFreeType=0x4000) returned 1 [0123.473] VirtualFree (lpAddress=0xc000af6000, dwSize=0x10a000, dwFreeType=0x4000) returned 1 [0123.480] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.480] VirtualFree (lpAddress=0xc0002bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.481] VirtualFree (lpAddress=0xc00021e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.481] VirtualFree (lpAddress=0xc000206000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.482] VirtualFree (lpAddress=0xc0001e4000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0123.482] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0123.483] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.483] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.483] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.484] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.484] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0123.485] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000157cf4 | out: lpMode=0xc000157cf4) returned 0 [0123.489] GetFileType (hFile=0x2f0) returned 0x1 [0123.489] GetFileType (hFile=0x2f0) returned 0x1 [0123.489] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc000157d44 | out: lpFileInformation=0xc000157d44) returned 1 [0123.489] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc000157d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000157d28) returned 1 [0123.489] VirtualAlloc (lpAddress=0xc000aee000, dwSize=0x202000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.489] VirtualAlloc (lpAddress=0xc000aee000, dwSize=0x202000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.489] VirtualAlloc (lpAddress=0xc000aee000, dwSize=0x101000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000aee000 [0123.492] VirtualAlloc (lpAddress=0xc000bef000, dwSize=0x101000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.493] VirtualAlloc (lpAddress=0xc000bef000, dwSize=0x80000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.493] VirtualAlloc (lpAddress=0xc000bef000, dwSize=0x40000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.493] VirtualAlloc (lpAddress=0xc000bef000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.493] VirtualAlloc (lpAddress=0xc000bef000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000bef000 [0123.493] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0xf1000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.493] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x78000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.493] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.494] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.494] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0xf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.494] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.494] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.494] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000bff000 [0123.494] VirtualAlloc (lpAddress=0xc000c00000, dwSize=0xf0000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000c00000 [0123.536] ReadFile (in: hFile=0x2f0, lpBuffer=0xc000aee000, nNumberOfBytesToRead=0x200200, lpNumberOfBytesRead=0xc000157c04, lpOverlapped=0x0 | out: lpBuffer=0xc000aee000*, lpNumberOfBytesRead=0xc000157c04*=0x200000, lpOverlapped=0x0) returned 1 [0123.596] ReadFile (in: hFile=0x2f0, lpBuffer=0xc000cee000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000157c04, lpOverlapped=0x0 | out: lpBuffer=0xc000cee000*, lpNumberOfBytesRead=0xc000157c04*=0x0, lpOverlapped=0x0) returned 1 [0123.596] CloseHandle (hObject=0x2f0) returned 1 [0123.596] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0123.597] VirtualAlloc (lpAddress=0xc000cf0000, dwSize=0x202000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000cf0000 [0123.628] SetEvent (hEvent=0x3c0) returned 1 [0123.632] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0123.644] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000157d04 | out: lpMode=0xc000157d04) returned 0 [0123.645] GetFileType (hFile=0x3d8) returned 0x1 [0123.645] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000cf0000*, nNumberOfBytesToWrite=0x200010, lpNumberOfBytesWritten=0xc000157cec, lpOverlapped=0x0 | out: lpBuffer=0xc000cf0000*, lpNumberOfBytesWritten=0xc000157cec*=0x200010, lpOverlapped=0x0) returned 1 [0123.723] CloseHandle (hObject=0x3d8) returned 1 [0123.723] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0123.724] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0123.724] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0123.725] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000157d64 | out: lpMode=0xc000157d64) returned 0 [0123.726] GetFileType (hFile=0x3d8) returned 0x1 [0123.726] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000157d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000157d4c*=0x158, lpOverlapped=0x0) returned 1 [0123.726] CloseHandle (hObject=0x3d8) returned 1 [0123.726] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\encry-edbres00001.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\encry-edbres00001.jrs"), dwFlags=0x1) returned 1 [0123.727] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.728] SetEvent (hEvent=0x3c0) returned 1 [0123.728] SetEvent (hEvent=0xfc) returned 1 [0123.728] VirtualFree (lpAddress=0xc0008ec000, dwSize=0x202000, dwFreeType=0x4000) returned 1 [0123.742] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.742] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.742] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.743] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.743] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.744] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft help"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0123.744] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help\\*", lpFindFileData=0xc00018d608 | out: lpFindFileData=0xc00018d608*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0123.744] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00018d638 | out: lpFindFileData=0xc00018d638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0123.744] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00018d638 | out: lpFindFileData=0xc00018d638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0123.744] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0123.745] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla"), fInfoLevelId=0x0, lpFileInformation=0xc00018d850 | out: lpFileInformation=0xc00018d850*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0123.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0123.745] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0123.746] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\*", lpFindFileData=0xc00018d608 | out: lpFindFileData=0xc00018d608*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0123.746] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00018d638 | out: lpFindFileData=0xc00018d638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0123.746] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00018d638 | out: lpFindFileData=0xc00018d638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Firefox", cAlternateFileName="")) returned 1 [0123.746] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00018d638 | out: lpFindFileData=0xc00018d638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="updates", cAlternateFileName="")) returned 1 [0123.746] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00018d638 | out: lpFindFileData=0xc00018d638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0123.746] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0123.746] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox"), fInfoLevelId=0x0, lpFileInformation=0xc00018d778 | out: lpFileInformation=0xc00018d778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0123.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0123.748] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\*", lpFindFileData=0xc00018d530 | out: lpFindFileData=0xc00018d530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0123.748] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00018d560 | out: lpFindFileData=0xc00018d560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0123.748] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00018d560 | out: lpFindFileData=0xc00018d560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0123.748] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00018d560 | out: lpFindFileData=0xc00018d560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0123.748] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0123.748] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0123.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles"), fInfoLevelId=0x0, lpFileInformation=0xc0002616a0 | out: lpFileInformation=0xc0002616a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0123.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0123.750] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0xc000261458 | out: lpFindFileData=0xc000261458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0123.750] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0123.750] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826e2030, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826e2030, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 1 [0123.750] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0123.750] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0123.750] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default"), fInfoLevelId=0x0, lpFileInformation=0xc0002615c8 | out: lpFileInformation=0xc0002615c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826e2030, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826e2030, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0123.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0123.753] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*", lpFindFileData=0xc000261380 | out: lpFindFileData=0xc000261380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826e2030, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826e2030, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0123.757] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.759] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0123.760] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826e2030, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826e2030, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0123.760] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0123.760] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbece2650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbecfd400, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbecfd400, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfflineCache", cAlternateFileName="OFFLIN~1")) returned 1 [0123.760] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="safebrowsing", cAlternateFileName="SAFEBR~2")) returned 1 [0123.760] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x807f0230, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="startupCache", cAlternateFileName="STARTU~1")) returned 1 [0123.760] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb653ec30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="thumbnails", cAlternateFileName="THUMBN~1")) returned 1 [0123.760] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853a9e10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1, dwReserved0=0x0, dwReserved1=0x0, cFileName="_CACHE_CLEAN_", cAlternateFileName="_CACHE~1")) returned 1 [0123.761] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0123.761] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0123.762] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache"), fInfoLevelId=0x0, lpFileInformation=0xc0002614f0 | out: lpFileInformation=0xc0002614f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0123.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0123.765] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\*", lpFindFileData=0xc0002612a8 | out: lpFindFileData=0xc0002612a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0123.799] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="6", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="7", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="9", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="A", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="B", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="C", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="D", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="E", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="F", cAlternateFileName="")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x851226b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x0, dwReserved1=0x0, cFileName="_CACHE_001_", cAlternateFileName="_CACHE~2")) returned 1 [0123.802] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x851e0d90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x0, dwReserved1=0x0, cFileName="_CACHE_002_", cAlternateFileName="_CACHE~3")) returned 1 [0123.803] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x8529f470, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x400000, dwReserved0=0x0, dwReserved1=0x0, cFileName="_CACHE_003_", cAlternateFileName="_CACHE~4")) returned 1 [0123.803] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x8535db50, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2114, dwReserved0=0x0, dwReserved1=0x0, cFileName="_CACHE_MAP_", cAlternateFileName="_CACHE~1")) returned 1 [0123.803] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0123.803] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0123.804] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0123.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0123.807] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\*", lpFindFileData=0xc0002611d0 | out: lpFindFileData=0xc0002611d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0123.807] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0123.807] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8c39470, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="98", cAlternateFileName="")) returned 1 [0123.807] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="A8", cAlternateFileName="")) returned 1 [0123.807] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0123.807] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0123.808] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0123.808] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98"), fInfoLevelId=0x0, lpFileInformation=0xc000261340 | out: lpFileInformation=0xc000261340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8c39470, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0123.809] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0123.809] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\*", lpFindFileData=0xc0002610f8 | out: lpFindFileData=0xc0002610f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8c39470, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0123.809] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8c39470, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0123.809] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8cd19f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xb67e, dwReserved0=0x0, dwReserved1=0x0, cFileName="B60F3d01", cAlternateFileName="")) returned 1 [0123.809] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0123.809] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0123.809] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0123.810] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01"), fInfoLevelId=0x0, lpFileInformation=0xc000261268 | out: lpFileInformation=0xc000261268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb8c39470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8c39470, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8cd19f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xb67e)) returned 1 [0123.810] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8"), fInfoLevelId=0x0, lpFileInformation=0xc000261340 | out: lpFileInformation=0xc000261340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0123.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0123.814] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\*", lpFindFileData=0xc0002610f8 | out: lpFindFileData=0xc0002610f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0123.814] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0123.814] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4898, dwReserved0=0x0, dwReserved1=0x0, cFileName="C3B7Bd01", cAlternateFileName="")) returned 1 [0123.814] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0123.814] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0123.814] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01"), fInfoLevelId=0x0, lpFileInformation=0xc000261268 | out: lpFileInformation=0xc000261268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81eff750, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81eff750, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81eff750, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4898)) returned 1 [0123.820] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0123.820] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0123.820] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\*", lpFindFileData=0xc0002611d0 | out: lpFindFileData=0xc0002611d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0123.820] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0123.821] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0B", cAlternateFileName="")) returned 1 [0123.821] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="C2", cAlternateFileName="")) returned 1 [0123.821] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d7ec50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="F6", cAlternateFileName="")) returned 1 [0123.821] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0123.821] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0123.821] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b"), fInfoLevelId=0x0, lpFileInformation=0xc000261340 | out: lpFileInformation=0xc000261340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0123.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0123.821] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\*", lpFindFileData=0xc0002610f8 | out: lpFindFileData=0xc0002610f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0123.821] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0123.822] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x204fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="FCBF5d01", cAlternateFileName="")) returned 1 [0123.822] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0123.822] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0123.822] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01"), fInfoLevelId=0x0, lpFileInformation=0xc000261268 | out: lpFileInformation=0xc000261268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7680bb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7680bb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7680bb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x204fd)) returned 1 [0123.829] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2"), fInfoLevelId=0x0, lpFileInformation=0xc000261340 | out: lpFileInformation=0xc000261340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0123.840] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.857] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0123.857] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0123.858] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0123.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0123.859] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.870] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0123.871] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0123.871] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\*", lpFindFileData=0xc0002610f8 | out: lpFindFileData=0xc0002610f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0123.871] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0123.872] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8272e2f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xaa05, dwReserved0=0x0, dwReserved1=0x0, cFileName="0B619d01", cAlternateFileName="")) returned 1 [0123.872] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0123.872] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0123.872] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01"), fInfoLevelId=0x0, lpFileInformation=0xc000261268 | out: lpFileInformation=0xc000261268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x826bbed0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8272e2f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xaa05)) returned 1 [0123.872] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6"), fInfoLevelId=0x0, lpFileInformation=0xc000261340 | out: lpFileInformation=0xc000261340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d7ec50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0123.872] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0123.873] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\*", lpFindFileData=0xc0002610f8 | out: lpFindFileData=0xc0002610f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d7ec50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0123.873] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d7ec50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0123.873] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="CBD4Dd01", cAlternateFileName="")) returned 1 [0123.873] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0123.873] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0123.873] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01"), fInfoLevelId=0x0, lpFileInformation=0xc000261268 | out: lpFileInformation=0xc000261268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa60b)) returned 1 [0123.873] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\2"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0123.876] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.894] SetEvent (hEvent=0x114) returned 1 [0123.895] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\2"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0123.895] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.915] SwitchToThread () returned 1 [0123.921] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.990] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0123.994] SetEvent (hEvent=0x114) returned 1 [0123.994] SwitchToThread () returned 1 [0124.007] SetEvent (hEvent=0x1a0) returned 1 [0124.007] SetEvent (hEvent=0x114) returned 1 [0124.007] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0124.086] SetEvent (hEvent=0x114) returned 1 [0124.086] SetEvent (hEvent=0x1a0) returned 1 [0124.086] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0124.430] SetEvent (hEvent=0x114) returned 1 [0124.430] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0124.526] SetEvent (hEvent=0x324) returned 1 [0124.526] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0126.636] SetEvent (hEvent=0x1b4) returned 1 [0126.636] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0126.656] SetEvent (hEvent=0x324) returned 1 [0126.656] SetEvent (hEvent=0xfc) returned 1 [0126.656] SetEvent (hEvent=0x1b4) returned 1 [0126.656] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0126.715] SetEvent (hEvent=0x1b4) returned 1 [0126.715] SetEvent (hEvent=0x114) returned 1 [0126.715] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0126.720] SetEvent (hEvent=0x324) returned 1 [0126.720] SetEvent (hEvent=0x1b4) returned 1 [0126.720] VirtualFree (lpAddress=0xc000212000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0126.721] VirtualFree (lpAddress=0xc00010c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0126.721] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.722] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.722] VirtualFree (lpAddress=0xc000076000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0126.723] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.723] VirtualFree (lpAddress=0xc00005a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0126.723] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.724] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.724] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.724] SetEvent (hEvent=0x114) returned 1 [0126.724] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0126.906] SetEvent (hEvent=0x354) returned 1 [0126.906] SetEvent (hEvent=0x324) returned 1 [0126.906] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.036] SetEvent (hEvent=0x3c8) returned 1 [0127.037] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.046] SetEvent (hEvent=0xfc) returned 1 [0127.046] SetEvent (hEvent=0x3c8) returned 1 [0127.046] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.073] SetEvent (hEvent=0x354) returned 1 [0127.073] SetEvent (hEvent=0x324) returned 1 [0127.073] SetEvent (hEvent=0x3c8) returned 1 [0127.073] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.081] SetEvent (hEvent=0x354) returned 1 [0127.081] SetEvent (hEvent=0xfc) returned 1 [0127.081] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.100] SetEvent (hEvent=0x354) returned 1 [0127.100] SetEvent (hEvent=0xfc) returned 1 [0127.100] SetEvent (hEvent=0x39c) returned 1 [0127.100] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.109] SetEvent (hEvent=0x354) returned 1 [0127.109] SetEvent (hEvent=0xec) returned 1 [0127.109] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.112] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0127.113] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0127.115] GetFileType (hFile=0x2bc) returned 0x1 [0127.115] GetFileType (hFile=0x2bc) returned 0x1 [0127.115] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0127.115] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0127.115] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000216800, nNumberOfBytesToRead=0x42b0, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000216800*, lpNumberOfBytesRead=0xc0006ddc04*=0x40b0, lpOverlapped=0x0) returned 1 [0127.138] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00021a8b0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021a8b0*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0127.138] CloseHandle (hObject=0x2bc) returned 1 [0127.138] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0127.140] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0127.141] VirtualAlloc (lpAddress=0xc000308000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000308000 [0127.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0127.147] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0127.236] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.409] GetFileType (hFile=0x2bc) returned 0x1 [0127.409] WriteFile (in: hFile=0x2bc, lpBuffer=0xc000308000*, nNumberOfBytesToWrite=0x40c0, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc000308000*, lpNumberOfBytesWritten=0xc0006ddcec*=0x40c0, lpOverlapped=0x0) returned 1 [0127.410] CloseHandle (hObject=0x2bc) returned 1 [0127.410] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0c01 | out: pbBuffer=0xc0002f0c01) returned 1 [0127.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0127.411] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0127.414] GetFileType (hFile=0x2bc) returned 0x1 [0127.414] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0127.415] WriteFile (in: hFile=0x2bc, lpBuffer=0xc000072000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0127.415] CloseHandle (hObject=0x2bc) returned 1 [0127.415] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0127.416] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0127.416] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0127.417] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\encry-ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\encry-ba182bcd131f1f3c6b6fbbb1ba078341.png"), dwFlags=0x1) returned 1 [0127.419] SetEvent (hEvent=0x39c) returned 1 [0127.419] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.478] SetEvent (hEvent=0x324) returned 1 [0127.478] SetEvent (hEvent=0x354) returned 1 [0127.478] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.481] SetEvent (hEvent=0xfc) returned 1 [0127.481] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.531] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.533] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.533] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.534] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.534] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.535] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0127.535] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0127.536] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0127.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0127.537] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc00015bcf4 | out: lpMode=0xc00015bcf4) returned 0 [0127.545] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.575] GetFileType (hFile=0x3cc) returned 0x1 [0127.575] GetFileType (hFile=0x3cc) returned 0x1 [0127.576] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc00015bd44 | out: lpFileInformation=0xc00015bd44) returned 1 [0127.576] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc00015bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015bd28) returned 1 [0127.576] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0127.579] ReadFile (in: hFile=0x3cc, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x4200, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc00015bc04*=0x4000, lpOverlapped=0x0) returned 1 [0127.609] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.663] SetEvent (hEvent=0xc0) returned 1 [0127.663] SetEvent (hEvent=0x1a0) returned 1 [0127.663] ReadFile (in: hFile=0x3cc, lpBuffer=0xc000216000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000216000*, lpNumberOfBytesRead=0xc00015bc04*=0x0, lpOverlapped=0x0) returned 1 [0127.663] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.672] SetEvent (hEvent=0x1b4) returned 1 [0127.672] CloseHandle (hObject=0x3cc) returned 1 [0127.672] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.693] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat\\*", lpFindFileData=0xc00015ba08 | out: lpFindFileData=0xc00015ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0127.693] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00015b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0127.693] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.694] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.694] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.695] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.695] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.696] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.696] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.696] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.697] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.697] SetEvent (hEvent=0x3c8) returned 1 [0127.697] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.705] SetEvent (hEvent=0x114) returned 1 [0127.705] SetEvent (hEvent=0x1b4) returned 1 [0127.705] SetEvent (hEvent=0x3c8) returned 1 [0127.705] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.711] SetEvent (hEvent=0x114) returned 1 [0127.711] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.720] SetEvent (hEvent=0x114) returned 1 [0127.720] SetEvent (hEvent=0x1a0) returned 1 [0127.721] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0127.721] VirtualFree (lpAddress=0xc000212000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0127.722] VirtualFree (lpAddress=0xc0001e2000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0127.760] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.761] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.761] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.761] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.762] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.762] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.762] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.762] VirtualFree (lpAddress=0xc00005a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.763] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.763] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0127.764] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0127.764] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0127.765] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc00020dcf4 | out: lpMode=0xc00020dcf4) returned 0 [0127.767] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0127.775] GetFileType (hFile=0x3cc) returned 0x1 [0127.775] GetFileType (hFile=0x3cc) returned 0x1 [0127.775] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc00020dd44 | out: lpFileInformation=0xc00020dd44) returned 1 [0127.775] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc00020dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020dd28) returned 1 [0127.775] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x94000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0127.775] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x94000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0127.775] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x4a000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0127.775] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x25000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0127.775] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0127.775] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0127.775] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0127.775] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0127.775] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x92000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0127.789] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0003fe000, nNumberOfBytesToRead=0x929c0, lpNumberOfBytesRead=0xc00020dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesRead=0xc00020dc04*=0x927c0, lpOverlapped=0x0) returned 1 [0130.601] SetEvent (hEvent=0xc0) returned 1 [0130.601] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0004907c0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004907c0*, lpNumberOfBytesRead=0xc00020dc04*=0x0, lpOverlapped=0x0) returned 1 [0130.601] CloseHandle (hObject=0x3cc) returned 1 [0130.666] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0132.817] SetEvent (hEvent=0x354) returned 1 [0132.817] SetEvent (hEvent=0x258) returned 1 [0132.817] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0132.821] SetEvent (hEvent=0x354) returned 1 [0132.821] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0132.822] SetEvent (hEvent=0x354) returned 1 [0132.822] SetEvent (hEvent=0x3c0) returned 1 [0132.822] SetEvent (hEvent=0x258) returned 1 [0132.822] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0132.845] SetEvent (hEvent=0x148) returned 1 [0132.845] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0132.853] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000168420*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0002d9808, lpReserved=0x0 | out: lpBuffer=0xc000168420*, lpNumberOfCharsWritten=0xc0002d9808*=0xad) returned 1 [0132.858] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0132.858] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0132.859] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0132.859] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.860] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.861] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0132.861] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0002d9d64 | out: lpMode=0xc0002d9d64) returned 0 [0132.862] GetFileType (hFile=0x2e8) returned 0x1 [0132.862] WriteFile (in: hFile=0x2e8, lpBuffer=0xc000168840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000168840*, lpNumberOfBytesWritten=0xc0002d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.863] CloseHandle (hObject=0x2e8) returned 1 [0132.865] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwFlags=0x1) returned 1 [0133.037] SetEvent (hEvent=0x12c) returned 1 [0133.037] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0133.039] SetEvent (hEvent=0x1b4) returned 1 [0133.039] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0133.040] SetEvent (hEvent=0x1b4) returned 1 [0133.040] SetEvent (hEvent=0x12c) returned 1 [0133.040] SwitchToThread () returned 1 [0133.041] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0133.043] SetEvent (hEvent=0x1b4) returned 1 [0133.043] SetEvent (hEvent=0x12c) returned 1 [0133.043] SetEvent (hEvent=0x334) returned 1 [0133.043] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0133.045] SetEvent (hEvent=0x1b4) returned 1 [0133.046] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0133.046] SetEvent (hEvent=0x1b4) returned 1 [0133.046] SetEvent (hEvent=0x12c) returned 1 [0133.046] SetEvent (hEvent=0x334) returned 1 [0133.047] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0133.057] SetEvent (hEvent=0x3c0) returned 1 [0133.057] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0141.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0141.071] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc000211cf4 | out: lpMode=0xc000211cf4) returned 0 [0141.075] GetFileType (hFile=0x3cc) returned 0x1 [0141.075] GetFileType (hFile=0x3cc) returned 0x1 [0141.076] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc000211d44 | out: lpFileInformation=0xc000211d44) returned 1 [0141.076] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc000211d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000211d28) returned 1 [0141.076] ReadFile (in: hFile=0x3cc, lpBuffer=0xc000198480, nNumberOfBytesToRead=0x41f, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc000198480*, lpNumberOfBytesRead=0xc000211c04*=0x21f, lpOverlapped=0x0) returned 1 [0141.077] ReadFile (in: hFile=0x3cc, lpBuffer=0xc00019869f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc00019869f*, lpNumberOfBytesRead=0xc000211c04*=0x0, lpOverlapped=0x0) returned 1 [0141.077] CloseHandle (hObject=0x3cc) returned 1 [0141.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0141.078] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc000211d04 | out: lpMode=0xc000211d04) returned 0 [0141.090] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0141.267] SetEvent (hEvent=0x354) returned 1 [0141.267] GetFileType (hFile=0x3cc) returned 0x1 [0141.267] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0141.495] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0001846c0*, nNumberOfBytesToWrite=0x220, lpNumberOfBytesWritten=0xc000211cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001846c0*, lpNumberOfBytesWritten=0xc000211cec*=0x220, lpOverlapped=0x0) returned 1 [0142.500] CloseHandle (hObject=0x3cc) returned 1 [0142.826] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0143.704] VirtualAlloc (lpAddress=0xc00067e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00067e000 [0143.706] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0143.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x81c [0143.706] GetConsoleMode (in: hConsoleHandle=0x81c, lpMode=0xc000211d64 | out: lpMode=0xc000211d64) returned 0 [0143.708] GetFileType (hFile=0x81c) returned 0x1 [0143.708] WriteFile (in: hFile=0x81c, lpBuffer=0xc000291600*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000211d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000291600*, lpNumberOfBytesWritten=0xc000211d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.709] CloseHandle (hObject=0x81c) returned 1 [0143.709] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0143.710] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@google[4].txt"), dwFlags=0x1) returned 1 [0143.712] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe30*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.726] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0143.726] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf698, ulCount=0x10, ulNumEntriesRemoved=0x28fcf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf698, ulNumEntriesRemoved=0x28fcf66c) returned 0 [0143.726] SetEvent (hEvent=0xc0) returned 1 [0143.727] SetEvent (hEvent=0x970) returned 1 [0143.727] SetEvent (hEvent=0x47c) returned 1 [0143.727] SetEvent (hEvent=0x49c) returned 1 [0143.729] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.738] SetEvent (hEvent=0x49c) returned 1 [0143.738] SetEvent (hEvent=0x47c) returned 1 [0143.738] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe08*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.745] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x28fcf6a0, ulCount=0x10, ulNumEntriesRemoved=0x28fcf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x28fcf6a0, ulNumEntriesRemoved=0x28fcf674) returned 0 [0143.745] SetEvent (hEvent=0x970) returned 1 [0143.745] SetEvent (hEvent=0x49c) returned 1 [0143.745] SetEvent (hEvent=0x47c) returned 1 [0143.745] WaitForMultipleObjects (nCount=0x2, lpHandles=0x28fcfe18*=0x13c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.748] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0143.748] SetEvent (hEvent=0x148) returned 1 [0143.748] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0143.769] SetEvent (hEvent=0x148) returned 1 [0143.769] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0143.774] SetEvent (hEvent=0x148) returned 1 [0143.774] SetEvent (hEvent=0x1dc) returned 1 [0143.774] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0143.779] SetEvent (hEvent=0xc24) returned 1 [0143.779] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) returned 0x0 [0143.784] SetEvent (hEvent=0xa70) returned 1 [0143.784] WaitForSingleObject (hHandle=0x13c, dwMilliseconds=0xffffffff) Thread: id = 20 os_tid = 0x824 [0090.541] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x291cfea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x291cfea0*=0x158) returned 1 [0090.541] VirtualQuery (in: lpAddress=0x291cfec0, lpBuffer=0x291cfec0, dwLength=0x30 | out: lpBuffer=0x291cfec0*(BaseAddress=0x291cf000, AllocationBase=0x28fd0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0090.541] SetEvent (hEvent=0xb8) returned 1 [0090.541] SetEvent (hEvent=0x8c) returned 1 [0090.541] SetEvent (hEvent=0x108) returned 1 [0090.541] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x15c [0090.541] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x160 [0090.541] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0096.236] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0096.237] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0096.237] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000157cf4 | out: lpMode=0xc000157cf4) returned 0 [0096.238] GetFileType (hFile=0x150) returned 0x1 [0096.238] GetFileType (hFile=0x150) returned 0x1 [0096.238] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000157d44 | out: lpFileInformation=0xc000157d44) returned 1 [0096.238] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000157d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000157d28) returned 1 [0096.238] ReadFile (in: hFile=0x150, lpBuffer=0xc00003d180, nNumberOfBytesToRead=0x359, lpNumberOfBytesRead=0xc000157c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003d180*, lpNumberOfBytesRead=0xc000157c04*=0x159, lpOverlapped=0x0) returned 1 [0096.239] ReadFile (in: hFile=0x150, lpBuffer=0xc00003d2d9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000157c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003d2d9*, lpNumberOfBytesRead=0xc000157c04*=0x0, lpOverlapped=0x0) returned 1 [0096.239] CloseHandle (hObject=0x150) returned 1 [0096.239] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0096.240] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000157d04 | out: lpMode=0xc000157d04) returned 0 [0096.244] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0096.246] SetEvent (hEvent=0x8c) returned 1 [0096.246] GetFileType (hFile=0x150) returned 0x1 [0096.246] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0096.263] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0096.263] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0xc000157cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000157cec*=0x160, lpOverlapped=0x0) returned 1 [0096.265] CloseHandle (hObject=0x150) returned 1 [0096.266] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0096.266] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0096.267] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0096.267] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0096.268] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0096.268] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000157d64 | out: lpMode=0xc000157d64) returned 0 [0096.278] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0096.286] SetEvent (hEvent=0x12c) returned 1 [0096.286] SetEvent (hEvent=0x100) returned 1 [0096.286] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0096.290] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0096.292] SetEvent (hEvent=0x12c) returned 1 [0096.292] SetEvent (hEvent=0x100) returned 1 [0096.292] VirtualFree (lpAddress=0xc000190000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.292] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.292] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.293] VirtualFree (lpAddress=0xc000158000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.293] VirtualFree (lpAddress=0xc000140000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.293] VirtualFree (lpAddress=0xc00013c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.293] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.294] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0096.294] SwitchToThread () returned 1 [0096.295] SetEvent (hEvent=0x12c) returned 1 [0096.295] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0096.318] SetEvent (hEvent=0x12c) returned 1 [0096.318] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0096.320] SetEvent (hEvent=0x8c) returned 1 [0096.320] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0096.328] SetEvent (hEvent=0x100) returned 1 [0096.328] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0096.338] SetEvent (hEvent=0x12c) returned 1 [0096.338] SetEvent (hEvent=0xb8) returned 1 [0096.338] SetEvent (hEvent=0x8c) returned 1 [0096.338] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0096.365] VirtualFree (lpAddress=0xc000194000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0096.366] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0096.366] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0096.366] SetEvent (hEvent=0x100) returned 1 [0096.366] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0096.432] SetEvent (hEvent=0x13c) returned 1 [0096.432] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0096.982] SetEvent (hEvent=0x12c) returned 1 [0096.982] SetEvent (hEvent=0x9c) returned 1 [0096.982] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.023] SetEvent (hEvent=0x9c) returned 1 [0097.023] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.033] SetEvent (hEvent=0x9c) returned 1 [0097.033] SetEvent (hEvent=0x13c) returned 1 [0097.033] SwitchToThread () returned 1 [0097.037] SetEvent (hEvent=0x9c) returned 1 [0097.037] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.046] SetEvent (hEvent=0x12c) returned 1 [0097.046] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.048] SetEvent (hEvent=0x13c) returned 1 [0097.048] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.053] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.108] SetEvent (hEvent=0x12c) returned 1 [0097.109] VirtualAlloc (lpAddress=0xc0001f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f2000 [0097.109] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8716c790, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ec)) returned 1 [0097.110] VirtualAlloc (lpAddress=0xc0001f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f4000 [0097.110] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81a42ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.111] VirtualAlloc (lpAddress=0xc0001f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f6000 [0097.111] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\*", lpFindFileData=0xc0000751d0 | out: lpFindFileData=0xc0000751d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81a42ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.111] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81a42ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.111] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4.2.8_0", cAlternateFileName="4278E1~1.8_0")) returned 1 [0097.111] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.111] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.111] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.119] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\*", lpFindFileData=0xc0000750f8 | out: lpFindFileData=0xc0000750f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.127] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.127] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="128.png", cAlternateFileName="")) returned 1 [0097.127] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85347ad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0097.127] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0097.127] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85348a70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85348a70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85348a70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0097.128] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075128 | out: lpFindFileData=0xc000075128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.128] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.132] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x851f1e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85639950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd4e)) returned 1 [0097.136] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.141] SwitchToThread () returned 1 [0097.142] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.143] SetEvent (hEvent=0x13c) returned 1 [0097.143] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.148] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.149] SetEvent (hEvent=0x12c) returned 1 [0097.149] SetEvent (hEvent=0x8c) returned 1 [0097.149] SetEvent (hEvent=0x13c) returned 1 [0097.149] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.151] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.158] SetEvent (hEvent=0x12c) returned 1 [0097.158] SetEvent (hEvent=0x8c) returned 1 [0097.158] VirtualFree (lpAddress=0xc0001f8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.158] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.158] VirtualFree (lpAddress=0xc000178000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.159] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.159] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.159] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.160] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.160] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863a8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000069818, lpReserved=0x0 | out: lpBuffer=0xc0005863a8*, lpNumberOfCharsWritten=0xc000069818*=0x3) returned 1 [0097.166] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.170] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018d818, lpReserved=0x0 | out: lpBuffer=0xc0005863b0*, lpNumberOfCharsWritten=0xc00018d818*=0x3) returned 1 [0097.173] SetEvent (hEvent=0x13c) returned 1 [0097.173] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0390*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000129818, lpReserved=0x0 | out: lpBuffer=0xc0000a0390*, lpNumberOfCharsWritten=0xc000129818*=0x3) returned 1 [0097.174] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.178] SetEvent (hEvent=0xb8) returned 1 [0097.178] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.181] VirtualFree (lpAddress=0xc0001fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.181] VirtualFree (lpAddress=0xc000190000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.181] VirtualFree (lpAddress=0xc00017a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0097.182] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.182] SetEvent (hEvent=0x12c) returned 1 [0097.182] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.214] GetFileType (hFile=0x128) returned 0x1 [0097.214] WriteFile (in: hFile=0x128, lpBuffer=0xc0000be360*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000067cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000be360*, lpNumberOfBytesWritten=0xc000067cec*=0x110, lpOverlapped=0x0) returned 1 [0097.216] CloseHandle (hObject=0x128) returned 1 [0097.216] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0097.216] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0097.216] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000067d64 | out: lpMode=0xc000067d64) returned 0 [0097.221] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.231] GetFileType (hFile=0x128) returned 0x1 [0097.231] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0097.231] WriteFile (in: hFile=0x128, lpBuffer=0xc00011e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000067d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011e000*, lpNumberOfBytesWritten=0xc000067d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.231] CloseHandle (hObject=0x128) returned 1 [0097.231] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0097.232] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0097.232] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0097.233] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.233] SetEvent (hEvent=0x13c) returned 1 [0097.233] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.244] SetEvent (hEvent=0x8c) returned 1 [0097.244] SetEvent (hEvent=0xb8) returned 1 [0097.244] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.250] SetEvent (hEvent=0x8c) returned 1 [0097.251] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.256] SetEvent (hEvent=0x8c) returned 1 [0097.256] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.257] SetEvent (hEvent=0x12c) returned 1 [0097.257] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.260] SetEvent (hEvent=0x8c) returned 1 [0097.261] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.264] SetEvent (hEvent=0x8c) returned 1 [0097.264] SetEvent (hEvent=0xb8) returned 1 [0097.264] VirtualFree (lpAddress=0xc000280000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.265] VirtualFree (lpAddress=0xc00020a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.265] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.265] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.265] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.265] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.266] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.266] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.266] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.266] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.266] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.266] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.266] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.266] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.267] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.267] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.267] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85218f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.267] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85217f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85217f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85217f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.277] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.286] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.317] SetEvent (hEvent=0x8c) returned 1 [0097.317] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.382] SetEvent (hEvent=0x12c) returned 1 [0097.382] SwitchToThread () returned 1 [0097.383] SetEvent (hEvent=0x12c) returned 1 [0097.383] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.385] SetEvent (hEvent=0x13c) returned 1 [0097.385] VirtualFree (lpAddress=0xc000296000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0097.386] VirtualFree (lpAddress=0xc000208000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.386] VirtualFree (lpAddress=0xc0001ae000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.386] VirtualFree (lpAddress=0xc000136000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.386] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.387] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.387] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0097.387] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0097.388] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0097.388] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0006e3cf4 | out: lpMode=0xc0006e3cf4) returned 0 [0097.397] GetFileType (hFile=0x144) returned 0x1 [0097.397] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0097.397] GetFileType (hFile=0x144) returned 0x1 [0097.397] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0006e3d44 | out: lpFileInformation=0xc0006e3d44) returned 1 [0097.397] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0006e3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e3d28) returned 1 [0097.397] VirtualAlloc (lpAddress=0xc00015c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015c000 [0097.398] ReadFile (in: hFile=0x144, lpBuffer=0xc00015c000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00015c000*, lpNumberOfBytesRead=0xc0006e3c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.399] ReadFile (in: hFile=0x144, lpBuffer=0xc00015c0b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00015c0b3*, lpNumberOfBytesRead=0xc0006e3c04*=0x0, lpOverlapped=0x0) returned 1 [0097.399] CloseHandle (hObject=0x144) returned 1 [0097.399] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0097.399] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0097.400] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0097.400] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0097.401] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0006e3d04 | out: lpMode=0xc0006e3d04) returned 0 [0097.407] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.415] SetEvent (hEvent=0x120) returned 1 [0097.415] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.424] SwitchToThread () returned 1 [0097.429] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0097.429] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000c1cf4 | out: lpMode=0xc0000c1cf4) returned 0 [0097.433] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.440] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.441] SetEvent (hEvent=0x13c) returned 1 [0097.441] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.448] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0097.448] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0097.448] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0097.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0097.449] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000065cf4 | out: lpMode=0xc000065cf4) returned 0 [0097.459] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.468] SetEvent (hEvent=0x9c) returned 1 [0097.468] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.469] SetEvent (hEvent=0x120) returned 1 [0097.469] SwitchToThread () returned 1 [0097.475] SetEvent (hEvent=0x120) returned 1 [0097.475] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.476] SetEvent (hEvent=0x120) returned 1 [0097.476] SetEvent (hEvent=0x13c) returned 1 [0097.476] SetEvent (hEvent=0x8c) returned 1 [0097.476] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.483] GetFileType (hFile=0x128) returned 0x1 [0097.483] GetFileType (hFile=0x128) returned 0x1 [0097.483] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000065d44 | out: lpFileInformation=0xc000065d44) returned 1 [0097.483] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000065d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000065d28) returned 1 [0097.483] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0097.484] ReadFile (in: hFile=0x128, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc000065c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.485] ReadFile (in: hFile=0x128, lpBuffer=0xc00003c0b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c0b3*, lpNumberOfBytesRead=0xc000065c04*=0x0, lpOverlapped=0x0) returned 1 [0097.485] CloseHandle (hObject=0x128) returned 1 [0097.485] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0097.486] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0097.486] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0097.487] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000065d04 | out: lpMode=0xc000065d04) returned 0 [0097.496] GetFileType (hFile=0x128) returned 0x1 [0097.497] WriteFile (in: hFile=0x128, lpBuffer=0xc00017e0c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000065cec, lpOverlapped=0x0 | out: lpBuffer=0xc00017e0c0*, lpNumberOfBytesWritten=0xc000065cec*=0xc0, lpOverlapped=0x0) returned 1 [0097.498] CloseHandle (hObject=0x128) returned 1 [0097.498] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0097.498] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0097.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0097.499] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000065d64 | out: lpMode=0xc000065d64) returned 0 [0097.501] GetFileType (hFile=0x128) returned 0x1 [0097.501] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000065d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000065d4c*=0x158, lpOverlapped=0x0) returned 1 [0097.502] CloseHandle (hObject=0x128) returned 1 [0097.502] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\encry-messages.json"), dwFlags=0x1) returned 1 [0097.503] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.527] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0097.527] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0097.527] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00012dcf4 | out: lpMode=0xc00012dcf4) returned 0 [0097.535] GetFileType (hFile=0xf4) returned 0x1 [0097.535] GetFileType (hFile=0xf4) returned 0x1 [0097.535] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc00012dd44 | out: lpFileInformation=0xc00012dd44) returned 1 [0097.535] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc00012dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012dd28) returned 1 [0097.535] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0097.535] ReadFile (in: hFile=0xf4, lpBuffer=0xc000050000, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesRead=0xc00012dc04*=0xb3, lpOverlapped=0x0) returned 1 [0097.537] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000500b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000500b3*, lpNumberOfBytesRead=0xc00012dc04*=0x0, lpOverlapped=0x0) returned 1 [0097.537] CloseHandle (hObject=0xf4) returned 1 [0097.538] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0097.538] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0097.538] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0097.539] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00012dd04 | out: lpMode=0xc00012dd04) returned 0 [0097.540] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.546] SetEvent (hEvent=0xc0) returned 1 [0097.546] GetFileType (hFile=0xf4) returned 0x1 [0097.546] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.557] SetEvent (hEvent=0xc0) returned 1 [0097.557] SetEvent (hEvent=0x120) returned 1 [0097.557] WriteFile (in: hFile=0xf4, lpBuffer=0xc00017e000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc00012dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00017e000*, lpNumberOfBytesWritten=0xc00012dcec*=0xc0, lpOverlapped=0x0) returned 1 [0097.558] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.561] SetEvent (hEvent=0x120) returned 1 [0097.561] CloseHandle (hObject=0xf4) returned 1 [0097.562] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0097.562] VirtualAlloc (lpAddress=0xc0001d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d0000 [0097.562] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0097.562] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc00012dd64 | out: lpMode=0xc00012dd64) returned 0 [0097.564] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.568] GetFileType (hFile=0xf4) returned 0x1 [0097.568] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.573] SetEvent (hEvent=0x120) returned 1 [0097.573] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.577] SetEvent (hEvent=0x9c) returned 1 [0097.578] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.579] SetEvent (hEvent=0x9c) returned 1 [0097.579] SetEvent (hEvent=0x120) returned 1 [0097.579] VirtualFree (lpAddress=0xc000272000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.580] VirtualFree (lpAddress=0xc00026e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.580] VirtualFree (lpAddress=0xc000266000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.580] VirtualFree (lpAddress=0xc00015a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.580] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.581] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0097.581] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0000b7cf4 | out: lpMode=0xc0000b7cf4) returned 0 [0097.584] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.585] GetFileType (hFile=0x148) returned 0x1 [0097.585] GetFileType (hFile=0x148) returned 0x1 [0097.586] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc0000b7d44 | out: lpFileInformation=0xc0000b7d44) returned 1 [0097.586] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc0000b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000b7d28) returned 1 [0097.586] ReadFile (in: hFile=0x148, lpBuffer=0xc0000582c0, nNumberOfBytesToRead=0x2b3, lpNumberOfBytesRead=0xc0000b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000582c0*, lpNumberOfBytesRead=0xc0000b7c04*=0xb3, lpOverlapped=0x0) returned 1 [0097.587] ReadFile (in: hFile=0x148, lpBuffer=0xc000058373, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000058373*, lpNumberOfBytesRead=0xc0000b7c04*=0x0, lpOverlapped=0x0) returned 1 [0097.587] CloseHandle (hObject=0x148) returned 1 [0097.587] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0097.588] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0000b7d04 | out: lpMode=0xc0000b7d04) returned 0 [0097.589] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.590] SetEvent (hEvent=0x9c) returned 1 [0097.590] GetFileType (hFile=0x148) returned 0x1 [0097.590] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.702] VirtualFree (lpAddress=0xc00026c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.702] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.703] VirtualFree (lpAddress=0xc000058000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0097.703] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.703] VirtualAlloc (lpAddress=0xc0001d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d2000 [0097.704] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.704] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.704] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.704] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.704] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.704] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.704] VirtualAlloc (lpAddress=0xc0001d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d4000 [0097.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.705] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.705] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.705] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.705] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.705] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.706] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.706] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.706] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.711] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.711] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.711] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.711] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c12fb00, ftLastWriteTime.dwHighDateTime=0x1d0f3ee, nFileSizeHigh=0x0, nFileSizeLow=0x9f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.711] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.711] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c12fb00, ftLastWriteTime.dwHighDateTime=0x1d0f3ee, nFileSizeHigh=0x0, nFileSizeLow=0x9f)) returned 1 [0097.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.712] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.712] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.712] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8528a390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8528a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.712] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.712] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.712] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.713] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852893f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.713] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.719] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.719] VirtualAlloc (lpAddress=0xc0001d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d6000 [0097.719] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8528a390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.719] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.719] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.719] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.720] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.720] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.720] VirtualAlloc (lpAddress=0xc0001d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d8000 [0097.721] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0097.721] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0097.721] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0097.721] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0097.721] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0097.721] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0097.721] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85639950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3)) returned 1 [0097.721] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x852b04f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x852b04f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x852b04f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0097.724] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.728] SetEvent (hEvent=0x120) returned 1 [0097.728] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.733] SetEvent (hEvent=0x12c) returned 1 [0097.734] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.736] VirtualFree (lpAddress=0xc0002d4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0097.736] VirtualFree (lpAddress=0xc00027e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0097.737] VirtualFree (lpAddress=0xc0001d2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0097.737] VirtualFree (lpAddress=0xc00006a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0097.737] SetEvent (hEvent=0x120) returned 1 [0097.737] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.739] SetEvent (hEvent=0x12c) returned 1 [0097.739] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0097.758] SetEvent (hEvent=0x120) returned 1 [0097.758] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.042] SetEvent (hEvent=0x12c) returned 1 [0098.042] SetEvent (hEvent=0x9c) returned 1 [0098.042] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.052] SetEvent (hEvent=0x8c) returned 1 [0098.052] SetEvent (hEvent=0x12c) returned 1 [0098.052] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.061] SetEvent (hEvent=0x8c) returned 1 [0098.061] SetEvent (hEvent=0x12c) returned 1 [0098.061] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.086] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.108] SetEvent (hEvent=0x100) returned 1 [0098.108] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.133] SetEvent (hEvent=0x9c) returned 1 [0098.133] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.149] SetEvent (hEvent=0x100) returned 1 [0098.149] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0098.150] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000157cf4 | out: lpMode=0xc000157cf4) returned 0 [0098.152] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.155] GetFileType (hFile=0xf4) returned 0x1 [0098.155] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0098.156] GetFileType (hFile=0xf4) returned 0x1 [0098.156] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000157d44 | out: lpFileInformation=0xc000157d44) returned 1 [0098.156] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000157d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000157d28) returned 1 [0098.156] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0098.156] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000f0000, nNumberOfBytesToRead=0x330, lpNumberOfBytesRead=0xc000157c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesRead=0xc000157c04*=0x130, lpOverlapped=0x0) returned 1 [0098.158] ReadFile (in: hFile=0xf4, lpBuffer=0xc0000f0130, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000157c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0130*, lpNumberOfBytesRead=0xc000157c04*=0x0, lpOverlapped=0x0) returned 1 [0098.158] CloseHandle (hObject=0xf4) returned 1 [0098.158] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0098.158] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0098.160] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000157d04 | out: lpMode=0xc000157d04) returned 0 [0098.160] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.166] GetFileType (hFile=0xf4) returned 0x1 [0098.166] WriteFile (in: hFile=0xf4, lpBuffer=0xc0003ca3c0*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0xc000157cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003ca3c0*, lpNumberOfBytesWritten=0xc000157cec*=0x140, lpOverlapped=0x0) returned 1 [0098.167] CloseHandle (hObject=0xf4) returned 1 [0098.167] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0098.167] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0098.168] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0098.168] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000157d64 | out: lpMode=0xc000157d64) returned 0 [0098.174] GetFileType (hFile=0xf4) returned 0x1 [0098.174] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000157d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000157d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.174] CloseHandle (hObject=0xf4) returned 1 [0098.174] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.175] GetFileType (hFile=0xec) returned 0x1 [0098.175] GetFileType (hFile=0xec) returned 0x1 [0098.175] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000153d44 | out: lpFileInformation=0xc000153d44) returned 1 [0098.175] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000153d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000153d28) returned 1 [0098.175] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0098.176] ReadFile (in: hFile=0xec, lpBuffer=0xc00017c000, nNumberOfBytesToRead=0x2d5, lpNumberOfBytesRead=0xc000153c04, lpOverlapped=0x0 | out: lpBuffer=0xc00017c000*, lpNumberOfBytesRead=0xc000153c04*=0xd5, lpOverlapped=0x0) returned 1 [0098.177] ReadFile (in: hFile=0xec, lpBuffer=0xc00017c0d5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000153c04, lpOverlapped=0x0 | out: lpBuffer=0xc00017c0d5*, lpNumberOfBytesRead=0xc000153c04*=0x0, lpOverlapped=0x0) returned 1 [0098.177] CloseHandle (hObject=0xec) returned 1 [0098.177] VirtualAlloc (lpAddress=0xc00017e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017e000 [0098.178] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0098.178] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0098.178] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0098.179] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000153d04 | out: lpMode=0xc000153d04) returned 0 [0098.187] GetFileType (hFile=0xec) returned 0x1 [0098.187] WriteFile (in: hFile=0xec, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000153cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc000153cec*=0xe0, lpOverlapped=0x0) returned 1 [0098.188] CloseHandle (hObject=0xec) returned 1 [0098.188] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0098.188] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0098.189] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0098.189] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000153d64 | out: lpMode=0xc000153d64) returned 0 [0098.192] GetFileType (hFile=0xec) returned 0x1 [0098.192] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000153d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000153d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.192] CloseHandle (hObject=0xec) returned 1 [0098.192] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.194] VirtualFree (lpAddress=0xc00017c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.194] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.194] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.194] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.195] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.195] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84140710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84142e20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.195] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84140710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84142e20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.196] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84140710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84142e20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.196] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84142e20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.196] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.196] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.196] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84142e20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84142e20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2)) returned 1 [0098.196] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84147c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414a350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8414a350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.196] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.196] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84147c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414a350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8414a350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.197] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84147c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414a350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8414a350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.197] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8414a350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414f170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.197] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.197] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.197] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8414a350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8414f170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdc)) returned 1 [0098.200] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.203] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0098.204] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84153f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841566a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.204] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.204] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84153f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841566a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.204] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0098.205] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84153f90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841566a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.205] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841566a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.205] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.205] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841566a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841566a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf)) returned 1 [0098.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8415b4c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8415dbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.206] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.206] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8415b4c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8415dbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.206] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8415b4c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8415dbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.206] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8415dbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.206] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.206] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.206] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8415dbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8415dbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2)) returned 1 [0098.211] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0098.212] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841629f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84165100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.212] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841629f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84165100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.213] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841629f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84165100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.213] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84165100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.213] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.213] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.213] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84165100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84165100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee)) returned 1 [0098.213] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0098.214] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84169f20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8416c630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.214] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.214] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84169f20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8416c630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.214] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0098.214] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84169f20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8416c630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.215] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8416c630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.215] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.215] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.215] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8416c630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8416c630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0098.219] SetEvent (hEvent=0x120) returned 1 [0098.219] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84171450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84173b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.219] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.219] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84171450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84173b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.220] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84171450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84173b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.220] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84173b60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.220] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.220] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.220] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84173b60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84173b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb)) returned 1 [0098.220] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84176270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8417b090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.220] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84176270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8417b090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.221] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84176270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8417b090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.221] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8417b090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.221] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.221] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.221] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8417b090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8417b090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8)) returned 1 [0098.222] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.231] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0098.231] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8417feb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841825c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.232] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8417feb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841825c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.232] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8417feb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841825c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.232] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841825c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.232] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.232] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.232] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841825c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841825c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7)) returned 1 [0098.233] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841873e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84189af0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.233] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.233] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841873e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84189af0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.233] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841873e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84189af0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.233] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84189af0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.233] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.234] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.234] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84189af0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84189af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b43b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf5)) returned 1 [0098.241] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8418e910, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84191020, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.242] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8418e910, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84191020, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.242] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8418e910, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84191020, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.242] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84191020, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.242] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.242] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.242] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84191020, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84191020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0)) returned 1 [0098.242] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84195e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84198550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84198550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.243] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84195e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84198550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84198550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.243] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84195e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84198550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84198550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.243] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84198550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8419d370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.243] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.243] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.243] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84198550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8419d370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb)) returned 1 [0098.247] SetEvent (hEvent=0x12c) returned 1 [0098.248] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8419fa80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a2190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a2190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.248] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0098.248] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.248] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8419fa80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a2190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a2190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.248] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8419fa80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a2190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a2190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.248] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841a2190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a48a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.249] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.249] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.249] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841a2190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a48a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe5)) returned 1 [0098.249] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841a6fb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a96c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.249] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.249] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841a6fb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a96c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.249] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0098.250] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841a6fb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841a96c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.250] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841a96c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.250] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.250] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.250] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841a96c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841a96c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0)) returned 1 [0098.253] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.259] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ae4e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b0bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.259] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.260] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ae4e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b0bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.260] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841ae4e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b0bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.260] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841b0bf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.260] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.260] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.260] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841b0bf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b0bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd)) returned 1 [0098.260] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841b5a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b8120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.261] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.261] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841b5a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b8120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.261] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841b5a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841b8120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.261] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841b8120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xbf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.261] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.261] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.261] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841b8120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841b8120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbcc13a00, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xbf)) returned 1 [0098.264] VirtualAlloc (lpAddress=0xc0001a8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a8000 [0098.265] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841bcf40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841bf650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.265] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.265] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841bcf40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841bf650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.266] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841bcf40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841bf650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.266] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841bf650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.266] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.266] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.266] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841bf650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841bf650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1)) returned 1 [0098.266] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841c6b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841c9290, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.267] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841c6b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841c9290, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.267] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x841c6b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x841c9290, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.267] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841c9290, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.267] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.267] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.267] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x841c9290, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x841c9290, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b6ac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5)) returned 1 [0098.269] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.274] SetEvent (hEvent=0x8c) returned 1 [0098.274] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.279] SetEvent (hEvent=0x100) returned 1 [0098.279] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.293] SetEvent (hEvent=0x100) returned 1 [0098.293] SetEvent (hEvent=0x8c) returned 1 [0098.293] SwitchToThread () returned 1 [0098.294] SetEvent (hEvent=0x100) returned 1 [0098.294] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.295] SetEvent (hEvent=0x13c) returned 1 [0098.295] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.298] SwitchToThread () returned 1 [0098.305] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.306] SetEvent (hEvent=0x13c) returned 1 [0098.306] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.307] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0098.307] SetEvent (hEvent=0x8c) returned 1 [0098.307] SetEvent (hEvent=0x13c) returned 1 [0098.307] SetEvent (hEvent=0x120) returned 1 [0098.308] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.312] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.312] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.312] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0098.312] SetEvent (hEvent=0x100) returned 1 [0098.312] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.316] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0098.317] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0098.317] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0098.317] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000199cf4 | out: lpMode=0xc000199cf4) returned 0 [0098.323] GetFileType (hFile=0x148) returned 0x1 [0098.323] GetFileType (hFile=0x148) returned 0x1 [0098.323] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000199d44 | out: lpFileInformation=0xc000199d44) returned 1 [0098.323] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000199d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000199d28) returned 1 [0098.323] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0098.323] ReadFile (in: hFile=0x148, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x2d7, lpNumberOfBytesRead=0xc000199c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc000199c04*=0xd7, lpOverlapped=0x0) returned 1 [0098.325] ReadFile (in: hFile=0x148, lpBuffer=0xc00004c0d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000199c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c0d7*, lpNumberOfBytesRead=0xc000199c04*=0x0, lpOverlapped=0x0) returned 1 [0098.325] CloseHandle (hObject=0x148) returned 1 [0098.325] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0098.325] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0098.325] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0098.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0098.337] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000199d04 | out: lpMode=0xc000199d04) returned 0 [0098.349] GetFileType (hFile=0x148) returned 0x1 [0098.349] WriteFile (in: hFile=0x148, lpBuffer=0xc000054000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000199cec, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesWritten=0xc000199cec*=0xe0, lpOverlapped=0x0) returned 1 [0098.350] CloseHandle (hObject=0x148) returned 1 [0098.350] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0098.351] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0098.351] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0098.351] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0098.352] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0098.352] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0098.352] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000199d64 | out: lpMode=0xc000199d64) returned 0 [0098.365] GetFileType (hFile=0x148) returned 0x1 [0098.365] WriteFile (in: hFile=0x148, lpBuffer=0xc0002042c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000199d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002042c0*, lpNumberOfBytesWritten=0xc000199d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.365] CloseHandle (hObject=0x148) returned 1 [0098.365] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.366] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.530] SetEvent (hEvent=0x8c) returned 1 [0098.530] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xf4 [0098.544] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000141cf4 | out: lpMode=0xc000141cf4) returned 0 [0098.545] GetFileType (hFile=0xf4) returned 0x1 [0098.545] GetFileType (hFile=0xf4) returned 0x1 [0098.545] GetFileInformationByHandle (in: hFile=0xf4, lpFileInformation=0xc000141d44 | out: lpFileInformation=0xc000141d44) returned 1 [0098.546] GetFileInformationByHandleEx (in: hFile=0xf4, FileInformationClass=0x9, lpFileInformation=0xc000141d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000141d28) returned 1 [0098.546] ReadFile (in: hFile=0xf4, lpBuffer=0xc00004c300, nNumberOfBytesToRead=0x2e2, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c300*, lpNumberOfBytesRead=0xc000141c04*=0xe2, lpOverlapped=0x0) returned 1 [0098.547] ReadFile (in: hFile=0xf4, lpBuffer=0xc00004c3e2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c3e2*, lpNumberOfBytesRead=0xc000141c04*=0x0, lpOverlapped=0x0) returned 1 [0098.547] CloseHandle (hObject=0xf4) returned 1 [0098.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0098.548] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000141d04 | out: lpMode=0xc000141d04) returned 0 [0098.549] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.550] SetEvent (hEvent=0x12c) returned 1 [0098.550] GetFileType (hFile=0xf4) returned 0x1 [0098.550] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.565] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0098.565] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0098.565] WriteFile (in: hFile=0xf4, lpBuffer=0xc00003c5a0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000141cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c5a0*, lpNumberOfBytesWritten=0xc000141cec*=0xf0, lpOverlapped=0x0) returned 1 [0098.567] CloseHandle (hObject=0xf4) returned 1 [0098.567] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0098.567] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0098.567] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0098.568] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0098.568] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0098.568] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xf4 [0098.569] GetConsoleMode (in: hConsoleHandle=0xf4, lpMode=0xc000141d64 | out: lpMode=0xc000141d64) returned 0 [0098.581] GetFileType (hFile=0xf4) returned 0x1 [0098.581] WriteFile (in: hFile=0xf4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000141d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000141d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.581] CloseHandle (hObject=0xf4) returned 1 [0098.581] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.582] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0098.582] SetEvent (hEvent=0x8c) returned 1 [0098.582] SetEvent (hEvent=0x9c) returned 1 [0098.582] VirtualAlloc (lpAddress=0xc000190000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000190000 [0098.584] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.591] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.591] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0098.591] SetEvent (hEvent=0x9c) returned 1 [0098.591] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.600] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.601] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.601] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0098.601] SetEvent (hEvent=0xc0) returned 1 [0098.601] SetEvent (hEvent=0x8c) returned 1 [0098.601] SetEvent (hEvent=0x13c) returned 1 [0098.602] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.605] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.607] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0098.607] SetEvent (hEvent=0x8c) returned 1 [0098.607] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.610] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.611] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0098.611] SetEvent (hEvent=0x9c) returned 1 [0098.611] SetEvent (hEvent=0x13c) returned 1 [0098.612] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.616] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.619] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0098.619] SetEvent (hEvent=0x9c) returned 1 [0098.619] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.624] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.624] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.625] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.625] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0098.625] SetEvent (hEvent=0xc0) returned 1 [0098.625] SetEvent (hEvent=0x13c) returned 1 [0098.625] SetEvent (hEvent=0x12c) returned 1 [0098.626] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.629] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.632] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0098.632] SetEvent (hEvent=0x13c) returned 1 [0098.632] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.640] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.640] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0098.641] SetEvent (hEvent=0x9c) returned 1 [0098.641] SetEvent (hEvent=0x8c) returned 1 [0098.642] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.643] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.644] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0098.644] SetEvent (hEvent=0x13c) returned 1 [0098.644] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.647] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.647] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0098.647] SetEvent (hEvent=0x8c) returned 1 [0098.647] SetEvent (hEvent=0x9c) returned 1 [0098.648] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.652] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0098.656] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0098.656] SetEvent (hEvent=0x8c) returned 1 [0098.656] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0098.659] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84212670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84212670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.660] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.660] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84212670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84212670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.660] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84212670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84212670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.660] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84214d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.660] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.660] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.660] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0098.661] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0098.662] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84212670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84214d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1)) returned 1 [0098.662] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84219ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8421c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0098.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0098.662] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84219ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8421c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0098.662] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84219ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8421c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0098.662] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8421c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0098.662] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0098.663] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0098.663] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8421c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8421c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x844b91d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe)) returned 1 [0098.665] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.672] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.677] SetEvent (hEvent=0x13c) returned 1 [0098.677] SetEvent (hEvent=0x120) returned 1 [0098.677] SetEvent (hEvent=0x8c) returned 1 [0098.677] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.684] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.684] VirtualFree (lpAddress=0xc0001da000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.684] VirtualFree (lpAddress=0xc000190000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0098.684] WriteFile (in: hFile=0x154, lpBuffer=0xc00003c3c0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00004bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c3c0*, lpNumberOfBytesWritten=0xc00004bcec*=0xf0, lpOverlapped=0x0) returned 1 [0098.686] CloseHandle (hObject=0x154) returned 1 [0098.686] VirtualAlloc (lpAddress=0xc0001e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e0000 [0098.686] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0098.686] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0098.687] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0098.687] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0098.687] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0098.688] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0098.688] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0098.689] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0098.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0098.689] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00004bd64 | out: lpMode=0xc00004bd64) returned 0 [0098.751] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.752] GetFileType (hFile=0x154) returned 0x1 [0098.752] WriteFile (in: hFile=0x154, lpBuffer=0xc0001ec2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00004bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001ec2c0*, lpNumberOfBytesWritten=0xc00004bd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.752] CloseHandle (hObject=0x154) returned 1 [0098.753] VirtualAlloc (lpAddress=0xc0001f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f0000 [0098.753] VirtualAlloc (lpAddress=0xc0001f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f2000 [0098.753] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.754] SetEvent (hEvent=0x13c) returned 1 [0098.754] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.779] SetEvent (hEvent=0x8c) returned 1 [0098.779] SetEvent (hEvent=0x13c) returned 1 [0098.779] SetEvent (hEvent=0x12c) returned 1 [0098.779] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.785] SetEvent (hEvent=0x8c) returned 1 [0098.785] SetEvent (hEvent=0x13c) returned 1 [0098.785] VirtualFree (lpAddress=0xc000262000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.785] VirtualFree (lpAddress=0xc00025e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.785] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.785] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0098.786] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0098.786] VirtualFree (lpAddress=0xc000176000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.786] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.786] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.786] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0098.787] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000249cf4 | out: lpMode=0xc000249cf4) returned 0 [0098.793] GetFileType (hFile=0x16c) returned 0x1 [0098.793] GetFileType (hFile=0x16c) returned 0x1 [0098.793] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc000249d44 | out: lpFileInformation=0xc000249d44) returned 1 [0098.793] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc000249d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000249d28) returned 1 [0098.793] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0098.794] ReadFile (in: hFile=0x16c, lpBuffer=0xc00011e000, nNumberOfBytesToRead=0x2d8, lpNumberOfBytesRead=0xc000249c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011e000*, lpNumberOfBytesRead=0xc000249c04*=0xd8, lpOverlapped=0x0) returned 1 [0098.795] ReadFile (in: hFile=0x16c, lpBuffer=0xc00011e0d8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000249c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011e0d8*, lpNumberOfBytesRead=0xc000249c04*=0x0, lpOverlapped=0x0) returned 1 [0098.795] CloseHandle (hObject=0x16c) returned 1 [0098.795] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0098.795] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0098.796] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0098.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0098.797] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000249d04 | out: lpMode=0xc000249d04) returned 0 [0098.803] GetFileType (hFile=0x16c) returned 0x1 [0098.803] WriteFile (in: hFile=0x16c, lpBuffer=0xc000126000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc000249cec, lpOverlapped=0x0 | out: lpBuffer=0xc000126000*, lpNumberOfBytesWritten=0xc000249cec*=0xe0, lpOverlapped=0x0) returned 1 [0098.805] CloseHandle (hObject=0x16c) returned 1 [0098.805] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0098.805] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0098.805] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0098.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0098.812] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000249d64 | out: lpMode=0xc000249d64) returned 0 [0098.819] GetFileType (hFile=0x16c) returned 0x1 [0098.819] WriteFile (in: hFile=0x16c, lpBuffer=0xc000268160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000249d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000268160*, lpNumberOfBytesWritten=0xc000249d4c*=0x158, lpOverlapped=0x0) returned 1 [0098.819] CloseHandle (hObject=0x16c) returned 1 [0098.819] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.820] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.832] SetEvent (hEvent=0xb8) returned 1 [0098.832] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.950] SetEvent (hEvent=0xb8) returned 1 [0098.950] SetEvent (hEvent=0x120) returned 1 [0098.950] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.952] SetEvent (hEvent=0xb8) returned 1 [0098.952] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.953] SetEvent (hEvent=0xb8) returned 1 [0098.953] SetEvent (hEvent=0x120) returned 1 [0098.953] SetEvent (hEvent=0x12c) returned 1 [0098.953] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.958] VirtualFree (lpAddress=0xc0001fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0098.958] VirtualFree (lpAddress=0xc000190000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0098.959] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.959] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.959] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.959] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0098.959] GetFileType (hFile=0x16c) returned 0x1 [0098.959] WriteFile (in: hFile=0x16c, lpBuffer=0xc0002262d0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00012fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002262d0*, lpNumberOfBytesWritten=0xc00012fcec*=0xf0, lpOverlapped=0x0) returned 1 [0098.960] CloseHandle (hObject=0x16c) returned 1 [0098.961] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0098.961] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0098.961] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0098.962] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0098.962] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00012fd64 | out: lpMode=0xc00012fd64) returned 0 [0098.969] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.972] SetEvent (hEvent=0x13c) returned 1 [0098.972] GetFileType (hFile=0x16c) returned 0x1 [0098.972] WriteFile (in: hFile=0x16c, lpBuffer=0xc00016a580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a580*, lpNumberOfBytesWritten=0xc00012fd4c*=0x158, lpOverlapped=0x0) returned 1 [0098.973] CloseHandle (hObject=0x16c) returned 1 [0098.973] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\encry-messages.json"), dwFlags=0x1) returned 1 [0098.973] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.978] SetEvent (hEvent=0x13c) returned 1 [0098.978] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.980] SetEvent (hEvent=0x12c) returned 1 [0098.980] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.981] SetEvent (hEvent=0xb8) returned 1 [0098.981] SwitchToThread () returned 1 [0098.985] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0098.987] SetEvent (hEvent=0x13c) returned 1 [0098.987] SetEvent (hEvent=0xb8) returned 1 [0098.987] SetEvent (hEvent=0x8c) returned 1 [0098.987] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.017] SetEvent (hEvent=0x13c) returned 1 [0099.017] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.074] SetEvent (hEvent=0x120) returned 1 [0099.074] SetEvent (hEvent=0x13c) returned 1 [0099.074] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.116] SetEvent (hEvent=0x120) returned 1 [0099.116] SetEvent (hEvent=0x8c) returned 1 [0099.116] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.117] SetEvent (hEvent=0x120) returned 1 [0099.117] SwitchToThread () returned 1 [0099.120] SetEvent (hEvent=0x120) returned 1 [0099.120] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.120] SetEvent (hEvent=0x120) returned 1 [0099.120] SetEvent (hEvent=0x8c) returned 1 [0099.120] VirtualFree (lpAddress=0xc0001c6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.121] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.121] VirtualFree (lpAddress=0xc00017a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.121] VirtualFree (lpAddress=0xc000176000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.122] VirtualFree (lpAddress=0xc000166000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.123] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.123] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.124] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.124] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.124] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.124] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.125] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.125] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.125] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.126] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.126] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.126] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.126] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0099.127] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001b5cf4 | out: lpMode=0xc0001b5cf4) returned 0 [0099.131] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.135] SetEvent (hEvent=0x120) returned 1 [0099.135] GetFileType (hFile=0x150) returned 0x1 [0099.135] GetFileType (hFile=0x150) returned 0x1 [0099.135] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0001b5d44 | out: lpFileInformation=0xc0001b5d44) returned 1 [0099.136] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0001b5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b5d28) returned 1 [0099.136] VirtualAlloc (lpAddress=0xc0001ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ce000 [0099.136] ReadFile (in: hFile=0x150, lpBuffer=0xc0001ce000, nNumberOfBytesToRead=0x4d6, lpNumberOfBytesRead=0xc0001b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ce000*, lpNumberOfBytesRead=0xc0001b5c04*=0x2d6, lpOverlapped=0x0) returned 1 [0099.141] ReadFile (in: hFile=0x150, lpBuffer=0xc0001ce2d6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ce2d6*, lpNumberOfBytesRead=0xc0001b5c04*=0x0, lpOverlapped=0x0) returned 1 [0099.141] CloseHandle (hObject=0x150) returned 1 [0099.141] VirtualAlloc (lpAddress=0xc0001d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d0000 [0099.142] VirtualAlloc (lpAddress=0xc0001d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d2000 [0099.142] VirtualAlloc (lpAddress=0xc0001d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d4000 [0099.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.143] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001b5d04 | out: lpMode=0xc0001b5d04) returned 0 [0099.149] GetFileType (hFile=0x150) returned 0x1 [0099.149] WriteFile (in: hFile=0x150, lpBuffer=0xc0001d4000*, nNumberOfBytesToWrite=0x2e0, lpNumberOfBytesWritten=0xc0001b5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001d4000*, lpNumberOfBytesWritten=0xc0001b5cec*=0x2e0, lpOverlapped=0x0) returned 1 [0099.150] CloseHandle (hObject=0x150) returned 1 [0099.150] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0099.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.151] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001b5d64 | out: lpMode=0xc0001b5d64) returned 0 [0099.152] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.156] SetEvent (hEvent=0x120) returned 1 [0099.156] GetFileType (hFile=0x150) returned 0x1 [0099.156] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0001b5d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.156] CloseHandle (hObject=0x150) returned 1 [0099.156] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0099.157] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\encry-manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\encry-manifest.json"), dwFlags=0x1) returned 1 [0099.158] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.164] SetEvent (hEvent=0x120) returned 1 [0099.164] SetEvent (hEvent=0x13c) returned 1 [0099.164] VirtualFree (lpAddress=0xc0001ce000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0099.164] VirtualFree (lpAddress=0xc000178000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.164] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.165] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.165] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.165] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.165] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.166] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.166] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0099.166] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.167] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0099.167] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100c8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012d818, lpReserved=0x0 | out: lpBuffer=0xc0000100c8*, lpNumberOfCharsWritten=0xc00012d818*=0x3) returned 1 [0099.169] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.174] SetEvent (hEvent=0x13c) returned 1 [0099.175] SetEvent (hEvent=0x120) returned 1 [0099.175] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102258*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c1818, lpReserved=0x0 | out: lpBuffer=0xc000102258*, lpNumberOfCharsWritten=0xc0000c1818*=0x3) returned 1 [0099.177] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc000102010*, lpNumberOfCharsWritten=0xc00024d818*=0x3) returned 1 [0099.180] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023d818, lpReserved=0x0 | out: lpBuffer=0xc000102016*, lpNumberOfCharsWritten=0xc00023d818*=0x3) returned 1 [0099.183] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.187] SetEvent (hEvent=0x120) returned 1 [0099.187] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102260*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f7818, lpReserved=0x0 | out: lpBuffer=0xc000102260*, lpNumberOfCharsWritten=0xc0000f7818*=0x3) returned 1 [0099.194] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586340*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00014b818, lpReserved=0x0 | out: lpBuffer=0xc000586340*, lpNumberOfCharsWritten=0xc00014b818*=0x3) returned 1 [0099.206] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586346*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018f818, lpReserved=0x0 | out: lpBuffer=0xc000586346*, lpNumberOfCharsWritten=0xc00018f818*=0x3) returned 1 [0099.216] SetEvent (hEvent=0x9c) returned 1 [0099.216] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005866f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f3818, lpReserved=0x0 | out: lpBuffer=0xc0005866f0*, lpNumberOfCharsWritten=0xc0000f3818*=0x3) returned 1 [0099.222] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.223] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000173818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc000173818*=0x3) returned 1 [0099.230] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010046*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000113818, lpReserved=0x0 | out: lpBuffer=0xc000010046*, lpNumberOfCharsWritten=0xc000113818*=0x3) returned 1 [0099.238] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc0000101a0*, lpNumberOfCharsWritten=0xc0006e1818*=0x3) returned 1 [0099.251] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101a6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000189818, lpReserved=0x0 | out: lpBuffer=0xc0000101a6*, lpNumberOfCharsWritten=0xc000189818*=0x3) returned 1 [0099.257] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000b7818, lpReserved=0x0 | out: lpBuffer=0xc0000101b0*, lpNumberOfCharsWritten=0xc0000b7818*=0x3) returned 1 [0099.261] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.270] VirtualAlloc (lpAddress=0xc0001f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f4000 [0099.270] SetEvent (hEvent=0x120) returned 1 [0099.270] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.274] SetEvent (hEvent=0x9c) returned 1 [0099.274] SwitchToThread () returned 1 [0099.282] SetEvent (hEvent=0x9c) returned 1 [0099.282] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.283] SetEvent (hEvent=0x13c) returned 1 [0099.283] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.287] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0099.287] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001b1cf4 | out: lpMode=0xc0001b1cf4) returned 0 [0099.291] GetFileType (hFile=0x174) returned 0x1 [0099.291] GetFileType (hFile=0x174) returned 0x1 [0099.291] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0001b1d44 | out: lpFileInformation=0xc0001b1d44) returned 1 [0099.291] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0001b1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b1d28) returned 1 [0099.291] ReadFile (in: hFile=0x174, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x2d4, lpNumberOfBytesRead=0xc0001b1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc0001b1c04*=0xd4, lpOverlapped=0x0) returned 1 [0099.292] ReadFile (in: hFile=0x174, lpBuffer=0xc0000360d4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000360d4*, lpNumberOfBytesRead=0xc0001b1c04*=0x0, lpOverlapped=0x0) returned 1 [0099.292] CloseHandle (hObject=0x174) returned 1 [0099.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0099.294] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001b1d04 | out: lpMode=0xc0001b1d04) returned 0 [0099.297] GetFileType (hFile=0x174) returned 0x1 [0099.297] WriteFile (in: hFile=0x174, lpBuffer=0xc000054000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0001b1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesWritten=0xc0001b1cec*=0xe0, lpOverlapped=0x0) returned 1 [0099.298] CloseHandle (hObject=0x174) returned 1 [0099.299] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0099.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0099.299] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001b1d64 | out: lpMode=0xc0001b1d64) returned 0 [0099.306] GetFileType (hFile=0x174) returned 0x1 [0099.306] WriteFile (in: hFile=0x174, lpBuffer=0xc0000ee2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee2c0*, lpNumberOfBytesWritten=0xc0001b1d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.306] CloseHandle (hObject=0x174) returned 1 [0099.306] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.307] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0099.307] SetEvent (hEvent=0x8c) returned 1 [0099.307] SetEvent (hEvent=0x12c) returned 1 [0099.307] SetEvent (hEvent=0x100) returned 1 [0099.308] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.311] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.311] SetEvent (hEvent=0x100) returned 1 [0099.311] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.315] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.316] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.316] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.316] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0099.316] SetEvent (hEvent=0x9c) returned 1 [0099.316] SetEvent (hEvent=0x13c) returned 1 [0099.316] SetEvent (hEvent=0x100) returned 1 [0099.316] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.318] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0099.318] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00018fcf4 | out: lpMode=0xc00018fcf4) returned 0 [0099.329] GetFileType (hFile=0x154) returned 0x1 [0099.329] GetFileType (hFile=0x154) returned 0x1 [0099.329] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc00018fd44 | out: lpFileInformation=0xc00018fd44) returned 1 [0099.329] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc00018fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018fd28) returned 1 [0099.329] ReadFile (in: hFile=0x154, lpBuffer=0xc0001d4700, nNumberOfBytesToRead=0x314, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001d4700*, lpNumberOfBytesRead=0xc00018fc04*=0x114, lpOverlapped=0x0) returned 1 [0099.331] ReadFile (in: hFile=0x154, lpBuffer=0xc0001d4814, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001d4814*, lpNumberOfBytesRead=0xc00018fc04*=0x0, lpOverlapped=0x0) returned 1 [0099.331] CloseHandle (hObject=0x154) returned 1 [0099.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0099.332] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00018fd04 | out: lpMode=0xc00018fd04) returned 0 [0099.334] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.354] SetEvent (hEvent=0x12c) returned 1 [0099.354] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.354] SetEvent (hEvent=0x12c) returned 1 [0099.354] SetEvent (hEvent=0x100) returned 1 [0099.355] VirtualFree (lpAddress=0xc0001f4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.355] VirtualFree (lpAddress=0xc0001ea000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0099.355] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.355] VirtualFree (lpAddress=0xc0001d8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.356] VirtualFree (lpAddress=0xc0001d4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.356] VirtualFree (lpAddress=0xc0001cc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.356] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.356] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.356] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.357] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.357] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.357] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.357] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.358] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.358] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.358] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.358] VirtualFree (lpAddress=0xc000052000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0099.359] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.359] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.359] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x168 [0099.360] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000187cf4 | out: lpMode=0xc000187cf4) returned 0 [0099.360] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.362] GetFileType (hFile=0x168) returned 0x1 [0099.362] GetFileType (hFile=0x168) returned 0x1 [0099.362] GetFileInformationByHandle (in: hFile=0x168, lpFileInformation=0xc000187d44 | out: lpFileInformation=0xc000187d44) returned 1 [0099.362] GetFileInformationByHandleEx (in: hFile=0x168, FileInformationClass=0x9, lpFileInformation=0xc000187d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000187d28) returned 1 [0099.362] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0099.362] ReadFile (in: hFile=0x168, lpBuffer=0xc000158000, nNumberOfBytesToRead=0x2c1, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc000158000*, lpNumberOfBytesRead=0xc000187c04*=0xc1, lpOverlapped=0x0) returned 1 [0099.363] ReadFile (in: hFile=0x168, lpBuffer=0xc0001580c1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001580c1*, lpNumberOfBytesRead=0xc000187c04*=0x0, lpOverlapped=0x0) returned 1 [0099.364] CloseHandle (hObject=0x168) returned 1 [0099.364] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0099.364] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0099.364] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0099.365] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000187d04 | out: lpMode=0xc000187d04) returned 0 [0099.366] GetFileType (hFile=0x168) returned 0x1 [0099.366] WriteFile (in: hFile=0x168, lpBuffer=0xc000168000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc000187cec, lpOverlapped=0x0 | out: lpBuffer=0xc000168000*, lpNumberOfBytesWritten=0xc000187cec*=0xd0, lpOverlapped=0x0) returned 1 [0099.367] CloseHandle (hObject=0x168) returned 1 [0099.367] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0099.367] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0099.367] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x168 [0099.367] GetConsoleMode (in: hConsoleHandle=0x168, lpMode=0xc000187d64 | out: lpMode=0xc000187d64) returned 0 [0099.368] GetFileType (hFile=0x168) returned 0x1 [0099.368] WriteFile (in: hFile=0x168, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000187d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000187d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.368] CloseHandle (hObject=0x168) returned 1 [0099.368] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.369] VirtualFree (lpAddress=0xc0001f2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.369] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.370] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.370] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.370] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.371] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.371] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.371] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020e8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000119818, lpReserved=0x0 | out: lpBuffer=0xc0001020e8*, lpNumberOfCharsWritten=0xc000119818*=0x3) returned 1 [0099.379] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.394] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0099.394] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010430*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000049818, lpReserved=0x0 | out: lpBuffer=0xc000010430*, lpNumberOfCharsWritten=0xc000049818*=0x3) returned 1 [0099.399] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.402] SetEvent (hEvent=0xb8) returned 1 [0099.402] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0099.402] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010436*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000e5818, lpReserved=0x0 | out: lpBuffer=0xc000010436*, lpNumberOfCharsWritten=0xc0000e5818*=0x3) returned 1 [0099.406] SetEvent (hEvent=0xb8) returned 1 [0099.406] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010440*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018b818, lpReserved=0x0 | out: lpBuffer=0xc000010440*, lpNumberOfCharsWritten=0xc00018b818*=0x3) returned 1 [0099.408] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.411] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.413] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000137818, lpReserved=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfCharsWritten=0xc000137818*=0x3) returned 1 [0099.414] SetEvent (hEvent=0x13c) returned 1 [0099.414] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000257818, lpReserved=0x0 | out: lpBuffer=0xc000102006*, lpNumberOfCharsWritten=0xc000257818*=0x3) returned 1 [0099.416] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010070*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000155818, lpReserved=0x0 | out: lpBuffer=0xc000010070*, lpNumberOfCharsWritten=0xc000155818*=0x3) returned 1 [0099.423] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010076*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000139818, lpReserved=0x0 | out: lpBuffer=0xc000010076*, lpNumberOfCharsWritten=0xc000139818*=0x3) returned 1 [0099.431] SwitchToThread () returned 1 [0099.506] SwitchToThread () returned 1 [0099.508] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.519] GetFileType (hFile=0x148) returned 0x1 [0099.520] GetFileType (hFile=0x148) returned 0x1 [0099.520] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc0001b9d44 | out: lpFileInformation=0xc0001b9d44) returned 1 [0099.520] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc0001b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b9d28) returned 1 [0099.520] ReadFile (in: hFile=0x148, lpBuffer=0xc00006a300, nNumberOfBytesToRead=0x2c7, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a300*, lpNumberOfBytesRead=0xc0001b9c04*=0xc7, lpOverlapped=0x0) returned 1 [0099.521] ReadFile (in: hFile=0x148, lpBuffer=0xc00006a3c7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a3c7*, lpNumberOfBytesRead=0xc0001b9c04*=0x0, lpOverlapped=0x0) returned 1 [0099.521] CloseHandle (hObject=0x148) returned 1 [0099.521] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0099.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0099.522] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0001b9d04 | out: lpMode=0xc0001b9d04) returned 0 [0099.531] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.532] GetFileType (hFile=0x148) returned 0x1 [0099.532] WriteFile (in: hFile=0x148, lpBuffer=0xc00005c000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc0001b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesWritten=0xc0001b9cec*=0xd0, lpOverlapped=0x0) returned 1 [0099.533] CloseHandle (hObject=0x148) returned 1 [0099.533] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0099.534] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0099.534] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0099.534] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0099.535] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0099.535] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0001b9d64 | out: lpMode=0xc0001b9d64) returned 0 [0099.536] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.539] GetFileType (hFile=0x148) returned 0x1 [0099.539] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0001b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.539] CloseHandle (hObject=0x148) returned 1 [0099.539] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.540] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.540] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0099.541] SetEvent (hEvent=0x100) returned 1 [0099.541] SetEvent (hEvent=0xb8) returned 1 [0099.541] SetEvent (hEvent=0x13c) returned 1 [0099.541] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.544] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.544] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.545] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0099.545] SetEvent (hEvent=0x120) returned 1 [0099.545] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.551] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.551] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0099.551] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0099.551] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0099.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0099.552] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0099.555] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.559] GetFileType (hFile=0x148) returned 0x1 [0099.559] GetFileType (hFile=0x148) returned 0x1 [0099.559] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0099.559] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0099.559] ReadFile (in: hFile=0x148, lpBuffer=0xc000052000, nNumberOfBytesToRead=0x32a, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfBytesRead=0xc000241c04*=0x12a, lpOverlapped=0x0) returned 1 [0099.564] ReadFile (in: hFile=0x148, lpBuffer=0xc00005212a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005212a*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0099.564] CloseHandle (hObject=0x148) returned 1 [0099.565] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0099.565] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0099.565] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0099.566] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0099.566] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0099.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0099.567] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0099.570] GetFileType (hFile=0x148) returned 0x1 [0099.570] WriteFile (in: hFile=0x148, lpBuffer=0xc00005e000*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesWritten=0xc000241cec*=0x130, lpOverlapped=0x0) returned 1 [0099.571] CloseHandle (hObject=0x148) returned 1 [0099.571] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0099.572] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0099.572] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0099.572] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0099.579] GetFileType (hFile=0x148) returned 0x1 [0099.579] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.579] CloseHandle (hObject=0x148) returned 1 [0099.579] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.580] GetFileType (hFile=0xec) returned 0x1 [0099.580] GetFileType (hFile=0xec) returned 0x1 [0099.580] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00023dd44 | out: lpFileInformation=0xc00023dd44) returned 1 [0099.580] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00023dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023dd28) returned 1 [0099.580] ReadFile (in: hFile=0xec, lpBuffer=0xc00004c700, nNumberOfBytesToRead=0x34b, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c700*, lpNumberOfBytesRead=0xc00023dc04*=0x14b, lpOverlapped=0x0) returned 1 [0099.581] ReadFile (in: hFile=0xec, lpBuffer=0xc00004c84b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c84b*, lpNumberOfBytesRead=0xc00023dc04*=0x0, lpOverlapped=0x0) returned 1 [0099.581] CloseHandle (hObject=0xec) returned 1 [0099.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0099.582] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00023dd04 | out: lpMode=0xc00023dd04) returned 0 [0099.587] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.590] SetEvent (hEvent=0x12c) returned 1 [0099.590] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.624] SetEvent (hEvent=0x12c) returned 1 [0099.624] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.629] SetEvent (hEvent=0x120) returned 1 [0099.629] SetEvent (hEvent=0x9c) returned 1 [0099.629] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.630] SetEvent (hEvent=0x120) returned 1 [0099.630] SetEvent (hEvent=0x13c) returned 1 [0099.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0099.631] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc00018bcf4 | out: lpMode=0xc00018bcf4) returned 0 [0099.637] GetFileType (hFile=0x16c) returned 0x1 [0099.637] GetFileType (hFile=0x16c) returned 0x1 [0099.637] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc00018bd44 | out: lpFileInformation=0xc00018bd44) returned 1 [0099.637] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc00018bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018bd28) returned 1 [0099.637] ReadFile (in: hFile=0x16c, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x499, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc00018bc04*=0x299, lpOverlapped=0x0) returned 1 [0099.644] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.648] ReadFile (in: hFile=0x16c, lpBuffer=0xc000036299, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000036299*, lpNumberOfBytesRead=0xc00018bc04*=0x0, lpOverlapped=0x0) returned 1 [0099.648] CloseHandle (hObject=0x16c) returned 1 [0099.648] SwitchToThread () returned 1 [0099.755] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.764] SetEvent (hEvent=0x120) returned 1 [0099.764] SetEvent (hEvent=0x13c) returned 1 [0099.764] SwitchToThread () returned 1 [0099.768] GetFileType (hFile=0x150) returned 0x1 [0099.768] WriteFile (in: hFile=0x150, lpBuffer=0xc0001d6000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000155d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6000*, lpNumberOfBytesWritten=0xc000155d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.769] CloseHandle (hObject=0x150) returned 1 [0099.769] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0099.769] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0099.769] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.770] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0099.771] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0099.771] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000171cf4 | out: lpMode=0xc000171cf4) returned 0 [0099.777] GetFileType (hFile=0x150) returned 0x1 [0099.777] GetFileType (hFile=0x150) returned 0x1 [0099.777] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000171d44 | out: lpFileInformation=0xc000171d44) returned 1 [0099.777] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000171d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000171d28) returned 1 [0099.778] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0099.778] ReadFile (in: hFile=0x150, lpBuffer=0xc00013a000, nNumberOfBytesToRead=0x33e, lpNumberOfBytesRead=0xc000171c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesRead=0xc000171c04*=0x13e, lpOverlapped=0x0) returned 1 [0099.779] ReadFile (in: hFile=0x150, lpBuffer=0xc00013a13e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000171c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013a13e*, lpNumberOfBytesRead=0xc000171c04*=0x0, lpOverlapped=0x0) returned 1 [0099.779] CloseHandle (hObject=0x150) returned 1 [0099.779] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0099.779] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0099.780] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0099.780] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.781] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000171d04 | out: lpMode=0xc000171d04) returned 0 [0099.787] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.791] SetEvent (hEvent=0x120) returned 1 [0099.791] GetFileType (hFile=0x150) returned 0x1 [0099.791] WriteFile (in: hFile=0x150, lpBuffer=0xc0001263c0*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0xc000171cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001263c0*, lpNumberOfBytesWritten=0xc000171cec*=0x140, lpOverlapped=0x0) returned 1 [0099.792] CloseHandle (hObject=0x150) returned 1 [0099.792] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0099.792] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0099.793] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0099.793] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.793] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000171d64 | out: lpMode=0xc000171d64) returned 0 [0099.794] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.805] SetEvent (hEvent=0x120) returned 1 [0099.805] GetFileType (hFile=0x150) returned 0x1 [0099.805] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.807] WriteFile (in: hFile=0x150, lpBuffer=0xc0001d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000171d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001d6580*, lpNumberOfBytesWritten=0xc000171d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.807] CloseHandle (hObject=0x150) returned 1 [0099.808] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.808] SetEvent (hEvent=0x100) returned 1 [0099.809] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.842] SetEvent (hEvent=0x120) returned 1 [0099.842] SetEvent (hEvent=0x100) returned 1 [0099.843] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0099.843] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0004d9cf4 | out: lpMode=0xc0004d9cf4) returned 0 [0099.846] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.847] GetFileType (hFile=0x150) returned 0x1 [0099.847] GetFileType (hFile=0x150) returned 0x1 [0099.847] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc0004d9d44 | out: lpFileInformation=0xc0004d9d44) returned 1 [0099.848] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc0004d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004d9d28) returned 1 [0099.848] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0099.848] ReadFile (in: hFile=0x150, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x365, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc0004d9c04*=0x165, lpOverlapped=0x0) returned 1 [0099.849] ReadFile (in: hFile=0x150, lpBuffer=0xc0000fa165, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa165*, lpNumberOfBytesRead=0xc0004d9c04*=0x0, lpOverlapped=0x0) returned 1 [0099.849] CloseHandle (hObject=0x150) returned 1 [0099.849] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0099.849] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0099.850] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0099.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.851] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0004d9d04 | out: lpMode=0xc0004d9d04) returned 0 [0099.852] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.868] SetEvent (hEvent=0xc0) returned 1 [0099.868] SetEvent (hEvent=0x120) returned 1 [0099.868] GetFileType (hFile=0x150) returned 0x1 [0099.868] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.872] WriteFile (in: hFile=0x150, lpBuffer=0xc0000ce000*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0xc0004d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesWritten=0xc0004d9cec*=0x170, lpOverlapped=0x0) returned 1 [0099.874] CloseHandle (hObject=0x150) returned 1 [0099.874] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0099.874] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0099.874] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0099.875] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0099.875] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0099.875] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0099.876] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.876] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0004d9d64 | out: lpMode=0xc0004d9d64) returned 0 [0099.880] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.882] GetFileType (hFile=0x150) returned 0x1 [0099.882] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.884] WriteFile (in: hFile=0x150, lpBuffer=0xc0001c2420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c2420*, lpNumberOfBytesWritten=0xc0004d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0099.885] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.898] CloseHandle (hObject=0x150) returned 1 [0099.898] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\encry-messages.json"), dwFlags=0x1) returned 1 [0099.899] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.958] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0099.959] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0099.959] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0099.959] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0099.960] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000157cf4 | out: lpMode=0xc000157cf4) returned 0 [0099.964] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.967] GetFileType (hFile=0x150) returned 0x1 [0099.967] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0099.967] GetFileType (hFile=0x150) returned 0x1 [0099.967] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000157d44 | out: lpFileInformation=0xc000157d44) returned 1 [0099.967] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000157d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000157d28) returned 1 [0099.967] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0099.968] ReadFile (in: hFile=0x150, lpBuffer=0xc0000d8000, nNumberOfBytesToRead=0x2fb, lpNumberOfBytesRead=0xc000157c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesRead=0xc000157c04*=0xfb, lpOverlapped=0x0) returned 1 [0099.969] ReadFile (in: hFile=0x150, lpBuffer=0xc0000d80fb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000157c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d80fb*, lpNumberOfBytesRead=0xc000157c04*=0x0, lpOverlapped=0x0) returned 1 [0099.969] CloseHandle (hObject=0x150) returned 1 [0099.969] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0099.970] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0099.970] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0099.970] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.972] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000157d04 | out: lpMode=0xc000157d04) returned 0 [0099.974] GetFileType (hFile=0x150) returned 0x1 [0099.974] WriteFile (in: hFile=0x150, lpBuffer=0xc000082200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc000157cec, lpOverlapped=0x0 | out: lpBuffer=0xc000082200*, lpNumberOfBytesWritten=0xc000157cec*=0x100, lpOverlapped=0x0) returned 1 [0099.975] CloseHandle (hObject=0x150) returned 1 [0099.975] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0099.975] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0099.976] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0099.976] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0099.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0099.977] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000157d64 | out: lpMode=0xc000157d64) returned 0 [0099.978] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.979] GetFileType (hFile=0x150) returned 0x1 [0099.979] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.984] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0099.992] SetEvent (hEvent=0x13c) returned 1 [0099.992] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0099.992] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0099.993] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0099.993] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0099.994] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000153cf4 | out: lpMode=0xc000153cf4) returned 0 [0100.006] GetFileType (hFile=0x128) returned 0x1 [0100.006] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0100.007] GetFileType (hFile=0x128) returned 0x1 [0100.007] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000153d44 | out: lpFileInformation=0xc000153d44) returned 1 [0100.007] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000153d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000153d28) returned 1 [0100.007] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0100.007] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0100.008] ReadFile (in: hFile=0x128, lpBuffer=0xc000158000, nNumberOfBytesToRead=0x383, lpNumberOfBytesRead=0xc000153c04, lpOverlapped=0x0 | out: lpBuffer=0xc000158000*, lpNumberOfBytesRead=0xc000153c04*=0x183, lpOverlapped=0x0) returned 1 [0100.021] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.036] ReadFile (in: hFile=0x128, lpBuffer=0xc000158183, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000153c04, lpOverlapped=0x0 | out: lpBuffer=0xc000158183*, lpNumberOfBytesRead=0xc000153c04*=0x0, lpOverlapped=0x0) returned 1 [0100.036] CloseHandle (hObject=0x128) returned 1 [0100.036] SetEvent (hEvent=0xfc) returned 1 [0100.036] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.037] SetEvent (hEvent=0x12c) returned 1 [0100.037] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.176] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0100.176] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00016fcf4 | out: lpMode=0xc00016fcf4) returned 0 [0100.177] GetFileType (hFile=0x174) returned 0x1 [0100.177] GetFileType (hFile=0x174) returned 0x1 [0100.177] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc00016fd44 | out: lpFileInformation=0xc00016fd44) returned 1 [0100.177] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc00016fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00016fd28) returned 1 [0100.177] ReadFile (in: hFile=0x174, lpBuffer=0xc00016a2c0, nNumberOfBytesToRead=0x2af, lpNumberOfBytesRead=0xc00016fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016a2c0*, lpNumberOfBytesRead=0xc00016fc04*=0xaf, lpOverlapped=0x0) returned 1 [0100.178] ReadFile (in: hFile=0x174, lpBuffer=0xc00016a36f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00016fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016a36f*, lpNumberOfBytesRead=0xc00016fc04*=0x0, lpOverlapped=0x0) returned 1 [0100.178] CloseHandle (hObject=0x174) returned 1 [0100.179] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0100.179] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.180] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00016fd04 | out: lpMode=0xc00016fd04) returned 0 [0100.184] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.185] GetFileType (hFile=0x174) returned 0x1 [0100.185] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.186] WriteFile (in: hFile=0x174, lpBuffer=0xc0000fa000*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0xc00016fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesWritten=0xc00016fcec*=0xb0, lpOverlapped=0x0) returned 1 [0100.187] CloseHandle (hObject=0x174) returned 1 [0100.188] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0100.188] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0100.188] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.188] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00016fd64 | out: lpMode=0xc00016fd64) returned 0 [0100.192] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.201] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.209] SetEvent (hEvent=0x100) returned 1 [0100.209] SetEvent (hEvent=0x8c) returned 1 [0100.209] SwitchToThread () returned 1 [0100.209] SetEvent (hEvent=0x100) returned 1 [0100.209] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.212] SetEvent (hEvent=0x120) returned 1 [0100.212] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.229] SetEvent (hEvent=0x100) returned 1 [0100.229] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.232] SetEvent (hEvent=0x8c) returned 1 [0100.232] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.234] SetEvent (hEvent=0x12c) returned 1 [0100.234] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.261] SetEvent (hEvent=0x12c) returned 1 [0100.261] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.539] SetEvent (hEvent=0x120) returned 1 [0100.539] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.544] SetEvent (hEvent=0x12c) returned 1 [0100.544] SetEvent (hEvent=0x120) returned 1 [0100.544] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.546] SetEvent (hEvent=0x12c) returned 1 [0100.546] SetEvent (hEvent=0x100) returned 1 [0100.546] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.546] VirtualFree (lpAddress=0xc000158000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.546] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.547] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0100.547] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.547] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.548] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.548] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.548] SetEvent (hEvent=0x120) returned 1 [0100.548] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.558] SetEvent (hEvent=0x100) returned 1 [0100.558] SetEvent (hEvent=0xb8) returned 1 [0100.558] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.573] SetEvent (hEvent=0x120) returned 1 [0100.573] SetEvent (hEvent=0x100) returned 1 [0100.573] SetEvent (hEvent=0x12c) returned 1 [0100.573] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.592] SetEvent (hEvent=0x12c) returned 1 [0100.592] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.597] SetEvent (hEvent=0x9c) returned 1 [0100.597] SetEvent (hEvent=0x12c) returned 1 [0100.597] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.614] SetEvent (hEvent=0x12c) returned 1 [0100.614] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.690] SetEvent (hEvent=0x8c) returned 1 [0100.690] SetEvent (hEvent=0x12c) returned 1 [0100.690] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.696] SetEvent (hEvent=0x8c) returned 1 [0100.697] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.700] SetEvent (hEvent=0x8c) returned 1 [0100.700] SetEvent (hEvent=0x12c) returned 1 [0100.700] SetEvent (hEvent=0xb8) returned 1 [0100.700] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.735] SetEvent (hEvent=0x12c) returned 1 [0100.735] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.798] SetEvent (hEvent=0xb8) returned 1 [0100.798] SwitchToThread () returned 1 [0100.799] SetEvent (hEvent=0xb8) returned 1 [0100.799] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.805] SetEvent (hEvent=0xb8) returned 1 [0100.805] SetEvent (hEvent=0x8c) returned 1 [0100.805] VirtualFree (lpAddress=0xc00017c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.806] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.806] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.806] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.807] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.807] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.807] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.807] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.808] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.808] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.808] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.809] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.809] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.809] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0100.810] GetFileType (hFile=0x174) returned 0x1 [0100.810] GetFileType (hFile=0x174) returned 0x1 [0100.810] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0001d3d44 | out: lpFileInformation=0xc0001d3d44) returned 1 [0100.810] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0001d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d3d28) returned 1 [0100.810] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0100.810] ReadFile (in: hFile=0x174, lpBuffer=0xc0000dc000, nNumberOfBytesToRead=0x2d2, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesRead=0xc0001d3c04*=0xd2, lpOverlapped=0x0) returned 1 [0100.812] ReadFile (in: hFile=0x174, lpBuffer=0xc0000dc0d2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc0d2*, lpNumberOfBytesRead=0xc0001d3c04*=0x0, lpOverlapped=0x0) returned 1 [0100.812] CloseHandle (hObject=0x174) returned 1 [0100.812] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0100.813] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0100.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.814] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001d3d04 | out: lpMode=0xc0001d3d04) returned 0 [0100.815] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.822] SetEvent (hEvent=0xb8) returned 1 [0100.822] GetFileType (hFile=0x174) returned 0x1 [0100.822] WriteFile (in: hFile=0x174, lpBuffer=0xc0000ee000*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0001d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesWritten=0xc0001d3cec*=0xe0, lpOverlapped=0x0) returned 1 [0100.823] CloseHandle (hObject=0x174) returned 1 [0100.824] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000701 | out: pbBuffer=0xc000000701) returned 1 [0100.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0100.824] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001d3d64 | out: lpMode=0xc0001d3d64) returned 0 [0100.825] GetFileType (hFile=0x174) returned 0x1 [0100.825] WriteFile (in: hFile=0x174, lpBuffer=0xc00013a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesWritten=0xc0001d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.825] CloseHandle (hObject=0x174) returned 1 [0100.825] VirtualAlloc (lpAddress=0xc00015a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00015a000 [0100.825] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0100.826] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_hk\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.827] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.827] GetFileType (hFile=0x16c) returned 0x1 [0100.827] WriteFile (in: hFile=0x16c, lpBuffer=0xc00013a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00013a2c0*, lpNumberOfBytesWritten=0xc0001c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.827] CloseHandle (hObject=0x16c) returned 1 [0100.828] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.829] GetFileType (hFile=0x128) returned 0x1 [0100.829] GetFileType (hFile=0x128) returned 0x1 [0100.829] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000277d44 | out: lpFileInformation=0xc000277d44) returned 1 [0100.829] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000277d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000277d28) returned 1 [0100.829] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0100.829] ReadFile (in: hFile=0x128, lpBuffer=0xc00016c000, nNumberOfBytesToRead=0x2c2, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c000*, lpNumberOfBytesRead=0xc000277c04*=0xc2, lpOverlapped=0x0) returned 1 [0100.830] ReadFile (in: hFile=0x128, lpBuffer=0xc00016c0c2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c0c2*, lpNumberOfBytesRead=0xc000277c04*=0x0, lpOverlapped=0x0) returned 1 [0100.831] CloseHandle (hObject=0x128) returned 1 [0100.831] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0100.831] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0100.842] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0100.843] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0100.844] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000277d04 | out: lpMode=0xc000277d04) returned 0 [0100.845] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.848] GetFileType (hFile=0x128) returned 0x1 [0100.848] WriteFile (in: hFile=0x128, lpBuffer=0xc00004c000*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc000277cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesWritten=0xc000277cec*=0xd0, lpOverlapped=0x0) returned 1 [0100.849] CloseHandle (hObject=0x128) returned 1 [0100.849] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0100.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0100.850] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000277d64 | out: lpMode=0xc000277d64) returned 0 [0100.850] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.859] GetFileType (hFile=0x128) returned 0x1 [0100.859] WriteFile (in: hFile=0x128, lpBuffer=0xc00013a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000277d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00013a000*, lpNumberOfBytesWritten=0xc000277d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.859] CloseHandle (hObject=0x128) returned 1 [0100.859] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0100.860] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0100.860] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\encry-messages.json"), dwFlags=0x1) returned 1 [0100.861] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0100.861] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0100.861] SetEvent (hEvent=0x8c) returned 1 [0100.861] SetEvent (hEvent=0x12c) returned 1 [0100.861] VirtualAlloc (lpAddress=0xc0001d4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d4000 [0100.863] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.867] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.867] SetEvent (hEvent=0x9c) returned 1 [0100.867] SetEvent (hEvent=0x100) returned 1 [0100.867] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.870] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.870] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.871] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.871] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0100.871] SetEvent (hEvent=0xc0) returned 1 [0100.871] SetEvent (hEvent=0x120) returned 1 [0100.871] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0100.872] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.872] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586310*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000149818, lpReserved=0x0 | out: lpBuffer=0xc000586310*, lpNumberOfCharsWritten=0xc000149818*=0x3) returned 1 [0100.876] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586316*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00019f818, lpReserved=0x0 | out: lpBuffer=0xc000586316*, lpNumberOfCharsWritten=0xc00019f818*=0x3) returned 1 [0100.887] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.894] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0100.894] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021c8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000067818, lpReserved=0x0 | out: lpBuffer=0xc0001021c8*, lpNumberOfCharsWritten=0xc000067818*=0x3) returned 1 [0100.898] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001ab818, lpReserved=0x0 | out: lpBuffer=0xc0005863c0*, lpNumberOfCharsWritten=0xc0001ab818*=0x3) returned 1 [0100.903] SetEvent (hEvent=0x9c) returned 1 [0100.903] VirtualAlloc (lpAddress=0xc000158000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000158000 [0100.903] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863c6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012f818, lpReserved=0x0 | out: lpBuffer=0xc0005863c6*, lpNumberOfCharsWritten=0xc00012f818*=0x3) returned 1 [0100.905] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.912] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102178*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000045818, lpReserved=0x0 | out: lpBuffer=0xc000102178*, lpNumberOfCharsWritten=0xc000045818*=0x3) returned 1 [0100.916] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a04d0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc0000a04d0*, lpNumberOfCharsWritten=0xc000175818*=0x3) returned 1 [0100.919] SetEvent (hEvent=0x120) returned 1 [0100.919] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a04d6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc0000a04d6*, lpNumberOfCharsWritten=0xc000117818*=0x3) returned 1 [0100.921] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.922] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.923] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0530*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001ad818, lpReserved=0x0 | out: lpBuffer=0xc0000a0530*, lpNumberOfCharsWritten=0xc0001ad818*=0x3) returned 1 [0100.927] SetEvent (hEvent=0xb8) returned 1 [0100.927] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0536*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000193818, lpReserved=0x0 | out: lpBuffer=0xc0000a0536*, lpNumberOfCharsWritten=0xc000193818*=0x3) returned 1 [0100.928] SetEvent (hEvent=0xb8) returned 1 [0100.928] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.934] SetEvent (hEvent=0x12c) returned 1 [0100.934] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0100.935] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0100.935] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0100.935] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0100.936] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000141cf4 | out: lpMode=0xc000141cf4) returned 0 [0100.947] GetFileType (hFile=0xec) returned 0x1 [0100.947] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0100.947] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0100.948] GetFileType (hFile=0xec) returned 0x1 [0100.948] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000141d44 | out: lpFileInformation=0xc000141d44) returned 1 [0100.948] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000141d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000141d28) returned 1 [0100.948] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0100.948] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0100.949] ReadFile (in: hFile=0xec, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x5d6c, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc000141c04*=0x5b6c, lpOverlapped=0x0) returned 1 [0100.964] ReadFile (in: hFile=0xec, lpBuffer=0xc0000ffb6c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ffb6c*, lpNumberOfBytesRead=0xc000141c04*=0x0, lpOverlapped=0x0) returned 1 [0100.964] CloseHandle (hObject=0xec) returned 1 [0100.964] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0100.964] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0100.965] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000141d04 | out: lpMode=0xc000141d04) returned 0 [0100.970] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.973] GetFileType (hFile=0xec) returned 0x1 [0100.973] WriteFile (in: hFile=0xec, lpBuffer=0xc00005c000*, nNumberOfBytesToWrite=0x5b70, lpNumberOfBytesWritten=0xc000141cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesWritten=0xc000141cec*=0x5b70, lpOverlapped=0x0) returned 1 [0100.974] CloseHandle (hObject=0xec) returned 1 [0100.974] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0100.975] VirtualAlloc (lpAddress=0xc000200000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000200000 [0100.975] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0100.975] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0100.976] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0100.976] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0100.976] VirtualAlloc (lpAddress=0xc00020a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020a000 [0100.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0100.977] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000141d64 | out: lpMode=0xc000141d64) returned 0 [0100.978] GetFileType (hFile=0xec) returned 0x1 [0100.978] WriteFile (in: hFile=0xec, lpBuffer=0xc00020a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000141d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00020a2c0*, lpNumberOfBytesWritten=0xc000141d4c*=0x158, lpOverlapped=0x0) returned 1 [0100.978] CloseHandle (hObject=0xec) returned 1 [0100.978] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\encry-eventpage_bin_prod.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\encry-eventpage_bin_prod.js"), dwFlags=0x1) returned 1 [0100.979] SetEvent (hEvent=0x120) returned 1 [0100.979] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.982] SetEvent (hEvent=0x12c) returned 1 [0100.982] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0100.983] VirtualFree (lpAddress=0xc000176000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.983] VirtualFree (lpAddress=0xc000164000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0100.984] VirtualFree (lpAddress=0xc00015a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.984] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.984] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0100.984] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.984] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.985] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.985] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.985] VirtualFree (lpAddress=0xc000054000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0100.985] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0100.986] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.986] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.986] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0100.986] SetEvent (hEvent=0xb8) returned 1 [0100.986] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.002] SetEvent (hEvent=0x12c) returned 1 [0101.002] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0101.002] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0101.003] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0101.003] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0101.003] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0000f9cf4 | out: lpMode=0xc0000f9cf4) returned 0 [0101.007] GetFileType (hFile=0x170) returned 0x1 [0101.007] GetFileType (hFile=0x170) returned 0x1 [0101.007] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc0000f9d44 | out: lpFileInformation=0xc0000f9d44) returned 1 [0101.007] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc0000f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f9d28) returned 1 [0101.007] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0101.008] ReadFile (in: hFile=0x170, lpBuffer=0xc0001c0000, nNumberOfBytesToRead=0x497, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0000*, lpNumberOfBytesRead=0xc0000f9c04*=0x297, lpOverlapped=0x0) returned 1 [0101.016] ReadFile (in: hFile=0x170, lpBuffer=0xc0001c0297, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0297*, lpNumberOfBytesRead=0xc0000f9c04*=0x0, lpOverlapped=0x0) returned 1 [0101.016] CloseHandle (hObject=0x170) returned 1 [0101.016] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0101.017] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0101.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0101.019] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0000f9d04 | out: lpMode=0xc0000f9d04) returned 0 [0101.028] GetFileType (hFile=0x170) returned 0x1 [0101.028] VirtualAlloc (lpAddress=0xc000178000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000178000 [0101.028] VirtualAlloc (lpAddress=0xc00017a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017a000 [0101.028] WriteFile (in: hFile=0x170, lpBuffer=0xc0001dc000*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xc0000f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001dc000*, lpNumberOfBytesWritten=0xc0000f9cec*=0x2a0, lpOverlapped=0x0) returned 1 [0101.029] CloseHandle (hObject=0x170) returned 1 [0101.029] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0101.029] VirtualAlloc (lpAddress=0xc00017c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00017c000 [0101.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0101.030] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc0000f9d64 | out: lpMode=0xc0000f9d64) returned 0 [0101.037] GetFileType (hFile=0x170) returned 0x1 [0101.037] WriteFile (in: hFile=0x170, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0000f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.037] CloseHandle (hObject=0x170) returned 1 [0101.037] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0101.037] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0101.038] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\cs\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.039] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0101.040] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.040] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0101.040] SetEvent (hEvent=0xc0) returned 1 [0101.040] SetEvent (hEvent=0x100) returned 1 [0101.040] SetEvent (hEvent=0x8c) returned 1 [0101.040] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0101.041] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.045] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.053] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.053] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0101.053] SetEvent (hEvent=0x120) returned 1 [0101.053] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.061] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.062] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0101.063] SetEvent (hEvent=0xc0) returned 1 [0101.063] SetEvent (hEvent=0x12c) returned 1 [0101.063] SetEvent (hEvent=0x9c) returned 1 [0101.064] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.067] SetEvent (hEvent=0x100) returned 1 [0101.067] SetEvent (hEvent=0xb8) returned 1 [0101.067] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.070] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.072] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0101.072] SetEvent (hEvent=0x12c) returned 1 [0101.072] SetEvent (hEvent=0xb8) returned 1 [0101.073] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0101.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0101.076] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000069cf4 | out: lpMode=0xc000069cf4) returned 0 [0101.082] GetFileType (hFile=0x16c) returned 0x1 [0101.082] GetFileType (hFile=0x16c) returned 0x1 [0101.082] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc000069d44 | out: lpFileInformation=0xc000069d44) returned 1 [0101.082] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc000069d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000069d28) returned 1 [0101.083] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0101.083] ReadFile (in: hFile=0x16c, lpBuffer=0xc000056000, nNumberOfBytesToRead=0x482, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesRead=0xc000069c04*=0x282, lpOverlapped=0x0) returned 1 [0101.096] ReadFile (in: hFile=0x16c, lpBuffer=0xc000056282, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc000056282*, lpNumberOfBytesRead=0xc000069c04*=0x0, lpOverlapped=0x0) returned 1 [0101.096] CloseHandle (hObject=0x16c) returned 1 [0101.096] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0101.096] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0101.097] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0101.097] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0101.098] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000069d04 | out: lpMode=0xc000069d04) returned 0 [0101.105] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.109] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.128] SetEvent (hEvent=0xb8) returned 1 [0101.128] SetEvent (hEvent=0x12c) returned 1 [0101.128] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.139] SetEvent (hEvent=0xb8) returned 1 [0101.139] SetEvent (hEvent=0x12c) returned 1 [0101.139] SetEvent (hEvent=0x9c) returned 1 [0101.139] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.165] SetEvent (hEvent=0xb8) returned 1 [0101.165] SetEvent (hEvent=0x8c) returned 1 [0101.165] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0101.165] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00022bcf4 | out: lpMode=0xc00022bcf4) returned 0 [0101.168] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.170] GetFileType (hFile=0xec) returned 0x1 [0101.170] GetFileType (hFile=0xec) returned 0x1 [0101.170] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00022bd44 | out: lpFileInformation=0xc00022bd44) returned 1 [0101.170] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00022bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022bd28) returned 1 [0101.170] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0101.171] ReadFile (in: hFile=0xec, lpBuffer=0xc00005c000, nNumberOfBytesToRead=0x469, lpNumberOfBytesRead=0xc00022bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesRead=0xc00022bc04*=0x269, lpOverlapped=0x0) returned 1 [0101.177] ReadFile (in: hFile=0xec, lpBuffer=0xc00005c269, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005c269*, lpNumberOfBytesRead=0xc00022bc04*=0x0, lpOverlapped=0x0) returned 1 [0101.177] CloseHandle (hObject=0xec) returned 1 [0101.177] SwitchToThread () returned 1 [0101.181] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0101.181] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0101.181] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.183] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00022bd04 | out: lpMode=0xc00022bd04) returned 0 [0101.183] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.187] SetEvent (hEvent=0xb8) returned 1 [0101.187] GetFileType (hFile=0x174) returned 0x1 [0101.188] WriteFile (in: hFile=0x174, lpBuffer=0xc000036000*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xc00022bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesWritten=0xc00022bcec*=0x270, lpOverlapped=0x0) returned 1 [0101.189] CloseHandle (hObject=0x174) returned 1 [0101.189] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0101.189] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0101.189] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00022bd64 | out: lpMode=0xc00022bd64) returned 0 [0101.192] GetFileType (hFile=0x174) returned 0x1 [0101.192] WriteFile (in: hFile=0x174, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00022bd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.192] CloseHandle (hObject=0x174) returned 1 [0101.192] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0101.193] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\id\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.194] VirtualFree (lpAddress=0xc00025e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.194] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0101.195] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001a5cf4 | out: lpMode=0xc0001a5cf4) returned 0 [0101.202] GetFileType (hFile=0x174) returned 0x1 [0101.202] GetFileType (hFile=0x174) returned 0x1 [0101.202] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0001a5d44 | out: lpFileInformation=0xc0001a5d44) returned 1 [0101.203] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0001a5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a5d28) returned 1 [0101.203] ReadFile (in: hFile=0x174, lpBuffer=0xc00004e500, nNumberOfBytesToRead=0x4a1, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e500*, lpNumberOfBytesRead=0xc0001a5c04*=0x2a1, lpOverlapped=0x0) returned 1 [0101.210] ReadFile (in: hFile=0x174, lpBuffer=0xc00004e7a1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e7a1*, lpNumberOfBytesRead=0xc0001a5c04*=0x0, lpOverlapped=0x0) returned 1 [0101.210] CloseHandle (hObject=0x174) returned 1 [0101.210] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.218] SetEvent (hEvent=0xb8) returned 1 [0101.218] SetEvent (hEvent=0x100) returned 1 [0101.218] SwitchToThread () returned 1 [0101.219] SetEvent (hEvent=0xb8) returned 1 [0101.220] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.227] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0101.227] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0101.228] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0101.228] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0101.228] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc0001cdcf4 | out: lpMode=0xc0001cdcf4) returned 0 [0101.235] GetFileType (hFile=0x16c) returned 0x1 [0101.235] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0101.238] GetFileType (hFile=0x16c) returned 0x1 [0101.238] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc0001cdd44 | out: lpFileInformation=0xc0001cdd44) returned 1 [0101.238] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc0001cdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cdd28) returned 1 [0101.239] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0101.239] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0101.239] ReadFile (in: hFile=0x16c, lpBuffer=0xc000056000, nNumberOfBytesToRead=0x4b4, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesRead=0xc0001cdc04*=0x2b4, lpOverlapped=0x0) returned 1 [0101.255] ReadFile (in: hFile=0x16c, lpBuffer=0xc0000562b4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000562b4*, lpNumberOfBytesRead=0xc0001cdc04*=0x0, lpOverlapped=0x0) returned 1 [0101.255] CloseHandle (hObject=0x16c) returned 1 [0101.255] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0101.255] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0101.256] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0101.256] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0101.256] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0101.257] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc0001cdd04 | out: lpMode=0xc0001cdd04) returned 0 [0101.267] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.270] SetEvent (hEvent=0x100) returned 1 [0101.270] GetFileType (hFile=0x16c) returned 0x1 [0101.270] WriteFile (in: hFile=0x16c, lpBuffer=0xc000060000*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0xc0001cdcec, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesWritten=0xc0001cdcec*=0x2c0, lpOverlapped=0x0) returned 1 [0101.271] CloseHandle (hObject=0x16c) returned 1 [0101.272] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0101.272] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0101.272] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0101.272] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0101.273] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0101.273] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0101.274] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0101.274] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc0001cdd64 | out: lpMode=0xc0001cdd64) returned 0 [0101.275] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.282] GetFileType (hFile=0x16c) returned 0x1 [0101.282] WriteFile (in: hFile=0x16c, lpBuffer=0xc00007c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007c2c0*, lpNumberOfBytesWritten=0xc0001cdd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.283] CloseHandle (hObject=0x16c) returned 1 [0101.283] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\fil\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.284] SetEvent (hEvent=0x120) returned 1 [0101.284] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.291] SetEvent (hEvent=0x120) returned 1 [0101.291] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.333] SetEvent (hEvent=0x100) returned 1 [0101.333] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.336] SetEvent (hEvent=0x100) returned 1 [0101.336] SetEvent (hEvent=0xb8) returned 1 [0101.336] VirtualFree (lpAddress=0xc000264000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0101.336] VirtualFree (lpAddress=0xc0001f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.336] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0101.337] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.337] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.337] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.338] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.338] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.338] VirtualFree (lpAddress=0xc00005c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0101.338] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.339] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.339] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.339] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.339] GetFileType (hFile=0x170) returned 0x1 [0101.340] WriteFile (in: hFile=0x170, lpBuffer=0xc0001ec280*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xc00010dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001ec280*, lpNumberOfBytesWritten=0xc00010dcec*=0x270, lpOverlapped=0x0) returned 1 [0101.341] CloseHandle (hObject=0x170) returned 1 [0101.341] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.341] VirtualAlloc (lpAddress=0xc000270000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000270000 [0101.342] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0101.342] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc00010dd64 | out: lpMode=0xc00010dd64) returned 0 [0101.343] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.347] SetEvent (hEvent=0x100) returned 1 [0101.347] GetFileType (hFile=0x170) returned 0x1 [0101.347] WriteFile (in: hFile=0x170, lpBuffer=0xc0001f2000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001f2000*, lpNumberOfBytesWritten=0xc00010dd4c*=0x158, lpOverlapped=0x0) returned 1 [0101.347] CloseHandle (hObject=0x170) returned 1 [0101.347] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\et\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.348] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.354] SetEvent (hEvent=0x100) returned 1 [0101.354] SetEvent (hEvent=0x120) returned 1 [0101.354] SwitchToThread () returned 1 [0101.356] SetEvent (hEvent=0x100) returned 1 [0101.356] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.371] SetEvent (hEvent=0x8c) returned 1 [0101.371] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.373] SetEvent (hEvent=0x120) returned 1 [0101.373] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.376] SetEvent (hEvent=0x100) returned 1 [0101.377] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.442] SetEvent (hEvent=0x8c) returned 1 [0101.442] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.465] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00014b818, lpReserved=0x0 | out: lpBuffer=0xc0000100a0*, lpNumberOfCharsWritten=0xc00014b818*=0x3) returned 1 [0101.479] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100a6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000279818, lpReserved=0x0 | out: lpBuffer=0xc0000100a6*, lpNumberOfCharsWritten=0xc000279818*=0x3) returned 1 [0101.489] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0101.490] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010208*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b9818, lpReserved=0x0 | out: lpBuffer=0xc000010208*, lpNumberOfCharsWritten=0xc0001b9818*=0x3) returned 1 [0101.491] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.594] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0101.605] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000187cf4 | out: lpMode=0xc000187cf4) returned 0 [0101.611] GetFileType (hFile=0x16c) returned 0x1 [0101.611] GetFileType (hFile=0x16c) returned 0x1 [0101.611] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc000187d44 | out: lpFileInformation=0xc000187d44) returned 1 [0101.611] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc000187d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000187d28) returned 1 [0101.612] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0101.612] ReadFile (in: hFile=0x16c, lpBuffer=0xc000060000, nNumberOfBytesToRead=0x49a, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesRead=0xc000187c04*=0x29a, lpOverlapped=0x0) returned 1 [0101.617] ReadFile (in: hFile=0x16c, lpBuffer=0xc00006029a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006029a*, lpNumberOfBytesRead=0xc000187c04*=0x0, lpOverlapped=0x0) returned 1 [0101.617] CloseHandle (hObject=0x16c) returned 1 [0101.618] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0101.619] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000187d04 | out: lpMode=0xc000187d04) returned 0 [0101.629] GetFileType (hFile=0x16c) returned 0x1 [0101.629] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0101.629] WriteFile (in: hFile=0x16c, lpBuffer=0xc000036580*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xc000187cec, lpOverlapped=0x0 | out: lpBuffer=0xc000036580*, lpNumberOfBytesWritten=0xc000187cec*=0x2a0, lpOverlapped=0x0) returned 1 [0101.631] CloseHandle (hObject=0x16c) returned 1 [0101.631] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0101.631] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0101.631] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0101.631] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0101.632] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x16c [0101.632] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc000187d64 | out: lpMode=0xc000187d64) returned 0 [0101.637] GetFileType (hFile=0x16c) returned 0x1 [0101.637] WriteFile (in: hFile=0x16c, lpBuffer=0xc0000402c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000187d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000402c0*, lpNumberOfBytesWritten=0xc000187d4c*=0x158, lpOverlapped=0x0) returned 1 [0101.637] CloseHandle (hObject=0x16c) returned 1 [0101.637] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0101.638] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0101.638] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\pl\\encry-messages.json"), dwFlags=0x1) returned 1 [0101.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x16c [0101.639] GetConsoleMode (in: hConsoleHandle=0x16c, lpMode=0xc0006dfcf4 | out: lpMode=0xc0006dfcf4) returned 0 [0101.643] GetFileType (hFile=0x16c) returned 0x1 [0101.643] GetFileType (hFile=0x16c) returned 0x1 [0101.643] GetFileInformationByHandle (in: hFile=0x16c, lpFileInformation=0xc0006dfd44 | out: lpFileInformation=0xc0006dfd44) returned 1 [0101.643] GetFileInformationByHandleEx (in: hFile=0x16c, FileInformationClass=0x9, lpFileInformation=0xc0006dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006dfd28) returned 1 [0101.644] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0101.644] ReadFile (in: hFile=0x16c, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0x50f, lpNumberOfBytesRead=0xc0006dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc0006dfc04*=0x30f, lpOverlapped=0x0) returned 1 [0101.648] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0101.651] ReadFile (in: hFile=0x16c, lpBuffer=0xc00011c30f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c30f*, lpNumberOfBytesRead=0xc0006dfc04*=0x0, lpOverlapped=0x0) returned 1 [0101.651] CloseHandle (hObject=0x16c) returned 1 [0101.651] SetEvent (hEvent=0x12c) returned 1 [0101.651] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.072] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x154 [0102.073] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00018bcf4 | out: lpMode=0xc00018bcf4) returned 0 [0102.076] GetFileType (hFile=0x154) returned 0x1 [0102.076] GetFileType (hFile=0x154) returned 0x1 [0102.076] GetFileInformationByHandle (in: hFile=0x154, lpFileInformation=0xc00018bd44 | out: lpFileInformation=0xc00018bd44) returned 1 [0102.076] GetFileInformationByHandleEx (in: hFile=0x154, FileInformationClass=0x9, lpFileInformation=0xc00018bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018bd28) returned 1 [0102.076] VirtualAlloc (lpAddress=0xc0001da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001da000 [0102.077] ReadFile (in: hFile=0x154, lpBuffer=0xc0001da000, nNumberOfBytesToRead=0x42c, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001da000*, lpNumberOfBytesRead=0xc00018bc04*=0x22c, lpOverlapped=0x0) returned 1 [0102.077] ReadFile (in: hFile=0x154, lpBuffer=0xc0001da22c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001da22c*, lpNumberOfBytesRead=0xc00018bc04*=0x0, lpOverlapped=0x0) returned 1 [0102.078] CloseHandle (hObject=0x154) returned 1 [0102.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0102.078] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00018bd04 | out: lpMode=0xc00018bd04) returned 0 [0102.084] GetFileType (hFile=0x154) returned 0x1 [0102.084] WriteFile (in: hFile=0x154, lpBuffer=0xc00025a6c0*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0xc00018bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a6c0*, lpNumberOfBytesWritten=0xc00018bcec*=0x230, lpOverlapped=0x0) returned 1 [0102.085] CloseHandle (hObject=0x154) returned 1 [0102.085] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0102.085] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0102.086] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0102.086] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0102.086] GetConsoleMode (in: hConsoleHandle=0x154, lpMode=0xc00018bd64 | out: lpMode=0xc00018bd64) returned 0 [0102.094] GetFileType (hFile=0x154) returned 0x1 [0102.094] WriteFile (in: hFile=0x154, lpBuffer=0xc0001de2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001de2c0*, lpNumberOfBytesWritten=0xc00018bd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.094] CloseHandle (hObject=0x154) returned 1 [0102.094] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\encry-icon_16.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\encry-icon_16.png"), dwFlags=0x1) returned 1 [0102.095] VirtualAlloc (lpAddress=0xc0001e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e0000 [0102.096] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00053e380, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x154 [0102.097] CloseHandle (hObject=0x154) returned 1 [0102.098] SwitchToThread () returned 1 [0102.098] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x291cf840, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x291cf840*=0xf4) returned 1 [0102.099] SuspendThread (hThread=0xf4) returned 0x0 [0102.099] GetThreadContext (in: hThread=0xf4, lpContext=0x291cf850 | out: lpContext=0x291cf850*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870f758, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab153a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0102.099] ResumeThread (hThread=0xf4) returned 0x1 [0102.099] CloseHandle (hObject=0xf4) returned 1 [0102.099] SwitchToThread () returned 1 [0102.104] SwitchToThread () returned 1 [0102.107] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x291cf840, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x291cf840*=0xf4) returned 1 [0102.107] SuspendThread (hThread=0xf4) returned 0x0 [0102.107] GetThreadContext (in: hThread=0xf4, lpContext=0x291cf850 | out: lpContext=0x291cf850*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2870f758, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab153a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0102.111] ResumeThread (hThread=0xf4) returned 0x1 [0102.111] CloseHandle (hObject=0xf4) returned 1 [0102.111] SwitchToThread () returned 1 [0102.124] SetEvent (hEvent=0xf4) returned 1 [0102.124] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.125] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.127] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.127] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.128] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.128] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0102.128] SetEvent (hEvent=0xc0) returned 1 [0102.128] SetEvent (hEvent=0x13c) returned 1 [0102.128] SetEvent (hEvent=0xfc) returned 1 [0102.128] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.129] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.129] GetFileType (hFile=0xec) returned 0x1 [0102.129] WriteFile (in: hFile=0xec, lpBuffer=0xc00005c790*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0xc000171cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005c790*, lpNumberOfBytesWritten=0xc000171cec*=0xb0, lpOverlapped=0x0) returned 1 [0102.130] CloseHandle (hObject=0xec) returned 1 [0102.130] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0102.130] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0102.130] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000171d64 | out: lpMode=0xc000171d64) returned 0 [0102.132] GetFileType (hFile=0xec) returned 0x1 [0102.132] WriteFile (in: hFile=0xec, lpBuffer=0xc00016a420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000171d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a420*, lpNumberOfBytesWritten=0xc000171d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.133] CloseHandle (hObject=0xec) returned 1 [0102.133] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\encry-topbar_floating_button.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\encry-topbar_floating_button.png"), dwFlags=0x1) returned 1 [0102.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0102.134] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001ebcf4 | out: lpMode=0xc0001ebcf4) returned 0 [0102.142] GetFileType (hFile=0xec) returned 0x1 [0102.142] GetFileType (hFile=0xec) returned 0x1 [0102.142] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0001ebd44 | out: lpFileInformation=0xc0001ebd44) returned 1 [0102.142] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0001ebd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001ebd28) returned 1 [0102.142] ReadFile (in: hFile=0xec, lpBuffer=0xc000168b00, nNumberOfBytesToRead=0x2a0, lpNumberOfBytesRead=0xc0001ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc000168b00*, lpNumberOfBytesRead=0xc0001ebc04*=0xa0, lpOverlapped=0x0) returned 1 [0102.143] ReadFile (in: hFile=0xec, lpBuffer=0xc000168ba0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc000168ba0*, lpNumberOfBytesRead=0xc0001ebc04*=0x0, lpOverlapped=0x0) returned 1 [0102.143] CloseHandle (hObject=0xec) returned 1 [0102.143] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0102.144] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001ebd04 | out: lpMode=0xc0001ebd04) returned 0 [0102.149] GetFileType (hFile=0xec) returned 0x1 [0102.149] WriteFile (in: hFile=0xec, lpBuffer=0xc000166370*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0xc0001ebcec, lpOverlapped=0x0 | out: lpBuffer=0xc000166370*, lpNumberOfBytesWritten=0xc0001ebcec*=0xb0, lpOverlapped=0x0) returned 1 [0102.150] CloseHandle (hObject=0xec) returned 1 [0102.150] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082501 | out: pbBuffer=0xc000082501) returned 1 [0102.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0102.151] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001ebd64 | out: lpMode=0xc0001ebd64) returned 0 [0102.159] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.167] SwitchToThread () returned 1 [0102.167] SetEvent (hEvent=0x114) returned 1 [0102.167] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.168] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100d0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000049818, lpReserved=0x0 | out: lpBuffer=0xc0000100d0*, lpNumberOfCharsWritten=0xc000049818*=0x3) returned 1 [0102.175] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100d6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc0000100d6*, lpNumberOfCharsWritten=0xc0006e1818*=0x3) returned 1 [0102.182] SwitchToThread () returned 1 [0102.184] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.197] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.200] SetEvent (hEvent=0x114) returned 1 [0102.200] SwitchToThread () returned 1 [0102.203] SetEvent (hEvent=0x100) returned 1 [0102.203] SetEvent (hEvent=0x114) returned 1 [0102.203] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.213] SetEvent (hEvent=0x114) returned 1 [0102.214] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.215] SetEvent (hEvent=0x13c) returned 1 [0102.215] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.229] SetEvent (hEvent=0x114) returned 1 [0102.229] SetEvent (hEvent=0x13c) returned 1 [0102.229] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\de\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0102.230] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000273cf4 | out: lpMode=0xc000273cf4) returned 0 [0102.234] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.240] SwitchToThread () returned 1 [0102.330] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.337] SetEvent (hEvent=0x13c) returned 1 [0102.337] SwitchToThread () returned 1 [0102.341] GetFileType (hFile=0x148) returned 0x1 [0102.341] GetFileType (hFile=0x148) returned 0x1 [0102.341] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc0004d9d44 | out: lpFileInformation=0xc0004d9d44) returned 1 [0102.341] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc0004d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004d9d28) returned 1 [0102.341] ReadFile (in: hFile=0x148, lpBuffer=0xc0000d1500, nNumberOfBytesToRead=0x1309, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesRead=0xc0004d9c04*=0x1109, lpOverlapped=0x0) returned 1 [0102.345] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.348] ReadFile (in: hFile=0x148, lpBuffer=0xc0000d2609, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d2609*, lpNumberOfBytesRead=0xc0004d9c04*=0x0, lpOverlapped=0x0) returned 1 [0102.348] CloseHandle (hObject=0x148) returned 1 [0102.348] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0102.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0102.350] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0004d9d04 | out: lpMode=0xc0004d9d04) returned 0 [0102.357] GetFileType (hFile=0x148) returned 0x1 [0102.357] WriteFile (in: hFile=0x148, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x1110, lpNumberOfBytesWritten=0xc0004d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc0004d9cec*=0x1110, lpOverlapped=0x0) returned 1 [0102.358] CloseHandle (hObject=0x148) returned 1 [0102.358] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0102.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0102.358] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0004d9d64 | out: lpMode=0xc0004d9d64) returned 0 [0102.360] GetFileType (hFile=0x148) returned 0x1 [0102.361] WriteFile (in: hFile=0x148, lpBuffer=0xc0002b2000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002b2000*, lpNumberOfBytesWritten=0xc0004d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.361] CloseHandle (hObject=0x148) returned 1 [0102.361] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\encry-icon_128.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\encry-icon_128.png"), dwFlags=0x1) returned 1 [0102.362] VirtualFree (lpAddress=0xc00021a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0102.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0102.363] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00026fcf4 | out: lpMode=0xc00026fcf4) returned 0 [0102.368] GetFileType (hFile=0x148) returned 0x1 [0102.368] GetFileType (hFile=0x148) returned 0x1 [0102.368] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc00026fd44 | out: lpFileInformation=0xc00026fd44) returned 1 [0102.369] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc00026fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026fd28) returned 1 [0102.369] ReadFile (in: hFile=0x148, lpBuffer=0xc0002b6000, nNumberOfBytesToRead=0x2ec, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b6000*, lpNumberOfBytesRead=0xc00026fc04*=0xec, lpOverlapped=0x0) returned 1 [0102.370] ReadFile (in: hFile=0x148, lpBuffer=0xc0002b60ec, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b60ec*, lpNumberOfBytesRead=0xc00026fc04*=0x0, lpOverlapped=0x0) returned 1 [0102.370] CloseHandle (hObject=0x148) returned 1 [0102.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0102.372] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00026fd04 | out: lpMode=0xc00026fd04) returned 0 [0102.373] GetFileType (hFile=0x148) returned 0x1 [0102.373] WriteFile (in: hFile=0x148, lpBuffer=0xc0000523c0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00026fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000523c0*, lpNumberOfBytesWritten=0xc00026fcec*=0xf0, lpOverlapped=0x0) returned 1 [0102.374] CloseHandle (hObject=0x148) returned 1 [0102.375] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0102.375] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0102.375] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00026fd64 | out: lpMode=0xc00026fd64) returned 0 [0102.376] GetFileType (hFile=0x148) returned 0x1 [0102.376] WriteFile (in: hFile=0x148, lpBuffer=0xc0002b2000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002b2000*, lpNumberOfBytesWritten=0xc00026fd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.376] CloseHandle (hObject=0x148) returned 1 [0102.376] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\da\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.377] VirtualFree (lpAddress=0xc0002b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.378] VirtualFree (lpAddress=0xc0002ac000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.378] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.378] VirtualFree (lpAddress=0xc0001d4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0102.379] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.379] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0102.379] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.380] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.380] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.380] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.380] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.381] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586540*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000113818, lpReserved=0x0 | out: lpBuffer=0xc000586540*, lpNumberOfCharsWritten=0xc000113818*=0x3) returned 1 [0102.385] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.413] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0102.413] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010290*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000047818, lpReserved=0x0 | out: lpBuffer=0xc000010290*, lpNumberOfCharsWritten=0xc000047818*=0x3) returned 1 [0102.419] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.420] SetEvent (hEvent=0x114) returned 1 [0102.420] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.421] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000135818, lpReserved=0x0 | out: lpBuffer=0xc0000100f0*, lpNumberOfCharsWritten=0xc000135818*=0x3) returned 1 [0102.422] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100f6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e3818, lpReserved=0x0 | out: lpBuffer=0xc0000100f6*, lpNumberOfCharsWritten=0xc0006e3818*=0x3) returned 1 [0102.436] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00013f818, lpReserved=0x0 | out: lpBuffer=0xc0000101a0*, lpNumberOfCharsWritten=0xc00013f818*=0x3) returned 1 [0102.441] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021c8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc0001021c8*, lpNumberOfCharsWritten=0xc000247818*=0x3) returned 1 [0102.445] SetEvent (hEvent=0xfc) returned 1 [0102.445] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101a6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00016f818, lpReserved=0x0 | out: lpBuffer=0xc0000101a6*, lpNumberOfCharsWritten=0xc00016f818*=0x3) returned 1 [0102.449] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010270*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000065818, lpReserved=0x0 | out: lpBuffer=0xc000010270*, lpNumberOfCharsWritten=0xc000065818*=0x3) returned 1 [0102.450] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.459] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001020f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000eb818, lpReserved=0x0 | out: lpBuffer=0xc0001020f0*, lpNumberOfCharsWritten=0xc0000eb818*=0x3) returned 1 [0102.461] SwitchToThread () returned 1 [0102.461] SetEvent (hEvent=0x114) returned 1 [0102.461] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.462] SetEvent (hEvent=0x114) returned 1 [0102.462] SetEvent (hEvent=0x100) returned 1 [0102.462] SetEvent (hEvent=0xfc) returned 1 [0102.462] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.475] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.475] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.475] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.475] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.475] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.476] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fil\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea)) returned 1 [0102.492] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.493] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.493] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0102.494] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.494] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.494] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.494] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0102.494] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.494] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c)) returned 1 [0102.495] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.495] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.495] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.495] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a21490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x121, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.495] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.495] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.495] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a21490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x121)) returned 1 [0102.496] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.496] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.496] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.496] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.496] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.496] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.496] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.496] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6)) returned 1 [0102.497] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0102.497] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.497] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.498] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.498] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.498] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.498] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.498] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.498] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\hu\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2)) returned 1 [0102.498] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.499] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.499] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.499] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.499] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.499] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.499] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf2)) returned 1 [0102.499] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.500] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0102.500] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.500] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.500] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.500] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.501] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.501] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\it\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100)) returned 1 [0102.508] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.508] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.508] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.508] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.508] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.508] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.509] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ja\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10f)) returned 1 [0102.509] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.509] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.509] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.509] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.509] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.509] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.509] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.510] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ko\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x100)) returned 1 [0102.510] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.510] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.510] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.510] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.510] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.510] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.511] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.511] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0102.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfd)) returned 1 [0102.519] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.519] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.520] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.520] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.520] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.520] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xee)) returned 1 [0102.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.521] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.521] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.521] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.521] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.521] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\nl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe8)) returned 1 [0102.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.522] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.522] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0102.522] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.522] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.522] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x656b8f00, ftLastWriteTime.dwHighDateTime=0x1cccade, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.522] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.523] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\no\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x656b8f00, ftLastWriteTime.dwHighDateTime=0x1cccade, nFileSizeHigh=0x0, nFileSizeLow=0xd2)) returned 1 [0102.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.523] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.523] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.523] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.523] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.523] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.523] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108)) returned 1 [0102.524] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0102.525] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.532] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.532] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.532] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.532] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.532] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.532] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_br\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde)) returned 1 [0102.532] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0102.533] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.533] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.533] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.533] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.534] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.534] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.534] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\pt_pt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf)) returned 1 [0102.534] VirtualAlloc (lpAddress=0xc000144000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000144000 [0102.534] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.535] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.535] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.535] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.535] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.535] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.535] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.535] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ro\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x109)) returned 1 [0102.536] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.537] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.537] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0102.537] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.538] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.538] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.538] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.538] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\ru\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11e)) returned 1 [0102.538] VirtualAlloc (lpAddress=0xc0001d4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d4000 [0102.539] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.539] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.539] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.539] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.539] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x656b8f00, ftLastWriteTime.dwHighDateTime=0x1cccade, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.540] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.540] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.540] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\se\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x656b8f00, ftLastWriteTime.dwHighDateTime=0x1cccade, nFileSizeHigh=0x0, nFileSizeLow=0xd2)) returned 1 [0102.540] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.540] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.541] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.541] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.541] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.541] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.541] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0102.541] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde)) returned 1 [0102.542] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.542] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.542] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0102.542] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.542] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.543] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.543] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.543] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.543] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a48590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a48590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea)) returned 1 [0102.543] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.544] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0102.544] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.544] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.544] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x127, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.544] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.544] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.544] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\sr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x127)) returned 1 [0102.545] VirtualAlloc (lpAddress=0xc0001f2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001f2000 [0102.545] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.546] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.546] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.546] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86aba9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86aba9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.546] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x144, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.546] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.546] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.546] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\th\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86abb180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x144)) returned 1 [0102.546] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0102.547] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.547] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.547] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869b0010, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a22430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a22430, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.547] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a21490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.547] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.548] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.548] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\tr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a21490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea)) returned 1 [0102.549] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.549] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.549] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869d6170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a6e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.549] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x130, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.549] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.549] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.549] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\uk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a6e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a6f690, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x130)) returned 1 [0102.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.550] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0102.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.551] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.551] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.551] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.551] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.551] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.551] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\vi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe8)) returned 1 [0102.551] VirtualAlloc (lpAddress=0xc0001fa000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fa000 [0102.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.552] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.552] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0102.553] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x869fc2d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.553] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.553] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.553] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_CN\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_cn\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102)) returned 1 [0102.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.554] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.554] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86a22430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a94850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.554] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.554] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.554] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\zh_tw\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86a94850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86a94080, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf9)) returned 1 [0102.555] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ae0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ae0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.555] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ae0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ae0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.555] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86aba9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86ae0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86ae0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.555] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ae0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86adfb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xdd12c400, ftLastWriteTime.dwHighDateTime=0x1d0683e, nFileSizeHigh=0x0, nFileSizeLow=0x2686, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0102.555] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.555] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.556] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_metadata\\verified_contents.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86ae0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86adfb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xdd12c400, ftLastWriteTime.dwHighDateTime=0x1d0683e, nFileSizeHigh=0x0, nFileSizeLow=0x2686)) returned 1 [0102.556] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x869b0fb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86d1bfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x310)) returned 1 [0102.556] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0102.557] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0102.557] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8399f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839a6a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839a6a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.568] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.572] SetEvent (hEvent=0x108) returned 1 [0102.572] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.579] VirtualFree (lpAddress=0xc0002c8000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0102.579] VirtualFree (lpAddress=0xc0002c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.579] VirtualFree (lpAddress=0xc0002a0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.579] VirtualFree (lpAddress=0xc000262000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.580] VirtualFree (lpAddress=0xc00025c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.580] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.580] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.580] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0102.581] VirtualFree (lpAddress=0xc000144000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.581] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.581] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.581] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.581] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0102.582] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.582] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0102.582] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.582] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.583] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.583] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.583] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.583] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.583] VirtualFree (lpAddress=0xc00006a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0102.584] VirtualFree (lpAddress=0xc00005c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0102.584] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.584] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.584] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.585] SetEvent (hEvent=0x12c) returned 1 [0102.585] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.768] SetEvent (hEvent=0x13c) returned 1 [0102.768] SetEvent (hEvent=0x12c) returned 1 [0102.768] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.805] SetEvent (hEvent=0x13c) returned 1 [0102.805] SetEvent (hEvent=0x114) returned 1 [0102.805] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.873] SetEvent (hEvent=0x13c) returned 1 [0102.873] SetEvent (hEvent=0x100) returned 1 [0102.873] SetEvent (hEvent=0x114) returned 1 [0102.873] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.885] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.890] SetEvent (hEvent=0x13c) returned 1 [0102.890] GetFileType (hFile=0x128) returned 0x1 [0102.890] WriteFile (in: hFile=0x128, lpBuffer=0xc000532600*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc000049cec, lpOverlapped=0x0 | out: lpBuffer=0xc000532600*, lpNumberOfBytesWritten=0xc000049cec*=0x100, lpOverlapped=0x0) returned 1 [0102.891] CloseHandle (hObject=0x128) returned 1 [0102.891] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0102.891] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0102.892] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0102.892] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0102.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0102.892] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000049d64 | out: lpMode=0xc000049d64) returned 0 [0102.899] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.903] SetEvent (hEvent=0x13c) returned 1 [0102.903] GetFileType (hFile=0x128) returned 0x1 [0102.903] WriteFile (in: hFile=0x128, lpBuffer=0xc0000dc2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000049d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc2c0*, lpNumberOfBytesWritten=0xc000049d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.903] CloseHandle (hObject=0x128) returned 1 [0102.903] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\id\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.910] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0102.910] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0102.911] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0102.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0102.912] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000c1cf4 | out: lpMode=0xc0000c1cf4) returned 0 [0102.916] GetFileType (hFile=0x128) returned 0x1 [0102.916] GetFileType (hFile=0x128) returned 0x1 [0102.916] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0000c1d44 | out: lpFileInformation=0xc0000c1d44) returned 1 [0102.916] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0000c1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c1d28) returned 1 [0102.916] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0102.917] ReadFile (in: hFile=0x128, lpBuffer=0xc00005a000, nNumberOfBytesToRead=0x2ee, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesRead=0xc0000c1c04*=0xee, lpOverlapped=0x0) returned 1 [0102.917] ReadFile (in: hFile=0x128, lpBuffer=0xc00005a0ee, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a0ee*, lpNumberOfBytesRead=0xc0000c1c04*=0x0, lpOverlapped=0x0) returned 1 [0102.918] CloseHandle (hObject=0x128) returned 1 [0102.918] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0102.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0102.919] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000c1d04 | out: lpMode=0xc0000c1d04) returned 0 [0102.925] GetFileType (hFile=0x128) returned 0x1 [0102.925] WriteFile (in: hFile=0x128, lpBuffer=0xc00006e1e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0000c1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006e1e0*, lpNumberOfBytesWritten=0xc0000c1cec*=0xf0, lpOverlapped=0x0) returned 1 [0102.926] CloseHandle (hObject=0x128) returned 1 [0102.926] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082401 | out: pbBuffer=0xc000082401) returned 1 [0102.926] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0102.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0102.927] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000c1d64 | out: lpMode=0xc0000c1d64) returned 0 [0102.933] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.943] GetFileType (hFile=0x128) returned 0x1 [0102.944] WriteFile (in: hFile=0x128, lpBuffer=0xc0000702c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000702c0*, lpNumberOfBytesWritten=0xc0000c1d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.944] CloseHandle (hObject=0x128) returned 1 [0102.944] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\lv\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.945] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.954] SetEvent (hEvent=0x13c) returned 1 [0102.954] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.956] SetEvent (hEvent=0x114) returned 1 [0102.956] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.957] SwitchToThread () returned 1 [0102.958] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0102.959] SetEvent (hEvent=0x13c) returned 1 [0102.959] SetEvent (hEvent=0x108) returned 1 [0102.959] VirtualFree (lpAddress=0xc0002f2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.959] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.960] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.960] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.960] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.961] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.961] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.961] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.961] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.962] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.962] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0102.963] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8340b180, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.963] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8340b180, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.963] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8340b180, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.963] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.963] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.964] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.964] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0102.964] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0102.964] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\bn\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8340b180, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8340b180, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52cb)) returned 1 [0102.965] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340ffa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834126b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834126b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.965] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340ffa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834126b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834126b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.965] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8340ffa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834126b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834126b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.965] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834126b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83414dc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x405d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.965] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.965] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ca\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834126b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83414dc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8397f940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x405d)) returned 1 [0102.969] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83419be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8341c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8341c2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.969] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83419be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8341c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8341c2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.970] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83419be0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8341c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8341c2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.970] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8341c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83421110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4029, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.970] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.970] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.970] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\cs\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8341c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83421110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4029)) returned 1 [0102.970] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83425f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83428640, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.970] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.970] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83425f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83428640, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.971] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83425f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83428640, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.971] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83428640, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f79, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.971] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.971] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.971] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\da\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83428640, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83428640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f79)) returned 1 [0102.980] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0102.981] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8342d460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8342fb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8342fb70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.981] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.981] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8342d460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8342fb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8342fb70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.981] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8342d460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8342fb70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8342fb70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.981] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8342fb70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83432280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x406f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.981] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.981] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.981] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\de\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8342fb70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83432280, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x406f)) returned 1 [0102.982] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83434990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834370a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834370a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.982] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.982] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83434990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834370a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834370a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.982] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0102.983] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83434990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834370a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834370a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.983] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834370a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834397b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4afe, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.983] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.983] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.983] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\el\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834370a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834397b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83982050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4afe)) returned 1 [0102.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8343bec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83440ce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.990] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.990] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8343bec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83440ce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.990] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8343bec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83440ce0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.990] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8343e5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d7a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.990] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.991] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\en\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8343e5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83440ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d7a)) returned 1 [0102.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8344a920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8344d030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0102.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0102.991] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0102.991] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8344a920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8344d030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0102.992] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0102.992] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8344a920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8344d030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0102.992] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8344d030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x404b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0102.993] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0102.993] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0102.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8344d030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8344d030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x404b)) returned 1 [0102.997] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.010] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0103.010] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83451e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83454560, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.011] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83451e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83454560, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.011] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83451e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83454560, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.011] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83454560, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e85, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.011] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.011] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.011] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\et\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83454560, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83454560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e85)) returned 1 [0103.011] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83459380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8345ba90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.012] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83459380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8345ba90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.012] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83459380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8345ba90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.012] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8345ba90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x46f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.012] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.012] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.012] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fa\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8345ba90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8345ba90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83984760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x46f5)) returned 1 [0103.013] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.017] SetEvent (hEvent=0xc0) returned 1 [0103.017] SetEvent (hEvent=0x13c) returned 1 [0103.017] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834608b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83462fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83462fc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.018] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.026] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0103.026] SetEvent (hEvent=0x108) returned 1 [0103.027] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.027] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.038] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.039] SetEvent (hEvent=0x108) returned 1 [0103.039] SetEvent (hEvent=0x13c) returned 1 [0103.039] SetEvent (hEvent=0xfc) returned 1 [0103.039] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.078] SetEvent (hEvent=0x100) returned 1 [0103.078] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.082] SetEvent (hEvent=0x9c) returned 1 [0103.082] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.085] SetEvent (hEvent=0x108) returned 1 [0103.085] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.090] SetEvent (hEvent=0xb8) returned 1 [0103.090] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.158] SetEvent (hEvent=0x13c) returned 1 [0103.158] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0103.159] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0103.159] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0103.159] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0103.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0103.160] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000b7cf4 | out: lpMode=0xc0000b7cf4) returned 0 [0103.167] GetFileType (hFile=0xec) returned 0x1 [0103.167] GetFileType (hFile=0xec) returned 0x1 [0103.167] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0000b7d44 | out: lpFileInformation=0xc0000b7d44) returned 1 [0103.168] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0000b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000b7d28) returned 1 [0103.168] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0103.168] ReadFile (in: hFile=0xec, lpBuffer=0xc00020e800, nNumberOfBytesToRead=0x414c, lpNumberOfBytesRead=0xc0000b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00020e800*, lpNumberOfBytesRead=0xc0000b7c04*=0x3f4c, lpOverlapped=0x0) returned 1 [0103.171] ReadFile (in: hFile=0xec, lpBuffer=0xc00021274c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021274c*, lpNumberOfBytesRead=0xc0000b7c04*=0x0, lpOverlapped=0x0) returned 1 [0103.171] CloseHandle (hObject=0xec) returned 1 [0103.171] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0103.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0103.173] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000b7d04 | out: lpMode=0xc0000b7d04) returned 0 [0103.176] GetFileType (hFile=0xec) returned 0x1 [0103.176] WriteFile (in: hFile=0xec, lpBuffer=0xc0000ee000*, nNumberOfBytesToWrite=0x3f50, lpNumberOfBytesWritten=0xc0000b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesWritten=0xc0000b7cec*=0x3f50, lpOverlapped=0x0) returned 1 [0103.178] CloseHandle (hObject=0xec) returned 1 [0103.178] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0103.178] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0103.178] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0103.179] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0103.179] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0103.180] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0103.180] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0103.180] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000b7d64 | out: lpMode=0xc0000b7d64) returned 0 [0103.185] GetFileType (hFile=0xec) returned 0x1 [0103.185] WriteFile (in: hFile=0xec, lpBuffer=0xc00016a6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a6e0*, lpNumberOfBytesWritten=0xc0000b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.186] CloseHandle (hObject=0xec) returned 1 [0103.186] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fi\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.187] VirtualFree (lpAddress=0xc00025a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.187] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.187] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.188] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.188] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.188] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.189] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.189] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.189] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a04b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00004b818, lpReserved=0x0 | out: lpBuffer=0xc0000a04b0*, lpNumberOfCharsWritten=0xc00004b818*=0x3) returned 1 [0103.195] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a04b6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00019d818, lpReserved=0x0 | out: lpBuffer=0xc0000a04b6*, lpNumberOfCharsWritten=0xc00019d818*=0x3) returned 1 [0103.200] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a04c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004db818, lpReserved=0x0 | out: lpBuffer=0xc0000a04c0*, lpNumberOfCharsWritten=0xc0004db818*=0x3) returned 1 [0103.210] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a04f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001c9818, lpReserved=0x0 | out: lpBuffer=0xc0000a04f0*, lpNumberOfCharsWritten=0xc0001c9818*=0x3) returned 1 [0103.213] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.217] SetEvent (hEvent=0x13c) returned 1 [0103.217] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.217] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586390*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000141818, lpReserved=0x0 | out: lpBuffer=0xc000586390*, lpNumberOfCharsWritten=0xc000141818*=0x3) returned 1 [0103.218] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586396*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00013d818, lpReserved=0x0 | out: lpBuffer=0xc000586396*, lpNumberOfCharsWritten=0xc00013d818*=0x3) returned 1 [0103.230] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f9818, lpReserved=0x0 | out: lpBuffer=0xc0005863b0*, lpNumberOfCharsWritten=0xc0000f9818*=0x3) returned 1 [0103.237] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102618*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000151818, lpReserved=0x0 | out: lpBuffer=0xc000102618*, lpNumberOfCharsWritten=0xc000151818*=0x3) returned 1 [0103.242] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001026a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc0001026a0*, lpNumberOfCharsWritten=0xc000117818*=0x3) returned 1 [0103.249] SwitchToThread () returned 1 [0103.330] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.334] SetEvent (hEvent=0x100) returned 1 [0103.334] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.335] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0103.335] SetEvent (hEvent=0xc0) returned 1 [0103.335] SetEvent (hEvent=0xfc) returned 1 [0103.335] SetEvent (hEvent=0x100) returned 1 [0103.335] SetEvent (hEvent=0x9c) returned 1 [0103.336] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.342] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0103.342] SetEvent (hEvent=0x13c) returned 1 [0103.342] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.350] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0103.350] SetEvent (hEvent=0x100) returned 1 [0103.350] SetEvent (hEvent=0xfc) returned 1 [0103.351] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.353] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.353] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.356] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.356] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.357] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0103.357] SetEvent (hEvent=0xc0) returned 1 [0103.357] SetEvent (hEvent=0xfc) returned 1 [0103.357] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.358] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0103.358] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a7580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.359] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.359] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a7580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.359] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834a7580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.359] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.359] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.359] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.359] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0103.360] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0103.360] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834a7580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834a7580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f0c)) returned 1 [0103.360] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834aeab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b11c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834b11c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.361] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834aeab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b11c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834b11c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.361] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834aeab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b11c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834b11c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.361] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834b11c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b38d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x5074, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.361] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.361] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.361] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834b11c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834b38d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x5074)) returned 1 [0103.365] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834b86f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bae00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834bae00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.371] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.371] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834b86f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bae00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834bae00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.371] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834b86f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bae00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834bae00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.371] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834bae00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bd510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x447a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.371] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.371] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.371] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ja\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834bae00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834bd510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x447a)) returned 1 [0103.371] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834c4a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c7150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834c7150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.372] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.372] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834c4a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c7150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834c7150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.372] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834c4a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c7150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834c7150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.372] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834c7150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c9860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x55a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.372] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.372] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.372] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\kn\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834c7150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834c9860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x55a3)) returned 1 [0103.377] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0103.377] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834cbf70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ce680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ce680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.377] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834cbf70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ce680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ce680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.378] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834cbf70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ce680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ce680, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.378] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ce680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d0d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x403a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.378] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.378] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.378] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ko\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ce680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d0d90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83989580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x403a)) returned 1 [0103.378] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834d34a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d5bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834d5bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.378] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.378] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834d34a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d5bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834d5bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.378] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0103.379] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834d34a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d5bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834d5bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.379] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834d5bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d82c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x416b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.379] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.379] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.379] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834d5bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834d82c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x416b)) returned 1 [0103.395] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.438] SwitchToThread () returned 1 [0103.438] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.438] SetEvent (hEvent=0x164) returned 1 [0103.438] SetEvent (hEvent=0x188) returned 1 [0103.439] VirtualFree (lpAddress=0xc00021c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.439] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.439] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.439] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.440] VirtualFree (lpAddress=0xc000144000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.440] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.440] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.440] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.440] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.441] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.441] VirtualFree (lpAddress=0xc000058000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0103.441] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.441] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.442] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.442] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.442] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000e7818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc0000e7818*=0x3) returned 1 [0103.448] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cd818, lpReserved=0x0 | out: lpBuffer=0xc000586016*, lpNumberOfCharsWritten=0xc0001cd818*=0x3) returned 1 [0103.455] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586220*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001ab818, lpReserved=0x0 | out: lpBuffer=0xc000586220*, lpNumberOfCharsWritten=0xc0001ab818*=0x3) returned 1 [0103.461] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.492] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586226*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a5818, lpReserved=0x0 | out: lpBuffer=0xc000586226*, lpNumberOfCharsWritten=0xc0001a5818*=0x3) returned 1 [0103.500] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586320*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00022d818, lpReserved=0x0 | out: lpBuffer=0xc000586320*, lpNumberOfCharsWritten=0xc00022d818*=0x3) returned 1 [0103.501] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586326*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00010d818, lpReserved=0x0 | out: lpBuffer=0xc000586326*, lpNumberOfCharsWritten=0xc00010d818*=0x3) returned 1 [0103.509] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586330*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001ad818, lpReserved=0x0 | out: lpBuffer=0xc000586330*, lpNumberOfCharsWritten=0xc0001ad818*=0x3) returned 1 [0103.515] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.529] SetEvent (hEvent=0x188) returned 1 [0103.529] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.530] SetEvent (hEvent=0x12c) returned 1 [0103.530] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.535] SetEvent (hEvent=0x100) returned 1 [0103.535] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.546] SetEvent (hEvent=0x188) returned 1 [0103.546] SetEvent (hEvent=0x114) returned 1 [0103.546] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.590] SetEvent (hEvent=0x100) returned 1 [0103.590] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.600] SetEvent (hEvent=0x100) returned 1 [0103.600] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.602] SetEvent (hEvent=0x120) returned 1 [0103.602] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.606] SetEvent (hEvent=0x100) returned 1 [0103.606] VirtualFree (lpAddress=0xc000220000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.606] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.607] SetEvent (hEvent=0x108) returned 1 [0103.607] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.856] SetEvent (hEvent=0xf4) returned 1 [0103.856] SetEvent (hEvent=0xb8) returned 1 [0103.856] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0103.867] SetEvent (hEvent=0x108) returned 1 [0103.867] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0104.149] SetEvent (hEvent=0x108) returned 1 [0104.149] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0104.153] SetEvent (hEvent=0x108) returned 1 [0104.153] SetEvent (hEvent=0x100) returned 1 [0104.153] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0104.495] SetEvent (hEvent=0xf4) returned 1 [0104.495] SetEvent (hEvent=0x164) returned 1 [0104.495] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0104.517] SetEvent (hEvent=0xf4) returned 1 [0104.517] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b04.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0104.517] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00013dcf4 | out: lpMode=0xc00013dcf4) returned 0 [0104.520] GetFileType (hFile=0x148) returned 0x1 [0104.520] GetFileType (hFile=0x148) returned 0x1 [0104.520] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc00013dd44 | out: lpFileInformation=0xc00013dd44) returned 1 [0104.520] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc00013dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013dd28) returned 1 [0104.520] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0104.521] ReadFile (in: hFile=0x148, lpBuffer=0xc0000d8000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesRead=0xc00013dc04*=0x0, lpOverlapped=0x0) returned 1 [0104.521] CloseHandle (hObject=0x148) returned 1 [0104.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b04.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0104.521] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00013dd04 | out: lpMode=0xc00013dd04) returned 0 [0104.525] GetFileType (hFile=0x148) returned 0x1 [0104.525] WriteFile (in: hFile=0x148, lpBuffer=0xc000102200*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc00013dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000102200*, lpNumberOfBytesWritten=0xc00013dcec*=0x10, lpOverlapped=0x0) returned 1 [0104.526] CloseHandle (hObject=0x148) returned 1 [0104.526] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0104.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b04.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0104.526] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00013dd64 | out: lpMode=0xc00013dd64) returned 0 [0104.531] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0104.652] GetFileType (hFile=0x148) returned 0x1 [0104.653] WriteFile (in: hFile=0x148, lpBuffer=0xc00016a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesWritten=0xc00013dd4c*=0x158, lpOverlapped=0x0) returned 1 [0104.653] CloseHandle (hObject=0x148) returned 1 [0104.653] VirtualAlloc (lpAddress=0xc00039c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00039c000 [0104.653] VirtualAlloc (lpAddress=0xc00039e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00039e000 [0104.653] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\2B04.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\2b04.tmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\encry-2B04.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticonsold\\encry-2b04.tmp"), dwFlags=0x1) returned 1 [0104.654] SetEvent (hEvent=0x9c) returned 1 [0104.654] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0104.667] SetEvent (hEvent=0x114) returned 1 [0104.667] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0104.682] SetEvent (hEvent=0x1d0) returned 1 [0104.682] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0104.685] SetEvent (hEvent=0xfc) returned 1 [0104.685] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0104.692] VirtualFree (lpAddress=0xc00058e000, dwSize=0x7a000, dwFreeType=0x4000) returned 1 [0104.694] VirtualFree (lpAddress=0xc000420000, dwSize=0x5a000, dwFreeType=0x4000) returned 1 [0104.696] VirtualFree (lpAddress=0xc00039c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.696] VirtualFree (lpAddress=0xc000380000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.697] VirtualFree (lpAddress=0xc0002be000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.697] VirtualFree (lpAddress=0xc000294000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.697] VirtualFree (lpAddress=0xc00028c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0104.697] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.698] VirtualFree (lpAddress=0xc000262000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.698] VirtualFree (lpAddress=0xc00025c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.698] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.698] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.699] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.699] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.699] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.699] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.700] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.700] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.700] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.700] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.701] VirtualAlloc (lpAddress=0xc0003a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a4000 [0104.701] SetEvent (hEvent=0x108) returned 1 [0104.701] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0107.798] SetEvent (hEvent=0x164) returned 1 [0107.798] SetEvent (hEvent=0x120) returned 1 [0107.798] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0107.801] SetEvent (hEvent=0x108) returned 1 [0107.801] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0107.828] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.829] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0107.829] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0107.830] SetEvent (hEvent=0x114) returned 1 [0107.831] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.831] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.834] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.835] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0107.835] SetEvent (hEvent=0x114) returned 1 [0107.835] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.838] SetEvent (hEvent=0xb8) returned 1 [0107.838] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0107.845] SetEvent (hEvent=0xf4) returned 1 [0107.845] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0107.848] SetEvent (hEvent=0xf4) returned 1 [0107.848] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0107.850] SetEvent (hEvent=0xf4) returned 1 [0107.851] SetEvent (hEvent=0xb8) returned 1 [0107.851] VirtualFree (lpAddress=0xc00025c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.851] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.851] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.851] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.852] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.852] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000035818, lpReserved=0x0 | out: lpBuffer=0xc0005862c0*, lpNumberOfCharsWritten=0xc000035818*=0x4) returned 1 [0107.853] SetEvent (hEvent=0xb8) returned 1 [0107.853] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862c8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001cb818, lpReserved=0x0 | out: lpBuffer=0xc0005862c8*, lpNumberOfCharsWritten=0xc0001cb818*=0x4) returned 1 [0107.853] SetEvent (hEvent=0xb8) returned 1 [0107.854] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586300*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00029f818, lpReserved=0x0 | out: lpBuffer=0xc000586300*, lpNumberOfCharsWritten=0xc00029f818*=0x4) returned 1 [0107.854] SetEvent (hEvent=0xb8) returned 1 [0107.854] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586308*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000f3818, lpReserved=0x0 | out: lpBuffer=0xc000586308*, lpNumberOfCharsWritten=0xc0000f3818*=0x4) returned 1 [0107.855] SetEvent (hEvent=0xb8) returned 1 [0107.855] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586350*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002a1818, lpReserved=0x0 | out: lpBuffer=0xc000586350*, lpNumberOfCharsWritten=0xc0002a1818*=0x4) returned 1 [0107.856] SetEvent (hEvent=0xb8) returned 1 [0107.856] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586358*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000215818, lpReserved=0x0 | out: lpBuffer=0xc000586358*, lpNumberOfCharsWritten=0xc000215818*=0x4) returned 1 [0107.857] SetEvent (hEvent=0xb8) returned 1 [0107.857] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586360*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000c1818, lpReserved=0x0 | out: lpBuffer=0xc000586360*, lpNumberOfCharsWritten=0xc0000c1818*=0x4) returned 1 [0107.859] SetEvent (hEvent=0xb8) returned 1 [0107.860] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586368*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000259818, lpReserved=0x0 | out: lpBuffer=0xc000586368*, lpNumberOfCharsWritten=0xc000259818*=0x4) returned 1 [0107.860] SetEvent (hEvent=0xb8) returned 1 [0107.860] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586390*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000181818, lpReserved=0x0 | out: lpBuffer=0xc000586390*, lpNumberOfCharsWritten=0xc000181818*=0x4) returned 1 [0107.861] SetEvent (hEvent=0xb8) returned 1 [0107.861] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586398*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000229818, lpReserved=0x0 | out: lpBuffer=0xc000586398*, lpNumberOfCharsWritten=0xc000229818*=0x4) returned 1 [0107.862] SetEvent (hEvent=0xb8) returned 1 [0107.863] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001a9818, lpReserved=0x0 | out: lpBuffer=0xc0005863d0*, lpNumberOfCharsWritten=0xc0001a9818*=0x4) returned 1 [0107.863] SetEvent (hEvent=0xb8) returned 1 [0107.863] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000e7818, lpReserved=0x0 | out: lpBuffer=0xc0005863d8*, lpNumberOfCharsWritten=0xc0000e7818*=0x4) returned 1 [0107.865] SetEvent (hEvent=0xb8) returned 1 [0107.865] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586400*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000255818, lpReserved=0x0 | out: lpBuffer=0xc000586400*, lpNumberOfCharsWritten=0xc000255818*=0x4) returned 1 [0107.865] SetEvent (hEvent=0xb8) returned 1 [0107.865] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586408*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001b1818, lpReserved=0x0 | out: lpBuffer=0xc000586408*, lpNumberOfCharsWritten=0xc0001b1818*=0x4) returned 1 [0107.866] SetEvent (hEvent=0xb8) returned 1 [0107.866] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586420*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001af818, lpReserved=0x0 | out: lpBuffer=0xc000586420*, lpNumberOfCharsWritten=0xc0001af818*=0x4) returned 1 [0107.867] SetEvent (hEvent=0xb8) returned 1 [0107.867] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586428*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000069818, lpReserved=0x0 | out: lpBuffer=0xc000586428*, lpNumberOfCharsWritten=0xc000069818*=0x4) returned 1 [0107.868] SetEvent (hEvent=0xb8) returned 1 [0107.868] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586450*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000213818, lpReserved=0x0 | out: lpBuffer=0xc000586450*, lpNumberOfCharsWritten=0xc000213818*=0x4) returned 1 [0107.868] SetEvent (hEvent=0xb8) returned 1 [0107.868] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586458*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000149818, lpReserved=0x0 | out: lpBuffer=0xc000586458*, lpNumberOfCharsWritten=0xc000149818*=0x4) returned 1 [0107.869] SetEvent (hEvent=0xb8) returned 1 [0107.869] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586470*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000129818, lpReserved=0x0 | out: lpBuffer=0xc000586470*, lpNumberOfCharsWritten=0xc000129818*=0x4) returned 1 [0107.870] SetEvent (hEvent=0xb8) returned 1 [0107.870] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00006c000*, nNumberOfCharsToWrite=0x51, lpNumberOfCharsWritten=0xc00029b808, lpReserved=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfCharsWritten=0xc00029b808*=0x51) returned 1 [0107.872] SetEvent (hEvent=0xb8) returned 1 [0107.873] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0107.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0107.873] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00029bd64 | out: lpMode=0xc00029bd64) returned 0 [0107.874] GetFileType (hFile=0xec) returned 0x1 [0107.874] WriteFile (in: hFile=0xec, lpBuffer=0xc0000782c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000782c0*, lpNumberOfBytesWritten=0xc00029bd4c*=0x158, lpOverlapped=0x0) returned 1 [0107.875] CloseHandle (hObject=0xec) returned 1 [0107.875] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\encry-IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\encry-iconcache.db"), dwFlags=0x1) returned 1 [0107.877] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.878] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0107.878] SetEvent (hEvent=0xc0) returned 1 [0107.878] SetEvent (hEvent=0xf4) returned 1 [0107.879] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.881] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.884] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0107.884] SetEvent (hEvent=0x114) returned 1 [0107.885] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.891] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.892] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0107.892] SetEvent (hEvent=0x9c) returned 1 [0107.892] SetEvent (hEvent=0xf4) returned 1 [0107.893] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.896] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.898] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.899] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0107.899] SetEvent (hEvent=0x9c) returned 1 [0107.899] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.900] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.900] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.901] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.901] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.901] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.901] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.901] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.902] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0107.904] SetEvent (hEvent=0xf4) returned 1 [0107.904] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100e8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00014b818, lpReserved=0x0 | out: lpBuffer=0xc0000100e8*, lpNumberOfCharsWritten=0xc00014b818*=0x4) returned 1 [0107.905] SetEvent (hEvent=0xf4) returned 1 [0107.905] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100f0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000e9818, lpReserved=0x0 | out: lpBuffer=0xc0000100f0*, lpNumberOfCharsWritten=0xc0000e9818*=0x4) returned 1 [0107.907] SetEvent (hEvent=0xf4) returned 1 [0107.907] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100f8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000eb818, lpReserved=0x0 | out: lpBuffer=0xc0000100f8*, lpNumberOfCharsWritten=0xc0000eb818*=0x4) returned 1 [0107.909] SetEvent (hEvent=0xf4) returned 1 [0107.909] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010110*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000279818, lpReserved=0x0 | out: lpBuffer=0xc000010110*, lpNumberOfCharsWritten=0xc000279818*=0x4) returned 1 [0107.910] SetEvent (hEvent=0xf4) returned 1 [0107.910] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010118*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002d5818, lpReserved=0x0 | out: lpBuffer=0xc000010118*, lpNumberOfCharsWritten=0xc0002d5818*=0x4) returned 1 [0107.911] SetEvent (hEvent=0xf4) returned 1 [0107.911] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00007a000*, nNumberOfCharsToWrite=0x6f, lpNumberOfCharsWritten=0xc000201808, lpReserved=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfCharsWritten=0xc000201808*=0x6f) returned 1 [0107.913] SetEvent (hEvent=0xf4) returned 1 [0107.913] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0107.913] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0107.913] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0107.914] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0108.406] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.410] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000201d64 | out: lpMode=0xc000201d64) returned 0 [0108.411] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.421] GetFileType (hFile=0x1dc) returned 0x1 [0108.421] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000201d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc000201d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.422] CloseHandle (hObject=0x1dc) returned 1 [0108.422] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0108.423] SetEvent (hEvent=0x9c) returned 1 [0108.423] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.446] SetEvent (hEvent=0xf4) returned 1 [0108.446] SetEvent (hEvent=0x164) returned 1 [0108.446] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.473] SetEvent (hEvent=0xf4) returned 1 [0108.473] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.576] SetEvent (hEvent=0xb8) returned 1 [0108.576] SetEvent (hEvent=0x1a0) returned 1 [0108.576] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.580] SetEvent (hEvent=0xf4) returned 1 [0108.580] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.592] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.605] SetEvent (hEvent=0x164) returned 1 [0108.605] SetEvent (hEvent=0x188) returned 1 [0108.605] VirtualFree (lpAddress=0xc0002c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.605] VirtualFree (lpAddress=0xc0002be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.606] VirtualFree (lpAddress=0xc00025a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.606] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.606] VirtualFree (lpAddress=0xc00021a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0108.607] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.607] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.607] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.608] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.608] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.608] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00014d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc00014d818*=0x2) returned 1 [0108.625] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.628] SetEvent (hEvent=0x164) returned 1 [0108.628] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.651] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0108.651] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0108.652] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0108.661] GetFileType (hFile=0xec) returned 0x1 [0108.661] GetFileType (hFile=0xec) returned 0x1 [0108.661] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0108.661] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0108.661] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x22000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0108.665] ReadFile (in: hFile=0xec, lpBuffer=0xc000300000, nNumberOfBytesToRead=0x20200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesRead=0xc00024dc04*=0x20000, lpOverlapped=0x0) returned 1 [0108.678] ReadFile (in: hFile=0xec, lpBuffer=0xc000320000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000320000*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0108.678] CloseHandle (hObject=0xec) returned 1 [0108.679] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0108.679] VirtualAlloc (lpAddress=0xc000368000, dwSize=0x22000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000368000 [0108.683] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0108.685] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00024dd04 | out: lpMode=0xc00024dd04) returned 0 [0108.686] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.688] SetEvent (hEvent=0xb8) returned 1 [0108.688] GetFileType (hFile=0xec) returned 0x1 [0108.688] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.698] WriteFile (in: hFile=0xec, lpBuffer=0xc000368000*, nNumberOfBytesToWrite=0x20010, lpNumberOfBytesWritten=0xc00024dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000368000*, lpNumberOfBytesWritten=0xc00024dcec*=0x20010, lpOverlapped=0x0) returned 1 [0108.702] CloseHandle (hObject=0xec) returned 1 [0108.703] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0108.703] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0108.703] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0108.703] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0108.712] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.713] SetEvent (hEvent=0xc0) returned 1 [0108.713] SetEvent (hEvent=0x188) returned 1 [0108.713] GetFileType (hFile=0xec) returned 0x1 [0108.713] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.720] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0108.720] CloseHandle (hObject=0xec) returned 1 [0108.720] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\encry-FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\encry-fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd"), dwFlags=0x1) returned 1 [0108.721] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.722] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0108.722] SetEvent (hEvent=0xc0) returned 1 [0108.722] SetEvent (hEvent=0x188) returned 1 [0108.722] SetEvent (hEvent=0xf4) returned 1 [0108.723] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.725] SetEvent (hEvent=0xf4) returned 1 [0108.725] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.730] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.730] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0108.730] SetEvent (hEvent=0xc0) returned 1 [0108.730] SetEvent (hEvent=0x164) returned 1 [0108.731] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.752] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0108.753] SetEvent (hEvent=0xf4) returned 1 [0108.753] SetEvent (hEvent=0x188) returned 1 [0108.753] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.760] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.760] SetEvent (hEvent=0x188) returned 1 [0108.760] SetEvent (hEvent=0x1a0) returned 1 [0108.760] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.764] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.764] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.766] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0108.766] SetEvent (hEvent=0xb8) returned 1 [0108.766] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0108.767] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001b3cf4 | out: lpMode=0xc0001b3cf4) returned 0 [0108.774] GetFileType (hFile=0xec) returned 0x1 [0108.774] GetFileType (hFile=0xec) returned 0x1 [0108.774] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0001b3d44 | out: lpFileInformation=0xc0001b3d44) returned 1 [0108.774] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0001b3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b3d28) returned 1 [0108.774] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0108.777] ReadFile (in: hFile=0xec, lpBuffer=0xc0002e2000, nNumberOfBytesToRead=0x18ee0, lpNumberOfBytesRead=0xc0001b3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesRead=0xc0001b3c04*=0x18ce0, lpOverlapped=0x0) returned 1 [0108.794] ReadFile (in: hFile=0xec, lpBuffer=0xc0002face0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002face0*, lpNumberOfBytesRead=0xc0001b3c04*=0x0, lpOverlapped=0x0) returned 1 [0108.794] CloseHandle (hObject=0xec) returned 1 [0108.794] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0108.795] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0108.795] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0108.796] VirtualAlloc (lpAddress=0xc00031c000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031c000 [0108.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0108.800] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001b3d04 | out: lpMode=0xc0001b3d04) returned 0 [0108.804] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.815] GetFileType (hFile=0xec) returned 0x1 [0108.815] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0108.816] WriteFile (in: hFile=0xec, lpBuffer=0xc00031c000*, nNumberOfBytesToWrite=0x18cf0, lpNumberOfBytesWritten=0xc0001b3cec, lpOverlapped=0x0 | out: lpBuffer=0xc00031c000*, lpNumberOfBytesWritten=0xc0001b3cec*=0x18cf0, lpOverlapped=0x0) returned 1 [0108.819] CloseHandle (hObject=0xec) returned 1 [0108.819] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0108.819] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0108.819] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0108.820] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0108.820] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0108.820] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0108.821] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0108.821] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0108.821] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0108.822] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0108.822] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0108.823] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0108.823] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001b3d64 | out: lpMode=0xc0001b3d64) returned 0 [0108.826] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.841] SetEvent (hEvent=0x164) returned 1 [0108.841] GetFileType (hFile=0xec) returned 0x1 [0108.842] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.845] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0001b3d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.845] CloseHandle (hObject=0xec) returned 1 [0108.845] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\content14.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\encry-content14.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\encry-content14.dat"), dwFlags=0x1) returned 1 [0108.849] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.864] SetEvent (hEvent=0x164) returned 1 [0108.864] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.866] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0108.866] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0108.867] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00014dcf4 | out: lpMode=0xc00014dcf4) returned 0 [0108.867] GetFileType (hFile=0x128) returned 0x1 [0108.868] GetFileType (hFile=0x128) returned 0x1 [0108.868] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00014dd44 | out: lpFileInformation=0xc00014dd44) returned 1 [0108.868] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00014dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014dd28) returned 1 [0108.868] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0108.868] ReadFile (in: hFile=0x128, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x2ae, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc00014dc04*=0xae, lpOverlapped=0x0) returned 1 [0108.869] ReadFile (in: hFile=0x128, lpBuffer=0xc00004e0ae, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e0ae*, lpNumberOfBytesRead=0xc00014dc04*=0x0, lpOverlapped=0x0) returned 1 [0108.869] CloseHandle (hObject=0x128) returned 1 [0108.869] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0108.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.870] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\desktop.ini\\*", lpFindFileData=0xc00014da08 | out: lpFindFileData=0xc00014da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0108.870] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00014d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0108.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033\\structuredqueryschema.bin"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0108.871] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001e9cf4 | out: lpMode=0xc0001e9cf4) returned 0 [0108.874] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.877] SetEvent (hEvent=0x164) returned 1 [0108.877] GetFileType (hFile=0x128) returned 0x1 [0108.878] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.909] GetFileType (hFile=0x128) returned 0x1 [0108.910] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0001e9d44 | out: lpFileInformation=0xc0001e9d44) returned 1 [0108.910] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0001e9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001e9d28) returned 1 [0108.910] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x4a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0108.915] ReadFile (in: hFile=0x128, lpBuffer=0xc0002e2000, nNumberOfBytesToRead=0x49298, lpNumberOfBytesRead=0xc0001e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesRead=0xc0001e9c04*=0x49098, lpOverlapped=0x0) returned 1 [0108.920] ReadFile (in: hFile=0x128, lpBuffer=0xc00032b098, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00032b098*, lpNumberOfBytesRead=0xc0001e9c04*=0x0, lpOverlapped=0x0) returned 1 [0108.921] CloseHandle (hObject=0x128) returned 1 [0108.921] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0108.921] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0108.921] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x4a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0108.936] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0108.937] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0108.937] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033\\structuredqueryschema.bin"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0108.941] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001e9d04 | out: lpMode=0xc0001e9d04) returned 0 [0108.947] GetFileType (hFile=0x128) returned 0x1 [0108.947] WriteFile (in: hFile=0x128, lpBuffer=0xc000346000*, nNumberOfBytesToWrite=0x490a0, lpNumberOfBytesWritten=0xc0001e9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesWritten=0xc0001e9cec*=0x490a0, lpOverlapped=0x0) returned 1 [0108.955] CloseHandle (hObject=0x128) returned 1 [0108.955] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0108.956] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033\\structuredqueryschema.bin"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0108.956] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001e9d64 | out: lpMode=0xc0001e9d64) returned 0 [0108.969] GetFileType (hFile=0x128) returned 0x1 [0108.969] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001e9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001e9d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.969] CloseHandle (hObject=0x128) returned 1 [0108.969] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0108.970] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0108.970] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033\\structuredqueryschema.bin"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\encry-StructuredQuerySchema.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033\\encry-structuredqueryschema.bin"), dwFlags=0x1) returned 1 [0108.971] SwitchToThread () returned 1 [0108.976] SetEvent (hEvent=0x1a0) returned 1 [0108.976] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.993] SetEvent (hEvent=0x1a0) returned 1 [0108.993] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0108.999] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0109.000] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0109.000] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0109.001] GetFileType (hFile=0x128) returned 0x1 [0109.001] GetFileType (hFile=0x128) returned 0x1 [0109.001] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0109.001] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0109.001] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0109.002] ReadFile (in: hFile=0x128, lpBuffer=0xc00003e000, nNumberOfBytesToRead=0x291, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003e000*, lpNumberOfBytesRead=0xc000247c04*=0x91, lpOverlapped=0x0) returned 1 [0109.003] ReadFile (in: hFile=0x128, lpBuffer=0xc00003e091, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003e091*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0109.003] CloseHandle (hObject=0x128) returned 1 [0109.003] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.003] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini\\*", lpFindFileData=0xc000247a08 | out: lpFindFileData=0xc000247a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.003] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000247720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0109.003] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0109.004] SetEvent (hEvent=0x1a0) returned 1 [0109.004] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.032] SetEvent (hEvent=0x1a0) returned 1 [0109.032] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00004e0e0*, nNumberOfCharsToWrite=0x6a, lpNumberOfCharsWritten=0xc0001ed808, lpReserved=0x0 | out: lpBuffer=0xc00004e0e0*, lpNumberOfCharsWritten=0xc0001ed808*=0x6a) returned 1 [0109.035] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0109.035] VirtualAlloc (lpAddress=0xc000330000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000330000 [0109.035] VirtualAlloc (lpAddress=0xc000332000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000332000 [0109.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0109.036] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001edd64 | out: lpMode=0xc0001edd64) returned 0 [0109.037] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.040] GetFileType (hFile=0x180) returned 0x1 [0109.040] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.046] WriteFile (in: hFile=0x180, lpBuffer=0xc000076000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001edd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000076000*, lpNumberOfBytesWritten=0xc0001edd4c*=0x158, lpOverlapped=0x0) returned 1 [0109.046] CloseHandle (hObject=0x180) returned 1 [0109.046] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0109.048] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.167] VirtualAlloc (lpAddress=0xc000334000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000334000 [0109.167] VirtualAlloc (lpAddress=0xc000336000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000336000 [0109.167] VirtualAlloc (lpAddress=0xc00033c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033c000 [0109.168] VirtualAlloc (lpAddress=0xc00033e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033e000 [0109.168] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0109.168] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000211cf4 | out: lpMode=0xc000211cf4) returned 0 [0109.213] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.215] GetFileType (hFile=0x1bc) returned 0x1 [0109.215] GetFileType (hFile=0x1bc) returned 0x1 [0109.215] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000211d44 | out: lpFileInformation=0xc000211d44) returned 1 [0109.215] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000211d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000211d28) returned 1 [0109.215] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002c4000, nNumberOfBytesToRead=0x218, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002c4000*, lpNumberOfBytesRead=0xc000211c04*=0x18, lpOverlapped=0x0) returned 1 [0109.216] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002c4018, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002c4018*, lpNumberOfBytesRead=0xc000211c04*=0x0, lpOverlapped=0x0) returned 1 [0109.216] CloseHandle (hObject=0x1bc) returned 1 [0109.216] VirtualAlloc (lpAddress=0xc000340000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000340000 [0109.217] VirtualAlloc (lpAddress=0xc000342000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000342000 [0109.217] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.217] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0109.218] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0109.218] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db\\*", lpFindFileData=0xc000211a08 | out: lpFindFileData=0xc000211a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.218] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0109.219] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x4c8, dwLanguageId=0x409, lpBuffer=0xc000211720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The requested operation cannot be performed on a file with a user-mapped section open.\r\n") returned 0x58 [0109.219] SwitchToThread () returned 1 [0109.224] SetEvent (hEvent=0xb8) returned 1 [0109.224] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.224] SetEvent (hEvent=0xb8) returned 1 [0109.224] SetEvent (hEvent=0x164) returned 1 [0109.224] VirtualFree (lpAddress=0xc0006ea000, dwSize=0x102000, dwFreeType=0x4000) returned 1 [0109.230] VirtualFree (lpAddress=0xc00058e000, dwSize=0x102000, dwFreeType=0x4000) returned 1 [0109.235] VirtualFree (lpAddress=0xc000334000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0109.235] VirtualFree (lpAddress=0xc0002c6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.236] VirtualFree (lpAddress=0xc00025a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0109.236] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.236] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.236] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.236] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.237] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.237] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.237] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.238] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.238] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0109.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0109.239] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00027bcf4 | out: lpMode=0xc00027bcf4) returned 0 [0109.241] GetFileType (hFile=0x1bc) returned 0x1 [0109.241] GetFileType (hFile=0x1bc) returned 0x1 [0109.241] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc00027bd44 | out: lpFileInformation=0xc00027bd44) returned 1 [0109.241] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc00027bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027bd28) returned 1 [0109.241] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0109.241] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0000be000, nNumberOfBytesToRead=0x291, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesRead=0xc00027bc04*=0x91, lpOverlapped=0x0) returned 1 [0109.242] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0000be091, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be091*, lpNumberOfBytesRead=0xc00027bc04*=0x0, lpOverlapped=0x0) returned 1 [0109.242] CloseHandle (hObject=0x1bc) returned 1 [0109.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.243] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini\\*", lpFindFileData=0xc00027ba08 | out: lpFindFileData=0xc00027ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.243] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00027b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0109.243] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0109.243] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0109.244] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0109.244] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000165cf4 | out: lpMode=0xc000165cf4) returned 0 [0109.252] GetFileType (hFile=0x1bc) returned 0x1 [0109.252] GetFileType (hFile=0x1bc) returned 0x1 [0109.252] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000165d44 | out: lpFileInformation=0xc000165d44) returned 1 [0109.253] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000165d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000165d28) returned 1 [0109.253] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0109.254] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000300000, nNumberOfBytesToRead=0x4200, lpNumberOfBytesRead=0xc000165c04, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesRead=0xc000165c04*=0x4000, lpOverlapped=0x0) returned 1 [0109.266] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000304000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000165c04, lpOverlapped=0x0 | out: lpBuffer=0xc000304000*, lpNumberOfBytesRead=0xc000165c04*=0x0, lpOverlapped=0x0) returned 1 [0109.266] CloseHandle (hObject=0x1bc) returned 1 [0109.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0109.267] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000165d04 | out: lpMode=0xc000165d04) returned 0 [0109.273] GetFileType (hFile=0x1bc) returned 0x1 [0109.273] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000304800*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0xc000165cec, lpOverlapped=0x0 | out: lpBuffer=0xc000304800*, lpNumberOfBytesWritten=0xc000165cec*=0x4010, lpOverlapped=0x0) returned 1 [0109.274] CloseHandle (hObject=0x1bc) returned 1 [0109.274] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0109.275] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0109.275] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0109.276] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0109.276] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0109.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0109.277] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000165d64 | out: lpMode=0xc000165d64) returned 0 [0109.281] GetFileType (hFile=0x1bc) returned 0x1 [0109.281] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0109.281] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0001c0000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000165d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0000*, lpNumberOfBytesWritten=0xc000165d4c*=0x158, lpOverlapped=0x0) returned 1 [0109.282] CloseHandle (hObject=0x1bc) returned 1 [0109.282] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0109.282] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0109.283] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0109.283] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0109.284] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\encry-ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\encry-explorerstartuplog_runonce.etl"), dwFlags=0x1) returned 1 [0109.285] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.286] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.286] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0109.286] SetEvent (hEvent=0xc0) returned 1 [0109.286] SetEvent (hEvent=0x108) returned 1 [0109.286] SetEvent (hEvent=0xf4) returned 1 [0109.287] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0109.288] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.293] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0109.293] SetEvent (hEvent=0x9c) returned 1 [0109.293] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.315] GetFileType (hFile=0x128) returned 0x1 [0109.315] GetFileType (hFile=0x128) returned 0x1 [0109.315] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0002d9d44 | out: lpFileInformation=0xc0002d9d44) returned 1 [0109.315] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0002d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d9d28) returned 1 [0109.315] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0109.317] ReadFile (in: hFile=0x128, lpBuffer=0xc000300000, nNumberOfBytesToRead=0x4200, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesRead=0xc0002d9c04*=0x4000, lpOverlapped=0x0) returned 1 [0109.318] ReadFile (in: hFile=0x128, lpBuffer=0xc000304000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000304000*, lpNumberOfBytesRead=0xc0002d9c04*=0x0, lpOverlapped=0x0) returned 1 [0109.318] CloseHandle (hObject=0x128) returned 1 [0109.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0109.320] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0002d9d04 | out: lpMode=0xc0002d9d04) returned 0 [0109.325] GetFileType (hFile=0x128) returned 0x1 [0109.325] WriteFile (in: hFile=0x128, lpBuffer=0xc000304800*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0xc0002d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000304800*, lpNumberOfBytesWritten=0xc0002d9cec*=0x4010, lpOverlapped=0x0) returned 1 [0109.326] CloseHandle (hObject=0x128) returned 1 [0109.326] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0109.326] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0109.327] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0109.327] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0109.328] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0002d9d64 | out: lpMode=0xc0002d9d64) returned 0 [0109.339] GetFileType (hFile=0x128) returned 0x1 [0109.339] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0002d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0109.339] CloseHandle (hObject=0x128) returned 1 [0109.339] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0109.340] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\encry-cversions.1.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\encry-cversions.1.db"), dwFlags=0x1) returned 1 [0109.341] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0109.341] SetEvent (hEvent=0x198) returned 1 [0109.342] SetEvent (hEvent=0x114) returned 1 [0109.342] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.351] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.351] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.356] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.356] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.357] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.357] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0109.357] SetEvent (hEvent=0xc0) returned 1 [0109.357] SetEvent (hEvent=0x108) returned 1 [0109.357] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.358] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.358] VirtualFree (lpAddress=0xc00033c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.358] VirtualFree (lpAddress=0xc00032e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.359] VirtualFree (lpAddress=0xc000300000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0109.359] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.360] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.360] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0109.360] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.360] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.361] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.361] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.361] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.362] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.362] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.367] SetEvent (hEvent=0xf4) returned 1 [0109.367] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.370] SetEvent (hEvent=0xf4) returned 1 [0109.370] SetEvent (hEvent=0x108) returned 1 [0109.370] SetEvent (hEvent=0x114) returned 1 [0109.370] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.391] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.393] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.396] SetEvent (hEvent=0xf4) returned 1 [0109.396] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0109.396] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00003c000*, nNumberOfCharsToWrite=0xb5, lpNumberOfCharsWritten=0xc000211808, lpReserved=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfCharsWritten=0xc000211808*=0xb5) returned 1 [0109.403] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.406] SetEvent (hEvent=0x108) returned 1 [0109.406] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0109.406] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0109.406] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0109.407] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0109.407] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0109.407] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0109.408] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0109.408] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0109.409] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0109.409] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000211d64 | out: lpMode=0xc000211d64) returned 0 [0109.413] GetFileType (hFile=0x128) returned 0x1 [0109.414] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000211d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000211d4c*=0x158, lpOverlapped=0x0) returned 1 [0109.414] CloseHandle (hObject=0x128) returned 1 [0109.414] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0109.414] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\encry-thumbcache_sr.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\encry-thumbcache_sr.db"), dwFlags=0x1) returned 1 [0109.416] VirtualFree (lpAddress=0xc000074000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0109.416] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.417] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.417] SwitchToThread () returned 1 [0109.554] SwitchToThread () returned 1 [0109.699] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001ed818, lpReserved=0x0 | out: lpBuffer=0xc0005861f0*, lpNumberOfCharsWritten=0xc0001ed818*=0x3) returned 1 [0109.722] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.734] SetEvent (hEvent=0x108) returned 1 [0109.734] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.736] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000601e0*, nNumberOfCharsToWrite=0x76, lpNumberOfCharsWritten=0xc00027b808, lpReserved=0x0 | out: lpBuffer=0xc0000601e0*, lpNumberOfCharsWritten=0xc00027b808*=0x76) returned 1 [0109.738] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0109.738] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0109.739] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0109.739] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00027bd64 | out: lpMode=0xc00027bd64) returned 0 [0109.745] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.753] SetEvent (hEvent=0xc0) returned 1 [0109.753] GetFileType (hFile=0x1b4) returned 0x1 [0109.753] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.755] WriteFile (in: hFile=0x1b4, lpBuffer=0xc000146000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000146000*, lpNumberOfBytesWritten=0xc00027bd4c*=0x158, lpOverlapped=0x0) returned 1 [0109.756] CloseHandle (hObject=0x1b4) returned 1 [0109.756] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0109.757] SetEvent (hEvent=0x1a0) returned 1 [0109.757] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.765] VirtualFree (lpAddress=0xc000346000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0109.765] VirtualFree (lpAddress=0xc000324000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0109.766] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x3c000, dwFreeType=0x4000) returned 1 [0109.767] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x1e000, dwFreeType=0x4000) returned 1 [0109.768] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.768] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.768] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.769] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.769] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.769] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.769] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.769] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.770] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.770] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.770] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.770] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0109.771] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000265cf4 | out: lpMode=0xc000265cf4) returned 0 [0109.771] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.775] SetEvent (hEvent=0x108) returned 1 [0109.775] GetFileType (hFile=0xec) returned 0x1 [0109.775] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.781] GetFileType (hFile=0xec) returned 0x1 [0109.781] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000265d44 | out: lpFileInformation=0xc000265d44) returned 1 [0109.781] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000265d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000265d28) returned 1 [0109.782] ReadFile (in: hFile=0xec, lpBuffer=0xc00006c280, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc000265c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c280*, lpNumberOfBytesRead=0xc000265c04*=0x43, lpOverlapped=0x0) returned 1 [0109.783] ReadFile (in: hFile=0xec, lpBuffer=0xc00006c2c3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000265c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c2c3*, lpNumberOfBytesRead=0xc000265c04*=0x0, lpOverlapped=0x0) returned 1 [0109.783] CloseHandle (hObject=0xec) returned 1 [0109.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\pmmr5k9k\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.783] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\PMMR5K9K\\desktop.ini\\*", lpFindFileData=0xc000265a08 | out: lpFindFileData=0xc000265a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.783] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000265720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0109.783] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0109.783] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0109.784] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0109.784] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00020bcf4 | out: lpMode=0xc00020bcf4) returned 0 [0109.796] GetFileType (hFile=0xec) returned 0x1 [0109.796] GetFileType (hFile=0xec) returned 0x1 [0109.796] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00020bd44 | out: lpFileInformation=0xc00020bd44) returned 1 [0109.796] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00020bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020bd28) returned 1 [0109.796] ReadFile (in: hFile=0xec, lpBuffer=0xc00006c500, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c500*, lpNumberOfBytesRead=0xc00020bc04*=0x43, lpOverlapped=0x0) returned 1 [0109.797] ReadFile (in: hFile=0xec, lpBuffer=0xc00006c543, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c543*, lpNumberOfBytesRead=0xc00020bc04*=0x0, lpOverlapped=0x0) returned 1 [0109.797] CloseHandle (hObject=0xec) returned 1 [0109.797] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.798] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini\\*", lpFindFileData=0xc00020ba08 | out: lpFindFileData=0xc00020ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.798] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00020b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0109.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0109.798] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0109.804] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.813] SetEvent (hEvent=0x108) returned 1 [0109.813] GetFileType (hFile=0xec) returned 0x1 [0109.813] GetFileType (hFile=0xec) returned 0x1 [0109.813] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0109.813] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0109.813] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0109.814] ReadFile (in: hFile=0xec, lpBuffer=0xc000300000, nNumberOfBytesToRead=0x10200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesRead=0xc0006e1c04*=0x10000, lpOverlapped=0x0) returned 1 [0109.837] ReadFile (in: hFile=0xec, lpBuffer=0xc000310000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000310000*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0109.837] CloseHandle (hObject=0xec) returned 1 [0109.837] VirtualAlloc (lpAddress=0xc000312000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000312000 [0109.839] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.839] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat\\*", lpFindFileData=0xc0006e1a08 | out: lpFindFileData=0xc0006e1a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.839] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0006e1720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0109.839] SwitchToThread () returned 1 [0109.841] SetEvent (hEvent=0x9c) returned 1 [0109.841] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.860] SetEvent (hEvent=0x108) returned 1 [0109.860] SwitchToThread () returned 1 [0109.880] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000292480*, nNumberOfCharsToWrite=0x8d, lpNumberOfCharsWritten=0xc000283808, lpReserved=0x0 | out: lpBuffer=0xc000292480*, lpNumberOfCharsWritten=0xc000283808*=0x8d) returned 1 [0109.894] SetEvent (hEvent=0x188) returned 1 [0109.894] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532601 | out: pbBuffer=0xc000532601) returned 1 [0109.894] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020022120200222\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012020022120200222\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0109.895] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000283d64 | out: lpMode=0xc000283d64) returned 0 [0109.897] GetFileType (hFile=0xec) returned 0x1 [0109.897] WriteFile (in: hFile=0xec, lpBuffer=0xc0002ac6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000283d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ac6e0*, lpNumberOfBytesWritten=0xc000283d4c*=0x158, lpOverlapped=0x0) returned 1 [0109.899] CloseHandle (hObject=0xec) returned 1 [0109.899] VirtualAlloc (lpAddress=0xc0002b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b0000 [0109.900] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020022120200222\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012020022120200222\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020022120200222\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012020022120200222\\encry-index.dat"), dwFlags=0x1) returned 0 [0109.900] VirtualAlloc (lpAddress=0xc0002b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b2000 [0109.900] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0002836e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0109.900] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0109.901] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.902] SetEvent (hEvent=0x108) returned 1 [0109.902] SetEvent (hEvent=0x188) returned 1 [0109.902] VirtualFree (lpAddress=0xc000300000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0109.903] VirtualFree (lpAddress=0xc0002a6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.904] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0109.904] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.904] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.905] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.905] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.905] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.906] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.906] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.906] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.906] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.907] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.907] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.907] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbdbb73b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbdbb73b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbdc03670, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x39d41, dwReserved0=0x0, dwReserved1=0x0, cFileName="28-8f3193-f30905ea[1]", cAlternateFileName="28-8F3~1")) returned 1 [0109.907] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x551dcf90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x551dcf90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5529b670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ecb, dwReserved0=0x0, dwReserved1=0x0, cFileName="528d82a2[1].js", cAlternateFileName="528D82~1.JS")) returned 1 [0109.907] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454c4930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454c4930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454c4930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x135, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA3e3XC[2].png", cAlternateFileName="AA3E3X~2.PNG")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a1fab0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x28e, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA3vOVA[1].png", cAlternateFileName="AA3VOV~1.PNG")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539049f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA42EP9[1].png", cAlternateFileName="AA42EP~1.PNG")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x514ddbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x514ddbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x514ddbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x191, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA54rQj[1].png", cAlternateFileName="AA54RQ~1.PNG")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x19d, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA61yi9[1].png", cAlternateFileName="AA61YI~1.PNG")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fa5350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fa5350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fa5350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA8uCo4[1].png", cAlternateFileName="AA8UCO~1.PNG")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4593b270, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4593b270, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4593b270, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x342, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAdAVrM[1].png", cAlternateFileName="AADAVR~1.PNG")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf4697f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf4697f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf4b5ab0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x21e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="adServer[1].htm", cAlternateFileName="ADSERV~1.HTM")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50fa8bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c, dwReserved0=0x0, dwReserved1=0x0, cFileName="advertisement.ad[1].js", cAlternateFileName="ADVERT~1.JS")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x545d0030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x545d0030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x545d0030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40b, dwReserved0=0x0, dwReserved1=0x0, cFileName="async_usersync[1]", cAlternateFileName="ASYNC_~1")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe9ff7b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe9ff7b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe9ff7b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x534, dwReserved0=0x0, dwReserved1=0x0, cFileName="async_usersync[2]", cAlternateFileName="ASYNC_~2")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe9ff7b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe9ff7b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe9ff7b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x532, dwReserved0=0x0, dwReserved1=0x0, cFileName="async_usersync[3]", cAlternateFileName="ASYNC_~3")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454c4930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454c4930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454c4930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BB1CcOi[1].png", cAlternateFileName="BB1CCO~1.PNG")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x310, dwReserved0=0x0, dwReserved1=0x0, cFileName="BB46JmN[1].png", cAlternateFileName="BB46JM~1.PNG")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45987530, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x120, dwReserved0=0x0, dwReserved1=0x0, cFileName="BB5kJAC[1].png", cAlternateFileName="BB5KJA~1.PNG")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53337450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x121, dwReserved0=0x0, dwReserved1=0x0, cFileName="BB5kTiV[1].png", cAlternateFileName="BB5KTI~1.PNG")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x18c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BB6Ma4a[1].png", cAlternateFileName="BB6MA4~1.PNG")) returned 1 [0109.908] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x168, dwReserved0=0x0, dwReserved1=0x0, cFileName="BB74fLs[1].png", cAlternateFileName="BB74FL~1.PNG")) returned 1 [0109.909] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6421e580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6421e580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x642446e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x333f, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBIqq8[1].jpg", cAlternateFileName="BBBIQQ~1.JPG")) returned 1 [0109.909] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x532eb190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x90b, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBL0ij[1].jpg", cAlternateFileName="BBBL0I~1.JPG")) returned 1 [0109.909] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53630fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53630fd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53657130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x994, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBLhZX[1].jpg", cAlternateFileName="BBBLHZ~1.JPG")) returned 1 [0109.909] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53467f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53467f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53467f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBNiEo[1].jpg", cAlternateFileName="BBBNIE~1.JPG")) returned 1 [0109.909] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53b65ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b65ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53b8c150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x176d, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBO1mQ[1].jpg", cAlternateFileName="BBBO1M~1.JPG")) returned 1 [0109.909] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d18e120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d18e120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6d1b4280, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x6218, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBO3tl[1].jpg", cAlternateFileName="BBBO3T~1.JPG")) returned 1 [0109.909] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x532eb190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x75a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBO8dQ[1].jpg", cAlternateFileName="BBBO8D~1.JPG")) returned 1 [0109.909] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x537add90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x537add90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x537add90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d89, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBOe7C[1].jpg", cAlternateFileName="BBBOE7~1.JPG")) returned 1 [0109.909] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5303d8d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5303d8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5303d8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1e36, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBPThN[1].jpg", cAlternateFileName="BBBPTH~1.JPG")) returned 1 [0109.909] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53063a30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1ee7, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBPUFJ[1].jpg", cAlternateFileName="BBBPUF~1.JPG")) returned 1 [0109.909] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533a9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533a9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533a9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x924, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBQxzx[1].jpg", cAlternateFileName="BBBQXZ~1.JPG")) returned 1 [0109.909] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1963, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBseMP[1].jpg", cAlternateFileName="BBBSEM~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53af3bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53af3bd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53af3bd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x16d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBsqNL[1].jpg", cAlternateFileName="BBBSQN~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x515e8570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBTpvW[1].jpg", cAlternateFileName="BBBTPV~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53194530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x974, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBVEOW[1].jpg", cAlternateFileName="BBBVEO~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e74850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1e67, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBVGsM[1].jpg", cAlternateFileName="BBBVGS~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x530afcf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaa8, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBVIzI[1].jpg", cAlternateFileName="BBBVIZ~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f59090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f59090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f59090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x97a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBVJ4r[1].jpg", cAlternateFileName="BBBVJ4~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5160e6d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5160e6d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5160e6d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBVxM8[1].jpg", cAlternateFileName="BBBVXM~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538de890, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538de890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538de890, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBz9wz[1].jpg", cAlternateFileName="BBBZ9W~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6421e580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6421e580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x642446e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x24be, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBzxW1[1].jpg", cAlternateFileName="BBBZXW~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6125cc20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6125cc20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61282d80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x33a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC06Ub[1].jpg", cAlternateFileName="BBC06U~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53017770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53017770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53017770, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x738, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC095c[1].jpg", cAlternateFileName="BBC095~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ff1610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ff1610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52ff1610, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x17a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0ALC[1].jpg", cAlternateFileName="BBC0AL~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53089b90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53089b90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53089b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2720, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0lYn[1].jpg", cAlternateFileName="BBC0LY~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f0cdd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f0cdd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f0cdd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x522, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0mlu[1].jpg", cAlternateFileName="BBC0ML~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e28590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x188f, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0rDa[1].jpg", cAlternateFileName="BBC0RD~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e9a9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e9a9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e9a9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0rDa[2].jpg", cAlternateFileName="BBC0RD~2.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e275160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5e275160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5e275160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x320d, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0tCi[1].jpg", cAlternateFileName="BBC0TC~1.JPG")) returned 1 [0109.917] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459d37f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459d37f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459d37f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x28f2, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBDK7Yy[1].jpg", cAlternateFileName="BBDK7Y~1.JPG")) returned 1 [0109.918] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458eefb0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458eefb0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458eefb0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x83c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBDRbsH[1].jpg", cAlternateFileName="BBDRBS~1.JPG")) returned 1 [0109.918] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b9c870, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b9c870, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b9c870, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x968, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBDZoZR[1].jpg", cAlternateFileName="BBDZOZ~1.JPG")) returned 1 [0109.918] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458c8e50, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBE97O8[1].jpg", cAlternateFileName="BBE97O~1.JPG")) returned 1 [0109.918] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459d37f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459d37f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459d37f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x6e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBE9wSt[1].jpg", cAlternateFileName="BBE9WS~1.JPG")) returned 1 [0109.918] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a6bd70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a6bd70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a6bd70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEcHle[1].jpg", cAlternateFileName="BBECHL~1.JPG")) returned 1 [0109.918] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458eefb0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458eefb0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458eefb0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2086, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEdE0f[1].jpg", cAlternateFileName="BBEDE0~1.JPG")) returned 1 [0109.918] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x97b, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEdoQv[1].jpg", cAlternateFileName="BBEDOQ~1.JPG")) returned 1 [0109.918] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458a2cf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x69a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEdqEy[1].jpg", cAlternateFileName="BBEDQE~1.JPG")) returned 1 [0109.918] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45915110, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x6d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEdtWw[1].jpg", cAlternateFileName="BBEDTW~1.JPG")) returned 1 [0109.918] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a1fab0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x687, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEdXJj[1].jpg", cAlternateFileName="BBEDXJ~1.JPG")) returned 1 [0109.918] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457be4b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457be4b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4580a770, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x24c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEeP0k[1].jpg", cAlternateFileName="BBEEP0~1.JPG")) returned 1 [0109.918] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b76710, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b76710, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b76710, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3417, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEeTuf[1].jpg", cAlternateFileName="BBEETU~1.JPG")) returned 1 [0109.918] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xc0b, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEfE6e[1].jpg", cAlternateFileName="BBEFE6~1.JPG")) returned 1 [0109.918] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45510bf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45510bf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45510bf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3c4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEfjuT[1].jpg", cAlternateFileName="BBEFJU~1.JPG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459f9950, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459f9950, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459f9950, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1f0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEg9QV[1].jpg", cAlternateFileName="BBEG9Q~1.JPG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4587cb90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4587cb90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4587cb90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x980, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgGSl[1].jpg", cAlternateFileName="BBEGGS~1.JPG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458308d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x23fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgiYw[1].jpg", cAlternateFileName="BBEGIY~1.JPG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x467cf930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1a59, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgJfz[1].jpg", cAlternateFileName="BBEGJF~1.JPG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x7b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgqtY[1].jpg", cAlternateFileName="BBEGQT~1.JPG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x467cf930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x44ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgsz3[1].jpg", cAlternateFileName="BBEGSZ~1.JPG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbde8add0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbde8add0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbde8add0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x171b, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgtcS[1].jpg", cAlternateFileName="BBEGTC~1.JPG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457721f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457721f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457721f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1826, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgtcS[2].jpg", cAlternateFileName="BBEGTC~2.JPG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe4ca790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgx5f[1].jpg", cAlternateFileName="BBEGX5~1.JPG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b505b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b505b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b505b0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x5e5, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgx5f[2].jpg", cAlternateFileName="BBEGX5~2.JPG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x467cf930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3565, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgyIm[1].jpg", cAlternateFileName="BBEGYI~1.JPG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xf3, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBg3ODX[2].png", cAlternateFileName="BBG3OD~2.PNG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbde8add0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbde8add0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbde8add0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x3b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBiyCq[1].png", cAlternateFileName="BBIYCQ~1.PNG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f7f1f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f7f1f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f7f1f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14d, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBn4lUU[1].png", cAlternateFileName="BBN4LU~1.PNG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457e4610, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x24b, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBnMKeN[1].png", cAlternateFileName="BBNMKE~1.PNG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459ad690, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x38b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBwGan9[1].jpg", cAlternateFileName="BBWGAN~1.JPG")) returned 1 [0109.925] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538b8730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBz3ebk[1].png", cAlternateFileName="BBZ3EB~1.PNG")) returned 1 [0109.926] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60d4dd60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60d4dd60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60d4dd60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="benefits-5-mobile[1].png", cAlternateFileName="BENEFI~1.PNG")) returned 1 [0109.926] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61804060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61804060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61850320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13f3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="cb=gapi[1].loaded_1", cAlternateFileName="CB_GAP~1.LOA")) returned 1 [0109.926] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0109.926] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60ea49c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60ea49c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60ef0c80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c6c, dwReserved0=0x0, dwReserved1=0x0, cFileName="chrome-new[1].jpg", cAlternateFileName="CHROME~1.JPG")) returned 1 [0109.926] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60aec760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60aec760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60b128c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4739, dwReserved0=0x0, dwReserved1=0x0, cFileName="cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot", cAlternateFileName="CJZKEO~1.EOT")) returned 1 [0109.926] VirtualAlloc (lpAddress=0xc0002b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b8000 [0109.927] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53b8c150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b8c150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53bb22b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="ContainerTag[1].js", cAlternateFileName="CONTAI~1.JS")) returned 1 [0109.927] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe6dfad0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe6dfad0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe6dfad0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="ContainerTag[2].js", cAlternateFileName="CONTAI~2.JS")) returned 1 [0109.927] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5ddbc1a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5ddbc1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5ddbc1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="css[2].txt", cAlternateFileName="CSS_2_~1.TXT")) returned 1 [0109.927] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0109.927] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5114bad0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5114bad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x511bdef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x39a21, dwReserved0=0x0, dwReserved1=0x0, cFileName="f8-028d9f-f30905ea[1]", cAlternateFileName="F8-028~1")) returned 1 [0109.927] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf893e70, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf893e70, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf893e70, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7f78, dwReserved0=0x0, dwReserved1=0x0, cFileName="fallback_728x90[1].jpg", cAlternateFileName="FALLBA~1.JPG")) returned 1 [0109.927] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53063a30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xca2, dwReserved0=0x0, dwReserved1=0x0, cFileName="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]", cAlternateFileName="GETYPE~1")) returned 1 [0109.927] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbde189b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbde189b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbde189b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1305, dwReserved0=0x0, dwReserved1=0x0, cFileName="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]", cAlternateFileName="GETYPE~2")) returned 1 [0109.927] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x551dcf90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x551dcf90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x551dcf90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x66, dwReserved0=0x0, dwReserved1=0x0, cFileName="ie8[1].txt", cAlternateFileName="IE8_1_~1.TXT")) returned 1 [0109.927] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44bff750, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44bff750, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44bff750, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="js[1]", cAlternateFileName="JS_1_~1")) returned 1 [0109.927] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54e4ae90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54e4ae90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54e4ae90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x88e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="latest[1].eot", cAlternateFileName="LATEST~1.EOT")) returned 1 [0109.927] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54772f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54772f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54772f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1180, dwReserved0=0x0, dwReserved1=0x0, cFileName="meversion[1]", cAlternateFileName="MEVERS~1")) returned 1 [0109.927] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfaa91b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfaa91b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfaa91b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="only[1].htm", cAlternateFileName="ONLY_1~1.HTM")) returned 1 [0109.927] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x56ed3860, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x56ed3860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x56ed3860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x140, dwReserved0=0x0, dwReserved1=0x0, cFileName="Passport[1].htm", cAlternateFileName="PASSPO~1.HTM")) returned 1 [0109.927] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61282d80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61282d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61282d80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9f32, dwReserved0=0x0, dwReserved1=0x0, cFileName="plusone[1].js", cAlternateFileName="PLUSON~1.JS")) returned 1 [0109.927] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6371bfc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6371bfc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6371bfc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="postmessageRelay[1].htm", cAlternateFileName="POSTME~1.HTM")) returned 1 [0109.927] VirtualAlloc (lpAddress=0xc0002ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ba000 [0109.928] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0109.928] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x555ac120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x555ac120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x55a97d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x19a6f, dwReserved0=0x0, dwReserved1=0x0, cFileName="search[1].htm", cAlternateFileName="SEARCH~1.HTM")) returned 1 [0109.928] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54772f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54772f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54772f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c85b, dwReserved0=0x0, dwReserved1=0x0, cFileName="uhf-west-european-default.min[1].css", cAlternateFileName="UHF-WE~1.CSS")) returned 1 [0109.928] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54726c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54726c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54726c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1687, dwReserved0=0x0, dwReserved1=0x0, cFileName="WebCore.4.19.0.ltr.light.min[1].css", cAlternateFileName="WEBCOR~1.CSS")) returned 1 [0109.929] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0109.929] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0109.930] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\28-8f3193-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\28-8f3193-f30905ea[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbdbb73b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbdbb73b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbdc03670, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x39d41)) returned 1 [0109.933] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0109.944] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x551dcf90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x551dcf90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5529b670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ecb)) returned 1 [0109.961] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0109.961] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454c4930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454c4930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454c4930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x135)) returned 1 [0109.981] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a1fab0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x28e)) returned 1 [0109.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA42EP9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa42ep9[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539049f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1cd)) returned 1 [0109.997] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x514ddbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x514ddbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x514ddbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x191)) returned 1 [0109.997] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x19d)) returned 1 [0110.026] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0110.057] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA8uCo4[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa8uco4[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fa5350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fa5350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fa5350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c8)) returned 1 [0110.100] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AAdAVrM[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aadavrm[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4593b270, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4593b270, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4593b270, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x342)) returned 1 [0110.165] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0110.168] SetEvent (hEvent=0x13c) returned 1 [0110.168] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB1CcOi[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb1ccoi[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454c4930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454c4930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454c4930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1d0)) returned 1 [0110.227] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x310)) returned 1 [0110.383] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0110.386] SetEvent (hEvent=0xfc) returned 1 [0110.386] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0110.386] SetEvent (hEvent=0x108) returned 1 [0110.386] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45987530, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x120)) returned 1 [0110.412] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kTiV[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5ktiv[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53337450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x121)) returned 1 [0110.431] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0110.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB6Ma4a[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb6ma4a[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x18c)) returned 1 [0110.462] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB74fLs[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb74fls[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x168)) returned 1 [0110.482] SetEvent (hEvent=0xb8) returned 1 [0110.482] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBIqq8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbiqq8[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6421e580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6421e580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x642446e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x333f)) returned 1 [0110.502] SetEvent (hEvent=0x108) returned 1 [0110.502] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0110.503] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0110.503] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x532eb190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x90b)) returned 1 [0110.521] SetEvent (hEvent=0x198) returned 1 [0110.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53630fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53630fd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53657130, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x994)) returned 1 [0110.536] SetEvent (hEvent=0x1a0) returned 1 [0110.536] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0110.536] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBNiEo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbnieo[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53467f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53467f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53467f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28b9)) returned 1 [0110.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo1mq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53b65ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b65ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53b8c150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x176d)) returned 1 [0110.572] SetEvent (hEvent=0x13c) returned 1 [0110.572] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO3tl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo3tl[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d18e120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6d18e120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6d1b4280, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x6218)) returned 1 [0110.589] SetEvent (hEvent=0x13c) returned 1 [0110.590] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x532eb190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x75a)) returned 1 [0110.616] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0110.616] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBOe7C[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbboe7c[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x537add90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x537add90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x537add90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d89)) returned 1 [0110.630] SetEvent (hEvent=0x108) returned 1 [0110.630] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5303d8d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5303d8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5303d8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1e36)) returned 1 [0110.650] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPUFJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpufj[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53063a30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1ee7)) returned 1 [0110.666] SetEvent (hEvent=0xb8) returned 1 [0110.666] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0110.667] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0110.667] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBQxzx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbqxzx[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533a9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533a9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533a9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x924)) returned 1 [0110.683] SetEvent (hEvent=0x9c) returned 1 [0110.683] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBTpvW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbtpvw[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x515e8570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7ae)) returned 1 [0110.699] SetEvent (hEvent=0x13c) returned 1 [0110.699] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0110.699] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53194530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x974)) returned 1 [0110.716] SetEvent (hEvent=0xfc) returned 1 [0110.716] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0110.717] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVGsM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvgsm[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e74850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1e67)) returned 1 [0110.735] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x530afcf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaa8)) returned 1 [0110.753] SetEvent (hEvent=0x1a0) returned 1 [0110.753] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVJ4r[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvj4r[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f59090, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f59090, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f59090, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x97a)) returned 1 [0110.766] SetEvent (hEvent=0xb8) returned 1 [0110.766] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0110.767] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVxM8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvxm8[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5160e6d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5160e6d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5160e6d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7d8)) returned 1 [0110.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBseMP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsemp[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1963)) returned 1 [0110.799] SetEvent (hEvent=0x13c) returned 1 [0110.799] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53af3bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53af3bd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53af3bd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x16d6)) returned 1 [0110.811] SetEvent (hEvent=0xfc) returned 1 [0110.811] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0110.812] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBz9wz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbz9wz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538de890, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538de890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538de890, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8d7)) returned 1 [0110.831] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0110.831] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6421e580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6421e580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x642446e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x24be)) returned 1 [0110.840] SetEvent (hEvent=0x1a0) returned 1 [0110.840] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc06ub[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6125cc20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6125cc20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61282d80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x33a8)) returned 1 [0110.863] SetEvent (hEvent=0xb8) returned 1 [0110.863] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0110.864] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0110.864] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC095c[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc095c[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53017770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53017770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53017770, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x738)) returned 1 [0110.880] SetEvent (hEvent=0x9c) returned 1 [0110.880] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0110.881] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ff1610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ff1610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52ff1610, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x17a5)) returned 1 [0110.886] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0110.887] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0lYn[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0lyn[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53089b90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53089b90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53089b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2720)) returned 1 [0110.923] SetEvent (hEvent=0xb8) returned 1 [0110.923] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0110.923] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f0cdd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f0cdd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f0cdd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x522)) returned 1 [0110.929] SetEvent (hEvent=0x198) returned 1 [0110.929] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e28590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x188f)) returned 1 [0110.937] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0110.937] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e9a9b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e9a9b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e9a9b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7fe)) returned 1 [0110.943] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0110.949] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.949] SetEvent (hEvent=0xc0) returned 1 [0110.949] SetEvent (hEvent=0x9c) returned 1 [0110.950] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0tci[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e275160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5e275160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5e275160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x320d)) returned 1 [0110.951] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0110.952] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0110.952] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDK7Yy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdk7yy[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459d37f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459d37f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459d37f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x28f2)) returned 1 [0110.957] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458eefb0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458eefb0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458eefb0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x83c)) returned 1 [0111.014] SetEvent (hEvent=0x1a0) returned 1 [0111.014] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDZoZR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdzozr[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b9c870, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b9c870, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b9c870, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x968)) returned 1 [0111.022] SetEvent (hEvent=0x120) returned 1 [0111.022] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458c8e50, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8d4)) returned 1 [0111.069] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0111.069] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE9wSt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe9wst[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459d37f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459d37f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459d37f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x6e0)) returned 1 [0111.088] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a6bd70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a6bd70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a6bd70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8b9)) returned 1 [0111.115] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458eefb0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458eefb0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458eefb0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2086)) returned 1 [0111.137] SetEvent (hEvent=0x164) returned 1 [0111.137] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0111.138] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0111.138] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a1fab0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x687)) returned 1 [0111.155] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0111.156] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdoQv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedoqv[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x97b)) returned 1 [0111.183] SetEvent (hEvent=0x13c) returned 1 [0111.183] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0111.183] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdqEy[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedqey[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458a2cf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x69a)) returned 1 [0111.214] SetEvent (hEvent=0x9c) returned 1 [0111.214] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45915110, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x6d0)) returned 1 [0111.232] SetEvent (hEvent=0xfc) returned 1 [0111.232] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeP0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeep0k[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457be4b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457be4b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4580a770, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x24c8)) returned 1 [0111.250] SetEvent (hEvent=0xb8) returned 1 [0111.250] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0111.251] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b76710, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b76710, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b76710, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3417)) returned 1 [0111.270] SetEvent (hEvent=0x164) returned 1 [0111.270] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0111.271] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xc0b)) returned 1 [0111.289] SetEvent (hEvent=0x1a0) returned 1 [0111.289] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefjut[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45510bf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45510bf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45510bf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3c4c)) returned 1 [0111.305] SetEvent (hEvent=0x13c) returned 1 [0111.305] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEg9QV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeg9qv[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459f9950, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459f9950, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459f9950, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1f0e)) returned 1 [0111.320] SetEvent (hEvent=0x9c) returned 1 [0111.320] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4587cb90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4587cb90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4587cb90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x980)) returned 1 [0111.337] SetEvent (hEvent=0xfc) returned 1 [0111.337] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0111.338] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegjfz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x467cf930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1a59)) returned 1 [0111.359] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458308d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x23fd)) returned 1 [0111.374] SetEvent (hEvent=0x164) returned 1 [0111.374] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0111.374] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0111.375] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x7b0)) returned 1 [0111.394] SetEvent (hEvent=0x1a0) returned 1 [0111.394] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegsz3[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x467cf930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x44ec)) returned 1 [0111.416] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbde8add0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbde8add0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbde8add0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x171b)) returned 1 [0111.431] SetEvent (hEvent=0x9c) returned 1 [0111.432] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0111.432] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457721f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457721f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457721f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1826)) returned 1 [0111.469] SetEvent (hEvent=0xfc) returned 1 [0111.469] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe4ca790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5e5)) returned 1 [0111.486] SetEvent (hEvent=0xb8) returned 1 [0111.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b505b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b505b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b505b0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x5e5)) returned 1 [0111.502] SetEvent (hEvent=0x164) returned 1 [0111.502] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x467cf930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3565)) returned 1 [0111.515] SetEvent (hEvent=0x1a0) returned 1 [0111.515] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0111.515] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBg3ODX[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbg3odx[2].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xf3)) returned 1 [0111.537] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBiyCq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbiycq[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbde8add0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbde8add0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbde8add0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x3b9)) returned 1 [0111.550] SetEvent (hEvent=0x9c) returned 1 [0111.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f7f1f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f7f1f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f7f1f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x14d)) returned 1 [0111.562] SetEvent (hEvent=0xfc) returned 1 [0111.562] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBnMKeN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbnmken[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457e4610, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x24b)) returned 1 [0111.578] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBwGan9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbwgan9[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459ad690, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x38b7)) returned 1 [0111.592] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0111.593] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBz3ebk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbz3ebk[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538b8730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36c)) returned 1 [0111.659] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0111.659] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0111.659] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0111.660] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53b8c150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b8c150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53bb22b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7b1)) returned 1 [0111.680] SetEvent (hEvent=0x1a0) returned 1 [0111.680] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe6dfad0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe6dfad0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe6dfad0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7b1)) returned 1 [0111.698] SetEvent (hEvent=0x164) returned 1 [0111.698] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0111.699] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0111.699] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\Passport[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\passport[1].htm"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x56ed3860, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x56ed3860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x56ed3860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x140)) returned 1 [0111.718] SetEvent (hEvent=0xfc) returned 1 [0111.718] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0111.719] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0111.719] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\WebCore.4.19.0.ltr.light.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\webcore.4.19.0.ltr.light.min[1].css"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54726c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54726c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54726c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1687)) returned 1 [0111.735] SetEvent (hEvent=0x13c) returned 1 [0111.736] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0111.736] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\adServer[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\adserver[1].htm"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf4697f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf4697f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf4b5ab0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x21e7)) returned 1 [0111.759] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50f82a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f82a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50fa8bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c)) returned 1 [0111.775] SetEvent (hEvent=0xb8) returned 1 [0111.775] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0111.776] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x545d0030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x545d0030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x545d0030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40b)) returned 1 [0111.794] SetEvent (hEvent=0xb8) returned 1 [0111.794] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe9ff7b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe9ff7b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe9ff7b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x534)) returned 1 [0111.811] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe9ff7b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe9ff7b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe9ff7b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x532)) returned 1 [0111.827] SetEvent (hEvent=0xfc) returned 1 [0111.828] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\benefits-5-mobile[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\benefits-5-mobile[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60d4dd60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60d4dd60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60d4dd60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29ed)) returned 1 [0111.845] SetEvent (hEvent=0x13c) returned 1 [0111.845] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0111.845] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0111.846] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0111.846] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cjzkeoubrn4kerxqtauh3fy6323mhuzfjmgtvxag2ie[1].eot"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60aec760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60aec760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60b128c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4739)) returned 1 [0111.867] SetEvent (hEvent=0x9c) returned 1 [0111.867] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61804060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61804060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61850320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13f3f)) returned 1 [0111.887] SetEvent (hEvent=0x1a0) returned 1 [0111.887] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\chrome-new[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\chrome-new[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60ea49c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60ea49c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60ef0c80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10c6c)) returned 1 [0111.913] SetEvent (hEvent=0xb8) returned 1 [0111.913] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0111.913] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0111.914] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5ddbc1a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5ddbc1a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5ddbc1a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xbb)) returned 1 [0111.936] SetEvent (hEvent=0x164) returned 1 [0111.936] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0111.955] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0111.956] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5114bad0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5114bad0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x511bdef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x39a21)) returned 1 [0111.967] SetEvent (hEvent=0xfc) returned 1 [0111.967] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\fallback_728x90[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\fallback_728x90[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf893e70, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf893e70, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf893e70, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7f78)) returned 1 [0112.003] SetEvent (hEvent=0x13c) returned 1 [0112.003] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0112.004] GetFileAttributesExW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=627518548[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53063a30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xca2)) returned 1 [0112.027] SetEvent (hEvent=0x9c) returned 1 [0112.027] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0112.027] GetFileAttributesExW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbde189b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbde189b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbde189b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1305)) returned 1 [0112.054] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0112.055] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0112.055] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ie8[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\ie8[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x551dcf90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x551dcf90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x551dcf90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x66)) returned 1 [0112.072] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\js[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44bff750, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44bff750, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44bff750, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3c1)) returned 1 [0112.091] SetEvent (hEvent=0x164) returned 1 [0112.091] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0112.092] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0112.092] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\latest[1].eot"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54e4ae90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54e4ae90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54e4ae90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x88e7)) returned 1 [0112.128] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0112.129] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\meversion[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\meversion[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54772f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54772f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54772f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1180)) returned 1 [0112.154] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0112.155] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\only[1].htm"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfaa91b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfaa91b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfaa91b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0112.174] SetEvent (hEvent=0x13c) returned 1 [0112.174] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\plusone[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\plusone[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61282d80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61282d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61282d80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9f32)) returned 1 [0112.183] SetEvent (hEvent=0x9c) returned 1 [0112.184] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0112.184] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\postmessageRelay[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\postmessagerelay[1].htm"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6371bfc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6371bfc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6371bfc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1fa)) returned 1 [0112.205] SetEvent (hEvent=0xfc) returned 1 [0112.205] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0112.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\search[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\search[1].htm"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x555ac120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x555ac120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x55a97d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x19a6f)) returned 1 [0112.221] SetEvent (hEvent=0x164) returned 1 [0112.222] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0112.222] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0112.223] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\uhf-west-european-default.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\uhf-west-european-default.min[1].css"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54772f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54772f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54772f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c85b)) returned 1 [0112.257] SetEvent (hEvent=0x1a0) returned 1 [0112.257] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0112.257] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0112.258] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0112.258] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0112.258] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\*", lpFindFileData=0xc0002211d0 | out: lpFindFileData=0xc0002211d0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0112.263] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0112.272] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0112.275] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfa36d90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfa36d90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfa83050, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xe455, dwReserved0=0x0, dwReserved1=0x0, cFileName="000000929096[1].gif", cAlternateFileName="000000~1.GIF")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6384cac0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6384cac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6384cac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2929, dwReserved0=0x0, dwReserved1=0x0, cFileName="1223855322-postmessagerelay[1].js", cAlternateFileName="122385~1.JS")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458a2cf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x29b, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA3e1oO[1].png", cAlternateFileName="AA3E1O~1.PNG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459d37f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459d37f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459d37f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x265, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA429NP[1].png", cAlternateFileName="AA429N~1.PNG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530d5e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530d5e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x530fbfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x252, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA42pjY[1].png", cAlternateFileName="AA42PJ~1.PNG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe327870, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe327870, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe327870, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA61AKN[2].png", cAlternateFileName="AA61AK~2.PNG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x21b, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA6KizP[2].png", cAlternateFileName="AA6KIZ~2.PNG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457e4610, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x27b, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA7XCQ3[1].png", cAlternateFileName="AA7XCQ~1.PNG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45510bf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45510bf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x268, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA8Tave[1].png", cAlternateFileName="AA8TAV~1.PNG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x21e, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAfOIDq[1].png", cAlternateFileName="AAFOID~1.PNG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAkhMz9[2].png", cAlternateFileName="AAKHMZ~2.PNG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53194530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12c, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAmRY2Q[1].png", cAlternateFileName="AAMRY2~1.PNG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45915110, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x391, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAni8qk[1].png", cAlternateFileName="AANI8Q~1.PNG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf1239b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf1239b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf1239b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7a52, dwReserved0=0x0, dwReserved1=0x0, cFileName="adition[1].js", cAlternateFileName="ADITIO~1.JS")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53bfe570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bfe570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53c4a830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="async_usersync[1].htm", cAlternateFileName="ASYNC_~1.HTM")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53bb22b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bb22b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53bfe570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5feb, dwReserved0=0x0, dwReserved1=0x0, cFileName="b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg", cAlternateFileName="B367C0~1.JPG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459613d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="BB8jcOr[2].png", cAlternateFileName="BB8JCO~2.PNG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1c22, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBB8ZbM[1].jpg", cAlternateFileName="BBB8ZB~1.JPG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a1fab0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x234, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBB9wH0[1].png", cAlternateFileName="BBB9WH~1.PNG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x642446e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x642446e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x642446e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ac7, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBCFjo[1].jpg", cAlternateFileName="BBBCFJ~1.JPG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533cf9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533cf9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533cf9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7c9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBDtcM[1].jpg", cAlternateFileName="BBBDTC~1.JPG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53b8c150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b8c150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53b8c150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1f19, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBIeNJ[1].jpg", cAlternateFileName="BBBIEN~1.JPG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53598a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53598a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53598a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x711, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBImKX[1].jpg", cAlternateFileName="BBBIMK~1.JPG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b9c870, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b9c870, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b9c870, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2569, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBL4R9[1].jpg", cAlternateFileName="BBBL4R~1.JPG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539049f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBLhTZ[1].jpg", cAlternateFileName="BBBLHT~1.JPG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533a9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBnhZY[1].jpg", cAlternateFileName="BBBNHZ~1.JPG")) returned 1 [0112.276] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x671dfee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x671dfee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x67206040, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x48f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBPhAr[1].jpg", cAlternateFileName="BBBPHA~1.JPG")) returned 1 [0112.277] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e28590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c21, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBPiby[1].jpg", cAlternateFileName="BBBPIB~1.JPG")) returned 1 [0112.277] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53063a30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x16bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBPmXJ[1].jpg", cAlternateFileName="BBBPMX~1.JPG")) returned 1 [0112.277] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530d5e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530d5e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53194530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x21feb, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBPS37[1].png", cAlternateFileName="BBBPS3~1.PNG")) returned 1 [0112.277] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e74850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12f9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBQiBF[1].jpg", cAlternateFileName="BBBQIB~1.JPG")) returned 1 [0112.284] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0112.284] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533cf9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533cf9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533cf9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBty8h[1].jpg", cAlternateFileName="BBBTY8~1.JPG")) returned 1 [0112.284] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5303d8d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5303d8d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5303d8d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1b08, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBVACL[1].jpg", cAlternateFileName="BBBVAC~1.JPG")) returned 1 [0112.284] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e29b2c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5e29b2c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5e29b2c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c41, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBVGyR[1].jpg", cAlternateFileName="BBBVGY~1.JPG")) returned 1 [0112.284] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x515e8570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x950, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBVMtX[1].jpg", cAlternateFileName="BBBVMT~1.JPG")) returned 1 [0112.284] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5530da90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5530da90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5530da90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1bba, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBVYsu[1].jpg", cAlternateFileName="BBBVYS~1.JPG")) returned 1 [0112.284] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5154fff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5154fff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51576150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x76a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBWLtW[1].jpg", cAlternateFileName="BBBWLT~1.JPG")) returned 1 [0112.284] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f32f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f32f30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f32f30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x95f, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBX3xB[1].jpg", cAlternateFileName="BBBX3X~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533112f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533112f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533112f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x241e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBY98e[1].jpg", cAlternateFileName="BBBY98~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fcb4b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fcb4b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x938, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBZYVP[1].jpg", cAlternateFileName="BBBZYV~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e74850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x192a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC04o2[1].jpg", cAlternateFileName="BBC04O~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538b8730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x23fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC04ok[1].jpg", cAlternateFileName="BBC04O~2.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539e9230, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539e9230, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539e9230, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a99, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC04we[1].jpg", cAlternateFileName="BBC04W~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e02430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e02430, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e28590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3200, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC05rl[1].jpg", cAlternateFileName="BBC05R~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ec0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ec0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52ec0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7e1, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC05rl[2].jpg", cAlternateFileName="BBC05R~2.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ff1610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ff1610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52ff1610, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1b4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0ATj[1].jpg", cAlternateFileName="BBC0AT~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5392ab50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5392ab50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5392ab50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x751, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0D8i[1].jpg", cAlternateFileName="BBC0D8~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51256470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51256470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51256470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x200e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0g7a[1].jpg", cAlternateFileName="BBC0G7~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f7f1f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f7f1f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f7f1f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1dcb, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0w1b[1].jpg", cAlternateFileName="BBC0W1~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5530da90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5530da90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x55333bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x23ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0xLt[1].jpg", cAlternateFileName="BBC0XL~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xb58, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBDWA22[1].jpg", cAlternateFileName="BBDWA2~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a45c10, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x91d, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBE7d3b[1].jpg", cAlternateFileName="BBE7D3~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45583010, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45583010, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x455a9170, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2850, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBE85ld[1].jpg", cAlternateFileName="BBE85L~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459613d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x16ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEdckp[1].jpg", cAlternateFileName="BBEDCK~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45987530, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xafe, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEdMci[1].jpg", cAlternateFileName="BBEDMC~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4580a770, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4580a770, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4580a770, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2a48, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEdSLV[1].jpg", cAlternateFileName="BBEDSL~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458c8e50, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x87f, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEe2Pd[1].jpg", cAlternateFileName="BBEE2P~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4587cb90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4587cb90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4587cb90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3faf, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEe4Oo[1].png", cAlternateFileName="BBEE4O~1.PNG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b505b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b505b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b505b0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xaa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEe6Ew[1].jpg", cAlternateFileName="BBEE6E~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454c4930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454c4930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454c4930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1d26, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEeFp3[1].jpg", cAlternateFileName="BBEEFP~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe3bfdf0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe3bfdf0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe3bfdf0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x780, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEeGwU[1].jpg", cAlternateFileName="BBEEGW~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b505b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b505b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b505b0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x7be, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEeUg0[1].jpg", cAlternateFileName="BBEEUG~1.JPG")) returned 1 [0112.285] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459ad690, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3a2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEeZnr[1].jpg", cAlternateFileName="BBEEZN~1.JPG")) returned 1 [0112.340] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0112.342] SetEvent (hEvent=0xfc) returned 1 [0112.342] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457e4610, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2f76, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEf5Lq[1].jpg", cAlternateFileName="BBEF5L~1.JPG")) returned 1 [0112.342] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4574c090, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x786, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEfwtU[1].jpg", cAlternateFileName="BBEFWT~1.JPG")) returned 1 [0112.342] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xa07, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEfzSd[1].jpg", cAlternateFileName="BBEFZS~1.JPG")) returned 1 [0112.342] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454eaa90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454eaa90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454eaa90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1998, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgCuQ[1].jpg", cAlternateFileName="BBEGCU~1.JPG")) returned 1 [0112.342] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x454c4930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x454c4930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x454eaa90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1a65, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgHzB[1].jpg", cAlternateFileName="BBEGHZ~1.JPG")) returned 1 [0112.342] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbde8add0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbde8add0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbdeb0f30, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5a45, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgIl2[1].jpg", cAlternateFileName="BBEGIL~1.JPG")) returned 1 [0112.342] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b2a450, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b2a450, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b2a450, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x388f, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgIl2[2].jpg", cAlternateFileName="BBEGIL~2.JPG")) returned 1 [0112.342] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45856a30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1e97, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgIyL[1].jpg", cAlternateFileName="BBEGIY~1.JPG")) returned 1 [0112.342] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45856a30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x23bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgkY6[1].jpg", cAlternateFileName="BBEGKY~1.JPG")) returned 1 [0112.342] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4574c090, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8df, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgLzV[1].jpg", cAlternateFileName="BBEGLZ~1.JPG")) returned 1 [0112.342] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a45c10, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2b8d, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgUri[1].jpg", cAlternateFileName="BBEGUR~1.JPG")) returned 1 [0112.342] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457721f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457721f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457721f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x201f, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgXBv[1].jpg", cAlternateFileName="BBEGXB~1.JPG")) returned 1 [0112.342] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe327870, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe327870, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe34d9d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x6e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgZME[1].jpg", cAlternateFileName="BBEGZM~1.JPG")) returned 1 [0112.342] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe4ca790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBghfVy[1].png", cAlternateFileName="BBGHFV~1.PNG")) returned 1 [0112.342] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1af, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBkwUr[1].png", cAlternateFileName="BBKWUR~1.PNG")) returned 1 [0112.342] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a45c10, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a45c10, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a45c10, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x23b, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBlBV0U[1].png", cAlternateFileName="BBLBV0~1.PNG")) returned 1 [0112.343] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5159c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5159c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5159c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3376, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBzhWWE[1].jpg", cAlternateFileName="BBZHWW~1.JPG")) returned 1 [0112.343] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60baae40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60baae40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60c433c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13c06, dwReserved0=0x0, dwReserved1=0x0, cFileName="benefits-2[1].jpg", cAlternateFileName="BENEFI~2.JPG")) returned 1 [0112.343] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60b84ce0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60b84ce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60c1d260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x144cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="benefits-4[1].jpg", cAlternateFileName="BENEFI~1.JPG")) returned 1 [0112.343] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf4dbc10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf4dbc10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf4dbc10, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x6f15, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootstrap[1].js", cAlternateFileName="BOOTST~1.JS")) returned 1 [0112.343] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x583e0320, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x583e0320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x583e0320, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf6, dwReserved0=0x0, dwReserved1=0x0, cFileName="browser[1].htm", cAlternateFileName="BROWSE~1.HTM")) returned 1 [0112.343] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b2b1b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b2b1b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b2b1b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4dd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="bs-jsdep[1].css", cAlternateFileName="BS-JSD~1.CSS")) returned 1 [0112.343] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61341460, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61341460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x613675c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c9f6, dwReserved0=0x0, dwReserved1=0x0, cFileName="cb=gapi[1].loaded_0", cAlternateFileName="CB_GAP~1.LOA")) returned 1 [0112.343] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x467cf930, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="collect[1].gif", cAlternateFileName="COLLEC~1.GIF")) returned 1 [0112.343] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b51310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b51310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b51310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29349, dwReserved0=0x0, dwReserved1=0x0, cFileName="core[1].css", cAlternateFileName="CORE_1~1.CSS")) returned 1 [0112.343] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0112.343] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54ca7f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54ca7f70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54ca7f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="DevCMDL2.2.18[1].eot", cAlternateFileName="DEVCMD~1.EOT")) returned 1 [0112.343] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5120a1b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5120a1b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5120a1b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="e151e5[1].gif", cAlternateFileName="E151E5~1.GIF")) returned 1 [0112.343] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5101afd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5101afd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5101afd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x24e29, dwReserved0=0x0, dwReserved1=0x0, cFileName="e4-190963-91cdfbc1[1].txt", cAlternateFileName="E4-190~1.TXT")) returned 1 [0112.343] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60b5eb80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60b5eb80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60f89200, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf8f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula_text[1].htm", cAlternateFileName="EULA_T~1.HTM")) returned 1 [0112.343] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x62410fc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x62410fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x62410fc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x34ce, dwReserved0=0x0, dwReserved1=0x0, cFileName="f[1].txt", cAlternateFileName="F_1_~1.TXT")) returned 1 [0112.343] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53089b90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53089b90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53089b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1254, dwReserved0=0x0, dwReserved1=0x0, cFileName="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]", cAlternateFileName="GETYPE~1")) returned 1 [0112.343] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0112.344] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60ef0c80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60ef0c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60f16de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x6a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="google_plus_16dp[1].png", cAlternateFileName="GOOGLE~1.PNG")) returned 1 [0112.344] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5de2e5c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5de2e5c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5de54720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb6c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="index[1].htm", cAlternateFileName="INDEX_~1.HTM")) returned 1 [0112.344] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54fa1af0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54fa1af0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54fa1af0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa2, dwReserved0=0x0, dwReserved1=0x0, cFileName="print[1].txt", cAlternateFileName="PRINT_~1.TXT")) returned 1 [0112.344] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44f697b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44f697b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44f8f910, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x15429, dwReserved0=0x0, dwReserved1=0x0, cFileName="Standard[1]", cAlternateFileName="STANDA~1")) returned 1 [0112.344] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfbb3b50, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfbb3b50, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfbb3b50, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x67, dwReserved0=0x0, dwReserved1=0x0, cFileName="tecjslog[1].png", cAlternateFileName="TECJSL~1.PNG")) returned 1 [0112.344] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x548efd10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x548efd10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x548efd10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x102ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="uhf-main.var.min[1].js", cAlternateFileName="UHF-MA~1.JS")) returned 1 [0112.344] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0112.345] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5386c470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5386c470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5386c470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2dd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="v2[1]", cAlternateFileName="V2_1_~1")) returned 1 [0112.345] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5386c470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5386c470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5386c470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d29, dwReserved0=0x0, dwReserved1=0x0, cFileName="v2[2]", cAlternateFileName="V2_2_~1")) returned 1 [0112.345] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe751ef0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe751ef0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe751ef0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2fa8, dwReserved0=0x0, dwReserved1=0x0, cFileName="v2[3]", cAlternateFileName="V2_3_~1")) returned 1 [0112.345] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe8829f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe8829f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe8829f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2da9, dwReserved0=0x0, dwReserved1=0x0, cFileName="v2[4]", cAlternateFileName="V2_4_~1")) returned 1 [0112.345] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0112.345] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0112.346] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfa36d90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfa36d90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfa83050, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xe455)) returned 1 [0112.347] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\1223855322-postmessagerelay[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\1223855322-postmessagerelay[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6384cac0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6384cac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6384cac0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2929)) returned 1 [0112.347] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0112.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458a2cf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x29b)) returned 1 [0112.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459d37f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459d37f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459d37f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x265)) returned 1 [0112.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530d5e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530d5e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x530fbfb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x252)) returned 1 [0112.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA61AKN[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa61akn[2].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe327870, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe327870, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe327870, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x248)) returned 1 [0112.350] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0112.359] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA6KizP[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa6kizp[2].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x21b)) returned 1 [0112.359] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA7XCQ3[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa7xcq3[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457e4610, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x27b)) returned 1 [0112.415] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0112.422] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA8Tave[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa8tave[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45510bf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45510bf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x268)) returned 1 [0112.484] SetEvent (hEvent=0x120) returned 1 [0112.484] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAfOIDq[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aafoidq[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe399c90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe399c90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe399c90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x21e)) returned 1 [0112.505] SetEvent (hEvent=0x108) returned 1 [0112.505] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2e3)) returned 1 [0112.547] SetEvent (hEvent=0x1a0) returned 1 [0112.547] VirtualAlloc (lpAddress=0xc000296000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000296000 [0112.547] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAmRY2Q[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aamry2q[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53194530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53194530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53194530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12c)) returned 1 [0112.579] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0112.586] VirtualAlloc (lpAddress=0xc000388000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000388000 [0112.586] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAni8qk[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aani8qk[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45915110, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x391)) returned 1 [0112.701] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BB8jcOr[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bb8jcor[2].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459613d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1aa)) returned 1 [0112.732] VirtualAlloc (lpAddress=0xc000298000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000298000 [0112.732] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0112.733] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB8ZbM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb8zbm[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1c22)) returned 1 [0112.748] SetEvent (hEvent=0x120) returned 1 [0112.748] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBB9wH0[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbb9wh0[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a1fab0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x234)) returned 1 [0112.776] SetEvent (hEvent=0xb8) returned 1 [0112.776] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0112.777] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x642446e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x642446e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x642446e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2ac7)) returned 1 [0112.801] SetEvent (hEvent=0x1a0) returned 1 [0112.801] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0112.802] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBDtcM[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbdtcm[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533cf9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533cf9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533cf9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7c9)) returned 1 [0112.817] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBIeNJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbienj[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53b8c150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b8c150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53b8c150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1f19)) returned 1 [0112.842] SetEvent (hEvent=0x9c) returned 1 [0112.842] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBImKX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbimkx[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53598a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53598a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53598a50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x711)) returned 1 [0112.863] SetEvent (hEvent=0x9c) returned 1 [0112.863] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0112.864] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBL4R9[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbl4r9[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b9c870, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b9c870, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b9c870, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2569)) returned 1 [0112.879] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0112.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBLhTZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbblhtz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539049f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30d2)) returned 1 [0112.897] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530d5e50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530d5e50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53194530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x21feb)) returned 1 [0112.916] SetEvent (hEvent=0x1a0) returned 1 [0112.917] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPhAr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbphar[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x671dfee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x671dfee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x67206040, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x48f4)) returned 1 [0112.920] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0112.947] SetEvent (hEvent=0x9c) returned 1 [0112.947] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0112.948] SetEvent (hEvent=0x9c) returned 1 [0112.948] SetEvent (hEvent=0x120) returned 1 [0112.948] SetEvent (hEvent=0x1a0) returned 1 [0112.949] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0112.956] SetEvent (hEvent=0x108) returned 1 [0112.956] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0112.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0112.961] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0001f7cf4 | out: lpMode=0xc0001f7cf4) returned 0 [0112.962] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0112.964] GetFileType (hFile=0x1d4) returned 0x1 [0112.964] GetFileType (hFile=0x1d4) returned 0x1 [0112.964] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc0001f7d44 | out: lpFileInformation=0xc0001f7d44) returned 1 [0112.964] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc0001f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f7d28) returned 1 [0112.964] ReadFile (in: hFile=0x1d4, lpBuffer=0xc0000d1500, nNumberOfBytesToRead=0x14f9, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesRead=0xc0001f7c04*=0x12f9, lpOverlapped=0x0) returned 1 [0112.970] ReadFile (in: hFile=0x1d4, lpBuffer=0xc0000d27f9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d27f9*, lpNumberOfBytesRead=0xc0001f7c04*=0x0, lpOverlapped=0x0) returned 1 [0112.970] CloseHandle (hObject=0x1d4) returned 1 [0112.970] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0112.971] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0112.989] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0001f7d04 | out: lpMode=0xc0001f7d04) returned 0 [0112.992] GetFileType (hFile=0x1d4) returned 0x1 [0112.992] WriteFile (in: hFile=0x1d4, lpBuffer=0xc00004c000*, nNumberOfBytesToWrite=0x1300, lpNumberOfBytesWritten=0xc0001f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesWritten=0xc0001f7cec*=0x1300, lpOverlapped=0x0) returned 1 [0112.993] CloseHandle (hObject=0x1d4) returned 1 [0112.997] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0112.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0112.997] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0001f7d64 | out: lpMode=0xc0001f7d64) returned 0 [0113.003] GetFileType (hFile=0x1b4) returned 0x1 [0113.003] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00037a420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00037a420*, lpNumberOfBytesWritten=0xc0001f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.003] CloseHandle (hObject=0x1b4) returned 1 [0113.006] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBQiBF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbqibf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBQiBF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbqibf[1].jpg"), dwFlags=0x1) returned 1 [0113.072] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0113.072] SetEvent (hEvent=0x13c) returned 1 [0113.072] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0113.073] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.075] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.076] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0113.076] SetEvent (hEvent=0x114) returned 1 [0113.076] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.079] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.079] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0113.079] SetEvent (hEvent=0xc0) returned 1 [0113.079] SetEvent (hEvent=0x13c) returned 1 [0113.080] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.082] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.082] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.082] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0113.082] SetEvent (hEvent=0xb8) returned 1 [0113.082] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.179] SwitchToThread () returned 1 [0113.186] SetEvent (hEvent=0xb8) returned 1 [0113.186] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.187] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.187] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0113.187] SetEvent (hEvent=0xc0) returned 1 [0113.187] SetEvent (hEvent=0xb8) returned 1 [0113.187] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0113.188] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.189] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.192] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.194] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0113.194] SetEvent (hEvent=0xb8) returned 1 [0113.194] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.196] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.197] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0113.197] SetEvent (hEvent=0x114) returned 1 [0113.197] SetEvent (hEvent=0xb8) returned 1 [0113.197] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.199] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.201] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0113.201] SetEvent (hEvent=0x198) returned 1 [0113.201] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.204] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0113.204] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0113.205] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0001d3cf4 | out: lpMode=0xc0001d3cf4) returned 0 [0113.206] GetFileType (hFile=0x1b4) returned 0x1 [0113.206] GetFileType (hFile=0x1b4) returned 0x1 [0113.206] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc0001d3d44 | out: lpFileInformation=0xc0001d3d44) returned 1 [0113.208] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc0001d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d3d28) returned 1 [0113.208] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0113.208] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00003e000, nNumberOfBytesToRead=0x96a, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003e000*, lpNumberOfBytesRead=0xc0001d3c04*=0x76a, lpOverlapped=0x0) returned 1 [0113.211] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00003e76a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003e76a*, lpNumberOfBytesRead=0xc0001d3c04*=0x0, lpOverlapped=0x0) returned 1 [0113.211] CloseHandle (hObject=0x1b4) returned 1 [0113.211] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0113.212] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0113.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.220] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001d3d04 | out: lpMode=0xc0001d3d04) returned 0 [0113.224] GetFileType (hFile=0x1b0) returned 0x1 [0113.224] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000074000*, nNumberOfBytesToWrite=0x770, lpNumberOfBytesWritten=0xc0001d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000074000*, lpNumberOfBytesWritten=0xc0001d3cec*=0x770, lpOverlapped=0x0) returned 1 [0113.225] CloseHandle (hObject=0x1b0) returned 1 [0113.231] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0113.231] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0113.232] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0113.232] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0113.233] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0113.233] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0113.233] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0001d3d64 | out: lpMode=0xc0001d3d64) returned 0 [0113.235] GetFileType (hFile=0x1b4) returned 0x1 [0113.236] WriteFile (in: hFile=0x1b4, lpBuffer=0xc000050420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050420*, lpNumberOfBytesWritten=0xc0001d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.236] CloseHandle (hObject=0x1b4) returned 1 [0113.239] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0113.240] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBWLtW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbwltw[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBWLtW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbwltw[1].jpg"), dwFlags=0x1) returned 1 [0113.279] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0113.279] SetEvent (hEvent=0x9c) returned 1 [0113.279] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0113.280] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.281] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0113.281] SetEvent (hEvent=0x9c) returned 1 [0113.281] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.302] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.319] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.328] SetEvent (hEvent=0x108) returned 1 [0113.328] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.332] SetEvent (hEvent=0x108) returned 1 [0113.332] SetEvent (hEvent=0x164) returned 1 [0113.332] VirtualFree (lpAddress=0xc0003b8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.333] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.333] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.333] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.333] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.334] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000151818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000151818*=0x2) returned 1 [0113.335] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.341] SetEvent (hEvent=0xb8) returned 1 [0113.341] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.344] SetEvent (hEvent=0xb8) returned 1 [0113.344] SwitchToThread () returned 1 [0113.344] SetEvent (hEvent=0x164) returned 1 [0113.344] SetEvent (hEvent=0xb8) returned 1 [0113.344] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0113.345] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000205cf4 | out: lpMode=0xc000205cf4) returned 0 [0113.346] GetFileType (hFile=0x1b4) returned 0x1 [0113.346] GetFileType (hFile=0x1b4) returned 0x1 [0113.346] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000205d44 | out: lpFileInformation=0xc000205d44) returned 1 [0113.346] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000205d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000205d28) returned 1 [0113.346] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0113.347] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000d8000, nNumberOfBytesToRead=0x1b2a, lpNumberOfBytesRead=0xc000205c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesRead=0xc000205c04*=0x192a, lpOverlapped=0x0) returned 1 [0113.352] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000d992a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000205c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d992a*, lpNumberOfBytesRead=0xc000205c04*=0x0, lpOverlapped=0x0) returned 1 [0113.352] CloseHandle (hObject=0x1b4) returned 1 [0113.352] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0113.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0113.355] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000205d04 | out: lpMode=0xc000205d04) returned 0 [0113.356] GetFileType (hFile=0x1b4) returned 0x1 [0113.356] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00050d980*, nNumberOfBytesToWrite=0x1930, lpNumberOfBytesWritten=0xc000205cec, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesWritten=0xc000205cec*=0x1930, lpOverlapped=0x0) returned 1 [0113.358] CloseHandle (hObject=0x1b4) returned 1 [0113.358] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0113.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0113.359] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000205d64 | out: lpMode=0xc000205d64) returned 0 [0113.359] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.362] SetEvent (hEvent=0x9c) returned 1 [0113.362] GetFileType (hFile=0x1b4) returned 0x1 [0113.362] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000205d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000205d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.362] CloseHandle (hObject=0x1b4) returned 1 [0113.365] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.369] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc04o2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbc04o2[1].jpg"), dwFlags=0x1) returned 1 [0113.427] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0113.427] SetEvent (hEvent=0x9c) returned 1 [0113.427] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0113.428] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.429] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.429] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0113.429] SetEvent (hEvent=0x9c) returned 1 [0113.429] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.437] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.468] SetEvent (hEvent=0x108) returned 1 [0113.468] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.473] SetEvent (hEvent=0x108) returned 1 [0113.473] SetEvent (hEvent=0x114) returned 1 [0113.473] VirtualFree (lpAddress=0xc000290000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.474] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.474] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.474] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.475] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.475] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.475] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.475] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.476] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586198*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000289818, lpReserved=0x0 | out: lpBuffer=0xc000586198*, lpNumberOfCharsWritten=0xc000289818*=0x2) returned 1 [0113.481] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.482] SetEvent (hEvent=0x108) returned 1 [0113.482] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.484] SetEvent (hEvent=0x108) returned 1 [0113.484] SetEvent (hEvent=0x114) returned 1 [0113.484] SetEvent (hEvent=0x198) returned 1 [0113.484] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.504] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.509] SetEvent (hEvent=0x164) returned 1 [0113.509] SetEvent (hEvent=0x108) returned 1 [0113.509] SetEvent (hEvent=0x198) returned 1 [0113.509] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.520] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.530] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.552] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.567] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.576] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.588] SetEvent (hEvent=0x114) returned 1 [0113.588] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.591] SetEvent (hEvent=0x114) returned 1 [0113.591] SetEvent (hEvent=0xb8) returned 1 [0113.591] VirtualFree (lpAddress=0xc000160000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0113.592] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.592] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.593] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.593] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.593] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0113.593] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002cd818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc0002cd818*=0x2) returned 1 [0113.595] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.598] SetEvent (hEvent=0x9c) returned 1 [0113.598] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.601] SetEvent (hEvent=0x9c) returned 1 [0113.601] SwitchToThread () returned 1 [0113.602] SetEvent (hEvent=0xb8) returned 1 [0113.602] SetEvent (hEvent=0x9c) returned 1 [0113.602] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0113.603] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0002cdcf4 | out: lpMode=0xc0002cdcf4) returned 0 [0113.604] GetFileType (hFile=0x1b0) returned 0x1 [0113.604] GetFileType (hFile=0x1b0) returned 0x1 [0113.604] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0002cdd44 | out: lpFileInformation=0xc0002cdd44) returned 1 [0113.604] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0002cdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002cdd28) returned 1 [0113.604] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0113.605] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0xd58, lpNumberOfBytesRead=0xc0002cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc0002cdc04*=0xb58, lpOverlapped=0x0) returned 1 [0113.612] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0001e2b58, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2b58*, lpNumberOfBytesRead=0xc0002cdc04*=0x0, lpOverlapped=0x0) returned 1 [0113.612] CloseHandle (hObject=0x1b0) returned 1 [0113.612] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0113.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.616] SetEvent (hEvent=0xc0) returned 1 [0113.616] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0002cdd04 | out: lpMode=0xc0002cdd04) returned 0 [0113.616] GetFileType (hFile=0x1b0) returned 0x1 [0113.616] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000160000*, nNumberOfBytesToWrite=0xb60, lpNumberOfBytesWritten=0xc0002cdcec, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesWritten=0xc0002cdcec*=0xb60, lpOverlapped=0x0) returned 1 [0113.618] CloseHandle (hObject=0x1b0) returned 1 [0113.618] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0113.618] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0113.619] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.619] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0002cdd64 | out: lpMode=0xc0002cdd64) returned 0 [0113.619] GetFileType (hFile=0x1b0) returned 0x1 [0113.619] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002cdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0002cdd4c*=0x158, lpOverlapped=0x0) returned 1 [0113.619] CloseHandle (hObject=0x1b0) returned 1 [0113.620] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBDWA22[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbdwa22[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBDWA22[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbdwa22[1].jpg"), dwFlags=0x1) returned 1 [0113.658] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.659] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0113.659] SetEvent (hEvent=0x9c) returned 1 [0113.659] SetEvent (hEvent=0x108) returned 1 [0113.659] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0113.660] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.662] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.662] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0113.662] SetEvent (hEvent=0x108) returned 1 [0113.662] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.668] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.668] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.689] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.807] SetEvent (hEvent=0x198) returned 1 [0113.807] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.813] SetEvent (hEvent=0x198) returned 1 [0113.813] SetEvent (hEvent=0xb8) returned 1 [0113.813] VirtualFree (lpAddress=0xc00025a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.814] VirtualFree (lpAddress=0xc000166000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.814] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.815] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.815] VirtualFree (lpAddress=0xc00003e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.815] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010158*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00011b818, lpReserved=0x0 | out: lpBuffer=0xc000010158*, lpNumberOfCharsWritten=0xc00011b818*=0x2) returned 1 [0113.837] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.861] SetEvent (hEvent=0x9c) returned 1 [0113.861] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.863] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0113.864] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000159cf4 | out: lpMode=0xc000159cf4) returned 0 [0113.864] GetFileType (hFile=0x128) returned 0x1 [0113.864] GetFileType (hFile=0x128) returned 0x1 [0113.864] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000159d44 | out: lpFileInformation=0xc000159d44) returned 1 [0113.865] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000159d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000159d28) returned 1 [0113.865] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0113.865] ReadFile (in: hFile=0x128, lpBuffer=0xc00007e000, nNumberOfBytesToRead=0xa7f, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesRead=0xc000159c04*=0x87f, lpOverlapped=0x0) returned 1 [0113.871] ReadFile (in: hFile=0x128, lpBuffer=0xc00007e87f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e87f*, lpNumberOfBytesRead=0xc000159c04*=0x0, lpOverlapped=0x0) returned 1 [0113.871] CloseHandle (hObject=0x128) returned 1 [0113.871] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0113.872] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0113.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0113.875] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000159d04 | out: lpMode=0xc000159d04) returned 0 [0113.875] GetFileType (hFile=0x128) returned 0x1 [0113.875] WriteFile (in: hFile=0x128, lpBuffer=0xc0000a2000*, nNumberOfBytesToWrite=0x880, lpNumberOfBytesWritten=0xc000159cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesWritten=0xc000159cec*=0x880, lpOverlapped=0x0) returned 1 [0113.876] CloseHandle (hObject=0x128) returned 1 [0113.876] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0113.877] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0113.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0113.877] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000159d64 | out: lpMode=0xc000159d64) returned 0 [0113.878] GetFileType (hFile=0x128) returned 0x1 [0113.878] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000159d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000159d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.878] CloseHandle (hObject=0x128) returned 1 [0113.878] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe2Pd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee2pd[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEe2Pd[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbee2pd[1].jpg"), dwFlags=0x1) returned 1 [0113.928] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.928] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0113.928] SetEvent (hEvent=0xc0) returned 1 [0113.928] SetEvent (hEvent=0x9c) returned 1 [0113.929] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.930] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.931] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0113.931] SetEvent (hEvent=0x164) returned 1 [0113.931] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.936] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.953] SetEvent (hEvent=0xb8) returned 1 [0113.953] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.954] VirtualFree (lpAddress=0xc0000b6000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0113.954] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.954] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.955] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.955] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001f7818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc0001f7818*=0x2) returned 1 [0113.963] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0113.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0113.973] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0113.974] GetFileType (hFile=0xec) returned 0x1 [0113.974] GetFileType (hFile=0xec) returned 0x1 [0113.974] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0113.974] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0113.974] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0113.975] ReadFile (in: hFile=0xec, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x9be, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc000117c04*=0x7be, lpOverlapped=0x0) returned 1 [0113.979] ReadFile (in: hFile=0xec, lpBuffer=0xc00004e7be, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e7be*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0113.980] CloseHandle (hObject=0xec) returned 1 [0113.980] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0113.980] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0113.981] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0113.981] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0113.981] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.988] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0113.990] GetFileType (hFile=0xec) returned 0x1 [0113.990] WriteFile (in: hFile=0xec, lpBuffer=0xc00005a000*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesWritten=0xc000117cec*=0x7c0, lpOverlapped=0x0) returned 1 [0113.992] CloseHandle (hObject=0xec) returned 1 [0113.992] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0113.992] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0113.993] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0113.993] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0113.994] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0113.994] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0113.995] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0113.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.995] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0113.996] GetFileType (hFile=0x1b0) returned 0x1 [0113.996] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00011e2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011e2c0*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.996] CloseHandle (hObject=0x1b0) returned 1 [0114.002] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0114.002] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeUg0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeug0[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEeUg0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbeeug0[1].jpg"), dwFlags=0x1) returned 1 [0114.044] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0114.045] SetEvent (hEvent=0x108) returned 1 [0114.045] SetEvent (hEvent=0x9c) returned 1 [0114.045] VirtualFree (lpAddress=0xc000212000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.046] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.046] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.046] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.047] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.047] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.047] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.048] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.048] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.048] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.049] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000054018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000159818, lpReserved=0x0 | out: lpBuffer=0xc000054018*, lpNumberOfCharsWritten=0xc000159818*=0x2) returned 1 [0114.050] SwitchToThread () returned 1 [0114.052] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0114.059] SetEvent (hEvent=0x164) returned 1 [0114.059] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0114.069] SetEvent (hEvent=0x9c) returned 1 [0114.069] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0114.072] SetEvent (hEvent=0x9c) returned 1 [0114.072] SetEvent (hEvent=0x114) returned 1 [0114.072] SetEvent (hEvent=0x164) returned 1 [0114.072] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0114.073] SetEvent (hEvent=0x108) returned 1 [0114.074] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0114.078] SetEvent (hEvent=0x9c) returned 1 [0114.078] SetEvent (hEvent=0x164) returned 1 [0114.078] SetEvent (hEvent=0x120) returned 1 [0114.078] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0114.111] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0114.112] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0114.112] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0114.113] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000035cf4 | out: lpMode=0xc000035cf4) returned 0 [0114.116] GetFileType (hFile=0x180) returned 0x1 [0114.116] GetFileType (hFile=0x180) returned 0x1 [0114.116] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc000035d44 | out: lpFileInformation=0xc000035d44) returned 1 [0114.116] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc000035d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000035d28) returned 1 [0114.116] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0114.117] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0114.117] ReadFile (in: hFile=0x180, lpBuffer=0xc000102000, nNumberOfBytesToRead=0x8e9, lpNumberOfBytesRead=0xc000035c04, lpOverlapped=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfBytesRead=0xc000035c04*=0x6e9, lpOverlapped=0x0) returned 1 [0114.123] ReadFile (in: hFile=0x180, lpBuffer=0xc0001026e9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000035c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001026e9*, lpNumberOfBytesRead=0xc000035c04*=0x0, lpOverlapped=0x0) returned 1 [0114.123] CloseHandle (hObject=0x180) returned 1 [0114.123] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0114.123] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0114.124] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0114.124] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c8 [0114.156] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0114.188] GetConsoleMode (in: hConsoleHandle=0x1c8, lpMode=0xc000035d04 | out: lpMode=0xc000035d04) returned 0 [0114.188] GetFileType (hFile=0x1c8) returned 0x1 [0114.188] WriteFile (in: hFile=0x1c8, lpBuffer=0xc000124000*, nNumberOfBytesToWrite=0x6f0, lpNumberOfBytesWritten=0xc000035cec, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesWritten=0xc000035cec*=0x6f0, lpOverlapped=0x0) returned 1 [0114.190] CloseHandle (hObject=0x1c8) returned 1 [0114.201] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0114.230] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0d01 | out: pbBuffer=0xc0000e0d01) returned 1 [0114.231] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0114.231] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000035d64 | out: lpMode=0xc000035d64) returned 0 [0114.231] GetFileType (hFile=0x148) returned 0x1 [0114.231] WriteFile (in: hFile=0x148, lpBuffer=0xc00007c580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000035d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007c580*, lpNumberOfBytesWritten=0xc000035d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.232] CloseHandle (hObject=0x148) returned 1 [0114.238] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0114.277] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgZME[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegzme[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEgZME[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbegzme[1].jpg"), dwFlags=0x1) returned 1 [0114.480] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0114.481] SetEvent (hEvent=0x1dc) returned 1 [0114.481] SetEvent (hEvent=0x198) returned 1 [0114.481] VirtualFree (lpAddress=0xc0003a4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.482] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d5818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc0001d5818*=0x3) returned 1 [0114.489] SwitchToThread () returned 1 [0114.489] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0114.490] SetEvent (hEvent=0x1dc) returned 1 [0114.490] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0114.492] SetEvent (hEvent=0x1dc) returned 1 [0114.492] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0114.496] SetEvent (hEvent=0x1dc) returned 1 [0114.496] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0114.498] SetEvent (hEvent=0x164) returned 1 [0114.498] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0114.500] SetEvent (hEvent=0x164) returned 1 [0114.500] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0115.669] SetEvent (hEvent=0x1c4) returned 1 [0115.669] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0115.674] SetEvent (hEvent=0x1d0) returned 1 [0115.674] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0115.679] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x184 [0115.680] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc000211cf4 | out: lpMode=0xc000211cf4) returned 0 [0115.682] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0115.908] GetFileType (hFile=0x184) returned 0x1 [0115.908] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0115.908] GetFileType (hFile=0x184) returned 0x1 [0115.908] GetFileInformationByHandle (in: hFile=0x184, lpFileInformation=0xc000211d44 | out: lpFileInformation=0xc000211d44) returned 1 [0115.909] GetFileInformationByHandleEx (in: hFile=0x184, FileInformationClass=0x9, lpFileInformation=0xc000211d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000211d28) returned 1 [0115.909] ReadFile (in: hFile=0x184, lpBuffer=0xc0001c0a80, nNumberOfBytesToRead=0xa78, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0a80*, lpNumberOfBytesRead=0xc000211c04*=0x878, lpOverlapped=0x0) returned 1 [0115.912] ReadFile (in: hFile=0x184, lpBuffer=0xc0001c12f8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c12f8*, lpNumberOfBytesRead=0xc000211c04*=0x0, lpOverlapped=0x0) returned 1 [0115.912] CloseHandle (hObject=0x184) returned 1 [0115.912] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0115.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x244 [0115.945] GetConsoleMode (in: hConsoleHandle=0x244, lpMode=0xc000211d04 | out: lpMode=0xc000211d04) returned 0 [0115.949] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0115.957] SetEvent (hEvent=0x29c) returned 1 [0115.957] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0115.958] SetEvent (hEvent=0x1d4) returned 1 [0115.958] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0115.980] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x260 [0115.981] GetConsoleMode (in: hConsoleHandle=0x260, lpMode=0xc0001c9cf4 | out: lpMode=0xc0001c9cf4) returned 0 [0115.982] GetFileType (hFile=0x260) returned 0x1 [0115.982] GetFileType (hFile=0x260) returned 0x1 [0115.982] GetFileInformationByHandle (in: hFile=0x260, lpFileInformation=0xc0001c9d44 | out: lpFileInformation=0xc0001c9d44) returned 1 [0115.982] GetFileInformationByHandleEx (in: hFile=0x260, FileInformationClass=0x9, lpFileInformation=0xc0001c9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c9d28) returned 1 [0115.982] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0115.983] ReadFile (in: hFile=0x260, lpBuffer=0xc0002f6000, nNumberOfBytesToRead=0x1e72, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesRead=0xc0001c9c04*=0x1c72, lpOverlapped=0x0) returned 1 [0115.990] ReadFile (in: hFile=0x260, lpBuffer=0xc0002f7c72, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f7c72*, lpNumberOfBytesRead=0xc0001c9c04*=0x0, lpOverlapped=0x0) returned 1 [0115.990] CloseHandle (hObject=0x260) returned 1 [0115.990] VirtualAlloc (lpAddress=0xc0002f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f8000 [0115.991] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0115.991] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0115.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0116.064] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0116.067] GetConsoleMode (in: hConsoleHandle=0x2d0, lpMode=0xc0001c9d04 | out: lpMode=0xc0001c9d04) returned 0 [0116.069] GetFileType (hFile=0x2d0) returned 0x1 [0116.069] WriteFile (in: hFile=0x2d0, lpBuffer=0xc0002fc000*, nNumberOfBytesToWrite=0x1c80, lpNumberOfBytesWritten=0xc0001c9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002fc000*, lpNumberOfBytesWritten=0xc0001c9cec*=0x1c80, lpOverlapped=0x0) returned 1 [0116.072] CloseHandle (hObject=0x2d0) returned 1 [0116.080] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0116.088] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a001 | out: pbBuffer=0xc00031a001) returned 1 [0116.088] VirtualAlloc (lpAddress=0xc00035e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00035e000 [0116.088] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e0 [0116.089] GetConsoleMode (in: hConsoleHandle=0x2e0, lpMode=0xc0001c9d64 | out: lpMode=0xc0001c9d64) returned 0 [0116.092] GetFileType (hFile=0x2e0) returned 0x1 [0116.092] WriteFile (in: hFile=0x2e0, lpBuffer=0xc00035c6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00035c6e0*, lpNumberOfBytesWritten=0xc0001c9d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.092] CloseHandle (hObject=0x2e0) returned 1 [0116.095] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdQdv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbedqdv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEdQdv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbedqdv[1].jpg"), dwFlags=0x1) returned 1 [0116.637] SetEvent (hEvent=0xc0) returned 1 [0116.637] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0116.637] SetEvent (hEvent=0x144) returned 1 [0116.638] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.640] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0116.640] SetEvent (hEvent=0x144) returned 1 [0116.640] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.641] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe30*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.642] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0116.642] SetEvent (hEvent=0x274) returned 1 [0116.642] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.643] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.643] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0116.643] SetEvent (hEvent=0x144) returned 1 [0116.643] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.644] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0117.440] SetEvent (hEvent=0x9c) returned 1 [0117.440] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0117.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0117.446] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000171cf4 | out: lpMode=0xc000171cf4) returned 0 [0117.449] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0117.597] GetFileType (hFile=0x2bc) returned 0x1 [0117.597] GetFileType (hFile=0x2bc) returned 0x1 [0117.597] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000171d44 | out: lpFileInformation=0xc000171d44) returned 1 [0117.597] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000171d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000171d28) returned 1 [0117.597] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00027c240, nNumberOfBytesToRead=0x22b, lpNumberOfBytesRead=0xc000171c04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c240*, lpNumberOfBytesRead=0xc000171c04*=0x2b, lpOverlapped=0x0) returned 1 [0117.604] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00027c26b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000171c04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c26b*, lpNumberOfBytesRead=0xc000171c04*=0x0, lpOverlapped=0x0) returned 1 [0117.604] CloseHandle (hObject=0x2bc) returned 1 [0117.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0117.759] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0117.771] GetConsoleMode (in: hConsoleHandle=0x260, lpMode=0xc000171d04 | out: lpMode=0xc000171d04) returned 0 [0117.772] GetFileType (hFile=0x284) returned 0x1 [0117.772] WriteFile (in: hFile=0x284, lpBuffer=0xc00036ac60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00036ac60*, lpNumberOfBytesWritten=0xc0001b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.772] CloseHandle (hObject=0x284) returned 1 [0117.772] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-bs-components[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bs-components[1].css"), dwFlags=0x1) returned 1 [0118.410] SetEvent (hEvent=0x29c) returned 1 [0118.410] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0118.412] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0118.414] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0118.415] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0118.416] SetEvent (hEvent=0x274) returned 1 [0118.416] SwitchToThread () returned 1 [0118.418] SetEvent (hEvent=0x274) returned 1 [0118.419] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0118.420] SetEvent (hEvent=0x274) returned 1 [0118.420] SetEvent (hEvent=0x26c) returned 1 [0118.420] SetEvent (hEvent=0x29c) returned 1 [0118.420] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0118.795] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3bc [0118.796] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0118.799] GetFileType (hFile=0x3bc) returned 0x1 [0118.799] GetFileType (hFile=0x3bc) returned 0x1 [0118.800] GetFileInformationByHandle (in: hFile=0x3bc, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0118.800] GetFileInformationByHandleEx (in: hFile=0x3bc, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0118.800] ReadFile (in: hFile=0x3bc, lpBuffer=0xc0000e8a80, nNumberOfBytesToRead=0xa2d, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e8a80*, lpNumberOfBytesRead=0xc000175c04*=0x82d, lpOverlapped=0x0) returned 1 [0118.807] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0118.870] ReadFile (in: hFile=0x3bc, lpBuffer=0xc0000e92ad, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e92ad*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0118.870] CloseHandle (hObject=0x3bc) returned 1 [0118.871] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0118.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0118.873] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc000175d04 | out: lpMode=0xc000175d04) returned 0 [0118.878] GetFileType (hFile=0x3bc) returned 0x1 [0118.878] WriteFile (in: hFile=0x3bc, lpBuffer=0xc000214900*, nNumberOfBytesToWrite=0x830, lpNumberOfBytesWritten=0xc000175cec, lpOverlapped=0x0 | out: lpBuffer=0xc000214900*, lpNumberOfBytesWritten=0xc000175cec*=0x830, lpOverlapped=0x0) returned 1 [0118.879] CloseHandle (hObject=0x3bc) returned 1 [0118.879] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000d01 | out: pbBuffer=0xc000000d01) returned 1 [0118.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0118.880] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0118.884] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0118.990] GetFileType (hFile=0x3bc) returned 0x1 [0118.990] WriteFile (in: hFile=0x3bc, lpBuffer=0xc000238000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000238000*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0118.991] CloseHandle (hObject=0x3bc) returned 1 [0118.997] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBVSkP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbvskp[1].jpg"), dwFlags=0x1) returned 1 [0119.222] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf698, ulCount=0x10, ulNumEntriesRemoved=0x291cf66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf698, ulNumEntriesRemoved=0x291cf66c) returned 0 [0119.222] SetEvent (hEvent=0x9c) returned 1 [0119.222] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe08*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.223] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x291cf6a0, ulCount=0x10, ulNumEntriesRemoved=0x291cf674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x291cf6a0, ulNumEntriesRemoved=0x291cf674) returned 0 [0119.223] SetEvent (hEvent=0x9c) returned 1 [0119.223] WaitForMultipleObjects (nCount=0x2, lpHandles=0x291cfe18*=0x15c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.236] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0141.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3f0 [0141.526] GetConsoleMode (in: hConsoleHandle=0x3f0, lpMode=0xc000385cf4 | out: lpMode=0xc000385cf4) returned 0 [0141.530] GetFileType (hFile=0x3f0) returned 0x1 [0141.530] GetFileType (hFile=0x3f0) returned 0x1 [0141.531] GetFileInformationByHandle (in: hFile=0x3f0, lpFileInformation=0xc000385d44 | out: lpFileInformation=0xc000385d44) returned 1 [0141.531] GetFileInformationByHandleEx (in: hFile=0x3f0, FileInformationClass=0x9, lpFileInformation=0xc000385d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000385d28) returned 1 [0141.531] VirtualAlloc (lpAddress=0xc0004be000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004be000 [0141.533] ReadFile (in: hFile=0x3f0, lpBuffer=0xc0004be000, nNumberOfBytesToRead=0x45a3, lpNumberOfBytesRead=0xc000385c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004be000*, lpNumberOfBytesRead=0xc000385c04*=0x43a3, lpOverlapped=0x0) returned 1 [0142.612] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0143.264] ReadFile (in: hFile=0x3f0, lpBuffer=0xc0004c23a3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000385c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004c23a3*, lpNumberOfBytesRead=0xc000385c04*=0x0, lpOverlapped=0x0) returned 1 [0143.264] CloseHandle (hObject=0x3f0) returned 1 [0143.264] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3f0 [0143.266] GetConsoleMode (in: hConsoleHandle=0x3f0, lpMode=0xc000385d04 | out: lpMode=0xc000385d04) returned 0 [0143.281] GetFileType (hFile=0x3f0) returned 0x1 [0143.281] WriteFile (in: hFile=0x3f0, lpBuffer=0xc0004c2800*, nNumberOfBytesToWrite=0x43b0, lpNumberOfBytesWritten=0xc000385cec, lpOverlapped=0x0 | out: lpBuffer=0xc0004c2800*, lpNumberOfBytesWritten=0xc000385cec*=0x43b0, lpOverlapped=0x0) returned 1 [0143.283] CloseHandle (hObject=0x3f0) returned 1 [0143.283] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b301 | out: pbBuffer=0xc00031b301) returned 1 [0143.284] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3f0 [0143.284] GetConsoleMode (in: hConsoleHandle=0x3f0, lpMode=0xc000385d64 | out: lpMode=0xc000385d64) returned 0 [0143.291] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0144.165] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) returned 0x0 [0144.171] SetEvent (hEvent=0xbc0) returned 1 [0144.171] SetEvent (hEvent=0xb90) returned 1 [0144.171] WaitForSingleObject (hHandle=0x15c, dwMilliseconds=0xffffffff) Thread: id = 21 os_tid = 0x8a4 [0096.237] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2945fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2945fea0*=0x14c) returned 1 [0096.237] VirtualQuery (in: lpAddress=0x2945fec0, lpBuffer=0x2945fec0, dwLength=0x30 | out: lpBuffer=0x2945fec0*(BaseAddress=0x2945f000, AllocationBase=0x29260000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0096.237] SetEvent (hEvent=0x8c) returned 1 [0096.238] SetEvent (hEvent=0x114) returned 1 [0096.238] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xfc [0096.238] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xf8 [0096.238] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0096.245] SetEvent (hEvent=0x100) returned 1 [0096.245] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.348] SetEvent (hEvent=0x12c) returned 1 [0099.349] SetEvent (hEvent=0x120) returned 1 [0099.349] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.648] SetEvent (hEvent=0x120) returned 1 [0099.648] SetEvent (hEvent=0x15c) returned 1 [0099.648] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.788] SetEvent (hEvent=0x120) returned 1 [0099.788] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.794] SetEvent (hEvent=0x120) returned 1 [0099.794] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.795] SetEvent (hEvent=0x120) returned 1 [0099.795] SetEvent (hEvent=0x13c) returned 1 [0099.795] SetEvent (hEvent=0x100) returned 1 [0099.795] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.800] SetEvent (hEvent=0x15c) returned 1 [0099.800] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.807] SetEvent (hEvent=0x15c) returned 1 [0099.807] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.809] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.814] SetEvent (hEvent=0x120) returned 1 [0099.814] SetEvent (hEvent=0x100) returned 1 [0099.814] SwitchToThread () returned 1 [0099.818] SetEvent (hEvent=0x120) returned 1 [0099.818] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.825] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.827] SetEvent (hEvent=0x120) returned 1 [0099.827] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.834] SetEvent (hEvent=0x120) returned 1 [0099.834] SetEvent (hEvent=0x100) returned 1 [0099.834] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.834] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.834] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.834] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x165, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.835] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.835] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.835] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0099.835] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x165)) returned 1 [0099.836] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.836] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x25f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.836] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.836] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.836] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x25f)) returned 1 [0099.841] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.843] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.843] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.844] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0099.844] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.844] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.844] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x147, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.844] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.844] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.844] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x147)) returned 1 [0099.845] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.845] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.845] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee1e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ee1e40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.845] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.845] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.845] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.845] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ee1e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ee3d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9)) returned 1 [0099.847] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.851] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0099.852] SetEvent (hEvent=0x120) returned 1 [0099.852] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.852] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.853] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.853] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.853] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.854] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.854] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.854] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1c2)) returned 1 [0099.854] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.854] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.854] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.854] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.854] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.854] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.854] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5)) returned 1 [0099.862] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.862] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.862] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0099.863] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.863] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.863] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.863] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.863] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.863] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc6)) returned 1 [0099.863] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.864] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.864] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.864] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x183, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.864] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.864] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.864] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x183)) returned 1 [0099.869] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.880] SwitchToThread () returned 1 [0099.882] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.884] SetEvent (hEvent=0x12c) returned 1 [0099.884] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.885] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0099.885] SetEvent (hEvent=0x12c) returned 1 [0099.885] SetEvent (hEvent=0x9c) returned 1 [0099.888] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.897] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.898] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0099.939] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.939] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.943] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0099.943] SetEvent (hEvent=0xc0) returned 1 [0099.943] SetEvent (hEvent=0x12c) returned 1 [0099.943] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.964] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.964] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0099.964] SetEvent (hEvent=0x120) returned 1 [0099.964] SetEvent (hEvent=0x9c) returned 1 [0099.964] VirtualAlloc (lpAddress=0xc000176000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000176000 [0099.966] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.972] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.977] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.978] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0099.978] SetEvent (hEvent=0xc0) returned 1 [0099.978] SetEvent (hEvent=0x12c) returned 1 [0099.978] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0099.979] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0099.979] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0099.980] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.984] SetEvent (hEvent=0x120) returned 1 [0099.984] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0099.984] SetEvent (hEvent=0x120) returned 1 [0099.984] SetEvent (hEvent=0x15c) returned 1 [0099.984] VirtualFree (lpAddress=0xc0001ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.985] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.985] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.985] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.986] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.986] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.986] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.986] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.986] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.987] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.987] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.987] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0099.987] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0099.988] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.988] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.988] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.988] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f07fa0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f07fa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.988] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.988] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.988] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.989] VirtualAlloc (lpAddress=0xc0001d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d6000 [0099.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f08770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x1c3)) returned 1 [0099.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.990] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.990] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f07fa0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.990] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12c, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.990] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.990] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12c)) returned 1 [0099.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.997] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.997] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.997] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.997] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.997] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.998] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcb)) returned 1 [0099.998] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0099.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0099.998] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0099.998] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2e100, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f2e100, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0099.998] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x20b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0099.998] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0099.999] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0099.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f2f870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x20b)) returned 1 [0099.999] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.010] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.010] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f2e100, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.010] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.010] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.010] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.010] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x862fc2f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb1)) returned 1 [0100.011] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0100.011] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0100.011] VirtualAlloc (lpAddress=0xc0001d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001d8000 [0100.012] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0100.012] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x96, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0100.012] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0100.012] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0100.012] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x47d5c900, ftLastWriteTime.dwHighDateTime=0x1d1781e, nFileSizeHigh=0x0, nFileSizeLow=0x96)) returned 1 [0100.012] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85f54260, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85f54260, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85f54260, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0100.022] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0100.037] SetEvent (hEvent=0x9c) returned 1 [0100.037] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0100.184] SetEvent (hEvent=0x8c) returned 1 [0100.184] SetEvent (hEvent=0x15c) returned 1 [0100.184] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0101.492] SetEvent (hEvent=0x120) returned 1 [0101.492] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0101.614] SetEvent (hEvent=0xb8) returned 1 [0101.614] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0101.650] SetEvent (hEvent=0x15c) returned 1 [0101.650] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0101.651] SetEvent (hEvent=0x120) returned 1 [0101.651] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0101.743] SetEvent (hEvent=0xb8) returned 1 [0101.743] SetEvent (hEvent=0x120) returned 1 [0101.743] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0101.797] VirtualFree (lpAddress=0xc00015c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.797] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.797] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.798] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.798] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.798] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.798] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0101.799] SetEvent (hEvent=0x120) returned 1 [0101.799] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.043] SetEvent (hEvent=0x8c) returned 1 [0102.043] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.072] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0360*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000bb818, lpReserved=0x0 | out: lpBuffer=0xc0000a0360*, lpNumberOfCharsWritten=0xc0000bb818*=0x3) returned 1 [0102.076] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.128] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.129] SetEvent (hEvent=0x15c) returned 1 [0102.129] SetEvent (hEvent=0x114) returned 1 [0102.129] SetEvent (hEvent=0x9c) returned 1 [0102.129] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.134] SetEvent (hEvent=0x114) returned 1 [0102.134] VirtualFree (lpAddress=0xc000286000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.135] VirtualFree (lpAddress=0xc000282000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.135] VirtualFree (lpAddress=0xc00027c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.135] VirtualFree (lpAddress=0xc00026c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0102.135] VirtualFree (lpAddress=0xc000200000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.136] VirtualFree (lpAddress=0xc0001da000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.136] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.136] VirtualFree (lpAddress=0xc000160000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.136] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.136] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.137] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.137] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.137] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.137] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.137] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.138] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.138] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.138] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.138] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.138] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.138] GetFileType (hFile=0x170) returned 0x1 [0102.139] WriteFile (in: hFile=0x170, lpBuffer=0xc000130000*, nNumberOfBytesToWrite=0x330, lpNumberOfBytesWritten=0xc000115cec, lpOverlapped=0x0 | out: lpBuffer=0xc000130000*, lpNumberOfBytesWritten=0xc000115cec*=0x330, lpOverlapped=0x0) returned 1 [0102.139] CloseHandle (hObject=0x170) returned 1 [0102.140] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0102.140] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0102.140] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000115d64 | out: lpMode=0xc000115d64) returned 0 [0102.145] GetFileType (hFile=0x170) returned 0x1 [0102.145] WriteFile (in: hFile=0x170, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000115d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000115d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.145] CloseHandle (hObject=0x170) returned 1 [0102.145] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\encry-craw_window.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\encry-craw_window.html"), dwFlags=0x1) returned 1 [0102.146] GetFileType (hFile=0x128) returned 0x1 [0102.146] WriteFile (in: hFile=0x128, lpBuffer=0xc0001c0000*, nNumberOfBytesToWrite=0x530, lpNumberOfBytesWritten=0xc00015bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0000*, lpNumberOfBytesWritten=0xc00015bcec*=0x530, lpOverlapped=0x0) returned 1 [0102.147] CloseHandle (hObject=0x128) returned 1 [0102.147] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0102.147] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0102.147] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00015bd64 | out: lpMode=0xc00015bd64) returned 0 [0102.151] GetFileType (hFile=0x128) returned 0x1 [0102.151] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc00015bd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.151] CloseHandle (hObject=0x128) returned 1 [0102.152] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\encry-manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\encry-manifest.json"), dwFlags=0x1) returned 1 [0102.152] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0102.153] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000e5d04 | out: lpMode=0xc0000e5d04) returned 0 [0102.159] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.164] SetEvent (hEvent=0x9c) returned 1 [0102.164] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.164] SetEvent (hEvent=0x15c) returned 1 [0102.164] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.216] SetEvent (hEvent=0x114) returned 1 [0102.216] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0102.216] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001a3cf4 | out: lpMode=0xc0001a3cf4) returned 0 [0102.221] GetFileType (hFile=0x144) returned 0x1 [0102.221] GetFileType (hFile=0x144) returned 0x1 [0102.221] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0001a3d44 | out: lpFileInformation=0xc0001a3d44) returned 1 [0102.222] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0001a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a3d28) returned 1 [0102.222] ReadFile (in: hFile=0x144, lpBuffer=0xc00029a000, nNumberOfBytesToRead=0x2f9, lpNumberOfBytesRead=0xc0001a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029a000*, lpNumberOfBytesRead=0xc0001a3c04*=0xf9, lpOverlapped=0x0) returned 1 [0102.223] ReadFile (in: hFile=0x144, lpBuffer=0xc00029a0f9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029a0f9*, lpNumberOfBytesRead=0xc0001a3c04*=0x0, lpOverlapped=0x0) returned 1 [0102.223] CloseHandle (hObject=0x144) returned 1 [0102.223] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.224] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001a3d04 | out: lpMode=0xc0001a3d04) returned 0 [0102.225] GetFileType (hFile=0x144) returned 0x1 [0102.225] WriteFile (in: hFile=0x144, lpBuffer=0xc000532000*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc0001a3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000532000*, lpNumberOfBytesWritten=0xc0001a3cec*=0x100, lpOverlapped=0x0) returned 1 [0102.226] CloseHandle (hObject=0x144) returned 1 [0102.226] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0102.226] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0102.226] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001a3d64 | out: lpMode=0xc0001a3d64) returned 0 [0102.228] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.230] GetFileType (hFile=0x144) returned 0x1 [0102.230] WriteFile (in: hFile=0x144, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.230] CloseHandle (hObject=0x144) returned 1 [0102.231] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\cs\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.235] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.240] SetEvent (hEvent=0x114) returned 1 [0102.331] SetEvent (hEvent=0x114) returned 1 [0102.331] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.331] SetEvent (hEvent=0x114) returned 1 [0102.332] SetEvent (hEvent=0x15c) returned 1 [0102.332] VirtualFree (lpAddress=0xc0002a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.332] VirtualFree (lpAddress=0xc000298000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0102.333] VirtualFree (lpAddress=0xc00028e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.333] VirtualFree (lpAddress=0xc00025a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.333] VirtualFree (lpAddress=0xc000230000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.333] VirtualFree (lpAddress=0xc000222000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.334] VirtualFree (lpAddress=0xc000202000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.334] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.334] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.334] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0102.335] VirtualFree (lpAddress=0xc00004e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0102.335] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0102.335] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0102.336] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0102.337] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001c7d04 | out: lpMode=0xc0001c7d04) returned 0 [0102.338] GetFileType (hFile=0xec) returned 0x1 [0102.338] WriteFile (in: hFile=0xec, lpBuffer=0xc0001d7000*, nNumberOfBytesToWrite=0x2e00, lpNumberOfBytesWritten=0xc0001c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001d7000*, lpNumberOfBytesWritten=0xc0001c7cec*=0x2e00, lpOverlapped=0x0) returned 1 [0102.339] CloseHandle (hObject=0xec) returned 1 [0102.340] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0102.340] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0102.340] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0102.340] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001c7d64 | out: lpMode=0xc0001c7d64) returned 0 [0102.343] GetFileType (hFile=0xec) returned 0x1 [0102.343] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0001c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.343] CloseHandle (hObject=0xec) returned 1 [0102.343] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\verified_contents.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\encry-verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\_metadata\\encry-verified_contents.json"), dwFlags=0x1) returned 1 [0102.344] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0102.345] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0102.345] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00015dcf4 | out: lpMode=0xc00015dcf4) returned 0 [0102.346] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.351] SetEvent (hEvent=0x114) returned 1 [0102.351] GetFileType (hFile=0xec) returned 0x1 [0102.351] GetFileType (hFile=0xec) returned 0x1 [0102.351] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00015dd44 | out: lpFileInformation=0xc00015dd44) returned 1 [0102.351] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00015dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015dd28) returned 1 [0102.351] VirtualAlloc (lpAddress=0xc0001fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001fe000 [0102.351] ReadFile (in: hFile=0xec, lpBuffer=0xc0001fe000, nNumberOfBytesToRead=0x324, lpNumberOfBytesRead=0xc00015dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001fe000*, lpNumberOfBytesRead=0xc00015dc04*=0x124, lpOverlapped=0x0) returned 1 [0102.352] ReadFile (in: hFile=0xec, lpBuffer=0xc0001fe124, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001fe124*, lpNumberOfBytesRead=0xc00015dc04*=0x0, lpOverlapped=0x0) returned 1 [0102.352] CloseHandle (hObject=0xec) returned 1 [0102.352] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0102.353] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0102.353] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0102.353] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0102.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0102.355] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00015dd04 | out: lpMode=0xc00015dd04) returned 0 [0102.359] GetFileType (hFile=0xec) returned 0x1 [0102.359] WriteFile (in: hFile=0xec, lpBuffer=0xc000040000*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0xc00015dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesWritten=0xc00015dcec*=0x130, lpOverlapped=0x0) returned 1 [0102.360] CloseHandle (hObject=0xec) returned 1 [0102.360] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0102.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0102.360] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00015dd64 | out: lpMode=0xc00015dd64) returned 0 [0102.366] GetFileType (hFile=0xec) returned 0x1 [0102.366] WriteFile (in: hFile=0xec, lpBuffer=0xc0002b2160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002b2160*, lpNumberOfBytesWritten=0xc00015dd4c*=0x158, lpOverlapped=0x0) returned 1 [0102.367] CloseHandle (hObject=0xec) returned 1 [0102.367] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\bg\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.368] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.444] SetEvent (hEvent=0x114) returned 1 [0102.445] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.448] SetEvent (hEvent=0x114) returned 1 [0102.448] SetEvent (hEvent=0x108) returned 1 [0102.448] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0102.448] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0102.450] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.455] GetFileType (hFile=0x148) returned 0x1 [0102.455] GetFileType (hFile=0x148) returned 0x1 [0102.455] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0102.455] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0102.455] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0102.455] ReadFile (in: hFile=0x148, lpBuffer=0xc0000ce000, nNumberOfBytesToRead=0x300, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesRead=0xc000247c04*=0x100, lpOverlapped=0x0) returned 1 [0102.457] ReadFile (in: hFile=0x148, lpBuffer=0xc0000ce100, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce100*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0102.457] CloseHandle (hObject=0x148) returned 1 [0102.457] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0102.457] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0102.458] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000247d04 | out: lpMode=0xc000247d04) returned 0 [0102.459] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.461] GetFileType (hFile=0x148) returned 0x1 [0102.461] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.468] WriteFile (in: hFile=0x148, lpBuffer=0xc0000be240*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000247cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000be240*, lpNumberOfBytesWritten=0xc000247cec*=0x110, lpOverlapped=0x0) returned 1 [0102.469] CloseHandle (hObject=0x148) returned 1 [0102.469] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0102.469] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0102.469] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0102.470] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0102.470] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0102.471] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0102.471] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0102.471] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0102.485] GetFileType (hFile=0x148) returned 0x1 [0102.485] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0102.485] CloseHandle (hObject=0x148) returned 1 [0102.486] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fi\\encry-messages.json"), dwFlags=0x1) returned 1 [0102.486] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0102.487] SetEvent (hEvent=0x108) returned 1 [0102.487] SetEvent (hEvent=0x13c) returned 1 [0102.487] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0102.488] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.502] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.502] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0102.502] SetEvent (hEvent=0x13c) returned 1 [0102.502] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.566] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.566] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0102.566] SetEvent (hEvent=0x9c) returned 1 [0102.566] SetEvent (hEvent=0x100) returned 1 [0102.566] SetEvent (hEvent=0x12c) returned 1 [0102.567] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.569] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.570] SetEvent (hEvent=0x100) returned 1 [0102.570] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.572] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.572] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0102.573] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0102.573] SetEvent (hEvent=0x108) returned 1 [0102.573] SetEvent (hEvent=0x13c) returned 1 [0102.573] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0102.574] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.574] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0102.574] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc000065cf4 | out: lpMode=0xc000065cf4) returned 0 [0102.577] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.586] SetEvent (hEvent=0x13c) returned 1 [0102.586] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.638] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.645] SetEvent (hEvent=0x100) returned 1 [0102.645] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.647] SetEvent (hEvent=0x13c) returned 1 [0102.647] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.651] SetEvent (hEvent=0x12c) returned 1 [0102.651] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.675] SetEvent (hEvent=0x13c) returned 1 [0102.675] SetEvent (hEvent=0x12c) returned 1 [0102.675] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.708] SetEvent (hEvent=0x13c) returned 1 [0102.708] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.726] SetEvent (hEvent=0x13c) returned 1 [0102.726] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.728] SetEvent (hEvent=0x114) returned 1 [0102.728] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.731] SetEvent (hEvent=0x100) returned 1 [0102.731] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.752] SetEvent (hEvent=0x114) returned 1 [0102.752] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.768] SetEvent (hEvent=0x114) returned 1 [0102.768] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0102.997] SetEvent (hEvent=0x13c) returned 1 [0102.997] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.003] SetEvent (hEvent=0x15c) returned 1 [0103.003] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.013] SetEvent (hEvent=0x100) returned 1 [0103.013] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0103.028] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000157cf4 | out: lpMode=0xc000157cf4) returned 0 [0103.033] GetFileType (hFile=0x148) returned 0x1 [0103.033] GetFileType (hFile=0x148) returned 0x1 [0103.034] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000157d44 | out: lpFileInformation=0xc000157d44) returned 1 [0103.034] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000157d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000157d28) returned 1 [0103.034] ReadFile (in: hFile=0x148, lpBuffer=0xc000284800, nNumberOfBytesToRead=0x424b, lpNumberOfBytesRead=0xc000157c04, lpOverlapped=0x0 | out: lpBuffer=0xc000284800*, lpNumberOfBytesRead=0xc000157c04*=0x404b, lpOverlapped=0x0) returned 1 [0103.037] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.039] ReadFile (in: hFile=0x148, lpBuffer=0xc00028884b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000157c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028884b*, lpNumberOfBytesRead=0xc000157c04*=0x0, lpOverlapped=0x0) returned 1 [0103.039] CloseHandle (hObject=0x148) returned 1 [0103.039] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0103.040] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.041] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000157d04 | out: lpMode=0xc000157d04) returned 0 [0103.052] GetFileType (hFile=0x148) returned 0x1 [0103.052] WriteFile (in: hFile=0x148, lpBuffer=0xc000289000*, nNumberOfBytesToWrite=0x4050, lpNumberOfBytesWritten=0xc000157cec, lpOverlapped=0x0 | out: lpBuffer=0xc000289000*, lpNumberOfBytesWritten=0xc000157cec*=0x4050, lpOverlapped=0x0) returned 1 [0103.054] CloseHandle (hObject=0x148) returned 1 [0103.054] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0103.054] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0103.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\es\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.056] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000157d64 | out: lpMode=0xc000157d64) returned 0 [0103.072] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.081] GetFileType (hFile=0x148) returned 0x1 [0103.081] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.094] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.097] SetEvent (hEvent=0x9c) returned 1 [0103.097] SetEvent (hEvent=0x13c) returned 1 [0103.097] SetEvent (hEvent=0x108) returned 1 [0103.097] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.104] VirtualFree (lpAddress=0xc0002c0000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0103.105] VirtualFree (lpAddress=0xc000292000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0103.106] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.106] VirtualFree (lpAddress=0xc000236000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.106] VirtualFree (lpAddress=0xc000232000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.107] VirtualFree (lpAddress=0xc000212000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0103.107] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.108] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.108] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.108] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.108] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.109] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.109] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.109] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.109] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.110] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.110] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0103.110] SetEvent (hEvent=0x108) returned 1 [0103.110] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.113] SetEvent (hEvent=0x9c) returned 1 [0103.113] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.158] SetEvent (hEvent=0x9c) returned 1 [0103.158] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.170] SetEvent (hEvent=0x13c) returned 1 [0103.171] SetEvent (hEvent=0x9c) returned 1 [0103.171] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.211] SetEvent (hEvent=0x13c) returned 1 [0103.211] SwitchToThread () returned 1 [0103.216] SetEvent (hEvent=0x13c) returned 1 [0103.216] SetEvent (hEvent=0x15c) returned 1 [0103.216] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.219] VirtualFree (lpAddress=0xc00027c000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0103.220] VirtualFree (lpAddress=0xc000262000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.220] VirtualFree (lpAddress=0xc00025e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.220] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.220] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0103.221] VirtualFree (lpAddress=0xc00021c000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0103.221] VirtualFree (lpAddress=0xc000164000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.221] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.222] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.222] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.222] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.222] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.223] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0103.223] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83476840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83478f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.224] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.224] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83476840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83478f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.224] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83476840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83478f50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.224] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83478f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x419f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.224] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.224] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.224] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83478f50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83478f50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x419f)) returned 1 [0103.224] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8347dd70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83480480, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.225] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.225] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8347dd70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83480480, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.225] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8347dd70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83480480, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.225] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83480480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5079, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.225] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.225] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.225] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83480480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83480480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5079)) returned 1 [0103.231] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834852a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834879b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.231] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.231] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834852a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834879b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.231] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834852a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834879b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.231] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834879b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x50f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.231] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.231] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.231] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834879b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834879b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x50f7)) returned 1 [0103.232] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8348c7d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8348eee0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.232] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8348c7d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8348eee0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.232] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0103.233] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8348c7d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8348eee0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.233] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8348eee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ff2, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.233] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.233] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.233] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8348eee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8348eee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83986e70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ff2)) returned 1 [0103.238] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.245] SwitchToThread () returned 1 [0103.329] SetEvent (hEvent=0x13c) returned 1 [0103.329] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.336] VirtualFree (lpAddress=0xc0002be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.337] VirtualFree (lpAddress=0xc000268000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.337] VirtualFree (lpAddress=0xc000264000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.337] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.338] VirtualFree (lpAddress=0xc000160000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.338] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.338] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.338] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.338] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.339] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.339] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.339] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.339] SetEvent (hEvent=0x108) returned 1 [0103.339] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.353] SetEvent (hEvent=0x15c) returned 1 [0103.353] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.357] SetEvent (hEvent=0x15c) returned 1 [0103.357] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.357] SetEvent (hEvent=0x15c) returned 1 [0103.357] SetEvent (hEvent=0x100) returned 1 [0103.357] SetEvent (hEvent=0x108) returned 1 [0103.358] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.373] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0103.373] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0103.373] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x170 [0103.375] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000151cf4 | out: lpMode=0xc000151cf4) returned 0 [0103.380] GetFileType (hFile=0x170) returned 0x1 [0103.380] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0103.380] GetFileType (hFile=0x170) returned 0x1 [0103.380] GetFileInformationByHandle (in: hFile=0x170, lpFileInformation=0xc000151d44 | out: lpFileInformation=0xc000151d44) returned 1 [0103.381] GetFileInformationByHandleEx (in: hFile=0x170, FileInformationClass=0x9, lpFileInformation=0xc000151d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000151d28) returned 1 [0103.381] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0103.381] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0103.382] ReadFile (in: hFile=0x170, lpBuffer=0xc00028c000, nNumberOfBytesToRead=0x410c, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesRead=0xc000151c04*=0x3f0c, lpOverlapped=0x0) returned 1 [0103.383] ReadFile (in: hFile=0x170, lpBuffer=0xc00028ff0c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028ff0c*, lpNumberOfBytesRead=0xc000151c04*=0x0, lpOverlapped=0x0) returned 1 [0103.383] CloseHandle (hObject=0x170) returned 1 [0103.383] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0103.384] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0103.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0103.385] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000151d04 | out: lpMode=0xc000151d04) returned 0 [0103.400] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.412] GetFileType (hFile=0x170) returned 0x1 [0103.413] WriteFile (in: hFile=0x170, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x3f10, lpNumberOfBytesWritten=0xc000151cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc000151cec*=0x3f10, lpOverlapped=0x0) returned 1 [0103.414] CloseHandle (hObject=0x170) returned 1 [0103.414] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082201 | out: pbBuffer=0xc000082201) returned 1 [0103.414] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0103.415] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0103.415] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x170 [0103.415] GetConsoleMode (in: hConsoleHandle=0x170, lpMode=0xc000151d64 | out: lpMode=0xc000151d64) returned 0 [0103.417] GetFileType (hFile=0x170) returned 0x1 [0103.417] WriteFile (in: hFile=0x170, lpBuffer=0xc0001de580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000151d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001de580*, lpNumberOfBytesWritten=0xc000151d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.417] CloseHandle (hObject=0x170) returned 1 [0103.417] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\it\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.419] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0103.419] SetEvent (hEvent=0x164) returned 1 [0103.419] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc000081180, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x170 [0103.425] CloseHandle (hObject=0x170) returned 1 [0103.425] SetEvent (hEvent=0x114) returned 1 [0103.425] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.434] SetEvent (hEvent=0x8c) returned 1 [0103.434] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.476] SetEvent (hEvent=0x15c) returned 1 [0103.476] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.501] SetEvent (hEvent=0x188) returned 1 [0103.501] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.515] SetEvent (hEvent=0x188) returned 1 [0103.515] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.518] SetEvent (hEvent=0x114) returned 1 [0103.518] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.528] SetEvent (hEvent=0x188) returned 1 [0103.528] SetEvent (hEvent=0x13c) returned 1 [0103.528] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.602] SetEvent (hEvent=0x100) returned 1 [0103.602] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0103.603] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000289cf4 | out: lpMode=0xc000289cf4) returned 0 [0103.606] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.616] SetEvent (hEvent=0x114) returned 1 [0103.616] GetFileType (hFile=0x148) returned 0x1 [0103.616] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.620] GetFileType (hFile=0x148) returned 0x1 [0103.620] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000289d44 | out: lpFileInformation=0xc000289d44) returned 1 [0103.620] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000289d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000289d28) returned 1 [0103.620] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0103.620] ReadFile (in: hFile=0x148, lpBuffer=0xc000264000, nNumberOfBytesToRead=0x3f72, lpNumberOfBytesRead=0xc000289c04, lpOverlapped=0x0 | out: lpBuffer=0xc000264000*, lpNumberOfBytesRead=0xc000289c04*=0x3d72, lpOverlapped=0x0) returned 1 [0103.628] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.630] ReadFile (in: hFile=0x148, lpBuffer=0xc000267d72, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000289c04, lpOverlapped=0x0 | out: lpBuffer=0xc000267d72*, lpNumberOfBytesRead=0xc000289c04*=0x0, lpOverlapped=0x0) returned 1 [0103.630] CloseHandle (hObject=0x148) returned 1 [0103.630] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0103.630] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0103.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.632] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000289d04 | out: lpMode=0xc000289d04) returned 0 [0103.634] GetFileType (hFile=0x148) returned 0x1 [0103.634] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0103.635] WriteFile (in: hFile=0x148, lpBuffer=0xc000052000*, nNumberOfBytesToWrite=0x3d80, lpNumberOfBytesWritten=0xc000289cec, lpOverlapped=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfBytesWritten=0xc000289cec*=0x3d80, lpOverlapped=0x0) returned 1 [0103.636] CloseHandle (hObject=0x148) returned 1 [0103.636] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0103.637] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0103.637] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0103.637] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0103.637] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0103.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.638] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000289d64 | out: lpMode=0xc000289d64) returned 0 [0103.641] GetFileType (hFile=0x148) returned 0x1 [0103.641] WriteFile (in: hFile=0x148, lpBuffer=0xc000130000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000289d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000130000*, lpNumberOfBytesWritten=0xc000289d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.642] CloseHandle (hObject=0x148) returned 1 [0103.642] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0103.642] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0103.642] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.643] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.644] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.644] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.644] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0103.645] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00018fcf4 | out: lpMode=0xc00018fcf4) returned 0 [0103.646] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.651] SetEvent (hEvent=0x114) returned 1 [0103.651] GetFileType (hFile=0x148) returned 0x1 [0103.651] GetFileType (hFile=0x148) returned 0x1 [0103.651] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc00018fd44 | out: lpFileInformation=0xc00018fd44) returned 1 [0103.651] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc00018fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018fd28) returned 1 [0103.651] ReadFile (in: hFile=0x148, lpBuffer=0xc0002d7000, nNumberOfBytesToRead=0x41dc, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002d7000*, lpNumberOfBytesRead=0xc00018fc04*=0x3fdc, lpOverlapped=0x0) returned 1 [0103.659] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.661] ReadFile (in: hFile=0x148, lpBuffer=0xc0002dafdc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002dafdc*, lpNumberOfBytesRead=0xc00018fc04*=0x0, lpOverlapped=0x0) returned 1 [0103.661] CloseHandle (hObject=0x148) returned 1 [0103.661] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0103.661] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0103.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.663] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00018fd04 | out: lpMode=0xc00018fd04) returned 0 [0103.665] GetFileType (hFile=0x148) returned 0x1 [0103.665] WriteFile (in: hFile=0x148, lpBuffer=0xc00005c000*, nNumberOfBytesToWrite=0x3fe0, lpNumberOfBytesWritten=0xc00018fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesWritten=0xc00018fcec*=0x3fe0, lpOverlapped=0x0) returned 1 [0103.666] CloseHandle (hObject=0x148) returned 1 [0103.667] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0103.667] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0103.667] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0103.667] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0103.668] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0103.668] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0103.669] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.669] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00018fd64 | out: lpMode=0xc00018fd64) returned 0 [0103.670] GetFileType (hFile=0x148) returned 0x1 [0103.670] WriteFile (in: hFile=0x148, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc00018fd4c*=0x158, lpOverlapped=0x0) returned 1 [0103.670] CloseHandle (hObject=0x148) returned 1 [0103.670] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.671] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.671] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0103.672] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000197cf4 | out: lpMode=0xc000197cf4) returned 0 [0103.672] GetFileType (hFile=0x148) returned 0x1 [0103.672] GetFileType (hFile=0x148) returned 0x1 [0103.672] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000197d44 | out: lpFileInformation=0xc000197d44) returned 1 [0103.672] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000197d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000197d28) returned 1 [0103.672] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0103.673] ReadFile (in: hFile=0x148, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x4b0e, lpNumberOfBytesRead=0xc000197c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc000197c04*=0x490e, lpOverlapped=0x0) returned 1 [0103.676] ReadFile (in: hFile=0x148, lpBuffer=0xc00021690e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000197c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021690e*, lpNumberOfBytesRead=0xc000197c04*=0x0, lpOverlapped=0x0) returned 1 [0103.676] CloseHandle (hObject=0x148) returned 1 [0103.676] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0103.677] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.678] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000197d04 | out: lpMode=0xc000197d04) returned 0 [0103.678] GetFileType (hFile=0x148) returned 0x1 [0103.679] WriteFile (in: hFile=0x148, lpBuffer=0xc00028c000*, nNumberOfBytesToWrite=0x4910, lpNumberOfBytesWritten=0xc000197cec, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesWritten=0xc000197cec*=0x4910, lpOverlapped=0x0) returned 1 [0103.680] CloseHandle (hObject=0x148) returned 1 [0103.680] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0103.680] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0103.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.681] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000197d64 | out: lpMode=0xc000197d64) returned 0 [0103.681] GetFileType (hFile=0x148) returned 0x1 [0103.681] WriteFile (in: hFile=0x148, lpBuffer=0xc000236000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000197d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000236000*, lpNumberOfBytesWritten=0xc000197d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.682] CloseHandle (hObject=0x148) returned 1 [0103.682] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0103.682] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.683] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.683] SetEvent (hEvent=0x114) returned 1 [0103.683] SetEvent (hEvent=0x164) returned 1 [0103.683] VirtualFree (lpAddress=0xc0002ce000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0103.684] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.684] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.684] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.685] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.685] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.685] VirtualFree (lpAddress=0xc00005c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.685] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.686] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0103.686] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0001b5cf4 | out: lpMode=0xc0001b5cf4) returned 0 [0103.687] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.689] GetFileType (hFile=0x148) returned 0x1 [0103.689] GetFileType (hFile=0x148) returned 0x1 [0103.689] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc0001b5d44 | out: lpFileInformation=0xc0001b5d44) returned 1 [0103.689] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc0001b5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b5d28) returned 1 [0103.689] ReadFile (in: hFile=0x148, lpBuffer=0xc00029e000, nNumberOfBytesToRead=0x427a, lpNumberOfBytesRead=0xc0001b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029e000*, lpNumberOfBytesRead=0xc0001b5c04*=0x407a, lpOverlapped=0x0) returned 1 [0103.695] ReadFile (in: hFile=0x148, lpBuffer=0xc0002a207a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a207a*, lpNumberOfBytesRead=0xc0001b5c04*=0x0, lpOverlapped=0x0) returned 1 [0103.695] CloseHandle (hObject=0x148) returned 1 [0103.695] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0103.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.697] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0001b5d04 | out: lpMode=0xc0001b5d04) returned 0 [0103.701] GetFileType (hFile=0x148) returned 0x1 [0103.701] WriteFile (in: hFile=0x148, lpBuffer=0xc0002a7000*, nNumberOfBytesToWrite=0x4080, lpNumberOfBytesWritten=0xc0001b5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a7000*, lpNumberOfBytesWritten=0xc0001b5cec*=0x4080, lpOverlapped=0x0) returned 1 [0103.702] CloseHandle (hObject=0x148) returned 1 [0103.703] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0103.703] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0103.703] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0103.703] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0001b5d64 | out: lpMode=0xc0001b5d64) returned 0 [0103.712] GetFileType (hFile=0x148) returned 0x1 [0103.712] WriteFile (in: hFile=0x148, lpBuffer=0xc000236840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000236840*, lpNumberOfBytesWritten=0xc0001b5d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.712] CloseHandle (hObject=0x148) returned 1 [0103.712] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.713] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0103.713] SetEvent (hEvent=0xb8) returned 1 [0103.713] SetEvent (hEvent=0x108) returned 1 [0103.713] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0103.715] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.721] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.721] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.730] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.730] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0103.730] SetEvent (hEvent=0x108) returned 1 [0103.730] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.754] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.754] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0103.754] SetEvent (hEvent=0xb8) returned 1 [0103.754] SetEvent (hEvent=0xf4) returned 1 [0103.755] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.758] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.758] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.766] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.766] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.767] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0103.767] SetEvent (hEvent=0xc0) returned 1 [0103.767] SetEvent (hEvent=0x100) returned 1 [0103.767] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.780] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.780] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0103.780] SetEvent (hEvent=0x100) returned 1 [0103.780] SetEvent (hEvent=0x9c) returned 1 [0103.781] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.784] SetEvent (hEvent=0x9c) returned 1 [0103.784] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.786] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0103.786] SetEvent (hEvent=0x114) returned 1 [0103.787] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.793] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.794] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0103.794] SetEvent (hEvent=0x9c) returned 1 [0103.794] SetEvent (hEvent=0x164) returned 1 [0103.795] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.795] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.795] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0103.795] SetEvent (hEvent=0x164) returned 1 [0103.795] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.801] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0103.801] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0103.802] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0103.802] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0103.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0103.803] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc00014fd04 | out: lpMode=0xc00014fd04) returned 0 [0103.812] GetFileType (hFile=0x194) returned 0x1 [0103.812] WriteFile (in: hFile=0x194, lpBuffer=0xc00005c000*, nNumberOfBytesToWrite=0x3fe0, lpNumberOfBytesWritten=0xc00014fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesWritten=0xc00014fcec*=0x3fe0, lpOverlapped=0x0) returned 1 [0103.813] CloseHandle (hObject=0x194) returned 1 [0103.813] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0103.813] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0103.813] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0103.814] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0103.814] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0103.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0103.815] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc00014fd64 | out: lpMode=0xc00014fd64) returned 0 [0103.823] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.837] GetFileType (hFile=0x194) returned 0x1 [0103.837] WriteFile (in: hFile=0x194, lpBuffer=0xc0002b4160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002b4160*, lpNumberOfBytesWritten=0xc00014fd4c*=0x158, lpOverlapped=0x0) returned 1 [0103.837] CloseHandle (hObject=0x194) returned 1 [0103.838] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.838] SetEvent (hEvent=0x114) returned 1 [0103.838] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0103.852] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0103.853] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0103.853] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.853] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.854] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.854] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.854] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.854] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.855] VirtualFree (lpAddress=0xc00005c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.855] VirtualFree (lpAddress=0xc000054000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0103.855] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.856] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.856] SetEvent (hEvent=0x108) returned 1 [0103.856] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.553] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0104.553] VirtualAlloc (lpAddress=0xc00028e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028e000 [0104.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0104.554] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0104.561] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.687] GetFileType (hFile=0x1b4) returned 0x1 [0104.687] VirtualAlloc (lpAddress=0xc000306000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000306000 [0104.687] VirtualAlloc (lpAddress=0xc000308000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000308000 [0104.688] GetFileType (hFile=0x1b4) returned 0x1 [0104.688] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0104.688] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0104.688] VirtualAlloc (lpAddress=0xc00030a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030a000 [0104.688] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00030a000, nNumberOfBytesToRead=0x2f2, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030a000*, lpNumberOfBytesRead=0xc000175c04*=0xf2, lpOverlapped=0x0) returned 1 [0104.689] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00030a0f2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030a0f2*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0104.689] CloseHandle (hObject=0x1b4) returned 1 [0104.689] VirtualAlloc (lpAddress=0xc00030c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030c000 [0104.690] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0104.691] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000175d04 | out: lpMode=0xc000175d04) returned 0 [0104.692] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.716] GetFileType (hFile=0x1b4) returned 0x1 [0104.716] WriteFile (in: hFile=0x1b4, lpBuffer=0xc000082300*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc000175cec, lpOverlapped=0x0 | out: lpBuffer=0xc000082300*, lpNumberOfBytesWritten=0xc000175cec*=0x100, lpOverlapped=0x0) returned 1 [0104.717] CloseHandle (hObject=0x1b4) returned 1 [0104.718] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0104.718] VirtualAlloc (lpAddress=0xc0003aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003aa000 [0104.718] VirtualAlloc (lpAddress=0xc0003ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ac000 [0104.718] VirtualAlloc (lpAddress=0xc0003ae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ae000 [0104.719] VirtualAlloc (lpAddress=0xc0003b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003b0000 [0104.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0104.719] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0104.720] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.721] SetEvent (hEvent=0xc0) returned 1 [0104.721] GetFileType (hFile=0x1b4) returned 0x1 [0104.722] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.731] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000fa000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.732] CloseHandle (hObject=0x1b4) returned 1 [0104.732] VirtualAlloc (lpAddress=0xc0003b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003b2000 [0104.732] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\cast_app_redirect.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\encry-cast_app_redirect.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\encry-cast_app_redirect.js"), dwFlags=0x1) returned 1 [0104.733] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0104.733] SetEvent (hEvent=0x120) returned 1 [0104.733] SetEvent (hEvent=0xb8) returned 1 [0104.733] VirtualAlloc (lpAddress=0xc0003b4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003b4000 [0104.735] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.746] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.751] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.751] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.752] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.752] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0104.752] SetEvent (hEvent=0xc0) returned 1 [0104.752] SetEvent (hEvent=0xb8) returned 1 [0104.752] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.753] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.753] VirtualAlloc (lpAddress=0xc0003bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003bc000 [0104.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0104.754] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000181cf4 | out: lpMode=0xc000181cf4) returned 0 [0104.755] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.759] GetFileType (hFile=0x1b4) returned 0x1 [0104.759] GetFileType (hFile=0x1b4) returned 0x1 [0104.759] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000181d44 | out: lpFileInformation=0xc000181d44) returned 1 [0104.759] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000181d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000181d28) returned 1 [0104.759] VirtualAlloc (lpAddress=0xc0003be000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003be000 [0104.760] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0003be000, nNumberOfBytesToRead=0x3aa8, lpNumberOfBytesRead=0xc000181c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003be000*, lpNumberOfBytesRead=0xc000181c04*=0x38a8, lpOverlapped=0x0) returned 1 [0104.763] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0003c18a8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000181c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003c18a8*, lpNumberOfBytesRead=0xc000181c04*=0x0, lpOverlapped=0x0) returned 1 [0104.763] CloseHandle (hObject=0x1b4) returned 1 [0104.763] VirtualAlloc (lpAddress=0xc00031c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031c000 [0104.764] VirtualAlloc (lpAddress=0xc000320000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000320000 [0104.764] VirtualAlloc (lpAddress=0xc000322000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000322000 [0104.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0104.765] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000181d04 | out: lpMode=0xc000181d04) returned 0 [0104.766] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.776] SetEvent (hEvent=0x9c) returned 1 [0104.776] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.780] VirtualFree (lpAddress=0xc0003be000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.780] VirtualFree (lpAddress=0xc0003b4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.781] VirtualFree (lpAddress=0xc0003ac000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.781] VirtualFree (lpAddress=0xc000320000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.781] VirtualFree (lpAddress=0xc00031a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.781] VirtualFree (lpAddress=0xc0002e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.781] VirtualFree (lpAddress=0xc000266000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.782] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.782] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.782] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0104.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e0 [0104.783] GetConsoleMode (in: hConsoleHandle=0x1e0, lpMode=0xc00022dcf4 | out: lpMode=0xc00022dcf4) returned 0 [0104.789] GetFileType (hFile=0x1e0) returned 0x1 [0104.789] GetFileType (hFile=0x1e0) returned 0x1 [0104.789] GetFileInformationByHandle (in: hFile=0x1e0, lpFileInformation=0xc00022dd44 | out: lpFileInformation=0xc00022dd44) returned 1 [0104.789] GetFileInformationByHandleEx (in: hFile=0x1e0, FileInformationClass=0x9, lpFileInformation=0xc00022dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022dd28) returned 1 [0104.789] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.789] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.790] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.790] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.790] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.790] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0104.790] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x2a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0104.793] ReadFile (in: hFile=0x1e0, lpBuffer=0xc0003fe000, nNumberOfBytesToRead=0x2b4e9, lpNumberOfBytesRead=0xc00022dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesRead=0xc00022dc04*=0x2b2e9, lpOverlapped=0x0) returned 1 [0104.803] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.810] ReadFile (in: hFile=0x1e0, lpBuffer=0xc0004292e9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004292e9*, lpNumberOfBytesRead=0xc00022dc04*=0x0, lpOverlapped=0x0) returned 1 [0104.810] CloseHandle (hObject=0x1e0) returned 1 [0104.810] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0104.810] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0104.811] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0104.811] VirtualAlloc (lpAddress=0xc00042a000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00042a000 [0104.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0104.817] GetConsoleMode (in: hConsoleHandle=0x1e0, lpMode=0xc00022dd04 | out: lpMode=0xc00022dd04) returned 0 [0104.821] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.831] GetFileType (hFile=0x1e0) returned 0x1 [0104.831] WriteFile (in: hFile=0x1e0, lpBuffer=0xc00042a000*, nNumberOfBytesToWrite=0x2b2f0, lpNumberOfBytesWritten=0xc00022dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00042a000*, lpNumberOfBytesWritten=0xc00022dcec*=0x2b2f0, lpOverlapped=0x0) returned 1 [0104.835] CloseHandle (hObject=0x1e0) returned 1 [0104.835] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0104.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0104.836] GetConsoleMode (in: hConsoleHandle=0x1e0, lpMode=0xc00022dd64 | out: lpMode=0xc00022dd64) returned 0 [0104.843] GetFileType (hFile=0x1e0) returned 0x1 [0104.843] WriteFile (in: hFile=0x1e0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00022dd4c*=0x158, lpOverlapped=0x0) returned 1 [0104.843] CloseHandle (hObject=0x1e0) returned 1 [0104.843] VirtualAlloc (lpAddress=0xc000332000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000332000 [0104.844] VirtualAlloc (lpAddress=0xc000334000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000334000 [0104.844] VirtualAlloc (lpAddress=0xc000336000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000336000 [0104.844] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\google profile.ico"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Google Profile.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-google profile.ico"), dwFlags=0x1) returned 1 [0104.845] SwitchToThread () returned 1 [0104.847] SetEvent (hEvent=0xf4) returned 1 [0104.847] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.849] SetEvent (hEvent=0xb8) returned 1 [0104.850] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.855] SetEvent (hEvent=0x164) returned 1 [0104.855] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.874] SetEvent (hEvent=0xf4) returned 1 [0104.874] SwitchToThread () returned 1 [0104.876] SetEvent (hEvent=0xf4) returned 1 [0104.876] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.878] SetEvent (hEvent=0xb8) returned 1 [0104.878] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.882] SetEvent (hEvent=0x9c) returned 1 [0104.882] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.927] SetEvent (hEvent=0xf4) returned 1 [0104.927] SetEvent (hEvent=0x9c) returned 1 [0104.927] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.931] SetEvent (hEvent=0xf4) returned 1 [0104.931] SetEvent (hEvent=0x108) returned 1 [0104.931] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.932] SetEvent (hEvent=0xf4) returned 1 [0104.932] SetEvent (hEvent=0x164) returned 1 [0104.932] SetEvent (hEvent=0xb8) returned 1 [0104.932] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.937] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.937] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.938] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.938] VirtualFree (lpAddress=0xc000054000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.938] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.939] SetEvent (hEvent=0x9c) returned 1 [0104.939] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.949] SetEvent (hEvent=0xb8) returned 1 [0104.949] SetEvent (hEvent=0x108) returned 1 [0104.949] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.956] SetEvent (hEvent=0xb8) returned 1 [0104.957] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.961] SetEvent (hEvent=0xf4) returned 1 [0104.961] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.961] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0104.961] SetEvent (hEvent=0x9c) returned 1 [0104.961] SetEvent (hEvent=0xf4) returned 1 [0104.961] SetEvent (hEvent=0x108) returned 1 [0104.962] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.967] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.967] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.972] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.973] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0104.973] SetEvent (hEvent=0x108) returned 1 [0104.973] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x184 [0104.974] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0104.974] GetFileType (hFile=0x184) returned 0x1 [0104.974] GetFileType (hFile=0x184) returned 0x1 [0104.975] GetFileInformationByHandle (in: hFile=0x184, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0104.975] GetFileInformationByHandleEx (in: hFile=0x184, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0104.975] VirtualAlloc (lpAddress=0xc00036e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036e000 [0104.975] ReadFile (in: hFile=0x184, lpBuffer=0xc00036e000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc00036e000*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0104.975] CloseHandle (hObject=0x184) returned 1 [0104.975] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0104.975] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0104.983] GetFileType (hFile=0x184) returned 0x1 [0104.983] WriteFile (in: hFile=0x184, lpBuffer=0xc0005863b0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005863b0*, lpNumberOfBytesWritten=0xc000241cec*=0x10, lpOverlapped=0x0) returned 1 [0104.985] CloseHandle (hObject=0x184) returned 1 [0104.985] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0104.985] VirtualAlloc (lpAddress=0xc000370000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000370000 [0104.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0104.986] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0104.987] GetFileType (hFile=0x184) returned 0x1 [0104.988] WriteFile (in: hFile=0x184, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.988] CloseHandle (hObject=0x184) returned 1 [0104.988] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\encry-chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\encry-chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage-journal"), dwFlags=0x1) returned 1 [0104.989] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0104.995] SetEvent (hEvent=0x164) returned 1 [0104.995] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.996] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0104.996] SetEvent (hEvent=0xc0) returned 1 [0104.996] SetEvent (hEvent=0xf4) returned 1 [0104.996] SetEvent (hEvent=0x164) returned 1 [0104.996] SetEvent (hEvent=0x120) returned 1 [0104.997] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.002] SetEvent (hEvent=0x120) returned 1 [0105.002] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.011] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.011] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0105.011] SetEvent (hEvent=0xc0) returned 1 [0105.012] SetEvent (hEvent=0x120) returned 1 [0105.012] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.025] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.025] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0105.025] SetEvent (hEvent=0x120) returned 1 [0105.025] SetEvent (hEvent=0xb8) returned 1 [0105.025] VirtualAlloc (lpAddress=0xc000372000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000372000 [0105.027] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.192] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.196] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.196] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.197] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0105.197] SetEvent (hEvent=0xc0) returned 1 [0105.197] SetEvent (hEvent=0x108) returned 1 [0105.197] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0105.198] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000115cf4 | out: lpMode=0xc000115cf4) returned 0 [0105.198] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.205] SetEvent (hEvent=0x120) returned 1 [0105.205] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.210] SetEvent (hEvent=0x9c) returned 1 [0105.210] VirtualAlloc (lpAddress=0xc00037a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037a000 [0105.211] VirtualAlloc (lpAddress=0xc00037c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037c000 [0105.211] VirtualAlloc (lpAddress=0xc00037e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037e000 [0105.211] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0105.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1c0 [0105.212] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0xc00023fcf4 | out: lpMode=0xc00023fcf4) returned 0 [0105.224] GetFileType (hFile=0x1c0) returned 0x1 [0105.224] GetFileType (hFile=0x1c0) returned 0x1 [0105.224] GetFileInformationByHandle (in: hFile=0x1c0, lpFileInformation=0xc00023fd44 | out: lpFileInformation=0xc00023fd44) returned 1 [0105.224] GetFileInformationByHandleEx (in: hFile=0x1c0, FileInformationClass=0x9, lpFileInformation=0xc00023fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023fd28) returned 1 [0105.224] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0105.225] ReadFile (in: hFile=0x1c0, lpBuffer=0xc000124000, nNumberOfBytesToRead=0x3e00, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesRead=0xc00023fc04*=0x3c00, lpOverlapped=0x0) returned 1 [0105.238] ReadFile (in: hFile=0x1c0, lpBuffer=0xc000127c00, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000127c00*, lpNumberOfBytesRead=0xc00023fc04*=0x0, lpOverlapped=0x0) returned 1 [0105.238] CloseHandle (hObject=0x1c0) returned 1 [0105.238] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0105.239] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0105.239] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0105.240] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0105.241] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0xc00023fd04 | out: lpMode=0xc00023fd04) returned 0 [0105.245] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.254] GetFileType (hFile=0x1c0) returned 0x1 [0105.254] WriteFile (in: hFile=0x1c0, lpBuffer=0xc00028c000*, nNumberOfBytesToWrite=0x3c10, lpNumberOfBytesWritten=0xc00023fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesWritten=0xc00023fcec*=0x3c10, lpOverlapped=0x0) returned 1 [0105.255] CloseHandle (hObject=0x1c0) returned 1 [0105.255] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0105.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0105.255] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0xc00023fd64 | out: lpMode=0xc00023fd64) returned 0 [0105.260] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.277] SetEvent (hEvent=0xc0) returned 1 [0105.277] SetEvent (hEvent=0x108) returned 1 [0105.277] GetFileType (hFile=0x1c0) returned 0x1 [0105.277] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.283] SetEvent (hEvent=0x108) returned 1 [0105.283] WriteFile (in: hFile=0x1c0, lpBuffer=0xc0000fa160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa160*, lpNumberOfBytesWritten=0xc00023fd4c*=0x158, lpOverlapped=0x0) returned 1 [0105.283] CloseHandle (hObject=0x1c0) returned 1 [0105.283] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0105.284] VirtualAlloc (lpAddress=0xc000268000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000268000 [0105.284] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\quotamanager"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-QuotaManager" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-quotamanager"), dwFlags=0x1) returned 1 [0105.285] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.295] SetEvent (hEvent=0x108) returned 1 [0105.295] SetEvent (hEvent=0x9c) returned 1 [0105.296] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1c0 [0105.296] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0xc0002d1cf4 | out: lpMode=0xc0002d1cf4) returned 0 [0105.297] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.300] SetEvent (hEvent=0x108) returned 1 [0105.300] GetFileType (hFile=0x1c0) returned 0x1 [0105.300] GetFileType (hFile=0x1c0) returned 0x1 [0105.301] GetFileInformationByHandle (in: hFile=0x1c0, lpFileInformation=0xc0002d1d44 | out: lpFileInformation=0xc0002d1d44) returned 1 [0105.301] GetFileInformationByHandleEx (in: hFile=0x1c0, FileInformationClass=0x9, lpFileInformation=0xc0002d1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d1d28) returned 1 [0105.301] ReadFile (in: hFile=0x1c0, lpBuffer=0xc0000dc240, nNumberOfBytesToRead=0x210, lpNumberOfBytesRead=0xc0002d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc240*, lpNumberOfBytesRead=0xc0002d1c04*=0x10, lpOverlapped=0x0) returned 1 [0105.302] ReadFile (in: hFile=0x1c0, lpBuffer=0xc0000dc250, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc250*, lpNumberOfBytesRead=0xc0002d1c04*=0x0, lpOverlapped=0x0) returned 1 [0105.302] CloseHandle (hObject=0x1c0) returned 1 [0105.302] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0105.303] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0105.303] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0105.304] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0xc0002d1d04 | out: lpMode=0xc0002d1d04) returned 0 [0105.305] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.314] GetFileType (hFile=0x1c0) returned 0x1 [0105.314] WriteFile (in: hFile=0x1c0, lpBuffer=0xc00000e280*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xc0002d1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00000e280*, lpNumberOfBytesWritten=0xc0002d1cec*=0x20, lpOverlapped=0x0) returned 1 [0105.315] CloseHandle (hObject=0x1c0) returned 1 [0105.315] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0105.316] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0105.316] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0105.316] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0105.317] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0xc0002d1d64 | out: lpMode=0xc0002d1d64) returned 0 [0105.325] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.330] GetFileType (hFile=0x1c0) returned 0x1 [0105.330] WriteFile (in: hFile=0x1c0, lpBuffer=0xc00016a420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a420*, lpNumberOfBytesWritten=0xc0002d1d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.330] CloseHandle (hObject=0x1c0) returned 1 [0105.331] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\current"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\encry-CURRENT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\encry-current"), dwFlags=0x1) returned 1 [0105.332] SwitchToThread () returned 1 [0105.333] SetEvent (hEvent=0x9c) returned 1 [0105.333] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.334] SetEvent (hEvent=0x9c) returned 1 [0105.334] SetEvent (hEvent=0x120) returned 1 [0105.334] SetEvent (hEvent=0xb8) returned 1 [0105.334] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.348] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0105.349] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0105.349] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0105.349] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0105.350] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lock"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1c0 [0105.350] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0xc000035cf4 | out: lpMode=0xc000035cf4) returned 0 [0105.369] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.374] GetFileType (hFile=0x1c0) returned 0x1 [0105.374] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0105.374] GetFileType (hFile=0x1c0) returned 0x1 [0105.374] GetFileInformationByHandle (in: hFile=0x1c0, lpFileInformation=0xc000035d44 | out: lpFileInformation=0xc000035d44) returned 1 [0105.374] GetFileInformationByHandleEx (in: hFile=0x1c0, FileInformationClass=0x9, lpFileInformation=0xc000035d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000035d28) returned 1 [0105.374] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0105.375] ReadFile (in: hFile=0x1c0, lpBuffer=0xc0001c2000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000035c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c2000*, lpNumberOfBytesRead=0xc000035c04*=0x0, lpOverlapped=0x0) returned 1 [0105.375] CloseHandle (hObject=0x1c0) returned 1 [0105.375] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0105.375] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0105.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lock"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0105.376] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0xc000035d04 | out: lpMode=0xc000035d04) returned 0 [0105.378] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.382] GetFileType (hFile=0x1c0) returned 0x1 [0105.382] WriteFile (in: hFile=0x1c0, lpBuffer=0xc000586410*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000035cec, lpOverlapped=0x0 | out: lpBuffer=0xc000586410*, lpNumberOfBytesWritten=0xc000035cec*=0x10, lpOverlapped=0x0) returned 1 [0105.383] CloseHandle (hObject=0x1c0) returned 1 [0105.384] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0105.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lock"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0105.384] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0xc000035d64 | out: lpMode=0xc000035d64) returned 0 [0105.388] GetFileType (hFile=0x1c0) returned 0x1 [0105.388] WriteFile (in: hFile=0x1c0, lpBuffer=0xc00016a420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000035d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a420*, lpNumberOfBytesWritten=0xc000035d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.389] CloseHandle (hObject=0x1c0) returned 1 [0105.389] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\encry-LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\encry-lock"), dwFlags=0x1) returned 1 [0105.389] SetEvent (hEvent=0x164) returned 1 [0105.389] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.392] SetEvent (hEvent=0x108) returned 1 [0105.392] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.397] SetEvent (hEvent=0xf4) returned 1 [0105.397] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.668] SetEvent (hEvent=0xf4) returned 1 [0105.668] SetEvent (hEvent=0x108) returned 1 [0105.668] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.696] SetEvent (hEvent=0x120) returned 1 [0105.696] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0105.706] SetEvent (hEvent=0x108) returned 1 [0105.706] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.129] SetEvent (hEvent=0x164) returned 1 [0106.129] SetEvent (hEvent=0xf4) returned 1 [0106.129] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.146] SetEvent (hEvent=0xf4) returned 1 [0106.146] SetEvent (hEvent=0x120) returned 1 [0106.146] SetEvent (hEvent=0x108) returned 1 [0106.146] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.253] SetEvent (hEvent=0x120) returned 1 [0106.254] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.314] SetEvent (hEvent=0x164) returned 1 [0106.314] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.330] SetEvent (hEvent=0x164) returned 1 [0106.330] SetEvent (hEvent=0x9c) returned 1 [0106.330] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0106.331] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0106.331] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0106.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0106.332] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00018dcf4 | out: lpMode=0xc00018dcf4) returned 0 [0106.340] GetFileType (hFile=0x1b4) returned 0x1 [0106.340] GetFileType (hFile=0x1b4) returned 0x1 [0106.340] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc00018dd44 | out: lpFileInformation=0xc00018dd44) returned 1 [0106.341] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc00018dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018dd28) returned 1 [0106.341] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0106.341] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000fc000, nNumberOfBytesToRead=0xe26, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc000*, lpNumberOfBytesRead=0xc00018dc04*=0xc26, lpOverlapped=0x0) returned 1 [0106.349] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000fcc26, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fcc26*, lpNumberOfBytesRead=0xc00018dc04*=0x0, lpOverlapped=0x0) returned 1 [0106.349] CloseHandle (hObject=0x1b4) returned 1 [0106.349] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0106.350] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0106.350] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0106.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0106.351] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00018dd04 | out: lpMode=0xc00018dd04) returned 0 [0106.357] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.362] SetEvent (hEvent=0x164) returned 1 [0106.362] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.363] SetEvent (hEvent=0x164) returned 1 [0106.363] SetEvent (hEvent=0x108) returned 1 [0106.363] SetEvent (hEvent=0x120) returned 1 [0106.363] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.366] SetEvent (hEvent=0x108) returned 1 [0106.366] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.368] VirtualFree (lpAddress=0xc000400000, dwSize=0x3c000, dwFreeType=0x4000) returned 1 [0106.369] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.370] VirtualFree (lpAddress=0xc00037e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.370] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x3e000, dwFreeType=0x4000) returned 1 [0106.372] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.372] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.372] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.372] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0106.373] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.373] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.373] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.374] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.374] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.374] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.374] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.375] SetEvent (hEvent=0x120) returned 1 [0106.375] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.415] SetEvent (hEvent=0x108) returned 1 [0106.416] SwitchToThread () returned 1 [0106.421] SetEvent (hEvent=0x108) returned 1 [0106.421] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.453] SetEvent (hEvent=0x108) returned 1 [0106.453] SetEvent (hEvent=0x120) returned 1 [0106.453] GetFileType (hFile=0x1b0) returned 0x1 [0106.453] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000382000*, nNumberOfBytesToWrite=0x111f0, lpNumberOfBytesWritten=0xc00020dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000382000*, lpNumberOfBytesWritten=0xc00020dcec*=0x111f0, lpOverlapped=0x0) returned 1 [0106.456] CloseHandle (hObject=0x1b0) returned 1 [0106.456] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0106.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0106.456] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00020dd64 | out: lpMode=0xc00020dd64) returned 0 [0106.461] GetFileType (hFile=0x1b0) returned 0x1 [0106.461] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc00020dd4c*=0x158, lpOverlapped=0x0) returned 1 [0106.461] CloseHandle (hObject=0x1b0) returned 1 [0106.461] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0106.462] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0106.462] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-cast_route_details.html"), dwFlags=0x1) returned 1 [0106.463] SwitchToThread () returned 1 [0106.470] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0106.471] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0106.471] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0106.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\origin bound certs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0106.472] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00020bcf4 | out: lpMode=0xc00020bcf4) returned 0 [0106.480] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.483] SetEvent (hEvent=0x120) returned 1 [0106.483] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.485] SetEvent (hEvent=0x108) returned 1 [0106.485] SetEvent (hEvent=0x114) returned 1 [0106.485] VirtualFree (lpAddress=0xc000382000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0106.486] VirtualFree (lpAddress=0xc00030c000, dwSize=0x2a000, dwFreeType=0x4000) returned 1 [0106.488] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0106.488] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0106.489] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.489] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.489] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.489] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0106.490] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.490] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.490] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.490] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.490] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.491] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.491] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.491] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.491] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.491] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.492] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.492] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.492] GetFileType (hFile=0x1ac) returned 0x1 [0106.492] WriteFile (in: hFile=0x1ac, lpBuffer=0xc0000a0640*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc00022fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a0640*, lpNumberOfBytesWritten=0xc00022fcec*=0x10, lpOverlapped=0x0) returned 1 [0106.493] CloseHandle (hObject=0x1ac) returned 1 [0106.493] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0106.494] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0106.494] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0106.494] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a059.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0106.495] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0xc00022fd64 | out: lpMode=0xc00022fd64) returned 0 [0106.498] GetFileType (hFile=0x1ac) returned 0x1 [0106.498] WriteFile (in: hFile=0x1ac, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00022fd4c*=0x158, lpOverlapped=0x0) returned 1 [0106.499] CloseHandle (hObject=0x1ac) returned 1 [0106.499] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0106.499] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0106.499] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\A059.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\a059.tmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\encry-A059.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\jumplisticons\\encry-a059.tmp"), dwFlags=0x1) returned 1 [0106.500] GetFileType (hFile=0x128) returned 0x1 [0106.500] GetFileType (hFile=0x128) returned 0x1 [0106.500] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000115d44 | out: lpFileInformation=0xc000115d44) returned 1 [0106.500] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000115d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000115d28) returned 1 [0106.500] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0106.501] ReadFile (in: hFile=0x128, lpBuffer=0xc000056000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesRead=0xc000115c04*=0x0, lpOverlapped=0x0) returned 1 [0106.501] CloseHandle (hObject=0x128) returned 1 [0106.501] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0106.501] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0106.502] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000115d04 | out: lpMode=0xc000115d04) returned 0 [0106.507] GetFileType (hFile=0x128) returned 0x1 [0106.507] WriteFile (in: hFile=0x128, lpBuffer=0xc000010400*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000115cec, lpOverlapped=0x0 | out: lpBuffer=0xc000010400*, lpNumberOfBytesWritten=0xc000115cec*=0x10, lpOverlapped=0x0) returned 1 [0106.508] CloseHandle (hObject=0x128) returned 1 [0106.508] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0106.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0106.508] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000115d64 | out: lpMode=0xc000115d64) returned 0 [0106.509] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.515] SetEvent (hEvent=0x108) returned 1 [0106.515] GetFileType (hFile=0x128) returned 0x1 [0106.515] WriteFile (in: hFile=0x128, lpBuffer=0xc000120160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000115d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000120160*, lpNumberOfBytesWritten=0xc000115d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.515] CloseHandle (hObject=0x128) returned 1 [0106.515] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0106.515] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\encry-000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\encry-000003.log"), dwFlags=0x1) returned 1 [0106.516] SwitchToThread () returned 1 [0106.611] SwitchToThread () returned 1 [0106.612] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.613] SetEvent (hEvent=0x108) returned 1 [0106.613] SetEvent (hEvent=0x164) returned 1 [0106.613] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0106.613] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.614] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.614] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.614] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.615] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.615] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.615] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.615] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.616] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.616] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.616] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.616] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.617] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.617] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.617] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.618] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0106.619] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0002a3cf4 | out: lpMode=0xc0002a3cf4) returned 0 [0106.620] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.622] GetFileType (hFile=0x180) returned 0x1 [0106.622] GetFileType (hFile=0x180) returned 0x1 [0106.622] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc0002a3d44 | out: lpFileInformation=0xc0002a3d44) returned 1 [0106.622] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc0002a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a3d28) returned 1 [0106.623] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0106.623] ReadFile (in: hFile=0x180, lpBuffer=0xc000072000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfBytesRead=0xc0002a3c04*=0x0, lpOverlapped=0x0) returned 1 [0106.623] CloseHandle (hObject=0x180) returned 1 [0106.623] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0106.624] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0106.625] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0002a3d04 | out: lpMode=0xc0002a3d04) returned 0 [0106.625] GetFileType (hFile=0x180) returned 0x1 [0106.625] WriteFile (in: hFile=0x180, lpBuffer=0xc000010550*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0002a3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000010550*, lpNumberOfBytesWritten=0xc0002a3cec*=0x10, lpOverlapped=0x0) returned 1 [0106.627] CloseHandle (hObject=0x180) returned 1 [0106.627] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0106.627] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0106.627] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0002a3d64 | out: lpMode=0xc0002a3d64) returned 0 [0106.627] GetFileType (hFile=0x180) returned 0x1 [0106.627] WriteFile (in: hFile=0x180, lpBuffer=0xc000076000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000076000*, lpNumberOfBytesWritten=0xc0002a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.628] CloseHandle (hObject=0x180) returned 1 [0106.628] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0106.628] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0106.629] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0106.629] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0106.629] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Web Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-web data-journal"), dwFlags=0x1) returned 1 [0106.631] VirtualFree (lpAddress=0xc0002b4000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0106.632] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.632] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.633] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.633] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.633] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.633] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.634] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.634] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0106.634] GetFileType (hFile=0x1e4) returned 0x1 [0106.634] GetFileType (hFile=0x1e4) returned 0x1 [0106.634] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc0002cdd44 | out: lpFileInformation=0xc0002cdd44) returned 1 [0106.634] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc0002cdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002cdd28) returned 1 [0106.634] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0106.635] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x2c3, lpNumberOfBytesRead=0xc0002cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc0002cdc04*=0xc3, lpOverlapped=0x0) returned 1 [0106.636] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00004c0c3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c0c3*, lpNumberOfBytesRead=0xc0002cdc04*=0x0, lpOverlapped=0x0) returned 1 [0106.636] CloseHandle (hObject=0x1e4) returned 1 [0106.636] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0106.636] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0106.637] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0106.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0106.638] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0002cdd04 | out: lpMode=0xc0002cdd04) returned 0 [0106.643] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.645] GetFileType (hFile=0x1e4) returned 0x1 [0106.645] WriteFile (in: hFile=0x1e4, lpBuffer=0xc00016c0d0*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc0002cdcec, lpOverlapped=0x0 | out: lpBuffer=0xc00016c0d0*, lpNumberOfBytesWritten=0xc0002cdcec*=0xd0, lpOverlapped=0x0) returned 1 [0106.646] CloseHandle (hObject=0x1e4) returned 1 [0106.646] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0106.646] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0106.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0106.647] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0002cdd64 | out: lpMode=0xc0002cdd64) returned 0 [0106.648] GetFileType (hFile=0x1e4) returned 0x1 [0106.648] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0106.648] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0106.649] WriteFile (in: hFile=0x1e4, lpBuffer=0xc000094000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002cdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesWritten=0xc0002cdd4c*=0x158, lpOverlapped=0x0) returned 1 [0106.649] CloseHandle (hObject=0x1e4) returned 1 [0106.649] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0106.649] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0106.649] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0106.650] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\encry-LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\encry-log"), dwFlags=0x1) returned 1 [0106.658] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.664] SetEvent (hEvent=0x108) returned 1 [0106.664] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.665] SetEvent (hEvent=0x114) returned 1 [0106.665] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.669] SetEvent (hEvent=0x120) returned 1 [0106.669] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.681] SetEvent (hEvent=0x108) returned 1 [0106.681] SetEvent (hEvent=0x120) returned 1 [0106.681] SetEvent (hEvent=0x164) returned 1 [0106.681] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.690] SetEvent (hEvent=0x108) returned 1 [0106.690] SetEvent (hEvent=0x114) returned 1 [0106.690] SetEvent (hEvent=0x164) returned 1 [0106.690] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.694] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.703] SetEvent (hEvent=0x108) returned 1 [0106.703] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0106.703] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.703] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.703] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.704] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.704] GetFileType (hFile=0xec) returned 0x1 [0106.704] GetFileType (hFile=0xec) returned 0x1 [0106.704] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000295d44 | out: lpFileInformation=0xc000295d44) returned 1 [0106.704] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000295d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000295d28) returned 1 [0106.704] VirtualAlloc (lpAddress=0xc0002ac000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ac000 [0106.705] ReadFile (in: hFile=0xec, lpBuffer=0xc0002ac000, nNumberOfBytesToRead=0x7200, lpNumberOfBytesRead=0xc000295c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ac000*, lpNumberOfBytesRead=0xc000295c04*=0x7000, lpOverlapped=0x0) returned 1 [0106.715] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.718] ReadFile (in: hFile=0xec, lpBuffer=0xc0002b3000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000295c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b3000*, lpNumberOfBytesRead=0xc000295c04*=0x0, lpOverlapped=0x0) returned 1 [0106.718] CloseHandle (hObject=0xec) returned 1 [0106.718] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0106.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0106.720] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000295d04 | out: lpMode=0xc000295d04) returned 0 [0106.720] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.735] GetFileType (hFile=0xec) returned 0x1 [0106.735] WriteFile (in: hFile=0xec, lpBuffer=0xc0002bc000*, nNumberOfBytesToWrite=0x7010, lpNumberOfBytesWritten=0xc000295cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002bc000*, lpNumberOfBytesWritten=0xc000295cec*=0x7010, lpOverlapped=0x0) returned 1 [0106.736] CloseHandle (hObject=0xec) returned 1 [0106.737] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0106.737] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0106.737] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0106.738] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0106.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0106.738] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000295d64 | out: lpMode=0xc000295d64) returned 0 [0106.744] GetFileType (hFile=0xec) returned 0x1 [0106.744] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000295d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000295d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.744] CloseHandle (hObject=0xec) returned 1 [0106.744] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0106.744] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0106.745] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0106.745] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\encry-MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\encry-msnbc news~.feed-ms"), dwFlags=0x1) returned 1 [0106.746] SetEvent (hEvent=0x164) returned 1 [0106.746] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.758] SetEvent (hEvent=0x164) returned 1 [0106.758] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.765] SetEvent (hEvent=0x164) returned 1 [0106.766] SetEvent (hEvent=0x120) returned 1 [0106.766] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.766] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.766] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0106.766] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.767] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.767] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.767] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.767] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.768] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0106.769] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0106.770] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0106.771] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0106.778] GetFileType (hFile=0xec) returned 0x1 [0106.778] WriteFile (in: hFile=0xec, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x1a10, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc0006e1cec*=0x1a10, lpOverlapped=0x0) returned 1 [0106.779] CloseHandle (hObject=0xec) returned 1 [0106.779] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0106.779] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0106.780] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0106.780] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0106.784] GetFileType (hFile=0xec) returned 0x1 [0106.784] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.784] CloseHandle (hObject=0xec) returned 1 [0106.784] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\feedsstore.feedsdb-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\encry-FeedsStore.feedsdb-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\encry-feedsstore.feedsdb-ms"), dwFlags=0x1) returned 1 [0106.786] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.788] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0106.788] SetEvent (hEvent=0xc0) returned 1 [0106.788] SetEvent (hEvent=0x114) returned 1 [0106.788] SetEvent (hEvent=0xf4) returned 1 [0106.788] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0106.789] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.791] SetEvent (hEvent=0xf4) returned 1 [0106.791] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.796] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.796] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0106.796] SetEvent (hEvent=0x120) returned 1 [0106.796] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.797] GetFileType (hFile=0x1e4) returned 0x1 [0106.797] GetFileType (hFile=0x1e4) returned 0x1 [0106.797] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc00011bd44 | out: lpFileInformation=0xc00011bd44) returned 1 [0106.797] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc00011bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00011bd28) returned 1 [0106.797] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0000fc000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc000*, lpNumberOfBytesRead=0xc00011bc04*=0x0, lpOverlapped=0x0) returned 1 [0106.797] CloseHandle (hObject=0x1e4) returned 1 [0106.797] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts-journal"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0106.797] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00011bd04 | out: lpMode=0xc00011bd04) returned 0 [0106.798] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.805] SetEvent (hEvent=0x114) returned 1 [0106.805] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.810] SetEvent (hEvent=0x114) returned 1 [0106.810] SetEvent (hEvent=0x9c) returned 1 [0106.810] SwitchToThread () returned 1 [0106.812] SetEvent (hEvent=0x114) returned 1 [0106.812] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.813] SetEvent (hEvent=0x164) returned 1 [0106.813] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.816] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.817] SetEvent (hEvent=0x114) returned 1 [0106.817] SetEvent (hEvent=0x164) returned 1 [0106.817] VirtualFree (lpAddress=0xc0002a4000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0106.817] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.818] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.818] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.818] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.818] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.818] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.819] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.819] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.819] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.819] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.819] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0106.820] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0106.820] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0001b3cf4 | out: lpMode=0xc0001b3cf4) returned 0 [0106.821] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.823] GetFileType (hFile=0x1d4) returned 0x1 [0106.823] GetFileType (hFile=0x1d4) returned 0x1 [0106.823] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc0001b3d44 | out: lpFileInformation=0xc0001b3d44) returned 1 [0106.823] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc0001b3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b3d28) returned 1 [0106.823] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0106.824] ReadFile (in: hFile=0x1d4, lpBuffer=0xc000072000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfBytesRead=0xc0001b3c04*=0x0, lpOverlapped=0x0) returned 1 [0106.824] CloseHandle (hObject=0x1d4) returned 1 [0106.824] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0106.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0106.824] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0001b3d04 | out: lpMode=0xc0001b3d04) returned 0 [0106.825] GetFileType (hFile=0x1d4) returned 0x1 [0106.825] WriteFile (in: hFile=0x1d4, lpBuffer=0xc000010430*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0001b3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000010430*, lpNumberOfBytesWritten=0xc0001b3cec*=0x10, lpOverlapped=0x0) returned 1 [0106.826] CloseHandle (hObject=0x1d4) returned 1 [0106.826] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0106.827] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0106.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0106.827] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0001b3d64 | out: lpMode=0xc0001b3d64) returned 0 [0106.831] GetFileType (hFile=0x1d4) returned 0x1 [0106.831] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001b3d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.831] CloseHandle (hObject=0x1d4) returned 1 [0106.831] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\fwlink[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\6ASVN7J7\\encry-fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\6asvn7j7\\encry-fwlink[1]"), dwFlags=0x1) returned 1 [0106.832] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.833] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0106.833] SetEvent (hEvent=0xc0) returned 1 [0106.833] SetEvent (hEvent=0x9c) returned 1 [0106.833] SetEvent (hEvent=0x108) returned 1 [0106.834] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.836] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.843] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0106.843] SetEvent (hEvent=0x114) returned 1 [0106.843] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.850] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.850] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.851] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0106.851] SetEvent (hEvent=0x114) returned 1 [0106.851] SetEvent (hEvent=0x9c) returned 1 [0106.852] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.856] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.856] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0106.856] SetEvent (hEvent=0x9c) returned 1 [0106.856] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.867] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.867] GetFileType (hFile=0x1e4) returned 0x1 [0106.867] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000103d0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc00011bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000103d0*, lpNumberOfBytesWritten=0xc00011bcec*=0x10, lpOverlapped=0x0) returned 1 [0106.868] CloseHandle (hObject=0x1e4) returned 1 [0106.868] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0106.868] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0106.869] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0106.869] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0106.870] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0106.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts-journal"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0106.870] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00011bd64 | out: lpMode=0xc00011bd64) returned 0 [0106.878] GetFileType (hFile=0x1e4) returned 0x1 [0106.878] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00011bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00011bd4c*=0x158, lpOverlapped=0x0) returned 1 [0106.878] CloseHandle (hObject=0x1e4) returned 1 [0106.878] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0106.879] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0106.879] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0106.879] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Shortcuts-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-shortcuts-journal"), dwFlags=0x1) returned 1 [0106.880] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0106.880] SetEvent (hEvent=0x108) returned 1 [0106.880] SetEvent (hEvent=0x120) returned 1 [0106.882] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.891] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0106.892] SetEvent (hEvent=0x108) returned 1 [0106.892] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.988] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.001] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.002] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.002] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0107.002] SetEvent (hEvent=0xc0) returned 1 [0107.002] SetEvent (hEvent=0x114) returned 1 [0107.002] SetEvent (hEvent=0x108) returned 1 [0107.002] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.010] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0107.011] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0107.020] GetFileType (hFile=0x180) returned 0x1 [0107.020] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0107.020] GetFileType (hFile=0x180) returned 0x1 [0107.020] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0107.020] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0107.020] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0107.021] VirtualAlloc (lpAddress=0xc000306000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000306000 [0107.022] ReadFile (in: hFile=0x180, lpBuffer=0xc000306000, nNumberOfBytesToRead=0x8200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc000306000*, lpNumberOfBytesRead=0xc000247c04*=0x8000, lpOverlapped=0x0) returned 1 [0107.023] ReadFile (in: hFile=0x180, lpBuffer=0xc00030e000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030e000*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0107.023] CloseHandle (hObject=0x180) returned 1 [0107.023] VirtualAlloc (lpAddress=0xc000310000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000310000 [0107.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0107.026] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat\\*", lpFindFileData=0xc000247a08 | out: lpFindFileData=0xc000247a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0107.027] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000247720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0107.027] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0107.027] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001fbcf4 | out: lpMode=0xc0001fbcf4) returned 0 [0107.031] GetFileType (hFile=0x180) returned 0x1 [0107.031] GetFileType (hFile=0x180) returned 0x1 [0107.031] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc0001fbd44 | out: lpFileInformation=0xc0001fbd44) returned 1 [0107.031] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc0001fbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fbd28) returned 1 [0107.031] ReadFile (in: hFile=0x180, lpBuffer=0xc000124000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesRead=0xc0001fbc04*=0x0, lpOverlapped=0x0) returned 1 [0107.031] CloseHandle (hObject=0x180) returned 1 [0107.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0107.032] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001fbd04 | out: lpMode=0xc0001fbd04) returned 0 [0107.036] GetFileType (hFile=0x180) returned 0x1 [0107.037] WriteFile (in: hFile=0x180, lpBuffer=0xc0001023a0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0001fbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001023a0*, lpNumberOfBytesWritten=0xc0001fbcec*=0x10, lpOverlapped=0x0) returned 1 [0107.038] CloseHandle (hObject=0x180) returned 1 [0107.038] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0107.038] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0107.038] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001fbd64 | out: lpMode=0xc0001fbd64) returned 0 [0107.045] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.048] GetFileType (hFile=0x180) returned 0x1 [0107.048] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0001fbd4c*=0x158, lpOverlapped=0x0) returned 1 [0107.049] CloseHandle (hObject=0x180) returned 1 [0107.049] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0107.049] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\fwlink[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\encry-fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\encry-fwlink[1]"), dwFlags=0x1) returned 1 [0107.050] SetEvent (hEvent=0x164) returned 1 [0107.050] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.055] VirtualFree (lpAddress=0xc000300000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0107.056] VirtualFree (lpAddress=0xc0002e4000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0107.057] VirtualFree (lpAddress=0xc0002c6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.057] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x1e000, dwFreeType=0x4000) returned 1 [0107.058] VirtualFree (lpAddress=0xc00028e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.058] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.058] VirtualFree (lpAddress=0xc00025e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.058] VirtualFree (lpAddress=0xc00025a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.059] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.059] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0107.059] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.060] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.060] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0107.060] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.061] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.061] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.061] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.061] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.061] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.062] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.062] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.062] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.062] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.062] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.063] SetEvent (hEvent=0x120) returned 1 [0107.063] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.163] SetEvent (hEvent=0xb8) returned 1 [0107.163] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.173] SetEvent (hEvent=0xb8) returned 1 [0107.173] SwitchToThread () returned 1 [0107.174] SetEvent (hEvent=0xb8) returned 1 [0107.174] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.176] SetEvent (hEvent=0x120) returned 1 [0107.176] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.178] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.178] SetEvent (hEvent=0xb8) returned 1 [0107.179] SetEvent (hEvent=0x114) returned 1 [0107.179] VirtualFree (lpAddress=0xc0002fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.179] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.179] VirtualFree (lpAddress=0xc000222000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.179] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.179] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.180] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.180] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.180] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.180] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.181] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.181] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.181] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0107.181] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0107.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0107.182] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000151cf4 | out: lpMode=0xc000151cf4) returned 0 [0107.184] GetFileType (hFile=0x1b4) returned 0x1 [0107.185] GetFileType (hFile=0x1b4) returned 0x1 [0107.185] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000151d44 | out: lpFileInformation=0xc000151d44) returned 1 [0107.185] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000151d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000151d28) returned 1 [0107.185] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x106000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0107.203] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00058e000, nNumberOfBytesToRead=0x105200, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesRead=0xc000151c04*=0x105000, lpOverlapped=0x0) returned 1 [0107.232] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000693000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc000693000*, lpNumberOfBytesRead=0xc000151c04*=0x0, lpOverlapped=0x0) returned 1 [0107.233] CloseHandle (hObject=0x1b4) returned 1 [0107.233] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0107.233] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x106000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ea000 [0107.249] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0107.251] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000151d04 | out: lpMode=0xc000151d04) returned 0 [0107.258] GetFileType (hFile=0x1b4) returned 0x1 [0107.259] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0107.259] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0107.259] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0006ea000*, nNumberOfBytesToWrite=0x105010, lpNumberOfBytesWritten=0xc000151cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006ea000*, lpNumberOfBytesWritten=0xc000151cec*=0x105010, lpOverlapped=0x0) returned 1 [0107.278] CloseHandle (hObject=0x1b4) returned 1 [0107.278] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0107.279] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0107.279] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0107.279] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0107.279] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0107.280] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0107.280] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0107.280] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000151d64 | out: lpMode=0xc000151d64) returned 0 [0107.287] GetFileType (hFile=0x1b4) returned 0x1 [0107.287] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000942c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000151d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000942c0*, lpNumberOfBytesWritten=0xc000151d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.288] CloseHandle (hObject=0x1b4) returned 1 [0107.288] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0107.288] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0107.289] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\encry-CurrentDatabase_372.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\encry-currentdatabase_372.wmdb"), dwFlags=0x1) returned 1 [0107.290] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.291] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.291] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0107.291] SetEvent (hEvent=0xc0) returned 1 [0107.291] SetEvent (hEvent=0xf4) returned 1 [0107.291] SetEvent (hEvent=0x164) returned 1 [0107.291] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0107.293] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.295] SetEvent (hEvent=0x164) returned 1 [0107.295] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.304] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.304] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0107.304] SetEvent (hEvent=0x120) returned 1 [0107.304] SetEvent (hEvent=0xb8) returned 1 [0107.305] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0107.306] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00019bcf4 | out: lpMode=0xc00019bcf4) returned 0 [0107.307] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.332] SetEvent (hEvent=0xc0) returned 1 [0107.333] SetEvent (hEvent=0x114) returned 1 [0107.333] GetFileType (hFile=0x180) returned 0x1 [0107.333] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.347] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0107.348] SetEvent (hEvent=0x108) returned 1 [0107.348] GetFileType (hFile=0x180) returned 0x1 [0107.348] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.354] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc00019bd44 | out: lpFileInformation=0xc00019bd44) returned 1 [0107.354] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc00019bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00019bd28) returned 1 [0107.354] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0107.354] ReadFile (in: hFile=0x180, lpBuffer=0xc00026a000, nNumberOfBytesToRead=0x704, lpNumberOfBytesRead=0xc00019bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00026a000*, lpNumberOfBytesRead=0xc00019bc04*=0x504, lpOverlapped=0x0) returned 1 [0107.357] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.359] ReadFile (in: hFile=0x180, lpBuffer=0xc00026a504, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00019bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00026a504*, lpNumberOfBytesRead=0xc00019bc04*=0x0, lpOverlapped=0x0) returned 1 [0107.359] CloseHandle (hObject=0x180) returned 1 [0107.359] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0107.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0107.361] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00019bd04 | out: lpMode=0xc00019bd04) returned 0 [0107.365] GetFileType (hFile=0x180) returned 0x1 [0107.365] WriteFile (in: hFile=0x180, lpBuffer=0xc0000ee000*, nNumberOfBytesToWrite=0x510, lpNumberOfBytesWritten=0xc00019bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesWritten=0xc00019bcec*=0x510, lpOverlapped=0x0) returned 1 [0107.366] CloseHandle (hObject=0x180) returned 1 [0107.366] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0107.367] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0107.367] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00019bd64 | out: lpMode=0xc00019bd64) returned 0 [0107.372] GetFileType (hFile=0x180) returned 0x1 [0107.372] WriteFile (in: hFile=0x180, lpBuffer=0xc000250420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00019bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000250420*, lpNumberOfBytesWritten=0xc00019bd4c*=0x158, lpOverlapped=0x0) returned 1 [0107.372] CloseHandle (hObject=0x180) returned 1 [0107.372] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\encry-04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\encry-04_music_played_in_the_last_month.wpl"), dwFlags=0x1) returned 1 [0107.373] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0107.373] SetEvent (hEvent=0x164) returned 1 [0107.373] SetEvent (hEvent=0xb8) returned 1 [0107.373] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0107.375] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.379] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.379] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0107.379] SetEvent (hEvent=0xb8) returned 1 [0107.379] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.388] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.388] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0107.388] SetEvent (hEvent=0x164) returned 1 [0107.388] SetEvent (hEvent=0x114) returned 1 [0107.389] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.392] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.393] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.398] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.398] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0107.398] SetEvent (hEvent=0x114) returned 1 [0107.398] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.412] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0107.412] SetEvent (hEvent=0x164) returned 1 [0107.412] SetEvent (hEvent=0x114) returned 1 [0107.412] SetEvent (hEvent=0xf4) returned 1 [0107.413] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.415] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.415] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.420] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.420] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0107.420] SetEvent (hEvent=0xb8) returned 1 [0107.420] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.426] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.426] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.438] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.439] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0107.439] SetEvent (hEvent=0xc0) returned 1 [0107.439] SetEvent (hEvent=0xf4) returned 1 [0107.439] SetEvent (hEvent=0x114) returned 1 [0107.439] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.441] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.445] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.445] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0107.445] SetEvent (hEvent=0x120) returned 1 [0107.445] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.471] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0107.471] SetEvent (hEvent=0x164) returned 1 [0107.471] SetEvent (hEvent=0x114) returned 1 [0107.471] SetEvent (hEvent=0x9c) returned 1 [0107.472] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.475] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.475] SetEvent (hEvent=0x114) returned 1 [0107.475] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.479] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.480] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.480] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0107.480] SetEvent (hEvent=0xb8) returned 1 [0107.481] SetEvent (hEvent=0x108) returned 1 [0107.481] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0107.482] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000285cf4 | out: lpMode=0xc000285cf4) returned 0 [0107.483] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.490] SetEvent (hEvent=0x114) returned 1 [0107.490] GetFileType (hFile=0x1b4) returned 0x1 [0107.490] GetFileType (hFile=0x1b4) returned 0x1 [0107.490] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000285d44 | out: lpFileInformation=0xc000285d44) returned 1 [0107.490] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000285d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000285d28) returned 1 [0107.490] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0x5fc, lpNumberOfBytesRead=0xc000285c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc000285c04*=0x3fc, lpOverlapped=0x0) returned 1 [0107.494] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00006a3fc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000285c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a3fc*, lpNumberOfBytesRead=0xc000285c04*=0x0, lpOverlapped=0x0) returned 1 [0107.494] CloseHandle (hObject=0x1b4) returned 1 [0107.494] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0107.495] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0107.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0107.496] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000285d04 | out: lpMode=0xc000285d04) returned 0 [0107.500] GetFileType (hFile=0x1b4) returned 0x1 [0107.500] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0xc000285cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc000285cec*=0x400, lpOverlapped=0x0) returned 1 [0107.501] CloseHandle (hObject=0x1b4) returned 1 [0107.501] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0107.501] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0107.502] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0107.502] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000285d64 | out: lpMode=0xc000285d64) returned 0 [0107.700] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.711] GetFileType (hFile=0x1b4) returned 0x1 [0107.711] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000602c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000285d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000602c0*, lpNumberOfBytesWritten=0xc000285d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.711] CloseHandle (hObject=0x1b4) returned 1 [0107.711] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\08_video_rated_at_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\encry-08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\encry-08_video_rated_at_4_or_5_stars.wpl"), dwFlags=0x1) returned 1 [0107.712] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.726] SetEvent (hEvent=0xf4) returned 1 [0107.726] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.728] SetEvent (hEvent=0xf4) returned 1 [0107.728] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.729] SetEvent (hEvent=0xf4) returned 1 [0107.729] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.730] SetEvent (hEvent=0xf4) returned 1 [0107.730] SetEvent (hEvent=0x108) returned 1 [0107.730] SetEvent (hEvent=0x114) returned 1 [0107.730] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.736] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0107.737] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0107.737] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0107.737] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\05_pictures_taken_in_the_last_month.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x31d)) returned 1 [0107.737] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\06_pictures_rated_4_or_5_stars.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x311)) returned 1 [0107.761] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\07_tv_recorded_in_the_last_week.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x410)) returned 1 [0107.783] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.798] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\08_Video_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\08_video_rated_at_4_or_5_stars.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x3fc)) returned 1 [0107.842] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\09_Music_played_the_most.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\09_music_played_the_most.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x401)) returned 1 [0107.877] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0107.881] SetEvent (hEvent=0x114) returned 1 [0107.881] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0107.882] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0107.882] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0107.882] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x427)) returned 1 [0108.408] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0108.412] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0108.413] SetEvent (hEvent=0x198) returned 1 [0108.413] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.199] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.200] VirtualFree (lpAddress=0xc0002b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.200] VirtualFree (lpAddress=0xc000222000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.200] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.201] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.201] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.201] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.202] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.202] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.202] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.203] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.203] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.203] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.204] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.204] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.212] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.215] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.217] SetEvent (hEvent=0x188) returned 1 [0110.217] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.220] SetEvent (hEvent=0x188) returned 1 [0110.220] SetEvent (hEvent=0x9c) returned 1 [0110.220] SetEvent (hEvent=0xf4) returned 1 [0110.220] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.225] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.229] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.233] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.237] SetEvent (hEvent=0x114) returned 1 [0110.237] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000275818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000275818*=0x3) returned 1 [0110.239] SetEvent (hEvent=0x114) returned 1 [0110.239] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000265818, lpReserved=0x0 | out: lpBuffer=0xc000586006*, lpNumberOfCharsWritten=0xc000265818*=0x3) returned 1 [0110.243] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.244] SetEvent (hEvent=0x188) returned 1 [0110.244] SetEvent (hEvent=0xf4) returned 1 [0110.245] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002380b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d3818, lpReserved=0x0 | out: lpBuffer=0xc0002380b0*, lpNumberOfCharsWritten=0xc0001d3818*=0x3) returned 1 [0110.246] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0110.246] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005a000*, nNumberOfCharsToWrite=0x138, lpNumberOfCharsWritten=0xc0006e1808, lpReserved=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfCharsWritten=0xc0006e1808*=0x138) returned 1 [0110.252] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000238028*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000203818, lpReserved=0x0 | out: lpBuffer=0xc000238028*, lpNumberOfCharsWritten=0xc000203818*=0x3) returned 1 [0110.256] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.259] SetEvent (hEvent=0x120) returned 1 [0110.259] SetEvent (hEvent=0xf4) returned 1 [0110.259] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000283818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc000283818*=0x3) returned 1 [0110.261] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002d9818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc0002d9818*=0x3) returned 1 [0110.263] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020b818, lpReserved=0x0 | out: lpBuffer=0xc000586006*, lpNumberOfCharsWritten=0xc00020b818*=0x3) returned 1 [0110.264] SetEvent (hEvent=0x120) returned 1 [0110.264] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc000586030*, lpNumberOfCharsWritten=0xc0006e1818*=0x3) returned 1 [0110.265] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.267] SetEvent (hEvent=0x108) returned 1 [0110.267] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.270] SetEvent (hEvent=0x108) returned 1 [0110.270] SetEvent (hEvent=0x120) returned 1 [0110.270] SwitchToThread () returned 1 [0110.383] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.386] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.388] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.390] SetEvent (hEvent=0x108) returned 1 [0110.390] SetEvent (hEvent=0x1a0) returned 1 [0110.390] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.391] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.391] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.392] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.392] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002cf818, lpReserved=0x0 | out: lpBuffer=0xc000586018*, lpNumberOfCharsWritten=0xc0002cf818*=0x2) returned 1 [0110.394] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.398] SetEvent (hEvent=0x108) returned 1 [0110.398] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.398] SetEvent (hEvent=0x108) returned 1 [0110.398] SetEvent (hEvent=0x1a0) returned 1 [0110.398] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.399] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586030*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000199818, lpReserved=0x0 | out: lpBuffer=0xc000586030*, lpNumberOfCharsWritten=0xc000199818*=0x2) returned 1 [0110.400] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.404] SetEvent (hEvent=0x108) returned 1 [0110.404] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.409] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.417] SetEvent (hEvent=0xb8) returned 1 [0110.417] SetEvent (hEvent=0x108) returned 1 [0110.417] SetEvent (hEvent=0x13c) returned 1 [0110.417] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.424] SetEvent (hEvent=0x9c) returned 1 [0110.424] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.428] SetEvent (hEvent=0x9c) returned 1 [0110.428] SetEvent (hEvent=0xb8) returned 1 [0110.428] SetEvent (hEvent=0x13c) returned 1 [0110.428] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.584] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.592] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.604] SetEvent (hEvent=0x1a0) returned 1 [0110.604] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.608] SetEvent (hEvent=0x1a0) returned 1 [0110.608] SetEvent (hEvent=0x108) returned 1 [0110.608] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.608] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.608] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.609] VirtualFree (lpAddress=0xc000070000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.609] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.609] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.609] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.610] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.610] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.610] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010050*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00029b818, lpReserved=0x0 | out: lpBuffer=0xc000010050*, lpNumberOfCharsWritten=0xc00029b818*=0x2) returned 1 [0110.611] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.616] SetEvent (hEvent=0x9c) returned 1 [0110.616] SetEvent (hEvent=0x108) returned 1 [0110.616] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0110.617] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0110.618] GetFileType (hFile=0x1b4) returned 0x1 [0110.618] GetFileType (hFile=0x1b4) returned 0x1 [0110.618] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0110.618] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0110.618] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0110.618] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000076000, nNumberOfBytesToRead=0x95a, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc000076000*, lpNumberOfBytesRead=0xc000247c04*=0x75a, lpOverlapped=0x0) returned 1 [0110.621] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00007675a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007675a*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0110.621] CloseHandle (hObject=0x1b4) returned 1 [0110.621] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.621] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0110.621] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.626] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000247d04 | out: lpMode=0xc000247d04) returned 0 [0110.627] GetFileType (hFile=0x1b4) returned 0x1 [0110.627] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0xc000247cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc000247cec*=0x760, lpOverlapped=0x0) returned 1 [0110.628] CloseHandle (hObject=0x1b4) returned 1 [0110.628] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0110.629] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0110.629] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.629] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0110.630] GetFileType (hFile=0x1b4) returned 0x1 [0110.630] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.630] CloseHandle (hObject=0x1b4) returned 1 [0110.630] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBO8dQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbo8dq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBO8dQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbo8dq[1].jpg"), dwFlags=0x1) returned 1 [0110.667] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.668] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0110.668] SetEvent (hEvent=0xb8) returned 1 [0110.668] SetEvent (hEvent=0x9c) returned 1 [0110.668] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.671] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0110.671] SetEvent (hEvent=0x9c) returned 1 [0110.672] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.676] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.693] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.703] SetEvent (hEvent=0x1a0) returned 1 [0110.703] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.705] SetEvent (hEvent=0x1a0) returned 1 [0110.705] SetEvent (hEvent=0x108) returned 1 [0110.706] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.706] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.706] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.706] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.707] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.707] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d7818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0002d7818*=0x2) returned 1 [0110.709] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.718] SetEvent (hEvent=0xb8) returned 1 [0110.718] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.721] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0110.721] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0002d7cf4 | out: lpMode=0xc0002d7cf4) returned 0 [0110.722] GetFileType (hFile=0x1b4) returned 0x1 [0110.722] GetFileType (hFile=0x1b4) returned 0x1 [0110.722] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc0002d7d44 | out: lpFileInformation=0xc0002d7d44) returned 1 [0110.722] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc0002d7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d7d28) returned 1 [0110.722] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0110.723] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0xb74, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc0002d7c04*=0x974, lpOverlapped=0x0) returned 1 [0110.727] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00011c974, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c974*, lpNumberOfBytesRead=0xc0002d7c04*=0x0, lpOverlapped=0x0) returned 1 [0110.727] CloseHandle (hObject=0x1b4) returned 1 [0110.727] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0110.727] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0110.728] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.730] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0002d7d04 | out: lpMode=0xc0002d7d04) returned 0 [0110.730] GetFileType (hFile=0x1b4) returned 0x1 [0110.730] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00005a000*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0xc0002d7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesWritten=0xc0002d7cec*=0x980, lpOverlapped=0x0) returned 1 [0110.731] CloseHandle (hObject=0x1b4) returned 1 [0110.732] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0401 | out: pbBuffer=0xc0000e0401) returned 1 [0110.732] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0110.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.733] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0002d7d64 | out: lpMode=0xc0002d7d64) returned 0 [0110.734] GetFileType (hFile=0x1b4) returned 0x1 [0110.734] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0110.735] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00005e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesWritten=0xc0002d7d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.735] CloseHandle (hObject=0x1b4) returned 1 [0110.737] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbveow[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbveow[1].jpg"), dwFlags=0x1) returned 1 [0110.774] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0110.774] SetEvent (hEvent=0x9c) returned 1 [0110.774] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.775] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0110.775] SetEvent (hEvent=0x9c) returned 1 [0110.775] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.780] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.793] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.802] SetEvent (hEvent=0x1a0) returned 1 [0110.802] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.804] SetEvent (hEvent=0x1a0) returned 1 [0110.805] SetEvent (hEvent=0x108) returned 1 [0110.805] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.805] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.805] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.806] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.806] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000bb818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc0000bb818*=0x2) returned 1 [0110.808] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.813] SetEvent (hEvent=0x108) returned 1 [0110.813] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0110.813] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0110.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0110.814] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0000bbcf4 | out: lpMode=0xc0000bbcf4) returned 0 [0110.815] GetFileType (hFile=0x1dc) returned 0x1 [0110.815] GetFileType (hFile=0x1dc) returned 0x1 [0110.815] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc0000bbd44 | out: lpFileInformation=0xc0000bbd44) returned 1 [0110.815] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc0000bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bbd28) returned 1 [0110.815] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0110.815] ReadFile (in: hFile=0x1dc, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x18d6, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0000bbc04*=0x16d6, lpOverlapped=0x0) returned 1 [0110.819] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0002316d6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002316d6*, lpNumberOfBytesRead=0xc0000bbc04*=0x0, lpOverlapped=0x0) returned 1 [0110.819] CloseHandle (hObject=0x1dc) returned 1 [0110.820] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0110.820] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0110.820] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0110.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0110.826] SetEvent (hEvent=0xc0) returned 1 [0110.826] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0000bbd04 | out: lpMode=0xc0000bbd04) returned 0 [0110.827] GetFileType (hFile=0x1dc) returned 0x1 [0110.827] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000fa000*, nNumberOfBytesToWrite=0x16e0, lpNumberOfBytesWritten=0xc0000bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesWritten=0xc0000bbcec*=0x16e0, lpOverlapped=0x0) returned 1 [0110.828] CloseHandle (hObject=0x1dc) returned 1 [0110.829] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0110.829] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0110.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.830] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0000bbd64 | out: lpMode=0xc0000bbd64) returned 0 [0110.830] GetFileType (hFile=0x1b4) returned 0x1 [0110.830] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.830] CloseHandle (hObject=0x1b4) returned 1 [0110.832] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBsqNL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbsqnl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBsqNL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbsqnl[1].jpg"), dwFlags=0x1) returned 1 [0110.867] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.867] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0110.867] SetEvent (hEvent=0xc0) returned 1 [0110.867] SetEvent (hEvent=0xb8) returned 1 [0110.868] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.869] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.869] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.872] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.872] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0110.872] SetEvent (hEvent=0xb8) returned 1 [0110.873] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.873] SetEvent (hEvent=0x13c) returned 1 [0110.873] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.880] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.882] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.887] SetEvent (hEvent=0x108) returned 1 [0110.887] SetEvent (hEvent=0xb8) returned 1 [0110.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0110.888] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00022bcf4 | out: lpMode=0xc00022bcf4) returned 0 [0110.888] GetFileType (hFile=0x128) returned 0x1 [0110.888] GetFileType (hFile=0x128) returned 0x1 [0110.888] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00022bd44 | out: lpFileInformation=0xc00022bd44) returned 1 [0110.888] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00022bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022bd28) returned 1 [0110.888] VirtualAlloc (lpAddress=0xc0002b2000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b2000 [0110.889] ReadFile (in: hFile=0x128, lpBuffer=0xc0002b2000, nNumberOfBytesToRead=0x19a5, lpNumberOfBytesRead=0xc00022bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b2000*, lpNumberOfBytesRead=0xc00022bc04*=0x17a5, lpOverlapped=0x0) returned 1 [0110.892] ReadFile (in: hFile=0x128, lpBuffer=0xc0002b37a5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b37a5*, lpNumberOfBytesRead=0xc00022bc04*=0x0, lpOverlapped=0x0) returned 1 [0110.892] CloseHandle (hObject=0x128) returned 1 [0110.892] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0110.892] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0110.893] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.902] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00022bd04 | out: lpMode=0xc00022bd04) returned 0 [0110.902] GetFileType (hFile=0x1bc) returned 0x1 [0110.902] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0001e2000*, nNumberOfBytesToWrite=0x17b0, lpNumberOfBytesWritten=0xc00022bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesWritten=0xc00022bcec*=0x17b0, lpOverlapped=0x0) returned 1 [0110.903] CloseHandle (hObject=0x1bc) returned 1 [0110.904] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0110.904] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0110.905] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0110.905] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0110.905] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0110.906] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.906] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00022bd64 | out: lpMode=0xc00022bd64) returned 0 [0110.907] GetFileType (hFile=0x1b4) returned 0x1 [0110.907] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00022bd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.908] CloseHandle (hObject=0x1b4) returned 1 [0110.913] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0110.914] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0alc[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbc0alc[1].jpg"), dwFlags=0x1) returned 1 [0110.934] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0110.934] SetEvent (hEvent=0x1a0) returned 1 [0110.934] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0110.936] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.937] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0110.937] SetEvent (hEvent=0x1a0) returned 1 [0110.937] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.940] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.941] SetEvent (hEvent=0x13c) returned 1 [0110.941] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.943] SetEvent (hEvent=0x9c) returned 1 [0110.943] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.945] SetEvent (hEvent=0x9c) returned 1 [0110.945] SetEvent (hEvent=0x13c) returned 1 [0110.945] SetEvent (hEvent=0x108) returned 1 [0110.945] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.949] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0110.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0110.953] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0000bbcf4 | out: lpMode=0xc0000bbcf4) returned 0 [0110.958] GetFileType (hFile=0x1bc) returned 0x1 [0110.958] GetFileType (hFile=0x1bc) returned 0x1 [0110.958] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0000bbd44 | out: lpFileInformation=0xc0000bbd44) returned 1 [0110.958] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0000bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bbd28) returned 1 [0110.958] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0110.959] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x9fe, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc0000bbc04*=0x7fe, lpOverlapped=0x0) returned 1 [0110.972] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00004c7fe, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c7fe*, lpNumberOfBytesRead=0xc0000bbc04*=0x0, lpOverlapped=0x0) returned 1 [0110.972] CloseHandle (hObject=0x1bc) returned 1 [0110.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0110.999] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0000bbd04 | out: lpMode=0xc0000bbd04) returned 0 [0111.001] GetFileType (hFile=0x1dc) returned 0x1 [0111.001] WriteFile (in: hFile=0x1dc, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0xc0000bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc0000bbcec*=0x800, lpOverlapped=0x0) returned 1 [0111.002] CloseHandle (hObject=0x1dc) returned 1 [0111.004] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001201 | out: pbBuffer=0xc000001201) returned 1 [0111.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0111.004] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0000bbd64 | out: lpMode=0xc0000bbd64) returned 0 [0111.007] GetFileType (hFile=0x1b4) returned 0x1 [0111.007] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc0000bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.007] CloseHandle (hObject=0x1b4) returned 1 [0111.008] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0rDa[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0rda[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBC0rDa[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbc0rda[2].jpg"), dwFlags=0x1) returned 1 [0111.068] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.072] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.075] SetEvent (hEvent=0xb8) returned 1 [0111.075] SetEvent (hEvent=0x198) returned 1 [0111.075] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.076] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.076] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc000060010*, lpNumberOfCharsWritten=0xc000247818*=0x2) returned 1 [0111.077] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.083] SetEvent (hEvent=0xb8) returned 1 [0111.083] SwitchToThread () returned 1 [0111.083] SetEvent (hEvent=0xb8) returned 1 [0111.083] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.084] SetEvent (hEvent=0xb8) returned 1 [0111.084] SetEvent (hEvent=0x13c) returned 1 [0111.084] VirtualFree (lpAddress=0xc0002ea000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.084] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.084] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.085] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000bb818, lpReserved=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfCharsWritten=0xc0000bb818*=0x2) returned 1 [0111.086] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.088] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060030*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00026f818, lpReserved=0x0 | out: lpBuffer=0xc000060030*, lpNumberOfCharsWritten=0xc00026f818*=0x2) returned 1 [0111.090] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0111.090] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.093] SetEvent (hEvent=0xb8) returned 1 [0111.093] SetEvent (hEvent=0x164) returned 1 [0111.093] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.093] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.093] VirtualFree (lpAddress=0xc00004c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.094] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000e5818, lpReserved=0x0 | out: lpBuffer=0xc000060010*, lpNumberOfCharsWritten=0xc0000e5818*=0x2) returned 1 [0111.097] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.109] SetEvent (hEvent=0x1a0) returned 1 [0111.109] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.110] SetEvent (hEvent=0x1a0) returned 1 [0111.110] SetEvent (hEvent=0x164) returned 1 [0111.110] VirtualFree (lpAddress=0xc0002fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.111] VirtualFree (lpAddress=0xc0002f2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.111] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.112] VirtualFree (lpAddress=0xc000076000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.112] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.112] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.112] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.113] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.113] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000187818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000187818*=0x2) returned 1 [0111.114] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.115] SetEvent (hEvent=0x120) returned 1 [0111.115] SetEvent (hEvent=0x164) returned 1 [0111.115] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0111.116] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0111.116] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000183cf4 | out: lpMode=0xc000183cf4) returned 0 [0111.117] GetFileType (hFile=0x1e4) returned 0x1 [0111.117] GetFileType (hFile=0x1e4) returned 0x1 [0111.117] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc000183d44 | out: lpFileInformation=0xc000183d44) returned 1 [0111.117] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc000183d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000183d28) returned 1 [0111.117] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0111.118] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0xab9, lpNumberOfBytesRead=0xc000183c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc000183c04*=0x8b9, lpOverlapped=0x0) returned 1 [0111.123] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00025a8b9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000183c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a8b9*, lpNumberOfBytesRead=0xc000183c04*=0x0, lpOverlapped=0x0) returned 1 [0111.123] CloseHandle (hObject=0x1e4) returned 1 [0111.124] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0111.124] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0111.125] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.132] SetEvent (hEvent=0xc0) returned 1 [0111.132] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000183d04 | out: lpMode=0xc000183d04) returned 0 [0111.133] GetFileType (hFile=0x1e4) returned 0x1 [0111.133] WriteFile (in: hFile=0x1e4, lpBuffer=0xc000124000*, nNumberOfBytesToWrite=0x8c0, lpNumberOfBytesWritten=0xc000183cec, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesWritten=0xc000183cec*=0x8c0, lpOverlapped=0x0) returned 1 [0111.134] CloseHandle (hObject=0x1e4) returned 1 [0111.134] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0111.135] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0111.135] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0111.136] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0111.136] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.136] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000183d64 | out: lpMode=0xc000183d64) returned 0 [0111.136] GetFileType (hFile=0x1e4) returned 0x1 [0111.136] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000183d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000183d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.137] CloseHandle (hObject=0x1e4) returned 1 [0111.137] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEcHle[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbechle[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEcHle[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbechle[1].jpg"), dwFlags=0x1) returned 1 [0111.175] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0111.175] SetEvent (hEvent=0x13c) returned 1 [0111.175] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.177] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.177] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0111.177] SetEvent (hEvent=0x13c) returned 1 [0111.177] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.182] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.182] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.217] SetEvent (hEvent=0x164) returned 1 [0111.217] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.220] SetEvent (hEvent=0x164) returned 1 [0111.220] SetEvent (hEvent=0xb8) returned 1 [0111.220] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.221] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.221] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.221] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.222] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.222] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.222] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.222] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.223] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.223] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.223] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000c1818, lpReserved=0x0 | out: lpBuffer=0xc000060008*, lpNumberOfCharsWritten=0xc0000c1818*=0x2) returned 1 [0111.226] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.232] SetEvent (hEvent=0x1a0) returned 1 [0111.233] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0111.235] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00026dcf4 | out: lpMode=0xc00026dcf4) returned 0 [0111.236] GetFileType (hFile=0x1dc) returned 0x1 [0111.237] GetFileType (hFile=0x1dc) returned 0x1 [0111.237] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc00026dd44 | out: lpFileInformation=0xc00026dd44) returned 1 [0111.237] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc00026dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026dd28) returned 1 [0111.237] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0111.237] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x8d0, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc00026dc04*=0x6d0, lpOverlapped=0x0) returned 1 [0111.242] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0000ee6d0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee6d0*, lpNumberOfBytesRead=0xc00026dc04*=0x0, lpOverlapped=0x0) returned 1 [0111.242] CloseHandle (hObject=0x1dc) returned 1 [0111.243] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0111.243] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0111.244] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.246] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00026dd04 | out: lpMode=0xc00026dd04) returned 0 [0111.246] GetFileType (hFile=0x1dc) returned 0x1 [0111.246] WriteFile (in: hFile=0x1dc, lpBuffer=0xc000056000*, nNumberOfBytesToWrite=0x6e0, lpNumberOfBytesWritten=0xc00026dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesWritten=0xc00026dcec*=0x6e0, lpOverlapped=0x0) returned 1 [0111.247] CloseHandle (hObject=0x1dc) returned 1 [0111.248] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082501 | out: pbBuffer=0xc000082501) returned 1 [0111.248] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0111.248] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.248] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00026dd64 | out: lpMode=0xc00026dd64) returned 0 [0111.249] GetFileType (hFile=0x1dc) returned 0x1 [0111.249] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00026dd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.249] CloseHandle (hObject=0x1dc) returned 1 [0111.250] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdtWw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedtww[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEdtWw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbedtww[1].jpg"), dwFlags=0x1) returned 1 [0111.289] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.290] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0111.290] SetEvent (hEvent=0x1a0) returned 1 [0111.290] SetEvent (hEvent=0x13c) returned 1 [0111.290] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0111.291] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.295] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0111.295] SetEvent (hEvent=0x13c) returned 1 [0111.295] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.299] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.314] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.325] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.328] SetEvent (hEvent=0x164) returned 1 [0111.328] SetEvent (hEvent=0xb8) returned 1 [0111.328] VirtualFree (lpAddress=0xc00006a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.329] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.329] VirtualFree (lpAddress=0xc00004e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.329] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.329] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000183818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc000183818*=0x2) returned 1 [0111.331] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.338] SetEvent (hEvent=0x1a0) returned 1 [0111.339] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.344] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0111.344] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000183cf4 | out: lpMode=0xc000183cf4) returned 0 [0111.345] GetFileType (hFile=0x1bc) returned 0x1 [0111.345] GetFileType (hFile=0x1bc) returned 0x1 [0111.345] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000183d44 | out: lpFileInformation=0xc000183d44) returned 1 [0111.345] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000183d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000183d28) returned 1 [0111.345] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0111.346] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0xb80, lpNumberOfBytesRead=0xc000183c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc000183c04*=0x980, lpOverlapped=0x0) returned 1 [0111.350] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00011c980, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000183c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c980*, lpNumberOfBytesRead=0xc000183c04*=0x0, lpOverlapped=0x0) returned 1 [0111.351] CloseHandle (hObject=0x1bc) returned 1 [0111.351] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0111.351] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0111.352] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0111.353] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000183d04 | out: lpMode=0xc000183d04) returned 0 [0111.354] GetFileType (hFile=0x1bc) returned 0x1 [0111.354] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000126000*, nNumberOfBytesToWrite=0x990, lpNumberOfBytesWritten=0xc000183cec, lpOverlapped=0x0 | out: lpBuffer=0xc000126000*, lpNumberOfBytesWritten=0xc000183cec*=0x990, lpOverlapped=0x0) returned 1 [0111.355] CloseHandle (hObject=0x1bc) returned 1 [0111.355] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0111.355] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0111.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0111.356] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000183d64 | out: lpMode=0xc000183d64) returned 0 [0111.357] GetFileType (hFile=0x1bc) returned 0x1 [0111.357] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000183d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000183d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.357] CloseHandle (hObject=0x1bc) returned 1 [0111.357] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgGSl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeggsl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEgGSl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbeggsl[1].jpg"), dwFlags=0x1) returned 1 [0111.401] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0111.401] SetEvent (hEvent=0x13c) returned 1 [0111.401] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0111.402] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.404] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.404] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0111.404] SetEvent (hEvent=0x13c) returned 1 [0111.404] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.410] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.410] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.425] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.434] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.438] SetEvent (hEvent=0x164) returned 1 [0111.438] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.439] SetEvent (hEvent=0x164) returned 1 [0111.439] SetEvent (hEvent=0xb8) returned 1 [0111.439] VirtualFree (lpAddress=0xc00025a000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0111.440] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.440] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.440] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.441] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.441] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00026f818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc00026f818*=0x2) returned 1 [0111.443] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.469] SetEvent (hEvent=0x1a0) returned 1 [0111.469] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.471] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0111.472] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0000bbcf4 | out: lpMode=0xc0000bbcf4) returned 0 [0111.473] GetFileType (hFile=0x1dc) returned 0x1 [0111.473] GetFileType (hFile=0x1dc) returned 0x1 [0111.473] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc0000bbd44 | out: lpFileInformation=0xc0000bbd44) returned 1 [0111.473] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc0000bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bbd28) returned 1 [0111.473] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0111.474] ReadFile (in: hFile=0x1dc, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x1a26, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0000bbc04*=0x1826, lpOverlapped=0x0) returned 1 [0111.480] ReadFile (in: hFile=0x1dc, lpBuffer=0xc000231826, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000231826*, lpNumberOfBytesRead=0xc0000bbc04*=0x0, lpOverlapped=0x0) returned 1 [0111.480] CloseHandle (hObject=0x1dc) returned 1 [0111.480] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0111.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.483] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0000bbd04 | out: lpMode=0xc0000bbd04) returned 0 [0111.483] GetFileType (hFile=0x1dc) returned 0x1 [0111.483] WriteFile (in: hFile=0x1dc, lpBuffer=0xc00050d980*, nNumberOfBytesToWrite=0x1830, lpNumberOfBytesWritten=0xc0000bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesWritten=0xc0000bbcec*=0x1830, lpOverlapped=0x0) returned 1 [0111.484] CloseHandle (hObject=0x1dc) returned 1 [0111.484] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0111.484] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0111.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.485] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0000bbd64 | out: lpMode=0xc0000bbd64) returned 0 [0111.485] GetFileType (hFile=0x1dc) returned 0x1 [0111.485] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.485] CloseHandle (hObject=0x1dc) returned 1 [0111.486] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgtcS[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegtcs[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEgtcS[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbegtcs[2].jpg"), dwFlags=0x1) returned 1 [0111.516] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.517] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0111.517] SetEvent (hEvent=0x1a0) returned 1 [0111.517] SetEvent (hEvent=0x13c) returned 1 [0111.517] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0111.518] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.521] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.521] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0111.521] SetEvent (hEvent=0x13c) returned 1 [0111.521] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.527] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.527] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.543] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.553] SetEvent (hEvent=0x164) returned 1 [0111.553] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.555] SetEvent (hEvent=0x164) returned 1 [0111.555] SetEvent (hEvent=0xb8) returned 1 [0111.555] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.556] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.556] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.556] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010050*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000217818, lpReserved=0x0 | out: lpBuffer=0xc000010050*, lpNumberOfCharsWritten=0xc000217818*=0x2) returned 1 [0111.558] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.563] SetEvent (hEvent=0x1a0) returned 1 [0111.563] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.566] SetEvent (hEvent=0x1a0) returned 1 [0111.566] SwitchToThread () returned 1 [0111.566] SetEvent (hEvent=0xb8) returned 1 [0111.566] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0111.567] SetEvent (hEvent=0x1a0) returned 1 [0111.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0111.567] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0000c7cf4 | out: lpMode=0xc0000c7cf4) returned 0 [0111.568] GetFileType (hFile=0x1e4) returned 0x1 [0111.568] GetFileType (hFile=0x1e4) returned 0x1 [0111.568] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc0000c7d44 | out: lpFileInformation=0xc0000c7d44) returned 1 [0111.568] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc0000c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c7d28) returned 1 [0111.569] ReadFile (in: hFile=0x1e4, lpBuffer=0xc000050000, nNumberOfBytesToRead=0x34d, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesRead=0xc0000c7c04*=0x14d, lpOverlapped=0x0) returned 1 [0111.571] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00005014d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005014d*, lpNumberOfBytesRead=0xc0000c7c04*=0x0, lpOverlapped=0x0) returned 1 [0111.572] CloseHandle (hObject=0x1e4) returned 1 [0111.572] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.574] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0000c7d04 | out: lpMode=0xc0000c7d04) returned 0 [0111.575] GetFileType (hFile=0x180) returned 0x1 [0111.575] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0xc0000c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0000c7cec*=0x150, lpOverlapped=0x0) returned 1 [0111.576] CloseHandle (hObject=0x180) returned 1 [0111.577] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0111.577] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0111.577] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0111.578] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.578] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0000c7d64 | out: lpMode=0xc0000c7d64) returned 0 [0111.579] GetFileType (hFile=0x180) returned 0x1 [0111.579] WriteFile (in: hFile=0x180, lpBuffer=0xc00003c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00003c2c0*, lpNumberOfBytesWritten=0xc0000c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.579] CloseHandle (hObject=0x180) returned 1 [0111.582] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBn4lUU[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbn4luu[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBn4lUU[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbn4luu[1].png"), dwFlags=0x1) returned 1 [0111.657] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0111.657] SetEvent (hEvent=0xb8) returned 1 [0111.657] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0111.658] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.661] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.661] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.666] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0111.666] SetEvent (hEvent=0x1a0) returned 1 [0111.666] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.673] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.673] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.694] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.703] SetEvent (hEvent=0x9c) returned 1 [0111.703] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.706] SetEvent (hEvent=0x9c) returned 1 [0111.706] SetEvent (hEvent=0x13c) returned 1 [0111.706] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.706] VirtualFree (lpAddress=0xc000160000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.707] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.707] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.707] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.707] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586038*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001a5818, lpReserved=0x0 | out: lpBuffer=0xc000586038*, lpNumberOfCharsWritten=0xc0001a5818*=0x2) returned 1 [0111.712] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.720] SetEvent (hEvent=0xb8) returned 1 [0111.720] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.721] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0111.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\Passport[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\passport[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0111.723] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001a5cf4 | out: lpMode=0xc0001a5cf4) returned 0 [0111.724] GetFileType (hFile=0x1e4) returned 0x1 [0111.724] GetFileType (hFile=0x1e4) returned 0x1 [0111.724] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc0001a5d44 | out: lpFileInformation=0xc0001a5d44) returned 1 [0111.724] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc0001a5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a5d28) returned 1 [0111.724] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0111.725] ReadFile (in: hFile=0x1e4, lpBuffer=0xc000120000, nNumberOfBytesToRead=0x340, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesRead=0xc0001a5c04*=0x140, lpOverlapped=0x0) returned 1 [0111.729] ReadFile (in: hFile=0x1e4, lpBuffer=0xc000120140, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000120140*, lpNumberOfBytesRead=0xc0001a5c04*=0x0, lpOverlapped=0x0) returned 1 [0111.729] CloseHandle (hObject=0x1e4) returned 1 [0111.729] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0111.730] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\Passport[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\passport[1].htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.732] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001a5d04 | out: lpMode=0xc0001a5d04) returned 0 [0111.732] GetFileType (hFile=0x1e4) returned 0x1 [0111.732] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0xc0001a5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0001a5cec*=0x150, lpOverlapped=0x0) returned 1 [0111.734] CloseHandle (hObject=0x1e4) returned 1 [0111.735] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0111.735] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\Passport[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\passport[1].htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0111.735] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001a5d64 | out: lpMode=0xc0001a5d64) returned 0 [0111.736] GetFileType (hFile=0x1bc) returned 0x1 [0111.736] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001a5d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.736] CloseHandle (hObject=0x1bc) returned 1 [0111.739] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0111.739] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0111.740] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\Passport[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\passport[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-Passport[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-passport[1].htm"), dwFlags=0x1) returned 1 [0111.776] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.777] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0111.777] SetEvent (hEvent=0x1a0) returned 1 [0111.777] SetEvent (hEvent=0xb8) returned 1 [0111.777] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0111.779] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.781] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.781] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0111.781] SetEvent (hEvent=0xb8) returned 1 [0111.781] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.786] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.786] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.804] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.813] SetEvent (hEvent=0x9c) returned 1 [0111.813] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.817] SetEvent (hEvent=0x9c) returned 1 [0111.817] SetEvent (hEvent=0x13c) returned 1 [0111.817] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.817] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.818] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586038*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00010d818, lpReserved=0x0 | out: lpBuffer=0xc000586038*, lpNumberOfCharsWritten=0xc00010d818*=0x2) returned 1 [0111.818] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.828] SetEvent (hEvent=0x1a0) returned 1 [0111.828] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0111.832] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001b9cf4 | out: lpMode=0xc0001b9cf4) returned 0 [0111.832] GetFileType (hFile=0x1e4) returned 0x1 [0111.832] GetFileType (hFile=0x1e4) returned 0x1 [0111.832] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc0001b9d44 | out: lpFileInformation=0xc0001b9d44) returned 1 [0111.832] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc0001b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b9d28) returned 1 [0111.832] ReadFile (in: hFile=0x1e4, lpBuffer=0xc000070800, nNumberOfBytesToRead=0x732, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000070800*, lpNumberOfBytesRead=0xc0001b9c04*=0x532, lpOverlapped=0x0) returned 1 [0111.836] ReadFile (in: hFile=0x1e4, lpBuffer=0xc000070d32, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000070d32*, lpNumberOfBytesRead=0xc0001b9c04*=0x0, lpOverlapped=0x0) returned 1 [0111.836] CloseHandle (hObject=0x1e4) returned 1 [0111.837] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.840] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001b9d04 | out: lpMode=0xc0001b9d04) returned 0 [0111.841] GetFileType (hFile=0x1e4) returned 0x1 [0111.841] WriteFile (in: hFile=0x1e4, lpBuffer=0xc000072000*, nNumberOfBytesToWrite=0x540, lpNumberOfBytesWritten=0xc0001b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfBytesWritten=0xc0001b9cec*=0x540, lpOverlapped=0x0) returned 1 [0111.842] CloseHandle (hObject=0x1e4) returned 1 [0111.842] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0111.842] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.842] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001b9d64 | out: lpMode=0xc0001b9d64) returned 0 [0111.843] GetFileType (hFile=0x1e4) returned 0x1 [0111.843] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.843] CloseHandle (hObject=0x1e4) returned 1 [0111.844] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[3]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-async_usersync[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-async_usersync[3]"), dwFlags=0x1) returned 1 [0111.887] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.888] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0111.888] SetEvent (hEvent=0x1a0) returned 1 [0111.888] SetEvent (hEvent=0xb8) returned 1 [0111.888] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0111.889] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.896] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0111.896] SetEvent (hEvent=0xb8) returned 1 [0111.896] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.903] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.926] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.940] SetEvent (hEvent=0x9c) returned 1 [0111.940] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.944] SetEvent (hEvent=0x9c) returned 1 [0111.944] SetEvent (hEvent=0x13c) returned 1 [0111.944] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0111.945] VirtualFree (lpAddress=0xc00025a000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0111.945] VirtualFree (lpAddress=0xc000078000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.946] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.946] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.946] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.946] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.947] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010058*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001a5818, lpReserved=0x0 | out: lpBuffer=0xc000010058*, lpNumberOfCharsWritten=0xc0001a5818*=0x2) returned 1 [0111.948] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.954] SetEvent (hEvent=0x1a0) returned 1 [0111.955] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.956] SetEvent (hEvent=0x1a0) returned 1 [0111.956] SetEvent (hEvent=0x13c) returned 1 [0111.956] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.956] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.957] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.957] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0004df818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0004df818*=0x2) returned 1 [0111.958] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.968] SetEvent (hEvent=0xb8) returned 1 [0111.968] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0111.970] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0111.971] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0111.971] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0111.972] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00024bcf4 | out: lpMode=0xc00024bcf4) returned 0 [0111.973] GetFileType (hFile=0x1bc) returned 0x1 [0111.973] GetFileType (hFile=0x1bc) returned 0x1 [0111.973] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc00024bd44 | out: lpFileInformation=0xc00024bd44) returned 1 [0111.973] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc00024bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024bd28) returned 1 [0111.973] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x3a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0111.978] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002e2000, nNumberOfBytesToRead=0x39c21, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesRead=0xc00024bc04*=0x39a21, lpOverlapped=0x0) returned 1 [0111.984] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00031ba21, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00031ba21*, lpNumberOfBytesRead=0xc00024bc04*=0x0, lpOverlapped=0x0) returned 1 [0111.984] CloseHandle (hObject=0x1bc) returned 1 [0111.985] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0111.985] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x3a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0111.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0111.994] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00024bd04 | out: lpMode=0xc00024bd04) returned 0 [0111.995] GetFileType (hFile=0x1bc) returned 0x1 [0111.995] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000346000*, nNumberOfBytesToWrite=0x39a30, lpNumberOfBytesWritten=0xc00024bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesWritten=0xc00024bcec*=0x39a30, lpOverlapped=0x0) returned 1 [0112.000] CloseHandle (hObject=0x1bc) returned 1 [0112.001] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0112.001] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0112.002] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0112.002] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00024bd64 | out: lpMode=0xc00024bd64) returned 0 [0112.003] GetFileType (hFile=0x1bc) returned 0x1 [0112.003] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00024bd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.003] CloseHandle (hObject=0x1bc) returned 1 [0112.004] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\f8-028d9f-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\f8-028d9f-f30905ea[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-f8-028d9f-f30905ea[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-f8-028d9f-f30905ea[1]"), dwFlags=0x1) returned 1 [0112.047] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0112.047] SetEvent (hEvent=0xb8) returned 1 [0112.048] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.050] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0112.050] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0112.050] SetEvent (hEvent=0xb8) returned 1 [0112.050] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.055] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0112.055] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0112.056] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0112.056] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0112.056] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0112.057] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00027fcf4 | out: lpMode=0xc00027fcf4) returned 0 [0112.058] GetFileType (hFile=0x1e4) returned 0x1 [0112.058] GetFileType (hFile=0x1e4) returned 0x1 [0112.058] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc00027fd44 | out: lpFileInformation=0xc00027fd44) returned 1 [0112.058] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc00027fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027fd28) returned 1 [0112.058] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0000e4000, nNumberOfBytesToRead=0x1505, lpNumberOfBytesRead=0xc00027fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesRead=0xc00027fc04*=0x1305, lpOverlapped=0x0) returned 1 [0112.061] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0000e5305, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e5305*, lpNumberOfBytesRead=0xc00027fc04*=0x0, lpOverlapped=0x0) returned 1 [0112.061] CloseHandle (hObject=0x1e4) returned 1 [0112.061] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0112.063] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00027fd04 | out: lpMode=0xc00027fd04) returned 0 [0112.063] GetFileType (hFile=0x1e4) returned 0x1 [0112.063] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d1500*, nNumberOfBytesToWrite=0x1310, lpNumberOfBytesWritten=0xc00027fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesWritten=0xc00027fcec*=0x1310, lpOverlapped=0x0) returned 1 [0112.065] CloseHandle (hObject=0x1e4) returned 1 [0112.065] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0112.065] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0112.066] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0112.066] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0112.067] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0112.067] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0112.067] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00027fd64 | out: lpMode=0xc00027fd64) returned 0 [0112.068] GetFileType (hFile=0x1e4) returned 0x1 [0112.068] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000be2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be2c0*, lpNumberOfBytesWritten=0xc00027fd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.068] CloseHandle (hObject=0x1e4) returned 1 [0112.069] MoveFileExW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede12;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=1;target=_blank;aduho=600;grp=852361999[1]"), dwFlags=0x1) returned 1 [0112.126] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0112.126] SetEvent (hEvent=0x1a0) returned 1 [0112.126] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0112.128] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.130] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0112.130] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.133] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0112.133] SetEvent (hEvent=0x13c) returned 1 [0112.134] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.139] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0112.139] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0112.179] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0112.186] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0112.195] SetEvent (hEvent=0x1a0) returned 1 [0112.195] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0112.196] SetEvent (hEvent=0x1a0) returned 1 [0112.196] SetEvent (hEvent=0x164) returned 1 [0112.196] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.196] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.196] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.197] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.197] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0112.197] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010058*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00022d818, lpReserved=0x0 | out: lpBuffer=0xc000010058*, lpNumberOfCharsWritten=0xc00022d818*=0x2) returned 1 [0112.198] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0112.206] SetEvent (hEvent=0xb8) returned 1 [0112.206] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0112.208] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0112.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\postmessageRelay[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\postmessagerelay[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0112.209] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000159cf4 | out: lpMode=0xc000159cf4) returned 0 [0112.209] GetFileType (hFile=0x1e4) returned 0x1 [0112.210] GetFileType (hFile=0x1e4) returned 0x1 [0112.210] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc000159d44 | out: lpFileInformation=0xc000159d44) returned 1 [0112.210] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc000159d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000159d28) returned 1 [0112.210] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x3fa, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc000159c04*=0x1fa, lpOverlapped=0x0) returned 1 [0112.211] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00004e1fa, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e1fa*, lpNumberOfBytesRead=0xc000159c04*=0x0, lpOverlapped=0x0) returned 1 [0112.211] CloseHandle (hObject=0x1e4) returned 1 [0112.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\postmessageRelay[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\postmessagerelay[1].htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0112.217] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000159d04 | out: lpMode=0xc000159d04) returned 0 [0112.217] GetFileType (hFile=0x1e4) returned 0x1 [0112.217] WriteFile (in: hFile=0x1e4, lpBuffer=0xc00006c000*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0xc000159cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesWritten=0xc000159cec*=0x200, lpOverlapped=0x0) returned 1 [0112.218] CloseHandle (hObject=0x1e4) returned 1 [0112.219] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0112.219] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\postmessageRelay[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\postmessagerelay[1].htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0112.219] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000159d64 | out: lpMode=0xc000159d64) returned 0 [0112.220] GetFileType (hFile=0x1e4) returned 0x1 [0112.220] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000159d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000159d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.220] CloseHandle (hObject=0x1e4) returned 1 [0112.221] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\postmessageRelay[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\postmessagerelay[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-postmessageRelay[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-postmessagerelay[1].htm"), dwFlags=0x1) returned 1 [0112.280] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0112.280] SetEvent (hEvent=0x1a0) returned 1 [0112.281] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.287] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0112.287] SetEvent (hEvent=0x1a0) returned 1 [0112.287] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.340] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.341] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0112.341] SetEvent (hEvent=0xc0) returned 1 [0112.341] SetEvent (hEvent=0x164) returned 1 [0112.341] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.342] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.349] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0112.349] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.350] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0112.350] SetEvent (hEvent=0xc0) returned 1 [0112.350] SetEvent (hEvent=0x1a0) returned 1 [0112.350] SetEvent (hEvent=0x164) returned 1 [0112.350] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.354] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x1e000, dwFreeType=0x4000) returned 1 [0112.355] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.356] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.356] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.356] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.357] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00018d818, lpReserved=0x0 | out: lpBuffer=0xc000586018*, lpNumberOfCharsWritten=0xc00018d818*=0x2) returned 1 [0112.365] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00058601c*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc00058601c*, lpNumberOfCharsWritten=0xc000241818*=0x2) returned 1 [0112.369] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0112.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0112.370] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0112.374] GetFileType (hFile=0x1e4) returned 0x1 [0112.374] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0112.374] GetFileType (hFile=0x1e4) returned 0x1 [0112.374] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0112.375] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0112.375] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0112.375] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0112.377] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0xe655, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc0006e1c04*=0xe455, lpOverlapped=0x0) returned 1 [0112.382] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0112.397] ReadFile (in: hFile=0x1e4, lpBuffer=0xc000268455, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000268455*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0112.397] CloseHandle (hObject=0x1e4) returned 1 [0112.397] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0112.398] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0112.399] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0112.399] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0112.405] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0112.409] GetFileType (hFile=0x180) returned 0x1 [0112.409] WriteFile (in: hFile=0x180, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0xe460, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc0006e1cec*=0xe460, lpOverlapped=0x0) returned 1 [0112.411] CloseHandle (hObject=0x180) returned 1 [0112.419] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0112.434] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0112.434] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0112.435] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0112.435] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0112.435] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0112.437] GetFileType (hFile=0x1bc) returned 0x1 [0112.437] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000fe420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe420*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.437] CloseHandle (hObject=0x1bc) returned 1 [0112.440] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\000000929096[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\000000929096[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-000000929096[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-000000929096[1].gif"), dwFlags=0x1) returned 1 [0112.539] SetEvent (hEvent=0xc0) returned 1 [0112.539] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0112.539] SetEvent (hEvent=0x1a0) returned 1 [0112.539] VirtualAlloc (lpAddress=0xc000312000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000312000 [0112.540] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.541] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0112.541] SetEvent (hEvent=0x1a0) returned 1 [0112.541] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.546] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0114.140] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0114.141] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000277cf4 | out: lpMode=0xc000277cf4) returned 0 [0114.145] GetFileType (hFile=0x180) returned 0x1 [0114.145] GetFileType (hFile=0x180) returned 0x1 [0114.145] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc000277d44 | out: lpFileInformation=0xc000277d44) returned 1 [0114.145] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc000277d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000277d28) returned 1 [0114.145] ReadFile (in: hFile=0x180, lpBuffer=0xc00013a400, nNumberOfBytesToRead=0x3af, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013a400*, lpNumberOfBytesRead=0xc000277c04*=0x1af, lpOverlapped=0x0) returned 1 [0114.157] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0114.216] ReadFile (in: hFile=0x180, lpBuffer=0xc00013a5af, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc00013a5af*, lpNumberOfBytesRead=0xc000277c04*=0x0, lpOverlapped=0x0) returned 1 [0114.217] CloseHandle (hObject=0x180) returned 1 [0114.217] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0114.217] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0114.256] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0114.362] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000277d04 | out: lpMode=0xc000277d04) returned 0 [0114.363] GetFileType (hFile=0x150) returned 0x1 [0114.363] WriteFile (in: hFile=0x150, lpBuffer=0xc000244000*, nNumberOfBytesToWrite=0x1b0, lpNumberOfBytesWritten=0xc000277cec, lpOverlapped=0x0 | out: lpBuffer=0xc000244000*, lpNumberOfBytesWritten=0xc000277cec*=0x1b0, lpOverlapped=0x0) returned 1 [0114.364] CloseHandle (hObject=0x150) returned 1 [0114.365] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533d01 | out: pbBuffer=0xc000533d01) returned 1 [0114.365] VirtualAlloc (lpAddress=0xc00038a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00038a000 [0114.366] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x200 [0114.366] GetConsoleMode (in: hConsoleHandle=0x200, lpMode=0xc000277d64 | out: lpMode=0xc000277d64) returned 0 [0114.367] GetFileType (hFile=0x200) returned 0x1 [0114.367] WriteFile (in: hFile=0x200, lpBuffer=0xc000041760*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000277d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000041760*, lpNumberOfBytesWritten=0xc000277d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.367] CloseHandle (hObject=0x200) returned 1 [0114.369] VirtualAlloc (lpAddress=0xc00038c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00038c000 [0114.370] VirtualAlloc (lpAddress=0xc00038e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00038e000 [0114.370] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBkwUr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbkwur[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBkwUr[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbkwur[1].png"), dwFlags=0x1) returned 1 [0114.718] SwitchToThread () returned 1 [0114.719] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0114.724] SetEvent (hEvent=0x1f8) returned 1 [0114.724] GetFileType (hFile=0x150) returned 0x1 [0114.724] WriteFile (in: hFile=0x150, lpBuffer=0xc000054000*, nNumberOfBytesToWrite=0x7a60, lpNumberOfBytesWritten=0xc00018fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesWritten=0xc00018fcec*=0x7a60, lpOverlapped=0x0) returned 1 [0114.727] CloseHandle (hObject=0x150) returned 1 [0114.738] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0114.738] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0114.741] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0114.741] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0114.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0114.742] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00018fd64 | out: lpMode=0xc00018fd64) returned 0 [0114.743] GetFileType (hFile=0x150) returned 0x1 [0114.744] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00018fd4c*=0x158, lpOverlapped=0x0) returned 1 [0114.744] CloseHandle (hObject=0x150) returned 1 [0114.747] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0114.749] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0114.749] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0114.750] SetEvent (hEvent=0xc0) returned 1 [0114.750] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-adition[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-adition[1].js"), dwFlags=0x1) returned 1 [0114.790] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0114.811] SetEvent (hEvent=0x120) returned 1 [0114.811] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0114.886] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0114.909] SetEvent (hEvent=0x12c) returned 1 [0114.910] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0114.910] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0114.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0114.911] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0114.912] GetFileType (hFile=0x1b0) returned 0x1 [0114.912] GetFileType (hFile=0x1b0) returned 0x1 [0114.912] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0114.912] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0114.912] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0114.913] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0114.915] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x1cbf6, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0006ddc04*=0x1c9f6, lpOverlapped=0x0) returned 1 [0114.919] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0002c09f6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002c09f6*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0114.919] CloseHandle (hObject=0x1b0) returned 1 [0114.919] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0114.923] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0114.926] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0114.927] GetFileType (hFile=0x1b0) returned 0x1 [0114.927] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0002fa000*, nNumberOfBytesToWrite=0x1ca00, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002fa000*, lpNumberOfBytesWritten=0xc0006ddcec*=0x1ca00, lpOverlapped=0x0) returned 1 [0114.931] CloseHandle (hObject=0x1b0) returned 1 [0114.932] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001001 | out: pbBuffer=0xc000001001) returned 1 [0114.932] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0114.932] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0114.934] GetFileType (hFile=0x1b0) returned 0x1 [0114.934] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0114.935] CloseHandle (hObject=0x1b0) returned 1 [0114.936] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\cb=gapi[1].loaded_0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-cb=gapi[1].loaded_0"), dwFlags=0x1) returned 1 [0115.092] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0115.092] SetEvent (hEvent=0x120) returned 1 [0115.092] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0115.094] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.101] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0115.101] SetEvent (hEvent=0x120) returned 1 [0115.101] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.108] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.122] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.131] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.147] SetEvent (hEvent=0x1f8) returned 1 [0115.147] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.156] SetEvent (hEvent=0x1f8) returned 1 [0115.157] SetEvent (hEvent=0x1d0) returned 1 [0115.157] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.157] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.157] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.158] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.158] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.158] VirtualFree (lpAddress=0xc00003e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0115.158] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc0006e1818*=0x2) returned 1 [0115.166] SwitchToThread () returned 1 [0115.167] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.183] SetEvent (hEvent=0x120) returned 1 [0115.183] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.195] SetEvent (hEvent=0x120) returned 1 [0115.195] SetEvent (hEvent=0x1d0) returned 1 [0115.195] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x4c000, dwFreeType=0x4000) returned 1 [0115.197] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.197] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.198] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.198] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.198] VirtualFree (lpAddress=0xc000054000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0115.199] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.199] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010050*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0004db818, lpReserved=0x0 | out: lpBuffer=0xc000010050*, lpNumberOfCharsWritten=0xc0004db818*=0x2) returned 1 [0115.203] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.212] SetEvent (hEvent=0x1dc) returned 1 [0115.212] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.213] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0115.214] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x214 [0115.215] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc0004dbcf4 | out: lpMode=0xc0004dbcf4) returned 0 [0115.215] GetFileType (hFile=0x214) returned 0x1 [0115.215] GetFileType (hFile=0x214) returned 0x1 [0115.215] GetFileInformationByHandle (in: hFile=0x214, lpFileInformation=0xc0004dbd44 | out: lpFileInformation=0xc0004dbd44) returned 1 [0115.215] GetFileInformationByHandleEx (in: hFile=0x214, FileInformationClass=0x9, lpFileInformation=0xc0004dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dbd28) returned 1 [0115.215] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0115.217] ReadFile (in: hFile=0x214, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x36ce, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0004dbc04*=0x34ce, lpOverlapped=0x0) returned 1 [0115.223] ReadFile (in: hFile=0x214, lpBuffer=0xc0002a74ce, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a74ce*, lpNumberOfBytesRead=0xc0004dbc04*=0x0, lpOverlapped=0x0) returned 1 [0115.223] CloseHandle (hObject=0x214) returned 1 [0115.223] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0115.223] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0115.224] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0115.227] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc0004dbd04 | out: lpMode=0xc0004dbd04) returned 0 [0115.227] GetFileType (hFile=0x214) returned 0x1 [0115.227] WriteFile (in: hFile=0x214, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x34d0, lpNumberOfBytesWritten=0xc0004dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc0004dbcec*=0x34d0, lpOverlapped=0x0) returned 1 [0115.228] CloseHandle (hObject=0x214) returned 1 [0115.229] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0115.229] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0115.230] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0115.230] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc0004dbd64 | out: lpMode=0xc0004dbd64) returned 0 [0115.231] GetFileType (hFile=0x214) returned 0x1 [0115.231] WriteFile (in: hFile=0x214, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0004dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0115.231] CloseHandle (hObject=0x214) returned 1 [0115.231] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\f[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\f[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-f[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-f[1].txt"), dwFlags=0x1) returned 1 [0115.259] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0115.259] SetEvent (hEvent=0x1dc) returned 1 [0115.259] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.261] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.266] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0115.266] SetEvent (hEvent=0x12c) returned 1 [0115.266] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.272] SetEvent (hEvent=0x1dc) returned 1 [0115.272] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.295] SetEvent (hEvent=0x1d0) returned 1 [0115.295] VirtualFree (lpAddress=0xc00025a000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0115.296] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0115.296] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0115.297] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0115.297] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.297] VirtualFree (lpAddress=0xc00006a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0115.298] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.298] VirtualFree (lpAddress=0xc000050000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0115.299] VirtualFree (lpAddress=0xc00003e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0115.299] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.299] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0006dd818*=0x2) returned 1 [0115.303] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.306] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0115.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0115.307] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004dfcf4 | out: lpMode=0xc0004dfcf4) returned 0 [0115.308] GetFileType (hFile=0x1b0) returned 0x1 [0115.308] GetFileType (hFile=0x1b0) returned 0x1 [0115.308] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0004dfd44 | out: lpFileInformation=0xc0004dfd44) returned 1 [0115.308] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0004dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dfd28) returned 1 [0115.308] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0115.308] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0115.309] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000040000, nNumberOfBytesToRead=0x267, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesRead=0xc0004dfc04*=0x67, lpOverlapped=0x0) returned 1 [0115.312] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000040067, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000040067*, lpNumberOfBytesRead=0xc0004dfc04*=0x0, lpOverlapped=0x0) returned 1 [0115.312] CloseHandle (hObject=0x1b0) returned 1 [0115.312] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0115.312] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0115.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0115.318] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc0004dfd04 | out: lpMode=0xc0004dfd04) returned 0 [0115.321] GetFileType (hFile=0x210) returned 0x1 [0115.321] WriteFile (in: hFile=0x210, lpBuffer=0xc000130070*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0xc0004dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000130070*, lpNumberOfBytesWritten=0xc0004dfcec*=0x70, lpOverlapped=0x0) returned 1 [0115.322] CloseHandle (hObject=0x210) returned 1 [0115.322] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0115.337] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0115.338] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0115.338] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0115.339] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0115.339] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc0004dfd64 | out: lpMode=0xc0004dfd64) returned 0 [0115.340] GetFileType (hFile=0x210) returned 0x1 [0115.340] WriteFile (in: hFile=0x210, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0004dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0115.340] CloseHandle (hObject=0x210) returned 1 [0115.345] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\tecjslog[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-tecjslog[1].png"), dwFlags=0x1) returned 1 [0115.393] SetEvent (hEvent=0xc0) returned 1 [0115.393] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0115.393] SetEvent (hEvent=0x120) returned 1 [0115.393] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0115.394] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.397] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.399] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0115.399] SetEvent (hEvent=0x198) returned 1 [0115.399] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.403] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.421] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.435] SetEvent (hEvent=0x12c) returned 1 [0115.435] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.443] SetEvent (hEvent=0x12c) returned 1 [0115.444] SetEvent (hEvent=0x1d0) returned 1 [0115.444] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0115.444] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0115.445] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.445] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010148*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001d3818, lpReserved=0x0 | out: lpBuffer=0xc000010148*, lpNumberOfCharsWritten=0xc0001d3818*=0x2) returned 1 [0115.447] SwitchToThread () returned 1 [0115.449] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.497] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.512] SetEvent (hEvent=0x120) returned 1 [0115.512] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0115.512] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x214 [0115.513] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc0000f3cf4 | out: lpMode=0xc0000f3cf4) returned 0 [0115.526] GetFileType (hFile=0x214) returned 0x1 [0115.526] GetFileType (hFile=0x214) returned 0x1 [0115.526] GetFileInformationByHandle (in: hFile=0x214, lpFileInformation=0xc0000f3d44 | out: lpFileInformation=0xc0000f3d44) returned 1 [0115.526] GetFileInformationByHandleEx (in: hFile=0x214, FileInformationClass=0x9, lpFileInformation=0xc0000f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f3d28) returned 1 [0115.526] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0115.527] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0115.527] ReadFile (in: hFile=0x214, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x34d, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc0000f3c04*=0x14d, lpOverlapped=0x0) returned 1 [0115.534] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.541] ReadFile (in: hFile=0x214, lpBuffer=0xc00009414d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00009414d*, lpNumberOfBytesRead=0xc0000f3c04*=0x0, lpOverlapped=0x0) returned 1 [0115.541] CloseHandle (hObject=0x214) returned 1 [0115.541] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0115.542] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0115.542] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0115.543] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc0000f3d04 | out: lpMode=0xc0000f3d04) returned 0 [0115.544] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.546] SetEvent (hEvent=0x1f8) returned 1 [0115.546] GetFileType (hFile=0x214) returned 0x1 [0115.546] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.555] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0115.556] WriteFile (in: hFile=0x214, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0xc0000f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0000f3cec*=0x150, lpOverlapped=0x0) returned 1 [0115.557] CloseHandle (hObject=0x214) returned 1 [0115.557] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0115.558] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0115.558] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0115.558] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0115.558] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0115.559] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0115.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0115.559] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc0000f3d64 | out: lpMode=0xc0000f3d64) returned 0 [0115.568] GetFileType (hFile=0x214) returned 0x1 [0115.568] WriteFile (in: hFile=0x214, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0000f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0115.569] CloseHandle (hObject=0x214) returned 1 [0115.569] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0115.569] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3DGHW[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3dghw[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-AA3DGHW[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-aa3dghw[1].png"), dwFlags=0x1) returned 1 [0115.571] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0115.571] SetEvent (hEvent=0x1dc) returned 1 [0115.571] SetEvent (hEvent=0x198) returned 1 [0115.571] SetEvent (hEvent=0x1c4) returned 1 [0115.572] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.578] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.578] SetEvent (hEvent=0x9c) returned 1 [0115.578] SetEvent (hEvent=0xf4) returned 1 [0115.578] SetEvent (hEvent=0x8c) returned 1 [0115.578] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.579] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.579] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.580] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.580] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0115.580] SetEvent (hEvent=0xc0) returned 1 [0115.580] SetEvent (hEvent=0x12c) returned 1 [0115.580] SetEvent (hEvent=0x120) returned 1 [0115.580] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.581] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.581] SetEvent (hEvent=0xb8) returned 1 [0115.581] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.607] SetEvent (hEvent=0x198) returned 1 [0115.607] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.614] SetEvent (hEvent=0x1dc) returned 1 [0115.614] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.620] SetEvent (hEvent=0x120) returned 1 [0115.620] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.625] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x204 [0115.625] GetConsoleMode (in: hConsoleHandle=0x204, lpMode=0xc00029dcf4 | out: lpMode=0xc00029dcf4) returned 0 [0115.626] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.644] GetFileType (hFile=0x204) returned 0x1 [0115.644] GetFileType (hFile=0x204) returned 0x1 [0115.644] GetFileInformationByHandle (in: hFile=0x204, lpFileInformation=0xc00029dd44 | out: lpFileInformation=0xc00029dd44) returned 1 [0115.644] GetFileInformationByHandleEx (in: hFile=0x204, FileInformationClass=0x9, lpFileInformation=0xc00029dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029dd28) returned 1 [0115.644] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0115.644] ReadFile (in: hFile=0x204, lpBuffer=0xc000186000, nNumberOfBytesToRead=0x4c0, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000186000*, lpNumberOfBytesRead=0xc00029dc04*=0x2c0, lpOverlapped=0x0) returned 1 [0115.651] ReadFile (in: hFile=0x204, lpBuffer=0xc0001862c0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001862c0*, lpNumberOfBytesRead=0xc00029dc04*=0x0, lpOverlapped=0x0) returned 1 [0115.651] CloseHandle (hObject=0x204) returned 1 [0115.651] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0115.651] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0115.667] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.755] GetConsoleMode (in: hConsoleHandle=0x1f0, lpMode=0xc00029dd04 | out: lpMode=0xc00029dd04) returned 0 [0115.797] GetFileType (hFile=0x1f0) returned 0x1 [0115.797] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0115.798] WriteFile (in: hFile=0x1f0, lpBuffer=0xc000198000*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0xc00029dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000198000*, lpNumberOfBytesWritten=0xc00029dcec*=0x2d0, lpOverlapped=0x0) returned 1 [0115.799] CloseHandle (hObject=0x1f0) returned 1 [0115.808] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0115.944] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028bd01 | out: pbBuffer=0xc00028bd01) returned 1 [0115.944] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x200 [0115.944] GetConsoleMode (in: hConsoleHandle=0x200, lpMode=0xc00029dd64 | out: lpMode=0xc00029dd64) returned 0 [0115.945] GetFileType (hFile=0x200) returned 0x1 [0115.946] WriteFile (in: hFile=0x200, lpBuffer=0xc0002d06e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002d06e0*, lpNumberOfBytesWritten=0xc00029dd4c*=0x158, lpOverlapped=0x0) returned 1 [0115.946] CloseHandle (hObject=0x200) returned 1 [0115.950] VirtualAlloc (lpAddress=0xc0002f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f0000 [0115.951] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BB5zDwX[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bb5zdwx[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BB5zDwX[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bb5zdwx[1].png"), dwFlags=0x1) returned 1 [0116.567] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0116.567] SetEvent (hEvent=0x304) returned 1 [0116.567] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0116.569] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.570] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0116.570] SetEvent (hEvent=0x304) returned 1 [0116.570] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.572] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0116.595] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0116.600] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0116.602] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0116.603] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0116.608] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0116.610] SetEvent (hEvent=0x144) returned 1 [0116.610] SetEvent (hEvent=0x208) returned 1 [0116.610] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0117.487] SetEvent (hEvent=0x35c) returned 1 [0117.487] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0117.498] GetFileType (hFile=0x2b4) returned 0x1 [0117.498] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000a4000*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0xc0002a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a4000*, lpNumberOfBytesWritten=0xc0002a1cec*=0x230, lpOverlapped=0x0) returned 1 [0117.499] CloseHandle (hObject=0x2b4) returned 1 [0117.508] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0117.624] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0117.624] VirtualAlloc (lpAddress=0xc00036a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036a000 [0117.625] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0117.625] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc0002a1d64 | out: lpMode=0xc0002a1d64) returned 0 [0117.626] GetFileType (hFile=0x3bc) returned 0x1 [0117.627] WriteFile (in: hFile=0x3bc, lpBuffer=0xc00036a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00036a2c0*, lpNumberOfBytesWritten=0xc0002a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.627] CloseHandle (hObject=0x3bc) returned 1 [0117.632] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBaK3Nm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbak3nm[1].png"), dwFlags=0x1) returned 1 [0118.080] SwitchToThread () returned 1 [0118.081] SetEvent (hEvent=0x274) returned 1 [0118.081] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0118.083] SetEvent (hEvent=0x274) returned 1 [0118.083] SetEvent (hEvent=0x9c) returned 1 [0118.083] SetEvent (hEvent=0x258) returned 1 [0118.083] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0119.022] GetFileType (hFile=0x174) returned 0x1 [0119.023] WriteFile (in: hFile=0x174, lpBuffer=0xc0001b0000*, nNumberOfBytesToWrite=0x3e10, lpNumberOfBytesWritten=0xc00018bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001b0000*, lpNumberOfBytesWritten=0xc00018bcec*=0x3e10, lpOverlapped=0x0) returned 1 [0119.025] CloseHandle (hObject=0x174) returned 1 [0119.029] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0801 | out: pbBuffer=0xc0002f0801) returned 1 [0119.029] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0119.029] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00018bd64 | out: lpMode=0xc00018bd64) returned 0 [0119.032] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0119.119] GetFileType (hFile=0x174) returned 0x1 [0119.119] WriteFile (in: hFile=0x174, lpBuffer=0xc0001c0000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0000*, lpNumberOfBytesWritten=0xc00018bd4c*=0x158, lpOverlapped=0x0) returned 1 [0119.119] CloseHandle (hObject=0x174) returned 1 [0119.123] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0119.181] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbveow[1].jpg"), dwFlags=0x1) returned 1 [0119.894] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0119.897] SwitchToThread () returned 1 [0119.898] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0119.901] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.223] SetEvent (hEvent=0x258) returned 1 [0120.223] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.227] SetEvent (hEvent=0x364) returned 1 [0120.227] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.230] SetEvent (hEvent=0x39c) returned 1 [0120.230] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.281] SetEvent (hEvent=0x258) returned 1 [0120.281] SwitchToThread () returned 1 [0120.285] SetEvent (hEvent=0x258) returned 1 [0120.285] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.304] SetEvent (hEvent=0x258) returned 1 [0120.304] SetEvent (hEvent=0x39c) returned 1 [0120.304] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.304] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0120.305] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0120.306] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000155cf4 | out: lpMode=0xc000155cf4) returned 0 [0120.313] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.331] GetFileType (hFile=0x2bc) returned 0x1 [0120.331] GetFileType (hFile=0x2bc) returned 0x1 [0120.331] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000155d44 | out: lpFileInformation=0xc000155d44) returned 1 [0120.331] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000155d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000155d28) returned 1 [0120.331] VirtualAlloc (lpAddress=0xc000292000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0120.333] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000292000, nNumberOfBytesToRead=0x27f6, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc000292000*, lpNumberOfBytesRead=0xc000155c04*=0x25f6, lpOverlapped=0x0) returned 1 [0120.344] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0002945f6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002945f6*, lpNumberOfBytesRead=0xc000155c04*=0x0, lpOverlapped=0x0) returned 1 [0120.344] CloseHandle (hObject=0x2bc) returned 1 [0120.344] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0120.344] VirtualAlloc (lpAddress=0xc0002b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b8000 [0120.345] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0120.346] VirtualAlloc (lpAddress=0xc0002ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ba000 [0120.347] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0120.348] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0120.349] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000155d04 | out: lpMode=0xc000155d04) returned 0 [0120.351] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.374] GetFileType (hFile=0x2bc) returned 0x1 [0120.374] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0002e2000*, nNumberOfBytesToWrite=0x2600, lpNumberOfBytesWritten=0xc000155cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesWritten=0xc000155cec*=0x2600, lpOverlapped=0x0) returned 1 [0120.376] CloseHandle (hObject=0x2bc) returned 1 [0120.376] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0120.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0120.376] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000155d64 | out: lpMode=0xc000155d64) returned 0 [0120.381] GetFileType (hFile=0x2bc) returned 0x1 [0120.381] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0001866e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000155d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001866e0*, lpNumberOfBytesWritten=0xc000155d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.382] CloseHandle (hObject=0x2bc) returned 1 [0120.382] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEgD9f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbegd9f[1].jpg"), dwFlags=0x1) returned 1 [0120.383] SetEvent (hEvent=0x3c0) returned 1 [0120.383] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.470] SetEvent (hEvent=0x9c) returned 1 [0120.470] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d8 [0120.481] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc000159cf4 | out: lpMode=0xc000159cf4) returned 0 [0120.483] GetFileType (hFile=0x2d8) returned 0x1 [0120.483] GetFileType (hFile=0x2d8) returned 0x1 [0120.483] GetFileInformationByHandle (in: hFile=0x2d8, lpFileInformation=0xc000159d44 | out: lpFileInformation=0xc000159d44) returned 1 [0120.483] GetFileInformationByHandleEx (in: hFile=0x2d8, FileInformationClass=0x9, lpFileInformation=0xc000159d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000159d28) returned 1 [0120.483] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0120.484] ReadFile (in: hFile=0x2d8, lpBuffer=0xc0000bc000, nNumberOfBytesToRead=0x598, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc000*, lpNumberOfBytesRead=0xc000159c04*=0x398, lpOverlapped=0x0) returned 1 [0120.492] ReadFile (in: hFile=0x2d8, lpBuffer=0xc0000bc398, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc398*, lpNumberOfBytesRead=0xc000159c04*=0x0, lpOverlapped=0x0) returned 1 [0120.492] CloseHandle (hObject=0x2d8) returned 1 [0120.492] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0120.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0120.595] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000159d04 | out: lpMode=0xc000159d04) returned 0 [0120.598] GetFileType (hFile=0x36c) returned 0x1 [0120.598] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0xc000159cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc000159cec*=0x3a0, lpOverlapped=0x0) returned 1 [0120.599] CloseHandle (hObject=0x36c) returned 1 [0120.606] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.619] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000083d01 | out: pbBuffer=0xc000083d01) returned 1 [0120.619] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0120.619] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000159d64 | out: lpMode=0xc000159d64) returned 0 [0120.620] GetFileType (hFile=0x36c) returned 0x1 [0120.621] WriteFile (in: hFile=0x36c, lpBuffer=0xc000186dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000159d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000186dc0*, lpNumberOfBytesWritten=0xc000159d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.621] CloseHandle (hObject=0x36c) returned 1 [0120.628] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.648] VirtualAlloc (lpAddress=0xc000282000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000282000 [0120.648] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBndhJA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbndhja[1].png"), dwFlags=0x1) returned 1 [0120.898] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.902] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0120.902] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0002a1cf4 | out: lpMode=0xc0002a1cf4) returned 0 [0120.903] GetFileType (hFile=0x370) returned 0x1 [0120.903] GetFileType (hFile=0x370) returned 0x1 [0120.903] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc0002a1d44 | out: lpFileInformation=0xc0002a1d44) returned 1 [0120.903] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc0002a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a1d28) returned 1 [0120.903] ReadFile (in: hFile=0x370, lpBuffer=0xc00050d980, nNumberOfBytesToRead=0x1822, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesRead=0xc0002a1c04*=0x1622, lpOverlapped=0x0) returned 1 [0120.906] ReadFile (in: hFile=0x370, lpBuffer=0xc00050efa2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00050efa2*, lpNumberOfBytesRead=0xc0002a1c04*=0x0, lpOverlapped=0x0) returned 1 [0120.906] CloseHandle (hObject=0x370) returned 1 [0120.906] SwitchToThread () returned 1 [0120.909] VirtualAlloc (lpAddress=0xc000318000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000318000 [0120.909] VirtualAlloc (lpAddress=0xc000330000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000330000 [0120.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0120.930] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0002a1d04 | out: lpMode=0xc0002a1d04) returned 0 [0120.931] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.932] SetEvent (hEvent=0x12c) returned 1 [0120.932] GetFileType (hFile=0x1ec) returned 0x1 [0120.932] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.934] SetEvent (hEvent=0x12c) returned 1 [0120.934] WriteFile (in: hFile=0x1ec, lpBuffer=0xc000330000*, nNumberOfBytesToWrite=0x1630, lpNumberOfBytesWritten=0xc0002a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000330000*, lpNumberOfBytesWritten=0xc0002a1cec*=0x1630, lpOverlapped=0x0) returned 1 [0120.935] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.937] CloseHandle (hObject=0x1ec) returned 1 [0120.939] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.941] SetEvent (hEvent=0x12c) returned 1 [0120.941] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.942] SetEvent (hEvent=0x12c) returned 1 [0120.942] SetEvent (hEvent=0x3c0) returned 1 [0120.942] SetEvent (hEvent=0x114) returned 1 [0120.942] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.968] SetEvent (hEvent=0x30c) returned 1 [0120.968] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.972] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0120.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0120.974] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000031cf4 | out: lpMode=0xc000031cf4) returned 0 [0120.976] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0120.983] GetFileType (hFile=0x2bc) returned 0x1 [0120.983] GetFileType (hFile=0x2bc) returned 0x1 [0120.984] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000031d44 | out: lpFileInformation=0xc000031d44) returned 1 [0120.984] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000031d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000031d28) returned 1 [0120.984] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0120.985] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0120.985] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000040000, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesRead=0xc000031c04*=0x43, lpOverlapped=0x0) returned 1 [0120.986] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000040043, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040043*, lpNumberOfBytesRead=0xc000031c04*=0x0, lpOverlapped=0x0) returned 1 [0120.986] CloseHandle (hObject=0x2bc) returned 1 [0120.986] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0120.987] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0120.988] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0120.988] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.028] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini\\*", lpFindFileData=0xc000031a08 | out: lpFindFileData=0xc000031a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0121.028] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000031720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0121.028] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0121.029] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000052280*, nNumberOfCharsToWrite=0x94, lpNumberOfCharsWritten=0xc000031808, lpReserved=0x0 | out: lpBuffer=0xc000052280*, lpNumberOfCharsWritten=0xc000031808*=0x94) returned 1 [0121.032] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000f01 | out: pbBuffer=0xc000000f01) returned 1 [0121.032] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0121.033] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0121.034] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000031d64 | out: lpMode=0xc000031d64) returned 0 [0121.034] GetFileType (hFile=0x1ec) returned 0x1 [0121.034] WriteFile (in: hFile=0x1ec, lpBuffer=0xc000056b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000031d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000056b00*, lpNumberOfBytesWritten=0xc000031d4c*=0x158, lpOverlapped=0x0) returned 1 [0121.035] CloseHandle (hObject=0x1ec) returned 1 [0121.035] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0121.132] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.133] SetEvent (hEvent=0x1a0) returned 1 [0121.133] SetEvent (hEvent=0x3c0) returned 1 [0121.133] VirtualFree (lpAddress=0xc0002c6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.133] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.134] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.134] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.135] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.135] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0121.135] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.136] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863a0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000115818, lpReserved=0x0 | out: lpBuffer=0xc0005863a0*, lpNumberOfCharsWritten=0xc000115818*=0x2) returned 1 [0121.137] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.140] SetEvent (hEvent=0x1a0) returned 1 [0121.141] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.147] SetEvent (hEvent=0x1a0) returned 1 [0121.147] SetEvent (hEvent=0x354) returned 1 [0121.148] VirtualFree (lpAddress=0xc000298000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.148] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.148] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863b0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000031818, lpReserved=0x0 | out: lpBuffer=0xc0005863b0*, lpNumberOfCharsWritten=0xc000031818*=0x2) returned 1 [0121.149] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.158] SetEvent (hEvent=0x1b4) returned 1 [0121.158] SetEvent (hEvent=0x354) returned 1 [0121.158] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0121.159] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001d5cf4 | out: lpMode=0xc0001d5cf4) returned 0 [0121.159] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0121.160] GetFileType (hFile=0x2bc) returned 0x1 [0121.160] GetFileType (hFile=0x2bc) returned 0x1 [0121.160] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0001d5d44 | out: lpFileInformation=0xc0001d5d44) returned 1 [0121.160] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0001d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d5d28) returned 1 [0121.160] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0121.161] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0121.162] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0xb72, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc0001d5c04*=0x972, lpOverlapped=0x0) returned 1 [0121.177] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.182] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000fa972, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa972*, lpNumberOfBytesRead=0xc0001d5c04*=0x0, lpOverlapped=0x0) returned 1 [0121.182] CloseHandle (hObject=0x2bc) returned 1 [0121.182] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0121.183] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0121.184] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0121.184] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.191] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001d5d04 | out: lpMode=0xc0001d5d04) returned 0 [0121.192] GetFileType (hFile=0x1b0) returned 0x1 [0121.192] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00007a000*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0xc0001d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesWritten=0xc0001d5cec*=0x980, lpOverlapped=0x0) returned 1 [0121.193] CloseHandle (hObject=0x1b0) returned 1 [0121.193] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0121.194] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.194] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001d5d64 | out: lpMode=0xc0001d5d64) returned 0 [0121.196] GetFileType (hFile=0x1b0) returned 0x1 [0121.196] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0001d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0121.196] CloseHandle (hObject=0x1b0) returned 1 [0121.198] MoveFileExW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]"), dwFlags=0x1) returned 1 [0121.262] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0121.262] SetEvent (hEvent=0x1b4) returned 1 [0121.263] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.264] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.264] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0121.264] SetEvent (hEvent=0x1b4) returned 1 [0121.264] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.270] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.270] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.301] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.308] SetEvent (hEvent=0x30c) returned 1 [0121.308] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.312] SetEvent (hEvent=0x30c) returned 1 [0121.313] SetEvent (hEvent=0x354) returned 1 [0121.313] VirtualFree (lpAddress=0xc00010c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0121.313] VirtualFree (lpAddress=0xc00004e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.314] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002a1818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0002a1818*=0x2) returned 1 [0121.318] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.327] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.332] SetEvent (hEvent=0x3c0) returned 1 [0121.332] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.335] SetEvent (hEvent=0x3c0) returned 1 [0121.335] SetEvent (hEvent=0x30c) returned 1 [0121.335] VirtualFree (lpAddress=0xc0001e2000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0121.336] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0121.337] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.337] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.338] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.338] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010050*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000031818, lpReserved=0x0 | out: lpBuffer=0xc000010050*, lpNumberOfCharsWritten=0xc000031818*=0x2) returned 1 [0121.341] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.350] SetEvent (hEvent=0x1b4) returned 1 [0121.350] SetEvent (hEvent=0x30c) returned 1 [0121.350] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\msn[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\msn[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0121.351] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001f7cf4 | out: lpMode=0xc0001f7cf4) returned 0 [0121.352] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.356] GetFileType (hFile=0x1ec) returned 0x1 [0121.356] GetFileType (hFile=0x1ec) returned 0x1 [0121.356] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc0001f7d44 | out: lpFileInformation=0xc0001f7d44) returned 1 [0121.356] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc0001f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f7d28) returned 1 [0121.356] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0121.356] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0121.357] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00010c000, nNumberOfBytesToRead=0xb22, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00010c000*, lpNumberOfBytesRead=0xc0001f7c04*=0x922, lpOverlapped=0x0) returned 1 [0121.363] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00010c922, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00010c922*, lpNumberOfBytesRead=0xc0001f7c04*=0x0, lpOverlapped=0x0) returned 1 [0121.363] CloseHandle (hObject=0x1ec) returned 1 [0121.363] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0121.364] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0121.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\msn[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\msn[1].htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0121.367] SetEvent (hEvent=0xc0) returned 1 [0121.367] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001f7d04 | out: lpMode=0xc0001f7d04) returned 0 [0121.367] GetFileType (hFile=0x1ec) returned 0x1 [0121.367] WriteFile (in: hFile=0x1ec, lpBuffer=0xc00005a000*, nNumberOfBytesToWrite=0x930, lpNumberOfBytesWritten=0xc0001f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesWritten=0xc0001f7cec*=0x930, lpOverlapped=0x0) returned 1 [0121.368] CloseHandle (hObject=0x1ec) returned 1 [0121.369] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0121.369] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0121.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\msn[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\msn[1].htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0121.370] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001f7d64 | out: lpMode=0xc0001f7d64) returned 0 [0121.371] GetFileType (hFile=0x1ec) returned 0x1 [0121.371] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0121.371] CloseHandle (hObject=0x1ec) returned 1 [0121.371] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\msn[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\msn[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-msn[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-msn[1].htm"), dwFlags=0x1) returned 1 [0121.445] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.446] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0121.446] SetEvent (hEvent=0xc0) returned 1 [0121.446] SetEvent (hEvent=0x354) returned 1 [0121.446] SetEvent (hEvent=0x1b4) returned 1 [0121.447] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.449] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.449] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0121.449] SetEvent (hEvent=0x1b4) returned 1 [0121.449] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.453] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.473] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.495] SetEvent (hEvent=0x1b4) returned 1 [0121.495] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.577] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\v2[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-v2[1]"), dwFlags=0x1) returned 1 [0121.578] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.579] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0121.579] SetEvent (hEvent=0xc0) returned 1 [0121.580] SetEvent (hEvent=0x114) returned 1 [0121.580] SetEvent (hEvent=0x3c8) returned 1 [0121.580] SetEvent (hEvent=0x320) returned 1 [0121.580] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0121.581] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.595] SetEvent (hEvent=0x320) returned 1 [0121.645] SetEvent (hEvent=0x3c8) returned 1 [0121.645] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.664] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.664] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0121.664] SetEvent (hEvent=0x1b4) returned 1 [0121.664] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.675] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.676] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0121.676] SetEvent (hEvent=0xc0) returned 1 [0121.676] SetEvent (hEvent=0x1a0) returned 1 [0121.676] SetEvent (hEvent=0x3c0) returned 1 [0121.677] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.680] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.681] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0121.681] SetEvent (hEvent=0x1a0) returned 1 [0121.681] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.694] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.694] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0121.694] SetEvent (hEvent=0xc0) returned 1 [0121.694] SetEvent (hEvent=0x1b4) returned 1 [0121.694] SetEvent (hEvent=0x3c0) returned 1 [0121.695] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.698] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.702] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0121.702] SetEvent (hEvent=0x1b4) returned 1 [0121.702] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.714] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.715] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0121.715] SetEvent (hEvent=0xc0) returned 1 [0121.715] SetEvent (hEvent=0x3c0) returned 1 [0121.715] SetEvent (hEvent=0x13c) returned 1 [0121.716] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.717] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.717] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.738] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0121.738] SetEvent (hEvent=0x3c0) returned 1 [0121.738] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.799] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.799] GetFileType (hFile=0x1b0) returned 0x1 [0121.799] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0121.800] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0121.800] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00036c000*, nNumberOfBytesToWrite=0x24ff0, lpNumberOfBytesWritten=0xc00020fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00036c000*, lpNumberOfBytesWritten=0xc00020fcec*=0x24ff0, lpOverlapped=0x0) returned 1 [0121.805] CloseHandle (hObject=0x1b0) returned 1 [0121.805] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0121.806] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0121.806] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0121.806] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0121.807] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0121.807] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0121.808] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0121.808] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0121.809] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0121.809] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\wc-addons[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\wc-addons[1].css"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.810] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00020fd64 | out: lpMode=0xc00020fd64) returned 0 [0121.813] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0121.835] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0122.184] SetEvent (hEvent=0x1a0) returned 1 [0122.184] SetEvent (hEvent=0x13c) returned 1 [0122.184] SetEvent (hEvent=0x3c0) returned 1 [0122.184] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0122.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0122.243] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc00020dcf4 | out: lpMode=0xc00020dcf4) returned 0 [0122.244] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0122.286] GetFileType (hFile=0x3d8) returned 0x1 [0122.286] GetFileType (hFile=0x3d8) returned 0x1 [0122.286] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc00020dd44 | out: lpFileInformation=0xc00020dd44) returned 1 [0122.287] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc00020dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020dd28) returned 1 [0122.287] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000104300, nNumberOfBytesToRead=0x2ff, lpNumberOfBytesRead=0xc00020dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000104300*, lpNumberOfBytesRead=0xc00020dc04*=0xff, lpOverlapped=0x0) returned 1 [0122.288] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0001043ff, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001043ff*, lpNumberOfBytesRead=0xc00020dc04*=0x0, lpOverlapped=0x0) returned 1 [0122.288] CloseHandle (hObject=0x3d8) returned 1 [0122.288] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0122.289] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc00020dd04 | out: lpMode=0xc00020dd04) returned 0 [0122.291] GetFileType (hFile=0x3d8) returned 0x1 [0122.291] WriteFile (in: hFile=0x3d8, lpBuffer=0xc00028a200*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc00020dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00028a200*, lpNumberOfBytesWritten=0xc00020dcec*=0x100, lpOverlapped=0x0) returned 1 [0122.291] CloseHandle (hObject=0x3d8) returned 1 [0122.292] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a301 | out: pbBuffer=0xc00028a301) returned 1 [0122.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0122.292] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc00020dd64 | out: lpMode=0xc00020dd64) returned 0 [0122.294] GetFileType (hFile=0x3d8) returned 0x1 [0122.294] WriteFile (in: hFile=0x3d8, lpBuffer=0xc00019ab00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00019ab00*, lpNumberOfBytesWritten=0xc00020dd4c*=0x158, lpOverlapped=0x0) returned 1 [0122.295] CloseHandle (hObject=0x3d8) returned 1 [0122.295] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0122.295] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0122.296] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-bears.htm"), dwFlags=0x1) returned 1 [0122.297] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.297] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0122.297] SetEvent (hEvent=0xc0) returned 1 [0122.298] SetEvent (hEvent=0x39c) returned 1 [0122.298] SetEvent (hEvent=0x324) returned 1 [0122.298] SetEvent (hEvent=0x114) returned 1 [0122.298] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.302] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0122.302] SetEvent (hEvent=0x3c4) returned 1 [0122.302] SetEvent (hEvent=0x258) returned 1 [0122.302] SetEvent (hEvent=0x334) returned 1 [0122.302] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.304] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.304] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0122.304] SetEvent (hEvent=0x1a0) returned 1 [0122.304] SetEvent (hEvent=0x30c) returned 1 [0122.304] SetEvent (hEvent=0x13c) returned 1 [0122.305] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.308] VirtualFree (lpAddress=0xc000800000, dwSize=0x2ec000, dwFreeType=0x4000) returned 1 [0122.323] VirtualFree (lpAddress=0xc0006ea000, dwSize=0x116000, dwFreeType=0x4000) returned 1 [0122.329] VirtualFree (lpAddress=0xc000202000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.330] VirtualFree (lpAddress=0xc0001e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0122.330] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.330] VirtualFree (lpAddress=0xc000182000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0122.330] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0122.331] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.331] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0122.331] VirtualFree (lpAddress=0xc000110000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.332] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0122.332] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.332] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.333] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.333] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0122.333] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0122.333] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.334] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.334] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.334] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.334] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.335] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0122.335] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.335] SetEvent (hEvent=0x354) returned 1 [0122.335] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0122.347] SetEvent (hEvent=0x354) returned 1 [0122.347] SetEvent (hEvent=0xec) returned 1 [0122.347] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0122.354] SetEvent (hEvent=0x354) returned 1 [0122.354] SetEvent (hEvent=0x114) returned 1 [0122.354] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0122.359] SetEvent (hEvent=0x3c8) returned 1 [0122.359] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0122.475] SetEvent (hEvent=0x324) returned 1 [0122.475] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0122.489] SetEvent (hEvent=0x12c) returned 1 [0122.489] SetEvent (hEvent=0x3c8) returned 1 [0122.489] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0122.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0122.941] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0000f3cf4 | out: lpMode=0xc0000f3cf4) returned 0 [0122.943] GetFileType (hFile=0x384) returned 0x1 [0122.944] GetFileType (hFile=0x384) returned 0x1 [0122.944] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc0000f3d44 | out: lpFileInformation=0xc0000f3d44) returned 1 [0122.944] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc0000f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f3d28) returned 1 [0122.944] ReadFile (in: hFile=0x384, lpBuffer=0xc000074000, nNumberOfBytesToRead=0x1b06, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000074000*, lpNumberOfBytesRead=0xc0000f3c04*=0x1906, lpOverlapped=0x0) returned 1 [0122.953] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0123.018] ReadFile (in: hFile=0x384, lpBuffer=0xc000075906, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000075906*, lpNumberOfBytesRead=0xc0000f3c04*=0x0, lpOverlapped=0x0) returned 1 [0123.018] CloseHandle (hObject=0x384) returned 1 [0123.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0123.020] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0000f3d04 | out: lpMode=0xc0000f3d04) returned 0 [0123.025] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0123.028] SetEvent (hEvent=0x30c) returned 1 [0123.028] GetFileType (hFile=0x384) returned 0x1 [0123.028] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0123.047] WriteFile (in: hFile=0x384, lpBuffer=0xc00050d980*, nNumberOfBytesToWrite=0x1910, lpNumberOfBytesWritten=0xc0000f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesWritten=0xc0000f3cec*=0x1910, lpOverlapped=0x0) returned 1 [0123.049] CloseHandle (hObject=0x384) returned 1 [0123.049] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0123.049] SetEvent (hEvent=0x354) returned 1 [0123.049] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0123.193] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0123.226] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0123.228] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0123.229] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00016fd04 | out: lpMode=0xc00016fd04) returned 0 [0123.261] GetFileType (hFile=0x2e8) returned 0x1 [0123.261] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0001e4000*, nNumberOfBytesToWrite=0x27d0, lpNumberOfBytesWritten=0xc00016fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e4000*, lpNumberOfBytesWritten=0xc00016fcec*=0x27d0, lpOverlapped=0x0) returned 1 [0123.263] CloseHandle (hObject=0x2e8) returned 1 [0123.263] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0401 | out: pbBuffer=0xc0002f0401) returned 1 [0123.263] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0123.264] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0123.264] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00016fd64 | out: lpMode=0xc00016fd64) returned 0 [0123.268] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0123.292] GetFileType (hFile=0x2e8) returned 0x1 [0123.293] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000dc840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00016fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc840*, lpNumberOfBytesWritten=0xc00016fd4c*=0x158, lpOverlapped=0x0) returned 1 [0123.293] CloseHandle (hObject=0x2e8) returned 1 [0123.293] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\encry-WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\encry-wmsdkns.xml"), dwFlags=0x1) returned 1 [0123.294] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0123.378] SetEvent (hEvent=0x3c0) returned 1 [0123.378] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0123.381] SetEvent (hEvent=0x13c) returned 1 [0123.381] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0123.412] SwitchToThread () returned 1 [0123.458] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0123.486] SetEvent (hEvent=0x324) returned 1 [0123.486] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0123.486] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0123.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0123.488] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000249d04 | out: lpMode=0xc000249d04) returned 0 [0123.520] GetFileType (hFile=0x3d8) returned 0x1 [0123.520] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000160000*, nNumberOfBytesToWrite=0x5f0, lpNumberOfBytesWritten=0xc000249cec, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesWritten=0xc000249cec*=0x5f0, lpOverlapped=0x0) returned 1 [0123.521] CloseHandle (hObject=0x3d8) returned 1 [0123.521] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082c01 | out: pbBuffer=0xc000082c01) returned 1 [0123.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0123.522] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000249d64 | out: lpMode=0xc000249d64) returned 0 [0123.565] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0123.623] GetFileType (hFile=0x3d8) returned 0x1 [0123.623] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000dc840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000249d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc840*, lpNumberOfBytesWritten=0xc000249d4c*=0x158, lpOverlapped=0x0) returned 1 [0123.624] CloseHandle (hObject=0x3d8) returned 1 [0123.624] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0123.625] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\encry-account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\encry-account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), dwFlags=0x1) returned 1 [0123.626] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0123.747] SetEvent (hEvent=0x30c) returned 1 [0123.747] SwitchToThread () returned 1 [0123.752] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0123.752] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-peacock.jpg"), dwFlags=0x1) returned 1 [0123.897] VirtualFree (lpAddress=0xc0002a4000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0123.898] VirtualFree (lpAddress=0xc000294000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.899] VirtualFree (lpAddress=0xc000280000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0123.899] VirtualFree (lpAddress=0xc000264000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.900] VirtualFree (lpAddress=0xc000212000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0123.900] VirtualFree (lpAddress=0xc000202000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.901] VirtualFree (lpAddress=0xc0001e2000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0123.901] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.902] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.902] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.902] VirtualFree (lpAddress=0xc00010e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.903] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.903] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.904] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0123.904] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.904] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.905] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.905] VirtualFree (lpAddress=0xc000072000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0123.906] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.906] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.906] VirtualFree (lpAddress=0xc00004c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0123.907] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0123.908] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc00018dcf4 | out: lpMode=0xc00018dcf4) returned 0 [0123.909] GetFileType (hFile=0x1ec) returned 0x1 [0123.909] GetFileType (hFile=0x1ec) returned 0x1 [0123.909] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc00018dd44 | out: lpFileInformation=0xc00018dd44) returned 1 [0123.909] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc00018dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018dd28) returned 1 [0123.909] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0123.911] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0xa80b, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc00018dc04*=0xa60b, lpOverlapped=0x0) returned 1 [0123.915] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0123.916] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0001ec60b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ec60b*, lpNumberOfBytesRead=0xc00018dc04*=0x0, lpOverlapped=0x0) returned 1 [0123.916] CloseHandle (hObject=0x1ec) returned 1 [0123.916] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0123.917] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0123.918] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0123.919] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0123.920] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc00018dd04 | out: lpMode=0xc00018dd04) returned 0 [0123.921] GetFileType (hFile=0x1ec) returned 0x1 [0123.921] WriteFile (in: hFile=0x1ec, lpBuffer=0xc000212000*, nNumberOfBytesToWrite=0xa610, lpNumberOfBytesWritten=0xc00018dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesWritten=0xc00018dcec*=0xa610, lpOverlapped=0x0) returned 1 [0123.923] CloseHandle (hObject=0x1ec) returned 1 [0123.923] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0123.923] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0123.924] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0123.924] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc00018dd64 | out: lpMode=0xc00018dd64) returned 0 [0123.924] GetFileType (hFile=0x1ec) returned 0x1 [0123.925] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000dc000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesWritten=0xc00018dd4c*=0x158, lpOverlapped=0x0) returned 1 [0123.925] CloseHandle (hObject=0x1ec) returned 1 [0123.925] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\cbd4dd01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\F6\\encry-CBD4Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\f6\\encry-cbd4dd01"), dwFlags=0x1) returned 1 [0123.926] VirtualFree (lpAddress=0xc0002f2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.927] VirtualFree (lpAddress=0xc0002b2000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0123.927] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.927] VirtualFree (lpAddress=0xc000222000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.928] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.929] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.929] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.930] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.930] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0123.930] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.931] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.931] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.931] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0123.932] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0123.933] VirtualAlloc (lpAddress=0xc0008ec000, dwSize=0x202000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0008ec000 [0123.976] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0123.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0123.989] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0000c3d04 | out: lpMode=0xc0000c3d04) returned 0 [0123.990] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0123.994] GetFileType (hFile=0x1ec) returned 0x1 [0123.994] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0008ec000*, nNumberOfBytesToWrite=0x200010, lpNumberOfBytesWritten=0xc0000c3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0008ec000*, lpNumberOfBytesWritten=0xc0000c3cec*=0x200010, lpOverlapped=0x0) returned 1 [0124.053] CloseHandle (hObject=0x1ec) returned 1 [0124.053] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0124.054] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0124.054] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0000c3d64 | out: lpMode=0xc0000c3d64) returned 0 [0124.054] GetFileType (hFile=0x1ec) returned 0x1 [0124.054] WriteFile (in: hFile=0x1ec, lpBuffer=0xc00011c6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c6e0*, lpNumberOfBytesWritten=0xc0000c3d4c*=0x158, lpOverlapped=0x0) returned 1 [0124.055] CloseHandle (hObject=0x1ec) returned 1 [0124.055] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\encry-edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\encry-edb.log"), dwFlags=0x1) returned 1 [0124.056] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0124.058] SetEvent (hEvent=0x114) returned 1 [0124.058] SetEvent (hEvent=0x1a0) returned 1 [0124.058] VirtualFree (lpAddress=0xc000800000, dwSize=0xec000, dwFreeType=0x4000) returned 1 [0124.065] VirtualFree (lpAddress=0xc0006ea000, dwSize=0x116000, dwFreeType=0x4000) returned 1 [0124.072] VirtualFree (lpAddress=0xc00028c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0124.073] VirtualFree (lpAddress=0xc00027c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0124.073] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.073] VirtualFree (lpAddress=0xc000232000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0124.074] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.074] VirtualFree (lpAddress=0xc000220000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.075] VirtualFree (lpAddress=0xc000212000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0124.075] VirtualFree (lpAddress=0xc000204000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0124.076] VirtualFree (lpAddress=0xc0001e2000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0124.077] VirtualFree (lpAddress=0xc0001a2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0124.077] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.078] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.078] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.079] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0124.079] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0124.080] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\encry-UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\encry-usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf"), dwFlags=0x1) returned 0 [0124.080] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc00023f6e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0124.080] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0124.081] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00024e000, nNumberOfBytesToRead=0x2ed, lpNumberOfBytesRead=0xc0001d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00024e000*, lpNumberOfBytesRead=0xc0001d9c04*=0xed, lpOverlapped=0x0) returned 1 [0124.082] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00024e0ed, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00024e0ed*, lpNumberOfBytesRead=0xc0001d9c04*=0x0, lpOverlapped=0x0) returned 1 [0124.083] CloseHandle (hObject=0x2bc) returned 1 [0124.083] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0124.083] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0124.163] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001d9d04 | out: lpMode=0xc0001d9d04) returned 0 [0124.382] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0124.484] SetEvent (hEvent=0x114) returned 1 [0124.484] GetFileType (hFile=0x2bc) returned 0x1 [0124.484] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0124.499] SetEvent (hEvent=0x114) returned 1 [0124.499] SetEvent (hEvent=0xec) returned 1 [0124.499] VirtualFree (lpAddress=0xc000238000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.499] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.499] GetFileType (hFile=0x2b4) returned 0x1 [0124.500] GetFileType (hFile=0x2b4) returned 0x1 [0124.500] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc00014fd44 | out: lpFileInformation=0xc00014fd44) returned 1 [0124.500] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc00014fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014fd28) returned 1 [0124.500] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0124.500] ReadFile (in: hFile=0x2b4, lpBuffer=0xc000058000, nNumberOfBytesToRead=0x8c8, lpNumberOfBytesRead=0xc00014fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesRead=0xc00014fc04*=0x6c8, lpOverlapped=0x0) returned 1 [0124.510] ReadFile (in: hFile=0x2b4, lpBuffer=0xc0000586c8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000586c8*, lpNumberOfBytesRead=0xc00014fc04*=0x0, lpOverlapped=0x0) returned 1 [0124.510] CloseHandle (hObject=0x2b4) returned 1 [0124.510] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0124.511] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0124.511] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0124.512] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0124.513] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc00014fd04 | out: lpMode=0xc00014fd04) returned 0 [0124.518] GetFileType (hFile=0x2b4) returned 0x1 [0124.518] WriteFile (in: hFile=0x2b4, lpBuffer=0xc000072000*, nNumberOfBytesToWrite=0x6d0, lpNumberOfBytesWritten=0xc00014fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfBytesWritten=0xc00014fcec*=0x6d0, lpOverlapped=0x0) returned 1 [0124.519] CloseHandle (hObject=0x2b4) returned 1 [0124.519] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0124.519] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0124.520] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0124.520] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0124.521] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0124.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0124.521] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc00014fd64 | out: lpMode=0xc00014fd64) returned 0 [0124.526] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0124.529] GetFileType (hFile=0x2b4) returned 0x1 [0124.529] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00014fd4c*=0x158, lpOverlapped=0x0) returned 1 [0124.529] CloseHandle (hObject=0x2b4) returned 1 [0124.530] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0124.530] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\encry-account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\encry-account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), dwFlags=0x1) returned 1 [0124.532] SetEvent (hEvent=0x1a0) returned 1 [0124.532] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0126.436] SetEvent (hEvent=0x324) returned 1 [0126.436] SetEvent (hEvent=0x30c) returned 1 [0126.436] SetEvent (hEvent=0x354) returned 1 [0126.436] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0126.437] SetEvent (hEvent=0x324) returned 1 [0126.437] SetEvent (hEvent=0x1b4) returned 1 [0126.437] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0126.593] SetEvent (hEvent=0x324) returned 1 [0126.593] SetEvent (hEvent=0x30c) returned 1 [0126.593] SetEvent (hEvent=0x114) returned 1 [0126.593] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0126.636] SetEvent (hEvent=0x324) returned 1 [0126.636] SetEvent (hEvent=0x114) returned 1 [0126.636] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0126.657] VirtualFree (lpAddress=0xc000800000, dwSize=0x2e6000, dwFreeType=0x4000) returned 1 [0126.678] VirtualFree (lpAddress=0xc0006e4000, dwSize=0x11c000, dwFreeType=0x4000) returned 1 [0126.688] VirtualFree (lpAddress=0xc00028c000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0126.688] VirtualFree (lpAddress=0xc00027c000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0126.689] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.689] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.690] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0126.690] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0126.692] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00023dcf4 | out: lpMode=0xc00023dcf4) returned 0 [0126.700] GetFileType (hFile=0x370) returned 0x1 [0126.700] GetFileType (hFile=0x370) returned 0x1 [0126.700] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc00023dd44 | out: lpFileInformation=0xc00023dd44) returned 1 [0126.700] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc00023dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023dd28) returned 1 [0126.700] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0126.702] ReadFile (in: hFile=0x370, lpBuffer=0xc00027c000, nNumberOfBytesToRead=0x2314, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesRead=0xc00023dc04*=0x2114, lpOverlapped=0x0) returned 1 [0126.777] ReadFile (in: hFile=0x370, lpBuffer=0xc00027e114, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00027e114*, lpNumberOfBytesRead=0xc00023dc04*=0x0, lpOverlapped=0x0) returned 1 [0126.777] CloseHandle (hObject=0x370) returned 1 [0126.777] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0126.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0126.779] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00023dd04 | out: lpMode=0xc00023dd04) returned 0 [0126.780] GetFileType (hFile=0x370) returned 0x1 [0126.780] WriteFile (in: hFile=0x370, lpBuffer=0xc00027e500*, nNumberOfBytesToWrite=0x2120, lpNumberOfBytesWritten=0xc00023dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00027e500*, lpNumberOfBytesWritten=0xc00023dcec*=0x2120, lpOverlapped=0x0) returned 1 [0126.781] CloseHandle (hObject=0x370) returned 1 [0126.782] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0126.782] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0126.782] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0126.783] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0126.783] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0126.784] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0126.785] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0126.785] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0126.786] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0126.786] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0126.787] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0126.788] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0126.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0126.789] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00023dd64 | out: lpMode=0xc00023dd64) returned 0 [0126.791] GetFileType (hFile=0x370) returned 0x1 [0126.791] WriteFile (in: hFile=0x370, lpBuffer=0xc00007e2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e2c0*, lpNumberOfBytesWritten=0xc00023dd4c*=0x158, lpOverlapped=0x0) returned 1 [0126.792] CloseHandle (hObject=0x370) returned 1 [0126.792] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0126.792] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\encry-_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\encry-_cache_map_"), dwFlags=0x1) returned 1 [0126.794] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.794] SwitchToThread () returned 1 [0126.852] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0126.878] SetEvent (hEvent=0x39c) returned 1 [0126.878] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0126.905] SetEvent (hEvent=0x114) returned 1 [0126.905] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.037] SetEvent (hEvent=0x354) returned 1 [0127.037] SetEvent (hEvent=0x324) returned 1 [0127.037] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.046] SetEvent (hEvent=0x354) returned 1 [0127.046] SetEvent (hEvent=0x13c) returned 1 [0127.046] SetEvent (hEvent=0x324) returned 1 [0127.046] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.051] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.051] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.051] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.052] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.052] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.052] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.053] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.053] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.054] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.054] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0127.057] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0001ffcf4 | out: lpMode=0xc0001ffcf4) returned 0 [0127.071] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.086] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.087] SetEvent (hEvent=0x3c8) returned 1 [0127.087] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.098] SetEvent (hEvent=0x354) returned 1 [0127.098] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.099] SetEvent (hEvent=0xec) returned 1 [0127.099] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.101] SetEvent (hEvent=0x3c8) returned 1 [0127.101] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.113] SetEvent (hEvent=0x354) returned 1 [0127.113] SetEvent (hEvent=0x324) returned 1 [0127.113] SetEvent (hEvent=0x3c8) returned 1 [0127.113] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.133] SetEvent (hEvent=0xec) returned 1 [0127.133] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.315] SetEvent (hEvent=0x324) returned 1 [0127.315] SetEvent (hEvent=0x354) returned 1 [0127.315] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.390] SetEvent (hEvent=0x324) returned 1 [0127.390] SetEvent (hEvent=0xec) returned 1 [0127.390] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.420] SetEvent (hEvent=0x324) returned 1 [0127.420] SetEvent (hEvent=0xec) returned 1 [0127.420] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.428] SetEvent (hEvent=0xec) returned 1 [0127.428] VirtualFree (lpAddress=0xc0006e4000, dwSize=0xe6000, dwFreeType=0x4000) returned 1 [0127.434] VirtualFree (lpAddress=0xc00058e000, dwSize=0xe6000, dwFreeType=0x4000) returned 1 [0127.441] VirtualFree (lpAddress=0xc000308000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0127.442] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.444] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.445] VirtualFree (lpAddress=0xc00010c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.445] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.446] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.447] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.448] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.450] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\*", lpFindFileData=0xc000261380 | out: lpFindFileData=0xc000261380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb74b7b30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb74b7b30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.450] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb74b7b30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb74b7b30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.450] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80a2b6d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80a2b6d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0", cAlternateFileName="")) returned 1 [0127.450] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.450] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.450] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0"), fInfoLevelId=0x0, lpFileInformation=0xc0002614f0 | out: lpFileInformation=0xc0002614f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80a2b6d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80a2b6d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.451] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0127.451] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\*", lpFindFileData=0xc0002612a8 | out: lpFindFileData=0xc0002612a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80a2b6d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80a2b6d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.451] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80a2b6d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80a2b6d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.451] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x818016b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x927c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="update.mar", cAlternateFileName="")) returned 1 [0127.452] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80993150, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80993150, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80993150, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xc, dwReserved0=0x0, dwReserved1=0x0, cFileName="update.status", cAlternateFileName="UPDATE~1.STA")) returned 1 [0127.452] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.452] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.452] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0127.452] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0127.453] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d7ec50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d7ec50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x818016b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x927c0)) returned 1 [0127.453] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.status"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80993150, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80993150, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80993150, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xc)) returned 1 [0127.459] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml"), fInfoLevelId=0x0, lpFileInformation=0xc0002615c8 | out: lpFileInformation=0xc0002615c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80a9daf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8548e650, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8548e650, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39)) returned 1 [0127.459] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp"), fInfoLevelId=0x0, lpFileInformation=0xc000261850 | out: lpFileInformation=0xc000261850*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x87b86c40, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x87b86c40, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0127.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.460] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\*", lpFindFileData=0xc000261608 | out: lpFindFileData=0xc000261608*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x87b86c40, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x87b86c40, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.460] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x87b86c40, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x87b86c40, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.460] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfa382d20, ftCreationTime.dwHighDateTime=0x1d5dd52, ftLastAccessTime.dwLowDateTime=0x40eb9450, ftLastAccessTime.dwHighDateTime=0x1d5d966, ftLastWriteTime.dwLowDateTime=0x40eb9450, ftLastWriteTime.dwHighDateTime=0x1d5d966, nFileSizeHigh=0x0, nFileSizeLow=0xa5ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="2WhwS9v_wbtNy-932dp.mp3", cAlternateFileName="2WHWS9~1.MP3")) returned 1 [0127.460] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x75387fb0, ftCreationTime.dwHighDateTime=0x1d5e0bf, ftLastAccessTime.dwLowDateTime=0xb4b73b80, ftLastAccessTime.dwHighDateTime=0x1d5e23c, ftLastWriteTime.dwLowDateTime=0xb4b73b80, ftLastWriteTime.dwHighDateTime=0x1d5e23c, nFileSizeHigh=0x0, nFileSizeLow=0x11cce, dwReserved0=0x0, dwReserved1=0x0, cFileName="3qSKcqe3.flv", cAlternateFileName="")) returned 1 [0127.460] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9679400, ftCreationTime.dwHighDateTime=0x1d5e02f, ftLastAccessTime.dwLowDateTime=0x149dd2c0, ftLastAccessTime.dwHighDateTime=0x1d5dc66, ftLastWriteTime.dwLowDateTime=0x149dd2c0, ftLastWriteTime.dwHighDateTime=0x1d5dc66, nFileSizeHigh=0x0, nFileSizeLow=0x4684, dwReserved0=0x0, dwReserved1=0x0, cFileName="41QZuLgvE_4gS7.png", cAlternateFileName="41QZUL~1.PNG")) returned 1 [0127.460] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e06be10, ftCreationTime.dwHighDateTime=0x1d5ded6, ftLastAccessTime.dwLowDateTime=0x7f3cfc40, ftLastAccessTime.dwHighDateTime=0x1d5e4be, ftLastWriteTime.dwLowDateTime=0x7f3cfc40, ftLastWriteTime.dwHighDateTime=0x1d5e4be, nFileSizeHigh=0x0, nFileSizeLow=0xcf7, dwReserved0=0x0, dwReserved1=0x0, cFileName="5a2sp8_ePr.wav", cAlternateFileName="5A2SP8~1.WAV")) returned 1 [0127.460] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82d3e190, ftCreationTime.dwHighDateTime=0x1d5e561, ftLastAccessTime.dwLowDateTime=0x2769d4a0, ftLastAccessTime.dwHighDateTime=0x1d5e2db, ftLastWriteTime.dwLowDateTime=0x2769d4a0, ftLastWriteTime.dwHighDateTime=0x1d5e2db, nFileSizeHigh=0x0, nFileSizeLow=0x7e88, dwReserved0=0x0, dwReserved1=0x0, cFileName="5NVv9weiChBBQW9eqI.doc", cAlternateFileName="5NVV9W~1.DOC")) returned 1 [0127.460] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a0318e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0x6a0318e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xb20126a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="AdobeARM.log", cAlternateFileName="")) returned 1 [0127.460] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x67374ab0, ftCreationTime.dwHighDateTime=0x1d5e1fd, ftLastAccessTime.dwLowDateTime=0x2a704320, ftLastAccessTime.dwHighDateTime=0x1d5d9a1, ftLastWriteTime.dwLowDateTime=0x2a704320, ftLastWriteTime.dwHighDateTime=0x1d5d9a1, nFileSizeHigh=0x0, nFileSizeLow=0x1645e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Balv-WOwU9bbg85_9.wav", cAlternateFileName="BALV-W~1.WAV")) returned 1 [0127.460] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xde9fc080, ftCreationTime.dwHighDateTime=0x1d5e137, ftLastAccessTime.dwLowDateTime=0x17ff81d0, ftLastAccessTime.dwHighDateTime=0x1d5e45d, ftLastWriteTime.dwLowDateTime=0x17ff81d0, ftLastWriteTime.dwHighDateTime=0x1d5e45d, nFileSizeHigh=0x0, nFileSizeLow=0xf6fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="bjmV65oG2TWTY.gif", cAlternateFileName="BJMV65~1.GIF")) returned 1 [0127.460] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6be9bb00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0x6be9bb00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x6be9bb00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bst449D.tmp", cAlternateFileName="")) returned 1 [0127.460] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0127.460] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6b55e710, ftCreationTime.dwHighDateTime=0x1d5e594, ftLastAccessTime.dwLowDateTime=0xe27e25f0, ftLastAccessTime.dwHighDateTime=0x1d5dd83, ftLastWriteTime.dwLowDateTime=0xe27e25f0, ftLastWriteTime.dwHighDateTime=0x1d5dd83, nFileSizeHigh=0x0, nFileSizeLow=0x5b80, dwReserved0=0x0, dwReserved1=0x0, cFileName="eKMLwk.png", cAlternateFileName="")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2e113d0, ftCreationTime.dwHighDateTime=0x1d5df13, ftLastAccessTime.dwLowDateTime=0xebe8a7c0, ftLastAccessTime.dwHighDateTime=0x1d5e538, ftLastWriteTime.dwLowDateTime=0xebe8a7c0, ftLastWriteTime.dwHighDateTime=0x1d5e538, nFileSizeHigh=0x0, nFileSizeLow=0x76f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fa_rU7uTnnsW1u.flv", cAlternateFileName="FA_RU7~1.FLV")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5c376a50, ftCreationTime.dwHighDateTime=0x1d5e4a5, ftLastAccessTime.dwLowDateTime=0xaca7cb0, ftLastAccessTime.dwHighDateTime=0x1d5dd67, ftLastWriteTime.dwLowDateTime=0xaca7cb0, ftLastWriteTime.dwHighDateTime=0x1d5dd67, nFileSizeHigh=0x0, nFileSizeLow=0x7be, dwReserved0=0x0, dwReserved1=0x0, cFileName="fB-iU1N3z32L5j7M0.ods", cAlternateFileName="FB-IU1~1.ODS")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x33d9ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x33d9ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FXSAPIDebugLogFile.txt", cAlternateFileName="FXSAPI~1.TXT")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4fbe4830, ftCreationTime.dwHighDateTime=0x1d5e3af, ftLastAccessTime.dwLowDateTime=0xe4f5b850, ftLastAccessTime.dwHighDateTime=0x1d5e3a7, ftLastWriteTime.dwLowDateTime=0xe4f5b850, ftLastWriteTime.dwHighDateTime=0x1d5e3a7, nFileSizeHigh=0x0, nFileSizeLow=0x17c97, dwReserved0=0x0, dwReserved1=0x0, cFileName="Gu0BUM3r4YyI.odp", cAlternateFileName="GU0BUM~1.ODP")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7b4728e0, ftCreationTime.dwHighDateTime=0x1d5df4b, ftLastAccessTime.dwLowDateTime=0x674a0130, ftLastAccessTime.dwHighDateTime=0x1d5e272, ftLastWriteTime.dwLowDateTime=0x674a0130, ftLastWriteTime.dwHighDateTime=0x1d5e272, nFileSizeHigh=0x0, nFileSizeLow=0xf5b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="hH6wVou.flv", cAlternateFileName="")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8aceaae0, ftCreationTime.dwHighDateTime=0x1d5d7da, ftLastAccessTime.dwLowDateTime=0x8a60de20, ftLastAccessTime.dwHighDateTime=0x1d5e04f, ftLastWriteTime.dwLowDateTime=0x8a60de20, ftLastWriteTime.dwHighDateTime=0x1d5e04f, nFileSizeHigh=0x0, nFileSizeLow=0xbba6, dwReserved0=0x0, dwReserved1=0x0, cFileName="IjzNMO4qZ2.swf", cAlternateFileName="IJZNMO~1.SWF")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa4398330, ftCreationTime.dwHighDateTime=0x1d5dd37, ftLastAccessTime.dwLowDateTime=0x6a26d1a0, ftLastAccessTime.dwHighDateTime=0x1d5e01d, ftLastWriteTime.dwLowDateTime=0x6a26d1a0, ftLastWriteTime.dwHighDateTime=0x1d5e01d, nFileSizeHigh=0x0, nFileSizeLow=0xc262, dwReserved0=0x0, dwReserved1=0x0, cFileName="j Nm.rtf", cAlternateFileName="JNM~1.RTF")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8232c690, ftCreationTime.dwHighDateTime=0x1d5db50, ftLastAccessTime.dwLowDateTime=0x8e48cb60, ftLastAccessTime.dwHighDateTime=0x1d5dc99, ftLastWriteTime.dwLowDateTime=0x8e48cb60, ftLastWriteTime.dwHighDateTime=0x1d5dc99, nFileSizeHigh=0x0, nFileSizeLow=0x7c5d, dwReserved0=0x0, dwReserved1=0x0, cFileName="KHoYSi06QkfV4uUC.flv", cAlternateFileName="KHOYSI~1.FLV")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xddf699b0, ftCreationTime.dwHighDateTime=0x1d5e1af, ftLastAccessTime.dwLowDateTime=0x6be68b20, ftLastAccessTime.dwHighDateTime=0x1d5e590, ftLastWriteTime.dwLowDateTime=0x6be68b20, ftLastWriteTime.dwHighDateTime=0x1d5e590, nFileSizeHigh=0x0, nFileSizeLow=0x9e18, dwReserved0=0x0, dwReserved1=0x0, cFileName="K_RGN6o7cHbOh-ip4TNZ.m4a", cAlternateFileName="K_RGN6~1.M4A")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x784d96e0, ftCreationTime.dwHighDateTime=0x1d5e4fc, ftLastAccessTime.dwLowDateTime=0x8b789b0, ftLastAccessTime.dwHighDateTime=0x1d5e553, ftLastWriteTime.dwLowDateTime=0x8b789b0, ftLastWriteTime.dwHighDateTime=0x1d5e553, nFileSizeHigh=0x0, nFileSizeLow=0x1727f, dwReserved0=0x0, dwReserved1=0x0, cFileName="l_QbdAynbkuYDRNFl.ots", cAlternateFileName="L_QBDA~1.OTS")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa7e825a0, ftCreationTime.dwHighDateTime=0x1d5dedf, ftLastAccessTime.dwLowDateTime=0x11fd3690, ftLastAccessTime.dwHighDateTime=0x1d5dff0, ftLastWriteTime.dwLowDateTime=0x11fd3690, ftLastWriteTime.dwHighDateTime=0x1d5dff0, nFileSizeHigh=0x0, nFileSizeLow=0x2142, dwReserved0=0x0, dwReserved1=0x0, cFileName="MmfApa.mp4", cAlternateFileName="")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe51a4f0, ftCreationTime.dwHighDateTime=0x1d5e2b4, ftLastAccessTime.dwLowDateTime=0xe60e8030, ftLastAccessTime.dwHighDateTime=0x1d5dda5, ftLastWriteTime.dwLowDateTime=0xe60e8030, ftLastWriteTime.dwHighDateTime=0x1d5dda5, nFileSizeHigh=0x0, nFileSizeLow=0x109b7, dwReserved0=0x0, dwReserved1=0x0, cFileName="N178QRCD61cLBymM6sr.png", cAlternateFileName="N178QR~1.PNG")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bd0f300, ftCreationTime.dwHighDateTime=0x1d5dfe0, ftLastAccessTime.dwLowDateTime=0xa48e9f60, ftLastAccessTime.dwHighDateTime=0x1d5e5fb, ftLastWriteTime.dwLowDateTime=0xa48e9f60, ftLastWriteTime.dwHighDateTime=0x1d5e5fb, nFileSizeHigh=0x0, nFileSizeLow=0x44ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="n23BdYSAJ2G WqRh.odp", cAlternateFileName="N23BDY~1.ODP")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe5899ab0, ftCreationTime.dwHighDateTime=0x1d5d971, ftLastAccessTime.dwLowDateTime=0xf630e710, ftLastAccessTime.dwHighDateTime=0x1d5d7ff, ftLastWriteTime.dwLowDateTime=0xf630e710, ftLastWriteTime.dwHighDateTime=0x1d5d7ff, nFileSizeHigh=0x0, nFileSizeLow=0x41b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="nNST4cr.odt", cAlternateFileName="")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac9be230, ftCreationTime.dwHighDateTime=0x1d5e54c, ftLastAccessTime.dwLowDateTime=0x1be18700, ftLastAccessTime.dwHighDateTime=0x1d5e55a, ftLastWriteTime.dwLowDateTime=0x1be18700, ftLastWriteTime.dwHighDateTime=0x1d5e55a, nFileSizeHigh=0x0, nFileSizeLow=0x6126, dwReserved0=0x0, dwReserved1=0x0, cFileName="oiYA0G1ngBz3jgT.swf", cAlternateFileName="OIYA0G~1.SWF")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb90e07f0, ftCreationTime.dwHighDateTime=0x1d5d877, ftLastAccessTime.dwLowDateTime=0xf47d0760, ftLastAccessTime.dwHighDateTime=0x1d5e285, ftLastWriteTime.dwLowDateTime=0xf47d0760, ftLastWriteTime.dwHighDateTime=0x1d5e285, nFileSizeHigh=0x0, nFileSizeLow=0x26c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="oJpoOOc.mp3", cAlternateFileName="")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x896a4510, ftCreationTime.dwHighDateTime=0x1d5e621, ftLastAccessTime.dwLowDateTime=0xd83aea70, ftLastAccessTime.dwHighDateTime=0x1d5da7b, ftLastWriteTime.dwLowDateTime=0xd83aea70, ftLastWriteTime.dwHighDateTime=0x1d5da7b, nFileSizeHigh=0x0, nFileSizeLow=0x4c45, dwReserved0=0x0, dwReserved1=0x0, cFileName="OkNvEKjY32_Yd.m4a", cAlternateFileName="OKNVEK~1.M4A")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x41bb1d10, ftCreationTime.dwHighDateTime=0x1d5d9d9, ftLastAccessTime.dwLowDateTime=0xffff5070, ftLastAccessTime.dwHighDateTime=0x1d5dfd8, ftLastWriteTime.dwLowDateTime=0xffff5070, ftLastWriteTime.dwHighDateTime=0x1d5dfd8, nFileSizeHigh=0x0, nFileSizeLow=0xe8ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ow_NPfCevcI.pps", cAlternateFileName="OW_NPF~1.PPS")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c39a7f0, ftCreationTime.dwHighDateTime=0x1d5e246, ftLastAccessTime.dwLowDateTime=0x757d6a30, ftLastAccessTime.dwHighDateTime=0x1d5e80d, ftLastWriteTime.dwLowDateTime=0x757d6a30, ftLastWriteTime.dwHighDateTime=0x1d5e80d, nFileSizeHigh=0x0, nFileSizeLow=0x18686, dwReserved0=0x0, dwReserved1=0x0, cFileName="PBijruVM9GhXBrY K_pi.ods", cAlternateFileName="PBIJRU~1.ODS")) returned 1 [0127.461] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa0c32080, ftCreationTime.dwHighDateTime=0x1d5e750, ftLastAccessTime.dwLowDateTime=0x8dd59250, ftLastAccessTime.dwHighDateTime=0x1d5e77d, ftLastWriteTime.dwLowDateTime=0x8dd59250, ftLastWriteTime.dwHighDateTime=0x1d5e77d, nFileSizeHigh=0x0, nFileSizeLow=0x15891, dwReserved0=0x0, dwReserved1=0x0, cFileName="pG9Bv.mp4", cAlternateFileName="")) returned 1 [0127.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f7f7400, ftCreationTime.dwHighDateTime=0x1d5df00, ftLastAccessTime.dwLowDateTime=0xc661e730, ftLastAccessTime.dwHighDateTime=0x1d5db71, ftLastWriteTime.dwLowDateTime=0xc661e730, ftLastWriteTime.dwHighDateTime=0x1d5db71, nFileSizeHigh=0x0, nFileSizeLow=0x10424, dwReserved0=0x0, dwReserved1=0x0, cFileName="QuQsJ8Kvzy.swf", cAlternateFileName="QUQSJ8~1.SWF")) returned 1 [0127.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf42fab70, ftCreationTime.dwHighDateTime=0x1d5dbc6, ftLastAccessTime.dwLowDateTime=0xecb04e00, ftLastAccessTime.dwHighDateTime=0x1d5dbf7, ftLastWriteTime.dwLowDateTime=0xecb04e00, ftLastWriteTime.dwHighDateTime=0x1d5dbf7, nFileSizeHigh=0x0, nFileSizeLow=0x6f59, dwReserved0=0x0, dwReserved1=0x0, cFileName="QYpp_r7.mp3", cAlternateFileName="")) returned 1 [0127.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc2d23940, ftCreationTime.dwHighDateTime=0x1d5e39f, ftLastAccessTime.dwLowDateTime=0x359fd060, ftLastAccessTime.dwHighDateTime=0x1d5e79f, ftLastWriteTime.dwLowDateTime=0x359fd060, ftLastWriteTime.dwHighDateTime=0x1d5e79f, nFileSizeHigh=0x0, nFileSizeLow=0x4746, dwReserved0=0x0, dwReserved1=0x0, cFileName="Taqml-.avi", cAlternateFileName="")) returned 1 [0127.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd978bc80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd978bc80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0127.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2c825a50, ftCreationTime.dwHighDateTime=0x1d5e030, ftLastAccessTime.dwLowDateTime=0x4d561fc0, ftLastAccessTime.dwHighDateTime=0x1d5dfa7, ftLastWriteTime.dwLowDateTime=0x4d561fc0, ftLastWriteTime.dwHighDateTime=0x1d5dfa7, nFileSizeHigh=0x0, nFileSizeLow=0xc294, dwReserved0=0x0, dwReserved1=0x0, cFileName="tgvQx_X7G.ots", cAlternateFileName="TGVQX_~1.OTS")) returned 1 [0127.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdf237940, ftCreationTime.dwHighDateTime=0x1d5de33, ftLastAccessTime.dwLowDateTime=0xb288ffb0, ftLastAccessTime.dwHighDateTime=0x1d5e061, ftLastWriteTime.dwLowDateTime=0xb288ffb0, ftLastWriteTime.dwHighDateTime=0x1d5e061, nFileSizeHigh=0x0, nFileSizeLow=0x10406, dwReserved0=0x0, dwReserved1=0x0, cFileName="u27fpApeOhiDGfGA.jpg", cAlternateFileName="U27FPA~1.JPG")) returned 1 [0127.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x71360820, ftCreationTime.dwHighDateTime=0x1d5e73f, ftLastAccessTime.dwLowDateTime=0x959324b0, ftLastAccessTime.dwHighDateTime=0x1d5dd9d, ftLastWriteTime.dwLowDateTime=0x959324b0, ftLastWriteTime.dwHighDateTime=0x1d5dd9d, nFileSizeHigh=0x0, nFileSizeLow=0x26ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="uMc2SvFU7si.jpg", cAlternateFileName="UMC2SV~1.JPG")) returned 1 [0127.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe4619230, ftCreationTime.dwHighDateTime=0x1d5e184, ftLastAccessTime.dwLowDateTime=0xd195ff80, ftLastAccessTime.dwHighDateTime=0x1d5d8e0, ftLastWriteTime.dwLowDateTime=0xd195ff80, ftLastWriteTime.dwHighDateTime=0x1d5d8e0, nFileSizeHigh=0x0, nFileSizeLow=0x18fcc, dwReserved0=0x0, dwReserved1=0x0, cFileName="V cKbtO.xls", cAlternateFileName="VCKBTO~1.XLS")) returned 1 [0127.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc555da10, ftCreationTime.dwHighDateTime=0x1d5dec1, ftLastAccessTime.dwLowDateTime=0x7b2b1180, ftLastAccessTime.dwHighDateTime=0x1d5e060, ftLastWriteTime.dwLowDateTime=0x7b2b1180, ftLastWriteTime.dwHighDateTime=0x1d5e060, nFileSizeHigh=0x0, nFileSizeLow=0x92d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="WnQe2fjSA2R.mp3", cAlternateFileName="WNQE2F~1.MP3")) returned 1 [0127.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb51728d0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xb51728d0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xb51728d0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WPDNSE", cAlternateFileName="")) returned 1 [0127.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93bacd90, ftCreationTime.dwHighDateTime=0x1d5df92, ftLastAccessTime.dwLowDateTime=0x3021ce10, ftLastAccessTime.dwHighDateTime=0x1d5df05, ftLastWriteTime.dwLowDateTime=0x3021ce10, ftLastWriteTime.dwHighDateTime=0x1d5df05, nFileSizeHigh=0x0, nFileSizeLow=0xae33, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yi6Dmj4ID.xlsx", cAlternateFileName="YI6DMJ~1.XLS")) returned 1 [0127.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda2b3a70, ftCreationTime.dwHighDateTime=0x1d5dee9, ftLastAccessTime.dwLowDateTime=0x892652b0, ftLastAccessTime.dwHighDateTime=0x1d5dc67, ftLastWriteTime.dwLowDateTime=0x892652b0, ftLastWriteTime.dwHighDateTime=0x1d5dc67, nFileSizeHigh=0x0, nFileSizeLow=0x15fbb, dwReserved0=0x0, dwReserved1=0x0, cFileName="yZD2.jpg", cAlternateFileName="")) returned 1 [0127.462] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.462] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0127.463] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.463] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\2WhwS9v_wbtNy-932dp.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\2whws9v_wbtny-932dp.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xfa382d20, ftCreationTime.dwHighDateTime=0x1d5dd52, ftLastAccessTime.dwLowDateTime=0x40eb9450, ftLastAccessTime.dwHighDateTime=0x1d5d966, ftLastWriteTime.dwLowDateTime=0x40eb9450, ftLastWriteTime.dwHighDateTime=0x1d5d966, nFileSizeHigh=0x0, nFileSizeLow=0xa5ad)) returned 1 [0127.463] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0127.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3qSKcqe3.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\3qskcqe3.flv"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x75387fb0, ftCreationTime.dwHighDateTime=0x1d5e0bf, ftLastAccessTime.dwLowDateTime=0xb4b73b80, ftLastAccessTime.dwHighDateTime=0x1d5e23c, ftLastWriteTime.dwLowDateTime=0xb4b73b80, ftLastWriteTime.dwHighDateTime=0x1d5e23c, nFileSizeHigh=0x0, nFileSizeLow=0x11cce)) returned 1 [0127.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\41QZuLgvE_4gS7.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\41qzulgve_4gs7.png"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa9679400, ftCreationTime.dwHighDateTime=0x1d5e02f, ftLastAccessTime.dwLowDateTime=0x149dd2c0, ftLastAccessTime.dwHighDateTime=0x1d5dc66, ftLastWriteTime.dwLowDateTime=0x149dd2c0, ftLastWriteTime.dwHighDateTime=0x1d5dc66, nFileSizeHigh=0x0, nFileSizeLow=0x4684)) returned 1 [0127.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\5NVv9weiChBBQW9eqI.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\5nvv9weichbbqw9eqi.doc"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82d3e190, ftCreationTime.dwHighDateTime=0x1d5e561, ftLastAccessTime.dwLowDateTime=0x2769d4a0, ftLastAccessTime.dwHighDateTime=0x1d5e2db, ftLastWriteTime.dwLowDateTime=0x2769d4a0, ftLastWriteTime.dwHighDateTime=0x1d5e2db, nFileSizeHigh=0x0, nFileSizeLow=0x7e88)) returned 1 [0127.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\5a2sp8_ePr.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\5a2sp8_epr.wav"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e06be10, ftCreationTime.dwHighDateTime=0x1d5ded6, ftLastAccessTime.dwLowDateTime=0x7f3cfc40, ftLastAccessTime.dwHighDateTime=0x1d5e4be, ftLastWriteTime.dwLowDateTime=0x7f3cfc40, ftLastWriteTime.dwHighDateTime=0x1d5e4be, nFileSizeHigh=0x0, nFileSizeLow=0xcf7)) returned 1 [0127.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\AdobeARM.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\adobearm.log"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a0318e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0x6a0318e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xb20126a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5fe)) returned 1 [0127.465] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Balv-WOwU9bbg85_9.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\balv-wowu9bbg85_9.wav"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x67374ab0, ftCreationTime.dwHighDateTime=0x1d5e1fd, ftLastAccessTime.dwLowDateTime=0x2a704320, ftLastAccessTime.dwHighDateTime=0x1d5d9a1, ftLastWriteTime.dwLowDateTime=0x2a704320, ftLastWriteTime.dwHighDateTime=0x1d5d9a1, nFileSizeHigh=0x0, nFileSizeLow=0x1645e)) returned 1 [0127.465] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0127.465] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.471] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.476] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\*", lpFindFileData=0xc000261530 | out: lpFindFileData=0xc000261530*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.476] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261560 | out: lpFindFileData=0xc000261560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.476] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261560 | out: lpFindFileData=0xc000261560*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xed0fc650, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0127.476] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261560 | out: lpFindFileData=0xc000261560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.477] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.477] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0002616a0 | out: lpFileInformation=0xc0002616a0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xed0fc650, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0127.477] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x33d9ad10, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x33d9ad10, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.477] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Fa_rU7uTnnsW1u.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fa_ru7utnnsw1u.flv"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2e113d0, ftCreationTime.dwHighDateTime=0x1d5df13, ftLastAccessTime.dwLowDateTime=0xebe8a7c0, ftLastAccessTime.dwHighDateTime=0x1d5e538, ftLastWriteTime.dwLowDateTime=0xebe8a7c0, ftLastWriteTime.dwHighDateTime=0x1d5e538, nFileSizeHigh=0x0, nFileSizeLow=0x76f3)) returned 1 [0127.477] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Gu0BUM3r4YyI.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\gu0bum3r4yyi.odp"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4fbe4830, ftCreationTime.dwHighDateTime=0x1d5e3af, ftLastAccessTime.dwLowDateTime=0xe4f5b850, ftLastAccessTime.dwHighDateTime=0x1d5e3a7, ftLastWriteTime.dwLowDateTime=0xe4f5b850, ftLastWriteTime.dwHighDateTime=0x1d5e3a7, nFileSizeHigh=0x0, nFileSizeLow=0x17c97)) returned 1 [0127.477] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.479] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.483] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.483] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\*", lpFindFileData=0xc000261530 | out: lpFindFileData=0xc000261530*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.483] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261560 | out: lpFindFileData=0xc000261560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.483] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261560 | out: lpFindFileData=0xc000261560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="History.IE5", cAlternateFileName="")) returned 1 [0127.483] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261560 | out: lpFindFileData=0xc000261560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.483] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.483] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0127.484] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0127.484] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0127.485] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5"), fInfoLevelId=0x0, lpFileInformation=0xc0002616a0 | out: lpFileInformation=0xc0002616a0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.485] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\*", lpFindFileData=0xc000261458 | out: lpFindFileData=0xc000261458*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.485] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97fe0a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.485] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9824200, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x91, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0127.485] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xed0fc650, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0127.486] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.486] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002615c8 | out: lpFileInformation=0xc0002615c8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9824200, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x91)) returned 1 [0127.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0002615c8 | out: lpFileInformation=0xc0002615c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xd97fe0a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97fe0a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xed0fc650, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0127.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\IjzNMO4qZ2.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ijznmo4qz2.swf"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8aceaae0, ftCreationTime.dwHighDateTime=0x1d5d7da, ftLastAccessTime.dwLowDateTime=0x8a60de20, ftLastAccessTime.dwHighDateTime=0x1d5e04f, ftLastWriteTime.dwLowDateTime=0x8a60de20, ftLastWriteTime.dwHighDateTime=0x1d5e04f, nFileSizeHigh=0x0, nFileSizeLow=0xbba6)) returned 1 [0127.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\KHoYSi06QkfV4uUC.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\khoysi06qkfv4uuc.flv"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8232c690, ftCreationTime.dwHighDateTime=0x1d5db50, ftLastAccessTime.dwLowDateTime=0x8e48cb60, ftLastAccessTime.dwHighDateTime=0x1d5dc99, ftLastWriteTime.dwLowDateTime=0x8e48cb60, ftLastWriteTime.dwHighDateTime=0x1d5dc99, nFileSizeHigh=0x0, nFileSizeLow=0x7c5d)) returned 1 [0127.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\K_RGN6o7cHbOh-ip4TNZ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\k_rgn6o7chboh-ip4tnz.m4a"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xddf699b0, ftCreationTime.dwHighDateTime=0x1d5e1af, ftLastAccessTime.dwLowDateTime=0x6be68b20, ftLastAccessTime.dwHighDateTime=0x1d5e590, ftLastWriteTime.dwLowDateTime=0x6be68b20, ftLastWriteTime.dwHighDateTime=0x1d5e590, nFileSizeHigh=0x0, nFileSizeLow=0x9e18)) returned 1 [0127.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\MmfApa.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\mmfapa.mp4"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa7e825a0, ftCreationTime.dwHighDateTime=0x1d5dedf, ftLastAccessTime.dwLowDateTime=0x11fd3690, ftLastAccessTime.dwHighDateTime=0x1d5dff0, ftLastWriteTime.dwLowDateTime=0x11fd3690, ftLastWriteTime.dwHighDateTime=0x1d5dff0, nFileSizeHigh=0x0, nFileSizeLow=0x2142)) returned 1 [0127.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\N178QRCD61cLBymM6sr.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\n178qrcd61clbymm6sr.png"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe51a4f0, ftCreationTime.dwHighDateTime=0x1d5e2b4, ftLastAccessTime.dwLowDateTime=0xe60e8030, ftLastAccessTime.dwHighDateTime=0x1d5dda5, ftLastWriteTime.dwLowDateTime=0xe60e8030, ftLastWriteTime.dwHighDateTime=0x1d5dda5, nFileSizeHigh=0x0, nFileSizeLow=0x109b7)) returned 1 [0127.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OkNvEKjY32_Yd.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\oknvekjy32_yd.m4a"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x896a4510, ftCreationTime.dwHighDateTime=0x1d5e621, ftLastAccessTime.dwLowDateTime=0xd83aea70, ftLastAccessTime.dwHighDateTime=0x1d5da7b, ftLastWriteTime.dwLowDateTime=0xd83aea70, ftLastWriteTime.dwHighDateTime=0x1d5da7b, nFileSizeHigh=0x0, nFileSizeLow=0x4c45)) returned 1 [0127.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Ow_NPfCevcI.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ow_npfcevci.pps"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x41bb1d10, ftCreationTime.dwHighDateTime=0x1d5d9d9, ftLastAccessTime.dwLowDateTime=0xffff5070, ftLastAccessTime.dwHighDateTime=0x1d5dfd8, ftLastWriteTime.dwLowDateTime=0xffff5070, ftLastWriteTime.dwHighDateTime=0x1d5dfd8, nFileSizeHigh=0x0, nFileSizeLow=0xe8ea)) returned 1 [0127.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\PBijruVM9GhXBrY K_pi.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pbijruvm9ghxbry k_pi.ods"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c39a7f0, ftCreationTime.dwHighDateTime=0x1d5e246, ftLastAccessTime.dwLowDateTime=0x757d6a30, ftLastAccessTime.dwHighDateTime=0x1d5e80d, ftLastWriteTime.dwLowDateTime=0x757d6a30, ftLastWriteTime.dwHighDateTime=0x1d5e80d, nFileSizeHigh=0x0, nFileSizeLow=0x18686)) returned 1 [0127.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QYpp_r7.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qypp_r7.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf42fab70, ftCreationTime.dwHighDateTime=0x1d5dbc6, ftLastAccessTime.dwLowDateTime=0xecb04e00, ftLastAccessTime.dwHighDateTime=0x1d5dbf7, ftLastWriteTime.dwLowDateTime=0xecb04e00, ftLastWriteTime.dwHighDateTime=0x1d5dbf7, nFileSizeHigh=0x0, nFileSizeLow=0x6f59)) returned 1 [0127.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QuQsJ8Kvzy.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\quqsj8kvzy.swf"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5f7f7400, ftCreationTime.dwHighDateTime=0x1d5df00, ftLastAccessTime.dwLowDateTime=0xc661e730, ftLastAccessTime.dwHighDateTime=0x1d5db71, ftLastWriteTime.dwLowDateTime=0xc661e730, ftLastWriteTime.dwHighDateTime=0x1d5db71, nFileSizeHigh=0x0, nFileSizeLow=0x10424)) returned 1 [0127.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Taqml-.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\taqml-.avi"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc2d23940, ftCreationTime.dwHighDateTime=0x1d5e39f, ftLastAccessTime.dwLowDateTime=0x359fd060, ftLastAccessTime.dwHighDateTime=0x1d5e79f, ftLastWriteTime.dwLowDateTime=0x359fd060, ftLastWriteTime.dwHighDateTime=0x1d5e79f, nFileSizeHigh=0x0, nFileSizeLow=0x4746)) returned 1 [0127.488] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd978bc80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd978bc80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.488] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.488] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\*", lpFindFileData=0xc000261530 | out: lpFindFileData=0xc000261530*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd978bc80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd978bc80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.488] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261560 | out: lpFindFileData=0xc000261560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd978bc80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd978bc80, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.488] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261560 | out: lpFindFileData=0xc000261560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Content.IE5", cAlternateFileName="")) returned 1 [0127.489] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261560 | out: lpFindFileData=0xc000261560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.489] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.489] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5"), fInfoLevelId=0x0, lpFileInformation=0xc0002616a0 | out: lpFileInformation=0xc0002616a0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.489] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.489] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\*", lpFindFileData=0xc000261458 | out: lpFindFileData=0xc000261458*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.489] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.489] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="03J4UQW0", cAlternateFileName="")) returned 1 [0127.489] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0127.489] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd978bc80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xed0fc650, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0127.489] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KETAJP6D", cAlternateFileName="")) returned 1 [0127.489] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VB18B0KB", cAlternateFileName="")) returned 1 [0127.489] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XT1RPYG9", cAlternateFileName="")) returned 1 [0127.489] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.490] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.490] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0"), fInfoLevelId=0x0, lpFileInformation=0xc0002615c8 | out: lpFileInformation=0xc0002615c8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.503] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.503] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\*", lpFindFileData=0xc000261380 | out: lpFindFileData=0xc000261380*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.503] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.503] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0127.503] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.503] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.503] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002614f0 | out: lpFileInformation=0xc0002614f0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0127.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d"), fInfoLevelId=0x0, lpFileInformation=0xc0002615c8 | out: lpFileInformation=0xc0002615c8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.504] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\*", lpFindFileData=0xc000261380 | out: lpFindFileData=0xc000261380*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.504] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.504] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0127.504] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.504] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002614f0 | out: lpFileInformation=0xc0002614f0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0127.505] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb"), fInfoLevelId=0x0, lpFileInformation=0xc0002615c8 | out: lpFileInformation=0xc0002615c8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.505] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.505] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\*", lpFindFileData=0xc000261380 | out: lpFindFileData=0xc000261380*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.505] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0127.506] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.506] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0127.506] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.506] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.506] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002614f0 | out: lpFileInformation=0xc0002614f0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97d7f40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97d7f40, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97d7f40, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0127.506] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9"), fInfoLevelId=0x0, lpFileInformation=0xc0002615c8 | out: lpFileInformation=0xc0002615c8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.517] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.517] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\*", lpFindFileData=0xc000261380 | out: lpFindFileData=0xc000261380*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.517] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.517] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0127.517] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002613b0 | out: lpFindFileData=0xc0002613b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.518] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.518] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002614f0 | out: lpFileInformation=0xc0002614f0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0127.518] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002615c8 | out: lpFileInformation=0xc0002615c8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0xd97b1de0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd97b1de0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd97b1de0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0127.518] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0002615c8 | out: lpFileInformation=0xc0002615c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xd978bc80, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd978bc80, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xed0fc650, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0127.518] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\V cKbtO.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\v ckbto.xls"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe4619230, ftCreationTime.dwHighDateTime=0x1d5e184, ftLastAccessTime.dwLowDateTime=0xd195ff80, ftLastAccessTime.dwHighDateTime=0x1d5d8e0, ftLastWriteTime.dwLowDateTime=0xd195ff80, ftLastWriteTime.dwHighDateTime=0x1d5d8e0, nFileSizeHigh=0x0, nFileSizeLow=0x18fcc)) returned 1 [0127.519] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WPDNSE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\wpdnse"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb51728d0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xb51728d0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xb51728d0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WPDNSE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\wpdnse"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.519] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WPDNSE\\*", lpFindFileData=0xc000261530 | out: lpFindFileData=0xc000261530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb51728d0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xb51728d0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xb51728d0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.519] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261560 | out: lpFindFileData=0xc000261560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb51728d0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xb51728d0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xb51728d0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.520] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261560 | out: lpFindFileData=0xc000261560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.520] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WnQe2fjSA2R.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\wnqe2fjsa2r.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc555da10, ftCreationTime.dwHighDateTime=0x1d5dec1, ftLastAccessTime.dwLowDateTime=0x7b2b1180, ftLastAccessTime.dwHighDateTime=0x1d5e060, ftLastWriteTime.dwLowDateTime=0x7b2b1180, ftLastWriteTime.dwHighDateTime=0x1d5e060, nFileSizeHigh=0x0, nFileSizeLow=0x92d9)) returned 1 [0127.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Yi6Dmj4ID.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yi6dmj4id.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93bacd90, ftCreationTime.dwHighDateTime=0x1d5df92, ftLastAccessTime.dwLowDateTime=0x3021ce10, ftLastAccessTime.dwHighDateTime=0x1d5df05, ftLastWriteTime.dwLowDateTime=0x3021ce10, ftLastWriteTime.dwHighDateTime=0x1d5df05, nFileSizeHigh=0x0, nFileSizeLow=0xae33)) returned 1 [0127.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bjmV65oG2TWTY.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bjmv65og2twty.gif"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xde9fc080, ftCreationTime.dwHighDateTime=0x1d5e137, ftLastAccessTime.dwLowDateTime=0x17ff81d0, ftLastAccessTime.dwHighDateTime=0x1d5e45d, ftLastWriteTime.dwLowDateTime=0x17ff81d0, ftLastWriteTime.dwHighDateTime=0x1d5e45d, nFileSizeHigh=0x0, nFileSizeLow=0xf6fb)) returned 1 [0127.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bst449D.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bst449d.tmp"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6be9bb00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0x6be9bb00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x6be9bb00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eKMLwk.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ekmlwk.png"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6b55e710, ftCreationTime.dwHighDateTime=0x1d5e594, ftLastAccessTime.dwLowDateTime=0xe27e25f0, ftLastAccessTime.dwHighDateTime=0x1d5dd83, ftLastWriteTime.dwLowDateTime=0xe27e25f0, ftLastWriteTime.dwHighDateTime=0x1d5dd83, nFileSizeHigh=0x0, nFileSizeLow=0x5b80)) returned 1 [0127.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\fB-iU1N3z32L5j7M0.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fb-iu1n3z32l5j7m0.ods"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5c376a50, ftCreationTime.dwHighDateTime=0x1d5e4a5, ftLastAccessTime.dwLowDateTime=0xaca7cb0, ftLastAccessTime.dwHighDateTime=0x1d5dd67, ftLastWriteTime.dwLowDateTime=0xaca7cb0, ftLastWriteTime.dwHighDateTime=0x1d5dd67, nFileSizeHigh=0x0, nFileSizeLow=0x7be)) returned 1 [0127.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\hH6wVou.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\hh6wvou.flv"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7b4728e0, ftCreationTime.dwHighDateTime=0x1d5df4b, ftLastAccessTime.dwLowDateTime=0x674a0130, ftLastAccessTime.dwHighDateTime=0x1d5e272, ftLastWriteTime.dwLowDateTime=0x674a0130, ftLastWriteTime.dwHighDateTime=0x1d5e272, nFileSizeHigh=0x0, nFileSizeLow=0xf5b4)) returned 1 [0127.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\j Nm.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\j nm.rtf"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa4398330, ftCreationTime.dwHighDateTime=0x1d5dd37, ftLastAccessTime.dwLowDateTime=0x6a26d1a0, ftLastAccessTime.dwHighDateTime=0x1d5e01d, ftLastWriteTime.dwLowDateTime=0x6a26d1a0, ftLastWriteTime.dwHighDateTime=0x1d5e01d, nFileSizeHigh=0x0, nFileSizeLow=0xc262)) returned 1 [0127.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\l_QbdAynbkuYDRNFl.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\l_qbdaynbkuydrnfl.ots"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x784d96e0, ftCreationTime.dwHighDateTime=0x1d5e4fc, ftLastAccessTime.dwLowDateTime=0x8b789b0, ftLastAccessTime.dwHighDateTime=0x1d5e553, ftLastWriteTime.dwLowDateTime=0x8b789b0, ftLastWriteTime.dwHighDateTime=0x1d5e553, nFileSizeHigh=0x0, nFileSizeLow=0x1727f)) returned 1 [0127.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\n23BdYSAJ2G WqRh.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\n23bdysaj2g wqrh.odp"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bd0f300, ftCreationTime.dwHighDateTime=0x1d5dfe0, ftLastAccessTime.dwLowDateTime=0xa48e9f60, ftLastAccessTime.dwHighDateTime=0x1d5e5fb, ftLastWriteTime.dwLowDateTime=0xa48e9f60, ftLastWriteTime.dwHighDateTime=0x1d5e5fb, nFileSizeHigh=0x0, nFileSizeLow=0x44ab)) returned 1 [0127.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\nNST4cr.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nnst4cr.odt"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe5899ab0, ftCreationTime.dwHighDateTime=0x1d5d971, ftLastAccessTime.dwLowDateTime=0xf630e710, ftLastAccessTime.dwHighDateTime=0x1d5d7ff, ftLastWriteTime.dwLowDateTime=0xf630e710, ftLastWriteTime.dwHighDateTime=0x1d5d7ff, nFileSizeHigh=0x0, nFileSizeLow=0x41b6)) returned 1 [0127.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\oJpoOOc.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ojpoooc.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb90e07f0, ftCreationTime.dwHighDateTime=0x1d5d877, ftLastAccessTime.dwLowDateTime=0xf47d0760, ftLastAccessTime.dwHighDateTime=0x1d5e285, ftLastWriteTime.dwLowDateTime=0xf47d0760, ftLastWriteTime.dwHighDateTime=0x1d5e285, nFileSizeHigh=0x0, nFileSizeLow=0x26c1)) returned 1 [0127.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\oiYA0G1ngBz3jgT.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\oiya0g1ngbz3jgt.swf"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xac9be230, ftCreationTime.dwHighDateTime=0x1d5e54c, ftLastAccessTime.dwLowDateTime=0x1be18700, ftLastAccessTime.dwHighDateTime=0x1d5e55a, ftLastWriteTime.dwLowDateTime=0x1be18700, ftLastWriteTime.dwHighDateTime=0x1d5e55a, nFileSizeHigh=0x0, nFileSizeLow=0x6126)) returned 1 [0127.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\pG9Bv.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pg9bv.mp4"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa0c32080, ftCreationTime.dwHighDateTime=0x1d5e750, ftLastAccessTime.dwLowDateTime=0x8dd59250, ftLastAccessTime.dwHighDateTime=0x1d5e77d, ftLastWriteTime.dwLowDateTime=0x8dd59250, ftLastWriteTime.dwHighDateTime=0x1d5e77d, nFileSizeHigh=0x0, nFileSizeLow=0x15891)) returned 1 [0127.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tgvQx_X7G.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tgvqx_x7g.ots"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2c825a50, ftCreationTime.dwHighDateTime=0x1d5e030, ftLastAccessTime.dwLowDateTime=0x4d561fc0, ftLastAccessTime.dwHighDateTime=0x1d5dfa7, ftLastWriteTime.dwLowDateTime=0x4d561fc0, ftLastWriteTime.dwHighDateTime=0x1d5dfa7, nFileSizeHigh=0x0, nFileSizeLow=0xc294)) returned 1 [0127.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\u27fpApeOhiDGfGA.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\u27fpapeohidgfga.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xdf237940, ftCreationTime.dwHighDateTime=0x1d5de33, ftLastAccessTime.dwLowDateTime=0xb288ffb0, ftLastAccessTime.dwHighDateTime=0x1d5e061, ftLastWriteTime.dwLowDateTime=0xb288ffb0, ftLastWriteTime.dwHighDateTime=0x1d5e061, nFileSizeHigh=0x0, nFileSizeLow=0x10406)) returned 1 [0127.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\uMc2SvFU7si.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\umc2svfu7si.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x71360820, ftCreationTime.dwHighDateTime=0x1d5e73f, ftLastAccessTime.dwLowDateTime=0x959324b0, ftLastAccessTime.dwHighDateTime=0x1d5dd9d, ftLastWriteTime.dwLowDateTime=0x959324b0, ftLastWriteTime.dwHighDateTime=0x1d5dd9d, nFileSizeHigh=0x0, nFileSizeLow=0x26ae)) returned 1 [0127.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\yZD2.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yzd2.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda2b3a70, ftCreationTime.dwHighDateTime=0x1d5dee9, ftLastAccessTime.dwLowDateTime=0x892652b0, ftLastAccessTime.dwHighDateTime=0x1d5dc67, ftLastWriteTime.dwLowDateTime=0x892652b0, ftLastWriteTime.dwHighDateTime=0x1d5dc67, nFileSizeHigh=0x0, nFileSizeLow=0x15fbb)) returned 1 [0127.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files"), fInfoLevelId=0x0, lpFileInformation=0xc000261850 | out: lpFileInformation=0xc000261850*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29175f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29175f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29175f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.523] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x23c [0127.523] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc0002617a4 | out: lpFileInformation=0xc0002617a4) returned 1 [0127.523] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc000261788, dwBufferSize=0x8 | out: lpFileInformation=0xc000261788) returned 1 [0127.523] CloseHandle (hObject=0x23c) returned 1 [0127.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\virtualstore"), fInfoLevelId=0x0, lpFileInformation=0xc000261850 | out: lpFileInformation=0xc000261850*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.524] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\virtualstore"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.524] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\VirtualStore\\*", lpFindFileData=0xc000261608 | out: lpFindFileData=0xc000261608*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.524] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ab32d60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ab32d60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ab32d60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.524] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261638 | out: lpFindFileData=0xc000261638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.524] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.525] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow"), fInfoLevelId=0x0, lpFileInformation=0xc000261928 | out: lpFileInformation=0xc000261928*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.525] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\*", lpFindFileData=0xc0002616e0 | out: lpFindFileData=0xc0002616e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.525] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261710 | out: lpFindFileData=0xc000261710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.525] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261710 | out: lpFindFileData=0xc000261710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0127.525] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261710 | out: lpFindFileData=0xc000261710*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0127.525] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261710 | out: lpFindFileData=0xc000261710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68cb4a40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 1 [0127.525] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261710 | out: lpFindFileData=0xc000261710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.525] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.525] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe"), fInfoLevelId=0x0, lpFileInformation=0xc000261850 | out: lpFileInformation=0xc000261850*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.530] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.552] SetEvent (hEvent=0x39c) returned 1 [0127.552] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.574] SetEvent (hEvent=0x354) returned 1 [0127.574] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.602] SetEvent (hEvent=0xec) returned 1 [0127.602] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0127.607] SetEvent (hEvent=0x39c) returned 1 [0127.607] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0128.486] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0128.493] SetEvent (hEvent=0x3c0) returned 1 [0128.493] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0128.495] SetEvent (hEvent=0x3c0) returned 1 [0128.495] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0128.497] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0128.498] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0128.500] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0128.500] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0128.501] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0128.503] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0128.504] SetEvent (hEvent=0x3c0) returned 1 [0128.504] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0128.505] SetEvent (hEvent=0x3c0) returned 1 [0128.505] SwitchToThread () returned 1 [0128.505] SetEvent (hEvent=0x258) returned 1 [0128.505] SetEvent (hEvent=0x3c0) returned 1 [0128.505] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e298*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000047818, lpReserved=0x0 | out: lpBuffer=0xc00005e298*, lpNumberOfCharsWritten=0xc000047818*=0x3) returned 1 [0128.507] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0128.507] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000036000*, nNumberOfCharsToWrite=0x83, lpNumberOfCharsWritten=0xc00026d808, lpReserved=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfCharsWritten=0xc00026d808*=0x83) returned 1 [0128.521] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0128.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0130.618] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc00026dd64 | out: lpMode=0xc00026dd64) returned 0 [0130.640] GetFileType (hFile=0x2b4) returned 0x1 [0130.640] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc00026dd4c*=0x158, lpOverlapped=0x0) returned 1 [0130.641] CloseHandle (hObject=0x2b4) returned 1 [0130.641] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0130.688] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0130.785] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0130.790] SetEvent (hEvent=0x324) returned 1 [0130.790] SetEvent (hEvent=0x258) returned 1 [0130.790] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0130.791] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc00015fcf4 | out: lpMode=0xc00015fcf4) returned 0 [0130.796] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0130.802] GetFileType (hFile=0x3cc) returned 0x1 [0130.802] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0130.807] GetFileType (hFile=0x3cc) returned 0x1 [0130.807] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc00015fd44 | out: lpFileInformation=0xc00015fd44) returned 1 [0130.807] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc00015fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015fd28) returned 1 [0130.808] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0130.810] ReadFile (in: hFile=0x3cc, lpBuffer=0xc00028c000, nNumberOfBytesToRead=0x2200, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesRead=0xc00015fc04*=0x2000, lpOverlapped=0x0) returned 1 [0130.817] ReadFile (in: hFile=0x3cc, lpBuffer=0xc00028e000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00028e000*, lpNumberOfBytesRead=0xc00015fc04*=0x0, lpOverlapped=0x0) returned 1 [0130.818] CloseHandle (hObject=0x3cc) returned 1 [0130.818] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0130.818] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0130.819] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\ReaderMessages" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\readermessages"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0130.820] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc00015fd04 | out: lpMode=0xc00015fd04) returned 0 [0130.840] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0130.896] SetEvent (hEvent=0x12c) returned 1 [0130.896] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.002] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.013] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.017] SetEvent (hEvent=0x148) returned 1 [0131.017] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0131.018] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a4000*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc00014d808, lpReserved=0x0 | out: lpBuffer=0xc0000a4000*, lpNumberOfCharsWritten=0xc00014d808*=0xac) returned 1 [0131.021] SetEvent (hEvent=0x148) returned 1 [0131.021] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0131.021] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0131.021] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0131.022] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0131.023] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0131.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0131.023] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00014dd64 | out: lpMode=0xc00014dd64) returned 0 [0131.026] GetFileType (hFile=0x2e8) returned 0x1 [0131.026] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000a4420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a4420*, lpNumberOfBytesWritten=0xc00014dd4c*=0x158, lpOverlapped=0x0) returned 1 [0131.026] CloseHandle (hObject=0x2e8) returned 1 [0131.039] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwFlags=0x1) returned 1 [0131.114] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.117] SetEvent (hEvent=0x1b4) returned 1 [0131.117] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.118] SetEvent (hEvent=0x1b4) returned 1 [0131.118] SetEvent (hEvent=0x39c) returned 1 [0131.118] VirtualFree (lpAddress=0xc000280000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.118] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.118] VirtualFree (lpAddress=0xc00010e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.119] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.119] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.120] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.120] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.120] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.121] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.121] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.122] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00015f818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc00015f818*=0x2) returned 1 [0131.123] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.126] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000275808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000275808*=0xac) returned 1 [0131.128] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0131.128] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0131.129] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0131.130] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0131.132] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0131.133] VirtualAlloc (lpAddress=0xc000214000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000214000 [0131.133] VirtualAlloc (lpAddress=0xc000216000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000216000 [0131.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0131.134] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000275d64 | out: lpMode=0xc000275d64) returned 0 [0131.136] GetFileType (hFile=0x370) returned 0x1 [0131.136] WriteFile (in: hFile=0x370, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000275d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc000275d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.136] CloseHandle (hObject=0x370) returned 1 [0131.138] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.148] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwFlags=0x1) returned 1 [0131.188] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0131.188] SetEvent (hEvent=0x320) returned 1 [0131.188] VirtualAlloc (lpAddress=0xc0002a8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a8000 [0131.190] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.196] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.196] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0131.196] SetEvent (hEvent=0x320) returned 1 [0131.196] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.202] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.202] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.220] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.228] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.233] SetEvent (hEvent=0x39c) returned 1 [0131.233] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.234] SetEvent (hEvent=0x39c) returned 1 [0131.234] SetEvent (hEvent=0x12c) returned 1 [0131.234] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0131.235] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.235] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.236] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002a3818, lpReserved=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfCharsWritten=0xc0002a3818*=0x2) returned 1 [0131.239] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.243] SetEvent (hEvent=0x12c) returned 1 [0131.243] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0131.243] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0131.244] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0131.245] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0002a3cf4 | out: lpMode=0xc0002a3cf4) returned 0 [0131.248] GetFileType (hFile=0x3d8) returned 0x1 [0131.248] GetFileType (hFile=0x3d8) returned 0x1 [0131.248] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc0002a3d44 | out: lpFileInformation=0xc0002a3d44) returned 1 [0131.248] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc0002a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a3d28) returned 1 [0131.248] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0131.249] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x3d7, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc0002a3c04*=0x1d7, lpOverlapped=0x0) returned 1 [0131.250] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0000941d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000941d7*, lpNumberOfBytesRead=0xc0002a3c04*=0x0, lpOverlapped=0x0) returned 1 [0131.250] CloseHandle (hObject=0x3d8) returned 1 [0131.250] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0131.251] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0131.251] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.278] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4\\*", lpFindFileData=0xc0002a3a08 | out: lpFindFileData=0xc0002a3a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.278] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002a3720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.278] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000ce420*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0002a3808, lpReserved=0x0 | out: lpBuffer=0xc0000ce420*, lpNumberOfCharsWritten=0xc0002a3808*=0xac) returned 1 [0131.280] SetEvent (hEvent=0x12c) returned 1 [0131.281] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0131.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0131.281] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0002a3d64 | out: lpMode=0xc0002a3d64) returned 0 [0131.283] GetFileType (hFile=0x370) returned 0x1 [0131.283] WriteFile (in: hFile=0x370, lpBuffer=0xc0000ce840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce840*, lpNumberOfBytesWritten=0xc0002a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.283] CloseHandle (hObject=0x370) returned 1 [0131.288] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwFlags=0x1) returned 1 [0131.330] VirtualAlloc (lpAddress=0xc0002f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f4000 [0131.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0131.332] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00014dcf4 | out: lpMode=0xc00014dcf4) returned 0 [0131.333] GetFileType (hFile=0x2e8) returned 0x1 [0131.333] GetFileType (hFile=0x2e8) returned 0x1 [0131.333] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc00014dd44 | out: lpFileInformation=0xc00014dd44) returned 1 [0131.333] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc00014dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014dd28) returned 1 [0131.333] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0131.334] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000e8000, nNumberOfBytesToRead=0x3d7, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e8000*, lpNumberOfBytesRead=0xc00014dc04*=0x1d7, lpOverlapped=0x0) returned 1 [0131.335] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000e81d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e81d7*, lpNumberOfBytesRead=0xc00014dc04*=0x0, lpOverlapped=0x0) returned 1 [0131.335] CloseHandle (hObject=0x2e8) returned 1 [0131.335] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0131.336] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.352] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0131.353] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6\\*", lpFindFileData=0xc00014da08 | out: lpFindFileData=0xc00014da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.353] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00014d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.353] VirtualAlloc (lpAddress=0xc0002f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f8000 [0131.353] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.360] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.363] SetEvent (hEvent=0x1b4) returned 1 [0131.363] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.365] SetEvent (hEvent=0x1b4) returned 1 [0131.365] SetEvent (hEvent=0x3c0) returned 1 [0131.366] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.366] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.366] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.366] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.367] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.367] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00029d818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc00029d818*=0x2) returned 1 [0131.368] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.373] SetEvent (hEvent=0x258) returned 1 [0131.373] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.411] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0131.412] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00029dcf4 | out: lpMode=0xc00029dcf4) returned 0 [0131.420] GetFileType (hFile=0x370) returned 0x1 [0131.420] GetFileType (hFile=0x370) returned 0x1 [0131.420] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc00029dd44 | out: lpFileInformation=0xc00029dd44) returned 1 [0131.420] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc00029dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029dd28) returned 1 [0131.420] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0131.421] ReadFile (in: hFile=0x370, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0x87c, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc00029dc04*=0x67c, lpOverlapped=0x0) returned 1 [0131.433] ReadFile (in: hFile=0x370, lpBuffer=0xc00006a67c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a67c*, lpNumberOfBytesRead=0xc00029dc04*=0x0, lpOverlapped=0x0) returned 1 [0131.433] CloseHandle (hObject=0x370) returned 1 [0131.433] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0131.434] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.539] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0131.539] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D\\*", lpFindFileData=0xc00029da08 | out: lpFindFileData=0xc00029da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.539] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0131.540] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00029d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.540] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0131.541] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc00029d808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc00029d808*=0xac) returned 1 [0131.546] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0131.546] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0131.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0131.547] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc00029dd64 | out: lpMode=0xc00029dd64) returned 0 [0131.551] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.553] SetEvent (hEvent=0xc0) returned 1 [0131.553] SetEvent (hEvent=0x148) returned 1 [0131.553] GetFileType (hFile=0x2b4) returned 0x1 [0131.553] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.564] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00029dd4c*=0x158, lpOverlapped=0x0) returned 1 [0131.564] CloseHandle (hObject=0x2b4) returned 1 [0131.567] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwFlags=0x1) returned 1 [0131.660] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0131.661] SetEvent (hEvent=0x258) returned 1 [0131.661] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0131.663] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.663] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0131.663] SetEvent (hEvent=0x258) returned 1 [0131.663] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.671] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.683] SetEvent (hEvent=0x3c0) returned 1 [0131.683] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.684] SetEvent (hEvent=0x3c0) returned 1 [0131.684] SetEvent (hEvent=0x12c) returned 1 [0131.684] SetEvent (hEvent=0x258) returned 1 [0131.684] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.693] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.695] SetEvent (hEvent=0x1b4) returned 1 [0131.695] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.696] SetEvent (hEvent=0x1b4) returned 1 [0131.696] SetEvent (hEvent=0x3c0) returned 1 [0131.696] VirtualFree (lpAddress=0xc0001a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.696] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.697] VirtualFree (lpAddress=0xc000182000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.697] VirtualFree (lpAddress=0xc00010e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.697] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.698] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.698] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.698] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.699] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.699] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002a3818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc0002a3818*=0x2) returned 1 [0131.701] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.714] SetEvent (hEvent=0x320) returned 1 [0131.715] SetEvent (hEvent=0x3c0) returned 1 [0131.715] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0131.715] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0131.716] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0131.716] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0131.717] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000045cf4 | out: lpMode=0xc000045cf4) returned 0 [0131.719] GetFileType (hFile=0x2b4) returned 0x1 [0131.719] GetFileType (hFile=0x2b4) returned 0x1 [0131.719] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc000045d44 | out: lpFileInformation=0xc000045d44) returned 1 [0131.719] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc000045d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000045d28) returned 1 [0131.719] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0131.720] ReadFile (in: hFile=0x2b4, lpBuffer=0xc00007c000, nNumberOfBytesToRead=0x3cf, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesRead=0xc000045c04*=0x1cf, lpOverlapped=0x0) returned 1 [0131.721] ReadFile (in: hFile=0x2b4, lpBuffer=0xc00007c1cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c1cf*, lpNumberOfBytesRead=0xc000045c04*=0x0, lpOverlapped=0x0) returned 1 [0131.721] CloseHandle (hObject=0x2b4) returned 1 [0131.721] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0131.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.726] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E\\*", lpFindFileData=0xc000045a08 | out: lpFindFileData=0xc000045a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.726] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000045720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.726] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000126160*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000045808, lpReserved=0x0 | out: lpBuffer=0xc000126160*, lpNumberOfCharsWritten=0xc000045808*=0xac) returned 1 [0131.728] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0131.728] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0131.728] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000045d64 | out: lpMode=0xc000045d64) returned 0 [0131.728] GetFileType (hFile=0x2e8) returned 0x1 [0131.728] WriteFile (in: hFile=0x2e8, lpBuffer=0xc000126580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000045d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000126580*, lpNumberOfBytesWritten=0xc000045d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.729] CloseHandle (hObject=0x2e8) returned 1 [0131.730] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwFlags=0x1) returned 1 [0131.763] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0131.763] SetEvent (hEvent=0x1b4) returned 1 [0131.763] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0131.765] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.768] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.772] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0131.772] SetEvent (hEvent=0x148) returned 1 [0131.772] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.776] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.795] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.806] SetEvent (hEvent=0x12c) returned 1 [0131.806] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.809] SetEvent (hEvent=0x12c) returned 1 [0131.809] SetEvent (hEvent=0x3c0) returned 1 [0131.809] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.810] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.811] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586208*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000137818, lpReserved=0x0 | out: lpBuffer=0xc000586208*, lpNumberOfCharsWritten=0xc000137818*=0x2) returned 1 [0131.812] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.820] SetEvent (hEvent=0x1b4) returned 1 [0131.820] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.822] SetEvent (hEvent=0x1b4) returned 1 [0131.822] SetEvent (hEvent=0x3c0) returned 1 [0131.822] VirtualFree (lpAddress=0xc0001a6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.822] VirtualFree (lpAddress=0xc000160000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.823] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.823] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000195818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc000195818*=0x2) returned 1 [0131.826] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.838] SetEvent (hEvent=0x148) returned 1 [0131.838] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.841] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0131.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0131.842] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0000f9cf4 | out: lpMode=0xc0000f9cf4) returned 0 [0131.843] GetFileType (hFile=0x2b4) returned 0x1 [0131.843] GetFileType (hFile=0x2b4) returned 0x1 [0131.843] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc0000f9d44 | out: lpFileInformation=0xc0000f9d44) returned 1 [0131.843] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc0000f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f9d28) returned 1 [0131.843] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0131.844] ReadFile (in: hFile=0x2b4, lpBuffer=0xc000050000, nNumberOfBytesToRead=0x76e, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesRead=0xc0000f9c04*=0x56e, lpOverlapped=0x0) returned 1 [0131.853] ReadFile (in: hFile=0x2b4, lpBuffer=0xc00005056e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005056e*, lpNumberOfBytesRead=0xc0000f9c04*=0x0, lpOverlapped=0x0) returned 1 [0131.853] CloseHandle (hObject=0x2b4) returned 1 [0131.853] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0131.853] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0131.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.858] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0131.866] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0131.866] SetEvent (hEvent=0x258) returned 1 [0131.866] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56\\*", lpFindFileData=0xc0000f9a08 | out: lpFindFileData=0xc0000f9a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.866] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000f9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.866] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0000f9808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0000f9808*=0xac) returned 1 [0131.872] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0131.872] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0131.873] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0131.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0131.874] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0000f9d64 | out: lpMode=0xc0000f9d64) returned 0 [0131.877] GetFileType (hFile=0x2e8) returned 0x1 [0131.877] WriteFile (in: hFile=0x2e8, lpBuffer=0xc00005c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00005c2c0*, lpNumberOfBytesWritten=0xc0000f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.878] CloseHandle (hObject=0x2e8) returned 1 [0131.878] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwFlags=0x1) returned 1 [0132.025] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0132.025] SetEvent (hEvent=0x1b4) returned 1 [0132.025] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0132.027] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.028] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0132.028] SetEvent (hEvent=0x1b4) returned 1 [0132.028] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.032] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.055] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.067] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.073] SetEvent (hEvent=0x148) returned 1 [0132.073] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.074] SetEvent (hEvent=0x148) returned 1 [0132.074] SetEvent (hEvent=0x3c0) returned 1 [0132.074] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0132.075] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.075] VirtualFree (lpAddress=0xc00010c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0132.076] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.076] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.077] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.077] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.077] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.078] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.078] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.078] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.079] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000141818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc000141818*=0x2) returned 1 [0132.080] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.086] SetEvent (hEvent=0x3c0) returned 1 [0132.086] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0132.086] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0132.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0132.088] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000141cf4 | out: lpMode=0xc000141cf4) returned 0 [0132.089] GetFileType (hFile=0x2bc) returned 0x1 [0132.089] GetFileType (hFile=0x2bc) returned 0x1 [0132.089] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000141d44 | out: lpFileInformation=0xc000141d44) returned 1 [0132.089] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000141d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000141d28) returned 1 [0132.089] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0132.090] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000fc000, nNumberOfBytesToRead=0x7ab, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc000*, lpNumberOfBytesRead=0xc000141c04*=0x5ab, lpOverlapped=0x0) returned 1 [0132.092] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000fc5ab, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc5ab*, lpNumberOfBytesRead=0xc000141c04*=0x0, lpOverlapped=0x0) returned 1 [0132.092] CloseHandle (hObject=0x2bc) returned 1 [0132.092] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.101] SetEvent (hEvent=0xc0) returned 1 [0132.101] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0132.102] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6\\*", lpFindFileData=0xc000141a08 | out: lpFindFileData=0xc000141a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.102] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000141720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.102] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0132.103] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000141808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000141808*=0xac) returned 1 [0132.105] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.105] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0132.106] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0132.106] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000141d64 | out: lpMode=0xc000141d64) returned 0 [0132.106] GetFileType (hFile=0x2e8) returned 0x1 [0132.106] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000141d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000141d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.106] CloseHandle (hObject=0x2e8) returned 1 [0132.107] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwFlags=0x1) returned 1 [0132.160] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0132.160] SetEvent (hEvent=0x258) returned 1 [0132.161] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.162] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0132.162] SetEvent (hEvent=0x258) returned 1 [0132.162] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.167] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.191] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.203] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.211] SetEvent (hEvent=0x148) returned 1 [0132.211] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.212] SetEvent (hEvent=0x148) returned 1 [0132.212] SetEvent (hEvent=0x3c0) returned 1 [0132.212] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.213] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.213] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.214] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.214] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.215] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.215] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.216] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.217] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc0006dd818*=0x2) returned 1 [0132.219] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.227] SetEvent (hEvent=0x3c0) returned 1 [0132.227] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0132.228] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0132.229] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0132.229] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001f5cf4 | out: lpMode=0xc0001f5cf4) returned 0 [0132.230] GetFileType (hFile=0x370) returned 0x1 [0132.230] GetFileType (hFile=0x370) returned 0x1 [0132.230] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc0001f5d44 | out: lpFileInformation=0xc0001f5d44) returned 1 [0132.230] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc0001f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f5d28) returned 1 [0132.230] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0132.231] ReadFile (in: hFile=0x370, lpBuffer=0xc0000bc000, nNumberOfBytesToRead=0x852, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc000*, lpNumberOfBytesRead=0xc0001f5c04*=0x652, lpOverlapped=0x0) returned 1 [0132.233] ReadFile (in: hFile=0x370, lpBuffer=0xc0000bc652, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc652*, lpNumberOfBytesRead=0xc0001f5c04*=0x0, lpOverlapped=0x0) returned 1 [0132.233] CloseHandle (hObject=0x370) returned 1 [0132.233] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0132.234] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.241] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0132.242] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8\\*", lpFindFileData=0xc0001f5a08 | out: lpFindFileData=0xc0001f5a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.242] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001f5720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.242] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0001f5808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0001f5808*=0xac) returned 1 [0132.243] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0132.244] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.244] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0132.245] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0132.245] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001f5d64 | out: lpMode=0xc0001f5d64) returned 0 [0132.246] GetFileType (hFile=0x370) returned 0x1 [0132.247] WriteFile (in: hFile=0x370, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.247] CloseHandle (hObject=0x370) returned 1 [0132.251] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwFlags=0x1) returned 1 [0132.295] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0132.296] SetEvent (hEvent=0x258) returned 1 [0132.296] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.300] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.300] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0132.300] SetEvent (hEvent=0x258) returned 1 [0132.300] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.345] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.345] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.431] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.436] SetEvent (hEvent=0x3c0) returned 1 [0132.436] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.437] SetEvent (hEvent=0x3c0) returned 1 [0132.437] SetEvent (hEvent=0x1b4) returned 1 [0132.438] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.438] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.438] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.438] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.439] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.439] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.439] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010038*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001fd818, lpReserved=0x0 | out: lpBuffer=0xc000010038*, lpNumberOfCharsWritten=0xc0001fd818*=0x2) returned 1 [0132.440] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.445] SetEvent (hEvent=0x1b4) returned 1 [0132.445] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0132.446] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0132.446] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0132.447] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0001fdcf4 | out: lpMode=0xc0001fdcf4) returned 0 [0132.447] GetFileType (hFile=0x2e8) returned 0x1 [0132.448] GetFileType (hFile=0x2e8) returned 0x1 [0132.448] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc0001fdd44 | out: lpFileInformation=0xc0001fdd44) returned 1 [0132.448] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc0001fdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fdd28) returned 1 [0132.448] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x8e3, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc0001fdc04*=0x6e3, lpOverlapped=0x0) returned 1 [0132.450] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000fa6e3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa6e3*, lpNumberOfBytesRead=0xc0001fdc04*=0x0, lpOverlapped=0x0) returned 1 [0132.450] CloseHandle (hObject=0x2e8) returned 1 [0132.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.455] SetEvent (hEvent=0xc0) returned 1 [0132.455] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF\\*", lpFindFileData=0xc0001fda08 | out: lpFindFileData=0xc0001fda08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.455] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001fd720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.455] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0001fd808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0001fd808*=0xac) returned 1 [0132.458] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0132.458] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.458] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0132.459] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0001fdd64 | out: lpMode=0xc0001fdd64) returned 0 [0132.461] GetFileType (hFile=0x2e8) returned 0x1 [0132.461] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001fdd4c*=0x158, lpOverlapped=0x0) returned 1 [0132.462] CloseHandle (hObject=0x2e8) returned 1 [0132.465] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwFlags=0x1) returned 1 [0132.506] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0132.506] SetEvent (hEvent=0x258) returned 1 [0132.506] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.508] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0132.508] SetEvent (hEvent=0x258) returned 1 [0132.508] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.513] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.513] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.523] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.527] SetEvent (hEvent=0x1b4) returned 1 [0132.527] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.528] SetEvent (hEvent=0x1b4) returned 1 [0132.528] SetEvent (hEvent=0x320) returned 1 [0132.528] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.528] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.529] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.529] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.529] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.530] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.530] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.530] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.531] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000189818, lpReserved=0x0 | out: lpBuffer=0xc00005e008*, lpNumberOfCharsWritten=0xc000189818*=0x2) returned 1 [0132.532] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.557] SetEvent (hEvent=0x1b4) returned 1 [0132.557] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0132.558] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0132.558] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0132.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0132.560] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000149cf4 | out: lpMode=0xc000149cf4) returned 0 [0132.567] GetFileType (hFile=0x370) returned 0x1 [0132.567] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0132.568] GetFileType (hFile=0x370) returned 0x1 [0132.568] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc000149d44 | out: lpFileInformation=0xc000149d44) returned 1 [0132.568] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc000149d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000149d28) returned 1 [0132.568] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0132.568] ReadFile (in: hFile=0x370, lpBuffer=0xc000104000, nNumberOfBytesToRead=0x324, lpNumberOfBytesRead=0xc000149c04, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesRead=0xc000149c04*=0x124, lpOverlapped=0x0) returned 1 [0132.569] ReadFile (in: hFile=0x370, lpBuffer=0xc000104124, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000149c04, lpOverlapped=0x0 | out: lpBuffer=0xc000104124*, lpNumberOfBytesRead=0xc000149c04*=0x0, lpOverlapped=0x0) returned 1 [0132.569] CloseHandle (hObject=0x370) returned 1 [0132.570] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.570] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D\\*", lpFindFileData=0xc000149a08 | out: lpFindFileData=0xc000149a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.570] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000149720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.570] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000112000*, nNumberOfCharsToWrite=0x8c, lpNumberOfCharsWritten=0xc000149808, lpReserved=0x0 | out: lpBuffer=0xc000112000*, lpNumberOfCharsWritten=0xc000149808*=0x8c) returned 1 [0132.601] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.624] SetEvent (hEvent=0x320) returned 1 [0132.624] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.677] SetEvent (hEvent=0x1b4) returned 1 [0132.677] SwitchToThread () returned 1 [0132.677] SetEvent (hEvent=0x3c4) returned 1 [0132.677] SetEvent (hEvent=0x1b4) returned 1 [0132.677] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.781] VirtualAlloc (lpAddress=0xc0002b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b2000 [0132.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0132.782] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc000159cf4 | out: lpMode=0xc000159cf4) returned 0 [0132.786] GetFileType (hFile=0x3cc) returned 0x1 [0132.786] GetFileType (hFile=0x3cc) returned 0x1 [0132.786] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc000159d44 | out: lpFileInformation=0xc000159d44) returned 1 [0132.786] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc000159d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000159d28) returned 1 [0132.787] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0132.787] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0002b4000, nNumberOfBytesToRead=0x366, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b4000*, lpNumberOfBytesRead=0xc000159c04*=0x166, lpOverlapped=0x0) returned 1 [0132.789] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0002b4166, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b4166*, lpNumberOfBytesRead=0xc000159c04*=0x0, lpOverlapped=0x0) returned 1 [0132.789] CloseHandle (hObject=0x3cc) returned 1 [0132.789] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0132.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.874] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.878] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875\\*", lpFindFileData=0xc000159a08 | out: lpFindFileData=0xc000159a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.879] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000159720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.879] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.897] SetEvent (hEvent=0x3c8) returned 1 [0132.897] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.899] SetEvent (hEvent=0x3c8) returned 1 [0132.899] SetEvent (hEvent=0x24c) returned 1 [0132.899] SetEvent (hEvent=0x354) returned 1 [0132.899] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.904] SetEvent (hEvent=0x3c8) returned 1 [0132.904] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.908] SetEvent (hEvent=0x3c8) returned 1 [0132.908] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.911] SetEvent (hEvent=0x24c) returned 1 [0132.911] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0132.952] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0132.952] VirtualAlloc (lpAddress=0xc0002e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e4000 [0132.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0132.954] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0000c5cf4 | out: lpMode=0xc0000c5cf4) returned 0 [0132.955] GetFileType (hFile=0x2cc) returned 0x1 [0132.956] GetFileType (hFile=0x2cc) returned 0x1 [0132.956] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc0000c5d44 | out: lpFileInformation=0xc0000c5d44) returned 1 [0132.956] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc0000c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c5d28) returned 1 [0132.956] VirtualAlloc (lpAddress=0xc0002e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e6000 [0132.956] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0002e6000, nNumberOfBytesToRead=0x3b2, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e6000*, lpNumberOfBytesRead=0xc0000c5c04*=0x1b2, lpOverlapped=0x0) returned 1 [0132.957] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0002e61b2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e61b2*, lpNumberOfBytesRead=0xc0000c5c04*=0x0, lpOverlapped=0x0) returned 1 [0132.957] CloseHandle (hObject=0x2cc) returned 1 [0132.958] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.993] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6\\*", lpFindFileData=0xc0000c5a08 | out: lpFindFileData=0xc0000c5a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.994] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000c5720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.994] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d7080*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0000c5808, lpReserved=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfCharsWritten=0xc0000c5808*=0xad) returned 1 [0132.996] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a601 | out: pbBuffer=0xc00028a601) returned 1 [0132.996] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0132.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0132.997] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0000c5d64 | out: lpMode=0xc0000c5d64) returned 0 [0132.998] GetFileType (hFile=0x2f4) returned 0x1 [0132.998] WriteFile (in: hFile=0x2f4, lpBuffer=0xc0000d74a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d74a0*, lpNumberOfBytesWritten=0xc0000c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.998] CloseHandle (hObject=0x2f4) returned 1 [0132.998] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0132.999] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwFlags=0x1) returned 1 [0133.422] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0133.422] SetEvent (hEvent=0x1a0) returned 1 [0133.422] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0133.423] SetEvent (hEvent=0xec) returned 1 [0133.423] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0133.427] SetEvent (hEvent=0xec) returned 1 [0133.427] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0133.429] SetEvent (hEvent=0xec) returned 1 [0133.429] SetEvent (hEvent=0x30c) returned 1 [0133.430] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0133.438] SetEvent (hEvent=0xec) returned 1 [0133.438] SetEvent (hEvent=0x324) returned 1 [0133.438] SetEvent (hEvent=0x1a0) returned 1 [0133.438] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.205] SetEvent (hEvent=0x1a0) returned 1 [0134.205] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.213] SetEvent (hEvent=0x1a0) returned 1 [0134.213] SetEvent (hEvent=0x24c) returned 1 [0134.213] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.214] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.214] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.215] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.215] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.216] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.216] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.216] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.217] VirtualFree (lpAddress=0xc000074000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.218] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.218] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.218] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.219] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.219] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.220] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000271818, lpReserved=0x0 | out: lpBuffer=0xc000586018*, lpNumberOfCharsWritten=0xc000271818*=0x2) returned 1 [0134.227] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0134.227] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0134.228] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000177cf4 | out: lpMode=0xc000177cf4) returned 0 [0134.233] GetFileType (hFile=0x240) returned 0x1 [0134.233] GetFileType (hFile=0x240) returned 0x1 [0134.234] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc000177d44 | out: lpFileInformation=0xc000177d44) returned 1 [0134.234] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc000177d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000177d28) returned 1 [0134.234] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0134.235] ReadFile (in: hFile=0x240, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0x544, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc000177c04*=0x344, lpOverlapped=0x0) returned 1 [0134.244] ReadFile (in: hFile=0x240, lpBuffer=0xc00011c344, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c344*, lpNumberOfBytesRead=0xc000177c04*=0x0, lpOverlapped=0x0) returned 1 [0134.244] CloseHandle (hObject=0x240) returned 1 [0134.244] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0134.245] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0134.245] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0134.246] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\VGMTOI09\\www.msn[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\vgmtoi09\\www.msn[1].xml"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0134.247] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000177d04 | out: lpMode=0xc000177d04) returned 0 [0134.253] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.274] SetEvent (hEvent=0x39c) returned 1 [0134.274] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.276] SetEvent (hEvent=0x30c) returned 1 [0134.276] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.280] SetEvent (hEvent=0x334) returned 1 [0134.280] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.306] SetEvent (hEvent=0x114) returned 1 [0134.306] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.554] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0134.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\2h7BX4wZQWnTK69Gg7f-.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\2h7bx4wzqwntk69gg7f-.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0134.556] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001f9cf4 | out: lpMode=0xc0001f9cf4) returned 0 [0134.558] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.563] SetEvent (hEvent=0xc0) returned 1 [0134.563] SetEvent (hEvent=0x39c) returned 1 [0134.563] GetFileType (hFile=0x1b0) returned 0x1 [0134.563] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.603] SetEvent (hEvent=0x39c) returned 1 [0134.603] GetFileType (hFile=0x1b0) returned 0x1 [0134.603] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.610] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0001f9d44 | out: lpFileInformation=0xc0001f9d44) returned 1 [0134.611] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0001f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f9d28) returned 1 [0134.611] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0134.612] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xfd9e, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0001f9c04*=0xfb9e, lpOverlapped=0x0) returned 1 [0134.613] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000221b9e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000221b9e*, lpNumberOfBytesRead=0xc0001f9c04*=0x0, lpOverlapped=0x0) returned 1 [0134.614] CloseHandle (hObject=0x1b0) returned 1 [0134.614] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0134.614] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0134.615] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0134.616] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0134.617] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\2h7BX4wZQWnTK69Gg7f-.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\2h7bx4wzqwntk69gg7f-.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0134.618] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001f9d04 | out: lpMode=0xc0001f9d04) returned 0 [0134.618] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.635] GetFileType (hFile=0x1b0) returned 0x1 [0134.635] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00028c000*, nNumberOfBytesToWrite=0xfba0, lpNumberOfBytesWritten=0xc0001f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesWritten=0xc0001f9cec*=0xfba0, lpOverlapped=0x0) returned 1 [0134.637] CloseHandle (hObject=0x1b0) returned 1 [0134.638] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0134.638] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0134.638] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0134.639] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0134.644] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0134.644] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0134.644] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0134.645] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0134.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\2h7BX4wZQWnTK69Gg7f-.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\2h7bx4wzqwntk69gg7f-.mkv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0134.645] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001f9d64 | out: lpMode=0xc0001f9d64) returned 0 [0134.653] GetFileType (hFile=0x1b0) returned 0x1 [0134.653] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0001ea2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001ea2c0*, lpNumberOfBytesWritten=0xc0001f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.653] CloseHandle (hObject=0x1b0) returned 1 [0134.653] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\2h7BX4wZQWnTK69Gg7f-.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\2h7bx4wzqwntk69gg7f-.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-2h7BX4wZQWnTK69Gg7f-.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-2h7bx4wzqwntk69gg7f-.mkv"), dwFlags=0x1) returned 1 [0134.655] SetEvent (hEvent=0x334) returned 1 [0134.655] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.816] SetEvent (hEvent=0xec) returned 1 [0134.816] SetEvent (hEvent=0x334) returned 1 [0134.816] SetEvent (hEvent=0x324) returned 1 [0134.816] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.844] SetEvent (hEvent=0x334) returned 1 [0134.844] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.868] GetFileType (hFile=0x240) returned 0x1 [0134.868] WriteFile (in: hFile=0x240, lpBuffer=0xc0002f2000*, nNumberOfBytesToWrite=0x11aa0, lpNumberOfBytesWritten=0xc0001f5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f2000*, lpNumberOfBytesWritten=0xc0001f5cec*=0x11aa0, lpOverlapped=0x0) returned 1 [0134.870] CloseHandle (hObject=0x240) returned 1 [0134.871] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0134.871] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0134.872] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0134.872] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0134.872] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0134.873] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0134.874] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0134.874] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0134.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4KM8RoG4CYMjN HTZo.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4km8rog4cymjn htzo.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0134.875] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001f5d64 | out: lpMode=0xc0001f5d64) returned 0 [0134.889] GetFileType (hFile=0x240) returned 0x1 [0134.889] WriteFile (in: hFile=0x240, lpBuffer=0xc0000d82c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d82c0*, lpNumberOfBytesWritten=0xc0001f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.889] CloseHandle (hObject=0x240) returned 1 [0134.889] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4KM8RoG4CYMjN HTZo.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4km8rog4cymjn htzo.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-4KM8RoG4CYMjN HTZo.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-4km8rog4cymjn htzo.mp3"), dwFlags=0x1) returned 1 [0134.891] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.892] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f698, ulCount=0x10, ulNumEntriesRemoved=0x2945f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f698, ulNumEntriesRemoved=0x2945f66c) returned 0 [0134.892] SetEvent (hEvent=0xc0) returned 1 [0134.892] SetEvent (hEvent=0x114) returned 1 [0134.892] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0134.893] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.894] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.903] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.904] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0134.904] SetEvent (hEvent=0xec) returned 1 [0134.904] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.904] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0134.905] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001d3cf4 | out: lpMode=0xc0001d3cf4) returned 0 [0134.905] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.918] SetEvent (hEvent=0x114) returned 1 [0134.918] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.919] SetEvent (hEvent=0x114) returned 1 [0134.919] SetEvent (hEvent=0x324) returned 1 [0134.919] VirtualFree (lpAddress=0xc0002b4000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0134.920] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.920] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.920] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.920] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.921] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.921] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.921] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.922] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.922] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.922] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.923] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7-E6e0AC2.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7-e6e0ac2.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0134.923] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000271cf4 | out: lpMode=0xc000271cf4) returned 0 [0134.924] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.926] GetFileType (hFile=0x1b0) returned 0x1 [0134.926] GetFileType (hFile=0x1b0) returned 0x1 [0134.926] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000271d44 | out: lpFileInformation=0xc000271d44) returned 1 [0134.926] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000271d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000271d28) returned 1 [0134.926] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0134.927] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x2312, lpNumberOfBytesRead=0xc000271c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc000271c04*=0x2112, lpOverlapped=0x0) returned 1 [0134.928] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00004e112, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000271c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e112*, lpNumberOfBytesRead=0xc000271c04*=0x0, lpOverlapped=0x0) returned 1 [0134.928] CloseHandle (hObject=0x1b0) returned 1 [0134.928] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7-E6e0AC2.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7-e6e0ac2.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0134.930] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000271d04 | out: lpMode=0xc000271d04) returned 0 [0134.930] GetFileType (hFile=0x1b0) returned 0x1 [0134.930] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00004e500*, nNumberOfBytesToWrite=0x2120, lpNumberOfBytesWritten=0xc000271cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004e500*, lpNumberOfBytesWritten=0xc000271cec*=0x2120, lpOverlapped=0x0) returned 1 [0134.931] CloseHandle (hObject=0x1b0) returned 1 [0134.931] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0134.932] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0134.932] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0134.933] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0134.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7-E6e0AC2.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7-e6e0ac2.swf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0134.933] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000271d64 | out: lpMode=0xc000271d64) returned 0 [0134.934] GetFileType (hFile=0x1b0) returned 0x1 [0134.934] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00006a160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000271d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006a160*, lpNumberOfBytesWritten=0xc000271d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.934] CloseHandle (hObject=0x1b0) returned 1 [0134.934] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7-E6e0AC2.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7-e6e0ac2.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-7-E6e0AC2.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-7-e6e0ac2.swf"), dwFlags=0x1) returned 1 [0134.935] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.936] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02e0*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000115818, lpReserved=0x0 | out: lpBuffer=0xc0000a02e0*, lpNumberOfCharsWritten=0xc000115818*=0x2) returned 1 [0134.947] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02e4*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020b818, lpReserved=0x0 | out: lpBuffer=0xc0000a02e4*, lpNumberOfCharsWritten=0xc00020b818*=0x3) returned 1 [0134.948] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.954] SetEvent (hEvent=0x114) returned 1 [0134.954] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02ea*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cb818, lpReserved=0x0 | out: lpBuffer=0xc0000a02ea*, lpNumberOfCharsWritten=0xc0001cb818*=0x3) returned 1 [0134.955] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0134.962] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0290*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000063818, lpReserved=0x0 | out: lpBuffer=0xc0000a0290*, lpNumberOfCharsWritten=0xc000063818*=0x3) returned 1 [0135.071] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0296*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000159818, lpReserved=0x0 | out: lpBuffer=0xc0000a0296*, lpNumberOfCharsWritten=0xc000159818*=0x3) returned 1 [0135.171] SetEvent (hEvent=0x334) returned 1 [0135.171] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000243818, lpReserved=0x0 | out: lpBuffer=0xc0000a02a0*, lpNumberOfCharsWritten=0xc000243818*=0x3) returned 1 [0135.174] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0135.661] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0135.661] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206038*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001f9818, lpReserved=0x0 | out: lpBuffer=0xc000206038*, lpNumberOfCharsWritten=0xc0001f9818*=0x3) returned 1 [0135.666] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0135.667] SetEvent (hEvent=0x39c) returned 1 [0135.667] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0135.675] SetEvent (hEvent=0x114) returned 1 [0135.675] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0135.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KmAiPt.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kmaipt.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0135.678] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00015bcf4 | out: lpMode=0xc00015bcf4) returned 0 [0135.680] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0135.686] GetFileType (hFile=0x2cc) returned 0x1 [0135.686] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0135.696] GetFileType (hFile=0x2cc) returned 0x1 [0135.696] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc00015bd44 | out: lpFileInformation=0xc00015bd44) returned 1 [0135.696] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc00015bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015bd28) returned 1 [0135.696] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0135.698] ReadFile (in: hFile=0x2cc, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x4cfc, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc00015bc04*=0x4afc, lpOverlapped=0x0) returned 1 [0135.698] ReadFile (in: hFile=0x2cc, lpBuffer=0xc000216afc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000216afc*, lpNumberOfBytesRead=0xc00015bc04*=0x0, lpOverlapped=0x0) returned 1 [0135.699] CloseHandle (hObject=0x2cc) returned 1 [0135.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KmAiPt.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kmaipt.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0135.700] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00015bd04 | out: lpMode=0xc00015bd04) returned 0 [0135.718] GetFileType (hFile=0x2cc) returned 0x1 [0135.718] WriteFile (in: hFile=0x2cc, lpBuffer=0xc000217000*, nNumberOfBytesToWrite=0x4b00, lpNumberOfBytesWritten=0xc00015bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000217000*, lpNumberOfBytesWritten=0xc00015bcec*=0x4b00, lpOverlapped=0x0) returned 1 [0135.719] CloseHandle (hObject=0x2cc) returned 1 [0135.719] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0135.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KmAiPt.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kmaipt.mkv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0135.720] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00015bd64 | out: lpMode=0xc00015bd64) returned 0 [0135.731] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0135.743] GetFileType (hFile=0x2cc) returned 0x1 [0135.743] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0135.764] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00015bd4c*=0x158, lpOverlapped=0x0) returned 1 [0135.764] CloseHandle (hObject=0x2cc) returned 1 [0135.764] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KmAiPt.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kmaipt.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-KmAiPt.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-kmaipt.mkv"), dwFlags=0x1) returned 1 [0135.765] SetEvent (hEvent=0x354) returned 1 [0135.765] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0135.793] SetEvent (hEvent=0x334) returned 1 [0135.793] SetEvent (hEvent=0x354) returned 1 [0135.794] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0136.163] SetEvent (hEvent=0x3c8) returned 1 [0136.163] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0136.313] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206478*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000c5818, lpReserved=0x0 | out: lpBuffer=0xc000206478*, lpNumberOfCharsWritten=0xc0000c5818*=0x2) returned 1 [0136.419] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0136.524] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0136.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0136.526] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0002d5cf4 | out: lpMode=0xc0002d5cf4) returned 0 [0136.670] GetFileType (hFile=0x36c) returned 0x1 [0136.670] GetFileType (hFile=0x36c) returned 0x1 [0136.670] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0002d5d44 | out: lpFileInformation=0xc0002d5d44) returned 1 [0136.670] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0002d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d5d28) returned 1 [0136.670] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0136.671] ReadFile (in: hFile=0x36c, lpBuffer=0xc000208000, nNumberOfBytesToRead=0x7a9, lpNumberOfBytesRead=0xc0002d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000208000*, lpNumberOfBytesRead=0xc0002d5c04*=0x5a9, lpOverlapped=0x0) returned 1 [0136.781] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0136.901] ReadFile (in: hFile=0x36c, lpBuffer=0xc0002085a9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002085a9*, lpNumberOfBytesRead=0xc0002d5c04*=0x0, lpOverlapped=0x0) returned 1 [0136.901] CloseHandle (hObject=0x36c) returned 1 [0136.901] SwitchToThread () returned 1 [0136.997] SwitchToThread () returned 1 [0136.998] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0136.999] SetEvent (hEvent=0x334) returned 1 [0136.999] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0137.095] SwitchToThread () returned 1 [0137.095] SetEvent (hEvent=0x324) returned 1 [0137.095] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0137.110] SwitchToThread () returned 1 [0137.111] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x330, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2945f840, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2945f840*=0x36c) returned 1 [0137.111] SuspendThread (hThread=0x36c) returned 0x0 [0137.111] GetThreadContext (in: hThread=0x36c, lpContext=0x2945f850 | out: lpContext=0x2945f850*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00013fd38, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x4922c2, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0137.113] ResumeThread (hThread=0x36c) returned 0x1 [0137.113] CloseHandle (hObject=0x36c) returned 1 [0137.153] SwitchToThread () returned 1 [0137.160] SetEvent (hEvent=0x30c) returned 1 [0137.160] SetEvent (hEvent=0x3c8) returned 1 [0137.160] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0137.164] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0137.164] SetEvent (hEvent=0x30c) returned 1 [0137.164] SetEvent (hEvent=0xec) returned 1 [0137.164] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe08*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0137.173] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0137.173] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe30*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0137.174] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0137.174] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2945f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2945f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2945f6a0, ulNumEntriesRemoved=0x2945f674) returned 0 [0137.174] SetEvent (hEvent=0x30c) returned 1 [0137.174] SetEvent (hEvent=0x12c) returned 1 [0137.174] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2945fe18*=0xfc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0137.187] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0137.295] SwitchToThread () returned 1 [0137.296] SetEvent (hEvent=0xc0) returned 1 [0137.296] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0137.300] SetEvent (hEvent=0xec) returned 1 [0137.300] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0139.837] SetEvent (hEvent=0x39c) returned 1 [0139.837] SetEvent (hEvent=0x30c) returned 1 [0139.838] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0139.874] SetEvent (hEvent=0x30c) returned 1 [0139.874] SetEvent (hEvent=0x12c) returned 1 [0139.874] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.084] SetEvent (hEvent=0x39c) returned 1 [0140.084] SetEvent (hEvent=0x3c8) returned 1 [0140.085] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.090] SetEvent (hEvent=0x39c) returned 1 [0140.090] SetEvent (hEvent=0xec) returned 1 [0140.090] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.119] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.119] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0140.120] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.121] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.121] VirtualFree (lpAddress=0xc000162000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.121] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.122] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.122] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.123] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.123] SwitchToThread () returned 1 [0140.138] GetFileType (hFile=0x1ec) returned 0x1 [0140.138] WriteFile (in: hFile=0x1ec, lpBuffer=0xc000168000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000151d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000168000*, lpNumberOfBytesWritten=0xc000151d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.139] CloseHandle (hObject=0x1ec) returned 1 [0140.140] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0140.142] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.142] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b9bd87, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="be5b4fbd-cb99-45f5-9462-5f896dd3a6b9", cAlternateFileName="BE5B4F~1")) returned 1 [0140.142] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0140.142] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.142] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.143] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x18)) returned 1 [0140.144] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b9bd87, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1d4)) returned 1 [0140.144] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0140.145] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0140.145] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000"), fInfoLevelId=0x0, lpFileInformation=0xc0001e96a0 | out: lpFileInformation=0xc0001e96a0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x89f07f80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x89f07f80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0140.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.145] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0xc0001e9458 | out: lpFindFileData=0xc0001e9458*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x89f07f80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x89f07f80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.146] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x89f07f80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x89f07f80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.146] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xf923e050, ftCreationTime.dwHighDateTime=0x1d3aab9, ftLastAccessTime.dwLowDateTime=0xf923e050, ftLastAccessTime.dwHighDateTime=0x1d3aab9, ftLastWriteTime.dwLowDateTime=0xf923e050, ftLastWriteTime.dwHighDateTime=0x1d3aab9, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="02540a10-7eb7-4b20-a8c7-470f8986389c", cAlternateFileName="02540A~1")) returned 1 [0140.146] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xdc5ea830, ftCreationTime.dwHighDateTime=0x1d41fce, ftLastAccessTime.dwLowDateTime=0xdc5ea830, ftLastAccessTime.dwHighDateTime=0x1d41fce, ftLastWriteTime.dwLowDateTime=0xdc5ea830, ftLastWriteTime.dwHighDateTime=0x1d41fce, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="0e15476d-d8fe-46ca-8099-ebdcf80f637c", cAlternateFileName="0E1547~1")) returned 1 [0140.146] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xf6409280, ftCreationTime.dwHighDateTime=0x1d4ae2c, ftLastAccessTime.dwLowDateTime=0xf6409280, ftLastAccessTime.dwHighDateTime=0x1d4ae2c, ftLastWriteTime.dwLowDateTime=0xf6409280, ftLastWriteTime.dwHighDateTime=0x1d4ae2c, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="102a7bc8-3f85-4bb4-840a-38257d2965d2", cAlternateFileName="102A7B~1")) returned 1 [0140.146] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542b0350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542b0350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x542b0350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="2be989a0-16a1-424b-9211-51aa3bb43e5d", cAlternateFileName="2BE989~1")) returned 1 [0140.146] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x89f07f80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0x89f07f80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x89f07f80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="915f9e3b-485d-4f89-a291-82a5ad3b0ee7", cAlternateFileName="915F9E~1")) returned 1 [0140.146] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x17ffec90, ftCreationTime.dwHighDateTime=0x1d3373c, ftLastAccessTime.dwLowDateTime=0x17ffec90, ftLastAccessTime.dwHighDateTime=0x1d3373c, ftLastWriteTime.dwLowDateTime=0x18024df0, ftLastWriteTime.dwHighDateTime=0x1d3373c, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="fbbe72db-afd8-443b-88dd-64b20388700d", cAlternateFileName="FBBE72~1")) returned 1 [0140.146] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542fc610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542fc610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x89f54240, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0140.146] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.146] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.146] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xf923e050, ftCreationTime.dwHighDateTime=0x1d3aab9, ftLastAccessTime.dwLowDateTime=0xf923e050, ftLastAccessTime.dwHighDateTime=0x1d3aab9, ftLastWriteTime.dwLowDateTime=0xf923e050, ftLastWriteTime.dwHighDateTime=0x1d3aab9, nFileSizeHigh=0x0, nFileSizeLow=0x1d4)) returned 1 [0140.152] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.158] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.160] SetEvent (hEvent=0x39c) returned 1 [0140.160] SetEvent (hEvent=0x30c) returned 1 [0140.160] SetEvent (hEvent=0x3c8) returned 1 [0140.160] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.191] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002060e8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000195818, lpReserved=0x0 | out: lpBuffer=0xc0002060e8*, lpNumberOfCharsWritten=0xc000195818*=0x3) returned 1 [0140.194] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.200] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.202] SetEvent (hEvent=0x3c8) returned 1 [0140.202] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.467] VirtualFree (lpAddress=0xc000212000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0140.468] SetEvent (hEvent=0x354) returned 1 [0140.468] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.613] SetEvent (hEvent=0x30c) returned 1 [0140.613] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.617] SetEvent (hEvent=0x324) returned 1 [0140.617] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.621] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0140.622] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001cfcf4 | out: lpMode=0xc0001cfcf4) returned 0 [0140.623] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.627] SetEvent (hEvent=0x324) returned 1 [0140.627] GetFileType (hFile=0x36c) returned 0x1 [0140.627] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.631] SetEvent (hEvent=0x12c) returned 1 [0140.631] GetFileType (hFile=0x36c) returned 0x1 [0140.631] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.686] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0001cfd44 | out: lpFileInformation=0xc0001cfd44) returned 1 [0140.687] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0001cfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cfd28) returned 1 [0140.687] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0140.687] ReadFile (in: hFile=0x36c, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x253, lpNumberOfBytesRead=0xc0001cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc0001cfc04*=0x53, lpOverlapped=0x0) returned 1 [0140.689] ReadFile (in: hFile=0x36c, lpBuffer=0xc00006c053, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c053*, lpNumberOfBytesRead=0xc0001cfc04*=0x0, lpOverlapped=0x0) returned 1 [0140.689] CloseHandle (hObject=0x36c) returned 1 [0140.689] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0140.690] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0140.691] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001cfd04 | out: lpMode=0xc0001cfd04) returned 0 [0140.700] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.719] GetFileType (hFile=0x36c) returned 0x1 [0140.719] WriteFile (in: hFile=0x36c, lpBuffer=0xc000344000*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0xc0001cfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000344000*, lpNumberOfBytesWritten=0xc0001cfcec*=0x60, lpOverlapped=0x0) returned 1 [0140.721] CloseHandle (hObject=0x36c) returned 1 [0140.721] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0140.721] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0140.722] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0140.722] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0140.725] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0140.726] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0140.726] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001cfd64 | out: lpMode=0xc0001cfd64) returned 0 [0140.730] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.742] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.745] SetEvent (hEvent=0x12c) returned 1 [0140.745] SetEvent (hEvent=0x30c) returned 1 [0140.745] SetEvent (hEvent=0x324) returned 1 [0140.745] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.764] SetEvent (hEvent=0x12c) returned 1 [0140.764] SetEvent (hEvent=0x324) returned 1 [0140.764] SetEvent (hEvent=0x30c) returned 1 [0140.764] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.782] SetEvent (hEvent=0x12c) returned 1 [0140.783] SetEvent (hEvent=0x324) returned 1 [0140.783] SetEvent (hEvent=0x30c) returned 1 [0140.783] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.785] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.786] SetEvent (hEvent=0x12c) returned 1 [0140.786] SetEvent (hEvent=0x324) returned 1 [0140.786] VirtualFree (lpAddress=0xc000230000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.787] VirtualFree (lpAddress=0xc0001ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.787] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.787] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.787] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0140.788] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.788] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.788] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.789] GetFileType (hFile=0x1ec) returned 0x1 [0140.789] GetFileType (hFile=0x1ec) returned 0x1 [0140.789] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc000177d44 | out: lpFileInformation=0xc000177d44) returned 1 [0140.789] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc000177d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000177d28) returned 1 [0140.789] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0140.789] ReadFile (in: hFile=0x1ec, lpBuffer=0xc000072000, nNumberOfBytesToRead=0x26e, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfBytesRead=0xc000177c04*=0x6e, lpOverlapped=0x0) returned 1 [0140.790] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00007206e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007206e*, lpNumberOfBytesRead=0xc000177c04*=0x0, lpOverlapped=0x0) returned 1 [0140.790] CloseHandle (hObject=0x1ec) returned 1 [0140.790] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0140.791] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0140.791] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0140.792] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0140.793] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000177d04 | out: lpMode=0xc000177d04) returned 0 [0140.801] GetFileType (hFile=0x1ec) returned 0x1 [0140.802] WriteFile (in: hFile=0x1ec, lpBuffer=0xc000164000*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0xc000177cec, lpOverlapped=0x0 | out: lpBuffer=0xc000164000*, lpNumberOfBytesWritten=0xc000177cec*=0x70, lpOverlapped=0x0) returned 1 [0140.803] CloseHandle (hObject=0x1ec) returned 1 [0140.803] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0140.803] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0140.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0140.804] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000177d64 | out: lpMode=0xc000177d64) returned 0 [0140.809] GetFileType (hFile=0x1ec) returned 0x1 [0140.809] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000177d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000177d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.809] CloseHandle (hObject=0x1ec) returned 1 [0140.810] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0140.810] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\encry-5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\encry-5p5nrgjn0js_halpmcxz@everesttech[1].txt"), dwFlags=0x1) returned 1 [0140.811] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.819] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.820] SetEvent (hEvent=0x324) returned 1 [0140.820] SetEvent (hEvent=0x12c) returned 1 [0140.820] VirtualFree (lpAddress=0xc000072000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.820] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.820] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.821] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.821] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.822] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0140.822] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000253cf4 | out: lpMode=0xc000253cf4) returned 0 [0140.824] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.825] GetFileType (hFile=0x240) returned 0x1 [0140.825] GetFileType (hFile=0x240) returned 0x1 [0140.825] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc000253d44 | out: lpFileInformation=0xc000253d44) returned 1 [0140.825] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc000253d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000253d28) returned 1 [0140.825] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0140.826] ReadFile (in: hFile=0x240, lpBuffer=0xc0000b8000, nNumberOfBytesToRead=0x2f1, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b8000*, lpNumberOfBytesRead=0xc000253c04*=0xf1, lpOverlapped=0x0) returned 1 [0140.827] ReadFile (in: hFile=0x240, lpBuffer=0xc0000b80f1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b80f1*, lpNumberOfBytesRead=0xc000253c04*=0x0, lpOverlapped=0x0) returned 1 [0140.827] CloseHandle (hObject=0x240) returned 1 [0140.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0140.828] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000253d04 | out: lpMode=0xc000253d04) returned 0 [0140.829] GetFileType (hFile=0x240) returned 0x1 [0140.829] WriteFile (in: hFile=0x240, lpBuffer=0xc00028a400*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0xc000253cec, lpOverlapped=0x0 | out: lpBuffer=0xc00028a400*, lpNumberOfBytesWritten=0xc000253cec*=0x100, lpOverlapped=0x0) returned 1 [0140.830] CloseHandle (hObject=0x240) returned 1 [0140.830] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0140.830] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0140.831] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0140.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0140.831] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000253d64 | out: lpMode=0xc000253d64) returned 0 [0140.832] GetFileType (hFile=0x240) returned 0x1 [0140.832] WriteFile (in: hFile=0x240, lpBuffer=0xc0000b6000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000253d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesWritten=0xc000253d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.832] CloseHandle (hObject=0x240) returned 1 [0140.833] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0140.833] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\encry-5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\encry-5p5nrgjn0js_halpmcxz@demdex[1].txt"), dwFlags=0x1) returned 1 [0140.835] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.835] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.836] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000b6420*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc00024b808, lpReserved=0x0 | out: lpBuffer=0xc0000b6420*, lpNumberOfCharsWritten=0xc00024b808*=0xac) returned 1 [0140.839] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0140.839] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0140.840] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0140.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0140.840] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00024bd64 | out: lpMode=0xc00024bd64) returned 0 [0140.842] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.850] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.860] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.862] SetEvent (hEvent=0x324) returned 1 [0140.862] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.863] SetEvent (hEvent=0x354) returned 1 [0140.863] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00010e140*, nNumberOfCharsToWrite=0x91, lpNumberOfCharsWritten=0xc0002df808, lpReserved=0x0 | out: lpBuffer=0xc00010e140*, lpNumberOfCharsWritten=0xc0002df808*=0x91) returned 1 [0140.864] SetEvent (hEvent=0x354) returned 1 [0140.864] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0140.865] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0140.865] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0140.865] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0140.866] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0140.866] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0140.866] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0002dfd64 | out: lpMode=0xc0002dfd64) returned 0 [0140.867] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.875] SetEvent (hEvent=0x3c8) returned 1 [0140.875] GetFileType (hFile=0x36c) returned 0x1 [0140.875] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.883] SetEvent (hEvent=0x12c) returned 1 [0140.883] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.908] SetEvent (hEvent=0x12c) returned 1 [0140.908] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0140.924] SetEvent (hEvent=0x3c8) returned 1 [0140.924] SetEvent (hEvent=0x12c) returned 1 [0140.924] SetEvent (hEvent=0x30c) returned 1 [0140.924] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0141.005] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0141.006] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00015fcf4 | out: lpMode=0xc00015fcf4) returned 0 [0141.011] GetFileType (hFile=0x2cc) returned 0x1 [0141.011] GetFileType (hFile=0x2cc) returned 0x1 [0141.011] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc00015fd44 | out: lpFileInformation=0xc00015fd44) returned 1 [0141.011] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc00015fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015fd28) returned 1 [0141.011] ReadFile (in: hFile=0x2cc, lpBuffer=0xc000186000, nNumberOfBytesToRead=0x2dd, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000186000*, lpNumberOfBytesRead=0xc00015fc04*=0xdd, lpOverlapped=0x0) returned 1 [0141.012] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0001860dd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001860dd*, lpNumberOfBytesRead=0xc00015fc04*=0x0, lpOverlapped=0x0) returned 1 [0141.012] CloseHandle (hObject=0x2cc) returned 1 [0141.013] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0141.014] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00015fd04 | out: lpMode=0xc00015fd04) returned 0 [0141.025] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0141.495] GetFileType (hFile=0x2cc) returned 0x1 [0141.495] WriteFile (in: hFile=0x2cc, lpBuffer=0xc000060b60*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc00015fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000060b60*, lpNumberOfBytesWritten=0xc00015fcec*=0xe0, lpOverlapped=0x0) returned 1 [0142.490] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0142.835] CloseHandle (hObject=0x2cc) returned 1 [0142.838] SetEvent (hEvent=0x324) returned 1 [0142.838] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0142.843] SetEvent (hEvent=0x24c) returned 1 [0142.843] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0142.876] SetEvent (hEvent=0x354) returned 1 [0142.876] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0142.999] SetEvent (hEvent=0x208) returned 1 [0142.999] SetEvent (hEvent=0x448) returned 1 [0142.999] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0143.013] SetEvent (hEvent=0x208) returned 1 [0143.013] SetEvent (hEvent=0x264) returned 1 [0143.013] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0143.041] SetEvent (hEvent=0x1c4) returned 1 [0143.041] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0143.063] SetEvent (hEvent=0x3c8) returned 1 [0143.063] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0143.092] SetEvent (hEvent=0x3c8) returned 1 [0143.092] SetEvent (hEvent=0x188) returned 1 [0143.092] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0143.101] SetEvent (hEvent=0x1f8) returned 1 [0143.101] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0143.110] SetEvent (hEvent=0x100) returned 1 [0143.110] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) returned 0x0 [0143.125] VirtualFree (lpAddress=0xc0007bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.126] VirtualFree (lpAddress=0xc0007aa000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0143.127] VirtualFree (lpAddress=0xc000798000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0143.128] VirtualFree (lpAddress=0xc000784000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0143.129] VirtualFree (lpAddress=0xc000780000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.129] VirtualFree (lpAddress=0xc000730000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.130] VirtualFree (lpAddress=0xc000722000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.131] VirtualFree (lpAddress=0xc00071c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.131] VirtualFree (lpAddress=0xc000716000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.132] VirtualFree (lpAddress=0xc0006aa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.133] VirtualFree (lpAddress=0xc000698000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0143.133] VirtualFree (lpAddress=0xc00068c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.134] VirtualFree (lpAddress=0xc00063e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0143.135] VirtualFree (lpAddress=0xc00061c000, dwSize=0x1e000, dwFreeType=0x4000) returned 1 [0143.136] VirtualFree (lpAddress=0xc0005fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.137] VirtualFree (lpAddress=0xc0004a0000, dwSize=0x1e000, dwFreeType=0x4000) returned 1 [0143.138] VirtualFree (lpAddress=0xc0003f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.139] VirtualFree (lpAddress=0xc0003c8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.140] VirtualFree (lpAddress=0xc000376000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.140] VirtualFree (lpAddress=0xc000350000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0143.141] VirtualFree (lpAddress=0xc00032a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.142] VirtualFree (lpAddress=0xc000322000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.142] VirtualFree (lpAddress=0xc00031c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.143] VirtualFree (lpAddress=0xc000316000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.144] VirtualFree (lpAddress=0xc000310000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.144] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.145] VirtualFree (lpAddress=0xc0002f2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0143.146] VirtualFree (lpAddress=0xc0002d0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.147] VirtualFree (lpAddress=0xc0002a6000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0143.148] VirtualFree (lpAddress=0xc000298000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.149] VirtualFree (lpAddress=0xc00028c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.150] VirtualFree (lpAddress=0xc00027e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.151] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.152] VirtualFree (lpAddress=0xc000266000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.153] VirtualFree (lpAddress=0xc00025c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0143.154] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.155] VirtualFree (lpAddress=0xc000230000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.155] VirtualFree (lpAddress=0xc000222000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.156] VirtualFree (lpAddress=0xc00021e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.157] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.158] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.159] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.160] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.161] VirtualFree (lpAddress=0xc00010c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0143.162] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.163] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.164] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.165] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.165] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.166] VirtualFree (lpAddress=0xc00006c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0143.167] VirtualFree (lpAddress=0xc00005c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.168] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.169] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.169] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.170] SetEvent (hEvent=0xa90) returned 1 [0143.170] WaitForSingleObject (hHandle=0xfc, dwMilliseconds=0xffffffff) Thread: id = 22 os_tid = 0x904 [0102.121] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2969fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2969fea0*=0x16c) returned 1 [0102.121] VirtualQuery (in: lpAddress=0x2969fec0, lpBuffer=0x2969fec0, dwLength=0x30 | out: lpBuffer=0x2969fec0*(BaseAddress=0x2969f000, AllocationBase=0x294a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0102.121] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0102.121] SetEvent (hEvent=0x8c) returned 1 [0102.121] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xf4 [0102.121] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x17c [0102.121] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0102.124] SetEvent (hEvent=0x15c) returned 1 [0102.124] SetEvent (hEvent=0x108) returned 1 [0102.125] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0103.412] SetEvent (hEvent=0xfc) returned 1 [0103.412] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0103.415] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0103.416] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0000f9cf4 | out: lpMode=0xc0000f9cf4) returned 0 [0103.419] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0103.420] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x14c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2969f920, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2969f920*=0x188) returned 1 [0103.420] SuspendThread (hThread=0x188) returned 0x0 [0103.420] GetThreadContext (in: hThread=0x188, lpContext=0x2969f930 | out: lpContext=0x2969f930*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2945f728, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab153a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0103.423] ResumeThread (hThread=0x188) returned 0x1 [0103.423] CloseHandle (hObject=0x188) returned 1 [0103.423] GetFileType (hFile=0x180) returned 0x1 [0103.423] GetFileType (hFile=0x180) returned 0x1 [0103.423] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc0000f9d44 | out: lpFileInformation=0xc0000f9d44) returned 1 [0103.423] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc0000f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f9d28) returned 1 [0103.423] ReadFile (in: hFile=0x180, lpBuffer=0xc00027c000, nNumberOfBytesToRead=0x5274, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesRead=0xc0000f9c04*=0x5074, lpOverlapped=0x0) returned 1 [0103.470] ReadFile (in: hFile=0x180, lpBuffer=0xc000281074, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000281074*, lpNumberOfBytesRead=0xc0000f9c04*=0x0, lpOverlapped=0x0) returned 1 [0103.470] CloseHandle (hObject=0x180) returned 1 [0103.470] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0103.471] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0103.472] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0000f9d04 | out: lpMode=0xc0000f9d04) returned 0 [0103.486] GetFileType (hFile=0x180) returned 0x1 [0103.486] WriteFile (in: hFile=0x180, lpBuffer=0xc0002b6000*, nNumberOfBytesToWrite=0x5080, lpNumberOfBytesWritten=0xc0000f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b6000*, lpNumberOfBytesWritten=0xc0000f9cec*=0x5080, lpOverlapped=0x0) returned 1 [0103.487] CloseHandle (hObject=0x180) returned 1 [0103.487] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0103.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\iw\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0103.488] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0000f9d64 | out: lpMode=0xc0000f9d64) returned 0 [0103.499] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0103.607] SetEvent (hEvent=0xb8) returned 1 [0103.607] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0103.619] SetEvent (hEvent=0x164) returned 1 [0103.619] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0103.758] SetEvent (hEvent=0xfc) returned 1 [0103.758] SetEvent (hEvent=0x108) returned 1 [0103.758] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0103.829] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0103.833] SetEvent (hEvent=0x100) returned 1 [0103.833] SetEvent (hEvent=0x13c) returned 1 [0103.833] SetEvent (hEvent=0xfc) returned 1 [0103.833] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0103.839] SetEvent (hEvent=0x100) returned 1 [0103.839] SetEvent (hEvent=0x164) returned 1 [0103.839] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0103.850] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.851] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0103.851] SetEvent (hEvent=0xc0) returned 1 [0103.851] SetEvent (hEvent=0xfc) returned 1 [0103.851] SetEvent (hEvent=0x114) returned 1 [0103.851] SetEvent (hEvent=0x15c) returned 1 [0103.852] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.864] SetEvent (hEvent=0x15c) returned 1 [0103.864] SetEvent (hEvent=0x114) returned 1 [0103.864] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.879] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0103.880] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0103.880] SetEvent (hEvent=0x9c) returned 1 [0103.880] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.893] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0103.893] SetEvent (hEvent=0x164) returned 1 [0103.893] SetEvent (hEvent=0x100) returned 1 [0103.894] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.900] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0103.900] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.039] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.039] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0104.039] SetEvent (hEvent=0x100) returned 1 [0104.039] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.071] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.071] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.072] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0104.072] SetEvent (hEvent=0xc0) returned 1 [0104.072] SetEvent (hEvent=0x9c) returned 1 [0104.072] SetEvent (hEvent=0x164) returned 1 [0104.072] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0104.074] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.076] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.084] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0104.084] SetEvent (hEvent=0x13c) returned 1 [0104.084] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.097] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.097] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0104.098] SetEvent (hEvent=0xc0) returned 1 [0104.098] SetEvent (hEvent=0x9c) returned 1 [0104.098] SetEvent (hEvent=0x108) returned 1 [0104.099] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.108] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.108] SetEvent (hEvent=0x9c) returned 1 [0104.108] SetEvent (hEvent=0x164) returned 1 [0104.108] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.126] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0104.126] SetEvent (hEvent=0x164) returned 1 [0104.126] SetEvent (hEvent=0x9c) returned 1 [0104.126] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.141] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0104.141] VirtualAlloc (lpAddress=0xc0002c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c8000 [0104.141] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0104.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0104.142] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000275cf4 | out: lpMode=0xc000275cf4) returned 0 [0104.148] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.158] SetEvent (hEvent=0x9c) returned 1 [0104.158] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.299] SetEvent (hEvent=0xb8) returned 1 [0104.299] SetEvent (hEvent=0x13c) returned 1 [0104.299] SetEvent (hEvent=0x108) returned 1 [0104.299] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.368] SetEvent (hEvent=0xb8) returned 1 [0104.368] SetEvent (hEvent=0x13c) returned 1 [0104.369] SetEvent (hEvent=0x108) returned 1 [0104.369] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.377] SetEvent (hEvent=0xb8) returned 1 [0104.377] SetEvent (hEvent=0x164) returned 1 [0104.377] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.423] SetEvent (hEvent=0xb8) returned 1 [0104.423] SetEvent (hEvent=0x13c) returned 1 [0104.423] SetEvent (hEvent=0x164) returned 1 [0104.423] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.426] VirtualFree (lpAddress=0xc00029e000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0104.427] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0104.427] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.428] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.428] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.428] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.428] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0104.429] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0104.429] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00019fcf4 | out: lpMode=0xc00019fcf4) returned 0 [0104.436] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.439] GetFileType (hFile=0x128) returned 0x1 [0104.439] GetFileType (hFile=0x128) returned 0x1 [0104.439] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc00019fd44 | out: lpFileInformation=0xc00019fd44) returned 1 [0104.439] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc00019fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00019fd28) returned 1 [0104.439] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0104.440] ReadFile (in: hFile=0x128, lpBuffer=0xc0000dc000, nNumberOfBytesToRead=0x23b, lpNumberOfBytesRead=0xc00019fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesRead=0xc00019fc04*=0x3b, lpOverlapped=0x0) returned 1 [0104.441] ReadFile (in: hFile=0x128, lpBuffer=0xc0000dc03b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00019fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc03b*, lpNumberOfBytesRead=0xc00019fc04*=0x0, lpOverlapped=0x0) returned 1 [0104.441] CloseHandle (hObject=0x128) returned 1 [0104.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0104.442] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00019fd04 | out: lpMode=0xc00019fd04) returned 0 [0104.443] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.461] SetEvent (hEvent=0xb8) returned 1 [0104.461] GetFileType (hFile=0x128) returned 0x1 [0104.461] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.469] WriteFile (in: hFile=0x128, lpBuffer=0xc0006cc080*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0xc00019fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0006cc080*, lpNumberOfBytesWritten=0xc00019fcec*=0x40, lpOverlapped=0x0) returned 1 [0104.470] CloseHandle (hObject=0x128) returned 1 [0104.470] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0104.470] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0104.470] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00019fd64 | out: lpMode=0xc00019fd64) returned 0 [0104.480] GetFileType (hFile=0x128) returned 0x1 [0104.480] WriteFile (in: hFile=0x128, lpBuffer=0xc00016a580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00019fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a580*, lpNumberOfBytesWritten=0xc00019fd4c*=0x158, lpOverlapped=0x0) returned 1 [0104.480] CloseHandle (hObject=0x128) returned 1 [0104.480] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0104.481] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0104.481] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\devices.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\encry-devices.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\encry-devices.html"), dwFlags=0x1) returned 1 [0104.482] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.484] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.484] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0104.484] SetEvent (hEvent=0x13c) returned 1 [0104.484] SetEvent (hEvent=0x164) returned 1 [0104.485] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.489] SetEvent (hEvent=0x100) returned 1 [0104.490] SetEvent (hEvent=0x15c) returned 1 [0104.490] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.509] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.514] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0104.514] SetEvent (hEvent=0xc0) returned 1 [0104.514] SetEvent (hEvent=0x9c) returned 1 [0104.515] SetEvent (hEvent=0x108) returned 1 [0104.515] SetEvent (hEvent=0x15c) returned 1 [0104.515] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.527] GetFileType (hFile=0x174) returned 0x1 [0104.527] GetFileType (hFile=0x174) returned 0x1 [0104.527] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc000275d44 | out: lpFileInformation=0xc000275d44) returned 1 [0104.527] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc000275d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000275d28) returned 1 [0104.527] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0104.527] VirtualAlloc (lpAddress=0xc00029c000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029c000 [0104.529] ReadFile (in: hFile=0x174, lpBuffer=0xc00029c000, nNumberOfBytesToRead=0x41d7, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029c000*, lpNumberOfBytesRead=0xc000275c04*=0x3fd7, lpOverlapped=0x0) returned 1 [0104.532] ReadFile (in: hFile=0x174, lpBuffer=0xc00029ffd7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029ffd7*, lpNumberOfBytesRead=0xc000275c04*=0x0, lpOverlapped=0x0) returned 1 [0104.532] CloseHandle (hObject=0x174) returned 1 [0104.532] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0104.533] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0104.533] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0104.534] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0104.534] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0104.535] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000275d04 | out: lpMode=0xc000275d04) returned 0 [0104.544] GetFileType (hFile=0x174) returned 0x1 [0104.544] WriteFile (in: hFile=0x174, lpBuffer=0xc00006c000*, nNumberOfBytesToWrite=0x3fe0, lpNumberOfBytesWritten=0xc000275cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesWritten=0xc000275cec*=0x3fe0, lpOverlapped=0x0) returned 1 [0104.546] CloseHandle (hObject=0x174) returned 1 [0104.546] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0104.546] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0104.546] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0104.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0104.547] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000275d64 | out: lpMode=0xc000275d64) returned 0 [0104.551] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.645] SetEvent (hEvent=0x108) returned 1 [0104.645] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.646] SetEvent (hEvent=0xb8) returned 1 [0104.646] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.667] SetEvent (hEvent=0x108) returned 1 [0104.667] SetEvent (hEvent=0x9c) returned 1 [0104.667] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.671] SetEvent (hEvent=0x108) returned 1 [0104.671] SetEvent (hEvent=0xb8) returned 1 [0104.671] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.672] SetEvent (hEvent=0x108) returned 1 [0104.672] SetEvent (hEvent=0xb8) returned 1 [0104.672] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0104.673] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00024bcf4 | out: lpMode=0xc00024bcf4) returned 0 [0104.679] GetFileType (hFile=0x148) returned 0x1 [0104.679] GetFileType (hFile=0x148) returned 0x1 [0104.679] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc00024bd44 | out: lpFileInformation=0xc00024bd44) returned 1 [0104.679] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc00024bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024bd28) returned 1 [0104.679] ReadFile (in: hFile=0x148, lpBuffer=0xc000250000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000250000*, lpNumberOfBytesRead=0xc00024bc04*=0x0, lpOverlapped=0x0) returned 1 [0104.679] CloseHandle (hObject=0x148) returned 1 [0104.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites-journal"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0104.680] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00024bd04 | out: lpMode=0xc00024bd04) returned 0 [0104.682] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.703] GetFileType (hFile=0x148) returned 0x1 [0104.703] WriteFile (in: hFile=0x148, lpBuffer=0xc000010230*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc00024bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000010230*, lpNumberOfBytesWritten=0xc00024bcec*=0x10, lpOverlapped=0x0) returned 1 [0104.704] CloseHandle (hObject=0x148) returned 1 [0104.704] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082501 | out: pbBuffer=0xc000082501) returned 1 [0104.704] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0104.704] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites-journal"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0104.705] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00024bd64 | out: lpMode=0xc00024bd64) returned 0 [0104.709] GetFileType (hFile=0x148) returned 0x1 [0104.709] WriteFile (in: hFile=0x148, lpBuffer=0xc00039a420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00039a420*, lpNumberOfBytesWritten=0xc00024bd4c*=0x158, lpOverlapped=0x0) returned 1 [0104.710] CloseHandle (hObject=0x148) returned 1 [0104.710] VirtualAlloc (lpAddress=0xc0002e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e4000 [0104.710] VirtualAlloc (lpAddress=0xc0002e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e6000 [0104.710] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Top Sites-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-top sites-journal"), dwFlags=0x1) returned 1 [0104.711] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.712] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0104.712] SetEvent (hEvent=0x1d0) returned 1 [0104.712] SetEvent (hEvent=0xb8) returned 1 [0104.712] SetEvent (hEvent=0x108) returned 1 [0104.713] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.720] SetEvent (hEvent=0x108) returned 1 [0104.720] SetEvent (hEvent=0xb8) returned 1 [0104.720] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.721] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.721] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.722] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.722] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0104.722] SetEvent (hEvent=0x9c) returned 1 [0104.722] SetEvent (hEvent=0x120) returned 1 [0104.722] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.723] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.723] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0104.724] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000163cf4 | out: lpMode=0xc000163cf4) returned 0 [0104.735] GetFileType (hFile=0x148) returned 0x1 [0104.735] GetFileType (hFile=0x148) returned 0x1 [0104.735] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc000163d44 | out: lpFileInformation=0xc000163d44) returned 1 [0104.736] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc000163d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000163d28) returned 1 [0104.736] ReadFile (in: hFile=0x148, lpBuffer=0xc000485500, nNumberOfBytesToRead=0x5164, lpNumberOfBytesRead=0xc000163c04, lpOverlapped=0x0 | out: lpBuffer=0xc000485500*, lpNumberOfBytesRead=0xc000163c04*=0x4f64, lpOverlapped=0x0) returned 1 [0104.739] ReadFile (in: hFile=0x148, lpBuffer=0xc00048a464, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000163c04, lpOverlapped=0x0 | out: lpBuffer=0xc00048a464*, lpNumberOfBytesRead=0xc000163c04*=0x0, lpOverlapped=0x0) returned 1 [0104.739] CloseHandle (hObject=0x148) returned 1 [0104.739] VirtualAlloc (lpAddress=0xc00030e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030e000 [0104.739] VirtualAlloc (lpAddress=0xc000310000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000310000 [0104.740] VirtualAlloc (lpAddress=0xc00031a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031a000 [0104.741] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0104.742] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000163d04 | out: lpMode=0xc000163d04) returned 0 [0104.746] GetFileType (hFile=0x148) returned 0x1 [0104.746] WriteFile (in: hFile=0x148, lpBuffer=0xc000310000*, nNumberOfBytesToWrite=0x4f70, lpNumberOfBytesWritten=0xc000163cec, lpOverlapped=0x0 | out: lpBuffer=0xc000310000*, lpNumberOfBytesWritten=0xc000163cec*=0x4f70, lpOverlapped=0x0) returned 1 [0104.748] CloseHandle (hObject=0x148) returned 1 [0104.748] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0104.748] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0104.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0104.748] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc000163d64 | out: lpMode=0xc000163d64) returned 0 [0104.751] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.754] GetFileType (hFile=0x148) returned 0x1 [0104.754] WriteFile (in: hFile=0x148, lpBuffer=0xc00016a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000163d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesWritten=0xc000163d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.754] CloseHandle (hObject=0x148) returned 1 [0104.754] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\encry-messages.json"), dwFlags=0x1) returned 1 [0104.755] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.756] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0104.756] SetEvent (hEvent=0xb8) returned 1 [0104.756] SetEvent (hEvent=0x120) returned 1 [0104.757] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.761] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.766] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.766] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0104.766] SetEvent (hEvent=0x120) returned 1 [0104.766] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.766] VirtualAlloc (lpAddress=0xc0002e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e8000 [0104.767] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x144 [0104.767] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0004dfcf4 | out: lpMode=0xc0004dfcf4) returned 0 [0104.768] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.774] GetFileType (hFile=0x144) returned 0x1 [0104.774] GetFileType (hFile=0x144) returned 0x1 [0104.774] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0004dfd44 | out: lpFileInformation=0xc0004dfd44) returned 1 [0104.774] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0004dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dfd28) returned 1 [0104.774] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0104.775] ReadFile (in: hFile=0x144, lpBuffer=0xc0002ea000, nNumberOfBytesToRead=0x7e33, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ea000*, lpNumberOfBytesRead=0xc0004dfc04*=0x7c33, lpOverlapped=0x0) returned 1 [0104.777] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.783] ReadFile (in: hFile=0x144, lpBuffer=0xc0002f1c33, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f1c33*, lpNumberOfBytesRead=0xc0004dfc04*=0x0, lpOverlapped=0x0) returned 1 [0104.783] CloseHandle (hObject=0x144) returned 1 [0104.783] VirtualAlloc (lpAddress=0xc0003c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c2000 [0104.784] VirtualAlloc (lpAddress=0xc0003d8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d8000 [0104.784] VirtualAlloc (lpAddress=0xc0003c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c4000 [0104.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0104.786] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0004dfd04 | out: lpMode=0xc0004dfd04) returned 0 [0104.797] GetFileType (hFile=0x144) returned 0x1 [0104.797] WriteFile (in: hFile=0x144, lpBuffer=0xc0003d8000*, nNumberOfBytesToWrite=0x7c40, lpNumberOfBytesWritten=0xc0004dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d8000*, lpNumberOfBytesWritten=0xc0004dfcec*=0x7c40, lpOverlapped=0x0) returned 1 [0104.799] CloseHandle (hObject=0x144) returned 1 [0104.799] VirtualAlloc (lpAddress=0xc0003c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c6000 [0104.800] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0104.800] VirtualAlloc (lpAddress=0xc0003c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c8000 [0104.800] VirtualAlloc (lpAddress=0xc0003cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003cc000 [0104.801] VirtualAlloc (lpAddress=0xc0003ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ce000 [0104.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0104.801] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0004dfd64 | out: lpMode=0xc0004dfd64) returned 0 [0104.805] GetFileType (hFile=0x144) returned 0x1 [0104.805] WriteFile (in: hFile=0x144, lpBuffer=0xc00016a840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a840*, lpNumberOfBytesWritten=0xc0004dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0104.805] CloseHandle (hObject=0x144) returned 1 [0104.805] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\mirroring_cast_streaming.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-mirroring_cast_streaming.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-mirroring_cast_streaming.js"), dwFlags=0x1) returned 1 [0104.806] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.807] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0104.807] SetEvent (hEvent=0xc0) returned 1 [0104.807] SetEvent (hEvent=0x108) returned 1 [0104.807] SetEvent (hEvent=0x120) returned 1 [0104.807] VirtualAlloc (lpAddress=0xc0003e0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e0000 [0104.809] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.817] SetEvent (hEvent=0x120) returned 1 [0104.817] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.828] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.829] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0104.829] SetEvent (hEvent=0xc0) returned 1 [0104.829] SetEvent (hEvent=0x9c) returned 1 [0104.829] SetEvent (hEvent=0x120) returned 1 [0104.829] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.845] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.847] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.847] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0104.847] SetEvent (hEvent=0xc0) returned 1 [0104.847] SetEvent (hEvent=0xfc) returned 1 [0104.847] SetEvent (hEvent=0x108) returned 1 [0104.847] VirtualAlloc (lpAddress=0xc0003e8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e8000 [0104.849] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.850] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.850] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.861] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0104.861] SetEvent (hEvent=0xfc) returned 1 [0104.861] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.875] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.875] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.876] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0104.876] SetEvent (hEvent=0xc0) returned 1 [0104.876] SetEvent (hEvent=0xfc) returned 1 [0104.876] SetEvent (hEvent=0x108) returned 1 [0104.876] VirtualAlloc (lpAddress=0xc0003f0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f0000 [0104.878] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.882] SetEvent (hEvent=0x108) returned 1 [0104.882] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.893] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.893] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.894] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.894] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0104.894] SetEvent (hEvent=0xc0) returned 1 [0104.894] SetEvent (hEvent=0x108) returned 1 [0104.894] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.906] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.906] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.907] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0104.907] SetEvent (hEvent=0xb8) returned 1 [0104.907] SetEvent (hEvent=0x164) returned 1 [0104.907] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0104.909] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.911] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.916] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0104.916] SetEvent (hEvent=0xb8) returned 1 [0104.916] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.924] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.924] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0104.924] SetEvent (hEvent=0x164) returned 1 [0104.924] SetEvent (hEvent=0xfc) returned 1 [0104.925] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.927] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.927] SetEvent (hEvent=0xfc) returned 1 [0104.927] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.931] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.931] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.932] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0104.932] SetEvent (hEvent=0xfc) returned 1 [0104.932] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.932] GetFileType (hFile=0x1c0) returned 0x1 [0104.932] GetFileType (hFile=0x1c0) returned 0x1 [0104.932] GetFileInformationByHandle (in: hFile=0x1c0, lpFileInformation=0xc000183d44 | out: lpFileInformation=0xc000183d44) returned 1 [0104.933] GetFileInformationByHandleEx (in: hFile=0x1c0, FileInformationClass=0x9, lpFileInformation=0xc000183d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000183d28) returned 1 [0104.933] ReadFile (in: hFile=0x1c0, lpBuffer=0xc00050d980, nNumberOfBytesToRead=0x194c, lpNumberOfBytesRead=0xc000183c04, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesRead=0xc000183c04*=0x174c, lpOverlapped=0x0) returned 1 [0104.943] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.949] ReadFile (in: hFile=0x1c0, lpBuffer=0xc00050f0cc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000183c04, lpOverlapped=0x0 | out: lpBuffer=0xc00050f0cc*, lpNumberOfBytesRead=0xc000183c04*=0x0, lpOverlapped=0x0) returned 1 [0104.949] CloseHandle (hObject=0x1c0) returned 1 [0104.950] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0104.950] VirtualAlloc (lpAddress=0xc0003d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d4000 [0104.951] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0104.952] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0xc000183d04 | out: lpMode=0xc000183d04) returned 0 [0104.953] GetFileType (hFile=0x1c0) returned 0x1 [0104.953] WriteFile (in: hFile=0x1c0, lpBuffer=0xc0001e2000*, nNumberOfBytesToWrite=0x1750, lpNumberOfBytesWritten=0xc000183cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesWritten=0xc000183cec*=0x1750, lpOverlapped=0x0) returned 1 [0104.954] CloseHandle (hObject=0x1c0) returned 1 [0104.954] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0104.954] VirtualAlloc (lpAddress=0xc00036a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036a000 [0104.955] VirtualAlloc (lpAddress=0xc00036c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036c000 [0104.955] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c0 [0104.955] GetConsoleMode (in: hConsoleHandle=0x1c0, lpMode=0xc000183d64 | out: lpMode=0xc000183d64) returned 0 [0104.957] GetFileType (hFile=0x1c0) returned 0x1 [0104.957] WriteFile (in: hFile=0x1c0, lpBuffer=0xc00016a840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000183d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a840*, lpNumberOfBytesWritten=0xc000183d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.957] CloseHandle (hObject=0x1c0) returned 1 [0104.957] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\encry-view.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\encry-view.html"), dwFlags=0x1) returned 1 [0104.958] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.959] SetEvent (hEvent=0xb8) returned 1 [0104.959] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.959] SetEvent (hEvent=0xb8) returned 1 [0104.959] SetEvent (hEvent=0xfc) returned 1 [0104.959] SetEvent (hEvent=0x9c) returned 1 [0104.959] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.961] SetEvent (hEvent=0xfc) returned 1 [0104.961] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.963] VirtualFree (lpAddress=0xc000366000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.963] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.964] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.964] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.964] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.964] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.965] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.965] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.965] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.965] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.966] SetEvent (hEvent=0xb8) returned 1 [0104.966] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.974] SetEvent (hEvent=0x108) returned 1 [0104.974] SetEvent (hEvent=0xb8) returned 1 [0104.974] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.986] SetEvent (hEvent=0x108) returned 1 [0104.987] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0104.998] SetEvent (hEvent=0x9c) returned 1 [0104.998] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.248] SetEvent (hEvent=0xb8) returned 1 [0105.248] SetEvent (hEvent=0x164) returned 1 [0105.248] SetEvent (hEvent=0x108) returned 1 [0105.248] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.253] SetEvent (hEvent=0xb8) returned 1 [0105.253] SetEvent (hEvent=0x9c) returned 1 [0105.254] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.261] SetEvent (hEvent=0x9c) returned 1 [0105.261] SetEvent (hEvent=0x108) returned 1 [0105.261] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.280] SetEvent (hEvent=0x108) returned 1 [0105.280] SetEvent (hEvent=0x9c) returned 1 [0105.280] SetEvent (hEvent=0xb8) returned 1 [0105.280] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.329] SetEvent (hEvent=0x120) returned 1 [0105.329] SetEvent (hEvent=0xfc) returned 1 [0105.329] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.372] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1c8 [0105.373] GetConsoleMode (in: hConsoleHandle=0x1c8, lpMode=0xc000279cf4 | out: lpMode=0xc000279cf4) returned 0 [0105.374] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.378] SetEvent (hEvent=0x9c) returned 1 [0105.378] GetFileType (hFile=0x1c8) returned 0x1 [0105.378] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.385] GetFileType (hFile=0x1c8) returned 0x1 [0105.385] GetFileInformationByHandle (in: hFile=0x1c8, lpFileInformation=0xc000279d44 | out: lpFileInformation=0xc000279d44) returned 1 [0105.385] GetFileInformationByHandleEx (in: hFile=0x1c8, FileInformationClass=0x9, lpFileInformation=0xc000279d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000279d28) returned 1 [0105.386] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0105.386] ReadFile (in: hFile=0x1c8, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x229, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc000279c04*=0x29, lpOverlapped=0x0) returned 1 [0105.387] ReadFile (in: hFile=0x1c8, lpBuffer=0xc00006c029, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c029*, lpNumberOfBytesRead=0xc000279c04*=0x0, lpOverlapped=0x0) returned 1 [0105.387] CloseHandle (hObject=0x1c8) returned 1 [0105.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c8 [0105.388] GetConsoleMode (in: hConsoleHandle=0x1c8, lpMode=0xc000279d04 | out: lpMode=0xc000279d04) returned 0 [0105.390] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.417] SwitchToThread () returned 1 [0105.418] SetEvent (hEvent=0x9c) returned 1 [0105.418] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.419] SetEvent (hEvent=0x9c) returned 1 [0105.419] SetEvent (hEvent=0x114) returned 1 [0105.419] SetEvent (hEvent=0x108) returned 1 [0105.419] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.426] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0105.427] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.427] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.428] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.428] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.429] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.429] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.429] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.429] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.430] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.430] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.430] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.430] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.431] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.431] SetEvent (hEvent=0x120) returned 1 [0105.431] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.630] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.637] SetEvent (hEvent=0x108) returned 1 [0105.638] SetEvent (hEvent=0x114) returned 1 [0105.638] SetEvent (hEvent=0x120) returned 1 [0105.638] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.650] SetEvent (hEvent=0x108) returned 1 [0105.650] SetEvent (hEvent=0x9c) returned 1 [0105.650] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.660] SetEvent (hEvent=0x164) returned 1 [0105.660] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.660] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0105.660] SetEvent (hEvent=0x114) returned 1 [0105.660] SetEvent (hEvent=0x164) returned 1 [0105.661] SetEvent (hEvent=0xfc) returned 1 [0105.662] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.670] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.670] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.679] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.679] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.680] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0105.680] SetEvent (hEvent=0xc0) returned 1 [0105.680] SetEvent (hEvent=0x9c) returned 1 [0105.680] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.693] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0105.693] SetEvent (hEvent=0x164) returned 1 [0105.694] SetEvent (hEvent=0xfc) returned 1 [0105.694] SetEvent (hEvent=0x114) returned 1 [0105.695] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.702] SetEvent (hEvent=0xfc) returned 1 [0105.702] SetEvent (hEvent=0x164) returned 1 [0105.702] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.706] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.706] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.707] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.707] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0105.707] SetEvent (hEvent=0x108) returned 1 [0105.707] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.708] GetFileType (hFile=0x150) returned 0x1 [0105.708] WriteFile (in: hFile=0x150, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0x20010, lpNumberOfBytesWritten=0xc000215cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc000215cec*=0x20010, lpOverlapped=0x0) returned 1 [0105.712] CloseHandle (hObject=0x150) returned 1 [0105.712] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0105.712] VirtualAlloc (lpAddress=0xc000316000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000316000 [0105.712] VirtualAlloc (lpAddress=0xc000318000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000318000 [0105.713] VirtualAlloc (lpAddress=0xc00031a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031a000 [0105.713] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0105.713] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000215d64 | out: lpMode=0xc000215d64) returned 0 [0105.719] GetFileType (hFile=0x150) returned 0x1 [0105.719] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000215d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000215d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.719] CloseHandle (hObject=0x150) returned 1 [0105.720] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\visited links"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Visited Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-visited links"), dwFlags=0x1) returned 1 [0105.721] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.722] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0105.722] SetEvent (hEvent=0x108) returned 1 [0105.722] SetEvent (hEvent=0x164) returned 1 [0105.723] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.731] SetEvent (hEvent=0x164) returned 1 [0105.731] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.740] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.741] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.741] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0105.741] SetEvent (hEvent=0xc0) returned 1 [0105.741] SetEvent (hEvent=0x120) returned 1 [0105.741] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.756] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.756] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0105.756] SetEvent (hEvent=0x164) returned 1 [0105.756] SetEvent (hEvent=0x108) returned 1 [0105.757] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.768] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.768] SetEvent (hEvent=0x108) returned 1 [0105.768] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.781] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.781] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.783] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.783] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0105.783] SetEvent (hEvent=0x108) returned 1 [0105.783] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.807] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0105.807] SetEvent (hEvent=0x114) returned 1 [0105.807] SetEvent (hEvent=0x164) returned 1 [0105.808] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.821] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.821] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.829] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0105.829] SetEvent (hEvent=0x108) returned 1 [0105.829] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.834] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.835] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0105.835] SetEvent (hEvent=0xc0) returned 1 [0105.835] SetEvent (hEvent=0x9c) returned 1 [0105.835] SetEvent (hEvent=0x120) returned 1 [0105.836] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.837] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.837] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.839] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0105.839] SetEvent (hEvent=0x9c) returned 1 [0105.839] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.849] GetFileType (hFile=0x148) returned 0x1 [0105.849] WriteFile (in: hFile=0x148, lpBuffer=0xc00016a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000255d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesWritten=0xc000255d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.849] CloseHandle (hObject=0x148) returned 1 [0105.849] VirtualAlloc (lpAddress=0xc000332000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000332000 [0105.850] VirtualAlloc (lpAddress=0xc000334000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000334000 [0105.850] VirtualAlloc (lpAddress=0xc000336000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000336000 [0105.850] VirtualAlloc (lpAddress=0xc00033c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033c000 [0105.851] VirtualAlloc (lpAddress=0xc00033e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033e000 [0105.851] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\network action predictor-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Network Action Predictor-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-network action predictor-journal"), dwFlags=0x1) returned 1 [0105.852] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.853] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0105.853] SetEvent (hEvent=0xc0) returned 1 [0105.853] SetEvent (hEvent=0x120) returned 1 [0105.853] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0105.855] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.856] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.864] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.865] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0105.865] SetEvent (hEvent=0x120) returned 1 [0105.865] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.865] GetFileType (hFile=0x1bc) returned 0x1 [0105.865] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000397000*, nNumberOfBytesToWrite=0x2b30, lpNumberOfBytesWritten=0xc0001b1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000397000*, lpNumberOfBytesWritten=0xc0001b1cec*=0x2b30, lpOverlapped=0x0) returned 1 [0105.866] CloseHandle (hObject=0x1bc) returned 1 [0105.866] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0105.866] VirtualAlloc (lpAddress=0xc000340000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000340000 [0105.867] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0105.867] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001b1d64 | out: lpMode=0xc0001b1d64) returned 0 [0105.870] GetFileType (hFile=0x1bc) returned 0x1 [0105.870] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0001b1d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.870] CloseHandle (hObject=0x1bc) returned 1 [0105.870] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-feedback_script.js"), dwFlags=0x1) returned 1 [0105.871] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.872] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0105.872] SetEvent (hEvent=0xc0) returned 1 [0105.872] SetEvent (hEvent=0x120) returned 1 [0105.873] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.875] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.960] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.961] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0105.961] SetEvent (hEvent=0xc0) returned 1 [0105.961] SetEvent (hEvent=0x9c) returned 1 [0105.961] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0105.979] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0105.979] SetEvent (hEvent=0x164) returned 1 [0105.979] SetEvent (hEvent=0x114) returned 1 [0105.981] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0105.985] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0105.985] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.095] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.095] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.095] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0106.095] SetEvent (hEvent=0xc0) returned 1 [0106.095] SetEvent (hEvent=0x9c) returned 1 [0106.095] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.111] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0106.111] SetEvent (hEvent=0x114) returned 1 [0106.111] SetEvent (hEvent=0x164) returned 1 [0106.112] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.116] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.116] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.120] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.120] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.121] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.121] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0106.121] SetEvent (hEvent=0xc0) returned 1 [0106.121] SetEvent (hEvent=0x9c) returned 1 [0106.121] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\sync extension settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0106.123] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0002cdcf4 | out: lpMode=0xc0002cdcf4) returned 0 [0106.123] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.129] SetEvent (hEvent=0x164) returned 1 [0106.130] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.130] SetEvent (hEvent=0x164) returned 1 [0106.130] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.130] SetEvent (hEvent=0x164) returned 1 [0106.130] SetEvent (hEvent=0x108) returned 1 [0106.130] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0106.131] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.131] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.131] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.132] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.132] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.132] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.132] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.133] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.133] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.133] GetFileType (hFile=0xec) returned 0x1 [0106.133] WriteFile (in: hFile=0xec, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x830, lpNumberOfBytesWritten=0xc000199cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc000199cec*=0x830, lpOverlapped=0x0) returned 1 [0106.135] CloseHandle (hObject=0xec) returned 1 [0106.135] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0106.135] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0106.135] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0106.136] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0106.136] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000199d64 | out: lpMode=0xc000199d64) returned 0 [0106.140] GetFileType (hFile=0xec) returned 0x1 [0106.140] WriteFile (in: hFile=0xec, lpBuffer=0xc0000762c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000199d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000762c0*, lpNumberOfBytesWritten=0xc000199d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.140] CloseHandle (hObject=0xec) returned 1 [0106.141] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0106.141] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0106.141] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\encry-index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\encry-index.html"), dwFlags=0x1) returned 1 [0106.142] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.143] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0106.143] SetEvent (hEvent=0xc0) returned 1 [0106.143] SetEvent (hEvent=0x120) returned 1 [0106.143] SetEvent (hEvent=0xfc) returned 1 [0106.143] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0106.145] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.217] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.229] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0106.229] SetEvent (hEvent=0x120) returned 1 [0106.229] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.248] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0106.248] SetEvent (hEvent=0xfc) returned 1 [0106.248] SetEvent (hEvent=0x9c) returned 1 [0106.250] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.254] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.254] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.259] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.259] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0106.259] SetEvent (hEvent=0x108) returned 1 [0106.259] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.278] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.278] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.279] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.279] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0106.279] SetEvent (hEvent=0xc0) returned 1 [0106.279] SetEvent (hEvent=0x108) returned 1 [0106.279] SetEvent (hEvent=0x120) returned 1 [0106.280] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.283] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.284] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0106.284] SetEvent (hEvent=0x108) returned 1 [0106.284] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.295] GetFileType (hFile=0x1c8) returned 0x1 [0106.295] WriteFile (in: hFile=0x1c8, lpBuffer=0xc00000a1e0*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0xc000279cec, lpOverlapped=0x0 | out: lpBuffer=0xc00000a1e0*, lpNumberOfBytesWritten=0xc000279cec*=0x30, lpOverlapped=0x0) returned 1 [0106.296] CloseHandle (hObject=0x1c8) returned 1 [0106.296] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0106.297] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0106.297] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0106.297] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0106.297] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0106.298] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0106.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c8 [0106.298] GetConsoleMode (in: hConsoleHandle=0x1c8, lpMode=0xc000279d64 | out: lpMode=0xc000279d64) returned 0 [0106.304] GetFileType (hFile=0x1c8) returned 0x1 [0106.304] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0106.304] WriteFile (in: hFile=0x1c8, lpBuffer=0xc000120000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000279d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesWritten=0xc000279d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.305] CloseHandle (hObject=0x1c8) returned 1 [0106.305] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\manifest-000001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\encry-MANIFEST-000001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\encry-manifest-000001"), dwFlags=0x1) returned 1 [0106.305] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.357] SetEvent (hEvent=0x9c) returned 1 [0106.357] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.375] SetEvent (hEvent=0x108) returned 1 [0106.375] SetEvent (hEvent=0x164) returned 1 [0106.375] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.415] SetEvent (hEvent=0x164) returned 1 [0106.415] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.480] SetEvent (hEvent=0x9c) returned 1 [0106.480] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.716] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0106.717] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0106.717] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0106.717] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000207cf4 | out: lpMode=0xc000207cf4) returned 0 [0106.720] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.725] GetFileType (hFile=0x1d4) returned 0x1 [0106.725] GetFileType (hFile=0x1d4) returned 0x1 [0106.725] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc000207d44 | out: lpFileInformation=0xc000207d44) returned 1 [0106.725] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc000207d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000207d28) returned 1 [0106.725] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0106.726] ReadFile (in: hFile=0x1d4, lpBuffer=0xc000078000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000207c04, lpOverlapped=0x0 | out: lpBuffer=0xc000078000*, lpNumberOfBytesRead=0xc000207c04*=0x0, lpOverlapped=0x0) returned 1 [0106.726] CloseHandle (hObject=0x1d4) returned 1 [0106.726] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0106.726] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000207d04 | out: lpMode=0xc000207d04) returned 0 [0106.733] GetFileType (hFile=0x1d4) returned 0x1 [0106.733] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0005864d0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000207cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005864d0*, lpNumberOfBytesWritten=0xc000207cec*=0x10, lpOverlapped=0x0) returned 1 [0106.734] CloseHandle (hObject=0x1d4) returned 1 [0106.734] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0106.734] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0106.734] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0106.735] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0106.735] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000207d64 | out: lpMode=0xc000207d64) returned 0 [0106.742] GetFileType (hFile=0x1d4) returned 0x1 [0106.742] WriteFile (in: hFile=0x1d4, lpBuffer=0xc000076840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000207d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000076840*, lpNumberOfBytesWritten=0xc000207d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.743] CloseHandle (hObject=0x1d4) returned 1 [0106.743] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\fwlink[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\D68G7BIJ\\encry-fwlink[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\d68g7bij\\encry-fwlink[1]"), dwFlags=0x1) returned 1 [0106.744] SetEvent (hEvent=0x108) returned 1 [0106.744] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.790] SetEvent (hEvent=0xfc) returned 1 [0106.790] SetEvent (hEvent=0x114) returned 1 [0106.790] SetEvent (hEvent=0x108) returned 1 [0106.790] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.793] SetEvent (hEvent=0xfc) returned 1 [0106.793] SetEvent (hEvent=0x164) returned 1 [0106.793] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0106.799] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0106.799] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.800] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.800] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.800] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.800] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.800] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.801] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.801] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.801] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.801] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.801] SetEvent (hEvent=0x164) returned 1 [0106.801] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.036] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.036] SetEvent (hEvent=0x108) returned 1 [0107.036] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.046] SetEvent (hEvent=0xfc) returned 1 [0107.046] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.290] SetEvent (hEvent=0xfc) returned 1 [0107.291] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.294] SetEvent (hEvent=0x120) returned 1 [0107.294] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.295] SetEvent (hEvent=0x108) returned 1 [0107.295] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.415] SetEvent (hEvent=0xfc) returned 1 [0107.415] SetEvent (hEvent=0xb8) returned 1 [0107.415] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.438] SetEvent (hEvent=0xfc) returned 1 [0107.438] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.440] SetEvent (hEvent=0x108) returned 1 [0107.440] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.442] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0107.442] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0107.442] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0107.443] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0107.443] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000283cf4 | out: lpMode=0xc000283cf4) returned 0 [0107.445] GetFileType (hFile=0x1bc) returned 0x1 [0107.445] GetFileType (hFile=0x1bc) returned 0x1 [0107.445] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000283d44 | out: lpFileInformation=0xc000283d44) returned 1 [0107.445] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000283d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000283d28) returned 1 [0107.445] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0107.446] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x610, lpNumberOfBytesRead=0xc000283c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc000283c04*=0x410, lpOverlapped=0x0) returned 1 [0107.453] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0000ee410, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000283c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee410*, lpNumberOfBytesRead=0xc000283c04*=0x0, lpOverlapped=0x0) returned 1 [0107.453] CloseHandle (hObject=0x1bc) returned 1 [0107.453] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0107.454] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0107.455] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000283d04 | out: lpMode=0xc000283d04) returned 0 [0107.465] GetFileType (hFile=0x1bc) returned 0x1 [0107.465] WriteFile (in: hFile=0x1bc, lpBuffer=0xc00003e000*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0xc000283cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003e000*, lpNumberOfBytesWritten=0xc000283cec*=0x420, lpOverlapped=0x0) returned 1 [0107.466] CloseHandle (hObject=0x1bc) returned 1 [0107.466] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0107.467] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0107.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0107.467] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000283d64 | out: lpMode=0xc000283d64) returned 0 [0107.472] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.475] GetFileType (hFile=0x1bc) returned 0x1 [0107.475] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000be420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000283d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be420*, lpNumberOfBytesWritten=0xc000283d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.475] CloseHandle (hObject=0x1bc) returned 1 [0107.475] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\07_tv_recorded_in_the_last_week.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\encry-07_TV_recorded_in_the_last_week.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\encry-07_tv_recorded_in_the_last_week.wpl"), dwFlags=0x1) returned 1 [0107.476] SetEvent (hEvent=0x108) returned 1 [0107.476] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.487] SetEvent (hEvent=0x114) returned 1 [0107.487] SetEvent (hEvent=0xfc) returned 1 [0107.487] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.499] SetEvent (hEvent=0x114) returned 1 [0107.499] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0107.499] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00027dcf4 | out: lpMode=0xc00027dcf4) returned 0 [0107.504] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.708] GetFileType (hFile=0x1bc) returned 0x1 [0107.708] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0107.709] GetFileType (hFile=0x1bc) returned 0x1 [0107.709] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc00027dd44 | out: lpFileInformation=0xc00027dd44) returned 1 [0107.709] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc00027dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027dd28) returned 1 [0107.709] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00004c700, nNumberOfBytesToRead=0x627, lpNumberOfBytesRead=0xc00027dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c700*, lpNumberOfBytesRead=0xc00027dc04*=0x427, lpOverlapped=0x0) returned 1 [0107.713] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00004cb27, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004cb27*, lpNumberOfBytesRead=0xc00027dc04*=0x0, lpOverlapped=0x0) returned 1 [0107.713] CloseHandle (hObject=0x1bc) returned 1 [0107.713] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0107.714] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00027dd04 | out: lpMode=0xc00027dd04) returned 0 [0107.714] GetFileType (hFile=0x1bc) returned 0x1 [0107.714] WriteFile (in: hFile=0x1bc, lpBuffer=0xc00016a480*, nNumberOfBytesToWrite=0x430, lpNumberOfBytesWritten=0xc00027dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00016a480*, lpNumberOfBytesWritten=0xc00027dcec*=0x430, lpOverlapped=0x0) returned 1 [0107.715] CloseHandle (hObject=0x1bc) returned 1 [0107.715] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0107.715] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0107.716] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0107.716] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0107.716] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0107.717] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0107.717] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0107.717] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0107.717] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00027dd64 | out: lpMode=0xc00027dd64) returned 0 [0107.718] GetFileType (hFile=0x1bc) returned 0x1 [0107.718] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0001c22c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c22c0*, lpNumberOfBytesWritten=0xc00027dd4c*=0x158, lpOverlapped=0x0) returned 1 [0107.718] CloseHandle (hObject=0x1bc) returned 1 [0107.719] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\10_all_music.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\encry-10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\encry-10_all_music.wpl"), dwFlags=0x1) returned 1 [0107.719] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.721] SetEvent (hEvent=0x108) returned 1 [0107.721] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.722] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0107.722] SetEvent (hEvent=0xb8) returned 1 [0107.722] SetEvent (hEvent=0x108) returned 1 [0107.722] SetEvent (hEvent=0xfc) returned 1 [0107.723] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.726] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.726] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0107.729] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.729] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.729] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0107.729] SetEvent (hEvent=0xc0) returned 1 [0107.729] SetEvent (hEvent=0xfc) returned 1 [0107.729] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.730] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0107.730] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000161cf4 | out: lpMode=0xc000161cf4) returned 0 [0107.735] GetFileType (hFile=0x1b4) returned 0x1 [0107.735] GetFileType (hFile=0x1b4) returned 0x1 [0107.735] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000161d44 | out: lpFileInformation=0xc000161d44) returned 1 [0107.735] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000161d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000161d28) returned 1 [0107.735] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00004c700, nNumberOfBytesToRead=0x6ff, lpNumberOfBytesRead=0xc000161c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c700*, lpNumberOfBytesRead=0xc000161c04*=0x4ff, lpOverlapped=0x0) returned 1 [0107.740] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00004cbff, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000161c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004cbff*, lpNumberOfBytesRead=0xc000161c04*=0x0, lpOverlapped=0x0) returned 1 [0107.740] CloseHandle (hObject=0x1b4) returned 1 [0107.740] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0107.741] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0107.742] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000161d04 | out: lpMode=0xc000161d04) returned 0 [0107.743] GetFileType (hFile=0x1bc) returned 0x1 [0107.743] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000074000*, nNumberOfBytesToWrite=0x500, lpNumberOfBytesWritten=0xc000161cec, lpOverlapped=0x0 | out: lpBuffer=0xc000074000*, lpNumberOfBytesWritten=0xc000161cec*=0x500, lpOverlapped=0x0) returned 1 [0107.744] CloseHandle (hObject=0x1bc) returned 1 [0107.745] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0107.745] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0107.745] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0107.745] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0107.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0107.746] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000161d64 | out: lpMode=0xc000161d64) returned 0 [0107.747] GetFileType (hFile=0x1bc) returned 0x1 [0107.747] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000be2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000161d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be2c0*, lpNumberOfBytesWritten=0xc000161d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.747] CloseHandle (hObject=0x1bc) returned 1 [0107.750] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.765] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\02_music_added_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\encry-02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\encry-02_music_added_in_the_last_month.wpl"), dwFlags=0x1) returned 1 [0107.842] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.843] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0107.843] SetEvent (hEvent=0x120) returned 1 [0107.843] SetEvent (hEvent=0x15c) returned 1 [0107.844] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.848] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.850] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0107.850] SetEvent (hEvent=0x15c) returned 1 [0107.850] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.853] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.877] SetEvent (hEvent=0x15c) returned 1 [0107.877] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.879] SetEvent (hEvent=0x15c) returned 1 [0107.880] SetEvent (hEvent=0x114) returned 1 [0107.880] SetEvent (hEvent=0xfc) returned 1 [0107.880] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.893] SetEvent (hEvent=0x15c) returned 1 [0107.893] SetEvent (hEvent=0x9c) returned 1 [0107.893] SetEvent (hEvent=0xb8) returned 1 [0107.893] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.898] SetEvent (hEvent=0x9c) returned 1 [0107.898] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.902] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.903] SetEvent (hEvent=0x15c) returned 1 [0107.903] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.905] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.907] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.909] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.910] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.911] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.913] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0107.914] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001e9818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc0001e9818*=0x4) returned 1 [0107.914] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002d9818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc0002d9818*=0x4) returned 1 [0107.915] SetEvent (hEvent=0x9c) returned 1 [0107.915] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc00024d818*=0x4) returned 1 [0107.916] SetEvent (hEvent=0x9c) returned 1 [0107.916] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0107.916] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000094000*, nNumberOfCharsToWrite=0x6f, lpNumberOfCharsWritten=0xc00026d808, lpReserved=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfCharsWritten=0xc00026d808*=0x6f) returned 1 [0107.917] SetEvent (hEvent=0x9c) returned 1 [0107.917] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0107.917] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0107.917] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0107.918] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0107.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0108.406] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00026dd64 | out: lpMode=0xc00026dd64) returned 0 [0108.410] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.427] GetFileType (hFile=0x128) returned 0x1 [0108.427] WriteFile (in: hFile=0x128, lpBuffer=0xc000232420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000232420*, lpNumberOfBytesWritten=0xc00026dd4c*=0x158, lpOverlapped=0x0) returned 1 [0108.428] CloseHandle (hObject=0x128) returned 1 [0108.428] VirtualAlloc (lpAddress=0xc00028e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028e000 [0108.429] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0108.429] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0108.430] SetEvent (hEvent=0x188) returned 1 [0108.431] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.446] SetEvent (hEvent=0xb8) returned 1 [0108.446] SetEvent (hEvent=0x15c) returned 1 [0108.446] SetEvent (hEvent=0x9c) returned 1 [0108.446] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.450] SwitchToThread () returned 1 [0108.452] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.453] SetEvent (hEvent=0xb8) returned 1 [0108.453] SetEvent (hEvent=0x164) returned 1 [0108.453] VirtualFree (lpAddress=0xc00028e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.453] VirtualFree (lpAddress=0xc000260000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.454] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.454] VirtualFree (lpAddress=0xc000232000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.454] VirtualFree (lpAddress=0xc000222000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.455] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.455] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.455] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.455] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.456] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.456] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.456] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.457] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.457] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.457] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.457] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.458] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.458] VirtualFree (lpAddress=0xc00006e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0108.458] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.459] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.459] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.459] VirtualFree (lpAddress=0xc00003e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.459] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.460] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586038*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000163818, lpReserved=0x0 | out: lpBuffer=0xc000586038*, lpNumberOfCharsWritten=0xc000163818*=0x3) returned 1 [0108.469] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.474] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001bd818, lpReserved=0x0 | out: lpBuffer=0xc0005861a0*, lpNumberOfCharsWritten=0xc0001bd818*=0x3) returned 1 [0108.475] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000201818, lpReserved=0x0 | out: lpBuffer=0xc0000a0030*, lpNumberOfCharsWritten=0xc000201818*=0x3) returned 1 [0108.482] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.484] SetEvent (hEvent=0x164) returned 1 [0108.485] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586200*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000287818, lpReserved=0x0 | out: lpBuffer=0xc000586200*, lpNumberOfCharsWritten=0xc000287818*=0x3) returned 1 [0108.490] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.493] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.494] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0120*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000281818, lpReserved=0x0 | out: lpBuffer=0xc0000a0120*, lpNumberOfCharsWritten=0xc000281818*=0x3) returned 1 [0108.498] SetEvent (hEvent=0x1a0) returned 1 [0108.498] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0126*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc0000a0126*, lpNumberOfCharsWritten=0xc000175818*=0x3) returned 1 [0108.503] SetEvent (hEvent=0x1a0) returned 1 [0108.503] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012f818, lpReserved=0x0 | out: lpBuffer=0xc000010060*, lpNumberOfCharsWritten=0xc00012f818*=0x3) returned 1 [0108.505] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.506] SetEvent (hEvent=0x188) returned 1 [0108.506] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.507] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00026d818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc00026d818*=0x3) returned 1 [0108.508] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010046*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c5818, lpReserved=0x0 | out: lpBuffer=0xc000010046*, lpNumberOfCharsWritten=0xc0000c5818*=0x3) returned 1 [0108.514] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.518] SetEvent (hEvent=0x188) returned 1 [0108.518] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.519] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00013f818, lpReserved=0x0 | out: lpBuffer=0xc000010060*, lpNumberOfCharsWritten=0xc00013f818*=0x3) returned 1 [0108.523] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010066*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc000010066*, lpNumberOfCharsWritten=0xc000247818*=0x3) returned 1 [0108.524] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.534] SetEvent (hEvent=0x1a0) returned 1 [0108.534] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.538] SetEvent (hEvent=0x188) returned 1 [0108.538] SetEvent (hEvent=0x9c) returned 1 [0108.538] SetEvent (hEvent=0xb8) returned 1 [0108.538] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.541] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.541] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.541] SetEvent (hEvent=0x1a0) returned 1 [0108.541] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.573] SetEvent (hEvent=0xb8) returned 1 [0108.574] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0108.576] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0002d1cf4 | out: lpMode=0xc0002d1cf4) returned 0 [0108.578] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.581] GetFileType (hFile=0x180) returned 0x1 [0108.581] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0108.581] GetFileType (hFile=0x180) returned 0x1 [0108.581] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc0002d1d44 | out: lpFileInformation=0xc0002d1d44) returned 1 [0108.582] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc0002d1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d1d28) returned 1 [0108.582] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0108.582] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0108.582] ReadFile (in: hFile=0x180, lpBuffer=0xc000070000, nNumberOfBytesToRead=0x9ef, lpNumberOfBytesRead=0xc0002d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesRead=0xc0002d1c04*=0x7ef, lpOverlapped=0x0) returned 1 [0108.585] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.587] ReadFile (in: hFile=0x180, lpBuffer=0xc0000707ef, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000707ef*, lpNumberOfBytesRead=0xc0002d1c04*=0x0, lpOverlapped=0x0) returned 1 [0108.587] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.592] CloseHandle (hObject=0x180) returned 1 [0108.592] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0108.593] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0108.594] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0002d1d04 | out: lpMode=0xc0002d1d04) returned 0 [0108.601] GetFileType (hFile=0x180) returned 0x1 [0108.601] WriteFile (in: hFile=0x180, lpBuffer=0xc000072000*, nNumberOfBytesToWrite=0x7f0, lpNumberOfBytesWritten=0xc0002d1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfBytesWritten=0xc0002d1cec*=0x7f0, lpOverlapped=0x0) returned 1 [0108.603] CloseHandle (hObject=0x180) returned 1 [0108.603] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0108.604] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0108.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0108.605] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0002d1d64 | out: lpMode=0xc0002d1d64) returned 0 [0108.622] GetFileType (hFile=0x180) returned 0x1 [0108.622] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0002d1d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.622] CloseHandle (hObject=0x180) returned 1 [0108.622] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0108.623] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0108.623] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\encry-350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\encry-350db95df4cbd94b2a1c300510e12e11.xml"), dwFlags=0x1) returned 1 [0108.624] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.625] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0108.626] SetEvent (hEvent=0xc0) returned 1 [0108.626] SetEvent (hEvent=0x188) returned 1 [0108.626] SetEvent (hEvent=0x9c) returned 1 [0108.626] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0108.627] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.628] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.638] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0108.638] SetEvent (hEvent=0x188) returned 1 [0108.639] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.647] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002dd560 | out: lpFindFileData=0xc0002dd560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3dc40980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8ae80e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8ae80e80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.647] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002dd560 | out: lpFindFileData=0xc0002dd560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3dc8cc40, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3dc8cc40, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3dc8cc40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x462, dwReserved0=0x0, dwReserved1=0x0, cFileName="mapisvc.inf", cAlternateFileName="")) returned 1 [0108.647] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002dd560 | out: lpFindFileData=0xc0002dd560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5c4d2d00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8ae80e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8ae80e80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xb9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.sharing.xml.obi", cAlternateFileName="OUTLOO~1.OBI")) returned 1 [0108.647] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002dd560 | out: lpFindFileData=0xc0002dd560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x609dab00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RoamCache", cAlternateFileName="ROAMCA~1")) returned 1 [0108.647] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002dd560 | out: lpFindFileData=0xc0002dd560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8ae80e80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0x8ae80e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x5c4d2d00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0xb9, dwReserved0=0x0, dwReserved1=0x0, cFileName="~last~.sharing.xml.obi", cAlternateFileName="~LAST~~1.OBI")) returned 1 [0108.647] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002dd560 | out: lpFindFileData=0xc0002dd560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.647] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.648] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0108.648] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5c4d2d00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8ae80e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8ae80e80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xb9)) returned 1 [0108.655] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0108.656] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0108.656] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x609dab00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.657] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.657] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x609dab00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.657] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x609dab00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.657] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x60a26dc0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat", cAlternateFileName="STREAM~1.DAT")) returned 1 [0108.657] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.657] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.657] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0108.658] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x609dab00, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x609dab00, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x60a26dc0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x104)) returned 1 [0108.658] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\mapisvc.inf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\mapisvc.inf"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3dc8cc40, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x3dc8cc40, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x3dc8cc40, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x462)) returned 1 [0108.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\~last~.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\~last~.sharing.xml.obi"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8ae80e80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0x8ae80e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x5c4d2d00, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0xb9)) returned 1 [0108.659] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0108.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Publisher" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\publisher"), fInfoLevelId=0x0, lpFileInformation=0xc000221778 | out: lpFileInformation=0xc000221778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb4c1b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.677] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.686] SetEvent (hEvent=0x164) returned 1 [0108.686] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.692] VirtualFree (lpAddress=0xc000346000, dwSize=0x22000, dwFreeType=0x4000) returned 1 [0108.693] VirtualFree (lpAddress=0xc0002fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.693] VirtualFree (lpAddress=0xc0002f2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.693] VirtualFree (lpAddress=0xc0002c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.694] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.694] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.694] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.695] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.695] VirtualFree (lpAddress=0xc00006a000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0108.695] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.696] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.696] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.696] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0108.697] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.697] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000238030*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001b3818, lpReserved=0x0 | out: lpBuffer=0xc000238030*, lpNumberOfCharsWritten=0xc0001b3818*=0x2) returned 1 [0108.698] SetEvent (hEvent=0xb8) returned 1 [0108.698] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.712] SetEvent (hEvent=0x188) returned 1 [0108.712] SetEvent (hEvent=0x15c) returned 1 [0108.712] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.714] SetEvent (hEvent=0x188) returned 1 [0108.714] SetEvent (hEvent=0x9c) returned 1 [0108.714] SetEvent (hEvent=0x164) returned 1 [0108.714] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.723] SetEvent (hEvent=0x15c) returned 1 [0108.723] SetEvent (hEvent=0x188) returned 1 [0108.723] SetEvent (hEvent=0x9c) returned 1 [0108.723] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.726] SetEvent (hEvent=0x15c) returned 1 [0108.726] SetEvent (hEvent=0xb8) returned 1 [0108.726] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0108.759] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0002d1cf4 | out: lpMode=0xc0002d1cf4) returned 0 [0108.760] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.767] GetFileType (hFile=0x128) returned 0x1 [0108.767] GetFileType (hFile=0x128) returned 0x1 [0108.767] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0002d1d44 | out: lpFileInformation=0xc0002d1d44) returned 1 [0108.767] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0002d1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d1d28) returned 1 [0108.767] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0108.770] ReadFile (in: hFile=0x128, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x1f600, lpNumberOfBytesRead=0xc0002d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0002d1c04*=0x1f400, lpOverlapped=0x0) returned 1 [0108.787] ReadFile (in: hFile=0x128, lpBuffer=0xc0002c3400, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002c3400*, lpNumberOfBytesRead=0xc0002d1c04*=0x0, lpOverlapped=0x0) returned 1 [0108.787] CloseHandle (hObject=0x128) returned 1 [0108.787] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0108.791] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0108.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0108.793] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0002d1d04 | out: lpMode=0xc0002d1d04) returned 0 [0108.804] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.809] GetFileType (hFile=0x128) returned 0x1 [0108.809] WriteFile (in: hFile=0x128, lpBuffer=0xc0002fc000*, nNumberOfBytesToWrite=0x1f410, lpNumberOfBytesWritten=0xc0002d1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002fc000*, lpNumberOfBytesWritten=0xc0002d1cec*=0x1f410, lpOverlapped=0x0) returned 1 [0108.812] CloseHandle (hObject=0x128) returned 1 [0108.813] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0108.813] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0108.813] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0108.813] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0108.814] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0108.814] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0108.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0108.815] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0002d1d64 | out: lpMode=0xc0002d1d64) returned 0 [0108.823] GetFileType (hFile=0x128) returned 0x1 [0108.823] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0002d1d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.824] CloseHandle (hObject=0x128) returned 1 [0108.824] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\thumbs.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Visio\\encry-thumbs.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\visio\\encry-thumbs.dat"), dwFlags=0x1) returned 1 [0108.825] SetEvent (hEvent=0x188) returned 1 [0108.825] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.827] SetEvent (hEvent=0x188) returned 1 [0108.827] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0108.828] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0108.829] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.829] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.830] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.830] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.830] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.830] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.831] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.831] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.831] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.831] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.832] VirtualFree (lpAddress=0xc00004e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.832] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0108.832] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.833] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000238018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000179818, lpReserved=0x0 | out: lpBuffer=0xc000238018*, lpNumberOfCharsWritten=0xc000179818*=0x2) returned 1 [0108.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1024" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1024"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.836] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0108.836] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1024\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x666948e0, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x666948e0, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x666948e0, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.837] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x666948e0, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x666948e0, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x666948e0, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.837] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.837] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x34d50a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x34ef3970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x34ef3970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.842] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.849] SetEvent (hEvent=0x164) returned 1 [0108.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.849] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x34d50a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x34ef3970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x34ef3970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.849] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x34d50a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x34ef3970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x34ef3970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.849] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34ef3970, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x34ef3970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8ecd4180, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x49098, dwReserved0=0x0, dwReserved1=0x0, cFileName="StructuredQuerySchema.bin", cAlternateFileName="STRUCT~1.BIN")) returned 1 [0108.849] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.849] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.850] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0108.850] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0108.850] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\1033\\structuredqueryschema.bin"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x34ef3970, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x34ef3970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8ecd4180, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x49098)) returned 1 [0108.854] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x926116d0, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x926116d0, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.854] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x926116d0, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x926116d0, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.854] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x926116d0, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x926116d0, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.854] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Burn", cAlternateFileName="")) returned 1 [0108.854] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x3b9ee2a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3b9f09b0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x3b9f30c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Burn1", cAlternateFileName="")) returned 1 [0108.854] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x926116d0, ftCreationTime.dwHighDateTime=0x1d30596, ftLastAccessTime.dwLowDateTime=0x92637830, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x92637830, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Burn2", cAlternateFileName="")) returned 1 [0108.854] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.854] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.854] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.855] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.855] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.855] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.855] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0108.855] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.855] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.855] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0108.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x165f8f7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0108.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x3b9ee2a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3b9f09b0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x3b9f30c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.856] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.856] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x3b9ee2a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3b9f09b0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x3b9f30c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.856] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x3b9ee2a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3b9f09b0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x3b9f30c0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.856] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x3b9f09b0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3b9f09b0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x3b9f09b0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0108.856] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.856] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn1\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn1\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x3b9f09b0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x3b9f09b0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x3b9f09b0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0108.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x926116d0, ftCreationTime.dwHighDateTime=0x1d30596, ftLastAccessTime.dwLowDateTime=0x92637830, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x92637830, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.863] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.863] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x926116d0, ftCreationTime.dwHighDateTime=0x1d30596, ftLastAccessTime.dwLowDateTime=0x92637830, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x92637830, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.863] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0x926116d0, ftCreationTime.dwHighDateTime=0x1d30596, ftLastAccessTime.dwLowDateTime=0x92637830, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x92637830, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.863] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x92637830, ftCreationTime.dwHighDateTime=0x1d30596, ftLastAccessTime.dwLowDateTime=0x92637830, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x92637830, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0108.863] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.863] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.863] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x92637830, ftCreationTime.dwHighDateTime=0x1d30596, ftLastAccessTime.dwLowDateTime=0x92637830, ftLastAccessTime.dwHighDateTime=0x1d30596, ftLastWriteTime.dwLowDateTime=0x92637830, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0108.865] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.875] SetEvent (hEvent=0x15c) returned 1 [0108.875] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.878] SetEvent (hEvent=0x164) returned 1 [0108.878] SetEvent (hEvent=0x188) returned 1 [0108.878] SetEvent (hEvent=0xb8) returned 1 [0108.878] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.897] SetEvent (hEvent=0x164) returned 1 [0108.897] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0108.907] SetEvent (hEvent=0x15c) returned 1 [0108.907] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.001] SetEvent (hEvent=0x164) returned 1 [0109.001] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.288] SetEvent (hEvent=0x15c) returned 1 [0109.289] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.320] SetEvent (hEvent=0x108) returned 1 [0109.320] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000238010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000179818, lpReserved=0x0 | out: lpBuffer=0xc000238010*, lpNumberOfCharsWritten=0xc000179818*=0x3) returned 1 [0109.330] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000238016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001e9818, lpReserved=0x0 | out: lpBuffer=0xc000238016*, lpNumberOfCharsWritten=0xc0001e9818*=0x3) returned 1 [0109.351] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.355] SetEvent (hEvent=0x108) returned 1 [0109.355] SetEvent (hEvent=0x15c) returned 1 [0109.355] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00025a2a0*, nNumberOfCharsToWrite=0x6d, lpNumberOfCharsWritten=0xc00024d808, lpReserved=0x0 | out: lpBuffer=0xc00025a2a0*, lpNumberOfCharsWritten=0xc00024d808*=0x6d) returned 1 [0109.357] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.362] SetEvent (hEvent=0x114) returned 1 [0109.362] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082501 | out: pbBuffer=0xc000082501) returned 1 [0109.362] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0109.363] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0109.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0109.364] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0109.365] GetFileType (hFile=0x1bc) returned 0x1 [0109.365] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0109.365] CloseHandle (hObject=0x1bc) returned 1 [0109.365] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0109.366] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn2\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn2\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0109.367] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.368] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0109.368] SetEvent (hEvent=0xc0) returned 1 [0109.368] SetEvent (hEvent=0x15c) returned 1 [0109.368] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0109.370] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.370] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.373] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0109.373] SetEvent (hEvent=0x108) returned 1 [0109.373] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.391] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.403] SetEvent (hEvent=0x108) returned 1 [0109.403] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.405] SetEvent (hEvent=0x108) returned 1 [0109.405] SetEvent (hEvent=0x198) returned 1 [0109.405] SetEvent (hEvent=0x15c) returned 1 [0109.405] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.409] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00003c180*, nNumberOfCharsToWrite=0xb5, lpNumberOfCharsWritten=0xc00027d808, lpReserved=0x0 | out: lpBuffer=0xc00003c180*, lpNumberOfCharsWritten=0xc00027d808*=0xb5) returned 1 [0109.553] SwitchToThread () returned 1 [0109.698] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0109.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0109.699] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00027dd64 | out: lpMode=0xc00027dd64) returned 0 [0109.718] GetFileType (hFile=0x128) returned 0x1 [0109.718] WriteFile (in: hFile=0x128, lpBuffer=0xc00004e580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00004e580*, lpNumberOfBytesWritten=0xc00027dd4c*=0x158, lpOverlapped=0x0) returned 1 [0109.748] CloseHandle (hObject=0x128) returned 1 [0109.748] SwitchToThread () returned 1 [0109.753] SetEvent (hEvent=0x108) returned 1 [0109.753] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.754] SetEvent (hEvent=0x9c) returned 1 [0109.754] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.771] SetEvent (hEvent=0x108) returned 1 [0109.771] SetEvent (hEvent=0x188) returned 1 [0109.771] SetEvent (hEvent=0xb8) returned 1 [0109.771] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.774] SetEvent (hEvent=0x108) returned 1 [0109.774] SetEvent (hEvent=0x15c) returned 1 [0109.774] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.805] SetEvent (hEvent=0x9c) returned 1 [0109.805] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.828] SetEvent (hEvent=0x108) returned 1 [0109.828] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.828] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.829] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0109.829] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0109.829] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.830] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.830] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.830] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.830] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.831] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.831] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0109.831] VirtualFree (lpAddress=0xc000074000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0109.832] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.832] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.832] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.833] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0109.833] CloseHandle (hObject=0x1e4) returned 1 [0109.833] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0109.834] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\encry-index.dat"), dwFlags=0x1) returned 0 [0109.834] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0001d36e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0109.834] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0109.834] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\encry-thumbcache_96.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\encry-thumbcache_96.db"), dwFlags=0x1) returned 1 [0109.836] SwitchToThread () returned 1 [0109.841] SetEvent (hEvent=0x1a0) returned 1 [0109.841] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.894] SetEvent (hEvent=0x108) returned 1 [0109.894] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.920] SetEvent (hEvent=0x108) returned 1 [0109.920] SetEvent (hEvent=0x188) returned 1 [0109.920] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.932] SetEvent (hEvent=0x108) returned 1 [0109.932] SetEvent (hEvent=0x9c) returned 1 [0109.932] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.972] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003ca000*, nNumberOfCharsToWrite=0x91, lpNumberOfCharsWritten=0xc000143808, lpReserved=0x0 | out: lpBuffer=0xc0003ca000*, lpNumberOfCharsWritten=0xc000143808*=0x91) returned 1 [0109.974] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0109.978] SetEvent (hEvent=0xb8) returned 1 [0109.978] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0109.979] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0109.979] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0109.980] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0109.980] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0109.980] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000143d64 | out: lpMode=0xc000143d64) returned 0 [0109.994] GetFileType (hFile=0x128) returned 0x1 [0109.994] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000143d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000143d4c*=0x158, lpOverlapped=0x0) returned 1 [0109.994] CloseHandle (hObject=0x128) returned 1 [0109.994] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713\\encry-index.dat"), dwFlags=0x1) returned 1 [0109.995] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0110.003] SetEvent (hEvent=0x108) returned 1 [0110.003] VirtualFree (lpAddress=0xc0002bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.004] VirtualFree (lpAddress=0xc0002b6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.004] VirtualFree (lpAddress=0xc0002a8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.004] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.004] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.005] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.005] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.005] GetFileType (hFile=0x1b4) returned 0x1 [0110.005] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0002ac000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ac000*, lpNumberOfBytesWritten=0xc00029bd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.007] CloseHandle (hObject=0x1b4) returned 1 [0110.007] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0110.007] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\encry-{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\encry-{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db"), dwFlags=0x1) returned 1 [0110.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0110.009] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000203cf4 | out: lpMode=0xc000203cf4) returned 0 [0110.009] GetFileType (hFile=0x1b4) returned 0x1 [0110.010] GetFileType (hFile=0x1b4) returned 0x1 [0110.010] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000203d44 | out: lpFileInformation=0xc000203d44) returned 1 [0110.010] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000203d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000203d28) returned 1 [0110.010] VirtualAlloc (lpAddress=0xc000300000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0110.011] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000300000, nNumberOfBytesToRead=0x30cb, lpNumberOfBytesRead=0xc000203c04, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesRead=0xc000203c04*=0x2ecb, lpOverlapped=0x0) returned 1 [0110.016] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0110.021] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000302ecb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000203c04, lpOverlapped=0x0 | out: lpBuffer=0xc000302ecb*, lpNumberOfBytesRead=0xc000203c04*=0x0, lpOverlapped=0x0) returned 1 [0110.021] CloseHandle (hObject=0x1b4) returned 1 [0110.021] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0110.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.029] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000203d04 | out: lpMode=0xc000203d04) returned 0 [0110.030] GetFileType (hFile=0x128) returned 0x1 [0110.030] WriteFile (in: hFile=0x128, lpBuffer=0xc000168000*, nNumberOfBytesToWrite=0x2ed0, lpNumberOfBytesWritten=0xc000203cec, lpOverlapped=0x0 | out: lpBuffer=0xc000168000*, lpNumberOfBytesWritten=0xc000203cec*=0x2ed0, lpOverlapped=0x0) returned 1 [0110.031] CloseHandle (hObject=0x128) returned 1 [0110.039] VirtualAlloc (lpAddress=0xc0002e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e8000 [0110.039] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0110.040] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0110.040] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0110.040] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0110.041] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000203d64 | out: lpMode=0xc000203d64) returned 0 [0110.045] GetFileType (hFile=0xec) returned 0x1 [0110.045] WriteFile (in: hFile=0xec, lpBuffer=0xc0002ac2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000203d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ac2c0*, lpNumberOfBytesWritten=0xc000203d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.045] CloseHandle (hObject=0xec) returned 1 [0110.054] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0110.057] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\528d82a2[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\528d82a2[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-528d82a2[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-528d82a2[1].js"), dwFlags=0x1) returned 1 [0110.165] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.165] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0110.165] SetEvent (hEvent=0xc0) returned 1 [0110.165] SetEvent (hEvent=0x114) returned 1 [0110.165] SetEvent (hEvent=0x13c) returned 1 [0110.166] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0110.167] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.169] SetEvent (hEvent=0x114) returned 1 [0110.169] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.173] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0110.173] SetEvent (hEvent=0x9c) returned 1 [0110.173] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.178] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0110.193] SwitchToThread () returned 1 [0110.194] SetEvent (hEvent=0x114) returned 1 [0110.194] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001ad818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc0001ad818*=0x3) returned 1 [0110.195] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0110.207] SetEvent (hEvent=0xfc) returned 1 [0110.207] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000238000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00027d818, lpReserved=0x0 | out: lpBuffer=0xc000238000*, lpNumberOfCharsWritten=0xc00027d818*=0x3) returned 1 [0110.212] SetEvent (hEvent=0xfc) returned 1 [0110.213] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0110.213] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000238006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015d818, lpReserved=0x0 | out: lpBuffer=0xc000238006*, lpNumberOfCharsWritten=0xc00015d818*=0x3) returned 1 [0110.216] SetEvent (hEvent=0xfc) returned 1 [0110.216] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000238020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000285818, lpReserved=0x0 | out: lpBuffer=0xc000238020*, lpNumberOfCharsWritten=0xc000285818*=0x3) returned 1 [0110.218] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0110.220] SetEvent (hEvent=0x9c) returned 1 [0110.220] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0110.221] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0110.221] SetEvent (hEvent=0x188) returned 1 [0110.221] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000238026*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001bb818, lpReserved=0x0 | out: lpBuffer=0xc000238026*, lpNumberOfCharsWritten=0xc0001bb818*=0x3) returned 1 [0110.222] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00014d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc00014d818*=0x3) returned 1 [0110.225] SetEvent (hEvent=0x9c) returned 1 [0110.225] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000143818, lpReserved=0x0 | out: lpBuffer=0xc0000a0016*, lpNumberOfCharsWritten=0xc000143818*=0x3) returned 1 [0110.226] SetEvent (hEvent=0x9c) returned 1 [0110.226] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0170*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00029b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0170*, lpNumberOfCharsWritten=0xc00029b818*=0x3) returned 1 [0110.228] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0176*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc0000a0176*, lpNumberOfCharsWritten=0xc000175818*=0x3) returned 1 [0110.231] SetEvent (hEvent=0xfc) returned 1 [0110.231] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000292000*, nNumberOfCharsToWrite=0x87, lpNumberOfCharsWritten=0xc00020b808, lpReserved=0x0 | out: lpBuffer=0xc000292000*, lpNumberOfCharsWritten=0xc00020b808*=0x87) returned 1 [0110.235] SetEvent (hEvent=0xfc) returned 1 [0110.235] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0201 | out: pbBuffer=0xc0000e0201) returned 1 [0110.235] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0110.236] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0110.236] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0110.236] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.237] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00020bd64 | out: lpMode=0xc00020bd64) returned 0 [0110.238] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0110.239] GetFileType (hFile=0x1bc) returned 0x1 [0110.239] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00020bd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.240] CloseHandle (hObject=0x1bc) returned 1 [0110.240] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0110.240] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0110.241] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0110.242] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.243] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0110.243] SetEvent (hEvent=0x114) returned 1 [0110.244] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.244] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.246] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0110.246] SetEvent (hEvent=0x188) returned 1 [0110.246] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.255] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe30*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.256] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0110.256] SetEvent (hEvent=0xc0) returned 1 [0110.256] SetEvent (hEvent=0x188) returned 1 [0110.257] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.258] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0110.258] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.261] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0110.261] SetEvent (hEvent=0x120) returned 1 [0110.261] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.264] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0112.508] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0112.519] SetEvent (hEvent=0x1a0) returned 1 [0112.519] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0112.520] SetEvent (hEvent=0x1a0) returned 1 [0112.520] SetEvent (hEvent=0x188) returned 1 [0112.521] VirtualFree (lpAddress=0xc000380000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.521] VirtualFree (lpAddress=0xc000304000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0112.522] VirtualFree (lpAddress=0xc000300000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.522] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0112.523] VirtualFree (lpAddress=0xc000292000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.523] VirtualFree (lpAddress=0xc00025a000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0112.524] VirtualFree (lpAddress=0xc000230000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.524] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.524] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.525] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.525] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.525] VirtualFree (lpAddress=0xc000160000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.526] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.526] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.526] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0112.526] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.527] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0112.527] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.528] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.528] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.528] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.528] VirtualFree (lpAddress=0xc000074000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0112.529] VirtualFree (lpAddress=0xc00006a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0112.529] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.529] VirtualFree (lpAddress=0xc000054000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.530] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.530] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.530] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0112.531] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfCharsWritten=0xc0006dd818*=0x3) returned 1 [0112.537] SwitchToThread () returned 1 [0112.537] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0112.546] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0112.552] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0112.558] SetEvent (hEvent=0xb8) returned 1 [0112.558] SetEvent (hEvent=0x9c) returned 1 [0112.558] VirtualFree (lpAddress=0xc000312000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.558] VirtualFree (lpAddress=0xc000296000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.559] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.559] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0028*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00019f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0028*, lpNumberOfCharsWritten=0xc00019f818*=0x3) returned 1 [0112.561] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0112.565] SetEvent (hEvent=0xb8) returned 1 [0112.565] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0112.568] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0112.572] SetEvent (hEvent=0x164) returned 1 [0112.572] SetEvent (hEvent=0x198) returned 1 [0112.572] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0113.028] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0113.045] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0113.059] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0114.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0114.122] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00029fcf4 | out: lpMode=0xc00029fcf4) returned 0 [0114.132] GetFileType (hFile=0x1dc) returned 0x1 [0114.132] GetFileType (hFile=0x1dc) returned 0x1 [0114.133] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc00029fd44 | out: lpFileInformation=0xc00029fd44) returned 1 [0114.133] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc00029fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029fd28) returned 1 [0114.133] ReadFile (in: hFile=0x1dc, lpBuffer=0xc000183000, nNumberOfBytesToRead=0x2d8d, lpNumberOfBytesRead=0xc00029fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000183000*, lpNumberOfBytesRead=0xc00029fc04*=0x2b8d, lpOverlapped=0x0) returned 1 [0114.136] ReadFile (in: hFile=0x1dc, lpBuffer=0xc000185b8d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000185b8d*, lpNumberOfBytesRead=0xc00029fc04*=0x0, lpOverlapped=0x0) returned 1 [0114.136] CloseHandle (hObject=0x1dc) returned 1 [0114.136] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0114.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0114.161] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0114.226] GetConsoleMode (in: hConsoleHandle=0x1d8, lpMode=0xc00029fd04 | out: lpMode=0xc00029fd04) returned 0 [0114.228] GetFileType (hFile=0x1d8) returned 0x1 [0114.228] WriteFile (in: hFile=0x1d8, lpBuffer=0xc000198000*, nNumberOfBytesToWrite=0x2b90, lpNumberOfBytesWritten=0xc00029fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000198000*, lpNumberOfBytesWritten=0xc00029fcec*=0x2b90, lpOverlapped=0x0) returned 1 [0114.229] CloseHandle (hObject=0x1d8) returned 1 [0114.232] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000083401 | out: pbBuffer=0xc000083401) returned 1 [0114.232] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0114.233] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0114.233] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0114.234] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d8 [0114.234] GetConsoleMode (in: hConsoleHandle=0x1d8, lpMode=0xc00029fd64 | out: lpMode=0xc00029fd64) returned 0 [0114.236] GetFileType (hFile=0x1d8) returned 0x1 [0114.236] WriteFile (in: hFile=0x1d8, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc00029fd4c*=0x158, lpOverlapped=0x0) returned 1 [0114.236] CloseHandle (hObject=0x1d8) returned 1 [0114.242] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0114.353] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgUri[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeguri[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEgUri[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbeguri[1].jpg"), dwFlags=0x1) returned 1 [0114.507] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0114.510] SwitchToThread () returned 1 [0114.511] SetEvent (hEvent=0x1dc) returned 1 [0114.511] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0114.513] VirtualFree (lpAddress=0xc0003b4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.513] VirtualFree (lpAddress=0xc000332000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.514] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cb818, lpReserved=0x0 | out: lpBuffer=0xc000586020*, lpNumberOfCharsWritten=0xc0001cb818*=0x3) returned 1 [0114.515] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0114.521] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0128*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0128*, lpNumberOfCharsWritten=0xc0000f9818*=0x3) returned 1 [0114.618] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0114.718] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0115.579] SetEvent (hEvent=0x120) returned 1 [0115.579] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0115.629] VirtualAlloc (lpAddress=0xc00028a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028a000 [0115.629] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0115.630] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0000f7cf4 | out: lpMode=0xc0000f7cf4) returned 0 [0115.637] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0115.670] GetFileType (hFile=0x1ec) returned 0x1 [0115.670] GetFileType (hFile=0x1ec) returned 0x1 [0115.670] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc0000f7d44 | out: lpFileInformation=0xc0000f7d44) returned 1 [0115.671] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc0000f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f7d28) returned 1 [0115.671] VirtualAlloc (lpAddress=0xc000214000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000214000 [0115.671] ReadFile (in: hFile=0x1ec, lpBuffer=0xc000214000, nNumberOfBytesToRead=0xb12, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000214000*, lpNumberOfBytesRead=0xc0000f7c04*=0x912, lpOverlapped=0x0) returned 1 [0115.675] ReadFile (in: hFile=0x1ec, lpBuffer=0xc000214912, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000214912*, lpNumberOfBytesRead=0xc0000f7c04*=0x0, lpOverlapped=0x0) returned 1 [0115.675] CloseHandle (hObject=0x1ec) returned 1 [0115.675] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0115.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0115.702] GetConsoleMode (in: hConsoleHandle=0x204, lpMode=0xc0000f7d04 | out: lpMode=0xc0000f7d04) returned 0 [0115.704] GetFileType (hFile=0x204) returned 0x1 [0115.704] WriteFile (in: hFile=0x204, lpBuffer=0xc000222000*, nNumberOfBytesToWrite=0x920, lpNumberOfBytesWritten=0xc0000f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000222000*, lpNumberOfBytesWritten=0xc0000f7cec*=0x920, lpOverlapped=0x0) returned 1 [0115.705] CloseHandle (hObject=0x204) returned 1 [0115.709] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0115.710] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000083001 | out: pbBuffer=0xc000083001) returned 1 [0115.710] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0115.710] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0115.711] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0115.711] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0115.711] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0115.712] GetConsoleMode (in: hConsoleHandle=0x204, lpMode=0xc0000f7d64 | out: lpMode=0xc0000f7d64) returned 0 [0115.718] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0115.865] GetFileType (hFile=0x204) returned 0x1 [0115.865] WriteFile (in: hFile=0x204, lpBuffer=0xc0002666e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002666e0*, lpNumberOfBytesWritten=0xc0000f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0115.865] CloseHandle (hObject=0x204) returned 1 [0115.875] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBLdzQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbldzq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBLdzQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbbldzq[1].jpg"), dwFlags=0x1) returned 1 [0116.385] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f698, ulCount=0x10, ulNumEntriesRemoved=0x2969f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f698, ulNumEntriesRemoved=0x2969f66c) returned 0 [0116.385] SetEvent (hEvent=0x304) returned 1 [0116.385] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0116.387] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe08*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.389] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0116.389] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2969f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2969f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2969f6a0, ulNumEntriesRemoved=0x2969f674) returned 0 [0116.389] SetEvent (hEvent=0x304) returned 1 [0116.389] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2969fe18*=0xf4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.416] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0116.416] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0116.429] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0116.434] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0116.509] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0116.522] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0116.558] SetEvent (hEvent=0x304) returned 1 [0116.558] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0141.545] GetFileType (hFile=0x3d8) returned 0x1 [0141.545] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000094b40*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000191cec, lpOverlapped=0x0 | out: lpBuffer=0xc000094b40*, lpNumberOfBytesWritten=0xc000191cec*=0xf0, lpOverlapped=0x0) returned 1 [0142.527] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0142.827] SetEvent (hEvent=0x144) returned 1 [0142.827] CloseHandle (hObject=0x3d8) returned 1 [0142.839] SetEvent (hEvent=0x1b4) returned 1 [0142.839] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0142.843] SetEvent (hEvent=0x144) returned 1 [0142.843] SetEvent (hEvent=0x1d4) returned 1 [0142.843] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0142.876] SetEvent (hEvent=0x8c) returned 1 [0142.876] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0142.999] SetEvent (hEvent=0x39c) returned 1 [0142.999] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) returned 0x0 [0143.013] SetEvent (hEvent=0x258) returned 1 [0143.013] WaitForSingleObject (hHandle=0xf4, dwMilliseconds=0xffffffff) Thread: id = 23 os_tid = 0x914 [0102.099] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2989fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2989fea0*=0x154) returned 1 [0102.099] VirtualQuery (in: lpAddress=0x2989fec0, lpBuffer=0x2989fec0, dwLength=0x30 | out: lpBuffer=0x2989fec0*(BaseAddress=0x2989f000, AllocationBase=0x296a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0102.099] SetEvent (hEvent=0x9c) returned 1 [0102.099] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x164 [0102.099] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x178 [0102.099] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0102.124] SetEvent (hEvent=0x120) returned 1 [0102.124] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.422] SwitchToThread () returned 1 [0103.423] SwitchToThread () returned 1 [0103.424] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x14c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2989f840, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2989f840*=0x188) returned 1 [0103.424] SuspendThread (hThread=0x188) returned 0x0 [0103.424] GetThreadContext (in: hThread=0x188, lpContext=0x2989f850 | out: lpContext=0x2989f850*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2945f728, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab153a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0103.425] ResumeThread (hThread=0x188) returned 0x1 [0103.425] CloseHandle (hObject=0x188) returned 1 [0103.425] SwitchToThread () returned 1 [0103.425] SetEvent (hEvent=0xfc) returned 1 [0103.425] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.434] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.437] SetEvent (hEvent=0x188) returned 1 [0103.437] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.438] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0103.438] SetEvent (hEvent=0x15c) returned 1 [0103.438] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.443] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0103.443] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834da9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834dd0e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834dd0e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.443] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.443] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834da9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834dd0e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834dd0e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.444] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834da9d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834dd0e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834dd0e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.444] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834dd0e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834df7f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x41bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.444] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.444] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.444] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0103.444] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0103.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834dd0e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834df7f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x41bf)) returned 1 [0103.445] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834e9430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ebb40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.445] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834e9430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ebb40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.445] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834e9430, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ebb40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.445] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ebb40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x583f, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.445] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.445] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.446] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ml\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ebb40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ebb40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x583f)) returned 1 [0103.449] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834f0960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834f3070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.449] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834f0960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834f3070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.449] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834f0960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834f3070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.449] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834f3070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5224, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.449] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.449] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.449] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\mr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834f3070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834f3070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5224)) returned 1 [0103.449] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834fccb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ff3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.450] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834fccb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ff3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.450] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x834fccb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x834ff3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.450] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ff3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f8b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.450] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.450] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.450] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ms\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x834ff3c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x834ff3c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f8b)) returned 1 [0103.455] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0103.456] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835041e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835068f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.456] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835041e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835068f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.456] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835041e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835068f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.456] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835068f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ebc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.456] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.456] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.456] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nb\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835068f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835068f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ebc)) returned 1 [0103.457] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835794e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8357bbf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.457] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.457] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835794e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8357bbf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.457] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835794e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8357bbf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.457] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8357bbf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f45, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.457] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.457] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.457] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8357bbf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8357bbf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3f45)) returned 1 [0103.469] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.502] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83580a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83583120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.502] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.502] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83580a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83583120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.502] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83580a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83583120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.502] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83583120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.502] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.502] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.502] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83583120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83583120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8398e3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fd7)) returned 1 [0103.503] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8358f470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359b7c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8359b7c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.503] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.503] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0103.503] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8358f470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359b7c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8359b7c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.504] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0103.504] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8358f470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359b7c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8359b7c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.504] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8359b7c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359ded0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.504] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.504] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8359b7c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8359ded0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc)) returned 1 [0103.510] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0103.510] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835969a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a05e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.510] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.510] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835969a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a05e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.511] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835969a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a05e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.511] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835a05e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.511] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.511] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835a05e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a05e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc)) returned 1 [0103.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835990b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a5400, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.511] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.511] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835990b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a5400, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.511] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835990b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835a5400, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.512] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835a5400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.512] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.512] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.512] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_PT\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_pt\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835a5400, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835a5400, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3fdc)) returned 1 [0103.515] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.535] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0103.535] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835aa220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b1750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b1750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.536] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835aa220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b1750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b1750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.536] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835aa220, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b1750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b1750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.536] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835b1750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b3e60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40db, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.536] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.536] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.536] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ro\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835b1750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b3e60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83990ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40db)) returned 1 [0103.536] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835b6570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b8c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b8c80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.537] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835b6570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b8c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b8c80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.537] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835b6570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835b8c80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835b8c80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.537] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835b8c80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835bb390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x490e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.537] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.537] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.537] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ru\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835b8c80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835bb390, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x490e)) returned 1 [0103.542] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c01b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c01b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.553] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c01b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c01b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.553] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c01b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c01b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.553] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c28c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.553] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.553] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835c01b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c28c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40fd)) returned 1 [0103.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c4fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c9df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.554] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c4fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c9df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.554] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835c4fd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835c9df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.554] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835c9df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x407a, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.554] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.554] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sl\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835c9df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835c9df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x407a)) returned 1 [0103.557] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0103.557] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835cec10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835cec10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.558] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835cec10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835cec10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.558] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835cec10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835cec10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.558] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835d1320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x49c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.558] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.558] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.558] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835cec10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835d1320, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839931c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x49c1)) returned 1 [0103.558] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835daf60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dd670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.558] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835daf60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dd670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.559] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835daf60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dd670, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.559] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e96, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.559] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.559] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.559] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dd670, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e96)) returned 1 [0103.562] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dfd80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.562] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.562] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dfd80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.562] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0103.562] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835dd670, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835dfd80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.562] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835dfd80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e8b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.563] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.563] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.563] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sw\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835dfd80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835dfd80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e8b)) returned 1 [0103.563] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0103.563] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835e4ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835e72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.564] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.564] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835e4ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835e72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.564] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0103.564] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835e4ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835e72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.564] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835e72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e99c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x563d, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.564] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.564] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.564] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\ta\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835e72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835e99c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x563d)) returned 1 [0103.569] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835ec0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f0ef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.569] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.569] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835ec0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f0ef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.569] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835ec0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f0ef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.569] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835f0ef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5593, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.569] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.570] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.570] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\te\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835f0ef0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f0ef0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839958d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5593)) returned 1 [0103.570] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835f5d10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f8420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f8420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.570] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.570] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835f5d10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f8420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f8420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.570] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835f5d10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835f8420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835f8420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.570] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835f8420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835fab30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4f64, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.570] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.570] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.570] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\th\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835f8420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835fab30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4f64)) returned 1 [0103.572] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0103.572] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835fd240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835ff950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835ff950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.573] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.573] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835fd240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835ff950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835ff950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.573] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x835fd240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x835ff950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x835ff950, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.573] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835ff950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83602060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x404e, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.573] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.573] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.573] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x835ff950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83602060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x404e)) returned 1 [0103.573] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0103.574] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8360bca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8360e3b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8360e3b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.574] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.574] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8360bca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8360e3b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8360e3b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.574] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8360bca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8360e3b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8360e3b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.574] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8360e3b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83610ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x48f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.574] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.574] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.575] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\uk\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8360e3b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83610ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x48f1)) returned 1 [0103.577] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0103.577] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836158e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83617ff0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.577] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.577] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836158e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83617ff0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.578] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0103.578] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836158e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83617ff0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.578] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83617ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x426b, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.578] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.578] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.578] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0103.578] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\vi\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83617ff0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83617ff0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x83997fe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x426b)) returned 1 [0103.579] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8361ce10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8361f520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.579] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.579] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8361ce10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8361f520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.579] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8361ce10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8361f520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.579] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8361f520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8399a6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d11, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.579] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.579] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.579] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8361f520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8361f520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8399a6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d11)) returned 1 [0103.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8362b870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.587] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.587] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\*", lpFindFileData=0xc000074f48 | out: lpFindFileData=0xc000074f48*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8362b870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.587] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x83624340, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8362b870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.587] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8362b870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8399a6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d72, dwReserved0=0x0, dwReserved1=0x0, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0103.587] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000074f78 | out: lpFindFileData=0xc000074f78*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.587] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_TW\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\zh_tw\\messages.json"), fInfoLevelId=0x0, lpFileInformation=0xc0000750b8 | out: lpFileInformation=0xc0000750b8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8362b870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8362b870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8399a6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3d72)) returned 1 [0103.588] VirtualAlloc (lpAddress=0xc000284000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000284000 [0103.588] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0103.590] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.621] SetEvent (hEvent=0x9c) returned 1 [0103.621] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.622] SetEvent (hEvent=0x114) returned 1 [0103.622] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.622] SetEvent (hEvent=0x114) returned 1 [0103.622] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.623] SetEvent (hEvent=0x114) returned 1 [0103.623] SetEvent (hEvent=0x100) returned 1 [0103.623] VirtualFree (lpAddress=0xc000234000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.623] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.624] VirtualFree (lpAddress=0xc00020a000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0103.624] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.624] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.625] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.625] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.625] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.625] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.625] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.626] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.626] GetFileType (hFile=0x128) returned 0x1 [0103.626] WriteFile (in: hFile=0x128, lpBuffer=0xc000236000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000236000*, lpNumberOfBytesWritten=0xc0001d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.626] CloseHandle (hObject=0x128) returned 1 [0103.626] VirtualAlloc (lpAddress=0xc000268000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000268000 [0103.626] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\gu\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.627] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0103.628] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000139cf4 | out: lpMode=0xc000139cf4) returned 0 [0103.628] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.632] SetEvent (hEvent=0x114) returned 1 [0103.632] GetFileType (hFile=0x128) returned 0x1 [0103.632] GetFileType (hFile=0x128) returned 0x1 [0103.632] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000139d44 | out: lpFileInformation=0xc000139d44) returned 1 [0103.632] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000139d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000139d28) returned 1 [0103.632] ReadFile (in: hFile=0x128, lpBuffer=0xc0002d2800, nNumberOfBytesToRead=0x4145, lpNumberOfBytesRead=0xc000139c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002d2800*, lpNumberOfBytesRead=0xc000139c04*=0x3f45, lpOverlapped=0x0) returned 1 [0103.639] ReadFile (in: hFile=0x128, lpBuffer=0xc0002d6745, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000139c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002d6745*, lpNumberOfBytesRead=0xc000139c04*=0x0, lpOverlapped=0x0) returned 1 [0103.639] CloseHandle (hObject=0x128) returned 1 [0103.639] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0103.639] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0103.640] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0103.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0103.641] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000139d04 | out: lpMode=0xc000139d04) returned 0 [0103.646] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.648] GetFileType (hFile=0x128) returned 0x1 [0103.649] WriteFile (in: hFile=0x128, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x3f50, lpNumberOfBytesWritten=0xc000139cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc000139cec*=0x3f50, lpOverlapped=0x0) returned 1 [0103.650] CloseHandle (hObject=0x128) returned 1 [0103.650] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0103.650] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0103.650] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000139d64 | out: lpMode=0xc000139d64) returned 0 [0103.652] GetFileType (hFile=0x128) returned 0x1 [0103.652] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000139d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000139d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.653] CloseHandle (hObject=0x128) returned 1 [0103.653] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\nl\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.654] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.654] SetEvent (hEvent=0x114) returned 1 [0103.654] SetEvent (hEvent=0x9c) returned 1 [0103.655] VirtualFree (lpAddress=0xc0002c6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0103.655] VirtualFree (lpAddress=0xc000264000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0103.655] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.656] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.656] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.656] WriteFile (in: hFile=0x150, lpBuffer=0xc0002ce000*, nNumberOfBytesToWrite=0x41a0, lpNumberOfBytesWritten=0xc00027bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002ce000*, lpNumberOfBytesWritten=0xc00027bcec*=0x41a0, lpOverlapped=0x0) returned 1 [0103.658] CloseHandle (hObject=0x150) returned 1 [0103.658] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0103.658] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0103.658] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00027bd64 | out: lpMode=0xc00027bd64) returned 0 [0103.659] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.664] SetEvent (hEvent=0x114) returned 1 [0103.664] GetFileType (hFile=0x150) returned 0x1 [0103.664] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00027bd4c*=0x158, lpOverlapped=0x0) returned 1 [0103.664] CloseHandle (hObject=0x150) returned 1 [0103.664] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\fr\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.665] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.674] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.678] SetEvent (hEvent=0x114) returned 1 [0103.678] SwitchToThread () returned 1 [0103.681] SetEvent (hEvent=0x114) returned 1 [0103.681] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.687] SetEvent (hEvent=0x114) returned 1 [0103.687] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.688] SetEvent (hEvent=0xfc) returned 1 [0103.688] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.690] SetEvent (hEvent=0x114) returned 1 [0103.690] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.691] SetEvent (hEvent=0x114) returned 1 [0103.691] SetEvent (hEvent=0x100) returned 1 [0103.691] VirtualFree (lpAddress=0xc00028c000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0103.691] VirtualFree (lpAddress=0xc000212000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0103.692] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.692] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.692] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.692] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.693] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.693] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.693] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.693] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.694] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.694] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0103.694] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0103.695] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000205cf4 | out: lpMode=0xc000205cf4) returned 0 [0103.700] GetFileType (hFile=0x150) returned 0x1 [0103.700] GetFileType (hFile=0x150) returned 0x1 [0103.700] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000205d44 | out: lpFileInformation=0xc000205d44) returned 1 [0103.700] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000205d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000205d28) returned 1 [0103.700] ReadFile (in: hFile=0x150, lpBuffer=0xc0002ab800, nNumberOfBytesToRead=0x4096, lpNumberOfBytesRead=0xc000205c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ab800*, lpNumberOfBytesRead=0xc000205c04*=0x3e96, lpOverlapped=0x0) returned 1 [0103.715] ReadFile (in: hFile=0x150, lpBuffer=0xc0002af696, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000205c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002af696*, lpNumberOfBytesRead=0xc000205c04*=0x0, lpOverlapped=0x0) returned 1 [0103.715] CloseHandle (hObject=0x150) returned 1 [0103.715] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0103.716] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0103.717] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000205d04 | out: lpMode=0xc000205d04) returned 0 [0103.721] GetFileType (hFile=0x150) returned 0x1 [0103.721] WriteFile (in: hFile=0x150, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x3ea0, lpNumberOfBytesWritten=0xc000205cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc000205cec*=0x3ea0, lpOverlapped=0x0) returned 1 [0103.723] CloseHandle (hObject=0x150) returned 1 [0103.723] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0103.723] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0103.723] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0103.723] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0103.724] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0103.724] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0103.724] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0103.725] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000205d64 | out: lpMode=0xc000205d64) returned 0 [0103.730] GetFileType (hFile=0x150) returned 0x1 [0103.730] WriteFile (in: hFile=0x150, lpBuffer=0xc000130000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000205d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000130000*, lpNumberOfBytesWritten=0xc000205d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.730] CloseHandle (hObject=0x150) returned 1 [0103.730] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\sv\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.731] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.732] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.732] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.732] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.732] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.732] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.733] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.733] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0103.733] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000281cf4 | out: lpMode=0xc000281cf4) returned 0 [0103.739] GetFileType (hFile=0x150) returned 0x1 [0103.739] GetFileType (hFile=0x150) returned 0x1 [0103.739] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000281d44 | out: lpFileInformation=0xc000281d44) returned 1 [0103.739] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000281d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000281d28) returned 1 [0103.739] ReadFile (in: hFile=0x150, lpBuffer=0xc00020e800, nNumberOfBytesToRead=0x424e, lpNumberOfBytesRead=0xc000281c04, lpOverlapped=0x0 | out: lpBuffer=0xc00020e800*, lpNumberOfBytesRead=0xc000281c04*=0x404e, lpOverlapped=0x0) returned 1 [0103.757] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.759] ReadFile (in: hFile=0x150, lpBuffer=0xc00021284e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000281c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021284e*, lpNumberOfBytesRead=0xc000281c04*=0x0, lpOverlapped=0x0) returned 1 [0103.759] CloseHandle (hObject=0x150) returned 1 [0103.759] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0103.760] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0103.760] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0103.761] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000281d04 | out: lpMode=0xc000281d04) returned 0 [0103.766] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.780] SetEvent (hEvent=0xc0) returned 1 [0103.780] SetEvent (hEvent=0xfc) returned 1 [0103.780] GetFileType (hFile=0x150) returned 0x1 [0103.780] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.782] WriteFile (in: hFile=0x150, lpBuffer=0xc0002a7000*, nNumberOfBytesToWrite=0x4050, lpNumberOfBytesWritten=0xc000281cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a7000*, lpNumberOfBytesWritten=0xc000281cec*=0x4050, lpOverlapped=0x0) returned 1 [0103.783] CloseHandle (hObject=0x150) returned 1 [0103.783] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0103.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0103.783] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000281d64 | out: lpMode=0xc000281d64) returned 0 [0103.785] GetFileType (hFile=0x150) returned 0x1 [0103.785] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d71e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000281d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d71e0*, lpNumberOfBytesWritten=0xc000281d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.785] CloseHandle (hObject=0x150) returned 1 [0103.785] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\tr\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.786] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.795] SetEvent (hEvent=0xfc) returned 1 [0103.795] SwitchToThread () returned 1 [0103.795] SetEvent (hEvent=0xfc) returned 1 [0103.795] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.795] SetEvent (hEvent=0xfc) returned 1 [0103.795] SetEvent (hEvent=0x9c) returned 1 [0103.796] VirtualFree (lpAddress=0xc00029c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.796] VirtualFree (lpAddress=0xc000232000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.796] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.797] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.797] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.797] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.798] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.798] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0103.798] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0103.798] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0103.799] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0103.799] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\*", lpFindFileData=0xc000075020 | out: lpFindFileData=0xc000075020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b2a60 [0103.799] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x836ddc00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0103.799] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x839fe880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7299, dwReserved0=0x0, dwReserved1=0x0, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0103.799] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836e0310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3e39, dwReserved0=0x0, dwReserved1=0x0, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0103.799] FindNextFileW (in: hFindFile=0x7b2a60, lpFindFileData=0xc000075050 | out: lpFindFileData=0xc000075050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0103.799] FindClose (in: hFindFile=0x7b2a60 | out: hFindFile=0x7b2a60) returned 1 [0103.799] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0103.799] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\computed_hashes.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x839fe880, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x839fe880, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x839fe880, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7299)) returned 1 [0103.800] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_metadata\\verified_contents.json"), fInfoLevelId=0x0, lpFileInformation=0xc000075190 | out: lpFileInformation=0xc000075190*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x836e0310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836e0310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3e39)) returned 1 [0103.800] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83637bc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8363f0f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x8c0bf)) returned 1 [0103.800] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\background_script.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83641800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83643f10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xa89c)) returned 1 [0103.809] VirtualAlloc (lpAddress=0xc00020a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00020a000 [0103.810] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83646620, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83648d30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x181aa)) returned 1 [0103.810] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.html"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8364db50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8364db50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x111e1)) returned 1 [0103.811] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_route_details.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83652970, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83657790, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0x3a258)) returned 1 [0103.811] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_sender.js"), fInfoLevelId=0x0, lpFileInformation=0xc000075268 | out: lpFileInformation=0xc000075268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8365ecc0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x836613d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1caf9500, ftLastWriteTime.dwHighDateTime=0x1d2c87a, nFileSizeHigh=0x0, nFileSizeLow=0xce17)) returned 1 [0103.823] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.845] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x194 [0103.846] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc000285cf4 | out: lpMode=0xc000285cf4) returned 0 [0103.846] GetFileType (hFile=0x194) returned 0x1 [0103.847] GetFileType (hFile=0x194) returned 0x1 [0103.847] GetFileInformationByHandle (in: hFile=0x194, lpFileInformation=0xc000285d44 | out: lpFileInformation=0xc000285d44) returned 1 [0103.847] GetFileInformationByHandleEx (in: hFile=0x194, FileInformationClass=0x9, lpFileInformation=0xc000285d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000285d28) returned 1 [0103.847] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0103.849] ReadFile (in: hFile=0x194, lpBuffer=0xc000300000, nNumberOfBytesToRead=0x183aa, lpNumberOfBytesRead=0xc000285c04, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesRead=0xc000285c04*=0x181aa, lpOverlapped=0x0) returned 1 [0103.867] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.871] ReadFile (in: hFile=0x194, lpBuffer=0xc0003181aa, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000285c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003181aa*, lpNumberOfBytesRead=0xc000285c04*=0x0, lpOverlapped=0x0) returned 1 [0103.871] CloseHandle (hObject=0x194) returned 1 [0103.871] SetEvent (hEvent=0x13c) returned 1 [0103.871] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0103.900] SwitchToThread () returned 1 [0104.039] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.075] SetEvent (hEvent=0xf4) returned 1 [0104.075] SetEvent (hEvent=0x9c) returned 1 [0104.075] SetEvent (hEvent=0x13c) returned 1 [0104.075] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.112] SetEvent (hEvent=0xf4) returned 1 [0104.112] SetEvent (hEvent=0x100) returned 1 [0104.112] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.127] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0104.128] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000199cf4 | out: lpMode=0xc000199cf4) returned 0 [0104.132] GetFileType (hFile=0xec) returned 0x1 [0104.132] GetFileType (hFile=0xec) returned 0x1 [0104.132] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000199d44 | out: lpFileInformation=0xc000199d44) returned 1 [0104.132] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000199d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000199d28) returned 1 [0104.132] ReadFile (in: hFile=0xec, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0xa28, lpNumberOfBytesRead=0xc000199c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc000199c04*=0x828, lpOverlapped=0x0) returned 1 [0104.139] ReadFile (in: hFile=0xec, lpBuffer=0xc00003c828, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000199c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c828*, lpNumberOfBytesRead=0xc000199c04*=0x0, lpOverlapped=0x0) returned 1 [0104.140] CloseHandle (hObject=0xec) returned 1 [0104.140] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\index.html"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0104.141] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000199d04 | out: lpMode=0xc000199d04) returned 0 [0104.148] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.158] SwitchToThread () returned 1 [0104.249] SetEvent (hEvent=0x108) returned 1 [0104.249] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.251] SetEvent (hEvent=0x9c) returned 1 [0104.251] VirtualFree (lpAddress=0xc00031a000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0104.252] VirtualFree (lpAddress=0xc0002c6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0104.252] VirtualFree (lpAddress=0xc0002b0000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0104.252] VirtualFree (lpAddress=0xc00028c000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0104.253] VirtualFree (lpAddress=0xc00025c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.254] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.254] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.254] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.254] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.255] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.255] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.255] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.255] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.256] VirtualFree (lpAddress=0xc00005a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.256] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.256] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.256] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.257] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.257] VirtualAlloc (lpAddress=0xc0002cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002cc000 [0104.257] VirtualAlloc (lpAddress=0xc0002ce000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ce000 [0104.260] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0104.262] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000285d04 | out: lpMode=0xc000285d04) returned 0 [0104.270] GetFileType (hFile=0x128) returned 0x1 [0104.270] WriteFile (in: hFile=0x128, lpBuffer=0xc0002ce000*, nNumberOfBytesToWrite=0x181b0, lpNumberOfBytesWritten=0xc000285cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002ce000*, lpNumberOfBytesWritten=0xc000285cec*=0x181b0, lpOverlapped=0x0) returned 1 [0104.273] CloseHandle (hObject=0x128) returned 1 [0104.273] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0104.274] VirtualAlloc (lpAddress=0xc0002e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e8000 [0104.274] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0104.274] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000285d64 | out: lpMode=0xc000285d64) returned 0 [0104.293] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.299] GetFileType (hFile=0x128) returned 0x1 [0104.299] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0104.299] WriteFile (in: hFile=0x128, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000285d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc000285d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.299] CloseHandle (hObject=0x128) returned 1 [0104.300] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0104.300] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0104.300] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_game_sender.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-cast_game_sender.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\encry-cast_game_sender.js"), dwFlags=0x1) returned 1 [0104.301] SetEvent (hEvent=0x9c) returned 1 [0104.301] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.314] SetEvent (hEvent=0x13c) returned 1 [0104.314] VirtualFree (lpAddress=0xc0003d8000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0104.315] VirtualFree (lpAddress=0xc000394000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0104.316] VirtualFree (lpAddress=0xc000346000, dwSize=0x3c000, dwFreeType=0x4000) returned 1 [0104.317] VirtualFree (lpAddress=0xc000300000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0104.318] VirtualFree (lpAddress=0xc0002cc000, dwSize=0x1e000, dwFreeType=0x4000) returned 1 [0104.319] VirtualFree (lpAddress=0xc0002be000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.319] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.320] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.320] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.320] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.321] VirtualFree (lpAddress=0xc00005c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0104.321] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.321] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.321] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.322] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.322] SetEvent (hEvent=0x108) returned 1 [0104.322] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.342] SetEvent (hEvent=0xb8) returned 1 [0104.342] SwitchToThread () returned 1 [0104.343] SetEvent (hEvent=0x13c) returned 1 [0104.343] SetEvent (hEvent=0xb8) returned 1 [0104.343] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.354] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0104.354] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0104.355] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0104.355] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ac [0104.356] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0xc000045cf4 | out: lpMode=0xc000045cf4) returned 0 [0104.360] GetFileType (hFile=0x1ac) returned 0x1 [0104.360] GetFileType (hFile=0x1ac) returned 0x1 [0104.360] GetFileInformationByHandle (in: hFile=0x1ac, lpFileInformation=0xc000045d44 | out: lpFileInformation=0xc000045d44) returned 1 [0104.360] GetFileInformationByHandleEx (in: hFile=0x1ac, FileInformationClass=0x9, lpFileInformation=0xc000045d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000045d28) returned 1 [0104.360] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0104.361] ReadFile (in: hFile=0x1ac, lpBuffer=0xc00016c000, nNumberOfBytesToRead=0x1def, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c000*, lpNumberOfBytesRead=0xc000045c04*=0x1bef, lpOverlapped=0x0) returned 1 [0104.365] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.373] ReadFile (in: hFile=0x1ac, lpBuffer=0xc00016dbef, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016dbef*, lpNumberOfBytesRead=0xc000045c04*=0x0, lpOverlapped=0x0) returned 1 [0104.373] CloseHandle (hObject=0x1ac) returned 1 [0104.373] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0104.374] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0104.374] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0104.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0104.376] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0xc000045d04 | out: lpMode=0xc000045d04) returned 0 [0104.377] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.398] SetEvent (hEvent=0xb8) returned 1 [0104.398] GetFileType (hFile=0x1ac) returned 0x1 [0104.399] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.423] WriteFile (in: hFile=0x1ac, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0x1bf0, lpNumberOfBytesWritten=0xc000045cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc000045cec*=0x1bf0, lpOverlapped=0x0) returned 1 [0104.424] CloseHandle (hObject=0x1ac) returned 1 [0104.425] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0104.425] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0104.426] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ac [0104.426] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0xc000045d64 | out: lpMode=0xc000045d64) returned 0 [0104.433] GetFileType (hFile=0x1ac) returned 0x1 [0104.433] WriteFile (in: hFile=0x1ac, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000045d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000045d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.434] CloseHandle (hObject=0x1ac) returned 1 [0104.434] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0104.434] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0104.434] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0104.435] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\chromecast_logo_grey.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\encry-chromecast_logo_grey.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cast_setup\\encry-chromecast_logo_grey.png"), dwFlags=0x1) returned 1 [0104.436] SetEvent (hEvent=0x9c) returned 1 [0104.436] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.438] SetEvent (hEvent=0xf4) returned 1 [0104.439] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.442] SetEvent (hEvent=0x9c) returned 1 [0104.442] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.468] SetEvent (hEvent=0x13c) returned 1 [0104.468] SetEvent (hEvent=0x108) returned 1 [0104.468] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.485] SetEvent (hEvent=0xf4) returned 1 [0104.485] SetEvent (hEvent=0x13c) returned 1 [0104.485] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0104.486] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0104.486] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0104.487] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000187cf4 | out: lpMode=0xc000187cf4) returned 0 [0104.495] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.510] GetFileType (hFile=0x128) returned 0x1 [0104.510] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.561] GetFileType (hFile=0x128) returned 0x1 [0104.561] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000187d44 | out: lpFileInformation=0xc000187d44) returned 1 [0104.561] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000187d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000187d28) returned 1 [0104.561] ReadFile (in: hFile=0x128, lpBuffer=0xc0001e2c00, nNumberOfBytesToRead=0xaf8, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2c00*, lpNumberOfBytesRead=0xc000187c04*=0x8f8, lpOverlapped=0x0) returned 1 [0104.565] ReadFile (in: hFile=0x128, lpBuffer=0xc0001e34f8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e34f8*, lpNumberOfBytesRead=0xc000187c04*=0x0, lpOverlapped=0x0) returned 1 [0104.565] CloseHandle (hObject=0x128) returned 1 [0104.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0104.567] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000187d04 | out: lpMode=0xc000187d04) returned 0 [0104.570] GetFileType (hFile=0x128) returned 0x1 [0104.570] WriteFile (in: hFile=0x128, lpBuffer=0xc00011c900*, nNumberOfBytesToWrite=0x900, lpNumberOfBytesWritten=0xc000187cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011c900*, lpNumberOfBytesWritten=0xc000187cec*=0x900, lpOverlapped=0x0) returned 1 [0104.573] CloseHandle (hObject=0x128) returned 1 [0104.573] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0104.573] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0104.573] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0104.574] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0104.574] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0104.574] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000187d64 | out: lpMode=0xc000187d64) returned 0 [0104.583] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.642] SetEvent (hEvent=0xb8) returned 1 [0104.642] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.685] SetEvent (hEvent=0x1d0) returned 1 [0104.685] VirtualAlloc (lpAddress=0xc0003a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a0000 [0104.685] VirtualAlloc (lpAddress=0xc0003a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a2000 [0104.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0104.686] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0002d3cf4 | out: lpMode=0xc0002d3cf4) returned 0 [0104.691] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.702] SetEvent (hEvent=0xc0) returned 1 [0104.702] SetEvent (hEvent=0x1d0) returned 1 [0104.702] GetFileType (hFile=0x1dc) returned 0x1 [0104.702] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.711] SetEvent (hEvent=0xf4) returned 1 [0104.711] GetFileType (hFile=0x1dc) returned 0x1 [0104.711] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.721] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc0002d3d44 | out: lpFileInformation=0xc0002d3d44) returned 1 [0104.721] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc0002d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d3d28) returned 1 [0104.721] SetEvent (hEvent=0x9c) returned 1 [0104.721] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.725] VirtualFree (lpAddress=0xc000400000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0104.726] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.726] VirtualFree (lpAddress=0xc0003a6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.726] VirtualFree (lpAddress=0xc0003a0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.726] VirtualFree (lpAddress=0xc00039a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.727] VirtualFree (lpAddress=0xc00030a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.727] VirtualFree (lpAddress=0xc0002dc000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0104.727] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.727] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.727] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.728] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.728] GetFileType (hFile=0x144) returned 0x1 [0104.728] GetFileType (hFile=0x144) returned 0x1 [0104.728] GetFileInformationByHandle (in: hFile=0x144, lpFileInformation=0xc0001b9d44 | out: lpFileInformation=0xc0001b9d44) returned 1 [0104.728] GetFileInformationByHandleEx (in: hFile=0x144, FileInformationClass=0x9, lpFileInformation=0xc0001b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b9d28) returned 1 [0104.728] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.728] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.728] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.728] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0104.728] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0104.728] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0104.730] ReadFile (in: hFile=0x144, lpBuffer=0xc0003fe000, nNumberOfBytesToRead=0x41dc, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesRead=0xc0001b9c04*=0x3fdc, lpOverlapped=0x0) returned 1 [0104.738] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.742] ReadFile (in: hFile=0x144, lpBuffer=0xc000401fdc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000401fdc*, lpNumberOfBytesRead=0xc0001b9c04*=0x0, lpOverlapped=0x0) returned 1 [0104.742] CloseHandle (hObject=0x144) returned 1 [0104.742] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0104.743] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0104.743] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0104.743] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0104.744] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0104.744] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0104.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0104.746] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001b9d04 | out: lpMode=0xc0001b9d04) returned 0 [0104.749] GetFileType (hFile=0x144) returned 0x1 [0104.749] WriteFile (in: hFile=0x144, lpBuffer=0xc00006c000*, nNumberOfBytesToWrite=0x3fe0, lpNumberOfBytesWritten=0xc0001b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesWritten=0xc0001b9cec*=0x3fe0, lpOverlapped=0x0) returned 1 [0104.750] CloseHandle (hObject=0x144) returned 1 [0104.750] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532601 | out: pbBuffer=0xc000532601) returned 1 [0104.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x144 [0104.751] GetConsoleMode (in: hConsoleHandle=0x144, lpMode=0xc0001b9d64 | out: lpMode=0xc0001b9d64) returned 0 [0104.752] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.755] SetEvent (hEvent=0xc0) returned 1 [0104.755] SetEvent (hEvent=0xf4) returned 1 [0104.756] GetFileType (hFile=0x144) returned 0x1 [0104.756] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.761] SetEvent (hEvent=0xf4) returned 1 [0104.761] WriteFile (in: hFile=0x144, lpBuffer=0xc00007a9a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007a9a0*, lpNumberOfBytesWritten=0xc0001b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.762] CloseHandle (hObject=0x144) returned 1 [0104.762] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_BR\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\pt_br\\encry-messages.json"), dwFlags=0x1) returned 1 [0104.763] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.767] SetEvent (hEvent=0x120) returned 1 [0104.767] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.768] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0104.768] SetEvent (hEvent=0x9c) returned 1 [0104.768] SetEvent (hEvent=0x120) returned 1 [0104.768] SetEvent (hEvent=0xb8) returned 1 [0104.769] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.774] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.774] SetEvent (hEvent=0xb8) returned 1 [0104.774] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.776] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.776] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.777] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0104.777] SetEvent (hEvent=0x9c) returned 1 [0104.777] SetEvent (hEvent=0xb8) returned 1 [0104.777] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.778] VirtualAlloc (lpAddress=0xc000324000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000324000 [0104.779] VirtualAlloc (lpAddress=0xc000326000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000326000 [0104.779] VirtualAlloc (lpAddress=0xc000328000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000328000 [0104.779] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0104.780] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00010dcf4 | out: lpMode=0xc00010dcf4) returned 0 [0104.787] GetFileType (hFile=0x148) returned 0x1 [0104.787] GetFileType (hFile=0x148) returned 0x1 [0104.787] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc00010dd44 | out: lpFileInformation=0xc00010dd44) returned 1 [0104.787] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc00010dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010dd28) returned 1 [0104.787] VirtualAlloc (lpAddress=0xc00032a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032a000 [0104.787] ReadFile (in: hFile=0x148, lpBuffer=0xc00032a000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00032a000*, lpNumberOfBytesRead=0xc00010dc04*=0x0, lpOverlapped=0x0) returned 1 [0104.787] CloseHandle (hObject=0x148) returned 1 [0104.787] VirtualAlloc (lpAddress=0xc00032c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032c000 [0104.788] VirtualAlloc (lpAddress=0xc00032e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032e000 [0104.788] VirtualAlloc (lpAddress=0xc000330000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000330000 [0104.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons-journal"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0104.789] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00010dd04 | out: lpMode=0xc00010dd04) returned 0 [0104.802] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.806] GetFileType (hFile=0x148) returned 0x1 [0104.806] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.822] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0104.822] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0104.823] WriteFile (in: hFile=0x148, lpBuffer=0xc000010250*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc00010dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000010250*, lpNumberOfBytesWritten=0xc00010dcec*=0x10, lpOverlapped=0x0) returned 1 [0104.824] CloseHandle (hObject=0x148) returned 1 [0104.824] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0104.824] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0104.825] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0104.825] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0104.825] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0104.826] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0104.826] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0104.826] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0104.827] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0104.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons-journal"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0104.827] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00010dd64 | out: lpMode=0xc00010dd64) returned 0 [0104.828] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.837] GetFileType (hFile=0x148) returned 0x1 [0104.837] WriteFile (in: hFile=0x148, lpBuffer=0xc0000fa420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa420*, lpNumberOfBytesWritten=0xc00010dd4c*=0x158, lpOverlapped=0x0) returned 1 [0104.837] CloseHandle (hObject=0x148) returned 1 [0104.837] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0104.838] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0104.838] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Favicons-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\favicons-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Favicons-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-favicons-journal"), dwFlags=0x1) returned 1 [0104.839] VirtualFree (lpAddress=0xc0003d8000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.840] VirtualFree (lpAddress=0xc0003ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.840] VirtualFree (lpAddress=0xc0003c2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0104.841] VirtualFree (lpAddress=0xc000324000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0104.841] VirtualFree (lpAddress=0xc0002fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.841] VirtualFree (lpAddress=0xc0002ea000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.842] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0104.842] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0104.843] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0001cdcf4 | out: lpMode=0xc0001cdcf4) returned 0 [0104.846] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.860] GetFileType (hFile=0x148) returned 0x1 [0104.860] GetFileType (hFile=0x148) returned 0x1 [0104.860] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc0001cdd44 | out: lpFileInformation=0xc0001cdd44) returned 1 [0104.860] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc0001cdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cdd28) returned 1 [0104.860] VirtualAlloc (lpAddress=0xc00033c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033c000 [0104.860] ReadFile (in: hFile=0x148, lpBuffer=0xc00033c000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00033c000*, lpNumberOfBytesRead=0xc0001cdc04*=0x0, lpOverlapped=0x0) returned 1 [0104.860] CloseHandle (hObject=0x148) returned 1 [0104.860] VirtualAlloc (lpAddress=0xc00033e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033e000 [0104.861] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history-journal"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0104.861] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0001cdd04 | out: lpMode=0xc0001cdd04) returned 0 [0104.871] GetFileType (hFile=0x148) returned 0x1 [0104.871] WriteFile (in: hFile=0x148, lpBuffer=0xc0000101f0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0001cdcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000101f0*, lpNumberOfBytesWritten=0xc0001cdcec*=0x10, lpOverlapped=0x0) returned 1 [0104.873] CloseHandle (hObject=0x148) returned 1 [0104.873] VirtualAlloc (lpAddress=0xc000340000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000340000 [0104.873] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0104.873] VirtualAlloc (lpAddress=0xc000342000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000342000 [0104.874] VirtualAlloc (lpAddress=0xc000360000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000360000 [0104.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history-journal"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x148 [0104.874] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0001cdd64 | out: lpMode=0xc0001cdd64) returned 0 [0104.875] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.882] GetFileType (hFile=0x148) returned 0x1 [0104.882] WriteFile (in: hFile=0x148, lpBuffer=0xc00016a000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesWritten=0xc0001cdd4c*=0x158, lpOverlapped=0x0) returned 1 [0104.882] CloseHandle (hObject=0x148) returned 1 [0104.883] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0104.883] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0104.883] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0104.884] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0104.884] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-History-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-history-journal"), dwFlags=0x1) returned 1 [0104.885] SwitchToThread () returned 1 [0104.887] VirtualFree (lpAddress=0xc0003e8000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.887] SetEvent (hEvent=0xb8) returned 1 [0104.887] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.895] SetEvent (hEvent=0x108) returned 1 [0104.895] VirtualFree (lpAddress=0xc0003cc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.895] VirtualFree (lpAddress=0xc000346000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0104.896] VirtualFree (lpAddress=0xc00033c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0104.896] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0104.897] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.898] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.898] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.898] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.898] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.899] SetEvent (hEvent=0x9c) returned 1 [0104.899] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.910] SetEvent (hEvent=0xf4) returned 1 [0104.910] SetEvent (hEvent=0xb8) returned 1 [0104.910] SetEvent (hEvent=0x9c) returned 1 [0104.910] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.927] SetEvent (hEvent=0xb8) returned 1 [0104.927] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.934] SetEvent (hEvent=0xfc) returned 1 [0104.934] SetEvent (hEvent=0x108) returned 1 [0104.934] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.946] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.949] SetEvent (hEvent=0xf4) returned 1 [0104.949] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.987] SetEvent (hEvent=0xb8) returned 1 [0104.987] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.992] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.993] SetEvent (hEvent=0xb8) returned 1 [0104.993] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.994] SetEvent (hEvent=0xb8) returned 1 [0104.994] SetEvent (hEvent=0xfc) returned 1 [0104.994] SetEvent (hEvent=0x108) returned 1 [0104.994] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.996] SetEvent (hEvent=0xfc) returned 1 [0104.996] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0104.998] VirtualFree (lpAddress=0xc0003c8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.998] VirtualFree (lpAddress=0xc00036e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.998] VirtualFree (lpAddress=0xc00036a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.998] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.999] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.999] SetEvent (hEvent=0x108) returned 1 [0104.999] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.245] SetEvent (hEvent=0xb8) returned 1 [0105.245] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.248] SetEvent (hEvent=0x120) returned 1 [0105.248] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.251] SetEvent (hEvent=0xfc) returned 1 [0105.251] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.371] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0105.371] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0105.371] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0105.372] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1c4 [0105.372] GetConsoleMode (in: hConsoleHandle=0x1c4, lpMode=0xc0000f3cf4 | out: lpMode=0xc0000f3cf4) returned 0 [0105.374] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.378] SetEvent (hEvent=0xc0) returned 1 [0105.378] GetFileType (hFile=0x1c4) returned 0x1 [0105.378] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.390] SetEvent (hEvent=0xc0) returned 1 [0105.391] SetEvent (hEvent=0x9c) returned 1 [0105.391] GetFileType (hFile=0x1c4) returned 0x1 [0105.391] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.418] SetEvent (hEvent=0xc0) returned 1 [0105.418] GetFileInformationByHandle (in: hFile=0x1c4, lpFileInformation=0xc0000f3d44 | out: lpFileInformation=0xc0000f3d44) returned 1 [0105.418] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.431] GetFileInformationByHandleEx (in: hFile=0x1c4, FileInformationClass=0x9, lpFileInformation=0xc0000f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f3d28) returned 1 [0105.431] ReadFile (in: hFile=0x1c4, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x2a7, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc0000f3c04*=0xa7, lpOverlapped=0x0) returned 1 [0105.432] ReadFile (in: hFile=0x1c4, lpBuffer=0xc0000ee0a7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee0a7*, lpNumberOfBytesRead=0xc0000f3c04*=0x0, lpOverlapped=0x0) returned 1 [0105.433] CloseHandle (hObject=0x1c4) returned 1 [0105.433] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0105.433] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0105.433] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0105.434] GetConsoleMode (in: hConsoleHandle=0x1c4, lpMode=0xc0000f3d04 | out: lpMode=0xc0000f3d04) returned 0 [0105.620] GetFileType (hFile=0x1c4) returned 0x1 [0105.620] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0105.621] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0105.621] WriteFile (in: hFile=0x1c4, lpBuffer=0xc0000fe000*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0xc0000f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesWritten=0xc0000f3cec*=0xb0, lpOverlapped=0x0) returned 1 [0105.622] CloseHandle (hObject=0x1c4) returned 1 [0105.622] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0105.623] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0105.623] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0105.623] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0105.624] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0105.624] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0105.625] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0105.625] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0105.625] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c4 [0105.626] GetConsoleMode (in: hConsoleHandle=0x1c4, lpMode=0xc0000f3d64 | out: lpMode=0xc0000f3d64) returned 0 [0105.630] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.650] GetFileType (hFile=0x1c4) returned 0x1 [0105.650] WriteFile (in: hFile=0x1c4, lpBuffer=0xc0001e4160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001e4160*, lpNumberOfBytesWritten=0xc0000f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0105.651] CloseHandle (hObject=0x1c4) returned 1 [0105.651] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0105.651] VirtualAlloc (lpAddress=0xc00028e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028e000 [0105.652] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0105.652] VirtualAlloc (lpAddress=0xc000310000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000310000 [0105.652] VirtualAlloc (lpAddress=0xc000312000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000312000 [0105.653] VirtualAlloc (lpAddress=0xc000314000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000314000 [0105.653] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\encry-LOG" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\encry-log"), dwFlags=0x1) returned 1 [0105.654] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.656] SetEvent (hEvent=0x108) returned 1 [0105.656] SetEvent (hEvent=0xf4) returned 1 [0105.656] SetEvent (hEvent=0x120) returned 1 [0105.656] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.660] SetEvent (hEvent=0xf4) returned 1 [0105.660] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.662] VirtualFree (lpAddress=0xc0006da000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.662] VirtualFree (lpAddress=0xc0002da000, dwSize=0x36000, dwFreeType=0x4000) returned 1 [0105.664] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.664] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.665] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.665] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0105.665] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.666] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.666] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.666] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.666] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.667] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.667] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.668] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0105.668] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.668] SetEvent (hEvent=0x120) returned 1 [0105.668] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.696] SetEvent (hEvent=0x9c) returned 1 [0105.696] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.706] SetEvent (hEvent=0xf4) returned 1 [0105.706] SetEvent (hEvent=0x9c) returned 1 [0105.706] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.714] SetEvent (hEvent=0x108) returned 1 [0105.714] SetEvent (hEvent=0x9c) returned 1 [0105.714] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.723] SetEvent (hEvent=0xf4) returned 1 [0105.723] SetEvent (hEvent=0x108) returned 1 [0105.724] VirtualFree (lpAddress=0xc000480000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0105.724] VirtualFree (lpAddress=0xc000310000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0105.725] VirtualFree (lpAddress=0xc000290000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.725] VirtualFree (lpAddress=0xc00021a000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0105.725] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.726] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.726] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.726] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.726] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.727] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.727] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.727] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0105.727] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0105.728] SetEvent (hEvent=0x9c) returned 1 [0105.728] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.736] SetEvent (hEvent=0xf4) returned 1 [0105.736] SetEvent (hEvent=0x114) returned 1 [0105.736] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.742] SetEvent (hEvent=0x120) returned 1 [0105.742] SetEvent (hEvent=0x9c) returned 1 [0105.742] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.767] SetEvent (hEvent=0x9c) returned 1 [0105.767] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.820] SetEvent (hEvent=0xf4) returned 1 [0105.820] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.856] SetEvent (hEvent=0x120) returned 1 [0105.856] SetEvent (hEvent=0x108) returned 1 [0105.856] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.867] SetEvent (hEvent=0x120) returned 1 [0105.867] SetEvent (hEvent=0x108) returned 1 [0105.867] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.875] SetEvent (hEvent=0x120) returned 1 [0105.875] SetEvent (hEvent=0x9c) returned 1 [0105.875] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0105.984] SetEvent (hEvent=0x9c) returned 1 [0105.984] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.115] SetEvent (hEvent=0xf4) returned 1 [0106.116] SetEvent (hEvent=0x108) returned 1 [0106.116] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.123] SetEvent (hEvent=0x9c) returned 1 [0106.123] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.123] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0106.123] SetEvent (hEvent=0x114) returned 1 [0106.124] SetEvent (hEvent=0x9c) returned 1 [0106.124] SetEvent (hEvent=0xfc) returned 1 [0106.125] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.129] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.130] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.130] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0106.130] SetEvent (hEvent=0xf4) returned 1 [0106.130] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.136] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0106.137] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0106.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0106.138] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00029bcf4 | out: lpMode=0xc00029bcf4) returned 0 [0106.143] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.146] GetFileType (hFile=0x1b4) returned 0x1 [0106.146] GetFileType (hFile=0x1b4) returned 0x1 [0106.146] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc00029bd44 | out: lpFileInformation=0xc00029bd44) returned 1 [0106.146] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc00029bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029bd28) returned 1 [0106.146] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x128000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0106.167] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00058e000, nNumberOfBytesToRead=0x126fa7, lpNumberOfBytesRead=0xc00029bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesRead=0xc00029bc04*=0x126da7, lpOverlapped=0x0) returned 1 [0106.192] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0006b4da7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0006b4da7*, lpNumberOfBytesRead=0xc00029bc04*=0x0, lpOverlapped=0x0) returned 1 [0106.193] CloseHandle (hObject=0x1b4) returned 1 [0106.193] VirtualAlloc (lpAddress=0xc000352000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000352000 [0106.193] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x128000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.193] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x128000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.194] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x94000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ea000 [0106.196] VirtualAlloc (lpAddress=0xc00077e000, dwSize=0x94000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.196] VirtualAlloc (lpAddress=0xc00077e000, dwSize=0x4a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00077e000 [0106.197] VirtualAlloc (lpAddress=0xc0007c8000, dwSize=0x4a000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.197] VirtualAlloc (lpAddress=0xc0007c8000, dwSize=0x25000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007c8000 [0106.198] VirtualAlloc (lpAddress=0xc0007ed000, dwSize=0x25000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.198] VirtualAlloc (lpAddress=0xc0007ed000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ed000 [0106.198] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x13000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.198] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.198] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.198] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0106.198] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ff000 [0106.199] VirtualAlloc (lpAddress=0xc000800000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0106.216] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\iconcache.db"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.216] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\IconCache.db\\*", lpFindFileData=0xc00029ba08 | out: lpFindFileData=0xc00029ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0106.216] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00029b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0106.216] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.237] SwitchToThread () returned 1 [0106.240] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0106.241] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0106.241] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0106.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\history"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.242] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0106.242] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\History\\*", lpFindFileData=0xc0002999f8 | out: lpFindFileData=0xc0002999f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0106.243] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000299720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0106.243] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0106.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0106.244] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000049cf4 | out: lpMode=0xc000049cf4) returned 0 [0106.250] GetFileType (hFile=0x1b4) returned 0x1 [0106.250] GetFileType (hFile=0x1b4) returned 0x1 [0106.250] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000049d44 | out: lpFileInformation=0xc000049d44) returned 1 [0106.250] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000049d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000049d28) returned 1 [0106.250] VirtualAlloc (lpAddress=0xc000360000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000360000 [0106.251] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000360000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc000360000*, lpNumberOfBytesRead=0xc000049c04*=0x0, lpOverlapped=0x0) returned 1 [0106.251] CloseHandle (hObject=0x1b4) returned 1 [0106.251] VirtualAlloc (lpAddress=0xc000362000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000362000 [0106.251] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0106.251] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000049d04 | out: lpMode=0xc000049d04) returned 0 [0106.254] GetFileType (hFile=0x1b4) returned 0x1 [0106.254] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0005865d0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000049cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005865d0*, lpNumberOfBytesWritten=0xc000049cec*=0x10, lpOverlapped=0x0) returned 1 [0106.255] CloseHandle (hObject=0x1b4) returned 1 [0106.255] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0501 | out: pbBuffer=0xc0000e0501) returned 1 [0106.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0106.255] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000049d64 | out: lpMode=0xc000049d64) returned 0 [0106.259] GetFileType (hFile=0x1b4) returned 0x1 [0106.259] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000049d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000049d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.260] CloseHandle (hObject=0x1b4) returned 1 [0106.260] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\000003.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\encry-000003.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\encry-000003.log"), dwFlags=0x1) returned 1 [0106.261] VirtualFree (lpAddress=0xc000800000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0106.261] VirtualFree (lpAddress=0xc0006ea000, dwSize=0x116000, dwFreeType=0x4000) returned 1 [0106.267] VirtualFree (lpAddress=0xc00058e000, dwSize=0x128000, dwFreeType=0x4000) returned 1 [0106.274] VirtualFree (lpAddress=0xc000358000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0106.274] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.274] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0106.275] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.275] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.275] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.275] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.275] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.276] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.276] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0106.276] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00014bcf4 | out: lpMode=0xc00014bcf4) returned 0 [0106.278] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.281] GetFileType (hFile=0x1b4) returned 0x1 [0106.281] GetFileType (hFile=0x1b4) returned 0x1 [0106.281] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc00014bd44 | out: lpFileInformation=0xc00014bd44) returned 1 [0106.281] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc00014bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014bd28) returned 1 [0106.281] VirtualAlloc (lpAddress=0xc000364000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000364000 [0106.282] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000364000, nNumberOfBytesToRead=0x4200, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000364000*, lpNumberOfBytesRead=0xc00014bc04*=0x4000, lpOverlapped=0x0) returned 1 [0106.284] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000368000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000368000*, lpNumberOfBytesRead=0xc00014bc04*=0x0, lpOverlapped=0x0) returned 1 [0106.284] CloseHandle (hObject=0x1b4) returned 1 [0106.285] VirtualAlloc (lpAddress=0xc000376000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000376000 [0106.285] VirtualAlloc (lpAddress=0xc000378000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000378000 [0106.285] VirtualAlloc (lpAddress=0xc00037a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037a000 [0106.286] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0106.287] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00014bd04 | out: lpMode=0xc00014bd04) returned 0 [0106.291] GetFileType (hFile=0x1b4) returned 0x1 [0106.291] WriteFile (in: hFile=0x1b4, lpBuffer=0xc000368800*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0xc00014bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000368800*, lpNumberOfBytesWritten=0xc00014bcec*=0x4010, lpOverlapped=0x0) returned 1 [0106.293] CloseHandle (hObject=0x1b4) returned 1 [0106.293] VirtualAlloc (lpAddress=0xc00037c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037c000 [0106.293] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0106.293] VirtualAlloc (lpAddress=0xc00037e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037e000 [0106.294] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0106.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0106.295] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00014bd64 | out: lpMode=0xc00014bd64) returned 0 [0106.301] GetFileType (hFile=0x1b4) returned 0x1 [0106.301] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000762c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000762c0*, lpNumberOfBytesWritten=0xc00014bd4c*=0x158, lpOverlapped=0x0) returned 1 [0106.301] CloseHandle (hObject=0x1b4) returned 1 [0106.302] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0106.302] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0106.302] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\previews_opt_out.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-previews_opt_out.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-previews_opt_out.db"), dwFlags=0x1) returned 1 [0106.303] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0106.303] SetEvent (hEvent=0x9c) returned 1 [0106.303] SetEvent (hEvent=0xfc) returned 1 [0106.304] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.315] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.315] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0106.315] SetEvent (hEvent=0xfc) returned 1 [0106.315] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.352] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0106.352] SetEvent (hEvent=0xf4) returned 1 [0106.352] SetEvent (hEvent=0x114) returned 1 [0106.353] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.357] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.357] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.362] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.362] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.363] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0106.363] SetEvent (hEvent=0xfc) returned 1 [0106.363] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.364] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0106.364] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0106.364] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0106.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds\\Microsoft Feeds~\\MSNBC News~.feed-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds\\microsoft feeds~\\msnbc news~.feed-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0106.365] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000295cf4 | out: lpMode=0xc000295cf4) returned 0 [0106.366] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.378] SetEvent (hEvent=0x108) returned 1 [0106.378] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.386] SetEvent (hEvent=0x120) returned 1 [0106.386] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x2a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0106.389] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0002e2000, nNumberOfBytesToRead=0x28ff6, lpNumberOfBytesRead=0xc0002d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesRead=0xc0002d3c04*=0x28df6, lpOverlapped=0x0) returned 1 [0106.399] ReadFile (in: hFile=0x1dc, lpBuffer=0xc00030adf6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030adf6*, lpNumberOfBytesRead=0xc0002d3c04*=0x0, lpOverlapped=0x0) returned 1 [0106.399] CloseHandle (hObject=0x1dc) returned 1 [0106.399] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0106.399] VirtualAlloc (lpAddress=0xc00030c000, dwSize=0x2a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030c000 [0106.403] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0106.404] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0106.404] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0106.407] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0002d3d04 | out: lpMode=0xc0002d3d04) returned 0 [0106.415] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.416] GetFileType (hFile=0x1dc) returned 0x1 [0106.417] WriteFile (in: hFile=0x1dc, lpBuffer=0xc00030c000*, nNumberOfBytesToWrite=0x28e00, lpNumberOfBytesWritten=0xc0002d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc00030c000*, lpNumberOfBytesWritten=0xc0002d3cec*=0x28e00, lpOverlapped=0x0) returned 1 [0106.420] CloseHandle (hObject=0x1dc) returned 1 [0106.420] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0106.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0106.421] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0002d3d64 | out: lpMode=0xc0002d3d64) returned 0 [0106.426] GetFileType (hFile=0x1dc) returned 0x1 [0106.426] WriteFile (in: hFile=0x1dc, lpBuffer=0xc000120000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesWritten=0xc0002d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.427] CloseHandle (hObject=0x1dc) returned 1 [0106.446] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\google docs.ico"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\encry-Google Docs.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\web applications\\_crx_aohghmighlieiainnegkcijnfilokake\\encry-google docs.ico"), dwFlags=0x1) returned 1 [0106.447] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x2a000, dwFreeType=0x4000) returned 1 [0106.449] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.449] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0106.450] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00026dcf4 | out: lpMode=0xc00026dcf4) returned 0 [0106.457] GetFileType (hFile=0x1dc) returned 0x1 [0106.457] GetFileType (hFile=0x1dc) returned 0x1 [0106.457] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc00026dd44 | out: lpFileInformation=0xc00026dd44) returned 1 [0106.457] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc00026dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026dd28) returned 1 [0106.457] ReadFile (in: hFile=0x1dc, lpBuffer=0xc00016a780, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016a780*, lpNumberOfBytesRead=0xc00026dc04*=0x43, lpOverlapped=0x0) returned 1 [0106.458] ReadFile (in: hFile=0x1dc, lpBuffer=0xc00016a7c3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016a7c3*, lpNumberOfBytesRead=0xc00026dc04*=0x0, lpOverlapped=0x0) returned 1 [0106.458] CloseHandle (hObject=0x1dc) returned 1 [0106.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\1nbur4hr\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.459] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\1NBUR4HR\\desktop.ini\\*", lpFindFileData=0xc00026da08 | out: lpFindFileData=0xc00026da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0106.459] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00026d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0106.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0106.459] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001abcf4 | out: lpMode=0xc0001abcf4) returned 0 [0106.464] GetFileType (hFile=0x1dc) returned 0x1 [0106.464] GetFileType (hFile=0x1dc) returned 0x1 [0106.464] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc0001abd44 | out: lpFileInformation=0xc0001abd44) returned 1 [0106.464] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc0001abd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001abd28) returned 1 [0106.464] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0106.465] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0x162f, lpNumberOfBytesRead=0xc0001abc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc0001abc04*=0x142f, lpOverlapped=0x0) returned 1 [0106.474] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0001e342f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001abc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e342f*, lpNumberOfBytesRead=0xc0001abc04*=0x0, lpOverlapped=0x0) returned 1 [0106.474] CloseHandle (hObject=0x1dc) returned 1 [0106.474] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0106.475] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0106.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0106.476] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001abd04 | out: lpMode=0xc0001abd04) returned 0 [0106.481] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.484] SetEvent (hEvent=0xc0) returned 1 [0106.484] GetFileType (hFile=0x1dc) returned 0x1 [0106.484] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.495] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d1500*, nNumberOfBytesToWrite=0x1430, lpNumberOfBytesWritten=0xc0001abcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesWritten=0xc0001abcec*=0x1430, lpOverlapped=0x0) returned 1 [0106.496] CloseHandle (hObject=0x1dc) returned 1 [0106.496] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0106.497] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0106.497] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0106.497] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0106.497] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0106.498] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0106.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0106.498] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001abd64 | out: lpMode=0xc0001abd64) returned 0 [0106.502] GetFileType (hFile=0x1dc) returned 0x1 [0106.502] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000762c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001abd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000762c0*, lpNumberOfBytesWritten=0xc0001abd4c*=0x158, lpOverlapped=0x0) returned 1 [0106.502] CloseHandle (hObject=0x1dc) returned 1 [0106.502] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0106.503] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0106.503] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\history provider cache"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-History Provider Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-history provider cache"), dwFlags=0x1) returned 1 [0106.504] SwitchToThread () returned 1 [0106.509] SetEvent (hEvent=0x108) returned 1 [0106.509] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.511] SetEvent (hEvent=0x120) returned 1 [0106.511] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.514] SwitchToThread () returned 1 [0106.610] SwitchToThread () returned 1 [0106.611] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.620] SetEvent (hEvent=0x108) returned 1 [0106.620] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.622] SetEvent (hEvent=0xfc) returned 1 [0106.622] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.625] SwitchToThread () returned 1 [0106.627] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.638] SetEvent (hEvent=0x108) returned 1 [0106.638] SetEvent (hEvent=0x120) returned 1 [0106.639] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000103c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00012b818, lpReserved=0x0 | out: lpBuffer=0xc0000103c0*, lpNumberOfCharsWritten=0xc00012b818*=0x4) returned 1 [0106.643] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.647] SetEvent (hEvent=0x108) returned 1 [0106.647] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000157818, lpReserved=0x0 | out: lpBuffer=0xc0000a02d8*, lpNumberOfCharsWritten=0xc000157818*=0x4) returned 1 [0106.659] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0106.659] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000253818, lpReserved=0x0 | out: lpBuffer=0xc0001021a0*, lpNumberOfCharsWritten=0xc000253818*=0x4) returned 1 [0106.663] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000137818, lpReserved=0x0 | out: lpBuffer=0xc0001021a8*, lpNumberOfCharsWritten=0xc000137818*=0x4) returned 1 [0106.664] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.669] SetEvent (hEvent=0x108) returned 1 [0106.669] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001c5818, lpReserved=0x0 | out: lpBuffer=0xc0001021c0*, lpNumberOfCharsWritten=0xc0001c5818*=0x4) returned 1 [0106.673] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001d1818, lpReserved=0x0 | out: lpBuffer=0xc0000a02d0*, lpNumberOfCharsWritten=0xc0001d1818*=0x4) returned 1 [0106.678] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000151818, lpReserved=0x0 | out: lpBuffer=0xc0000a02d8*, lpNumberOfCharsWritten=0xc000151818*=0x4) returned 1 [0106.679] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.684] SetEvent (hEvent=0x120) returned 1 [0106.684] SetEvent (hEvent=0x108) returned 1 [0106.684] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000103c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001cf818, lpReserved=0x0 | out: lpBuffer=0xc0000103c0*, lpNumberOfCharsWritten=0xc0001cf818*=0x4) returned 1 [0106.684] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102160*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00004b818, lpReserved=0x0 | out: lpBuffer=0xc000102160*, lpNumberOfCharsWritten=0xc00004b818*=0x4) returned 1 [0106.688] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102168*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000191818, lpReserved=0x0 | out: lpBuffer=0xc000102168*, lpNumberOfCharsWritten=0xc000191818*=0x4) returned 1 [0106.689] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.694] SetEvent (hEvent=0x108) returned 1 [0106.694] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc0001021a0*, lpNumberOfCharsWritten=0xc000117818*=0x4) returned 1 [0106.698] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102050*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c5818, lpReserved=0x0 | out: lpBuffer=0xc000102050*, lpNumberOfCharsWritten=0xc0000c5818*=0x3) returned 1 [0106.706] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102058*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004db818, lpReserved=0x0 | out: lpBuffer=0xc000102058*, lpNumberOfCharsWritten=0xc0004db818*=0x4) returned 1 [0106.714] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0106.714] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001021c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000193818, lpReserved=0x0 | out: lpBuffer=0xc0001021c0*, lpNumberOfCharsWritten=0xc000193818*=0x4) returned 1 [0106.716] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.721] SetEvent (hEvent=0x108) returned 1 [0106.721] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.722] SetEvent (hEvent=0xf4) returned 1 [0106.722] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.731] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0106.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\shortcuts-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0106.732] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00011bcf4 | out: lpMode=0xc00011bcf4) returned 0 [0106.739] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.749] SwitchToThread () returned 1 [0106.750] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.751] SetEvent (hEvent=0x120) returned 1 [0106.752] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.752] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0106.752] SetEvent (hEvent=0xc0) returned 1 [0106.752] SetEvent (hEvent=0x114) returned 1 [0106.752] SetEvent (hEvent=0x120) returned 1 [0106.752] SetEvent (hEvent=0xfc) returned 1 [0106.753] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0106.758] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.759] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.764] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0106.764] SetEvent (hEvent=0xfc) returned 1 [0106.764] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0106.771] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0106.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0106.772] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0001edcf4 | out: lpMode=0xc0001edcf4) returned 0 [0106.780] GetFileType (hFile=0x1d4) returned 0x1 [0106.780] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0106.780] GetFileType (hFile=0x1d4) returned 0x1 [0106.780] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc0001edd44 | out: lpFileInformation=0xc0001edd44) returned 1 [0106.780] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc0001edd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001edd28) returned 1 [0106.781] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0106.781] ReadFile (in: hFile=0x1d4, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x3200, lpNumberOfBytesRead=0xc0001edc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0001edc04*=0x3000, lpOverlapped=0x0) returned 1 [0106.787] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.796] ReadFile (in: hFile=0x1d4, lpBuffer=0xc0002a7000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001edc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a7000*, lpNumberOfBytesRead=0xc0001edc04*=0x0, lpOverlapped=0x0) returned 1 [0106.796] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.797] CloseHandle (hObject=0x1d4) returned 1 [0106.797] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0106.803] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0001edd04 | out: lpMode=0xc0001edd04) returned 0 [0106.805] GetFileType (hFile=0x1d4) returned 0x1 [0106.805] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0002a7500*, nNumberOfBytesToWrite=0x3010, lpNumberOfBytesWritten=0xc0001edcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a7500*, lpNumberOfBytesWritten=0xc0001edcec*=0x3010, lpOverlapped=0x0) returned 1 [0106.806] CloseHandle (hObject=0x1d4) returned 1 [0106.807] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0106.807] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0106.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0106.807] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0001edd64 | out: lpMode=0xc0001edd64) returned 0 [0106.808] GetFileType (hFile=0x1d4) returned 0x1 [0106.808] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0001e6000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001edd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001e6000*, lpNumberOfBytesWritten=0xc0001edd4c*=0x158, lpOverlapped=0x0) returned 1 [0106.808] CloseHandle (hObject=0x1d4) returned 1 [0106.808] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0106.808] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\encry-chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local storage\\encry-chrome-extension_pkedcjkdefgpdelpbcmbmeomcjbeemfm_0.localstorage"), dwFlags=0x1) returned 1 [0106.809] VirtualFree (lpAddress=0xc00021a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0106.809] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.809] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids-journal"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1d4 [0106.810] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000269cf4 | out: lpMode=0xc000269cf4) returned 0 [0106.810] GetFileType (hFile=0x1d4) returned 0x1 [0106.810] GetFileType (hFile=0x1d4) returned 0x1 [0106.811] GetFileInformationByHandle (in: hFile=0x1d4, lpFileInformation=0xc000269d44 | out: lpFileInformation=0xc000269d44) returned 1 [0106.811] GetFileInformationByHandleEx (in: hFile=0x1d4, FileInformationClass=0x9, lpFileInformation=0xc000269d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000269d28) returned 1 [0106.811] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0106.811] ReadFile (in: hFile=0x1d4, lpBuffer=0xc000060000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000269c04, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesRead=0xc000269c04*=0x0, lpOverlapped=0x0) returned 1 [0106.811] CloseHandle (hObject=0x1d4) returned 1 [0106.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids-journal"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0106.811] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000269d04 | out: lpMode=0xc000269d04) returned 0 [0106.812] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.813] GetFileType (hFile=0x1d4) returned 0x1 [0106.813] WriteFile (in: hFile=0x1d4, lpBuffer=0xc000102310*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000269cec, lpOverlapped=0x0 | out: lpBuffer=0xc000102310*, lpNumberOfBytesWritten=0xc000269cec*=0x10, lpOverlapped=0x0) returned 1 [0106.814] CloseHandle (hObject=0x1d4) returned 1 [0106.814] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0106.814] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids-journal"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0106.814] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc000269d64 | out: lpMode=0xc000269d64) returned 0 [0106.815] GetFileType (hFile=0x1d4) returned 0x1 [0106.815] WriteFile (in: hFile=0x1d4, lpBuffer=0xc000094160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000269d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000094160*, lpNumberOfBytesWritten=0xc000269d4c*=0x158, lpOverlapped=0x0) returned 1 [0106.815] CloseHandle (hObject=0x1d4) returned 1 [0106.815] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0106.815] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0106.816] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing channel ids-journal"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\encry-Safe Browsing Channel IDs-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\encry-safe browsing channel ids-journal"), dwFlags=0x1) returned 1 [0106.816] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.821] SetEvent (hEvent=0x114) returned 1 [0106.821] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.822] SetEvent (hEvent=0xfc) returned 1 [0106.822] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.824] SetEvent (hEvent=0x114) returned 1 [0106.824] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.827] SetEvent (hEvent=0x114) returned 1 [0106.827] SetEvent (hEvent=0x9c) returned 1 [0106.827] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.827] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0106.828] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.828] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.828] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.828] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0106.829] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0106.829] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0106.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\ieonline.microsoft[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0106.830] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00014dcf4 | out: lpMode=0xc00014dcf4) returned 0 [0106.832] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0106.834] GetFileType (hFile=0x1b0) returned 0x1 [0106.834] GetFileType (hFile=0x1b0) returned 0x1 [0106.834] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00014dd44 | out: lpFileInformation=0xc00014dd44) returned 1 [0106.835] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00014dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014dd28) returned 1 [0106.835] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000072200, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000072200*, lpNumberOfBytesRead=0xc00014dc04*=0x0, lpOverlapped=0x0) returned 1 [0106.835] CloseHandle (hObject=0x1b0) returned 1 [0106.835] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0106.835] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0106.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\ieonline.microsoft[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0106.836] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00014dd04 | out: lpMode=0xc00014dd04) returned 0 [0106.840] GetFileType (hFile=0x1b0) returned 0x1 [0106.840] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000a01b0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc00014dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a01b0*, lpNumberOfBytesWritten=0xc00014dcec*=0x10, lpOverlapped=0x0) returned 1 [0106.841] CloseHandle (hObject=0x1b0) returned 1 [0106.841] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0106.841] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0106.841] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0106.842] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0106.842] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0106.842] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\ieonline.microsoft[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0106.842] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00014dd64 | out: lpMode=0xc00014dd64) returned 0 [0106.843] GetFileType (hFile=0x1b0) returned 0x1 [0106.843] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00014dd4c*=0x158, lpOverlapped=0x0) returned 1 [0106.843] CloseHandle (hObject=0x1b0) returned 1 [0106.843] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\ieonline.microsoft[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\ieonline.microsoft[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\encry-ieonline.microsoft[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\encry-ieonline.microsoft[1]"), dwFlags=0x1) returned 1 [0106.844] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.844] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.844] VirtualFree (lpAddress=0xc00006a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0106.845] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.845] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0106.845] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0106.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\imjp8_1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.845] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP8_1\\*", lpFindFileData=0xc0002e1530 | out: lpFindFileData=0xc0002e1530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0106.846] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002e1560 | out: lpFindFileData=0xc0002e1560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.846] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002e1560 | out: lpFindFileData=0xc0002e1560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0106.846] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0106.846] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\imjp9_0"), fInfoLevelId=0x0, lpFileInformation=0xc0002e1778 | out: lpFileInformation=0xc0002e1778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.846] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\imjp9_0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.846] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\IMJP9_0\\*", lpFindFileData=0xc0002e1530 | out: lpFindFileData=0xc0002e1530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0106.846] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002e1560 | out: lpFindFileData=0xc0002e1560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.846] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002e1560 | out: lpFindFileData=0xc0002e1560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0106.846] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0106.847] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0106.847] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer"), fInfoLevelId=0x0, lpFileInformation=0xc0002e1778 | out: lpFileInformation=0xc0002e1778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.849] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\*", lpFindFileData=0xc0002e1530 | out: lpFindFileData=0xc0002e1530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0106.852] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0106.853] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002e1560 | out: lpFindFileData=0xc0002e1560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.853] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002e1560 | out: lpFindFileData=0xc0002e1560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="brndlog.bak", cAlternateFileName="")) returned 1 [0106.853] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002e1560 | out: lpFindFileData=0xc0002e1560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d977900, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2fb0, dwReserved0=0x0, dwReserved1=0x0, cFileName="brndlog.txt", cAlternateFileName="")) returned 1 [0106.853] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002e1560 | out: lpFindFileData=0xc0002e1560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DOMStore", cAlternateFileName="")) returned 1 [0106.853] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002e1560 | out: lpFindFileData=0xc0002e1560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x65d58120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65d58120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65d58120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x23f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="frameiconcache.dat", cAlternateFileName="FRAMEI~1.DAT")) returned 1 [0106.853] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002e1560 | out: lpFindFileData=0xc0002e1560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x95014270, ftCreationTime.dwHighDateTime=0x1d2fab5, ftLastAccessTime.dwLowDateTime=0x95014270, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0x95014270, ftLastWriteTime.dwHighDateTime=0x1d2fab5, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSIMGSIZ.DAT", cAlternateFileName="")) returned 1 [0106.853] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002e1560 | out: lpFindFileData=0xc0002e1560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed4ae10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db5fbe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6db5fbe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0106.853] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002e1560 | out: lpFindFileData=0xc0002e1560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0106.853] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0106.854] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0106.854] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0106.855] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.857] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0106.857] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.857] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3LKBQZJ3", cAlternateFileName="")) returned 1 [0106.857] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8NES5H33", cAlternateFileName="")) returned 1 [0106.857] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FKLUIDU0", cAlternateFileName="")) returned 1 [0106.857] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x125db390, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0106.857] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OWLVMZRC", cAlternateFileName="")) returned 1 [0106.857] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0106.857] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0106.857] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0106.858] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0106.858] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\3lkbqzj3"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\3lkbqzj3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.858] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\3LKBQZJ3\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0106.859] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.859] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0106.859] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0106.859] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.859] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0106.859] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.859] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d941010, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xd, dwReserved0=0x0, dwReserved1=0x0, cFileName="get.adobe[1].xml", cAlternateFileName="GETADO~1.XML")) returned 1 [0106.859] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0106.859] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0106.859] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0106.860] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0106.860] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\8NES5H33\\get.adobe[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\8nes5h33\\get.adobe[1].xml"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d941010, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xd)) returned 1 [0106.860] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\fkluidu0"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.860] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\fkluidu0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.860] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\FKLUIDU0\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0106.861] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.861] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0106.861] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0106.861] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\owlvmzrc"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.861] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\owlvmzrc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.861] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\OWLVMZRC\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0106.861] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d705b70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.861] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0106.861] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0106.861] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x1d705b70, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d705b70, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x125db390, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0106.861] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\msimgsiz.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x95014270, ftCreationTime.dwHighDateTime=0x1d2fab5, ftLastAccessTime.dwLowDateTime=0x95014270, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0x95014270, ftLastWriteTime.dwHighDateTime=0x1d2fab5, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0106.871] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed4ae10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db5fbe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6db5fbe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.871] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed4ae10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db5fbe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6db5fbe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0106.871] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed4ae10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6db5fbe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6db5fbe0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.871] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed70f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bc84b10, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bc84b10, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Active", cAlternateFileName="")) returned 1 [0106.872] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6db5fbe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x30603250, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Last Active", cAlternateFileName="LASTAC~1")) returned 1 [0106.872] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0106.872] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0106.872] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\active"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed70f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bc84b10, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bc84b10, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.872] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\active"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.872] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Active\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed70f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bc84b10, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bc84b10, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0106.872] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4ed70f70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x2bc84b10, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2bc84b10, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.872] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0106.872] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0106.872] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6db5fbe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x30603250, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0106.882] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0106.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0106.883] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0106.883] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6db5fbe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x30603250, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0106.892] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6db5fbe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x30603250, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0106.892] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe35acf0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe35acf0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x306293b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat", cAlternateFileName="RECOVE~2.DAT")) returned 1 [0106.892] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0106.892] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6dd28c60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dd28c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe35acf0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat", cAlternateFileName="RECOVE~1.DAT")) returned 1 [0106.892] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe35acf0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe35acf0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe35acf0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat", cAlternateFileName="{4BD65~1.DAT")) returned 1 [0106.892] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0106.893] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30603250, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x306293b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1200, dwReserved0=0x0, dwReserved1=0x0, cFileName="{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat", cAlternateFileName="{69512~1.DAT")) returned 1 [0106.893] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0106.893] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0106.894] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0106.894] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0106.894] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{4BD650F1-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{4bd650f1-c8f9-11e7-b5bf-c43dc7584a00}.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe35acf0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe35acf0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x306293b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xe00)) returned 1 [0106.895] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{AAE6BF5C-4991-11E7-8E2B-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{aae6bf5c-4991-11e7-8e2b-c43dc7584a00}.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6dd28c60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6dd28c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe35acf0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1200)) returned 1 [0106.896] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0106.896] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0106.896] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0106.897] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{4BD650F0-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{4bd650f0-c8f9-11e7-b5bf-c43dc7584a00}.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe35acf0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0xe35acf0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe35acf0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1200)) returned 1 [0106.989] SwitchToThread () returned 1 [0106.992] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0106.993] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0106.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{69512155-C8F9-11E7-B5BF-C43DC7584A00}.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\recovery\\last active\\{69512155-c8f9-11e7-b5bf-c43dc7584a00}.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x30603250, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x30603250, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x306293b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1200)) returned 1 [0106.996] SetEvent (hEvent=0x114) returned 1 [0106.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.bak"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb371c2, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x2fa9)) returned 1 [0106.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\brndlog.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\brndlog.txt"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f14980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d977900, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2fb0)) returned 1 [0107.001] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.003] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\frameiconcache.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\frameiconcache.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x65d58120, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x65d58120, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65d58120, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x23f4)) returned 1 [0107.007] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player"), fInfoLevelId=0x0, lpFileInformation=0xc000221778 | out: lpFileInformation=0xc000221778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0107.007] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0107.008] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\*", lpFindFileData=0xc000221530 | out: lpFindFileData=0xc000221530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0107.013] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221560 | out: lpFindFileData=0xc000221560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0107.013] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221560 | out: lpFindFileData=0xc000221560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2cf59b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x105000, dwReserved0=0x0, dwReserved1=0x0, cFileName="CurrentDatabase_372.wmdb", cAlternateFileName="CURREN~1.WMD")) returned 1 [0107.013] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221560 | out: lpFindFileData=0xc000221560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2cf33a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2cf33a20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1106c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalMLS_3.wmdb", cAlternateFileName="LOCALM~1.WMD")) returned 1 [0107.013] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0107.013] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221560 | out: lpFindFileData=0xc000221560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sync Playlists", cAlternateFileName="SYNCPL~1")) returned 1 [0107.013] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221560 | out: lpFindFileData=0xc000221560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Transcoded Files Cache", cAlternateFileName="TRANSC~1")) returned 1 [0107.013] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221560 | out: lpFindFileData=0xc000221560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0107.013] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0107.014] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\CurrentDatabase_372.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\currentdatabase_372.wmdb"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28eee820, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2cf59b80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x105000)) returned 1 [0107.015] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\LocalMLS_3.wmdb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\localmls_3.wmdb"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28eee820, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2cf33a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2cf33a20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1106c)) returned 1 [0107.016] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0107.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0107.016] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0107.016] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf73e9a4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0107.016] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0107.016] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0107.016] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0107.016] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0107.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0107.017] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0107.017] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0107.017] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0000E713", cAlternateFileName="")) returned 1 [0107.017] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f14980, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="00010C6E", cAlternateFileName="")) returned 1 [0107.017] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0107.017] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0107.017] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0107.029] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0107.030] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\*", lpFindFileData=0xc0002212a8 | out: lpFindFileData=0xc0002212a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0107.032] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0107.032] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x414, dwReserved0=0x0, dwReserved1=0x0, cFileName="01_Music_auto_rated_at_5_stars.wpl", cAlternateFileName="01_MUS~1.WPL")) returned 1 [0107.032] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x4ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="02_Music_added_in_the_last_month.wpl", cAlternateFileName="02_MUS~1.WPL")) returned 1 [0107.032] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x4f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="03_Music_rated_at_4_or_5_stars.wpl", cAlternateFileName="03_MUS~1.WPL")) returned 1 [0107.032] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x504, dwReserved0=0x0, dwReserved1=0x0, cFileName="04_Music_played_in_the_last_month.wpl", cAlternateFileName="04_MUS~1.WPL")) returned 1 [0107.032] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x31d, dwReserved0=0x0, dwReserved1=0x0, cFileName="05_Pictures_taken_in_the_last_month.wpl", cAlternateFileName="05_PIC~1.WPL")) returned 1 [0107.032] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x311, dwReserved0=0x0, dwReserved1=0x0, cFileName="06_Pictures_rated_4_or_5_stars.wpl", cAlternateFileName="06_PIC~1.WPL")) returned 1 [0107.032] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0x0, dwReserved1=0x0, cFileName="07_TV_recorded_in_the_last_week.wpl", cAlternateFileName="07_TV_~1.WPL")) returned 1 [0107.032] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="08_Video_rated_at_4_or_5_stars.wpl", cAlternateFileName="08_VID~1.WPL")) returned 1 [0107.032] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x401, dwReserved0=0x0, dwReserved1=0x0, cFileName="09_Music_played_the_most.wpl", cAlternateFileName="09_MUS~1.WPL")) returned 1 [0107.032] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x427, dwReserved0=0x0, dwReserved1=0x0, cFileName="10_All_Music.wpl", cAlternateFileName="10_ALL~1.WPL")) returned 1 [0107.032] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x249, dwReserved0=0x0, dwReserved1=0x0, cFileName="11_All_Pictures.wpl", cAlternateFileName="11_ALL~1.WPL")) returned 1 [0107.032] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x437, dwReserved0=0x0, dwReserved1=0x0, cFileName="12_All_Video.wpl", cAlternateFileName="12_ALL~1.WPL")) returned 1 [0107.032] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0107.033] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0107.033] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\01_music_auto_rated_at_5_stars.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x414)) returned 1 [0107.034] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\02_Music_added_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\02_music_added_in_the_last_month.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x4ff)) returned 1 [0107.035] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\03_Music_rated_at_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\03_music_rated_at_4_or_5_stars.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x4f3)) returned 1 [0107.035] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\04_music_played_in_the_last_month.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x504)) returned 1 [0107.038] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\05_Pictures_taken_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\05_pictures_taken_in_the_last_month.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x31d)) returned 1 [0107.038] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2ca96f80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2ca96f80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2ca96f80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x311)) returned 1 [0107.046] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.051] SetEvent (hEvent=0x108) returned 1 [0107.051] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.052] SetEvent (hEvent=0x108) returned 1 [0107.052] SetEvent (hEvent=0x114) returned 1 [0107.052] SetEvent (hEvent=0x120) returned 1 [0107.052] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.053] SetEvent (hEvent=0x114) returned 1 [0107.053] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.063] SetEvent (hEvent=0x108) returned 1 [0107.063] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.163] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.286] SetEvent (hEvent=0x114) returned 1 [0107.286] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.290] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.294] SetEvent (hEvent=0xfc) returned 1 [0107.294] SetEvent (hEvent=0xf4) returned 1 [0107.294] SetEvent (hEvent=0x114) returned 1 [0107.294] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.299] SetEvent (hEvent=0xfc) returned 1 [0107.299] SetEvent (hEvent=0xb8) returned 1 [0107.300] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.328] SetEvent (hEvent=0x114) returned 1 [0107.329] SetEvent (hEvent=0xb8) returned 1 [0107.329] SetEvent (hEvent=0x120) returned 1 [0107.329] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.335] SetEvent (hEvent=0xb8) returned 1 [0107.335] SetEvent (hEvent=0x120) returned 1 [0107.335] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.350] SetEvent (hEvent=0x108) returned 1 [0107.351] SetEvent (hEvent=0xb8) returned 1 [0107.351] SetEvent (hEvent=0xfc) returned 1 [0107.351] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.356] SetEvent (hEvent=0x108) returned 1 [0107.356] SetEvent (hEvent=0x114) returned 1 [0107.356] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.358] SetEvent (hEvent=0x108) returned 1 [0107.358] SetEvent (hEvent=0xb8) returned 1 [0107.358] SetEvent (hEvent=0xfc) returned 1 [0107.358] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.363] VirtualFree (lpAddress=0xc00025c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0107.364] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0107.364] VirtualFree (lpAddress=0xc000078000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0107.364] SetEvent (hEvent=0x114) returned 1 [0107.364] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.379] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.392] SetEvent (hEvent=0xb8) returned 1 [0107.392] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.414] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0107.414] SetEvent (hEvent=0x108) returned 1 [0107.414] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.473] SetEvent (hEvent=0xf4) returned 1 [0107.473] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.755] SetEvent (hEvent=0xb8) returned 1 [0107.755] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.763] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0107.764] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001adcf4 | out: lpMode=0xc0001adcf4) returned 0 [0107.764] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.772] GetFileType (hFile=0x1b0) returned 0x1 [0107.772] GetFileType (hFile=0x1b0) returned 0x1 [0107.772] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0001add44 | out: lpFileInformation=0xc0001add44) returned 1 [0107.772] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0001add28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001add28) returned 1 [0107.772] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000222580, nNumberOfBytesToRead=0x511, lpNumberOfBytesRead=0xc0001adc04, lpOverlapped=0x0 | out: lpBuffer=0xc000222580*, lpNumberOfBytesRead=0xc0001adc04*=0x311, lpOverlapped=0x0) returned 1 [0107.775] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.781] SetEvent (hEvent=0x108) returned 1 [0107.781] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000222891, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001adc04, lpOverlapped=0x0 | out: lpBuffer=0xc000222891*, lpNumberOfBytesRead=0xc0001adc04*=0x0, lpOverlapped=0x0) returned 1 [0107.781] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0107.787] CloseHandle (hObject=0x1b0) returned 1 [0107.787] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0107.788] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0107.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0107.789] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001add04 | out: lpMode=0xc0001add04) returned 0 [0107.791] GetFileType (hFile=0x1b0) returned 0x1 [0107.791] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00006e000*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0xc0001adcec, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesWritten=0xc0001adcec*=0x320, lpOverlapped=0x0) returned 1 [0107.792] CloseHandle (hObject=0x1b0) returned 1 [0107.792] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0107.793] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0107.793] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001add64 | out: lpMode=0xc0001add64) returned 0 [0107.795] GetFileType (hFile=0x1b0) returned 0x1 [0107.795] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000ce2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001add4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce2c0*, lpNumberOfBytesWritten=0xc0001add4c*=0x158, lpOverlapped=0x0) returned 1 [0107.795] CloseHandle (hObject=0x1b0) returned 1 [0107.795] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\06_pictures_rated_4_or_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\0000E713\\encry-06_Pictures_rated_4_or_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\0000e713\\encry-06_pictures_rated_4_or_5_stars.wpl"), dwFlags=0x1) returned 1 [0107.796] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0107.796] SetEvent (hEvent=0x188) returned 1 [0107.796] SetEvent (hEvent=0x100) returned 1 [0107.796] SetEvent (hEvent=0x15c) returned 1 [0107.797] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.800] SetEvent (hEvent=0x15c) returned 1 [0107.800] SetEvent (hEvent=0x100) returned 1 [0107.800] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.802] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.802] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0107.802] SetEvent (hEvent=0xb8) returned 1 [0107.802] SetEvent (hEvent=0x114) returned 1 [0107.802] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0107.805] GetFileType (hFile=0x1b4) returned 0x1 [0107.805] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000287d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000287d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.805] CloseHandle (hObject=0x1b4) returned 1 [0107.821] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\04_music_played_in_the_last_month.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\encry-04_Music_played_in_the_last_month.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\encry-04_music_played_in_the_last_month.wpl"), dwFlags=0x1) returned 1 [0108.409] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.423] VirtualFree (lpAddress=0xc000230000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.424] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.424] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.424] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.425] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.425] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.425] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.425] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.426] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.426] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.426] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000299818, lpReserved=0x0 | out: lpBuffer=0xc0000a0030*, lpNumberOfCharsWritten=0xc000299818*=0x3) returned 1 [0108.431] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.450] SwitchToThread () returned 1 [0108.452] SetEvent (hEvent=0xb8) returned 1 [0108.452] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.453] SetEvent (hEvent=0x188) returned 1 [0108.453] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.466] VirtualFree (lpAddress=0xc000300000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0108.467] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0108.467] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0108.467] SetEvent (hEvent=0x15c) returned 1 [0108.467] SetEvent (hEvent=0x9c) returned 1 [0108.467] SetEvent (hEvent=0x1a0) returned 1 [0108.468] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0108.469] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.473] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.473] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.475] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.475] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0108.475] SetEvent (hEvent=0xb8) returned 1 [0108.475] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.478] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.478] GetFileType (hFile=0x180) returned 0x1 [0108.478] WriteFile (in: hFile=0x180, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.479] CloseHandle (hObject=0x180) returned 1 [0108.479] VirtualAlloc (lpAddress=0xc0002ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ac000 [0108.480] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\encry-index.dat"), dwFlags=0x1) returned 1 [0108.481] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.482] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0108.482] SetEvent (hEvent=0xc0) returned 1 [0108.482] SetEvent (hEvent=0x188) returned 1 [0108.482] VirtualAlloc (lpAddress=0xc0002ae000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ae000 [0108.484] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.484] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.490] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.491] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0108.491] SetEvent (hEvent=0xb8) returned 1 [0108.491] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.491] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0108.492] VirtualAlloc (lpAddress=0xc0002b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b8000 [0108.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0108.493] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000265cf4 | out: lpMode=0xc000265cf4) returned 0 [0108.493] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.499] GetFileType (hFile=0x1bc) returned 0x1 [0108.499] GetFileType (hFile=0x1bc) returned 0x1 [0108.499] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000265d44 | out: lpFileInformation=0xc000265d44) returned 1 [0108.499] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000265d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000265d28) returned 1 [0108.500] VirtualAlloc (lpAddress=0xc0002ba000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ba000 [0108.500] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002ba000, nNumberOfBytesToRead=0x627, lpNumberOfBytesRead=0xc000265c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ba000*, lpNumberOfBytesRead=0xc000265c04*=0x427, lpOverlapped=0x0) returned 1 [0108.503] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002ba427, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000265c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ba427*, lpNumberOfBytesRead=0xc000265c04*=0x0, lpOverlapped=0x0) returned 1 [0108.504] CloseHandle (hObject=0x1bc) returned 1 [0108.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0108.505] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000265d04 | out: lpMode=0xc000265d04) returned 0 [0108.505] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.511] GetFileType (hFile=0x1bc) returned 0x1 [0108.511] WriteFile (in: hFile=0x1bc, lpBuffer=0xc00006c000*, nNumberOfBytesToWrite=0x430, lpNumberOfBytesWritten=0xc000265cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesWritten=0xc000265cec*=0x430, lpOverlapped=0x0) returned 1 [0108.512] CloseHandle (hObject=0x1bc) returned 1 [0108.512] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0108.512] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0108.513] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0108.513] VirtualAlloc (lpAddress=0xc0002c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c2000 [0108.514] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0108.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0108.514] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000265d64 | out: lpMode=0xc000265d64) returned 0 [0108.515] GetFileType (hFile=0x1bc) returned 0x1 [0108.515] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000265d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000265d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.515] CloseHandle (hObject=0x1bc) returned 1 [0108.515] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\10_all_music.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\encry-10_All_Music.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\encry-10_all_music.wpl"), dwFlags=0x1) returned 1 [0108.517] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.519] SetEvent (hEvent=0x188) returned 1 [0108.519] SetEvent (hEvent=0x1a0) returned 1 [0108.519] VirtualFree (lpAddress=0xc0002ba000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf740fbac, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x437)) returned 1 [0108.521] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0108.521] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0108.522] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\transcoded files cache"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.524] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\transcoded files cache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.529] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Transcoded Files Cache\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.530] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7f22040, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7f22040, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7f22040, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.530] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.530] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.530] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office"), fInfoLevelId=0x0, lpFileInformation=0xc000221778 | out: lpFileInformation=0xc000221778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4bb72310, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb72310, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.531] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\*", lpFindFileData=0xc000221530 | out: lpFindFileData=0xc000221530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4bb72310, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb72310, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.531] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221560 | out: lpFindFileData=0xc000221560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4bb72310, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4bb72310, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.531] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221560 | out: lpFindFileData=0xc000221560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x197ec0b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf7a855a0, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7a855a0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="14.0", cAlternateFileName="")) returned 1 [0108.531] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221560 | out: lpFindFileData=0xc000221560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Groove", cAlternateFileName="")) returned 1 [0108.531] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221560 | out: lpFindFileData=0xc000221560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb72310, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONetConfig", cAlternateFileName="ONETCO~1")) returned 1 [0108.531] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221560 | out: lpFindFileData=0xc000221560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.531] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.531] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0108.532] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x197ec0b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf7a855a0, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7a855a0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.534] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.534] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x197ec0b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf7a855a0, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7a855a0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.534] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x197ec0b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xf7a855a0, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7a855a0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.534] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7a855a0, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OfficeFileCache", cAlternateFileName="OFFICE~1")) returned 1 [0108.535] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.535] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.535] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0108.535] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7a855a0, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.537] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.542] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7a855a0, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xf7a855a0, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf7aab700, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7aab700, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x0, dwReserved1=0x0, cFileName="FSD-CNRY.FSD", cAlternateFileName="")) returned 1 [0108.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf7ad1860, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7af79c0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x0, dwReserved1=0x0, cFileName="FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD", cAlternateFileName="FSD-{4~1.FSD")) returned 1 [0108.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf7ad1860, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7af79c0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x72, dwReserved0=0x0, dwReserved1=0x0, cFileName="FSF-CTBL.FSF", cAlternateFileName="")) returned 1 [0108.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.542] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.542] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-CNRY.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-cnry.fsd"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf7aab700, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7aab700, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7ad1860, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x20000)) returned 1 [0108.549] VirtualAlloc (lpAddress=0xc0002e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e8000 [0108.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSD-{48508C83-EC67-468F-AA1F-6F3CAF625658}.FSD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsd-{48508c83-ec67-468f-aa1f-6f3caf625658}.fsd"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf7ad1860, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7af79c0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x20000)) returned 1 [0108.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf7ad1860, ftCreationTime.dwHighDateTime=0x1d3373f, ftLastAccessTime.dwLowDateTime=0xf7ad1860, ftLastAccessTime.dwHighDateTime=0x1d3373f, ftLastWriteTime.dwLowDateTime=0xf7af79c0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x72)) returned 1 [0108.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\groove"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.551] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\groove"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.551] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.551] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.551] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System", cAlternateFileName="")) returned 1 [0108.551] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User", cAlternateFileName="")) returned 1 [0108.551] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.551] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.551] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\groove\\system"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.551] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\groove\\system"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.551] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\System\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.552] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.552] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.552] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\groove\\user"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\groove\\user"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.552] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\Groove\\User\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.552] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f780d90, ftCreationTime.dwHighDateTime=0x1d2dda2, ftLastAccessTime.dwLowDateTime=0x4f780d90, ftLastAccessTime.dwHighDateTime=0x1d2dda2, ftLastWriteTime.dwLowDateTime=0x4f780d90, ftLastWriteTime.dwHighDateTime=0x1d2dda2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.552] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.552] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb72310, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.553] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb72310, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.553] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0108.554] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb72310, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.554] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bd15230, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x80, dwReserved0=0x0, dwReserved1=0x0, cFileName="350db95df4cbd94b2a1c300510e12e11.sig", cAlternateFileName="350DB9~1.SIG")) returned 1 [0108.554] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bd15230, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x7ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="350db95df4cbd94b2a1c300510e12e11.xml", cAlternateFileName="350DB9~1.XML")) returned 1 [0108.554] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.554] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.554] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0108.554] VirtualAlloc (lpAddress=0xc0002f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f0000 [0108.555] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bd15230, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x80)) returned 1 [0108.566] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.xml"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bd15230, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x29ae1d20, ftLastAccessTime.dwHighDateTime=0x1d2e626, ftLastWriteTime.dwLowDateTime=0x29ae1d20, ftLastWriteTime.dwHighDateTime=0x1d2e626, nFileSizeHigh=0x0, nFileSizeLow=0x7ef)) returned 1 [0108.566] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook"), fInfoLevelId=0x0, lpFileInformation=0xc000221778 | out: lpFileInformation=0xc000221778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3dc40980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8ae80e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8ae80e80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.567] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0108.568] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\*", lpFindFileData=0xc000221530 | out: lpFindFileData=0xc000221530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x3dc40980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8ae80e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8ae80e80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.574] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.581] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.587] SetEvent (hEvent=0x188) returned 1 [0108.587] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.588] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0108.588] SetEvent (hEvent=0x188) returned 1 [0108.588] SetEvent (hEvent=0x9c) returned 1 [0108.588] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.592] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.592] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.600] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.600] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0108.600] SetEvent (hEvent=0x15c) returned 1 [0108.601] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.619] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.619] VirtualAlloc (lpAddress=0xc0002f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f4000 [0108.620] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0108.620] VirtualAlloc (lpAddress=0xc0002f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f8000 [0108.621] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0108.621] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0002d9cf4 | out: lpMode=0xc0002d9cf4) returned 0 [0108.625] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.633] SetEvent (hEvent=0xf4) returned 1 [0108.633] GetFileType (hFile=0x128) returned 0x1 [0108.633] GetFileType (hFile=0x128) returned 0x1 [0108.633] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0002d9d44 | out: lpFileInformation=0xc0002d9d44) returned 1 [0108.633] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0002d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d9d28) returned 1 [0108.633] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0108.633] ReadFile (in: hFile=0x128, lpBuffer=0xc0002fa000, nNumberOfBytesToRead=0x272, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fa000*, lpNumberOfBytesRead=0xc0002d9c04*=0x72, lpOverlapped=0x0) returned 1 [0108.635] ReadFile (in: hFile=0x128, lpBuffer=0xc0002fa072, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fa072*, lpNumberOfBytesRead=0xc0002d9c04*=0x0, lpOverlapped=0x0) returned 1 [0108.635] CloseHandle (hObject=0x128) returned 1 [0108.635] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0108.635] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0108.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0108.637] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0002d9d04 | out: lpMode=0xc0002d9d04) returned 0 [0108.639] GetFileType (hFile=0x128) returned 0x1 [0108.639] WriteFile (in: hFile=0x128, lpBuffer=0xc0002f4080*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xc0002d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f4080*, lpNumberOfBytesWritten=0xc0002d9cec*=0x80, lpOverlapped=0x0) returned 1 [0108.640] CloseHandle (hObject=0x128) returned 1 [0108.654] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0108.655] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0108.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0108.655] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0002d9d64 | out: lpMode=0xc0002d9d64) returned 0 [0108.674] GetFileType (hFile=0x180) returned 0x1 [0108.674] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0108.674] WriteFile (in: hFile=0x180, lpBuffer=0xc0000a4000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a4000*, lpNumberOfBytesWritten=0xc0002d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.674] CloseHandle (hObject=0x180) returned 1 [0108.675] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\FSF-CTBL.FSF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\fsf-ctbl.fsf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\14.0\\OfficeFileCache\\encry-FSF-CTBL.FSF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\14.0\\officefilecache\\encry-fsf-ctbl.fsf"), dwFlags=0x1) returned 1 [0108.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0108.676] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000143cf4 | out: lpMode=0xc000143cf4) returned 0 [0108.686] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.687] SetEvent (hEvent=0xc0) returned 1 [0108.687] GetFileType (hFile=0x180) returned 0x1 [0108.687] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.690] GetFileType (hFile=0x180) returned 0x1 [0108.690] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.704] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc000143d44 | out: lpFileInformation=0xc000143d44) returned 1 [0108.704] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc000143d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000143d28) returned 1 [0108.704] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0108.705] ReadFile (in: hFile=0x180, lpBuffer=0xc0000d8000, nNumberOfBytesToRead=0x304, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesRead=0xc000143c04*=0x104, lpOverlapped=0x0) returned 1 [0108.706] ReadFile (in: hFile=0x180, lpBuffer=0xc0000d8104, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8104*, lpNumberOfBytesRead=0xc000143c04*=0x0, lpOverlapped=0x0) returned 1 [0108.706] CloseHandle (hObject=0x180) returned 1 [0108.707] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0108.708] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000143d04 | out: lpMode=0xc000143d04) returned 0 [0108.713] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.718] GetFileType (hFile=0x180) returned 0x1 [0108.718] WriteFile (in: hFile=0x180, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000143cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc000143cec*=0x110, lpOverlapped=0x0) returned 1 [0108.719] CloseHandle (hObject=0x180) returned 1 [0108.719] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0108.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0108.720] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000143d64 | out: lpMode=0xc000143d64) returned 0 [0108.722] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.726] GetFileType (hFile=0x180) returned 0x1 [0108.726] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0108.727] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0108.727] WriteFile (in: hFile=0x180, lpBuffer=0xc0000f0000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000143d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesWritten=0xc000143d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.727] CloseHandle (hObject=0x180) returned 1 [0108.728] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0108.728] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0108.728] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\RoamCache\\encry-Stream_ContactPrefs_2_F230E11936B7D740A008FFC660E83C71.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\roamcache\\encry-stream_contactprefs_2_f230e11936b7d740a008ffc660e83c71.dat"), dwFlags=0x1) returned 1 [0108.729] SwitchToThread () returned 1 [0108.730] SetEvent (hEvent=0x15c) returned 1 [0108.730] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.731] SetEvent (hEvent=0x15c) returned 1 [0108.731] SetEvent (hEvent=0x9c) returned 1 [0108.731] SetEvent (hEvent=0xb8) returned 1 [0108.731] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.740] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0108.741] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0108.741] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0108.741] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000179cf4 | out: lpMode=0xc000179cf4) returned 0 [0108.754] GetFileType (hFile=0x180) returned 0x1 [0108.754] GetFileType (hFile=0x180) returned 0x1 [0108.754] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc000179d44 | out: lpFileInformation=0xc000179d44) returned 1 [0108.754] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc000179d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000179d28) returned 1 [0108.754] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0108.754] ReadFile (in: hFile=0x180, lpBuffer=0xc00003e000, nNumberOfBytesToRead=0x2b9, lpNumberOfBytesRead=0xc000179c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003e000*, lpNumberOfBytesRead=0xc000179c04*=0xb9, lpOverlapped=0x0) returned 1 [0108.755] ReadFile (in: hFile=0x180, lpBuffer=0xc00003e0b9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000179c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003e0b9*, lpNumberOfBytesRead=0xc000179c04*=0x0, lpOverlapped=0x0) returned 1 [0108.756] CloseHandle (hObject=0x180) returned 1 [0108.756] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0108.756] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0108.756] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0108.758] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000179d04 | out: lpMode=0xc000179d04) returned 0 [0108.760] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.765] SetEvent (hEvent=0xc0) returned 1 [0108.765] SetEvent (hEvent=0x15c) returned 1 [0108.765] GetFileType (hFile=0x180) returned 0x1 [0108.765] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.783] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0108.783] WriteFile (in: hFile=0x180, lpBuffer=0xc000050000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc000179cec, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesWritten=0xc000179cec*=0xc0, lpOverlapped=0x0) returned 1 [0108.784] CloseHandle (hObject=0x180) returned 1 [0108.785] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0108.785] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0108.785] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0108.786] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0108.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0108.786] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000179d64 | out: lpMode=0xc000179d64) returned 0 [0108.801] GetFileType (hFile=0x180) returned 0x1 [0108.801] WriteFile (in: hFile=0x180, lpBuffer=0xc0000f0580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000179d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0580*, lpNumberOfBytesWritten=0xc000179d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.801] CloseHandle (hObject=0x180) returned 1 [0108.801] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0108.802] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\outlook.sharing.xml.obi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Outlook\\encry-Outlook.sharing.xml.obi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\outlook\\encry-outlook.sharing.xml.obi"), dwFlags=0x1) returned 1 [0108.803] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.805] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.805] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0108.806] SetEvent (hEvent=0xc0) returned 1 [0108.806] SetEvent (hEvent=0x188) returned 1 [0108.806] SetEvent (hEvent=0x1a0) returned 1 [0108.806] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.808] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.808] SetEvent (hEvent=0x1a0) returned 1 [0108.808] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.825] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.826] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.826] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0108.826] SetEvent (hEvent=0xc0) returned 1 [0108.826] SetEvent (hEvent=0x188) returned 1 [0108.826] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.841] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.841] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.843] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0108.843] SetEvent (hEvent=0x188) returned 1 [0108.843] SetEvent (hEvent=0x1a0) returned 1 [0108.843] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.844] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.853] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0108.853] SetEvent (hEvent=0x9c) returned 1 [0108.853] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.864] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.865] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0108.865] SetEvent (hEvent=0xc0) returned 1 [0108.865] SetEvent (hEvent=0x15c) returned 1 [0108.865] SetEvent (hEvent=0xb8) returned 1 [0108.866] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.871] SetEvent (hEvent=0xb8) returned 1 [0108.871] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.877] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.878] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0108.878] SetEvent (hEvent=0xf4) returned 1 [0108.878] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.878] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0108.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8deb4c00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8deb4c00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0108.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.879] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8deb4c00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8deb4c00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.879] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8deb4c00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8deb4c00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.879] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa1c6ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa1c6ab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaa1c6ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="cversions.1.db", cAlternateFileName="CVERSI~1.DB")) returned 1 [0108.879] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x13d2f3e0, ftCreationTime.dwHighDateTime=0x1d3b051, ftLastAccessTime.dwLowDateTime=0x13d2f3e0, ftLastAccessTime.dwHighDateTime=0x1d3b051, ftLastWriteTime.dwLowDateTime=0x13d2f3e0, ftLastWriteTime.dwHighDateTime=0x1d3b051, nFileSizeHigh=0x0, nFileSizeLow=0x1ea08, dwReserved0=0x0, dwReserved1=0x0, cFileName="{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db", cAlternateFileName="{AFBF9~1.DB")) returned 1 [0108.879] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8deb4c00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0x8deb4c00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8deb4c00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1da50, dwReserved0=0x0, dwReserved1=0x0, cFileName="{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db", cAlternateFileName="{AFBF9~2.DB")) returned 1 [0108.879] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.879] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.880] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa1c6ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xaa1c6ab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaa1c6ab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0108.880] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x13d2f3e0, ftCreationTime.dwHighDateTime=0x1d3b051, ftLastAccessTime.dwLowDateTime=0x13d2f3e0, ftLastAccessTime.dwHighDateTime=0x1d3b051, ftLastWriteTime.dwLowDateTime=0x13d2f3e0, ftLastWriteTime.dwHighDateTime=0x1d3b051, nFileSizeHigh=0x0, nFileSizeLow=0x1ea08)) returned 1 [0108.881] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8deb4c00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0x8deb4c00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8deb4c00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1da50)) returned 1 [0108.881] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0108.881] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.881] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.881] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.881] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x30db3250, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExplorerStartupLog.etl", cAlternateFileName="EXPLOR~2.ETL")) returned 1 [0108.881] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb1e958e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ExplorerStartupLog_RunOnce.etl", cAlternateFileName="EXPLOR~1.ETL")) returned 1 [0108.881] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33af74c0, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="thumbcache_1024.db", cAlternateFileName="TH78CB~1.DB")) returned 1 [0108.881] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33af74c0, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0x0, dwReserved1=0x0, cFileName="thumbcache_256.db", cAlternateFileName="THUMBC~4.DB")) returned 1 [0108.881] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33ad1360, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33ad1360, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33ad1360, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="thumbcache_32.db", cAlternateFileName="THUMBC~2.DB")) returned 1 [0108.881] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33ad1360, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33ad1360, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33ad1360, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x100000, dwReserved0=0x0, dwReserved1=0x0, cFileName="thumbcache_96.db", cAlternateFileName="THUMBC~3.DB")) returned 1 [0108.882] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33ad1360, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33ad1360, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33ad1360, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0xcb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="thumbcache_idx.db", cAlternateFileName="THUMBC~1.DB")) returned 1 [0108.882] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33af74c0, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="thumbcache_sr.db", cAlternateFileName="TH0F82~1.DB")) returned 1 [0108.882] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.882] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.882] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog.etl"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x30db3250, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x6000)) returned 1 [0108.883] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0108.883] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0108.884] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ExplorerStartupLog_RunOnce.etl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\explorerstartuplog_runonce.etl"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28ec86c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ec86c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb1e958e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0108.885] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33af74c0, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x18)) returned 1 [0108.885] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33af74c0, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0108.885] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33ad1360, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33ad1360, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33ad1360, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x18)) returned 1 [0108.885] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33ad1360, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33ad1360, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33ad1360, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x100000)) returned 1 [0108.885] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33ad1360, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33ad1360, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33ad1360, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0xcb8)) returned 1 [0108.885] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x33af74c0, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x33af74c0, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x33af74c0, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x18)) returned 1 [0108.885] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\GameExplorer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\gameexplorer"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef3b9d6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\GameExplorer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\gameexplorer"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.886] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\GameExplorer\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef3b9d6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.886] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef3b9d6, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.886] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.886] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.886] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history"), fInfoLevelId=0x0, lpFileInformation=0xc0002216a0 | out: lpFileInformation=0xc0002216a0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.886] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\*", lpFindFileData=0xc000221458 | out: lpFindFileData=0xc000221458*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.887] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.887] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x91, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0108.887] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe0465da0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0465da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="History.IE5", cAlternateFileName="")) returned 1 [0108.887] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0108.887] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221488 | out: lpFindFileData=0xc000221488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.887] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.887] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe0465da0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0465da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0108.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.887] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe0465da0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0465da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.887] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe0465da0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0465da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.887] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x91, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0108.887] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb1912e90, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0108.888] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xe0465da0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe0465da0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0465da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSHist012020022120200222", cAlternateFileName="MSHIST~1")) returned 1 [0108.888] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.888] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.888] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0108.888] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020022120200222" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012020022120200222"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xe0465da0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe0465da0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0465da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.888] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020022120200222" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012020022120200222"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.888] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020022120200222\\*", lpFindFileData=0xc0002212a8 | out: lpFindFileData=0xc0002212a8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xe0465da0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe0465da0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0465da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.889] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0xe0465da0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe0465da0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0465da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.889] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xe0465da0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe0465da0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xb1912e90, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0108.889] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.889] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.889] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0108.889] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020022120200222\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012020022120200222\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xe0465da0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe0465da0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xb1912e90, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0108.889] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe75c620, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x91)) returned 1 [0108.890] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28ea2560, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28ea2560, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb1912e90, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0108.890] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.891] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.891] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0108.891] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0108.891] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x91, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0108.891] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45c34df0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="History.IE5", cAlternateFileName="")) returned 1 [0108.891] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0108.891] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0108.891] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x45c34df0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45c34df0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0108.897] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.904] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0108.904] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0108.905] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0108.905] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0108.905] SetEvent (hEvent=0xc0) returned 1 [0108.905] SetEvent (hEvent=0x9c) returned 1 [0108.905] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0108.906] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.918] SetEvent (hEvent=0x1a0) returned 1 [0108.918] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0108.993] SetEvent (hEvent=0x9c) returned 1 [0108.993] SetEvent (hEvent=0x15c) returned 1 [0108.993] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0108.993] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001edcf4 | out: lpMode=0xc0001edcf4) returned 0 [0109.000] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0109.004] GetFileType (hFile=0x180) returned 0x1 [0109.004] GetFileType (hFile=0x180) returned 0x1 [0109.004] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc0001edd44 | out: lpFileInformation=0xc0001edd44) returned 1 [0109.004] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc0001edd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001edd28) returned 1 [0109.004] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0109.005] ReadFile (in: hFile=0x180, lpBuffer=0xc0000be000, nNumberOfBytesToRead=0x291, lpNumberOfBytesRead=0xc0001edc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesRead=0xc0001edc04*=0x91, lpOverlapped=0x0) returned 1 [0109.006] ReadFile (in: hFile=0x180, lpBuffer=0xc0000be091, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001edc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be091*, lpNumberOfBytesRead=0xc0001edc04*=0x0, lpOverlapped=0x0) returned 1 [0109.006] CloseHandle (hObject=0x180) returned 1 [0109.006] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0109.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.006] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini\\*", lpFindFileData=0xc0001eda08 | out: lpFindFileData=0xc0001eda08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.007] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001ed720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0109.007] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0109.007] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0109.007] SetEvent (hEvent=0x188) returned 1 [0109.007] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0109.012] VirtualFree (lpAddress=0xc000346000, dwSize=0x4a000, dwFreeType=0x4000) returned 1 [0109.014] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x4a000, dwFreeType=0x4000) returned 1 [0109.016] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0109.017] VirtualFree (lpAddress=0xc00028c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0109.017] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.018] VirtualFree (lpAddress=0xc00025a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0109.018] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.018] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.018] VirtualFree (lpAddress=0xc000232000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0109.019] VirtualFree (lpAddress=0xc000222000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.019] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.019] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.020] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.020] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.020] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.021] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.021] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.021] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.021] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.022] VirtualAlloc (lpAddress=0xc00032e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032e000 [0109.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0109.023] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0002d9cf4 | out: lpMode=0xc0002d9cf4) returned 0 [0109.031] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0109.035] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0109.037] SetEvent (hEvent=0x1a0) returned 1 [0109.037] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0109.038] SetEvent (hEvent=0x1a0) returned 1 [0109.038] SetEvent (hEvent=0xb8) returned 1 [0109.038] SetEvent (hEvent=0x15c) returned 1 [0109.038] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0109.040] SetEvent (hEvent=0xb8) returned 1 [0109.040] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0109.041] VirtualFree (lpAddress=0xc000390000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0109.043] VirtualFree (lpAddress=0xc000236000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.043] VirtualFree (lpAddress=0xc000230000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.043] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.043] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.044] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.044] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.044] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.044] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.045] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.045] SetEvent (hEvent=0x15c) returned 1 [0109.045] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0109.048] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0109.155] SetEvent (hEvent=0x15c) returned 1 [0109.155] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0109.156] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001bbcf4 | out: lpMode=0xc0001bbcf4) returned 0 [0109.169] GetFileType (hFile=0x1dc) returned 0x1 [0109.169] GetFileType (hFile=0x1dc) returned 0x1 [0109.169] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc0001bbd44 | out: lpFileInformation=0xc0001bbd44) returned 1 [0109.169] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc0001bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bbd28) returned 1 [0109.169] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0109.169] ReadFile (in: hFile=0x1dc, lpBuffer=0xc000060000, nNumberOfBytesToRead=0xeb8, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesRead=0xc0001bbc04*=0xcb8, lpOverlapped=0x0) returned 1 [0109.170] ReadFile (in: hFile=0x1dc, lpBuffer=0xc000060cb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000060cb8*, lpNumberOfBytesRead=0xc0001bbc04*=0x0, lpOverlapped=0x0) returned 1 [0109.170] CloseHandle (hObject=0x1dc) returned 1 [0109.170] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0109.171] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.171] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db\\*", lpFindFileData=0xc0001bba08 | out: lpFindFileData=0xc0001bba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.171] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x4c8, dwLanguageId=0x409, lpBuffer=0xc0001bb720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The requested operation cannot be performed on a file with a user-mapped section open.\r\n") returned 0x58 [0109.171] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0109.172] SwitchToThread () returned 1 [0109.213] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0109.215] SetEvent (hEvent=0xb8) returned 1 [0109.215] SwitchToThread () returned 1 [0109.222] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.223] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0109.223] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0109.223] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db\\*", lpFindFileData=0xc00027da08 | out: lpFindFileData=0xc00027da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.224] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x4c8, dwLanguageId=0x409, lpBuffer=0xc00027d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The requested operation cannot be performed on a file with a user-mapped section open.\r\n") returned 0x58 [0109.224] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0109.240] SetEvent (hEvent=0x1a0) returned 1 [0109.240] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0109.240] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0109.240] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0109.241] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00029bcf4 | out: lpMode=0xc00029bcf4) returned 0 [0109.249] GetFileType (hFile=0x1dc) returned 0x1 [0109.249] GetFileType (hFile=0x1dc) returned 0x1 [0109.249] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc00029bd44 | out: lpFileInformation=0xc00029bd44) returned 1 [0109.249] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc00029bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029bd28) returned 1 [0109.249] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0109.249] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0109.251] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0002e2000, nNumberOfBytesToRead=0x1dc50, lpNumberOfBytesRead=0xc00029bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesRead=0xc00029bc04*=0x1da50, lpOverlapped=0x0) returned 1 [0109.418] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0002ffa50, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ffa50*, lpNumberOfBytesRead=0xc00029bc04*=0x0, lpOverlapped=0x0) returned 1 [0109.418] CloseHandle (hObject=0x1dc) returned 1 [0109.418] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0109.419] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0109.419] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0109.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.423] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db\\*", lpFindFileData=0xc00029ba08 | out: lpFindFileData=0xc00029ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.423] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x4c8, dwLanguageId=0x409, lpBuffer=0xc00029b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The requested operation cannot be performed on a file with a user-mapped section open.\r\n") returned 0x58 [0109.423] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0109.698] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0110.055] SetEvent (hEvent=0x114) returned 1 [0110.055] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0110.060] VirtualFree (lpAddress=0xc000346000, dwSize=0x74000, dwFreeType=0x4000) returned 1 [0110.063] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.063] VirtualFree (lpAddress=0xc0002c6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.063] VirtualFree (lpAddress=0xc0002c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.063] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.064] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0110.064] SetEvent (hEvent=0x188) returned 1 [0110.064] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0110.116] SetEvent (hEvent=0xb8) returned 1 [0110.116] SetEvent (hEvent=0x1a0) returned 1 [0110.116] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0110.130] SetEvent (hEvent=0xb8) returned 1 [0110.130] SetEvent (hEvent=0x114) returned 1 [0110.130] SetEvent (hEvent=0x13c) returned 1 [0110.130] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0110.151] SetEvent (hEvent=0x1a0) returned 1 [0110.151] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0110.152] SetEvent (hEvent=0xb8) returned 1 [0110.153] SetEvent (hEvent=0x114) returned 1 [0110.153] SetEvent (hEvent=0x1a0) returned 1 [0110.153] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0110.160] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0110.160] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0110.161] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.161] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000195d64 | out: lpMode=0xc000195d64) returned 0 [0110.164] GetFileType (hFile=0x128) returned 0x1 [0110.164] WriteFile (in: hFile=0x128, lpBuffer=0xc0002ac840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000195d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ac840*, lpNumberOfBytesWritten=0xc000195d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.164] CloseHandle (hObject=0x128) returned 1 [0110.167] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3e3XC[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3e3xc[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-AA3e3XC[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-aa3e3xc[2].png"), dwFlags=0x1) returned 1 [0110.393] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0110.396] SetEvent (hEvent=0x108) returned 1 [0110.396] SetEvent (hEvent=0xfc) returned 1 [0110.396] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0110.404] SetEvent (hEvent=0x1a0) returned 1 [0110.404] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.016] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.025] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.046] SetEvent (hEvent=0xb8) returned 1 [0111.046] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.048] SetEvent (hEvent=0xb8) returned 1 [0111.048] SetEvent (hEvent=0x114) returned 1 [0111.048] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x22000, dwFreeType=0x4000) returned 1 [0111.049] VirtualFree (lpAddress=0xc000290000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.049] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.049] VirtualFree (lpAddress=0xc00025a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.050] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.050] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0111.051] VirtualFree (lpAddress=0xc000222000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.051] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.051] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.051] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.052] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.052] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.052] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.053] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.053] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.053] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.054] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.054] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.054] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.054] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.055] VirtualFree (lpAddress=0xc00007a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.055] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.055] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.055] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.056] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.056] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.056] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.057] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.057] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.058] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.058] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001a7818, lpReserved=0x0 | out: lpBuffer=0xc000060010*, lpNumberOfCharsWritten=0xc0001a7818*=0x2) returned 1 [0111.060] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.063] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.064] SetEvent (hEvent=0xb8) returned 1 [0111.064] SetEvent (hEvent=0x198) returned 1 [0111.064] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.064] VirtualFree (lpAddress=0xc000260000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.065] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.065] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.065] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.065] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.066] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.066] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.066] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.066] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.067] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.067] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060028*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000bd818, lpReserved=0x0 | out: lpBuffer=0xc000060028*, lpNumberOfCharsWritten=0xc0000bd818*=0x2) returned 1 [0111.068] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.070] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0111.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0111.071] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001a7cf4 | out: lpMode=0xc0001a7cf4) returned 0 [0111.072] GetFileType (hFile=0x1e4) returned 0x1 [0111.072] GetFileType (hFile=0x1e4) returned 0x1 [0111.072] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc0001a7d44 | out: lpFileInformation=0xc0001a7d44) returned 1 [0111.072] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc0001a7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a7d28) returned 1 [0111.072] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0111.073] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0xad4, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc0001a7c04*=0x8d4, lpOverlapped=0x0) returned 1 [0111.077] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.081] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00004c8d4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c8d4*, lpNumberOfBytesRead=0xc0001a7c04*=0x0, lpOverlapped=0x0) returned 1 [0111.081] CloseHandle (hObject=0x1e4) returned 1 [0111.081] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0111.082] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0111.082] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBE97O8[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbe97o8[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.086] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001a7d04 | out: lpMode=0xc0001a7d04) returned 0 [0111.087] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.089] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.097] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.114] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.117] SetEvent (hEvent=0x120) returned 1 [0111.117] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.125] SetEvent (hEvent=0x120) returned 1 [0111.125] SetEvent (hEvent=0x1a0) returned 1 [0111.125] VirtualFree (lpAddress=0xc0002fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.126] VirtualFree (lpAddress=0xc0002c6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.126] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.126] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.126] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.127] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.127] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.127] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.127] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.128] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0028*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc0000a0028*, lpNumberOfCharsWritten=0xc000241818*=0x2) returned 1 [0111.129] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.138] SetEvent (hEvent=0x1a0) returned 1 [0111.139] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0111.139] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0000c1cf4 | out: lpMode=0xc0000c1cf4) returned 0 [0111.140] GetFileType (hFile=0x180) returned 0x1 [0111.140] GetFileType (hFile=0x180) returned 0x1 [0111.140] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc0000c1d44 | out: lpFileInformation=0xc0000c1d44) returned 1 [0111.140] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc0000c1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c1d28) returned 1 [0111.140] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0111.141] ReadFile (in: hFile=0x180, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x2286, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0000c1c04*=0x2086, lpOverlapped=0x0) returned 1 [0111.146] ReadFile (in: hFile=0x180, lpBuffer=0xc0002a6086, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a6086*, lpNumberOfBytesRead=0xc0000c1c04*=0x0, lpOverlapped=0x0) returned 1 [0111.146] CloseHandle (hObject=0x180) returned 1 [0111.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.148] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0000c1d04 | out: lpMode=0xc0000c1d04) returned 0 [0111.148] GetFileType (hFile=0x180) returned 0x1 [0111.149] WriteFile (in: hFile=0x180, lpBuffer=0xc0002a6500*, nNumberOfBytesToWrite=0x2090, lpNumberOfBytesWritten=0xc0000c1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a6500*, lpNumberOfBytesWritten=0xc0000c1cec*=0x2090, lpOverlapped=0x0) returned 1 [0111.150] CloseHandle (hObject=0x180) returned 1 [0111.151] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532801 | out: pbBuffer=0xc000532801) returned 1 [0111.151] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0111.151] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0111.151] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0111.152] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0111.152] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0111.153] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.153] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0000c1d64 | out: lpMode=0xc0000c1d64) returned 0 [0111.153] GetFileType (hFile=0x1dc) returned 0x1 [0111.153] WriteFile (in: hFile=0x1dc, lpBuffer=0xc00003c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00003c2c0*, lpNumberOfBytesWritten=0xc0000c1d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.153] CloseHandle (hObject=0x1dc) returned 1 [0111.155] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdE0f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbede0f[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEdE0f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbede0f[1].jpg"), dwFlags=0x1) returned 1 [0111.214] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.214] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0111.215] SetEvent (hEvent=0x9c) returned 1 [0111.215] SetEvent (hEvent=0xfc) returned 1 [0111.215] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.217] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.217] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0111.217] SetEvent (hEvent=0xfc) returned 1 [0111.217] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.224] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.224] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.244] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.254] SetEvent (hEvent=0x13c) returned 1 [0111.255] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.258] SetEvent (hEvent=0x13c) returned 1 [0111.258] SetEvent (hEvent=0x1a0) returned 1 [0111.258] VirtualFree (lpAddress=0xc000294000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.258] VirtualFree (lpAddress=0xc000264000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.259] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.259] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.260] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.260] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.260] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.260] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.261] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.261] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000183818, lpReserved=0x0 | out: lpBuffer=0xc000060040*, lpNumberOfCharsWritten=0xc000183818*=0x2) returned 1 [0111.264] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.271] SetEvent (hEvent=0x9c) returned 1 [0111.271] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.273] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0111.274] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000183cf4 | out: lpMode=0xc000183cf4) returned 0 [0111.274] GetFileType (hFile=0x1dc) returned 0x1 [0111.274] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0111.275] GetFileType (hFile=0x1dc) returned 0x1 [0111.275] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc000183d44 | out: lpFileInformation=0xc000183d44) returned 1 [0111.275] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc000183d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000183d28) returned 1 [0111.275] VirtualAlloc (lpAddress=0xc0002b2000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b2000 [0111.276] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0002b2000, nNumberOfBytesToRead=0x3617, lpNumberOfBytesRead=0xc000183c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b2000*, lpNumberOfBytesRead=0xc000183c04*=0x3417, lpOverlapped=0x0) returned 1 [0111.281] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0002b5417, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000183c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b5417*, lpNumberOfBytesRead=0xc000183c04*=0x0, lpOverlapped=0x0) returned 1 [0111.281] CloseHandle (hObject=0x1dc) returned 1 [0111.281] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0111.281] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0111.282] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.285] SetEvent (hEvent=0xc0) returned 1 [0111.285] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000183d04 | out: lpMode=0xc000183d04) returned 0 [0111.285] GetFileType (hFile=0x1dc) returned 0x1 [0111.285] WriteFile (in: hFile=0x1dc, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x3420, lpNumberOfBytesWritten=0xc000183cec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc000183cec*=0x3420, lpOverlapped=0x0) returned 1 [0111.286] CloseHandle (hObject=0x1dc) returned 1 [0111.287] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0111.287] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0111.287] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.288] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000183d64 | out: lpMode=0xc000183d64) returned 0 [0111.288] GetFileType (hFile=0x1dc) returned 0x1 [0111.288] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000183d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000183d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.288] CloseHandle (hObject=0x1dc) returned 1 [0111.289] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbeetuf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEeTuf[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbeetuf[1].jpg"), dwFlags=0x1) returned 1 [0111.321] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.321] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0111.321] SetEvent (hEvent=0xc0) returned 1 [0111.321] SetEvent (hEvent=0x9c) returned 1 [0111.322] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.323] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.323] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.325] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0111.325] SetEvent (hEvent=0xfc) returned 1 [0111.325] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.330] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.352] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.360] SetEvent (hEvent=0x13c) returned 1 [0111.360] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.365] SetEvent (hEvent=0x13c) returned 1 [0111.365] SetEvent (hEvent=0x1a0) returned 1 [0111.365] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.365] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.366] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.366] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.367] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.367] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00026d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc00026d818*=0x2) returned 1 [0111.368] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.375] SetEvent (hEvent=0x9c) returned 1 [0111.375] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.377] SetEvent (hEvent=0x9c) returned 1 [0111.377] SwitchToThread () returned 1 [0111.377] SetEvent (hEvent=0x1a0) returned 1 [0111.377] SetEvent (hEvent=0x9c) returned 1 [0111.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0111.378] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00026fcf4 | out: lpMode=0xc00026fcf4) returned 0 [0111.378] GetFileType (hFile=0x1dc) returned 0x1 [0111.378] GetFileType (hFile=0x1dc) returned 0x1 [0111.378] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc00026fd44 | out: lpFileInformation=0xc00026fd44) returned 1 [0111.379] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc00026fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026fd28) returned 1 [0111.379] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0111.379] ReadFile (in: hFile=0x1dc, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x25fd, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc00026fc04*=0x23fd, lpOverlapped=0x0) returned 1 [0111.387] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0002323fd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002323fd*, lpNumberOfBytesRead=0xc00026fc04*=0x0, lpOverlapped=0x0) returned 1 [0111.387] CloseHandle (hObject=0x1dc) returned 1 [0111.387] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0111.387] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0111.389] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.391] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00026fd04 | out: lpMode=0xc00026fd04) returned 0 [0111.391] GetFileType (hFile=0x1dc) returned 0x1 [0111.391] WriteFile (in: hFile=0x1dc, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x2400, lpNumberOfBytesWritten=0xc00026fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc00026fcec*=0x2400, lpOverlapped=0x0) returned 1 [0111.392] CloseHandle (hObject=0x1dc) returned 1 [0111.393] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0111.393] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.393] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00026fd64 | out: lpMode=0xc00026fd64) returned 0 [0111.393] GetFileType (hFile=0x1dc) returned 0x1 [0111.393] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00026fd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.393] CloseHandle (hObject=0x1dc) returned 1 [0111.394] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgiYw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegiyw[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEgiYw[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbegiyw[1].jpg"), dwFlags=0x1) returned 1 [0111.436] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0111.437] SetEvent (hEvent=0xfc) returned 1 [0111.437] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.439] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0111.439] SetEvent (hEvent=0xfc) returned 1 [0111.439] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.443] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.480] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.490] SetEvent (hEvent=0x13c) returned 1 [0111.490] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.492] SetEvent (hEvent=0x13c) returned 1 [0111.492] SetEvent (hEvent=0x1a0) returned 1 [0111.492] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0111.493] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.493] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.493] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.494] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000217818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000217818*=0x2) returned 1 [0111.496] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.502] SetEvent (hEvent=0x9c) returned 1 [0111.503] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0111.505] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000217cf4 | out: lpMode=0xc000217cf4) returned 0 [0111.505] GetFileType (hFile=0x1dc) returned 0x1 [0111.506] GetFileType (hFile=0x1dc) returned 0x1 [0111.506] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc000217d44 | out: lpFileInformation=0xc000217d44) returned 1 [0111.506] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc000217d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000217d28) returned 1 [0111.506] ReadFile (in: hFile=0x1dc, lpBuffer=0xc000058000, nNumberOfBytesToRead=0x7e5, lpNumberOfBytesRead=0xc000217c04, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesRead=0xc000217c04*=0x5e5, lpOverlapped=0x0) returned 1 [0111.509] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0000585e5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000217c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000585e5*, lpNumberOfBytesRead=0xc000217c04*=0x0, lpOverlapped=0x0) returned 1 [0111.509] CloseHandle (hObject=0x1dc) returned 1 [0111.509] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0111.510] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0111.510] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.512] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000217d04 | out: lpMode=0xc000217d04) returned 0 [0111.512] GetFileType (hFile=0x1dc) returned 0x1 [0111.512] WriteFile (in: hFile=0x1dc, lpBuffer=0xc000078000*, nNumberOfBytesToWrite=0x5f0, lpNumberOfBytesWritten=0xc000217cec, lpOverlapped=0x0 | out: lpBuffer=0xc000078000*, lpNumberOfBytesWritten=0xc000217cec*=0x5f0, lpOverlapped=0x0) returned 1 [0111.513] CloseHandle (hObject=0x1dc) returned 1 [0111.514] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0111.514] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0111.515] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.515] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000217d64 | out: lpMode=0xc000217d64) returned 0 [0111.515] GetFileType (hFile=0x1e4) returned 0x1 [0111.516] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000217d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000217d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.516] CloseHandle (hObject=0x1e4) returned 1 [0111.518] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0111.518] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0111.519] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0111.519] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgx5f[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegx5f[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEgx5f[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbegx5f[2].jpg"), dwFlags=0x1) returned 1 [0111.550] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.551] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0111.551] SetEvent (hEvent=0xc0) returned 1 [0111.551] SetEvent (hEvent=0x9c) returned 1 [0111.551] SetEvent (hEvent=0xfc) returned 1 [0111.552] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.553] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.553] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0111.553] SetEvent (hEvent=0xfc) returned 1 [0111.553] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.557] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.572] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.582] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.601] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.673] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.681] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.688] SetEvent (hEvent=0x13c) returned 1 [0111.688] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.689] SetEvent (hEvent=0x13c) returned 1 [0111.689] SetEvent (hEvent=0xfc) returned 1 [0111.689] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.689] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.690] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.690] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.690] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.691] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.691] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.692] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.692] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.692] VirtualFree (lpAddress=0xc000054000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.692] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.692] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.693] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010050*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00028b818, lpReserved=0x0 | out: lpBuffer=0xc000010050*, lpNumberOfCharsWritten=0xc00028b818*=0x2) returned 1 [0111.695] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.700] SetEvent (hEvent=0x9c) returned 1 [0111.700] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.701] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0111.703] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0111.703] GetFileType (hFile=0x180) returned 0x1 [0111.703] GetFileType (hFile=0x180) returned 0x1 [0111.703] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0111.703] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0111.704] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0111.704] ReadFile (in: hFile=0x180, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0x9b1, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc000241c04*=0x7b1, lpOverlapped=0x0) returned 1 [0111.710] ReadFile (in: hFile=0x180, lpBuffer=0xc0001e27b1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e27b1*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0111.711] CloseHandle (hObject=0x180) returned 1 [0111.711] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0111.711] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0111.712] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.714] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0111.715] GetFileType (hFile=0x180) returned 0x1 [0111.715] WriteFile (in: hFile=0x180, lpBuffer=0xc000050000*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesWritten=0xc000241cec*=0x7c0, lpOverlapped=0x0) returned 1 [0111.716] CloseHandle (hObject=0x180) returned 1 [0111.717] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0111.717] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.717] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0111.718] GetFileType (hFile=0x180) returned 0x1 [0111.718] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.718] CloseHandle (hObject=0x180) returned 1 [0111.720] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[2].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-ContainerTag[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-containertag[2].js"), dwFlags=0x1) returned 1 [0111.756] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0111.756] SetEvent (hEvent=0x9c) returned 1 [0111.756] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0111.759] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.761] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.761] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.765] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0111.765] SetEvent (hEvent=0xb8) returned 1 [0111.765] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.768] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.768] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.787] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.798] SetEvent (hEvent=0x13c) returned 1 [0111.798] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.801] SetEvent (hEvent=0x13c) returned 1 [0111.801] SetEvent (hEvent=0xfc) returned 1 [0111.802] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.802] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.802] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000126050*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00022d818, lpReserved=0x0 | out: lpBuffer=0xc000126050*, lpNumberOfCharsWritten=0xc00022d818*=0x2) returned 1 [0111.804] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.811] SetEvent (hEvent=0x9c) returned 1 [0111.811] SetEvent (hEvent=0xfc) returned 1 [0111.811] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0111.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0111.813] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0004dfcf4 | out: lpMode=0xc0004dfcf4) returned 0 [0111.813] GetFileType (hFile=0x180) returned 0x1 [0111.813] GetFileType (hFile=0x180) returned 0x1 [0111.813] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc0004dfd44 | out: lpFileInformation=0xc0004dfd44) returned 1 [0111.813] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc0004dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dfd28) returned 1 [0111.813] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0111.814] ReadFile (in: hFile=0x180, lpBuffer=0xc000070000, nNumberOfBytesToRead=0x734, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesRead=0xc0004dfc04*=0x534, lpOverlapped=0x0) returned 1 [0111.816] ReadFile (in: hFile=0x180, lpBuffer=0xc000070534, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000070534*, lpNumberOfBytesRead=0xc0004dfc04*=0x0, lpOverlapped=0x0) returned 1 [0111.816] CloseHandle (hObject=0x180) returned 1 [0111.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.820] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0004dfd04 | out: lpMode=0xc0004dfd04) returned 0 [0111.820] GetFileType (hFile=0x180) returned 0x1 [0111.820] WriteFile (in: hFile=0x180, lpBuffer=0xc00007a000*, nNumberOfBytesToWrite=0x540, lpNumberOfBytesWritten=0xc0004dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesWritten=0xc0004dfcec*=0x540, lpOverlapped=0x0) returned 1 [0111.825] CloseHandle (hObject=0x180) returned 1 [0111.825] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0111.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.825] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0004dfd64 | out: lpMode=0xc0004dfd64) returned 0 [0111.826] GetFileType (hFile=0x180) returned 0x1 [0111.826] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0004dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.826] CloseHandle (hObject=0x180) returned 1 [0111.826] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\async_usersync[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\async_usersync[2]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-async_usersync[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-async_usersync[2]"), dwFlags=0x1) returned 1 [0111.868] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.868] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0111.868] SetEvent (hEvent=0xc0) returned 1 [0111.868] SetEvent (hEvent=0x9c) returned 1 [0111.868] SetEvent (hEvent=0x1a0) returned 1 [0111.869] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.871] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.871] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0111.871] SetEvent (hEvent=0x1a0) returned 1 [0111.872] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.877] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.903] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.918] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.922] SetEvent (hEvent=0x13c) returned 1 [0111.922] SetEvent (hEvent=0xfc) returned 1 [0111.922] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0111.923] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0111.924] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.924] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.924] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.924] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.925] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.925] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc0006dd818*=0x2) returned 1 [0111.929] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.937] SetEvent (hEvent=0x9c) returned 1 [0111.937] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0111.939] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0111.939] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0111.940] GetFileType (hFile=0x180) returned 0x1 [0111.940] GetFileType (hFile=0x180) returned 0x1 [0111.940] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0111.940] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0111.940] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0111.940] ReadFile (in: hFile=0x180, lpBuffer=0xc0000e4000, nNumberOfBytesToRead=0x2bb, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesRead=0xc0006ddc04*=0xbb, lpOverlapped=0x0) returned 1 [0111.942] ReadFile (in: hFile=0x180, lpBuffer=0xc0000e40bb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e40bb*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0111.942] CloseHandle (hObject=0x180) returned 1 [0111.942] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0111.942] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0111.942] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0111.943] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.949] SetEvent (hEvent=0xc0) returned 1 [0111.949] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0111.950] GetFileType (hFile=0x180) returned 0x1 [0111.950] WriteFile (in: hFile=0x180, lpBuffer=0xc0000ea000*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea000*, lpNumberOfBytesWritten=0xc0006ddcec*=0xc0, lpOverlapped=0x0) returned 1 [0111.951] CloseHandle (hObject=0x180) returned 1 [0111.952] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0111.952] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0111.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.953] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0111.953] GetFileType (hFile=0x1e4) returned 0x1 [0111.953] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.953] CloseHandle (hObject=0x1e4) returned 1 [0111.955] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\css[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\css[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-css[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-css[2].txt"), dwFlags=0x1) returned 1 [0112.004] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.005] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.005] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0112.005] SetEvent (hEvent=0xc0) returned 1 [0112.005] SetEvent (hEvent=0x13c) returned 1 [0112.005] SetEvent (hEvent=0x9c) returned 1 [0112.005] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0112.007] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.011] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0112.011] SetEvent (hEvent=0x9c) returned 1 [0112.011] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.019] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.043] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.058] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.074] SetEvent (hEvent=0x13c) returned 1 [0112.074] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.079] SetEvent (hEvent=0x13c) returned 1 [0112.079] SetEvent (hEvent=0x1a0) returned 1 [0112.079] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0112.079] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.079] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.080] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010060*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00010f818, lpReserved=0x0 | out: lpBuffer=0xc000010060*, lpNumberOfCharsWritten=0xc00010f818*=0x2) returned 1 [0112.081] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.093] SetEvent (hEvent=0x1a0) returned 1 [0112.093] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\js[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0112.093] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0112.094] GetFileType (hFile=0x1dc) returned 0x1 [0112.094] GetFileType (hFile=0x1dc) returned 0x1 [0112.094] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0112.094] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0112.094] ReadFile (in: hFile=0x1dc, lpBuffer=0xc000040000, nNumberOfBytesToRead=0x5c1, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesRead=0xc0006e1c04*=0x3c1, lpOverlapped=0x0) returned 1 [0112.109] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0000403c1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000403c1*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0112.109] CloseHandle (hObject=0x1dc) returned 1 [0112.109] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\js[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0112.119] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0112.120] GetFileType (hFile=0x1dc) returned 0x1 [0112.120] WriteFile (in: hFile=0x1dc, lpBuffer=0xc00005e000*, nNumberOfBytesToWrite=0x3d0, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesWritten=0xc0006e1cec*=0x3d0, lpOverlapped=0x0) returned 1 [0112.121] CloseHandle (hObject=0x1dc) returned 1 [0112.122] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0112.122] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0112.123] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0112.123] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\js[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0112.123] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0112.124] GetFileType (hFile=0x1dc) returned 0x1 [0112.124] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.125] CloseHandle (hObject=0x1dc) returned 1 [0112.125] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0112.125] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\js[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-js[1]"), dwFlags=0x1) returned 1 [0112.174] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.174] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0112.175] SetEvent (hEvent=0xc0) returned 1 [0112.175] SetEvent (hEvent=0x13c) returned 1 [0112.175] SetEvent (hEvent=0x9c) returned 1 [0112.175] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.177] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.177] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0112.177] SetEvent (hEvent=0x9c) returned 1 [0112.177] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.179] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.198] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.209] SetEvent (hEvent=0xb8) returned 1 [0112.209] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.211] SetEvent (hEvent=0xb8) returned 1 [0112.211] SetEvent (hEvent=0x1a0) returned 1 [0112.211] VirtualFree (lpAddress=0xc00025a000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0112.212] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0112.213] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.213] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.213] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.213] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.214] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.214] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc000241818*=0x2) returned 1 [0112.215] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.223] SetEvent (hEvent=0x13c) returned 1 [0112.223] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.225] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0112.225] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\search[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\search[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0112.226] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0112.227] GetFileType (hFile=0x1e4) returned 0x1 [0112.227] GetFileType (hFile=0x1e4) returned 0x1 [0112.227] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0112.227] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0112.227] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0112.229] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x19c6f, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000241c04*=0x19a6f, lpOverlapped=0x0) returned 1 [0112.236] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0002bda6f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002bda6f*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0112.236] CloseHandle (hObject=0x1e4) returned 1 [0112.236] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0112.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\search[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\search[1].htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0112.240] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0112.240] GetFileType (hFile=0x1e4) returned 0x1 [0112.253] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0002e2000*, nNumberOfBytesToWrite=0x19a70, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesWritten=0xc000241cec*=0x19a70, lpOverlapped=0x0) returned 1 [0112.255] CloseHandle (hObject=0x1e4) returned 1 [0112.256] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0112.257] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\search[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\search[1].htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0112.257] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0112.260] GetFileType (hFile=0x180) returned 0x1 [0112.260] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0112.261] WriteFile (in: hFile=0x180, lpBuffer=0xc0000fe000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.261] CloseHandle (hObject=0x180) returned 1 [0112.264] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0112.264] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0112.264] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0112.265] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\search[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\search[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-search[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-search[1].htm"), dwFlags=0x1) returned 1 [0112.288] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x1e000, dwFreeType=0x4000) returned 1 [0112.289] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.289] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.290] VirtualFree (lpAddress=0xc000076000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.290] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.290] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.291] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586020*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000159818, lpReserved=0x0 | out: lpBuffer=0xc000586020*, lpNumberOfCharsWritten=0xc000159818*=0x2) returned 1 [0112.341] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.341] SetEvent (hEvent=0xfc) returned 1 [0112.341] SetEvent (hEvent=0x1a0) returned 1 [0112.342] SetEvent (hEvent=0x15c) returned 1 [0112.342] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.351] SetEvent (hEvent=0xfc) returned 1 [0112.351] SetEvent (hEvent=0xb8) returned 1 [0112.351] SetEvent (hEvent=0x15c) returned 1 [0112.352] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.378] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0112.379] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00022dcf4 | out: lpMode=0xc00022dcf4) returned 0 [0112.382] GetFileType (hFile=0x1dc) returned 0x1 [0112.382] GetFileType (hFile=0x1dc) returned 0x1 [0112.382] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc00022dd44 | out: lpFileInformation=0xc00022dd44) returned 1 [0112.382] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc00022dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022dd28) returned 1 [0112.382] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0112.383] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0001c0000, nNumberOfBytesToRead=0x49b, lpNumberOfBytesRead=0xc00022dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0000*, lpNumberOfBytesRead=0xc00022dc04*=0x29b, lpOverlapped=0x0) returned 1 [0112.393] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.439] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0001c029b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c029b*, lpNumberOfBytesRead=0xc00022dc04*=0x0, lpOverlapped=0x0) returned 1 [0112.439] CloseHandle (hObject=0x1dc) returned 1 [0112.439] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0112.440] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0112.475] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00022dd04 | out: lpMode=0xc00022dd04) returned 0 [0112.476] GetFileType (hFile=0x1b4) returned 0x1 [0112.476] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0001c2000*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0xc00022dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001c2000*, lpNumberOfBytesWritten=0xc00022dcec*=0x2a0, lpOverlapped=0x0) returned 1 [0112.478] CloseHandle (hObject=0x1b4) returned 1 [0112.479] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533001 | out: pbBuffer=0xc000533001) returned 1 [0112.480] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0112.480] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00022dd64 | out: lpMode=0xc00022dd64) returned 0 [0112.482] GetFileType (hFile=0xec) returned 0x1 [0112.482] WriteFile (in: hFile=0xec, lpBuffer=0xc0003006e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0003006e0*, lpNumberOfBytesWritten=0xc00022dd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.482] CloseHandle (hObject=0xec) returned 1 [0112.483] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA3e1oO[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa3e1oo[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-AA3e1oO[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-aa3e1oo[1].png"), dwFlags=0x1) returned 1 [0112.568] SwitchToThread () returned 1 [0112.568] SetEvent (hEvent=0xb8) returned 1 [0112.568] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.571] SetEvent (hEvent=0xb8) returned 1 [0112.571] SetEvent (hEvent=0xf4) returned 1 [0112.571] SetEvent (hEvent=0x9c) returned 1 [0112.571] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.572] SetEvent (hEvent=0x114) returned 1 [0112.572] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.883] SetEvent (hEvent=0x1a0) returned 1 [0112.883] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.886] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.887] SetEvent (hEvent=0x1a0) returned 1 [0112.887] SetEvent (hEvent=0x114) returned 1 [0112.887] VirtualFree (lpAddress=0xc0003d8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.888] VirtualFree (lpAddress=0xc0003d4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.888] VirtualFree (lpAddress=0xc0003cc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.888] VirtualFree (lpAddress=0xc0003ba000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0112.889] VirtualFree (lpAddress=0xc000356000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.889] VirtualFree (lpAddress=0xc0002f2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.890] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.890] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.890] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010158*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00018d818, lpReserved=0x0 | out: lpBuffer=0xc000010158*, lpNumberOfCharsWritten=0xc00018d818*=0x2) returned 1 [0112.891] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.895] SetEvent (hEvent=0x1a0) returned 1 [0112.896] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.897] SetEvent (hEvent=0x1a0) returned 1 [0112.897] SetEvent (hEvent=0xb8) returned 1 [0112.897] SetEvent (hEvent=0x120) returned 1 [0112.897] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.903] SetEvent (hEvent=0x114) returned 1 [0112.903] SetEvent (hEvent=0x120) returned 1 [0112.903] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0112.997] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.027] SetEvent (hEvent=0x13c) returned 1 [0113.027] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0113.027] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000205cf4 | out: lpMode=0xc000205cf4) returned 0 [0113.028] GetFileType (hFile=0x1b0) returned 0x1 [0113.028] GetFileType (hFile=0x1b0) returned 0x1 [0113.028] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000205d44 | out: lpFileInformation=0xc000205d44) returned 1 [0113.028] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000205d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000205d28) returned 1 [0113.028] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0113.029] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0003fe000, nNumberOfBytesToRead=0x1e41, lpNumberOfBytesRead=0xc000205c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesRead=0xc000205c04*=0x1c41, lpOverlapped=0x0) returned 1 [0113.031] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0003ffc41, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000205c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003ffc41*, lpNumberOfBytesRead=0xc000205c04*=0x0, lpOverlapped=0x0) returned 1 [0113.031] CloseHandle (hObject=0x1b0) returned 1 [0113.031] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0113.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.047] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000205d04 | out: lpMode=0xc000205d04) returned 0 [0113.047] GetFileType (hFile=0x1b0) returned 0x1 [0113.047] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000102000*, nNumberOfBytesToWrite=0x1c50, lpNumberOfBytesWritten=0xc000205cec, lpOverlapped=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfBytesWritten=0xc000205cec*=0x1c50, lpOverlapped=0x0) returned 1 [0113.048] CloseHandle (hObject=0x1b0) returned 1 [0113.049] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0113.049] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0113.049] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0113.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.050] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000205d64 | out: lpMode=0xc000205d64) returned 0 [0113.050] GetFileType (hFile=0x1b0) returned 0x1 [0113.050] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000205d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000205d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.050] CloseHandle (hObject=0x1b0) returned 1 [0113.051] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVGyR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvgyr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBVGyR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbvgyr[1].jpg"), dwFlags=0x1) returned 1 [0113.194] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.195] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.195] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.195] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00029d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0040*, lpNumberOfCharsWritten=0xc00029d818*=0x2) returned 1 [0113.197] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.199] SetEvent (hEvent=0x198) returned 1 [0113.199] SetEvent (hEvent=0x15c) returned 1 [0113.199] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002cb818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc0002cb818*=0x2) returned 1 [0113.201] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0113.201] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0020*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000133818, lpReserved=0x0 | out: lpBuffer=0xc0000a0020*, lpNumberOfCharsWritten=0xc000133818*=0x2) returned 1 [0113.203] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0024*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000205818, lpReserved=0x0 | out: lpBuffer=0xc0000a0024*, lpNumberOfCharsWritten=0xc000205818*=0x2) returned 1 [0113.205] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.220] SetEvent (hEvent=0x108) returned 1 [0113.220] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.225] SetEvent (hEvent=0x108) returned 1 [0113.225] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.226] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.226] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.226] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.227] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.227] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.227] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.228] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00011b818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc00011b818*=0x2) returned 1 [0113.229] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0113.230] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0113.230] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0113.231] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00020bcf4 | out: lpMode=0xc00020bcf4) returned 0 [0113.234] GetFileType (hFile=0x1b0) returned 0x1 [0113.234] GetFileType (hFile=0x1b0) returned 0x1 [0113.234] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00020bd44 | out: lpFileInformation=0xc00020bd44) returned 1 [0113.234] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00020bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020bd28) returned 1 [0113.234] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000e4000, nNumberOfBytesToRead=0xb5f, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesRead=0xc00020bc04*=0x95f, lpOverlapped=0x0) returned 1 [0113.237] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000e495f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e495f*, lpNumberOfBytesRead=0xc00020bc04*=0x0, lpOverlapped=0x0) returned 1 [0113.237] CloseHandle (hObject=0x1b0) returned 1 [0113.237] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0113.238] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0113.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0113.241] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00020bd04 | out: lpMode=0xc00020bd04) returned 0 [0113.241] GetFileType (hFile=0x1b4) returned 0x1 [0113.241] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x960, lpNumberOfBytesWritten=0xc00020bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc00020bcec*=0x960, lpOverlapped=0x0) returned 1 [0113.242] CloseHandle (hObject=0x1b4) returned 1 [0113.243] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0113.243] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0113.243] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0113.244] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0113.244] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0113.245] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0113.245] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00020bd64 | out: lpMode=0xc00020bd64) returned 0 [0113.245] GetFileType (hFile=0x1b4) returned 0x1 [0113.245] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00020bd4c*=0x158, lpOverlapped=0x0) returned 1 [0113.246] CloseHandle (hObject=0x1b4) returned 1 [0113.246] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0113.246] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBX3xB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbx3xb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBX3xB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbx3xb[1].jpg"), dwFlags=0x1) returned 1 [0113.308] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.309] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0113.309] SetEvent (hEvent=0xc0) returned 1 [0113.309] SetEvent (hEvent=0x9c) returned 1 [0113.309] SetEvent (hEvent=0x198) returned 1 [0113.309] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0113.310] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.315] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0113.315] SetEvent (hEvent=0x198) returned 1 [0113.315] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.319] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.334] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.345] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.349] SetEvent (hEvent=0xb8) returned 1 [0113.349] SetEvent (hEvent=0x108) returned 1 [0113.349] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.349] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.349] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.350] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.350] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.350] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.351] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586190*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000289818, lpReserved=0x0 | out: lpBuffer=0xc000586190*, lpNumberOfCharsWritten=0xc000289818*=0x2) returned 1 [0113.353] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.359] SetEvent (hEvent=0x9c) returned 1 [0113.359] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.362] SetEvent (hEvent=0x9c) returned 1 [0113.362] SetEvent (hEvent=0x108) returned 1 [0113.362] SetEvent (hEvent=0x15c) returned 1 [0113.362] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.365] SetEvent (hEvent=0x9c) returned 1 [0113.365] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.365] SetEvent (hEvent=0x9c) returned 1 [0113.365] SetEvent (hEvent=0xb8) returned 1 [0113.366] SetEvent (hEvent=0x15c) returned 1 [0113.366] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.383] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.390] SetEvent (hEvent=0x198) returned 1 [0113.390] SetEvent (hEvent=0x9c) returned 1 [0113.390] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.390] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.391] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc000117818*=0x2) returned 1 [0113.393] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.408] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0113.409] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0113.410] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001d3cf4 | out: lpMode=0xc0001d3cf4) returned 0 [0113.410] GetFileType (hFile=0x128) returned 0x1 [0113.410] GetFileType (hFile=0x128) returned 0x1 [0113.410] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0001d3d44 | out: lpFileInformation=0xc0001d3d44) returned 1 [0113.413] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0001d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d3d28) returned 1 [0113.413] VirtualAlloc (lpAddress=0xc000160000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0113.414] ReadFile (in: hFile=0x128, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x3400, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc0001d3c04*=0x3200, lpOverlapped=0x0) returned 1 [0113.418] ReadFile (in: hFile=0x128, lpBuffer=0xc000163200, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000163200*, lpNumberOfBytesRead=0xc0001d3c04*=0x0, lpOverlapped=0x0) returned 1 [0113.418] CloseHandle (hObject=0x128) returned 1 [0113.418] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0113.420] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001d3d04 | out: lpMode=0xc0001d3d04) returned 0 [0113.420] GetFileType (hFile=0x128) returned 0x1 [0113.420] WriteFile (in: hFile=0x128, lpBuffer=0xc000163500*, nNumberOfBytesToWrite=0x3210, lpNumberOfBytesWritten=0xc0001d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000163500*, lpNumberOfBytesWritten=0xc0001d3cec*=0x3210, lpOverlapped=0x0) returned 1 [0113.421] CloseHandle (hObject=0x128) returned 1 [0113.422] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0113.422] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0113.423] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0113.423] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0113.423] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0113.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0113.424] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001d3d64 | out: lpMode=0xc0001d3d64) returned 0 [0113.425] GetFileType (hFile=0x128) returned 0x1 [0113.425] WriteFile (in: hFile=0x128, lpBuffer=0xc0001022c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001022c0*, lpNumberOfBytesWritten=0xc0001d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.425] CloseHandle (hObject=0x128) returned 1 [0113.426] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0113.426] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC05rl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc05rl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBC05rl[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbc05rl[1].jpg"), dwFlags=0x1) returned 1 [0113.501] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.505] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.506] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.506] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0113.506] SetEvent (hEvent=0xc0) returned 1 [0113.506] SetEvent (hEvent=0x114) returned 1 [0113.506] SetEvent (hEvent=0x15c) returned 1 [0113.507] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.512] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.517] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0113.517] SetEvent (hEvent=0x108) returned 1 [0113.517] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.520] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.553] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.559] SetEvent (hEvent=0x198) returned 1 [0113.559] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.563] SetEvent (hEvent=0x198) returned 1 [0113.563] SetEvent (hEvent=0x15c) returned 1 [0113.563] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0113.564] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.564] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.564] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.565] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.565] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.565] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.566] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.566] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.566] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010140*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00011b818, lpReserved=0x0 | out: lpBuffer=0xc000010140*, lpNumberOfCharsWritten=0xc00011b818*=0x2) returned 1 [0113.568] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.575] SetEvent (hEvent=0x15c) returned 1 [0113.575] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0113.575] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0113.576] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0002cbcf4 | out: lpMode=0xc0002cbcf4) returned 0 [0113.576] GetFileType (hFile=0x1b4) returned 0x1 [0113.576] GetFileType (hFile=0x1b4) returned 0x1 [0113.576] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc0002cbd44 | out: lpFileInformation=0xc0002cbd44) returned 1 [0113.577] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc0002cbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002cbd28) returned 1 [0113.577] VirtualAlloc (lpAddress=0xc000160000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0113.577] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x25ba, lpNumberOfBytesRead=0xc0002cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc0002cbc04*=0x23ba, lpOverlapped=0x0) returned 1 [0113.580] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0001623ba, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001623ba*, lpNumberOfBytesRead=0xc0002cbc04*=0x0, lpOverlapped=0x0) returned 1 [0113.580] CloseHandle (hObject=0x1b4) returned 1 [0113.580] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0113.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.584] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0002cbd04 | out: lpMode=0xc0002cbd04) returned 0 [0113.586] GetFileType (hFile=0xec) returned 0x1 [0113.586] WriteFile (in: hFile=0xec, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x23c0, lpNumberOfBytesWritten=0xc0002cbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc0002cbcec*=0x23c0, lpOverlapped=0x0) returned 1 [0113.588] CloseHandle (hObject=0xec) returned 1 [0113.589] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0113.590] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0113.590] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0113.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.591] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0002cbd64 | out: lpMode=0xc0002cbd64) returned 0 [0113.594] GetFileType (hFile=0xec) returned 0x1 [0113.594] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0113.595] WriteFile (in: hFile=0xec, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002cbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc0002cbd4c*=0x158, lpOverlapped=0x0) returned 1 [0113.595] CloseHandle (hObject=0xec) returned 1 [0113.596] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0113.596] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0xLt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0xlt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBC0xLt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbc0xlt[1].jpg"), dwFlags=0x1) returned 1 [0113.639] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0113.639] SetEvent (hEvent=0x198) returned 1 [0113.640] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.642] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.645] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0113.645] SetEvent (hEvent=0x9c) returned 1 [0113.645] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.648] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.669] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.677] SetEvent (hEvent=0xb8) returned 1 [0113.677] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.681] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0113.682] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0006dfcf4 | out: lpMode=0xc0006dfcf4) returned 0 [0113.682] GetFileType (hFile=0xec) returned 0x1 [0113.682] GetFileType (hFile=0xec) returned 0x1 [0113.682] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0006dfd44 | out: lpFileInformation=0xc0006dfd44) returned 1 [0113.683] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0006dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006dfd28) returned 1 [0113.683] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0113.683] ReadFile (in: hFile=0xec, lpBuffer=0xc000166000, nNumberOfBytesToRead=0x2c48, lpNumberOfBytesRead=0xc0006dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000166000*, lpNumberOfBytesRead=0xc0006dfc04*=0x2a48, lpOverlapped=0x0) returned 1 [0113.687] ReadFile (in: hFile=0xec, lpBuffer=0xc000168a48, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000168a48*, lpNumberOfBytesRead=0xc0006dfc04*=0x0, lpOverlapped=0x0) returned 1 [0113.687] CloseHandle (hObject=0xec) returned 1 [0113.687] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0113.688] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0113.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.691] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0006dfd04 | out: lpMode=0xc0006dfd04) returned 0 [0113.691] GetFileType (hFile=0xec) returned 0x1 [0113.691] WriteFile (in: hFile=0xec, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x2a50, lpNumberOfBytesWritten=0xc0006dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc0006dfcec*=0x2a50, lpOverlapped=0x0) returned 1 [0113.693] CloseHandle (hObject=0xec) returned 1 [0113.694] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0113.694] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0113.695] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.695] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006dfd64 | out: lpMode=0xc0006dfd64) returned 0 [0113.800] GetFileType (hFile=0x1b0) returned 0x1 [0113.800] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0113.800] CloseHandle (hObject=0x1b0) returned 1 [0113.807] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEdSLV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbedslv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEdSLV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbedslv[1].jpg"), dwFlags=0x1) returned 1 [0113.889] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0113.889] SetEvent (hEvent=0x198) returned 1 [0113.890] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.891] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0113.891] SetEvent (hEvent=0x198) returned 1 [0113.891] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.900] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.900] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.920] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.931] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.933] SetEvent (hEvent=0x15c) returned 1 [0113.934] SetEvent (hEvent=0x108) returned 1 [0113.934] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.934] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.934] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.935] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.935] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.936] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000159818, lpReserved=0x0 | out: lpBuffer=0xc0000a0040*, lpNumberOfCharsWritten=0xc000159818*=0x2) returned 1 [0113.938] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.944] SetEvent (hEvent=0xb8) returned 1 [0113.944] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.945] SetEvent (hEvent=0xb8) returned 1 [0113.945] SetEvent (hEvent=0x108) returned 1 [0113.947] SetEvent (hEvent=0x9c) returned 1 [0113.947] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.951] SetEvent (hEvent=0xb8) returned 1 [0113.951] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.952] SetEvent (hEvent=0xb8) returned 1 [0113.952] SetEvent (hEvent=0x15c) returned 1 [0113.952] SetEvent (hEvent=0x9c) returned 1 [0113.952] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.976] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.982] SetEvent (hEvent=0x198) returned 1 [0113.982] SetEvent (hEvent=0xb8) returned 1 [0113.982] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.982] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.983] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.983] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc000241818*=0x2) returned 1 [0113.985] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0113.997] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0113.997] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0113.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0113.999] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001f7cf4 | out: lpMode=0xc0001f7cf4) returned 0 [0113.999] GetFileType (hFile=0xec) returned 0x1 [0113.999] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0113.999] GetFileType (hFile=0xec) returned 0x1 [0113.999] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0001f7d44 | out: lpFileInformation=0xc0001f7d44) returned 1 [0113.999] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0001f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f7d28) returned 1 [0114.000] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0114.000] ReadFile (in: hFile=0xec, lpBuffer=0xc000180000, nNumberOfBytesToRead=0x3c2a, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesRead=0xc0001f7c04*=0x3a2a, lpOverlapped=0x0) returned 1 [0114.003] ReadFile (in: hFile=0xec, lpBuffer=0xc000183a2a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000183a2a*, lpNumberOfBytesRead=0xc0001f7c04*=0x0, lpOverlapped=0x0) returned 1 [0114.003] CloseHandle (hObject=0xec) returned 1 [0114.003] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0114.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0114.006] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001f7d04 | out: lpMode=0xc0001f7d04) returned 0 [0114.007] GetFileType (hFile=0xec) returned 0x1 [0114.007] WriteFile (in: hFile=0xec, lpBuffer=0xc000184000*, nNumberOfBytesToWrite=0x3a30, lpNumberOfBytesWritten=0xc0001f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000184000*, lpNumberOfBytesWritten=0xc0001f7cec*=0x3a30, lpOverlapped=0x0) returned 1 [0114.008] CloseHandle (hObject=0xec) returned 1 [0114.010] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0114.010] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0114.010] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0114.011] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0114.011] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0114.012] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0114.012] VirtualAlloc (lpAddress=0xc00019c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019c000 [0114.013] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0114.013] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001f7d64 | out: lpMode=0xc0001f7d64) returned 0 [0114.014] GetFileType (hFile=0x128) returned 0x1 [0114.014] WriteFile (in: hFile=0x128, lpBuffer=0xc00019c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00019c2c0*, lpNumberOfBytesWritten=0xc0001f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.014] CloseHandle (hObject=0x128) returned 1 [0114.017] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEeZnr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeeznr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEeZnr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbeeznr[1].jpg"), dwFlags=0x1) returned 1 [0114.059] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0114.061] SetEvent (hEvent=0x108) returned 1 [0114.061] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0114.065] SetEvent (hEvent=0x108) returned 1 [0114.065] SetEvent (hEvent=0x9c) returned 1 [0114.065] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.066] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.066] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000054000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfCharsWritten=0xc000117818*=0x2) returned 1 [0114.069] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0114.073] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0114.073] SetEvent (hEvent=0x9c) returned 1 [0114.073] SetEvent (hEvent=0x198) returned 1 [0114.073] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0114.078] SetEvent (hEvent=0x9c) returned 1 [0114.078] VirtualFree (lpAddress=0xc000160000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0114.079] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.079] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.079] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.080] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.080] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.080] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.081] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.081] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.081] VirtualFree (lpAddress=0xc00004c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.082] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.082] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.082] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.083] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0028*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001f7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0028*, lpNumberOfCharsWritten=0xc0001f7818*=0x2) returned 1 [0114.089] SetEvent (hEvent=0x198) returned 1 [0114.089] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0114.101] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0114.102] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0006dfcf4 | out: lpMode=0xc0006dfcf4) returned 0 [0114.103] GetFileType (hFile=0x128) returned 0x1 [0114.103] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0114.104] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0114.105] GetFileType (hFile=0x128) returned 0x1 [0114.105] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0006dfd44 | out: lpFileInformation=0xc0006dfd44) returned 1 [0114.105] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0006dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006dfd28) returned 1 [0114.105] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0114.106] ReadFile (in: hFile=0x128, lpBuffer=0xc0000b6000, nNumberOfBytesToRead=0x5c45, lpNumberOfBytesRead=0xc0006dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesRead=0xc0006dfc04*=0x5a45, lpOverlapped=0x0) returned 1 [0114.114] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0114.167] ReadFile (in: hFile=0x128, lpBuffer=0xc0000bba45, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000bba45*, lpNumberOfBytesRead=0xc0006dfc04*=0x0, lpOverlapped=0x0) returned 1 [0114.167] CloseHandle (hObject=0x128) returned 1 [0114.168] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0114.169] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0114.183] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0114.251] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0006dfd04 | out: lpMode=0xc0006dfd04) returned 0 [0114.253] GetFileType (hFile=0x150) returned 0x1 [0114.253] WriteFile (in: hFile=0x150, lpBuffer=0xc000212000*, nNumberOfBytesToWrite=0x5a50, lpNumberOfBytesWritten=0xc0006dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesWritten=0xc0006dfcec*=0x5a50, lpOverlapped=0x0) returned 1 [0114.255] CloseHandle (hObject=0x150) returned 1 [0114.257] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0114.281] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000083801 | out: pbBuffer=0xc000083801) returned 1 [0114.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0114.281] GetConsoleMode (in: hConsoleHandle=0x1f0, lpMode=0xc0006dfd64 | out: lpMode=0xc0006dfd64) returned 0 [0114.282] GetFileType (hFile=0x1f0) returned 0x1 [0114.282] WriteFile (in: hFile=0x1f0, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc0006dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0114.282] CloseHandle (hObject=0x1f0) returned 1 [0114.287] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEgIl2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbegil2[1].jpg"), dwFlags=0x1) returned 1 [0114.492] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0114.494] SetEvent (hEvent=0x1dc) returned 1 [0114.494] SetEvent (hEvent=0x15c) returned 1 [0114.494] VirtualFree (lpAddress=0xc0003ac000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.494] VirtualFree (lpAddress=0xc00039c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.495] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.495] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.495] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000035818, lpReserved=0x0 | out: lpBuffer=0xc000586020*, lpNumberOfCharsWritten=0xc000035818*=0x3) returned 1 [0114.496] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0114.500] VirtualAlloc (lpAddress=0xc0002ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ce000 [0114.500] SetEvent (hEvent=0x188) returned 1 [0114.500] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0114.504] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0114.506] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0114.509] SetEvent (hEvent=0x114) returned 1 [0114.509] SetEvent (hEvent=0xf4) returned 1 [0114.509] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0115.664] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0115.665] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0115.665] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ac [0115.666] GetConsoleMode (in: hConsoleHandle=0x1ac, lpMode=0xc00026dcf4 | out: lpMode=0xc00026dcf4) returned 0 [0115.668] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0115.693] GetFileType (hFile=0x1ac) returned 0x1 [0115.693] GetFileType (hFile=0x1ac) returned 0x1 [0115.693] GetFileInformationByHandle (in: hFile=0x1ac, lpFileInformation=0xc00026dd44 | out: lpFileInformation=0xc00026dd44) returned 1 [0115.693] GetFileInformationByHandleEx (in: hFile=0x1ac, FileInformationClass=0x9, lpFileInformation=0xc00026dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026dd28) returned 1 [0115.694] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0115.694] ReadFile (in: hFile=0x1ac, lpBuffer=0xc000224000, nNumberOfBytesToRead=0x1ba4, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000224000*, lpNumberOfBytesRead=0xc00026dc04*=0x19a4, lpOverlapped=0x0) returned 1 [0115.697] ReadFile (in: hFile=0x1ac, lpBuffer=0xc0002259a4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002259a4*, lpNumberOfBytesRead=0xc00026dc04*=0x0, lpOverlapped=0x0) returned 1 [0115.697] CloseHandle (hObject=0x1ac) returned 1 [0115.697] VirtualAlloc (lpAddress=0xc000300000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0115.698] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x244 [0115.744] GetConsoleMode (in: hConsoleHandle=0x244, lpMode=0xc00026dd04 | out: lpMode=0xc00026dd04) returned 0 [0115.753] GetFileType (hFile=0x244) returned 0x1 [0115.753] WriteFile (in: hFile=0x244, lpBuffer=0xc000300000*, nNumberOfBytesToWrite=0x19b0, lpNumberOfBytesWritten=0xc00026dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesWritten=0xc00026dcec*=0x19b0, lpOverlapped=0x0) returned 1 [0115.755] CloseHandle (hObject=0x244) returned 1 [0115.804] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0115.919] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028b801 | out: pbBuffer=0xc00028b801) returned 1 [0115.919] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0115.920] VirtualAlloc (lpAddress=0xc0002cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002cc000 [0115.920] VirtualAlloc (lpAddress=0xc0002ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ce000 [0115.921] VirtualAlloc (lpAddress=0xc0002d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d0000 [0115.921] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x200 [0115.921] GetConsoleMode (in: hConsoleHandle=0x200, lpMode=0xc00026dd64 | out: lpMode=0xc00026dd64) returned 0 [0115.924] GetFileType (hFile=0x200) returned 0x1 [0115.924] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0115.924] WriteFile (in: hFile=0x200, lpBuffer=0xc0002d02c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002d02c0*, lpNumberOfBytesWritten=0xc00026dd4c*=0x158, lpOverlapped=0x0) returned 1 [0115.925] CloseHandle (hObject=0x200) returned 1 [0115.929] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAj0doQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aaj0doq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-AAj0doQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-aaj0doq[1].jpg"), dwFlags=0x1) returned 1 [0116.548] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0116.548] SetEvent (hEvent=0x304) returned 1 [0116.549] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.550] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0116.550] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0116.550] SetEvent (hEvent=0x208) returned 1 [0116.550] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.556] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0116.556] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe30*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.557] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f698, ulCount=0x10, ulNumEntriesRemoved=0x2989f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f698, ulNumEntriesRemoved=0x2989f66c) returned 0 [0116.557] SetEvent (hEvent=0xc0) returned 1 [0116.557] SetEvent (hEvent=0x304) returned 1 [0116.557] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.558] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe08*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.559] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2989f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2989f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2989f6a0, ulNumEntriesRemoved=0x2989f674) returned 0 [0116.559] SetEvent (hEvent=0x304) returned 1 [0116.559] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2989fe18*=0x164, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.563] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0117.755] SetEvent (hEvent=0x24c) returned 1 [0117.755] SetEvent (hEvent=0x29c) returned 1 [0117.755] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0141.538] SetEvent (hEvent=0x114) returned 1 [0141.538] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0141.539] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3f4 [0141.540] GetConsoleMode (in: hConsoleHandle=0x3f4, lpMode=0xc00038fcf4 | out: lpMode=0xc00038fcf4) returned 0 [0141.541] GetFileType (hFile=0x3f4) returned 0x1 [0141.541] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0141.542] GetFileType (hFile=0x3f4) returned 0x1 [0141.542] GetFileInformationByHandle (in: hFile=0x3f4, lpFileInformation=0xc00038fd44 | out: lpFileInformation=0xc00038fd44) returned 1 [0141.542] GetFileInformationByHandleEx (in: hFile=0x3f4, FileInformationClass=0x9, lpFileInformation=0xc00038fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00038fd28) returned 1 [0141.542] VirtualAlloc (lpAddress=0xc0004e0000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004e0000 [0141.544] ReadFile (in: hFile=0x3f4, lpBuffer=0xc0004e0000, nNumberOfBytesToRead=0x19d4, lpNumberOfBytesRead=0xc00038fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004e0000*, lpNumberOfBytesRead=0xc00038fc04*=0x17d4, lpOverlapped=0x0) returned 1 [0142.623] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0143.470] ReadFile (in: hFile=0x3f4, lpBuffer=0xc0004e17d4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00038fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004e17d4*, lpNumberOfBytesRead=0xc00038fc04*=0x0, lpOverlapped=0x0) returned 1 [0143.470] CloseHandle (hObject=0x3f4) returned 1 [0143.470] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3f4 [0143.472] GetConsoleMode (in: hConsoleHandle=0x3f4, lpMode=0xc00038fd04 | out: lpMode=0xc00038fd04) returned 0 [0143.473] GetFileType (hFile=0x3f4) returned 0x1 [0143.473] WriteFile (in: hFile=0x3f4, lpBuffer=0xc000280000*, nNumberOfBytesToWrite=0x17e0, lpNumberOfBytesWritten=0xc00038fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000280000*, lpNumberOfBytesWritten=0xc00038fcec*=0x17e0, lpOverlapped=0x0) returned 1 [0143.474] CloseHandle (hObject=0x3f4) returned 1 [0143.475] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b401 | out: pbBuffer=0xc00031b401) returned 1 [0143.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3f4 [0143.475] GetConsoleMode (in: hConsoleHandle=0x3f4, lpMode=0xc00038fd64 | out: lpMode=0xc00038fd64) returned 0 [0143.481] GetFileType (hFile=0x3f4) returned 0x1 [0143.481] WriteFile (in: hFile=0x3f4, lpBuffer=0xc000615600*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00038fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000615600*, lpNumberOfBytesWritten=0xc00038fd4c*=0x158, lpOverlapped=0x0) returned 1 [0143.482] CloseHandle (hObject=0x3f4) returned 1 [0143.482] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0143.483] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\encry-5d696d521de238c3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\encry-5d696d521de238c3.customdestinations-ms"), dwFlags=0x1) returned 1 [0143.485] SetEvent (hEvent=0x948) returned 1 [0143.485] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0143.493] SetEvent (hEvent=0x9f8) returned 1 [0143.493] SetEvent (hEvent=0x950) returned 1 [0143.493] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0143.527] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0143.531] SetEvent (hEvent=0xb10) returned 1 [0143.531] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0143.541] SetEvent (hEvent=0x120) returned 1 [0143.541] SetEvent (hEvent=0xb18) returned 1 [0143.541] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0143.551] SetEvent (hEvent=0x120) returned 1 [0143.551] SetEvent (hEvent=0x960) returned 1 [0143.551] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0143.564] SetEvent (hEvent=0x968) returned 1 [0143.565] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0143.571] SetEvent (hEvent=0xbc0) returned 1 [0143.571] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0143.579] SetEvent (hEvent=0xa08) returned 1 [0143.579] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0143.607] SetEvent (hEvent=0xbd0) returned 1 [0143.607] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) returned 0x0 [0143.619] SetEvent (hEvent=0x47c) returned 1 [0143.619] WaitForSingleObject (hHandle=0x164, dwMilliseconds=0xffffffff) Thread: id = 24 os_tid = 0x924 [0103.434] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x29a9fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x29a9fea0*=0x170) returned 1 [0103.434] VirtualQuery (in: lpAddress=0x29a9fec0, lpBuffer=0x29a9fec0, dwLength=0x30 | out: lpBuffer=0x29a9fec0*(BaseAddress=0x29a9f000, AllocationBase=0x298a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0103.434] SetEvent (hEvent=0x164) returned 1 [0103.434] SetEvent (hEvent=0x108) returned 1 [0103.434] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x188 [0103.434] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x18c [0103.434] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0103.438] SetEvent (hEvent=0x164) returned 1 [0103.438] SwitchToThread () returned 1 [0103.438] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0103.446] SetEvent (hEvent=0x108) returned 1 [0103.446] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0103.447] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0103.447] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0103.447] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x190 [0103.448] GetConsoleMode (in: hConsoleHandle=0x190, lpMode=0xc0001cfcf4 | out: lpMode=0xc0001cfcf4) returned 0 [0103.454] GetFileType (hFile=0x190) returned 0x1 [0103.454] GetFileType (hFile=0x190) returned 0x1 [0103.454] GetFileInformationByHandle (in: hFile=0x190, lpFileInformation=0xc0001cfd44 | out: lpFileInformation=0xc0001cfd44) returned 1 [0103.454] GetFileInformationByHandleEx (in: hFile=0x190, FileInformationClass=0x9, lpFileInformation=0xc0001cfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cfd28) returned 1 [0103.454] ReadFile (in: hFile=0x190, lpBuffer=0xc0002a7000, nNumberOfBytesToRead=0x436b, lpNumberOfBytesRead=0xc0001cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a7000*, lpNumberOfBytesRead=0xc0001cfc04*=0x416b, lpOverlapped=0x0) returned 1 [0103.480] ReadFile (in: hFile=0x190, lpBuffer=0xc0002ab16b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ab16b*, lpNumberOfBytesRead=0xc0001cfc04*=0x0, lpOverlapped=0x0) returned 1 [0103.481] CloseHandle (hObject=0x190) returned 1 [0103.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0103.482] GetConsoleMode (in: hConsoleHandle=0x190, lpMode=0xc0001cfd04 | out: lpMode=0xc0001cfd04) returned 0 [0103.498] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0103.505] GetFileType (hFile=0x190) returned 0x1 [0103.505] WriteFile (in: hFile=0x190, lpBuffer=0xc000217800*, nNumberOfBytesToWrite=0x4170, lpNumberOfBytesWritten=0xc0001cfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000217800*, lpNumberOfBytesWritten=0xc0001cfcec*=0x4170, lpOverlapped=0x0) returned 1 [0103.506] CloseHandle (hObject=0x190) returned 1 [0103.506] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000b01 | out: pbBuffer=0xc000000b01) returned 1 [0103.506] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0103.507] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x190 [0103.507] GetConsoleMode (in: hConsoleHandle=0x190, lpMode=0xc0001cfd64 | out: lpMode=0xc0001cfd64) returned 0 [0103.512] GetFileType (hFile=0x190) returned 0x1 [0103.512] WriteFile (in: hFile=0x190, lpBuffer=0xc00004f1e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00004f1e0*, lpNumberOfBytesWritten=0xc0001cfd4c*=0x158, lpOverlapped=0x0) returned 1 [0103.513] CloseHandle (hObject=0x190) returned 1 [0103.513] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\lt\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.514] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe30*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.516] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0103.516] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f698, ulCount=0x10, ulNumEntriesRemoved=0x29a9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f698, ulNumEntriesRemoved=0x29a9f66c) returned 0 [0103.516] SetEvent (hEvent=0xc0) returned 1 [0103.516] SetEvent (hEvent=0x198) returned 1 [0103.516] SetEvent (hEvent=0xfc) returned 1 [0103.516] SetEvent (hEvent=0x1a0) returned 1 [0103.516] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0103.518] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.526] SetEvent (hEvent=0x1a0) returned 1 [0103.526] SetEvent (hEvent=0xfc) returned 1 [0103.526] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.528] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe30*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.529] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29a9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f6a0, ulNumEntriesRemoved=0x29a9f674) returned 0 [0103.529] SetEvent (hEvent=0x13c) returned 1 [0103.529] SetEvent (hEvent=0x15c) returned 1 [0103.529] SetEvent (hEvent=0x9c) returned 1 [0103.529] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe18*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.532] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe30*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.533] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0103.533] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f698, ulCount=0x10, ulNumEntriesRemoved=0x29a9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f698, ulNumEntriesRemoved=0x29a9f66c) returned 0 [0103.533] SetEvent (hEvent=0x108) returned 1 [0103.533] SetEvent (hEvent=0x15c) returned 1 [0103.533] SetEvent (hEvent=0x12c) returned 1 [0103.534] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.539] SetEvent (hEvent=0x12c) returned 1 [0103.539] SetEvent (hEvent=0x15c) returned 1 [0103.539] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.549] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe30*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0103.550] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0103.550] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29a9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f6a0, ulNumEntriesRemoved=0x29a9f674) returned 0 [0103.550] SetEvent (hEvent=0x114) returned 1 [0103.550] SetEvent (hEvent=0x13c) returned 1 [0103.550] SetEvent (hEvent=0x9c) returned 1 [0103.550] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe18*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0103.560] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0103.561] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000193d04 | out: lpMode=0xc000193d04) returned 0 [0103.565] GetFileType (hFile=0xec) returned 0x1 [0103.565] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0103.565] WriteFile (in: hFile=0xec, lpBuffer=0xc0002d2800*, nNumberOfBytesToWrite=0x40e0, lpNumberOfBytesWritten=0xc000193cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002d2800*, lpNumberOfBytesWritten=0xc000193cec*=0x40e0, lpOverlapped=0x0) returned 1 [0103.568] CloseHandle (hObject=0xec) returned 1 [0103.568] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0103.568] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0103.568] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0103.568] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000193d64 | out: lpMode=0xc000193d64) returned 0 [0103.571] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0103.603] GetFileType (hFile=0xec) returned 0x1 [0103.603] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d7b80*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000193d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7b80*, lpNumberOfBytesWritten=0xc000193d4c*=0x158, lpOverlapped=0x0) returned 1 [0103.604] CloseHandle (hObject=0xec) returned 1 [0103.604] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\messages.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\encry-messages.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\_locales\\hu\\encry-messages.json"), dwFlags=0x1) returned 1 [0103.605] SetEvent (hEvent=0x13c) returned 1 [0103.605] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0104.567] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0104.568] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0104.568] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0104.569] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001b1cf4 | out: lpMode=0xc0001b1cf4) returned 0 [0104.575] GetFileType (hFile=0x1bc) returned 0x1 [0104.575] GetFileType (hFile=0x1bc) returned 0x1 [0104.575] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0001b1d44 | out: lpFileInformation=0xc0001b1d44) returned 1 [0104.575] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0001b1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b1d28) returned 1 [0104.575] VirtualAlloc (lpAddress=0xc000394000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000394000 [0104.576] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000394000, nNumberOfBytesToRead=0x2d20, lpNumberOfBytesRead=0xc0001b1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000394000*, lpNumberOfBytesRead=0xc0001b1c04*=0x2b20, lpOverlapped=0x0) returned 1 [0104.583] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000396b20, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000396b20*, lpNumberOfBytesRead=0xc0001b1c04*=0x0, lpOverlapped=0x0) returned 1 [0104.583] CloseHandle (hObject=0x1bc) returned 1 [0104.583] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback_script.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0104.585] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001b1d04 | out: lpMode=0xc0001b1d04) returned 0 [0104.588] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0104.641] SetEvent (hEvent=0x1d0) returned 1 [0104.641] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0104.701] SetEvent (hEvent=0x1d0) returned 1 [0104.701] SetEvent (hEvent=0x164) returned 1 [0104.701] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.767] SetEvent (hEvent=0x108) returned 1 [0107.768] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.778] SetEvent (hEvent=0x100) returned 1 [0107.778] SetEvent (hEvent=0xb8) returned 1 [0107.778] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.782] SetEvent (hEvent=0x108) returned 1 [0107.782] SetEvent (hEvent=0x100) returned 1 [0107.782] SetEvent (hEvent=0x9c) returned 1 [0107.783] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.798] SetEvent (hEvent=0xfc) returned 1 [0107.798] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.920] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.920] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.921] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.921] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.922] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.923] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.924] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.924] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.926] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.926] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.927] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.928] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.928] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.930] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0107.932] SetEvent (hEvent=0x1a0) returned 1 [0107.932] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010140*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000297818, lpReserved=0x0 | out: lpBuffer=0xc000010140*, lpNumberOfCharsWritten=0xc000297818*=0x4) returned 1 [0107.933] SetEvent (hEvent=0x1a0) returned 1 [0107.933] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010148*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001ef818, lpReserved=0x0 | out: lpBuffer=0xc000010148*, lpNumberOfCharsWritten=0xc0001ef818*=0x4) returned 1 [0107.934] SetEvent (hEvent=0x1a0) returned 1 [0107.934] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010150*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000295818, lpReserved=0x0 | out: lpBuffer=0xc000010150*, lpNumberOfCharsWritten=0xc000295818*=0x4) returned 1 [0107.934] SetEvent (hEvent=0x1a0) returned 1 [0107.934] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010158*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000207818, lpReserved=0x0 | out: lpBuffer=0xc000010158*, lpNumberOfCharsWritten=0xc000207818*=0x4) returned 1 [0107.935] SetEvent (hEvent=0x1a0) returned 1 [0107.935] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0107.935] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00007a0e0*, nNumberOfCharsToWrite=0x6f, lpNumberOfCharsWritten=0xc000179808, lpReserved=0x0 | out: lpBuffer=0xc00007a0e0*, lpNumberOfCharsWritten=0xc000179808*=0x6f) returned 1 [0107.936] SetEvent (hEvent=0x1a0) returned 1 [0107.937] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0107.937] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0108.406] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.410] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000179d64 | out: lpMode=0xc000179d64) returned 0 [0108.410] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.431] SetEvent (hEvent=0xc0) returned 1 [0108.431] SetEvent (hEvent=0xb8) returned 1 [0108.431] GetFileType (hFile=0x1bc) returned 0x1 [0108.431] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.451] SetEvent (hEvent=0xc0) returned 1 [0108.451] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000179d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc000179d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.452] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.463] CloseHandle (hObject=0x1bc) returned 1 [0108.464] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\KQMHSVKD\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\kqmhsvkd\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0108.472] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.474] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.482] SetEvent (hEvent=0x164) returned 1 [0108.482] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.484] SetEvent (hEvent=0x164) returned 1 [0108.484] SetEvent (hEvent=0x1a0) returned 1 [0108.484] SetEvent (hEvent=0xf4) returned 1 [0108.484] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.485] SwitchToThread () returned 1 [0108.490] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.493] SetEvent (hEvent=0xb8) returned 1 [0108.493] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe30*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.494] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f698, ulCount=0x10, ulNumEntriesRemoved=0x29a9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f698, ulNumEntriesRemoved=0x29a9f66c) returned 0 [0108.494] SetEvent (hEvent=0xf4) returned 1 [0108.494] SetEvent (hEvent=0xb8) returned 1 [0108.494] SetEvent (hEvent=0x1a0) returned 1 [0108.494] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.502] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.505] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe30*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.506] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29a9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f6a0, ulNumEntriesRemoved=0x29a9f674) returned 0 [0108.506] SetEvent (hEvent=0x1a0) returned 1 [0108.506] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe18*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.506] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe30*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.507] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f698, ulCount=0x10, ulNumEntriesRemoved=0x29a9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f698, ulNumEntriesRemoved=0x29a9f66c) returned 0 [0108.507] SetEvent (hEvent=0xf4) returned 1 [0108.507] SetEvent (hEvent=0xb8) returned 1 [0108.507] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.509] SetEvent (hEvent=0xb8) returned 1 [0108.509] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.517] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.517] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe30*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.518] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29a9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f6a0, ulNumEntriesRemoved=0x29a9f674) returned 0 [0108.518] SetEvent (hEvent=0xc0) returned 1 [0108.518] SetEvent (hEvent=0xf4) returned 1 [0108.518] SetEvent (hEvent=0x164) returned 1 [0108.518] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe18*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.523] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe30*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.524] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f698, ulCount=0x10, ulNumEntriesRemoved=0x29a9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f698, ulNumEntriesRemoved=0x29a9f66c) returned 0 [0108.524] SetEvent (hEvent=0xc0) returned 1 [0108.525] SetEvent (hEvent=0x1a0) returned 1 [0108.525] SetEvent (hEvent=0xb8) returned 1 [0108.525] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.529] SetEvent (hEvent=0xb8) returned 1 [0108.529] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.536] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe30*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.537] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29a9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f6a0, ulNumEntriesRemoved=0x29a9f674) returned 0 [0108.537] SetEvent (hEvent=0xc0) returned 1 [0108.537] SetEvent (hEvent=0xf4) returned 1 [0108.537] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe18*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.545] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000143818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc000143818*=0x3) returned 1 [0108.561] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000179818, lpReserved=0x0 | out: lpBuffer=0xc0000a0006*, lpNumberOfCharsWritten=0xc000179818*=0x3) returned 1 [0108.573] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.577] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0108.577] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a000c*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000265818, lpReserved=0x0 | out: lpBuffer=0xc0000a000c*, lpNumberOfCharsWritten=0xc000265818*=0x2) returned 1 [0108.580] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.585] SetEvent (hEvent=0xb8) returned 1 [0108.585] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.586] SetEvent (hEvent=0xb8) returned 1 [0108.586] SetEvent (hEvent=0x164) returned 1 [0108.586] SetEvent (hEvent=0xf4) returned 1 [0108.586] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.587] SetEvent (hEvent=0x164) returned 1 [0108.587] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.588] VirtualFree (lpAddress=0xc0002ea000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.589] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0108.589] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.589] VirtualFree (lpAddress=0xc00025c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.590] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.590] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.590] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.591] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0140*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000299818, lpReserved=0x0 | out: lpBuffer=0xc0000a0140*, lpNumberOfCharsWritten=0xc000299818*=0x3) returned 1 [0108.592] SetEvent (hEvent=0xb8) returned 1 [0108.592] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.624] SetEvent (hEvent=0xf4) returned 1 [0108.624] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.628] SetEvent (hEvent=0x15c) returned 1 [0108.628] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.628] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.640] SetEvent (hEvent=0xf4) returned 1 [0108.640] SetEvent (hEvent=0x15c) returned 1 [0108.641] VirtualFree (lpAddress=0xc000300000, dwSize=0x22000, dwFreeType=0x4000) returned 1 [0108.642] VirtualFree (lpAddress=0xc0002ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.642] VirtualFree (lpAddress=0xc0002ae000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0108.643] VirtualFree (lpAddress=0xc000292000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.643] VirtualFree (lpAddress=0xc000236000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.643] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.643] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.644] VirtualFree (lpAddress=0xc000070000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.645] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.645] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0018*, lpNumberOfCharsWritten=0xc0002d1818*=0x2) returned 1 [0108.652] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0108.652] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0108.653] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0108.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0108.654] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001e9cf4 | out: lpMode=0xc0001e9cf4) returned 0 [0108.666] GetFileType (hFile=0x128) returned 0x1 [0108.666] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0108.667] GetFileType (hFile=0x128) returned 0x1 [0108.667] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0001e9d44 | out: lpFileInformation=0xc0001e9d44) returned 1 [0108.667] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0001e9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001e9d28) returned 1 [0108.667] ReadFile (in: hFile=0x128, lpBuffer=0xc0002fa280, nNumberOfBytesToRead=0x280, lpNumberOfBytesRead=0xc0001e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fa280*, lpNumberOfBytesRead=0xc0001e9c04*=0x80, lpOverlapped=0x0) returned 1 [0108.668] ReadFile (in: hFile=0x128, lpBuffer=0xc0002fa300, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fa300*, lpNumberOfBytesRead=0xc0001e9c04*=0x0, lpOverlapped=0x0) returned 1 [0108.668] CloseHandle (hObject=0x128) returned 1 [0108.668] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0108.669] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0108.669] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Office\\ONetConfig\\350db95df4cbd94b2a1c300510e12e11.sig" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\office\\onetconfig\\350db95df4cbd94b2a1c300510e12e11.sig"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0108.671] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001e9d04 | out: lpMode=0xc0001e9d04) returned 0 [0108.685] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.687] SetEvent (hEvent=0x15c) returned 1 [0108.687] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.690] SetEvent (hEvent=0x1a0) returned 1 [0108.690] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe30*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.691] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f698, ulCount=0x10, ulNumEntriesRemoved=0x29a9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f698, ulNumEntriesRemoved=0x29a9f66c) returned 0 [0108.691] SetEvent (hEvent=0xf4) returned 1 [0108.691] SetEvent (hEvent=0x1a0) returned 1 [0108.691] SetEvent (hEvent=0x9c) returned 1 [0108.692] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.704] SetEvent (hEvent=0xf4) returned 1 [0108.704] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.713] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.713] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe30*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0108.713] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.714] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29a9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f6a0, ulNumEntriesRemoved=0x29a9f674) returned 0 [0108.714] SetEvent (hEvent=0xf4) returned 1 [0108.714] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe18*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0108.714] SetEvent (hEvent=0x15c) returned 1 [0108.714] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.721] SetEvent (hEvent=0x15c) returned 1 [0108.722] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.723] SetEvent (hEvent=0xb8) returned 1 [0108.723] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.726] SetEvent (hEvent=0x164) returned 1 [0108.726] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.760] SetEvent (hEvent=0x15c) returned 1 [0108.760] SetEvent (hEvent=0x9c) returned 1 [0108.760] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.764] SetEvent (hEvent=0xb8) returned 1 [0108.764] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.805] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.806] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0108.807] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0108.807] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0158*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000219818, lpReserved=0x0 | out: lpBuffer=0xc0000a0158*, lpNumberOfCharsWritten=0xc000219818*=0x2) returned 1 [0108.809] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.826] SetEvent (hEvent=0x164) returned 1 [0108.826] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.827] SetEvent (hEvent=0x164) returned 1 [0108.827] SetEvent (hEvent=0xf4) returned 1 [0108.827] SetEvent (hEvent=0x9c) returned 1 [0108.827] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.835] SetEvent (hEvent=0x15c) returned 1 [0108.836] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.843] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000238048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001e9818, lpReserved=0x0 | out: lpBuffer=0xc000238048*, lpNumberOfCharsWritten=0xc0001e9818*=0x2) returned 1 [0108.844] SetEvent (hEvent=0xf4) returned 1 [0108.844] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.871] SetEvent (hEvent=0xf4) returned 1 [0108.871] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.892] SetEvent (hEvent=0xf4) returned 1 [0108.892] SetEvent (hEvent=0x9c) returned 1 [0108.892] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.903] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.907] VirtualFree (lpAddress=0xc00025e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.907] SetEvent (hEvent=0xb8) returned 1 [0108.907] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.918] SetEvent (hEvent=0x9c) returned 1 [0108.918] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0108.956] SetEvent (hEvent=0x9c) returned 1 [0108.956] SetEvent (hEvent=0xb8) returned 1 [0108.956] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.957] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.957] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.957] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.958] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.958] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.958] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.959] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.959] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.959] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.959] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.960] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.960] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.960] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.961] VirtualFree (lpAddress=0xc00004e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.961] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.961] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.962] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0108.962] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0108.962] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000179d64 | out: lpMode=0xc000179d64) returned 0 [0108.972] GetFileType (hFile=0x180) returned 0x1 [0108.972] WriteFile (in: hFile=0x180, lpBuffer=0xc000076420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000179d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000076420*, lpNumberOfBytesWritten=0xc000179d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.972] CloseHandle (hObject=0x180) returned 1 [0108.972] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0108.973] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn\\Burn\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\burn\\burn\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0108.974] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000238028*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001b3818, lpReserved=0x0 | out: lpBuffer=0xc000238028*, lpNumberOfCharsWritten=0xc0001b3818*=0x2) returned 1 [0108.990] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00023802c*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001bd818, lpReserved=0x0 | out: lpBuffer=0xc00023802c*, lpNumberOfCharsWritten=0xc0001bd818*=0x2) returned 1 [0108.991] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0109.008] SetEvent (hEvent=0x9c) returned 1 [0109.008] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0109.008] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000238010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00014d818, lpReserved=0x0 | out: lpBuffer=0xc000238010*, lpNumberOfCharsWritten=0xc00014d818*=0x3) returned 1 [0109.011] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000082300*, nNumberOfCharsToWrite=0x7a, lpNumberOfCharsWritten=0xc000247808, lpReserved=0x0 | out: lpBuffer=0xc000082300*, lpNumberOfCharsWritten=0xc000247808*=0x7a) returned 1 [0109.031] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0109.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0109.031] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0109.033] GetFileType (hFile=0x180) returned 0x1 [0109.033] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0109.033] CloseHandle (hObject=0x180) returned 1 [0109.034] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0109.035] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0109.045] SetEvent (hEvent=0xb8) returned 1 [0109.045] SetEvent (hEvent=0x164) returned 1 [0109.045] SetEvent (hEvent=0x1a0) returned 1 [0109.045] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0109.267] SetEvent (hEvent=0x9c) returned 1 [0109.267] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0109.268] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0109.268] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0109.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0109.269] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0109.278] GetFileType (hFile=0x1b4) returned 0x1 [0109.278] GetFileType (hFile=0x1b4) returned 0x1 [0109.278] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0109.278] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0109.278] VirtualAlloc (lpAddress=0xc000324000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000324000 [0109.279] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000324000, nNumberOfBytesToRead=0x8200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc000324000*, lpNumberOfBytesRead=0xc000175c04*=0x8000, lpOverlapped=0x0) returned 1 [0109.555] SwitchToThread () returned 1 [0109.704] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0109.725] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00032c000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc00032c000*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0109.725] CloseHandle (hObject=0x1b4) returned 1 [0109.725] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0109.726] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0109.726] VirtualAlloc (lpAddress=0xc000346000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0109.727] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.727] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat\\*", lpFindFileData=0xc000175a08 | out: lpFindFileData=0xc000175a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.727] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000175720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0109.728] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0109.728] SetEvent (hEvent=0x15c) returned 1 [0109.728] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0109.737] SetEvent (hEvent=0x108) returned 1 [0109.737] SetEvent (hEvent=0x1a0) returned 1 [0109.737] SetEvent (hEvent=0x9c) returned 1 [0109.737] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0109.745] SetEvent (hEvent=0x108) returned 1 [0109.745] SetEvent (hEvent=0x15c) returned 1 [0109.745] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0109.754] SetEvent (hEvent=0x15c) returned 1 [0109.754] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0109.771] SetEvent (hEvent=0x9c) returned 1 [0109.771] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0109.805] SetEvent (hEvent=0x108) returned 1 [0109.805] SetEvent (hEvent=0x15c) returned 1 [0109.805] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0109.827] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000ce180*, nNumberOfCharsToWrite=0xb7, lpNumberOfCharsWritten=0xc0001ad808, lpReserved=0x0 | out: lpBuffer=0xc0000ce180*, lpNumberOfCharsWritten=0xc0001ad808*=0xb7) returned 1 [0109.840] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0109.840] VirtualAlloc (lpAddress=0xc0002ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ac000 [0109.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0109.841] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0001add64 | out: lpMode=0xc0001add64) returned 0 [0109.842] GetFileType (hFile=0xec) returned 0x1 [0109.842] WriteFile (in: hFile=0xec, lpBuffer=0xc0002ac2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001add4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ac2c0*, lpNumberOfBytesWritten=0xc0001add4c*=0x158, lpOverlapped=0x0) returned 1 [0109.843] CloseHandle (hObject=0xec) returned 1 [0109.843] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\encry-thumbcache_1024.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\encry-thumbcache_1024.db"), dwFlags=0x1) returned 1 [0109.845] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000ce780*, nNumberOfCharsToWrite=0xb5, lpNumberOfCharsWritten=0xc000285808, lpReserved=0x0 | out: lpBuffer=0xc0000ce780*, lpNumberOfCharsWritten=0xc000285808*=0xb5) returned 1 [0109.858] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082501 | out: pbBuffer=0xc000082501) returned 1 [0109.858] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0109.859] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0109.859] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0109.860] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0109.860] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000285d64 | out: lpMode=0xc000285d64) returned 0 [0109.876] GetFileType (hFile=0xec) returned 0x1 [0109.876] WriteFile (in: hFile=0xec, lpBuffer=0xc0002ac420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000285d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ac420*, lpNumberOfBytesWritten=0xc000285d4c*=0x158, lpOverlapped=0x0) returned 1 [0109.877] CloseHandle (hObject=0xec) returned 1 [0109.877] VirtualAlloc (lpAddress=0xc0002ae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ae000 [0109.878] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\encry-thumbcache_32.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\encry-thumbcache_32.db"), dwFlags=0x1) returned 1 [0109.879] SwitchToThread () returned 1 [0109.894] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0109.897] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0109.909] SetEvent (hEvent=0x9c) returned 1 [0109.910] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000292000*, nNumberOfCharsToWrite=0x90, lpNumberOfCharsWritten=0xc00014d808, lpReserved=0x0 | out: lpBuffer=0xc000292000*, lpNumberOfCharsWritten=0xc00014d808*=0x90) returned 1 [0109.912] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0109.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0109.913] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00014dd64 | out: lpMode=0xc00014dd64) returned 0 [0109.914] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0109.922] GetFileType (hFile=0xec) returned 0x1 [0109.922] WriteFile (in: hFile=0xec, lpBuffer=0xc0002ac000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ac000*, lpNumberOfBytesWritten=0xc00014dd4c*=0x158, lpOverlapped=0x0) returned 1 [0109.923] CloseHandle (hObject=0xec) returned 1 [0109.923] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\MM5O9XQS\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\mm5o9xqs\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0109.924] SwitchToThread () returned 1 [0109.932] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0109.934] SetEvent (hEvent=0x108) returned 1 [0109.934] SetEvent (hEvent=0x9c) returned 1 [0109.934] VirtualFree (lpAddress=0xc000400000, dwSize=0x46000, dwFreeType=0x4000) returned 1 [0109.936] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.936] VirtualFree (lpAddress=0xc000346000, dwSize=0x4a000, dwFreeType=0x4000) returned 1 [0109.938] VirtualFree (lpAddress=0xc0002b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.938] VirtualFree (lpAddress=0xc0002ae000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.939] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.939] VirtualFree (lpAddress=0xc000290000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.939] VirtualFree (lpAddress=0xc00025a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0109.939] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0109.940] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.940] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.940] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.941] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.941] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.941] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.941] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.942] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.942] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.942] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.942] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.943] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586200*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000199818, lpReserved=0x0 | out: lpBuffer=0xc000586200*, lpNumberOfCharsWritten=0xc000199818*=0x3) returned 1 [0109.945] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002a81e0*, nNumberOfCharsToWrite=0xe4, lpNumberOfCharsWritten=0xc00029b808, lpReserved=0x0 | out: lpBuffer=0xc0002a81e0*, lpNumberOfCharsWritten=0xc00029b808*=0xe4) returned 1 [0109.957] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0109.958] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0109.958] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0109.959] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0109.959] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00029bd64 | out: lpMode=0xc00029bd64) returned 0 [0109.971] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0109.974] SetEvent (hEvent=0xf4) returned 1 [0109.974] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0110.019] SetEvent (hEvent=0x108) returned 1 [0110.019] VirtualAlloc (lpAddress=0xc0002e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e4000 [0110.020] VirtualAlloc (lpAddress=0xc0002e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e6000 [0110.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0110.021] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0002d9cf4 | out: lpMode=0xc0002d9cf4) returned 0 [0110.022] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0110.026] SetEvent (hEvent=0x108) returned 1 [0110.026] GetFileType (hFile=0xec) returned 0x1 [0110.026] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0110.032] GetFileType (hFile=0xec) returned 0x1 [0110.032] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0002d9d44 | out: lpFileInformation=0xc0002d9d44) returned 1 [0110.032] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0002d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d9d28) returned 1 [0110.032] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0110.033] ReadFile (in: hFile=0xec, lpBuffer=0xc000040000, nNumberOfBytesToRead=0x48e, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesRead=0xc0002d9c04*=0x28e, lpOverlapped=0x0) returned 1 [0110.038] ReadFile (in: hFile=0xec, lpBuffer=0xc00004028e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004028e*, lpNumberOfBytesRead=0xc0002d9c04*=0x0, lpOverlapped=0x0) returned 1 [0110.038] CloseHandle (hObject=0xec) returned 1 [0110.038] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0110.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.051] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0002d9d04 | out: lpMode=0xc0002d9d04) returned 0 [0110.054] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0110.065] GetFileType (hFile=0x1b4) returned 0x1 [0110.065] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00004c000*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xc0002d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesWritten=0xc0002d9cec*=0x290, lpOverlapped=0x0) returned 1 [0110.066] CloseHandle (hObject=0x1b4) returned 1 [0110.068] SwitchToThread () returned 1 [0110.076] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0110.076] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0110.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0110.077] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0002d9d64 | out: lpMode=0xc0002d9d64) returned 0 [0110.081] GetFileType (hFile=0x1dc) returned 0x1 [0110.081] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0002ac2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ac2c0*, lpNumberOfBytesWritten=0xc0002d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.081] CloseHandle (hObject=0x1dc) returned 1 [0110.092] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA3vOVA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa3vova[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-AA3vOVA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-aa3vova[1].png"), dwFlags=0x1) returned 1 [0110.217] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe30*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.218] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f698, ulCount=0x10, ulNumEntriesRemoved=0x29a9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f698, ulNumEntriesRemoved=0x29a9f66c) returned 0 [0110.218] SetEvent (hEvent=0xc0) returned 1 [0110.218] SetEvent (hEvent=0xfc) returned 1 [0110.219] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.220] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.222] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29a9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f6a0, ulNumEntriesRemoved=0x29a9f674) returned 0 [0110.222] SetEvent (hEvent=0x9c) returned 1 [0110.222] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe18*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.225] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0110.238] SetEvent (hEvent=0xf4) returned 1 [0110.238] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0110.244] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0110.245] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0110.249] SetEvent (hEvent=0xf4) returned 1 [0110.249] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.250] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.250] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.250] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.251] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.251] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.251] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.251] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.252] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.252] SwitchToThread () returned 1 [0110.255] SetEvent (hEvent=0xf4) returned 1 [0110.255] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0110.258] SetEvent (hEvent=0xf4) returned 1 [0110.258] SetEvent (hEvent=0x120) returned 1 [0110.258] SetEvent (hEvent=0xfc) returned 1 [0110.258] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0112.537] SwitchToThread () returned 1 [0112.537] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0114.141] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x194 [0114.142] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0001cbcf4 | out: lpMode=0xc0001cbcf4) returned 0 [0114.147] GetFileType (hFile=0x194) returned 0x1 [0114.147] GetFileType (hFile=0x194) returned 0x1 [0114.147] GetFileInformationByHandle (in: hFile=0x194, lpFileInformation=0xc0001cbd44 | out: lpFileInformation=0xc0001cbd44) returned 1 [0114.147] GetFileInformationByHandleEx (in: hFile=0x194, FileInformationClass=0x9, lpFileInformation=0xc0001cbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cbd28) returned 1 [0114.147] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0114.149] ReadFile (in: hFile=0x194, lpBuffer=0xc00027c000, nNumberOfBytesToRead=0x221f, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesRead=0xc0001cbc04*=0x201f, lpOverlapped=0x0) returned 1 [0114.157] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0114.194] ReadFile (in: hFile=0x194, lpBuffer=0xc00027e01f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00027e01f*, lpNumberOfBytesRead=0xc0001cbc04*=0x0, lpOverlapped=0x0) returned 1 [0114.195] CloseHandle (hObject=0x194) returned 1 [0114.195] VirtualAlloc (lpAddress=0xc0002b2000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b2000 [0114.196] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0114.220] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0114.239] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001cbd04 | out: lpMode=0xc0001cbd04) returned 0 [0114.243] GetFileType (hFile=0x1e4) returned 0x1 [0114.243] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0002b2000*, nNumberOfBytesToWrite=0x2020, lpNumberOfBytesWritten=0xc0001cbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b2000*, lpNumberOfBytesWritten=0xc0001cbcec*=0x2020, lpOverlapped=0x0) returned 1 [0114.244] CloseHandle (hObject=0x1e4) returned 1 [0114.253] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0114.280] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0114.280] VirtualAlloc (lpAddress=0xc000388000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000388000 [0114.280] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0114.281] GetConsoleMode (in: hConsoleHandle=0x1e0, lpMode=0xc0001cbd64 | out: lpMode=0xc0001cbd64) returned 0 [0114.282] GetFileType (hFile=0x1e0) returned 0x1 [0114.282] WriteFile (in: hFile=0x1e0, lpBuffer=0xc000040f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000040f20*, lpNumberOfBytesWritten=0xc0001cbd4c*=0x158, lpOverlapped=0x0) returned 1 [0114.282] CloseHandle (hObject=0x1e0) returned 1 [0114.287] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgXBv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegxbv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEgXBv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbegxbv[1].jpg"), dwFlags=0x1) returned 1 [0114.500] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0114.503] SetEvent (hEvent=0x1dc) returned 1 [0114.503] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0115.669] SetEvent (hEvent=0xf4) returned 1 [0115.669] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0115.674] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e8 [0115.674] GetConsoleMode (in: hConsoleHandle=0x1e8, lpMode=0xc0002a3cf4 | out: lpMode=0xc0002a3cf4) returned 0 [0115.679] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0115.875] GetFileType (hFile=0x1e8) returned 0x1 [0115.875] GetFileType (hFile=0x1e8) returned 0x1 [0115.875] GetFileInformationByHandle (in: hFile=0x1e8, lpFileInformation=0xc0002a3d44 | out: lpFileInformation=0xc0002a3d44) returned 1 [0115.875] GetFileInformationByHandleEx (in: hFile=0x1e8, FileInformationClass=0x9, lpFileInformation=0xc0002a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a3d28) returned 1 [0115.876] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0115.876] ReadFile (in: hFile=0x1e8, lpBuffer=0xc0001c0000, nNumberOfBytesToRead=0xa5d, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0000*, lpNumberOfBytesRead=0xc0002a3c04*=0x85d, lpOverlapped=0x0) returned 1 [0115.881] ReadFile (in: hFile=0x1e8, lpBuffer=0xc0001c085d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c085d*, lpNumberOfBytesRead=0xc0002a3c04*=0x0, lpOverlapped=0x0) returned 1 [0115.881] CloseHandle (hObject=0x1e8) returned 1 [0115.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0115.924] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0002a3d04 | out: lpMode=0xc0002a3d04) returned 0 [0115.927] GetFileType (hFile=0x184) returned 0x1 [0115.927] WriteFile (in: hFile=0x184, lpBuffer=0xc00003c900*, nNumberOfBytesToWrite=0x860, lpNumberOfBytesWritten=0xc0002a3cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c900*, lpNumberOfBytesWritten=0xc0002a3cec*=0x860, lpOverlapped=0x0) returned 1 [0115.928] CloseHandle (hObject=0x184) returned 1 [0115.933] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2601 | out: pbBuffer=0xc0001c2601) returned 1 [0115.934] VirtualAlloc (lpAddress=0xc0003c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c8000 [0115.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0115.934] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0002a3d64 | out: lpMode=0xc0002a3d64) returned 0 [0115.936] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0115.954] SetEvent (hEvent=0x100) returned 1 [0115.954] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0115.998] SetEvent (hEvent=0x100) returned 1 [0115.998] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0116.008] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d0 [0116.009] GetConsoleMode (in: hConsoleHandle=0x2d0, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0116.010] GetFileType (hFile=0x2d0) returned 0x1 [0116.010] GetFileType (hFile=0x2d0) returned 0x1 [0116.010] GetFileInformationByHandle (in: hFile=0x2d0, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0116.010] GetFileInformationByHandleEx (in: hFile=0x2d0, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0116.010] VirtualAlloc (lpAddress=0xc000354000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000354000 [0116.011] ReadFile (in: hFile=0x2d0, lpBuffer=0xc000354000, nNumberOfBytesToRead=0xa84, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc000354000*, lpNumberOfBytesRead=0xc000247c04*=0x884, lpOverlapped=0x0) returned 1 [0116.013] ReadFile (in: hFile=0x2d0, lpBuffer=0xc000354884, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc000354884*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0116.014] CloseHandle (hObject=0x2d0) returned 1 [0116.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0116.097] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc000247d04 | out: lpMode=0xc000247d04) returned 0 [0116.097] GetFileType (hFile=0x2e4) returned 0x1 [0116.097] WriteFile (in: hFile=0x2e4, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x890, lpNumberOfBytesWritten=0xc000247cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc000247cec*=0x890, lpOverlapped=0x0) returned 1 [0116.098] CloseHandle (hObject=0x2e4) returned 1 [0116.098] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a501 | out: pbBuffer=0xc00031a501) returned 1 [0116.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0116.099] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0116.099] GetFileType (hFile=0x2e4) returned 0x1 [0116.099] WriteFile (in: hFile=0x2e4, lpBuffer=0xc00035cb00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00035cb00*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.099] CloseHandle (hObject=0x2e4) returned 1 [0116.100] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0BiZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0biz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBC0BiZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbc0biz[1].jpg"), dwFlags=0x1) returned 1 [0116.646] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f698, ulCount=0x10, ulNumEntriesRemoved=0x29a9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f698, ulNumEntriesRemoved=0x29a9f66c) returned 0 [0116.646] SetEvent (hEvent=0x144) returned 1 [0116.647] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.647] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29a9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f6a0, ulNumEntriesRemoved=0x29a9f674) returned 0 [0116.647] SetEvent (hEvent=0x29c) returned 1 [0116.648] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe18*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.649] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe30*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.649] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f698, ulCount=0x10, ulNumEntriesRemoved=0x29a9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f698, ulNumEntriesRemoved=0x29a9f66c) returned 0 [0116.649] SetEvent (hEvent=0x144) returned 1 [0116.650] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.652] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.652] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29a9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f6a0, ulNumEntriesRemoved=0x29a9f674) returned 0 [0116.652] SetEvent (hEvent=0x2b0) returned 1 [0116.652] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe18*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.653] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe30*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.654] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f698, ulCount=0x10, ulNumEntriesRemoved=0x29a9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f698, ulNumEntriesRemoved=0x29a9f66c) returned 0 [0116.654] SetEvent (hEvent=0x29c) returned 1 [0116.654] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.656] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0116.656] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.657] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29a9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f6a0, ulNumEntriesRemoved=0x29a9f674) returned 0 [0116.657] SetEvent (hEvent=0x29c) returned 1 [0116.657] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe18*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.658] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0116.658] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe30*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.659] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0116.659] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f698, ulCount=0x10, ulNumEntriesRemoved=0x29a9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f698, ulNumEntriesRemoved=0x29a9f66c) returned 0 [0116.659] SetEvent (hEvent=0xc0) returned 1 [0116.659] SetEvent (hEvent=0x29c) returned 1 [0116.660] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.661] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0116.661] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe08*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.661] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29a9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29a9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29a9f6a0, ulNumEntriesRemoved=0x29a9f674) returned 0 [0116.661] SetEvent (hEvent=0x9c) returned 1 [0116.661] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29a9fe18*=0x188, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.664] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0117.409] SetEvent (hEvent=0x28c) returned 1 [0117.409] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0117.416] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0117.417] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000173cf4 | out: lpMode=0xc000173cf4) returned 0 [0117.423] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0117.550] GetFileType (hFile=0x1ec) returned 0x1 [0117.550] GetFileType (hFile=0x1ec) returned 0x1 [0117.550] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc000173d44 | out: lpFileInformation=0xc000173d44) returned 1 [0117.550] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc000173d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000173d28) returned 1 [0117.550] VirtualAlloc (lpAddress=0xc000354000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000354000 [0117.552] ReadFile (in: hFile=0x1ec, lpBuffer=0xc000354000, nNumberOfBytesToRead=0x673e, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc000354000*, lpNumberOfBytesRead=0xc000173c04*=0x653e, lpOverlapped=0x0) returned 1 [0117.559] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0117.676] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00035a53e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc00035a53e*, lpNumberOfBytesRead=0xc000173c04*=0x0, lpOverlapped=0x0) returned 1 [0117.676] CloseHandle (hObject=0x1ec) returned 1 [0117.676] VirtualAlloc (lpAddress=0xc00056e000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00056e000 [0117.679] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0117.774] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000173d04 | out: lpMode=0xc000173d04) returned 0 [0117.775] SetEvent (hEvent=0x120) returned 1 [0117.775] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0117.817] VirtualFree (lpAddress=0xc0005ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.817] GetFileType (hFile=0x2b4) returned 0x1 [0117.817] WriteFile (in: hFile=0x2b4, lpBuffer=0xc00058e000*, nNumberOfBytesToWrite=0x25500, lpNumberOfBytesWritten=0xc0001bdcec, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesWritten=0xc0001bdcec*=0x25500, lpOverlapped=0x0) returned 1 [0117.822] CloseHandle (hObject=0x2b4) returned 1 [0117.827] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532601 | out: pbBuffer=0xc000532601) returned 1 [0117.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0117.827] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0001bdd64 | out: lpMode=0xc0001bdd64) returned 0 [0117.828] GetFileType (hFile=0x174) returned 0x1 [0117.828] WriteFile (in: hFile=0x174, lpBuffer=0xc0000fc6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc6e0*, lpNumberOfBytesWritten=0xc0001bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.828] CloseHandle (hObject=0x174) returned 1 [0117.829] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-c7-bdbd0d-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-c7-bdbd0d-91cdfbc1[1].txt"), dwFlags=0x1) returned 1 [0118.427] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0118.429] SwitchToThread () returned 1 [0118.558] SwitchToThread () returned 1 [0118.559] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0118.560] SetEvent (hEvent=0x274) returned 1 [0118.560] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0118.561] SetEvent (hEvent=0x274) returned 1 [0118.561] SetEvent (hEvent=0x3c8) returned 1 [0118.561] SetEvent (hEvent=0x2a8) returned 1 [0118.561] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0118.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0118.753] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00018bcf4 | out: lpMode=0xc00018bcf4) returned 0 [0118.756] GetFileType (hFile=0x174) returned 0x1 [0118.756] GetFileType (hFile=0x174) returned 0x1 [0118.756] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc00018bd44 | out: lpFileInformation=0xc00018bd44) returned 1 [0118.756] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc00018bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018bd28) returned 1 [0118.756] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0118.758] ReadFile (in: hFile=0x174, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x4008, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc00018bc04*=0x3e08, lpOverlapped=0x0) returned 1 [0118.765] ReadFile (in: hFile=0x174, lpBuffer=0xc0002a7e08, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a7e08*, lpNumberOfBytesRead=0xc00018bc04*=0x0, lpOverlapped=0x0) returned 1 [0118.765] CloseHandle (hObject=0x174) returned 1 [0118.765] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0118.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0118.766] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00018bd04 | out: lpMode=0xc00018bd04) returned 0 [0118.772] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0118.822] SetEvent (hEvent=0x24c) returned 1 [0118.822] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0118.823] SetEvent (hEvent=0x24c) returned 1 [0118.823] SetEvent (hEvent=0x364) returned 1 [0118.823] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0118.843] SetEvent (hEvent=0x264) returned 1 [0118.843] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0118.847] SetEvent (hEvent=0x3c8) returned 1 [0118.847] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0119.004] SetEvent (hEvent=0x318) returned 1 [0119.004] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0119.010] GetFileType (hFile=0x2fc) returned 0x1 [0119.010] WriteFile (in: hFile=0x2fc, lpBuffer=0xc0001b6000*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0xc0001d1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001b6000*, lpNumberOfBytesWritten=0xc0001d1cec*=0x7c0, lpOverlapped=0x0) returned 1 [0119.011] CloseHandle (hObject=0x2fc) returned 1 [0119.014] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0119.075] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a101 | out: pbBuffer=0xc00028a101) returned 1 [0119.075] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0119.075] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0119.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0119.076] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc0001d1d64 | out: lpMode=0xc0001d1d64) returned 0 [0119.078] GetFileType (hFile=0x2e4) returned 0x1 [0119.078] WriteFile (in: hFile=0x2e4, lpBuffer=0xc0000bc2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc2c0*, lpNumberOfBytesWritten=0xc0001d1d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.078] CloseHandle (hObject=0x2e4) returned 1 [0119.081] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-AAlG41q[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-aalg41q[1].jpg"), dwFlags=0x1) returned 1 [0119.289] SwitchToThread () returned 1 [0119.290] SetEvent (hEvent=0x28c) returned 1 [0119.290] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0119.292] SetEvent (hEvent=0x28c) returned 1 [0119.292] SetEvent (hEvent=0xb8) returned 1 [0119.292] SetEvent (hEvent=0x1e8) returned 1 [0119.292] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0141.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0OwJbeK2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0owjbek2.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c8 [0141.505] GetConsoleMode (in: hConsoleHandle=0x2c8, lpMode=0xc000279cf4 | out: lpMode=0xc000279cf4) returned 0 [0141.508] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0141.912] GetFileType (hFile=0x2c8) returned 0x1 [0141.912] GetFileType (hFile=0x2c8) returned 0x1 [0141.912] GetFileInformationByHandle (in: hFile=0x2c8, lpFileInformation=0xc000279d44 | out: lpFileInformation=0xc000279d44) returned 1 [0141.912] GetFileInformationByHandleEx (in: hFile=0x2c8, FileInformationClass=0x9, lpFileInformation=0xc000279d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000279d28) returned 1 [0141.912] ReadFile (in: hFile=0x2c8, lpBuffer=0xc0002e6a00, nNumberOfBytesToRead=0x2151, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e6a00*, lpNumberOfBytesRead=0xc000279c04*=0x1f51, lpOverlapped=0x0) returned 1 [0142.648] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0143.097] ReadFile (in: hFile=0x2c8, lpBuffer=0xc0002e8951, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e8951*, lpNumberOfBytesRead=0xc000279c04*=0x0, lpOverlapped=0x0) returned 1 [0143.097] CloseHandle (hObject=0x2c8) returned 1 [0143.097] VirtualAlloc (lpAddress=0xc0006ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ac000 [0143.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0OwJbeK2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0owjbek2.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0143.100] GetConsoleMode (in: hConsoleHandle=0x2c8, lpMode=0xc000279d04 | out: lpMode=0xc000279d04) returned 0 [0143.101] GetFileType (hFile=0x2c8) returned 0x1 [0143.101] WriteFile (in: hFile=0x2c8, lpBuffer=0xc0006ac000*, nNumberOfBytesToWrite=0x1f60, lpNumberOfBytesWritten=0xc000279cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006ac000*, lpNumberOfBytesWritten=0xc000279cec*=0x1f60, lpOverlapped=0x0) returned 1 [0143.102] CloseHandle (hObject=0x2c8) returned 1 [0143.103] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533801 | out: pbBuffer=0xc000533801) returned 1 [0143.103] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0OwJbeK2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0owjbek2.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0143.103] GetConsoleMode (in: hConsoleHandle=0x2c8, lpMode=0xc000279d64 | out: lpMode=0xc000279d64) returned 0 [0143.109] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0143.974] GetFileType (hFile=0x2c8) returned 0x1 [0143.974] WriteFile (in: hFile=0x2c8, lpBuffer=0xc00007f080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000279d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007f080*, lpNumberOfBytesWritten=0xc000279d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.974] CloseHandle (hObject=0x2c8) returned 1 [0143.974] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0143.976] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0OwJbeK2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0owjbek2.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-0OwJbeK2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-0owjbek2.lnk"), dwFlags=0x1) returned 1 [0143.978] SetEvent (hEvent=0x1f8) returned 1 [0143.978] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0143.987] SetEvent (hEvent=0x324) returned 1 [0143.987] SetEvent (hEvent=0xec) returned 1 [0143.987] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0143.991] VirtualFree (lpAddress=0xc000778000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0143.992] VirtualFree (lpAddress=0xc0006fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.993] VirtualFree (lpAddress=0xc000690000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.994] VirtualFree (lpAddress=0xc00066c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.994] VirtualFree (lpAddress=0xc000618000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.995] VirtualFree (lpAddress=0xc000368000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0143.996] VirtualFree (lpAddress=0xc000330000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.997] VirtualFree (lpAddress=0xc000262000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.998] VirtualFree (lpAddress=0xc000202000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.998] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.999] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.999] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0144.000] SetEvent (hEvent=0x9c0) returned 1 [0144.000] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) returned 0x0 [0144.009] SetEvent (hEvent=0x324) returned 1 [0144.009] SetEvent (hEvent=0xb00) returned 1 [0144.009] WaitForSingleObject (hHandle=0x188, dwMilliseconds=0xffffffff) Thread: id = 25 os_tid = 0x934 [0103.501] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x29c9fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x29c9fea0*=0x19c) returned 1 [0103.501] VirtualQuery (in: lpAddress=0x29c9fec0, lpBuffer=0x29c9fec0, dwLength=0x30 | out: lpBuffer=0x29c9fec0*(BaseAddress=0x29c9f000, AllocationBase=0x29aa0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0103.501] SetEvent (hEvent=0x164) returned 1 [0103.501] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1a0 [0103.501] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1a4 [0103.501] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0103.518] SetEvent (hEvent=0x188) returned 1 [0103.518] SetEvent (hEvent=0x8c) returned 1 [0103.518] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0103.528] SetEvent (hEvent=0x9c) returned 1 [0103.528] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0104.570] SetEvent (hEvent=0x108) returned 1 [0104.570] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0104.582] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\cloud_route_details\\view.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1c4 [0104.582] GetConsoleMode (in: hConsoleHandle=0x1c4, lpMode=0xc0000bdcf4 | out: lpMode=0xc0000bdcf4) returned 0 [0104.587] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0104.641] SetEvent (hEvent=0x164) returned 1 [0104.641] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0107.933] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0107.934] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0107.934] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0107.935] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0107.936] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0107.937] SetEvent (hEvent=0x198) returned 1 [0107.937] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0038*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0038*, lpNumberOfCharsWritten=0xc0006e1818*=0x4) returned 1 [0107.938] SetEvent (hEvent=0x198) returned 1 [0107.938] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0060*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00020b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0060*, lpNumberOfCharsWritten=0xc00020b818*=0x4) returned 1 [0107.939] SetEvent (hEvent=0x198) returned 1 [0107.939] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0107.939] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0107.939] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0068*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00015d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0068*, lpNumberOfCharsWritten=0xc00015d818*=0x4) returned 1 [0107.940] SetEvent (hEvent=0x198) returned 1 [0107.940] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0120*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001ed818, lpReserved=0x0 | out: lpBuffer=0xc0000a0120*, lpNumberOfCharsWritten=0xc0001ed818*=0x4) returned 1 [0107.941] SetEvent (hEvent=0x198) returned 1 [0107.941] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0128*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000269818, lpReserved=0x0 | out: lpBuffer=0xc0000a0128*, lpNumberOfCharsWritten=0xc000269818*=0x4) returned 1 [0107.941] SetEvent (hEvent=0x198) returned 1 [0107.941] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0107.942] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001dc000*, nNumberOfCharsToWrite=0x66, lpNumberOfCharsWritten=0xc0001bd808, lpReserved=0x0 | out: lpBuffer=0xc0001dc000*, lpNumberOfCharsWritten=0xc0001bd808*=0x66) returned 1 [0107.943] SetEvent (hEvent=0x198) returned 1 [0107.943] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0107.943] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0107.943] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0107.943] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0107.944] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0107.944] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0108.405] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0001bdd64 | out: lpMode=0xc0001bdd64) returned 0 [0108.409] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.417] GetFileType (hFile=0x1b4) returned 0x1 [0108.417] WriteFile (in: hFile=0x1b4, lpBuffer=0xc000232000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000232000*, lpNumberOfBytesWritten=0xc0001bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0108.418] CloseHandle (hObject=0x1b4) returned 1 [0108.419] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Feeds Cache\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\feeds cache\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0108.420] SetEvent (hEvent=0xf4) returned 1 [0108.420] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.473] SetEvent (hEvent=0x164) returned 1 [0108.473] SetEvent (hEvent=0xb8) returned 1 [0108.473] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.484] SetEvent (hEvent=0x188) returned 1 [0108.484] SetEvent (hEvent=0xb8) returned 1 [0108.484] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.498] SetEvent (hEvent=0x188) returned 1 [0108.498] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.502] SetEvent (hEvent=0x188) returned 1 [0108.502] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.505] SetEvent (hEvent=0x188) returned 1 [0108.505] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.506] SetEvent (hEvent=0x188) returned 1 [0108.506] SetEvent (hEvent=0xb8) returned 1 [0108.506] SetEvent (hEvent=0xf4) returned 1 [0108.506] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.509] VirtualFree (lpAddress=0xc0002b6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.509] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.509] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.510] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.510] VirtualFree (lpAddress=0xc00003e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0108.510] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0108.511] SwitchToThread () returned 1 [0108.515] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.523] SetEvent (hEvent=0x188) returned 1 [0108.523] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0108.526] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00014dcf4 | out: lpMode=0xc00014dcf4) returned 0 [0108.526] GetFileType (hFile=0x1bc) returned 0x1 [0108.526] GetFileType (hFile=0x1bc) returned 0x1 [0108.526] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc00014dd44 | out: lpFileInformation=0xc00014dd44) returned 1 [0108.527] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc00014dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014dd28) returned 1 [0108.527] VirtualAlloc (lpAddress=0xc0002e4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e4000 [0108.527] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002e4000, nNumberOfBytesToRead=0x637, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e4000*, lpNumberOfBytesRead=0xc00014dc04*=0x437, lpOverlapped=0x0) returned 1 [0108.533] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.536] SetEvent (hEvent=0x188) returned 1 [0108.536] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002e4437, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e4437*, lpNumberOfBytesRead=0xc00014dc04*=0x0, lpOverlapped=0x0) returned 1 [0108.537] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.546] CloseHandle (hObject=0x1bc) returned 1 [0108.546] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0108.546] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0108.547] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0108.547] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0108.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0108.548] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00014dd04 | out: lpMode=0xc00014dd04) returned 0 [0108.561] GetFileType (hFile=0x1bc) returned 0x1 [0108.561] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0108.562] WriteFile (in: hFile=0x1bc, lpBuffer=0xc00024e000*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xc00014dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00024e000*, lpNumberOfBytesWritten=0xc00014dcec*=0x440, lpOverlapped=0x0) returned 1 [0108.563] CloseHandle (hObject=0x1bc) returned 1 [0108.563] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0108.563] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0108.563] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0108.564] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0108.564] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0108.565] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0108.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0108.565] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc00014dd64 | out: lpMode=0xc00014dd64) returned 0 [0108.573] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.578] GetFileType (hFile=0x1bc) returned 0x1 [0108.578] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000942c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000942c0*, lpNumberOfBytesWritten=0xc00014dd4c*=0x158, lpOverlapped=0x0) returned 1 [0108.578] CloseHandle (hObject=0x1bc) returned 1 [0108.579] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\12_all_video.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\encry-12_All_Video.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\encry-12_all_video.wpl"), dwFlags=0x1) returned 1 [0108.580] SetEvent (hEvent=0x164) returned 1 [0108.580] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.685] SetEvent (hEvent=0xb8) returned 1 [0108.686] SetEvent (hEvent=0x188) returned 1 [0108.686] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.687] SetEvent (hEvent=0xb8) returned 1 [0108.687] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.688] SetEvent (hEvent=0xb8) returned 1 [0108.688] SetEvent (hEvent=0x188) returned 1 [0108.689] SetEvent (hEvent=0x164) returned 1 [0108.689] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.691] SetEvent (hEvent=0x188) returned 1 [0108.691] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.698] SetEvent (hEvent=0x15c) returned 1 [0108.698] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.764] SetEvent (hEvent=0x15c) returned 1 [0108.764] SetEvent (hEvent=0x164) returned 1 [0108.764] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.767] SetEvent (hEvent=0xb8) returned 1 [0108.767] SetEvent (hEvent=0x164) returned 1 [0108.767] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.805] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.808] SetEvent (hEvent=0x164) returned 1 [0108.808] SetEvent (hEvent=0xb8) returned 1 [0108.808] SetEvent (hEvent=0xf4) returned 1 [0108.808] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.815] SetEvent (hEvent=0x164) returned 1 [0108.815] SetEvent (hEvent=0x9c) returned 1 [0108.815] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.844] SetEvent (hEvent=0x164) returned 1 [0108.844] SetEvent (hEvent=0xb8) returned 1 [0108.844] SetEvent (hEvent=0x15c) returned 1 [0108.844] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.908] SetEvent (hEvent=0x9c) returned 1 [0108.908] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0108.908] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0108.908] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0108.909] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0108.909] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000049cf4 | out: lpMode=0xc000049cf4) returned 0 [0108.918] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.941] GetFileType (hFile=0x1bc) returned 0x1 [0108.941] GetFileType (hFile=0x1bc) returned 0x1 [0108.941] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000049d44 | out: lpFileInformation=0xc000049d44) returned 1 [0108.942] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000049d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000049d28) returned 1 [0108.942] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0108.945] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x1ec08, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000049c04*=0x1ea08, lpOverlapped=0x0) returned 1 [0108.963] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002c2a08, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002c2a08*, lpNumberOfBytesRead=0xc000049c04*=0x0, lpOverlapped=0x0) returned 1 [0108.963] CloseHandle (hObject=0x1bc) returned 1 [0108.963] VirtualAlloc (lpAddress=0xc000390000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000390000 [0108.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0108.968] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000049d04 | out: lpMode=0xc000049d04) returned 0 [0108.975] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.991] SetEvent (hEvent=0x9c) returned 1 [0108.991] GetFileType (hFile=0x1bc) returned 0x1 [0108.991] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0108.994] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000390000*, nNumberOfBytesToWrite=0x1ea10, lpNumberOfBytesWritten=0xc000049cec, lpOverlapped=0x0 | out: lpBuffer=0xc000390000*, lpNumberOfBytesWritten=0xc000049cec*=0x1ea10, lpOverlapped=0x0) returned 1 [0108.997] CloseHandle (hObject=0x1bc) returned 1 [0108.997] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0108.997] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0108.998] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0108.998] VirtualAlloc (lpAddress=0xc00032c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032c000 [0108.999] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0108.999] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000049d64 | out: lpMode=0xc000049d64) returned 0 [0109.000] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.008] GetFileType (hFile=0x1bc) returned 0x1 [0109.008] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.023] WriteFile (in: hFile=0x1bc, lpBuffer=0xc000236000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000049d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000236000*, lpNumberOfBytesWritten=0xc000049d4c*=0x158, lpOverlapped=0x0) returned 1 [0109.023] CloseHandle (hObject=0x1bc) returned 1 [0109.023] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\encry-{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\encry-{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db"), dwFlags=0x1) returned 1 [0109.026] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0109.026] SetEvent (hEvent=0xb8) returned 1 [0109.026] SetEvent (hEvent=0x15c) returned 1 [0109.026] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0109.028] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.033] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.033] SetEvent (hEvent=0xb8) returned 1 [0109.033] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.037] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0109.037] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0109.037] SetEvent (hEvent=0xc0) returned 1 [0109.037] SetEvent (hEvent=0x164) returned 1 [0109.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0109.038] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.038] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0109.038] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0109.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0109.039] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0001a1cf4 | out: lpMode=0xc0001a1cf4) returned 0 [0109.040] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.048] SetEvent (hEvent=0xb8) returned 1 [0109.048] GetFileType (hFile=0x1bc) returned 0x1 [0109.048] GetFileType (hFile=0x1bc) returned 0x1 [0109.048] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0001a1d44 | out: lpFileInformation=0xc0001a1d44) returned 1 [0109.048] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0001a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a1d28) returned 1 [0109.048] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x102000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0109.069] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00058e000, nNumberOfBytesToRead=0x100200, lpNumberOfBytesRead=0xc0001a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesRead=0xc0001a1c04*=0x100000, lpOverlapped=0x0) returned 1 [0109.086] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00068e000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00068e000*, lpNumberOfBytesRead=0xc0001a1c04*=0x0, lpOverlapped=0x0) returned 1 [0109.086] CloseHandle (hObject=0x1bc) returned 1 [0109.086] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x102000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ea000 [0109.105] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0109.149] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0109.149] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.149] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db\\*", lpFindFileData=0xc0001a1a08 | out: lpFindFileData=0xc0001a1a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.150] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x4c8, dwLanguageId=0x409, lpBuffer=0xc0001a1720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The requested operation cannot be performed on a file with a user-mapped section open.\r\n") returned 0x58 [0109.150] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.151] SetEvent (hEvent=0xb8) returned 1 [0109.151] SetEvent (hEvent=0x164) returned 1 [0109.151] VirtualFree (lpAddress=0xc000330000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0109.151] VirtualFree (lpAddress=0xc00032c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.152] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.152] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0109.152] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0109.153] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.153] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.153] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.154] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.154] VirtualFree (lpAddress=0xc00003e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0109.154] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0109.154] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0109.155] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00027dcf4 | out: lpMode=0xc00027dcf4) returned 0 [0109.156] GetFileType (hFile=0x180) returned 0x1 [0109.156] GetFileType (hFile=0x180) returned 0x1 [0109.156] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc00027dd44 | out: lpFileInformation=0xc00027dd44) returned 1 [0109.157] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc00027dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027dd28) returned 1 [0109.157] VirtualAlloc (lpAddress=0xc0007ec000, dwSize=0x102000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.157] VirtualAlloc (lpAddress=0xc0007ec000, dwSize=0x102000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.157] VirtualAlloc (lpAddress=0xc0007ec000, dwSize=0x81000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.157] VirtualAlloc (lpAddress=0xc0007ec000, dwSize=0x40000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.157] VirtualAlloc (lpAddress=0xc0007ec000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.157] VirtualAlloc (lpAddress=0xc0007ec000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ec000 [0109.157] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0xf2000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.158] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x79000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.158] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.158] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.158] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0xf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.158] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.158] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fc000 [0109.158] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0xef000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.158] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x77000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.158] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x3b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.158] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x1d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.158] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.158] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.158] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0109.159] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ff000 [0109.159] VirtualAlloc (lpAddress=0xc000800000, dwSize=0xee000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0109.182] ReadFile (in: hFile=0x180, lpBuffer=0xc0007ec000, nNumberOfBytesToRead=0x100200, lpNumberOfBytesRead=0xc00027dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0007ec000*, lpNumberOfBytesRead=0xc00027dc04*=0x100000, lpOverlapped=0x0) returned 1 [0109.197] ReadFile (in: hFile=0x180, lpBuffer=0xc0008ec000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0008ec000*, lpNumberOfBytesRead=0xc00027dc04*=0x0, lpOverlapped=0x0) returned 1 [0109.198] CloseHandle (hObject=0x180) returned 1 [0109.198] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0109.198] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0109.199] VirtualAlloc (lpAddress=0xc0008ee000, dwSize=0x102000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0008ee000 [0109.212] SwitchToThread () returned 1 [0109.213] SetEvent (hEvent=0xb8) returned 1 [0109.213] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.215] SetEvent (hEvent=0x15c) returned 1 [0109.215] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.247] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0109.247] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0109.248] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0109.248] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0109.248] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0109.248] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001d3cf4 | out: lpMode=0xc0001d3cf4) returned 0 [0109.256] GetFileType (hFile=0x1e4) returned 0x1 [0109.256] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0109.257] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0109.257] GetFileType (hFile=0x1e4) returned 0x1 [0109.257] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc0001d3d44 | out: lpFileInformation=0xc0001d3d44) returned 1 [0109.257] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc0001d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d3d28) returned 1 [0109.257] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0109.258] VirtualAlloc (lpAddress=0xc000312000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000312000 [0109.259] ReadFile (in: hFile=0x1e4, lpBuffer=0xc000312000, nNumberOfBytesToRead=0x10200, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000312000*, lpNumberOfBytesRead=0xc0001d3c04*=0x10000, lpOverlapped=0x0) returned 1 [0109.261] ReadFile (in: hFile=0x1e4, lpBuffer=0xc000322000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000322000*, lpNumberOfBytesRead=0xc0001d3c04*=0x0, lpOverlapped=0x0) returned 1 [0109.262] CloseHandle (hObject=0x1e4) returned 1 [0109.262] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0109.263] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.264] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat\\*", lpFindFileData=0xc0001d3a08 | out: lpFindFileData=0xc0001d3a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.264] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001d3720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0109.264] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0109.264] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0109.265] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0109.265] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000143cf4 | out: lpMode=0xc000143cf4) returned 0 [0109.270] GetFileType (hFile=0x1e4) returned 0x1 [0109.270] GetFileType (hFile=0x1e4) returned 0x1 [0109.270] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc000143d44 | out: lpFileInformation=0xc000143d44) returned 1 [0109.270] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc000143d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000143d28) returned 1 [0109.270] VirtualAlloc (lpAddress=0xc0002b8000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b8000 [0109.271] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0002b8000, nNumberOfBytesToRead=0x8200, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b8000*, lpNumberOfBytesRead=0xc000143c04*=0x8000, lpOverlapped=0x0) returned 1 [0109.555] SwitchToThread () returned 1 [0109.704] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.722] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0002c0000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002c0000*, lpNumberOfBytesRead=0xc000143c04*=0x0, lpOverlapped=0x0) returned 1 [0109.722] CloseHandle (hObject=0x1e4) returned 1 [0109.722] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0109.723] VirtualAlloc (lpAddress=0xc00032e000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032e000 [0109.724] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0109.724] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.724] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat\\*", lpFindFileData=0xc000143a08 | out: lpFindFileData=0xc000143a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0109.724] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000143720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0109.724] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0109.725] SetEvent (hEvent=0x9c) returned 1 [0109.725] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.739] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00003e2d0*, nNumberOfCharsToWrite=0x74, lpNumberOfCharsWritten=0xc0001d3808, lpReserved=0x0 | out: lpBuffer=0xc00003e2d0*, lpNumberOfCharsWritten=0xc0001d3808*=0x74) returned 1 [0109.745] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0501 | out: pbBuffer=0xc0000e0501) returned 1 [0109.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0109.746] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0001d3d64 | out: lpMode=0xc0001d3d64) returned 0 [0109.753] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.763] SetEvent (hEvent=0x108) returned 1 [0109.763] GetFileType (hFile=0x1e4) returned 0x1 [0109.763] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.775] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.775] SetEvent (hEvent=0x108) returned 1 [0109.775] SetEvent (hEvent=0x9c) returned 1 [0109.775] SetEvent (hEvent=0x15c) returned 1 [0109.775] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.786] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0109.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.MSO" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.mso"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.786] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.MSO\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x2dbf3370, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2dbf3370, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x2dbf3370, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0109.786] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x2dbf3370, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2dbf3370, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x2dbf3370, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0109.786] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0109.786] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0109.787] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.word"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xe7138400, ftCreationTime.dwHighDateTime=0x1d2e625, ftLastAccessTime.dwLowDateTime=0x32c0a7d0, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x32c0a7d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0109.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.word"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.787] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xe7138400, ftCreationTime.dwHighDateTime=0x1d2e625, ftLastAccessTime.dwLowDateTime=0x27b4c650, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x32c0a7d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0109.787] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xe7138400, ftCreationTime.dwHighDateTime=0x1d2e625, ftLastAccessTime.dwLowDateTime=0x27b4c650, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x32c0a7d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0109.787] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0109.787] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0109.788] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low"), fInfoLevelId=0x0, lpFileInformation=0xc0002215c8 | out: lpFileInformation=0xc0002215c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x51445650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51445650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0109.788] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.788] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\*", lpFindFileData=0xc000221380 | out: lpFindFileData=0xc000221380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x51445650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51445650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0109.788] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x51445650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51445650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0109.788] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f10630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f10630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f10630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AntiPhishing", cAlternateFileName="ANTIPH~1")) returned 1 [0109.788] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0109.789] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Content.IE5", cAlternateFileName="")) returned 1 [0109.789] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0109.789] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51445650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51445650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51445650, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSIMGSIZ.DAT", cAlternateFileName="")) returned 1 [0109.789] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002213b0 | out: lpFindFileData=0xc0002213b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0109.789] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0109.789] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f10630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f10630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f10630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0109.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.789] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0109.789] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0109.790] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\*", lpFindFileData=0xc0002212a8 | out: lpFindFileData=0xc0002212a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f10630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f10630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f10630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0109.790] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50f10630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f10630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f10630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0109.790] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50f10630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f10630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f10630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x47f94, dwReserved0=0x0, dwReserved1=0x0, cFileName="2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat", cAlternateFileName="2CEDBF~1.DAT")) returned 1 [0109.790] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0109.790] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0109.790] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0109.790] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0109.791] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0109.791] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\AntiPhishing\\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\antiphishing\\2cedbfbc-dba8-43aa-b1fd-cc8e6316e3e2.dat"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50f10630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50f10630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50f10630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x47f94)) returned 1 [0109.791] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5"), fInfoLevelId=0x0, lpFileInformation=0xc0002214f0 | out: lpFileInformation=0xc0002214f0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0109.804] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.806] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0109.806] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0109.806] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.807] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\*", lpFindFileData=0xc0002212a8 | out: lpFindFileData=0xc0002212a8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0109.807] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0109.807] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0109.807] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5137ebf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x5137ebf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="9QH4S0GZ", cAlternateFileName="")) returned 1 [0109.807] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x467cf930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x467cf930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ABV8L7MY", cAlternateFileName="")) returned 1 [0109.807] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0109.808] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x527ba6f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x527ba6f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IKQEEPZR", cAlternateFileName="")) returned 1 [0109.808] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x54000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0109.808] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50fa0830, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50fa0830, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="YG1R61Z8", cAlternateFileName="")) returned 1 [0109.808] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002212d8 | out: lpFindFileData=0xc0002212d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0109.808] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0109.808] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5137ebf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x5137ebf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0109.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0109.808] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\*", lpFindFileData=0xc0002211d0 | out: lpFindFileData=0xc0002211d0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5137ebf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x5137ebf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0109.839] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.846] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5137ebf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x5137ebf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0109.884] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.973] SetEvent (hEvent=0x108) returned 1 [0109.973] SetEvent (hEvent=0x188) returned 1 [0109.973] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0109.974] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.017] SetEvent (hEvent=0x108) returned 1 [0110.017] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.019] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0110.019] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0002cfcf4 | out: lpMode=0xc0002cfcf4) returned 0 [0110.022] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.023] GetFileType (hFile=0x128) returned 0x1 [0110.023] GetFileType (hFile=0x128) returned 0x1 [0110.023] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0002cfd44 | out: lpFileInformation=0xc0002cfd44) returned 1 [0110.023] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0002cfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002cfd28) returned 1 [0110.023] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0110.025] ReadFile (in: hFile=0x128, lpBuffer=0xc000076000, nNumberOfBytesToRead=0x391, lpNumberOfBytesRead=0xc0002cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000076000*, lpNumberOfBytesRead=0xc0002cfc04*=0x191, lpOverlapped=0x0) returned 1 [0110.027] ReadFile (in: hFile=0x128, lpBuffer=0xc000076191, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000076191*, lpNumberOfBytesRead=0xc0002cfc04*=0x0, lpOverlapped=0x0) returned 1 [0110.027] CloseHandle (hObject=0x128) returned 1 [0110.027] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0110.027] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0110.028] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.035] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0002cfd04 | out: lpMode=0xc0002cfd04) returned 0 [0110.041] GetFileType (hFile=0x1b4) returned 0x1 [0110.041] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0110.041] WriteFile (in: hFile=0x1b4, lpBuffer=0xc000036000*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0xc0002cfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesWritten=0xc0002cfcec*=0x1a0, lpOverlapped=0x0) returned 1 [0110.042] CloseHandle (hObject=0x1b4) returned 1 [0110.046] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0110.046] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0110.046] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0110.047] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0110.047] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0110.048] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.048] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0002cfd64 | out: lpMode=0xc0002cfd64) returned 0 [0110.051] GetFileType (hFile=0x128) returned 0x1 [0110.051] WriteFile (in: hFile=0x128, lpBuffer=0xc0001242c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002cfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001242c0*, lpNumberOfBytesWritten=0xc0002cfd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.051] CloseHandle (hObject=0x128) returned 1 [0110.058] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.067] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.090] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000161818, lpReserved=0x0 | out: lpBuffer=0xc000010080*, lpNumberOfCharsWritten=0xc000161818*=0x3) returned 1 [0110.093] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.095] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.097] SetEvent (hEvent=0x9c) returned 1 [0110.097] SetEvent (hEvent=0xb8) returned 1 [0110.097] SetEvent (hEvent=0x198) returned 1 [0110.097] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.109] VirtualFree (lpAddress=0xc0002ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.109] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.110] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0110.110] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.110] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.110] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.111] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.111] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.111] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.112] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.112] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.112] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.112] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.113] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.113] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.113] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010094*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc000010094*, lpNumberOfCharsWritten=0xc000247818*=0x3) returned 1 [0110.116] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.117] SetEvent (hEvent=0xb8) returned 1 [0110.117] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.129] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000269818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc000269818*=0x3) returned 1 [0110.131] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0110.132] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000feb40*, nNumberOfCharsToWrite=0x116, lpNumberOfCharsWritten=0xc0001d3808, lpReserved=0x0 | out: lpBuffer=0xc0000feb40*, lpNumberOfCharsWritten=0xc0001d3808*=0x116) returned 1 [0110.138] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0190*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000165818, lpReserved=0x0 | out: lpBuffer=0xc0000a0190*, lpNumberOfCharsWritten=0xc000165818*=0x3) returned 1 [0110.141] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002925a0*, nNumberOfCharsToWrite=0x85, lpNumberOfCharsWritten=0xc0006e1808, lpReserved=0x0 | out: lpBuffer=0xc0002925a0*, lpNumberOfCharsWritten=0xc0006e1808*=0x85) returned 1 [0110.147] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000b01 | out: pbBuffer=0xc000000b01) returned 1 [0110.147] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.147] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0110.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0110.148] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0110.150] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.152] SetEvent (hEvent=0xb8) returned 1 [0110.152] GetFileType (hFile=0x1e4) returned 0x1 [0110.152] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.156] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.156] CloseHandle (hObject=0x1e4) returned 1 [0110.156] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0110.157] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0110.157] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\encry-index.dat"), dwFlags=0x1) returned 0 [0110.157] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0006e16e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0110.157] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA54rQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa54rqj[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-AA54rQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-aa54rqj[1].png"), dwFlags=0x1) returned 1 [0110.268] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.268] VirtualFree (lpAddress=0xc000238000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.268] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.269] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.269] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.269] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00023f818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc00023f818*=0x2) returned 1 [0110.383] SetEvent (hEvent=0x108) returned 1 [0110.383] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.385] SetEvent (hEvent=0x108) returned 1 [0110.385] SetEvent (hEvent=0xfc) returned 1 [0110.385] SetEvent (hEvent=0x15c) returned 1 [0110.385] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.394] SetEvent (hEvent=0x108) returned 1 [0110.394] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.395] SetEvent (hEvent=0x108) returned 1 [0110.395] SetEvent (hEvent=0x120) returned 1 [0110.395] SetEvent (hEvent=0x164) returned 1 [0110.395] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.396] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.399] SetEvent (hEvent=0x108) returned 1 [0110.399] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.402] SetEvent (hEvent=0x108) returned 1 [0110.402] SetEvent (hEvent=0x164) returned 1 [0110.402] SetEvent (hEvent=0xfc) returned 1 [0110.402] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.404] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.406] SetEvent (hEvent=0x108) returned 1 [0110.407] SetEvent (hEvent=0xfc) returned 1 [0110.407] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.407] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000195818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000195818*=0x2) returned 1 [0110.409] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.410] SetEvent (hEvent=0xb8) returned 1 [0110.410] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.414] SetEvent (hEvent=0xb8) returned 1 [0110.414] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.416] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0110.417] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00023fcf4 | out: lpMode=0xc00023fcf4) returned 0 [0110.417] GetFileType (hFile=0x1b4) returned 0x1 [0110.418] GetFileType (hFile=0x1b4) returned 0x1 [0110.418] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc00023fd44 | out: lpFileInformation=0xc00023fd44) returned 1 [0110.418] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc00023fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023fd28) returned 1 [0110.418] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00006e000, nNumberOfBytesToRead=0x320, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesRead=0xc00023fc04*=0x120, lpOverlapped=0x0) returned 1 [0110.422] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00006e120, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e120*, lpNumberOfBytesRead=0xc00023fc04*=0x0, lpOverlapped=0x0) returned 1 [0110.422] CloseHandle (hObject=0x1b4) returned 1 [0110.422] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.427] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00023fd04 | out: lpMode=0xc00023fd04) returned 0 [0110.428] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.429] GetFileType (hFile=0x1b4) returned 0x1 [0110.429] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0003ca000*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0xc00023fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003ca000*, lpNumberOfBytesWritten=0xc00023fcec*=0x130, lpOverlapped=0x0) returned 1 [0110.430] CloseHandle (hObject=0x1b4) returned 1 [0110.433] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0110.434] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0110.434] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.434] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00023fd64 | out: lpMode=0xc00023fd64) returned 0 [0110.436] GetFileType (hFile=0x1b4) returned 0x1 [0110.436] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00023fd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.437] CloseHandle (hObject=0x1b4) returned 1 [0110.454] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB5kJAC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb5kjac[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BB5kJAC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bb5kjac[1].png"), dwFlags=0x1) returned 1 [0110.490] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0110.490] SetEvent (hEvent=0x108) returned 1 [0110.490] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.491] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0110.491] SetEvent (hEvent=0x108) returned 1 [0110.491] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.496] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.514] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.524] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.526] SetEvent (hEvent=0x13c) returned 1 [0110.527] SetEvent (hEvent=0x9c) returned 1 [0110.527] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0110.528] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.528] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.528] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0028*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00029b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0028*, lpNumberOfCharsWritten=0xc00029b818*=0x2) returned 1 [0110.530] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.537] SetEvent (hEvent=0xb8) returned 1 [0110.537] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0110.540] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00029bcf4 | out: lpMode=0xc00029bcf4) returned 0 [0110.541] GetFileType (hFile=0x1b4) returned 0x1 [0110.541] GetFileType (hFile=0x1b4) returned 0x1 [0110.541] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc00029bd44 | out: lpFileInformation=0xc00029bd44) returned 1 [0110.541] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc00029bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029bd28) returned 1 [0110.541] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0110.541] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0xb94, lpNumberOfBytesRead=0xc00029bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc00029bc04*=0x994, lpOverlapped=0x0) returned 1 [0110.543] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000fa994, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa994*, lpNumberOfBytesRead=0xc00029bc04*=0x0, lpOverlapped=0x0) returned 1 [0110.543] CloseHandle (hObject=0x1b4) returned 1 [0110.544] SwitchToThread () returned 1 [0110.546] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0110.546] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0110.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.549] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00029bd04 | out: lpMode=0xc00029bd04) returned 0 [0110.550] GetFileType (hFile=0x1b4) returned 0x1 [0110.550] WriteFile (in: hFile=0x1b4, lpBuffer=0xc000120000*, nNumberOfBytesToWrite=0x9a0, lpNumberOfBytesWritten=0xc00029bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesWritten=0xc00029bcec*=0x9a0, lpOverlapped=0x0) returned 1 [0110.551] CloseHandle (hObject=0x1b4) returned 1 [0110.551] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0401 | out: pbBuffer=0xc0000e0401) returned 1 [0110.552] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0110.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.552] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00029bd64 | out: lpMode=0xc00029bd64) returned 0 [0110.553] GetFileType (hFile=0x1b4) returned 0x1 [0110.553] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00029bd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.554] CloseHandle (hObject=0x1b4) returned 1 [0110.555] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBLhZX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbblhzx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBLhZX[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbblhzx[1].jpg"), dwFlags=0x1) returned 1 [0110.603] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0110.603] SetEvent (hEvent=0xfc) returned 1 [0110.604] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.605] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0110.606] SetEvent (hEvent=0xfc) returned 1 [0110.606] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.611] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.624] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.633] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.639] SetEvent (hEvent=0xb8) returned 1 [0110.639] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.639] SetEvent (hEvent=0xb8) returned 1 [0110.639] SetEvent (hEvent=0x9c) returned 1 [0110.639] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.640] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.640] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.640] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.641] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.641] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.641] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.642] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.642] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000167818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc000167818*=0x2) returned 1 [0110.644] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.650] SetEvent (hEvent=0x13c) returned 1 [0110.650] SetEvent (hEvent=0xb8) returned 1 [0110.650] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0110.651] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0110.651] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0110.652] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0002d7cf4 | out: lpMode=0xc0002d7cf4) returned 0 [0110.653] GetFileType (hFile=0x1bc) returned 0x1 [0110.653] GetFileType (hFile=0x1bc) returned 0x1 [0110.653] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0002d7d44 | out: lpFileInformation=0xc0002d7d44) returned 1 [0110.653] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0002d7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d7d28) returned 1 [0110.653] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0110.654] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x2036, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0002d7c04*=0x1e36, lpOverlapped=0x0) returned 1 [0110.657] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0002a5e36, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a5e36*, lpNumberOfBytesRead=0xc0002d7c04*=0x0, lpOverlapped=0x0) returned 1 [0110.657] CloseHandle (hObject=0x1bc) returned 1 [0110.657] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0110.657] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0110.658] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.662] SetEvent (hEvent=0xc0) returned 1 [0110.662] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0002d7d04 | out: lpMode=0xc0002d7d04) returned 0 [0110.662] GetFileType (hFile=0x1bc) returned 0x1 [0110.662] WriteFile (in: hFile=0x1bc, lpBuffer=0xc00005e000*, nNumberOfBytesToWrite=0x1e40, lpNumberOfBytesWritten=0xc0002d7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesWritten=0xc0002d7cec*=0x1e40, lpOverlapped=0x0) returned 1 [0110.663] CloseHandle (hObject=0x1bc) returned 1 [0110.664] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0201 | out: pbBuffer=0xc0000e0201) returned 1 [0110.664] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.664] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0110.664] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0002d7d64 | out: lpMode=0xc0002d7d64) returned 0 [0110.665] GetFileType (hFile=0x1bc) returned 0x1 [0110.665] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0002d7d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.665] CloseHandle (hObject=0x1bc) returned 1 [0110.666] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBPThN[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbpthn[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBPThN[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbpthn[1].jpg"), dwFlags=0x1) returned 1 [0110.700] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.701] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0110.701] SetEvent (hEvent=0xc0) returned 1 [0110.701] SetEvent (hEvent=0x13c) returned 1 [0110.701] SetEvent (hEvent=0xfc) returned 1 [0110.701] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.703] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.703] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0110.703] SetEvent (hEvent=0xfc) returned 1 [0110.703] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.709] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.726] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.740] SetEvent (hEvent=0x9c) returned 1 [0110.740] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.744] SetEvent (hEvent=0x9c) returned 1 [0110.744] SetEvent (hEvent=0xb8) returned 1 [0110.744] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.744] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.744] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.745] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.745] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000bb818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0000bb818*=0x2) returned 1 [0110.746] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.753] SetEvent (hEvent=0x13c) returned 1 [0110.753] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0110.756] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000bbcf4 | out: lpMode=0xc0000bbcf4) returned 0 [0110.756] GetFileType (hFile=0x128) returned 0x1 [0110.756] GetFileType (hFile=0x128) returned 0x1 [0110.757] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0000bbd44 | out: lpFileInformation=0xc0000bbd44) returned 1 [0110.757] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0000bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bbd28) returned 1 [0110.757] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0110.757] ReadFile (in: hFile=0x128, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0xca8, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc0000bbc04*=0xaa8, lpOverlapped=0x0) returned 1 [0110.761] ReadFile (in: hFile=0x128, lpBuffer=0xc00011caa8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011caa8*, lpNumberOfBytesRead=0xc0000bbc04*=0x0, lpOverlapped=0x0) returned 1 [0110.761] CloseHandle (hObject=0x128) returned 1 [0110.761] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0110.762] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.764] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000bbd04 | out: lpMode=0xc0000bbd04) returned 0 [0110.764] GetFileType (hFile=0x128) returned 0x1 [0110.764] WriteFile (in: hFile=0x128, lpBuffer=0xc000168000*, nNumberOfBytesToWrite=0xab0, lpNumberOfBytesWritten=0xc0000bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000168000*, lpNumberOfBytesWritten=0xc0000bbcec*=0xab0, lpOverlapped=0x0) returned 1 [0110.765] CloseHandle (hObject=0x128) returned 1 [0110.765] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0401 | out: pbBuffer=0xc0000e0401) returned 1 [0110.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.766] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000bbd64 | out: lpMode=0xc0000bbd64) returned 0 [0110.766] GetFileType (hFile=0x128) returned 0x1 [0110.766] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.766] CloseHandle (hObject=0x128) returned 1 [0110.767] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBVIzI[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbvizi[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBVIzI[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbvizi[1].jpg"), dwFlags=0x1) returned 1 [0110.799] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.800] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0110.800] SetEvent (hEvent=0xc0) returned 1 [0110.800] SetEvent (hEvent=0x13c) returned 1 [0110.800] SetEvent (hEvent=0xfc) returned 1 [0110.801] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.802] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.802] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0110.802] SetEvent (hEvent=0xfc) returned 1 [0110.802] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.807] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.825] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.833] SetEvent (hEvent=0x9c) returned 1 [0110.833] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.836] SetEvent (hEvent=0x9c) returned 1 [0110.836] SetEvent (hEvent=0xb8) returned 1 [0110.836] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0110.836] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0110.837] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.837] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.837] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.838] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001a7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc0001a7818*=0x2) returned 1 [0110.838] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.840] SetEvent (hEvent=0x13c) returned 1 [0110.840] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.842] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0110.843] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001a7cf4 | out: lpMode=0xc0001a7cf4) returned 0 [0110.844] GetFileType (hFile=0x128) returned 0x1 [0110.844] GetFileType (hFile=0x128) returned 0x1 [0110.844] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0001a7d44 | out: lpFileInformation=0xc0001a7d44) returned 1 [0110.844] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0001a7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a7d28) returned 1 [0110.844] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0110.845] ReadFile (in: hFile=0x128, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x26be, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0001a7c04*=0x24be, lpOverlapped=0x0) returned 1 [0110.853] ReadFile (in: hFile=0x128, lpBuffer=0xc0002a64be, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a64be*, lpNumberOfBytesRead=0xc0001a7c04*=0x0, lpOverlapped=0x0) returned 1 [0110.853] CloseHandle (hObject=0x128) returned 1 [0110.853] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0110.853] VirtualAlloc (lpAddress=0xc0002ae000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ae000 [0110.855] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.860] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0001a7d04 | out: lpMode=0xc0001a7d04) returned 0 [0110.861] GetFileType (hFile=0x128) returned 0x1 [0110.861] WriteFile (in: hFile=0x128, lpBuffer=0xc0002ae000*, nNumberOfBytesToWrite=0x24c0, lpNumberOfBytesWritten=0xc0001a7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002ae000*, lpNumberOfBytesWritten=0xc0001a7cec*=0x24c0, lpOverlapped=0x0) returned 1 [0110.862] CloseHandle (hObject=0x128) returned 1 [0110.864] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0401 | out: pbBuffer=0xc0000e0401) returned 1 [0110.864] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0110.865] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0110.865] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0110.865] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0110.866] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0110.866] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0110.866] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0001a7d64 | out: lpMode=0xc0001a7d64) returned 0 [0110.867] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.869] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0110.870] SetEvent (hEvent=0xfc) returned 1 [0110.870] GetFileType (hFile=0x1dc) returned 0x1 [0110.870] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0110.870] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0110.871] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0001c2000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c2000*, lpNumberOfBytesWritten=0xc0001a7d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.871] CloseHandle (hObject=0x1dc) returned 1 [0110.872] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.877] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBzxW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbzxw1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBzxW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbzxw1[1].jpg"), dwFlags=0x1) returned 1 [0110.908] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0110.908] SetEvent (hEvent=0xb8) returned 1 [0110.908] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.912] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.912] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0110.912] SetEvent (hEvent=0xb8) returned 1 [0110.912] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.920] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.920] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.930] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.936] SetEvent (hEvent=0xfc) returned 1 [0110.936] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.938] SetEvent (hEvent=0xfc) returned 1 [0110.938] SetEvent (hEvent=0x108) returned 1 [0110.938] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.938] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.938] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.939] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.939] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.939] VirtualFree (lpAddress=0xc00004e000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0110.940] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010050*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00022b818, lpReserved=0x0 | out: lpBuffer=0xc000010050*, lpNumberOfCharsWritten=0xc00022b818*=0x2) returned 1 [0110.942] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0110.976] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.015] SetEvent (hEvent=0x120) returned 1 [0111.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0111.016] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000187cf4 | out: lpMode=0xc000187cf4) returned 0 [0111.016] GetFileType (hFile=0x180) returned 0x1 [0111.016] GetFileType (hFile=0x180) returned 0x1 [0111.016] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc000187d44 | out: lpFileInformation=0xc000187d44) returned 1 [0111.016] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc000187d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000187d28) returned 1 [0111.017] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0111.017] ReadFile (in: hFile=0x180, lpBuffer=0xc0001e4000, nNumberOfBytesToRead=0xa3c, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e4000*, lpNumberOfBytesRead=0xc000187c04*=0x83c, lpOverlapped=0x0) returned 1 [0111.025] ReadFile (in: hFile=0x180, lpBuffer=0xc0001e483c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e483c*, lpNumberOfBytesRead=0xc000187c04*=0x0, lpOverlapped=0x0) returned 1 [0111.025] CloseHandle (hObject=0x180) returned 1 [0111.025] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0111.026] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0111.031] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000187d04 | out: lpMode=0xc000187d04) returned 0 [0111.032] GetFileType (hFile=0x1b0) returned 0x1 [0111.032] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x840, lpNumberOfBytesWritten=0xc000187cec, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc000187cec*=0x840, lpOverlapped=0x0) returned 1 [0111.033] CloseHandle (hObject=0x1b0) returned 1 [0111.034] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532b01 | out: pbBuffer=0xc000532b01) returned 1 [0111.034] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0111.034] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000187d64 | out: lpMode=0xc000187d64) returned 0 [0111.035] GetFileType (hFile=0x1b0) returned 0x1 [0111.036] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0001e2580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000187d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2580*, lpNumberOfBytesWritten=0xc000187d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.036] CloseHandle (hObject=0x1b0) returned 1 [0111.037] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0111.038] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBDRbsH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbdrbsh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBDRbsH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbdrbsh[1].jpg"), dwFlags=0x1) returned 1 [0111.106] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0111.106] SetEvent (hEvent=0xfc) returned 1 [0111.106] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0111.107] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.109] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.109] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0111.109] SetEvent (hEvent=0xfc) returned 1 [0111.109] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.113] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.113] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.129] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.140] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.154] SetEvent (hEvent=0xb8) returned 1 [0111.154] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.160] SetEvent (hEvent=0xb8) returned 1 [0111.160] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.163] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0111.164] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc000187cf4 | out: lpMode=0xc000187cf4) returned 0 [0111.165] GetFileType (hFile=0x1bc) returned 0x1 [0111.165] GetFileType (hFile=0x1bc) returned 0x1 [0111.165] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc000187d44 | out: lpFileInformation=0xc000187d44) returned 1 [0111.165] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc000187d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000187d28) returned 1 [0111.165] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0111.166] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x887, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc000187c04*=0x687, lpOverlapped=0x0) returned 1 [0111.168] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0000ee687, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000187c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee687*, lpNumberOfBytesRead=0xc000187c04*=0x0, lpOverlapped=0x0) returned 1 [0111.168] CloseHandle (hObject=0x1bc) returned 1 [0111.168] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0111.169] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0111.169] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.174] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000187d04 | out: lpMode=0xc000187d04) returned 0 [0111.175] GetFileType (hFile=0x1e4) returned 0x1 [0111.175] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000fa000*, nNumberOfBytesToWrite=0x690, lpNumberOfBytesWritten=0xc000187cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesWritten=0xc000187cec*=0x690, lpOverlapped=0x0) returned 1 [0111.177] CloseHandle (hObject=0x1e4) returned 1 [0111.178] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0111.178] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0111.178] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0111.179] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0111.179] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0111.180] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.180] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000187d64 | out: lpMode=0xc000187d64) returned 0 [0111.182] GetFileType (hFile=0x1e4) returned 0x1 [0111.182] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000187d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000187d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.183] CloseHandle (hObject=0x1e4) returned 1 [0111.184] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEdXJj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbedxjj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEdXJj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbedxjj[1].jpg"), dwFlags=0x1) returned 1 [0111.232] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.233] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.233] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0111.233] SetEvent (hEvent=0xfc) returned 1 [0111.233] SetEvent (hEvent=0xb8) returned 1 [0111.234] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.236] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.236] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0111.236] SetEvent (hEvent=0xb8) returned 1 [0111.236] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.242] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.242] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.262] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.274] SetEvent (hEvent=0x9c) returned 1 [0111.274] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.278] SetEvent (hEvent=0x9c) returned 1 [0111.278] SetEvent (hEvent=0x13c) returned 1 [0111.278] VirtualFree (lpAddress=0xc0002a4000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0111.279] VirtualFree (lpAddress=0xc00025a000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0111.279] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.279] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.280] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.280] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.280] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00013f818, lpReserved=0x0 | out: lpBuffer=0xc000060010*, lpNumberOfCharsWritten=0xc00013f818*=0x2) returned 1 [0111.283] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.289] SetEvent (hEvent=0xfc) returned 1 [0111.289] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0111.292] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00013fcf4 | out: lpMode=0xc00013fcf4) returned 0 [0111.293] GetFileType (hFile=0x1dc) returned 0x1 [0111.293] GetFileType (hFile=0x1dc) returned 0x1 [0111.293] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc00013fd44 | out: lpFileInformation=0xc00013fd44) returned 1 [0111.293] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc00013fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013fd28) returned 1 [0111.293] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0111.293] ReadFile (in: hFile=0x1dc, lpBuffer=0xc00007a000, nNumberOfBytesToRead=0xe0b, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesRead=0xc00013fc04*=0xc0b, lpOverlapped=0x0) returned 1 [0111.298] ReadFile (in: hFile=0x1dc, lpBuffer=0xc00007ac0b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007ac0b*, lpNumberOfBytesRead=0xc00013fc04*=0x0, lpOverlapped=0x0) returned 1 [0111.298] CloseHandle (hObject=0x1dc) returned 1 [0111.298] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0111.299] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0111.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.302] SetEvent (hEvent=0xc0) returned 1 [0111.302] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00013fd04 | out: lpMode=0xc00013fd04) returned 0 [0111.302] GetFileType (hFile=0x1dc) returned 0x1 [0111.302] WriteFile (in: hFile=0x1dc, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0xc10, lpNumberOfBytesWritten=0xc00013fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc00013fcec*=0xc10, lpOverlapped=0x0) returned 1 [0111.303] CloseHandle (hObject=0x1dc) returned 1 [0111.303] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082501 | out: pbBuffer=0xc000082501) returned 1 [0111.304] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0111.304] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.304] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00013fd64 | out: lpMode=0xc00013fd64) returned 0 [0111.305] GetFileType (hFile=0x1dc) returned 0x1 [0111.305] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00013fd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.305] CloseHandle (hObject=0x1dc) returned 1 [0111.306] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEfE6e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbefe6e[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEfE6e[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbefe6e[1].jpg"), dwFlags=0x1) returned 1 [0111.338] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.340] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0111.340] SetEvent (hEvent=0xc0) returned 1 [0111.340] SetEvent (hEvent=0xfc) returned 1 [0111.340] SetEvent (hEvent=0xb8) returned 1 [0111.340] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0111.341] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.347] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0111.347] SetEvent (hEvent=0xb8) returned 1 [0111.348] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.352] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.368] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.378] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.384] SetEvent (hEvent=0x9c) returned 1 [0111.384] SetEvent (hEvent=0x13c) returned 1 [0111.384] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.384] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.384] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.385] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.385] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.385] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.386] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.386] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.386] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000215818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc000215818*=0x2) returned 1 [0111.390] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.394] SetEvent (hEvent=0x13c) returned 1 [0111.394] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0111.394] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0111.395] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001b7cf4 | out: lpMode=0xc0001b7cf4) returned 0 [0111.396] GetFileType (hFile=0x180) returned 0x1 [0111.396] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0111.396] GetFileType (hFile=0x180) returned 0x1 [0111.396] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc0001b7d44 | out: lpFileInformation=0xc0001b7d44) returned 1 [0111.396] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc0001b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b7d28) returned 1 [0111.396] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0111.397] ReadFile (in: hFile=0x180, lpBuffer=0xc000050000, nNumberOfBytesToRead=0x9b0, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesRead=0xc0001b7c04*=0x7b0, lpOverlapped=0x0) returned 1 [0111.399] ReadFile (in: hFile=0x180, lpBuffer=0xc0000507b0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000507b0*, lpNumberOfBytesRead=0xc0001b7c04*=0x0, lpOverlapped=0x0) returned 1 [0111.399] CloseHandle (hObject=0x180) returned 1 [0111.399] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0111.399] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0111.400] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0111.400] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0111.400] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.404] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001b7d04 | out: lpMode=0xc0001b7d04) returned 0 [0111.405] GetFileType (hFile=0x180) returned 0x1 [0111.405] WriteFile (in: hFile=0x180, lpBuffer=0xc00006e000*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0xc0001b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesWritten=0xc0001b7cec*=0x7c0, lpOverlapped=0x0) returned 1 [0111.406] CloseHandle (hObject=0x180) returned 1 [0111.410] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0111.410] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0111.411] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0111.411] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0111.411] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.412] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0001b7d64 | out: lpMode=0xc0001b7d64) returned 0 [0111.412] GetFileType (hFile=0x180) returned 0x1 [0111.412] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.412] CloseHandle (hObject=0x180) returned 1 [0111.413] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgqtY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegqty[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEgqtY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbegqty[1].jpg"), dwFlags=0x1) returned 1 [0111.469] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.470] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0111.470] SetEvent (hEvent=0xc0) returned 1 [0111.470] SetEvent (hEvent=0xfc) returned 1 [0111.470] SetEvent (hEvent=0xb8) returned 1 [0111.470] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.472] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.472] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0111.472] SetEvent (hEvent=0xb8) returned 1 [0111.472] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.480] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.496] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.505] SetEvent (hEvent=0x9c) returned 1 [0111.505] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.507] SetEvent (hEvent=0x9c) returned 1 [0111.507] SetEvent (hEvent=0x13c) returned 1 [0111.507] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.508] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.508] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.508] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000247818*=0x2) returned 1 [0111.510] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.516] SetEvent (hEvent=0xfc) returned 1 [0111.516] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.520] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0111.521] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0111.522] GetFileType (hFile=0x1dc) returned 0x1 [0111.522] GetFileType (hFile=0x1dc) returned 0x1 [0111.522] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0111.522] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0111.522] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0111.523] ReadFile (in: hFile=0x1dc, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x3765, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc000247c04*=0x3565, lpOverlapped=0x0) returned 1 [0111.528] ReadFile (in: hFile=0x1dc, lpBuffer=0xc00025d565, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025d565*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0111.528] CloseHandle (hObject=0x1dc) returned 1 [0111.528] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0111.528] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.530] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000247d04 | out: lpMode=0xc000247d04) returned 0 [0111.530] GetFileType (hFile=0x1dc) returned 0x1 [0111.531] WriteFile (in: hFile=0x1dc, lpBuffer=0xc00025d800*, nNumberOfBytesToWrite=0x3570, lpNumberOfBytesWritten=0xc000247cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025d800*, lpNumberOfBytesWritten=0xc000247cec*=0x3570, lpOverlapped=0x0) returned 1 [0111.532] CloseHandle (hObject=0x1dc) returned 1 [0111.532] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0111.532] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0111.534] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0111.534] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0111.535] GetFileType (hFile=0x1dc) returned 0x1 [0111.535] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0111.535] CloseHandle (hObject=0x1dc) returned 1 [0111.535] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBEgyIm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbegyim[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBEgyIm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbegyim[1].jpg"), dwFlags=0x1) returned 1 [0111.563] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.563] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0111.563] SetEvent (hEvent=0xfc) returned 1 [0111.564] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.566] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.568] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0111.568] SetEvent (hEvent=0xb8) returned 1 [0111.568] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.571] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.601] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.662] SetEvent (hEvent=0xfc) returned 1 [0111.662] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.669] SetEvent (hEvent=0xfc) returned 1 [0111.669] SetEvent (hEvent=0x164) returned 1 [0111.669] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.670] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.670] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.670] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.671] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.671] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.671] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.671] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0111.672] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.672] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000c7818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc0000c7818*=0x2) returned 1 [0111.673] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.680] SetEvent (hEvent=0x164) returned 1 [0111.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0111.681] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0000bdcf4 | out: lpMode=0xc0000bdcf4) returned 0 [0111.681] GetFileType (hFile=0x1bc) returned 0x1 [0111.681] GetFileType (hFile=0x1bc) returned 0x1 [0111.681] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0000bdd44 | out: lpFileInformation=0xc0000bdd44) returned 1 [0111.681] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0000bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bdd28) returned 1 [0111.681] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0111.682] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x9b1, lpNumberOfBytesRead=0xc0000bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc0000bdc04*=0x7b1, lpOverlapped=0x0) returned 1 [0111.685] ReadFile (in: hFile=0x1bc, lpBuffer=0xc0000367b1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000367b1*, lpNumberOfBytesRead=0xc0000bdc04*=0x0, lpOverlapped=0x0) returned 1 [0111.685] CloseHandle (hObject=0x1bc) returned 1 [0111.685] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0111.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0111.694] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0000bdd04 | out: lpMode=0xc0000bdd04) returned 0 [0111.695] GetFileType (hFile=0x1bc) returned 0x1 [0111.695] WriteFile (in: hFile=0x1bc, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0xc0000bdcec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc0000bdcec*=0x7c0, lpOverlapped=0x0) returned 1 [0111.696] CloseHandle (hObject=0x1bc) returned 1 [0111.696] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0111.696] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0111.697] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0111.697] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0000bdd64 | out: lpMode=0xc0000bdd64) returned 0 [0111.698] GetFileType (hFile=0x1bc) returned 0x1 [0111.698] WriteFile (in: hFile=0x1bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.698] CloseHandle (hObject=0x1bc) returned 1 [0111.699] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\containertag[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-containertag[1].js"), dwFlags=0x1) returned 1 [0111.737] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.737] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0111.737] SetEvent (hEvent=0x13c) returned 1 [0111.737] SetEvent (hEvent=0x9c) returned 1 [0111.737] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0111.739] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.742] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.742] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0111.742] SetEvent (hEvent=0x9c) returned 1 [0111.743] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0111.748] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.749] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.769] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.777] SetEvent (hEvent=0xfc) returned 1 [0111.777] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.779] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0111.780] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1bc [0111.780] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0111.781] GetFileType (hFile=0x1bc) returned 0x1 [0111.781] GetFileType (hFile=0x1bc) returned 0x1 [0111.781] GetFileInformationByHandle (in: hFile=0x1bc, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0111.781] GetFileInformationByHandleEx (in: hFile=0x1bc, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0111.781] ReadFile (in: hFile=0x1bc, lpBuffer=0xc000072000, nNumberOfBytesToRead=0x21c, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfBytesRead=0xc0006ddc04*=0x1c, lpOverlapped=0x0) returned 1 [0111.787] ReadFile (in: hFile=0x1bc, lpBuffer=0xc00007201c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007201c*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0111.787] CloseHandle (hObject=0x1bc) returned 1 [0111.787] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0111.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1bc [0111.790] SetEvent (hEvent=0xc0) returned 1 [0111.790] GetConsoleMode (in: hConsoleHandle=0x1bc, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0111.790] GetFileType (hFile=0x1bc) returned 0x1 [0111.790] WriteFile (in: hFile=0x1bc, lpBuffer=0xc00000e1e0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc00000e1e0*, lpNumberOfBytesWritten=0xc0006ddcec*=0x20, lpOverlapped=0x0) returned 1 [0111.791] CloseHandle (hObject=0x1bc) returned 1 [0111.792] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0111.792] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0111.793] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0111.793] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.793] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0111.794] GetFileType (hFile=0x1e4) returned 0x1 [0111.794] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.794] CloseHandle (hObject=0x1e4) returned 1 [0111.795] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0111.796] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0111.796] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0111.797] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\advertisement.ad[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\advertisement.ad[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-advertisement.ad[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-advertisement.ad[1].js"), dwFlags=0x1) returned 1 [0111.828] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.828] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0111.828] SetEvent (hEvent=0xc0) returned 1 [0111.828] SetEvent (hEvent=0xfc) returned 1 [0111.828] SetEvent (hEvent=0x13c) returned 1 [0111.829] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0111.830] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.834] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0111.836] SetEvent (hEvent=0x13c) returned 1 [0111.836] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.837] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.858] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.871] SetEvent (hEvent=0x164) returned 1 [0111.871] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.875] SetEvent (hEvent=0x164) returned 1 [0111.875] SetEvent (hEvent=0xb8) returned 1 [0111.875] VirtualFree (lpAddress=0xc000160000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0111.876] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0111.876] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.876] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.877] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0111.877] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0004df818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc0004df818*=0x2) returned 1 [0111.880] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.887] SetEvent (hEvent=0xfc) returned 1 [0111.887] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0111.890] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0111.891] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0111.891] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0004dfcf4 | out: lpMode=0xc0004dfcf4) returned 0 [0111.892] GetFileType (hFile=0x1e4) returned 0x1 [0111.892] GetFileType (hFile=0x1e4) returned 0x1 [0111.892] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc0004dfd44 | out: lpFileInformation=0xc0004dfd44) returned 1 [0111.892] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc0004dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dfd28) returned 1 [0111.892] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0111.894] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0002e2000, nNumberOfBytesToRead=0x1413f, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesRead=0xc0004dfc04*=0x13f3f, lpOverlapped=0x0) returned 1 [0111.897] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0002f5f3f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f5f3f*, lpNumberOfBytesRead=0xc0004dfc04*=0x0, lpOverlapped=0x0) returned 1 [0111.897] CloseHandle (hObject=0x1e4) returned 1 [0111.897] SwitchToThread () returned 1 [0111.900] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0111.901] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0111.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.906] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0004dfd04 | out: lpMode=0xc0004dfd04) returned 0 [0111.907] GetFileType (hFile=0x1e4) returned 0x1 [0111.907] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0x13f40, lpNumberOfBytesWritten=0xc0004dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc0004dfcec*=0x13f40, lpOverlapped=0x0) returned 1 [0111.910] CloseHandle (hObject=0x1e4) returned 1 [0111.910] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0111.910] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0111.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0111.911] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0004dfd64 | out: lpMode=0xc0004dfd64) returned 0 [0111.912] GetFileType (hFile=0x1e4) returned 0x1 [0111.912] WriteFile (in: hFile=0x1e4, lpBuffer=0xc0000582c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000582c0*, lpNumberOfBytesWritten=0xc0004dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.912] CloseHandle (hObject=0x1e4) returned 1 [0111.914] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\cb=gapi[1].loaded_1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-cb=gapi[1].loaded_1"), dwFlags=0x1) returned 1 [0111.954] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0111.954] SetEvent (hEvent=0xfc) returned 1 [0111.954] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.955] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0111.955] SetEvent (hEvent=0xfc) returned 1 [0111.955] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0111.958] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0111.958] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00027fcf4 | out: lpMode=0xc00027fcf4) returned 0 [0111.959] GetFileType (hFile=0x180) returned 0x1 [0111.959] GetFileType (hFile=0x180) returned 0x1 [0111.959] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc00027fd44 | out: lpFileInformation=0xc00027fd44) returned 1 [0111.959] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc00027fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027fd28) returned 1 [0111.959] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0111.959] ReadFile (in: hFile=0x180, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc00027fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc00027fc04*=0x43, lpOverlapped=0x0) returned 1 [0111.960] ReadFile (in: hFile=0x180, lpBuffer=0xc000036043, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000036043*, lpNumberOfBytesRead=0xc00027fc04*=0x0, lpOverlapped=0x0) returned 1 [0111.961] CloseHandle (hObject=0x180) returned 1 [0111.961] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0111.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0111.962] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini\\*", lpFindFileData=0xc00027fa08 | out: lpFindFileData=0xc00027fa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0111.962] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00027f720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0111.962] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003ca000*, nNumberOfCharsToWrite=0x94, lpNumberOfCharsWritten=0xc00027f808, lpReserved=0x0 | out: lpBuffer=0xc0003ca000*, lpNumberOfCharsWritten=0xc00027f808*=0x94) returned 1 [0111.965] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000b01 | out: pbBuffer=0xc000000b01) returned 1 [0111.965] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0111.965] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0111.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0111.966] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00027fd64 | out: lpMode=0xc00027fd64) returned 0 [0111.967] GetFileType (hFile=0x180) returned 0x1 [0111.967] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00027fd4c*=0x158, lpOverlapped=0x0) returned 1 [0111.967] CloseHandle (hObject=0x180) returned 1 [0111.968] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0112.029] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.029] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0112.029] SetEvent (hEvent=0x9c) returned 1 [0112.029] SetEvent (hEvent=0xb8) returned 1 [0112.030] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.037] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0112.037] SetEvent (hEvent=0xb8) returned 1 [0112.038] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.042] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.042] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.081] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.094] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.111] SetEvent (hEvent=0x9c) returned 1 [0112.112] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.113] SetEvent (hEvent=0x9c) returned 1 [0112.113] SetEvent (hEvent=0x13c) returned 1 [0112.113] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.113] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.113] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.114] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.114] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.114] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.115] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.115] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.115] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.115] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.116] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0112.116] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.116] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0006dd818*=0x2) returned 1 [0112.120] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.129] SetEvent (hEvent=0xfc) returned 1 [0112.129] SetEvent (hEvent=0x13c) returned 1 [0112.129] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\latest[1].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0112.130] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00022dcf4 | out: lpMode=0xc00022dcf4) returned 0 [0112.130] GetFileType (hFile=0x180) returned 0x1 [0112.130] GetFileType (hFile=0x180) returned 0x1 [0112.130] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc00022dd44 | out: lpFileInformation=0xc00022dd44) returned 1 [0112.131] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc00022dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022dd28) returned 1 [0112.131] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0112.132] ReadFile (in: hFile=0x180, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x8ae7, lpNumberOfBytesRead=0xc00022dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc00022dc04*=0x88e7, lpOverlapped=0x0) returned 1 [0112.134] ReadFile (in: hFile=0x180, lpBuffer=0xc0002388e7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002388e7*, lpNumberOfBytesRead=0xc00022dc04*=0x0, lpOverlapped=0x0) returned 1 [0112.135] CloseHandle (hObject=0x180) returned 1 [0112.135] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0112.135] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0112.136] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\latest[1].eot"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0112.143] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00022dd04 | out: lpMode=0xc00022dd04) returned 0 [0112.144] GetFileType (hFile=0x180) returned 0x1 [0112.145] WriteFile (in: hFile=0x180, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x88f0, lpNumberOfBytesWritten=0xc00022dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc00022dcec*=0x88f0, lpOverlapped=0x0) returned 1 [0112.146] CloseHandle (hObject=0x180) returned 1 [0112.147] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0112.147] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0112.148] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0112.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\latest[1].eot"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0112.148] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc00022dd64 | out: lpMode=0xc00022dd64) returned 0 [0112.149] GetFileType (hFile=0x180) returned 0x1 [0112.149] WriteFile (in: hFile=0x180, lpBuffer=0xc000070000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesWritten=0xc00022dd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.150] CloseHandle (hObject=0x180) returned 1 [0112.151] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\latest[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-latest[1].eot"), dwFlags=0x1) returned 1 [0112.190] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0112.190] SetEvent (hEvent=0xfc) returned 1 [0112.191] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.195] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.195] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0112.195] SetEvent (hEvent=0xfc) returned 1 [0112.195] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.198] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.215] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.226] SetEvent (hEvent=0x13c) returned 1 [0112.226] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.234] SetEvent (hEvent=0x13c) returned 1 [0112.234] SetEvent (hEvent=0xb8) returned 1 [0112.234] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00019f818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc00019f818*=0x2) returned 1 [0112.238] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.261] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.266] SetEvent (hEvent=0x9c) returned 1 [0112.266] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.269] SetEvent (hEvent=0x9c) returned 1 [0112.269] SetEvent (hEvent=0x13c) returned 1 [0112.269] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0112.270] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.270] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.270] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.270] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.271] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.271] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010050*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc000010050*, lpNumberOfCharsWritten=0xc0006e1818*=0x2) returned 1 [0112.275] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.286] SetEvent (hEvent=0xfc) returned 1 [0112.286] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.293] SetEvent (hEvent=0xfc) returned 1 [0112.293] SwitchToThread () returned 1 [0112.340] SetEvent (hEvent=0xfc) returned 1 [0112.340] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.342] SwitchToThread () returned 1 [0112.350] SetEvent (hEvent=0xfc) returned 1 [0112.350] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0112.351] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0112.352] GetFileType (hFile=0x1e4) returned 0x1 [0112.352] GetFileType (hFile=0x1e4) returned 0x1 [0112.352] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0112.352] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0112.352] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0112.353] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00005a000, nNumberOfBytesToRead=0x452, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesRead=0xc0006ddc04*=0x252, lpOverlapped=0x0) returned 1 [0112.363] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00005a252, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a252*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0112.364] CloseHandle (hObject=0x1e4) returned 1 [0112.364] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0112.364] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0112.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0112.372] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.396] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0112.402] GetFileType (hFile=0x180) returned 0x1 [0112.403] WriteFile (in: hFile=0x180, lpBuffer=0xc00006e000*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesWritten=0xc0006ddcec*=0x260, lpOverlapped=0x0) returned 1 [0112.404] CloseHandle (hObject=0x180) returned 1 [0112.407] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0112.407] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0112.408] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0112.408] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0112.409] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0112.409] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0112.416] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.422] GetFileType (hFile=0x1b4) returned 0x1 [0112.422] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0112.423] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000fe000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.423] CloseHandle (hObject=0x1b4) returned 1 [0112.427] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.437] VirtualAlloc (lpAddress=0xc000166000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000166000 [0112.438] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0112.438] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA42pjY[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa42pjy[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-AA42pjY[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-aa42pjy[1].png"), dwFlags=0x1) returned 1 [0112.517] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0112.517] SetEvent (hEvent=0xf4) returned 1 [0112.517] VirtualAlloc (lpAddress=0xc00030a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030a000 [0112.518] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.519] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.519] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0112.519] SetEvent (hEvent=0xf4) returned 1 [0112.519] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.537] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.541] SetEvent (hEvent=0xfc) returned 1 [0112.541] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.542] SetEvent (hEvent=0xfc) returned 1 [0112.542] SetEvent (hEvent=0xf4) returned 1 [0112.542] VirtualFree (lpAddress=0xc00030a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.542] VirtualFree (lpAddress=0xc000290000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.542] VirtualFree (lpAddress=0xc000222000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.543] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.543] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.543] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.543] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.544] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.544] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.544] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.544] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.545] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.545] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.545] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000102010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc000102010*, lpNumberOfCharsWritten=0xc0006e1818*=0x3) returned 1 [0112.546] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.548] SetEvent (hEvent=0xb8) returned 1 [0112.548] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.550] SetEvent (hEvent=0xb8) returned 1 [0112.550] SwitchToThread () returned 1 [0112.551] SetEvent (hEvent=0xf4) returned 1 [0112.551] VirtualAlloc (lpAddress=0xc00031a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031a000 [0112.551] SetEvent (hEvent=0xb8) returned 1 [0112.551] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0112.552] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0112.553] GetFileType (hFile=0x180) returned 0x1 [0112.553] GetFileType (hFile=0x180) returned 0x1 [0112.553] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0112.553] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0112.553] VirtualAlloc (lpAddress=0xc000382000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000382000 [0112.553] ReadFile (in: hFile=0x180, lpBuffer=0xc000382000, nNumberOfBytesToRead=0x4e3, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000382000*, lpNumberOfBytesRead=0xc0006e1c04*=0x2e3, lpOverlapped=0x0) returned 1 [0112.561] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.564] ReadFile (in: hFile=0x180, lpBuffer=0xc0003822e3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003822e3*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0112.564] CloseHandle (hObject=0x180) returned 1 [0112.564] VirtualAlloc (lpAddress=0xc000384000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000384000 [0112.564] VirtualAlloc (lpAddress=0xc000386000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000386000 [0112.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0112.575] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.576] SetEvent (hEvent=0xb8) returned 1 [0112.577] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0112.578] GetFileType (hFile=0x1d4) returned 0x1 [0112.578] WriteFile (in: hFile=0x1d4, lpBuffer=0xc000386000*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000386000*, lpNumberOfBytesWritten=0xc0006e1cec*=0x2f0, lpOverlapped=0x0) returned 1 [0112.579] CloseHandle (hObject=0x1d4) returned 1 [0112.582] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0112.582] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0112.583] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0112.583] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0112.584] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0112.584] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0112.584] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1d4 [0112.585] GetConsoleMode (in: hConsoleHandle=0x1d4, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0112.587] GetFileType (hFile=0x1d4) returned 0x1 [0112.587] WriteFile (in: hFile=0x1d4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0112.587] CloseHandle (hObject=0x1d4) returned 1 [0112.588] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AAkhMz9[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aakhmz9[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-AAkhMz9[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-aakhmz9[2].png"), dwFlags=0x1) returned 1 [0112.729] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0112.730] SetEvent (hEvent=0x9c) returned 1 [0112.730] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0112.731] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.734] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.734] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.737] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0112.737] SetEvent (hEvent=0x120) returned 1 [0112.737] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.742] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.742] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.768] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.781] SetEvent (hEvent=0x108) returned 1 [0112.781] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.787] SetEvent (hEvent=0x108) returned 1 [0112.787] SetEvent (hEvent=0x114) returned 1 [0112.787] VirtualFree (lpAddress=0xc000398000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.788] VirtualFree (lpAddress=0xc000390000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.788] VirtualFree (lpAddress=0xc00033c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0112.788] VirtualFree (lpAddress=0xc000336000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.789] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.789] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586198*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00018d818, lpReserved=0x0 | out: lpBuffer=0xc000586198*, lpNumberOfCharsWritten=0xc00018d818*=0x2) returned 1 [0112.791] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.802] SetEvent (hEvent=0x9c) returned 1 [0112.802] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.806] SetEvent (hEvent=0x9c) returned 1 [0112.806] SwitchToThread () returned 1 [0112.806] SetEvent (hEvent=0x114) returned 1 [0112.806] VirtualAlloc (lpAddress=0xc000340000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000340000 [0112.807] VirtualAlloc (lpAddress=0xc000342000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000342000 [0112.807] SetEvent (hEvent=0x9c) returned 1 [0112.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0112.808] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00018dcf4 | out: lpMode=0xc00018dcf4) returned 0 [0112.808] GetFileType (hFile=0x1b0) returned 0x1 [0112.808] GetFileType (hFile=0x1b0) returned 0x1 [0112.809] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00018dd44 | out: lpFileInformation=0xc00018dd44) returned 1 [0112.809] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00018dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018dd28) returned 1 [0112.809] VirtualAlloc (lpAddress=0xc0003a6000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a6000 [0112.809] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0003a6000, nNumberOfBytesToRead=0x2cc7, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003a6000*, lpNumberOfBytesRead=0xc00018dc04*=0x2ac7, lpOverlapped=0x0) returned 1 [0112.819] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0003a8ac7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003a8ac7*, lpNumberOfBytesRead=0xc00018dc04*=0x0, lpOverlapped=0x0) returned 1 [0112.819] CloseHandle (hObject=0x1b0) returned 1 [0112.819] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0112.820] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0112.820] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0112.821] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0112.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0112.829] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc00018dd04 | out: lpMode=0xc00018dd04) returned 0 [0112.830] GetFileType (hFile=0x128) returned 0x1 [0112.830] WriteFile (in: hFile=0x128, lpBuffer=0xc000054000*, nNumberOfBytesToWrite=0x2ad0, lpNumberOfBytesWritten=0xc00018dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesWritten=0xc00018dcec*=0x2ad0, lpOverlapped=0x0) returned 1 [0112.831] CloseHandle (hObject=0x128) returned 1 [0112.832] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0112.833] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0112.833] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0112.834] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0112.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0112.834] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00018dd64 | out: lpMode=0xc00018dd64) returned 0 [0112.836] GetFileType (hFile=0x1b0) returned 0x1 [0112.836] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00018dd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.836] CloseHandle (hObject=0x1b0) returned 1 [0112.840] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBCFjo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbcfjo[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBCFjo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbcfjo[1].jpg"), dwFlags=0x1) returned 1 [0112.877] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0112.877] SetEvent (hEvent=0x120) returned 1 [0112.877] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0112.878] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.882] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.882] SetEvent (hEvent=0x198) returned 1 [0112.882] SetEvent (hEvent=0x164) returned 1 [0112.882] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.883] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.883] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.884] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.884] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0112.885] SetEvent (hEvent=0x114) returned 1 [0112.885] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.885] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.885] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.886] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0112.886] SetEvent (hEvent=0x164) returned 1 [0112.887] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.891] SetEvent (hEvent=0x198) returned 1 [0112.891] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.895] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.897] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0112.897] SetEvent (hEvent=0x164) returned 1 [0112.897] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.898] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.900] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0112.900] SetEvent (hEvent=0xb8) returned 1 [0112.900] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.903] SetEvent (hEvent=0x198) returned 1 [0112.903] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.907] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.907] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0112.908] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0112.908] SetEvent (hEvent=0xc0) returned 1 [0112.908] SetEvent (hEvent=0xb8) returned 1 [0112.908] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0112.910] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.910] VirtualFree (lpAddress=0xc00032e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.910] VirtualFree (lpAddress=0xc000320000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.911] VirtualFree (lpAddress=0xc000074000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.911] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000040018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000205818, lpReserved=0x0 | out: lpBuffer=0xc000040018*, lpNumberOfCharsWritten=0xc000205818*=0x2) returned 1 [0112.916] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.919] SetEvent (hEvent=0x9c) returned 1 [0112.919] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.921] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0112.922] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00011bcf4 | out: lpMode=0xc00011bcf4) returned 0 [0112.923] GetFileType (hFile=0x1b0) returned 0x1 [0112.923] GetFileType (hFile=0x1b0) returned 0x1 [0112.923] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00011bd44 | out: lpFileInformation=0xc00011bd44) returned 1 [0112.923] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00011bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00011bd28) returned 1 [0112.923] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0112.926] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x221eb, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc00011bc04*=0x21feb, lpOverlapped=0x0) returned 1 [0112.935] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0002c5feb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002c5feb*, lpNumberOfBytesRead=0xc00011bc04*=0x0, lpOverlapped=0x0) returned 1 [0112.935] CloseHandle (hObject=0x1b0) returned 1 [0112.935] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0112.936] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0112.936] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0112.937] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x22000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0112.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0112.942] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00011bd04 | out: lpMode=0xc00011bd04) returned 0 [0112.948] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0112.951] GetFileType (hFile=0x1b0) returned 0x1 [0112.951] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0002e2000*, nNumberOfBytesToWrite=0x21ff0, lpNumberOfBytesWritten=0xc00011bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesWritten=0xc00011bcec*=0x21ff0, lpOverlapped=0x0) returned 1 [0112.955] CloseHandle (hObject=0x1b0) returned 1 [0112.955] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000b01 | out: pbBuffer=0xc000000b01) returned 1 [0112.955] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0112.955] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00011bd64 | out: lpMode=0xc00011bd64) returned 0 [0112.958] GetFileType (hFile=0x1b0) returned 0x1 [0112.958] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00037a580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00011bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00037a580*, lpNumberOfBytesWritten=0xc00011bd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.958] CloseHandle (hObject=0x1b0) returned 1 [0112.959] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBPS37[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbps37[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBPS37[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbps37[1].png"), dwFlags=0x1) returned 1 [0113.032] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0113.032] SetEvent (hEvent=0x13c) returned 1 [0113.032] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0113.034] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.036] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0113.036] SetEvent (hEvent=0x13c) returned 1 [0113.036] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.045] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0114.139] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0114.139] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1dc [0114.140] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc00026dcf4 | out: lpMode=0xc00026dcf4) returned 0 [0114.143] GetFileType (hFile=0x1dc) returned 0x1 [0114.143] GetFileType (hFile=0x1dc) returned 0x1 [0114.143] GetFileInformationByHandle (in: hFile=0x1dc, lpFileInformation=0xc00026dd44 | out: lpFileInformation=0xc00026dd44) returned 1 [0114.143] GetFileInformationByHandleEx (in: hFile=0x1dc, FileInformationClass=0x9, lpFileInformation=0xc00026dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026dd28) returned 1 [0114.143] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0114.144] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0000fc000, nNumberOfBytesToRead=0x3a8f, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc000*, lpNumberOfBytesRead=0xc00026dc04*=0x388f, lpOverlapped=0x0) returned 1 [0114.157] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0114.205] ReadFile (in: hFile=0x1dc, lpBuffer=0xc0000ff88f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ff88f*, lpNumberOfBytesRead=0xc00026dc04*=0x0, lpOverlapped=0x0) returned 1 [0114.205] CloseHandle (hObject=0x1dc) returned 1 [0114.205] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0114.206] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0114.228] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0114.277] GetConsoleMode (in: hConsoleHandle=0x1e0, lpMode=0xc00026dd04 | out: lpMode=0xc00026dd04) returned 0 [0114.278] GetFileType (hFile=0x1e0) returned 0x1 [0114.278] WriteFile (in: hFile=0x1e0, lpBuffer=0xc00024e000*, nNumberOfBytesToWrite=0x3890, lpNumberOfBytesWritten=0xc00026dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00024e000*, lpNumberOfBytesWritten=0xc00026dcec*=0x3890, lpOverlapped=0x0) returned 1 [0114.280] CloseHandle (hObject=0x1e0) returned 1 [0114.283] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0114.283] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0114.283] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0114.283] GetConsoleMode (in: hConsoleHandle=0x1f0, lpMode=0xc00026dd64 | out: lpMode=0xc00026dd64) returned 0 [0114.284] GetFileType (hFile=0x1f0) returned 0x1 [0114.284] WriteFile (in: hFile=0x1f0, lpBuffer=0xc00007cc60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007cc60*, lpNumberOfBytesWritten=0xc00026dd4c*=0x158, lpOverlapped=0x0) returned 1 [0114.285] CloseHandle (hObject=0x1f0) returned 1 [0114.290] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0114.365] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIl2[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegil2[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEgIl2[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbegil2[2].jpg"), dwFlags=0x1) returned 1 [0114.513] SetEvent (hEvent=0x1f8) returned 1 [0114.513] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0115.652] SetEvent (hEvent=0x8c) returned 1 [0115.652] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0115.664] SetEvent (hEvent=0xb8) returned 1 [0115.664] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0115.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x214 [0115.668] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc00020bcf4 | out: lpMode=0xc00020bcf4) returned 0 [0115.669] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0115.814] GetFileType (hFile=0x214) returned 0x1 [0115.814] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0115.814] GetFileType (hFile=0x214) returned 0x1 [0115.814] GetFileInformationByHandle (in: hFile=0x214, lpFileInformation=0xc00020bd44 | out: lpFileInformation=0xc00020bd44) returned 1 [0115.815] GetFileInformationByHandleEx (in: hFile=0x214, FileInformationClass=0x9, lpFileInformation=0xc00020bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020bd28) returned 1 [0115.815] ReadFile (in: hFile=0x214, lpBuffer=0xc000222a80, nNumberOfBytesToRead=0xa78, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000222a80*, lpNumberOfBytesRead=0xc00020bc04*=0x878, lpOverlapped=0x0) returned 1 [0115.819] ReadFile (in: hFile=0x214, lpBuffer=0xc0002232f8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002232f8*, lpNumberOfBytesRead=0xc00020bc04*=0x0, lpOverlapped=0x0) returned 1 [0115.819] CloseHandle (hObject=0x214) returned 1 [0115.819] VirtualAlloc (lpAddress=0xc000314000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000314000 [0115.820] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0115.883] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0115.944] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc00020bd04 | out: lpMode=0xc00020bd04) returned 0 [0115.948] SetEvent (hEvent=0x1e8) returned 1 [0115.948] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0116.113] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0116.113] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0116.114] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0116.235] GetFileType (hFile=0x2e8) returned 0x1 [0116.235] GetFileType (hFile=0x2e8) returned 0x1 [0116.235] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0116.235] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0116.235] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000e4000, nNumberOfBytesToRead=0x2f04, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesRead=0xc000175c04*=0x2d04, lpOverlapped=0x0) returned 1 [0116.241] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0116.245] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000e6d04, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e6d04*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0116.246] CloseHandle (hObject=0x2e8) returned 1 [0116.246] VirtualAlloc (lpAddress=0xc00036e000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036e000 [0116.247] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x304 [0116.341] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0116.344] GetConsoleMode (in: hConsoleHandle=0x304, lpMode=0xc000175d04 | out: lpMode=0xc000175d04) returned 0 [0116.345] GetFileType (hFile=0x304) returned 0x1 [0116.345] WriteFile (in: hFile=0x304, lpBuffer=0xc00036e000*, nNumberOfBytesToWrite=0x2d10, lpNumberOfBytesWritten=0xc000175cec, lpOverlapped=0x0 | out: lpBuffer=0xc00036e000*, lpNumberOfBytesWritten=0xc000175cec*=0x2d10, lpOverlapped=0x0) returned 1 [0116.346] CloseHandle (hObject=0x304) returned 1 [0116.359] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1e01 | out: pbBuffer=0xc0000e1e01) returned 1 [0116.359] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0116.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0116.360] GetConsoleMode (in: hConsoleHandle=0x32c, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0116.363] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0116.375] GetFileType (hFile=0x32c) returned 0x1 [0116.375] WriteFile (in: hFile=0x32c, lpBuffer=0xc0000bedc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000bedc0*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.376] CloseHandle (hObject=0x32c) returned 1 [0116.381] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDWXoC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdwxoc[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBDWXoC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbdwxoc[1].jpg"), dwFlags=0x1) returned 1 [0117.032] SetEvent (hEvent=0x320) returned 1 [0117.032] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0117.034] SetEvent (hEvent=0x1dc) returned 1 [0117.034] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0117.036] SetEvent (hEvent=0x1dc) returned 1 [0117.036] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0117.038] SetEvent (hEvent=0x1dc) returned 1 [0117.038] SetEvent (hEvent=0x1f8) returned 1 [0117.038] SetEvent (hEvent=0x320) returned 1 [0117.038] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0117.353] SetEvent (hEvent=0x9c) returned 1 [0117.353] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0117.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0117.360] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001a7cf4 | out: lpMode=0xc0001a7cf4) returned 0 [0117.362] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0117.453] GetFileType (hFile=0x1b0) returned 0x1 [0117.453] GetFileType (hFile=0x1b0) returned 0x1 [0117.454] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0001a7d44 | out: lpFileInformation=0xc0001a7d44) returned 1 [0117.454] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0001a7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a7d28) returned 1 [0117.454] VirtualAlloc (lpAddress=0xc00032e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032e000 [0117.454] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00032e000, nNumberOfBytesToRead=0x9a9, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00032e000*, lpNumberOfBytesRead=0xc0001a7c04*=0x7a9, lpOverlapped=0x0) returned 1 [0117.460] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00032e7a9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00032e7a9*, lpNumberOfBytesRead=0xc0001a7c04*=0x0, lpOverlapped=0x0) returned 1 [0117.460] CloseHandle (hObject=0x1b0) returned 1 [0117.460] VirtualAlloc (lpAddress=0xc000330000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000330000 [0117.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0117.562] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0117.637] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001a7d04 | out: lpMode=0xc0001a7d04) returned 0 [0117.670] GetFileType (hFile=0x240) returned 0x1 [0117.670] WriteFile (in: hFile=0x240, lpBuffer=0xc000330000*, nNumberOfBytesToWrite=0x7b0, lpNumberOfBytesWritten=0xc0001a7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000330000*, lpNumberOfBytesWritten=0xc0001a7cec*=0x7b0, lpOverlapped=0x0) returned 1 [0117.672] CloseHandle (hObject=0x240) returned 1 [0117.680] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0117.716] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082e01 | out: pbBuffer=0xc000082e01) returned 1 [0117.716] VirtualAlloc (lpAddress=0xc00037a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037a000 [0117.716] VirtualAlloc (lpAddress=0xc00037c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037c000 [0117.717] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0117.717] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001a7d64 | out: lpMode=0xc0001a7d64) returned 0 [0117.719] GetFileType (hFile=0x1b0) returned 0x1 [0117.719] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00036ab00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00036ab00*, lpNumberOfBytesWritten=0xc0001a7d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.719] CloseHandle (hObject=0x1b0) returned 1 [0117.726] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeU5U[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeeu5u[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEeU5U[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbeeu5u[1].jpg"), dwFlags=0x1) returned 1 [0118.297] SetEvent (hEvent=0x12c) returned 1 [0118.297] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0118.820] SetEvent (hEvent=0x334) returned 1 [0118.820] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0118.847] SetEvent (hEvent=0xb8) returned 1 [0118.847] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0118.950] SetEvent (hEvent=0x334) returned 1 [0118.950] VirtualFree (lpAddress=0xc000300000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0118.951] VirtualFree (lpAddress=0xc0002e2000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0118.952] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.952] VirtualFree (lpAddress=0xc0002c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.952] VirtualFree (lpAddress=0xc000284000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.953] VirtualFree (lpAddress=0xc000236000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.953] VirtualFree (lpAddress=0xc000214000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.954] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0118.954] VirtualAlloc (lpAddress=0xc0002f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f4000 [0118.954] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015b818, lpReserved=0x0 | out: lpBuffer=0xc000010080*, lpNumberOfCharsWritten=0xc00015b818*=0x3) returned 1 [0118.958] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0119.068] SetEvent (hEvent=0x234) returned 1 [0119.068] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0168*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cf818, lpReserved=0x0 | out: lpBuffer=0xc0000a0168*, lpNumberOfCharsWritten=0xc0001cf818*=0x3) returned 1 [0119.070] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0119.137] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001bb818, lpReserved=0x0 | out: lpBuffer=0xc0000a0020*, lpNumberOfCharsWritten=0xc0001bb818*=0x3) returned 1 [0119.139] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0026*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000035818, lpReserved=0x0 | out: lpBuffer=0xc0000a0026*, lpNumberOfCharsWritten=0xc000035818*=0x3) returned 1 [0119.141] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001f3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0030*, lpNumberOfCharsWritten=0xc0001f3818*=0x3) returned 1 [0119.145] SetEvent (hEvent=0x354) returned 1 [0119.145] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0119.149] SetEvent (hEvent=0x144) returned 1 [0119.149] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0119.151] VirtualFree (lpAddress=0xc000292000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.152] VirtualFree (lpAddress=0xc00010e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.152] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010078*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001ff818, lpReserved=0x0 | out: lpBuffer=0xc000010078*, lpNumberOfCharsWritten=0xc0001ff818*=0x3) returned 1 [0119.153] GetFileType (hFile=0x370) returned 0x1 [0119.153] GetFileType (hFile=0x370) returned 0x1 [0119.154] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc00012bd44 | out: lpFileInformation=0xc00012bd44) returned 1 [0119.154] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc00012bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012bd28) returned 1 [0119.154] ReadFile (in: hFile=0x370, lpBuffer=0xc000054000, nNumberOfBytesToRead=0x356, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesRead=0xc00012bc04*=0x156, lpOverlapped=0x0) returned 1 [0119.157] ReadFile (in: hFile=0x370, lpBuffer=0xc000054156, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000054156*, lpNumberOfBytesRead=0xc00012bc04*=0x0, lpOverlapped=0x0) returned 1 [0119.157] CloseHandle (hObject=0x370) returned 1 [0119.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0119.194] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00012bd04 | out: lpMode=0xc00012bd04) returned 0 [0119.194] GetFileType (hFile=0x384) returned 0x1 [0119.194] WriteFile (in: hFile=0x384, lpBuffer=0xc000036000*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0xc00012bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesWritten=0xc00012bcec*=0x160, lpOverlapped=0x0) returned 1 [0119.195] CloseHandle (hObject=0x384) returned 1 [0119.195] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028b901 | out: pbBuffer=0xc00028b901) returned 1 [0119.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0119.196] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00012bd64 | out: lpMode=0xc00012bd64) returned 0 [0119.196] GetFileType (hFile=0x384) returned 0x1 [0119.196] WriteFile (in: hFile=0x384, lpBuffer=0xc0000371e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000371e0*, lpNumberOfBytesWritten=0xc00012bd4c*=0x158, lpOverlapped=0x0) returned 1 [0119.196] CloseHandle (hObject=0x384) returned 1 [0119.196] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BB8AdqN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bb8adqn[1].png"), dwFlags=0x1) returned 1 [0119.905] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0119.908] SetEvent (hEvent=0x39c) returned 1 [0119.908] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.908] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0119.908] SetEvent (hEvent=0x144) returned 1 [0119.908] SetEvent (hEvent=0x39c) returned 1 [0119.908] SetEvent (hEvent=0x364) returned 1 [0119.909] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.912] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.913] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.913] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0119.913] SetEvent (hEvent=0x258) returned 1 [0119.913] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.914] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.914] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0119.915] SetEvent (hEvent=0x144) returned 1 [0119.915] SetEvent (hEvent=0x148) returned 1 [0119.915] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.918] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.920] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0119.920] SetEvent (hEvent=0x144) returned 1 [0119.920] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.922] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.923] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0119.923] SetEvent (hEvent=0xc0) returned 1 [0119.923] SetEvent (hEvent=0x148) returned 1 [0119.923] SetEvent (hEvent=0x3c0) returned 1 [0119.924] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0119.925] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0119.925] SetEvent (hEvent=0x3c0) returned 1 [0119.925] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.939] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.939] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0119.940] SetEvent (hEvent=0x3c0) returned 1 [0119.940] SetEvent (hEvent=0x144) returned 1 [0119.940] SetEvent (hEvent=0x148) returned 1 [0119.940] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.013] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.015] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.015] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0120.015] SetEvent (hEvent=0x258) returned 1 [0120.015] SetEvent (hEvent=0x144) returned 1 [0120.015] SetEvent (hEvent=0x9c) returned 1 [0120.015] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.020] SetEvent (hEvent=0x144) returned 1 [0120.020] SetEvent (hEvent=0x364) returned 1 [0120.025] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.032] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.073] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.073] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0120.073] SetEvent (hEvent=0xc0) returned 1 [0120.073] SetEvent (hEvent=0x30c) returned 1 [0120.073] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0120.088] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0002d3cf4 | out: lpMode=0xc0002d3cf4) returned 0 [0120.095] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.099] GetFileType (hFile=0x384) returned 0x1 [0120.099] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0120.099] GetFileType (hFile=0x384) returned 0x1 [0120.099] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc0002d3d44 | out: lpFileInformation=0xc0002d3d44) returned 1 [0120.099] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc0002d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d3d28) returned 1 [0120.100] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0120.101] ReadFile (in: hFile=0x384, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x11a3b, lpNumberOfBytesRead=0xc0002d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0002d3c04*=0x1183b, lpOverlapped=0x0) returned 1 [0120.312] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.327] ReadFile (in: hFile=0x384, lpBuffer=0xc0002b583b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b583b*, lpNumberOfBytesRead=0xc0002d3c04*=0x0, lpOverlapped=0x0) returned 1 [0120.327] CloseHandle (hObject=0x384) returned 1 [0120.327] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0120.328] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0120.329] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0002d3d04 | out: lpMode=0xc0002d3d04) returned 0 [0120.338] GetFileType (hFile=0x384) returned 0x1 [0120.338] WriteFile (in: hFile=0x384, lpBuffer=0xc000300000*, nNumberOfBytesToWrite=0x11840, lpNumberOfBytesWritten=0xc0002d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesWritten=0xc0002d3cec*=0x11840, lpOverlapped=0x0) returned 1 [0120.341] CloseHandle (hObject=0x384) returned 1 [0120.341] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0120.341] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0120.342] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0120.343] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0120.343] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0002d3d64 | out: lpMode=0xc0002d3d64) returned 0 [0120.351] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.372] SetEvent (hEvent=0x9c) returned 1 [0120.372] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.373] SetEvent (hEvent=0xfc) returned 1 [0120.373] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.393] SetEvent (hEvent=0x148) returned 1 [0120.393] SetEvent (hEvent=0x144) returned 1 [0120.394] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.451] SetEvent (hEvent=0x198) returned 1 [0120.451] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.457] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0120.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0120.459] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc00017dcf4 | out: lpMode=0xc00017dcf4) returned 0 [0120.462] GetFileType (hFile=0x2f4) returned 0x1 [0120.462] GetFileType (hFile=0x2f4) returned 0x1 [0120.462] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc00017dd44 | out: lpFileInformation=0xc00017dd44) returned 1 [0120.462] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc00017dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00017dd28) returned 1 [0120.463] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0120.463] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0120.465] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0xf100, lpNumberOfBytesRead=0xc00017dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc00017dc04*=0xef00, lpOverlapped=0x0) returned 1 [0120.471] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0002b2f00, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00017dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b2f00*, lpNumberOfBytesRead=0xc00017dc04*=0x0, lpOverlapped=0x0) returned 1 [0120.471] CloseHandle (hObject=0x2f4) returned 1 [0120.471] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0120.473] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0120.541] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.606] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00017dd04 | out: lpMode=0xc00017dd04) returned 0 [0120.608] GetFileType (hFile=0x3dc) returned 0x1 [0120.609] WriteFile (in: hFile=0x3dc, lpBuffer=0xc000300000*, nNumberOfBytesToWrite=0xef10, lpNumberOfBytesWritten=0xc00017dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesWritten=0xc00017dcec*=0xef10, lpOverlapped=0x0) returned 1 [0120.611] CloseHandle (hObject=0x3dc) returned 1 [0120.619] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.642] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a101 | out: pbBuffer=0xc00031a101) returned 1 [0120.642] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0120.643] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0120.643] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00017dd64 | out: lpMode=0xc00017dd64) returned 0 [0120.645] GetFileType (hFile=0x384) returned 0x1 [0120.646] WriteFile (in: hFile=0x384, lpBuffer=0xc0001871e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00017dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001871e0*, lpNumberOfBytesWritten=0xc00017dd4c*=0x158, lpOverlapped=0x0) returned 1 [0120.646] CloseHandle (hObject=0x384) returned 1 [0120.649] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0120.650] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEeNd8[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbeend8[1].png"), dwFlags=0x1) returned 1 [0120.909] SwitchToThread () returned 1 [0120.912] SetEvent (hEvent=0x12c) returned 1 [0120.912] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.914] SetEvent (hEvent=0x12c) returned 1 [0120.914] SwitchToThread () returned 1 [0120.915] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.920] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.921] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.923] SetEvent (hEvent=0x12c) returned 1 [0120.923] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.925] SetEvent (hEvent=0x12c) returned 1 [0120.925] SetEvent (hEvent=0x3c8) returned 1 [0120.925] VirtualFree (lpAddress=0xc0002f2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.926] SwitchToThread () returned 1 [0120.927] SetEvent (hEvent=0x12c) returned 1 [0120.927] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.928] SetEvent (hEvent=0x12c) returned 1 [0120.928] SetEvent (hEvent=0x3c8) returned 1 [0120.928] SetEvent (hEvent=0x1b4) returned 1 [0120.928] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.931] SetEvent (hEvent=0x12c) returned 1 [0120.931] SetEvent (hEvent=0xfc) returned 1 [0120.931] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.934] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.937] SetEvent (hEvent=0x30c) returned 1 [0120.937] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.939] SetEvent (hEvent=0x12c) returned 1 [0120.939] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0120.976] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0120.977] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000115cf4 | out: lpMode=0xc000115cf4) returned 0 [0120.978] GetFileType (hFile=0x1ec) returned 0x1 [0120.978] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0120.978] GetFileType (hFile=0x1ec) returned 0x1 [0120.978] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc000115d44 | out: lpFileInformation=0xc000115d44) returned 1 [0120.979] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc000115d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000115d28) returned 1 [0120.979] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0120.982] ReadFile (in: hFile=0x1ec, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x26bb2, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc000115c04*=0x269b2, lpOverlapped=0x0) returned 1 [0120.990] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00036c9b2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc00036c9b2*, lpNumberOfBytesRead=0xc000115c04*=0x0, lpOverlapped=0x0) returned 1 [0120.990] CloseHandle (hObject=0x1ec) returned 1 [0120.990] VirtualAlloc (lpAddress=0xc0002cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002cc000 [0120.991] VirtualAlloc (lpAddress=0xc0002d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d0000 [0120.991] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0120.992] VirtualAlloc (lpAddress=0xc00036e000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036e000 [0120.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0121.004] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000115d04 | out: lpMode=0xc000115d04) returned 0 [0121.006] GetFileType (hFile=0x1ec) returned 0x1 [0121.006] VirtualAlloc (lpAddress=0xc000336000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000336000 [0121.007] VirtualAlloc (lpAddress=0xc00033c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033c000 [0121.007] WriteFile (in: hFile=0x1ec, lpBuffer=0xc00036e000*, nNumberOfBytesToWrite=0x269c0, lpNumberOfBytesWritten=0xc000115cec, lpOverlapped=0x0 | out: lpBuffer=0xc00036e000*, lpNumberOfBytesWritten=0xc000115cec*=0x269c0, lpOverlapped=0x0) returned 1 [0121.012] CloseHandle (hObject=0x1ec) returned 1 [0121.026] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0121.026] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0121.027] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0121.027] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000115d64 | out: lpMode=0xc000115d64) returned 0 [0121.031] GetFileType (hFile=0x1ec) returned 0x1 [0121.031] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000566e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000115d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000566e0*, lpNumberOfBytesWritten=0xc000115d4c*=0x158, lpOverlapped=0x0) returned 1 [0121.032] CloseHandle (hObject=0x1ec) returned 1 [0121.034] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\css[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\css[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-css[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-css[1].txt"), dwFlags=0x1) returned 1 [0121.130] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0121.130] SetEvent (hEvent=0x3c0) returned 1 [0121.131] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.132] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0121.132] SetEvent (hEvent=0xfc) returned 1 [0121.132] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.137] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.139] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0121.139] SetEvent (hEvent=0xc0) returned 1 [0121.139] SetEvent (hEvent=0x3c0) returned 1 [0121.139] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.140] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.143] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0121.143] SetEvent (hEvent=0xfc) returned 1 [0121.143] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.149] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.182] SetEvent (hEvent=0x354) returned 1 [0121.182] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.352] SetEvent (hEvent=0x1b4) returned 1 [0121.352] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.359] SetEvent (hEvent=0x1b4) returned 1 [0121.359] SetEvent (hEvent=0x3c0) returned 1 [0121.359] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.360] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.360] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.361] VirtualFree (lpAddress=0xc0000b6000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0121.361] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.362] VirtualFree (lpAddress=0xc00006e000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0121.362] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001d5818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0001d5818*=0x2) returned 1 [0121.365] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.374] SetEvent (hEvent=0x13c) returned 1 [0121.374] SetEvent (hEvent=0x3c0) returned 1 [0121.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\rpc_shindig_random[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\rpc_shindig_random[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0121.375] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004dfcf4 | out: lpMode=0xc0004dfcf4) returned 0 [0121.375] GetFileType (hFile=0x1b0) returned 0x1 [0121.375] GetFileType (hFile=0x1b0) returned 0x1 [0121.375] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0004dfd44 | out: lpFileInformation=0xc0004dfd44) returned 1 [0121.375] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0004dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dfd28) returned 1 [0121.376] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0121.377] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000b6000, nNumberOfBytesToRead=0x3312, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesRead=0xc0004dfc04*=0x3112, lpOverlapped=0x0) returned 1 [0121.383] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000b9112, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b9112*, lpNumberOfBytesRead=0xc0004dfc04*=0x0, lpOverlapped=0x0) returned 1 [0121.384] CloseHandle (hObject=0x1b0) returned 1 [0121.384] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0121.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\rpc_shindig_random[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\rpc_shindig_random[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.386] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004dfd04 | out: lpMode=0xc0004dfd04) returned 0 [0121.387] GetFileType (hFile=0x1b0) returned 0x1 [0121.387] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000b9500*, nNumberOfBytesToWrite=0x3120, lpNumberOfBytesWritten=0xc0004dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000b9500*, lpNumberOfBytesWritten=0xc0004dfcec*=0x3120, lpOverlapped=0x0) returned 1 [0121.388] CloseHandle (hObject=0x1b0) returned 1 [0121.389] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0121.389] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0121.390] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0121.390] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\rpc_shindig_random[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\rpc_shindig_random[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.390] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004dfd64 | out: lpMode=0xc0004dfd64) returned 0 [0121.392] GetFileType (hFile=0x1b0) returned 0x1 [0121.392] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0004dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0121.392] CloseHandle (hObject=0x1b0) returned 1 [0121.393] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\rpc_shindig_random[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\rpc_shindig_random[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-rpc_shindig_random[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-rpc_shindig_random[1].js"), dwFlags=0x1) returned 1 [0121.458] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.458] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0121.458] SetEvent (hEvent=0x1b4) returned 1 [0121.459] SetEvent (hEvent=0x13c) returned 1 [0121.459] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0121.460] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.465] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.465] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0121.465] SetEvent (hEvent=0x13c) returned 1 [0121.465] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.472] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.472] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.496] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0121.497] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\wc-addons[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\wc-addons[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0121.497] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00020fcf4 | out: lpMode=0xc00020fcf4) returned 0 [0121.498] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.511] GetFileType (hFile=0x1b0) returned 0x1 [0121.511] GetFileType (hFile=0x1b0) returned 0x1 [0121.511] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00020fd44 | out: lpFileInformation=0xc00020fd44) returned 1 [0121.511] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00020fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020fd28) returned 1 [0121.511] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0121.512] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x26000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0121.516] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x251ea, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc00020fc04*=0x24fea, lpOverlapped=0x0) returned 1 [0121.557] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00036afea, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00036afea*, lpNumberOfBytesRead=0xc00020fc04*=0x0, lpOverlapped=0x0) returned 1 [0121.557] CloseHandle (hObject=0x1b0) returned 1 [0121.557] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0121.557] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0121.558] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0121.558] VirtualAlloc (lpAddress=0xc00036c000, dwSize=0x26000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036c000 [0121.562] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0121.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\wc-addons[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\wc-addons[1].css"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.565] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00020fd04 | out: lpMode=0xc00020fd04) returned 0 [0121.576] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.664] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.676] SetEvent (hEvent=0xfc) returned 1 [0121.676] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.677] SetEvent (hEvent=0x1b4) returned 1 [0121.677] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.681] SetEvent (hEvent=0xfc) returned 1 [0121.681] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.681] SetEvent (hEvent=0xfc) returned 1 [0121.681] SetEvent (hEvent=0x1b4) returned 1 [0121.681] VirtualFree (lpAddress=0xc000400000, dwSize=0xaa000, dwFreeType=0x4000) returned 1 [0121.686] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.686] VirtualFree (lpAddress=0xc00021a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0121.686] VirtualFree (lpAddress=0xc0001a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.687] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.687] VirtualFree (lpAddress=0xc000182000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.688] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.688] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0121.688] VirtualFree (lpAddress=0xc00010e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0121.689] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.689] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.690] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.690] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.691] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.691] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat.log1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.692] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0121.692] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1\\*", lpFindFileData=0xc0002119f8 | out: lpFindFileData=0xc0002119f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0121.692] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc000211720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0121.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\Custom.theme" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes\\custom.theme"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3dc [0121.693] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00018bcf4 | out: lpMode=0xc00018bcf4) returned 0 [0121.694] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.696] GetFileType (hFile=0x3dc) returned 0x1 [0121.696] GetFileType (hFile=0x3dc) returned 0x1 [0121.696] GetFileInformationByHandle (in: hFile=0x3dc, lpFileInformation=0xc00018bd44 | out: lpFileInformation=0xc00018bd44) returned 1 [0121.696] GetFileInformationByHandleEx (in: hFile=0x3dc, FileInformationClass=0x9, lpFileInformation=0xc00018bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018bd28) returned 1 [0121.696] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0121.697] ReadFile (in: hFile=0x3dc, lpBuffer=0xc0001b2000, nNumberOfBytesToRead=0x90a, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b2000*, lpNumberOfBytesRead=0xc00018bc04*=0x70a, lpOverlapped=0x0) returned 1 [0121.698] ReadFile (in: hFile=0x3dc, lpBuffer=0xc0001b270a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b270a*, lpNumberOfBytesRead=0xc00018bc04*=0x0, lpOverlapped=0x0) returned 1 [0121.699] CloseHandle (hObject=0x3dc) returned 1 [0121.699] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0121.699] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0121.700] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0121.700] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0121.701] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\Custom.theme" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes\\custom.theme"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0121.702] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00018bd04 | out: lpMode=0xc00018bd04) returned 0 [0121.703] GetFileType (hFile=0x3dc) returned 0x1 [0121.703] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0001e6000*, nNumberOfBytesToWrite=0x710, lpNumberOfBytesWritten=0xc00018bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e6000*, lpNumberOfBytesWritten=0xc00018bcec*=0x710, lpOverlapped=0x0) returned 1 [0121.704] CloseHandle (hObject=0x3dc) returned 1 [0121.704] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0121.704] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0121.705] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0121.705] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0121.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\Custom.theme" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes\\custom.theme"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0121.706] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00018bd64 | out: lpMode=0xc00018bd64) returned 0 [0121.710] GetFileType (hFile=0x3dc) returned 0x1 [0121.711] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0001e8580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001e8580*, lpNumberOfBytesWritten=0xc00018bd4c*=0x158, lpOverlapped=0x0) returned 1 [0121.711] CloseHandle (hObject=0x3dc) returned 1 [0121.711] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\Custom.theme" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes\\custom.theme"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Themes\\encry-Custom.theme" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\themes\\encry-custom.theme"), dwFlags=0x1) returned 1 [0121.713] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0121.713] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3dc [0121.714] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc000177cf4 | out: lpMode=0xc000177cf4) returned 0 [0121.715] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.721] SetEvent (hEvent=0xfc) returned 1 [0121.721] GetFileType (hFile=0x3dc) returned 0x1 [0121.721] GetFileType (hFile=0x3dc) returned 0x1 [0121.721] GetFileInformationByHandle (in: hFile=0x3dc, lpFileInformation=0xc000177d44 | out: lpFileInformation=0xc000177d44) returned 1 [0121.721] GetFileInformationByHandleEx (in: hFile=0x3dc, FileInformationClass=0x9, lpFileInformation=0xc000177d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000177d28) returned 1 [0121.721] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.722] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.722] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x41000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.722] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.722] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.722] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.722] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.722] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0121.722] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x80000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0121.735] ReadFile (in: hFile=0x3dc, lpBuffer=0xc0003fe000, nNumberOfBytesToRead=0x80200, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesRead=0xc000177c04*=0x80000, lpOverlapped=0x0) returned 1 [0121.754] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.765] ReadFile (in: hFile=0x3dc, lpBuffer=0xc00047e000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc00047e000*, lpNumberOfBytesRead=0xc000177c04*=0x0, lpOverlapped=0x0) returned 1 [0121.765] CloseHandle (hObject=0x3dc) returned 1 [0121.771] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0121.772] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0121.772] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0121.785] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0121.786] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0121.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.787] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms\\*", lpFindFileData=0xc000177a08 | out: lpFindFileData=0xc000177a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0121.787] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000177720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0121.787] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0121.788] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0121.789] GetFileType (hFile=0x1ec) returned 0x1 [0121.789] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0001b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0121.789] CloseHandle (hObject=0x1ec) returned 1 [0121.789] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0121.790] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0121.790] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0121.791] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0121.812] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.813] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0121.813] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0121.813] SetEvent (hEvent=0xc0) returned 1 [0121.813] SetEvent (hEvent=0x13c) returned 1 [0121.813] SetEvent (hEvent=0x354) returned 1 [0121.814] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0121.815] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.821] SetEvent (hEvent=0x354) returned 1 [0121.821] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.838] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0121.838] SetEvent (hEvent=0x3c0) returned 1 [0121.838] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.171] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0122.171] SetEvent (hEvent=0x3c0) returned 1 [0122.171] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.172] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0122.172] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0122.172] SetEvent (hEvent=0xc0) returned 1 [0122.172] SetEvent (hEvent=0x3c0) returned 1 [0122.173] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.173] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0122.173] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.183] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.183] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0122.183] SetEvent (hEvent=0x354) returned 1 [0122.183] SetEvent (hEvent=0xfc) returned 1 [0122.183] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.186] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0122.188] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001c9cf4 | out: lpMode=0xc0001c9cf4) returned 0 [0122.236] GetFileType (hFile=0x1ec) returned 0x1 [0122.236] GetFileType (hFile=0x1ec) returned 0x1 [0122.236] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc0001c9d44 | out: lpFileInformation=0xc0001c9d44) returned 1 [0122.236] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc0001c9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c9d28) returned 1 [0122.236] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0122.237] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x127e, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc0001c9c04*=0x107e, lpOverlapped=0x0) returned 1 [0122.242] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0122.258] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0000fb07e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fb07e*, lpNumberOfBytesRead=0xc0001c9c04*=0x0, lpOverlapped=0x0) returned 1 [0122.258] CloseHandle (hObject=0x1ec) returned 1 [0122.258] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0122.259] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0122.260] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001c9d04 | out: lpMode=0xc0001c9d04) returned 0 [0122.264] GetFileType (hFile=0x1ec) returned 0x1 [0122.264] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000fb300*, nNumberOfBytesToWrite=0x1080, lpNumberOfBytesWritten=0xc0001c9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fb300*, lpNumberOfBytesWritten=0xc0001c9cec*=0x1080, lpOverlapped=0x0) returned 1 [0122.266] CloseHandle (hObject=0x1ec) returned 1 [0122.266] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0101 | out: pbBuffer=0xc0002f0101) returned 1 [0122.266] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0122.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0122.266] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001c9d64 | out: lpMode=0xc0001c9d64) returned 0 [0122.272] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0122.304] SetEvent (hEvent=0x13c) returned 1 [0122.304] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0122.305] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0122.305] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000193cf4 | out: lpMode=0xc000193cf4) returned 0 [0122.306] GetFileType (hFile=0x2c4) returned 0x1 [0122.306] GetFileType (hFile=0x2c4) returned 0x1 [0122.306] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc000193d44 | out: lpFileInformation=0xc000193d44) returned 1 [0122.306] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc000193d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000193d28) returned 1 [0122.306] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x2b49, lpNumberOfBytesRead=0xc000193c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc000193c04*=0x2949, lpOverlapped=0x0) returned 1 [0122.339] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0000fc949, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000193c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc949*, lpNumberOfBytesRead=0xc000193c04*=0x0, lpOverlapped=0x0) returned 1 [0122.339] CloseHandle (hObject=0x2c4) returned 1 [0122.339] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0122.340] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0122.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0122.342] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000193d04 | out: lpMode=0xc000193d04) returned 0 [0122.345] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0122.556] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc00020fd4c*=0x158, lpOverlapped=0x0) returned 1 [0122.557] CloseHandle (hObject=0x1b0) returned 1 [0122.557] GetFileType (hFile=0x3cc) returned 0x1 [0122.557] GetFileType (hFile=0x3cc) returned 0x1 [0122.557] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc000179d44 | out: lpFileInformation=0xc000179d44) returned 1 [0122.557] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc000179d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000179d28) returned 1 [0122.557] GetFileType (hFile=0x2e8) returned 0x1 [0122.557] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc0001cbd4c*=0x158, lpOverlapped=0x0) returned 1 [0122.557] CloseHandle (hObject=0x2e8) returned 1 [0122.557] GetFileType (hFile=0x3d8) returned 0x1 [0122.557] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0002b6000*, nNumberOfBytesToWrite=0x1280, lpNumberOfBytesWritten=0xc0001f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b6000*, lpNumberOfBytesWritten=0xc0001f9cec*=0x1280, lpOverlapped=0x0) returned 1 [0122.559] CloseHandle (hObject=0x3d8) returned 1 [0122.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0122.560] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000171cf4 | out: lpMode=0xc000171cf4) returned 0 [0122.560] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0122.626] SetEvent (hEvent=0x3c0) returned 1 [0122.626] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0122.631] SetEvent (hEvent=0x324) returned 1 [0122.631] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00003e240*, nNumberOfCharsToWrite=0x90, lpNumberOfCharsWritten=0xc00023f808, lpReserved=0x0 | out: lpBuffer=0xc00003e240*, lpNumberOfCharsWritten=0xc00023f808*=0x90) returned 1 [0122.636] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0122.683] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0122.683] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0122.684] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0122.685] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0122.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0122.686] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf\\*", lpFindFileData=0xc00023fa68 | out: lpFindFileData=0xc00023fa68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0122.686] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc00023f720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0122.686] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002bc340*, nNumberOfCharsToWrite=0xce, lpNumberOfCharsWritten=0xc00023f808, lpReserved=0x0 | out: lpBuffer=0xc0002bc340*, lpNumberOfCharsWritten=0xc00023f808*=0xce) returned 1 [0122.734] SetEvent (hEvent=0x324) returned 1 [0122.734] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0122.734] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0004d9cf4 | out: lpMode=0xc0004d9cf4) returned 0 [0122.739] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0122.742] SetEvent (hEvent=0x324) returned 1 [0122.742] GetFileType (hFile=0x2e8) returned 0x1 [0122.742] GetFileType (hFile=0x2e8) returned 0x1 [0122.742] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc0004d9d44 | out: lpFileInformation=0xc0004d9d44) returned 1 [0122.742] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc0004d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004d9d28) returned 1 [0122.742] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000286300, nNumberOfBytesToRead=0x2eb, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000286300*, lpNumberOfBytesRead=0xc0004d9c04*=0xeb, lpOverlapped=0x0) returned 1 [0122.743] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0002863eb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002863eb*, lpNumberOfBytesRead=0xc0004d9c04*=0x0, lpOverlapped=0x0) returned 1 [0122.743] CloseHandle (hObject=0x2e8) returned 1 [0122.744] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0122.745] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0004d9d04 | out: lpMode=0xc0004d9d04) returned 0 [0122.754] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0122.804] GetFileType (hFile=0x2e8) returned 0x1 [0122.804] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0002945a0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0004d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002945a0*, lpNumberOfBytesWritten=0xc0004d9cec*=0xf0, lpOverlapped=0x0) returned 1 [0122.805] CloseHandle (hObject=0x2e8) returned 1 [0122.810] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0122.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0122.810] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0004d9d64 | out: lpMode=0xc0004d9d64) returned 0 [0122.814] GetFileType (hFile=0x2e8) returned 0x1 [0122.814] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0004d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0122.814] CloseHandle (hObject=0x2e8) returned 1 [0122.821] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0122.827] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0122.828] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-hand prints.htm"), dwFlags=0x1) returned 1 [0122.829] SetEvent (hEvent=0x12c) returned 1 [0122.829] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0122.836] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0122.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0122.837] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000197cf4 | out: lpMode=0xc000197cf4) returned 0 [0122.850] GetFileType (hFile=0x370) returned 0x1 [0122.850] GetFileType (hFile=0x370) returned 0x1 [0122.851] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc000197d44 | out: lpFileInformation=0xc000197d44) returned 1 [0122.851] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc000197d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000197d28) returned 1 [0122.851] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0122.853] ReadFile (in: hFile=0x370, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x2200, lpNumberOfBytesRead=0xc000197c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000197c04*=0x2000, lpOverlapped=0x0) returned 1 [0122.855] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0122.939] SetEvent (hEvent=0x39c) returned 1 [0122.939] ReadFile (in: hFile=0x370, lpBuffer=0xc0002a6000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000197c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a6000*, lpNumberOfBytesRead=0xc000197c04*=0x0, lpOverlapped=0x0) returned 1 [0122.939] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0123.003] CloseHandle (hObject=0x370) returned 1 [0123.003] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0123.026] SetEvent (hEvent=0x354) returned 1 [0123.026] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0123.819] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0123.869] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0123.912] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0001abd04 | out: lpMode=0xc0001abd04) returned 0 [0123.914] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0123.916] SwitchToThread () returned 1 [0123.921] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0123.989] SetEvent (hEvent=0x114) returned 1 [0123.989] SetEvent (hEvent=0x13c) returned 1 [0123.989] SwitchToThread () returned 1 [0123.990] SetEvent (hEvent=0x114) returned 1 [0123.990] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0123.993] SetEvent (hEvent=0xfc) returned 1 [0123.993] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.054] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.084] SetEvent (hEvent=0x114) returned 1 [0124.084] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.086] SetEvent (hEvent=0x30c) returned 1 [0124.086] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.087] SetEvent (hEvent=0x114) returned 1 [0124.087] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.087] SetEvent (hEvent=0x114) returned 1 [0124.087] SetEvent (hEvent=0x30c) returned 1 [0124.088] VirtualFree (lpAddress=0xc0008ec000, dwSize=0x202000, dwFreeType=0x4000) returned 1 [0124.102] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.102] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.102] VirtualFree (lpAddress=0xc000236000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.103] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.103] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.104] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.104] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.104] GetFileType (hFile=0x2cc) returned 0x1 [0124.104] GetFileType (hFile=0x2cc) returned 0x1 [0124.105] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc0001dbd44 | out: lpFileInformation=0xc0001dbd44) returned 1 [0124.105] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc0001dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001dbd28) returned 1 [0124.105] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x202000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.105] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x202000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.105] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x101000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e4000 [0124.108] VirtualAlloc (lpAddress=0xc0007e5000, dwSize=0x101000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.108] VirtualAlloc (lpAddress=0xc0007e5000, dwSize=0x80000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.108] VirtualAlloc (lpAddress=0xc0007e5000, dwSize=0x40000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.109] VirtualAlloc (lpAddress=0xc0007e5000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.109] VirtualAlloc (lpAddress=0xc0007e5000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007e5000 [0124.109] VirtualAlloc (lpAddress=0xc0007f5000, dwSize=0xf1000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.109] VirtualAlloc (lpAddress=0xc0007f5000, dwSize=0x78000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.109] VirtualAlloc (lpAddress=0xc0007f5000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.109] VirtualAlloc (lpAddress=0xc0007f5000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.109] VirtualAlloc (lpAddress=0xc0007f5000, dwSize=0xf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.110] VirtualAlloc (lpAddress=0xc0007f5000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007f5000 [0124.110] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0xea000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.110] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x75000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.110] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x3a000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.110] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x1d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.110] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.110] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.110] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fc000 [0124.111] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0xe7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.111] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x73000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.111] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x39000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.111] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.111] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.111] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.111] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0124.111] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ff000 [0124.112] VirtualAlloc (lpAddress=0xc000800000, dwSize=0xe6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0124.151] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0006e4000, nNumberOfBytesToRead=0x200200, lpNumberOfBytesRead=0xc0001dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0006e4000*, lpNumberOfBytesRead=0xc0001dbc04*=0x200000, lpOverlapped=0x0) returned 1 [0124.385] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0008e4000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0008e4000*, lpNumberOfBytesRead=0xc0001dbc04*=0x0, lpOverlapped=0x0) returned 1 [0124.385] CloseHandle (hObject=0x2cc) returned 1 [0124.385] VirtualAlloc (lpAddress=0xc0008e6000, dwSize=0x202000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0008e6000 [0124.416] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0124.429] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001dbd04 | out: lpMode=0xc0001dbd04) returned 0 [0124.430] GetFileType (hFile=0x2cc) returned 0x1 [0124.430] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0008e6000*, nNumberOfBytesToWrite=0x200010, lpNumberOfBytesWritten=0xc0001dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0008e6000*, lpNumberOfBytesWritten=0xc0001dbcec*=0x200010, lpOverlapped=0x0) returned 1 [0124.496] CloseHandle (hObject=0x2cc) returned 1 [0124.496] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0124.496] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0124.497] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0124.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0124.498] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001dbd64 | out: lpMode=0xc0001dbd64) returned 0 [0124.502] GetFileType (hFile=0x2cc) returned 0x1 [0124.502] WriteFile (in: hFile=0x2cc, lpBuffer=0xc00011c840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c840*, lpNumberOfBytesWritten=0xc0001dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0124.502] CloseHandle (hObject=0x2cc) returned 1 [0124.503] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0124.503] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\encry-edbres00002.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\encry-edbres00002.jrs"), dwFlags=0x1) returned 1 [0124.505] SwitchToThread () returned 1 [0124.513] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0124.514] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0124.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0124.514] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0001c5d04 | out: lpMode=0xc0001c5d04) returned 0 [0124.524] GetFileType (hFile=0x3d8) returned 0x1 [0124.524] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0003d2360*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc0001c5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2360*, lpNumberOfBytesWritten=0xc0001c5cec*=0x110, lpOverlapped=0x0) returned 1 [0124.525] CloseHandle (hObject=0x3d8) returned 1 [0124.525] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0124.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0124.525] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0001c5d64 | out: lpMode=0xc0001c5d64) returned 0 [0124.526] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.534] SetEvent (hEvent=0xc0) returned 1 [0124.534] GetFileType (hFile=0x3d8) returned 0x1 [0124.534] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.578] SetEvent (hEvent=0xc0) returned 1 [0124.578] SetEvent (hEvent=0x114) returned 1 [0124.578] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0001c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0124.578] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.585] CloseHandle (hObject=0x3d8) returned 1 [0124.585] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\encry-oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\encry-oeold.xml"), dwFlags=0x1) returned 1 [0124.685] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.688] SetEvent (hEvent=0x114) returned 1 [0124.688] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.689] SetEvent (hEvent=0x114) returned 1 [0124.689] SetEvent (hEvent=0x3c8) returned 1 [0124.689] VirtualFree (lpAddress=0xc000262000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.690] VirtualFree (lpAddress=0xc0001e2000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0124.690] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.691] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.691] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.691] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.691] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.692] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.692] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.692] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.693] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.693] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0124.694] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\2\\*", lpFindFileData=0xc0002611d0 | out: lpFindFileData=0xc0002611d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.694] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.694] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.694] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.694] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.695] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.695] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\*", lpFindFileData=0xc0002611d0 | out: lpFindFileData=0xc0002611d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.695] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.695] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4B", cAlternateFileName="")) returned 1 [0124.696] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.696] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.696] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0124.696] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b"), fInfoLevelId=0x0, lpFileInformation=0xc000261340 | out: lpFileInformation=0xc000261340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.699] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\*", lpFindFileData=0xc0002610f8 | out: lpFindFileData=0xc0002610f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.699] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb727c690, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.699] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb72eeab0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x20543, dwReserved0=0x0, dwReserved1=0x0, cFileName="1D8FDd01", cAlternateFileName="")) returned 1 [0124.699] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.699] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.699] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0124.700] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0124.701] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01"), fInfoLevelId=0x0, lpFileInformation=0xc000261268 | out: lpFileInformation=0xc000261268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb727c690, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb727c690, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb72eeab0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x20543)) returned 1 [0124.702] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.706] SetEvent (hEvent=0x114) returned 1 [0124.706] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\4"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.706] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\4\\*", lpFindFileData=0xc0002611d0 | out: lpFindFileData=0xc0002611d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.706] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.706] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.706] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.707] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\5"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.710] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0124.711] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\5"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.711] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\5\\*", lpFindFileData=0xc0002611d0 | out: lpFindFileData=0xc0002611d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.711] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0124.712] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb64f2970, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.712] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.712] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.712] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\6"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.712] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\6"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.712] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\6\\*", lpFindFileData=0xc0002611d0 | out: lpFindFileData=0xc0002611d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.712] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.713] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.713] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.713] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\7"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.828] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\7"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.828] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\7\\*", lpFindFileData=0xc0002611d0 | out: lpFindFileData=0xc0002611d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.828] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.828] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.828] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.829] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\8"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\8"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.829] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\8\\*", lpFindFileData=0xc0002611d0 | out: lpFindFileData=0xc0002611d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.829] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.829] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.829] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.830] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.845] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.852] SetEvent (hEvent=0x3c8) returned 1 [0124.852] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.852] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0124.853] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\*", lpFindFileData=0xc0002611d0 | out: lpFindFileData=0xc0002611d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.853] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.853] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10", cAlternateFileName="")) returned 1 [0124.853] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d58af0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2C", cAlternateFileName="")) returned 1 [0124.853] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="61", cAlternateFileName="")) returned 1 [0124.853] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="E0", cAlternateFileName="")) returned 1 [0124.853] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.853] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.853] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0124.854] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0124.855] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0124.855] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10"), fInfoLevelId=0x0, lpFileInformation=0xc000261340 | out: lpFileInformation=0xc000261340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.855] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.856] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\*", lpFindFileData=0xc0002610f8 | out: lpFindFileData=0xc0002610f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.856] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.856] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x534f, dwReserved0=0x0, dwReserved1=0x0, cFileName="16A09d01", cAlternateFileName="")) returned 1 [0124.856] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.856] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.856] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0124.857] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01"), fInfoLevelId=0x0, lpFileInformation=0xc000261268 | out: lpFileInformation=0xc000261268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x534f)) returned 1 [0124.858] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c"), fInfoLevelId=0x0, lpFileInformation=0xc000261340 | out: lpFileInformation=0xc000261340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d58af0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.858] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\*", lpFindFileData=0xc0002610f8 | out: lpFindFileData=0xc0002610f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d58af0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.858] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7d58af0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.858] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7dcaf10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x133d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="24B53d01", cAlternateFileName="")) returned 1 [0124.859] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.859] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.859] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01"), fInfoLevelId=0x0, lpFileInformation=0xc000261268 | out: lpFileInformation=0xc000261268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7d58af0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7d58af0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7dcaf10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x133d5)) returned 1 [0124.860] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61"), fInfoLevelId=0x0, lpFileInformation=0xc000261340 | out: lpFileInformation=0xc000261340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.860] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.860] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\*", lpFindFileData=0xc0002610f8 | out: lpFindFileData=0xc0002610f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.860] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f47cd0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.861] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7fba0f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa949, dwReserved0=0x0, dwReserved1=0x0, cFileName="28E95d01", cAlternateFileName="")) returned 1 [0124.861] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.861] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.861] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\61\\28E95d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\61\\28e95d01"), fInfoLevelId=0x0, lpFileInformation=0xc000261268 | out: lpFileInformation=0xc000261268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f47cd0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f47cd0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7fba0f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa949)) returned 1 [0124.861] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0"), fInfoLevelId=0x0, lpFileInformation=0xc000261340 | out: lpFileInformation=0xc000261340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.864] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.876] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.876] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\*", lpFindFileData=0xc0002610f8 | out: lpFindFileData=0xc0002610f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.876] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.876] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x404f, dwReserved0=0x0, dwReserved1=0x0, cFileName="F17B2d01", cAlternateFileName="")) returned 1 [0124.876] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.876] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.876] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01"), fInfoLevelId=0x0, lpFileInformation=0xc000261268 | out: lpFileInformation=0xc000261268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81e8d330, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e8d330, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e8d330, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x404f)) returned 1 [0124.877] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\a"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\a"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.877] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\A\\*", lpFindFileData=0xc0002611d0 | out: lpFindFileData=0xc0002611d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.877] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.877] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.877] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.877] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\b"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.880] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.885] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\b"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.885] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\B\\*", lpFindFileData=0xc0002611d0 | out: lpFindFileData=0xc0002611d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.885] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0124.886] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6518ad0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.886] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.886] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.886] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.887] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\*", lpFindFileData=0xc0002611d0 | out: lpFindFileData=0xc0002611d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.887] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.887] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="E6", cAlternateFileName="")) returned 1 [0124.887] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.887] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.887] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6"), fInfoLevelId=0x0, lpFileInformation=0xc000261340 | out: lpFileInformation=0xc000261340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.888] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\*", lpFindFileData=0xc0002610f8 | out: lpFindFileData=0xc0002610f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.888] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7eaf750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.888] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f21b70, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x21839, dwReserved0=0x0, dwReserved1=0x0, cFileName="9DCB7d01", cAlternateFileName="")) returned 1 [0124.888] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.888] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.888] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01"), fInfoLevelId=0x0, lpFileInformation=0xc000261268 | out: lpFileInformation=0xc000261268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7eaf750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7eaf750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f21b70, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x21839)) returned 1 [0124.888] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.893] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.894] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\*", lpFindFileData=0xc0002611d0 | out: lpFindFileData=0xc0002611d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.894] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.894] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="08", cAlternateFileName="")) returned 1 [0124.894] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.894] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.894] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08"), fInfoLevelId=0x0, lpFileInformation=0xc000261340 | out: lpFileInformation=0xc000261340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.897] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.898] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\*", lpFindFileData=0xc0002610f8 | out: lpFindFileData=0xc0002610f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.898] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.898] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x8266, dwReserved0=0x0, dwReserved1=0x0, cFileName="71469d01", cAlternateFileName="")) returned 1 [0124.898] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.898] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.898] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01"), fInfoLevelId=0x0, lpFileInformation=0xc000261268 | out: lpFileInformation=0xc000261268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81e671d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81e671d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81e671d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x8266)) returned 1 [0124.898] SetEvent (hEvent=0x324) returned 1 [0124.898] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.899] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\*", lpFindFileData=0xc0002611d0 | out: lpFindFileData=0xc0002611d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.899] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.899] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="69", cAlternateFileName="")) returned 1 [0124.899] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.899] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.899] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0124.900] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69"), fInfoLevelId=0x0, lpFileInformation=0xc000261340 | out: lpFileInformation=0xc000261340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.900] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.900] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\*", lpFindFileData=0xc0002610f8 | out: lpFindFileData=0xc0002610f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.900] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.900] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb80063b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10d22, dwReserved0=0x0, dwReserved1=0x0, cFileName="885EEd01", cAlternateFileName="")) returned 1 [0124.901] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.901] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.901] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01"), fInfoLevelId=0x0, lpFileInformation=0xc000261268 | out: lpFileInformation=0xc000261268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb80063b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10d22)) returned 1 [0124.901] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.904] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.928] SetEvent (hEvent=0xc0) returned 1 [0124.928] SetEvent (hEvent=0x3c8) returned 1 [0124.928] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.928] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.930] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\*", lpFindFileData=0xc0002611d0 | out: lpFindFileData=0xc0002611d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.930] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.930] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="23", cAlternateFileName="")) returned 1 [0124.930] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="F0", cAlternateFileName="")) returned 1 [0124.930] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261200 | out: lpFindFileData=0xc000261200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.930] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.930] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23"), fInfoLevelId=0x0, lpFileInformation=0xc000261340 | out: lpFileInformation=0xc000261340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.931] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\*", lpFindFileData=0xc0002610f8 | out: lpFindFileData=0xc0002610f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.931] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7f6de30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.931] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7fe0250, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xf888, dwReserved0=0x0, dwReserved1=0x0, cFileName="7E0FEd01", cAlternateFileName="")) returned 1 [0124.931] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.931] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.931] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\23\\7E0FEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\23\\7e0fed01"), fInfoLevelId=0x0, lpFileInformation=0xc000261268 | out: lpFileInformation=0xc000261268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb7f6de30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7f6de30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7fe0250, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xf888)) returned 1 [0124.931] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0"), fInfoLevelId=0x0, lpFileInformation=0xc000261340 | out: lpFileInformation=0xc000261340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0124.932] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0124.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0124.934] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\*", lpFindFileData=0xc0002610f8 | out: lpFindFileData=0xc0002610f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0124.934] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82329dd0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0124.934] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x823c2350, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xa80f, dwReserved0=0x0, dwReserved1=0x0, cFileName="ECB2Dd01", cAlternateFileName="")) returned 1 [0124.934] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261128 | out: lpFindFileData=0xc000261128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0124.934] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0124.934] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\F\\F0\\ECB2Dd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\f\\f0\\ecb2dd01"), fInfoLevelId=0x0, lpFileInformation=0xc000261268 | out: lpFileInformation=0xc000261268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82329dd0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82329dd0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x823c2350, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xa80f)) returned 1 [0124.934] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x851226b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x400000)) returned 1 [0124.934] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_002_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_002_"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x851e0d90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x400000)) returned 1 [0124.937] SetEvent (hEvent=0x324) returned 1 [0124.937] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x8529f470, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x400000)) returned 1 [0124.937] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0124.939] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_MAP_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_map_"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x8535db50, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2114)) returned 1 [0124.941] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0125.000] SwitchToThread () returned 1 [0125.099] SwitchToThread () returned 1 [0125.129] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0125.325] SetEvent (hEvent=0x3c8) returned 1 [0125.325] SetEvent (hEvent=0x324) returned 1 [0125.325] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0125.326] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.326] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.327] VirtualFree (lpAddress=0xc00010e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.327] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.328] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0125.328] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.328] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0125.329] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.329] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.330] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.330] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.331] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.331] GetFileType (hFile=0x3cc) returned 0x1 [0125.331] WriteFile (in: hFile=0x3cc, lpBuffer=0xc000212000*, nNumberOfBytesToWrite=0xaa10, lpNumberOfBytesWritten=0xc000173cec, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesWritten=0xc000173cec*=0xaa10, lpOverlapped=0x0) returned 1 [0125.333] CloseHandle (hObject=0x3cc) returned 1 [0125.333] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0125.334] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0125.334] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0125.335] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0125.335] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0125.336] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0125.336] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0125.336] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc000173d64 | out: lpMode=0xc000173d64) returned 0 [0125.411] GetFileType (hFile=0x3cc) returned 0x1 [0125.411] WriteFile (in: hFile=0x3cc, lpBuffer=0xc00011c420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000173d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c420*, lpNumberOfBytesWritten=0xc000173d4c*=0x158, lpOverlapped=0x0) returned 1 [0125.412] CloseHandle (hObject=0x3cc) returned 1 [0125.412] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\encry-0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\encry-0b619d01"), dwFlags=0x1) returned 1 [0125.413] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e218*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001fd818, lpReserved=0x0 | out: lpBuffer=0xc00005e218*, lpNumberOfCharsWritten=0xc0001fd818*=0x3) returned 1 [0125.431] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e220*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020d818, lpReserved=0x0 | out: lpBuffer=0xc00005e220*, lpNumberOfCharsWritten=0xc00020d818*=0x3) returned 1 [0125.432] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0125.437] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00011c580*, nNumberOfCharsToWrite=0xa6, lpNumberOfCharsWritten=0xc000211808, lpReserved=0x0 | out: lpBuffer=0xc00011c580*, lpNumberOfCharsWritten=0xc000211808*=0xa6) returned 1 [0125.439] SetEvent (hEvent=0x114) returned 1 [0125.439] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat.log1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0125.439] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0125.440] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1\\*", lpFindFileData=0xc000211a08 | out: lpFindFileData=0xc000211a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0125.440] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000211720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0125.440] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000120000*, nNumberOfCharsToWrite=0x68, lpNumberOfCharsWritten=0xc000211808, lpReserved=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfCharsWritten=0xc000211808*=0x68) returned 1 [0125.441] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0125.500] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0125.500] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0125.501] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat.log1"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0125.501] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1\\*", lpFindFileData=0xc000211a68 | out: lpFindFileData=0xc000211a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0125.501] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc000211720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0125.501] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0125.501] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d69a0*, nNumberOfCharsToWrite=0xa6, lpNumberOfCharsWritten=0xc000211808, lpReserved=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfCharsWritten=0xc000211808*=0xa6) returned 1 [0125.503] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0125.509] SetEvent (hEvent=0x1b4) returned 1 [0125.509] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00000a210*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000211808, lpReserved=0x0 | out: lpBuffer=0xc00000a210*, lpNumberOfCharsWritten=0xc000211808*=0x11) returned 1 [0125.510] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c8000*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000211808, lpReserved=0x0 | out: lpBuffer=0xc0000c8000*, lpNumberOfCharsWritten=0xc000211808*=0x11) returned 1 [0125.511] SetEvent (hEvent=0xec) returned 1 [0125.511] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0125.512] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat.log1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\encry-UsrClass.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\encry-usrclass.dat.log1"), dwFlags=0x1) returned 0 [0125.512] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0002116e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0125.512] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0125.513] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0125.513] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00004e000*, nNumberOfCharsToWrite=0xfe, lpNumberOfCharsWritten=0xc000211808, lpReserved=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfCharsWritten=0xc000211808*=0xfe) returned 1 [0125.515] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0125.529] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0125.529] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000050000*, nNumberOfCharsToWrite=0xb5, lpNumberOfCharsWritten=0xc0006dd808, lpReserved=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfCharsWritten=0xc0006dd808*=0xb5) returned 1 [0125.532] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0125.546] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0125.546] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0125.547] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0125.547] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0125.548] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0125.574] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0125.574] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms\\*", lpFindFileData=0xc0006dda68 | out: lpFindFileData=0xc0006dda68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0125.574] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0006dd720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0125.574] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00004e200*, nNumberOfCharsToWrite=0xf3, lpNumberOfCharsWritten=0xc0006dd808, lpReserved=0x0 | out: lpBuffer=0xc00004e200*, lpNumberOfCharsWritten=0xc0006dd808*=0xf3) returned 1 [0125.590] SetEvent (hEvent=0x114) returned 1 [0125.590] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c8060*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0006dd808, lpReserved=0x0 | out: lpBuffer=0xc0000c8060*, lpNumberOfCharsWritten=0xc0006dd808*=0x11) returned 1 [0125.593] SetEvent (hEvent=0x114) returned 1 [0125.593] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c8090*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0006dd808, lpReserved=0x0 | out: lpBuffer=0xc0000c8090*, lpNumberOfCharsWritten=0xc0006dd808*=0x11) returned 1 [0125.595] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0125.599] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0125.600] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\encry-UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\encry-usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms"), dwFlags=0x1) returned 0 [0125.600] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0006dd6e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0125.600] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0125.600] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0125.601] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0125.601] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000036700*, nNumberOfCharsToWrite=0x198, lpNumberOfCharsWritten=0xc0006dd808, lpReserved=0x0 | out: lpBuffer=0xc000036700*, lpNumberOfCharsWritten=0xc0006dd808*=0x198) returned 1 [0125.604] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586440*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00004b818, lpReserved=0x0 | out: lpBuffer=0xc000586440*, lpNumberOfCharsWritten=0xc00004b818*=0x3) returned 1 [0125.606] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586446*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00017d818, lpReserved=0x0 | out: lpBuffer=0xc000586446*, lpNumberOfCharsWritten=0xc00017d818*=0x3) returned 1 [0125.607] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586460*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000189818, lpReserved=0x0 | out: lpBuffer=0xc000586460*, lpNumberOfCharsWritten=0xc000189818*=0x3) returned 1 [0125.617] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e1a8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004d9818, lpReserved=0x0 | out: lpBuffer=0xc00005e1a8*, lpNumberOfCharsWritten=0xc0004d9818*=0x3) returned 1 [0125.622] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586200*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020f818, lpReserved=0x0 | out: lpBuffer=0xc000586200*, lpNumberOfCharsWritten=0xc00020f818*=0x3) returned 1 [0125.639] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586488*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023d818, lpReserved=0x0 | out: lpBuffer=0xc000586488*, lpNumberOfCharsWritten=0xc00023d818*=0x3) returned 1 [0125.642] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0125.709] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0125.718] SetEvent (hEvent=0xec) returned 1 [0125.719] SwitchToThread () returned 1 [0125.815] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0125.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0125.816] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000031cf4 | out: lpMode=0xc000031cf4) returned 0 [0125.915] SwitchToThread () returned 1 [0125.997] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0126.045] GetFileType (hFile=0x384) returned 0x1 [0126.045] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0126.066] GetFileType (hFile=0x384) returned 0x1 [0126.066] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc000031d44 | out: lpFileInformation=0xc000031d44) returned 1 [0126.066] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc000031d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000031d28) returned 1 [0126.066] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0126.067] ReadFile (in: hFile=0x384, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x554f, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc000031c04*=0x534f, lpOverlapped=0x0) returned 1 [0126.853] ReadFile (in: hFile=0x384, lpBuffer=0xc00016534f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016534f*, lpNumberOfBytesRead=0xc000031c04*=0x0, lpOverlapped=0x0) returned 1 [0126.853] CloseHandle (hObject=0x384) returned 1 [0126.853] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0126.856] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0126.856] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0126.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0126.858] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000031d04 | out: lpMode=0xc000031d04) returned 0 [0126.875] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0126.906] SetEvent (hEvent=0xec) returned 1 [0126.906] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.018] SetEvent (hEvent=0xec) returned 1 [0127.018] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.026] SetEvent (hEvent=0x324) returned 1 [0127.026] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.036] SetEvent (hEvent=0x39c) returned 1 [0127.036] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.134] SetEvent (hEvent=0x39c) returned 1 [0127.134] SwitchToThread () returned 1 [0127.138] SetEvent (hEvent=0x3c8) returned 1 [0127.138] SetEvent (hEvent=0x39c) returned 1 [0127.138] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.279] SetEvent (hEvent=0x3c8) returned 1 [0127.279] SetEvent (hEvent=0x354) returned 1 [0127.279] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.307] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0127.311] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.312] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.312] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.313] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.313] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.313] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.314] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.314] SetEvent (hEvent=0x39c) returned 1 [0127.314] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.531] SetEvent (hEvent=0x39c) returned 1 [0127.531] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.538] SetEvent (hEvent=0x39c) returned 1 [0127.538] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0127.538] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0127.539] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0127.539] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0127.540] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0127.541] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0127.542] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0127.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Balv-WOwU9bbg85_9.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\balv-wowu9bbg85_9.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0127.544] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc00015fcf4 | out: lpMode=0xc00015fcf4) returned 0 [0127.551] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.611] GetFileType (hFile=0x23c) returned 0x1 [0127.611] GetFileType (hFile=0x23c) returned 0x1 [0127.611] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc00015fd44 | out: lpFileInformation=0xc00015fd44) returned 1 [0127.611] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc00015fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015fd28) returned 1 [0127.611] ReadFile (in: hFile=0x23c, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x1665e, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc00015fc04*=0x1645e, lpOverlapped=0x0) returned 1 [0127.613] ReadFile (in: hFile=0x23c, lpBuffer=0xc0002ba45e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ba45e*, lpNumberOfBytesRead=0xc00015fc04*=0x0, lpOverlapped=0x0) returned 1 [0127.613] CloseHandle (hObject=0x23c) returned 1 [0127.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Balv-WOwU9bbg85_9.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\balv-wowu9bbg85_9.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0127.615] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc00015fd04 | out: lpMode=0xc00015fd04) returned 0 [0127.624] GetFileType (hFile=0x23c) returned 0x1 [0127.624] WriteFile (in: hFile=0x23c, lpBuffer=0xc0002f6000*, nNumberOfBytesToWrite=0x16460, lpNumberOfBytesWritten=0xc00015fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesWritten=0xc00015fcec*=0x16460, lpOverlapped=0x0) returned 1 [0127.627] CloseHandle (hObject=0x23c) returned 1 [0127.627] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0127.627] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Balv-WOwU9bbg85_9.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\balv-wowu9bbg85_9.wav"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0127.627] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc00015fd64 | out: lpMode=0xc00015fd64) returned 0 [0127.639] GetFileType (hFile=0x23c) returned 0x1 [0127.639] WriteFile (in: hFile=0x23c, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00015fd4c*=0x158, lpOverlapped=0x0) returned 1 [0127.639] CloseHandle (hObject=0x23c) returned 1 [0127.640] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Balv-WOwU9bbg85_9.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\balv-wowu9bbg85_9.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-Balv-WOwU9bbg85_9.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-balv-wowu9bbg85_9.wav"), dwFlags=0x1) returned 1 [0127.642] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.643] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.643] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0127.643] SetEvent (hEvent=0xc0) returned 1 [0127.643] SetEvent (hEvent=0x30c) returned 1 [0127.643] SetEvent (hEvent=0x324) returned 1 [0127.644] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.646] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.646] SetEvent (hEvent=0x324) returned 1 [0127.646] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.661] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe30*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.663] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0127.663] SetEvent (hEvent=0x3c8) returned 1 [0127.663] SetEvent (hEvent=0xec) returned 1 [0127.664] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.670] SetEvent (hEvent=0x324) returned 1 [0127.670] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.674] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QuQsJ8Kvzy.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\quqsj8kvzy.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0127.674] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc000049cf4 | out: lpMode=0xc000049cf4) returned 0 [0127.675] GetFileType (hFile=0x3cc) returned 0x1 [0127.675] GetFileType (hFile=0x3cc) returned 0x1 [0127.675] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc000049d44 | out: lpFileInformation=0xc000049d44) returned 1 [0127.675] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc000049d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000049d28) returned 1 [0127.675] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x10624, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000049c04*=0x10424, lpOverlapped=0x0) returned 1 [0127.677] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0002b4424, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b4424*, lpNumberOfBytesRead=0xc000049c04*=0x0, lpOverlapped=0x0) returned 1 [0127.677] CloseHandle (hObject=0x3cc) returned 1 [0127.677] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QuQsJ8Kvzy.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\quqsj8kvzy.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0127.679] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc000049d04 | out: lpMode=0xc000049d04) returned 0 [0127.684] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.689] SetEvent (hEvent=0xc0) returned 1 [0127.690] SetEvent (hEvent=0x1b4) returned 1 [0127.690] GetFileType (hFile=0x3cc) returned 0x1 [0127.690] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.701] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0002f6000*, nNumberOfBytesToWrite=0x10430, lpNumberOfBytesWritten=0xc000049cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesWritten=0xc000049cec*=0x10430, lpOverlapped=0x0) returned 1 [0127.703] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.705] CloseHandle (hObject=0x3cc) returned 1 [0127.705] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0127.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QuQsJ8Kvzy.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\quqsj8kvzy.swf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0127.706] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc000049d64 | out: lpMode=0xc000049d64) returned 0 [0127.709] GetFileType (hFile=0x3cc) returned 0x1 [0127.709] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0000ba160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000049d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ba160*, lpNumberOfBytesWritten=0xc000049d4c*=0x158, lpOverlapped=0x0) returned 1 [0127.709] CloseHandle (hObject=0x3cc) returned 1 [0127.709] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QuQsJ8Kvzy.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\quqsj8kvzy.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-QuQsJ8Kvzy.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-quqsj8kvzy.swf"), dwFlags=0x1) returned 1 [0127.711] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.766] SetEvent (hEvent=0x114) returned 1 [0127.766] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.768] SetEvent (hEvent=0x30c) returned 1 [0127.768] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.774] SwitchToThread () returned 1 [0127.790] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.791] SetEvent (hEvent=0x114) returned 1 [0127.791] SetEvent (hEvent=0x30c) returned 1 [0127.791] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x22000, dwFreeType=0x4000) returned 1 [0127.792] VirtualFree (lpAddress=0xc00028c000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0127.793] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.794] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.794] VirtualFree (lpAddress=0xc00010e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.795] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.795] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.796] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.796] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.796] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.797] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.797] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.797] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.798] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.798] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.799] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0127.800] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0127.801] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0002a3cf4 | out: lpMode=0xc0002a3cf4) returned 0 [0127.803] GetFileType (hFile=0x2bc) returned 0x1 [0127.803] GetFileType (hFile=0x2bc) returned 0x1 [0127.803] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0002a3d44 | out: lpFileInformation=0xc0002a3d44) returned 1 [0127.803] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0002a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a3d28) returned 1 [0127.803] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0127.804] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00005a000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesRead=0xc0002a3c04*=0x0, lpOverlapped=0x0) returned 1 [0127.804] CloseHandle (hObject=0x2bc) returned 1 [0127.804] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0127.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0127.805] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0002a3d04 | out: lpMode=0xc0002a3d04) returned 0 [0127.816] GetFileType (hFile=0x2bc) returned 0x1 [0127.816] WriteFile (in: hFile=0x2bc, lpBuffer=0xc000586270*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0002a3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000586270*, lpNumberOfBytesWritten=0xc0002a3cec*=0x10, lpOverlapped=0x0) returned 1 [0127.817] CloseHandle (hObject=0x2bc) returned 1 [0127.817] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0127.817] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0127.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0127.818] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0002a3d64 | out: lpMode=0xc0002a3d64) returned 0 [0127.825] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.855] SetEvent (hEvent=0x114) returned 1 [0127.855] GetFileType (hFile=0x2bc) returned 0x1 [0127.855] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0127.856] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000a4000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a4000*, lpNumberOfBytesWritten=0xc0002a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0127.856] CloseHandle (hObject=0x2bc) returned 1 [0127.856] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0127.857] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0127.857] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0127.858] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0127.858] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-fxsapidebuglogfile.txt"), dwFlags=0x1) returned 0 [0127.858] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0127.859] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0002a36e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0127.859] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.860] SetEvent (hEvent=0x114) returned 1 [0127.860] SetEvent (hEvent=0x30c) returned 1 [0127.860] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0127.861] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.861] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.861] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.862] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.862] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.862] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.863] VirtualFree (lpAddress=0xc00005a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.863] VirtualFree (lpAddress=0xc00004e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.863] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.864] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\41QZuLgvE_4gS7.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\41qzulgve_4gs7.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0127.865] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0000c3cf4 | out: lpMode=0xc0000c3cf4) returned 0 [0127.869] GetFileType (hFile=0x3d8) returned 0x1 [0127.869] GetFileType (hFile=0x3d8) returned 0x1 [0127.869] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc0000c3d44 | out: lpFileInformation=0xc0000c3d44) returned 1 [0127.869] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc0000c3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c3d28) returned 1 [0127.869] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0127.871] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x4884, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0000c3c04*=0x4684, lpOverlapped=0x0) returned 1 [0127.872] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000216684, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000216684*, lpNumberOfBytesRead=0xc0000c3c04*=0x0, lpOverlapped=0x0) returned 1 [0127.872] CloseHandle (hObject=0x3d8) returned 1 [0127.872] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0127.874] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\41QZuLgvE_4gS7.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\41qzulgve_4gs7.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0127.876] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0000c3d04 | out: lpMode=0xc0000c3d04) returned 0 [0127.884] GetFileType (hFile=0x3d8) returned 0x1 [0127.884] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0x4690, lpNumberOfBytesWritten=0xc0000c3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc0000c3cec*=0x4690, lpOverlapped=0x0) returned 1 [0127.885] CloseHandle (hObject=0x3d8) returned 1 [0127.885] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0127.885] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\41QZuLgvE_4gS7.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\41qzulgve_4gs7.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0127.886] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0000c3d64 | out: lpMode=0xc0000c3d64) returned 0 [0127.886] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.893] GetFileType (hFile=0x3d8) returned 0x1 [0127.893] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0000c3d4c*=0x158, lpOverlapped=0x0) returned 1 [0127.893] CloseHandle (hObject=0x3d8) returned 1 [0127.893] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\41QZuLgvE_4gS7.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\41qzulgve_4gs7.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-41QZuLgvE_4gS7.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-41qzulgve_4gs7.png"), dwFlags=0x1) returned 1 [0127.959] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.959] SetEvent (hEvent=0x114) returned 1 [0127.959] SetEvent (hEvent=0x30c) returned 1 [0127.959] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0127.960] VirtualFree (lpAddress=0xc000212000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0127.961] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0127.961] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.961] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.961] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.962] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.962] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.962] VirtualFree (lpAddress=0xc00010c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.963] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.963] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0127.963] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.964] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.964] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.964] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\V cKbtO.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\v ckbto.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0127.965] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000271cf4 | out: lpMode=0xc000271cf4) returned 0 [0127.966] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.967] GetFileType (hFile=0x3d8) returned 0x1 [0127.967] GetFileType (hFile=0x3d8) returned 0x1 [0127.967] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc000271d44 | out: lpFileInformation=0xc000271d44) returned 1 [0127.968] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc000271d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000271d28) returned 1 [0127.968] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0127.970] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x191cc, lpNumberOfBytesRead=0xc000271c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000271c04*=0x18fcc, lpOverlapped=0x0) returned 1 [0127.972] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0002bcfcc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000271c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002bcfcc*, lpNumberOfBytesRead=0xc000271c04*=0x0, lpOverlapped=0x0) returned 1 [0127.972] CloseHandle (hObject=0x3d8) returned 1 [0127.972] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0127.975] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\V cKbtO.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\v ckbto.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0127.976] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000271d04 | out: lpMode=0xc000271d04) returned 0 [0127.977] GetFileType (hFile=0x3d8) returned 0x1 [0127.977] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0002f6000*, nNumberOfBytesToWrite=0x18fd0, lpNumberOfBytesWritten=0xc000271cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesWritten=0xc000271cec*=0x18fd0, lpOverlapped=0x0) returned 1 [0127.979] CloseHandle (hObject=0x3d8) returned 1 [0127.979] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0127.980] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0127.980] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0127.980] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\V cKbtO.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\v ckbto.xls"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0127.981] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000271d64 | out: lpMode=0xc000271d64) returned 0 [0127.981] GetFileType (hFile=0x3d8) returned 0x1 [0127.981] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000271d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc000271d4c*=0x158, lpOverlapped=0x0) returned 1 [0127.981] CloseHandle (hObject=0x3d8) returned 1 [0127.981] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\V cKbtO.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\v ckbto.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-V cKbtO.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-v ckbto.xls"), dwFlags=0x1) returned 1 [0127.983] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.983] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.983] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.984] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.984] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.984] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.984] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.985] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.985] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.985] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Yi6Dmj4ID.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yi6dmj4id.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0127.986] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0000c1cf4 | out: lpMode=0xc0000c1cf4) returned 0 [0127.987] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0127.989] GetFileType (hFile=0x3d8) returned 0x1 [0127.989] GetFileType (hFile=0x3d8) returned 0x1 [0127.989] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc0000c1d44 | out: lpFileInformation=0xc0000c1d44) returned 1 [0127.989] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc0000c1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c1d28) returned 1 [0127.989] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0127.991] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xb033, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0000c1c04*=0xae33, lpOverlapped=0x0) returned 1 [0127.992] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00021ce33, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021ce33*, lpNumberOfBytesRead=0xc0000c1c04*=0x0, lpOverlapped=0x0) returned 1 [0127.992] CloseHandle (hObject=0x3d8) returned 1 [0127.992] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0127.993] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Yi6Dmj4ID.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yi6dmj4id.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0127.994] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0000c1d04 | out: lpMode=0xc0000c1d04) returned 0 [0128.002] GetFileType (hFile=0x3d8) returned 0x1 [0128.002] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0xae40, lpNumberOfBytesWritten=0xc0000c1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc0000c1cec*=0xae40, lpOverlapped=0x0) returned 1 [0128.004] CloseHandle (hObject=0x3d8) returned 1 [0128.004] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0128.004] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0128.004] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0128.005] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0128.005] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0128.006] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0128.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Yi6Dmj4ID.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yi6dmj4id.xlsx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0128.007] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0000c1d64 | out: lpMode=0xc0000c1d64) returned 0 [0128.010] GetFileType (hFile=0x3d8) returned 0x1 [0128.010] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0000c1d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.010] CloseHandle (hObject=0x3d8) returned 1 [0128.010] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Yi6Dmj4ID.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yi6dmj4id.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-Yi6Dmj4ID.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-yi6dmj4id.xlsx"), dwFlags=0x1) returned 1 [0128.011] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0128.012] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0128.013] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\n23BdYSAJ2G WqRh.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\n23bdysaj2g wqrh.odp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0128.013] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0002d7cf4 | out: lpMode=0xc0002d7cf4) returned 0 [0128.015] GetFileType (hFile=0x3d8) returned 0x1 [0128.015] GetFileType (hFile=0x3d8) returned 0x1 [0128.015] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc0002d7d44 | out: lpFileInformation=0xc0002d7d44) returned 1 [0128.015] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc0002d7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d7d28) returned 1 [0128.015] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0128.017] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x46ab, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0002d7c04*=0x44ab, lpOverlapped=0x0) returned 1 [0128.018] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0002a84ab, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a84ab*, lpNumberOfBytesRead=0xc0002d7c04*=0x0, lpOverlapped=0x0) returned 1 [0128.018] CloseHandle (hObject=0x3d8) returned 1 [0128.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\n23BdYSAJ2G WqRh.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\n23bdysaj2g wqrh.odp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0128.019] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0002d7d04 | out: lpMode=0xc0002d7d04) returned 0 [0128.026] GetFileType (hFile=0x3d8) returned 0x1 [0128.026] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0002a8800*, nNumberOfBytesToWrite=0x44b0, lpNumberOfBytesWritten=0xc0002d7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a8800*, lpNumberOfBytesWritten=0xc0002d7cec*=0x44b0, lpOverlapped=0x0) returned 1 [0128.027] CloseHandle (hObject=0x3d8) returned 1 [0128.027] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0128.027] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0128.027] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0128.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\n23BdYSAJ2G WqRh.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\n23bdysaj2g wqrh.odp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0128.028] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0002d7d64 | out: lpMode=0xc0002d7d64) returned 0 [0128.037] GetFileType (hFile=0x3d8) returned 0x1 [0128.037] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0002d7d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.037] CloseHandle (hObject=0x3d8) returned 1 [0128.037] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\n23BdYSAJ2G WqRh.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\n23bdysaj2g wqrh.odp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-n23BdYSAJ2G WqRh.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-n23bdysaj2g wqrh.odp"), dwFlags=0x1) returned 1 [0128.039] SwitchToThread () returned 1 [0128.040] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0128.063] SwitchToThread () returned 1 [0128.067] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0128.068] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0128.068] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\u27fpApeOhiDGfGA.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\u27fpapeohidgfga.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0128.069] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00014bcf4 | out: lpMode=0xc00014bcf4) returned 0 [0128.079] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0128.080] GetFileType (hFile=0x2bc) returned 0x1 [0128.080] GetFileType (hFile=0x2bc) returned 0x1 [0128.080] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc00014bd44 | out: lpFileInformation=0xc00014bd44) returned 1 [0128.081] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc00014bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014bd28) returned 1 [0128.081] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0128.081] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0128.083] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x10606, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc00014bc04*=0x10406, lpOverlapped=0x0) returned 1 [0128.084] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000356406, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000356406*, lpNumberOfBytesRead=0xc00014bc04*=0x0, lpOverlapped=0x0) returned 1 [0128.084] CloseHandle (hObject=0x2bc) returned 1 [0128.084] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0128.085] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0128.085] VirtualAlloc (lpAddress=0xc000358000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000358000 [0128.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\u27fpApeOhiDGfGA.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\u27fpapeohidgfga.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0128.088] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00014bd04 | out: lpMode=0xc00014bd04) returned 0 [0128.092] GetFileType (hFile=0x2bc) returned 0x1 [0128.092] WriteFile (in: hFile=0x2bc, lpBuffer=0xc000358000*, nNumberOfBytesToWrite=0x10410, lpNumberOfBytesWritten=0xc00014bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000358000*, lpNumberOfBytesWritten=0xc00014bcec*=0x10410, lpOverlapped=0x0) returned 1 [0128.094] CloseHandle (hObject=0x2bc) returned 1 [0128.094] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0128.094] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0128.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\u27fpApeOhiDGfGA.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\u27fpapeohidgfga.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0128.095] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00014bd64 | out: lpMode=0xc00014bd64) returned 0 [0128.103] GetFileType (hFile=0x2bc) returned 0x1 [0128.103] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00014bd4c*=0x158, lpOverlapped=0x0) returned 1 [0128.103] CloseHandle (hObject=0x2bc) returned 1 [0128.103] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\u27fpApeOhiDGfGA.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\u27fpapeohidgfga.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-u27fpApeOhiDGfGA.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-u27fpapeohidgfga.jpg"), dwFlags=0x1) returned 1 [0128.104] SwitchToThread () returned 1 [0128.114] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eKMLwk.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ekmlwk.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0128.115] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc00027bcf4 | out: lpMode=0xc00027bcf4) returned 0 [0128.121] GetFileType (hFile=0x23c) returned 0x1 [0128.121] GetFileType (hFile=0x23c) returned 0x1 [0128.121] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc00027bd44 | out: lpFileInformation=0xc00027bd44) returned 1 [0128.121] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc00027bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027bd28) returned 1 [0128.121] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0128.122] ReadFile (in: hFile=0x23c, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0x5d80, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc00027bc04*=0x5b80, lpOverlapped=0x0) returned 1 [0128.123] ReadFile (in: hFile=0x23c, lpBuffer=0xc000121b80, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000121b80*, lpNumberOfBytesRead=0xc00027bc04*=0x0, lpOverlapped=0x0) returned 1 [0128.123] CloseHandle (hObject=0x23c) returned 1 [0128.123] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0128.124] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eKMLwk.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ekmlwk.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0128.125] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc00027bd04 | out: lpMode=0xc00027bd04) returned 0 [0128.128] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0128.130] GetFileType (hFile=0x23c) returned 0x1 [0128.130] WriteFile (in: hFile=0x23c, lpBuffer=0xc000160000*, nNumberOfBytesToWrite=0x5b90, lpNumberOfBytesWritten=0xc00027bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesWritten=0xc00027bcec*=0x5b90, lpOverlapped=0x0) returned 1 [0128.131] CloseHandle (hObject=0x23c) returned 1 [0128.132] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000b01 | out: pbBuffer=0xc000000b01) returned 1 [0128.132] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eKMLwk.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ekmlwk.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0128.132] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc00027bd64 | out: lpMode=0xc00027bd64) returned 0 [0128.132] GetFileType (hFile=0x23c) returned 0x1 [0128.133] WriteFile (in: hFile=0x23c, lpBuffer=0xc000102000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfBytesWritten=0xc00027bd4c*=0x158, lpOverlapped=0x0) returned 1 [0128.133] CloseHandle (hObject=0x23c) returned 1 [0128.133] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\eKMLwk.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ekmlwk.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-eKMLwk.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-ekmlwk.png"), dwFlags=0x1) returned 1 [0128.134] VirtualFree (lpAddress=0xc000346000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0128.135] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0128.136] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0128.136] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0128.137] VirtualFree (lpAddress=0xc00010e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.137] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.137] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.138] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.138] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.138] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.139] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.139] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\hH6wVou.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\hh6wvou.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0128.140] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc0002d9cf4 | out: lpMode=0xc0002d9cf4) returned 0 [0128.140] GetFileType (hFile=0x23c) returned 0x1 [0128.140] GetFileType (hFile=0x23c) returned 0x1 [0128.140] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc0002d9d44 | out: lpFileInformation=0xc0002d9d44) returned 1 [0128.140] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc0002d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d9d28) returned 1 [0128.140] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0128.142] ReadFile (in: hFile=0x23c, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xf7b4, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0002d9c04*=0xf5b4, lpOverlapped=0x0) returned 1 [0128.143] ReadFile (in: hFile=0x23c, lpBuffer=0xc0002215b4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002215b4*, lpNumberOfBytesRead=0xc0002d9c04*=0x0, lpOverlapped=0x0) returned 1 [0128.143] CloseHandle (hObject=0x23c) returned 1 [0128.143] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0128.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\hH6wVou.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\hh6wvou.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0128.146] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc0002d9d04 | out: lpMode=0xc0002d9d04) returned 0 [0128.154] GetFileType (hFile=0x23c) returned 0x1 [0128.154] WriteFile (in: hFile=0x23c, lpBuffer=0xc00028c000*, nNumberOfBytesToWrite=0xf5c0, lpNumberOfBytesWritten=0xc0002d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesWritten=0xc0002d9cec*=0xf5c0, lpOverlapped=0x0) returned 1 [0128.156] CloseHandle (hObject=0x23c) returned 1 [0128.156] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0128.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\hH6wVou.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\hh6wvou.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0128.156] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc0002d9d64 | out: lpMode=0xc0002d9d64) returned 0 [0128.161] GetFileType (hFile=0x23c) returned 0x1 [0128.161] WriteFile (in: hFile=0x23c, lpBuffer=0xc0001029a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001029a0*, lpNumberOfBytesWritten=0xc0002d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.161] CloseHandle (hObject=0x23c) returned 1 [0128.162] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\hH6wVou.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\hh6wvou.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-hH6wVou.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-hh6wvou.flv"), dwFlags=0x1) returned 1 [0128.163] SwitchToThread () returned 1 [0128.164] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0128.166] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0128.168] SetEvent (hEvent=0x114) returned 1 [0128.168] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0128.168] SetEvent (hEvent=0x114) returned 1 [0128.168] SetEvent (hEvent=0x1b4) returned 1 [0128.168] SetEvent (hEvent=0xec) returned 1 [0128.168] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0128.170] SetEvent (hEvent=0x1b4) returned 1 [0128.170] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0128.171] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0128.172] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0128.172] VirtualFree (lpAddress=0xc00028c000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0128.173] VirtualFree (lpAddress=0xc000212000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0128.173] VirtualFree (lpAddress=0xc0001ea000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0128.174] VirtualFree (lpAddress=0xc0001a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.174] VirtualFree (lpAddress=0xc000160000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0128.174] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0128.175] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.175] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.175] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.176] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.176] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.176] SetEvent (hEvent=0x114) returned 1 [0128.176] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0128.220] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0128.223] SetEvent (hEvent=0x1b4) returned 1 [0128.223] SetEvent (hEvent=0x30c) returned 1 [0128.223] SetEvent (hEvent=0x114) returned 1 [0128.223] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0128.368] SetEvent (hEvent=0x30c) returned 1 [0128.368] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0128.377] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0128.380] SetEvent (hEvent=0x114) returned 1 [0128.380] SetEvent (hEvent=0x354) returned 1 [0128.380] SetEvent (hEvent=0x30c) returned 1 [0128.380] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0128.465] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0128.466] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0128.467] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0128.467] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0128.468] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0128.468] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0128.469] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc0000f5cf4 | out: lpMode=0xc0000f5cf4) returned 0 [0128.474] GetFileType (hFile=0x2c4) returned 0x1 [0128.474] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0128.475] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0128.475] GetFileType (hFile=0x2c4) returned 0x1 [0128.475] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc0000f5d44 | out: lpFileInformation=0xc0000f5d44) returned 1 [0128.475] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc0000f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f5d28) returned 1 [0128.475] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0128.476] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0128.477] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0001b4000, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc0000f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b4000*, lpNumberOfBytesRead=0xc0000f5c04*=0x43, lpOverlapped=0x0) returned 1 [0128.478] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0001b4043, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b4043*, lpNumberOfBytesRead=0xc0000f5c04*=0x0, lpOverlapped=0x0) returned 1 [0128.478] CloseHandle (hObject=0x2c4) returned 1 [0128.478] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0128.478] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0128.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.479] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini\\*", lpFindFileData=0xc0000f5a08 | out: lpFindFileData=0xc0000f5a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0128.479] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000f5720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0128.479] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0128.480] GetFileType (hFile=0x1b0) returned 0x1 [0128.480] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0128.481] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000164000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000201d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000164000*, lpNumberOfBytesWritten=0xc000201d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.481] CloseHandle (hObject=0x1b0) returned 1 [0130.666] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0132.867] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0132.874] SetEvent (hEvent=0x3c8) returned 1 [0132.874] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0132.878] SetEvent (hEvent=0x3c8) returned 1 [0132.878] SetEvent (hEvent=0x114) returned 1 [0132.878] SetEvent (hEvent=0xfc) returned 1 [0132.878] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0132.966] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0132.970] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100c8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f5818, lpReserved=0x0 | out: lpBuffer=0xc0000100c8*, lpNumberOfCharsWritten=0xc0000f5818*=0x3) returned 1 [0132.972] SetEvent (hEvent=0xec) returned 1 [0132.972] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002c65a0*, nNumberOfCharsToWrite=0x8c, lpNumberOfCharsWritten=0xc0001f5808, lpReserved=0x0 | out: lpBuffer=0xc0002c65a0*, lpNumberOfCharsWritten=0xc0001f5808*=0x8c) returned 1 [0132.974] SetEvent (hEvent=0xec) returned 1 [0132.974] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0132.974] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0132.974] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001f5d64 | out: lpMode=0xc0001f5d64) returned 0 [0132.977] GetFileType (hFile=0x36c) returned 0x1 [0132.977] WriteFile (in: hFile=0x36c, lpBuffer=0xc000168840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000168840*, lpNumberOfBytesWritten=0xc0001f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.977] CloseHandle (hObject=0x36c) returned 1 [0132.978] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-696f3de637e6de85b458996d49d759ad"), dwFlags=0x1) returned 1 [0133.409] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.412] SwitchToThread () returned 1 [0133.414] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.417] SetEvent (hEvent=0xec) returned 1 [0133.417] SetEvent (hEvent=0x324) returned 1 [0133.417] VirtualFree (lpAddress=0xc0001a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.418] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.418] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.418] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.419] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586028*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000129818, lpReserved=0x0 | out: lpBuffer=0xc000586028*, lpNumberOfCharsWritten=0xc000129818*=0x2) returned 1 [0133.421] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.423] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e098*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000243818, lpReserved=0x0 | out: lpBuffer=0xc00005e098*, lpNumberOfCharsWritten=0xc000243818*=0x2) returned 1 [0133.424] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.425] SetEvent (hEvent=0xec) returned 1 [0133.425] SetEvent (hEvent=0xfc) returned 1 [0133.425] VirtualFree (lpAddress=0xc0002f2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.425] VirtualFree (lpAddress=0xc0002ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.425] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.426] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001f5818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc0001f5818*=0x2) returned 1 [0133.427] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.430] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0002d7808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0002d7808*=0xad) returned 1 [0133.432] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.432] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0133.433] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0133.433] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0133.434] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0133.434] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0133.435] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0133.435] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0002d7d64 | out: lpMode=0xc0002d7d64) returned 0 [0133.435] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.441] GetFileType (hFile=0x2f4) returned 0x1 [0133.441] WriteFile (in: hFile=0x2f4, lpBuffer=0xc00004e2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00004e2c0*, lpNumberOfBytesWritten=0xc0002d7d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.442] CloseHandle (hObject=0x2f4) returned 1 [0133.443] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwFlags=0x1) returned 1 [0133.479] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0133.479] SetEvent (hEvent=0x334) returned 1 [0133.479] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.480] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0133.480] SetEvent (hEvent=0x334) returned 1 [0133.480] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.485] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.501] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.510] SetEvent (hEvent=0xec) returned 1 [0133.510] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.512] SetEvent (hEvent=0xec) returned 1 [0133.512] SetEvent (hEvent=0x30c) returned 1 [0133.512] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.513] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.513] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.513] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000c5818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc0000c5818*=0x2) returned 1 [0133.514] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.522] SetEvent (hEvent=0x324) returned 1 [0133.522] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.525] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0133.526] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0133.526] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0133.527] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0133.527] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0133.528] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0002d9cf4 | out: lpMode=0xc0002d9cf4) returned 0 [0133.529] GetFileType (hFile=0x2f0) returned 0x1 [0133.529] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0133.529] GetFileType (hFile=0x2f0) returned 0x1 [0133.529] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0002d9d44 | out: lpFileInformation=0xc0002d9d44) returned 1 [0133.529] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0002d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d9d28) returned 1 [0133.529] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00002c000, nNumberOfBytesToRead=0x382, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c000*, lpNumberOfBytesRead=0xc0002d9c04*=0x182, lpOverlapped=0x0) returned 1 [0133.530] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00002c182, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c182*, lpNumberOfBytesRead=0xc0002d9c04*=0x0, lpOverlapped=0x0) returned 1 [0133.531] CloseHandle (hObject=0x2f0) returned 1 [0133.531] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0133.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.535] SetEvent (hEvent=0xc0) returned 1 [0133.536] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4\\*", lpFindFileData=0xc0002d9a08 | out: lpFindFileData=0xc0002d9a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.536] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002d9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.536] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00004c420*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0002d9808, lpReserved=0x0 | out: lpBuffer=0xc00004c420*, lpNumberOfCharsWritten=0xc0002d9808*=0xad) returned 1 [0133.538] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0133.538] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0133.538] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0002d9d64 | out: lpMode=0xc0002d9d64) returned 0 [0133.538] GetFileType (hFile=0x2f0) returned 0x1 [0133.538] WriteFile (in: hFile=0x2f0, lpBuffer=0xc00004c840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00004c840*, lpNumberOfBytesWritten=0xc0002d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.539] CloseHandle (hObject=0x2f0) returned 1 [0133.540] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwFlags=0x1) returned 1 [0133.570] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0133.570] SetEvent (hEvent=0x324) returned 1 [0133.570] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.571] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.571] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0133.571] SetEvent (hEvent=0x324) returned 1 [0133.572] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.595] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.595] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0133.596] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0133.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0133.597] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0133.598] GetFileType (hFile=0x2f0) returned 0x1 [0133.598] GetFileType (hFile=0x2f0) returned 0x1 [0133.598] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0133.598] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0133.599] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0133.599] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0x386, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc00024dc04*=0x186, lpOverlapped=0x0) returned 1 [0133.600] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00006a186, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a186*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0133.601] CloseHandle (hObject=0x2f0) returned 1 [0133.601] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0133.601] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0133.602] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.604] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E\\*", lpFindFileData=0xc00024da08 | out: lpFindFileData=0xc00024da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.604] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00024d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.604] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d66e0*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc00024d808, lpReserved=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfCharsWritten=0xc00024d808*=0xad) returned 1 [0133.610] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0133.610] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0133.611] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0133.611] GetFileType (hFile=0x2f0) returned 0x1 [0133.611] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0133.612] CloseHandle (hObject=0x2f0) returned 1 [0133.613] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwFlags=0x1) returned 1 [0133.666] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0133.667] SetEvent (hEvent=0x39c) returned 1 [0133.667] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.670] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.670] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.673] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0133.673] SetEvent (hEvent=0x30c) returned 1 [0133.673] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.678] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.697] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.715] SetEvent (hEvent=0x324) returned 1 [0133.715] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.717] SetEvent (hEvent=0x324) returned 1 [0133.717] SetEvent (hEvent=0x334) returned 1 [0133.717] SetEvent (hEvent=0xec) returned 1 [0133.717] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.744] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.753] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.760] SetEvent (hEvent=0x30c) returned 1 [0133.760] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.761] SetEvent (hEvent=0x30c) returned 1 [0133.761] SetEvent (hEvent=0x39c) returned 1 [0133.761] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.761] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.762] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.762] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.763] VirtualFree (lpAddress=0xc000054000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0133.763] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.764] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.764] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.765] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc0002d9818*=0x2) returned 1 [0133.766] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.775] SetEvent (hEvent=0x30c) returned 1 [0133.775] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0133.775] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0133.776] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0133.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0133.778] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000279cf4 | out: lpMode=0xc000279cf4) returned 0 [0133.778] GetFileType (hFile=0x2f0) returned 0x1 [0133.778] GetFileType (hFile=0x2f0) returned 0x1 [0133.778] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc000279d44 | out: lpFileInformation=0xc000279d44) returned 1 [0133.778] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc000279d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000279d28) returned 1 [0133.779] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0133.779] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00007c000, nNumberOfBytesToRead=0x394, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesRead=0xc000279c04*=0x194, lpOverlapped=0x0) returned 1 [0133.780] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00007c194, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c194*, lpNumberOfBytesRead=0xc000279c04*=0x0, lpOverlapped=0x0) returned 1 [0133.780] CloseHandle (hObject=0x2f0) returned 1 [0133.781] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0133.781] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0133.782] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.794] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0133.794] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9\\*", lpFindFileData=0xc000279a08 | out: lpFindFileData=0xc000279a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.795] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000279720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.795] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0133.795] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.805] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.815] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.826] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.831] SetEvent (hEvent=0x334) returned 1 [0133.831] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.832] SetEvent (hEvent=0x334) returned 1 [0133.832] SetEvent (hEvent=0x324) returned 1 [0133.832] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.832] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.833] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.833] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.834] VirtualFree (lpAddress=0xc000078000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.834] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.834] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.835] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.835] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.836] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d7818, lpReserved=0x0 | out: lpBuffer=0xc00005e008*, lpNumberOfCharsWritten=0xc0002d7818*=0x2) returned 1 [0133.837] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.846] SetEvent (hEvent=0x324) returned 1 [0133.846] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0133.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0133.847] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0002d7cf4 | out: lpMode=0xc0002d7cf4) returned 0 [0133.848] GetFileType (hFile=0x2f4) returned 0x1 [0133.848] GetFileType (hFile=0x2f4) returned 0x1 [0133.848] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc0002d7d44 | out: lpFileInformation=0xc0002d7d44) returned 1 [0133.848] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc0002d7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d7d28) returned 1 [0133.848] ReadFile (in: hFile=0x2f4, lpBuffer=0xc000054000, nNumberOfBytesToRead=0x382, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesRead=0xc0002d7c04*=0x182, lpOverlapped=0x0) returned 1 [0133.850] ReadFile (in: hFile=0x2f4, lpBuffer=0xc000054182, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000054182*, lpNumberOfBytesRead=0xc0002d7c04*=0x0, lpOverlapped=0x0) returned 1 [0133.850] CloseHandle (hObject=0x2f4) returned 1 [0133.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.857] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0133.858] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061\\*", lpFindFileData=0xc0002d7a08 | out: lpFindFileData=0xc0002d7a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.858] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002d7720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.858] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0002d7808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0002d7808*=0xad) returned 1 [0133.859] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0133.860] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.860] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0133.861] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0133.861] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0002d7d64 | out: lpMode=0xc0002d7d64) returned 0 [0133.862] GetFileType (hFile=0x2f4) returned 0x1 [0133.862] WriteFile (in: hFile=0x2f4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0002d7d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.862] CloseHandle (hObject=0x2f4) returned 1 [0133.863] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwFlags=0x1) returned 1 [0133.915] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0133.915] SetEvent (hEvent=0x39c) returned 1 [0133.915] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0133.917] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.918] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.918] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0133.918] SetEvent (hEvent=0x39c) returned 1 [0133.918] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.922] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.923] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.935] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.940] SetEvent (hEvent=0x324) returned 1 [0133.940] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.941] SetEvent (hEvent=0x324) returned 1 [0133.941] SetEvent (hEvent=0xec) returned 1 [0133.941] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.942] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.942] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.942] VirtualFree (lpAddress=0xc000074000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.943] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.943] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.944] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001f5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc0001f5818*=0x2) returned 1 [0133.945] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0133.954] SetEvent (hEvent=0xec) returned 1 [0133.954] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0133.954] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0133.955] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0133.956] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc000201cf4 | out: lpMode=0xc000201cf4) returned 0 [0133.957] GetFileType (hFile=0x2f4) returned 0x1 [0133.957] GetFileType (hFile=0x2f4) returned 0x1 [0133.957] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc000201d44 | out: lpFileInformation=0xc000201d44) returned 1 [0133.957] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc000201d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000201d28) returned 1 [0133.957] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0133.958] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0000be000, nNumberOfBytesToRead=0x404, lpNumberOfBytesRead=0xc000201c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesRead=0xc000201c04*=0x204, lpOverlapped=0x0) returned 1 [0133.961] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0000be204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000201c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be204*, lpNumberOfBytesRead=0xc000201c04*=0x0, lpOverlapped=0x0) returned 1 [0133.961] CloseHandle (hObject=0x2f4) returned 1 [0133.961] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0133.962] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0133.962] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0133.981] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0133.982] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.989] SetEvent (hEvent=0xc0) returned 1 [0133.989] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150\\*", lpFindFileData=0xc000201a08 | out: lpFindFileData=0xc000201a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.989] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000201720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.989] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc000201808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000201808*=0xad) returned 1 [0133.991] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0133.992] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.992] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0133.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0133.993] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc000201d64 | out: lpMode=0xc000201d64) returned 0 [0133.993] GetFileType (hFile=0x2f4) returned 0x1 [0133.994] WriteFile (in: hFile=0x2f4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000201d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000201d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.994] CloseHandle (hObject=0x2f4) returned 1 [0133.996] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwFlags=0x1) returned 1 [0134.039] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0134.039] SetEvent (hEvent=0x334) returned 1 [0134.040] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.040] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0134.040] SetEvent (hEvent=0x334) returned 1 [0134.040] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.045] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0134.066] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0134.077] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0134.081] SetEvent (hEvent=0x324) returned 1 [0134.081] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0134.082] SetEvent (hEvent=0x324) returned 1 [0134.082] SetEvent (hEvent=0xec) returned 1 [0134.082] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.082] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.083] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.083] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.084] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.084] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.085] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.085] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.085] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000159818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000159818*=0x2) returned 1 [0134.087] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0134.095] SetEvent (hEvent=0xec) returned 1 [0134.095] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0134.096] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0134.096] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0134.097] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000271cf4 | out: lpMode=0xc000271cf4) returned 0 [0134.098] GetFileType (hFile=0x2f0) returned 0x1 [0134.098] GetFileType (hFile=0x2f0) returned 0x1 [0134.098] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc000271d44 | out: lpFileInformation=0xc000271d44) returned 1 [0134.098] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc000271d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000271d28) returned 1 [0134.098] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0134.099] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0000f0000, nNumberOfBytesToRead=0x398, lpNumberOfBytesRead=0xc000271c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesRead=0xc000271c04*=0x198, lpOverlapped=0x0) returned 1 [0134.100] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0000f0198, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000271c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0198*, lpNumberOfBytesRead=0xc000271c04*=0x0, lpOverlapped=0x0) returned 1 [0134.100] CloseHandle (hObject=0x2f0) returned 1 [0134.100] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0134.101] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.111] SetEvent (hEvent=0xc0) returned 1 [0134.111] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0134.111] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE\\*", lpFindFileData=0xc000271a08 | out: lpFindFileData=0xc000271a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0134.111] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000271720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0134.112] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc000271808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000271808*=0xad) returned 1 [0134.113] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0134.114] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0134.114] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0134.114] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0134.115] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000271d64 | out: lpMode=0xc000271d64) returned 0 [0134.115] GetFileType (hFile=0x2f0) returned 0x1 [0134.115] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000271d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000271d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.115] CloseHandle (hObject=0x2f0) returned 1 [0134.116] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwFlags=0x1) returned 1 [0134.189] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f698, ulCount=0x10, ulNumEntriesRemoved=0x29c9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f698, ulNumEntriesRemoved=0x29c9f66c) returned 0 [0134.189] SetEvent (hEvent=0x39c) returned 1 [0134.189] SetEvent (hEvent=0xfc) returned 1 [0134.190] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0134.192] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe08*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.205] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0134.205] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29c9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29c9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29c9f6a0, ulNumEntriesRemoved=0x29c9f674) returned 0 [0134.205] SetEvent (hEvent=0xfc) returned 1 [0134.205] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29c9fe18*=0x1a0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.236] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0134.236] SetEvent (hEvent=0x39c) returned 1 [0134.237] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0134.252] SetEvent (hEvent=0x39c) returned 1 [0134.252] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0134.257] SetEvent (hEvent=0x39c) returned 1 [0134.257] SetEvent (hEvent=0x3c8) returned 1 [0134.257] SetEvent (hEvent=0x114) returned 1 [0134.257] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0141.046] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0141.047] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc0000f7cf4 | out: lpMode=0xc0000f7cf4) returned 0 [0141.048] GetFileType (hFile=0x23c) returned 0x1 [0141.048] GetFileType (hFile=0x23c) returned 0x1 [0141.048] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc0000f7d44 | out: lpFileInformation=0xc0000f7d44) returned 1 [0141.048] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc0000f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f7d28) returned 1 [0141.048] ReadFile (in: hFile=0x23c, lpBuffer=0xc000124280, nNumberOfBytesToRead=0x252, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000124280*, lpNumberOfBytesRead=0xc0000f7c04*=0x52, lpOverlapped=0x0) returned 1 [0141.049] ReadFile (in: hFile=0x23c, lpBuffer=0xc0001242d2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001242d2*, lpNumberOfBytesRead=0xc0000f7c04*=0x0, lpOverlapped=0x0) returned 1 [0141.049] CloseHandle (hObject=0x23c) returned 1 [0141.049] VirtualAlloc (lpAddress=0xc000284000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000284000 [0141.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0141.051] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc0000f7d04 | out: lpMode=0xc0000f7d04) returned 0 [0141.054] GetFileType (hFile=0x23c) returned 0x1 [0141.054] WriteFile (in: hFile=0x23c, lpBuffer=0xc000284000*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0xc0000f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000284000*, lpNumberOfBytesWritten=0xc0000f7cec*=0x60, lpOverlapped=0x0) returned 1 [0141.055] CloseHandle (hObject=0x23c) returned 1 [0141.056] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0141.056] VirtualAlloc (lpAddress=0xc000286000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000286000 [0141.056] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0141.057] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0141.058] VirtualAlloc (lpAddress=0xc00028e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028e000 [0141.059] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0141.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0141.059] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc0000f7d64 | out: lpMode=0xc0000f7d64) returned 0 [0141.070] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0141.134] SetEvent (hEvent=0x1b4) returned 1 [0141.134] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0141.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4bT5vX6999HZ.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4bt5vx6999hz.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d0 [0141.466] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc00022dcf4 | out: lpMode=0xc00022dcf4) returned 0 [0141.484] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0141.515] GetFileType (hFile=0x3d0) returned 0x1 [0141.515] GetFileType (hFile=0x3d0) returned 0x1 [0141.516] GetFileInformationByHandle (in: hFile=0x3d0, lpFileInformation=0xc00022dd44 | out: lpFileInformation=0xc00022dd44) returned 1 [0141.516] GetFileInformationByHandleEx (in: hFile=0x3d0, FileInformationClass=0x9, lpFileInformation=0xc00022dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022dd28) returned 1 [0141.516] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0141.517] ReadFile (in: hFile=0x3d0, lpBuffer=0xc000076000, nNumberOfBytesToRead=0x10e4, lpNumberOfBytesRead=0xc00022dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000076000*, lpNumberOfBytesRead=0xc00022dc04*=0xee4, lpOverlapped=0x0) returned 1 [0142.512] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0143.032] ReadFile (in: hFile=0x3d0, lpBuffer=0xc000076ee4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000076ee4*, lpNumberOfBytesRead=0xc00022dc04*=0x0, lpOverlapped=0x0) returned 1 [0143.032] CloseHandle (hObject=0x3d0) returned 1 [0143.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4bT5vX6999HZ.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4bt5vx6999hz.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0143.034] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc00022dd04 | out: lpMode=0xc00022dd04) returned 0 [0143.038] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0144.320] GetFileType (hFile=0x3d0) returned 0x1 [0144.320] WriteFile (in: hFile=0x3d0, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0xef0, lpNumberOfBytesWritten=0xc00022dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc00022dcec*=0xef0, lpOverlapped=0x0) returned 1 [0144.321] CloseHandle (hObject=0x3d0) returned 1 [0144.321] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b101 | out: pbBuffer=0xc00031b101) returned 1 [0144.321] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4bT5vX6999HZ.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4bt5vx6999hz.mkv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0144.321] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc00022dd64 | out: lpMode=0xc00022dd64) returned 0 [0144.322] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0144.632] SetEvent (hEvent=0xc0) returned 1 [0144.632] GetFileType (hFile=0x3d0) returned 0x1 [0144.632] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0145.420] WriteFile (in: hFile=0x3d0, lpBuffer=0xc000290580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290580*, lpNumberOfBytesWritten=0xc00022dd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.420] CloseHandle (hObject=0x3d0) returned 1 [0145.441] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0145.443] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0145.444] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4bT5vX6999HZ.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4bt5vx6999hz.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-4bT5vX6999HZ.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-4bt5vx6999hz.mkv.lnk"), dwFlags=0x1) returned 1 [0147.122] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0147.181] SetEvent (hEvent=0xbd8) returned 1 [0147.181] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0147.242] SetEvent (hEvent=0xa20) returned 1 [0147.242] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0147.299] SetEvent (hEvent=0xbd8) returned 1 [0147.299] SetEvent (hEvent=0x988) returned 1 [0147.299] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0147.303] SetEvent (hEvent=0xc44) returned 1 [0147.303] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0147.307] SetEvent (hEvent=0xbd8) returned 1 [0147.307] SetEvent (hEvent=0x1f8) returned 1 [0147.307] SetEvent (hEvent=0xa20) returned 1 [0147.307] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0147.430] VirtualFree (lpAddress=0xc0002ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.431] VirtualFree (lpAddress=0xc00029a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.432] VirtualFree (lpAddress=0xc00028c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0147.433] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.434] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.435] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.435] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.436] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.437] SetEvent (hEvent=0xc1c) returned 1 [0147.437] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0147.446] SetEvent (hEvent=0xa38) returned 1 [0147.446] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x568 [0147.447] GetConsoleMode (in: hConsoleHandle=0x568, lpMode=0xc0001a7cf4 | out: lpMode=0xc0001a7cf4) returned 0 [0147.452] GetFileType (hFile=0x568) returned 0x1 [0147.452] GetFileType (hFile=0x568) returned 0x1 [0147.452] GetFileInformationByHandle (in: hFile=0x568, lpFileInformation=0xc0001a7d44 | out: lpFileInformation=0xc0001a7d44) returned 1 [0147.452] GetFileInformationByHandleEx (in: hFile=0x568, FileInformationClass=0x9, lpFileInformation=0xc0001a7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a7d28) returned 1 [0147.452] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0147.453] ReadFile (in: hFile=0x568, lpBuffer=0xc000237300, nNumberOfBytesToRead=0x1014, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000237300*, lpNumberOfBytesRead=0xc0001a7c04*=0xe14, lpOverlapped=0x0) returned 1 [0148.841] ReadFile (in: hFile=0x568, lpBuffer=0xc000238114, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000238114*, lpNumberOfBytesRead=0xc0001a7c04*=0x0, lpOverlapped=0x0) returned 1 [0148.841] CloseHandle (hObject=0x568) returned 1 [0148.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0 [0150.258] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc0001a7d04 | out: lpMode=0xc0001a7d04) returned 0 [0150.260] GetFileType (hFile=0x5a0) returned 0x1 [0150.260] WriteFile (in: hFile=0x5a0, lpBuffer=0xc00006d000*, nNumberOfBytesToWrite=0xe20, lpNumberOfBytesWritten=0xc0001a7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006d000*, lpNumberOfBytesWritten=0xc0001a7cec*=0xe20, lpOverlapped=0x0) returned 1 [0150.389] CloseHandle (hObject=0x5a0) returned 1 [0150.404] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0150.404] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0150.405] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0150.405] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc0001a7d64 | out: lpMode=0xc0001a7d64) returned 0 [0150.418] GetFileType (hFile=0x79c) returned 0x1 [0150.418] WriteFile (in: hFile=0x79c, lpBuffer=0xc00011c840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c840*, lpNumberOfBytesWritten=0xc0001a7d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.440] CloseHandle (hObject=0x79c) returned 1 [0150.453] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0150.454] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-pluginreg.dat"), dwFlags=0x1) returned 1 [0151.509] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0152.039] SetEvent (hEvent=0xa68) returned 1 [0152.039] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0152.045] SetEvent (hEvent=0xa68) returned 1 [0152.045] SetEvent (hEvent=0xae0) returned 1 [0152.045] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0152.101] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0152.103] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\1V44lGoDEt.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\1v44lgodet.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x40c [0152.104] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc000419cf4 | out: lpMode=0xc000419cf4) returned 0 [0152.110] GetFileType (hFile=0x40c) returned 0x1 [0152.110] GetFileType (hFile=0x40c) returned 0x1 [0152.110] GetFileInformationByHandle (in: hFile=0x40c, lpFileInformation=0xc000419d44 | out: lpFileInformation=0xc000419d44) returned 1 [0152.110] GetFileInformationByHandleEx (in: hFile=0x40c, FileInformationClass=0x9, lpFileInformation=0xc000419d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000419d28) returned 1 [0152.110] ReadFile (in: hFile=0x40c, lpBuffer=0xc0000e6000, nNumberOfBytesToRead=0x167a, lpNumberOfBytesRead=0xc000419c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e6000*, lpNumberOfBytesRead=0xc000419c04*=0x147a, lpOverlapped=0x0) returned 1 [0152.111] ReadFile (in: hFile=0x40c, lpBuffer=0xc0000e747a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000419c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e747a*, lpNumberOfBytesRead=0xc000419c04*=0x0, lpOverlapped=0x0) returned 1 [0152.111] CloseHandle (hObject=0x40c) returned 1 [0152.112] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\1V44lGoDEt.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\1v44lgodet.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40c [0152.113] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc000419d04 | out: lpMode=0xc000419d04) returned 0 [0152.125] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0152.330] GetFileType (hFile=0x40c) returned 0x1 [0152.330] WriteFile (in: hFile=0x40c, lpBuffer=0xc0000d1500*, nNumberOfBytesToWrite=0x1480, lpNumberOfBytesWritten=0xc000419cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesWritten=0xc000419cec*=0x1480, lpOverlapped=0x0) returned 1 [0152.331] CloseHandle (hObject=0x40c) returned 1 [0152.331] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1601 | out: pbBuffer=0xc0000e1601) returned 1 [0152.332] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\1V44lGoDEt.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\1v44lgodet.ppt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40c [0152.332] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc000419d64 | out: lpMode=0xc000419d64) returned 0 [0152.336] GetFileType (hFile=0x40c) returned 0x1 [0152.336] WriteFile (in: hFile=0x40c, lpBuffer=0xc000104f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000419d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104f20*, lpNumberOfBytesWritten=0xc000419d4c*=0x158, lpOverlapped=0x0) returned 1 [0152.336] CloseHandle (hObject=0x40c) returned 1 [0152.336] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\1V44lGoDEt.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\1v44lgodet.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\encry-1V44lGoDEt.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\encry-1v44lgodet.ppt"), dwFlags=0x1) returned 1 [0152.337] SetEvent (hEvent=0xa30) returned 1 [0152.337] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0161.322] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\Zy3m6BoJYB p.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\zy3m6bojyb p.ots"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0162.041] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00024bcf4 | out: lpMode=0xc00024bcf4) returned 0 [0162.397] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0162.594] SetEvent (hEvent=0xb68) returned 1 [0162.595] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0163.543] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0163.543] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0163.544] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0163.545] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0163.547] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0163.548] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0163.549] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0163.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0163.550] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms\\*", lpFindFileData=0xc0002e5a68 | out: lpFindFileData=0xc0002e5a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0163.550] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0002e5720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0163.550] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0163.551] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0163.552] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000070280*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0xc0002f9808, lpReserved=0x0 | out: lpBuffer=0xc000070280*, lpNumberOfCharsWritten=0xc0002f9808*=0x3e) returned 1 [0163.561] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0163.561] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0163.561] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0xc0002f9a68 | out: lpFindFileData=0xc0002f9a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0163.562] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002f9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0163.562] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000070380*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0xc0002f9808, lpReserved=0x0 | out: lpBuffer=0xc000070380*, lpNumberOfCharsWritten=0xc0002f9808*=0x3e) returned 1 [0163.562] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000e60c0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0002f9808, lpReserved=0x0 | out: lpBuffer=0xc0000e60c0*, lpNumberOfCharsWritten=0xc0002f9808*=0x11) returned 1 [0163.563] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000e60f0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0002f9808, lpReserved=0x0 | out: lpBuffer=0xc0000e60f0*, lpNumberOfCharsWritten=0xc0002f9808*=0x11) returned 1 [0163.564] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-NetHood" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-nethood"), dwFlags=0x1) returned 1 [0167.287] SetEvent (hEvent=0xc14) returned 1 [0167.287] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0167.327] SetEvent (hEvent=0xc1c) returned 1 [0167.327] SetEvent (hEvent=0x980) returned 1 [0167.328] VirtualFree (lpAddress=0xc000372000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.329] VirtualFree (lpAddress=0xc00036e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.330] VirtualFree (lpAddress=0xc000344000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.331] VirtualFree (lpAddress=0xc0002ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.332] VirtualFree (lpAddress=0xc00028e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.333] VirtualFree (lpAddress=0xc000288000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.334] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.335] VirtualFree (lpAddress=0xc000226000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.337] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.338] VirtualFree (lpAddress=0xc0000be000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0167.339] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.340] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.340] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.341] SwitchToThread () returned 1 [0167.346] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0167.361] SetEvent (hEvent=0xc1c) returned 1 [0167.361] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) returned 0x0 [0167.375] SetEvent (hEvent=0xc1c) returned 1 [0167.375] WaitForSingleObject (hHandle=0x1a0, dwMilliseconds=0xffffffff) Thread: id = 26 os_tid = 0x944 [0103.515] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x29e9fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x29e9fea0*=0x190) returned 1 [0103.515] VirtualQuery (in: lpAddress=0x29e9fec0, lpBuffer=0x29e9fec0, dwLength=0x30 | out: lpBuffer=0x29e9fec0*(BaseAddress=0x29e9f000, AllocationBase=0x29ca0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0103.515] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x198 [0103.515] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1a8 [0103.515] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0103.518] SetEvent (hEvent=0xb8) returned 1 [0103.518] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0104.587] SetEvent (hEvent=0x108) returned 1 [0104.587] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0104.595] SetEvent (hEvent=0x13c) returned 1 [0104.595] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0104.641] SetEvent (hEvent=0x108) returned 1 [0104.641] SetEvent (hEvent=0x100) returned 1 [0104.641] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0107.938] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0107.938] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0107.940] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0107.940] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0107.941] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0107.942] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0107.944] SetEvent (hEvent=0x13c) returned 1 [0107.944] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861f8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001b3818, lpReserved=0x0 | out: lpBuffer=0xc0005861f8*, lpNumberOfCharsWritten=0xc0001b3818*=0x4) returned 1 [0107.945] SetEvent (hEvent=0x13c) returned 1 [0107.945] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00014d818, lpReserved=0x0 | out: lpBuffer=0xc0005862c0*, lpNumberOfCharsWritten=0xc00014d818*=0x4) returned 1 [0107.946] SetEvent (hEvent=0x13c) returned 1 [0107.946] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000ee0f0*, nNumberOfCharsToWrite=0x73, lpNumberOfCharsWritten=0xc0000c5808, lpReserved=0x0 | out: lpBuffer=0xc0000ee0f0*, lpNumberOfCharsWritten=0xc0000c5808*=0x73) returned 1 [0107.947] SetEvent (hEvent=0x13c) returned 1 [0107.947] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0401 | out: pbBuffer=0xc0000e0401) returned 1 [0107.947] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0107.948] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0107.948] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0108.405] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0000c5d64 | out: lpMode=0xc0000c5d64) returned 0 [0108.409] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0108.413] GetFileType (hFile=0x1b0) returned 0x1 [0108.414] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0000c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0108.415] CloseHandle (hObject=0x1b0) returned 1 [0108.415] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0108.415] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Internet Explorer\\DOMStore\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\internet explorer\\domstore\\encry-index.dat"), dwFlags=0x1) returned 1 [0108.417] SetEvent (hEvent=0x15c) returned 1 [0108.417] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0109.351] SetEvent (hEvent=0xf4) returned 1 [0109.351] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0109.405] SetEvent (hEvent=0xf4) returned 1 [0109.405] SetEvent (hEvent=0xb8) returned 1 [0109.406] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0109.554] SwitchToThread () returned 1 [0109.699] SetEvent (hEvent=0x108) returned 1 [0109.699] SetEvent (hEvent=0xb8) returned 1 [0109.699] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.054] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0318*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0318*, lpNumberOfCharsWritten=0xc0001a1818*=0x3) returned 1 [0110.057] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.067] SetEvent (hEvent=0x108) returned 1 [0110.067] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.067] SetEvent (hEvent=0x114) returned 1 [0110.067] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.078] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0110.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0110.079] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000199cf4 | out: lpMode=0xc000199cf4) returned 0 [0110.084] GetFileType (hFile=0x1e4) returned 0x1 [0110.084] GetFileType (hFile=0x1e4) returned 0x1 [0110.084] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc000199d44 | out: lpFileInformation=0xc000199d44) returned 1 [0110.084] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc000199d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000199d28) returned 1 [0110.084] VirtualAlloc (lpAddress=0xc0002f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f0000 [0110.084] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0002f0000, nNumberOfBytesToRead=0x39d, lpNumberOfBytesRead=0xc000199c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f0000*, lpNumberOfBytesRead=0xc000199c04*=0x19d, lpOverlapped=0x0) returned 1 [0110.091] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.093] ReadFile (in: hFile=0x1e4, lpBuffer=0xc0002f019d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000199c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f019d*, lpNumberOfBytesRead=0xc000199c04*=0x0, lpOverlapped=0x0) returned 1 [0110.093] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.099] CloseHandle (hObject=0x1e4) returned 1 [0110.099] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0110.100] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e4 [0110.131] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.140] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc000199d04 | out: lpMode=0xc000199d04) returned 0 [0110.143] GetFileType (hFile=0x1e4) returned 0x1 [0110.143] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0110.143] WriteFile (in: hFile=0x1e4, lpBuffer=0xc00005e000*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0xc000199cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesWritten=0xc000199cec*=0x1a0, lpOverlapped=0x0) returned 1 [0110.146] CloseHandle (hObject=0x1e4) returned 1 [0110.148] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082b01 | out: pbBuffer=0xc000082b01) returned 1 [0110.149] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0110.149] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0110.149] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0110.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x180 [0110.150] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000199d64 | out: lpMode=0xc000199d64) returned 0 [0110.151] GetFileType (hFile=0x180) returned 0x1 [0110.151] WriteFile (in: hFile=0x180, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000199d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000199d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.151] CloseHandle (hObject=0x180) returned 1 [0110.152] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.161] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0110.161] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0110.162] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0110.162] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\AA61yi9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\aa61yi9[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-AA61yi9[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-aa61yi9[1].png"), dwFlags=0x1) returned 1 [0110.387] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0110.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0110.387] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000203cf4 | out: lpMode=0xc000203cf4) returned 0 [0110.388] GetFileType (hFile=0x128) returned 0x1 [0110.388] GetFileType (hFile=0x128) returned 0x1 [0110.388] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc000203d44 | out: lpFileInformation=0xc000203d44) returned 1 [0110.388] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc000203d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000203d28) returned 1 [0110.389] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0110.389] ReadFile (in: hFile=0x128, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x510, lpNumberOfBytesRead=0xc000203c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc000203c04*=0x310, lpOverlapped=0x0) returned 1 [0110.394] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.396] ReadFile (in: hFile=0x128, lpBuffer=0xc00006c310, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000203c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c310*, lpNumberOfBytesRead=0xc000203c04*=0x0, lpOverlapped=0x0) returned 1 [0110.396] CloseHandle (hObject=0x128) returned 1 [0110.396] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0110.397] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0110.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.402] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000203d04 | out: lpMode=0xc000203d04) returned 0 [0110.403] GetFileType (hFile=0x128) returned 0x1 [0110.403] WriteFile (in: hFile=0x128, lpBuffer=0xc000040000*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0xc000203cec, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesWritten=0xc000203cec*=0x320, lpOverlapped=0x0) returned 1 [0110.404] CloseHandle (hObject=0x128) returned 1 [0110.405] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0110.405] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0110.405] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0110.406] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0110.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0110.406] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc000203d64 | out: lpMode=0xc000203d64) returned 0 [0110.408] GetFileType (hFile=0x1dc) returned 0x1 [0110.408] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000203d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000203d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.408] CloseHandle (hObject=0x1dc) returned 1 [0110.410] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0110.410] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0110.411] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BB46JmN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bb46jmn[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BB46JmN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bb46jmn[1].png"), dwFlags=0x1) returned 1 [0110.461] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f698, ulCount=0x10, ulNumEntriesRemoved=0x29e9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f698, ulNumEntriesRemoved=0x29e9f66c) returned 0 [0110.461] SetEvent (hEvent=0x13c) returned 1 [0110.461] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe08*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.463] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.463] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe08*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.467] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.467] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29e9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f6a0, ulNumEntriesRemoved=0x29e9f674) returned 0 [0110.467] SetEvent (hEvent=0xb8) returned 1 [0110.468] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe18*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.476] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.496] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.506] SetEvent (hEvent=0x9c) returned 1 [0110.506] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.510] SetEvent (hEvent=0x9c) returned 1 [0110.510] SetEvent (hEvent=0x1a0) returned 1 [0110.510] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0110.510] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.510] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0110.511] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586190*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc000586190*, lpNumberOfCharsWritten=0xc000175818*=0x2) returned 1 [0110.515] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.521] SetEvent (hEvent=0x13c) returned 1 [0110.521] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.523] SetEvent (hEvent=0x13c) returned 1 [0110.523] SwitchToThread () returned 1 [0110.523] SetEvent (hEvent=0x1a0) returned 1 [0110.523] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0110.524] SetEvent (hEvent=0x13c) returned 1 [0110.524] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0110.524] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0110.525] GetFileType (hFile=0x1b4) returned 0x1 [0110.525] GetFileType (hFile=0x1b4) returned 0x1 [0110.525] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0110.525] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0110.525] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000076000, nNumberOfBytesToRead=0xb0b, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc000076000*, lpNumberOfBytesRead=0xc000175c04*=0x90b, lpOverlapped=0x0) returned 1 [0110.529] ReadFile (in: hFile=0x1b4, lpBuffer=0xc00007690b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007690b*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0110.529] CloseHandle (hObject=0x1b4) returned 1 [0110.529] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0110.530] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0110.532] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000175d04 | out: lpMode=0xc000175d04) returned 0 [0110.532] GetFileType (hFile=0x1b4) returned 0x1 [0110.532] WriteFile (in: hFile=0x1b4, lpBuffer=0xc000070000*, nNumberOfBytesToWrite=0x910, lpNumberOfBytesWritten=0xc000175cec, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesWritten=0xc000175cec*=0x910, lpOverlapped=0x0) returned 1 [0110.533] CloseHandle (hObject=0x1b4) returned 1 [0110.534] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0110.535] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0110.535] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0110.535] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.536] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0110.536] GetFileType (hFile=0x128) returned 0x1 [0110.537] WriteFile (in: hFile=0x128, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0110.537] CloseHandle (hObject=0x128) returned 1 [0110.538] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0110.538] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0110.539] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0110.539] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBBL0ij[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbbl0ij[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBBL0ij[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbbl0ij[1].jpg"), dwFlags=0x1) returned 1 [0110.573] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe30*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0110.573] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f698, ulCount=0x10, ulNumEntriesRemoved=0x29e9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f698, ulNumEntriesRemoved=0x29e9f66c) returned 0 [0110.573] SetEvent (hEvent=0xb8) returned 1 [0110.573] SetEvent (hEvent=0x13c) returned 1 [0110.574] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe08*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.575] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.575] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29e9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f6a0, ulNumEntriesRemoved=0x29e9f674) returned 0 [0110.575] SetEvent (hEvent=0x13c) returned 1 [0110.575] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe18*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0110.581] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.581] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.896] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.921] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.925] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0110.929] SetEvent (hEvent=0x1a0) returned 1 [0110.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0110.930] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc0000bdcf4 | out: lpMode=0xc0000bdcf4) returned 0 [0110.930] GetFileType (hFile=0xec) returned 0x1 [0110.930] GetFileType (hFile=0xec) returned 0x1 [0110.930] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc0000bdd44 | out: lpFileInformation=0xc0000bdd44) returned 1 [0110.931] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc0000bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000bdd28) returned 1 [0110.931] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0110.931] ReadFile (in: hFile=0xec, lpBuffer=0xc00007e800, nNumberOfBytesToRead=0x722, lpNumberOfBytesRead=0xc0000bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e800*, lpNumberOfBytesRead=0xc0000bdc04*=0x522, lpOverlapped=0x0) returned 1 [0110.962] ReadFile (in: hFile=0xec, lpBuffer=0xc00007ed22, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007ed22*, lpNumberOfBytesRead=0xc0000bdc04*=0x0, lpOverlapped=0x0) returned 1 [0110.962] CloseHandle (hObject=0xec) returned 1 [0110.963] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0110.963] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0110.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0110.975] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0000bdd04 | out: lpMode=0xc0000bdd04) returned 0 [0110.982] GetFileType (hFile=0x128) returned 0x1 [0110.982] WriteFile (in: hFile=0x128, lpBuffer=0xc00007a000*, nNumberOfBytesToWrite=0x530, lpNumberOfBytesWritten=0xc0000bdcec, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesWritten=0xc0000bdcec*=0x530, lpOverlapped=0x0) returned 1 [0110.983] CloseHandle (hObject=0x128) returned 1 [0110.987] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000b01 | out: pbBuffer=0xc000000b01) returned 1 [0110.987] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0110.987] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0110.988] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0110.989] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0110.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1dc [0110.989] GetConsoleMode (in: hConsoleHandle=0x1dc, lpMode=0xc0000bdd64 | out: lpMode=0xc0000bdd64) returned 0 [0110.992] GetFileType (hFile=0x1dc) returned 0x1 [0110.992] WriteFile (in: hFile=0x1dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0110.992] CloseHandle (hObject=0x1dc) returned 1 [0111.001] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\BBC0mlu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\bbc0mlu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\9QH4S0GZ\\encry-BBC0mlu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\9qh4s0gz\\encry-bbc0mlu[1].jpg"), dwFlags=0x1) returned 1 [0111.059] SwitchToThread () returned 1 [0111.060] SetEvent (hEvent=0xb8) returned 1 [0111.060] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0111.063] SetEvent (hEvent=0xb8) returned 1 [0111.063] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0111.068] SetEvent (hEvent=0xb8) returned 1 [0111.068] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0111.070] SetEvent (hEvent=0xb8) returned 1 [0111.070] SetEvent (hEvent=0x108) returned 1 [0111.070] SetEvent (hEvent=0x164) returned 1 [0111.070] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0111.072] SetEvent (hEvent=0xb8) returned 1 [0111.072] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0111.077] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0112.391] SetEvent (hEvent=0xfc) returned 1 [0112.392] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0112.399] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e4 [0112.400] GetConsoleMode (in: hConsoleHandle=0x1e4, lpMode=0xc00027fcf4 | out: lpMode=0xc00027fcf4) returned 0 [0112.405] GetFileType (hFile=0x1e4) returned 0x1 [0112.405] GetFileType (hFile=0x1e4) returned 0x1 [0112.405] GetFileInformationByHandle (in: hFile=0x1e4, lpFileInformation=0xc00027fd44 | out: lpFileInformation=0xc00027fd44) returned 1 [0112.406] GetFileInformationByHandleEx (in: hFile=0x1e4, FileInformationClass=0x9, lpFileInformation=0xc00027fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027fd28) returned 1 [0112.406] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00005a480, nNumberOfBytesToRead=0x465, lpNumberOfBytesRead=0xc00027fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a480*, lpNumberOfBytesRead=0xc00027fc04*=0x265, lpOverlapped=0x0) returned 1 [0112.415] ReadFile (in: hFile=0x1e4, lpBuffer=0xc00005a6e5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a6e5*, lpNumberOfBytesRead=0xc00027fc04*=0x0, lpOverlapped=0x0) returned 1 [0112.415] CloseHandle (hObject=0x1e4) returned 1 [0112.415] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0112.424] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00027fd04 | out: lpMode=0xc00027fd04) returned 0 [0112.428] GetFileType (hFile=0x1b4) returned 0x1 [0112.428] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00006e280*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xc00027fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00006e280*, lpNumberOfBytesWritten=0xc00027fcec*=0x270, lpOverlapped=0x0) returned 1 [0112.429] CloseHandle (hObject=0x1b4) returned 1 [0112.436] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0112.478] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082f01 | out: pbBuffer=0xc000082f01) returned 1 [0112.478] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0112.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0112.479] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00027fd64 | out: lpMode=0xc00027fd64) returned 0 [0112.481] GetFileType (hFile=0x1b4) returned 0x1 [0112.481] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc00027fd4c*=0x158, lpOverlapped=0x0) returned 1 [0112.482] CloseHandle (hObject=0x1b4) returned 1 [0112.483] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\AA429NP[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\aa429np[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-AA429NP[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-aa429np[1].png"), dwFlags=0x1) returned 1 [0112.568] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0112.573] SwitchToThread () returned 1 [0112.574] SetEvent (hEvent=0xb8) returned 1 [0112.574] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0112.576] SetEvent (hEvent=0xb8) returned 1 [0112.576] SetEvent (hEvent=0x114) returned 1 [0112.576] SetEvent (hEvent=0x1a0) returned 1 [0112.576] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0112.582] SetEvent (hEvent=0xb8) returned 1 [0112.582] SetEvent (hEvent=0x15c) returned 1 [0112.582] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0112.594] SetEvent (hEvent=0xb8) returned 1 [0112.594] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0112.599] SetEvent (hEvent=0xb8) returned 1 [0112.599] SetEvent (hEvent=0x9c) returned 1 [0112.599] VirtualFree (lpAddress=0xc0002bc000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0112.599] SetEvent (hEvent=0x120) returned 1 [0112.599] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0112.882] SetEvent (hEvent=0x120) returned 1 [0112.882] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0112.891] SetEvent (hEvent=0x1a0) returned 1 [0112.891] SetEvent (hEvent=0x164) returned 1 [0112.892] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0112.904] SetEvent (hEvent=0x1a0) returned 1 [0112.904] SetEvent (hEvent=0x108) returned 1 [0112.904] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0112.972] SetEvent (hEvent=0x9c) returned 1 [0112.972] VirtualFree (lpAddress=0xc0003a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.972] VirtualFree (lpAddress=0xc000378000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.973] VirtualFree (lpAddress=0xc000374000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.973] VirtualFree (lpAddress=0xc000360000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0112.973] VirtualFree (lpAddress=0xc000340000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0112.974] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x22000, dwFreeType=0x4000) returned 1 [0112.975] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0112.976] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000040008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000289818, lpReserved=0x0 | out: lpBuffer=0xc000040008*, lpNumberOfCharsWritten=0xc000289818*=0x2) returned 1 [0112.982] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0112.995] VirtualAlloc (lpAddress=0xc00037c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037c000 [0112.995] VirtualAlloc (lpAddress=0xc00037e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037e000 [0112.995] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0112.996] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x128 [0112.996] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc0002cbcf4 | out: lpMode=0xc0002cbcf4) returned 0 [0113.000] GetFileType (hFile=0x128) returned 0x1 [0113.000] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0113.000] GetFileType (hFile=0x128) returned 0x1 [0113.000] GetFileInformationByHandle (in: hFile=0x128, lpFileInformation=0xc0002cbd44 | out: lpFileInformation=0xc0002cbd44) returned 1 [0113.000] GetFileInformationByHandleEx (in: hFile=0x128, FileInformationClass=0x9, lpFileInformation=0xc0002cbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002cbd28) returned 1 [0113.000] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0113.001] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0113.001] ReadFile (in: hFile=0x128, lpBuffer=0xc0000be000, nNumberOfBytesToRead=0x1d08, lpNumberOfBytesRead=0xc0002cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesRead=0xc0002cbc04*=0x1b08, lpOverlapped=0x0) returned 1 [0113.004] ReadFile (in: hFile=0x128, lpBuffer=0xc0000bfb08, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000bfb08*, lpNumberOfBytesRead=0xc0002cbc04*=0x0, lpOverlapped=0x0) returned 1 [0113.004] CloseHandle (hObject=0x128) returned 1 [0113.004] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0113.004] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0113.005] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0113.005] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0113.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0113.020] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0002cbd04 | out: lpMode=0xc0002cbd04) returned 0 [0113.020] GetFileType (hFile=0x1b4) returned 0x1 [0113.021] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000e4000*, nNumberOfBytesToWrite=0x1b10, lpNumberOfBytesWritten=0xc0002cbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesWritten=0xc0002cbcec*=0x1b10, lpOverlapped=0x0) returned 1 [0113.022] CloseHandle (hObject=0x1b4) returned 1 [0113.022] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1001 | out: pbBuffer=0xc0000e1001) returned 1 [0113.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0113.022] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0002cbd64 | out: lpMode=0xc0002cbd64) returned 0 [0113.023] GetFileType (hFile=0x1b4) returned 0x1 [0113.023] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00037b340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002cbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00037b340*, lpNumberOfBytesWritten=0xc0002cbd4c*=0x158, lpOverlapped=0x0) returned 1 [0113.023] CloseHandle (hObject=0x1b4) returned 1 [0113.024] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVACL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvacl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBVACL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbvacl[1].jpg"), dwFlags=0x1) returned 1 [0113.184] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0113.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0113.185] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0113.186] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.189] SetEvent (hEvent=0x15c) returned 1 [0113.190] GetFileType (hFile=0x1b4) returned 0x1 [0113.190] GetFileType (hFile=0x1b4) returned 0x1 [0113.190] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0113.190] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0113.190] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0113.190] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x1dba, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc000117c04*=0x1bba, lpOverlapped=0x0) returned 1 [0113.193] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.196] SetEvent (hEvent=0x15c) returned 1 [0113.196] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000efbba, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000efbba*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0113.196] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.199] CloseHandle (hObject=0x1b4) returned 1 [0113.199] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.200] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.202] SetEvent (hEvent=0x15c) returned 1 [0113.202] SetEvent (hEvent=0xb8) returned 1 [0113.202] VirtualFree (lpAddress=0xc00036e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.202] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0113.203] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0113.203] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.211] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0113.213] GetFileType (hFile=0x1b0) returned 0x1 [0113.213] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000fe000*, nNumberOfBytesToWrite=0x1bc0, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesWritten=0xc000117cec*=0x1bc0, lpOverlapped=0x0) returned 1 [0113.214] CloseHandle (hObject=0x1b0) returned 1 [0113.214] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000b01 | out: pbBuffer=0xc000000b01) returned 1 [0113.214] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0113.215] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0113.215] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.216] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0113.217] GetFileType (hFile=0x1b0) returned 0x1 [0113.217] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0113.218] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0113.218] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000050000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.218] CloseHandle (hObject=0x1b0) returned 1 [0113.223] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0113.223] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBVYsu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbvysu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBVYsu[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbvysu[1].jpg"), dwFlags=0x1) returned 1 [0113.262] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f698, ulCount=0x10, ulNumEntriesRemoved=0x29e9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f698, ulNumEntriesRemoved=0x29e9f66c) returned 0 [0113.262] SetEvent (hEvent=0xb8) returned 1 [0113.262] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0113.263] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe08*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.264] SetEvent (hEvent=0x114) returned 1 [0113.264] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe08*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.266] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.266] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe30*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.266] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29e9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f6a0, ulNumEntriesRemoved=0x29e9f674) returned 0 [0113.266] SetEvent (hEvent=0xc0) returned 1 [0113.267] SetEvent (hEvent=0x9c) returned 1 [0113.267] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe18*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.268] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0113.269] VirtualFree (lpAddress=0xc000160000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0113.269] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.269] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.270] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.270] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.270] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.270] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.271] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.271] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.271] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.271] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.272] VirtualFree (lpAddress=0xc00004e000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.272] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.272] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc000117818*=0x2) returned 1 [0113.277] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.302] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.312] SetEvent (hEvent=0x164) returned 1 [0113.313] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.316] SetEvent (hEvent=0x164) returned 1 [0113.316] SetEvent (hEvent=0x15c) returned 1 [0113.316] VirtualFree (lpAddress=0xc00035e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.316] VirtualFree (lpAddress=0xc000160000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.316] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.317] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.317] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.317] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00020b818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc00020b818*=0x2) returned 1 [0113.319] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.326] SetEvent (hEvent=0x108) returned 1 [0113.327] SetEvent (hEvent=0x15c) returned 1 [0113.327] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0113.327] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0113.328] GetFileType (hFile=0xec) returned 0x1 [0113.328] GetFileType (hFile=0xec) returned 0x1 [0113.328] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0113.328] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0113.328] ReadFile (in: hFile=0xec, lpBuffer=0xc00003cc00, nNumberOfBytesToRead=0xba9, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003cc00*, lpNumberOfBytesRead=0xc000117c04*=0x9a9, lpOverlapped=0x0) returned 1 [0113.331] ReadFile (in: hFile=0xec, lpBuffer=0xc00003d5a9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003d5a9*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0113.331] CloseHandle (hObject=0xec) returned 1 [0113.331] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0113.331] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0113.332] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0113.332] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.336] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0113.336] GetFileType (hFile=0xec) returned 0x1 [0113.336] WriteFile (in: hFile=0xec, lpBuffer=0xc000146000*, nNumberOfBytesToWrite=0x9b0, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc000146000*, lpNumberOfBytesWritten=0xc000117cec*=0x9b0, lpOverlapped=0x0) returned 1 [0113.337] CloseHandle (hObject=0xec) returned 1 [0113.338] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0401 | out: pbBuffer=0xc0000e0401) returned 1 [0113.338] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0113.338] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0113.339] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.339] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0113.339] GetFileType (hFile=0xec) returned 0x1 [0113.339] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.339] CloseHandle (hObject=0xec) returned 1 [0113.340] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBBty8h[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbbty8h[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBBty8h[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbbty8h[1].jpg"), dwFlags=0x1) returned 1 [0113.373] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe30*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.374] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f698, ulCount=0x10, ulNumEntriesRemoved=0x29e9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f698, ulNumEntriesRemoved=0x29e9f66c) returned 0 [0113.374] SetEvent (hEvent=0xb8) returned 1 [0113.374] SetEvent (hEvent=0x9c) returned 1 [0113.374] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0113.375] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe08*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.383] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe08*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.389] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29e9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f6a0, ulNumEntriesRemoved=0x29e9f674) returned 0 [0113.389] SetEvent (hEvent=0x164) returned 1 [0113.390] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe18*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.393] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.437] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.440] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.452] SetEvent (hEvent=0x108) returned 1 [0113.452] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0113.467] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00011bcf4 | out: lpMode=0xc00011bcf4) returned 0 [0113.468] GetFileType (hFile=0x1b4) returned 0x1 [0113.468] GetFileType (hFile=0x1b4) returned 0x1 [0113.468] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc00011bd44 | out: lpFileInformation=0xc00011bd44) returned 1 [0113.469] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc00011bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00011bd28) returned 1 [0113.469] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0113.469] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000a4000, nNumberOfBytesToRead=0x1d4e, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a4000*, lpNumberOfBytesRead=0xc00011bc04*=0x1b4e, lpOverlapped=0x0) returned 1 [0113.472] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000a5b4e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a5b4e*, lpNumberOfBytesRead=0xc00011bc04*=0x0, lpOverlapped=0x0) returned 1 [0113.472] CloseHandle (hObject=0x1b4) returned 1 [0113.472] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0113.473] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0113.473] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.483] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.490] SetEvent (hEvent=0x108) returned 1 [0113.491] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00011bd04 | out: lpMode=0xc00011bd04) returned 0 [0113.492] GetFileType (hFile=0x1b0) returned 0x1 [0113.492] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000dc000*, nNumberOfBytesToWrite=0x1b50, lpNumberOfBytesWritten=0xc00011bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesWritten=0xc00011bcec*=0x1b50, lpOverlapped=0x0) returned 1 [0113.494] CloseHandle (hObject=0x1b0) returned 1 [0113.498] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0113.498] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0113.498] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0113.499] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0113.500] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0113.500] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0113.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.501] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00011bd64 | out: lpMode=0xc00011bd64) returned 0 [0113.504] GetFileType (hFile=0x1b0) returned 0x1 [0113.504] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00011bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00011bd4c*=0x158, lpOverlapped=0x0) returned 1 [0113.505] CloseHandle (hObject=0x1b0) returned 1 [0113.506] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.514] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0113.514] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0113.515] SetEvent (hEvent=0x164) returned 1 [0113.515] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBC0ATj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbc0atj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBC0ATj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbc0atj[1].jpg"), dwFlags=0x1) returned 1 [0113.557] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f698, ulCount=0x10, ulNumEntriesRemoved=0x29e9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f698, ulNumEntriesRemoved=0x29e9f66c) returned 0 [0113.557] SetEvent (hEvent=0x164) returned 1 [0113.558] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe08*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.562] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29e9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f6a0, ulNumEntriesRemoved=0x29e9f674) returned 0 [0113.562] SetEvent (hEvent=0x164) returned 1 [0113.562] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe18*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.567] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.595] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.613] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.623] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.629] SetEvent (hEvent=0x108) returned 1 [0113.629] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.630] SetEvent (hEvent=0x108) returned 1 [0113.630] SetEvent (hEvent=0x9c) returned 1 [0113.630] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.631] VirtualFree (lpAddress=0xc000160000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.631] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.631] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.632] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.632] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.632] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.633] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000133818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc000133818*=0x2) returned 1 [0113.634] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.641] SetEvent (hEvent=0x164) returned 1 [0113.641] SetEvent (hEvent=0x9c) returned 1 [0113.641] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xec [0113.641] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00011bcf4 | out: lpMode=0xc00011bcf4) returned 0 [0113.642] GetFileType (hFile=0xec) returned 0x1 [0113.642] GetFileType (hFile=0xec) returned 0x1 [0113.642] GetFileInformationByHandle (in: hFile=0xec, lpFileInformation=0xc00011bd44 | out: lpFileInformation=0xc00011bd44) returned 1 [0113.642] GetFileInformationByHandleEx (in: hFile=0xec, FileInformationClass=0x9, lpFileInformation=0xc00011bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00011bd28) returned 1 [0113.643] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0113.644] ReadFile (in: hFile=0xec, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x2a50, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc00011bc04*=0x2850, lpOverlapped=0x0) returned 1 [0113.648] ReadFile (in: hFile=0xec, lpBuffer=0xc00025c850, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00025c850*, lpNumberOfBytesRead=0xc00011bc04*=0x0, lpOverlapped=0x0) returned 1 [0113.649] CloseHandle (hObject=0xec) returned 1 [0113.649] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0113.649] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.652] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00011bd04 | out: lpMode=0xc00011bd04) returned 0 [0113.652] GetFileType (hFile=0xec) returned 0x1 [0113.652] WriteFile (in: hFile=0xec, lpBuffer=0xc00025ca80*, nNumberOfBytesToWrite=0x2860, lpNumberOfBytesWritten=0xc00011bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00025ca80*, lpNumberOfBytesWritten=0xc00011bcec*=0x2860, lpOverlapped=0x0) returned 1 [0113.654] CloseHandle (hObject=0xec) returned 1 [0113.654] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082501 | out: pbBuffer=0xc000082501) returned 1 [0113.654] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0113.655] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0113.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0113.655] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00011bd64 | out: lpMode=0xc00011bd64) returned 0 [0113.656] GetFileType (hFile=0xec) returned 0x1 [0113.656] WriteFile (in: hFile=0xec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00011bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00011bd4c*=0x158, lpOverlapped=0x0) returned 1 [0113.656] CloseHandle (hObject=0xec) returned 1 [0113.657] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBE85ld[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbe85ld[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBE85ld[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbe85ld[1].jpg"), dwFlags=0x1) returned 1 [0113.800] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f698, ulCount=0x10, ulNumEntriesRemoved=0x29e9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f698, ulNumEntriesRemoved=0x29e9f66c) returned 0 [0113.800] SetEvent (hEvent=0x108) returned 1 [0113.801] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe08*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.804] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.804] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe08*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.810] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.810] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29e9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f6a0, ulNumEntriesRemoved=0x29e9f674) returned 0 [0113.810] SetEvent (hEvent=0x15c) returned 1 [0113.810] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe18*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.816] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.816] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.873] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.881] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.890] SetEvent (hEvent=0x164) returned 1 [0113.890] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.892] SetEvent (hEvent=0x164) returned 1 [0113.892] SetEvent (hEvent=0x9c) returned 1 [0113.892] VirtualFree (lpAddress=0xc0002ca000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.893] VirtualFree (lpAddress=0xc00027c000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0113.894] VirtualFree (lpAddress=0xc00025a000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0113.895] VirtualFree (lpAddress=0xc000212000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.895] VirtualFree (lpAddress=0xc000198000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.896] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.897] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.897] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.898] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0113.898] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0113.898] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.899] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0113.899] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0113.900] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0020*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006df818, lpReserved=0x0 | out: lpBuffer=0xc0000a0020*, lpNumberOfCharsWritten=0xc0006df818*=0x2) returned 1 [0113.902] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.910] SetEvent (hEvent=0x108) returned 1 [0113.911] SetEvent (hEvent=0x9c) returned 1 [0113.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0113.911] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0113.912] GetFileType (hFile=0x1b0) returned 0x1 [0113.912] GetFileType (hFile=0x1b0) returned 0x1 [0113.912] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0113.913] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0113.913] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0113.913] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0xca9, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc000241c04*=0xaa9, lpOverlapped=0x0) returned 1 [0113.916] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00003caa9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003caa9*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0113.916] CloseHandle (hObject=0x1b0) returned 1 [0113.916] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0113.917] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0113.917] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.922] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0113.923] GetFileType (hFile=0x1b0) returned 0x1 [0113.923] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0xab0, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc000241cec*=0xab0, lpOverlapped=0x0) returned 1 [0113.924] CloseHandle (hObject=0x1b0) returned 1 [0113.924] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0113.924] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0113.925] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0113.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0113.925] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0113.926] GetFileType (hFile=0x1b0) returned 0x1 [0113.926] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0113.926] CloseHandle (hObject=0x1b0) returned 1 [0113.927] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEe6Ew[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbee6ew[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEe6Ew[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbee6ew[1].jpg"), dwFlags=0x1) returned 1 [0113.968] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe30*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0113.971] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0113.971] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f698, ulCount=0x10, ulNumEntriesRemoved=0x29e9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f698, ulNumEntriesRemoved=0x29e9f66c) returned 0 [0113.971] SetEvent (hEvent=0x15c) returned 1 [0113.971] SetEvent (hEvent=0xb8) returned 1 [0113.971] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0113.972] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe08*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.976] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe08*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.982] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29e9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f6a0, ulNumEntriesRemoved=0x29e9f674) returned 0 [0113.982] SetEvent (hEvent=0x164) returned 1 [0113.982] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe18*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0113.985] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.024] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.027] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.032] SetEvent (hEvent=0x9c) returned 1 [0114.032] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0114.033] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0114.034] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0114.035] GetFileType (hFile=0x1b0) returned 0x1 [0114.035] GetFileType (hFile=0x1b0) returned 0x1 [0114.035] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0114.035] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0114.035] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0114.036] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0114.036] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000040000, nNumberOfBytesToRead=0x986, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesRead=0xc000241c04*=0x786, lpOverlapped=0x0) returned 1 [0114.054] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000040786, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040786*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0114.054] CloseHandle (hObject=0x1b0) returned 1 [0114.054] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0114.055] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0114.055] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0114.056] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0114.061] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0114.063] GetFileType (hFile=0x1b0) returned 0x1 [0114.063] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00007a000*, nNumberOfBytesToWrite=0x790, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesWritten=0xc000241cec*=0x790, lpOverlapped=0x0) returned 1 [0114.065] CloseHandle (hObject=0x1b0) returned 1 [0114.069] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.077] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0114.077] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.097] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0114.097] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0114.098] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0114.098] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0114.099] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0114.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x128 [0114.099] GetConsoleMode (in: hConsoleHandle=0x128, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0114.100] GetFileType (hFile=0x128) returned 0x1 [0114.100] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0114.101] WriteFile (in: hFile=0x128, lpBuffer=0xc0000402c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000402c0*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.101] CloseHandle (hObject=0x128) returned 1 [0114.110] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0114.111] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbefwtu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbefwtu[1].jpg"), dwFlags=0x1) returned 1 [0114.415] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f698, ulCount=0x10, ulNumEntriesRemoved=0x29e9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f698, ulNumEntriesRemoved=0x29e9f66c) returned 0 [0114.415] SetEvent (hEvent=0x1f8) returned 1 [0114.415] VirtualAlloc (lpAddress=0xc000392000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000392000 [0114.416] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe08*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.417] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29e9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f6a0, ulNumEntriesRemoved=0x29e9f674) returned 0 [0114.417] SetEvent (hEvent=0x1f8) returned 1 [0114.417] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe18*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.424] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.446] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.453] SetEvent (hEvent=0x108) returned 1 [0114.453] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.453] SetEvent (hEvent=0x108) returned 1 [0114.454] SetEvent (hEvent=0x1d4) returned 1 [0114.454] VirtualFree (lpAddress=0xc000392000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0114.454] VirtualFree (lpAddress=0xc000316000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0114.455] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0114.456] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.456] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000151818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc000151818*=0x3) returned 1 [0114.457] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.459] SetEvent (hEvent=0x1dc) returned 1 [0114.459] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.460] SetEvent (hEvent=0x1dc) returned 1 [0114.460] SetEvent (hEvent=0x1d4) returned 1 [0114.460] VirtualFree (lpAddress=0xc000390000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.460] VirtualFree (lpAddress=0xc00033c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.461] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.461] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.461] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.462] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00029d818, lpReserved=0x0 | out: lpBuffer=0xc000586018*, lpNumberOfCharsWritten=0xc00029d818*=0x3) returned 1 [0114.475] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.479] SetEvent (hEvent=0x1dc) returned 1 [0114.479] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.488] SwitchToThread () returned 1 [0114.489] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.498] SetEvent (hEvent=0x1dc) returned 1 [0114.498] SetEvent (hEvent=0x15c) returned 1 [0114.498] VirtualAlloc (lpAddress=0xc000332000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000332000 [0114.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0114.499] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000191cf4 | out: lpMode=0xc000191cf4) returned 0 [0114.501] GetFileType (hFile=0x1b0) returned 0x1 [0114.501] GetFileType (hFile=0x1b0) returned 0x1 [0114.501] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000191d44 | out: lpFileInformation=0xc000191d44) returned 1 [0114.501] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000191d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000191d28) returned 1 [0114.501] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0114.501] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00003e000, nNumberOfBytesToRead=0x5e3, lpNumberOfBytesRead=0xc000191c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003e000*, lpNumberOfBytesRead=0xc000191c04*=0x3e3, lpOverlapped=0x0) returned 1 [0114.519] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00003e3e3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000191c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003e3e3*, lpNumberOfBytesRead=0xc000191c04*=0x0, lpOverlapped=0x0) returned 1 [0114.519] CloseHandle (hObject=0x1b0) returned 1 [0114.519] VirtualAlloc (lpAddress=0xc0002d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d0000 [0114.519] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0114.520] VirtualAlloc (lpAddress=0xc0002f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f8000 [0114.520] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0114.730] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.744] GetConsoleMode (in: hConsoleHandle=0x208, lpMode=0xc000191d04 | out: lpMode=0xc000191d04) returned 0 [0114.747] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.750] GetFileType (hFile=0x208) returned 0x1 [0114.750] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.754] WriteFile (in: hFile=0x208, lpBuffer=0xc0002f6000*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0xc000191cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesWritten=0xc000191cec*=0x3f0, lpOverlapped=0x0) returned 1 [0114.756] CloseHandle (hObject=0x208) returned 1 [0114.766] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0114.766] VirtualAlloc (lpAddress=0xc000336000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000336000 [0114.767] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0114.768] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc000191d64 | out: lpMode=0xc000191d64) returned 0 [0114.769] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.771] SetEvent (hEvent=0xc0) returned 1 [0114.771] GetFileType (hFile=0x210) returned 0x1 [0114.771] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.776] SetEvent (hEvent=0x1c4) returned 1 [0114.776] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.796] SetEvent (hEvent=0xb8) returned 1 [0114.796] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.807] SetEvent (hEvent=0xb8) returned 1 [0114.807] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.810] SetEvent (hEvent=0xb8) returned 1 [0114.810] SetEvent (hEvent=0x1d0) returned 1 [0114.810] SetEvent (hEvent=0x1c4) returned 1 [0114.810] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.912] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.948] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.954] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0114.961] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0115.067] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0115.083] SetEvent (hEvent=0x1dc) returned 1 [0115.083] SetEvent (hEvent=0x120) returned 1 [0115.083] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0115.377] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0115.391] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0115.397] SetEvent (hEvent=0xfc) returned 1 [0115.397] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0115.400] SetEvent (hEvent=0xfc) returned 1 [0115.400] SetEvent (hEvent=0x1f8) returned 1 [0115.400] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.400] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.401] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.401] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.401] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.401] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.402] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.402] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0004df818, lpReserved=0x0 | out: lpBuffer=0xc0000a0048*, lpNumberOfCharsWritten=0xc0004df818*=0x2) returned 1 [0115.403] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0115.411] SetEvent (hEvent=0x1d0) returned 1 [0115.411] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0115.413] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[3]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0115.413] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0001cbcf4 | out: lpMode=0xc0001cbcf4) returned 0 [0115.414] GetFileType (hFile=0x1b4) returned 0x1 [0115.414] GetFileType (hFile=0x1b4) returned 0x1 [0115.414] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc0001cbd44 | out: lpFileInformation=0xc0001cbd44) returned 1 [0115.414] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc0001cbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cbd28) returned 1 [0115.414] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0115.415] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x31a8, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0001cbc04*=0x2fa8, lpOverlapped=0x0) returned 1 [0115.420] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000232fa8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000232fa8*, lpNumberOfBytesRead=0xc0001cbc04*=0x0, lpOverlapped=0x0) returned 1 [0115.420] CloseHandle (hObject=0x1b4) returned 1 [0115.420] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0115.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[3]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0115.423] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0001cbd04 | out: lpMode=0xc0001cbd04) returned 0 [0115.423] GetFileType (hFile=0x1b4) returned 0x1 [0115.423] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000b6000*, nNumberOfBytesToWrite=0x2fb0, lpNumberOfBytesWritten=0xc0001cbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesWritten=0xc0001cbcec*=0x2fb0, lpOverlapped=0x0) returned 1 [0115.425] CloseHandle (hObject=0x1b4) returned 1 [0115.426] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0115.426] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0115.427] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[3]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0115.427] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001cbd64 | out: lpMode=0xc0001cbd64) returned 0 [0115.427] GetFileType (hFile=0x1b0) returned 0x1 [0115.428] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001cbd4c*=0x158, lpOverlapped=0x0) returned 1 [0115.428] CloseHandle (hObject=0x1b0) returned 1 [0115.433] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0115.433] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[3]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-v2[3]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-v2[3]"), dwFlags=0x1) returned 1 [0115.526] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0115.534] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0115.539] SetEvent (hEvent=0x1f8) returned 1 [0115.540] SetEvent (hEvent=0x12c) returned 1 [0115.540] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0115.544] SetEvent (hEvent=0xb8) returned 1 [0115.544] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0115.550] SetEvent (hEvent=0x1f8) returned 1 [0115.550] SetEvent (hEvent=0xfc) returned 1 [0115.550] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0115.574] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0115.574] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0115.574] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.575] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.575] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.575] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.576] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0115.576] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072048*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000035818, lpReserved=0x0 | out: lpBuffer=0xc000072048*, lpNumberOfCharsWritten=0xc000035818*=0x3) returned 1 [0115.578] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0115.609] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010150*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f3818, lpReserved=0x0 | out: lpBuffer=0xc000010150*, lpNumberOfCharsWritten=0xc0000f3818*=0x3) returned 1 [0115.614] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x214 [0115.614] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc000193cf4 | out: lpMode=0xc000193cf4) returned 0 [0115.616] GetFileType (hFile=0x214) returned 0x1 [0115.616] GetFileType (hFile=0x214) returned 0x1 [0115.616] GetFileInformationByHandle (in: hFile=0x214, lpFileInformation=0xc000193d44 | out: lpFileInformation=0xc000193d44) returned 1 [0115.616] GetFileInformationByHandleEx (in: hFile=0x214, FileInformationClass=0x9, lpFileInformation=0xc000193d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000193d28) returned 1 [0115.617] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0115.617] ReadFile (in: hFile=0x214, lpBuffer=0xc000102000, nNumberOfBytesToRead=0x902, lpNumberOfBytesRead=0xc000193c04, lpOverlapped=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfBytesRead=0xc000193c04*=0x702, lpOverlapped=0x0) returned 1 [0115.622] ReadFile (in: hFile=0x214, lpBuffer=0xc000102702, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000193c04, lpOverlapped=0x0 | out: lpBuffer=0xc000102702*, lpNumberOfBytesRead=0xc000193c04*=0x0, lpOverlapped=0x0) returned 1 [0115.622] CloseHandle (hObject=0x214) returned 1 [0115.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1f0 [0115.631] GetConsoleMode (in: hConsoleHandle=0x1f0, lpMode=0xc000193d04 | out: lpMode=0xc000193d04) returned 0 [0115.638] GetFileType (hFile=0x1f0) returned 0x1 [0115.639] WriteFile (in: hFile=0x1f0, lpBuffer=0xc0000fe800*, nNumberOfBytesToWrite=0x710, lpNumberOfBytesWritten=0xc000193cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe800*, lpNumberOfBytesWritten=0xc000193cec*=0x710, lpOverlapped=0x0) returned 1 [0115.640] CloseHandle (hObject=0x1f0) returned 1 [0115.652] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0115.722] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001501 | out: pbBuffer=0xc000001501) returned 1 [0115.722] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0115.722] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x224 [0115.722] GetConsoleMode (in: hConsoleHandle=0x224, lpMode=0xc000193d64 | out: lpMode=0xc000193d64) returned 0 [0115.727] GetFileType (hFile=0x224) returned 0x1 [0115.727] WriteFile (in: hFile=0x224, lpBuffer=0xc000182b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000193d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000182b00*, lpNumberOfBytesWritten=0xc000193d4c*=0x158, lpOverlapped=0x0) returned 1 [0115.727] CloseHandle (hObject=0x224) returned 1 [0115.739] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEd5bF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbed5bf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEd5bF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbed5bf[1].jpg"), dwFlags=0x1) returned 1 [0116.204] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0116.211] SetEvent (hEvent=0x120) returned 1 [0116.211] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0116.277] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0116.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x348 [0116.279] GetConsoleMode (in: hConsoleHandle=0x348, lpMode=0xc000173cf4 | out: lpMode=0xc000173cf4) returned 0 [0116.281] GetFileType (hFile=0x348) returned 0x1 [0116.281] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0116.282] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0116.282] GetFileType (hFile=0x348) returned 0x1 [0116.282] GetFileInformationByHandle (in: hFile=0x348, lpFileInformation=0xc000173d44 | out: lpFileInformation=0xc000173d44) returned 1 [0116.282] GetFileInformationByHandleEx (in: hFile=0x348, FileInformationClass=0x9, lpFileInformation=0xc000173d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000173d28) returned 1 [0116.283] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0116.283] ReadFile (in: hFile=0x348, lpBuffer=0xc0000b6000, nNumberOfBytesToRead=0xc23, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesRead=0xc000173c04*=0xa23, lpOverlapped=0x0) returned 1 [0116.289] ReadFile (in: hFile=0x348, lpBuffer=0xc0000b6a23, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6a23*, lpNumberOfBytesRead=0xc000173c04*=0x0, lpOverlapped=0x0) returned 1 [0116.289] CloseHandle (hObject=0x348) returned 1 [0116.289] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0116.436] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc000173d04 | out: lpMode=0xc000173d04) returned 0 [0116.437] GetFileType (hFile=0x3bc) returned 0x1 [0116.438] WriteFile (in: hFile=0x3bc, lpBuffer=0xc00029aa80*, nNumberOfBytesToWrite=0xa30, lpNumberOfBytesWritten=0xc000173cec, lpOverlapped=0x0 | out: lpBuffer=0xc00029aa80*, lpNumberOfBytesWritten=0xc000173cec*=0xa30, lpOverlapped=0x0) returned 1 [0116.439] CloseHandle (hObject=0x3bc) returned 1 [0116.443] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a301 | out: pbBuffer=0xc00031a301) returned 1 [0116.443] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0116.443] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0116.444] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0116.444] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0116.445] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0116.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0116.445] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc000173d64 | out: lpMode=0xc000173d64) returned 0 [0116.446] GetFileType (hFile=0x3bc) returned 0x1 [0116.446] WriteFile (in: hFile=0x3bc, lpBuffer=0xc00003e2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000173d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00003e2c0*, lpNumberOfBytesWritten=0xc000173d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.446] CloseHandle (hObject=0x3bc) returned 1 [0116.447] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEe62t[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbee62t[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEe62t[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbee62t[1].jpg"), dwFlags=0x1) returned 1 [0117.146] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0117.151] SwitchToThread () returned 1 [0117.152] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0117.155] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0117.214] SetEvent (hEvent=0x340) returned 1 [0117.214] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0117.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3bc [0117.319] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc0001cdcf4 | out: lpMode=0xc0001cdcf4) returned 0 [0117.322] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0117.349] GetFileType (hFile=0x3bc) returned 0x1 [0117.349] GetFileType (hFile=0x3bc) returned 0x1 [0117.349] GetFileInformationByHandle (in: hFile=0x3bc, lpFileInformation=0xc0001cdd44 | out: lpFileInformation=0xc0001cdd44) returned 1 [0117.349] GetFileInformationByHandleEx (in: hFile=0x3bc, FileInformationClass=0x9, lpFileInformation=0xc0001cdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cdd28) returned 1 [0117.349] ReadFile (in: hFile=0x3bc, lpBuffer=0xc000186d80, nNumberOfBytesToRead=0x43f, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000186d80*, lpNumberOfBytesRead=0xc0001cdc04*=0x23f, lpOverlapped=0x0) returned 1 [0117.352] ReadFile (in: hFile=0x3bc, lpBuffer=0xc000186fbf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000186fbf*, lpNumberOfBytesRead=0xc0001cdc04*=0x0, lpOverlapped=0x0) returned 1 [0117.352] CloseHandle (hObject=0x3bc) returned 1 [0117.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0117.371] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001cdd04 | out: lpMode=0xc0001cdd04) returned 0 [0117.376] GetFileType (hFile=0x2f0) returned 0x1 [0117.376] WriteFile (in: hFile=0x2f0, lpBuffer=0xc000055680*, nNumberOfBytesToWrite=0x240, lpNumberOfBytesWritten=0xc0001cdcec, lpOverlapped=0x0 | out: lpBuffer=0xc000055680*, lpNumberOfBytesWritten=0xc0001cdcec*=0x240, lpOverlapped=0x0) returned 1 [0117.377] CloseHandle (hObject=0x2f0) returned 1 [0117.383] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0117.522] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b401 | out: pbBuffer=0xc00031b401) returned 1 [0117.522] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0117.523] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0117.523] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc0001cdd64 | out: lpMode=0xc0001cdd64) returned 0 [0117.525] GetFileType (hFile=0x2e4) returned 0x1 [0117.526] WriteFile (in: hFile=0x2e4, lpBuffer=0xc0000fd1e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fd1e0*, lpNumberOfBytesWritten=0xc0001cdd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.526] CloseHandle (hObject=0x2e4) returned 1 [0117.533] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBs47TE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbs47te[1].png"), dwFlags=0x1) returned 1 [0118.055] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f698, ulCount=0x10, ulNumEntriesRemoved=0x29e9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f698, ulNumEntriesRemoved=0x29e9f66c) returned 0 [0118.055] SetEvent (hEvent=0x258) returned 1 [0118.056] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe08*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.056] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0118.056] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x29e9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x29e9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x29e9f6a0, ulNumEntriesRemoved=0x29e9f674) returned 0 [0118.056] SetEvent (hEvent=0x258) returned 1 [0118.056] WaitForMultipleObjects (nCount=0x2, lpHandles=0x29e9fe18*=0x198, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.059] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0119.035] GetFileType (hFile=0x230) returned 0x1 [0119.035] GetFileType (hFile=0x230) returned 0x1 [0119.035] GetFileInformationByHandle (in: hFile=0x230, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0119.035] GetFileInformationByHandleEx (in: hFile=0x230, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0119.036] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0119.036] ReadFile (in: hFile=0x230, lpBuffer=0xc000222000, nNumberOfBytesToRead=0xa6e, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc000222000*, lpNumberOfBytesRead=0xc000241c04*=0x86e, lpOverlapped=0x0) returned 1 [0119.040] ReadFile (in: hFile=0x230, lpBuffer=0xc00022286e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc00022286e*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0119.040] CloseHandle (hObject=0x230) returned 1 [0119.040] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0119.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0119.070] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0119.135] SetEvent (hEvent=0xc0) returned 1 [0119.135] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0119.136] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0119.184] GetFileType (hFile=0x2f4) returned 0x1 [0119.184] WriteFile (in: hFile=0x2f4, lpBuffer=0xc00024e000*, nNumberOfBytesToWrite=0x870, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc00024e000*, lpNumberOfBytesWritten=0xc000241cec*=0x870, lpOverlapped=0x0) returned 1 [0119.185] CloseHandle (hObject=0x2f4) returned 1 [0119.188] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f1601 | out: pbBuffer=0xc0002f1601) returned 1 [0119.188] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0119.189] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0119.189] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0119.190] GetFileType (hFile=0x2cc) returned 0x1 [0119.190] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d74a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d74a0*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.190] CloseHandle (hObject=0x2cc) returned 1 [0119.191] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBC02Gr[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbc02gr[2].jpg"), dwFlags=0x1) returned 1 [0119.901] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0119.903] SetEvent (hEvent=0x39c) returned 1 [0119.903] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0120.181] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0120.181] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0120.182] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0120.184] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0120.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0120.185] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001abcf4 | out: lpMode=0xc0001abcf4) returned 0 [0120.196] GetFileType (hFile=0x2bc) returned 0x1 [0120.196] GetFileType (hFile=0x2bc) returned 0x1 [0120.196] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0001abd44 | out: lpFileInformation=0xc0001abd44) returned 1 [0120.196] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0001abd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001abd28) returned 1 [0120.196] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0120.196] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0120.198] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x93dd, lpNumberOfBytesRead=0xc0001abc04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0001abc04*=0x91dd, lpOverlapped=0x0) returned 1 [0120.221] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0120.236] SetEvent (hEvent=0x258) returned 1 [0120.236] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0002391dd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001abc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002391dd*, lpNumberOfBytesRead=0xc0001abc04*=0x0, lpOverlapped=0x0) returned 1 [0120.236] CloseHandle (hObject=0x2bc) returned 1 [0120.236] VirtualAlloc (lpAddress=0xc000280000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0120.238] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0120.239] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001abd04 | out: lpMode=0xc0001abd04) returned 0 [0120.245] GetFileType (hFile=0x2bc) returned 0x1 [0120.245] WriteFile (in: hFile=0x2bc, lpBuffer=0xc000280000*, nNumberOfBytesToWrite=0x91e0, lpNumberOfBytesWritten=0xc0001abcec, lpOverlapped=0x0 | out: lpBuffer=0xc000280000*, lpNumberOfBytesWritten=0xc0001abcec*=0x91e0, lpOverlapped=0x0) returned 1 [0120.248] CloseHandle (hObject=0x2bc) returned 1 [0120.248] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0120.248] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0120.249] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0120.249] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001abd64 | out: lpMode=0xc0001abd64) returned 0 [0120.261] GetFileType (hFile=0x2bc) returned 0x1 [0120.261] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001abd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0001abd4c*=0x158, lpOverlapped=0x0) returned 1 [0120.261] CloseHandle (hObject=0x2bc) returned 1 [0120.262] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-adex[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-adex[1].js"), dwFlags=0x1) returned 1 [0120.263] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0120.264] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0002dfcf4 | out: lpMode=0xc0002dfcf4) returned 0 [0120.269] GetFileType (hFile=0x2bc) returned 0x1 [0120.269] GetFileType (hFile=0x2bc) returned 0x1 [0120.269] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0002dfd44 | out: lpFileInformation=0xc0002dfd44) returned 1 [0120.269] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0002dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002dfd28) returned 1 [0120.269] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0120.271] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000300000, nNumberOfBytesToRead=0x545b, lpNumberOfBytesRead=0xc0002dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesRead=0xc0002dfc04*=0x525b, lpOverlapped=0x0) returned 1 [0120.282] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00030525b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00030525b*, lpNumberOfBytesRead=0xc0002dfc04*=0x0, lpOverlapped=0x0) returned 1 [0120.282] CloseHandle (hObject=0x2bc) returned 1 [0120.282] VirtualAlloc (lpAddress=0xc00031c000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031c000 [0120.284] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0120.285] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0002dfd04 | out: lpMode=0xc0002dfd04) returned 0 [0120.286] GetFileType (hFile=0x2bc) returned 0x1 [0120.286] WriteFile (in: hFile=0x2bc, lpBuffer=0xc00031c000*, nNumberOfBytesToWrite=0x5260, lpNumberOfBytesWritten=0xc0002dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc00031c000*, lpNumberOfBytesWritten=0xc0002dfcec*=0x5260, lpOverlapped=0x0) returned 1 [0120.287] CloseHandle (hObject=0x2bc) returned 1 [0120.288] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0401 | out: pbBuffer=0xc0002f0401) returned 1 [0120.288] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0120.288] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0002dfd64 | out: lpMode=0xc0002dfd64) returned 0 [0120.288] GetFileType (hFile=0x2bc) returned 0x1 [0120.289] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0002dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0120.289] CloseHandle (hObject=0x2bc) returned 1 [0120.289] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-adsWrapperMSNI[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-adswrappermsni[1].js"), dwFlags=0x1) returned 1 [0120.290] VirtualFree (lpAddress=0xc000290000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.291] VirtualFree (lpAddress=0xc000280000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0120.291] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.292] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0120.292] VirtualFree (lpAddress=0xc000212000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0120.293] VirtualFree (lpAddress=0xc000184000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.293] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.293] VirtualFree (lpAddress=0xc00010e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.294] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.294] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.295] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.295] VirtualFree (lpAddress=0xc0000b6000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0120.296] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.296] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.303] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.303] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010068*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001bd818, lpReserved=0x0 | out: lpBuffer=0xc000010068*, lpNumberOfCharsWritten=0xc0001bd818*=0x3) returned 1 [0120.313] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0120.321] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001f7818, lpReserved=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfCharsWritten=0xc0001f7818*=0x3) returned 1 [0120.324] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0120.374] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00022f818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc00022f818*=0x3) returned 1 [0120.381] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0028*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001ab818, lpReserved=0x0 | out: lpBuffer=0xc0000a0028*, lpNumberOfCharsWritten=0xc0001ab818*=0x3) returned 1 [0120.394] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0120.395] SetEvent (hEvent=0x144) returned 1 [0120.395] SetEvent (hEvent=0x148) returned 1 [0120.395] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000277818, lpReserved=0x0 | out: lpBuffer=0xc0000a0060*, lpNumberOfCharsWritten=0xc000277818*=0x3) returned 1 [0120.396] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0120.401] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0120.403] VirtualFree (lpAddress=0xc0002e2000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0120.404] VirtualFree (lpAddress=0xc0002d0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.404] VirtualFree (lpAddress=0xc0002cc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.405] VirtualFree (lpAddress=0xc0002c6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.405] VirtualFree (lpAddress=0xc0002c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.406] VirtualFree (lpAddress=0xc0002ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.406] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.406] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.407] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.407] VirtualFree (lpAddress=0xc0000b6000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0120.408] VirtualFree (lpAddress=0xc000076000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0120.408] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.408] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.409] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.409] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.409] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000151818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc000151818*=0x3) returned 1 [0120.410] SetEvent (hEvent=0x3c0) returned 1 [0120.410] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001c9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0006*, lpNumberOfCharsWritten=0xc0001c9818*=0x3) returned 1 [0120.414] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0120.417] SetEvent (hEvent=0x9c) returned 1 [0120.417] SetEvent (hEvent=0x3c0) returned 1 [0120.418] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.418] VirtualFree (lpAddress=0xc000264000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.418] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.419] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.419] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.419] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.420] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000155818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc000155818*=0x3) returned 1 [0120.425] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0120.426] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0120.427] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0000f3cf4 | out: lpMode=0xc0000f3cf4) returned 0 [0120.428] GetFileType (hFile=0x2f4) returned 0x1 [0120.428] GetFileType (hFile=0x2f4) returned 0x1 [0120.428] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc0000f3d44 | out: lpFileInformation=0xc0000f3d44) returned 1 [0120.428] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc0000f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f3d28) returned 1 [0120.428] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0120.429] ReadFile (in: hFile=0x2f4, lpBuffer=0xc000094000, nNumberOfBytesToRead=0xa57, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc0000f3c04*=0x857, lpOverlapped=0x0) returned 1 [0120.441] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0120.454] ReadFile (in: hFile=0x2f4, lpBuffer=0xc000094857, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094857*, lpNumberOfBytesRead=0xc0000f3c04*=0x0, lpOverlapped=0x0) returned 1 [0120.454] CloseHandle (hObject=0x2f4) returned 1 [0120.454] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0120.455] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0120.455] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0120.456] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0120.457] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0120.525] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc0000f3d04 | out: lpMode=0xc0000f3d04) returned 0 [0120.532] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0120.538] GetFileType (hFile=0x3dc) returned 0x1 [0120.538] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0000b8000*, nNumberOfBytesToWrite=0x860, lpNumberOfBytesWritten=0xc0000f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000b8000*, lpNumberOfBytesWritten=0xc0000f3cec*=0x860, lpOverlapped=0x0) returned 1 [0120.540] CloseHandle (hObject=0x3dc) returned 1 [0120.543] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000b01 | out: pbBuffer=0xc000000b01) returned 1 [0120.543] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0120.543] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0120.544] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0120.545] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0120.545] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0000f3d64 | out: lpMode=0xc0000f3d64) returned 0 [0120.552] GetFileType (hFile=0x240) returned 0x1 [0120.552] WriteFile (in: hFile=0x240, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0000f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.552] CloseHandle (hObject=0x240) returned 1 [0120.582] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0120.591] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEeEwt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbeeewt[1].jpg"), dwFlags=0x1) returned 1 [0120.878] SwitchToThread () returned 1 [0120.879] SetEvent (hEvent=0x144) returned 1 [0120.879] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0120.881] SetEvent (hEvent=0x144) returned 1 [0120.881] SetEvent (hEvent=0x208) returned 1 [0120.881] SetEvent (hEvent=0x148) returned 1 [0120.881] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0141.091] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d8 [0141.092] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc000195cf4 | out: lpMode=0xc000195cf4) returned 0 [0141.102] GetFileType (hFile=0x2d8) returned 0x1 [0141.102] GetFileType (hFile=0x2d8) returned 0x1 [0141.102] GetFileInformationByHandle (in: hFile=0x2d8, lpFileInformation=0xc000195d44 | out: lpFileInformation=0xc000195d44) returned 1 [0141.102] GetFileInformationByHandleEx (in: hFile=0x2d8, FileInformationClass=0x9, lpFileInformation=0xc000195d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000195d28) returned 1 [0141.102] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0141.103] ReadFile (in: hFile=0x2d8, lpBuffer=0xc000224000, nNumberOfBytesToRead=0x310, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc000224000*, lpNumberOfBytesRead=0xc000195c04*=0x110, lpOverlapped=0x0) returned 1 [0141.105] ReadFile (in: hFile=0x2d8, lpBuffer=0xc000224110, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc000224110*, lpNumberOfBytesRead=0xc000195c04*=0x0, lpOverlapped=0x0) returned 1 [0141.105] CloseHandle (hObject=0x2d8) returned 1 [0141.105] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0141.106] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0141.107] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc000195d04 | out: lpMode=0xc000195d04) returned 0 [0141.117] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0141.446] GetFileType (hFile=0x2d8) returned 0x1 [0141.446] WriteFile (in: hFile=0x2d8, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc000195cec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc000195cec*=0x120, lpOverlapped=0x0) returned 1 [0142.469] CloseHandle (hObject=0x2d8) returned 1 [0142.523] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0142.895] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0142.895] VirtualAlloc (lpAddress=0xc000640000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000640000 [0142.896] VirtualAlloc (lpAddress=0xc000642000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000642000 [0142.897] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0142.898] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc000195d64 | out: lpMode=0xc000195d64) returned 0 [0142.998] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0144.247] GetFileType (hFile=0x308) returned 0x1 [0144.247] WriteFile (in: hFile=0x308, lpBuffer=0xc000683760*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000195d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000683760*, lpNumberOfBytesWritten=0xc000195d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.247] CloseHandle (hObject=0x308) returned 1 [0144.248] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@doubleclick[2].txt"), dwFlags=0x1) returned 1 [0144.249] SetEvent (hEvent=0x304) returned 1 [0144.249] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0144.274] SetEvent (hEvent=0xbc0) returned 1 [0144.274] VirtualFree (lpAddress=0xc000110000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.275] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.276] SetEvent (hEvent=0xb40) returned 1 [0144.276] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0144.294] SetEvent (hEvent=0x448) returned 1 [0144.294] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0144.304] SetEvent (hEvent=0x35c) returned 1 [0144.304] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0144.313] SetEvent (hEvent=0x1a0) returned 1 [0144.313] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0144.322] SetEvent (hEvent=0xbc0) returned 1 [0144.323] SetEvent (hEvent=0x264) returned 1 [0144.323] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0144.329] SetEvent (hEvent=0xbc0) returned 1 [0144.329] SetEvent (hEvent=0xa30) returned 1 [0144.329] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) returned 0x0 [0144.336] SetEvent (hEvent=0xbc0) returned 1 [0144.336] SetEvent (hEvent=0xa28) returned 1 [0144.336] WaitForSingleObject (hHandle=0x198, dwMilliseconds=0xffffffff) Thread: id = 27 os_tid = 0x954 [0104.596] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2a09fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2a09fea0*=0x168) returned 1 [0104.596] VirtualQuery (in: lpAddress=0x2a09fec0, lpBuffer=0x2a09fec0, dwLength=0x30 | out: lpBuffer=0x2a09fec0*(BaseAddress=0x2a09f000, AllocationBase=0x29ea0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0104.596] SetEvent (hEvent=0x108) returned 1 [0104.596] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0104.597] VirtualAlloc (lpAddress=0xc000268000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000268000 [0104.597] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0104.598] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lock"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1c8 [0104.598] GetConsoleMode (in: hConsoleHandle=0x1c8, lpMode=0xc000249cf4 | out: lpMode=0xc000249cf4) returned 0 [0104.609] GetFileType (hFile=0x1c8) returned 0x1 [0104.609] GetFileType (hFile=0x1c8) returned 0x1 [0104.609] GetFileInformationByHandle (in: hFile=0x1c8, lpFileInformation=0xc000249d44 | out: lpFileInformation=0xc000249d44) returned 1 [0104.609] GetFileInformationByHandleEx (in: hFile=0x1c8, FileInformationClass=0x9, lpFileInformation=0xc000249d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000249d28) returned 1 [0104.609] ReadFile (in: hFile=0x1c8, lpBuffer=0xc000250200, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000249c04, lpOverlapped=0x0 | out: lpBuffer=0xc000250200*, lpNumberOfBytesRead=0xc000249c04*=0x0, lpOverlapped=0x0) returned 1 [0104.609] CloseHandle (hObject=0x1c8) returned 1 [0104.609] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lock"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c8 [0104.609] GetConsoleMode (in: hConsoleHandle=0x1c8, lpMode=0xc000249d04 | out: lpMode=0xc000249d04) returned 0 [0104.625] GetFileType (hFile=0x1c8) returned 0x1 [0104.625] WriteFile (in: hFile=0x1c8, lpBuffer=0xc0000a0760*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000249cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a0760*, lpNumberOfBytesWritten=0xc000249cec*=0x10, lpOverlapped=0x0) returned 1 [0104.627] CloseHandle (hObject=0x1c8) returned 1 [0104.627] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0104.627] VirtualAlloc (lpAddress=0xc000380000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000380000 [0104.627] VirtualAlloc (lpAddress=0xc00039a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00039a000 [0104.628] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lock"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1c8 [0104.628] GetConsoleMode (in: hConsoleHandle=0x1c8, lpMode=0xc000249d64 | out: lpMode=0xc000249d64) returned 0 [0104.637] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1d0 [0104.637] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1cc [0104.637] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0104.642] GetFileType (hFile=0x1c8) returned 0x1 [0104.642] WriteFile (in: hFile=0x1c8, lpBuffer=0xc00039a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000249d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00039a2c0*, lpNumberOfBytesWritten=0xc000249d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.642] CloseHandle (hObject=0x1c8) returned 1 [0104.642] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\encry-LOCK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\local extension settings\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\encry-lock"), dwFlags=0x1) returned 1 [0104.643] SetEvent (hEvent=0x114) returned 1 [0104.643] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0104.646] SetEvent (hEvent=0x108) returned 1 [0104.646] VirtualFree (lpAddress=0xc000300000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.647] VirtualFree (lpAddress=0xc0002f4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.647] VirtualFree (lpAddress=0xc00029c000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0104.647] VirtualFree (lpAddress=0xc000238000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.647] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.648] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0104.648] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.648] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.648] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.649] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.649] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.649] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.649] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.650] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.650] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.650] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.650] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.650] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.651] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0104.651] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0104.651] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.652] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0104.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0104.652] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000243cf4 | out: lpMode=0xc000243cf4) returned 0 [0104.655] GetFileType (hFile=0x150) returned 0x1 [0104.655] GetFileType (hFile=0x150) returned 0x1 [0104.655] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc000243d44 | out: lpFileInformation=0xc000243d44) returned 1 [0104.655] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc000243d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000243d28) returned 1 [0104.655] ReadFile (in: hFile=0x150, lpBuffer=0xc0002b3500, nNumberOfBytesToRead=0x5200, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b3500*, lpNumberOfBytesRead=0xc000243c04*=0x5000, lpOverlapped=0x0) returned 1 [0104.665] ReadFile (in: hFile=0x150, lpBuffer=0xc0002b8500, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b8500*, lpNumberOfBytesRead=0xc000243c04*=0x0, lpOverlapped=0x0) returned 1 [0104.665] CloseHandle (hObject=0x150) returned 1 [0104.665] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0104.666] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000243d04 | out: lpMode=0xc000243d04) returned 0 [0104.667] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0104.673] GetFileType (hFile=0x150) returned 0x1 [0104.673] WriteFile (in: hFile=0x150, lpBuffer=0xc0002b8a00*, nNumberOfBytesToWrite=0x5010, lpNumberOfBytesWritten=0xc000243cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b8a00*, lpNumberOfBytesWritten=0xc000243cec*=0x5010, lpOverlapped=0x0) returned 1 [0104.675] CloseHandle (hObject=0x150) returned 1 [0104.675] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0104.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0104.676] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc000243d64 | out: lpMode=0xc000243d64) returned 0 [0104.680] GetFileType (hFile=0x150) returned 0x1 [0104.680] WriteFile (in: hFile=0x150, lpBuffer=0xc00016a6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000243d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016a6e0*, lpNumberOfBytesWritten=0xc000243d4c*=0x158, lpOverlapped=0x0) returned 1 [0104.680] CloseHandle (hObject=0x150) returned 1 [0104.680] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0104.681] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0104.681] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\top sites"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\encry-Top Sites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\encry-top sites"), dwFlags=0x1) returned 1 [0104.682] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe30*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.683] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a09f698, ulCount=0x10, ulNumEntriesRemoved=0x2a09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a09f698, ulNumEntriesRemoved=0x2a09f66c) returned 0 [0104.683] SetEvent (hEvent=0xc0) returned 1 [0104.683] SetEvent (hEvent=0x120) returned 1 [0104.683] SetEvent (hEvent=0x15c) returned 1 [0104.683] SetEvent (hEvent=0x164) returned 1 [0104.684] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe08*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.691] SetEvent (hEvent=0x15c) returned 1 [0104.691] SetEvent (hEvent=0x100) returned 1 [0104.691] SetEvent (hEvent=0x188) returned 1 [0104.691] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe08*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0104.701] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0104.701] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe30*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.702] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a09f6a0, ulNumEntriesRemoved=0x2a09f674) returned 0 [0104.702] SetEvent (hEvent=0xb8) returned 1 [0104.702] SetEvent (hEvent=0x108) returned 1 [0104.702] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe18*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0104.705] SetEvent (hEvent=0x114) returned 1 [0104.705] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0104.713] SetEvent (hEvent=0xfc) returned 1 [0104.713] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0107.764] SetEvent (hEvent=0xf4) returned 1 [0107.764] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0107.765] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x180 [0107.765] GetConsoleMode (in: hConsoleHandle=0x180, lpMode=0xc000281cf4 | out: lpMode=0xc000281cf4) returned 0 [0107.767] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0107.778] SetEvent (hEvent=0x108) returned 1 [0107.779] GetFileType (hFile=0x180) returned 0x1 [0107.779] GetFileType (hFile=0x180) returned 0x1 [0107.779] GetFileInformationByHandle (in: hFile=0x180, lpFileInformation=0xc000281d44 | out: lpFileInformation=0xc000281d44) returned 1 [0107.779] GetFileInformationByHandleEx (in: hFile=0x180, FileInformationClass=0x9, lpFileInformation=0xc000281d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000281d28) returned 1 [0107.779] ReadFile (in: hFile=0x180, lpBuffer=0xc00004ce00, nNumberOfBytesToRead=0x614, lpNumberOfBytesRead=0xc000281c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004ce00*, lpNumberOfBytesRead=0xc000281c04*=0x414, lpOverlapped=0x0) returned 1 [0107.781] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0107.798] ReadFile (in: hFile=0x180, lpBuffer=0xc00004d214, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000281c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004d214*, lpNumberOfBytesRead=0xc000281c04*=0x0, lpOverlapped=0x0) returned 1 [0107.798] CloseHandle (hObject=0x180) returned 1 [0107.798] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0107.799] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0107.799] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0107.799] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0107.804] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000281d04 | out: lpMode=0xc000281d04) returned 0 [0107.811] GetFileType (hFile=0x1b0) returned 0x1 [0107.811] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00025c000*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0xc000281cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025c000*, lpNumberOfBytesWritten=0xc000281cec*=0x420, lpOverlapped=0x0) returned 1 [0107.813] CloseHandle (hObject=0x1b0) returned 1 [0107.824] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0107.825] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0107.825] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0107.825] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0107.826] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0107.826] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0107.827] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0107.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0107.827] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000281d64 | out: lpMode=0xc000281d64) returned 0 [0107.828] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0107.832] SetEvent (hEvent=0x15c) returned 1 [0107.832] GetFileType (hFile=0x1b0) returned 0x1 [0107.832] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0001c0580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000281d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0580*, lpNumberOfBytesWritten=0xc000281d4c*=0x158, lpOverlapped=0x0) returned 1 [0107.832] CloseHandle (hObject=0x1b0) returned 1 [0107.834] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0107.840] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\01_music_auto_rated_at_5_stars.wpl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Media Player\\Sync Playlists\\en-US\\00010C6E\\encry-01_Music_auto_rated_at_5_stars.wpl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\media player\\sync playlists\\en-us\\00010c6e\\encry-01_music_auto_rated_at_5_stars.wpl"), dwFlags=0x1) returned 1 [0108.407] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0108.410] SetEvent (hEvent=0x114) returned 1 [0108.410] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0114.158] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc0002a1cf4 | out: lpMode=0xc0002a1cf4) returned 0 [0114.161] GetFileType (hFile=0x148) returned 0x1 [0114.161] GetFileType (hFile=0x148) returned 0x1 [0114.161] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc0002a1d44 | out: lpFileInformation=0xc0002a1d44) returned 1 [0114.161] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc0002a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a1d28) returned 1 [0114.161] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0114.163] ReadFile (in: hFile=0x148, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x2097, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0002a1c04*=0x1e97, lpOverlapped=0x0) returned 1 [0114.170] ReadFile (in: hFile=0x148, lpBuffer=0xc0002a5e97, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a5e97*, lpNumberOfBytesRead=0xc0002a1c04*=0x0, lpOverlapped=0x0) returned 1 [0114.170] CloseHandle (hObject=0x148) returned 1 [0114.170] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0114.171] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0114.171] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0114.172] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0114.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0114.198] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0002a1d04 | out: lpMode=0xc0002a1d04) returned 0 [0114.201] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.239] GetFileType (hFile=0x194) returned 0x1 [0114.239] VirtualAlloc (lpAddress=0xc00028a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028a000 [0114.240] WriteFile (in: hFile=0x194, lpBuffer=0xc000224000*, nNumberOfBytesToWrite=0x1ea0, lpNumberOfBytesWritten=0xc0002a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000224000*, lpNumberOfBytesWritten=0xc0002a1cec*=0x1ea0, lpOverlapped=0x0) returned 1 [0114.241] CloseHandle (hObject=0x194) returned 1 [0114.253] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.295] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533a01 | out: pbBuffer=0xc000533a01) returned 1 [0114.296] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0114.296] GetConsoleMode (in: hConsoleHandle=0x1e0, lpMode=0xc0002a1d64 | out: lpMode=0xc0002a1d64) returned 0 [0114.297] GetFileType (hFile=0x1e0) returned 0x1 [0114.297] WriteFile (in: hFile=0x1e0, lpBuffer=0xc000041340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000041340*, lpNumberOfBytesWritten=0xc0002a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.297] CloseHandle (hObject=0x1e0) returned 1 [0114.355] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.380] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgIyL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbegiyl[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEgIyL[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbegiyl[1].jpg"), dwFlags=0x1) returned 1 [0114.720] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.722] SetEvent (hEvent=0x1dc) returned 1 [0114.722] SetEvent (hEvent=0xfc) returned 1 [0114.722] VirtualFree (lpAddress=0xc0002ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.723] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.723] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc000117818*=0x3) returned 1 [0114.727] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00029f818, lpReserved=0x0 | out: lpBuffer=0xc000586030*, lpNumberOfCharsWritten=0xc00029f818*=0x3) returned 1 [0114.728] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586036*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00026d818, lpReserved=0x0 | out: lpBuffer=0xc000586036*, lpNumberOfCharsWritten=0xc00026d818*=0x3) returned 1 [0114.735] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.745] VirtualAlloc (lpAddress=0xc000334000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000334000 [0114.745] SetEvent (hEvent=0xb8) returned 1 [0114.745] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.760] SetEvent (hEvent=0x1dc) returned 1 [0114.760] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.765] SetEvent (hEvent=0x1dc) returned 1 [0114.765] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.768] SetEvent (hEvent=0x1dc) returned 1 [0114.768] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.770] SetEvent (hEvent=0x1dc) returned 1 [0114.770] SetEvent (hEvent=0x1c4) returned 1 [0114.770] SetEvent (hEvent=0x198) returned 1 [0114.770] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.775] SetEvent (hEvent=0xb8) returned 1 [0114.775] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.812] SetEvent (hEvent=0x1dc) returned 1 [0114.812] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.830] SetEvent (hEvent=0x1dc) returned 1 [0114.830] SetEvent (hEvent=0x1f8) returned 1 [0114.830] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.846] SetEvent (hEvent=0x1f8) returned 1 [0114.846] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.859] SetEvent (hEvent=0x1c4) returned 1 [0114.859] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.860] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0114.861] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0114.862] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0114.862] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0114.863] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0114.863] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x214 [0114.864] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc000155cf4 | out: lpMode=0xc000155cf4) returned 0 [0114.875] GetFileType (hFile=0x214) returned 0x1 [0114.875] GetFileType (hFile=0x214) returned 0x1 [0114.875] GetFileInformationByHandle (in: hFile=0x214, lpFileInformation=0xc000155d44 | out: lpFileInformation=0xc000155d44) returned 1 [0114.875] GetFileInformationByHandleEx (in: hFile=0x214, FileInformationClass=0x9, lpFileInformation=0xc000155d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000155d28) returned 1 [0114.875] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0114.876] ReadFile (in: hFile=0x214, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x4fd8, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc000155c04*=0x4dd8, lpOverlapped=0x0) returned 1 [0114.887] ReadFile (in: hFile=0x214, lpBuffer=0xc000234dd8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc000234dd8*, lpNumberOfBytesRead=0xc000155c04*=0x0, lpOverlapped=0x0) returned 1 [0114.887] CloseHandle (hObject=0x214) returned 1 [0114.887] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0114.887] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0114.888] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0114.894] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc000155d04 | out: lpMode=0xc000155d04) returned 0 [0114.900] GetFileType (hFile=0x214) returned 0x1 [0114.900] WriteFile (in: hFile=0x214, lpBuffer=0xc000235000*, nNumberOfBytesToWrite=0x4de0, lpNumberOfBytesWritten=0xc000155cec, lpOverlapped=0x0 | out: lpBuffer=0xc000235000*, lpNumberOfBytesWritten=0xc000155cec*=0x4de0, lpOverlapped=0x0) returned 1 [0114.901] CloseHandle (hObject=0x214) returned 1 [0114.902] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532c01 | out: pbBuffer=0xc000532c01) returned 1 [0114.902] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0114.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0114.903] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000155d64 | out: lpMode=0xc000155d64) returned 0 [0114.904] GetFileType (hFile=0x1b4) returned 0x1 [0114.905] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00006c9a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000155d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006c9a0*, lpNumberOfBytesWritten=0xc000155d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.905] CloseHandle (hObject=0x1b4) returned 1 [0114.906] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bs-jsdep[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bs-jsdep[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-bs-jsdep[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bs-jsdep[1].css"), dwFlags=0x1) returned 1 [0114.968] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a09f698, ulCount=0x10, ulNumEntriesRemoved=0x2a09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a09f698, ulNumEntriesRemoved=0x2a09f66c) returned 0 [0114.968] SetEvent (hEvent=0x1f8) returned 1 [0114.968] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe08*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.970] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a09f6a0, ulNumEntriesRemoved=0x2a09f674) returned 0 [0114.970] SetEvent (hEvent=0x1f8) returned 1 [0114.970] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe18*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.067] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe30*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.068] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a09f698, ulCount=0x10, ulNumEntriesRemoved=0x2a09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a09f698, ulNumEntriesRemoved=0x2a09f66c) returned 0 [0115.068] SetEvent (hEvent=0xc0) returned 1 [0115.068] SetEvent (hEvent=0x1dc) returned 1 [0115.069] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe08*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.069] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.069] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe08*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.077] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a09f6a0, ulNumEntriesRemoved=0x2a09f674) returned 0 [0115.077] SetEvent (hEvent=0x120) returned 1 [0115.078] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe18*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.080] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe30*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.082] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a09f698, ulCount=0x10, ulNumEntriesRemoved=0x2a09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a09f698, ulNumEntriesRemoved=0x2a09f66c) returned 0 [0115.082] SetEvent (hEvent=0x1dc) returned 1 [0115.083] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe08*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.083] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe08*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.090] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a09f6a0, ulNumEntriesRemoved=0x2a09f674) returned 0 [0115.090] SetEvent (hEvent=0x120) returned 1 [0115.090] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe18*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.092] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.166] SwitchToThread () returned 1 [0115.167] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.203] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.215] SetEvent (hEvent=0x1dc) returned 1 [0115.215] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.219] SetEvent (hEvent=0x1dc) returned 1 [0115.219] SetEvent (hEvent=0x120) returned 1 [0115.219] VirtualFree (lpAddress=0xc000364000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.219] VirtualFree (lpAddress=0xc00027c000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0115.220] VirtualFree (lpAddress=0xc00025a000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0115.221] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0115.221] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.221] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.222] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010050*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc000010050*, lpNumberOfCharsWritten=0xc0006dd818*=0x2) returned 1 [0115.225] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.232] SetEvent (hEvent=0x12c) returned 1 [0115.232] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.233] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0115.233] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0115.234] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0115.234] GetFileType (hFile=0x1b4) returned 0x1 [0115.234] GetFileType (hFile=0x1b4) returned 0x1 [0115.234] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0115.234] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0115.234] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000d1500, nNumberOfBytesToRead=0x1454, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesRead=0xc0006ddc04*=0x1254, lpOverlapped=0x0) returned 1 [0115.240] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000d2754, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d2754*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0115.240] CloseHandle (hObject=0x1b4) returned 1 [0115.240] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0115.241] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0115.242] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0115.245] SetEvent (hEvent=0xc0) returned 1 [0115.245] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0115.245] GetFileType (hFile=0x1b4) returned 0x1 [0115.245] WriteFile (in: hFile=0x1b4, lpBuffer=0xc000054000*, nNumberOfBytesToWrite=0x1260, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesWritten=0xc0006ddcec*=0x1260, lpOverlapped=0x0) returned 1 [0115.246] CloseHandle (hObject=0x1b4) returned 1 [0115.247] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0115.247] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0115.248] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0115.248] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0115.249] GetFileType (hFile=0x1b0) returned 0x1 [0115.249] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0115.249] CloseHandle (hObject=0x1b0) returned 1 [0115.251] MoveFileExW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1b;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=627518548[1]"), dwFlags=0x1) returned 1 [0115.288] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe30*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.289] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a09f698, ulCount=0x10, ulNumEntriesRemoved=0x2a09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a09f698, ulNumEntriesRemoved=0x2a09f66c) returned 0 [0115.289] SetEvent (hEvent=0xc0) returned 1 [0115.289] SetEvent (hEvent=0x12c) returned 1 [0115.289] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0115.290] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe08*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.291] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe08*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.294] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe30*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.294] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a09f6a0, ulNumEntriesRemoved=0x2a09f674) returned 0 [0115.295] SetEvent (hEvent=0x12c) returned 1 [0115.295] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe18*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.295] SetEvent (hEvent=0x1f8) returned 1 [0115.295] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.302] SetEvent (hEvent=0xb8) returned 1 [0115.302] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.322] SetEvent (hEvent=0x120) returned 1 [0115.322] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.340] SetEvent (hEvent=0x120) returned 1 [0115.340] SetEvent (hEvent=0x12c) returned 1 [0115.340] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0115.341] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0115.341] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0115.342] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.342] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.342] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.342] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0115.343] VirtualFree (lpAddress=0xc00003e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0115.343] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00018f818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc00018f818*=0x2) returned 1 [0115.344] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.347] SetEvent (hEvent=0x12c) returned 1 [0115.347] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0115.347] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\uhf-main.var.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\uhf-main.var.min[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0115.348] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0115.349] GetFileType (hFile=0x1b0) returned 0x1 [0115.349] GetFileType (hFile=0x1b0) returned 0x1 [0115.349] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0115.349] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0115.349] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0115.351] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x104ea, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc0006ddc04*=0x102ea, lpOverlapped=0x0) returned 1 [0115.354] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00026a2ea, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00026a2ea*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0115.354] CloseHandle (hObject=0x1b0) returned 1 [0115.354] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0115.354] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0115.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\uhf-main.var.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\uhf-main.var.min[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0115.358] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0115.359] GetFileType (hFile=0x1b0) returned 0x1 [0115.360] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0x102f0, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc0006ddcec*=0x102f0, lpOverlapped=0x0) returned 1 [0115.362] CloseHandle (hObject=0x1b0) returned 1 [0115.362] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0115.363] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0115.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\uhf-main.var.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\uhf-main.var.min[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0115.363] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0115.364] VirtualAlloc (lpAddress=0xc000146000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000146000 [0115.365] GetFileType (hFile=0x1b0) returned 0x1 [0115.365] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0115.365] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0115.366] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000168000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000168000*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0115.366] CloseHandle (hObject=0x1b0) returned 1 [0115.368] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\uhf-main.var.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\uhf-main.var.min[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-uhf-main.var.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-uhf-main.var.min[1].js"), dwFlags=0x1) returned 1 [0115.411] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe30*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.412] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a09f698, ulCount=0x10, ulNumEntriesRemoved=0x2a09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a09f698, ulNumEntriesRemoved=0x2a09f66c) returned 0 [0115.412] SetEvent (hEvent=0x198) returned 1 [0115.412] SetEvent (hEvent=0x1f8) returned 1 [0115.412] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe08*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.416] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a09f6a0, ulNumEntriesRemoved=0x2a09f674) returned 0 [0115.416] SetEvent (hEvent=0x1f8) returned 1 [0115.416] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe18*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.421] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.447] SwitchToThread () returned 1 [0115.449] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0115.541] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00018dcf4 | out: lpMode=0xc00018dcf4) returned 0 [0115.544] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.546] GetFileType (hFile=0x1b4) returned 0x1 [0115.546] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.579] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.627] SetEvent (hEvent=0x1c4) returned 1 [0115.627] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.628] SetEvent (hEvent=0x12c) returned 1 [0115.629] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.640] SetEvent (hEvent=0xfc) returned 1 [0115.640] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.646] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x200 [0115.650] GetConsoleMode (in: hConsoleHandle=0x200, lpMode=0xc0001b5cf4 | out: lpMode=0xc0001b5cf4) returned 0 [0115.652] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.677] GetFileType (hFile=0x200) returned 0x1 [0115.677] GetFileType (hFile=0x200) returned 0x1 [0115.677] GetFileInformationByHandle (in: hFile=0x200, lpFileInformation=0xc0001b5d44 | out: lpFileInformation=0xc0001b5d44) returned 1 [0115.677] GetFileInformationByHandleEx (in: hFile=0x200, FileInformationClass=0x9, lpFileInformation=0xc0001b5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b5d28) returned 1 [0115.677] ReadFile (in: hFile=0x200, lpBuffer=0xc000186500, nNumberOfBytesToRead=0x4ed, lpNumberOfBytesRead=0xc0001b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000186500*, lpNumberOfBytesRead=0xc0001b5c04*=0x2ed, lpOverlapped=0x0) returned 1 [0115.682] ReadFile (in: hFile=0x200, lpBuffer=0xc0001867ed, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001867ed*, lpNumberOfBytesRead=0xc0001b5c04*=0x0, lpOverlapped=0x0) returned 1 [0115.682] CloseHandle (hObject=0x200) returned 1 [0115.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0115.707] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc0001b5d04 | out: lpMode=0xc0001b5d04) returned 0 [0115.712] GetFileType (hFile=0x194) returned 0x1 [0115.712] WriteFile (in: hFile=0x194, lpBuffer=0xc000198300*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0xc0001b5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000198300*, lpNumberOfBytesWritten=0xc0001b5cec*=0x2f0, lpOverlapped=0x0) returned 1 [0115.713] CloseHandle (hObject=0x194) returned 1 [0115.721] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0115.884] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000083e01 | out: pbBuffer=0xc000083e01) returned 1 [0115.884] VirtualAlloc (lpAddress=0xc000318000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000318000 [0115.885] VirtualAlloc (lpAddress=0xc00031a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031a000 [0115.885] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x294 [0115.885] GetConsoleMode (in: hConsoleHandle=0x294, lpMode=0xc0001b5d64 | out: lpMode=0xc0001b5d64) returned 0 [0115.886] GetFileType (hFile=0x294) returned 0x1 [0115.886] WriteFile (in: hFile=0x294, lpBuffer=0xc000266b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000266b00*, lpNumberOfBytesWritten=0xc0001b5d4c*=0x158, lpOverlapped=0x0) returned 1 [0115.887] CloseHandle (hObject=0x294) returned 1 [0115.890] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA6SNZ6[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa6snz6[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-AA6SNZ6[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-aa6snz6[1].png"), dwFlags=0x1) returned 1 [0116.448] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a09f698, ulCount=0x10, ulNumEntriesRemoved=0x2a09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a09f698, ulNumEntriesRemoved=0x2a09f66c) returned 0 [0116.448] SetEvent (hEvent=0x304) returned 1 [0116.448] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0116.450] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe08*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.451] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0116.451] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a09f6a0, ulNumEntriesRemoved=0x2a09f674) returned 0 [0116.451] SetEvent (hEvent=0x304) returned 1 [0116.451] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a09fe18*=0x1d0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.508] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0141.550] GetFileType (hFile=0x2bc) returned 0x1 [0141.550] WriteFile (in: hFile=0x2bc, lpBuffer=0xc000222000*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc0001fdcec, lpOverlapped=0x0 | out: lpBuffer=0xc000222000*, lpNumberOfBytesWritten=0xc0001fdcec*=0x90, lpOverlapped=0x0) returned 1 [0142.530] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0142.845] CloseHandle (hObject=0x2bc) returned 1 [0142.859] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0142.859] VirtualAlloc (lpAddress=0xc000716000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000716000 [0142.860] VirtualAlloc (lpAddress=0xc000718000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000718000 [0142.862] VirtualAlloc (lpAddress=0xc00071a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00071a000 [0142.863] VirtualAlloc (lpAddress=0xc00071c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00071c000 [0142.864] VirtualAlloc (lpAddress=0xc00071e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00071e000 [0142.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0142.865] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0001fdd64 | out: lpMode=0xc0001fdd64) returned 0 [0142.876] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) returned 0x0 [0144.174] GetFileType (hFile=0x3d8) returned 0x1 [0144.174] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000682000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000682000*, lpNumberOfBytesWritten=0xc0001fdd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.174] CloseHandle (hObject=0x3d8) returned 1 [0144.174] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0144.176] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@c.msn[1].txt"), dwFlags=0x1) returned 1 [0144.177] SetEvent (hEvent=0x144) returned 1 [0144.177] WaitForSingleObject (hHandle=0x1d0, dwMilliseconds=0xffffffff) Thread: id = 28 os_tid = 0x9b4 [0114.175] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2a29fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2a29fea0*=0x1b8) returned 1 [0114.175] VirtualQuery (in: lpAddress=0x2a29fec0, lpBuffer=0x2a29fec0, dwLength=0x30 | out: lpBuffer=0x2a29fec0*(BaseAddress=0x2a29f000, AllocationBase=0x2a0a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0114.176] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x148 [0114.176] GetConsoleMode (in: hConsoleHandle=0x148, lpMode=0xc00029dcf4 | out: lpMode=0xc00029dcf4) returned 0 [0114.177] GetFileType (hFile=0x148) returned 0x1 [0114.177] GetFileType (hFile=0x148) returned 0x1 [0114.177] GetFileInformationByHandle (in: hFile=0x148, lpFileInformation=0xc00029dd44 | out: lpFileInformation=0xc00029dd44) returned 1 [0114.177] GetFileInformationByHandleEx (in: hFile=0x148, FileInformationClass=0x9, lpFileInformation=0xc00029dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029dd28) returned 1 [0114.177] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0114.178] ReadFile (in: hFile=0x148, lpBuffer=0xc0000bc000, nNumberOfBytesToRead=0x1c65, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc000*, lpNumberOfBytesRead=0xc00029dc04*=0x1a65, lpOverlapped=0x0) returned 1 [0114.183] ReadFile (in: hFile=0x148, lpBuffer=0xc0000bda65, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000bda65*, lpNumberOfBytesRead=0xc00029dc04*=0x0, lpOverlapped=0x0) returned 1 [0114.183] CloseHandle (hObject=0x148) returned 1 [0114.183] VirtualAlloc (lpAddress=0xc000290000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0114.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xec [0114.210] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1dc [0114.210] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1bc [0114.210] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0114.234] GetConsoleMode (in: hConsoleHandle=0xec, lpMode=0xc00029dd04 | out: lpMode=0xc00029dd04) returned 0 [0114.236] GetFileType (hFile=0xec) returned 0x1 [0114.236] WriteFile (in: hFile=0xec, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x1a70, lpNumberOfBytesWritten=0xc00029dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc00029dcec*=0x1a70, lpOverlapped=0x0) returned 1 [0114.237] CloseHandle (hObject=0xec) returned 1 [0114.242] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533101 | out: pbBuffer=0xc000533101) returned 1 [0114.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x194 [0114.242] GetConsoleMode (in: hConsoleHandle=0x194, lpMode=0xc00029dd64 | out: lpMode=0xc00029dd64) returned 0 [0114.251] GetFileType (hFile=0x194) returned 0x1 [0114.251] WriteFile (in: hFile=0x194, lpBuffer=0xc0000409a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000409a0*, lpNumberOfBytesWritten=0xc00029dd4c*=0x158, lpOverlapped=0x0) returned 1 [0114.251] CloseHandle (hObject=0x194) returned 1 [0114.252] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0114.252] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\BBEgHzB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bbeghzb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-BBEgHzB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bbeghzb[1].jpg"), dwFlags=0x1) returned 1 [0114.457] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0114.457] SetEvent (hEvent=0x198) returned 1 [0114.458] VirtualAlloc (lpAddress=0xc0003a4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a4000 [0114.459] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.460] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0114.460] SetEvent (hEvent=0x198) returned 1 [0114.460] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.462] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0114.463] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.476] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0114.476] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0114.476] SetEvent (hEvent=0xc0) returned 1 [0114.476] SetEvent (hEvent=0x100) returned 1 [0114.476] VirtualAlloc (lpAddress=0xc0003ac000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ac000 [0114.478] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.479] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.480] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0114.480] SetEvent (hEvent=0x15c) returned 1 [0114.480] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.489] SetEvent (hEvent=0x15c) returned 1 [0114.489] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.490] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0114.490] SetEvent (hEvent=0x15c) returned 1 [0114.490] VirtualAlloc (lpAddress=0xc0003b4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003b4000 [0114.492] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.492] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0114.492] SetEvent (hEvent=0x164) returned 1 [0114.493] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.496] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.497] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0114.497] SetEvent (hEvent=0xc0) returned 1 [0114.497] SetEvent (hEvent=0x15c) returned 1 [0114.497] SetEvent (hEvent=0x198) returned 1 [0114.497] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.500] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.504] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0114.504] SetEvent (hEvent=0x13c) returned 1 [0114.504] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.506] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.507] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0114.507] SetEvent (hEvent=0x114) returned 1 [0114.507] VirtualAlloc (lpAddress=0xc0003bc000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003bc000 [0114.508] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.509] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.510] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.512] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0114.512] SetEvent (hEvent=0xf4) returned 1 [0114.512] SetEvent (hEvent=0x8c) returned 1 [0114.512] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.515] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0114.515] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.517] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0114.517] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0114.517] SetEvent (hEvent=0xc0) returned 1 [0114.517] SetEvent (hEvent=0x8c) returned 1 [0114.517] VirtualAlloc (lpAddress=0xc0003d8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d8000 [0114.518] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.522] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.716] SwitchToThread () returned 1 [0114.721] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0114.721] SetEvent (hEvent=0x1d0) returned 1 [0114.721] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.729] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0114.729] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.735] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0114.735] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0114.735] SetEvent (hEvent=0xc0) returned 1 [0114.735] SetEvent (hEvent=0x12c) returned 1 [0114.735] SetEvent (hEvent=0x1f8) returned 1 [0114.738] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.744] SetEvent (hEvent=0x1f8) returned 1 [0114.744] SetEvent (hEvent=0x12c) returned 1 [0114.744] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.749] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0114.749] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.751] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0114.751] SetEvent (hEvent=0xb8) returned 1 [0114.751] SetEvent (hEvent=0x12c) returned 1 [0114.751] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.756] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0114.756] SetEvent (hEvent=0x1f8) returned 1 [0114.756] SetEvent (hEvent=0xb8) returned 1 [0114.756] SetEvent (hEvent=0x1d0) returned 1 [0114.757] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.765] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.768] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0114.768] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.769] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0114.769] SetEvent (hEvent=0xc0) returned 1 [0114.769] SetEvent (hEvent=0x1d0) returned 1 [0114.769] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.771] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.772] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0114.772] SetEvent (hEvent=0x1c4) returned 1 [0114.772] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.775] SetEvent (hEvent=0x1d0) returned 1 [0114.775] SetEvent (hEvent=0x1f8) returned 1 [0114.775] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.777] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.777] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0114.777] SetEvent (hEvent=0x1c4) returned 1 [0114.778] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.779] WriteFile (in: hFile=0x210, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000191d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000191d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.779] CloseHandle (hObject=0x210) returned 1 [0114.789] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\async_usersync[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\async_usersync[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-async_usersync[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-async_usersync[1].htm"), dwFlags=0x1) returned 1 [0114.811] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0114.816] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0114.822] SetEvent (hEvent=0x1c4) returned 1 [0114.822] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.826] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0114.826] SetEvent (hEvent=0xc0) returned 1 [0114.826] SetEvent (hEvent=0x120) returned 1 [0114.826] SetEvent (hEvent=0x1c4) returned 1 [0114.826] SetEvent (hEvent=0x1d0) returned 1 [0114.826] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.833] SetEvent (hEvent=0x120) returned 1 [0114.833] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.841] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0114.841] SetEvent (hEvent=0x120) returned 1 [0114.841] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.849] VirtualAlloc (lpAddress=0xc0003c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c6000 [0114.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x210 [0114.850] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc00018fcf4 | out: lpMode=0xc00018fcf4) returned 0 [0114.857] GetFileType (hFile=0x210) returned 0x1 [0114.857] GetFileType (hFile=0x210) returned 0x1 [0114.857] GetFileInformationByHandle (in: hFile=0x210, lpFileInformation=0xc00018fd44 | out: lpFileInformation=0xc00018fd44) returned 1 [0114.857] GetFileInformationByHandleEx (in: hFile=0x210, FileInformationClass=0x9, lpFileInformation=0xc00018fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018fd28) returned 1 [0114.857] VirtualAlloc (lpAddress=0xc0003e0000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e0000 [0114.858] ReadFile (in: hFile=0x210, lpBuffer=0xc0003e0000, nNumberOfBytesToRead=0xcf6, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003e0000*, lpNumberOfBytesRead=0xc00018fc04*=0xaf6, lpOverlapped=0x0) returned 1 [0114.878] ReadFile (in: hFile=0x210, lpBuffer=0xc0003e0af6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003e0af6*, lpNumberOfBytesRead=0xc00018fc04*=0x0, lpOverlapped=0x0) returned 1 [0114.878] CloseHandle (hObject=0x210) returned 1 [0114.878] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0114.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0114.889] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc00018fd04 | out: lpMode=0xc00018fd04) returned 0 [0114.892] GetFileType (hFile=0x214) returned 0x1 [0114.892] WriteFile (in: hFile=0x214, lpBuffer=0xc0000e4000*, nNumberOfBytesToWrite=0xb00, lpNumberOfBytesWritten=0xc00018fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesWritten=0xc00018fcec*=0xb00, lpOverlapped=0x0) returned 1 [0114.893] CloseHandle (hObject=0x214) returned 1 [0114.898] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532401 | out: pbBuffer=0xc000532401) returned 1 [0114.898] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0114.899] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0114.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0114.899] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc00018fd64 | out: lpMode=0xc00018fd64) returned 0 [0114.902] GetFileType (hFile=0x1b4) returned 0x1 [0114.902] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00006c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006c2c0*, lpNumberOfBytesWritten=0xc00018fd4c*=0x158, lpOverlapped=0x0) returned 1 [0114.902] CloseHandle (hObject=0x1b4) returned 1 [0114.906] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\browser[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\browser[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-browser[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-browser[1].htm"), dwFlags=0x1) returned 1 [0114.970] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.970] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.971] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.971] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000155818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc000155818*=0x2) returned 1 [0115.068] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.069] SetEvent (hEvent=0x1d0) returned 1 [0115.069] SetEvent (hEvent=0x1f8) returned 1 [0115.069] SetEvent (hEvent=0x120) returned 1 [0115.069] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.081] SetEvent (hEvent=0x1d0) returned 1 [0115.081] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.083] SetEvent (hEvent=0x1d0) returned 1 [0115.083] SetEvent (hEvent=0x198) returned 1 [0115.083] SetEvent (hEvent=0x1f8) returned 1 [0115.083] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.089] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.092] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.108] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.111] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.115] SetEvent (hEvent=0x12c) returned 1 [0115.115] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.116] SetEvent (hEvent=0x12c) returned 1 [0115.116] SetEvent (hEvent=0xfc) returned 1 [0115.116] VirtualFree (lpAddress=0xc000366000, dwSize=0x2a000, dwFreeType=0x4000) returned 1 [0115.118] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.118] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.118] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.120] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.120] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.121] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.121] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00020f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc00020f818*=0x2) returned 1 [0115.122] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.129] SetEvent (hEvent=0x12c) returned 1 [0115.129] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0115.129] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0115.130] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x214 [0115.130] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0115.132] GetFileType (hFile=0x214) returned 0x1 [0115.132] GetFileType (hFile=0x214) returned 0x1 [0115.132] GetFileInformationByHandle (in: hFile=0x214, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0115.132] GetFileInformationByHandleEx (in: hFile=0x214, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0115.132] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0115.133] ReadFile (in: hFile=0x214, lpBuffer=0xc000164000, nNumberOfBytesToRead=0x22b, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000164000*, lpNumberOfBytesRead=0xc0006ddc04*=0x2b, lpOverlapped=0x0) returned 1 [0115.135] ReadFile (in: hFile=0x214, lpBuffer=0xc00016402b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016402b*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0115.135] CloseHandle (hObject=0x214) returned 1 [0115.135] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0115.136] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0115.137] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0115.138] GetFileType (hFile=0x214) returned 0x1 [0115.138] WriteFile (in: hFile=0x214, lpBuffer=0xc0000c8060*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000c8060*, lpNumberOfBytesWritten=0xc0006ddcec*=0x30, lpOverlapped=0x0) returned 1 [0115.139] CloseHandle (hObject=0x214) returned 1 [0115.140] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0115.140] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0115.141] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0115.141] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0115.142] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0115.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0115.142] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0115.143] GetFileType (hFile=0x210) returned 0x1 [0115.143] WriteFile (in: hFile=0x210, lpBuffer=0xc00006a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006a2c0*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0115.143] CloseHandle (hObject=0x210) returned 1 [0115.147] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\e151e5[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\e151e5[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-e151e5[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-e151e5[1].gif"), dwFlags=0x1) returned 1 [0115.212] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.212] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0115.213] SetEvent (hEvent=0xfc) returned 1 [0115.213] SetEvent (hEvent=0x1d0) returned 1 [0115.213] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.218] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0115.218] SetEvent (hEvent=0x1d0) returned 1 [0115.218] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.225] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.242] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.253] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.255] SetEvent (hEvent=0x1f8) returned 1 [0115.255] SetEvent (hEvent=0x12c) returned 1 [0115.255] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.256] VirtualFree (lpAddress=0xc000054000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0115.256] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.256] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000052018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc000052018*, lpNumberOfCharsWritten=0xc0006e1818*=0x2) returned 1 [0115.257] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.260] SetEvent (hEvent=0xfc) returned 1 [0115.260] SetEvent (hEvent=0x12c) returned 1 [0115.260] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0115.260] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\index[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\index[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x214 [0115.261] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc000155cf4 | out: lpMode=0xc000155cf4) returned 0 [0115.261] GetFileType (hFile=0x214) returned 0x1 [0115.263] GetFileType (hFile=0x214) returned 0x1 [0115.263] GetFileInformationByHandle (in: hFile=0x214, lpFileInformation=0xc000155d44 | out: lpFileInformation=0xc000155d44) returned 1 [0115.264] GetFileInformationByHandleEx (in: hFile=0x214, FileInformationClass=0x9, lpFileInformation=0xc000155d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000155d28) returned 1 [0115.264] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0115.265] ReadFile (in: hFile=0x214, lpBuffer=0xc000230000, nNumberOfBytesToRead=0xb8c8, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc000155c04*=0xb6c8, lpOverlapped=0x0) returned 1 [0115.272] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.274] ReadFile (in: hFile=0x214, lpBuffer=0xc00023b6c8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc00023b6c8*, lpNumberOfBytesRead=0xc000155c04*=0x0, lpOverlapped=0x0) returned 1 [0115.274] CloseHandle (hObject=0x214) returned 1 [0115.274] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0115.274] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0115.275] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0115.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\index[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\index[1].htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x214 [0115.280] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc000155d04 | out: lpMode=0xc000155d04) returned 0 [0115.282] GetFileType (hFile=0x214) returned 0x1 [0115.282] WriteFile (in: hFile=0x214, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0xb6d0, lpNumberOfBytesWritten=0xc000155cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc000155cec*=0xb6d0, lpOverlapped=0x0) returned 1 [0115.284] CloseHandle (hObject=0x214) returned 1 [0115.285] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0115.285] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0115.285] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0115.286] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0115.286] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0115.287] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0115.287] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\index[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\index[1].htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0115.288] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000155d64 | out: lpMode=0xc000155d64) returned 0 [0115.288] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.291] SetEvent (hEvent=0x1d0) returned 1 [0115.291] GetFileType (hFile=0x1b0) returned 0x1 [0115.291] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000942c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000155d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000942c0*, lpNumberOfBytesWritten=0xc000155d4c*=0x158, lpOverlapped=0x0) returned 1 [0115.292] CloseHandle (hObject=0x1b0) returned 1 [0115.294] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.300] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\index[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\index[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-index[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-index[1].htm"), dwFlags=0x1) returned 1 [0115.364] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0115.364] SetEvent (hEvent=0x12c) returned 1 [0115.364] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.368] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.368] SetEvent (hEvent=0x120) returned 1 [0115.368] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.371] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.371] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0115.371] SetEvent (hEvent=0x120) returned 1 [0115.371] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.377] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.377] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.573] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x214 [0115.573] GetConsoleMode (in: hConsoleHandle=0x214, lpMode=0xc00023dcf4 | out: lpMode=0xc00023dcf4) returned 0 [0115.578] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.583] GetFileType (hFile=0x214) returned 0x1 [0115.583] GetFileType (hFile=0x214) returned 0x1 [0115.583] GetFileInformationByHandle (in: hFile=0x214, lpFileInformation=0xc00023dd44 | out: lpFileInformation=0xc00023dd44) returned 1 [0115.583] GetFileInformationByHandleEx (in: hFile=0x214, FileInformationClass=0x9, lpFileInformation=0xc00023dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023dd28) returned 1 [0115.583] ReadFile (in: hFile=0x214, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x8dc, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc00023dc04*=0x6dc, lpOverlapped=0x0) returned 1 [0115.596] ReadFile (in: hFile=0x214, lpBuffer=0xc00003c6dc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c6dc*, lpNumberOfBytesRead=0xc00023dc04*=0x0, lpOverlapped=0x0) returned 1 [0115.596] CloseHandle (hObject=0x214) returned 1 [0115.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x204 [0115.604] GetConsoleMode (in: hConsoleHandle=0x204, lpMode=0xc00023dd04 | out: lpMode=0xc00023dd04) returned 0 [0115.605] GetFileType (hFile=0x204) returned 0x1 [0115.605] WriteFile (in: hFile=0x204, lpBuffer=0xc00005e000*, nNumberOfBytesToWrite=0x6e0, lpNumberOfBytesWritten=0xc00023dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesWritten=0xc00023dcec*=0x6e0, lpOverlapped=0x0) returned 1 [0115.606] CloseHandle (hObject=0x204) returned 1 [0115.613] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0115.618] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0115.619] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0115.620] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0115.620] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0115.620] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc00023dd64 | out: lpMode=0xc00023dd64) returned 0 [0115.622] GetFileType (hFile=0x174) returned 0x1 [0115.622] WriteFile (in: hFile=0x174, lpBuffer=0xc0001822c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001822c0*, lpNumberOfBytesWritten=0xc00023dd4c*=0x158, lpOverlapped=0x0) returned 1 [0115.623] CloseHandle (hObject=0x174) returned 1 [0115.626] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0115.627] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOmuh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbomuh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBOmuh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbbomuh[1].jpg"), dwFlags=0x1) returned 1 [0115.935] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0115.935] SetEvent (hEvent=0x29c) returned 1 [0115.935] SetEvent (hEvent=0x2a8) returned 1 [0115.935] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00019c700, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x200 [0115.943] CloseHandle (hObject=0x200) returned 1 [0115.943] SetEvent (hEvent=0x1a0) returned 1 [0115.943] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0116.113] SetEvent (hEvent=0x9c) returned 1 [0116.113] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0116.121] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x254 [0116.122] GetConsoleMode (in: hConsoleHandle=0x254, lpMode=0xc000143cf4 | out: lpMode=0xc000143cf4) returned 0 [0116.123] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0116.174] GetFileType (hFile=0x254) returned 0x1 [0116.175] GetFileType (hFile=0x254) returned 0x1 [0116.175] GetFileInformationByHandle (in: hFile=0x254, lpFileInformation=0xc000143d44 | out: lpFileInformation=0xc000143d44) returned 1 [0116.175] GetFileInformationByHandleEx (in: hFile=0x254, FileInformationClass=0x9, lpFileInformation=0xc000143d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000143d28) returned 1 [0116.175] ReadFile (in: hFile=0x254, lpBuffer=0xc00029aa80, nNumberOfBytesToRead=0xa63, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029aa80*, lpNumberOfBytesRead=0xc000143c04*=0x863, lpOverlapped=0x0) returned 1 [0116.180] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0116.207] ReadFile (in: hFile=0x254, lpBuffer=0xc00029b2e3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029b2e3*, lpNumberOfBytesRead=0xc000143c04*=0x0, lpOverlapped=0x0) returned 1 [0116.208] CloseHandle (hObject=0x254) returned 1 [0116.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x348 [0116.270] GetConsoleMode (in: hConsoleHandle=0x348, lpMode=0xc000143d04 | out: lpMode=0xc000143d04) returned 0 [0116.270] GetFileType (hFile=0x348) returned 0x1 [0116.270] WriteFile (in: hFile=0x348, lpBuffer=0xc00003c900*, nNumberOfBytesToWrite=0x870, lpNumberOfBytesWritten=0xc000143cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c900*, lpNumberOfBytesWritten=0xc000143cec*=0x870, lpOverlapped=0x0) returned 1 [0116.271] CloseHandle (hObject=0x348) returned 1 [0116.272] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a301 | out: pbBuffer=0xc00031a301) returned 1 [0116.272] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0116.273] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x348 [0116.273] GetConsoleMode (in: hConsoleHandle=0x348, lpMode=0xc000143d64 | out: lpMode=0xc000143d64) returned 0 [0116.273] GetFileType (hFile=0x348) returned 0x1 [0116.273] WriteFile (in: hFile=0x348, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000143d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000143d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.273] CloseHandle (hObject=0x348) returned 1 [0116.275] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE3NcH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe3nch[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBE3NcH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbe3nch[1].jpg"), dwFlags=0x1) returned 1 [0116.797] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.798] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0116.798] SetEvent (hEvent=0x318) returned 1 [0116.798] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0116.800] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.802] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.805] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0116.805] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.807] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0116.807] SetEvent (hEvent=0xc0) returned 1 [0116.807] SetEvent (hEvent=0x234) returned 1 [0116.807] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.808] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0116.808] SetEvent (hEvent=0x2b0) returned 1 [0116.808] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0116.812] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.813] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0116.813] SetEvent (hEvent=0x324) returned 1 [0116.813] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.815] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.916] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.921] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0116.921] SetEvent (hEvent=0xc0) returned 1 [0116.921] SetEvent (hEvent=0x120) returned 1 [0116.921] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.926] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.926] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0116.926] SetEvent (hEvent=0x120) returned 1 [0116.927] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.928] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.025] SwitchToThread () returned 1 [0117.026] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0117.026] SetEvent (hEvent=0x320) returned 1 [0117.027] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.030] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.031] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0117.031] SetEvent (hEvent=0xc0) returned 1 [0117.031] SetEvent (hEvent=0x1f8) returned 1 [0117.032] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0117.033] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0117.033] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.035] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.037] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0117.037] SetEvent (hEvent=0x1a0) returned 1 [0117.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.039] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.041] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0117.041] SetEvent (hEvent=0x340) returned 1 [0117.041] SetEvent (hEvent=0x320) returned 1 [0117.041] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.043] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.142] SwitchToThread () returned 1 [0117.144] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0117.144] SetEvent (hEvent=0x1f8) returned 1 [0117.144] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.147] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.149] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0117.149] SetEvent (hEvent=0xc0) returned 1 [0117.149] SetEvent (hEvent=0x1f8) returned 1 [0117.149] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.151] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.153] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0117.153] SetEvent (hEvent=0x388) returned 1 [0117.153] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.155] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.156] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0117.156] SetEvent (hEvent=0x388) returned 1 [0117.157] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.158] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.160] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.161] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0117.161] SetEvent (hEvent=0x3c4) returned 1 [0117.161] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.162] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.163] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0117.163] SetEvent (hEvent=0x340) returned 1 [0117.164] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.165] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.167] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0117.167] SetEvent (hEvent=0x39c) returned 1 [0117.167] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.180] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.182] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0117.182] SetEvent (hEvent=0xc0) returned 1 [0117.182] SetEvent (hEvent=0x9c) returned 1 [0117.182] SetEvent (hEvent=0x304) returned 1 [0117.183] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0117.185] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0117.185] SetEvent (hEvent=0x340) returned 1 [0117.185] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.193] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.193] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0117.193] SetEvent (hEvent=0xb8) returned 1 [0117.193] SetEvent (hEvent=0x340) returned 1 [0117.194] SetEvent (hEvent=0x3c8) returned 1 [0117.194] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.201] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0117.202] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0117.202] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0117.203] SetEvent (hEvent=0xc0) returned 1 [0117.203] SetEvent (hEvent=0x388) returned 1 [0117.203] SetEvent (hEvent=0xb8) returned 1 [0117.203] SetEvent (hEvent=0x3c8) returned 1 [0117.203] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.213] SetEvent (hEvent=0xb8) returned 1 [0117.213] SetEvent (hEvent=0x198) returned 1 [0117.213] SetEvent (hEvent=0x320) returned 1 [0117.213] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.215] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe30*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.215] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0117.216] SetEvent (hEvent=0x9c) returned 1 [0117.216] SetEvent (hEvent=0x3c4) returned 1 [0117.216] SetEvent (hEvent=0x340) returned 1 [0117.216] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.219] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3bc [0117.220] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc000045cf4 | out: lpMode=0xc000045cf4) returned 0 [0117.227] GetFileType (hFile=0x3bc) returned 0x1 [0117.227] GetFileType (hFile=0x3bc) returned 0x1 [0117.227] GetFileInformationByHandle (in: hFile=0x3bc, lpFileInformation=0xc000045d44 | out: lpFileInformation=0xc000045d44) returned 1 [0117.227] GetFileInformationByHandleEx (in: hFile=0x3bc, FileInformationClass=0x9, lpFileInformation=0xc000045d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000045d28) returned 1 [0117.228] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0117.229] ReadFile (in: hFile=0x3bc, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x2819, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc000045c04*=0x2619, lpOverlapped=0x0) returned 1 [0117.237] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0117.241] ReadFile (in: hFile=0x3bc, lpBuffer=0xc000214619, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc000214619*, lpNumberOfBytesRead=0xc000045c04*=0x0, lpOverlapped=0x0) returned 1 [0117.242] CloseHandle (hObject=0x3bc) returned 1 [0117.242] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0117.242] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0117.243] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0117.244] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0117.245] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0117.245] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0117.246] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc000045d04 | out: lpMode=0xc000045d04) returned 0 [0117.249] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0117.253] GetFileType (hFile=0x3bc) returned 0x1 [0117.254] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0117.290] WriteFile (in: hFile=0x3bc, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x2620, lpNumberOfBytesWritten=0xc000045cec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc000045cec*=0x2620, lpOverlapped=0x0) returned 1 [0117.292] CloseHandle (hObject=0x3bc) returned 1 [0117.297] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0117.297] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0117.298] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0117.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0117.299] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000045d64 | out: lpMode=0xc000045d64) returned 0 [0117.305] GetFileType (hFile=0x1b0) returned 0x1 [0117.305] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000045d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000045d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.305] CloseHandle (hObject=0x1b0) returned 1 [0117.314] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0117.333] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEfBrz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbefbrz[1].jpg"), dwFlags=0x1) returned 1 [0117.839] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0117.839] SwitchToThread () returned 1 [0117.840] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0117.875] SetEvent (hEvent=0x144) returned 1 [0117.875] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0117.935] SetEvent (hEvent=0x144) returned 1 [0117.935] SetEvent (hEvent=0xb8) returned 1 [0117.935] SetEvent (hEvent=0x264) returned 1 [0117.935] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0117.941] SetEvent (hEvent=0x13c) returned 1 [0117.941] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0117.945] SetEvent (hEvent=0x30c) returned 1 [0117.945] SetEvent (hEvent=0x13c) returned 1 [0117.945] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0117.963] GetFileType (hFile=0x374) returned 0x1 [0117.964] WriteFile (in: hFile=0x374, lpBuffer=0xc000010590*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000247cec, lpOverlapped=0x0 | out: lpBuffer=0xc000010590*, lpNumberOfBytesWritten=0xc000247cec*=0x10, lpOverlapped=0x0) returned 1 [0117.965] CloseHandle (hObject=0x374) returned 1 [0117.967] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0117.968] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0117.968] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0117.968] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0117.969] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0117.970] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0117.970] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0117.971] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\only[1].htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0117.971] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0117.971] GetFileType (hFile=0x3d8) returned 0x1 [0117.971] WriteFile (in: hFile=0x3d8, lpBuffer=0xc00006e2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006e2c0*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.972] CloseHandle (hObject=0x3d8) returned 1 [0117.972] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\only[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-only[1].htm"), dwFlags=0x1) returned 1 [0118.582] SetEvent (hEvent=0x264) returned 1 [0118.582] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0118.585] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0118.587] SetEvent (hEvent=0x274) returned 1 [0118.587] SetEvent (hEvent=0x3c8) returned 1 [0118.587] SwitchToThread () returned 1 [0118.588] SetEvent (hEvent=0x274) returned 1 [0118.588] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0118.613] SetEvent (hEvent=0x274) returned 1 [0118.613] VirtualFree (lpAddress=0xc00036e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.613] SetEvent (hEvent=0x264) returned 1 [0118.613] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0118.620] SetEvent (hEvent=0x3c8) returned 1 [0118.620] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0118.627] SetEvent (hEvent=0x274) returned 1 [0118.627] SetEvent (hEvent=0x334) returned 1 [0118.627] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.627] SetEvent (hEvent=0x13c) returned 1 [0118.627] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0118.630] SetEvent (hEvent=0x274) returned 1 [0118.630] SetEvent (hEvent=0x39c) returned 1 [0118.630] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0118.635] SetEvent (hEvent=0x274) returned 1 [0118.635] SetEvent (hEvent=0x334) returned 1 [0118.635] SetEvent (hEvent=0x3c8) returned 1 [0118.635] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0118.715] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e0 [0118.715] GetConsoleMode (in: hConsoleHandle=0x2e0, lpMode=0xc00017dcf4 | out: lpMode=0xc00017dcf4) returned 0 [0118.727] GetFileType (hFile=0x2e0) returned 0x1 [0118.727] GetFileType (hFile=0x2e0) returned 0x1 [0118.727] GetFileInformationByHandle (in: hFile=0x2e0, lpFileInformation=0xc00017dd44 | out: lpFileInformation=0xc00017dd44) returned 1 [0118.728] GetFileInformationByHandleEx (in: hFile=0x2e0, FileInformationClass=0x9, lpFileInformation=0xc00017dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00017dd28) returned 1 [0118.728] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0118.729] ReadFile (in: hFile=0x2e0, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0xb7c, lpNumberOfBytesRead=0xc00017dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc00017dc04*=0x97c, lpOverlapped=0x0) returned 1 [0118.733] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0118.821] ReadFile (in: hFile=0x2e0, lpBuffer=0xc0000fa97c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00017dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa97c*, lpNumberOfBytesRead=0xc00017dc04*=0x0, lpOverlapped=0x0) returned 1 [0118.821] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0118.907] CloseHandle (hObject=0x2e0) returned 1 [0118.907] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e0 [0118.908] GetConsoleMode (in: hConsoleHandle=0x2e0, lpMode=0xc00017dd04 | out: lpMode=0xc00017dd04) returned 0 [0118.912] GetFileType (hFile=0x2e0) returned 0x1 [0118.912] WriteFile (in: hFile=0x2e0, lpBuffer=0xc0000b6000*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0xc00017dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesWritten=0xc00017dcec*=0x980, lpOverlapped=0x0) returned 1 [0118.913] CloseHandle (hObject=0x2e0) returned 1 [0118.913] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a401 | out: pbBuffer=0xc00028a401) returned 1 [0118.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e0 [0118.913] GetConsoleMode (in: hConsoleHandle=0x2e0, lpMode=0xc00017dd64 | out: lpMode=0xc00017dd64) returned 0 [0118.914] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0119.030] GetFileType (hFile=0x2e0) returned 0x1 [0119.030] WriteFile (in: hFile=0x2e0, lpBuffer=0xc000238160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00017dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000238160*, lpNumberOfBytesWritten=0xc00017dd4c*=0x158, lpOverlapped=0x0) returned 1 [0119.030] CloseHandle (hObject=0x2e0) returned 1 [0119.033] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBImKp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbimkp[1].jpg"), dwFlags=0x1) returned 1 [0119.258] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f698, ulCount=0x10, ulNumEntriesRemoved=0x2a29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f698, ulNumEntriesRemoved=0x2a29f66c) returned 0 [0119.258] SetEvent (hEvent=0x9c) returned 1 [0119.259] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe08*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.259] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a29f6a0, ulNumEntriesRemoved=0x2a29f674) returned 0 [0119.259] SetEvent (hEvent=0x9c) returned 1 [0119.259] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a29fe18*=0x1dc, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.263] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0141.512] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\12b49.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\12b49.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0141.513] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000275cf4 | out: lpMode=0xc000275cf4) returned 0 [0141.517] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0141.895] GetFileType (hFile=0x3e0) returned 0x1 [0141.896] GetFileType (hFile=0x3e0) returned 0x1 [0141.896] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc000275d44 | out: lpFileInformation=0xc000275d44) returned 1 [0141.896] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc000275d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000275d28) returned 1 [0141.896] ReadFile (in: hFile=0x3e0, lpBuffer=0xc0000d1500, nNumberOfBytesToRead=0x14ca, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesRead=0xc000275c04*=0x12ca, lpOverlapped=0x0) returned 1 [0142.642] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0143.777] ReadFile (in: hFile=0x3e0, lpBuffer=0xc0000d27ca, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d27ca*, lpNumberOfBytesRead=0xc000275c04*=0x0, lpOverlapped=0x0) returned 1 [0143.777] CloseHandle (hObject=0x3e0) returned 1 [0143.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\12b49.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\12b49.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e8 [0143.800] GetConsoleMode (in: hConsoleHandle=0x4e8, lpMode=0xc000275d04 | out: lpMode=0xc000275d04) returned 0 [0143.805] GetFileType (hFile=0x4e8) returned 0x1 [0143.805] WriteFile (in: hFile=0x4e8, lpBuffer=0xc000332000*, nNumberOfBytesToWrite=0x12d0, lpNumberOfBytesWritten=0xc000275cec, lpOverlapped=0x0 | out: lpBuffer=0xc000332000*, lpNumberOfBytesWritten=0xc000275cec*=0x12d0, lpOverlapped=0x0) returned 1 [0143.806] CloseHandle (hObject=0x4e8) returned 1 [0143.816] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1601 | out: pbBuffer=0xc0000e1601) returned 1 [0143.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\12b49.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\12b49.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0143.817] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc000275d64 | out: lpMode=0xc000275d64) returned 0 [0143.819] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0144.337] GetFileType (hFile=0x5d8) returned 0x1 [0144.337] WriteFile (in: hFile=0x5d8, lpBuffer=0xc000682840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000275d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000682840*, lpNumberOfBytesWritten=0xc000275d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.337] CloseHandle (hObject=0x5d8) returned 1 [0144.337] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\12b49.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\12b49.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-12b49.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-12b49.lnk"), dwFlags=0x1) returned 1 [0144.345] SetEvent (hEvent=0xa78) returned 1 [0144.345] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) returned 0x0 [0144.356] SetEvent (hEvent=0x9b0) returned 1 [0144.356] WaitForSingleObject (hHandle=0x1dc, dwMilliseconds=0xffffffff) Thread: id = 29 os_tid = 0x9cc [0114.191] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2a49fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2a49fea0*=0x1c8) returned 1 [0114.191] VirtualQuery (in: lpAddress=0x2a49fec0, lpBuffer=0x2a49fec0, dwLength=0x30 | out: lpBuffer=0x2a49fec0*(BaseAddress=0x2a49f000, AllocationBase=0x2a2a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0114.191] SetEvent (hEvent=0x188) returned 1 [0114.191] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1d4 [0114.191] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x128 [0114.191] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0114.215] SetEvent (hEvent=0xfc) returned 1 [0114.215] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0114.224] SetEvent (hEvent=0xf4) returned 1 [0114.224] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0114.226] SetEvent (hEvent=0x108) returned 1 [0114.226] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0114.239] SetEvent (hEvent=0x1d0) returned 1 [0114.239] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0114.253] SetEvent (hEvent=0x9c) returned 1 [0114.253] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0114.257] SetEvent (hEvent=0x100) returned 1 [0114.257] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0114.261] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0114.261] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000065cf4 | out: lpMode=0xc000065cf4) returned 0 [0114.263] GetFileType (hFile=0x174) returned 0x1 [0114.263] GetFileType (hFile=0x174) returned 0x1 [0114.263] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc000065d44 | out: lpFileInformation=0xc000065d44) returned 1 [0114.263] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc000065d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000065d28) returned 1 [0114.263] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0114.264] ReadFile (in: hFile=0x174, lpBuffer=0xc000300000, nNumberOfBytesToRead=0x2c3c, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesRead=0xc000065c04*=0x2a3c, lpOverlapped=0x0) returned 1 [0114.273] ReadFile (in: hFile=0x174, lpBuffer=0xc000302a3c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc000302a3c*, lpNumberOfBytesRead=0xc000065c04*=0x0, lpOverlapped=0x0) returned 1 [0114.273] CloseHandle (hObject=0x174) returned 1 [0114.273] VirtualAlloc (lpAddress=0xc000380000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000380000 [0114.274] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\DevCMDL2.2.18[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\devcmdl2.2.18[1].eot"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e0 [0114.353] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0114.380] GetConsoleMode (in: hConsoleHandle=0x1e0, lpMode=0xc000065d04 | out: lpMode=0xc000065d04) returned 0 [0114.383] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0114.386] SetEvent (hEvent=0xb8) returned 1 [0114.386] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0114.387] SetEvent (hEvent=0xb8) returned 1 [0114.387] SetEvent (hEvent=0x1f8) returned 1 [0114.387] SetEvent (hEvent=0x12c) returned 1 [0114.387] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0114.389] VirtualFree (lpAddress=0xc00030a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.389] VirtualFree (lpAddress=0xc000300000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.390] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0114.391] VirtualFree (lpAddress=0xc0002c6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.391] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0114.392] VirtualFree (lpAddress=0xc000290000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0114.393] VirtualFree (lpAddress=0xc00027c000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0114.393] VirtualFree (lpAddress=0xc00025a000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0114.394] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.394] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.395] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0114.395] VirtualFree (lpAddress=0xc000222000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.395] VirtualFree (lpAddress=0xc000212000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.396] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.396] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.396] VirtualFree (lpAddress=0xc000198000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.397] VirtualFree (lpAddress=0xc000180000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0114.397] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.398] VirtualFree (lpAddress=0xc000162000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.398] VirtualFree (lpAddress=0xc000146000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.398] VirtualFree (lpAddress=0xc00013a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.398] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.399] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0114.399] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.399] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.400] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.400] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.400] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.401] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.401] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.401] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.401] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.402] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.403] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.403] VirtualFree (lpAddress=0xc000078000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.403] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.404] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.404] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.404] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0114.405] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.405] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.405] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b5818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc0001b5818*=0x3) returned 1 [0114.412] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0114.424] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0114.446] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0114.457] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0114.463] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0114.479] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0115.669] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e0 [0115.670] GetConsoleMode (in: hConsoleHandle=0x1e0, lpMode=0xc0001cdcf4 | out: lpMode=0xc0001cdcf4) returned 0 [0115.673] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0115.804] GetFileType (hFile=0x1e0) returned 0x1 [0115.805] GetFileType (hFile=0x1e0) returned 0x1 [0115.805] GetFileInformationByHandle (in: hFile=0x1e0, lpFileInformation=0xc0001cdd44 | out: lpFileInformation=0xc0001cdd44) returned 1 [0115.805] GetFileInformationByHandleEx (in: hFile=0x1e0, FileInformationClass=0x9, lpFileInformation=0xc0001cdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cdd28) returned 1 [0115.805] ReadFile (in: hFile=0x1e0, lpBuffer=0xc00050d980, nNumberOfBytesToRead=0x1894, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesRead=0xc0001cdc04*=0x1694, lpOverlapped=0x0) returned 1 [0115.809] ReadFile (in: hFile=0x1e0, lpBuffer=0xc00050f014, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00050f014*, lpNumberOfBytesRead=0xc0001cdc04*=0x0, lpOverlapped=0x0) returned 1 [0115.809] CloseHandle (hObject=0x1e0) returned 1 [0115.809] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0115.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0115.873] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0115.960] GetConsoleMode (in: hConsoleHandle=0x280, lpMode=0xc0001cdd04 | out: lpMode=0xc0001cdd04) returned 0 [0115.964] GetFileType (hFile=0x280) returned 0x1 [0115.964] WriteFile (in: hFile=0x280, lpBuffer=0xc0001e2000*, nNumberOfBytesToWrite=0x16a0, lpNumberOfBytesWritten=0xc0001cdcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesWritten=0xc0001cdcec*=0x16a0, lpOverlapped=0x0) returned 1 [0115.965] CloseHandle (hObject=0x280) returned 1 [0115.974] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0101 | out: pbBuffer=0xc0000e0101) returned 1 [0115.975] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0115.975] VirtualAlloc (lpAddress=0xc0002f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f4000 [0115.976] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0115.976] GetConsoleMode (in: hConsoleHandle=0x280, lpMode=0xc0001cdd64 | out: lpMode=0xc0001cdd64) returned 0 [0115.979] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0116.000] GetFileType (hFile=0x280) returned 0x1 [0116.000] WriteFile (in: hFile=0x280, lpBuffer=0xc000182420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000182420*, lpNumberOfBytesWritten=0xc0001cdd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.000] CloseHandle (hObject=0x280) returned 1 [0116.006] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPMvJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpmvj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBPMvJ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbbpmvj[1].jpg"), dwFlags=0x1) returned 1 [0116.589] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a49f698, ulCount=0x10, ulNumEntriesRemoved=0x2a49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a49f698, ulNumEntriesRemoved=0x2a49f66c) returned 0 [0116.589] SetEvent (hEvent=0x208) returned 1 [0116.589] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0116.591] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a49fe08*=0x1d4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.592] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a49f6a0, ulNumEntriesRemoved=0x2a49f674) returned 0 [0116.592] SetEvent (hEvent=0x208) returned 1 [0116.592] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a49fe18*=0x1d4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.595] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0117.754] SetEvent (hEvent=0x1e8) returned 1 [0117.754] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0141.541] GetFileType (hFile=0x2c4) returned 0x1 [0141.541] WriteFile (in: hFile=0x2c4, lpBuffer=0xc000052270*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc00014bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000052270*, lpNumberOfBytesWritten=0xc00014bcec*=0xd0, lpOverlapped=0x0) returned 1 [0142.521] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0142.845] CloseHandle (hObject=0x2c4) returned 1 [0142.853] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0142.854] VirtualAlloc (lpAddress=0xc00063e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00063e000 [0142.855] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0142.855] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc00014bd64 | out: lpMode=0xc00014bd64) returned 0 [0142.874] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) returned 0x0 [0144.160] SetEvent (hEvent=0x24c) returned 1 [0144.160] WaitForSingleObject (hHandle=0x1d4, dwMilliseconds=0xffffffff) Thread: id = 30 os_tid = 0x9dc [0114.222] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2a69fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2a69fea0*=0x180) returned 1 [0114.222] VirtualQuery (in: lpAddress=0x2a69fec0, lpBuffer=0x2a69fec0, dwLength=0x30 | out: lpBuffer=0x2a69fec0*(BaseAddress=0x2a69f000, AllocationBase=0x2a4a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0114.222] SetEvent (hEvent=0x12c) returned 1 [0114.222] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1c4 [0114.223] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1c0 [0114.223] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.226] SetEvent (hEvent=0x15c) returned 1 [0114.226] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.232] SetEvent (hEvent=0x1dc) returned 1 [0114.232] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.239] SetEvent (hEvent=0x188) returned 1 [0114.239] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.276] SetEvent (hEvent=0x1a0) returned 1 [0114.276] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.277] SetEvent (hEvent=0x188) returned 1 [0114.277] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.294] SetEvent (hEvent=0x9c) returned 1 [0114.294] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.347] SetEvent (hEvent=0xf4) returned 1 [0114.347] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.373] SetEvent (hEvent=0xb8) returned 1 [0114.380] SetEvent (hEvent=0x12c) returned 1 [0114.380] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\Standard[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\standard[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x210 [0114.384] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc00018dcf4 | out: lpMode=0xc00018dcf4) returned 0 [0114.385] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.406] GetFileType (hFile=0x210) returned 0x1 [0114.406] GetFileType (hFile=0x210) returned 0x1 [0114.406] GetFileInformationByHandle (in: hFile=0x210, lpFileInformation=0xc00018dd44 | out: lpFileInformation=0xc00018dd44) returned 1 [0114.406] GetFileInformationByHandleEx (in: hFile=0x210, FileInformationClass=0x9, lpFileInformation=0xc00018dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018dd28) returned 1 [0114.406] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0114.408] ReadFile (in: hFile=0x210, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x15629, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc00018dc04*=0x15429, lpOverlapped=0x0) returned 1 [0114.427] SetEvent (hEvent=0xc0) returned 1 [0114.428] ReadFile (in: hFile=0x210, lpBuffer=0xc0002b9429, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b9429*, lpNumberOfBytesRead=0xc00018dc04*=0x0, lpOverlapped=0x0) returned 1 [0114.428] CloseHandle (hObject=0x210) returned 1 [0114.428] VirtualAlloc (lpAddress=0xc000316000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000316000 [0114.428] VirtualAlloc (lpAddress=0xc000318000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000318000 [0114.431] VirtualAlloc (lpAddress=0xc00032e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032e000 [0114.432] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\Standard[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\standard[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0114.437] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc00018dd04 | out: lpMode=0xc00018dd04) returned 0 [0114.437] GetFileType (hFile=0x210) returned 0x1 [0114.437] WriteFile (in: hFile=0x210, lpBuffer=0xc000318000*, nNumberOfBytesToWrite=0x15430, lpNumberOfBytesWritten=0xc00018dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000318000*, lpNumberOfBytesWritten=0xc00018dcec*=0x15430, lpOverlapped=0x0) returned 1 [0114.440] CloseHandle (hObject=0x210) returned 1 [0114.440] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0114.440] VirtualAlloc (lpAddress=0xc000330000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000330000 [0114.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\Standard[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\standard[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0114.441] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc00018dd64 | out: lpMode=0xc00018dd64) returned 0 [0114.441] GetFileType (hFile=0x210) returned 0x1 [0114.441] WriteFile (in: hFile=0x210, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00018dd4c*=0x158, lpOverlapped=0x0) returned 1 [0114.442] CloseHandle (hObject=0x210) returned 1 [0114.442] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\Standard[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\standard[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-Standard[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-standard[1]"), dwFlags=0x1) returned 1 [0114.770] SetEvent (hEvent=0x12c) returned 1 [0114.770] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.771] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.773] SetEvent (hEvent=0x1dc) returned 1 [0114.773] SetEvent (hEvent=0x12c) returned 1 [0114.773] VirtualFree (lpAddress=0xc0002fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.773] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.773] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.774] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.774] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000065818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc000065818*=0x2) returned 1 [0114.775] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.777] SetEvent (hEvent=0x1dc) returned 1 [0114.777] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.778] SetEvent (hEvent=0x1dc) returned 1 [0114.778] SetEvent (hEvent=0xb8) returned 1 [0114.778] SetEvent (hEvent=0x1f8) returned 1 [0114.778] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.785] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0114.785] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0114.786] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0114.787] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0114.800] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000155d04 | out: lpMode=0xc000155d04) returned 0 [0114.807] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.812] GetFileType (hFile=0x1b4) returned 0x1 [0114.812] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00006a000*, nNumberOfBytesToWrite=0x5ff0, lpNumberOfBytesWritten=0xc000155cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesWritten=0xc000155cec*=0x5ff0, lpOverlapped=0x0) returned 1 [0114.813] CloseHandle (hObject=0x1b4) returned 1 [0114.814] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0114.814] VirtualAlloc (lpAddress=0xc00035a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00035a000 [0114.814] VirtualAlloc (lpAddress=0xc00035c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00035c000 [0114.815] VirtualAlloc (lpAddress=0xc00035e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00035e000 [0114.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0114.815] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000155d64 | out: lpMode=0xc000155d64) returned 0 [0114.817] GetFileType (hFile=0x1b4) returned 0x1 [0114.817] WriteFile (in: hFile=0x1b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000155d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000155d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.817] CloseHandle (hObject=0x1b4) returned 1 [0114.817] VirtualAlloc (lpAddress=0xc000360000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000360000 [0114.818] VirtualAlloc (lpAddress=0xc000362000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000362000 [0114.818] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-b367c075-d98a-457d-b37d-3d9e8ab53e8b[1].jpg"), dwFlags=0x1) returned 1 [0114.819] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.820] SetEvent (hEvent=0xb8) returned 1 [0114.820] SetEvent (hEvent=0x1dc) returned 1 [0114.820] SetEvent (hEvent=0x1f8) returned 1 [0114.820] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.825] SetEvent (hEvent=0x1dc) returned 1 [0114.826] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0114.830] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000065cf4 | out: lpMode=0xc000065cf4) returned 0 [0114.830] GetFileType (hFile=0x1b4) returned 0x1 [0114.830] GetFileType (hFile=0x1b4) returned 0x1 [0114.830] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc000065d44 | out: lpFileInformation=0xc000065d44) returned 1 [0114.830] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc000065d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000065d28) returned 1 [0114.830] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0114.832] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000b6000, nNumberOfBytesToRead=0x7115, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesRead=0xc000065c04*=0x6f15, lpOverlapped=0x0) returned 1 [0114.837] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0000bcf15, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000bcf15*, lpNumberOfBytesRead=0xc000065c04*=0x0, lpOverlapped=0x0) returned 1 [0114.837] CloseHandle (hObject=0x1b4) returned 1 [0114.837] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0114.837] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0114.839] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b4 [0114.842] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc000065d04 | out: lpMode=0xc000065d04) returned 0 [0114.844] GetFileType (hFile=0x1b4) returned 0x1 [0114.845] WriteFile (in: hFile=0x1b4, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x6f20, lpNumberOfBytesWritten=0xc000065cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc000065cec*=0x6f20, lpOverlapped=0x0) returned 1 [0114.846] CloseHandle (hObject=0x1b4) returned 1 [0114.851] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0114.851] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0114.851] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0114.852] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0114.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0114.853] GetConsoleMode (in: hConsoleHandle=0x208, lpMode=0xc000065d64 | out: lpMode=0xc000065d64) returned 0 [0114.859] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0114.860] GetFileType (hFile=0x208) returned 0x1 [0114.860] WriteFile (in: hFile=0x208, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000065d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000065d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.860] CloseHandle (hObject=0x208) returned 1 [0114.861] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0114.861] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\bootstrap[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\bootstrap[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-bootstrap[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-bootstrap[1].js"), dwFlags=0x1) returned 1 [0114.950] SetEvent (hEvent=0xc0) returned 1 [0114.950] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a69f698, ulCount=0x10, ulNumEntriesRemoved=0x2a69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a69f698, ulNumEntriesRemoved=0x2a69f66c) returned 0 [0114.950] SetEvent (hEvent=0x12c) returned 1 [0114.950] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0114.951] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a69fe08*=0x1c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.954] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a69fe08*=0x1c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.957] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a69f6a0, ulNumEntriesRemoved=0x2a69f674) returned 0 [0114.957] SetEvent (hEvent=0x1f8) returned 1 [0114.957] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a69fe18*=0x1c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0114.961] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0115.577] SetEvent (hEvent=0xfc) returned 1 [0115.577] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x204 [0115.578] GetConsoleMode (in: hConsoleHandle=0x204, lpMode=0xc00018bcf4 | out: lpMode=0xc00018bcf4) returned 0 [0115.578] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0115.593] GetFileType (hFile=0x204) returned 0x1 [0115.593] GetFileType (hFile=0x204) returned 0x1 [0115.593] GetFileInformationByHandle (in: hFile=0x204, lpFileInformation=0xc00018bd44 | out: lpFileInformation=0xc00018bd44) returned 1 [0115.593] GetFileInformationByHandleEx (in: hFile=0x204, FileInformationClass=0x9, lpFileInformation=0xc00018bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018bd28) returned 1 [0115.593] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0115.594] ReadFile (in: hFile=0x204, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x24b3, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc00018bc04*=0x22b3, lpOverlapped=0x0) returned 1 [0115.597] ReadFile (in: hFile=0x204, lpBuffer=0xc0002a62b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a62b3*, lpNumberOfBytesRead=0xc00018bc04*=0x0, lpOverlapped=0x0) returned 1 [0115.597] CloseHandle (hObject=0x204) returned 1 [0115.597] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0115.598] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0115.598] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0115.599] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0115.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x200 [0115.616] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0115.628] GetConsoleMode (in: hConsoleHandle=0x200, lpMode=0xc00018bd04 | out: lpMode=0xc00018bd04) returned 0 [0115.631] GetFileType (hFile=0x200) returned 0x1 [0115.631] WriteFile (in: hFile=0x200, lpBuffer=0xc0002a6500*, nNumberOfBytesToWrite=0x22c0, lpNumberOfBytesWritten=0xc00018bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a6500*, lpNumberOfBytesWritten=0xc00018bcec*=0x22c0, lpOverlapped=0x0) returned 1 [0115.633] CloseHandle (hObject=0x200) returned 1 [0115.642] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0901 | out: pbBuffer=0xc0000e0901) returned 1 [0115.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1e8 [0115.642] GetConsoleMode (in: hConsoleHandle=0x1e8, lpMode=0xc00018bd64 | out: lpMode=0xc00018bd64) returned 0 [0115.650] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0115.673] GetFileType (hFile=0x1e8) returned 0x1 [0115.673] WriteFile (in: hFile=0x1e8, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc00018bd4c*=0x158, lpOverlapped=0x0) returned 1 [0115.673] CloseHandle (hObject=0x1e8) returned 1 [0115.680] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0115.888] VirtualAlloc (lpAddress=0xc0001c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c2000 [0115.889] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYEW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyew1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBYEW1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbbyew1[1].jpg"), dwFlags=0x1) returned 1 [0116.430] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a69f698, ulCount=0x10, ulNumEntriesRemoved=0x2a69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a69f698, ulNumEntriesRemoved=0x2a69f66c) returned 0 [0116.430] SetEvent (hEvent=0x304) returned 1 [0116.430] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a69fe08*=0x1c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.431] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a69f6a0, ulNumEntriesRemoved=0x2a69f674) returned 0 [0116.431] SetEvent (hEvent=0x304) returned 1 [0116.431] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a69fe18*=0x1c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.434] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0141.550] SetEvent (hEvent=0x35c) returned 1 [0141.550] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0141.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3fc [0141.553] GetConsoleMode (in: hConsoleHandle=0x3fc, lpMode=0xc00012fcf4 | out: lpMode=0xc00012fcf4) returned 0 [0141.555] GetFileType (hFile=0x3fc) returned 0x1 [0141.555] GetFileType (hFile=0x3fc) returned 0x1 [0141.555] GetFileInformationByHandle (in: hFile=0x3fc, lpFileInformation=0xc00012fd44 | out: lpFileInformation=0xc00012fd44) returned 1 [0141.555] GetFileInformationByHandleEx (in: hFile=0x3fc, FileInformationClass=0x9, lpFileInformation=0xc00012fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012fd28) returned 1 [0141.555] VirtualAlloc (lpAddress=0xc000322000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000322000 [0141.556] ReadFile (in: hFile=0x3fc, lpBuffer=0xc000322000, nNumberOfBytesToRead=0x2b2, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000322000*, lpNumberOfBytesRead=0xc00012fc04*=0xb2, lpOverlapped=0x0) returned 1 [0142.534] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0143.042] ReadFile (in: hFile=0x3fc, lpBuffer=0xc0003220b2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003220b2*, lpNumberOfBytesRead=0xc00012fc04*=0x0, lpOverlapped=0x0) returned 1 [0143.042] CloseHandle (hObject=0x3fc) returned 1 [0143.042] VirtualAlloc (lpAddress=0xc000728000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000728000 [0143.043] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3fc [0143.044] GetConsoleMode (in: hConsoleHandle=0x3fc, lpMode=0xc00012fd04 | out: lpMode=0xc00012fd04) returned 0 [0143.053] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0144.333] GetFileType (hFile=0x3fc) returned 0x1 [0144.333] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0144.663] WriteFile (in: hFile=0x3fc, lpBuffer=0xc0003140c0*, nNumberOfBytesToWrite=0xc0, lpNumberOfBytesWritten=0xc00012fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003140c0*, lpNumberOfBytesWritten=0xc00012fcec*=0xc0, lpOverlapped=0x0) returned 1 [0144.664] CloseHandle (hObject=0x3fc) returned 1 [0144.664] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0144.665] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0144.666] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0144.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3fc [0144.667] GetConsoleMode (in: hConsoleHandle=0x3fc, lpMode=0xc00012fd64 | out: lpMode=0xc00012fd64) returned 0 [0144.675] GetFileType (hFile=0x3fc) returned 0x1 [0144.675] WriteFile (in: hFile=0x3fc, lpBuffer=0xc0006151e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006151e0*, lpNumberOfBytesWritten=0xc00012fd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.675] CloseHandle (hObject=0x3fc) returned 1 [0144.675] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@track.adform[2].txt"), dwFlags=0x1) returned 1 [0144.677] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a69f698, ulCount=0x10, ulNumEntriesRemoved=0x2a69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a69f698, ulNumEntriesRemoved=0x2a69f66c) returned 0 [0144.677] SetEvent (hEvent=0xa70) returned 1 [0144.677] SetEvent (hEvent=0xc1c) returned 1 [0144.677] SetEvent (hEvent=0x980) returned 1 [0144.678] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a69fe08*=0x1c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.680] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0144.680] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a69fe08*=0x1c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.688] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0144.689] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a69fe30*=0x1c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.689] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a69f6a0, ulNumEntriesRemoved=0x2a69f674) returned 0 [0144.689] SetEvent (hEvent=0xc0) returned 1 [0144.689] SetEvent (hEvent=0x1f8) returned 1 [0144.689] SetEvent (hEvent=0xec) returned 1 [0144.689] SetEvent (hEvent=0x980) returned 1 [0144.689] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a69fe18*=0x1c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.714] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a69fe30*=0x1c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.737] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0144.737] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a69f698, ulCount=0x10, ulNumEntriesRemoved=0x2a69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a69f698, ulNumEntriesRemoved=0x2a69f66c) returned 0 [0144.737] SetEvent (hEvent=0x114) returned 1 [0144.737] SetEvent (hEvent=0x920) returned 1 [0144.737] SetEvent (hEvent=0xbd0) returned 1 [0144.738] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a69fe08*=0x1c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.745] SetEvent (hEvent=0x100) returned 1 [0144.745] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a69fe08*=0x1c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.752] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0144.752] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a69fe30*=0x1c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.753] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a69f6a0, ulNumEntriesRemoved=0x2a69f674) returned 0 [0144.753] SetEvent (hEvent=0x920) returned 1 [0144.753] SetEvent (hEvent=0xbd0) returned 1 [0144.753] SetEvent (hEvent=0x100) returned 1 [0144.753] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a69fe18*=0x1c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.761] VirtualFree (lpAddress=0xc000314000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.762] VirtualFree (lpAddress=0xc0002bc000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0144.763] VirtualFree (lpAddress=0xc000204000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.763] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.764] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.765] VirtualFree (lpAddress=0xc000182000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0144.765] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.766] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.767] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.767] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.768] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.769] SetEvent (hEvent=0xc34) returned 1 [0144.769] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0144.782] SetEvent (hEvent=0x9b8) returned 1 [0144.782] SetEvent (hEvent=0xa38) returned 1 [0144.782] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0144.794] SetEvent (hEvent=0xa78) returned 1 [0144.794] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0145.331] SetEvent (hEvent=0xc04) returned 1 [0145.331] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0145.373] SetEvent (hEvent=0x9a8) returned 1 [0145.373] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0145.381] VirtualFree (lpAddress=0xc000604000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0145.382] VirtualFree (lpAddress=0xc000260000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0145.383] VirtualFree (lpAddress=0xc000236000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.384] VirtualFree (lpAddress=0xc000230000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.385] VirtualFree (lpAddress=0xc000226000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.386] VirtualFree (lpAddress=0xc000222000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.387] VirtualFree (lpAddress=0xc000212000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0145.387] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.388] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0145.389] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.390] VirtualFree (lpAddress=0xc000110000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.390] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0145.391] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.392] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.393] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.395] SetEvent (hEvent=0xa50) returned 1 [0145.395] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0145.418] SetEvent (hEvent=0x1a0) returned 1 [0145.418] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0145.422] VirtualFree (lpAddress=0xc0002a6000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0145.424] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.425] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.427] SetEvent (hEvent=0x8e8) returned 1 [0145.427] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0145.430] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_pE9j8 9q1yztDImt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_pe9j8 9q1yztdimt.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0145.431] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000421d64 | out: lpMode=0xc000421d64) returned 0 [0145.447] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0145.857] GetFileType (hFile=0x1b0) returned 0x1 [0145.857] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000290c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000421d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290c60*, lpNumberOfBytesWritten=0xc000421d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.857] CloseHandle (hObject=0x1b0) returned 1 [0145.867] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0146.119] SetEvent (hEvent=0xc0) returned 1 [0146.119] SetEvent (hEvent=0xa80) returned 1 [0146.119] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_pE9j8 9q1yztDImt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_pe9j8 9q1yztdimt.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-_pE9j8 9q1yztDImt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-_pe9j8 9q1yztdimt.lnk"), dwFlags=0x1) returned 1 [0150.419] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a69f698, ulCount=0x10, ulNumEntriesRemoved=0x2a69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a69f698, ulNumEntriesRemoved=0x2a69f66c) returned 0 [0150.419] SetEvent (hEvent=0xec) returned 1 [0150.420] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a69fe08*=0x1c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.427] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a69f6a0, ulNumEntriesRemoved=0x2a69f674) returned 0 [0150.427] SetEvent (hEvent=0xec) returned 1 [0150.427] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a69fe18*=0x1c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.438] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) returned 0x0 [0150.438] SetEvent (hEvent=0x274) returned 1 [0150.438] WaitForSingleObject (hHandle=0x1c4, dwMilliseconds=0xffffffff) Thread: id = 31 os_tid = 0x9ec [0114.250] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2a89fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2a89fea0*=0x1e4) returned 1 [0114.250] VirtualQuery (in: lpAddress=0x2a89fec0, lpBuffer=0x2a89fec0, dwLength=0x30 | out: lpBuffer=0x2a89fec0*(BaseAddress=0x2a89f000, AllocationBase=0x2a6a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0114.250] SetEvent (hEvent=0x164) returned 1 [0114.250] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xec [0114.250] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1d8 [0114.250] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0114.253] SetEvent (hEvent=0x114) returned 1 [0114.253] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0114.276] SetEvent (hEvent=0x15c) returned 1 [0114.276] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0114.277] SetEvent (hEvent=0x164) returned 1 [0114.277] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0114.284] SetEvent (hEvent=0x13c) returned 1 [0114.284] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0114.289] SetEvent (hEvent=0x114) returned 1 [0114.289] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0114.294] SetEvent (hEvent=0x1d0) returned 1 [0114.294] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0114.347] SetEvent (hEvent=0x8c) returned 1 [0114.347] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0114.358] SetEvent (hEvent=0xfc) returned 1 [0114.358] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0114.363] SetEvent (hEvent=0x1a0) returned 1 [0114.363] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0114.367] SetEvent (hEvent=0x9c) returned 1 [0114.367] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0114.373] SetEvent (hEvent=0x1d4) returned 1 [0114.373] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0115.690] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x200 [0115.691] GetConsoleMode (in: hConsoleHandle=0x200, lpMode=0xc0001bfcf4 | out: lpMode=0xc0001bfcf4) returned 0 [0115.695] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0115.916] GetFileType (hFile=0x200) returned 0x1 [0115.916] GetFileType (hFile=0x200) returned 0x1 [0115.916] GetFileInformationByHandle (in: hFile=0x200, lpFileInformation=0xc0001bfd44 | out: lpFileInformation=0xc0001bfd44) returned 1 [0115.916] GetFileInformationByHandleEx (in: hFile=0x200, FileInformationClass=0x9, lpFileInformation=0xc0001bfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bfd28) returned 1 [0115.916] VirtualAlloc (lpAddress=0xc0003f0000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f0000 [0115.916] ReadFile (in: hFile=0x200, lpBuffer=0xc0003f0000, nNumberOfBytesToRead=0xbbe, lpNumberOfBytesRead=0xc0001bfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003f0000*, lpNumberOfBytesRead=0xc0001bfc04*=0x9be, lpOverlapped=0x0) returned 1 [0115.919] ReadFile (in: hFile=0x200, lpBuffer=0xc0003f09be, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003f09be*, lpNumberOfBytesRead=0xc0001bfc04*=0x0, lpOverlapped=0x0) returned 1 [0115.919] CloseHandle (hObject=0x200) returned 1 [0115.919] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0115.956] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0115.982] GetConsoleMode (in: hConsoleHandle=0x254, lpMode=0xc0001bfd04 | out: lpMode=0xc0001bfd04) returned 0 [0115.986] GetFileType (hFile=0x254) returned 0x1 [0115.986] WriteFile (in: hFile=0x254, lpBuffer=0xc000102a80*, nNumberOfBytesToWrite=0x9c0, lpNumberOfBytesWritten=0xc0001bfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000102a80*, lpNumberOfBytesWritten=0xc0001bfcec*=0x9c0, lpOverlapped=0x0) returned 1 [0115.988] CloseHandle (hObject=0x254) returned 1 [0115.995] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a601 | out: pbBuffer=0xc00031a601) returned 1 [0115.996] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0115.996] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc0001bfd64 | out: lpMode=0xc0001bfd64) returned 0 [0115.997] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0116.015] GetFileType (hFile=0x2d4) returned 0x1 [0116.015] WriteFile (in: hFile=0x2d4, lpBuffer=0xc0002d0b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002d0b00*, lpNumberOfBytesWritten=0xc0001bfd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.015] CloseHandle (hObject=0x2d4) returned 1 [0116.018] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBPK5J[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbpk5j[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBPK5J[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbbpk5j[1].jpg"), dwFlags=0x1) returned 1 [0116.604] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0116.604] SetEvent (hEvent=0x208) returned 1 [0116.604] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.605] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0116.606] SetEvent (hEvent=0x208) returned 1 [0116.606] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.608] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe30*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.608] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0116.608] SetEvent (hEvent=0x144) returned 1 [0116.609] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.610] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.612] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0116.612] SetEvent (hEvent=0x208) returned 1 [0116.612] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.617] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0116.617] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe30*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.618] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0116.618] SetEvent (hEvent=0xc0) returned 1 [0116.618] SetEvent (hEvent=0x208) returned 1 [0116.619] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.620] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0116.620] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.622] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0116.622] SetEvent (hEvent=0x13c) returned 1 [0116.622] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.624] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe30*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.625] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0116.625] SetEvent (hEvent=0x144) returned 1 [0116.625] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.626] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.627] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0116.627] SetEvent (hEvent=0x144) returned 1 [0116.627] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.630] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe30*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.631] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0116.631] SetEvent (hEvent=0x264) returned 1 [0116.631] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.632] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.633] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0116.633] SetEvent (hEvent=0x144) returned 1 [0116.633] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.634] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0117.453] SetEvent (hEvent=0x334) returned 1 [0117.453] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0117.457] VirtualAlloc (lpAddress=0xc0002e6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e6000 [0117.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0117.550] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc00015bd04 | out: lpMode=0xc00015bd04) returned 0 [0117.557] GetFileType (hFile=0x284) returned 0x1 [0117.557] WriteFile (in: hFile=0x284, lpBuffer=0xc0002e6000*, nNumberOfBytesToWrite=0x900, lpNumberOfBytesWritten=0xc00015bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002e6000*, lpNumberOfBytesWritten=0xc00015bcec*=0x900, lpOverlapped=0x0) returned 1 [0117.559] CloseHandle (hObject=0x284) returned 1 [0117.577] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3c01 | out: pbBuffer=0xc0001c3c01) returned 1 [0117.577] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0117.578] VirtualAlloc (lpAddress=0xc0004ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004ca000 [0117.578] VirtualAlloc (lpAddress=0xc0004cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004cc000 [0117.579] VirtualAlloc (lpAddress=0xc0004ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004ce000 [0117.579] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0117.579] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc00015bd64 | out: lpMode=0xc00015bd64) returned 0 [0117.597] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0117.682] GetFileType (hFile=0x284) returned 0x1 [0117.682] WriteFile (in: hFile=0x284, lpBuffer=0xc000182f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000182f20*, lpNumberOfBytesWritten=0xc00015bd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.682] CloseHandle (hObject=0x284) returned 1 [0117.689] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbegsz3[1].jpg"), dwFlags=0x1) returned 1 [0118.182] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0118.281] SwitchToThread () returned 1 [0118.282] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0118.847] SetEvent (hEvent=0x364) returned 1 [0118.847] SetEvent (hEvent=0x29c) returned 1 [0118.847] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0118.950] SetEvent (hEvent=0x24c) returned 1 [0118.950] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0118.959] SetEvent (hEvent=0x2b0) returned 1 [0118.959] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0118.981] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0118.981] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0002a1cf4 | out: lpMode=0xc0002a1cf4) returned 0 [0118.983] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0119.071] GetFileType (hFile=0x2e8) returned 0x1 [0119.071] GetFileType (hFile=0x2e8) returned 0x1 [0119.071] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc0002a1d44 | out: lpFileInformation=0xc0002a1d44) returned 1 [0119.071] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc0002a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a1d28) returned 1 [0119.071] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0119.072] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000236000, nNumberOfBytesToRead=0xa2f, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000236000*, lpNumberOfBytesRead=0xc0002a1c04*=0x82f, lpOverlapped=0x0) returned 1 [0119.076] ReadFile (in: hFile=0x2e8, lpBuffer=0xc00023682f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00023682f*, lpNumberOfBytesRead=0xc0002a1c04*=0x0, lpOverlapped=0x0) returned 1 [0119.077] CloseHandle (hObject=0x2e8) returned 1 [0119.077] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0119.077] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0119.077] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0119.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0119.119] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0119.160] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0002a1d04 | out: lpMode=0xc0002a1d04) returned 0 [0119.161] GetFileType (hFile=0x1b0) returned 0x1 [0119.161] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00024e900*, nNumberOfBytesToWrite=0x830, lpNumberOfBytesWritten=0xc0002a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00024e900*, lpNumberOfBytesWritten=0xc0002a1cec*=0x830, lpOverlapped=0x0) returned 1 [0119.162] CloseHandle (hObject=0x1b0) returned 1 [0119.163] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a801 | out: pbBuffer=0xc00028a801) returned 1 [0119.163] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0119.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0119.164] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0002a1d64 | out: lpMode=0xc0002a1d64) returned 0 [0119.166] GetFileType (hFile=0x1b0) returned 0x1 [0119.166] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000036580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000036580*, lpNumberOfBytesWritten=0xc0002a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.166] CloseHandle (hObject=0x1b0) returned 1 [0119.173] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBC0lf2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbc0lf2[1].jpg"), dwFlags=0x1) returned 1 [0119.887] SwitchToThread () returned 1 [0119.888] SetEvent (hEvent=0x30c) returned 1 [0119.888] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0119.890] SetEvent (hEvent=0x30c) returned 1 [0119.890] SetEvent (hEvent=0x24c) returned 1 [0119.890] SetEvent (hEvent=0x144) returned 1 [0119.890] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0119.891] SetEvent (hEvent=0x324) returned 1 [0119.891] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0120.581] SetEvent (hEvent=0x3c4) returned 1 [0120.582] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0120.587] SetEvent (hEvent=0x324) returned 1 [0120.587] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0120.595] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0120.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0120.654] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000175d04 | out: lpMode=0xc000175d04) returned 0 [0120.655] GetFileType (hFile=0x3d8) returned 0x1 [0120.655] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0120.656] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000208000*, nNumberOfBytesToWrite=0x9e0, lpNumberOfBytesWritten=0xc000175cec, lpOverlapped=0x0 | out: lpBuffer=0xc000208000*, lpNumberOfBytesWritten=0xc000175cec*=0x9e0, lpOverlapped=0x0) returned 1 [0120.657] CloseHandle (hObject=0x3d8) returned 1 [0120.659] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0120.661] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0e01 | out: pbBuffer=0xc0002f0e01) returned 1 [0120.661] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0120.661] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0120.663] GetFileType (hFile=0x240) returned 0x1 [0120.663] VirtualAlloc (lpAddress=0xc000312000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000312000 [0120.663] WriteFile (in: hFile=0x240, lpBuffer=0xc0002cef20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002cef20*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.664] CloseHandle (hObject=0x240) returned 1 [0120.664] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEeZ0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbeez0k[1].jpg"), dwFlags=0x1) returned 1 [0120.918] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0120.921] SetEvent (hEvent=0x12c) returned 1 [0120.921] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0122.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0122.294] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001f5cf4 | out: lpMode=0xc0001f5cf4) returned 0 [0122.297] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0122.350] GetFileType (hFile=0x370) returned 0x1 [0122.350] GetFileType (hFile=0x370) returned 0x1 [0122.350] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc0001f5d44 | out: lpFileInformation=0xc0001f5d44) returned 1 [0122.350] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc0001f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f5d28) returned 1 [0122.350] VirtualAlloc (lpAddress=0xc000286000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000286000 [0122.351] ReadFile (in: hFile=0x370, lpBuffer=0xc000286000, nNumberOfBytesToRead=0x2e9, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000286000*, lpNumberOfBytesRead=0xc0001f5c04*=0xe9, lpOverlapped=0x0) returned 1 [0122.352] ReadFile (in: hFile=0x370, lpBuffer=0xc0002860e9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002860e9*, lpNumberOfBytesRead=0xc0001f5c04*=0x0, lpOverlapped=0x0) returned 1 [0122.352] CloseHandle (hObject=0x370) returned 1 [0122.352] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0122.352] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0122.353] VirtualAlloc (lpAddress=0xc00028e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028e000 [0122.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0122.354] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001f5d04 | out: lpMode=0xc0001f5d04) returned 0 [0122.356] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0122.480] GetFileType (hFile=0x370) returned 0x1 [0122.480] WriteFile (in: hFile=0x370, lpBuffer=0xc0002881e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0001f5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002881e0*, lpNumberOfBytesWritten=0xc0001f5cec*=0xf0, lpOverlapped=0x0) returned 1 [0122.485] CloseHandle (hObject=0x370) returned 1 [0122.485] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0122.485] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0122.485] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0122.486] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0122.486] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0122.487] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0122.487] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0122.488] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0122.488] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001f5d64 | out: lpMode=0xc0001f5d64) returned 0 [0122.489] GetFileType (hFile=0x370) returned 0x1 [0122.489] WriteFile (in: hFile=0x370, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0001f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0122.489] CloseHandle (hObject=0x370) returned 1 [0122.489] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0122.490] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0122.490] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-roses.htm"), dwFlags=0x1) returned 1 [0122.491] VirtualFree (lpAddress=0xc000204000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.491] VirtualFree (lpAddress=0xc0001a6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.493] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.493] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.494] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.494] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.494] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.494] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.495] VirtualFree (lpAddress=0xc00010e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.495] SetEvent (hEvent=0x39c) returned 1 [0122.495] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0122.879] SetEvent (hEvent=0x39c) returned 1 [0122.879] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001e2030*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc00023f808, lpReserved=0x0 | out: lpBuffer=0xc0001e2030*, lpNumberOfCharsWritten=0xc00023f808*=0x11) returned 1 [0122.917] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0123.004] SetEvent (hEvent=0x39c) returned 1 [0123.004] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0123.012] SetEvent (hEvent=0x12c) returned 1 [0123.012] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0123.835] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0123.836] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0123.837] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0123.837] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0123.838] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0123.838] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000253cf4 | out: lpMode=0xc000253cf4) returned 0 [0123.841] GetFileType (hFile=0x23c) returned 0x1 [0123.841] GetFileType (hFile=0x23c) returned 0x1 [0123.841] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc000253d44 | out: lpFileInformation=0xc000253d44) returned 1 [0123.841] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc000253d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000253d28) returned 1 [0123.841] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0123.842] VirtualAlloc (lpAddress=0xc000280000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0123.843] ReadFile (in: hFile=0x23c, lpBuffer=0xc000280000, nNumberOfBytesToRead=0x4a98, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc000280000*, lpNumberOfBytesRead=0xc000253c04*=0x4898, lpOverlapped=0x0) returned 1 [0123.850] ReadFile (in: hFile=0x23c, lpBuffer=0xc000284898, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc000284898*, lpNumberOfBytesRead=0xc000253c04*=0x0, lpOverlapped=0x0) returned 1 [0123.850] CloseHandle (hObject=0x23c) returned 1 [0123.850] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0123.851] VirtualAlloc (lpAddress=0xc0002b2000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b2000 [0123.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0123.854] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000253d04 | out: lpMode=0xc000253d04) returned 0 [0123.860] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0123.885] GetFileType (hFile=0x23c) returned 0x1 [0123.886] WriteFile (in: hFile=0x23c, lpBuffer=0xc0002b2000*, nNumberOfBytesToWrite=0x48a0, lpNumberOfBytesWritten=0xc000253cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b2000*, lpNumberOfBytesWritten=0xc000253cec*=0x48a0, lpOverlapped=0x0) returned 1 [0123.888] CloseHandle (hObject=0x23c) returned 1 [0123.888] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0123.888] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0123.888] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000253d64 | out: lpMode=0xc000253d64) returned 0 [0123.894] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0123.915] SetEvent (hEvent=0xfc) returned 1 [0123.915] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0124.484] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0124.505] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0124.505] WriteFile (in: hFile=0x240, lpBuffer=0xc0000dc000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesWritten=0xc0000f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0124.506] CloseHandle (hObject=0x240) returned 1 [0124.507] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0124.507] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\encry-index.dat"), dwFlags=0x1) returned 1 [0124.508] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0124.509] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0124.509] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0124.510] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0124.510] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001f9d64 | out: lpMode=0xc0001f9d64) returned 0 [0124.518] GetFileType (hFile=0x240) returned 0x1 [0124.518] WriteFile (in: hFile=0x240, lpBuffer=0xc0000dc840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc840*, lpNumberOfBytesWritten=0xc0001f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0124.518] CloseHandle (hObject=0x240) returned 1 [0124.527] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0124.534] SetEvent (hEvent=0x114) returned 1 [0124.534] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0124.535] SetEvent (hEvent=0x114) returned 1 [0124.535] SetEvent (hEvent=0x39c) returned 1 [0124.536] VirtualFree (lpAddress=0xc000800000, dwSize=0x2e8000, dwFreeType=0x4000) returned 1 [0124.559] VirtualFree (lpAddress=0xc0006e4000, dwSize=0x11c000, dwFreeType=0x4000) returned 1 [0124.566] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.567] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.567] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.567] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.568] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.568] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.568] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.569] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.569] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.570] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.570] VirtualFree (lpAddress=0xc000072000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0124.570] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.571] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0124.571] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.571] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.572] SetEvent (hEvent=0x1a0) returned 1 [0124.572] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0124.847] SetEvent (hEvent=0x114) returned 1 [0124.847] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0124.883] SetEvent (hEvent=0x3c8) returned 1 [0124.883] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0124.884] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0124.884] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0124.885] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001bfcf4 | out: lpMode=0xc0001bfcf4) returned 0 [0124.889] GetFileType (hFile=0x2bc) returned 0x1 [0124.889] GetFileType (hFile=0x2bc) returned 0x1 [0124.889] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0001bfd44 | out: lpFileInformation=0xc0001bfd44) returned 1 [0124.889] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0001bfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bfd28) returned 1 [0124.889] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0124.890] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0124.892] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x424f, lpNumberOfBytesRead=0xc0001bfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0001bfc04*=0x404f, lpOverlapped=0x0) returned 1 [0124.895] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0002a804f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a804f*, lpNumberOfBytesRead=0xc0001bfc04*=0x0, lpOverlapped=0x0) returned 1 [0124.895] CloseHandle (hObject=0x2bc) returned 1 [0124.896] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0124.897] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001bfd04 | out: lpMode=0xc0001bfd04) returned 0 [0124.904] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0124.912] GetFileType (hFile=0x2bc) returned 0x1 [0124.912] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0002a8800*, nNumberOfBytesToWrite=0x4050, lpNumberOfBytesWritten=0xc0001bfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a8800*, lpNumberOfBytesWritten=0xc0001bfcec*=0x4050, lpOverlapped=0x0) returned 1 [0124.914] CloseHandle (hObject=0x2bc) returned 1 [0124.914] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0124.914] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0124.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0124.915] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001bfd64 | out: lpMode=0xc0001bfd64) returned 0 [0124.922] GetFileType (hFile=0x2bc) returned 0x1 [0124.923] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000dc420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc420*, lpNumberOfBytesWritten=0xc0001bfd4c*=0x158, lpOverlapped=0x0) returned 1 [0124.923] CloseHandle (hObject=0x2bc) returned 1 [0124.923] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\f17b2d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\E0\\encry-F17B2d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\e0\\encry-f17b2d01"), dwFlags=0x1) returned 1 [0124.924] SetEvent (hEvent=0x1a0) returned 1 [0124.924] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0124.929] SetEvent (hEvent=0x1a0) returned 1 [0124.929] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0124.932] SwitchToThread () returned 1 [0124.935] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0124.944] SetEvent (hEvent=0x3c8) returned 1 [0124.944] SetEvent (hEvent=0x324) returned 1 [0124.944] SetEvent (hEvent=0x1a0) returned 1 [0124.944] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0125.000] SetEvent (hEvent=0x3c8) returned 1 [0125.129] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0125.435] SetEvent (hEvent=0x3c8) returned 1 [0125.435] SetEvent (hEvent=0x114) returned 1 [0125.435] SetEvent (hEvent=0x1a0) returned 1 [0125.435] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0125.505] SetEvent (hEvent=0x324) returned 1 [0125.505] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0125.511] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0125.515] SetEvent (hEvent=0x3c8) returned 1 [0125.515] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0125.515] SetEvent (hEvent=0x1a0) returned 1 [0125.515] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0125.531] SetEvent (hEvent=0x3c8) returned 1 [0125.531] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0125.533] SetEvent (hEvent=0x324) returned 1 [0125.533] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0125.539] SetEvent (hEvent=0x1a0) returned 1 [0125.539] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0125.607] SetEvent (hEvent=0x3c8) returned 1 [0125.607] SwitchToThread () returned 1 [0125.617] SetEvent (hEvent=0x1b4) returned 1 [0125.617] SetEvent (hEvent=0x3c8) returned 1 [0125.617] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0125.641] SetEvent (hEvent=0x3c8) returned 1 [0125.641] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0125.643] SetEvent (hEvent=0x324) returned 1 [0125.643] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0125.644] SetEvent (hEvent=0x1a0) returned 1 [0125.644] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0125.813] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0125.813] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0125.814] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache"), fInfoLevelId=0x0, lpFileInformation=0xc0002614f0 | out: lpFileInformation=0xc0002614f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbece2650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbecfd400, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbecfd400, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0125.915] SwitchToThread () returned 1 [0125.997] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0126.046] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0126.046] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0126.068] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\*", lpFindFileData=0xc0002612a8 | out: lpFindFileData=0xc0002612a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbece2650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbecfd400, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbecfd400, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0126.068] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbece2650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbecfd400, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbecfd400, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0126.068] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbece4d60, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbece4d60, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc399b820, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.sqlite", cAlternateFileName="INDEX~1.SQL")) returned 1 [0126.068] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0126.068] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0126.068] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0126.069] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0126.069] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbece4d60, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbece4d60, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc399b820, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x40000)) returned 1 [0126.070] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_"), fInfoLevelId=0x0, lpFileInformation=0xc0002614f0 | out: lpFileInformation=0xc0002614f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb64f2970, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb64f2970, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853a9e10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1)) returned 1 [0126.070] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing"), fInfoLevelId=0x0, lpFileInformation=0xc0002614f0 | out: lpFileInformation=0xc0002614f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0126.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0126.070] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\*", lpFindFileData=0xc0002612a8 | out: lpFindFileData=0xc0002612a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0126.859] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x826bbed0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0126.859] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x825fd7f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x825fd7f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x825fd7f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="test-malware-simple.cache", cAlternateFileName="TEST-M~1.CAC")) returned 1 [0126.859] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8234ff30, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82649ab0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="test-malware-simple.pset", cAlternateFileName="TEST-M~1.PSE")) returned 1 [0126.859] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82376090, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82376090, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82376090, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x0, cFileName="test-malware-simple.sbstore", cAlternateFileName="TEST-M~1.SBS")) returned 1 [0126.859] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82695d70, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82695d70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82695d70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="test-phish-simple.cache", cAlternateFileName="TEST-P~1.CAC")) returned 1 [0126.859] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82376090, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82376090, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="test-phish-simple.pset", cAlternateFileName="TEST-P~1.PSE")) returned 1 [0126.859] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82649ab0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82649ab0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82649ab0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x0, cFileName="test-phish-simple.sbstore", cAlternateFileName="TEST-P~1.SBS")) returned 1 [0126.859] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0126.859] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0126.860] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0126.861] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x825fd7f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x825fd7f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x825fd7f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2c)) returned 1 [0126.862] SetEvent (hEvent=0x1b4) returned 1 [0126.862] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8234ff30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8234ff30, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82649ab0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0126.862] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82376090, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82376090, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82376090, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe8)) returned 1 [0126.862] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82695d70, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82695d70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82695d70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2c)) returned 1 [0126.875] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0126.912] SetEvent (hEvent=0x3c8) returned 1 [0126.913] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0126.925] SetEvent (hEvent=0x354) returned 1 [0126.925] SetEvent (hEvent=0x114) returned 1 [0126.925] SetEvent (hEvent=0x3c8) returned 1 [0126.926] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0126.928] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x22000, dwFreeType=0x4000) returned 1 [0126.929] VirtualFree (lpAddress=0xc00027c000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0126.930] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.930] VirtualFree (lpAddress=0xc000160000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0126.931] VirtualFree (lpAddress=0xc00010c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0126.931] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.931] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.932] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.932] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.933] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.933] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.933] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.934] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0126.934] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.934] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.935] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.935] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.935] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.936] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0126.937] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001cbcf4 | out: lpMode=0xc0001cbcf4) returned 0 [0126.941] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0126.943] GetFileType (hFile=0x2bc) returned 0x1 [0126.943] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0126.944] GetFileType (hFile=0x2bc) returned 0x1 [0126.944] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0001cbd44 | out: lpFileInformation=0xc0001cbd44) returned 1 [0126.944] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0001cbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cbd28) returned 1 [0126.944] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000130900, nNumberOfBytesToRead=0x22c, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000130900*, lpNumberOfBytesRead=0xc0001cbc04*=0x2c, lpOverlapped=0x0) returned 1 [0126.945] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00013092c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00013092c*, lpNumberOfBytesRead=0xc0001cbc04*=0x0, lpOverlapped=0x0) returned 1 [0126.945] CloseHandle (hObject=0x2bc) returned 1 [0126.945] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0126.946] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001cbd04 | out: lpMode=0xc0001cbd04) returned 0 [0126.947] GetFileType (hFile=0x2bc) returned 0x1 [0126.948] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000c8090*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0xc0001cbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000c8090*, lpNumberOfBytesWritten=0xc0001cbcec*=0x30, lpOverlapped=0x0) returned 1 [0126.949] CloseHandle (hObject=0x2bc) returned 1 [0126.949] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0126.949] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0126.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0126.950] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001cbd64 | out: lpMode=0xc0001cbd64) returned 0 [0126.951] GetFileType (hFile=0x2bc) returned 0x1 [0126.951] WriteFile (in: hFile=0x2bc, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc0001cbd4c*=0x158, lpOverlapped=0x0) returned 1 [0126.951] CloseHandle (hObject=0x2bc) returned 1 [0126.951] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0126.952] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.cache"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\encry-test-malware-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\encry-test-malware-simple.cache"), dwFlags=0x1) returned 1 [0126.953] VirtualFree (lpAddress=0xc000400000, dwSize=0x40000, dwFreeType=0x4000) returned 1 [0126.955] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.955] VirtualFree (lpAddress=0xc000346000, dwSize=0x64000, dwFreeType=0x4000) returned 1 [0126.957] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0126.959] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.959] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.959] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.960] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.960] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.960] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.960] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0126.961] GetFileType (hFile=0x384) returned 0x1 [0126.961] WriteFile (in: hFile=0x384, lpBuffer=0xc000212000*, nNumberOfBytesToWrite=0x5350, lpNumberOfBytesWritten=0xc000031cec, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesWritten=0xc000031cec*=0x5350, lpOverlapped=0x0) returned 1 [0126.962] CloseHandle (hObject=0x384) returned 1 [0126.962] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0126.962] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0126.963] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0126.963] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0126.963] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0126.964] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0126.964] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000031d64 | out: lpMode=0xc000031d64) returned 0 [0126.965] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0126.967] GetFileType (hFile=0x384) returned 0x1 [0126.967] WriteFile (in: hFile=0x384, lpBuffer=0xc00011c580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000031d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c580*, lpNumberOfBytesWritten=0xc000031d4c*=0x158, lpOverlapped=0x0) returned 1 [0126.967] CloseHandle (hObject=0x384) returned 1 [0126.967] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\16a09d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\10\\encry-16A09d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\10\\encry-16a09d01"), dwFlags=0x1) returned 1 [0126.968] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0126.969] SetEvent (hEvent=0x354) returned 1 [0126.969] SetEvent (hEvent=0x324) returned 1 [0126.969] VirtualFree (lpAddress=0xc000212000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0126.969] VirtualFree (lpAddress=0xc000202000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0126.970] VirtualFree (lpAddress=0xc0001a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0126.970] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.970] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.971] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.971] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.971] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.972] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.972] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.972] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.972] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.973] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.973] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.973] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.974] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.974] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.974] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0126.975] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82376090, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82376090, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x826bbed0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10)) returned 1 [0126.975] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82649ab0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x82649ab0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x82649ab0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe8)) returned 1 [0126.975] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0126.976] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0126.976] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache"), fInfoLevelId=0x0, lpFileInformation=0xc0002614f0 | out: lpFileInformation=0xc0002614f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x807f0230, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0126.977] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0126.979] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0126.979] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\*", lpFindFileData=0xc0002612a8 | out: lpFindFileData=0xc0002612a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x807f0230, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0126.980] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x807f0230, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0126.980] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x854b47b0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85572e90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe59f6, dwReserved0=0x0, dwReserved1=0x0, cFileName="startupCache.4.little", cAlternateFileName="STARTU~1.LIT")) returned 1 [0126.980] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0126.980] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0126.980] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\startupCache\\startupCache.4.little" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\startupcache\\startupcache.4.little"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x854b47b0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85572e90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe59f6)) returned 1 [0126.980] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails"), fInfoLevelId=0x0, lpFileInformation=0xc0002614f0 | out: lpFileInformation=0xc0002614f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb653ec30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0126.983] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0126.984] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0126.984] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0126.985] SetEvent (hEvent=0x354) returned 1 [0126.985] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0126.985] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.022] SetEvent (hEvent=0x354) returned 1 [0127.022] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\*", lpFindFileData=0xc0002612a8 | out: lpFindFileData=0xc0002612a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb653ec30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.071] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.073] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb653ec30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.073] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83cc0a50, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x83cc0a50, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4cc87c1409819bf06f42b782d4902b2f.png", cAlternateFileName="4CC87C~1.PNG")) returned 1 [0127.073] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0127.074] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83ce6bb0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x40b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ba182bcd131f1f3c6b6fbbb1ba078341.png", cAlternateFileName="BA182B~1.PNG")) returned 1 [0127.074] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb97ade50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb97ade50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb97ade50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1c362, dwReserved0=0x0, dwReserved1=0x0, cFileName="ce8c0453589216a67cddb50284fbfe8d.png", cAlternateFileName="CE8C04~1.PNG")) returned 1 [0127.074] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0002612d8 | out: lpFindFileData=0xc0002612d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.074] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.077] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0127.078] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83cc0a50, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x83cc0a50, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x40b0)) returned 1 [0127.081] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.086] SetEvent (hEvent=0xc0) returned 1 [0127.086] SetEvent (hEvent=0x354) returned 1 [0127.086] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ba182bcd131f1f3c6b6fbbb1ba078341.png"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83ce6bb0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x83ce6bb0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x83ce6bb0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x40b0)) returned 1 [0127.086] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.100] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), fInfoLevelId=0x0, lpFileInformation=0xc000261418 | out: lpFileInformation=0xc000261418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb97ade50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb97ade50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb97ade50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1c362)) returned 1 [0127.108] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.110] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0127.110] SetEvent (hEvent=0xc0) returned 1 [0127.110] SetEvent (hEvent=0x354) returned 1 [0127.110] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates"), fInfoLevelId=0x0, lpFileInformation=0xc000261778 | out: lpFileInformation=0xc000261778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.111] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.134] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0127.135] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.135] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\*", lpFindFileData=0xc000261530 | out: lpFindFileData=0xc000261530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.135] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261560 | out: lpFindFileData=0xc000261560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb7314c10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb7314c10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.135] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261560 | out: lpFindFileData=0xc000261560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="E7CF176E110C211B", cAlternateFileName="E7CF17~1")) returned 1 [0127.135] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261560 | out: lpFindFileData=0xc000261560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.135] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.135] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0127.136] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b"), fInfoLevelId=0x0, lpFileInformation=0xc0002616a0 | out: lpFileInformation=0xc0002616a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.153] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.277] SetEvent (hEvent=0xc0) returned 1 [0127.277] SetEvent (hEvent=0x39c) returned 1 [0127.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.277] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.301] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\*", lpFindFileData=0xc000261458 | out: lpFindFileData=0xc000261458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0127.315] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.404] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb7314c10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x854b47b0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x854b47b0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0127.404] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80a2b6d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x464, dwReserved0=0x0, dwReserved1=0x0, cFileName="active-update.xml", cAlternateFileName="ACTIVE~1.XML")) returned 1 [0127.405] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb74b7b30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb74b7b30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="updates", cAlternateFileName="")) returned 1 [0127.405] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80a9daf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8548e650, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8548e650, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39, dwReserved0=0x0, dwReserved1=0x0, cFileName="updates.xml", cAlternateFileName="")) returned 1 [0127.405] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000261488 | out: lpFindFileData=0xc000261488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0127.405] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0127.406] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0127.406] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml"), fInfoLevelId=0x0, lpFileInformation=0xc0002615c8 | out: lpFileInformation=0xc0002615c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80a2b6d0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x464)) returned 1 [0127.412] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates"), fInfoLevelId=0x0, lpFileInformation=0xc0002615c8 | out: lpFileInformation=0xc0002615c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb74b7b30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb74b7b30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb74b7b30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0127.419] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.426] SetEvent (hEvent=0x324) returned 1 [0127.426] SwitchToThread () returned 1 [0127.426] SetEvent (hEvent=0x324) returned 1 [0127.426] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.427] SetEvent (hEvent=0x324) returned 1 [0127.427] SetEvent (hEvent=0xfc) returned 1 [0127.427] SetEvent (hEvent=0x39c) returned 1 [0127.428] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.456] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0127.457] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0127.457] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0127.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0127.459] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001d5cf4 | out: lpMode=0xc0001d5cf4) returned 0 [0127.468] GetFileType (hFile=0x2bc) returned 0x1 [0127.468] GetFileType (hFile=0x2bc) returned 0x1 [0127.468] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0001d5d44 | out: lpFileInformation=0xc0001d5d44) returned 1 [0127.468] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0001d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d5d28) returned 1 [0127.468] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0127.469] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000052000, nNumberOfBytesToRead=0x664, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfBytesRead=0xc0001d5c04*=0x464, lpOverlapped=0x0) returned 1 [0127.550] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.605] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000052464, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000052464*, lpNumberOfBytesRead=0xc0001d5c04*=0x0, lpOverlapped=0x0) returned 1 [0127.605] CloseHandle (hObject=0x2bc) returned 1 [0127.606] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0127.607] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001d5d04 | out: lpMode=0xc0001d5d04) returned 0 [0127.608] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.650] GetFileType (hFile=0x2bc) returned 0x1 [0127.650] WriteFile (in: hFile=0x2bc, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x470, lpNumberOfBytesWritten=0xc0001d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc0001d5cec*=0x470, lpOverlapped=0x0) returned 1 [0127.651] CloseHandle (hObject=0x2bc) returned 1 [0127.652] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0127.652] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0127.652] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0127.653] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0127.654] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0127.656] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0127.657] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0127.657] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001d5d64 | out: lpMode=0xc0001d5d64) returned 0 [0127.658] GetFileType (hFile=0x2bc) returned 0x1 [0127.658] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0001622c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001622c0*, lpNumberOfBytesWritten=0xc0001d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0127.659] CloseHandle (hObject=0x2bc) returned 1 [0127.659] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0127.659] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0127.660] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\active-update.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\encry-active-update.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\encry-active-update.xml"), dwFlags=0x1) returned 1 [0127.661] SetEvent (hEvent=0x13c) returned 1 [0127.661] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.664] SetEvent (hEvent=0x1a0) returned 1 [0127.665] SetEvent (hEvent=0x354) returned 1 [0127.665] SetEvent (hEvent=0x1b4) returned 1 [0127.665] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.675] SetEvent (hEvent=0x1b4) returned 1 [0127.675] SetEvent (hEvent=0x3c8) returned 1 [0127.675] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.684] SetEvent (hEvent=0x324) returned 1 [0127.684] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.693] SetEvent (hEvent=0x1b4) returned 1 [0127.693] SetEvent (hEvent=0x1a0) returned 1 [0127.693] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.826] SetEvent (hEvent=0x114) returned 1 [0127.826] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.888] SetEvent (hEvent=0x114) returned 1 [0127.888] SetEvent (hEvent=0x30c) returned 1 [0127.888] SetEvent (hEvent=0x1a0) returned 1 [0127.888] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0127.989] SetEvent (hEvent=0x114) returned 1 [0127.989] SetEvent (hEvent=0x3c8) returned 1 [0127.989] SetEvent (hEvent=0x30c) returned 1 [0127.989] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.007] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.013] SetEvent (hEvent=0x114) returned 1 [0128.013] SwitchToThread () returned 1 [0128.019] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0128.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\oJpoOOc.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ojpoooc.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0128.020] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc00012bcf4 | out: lpMode=0xc00012bcf4) returned 0 [0128.028] GetFileType (hFile=0x23c) returned 0x1 [0128.028] GetFileType (hFile=0x23c) returned 0x1 [0128.028] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc00012bd44 | out: lpFileInformation=0xc00012bd44) returned 1 [0128.028] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc00012bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012bd28) returned 1 [0128.028] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0128.029] ReadFile (in: hFile=0x23c, lpBuffer=0xc000180000, nNumberOfBytesToRead=0x28c1, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesRead=0xc00012bc04*=0x26c1, lpOverlapped=0x0) returned 1 [0128.030] ReadFile (in: hFile=0x23c, lpBuffer=0xc0001826c1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001826c1*, lpNumberOfBytesRead=0xc00012bc04*=0x0, lpOverlapped=0x0) returned 1 [0128.030] CloseHandle (hObject=0x23c) returned 1 [0128.030] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0128.030] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0128.030] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0128.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\oJpoOOc.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ojpoooc.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0128.033] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc00012bd04 | out: lpMode=0xc00012bd04) returned 0 [0128.039] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.040] GetFileType (hFile=0x23c) returned 0x1 [0128.040] WriteFile (in: hFile=0x23c, lpBuffer=0xc00028c000*, nNumberOfBytesToWrite=0x26d0, lpNumberOfBytesWritten=0xc00012bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesWritten=0xc00012bcec*=0x26d0, lpOverlapped=0x0) returned 1 [0128.041] CloseHandle (hObject=0x23c) returned 1 [0128.041] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0301 | out: pbBuffer=0xc0002f0301) returned 1 [0128.041] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0128.042] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0128.042] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0128.043] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0128.043] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0128.044] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0128.044] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\oJpoOOc.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ojpoooc.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0128.044] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc00012bd64 | out: lpMode=0xc00012bd64) returned 0 [0128.047] GetFileType (hFile=0x23c) returned 0x1 [0128.047] WriteFile (in: hFile=0x23c, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00012bd4c*=0x158, lpOverlapped=0x0) returned 1 [0128.047] CloseHandle (hObject=0x23c) returned 1 [0128.047] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\oJpoOOc.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ojpoooc.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-oJpoOOc.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-ojpoooc.mp3"), dwFlags=0x1) returned 1 [0128.048] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0128.049] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0128.049] VirtualFree (lpAddress=0xc00027c000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0128.050] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0128.050] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0128.051] VirtualFree (lpAddress=0xc000212000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0128.051] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.052] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.052] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.052] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.052] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.053] VirtualFree (lpAddress=0xc000162000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.053] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.053] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\pG9Bv.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pg9bv.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0128.054] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000129cf4 | out: lpMode=0xc000129cf4) returned 0 [0128.054] GetFileType (hFile=0x23c) returned 0x1 [0128.054] GetFileType (hFile=0x23c) returned 0x1 [0128.054] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc000129d44 | out: lpFileInformation=0xc000129d44) returned 1 [0128.055] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc000129d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000129d28) returned 1 [0128.055] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0128.057] ReadFile (in: hFile=0x23c, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x15a91, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000129c04*=0x15891, lpOverlapped=0x0) returned 1 [0128.058] ReadFile (in: hFile=0x23c, lpBuffer=0xc0002b9891, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b9891*, lpNumberOfBytesRead=0xc000129c04*=0x0, lpOverlapped=0x0) returned 1 [0128.058] CloseHandle (hObject=0x23c) returned 1 [0128.058] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0128.061] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\pG9Bv.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pg9bv.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0128.063] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000129d04 | out: lpMode=0xc000129d04) returned 0 [0128.064] GetFileType (hFile=0x23c) returned 0x1 [0128.064] WriteFile (in: hFile=0x23c, lpBuffer=0xc0002f6000*, nNumberOfBytesToWrite=0x158a0, lpNumberOfBytesWritten=0xc000129cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesWritten=0xc000129cec*=0x158a0, lpOverlapped=0x0) returned 1 [0128.067] CloseHandle (hObject=0x23c) returned 1 [0128.067] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0128.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\pG9Bv.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pg9bv.mp4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0128.067] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000129d64 | out: lpMode=0xc000129d64) returned 0 [0128.078] GetFileType (hFile=0x23c) returned 0x1 [0128.078] WriteFile (in: hFile=0x23c, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000129d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000129d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.078] CloseHandle (hObject=0x23c) returned 1 [0128.078] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\pG9Bv.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pg9bv.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-pG9Bv.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-pg9bv.mp4"), dwFlags=0x1) returned 1 [0128.079] SwitchToThread () returned 1 [0128.080] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.102] SetEvent (hEvent=0x114) returned 1 [0128.102] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bst449D.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bst449d.tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0128.103] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001fbcf4 | out: lpMode=0xc0001fbcf4) returned 0 [0128.113] GetFileType (hFile=0x370) returned 0x1 [0128.113] GetFileType (hFile=0x370) returned 0x1 [0128.113] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc0001fbd44 | out: lpFileInformation=0xc0001fbd44) returned 1 [0128.113] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc0001fbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fbd28) returned 1 [0128.113] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0128.113] ReadFile (in: hFile=0x370, lpBuffer=0xc0000b8000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b8000*, lpNumberOfBytesRead=0xc0001fbc04*=0x0, lpOverlapped=0x0) returned 1 [0128.113] CloseHandle (hObject=0x370) returned 1 [0128.113] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bst449D.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bst449d.tmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0128.114] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001fbd04 | out: lpMode=0xc0001fbd04) returned 0 [0128.118] GetFileType (hFile=0x370) returned 0x1 [0128.118] WriteFile (in: hFile=0x370, lpBuffer=0xc000586310*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0001fbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000586310*, lpNumberOfBytesWritten=0xc0001fbcec*=0x10, lpOverlapped=0x0) returned 1 [0128.119] CloseHandle (hObject=0x370) returned 1 [0128.119] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0301 | out: pbBuffer=0xc0002f0301) returned 1 [0128.119] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0128.119] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0128.120] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bst449D.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bst449d.tmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0128.120] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001fbd64 | out: lpMode=0xc0001fbd64) returned 0 [0128.127] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.128] GetFileType (hFile=0x370) returned 0x1 [0128.128] WriteFile (in: hFile=0x370, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001fbd4c*=0x158, lpOverlapped=0x0) returned 1 [0128.128] CloseHandle (hObject=0x370) returned 1 [0128.129] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bst449D.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bst449d.tmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-bst449D.tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-bst449d.tmp"), dwFlags=0x1) returned 1 [0128.130] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.147] SwitchToThread () returned 1 [0128.156] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000189818, lpReserved=0x0 | out: lpBuffer=0xc00005e020*, lpNumberOfCharsWritten=0xc000189818*=0x3) returned 1 [0128.163] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.164] SetEvent (hEvent=0x1a0) returned 1 [0128.164] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e026*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001fd818, lpReserved=0x0 | out: lpBuffer=0xc00005e026*, lpNumberOfCharsWritten=0xc0001fd818*=0x3) returned 1 [0128.166] SetEvent (hEvent=0x1a0) returned 1 [0128.166] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0128.167] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000115818, lpReserved=0x0 | out: lpBuffer=0xc00005e030*, lpNumberOfCharsWritten=0xc000115818*=0x3) returned 1 [0128.168] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.169] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.171] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cb818, lpReserved=0x0 | out: lpBuffer=0xc00005e040*, lpNumberOfCharsWritten=0xc0001cb818*=0x3) returned 1 [0128.176] SetEvent (hEvent=0x3c8) returned 1 [0128.177] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.191] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\IjzNMO4qZ2.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ijznmo4qz2.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0128.191] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000135cf4 | out: lpMode=0xc000135cf4) returned 0 [0128.204] GetFileType (hFile=0x2bc) returned 0x1 [0128.205] GetFileType (hFile=0x2bc) returned 0x1 [0128.205] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000135d44 | out: lpFileInformation=0xc000135d44) returned 1 [0128.205] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000135d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000135d28) returned 1 [0128.205] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0128.206] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000230000, nNumberOfBytesToRead=0xbda6, lpNumberOfBytesRead=0xc000135c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc000135c04*=0xbba6, lpOverlapped=0x0) returned 1 [0128.207] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00023bba6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000135c04, lpOverlapped=0x0 | out: lpBuffer=0xc00023bba6*, lpNumberOfBytesRead=0xc000135c04*=0x0, lpOverlapped=0x0) returned 1 [0128.208] CloseHandle (hObject=0x2bc) returned 1 [0128.208] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0128.208] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0128.209] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0128.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\IjzNMO4qZ2.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ijznmo4qz2.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0128.211] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000135d04 | out: lpMode=0xc000135d04) returned 0 [0128.220] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.223] GetFileType (hFile=0x2bc) returned 0x1 [0128.223] WriteFile (in: hFile=0x2bc, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0xbbb0, lpNumberOfBytesWritten=0xc000135cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc000135cec*=0xbbb0, lpOverlapped=0x0) returned 1 [0128.225] CloseHandle (hObject=0x2bc) returned 1 [0128.225] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0128.225] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0128.225] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0128.226] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0128.226] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0128.226] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0128.227] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\IjzNMO4qZ2.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ijznmo4qz2.swf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0128.227] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000135d64 | out: lpMode=0xc000135d64) returned 0 [0128.231] GetFileType (hFile=0x2bc) returned 0x1 [0128.231] WriteFile (in: hFile=0x2bc, lpBuffer=0xc00003e2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000135d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00003e2c0*, lpNumberOfBytesWritten=0xc000135d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.231] CloseHandle (hObject=0x2bc) returned 1 [0128.231] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\IjzNMO4qZ2.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ijznmo4qz2.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-IjzNMO4qZ2.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-ijznmo4qz2.swf"), dwFlags=0x1) returned 1 [0128.233] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.242] SetEvent (hEvent=0x1b4) returned 1 [0128.242] SetEvent (hEvent=0x30c) returned 1 [0128.242] SwitchToThread () returned 1 [0128.250] SetEvent (hEvent=0x1b4) returned 1 [0128.250] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.252] SetEvent (hEvent=0x114) returned 1 [0128.252] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.258] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.273] SetEvent (hEvent=0x1b4) returned 1 [0128.273] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.274] SetEvent (hEvent=0x114) returned 1 [0128.274] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.277] SetEvent (hEvent=0x1b4) returned 1 [0128.277] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.284] SetEvent (hEvent=0x1b4) returned 1 [0128.284] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.285] SetEvent (hEvent=0x114) returned 1 [0128.285] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.291] SetEvent (hEvent=0x1b4) returned 1 [0128.291] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.300] SetEvent (hEvent=0x1b4) returned 1 [0128.300] SetEvent (hEvent=0x30c) returned 1 [0128.300] SwitchToThread () returned 1 [0128.301] SetEvent (hEvent=0x1b4) returned 1 [0128.301] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.303] SetEvent (hEvent=0x114) returned 1 [0128.303] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.321] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0128.321] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0128.322] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0128.322] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0128.323] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0128.323] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0128.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\fB-iU1N3z32L5j7M0.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fb-iu1n3z32l5j7m0.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0128.324] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000275cf4 | out: lpMode=0xc000275cf4) returned 0 [0128.339] GetFileType (hFile=0x370) returned 0x1 [0128.340] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0128.346] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0128.346] GetFileType (hFile=0x370) returned 0x1 [0128.347] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc000275d44 | out: lpFileInformation=0xc000275d44) returned 1 [0128.347] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc000275d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000275d28) returned 1 [0128.347] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0128.347] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0128.348] ReadFile (in: hFile=0x370, lpBuffer=0xc0000ba000, nNumberOfBytesToRead=0x9be, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ba000*, lpNumberOfBytesRead=0xc000275c04*=0x7be, lpOverlapped=0x0) returned 1 [0128.348] ReadFile (in: hFile=0x370, lpBuffer=0xc0000ba7be, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ba7be*, lpNumberOfBytesRead=0xc000275c04*=0x0, lpOverlapped=0x0) returned 1 [0128.348] CloseHandle (hObject=0x370) returned 1 [0128.348] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0128.349] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0128.349] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0128.350] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0128.350] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\fB-iU1N3z32L5j7M0.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fb-iu1n3z32l5j7m0.ods"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0128.351] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000275d04 | out: lpMode=0xc000275d04) returned 0 [0128.363] GetFileType (hFile=0x370) returned 0x1 [0128.363] WriteFile (in: hFile=0x370, lpBuffer=0xc0000e8000*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0xc000275cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e8000*, lpNumberOfBytesWritten=0xc000275cec*=0x7c0, lpOverlapped=0x0) returned 1 [0128.364] CloseHandle (hObject=0x370) returned 1 [0128.365] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0128.365] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0128.365] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0128.366] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0128.366] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0128.367] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0128.367] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\fB-iU1N3z32L5j7M0.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fb-iu1n3z32l5j7m0.ods"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0128.368] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000275d64 | out: lpMode=0xc000275d64) returned 0 [0128.377] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.385] SetEvent (hEvent=0x114) returned 1 [0128.385] GetFileType (hFile=0x370) returned 0x1 [0128.385] WriteFile (in: hFile=0x370, lpBuffer=0xc000204420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000275d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000204420*, lpNumberOfBytesWritten=0xc000275d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.385] CloseHandle (hObject=0x370) returned 1 [0128.385] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\fB-iU1N3z32L5j7M0.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fb-iu1n3z32l5j7m0.ods"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-fB-iU1N3z32L5j7M0.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-fb-iu1n3z32l5j7m0.ods"), dwFlags=0x1) returned 1 [0128.387] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.407] SetEvent (hEvent=0x114) returned 1 [0128.407] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.409] SetEvent (hEvent=0x324) returned 1 [0128.409] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.410] SwitchToThread () returned 1 [0128.410] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0128.411] SetEvent (hEvent=0x114) returned 1 [0128.412] SetEvent (hEvent=0x30c) returned 1 [0128.412] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.412] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.413] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.413] VirtualFree (lpAddress=0xc000184000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.414] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.414] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.415] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.415] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.416] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.416] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.417] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.417] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.417] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.418] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.418] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\K_RGN6o7cHbOh-ip4TNZ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\k_rgn6o7chboh-ip4tnz.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0128.420] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000143cf4 | out: lpMode=0xc000143cf4) returned 0 [0128.422] GetFileType (hFile=0x2bc) returned 0x1 [0128.422] GetFileType (hFile=0x2bc) returned 0x1 [0128.423] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000143d44 | out: lpFileInformation=0xc000143d44) returned 1 [0128.423] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000143d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000143d28) returned 1 [0128.423] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0128.425] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0xa018, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc000143c04*=0x9e18, lpOverlapped=0x0) returned 1 [0128.426] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000057e18, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc000057e18*, lpNumberOfBytesRead=0xc000143c04*=0x0, lpOverlapped=0x0) returned 1 [0128.426] CloseHandle (hObject=0x2bc) returned 1 [0128.426] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0128.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\K_RGN6o7cHbOh-ip4TNZ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\k_rgn6o7chboh-ip4tnz.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0128.430] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000143d04 | out: lpMode=0xc000143d04) returned 0 [0128.437] GetFileType (hFile=0x2bc) returned 0x1 [0128.437] WriteFile (in: hFile=0x2bc, lpBuffer=0xc00006e000*, nNumberOfBytesToWrite=0x9e20, lpNumberOfBytesWritten=0xc000143cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesWritten=0xc000143cec*=0x9e20, lpOverlapped=0x0) returned 1 [0128.439] CloseHandle (hObject=0x2bc) returned 1 [0128.439] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0128.439] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0128.439] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0128.440] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0128.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\K_RGN6o7cHbOh-ip4TNZ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\k_rgn6o7chboh-ip4tnz.m4a"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0128.441] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000143d64 | out: lpMode=0xc000143d64) returned 0 [0128.450] GetFileType (hFile=0x2bc) returned 0x1 [0128.450] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000143d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000143d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.450] CloseHandle (hObject=0x2bc) returned 1 [0128.450] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\K_RGN6o7cHbOh-ip4TNZ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\k_rgn6o7chboh-ip4tnz.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-K_RGN6o7cHbOh-ip4TNZ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-k_rgn6o7chboh-ip4tnz.m4a"), dwFlags=0x1) returned 1 [0130.659] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0132.972] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0132.972] SwitchToThread () returned 1 [0132.973] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0132.974] SwitchToThread () returned 1 [0132.975] SetEvent (hEvent=0x334) returned 1 [0132.975] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6b00*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0002d7808, lpReserved=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfCharsWritten=0xc0002d7808*=0xad) returned 1 [0132.976] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a401 | out: pbBuffer=0xc00028a401) returned 1 [0132.976] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0132.976] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0002d7d64 | out: lpMode=0xc0002d7d64) returned 0 [0132.976] GetFileType (hFile=0x1ec) returned 0x1 [0132.976] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc0002d7d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.977] CloseHandle (hObject=0x1ec) returned 1 [0132.978] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwFlags=0x1) returned 1 [0133.303] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe30*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.304] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0133.304] SetEvent (hEvent=0xc0) returned 1 [0133.304] SetEvent (hEvent=0x24c) returned 1 [0133.305] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.306] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.307] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0133.307] SetEvent (hEvent=0x324) returned 1 [0133.307] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.408] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe30*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.409] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.409] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0133.410] SetEvent (hEvent=0xc0) returned 1 [0133.410] SetEvent (hEvent=0x30c) returned 1 [0133.410] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.412] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.412] SetEvent (hEvent=0x30c) returned 1 [0133.412] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.414] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0133.414] SetEvent (hEvent=0x1a0) returned 1 [0133.414] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.420] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe30*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.421] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0133.421] SetEvent (hEvent=0x324) returned 1 [0133.421] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.423] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.424] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0133.424] SetEvent (hEvent=0x1a0) returned 1 [0133.424] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.427] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe30*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.427] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0133.427] SetEvent (hEvent=0xc0) returned 1 [0133.427] SetEvent (hEvent=0xfc) returned 1 [0133.428] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.431] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.435] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe30*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.436] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0133.436] SetEvent (hEvent=0x30c) returned 1 [0133.436] SetEvent (hEvent=0xfc) returned 1 [0133.436] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.441] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861a8*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000c5818, lpReserved=0x0 | out: lpBuffer=0xc0005861a8*, lpNumberOfCharsWritten=0xc0000c5818*=0x2) returned 1 [0133.442] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.444] SetEvent (hEvent=0x334) returned 1 [0133.444] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.444] SetEvent (hEvent=0x334) returned 1 [0133.445] SetEvent (hEvent=0x324) returned 1 [0133.445] VirtualFree (lpAddress=0xc0002f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.445] VirtualFree (lpAddress=0xc000284000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.445] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.446] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.446] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.446] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.447] VirtualFree (lpAddress=0xc00004c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0133.447] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000f5818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0000f5818*=0x2) returned 1 [0133.448] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.460] SetEvent (hEvent=0x39c) returned 1 [0133.460] SetEvent (hEvent=0x324) returned 1 [0133.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0133.461] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0000c5cf4 | out: lpMode=0xc0000c5cf4) returned 0 [0133.462] GetFileType (hFile=0x2cc) returned 0x1 [0133.462] GetFileType (hFile=0x2cc) returned 0x1 [0133.462] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc0000c5d44 | out: lpFileInformation=0xc0000c5d44) returned 1 [0133.462] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc0000c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c5d28) returned 1 [0133.462] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0133.462] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x382, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc0000c5c04*=0x182, lpOverlapped=0x0) returned 1 [0133.463] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0000ee182, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee182*, lpNumberOfBytesRead=0xc0000c5c04*=0x0, lpOverlapped=0x0) returned 1 [0133.463] CloseHandle (hObject=0x2cc) returned 1 [0133.463] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0133.464] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0133.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.468] SetEvent (hEvent=0xc0) returned 1 [0133.468] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0\\*", lpFindFileData=0xc0000c5a08 | out: lpFindFileData=0xc0000c5a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.468] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000c5720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.469] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0000c5808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0000c5808*=0xad) returned 1 [0133.471] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.471] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0133.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0133.472] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0000c5d64 | out: lpMode=0xc0000c5d64) returned 0 [0133.472] GetFileType (hFile=0x2cc) returned 0x1 [0133.472] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0000c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.473] CloseHandle (hObject=0x2cc) returned 1 [0133.473] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwFlags=0x1) returned 1 [0133.507] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe30*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.508] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0133.508] SetEvent (hEvent=0x39c) returned 1 [0133.508] SetEvent (hEvent=0x1a0) returned 1 [0133.508] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.512] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0133.512] SetEvent (hEvent=0x1a0) returned 1 [0133.512] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.514] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.534] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.543] SetEvent (hEvent=0x334) returned 1 [0133.543] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.545] SetEvent (hEvent=0x334) returned 1 [0133.545] SetEvent (hEvent=0x324) returned 1 [0133.545] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.546] VirtualFree (lpAddress=0xc0002e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.546] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.547] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.547] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.547] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.548] VirtualFree (lpAddress=0xc00004c000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0133.548] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.549] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d7818, lpReserved=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfCharsWritten=0xc0002d7818*=0x2) returned 1 [0133.550] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.557] SetEvent (hEvent=0x39c) returned 1 [0133.557] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.560] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0133.561] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0002d7cf4 | out: lpMode=0xc0002d7cf4) returned 0 [0133.562] GetFileType (hFile=0x2f0) returned 0x1 [0133.562] GetFileType (hFile=0x2f0) returned 0x1 [0133.562] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0002d7d44 | out: lpFileInformation=0xc0002d7d44) returned 1 [0133.562] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0002d7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d7d28) returned 1 [0133.562] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00002c000, nNumberOfBytesToRead=0x386, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c000*, lpNumberOfBytesRead=0xc0002d7c04*=0x186, lpOverlapped=0x0) returned 1 [0133.563] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00002c186, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c186*, lpNumberOfBytesRead=0xc0002d7c04*=0x0, lpOverlapped=0x0) returned 1 [0133.564] CloseHandle (hObject=0x2f0) returned 1 [0133.564] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.568] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED\\*", lpFindFileData=0xc0002d7a08 | out: lpFindFileData=0xc0002d7a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.568] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002d7720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.568] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0002d7808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0002d7808*=0xad) returned 1 [0133.570] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.571] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0133.571] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0002d7d64 | out: lpMode=0xc0002d7d64) returned 0 [0133.572] GetFileType (hFile=0x2cc) returned 0x1 [0133.572] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000762c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000762c0*, lpNumberOfBytesWritten=0xc0002d7d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.572] CloseHandle (hObject=0x2cc) returned 1 [0133.595] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwFlags=0x1) returned 1 [0133.642] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0133.642] SetEvent (hEvent=0x324) returned 1 [0133.643] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.649] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.649] SetEvent (hEvent=0x39c) returned 1 [0133.649] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.657] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.657] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0133.657] SetEvent (hEvent=0x39c) returned 1 [0133.657] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.660] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.661] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.678] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.689] SetEvent (hEvent=0x334) returned 1 [0133.689] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.693] SetEvent (hEvent=0x334) returned 1 [0133.693] SetEvent (hEvent=0x1a0) returned 1 [0133.693] VirtualFree (lpAddress=0xc000280000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.693] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.694] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.694] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.695] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.695] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.696] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000c7818, lpReserved=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfCharsWritten=0xc0000c7818*=0x2) returned 1 [0133.697] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.709] SetEvent (hEvent=0x324) returned 1 [0133.709] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.712] SetEvent (hEvent=0x324) returned 1 [0133.712] SwitchToThread () returned 1 [0133.713] SetEvent (hEvent=0x1a0) returned 1 [0133.713] SetEvent (hEvent=0x324) returned 1 [0133.713] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0133.714] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0000c5cf4 | out: lpMode=0xc0000c5cf4) returned 0 [0133.716] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.720] GetFileType (hFile=0x2f4) returned 0x1 [0133.720] GetFileType (hFile=0x2f4) returned 0x1 [0133.720] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc0000c5d44 | out: lpFileInformation=0xc0000c5d44) returned 1 [0133.720] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc0000c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c5d28) returned 1 [0133.720] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0133.721] ReadFile (in: hFile=0x2f4, lpBuffer=0xc00007a000, nNumberOfBytesToRead=0x388, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesRead=0xc0000c5c04*=0x188, lpOverlapped=0x0) returned 1 [0133.722] ReadFile (in: hFile=0x2f4, lpBuffer=0xc00007a188, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a188*, lpNumberOfBytesRead=0xc0000c5c04*=0x0, lpOverlapped=0x0) returned 1 [0133.722] CloseHandle (hObject=0x2f4) returned 1 [0133.722] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0133.723] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0133.723] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.730] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416\\*", lpFindFileData=0xc0000c5a08 | out: lpFindFileData=0xc0000c5a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.730] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0133.731] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0133.732] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000c5720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.732] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0000c5808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0000c5808*=0xad) returned 1 [0133.737] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.737] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0133.737] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0133.738] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0000c5d64 | out: lpMode=0xc0000c5d64) returned 0 [0133.744] GetFileType (hFile=0x2f4) returned 0x1 [0133.744] WriteFile (in: hFile=0x2f4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0000c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.744] CloseHandle (hObject=0x2f4) returned 1 [0133.745] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwFlags=0x1) returned 1 [0133.784] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0133.784] SetEvent (hEvent=0x30c) returned 1 [0133.784] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0133.786] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.787] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0133.787] SetEvent (hEvent=0x30c) returned 1 [0133.787] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.793] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.793] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.805] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.810] SetEvent (hEvent=0x324) returned 1 [0133.810] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.811] SetEvent (hEvent=0x324) returned 1 [0133.811] SetEvent (hEvent=0x1a0) returned 1 [0133.811] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.812] VirtualFree (lpAddress=0xc000074000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.812] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.813] VirtualFree (lpAddress=0xc00005a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.813] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.814] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00026f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc00026f818*=0x2) returned 1 [0133.816] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.823] SetEvent (hEvent=0x1a0) returned 1 [0133.823] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0133.823] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0133.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0133.825] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc00012fcf4 | out: lpMode=0xc00012fcf4) returned 0 [0133.826] GetFileType (hFile=0x2f0) returned 0x1 [0133.826] GetFileType (hFile=0x2f0) returned 0x1 [0133.826] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc00012fd44 | out: lpFileInformation=0xc00012fd44) returned 1 [0133.826] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc00012fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012fd28) returned 1 [0133.827] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0133.827] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x382, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc00012fc04*=0x182, lpOverlapped=0x0) returned 1 [0133.828] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00003c182, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c182*, lpNumberOfBytesRead=0xc00012fc04*=0x0, lpOverlapped=0x0) returned 1 [0133.828] CloseHandle (hObject=0x2f0) returned 1 [0133.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.838] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0133.839] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E\\*", lpFindFileData=0xc00012fa08 | out: lpFindFileData=0xc00012fa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.839] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00012f720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.839] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0133.839] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc00012f808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc00012f808*=0xad) returned 1 [0133.841] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0133.842] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.842] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0133.842] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0133.843] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc00012fd64 | out: lpMode=0xc00012fd64) returned 0 [0133.843] GetFileType (hFile=0x2f0) returned 0x1 [0133.843] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00012fd4c*=0x158, lpOverlapped=0x0) returned 1 [0133.843] CloseHandle (hObject=0x2f0) returned 1 [0133.844] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwFlags=0x1) returned 1 [0133.895] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0133.895] SetEvent (hEvent=0x334) returned 1 [0133.896] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.896] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0133.896] SetEvent (hEvent=0x334) returned 1 [0133.897] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.901] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.923] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.934] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.945] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.957] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.982] SetEvent (hEvent=0x30c) returned 1 [0133.982] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.983] SetEvent (hEvent=0x30c) returned 1 [0133.983] SetEvent (hEvent=0x324) returned 1 [0133.983] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.984] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.984] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.985] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.985] VirtualFree (lpAddress=0xc00004c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0133.985] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.986] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000129818, lpReserved=0x0 | out: lpBuffer=0xc00005e018*, lpNumberOfCharsWritten=0xc000129818*=0x2) returned 1 [0133.988] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0133.995] SetEvent (hEvent=0x324) returned 1 [0133.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0133.996] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000129cf4 | out: lpMode=0xc000129cf4) returned 0 [0133.997] GetFileType (hFile=0x1b0) returned 0x1 [0133.997] GetFileType (hFile=0x1b0) returned 0x1 [0133.997] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000129d44 | out: lpFileInformation=0xc000129d44) returned 1 [0133.997] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000129d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000129d28) returned 1 [0133.997] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000be480, nNumberOfBytesToRead=0x404, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be480*, lpNumberOfBytesRead=0xc000129c04*=0x204, lpOverlapped=0x0) returned 1 [0134.000] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000be684, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be684*, lpNumberOfBytesRead=0xc000129c04*=0x0, lpOverlapped=0x0) returned 1 [0134.000] CloseHandle (hObject=0x1b0) returned 1 [0134.000] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.005] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC\\*", lpFindFileData=0xc000129a08 | out: lpFindFileData=0xc000129a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0134.005] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000129720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0134.005] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc000129808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000129808*=0xad) returned 1 [0134.007] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0134.008] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0134.008] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0134.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0134.009] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000129d64 | out: lpMode=0xc000129d64) returned 0 [0134.010] GetFileType (hFile=0x1b0) returned 0x1 [0134.010] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000129d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000129d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.010] CloseHandle (hObject=0x1b0) returned 1 [0134.013] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwFlags=0x1) returned 1 [0134.059] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0134.059] SetEvent (hEvent=0x39c) returned 1 [0134.060] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.060] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0134.061] SetEvent (hEvent=0x39c) returned 1 [0134.061] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.065] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.065] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.087] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.098] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.104] SetEvent (hEvent=0x30c) returned 1 [0134.104] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.105] SetEvent (hEvent=0x30c) returned 1 [0134.105] SetEvent (hEvent=0x324) returned 1 [0134.105] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.106] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.106] VirtualFree (lpAddress=0xc0000b6000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0134.107] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.107] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.108] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.108] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00015b818, lpReserved=0x0 | out: lpBuffer=0xc00005e008*, lpNumberOfCharsWritten=0xc00015b818*=0x2) returned 1 [0134.110] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.118] SetEvent (hEvent=0x324) returned 1 [0134.118] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0134.119] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0134.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0134.120] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00020bcf4 | out: lpMode=0xc00020bcf4) returned 0 [0134.120] GetFileType (hFile=0x1b0) returned 0x1 [0134.121] GetFileType (hFile=0x1b0) returned 0x1 [0134.121] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00020bd44 | out: lpFileInformation=0xc00020bd44) returned 1 [0134.121] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00020bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020bd28) returned 1 [0134.121] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0134.121] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000076000, nNumberOfBytesToRead=0x3a4, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000076000*, lpNumberOfBytesRead=0xc00020bc04*=0x1a4, lpOverlapped=0x0) returned 1 [0134.122] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000761a4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000761a4*, lpNumberOfBytesRead=0xc00020bc04*=0x0, lpOverlapped=0x0) returned 1 [0134.123] CloseHandle (hObject=0x1b0) returned 1 [0134.123] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0134.123] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0134.124] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.133] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0134.134] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C\\*", lpFindFileData=0xc00020ba08 | out: lpFindFileData=0xc00020ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0134.134] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00020b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0134.134] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc00020b808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc00020b808*=0xad) returned 1 [0134.135] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0134.136] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0134.136] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0134.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0134.137] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00020bd64 | out: lpMode=0xc00020bd64) returned 0 [0134.137] GetFileType (hFile=0x1b0) returned 0x1 [0134.137] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00020bd4c*=0x158, lpOverlapped=0x0) returned 1 [0134.138] CloseHandle (hObject=0x1b0) returned 1 [0134.139] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwFlags=0x1) returned 1 [0134.277] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.307] SetEvent (hEvent=0x334) returned 1 [0134.307] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.328] SetEvent (hEvent=0x39c) returned 1 [0134.328] SetEvent (hEvent=0x324) returned 1 [0134.328] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.368] SetEvent (hEvent=0x39c) returned 1 [0134.368] SetEvent (hEvent=0x114) returned 1 [0134.368] SetEvent (hEvent=0x324) returned 1 [0134.368] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.417] SetEvent (hEvent=0x39c) returned 1 [0134.417] SetEvent (hEvent=0x12c) returned 1 [0134.417] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.525] SetEvent (hEvent=0x334) returned 1 [0134.525] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.556] SetEvent (hEvent=0x39c) returned 1 [0134.556] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4VdmrOA.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4vdmroa.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0134.557] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000159cf4 | out: lpMode=0xc000159cf4) returned 0 [0134.561] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.603] SetEvent (hEvent=0xc0) returned 1 [0134.603] GetFileType (hFile=0x2cc) returned 0x1 [0134.603] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.605] SetEvent (hEvent=0x39c) returned 1 [0134.605] GetFileType (hFile=0x2cc) returned 0x1 [0134.605] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc000159d44 | out: lpFileInformation=0xc000159d44) returned 1 [0134.606] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc000159d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000159d28) returned 1 [0134.606] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0134.607] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0x593a, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc000159c04*=0x573a, lpOverlapped=0x0) returned 1 [0134.608] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00012173a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc00012173a*, lpNumberOfBytesRead=0xc000159c04*=0x0, lpOverlapped=0x0) returned 1 [0134.608] CloseHandle (hObject=0x2cc) returned 1 [0134.608] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0134.609] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4VdmrOA.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4vdmroa.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0134.610] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000159d04 | out: lpMode=0xc000159d04) returned 0 [0134.618] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.625] GetFileType (hFile=0x2cc) returned 0x1 [0134.625] WriteFile (in: hFile=0x2cc, lpBuffer=0xc000160000*, nNumberOfBytesToWrite=0x5740, lpNumberOfBytesWritten=0xc000159cec, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesWritten=0xc000159cec*=0x5740, lpOverlapped=0x0) returned 1 [0134.626] CloseHandle (hObject=0x2cc) returned 1 [0134.626] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0134.627] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0134.627] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0134.628] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0134.628] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0134.629] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0134.629] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4VdmrOA.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4vdmroa.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0134.629] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000159d64 | out: lpMode=0xc000159d64) returned 0 [0134.646] GetFileType (hFile=0x2cc) returned 0x1 [0134.646] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000159d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000159d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.646] CloseHandle (hObject=0x2cc) returned 1 [0134.646] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4VdmrOA.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4vdmroa.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-4VdmrOA.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-4vdmroa.mp3"), dwFlags=0x1) returned 1 [0134.647] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0134.648] SetEvent (hEvent=0x324) returned 1 [0134.648] SetEvent (hEvent=0x114) returned 1 [0134.648] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0134.649] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.655] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.655] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.700] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.700] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0134.700] SetEvent (hEvent=0x114) returned 1 [0134.700] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.813] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.813] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe30*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.814] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0134.814] SetEvent (hEvent=0xc0) returned 1 [0134.814] SetEvent (hEvent=0x334) returned 1 [0134.814] SetEvent (hEvent=0xfc) returned 1 [0134.815] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.816] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.816] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.823] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe30*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.823] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0134.823] SetEvent (hEvent=0x114) returned 1 [0134.823] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.824] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0134.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0134.825] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000141cf4 | out: lpMode=0xc000141cf4) returned 0 [0134.825] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.844] SetEvent (hEvent=0x334) returned 1 [0134.844] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.845] SetEvent (hEvent=0x334) returned 1 [0134.845] SetEvent (hEvent=0x324) returned 1 [0134.845] VirtualFree (lpAddress=0xc000238000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.845] VirtualFree (lpAddress=0xc000234000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.845] VirtualFree (lpAddress=0xc000230000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.846] VirtualFree (lpAddress=0xc0001ea000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.846] VirtualFree (lpAddress=0xc0001a6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.846] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.847] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.847] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.847] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.848] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.848] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.849] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.849] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.849] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.850] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0134.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\2tBPjbJWqnfoG7bq.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\2tbpjbjwqnfog7bq.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0134.851] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc00015fcf4 | out: lpMode=0xc00015fcf4) returned 0 [0134.854] GetFileType (hFile=0x1ec) returned 0x1 [0134.854] GetFileType (hFile=0x1ec) returned 0x1 [0134.854] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc00015fd44 | out: lpFileInformation=0xc00015fd44) returned 1 [0134.855] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc00015fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015fd28) returned 1 [0134.855] VirtualAlloc (lpAddress=0xc000054000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0134.856] ReadFile (in: hFile=0x1ec, lpBuffer=0xc000054000, nNumberOfBytesToRead=0x87a2, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesRead=0xc00015fc04*=0x85a2, lpOverlapped=0x0) returned 1 [0134.857] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00005c5a2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005c5a2*, lpNumberOfBytesRead=0xc00015fc04*=0x0, lpOverlapped=0x0) returned 1 [0134.857] CloseHandle (hObject=0x1ec) returned 1 [0134.857] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0134.857] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0134.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\2tBPjbJWqnfoG7bq.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\2tbpjbjwqnfog7bq.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0134.859] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc00015fd04 | out: lpMode=0xc00015fd04) returned 0 [0134.883] GetFileType (hFile=0x1ec) returned 0x1 [0134.883] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0001e2000*, nNumberOfBytesToWrite=0x85b0, lpNumberOfBytesWritten=0xc00015fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesWritten=0xc00015fcec*=0x85b0, lpOverlapped=0x0) returned 1 [0134.885] CloseHandle (hObject=0x1ec) returned 1 [0134.885] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0134.885] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0134.885] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0134.886] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0134.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\2tBPjbJWqnfoG7bq.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\2tbpjbjwqnfog7bq.swf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0134.886] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc00015fd64 | out: lpMode=0xc00015fd64) returned 0 [0134.891] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.899] GetFileType (hFile=0x1ec) returned 0x1 [0134.899] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0134.900] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc00015fd4c*=0x158, lpOverlapped=0x0) returned 1 [0134.900] CloseHandle (hObject=0x1ec) returned 1 [0134.900] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0134.900] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0134.901] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0134.901] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0134.901] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\2tBPjbJWqnfoG7bq.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\2tbpjbjwqnfog7bq.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-2tBPjbJWqnfoG7bq.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-2tbpjbjwqnfog7bq.swf"), dwFlags=0x1) returned 1 [0134.903] SwitchToThread () returned 1 [0134.903] SetEvent (hEvent=0xfc) returned 1 [0134.903] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.904] SetEvent (hEvent=0xfc) returned 1 [0134.904] SetEvent (hEvent=0x114) returned 1 [0134.904] SetEvent (hEvent=0x324) returned 1 [0134.904] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.905] SetEvent (hEvent=0x114) returned 1 [0134.905] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0134.906] VirtualFree (lpAddress=0xc0002f2000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0134.907] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0134.908] VirtualFree (lpAddress=0xc00028c000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0134.908] VirtualFree (lpAddress=0xc00025a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0134.909] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.909] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.909] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.910] VirtualFree (lpAddress=0xc000212000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0134.910] VirtualFree (lpAddress=0xc0001e2000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0134.911] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.911] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0134.911] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.912] VirtualFree (lpAddress=0xc00006e000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0134.912] VirtualFree (lpAddress=0xc000054000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0134.913] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.913] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.913] SetEvent (hEvent=0x324) returned 1 [0134.913] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0135.666] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0135.678] SetEvent (hEvent=0x114) returned 1 [0135.678] SetEvent (hEvent=0x324) returned 1 [0135.678] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CZwCUzEmtmNh.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\czwcuzemtmnh.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0135.679] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0000c3cf4 | out: lpMode=0xc0000c3cf4) returned 0 [0135.682] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0135.686] SetEvent (hEvent=0x114) returned 1 [0135.686] GetFileType (hFile=0x1b0) returned 0x1 [0135.686] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0135.706] GetFileType (hFile=0x1b0) returned 0x1 [0135.706] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0000c3d44 | out: lpFileInformation=0xc0000c3d44) returned 1 [0135.706] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0000c3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c3d28) returned 1 [0135.706] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0135.709] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x132e4, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0000c3c04*=0x130e4, lpOverlapped=0x0) returned 1 [0135.710] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0002b70e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b70e4*, lpNumberOfBytesRead=0xc0000c3c04*=0x0, lpOverlapped=0x0) returned 1 [0135.710] CloseHandle (hObject=0x1b0) returned 1 [0135.710] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0135.711] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0135.712] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0135.712] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0135.715] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CZwCUzEmtmNh.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\czwcuzemtmnh.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0135.717] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0000c3d04 | out: lpMode=0xc0000c3d04) returned 0 [0135.723] GetFileType (hFile=0x1b0) returned 0x1 [0135.723] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0002f2000*, nNumberOfBytesToWrite=0x130f0, lpNumberOfBytesWritten=0xc0000c3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f2000*, lpNumberOfBytesWritten=0xc0000c3cec*=0x130f0, lpOverlapped=0x0) returned 1 [0135.726] CloseHandle (hObject=0x1b0) returned 1 [0135.726] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0135.726] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a101 | out: pbBuffer=0xc00028a101) returned 1 [0135.727] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0135.727] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0135.728] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0135.728] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0135.729] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0135.730] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0135.730] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CZwCUzEmtmNh.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\czwcuzemtmnh.gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0135.730] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0000c3d64 | out: lpMode=0xc0000c3d64) returned 0 [0135.733] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0135.762] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0135.763] SetEvent (hEvent=0x334) returned 1 [0135.763] SetEvent (hEvent=0x12c) returned 1 [0135.763] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0136.425] SetEvent (hEvent=0x334) returned 1 [0136.425] SetEvent (hEvent=0x324) returned 1 [0136.425] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0137.167] SetEvent (hEvent=0xfc) returned 1 [0137.167] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002021a0*, nNumberOfCharsToWrite=0xd0, lpNumberOfCharsWritten=0xc000177808, lpReserved=0x0 | out: lpBuffer=0xc0002021a0*, lpNumberOfCharsWritten=0xc000177808*=0xd0) returned 1 [0137.174] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0137.300] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0137.301] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0137.302] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0137.302] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0137.302] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0137.303] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0137.303] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0137.304] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0137.305] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0137.305] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0137.306] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0137.306] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0137.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0137.307] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000177d64 | out: lpMode=0xc000177d64) returned 0 [0137.409] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0137.893] GetFileType (hFile=0x36c) returned 0x1 [0137.893] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000177d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000177d4c*=0x158, lpOverlapped=0x0) returned 1 [0137.894] CloseHandle (hObject=0x36c) returned 1 [0137.895] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\encry-83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\encry-83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwFlags=0x1) returned 1 [0137.896] SetEvent (hEvent=0x334) returned 1 [0137.896] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0138.015] SetEvent (hEvent=0x3c8) returned 1 [0138.015] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0138.569] SetEvent (hEvent=0x12c) returned 1 [0138.569] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0138.613] SetEvent (hEvent=0x3c8) returned 1 [0138.613] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0138.809] SetEvent (hEvent=0x354) returned 1 [0138.809] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0138.815] SetEvent (hEvent=0x3c8) returned 1 [0138.815] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0138.824] SetEvent (hEvent=0x39c) returned 1 [0138.825] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0138.848] SetEvent (hEvent=0x12c) returned 1 [0138.848] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0139.805] SetEvent (hEvent=0x39c) returned 1 [0139.805] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0139.806] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001d1cf4 | out: lpMode=0xc0001d1cf4) returned 0 [0139.818] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0139.826] SetEvent (hEvent=0xc0) returned 1 [0139.826] SetEvent (hEvent=0x39c) returned 1 [0139.826] GetFileType (hFile=0x2cc) returned 0x1 [0139.826] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0139.885] SetEvent (hEvent=0x39c) returned 1 [0139.885] GetFileType (hFile=0x2cc) returned 0x1 [0139.885] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc0001d1d44 | out: lpFileInformation=0xc0001d1d44) returned 1 [0139.885] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc0001d1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d1d28) returned 1 [0139.885] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00011cb40, nNumberOfBytesToRead=0x234, lpNumberOfBytesRead=0xc0001d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011cb40*, lpNumberOfBytesRead=0xc0001d1c04*=0x34, lpOverlapped=0x0) returned 1 [0139.887] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00011cb74, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011cb74*, lpNumberOfBytesRead=0xc0001d1c04*=0x0, lpOverlapped=0x0) returned 1 [0139.887] CloseHandle (hObject=0x2cc) returned 1 [0139.887] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0139.887] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat\\*", lpFindFileData=0xc0001d1a08 | out: lpFindFileData=0xc0001d1a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0139.887] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0139.888] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001d1720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0139.888] VirtualFree (lpAddress=0xc000400000, dwSize=0x5e000, dwFreeType=0x4000) returned 1 [0139.891] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.891] VirtualFree (lpAddress=0xc000346000, dwSize=0x60000, dwFreeType=0x4000) returned 1 [0139.894] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0139.894] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.895] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0139.895] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.896] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.896] SetEvent (hEvent=0x324) returned 1 [0139.896] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.083] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00014b818, lpReserved=0x0 | out: lpBuffer=0xc0005861a0*, lpNumberOfCharsWritten=0xc00014b818*=0x3) returned 1 [0140.085] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.098] SetEvent (hEvent=0x39c) returned 1 [0140.098] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.106] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f9818, lpReserved=0x0 | out: lpBuffer=0xc0005861f0*, lpNumberOfCharsWritten=0xc0000f9818*=0x3) returned 1 [0140.117] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002f0000*, nNumberOfCharsToWrite=0x7b, lpNumberOfCharsWritten=0xc000277808, lpReserved=0x0 | out: lpBuffer=0xc0002f0000*, lpNumberOfCharsWritten=0xc000277808*=0x7b) returned 1 [0140.135] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0101 | out: pbBuffer=0xc0002f0101) returned 1 [0140.136] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0140.137] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0140.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0140.138] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000277d64 | out: lpMode=0xc000277d64) returned 0 [0140.151] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.157] SetEvent (hEvent=0xfc) returned 1 [0140.157] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.199] SetEvent (hEvent=0x39c) returned 1 [0140.199] SetEvent (hEvent=0x324) returned 1 [0140.200] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.202] SetEvent (hEvent=0x39c) returned 1 [0140.203] SetEvent (hEvent=0x324) returned 1 [0140.203] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.468] SetEvent (hEvent=0x324) returned 1 [0140.468] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.598] SetEvent (hEvent=0x324) returned 1 [0140.598] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.613] SetEvent (hEvent=0x39c) returned 1 [0140.613] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.622] SetEvent (hEvent=0x324) returned 1 [0140.622] SetEvent (hEvent=0x354) returned 1 [0140.622] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.626] SetEvent (hEvent=0x39c) returned 1 [0140.626] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.632] SetEvent (hEvent=0x39c) returned 1 [0140.632] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.878] SetEvent (hEvent=0x3c8) returned 1 [0140.878] SetEvent (hEvent=0xfc) returned 1 [0140.878] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.883] SetEvent (hEvent=0x3c8) returned 1 [0140.884] SetEvent (hEvent=0x30c) returned 1 [0140.884] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.893] SetEvent (hEvent=0x3c8) returned 1 [0140.893] SetEvent (hEvent=0x324) returned 1 [0140.893] SetEvent (hEvent=0x30c) returned 1 [0140.893] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.905] SetEvent (hEvent=0x3c8) returned 1 [0140.906] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.906] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010070*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00013f818, lpReserved=0x0 | out: lpBuffer=0xc000010070*, lpNumberOfCharsWritten=0xc00013f818*=0x3) returned 1 [0140.907] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010076*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000191818, lpReserved=0x0 | out: lpBuffer=0xc000010076*, lpNumberOfCharsWritten=0xc000191818*=0x3) returned 1 [0140.918] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000143818, lpReserved=0x0 | out: lpBuffer=0xc000010080*, lpNumberOfCharsWritten=0xc000143818*=0x3) returned 1 [0140.923] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.924] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586268*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000049818, lpReserved=0x0 | out: lpBuffer=0xc000586268*, lpNumberOfCharsWritten=0xc000049818*=0x3) returned 1 [0140.929] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586270*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b9818, lpReserved=0x0 | out: lpBuffer=0xc000586270*, lpNumberOfCharsWritten=0xc0001b9818*=0x3) returned 1 [0140.930] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.933] SetEvent (hEvent=0x3c8) returned 1 [0140.933] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0140.934] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cf818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc0001cf818*=0x3) returned 1 [0140.941] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0006*, lpNumberOfCharsWritten=0xc0001d1818*=0x3) returned 1 [0140.943] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586038*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000177818, lpReserved=0x0 | out: lpBuffer=0xc000586038*, lpNumberOfCharsWritten=0xc000177818*=0x3) returned 1 [0140.944] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00027b818, lpReserved=0x0 | out: lpBuffer=0xc0005861f0*, lpNumberOfCharsWritten=0xc00027b818*=0x3) returned 1 [0140.976] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861f6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000253818, lpReserved=0x0 | out: lpBuffer=0xc0005861f6*, lpNumberOfCharsWritten=0xc000253818*=0x3) returned 1 [0141.000] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0141.095] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a097a*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002d9818, lpReserved=0x0 | out: lpBuffer=0xc0000a097a*, lpNumberOfCharsWritten=0xc0002d9818*=0x3) returned 1 [0141.110] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0141.110] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a09a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d5818, lpReserved=0x0 | out: lpBuffer=0xc0000a09a0*, lpNumberOfCharsWritten=0xc0001d5818*=0x3) returned 1 [0141.117] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0141.446] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020d818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc00020d818*=0x3) returned 1 [0141.447] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002df818, lpReserved=0x0 | out: lpBuffer=0xc000586016*, lpNumberOfCharsWritten=0xc0002df818*=0x3) returned 1 [0141.450] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cd818, lpReserved=0x0 | out: lpBuffer=0xc0005861f0*, lpNumberOfCharsWritten=0xc0001cd818*=0x3) returned 1 [0141.451] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861f6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00026d818, lpReserved=0x0 | out: lpBuffer=0xc0005861f6*, lpNumberOfCharsWritten=0xc00026d818*=0x3) returned 1 [0141.455] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0141.511] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02d0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000135818, lpReserved=0x0 | out: lpBuffer=0xc0000a02d0*, lpNumberOfCharsWritten=0xc000135818*=0x3) returned 1 [0141.513] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02d6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024b818, lpReserved=0x0 | out: lpBuffer=0xc0000a02d6*, lpNumberOfCharsWritten=0xc00024b818*=0x3) returned 1 [0141.521] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00004c1c0*, nNumberOfCharsToWrite=0x6e, lpNumberOfCharsWritten=0xc000031808, lpReserved=0x0 | out: lpBuffer=0xc00004c1c0*, lpNumberOfCharsWritten=0xc000031808*=0x6e) returned 1 [0141.523] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0141.523] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0141.524] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0141.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3ec [0141.525] GetConsoleMode (in: hConsoleHandle=0x3ec, lpMode=0xc000031d64 | out: lpMode=0xc000031d64) returned 0 [0141.530] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0142.331] GetFileType (hFile=0x3ec) returned 0x1 [0142.331] WriteFile (in: hFile=0x3ec, lpBuffer=0xc00007f760*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000031d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007f760*, lpNumberOfBytesWritten=0xc000031d4c*=0x158, lpOverlapped=0x0) returned 1 [0142.824] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0143.989] SetEvent (hEvent=0xc0) returned 1 [0143.989] CloseHandle (hObject=0x3ec) returned 1 [0143.990] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0144.689] SetEvent (hEvent=0x1c4) returned 1 [0144.689] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0144.690] SetEvent (hEvent=0x114) returned 1 [0144.690] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0145.630] SetEvent (hEvent=0xab8) returned 1 [0145.630] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0145.796] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0145.797] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0145.803] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe30*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0145.806] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0145.806] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0145.807] SetEvent (hEvent=0xc1c) returned 1 [0145.807] SetEvent (hEvent=0xb48) returned 1 [0145.807] SetEvent (hEvent=0x1f8) returned 1 [0145.809] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.815] SetEvent (hEvent=0xb48) returned 1 [0145.815] SetEvent (hEvent=0xc1c) returned 1 [0145.815] SetEvent (hEvent=0x448) returned 1 [0145.815] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.823] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0145.823] SetEvent (hEvent=0x264) returned 1 [0145.823] SetEvent (hEvent=0xb48) returned 1 [0145.823] SetEvent (hEvent=0xc1c) returned 1 [0145.823] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.837] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0145.839] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x780 [0145.840] GetConsoleMode (in: hConsoleHandle=0x780, lpMode=0xc00023dcf4 | out: lpMode=0xc00023dcf4) returned 0 [0145.840] GetFileType (hFile=0x780) returned 0x1 [0145.840] GetFileType (hFile=0x780) returned 0x1 [0145.840] GetFileInformationByHandle (in: hFile=0x780, lpFileInformation=0xc00023dd44 | out: lpFileInformation=0xc00023dd44) returned 1 [0145.840] GetFileInformationByHandleEx (in: hFile=0x780, FileInformationClass=0x9, lpFileInformation=0xc00023dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023dd28) returned 1 [0145.841] ReadFile (in: hFile=0x780, lpBuffer=0xc000070000, nNumberOfBytesToRead=0x700, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesRead=0xc00023dc04*=0x500, lpOverlapped=0x0) returned 1 [0145.845] ReadFile (in: hFile=0x780, lpBuffer=0xc000070500, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000070500*, lpNumberOfBytesRead=0xc00023dc04*=0x0, lpOverlapped=0x0) returned 1 [0145.845] CloseHandle (hObject=0x780) returned 1 [0145.845] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0145.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0145.849] GetConsoleMode (in: hConsoleHandle=0x780, lpMode=0xc00023dd04 | out: lpMode=0xc00023dd04) returned 0 [0145.853] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0146.084] GetFileType (hFile=0x780) returned 0x1 [0146.084] WriteFile (in: hFile=0x780, lpBuffer=0xc00010e000*, nNumberOfBytesToWrite=0x510, lpNumberOfBytesWritten=0xc00023dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00010e000*, lpNumberOfBytesWritten=0xc00023dcec*=0x510, lpOverlapped=0x0) returned 1 [0146.084] CloseHandle (hObject=0x780) returned 1 [0146.085] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0146.085] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0146.085] GetConsoleMode (in: hConsoleHandle=0x780, lpMode=0xc00023dd64 | out: lpMode=0xc00023dd64) returned 0 [0146.088] GetFileType (hFile=0x780) returned 0x1 [0146.088] WriteFile (in: hFile=0x780, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc00023dd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.088] CloseHandle (hObject=0x780) returned 1 [0146.089] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\encry-Command Prompt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\encry-command prompt.lnk"), dwFlags=0x1) returned 1 [0146.093] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0146.093] SetEvent (hEvent=0xc4c) returned 1 [0146.093] SetEvent (hEvent=0xbe0) returned 1 [0146.093] SetEvent (hEvent=0xc54) returned 1 [0146.096] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.097] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0146.097] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.104] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0146.104] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0146.104] SetEvent (hEvent=0xc4c) returned 1 [0146.104] SetEvent (hEvent=0xbe0) returned 1 [0146.104] SetEvent (hEvent=0xc54) returned 1 [0146.104] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.108] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0150.253] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f698, ulCount=0x10, ulNumEntriesRemoved=0x2a89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f698, ulNumEntriesRemoved=0x2a89f66c) returned 0 [0150.253] SetEvent (hEvent=0xa38) returned 1 [0150.253] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0150.257] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe08*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.259] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0150.259] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2a89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2a89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2a89f6a0, ulNumEntriesRemoved=0x2a89f674) returned 0 [0150.259] SetEvent (hEvent=0xa38) returned 1 [0150.259] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2a89fe18*=0xec, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.361] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0150.361] SwitchToThread () returned 1 [0150.380] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0150.387] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0150.392] SetEvent (hEvent=0x898) returned 1 [0150.392] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0150.397] SetEvent (hEvent=0x898) returned 1 [0150.397] SetEvent (hEvent=0xa38) returned 1 [0150.397] SetEvent (hEvent=0x1f8) returned 1 [0150.397] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0150.399] SetEvent (hEvent=0x898) returned 1 [0150.399] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0150.407] SetEvent (hEvent=0x898) returned 1 [0150.407] VirtualFree (lpAddress=0xc000708000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0150.409] VirtualFree (lpAddress=0xc000678000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0150.410] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.411] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.412] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0150.413] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.414] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.415] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000495818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000495818*=0x3) returned 1 [0150.419] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0150.426] SetEvent (hEvent=0x1c4) returned 1 [0150.426] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0150.429] SetEvent (hEvent=0x1c4) returned 1 [0150.429] SetEvent (hEvent=0xa38) returned 1 [0150.429] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.431] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.432] VirtualFree (lpAddress=0xc00010e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0150.433] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.434] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.435] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.436] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000421818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc000421818*=0x3) returned 1 [0150.438] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0150.442] SetEvent (hEvent=0xb50) returned 1 [0150.442] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) returned 0x0 [0150.447] SetEvent (hEvent=0xb50) returned 1 [0150.447] SetEvent (hEvent=0xa38) returned 1 [0150.447] SetEvent (hEvent=0x1f8) returned 1 [0150.447] WaitForSingleObject (hHandle=0xec, dwMilliseconds=0xffffffff) Thread: id = 32 os_tid = 0x9f0 [0114.357] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2aa9fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2aa9fea0*=0x1f4) returned 1 [0114.357] VirtualQuery (in: lpAddress=0x2aa9fec0, lpBuffer=0x2aa9fec0, dwLength=0x30 | out: lpBuffer=0x2aa9fec0*(BaseAddress=0x2aa9f000, AllocationBase=0x2a8a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0114.357] SetEvent (hEvent=0x12c) returned 1 [0114.357] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1f8 [0114.357] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1fc [0114.357] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.367] SetEvent (hEvent=0x120) returned 1 [0114.367] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.369] SetEvent (hEvent=0xb8) returned 1 [0114.369] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.373] SetEvent (hEvent=0x1d0) returned 1 [0114.373] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.385] SetEvent (hEvent=0xb8) returned 1 [0114.385] SetEvent (hEvent=0x1d4) returned 1 [0114.385] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.388] SetEvent (hEvent=0x1d4) returned 1 [0114.388] SetEvent (hEvent=0x1c4) returned 1 [0114.388] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.412] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.417] SetEvent (hEvent=0x198) returned 1 [0114.417] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.417] SetEvent (hEvent=0x198) returned 1 [0114.417] SetEvent (hEvent=0x1d4) returned 1 [0114.417] VirtualFree (lpAddress=0xc000380000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0114.418] VirtualFree (lpAddress=0xc00030e000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.419] VirtualFree (lpAddress=0xc000308000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.419] VirtualFree (lpAddress=0xc0002ca000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.419] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.420] VirtualFree (lpAddress=0xc0001c2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.420] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.420] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.421] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.421] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.421] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.421] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.422] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.422] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.423] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.423] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc000241818*=0x3) returned 1 [0114.424] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.443] SetEvent (hEvent=0x198) returned 1 [0114.443] VirtualAlloc (lpAddress=0xc00039a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00039a000 [0114.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1e0 [0114.445] GetConsoleMode (in: hConsoleHandle=0x1e0, lpMode=0xc00018fcf4 | out: lpMode=0xc00018fcf4) returned 0 [0114.446] GetFileType (hFile=0x1e0) returned 0x1 [0114.446] GetFileType (hFile=0x1e0) returned 0x1 [0114.446] GetFileInformationByHandle (in: hFile=0x1e0, lpFileInformation=0xc00018fd44 | out: lpFileInformation=0xc00018fd44) returned 1 [0114.446] GetFileInformationByHandleEx (in: hFile=0x1e0, FileInformationClass=0x9, lpFileInformation=0xc00018fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018fd28) returned 1 [0114.446] VirtualAlloc (lpAddress=0xc00039c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00039c000 [0114.447] ReadFile (in: hFile=0x1e0, lpBuffer=0xc00039c000, nNumberOfBytesToRead=0x7c52, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00039c000*, lpNumberOfBytesRead=0xc00018fc04*=0x7a52, lpOverlapped=0x0) returned 1 [0114.486] ReadFile (in: hFile=0x1e0, lpBuffer=0xc0003a3a52, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003a3a52*, lpNumberOfBytesRead=0xc00018fc04*=0x0, lpOverlapped=0x0) returned 1 [0114.486] CloseHandle (hObject=0x1e0) returned 1 [0114.486] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0114.487] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0114.488] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0114.488] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\adition[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\adition[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0114.512] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.515] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00018fd04 | out: lpMode=0xc00018fd04) returned 0 [0114.517] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.522] SetEvent (hEvent=0x1dc) returned 1 [0114.522] SwitchToThread () returned 1 [0114.716] SwitchToThread () returned 1 [0114.719] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.728] SetEvent (hEvent=0x12c) returned 1 [0114.728] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.743] SetEvent (hEvent=0x1dc) returned 1 [0114.743] SetEvent (hEvent=0x1d0) returned 1 [0114.743] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.748] SetEvent (hEvent=0xfc) returned 1 [0114.748] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.758] SetEvent (hEvent=0x12c) returned 1 [0114.759] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.775] SetEvent (hEvent=0x1dc) returned 1 [0114.776] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b4 [0114.776] GetConsoleMode (in: hConsoleHandle=0x1b4, lpMode=0xc0001b5cf4 | out: lpMode=0xc0001b5cf4) returned 0 [0114.777] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.781] GetFileType (hFile=0x1b4) returned 0x1 [0114.781] GetFileType (hFile=0x1b4) returned 0x1 [0114.781] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc0001b5d44 | out: lpFileInformation=0xc0001b5d44) returned 1 [0114.781] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc0001b5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b5d28) returned 1 [0114.781] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0114.783] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x13e06, lpNumberOfBytesRead=0xc0001b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc0001b5c04*=0x13c06, lpOverlapped=0x0) returned 1 [0114.791] ReadFile (in: hFile=0x1b4, lpBuffer=0xc000359c06, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000359c06*, lpNumberOfBytesRead=0xc0001b5c04*=0x0, lpOverlapped=0x0) returned 1 [0114.791] CloseHandle (hObject=0x1b4) returned 1 [0114.791] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0114.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0114.809] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001b5d04 | out: lpMode=0xc0001b5d04) returned 0 [0114.811] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.819] SetEvent (hEvent=0xb8) returned 1 [0114.819] GetFileType (hFile=0x150) returned 0x1 [0114.820] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.822] WriteFile (in: hFile=0x150, lpBuffer=0xc0002e2000*, nNumberOfBytesToWrite=0x13c10, lpNumberOfBytesWritten=0xc0001b5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesWritten=0xc0001b5cec*=0x13c10, lpOverlapped=0x0) returned 1 [0114.825] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.833] CloseHandle (hObject=0x150) returned 1 [0114.833] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0114.834] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0114.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0114.834] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc0001b5d64 | out: lpMode=0xc0001b5d64) returned 0 [0114.839] GetFileType (hFile=0x150) returned 0x1 [0114.839] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0114.840] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc0001b5d4c*=0x158, lpOverlapped=0x0) returned 1 [0114.840] CloseHandle (hObject=0x150) returned 1 [0114.844] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.847] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\benefits-2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\benefits-2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-benefits-2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-benefits-2[1].jpg"), dwFlags=0x1) returned 1 [0114.933] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2aa9f698, ulCount=0x10, ulNumEntriesRemoved=0x2aa9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2aa9f698, ulNumEntriesRemoved=0x2aa9f66c) returned 0 [0114.933] SetEvent (hEvent=0x12c) returned 1 [0114.933] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0114.934] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2aa9fe08*=0x1f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.935] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.935] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2aa9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2aa9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2aa9f6a0, ulNumEntriesRemoved=0x2aa9f674) returned 0 [0114.935] SetEvent (hEvent=0x12c) returned 1 [0114.935] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2aa9fe18*=0x1f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0114.948] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.948] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.954] SetEvent (hEvent=0x1c4) returned 1 [0114.954] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.958] SetEvent (hEvent=0x1c4) returned 1 [0114.958] SetEvent (hEvent=0x198) returned 1 [0114.958] VirtualFree (lpAddress=0xc0003c4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0114.959] VirtualFree (lpAddress=0xc00035a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.959] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0114.959] VirtualFree (lpAddress=0xc00004c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0114.960] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0114.960] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000065818, lpReserved=0x0 | out: lpBuffer=0xc0000a0048*, lpNumberOfCharsWritten=0xc000065818*=0x2) returned 1 [0114.961] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.969] SetEvent (hEvent=0x1d0) returned 1 [0114.969] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0114.972] SetEvent (hEvent=0x1d0) returned 1 [0114.972] SetEvent (hEvent=0x198) returned 1 [0114.972] SwitchToThread () returned 1 [0115.067] SetEvent (hEvent=0x1d0) returned 1 [0115.067] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.070] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0115.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x210 [0115.071] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0115.072] GetFileType (hFile=0x210) returned 0x1 [0115.072] GetFileType (hFile=0x210) returned 0x1 [0115.072] GetFileInformationByHandle (in: hFile=0x210, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0115.072] GetFileInformationByHandleEx (in: hFile=0x210, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0115.072] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0115.076] ReadFile (in: hFile=0x210, lpBuffer=0xc0002fa000, nNumberOfBytesToRead=0x29549, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fa000*, lpNumberOfBytesRead=0xc0006e1c04*=0x29349, lpOverlapped=0x0) returned 1 [0115.082] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.084] SetEvent (hEvent=0x1d0) returned 1 [0115.084] ReadFile (in: hFile=0x210, lpBuffer=0xc000323349, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000323349*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0115.084] CloseHandle (hObject=0x210) returned 1 [0115.084] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0115.084] VirtualAlloc (lpAddress=0xc000366000, dwSize=0x2a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000366000 [0115.089] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0115.096] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0115.097] GetFileType (hFile=0x1b0) returned 0x1 [0115.097] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000366000*, nNumberOfBytesToWrite=0x29350, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000366000*, lpNumberOfBytesWritten=0xc0006e1cec*=0x29350, lpOverlapped=0x0) returned 1 [0115.101] CloseHandle (hObject=0x1b0) returned 1 [0115.105] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0115.106] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0115.106] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0115.106] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0115.107] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0115.107] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0115.108] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0115.108] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0115.109] GetFileType (hFile=0x1b0) returned 0x1 [0115.109] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0115.109] CloseHandle (hObject=0x1b0) returned 1 [0115.111] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\core[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\core[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-core[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-core[1].css"), dwFlags=0x1) returned 1 [0115.143] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2aa9f698, ulCount=0x10, ulNumEntriesRemoved=0x2aa9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2aa9f698, ulNumEntriesRemoved=0x2aa9f66c) returned 0 [0115.143] SetEvent (hEvent=0x12c) returned 1 [0115.143] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0115.145] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2aa9fe08*=0x1f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.147] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.147] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2aa9fe08*=0x1f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.155] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2aa9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2aa9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2aa9f6a0, ulNumEntriesRemoved=0x2aa9f674) returned 0 [0115.155] SetEvent (hEvent=0xfc) returned 1 [0115.156] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2aa9fe18*=0x1f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.167] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.167] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.181] SetEvent (hEvent=0x120) returned 1 [0115.181] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0115.183] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0115.184] GetFileType (hFile=0x1b0) returned 0x1 [0115.184] GetFileType (hFile=0x1b0) returned 0x1 [0115.184] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0115.184] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0115.184] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0115.186] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0xfaf5, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc0006e1c04*=0xf8f5, lpOverlapped=0x0) returned 1 [0115.200] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0002698f5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002698f5*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0115.200] CloseHandle (hObject=0x1b0) returned 1 [0115.200] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0115.201] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0115.203] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0115.206] SetEvent (hEvent=0xc0) returned 1 [0115.206] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0115.206] GetFileType (hFile=0x1b0) returned 0x1 [0115.206] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00027c000*, nNumberOfBytesToWrite=0xf900, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesWritten=0xc0006e1cec*=0xf900, lpOverlapped=0x0) returned 1 [0115.208] CloseHandle (hObject=0x1b0) returned 1 [0115.209] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532101 | out: pbBuffer=0xc000532101) returned 1 [0115.209] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0115.209] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0115.210] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0115.210] GetFileType (hFile=0x1b0) returned 0x1 [0115.210] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0115.211] CloseHandle (hObject=0x1b0) returned 1 [0115.212] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\eula_text[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\eula_text[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-eula_text[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-eula_text[1].htm"), dwFlags=0x1) returned 1 [0115.249] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2aa9fe30*=0x1f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.250] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2aa9f698, ulCount=0x10, ulNumEntriesRemoved=0x2aa9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2aa9f698, ulNumEntriesRemoved=0x2aa9f66c) returned 0 [0115.250] SetEvent (hEvent=0x120) returned 1 [0115.250] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2aa9fe08*=0x1f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.251] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2aa9fe08*=0x1f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.254] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2aa9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2aa9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2aa9f6a0, ulNumEntriesRemoved=0x2aa9f674) returned 0 [0115.254] SetEvent (hEvent=0x1dc) returned 1 [0115.254] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2aa9fe18*=0x1f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.257] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.272] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.291] SwitchToThread () returned 1 [0115.292] SetEvent (hEvent=0x12c) returned 1 [0115.292] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0115.293] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0115.293] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0115.294] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0000f3cf4 | out: lpMode=0xc0000f3cf4) returned 0 [0115.294] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.300] GetFileType (hFile=0x1b0) returned 0x1 [0115.300] GetFileType (hFile=0x1b0) returned 0x1 [0115.300] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0000f3d44 | out: lpFileInformation=0xc0000f3d44) returned 1 [0115.301] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0000f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f3d28) returned 1 [0115.301] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0115.301] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000102000, nNumberOfBytesToRead=0x2a2, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfBytesRead=0xc0000f3c04*=0xa2, lpOverlapped=0x0) returned 1 [0115.304] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0001020a2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001020a2*, lpNumberOfBytesRead=0xc0000f3c04*=0x0, lpOverlapped=0x0) returned 1 [0115.304] CloseHandle (hObject=0x1b0) returned 1 [0115.304] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0115.305] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0115.306] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0115.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0115.311] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc0000f3d04 | out: lpMode=0xc0000f3d04) returned 0 [0115.313] GetFileType (hFile=0x210) returned 0x1 [0115.313] WriteFile (in: hFile=0x210, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0xc0000f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc0000f3cec*=0xb0, lpOverlapped=0x0) returned 1 [0115.314] CloseHandle (hObject=0x210) returned 1 [0115.315] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0115.315] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0115.315] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0115.316] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0115.316] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0115.316] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc0000f3d64 | out: lpMode=0xc0000f3d64) returned 0 [0115.317] GetFileType (hFile=0x210) returned 0x1 [0115.317] WriteFile (in: hFile=0x210, lpBuffer=0xc000094580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000094580*, lpNumberOfBytesWritten=0xc0000f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0115.317] CloseHandle (hObject=0x210) returned 1 [0115.318] VirtualAlloc (lpAddress=0xc00013a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013a000 [0115.319] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\print[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\print[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-print[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-print[1].txt"), dwFlags=0x1) returned 1 [0115.383] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2aa9f698, ulCount=0x10, ulNumEntriesRemoved=0x2aa9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2aa9f698, ulNumEntriesRemoved=0x2aa9f66c) returned 0 [0115.384] SetEvent (hEvent=0x120) returned 1 [0115.384] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2aa9fe08*=0x1f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.385] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.385] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2aa9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2aa9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2aa9f6a0, ulNumEntriesRemoved=0x2aa9f674) returned 0 [0115.385] SetEvent (hEvent=0x120) returned 1 [0115.385] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2aa9fe18*=0x1f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.391] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.391] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.403] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.413] SetEvent (hEvent=0x1d0) returned 1 [0115.413] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.417] SetEvent (hEvent=0x1d0) returned 1 [0115.417] SetEvent (hEvent=0xfc) returned 1 [0115.417] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0115.418] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.418] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.418] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.418] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.419] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0115.419] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc0006dd818*=0x2) returned 1 [0115.422] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.431] SetEvent (hEvent=0x12c) returned 1 [0115.431] SetEvent (hEvent=0xfc) returned 1 [0115.431] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0115.431] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[4]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[4]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0115.432] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000035cf4 | out: lpMode=0xc000035cf4) returned 0 [0115.436] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0115.437] GetFileType (hFile=0x1b0) returned 0x1 [0115.437] GetFileType (hFile=0x1b0) returned 0x1 [0115.437] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000035d44 | out: lpFileInformation=0xc000035d44) returned 1 [0115.437] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000035d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000035d28) returned 1 [0115.437] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0115.438] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0x2fa9, lpNumberOfBytesRead=0xc000035c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc000035c04*=0x2da9, lpOverlapped=0x0) returned 1 [0115.443] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00011eda9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000035c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011eda9*, lpNumberOfBytesRead=0xc000035c04*=0x0, lpOverlapped=0x0) returned 1 [0115.443] CloseHandle (hObject=0x1b0) returned 1 [0115.443] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[4]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[4]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x208 [0115.448] GetConsoleMode (in: hConsoleHandle=0x208, lpMode=0xc000035d04 | out: lpMode=0xc000035d04) returned 0 [0115.450] GetFileType (hFile=0x208) returned 0x1 [0115.450] WriteFile (in: hFile=0x208, lpBuffer=0xc00011f000*, nNumberOfBytesToWrite=0x2db0, lpNumberOfBytesWritten=0xc000035cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011f000*, lpNumberOfBytesWritten=0xc000035cec*=0x2db0, lpOverlapped=0x0) returned 1 [0115.452] CloseHandle (hObject=0x208) returned 1 [0115.457] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0115.457] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0115.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[4]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[4]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x210 [0115.458] GetConsoleMode (in: hConsoleHandle=0x210, lpMode=0xc000035d64 | out: lpMode=0xc000035d64) returned 0 [0115.459] GetFileType (hFile=0x210) returned 0x1 [0115.459] WriteFile (in: hFile=0x210, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000035d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000035d4c*=0x158, lpOverlapped=0x0) returned 1 [0115.459] CloseHandle (hObject=0x210) returned 1 [0115.489] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\v2[4]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\v2[4]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\ABV8L7MY\\encry-v2[4]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\abv8l7my\\encry-v2[4]"), dwFlags=0x1) returned 1 [0115.534] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2aa9fe30*=0x1f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.537] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2aa9f698, ulCount=0x10, ulNumEntriesRemoved=0x2aa9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2aa9f698, ulNumEntriesRemoved=0x2aa9f66c) returned 0 [0115.537] SetEvent (hEvent=0xc0) returned 1 [0115.537] SetEvent (hEvent=0x120) returned 1 [0115.537] SetEvent (hEvent=0x198) returned 1 [0115.537] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2aa9fe08*=0x1f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.544] SetEvent (hEvent=0x198) returned 1 [0115.544] SetEvent (hEvent=0x120) returned 1 [0115.544] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2aa9fe08*=0x1f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.546] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2aa9fe30*=0x1f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.547] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2aa9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2aa9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2aa9f6a0, ulNumEntriesRemoved=0x2aa9f674) returned 0 [0115.547] SetEvent (hEvent=0x120) returned 1 [0115.547] SetEvent (hEvent=0x12c) returned 1 [0115.547] SetEvent (hEvent=0x198) returned 1 [0115.547] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2aa9fe18*=0x1f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x150 [0115.555] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00029fcf4 | out: lpMode=0xc00029fcf4) returned 0 [0115.565] GetFileType (hFile=0x150) returned 0x1 [0115.565] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0115.566] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0115.566] GetFileType (hFile=0x150) returned 0x1 [0115.566] GetFileInformationByHandle (in: hFile=0x150, lpFileInformation=0xc00029fd44 | out: lpFileInformation=0xc00029fd44) returned 1 [0115.566] GetFileInformationByHandleEx (in: hFile=0x150, FileInformationClass=0x9, lpFileInformation=0xc00029fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029fd28) returned 1 [0115.566] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0115.567] ReadFile (in: hFile=0x150, lpBuffer=0xc0000e8000, nNumberOfBytesToRead=0x55c, lpNumberOfBytesRead=0xc00029fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e8000*, lpNumberOfBytesRead=0xc00029fc04*=0x35c, lpOverlapped=0x0) returned 1 [0115.572] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.581] ReadFile (in: hFile=0x150, lpBuffer=0xc0000e835c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e835c*, lpNumberOfBytesRead=0xc00029fc04*=0x0, lpOverlapped=0x0) returned 1 [0115.581] CloseHandle (hObject=0x150) returned 1 [0115.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0115.582] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00029fd04 | out: lpMode=0xc00029fd04) returned 0 [0115.591] GetFileType (hFile=0x150) returned 0x1 [0115.591] WriteFile (in: hFile=0x150, lpBuffer=0xc00007c000*, nNumberOfBytesToWrite=0x360, lpNumberOfBytesWritten=0xc00029fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesWritten=0xc00029fcec*=0x360, lpOverlapped=0x0) returned 1 [0115.592] CloseHandle (hObject=0x150) returned 1 [0115.592] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0201 | out: pbBuffer=0xc0000e0201) returned 1 [0115.592] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x150 [0115.592] GetConsoleMode (in: hConsoleHandle=0x150, lpMode=0xc00029fd64 | out: lpMode=0xc00029fd64) returned 0 [0115.597] GetFileType (hFile=0x150) returned 0x1 [0115.597] WriteFile (in: hFile=0x150, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00029fd4c*=0x158, lpOverlapped=0x0) returned 1 [0115.597] CloseHandle (hObject=0x150) returned 1 [0115.605] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.608] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0115.609] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAkqhIf[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aakqhif[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-AAkqhIf[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-aakqhif[1].png"), dwFlags=0x1) returned 1 [0115.884] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.951] SetEvent (hEvent=0x2b0) returned 1 [0115.951] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0115.952] SetEvent (hEvent=0x148) returned 1 [0115.952] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0116.079] SetEvent (hEvent=0x148) returned 1 [0116.079] SetEvent (hEvent=0x29c) returned 1 [0116.079] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0116.081] SetEvent (hEvent=0x2b0) returned 1 [0116.081] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0116.104] SetEvent (hEvent=0x1e8) returned 1 [0116.105] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0116.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0116.111] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc00010dcf4 | out: lpMode=0xc00010dcf4) returned 0 [0116.112] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0116.216] GetFileType (hFile=0x2c4) returned 0x1 [0116.216] GetFileType (hFile=0x2c4) returned 0x1 [0116.216] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc00010dd44 | out: lpFileInformation=0xc00010dd44) returned 1 [0116.216] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc00010dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00010dd28) returned 1 [0116.216] ReadFile (in: hFile=0x2c4, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x88c, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc00010dc04*=0x68c, lpOverlapped=0x0) returned 1 [0116.220] ReadFile (in: hFile=0x2c4, lpBuffer=0xc00003c68c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00010dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c68c*, lpNumberOfBytesRead=0xc00010dc04*=0x0, lpOverlapped=0x0) returned 1 [0116.220] CloseHandle (hObject=0x2c4) returned 1 [0116.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x244 [0116.303] GetConsoleMode (in: hConsoleHandle=0x244, lpMode=0xc00010dd04 | out: lpMode=0xc00010dd04) returned 0 [0116.304] GetFileType (hFile=0x244) returned 0x1 [0116.304] WriteFile (in: hFile=0x244, lpBuffer=0xc00006c000*, nNumberOfBytesToWrite=0x690, lpNumberOfBytesWritten=0xc00010dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesWritten=0xc00010dcec*=0x690, lpOverlapped=0x0) returned 1 [0116.306] CloseHandle (hObject=0x244) returned 1 [0116.309] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3601 | out: pbBuffer=0xc0001c3601) returned 1 [0116.309] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x37c [0116.309] GetConsoleMode (in: hConsoleHandle=0x37c, lpMode=0xc00010dd64 | out: lpMode=0xc00010dd64) returned 0 [0116.310] GetFileType (hFile=0x37c) returned 0x1 [0116.310] WriteFile (in: hFile=0x37c, lpBuffer=0xc0000bec60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00010dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000bec60*, lpNumberOfBytesWritten=0xc00010dd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.310] CloseHandle (hObject=0x37c) returned 1 [0116.320] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDGTbx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdgtbx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBDGTbx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbdgtbx[1].jpg"), dwFlags=0x1) returned 1 [0116.926] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0116.928] SwitchToThread () returned 1 [0117.025] SwitchToThread () returned 1 [0117.026] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0117.030] SetEvent (hEvent=0x1dc) returned 1 [0117.031] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0117.033] SetEvent (hEvent=0x1dc) returned 1 [0117.033] SetEvent (hEvent=0x1a0) returned 1 [0117.033] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0117.039] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0117.043] SetEvent (hEvent=0x320) returned 1 [0117.043] SwitchToThread () returned 1 [0117.141] SwitchToThread () returned 1 [0117.144] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0117.145] SetEvent (hEvent=0x1dc) returned 1 [0117.145] SetEvent (hEvent=0x320) returned 1 [0117.145] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.146] SwitchToThread () returned 1 [0117.147] SetEvent (hEvent=0x1dc) returned 1 [0117.147] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0117.150] SetEvent (hEvent=0x1dc) returned 1 [0117.150] SetEvent (hEvent=0x320) returned 1 [0117.150] SetEvent (hEvent=0x198) returned 1 [0117.150] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0117.329] SetEvent (hEvent=0x1dc) returned 1 [0117.329] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0117.333] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0117.334] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0117.334] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0117.335] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0117.335] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0117.341] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0117.374] GetFileType (hFile=0x2e8) returned 0x1 [0117.374] GetFileType (hFile=0x2e8) returned 0x1 [0117.374] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0117.375] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0117.375] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000070a80, nNumberOfBytesToRead=0x9b1, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc000070a80*, lpNumberOfBytesRead=0xc000241c04*=0x7b1, lpOverlapped=0x0) returned 1 [0117.381] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000071231, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc000071231*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0117.381] CloseHandle (hObject=0x2e8) returned 1 [0117.381] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0117.381] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0117.412] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000241d04 | out: lpMode=0xc000241d04) returned 0 [0117.418] GetFileType (hFile=0x240) returned 0x1 [0117.418] WriteFile (in: hFile=0x240, lpBuffer=0xc000224000*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0xc000241cec, lpOverlapped=0x0 | out: lpBuffer=0xc000224000*, lpNumberOfBytesWritten=0xc000241cec*=0x7c0, lpOverlapped=0x0) returned 1 [0117.419] CloseHandle (hObject=0x240) returned 1 [0117.441] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0117.606] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f1e01 | out: pbBuffer=0xc0002f1e01) returned 1 [0117.606] VirtualAlloc (lpAddress=0xc000368000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000368000 [0117.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0117.607] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0117.611] GetFileType (hFile=0x23c) returned 0x1 [0117.612] WriteFile (in: hFile=0x23c, lpBuffer=0xc0000d7e40*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7e40*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.612] CloseHandle (hObject=0x23c) returned 1 [0117.623] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0117.708] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-containertag[1].js"), dwFlags=0x1) returned 1 [0118.283] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0118.283] SetEvent (hEvent=0x274) returned 1 [0118.283] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0118.284] SetEvent (hEvent=0x274) returned 1 [0118.284] SwitchToThread () returned 1 [0118.285] SetEvent (hEvent=0x12c) returned 1 [0118.285] SetEvent (hEvent=0x274) returned 1 [0118.285] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0118.288] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0118.291] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0118.292] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0118.293] SetEvent (hEvent=0x274) returned 1 [0118.293] SetEvent (hEvent=0x28c) returned 1 [0118.293] VirtualFree (lpAddress=0xc000374000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0118.294] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.294] SwitchToThread () returned 1 [0118.296] SetEvent (hEvent=0x274) returned 1 [0118.296] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0118.298] SetEvent (hEvent=0x274) returned 1 [0118.298] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0118.399] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0118.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0118.818] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0001ebcf4 | out: lpMode=0xc0001ebcf4) returned 0 [0118.820] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0118.869] GetFileType (hFile=0x3d8) returned 0x1 [0118.869] GetFileType (hFile=0x3d8) returned 0x1 [0118.869] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc0001ebd44 | out: lpFileInformation=0xc0001ebd44) returned 1 [0118.869] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc0001ebd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001ebd28) returned 1 [0118.869] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00050d980, nNumberOfBytesToRead=0x181e, lpNumberOfBytesRead=0xc0001ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesRead=0xc0001ebc04*=0x161e, lpOverlapped=0x0) returned 1 [0118.876] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00050ef9e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc00050ef9e*, lpNumberOfBytesRead=0xc0001ebc04*=0x0, lpOverlapped=0x0) returned 1 [0118.877] CloseHandle (hObject=0x3d8) returned 1 [0118.877] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0118.878] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0001ebd04 | out: lpMode=0xc0001ebd04) returned 0 [0118.884] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0118.983] GetFileType (hFile=0x3d8) returned 0x1 [0118.983] WriteFile (in: hFile=0x3d8, lpBuffer=0xc00006a000*, nNumberOfBytesToWrite=0x1620, lpNumberOfBytesWritten=0xc0001ebcec, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesWritten=0xc0001ebcec*=0x1620, lpOverlapped=0x0) returned 1 [0118.984] CloseHandle (hObject=0x3d8) returned 1 [0118.988] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0119.106] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0701 | out: pbBuffer=0xc0002f0701) returned 1 [0119.106] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0119.106] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0001ebd64 | out: lpMode=0xc0001ebd64) returned 0 [0119.107] GetFileType (hFile=0x2b4) returned 0x1 [0119.107] WriteFile (in: hFile=0x2b4, lpBuffer=0xc000036580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001ebd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000036580*, lpNumberOfBytesWritten=0xc0001ebd4c*=0x158, lpOverlapped=0x0) returned 1 [0119.107] CloseHandle (hObject=0x2b4) returned 1 [0119.109] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBOddp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbboddp[1].jpg"), dwFlags=0x1) returned 1 [0119.514] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0119.514] SetEvent (hEvent=0x274) returned 1 [0119.514] SetEvent (hEvent=0x29c) returned 1 [0119.514] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000045818, lpReserved=0x0 | out: lpBuffer=0xc000586018*, lpNumberOfCharsWritten=0xc000045818*=0x3) returned 1 [0119.515] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0119.516] SetEvent (hEvent=0x274) returned 1 [0119.516] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0119.518] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0119.568] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0119.571] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0119.671] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0141.490] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6m-whhzR4vM.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6m-whhzr4vm.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e4 [0141.491] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc00022bcf4 | out: lpMode=0xc00022bcf4) returned 0 [0141.492] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0141.544] GetFileType (hFile=0x2e4) returned 0x1 [0141.544] GetFileType (hFile=0x2e4) returned 0x1 [0141.544] GetFileInformationByHandle (in: hFile=0x2e4, lpFileInformation=0xc00022bd44 | out: lpFileInformation=0xc00022bd44) returned 1 [0141.545] GetFileInformationByHandleEx (in: hFile=0x2e4, FileInformationClass=0x9, lpFileInformation=0xc00022bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022bd28) returned 1 [0141.545] ReadFile (in: hFile=0x2e4, lpBuffer=0xc0002bd300, nNumberOfBytesToRead=0x10d9, lpNumberOfBytesRead=0xc00022bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002bd300*, lpNumberOfBytesRead=0xc00022bc04*=0xed9, lpOverlapped=0x0) returned 1 [0142.524] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0143.103] ReadFile (in: hFile=0x2e4, lpBuffer=0xc0002be1d9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002be1d9*, lpNumberOfBytesRead=0xc00022bc04*=0x0, lpOverlapped=0x0) returned 1 [0143.103] CloseHandle (hObject=0x2e4) returned 1 [0143.103] VirtualAlloc (lpAddress=0xc00064e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00064e000 [0143.105] VirtualAlloc (lpAddress=0xc000650000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000650000 [0143.106] VirtualAlloc (lpAddress=0xc000652000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000652000 [0143.107] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6m-whhzR4vM.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6m-whhzr4vm.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0143.108] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc00022bd04 | out: lpMode=0xc00022bd04) returned 0 [0143.109] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0143.981] GetFileType (hFile=0x2e4) returned 0x1 [0143.981] WriteFile (in: hFile=0x2e4, lpBuffer=0xc000652000*, nNumberOfBytesToWrite=0xee0, lpNumberOfBytesWritten=0xc00022bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000652000*, lpNumberOfBytesWritten=0xc00022bcec*=0xee0, lpOverlapped=0x0) returned 1 [0143.982] CloseHandle (hObject=0x2e4) returned 1 [0143.982] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0143.984] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0143.984] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0143.985] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0143.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6m-whhzR4vM.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6m-whhzr4vm.mkv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0143.986] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc00022bd64 | out: lpMode=0xc00022bd64) returned 0 [0143.989] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0144.680] GetFileType (hFile=0x2e4) returned 0x1 [0144.680] WriteFile (in: hFile=0x2e4, lpBuffer=0xc000291080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000291080*, lpNumberOfBytesWritten=0xc00022bd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.681] CloseHandle (hObject=0x2e4) returned 1 [0144.681] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6m-whhzR4vM.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6m-whhzr4vm.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-6m-whhzR4vM.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-6m-whhzr4vm.mkv.lnk"), dwFlags=0x1) returned 1 [0144.683] SetEvent (hEvent=0xec) returned 1 [0144.683] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0144.690] SetEvent (hEvent=0x9e8) returned 1 [0144.690] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0145.800] SetEvent (hEvent=0x208) returned 1 [0145.800] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0145.809] SetEvent (hEvent=0xec) returned 1 [0145.809] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0145.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5d8 [0145.812] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc0001f3cf4 | out: lpMode=0xc0001f3cf4) returned 0 [0145.815] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0146.105] GetFileType (hFile=0x5d8) returned 0x1 [0146.106] GetFileType (hFile=0x5d8) returned 0x1 [0146.106] GetFileInformationByHandle (in: hFile=0x5d8, lpFileInformation=0xc0001f3d44 | out: lpFileInformation=0xc0001f3d44) returned 1 [0146.106] GetFileInformationByHandleEx (in: hFile=0x5d8, FileInformationClass=0x9, lpFileInformation=0xc0001f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f3d28) returned 1 [0146.106] ReadFile (in: hFile=0x5d8, lpBuffer=0xc000282800, nNumberOfBytesToRead=0x78b, lpNumberOfBytesRead=0xc0001f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000282800*, lpNumberOfBytesRead=0xc0001f3c04*=0x58b, lpOverlapped=0x0) returned 1 [0146.115] ReadFile (in: hFile=0x5d8, lpBuffer=0xc000282d8b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000282d8b*, lpNumberOfBytesRead=0xc0001f3c04*=0x0, lpOverlapped=0x0) returned 1 [0146.115] CloseHandle (hObject=0x5d8) returned 1 [0146.115] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0146.116] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0146.117] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc0001f3d04 | out: lpMode=0xc0001f3d04) returned 0 [0146.119] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0146.393] GetFileType (hFile=0x5d8) returned 0x1 [0146.393] WriteFile (in: hFile=0x5d8, lpBuffer=0xc0000be000*, nNumberOfBytesToWrite=0x590, lpNumberOfBytesWritten=0xc0001f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesWritten=0xc0001f3cec*=0x590, lpOverlapped=0x0) returned 1 [0146.394] CloseHandle (hObject=0x5d8) returned 1 [0146.395] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0146.395] VirtualAlloc (lpAddress=0xc0002b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b8000 [0146.396] VirtualAlloc (lpAddress=0xc0002ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ba000 [0146.398] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0146.398] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0146.399] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0146.400] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc0001f3d64 | out: lpMode=0xc0001f3d64) returned 0 [0146.406] GetFileType (hFile=0x5d8) returned 0x1 [0146.406] WriteFile (in: hFile=0x5d8, lpBuffer=0xc00007eb00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007eb00*, lpNumberOfBytesWritten=0xc0001f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.407] CloseHandle (hObject=0x5d8) returned 1 [0146.407] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0146.408] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\encry-Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\encry-internet explorer (64-bit).lnk"), dwFlags=0x1) returned 1 [0146.412] SetEvent (hEvent=0xc0c) returned 1 [0146.412] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0146.427] SetEvent (hEvent=0xc24) returned 1 [0146.427] VirtualFree (lpAddress=0xc0002b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.428] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.429] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.430] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.430] SetEvent (hEvent=0x3c4) returned 1 [0146.430] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0146.469] SetEvent (hEvent=0xbb0) returned 1 [0146.469] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0146.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x8a0 [0146.475] GetConsoleMode (in: hConsoleHandle=0x8a0, lpMode=0xc00026dcf4 | out: lpMode=0xc00026dcf4) returned 0 [0146.477] GetFileType (hFile=0x8a0) returned 0x1 [0146.477] GetFileType (hFile=0x8a0) returned 0x1 [0146.477] GetFileInformationByHandle (in: hFile=0x8a0, lpFileInformation=0xc00026dd44 | out: lpFileInformation=0xc00026dd44) returned 1 [0146.477] GetFileInformationByHandleEx (in: hFile=0x8a0, FileInformationClass=0x9, lpFileInformation=0xc00026dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026dd28) returned 1 [0146.477] VirtualAlloc (lpAddress=0xc0002ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ce000 [0146.478] ReadFile (in: hFile=0x8a0, lpBuffer=0xc0002ce000, nNumberOfBytesToRead=0xddb, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ce000*, lpNumberOfBytesRead=0xc00026dc04*=0xbdb, lpOverlapped=0x0) returned 1 [0146.514] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0146.701] ReadFile (in: hFile=0x8a0, lpBuffer=0xc0002cebdb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002cebdb*, lpNumberOfBytesRead=0xc00026dc04*=0x0, lpOverlapped=0x0) returned 1 [0146.701] CloseHandle (hObject=0x8a0) returned 1 [0146.701] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0146.702] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0146.704] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0146.705] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a0 [0146.706] GetConsoleMode (in: hConsoleHandle=0x8a0, lpMode=0xc00026dd04 | out: lpMode=0xc00026dd04) returned 0 [0146.848] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0146.940] SetEvent (hEvent=0xc1c) returned 1 [0146.940] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0146.942] SetEvent (hEvent=0xbd8) returned 1 [0146.942] SetEvent (hEvent=0xc24) returned 1 [0146.943] SetEvent (hEvent=0x988) returned 1 [0146.943] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.117] SetEvent (hEvent=0xa38) returned 1 [0147.117] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.125] SetEvent (hEvent=0xc1c) returned 1 [0147.125] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.324] SetEvent (hEvent=0xb60) returned 1 [0147.324] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.334] SetEvent (hEvent=0xa38) returned 1 [0147.334] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.344] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.350] SetEvent (hEvent=0xa38) returned 1 [0147.350] SetEvent (hEvent=0xbd8) returned 1 [0147.350] SetEvent (hEvent=0x318) returned 1 [0147.350] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.383] SetEvent (hEvent=0x990) returned 1 [0147.383] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.427] SetEvent (hEvent=0xa38) returned 1 [0147.427] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x698 [0147.428] GetConsoleMode (in: hConsoleHandle=0x698, lpMode=0xc000445cf4 | out: lpMode=0xc000445cf4) returned 0 [0147.429] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.502] GetFileType (hFile=0x698) returned 0x1 [0147.502] GetFileType (hFile=0x698) returned 0x1 [0147.502] GetFileInformationByHandle (in: hFile=0x698, lpFileInformation=0xc000445d44 | out: lpFileInformation=0xc000445d44) returned 1 [0147.502] GetFileInformationByHandleEx (in: hFile=0x698, FileInformationClass=0x9, lpFileInformation=0xc000445d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000445d28) returned 1 [0147.503] ReadFile (in: hFile=0x698, lpBuffer=0xc000238600, nNumberOfBytesToRead=0x11de, lpNumberOfBytesRead=0xc000445c04, lpOverlapped=0x0 | out: lpBuffer=0xc000238600*, lpNumberOfBytesRead=0xc000445c04*=0xfde, lpOverlapped=0x0) returned 1 [0147.605] ReadFile (in: hFile=0x698, lpBuffer=0xc0002395de, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000445c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002395de*, lpNumberOfBytesRead=0xc000445c04*=0x0, lpOverlapped=0x0) returned 1 [0147.605] CloseHandle (hObject=0x698) returned 1 [0147.605] SwitchToThread () returned 1 [0147.709] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.841] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0147.842] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.847] SetEvent (hEvent=0x988) returned 1 [0147.847] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.861] SetEvent (hEvent=0xc44) returned 1 [0147.861] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.862] SetEvent (hEvent=0xa48) returned 1 [0147.862] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.865] SetEvent (hEvent=0x990) returned 1 [0147.865] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.874] SetEvent (hEvent=0xa48) returned 1 [0147.874] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0147.875] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0147.876] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x8a0 [0147.877] GetConsoleMode (in: hConsoleHandle=0x8a0, lpMode=0xc000211cf4 | out: lpMode=0xc000211cf4) returned 0 [0147.878] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.951] SetEvent (hEvent=0x274) returned 1 [0147.952] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0147.960] SetEvent (hEvent=0x274) returned 1 [0147.960] VirtualFree (lpAddress=0xc0002e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.961] VirtualFree (lpAddress=0xc00027e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.961] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.962] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\hPGCgHVp8qAhlLW.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hpgcghvp8qahllw.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x464 [0147.964] GetConsoleMode (in: hConsoleHandle=0x464, lpMode=0xc000067cf4 | out: lpMode=0xc000067cf4) returned 0 [0147.967] GetFileType (hFile=0x464) returned 0x1 [0147.967] GetFileType (hFile=0x464) returned 0x1 [0147.967] GetFileInformationByHandle (in: hFile=0x464, lpFileInformation=0xc000067d44 | out: lpFileInformation=0xc000067d44) returned 1 [0147.967] GetFileInformationByHandleEx (in: hFile=0x464, FileInformationClass=0x9, lpFileInformation=0xc000067d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000067d28) returned 1 [0147.967] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0147.968] VirtualAlloc (lpAddress=0xc0004e0000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004e0000 [0147.971] ReadFile (in: hFile=0x464, lpBuffer=0xc0004e0000, nNumberOfBytesToRead=0x16580, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004e0000*, lpNumberOfBytesRead=0xc000067c04*=0x16380, lpOverlapped=0x0) returned 1 [0148.603] ReadFile (in: hFile=0x464, lpBuffer=0xc0004f6380, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004f6380*, lpNumberOfBytesRead=0xc000067c04*=0x0, lpOverlapped=0x0) returned 1 [0148.603] CloseHandle (hObject=0x464) returned 1 [0148.603] VirtualAlloc (lpAddress=0xc000654000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000654000 [0148.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\hPGCgHVp8qAhlLW.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hpgcghvp8qahllw.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0150.391] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc000067d04 | out: lpMode=0xc000067d04) returned 0 [0150.392] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0150.398] GetFileType (hFile=0x8a4) returned 0x1 [0150.398] WriteFile (in: hFile=0x8a4, lpBuffer=0xc000654000*, nNumberOfBytesToWrite=0x16390, lpNumberOfBytesWritten=0xc000067cec, lpOverlapped=0x0 | out: lpBuffer=0xc000654000*, lpNumberOfBytesWritten=0xc000067cec*=0x16390, lpOverlapped=0x0) returned 1 [0150.425] CloseHandle (hObject=0x8a4) returned 1 [0150.445] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0150.450] SetEvent (hEvent=0xb50) returned 1 [0150.450] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0150.450] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0150.452] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\hPGCgHVp8qAhlLW.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hpgcghvp8qahllw.rtf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0 [0150.452] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc000067d64 | out: lpMode=0xc000067d64) returned 0 [0150.455] GetFileType (hFile=0x5a0) returned 0x1 [0150.455] WriteFile (in: hFile=0x5a0, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000067d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000067d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.479] CloseHandle (hObject=0x5a0) returned 1 [0150.684] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0151.040] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6ac [0151.041] GetConsoleMode (in: hConsoleHandle=0x6ac, lpMode=0xc000421cf4 | out: lpMode=0xc000421cf4) returned 0 [0151.045] GetFileType (hFile=0x6ac) returned 0x1 [0151.045] GetFileType (hFile=0x6ac) returned 0x1 [0151.045] GetFileInformationByHandle (in: hFile=0x6ac, lpFileInformation=0xc000421d44 | out: lpFileInformation=0xc000421d44) returned 1 [0151.045] GetFileInformationByHandleEx (in: hFile=0x6ac, FileInformationClass=0x9, lpFileInformation=0xc000421d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000421d28) returned 1 [0151.045] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0151.050] ReadFile (in: hFile=0x6ac, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x10d1e, lpNumberOfBytesRead=0xc000421c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc000421c04*=0x10b1e, lpOverlapped=0x0) returned 1 [0151.162] ReadFile (in: hFile=0x6ac, lpBuffer=0xc000222b1e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000421c04, lpOverlapped=0x0 | out: lpBuffer=0xc000222b1e*, lpNumberOfBytesRead=0xc000421c04*=0x0, lpOverlapped=0x0) returned 1 [0151.162] CloseHandle (hObject=0x6ac) returned 1 [0151.162] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0151.164] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0151.166] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0151.167] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0151.171] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6ac [0151.173] GetConsoleMode (in: hConsoleHandle=0x6ac, lpMode=0xc000421d04 | out: lpMode=0xc000421d04) returned 0 [0151.189] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0151.415] GetFileType (hFile=0x6ac) returned 0x1 [0151.415] WriteFile (in: hFile=0x6ac, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0x10b20, lpNumberOfBytesWritten=0xc000421cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc000421cec*=0x10b20, lpOverlapped=0x0) returned 1 [0151.417] CloseHandle (hObject=0x6ac) returned 1 [0151.418] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1701 | out: pbBuffer=0xc0000e1701) returned 1 [0151.418] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6ac [0151.418] GetConsoleMode (in: hConsoleHandle=0x6ac, lpMode=0xc000421d64 | out: lpMode=0xc000421d64) returned 0 [0151.429] GetFileType (hFile=0x6ac) returned 0x1 [0151.429] WriteFile (in: hFile=0x6ac, lpBuffer=0xc000284840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000421d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284840*, lpNumberOfBytesWritten=0xc000421d4c*=0x158, lpOverlapped=0x0) returned 1 [0151.430] CloseHandle (hObject=0x6ac) returned 1 [0151.430] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\encry-Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\encry-administrator.contact"), dwFlags=0x1) returned 1 [0151.431] SetEvent (hEvent=0xa38) returned 1 [0151.431] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0151.614] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.615] SetEvent (hEvent=0xa48) returned 1 [0151.615] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0151.671] SetEvent (hEvent=0xa68) returned 1 [0151.671] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CNheGrQAl0z.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cnhegrqal0z.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3fc [0151.673] GetConsoleMode (in: hConsoleHandle=0x3fc, lpMode=0xc0004dbcf4 | out: lpMode=0xc0004dbcf4) returned 0 [0151.681] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0152.174] SetEvent (hEvent=0xbb0) returned 1 [0152.174] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0161.401] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0161.402] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0161.403] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\4R9tZtrZGT_1B.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\4r9tztrzgt_1b.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7c4 [0161.991] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000069cf4 | out: lpMode=0xc000069cf4) returned 0 [0162.270] GetFileType (hFile=0x7c4) returned 0x1 [0162.270] GetFileType (hFile=0x7c4) returned 0x1 [0162.270] GetFileInformationByHandle (in: hFile=0x7c4, lpFileInformation=0xc000069d44 | out: lpFileInformation=0xc000069d44) returned 1 [0162.271] GetFileInformationByHandleEx (in: hFile=0x7c4, FileInformationClass=0x9, lpFileInformation=0xc000069d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000069d28) returned 1 [0162.271] VirtualAlloc (lpAddress=0xc00028e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028e000 [0162.272] ReadFile (in: hFile=0x7c4, lpBuffer=0xc000604000, nNumberOfBytesToRead=0x18c12, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc000604000*, lpNumberOfBytesRead=0xc000069c04*=0x18a12, lpOverlapped=0x0) returned 1 [0162.275] ReadFile (in: hFile=0x7c4, lpBuffer=0xc00061ca12, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc00061ca12*, lpNumberOfBytesRead=0xc000069c04*=0x0, lpOverlapped=0x0) returned 1 [0162.275] CloseHandle (hObject=0x7c4) returned 1 [0162.275] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0162.276] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0162.278] VirtualAlloc (lpAddress=0xc000296000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000296000 [0162.279] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\4R9tZtrZGT_1B.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\4r9tztrzgt_1b.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0162.281] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000069d04 | out: lpMode=0xc000069d04) returned 0 [0162.418] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0162.588] SetEvent (hEvent=0xb20) returned 1 [0162.588] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) returned 0x0 [0163.617] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00029a1b0*, nNumberOfCharsToWrite=0x41, lpNumberOfCharsWritten=0xc0002e9808, lpReserved=0x0 | out: lpBuffer=0xc00029a1b0*, lpNumberOfCharsWritten=0xc0002e9808*=0x41) returned 1 [0163.618] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533a01 | out: pbBuffer=0xc000533a01) returned 1 [0163.618] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0163.619] VirtualAlloc (lpAddress=0xc000214000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000214000 [0163.620] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0166.397] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT\\*", lpFindFileData=0xc0002e9a68 | out: lpFindFileData=0xc0002e9a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0166.397] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0002e9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0166.397] WaitForSingleObject (hHandle=0x1f8, dwMilliseconds=0xffffffff) Thread: id = 33 os_tid = 0x54c [0115.700] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2ac9fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2ac9fea0*=0x1ac) returned 1 [0115.700] VirtualQuery (in: lpAddress=0x2ac9fec0, lpBuffer=0x2ac9fec0, dwLength=0x30 | out: lpBuffer=0x2ac9fec0*(BaseAddress=0x2ac9f000, AllocationBase=0x2aaa0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0115.700] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA3e1pt[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa3e1pt[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0115.701] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc00018fcf4 | out: lpMode=0xc00018fcf4) returned 0 [0115.703] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x148 [0115.703] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x20c [0115.703] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0115.932] GetFileType (hFile=0x1ec) returned 0x1 [0115.932] GetFileType (hFile=0x1ec) returned 0x1 [0115.932] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc00018fd44 | out: lpFileInformation=0xc00018fd44) returned 1 [0115.932] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc00018fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018fd28) returned 1 [0115.932] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0115.932] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00016a000, nNumberOfBytesToRead=0x397, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesRead=0xc00018fc04*=0x197, lpOverlapped=0x0) returned 1 [0115.936] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0115.953] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00016a197, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016a197*, lpNumberOfBytesRead=0xc00018fc04*=0x0, lpOverlapped=0x0) returned 1 [0115.953] CloseHandle (hObject=0x1ec) returned 1 [0115.953] SetEvent (hEvent=0x188) returned 1 [0115.953] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0116.037] SetEvent (hEvent=0x29c) returned 1 [0116.037] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0116.043] VirtualFree (lpAddress=0xc000400000, dwSize=0x46000, dwFreeType=0x4000) returned 1 [0116.045] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.045] VirtualFree (lpAddress=0xc0003f0000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0116.045] VirtualFree (lpAddress=0xc0003d8000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0116.046] VirtualFree (lpAddress=0xc000380000, dwSize=0x4a000, dwFreeType=0x4000) returned 1 [0116.049] VirtualFree (lpAddress=0xc00033c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0116.049] VirtualFree (lpAddress=0xc000332000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.049] VirtualFree (lpAddress=0xc00031c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0116.050] VirtualFree (lpAddress=0xc000318000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.050] VirtualFree (lpAddress=0xc000300000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0116.051] VirtualFree (lpAddress=0xc0002ca000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.051] VirtualFree (lpAddress=0xc0002a4000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0116.052] VirtualFree (lpAddress=0xc000292000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0116.052] VirtualFree (lpAddress=0xc00027c000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0116.053] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0116.053] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.054] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.054] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0116.055] VirtualFree (lpAddress=0xc000222000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.055] VirtualFree (lpAddress=0xc000214000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0116.055] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.056] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.056] VirtualFree (lpAddress=0xc000198000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.057] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.057] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.057] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.058] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.058] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.058] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0116.059] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.059] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.059] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.060] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0116.060] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.061] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.061] VirtualFree (lpAddress=0xc0000b6000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0116.061] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.062] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0068*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0068*, lpNumberOfCharsWritten=0xc00023d818*=0x3) returned 1 [0116.064] SetEvent (hEvent=0x15c) returned 1 [0116.064] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0116.069] SetEvent (hEvent=0x1b4) returned 1 [0116.069] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0116.075] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f698, ulNumEntriesRemoved=0x2ac9f66c) returned 0 [0116.075] SetEvent (hEvent=0x1f8) returned 1 [0116.075] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0116.077] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe08*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.079] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0116.079] SetEvent (hEvent=0x1f8) returned 1 [0116.079] SetEvent (hEvent=0x1e8) returned 1 [0116.080] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe08*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.081] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0116.081] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe30*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.082] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0116.082] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f6a0, ulNumEntriesRemoved=0x2ac9f674) returned 0 [0116.083] SetEvent (hEvent=0x234) returned 1 [0116.083] SetEvent (hEvent=0x1e8) returned 1 [0116.083] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe18*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.085] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0116.085] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2dc [0116.085] GetConsoleMode (in: hConsoleHandle=0x2dc, lpMode=0xc0001a5cf4 | out: lpMode=0xc0001a5cf4) returned 0 [0116.089] GetFileType (hFile=0x2dc) returned 0x1 [0116.089] GetFileType (hFile=0x2dc) returned 0x1 [0116.089] GetFileInformationByHandle (in: hFile=0x2dc, lpFileInformation=0xc0001a5d44 | out: lpFileInformation=0xc0001a5d44) returned 1 [0116.089] GetFileInformationByHandleEx (in: hFile=0x2dc, FileInformationClass=0x9, lpFileInformation=0xc0001a5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a5d28) returned 1 [0116.089] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0116.090] ReadFile (in: hFile=0x2dc, lpBuffer=0xc0000e4000, nNumberOfBytesToRead=0x2ea1, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesRead=0xc0001a5c04*=0x2ca1, lpOverlapped=0x0) returned 1 [0116.093] ReadFile (in: hFile=0x2dc, lpBuffer=0xc0000e6ca1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e6ca1*, lpNumberOfBytesRead=0xc0001a5c04*=0x0, lpOverlapped=0x0) returned 1 [0116.093] CloseHandle (hObject=0x2dc) returned 1 [0116.093] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0116.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x320 [0116.147] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0116.193] GetConsoleMode (in: hConsoleHandle=0x320, lpMode=0xc0001a5d04 | out: lpMode=0xc0001a5d04) returned 0 [0116.195] SetEvent (hEvent=0x318) returned 1 [0116.195] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0116.289] SetEvent (hEvent=0x324) returned 1 [0116.289] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0116.294] SetEvent (hEvent=0x120) returned 1 [0116.294] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0116.299] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1mq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBO1mQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbbo1mq[1].jpg"), dwFlags=0x1) returned 1 [0116.813] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0116.817] SetEvent (hEvent=0x1dc) returned 1 [0116.817] SwitchToThread () returned 1 [0116.916] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0117.369] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\modernizr[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\modernizr[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0117.369] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000111cf4 | out: lpMode=0xc000111cf4) returned 0 [0117.371] GetFileType (hFile=0x36c) returned 0x1 [0117.371] GetFileType (hFile=0x36c) returned 0x1 [0117.372] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc000111d44 | out: lpFileInformation=0xc000111d44) returned 1 [0117.372] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc000111d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000111d28) returned 1 [0117.372] VirtualAlloc (lpAddress=0xc00030a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030a000 [0117.373] ReadFile (in: hFile=0x36c, lpBuffer=0xc00030a000, nNumberOfBytesToRead=0x48c9, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030a000*, lpNumberOfBytesRead=0xc000111c04*=0x46c9, lpOverlapped=0x0) returned 1 [0117.378] ReadFile (in: hFile=0x36c, lpBuffer=0xc00030e6c9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030e6c9*, lpNumberOfBytesRead=0xc000111c04*=0x0, lpOverlapped=0x0) returned 1 [0117.378] CloseHandle (hObject=0x36c) returned 1 [0117.379] VirtualAlloc (lpAddress=0xc00031c000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031c000 [0117.380] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\modernizr[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\modernizr[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0117.397] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000111d04 | out: lpMode=0xc000111d04) returned 0 [0117.401] GetFileType (hFile=0x1ec) returned 0x1 [0117.401] WriteFile (in: hFile=0x1ec, lpBuffer=0xc00031c000*, nNumberOfBytesToWrite=0x46d0, lpNumberOfBytesWritten=0xc000111cec, lpOverlapped=0x0 | out: lpBuffer=0xc00031c000*, lpNumberOfBytesWritten=0xc000111cec*=0x46d0, lpOverlapped=0x0) returned 1 [0117.402] CloseHandle (hObject=0x1ec) returned 1 [0117.418] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0117.536] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f1a01 | out: pbBuffer=0xc0002f1a01) returned 1 [0117.537] VirtualAlloc (lpAddress=0xc000336000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000336000 [0117.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\modernizr[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\modernizr[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e0 [0117.537] GetConsoleMode (in: hConsoleHandle=0x2e0, lpMode=0xc000111d64 | out: lpMode=0xc000111d64) returned 0 [0117.541] GetFileType (hFile=0x2e0) returned 0x1 [0117.541] WriteFile (in: hFile=0x2e0, lpBuffer=0xc0000d7a20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000111d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7a20*, lpNumberOfBytesWritten=0xc000111d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.541] CloseHandle (hObject=0x2e0) returned 1 [0117.543] VirtualAlloc (lpAddress=0xc000340000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000340000 [0117.544] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\modernizr[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\modernizr[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-modernizr[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-modernizr[1].js"), dwFlags=0x1) returned 1 [0118.060] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f698, ulNumEntriesRemoved=0x2ac9f66c) returned 0 [0118.060] SetEvent (hEvent=0x258) returned 1 [0118.061] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe08*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.061] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f6a0, ulNumEntriesRemoved=0x2ac9f674) returned 0 [0118.061] SetEvent (hEvent=0x258) returned 1 [0118.062] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe18*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.063] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0119.029] SetEvent (hEvent=0x2a8) returned 1 [0119.029] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0119.032] GetFileType (hFile=0x284) returned 0x1 [0119.032] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0119.033] WriteFile (in: hFile=0x284, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0004d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.033] CloseHandle (hObject=0x284) returned 1 [0119.039] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0119.134] SetEvent (hEvent=0x318) returned 1 [0119.134] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0119.136] SetEvent (hEvent=0x120) returned 1 [0119.136] SetEvent (hEvent=0x318) returned 1 [0119.136] SetEvent (hEvent=0x30c) returned 1 [0119.136] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0119.155] SetEvent (hEvent=0x320) returned 1 [0119.155] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0119.157] SetEvent (hEvent=0x208) returned 1 [0119.157] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0119.162] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00017b818, lpReserved=0x0 | out: lpBuffer=0xc0005863c0*, lpNumberOfCharsWritten=0xc00017b818*=0x3) returned 1 [0119.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0119.165] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00015bcf4 | out: lpMode=0xc00015bcf4) returned 0 [0119.166] GetFileType (hFile=0x2bc) returned 0x1 [0119.166] GetFileType (hFile=0x2bc) returned 0x1 [0119.166] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc00015bd44 | out: lpFileInformation=0xc00015bd44) returned 1 [0119.166] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc00015bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015bd28) returned 1 [0119.166] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0119.167] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x30cb, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc00015bc04*=0x2ecb, lpOverlapped=0x0) returned 1 [0119.171] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000232ecb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000232ecb*, lpNumberOfBytesRead=0xc00015bc04*=0x0, lpOverlapped=0x0) returned 1 [0119.171] CloseHandle (hObject=0x2bc) returned 1 [0119.171] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0119.172] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0119.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0119.198] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc00015bd04 | out: lpMode=0xc00015bd04) returned 0 [0119.199] GetFileType (hFile=0x2d8) returned 0x1 [0119.199] WriteFile (in: hFile=0x2d8, lpBuffer=0xc00004f000*, nNumberOfBytesToWrite=0x2ed0, lpNumberOfBytesWritten=0xc00015bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00004f000*, lpNumberOfBytesWritten=0xc00015bcec*=0x2ed0, lpOverlapped=0x0) returned 1 [0119.200] CloseHandle (hObject=0x2d8) returned 1 [0119.200] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f1c01 | out: pbBuffer=0xc0002f1c01) returned 1 [0119.200] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0119.201] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc00015bd64 | out: lpMode=0xc00015bd64) returned 0 [0119.202] GetFileType (hFile=0x2d8) returned 0x1 [0119.202] WriteFile (in: hFile=0x2d8, lpBuffer=0xc0000d78c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d78c0*, lpNumberOfBytesWritten=0xc00015bd4c*=0x158, lpOverlapped=0x0) returned 1 [0119.202] CloseHandle (hObject=0x2d8) returned 1 [0119.203] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBE7KPZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbe7kpz[1].jpg"), dwFlags=0x1) returned 1 [0119.908] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0119.911] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0119.914] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0119.916] SetEvent (hEvent=0x1a0) returned 1 [0119.916] VirtualFree (lpAddress=0xc0002d0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.917] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.917] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000211818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000211818*=0x3) returned 1 [0119.918] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0119.918] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfCharsWritten=0xc000241818*=0x3) returned 1 [0119.919] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0119.919] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0119.922] SetEvent (hEvent=0x1a0) returned 1 [0119.923] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0119.924] SetEvent (hEvent=0x144) returned 1 [0119.924] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0119.925] SetEvent (hEvent=0x9c) returned 1 [0119.925] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0119.945] SetEvent (hEvent=0x1a0) returned 1 [0119.945] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0119.946] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001bdcf4 | out: lpMode=0xc0001bdcf4) returned 0 [0119.963] GetFileType (hFile=0x2f0) returned 0x1 [0119.963] GetFileType (hFile=0x2f0) returned 0x1 [0119.964] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0001bdd44 | out: lpFileInformation=0xc0001bdd44) returned 1 [0119.964] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0001bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bdd28) returned 1 [0119.964] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0119.972] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x3523, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc0001bdc04*=0x3323, lpOverlapped=0x0) returned 1 [0120.008] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00025d323, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00025d323*, lpNumberOfBytesRead=0xc0001bdc04*=0x0, lpOverlapped=0x0) returned 1 [0120.008] CloseHandle (hObject=0x2f0) returned 1 [0120.008] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0120.009] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0120.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0120.010] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001bdd04 | out: lpMode=0xc0001bdd04) returned 0 [0120.013] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.028] SetEvent (hEvent=0x30c) returned 1 [0120.028] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.098] SetEvent (hEvent=0x3c0) returned 1 [0120.098] SetEvent (hEvent=0x9c) returned 1 [0120.098] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.107] SetEvent (hEvent=0x9c) returned 1 [0120.108] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.108] VirtualFree (lpAddress=0xc000180000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0120.109] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.109] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.109] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.110] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.110] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0120.110] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.111] VirtualFree (lpAddress=0xc00006c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0120.111] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.112] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d8 [0120.112] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc0001c9cf4 | out: lpMode=0xc0001c9cf4) returned 0 [0120.114] GetFileType (hFile=0x2d8) returned 0x1 [0120.114] GetFileType (hFile=0x2d8) returned 0x1 [0120.114] GetFileInformationByHandle (in: hFile=0x2d8, lpFileInformation=0xc0001c9d44 | out: lpFileInformation=0xc0001c9d44) returned 1 [0120.114] GetFileInformationByHandleEx (in: hFile=0x2d8, FileInformationClass=0x9, lpFileInformation=0xc0001c9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c9d28) returned 1 [0120.114] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0120.115] ReadFile (in: hFile=0x2d8, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0xac5, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc0001c9c04*=0x8c5, lpOverlapped=0x0) returned 1 [0120.311] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.315] ReadFile (in: hFile=0x2d8, lpBuffer=0xc00006c8c5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c8c5*, lpNumberOfBytesRead=0xc0001c9c04*=0x0, lpOverlapped=0x0) returned 1 [0120.315] CloseHandle (hObject=0x2d8) returned 1 [0120.315] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0120.316] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0120.317] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc0001c9d04 | out: lpMode=0xc0001c9d04) returned 0 [0120.321] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.354] GetFileType (hFile=0x2d8) returned 0x1 [0120.354] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0120.354] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0120.355] WriteFile (in: hFile=0x2d8, lpBuffer=0xc000078000*, nNumberOfBytesToWrite=0x8d0, lpNumberOfBytesWritten=0xc0001c9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000078000*, lpNumberOfBytesWritten=0xc0001c9cec*=0x8d0, lpOverlapped=0x0) returned 1 [0120.356] CloseHandle (hObject=0x2d8) returned 1 [0120.356] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0120.356] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0120.357] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0120.358] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0120.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0120.358] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc0001c9d64 | out: lpMode=0xc0001c9d64) returned 0 [0120.371] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.377] GetFileType (hFile=0x2d8) returned 0x1 [0120.378] WriteFile (in: hFile=0x2d8, lpBuffer=0xc0002ce2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ce2c0*, lpNumberOfBytesWritten=0xc0001c9d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.378] CloseHandle (hObject=0x2d8) returned 1 [0120.378] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0120.379] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEeKvV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbeekvv[1].jpg"), dwFlags=0x1) returned 1 [0120.380] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f698, ulNumEntriesRemoved=0x2ac9f66c) returned 0 [0120.380] SetEvent (hEvent=0x12c) returned 1 [0120.380] SetEvent (hEvent=0x1a0) returned 1 [0120.381] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe08*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.394] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.394] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe08*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.396] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.396] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe30*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.397] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.397] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f6a0, ulNumEntriesRemoved=0x2ac9f674) returned 0 [0120.397] SetEvent (hEvent=0xc0) returned 1 [0120.397] SetEvent (hEvent=0x144) returned 1 [0120.397] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe18*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.397] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.398] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0120.401] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000031cf4 | out: lpMode=0xc000031cf4) returned 0 [0120.402] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.411] GetFileType (hFile=0x2bc) returned 0x1 [0120.411] GetFileType (hFile=0x2bc) returned 0x1 [0120.411] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000031d44 | out: lpFileInformation=0xc000031d44) returned 1 [0120.411] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000031d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000031d28) returned 1 [0120.411] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0120.412] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0xd41, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc000031c04*=0xb41, lpOverlapped=0x0) returned 1 [0120.415] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0001e2b41, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2b41*, lpNumberOfBytesRead=0xc000031c04*=0x0, lpOverlapped=0x0) returned 1 [0120.415] CloseHandle (hObject=0x2bc) returned 1 [0120.415] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0120.415] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0120.416] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0120.417] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000031d04 | out: lpMode=0xc000031d04) returned 0 [0120.420] GetFileType (hFile=0x2bc) returned 0x1 [0120.420] WriteFile (in: hFile=0x2bc, lpBuffer=0xc00006c000*, nNumberOfBytesToWrite=0xb50, lpNumberOfBytesWritten=0xc000031cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesWritten=0xc000031cec*=0xb50, lpOverlapped=0x0) returned 1 [0120.422] CloseHandle (hObject=0x2bc) returned 1 [0120.422] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0120.422] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0120.422] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0120.423] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0120.423] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000031d64 | out: lpMode=0xc000031d64) returned 0 [0120.427] GetFileType (hFile=0x2bc) returned 0x1 [0120.427] WriteFile (in: hFile=0x2bc, lpBuffer=0xc000186580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000031d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000186580*, lpNumberOfBytesWritten=0xc000031d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.427] CloseHandle (hObject=0x2bc) returned 1 [0120.428] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEfY4X[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbefy4x[1].jpg"), dwFlags=0x1) returned 1 [0120.702] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f698, ulNumEntriesRemoved=0x2ac9f66c) returned 0 [0120.702] SetEvent (hEvent=0x114) returned 1 [0120.702] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0120.704] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe08*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.705] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.705] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f6a0, ulNumEntriesRemoved=0x2ac9f674) returned 0 [0120.705] SetEvent (hEvent=0x114) returned 1 [0120.705] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe18*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.726] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.749] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.777] SetEvent (hEvent=0x9c) returned 1 [0120.777] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.783] SetEvent (hEvent=0x9c) returned 1 [0120.784] SetEvent (hEvent=0x208) returned 1 [0120.784] VirtualFree (lpAddress=0xc0003a4000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0120.784] VirtualFree (lpAddress=0xc000346000, dwSize=0x3e000, dwFreeType=0x4000) returned 1 [0120.786] VirtualFree (lpAddress=0xc0002ca000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.787] VirtualFree (lpAddress=0xc000286000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.787] VirtualFree (lpAddress=0xc00025a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0120.788] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.788] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.788] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.789] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.789] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.790] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.790] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001c9818, lpReserved=0x0 | out: lpBuffer=0xc000060018*, lpNumberOfCharsWritten=0xc0001c9818*=0x3) returned 1 [0120.791] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.865] SetEvent (hEvent=0x364) returned 1 [0120.865] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.865] SetEvent (hEvent=0x364) returned 1 [0120.865] SetEvent (hEvent=0x208) returned 1 [0120.865] VirtualFree (lpAddress=0xc000400000, dwSize=0x3a000, dwFreeType=0x4000) returned 1 [0120.867] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.868] VirtualFree (lpAddress=0xc000290000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0120.868] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.869] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000115818, lpReserved=0x0 | out: lpBuffer=0xc0000a0018*, lpNumberOfCharsWritten=0xc000115818*=0x3) returned 1 [0120.870] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.873] SetEvent (hEvent=0x144) returned 1 [0120.873] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.875] SetEvent (hEvent=0x144) returned 1 [0120.875] SetEvent (hEvent=0x208) returned 1 [0120.875] VirtualFree (lpAddress=0xc0002ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.875] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.876] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.876] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.877] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.877] VirtualFree (lpAddress=0xc000050000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0120.878] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004d9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc0004d9818*=0x3) returned 1 [0120.878] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.881] SetEvent (hEvent=0x144) returned 1 [0120.882] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.882] SetEvent (hEvent=0x144) returned 1 [0120.882] SetEvent (hEvent=0x208) returned 1 [0120.882] VirtualFree (lpAddress=0xc0002b4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0120.883] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc0000f3818*=0x3) returned 1 [0120.884] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.886] SetEvent (hEvent=0x24c) returned 1 [0120.886] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.887] SetEvent (hEvent=0x24c) returned 1 [0120.887] SetEvent (hEvent=0x208) returned 1 [0120.887] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0120.888] VirtualFree (lpAddress=0xc00027e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.888] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0028*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002d3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0028*, lpNumberOfCharsWritten=0xc0002d3818*=0x3) returned 1 [0120.889] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.891] SetEvent (hEvent=0x12c) returned 1 [0120.891] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.894] SetEvent (hEvent=0x12c) returned 1 [0120.894] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.895] SetEvent (hEvent=0x12c) returned 1 [0120.895] SetEvent (hEvent=0x208) returned 1 [0120.895] SetEvent (hEvent=0x39c) returned 1 [0120.895] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.896] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.898] SetEvent (hEvent=0x12c) returned 1 [0120.898] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.900] SetEvent (hEvent=0xfc) returned 1 [0120.900] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0120.903] SetEvent (hEvent=0x39c) returned 1 [0120.903] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0128.580] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0128.581] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000195818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc000195818*=0x3) returned 1 [0128.582] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015f818, lpReserved=0x0 | out: lpBuffer=0xc000586016*, lpNumberOfCharsWritten=0xc00015f818*=0x3) returned 1 [0128.583] SetEvent (hEvent=0x208) returned 1 [0128.583] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0128.584] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000ee000*, nNumberOfCharsToWrite=0x5b, lpNumberOfCharsWritten=0xc00015b808, lpReserved=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfCharsWritten=0xc00015b808*=0x5b) returned 1 [0128.585] SetEvent (hEvent=0x208) returned 1 [0128.585] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0128.586] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0128.586] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0128.587] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0128.587] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0128.590] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0128.591] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0128.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0130.617] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc00015bd64 | out: lpMode=0xc00015bd64) returned 0 [0130.619] GetFileType (hFile=0x23c) returned 0x1 [0130.619] WriteFile (in: hFile=0x23c, lpBuffer=0xc0001862c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001862c0*, lpNumberOfBytesWritten=0xc00015bd4c*=0x158, lpOverlapped=0x0) returned 1 [0130.620] CloseHandle (hObject=0x23c) returned 1 [0130.620] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Cookies\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\cookies\\encry-index.dat"), dwFlags=0x1) returned 1 [0130.669] VirtualFree (lpAddress=0xc000182000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.669] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.670] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.670] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.671] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.671] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.671] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.672] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.672] VirtualFree (lpAddress=0xc000078000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0130.672] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.673] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.673] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.673] VirtualFree (lpAddress=0xc00004e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0130.674] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0130.674] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.675] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000257818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc000257818*=0x3) returned 1 [0130.752] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0130.786] SetEvent (hEvent=0x324) returned 1 [0130.786] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0130.788] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002240d0*, nNumberOfCharsToWrite=0x67, lpNumberOfCharsWritten=0xc00029d808, lpReserved=0x0 | out: lpBuffer=0xc0002240d0*, lpNumberOfCharsWritten=0xc00029d808*=0x67) returned 1 [0130.792] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0130.793] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0130.793] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0130.794] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0130.795] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0130.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0130.796] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc00029dd64 | out: lpMode=0xc00029dd64) returned 0 [0130.797] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0130.802] SetEvent (hEvent=0x324) returned 1 [0130.802] GetFileType (hFile=0x2b4) returned 0x1 [0130.802] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0130.890] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00029dd4c*=0x158, lpOverlapped=0x0) returned 1 [0130.890] CloseHandle (hObject=0x2b4) returned 1 [0130.890] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0130.891] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0130.892] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\encry-index.dat"), dwFlags=0x1) returned 1 [0130.895] SetEvent (hEvent=0xfc) returned 1 [0130.895] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0130.896] SetEvent (hEvent=0x324) returned 1 [0130.896] SetEvent (hEvent=0x1b4) returned 1 [0130.897] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0130.922] SetEvent (hEvent=0x324) returned 1 [0130.922] SetEvent (hEvent=0x39c) returned 1 [0130.922] SetEvent (hEvent=0x1b4) returned 1 [0130.922] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0130.959] SetEvent (hEvent=0x12c) returned 1 [0130.959] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0130.959] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0130.960] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0130.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0130.961] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000063cf4 | out: lpMode=0xc000063cf4) returned 0 [0130.963] GetFileType (hFile=0x2e8) returned 0x1 [0130.963] GetFileType (hFile=0x2e8) returned 0x1 [0130.963] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc000063d44 | out: lpFileInformation=0xc000063d44) returned 1 [0130.963] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc000063d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000063d28) returned 1 [0130.963] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0130.964] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x761, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc000063c04*=0x561, lpOverlapped=0x0) returned 1 [0130.974] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000036561, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc000036561*, lpNumberOfBytesRead=0xc000063c04*=0x0, lpOverlapped=0x0) returned 1 [0130.974] CloseHandle (hObject=0x2e8) returned 1 [0130.974] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0130.975] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0130.976] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.983] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875\\*", lpFindFileData=0xc000063a08 | out: lpFindFileData=0xc000063a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0130.983] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000063720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0130.983] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0130.984] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000031cf4 | out: lpMode=0xc000031cf4) returned 0 [0130.985] GetFileType (hFile=0x2e8) returned 0x1 [0130.985] GetFileType (hFile=0x2e8) returned 0x1 [0130.986] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc000031d44 | out: lpFileInformation=0xc000031d44) returned 1 [0130.986] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc000031d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000031d28) returned 1 [0130.986] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0130.986] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x3d8, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc000031c04*=0x1d8, lpOverlapped=0x0) returned 1 [0130.988] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000941d8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000941d8*, lpNumberOfBytesRead=0xc000031c04*=0x0, lpOverlapped=0x0) returned 1 [0130.988] CloseHandle (hObject=0x2e8) returned 1 [0130.988] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0130.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.013] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973\\*", lpFindFileData=0xc000031a08 | out: lpFindFileData=0xc000031a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.013] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000031720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.013] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.021] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.024] SetEvent (hEvent=0x12c) returned 1 [0131.024] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0131.024] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000104000*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000031808, lpReserved=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfCharsWritten=0xc000031808*=0xac) returned 1 [0131.026] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0131.026] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0131.028] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0131.029] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0131.029] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0131.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0131.030] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000031d64 | out: lpMode=0xc000031d64) returned 0 [0131.031] GetFileType (hFile=0x2e8) returned 0x1 [0131.031] WriteFile (in: hFile=0x2e8, lpBuffer=0xc000104420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000031d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104420*, lpNumberOfBytesWritten=0xc000031d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.031] CloseHandle (hObject=0x2e8) returned 1 [0131.043] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwFlags=0x1) returned 1 [0131.116] SetEvent (hEvent=0xfc) returned 1 [0131.116] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.341] SetEvent (hEvent=0x3c0) returned 1 [0131.341] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.344] SetEvent (hEvent=0x3c0) returned 1 [0131.344] SetEvent (hEvent=0x39c) returned 1 [0131.344] SetEvent (hEvent=0x320) returned 1 [0131.344] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.346] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.346] SetEvent (hEvent=0x3c0) returned 1 [0131.347] SetEvent (hEvent=0x12c) returned 1 [0131.347] VirtualFree (lpAddress=0xc0002f4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.347] VirtualFree (lpAddress=0xc000264000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.348] VirtualFree (lpAddress=0xc000260000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.348] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.348] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.348] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.349] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.349] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.349] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.350] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010050*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002a3818, lpReserved=0x0 | out: lpBuffer=0xc000010050*, lpNumberOfCharsWritten=0xc0002a3818*=0x2) returned 1 [0131.351] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.354] SetEvent (hEvent=0x320) returned 1 [0131.354] SetEvent (hEvent=0x3c0) returned 1 [0131.354] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc00014d808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc00014d808*=0xac) returned 1 [0131.355] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0131.355] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0131.356] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0131.357] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0131.357] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0131.357] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0131.358] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00014dd64 | out: lpMode=0xc00014dd64) returned 0 [0131.358] GetFileType (hFile=0x370) returned 0x1 [0131.358] WriteFile (in: hFile=0x370, lpBuffer=0xc0000362c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000362c0*, lpNumberOfBytesWritten=0xc00014dd4c*=0x158, lpOverlapped=0x0) returned 1 [0131.359] CloseHandle (hObject=0x370) returned 1 [0131.360] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), dwFlags=0x1) returned 1 [0131.510] SetEvent (hEvent=0xc0) returned 1 [0131.520] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f698, ulNumEntriesRemoved=0x2ac9f66c) returned 0 [0131.528] SetEvent (hEvent=0x3c0) returned 1 [0131.528] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0131.536] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe08*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.547] SetEvent (hEvent=0x1b4) returned 1 [0131.547] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe08*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.552] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.552] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe30*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.556] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f6a0, ulNumEntriesRemoved=0x2ac9f674) returned 0 [0131.556] SetEvent (hEvent=0x258) returned 1 [0131.556] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe18*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.557] SetEvent (hEvent=0xfc) returned 1 [0131.557] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.564] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.599] SetEvent (hEvent=0x320) returned 1 [0131.599] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.608] SetEvent (hEvent=0x320) returned 1 [0131.608] VirtualFree (lpAddress=0xc0002fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.609] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.609] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.609] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.610] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.610] SwitchToThread () returned 1 [0131.614] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.638] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.654] SetEvent (hEvent=0x258) returned 1 [0131.654] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0131.655] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000275cf4 | out: lpMode=0xc000275cf4) returned 0 [0131.655] GetFileType (hFile=0x3d8) returned 0x1 [0131.656] GetFileType (hFile=0x3d8) returned 0x1 [0131.656] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc000275d44 | out: lpFileInformation=0xc000275d44) returned 1 [0131.656] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc000275d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000275d28) returned 1 [0131.656] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0131.656] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00005c000, nNumberOfBytesToRead=0x3cf, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesRead=0xc000275c04*=0x1cf, lpOverlapped=0x0) returned 1 [0131.657] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00005c1cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005c1cf*, lpNumberOfBytesRead=0xc000275c04*=0x0, lpOverlapped=0x0) returned 1 [0131.657] CloseHandle (hObject=0x3d8) returned 1 [0131.657] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0131.658] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0131.658] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0131.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.672] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0131.673] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E\\*", lpFindFileData=0xc000275a08 | out: lpFindFileData=0xc000275a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.673] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000275720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.673] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000275808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000275808*=0xac) returned 1 [0131.674] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0131.674] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0131.675] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0131.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0131.675] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000275d64 | out: lpMode=0xc000275d64) returned 0 [0131.676] GetFileType (hFile=0x370) returned 0x1 [0131.676] WriteFile (in: hFile=0x370, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000275d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000275d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.677] CloseHandle (hObject=0x370) returned 1 [0131.677] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwFlags=0x1) returned 1 [0131.731] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f698, ulNumEntriesRemoved=0x2ac9f66c) returned 0 [0131.731] SetEvent (hEvent=0x3c0) returned 1 [0131.731] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe08*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.734] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe08*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.736] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f6a0, ulNumEntriesRemoved=0x2ac9f674) returned 0 [0131.736] SetEvent (hEvent=0x12c) returned 1 [0131.736] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe18*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.740] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.756] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.768] SetEvent (hEvent=0xfc) returned 1 [0131.768] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.773] SetEvent (hEvent=0xfc) returned 1 [0131.773] SetEvent (hEvent=0x258) returned 1 [0131.773] VirtualFree (lpAddress=0xc000286000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.773] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.774] VirtualFree (lpAddress=0xc000052000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0131.774] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000045818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc000045818*=0x2) returned 1 [0131.776] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.784] SetEvent (hEvent=0x3c0) returned 1 [0131.784] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.787] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0131.788] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0131.789] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00014dcf4 | out: lpMode=0xc00014dcf4) returned 0 [0131.789] GetFileType (hFile=0x2e8) returned 0x1 [0131.789] GetFileType (hFile=0x2e8) returned 0x1 [0131.789] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc00014dd44 | out: lpFileInformation=0xc00014dd44) returned 1 [0131.789] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc00014dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014dd28) returned 1 [0131.789] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000160400, nNumberOfBytesToRead=0x3cf, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000160400*, lpNumberOfBytesRead=0xc00014dc04*=0x1cf, lpOverlapped=0x0) returned 1 [0131.791] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0001605cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001605cf*, lpNumberOfBytesRead=0xc00014dc04*=0x0, lpOverlapped=0x0) returned 1 [0131.791] CloseHandle (hObject=0x2e8) returned 1 [0131.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.797] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E\\*", lpFindFileData=0xc00014da08 | out: lpFindFileData=0xc00014da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.797] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00014d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.797] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc00014d808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc00014d808*=0xac) returned 1 [0131.799] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0131.799] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0131.800] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0131.800] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc00014dd64 | out: lpMode=0xc00014dd64) returned 0 [0131.801] GetFileType (hFile=0x2b4) returned 0x1 [0131.801] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00014dd4c*=0x158, lpOverlapped=0x0) returned 1 [0131.802] CloseHandle (hObject=0x2b4) returned 1 [0131.803] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), dwFlags=0x1) returned 1 [0131.838] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe30*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.838] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.838] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f698, ulNumEntriesRemoved=0x2ac9f66c) returned 0 [0131.838] SetEvent (hEvent=0xfc) returned 1 [0131.838] SetEvent (hEvent=0x3c0) returned 1 [0131.838] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0131.840] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe08*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.843] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.843] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f6a0, ulNumEntriesRemoved=0x2ac9f674) returned 0 [0131.843] SetEvent (hEvent=0x3c0) returned 1 [0131.843] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe18*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.852] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.852] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.865] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.874] SetEvent (hEvent=0x258) returned 1 [0131.874] SetEvent (hEvent=0x12c) returned 1 [0131.874] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.875] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0131.875] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0028*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000031818, lpReserved=0x0 | out: lpBuffer=0xc0000a0028*, lpNumberOfCharsWritten=0xc000031818*=0x2) returned 1 [0131.878] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0131.884] SetEvent (hEvent=0x258) returned 1 [0131.884] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0131.885] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000141cf4 | out: lpMode=0xc000141cf4) returned 0 [0131.886] GetFileType (hFile=0x370) returned 0x1 [0131.886] GetFileType (hFile=0x370) returned 0x1 [0131.886] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc000141d44 | out: lpFileInformation=0xc000141d44) returned 1 [0131.886] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc000141d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000141d28) returned 1 [0131.886] ReadFile (in: hFile=0x370, lpBuffer=0xc000076900, nNumberOfBytesToRead=0x8e3, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc000076900*, lpNumberOfBytesRead=0xc000141c04*=0x6e3, lpOverlapped=0x0) returned 1 [0131.888] ReadFile (in: hFile=0x370, lpBuffer=0xc000076fe3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc000076fe3*, lpNumberOfBytesRead=0xc000141c04*=0x0, lpOverlapped=0x0) returned 1 [0131.888] CloseHandle (hObject=0x370) returned 1 [0131.888] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.007] SetEvent (hEvent=0xc0) returned 1 [0132.007] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.008] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416\\*", lpFindFileData=0xc000141a08 | out: lpFindFileData=0xc000141a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.008] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000141720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.008] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000141808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000141808*=0xac) returned 1 [0132.010] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.010] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.011] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0132.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0132.011] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000141d64 | out: lpMode=0xc000141d64) returned 0 [0132.012] GetFileType (hFile=0x370) returned 0x1 [0132.012] WriteFile (in: hFile=0x370, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000141d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000141d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.013] CloseHandle (hObject=0x370) returned 1 [0132.016] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), dwFlags=0x1) returned 1 [0132.071] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f698, ulNumEntriesRemoved=0x2ac9f66c) returned 0 [0132.071] SetEvent (hEvent=0xfc) returned 1 [0132.071] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0132.073] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe08*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.074] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.074] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f6a0, ulNumEntriesRemoved=0x2ac9f674) returned 0 [0132.074] SetEvent (hEvent=0xfc) returned 1 [0132.074] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe18*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.080] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.100] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.111] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.117] SetEvent (hEvent=0x1b4) returned 1 [0132.117] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.118] SetEvent (hEvent=0x1b4) returned 1 [0132.118] SetEvent (hEvent=0x320) returned 1 [0132.118] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.119] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.119] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.120] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.120] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.121] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.121] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.121] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.122] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010038*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000f9818, lpReserved=0x0 | out: lpBuffer=0xc000010038*, lpNumberOfCharsWritten=0xc0000f9818*=0x2) returned 1 [0132.123] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.131] SetEvent (hEvent=0x320) returned 1 [0132.131] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.131] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.132] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0132.132] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0132.133] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0132.135] GetFileType (hFile=0x2b4) returned 0x1 [0132.135] GetFileType (hFile=0x2b4) returned 0x1 [0132.135] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0132.135] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0132.135] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0132.136] ReadFile (in: hFile=0x2b4, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x852, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc0006ddc04*=0x652, lpOverlapped=0x0) returned 1 [0132.138] ReadFile (in: hFile=0x2b4, lpBuffer=0xc0000a2652, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2652*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0132.138] CloseHandle (hObject=0x2b4) returned 1 [0132.138] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0132.139] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.147] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0132.148] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061\\*", lpFindFileData=0xc0006dda08 | out: lpFindFileData=0xc0006dda08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.148] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0006dd720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.148] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0006dd808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0006dd808*=0xac) returned 1 [0132.149] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0132.150] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.150] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0132.151] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0132.151] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0132.151] GetFileType (hFile=0x2b4) returned 0x1 [0132.151] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0132.152] CloseHandle (hObject=0x2b4) returned 1 [0132.153] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), dwFlags=0x1) returned 1 [0132.210] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f698, ulNumEntriesRemoved=0x2ac9f66c) returned 0 [0132.210] SetEvent (hEvent=0xfc) returned 1 [0132.211] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe08*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.212] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.212] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f6a0, ulNumEntriesRemoved=0x2ac9f674) returned 0 [0132.212] SetEvent (hEvent=0xfc) returned 1 [0132.212] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe18*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.218] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.218] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.240] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.251] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.257] SetEvent (hEvent=0x258) returned 1 [0132.257] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.258] SetEvent (hEvent=0x258) returned 1 [0132.258] SetEvent (hEvent=0x320) returned 1 [0132.258] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.259] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.259] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.259] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.260] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.260] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.261] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000133818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc000133818*=0x2) returned 1 [0132.262] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.269] SetEvent (hEvent=0x320) returned 1 [0132.269] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0132.270] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0132.271] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0132.271] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000141cf4 | out: lpMode=0xc000141cf4) returned 0 [0132.272] GetFileType (hFile=0x2e8) returned 0x1 [0132.272] GetFileType (hFile=0x2e8) returned 0x1 [0132.272] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc000141d44 | out: lpFileInformation=0xc000141d44) returned 1 [0132.272] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc000141d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000141d28) returned 1 [0132.273] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000ce800, nNumberOfBytesToRead=0x7ed, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce800*, lpNumberOfBytesRead=0xc000141c04*=0x5ed, lpOverlapped=0x0) returned 1 [0132.274] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000ceded, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ceded*, lpNumberOfBytesRead=0xc000141c04*=0x0, lpOverlapped=0x0) returned 1 [0132.274] CloseHandle (hObject=0x2e8) returned 1 [0132.275] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.284] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0132.285] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC\\*", lpFindFileData=0xc000141a08 | out: lpFindFileData=0xc000141a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.285] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000141720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.285] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000141808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000141808*=0xac) returned 1 [0132.286] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.287] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.287] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0132.288] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0132.288] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000141d64 | out: lpMode=0xc000141d64) returned 0 [0132.289] GetFileType (hFile=0x2e8) returned 0x1 [0132.289] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000141d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000141d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.289] CloseHandle (hObject=0x2e8) returned 1 [0132.292] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), dwFlags=0x1) returned 1 [0132.449] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f698, ulNumEntriesRemoved=0x2ac9f66c) returned 0 [0132.450] SetEvent (hEvent=0x1b4) returned 1 [0132.450] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe08*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.451] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f6a0, ulNumEntriesRemoved=0x2ac9f674) returned 0 [0132.451] SetEvent (hEvent=0x1b4) returned 1 [0132.451] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe18*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.454] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.473] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.480] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.485] SetEvent (hEvent=0x258) returned 1 [0132.485] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.485] SetEvent (hEvent=0x258) returned 1 [0132.485] SetEvent (hEvent=0x320) returned 1 [0132.486] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.486] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.486] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0132.487] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.487] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.487] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.488] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001f5818, lpReserved=0x0 | out: lpBuffer=0xc00005e008*, lpNumberOfCharsWritten=0xc0001f5818*=0x2) returned 1 [0132.489] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.496] SetEvent (hEvent=0x258) returned 1 [0132.496] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0132.496] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0132.497] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0132.498] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0000f5cf4 | out: lpMode=0xc0000f5cf4) returned 0 [0132.499] GetFileType (hFile=0x2bc) returned 0x1 [0132.499] GetFileType (hFile=0x2bc) returned 0x1 [0132.499] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0000f5d44 | out: lpFileInformation=0xc0000f5d44) returned 1 [0132.499] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0000f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f5d28) returned 1 [0132.499] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0132.500] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x863, lpNumberOfBytesRead=0xc0000f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc0000f5c04*=0x663, lpOverlapped=0x0) returned 1 [0132.502] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000a2663, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2663*, lpNumberOfBytesRead=0xc0000f5c04*=0x0, lpOverlapped=0x0) returned 1 [0132.502] CloseHandle (hObject=0x2bc) returned 1 [0132.503] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0132.503] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0132.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.514] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0132.514] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C\\*", lpFindFileData=0xc0000f5a08 | out: lpFindFileData=0xc0000f5a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.515] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000f5720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.515] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0000f5808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0000f5808*=0xac) returned 1 [0132.516] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0132.517] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.517] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.517] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0132.517] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0000f5d64 | out: lpMode=0xc0000f5d64) returned 0 [0132.519] GetFileType (hFile=0x2b4) returned 0x1 [0132.519] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0000f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.519] CloseHandle (hObject=0x2b4) returned 1 [0132.522] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), dwFlags=0x1) returned 1 [0132.609] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.624] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.626] SetEvent (hEvent=0x12c) returned 1 [0132.627] SetEvent (hEvent=0x320) returned 1 [0132.627] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.666] VirtualAlloc (lpAddress=0xc0002ae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ae000 [0132.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0132.668] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001f5cf4 | out: lpMode=0xc0001f5cf4) returned 0 [0132.674] GetFileType (hFile=0x3cc) returned 0x1 [0132.674] GetFileType (hFile=0x3cc) returned 0x1 [0132.675] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc0001f5d44 | out: lpFileInformation=0xc0001f5d44) returned 1 [0132.675] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc0001f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f5d28) returned 1 [0132.675] VirtualAlloc (lpAddress=0xc0002b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b0000 [0132.675] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0002b0000, nNumberOfBytesToRead=0x2f4, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b0000*, lpNumberOfBytesRead=0xc0001f5c04*=0xf4, lpOverlapped=0x0) returned 1 [0132.676] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0002b00f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b00f4*, lpNumberOfBytesRead=0xc0001f5c04*=0x0, lpOverlapped=0x0) returned 1 [0132.676] CloseHandle (hObject=0x3cc) returned 1 [0132.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.844] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0132.847] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD\\*", lpFindFileData=0xc0001f5a08 | out: lpFindFileData=0xc0001f5a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.847] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001f5720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0132.848] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000279cf4 | out: lpMode=0xc000279cf4) returned 0 [0132.851] GetFileType (hFile=0x2bc) returned 0x1 [0132.851] GetFileType (hFile=0x2bc) returned 0x1 [0132.851] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000279d44 | out: lpFileInformation=0xc000279d44) returned 1 [0132.851] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000279d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000279d28) returned 1 [0132.852] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00004e300, nNumberOfBytesToRead=0x300, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e300*, lpNumberOfBytesRead=0xc000279c04*=0x100, lpOverlapped=0x0) returned 1 [0132.853] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00004e400, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e400*, lpNumberOfBytesRead=0xc000279c04*=0x0, lpOverlapped=0x0) returned 1 [0132.853] CloseHandle (hObject=0x2bc) returned 1 [0132.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.910] VirtualAlloc (lpAddress=0xc0002ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ce000 [0132.910] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21\\*", lpFindFileData=0xc000279a08 | out: lpFindFileData=0xc000279a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.910] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000279720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.910] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002c6240*, nNumberOfCharsToWrite=0x8c, lpNumberOfCharsWritten=0xc000279808, lpReserved=0x0 | out: lpBuffer=0xc0002c6240*, lpNumberOfCharsWritten=0xc000279808*=0x8c) returned 1 [0132.912] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0132.912] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0132.912] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000279d64 | out: lpMode=0xc000279d64) returned 0 [0132.913] GetFileType (hFile=0x240) returned 0x1 [0132.913] WriteFile (in: hFile=0x240, lpBuffer=0xc0001682c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000279d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001682c0*, lpNumberOfBytesWritten=0xc000279d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.914] CloseHandle (hObject=0x240) returned 1 [0132.917] VirtualAlloc (lpAddress=0xc0002d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d0000 [0132.917] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-7396c420a8e1bc1da97f1af0d10bad21"), dwFlags=0x1) returned 1 [0133.069] SetEvent (hEvent=0x39c) returned 1 [0133.069] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0133.080] SetEvent (hEvent=0x1b4) returned 1 [0133.080] SetEvent (hEvent=0x3c8) returned 1 [0133.080] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0141.052] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0141.052] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0141.053] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0141.054] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000191cf4 | out: lpMode=0xc000191cf4) returned 0 [0141.062] GetFileType (hFile=0x3d8) returned 0x1 [0141.062] GetFileType (hFile=0x3d8) returned 0x1 [0141.062] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc000191d44 | out: lpFileInformation=0xc000191d44) returned 1 [0141.062] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc000191d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000191d28) returned 1 [0141.062] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0141.063] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0000f0000, nNumberOfBytesToRead=0x2ea, lpNumberOfBytesRead=0xc000191c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesRead=0xc000191c04*=0xea, lpOverlapped=0x0) returned 1 [0141.064] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0000f00ea, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000191c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f00ea*, lpNumberOfBytesRead=0xc000191c04*=0x0, lpOverlapped=0x0) returned 1 [0141.064] CloseHandle (hObject=0x3d8) returned 1 [0141.065] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0141.066] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000191d04 | out: lpMode=0xc000191d04) returned 0 [0141.070] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0141.192] SetEvent (hEvent=0x354) returned 1 [0141.192] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0141.193] SetEvent (hEvent=0x354) returned 1 [0141.193] SetEvent (hEvent=0x3c0) returned 1 [0141.193] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0141.269] SetEvent (hEvent=0x354) returned 1 [0141.269] SetEvent (hEvent=0x208) returned 1 [0141.269] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0141.278] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3dc [0141.279] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc000063cf4 | out: lpMode=0xc000063cf4) returned 0 [0141.281] GetFileType (hFile=0x3dc) returned 0x1 [0141.281] GetFileType (hFile=0x3dc) returned 0x1 [0141.281] GetFileInformationByHandle (in: hFile=0x3dc, lpFileInformation=0xc000063d44 | out: lpFileInformation=0xc000063d44) returned 1 [0141.281] GetFileInformationByHandleEx (in: hFile=0x3dc, FileInformationClass=0x9, lpFileInformation=0xc000063d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000063d28) returned 1 [0141.281] ReadFile (in: hFile=0x3dc, lpBuffer=0xc000072000, nNumberOfBytesToRead=0x537, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfBytesRead=0xc000063c04*=0x337, lpOverlapped=0x0) returned 1 [0142.430] SetEvent (hEvent=0xc0) returned 1 [0142.430] ReadFile (in: hFile=0x3dc, lpBuffer=0xc000072337, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc000072337*, lpNumberOfBytesRead=0xc000063c04*=0x0, lpOverlapped=0x0) returned 1 [0142.431] CloseHandle (hObject=0x3dc) returned 1 [0142.431] VirtualAlloc (lpAddress=0xc0005fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005fe000 [0142.432] VirtualAlloc (lpAddress=0xc000780000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000780000 [0142.462] VirtualAlloc (lpAddress=0xc000782000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000782000 [0142.464] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0142.836] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0143.755] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000063d04 | out: lpMode=0xc000063d04) returned 0 [0143.758] GetFileType (hFile=0x36c) returned 0x1 [0143.758] WriteFile (in: hFile=0x36c, lpBuffer=0xc000238000*, nNumberOfBytesToWrite=0x340, lpNumberOfBytesWritten=0xc000063cec, lpOverlapped=0x0 | out: lpBuffer=0xc000238000*, lpNumberOfBytesWritten=0xc000063cec*=0x340, lpOverlapped=0x0) returned 1 [0143.760] CloseHandle (hObject=0x36c) returned 1 [0143.760] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0143.760] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0143.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0143.762] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000063d64 | out: lpMode=0xc000063d64) returned 0 [0143.766] GetFileType (hFile=0x36c) returned 0x1 [0143.766] WriteFile (in: hFile=0x36c, lpBuffer=0xc0006151e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000063d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006151e0*, lpNumberOfBytesWritten=0xc000063d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.766] CloseHandle (hObject=0x36c) returned 1 [0143.766] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0143.767] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@msn[1].txt"), dwFlags=0x1) returned 1 [0143.769] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe30*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.770] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0143.770] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f698, ulNumEntriesRemoved=0x2ac9f66c) returned 0 [0143.770] SetEvent (hEvent=0xc0) returned 1 [0143.770] SetEvent (hEvent=0x49c) returned 1 [0143.770] SetEvent (hEvent=0x47c) returned 1 [0143.770] SetEvent (hEvent=0x13c) returned 1 [0143.772] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe08*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.777] SetEvent (hEvent=0x13c) returned 1 [0143.777] SetEvent (hEvent=0x47c) returned 1 [0143.777] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe08*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.780] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe30*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.782] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ac9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ac9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ac9f6a0, ulNumEntriesRemoved=0x2ac9f674) returned 0 [0143.782] SetEvent (hEvent=0x49c) returned 1 [0143.782] SetEvent (hEvent=0x13c) returned 1 [0143.782] SetEvent (hEvent=0x47c) returned 1 [0143.782] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ac9fe18*=0x148, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.789] SetEvent (hEvent=0x234) returned 1 [0143.789] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0143.811] SetEvent (hEvent=0x234) returned 1 [0143.811] SetEvent (hEvent=0x9b0) returned 1 [0143.811] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0143.819] SetEvent (hEvent=0x234) returned 1 [0143.819] SetEvent (hEvent=0x9b8) returned 1 [0143.819] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0143.839] SetEvent (hEvent=0x26c) returned 1 [0143.839] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0143.841] SetEvent (hEvent=0x3c0) returned 1 [0143.841] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0143.852] SetEvent (hEvent=0x3c0) returned 1 [0143.852] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0143.858] SetEvent (hEvent=0x3c0) returned 1 [0143.858] SetEvent (hEvent=0x3b0) returned 1 [0143.858] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) returned 0x0 [0143.873] SetEvent (hEvent=0xc64) returned 1 [0143.873] WaitForSingleObject (hHandle=0x148, dwMilliseconds=0xffffffff) Thread: id = 34 os_tid = 0x5c4 [0115.714] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2ae9fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2ae9fea0*=0x194) returned 1 [0115.714] VirtualQuery (in: lpAddress=0x2ae9fec0, lpBuffer=0x2ae9fec0, dwLength=0x30 | out: lpBuffer=0x2ae9fec0*(BaseAddress=0x2ae9f000, AllocationBase=0x2aca0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0115.714] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x21c [0115.714] GetConsoleMode (in: hConsoleHandle=0x21c, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0115.718] GetFileType (hFile=0x21c) returned 0x1 [0115.718] GetFileType (hFile=0x21c) returned 0x1 [0115.718] GetFileInformationByHandle (in: hFile=0x21c, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0115.718] GetFileInformationByHandleEx (in: hFile=0x21c, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0115.718] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0115.719] ReadFile (in: hFile=0x21c, lpBuffer=0xc000294000, nNumberOfBytesToRead=0x4c2, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000294000*, lpNumberOfBytesRead=0xc0006e1c04*=0x2c2, lpOverlapped=0x0) returned 1 [0115.721] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x144 [0115.721] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x220 [0115.721] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0115.910] ReadFile (in: hFile=0x21c, lpBuffer=0xc0002942c2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002942c2*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0115.910] CloseHandle (hObject=0x21c) returned 1 [0115.910] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x22c [0115.943] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0115.960] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0115.962] GetFileType (hFile=0x22c) returned 0x1 [0115.963] WriteFile (in: hFile=0x22c, lpBuffer=0xc000212300*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000212300*, lpNumberOfBytesWritten=0xc0006e1cec*=0x2d0, lpOverlapped=0x0) returned 1 [0115.964] CloseHandle (hObject=0x22c) returned 1 [0115.977] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a001 | out: pbBuffer=0xc00031a001) returned 1 [0115.977] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0115.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0115.978] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0115.980] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.014] GetFileType (hFile=0x1ec) returned 0x1 [0116.014] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.014] CloseHandle (hObject=0x1ec) returned 1 [0116.018] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA42ckd[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa42ckd[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-AA42ckd[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-aa42ckd[1].png"), dwFlags=0x1) returned 1 [0116.607] SwitchToThread () returned 1 [0116.608] SetEvent (hEvent=0xec) returned 1 [0116.608] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.609] SetEvent (hEvent=0xec) returned 1 [0116.609] SetEvent (hEvent=0xfc) returned 1 [0116.609] SetEvent (hEvent=0x304) returned 1 [0116.609] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.612] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.620] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.624] SetEvent (hEvent=0xec) returned 1 [0116.624] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.625] SetEvent (hEvent=0xec) returned 1 [0116.626] SetEvent (hEvent=0x24c) returned 1 [0116.626] SetEvent (hEvent=0x13c) returned 1 [0116.626] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.627] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.628] SetEvent (hEvent=0xec) returned 1 [0116.628] SetEvent (hEvent=0x13c) returned 1 [0116.628] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.628] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.629] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.629] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.629] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc00015b818*=0x3) returned 1 [0116.630] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.632] SetEvent (hEvent=0xec) returned 1 [0116.632] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.633] SetEvent (hEvent=0xec) returned 1 [0116.633] SetEvent (hEvent=0x13c) returned 1 [0116.633] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0030*, lpNumberOfCharsWritten=0xc00020b818*=0x3) returned 1 [0116.634] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.635] SetEvent (hEvent=0x1b4) returned 1 [0116.635] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.636] SetEvent (hEvent=0x1b4) returned 1 [0116.636] SetEvent (hEvent=0x13c) returned 1 [0116.636] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000179818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc000179818*=0x3) returned 1 [0116.637] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.638] SetEvent (hEvent=0x15c) returned 1 [0116.638] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.640] SetEvent (hEvent=0x15c) returned 1 [0116.640] SetEvent (hEvent=0x13c) returned 1 [0116.640] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001c9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0018*, lpNumberOfCharsWritten=0xc0001c9818*=0x3) returned 1 [0116.641] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.643] SetEvent (hEvent=0x15c) returned 1 [0116.643] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.643] SetEvent (hEvent=0x15c) returned 1 [0116.643] SetEvent (hEvent=0x13c) returned 1 [0116.643] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc00024d818*=0x3) returned 1 [0116.644] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.647] SetEvent (hEvent=0x188) returned 1 [0116.647] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.649] SetEvent (hEvent=0x188) returned 1 [0116.649] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.650] SetEvent (hEvent=0x188) returned 1 [0116.650] SetEvent (hEvent=0x2b0) returned 1 [0116.651] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0116.657] SetEvent (hEvent=0x29c) returned 1 [0116.657] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0117.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x308 [0117.436] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc000139cf4 | out: lpMode=0xc000139cf4) returned 0 [0117.439] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0117.562] GetFileType (hFile=0x308) returned 0x1 [0117.562] VirtualAlloc (lpAddress=0xc000342000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000342000 [0117.563] GetFileType (hFile=0x308) returned 0x1 [0117.563] GetFileInformationByHandle (in: hFile=0x308, lpFileInformation=0xc000139d44 | out: lpFileInformation=0xc000139d44) returned 1 [0117.563] GetFileInformationByHandleEx (in: hFile=0x308, FileInformationClass=0x9, lpFileInformation=0xc000139d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000139d28) returned 1 [0117.563] VirtualAlloc (lpAddress=0xc000478000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000478000 [0117.568] ReadFile (in: hFile=0x308, lpBuffer=0xc000478000, nNumberOfBytesToRead=0x2a23f, lpNumberOfBytesRead=0xc000139c04, lpOverlapped=0x0 | out: lpBuffer=0xc000478000*, lpNumberOfBytesRead=0xc000139c04*=0x2a03f, lpOverlapped=0x0) returned 1 [0117.581] ReadFile (in: hFile=0x308, lpBuffer=0xc0004a203f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000139c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004a203f*, lpNumberOfBytesRead=0xc000139c04*=0x0, lpOverlapped=0x0) returned 1 [0117.581] CloseHandle (hObject=0x308) returned 1 [0117.581] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x2c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0117.587] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0117.752] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000139d04 | out: lpMode=0xc000139d04) returned 0 [0117.754] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0117.770] SetEvent (hEvent=0x2a8) returned 1 [0117.770] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0117.837] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ae9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ae9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ae9f698, ulNumEntriesRemoved=0x2ae9f66c) returned 0 [0117.837] SetEvent (hEvent=0x30c) returned 1 [0117.838] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe08*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0117.839] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0117.839] SetEvent (hEvent=0x30c) returned 1 [0117.839] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe08*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.840] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe30*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.840] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ae9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ae9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ae9f6a0, ulNumEntriesRemoved=0x2ae9f674) returned 0 [0117.840] SetEvent (hEvent=0x30c) returned 1 [0117.840] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe18*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0117.874] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0117.874] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe30*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0117.933] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0117.933] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ae9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ae9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ae9f698, ulNumEntriesRemoved=0x2ae9f66c) returned 0 [0117.933] SetEvent (hEvent=0xc0) returned 1 [0117.933] SetEvent (hEvent=0x1dc) returned 1 [0117.934] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe08*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.935] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe08*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.942] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe30*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.943] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ae9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ae9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ae9f6a0, ulNumEntriesRemoved=0x2ae9f674) returned 0 [0117.943] SetEvent (hEvent=0x30c) returned 1 [0117.943] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe18*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.944] GetFileType (hFile=0x1b0) returned 0x1 [0117.944] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000182000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00016fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000182000*, lpNumberOfBytesWritten=0xc00016fd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.945] CloseHandle (hObject=0x1b0) returned 1 [0117.955] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-adfscript[1]"), dwFlags=0x1) returned 1 [0118.569] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0118.572] SetEvent (hEvent=0x274) returned 1 [0118.572] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0118.573] SetEvent (hEvent=0x274) returned 1 [0118.573] SetEvent (hEvent=0x3c8) returned 1 [0118.573] SetEvent (hEvent=0x13c) returned 1 [0118.573] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0118.734] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0118.735] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001ffcf4 | out: lpMode=0xc0001ffcf4) returned 0 [0118.741] GetFileType (hFile=0x36c) returned 0x1 [0118.741] GetFileType (hFile=0x36c) returned 0x1 [0118.742] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0001ffd44 | out: lpFileInformation=0xc0001ffd44) returned 1 [0118.742] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0001ffd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001ffd28) returned 1 [0118.742] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0118.743] ReadFile (in: hFile=0x36c, lpBuffer=0xc000180000, nNumberOfBytesToRead=0x2bca, lpNumberOfBytesRead=0xc0001ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesRead=0xc0001ffc04*=0x29ca, lpOverlapped=0x0) returned 1 [0118.751] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0118.825] ReadFile (in: hFile=0x36c, lpBuffer=0xc0001829ca, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001829ca*, lpNumberOfBytesRead=0xc0001ffc04*=0x0, lpOverlapped=0x0) returned 1 [0118.825] CloseHandle (hObject=0x36c) returned 1 [0118.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0118.826] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001ffd04 | out: lpMode=0xc0001ffd04) returned 0 [0118.831] GetFileType (hFile=0x36c) returned 0x1 [0118.831] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000b6000*, nNumberOfBytesToWrite=0x29d0, lpNumberOfBytesWritten=0xc0001ffcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesWritten=0xc0001ffcec*=0x29d0, lpOverlapped=0x0) returned 1 [0118.832] CloseHandle (hObject=0x36c) returned 1 [0118.834] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0118.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0118.835] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc0001ffd64 | out: lpMode=0xc0001ffd64) returned 0 [0118.836] GetFileType (hFile=0x2d4) returned 0x1 [0118.836] WriteFile (in: hFile=0x2d4, lpBuffer=0xc00007a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001ffd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007a2c0*, lpNumberOfBytesWritten=0xc0001ffd4c*=0x158, lpOverlapped=0x0) returned 1 [0118.837] CloseHandle (hObject=0x2d4) returned 1 [0118.838] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBMGJo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbmgjo[1].jpg"), dwFlags=0x1) returned 1 [0118.849] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0118.969] SetEvent (hEvent=0x39c) returned 1 [0118.969] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0118.979] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe30*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.979] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ae9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ae9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ae9f698, ulNumEntriesRemoved=0x2ae9f66c) returned 0 [0118.979] SetEvent (hEvent=0xc0) returned 1 [0118.979] SetEvent (hEvent=0xec) returned 1 [0118.979] SetEvent (hEvent=0x29c) returned 1 [0118.979] SetEvent (hEvent=0x114) returned 1 [0118.980] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe08*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.982] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0118.982] SetEvent (hEvent=0x114) returned 1 [0118.982] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe08*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.988] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe30*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.988] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ae9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ae9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ae9f6a0, ulNumEntriesRemoved=0x2ae9f674) returned 0 [0118.988] SetEvent (hEvent=0x29c) returned 1 [0118.988] SetEvent (hEvent=0x114) returned 1 [0118.989] SetEvent (hEvent=0x28c) returned 1 [0118.989] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe18*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.991] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3bc [0118.992] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc000189cf4 | out: lpMode=0xc000189cf4) returned 0 [0118.993] GetFileType (hFile=0x3bc) returned 0x1 [0118.993] GetFileType (hFile=0x3bc) returned 0x1 [0118.993] GetFileInformationByHandle (in: hFile=0x3bc, lpFileInformation=0xc000189d44 | out: lpFileInformation=0xc000189d44) returned 1 [0118.993] GetFileInformationByHandleEx (in: hFile=0x3bc, FileInformationClass=0x9, lpFileInformation=0xc000189d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000189d28) returned 1 [0118.993] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0118.994] ReadFile (in: hFile=0x3bc, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x5885, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc000189c04*=0x5685, lpOverlapped=0x0) returned 1 [0118.998] ReadFile (in: hFile=0x3bc, lpBuffer=0xc000217685, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc000217685*, lpNumberOfBytesRead=0xc000189c04*=0x0, lpOverlapped=0x0) returned 1 [0118.998] CloseHandle (hObject=0x3bc) returned 1 [0118.998] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0118.998] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0118.998] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0118.999] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0119.022] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.098] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc000189d04 | out: lpMode=0xc000189d04) returned 0 [0119.101] GetFileType (hFile=0x3dc) returned 0x1 [0119.101] WriteFile (in: hFile=0x3dc, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x5690, lpNumberOfBytesWritten=0xc000189cec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc000189cec*=0x5690, lpOverlapped=0x0) returned 1 [0119.102] CloseHandle (hObject=0x3dc) returned 1 [0119.106] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a901 | out: pbBuffer=0xc00028a901) returned 1 [0119.107] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0119.107] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000189d64 | out: lpMode=0xc000189d64) returned 0 [0119.109] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.150] GetFileType (hFile=0x1ec) returned 0x1 [0119.150] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0001c06e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000189d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c06e0*, lpNumberOfBytesWritten=0xc000189d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.151] CloseHandle (hObject=0x1ec) returned 1 [0119.153] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBOmar[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbomar[1].jpg"), dwFlags=0x1) returned 1 [0119.676] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863a8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000139818, lpReserved=0x0 | out: lpBuffer=0xc0005863a8*, lpNumberOfCharsWritten=0xc000139818*=0x3) returned 1 [0119.677] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000177818, lpReserved=0x0 | out: lpBuffer=0xc0005863b0*, lpNumberOfCharsWritten=0xc000177818*=0x3) returned 1 [0119.678] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.680] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0119.681] SetEvent (hEvent=0x30c) returned 1 [0119.777] SetEvent (hEvent=0x30c) returned 1 [0119.777] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.779] SetEvent (hEvent=0x30c) returned 1 [0119.779] SetEvent (hEvent=0x24c) returned 1 [0119.779] SetEvent (hEvent=0x320) returned 1 [0119.779] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.782] SetEvent (hEvent=0x24c) returned 1 [0119.782] SwitchToThread () returned 1 [0119.882] SwitchToThread () returned 1 [0119.884] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.885] SetEvent (hEvent=0x30c) returned 1 [0119.886] SetEvent (hEvent=0x24c) returned 1 [0119.886] VirtualFree (lpAddress=0xc00027c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.886] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010070*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000209818, lpReserved=0x0 | out: lpBuffer=0xc000010070*, lpNumberOfCharsWritten=0xc000209818*=0x3) returned 1 [0119.888] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.890] SetEvent (hEvent=0x30c) returned 1 [0119.890] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010076*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023f818, lpReserved=0x0 | out: lpBuffer=0xc000010076*, lpNumberOfCharsWritten=0xc00023f818*=0x3) returned 1 [0119.891] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.894] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0068*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0068*, lpNumberOfCharsWritten=0xc00015d818*=0x3) returned 1 [0119.894] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.897] SetEvent (hEvent=0x30c) returned 1 [0119.897] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0128*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00004b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0128*, lpNumberOfCharsWritten=0xc00004b818*=0x3) returned 1 [0119.898] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002a1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc0002a1818*=0x3) returned 1 [0119.900] VirtualAlloc (lpAddress=0xc0002d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d0000 [0119.900] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0006*, lpNumberOfCharsWritten=0xc0001a1818*=0x3) returned 1 [0119.901] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.903] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010098*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc000010098*, lpNumberOfCharsWritten=0xc00024d818*=0x3) returned 1 [0119.904] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d9818, lpReserved=0x0 | out: lpBuffer=0xc0000100a0*, lpNumberOfCharsWritten=0xc0001d9818*=0x3) returned 1 [0119.905] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.908] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.909] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000137818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc000137818*=0x3) returned 1 [0119.911] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010046*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018b818, lpReserved=0x0 | out: lpBuffer=0xc000010046*, lpNumberOfCharsWritten=0xc00018b818*=0x3) returned 1 [0119.912] SetEvent (hEvent=0x258) returned 1 [0119.912] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023d818, lpReserved=0x0 | out: lpBuffer=0xc0005863a0*, lpNumberOfCharsWritten=0xc00023d818*=0x3) returned 1 [0119.913] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.914] SetEvent (hEvent=0x1a0) returned 1 [0119.914] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.916] SetEvent (hEvent=0x3c0) returned 1 [0119.916] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.920] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.920] SetEvent (hEvent=0x1a0) returned 1 [0119.920] SetEvent (hEvent=0x148) returned 1 [0119.920] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.921] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.921] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc00015b818*=0x3) returned 1 [0119.923] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.924] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0140*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0140*, lpNumberOfCharsWritten=0xc00012b818*=0x3) returned 1 [0119.933] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.939] SetEvent (hEvent=0x1a0) returned 1 [0119.939] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0119.945] SetEvent (hEvent=0x9c) returned 1 [0119.945] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0120.017] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863d8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00017b818, lpReserved=0x0 | out: lpBuffer=0xc0005863d8*, lpNumberOfCharsWritten=0xc00017b818*=0x3) returned 1 [0120.020] SetEvent (hEvent=0x148) returned 1 [0120.020] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0120.028] SetEvent (hEvent=0x9c) returned 1 [0120.028] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0120.098] SetEvent (hEvent=0x1a0) returned 1 [0120.098] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0120.165] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0120.168] SetEvent (hEvent=0x258) returned 1 [0120.168] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0120.168] SetEvent (hEvent=0x258) returned 1 [0120.168] SetEvent (hEvent=0x39c) returned 1 [0120.168] VirtualFree (lpAddress=0xc0002fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.169] VirtualFree (lpAddress=0xc000160000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.169] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.169] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.170] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.170] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.170] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.171] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.171] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0120.172] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.172] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.172] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.173] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.173] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000065818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000065818*=0x3) returned 1 [0120.176] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0120.177] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0120.177] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0120.178] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0120.178] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0120.179] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00022fcf4 | out: lpMode=0xc00022fcf4) returned 0 [0120.188] GetFileType (hFile=0x1b0) returned 0x1 [0120.188] GetFileType (hFile=0x1b0) returned 0x1 [0120.188] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00022fd44 | out: lpFileInformation=0xc00022fd44) returned 1 [0120.188] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00022fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022fd28) returned 1 [0120.188] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0120.188] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000a2600, nNumberOfBytesToRead=0x59f, lpNumberOfBytesRead=0xc00022fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2600*, lpNumberOfBytesRead=0xc00022fc04*=0x39f, lpOverlapped=0x0) returned 1 [0120.215] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000a299f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a299f*, lpNumberOfBytesRead=0xc00022fc04*=0x0, lpOverlapped=0x0) returned 1 [0120.215] CloseHandle (hObject=0x1b0) returned 1 [0120.215] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0120.216] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0120.216] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0120.217] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0120.218] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0120.219] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00022fd04 | out: lpMode=0xc00022fd04) returned 0 [0120.224] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0120.230] GetFileType (hFile=0x1b0) returned 0x1 [0120.230] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00011e000*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0xc00022fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00011e000*, lpNumberOfBytesWritten=0xc00022fcec*=0x3a0, lpOverlapped=0x0) returned 1 [0120.231] CloseHandle (hObject=0x1b0) returned 1 [0120.232] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0120.232] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0120.232] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0120.233] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0120.233] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0120.234] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0120.234] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0120.235] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0120.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0120.236] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00022fd64 | out: lpMode=0xc00022fd64) returned 0 [0120.239] GetFileType (hFile=0x1b0) returned 0x1 [0120.239] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0002442c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002442c0*, lpNumberOfBytesWritten=0xc00022fd4c*=0x158, lpOverlapped=0x0) returned 1 [0120.240] CloseHandle (hObject=0x1b0) returned 1 [0120.240] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm"), dwFlags=0x1) returned 1 [0120.245] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0120.250] SetEvent (hEvent=0x258) returned 1 [0120.250] SetEvent (hEvent=0x39c) returned 1 [0120.250] VirtualFree (lpAddress=0xc000202000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0120.251] VirtualFree (lpAddress=0xc0001e8000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0120.251] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0120.252] VirtualFree (lpAddress=0xc000182000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.252] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.253] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.253] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.254] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.254] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.254] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.255] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.255] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.256] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.256] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.258] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.258] VirtualFree (lpAddress=0xc000078000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0120.259] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.259] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.260] VirtualFree (lpAddress=0xc00004c000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0120.261] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00011b818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc00011b818*=0x3) returned 1 [0120.267] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0120.268] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0120.268] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0120.269] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00020dcf4 | out: lpMode=0xc00020dcf4) returned 0 [0120.275] GetFileType (hFile=0x2cc) returned 0x1 [0120.275] GetFileType (hFile=0x2cc) returned 0x1 [0120.275] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc00020dd44 | out: lpFileInformation=0xc00020dd44) returned 1 [0120.275] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc00020dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020dd28) returned 1 [0120.275] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0120.277] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x8417, lpNumberOfBytesRead=0xc00020dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc00020dc04*=0x8217, lpOverlapped=0x0) returned 1 [0120.307] ReadFile (in: hFile=0x2cc, lpBuffer=0xc000262217, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000262217*, lpNumberOfBytesRead=0xc00020dc04*=0x0, lpOverlapped=0x0) returned 1 [0120.307] CloseHandle (hObject=0x2cc) returned 1 [0120.307] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0120.308] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0120.309] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0120.310] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00020dd04 | out: lpMode=0xc00020dd04) returned 0 [0120.313] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0120.359] GetFileType (hFile=0x2cc) returned 0x1 [0120.359] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000b6000*, nNumberOfBytesToWrite=0x8220, lpNumberOfBytesWritten=0xc00020dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesWritten=0xc00020dcec*=0x8220, lpOverlapped=0x0) returned 1 [0120.361] CloseHandle (hObject=0x2cc) returned 1 [0120.361] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0120.361] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0120.361] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0120.362] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0120.362] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0120.363] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0120.363] VirtualAlloc (lpAddress=0xc0002cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002cc000 [0120.364] VirtualAlloc (lpAddress=0xc0002ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ce000 [0120.365] VirtualAlloc (lpAddress=0xc0002d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d0000 [0120.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0120.365] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00020dd64 | out: lpMode=0xc00020dd64) returned 0 [0120.371] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0120.395] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0120.396] SetEvent (hEvent=0x148) returned 1 [0120.396] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0120.397] SetEvent (hEvent=0x148) returned 1 [0120.397] SetEvent (hEvent=0x9c) returned 1 [0120.397] SetEvent (hEvent=0x198) returned 1 [0120.397] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0120.402] SetEvent (hEvent=0x9c) returned 1 [0120.402] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0120.410] SetEvent (hEvent=0x148) returned 1 [0120.410] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0120.437] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0120.438] VirtualAlloc (lpAddress=0xc0002f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f8000 [0120.439] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0120.439] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x174 [0120.440] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0004d9cf4 | out: lpMode=0xc0004d9cf4) returned 0 [0120.447] GetFileType (hFile=0x174) returned 0x1 [0120.447] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0120.447] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0120.448] GetFileType (hFile=0x174) returned 0x1 [0120.448] GetFileInformationByHandle (in: hFile=0x174, lpFileInformation=0xc0004d9d44 | out: lpFileInformation=0xc0004d9d44) returned 1 [0120.448] GetFileInformationByHandleEx (in: hFile=0x174, FileInformationClass=0x9, lpFileInformation=0xc0004d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004d9d28) returned 1 [0120.448] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0120.449] ReadFile (in: hFile=0x174, lpBuffer=0xc000180000, nNumberOfBytesToRead=0x2c77, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesRead=0xc0004d9c04*=0x2a77, lpOverlapped=0x0) returned 1 [0120.452] ReadFile (in: hFile=0x174, lpBuffer=0xc000182a77, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000182a77*, lpNumberOfBytesRead=0xc0004d9c04*=0x0, lpOverlapped=0x0) returned 1 [0120.452] CloseHandle (hObject=0x174) returned 1 [0120.452] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0120.453] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0120.454] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0120.483] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0004d9d04 | out: lpMode=0xc0004d9d04) returned 0 [0120.490] GetFileType (hFile=0x174) returned 0x1 [0120.490] WriteFile (in: hFile=0x174, lpBuffer=0xc00010c000*, nNumberOfBytesToWrite=0x2a80, lpNumberOfBytesWritten=0xc0004d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00010c000*, lpNumberOfBytesWritten=0xc0004d9cec*=0x2a80, lpOverlapped=0x0) returned 1 [0120.492] CloseHandle (hObject=0x174) returned 1 [0120.532] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0120.535] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0301 | out: pbBuffer=0xc0002f0301) returned 1 [0120.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0120.536] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004d9d64 | out: lpMode=0xc0004d9d64) returned 0 [0120.538] GetFileType (hFile=0x36c) returned 0x1 [0120.538] WriteFile (in: hFile=0x36c, lpBuffer=0xc0002ce6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ce6e0*, lpNumberOfBytesWritten=0xc0004d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.538] CloseHandle (hObject=0x36c) returned 1 [0120.545] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBE9tdx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbe9tdx[1].jpg"), dwFlags=0x1) returned 1 [0120.871] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ae9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ae9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ae9f698, ulNumEntriesRemoved=0x2ae9f66c) returned 0 [0120.871] SetEvent (hEvent=0x148) returned 1 [0120.871] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0120.873] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe08*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.874] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ae9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ae9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ae9f6a0, ulNumEntriesRemoved=0x2ae9f674) returned 0 [0120.874] SetEvent (hEvent=0x148) returned 1 [0120.874] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe18*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.878] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe30*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.879] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ae9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ae9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ae9f698, ulNumEntriesRemoved=0x2ae9f66c) returned 0 [0120.879] SetEvent (hEvent=0x198) returned 1 [0120.879] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0120.881] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe08*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.881] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe08*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.882] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ae9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ae9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ae9f6a0, ulNumEntriesRemoved=0x2ae9f674) returned 0 [0120.882] SetEvent (hEvent=0x148) returned 1 [0120.882] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe18*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.884] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0132.989] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0133.005] SetEvent (hEvent=0x1b4) returned 1 [0133.005] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0133.019] SetEvent (hEvent=0x1b4) returned 1 [0133.019] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0133.021] SetEvent (hEvent=0x1b4) returned 1 [0133.021] SetEvent (hEvent=0x208) returned 1 [0133.021] SetEvent (hEvent=0x320) returned 1 [0133.021] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0141.091] SetEvent (hEvent=0x354) returned 1 [0141.091] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0141.118] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0141.119] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc000133cf4 | out: lpMode=0xc000133cf4) returned 0 [0141.131] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0141.462] GetFileType (hFile=0x2f4) returned 0x1 [0141.462] GetFileType (hFile=0x2f4) returned 0x1 [0141.462] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc000133d44 | out: lpFileInformation=0xc000133d44) returned 1 [0141.462] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc000133d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000133d28) returned 1 [0141.462] VirtualAlloc (lpAddress=0xc0002ac000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ac000 [0141.464] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0002ac000, nNumberOfBytesToRead=0x8200, lpNumberOfBytesRead=0xc000133c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ac000*, lpNumberOfBytesRead=0xc000133c04*=0x8000, lpOverlapped=0x0) returned 1 [0142.502] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0002b4000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000133c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b4000*, lpNumberOfBytesRead=0xc000133c04*=0x0, lpOverlapped=0x0) returned 1 [0142.502] CloseHandle (hObject=0x2f4) returned 1 [0142.502] VirtualAlloc (lpAddress=0xc000786000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000786000 [0142.505] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe30*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0142.544] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0142.544] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ae9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ae9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ae9f698, ulNumEntriesRemoved=0x2ae9f66c) returned 0 [0142.544] SetEvent (hEvent=0x8ac) returned 1 [0142.545] VirtualAlloc (lpAddress=0xc000790000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000790000 [0142.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0142.547] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat\\*", lpFindFileData=0xc000133a08 | out: lpFindFileData=0xc000133a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0142.547] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000133720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0142.549] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe08*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0142.687] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0142.687] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe08*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0142.839] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0142.839] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe30*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0142.841] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0142.841] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ae9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ae9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ae9f6a0, ulNumEntriesRemoved=0x2ae9f674) returned 0 [0142.842] SetEvent (hEvent=0x304) returned 1 [0142.842] SetEvent (hEvent=0xfc) returned 1 [0142.842] SetEvent (hEvent=0xf4) returned 1 [0142.842] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ae9fe18*=0x144, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0142.847] VirtualAlloc (lpAddress=0xc000798000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000798000 [0142.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0142.850] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat\\*", lpFindFileData=0xc00024da08 | out: lpFindFileData=0xc00024da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0142.850] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00024d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0142.850] VirtualAlloc (lpAddress=0xc0007a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007a2000 [0142.852] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PQC qu7jynQj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pqc qu7jynqj.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0142.853] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc0003e3d04 | out: lpMode=0xc0003e3d04) returned 0 [0142.867] GetFileType (hFile=0x2c4) returned 0x1 [0142.867] WriteFile (in: hFile=0x2c4, lpBuffer=0xc0007a2000*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0xc0003e3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0007a2000*, lpNumberOfBytesWritten=0xc0003e3cec*=0xa50, lpOverlapped=0x0) returned 1 [0142.868] CloseHandle (hObject=0x2c4) returned 1 [0142.869] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0142.869] VirtualAlloc (lpAddress=0xc0007a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007a4000 [0142.870] VirtualAlloc (lpAddress=0xc0007a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007a6000 [0142.871] VirtualAlloc (lpAddress=0xc0007a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007a8000 [0142.872] VirtualAlloc (lpAddress=0xc0007aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007aa000 [0142.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PQC qu7jynQj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pqc qu7jynqj.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0142.873] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc0003e3d64 | out: lpMode=0xc0003e3d64) returned 0 [0142.876] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0144.184] GetFileType (hFile=0x2c4) returned 0x1 [0144.184] WriteFile (in: hFile=0x2c4, lpBuffer=0xc0006826e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003e3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006826e0*, lpNumberOfBytesWritten=0xc0003e3d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.184] CloseHandle (hObject=0x2c4) returned 1 [0144.184] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PQC qu7jynQj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pqc qu7jynqj.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-PQC qu7jynQj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-pqc qu7jynqj.lnk"), dwFlags=0x1) returned 1 [0144.187] SetEvent (hEvent=0x318) returned 1 [0144.187] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0144.194] SetEvent (hEvent=0x828) returned 1 [0144.194] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) returned 0x0 [0144.216] SetEvent (hEvent=0x8c) returned 1 [0144.216] WaitForSingleObject (hHandle=0x144, dwMilliseconds=0xffffffff) Thread: id = 35 os_tid = 0xb30 [0115.735] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2b09fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2b09fea0*=0x224) returned 1 [0115.735] VirtualQuery (in: lpAddress=0x2b09fec0, lpBuffer=0x2b09fec0, dwLength=0x30 | out: lpBuffer=0x2b09fec0*(BaseAddress=0x2b09f000, AllocationBase=0x2aea0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0115.735] SetEvent (hEvent=0x12c) returned 1 [0115.735] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x234 [0115.735] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x238 [0115.735] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0115.740] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0115.741] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0115.749] GetFileType (hFile=0x240) returned 0x1 [0115.749] GetFileType (hFile=0x240) returned 0x1 [0115.749] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0115.749] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0115.750] VirtualAlloc (lpAddress=0xc000296000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000296000 [0115.751] ReadFile (in: hFile=0x240, lpBuffer=0xc000296000, nNumberOfBytesToRead=0x39a, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc000296000*, lpNumberOfBytesRead=0xc000117c04*=0x19a, lpOverlapped=0x0) returned 1 [0115.796] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0115.913] ReadFile (in: hFile=0x240, lpBuffer=0xc00029619a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029619a*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0115.913] CloseHandle (hObject=0x240) returned 1 [0115.913] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0115.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c8 [0115.949] GetConsoleMode (in: hConsoleHandle=0x2c8, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0115.951] SetEvent (hEvent=0x13c) returned 1 [0115.951] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0115.952] SetEvent (hEvent=0x29c) returned 1 [0115.952] SetEvent (hEvent=0x258) returned 1 [0115.952] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0116.066] SetEvent (hEvent=0x264) returned 1 [0116.066] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0116.067] GetFileType (hFile=0x2c8) returned 0x1 [0116.067] WriteFile (in: hFile=0x2c8, lpBuffer=0xc0002c6000*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002c6000*, lpNumberOfBytesWritten=0xc000117cec*=0x1a0, lpOverlapped=0x0) returned 1 [0116.069] CloseHandle (hObject=0x2c8) returned 1 [0116.075] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0116.082] SetEvent (hEvent=0x148) returned 1 [0116.082] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0116.084] SetEvent (hEvent=0x1b4) returned 1 [0116.084] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0116.101] SetEvent (hEvent=0x29c) returned 1 [0116.101] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0116.103] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2ec [0116.104] GetConsoleMode (in: hConsoleHandle=0x2ec, lpMode=0xc000111cf4 | out: lpMode=0xc000111cf4) returned 0 [0116.108] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0116.133] GetFileType (hFile=0x2ec) returned 0x1 [0116.133] GetFileType (hFile=0x2ec) returned 0x1 [0116.133] GetFileInformationByHandle (in: hFile=0x2ec, lpFileInformation=0xc000111d44 | out: lpFileInformation=0xc000111d44) returned 1 [0116.134] GetFileInformationByHandleEx (in: hFile=0x2ec, FileInformationClass=0x9, lpFileInformation=0xc000111d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000111d28) returned 1 [0116.134] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0116.136] ReadFile (in: hFile=0x2ec, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x370a, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc000111c04*=0x350a, lpOverlapped=0x0) returned 1 [0116.140] ReadFile (in: hFile=0x2ec, lpBuffer=0xc00025d50a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000111c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025d50a*, lpNumberOfBytesRead=0xc000111c04*=0x0, lpOverlapped=0x0) returned 1 [0116.140] CloseHandle (hObject=0x2ec) returned 1 [0116.140] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x230 [0116.235] GetConsoleMode (in: hConsoleHandle=0x230, lpMode=0xc000111d04 | out: lpMode=0xc000111d04) returned 0 [0116.237] GetFileType (hFile=0x230) returned 0x1 [0116.237] WriteFile (in: hFile=0x230, lpBuffer=0xc00025d800*, nNumberOfBytesToWrite=0x3510, lpNumberOfBytesWritten=0xc000111cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025d800*, lpNumberOfBytesWritten=0xc000111cec*=0x3510, lpOverlapped=0x0) returned 1 [0116.239] CloseHandle (hObject=0x230) returned 1 [0116.244] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2c01 | out: pbBuffer=0xc0001c2c01) returned 1 [0116.244] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0116.244] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000111d64 | out: lpMode=0xc000111d64) returned 0 [0116.245] GetFileType (hFile=0x370) returned 0x1 [0116.245] WriteFile (in: hFile=0x370, lpBuffer=0xc0000be840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000111d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be840*, lpNumberOfBytesWritten=0xc000111d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.245] CloseHandle (hObject=0x370) returned 1 [0116.249] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBCM2U2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbcm2u2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBCM2U2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbcm2u2[1].jpg"), dwFlags=0x1) returned 1 [0116.686] SetEvent (hEvent=0xc0) returned 1 [0116.686] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b09f698, ulCount=0x10, ulNumEntriesRemoved=0x2b09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b09f698, ulNumEntriesRemoved=0x2b09f66c) returned 0 [0116.686] SetEvent (hEvent=0x2b0) returned 1 [0116.687] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b09fe08*=0x234, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.689] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b09f6a0, ulNumEntriesRemoved=0x2b09f674) returned 0 [0116.689] SetEvent (hEvent=0x2b0) returned 1 [0116.689] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b09fe18*=0x234, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.787] SwitchToThread () returned 1 [0116.789] SetEvent (hEvent=0x318) returned 1 [0116.789] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b09fe30*=0x234, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.790] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0116.790] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b09f698, ulCount=0x10, ulNumEntriesRemoved=0x2b09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b09f698, ulNumEntriesRemoved=0x2b09f66c) returned 0 [0116.790] SetEvent (hEvent=0x318) returned 1 [0116.791] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b09fe08*=0x234, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.792] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b09fe08*=0x234, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.793] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b09f6a0, ulNumEntriesRemoved=0x2b09f674) returned 0 [0116.793] SetEvent (hEvent=0x2b0) returned 1 [0116.793] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b09fe18*=0x234, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.796] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0116.796] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0116.796] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0116.802] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0116.806] SetEvent (hEvent=0x1dc) returned 1 [0116.806] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0116.808] SetEvent (hEvent=0x1dc) returned 1 [0116.808] SetEvent (hEvent=0x334) returned 1 [0116.808] SetEvent (hEvent=0x9c) returned 1 [0116.808] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0117.382] SetEvent (hEvent=0x30c) returned 1 [0117.382] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0117.385] SetEvent (hEvent=0xb8) returned 1 [0117.385] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0117.389] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e4 [0117.390] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc000113cf4 | out: lpMode=0xc000113cf4) returned 0 [0117.390] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0117.510] GetFileType (hFile=0x2e4) returned 0x1 [0117.510] GetFileType (hFile=0x2e4) returned 0x1 [0117.510] GetFileInformationByHandle (in: hFile=0x2e4, lpFileInformation=0xc000113d44 | out: lpFileInformation=0xc000113d44) returned 1 [0117.510] GetFileInformationByHandleEx (in: hFile=0x2e4, FileInformationClass=0x9, lpFileInformation=0xc000113d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000113d28) returned 1 [0117.510] VirtualAlloc (lpAddress=0xc0003dc000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003dc000 [0117.512] ReadFile (in: hFile=0x2e4, lpBuffer=0xc0003dc000, nNumberOfBytesToRead=0x88e6, lpNumberOfBytesRead=0xc000113c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003dc000*, lpNumberOfBytesRead=0xc000113c04*=0x86e6, lpOverlapped=0x0) returned 1 [0117.517] ReadFile (in: hFile=0x2e4, lpBuffer=0xc0003e46e6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000113c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003e46e6*, lpNumberOfBytesRead=0xc000113c04*=0x0, lpOverlapped=0x0) returned 1 [0117.517] CloseHandle (hObject=0x2e4) returned 1 [0117.517] VirtualAlloc (lpAddress=0xc0003e6000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e6000 [0117.518] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0117.637] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0117.730] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc000113d04 | out: lpMode=0xc000113d04) returned 0 [0117.731] GetFileType (hFile=0x3bc) returned 0x1 [0117.731] WriteFile (in: hFile=0x3bc, lpBuffer=0xc0003e6000*, nNumberOfBytesToWrite=0x86f0, lpNumberOfBytesWritten=0xc000113cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003e6000*, lpNumberOfBytesWritten=0xc000113cec*=0x86f0, lpOverlapped=0x0) returned 1 [0117.734] CloseHandle (hObject=0x3bc) returned 1 [0117.739] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532601 | out: pbBuffer=0xc000532601) returned 1 [0117.739] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e0 [0117.739] GetConsoleMode (in: hConsoleHandle=0x2e0, lpMode=0xc000113d64 | out: lpMode=0xc000113d64) returned 0 [0117.741] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0117.777] SetEvent (hEvent=0x26c) returned 1 [0117.777] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b09fe08*=0x234, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.778] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b09f6a0, ulNumEntriesRemoved=0x2b09f674) returned 0 [0117.778] SetEvent (hEvent=0x26c) returned 1 [0117.778] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b09fe18*=0x234, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0117.783] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0117.783] GetFileType (hFile=0x2fc) returned 0x1 [0117.783] WriteFile (in: hFile=0x2fc, lpBuffer=0xc0003f2000*, nNumberOfBytesToWrite=0xed0, lpNumberOfBytesWritten=0xc00018bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003f2000*, lpNumberOfBytesWritten=0xc00018bcec*=0xed0, lpOverlapped=0x0) returned 1 [0117.784] CloseHandle (hObject=0x2fc) returned 1 [0117.796] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0117.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MSNIdSync[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\msnidsync[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0117.796] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc00018bd64 | out: lpMode=0xc00018bd64) returned 0 [0117.814] GetFileType (hFile=0x184) returned 0x1 [0117.814] WriteFile (in: hFile=0x184, lpBuffer=0xc0004ce2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0004ce2c0*, lpNumberOfBytesWritten=0xc00018bd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.815] CloseHandle (hObject=0x184) returned 1 [0117.828] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MSNIdSync[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\msnidsync[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-MSNIdSync[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-msnidsync[1].js"), dwFlags=0x1) returned 1 [0118.425] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00026d818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc00026d818*=0x3) returned 1 [0118.426] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010140*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc000010140*, lpNumberOfCharsWritten=0xc000117818*=0x3) returned 1 [0118.427] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0118.429] SetEvent (hEvent=0x274) returned 1 [0118.558] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0118.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x260 [0118.754] GetConsoleMode (in: hConsoleHandle=0x260, lpMode=0xc0001f3cf4 | out: lpMode=0xc0001f3cf4) returned 0 [0118.761] GetFileType (hFile=0x260) returned 0x1 [0118.761] GetFileType (hFile=0x260) returned 0x1 [0118.761] GetFileInformationByHandle (in: hFile=0x260, lpFileInformation=0xc0001f3d44 | out: lpFileInformation=0xc0001f3d44) returned 1 [0118.761] GetFileInformationByHandleEx (in: hFile=0x260, FileInformationClass=0x9, lpFileInformation=0xc0001f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f3d28) returned 1 [0118.761] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0118.762] ReadFile (in: hFile=0x260, lpBuffer=0xc0000ea000, nNumberOfBytesToRead=0xa62, lpNumberOfBytesRead=0xc0001f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea000*, lpNumberOfBytesRead=0xc0001f3c04*=0x862, lpOverlapped=0x0) returned 1 [0118.769] ReadFile (in: hFile=0x260, lpBuffer=0xc0000ea862, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea862*, lpNumberOfBytesRead=0xc0001f3c04*=0x0, lpOverlapped=0x0) returned 1 [0118.769] CloseHandle (hObject=0x260) returned 1 [0118.769] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0118.769] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0118.770] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0118.770] VirtualAlloc (lpAddress=0xc000214000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000214000 [0118.771] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0118.772] GetConsoleMode (in: hConsoleHandle=0x260, lpMode=0xc0001f3d04 | out: lpMode=0xc0001f3d04) returned 0 [0118.772] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0118.861] GetFileType (hFile=0x260) returned 0x1 [0118.861] WriteFile (in: hFile=0x260, lpBuffer=0xc000214000*, nNumberOfBytesToWrite=0x870, lpNumberOfBytesWritten=0xc0001f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000214000*, lpNumberOfBytesWritten=0xc0001f3cec*=0x870, lpOverlapped=0x0) returned 1 [0118.862] CloseHandle (hObject=0x260) returned 1 [0118.862] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0118.862] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0118.863] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0118.864] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0118.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0118.864] GetConsoleMode (in: hConsoleHandle=0x260, lpMode=0xc0001f3d64 | out: lpMode=0xc0001f3d64) returned 0 [0118.868] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0118.966] GetFileType (hFile=0x260) returned 0x1 [0118.966] WriteFile (in: hFile=0x260, lpBuffer=0xc000238000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000238000*, lpNumberOfBytesWritten=0xc0001f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0118.966] CloseHandle (hObject=0x260) returned 1 [0118.966] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0118.966] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBMKDF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbmkdf[1].jpg"), dwFlags=0x1) returned 1 [0119.007] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0119.064] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b09fe30*=0x234, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.065] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b09f698, ulCount=0x10, ulNumEntriesRemoved=0x2b09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b09f698, ulNumEntriesRemoved=0x2b09f66c) returned 0 [0119.065] SetEvent (hEvent=0x388) returned 1 [0119.065] SetEvent (hEvent=0x340) returned 1 [0119.065] SetEvent (hEvent=0x3c0) returned 1 [0119.066] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b09fe08*=0x234, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0119.067] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0119.067] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b09fe08*=0x234, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0119.069] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0119.069] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b09f6a0, ulNumEntriesRemoved=0x2b09f674) returned 0 [0119.069] SetEvent (hEvent=0x340) returned 1 [0119.069] SetEvent (hEvent=0x3c0) returned 1 [0119.069] SetEvent (hEvent=0x388) returned 1 [0119.069] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b09fe18*=0x234, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0119.071] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0119.071] SetEvent (hEvent=0x28c) returned 1 [0119.071] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0119.081] SetEvent (hEvent=0x264) returned 1 [0119.081] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0119.083] SetEvent (hEvent=0x29c) returned 1 [0119.083] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0119.086] SetEvent (hEvent=0x1b4) returned 1 [0119.086] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0119.089] SetEvent (hEvent=0x364) returned 1 [0119.089] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0119.091] SetEvent (hEvent=0x144) returned 1 [0119.091] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0119.103] SetEvent (hEvent=0x1f8) returned 1 [0119.103] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0119.110] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0119.112] SetEvent (hEvent=0x114) returned 1 [0119.112] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0141.530] SetEvent (hEvent=0x29c) returned 1 [0141.530] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0141.535] GetFileType (hFile=0x23c) returned 0x1 [0141.535] VirtualAlloc (lpAddress=0xc000320000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000320000 [0141.536] WriteFile (in: hFile=0x23c, lpBuffer=0xc0000d7600*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7600*, lpNumberOfBytesWritten=0xc0000f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0142.516] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0142.802] CloseHandle (hObject=0x23c) returned 1 [0142.839] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0143.793] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0143.794] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0143.795] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@adtr02[1].txt"), dwFlags=0x1) returned 1 [0143.808] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b09f698, ulCount=0x10, ulNumEntriesRemoved=0x2b09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b09f698, ulNumEntriesRemoved=0x2b09f66c) returned 0 [0143.808] SetEvent (hEvent=0x47c) returned 1 [0143.808] SetEvent (hEvent=0xc2c) returned 1 [0143.808] SetEvent (hEvent=0x148) returned 1 [0143.810] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b09fe08*=0x234, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.812] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0143.813] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b09fe08*=0x234, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.817] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0143.817] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b09f6a0, ulNumEntriesRemoved=0x2b09f674) returned 0 [0143.817] SetEvent (hEvent=0x47c) returned 1 [0143.817] SetEvent (hEvent=0xc2c) returned 1 [0143.817] SetEvent (hEvent=0x148) returned 1 [0143.817] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b09fe18*=0x234, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.820] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0143.820] SetEvent (hEvent=0x114) returned 1 [0143.820] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0143.833] SetEvent (hEvent=0x1b4) returned 1 [0143.833] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0143.836] SetEvent (hEvent=0xa88) returned 1 [0143.836] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0143.839] SetEvent (hEvent=0xc4c) returned 1 [0143.839] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0143.857] VirtualFree (lpAddress=0xc00083e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.858] SetEvent (hEvent=0x388) returned 1 [0143.858] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0143.874] SetEvent (hEvent=0x3c0) returned 1 [0143.874] VirtualFree (lpAddress=0xc000800000, dwSize=0x3e000, dwFreeType=0x4000) returned 1 [0143.876] VirtualFree (lpAddress=0xc0007ea000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0143.877] VirtualFree (lpAddress=0xc0007dc000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0143.878] VirtualFree (lpAddress=0xc0007c0000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0143.879] VirtualFree (lpAddress=0xc0007b8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.880] VirtualFree (lpAddress=0xc0007a8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.880] VirtualFree (lpAddress=0xc000782000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.881] VirtualFree (lpAddress=0xc00076a000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0143.882] VirtualFree (lpAddress=0xc000764000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.882] VirtualFree (lpAddress=0xc00075e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.883] VirtualFree (lpAddress=0xc000758000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.884] VirtualFree (lpAddress=0xc000748000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0143.885] VirtualFree (lpAddress=0xc000744000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.886] VirtualFree (lpAddress=0xc000734000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0143.886] VirtualFree (lpAddress=0xc00072e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.887] VirtualFree (lpAddress=0xc000724000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0143.888] VirtualFree (lpAddress=0xc000720000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.889] VirtualFree (lpAddress=0xc000700000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0143.890] VirtualFree (lpAddress=0xc0006fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.891] VirtualFree (lpAddress=0xc0006f4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.891] VirtualFree (lpAddress=0xc0006ec000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.892] VirtualFree (lpAddress=0xc0006da000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.893] VirtualFree (lpAddress=0xc0006d0000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0143.894] VirtualFree (lpAddress=0xc0006c8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.895] VirtualFree (lpAddress=0xc0006be000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0143.895] VirtualFree (lpAddress=0xc0006ac000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0143.897] VirtualFree (lpAddress=0xc0006a6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.897] VirtualFree (lpAddress=0xc000686000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0143.899] VirtualFree (lpAddress=0xc00067e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.899] VirtualFree (lpAddress=0xc000674000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.901] VirtualFree (lpAddress=0xc00066e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.902] VirtualFree (lpAddress=0xc00066a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.902] VirtualFree (lpAddress=0xc000654000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0143.904] VirtualFree (lpAddress=0xc00064a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0143.905] VirtualFree (lpAddress=0xc000644000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.905] VirtualFree (lpAddress=0xc00060e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0143.906] VirtualFree (lpAddress=0xc000600000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.907] VirtualFree (lpAddress=0xc0005fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.909] VirtualFree (lpAddress=0xc00058e000, dwSize=0x6c000, dwFreeType=0x4000) returned 1 [0143.912] VirtualFree (lpAddress=0xc000542000, dwSize=0x42000, dwFreeType=0x4000) returned 1 [0143.915] VirtualFree (lpAddress=0xc000534000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.916] VirtualFree (lpAddress=0xc000504000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0143.918] VirtualFree (lpAddress=0xc0004e0000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0143.919] VirtualFree (lpAddress=0xc0004be000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0143.920] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.921] VirtualFree (lpAddress=0xc000378000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0143.923] VirtualFree (lpAddress=0xc000372000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.924] VirtualFree (lpAddress=0xc00036e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.926] VirtualFree (lpAddress=0xc00035a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0143.927] VirtualFree (lpAddress=0xc000346000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0143.929] VirtualFree (lpAddress=0xc000340000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.929] VirtualFree (lpAddress=0xc000332000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0143.930] VirtualFree (lpAddress=0xc000326000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.931] VirtualFree (lpAddress=0xc000318000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.932] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0143.933] VirtualFree (lpAddress=0xc00029a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.934] VirtualFree (lpAddress=0xc00028e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.935] VirtualFree (lpAddress=0xc000280000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0143.936] VirtualFree (lpAddress=0xc000232000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0143.937] VirtualFree (lpAddress=0xc000220000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.938] VirtualFree (lpAddress=0xc000212000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0143.939] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.939] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.940] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.941] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.942] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.943] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.944] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.944] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.945] VirtualFree (lpAddress=0xc00005c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0143.946] SetEvent (hEvent=0x254) returned 1 [0143.946] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) returned 0x0 [0143.971] SetEvent (hEvent=0x188) returned 1 [0143.971] WaitForSingleObject (hHandle=0x234, dwMilliseconds=0xffffffff) Thread: id = 36 os_tid = 0x674 [0115.749] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2b29fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2b29fea0*=0x248) returned 1 [0115.749] VirtualQuery (in: lpAddress=0x2b29fec0, lpBuffer=0x2b29fec0, dwLength=0x30 | out: lpBuffer=0x2b29fec0*(BaseAddress=0x2b29f000, AllocationBase=0x2b0a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0115.749] SetEvent (hEvent=0xfc) returned 1 [0115.749] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x24c [0115.749] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x250 [0115.749] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0115.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x244 [0115.796] GetConsoleMode (in: hConsoleHandle=0x244, lpMode=0xc00015bcf4 | out: lpMode=0xc00015bcf4) returned 0 [0115.801] GetFileType (hFile=0x244) returned 0x1 [0115.801] GetFileType (hFile=0x244) returned 0x1 [0115.801] GetFileInformationByHandle (in: hFile=0x244, lpFileInformation=0xc00015bd44 | out: lpFileInformation=0xc00015bd44) returned 1 [0115.802] GetFileInformationByHandleEx (in: hFile=0x244, FileInformationClass=0x9, lpFileInformation=0xc00015bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015bd28) returned 1 [0115.802] VirtualAlloc (lpAddress=0xc000298000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000298000 [0115.802] ReadFile (in: hFile=0x244, lpBuffer=0xc000298000, nNumberOfBytesToRead=0x1bcf, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000298000*, lpNumberOfBytesRead=0xc00015bc04*=0x19cf, lpOverlapped=0x0) returned 1 [0115.807] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0115.939] ReadFile (in: hFile=0x244, lpBuffer=0xc0002999cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002999cf*, lpNumberOfBytesRead=0xc00015bc04*=0x0, lpOverlapped=0x0) returned 1 [0115.939] CloseHandle (hObject=0x244) returned 1 [0115.939] VirtualAlloc (lpAddress=0xc0002e4000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e4000 [0115.940] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0115.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x22c [0115.980] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0116.014] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc00015bd04 | out: lpMode=0xc00015bd04) returned 0 [0116.016] GetFileType (hFile=0x22c) returned 0x1 [0116.016] WriteFile (in: hFile=0x22c, lpBuffer=0xc0002e4000*, nNumberOfBytesToWrite=0x19d0, lpNumberOfBytesWritten=0xc00015bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002e4000*, lpNumberOfBytesWritten=0xc00015bcec*=0x19d0, lpOverlapped=0x0) returned 1 [0116.017] CloseHandle (hObject=0x22c) returned 1 [0116.020] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2a01 | out: pbBuffer=0xc0001c2a01) returned 1 [0116.020] VirtualAlloc (lpAddress=0xc0003ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ce000 [0116.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0116.021] GetConsoleMode (in: hConsoleHandle=0x2d0, lpMode=0xc00015bd64 | out: lpMode=0xc00015bd64) returned 0 [0116.023] GetFileType (hFile=0x2d0) returned 0x1 [0116.023] WriteFile (in: hFile=0x2d0, lpBuffer=0xc000182840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000182840*, lpNumberOfBytesWritten=0xc00015bd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.027] CloseHandle (hObject=0x2d0) returned 1 [0116.035] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbyfeh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbbyfeh[1].jpg"), dwFlags=0x1) returned 1 [0116.620] SetEvent (hEvent=0x304) returned 1 [0116.620] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0116.626] SetEvent (hEvent=0x144) returned 1 [0116.626] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.486] SetEvent (hEvent=0x354) returned 1 [0117.486] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.507] SetEvent (hEvent=0xb8) returned 1 [0117.507] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.519] SetEvent (hEvent=0x198) returned 1 [0117.519] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.523] SetEvent (hEvent=0x258) returned 1 [0117.523] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.530] SetEvent (hEvent=0x320) returned 1 [0117.530] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.536] SetEvent (hEvent=0x148) returned 1 [0117.536] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.549] SetEvent (hEvent=0x39c) returned 1 [0117.549] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.561] SetEvent (hEvent=0x2a8) returned 1 [0117.561] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.575] SetEvent (hEvent=0x30c) returned 1 [0117.575] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.595] SetEvent (hEvent=0x15c) returned 1 [0117.595] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.603] SetEvent (hEvent=0x1f8) returned 1 [0117.603] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.624] SetEvent (hEvent=0x320) returned 1 [0117.624] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.628] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000103f8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e3818, lpReserved=0x0 | out: lpBuffer=0xc0000103f8*, lpNumberOfCharsWritten=0xc0006e3818*=0x3) returned 1 [0117.635] SetEvent (hEvent=0x1a0) returned 1 [0117.635] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.670] SetEvent (hEvent=0x188) returned 1 [0117.670] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.680] SetEvent (hEvent=0xec) returned 1 [0117.680] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.683] SetEvent (hEvent=0x364) returned 1 [0117.683] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.694] SetEvent (hEvent=0x208) returned 1 [0117.695] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.703] SetEvent (hEvent=0x318) returned 1 [0117.703] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.707] SetEvent (hEvent=0x1f8) returned 1 [0117.707] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.709] SetEvent (hEvent=0x28c) returned 1 [0117.709] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.715] SetEvent (hEvent=0x1a0) returned 1 [0117.715] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.734] SetEvent (hEvent=0x354) returned 1 [0117.734] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.740] SetEvent (hEvent=0x364) returned 1 [0117.740] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.744] SetEvent (hEvent=0xb8) returned 1 [0117.744] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.745] SetEvent (hEvent=0x354) returned 1 [0117.746] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.752] SetEvent (hEvent=0x100) returned 1 [0117.752] SetEvent (hEvent=0x1d4) returned 1 [0117.752] SetEvent (hEvent=0x164) returned 1 [0117.752] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b29fe08*=0x24c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.762] SetEvent (hEvent=0xb8) returned 1 [0117.762] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.980] SetEvent (hEvent=0x304) returned 1 [0117.980] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.986] SetEvent (hEvent=0x304) returned 1 [0117.986] SetEvent (hEvent=0x258) returned 1 [0117.986] VirtualFree (lpAddress=0xc0005c0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0117.987] VirtualFree (lpAddress=0xc000522000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.987] VirtualFree (lpAddress=0xc0004d0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.987] VirtualFree (lpAddress=0xc0003f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.988] VirtualFree (lpAddress=0xc00037e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.988] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.988] VirtualFree (lpAddress=0xc000182000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.988] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.989] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0117.989] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.989] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.990] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.990] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002a3818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0002a3818*=0x3) returned 1 [0117.991] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.995] SetEvent (hEvent=0x388) returned 1 [0117.995] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0117.996] SetEvent (hEvent=0x388) returned 1 [0117.996] SetEvent (hEvent=0x258) returned 1 [0117.996] VirtualFree (lpAddress=0xc0005bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0117.996] VirtualFree (lpAddress=0xc00058a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.996] VirtualFree (lpAddress=0xc0004fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.997] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.997] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0117.998] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.998] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.998] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0117.998] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.999] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000135818, lpReserved=0x0 | out: lpBuffer=0xc000072008*, lpNumberOfCharsWritten=0xc000135818*=0x3) returned 1 [0118.000] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.022] SetEvent (hEvent=0x3c4) returned 1 [0118.022] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.023] SetEvent (hEvent=0x3c4) returned 1 [0118.023] SetEvent (hEvent=0x258) returned 1 [0118.023] VirtualFree (lpAddress=0xc0005c4000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0118.025] VirtualFree (lpAddress=0xc000524000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0118.025] VirtualFree (lpAddress=0xc000290000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.026] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.026] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00026f818, lpReserved=0x0 | out: lpBuffer=0xc000072018*, lpNumberOfCharsWritten=0xc00026f818*=0x3) returned 1 [0118.027] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.029] SetEvent (hEvent=0x3c4) returned 1 [0118.029] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.029] SetEvent (hEvent=0x3c4) returned 1 [0118.029] SetEvent (hEvent=0x258) returned 1 [0118.029] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.030] VirtualFree (lpAddress=0xc000078000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.030] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00029d818, lpReserved=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfCharsWritten=0xc00029d818*=0x3) returned 1 [0118.031] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.034] SetEvent (hEvent=0x3c0) returned 1 [0118.034] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.035] SetEvent (hEvent=0x3c0) returned 1 [0118.035] SetEvent (hEvent=0x258) returned 1 [0118.035] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.036] VirtualFree (lpAddress=0xc00006a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0118.036] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.036] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072028*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000141818, lpReserved=0x0 | out: lpBuffer=0xc000072028*, lpNumberOfCharsWritten=0xc000141818*=0x3) returned 1 [0118.038] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.041] SetEvent (hEvent=0x9c) returned 1 [0118.041] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.042] SetEvent (hEvent=0x9c) returned 1 [0118.042] SetEvent (hEvent=0x258) returned 1 [0118.042] VirtualFree (lpAddress=0xc000534000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0118.042] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001c9818, lpReserved=0x0 | out: lpBuffer=0xc000072008*, lpNumberOfCharsWritten=0xc0001c9818*=0x3) returned 1 [0118.043] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.046] SetEvent (hEvent=0x258) returned 1 [0118.046] VirtualAlloc (lpAddress=0xc0005d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005d2000 [0118.046] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[2].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0118.047] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc0001c9cf4 | out: lpMode=0xc0001c9cf4) returned 0 [0118.047] GetFileType (hFile=0x2c4) returned 0x1 [0118.047] GetFileType (hFile=0x2c4) returned 0x1 [0118.047] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc0001c9d44 | out: lpFileInformation=0xc0001c9d44) returned 1 [0118.047] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc0001c9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c9d28) returned 1 [0118.047] VirtualAlloc (lpAddress=0xc0005d4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005d4000 [0118.049] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0005d4000, nNumberOfBytesToRead=0x6144, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005d4000*, lpNumberOfBytesRead=0xc0001c9c04*=0x5f44, lpOverlapped=0x0) returned 1 [0118.052] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0005d9f44, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005d9f44*, lpNumberOfBytesRead=0xc0001c9c04*=0x0, lpOverlapped=0x0) returned 1 [0118.052] CloseHandle (hObject=0x2c4) returned 1 [0118.052] VirtualAlloc (lpAddress=0xc0005e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005e8000 [0118.052] VirtualAlloc (lpAddress=0xc0005ea000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005ea000 [0118.053] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[2].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0118.065] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001c9d04 | out: lpMode=0xc0001c9d04) returned 0 [0118.066] GetFileType (hFile=0x2bc) returned 0x1 [0118.066] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0005ea000*, nNumberOfBytesToWrite=0x5f50, lpNumberOfBytesWritten=0xc0001c9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005ea000*, lpNumberOfBytesWritten=0xc0001c9cec*=0x5f50, lpOverlapped=0x0) returned 1 [0118.067] CloseHandle (hObject=0x2bc) returned 1 [0118.068] SwitchToThread () returned 1 [0118.070] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0118.070] VirtualAlloc (lpAddress=0xc0005f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005f0000 [0118.070] VirtualAlloc (lpAddress=0xc0005f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005f2000 [0118.071] VirtualAlloc (lpAddress=0xc0005f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005f4000 [0118.071] VirtualAlloc (lpAddress=0xc0005f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005f6000 [0118.072] VirtualAlloc (lpAddress=0xc0005f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005f8000 [0118.072] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[2].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0118.073] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc0001c9d64 | out: lpMode=0xc0001c9d64) returned 0 [0118.073] GetFileType (hFile=0x23c) returned 0x1 [0118.074] WriteFile (in: hFile=0x23c, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001c9d4c*=0x158, lpOverlapped=0x0) returned 1 [0118.074] CloseHandle (hObject=0x23c) returned 1 [0118.076] VirtualAlloc (lpAddress=0xc00052e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00052e000 [0118.077] VirtualAlloc (lpAddress=0xc000530000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000530000 [0118.077] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[2].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-player[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-player[2].js"), dwFlags=0x1) returned 1 [0118.602] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.606] SetEvent (hEvent=0x274) returned 1 [0118.606] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\thankyou[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\thankyou[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x308 [0118.607] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc0001bdcf4 | out: lpMode=0xc0001bdcf4) returned 0 [0118.608] GetFileType (hFile=0x308) returned 0x1 [0118.608] GetFileType (hFile=0x308) returned 0x1 [0118.608] GetFileInformationByHandle (in: hFile=0x308, lpFileInformation=0xc0001bdd44 | out: lpFileInformation=0xc0001bdd44) returned 1 [0118.608] GetFileInformationByHandleEx (in: hFile=0x308, FileInformationClass=0x9, lpFileInformation=0xc0001bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bdd28) returned 1 [0118.608] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0118.609] ReadFile (in: hFile=0x308, lpBuffer=0xc0000b6000, nNumberOfBytesToRead=0x825a, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesRead=0xc0001bdc04*=0x805a, lpOverlapped=0x0) returned 1 [0118.611] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.621] ReadFile (in: hFile=0x308, lpBuffer=0xc0000be05a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be05a*, lpNumberOfBytesRead=0xc0001bdc04*=0x0, lpOverlapped=0x0) returned 1 [0118.622] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.625] SetEvent (hEvent=0x274) returned 1 [0118.625] CloseHandle (hObject=0x308) returned 1 [0118.626] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.630] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0118.631] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0118.632] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\thankyou[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\thankyou[1].htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0118.633] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc0001bdd04 | out: lpMode=0xc0001bdd04) returned 0 [0118.635] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.641] GetFileType (hFile=0x308) returned 0x1 [0118.641] WriteFile (in: hFile=0x308, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x8060, lpNumberOfBytesWritten=0xc0001bdcec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc0001bdcec*=0x8060, lpOverlapped=0x0) returned 1 [0118.642] CloseHandle (hObject=0x308) returned 1 [0118.642] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0118.642] VirtualAlloc (lpAddress=0xc0005fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005fa000 [0118.643] VirtualAlloc (lpAddress=0xc0005fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005fc000 [0118.643] VirtualAlloc (lpAddress=0xc0005fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005fe000 [0118.644] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0118.644] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0118.645] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0118.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\thankyou[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\thankyou[1].htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0118.645] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc0001bdd64 | out: lpMode=0xc0001bdd64) returned 0 [0118.647] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.650] SetEvent (hEvent=0x3c8) returned 1 [0118.650] GetFileType (hFile=0x308) returned 0x1 [0118.650] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0118.650] WriteFile (in: hFile=0x308, lpBuffer=0xc00004e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesWritten=0xc0001bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0118.650] CloseHandle (hObject=0x308) returned 1 [0118.650] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0118.651] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0118.651] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0118.652] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0118.652] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0118.652] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\thankyou[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\thankyou[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-thankyou[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-thankyou[1].htm"), dwFlags=0x1) returned 1 [0118.653] SetEvent (hEvent=0x13c) returned 1 [0118.653] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.663] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.664] SetEvent (hEvent=0x274) returned 1 [0118.664] SetEvent (hEvent=0x13c) returned 1 [0118.664] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.675] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.687] SetEvent (hEvent=0x3c8) returned 1 [0118.687] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0118.687] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0118.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0118.689] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000157cf4 | out: lpMode=0xc000157cf4) returned 0 [0118.693] GetFileType (hFile=0x3d8) returned 0x1 [0118.693] GetFileType (hFile=0x3d8) returned 0x1 [0118.693] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc000157d44 | out: lpFileInformation=0xc000157d44) returned 1 [0118.694] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc000157d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000157d28) returned 1 [0118.694] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0118.694] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0118.695] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0000dc000, nNumberOfBytesToRead=0x3b6, lpNumberOfBytesRead=0xc000157c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesRead=0xc000157c04*=0x1b6, lpOverlapped=0x0) returned 1 [0118.709] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.801] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0000dc1b6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000157c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc1b6*, lpNumberOfBytesRead=0xc000157c04*=0x0, lpOverlapped=0x0) returned 1 [0118.801] CloseHandle (hObject=0x3d8) returned 1 [0118.801] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0118.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0118.803] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000157d04 | out: lpMode=0xc000157d04) returned 0 [0118.807] GetFileType (hFile=0x3d8) returned 0x1 [0118.807] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000288000*, nNumberOfBytesToWrite=0x1c0, lpNumberOfBytesWritten=0xc000157cec, lpOverlapped=0x0 | out: lpBuffer=0xc000288000*, lpNumberOfBytesWritten=0xc000157cec*=0x1c0, lpOverlapped=0x0) returned 1 [0118.808] CloseHandle (hObject=0x3d8) returned 1 [0118.808] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0301 | out: pbBuffer=0xc0002f0301) returned 1 [0118.808] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0118.809] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0118.809] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0118.810] VirtualAlloc (lpAddress=0xc000296000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000296000 [0118.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0118.811] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000157d64 | out: lpMode=0xc000157d64) returned 0 [0118.813] GetFileType (hFile=0x3d8) returned 0x1 [0118.814] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000157d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000157d4c*=0x158, lpOverlapped=0x0) returned 1 [0118.814] CloseHandle (hObject=0x3d8) returned 1 [0118.814] VirtualAlloc (lpAddress=0xc000298000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000298000 [0118.814] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BB5vO0g[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bb5vo0g[1].png"), dwFlags=0x1) returned 1 [0118.815] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b29f698, ulCount=0x10, ulNumEntriesRemoved=0x2b29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b29f698, ulNumEntriesRemoved=0x2b29f66c) returned 0 [0118.815] SetEvent (hEvent=0x1f8) returned 1 [0118.815] SetEvent (hEvent=0x12c) returned 1 [0118.815] SetEvent (hEvent=0x318) returned 1 [0118.816] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0118.817] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b29fe08*=0x24c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.820] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.820] SetEvent (hEvent=0x1a0) returned 1 [0118.820] SetEvent (hEvent=0x28c) returned 1 [0118.820] SetEvent (hEvent=0x2b0) returned 1 [0118.820] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b29fe08*=0x24c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.821] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.821] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b29fe30*=0x24c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.822] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.822] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b29f6a0, ulNumEntriesRemoved=0x2b29f674) returned 0 [0118.822] SetEvent (hEvent=0x28c) returned 1 [0118.822] SetEvent (hEvent=0x2b0) returned 1 [0118.822] SetEvent (hEvent=0x188) returned 1 [0118.822] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b29fe18*=0x24c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.823] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.823] SetEvent (hEvent=0x39c) returned 1 [0118.823] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.843] SetEvent (hEvent=0x364) returned 1 [0118.843] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e4 [0118.844] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc00015dcf4 | out: lpMode=0xc00015dcf4) returned 0 [0118.847] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0118.955] GetFileType (hFile=0x2e4) returned 0x1 [0118.955] GetFileType (hFile=0x2e4) returned 0x1 [0118.955] GetFileInformationByHandle (in: hFile=0x2e4, lpFileInformation=0xc00015dd44 | out: lpFileInformation=0xc00015dd44) returned 1 [0118.955] GetFileInformationByHandleEx (in: hFile=0x2e4, FileInformationClass=0x9, lpFileInformation=0xc00015dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015dd28) returned 1 [0118.955] ReadFile (in: hFile=0x2e4, lpBuffer=0xc0000fac00, nNumberOfBytesToRead=0xbab, lpNumberOfBytesRead=0xc00015dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fac00*, lpNumberOfBytesRead=0xc00015dc04*=0x9ab, lpOverlapped=0x0) returned 1 [0118.958] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0119.073] ReadFile (in: hFile=0x2e4, lpBuffer=0xc0000fb5ab, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fb5ab*, lpNumberOfBytesRead=0xc00015dc04*=0x0, lpOverlapped=0x0) returned 1 [0119.073] CloseHandle (hObject=0x2e4) returned 1 [0119.073] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0119.074] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0119.074] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0119.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0119.116] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0119.139] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc00015dd04 | out: lpMode=0xc00015dd04) returned 0 [0119.142] GetFileType (hFile=0x2d4) returned 0x1 [0119.142] WriteFile (in: hFile=0x2d4, lpBuffer=0xc000126000*, nNumberOfBytesToWrite=0x9b0, lpNumberOfBytesWritten=0xc00015dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000126000*, lpNumberOfBytesWritten=0xc00015dcec*=0x9b0, lpOverlapped=0x0) returned 1 [0119.143] CloseHandle (hObject=0x2d4) returned 1 [0119.148] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0401 | out: pbBuffer=0xc0002f0401) returned 1 [0119.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0119.148] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc00015dd64 | out: lpMode=0xc00015dd64) returned 0 [0119.149] GetFileType (hFile=0x3bc) returned 0x1 [0119.149] WriteFile (in: hFile=0x3bc, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc00015dd4c*=0x158, lpOverlapped=0x0) returned 1 [0119.149] CloseHandle (hObject=0x3bc) returned 1 [0119.153] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBC0Djg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbc0djg[1].jpg"), dwFlags=0x1) returned 1 [0119.678] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0119.679] SwitchToThread () returned 1 [0119.776] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0119.779] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0119.781] SetEvent (hEvent=0x30c) returned 1 [0119.781] SetEvent (hEvent=0x144) returned 1 [0119.782] SetEvent (hEvent=0x208) returned 1 [0119.782] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0119.882] SwitchToThread () returned 1 [0119.884] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0119.887] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0119.890] SetEvent (hEvent=0xec) returned 1 [0119.890] SetEvent (hEvent=0x3c4) returned 1 [0119.890] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0120.587] GetFileType (hFile=0x384) returned 0x1 [0120.587] WriteFile (in: hFile=0x384, lpBuffer=0xc000186840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000186840*, lpNumberOfBytesWritten=0xc0002d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.587] CloseHandle (hObject=0x384) returned 1 [0120.592] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0120.616] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-ast[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-ast[1].js"), dwFlags=0x1) returned 1 [0120.884] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b29f698, ulCount=0x10, ulNumEntriesRemoved=0x2b29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b29f698, ulNumEntriesRemoved=0x2b29f66c) returned 0 [0120.884] SetEvent (hEvent=0x148) returned 1 [0120.885] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0120.886] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b29fe08*=0x24c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.887] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b29f6a0, ulNumEntriesRemoved=0x2b29f674) returned 0 [0120.887] SetEvent (hEvent=0x148) returned 1 [0120.887] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b29fe18*=0x24c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.889] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0128.593] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0130.667] SetEvent (hEvent=0x324) returned 1 [0130.668] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0130.751] SetEvent (hEvent=0x324) returned 1 [0130.752] SetEvent (hEvent=0x320) returned 1 [0130.752] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0132.613] SetEvent (hEvent=0x3c0) returned 1 [0132.613] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0132.614] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0132.614] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0132.615] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc00014bcf4 | out: lpMode=0xc00014bcf4) returned 0 [0132.623] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0132.627] GetFileType (hFile=0x3d8) returned 0x1 [0132.627] GetFileType (hFile=0x3d8) returned 0x1 [0132.627] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc00014bd44 | out: lpFileInformation=0xc00014bd44) returned 1 [0132.627] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc00014bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014bd28) returned 1 [0132.627] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0132.628] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000120000, nNumberOfBytesToRead=0x390, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesRead=0xc00014bc04*=0x190, lpOverlapped=0x0) returned 1 [0132.629] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000120190, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000120190*, lpNumberOfBytesRead=0xc00014bc04*=0x0, lpOverlapped=0x0) returned 1 [0132.629] CloseHandle (hObject=0x3d8) returned 1 [0132.629] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0132.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.630] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1\\*", lpFindFileData=0xc00014ba08 | out: lpFindFileData=0xc00014ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.630] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00014b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.630] SetEvent (hEvent=0x39c) returned 1 [0132.630] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0132.665] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0132.666] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000141cf4 | out: lpMode=0xc000141cf4) returned 0 [0132.673] GetFileType (hFile=0x2e8) returned 0x1 [0132.673] GetFileType (hFile=0x2e8) returned 0x1 [0132.673] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc000141d44 | out: lpFileInformation=0xc000141d44) returned 1 [0132.673] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc000141d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000141d28) returned 1 [0132.673] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000120800, nNumberOfBytesToRead=0x38e, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc000120800*, lpNumberOfBytesRead=0xc000141c04*=0x18e, lpOverlapped=0x0) returned 1 [0132.674] ReadFile (in: hFile=0x2e8, lpBuffer=0xc00012098e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc00012098e*, lpNumberOfBytesRead=0xc000141c04*=0x0, lpOverlapped=0x0) returned 1 [0132.674] CloseHandle (hObject=0x2e8) returned 1 [0132.674] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.822] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21\\*", lpFindFileData=0xc000141a08 | out: lpFindFileData=0xc000141a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.823] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000141720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.823] VirtualFree (lpAddress=0xc0002b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.823] VirtualFree (lpAddress=0xc0002ae000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.824] VirtualFree (lpAddress=0xc0002a6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.824] VirtualFree (lpAddress=0xc000292000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.825] VirtualFree (lpAddress=0xc000286000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.825] VirtualFree (lpAddress=0xc000236000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.825] VirtualFree (lpAddress=0xc00021c000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0132.826] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.826] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.827] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.828] VirtualFree (lpAddress=0xc0001a6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.828] VirtualFree (lpAddress=0xc0001a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.829] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.829] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.829] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.830] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.830] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.831] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.831] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.832] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.832] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0132.833] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000129cf4 | out: lpMode=0xc000129cf4) returned 0 [0132.839] GetFileType (hFile=0x2bc) returned 0x1 [0132.839] GetFileType (hFile=0x2bc) returned 0x1 [0132.839] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000129d44 | out: lpFileInformation=0xc000129d44) returned 1 [0132.839] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000129d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000129d28) returned 1 [0132.839] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0132.840] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0132.840] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00024e000, nNumberOfBytesToRead=0x3ae, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc00024e000*, lpNumberOfBytesRead=0xc000129c04*=0x1ae, lpOverlapped=0x0) returned 1 [0132.842] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00024e1ae, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc00024e1ae*, lpNumberOfBytesRead=0xc000129c04*=0x0, lpOverlapped=0x0) returned 1 [0132.842] CloseHandle (hObject=0x2bc) returned 1 [0132.842] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0132.843] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0132.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.898] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398\\*", lpFindFileData=0xc000129a08 | out: lpFindFileData=0xc000129a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.898] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000129720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.898] SetEvent (hEvent=0x39c) returned 1 [0132.898] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0132.901] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0132.902] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000260000*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc000141808, lpReserved=0x0 | out: lpBuffer=0xc000260000*, lpNumberOfCharsWritten=0xc000141808*=0xad) returned 1 [0132.904] SetEvent (hEvent=0xfc) returned 1 [0132.904] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0132.904] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0132.905] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0132.905] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0132.906] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0132.907] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0132.907] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0132.908] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000141d64 | out: lpMode=0xc000141d64) returned 0 [0132.909] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0132.912] GetFileType (hFile=0x1b0) returned 0x1 [0132.912] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000260420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000141d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000260420*, lpNumberOfBytesWritten=0xc000141d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.913] CloseHandle (hObject=0x1b0) returned 1 [0132.914] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwFlags=0x1) returned 1 [0133.067] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0133.069] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0133.074] SetEvent (hEvent=0x324) returned 1 [0133.074] SetEvent (hEvent=0x1b4) returned 1 [0133.075] VirtualFree (lpAddress=0xc000110000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.075] VirtualFree (lpAddress=0xc000074000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0133.075] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.076] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.076] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.076] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000189818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc000189818*=0x3) returned 1 [0133.078] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0133.080] SetEvent (hEvent=0x324) returned 1 [0133.080] SwitchToThread () returned 1 [0133.178] SwitchToThread () returned 1 [0133.179] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0133.183] SetEvent (hEvent=0x324) returned 1 [0133.183] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0133.185] SetEvent (hEvent=0x324) returned 1 [0133.185] SetEvent (hEvent=0x3c8) returned 1 [0133.185] SetEvent (hEvent=0x1b4) returned 1 [0133.185] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0133.187] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0133.189] SetEvent (hEvent=0x324) returned 1 [0133.189] SetEvent (hEvent=0x3c8) returned 1 [0133.189] SwitchToThread () returned 1 [0133.287] SwitchToThread () returned 1 [0133.288] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0133.303] SetEvent (hEvent=0xec) returned 1 [0133.303] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0133.305] SetEvent (hEvent=0xec) returned 1 [0133.305] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0133.408] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0134.224] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0134.225] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0134.226] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0134.227] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001d3cf4 | out: lpMode=0xc0001d3cf4) returned 0 [0134.229] GetFileType (hFile=0x1ec) returned 0x1 [0134.229] GetFileType (hFile=0x1ec) returned 0x1 [0134.230] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc0001d3d44 | out: lpFileInformation=0xc0001d3d44) returned 1 [0134.230] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc0001d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d3d28) returned 1 [0134.230] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0134.230] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0001ee000, nNumberOfBytesToRead=0x20d, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ee000*, lpNumberOfBytesRead=0xc0001d3c04*=0xd, lpOverlapped=0x0) returned 1 [0134.232] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0001ee00d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ee00d*, lpNumberOfBytesRead=0xc0001d3c04*=0x0, lpOverlapped=0x0) returned 1 [0134.232] CloseHandle (hObject=0x1ec) returned 1 [0134.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0134.233] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001d3d04 | out: lpMode=0xc0001d3d04) returned 0 [0134.239] GetFileType (hFile=0x1ec) returned 0x1 [0134.239] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000a0120*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0001d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a0120*, lpNumberOfBytesWritten=0xc0001d3cec*=0x10, lpOverlapped=0x0) returned 1 [0134.241] CloseHandle (hObject=0x1ec) returned 1 [0134.241] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0134.241] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0134.241] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0134.242] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0134.243] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0134.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0134.243] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001d3d64 | out: lpMode=0xc0001d3d64) returned 0 [0134.253] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0134.267] GetFileType (hFile=0x1ec) returned 0x1 [0134.268] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0134.269] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0001d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.269] CloseHandle (hObject=0x1ec) returned 1 [0134.269] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\www.google[1].xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\3O75JDME\\encry-www.google[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\3o75jdme\\encry-www.google[1].xml"), dwFlags=0x1) returned 1 [0134.271] SetEvent (hEvent=0xfc) returned 1 [0134.271] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0134.276] SetEvent (hEvent=0x39c) returned 1 [0134.276] SetEvent (hEvent=0xfc) returned 1 [0134.277] SetEvent (hEvent=0x12c) returned 1 [0134.277] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0134.306] SetEvent (hEvent=0x39c) returned 1 [0134.306] SetEvent (hEvent=0x324) returned 1 [0134.306] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0134.556] SetEvent (hEvent=0x12c) returned 1 [0134.556] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0134.562] SetEvent (hEvent=0x334) returned 1 [0134.562] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0135.682] SetEvent (hEvent=0x39c) returned 1 [0135.682] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0135.732] SetEvent (hEvent=0x324) returned 1 [0135.732] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0135.739] SetEvent (hEvent=0xfc) returned 1 [0135.739] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0135.743] SetEvent (hEvent=0x324) returned 1 [0135.743] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0135.747] SetEvent (hEvent=0x324) returned 1 [0135.748] SetEvent (hEvent=0x12c) returned 1 [0135.748] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0135.761] SetEvent (hEvent=0xec) returned 1 [0135.762] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0141.034] VirtualAlloc (lpAddress=0xc000216000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000216000 [0141.035] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0141.036] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0141.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3dc [0141.037] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00020fcf4 | out: lpMode=0xc00020fcf4) returned 0 [0141.043] GetFileType (hFile=0x3dc) returned 0x1 [0141.043] GetFileType (hFile=0x3dc) returned 0x1 [0141.043] GetFileInformationByHandle (in: hFile=0x3dc, lpFileInformation=0xc00020fd44 | out: lpFileInformation=0xc00020fd44) returned 1 [0141.043] GetFileInformationByHandleEx (in: hFile=0x3dc, FileInformationClass=0x9, lpFileInformation=0xc00020fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020fd28) returned 1 [0141.043] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0141.044] ReadFile (in: hFile=0x3dc, lpBuffer=0xc00021c000, nNumberOfBytesToRead=0x3ea, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021c000*, lpNumberOfBytesRead=0xc00020fc04*=0x1ea, lpOverlapped=0x0) returned 1 [0141.045] ReadFile (in: hFile=0x3dc, lpBuffer=0xc00021c1ea, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021c1ea*, lpNumberOfBytesRead=0xc00020fc04*=0x0, lpOverlapped=0x0) returned 1 [0141.045] CloseHandle (hObject=0x3dc) returned 1 [0141.045] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0141.045] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0141.046] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00020fd04 | out: lpMode=0xc00020fd04) returned 0 [0141.048] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0141.196] GetFileType (hFile=0x3dc) returned 0x1 [0141.196] WriteFile (in: hFile=0x3dc, lpBuffer=0xc00021e000*, nNumberOfBytesToWrite=0x1f0, lpNumberOfBytesWritten=0xc00020fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00021e000*, lpNumberOfBytesWritten=0xc00020fcec*=0x1f0, lpOverlapped=0x0) returned 1 [0141.197] CloseHandle (hObject=0x3dc) returned 1 [0141.197] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0141.197] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0141.198] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0141.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0141.199] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00020fd64 | out: lpMode=0xc00020fd64) returned 0 [0141.258] GetFileType (hFile=0x3dc) returned 0x1 [0141.258] WriteFile (in: hFile=0x3dc, lpBuffer=0xc000290420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290420*, lpNumberOfBytesWritten=0xc00020fd4c*=0x158, lpOverlapped=0x0) returned 1 [0141.259] CloseHandle (hObject=0x3dc) returned 1 [0141.259] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0141.260] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0141.260] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@bing[1].txt"), dwFlags=0x1) returned 1 [0141.262] SetEvent (hEvent=0x334) returned 1 [0141.262] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0141.268] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0141.269] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000159cf4 | out: lpMode=0xc000159cf4) returned 0 [0141.270] GetFileType (hFile=0x2b4) returned 0x1 [0141.270] GetFileType (hFile=0x2b4) returned 0x1 [0141.270] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc000159d44 | out: lpFileInformation=0xc000159d44) returned 1 [0141.270] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc000159d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000159d28) returned 1 [0141.270] ReadFile (in: hFile=0x2b4, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x276, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc000159c04*=0x76, lpOverlapped=0x0) returned 1 [0141.271] ReadFile (in: hFile=0x2b4, lpBuffer=0xc00003c076, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c076*, lpNumberOfBytesRead=0xc000159c04*=0x0, lpOverlapped=0x0) returned 1 [0141.271] CloseHandle (hObject=0x2b4) returned 1 [0141.271] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0141.272] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000159d04 | out: lpMode=0xc000159d04) returned 0 [0141.278] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0141.501] GetFileType (hFile=0x2b4) returned 0x1 [0141.501] WriteFile (in: hFile=0x2b4, lpBuffer=0xc000104400*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0xc000159cec, lpOverlapped=0x0 | out: lpBuffer=0xc000104400*, lpNumberOfBytesWritten=0xc000159cec*=0x80, lpOverlapped=0x0) returned 1 [0142.506] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0142.845] CloseHandle (hObject=0x2b4) returned 1 [0142.856] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b101 | out: pbBuffer=0xc00031b101) returned 1 [0142.856] VirtualAlloc (lpAddress=0xc000698000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000698000 [0142.857] VirtualAlloc (lpAddress=0xc00069a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00069a000 [0142.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0142.859] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000159d64 | out: lpMode=0xc000159d64) returned 0 [0142.874] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0144.164] SetEvent (hEvent=0xc80) returned 1 [0144.164] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) returned 0x0 [0144.166] VirtualFree (lpAddress=0xc000768000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.168] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.169] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.169] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.170] SetEvent (hEvent=0x9e0) returned 1 [0144.170] WaitForSingleObject (hHandle=0x24c, dwMilliseconds=0xffffffff) Thread: id = 37 os_tid = 0x344 [0115.801] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2b49fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2b49fea0*=0x1f0) returned 1 [0115.801] VirtualQuery (in: lpAddress=0x2b49fec0, lpBuffer=0x2b49fec0, dwLength=0x30 | out: lpBuffer=0x2b49fec0*(BaseAddress=0x2b49f000, AllocationBase=0x2b2a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0115.801] SetEvent (hEvent=0x1d4) returned 1 [0115.801] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x258 [0115.801] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x25c [0115.801] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0115.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x254 [0115.808] GetConsoleMode (in: hConsoleHandle=0x254, lpMode=0xc000171cf4 | out: lpMode=0xc000171cf4) returned 0 [0115.810] GetFileType (hFile=0x254) returned 0x1 [0115.811] GetFileType (hFile=0x254) returned 0x1 [0115.811] GetFileInformationByHandle (in: hFile=0x254, lpFileInformation=0xc000171d44 | out: lpFileInformation=0xc000171d44) returned 1 [0115.811] GetFileInformationByHandleEx (in: hFile=0x254, FileInformationClass=0x9, lpFileInformation=0xc000171d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000171d28) returned 1 [0115.811] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0115.811] ReadFile (in: hFile=0x254, lpBuffer=0xc00029a000, nNumberOfBytesToRead=0x97f, lpNumberOfBytesRead=0xc000171c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029a000*, lpNumberOfBytesRead=0xc000171c04*=0x77f, lpOverlapped=0x0) returned 1 [0115.816] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0115.953] ReadFile (in: hFile=0x254, lpBuffer=0xc00029a77f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000171c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029a77f*, lpNumberOfBytesRead=0xc000171c04*=0x0, lpOverlapped=0x0) returned 1 [0115.953] CloseHandle (hObject=0x254) returned 1 [0115.953] SetEvent (hEvent=0x274) returned 1 [0115.953] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0116.013] SetEvent (hEvent=0xec) returned 1 [0116.013] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0116.019] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0116.020] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc00026fcf4 | out: lpMode=0xc00026fcf4) returned 0 [0116.021] GetFileType (hFile=0x1ec) returned 0x1 [0116.022] GetFileType (hFile=0x1ec) returned 0x1 [0116.022] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc00026fd44 | out: lpFileInformation=0xc00026fd44) returned 1 [0116.022] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc00026fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026fd28) returned 1 [0116.022] ReadFile (in: hFile=0x1ec, lpBuffer=0xc000327800, nNumberOfBytesToRead=0x36d8, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000327800*, lpNumberOfBytesRead=0xc00026fc04*=0x34d8, lpOverlapped=0x0) returned 1 [0116.030] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00032acd8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00032acd8*, lpNumberOfBytesRead=0xc00026fc04*=0x0, lpOverlapped=0x0) returned 1 [0116.030] CloseHandle (hObject=0x1ec) returned 1 [0116.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0116.103] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc00026fd04 | out: lpMode=0xc00026fd04) returned 0 [0116.106] GetFileType (hFile=0x2c4) returned 0x1 [0116.106] WriteFile (in: hFile=0x2c4, lpBuffer=0xc000310a00*, nNumberOfBytesToWrite=0x34e0, lpNumberOfBytesWritten=0xc00026fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000310a00*, lpNumberOfBytesWritten=0xc00026fcec*=0x34e0, lpOverlapped=0x0) returned 1 [0116.107] CloseHandle (hObject=0x2c4) returned 1 [0116.112] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0116.141] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2b01 | out: pbBuffer=0xc0001c2b01) returned 1 [0116.141] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x320 [0116.142] GetConsoleMode (in: hConsoleHandle=0x320, lpMode=0xc00026fd64 | out: lpMode=0xc00026fd64) returned 0 [0116.142] GetFileType (hFile=0x320) returned 0x1 [0116.142] WriteFile (in: hFile=0x320, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc00026fd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.143] CloseHandle (hObject=0x320) returned 1 [0116.152] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBC0FXU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbc0fxu[1].jpg"), dwFlags=0x1) returned 1 [0116.664] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f698, ulCount=0x10, ulNumEntriesRemoved=0x2b49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f698, ulNumEntriesRemoved=0x2b49f66c) returned 0 [0116.664] SetEvent (hEvent=0x9c) returned 1 [0116.665] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.665] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f6a0, ulNumEntriesRemoved=0x2b49f674) returned 0 [0116.665] SetEvent (hEvent=0x9c) returned 1 [0116.665] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe18*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.666] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0116.681] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0116.686] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0116.787] SwitchToThread () returned 1 [0116.788] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0117.390] SetEvent (hEvent=0x3c4) returned 1 [0117.390] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0117.392] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d8 [0117.393] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc0001b9cf4 | out: lpMode=0xc0001b9cf4) returned 0 [0117.394] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0117.526] GetFileType (hFile=0x2d8) returned 0x1 [0117.526] GetFileType (hFile=0x2d8) returned 0x1 [0117.526] GetFileInformationByHandle (in: hFile=0x2d8, lpFileInformation=0xc0001b9d44 | out: lpFileInformation=0xc0001b9d44) returned 1 [0117.526] GetFileInformationByHandleEx (in: hFile=0x2d8, FileInformationClass=0x9, lpFileInformation=0xc0001b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b9d28) returned 1 [0117.526] VirtualAlloc (lpAddress=0xc000452000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000452000 [0117.527] ReadFile (in: hFile=0x2d8, lpBuffer=0xc000452000, nNumberOfBytesToRead=0xb113, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000452000*, lpNumberOfBytesRead=0xc0001b9c04*=0xaf13, lpOverlapped=0x0) returned 1 [0117.531] ReadFile (in: hFile=0x2d8, lpBuffer=0xc00045cf13, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00045cf13*, lpNumberOfBytesRead=0xc0001b9c04*=0x0, lpOverlapped=0x0) returned 1 [0117.531] CloseHandle (hObject=0x2d8) returned 1 [0117.531] VirtualAlloc (lpAddress=0xc00045e000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00045e000 [0117.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x348 [0117.690] GetConsoleMode (in: hConsoleHandle=0x348, lpMode=0xc0001b9d04 | out: lpMode=0xc0001b9d04) returned 0 [0117.692] GetFileType (hFile=0x348) returned 0x1 [0117.692] WriteFile (in: hFile=0x348, lpBuffer=0xc00045e000*, nNumberOfBytesToWrite=0xaf20, lpNumberOfBytesWritten=0xc0001b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00045e000*, lpNumberOfBytesWritten=0xc0001b9cec*=0xaf20, lpOverlapped=0x0) returned 1 [0117.694] CloseHandle (hObject=0x348) returned 1 [0117.700] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000d01 | out: pbBuffer=0xc000000d01) returned 1 [0117.700] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0117.700] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc0001b9d64 | out: lpMode=0xc0001b9d64) returned 0 [0117.703] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0117.757] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x248, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2b49f920, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2b49f920*=0x380) returned 1 [0117.757] SuspendThread (hThread=0x380) returned 0x0 [0117.757] GetThreadContext (in: hThread=0x380, lpContext=0x2b49f930 | out: lpContext=0x2b49f930*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2b29fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0117.759] ResumeThread (hThread=0x380) returned 0x1 [0117.759] CloseHandle (hObject=0x380) returned 1 [0117.759] SetEvent (hEvent=0x334) returned 1 [0117.760] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0117.991] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.000] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.027] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.029] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.031] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.037] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.043] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.047] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.056] SetEvent (hEvent=0x198) returned 1 [0118.056] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.057] SetEvent (hEvent=0x198) returned 1 [0118.057] SetEvent (hEvent=0x9c) returned 1 [0118.057] VirtualFree (lpAddress=0xc0005d2000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0118.058] VirtualFree (lpAddress=0xc00052c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.058] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cd818, lpReserved=0x0 | out: lpBuffer=0xc000072010*, lpNumberOfCharsWritten=0xc0001cd818*=0x3) returned 1 [0118.059] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.061] SetEvent (hEvent=0x148) returned 1 [0118.061] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.062] SetEvent (hEvent=0x148) returned 1 [0118.062] SetEvent (hEvent=0x9c) returned 1 [0118.062] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072028*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000111818, lpReserved=0x0 | out: lpBuffer=0xc000072028*, lpNumberOfCharsWritten=0xc000111818*=0x3) returned 1 [0118.063] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.066] SetEvent (hEvent=0x320) returned 1 [0118.066] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.068] SetEvent (hEvent=0x320) returned 1 [0118.068] SetEvent (hEvent=0x9c) returned 1 [0118.069] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010118*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015f818, lpReserved=0x0 | out: lpBuffer=0xc000010118*, lpNumberOfCharsWritten=0xc00015f818*=0x3) returned 1 [0118.073] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.076] SetEvent (hEvent=0x274) returned 1 [0118.076] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.078] SetEvent (hEvent=0x274) returned 1 [0118.078] SetEvent (hEvent=0x9c) returned 1 [0118.078] VirtualFree (lpAddress=0xc0005f6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.079] VirtualFree (lpAddress=0xc0005ea000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0118.079] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020b818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc00020b818*=0x3) returned 1 [0118.081] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.083] SetEvent (hEvent=0x274) returned 1 [0118.083] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0118.085] SetEvent (hEvent=0x274) returned 1 [0118.085] SetEvent (hEvent=0x9c) returned 1 [0118.085] SwitchToThread () returned 1 [0118.181] SetEvent (hEvent=0x274) returned 1 [0118.181] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0119.017] SetEvent (hEvent=0x35c) returned 1 [0119.017] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0119.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x254 [0119.021] GetConsoleMode (in: hConsoleHandle=0x254, lpMode=0xc000179cf4 | out: lpMode=0xc000179cf4) returned 0 [0119.022] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0119.119] GetFileType (hFile=0x254) returned 0x1 [0119.119] GetFileType (hFile=0x254) returned 0x1 [0119.119] GetFileInformationByHandle (in: hFile=0x254, lpFileInformation=0xc000179d44 | out: lpFileInformation=0xc000179d44) returned 1 [0119.119] GetFileInformationByHandleEx (in: hFile=0x254, FileInformationClass=0x9, lpFileInformation=0xc000179d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000179d28) returned 1 [0119.119] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0119.120] ReadFile (in: hFile=0x254, lpBuffer=0xc0001b0000, nNumberOfBytesToRead=0x284b, lpNumberOfBytesRead=0xc000179c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b0000*, lpNumberOfBytesRead=0xc000179c04*=0x264b, lpOverlapped=0x0) returned 1 [0119.123] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0119.174] ReadFile (in: hFile=0x254, lpBuffer=0xc0001b264b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000179c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b264b*, lpNumberOfBytesRead=0xc000179c04*=0x0, lpOverlapped=0x0) returned 1 [0119.174] CloseHandle (hObject=0x254) returned 1 [0119.174] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0119.175] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0119.175] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0119.176] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0119.201] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000179d04 | out: lpMode=0xc000179d04) returned 0 [0119.202] GetFileType (hFile=0x2c4) returned 0x1 [0119.202] WriteFile (in: hFile=0x2c4, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x2650, lpNumberOfBytesWritten=0xc000179cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc000179cec*=0x2650, lpOverlapped=0x0) returned 1 [0119.203] CloseHandle (hObject=0x2c4) returned 1 [0119.204] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0119.204] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0119.204] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0119.204] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc000179d64 | out: lpMode=0xc000179d64) returned 0 [0119.205] GetFileType (hFile=0x2d8) returned 0x1 [0119.205] WriteFile (in: hFile=0x2d8, lpBuffer=0xc0000d7ce0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000179d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7ce0*, lpNumberOfBytesWritten=0xc000179d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.205] CloseHandle (hObject=0x2d8) returned 1 [0119.206] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBUPaj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbupaj[1].jpg"), dwFlags=0x1) returned 1 [0119.909] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0119.912] SetEvent (hEvent=0x1a0) returned 1 [0119.912] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0119.913] SetEvent (hEvent=0x1a0) returned 1 [0119.913] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0119.914] SetEvent (hEvent=0x1a0) returned 1 [0119.914] SetEvent (hEvent=0x148) returned 1 [0119.914] SetEvent (hEvent=0x144) returned 1 [0119.914] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3dc [0120.016] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc0001d3cf4 | out: lpMode=0xc0001d3cf4) returned 0 [0120.018] GetFileType (hFile=0x3dc) returned 0x1 [0120.018] GetFileType (hFile=0x3dc) returned 0x1 [0120.018] GetFileInformationByHandle (in: hFile=0x3dc, lpFileInformation=0xc0001d3d44 | out: lpFileInformation=0xc0001d3d44) returned 1 [0120.018] GetFileInformationByHandleEx (in: hFile=0x3dc, FileInformationClass=0x9, lpFileInformation=0xc0001d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d3d28) returned 1 [0120.018] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0120.019] ReadFile (in: hFile=0x3dc, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x1d14, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc0001d3c04*=0x1b14, lpOverlapped=0x0) returned 1 [0120.029] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.047] SetEvent (hEvent=0x1a0) returned 1 [0120.047] ReadFile (in: hFile=0x3dc, lpBuffer=0xc000095b14, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000095b14*, lpNumberOfBytesRead=0xc0001d3c04*=0x0, lpOverlapped=0x0) returned 1 [0120.047] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.106] SetEvent (hEvent=0xc0) returned 1 [0120.106] SetEvent (hEvent=0x3c0) returned 1 [0120.106] CloseHandle (hObject=0x3dc) returned 1 [0120.106] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.116] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0120.117] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0120.117] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0120.118] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0120.119] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.120] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc0001d3d04 | out: lpMode=0xc0001d3d04) returned 0 [0120.121] GetFileType (hFile=0x3dc) returned 0x1 [0120.121] WriteFile (in: hFile=0x3dc, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x1b20, lpNumberOfBytesWritten=0xc0001d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc0001d3cec*=0x1b20, lpOverlapped=0x0) returned 1 [0120.122] CloseHandle (hObject=0x3dc) returned 1 [0120.122] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0101 | out: pbBuffer=0xc0002f0101) returned 1 [0120.123] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0120.123] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0120.124] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0120.124] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc0001d3d64 | out: lpMode=0xc0001d3d64) returned 0 [0120.130] GetFileType (hFile=0x3dc) returned 0x1 [0120.130] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.130] CloseHandle (hObject=0x3dc) returned 1 [0120.130] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEfkgi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbefkgi[1].jpg"), dwFlags=0x1) returned 1 [0120.131] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe30*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.132] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f698, ulCount=0x10, ulNumEntriesRemoved=0x2b49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f698, ulNumEntriesRemoved=0x2b49f66c) returned 0 [0120.132] SetEvent (hEvent=0xc0) returned 1 [0120.132] SetEvent (hEvent=0x30c) returned 1 [0120.132] SetEvent (hEvent=0x364) returned 1 [0120.133] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.134] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.134] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.137] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f6a0, ulNumEntriesRemoved=0x2b49f674) returned 0 [0120.137] SetEvent (hEvent=0x30c) returned 1 [0120.137] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe18*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.140] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0120.141] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3dc [0120.141] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc000065cf4 | out: lpMode=0xc000065cf4) returned 0 [0120.145] GetFileType (hFile=0x3dc) returned 0x1 [0120.145] GetFileType (hFile=0x3dc) returned 0x1 [0120.145] GetFileInformationByHandle (in: hFile=0x3dc, lpFileInformation=0xc000065d44 | out: lpFileInformation=0xc000065d44) returned 1 [0120.145] GetFileInformationByHandleEx (in: hFile=0x3dc, FileInformationClass=0x9, lpFileInformation=0xc000065d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000065d28) returned 1 [0120.145] ReadFile (in: hFile=0x3dc, lpBuffer=0xc00006d800, nNumberOfBytesToRead=0xb18, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006d800*, lpNumberOfBytesRead=0xc000065c04*=0x918, lpOverlapped=0x0) returned 1 [0120.154] ReadFile (in: hFile=0x3dc, lpBuffer=0xc00006e118, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e118*, lpNumberOfBytesRead=0xc000065c04*=0x0, lpOverlapped=0x0) returned 1 [0120.154] CloseHandle (hObject=0x3dc) returned 1 [0120.154] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0120.155] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0120.155] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0120.157] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc000065d04 | out: lpMode=0xc000065d04) returned 0 [0120.160] GetFileType (hFile=0x3dc) returned 0x1 [0120.160] WriteFile (in: hFile=0x3dc, lpBuffer=0xc000072000*, nNumberOfBytesToWrite=0x920, lpNumberOfBytesWritten=0xc000065cec, lpOverlapped=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfBytesWritten=0xc000065cec*=0x920, lpOverlapped=0x0) returned 1 [0120.161] CloseHandle (hObject=0x3dc) returned 1 [0120.161] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0120.162] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0120.162] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0120.162] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc000065d64 | out: lpMode=0xc000065d64) returned 0 [0120.163] GetFileType (hFile=0x3dc) returned 0x1 [0120.163] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000065d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000065d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.163] CloseHandle (hObject=0x3dc) returned 1 [0120.163] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEgX5G[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbegx5g[1].jpg"), dwFlags=0x1) returned 1 [0120.165] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe30*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.165] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.165] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f698, ulCount=0x10, ulNumEntriesRemoved=0x2b49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f698, ulNumEntriesRemoved=0x2b49f66c) returned 0 [0120.165] SetEvent (hEvent=0xc0) returned 1 [0120.166] SetEvent (hEvent=0x39c) returned 1 [0120.166] SetEvent (hEvent=0x144) returned 1 [0120.166] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0120.167] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.168] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f6a0, ulNumEntriesRemoved=0x2b49f674) returned 0 [0120.168] SetEvent (hEvent=0x144) returned 1 [0120.168] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe18*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.174] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0120.174] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3dc [0120.175] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00011bcf4 | out: lpMode=0xc00011bcf4) returned 0 [0120.179] GetFileType (hFile=0x3dc) returned 0x1 [0120.179] GetFileType (hFile=0x3dc) returned 0x1 [0120.179] GetFileInformationByHandle (in: hFile=0x3dc, lpFileInformation=0xc00011bd44 | out: lpFileInformation=0xc00011bd44) returned 1 [0120.179] GetFileInformationByHandleEx (in: hFile=0x3dc, FileInformationClass=0x9, lpFileInformation=0xc00011bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00011bd28) returned 1 [0120.179] ReadFile (in: hFile=0x3dc, lpBuffer=0xc00005e480, nNumberOfBytesToRead=0x430, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005e480*, lpNumberOfBytesRead=0xc00011bc04*=0x230, lpOverlapped=0x0) returned 1 [0120.193] ReadFile (in: hFile=0x3dc, lpBuffer=0xc00005e6b0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005e6b0*, lpNumberOfBytesRead=0xc00011bc04*=0x0, lpOverlapped=0x0) returned 1 [0120.193] CloseHandle (hObject=0x3dc) returned 1 [0120.193] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0120.194] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0120.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0120.195] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00011bd04 | out: lpMode=0xc00011bd04) returned 0 [0120.209] GetFileType (hFile=0x3dc) returned 0x1 [0120.209] WriteFile (in: hFile=0x3dc, lpBuffer=0xc000110000*, nNumberOfBytesToWrite=0x240, lpNumberOfBytesWritten=0xc00011bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000110000*, lpNumberOfBytesWritten=0xc00011bcec*=0x240, lpOverlapped=0x0) returned 1 [0120.211] CloseHandle (hObject=0x3dc) returned 1 [0120.211] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0120.211] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0120.211] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0120.212] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0120.213] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0120.214] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0120.214] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0120.214] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00011bd64 | out: lpMode=0xc00011bd64) returned 0 [0120.221] GetFileType (hFile=0x3dc) returned 0x1 [0120.221] WriteFile (in: hFile=0x3dc, lpBuffer=0xc00011c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00011bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c2c0*, lpNumberOfBytesWritten=0xc00011bd4c*=0x158, lpOverlapped=0x0) returned 1 [0120.222] CloseHandle (hObject=0x3dc) returned 1 [0120.222] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBoqF0J[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bboqf0j[1].png"), dwFlags=0x1) returned 1 [0120.223] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe30*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.224] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.224] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f698, ulCount=0x10, ulNumEntriesRemoved=0x2b49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f698, ulNumEntriesRemoved=0x2b49f66c) returned 0 [0120.224] SetEvent (hEvent=0xc0) returned 1 [0120.224] SetEvent (hEvent=0xfc) returned 1 [0120.224] SetEvent (hEvent=0x12c) returned 1 [0120.225] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0120.227] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.230] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.245] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f6a0, ulNumEntriesRemoved=0x2b49f674) returned 0 [0120.245] SetEvent (hEvent=0x144) returned 1 [0120.245] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe18*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.278] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe30*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.279] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.279] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f698, ulCount=0x10, ulNumEntriesRemoved=0x2b49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f698, ulNumEntriesRemoved=0x2b49f66c) returned 0 [0120.279] SetEvent (hEvent=0xc0) returned 1 [0120.279] SetEvent (hEvent=0x39c) returned 1 [0120.279] SetEvent (hEvent=0xfc) returned 1 [0120.279] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0120.281] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.285] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.288] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f6a0, ulNumEntriesRemoved=0x2b49f674) returned 0 [0120.288] SetEvent (hEvent=0xfc) returned 1 [0120.288] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe18*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.310] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.310] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe30*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.313] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.313] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f698, ulCount=0x10, ulNumEntriesRemoved=0x2b49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f698, ulNumEntriesRemoved=0x2b49f66c) returned 0 [0120.313] SetEvent (hEvent=0xc0) returned 1 [0120.313] SetEvent (hEvent=0x39c) returned 1 [0120.313] SetEvent (hEvent=0x364) returned 1 [0120.314] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.317] SetEvent (hEvent=0x364) returned 1 [0120.317] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.323] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe30*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.324] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f6a0, ulNumEntriesRemoved=0x2b49f674) returned 0 [0120.324] SetEvent (hEvent=0x39c) returned 1 [0120.324] SetEvent (hEvent=0x364) returned 1 [0120.324] SetEvent (hEvent=0x12c) returned 1 [0120.324] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe18*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.330] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0120.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0120.331] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc00012dcf4 | out: lpMode=0xc00012dcf4) returned 0 [0120.343] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.372] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.373] SetEvent (hEvent=0x198) returned 1 [0120.373] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0120.487] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0001fdcf4 | out: lpMode=0xc0001fdcf4) returned 0 [0120.493] GetFileType (hFile=0x2f4) returned 0x1 [0120.493] GetFileType (hFile=0x2f4) returned 0x1 [0120.493] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc0001fdd44 | out: lpFileInformation=0xc0001fdd44) returned 1 [0120.493] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc0001fdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fdd28) returned 1 [0120.493] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0120.495] ReadFile (in: hFile=0x2f4, lpBuffer=0xc000074000, nNumberOfBytesToRead=0x2a74, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000074000*, lpNumberOfBytesRead=0xc0001fdc04*=0x2874, lpOverlapped=0x0) returned 1 [0120.525] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.532] ReadFile (in: hFile=0x2f4, lpBuffer=0xc000076874, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000076874*, lpNumberOfBytesRead=0xc0001fdc04*=0x0, lpOverlapped=0x0) returned 1 [0120.532] CloseHandle (hObject=0x2f4) returned 1 [0120.532] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0120.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0120.608] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.620] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001fdd04 | out: lpMode=0xc0001fdd04) returned 0 [0120.621] GetFileType (hFile=0x2cc) returned 0x1 [0120.621] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000e4000*, nNumberOfBytesToWrite=0x2880, lpNumberOfBytesWritten=0xc0001fdcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesWritten=0xc0001fdcec*=0x2880, lpOverlapped=0x0) returned 1 [0120.622] CloseHandle (hObject=0x2cc) returned 1 [0120.628] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.643] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001801 | out: pbBuffer=0xc000001801) returned 1 [0120.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0120.644] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001fdd64 | out: lpMode=0xc0001fdd64) returned 0 [0120.646] GetFileType (hFile=0x240) returned 0x1 [0120.646] WriteFile (in: hFile=0x240, lpBuffer=0xc0000d7600*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7600*, lpNumberOfBytesWritten=0xc0001fdd4c*=0x158, lpOverlapped=0x0) returned 1 [0120.646] CloseHandle (hObject=0x240) returned 1 [0120.649] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-adfscript[1]"), dwFlags=0x1) returned 1 [0120.903] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0120.911] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0122.303] SetEvent (hEvent=0x1a0) returned 1 [0122.303] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0123.870] SetEvent (hEvent=0x114) returned 1 [0123.870] SetEvent (hEvent=0x3c0) returned 1 [0123.870] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0123.878] SetEvent (hEvent=0x114) returned 1 [0123.878] SetEvent (hEvent=0x3c0) returned 1 [0123.878] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0123.908] SetEvent (hEvent=0x114) returned 1 [0123.908] SetEvent (hEvent=0x334) returned 1 [0123.909] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0123.915] SetEvent (hEvent=0x13c) returned 1 [0123.915] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0128.506] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0128.508] SetEvent (hEvent=0x3c0) returned 1 [0128.508] SetEvent (hEvent=0x334) returned 1 [0128.508] VirtualFree (lpAddress=0xc00028c000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0128.509] VirtualFree (lpAddress=0xc00027e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.510] VirtualFree (lpAddress=0xc000264000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.510] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.511] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0128.512] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.512] VirtualFree (lpAddress=0xc000204000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0128.513] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.513] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0128.514] VirtualFree (lpAddress=0xc000198000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.515] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.515] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.516] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.516] VirtualFree (lpAddress=0xc00010e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.517] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.517] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.518] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.518] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.519] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.519] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.519] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.520] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.520] SwitchToThread () returned 1 [0128.522] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0128.526] SetEvent (hEvent=0x3c0) returned 1 [0128.526] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc00020b818*=0x3) returned 1 [0128.527] SetEvent (hEvent=0x3c0) returned 1 [0128.527] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001f9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0006*, lpNumberOfCharsWritten=0xc0001f9818*=0x3) returned 1 [0128.528] SetEvent (hEvent=0x3c0) returned 1 [0128.528] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0020*, lpNumberOfCharsWritten=0xc0000c3818*=0x3) returned 1 [0128.529] SetEvent (hEvent=0x3c0) returned 1 [0128.529] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0026*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000271818, lpReserved=0x0 | out: lpBuffer=0xc0000a0026*, lpNumberOfCharsWritten=0xc000271818*=0x3) returned 1 [0128.530] SetEvent (hEvent=0x3c0) returned 1 [0128.530] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000279818, lpReserved=0x0 | out: lpBuffer=0xc0000a0030*, lpNumberOfCharsWritten=0xc000279818*=0x3) returned 1 [0128.531] SetEvent (hEvent=0x3c0) returned 1 [0128.531] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0036*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0036*, lpNumberOfCharsWritten=0xc0000c1818*=0x3) returned 1 [0128.532] SetEvent (hEvent=0x3c0) returned 1 [0128.532] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002d7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0060*, lpNumberOfCharsWritten=0xc0002d7818*=0x3) returned 1 [0128.533] SetEvent (hEvent=0x3c0) returned 1 [0128.533] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0066*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0066*, lpNumberOfCharsWritten=0xc00012f818*=0x3) returned 1 [0128.534] SetEvent (hEvent=0x3c0) returned 1 [0128.534] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0130*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0130*, lpNumberOfCharsWritten=0xc00012b818*=0x3) returned 1 [0128.535] SetEvent (hEvent=0x3c0) returned 1 [0128.535] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0136*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00014b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0136*, lpNumberOfCharsWritten=0xc00014b818*=0x3) returned 1 [0128.536] SetEvent (hEvent=0x3c0) returned 1 [0128.536] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0128.536] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0140*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000129818, lpReserved=0x0 | out: lpBuffer=0xc0000a0140*, lpNumberOfCharsWritten=0xc000129818*=0x3) returned 1 [0128.537] SetEvent (hEvent=0x3c0) returned 1 [0128.537] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0146*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000149818, lpReserved=0x0 | out: lpBuffer=0xc0000a0146*, lpNumberOfCharsWritten=0xc000149818*=0x3) returned 1 [0128.538] SetEvent (hEvent=0x3c0) returned 1 [0128.538] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0150*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000065818, lpReserved=0x0 | out: lpBuffer=0xc0000a0150*, lpNumberOfCharsWritten=0xc000065818*=0x3) returned 1 [0128.539] SetEvent (hEvent=0x3c0) returned 1 [0128.539] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0156*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001fb818, lpReserved=0x0 | out: lpBuffer=0xc0000a0156*, lpNumberOfCharsWritten=0xc0001fb818*=0x3) returned 1 [0128.540] SetEvent (hEvent=0x3c0) returned 1 [0128.540] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0160*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00027b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0160*, lpNumberOfCharsWritten=0xc00027b818*=0x3) returned 1 [0128.540] SetEvent (hEvent=0x3c0) returned 1 [0128.541] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0166*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002d9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0166*, lpNumberOfCharsWritten=0xc0002d9818*=0x3) returned 1 [0128.541] SetEvent (hEvent=0x3c0) returned 1 [0128.541] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0170*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000243818, lpReserved=0x0 | out: lpBuffer=0xc0000a0170*, lpNumberOfCharsWritten=0xc000243818*=0x3) returned 1 [0128.542] SetEvent (hEvent=0x3c0) returned 1 [0128.542] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0176*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0176*, lpNumberOfCharsWritten=0xc0001d3818*=0x3) returned 1 [0128.543] SetEvent (hEvent=0x3c0) returned 1 [0128.543] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0128.544] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000126000*, nNumberOfCharsToWrite=0x83, lpNumberOfCharsWritten=0xc00024b808, lpReserved=0x0 | out: lpBuffer=0xc000126000*, lpNumberOfCharsWritten=0xc00024b808*=0x83) returned 1 [0128.545] SetEvent (hEvent=0x3c0) returned 1 [0128.545] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0128.545] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0128.545] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0128.546] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0128.547] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0128.548] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0128.548] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0128.549] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0128.549] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0128.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0130.618] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00024bd64 | out: lpMode=0xc00024bd64) returned 0 [0130.635] GetFileType (hFile=0x370) returned 0x1 [0130.635] WriteFile (in: hFile=0x370, lpBuffer=0xc00010e840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00010e840*, lpNumberOfBytesWritten=0xc00024bd4c*=0x158, lpOverlapped=0x0) returned 1 [0130.636] CloseHandle (hObject=0x370) returned 1 [0130.636] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0130.685] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0130.784] SetEvent (hEvent=0x148) returned 1 [0130.784] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0130.796] SetEvent (hEvent=0x12c) returned 1 [0130.796] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.073] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.088] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.116] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.145] SetEvent (hEvent=0xfc) returned 1 [0131.145] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.153] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.161] SetEvent (hEvent=0x3c0) returned 1 [0131.161] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.167] SetEvent (hEvent=0x3c0) returned 1 [0131.167] SetEvent (hEvent=0x320) returned 1 [0131.167] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.167] VirtualFree (lpAddress=0xc000202000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.168] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0131.168] VirtualFree (lpAddress=0xc00004c000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0131.169] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00029d818, lpReserved=0x0 | out: lpBuffer=0xc00005e008*, lpNumberOfCharsWritten=0xc00029d818*=0x2) returned 1 [0131.170] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.175] SetEvent (hEvent=0x320) returned 1 [0131.175] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0131.176] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc00029dcf4 | out: lpMode=0xc00029dcf4) returned 0 [0131.177] GetFileType (hFile=0x3d8) returned 0x1 [0131.177] GetFileType (hFile=0x3d8) returned 0x1 [0131.177] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc00029dd44 | out: lpFileInformation=0xc00029dd44) returned 1 [0131.177] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc00029dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029dd28) returned 1 [0131.178] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0131.178] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000292000, nNumberOfBytesToRead=0x880, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000292000*, lpNumberOfBytesRead=0xc00029dc04*=0x680, lpOverlapped=0x0) returned 1 [0131.181] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000292680, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000292680*, lpNumberOfBytesRead=0xc00029dc04*=0x0, lpOverlapped=0x0) returned 1 [0131.181] CloseHandle (hObject=0x3d8) returned 1 [0131.181] VirtualAlloc (lpAddress=0xc000296000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000296000 [0131.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.184] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9\\*", lpFindFileData=0xc00029da08 | out: lpFindFileData=0xc00029da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.184] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00029d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.184] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0131.185] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0131.185] VirtualAlloc (lpAddress=0xc0002a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a6000 [0131.186] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002a6000*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc00029d808, lpReserved=0x0 | out: lpBuffer=0xc0002a6000*, lpNumberOfCharsWritten=0xc00029d808*=0xac) returned 1 [0131.190] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0131.191] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0131.191] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0131.191] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0131.192] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0131.192] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0131.193] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0131.194] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0131.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0131.195] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00029dd64 | out: lpMode=0xc00029dd64) returned 0 [0131.196] GetFileType (hFile=0x370) returned 0x1 [0131.196] WriteFile (in: hFile=0x370, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00029dd4c*=0x158, lpOverlapped=0x0) returned 1 [0131.197] CloseHandle (hObject=0x370) returned 1 [0131.202] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwFlags=0x1) returned 1 [0131.256] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.256] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f698, ulCount=0x10, ulNumEntriesRemoved=0x2b49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f698, ulNumEntriesRemoved=0x2b49f66c) returned 0 [0131.256] SetEvent (hEvent=0x39c) returned 1 [0131.257] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.258] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.261] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f6a0, ulNumEntriesRemoved=0x2b49f674) returned 0 [0131.261] SetEvent (hEvent=0x1b4) returned 1 [0131.267] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe18*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.276] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.276] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.307] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000045818, lpReserved=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfCharsWritten=0xc000045818*=0x2) returned 1 [0131.308] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.310] SetEvent (hEvent=0x39c) returned 1 [0131.310] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0131.310] VirtualAlloc (lpAddress=0xc0002e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e4000 [0131.311] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0131.312] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000195cf4 | out: lpMode=0xc000195cf4) returned 0 [0131.313] GetFileType (hFile=0x3d8) returned 0x1 [0131.313] GetFileType (hFile=0x3d8) returned 0x1 [0131.313] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc000195d44 | out: lpFileInformation=0xc000195d44) returned 1 [0131.313] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc000195d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000195d28) returned 1 [0131.313] VirtualAlloc (lpAddress=0xc0002e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e6000 [0131.314] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0002e6000, nNumberOfBytesToRead=0x42a, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e6000*, lpNumberOfBytesRead=0xc000195c04*=0x22a, lpOverlapped=0x0) returned 1 [0131.315] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0002e622a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e622a*, lpNumberOfBytesRead=0xc000195c04*=0x0, lpOverlapped=0x0) returned 1 [0131.315] CloseHandle (hObject=0x3d8) returned 1 [0131.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.317] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21\\*", lpFindFileData=0xc000195a08 | out: lpFindFileData=0xc000195a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.318] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000195720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.318] VirtualAlloc (lpAddress=0xc0002e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e8000 [0131.318] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0131.319] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002ea000*, nNumberOfCharsToWrite=0x8b, lpNumberOfCharsWritten=0xc000195808, lpReserved=0x0 | out: lpBuffer=0xc0002ea000*, lpNumberOfCharsWritten=0xc000195808*=0x8b) returned 1 [0131.320] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0131.320] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0131.321] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0131.322] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0131.322] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000195d64 | out: lpMode=0xc000195d64) returned 0 [0131.322] GetFileType (hFile=0x3d8) returned 0x1 [0131.322] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0002ee2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000195d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ee2c0*, lpNumberOfBytesWritten=0xc000195d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.323] CloseHandle (hObject=0x3d8) returned 1 [0131.323] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0131.324] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-7396c420a8e1bc1da97f1af0d10bad21"), dwFlags=0x1) returned 1 [0131.373] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe30*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.373] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f698, ulCount=0x10, ulNumEntriesRemoved=0x2b49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f698, ulNumEntriesRemoved=0x2b49f66c) returned 0 [0131.373] SetEvent (hEvent=0xfc) returned 1 [0131.373] SetEvent (hEvent=0x3c0) returned 1 [0131.373] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0131.375] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.416] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.417] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f6a0, ulNumEntriesRemoved=0x2b49f674) returned 0 [0131.417] SetEvent (hEvent=0x3c0) returned 1 [0131.417] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe18*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.425] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.426] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.552] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.557] SetEvent (hEvent=0x148) returned 1 [0131.557] SetEvent (hEvent=0x1b4) returned 1 [0131.557] SetEvent (hEvent=0x3c0) returned 1 [0131.557] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.655] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.663] SetEvent (hEvent=0xfc) returned 1 [0131.663] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.664] SetEvent (hEvent=0xfc) returned 1 [0131.664] SetEvent (hEvent=0x12c) returned 1 [0131.664] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.664] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.664] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.665] VirtualFree (lpAddress=0xc000110000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.665] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.665] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.666] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.666] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.666] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.667] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.667] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.668] VirtualFree (lpAddress=0xc00006a000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0131.668] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.669] VirtualFree (lpAddress=0xc000054000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0131.669] VirtualFree (lpAddress=0xc00004c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0131.670] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0131.670] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00029d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc00029d818*=0x2) returned 1 [0131.671] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.680] SetEvent (hEvent=0x3c0) returned 1 [0131.680] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.681] SetEvent (hEvent=0xfc) returned 1 [0131.681] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0131.681] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0131.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0131.683] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00029dcf4 | out: lpMode=0xc00029dcf4) returned 0 [0131.684] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.689] GetFileType (hFile=0x2bc) returned 0x1 [0131.689] GetFileType (hFile=0x2bc) returned 0x1 [0131.689] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc00029dd44 | out: lpFileInformation=0xc00029dd44) returned 1 [0131.689] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc00029dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029dd28) returned 1 [0131.689] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0131.690] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0001a2000, nNumberOfBytesToRead=0x3cf, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a2000*, lpNumberOfBytesRead=0xc00029dc04*=0x1cf, lpOverlapped=0x0) returned 1 [0131.691] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0001a21cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a21cf*, lpNumberOfBytesRead=0xc00029dc04*=0x0, lpOverlapped=0x0) returned 1 [0131.691] CloseHandle (hObject=0x2bc) returned 1 [0131.691] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0131.692] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0131.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.701] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0131.702] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1\\*", lpFindFileData=0xc00029da08 | out: lpFindFileData=0xc00029da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.702] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00029d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.702] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0131.702] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc00029d808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc00029d808*=0xac) returned 1 [0131.708] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0131.708] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0131.709] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0131.709] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0131.709] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0131.710] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0131.710] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0131.710] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0131.711] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0131.711] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00029dd64 | out: lpMode=0xc00029dd64) returned 0 [0131.718] GetFileType (hFile=0x2e8) returned 0x1 [0131.718] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0131.718] WriteFile (in: hFile=0x2e8, lpBuffer=0xc000126000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000126000*, lpNumberOfBytesWritten=0xc00029dd4c*=0x158, lpOverlapped=0x0) returned 1 [0131.719] CloseHandle (hObject=0x2e8) returned 1 [0131.723] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwFlags=0x1) returned 1 [0131.750] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f698, ulCount=0x10, ulNumEntriesRemoved=0x2b49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f698, ulNumEntriesRemoved=0x2b49f66c) returned 0 [0131.750] SetEvent (hEvent=0x1b4) returned 1 [0131.751] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.751] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f6a0, ulNumEntriesRemoved=0x2b49f674) returned 0 [0131.751] SetEvent (hEvent=0x1b4) returned 1 [0131.751] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe18*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.756] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.776] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.789] SetEvent (hEvent=0x3c0) returned 1 [0131.789] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.792] SetEvent (hEvent=0x3c0) returned 1 [0131.792] SetEvent (hEvent=0xfc) returned 1 [0131.792] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.792] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.793] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.793] VirtualFree (lpAddress=0xc00006a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0131.794] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.794] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.794] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000141818, lpReserved=0x0 | out: lpBuffer=0xc00005e018*, lpNumberOfCharsWritten=0xc000141818*=0x2) returned 1 [0131.796] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.802] SetEvent (hEvent=0x12c) returned 1 [0131.802] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.804] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0131.805] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0131.805] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000031cf4 | out: lpMode=0xc000031cf4) returned 0 [0131.806] GetFileType (hFile=0x2e8) returned 0x1 [0131.806] GetFileType (hFile=0x2e8) returned 0x1 [0131.807] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc000031d44 | out: lpFileInformation=0xc000031d44) returned 1 [0131.807] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc000031d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000031d28) returned 1 [0131.807] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x3cf, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc000031c04*=0x1cf, lpOverlapped=0x0) returned 1 [0131.808] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0001601cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001601cf*, lpNumberOfBytesRead=0xc000031c04*=0x0, lpOverlapped=0x0) returned 1 [0131.808] CloseHandle (hObject=0x2e8) returned 1 [0131.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.814] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30\\*", lpFindFileData=0xc000031a08 | out: lpFindFileData=0xc000031a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.814] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000031720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.814] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000031808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000031808*=0xac) returned 1 [0131.817] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0131.817] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0131.818] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0131.818] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0131.819] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0131.819] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000031d64 | out: lpMode=0xc000031d64) returned 0 [0131.820] GetFileType (hFile=0x370) returned 0x1 [0131.820] WriteFile (in: hFile=0x370, lpBuffer=0xc00004c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000031d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00004c2c0*, lpNumberOfBytesWritten=0xc000031d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.821] CloseHandle (hObject=0x370) returned 1 [0131.826] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwFlags=0x1) returned 1 [0131.858] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe30*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.859] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f698, ulCount=0x10, ulNumEntriesRemoved=0x2b49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f698, ulNumEntriesRemoved=0x2b49f66c) returned 0 [0131.859] SetEvent (hEvent=0x3c0) returned 1 [0131.859] SetEvent (hEvent=0x12c) returned 1 [0131.859] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0131.860] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.865] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.872] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f6a0, ulNumEntriesRemoved=0x2b49f674) returned 0 [0131.872] SetEvent (hEvent=0x148) returned 1 [0131.872] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe18*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.877] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.885] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.890] SetEvent (hEvent=0x1b4) returned 1 [0131.890] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0131.890] SetEvent (hEvent=0x1b4) returned 1 [0131.891] SetEvent (hEvent=0x12c) returned 1 [0131.891] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.891] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.912] VirtualFree (lpAddress=0xc000072000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0131.912] VirtualFree (lpAddress=0xc00005a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.913] VirtualFree (lpAddress=0xc00004e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0131.913] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.914] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d5818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc0002d5818*=0x2) returned 1 [0132.006] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.032] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.039] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.050] SetEvent (hEvent=0x3c0) returned 1 [0132.050] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.051] SetEvent (hEvent=0x3c0) returned 1 [0132.051] SetEvent (hEvent=0xfc) returned 1 [0132.051] VirtualFree (lpAddress=0xc000212000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0132.052] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.052] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.053] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.053] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.053] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.054] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000195818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc000195818*=0x2) returned 1 [0132.055] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.063] SetEvent (hEvent=0xfc) returned 1 [0132.063] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0132.063] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0132.064] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0132.065] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000195cf4 | out: lpMode=0xc000195cf4) returned 0 [0132.067] GetFileType (hFile=0x2bc) returned 0x1 [0132.067] GetFileType (hFile=0x2bc) returned 0x1 [0132.067] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000195d44 | out: lpFileInformation=0xc000195d44) returned 1 [0132.067] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000195d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000195d28) returned 1 [0132.067] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0132.068] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000e6000, nNumberOfBytesToRead=0x7e0, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e6000*, lpNumberOfBytesRead=0xc000195c04*=0x5e0, lpOverlapped=0x0) returned 1 [0132.070] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000e65e0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e65e0*, lpNumberOfBytesRead=0xc000195c04*=0x0, lpOverlapped=0x0) returned 1 [0132.070] CloseHandle (hObject=0x2bc) returned 1 [0132.070] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0132.070] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0132.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.081] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0132.081] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9\\*", lpFindFileData=0xc000195a08 | out: lpFindFileData=0xc000195a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.082] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000195720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.082] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.082] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000195808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000195808*=0xac) returned 1 [0132.083] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.084] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0132.084] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0132.084] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000195d64 | out: lpMode=0xc000195d64) returned 0 [0132.085] GetFileType (hFile=0x2bc) returned 0x1 [0132.085] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000195d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000195d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.086] CloseHandle (hObject=0x2bc) returned 1 [0132.088] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwFlags=0x1) returned 1 [0132.139] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f698, ulCount=0x10, ulNumEntriesRemoved=0x2b49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f698, ulNumEntriesRemoved=0x2b49f66c) returned 0 [0132.139] SetEvent (hEvent=0x320) returned 1 [0132.140] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.141] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f6a0, ulNumEntriesRemoved=0x2b49f674) returned 0 [0132.141] SetEvent (hEvent=0x320) returned 1 [0132.141] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe18*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.146] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.146] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.156] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.161] SetEvent (hEvent=0xfc) returned 1 [0132.161] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.162] SetEvent (hEvent=0xfc) returned 1 [0132.162] SetEvent (hEvent=0x1b4) returned 1 [0132.162] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.163] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.163] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.163] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.164] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.164] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.165] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.165] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.165] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000141818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc000141818*=0x2) returned 1 [0132.167] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.175] SetEvent (hEvent=0x1b4) returned 1 [0132.175] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0132.176] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0132.177] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0132.177] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000133cf4 | out: lpMode=0xc000133cf4) returned 0 [0132.178] GetFileType (hFile=0x2bc) returned 0x1 [0132.178] GetFileType (hFile=0x2bc) returned 0x1 [0132.178] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000133d44 | out: lpFileInformation=0xc000133d44) returned 1 [0132.179] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000133d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000133d28) returned 1 [0132.179] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0132.179] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000a4000, nNumberOfBytesToRead=0x7ee, lpNumberOfBytesRead=0xc000133c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a4000*, lpNumberOfBytesRead=0xc000133c04*=0x5ee, lpOverlapped=0x0) returned 1 [0132.181] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000a45ee, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000133c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a45ee*, lpNumberOfBytesRead=0xc000133c04*=0x0, lpOverlapped=0x0) returned 1 [0132.181] CloseHandle (hObject=0x2bc) returned 1 [0132.182] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0132.182] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0132.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.192] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.193] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001\\*", lpFindFileData=0xc000133a08 | out: lpFindFileData=0xc000133a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.193] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000133720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.193] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000133808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000133808*=0xac) returned 1 [0132.194] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.195] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.195] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0132.196] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0132.196] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000133d64 | out: lpMode=0xc000133d64) returned 0 [0132.197] GetFileType (hFile=0x2bc) returned 0x1 [0132.197] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000133d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000133d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.197] CloseHandle (hObject=0x2bc) returned 1 [0132.199] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwFlags=0x1) returned 1 [0132.254] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f698, ulCount=0x10, ulNumEntriesRemoved=0x2b49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f698, ulNumEntriesRemoved=0x2b49f66c) returned 0 [0132.254] SetEvent (hEvent=0x148) returned 1 [0132.255] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.257] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.258] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f6a0, ulNumEntriesRemoved=0x2b49f674) returned 0 [0132.258] SetEvent (hEvent=0x148) returned 1 [0132.258] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe18*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.262] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.283] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.293] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.299] SetEvent (hEvent=0xfc) returned 1 [0132.299] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.341] SetEvent (hEvent=0xfc) returned 1 [0132.342] SetEvent (hEvent=0x1b4) returned 1 [0132.342] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.342] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.343] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.343] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.344] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.344] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001f5818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc0001f5818*=0x2) returned 1 [0132.418] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.428] SetEvent (hEvent=0xfc) returned 1 [0132.428] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0132.429] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0132.429] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0132.430] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001f5cf4 | out: lpMode=0xc0001f5cf4) returned 0 [0132.432] GetFileType (hFile=0x2bc) returned 0x1 [0132.432] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0132.432] GetFileType (hFile=0x2bc) returned 0x1 [0132.432] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0001f5d44 | out: lpFileInformation=0xc0001f5d44) returned 1 [0132.432] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0001f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f5d28) returned 1 [0132.432] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000fa900, nNumberOfBytesToRead=0x8e3, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa900*, lpNumberOfBytesRead=0xc0001f5c04*=0x6e3, lpOverlapped=0x0) returned 1 [0132.435] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000fafe3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fafe3*, lpNumberOfBytesRead=0xc0001f5c04*=0x0, lpOverlapped=0x0) returned 1 [0132.435] CloseHandle (hObject=0x2bc) returned 1 [0132.436] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0132.436] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.441] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE\\*", lpFindFileData=0xc0001f5a08 | out: lpFindFileData=0xc0001f5a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.441] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001f5720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.441] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0001f5808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0001f5808*=0xac) returned 1 [0132.443] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0132.444] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.444] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0132.444] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001f5d64 | out: lpMode=0xc0001f5d64) returned 0 [0132.447] GetFileType (hFile=0x2bc) returned 0x1 [0132.447] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.447] CloseHandle (hObject=0x2bc) returned 1 [0132.449] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwFlags=0x1) returned 1 [0132.484] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f698, ulCount=0x10, ulNumEntriesRemoved=0x2b49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f698, ulNumEntriesRemoved=0x2b49f66c) returned 0 [0132.484] SetEvent (hEvent=0x148) returned 1 [0132.484] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe08*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.485] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b49f6a0, ulNumEntriesRemoved=0x2b49f674) returned 0 [0132.485] SetEvent (hEvent=0x148) returned 1 [0132.485] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b49fe18*=0x258, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.489] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.499] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.507] SetEvent (hEvent=0xfc) returned 1 [0132.507] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.508] SetEvent (hEvent=0xfc) returned 1 [0132.508] SetEvent (hEvent=0x320) returned 1 [0132.508] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.509] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.509] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.510] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.510] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.511] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.511] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.511] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.512] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.512] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010038*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001fd818, lpReserved=0x0 | out: lpBuffer=0xc000010038*, lpNumberOfCharsWritten=0xc0001fd818*=0x2) returned 1 [0132.514] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.520] SetEvent (hEvent=0xfc) returned 1 [0132.520] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0132.521] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0132.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0132.522] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0132.523] GetFileType (hFile=0x2e8) returned 0x1 [0132.523] GetFileType (hFile=0x2e8) returned 0x1 [0132.523] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0132.523] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0132.523] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0132.524] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x84b, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc000247c04*=0x64b, lpOverlapped=0x0) returned 1 [0132.525] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000fa64b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa64b*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0132.525] CloseHandle (hObject=0x2e8) returned 1 [0132.525] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0132.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.533] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0132.533] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585\\*", lpFindFileData=0xc000247a08 | out: lpFindFileData=0xc000247a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.534] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000247720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.534] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000247808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000247808*=0xac) returned 1 [0132.535] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0132.536] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.536] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0132.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0132.536] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0132.555] GetFileType (hFile=0x2e8) returned 0x1 [0132.556] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.556] CloseHandle (hObject=0x2e8) returned 1 [0132.564] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.624] SetEvent (hEvent=0xfc) returned 1 [0132.624] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.810] VirtualAlloc (lpAddress=0xc0002b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b8000 [0132.811] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002b8000*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc00012b808, lpReserved=0x0 | out: lpBuffer=0xc0002b8000*, lpNumberOfCharsWritten=0xc00012b808*=0xad) returned 1 [0132.817] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.817] SetEvent (hEvent=0x354) returned 1 [0132.818] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0132.818] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0132.818] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0132.819] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0132.820] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0132.820] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00012bd64 | out: lpMode=0xc00012bd64) returned 0 [0132.821] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0132.837] GetFileType (hFile=0x2e8) returned 0x1 [0132.837] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0132.838] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0001682c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001682c0*, lpNumberOfBytesWritten=0xc00012bd4c*=0x158, lpOverlapped=0x0) returned 1 [0132.838] CloseHandle (hObject=0x2e8) returned 1 [0132.877] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwFlags=0x1) returned 1 [0133.039] VirtualFree (lpAddress=0xc000290000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.040] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010068*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012f818, lpReserved=0x0 | out: lpBuffer=0xc000010068*, lpNumberOfCharsWritten=0xc00012f818*=0x3) returned 1 [0133.041] SetEvent (hEvent=0x334) returned 1 [0133.041] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0141.072] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0141.072] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00013fcf4 | out: lpMode=0xc00013fcf4) returned 0 [0141.078] GetFileType (hFile=0x2e8) returned 0x1 [0141.078] GetFileType (hFile=0x2e8) returned 0x1 [0141.078] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc00013fd44 | out: lpFileInformation=0xc00013fd44) returned 1 [0141.078] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc00013fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013fd28) returned 1 [0141.079] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000d8500, nNumberOfBytesToRead=0x25d, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8500*, lpNumberOfBytesRead=0xc00013fc04*=0x5d, lpOverlapped=0x0) returned 1 [0141.080] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000d855d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d855d*, lpNumberOfBytesRead=0xc00013fc04*=0x0, lpOverlapped=0x0) returned 1 [0141.080] CloseHandle (hObject=0x2e8) returned 1 [0141.080] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0141.081] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0141.082] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00013fd04 | out: lpMode=0xc00013fd04) returned 0 [0141.090] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0141.272] GetFileType (hFile=0x2e8) returned 0x1 [0141.272] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000fc000*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0xc00013fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc000*, lpNumberOfBytesWritten=0xc00013fcec*=0x60, lpOverlapped=0x0) returned 1 [0141.274] CloseHandle (hObject=0x2e8) returned 1 [0141.274] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0141.274] VirtualAlloc (lpAddress=0xc0002aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002aa000 [0141.275] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0141.275] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00013fd64 | out: lpMode=0xc00013fd64) returned 0 [0141.278] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0141.508] GetFileType (hFile=0x2e8) returned 0x1 [0141.508] WriteFile (in: hFile=0x2e8, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc00013fd4c*=0x158, lpOverlapped=0x0) returned 1 [0142.511] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0143.017] CloseHandle (hObject=0x2e8) returned 1 [0143.018] VirtualAlloc (lpAddress=0xc0006a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006a4000 [0143.019] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@adformdsp[1].txt"), dwFlags=0x1) returned 1 [0143.021] SetEvent (hEvent=0x1a0) returned 1 [0143.021] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0143.041] SetEvent (hEvent=0x12c) returned 1 [0143.041] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0143.053] SetEvent (hEvent=0x208) returned 1 [0143.053] SetEvent (hEvent=0x3c4) returned 1 [0143.053] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0143.063] SetEvent (hEvent=0x208) returned 1 [0143.063] SetEvent (hEvent=0x8b8) returned 1 [0143.063] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0143.089] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0143.092] SetEvent (hEvent=0x388) returned 1 [0143.092] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0143.110] SetEvent (hEvent=0x9c0) returned 1 [0143.110] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) returned 0x0 [0143.125] SetEvent (hEvent=0x5ec) returned 1 [0143.125] WaitForSingleObject (hHandle=0x258, dwMilliseconds=0xffffffff) Thread: id = 38 os_tid = 0xb2c [0115.810] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2b69fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2b69fea0*=0x1e0) returned 1 [0115.810] VirtualQuery (in: lpAddress=0x2b69fec0, lpBuffer=0x2b69fec0, dwLength=0x30 | out: lpBuffer=0x2b69fec0*(BaseAddress=0x2b69f000, AllocationBase=0x2b4a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0115.810] SetEvent (hEvent=0x1a0) returned 1 [0115.810] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x264 [0115.810] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x268 [0115.810] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0115.817] VirtualAlloc (lpAddress=0xc0002b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b2000 [0115.817] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0115.817] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0115.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x26c [0115.818] GetConsoleMode (in: hConsoleHandle=0x26c, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0115.826] GetFileType (hFile=0x26c) returned 0x1 [0115.826] GetFileType (hFile=0x26c) returned 0x1 [0115.826] GetFileInformationByHandle (in: hFile=0x26c, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0115.826] GetFileInformationByHandleEx (in: hFile=0x26c, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0115.826] VirtualAlloc (lpAddress=0xc000380000, dwSize=0x48000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000380000 [0115.832] ReadFile (in: hFile=0x26c, lpBuffer=0xc000380000, nNumberOfBytesToRead=0x463fe, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000380000*, lpNumberOfBytesRead=0xc0006ddc04*=0x461fe, lpOverlapped=0x0) returned 1 [0115.839] ReadFile (in: hFile=0x26c, lpBuffer=0xc0003c61fe, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003c61fe*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0115.839] CloseHandle (hObject=0x26c) returned 1 [0115.840] VirtualAlloc (lpAddress=0xc0002ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ba000 [0115.840] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0115.841] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0115.841] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x48000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0115.841] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x48000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0115.841] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x24000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0115.841] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0115.841] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0115.841] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0115.841] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0115.842] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x46000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0115.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b0 [0115.897] GetConsoleMode (in: hConsoleHandle=0x2b0, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0115.898] GetFileType (hFile=0x2b0) returned 0x1 [0115.899] WriteFile (in: hFile=0x2b0, lpBuffer=0xc0003fe000*, nNumberOfBytesToWrite=0x46200, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesWritten=0xc0006ddcec*=0x46200, lpOverlapped=0x0) returned 1 [0115.905] CloseHandle (hObject=0x2b0) returned 1 [0115.911] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0115.954] SetEvent (hEvent=0x114) returned 1 [0115.954] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0116.013] SetEvent (hEvent=0x144) returned 1 [0116.013] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0116.027] SetEvent (hEvent=0x13c) returned 1 [0116.027] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0116.033] GetFileType (hFile=0x284) returned 0x1 [0116.033] WriteFile (in: hFile=0x284, lpBuffer=0xc000314000*, nNumberOfBytesToWrite=0x880, lpNumberOfBytesWritten=0xc00020bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000314000*, lpNumberOfBytesWritten=0xc00020bcec*=0x880, lpOverlapped=0x0) returned 1 [0116.034] CloseHandle (hObject=0x284) returned 1 [0116.040] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0116.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0116.041] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc00020bd64 | out: lpMode=0xc00020bd64) returned 0 [0116.064] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0116.067] GetFileType (hFile=0x2c4) returned 0x1 [0116.067] WriteFile (in: hFile=0x2c4, lpBuffer=0xc0002d0c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002d0c60*, lpNumberOfBytesWritten=0xc00020bd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.067] CloseHandle (hObject=0x2c4) returned 1 [0116.075] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBUqkT[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbbuqkt[2].jpg"), dwFlags=0x1) returned 1 [0116.630] SwitchToThread () returned 1 [0116.631] SetEvent (hEvent=0xec) returned 1 [0116.631] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0116.632] SetEvent (hEvent=0xec) returned 1 [0116.632] SetEvent (hEvent=0x13c) returned 1 [0116.632] SetEvent (hEvent=0x144) returned 1 [0116.632] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0117.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0117.483] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0117.486] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0117.637] GetFileType (hFile=0x36c) returned 0x1 [0117.637] GetFileType (hFile=0x36c) returned 0x1 [0117.637] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0117.637] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0117.637] VirtualAlloc (lpAddress=0xc000514000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000514000 [0117.639] ReadFile (in: hFile=0x36c, lpBuffer=0xc000514000, nNumberOfBytesToRead=0x2184, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000514000*, lpNumberOfBytesRead=0xc00024dc04*=0x1f84, lpOverlapped=0x0) returned 1 [0117.680] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0117.737] ReadFile (in: hFile=0x36c, lpBuffer=0xc000515f84, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000515f84*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0117.737] CloseHandle (hObject=0x36c) returned 1 [0117.737] VirtualAlloc (lpAddress=0xc00037e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037e000 [0117.737] VirtualAlloc (lpAddress=0xc00050a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00050a000 [0117.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d4 [0117.841] GetConsoleMode (in: hConsoleHandle=0x3d4, lpMode=0xc00024dd04 | out: lpMode=0xc00024dd04) returned 0 [0117.875] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0117.935] SetEvent (hEvent=0x144) returned 1 [0117.935] GetFileType (hFile=0x3d4) returned 0x1 [0117.936] WriteFile (in: hFile=0x3d4, lpBuffer=0xc00037e000*, nNumberOfBytesToWrite=0x1f90, lpNumberOfBytesWritten=0xc00024dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00037e000*, lpNumberOfBytesWritten=0xc00024dcec*=0x1f90, lpOverlapped=0x0) returned 1 [0117.939] CloseHandle (hObject=0x3d4) returned 1 [0117.942] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0117.945] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0117.945] VirtualAlloc (lpAddress=0xc000522000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000522000 [0117.946] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0117.946] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0117.954] GetFileType (hFile=0x1b0) returned 0x1 [0117.954] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000fc2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc2c0*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.955] CloseHandle (hObject=0x1b0) returned 1 [0117.961] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEfXl6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbefxl6[1].jpg"), dwFlags=0x1) returned 1 [0118.571] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0118.571] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3dc [0118.572] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc0001b9cf4 | out: lpMode=0xc0001b9cf4) returned 0 [0118.572] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0118.575] SetEvent (hEvent=0x274) returned 1 [0118.575] GetFileType (hFile=0x3dc) returned 0x1 [0118.575] GetFileType (hFile=0x3dc) returned 0x1 [0118.575] GetFileInformationByHandle (in: hFile=0x3dc, lpFileInformation=0xc0001b9d44 | out: lpFileInformation=0xc0001b9d44) returned 1 [0118.575] GetFileInformationByHandleEx (in: hFile=0x3dc, FileInformationClass=0x9, lpFileInformation=0xc0001b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b9d28) returned 1 [0118.575] ReadFile (in: hFile=0x3dc, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x267, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc0001b9c04*=0x67, lpOverlapped=0x0) returned 1 [0118.581] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0118.583] ReadFile (in: hFile=0x3dc, lpBuffer=0xc00004c067, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c067*, lpNumberOfBytesRead=0xc0001b9c04*=0x0, lpOverlapped=0x0) returned 1 [0118.583] CloseHandle (hObject=0x3dc) returned 1 [0118.583] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0118.584] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0118.584] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x230 [0118.590] GetConsoleMode (in: hConsoleHandle=0x230, lpMode=0xc0001b9d04 | out: lpMode=0xc0001b9d04) returned 0 [0118.594] GetFileType (hFile=0x230) returned 0x1 [0118.594] WriteFile (in: hFile=0x230, lpBuffer=0xc000130000*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0xc0001b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000130000*, lpNumberOfBytesWritten=0xc0001b9cec*=0x70, lpOverlapped=0x0) returned 1 [0118.596] CloseHandle (hObject=0x230) returned 1 [0118.598] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082b01 | out: pbBuffer=0xc000082b01) returned 1 [0118.598] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0118.599] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0118.599] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0118.600] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x230 [0118.600] GetConsoleMode (in: hConsoleHandle=0x230, lpMode=0xc0001b9d64 | out: lpMode=0xc0001b9d64) returned 0 [0118.602] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0118.610] SetEvent (hEvent=0x274) returned 1 [0118.610] GetFileType (hFile=0x230) returned 0x1 [0118.611] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0118.619] WriteFile (in: hFile=0x230, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0118.619] CloseHandle (hObject=0x230) returned 1 [0118.619] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-tecjslog[1].png"), dwFlags=0x1) returned 1 [0118.620] SetEvent (hEvent=0x24c) returned 1 [0118.620] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0118.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0118.732] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001bfcf4 | out: lpMode=0xc0001bfcf4) returned 0 [0118.735] GetFileType (hFile=0x1b0) returned 0x1 [0118.735] GetFileType (hFile=0x1b0) returned 0x1 [0118.735] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0001bfd44 | out: lpFileInformation=0xc0001bfd44) returned 1 [0118.736] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0001bfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bfd28) returned 1 [0118.736] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0118.736] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000058000, nNumberOfBytesToRead=0x5e3, lpNumberOfBytesRead=0xc0001bfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesRead=0xc0001bfc04*=0x3e3, lpOverlapped=0x0) returned 1 [0118.744] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000583e3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000583e3*, lpNumberOfBytesRead=0xc0001bfc04*=0x0, lpOverlapped=0x0) returned 1 [0118.744] CloseHandle (hObject=0x1b0) returned 1 [0118.745] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0118.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0118.746] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001bfd04 | out: lpMode=0xc0001bfd04) returned 0 [0118.752] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0118.845] GetFileType (hFile=0x1b0) returned 0x1 [0118.845] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00005a000*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0xc0001bfcec, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesWritten=0xc0001bfcec*=0x3f0, lpOverlapped=0x0) returned 1 [0118.846] CloseHandle (hObject=0x1b0) returned 1 [0118.847] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0118.957] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0118.957] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0118.957] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374 [0118.957] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc0001bfd64 | out: lpMode=0xc0001bfd64) returned 0 [0118.958] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0119.083] GetFileType (hFile=0x374) returned 0x1 [0119.083] WriteFile (in: hFile=0x374, lpBuffer=0xc0001c0000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0000*, lpNumberOfBytesWritten=0xc0001bfd4c*=0x158, lpOverlapped=0x0) returned 1 [0119.083] CloseHandle (hObject=0x374) returned 1 [0119.083] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-AA42x3V[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-aa42x3v[1].png"), dwFlags=0x1) returned 1 [0119.294] VirtualFree (lpAddress=0xc00006e000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0119.294] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d1818, lpReserved=0x0 | out: lpBuffer=0xc000010060*, lpNumberOfCharsWritten=0xc0001d1818*=0x3) returned 1 [0119.392] SetEvent (hEvent=0x28c) returned 1 [0119.392] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0119.394] SetEvent (hEvent=0x28c) returned 1 [0119.394] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0119.395] SetEvent (hEvent=0x28c) returned 1 [0119.395] SetEvent (hEvent=0x1e8) returned 1 [0119.395] SwitchToThread () returned 1 [0119.491] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0119.511] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0119.516] SetEvent (hEvent=0x29c) returned 1 [0119.516] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0141.497] SetEvent (hEvent=0x334) returned 1 [0141.497] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0141.499] SetEvent (hEvent=0x324) returned 1 [0141.499] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0141.502] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-S72hWfUsGFs.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-s72hwfusgfs.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x280 [0141.502] GetConsoleMode (in: hConsoleHandle=0x280, lpMode=0xc000045cf4 | out: lpMode=0xc000045cf4) returned 0 [0141.503] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0141.647] GetFileType (hFile=0x280) returned 0x1 [0141.647] GetFileType (hFile=0x280) returned 0x1 [0141.647] GetFileInformationByHandle (in: hFile=0x280, lpFileInformation=0xc000045d44 | out: lpFileInformation=0xc000045d44) returned 1 [0141.647] GetFileInformationByHandleEx (in: hFile=0x280, FileInformationClass=0x9, lpFileInformation=0xc000045d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000045d28) returned 1 [0141.647] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0141.649] ReadFile (in: hFile=0x280, lpBuffer=0xc0002e2000, nNumberOfBytesToRead=0x20aa, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesRead=0xc000045c04*=0x1eaa, lpOverlapped=0x0) returned 1 [0142.578] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0143.021] ReadFile (in: hFile=0x280, lpBuffer=0xc0002e3eaa, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e3eaa*, lpNumberOfBytesRead=0xc000045c04*=0x0, lpOverlapped=0x0) returned 1 [0143.021] CloseHandle (hObject=0x280) returned 1 [0143.021] VirtualAlloc (lpAddress=0xc0007b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007b0000 [0143.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-S72hWfUsGFs.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-s72hwfusgfs.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0143.026] GetConsoleMode (in: hConsoleHandle=0x280, lpMode=0xc000045d04 | out: lpMode=0xc000045d04) returned 0 [0143.034] GetFileType (hFile=0x280) returned 0x1 [0143.034] WriteFile (in: hFile=0x280, lpBuffer=0xc0007b0000*, nNumberOfBytesToWrite=0x1eb0, lpNumberOfBytesWritten=0xc000045cec, lpOverlapped=0x0 | out: lpBuffer=0xc0007b0000*, lpNumberOfBytesWritten=0xc000045cec*=0x1eb0, lpOverlapped=0x0) returned 1 [0143.035] CloseHandle (hObject=0x280) returned 1 [0143.036] VirtualAlloc (lpAddress=0xc0007b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007b2000 [0143.037] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b101 | out: pbBuffer=0xc00031b101) returned 1 [0143.037] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-S72hWfUsGFs.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-s72hwfusgfs.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x280 [0143.037] GetConsoleMode (in: hConsoleHandle=0x280, lpMode=0xc000045d64 | out: lpMode=0xc000045d64) returned 0 [0143.038] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0144.325] SetEvent (hEvent=0xbc0) returned 1 [0144.325] GetFileType (hFile=0x280) returned 0x1 [0144.325] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0144.638] WriteFile (in: hFile=0x280, lpBuffer=0xc00007fe40*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000045d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007fe40*, lpNumberOfBytesWritten=0xc000045d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.639] CloseHandle (hObject=0x280) returned 1 [0144.639] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-S72hWfUsGFs.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-s72hwfusgfs.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry--S72hWfUsGFs.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry--s72hwfusgfs.lnk"), dwFlags=0x1) returned 1 [0144.641] SetEvent (hEvent=0xb48) returned 1 [0144.641] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0145.824] SetEvent (hEvent=0xa18) returned 1 [0145.824] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0145.853] SetEvent (hEvent=0x1c4) returned 1 [0145.853] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0145.870] SetEvent (hEvent=0xc04) returned 1 [0145.870] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0145.886] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0145.887] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0145.888] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x848 [0145.889] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc00018bcf4 | out: lpMode=0xc00018bcf4) returned 0 [0145.890] GetFileType (hFile=0x848) returned 0x1 [0145.891] GetFileType (hFile=0x848) returned 0x1 [0145.891] GetFileInformationByHandle (in: hFile=0x848, lpFileInformation=0xc00018bd44 | out: lpFileInformation=0xc00018bd44) returned 1 [0145.891] GetFileInformationByHandleEx (in: hFile=0x848, FileInformationClass=0x9, lpFileInformation=0xc00018bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018bd28) returned 1 [0145.891] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0145.892] ReadFile (in: hFile=0x848, lpBuffer=0xc000202000, nNumberOfBytesToRead=0x306, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000202000*, lpNumberOfBytesRead=0xc00018bc04*=0x106, lpOverlapped=0x0) returned 1 [0145.893] ReadFile (in: hFile=0x848, lpBuffer=0xc000202106, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000202106*, lpNumberOfBytesRead=0xc00018bc04*=0x0, lpOverlapped=0x0) returned 1 [0145.893] CloseHandle (hObject=0x848) returned 1 [0145.894] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0145.895] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc00018bd04 | out: lpMode=0xc00018bd04) returned 0 [0145.897] GetFileType (hFile=0x848) returned 0x1 [0145.898] WriteFile (in: hFile=0x848, lpBuffer=0xc000184000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc00018bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000184000*, lpNumberOfBytesWritten=0xc00018bcec*=0x110, lpOverlapped=0x0) returned 1 [0145.899] CloseHandle (hObject=0x848) returned 1 [0145.900] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0145.900] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0145.901] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0145.903] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc00018bd64 | out: lpMode=0xc00018bd64) returned 0 [0145.911] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0146.138] SetEvent (hEvent=0xa80) returned 1 [0146.138] GetFileType (hFile=0x848) returned 0x1 [0146.138] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0146.246] SetEvent (hEvent=0xc0) returned 1 [0146.246] SetEvent (hEvent=0xc24) returned 1 [0146.246] WriteFile (in: hFile=0x848, lpBuffer=0xc0000d7760*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7760*, lpNumberOfBytesWritten=0xc00018bd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.246] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0146.316] CloseHandle (hObject=0x848) returned 1 [0146.317] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\encry-Run.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\encry-run.lnk"), dwFlags=0x1) returned 1 [0146.338] SetEvent (hEvent=0x2f4) returned 1 [0146.338] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0146.341] SetEvent (hEvent=0xc1c) returned 1 [0146.341] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0146.673] SetEvent (hEvent=0xc80) returned 1 [0146.673] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0146.676] SetEvent (hEvent=0xc80) returned 1 [0146.676] VirtualFree (lpAddress=0xc0006e4000, dwSize=0x82000, dwFreeType=0x4000) returned 1 [0146.681] VirtualFree (lpAddress=0xc000588000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.682] VirtualFree (lpAddress=0xc000542000, dwSize=0x3a000, dwFreeType=0x4000) returned 1 [0146.685] VirtualFree (lpAddress=0xc0002ca000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0146.686] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.686] VirtualFree (lpAddress=0xc0002be000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0146.687] VirtualFree (lpAddress=0xc000264000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0146.688] VirtualFree (lpAddress=0xc000260000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.689] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.690] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.691] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.692] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.692] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.693] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.694] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.695] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0146.696] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.696] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.697] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.698] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0146.699] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0146.700] SetEvent (hEvent=0x3c4) returned 1 [0146.700] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0146.849] SetEvent (hEvent=0x324) returned 1 [0146.849] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0146.858] SetEvent (hEvent=0x448) returned 1 [0146.858] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0146.896] SetEvent (hEvent=0xbd8) returned 1 [0146.896] SetEvent (hEvent=0xae8) returned 1 [0146.896] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0146.930] SetEvent (hEvent=0x448) returned 1 [0146.930] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0147.878] SetEvent (hEvent=0xb60) returned 1 [0147.878] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0147.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fCFRlqHAPk6E4PaQwthT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fcfrlqhapk6e4paqwtht.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x694 [0147.915] GetConsoleMode (in: hConsoleHandle=0x694, lpMode=0xc000171cf4 | out: lpMode=0xc000171cf4) returned 0 [0147.919] GetFileType (hFile=0x694) returned 0x1 [0147.919] GetFileType (hFile=0x694) returned 0x1 [0147.919] GetFileInformationByHandle (in: hFile=0x694, lpFileInformation=0xc000171d44 | out: lpFileInformation=0xc000171d44) returned 1 [0147.919] GetFileInformationByHandleEx (in: hFile=0x694, FileInformationClass=0x9, lpFileInformation=0xc000171d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000171d28) returned 1 [0147.919] VirtualAlloc (lpAddress=0xc000358000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000358000 [0147.922] ReadFile (in: hFile=0x694, lpBuffer=0xc000358000, nNumberOfBytesToRead=0x17077, lpNumberOfBytesRead=0xc000171c04, lpOverlapped=0x0 | out: lpBuffer=0xc000358000*, lpNumberOfBytesRead=0xc000171c04*=0x16e77, lpOverlapped=0x0) returned 1 [0148.538] ReadFile (in: hFile=0x694, lpBuffer=0xc00036ee77, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000171c04, lpOverlapped=0x0 | out: lpBuffer=0xc00036ee77*, lpNumberOfBytesRead=0xc000171c04*=0x0, lpOverlapped=0x0) returned 1 [0148.538] CloseHandle (hObject=0x694) returned 1 [0148.539] VirtualAlloc (lpAddress=0xc000604000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000604000 [0148.545] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fCFRlqHAPk6E4PaQwthT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fcfrlqhapk6e4paqwtht.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0149.365] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000171d04 | out: lpMode=0xc000171d04) returned 0 [0149.369] GetFileType (hFile=0x6a4) returned 0x1 [0149.369] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000604000*, nNumberOfBytesToWrite=0x16e80, lpNumberOfBytesWritten=0xc000171cec, lpOverlapped=0x0 | out: lpBuffer=0xc000604000*, lpNumberOfBytesWritten=0xc000171cec*=0x16e80, lpOverlapped=0x0) returned 1 [0149.390] CloseHandle (hObject=0x6a4) returned 1 [0149.655] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0149.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fCFRlqHAPk6E4PaQwthT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fcfrlqhapk6e4paqwtht.m4a"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0149.655] GetConsoleMode (in: hConsoleHandle=0x854, lpMode=0xc000171d64 | out: lpMode=0xc000171d64) returned 0 [0149.659] GetFileType (hFile=0x854) returned 0x1 [0149.659] WriteFile (in: hFile=0x854, lpBuffer=0xc0000d71e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000171d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d71e0*, lpNumberOfBytesWritten=0xc000171d4c*=0x158, lpOverlapped=0x0) returned 1 [0149.665] CloseHandle (hObject=0x854) returned 1 [0149.732] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fCFRlqHAPk6E4PaQwthT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fcfrlqhapk6e4paqwtht.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-fCFRlqHAPk6E4PaQwthT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-fcfrlqhapk6e4paqwtht.m4a"), dwFlags=0x1) returned 1 [0152.293] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0152.391] SetEvent (hEvent=0x8e8) returned 1 [0152.391] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0152.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yhJPwSlO2BlhGko_W58.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yhjpwslo2blhgko_w58.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5d8 [0152.397] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc00026dcf4 | out: lpMode=0xc00026dcf4) returned 0 [0152.402] GetFileType (hFile=0x5d8) returned 0x1 [0152.402] GetFileType (hFile=0x5d8) returned 0x1 [0152.403] GetFileInformationByHandle (in: hFile=0x5d8, lpFileInformation=0xc00026dd44 | out: lpFileInformation=0xc00026dd44) returned 1 [0152.403] GetFileInformationByHandleEx (in: hFile=0x5d8, FileInformationClass=0x9, lpFileInformation=0xc00026dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026dd28) returned 1 [0152.403] VirtualAlloc (lpAddress=0xc0004ae000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004ae000 [0152.406] ReadFile (in: hFile=0x5d8, lpBuffer=0xc0004ae000, nNumberOfBytesToRead=0x118b3, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004ae000*, lpNumberOfBytesRead=0xc00026dc04*=0x116b3, lpOverlapped=0x0) returned 1 [0152.409] ReadFile (in: hFile=0x5d8, lpBuffer=0xc0004bf6b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004bf6b3*, lpNumberOfBytesRead=0xc00026dc04*=0x0, lpOverlapped=0x0) returned 1 [0152.409] CloseHandle (hObject=0x5d8) returned 1 [0152.409] VirtualAlloc (lpAddress=0xc0004c0000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004c0000 [0152.412] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yhJPwSlO2BlhGko_W58.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yhjpwslo2blhgko_w58.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0152.414] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc00026dd04 | out: lpMode=0xc00026dd04) returned 0 [0152.426] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0152.846] GetFileType (hFile=0x5d8) returned 0x1 [0152.846] WriteFile (in: hFile=0x5d8, lpBuffer=0xc0004c0000*, nNumberOfBytesToWrite=0x116c0, lpNumberOfBytesWritten=0xc00026dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0004c0000*, lpNumberOfBytesWritten=0xc00026dcec*=0x116c0, lpOverlapped=0x0) returned 1 [0152.850] CloseHandle (hObject=0x5d8) returned 1 [0152.850] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533501 | out: pbBuffer=0xc000533501) returned 1 [0152.851] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yhJPwSlO2BlhGko_W58.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yhjpwslo2blhgko_w58.xlsx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0152.851] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc00026dd64 | out: lpMode=0xc00026dd64) returned 0 [0152.881] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0152.931] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0152.956] SetEvent (hEvent=0x9f0) returned 1 [0152.956] SetEvent (hEvent=0x9a8) returned 1 [0152.956] VirtualFree (lpAddress=0xc0004ae000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0152.958] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.959] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.960] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0152.961] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.962] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.963] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.964] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.965] SetEvent (hEvent=0x9e8) returned 1 [0152.965] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0153.078] SetEvent (hEvent=0x920) returned 1 [0153.078] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0161.245] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\jAmwdJv M_4HsdxN0p.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jamwdjv m_4hsdxn0p.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5b8 [0162.056] GetConsoleMode (in: hConsoleHandle=0x5b8, lpMode=0xc0002b3cf4 | out: lpMode=0xc0002b3cf4) returned 0 [0162.409] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) returned 0x0 [0162.558] GetFileType (hFile=0x5b8) returned 0x1 [0162.558] GetFileType (hFile=0x5b8) returned 0x1 [0162.558] GetFileInformationByHandle (in: hFile=0x5b8, lpFileInformation=0xc0002b3d44 | out: lpFileInformation=0xc0002b3d44) returned 1 [0162.558] GetFileInformationByHandleEx (in: hFile=0x5b8, FileInformationClass=0x9, lpFileInformation=0xc0002b3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002b3d28) returned 1 [0162.558] ReadFile (in: hFile=0x5b8, lpBuffer=0xc00071c000, nNumberOfBytesToRead=0x41b8, lpNumberOfBytesRead=0xc0002b3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00071c000*, lpNumberOfBytesRead=0xc0002b3c04*=0x3fb8, lpOverlapped=0x0) returned 1 [0162.560] ReadFile (in: hFile=0x5b8, lpBuffer=0xc00071ffb8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002b3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00071ffb8*, lpNumberOfBytesRead=0xc0002b3c04*=0x0, lpOverlapped=0x0) returned 1 [0162.560] CloseHandle (hObject=0x5b8) returned 1 [0162.560] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\jAmwdJv M_4HsdxN0p.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jamwdjv m_4hsdxn0p.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b8 [0162.563] GetConsoleMode (in: hConsoleHandle=0x5b8, lpMode=0xc0002b3d04 | out: lpMode=0xc0002b3d04) returned 0 [0162.563] GetFileType (hFile=0x5b8) returned 0x1 [0162.563] WriteFile (in: hFile=0x5b8, lpBuffer=0xc0000fc000*, nNumberOfBytesToWrite=0x3fc0, lpNumberOfBytesWritten=0xc0002b3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc000*, lpNumberOfBytesWritten=0xc0002b3cec*=0x3fc0, lpOverlapped=0x0) returned 1 [0162.566] CloseHandle (hObject=0x5b8) returned 1 [0162.566] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533801 | out: pbBuffer=0xc000533801) returned 1 [0162.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\jAmwdJv M_4HsdxN0p.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jamwdjv m_4hsdxn0p.wav"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b8 [0162.566] GetConsoleMode (in: hConsoleHandle=0x5b8, lpMode=0xc0002b3d64 | out: lpMode=0xc0002b3d64) returned 0 [0162.566] GetFileType (hFile=0x5b8) returned 0x1 [0162.567] WriteFile (in: hFile=0x5b8, lpBuffer=0xc0000d7b80*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002b3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7b80*, lpNumberOfBytesWritten=0xc0002b3d4c*=0x158, lpOverlapped=0x0) returned 1 [0162.567] CloseHandle (hObject=0x5b8) returned 1 [0162.567] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\jAmwdJv M_4HsdxN0p.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\jamwdjv m_4hsdxn0p.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\encry-jAmwdJv M_4HsdxN0p.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\encry-jamwdjv m_4hsdxn0p.wav"), dwFlags=0x1) returned 1 [0162.569] SetEvent (hEvent=0x3b0) returned 1 [0162.569] WaitForSingleObject (hHandle=0x264, dwMilliseconds=0xffffffff) Thread: id = 39 os_tid = 0xaf4 [0115.825] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2b89fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2b89fea0*=0x214) returned 1 [0115.825] VirtualQuery (in: lpAddress=0x2b89fec0, lpBuffer=0x2b89fec0, dwLength=0x30 | out: lpBuffer=0x2b89fec0*(BaseAddress=0x2b89f000, AllocationBase=0x2b6a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0115.825] SetEvent (hEvent=0x9c) returned 1 [0115.825] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x274 [0115.826] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x278 [0115.826] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0115.835] VirtualAlloc (lpAddress=0xc0002b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b8000 [0115.835] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0528*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cb818, lpReserved=0x0 | out: lpBuffer=0xc0000a0528*, lpNumberOfCharsWritten=0xc0001cb818*=0x3) returned 1 [0115.850] GetFileType (hFile=0x1b4) returned 0x1 [0115.850] GetFileInformationByHandle (in: hFile=0x1b4, lpFileInformation=0xc00018dd44 | out: lpFileInformation=0xc00018dd44) returned 1 [0115.850] GetFileInformationByHandleEx (in: hFile=0x1b4, FileInformationClass=0x9, lpFileInformation=0xc00018dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018dd28) returned 1 [0115.850] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0115.850] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0002c0000, nNumberOfBytesToRead=0x404, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002c0000*, lpNumberOfBytesRead=0xc00018dc04*=0x204, lpOverlapped=0x0) returned 1 [0115.857] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0115.955] ReadFile (in: hFile=0x1b4, lpBuffer=0xc0002c0204, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002c0204*, lpNumberOfBytesRead=0xc00018dc04*=0x0, lpOverlapped=0x0) returned 1 [0115.955] CloseHandle (hObject=0x1b4) returned 1 [0115.955] SetEvent (hEvent=0x9c) returned 1 [0115.955] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0115.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x260 [0115.998] GetConsoleMode (in: hConsoleHandle=0x260, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0116.000] GetFileType (hFile=0x260) returned 0x1 [0116.000] GetFileType (hFile=0x260) returned 0x1 [0116.001] GetFileInformationByHandle (in: hFile=0x260, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0116.001] GetFileInformationByHandleEx (in: hFile=0x260, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0116.001] ReadFile (in: hFile=0x260, lpBuffer=0xc0001e3800, nNumberOfBytesToRead=0x15fd, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e3800*, lpNumberOfBytesRead=0xc00024dc04*=0x13fd, lpOverlapped=0x0) returned 1 [0116.005] ReadFile (in: hFile=0x260, lpBuffer=0xc0001e4bfd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e4bfd*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0116.005] CloseHandle (hObject=0x260) returned 1 [0116.005] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d8 [0116.084] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc00024dd04 | out: lpMode=0xc00024dd04) returned 0 [0116.086] GetFileType (hFile=0x2d8) returned 0x1 [0116.086] WriteFile (in: hFile=0x2d8, lpBuffer=0xc0000d1500*, nNumberOfBytesToWrite=0x1400, lpNumberOfBytesWritten=0xc00024dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesWritten=0xc00024dcec*=0x1400, lpOverlapped=0x0) returned 1 [0116.087] CloseHandle (hObject=0x2d8) returned 1 [0116.092] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2101 | out: pbBuffer=0xc0001c2101) returned 1 [0116.093] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e0 [0116.093] GetConsoleMode (in: hConsoleHandle=0x2e0, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0116.094] GetFileType (hFile=0x2e0) returned 0x1 [0116.094] WriteFile (in: hFile=0x2e0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.094] CloseHandle (hObject=0x2e0) returned 1 [0116.095] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0alc[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBC0ALC[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbc0alc[1].jpg"), dwFlags=0x1) returned 1 [0116.641] SwitchToThread () returned 1 [0116.641] SetEvent (hEvent=0x15c) returned 1 [0116.641] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0116.642] SetEvent (hEvent=0x15c) returned 1 [0116.642] SetEvent (hEvent=0x13c) returned 1 [0116.642] SetEvent (hEvent=0x144) returned 1 [0116.642] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0117.451] SetEvent (hEvent=0x1a0) returned 1 [0117.451] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0117.458] SetEvent (hEvent=0x318) returned 1 [0117.458] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0117.477] GetFileType (hFile=0x2d4) returned 0x1 [0117.477] WriteFile (in: hFile=0x2d4, lpBuffer=0xc000070000*, nNumberOfBytesToWrite=0x9c0, lpNumberOfBytesWritten=0xc00020bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesWritten=0xc00020bcec*=0x9c0, lpOverlapped=0x0) returned 1 [0117.478] CloseHandle (hObject=0x2d4) returned 1 [0117.483] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0117.616] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1901 | out: pbBuffer=0xc0000e1901) returned 1 [0117.616] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0117.617] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00020bd64 | out: lpMode=0xc00020bd64) returned 0 [0117.621] GetFileType (hFile=0x2bc) returned 0x1 [0117.621] WriteFile (in: hFile=0x2bc, lpBuffer=0xc000182dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000182dc0*, lpNumberOfBytesWritten=0xc00020bd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.621] CloseHandle (hObject=0x2bc) returned 1 [0117.626] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEgTxB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbegtxb[1].jpg"), dwFlags=0x1) returned 1 [0118.074] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.074] SetEvent (hEvent=0x258) returned 1 [0118.075] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.078] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.078] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.078] SetEvent (hEvent=0x258) returned 1 [0118.078] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.080] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.081] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.081] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.081] SetEvent (hEvent=0xc0) returned 1 [0118.081] SetEvent (hEvent=0xfc) returned 1 [0118.082] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.083] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.083] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.084] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.084] SetEvent (hEvent=0x258) returned 1 [0118.084] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.181] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.181] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.181] SetEvent (hEvent=0xc0) returned 1 [0118.181] SetEvent (hEvent=0x12c) returned 1 [0118.182] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.183] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.183] SetEvent (hEvent=0x12c) returned 1 [0118.183] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.281] SwitchToThread () returned 1 [0118.283] SetEvent (hEvent=0x1f8) returned 1 [0118.283] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.283] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.283] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.284] SetEvent (hEvent=0x1f8) returned 1 [0118.284] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.284] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.285] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.286] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.286] SetEvent (hEvent=0x12c) returned 1 [0118.286] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.288] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.288] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.289] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.290] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.290] SetEvent (hEvent=0xc0) returned 1 [0118.290] SetEvent (hEvent=0x2b0) returned 1 [0118.290] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.291] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.292] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.292] SetEvent (hEvent=0x1f8) returned 1 [0118.292] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.296] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.297] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.297] SetEvent (hEvent=0x1f8) returned 1 [0118.297] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.299] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.299] SetEvent (hEvent=0x12c) returned 1 [0118.299] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.398] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.400] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.400] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.400] SetEvent (hEvent=0xc0) returned 1 [0118.400] SetEvent (hEvent=0x324) returned 1 [0118.401] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.403] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.404] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.404] SetEvent (hEvent=0x29c) returned 1 [0118.404] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.406] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.407] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.407] SetEvent (hEvent=0x1e8) returned 1 [0118.407] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.408] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.409] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.410] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.410] SetEvent (hEvent=0x1e8) returned 1 [0118.410] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.412] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.413] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.413] SetEvent (hEvent=0x1e8) returned 1 [0118.413] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.414] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.415] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.415] SetEvent (hEvent=0x15c) returned 1 [0118.415] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.418] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.418] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.419] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.419] SetEvent (hEvent=0xc0) returned 1 [0118.419] SetEvent (hEvent=0x15c) returned 1 [0118.420] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.421] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.424] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.425] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.425] SetEvent (hEvent=0x208) returned 1 [0118.425] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.427] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.427] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.427] SetEvent (hEvent=0x208) returned 1 [0118.428] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.429] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.558] SwitchToThread () returned 1 [0118.560] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.560] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.560] SetEvent (hEvent=0xc0) returned 1 [0118.561] SetEvent (hEvent=0x188) returned 1 [0118.561] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.562] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.562] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.562] SetEvent (hEvent=0xc0) returned 1 [0118.562] SetEvent (hEvent=0x2a8) returned 1 [0118.563] SetEvent (hEvent=0x3c8) returned 1 [0118.563] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.568] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.569] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.569] SetEvent (hEvent=0x13c) returned 1 [0118.569] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.572] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.572] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.572] SetEvent (hEvent=0x144) returned 1 [0118.573] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.573] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.581] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.582] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.582] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.582] SetEvent (hEvent=0xc0) returned 1 [0118.582] SetEvent (hEvent=0x3c8) returned 1 [0118.582] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.584] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.585] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.585] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.585] SetEvent (hEvent=0x13c) returned 1 [0118.585] SetEvent (hEvent=0x1dc) returned 1 [0118.586] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.588] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.589] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.589] SetEvent (hEvent=0x3c8) returned 1 [0118.589] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.596] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.597] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.597] SetEvent (hEvent=0x3c8) returned 1 [0118.598] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.600] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.600] SetEvent (hEvent=0x3c8) returned 1 [0118.600] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.605] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.606] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.606] SetEvent (hEvent=0x24c) returned 1 [0118.606] SetEvent (hEvent=0x3c8) returned 1 [0118.606] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.610] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.611] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.611] SetEvent (hEvent=0x3c8) returned 1 [0118.611] SetEvent (hEvent=0x334) returned 1 [0118.611] SetEvent (hEvent=0x1dc) returned 1 [0118.612] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.618] SetEvent (hEvent=0x1dc) returned 1 [0118.618] SetEvent (hEvent=0x334) returned 1 [0118.618] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.621] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.621] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.622] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.622] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.622] SetEvent (hEvent=0x13c) returned 1 [0118.622] SetEvent (hEvent=0x334) returned 1 [0118.622] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.625] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.625] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.626] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0118.626] SetEvent (hEvent=0x334) returned 1 [0118.626] SetEvent (hEvent=0x1dc) returned 1 [0118.626] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.629] SetEvent (hEvent=0x1dc) returned 1 [0118.629] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.634] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.635] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0118.635] SetEvent (hEvent=0x1dc) returned 1 [0118.635] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.635] SetEvent (hEvent=0x24c) returned 1 [0118.636] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.645] SetEvent (hEvent=0x39c) returned 1 [0118.645] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.649] SetEvent (hEvent=0x3c8) returned 1 [0118.649] SetEvent (hEvent=0x334) returned 1 [0118.649] SetEvent (hEvent=0x24c) returned 1 [0118.649] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.653] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.658] SetEvent (hEvent=0x3c8) returned 1 [0118.658] SetEvent (hEvent=0x24c) returned 1 [0118.658] VirtualFree (lpAddress=0xc0005fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.658] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0118.659] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.659] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0118.660] VirtualFree (lpAddress=0xc0000b6000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0118.660] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.660] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.661] VirtualFree (lpAddress=0xc000074000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0118.661] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.661] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.661] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.662] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.662] SwitchToThread () returned 1 [0118.663] SetEvent (hEvent=0x3c8) returned 1 [0118.663] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.664] SetEvent (hEvent=0x3c8) returned 1 [0118.664] SetEvent (hEvent=0x24c) returned 1 [0118.664] SetEvent (hEvent=0x39c) returned 1 [0118.664] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.666] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.667] SetEvent (hEvent=0x3c8) returned 1 [0118.667] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.669] SetEvent (hEvent=0x3c8) returned 1 [0118.670] SetEvent (hEvent=0x24c) returned 1 [0118.670] SetEvent (hEvent=0x13c) returned 1 [0118.670] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.713] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0118.713] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x230 [0118.714] GetConsoleMode (in: hConsoleHandle=0x230, lpMode=0xc000045cf4 | out: lpMode=0xc000045cf4) returned 0 [0118.722] GetFileType (hFile=0x230) returned 0x1 [0118.722] GetFileType (hFile=0x230) returned 0x1 [0118.722] GetFileInformationByHandle (in: hFile=0x230, lpFileInformation=0xc000045d44 | out: lpFileInformation=0xc000045d44) returned 1 [0118.722] GetFileInformationByHandleEx (in: hFile=0x230, FileInformationClass=0x9, lpFileInformation=0xc000045d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000045d28) returned 1 [0118.722] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0118.723] ReadFile (in: hFile=0x230, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0xc25f, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc000045c04*=0xc05f, lpOverlapped=0x0) returned 1 [0118.731] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.850] ReadFile (in: hFile=0x230, lpBuffer=0xc00026605f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc00026605f*, lpNumberOfBytesRead=0xc000045c04*=0x0, lpOverlapped=0x0) returned 1 [0118.850] CloseHandle (hObject=0x230) returned 1 [0118.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0118.856] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0118.992] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000045d04 | out: lpMode=0xc000045d04) returned 0 [0118.994] GetFileType (hFile=0x2f0) returned 0x1 [0118.995] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0xc060, lpNumberOfBytesWritten=0xc000045cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc000045cec*=0xc060, lpOverlapped=0x0) returned 1 [0118.997] CloseHandle (hObject=0x2f0) returned 1 [0119.002] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a101 | out: pbBuffer=0xc00028a101) returned 1 [0119.002] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0119.002] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0119.003] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc000045d64 | out: lpMode=0xc000045d64) returned 0 [0119.003] GetFileType (hFile=0x308) returned 0x1 [0119.003] WriteFile (in: hFile=0x308, lpBuffer=0xc0000bc580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000045d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc580*, lpNumberOfBytesWritten=0xc000045d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.003] CloseHandle (hObject=0x308) returned 1 [0119.011] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0119.105] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-26158[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-26158[1].png"), dwFlags=0x1) returned 1 [0119.513] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0119.513] SetEvent (hEvent=0x29c) returned 1 [0119.513] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.514] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0119.514] SetEvent (hEvent=0x1f8) returned 1 [0119.514] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.515] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.515] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0119.515] SetEvent (hEvent=0x29c) returned 1 [0119.516] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.516] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.517] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0119.517] SetEvent (hEvent=0x29c) returned 1 [0119.517] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.518] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0141.494] SetEvent (hEvent=0x13c) returned 1 [0141.494] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0141.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7znj_LIq7Lm-2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7znj_liq7lm-2.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2fc [0141.495] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc0002ddcf4 | out: lpMode=0xc0002ddcf4) returned 0 [0141.496] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0141.567] GetFileType (hFile=0x2fc) returned 0x1 [0141.567] GetFileType (hFile=0x2fc) returned 0x1 [0141.568] GetFileInformationByHandle (in: hFile=0x2fc, lpFileInformation=0xc0002ddd44 | out: lpFileInformation=0xc0002ddd44) returned 1 [0141.568] GetFileInformationByHandleEx (in: hFile=0x2fc, FileInformationClass=0x9, lpFileInformation=0xc0002ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002ddd28) returned 1 [0141.568] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0141.569] ReadFile (in: hFile=0x2fc, lpBuffer=0xc0002ca000, nNumberOfBytesToRead=0x15c4, lpNumberOfBytesRead=0xc0002ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ca000*, lpNumberOfBytesRead=0xc0002ddc04*=0x13c4, lpOverlapped=0x0) returned 1 [0142.538] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0143.225] ReadFile (in: hFile=0x2fc, lpBuffer=0xc0002cb3c4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002cb3c4*, lpNumberOfBytesRead=0xc0002ddc04*=0x0, lpOverlapped=0x0) returned 1 [0143.225] CloseHandle (hObject=0x2fc) returned 1 [0143.225] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7znj_LIq7Lm-2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7znj_liq7lm-2.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0143.226] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc0002ddd04 | out: lpMode=0xc0002ddd04) returned 0 [0143.232] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0144.073] GetFileType (hFile=0x2fc) returned 0x1 [0144.073] WriteFile (in: hFile=0x2fc, lpBuffer=0xc00072b500*, nNumberOfBytesToWrite=0x13d0, lpNumberOfBytesWritten=0xc0002ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc00072b500*, lpNumberOfBytesWritten=0xc0002ddcec*=0x13d0, lpOverlapped=0x0) returned 1 [0144.074] CloseHandle (hObject=0x2fc) returned 1 [0144.074] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0144.075] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0144.075] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0144.077] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0144.078] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0144.079] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7znj_LIq7Lm-2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7znj_liq7lm-2.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0144.079] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc0002ddd64 | out: lpMode=0xc0002ddd64) returned 0 [0144.082] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0144.885] GetFileType (hFile=0x2fc) returned 0x1 [0144.885] WriteFile (in: hFile=0x2fc, lpBuffer=0xc00007ec60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007ec60*, lpNumberOfBytesWritten=0xc0002ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.886] CloseHandle (hObject=0x2fc) returned 1 [0144.895] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0145.490] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7znj_LIq7Lm-2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7znj_liq7lm-2.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-7znj_LIq7Lm-2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-7znj_liq7lm-2.lnk"), dwFlags=0x1) returned 1 [0147.927] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.928] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0147.928] SetEvent (hEvent=0xc0) returned 1 [0147.928] SetEvent (hEvent=0x920) returned 1 [0147.928] SetEvent (hEvent=0xbd0) returned 1 [0147.928] SetEvent (hEvent=0xb68) returned 1 [0147.930] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.939] SetEvent (hEvent=0x920) returned 1 [0147.939] SetEvent (hEvent=0x208) returned 1 [0147.939] SetEvent (hEvent=0x8b8) returned 1 [0147.939] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.951] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0147.951] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.952] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0147.952] SetEvent (hEvent=0xc0) returned 1 [0147.952] SetEvent (hEvent=0xc44) returned 1 [0147.952] SetEvent (hEvent=0x448) returned 1 [0147.952] SetEvent (hEvent=0x1f8) returned 1 [0147.952] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.973] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0147.973] SetEvent (hEvent=0x8b8) returned 1 [0147.973] SetEvent (hEvent=0x448) returned 1 [0147.973] SetEvent (hEvent=0x208) returned 1 [0147.974] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.978] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0147.978] SetEvent (hEvent=0x208) returned 1 [0147.978] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.982] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0147.982] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.982] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0147.983] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0147.983] SetEvent (hEvent=0x208) returned 1 [0147.983] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.987] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0147.987] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.988] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f698, ulCount=0x10, ulNumEntriesRemoved=0x2b89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f698, ulNumEntriesRemoved=0x2b89f66c) returned 0 [0147.988] SetEvent (hEvent=0xc0) returned 1 [0147.988] SetEvent (hEvent=0x8b8) returned 1 [0147.988] SetEvent (hEvent=0xc44) returned 1 [0147.988] SetEvent (hEvent=0x208) returned 1 [0147.990] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.994] SetEvent (hEvent=0x208) returned 1 [0147.994] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe08*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.000] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe30*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.001] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2b89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2b89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2b89f6a0, ulNumEntriesRemoved=0x2b89f674) returned 0 [0148.001] SetEvent (hEvent=0xc0) returned 1 [0148.001] SetEvent (hEvent=0x208) returned 1 [0148.001] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2b89fe18*=0x274, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0148.013] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0148.013] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vJidzl.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vjidzl.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x68c [0148.014] GetConsoleMode (in: hConsoleHandle=0x68c, lpMode=0xc000153cf4 | out: lpMode=0xc000153cf4) returned 0 [0148.019] GetFileType (hFile=0x68c) returned 0x1 [0148.019] GetFileType (hFile=0x68c) returned 0x1 [0148.019] GetFileInformationByHandle (in: hFile=0x68c, lpFileInformation=0xc000153d44 | out: lpFileInformation=0xc000153d44) returned 1 [0148.019] GetFileInformationByHandleEx (in: hFile=0x68c, FileInformationClass=0x9, lpFileInformation=0xc000153d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000153d28) returned 1 [0148.019] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0148.020] ReadFile (in: hFile=0x68c, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xb086, lpNumberOfBytesRead=0xc000153c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc000153c04*=0xae86, lpOverlapped=0x0) returned 1 [0148.647] ReadFile (in: hFile=0x68c, lpBuffer=0xc00021ce86, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000153c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021ce86*, lpNumberOfBytesRead=0xc000153c04*=0x0, lpOverlapped=0x0) returned 1 [0148.648] CloseHandle (hObject=0x68c) returned 1 [0148.648] VirtualAlloc (lpAddress=0xc0006b6000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006b6000 [0148.651] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0148.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vJidzl.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vjidzl.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0 [0150.437] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0150.439] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc000153d04 | out: lpMode=0xc000153d04) returned 0 [0150.440] GetFileType (hFile=0x5a0) returned 0x1 [0150.440] WriteFile (in: hFile=0x5a0, lpBuffer=0xc0006b6000*, nNumberOfBytesToWrite=0xae90, lpNumberOfBytesWritten=0xc000153cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006b6000*, lpNumberOfBytesWritten=0xc000153cec*=0xae90, lpOverlapped=0x0) returned 1 [0150.449] CloseHandle (hObject=0x5a0) returned 1 [0150.514] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0150.514] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0150.515] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0150.516] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0150.517] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0150.518] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0150.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vJidzl.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vjidzl.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0150.519] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000153d64 | out: lpMode=0xc000153d64) returned 0 [0150.529] GetFileType (hFile=0x7a0) returned 0x1 [0150.529] WriteFile (in: hFile=0x7a0, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000153d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000153d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.586] CloseHandle (hObject=0x7a0) returned 1 [0150.685] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0150.738] SetEvent (hEvent=0x988) returned 1 [0150.738] SetEvent (hEvent=0xa80) returned 1 [0150.738] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0150.753] SetEvent (hEvent=0x8f8) returned 1 [0150.753] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0150.759] SetEvent (hEvent=0x8d0) returned 1 [0150.759] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0150.796] SetEvent (hEvent=0xb50) returned 1 [0150.796] SetEvent (hEvent=0x988) returned 1 [0150.796] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0150.803] SetEvent (hEvent=0xb50) returned 1 [0150.803] SetEvent (hEvent=0xb58) returned 1 [0150.803] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0150.808] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.809] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0150.811] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.812] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.813] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.814] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.815] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000429818, lpReserved=0x0 | out: lpBuffer=0xc0005861a0*, lpNumberOfCharsWritten=0xc000429818*=0x3) returned 1 [0150.818] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0150.831] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000493818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc000493818*=0x3) returned 1 [0150.837] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0150.842] SetEvent (hEvent=0xb50) returned 1 [0150.842] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0150.955] SetEvent (hEvent=0xb50) returned 1 [0150.955] SwitchToThread () returned 1 [0150.956] SetEvent (hEvent=0xb50) returned 1 [0150.956] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0150.970] SetEvent (hEvent=0xae0) returned 1 [0150.970] SwitchToThread () returned 1 [0150.971] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Administrator.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\administrator.contact"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e)) returned 1 [0150.972] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaa5080, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaa5080, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaa5080, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x493)) returned 1 [0150.972] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0150.974] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eacb1e0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eacb1e0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eacb1e0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x499)) returned 1 [0150.974] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c)) returned 1 [0150.974] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x496)) returned 1 [0150.975] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494)) returned 1 [0150.975] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3a00 | out: lpFileInformation=0xc0001a3a00*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0150.976] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x668 [0150.976] GetFileInformationByHandle (in: hFile=0x668, lpFileInformation=0xc0001a3954 | out: lpFileInformation=0xc0001a3954) returned 1 [0150.976] GetFileInformationByHandleEx (in: hFile=0x668, FileInformationClass=0x9, lpFileInformation=0xc0001a3938, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a3938) returned 1 [0150.976] CloseHandle (hObject=0x668) returned 1 [0150.976] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3a00 | out: lpFileInformation=0xc0001a3a00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7cb3aee0, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x7cb3aee0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0150.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0150.977] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*", lpFindFileData=0xc0001a37b8 | out: lpFindFileData=0xc0001a37b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7cb3aee0, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x7cb3aee0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0150.977] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7cb3aee0, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x7cb3aee0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.977] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ab83000, ftCreationTime.dwHighDateTime=0x1d5dde4, ftLastAccessTime.dwLowDateTime=0x125cd640, ftLastAccessTime.dwHighDateTime=0x1d5e423, ftLastWriteTime.dwLowDateTime=0x125cd640, ftLastWriteTime.dwHighDateTime=0x1d5e423, nFileSizeHigh=0x0, nFileSizeLow=0x16860, dwReserved0=0x0, dwReserved1=0x0, cFileName="1nIT0zLa0lEY24O0.swf", cAlternateFileName="1NIT0Z~1.SWF")) returned 1 [0150.977] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4eee5b80, ftCreationTime.dwHighDateTime=0x1d5dd00, ftLastAccessTime.dwLowDateTime=0xfc39310, ftLastAccessTime.dwHighDateTime=0x1d5e4fa, ftLastWriteTime.dwLowDateTime=0xfc39310, ftLastWriteTime.dwHighDateTime=0x1d5e4fa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1WwC7yDS7iD6Z0TXpq", cAlternateFileName="1WWC7Y~1")) returned 1 [0150.977] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d80f070, ftCreationTime.dwHighDateTime=0x1d5e167, ftLastAccessTime.dwLowDateTime=0x7a762c00, ftLastAccessTime.dwHighDateTime=0x1d5df45, ftLastWriteTime.dwLowDateTime=0x7a762c00, ftLastWriteTime.dwHighDateTime=0x1d5df45, nFileSizeHigh=0x0, nFileSizeLow=0x13f55, dwReserved0=0x0, dwReserved1=0x0, cFileName="846qyHVIL2d.mp3", cAlternateFileName="846QYH~1.MP3")) returned 1 [0150.977] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9a5bec0, ftCreationTime.dwHighDateTime=0x1d5dc20, ftLastAccessTime.dwLowDateTime=0x56933b70, ftLastAccessTime.dwHighDateTime=0x1d5de05, ftLastWriteTime.dwLowDateTime=0x56933b70, ftLastWriteTime.dwHighDateTime=0x1d5de05, nFileSizeHigh=0x0, nFileSizeLow=0x1132b, dwReserved0=0x0, dwReserved1=0x0, cFileName="aeEUqq nGOo.flv", cAlternateFileName="AEEUQQ~1.FLV")) returned 1 [0150.977] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf89d5230, ftCreationTime.dwHighDateTime=0x1d5df5d, ftLastAccessTime.dwLowDateTime=0xc80accf0, ftLastAccessTime.dwHighDateTime=0x1d5d897, ftLastWriteTime.dwLowDateTime=0xc80accf0, ftLastWriteTime.dwHighDateTime=0x1d5d897, nFileSizeHigh=0x0, nFileSizeLow=0xedeb, dwReserved0=0x0, dwReserved1=0x0, cFileName="bjKx6gsVtGcVAin.bmp", cAlternateFileName="BJKX6G~1.BMP")) returned 1 [0150.977] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8b668b0, ftCreationTime.dwHighDateTime=0x1d5e2f0, ftLastAccessTime.dwLowDateTime=0x7e2c830, ftLastAccessTime.dwHighDateTime=0x1d5e0ab, ftLastWriteTime.dwLowDateTime=0x7e2c830, ftLastWriteTime.dwHighDateTime=0x1d5e0ab, nFileSizeHigh=0x0, nFileSizeLow=0x15967, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bq NMVPj7nVIWKjV9Ya.m4a", cAlternateFileName="BQNMVP~1.M4A")) returned 1 [0150.977] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc58a6860, ftCreationTime.dwHighDateTime=0x1d5db70, ftLastAccessTime.dwLowDateTime=0xd5866e40, ftLastAccessTime.dwHighDateTime=0x1d5d809, ftLastWriteTime.dwLowDateTime=0xd5866e40, ftLastWriteTime.dwHighDateTime=0x1d5d809, nFileSizeHigh=0x0, nFileSizeLow=0x1d01, dwReserved0=0x0, dwReserved1=0x0, cFileName="cwHJA1yE5fN.flv", cAlternateFileName="CWHJA1~1.FLV")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1993d90, ftCreationTime.dwHighDateTime=0x1d5d95f, ftLastAccessTime.dwLowDateTime=0x6dab7550, ftLastAccessTime.dwHighDateTime=0x1d5dccc, ftLastWriteTime.dwLowDateTime=0x6dab7550, ftLastWriteTime.dwHighDateTime=0x1d5dccc, nFileSizeHigh=0x0, nFileSizeLow=0xec8, dwReserved0=0x0, dwReserved1=0x0, cFileName="EuhSMC2pzLMt_.avi", cAlternateFileName="EUHSMC~1.AVI")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0174e50, ftCreationTime.dwHighDateTime=0x1d5d9a8, ftLastAccessTime.dwLowDateTime=0x543c3990, ftLastAccessTime.dwHighDateTime=0x1d5dc38, ftLastWriteTime.dwLowDateTime=0x543c3990, ftLastWriteTime.dwHighDateTime=0x1d5dc38, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FzNv_DLmFAz", cAlternateFileName="FZNV_D~1")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3e5a7e0, ftCreationTime.dwHighDateTime=0x1d5de29, ftLastAccessTime.dwLowDateTime=0xed608f30, ftLastAccessTime.dwHighDateTime=0x1d5dbcb, ftLastWriteTime.dwLowDateTime=0xed608f30, ftLastWriteTime.dwHighDateTime=0x1d5dbcb, nFileSizeHigh=0x0, nFileSizeLow=0xcc31, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpeHTkf.flv", cAlternateFileName="")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26265a50, ftCreationTime.dwHighDateTime=0x1d5db97, ftLastAccessTime.dwLowDateTime=0x95c53ac0, ftLastAccessTime.dwHighDateTime=0x1d5e01a, ftLastWriteTime.dwLowDateTime=0x95c53ac0, ftLastWriteTime.dwHighDateTime=0x1d5e01a, nFileSizeHigh=0x0, nFileSizeLow=0x95ef, dwReserved0=0x0, dwReserved1=0x0, cFileName="KPl98.mp4", cAlternateFileName="")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6de8b50, ftCreationTime.dwHighDateTime=0x1d5d87e, ftLastAccessTime.dwLowDateTime=0xb0761050, ftLastAccessTime.dwHighDateTime=0x1d5d931, ftLastWriteTime.dwLowDateTime=0xb0761050, ftLastWriteTime.dwHighDateTime=0x1d5d931, nFileSizeHigh=0x0, nFileSizeLow=0xabda, dwReserved0=0x0, dwReserved1=0x0, cFileName="LWPism.pdf", cAlternateFileName="")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6994f800, ftCreationTime.dwHighDateTime=0x1d622af, ftLastAccessTime.dwLowDateTime=0x6994f800, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0xde643400, ftLastWriteTime.dwHighDateTime=0x1d622a7, nFileSizeHigh=0x0, nFileSizeLow=0x23f000, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.exe", cAlternateFileName="")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19d76de0, ftCreationTime.dwHighDateTime=0x1d5d91f, ftLastAccessTime.dwLowDateTime=0x32842950, ftLastAccessTime.dwHighDateTime=0x1d5e0cc, ftLastWriteTime.dwLowDateTime=0x32842950, ftLastWriteTime.dwHighDateTime=0x1d5e0cc, nFileSizeHigh=0x0, nFileSizeLow=0x2a05, dwReserved0=0x0, dwReserved1=0x0, cFileName="NnN1r.bmp", cAlternateFileName="")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93fbcf80, ftCreationTime.dwHighDateTime=0x1d5e7e8, ftLastAccessTime.dwLowDateTime=0xa3000880, ftLastAccessTime.dwHighDateTime=0x1d5da68, ftLastWriteTime.dwLowDateTime=0xa3000880, ftLastWriteTime.dwHighDateTime=0x1d5da68, nFileSizeHigh=0x0, nFileSizeLow=0x45e7, dwReserved0=0x0, dwReserved1=0x0, cFileName="NU5PyMWWm9NWMGJd_.mp3", cAlternateFileName="NU5PYM~1.MP3")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1664630, ftCreationTime.dwHighDateTime=0x1d5e461, ftLastAccessTime.dwLowDateTime=0x30dd2c60, ftLastAccessTime.dwHighDateTime=0x1d5d842, ftLastWriteTime.dwLowDateTime=0x30dd2c60, ftLastWriteTime.dwHighDateTime=0x1d5d842, nFileSizeHigh=0x0, nFileSizeLow=0xa080, dwReserved0=0x0, dwReserved1=0x0, cFileName="PEhXrq.bmp", cAlternateFileName="")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x506da170, ftCreationTime.dwHighDateTime=0x1d5e564, ftLastAccessTime.dwLowDateTime=0x2590ed40, ftLastAccessTime.dwHighDateTime=0x1d5e1db, ftLastWriteTime.dwLowDateTime=0x2590ed40, ftLastWriteTime.dwHighDateTime=0x1d5e1db, nFileSizeHigh=0x0, nFileSizeLow=0x2e2e, dwReserved0=0x0, dwReserved1=0x0, cFileName="PFNUYD06e.csv", cAlternateFileName="PFNUYD~1.CSV")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b701880, ftCreationTime.dwHighDateTime=0x1d5d8b9, ftLastAccessTime.dwLowDateTime=0xc9aaac40, ftLastAccessTime.dwHighDateTime=0x1d5dcb3, ftLastWriteTime.dwLowDateTime=0xc9aaac40, ftLastWriteTime.dwHighDateTime=0x1d5dcb3, nFileSizeHigh=0x0, nFileSizeLow=0x3b41, dwReserved0=0x0, dwReserved1=0x0, cFileName="qejopG361M8.mkv", cAlternateFileName="QEJOPG~1.MKV")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeafd3b0, ftCreationTime.dwHighDateTime=0x1d5d88b, ftLastAccessTime.dwLowDateTime=0xb8f1f140, ftLastAccessTime.dwHighDateTime=0x1d5e237, ftLastWriteTime.dwLowDateTime=0xb8f1f140, ftLastWriteTime.dwHighDateTime=0x1d5e237, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rf3i_Q4-ueWKmRVO6", cAlternateFileName="RF3I_Q~1")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8228a340, ftCreationTime.dwHighDateTime=0x1d5e0c8, ftLastAccessTime.dwLowDateTime=0xab6da380, ftLastAccessTime.dwHighDateTime=0x1d5dc19, ftLastWriteTime.dwLowDateTime=0xab6da380, ftLastWriteTime.dwHighDateTime=0x1d5dc19, nFileSizeHigh=0x0, nFileSizeLow=0x9c76, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sg8J.m4a", cAlternateFileName="")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3be660b0, ftCreationTime.dwHighDateTime=0x1d5dd9f, ftLastAccessTime.dwLowDateTime=0xaa067120, ftLastAccessTime.dwHighDateTime=0x1d5e416, ftLastWriteTime.dwLowDateTime=0xaa067120, ftLastWriteTime.dwHighDateTime=0x1d5e416, nFileSizeHigh=0x0, nFileSizeLow=0x11073, dwReserved0=0x0, dwReserved1=0x0, cFileName="vdvT1tPyjbv-YZK70.m4a", cAlternateFileName="VDVT1T~1.M4A")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc796f820, ftCreationTime.dwHighDateTime=0x1d5e4ae, ftLastAccessTime.dwLowDateTime=0x4e089800, ftLastAccessTime.dwHighDateTime=0x1d5e617, ftLastWriteTime.dwLowDateTime=0x4e089800, ftLastWriteTime.dwHighDateTime=0x1d5e617, nFileSizeHigh=0x0, nFileSizeLow=0x3bb6, dwReserved0=0x0, dwReserved1=0x0, cFileName="XT0rtZ_l-eS-ZJIBw.flv", cAlternateFileName="XT0RTZ~1.FLV")) returned 1 [0150.978] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36e042d0, ftCreationTime.dwHighDateTime=0x1d5db6e, ftLastAccessTime.dwLowDateTime=0x3857e7d0, ftLastAccessTime.dwHighDateTime=0x1d5e186, ftLastWriteTime.dwLowDateTime=0x3857e7d0, ftLastWriteTime.dwHighDateTime=0x1d5e186, nFileSizeHigh=0x0, nFileSizeLow=0xa0e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="yhHe_4FFUOdFU932.gif", cAlternateFileName="YHHE_4~1.GIF")) returned 1 [0150.979] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa04467f0, ftCreationTime.dwHighDateTime=0x1d5da89, ftLastAccessTime.dwLowDateTime=0x8116afe0, ftLastAccessTime.dwHighDateTime=0x1d5decc, ftLastWriteTime.dwLowDateTime=0x8116afe0, ftLastWriteTime.dwHighDateTime=0x1d5decc, nFileSizeHigh=0x0, nFileSizeLow=0x12c3e, dwReserved0=0x0, dwReserved1=0x0, cFileName="zkhuA1gXTQLWd8.gif", cAlternateFileName="ZKHUA1~1.GIF")) returned 1 [0150.979] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0150.979] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0150.979] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4eee5b80, ftCreationTime.dwHighDateTime=0x1d5dd00, ftLastAccessTime.dwLowDateTime=0xfc39310, ftLastAccessTime.dwHighDateTime=0x1d5e4fa, ftLastWriteTime.dwLowDateTime=0xfc39310, ftLastWriteTime.dwHighDateTime=0x1d5e4fa, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0150.979] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0150.979] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\*", lpFindFileData=0xc0001a36e0 | out: lpFindFileData=0xc0001a36e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4eee5b80, ftCreationTime.dwHighDateTime=0x1d5dd00, ftLastAccessTime.dwLowDateTime=0xfc39310, ftLastAccessTime.dwHighDateTime=0x1d5e4fa, ftLastWriteTime.dwLowDateTime=0xfc39310, ftLastWriteTime.dwHighDateTime=0x1d5e4fa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0150.979] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x4eee5b80, ftCreationTime.dwHighDateTime=0x1d5dd00, ftLastAccessTime.dwLowDateTime=0xfc39310, ftLastAccessTime.dwHighDateTime=0x1d5e4fa, ftLastWriteTime.dwLowDateTime=0xfc39310, ftLastWriteTime.dwHighDateTime=0x1d5e4fa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.979] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc977f380, ftCreationTime.dwHighDateTime=0x1d5d881, ftLastAccessTime.dwLowDateTime=0x522332c0, ftLastAccessTime.dwHighDateTime=0x1d5d905, ftLastWriteTime.dwLowDateTime=0x522332c0, ftLastWriteTime.dwHighDateTime=0x1d5d905, nFileSizeHigh=0x0, nFileSizeLow=0x3242, dwReserved0=0x0, dwReserved1=0x0, cFileName="98_inOjtBT.bmp", cAlternateFileName="98_INO~1.BMP")) returned 1 [0150.980] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e6deed0, ftCreationTime.dwHighDateTime=0x1d5e6a0, ftLastAccessTime.dwLowDateTime=0xc89771a0, ftLastAccessTime.dwHighDateTime=0x1d5dabd, ftLastWriteTime.dwLowDateTime=0xc89771a0, ftLastWriteTime.dwHighDateTime=0x1d5dabd, nFileSizeHigh=0x0, nFileSizeLow=0xbc87, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dha6Z.mp3", cAlternateFileName="")) returned 1 [0150.980] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1320d4d0, ftCreationTime.dwHighDateTime=0x1d5daa7, ftLastAccessTime.dwLowDateTime=0x4c205760, ftLastAccessTime.dwHighDateTime=0x1d5e3a3, ftLastWriteTime.dwLowDateTime=0x4c205760, ftLastWriteTime.dwHighDateTime=0x1d5e3a3, nFileSizeHigh=0x0, nFileSizeLow=0xfbbd, dwReserved0=0x0, dwReserved1=0x0, cFileName="gq8bXea9Vy.mp3", cAlternateFileName="GQ8BXE~1.MP3")) returned 1 [0150.980] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe140ef40, ftCreationTime.dwHighDateTime=0x1d5e67c, ftLastAccessTime.dwLowDateTime=0xd29d7590, ftLastAccessTime.dwHighDateTime=0x1d5da6e, ftLastWriteTime.dwLowDateTime=0xd29d7590, ftLastWriteTime.dwHighDateTime=0x1d5da6e, nFileSizeHigh=0x0, nFileSizeLow=0xc8fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="wQBLRGmmPpS.jpg", cAlternateFileName="WQBLRG~1.JPG")) returned 1 [0150.980] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41f11e00, ftCreationTime.dwHighDateTime=0x1d5e128, ftLastAccessTime.dwLowDateTime=0xccd76470, ftLastAccessTime.dwHighDateTime=0x1d5dd5e, ftLastWriteTime.dwLowDateTime=0xccd76470, ftLastWriteTime.dwHighDateTime=0x1d5dd5e, nFileSizeHigh=0x0, nFileSizeLow=0x89a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="xe1i.pps", cAlternateFileName="")) returned 1 [0150.980] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x187e6700, ftCreationTime.dwHighDateTime=0x1d5db63, ftLastAccessTime.dwLowDateTime=0x63f083a0, ftLastAccessTime.dwHighDateTime=0x1d5e5ac, ftLastWriteTime.dwLowDateTime=0x63f083a0, ftLastWriteTime.dwHighDateTime=0x1d5e5ac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="zPwegzv", cAlternateFileName="")) returned 1 [0150.980] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0150.980] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0150.980] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\98_inOjtBT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\98_inojtbt.bmp"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc977f380, ftCreationTime.dwHighDateTime=0x1d5d881, ftLastAccessTime.dwLowDateTime=0x522332c0, ftLastAccessTime.dwHighDateTime=0x1d5d905, ftLastWriteTime.dwLowDateTime=0x522332c0, ftLastWriteTime.dwHighDateTime=0x1d5d905, nFileSizeHigh=0x0, nFileSizeLow=0x3242)) returned 1 [0150.980] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\Dha6Z.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\dha6z.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e6deed0, ftCreationTime.dwHighDateTime=0x1d5e6a0, ftLastAccessTime.dwLowDateTime=0xc89771a0, ftLastAccessTime.dwHighDateTime=0x1d5dabd, ftLastWriteTime.dwLowDateTime=0xc89771a0, ftLastWriteTime.dwHighDateTime=0x1d5dabd, nFileSizeHigh=0x0, nFileSizeLow=0xbc87)) returned 1 [0150.981] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\gq8bXea9Vy.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\gq8bxea9vy.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1320d4d0, ftCreationTime.dwHighDateTime=0x1d5daa7, ftLastAccessTime.dwLowDateTime=0x4c205760, ftLastAccessTime.dwHighDateTime=0x1d5e3a3, ftLastWriteTime.dwLowDateTime=0x4c205760, ftLastWriteTime.dwHighDateTime=0x1d5e3a3, nFileSizeHigh=0x0, nFileSizeLow=0xfbbd)) returned 1 [0150.981] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\wQBLRGmmPpS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\wqblrgmmpps.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe140ef40, ftCreationTime.dwHighDateTime=0x1d5e67c, ftLastAccessTime.dwLowDateTime=0xd29d7590, ftLastAccessTime.dwHighDateTime=0x1d5da6e, ftLastWriteTime.dwLowDateTime=0xd29d7590, ftLastWriteTime.dwHighDateTime=0x1d5da6e, nFileSizeHigh=0x0, nFileSizeLow=0xc8fb)) returned 1 [0150.981] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\xe1i.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\xe1i.pps"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x41f11e00, ftCreationTime.dwHighDateTime=0x1d5e128, ftLastAccessTime.dwLowDateTime=0xccd76470, ftLastAccessTime.dwHighDateTime=0x1d5dd5e, ftLastWriteTime.dwLowDateTime=0xccd76470, ftLastWriteTime.dwHighDateTime=0x1d5dd5e, nFileSizeHigh=0x0, nFileSizeLow=0x89a3)) returned 1 [0150.981] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x187e6700, ftCreationTime.dwHighDateTime=0x1d5db63, ftLastAccessTime.dwLowDateTime=0x63f083a0, ftLastAccessTime.dwHighDateTime=0x1d5e5ac, ftLastWriteTime.dwLowDateTime=0x63f083a0, ftLastWriteTime.dwHighDateTime=0x1d5e5ac, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0150.981] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0150.981] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\*", lpFindFileData=0xc0001a3608 | out: lpFindFileData=0xc0001a3608*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x187e6700, ftCreationTime.dwHighDateTime=0x1d5db63, ftLastAccessTime.dwLowDateTime=0x63f083a0, ftLastAccessTime.dwHighDateTime=0x1d5e5ac, ftLastWriteTime.dwLowDateTime=0x63f083a0, ftLastWriteTime.dwHighDateTime=0x1d5e5ac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0150.981] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3638 | out: lpFindFileData=0xc0001a3638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x187e6700, ftCreationTime.dwHighDateTime=0x1d5db63, ftLastAccessTime.dwLowDateTime=0x63f083a0, ftLastAccessTime.dwHighDateTime=0x1d5e5ac, ftLastWriteTime.dwLowDateTime=0x63f083a0, ftLastWriteTime.dwHighDateTime=0x1d5e5ac, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.982] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3638 | out: lpFindFileData=0xc0001a3638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3cd96280, ftCreationTime.dwHighDateTime=0x1d5d8d9, ftLastAccessTime.dwLowDateTime=0x2ec3e100, ftLastAccessTime.dwHighDateTime=0x1d5e3c1, ftLastWriteTime.dwLowDateTime=0x2ec3e100, ftLastWriteTime.dwHighDateTime=0x1d5e3c1, nFileSizeHigh=0x0, nFileSizeLow=0x220b, dwReserved0=0x0, dwReserved1=0x0, cFileName="deITjFDVBGMK37.mp3", cAlternateFileName="DEITJF~1.MP3")) returned 1 [0150.982] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3638 | out: lpFindFileData=0xc0001a3638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa44b2a00, ftCreationTime.dwHighDateTime=0x1d5e317, ftLastAccessTime.dwLowDateTime=0x6cd6ff90, ftLastAccessTime.dwHighDateTime=0x1d5e425, ftLastWriteTime.dwLowDateTime=0x6cd6ff90, ftLastWriteTime.dwHighDateTime=0x1d5e425, nFileSizeHigh=0x0, nFileSizeLow=0x2ab0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EnPoS1F1VYf.png", cAlternateFileName="ENPOS1~1.PNG")) returned 1 [0150.982] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3638 | out: lpFindFileData=0xc0001a3638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6bbfe270, ftCreationTime.dwHighDateTime=0x1d5e4a2, ftLastAccessTime.dwLowDateTime=0x6c5c10c0, ftLastAccessTime.dwHighDateTime=0x1d5dcb2, ftLastWriteTime.dwLowDateTime=0x6c5c10c0, ftLastWriteTime.dwHighDateTime=0x1d5dcb2, nFileSizeHigh=0x0, nFileSizeLow=0x10b97, dwReserved0=0x0, dwReserved1=0x0, cFileName="H8Eiq3-yxnk9.ots", cAlternateFileName="H8EIQ3~1.OTS")) returned 1 [0150.982] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3638 | out: lpFindFileData=0xc0001a3638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eebbbf0, ftCreationTime.dwHighDateTime=0x1d5e801, ftLastAccessTime.dwLowDateTime=0x7d2141c0, ftLastAccessTime.dwHighDateTime=0x1d5e309, ftLastWriteTime.dwLowDateTime=0x7d2141c0, ftLastWriteTime.dwHighDateTime=0x1d5e309, nFileSizeHigh=0x0, nFileSizeLow=0x3747, dwReserved0=0x0, dwReserved1=0x0, cFileName="VevaAlv2kwFWSA56eyl.swf", cAlternateFileName="VEVAAL~1.SWF")) returned 1 [0150.982] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3638 | out: lpFindFileData=0xc0001a3638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0150.982] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0150.982] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\EnPoS1F1VYf.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\enpos1f1vyf.png"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3778 | out: lpFileInformation=0xc0001a3778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa44b2a00, ftCreationTime.dwHighDateTime=0x1d5e317, ftLastAccessTime.dwLowDateTime=0x6cd6ff90, ftLastAccessTime.dwHighDateTime=0x1d5e425, ftLastWriteTime.dwLowDateTime=0x6cd6ff90, ftLastWriteTime.dwHighDateTime=0x1d5e425, nFileSizeHigh=0x0, nFileSizeLow=0x2ab0)) returned 1 [0150.982] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\H8Eiq3-yxnk9.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\h8eiq3-yxnk9.ots"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3778 | out: lpFileInformation=0xc0001a3778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6bbfe270, ftCreationTime.dwHighDateTime=0x1d5e4a2, ftLastAccessTime.dwLowDateTime=0x6c5c10c0, ftLastAccessTime.dwHighDateTime=0x1d5dcb2, ftLastWriteTime.dwLowDateTime=0x6c5c10c0, ftLastWriteTime.dwHighDateTime=0x1d5dcb2, nFileSizeHigh=0x0, nFileSizeLow=0x10b97)) returned 1 [0150.982] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0150.984] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\VevaAlv2kwFWSA56eyl.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\vevaalv2kwfwsa56eyl.swf"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3778 | out: lpFileInformation=0xc0001a3778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eebbbf0, ftCreationTime.dwHighDateTime=0x1d5e801, ftLastAccessTime.dwLowDateTime=0x7d2141c0, ftLastAccessTime.dwHighDateTime=0x1d5e309, ftLastWriteTime.dwLowDateTime=0x7d2141c0, ftLastWriteTime.dwHighDateTime=0x1d5e309, nFileSizeHigh=0x0, nFileSizeLow=0x3747)) returned 1 [0150.984] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\deITjFDVBGMK37.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\deitjfdvbgmk37.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3778 | out: lpFileInformation=0xc0001a3778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3cd96280, ftCreationTime.dwHighDateTime=0x1d5d8d9, ftLastAccessTime.dwLowDateTime=0x2ec3e100, ftLastAccessTime.dwHighDateTime=0x1d5e3c1, ftLastWriteTime.dwLowDateTime=0x2ec3e100, ftLastWriteTime.dwHighDateTime=0x1d5e3c1, nFileSizeHigh=0x0, nFileSizeLow=0x220b)) returned 1 [0150.984] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1nIT0zLa0lEY24O0.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1nit0zla0ley24o0.swf"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ab83000, ftCreationTime.dwHighDateTime=0x1d5dde4, ftLastAccessTime.dwLowDateTime=0x125cd640, ftLastAccessTime.dwHighDateTime=0x1d5e423, ftLastWriteTime.dwLowDateTime=0x125cd640, ftLastWriteTime.dwHighDateTime=0x1d5e423, nFileSizeHigh=0x0, nFileSizeLow=0x16860)) returned 1 [0150.984] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\846qyHVIL2d.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\846qyhvil2d.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d80f070, ftCreationTime.dwHighDateTime=0x1d5e167, ftLastAccessTime.dwLowDateTime=0x7a762c00, ftLastAccessTime.dwHighDateTime=0x1d5df45, ftLastWriteTime.dwLowDateTime=0x7a762c00, ftLastWriteTime.dwHighDateTime=0x1d5df45, nFileSizeHigh=0x0, nFileSizeLow=0x13f55)) returned 1 [0150.984] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Bq NMVPj7nVIWKjV9Ya.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bq nmvpj7nviwkjv9ya.m4a"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8b668b0, ftCreationTime.dwHighDateTime=0x1d5e2f0, ftLastAccessTime.dwLowDateTime=0x7e2c830, ftLastAccessTime.dwHighDateTime=0x1d5e0ab, ftLastWriteTime.dwLowDateTime=0x7e2c830, ftLastWriteTime.dwHighDateTime=0x1d5e0ab, nFileSizeHigh=0x0, nFileSizeLow=0x15967)) returned 1 [0150.985] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EuhSMC2pzLMt_.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\euhsmc2pzlmt_.avi"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1993d90, ftCreationTime.dwHighDateTime=0x1d5d95f, ftLastAccessTime.dwLowDateTime=0x6dab7550, ftLastAccessTime.dwHighDateTime=0x1d5dccc, ftLastWriteTime.dwLowDateTime=0x6dab7550, ftLastWriteTime.dwHighDateTime=0x1d5dccc, nFileSizeHigh=0x0, nFileSizeLow=0xec8)) returned 1 [0150.985] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0174e50, ftCreationTime.dwHighDateTime=0x1d5d9a8, ftLastAccessTime.dwLowDateTime=0x543c3990, ftLastAccessTime.dwHighDateTime=0x1d5dc38, ftLastWriteTime.dwLowDateTime=0x543c3990, ftLastWriteTime.dwHighDateTime=0x1d5dc38, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0150.985] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0150.985] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\*", lpFindFileData=0xc0001a36e0 | out: lpFindFileData=0xc0001a36e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0174e50, ftCreationTime.dwHighDateTime=0x1d5d9a8, ftLastAccessTime.dwLowDateTime=0x543c3990, ftLastAccessTime.dwHighDateTime=0x1d5dc38, ftLastWriteTime.dwLowDateTime=0x543c3990, ftLastWriteTime.dwHighDateTime=0x1d5dc38, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0150.986] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf0174e50, ftCreationTime.dwHighDateTime=0x1d5d9a8, ftLastAccessTime.dwLowDateTime=0x543c3990, ftLastAccessTime.dwHighDateTime=0x1d5dc38, ftLastWriteTime.dwLowDateTime=0x543c3990, ftLastWriteTime.dwHighDateTime=0x1d5dc38, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.986] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2df026e0, ftCreationTime.dwHighDateTime=0x1d5e04b, ftLastAccessTime.dwLowDateTime=0xca3a8850, ftLastAccessTime.dwHighDateTime=0x1d5e7b8, ftLastWriteTime.dwLowDateTime=0xca3a8850, ftLastWriteTime.dwHighDateTime=0x1d5e7b8, nFileSizeHigh=0x0, nFileSizeLow=0x96da, dwReserved0=0x0, dwReserved1=0x0, cFileName="3U_CJfI.bmp", cAlternateFileName="")) returned 1 [0150.986] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9b76720, ftCreationTime.dwHighDateTime=0x1d5d8c7, ftLastAccessTime.dwLowDateTime=0x31fb8d50, ftLastAccessTime.dwHighDateTime=0x1d5dab6, ftLastWriteTime.dwLowDateTime=0x31fb8d50, ftLastWriteTime.dwHighDateTime=0x1d5dab6, nFileSizeHigh=0x0, nFileSizeLow=0x8455, dwReserved0=0x0, dwReserved1=0x0, cFileName="IekXS.swf", cAlternateFileName="")) returned 1 [0150.986] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf6ae480, ftCreationTime.dwHighDateTime=0x1d5d8c6, ftLastAccessTime.dwLowDateTime=0x2978ba40, ftLastAccessTime.dwHighDateTime=0x1d5e506, ftLastWriteTime.dwLowDateTime=0x2978ba40, ftLastWriteTime.dwHighDateTime=0x1d5e506, nFileSizeHigh=0x0, nFileSizeLow=0xfb09, dwReserved0=0x0, dwReserved1=0x0, cFileName="WffK55LsjI-.ots", cAlternateFileName="WFFK55~1.OTS")) returned 1 [0150.986] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13476db0, ftCreationTime.dwHighDateTime=0x1d5dc6a, ftLastAccessTime.dwLowDateTime=0x19c3d9f0, ftLastAccessTime.dwHighDateTime=0x1d5e785, ftLastWriteTime.dwLowDateTime=0x19c3d9f0, ftLastWriteTime.dwHighDateTime=0x1d5e785, nFileSizeHigh=0x0, nFileSizeLow=0x1039, dwReserved0=0x0, dwReserved1=0x0, cFileName="X0WBB2qkG0k1puf.mkv", cAlternateFileName="X0WBB2~1.MKV")) returned 1 [0150.986] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0150.986] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0150.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\3U_CJfI.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\3u_cjfi.bmp"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2df026e0, ftCreationTime.dwHighDateTime=0x1d5e04b, ftLastAccessTime.dwLowDateTime=0xca3a8850, ftLastAccessTime.dwHighDateTime=0x1d5e7b8, ftLastWriteTime.dwLowDateTime=0xca3a8850, ftLastWriteTime.dwHighDateTime=0x1d5e7b8, nFileSizeHigh=0x0, nFileSizeLow=0x96da)) returned 1 [0150.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\IekXS.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\iekxs.swf"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe9b76720, ftCreationTime.dwHighDateTime=0x1d5d8c7, ftLastAccessTime.dwLowDateTime=0x31fb8d50, ftLastAccessTime.dwHighDateTime=0x1d5dab6, ftLastWriteTime.dwLowDateTime=0x31fb8d50, ftLastWriteTime.dwHighDateTime=0x1d5dab6, nFileSizeHigh=0x0, nFileSizeLow=0x8455)) returned 1 [0150.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\WffK55LsjI-.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\wffk55lsji-.ots"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf6ae480, ftCreationTime.dwHighDateTime=0x1d5d8c6, ftLastAccessTime.dwLowDateTime=0x2978ba40, ftLastAccessTime.dwHighDateTime=0x1d5e506, ftLastWriteTime.dwLowDateTime=0x2978ba40, ftLastWriteTime.dwHighDateTime=0x1d5e506, nFileSizeHigh=0x0, nFileSizeLow=0xfb09)) returned 1 [0150.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\X0WBB2qkG0k1puf.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\x0wbb2qkg0k1puf.mkv"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x13476db0, ftCreationTime.dwHighDateTime=0x1d5dc6a, ftLastAccessTime.dwLowDateTime=0x19c3d9f0, ftLastAccessTime.dwHighDateTime=0x1d5e785, ftLastWriteTime.dwLowDateTime=0x19c3d9f0, ftLastWriteTime.dwHighDateTime=0x1d5e785, nFileSizeHigh=0x0, nFileSizeLow=0x1039)) returned 1 [0150.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KPl98.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kpl98.mp4"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x26265a50, ftCreationTime.dwHighDateTime=0x1d5db97, ftLastAccessTime.dwLowDateTime=0x95c53ac0, ftLastAccessTime.dwHighDateTime=0x1d5e01a, ftLastWriteTime.dwLowDateTime=0x95c53ac0, ftLastWriteTime.dwHighDateTime=0x1d5e01a, nFileSizeHigh=0x0, nFileSizeLow=0x95ef)) returned 1 [0150.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LWPism.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lwpism.pdf"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6de8b50, ftCreationTime.dwHighDateTime=0x1d5d87e, ftLastAccessTime.dwLowDateTime=0xb0761050, ftLastAccessTime.dwHighDateTime=0x1d5d931, ftLastWriteTime.dwLowDateTime=0xb0761050, ftLastWriteTime.dwHighDateTime=0x1d5d931, nFileSizeHigh=0x0, nFileSizeLow=0xabda)) returned 1 [0150.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NU5PyMWWm9NWMGJd_.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nu5pymwwm9nwmgjd_.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x93fbcf80, ftCreationTime.dwHighDateTime=0x1d5e7e8, ftLastAccessTime.dwLowDateTime=0xa3000880, ftLastAccessTime.dwHighDateTime=0x1d5da68, ftLastWriteTime.dwLowDateTime=0xa3000880, ftLastWriteTime.dwHighDateTime=0x1d5da68, nFileSizeHigh=0x0, nFileSizeLow=0x45e7)) returned 1 [0150.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NnN1r.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nnn1r.bmp"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19d76de0, ftCreationTime.dwHighDateTime=0x1d5d91f, ftLastAccessTime.dwLowDateTime=0x32842950, ftLastAccessTime.dwHighDateTime=0x1d5e0cc, ftLastWriteTime.dwLowDateTime=0x32842950, ftLastWriteTime.dwHighDateTime=0x1d5e0cc, nFileSizeHigh=0x0, nFileSizeLow=0x2a05)) returned 1 [0150.987] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0150.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PEhXrq.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pehxrq.bmp"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1664630, ftCreationTime.dwHighDateTime=0x1d5e461, ftLastAccessTime.dwLowDateTime=0x30dd2c60, ftLastAccessTime.dwHighDateTime=0x1d5d842, ftLastWriteTime.dwLowDateTime=0x30dd2c60, ftLastWriteTime.dwHighDateTime=0x1d5d842, nFileSizeHigh=0x0, nFileSizeLow=0xa080)) returned 1 [0150.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PFNUYD06e.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pfnuyd06e.csv"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x506da170, ftCreationTime.dwHighDateTime=0x1d5e564, ftLastAccessTime.dwLowDateTime=0x2590ed40, ftLastAccessTime.dwHighDateTime=0x1d5e1db, ftLastWriteTime.dwLowDateTime=0x2590ed40, ftLastWriteTime.dwHighDateTime=0x1d5e1db, nFileSizeHigh=0x0, nFileSizeLow=0x2e2e)) returned 1 [0150.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeafd3b0, ftCreationTime.dwHighDateTime=0x1d5d88b, ftLastAccessTime.dwLowDateTime=0xb8f1f140, ftLastAccessTime.dwHighDateTime=0x1d5e237, ftLastWriteTime.dwLowDateTime=0xb8f1f140, ftLastWriteTime.dwHighDateTime=0x1d5e237, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0150.989] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0150.989] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\*", lpFindFileData=0xc0001a36e0 | out: lpFindFileData=0xc0001a36e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeafd3b0, ftCreationTime.dwHighDateTime=0x1d5d88b, ftLastAccessTime.dwLowDateTime=0xb8f1f140, ftLastAccessTime.dwHighDateTime=0x1d5e237, ftLastWriteTime.dwLowDateTime=0xb8f1f140, ftLastWriteTime.dwHighDateTime=0x1d5e237, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0150.989] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaeafd3b0, ftCreationTime.dwHighDateTime=0x1d5d88b, ftLastAccessTime.dwLowDateTime=0xb8f1f140, ftLastAccessTime.dwHighDateTime=0x1d5e237, ftLastWriteTime.dwLowDateTime=0xb8f1f140, ftLastWriteTime.dwHighDateTime=0x1d5e237, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.990] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x368c6900, ftCreationTime.dwHighDateTime=0x1d5d8a6, ftLastAccessTime.dwLowDateTime=0xf3f27630, ftLastAccessTime.dwHighDateTime=0x1d5e80d, ftLastWriteTime.dwLowDateTime=0xf3f27630, ftLastWriteTime.dwHighDateTime=0x1d5e80d, nFileSizeHigh=0x0, nFileSizeLow=0x17d0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="DXhcl.mp3", cAlternateFileName="")) returned 1 [0150.990] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20cc1720, ftCreationTime.dwHighDateTime=0x1d5dd86, ftLastAccessTime.dwLowDateTime=0x1fd116a0, ftLastAccessTime.dwHighDateTime=0x1d5de89, ftLastWriteTime.dwLowDateTime=0x1fd116a0, ftLastWriteTime.dwHighDateTime=0x1d5de89, nFileSizeHigh=0x0, nFileSizeLow=0xee83, dwReserved0=0x0, dwReserved1=0x0, cFileName="LnNwGu.wav", cAlternateFileName="")) returned 1 [0150.990] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11e68c70, ftCreationTime.dwHighDateTime=0x1d5e6a2, ftLastAccessTime.dwLowDateTime=0x8a75c1a0, ftLastAccessTime.dwHighDateTime=0x1d5d9ec, ftLastWriteTime.dwLowDateTime=0x8a75c1a0, ftLastWriteTime.dwHighDateTime=0x1d5d9ec, nFileSizeHigh=0x0, nFileSizeLow=0x1586a, dwReserved0=0x0, dwReserved1=0x0, cFileName="WJrxKCY4JIYa8.avi", cAlternateFileName="WJRXKC~1.AVI")) returned 1 [0150.990] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x462e3b40, ftCreationTime.dwHighDateTime=0x1d5dde2, ftLastAccessTime.dwLowDateTime=0x22604e80, ftLastAccessTime.dwHighDateTime=0x1d5d85e, ftLastWriteTime.dwLowDateTime=0x22604e80, ftLastWriteTime.dwHighDateTime=0x1d5d85e, nFileSizeHigh=0x0, nFileSizeLow=0xf377, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZWxVOaF4Gr.jpg", cAlternateFileName="ZWXVOA~1.JPG")) returned 1 [0150.990] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0150.990] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0150.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\DXhcl.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\dxhcl.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x368c6900, ftCreationTime.dwHighDateTime=0x1d5d8a6, ftLastAccessTime.dwLowDateTime=0xf3f27630, ftLastAccessTime.dwHighDateTime=0x1d5e80d, ftLastWriteTime.dwLowDateTime=0xf3f27630, ftLastWriteTime.dwHighDateTime=0x1d5e80d, nFileSizeHigh=0x0, nFileSizeLow=0x17d0e)) returned 1 [0150.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\LnNwGu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\lnnwgu.wav"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20cc1720, ftCreationTime.dwHighDateTime=0x1d5dd86, ftLastAccessTime.dwLowDateTime=0x1fd116a0, ftLastAccessTime.dwHighDateTime=0x1d5de89, ftLastWriteTime.dwLowDateTime=0x1fd116a0, ftLastWriteTime.dwHighDateTime=0x1d5de89, nFileSizeHigh=0x0, nFileSizeLow=0xee83)) returned 1 [0150.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\WJrxKCY4JIYa8.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\wjrxkcy4jiya8.avi"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x11e68c70, ftCreationTime.dwHighDateTime=0x1d5e6a2, ftLastAccessTime.dwLowDateTime=0x8a75c1a0, ftLastAccessTime.dwHighDateTime=0x1d5d9ec, ftLastWriteTime.dwLowDateTime=0x8a75c1a0, ftLastWriteTime.dwHighDateTime=0x1d5d9ec, nFileSizeHigh=0x0, nFileSizeLow=0x1586a)) returned 1 [0150.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\ZWxVOaF4Gr.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\zwxvoaf4gr.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x462e3b40, ftCreationTime.dwHighDateTime=0x1d5dde2, ftLastAccessTime.dwLowDateTime=0x22604e80, ftLastAccessTime.dwHighDateTime=0x1d5d85e, ftLastWriteTime.dwLowDateTime=0x22604e80, ftLastWriteTime.dwHighDateTime=0x1d5d85e, nFileSizeHigh=0x0, nFileSizeLow=0xf377)) returned 1 [0150.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Sg8J.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sg8j.m4a"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8228a340, ftCreationTime.dwHighDateTime=0x1d5e0c8, ftLastAccessTime.dwLowDateTime=0xab6da380, ftLastAccessTime.dwHighDateTime=0x1d5dc19, ftLastWriteTime.dwLowDateTime=0xab6da380, ftLastWriteTime.dwHighDateTime=0x1d5dc19, nFileSizeHigh=0x0, nFileSizeLow=0x9c76)) returned 1 [0150.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XT0rtZ_l-eS-ZJIBw.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xt0rtz_l-es-zjibw.flv"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc796f820, ftCreationTime.dwHighDateTime=0x1d5e4ae, ftLastAccessTime.dwLowDateTime=0x4e089800, ftLastAccessTime.dwHighDateTime=0x1d5e617, ftLastWriteTime.dwLowDateTime=0x4e089800, ftLastWriteTime.dwHighDateTime=0x1d5e617, nFileSizeHigh=0x0, nFileSizeLow=0x3bb6)) returned 1 [0150.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeEUqq nGOo.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeeuqq ngoo.flv"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9a5bec0, ftCreationTime.dwHighDateTime=0x1d5dc20, ftLastAccessTime.dwLowDateTime=0x56933b70, ftLastAccessTime.dwHighDateTime=0x1d5de05, ftLastWriteTime.dwLowDateTime=0x56933b70, ftLastWriteTime.dwHighDateTime=0x1d5de05, nFileSizeHigh=0x0, nFileSizeLow=0x1132b)) returned 1 [0150.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bjKx6gsVtGcVAin.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bjkx6gsvtgcvain.bmp"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf89d5230, ftCreationTime.dwHighDateTime=0x1d5df5d, ftLastAccessTime.dwLowDateTime=0xc80accf0, ftLastAccessTime.dwHighDateTime=0x1d5d897, ftLastWriteTime.dwLowDateTime=0xc80accf0, ftLastWriteTime.dwHighDateTime=0x1d5d897, nFileSizeHigh=0x0, nFileSizeLow=0xedeb)) returned 1 [0150.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cwHJA1yE5fN.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cwhja1ye5fn.flv"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc58a6860, ftCreationTime.dwHighDateTime=0x1d5db70, ftLastAccessTime.dwLowDateTime=0xd5866e40, ftLastAccessTime.dwHighDateTime=0x1d5d809, ftLastWriteTime.dwLowDateTime=0xd5866e40, ftLastWriteTime.dwHighDateTime=0x1d5d809, nFileSizeHigh=0x0, nFileSizeLow=0x1d01)) returned 1 [0150.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0150.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jpeHTkf.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jpehtkf.flv"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3e5a7e0, ftCreationTime.dwHighDateTime=0x1d5de29, ftLastAccessTime.dwLowDateTime=0xed608f30, ftLastAccessTime.dwHighDateTime=0x1d5dbcb, ftLastWriteTime.dwLowDateTime=0xed608f30, ftLastWriteTime.dwHighDateTime=0x1d5dbcb, nFileSizeHigh=0x0, nFileSizeLow=0xcc31)) returned 1 [0150.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\main.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\main.exe"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6994f800, ftCreationTime.dwHighDateTime=0x1d622af, ftLastAccessTime.dwLowDateTime=0x6994f800, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0xde643400, ftLastWriteTime.dwHighDateTime=0x1d622a7, nFileSizeHigh=0x0, nFileSizeLow=0x23f000)) returned 1 [0150.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qejopG361M8.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qejopg361m8.mkv"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5b701880, ftCreationTime.dwHighDateTime=0x1d5d8b9, ftLastAccessTime.dwLowDateTime=0xc9aaac40, ftLastAccessTime.dwHighDateTime=0x1d5dcb3, ftLastWriteTime.dwLowDateTime=0xc9aaac40, ftLastWriteTime.dwHighDateTime=0x1d5dcb3, nFileSizeHigh=0x0, nFileSizeLow=0x3b41)) returned 1 [0150.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vdvT1tPyjbv-YZK70.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vdvt1tpyjbv-yzk70.m4a"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3be660b0, ftCreationTime.dwHighDateTime=0x1d5dd9f, ftLastAccessTime.dwLowDateTime=0xaa067120, ftLastAccessTime.dwHighDateTime=0x1d5e416, ftLastWriteTime.dwLowDateTime=0xaa067120, ftLastWriteTime.dwHighDateTime=0x1d5e416, nFileSizeHigh=0x0, nFileSizeLow=0x11073)) returned 1 [0150.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\yhHe_4FFUOdFU932.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\yhhe_4ffuodfu932.gif"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x36e042d0, ftCreationTime.dwHighDateTime=0x1d5db6e, ftLastAccessTime.dwLowDateTime=0x3857e7d0, ftLastAccessTime.dwHighDateTime=0x1d5e186, ftLastWriteTime.dwLowDateTime=0x3857e7d0, ftLastWriteTime.dwHighDateTime=0x1d5e186, nFileSizeHigh=0x0, nFileSizeLow=0xa0e8)) returned 1 [0150.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zkhuA1gXTQLWd8.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zkhua1gxtqlwd8.gif"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa04467f0, ftCreationTime.dwHighDateTime=0x1d5da89, ftLastAccessTime.dwLowDateTime=0x8116afe0, ftLastAccessTime.dwHighDateTime=0x1d5decc, ftLastWriteTime.dwLowDateTime=0x8116afe0, ftLastWriteTime.dwHighDateTime=0x1d5decc, nFileSizeHigh=0x0, nFileSizeLow=0x12c3e)) returned 1 [0150.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3a00 | out: lpFileInformation=0xc0001a3a00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdb813c40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdb813c40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0150.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0150.992] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\*", lpFindFileData=0xc0001a37b8 | out: lpFindFileData=0xc0001a37b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdb813c40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdb813c40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0150.992] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdb813c40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdb813c40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.992] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce4f390, ftCreationTime.dwHighDateTime=0x1d5dcb0, ftLastAccessTime.dwLowDateTime=0x74d09d60, ftLastAccessTime.dwHighDateTime=0x1d5e244, ftLastWriteTime.dwLowDateTime=0x74d09d60, ftLastWriteTime.dwHighDateTime=0x1d5e244, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1EyRx-bxddwZPbzqj", cAlternateFileName="1EYRX-~1")) returned 1 [0150.992] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42856ff0, ftCreationTime.dwHighDateTime=0x1d5c3f6, ftLastAccessTime.dwLowDateTime=0xc612fbf0, ftLastAccessTime.dwHighDateTime=0x1d56f99, ftLastWriteTime.dwLowDateTime=0xc612fbf0, ftLastWriteTime.dwHighDateTime=0x1d56f99, nFileSizeHigh=0x0, nFileSizeLow=0x1255d, dwReserved0=0x0, dwReserved1=0x0, cFileName="CNheGrQAl0z.pptx", cAlternateFileName="CNHEGR~1.PPT")) returned 1 [0150.992] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0150.992] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x182d2600, ftCreationTime.dwHighDateTime=0x1d58d80, ftLastAccessTime.dwLowDateTime=0xcf40d8b0, ftLastAccessTime.dwHighDateTime=0x1d56a02, ftLastWriteTime.dwLowDateTime=0xcf40d8b0, ftLastWriteTime.dwHighDateTime=0x1d56a02, nFileSizeHigh=0x0, nFileSizeLow=0x3fc1, dwReserved0=0x0, dwReserved1=0x0, cFileName="dlkfd.docx", cAlternateFileName="DLKFD~1.DOC")) returned 1 [0150.992] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa303820, ftCreationTime.dwHighDateTime=0x1d5766b, ftLastAccessTime.dwLowDateTime=0x9a0c7750, ftLastAccessTime.dwHighDateTime=0x1d5ae07, ftLastWriteTime.dwLowDateTime=0x9a0c7750, ftLastWriteTime.dwHighDateTime=0x1d5ae07, nFileSizeHigh=0x0, nFileSizeLow=0x26af, dwReserved0=0x0, dwReserved1=0x0, cFileName="FwQWWx1OR2 gTb6tE.xlsx", cAlternateFileName="FWQWWX~1.XLS")) returned 1 [0150.992] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x880b2610, ftCreationTime.dwHighDateTime=0x1d59cea, ftLastAccessTime.dwLowDateTime=0x11e671a0, ftLastAccessTime.dwHighDateTime=0x1d5bbfe, ftLastWriteTime.dwLowDateTime=0x11e671a0, ftLastWriteTime.dwHighDateTime=0x1d5bbfe, nFileSizeHigh=0x0, nFileSizeLow=0x10e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="HM13Y6G8DOsAcipgZ2d.docx", cAlternateFileName="HM13Y6~1.DOC")) returned 1 [0150.992] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdaf28530, ftCreationTime.dwHighDateTime=0x1d56f63, ftLastAccessTime.dwLowDateTime=0x23ac5d00, ftLastAccessTime.dwHighDateTime=0x1d5b721, ftLastWriteTime.dwLowDateTime=0x23ac5d00, ftLastWriteTime.dwHighDateTime=0x1d5b721, nFileSizeHigh=0x0, nFileSizeLow=0xb33e, dwReserved0=0x0, dwReserved1=0x0, cFileName="IRGFUbZDrY001k.xlsx", cAlternateFileName="IRGFUB~1.XLS")) returned 1 [0150.992] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0150.993] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0150.993] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0150.993] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0150.993] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7005a9e0, ftCreationTime.dwHighDateTime=0x1d5bf3c, ftLastAccessTime.dwLowDateTime=0xe171d0e0, ftLastAccessTime.dwHighDateTime=0x1d5a61e, ftLastWriteTime.dwLowDateTime=0xe171d0e0, ftLastWriteTime.dwHighDateTime=0x1d5a61e, nFileSizeHigh=0x0, nFileSizeLow=0xfc1, dwReserved0=0x0, dwReserved1=0x0, cFileName="N3 iiKK5mP8C2F.pptx", cAlternateFileName="N3IIKK~1.PPT")) returned 1 [0150.993] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10340200, ftCreationTime.dwHighDateTime=0x1d57194, ftLastAccessTime.dwLowDateTime=0xce803cf0, ftLastAccessTime.dwHighDateTime=0x1d5ad4f, ftLastWriteTime.dwLowDateTime=0xce803cf0, ftLastWriteTime.dwHighDateTime=0x1d5ad4f, nFileSizeHigh=0x0, nFileSizeLow=0x161d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="oeX7FVsDs_QXQ.xlsx", cAlternateFileName="OEX7FV~1.XLS")) returned 1 [0150.993] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0150.993] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1afa2070, ftCreationTime.dwHighDateTime=0x1d58995, ftLastAccessTime.dwLowDateTime=0x614b3540, ftLastAccessTime.dwHighDateTime=0x1d55bd8, ftLastWriteTime.dwLowDateTime=0x614b3540, ftLastWriteTime.dwHighDateTime=0x1d55bd8, nFileSizeHigh=0x0, nFileSizeLow=0xfc5e, dwReserved0=0x0, dwReserved1=0x0, cFileName="oVS-uFdkCnpg7C9Q.docx", cAlternateFileName="OVS-UF~1.DOC")) returned 1 [0150.993] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0166590, ftCreationTime.dwHighDateTime=0x1d5772b, ftLastAccessTime.dwLowDateTime=0x96ee6ef0, ftLastAccessTime.dwHighDateTime=0x1d57713, ftLastWriteTime.dwLowDateTime=0x96ee6ef0, ftLastWriteTime.dwHighDateTime=0x1d57713, nFileSizeHigh=0x0, nFileSizeLow=0x7f2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="PQC qu7jynQj.docx", cAlternateFileName="PQCQU7~1.DOC")) returned 1 [0150.993] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58019850, ftCreationTime.dwHighDateTime=0x1d5b6d0, ftLastAccessTime.dwLowDateTime=0x4271de20, ftLastAccessTime.dwHighDateTime=0x1d58ed3, ftLastWriteTime.dwLowDateTime=0x4271de20, ftLastWriteTime.dwHighDateTime=0x1d58ed3, nFileSizeHigh=0x0, nFileSizeLow=0x19ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pr3tvmM8VB9VEp IpuI.xlsx", cAlternateFileName="PR3TVM~1.XLS")) returned 1 [0150.993] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3745560, ftCreationTime.dwHighDateTime=0x1d5dcb0, ftLastAccessTime.dwLowDateTime=0x342bd310, ftLastAccessTime.dwHighDateTime=0x1d5dce0, ftLastWriteTime.dwLowDateTime=0x342bd310, ftLastWriteTime.dwHighDateTime=0x1d5dce0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="q7uHgHX5", cAlternateFileName="")) returned 1 [0150.993] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29857570, ftCreationTime.dwHighDateTime=0x1d56075, ftLastAccessTime.dwLowDateTime=0xf878d640, ftLastAccessTime.dwHighDateTime=0x1d59169, ftLastWriteTime.dwLowDateTime=0xf878d640, ftLastWriteTime.dwHighDateTime=0x1d59169, nFileSizeHigh=0x0, nFileSizeLow=0xe05e, dwReserved0=0x0, dwReserved1=0x0, cFileName="qP7z mewstU.pptx", cAlternateFileName="QP7ZME~1.PPT")) returned 1 [0150.994] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaa521440, ftCreationTime.dwHighDateTime=0x1d5e0a1, ftLastAccessTime.dwLowDateTime=0x1bccc40, ftLastAccessTime.dwHighDateTime=0x1d5e69a, ftLastWriteTime.dwLowDateTime=0x1bccc40, ftLastWriteTime.dwHighDateTime=0x1d5e69a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vn4CibFz", cAlternateFileName="")) returned 1 [0150.994] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf26ffa40, ftCreationTime.dwHighDateTime=0x1d58196, ftLastAccessTime.dwLowDateTime=0xcb26f300, ftLastAccessTime.dwHighDateTime=0x1d5c18b, ftLastWriteTime.dwLowDateTime=0xcb26f300, ftLastWriteTime.dwHighDateTime=0x1d5c18b, nFileSizeHigh=0x0, nFileSizeLow=0x56bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wfqsgh z BG.docx", cAlternateFileName="WFQSGH~1.DOC")) returned 1 [0150.994] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd320ffa0, ftCreationTime.dwHighDateTime=0x1d5a256, ftLastAccessTime.dwLowDateTime=0xc15e80b0, ftLastAccessTime.dwHighDateTime=0x1d5b6cb, ftLastWriteTime.dwLowDateTime=0xc15e80b0, ftLastWriteTime.dwHighDateTime=0x1d5b6cb, nFileSizeHigh=0x0, nFileSizeLow=0x5306, dwReserved0=0x0, dwReserved1=0x0, cFileName="wOX68Cxezv6Oloa.pptx", cAlternateFileName="WOX68C~1.PPT")) returned 1 [0150.994] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8961f60, ftCreationTime.dwHighDateTime=0x1d55f2e, ftLastAccessTime.dwLowDateTime=0x83198150, ftLastAccessTime.dwHighDateTime=0x1d5e6ba, ftLastWriteTime.dwLowDateTime=0x83198150, ftLastWriteTime.dwHighDateTime=0x1d5e6ba, nFileSizeHigh=0x0, nFileSizeLow=0x1592e, dwReserved0=0x0, dwReserved1=0x0, cFileName="y6tP2hHT.pptx", cAlternateFileName="Y6TP2H~1.PPT")) returned 1 [0150.994] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76929ec0, ftCreationTime.dwHighDateTime=0x1d5931e, ftLastAccessTime.dwLowDateTime=0xa8a96ce0, ftLastAccessTime.dwHighDateTime=0x1d5dc39, ftLastWriteTime.dwLowDateTime=0xa8a96ce0, ftLastWriteTime.dwHighDateTime=0x1d5dc39, nFileSizeHigh=0x0, nFileSizeLow=0x116b3, dwReserved0=0x0, dwReserved1=0x0, cFileName="yhJPwSlO2BlhGko_W58.xlsx", cAlternateFileName="YHJPWS~1.XLS")) returned 1 [0150.994] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a37e8 | out: lpFindFileData=0xc0001a37e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0150.994] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0150.994] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce4f390, ftCreationTime.dwHighDateTime=0x1d5dcb0, ftLastAccessTime.dwLowDateTime=0x74d09d60, ftLastAccessTime.dwHighDateTime=0x1d5e244, ftLastWriteTime.dwLowDateTime=0x74d09d60, ftLastWriteTime.dwHighDateTime=0x1d5e244, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0150.994] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0150.994] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\*", lpFindFileData=0xc0001a36e0 | out: lpFindFileData=0xc0001a36e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce4f390, ftCreationTime.dwHighDateTime=0x1d5dcb0, ftLastAccessTime.dwLowDateTime=0x74d09d60, ftLastAccessTime.dwHighDateTime=0x1d5e244, ftLastWriteTime.dwLowDateTime=0x74d09d60, ftLastWriteTime.dwHighDateTime=0x1d5e244, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0150.995] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ce4f390, ftCreationTime.dwHighDateTime=0x1d5dcb0, ftLastAccessTime.dwLowDateTime=0x74d09d60, ftLastAccessTime.dwHighDateTime=0x1d5e244, ftLastWriteTime.dwLowDateTime=0x74d09d60, ftLastWriteTime.dwHighDateTime=0x1d5e244, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.995] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd99d98d0, ftCreationTime.dwHighDateTime=0x1d5daa9, ftLastAccessTime.dwLowDateTime=0x4d015600, ftLastAccessTime.dwHighDateTime=0x1d5e189, ftLastWriteTime.dwLowDateTime=0x4d015600, ftLastWriteTime.dwHighDateTime=0x1d5e189, nFileSizeHigh=0x0, nFileSizeLow=0xa76c, dwReserved0=0x0, dwReserved1=0x0, cFileName="0S4Zi2d7.ots", cAlternateFileName="")) returned 1 [0150.995] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdeb19610, ftCreationTime.dwHighDateTime=0x1d5dbed, ftLastAccessTime.dwLowDateTime=0x73db7250, ftLastAccessTime.dwHighDateTime=0x1d5dacd, ftLastWriteTime.dwLowDateTime=0x73db7250, ftLastWriteTime.dwHighDateTime=0x1d5dacd, nFileSizeHigh=0x0, nFileSizeLow=0xb54f, dwReserved0=0x0, dwReserved1=0x0, cFileName="4rI99TmpDHL6.pdf", cAlternateFileName="4RI99T~1.PDF")) returned 1 [0150.995] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c9ac090, ftCreationTime.dwHighDateTime=0x1d5e7ac, ftLastAccessTime.dwLowDateTime=0xdcfcad20, ftLastAccessTime.dwHighDateTime=0x1d5e15e, ftLastWriteTime.dwLowDateTime=0xdcfcad20, ftLastWriteTime.dwHighDateTime=0x1d5e15e, nFileSizeHigh=0x0, nFileSizeLow=0x15f8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="CBj_-_.docx", cAlternateFileName="CBJ_-_~1.DOC")) returned 1 [0150.995] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4bf7a80, ftCreationTime.dwHighDateTime=0x1d5dfe0, ftLastAccessTime.dwLowDateTime=0xe94e27d0, ftLastAccessTime.dwHighDateTime=0x1d5df87, ftLastWriteTime.dwLowDateTime=0xe94e27d0, ftLastWriteTime.dwHighDateTime=0x1d5df87, nFileSizeHigh=0x0, nFileSizeLow=0x30cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="ueeHKPXYbc0Mi.odt", cAlternateFileName="UEEHKP~1.ODT")) returned 1 [0150.995] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e3c2110, ftCreationTime.dwHighDateTime=0x1d5e32a, ftLastAccessTime.dwLowDateTime=0x15052320, ftLastAccessTime.dwHighDateTime=0x1d5ddf2, ftLastWriteTime.dwLowDateTime=0x15052320, ftLastWriteTime.dwHighDateTime=0x1d5ddf2, nFileSizeHigh=0x0, nFileSizeLow=0x171ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="_pE9j8 9q1yztDImt.rtf", cAlternateFileName="_PE9J8~1.RTF")) returned 1 [0150.995] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0150.995] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0150.995] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\0S4Zi2d7.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\0s4zi2d7.ots"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd99d98d0, ftCreationTime.dwHighDateTime=0x1d5daa9, ftLastAccessTime.dwLowDateTime=0x4d015600, ftLastAccessTime.dwHighDateTime=0x1d5e189, ftLastWriteTime.dwLowDateTime=0x4d015600, ftLastWriteTime.dwHighDateTime=0x1d5e189, nFileSizeHigh=0x0, nFileSizeLow=0xa76c)) returned 1 [0150.995] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\4rI99TmpDHL6.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\4ri99tmpdhl6.pdf"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdeb19610, ftCreationTime.dwHighDateTime=0x1d5dbed, ftLastAccessTime.dwLowDateTime=0x73db7250, ftLastAccessTime.dwHighDateTime=0x1d5dacd, ftLastWriteTime.dwLowDateTime=0x73db7250, ftLastWriteTime.dwHighDateTime=0x1d5dacd, nFileSizeHigh=0x0, nFileSizeLow=0xb54f)) returned 1 [0150.995] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\CBj_-_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\cbj_-_.docx"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c9ac090, ftCreationTime.dwHighDateTime=0x1d5e7ac, ftLastAccessTime.dwLowDateTime=0xdcfcad20, ftLastAccessTime.dwHighDateTime=0x1d5e15e, ftLastWriteTime.dwLowDateTime=0xdcfcad20, ftLastWriteTime.dwHighDateTime=0x1d5e15e, nFileSizeHigh=0x0, nFileSizeLow=0x15f8a)) returned 1 [0150.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\_pE9j8 9q1yztDImt.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\_pe9j8 9q1yztdimt.rtf"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e3c2110, ftCreationTime.dwHighDateTime=0x1d5e32a, ftLastAccessTime.dwLowDateTime=0x15052320, ftLastAccessTime.dwHighDateTime=0x1d5ddf2, ftLastWriteTime.dwLowDateTime=0x15052320, ftLastWriteTime.dwHighDateTime=0x1d5ddf2, nFileSizeHigh=0x0, nFileSizeLow=0x171ff)) returned 1 [0150.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\ueeHKPXYbc0Mi.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\ueehkpxybc0mi.odt"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4bf7a80, ftCreationTime.dwHighDateTime=0x1d5dfe0, ftLastAccessTime.dwLowDateTime=0xe94e27d0, ftLastAccessTime.dwHighDateTime=0x1d5df87, ftLastWriteTime.dwLowDateTime=0xe94e27d0, ftLastWriteTime.dwHighDateTime=0x1d5df87, nFileSizeHigh=0x0, nFileSizeLow=0x30cb)) returned 1 [0150.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CNheGrQAl0z.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cnhegrqal0z.pptx"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x42856ff0, ftCreationTime.dwHighDateTime=0x1d5c3f6, ftLastAccessTime.dwLowDateTime=0xc612fbf0, ftLastAccessTime.dwHighDateTime=0x1d56f99, ftLastWriteTime.dwLowDateTime=0xc612fbf0, ftLastWriteTime.dwHighDateTime=0x1d56f99, nFileSizeHigh=0x0, nFileSizeLow=0x1255d)) returned 1 [0150.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\FwQWWx1OR2 gTb6tE.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\fwqwwx1or2 gtb6te.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfa303820, ftCreationTime.dwHighDateTime=0x1d5766b, ftLastAccessTime.dwLowDateTime=0x9a0c7750, ftLastAccessTime.dwHighDateTime=0x1d5ae07, ftLastWriteTime.dwLowDateTime=0x9a0c7750, ftLastWriteTime.dwHighDateTime=0x1d5ae07, nFileSizeHigh=0x0, nFileSizeLow=0x26af)) returned 1 [0150.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HM13Y6G8DOsAcipgZ2d.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hm13y6g8dosacipgz2d.docx"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x880b2610, ftCreationTime.dwHighDateTime=0x1d59cea, ftLastAccessTime.dwLowDateTime=0x11e671a0, ftLastAccessTime.dwHighDateTime=0x1d5bbfe, ftLastWriteTime.dwLowDateTime=0x11e671a0, ftLastWriteTime.dwHighDateTime=0x1d5bbfe, nFileSizeHigh=0x0, nFileSizeLow=0x10e5a)) returned 1 [0150.996] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\IRGFUbZDrY001k.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\irgfubzdry001k.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdaf28530, ftCreationTime.dwHighDateTime=0x1d56f63, ftLastAccessTime.dwLowDateTime=0x23ac5d00, ftLastAccessTime.dwHighDateTime=0x1d5b721, ftLastWriteTime.dwLowDateTime=0x23ac5d00, ftLastWriteTime.dwHighDateTime=0x1d5b721, nFileSizeHigh=0x0, nFileSizeLow=0xb33e)) returned 1 [0150.997] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0151.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x668 [0151.012] GetFileInformationByHandle (in: hFile=0x668, lpFileInformation=0xc0001a387c | out: lpFileInformation=0xc0001a387c) returned 1 [0151.012] GetFileInformationByHandleEx (in: hFile=0x668, FileInformationClass=0x9, lpFileInformation=0xc0001a3860, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a3860) returned 1 [0151.012] CloseHandle (hObject=0x668) returned 1 [0151.013] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0151.013] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x668 [0151.013] GetFileInformationByHandle (in: hFile=0x668, lpFileInformation=0xc0001a387c | out: lpFileInformation=0xc0001a387c) returned 1 [0151.013] GetFileInformationByHandleEx (in: hFile=0x668, FileInformationClass=0x9, lpFileInformation=0xc0001a3860, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a3860) returned 1 [0151.013] CloseHandle (hObject=0x668) returned 1 [0151.014] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0151.016] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0151.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.022] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\*", lpFindFileData=0xc0001a36e0 | out: lpFindFileData=0xc0001a36e0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0151.022] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0151.025] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.026] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0151.026] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9e9e4460, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9e9e4460, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites.vss", cAlternateFileName="FAVORI~1.VSS")) returned 1 [0151.026] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_private", cAlternateFileName="")) returned 1 [0151.026] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.026] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0151.027] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0151.027] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9e9e4460, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9e9e4460, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0151.028] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0151.043] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.043] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\*", lpFindFileData=0xc0001a3608 | out: lpFindFileData=0xc0001a3608*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0151.044] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3638 | out: lpFindFileData=0xc0001a3638*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.044] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3638 | out: lpFindFileData=0xc0001a3638*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="folder.ico", cAlternateFileName="")) returned 1 [0151.044] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3638 | out: lpFindFileData=0xc0001a3638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.044] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0151.044] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3778 | out: lpFileInformation=0xc0001a3778*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x74e6)) returned 1 [0151.074] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x9ebad4e0, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebf97a0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0xd8)) returned 1 [0151.075] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0151.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x4d8 [0151.076] GetFileInformationByHandle (in: hFile=0x4d8, lpFileInformation=0xc0001a387c | out: lpFileInformation=0xc0001a387c) returned 1 [0151.076] GetFileInformationByHandleEx (in: hFile=0x4d8, FileInformationClass=0x9, lpFileInformation=0xc0001a3860, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a3860) returned 1 [0151.076] CloseHandle (hObject=0x4d8) returned 1 [0151.076] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N3 iiKK5mP8C2F.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n3 iikk5mp8c2f.pptx"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7005a9e0, ftCreationTime.dwHighDateTime=0x1d5bf3c, ftLastAccessTime.dwLowDateTime=0xe171d0e0, ftLastAccessTime.dwHighDateTime=0x1d5a61e, ftLastWriteTime.dwLowDateTime=0xe171d0e0, ftLastWriteTime.dwHighDateTime=0x1d5a61e, nFileSizeHigh=0x0, nFileSizeLow=0xfc1)) returned 1 [0151.076] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0151.077] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.077] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\*", lpFindFileData=0xc0001a36e0 | out: lpFindFileData=0xc0001a36e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0151.077] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.077] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x8a4fb680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="voeimd@djhreuu.uhd.pst", cAlternateFileName="VOEIMD~1.PST")) returned 1 [0151.077] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.078] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0151.078] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0151.079] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5a868660, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5a868660, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x8a4fb680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x42400)) returned 1 [0151.080] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PQC qu7jynQj.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pqc qu7jynqj.docx"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0166590, ftCreationTime.dwHighDateTime=0x1d5772b, ftLastAccessTime.dwLowDateTime=0x96ee6ef0, ftLastAccessTime.dwHighDateTime=0x1d57713, ftLastWriteTime.dwLowDateTime=0x96ee6ef0, ftLastWriteTime.dwHighDateTime=0x1d57713, nFileSizeHigh=0x0, nFileSizeLow=0x7f2c)) returned 1 [0151.080] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Pr3tvmM8VB9VEp IpuI.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pr3tvmm8vb9vep ipui.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58019850, ftCreationTime.dwHighDateTime=0x1d5b6d0, ftLastAccessTime.dwLowDateTime=0x4271de20, ftLastAccessTime.dwHighDateTime=0x1d58ed3, ftLastWriteTime.dwLowDateTime=0x4271de20, ftLastWriteTime.dwHighDateTime=0x1d58ed3, nFileSizeHigh=0x0, nFileSizeLow=0x19ed)) returned 1 [0151.080] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Wfqsgh z BG.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wfqsgh z bg.docx"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf26ffa40, ftCreationTime.dwHighDateTime=0x1d58196, ftLastAccessTime.dwLowDateTime=0xcb26f300, ftLastAccessTime.dwHighDateTime=0x1d5c18b, ftLastWriteTime.dwLowDateTime=0xcb26f300, ftLastWriteTime.dwHighDateTime=0x1d5c18b, nFileSizeHigh=0x0, nFileSizeLow=0x56bd)) returned 1 [0151.080] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192)) returned 1 [0151.080] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dlkfd.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dlkfd.docx"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x182d2600, ftCreationTime.dwHighDateTime=0x1d58d80, ftLastAccessTime.dwLowDateTime=0xcf40d8b0, ftLastAccessTime.dwHighDateTime=0x1d56a02, ftLastWriteTime.dwLowDateTime=0xcf40d8b0, ftLastWriteTime.dwHighDateTime=0x1d56a02, nFileSizeHigh=0x0, nFileSizeLow=0x3fc1)) returned 1 [0151.081] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oVS-uFdkCnpg7C9Q.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ovs-ufdkcnpg7c9q.docx"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1afa2070, ftCreationTime.dwHighDateTime=0x1d58995, ftLastAccessTime.dwLowDateTime=0x614b3540, ftLastAccessTime.dwHighDateTime=0x1d55bd8, ftLastWriteTime.dwLowDateTime=0x614b3540, ftLastWriteTime.dwHighDateTime=0x1d55bd8, nFileSizeHigh=0x0, nFileSizeLow=0xfc5e)) returned 1 [0151.081] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oeX7FVsDs_QXQ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\oex7fvsds_qxq.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x10340200, ftCreationTime.dwHighDateTime=0x1d57194, ftLastAccessTime.dwLowDateTime=0xce803cf0, ftLastAccessTime.dwHighDateTime=0x1d5ad4f, ftLastWriteTime.dwLowDateTime=0xce803cf0, ftLastWriteTime.dwHighDateTime=0x1d5ad4f, nFileSizeHigh=0x0, nFileSizeLow=0x161d6)) returned 1 [0151.081] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3745560, ftCreationTime.dwHighDateTime=0x1d5dcb0, ftLastAccessTime.dwLowDateTime=0x342bd310, ftLastAccessTime.dwHighDateTime=0x1d5dce0, ftLastWriteTime.dwLowDateTime=0x342bd310, ftLastWriteTime.dwHighDateTime=0x1d5dce0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0151.081] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.081] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\*", lpFindFileData=0xc0001a36e0 | out: lpFindFileData=0xc0001a36e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3745560, ftCreationTime.dwHighDateTime=0x1d5dcb0, ftLastAccessTime.dwLowDateTime=0x342bd310, ftLastAccessTime.dwHighDateTime=0x1d5dce0, ftLastWriteTime.dwLowDateTime=0x342bd310, ftLastWriteTime.dwHighDateTime=0x1d5dce0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0151.081] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3745560, ftCreationTime.dwHighDateTime=0x1d5dcb0, ftLastAccessTime.dwLowDateTime=0x342bd310, ftLastAccessTime.dwHighDateTime=0x1d5dce0, ftLastWriteTime.dwLowDateTime=0x342bd310, ftLastWriteTime.dwHighDateTime=0x1d5dce0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.081] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c7f5c40, ftCreationTime.dwHighDateTime=0x1d5df89, ftLastAccessTime.dwLowDateTime=0x553a1320, ftLastAccessTime.dwHighDateTime=0x1d5e22e, ftLastWriteTime.dwLowDateTime=0x553a1320, ftLastWriteTime.dwHighDateTime=0x1d5e22e, nFileSizeHigh=0x0, nFileSizeLow=0xef30, dwReserved0=0x0, dwReserved1=0x0, cFileName="mBCou1Ppf2tg_e1rt.csv", cAlternateFileName="MBCOU1~1.CSV")) returned 1 [0151.082] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25bd5e30, ftCreationTime.dwHighDateTime=0x1d5e20c, ftLastAccessTime.dwLowDateTime=0xaf1684b0, ftLastAccessTime.dwHighDateTime=0x1d5dbc0, ftLastWriteTime.dwLowDateTime=0xaf1684b0, ftLastWriteTime.dwHighDateTime=0x1d5dbc0, nFileSizeHigh=0x0, nFileSizeLow=0x1be3, dwReserved0=0x0, dwReserved1=0x0, cFileName="mEPVZo.pps", cAlternateFileName="")) returned 1 [0151.082] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3602040, ftCreationTime.dwHighDateTime=0x1d5d94b, ftLastAccessTime.dwLowDateTime=0xdaaf8350, ftLastAccessTime.dwHighDateTime=0x1d5ddf1, ftLastWriteTime.dwLowDateTime=0xdaaf8350, ftLastWriteTime.dwHighDateTime=0x1d5ddf1, nFileSizeHigh=0x0, nFileSizeLow=0x50ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="nz S7KVsk.rtf", cAlternateFileName="NZS7KV~1.RTF")) returned 1 [0151.082] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.082] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0151.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\mBCou1Ppf2tg_e1rt.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\mbcou1ppf2tg_e1rt.csv"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1c7f5c40, ftCreationTime.dwHighDateTime=0x1d5df89, ftLastAccessTime.dwLowDateTime=0x553a1320, ftLastAccessTime.dwHighDateTime=0x1d5e22e, ftLastWriteTime.dwLowDateTime=0x553a1320, ftLastWriteTime.dwHighDateTime=0x1d5e22e, nFileSizeHigh=0x0, nFileSizeLow=0xef30)) returned 1 [0151.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\mEPVZo.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\mepvzo.pps"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x25bd5e30, ftCreationTime.dwHighDateTime=0x1d5e20c, ftLastAccessTime.dwLowDateTime=0xaf1684b0, ftLastAccessTime.dwHighDateTime=0x1d5dbc0, ftLastWriteTime.dwLowDateTime=0xaf1684b0, ftLastWriteTime.dwHighDateTime=0x1d5dbc0, nFileSizeHigh=0x0, nFileSizeLow=0x1be3)) returned 1 [0151.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\nz S7KVsk.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\nz s7kvsk.rtf"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3602040, ftCreationTime.dwHighDateTime=0x1d5d94b, ftLastAccessTime.dwLowDateTime=0xdaaf8350, ftLastAccessTime.dwHighDateTime=0x1d5ddf1, ftLastWriteTime.dwLowDateTime=0xdaaf8350, ftLastWriteTime.dwHighDateTime=0x1d5ddf1, nFileSizeHigh=0x0, nFileSizeLow=0x50ff)) returned 1 [0151.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qP7z mewstU.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qp7z mewstu.pptx"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x29857570, ftCreationTime.dwHighDateTime=0x1d56075, ftLastAccessTime.dwLowDateTime=0xf878d640, ftLastAccessTime.dwHighDateTime=0x1d59169, ftLastWriteTime.dwLowDateTime=0xf878d640, ftLastWriteTime.dwHighDateTime=0x1d59169, nFileSizeHigh=0x0, nFileSizeLow=0xe05e)) returned 1 [0151.083] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3928 | out: lpFileInformation=0xc0001a3928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaa521440, ftCreationTime.dwHighDateTime=0x1d5e0a1, ftLastAccessTime.dwLowDateTime=0x1bccc40, ftLastAccessTime.dwHighDateTime=0x1d5e69a, ftLastWriteTime.dwLowDateTime=0x1bccc40, ftLastWriteTime.dwHighDateTime=0x1d5e69a, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0151.083] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.083] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\*", lpFindFileData=0xc0001a36e0 | out: lpFindFileData=0xc0001a36e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaa521440, ftCreationTime.dwHighDateTime=0x1d5e0a1, ftLastAccessTime.dwLowDateTime=0x1bccc40, ftLastAccessTime.dwHighDateTime=0x1d5e69a, ftLastWriteTime.dwLowDateTime=0x1bccc40, ftLastWriteTime.dwHighDateTime=0x1d5e69a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0151.083] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xaa521440, ftCreationTime.dwHighDateTime=0x1d5e0a1, ftLastAccessTime.dwLowDateTime=0x1bccc40, ftLastAccessTime.dwHighDateTime=0x1d5e69a, ftLastWriteTime.dwLowDateTime=0x1bccc40, ftLastWriteTime.dwHighDateTime=0x1d5e69a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.083] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e3fb140, ftCreationTime.dwHighDateTime=0x1d5d91d, ftLastAccessTime.dwLowDateTime=0xfdc8e810, ftLastAccessTime.dwHighDateTime=0x1d5daac, ftLastWriteTime.dwLowDateTime=0xfdc8e810, ftLastWriteTime.dwHighDateTime=0x1d5daac, nFileSizeHigh=0x0, nFileSizeLow=0x1e5a, dwReserved0=0x0, dwReserved1=0x0, cFileName="IuZWYjdszrZaN4GI1.pps", cAlternateFileName="IUZWYJ~1.PPS")) returned 1 [0151.084] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x774fcc60, ftCreationTime.dwHighDateTime=0x1d5dd9d, ftLastAccessTime.dwLowDateTime=0xc6d61c80, ftLastAccessTime.dwHighDateTime=0x1d5e748, ftLastWriteTime.dwLowDateTime=0xc6d61c80, ftLastWriteTime.dwHighDateTime=0x1d5e748, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Oqpv", cAlternateFileName="")) returned 1 [0151.084] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafa8ced0, ftCreationTime.dwHighDateTime=0x1d5e622, ftLastAccessTime.dwLowDateTime=0x1fb1370, ftLastAccessTime.dwHighDateTime=0x1d5e2d9, ftLastWriteTime.dwLowDateTime=0x1fb1370, ftLastWriteTime.dwHighDateTime=0x1d5e2d9, nFileSizeHigh=0x0, nFileSizeLow=0x18b4f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pk78- 0HqIk.doc", cAlternateFileName="PK78-0~1.DOC")) returned 1 [0151.084] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xba0e0d80, ftCreationTime.dwHighDateTime=0x1d5e646, ftLastAccessTime.dwLowDateTime=0x9e0f5d80, ftLastAccessTime.dwHighDateTime=0x1d5e6d4, ftLastWriteTime.dwLowDateTime=0x9e0f5d80, ftLastWriteTime.dwHighDateTime=0x1d5e6d4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rE2C8WmYD", cAlternateFileName="RE2C8W~1")) returned 1 [0151.084] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3710 | out: lpFindFileData=0xc0001a3710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.084] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0151.084] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\IuZWYjdszrZaN4GI1.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\iuzwyjdszrzan4gi1.pps"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e3fb140, ftCreationTime.dwHighDateTime=0x1d5d91d, ftLastAccessTime.dwLowDateTime=0xfdc8e810, ftLastAccessTime.dwHighDateTime=0x1d5daac, ftLastWriteTime.dwLowDateTime=0xfdc8e810, ftLastWriteTime.dwHighDateTime=0x1d5daac, nFileSizeHigh=0x0, nFileSizeLow=0x1e5a)) returned 1 [0151.084] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3850 | out: lpFileInformation=0xc0001a3850*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x774fcc60, ftCreationTime.dwHighDateTime=0x1d5dd9d, ftLastAccessTime.dwLowDateTime=0xc6d61c80, ftLastAccessTime.dwHighDateTime=0x1d5e748, ftLastWriteTime.dwLowDateTime=0xc6d61c80, ftLastWriteTime.dwHighDateTime=0x1d5e748, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0151.084] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.085] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0151.086] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\*", lpFindFileData=0xc0001a3608 | out: lpFindFileData=0xc0001a3608*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x774fcc60, ftCreationTime.dwHighDateTime=0x1d5dd9d, ftLastAccessTime.dwLowDateTime=0xc6d61c80, ftLastAccessTime.dwHighDateTime=0x1d5e748, ftLastWriteTime.dwLowDateTime=0xc6d61c80, ftLastWriteTime.dwHighDateTime=0x1d5e748, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0151.087] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3638 | out: lpFindFileData=0xc0001a3638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x774fcc60, ftCreationTime.dwHighDateTime=0x1d5dd9d, ftLastAccessTime.dwLowDateTime=0xc6d61c80, ftLastAccessTime.dwHighDateTime=0x1d5e748, ftLastWriteTime.dwLowDateTime=0xc6d61c80, ftLastWriteTime.dwHighDateTime=0x1d5e748, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.087] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3638 | out: lpFindFileData=0xc0001a3638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb9ac0d00, ftCreationTime.dwHighDateTime=0x1d5da35, ftLastAccessTime.dwLowDateTime=0x6b2c31d0, ftLastAccessTime.dwHighDateTime=0x1d5deab, ftLastWriteTime.dwLowDateTime=0x6b2c31d0, ftLastWriteTime.dwHighDateTime=0x1d5deab, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="12b49", cAlternateFileName="")) returned 1 [0151.087] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3638 | out: lpFindFileData=0xc0001a3638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd89af900, ftCreationTime.dwHighDateTime=0x1d5dde2, ftLastAccessTime.dwLowDateTime=0x98d887b0, ftLastAccessTime.dwHighDateTime=0x1d5d8e7, ftLastWriteTime.dwLowDateTime=0x98d887b0, ftLastWriteTime.dwHighDateTime=0x1d5d8e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NosD2-mwYoe_KW3", cAlternateFileName="NOSD2-~1")) returned 1 [0151.087] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3638 | out: lpFindFileData=0xc0001a3638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.087] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0151.087] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\12b49" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\12b49"), fInfoLevelId=0x0, lpFileInformation=0xc0001a3778 | out: lpFileInformation=0xc0001a3778*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb9ac0d00, ftCreationTime.dwHighDateTime=0x1d5da35, ftLastAccessTime.dwLowDateTime=0x6b2c31d0, ftLastAccessTime.dwHighDateTime=0x1d5deab, ftLastWriteTime.dwLowDateTime=0x6b2c31d0, ftLastWriteTime.dwHighDateTime=0x1d5deab, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0151.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\12b49" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\12b49"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.087] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\12b49\\*", lpFindFileData=0xc0001a3530 | out: lpFindFileData=0xc0001a3530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb9ac0d00, ftCreationTime.dwHighDateTime=0x1d5da35, ftLastAccessTime.dwLowDateTime=0x6b2c31d0, ftLastAccessTime.dwHighDateTime=0x1d5deab, ftLastWriteTime.dwLowDateTime=0x6b2c31d0, ftLastWriteTime.dwHighDateTime=0x1d5deab, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0151.088] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3560 | out: lpFindFileData=0xc0001a3560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb9ac0d00, ftCreationTime.dwHighDateTime=0x1d5da35, ftLastAccessTime.dwLowDateTime=0x6b2c31d0, ftLastAccessTime.dwHighDateTime=0x1d5deab, ftLastWriteTime.dwLowDateTime=0x6b2c31d0, ftLastWriteTime.dwHighDateTime=0x1d5deab, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.088] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3560 | out: lpFindFileData=0xc0001a3560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcccb64c0, ftCreationTime.dwHighDateTime=0x1d5e5e9, ftLastAccessTime.dwLowDateTime=0x7b1caae0, ftLastAccessTime.dwHighDateTime=0x1d5e548, ftLastWriteTime.dwLowDateTime=0x7b1caae0, ftLastWriteTime.dwHighDateTime=0x1d5e548, nFileSizeHigh=0x0, nFileSizeLow=0xf5fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="T02XdS0VdAldzPJ.xlsx", cAlternateFileName="T02XDS~1.XLS")) returned 1 [0151.088] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0001a3560 | out: lpFindFileData=0xc0001a3560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.088] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0151.088] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0151.090] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0151.091] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\12b49\\T02XdS0VdAldzPJ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\12b49\\t02xds0vdaldzpj.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xc0002376a0 | out: lpFileInformation=0xc0002376a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcccb64c0, ftCreationTime.dwHighDateTime=0x1d5e5e9, ftLastAccessTime.dwLowDateTime=0x7b1caae0, ftLastAccessTime.dwHighDateTime=0x1d5e548, ftLastWriteTime.dwLowDateTime=0x7b1caae0, ftLastWriteTime.dwHighDateTime=0x1d5e548, nFileSizeHigh=0x0, nFileSizeLow=0xf5fd)) returned 1 [0151.092] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3"), fInfoLevelId=0x0, lpFileInformation=0xc000237778 | out: lpFileInformation=0xc000237778*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd89af900, ftCreationTime.dwHighDateTime=0x1d5dde2, ftLastAccessTime.dwLowDateTime=0x98d887b0, ftLastAccessTime.dwHighDateTime=0x1d5d8e7, ftLastWriteTime.dwLowDateTime=0x98d887b0, ftLastWriteTime.dwHighDateTime=0x1d5d8e7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0151.092] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.092] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\*", lpFindFileData=0xc000237530 | out: lpFindFileData=0xc000237530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd89af900, ftCreationTime.dwHighDateTime=0x1d5dde2, ftLastAccessTime.dwLowDateTime=0x98d887b0, ftLastAccessTime.dwHighDateTime=0x1d5d8e7, ftLastWriteTime.dwLowDateTime=0x98d887b0, ftLastWriteTime.dwHighDateTime=0x1d5d8e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0151.092] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237560 | out: lpFindFileData=0xc000237560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd89af900, ftCreationTime.dwHighDateTime=0x1d5dde2, ftLastAccessTime.dwLowDateTime=0x98d887b0, ftLastAccessTime.dwHighDateTime=0x1d5d8e7, ftLastWriteTime.dwLowDateTime=0x98d887b0, ftLastWriteTime.dwHighDateTime=0x1d5d8e7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.092] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237560 | out: lpFindFileData=0xc000237560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x791937f0, ftCreationTime.dwHighDateTime=0x1d5dbbf, ftLastAccessTime.dwLowDateTime=0xfa7a3ac0, ftLastAccessTime.dwHighDateTime=0x1d5db87, ftLastWriteTime.dwLowDateTime=0xfa7a3ac0, ftLastWriteTime.dwHighDateTime=0x1d5db87, nFileSizeHigh=0x0, nFileSizeLow=0x17e4e, dwReserved0=0x0, dwReserved1=0x0, cFileName="C 8U8ApsNoX.pdf", cAlternateFileName="C8U8AP~1.PDF")) returned 1 [0151.092] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237560 | out: lpFindFileData=0xc000237560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x178db00, ftCreationTime.dwHighDateTime=0x1d5e511, ftLastAccessTime.dwLowDateTime=0xee247530, ftLastAccessTime.dwHighDateTime=0x1d5dcac, ftLastWriteTime.dwLowDateTime=0xee247530, ftLastWriteTime.dwHighDateTime=0x1d5dcac, nFileSizeHigh=0x0, nFileSizeLow=0x10d17, dwReserved0=0x0, dwReserved1=0x0, cFileName="HcjK5UBAn9LkA.ods", cAlternateFileName="HCJK5U~1.ODS")) returned 1 [0151.093] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237560 | out: lpFindFileData=0xc000237560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38c74c60, ftCreationTime.dwHighDateTime=0x1d5dd5d, ftLastAccessTime.dwLowDateTime=0x3f3b64d0, ftLastAccessTime.dwHighDateTime=0x1d5db3e, ftLastWriteTime.dwLowDateTime=0x3f3b64d0, ftLastWriteTime.dwHighDateTime=0x1d5db3e, nFileSizeHigh=0x0, nFileSizeLow=0x861e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LelFc_r3.xls", cAlternateFileName="")) returned 1 [0151.093] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237560 | out: lpFindFileData=0xc000237560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2c3cae0, ftCreationTime.dwHighDateTime=0x1d5e3ac, ftLastAccessTime.dwLowDateTime=0xd73221e0, ftLastAccessTime.dwHighDateTime=0x1d5dc7c, ftLastWriteTime.dwLowDateTime=0xd73221e0, ftLastWriteTime.dwHighDateTime=0x1d5dc7c, nFileSizeHigh=0x0, nFileSizeLow=0xaa39, dwReserved0=0x0, dwReserved1=0x0, cFileName="_wc27dzsWvOBAVe.rtf", cAlternateFileName="_WC27D~1.RTF")) returned 1 [0151.093] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237560 | out: lpFindFileData=0xc000237560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.093] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0151.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\C 8U8ApsNoX.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\c 8u8apsnox.pdf"), fInfoLevelId=0x0, lpFileInformation=0xc0002376a0 | out: lpFileInformation=0xc0002376a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x791937f0, ftCreationTime.dwHighDateTime=0x1d5dbbf, ftLastAccessTime.dwLowDateTime=0xfa7a3ac0, ftLastAccessTime.dwHighDateTime=0x1d5db87, ftLastWriteTime.dwLowDateTime=0xfa7a3ac0, ftLastWriteTime.dwHighDateTime=0x1d5db87, nFileSizeHigh=0x0, nFileSizeLow=0x17e4e)) returned 1 [0151.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\HcjK5UBAn9LkA.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\hcjk5uban9lka.ods"), fInfoLevelId=0x0, lpFileInformation=0xc0002376a0 | out: lpFileInformation=0xc0002376a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x178db00, ftCreationTime.dwHighDateTime=0x1d5e511, ftLastAccessTime.dwLowDateTime=0xee247530, ftLastAccessTime.dwHighDateTime=0x1d5dcac, ftLastWriteTime.dwLowDateTime=0xee247530, ftLastWriteTime.dwHighDateTime=0x1d5dcac, nFileSizeHigh=0x0, nFileSizeLow=0x10d17)) returned 1 [0151.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\LelFc_r3.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\lelfc_r3.xls"), fInfoLevelId=0x0, lpFileInformation=0xc0002376a0 | out: lpFileInformation=0xc0002376a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38c74c60, ftCreationTime.dwHighDateTime=0x1d5dd5d, ftLastAccessTime.dwLowDateTime=0x3f3b64d0, ftLastAccessTime.dwHighDateTime=0x1d5db3e, ftLastWriteTime.dwLowDateTime=0x3f3b64d0, ftLastWriteTime.dwHighDateTime=0x1d5db3e, nFileSizeHigh=0x0, nFileSizeLow=0x861e)) returned 1 [0151.093] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0151.095] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0151.096] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\_wc27dzsWvOBAVe.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\_wc27dzswvobave.rtf"), fInfoLevelId=0x0, lpFileInformation=0xc0002376a0 | out: lpFileInformation=0xc0002376a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2c3cae0, ftCreationTime.dwHighDateTime=0x1d5e3ac, ftLastAccessTime.dwLowDateTime=0xd73221e0, ftLastAccessTime.dwHighDateTime=0x1d5dc7c, ftLastWriteTime.dwLowDateTime=0xd73221e0, ftLastWriteTime.dwHighDateTime=0x1d5dc7c, nFileSizeHigh=0x0, nFileSizeLow=0xaa39)) returned 1 [0151.096] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Pk78- 0HqIk.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\pk78- 0hqik.doc"), fInfoLevelId=0x0, lpFileInformation=0xc000237850 | out: lpFileInformation=0xc000237850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafa8ced0, ftCreationTime.dwHighDateTime=0x1d5e622, ftLastAccessTime.dwLowDateTime=0x1fb1370, ftLastAccessTime.dwHighDateTime=0x1d5e2d9, ftLastWriteTime.dwLowDateTime=0x1fb1370, ftLastWriteTime.dwHighDateTime=0x1d5e2d9, nFileSizeHigh=0x0, nFileSizeLow=0x18b4f)) returned 1 [0151.097] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd"), fInfoLevelId=0x0, lpFileInformation=0xc000237850 | out: lpFileInformation=0xc000237850*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xba0e0d80, ftCreationTime.dwHighDateTime=0x1d5e646, ftLastAccessTime.dwLowDateTime=0x9e0f5d80, ftLastAccessTime.dwHighDateTime=0x1d5e6d4, ftLastWriteTime.dwLowDateTime=0x9e0f5d80, ftLastWriteTime.dwHighDateTime=0x1d5e6d4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0151.097] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.097] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\*", lpFindFileData=0xc000237608 | out: lpFindFileData=0xc000237608*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xba0e0d80, ftCreationTime.dwHighDateTime=0x1d5e646, ftLastAccessTime.dwLowDateTime=0x9e0f5d80, ftLastAccessTime.dwHighDateTime=0x1d5e6d4, ftLastWriteTime.dwLowDateTime=0x9e0f5d80, ftLastWriteTime.dwHighDateTime=0x1d5e6d4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0151.097] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237638 | out: lpFindFileData=0xc000237638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xba0e0d80, ftCreationTime.dwHighDateTime=0x1d5e646, ftLastAccessTime.dwLowDateTime=0x9e0f5d80, ftLastAccessTime.dwHighDateTime=0x1d5e6d4, ftLastWriteTime.dwLowDateTime=0x9e0f5d80, ftLastWriteTime.dwHighDateTime=0x1d5e6d4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.097] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237638 | out: lpFindFileData=0xc000237638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3962300, ftCreationTime.dwHighDateTime=0x1d5e011, ftLastAccessTime.dwLowDateTime=0x191d0610, ftLastAccessTime.dwHighDateTime=0x1d5db65, ftLastWriteTime.dwLowDateTime=0x191d0610, ftLastWriteTime.dwHighDateTime=0x1d5db65, nFileSizeHigh=0x0, nFileSizeLow=0x107d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="OkUCx.ots", cAlternateFileName="")) returned 1 [0151.097] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237638 | out: lpFindFileData=0xc000237638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe0ea370, ftCreationTime.dwHighDateTime=0x1d5e6bc, ftLastAccessTime.dwLowDateTime=0xdda19fc0, ftLastAccessTime.dwHighDateTime=0x1d5e7ed, ftLastWriteTime.dwLowDateTime=0xdda19fc0, ftLastWriteTime.dwHighDateTime=0x1d5e7ed, nFileSizeHigh=0x0, nFileSizeLow=0x1174a, dwReserved0=0x0, dwReserved1=0x0, cFileName="P3LpCoP8sODQy.pdf", cAlternateFileName="P3LPCO~1.PDF")) returned 1 [0151.097] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237638 | out: lpFindFileData=0xc000237638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec5c10, ftCreationTime.dwHighDateTime=0x1d5e69e, ftLastAccessTime.dwLowDateTime=0xc0a9b6c0, ftLastAccessTime.dwHighDateTime=0x1d5dc06, ftLastWriteTime.dwLowDateTime=0xc0a9b6c0, ftLastWriteTime.dwHighDateTime=0x1d5dc06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="r7rMtS6", cAlternateFileName="")) returned 1 [0151.097] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237638 | out: lpFindFileData=0xc000237638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2544c240, ftCreationTime.dwHighDateTime=0x1d5d889, ftLastAccessTime.dwLowDateTime=0xde90b550, ftLastAccessTime.dwHighDateTime=0x1d5e569, ftLastWriteTime.dwLowDateTime=0xde90b550, ftLastWriteTime.dwHighDateTime=0x1d5e569, nFileSizeHigh=0x0, nFileSizeLow=0xab1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="VH3znN.ppt", cAlternateFileName="")) returned 1 [0151.097] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237638 | out: lpFindFileData=0xc000237638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.098] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0151.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\OkUCx.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\okucx.ots"), fInfoLevelId=0x0, lpFileInformation=0xc000237778 | out: lpFileInformation=0xc000237778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc3962300, ftCreationTime.dwHighDateTime=0x1d5e011, ftLastAccessTime.dwLowDateTime=0x191d0610, ftLastAccessTime.dwHighDateTime=0x1d5db65, ftLastWriteTime.dwLowDateTime=0x191d0610, ftLastWriteTime.dwHighDateTime=0x1d5db65, nFileSizeHigh=0x0, nFileSizeLow=0x107d2)) returned 1 [0151.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\P3LpCoP8sODQy.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\p3lpcop8sodqy.pdf"), fInfoLevelId=0x0, lpFileInformation=0xc000237778 | out: lpFileInformation=0xc000237778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe0ea370, ftCreationTime.dwHighDateTime=0x1d5e6bc, ftLastAccessTime.dwLowDateTime=0xdda19fc0, ftLastAccessTime.dwHighDateTime=0x1d5e7ed, ftLastWriteTime.dwLowDateTime=0xdda19fc0, ftLastWriteTime.dwHighDateTime=0x1d5e7ed, nFileSizeHigh=0x0, nFileSizeLow=0x1174a)) returned 1 [0151.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\VH3znN.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\vh3znn.ppt"), fInfoLevelId=0x0, lpFileInformation=0xc000237778 | out: lpFileInformation=0xc000237778*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2544c240, ftCreationTime.dwHighDateTime=0x1d5d889, ftLastAccessTime.dwLowDateTime=0xde90b550, ftLastAccessTime.dwHighDateTime=0x1d5e569, ftLastWriteTime.dwLowDateTime=0xde90b550, ftLastWriteTime.dwHighDateTime=0x1d5e569, nFileSizeHigh=0x0, nFileSizeLow=0xab1d)) returned 1 [0151.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6"), fInfoLevelId=0x0, lpFileInformation=0xc000237778 | out: lpFileInformation=0xc000237778*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec5c10, ftCreationTime.dwHighDateTime=0x1d5e69e, ftLastAccessTime.dwLowDateTime=0xc0a9b6c0, ftLastAccessTime.dwHighDateTime=0x1d5dc06, ftLastWriteTime.dwLowDateTime=0xc0a9b6c0, ftLastWriteTime.dwHighDateTime=0x1d5dc06, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0151.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.098] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\*", lpFindFileData=0xc000237530 | out: lpFindFileData=0xc000237530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec5c10, ftCreationTime.dwHighDateTime=0x1d5e69e, ftLastAccessTime.dwLowDateTime=0xc0a9b6c0, ftLastAccessTime.dwHighDateTime=0x1d5dc06, ftLastWriteTime.dwLowDateTime=0xc0a9b6c0, ftLastWriteTime.dwHighDateTime=0x1d5dc06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0151.099] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237560 | out: lpFindFileData=0xc000237560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xeec5c10, ftCreationTime.dwHighDateTime=0x1d5e69e, ftLastAccessTime.dwLowDateTime=0xc0a9b6c0, ftLastAccessTime.dwHighDateTime=0x1d5dc06, ftLastWriteTime.dwLowDateTime=0xc0a9b6c0, ftLastWriteTime.dwHighDateTime=0x1d5dc06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.099] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237560 | out: lpFindFileData=0xc000237560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x951c8fc0, ftCreationTime.dwHighDateTime=0x1d5d8a8, ftLastAccessTime.dwLowDateTime=0xe45f9480, ftLastAccessTime.dwHighDateTime=0x1d5e012, ftLastWriteTime.dwLowDateTime=0xe45f9480, ftLastWriteTime.dwHighDateTime=0x1d5e012, nFileSizeHigh=0x0, nFileSizeLow=0x147a, dwReserved0=0x0, dwReserved1=0x0, cFileName="1V44lGoDEt.ppt", cAlternateFileName="1V44LG~1.PPT")) returned 1 [0151.099] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237560 | out: lpFindFileData=0xc000237560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa79adbd0, ftCreationTime.dwHighDateTime=0x1d5df96, ftLastAccessTime.dwLowDateTime=0xbda98c00, ftLastAccessTime.dwHighDateTime=0x1d5ddfc, ftLastWriteTime.dwLowDateTime=0xbda98c00, ftLastWriteTime.dwHighDateTime=0x1d5ddfc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KwrrYDZuohOISdt", cAlternateFileName="KWRRYD~1")) returned 1 [0151.099] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237560 | out: lpFindFileData=0xc000237560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9cbfdf60, ftCreationTime.dwHighDateTime=0x1d5e4ed, ftLastAccessTime.dwLowDateTime=0xbd5ccda0, ftLastAccessTime.dwHighDateTime=0x1d5dd22, ftLastWriteTime.dwLowDateTime=0xbd5ccda0, ftLastWriteTime.dwHighDateTime=0x1d5dd22, nFileSizeHigh=0x0, nFileSizeLow=0xad8, dwReserved0=0x0, dwReserved1=0x0, cFileName="kx6 uo3mEQ_UuXg.pps", cAlternateFileName="KX6UO3~1.PPS")) returned 1 [0151.099] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237560 | out: lpFindFileData=0xc000237560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeff10fc0, ftCreationTime.dwHighDateTime=0x1d5dc68, ftLastAccessTime.dwLowDateTime=0xf65d83e0, ftLastAccessTime.dwHighDateTime=0x1d5e198, ftLastWriteTime.dwLowDateTime=0xf65d83e0, ftLastWriteTime.dwHighDateTime=0x1d5e198, nFileSizeHigh=0x0, nFileSizeLow=0xb4c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="x3Tqy 4iwG.csv", cAlternateFileName="X3TQY4~1.CSV")) returned 1 [0151.099] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237560 | out: lpFindFileData=0xc000237560*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88377d60, ftCreationTime.dwHighDateTime=0x1d5e550, ftLastAccessTime.dwLowDateTime=0x4c6cad00, ftLastAccessTime.dwHighDateTime=0x1d5e5f0, ftLastWriteTime.dwLowDateTime=0x4c6cad00, ftLastWriteTime.dwHighDateTime=0x1d5e5f0, nFileSizeHigh=0x0, nFileSizeLow=0x643, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zy3m6BoJYB p.ots", cAlternateFileName="ZY3M6B~1.OTS")) returned 1 [0151.099] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237560 | out: lpFindFileData=0xc000237560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.099] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0151.099] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\1V44lGoDEt.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\1v44lgodet.ppt"), fInfoLevelId=0x0, lpFileInformation=0xc0002376a0 | out: lpFileInformation=0xc0002376a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x951c8fc0, ftCreationTime.dwHighDateTime=0x1d5d8a8, ftLastAccessTime.dwLowDateTime=0xe45f9480, ftLastAccessTime.dwHighDateTime=0x1d5e012, ftLastWriteTime.dwLowDateTime=0xe45f9480, ftLastWriteTime.dwHighDateTime=0x1d5e012, nFileSizeHigh=0x0, nFileSizeLow=0x147a)) returned 1 [0151.100] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt"), fInfoLevelId=0x0, lpFileInformation=0xc0002376a0 | out: lpFileInformation=0xc0002376a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa79adbd0, ftCreationTime.dwHighDateTime=0x1d5df96, ftLastAccessTime.dwLowDateTime=0xbda98c00, ftLastAccessTime.dwHighDateTime=0x1d5ddfc, ftLastWriteTime.dwLowDateTime=0xbda98c00, ftLastWriteTime.dwHighDateTime=0x1d5ddfc, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0151.100] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.100] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\*", lpFindFileData=0xc000237458 | out: lpFindFileData=0xc000237458*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa79adbd0, ftCreationTime.dwHighDateTime=0x1d5df96, ftLastAccessTime.dwLowDateTime=0xbda98c00, ftLastAccessTime.dwHighDateTime=0x1d5ddfc, ftLastWriteTime.dwLowDateTime=0xbda98c00, ftLastWriteTime.dwHighDateTime=0x1d5ddfc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0151.100] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237488 | out: lpFindFileData=0xc000237488*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa79adbd0, ftCreationTime.dwHighDateTime=0x1d5df96, ftLastAccessTime.dwLowDateTime=0xbda98c00, ftLastAccessTime.dwHighDateTime=0x1d5ddfc, ftLastWriteTime.dwLowDateTime=0xbda98c00, ftLastWriteTime.dwHighDateTime=0x1d5ddfc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.100] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237488 | out: lpFindFileData=0xc000237488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbfc3500, ftCreationTime.dwHighDateTime=0x1d5e489, ftLastAccessTime.dwLowDateTime=0xa88b1fe0, ftLastAccessTime.dwHighDateTime=0x1d5e744, ftLastWriteTime.dwLowDateTime=0xa88b1fe0, ftLastWriteTime.dwHighDateTime=0x1d5e744, nFileSizeHigh=0x0, nFileSizeLow=0x12b0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="2SDE9RzJoWYu4.pps", cAlternateFileName="2SDE9R~1.PPS")) returned 1 [0151.100] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237488 | out: lpFindFileData=0xc000237488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34b6b970, ftCreationTime.dwHighDateTime=0x1d5db29, ftLastAccessTime.dwLowDateTime=0xf0d35e60, ftLastAccessTime.dwHighDateTime=0x1d5df66, ftLastWriteTime.dwLowDateTime=0xf0d35e60, ftLastWriteTime.dwHighDateTime=0x1d5df66, nFileSizeHigh=0x0, nFileSizeLow=0x1235a, dwReserved0=0x0, dwReserved1=0x0, cFileName="eLsstNNsEvVxA.pdf", cAlternateFileName="ELSSTN~1.PDF")) returned 1 [0151.100] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237488 | out: lpFindFileData=0xc000237488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x855489c0, ftCreationTime.dwHighDateTime=0x1d5da70, ftLastAccessTime.dwLowDateTime=0x1b14b540, ftLastAccessTime.dwHighDateTime=0x1d5e456, ftLastWriteTime.dwLowDateTime=0x1b14b540, ftLastWriteTime.dwHighDateTime=0x1d5e456, nFileSizeHigh=0x0, nFileSizeLow=0x11bf5, dwReserved0=0x0, dwReserved1=0x0, cFileName="GLGpik5CbMztQ7Qi.xls", cAlternateFileName="GLGPIK~1.XLS")) returned 1 [0151.100] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237488 | out: lpFindFileData=0xc000237488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcecc3d80, ftCreationTime.dwHighDateTime=0x1d5e4db, ftLastAccessTime.dwLowDateTime=0x6fc0d6d0, ftLastAccessTime.dwHighDateTime=0x1d5db16, ftLastWriteTime.dwLowDateTime=0x6fc0d6d0, ftLastWriteTime.dwHighDateTime=0x1d5db16, nFileSizeHigh=0x0, nFileSizeLow=0x40bd, dwReserved0=0x0, dwReserved1=0x0, cFileName="If v7 jC2QExN6bjyff.doc", cAlternateFileName="IFV7JC~1.DOC")) returned 1 [0151.101] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237488 | out: lpFindFileData=0xc000237488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e4237d0, ftCreationTime.dwHighDateTime=0x1d5db16, ftLastAccessTime.dwLowDateTime=0x6f92f1b0, ftLastAccessTime.dwHighDateTime=0x1d5de87, ftLastWriteTime.dwLowDateTime=0x6f92f1b0, ftLastWriteTime.dwHighDateTime=0x1d5de87, nFileSizeHigh=0x0, nFileSizeLow=0x9ef6, dwReserved0=0x0, dwReserved1=0x0, cFileName="XZs4zFMR9uZ.rtf", cAlternateFileName="XZS4ZF~1.RTF")) returned 1 [0151.101] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0151.102] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237488 | out: lpFindFileData=0xc000237488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.102] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0151.102] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0151.103] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\2SDE9RzJoWYu4.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\2sde9rzjowyu4.pps"), fInfoLevelId=0x0, lpFileInformation=0xc0002375c8 | out: lpFileInformation=0xc0002375c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfbfc3500, ftCreationTime.dwHighDateTime=0x1d5e489, ftLastAccessTime.dwLowDateTime=0xa88b1fe0, ftLastAccessTime.dwHighDateTime=0x1d5e744, ftLastWriteTime.dwLowDateTime=0xa88b1fe0, ftLastWriteTime.dwHighDateTime=0x1d5e744, nFileSizeHigh=0x0, nFileSizeLow=0x12b0e)) returned 1 [0151.104] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\GLGpik5CbMztQ7Qi.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\glgpik5cbmztq7qi.xls"), fInfoLevelId=0x0, lpFileInformation=0xc0002375c8 | out: lpFileInformation=0xc0002375c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x855489c0, ftCreationTime.dwHighDateTime=0x1d5da70, ftLastAccessTime.dwLowDateTime=0x1b14b540, ftLastAccessTime.dwHighDateTime=0x1d5e456, ftLastWriteTime.dwLowDateTime=0x1b14b540, ftLastWriteTime.dwHighDateTime=0x1d5e456, nFileSizeHigh=0x0, nFileSizeLow=0x11bf5)) returned 1 [0151.104] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0151.105] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\If v7 jC2QExN6bjyff.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\if v7 jc2qexn6bjyff.doc"), fInfoLevelId=0x0, lpFileInformation=0xc0002375c8 | out: lpFileInformation=0xc0002375c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcecc3d80, ftCreationTime.dwHighDateTime=0x1d5e4db, ftLastAccessTime.dwLowDateTime=0x6fc0d6d0, ftLastAccessTime.dwHighDateTime=0x1d5db16, ftLastWriteTime.dwLowDateTime=0x6fc0d6d0, ftLastWriteTime.dwHighDateTime=0x1d5db16, nFileSizeHigh=0x0, nFileSizeLow=0x40bd)) returned 1 [0151.105] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\XZs4zFMR9uZ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\xzs4zfmr9uz.rtf"), fInfoLevelId=0x0, lpFileInformation=0xc0002375c8 | out: lpFileInformation=0xc0002375c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e4237d0, ftCreationTime.dwHighDateTime=0x1d5db16, ftLastAccessTime.dwLowDateTime=0x6f92f1b0, ftLastAccessTime.dwHighDateTime=0x1d5de87, ftLastWriteTime.dwLowDateTime=0x6f92f1b0, ftLastWriteTime.dwHighDateTime=0x1d5de87, nFileSizeHigh=0x0, nFileSizeLow=0x9ef6)) returned 1 [0151.105] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\eLsstNNsEvVxA.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\elsstnnsevvxa.pdf"), fInfoLevelId=0x0, lpFileInformation=0xc0002375c8 | out: lpFileInformation=0xc0002375c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34b6b970, ftCreationTime.dwHighDateTime=0x1d5db29, ftLastAccessTime.dwLowDateTime=0xf0d35e60, ftLastAccessTime.dwHighDateTime=0x1d5df66, ftLastWriteTime.dwLowDateTime=0xf0d35e60, ftLastWriteTime.dwHighDateTime=0x1d5df66, nFileSizeHigh=0x0, nFileSizeLow=0x1235a)) returned 1 [0151.105] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\Zy3m6BoJYB p.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\zy3m6bojyb p.ots"), fInfoLevelId=0x0, lpFileInformation=0xc0002376a0 | out: lpFileInformation=0xc0002376a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x88377d60, ftCreationTime.dwHighDateTime=0x1d5e550, ftLastAccessTime.dwLowDateTime=0x4c6cad00, ftLastAccessTime.dwHighDateTime=0x1d5e5f0, ftLastWriteTime.dwLowDateTime=0x4c6cad00, ftLastWriteTime.dwHighDateTime=0x1d5e5f0, nFileSizeHigh=0x0, nFileSizeLow=0x643)) returned 1 [0151.105] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\kx6 uo3mEQ_UuXg.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kx6 uo3meq_uuxg.pps"), fInfoLevelId=0x0, lpFileInformation=0xc0002376a0 | out: lpFileInformation=0xc0002376a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9cbfdf60, ftCreationTime.dwHighDateTime=0x1d5e4ed, ftLastAccessTime.dwLowDateTime=0xbd5ccda0, ftLastAccessTime.dwHighDateTime=0x1d5dd22, ftLastWriteTime.dwLowDateTime=0xbd5ccda0, ftLastWriteTime.dwHighDateTime=0x1d5dd22, nFileSizeHigh=0x0, nFileSizeLow=0xad8)) returned 1 [0151.106] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\x3Tqy 4iwG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\x3tqy 4iwg.csv"), fInfoLevelId=0x0, lpFileInformation=0xc0002376a0 | out: lpFileInformation=0xc0002376a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeff10fc0, ftCreationTime.dwHighDateTime=0x1d5dc68, ftLastAccessTime.dwLowDateTime=0xf65d83e0, ftLastAccessTime.dwHighDateTime=0x1d5e198, ftLastWriteTime.dwLowDateTime=0xf65d83e0, ftLastWriteTime.dwHighDateTime=0x1d5e198, nFileSizeHigh=0x0, nFileSizeLow=0xb4c8)) returned 1 [0151.106] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wOX68Cxezv6Oloa.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wox68cxezv6oloa.pptx"), fInfoLevelId=0x0, lpFileInformation=0xc000237928 | out: lpFileInformation=0xc000237928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd320ffa0, ftCreationTime.dwHighDateTime=0x1d5a256, ftLastAccessTime.dwLowDateTime=0xc15e80b0, ftLastAccessTime.dwHighDateTime=0x1d5b6cb, ftLastWriteTime.dwLowDateTime=0xc15e80b0, ftLastWriteTime.dwHighDateTime=0x1d5b6cb, nFileSizeHigh=0x0, nFileSizeLow=0x5306)) returned 1 [0151.106] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\y6tP2hHT.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\y6tp2hht.pptx"), fInfoLevelId=0x0, lpFileInformation=0xc000237928 | out: lpFileInformation=0xc000237928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf8961f60, ftCreationTime.dwHighDateTime=0x1d55f2e, ftLastAccessTime.dwLowDateTime=0x83198150, ftLastAccessTime.dwHighDateTime=0x1d5e6ba, ftLastWriteTime.dwLowDateTime=0x83198150, ftLastWriteTime.dwHighDateTime=0x1d5e6ba, nFileSizeHigh=0x0, nFileSizeLow=0x1592e)) returned 1 [0151.106] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0151.108] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\yhJPwSlO2BlhGko_W58.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\yhjpwslo2blhgko_w58.xlsx"), fInfoLevelId=0x0, lpFileInformation=0xc000237928 | out: lpFileInformation=0xc000237928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76929ec0, ftCreationTime.dwHighDateTime=0x1d5931e, ftLastAccessTime.dwLowDateTime=0xa8a96ce0, ftLastAccessTime.dwHighDateTime=0x1d5dc39, ftLastWriteTime.dwLowDateTime=0xa8a96ce0, ftLastWriteTime.dwHighDateTime=0x1d5dc39, nFileSizeHigh=0x0, nFileSizeLow=0x116b3)) returned 1 [0151.108] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads"), fInfoLevelId=0x0, lpFileInformation=0xc000237a00 | out: lpFileInformation=0xc000237a00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0151.109] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.109] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0151.110] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\*", lpFindFileData=0xc0002377b8 | out: lpFindFileData=0xc0002377b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0151.110] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0002377e8 | out: lpFindFileData=0xc0002377e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.155] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0002377e8 | out: lpFindFileData=0xc0002377e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0151.155] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0002377e8 | out: lpFindFileData=0xc0002377e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.155] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0151.156] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000237928 | out: lpFileInformation=0xc000237928*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0151.156] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites"), fInfoLevelId=0x0, lpFileInformation=0xc000237a00 | out: lpFileInformation=0xc000237a00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0151.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.156] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\*", lpFindFileData=0xc0002377b8 | out: lpFindFileData=0xc0002377b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0151.156] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0002377e8 | out: lpFindFileData=0xc0002377e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.156] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0002377e8 | out: lpFindFileData=0xc0002377e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0151.156] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0002377e8 | out: lpFindFileData=0xc0002377e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0151.156] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0002377e8 | out: lpFindFileData=0xc0002377e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0151.156] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0002377e8 | out: lpFindFileData=0xc0002377e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0151.156] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0002377e8 | out: lpFindFileData=0xc0002377e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0151.156] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc0002377e8 | out: lpFindFileData=0xc0002377e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.156] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0151.157] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links"), fInfoLevelId=0x0, lpFileInformation=0xc000237928 | out: lpFileInformation=0xc000237928*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0151.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.157] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\*", lpFindFileData=0xc0002376e0 | out: lpFindFileData=0xc0002376e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0151.157] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237710 | out: lpFindFileData=0xc000237710*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.157] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237710 | out: lpFindFileData=0xc000237710*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0151.157] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237710 | out: lpFindFileData=0xc000237710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52cd1930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x0, cFileName="Suggested Sites.url", cAlternateFileName="SUGGES~1.URL")) returned 1 [0151.158] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237710 | out: lpFindFileData=0xc000237710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0151.158] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237710 | out: lpFindFileData=0xc000237710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.158] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0151.158] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), fInfoLevelId=0x0, lpFileInformation=0xc000237850 | out: lpFileInformation=0xc000237850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52cd1930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec)) returned 1 [0151.158] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), fInfoLevelId=0x0, lpFileInformation=0xc000237850 | out: lpFileInformation=0xc000237850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2)) returned 1 [0151.158] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000237850 | out: lpFileInformation=0xc000237850*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x50)) returned 1 [0151.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites"), fInfoLevelId=0x0, lpFileInformation=0xc000237928 | out: lpFileInformation=0xc000237928*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0151.159] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.159] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\*", lpFindFileData=0xc0002376e0 | out: lpFindFileData=0xc0002376e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0151.188] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0151.548] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237710 | out: lpFindFileData=0xc000237710*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0151.549] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237710 | out: lpFindFileData=0xc000237710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0151.549] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237710 | out: lpFindFileData=0xc000237710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0151.549] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237710 | out: lpFindFileData=0xc000237710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0151.549] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237710 | out: lpFindFileData=0xc000237710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0151.549] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237710 | out: lpFindFileData=0xc000237710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0151.549] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237710 | out: lpFindFileData=0xc000237710*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0151.549] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc000237710 | out: lpFindFileData=0xc000237710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0151.549] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0151.551] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), fInfoLevelId=0x0, lpFileInformation=0xc000237850 | out: lpFileInformation=0xc000237850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0151.583] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), fInfoLevelId=0x0, lpFileInformation=0xc000237850 | out: lpFileInformation=0xc000237850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0151.606] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), fInfoLevelId=0x0, lpFileInformation=0xc000237850 | out: lpFileInformation=0xc000237850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0151.613] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0152.138] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), fInfoLevelId=0x0, lpFileInformation=0xc000237850 | out: lpFileInformation=0xc000237850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0152.146] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), fInfoLevelId=0x0, lpFileInformation=0xc000237850 | out: lpFileInformation=0xc000237850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0152.147] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), fInfoLevelId=0x0, lpFileInformation=0xc000237850 | out: lpFileInformation=0xc000237850*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85)) returned 1 [0152.156] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0152.347] SetEvent (hEvent=0xa68) returned 1 [0152.347] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0152.428] SetEvent (hEvent=0x9f0) returned 1 [0152.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x284 [0152.429] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc000271cf4 | out: lpMode=0xc000271cf4) returned 0 [0152.454] GetFileType (hFile=0x284) returned 0x1 [0152.454] GetFileType (hFile=0x284) returned 0x1 [0152.454] GetFileInformationByHandle (in: hFile=0x284, lpFileInformation=0xc000271d44 | out: lpFileInformation=0xc000271d44) returned 1 [0152.454] GetFileInformationByHandleEx (in: hFile=0x284, FileInformationClass=0x9, lpFileInformation=0xc000271d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000271d28) returned 1 [0152.454] ReadFile (in: hFile=0x284, lpBuffer=0xc000102e00, nNumberOfBytesToRead=0x31a, lpNumberOfBytesRead=0xc000271c04, lpOverlapped=0x0 | out: lpBuffer=0xc000102e00*, lpNumberOfBytesRead=0xc000271c04*=0x11a, lpOverlapped=0x0) returned 1 [0152.456] ReadFile (in: hFile=0x284, lpBuffer=0xc000102f1a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000271c04, lpOverlapped=0x0 | out: lpBuffer=0xc000102f1a*, lpNumberOfBytesRead=0xc000271c04*=0x0, lpOverlapped=0x0) returned 1 [0152.456] CloseHandle (hObject=0x284) returned 1 [0152.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0152.456] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini\\*", lpFindFileData=0xc000271a08 | out: lpFindFileData=0xc000271a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0152.456] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000271720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0152.456] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0152.458] SetEvent (hEvent=0xc5c) returned 1 [0152.458] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) returned 0x0 [0161.277] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0161.278] VirtualAlloc (lpAddress=0xc000766000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000766000 [0161.306] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0161.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.043] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms\\*", lpFindFileData=0xc0002e5a08 | out: lpFindFileData=0xc0002e5a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.043] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002e5720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.043] WaitForSingleObject (hHandle=0x274, dwMilliseconds=0xffffffff) Thread: id = 40 os_tid = 0xa88 [0115.849] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2ba9fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2ba9fea0*=0x210) returned 1 [0115.849] VirtualQuery (in: lpAddress=0x2ba9fec0, lpBuffer=0x2ba9fec0, dwLength=0x30 | out: lpBuffer=0x2ba9fec0*(BaseAddress=0x2ba9f000, AllocationBase=0x2b8a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0115.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x26c [0115.850] GetConsoleMode (in: hConsoleHandle=0x26c, lpMode=0xc000141cf4 | out: lpMode=0xc000141cf4) returned 0 [0115.852] GetFileType (hFile=0x26c) returned 0x1 [0115.852] GetFileType (hFile=0x26c) returned 0x1 [0115.853] GetFileInformationByHandle (in: hFile=0x26c, lpFileInformation=0xc000141d44 | out: lpFileInformation=0xc000141d44) returned 1 [0115.853] GetFileInformationByHandleEx (in: hFile=0x26c, FileInformationClass=0x9, lpFileInformation=0xc000141d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000141d28) returned 1 [0115.853] VirtualAlloc (lpAddress=0xc0003d8000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d8000 [0115.854] ReadFile (in: hFile=0x26c, lpBuffer=0xc0003d8000, nNumberOfBytesToRead=0xaea8, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003d8000*, lpNumberOfBytesRead=0xc000141c04*=0xaca8, lpOverlapped=0x0) returned 1 [0115.857] ReadFile (in: hFile=0x26c, lpBuffer=0xc0003e2ca8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003e2ca8*, lpNumberOfBytesRead=0xc000141c04*=0x0, lpOverlapped=0x0) returned 1 [0115.857] CloseHandle (hObject=0x26c) returned 1 [0115.857] VirtualAlloc (lpAddress=0xc0003e4000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e4000 [0115.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0115.908] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b0 [0115.908] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2b8 [0115.908] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0115.952] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000141d04 | out: lpMode=0xc000141d04) returned 0 [0115.953] SetEvent (hEvent=0x264) returned 1 [0115.953] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.065] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0116.065] VirtualAlloc (lpAddress=0xc0003d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d4000 [0116.065] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0116.066] GetConsoleMode (in: hConsoleHandle=0x254, lpMode=0xc000271d64 | out: lpMode=0xc000271d64) returned 0 [0116.067] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.082] SetEvent (hEvent=0xc0) returned 1 [0116.082] GetFileType (hFile=0x254) returned 0x1 [0116.082] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.116] WriteFile (in: hFile=0x254, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000271d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000271d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.116] CloseHandle (hObject=0x254) returned 1 [0116.119] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBO1qB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbo1qb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBO1qB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbbo1qb[1].jpg"), dwFlags=0x1) returned 1 [0116.650] SetEvent (hEvent=0x29c) returned 1 [0116.650] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.652] SetEvent (hEvent=0x188) returned 1 [0116.652] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.652] SetEvent (hEvent=0x188) returned 1 [0116.652] SetEvent (hEvent=0x29c) returned 1 [0116.653] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072028*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024b818, lpReserved=0x0 | out: lpBuffer=0xc000072028*, lpNumberOfCharsWritten=0xc00024b818*=0x3) returned 1 [0116.653] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.657] SetEvent (hEvent=0x188) returned 1 [0116.657] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.659] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.661] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.664] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.666] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.670] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.677] SetEvent (hEvent=0x114) returned 1 [0116.677] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.678] SetEvent (hEvent=0x114) returned 1 [0116.678] SetEvent (hEvent=0x258) returned 1 [0116.678] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.678] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.679] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.679] VirtualFree (lpAddress=0xc000054000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0116.680] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f5818, lpReserved=0x0 | out: lpBuffer=0xc000072008*, lpNumberOfCharsWritten=0xc0000f5818*=0x3) returned 1 [0116.681] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.684] SetEvent (hEvent=0x1e8) returned 1 [0116.684] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.685] SetEvent (hEvent=0x1e8) returned 1 [0116.685] SetEvent (hEvent=0x258) returned 1 [0116.685] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072028*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000045818, lpReserved=0x0 | out: lpBuffer=0xc000072028*, lpNumberOfCharsWritten=0xc000045818*=0x3) returned 1 [0116.686] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.688] SetEvent (hEvent=0x234) returned 1 [0116.688] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.689] SetEvent (hEvent=0x234) returned 1 [0116.690] SetEvent (hEvent=0x258) returned 1 [0116.690] SwitchToThread () returned 1 [0116.787] SwitchToThread () returned 1 [0116.788] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.793] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.795] SetEvent (hEvent=0x234) returned 1 [0116.795] SetEvent (hEvent=0x318) returned 1 [0116.795] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0018*, lpNumberOfCharsWritten=0xc00023f818*=0x3) returned 1 [0116.797] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.804] SetEvent (hEvent=0x234) returned 1 [0116.804] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0116.805] SetEvent (hEvent=0x1dc) returned 1 [0116.805] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc0006dd818*=0x3) returned 1 [0116.806] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.812] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000143818, lpReserved=0x0 | out: lpBuffer=0xc000072010*, lpNumberOfCharsWritten=0xc000143818*=0x3) returned 1 [0116.813] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.817] SwitchToThread () returned 1 [0116.917] SetEvent (hEvent=0x1dc) returned 1 [0116.917] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.926] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.928] SwitchToThread () returned 1 [0117.025] SwitchToThread () returned 1 [0117.026] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0117.353] VirtualAlloc (lpAddress=0xc0002cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002cc000 [0117.353] VirtualAlloc (lpAddress=0xc0002ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ce000 [0117.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3bc [0117.354] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc000153cf4 | out: lpMode=0xc000153cf4) returned 0 [0117.355] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0117.443] GetFileType (hFile=0x3bc) returned 0x1 [0117.443] GetFileType (hFile=0x3bc) returned 0x1 [0117.443] GetFileInformationByHandle (in: hFile=0x3bc, lpFileInformation=0xc000153d44 | out: lpFileInformation=0xc000153d44) returned 1 [0117.443] GetFileInformationByHandleEx (in: hFile=0x3bc, FileInformationClass=0x9, lpFileInformation=0xc000153d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000153d28) returned 1 [0117.443] VirtualAlloc (lpAddress=0xc0003c4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c4000 [0117.444] ReadFile (in: hFile=0x3bc, lpBuffer=0xc0003c4000, nNumberOfBytesToRead=0x850, lpNumberOfBytesRead=0xc000153c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003c4000*, lpNumberOfBytesRead=0xc000153c04*=0x650, lpOverlapped=0x0) returned 1 [0117.446] ReadFile (in: hFile=0x3bc, lpBuffer=0xc0003c4650, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000153c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003c4650*, lpNumberOfBytesRead=0xc000153c04*=0x0, lpOverlapped=0x0) returned 1 [0117.447] CloseHandle (hObject=0x3bc) returned 1 [0117.447] VirtualAlloc (lpAddress=0xc0003cc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003cc000 [0117.447] VirtualAlloc (lpAddress=0xc0003c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c8000 [0117.448] VirtualAlloc (lpAddress=0xc0003d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d4000 [0117.449] VirtualAlloc (lpAddress=0xc0003d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d8000 [0117.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0117.530] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0117.697] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc000153d04 | out: lpMode=0xc000153d04) returned 0 [0117.700] GetFileType (hFile=0x2e4) returned 0x1 [0117.700] WriteFile (in: hFile=0x2e4, lpBuffer=0xc0003cc000*, nNumberOfBytesToWrite=0x660, lpNumberOfBytesWritten=0xc000153cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003cc000*, lpNumberOfBytesWritten=0xc000153cec*=0x660, lpOverlapped=0x0) returned 1 [0117.702] CloseHandle (hObject=0x2e4) returned 1 [0117.704] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082c01 | out: pbBuffer=0xc000082c01) returned 1 [0117.704] VirtualAlloc (lpAddress=0xc00036e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036e000 [0117.704] VirtualAlloc (lpAddress=0xc000370000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000370000 [0117.705] VirtualAlloc (lpAddress=0xc000372000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000372000 [0117.705] VirtualAlloc (lpAddress=0xc000374000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000374000 [0117.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0117.706] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc000153d64 | out: lpMode=0xc000153d64) returned 0 [0117.707] GetFileType (hFile=0x2d4) returned 0x1 [0117.707] WriteFile (in: hFile=0x2d4, lpBuffer=0xc00036a6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000153d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00036a6e0*, lpNumberOfBytesWritten=0xc000153d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.708] CloseHandle (hObject=0x2d4) returned 1 [0117.709] VirtualAlloc (lpAddress=0xc000376000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000376000 [0117.710] VirtualAlloc (lpAddress=0xc000378000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000378000 [0117.710] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm"), dwFlags=0x1) returned 1 [0118.288] SwitchToThread () returned 1 [0118.289] SetEvent (hEvent=0x274) returned 1 [0118.289] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0118.291] SetEvent (hEvent=0x274) returned 1 [0118.291] SetEvent (hEvent=0x1f8) returned 1 [0118.291] SetEvent (hEvent=0x12c) returned 1 [0118.291] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0118.821] SetEvent (hEvent=0x24c) returned 1 [0118.821] SetEvent (hEvent=0x188) returned 1 [0118.821] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0118.823] SetEvent (hEvent=0x144) returned 1 [0118.823] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0118.842] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0118.843] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001c5cf4 | out: lpMode=0xc0001c5cf4) returned 0 [0118.844] GetFileType (hFile=0x36c) returned 0x1 [0118.844] GetFileType (hFile=0x36c) returned 0x1 [0118.844] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0001c5d44 | out: lpFileInformation=0xc0001c5d44) returned 1 [0118.844] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0001c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c5d28) returned 1 [0118.844] ReadFile (in: hFile=0x36c, lpBuffer=0xc0000be700, nNumberOfBytesToRead=0x357, lpNumberOfBytesRead=0xc0001c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be700*, lpNumberOfBytesRead=0xc0001c5c04*=0x157, lpOverlapped=0x0) returned 1 [0118.847] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0118.964] ReadFile (in: hFile=0x36c, lpBuffer=0xc0000be857, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be857*, lpNumberOfBytesRead=0xc0001c5c04*=0x0, lpOverlapped=0x0) returned 1 [0118.964] CloseHandle (hObject=0x36c) returned 1 [0118.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0118.965] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001c5d04 | out: lpMode=0xc0001c5d04) returned 0 [0118.970] GetFileType (hFile=0x36c) returned 0x1 [0118.970] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000bc000*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0xc0001c5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc000*, lpNumberOfBytesWritten=0xc0001c5cec*=0x160, lpOverlapped=0x0) returned 1 [0118.971] CloseHandle (hObject=0x36c) returned 1 [0118.973] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0118.973] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0118.973] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0001c5d64 | out: lpMode=0xc0001c5d64) returned 0 [0118.973] GetFileType (hFile=0x2b4) returned 0x1 [0118.974] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000bc840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc840*, lpNumberOfBytesWritten=0xc0001c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0118.974] CloseHandle (hObject=0x2b4) returned 1 [0118.975] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-AAmin0Z[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-aamin0z[1].png"), dwFlags=0x1) returned 1 [0119.115] SetEvent (hEvent=0x9c) returned 1 [0119.115] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0119.117] SetEvent (hEvent=0x258) returned 1 [0119.117] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0119.123] SetEvent (hEvent=0x12c) returned 1 [0119.123] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0119.183] SetEvent (hEvent=0x198) returned 1 [0119.183] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0119.187] VirtualFree (lpAddress=0xc0002b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0119.188] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072090*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001c5818, lpReserved=0x0 | out: lpBuffer=0xc000072090*, lpNumberOfCharsWritten=0xc0001c5818*=0x3) returned 1 [0119.190] SetEvent (hEvent=0x12c) returned 1 [0119.190] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0119.216] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0119.236] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0119.256] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0119.263] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0119.267] SetEvent (hEvent=0x9c) returned 1 [0119.267] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0141.510] SetEvent (hEvent=0xec) returned 1 [0141.510] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0141.512] SetEvent (hEvent=0x1a0) returned 1 [0141.512] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0141.522] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1V44lGoDEt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1v44lgodet.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e8 [0141.523] GetConsoleMode (in: hConsoleHandle=0x3e8, lpMode=0xc00029dcf4 | out: lpMode=0xc00029dcf4) returned 0 [0141.525] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0141.919] GetFileType (hFile=0x3e8) returned 0x1 [0141.919] GetFileType (hFile=0x3e8) returned 0x1 [0141.919] GetFileInformationByHandle (in: hFile=0x3e8, lpFileInformation=0xc00029dd44 | out: lpFileInformation=0xc00029dd44) returned 1 [0141.919] GetFileInformationByHandleEx (in: hFile=0x3e8, FileInformationClass=0x9, lpFileInformation=0xc00029dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029dd28) returned 1 [0141.919] VirtualAlloc (lpAddress=0xc000340000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000340000 [0141.920] ReadFile (in: hFile=0x3e8, lpBuffer=0xc000340000, nNumberOfBytesToRead=0x1b73, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000340000*, lpNumberOfBytesRead=0xc00029dc04*=0x1973, lpOverlapped=0x0) returned 1 [0142.652] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0143.184] ReadFile (in: hFile=0x3e8, lpBuffer=0xc000341973, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000341973*, lpNumberOfBytesRead=0xc00029dc04*=0x0, lpOverlapped=0x0) returned 1 [0143.185] CloseHandle (hObject=0x3e8) returned 1 [0143.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1V44lGoDEt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1v44lgodet.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e8 [0143.186] GetConsoleMode (in: hConsoleHandle=0x3e8, lpMode=0xc00029dd04 | out: lpMode=0xc00029dd04) returned 0 [0143.196] GetFileType (hFile=0x3e8) returned 0x1 [0143.196] WriteFile (in: hFile=0x3e8, lpBuffer=0xc000510c80*, nNumberOfBytesToWrite=0x1980, lpNumberOfBytesWritten=0xc00029dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000510c80*, lpNumberOfBytesWritten=0xc00029dcec*=0x1980, lpOverlapped=0x0) returned 1 [0143.198] CloseHandle (hObject=0x3e8) returned 1 [0143.198] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3301 | out: pbBuffer=0xc0001c3301) returned 1 [0143.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1V44lGoDEt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1v44lgodet.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e8 [0143.198] GetConsoleMode (in: hConsoleHandle=0x3e8, lpMode=0xc00029dd64 | out: lpMode=0xc00029dd64) returned 0 [0143.200] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) returned 0x0 [0144.041] GetFileType (hFile=0x3e8) returned 0x1 [0144.041] WriteFile (in: hFile=0x3e8, lpBuffer=0xc0006826e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006826e0*, lpNumberOfBytesWritten=0xc00029dd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.041] CloseHandle (hObject=0x3e8) returned 1 [0144.041] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1V44lGoDEt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1v44lgodet.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-1V44lGoDEt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-1v44lgodet.lnk"), dwFlags=0x1) returned 1 [0144.043] VirtualFree (lpAddress=0xc00077e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.044] VirtualFree (lpAddress=0xc00071a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.045] VirtualFree (lpAddress=0xc00032c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0144.046] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.046] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.047] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.048] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.049] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.049] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.050] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.051] SetEvent (hEvent=0x2a8) returned 1 [0144.051] WaitForSingleObject (hHandle=0x2b0, dwMilliseconds=0xffffffff) Thread: id = 41 os_tid = 0xa84 [0115.863] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2bc9fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2bc9fea0*=0x27c) returned 1 [0115.863] VirtualQuery (in: lpAddress=0x2bc9fec0, lpBuffer=0x2bc9fec0, dwLength=0x30 | out: lpBuffer=0x2bc9fec0*(BaseAddress=0x2bc9f000, AllocationBase=0x2baa0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0115.863] SetEvent (hEvent=0xf4) returned 1 [0115.863] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x26c [0115.863] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x270 [0115.863] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0115.871] SetEvent (hEvent=0x108) returned 1 [0115.871] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0115.874] SetEvent (hEvent=0x188) returned 1 [0115.874] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0115.883] SetEvent (hEvent=0x1d0) returned 1 [0115.883] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0115.887] SetEvent (hEvent=0x1c4) returned 1 [0115.887] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0115.906] SetEvent (hEvent=0x144) returned 1 [0115.906] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0115.911] SetEvent (hEvent=0x234) returned 1 [0115.911] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0115.914] SetEvent (hEvent=0x114) returned 1 [0115.914] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0115.918] SetEvent (hEvent=0x164) returned 1 [0115.918] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0115.921] VirtualAlloc (lpAddress=0xc00031c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031c000 [0115.922] VirtualAlloc (lpAddress=0xc00031e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031e000 [0115.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0115.923] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001a1cf4 | out: lpMode=0xc0001a1cf4) returned 0 [0115.925] GetFileType (hFile=0x240) returned 0x1 [0115.925] GetFileType (hFile=0x240) returned 0x1 [0115.925] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc0001a1d44 | out: lpFileInformation=0xc0001a1d44) returned 1 [0115.925] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc0001a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a1d28) returned 1 [0115.925] VirtualAlloc (lpAddress=0xc000320000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000320000 [0115.926] ReadFile (in: hFile=0x240, lpBuffer=0xc000320000, nNumberOfBytesToRead=0x390a, lpNumberOfBytesRead=0xc0001a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000320000*, lpNumberOfBytesRead=0xc0001a1c04*=0x370a, lpOverlapped=0x0) returned 1 [0115.929] ReadFile (in: hFile=0x240, lpBuffer=0xc00032370a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00032370a*, lpNumberOfBytesRead=0xc0001a1c04*=0x0, lpOverlapped=0x0) returned 1 [0115.929] CloseHandle (hObject=0x240) returned 1 [0115.930] VirtualAlloc (lpAddress=0xc000324000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000324000 [0115.931] VirtualAlloc (lpAddress=0xc000332000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000332000 [0115.931] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0115.960] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0115.996] GetConsoleMode (in: hConsoleHandle=0x2d0, lpMode=0xc0001a1d04 | out: lpMode=0xc0001a1d04) returned 0 [0115.998] GetFileType (hFile=0x2d0) returned 0x1 [0115.998] WriteFile (in: hFile=0x2d0, lpBuffer=0xc000324000*, nNumberOfBytesToWrite=0x3710, lpNumberOfBytesWritten=0xc0001a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000324000*, lpNumberOfBytesWritten=0xc0001a1cec*=0x3710, lpOverlapped=0x0) returned 1 [0115.999] CloseHandle (hObject=0x2d0) returned 1 [0116.004] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0601 | out: pbBuffer=0xc0000e0601) returned 1 [0116.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0116.004] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001a1d64 | out: lpMode=0xc0001a1d64) returned 0 [0116.005] GetFileType (hFile=0x2bc) returned 0x1 [0116.005] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0002d09a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002d09a0*, lpNumberOfBytesWritten=0xc0001a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.005] CloseHandle (hObject=0x2bc) returned 1 [0116.008] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc03b1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbc03b1[1].jpg"), dwFlags=0x1) returned 1 [0116.600] SwitchToThread () returned 1 [0116.600] SetEvent (hEvent=0x100) returned 1 [0116.600] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0116.601] SetEvent (hEvent=0x100) returned 1 [0116.601] SetEvent (hEvent=0xfc) returned 1 [0116.602] SetEvent (hEvent=0x208) returned 1 [0116.602] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0117.549] SetEvent (hEvent=0x29c) returned 1 [0117.549] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0117.561] SetEvent (hEvent=0x144) returned 1 [0117.561] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0117.603] SetEvent (hEvent=0x114) returned 1 [0117.603] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0117.612] SetEvent (hEvent=0x274) returned 1 [0117.612] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0117.617] SetEvent (hEvent=0x13c) returned 1 [0117.617] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0117.623] SetEvent (hEvent=0xfc) returned 1 [0117.624] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0117.635] SetEvent (hEvent=0x264) returned 1 [0117.635] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0117.670] SetEvent (hEvent=0x12c) returned 1 [0117.670] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0117.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\only[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0117.681] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0117.682] GetFileType (hFile=0x1ec) returned 0x1 [0117.682] GetFileType (hFile=0x1ec) returned 0x1 [0117.682] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0117.682] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0117.682] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0000b6400, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6400*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0117.682] CloseHandle (hObject=0x1ec) returned 1 [0117.683] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\only[1].htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374 [0117.775] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc000247d04 | out: lpMode=0xc000247d04) returned 0 [0117.776] SetEvent (hEvent=0x35c) returned 1 [0117.777] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0117.777] SetEvent (hEvent=0x234) returned 1 [0117.778] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0117.781] SetEvent (hEvent=0x234) returned 1 [0117.781] SetEvent (hEvent=0x35c) returned 1 [0117.781] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0117.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0117.781] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0117.785] GetFileType (hFile=0x174) returned 0x1 [0117.785] WriteFile (in: hFile=0x174, lpBuffer=0xc00036a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00036a2c0*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.785] CloseHandle (hObject=0x174) returned 1 [0117.795] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEf54R[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbef54r[1].jpg"), dwFlags=0x1) returned 1 [0118.416] SwitchToThread () returned 1 [0118.418] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0118.421] SwitchToThread () returned 1 [0118.423] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0118.775] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0118.775] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001f9cf4 | out: lpMode=0xc0001f9cf4) returned 0 [0118.783] GetFileType (hFile=0x2f0) returned 0x1 [0118.783] GetFileType (hFile=0x2f0) returned 0x1 [0118.783] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0001f9d44 | out: lpFileInformation=0xc0001f9d44) returned 1 [0118.783] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0001f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f9d28) returned 1 [0118.783] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0118.784] ReadFile (in: hFile=0x2f0, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x162e, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0001f9c04*=0x142e, lpOverlapped=0x0) returned 1 [0118.790] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00023142e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00023142e*, lpNumberOfBytesRead=0xc0001f9c04*=0x0, lpOverlapped=0x0) returned 1 [0118.790] CloseHandle (hObject=0x2f0) returned 1 [0118.791] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0118.792] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001f9d04 | out: lpMode=0xc0001f9d04) returned 0 [0118.795] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0118.852] GetFileType (hFile=0x2f0) returned 0x1 [0118.852] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0000d1500*, nNumberOfBytesToWrite=0x1430, lpNumberOfBytesWritten=0xc0001f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesWritten=0xc0001f9cec*=0x1430, lpOverlapped=0x0) returned 1 [0118.853] CloseHandle (hObject=0x2f0) returned 1 [0118.857] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0119.014] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a401 | out: pbBuffer=0xc00028a401) returned 1 [0119.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0119.014] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc0001f9d64 | out: lpMode=0xc0001f9d64) returned 0 [0119.017] GetFileType (hFile=0x2d4) returned 0x1 [0119.017] WriteFile (in: hFile=0x2d4, lpBuffer=0xc0000bc9a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc9a0*, lpNumberOfBytesWritten=0xc0001f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.017] CloseHandle (hObject=0x2d4) returned 1 [0119.018] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBMQch[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbmqch[1].jpg"), dwFlags=0x1) returned 1 [0119.249] SetEvent (hEvent=0xc0) returned 1 [0119.249] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2bc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2bc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2bc9f698, ulNumEntriesRemoved=0x2bc9f66c) returned 0 [0119.249] SetEvent (hEvent=0x9c) returned 1 [0119.249] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0119.251] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2bc9fe08*=0x26c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.252] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2bc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2bc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2bc9f6a0, ulNumEntriesRemoved=0x2bc9f674) returned 0 [0119.252] SetEvent (hEvent=0x9c) returned 1 [0119.252] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2bc9fe18*=0x26c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.256] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0141.513] SetEvent (hEvent=0x3c4) returned 1 [0141.513] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0141.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1EyRx-bxddwZPbzqj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1eyrx-bxddwzpbzqj.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e4 [0141.520] GetConsoleMode (in: hConsoleHandle=0x3e4, lpMode=0xc000065cf4 | out: lpMode=0xc000065cf4) returned 0 [0141.522] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0141.907] GetFileType (hFile=0x3e4) returned 0x1 [0141.907] GetFileType (hFile=0x3e4) returned 0x1 [0141.907] GetFileInformationByHandle (in: hFile=0x3e4, lpFileInformation=0xc000065d44 | out: lpFileInformation=0xc000065d44) returned 1 [0141.907] GetFileInformationByHandleEx (in: hFile=0x3e4, FileInformationClass=0x9, lpFileInformation=0xc000065d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000065d28) returned 1 [0141.907] VirtualAlloc (lpAddress=0xc000368000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000368000 [0141.909] ReadFile (in: hFile=0x3e4, lpBuffer=0xc000368000, nNumberOfBytesToRead=0xbf0, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc000368000*, lpNumberOfBytesRead=0xc000065c04*=0x9f0, lpOverlapped=0x0) returned 1 [0142.647] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0143.840] ReadFile (in: hFile=0x3e4, lpBuffer=0xc0003689f0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003689f0*, lpNumberOfBytesRead=0xc000065c04*=0x0, lpOverlapped=0x0) returned 1 [0143.840] CloseHandle (hObject=0x3e4) returned 1 [0143.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1EyRx-bxddwZPbzqj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1eyrx-bxddwzpbzqj.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0143.947] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0144.501] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000065d04 | out: lpMode=0xc000065d04) returned 0 [0144.508] SetEvent (hEvent=0x8d0) returned 1 [0144.508] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) returned 0x0 [0144.510] SetEvent (hEvent=0xc54) returned 1 [0144.510] WaitForSingleObject (hHandle=0x26c, dwMilliseconds=0xffffffff) Thread: id = 42 os_tid = 0xb44 [0115.869] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2be9fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2be9fea0*=0x204) returned 1 [0115.869] VirtualQuery (in: lpAddress=0x2be9fec0, lpBuffer=0x2be9fec0, dwLength=0x30 | out: lpBuffer=0x2be9fec0*(BaseAddress=0x2be9f000, AllocationBase=0x2bca0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0115.869] GetFileType (hFile=0x208) returned 0x1 [0115.869] WriteFile (in: hFile=0x208, lpBuffer=0xc0000fe000*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0xc00015fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesWritten=0xc00015fcec*=0x760, lpOverlapped=0x0) returned 1 [0115.870] CloseHandle (hObject=0x208) returned 1 [0115.874] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x208 [0115.874] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x288 [0115.874] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0115.919] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2201 | out: pbBuffer=0xc0001c2201) returned 1 [0115.919] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x22c [0115.919] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc00015fd64 | out: lpMode=0xc00015fd64) returned 0 [0115.924] GetFileType (hFile=0x22c) returned 0x1 [0115.924] WriteFile (in: hFile=0x22c, lpBuffer=0xc000182f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000182f20*, lpNumberOfBytesWritten=0xc00015fd4c*=0x158, lpOverlapped=0x0) returned 1 [0115.924] CloseHandle (hObject=0x22c) returned 1 [0115.929] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBOIAt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbboiat[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBOIAt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbboiat[1].jpg"), dwFlags=0x1) returned 1 [0116.550] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0116.550] SetEvent (hEvent=0x164) returned 1 [0116.550] SetEvent (hEvent=0x304) returned 1 [0116.551] VirtualFree (lpAddress=0xc00036a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.551] VirtualFree (lpAddress=0xc000280000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0116.552] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0116.552] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.553] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.553] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.553] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.554] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.554] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.554] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.555] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.555] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00026d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc00026d818*=0x3) returned 1 [0116.556] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0116.558] SetEvent (hEvent=0x164) returned 1 [0116.559] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0116.563] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0116.572] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0116.577] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0116.591] SetEvent (hEvent=0x1d4) returned 1 [0116.591] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0116.592] SetEvent (hEvent=0x1d4) returned 1 [0116.592] SetEvent (hEvent=0xfc) returned 1 [0116.592] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.593] VirtualFree (lpAddress=0xc00004c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0116.593] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.594] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.594] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cd818, lpReserved=0x0 | out: lpBuffer=0xc000072008*, lpNumberOfCharsWritten=0xc0001cd818*=0x3) returned 1 [0116.595] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0116.598] SetEvent (hEvent=0x100) returned 1 [0116.598] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0116.599] SetEvent (hEvent=0x100) returned 1 [0116.599] SetEvent (hEvent=0xfc) returned 1 [0116.599] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072028*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020f818, lpReserved=0x0 | out: lpBuffer=0xc000072028*, lpNumberOfCharsWritten=0xc00020f818*=0x3) returned 1 [0116.600] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0116.602] SetEvent (hEvent=0x100) returned 1 [0116.602] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0116.603] SetEvent (hEvent=0x100) returned 1 [0116.603] SetEvent (hEvent=0xfc) returned 1 [0116.603] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a1818, lpReserved=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfCharsWritten=0xc0001a1818*=0x3) returned 1 [0116.604] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0116.605] SetEvent (hEvent=0xec) returned 1 [0116.605] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0116.607] SetEvent (hEvent=0xec) returned 1 [0116.607] SetEvent (hEvent=0xfc) returned 1 [0116.607] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001bf818, lpReserved=0x0 | out: lpBuffer=0xc000072018*, lpNumberOfCharsWritten=0xc0001bf818*=0x3) returned 1 [0116.608] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0116.612] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0116.614] SetEvent (hEvent=0xec) returned 1 [0116.614] SwitchToThread () returned 1 [0116.618] SetEvent (hEvent=0xec) returned 1 [0116.618] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0116.619] SetEvent (hEvent=0xec) returned 1 [0116.619] SetEvent (hEvent=0x144) returned 1 [0116.619] SetEvent (hEvent=0x13c) returned 1 [0116.619] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0117.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d4 [0117.487] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0117.490] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0117.697] GetFileType (hFile=0x2d4) returned 0x1 [0117.697] GetFileType (hFile=0x2d4) returned 0x1 [0117.697] GetFileInformationByHandle (in: hFile=0x2d4, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0117.697] GetFileInformationByHandleEx (in: hFile=0x2d4, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0117.697] VirtualAlloc (lpAddress=0xc0003f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f4000 [0117.698] ReadFile (in: hFile=0x2d4, lpBuffer=0xc0003f4000, nNumberOfBytesToRead=0x1ba5, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003f4000*, lpNumberOfBytesRead=0xc0006ddc04*=0x19a5, lpOverlapped=0x0) returned 1 [0117.702] ReadFile (in: hFile=0x2d4, lpBuffer=0xc0003f59a5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003f59a5*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0117.702] CloseHandle (hObject=0x2d4) returned 1 [0117.702] VirtualAlloc (lpAddress=0xc000500000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000500000 [0117.703] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0117.783] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0117.786] GetFileType (hFile=0x184) returned 0x1 [0117.786] WriteFile (in: hFile=0x184, lpBuffer=0xc000500000*, nNumberOfBytesToWrite=0x19b0, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc000500000*, lpNumberOfBytesWritten=0xc0006ddcec*=0x19b0, lpOverlapped=0x0) returned 1 [0117.788] CloseHandle (hObject=0x184) returned 1 [0117.795] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a501 | out: pbBuffer=0xc00028a501) returned 1 [0117.795] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0117.795] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0117.812] GetFileType (hFile=0x174) returned 0x1 [0117.812] WriteFile (in: hFile=0x174, lpBuffer=0xc0001826e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001826e0*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.813] CloseHandle (hObject=0x174) returned 1 [0117.815] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0117.823] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEfBq0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbefbq0[1].jpg"), dwFlags=0x1) returned 1 [0118.419] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0118.422] SetEvent (hEvent=0x274) returned 1 [0118.422] SwitchToThread () returned 1 [0118.424] SetEvent (hEvent=0x274) returned 1 [0118.424] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0118.426] SetEvent (hEvent=0x274) returned 1 [0118.426] SetEvent (hEvent=0x364) returned 1 [0118.426] SwitchToThread () returned 1 [0118.427] SetEvent (hEvent=0x274) returned 1 [0118.427] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0118.429] SetEvent (hEvent=0x274) returned 1 [0118.429] SetEvent (hEvent=0x364) returned 1 [0118.429] SetEvent (hEvent=0x188) returned 1 [0118.429] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0118.774] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x184 [0118.774] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0001bbcf4 | out: lpMode=0xc0001bbcf4) returned 0 [0118.778] GetFileType (hFile=0x184) returned 0x1 [0118.779] GetFileType (hFile=0x184) returned 0x1 [0118.779] GetFileInformationByHandle (in: hFile=0x184, lpFileInformation=0xc0001bbd44 | out: lpFileInformation=0xc0001bbd44) returned 1 [0118.779] GetFileInformationByHandleEx (in: hFile=0x184, FileInformationClass=0x9, lpFileInformation=0xc0001bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bbd28) returned 1 [0118.779] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0118.780] ReadFile (in: hFile=0x184, lpBuffer=0xc000280000, nNumberOfBytesToRead=0xc1f, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000280000*, lpNumberOfBytesRead=0xc0001bbc04*=0xa1f, lpOverlapped=0x0) returned 1 [0118.786] ReadFile (in: hFile=0x184, lpBuffer=0xc000280a1f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000280a1f*, lpNumberOfBytesRead=0xc0001bbc04*=0x0, lpOverlapped=0x0) returned 1 [0118.786] CloseHandle (hObject=0x184) returned 1 [0118.786] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0118.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0118.787] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0001bbd04 | out: lpMode=0xc0001bbd04) returned 0 [0118.792] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0118.893] GetFileType (hFile=0x184) returned 0x1 [0118.893] WriteFile (in: hFile=0x184, lpBuffer=0xc0000e8000*, nNumberOfBytesToWrite=0xa20, lpNumberOfBytesWritten=0xc0001bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e8000*, lpNumberOfBytesWritten=0xc0001bbcec*=0xa20, lpOverlapped=0x0) returned 1 [0118.897] CloseHandle (hObject=0x184) returned 1 [0118.897] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a701 | out: pbBuffer=0xc00031a701) returned 1 [0118.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0118.898] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0001bbd64 | out: lpMode=0xc0001bbd64) returned 0 [0118.903] GetFileType (hFile=0x184) returned 0x1 [0118.903] WriteFile (in: hFile=0x184, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc0001bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0118.903] CloseHandle (hObject=0x184) returned 1 [0118.903] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0118.903] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBVLcG[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbvlcg[1].jpg"), dwFlags=0x1) returned 1 [0118.905] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2be9fe30*=0x208, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.905] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2be9f698, ulCount=0x10, ulNumEntriesRemoved=0x2be9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2be9f698, ulNumEntriesRemoved=0x2be9f66c) returned 0 [0118.906] SetEvent (hEvent=0xc0) returned 1 [0118.906] SetEvent (hEvent=0x3c8) returned 1 [0118.906] SetEvent (hEvent=0x29c) returned 1 [0118.906] SetEvent (hEvent=0x30c) returned 1 [0118.906] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2be9fe08*=0x208, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.907] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0118.907] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2be9fe08*=0x208, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.914] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2be9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2be9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2be9f6a0, ulNumEntriesRemoved=0x2be9f674) returned 0 [0118.914] SetEvent (hEvent=0x3c8) returned 1 [0118.914] SetEvent (hEvent=0x29c) returned 1 [0118.914] SetEvent (hEvent=0x30c) returned 1 [0118.914] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2be9fe18*=0x208, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.925] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0118.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x184 [0118.926] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc000137cf4 | out: lpMode=0xc000137cf4) returned 0 [0118.930] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0119.047] GetFileType (hFile=0x184) returned 0x1 [0119.047] GetFileType (hFile=0x184) returned 0x1 [0119.047] GetFileInformationByHandle (in: hFile=0x184, lpFileInformation=0xc000137d44 | out: lpFileInformation=0xc000137d44) returned 1 [0119.047] GetFileInformationByHandleEx (in: hFile=0x184, FileInformationClass=0x9, lpFileInformation=0xc000137d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000137d28) returned 1 [0119.047] VirtualAlloc (lpAddress=0xc0002b2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b2000 [0119.048] ReadFile (in: hFile=0x184, lpBuffer=0xc0002b2000, nNumberOfBytesToRead=0x38b1, lpNumberOfBytesRead=0xc000137c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b2000*, lpNumberOfBytesRead=0xc000137c04*=0x36b1, lpOverlapped=0x0) returned 1 [0119.059] ReadFile (in: hFile=0x184, lpBuffer=0xc0002b56b1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000137c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b56b1*, lpNumberOfBytesRead=0xc000137c04*=0x0, lpOverlapped=0x0) returned 1 [0119.059] CloseHandle (hObject=0x184) returned 1 [0119.059] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0119.061] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0119.101] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc000137d04 | out: lpMode=0xc000137d04) returned 0 [0119.104] GetFileType (hFile=0x3d0) returned 0x1 [0119.104] WriteFile (in: hFile=0x3d0, lpBuffer=0xc0002e2000*, nNumberOfBytesToWrite=0x36c0, lpNumberOfBytesWritten=0xc000137cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesWritten=0xc000137cec*=0x36c0, lpOverlapped=0x0) returned 1 [0119.105] CloseHandle (hObject=0x3d0) returned 1 [0119.109] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0119.157] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031ac01 | out: pbBuffer=0xc00031ac01) returned 1 [0119.158] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0119.158] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000137d64 | out: lpMode=0xc000137d64) returned 0 [0119.159] GetFileType (hFile=0x370) returned 0x1 [0119.159] WriteFile (in: hFile=0x370, lpBuffer=0xc0001c0b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000137d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0b00*, lpNumberOfBytesWritten=0xc000137d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.159] CloseHandle (hObject=0x370) returned 1 [0119.160] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-AAnhRyj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-aanhryj[1].jpg"), dwFlags=0x1) returned 1 [0119.779] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0119.782] SetEvent (hEvent=0x30c) returned 1 [0119.883] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0120.605] SetEvent (hEvent=0x1a0) returned 1 [0120.605] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0120.607] SetEvent (hEvent=0x114) returned 1 [0120.607] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0120.618] SetEvent (hEvent=0x258) returned 1 [0120.618] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0120.623] SetEvent (hEvent=0x320) returned 1 [0120.623] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0120.628] SetEvent (hEvent=0x1b4) returned 1 [0120.628] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0120.726] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0120.748] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0120.791] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0120.870] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0120.878] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0120.881] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0120.884] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0120.889] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0120.896] SetEvent (hEvent=0x148) returned 1 [0120.896] SetEvent (hEvent=0x334) returned 1 [0120.896] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0128.583] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0128.585] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0128.591] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e0e8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002a3818, lpReserved=0x0 | out: lpBuffer=0xc00005e0e8*, lpNumberOfCharsWritten=0xc0002a3818*=0x3) returned 1 [0128.592] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0132.988] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0133.022] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0133.031] SetEvent (hEvent=0x1b4) returned 1 [0133.031] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0133.032] SetEvent (hEvent=0x1b4) returned 1 [0133.032] SetEvent (hEvent=0x12c) returned 1 [0133.032] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0141.074] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0141.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0141.075] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0002d5cf4 | out: lpMode=0xc0002d5cf4) returned 0 [0141.087] GetFileType (hFile=0x370) returned 0x1 [0141.087] GetFileType (hFile=0x370) returned 0x1 [0141.087] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc0002d5d44 | out: lpFileInformation=0xc0002d5d44) returned 1 [0141.087] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc0002d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d5d28) returned 1 [0141.087] ReadFile (in: hFile=0x370, lpBuffer=0xc00028e700, nNumberOfBytesToRead=0x325, lpNumberOfBytesRead=0xc0002d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028e700*, lpNumberOfBytesRead=0xc0002d5c04*=0x125, lpOverlapped=0x0) returned 1 [0141.088] ReadFile (in: hFile=0x370, lpBuffer=0xc00028e825, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028e825*, lpNumberOfBytesRead=0xc0002d5c04*=0x0, lpOverlapped=0x0) returned 1 [0141.088] CloseHandle (hObject=0x370) returned 1 [0141.088] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0141.089] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0002d5d04 | out: lpMode=0xc0002d5d04) returned 0 [0141.090] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0141.275] GetFileType (hFile=0x370) returned 0x1 [0141.276] WriteFile (in: hFile=0x370, lpBuffer=0xc00028c140*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0xc0002d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc00028c140*, lpNumberOfBytesWritten=0xc0002d5cec*=0x130, lpOverlapped=0x0) returned 1 [0141.277] CloseHandle (hObject=0x370) returned 1 [0141.277] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0141.277] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0141.278] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0141.278] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0002d5d64 | out: lpMode=0xc0002d5d64) returned 0 [0141.280] GetFileType (hFile=0x370) returned 0x1 [0141.280] WriteFile (in: hFile=0x370, lpBuffer=0xc0002909a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002909a0*, lpNumberOfBytesWritten=0xc0002d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0141.280] CloseHandle (hObject=0x370) returned 1 [0141.280] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@advertising[1].txt"), dwFlags=0x1) returned 1 [0142.995] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2be9f698, ulCount=0x10, ulNumEntriesRemoved=0x2be9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2be9f698, ulNumEntriesRemoved=0x2be9f66c) returned 0 [0142.995] SetEvent (hEvent=0x30c) returned 1 [0142.995] SetEvent (hEvent=0xf4) returned 1 [0142.995] SetEvent (hEvent=0xfc) returned 1 [0142.998] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2be9fe08*=0x208, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.000] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0143.000] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2be9fe08*=0x208, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.011] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0143.011] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2be9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2be9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2be9f6a0, ulNumEntriesRemoved=0x2be9f674) returned 0 [0143.012] SetEvent (hEvent=0x30c) returned 1 [0143.012] SetEvent (hEvent=0xf4) returned 1 [0143.012] SetEvent (hEvent=0xfc) returned 1 [0143.012] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2be9fe18*=0x208, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2be9fe30*=0x208, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.038] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0143.039] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2be9f698, ulCount=0x10, ulNumEntriesRemoved=0x2be9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2be9f698, ulNumEntriesRemoved=0x2be9f66c) returned 0 [0143.039] SetEvent (hEvent=0xfc) returned 1 [0143.039] SetEvent (hEvent=0x258) returned 1 [0143.039] SetEvent (hEvent=0x334) returned 1 [0143.041] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2be9fe08*=0x208, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.049] SetEvent (hEvent=0x334) returned 1 [0143.049] SetEvent (hEvent=0x258) returned 1 [0143.049] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2be9fe08*=0x208, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.061] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2be9fe30*=0x208, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.062] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2be9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2be9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2be9f6a0, ulNumEntriesRemoved=0x2be9f674) returned 0 [0143.062] SetEvent (hEvent=0xc0) returned 1 [0143.062] SetEvent (hEvent=0xfc) returned 1 [0143.062] SetEvent (hEvent=0x334) returned 1 [0143.062] SetEvent (hEvent=0x258) returned 1 [0143.062] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2be9fe18*=0x208, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.080] VirtualAlloc (lpAddress=0xc000644000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000644000 [0143.081] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0143.081] VirtualAlloc (lpAddress=0xc000646000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000646000 [0143.082] VirtualAlloc (lpAddress=0xc000648000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000648000 [0143.083] VirtualAlloc (lpAddress=0xc00064a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00064a000 [0143.084] VirtualAlloc (lpAddress=0xc00064c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00064c000 [0143.085] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0143.085] GetConsoleMode (in: hConsoleHandle=0x260, lpMode=0xc000191d64 | out: lpMode=0xc000191d64) returned 0 [0143.089] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0144.563] GetFileType (hFile=0x260) returned 0x1 [0144.563] WriteFile (in: hFile=0x260, lpBuffer=0xc000290dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000191d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290dc0*, lpNumberOfBytesWritten=0xc000191d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.564] CloseHandle (hObject=0x260) returned 1 [0144.564] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0144.565] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@adform[1].txt"), dwFlags=0x1) returned 1 [0144.566] VirtualFree (lpAddress=0xc0006bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.567] VirtualFree (lpAddress=0xc000692000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0144.568] VirtualFree (lpAddress=0xc000684000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.569] VirtualFree (lpAddress=0xc000320000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.569] VirtualFree (lpAddress=0xc0002ca000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0144.570] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.570] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.571] VirtualFree (lpAddress=0xc000180000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0144.572] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.573] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.573] VirtualFree (lpAddress=0xc000110000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.574] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.575] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000102b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001e9818, lpReserved=0x0 | out: lpBuffer=0xc0000102b8*, lpNumberOfCharsWritten=0xc0001e9818*=0x4) returned 1 [0144.580] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0144.931] SetEvent (hEvent=0x254) returned 1 [0144.932] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0144.952] SetEvent (hEvent=0x254) returned 1 [0144.952] SetEvent (hEvent=0x1b4) returned 1 [0144.952] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0144.955] SetEvent (hEvent=0x254) returned 1 [0144.955] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0144.956] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x374 [0144.957] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc000141cf4 | out: lpMode=0xc000141cf4) returned 0 [0145.023] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0145.804] SetEvent (hEvent=0xc0) returned 1 [0145.804] GetFileType (hFile=0x374) returned 0x1 [0145.804] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0146.078] GetFileType (hFile=0x374) returned 0x1 [0146.078] GetFileInformationByHandle (in: hFile=0x374, lpFileInformation=0xc000141d44 | out: lpFileInformation=0xc000141d44) returned 1 [0146.078] GetFileInformationByHandleEx (in: hFile=0x374, FileInformationClass=0x9, lpFileInformation=0xc000141d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000141d28) returned 1 [0146.078] ReadFile (in: hFile=0x374, lpBuffer=0xc000052000, nNumberOfBytesToRead=0x207, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfBytesRead=0xc000141c04*=0x7, lpOverlapped=0x0) returned 1 [0146.079] ReadFile (in: hFile=0x374, lpBuffer=0xc000052007, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc000052007*, lpNumberOfBytesRead=0xc000141c04*=0x0, lpOverlapped=0x0) returned 1 [0146.079] CloseHandle (hObject=0x374) returned 1 [0146.079] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0146.081] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374 [0146.082] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc000141d04 | out: lpMode=0xc000141d04) returned 0 [0146.086] GetFileType (hFile=0x374) returned 0x1 [0146.086] WriteFile (in: hFile=0x374, lpBuffer=0xc000206250*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000141cec, lpOverlapped=0x0 | out: lpBuffer=0xc000206250*, lpNumberOfBytesWritten=0xc000141cec*=0x10, lpOverlapped=0x0) returned 1 [0146.087] CloseHandle (hObject=0x374) returned 1 [0146.087] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0146.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374 [0146.087] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc000141d64 | out: lpMode=0xc000141d64) returned 0 [0146.096] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0146.257] GetFileType (hFile=0x374) returned 0x1 [0146.257] WriteFile (in: hFile=0x374, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000141d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc000141d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.257] CloseHandle (hObject=0x374) returned 1 [0146.257] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\encry-Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\encry-desktop (create shortcut).desklink"), dwFlags=0x1) returned 1 [0146.258] SetEvent (hEvent=0xbd0) returned 1 [0146.258] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0146.266] SetEvent (hEvent=0x108) returned 1 [0146.266] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0146.274] SetEvent (hEvent=0xc24) returned 1 [0146.274] SetEvent (hEvent=0x3c4) returned 1 [0146.274] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0146.279] SetEvent (hEvent=0xc24) returned 1 [0146.279] SetEvent (hEvent=0x2f4) returned 1 [0146.279] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0146.301] SetEvent (hEvent=0xc80) returned 1 [0146.301] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0147.950] SetEvent (hEvent=0x448) returned 1 [0147.950] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0147.976] SetEvent (hEvent=0x274) returned 1 [0147.976] SetEvent (hEvent=0xc44) returned 1 [0147.976] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0147.982] SetEvent (hEvent=0x274) returned 1 [0147.982] SetEvent (hEvent=0x254) returned 1 [0147.982] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0147.983] SetEvent (hEvent=0x274) returned 1 [0147.983] SetEvent (hEvent=0x8b8) returned 1 [0147.983] SetEvent (hEvent=0xc44) returned 1 [0147.983] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0147.991] SetEvent (hEvent=0x274) returned 1 [0147.991] SetEvent (hEvent=0x254) returned 1 [0147.991] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0147.998] SetEvent (hEvent=0x274) returned 1 [0147.998] SwitchToThread () returned 1 [0148.000] SetEvent (hEvent=0x274) returned 1 [0148.000] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0148.002] SetEvent (hEvent=0x274) returned 1 [0148.002] SetEvent (hEvent=0xc44) returned 1 [0148.002] SetEvent (hEvent=0x8b8) returned 1 [0148.002] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0148.009] SwitchToThread () returned 1 [0148.014] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0148.015] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0148.016] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0148.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\x6ncJiE.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\x6ncjie.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5ac [0148.017] GetConsoleMode (in: hConsoleHandle=0x5ac, lpMode=0xc0004d9cf4 | out: lpMode=0xc0004d9cf4) returned 0 [0148.020] GetFileType (hFile=0x5ac) returned 0x1 [0148.020] GetFileType (hFile=0x5ac) returned 0x1 [0148.020] GetFileInformationByHandle (in: hFile=0x5ac, lpFileInformation=0xc0004d9d44 | out: lpFileInformation=0xc0004d9d44) returned 1 [0148.020] GetFileInformationByHandleEx (in: hFile=0x5ac, FileInformationClass=0x9, lpFileInformation=0xc0004d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004d9d28) returned 1 [0148.020] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0148.021] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0148.023] ReadFile (in: hFile=0x5ac, lpBuffer=0xc00027c000, nNumberOfBytesToRead=0x7dc0, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesRead=0xc0004d9c04*=0x7bc0, lpOverlapped=0x0) returned 1 [0148.654] ReadFile (in: hFile=0x5ac, lpBuffer=0xc000283bc0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000283bc0*, lpNumberOfBytesRead=0xc0004d9c04*=0x0, lpOverlapped=0x0) returned 1 [0148.654] CloseHandle (hObject=0x5ac) returned 1 [0148.655] VirtualAlloc (lpAddress=0xc00031c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031c000 [0148.673] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\x6ncJiE.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\x6ncjie.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x510 [0150.614] GetConsoleMode (in: hConsoleHandle=0x510, lpMode=0xc0004d9d04 | out: lpMode=0xc0004d9d04) returned 0 [0150.617] GetFileType (hFile=0x510) returned 0x1 [0150.617] WriteFile (in: hFile=0x510, lpBuffer=0xc00031c000*, nNumberOfBytesToWrite=0x7bd0, lpNumberOfBytesWritten=0xc0004d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00031c000*, lpNumberOfBytesWritten=0xc0004d9cec*=0x7bd0, lpOverlapped=0x0) returned 1 [0150.619] CloseHandle (hObject=0x510) returned 1 [0150.730] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0150.754] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0150.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\x6ncJiE.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\x6ncjie.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0150.754] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc0004d9d64 | out: lpMode=0xc0004d9d64) returned 0 [0150.757] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0150.796] GetFileType (hFile=0x3bc) returned 0x1 [0150.796] WriteFile (in: hFile=0x3bc, lpBuffer=0xc0001042c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001042c0*, lpNumberOfBytesWritten=0xc0004d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.796] CloseHandle (hObject=0x3bc) returned 1 [0150.798] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\x6ncJiE.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\x6ncjie.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-x6ncJiE.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-x6ncjie.mp3"), dwFlags=0x1) returned 1 [0153.196] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0153.217] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0153.218] GetFileType (hFile=0x374) returned 0x1 [0153.218] GetFileType (hFile=0x374) returned 0x1 [0153.218] GetFileInformationByHandle (in: hFile=0x374, lpFileInformation=0xc0000f5d44 | out: lpFileInformation=0xc0000f5d44) returned 1 [0153.218] GetFileInformationByHandleEx (in: hFile=0x374, FileInformationClass=0x9, lpFileInformation=0xc0000f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f5d28) returned 1 [0153.218] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0153.220] ReadFile (in: hFile=0x374, lpBuffer=0xc000072000, nNumberOfBytesToRead=0x694, lpNumberOfBytesRead=0xc0000f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfBytesRead=0xc0000f5c04*=0x494, lpOverlapped=0x0) returned 1 [0153.266] ReadFile (in: hFile=0x374, lpBuffer=0xc000072494, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000072494*, lpNumberOfBytesRead=0xc0000f5c04*=0x0, lpOverlapped=0x0) returned 1 [0153.266] CloseHandle (hObject=0x374) returned 1 [0153.266] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0153.267] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0153.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374 [0153.270] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc0000f5d04 | out: lpMode=0xc0000f5d04) returned 0 [0153.274] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0153.288] SetEvent (hEvent=0x9f0) returned 1 [0153.288] GetFileType (hFile=0x374) returned 0x1 [0153.288] WriteFile (in: hFile=0x374, lpBuffer=0xc0000dca00*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0xc0000f5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000dca00*, lpNumberOfBytesWritten=0xc0000f5cec*=0x4a0, lpOverlapped=0x0) returned 1 [0153.290] CloseHandle (hObject=0x374) returned 1 [0153.291] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1901 | out: pbBuffer=0xc0000e1901) returned 1 [0153.291] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374 [0153.291] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc0000f5d64 | out: lpMode=0xc0000f5d64) returned 0 [0153.300] GetFileType (hFile=0x374) returned 0x1 [0153.300] WriteFile (in: hFile=0x374, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0000f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.301] CloseHandle (hObject=0x374) returned 1 [0153.301] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\encry-sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\encry-sikvnb huvuib.contact"), dwFlags=0x1) returned 1 [0153.302] VirtualFree (lpAddress=0xc0004ac000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0153.304] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0153.305] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.306] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.306] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.307] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.308] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.309] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0153.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oeX7FVsDs_QXQ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\oex7fvsds_qxq.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x374 [0153.311] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc00043bcf4 | out: lpMode=0xc00043bcf4) returned 0 [0153.324] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0153.355] SetEvent (hEvent=0xc0) returned 1 [0153.355] SetEvent (hEvent=0x9f0) returned 1 [0153.355] GetFileType (hFile=0x374) returned 0x1 [0153.356] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0153.375] SetEvent (hEvent=0x9f0) returned 1 [0153.375] GetFileType (hFile=0x374) returned 0x1 [0153.375] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0153.379] GetFileInformationByHandle (in: hFile=0x374, lpFileInformation=0xc00043bd44 | out: lpFileInformation=0xc00043bd44) returned 1 [0153.379] GetFileInformationByHandleEx (in: hFile=0x374, FileInformationClass=0x9, lpFileInformation=0xc00043bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00043bd28) returned 1 [0153.379] VirtualAlloc (lpAddress=0xc0004a8000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004a8000 [0153.384] ReadFile (in: hFile=0x374, lpBuffer=0xc0004a8000, nNumberOfBytesToRead=0x163d6, lpNumberOfBytesRead=0xc00043bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004a8000*, lpNumberOfBytesRead=0xc00043bc04*=0x161d6, lpOverlapped=0x0) returned 1 [0153.386] ReadFile (in: hFile=0x374, lpBuffer=0xc0004be1d6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00043bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004be1d6*, lpNumberOfBytesRead=0xc00043bc04*=0x0, lpOverlapped=0x0) returned 1 [0153.386] CloseHandle (hObject=0x374) returned 1 [0153.387] VirtualAlloc (lpAddress=0xc0004c0000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004c0000 [0153.392] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oeX7FVsDs_QXQ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\oex7fvsds_qxq.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374 [0153.394] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc00043bd04 | out: lpMode=0xc00043bd04) returned 0 [0153.397] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0153.417] SwitchToThread () returned 1 [0153.418] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0153.434] SetEvent (hEvent=0x100) returned 1 [0153.434] SwitchToThread () returned 1 [0153.454] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0153.456] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0153.457] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0153.458] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0153.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\HcjK5UBAn9LkA.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\hcjk5uban9lka.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x678 [0153.460] GetConsoleMode (in: hConsoleHandle=0x678, lpMode=0xc000463cf4 | out: lpMode=0xc000463cf4) returned 0 [0153.489] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0153.491] GetFileType (hFile=0x678) returned 0x1 [0153.491] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0153.493] GetFileType (hFile=0x678) returned 0x1 [0153.493] GetFileInformationByHandle (in: hFile=0x678, lpFileInformation=0xc000463d44 | out: lpFileInformation=0xc000463d44) returned 1 [0153.493] GetFileInformationByHandleEx (in: hFile=0x678, FileInformationClass=0x9, lpFileInformation=0xc000463d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000463d28) returned 1 [0153.493] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0153.494] VirtualAlloc (lpAddress=0xc0004e0000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004e0000 [0153.498] ReadFile (in: hFile=0x678, lpBuffer=0xc0004e0000, nNumberOfBytesToRead=0x10f17, lpNumberOfBytesRead=0xc000463c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004e0000*, lpNumberOfBytesRead=0xc000463c04*=0x10d17, lpOverlapped=0x0) returned 1 [0153.500] ReadFile (in: hFile=0x678, lpBuffer=0xc0004f0d17, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000463c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004f0d17*, lpNumberOfBytesRead=0xc000463c04*=0x0, lpOverlapped=0x0) returned 1 [0153.500] CloseHandle (hObject=0x678) returned 1 [0153.500] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0153.502] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0153.503] VirtualAlloc (lpAddress=0xc0004f2000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004f2000 [0153.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\HcjK5UBAn9LkA.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\hcjk5uban9lka.ods"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x678 [0153.510] GetConsoleMode (in: hConsoleHandle=0x678, lpMode=0xc000463d04 | out: lpMode=0xc000463d04) returned 0 [0153.515] GetFileType (hFile=0x678) returned 0x1 [0153.515] WriteFile (in: hFile=0x678, lpBuffer=0xc0004f2000*, nNumberOfBytesToWrite=0x10d20, lpNumberOfBytesWritten=0xc000463cec, lpOverlapped=0x0 | out: lpBuffer=0xc0004f2000*, lpNumberOfBytesWritten=0xc000463cec*=0x10d20, lpOverlapped=0x0) returned 1 [0153.520] CloseHandle (hObject=0x678) returned 1 [0153.520] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0153.520] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0153.522] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0153.523] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0153.524] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\HcjK5UBAn9LkA.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\hcjk5uban9lka.ods"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x678 [0153.524] GetConsoleMode (in: hConsoleHandle=0x678, lpMode=0xc000463d64 | out: lpMode=0xc000463d64) returned 0 [0153.531] GetFileType (hFile=0x678) returned 0x1 [0153.531] WriteFile (in: hFile=0x678, lpBuffer=0xc000104b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000463d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104b00*, lpNumberOfBytesWritten=0xc000463d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.532] CloseHandle (hObject=0x678) returned 1 [0153.532] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0153.533] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0153.535] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\HcjK5UBAn9LkA.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\hcjk5uban9lka.ods"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\encry-HcjK5UBAn9LkA.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\encry-hcjk5uban9lka.ods"), dwFlags=0x1) returned 1 [0153.537] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0153.554] SetEvent (hEvent=0x43c) returned 1 [0153.554] SwitchToThread () returned 1 [0153.570] GetFileType (hFile=0x644) returned 0x1 [0153.570] WriteFile (in: hFile=0x644, lpBuffer=0xc000284000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000173d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284000*, lpNumberOfBytesWritten=0xc000173d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.570] CloseHandle (hObject=0x644) returned 1 [0153.571] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0153.572] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zkhuA1gXTQLWd8.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zkhua1gxtqlwd8.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-zkhuA1gXTQLWd8.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-zkhua1gxtqlwd8.gif"), dwFlags=0x1) returned 1 [0153.574] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0153.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x644 [0153.577] GetConsoleMode (in: hConsoleHandle=0x644, lpMode=0xc0001cdcf4 | out: lpMode=0xc0001cdcf4) returned 0 [0153.606] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0153.609] GetFileType (hFile=0x644) returned 0x1 [0153.609] GetFileType (hFile=0x644) returned 0x1 [0153.610] GetFileInformationByHandle (in: hFile=0x644, lpFileInformation=0xc0001cdd44 | out: lpFileInformation=0xc0001cdd44) returned 1 [0153.610] GetFileInformationByHandleEx (in: hFile=0x644, FileInformationClass=0x9, lpFileInformation=0xc0001cdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cdd28) returned 1 [0153.610] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0153.611] ReadFile (in: hFile=0x644, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x2d8, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc0001cdc04*=0xd8, lpOverlapped=0x0) returned 1 [0153.613] ReadFile (in: hFile=0x644, lpBuffer=0xc0000a20d8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a20d8*, lpNumberOfBytesRead=0xc0001cdc04*=0x0, lpOverlapped=0x0) returned 1 [0153.613] CloseHandle (hObject=0x644) returned 1 [0153.613] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0153.615] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0153.615] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini\\*", lpFindFileData=0xc0001cda08 | out: lpFindFileData=0xc0001cda08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0153.615] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001cd720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0153.615] SetEvent (hEvent=0x43c) returned 1 [0153.616] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0153.827] SetEvent (hEvent=0x100) returned 1 [0153.827] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0153.976] SetEvent (hEvent=0x9f0) returned 1 [0153.976] SetEvent (hEvent=0x43c) returned 1 [0153.977] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0154.084] SetEvent (hEvent=0x9f0) returned 1 [0154.084] SetEvent (hEvent=0x100) returned 1 [0154.084] SetEvent (hEvent=0x43c) returned 1 [0154.084] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0154.217] SetEvent (hEvent=0x100) returned 1 [0154.217] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0154.346] SetEvent (hEvent=0x9f0) returned 1 [0154.346] SetEvent (hEvent=0x43c) returned 1 [0154.346] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0154.455] SetEvent (hEvent=0x9f0) returned 1 [0154.455] SetEvent (hEvent=0x100) returned 1 [0154.455] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0154.557] SetEvent (hEvent=0x8d0) returned 1 [0154.557] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0154.795] SetEvent (hEvent=0x100) returned 1 [0154.795] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0154.867] SetEvent (hEvent=0x9f0) returned 1 [0154.867] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7c4 [0154.869] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000063cf4 | out: lpMode=0xc000063cf4) returned 0 [0154.897] GetFileType (hFile=0x7c4) returned 0x1 [0154.897] GetFileType (hFile=0x7c4) returned 0x1 [0154.897] GetFileInformationByHandle (in: hFile=0x7c4, lpFileInformation=0xc000063d44 | out: lpFileInformation=0xc000063d44) returned 1 [0154.897] GetFileInformationByHandleEx (in: hFile=0x7c4, FileInformationClass=0x9, lpFileInformation=0xc000063d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000063d28) returned 1 [0154.897] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0154.899] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0154.900] ReadFile (in: hFile=0x7c4, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc000063c04*=0x85, lpOverlapped=0x0) returned 1 [0154.902] ReadFile (in: hFile=0x7c4, lpBuffer=0xc0000fa085, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa085*, lpNumberOfBytesRead=0xc000063c04*=0x0, lpOverlapped=0x0) returned 1 [0154.903] CloseHandle (hObject=0x7c4) returned 1 [0154.903] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0154.905] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0154.906] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000063d04 | out: lpMode=0xc000063d04) returned 0 [0154.915] GetFileType (hFile=0x7c4) returned 0x1 [0154.915] WriteFile (in: hFile=0x7c4, lpBuffer=0xc000070090*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc000063cec, lpOverlapped=0x0 | out: lpBuffer=0xc000070090*, lpNumberOfBytesWritten=0xc000063cec*=0x90, lpOverlapped=0x0) returned 1 [0154.917] CloseHandle (hObject=0x7c4) returned 1 [0154.917] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0154.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0154.918] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000063d64 | out: lpMode=0xc000063d64) returned 0 [0154.929] GetFileType (hFile=0x7c4) returned 0x1 [0154.929] WriteFile (in: hFile=0x7c4, lpBuffer=0xc000104dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000063d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104dc0*, lpNumberOfBytesWritten=0xc000063d4c*=0x158, lpOverlapped=0x0) returned 1 [0154.930] CloseHandle (hObject=0x7c4) returned 1 [0154.930] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie add-on site.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\encry-IE Add-on site.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\encry-ie add-on site.url"), dwFlags=0x1) returned 1 [0154.932] VirtualFree (lpAddress=0xc000346000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0154.934] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.936] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7c4 [0154.937] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000277cf4 | out: lpMode=0xc000277cf4) returned 0 [0154.952] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0154.991] SetEvent (hEvent=0xc0) returned 1 [0154.991] SetEvent (hEvent=0x9f0) returned 1 [0154.992] GetFileType (hFile=0x7c4) returned 0x1 [0154.992] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0155.122] GetFileType (hFile=0x7c4) returned 0x1 [0155.122] GetFileInformationByHandle (in: hFile=0x7c4, lpFileInformation=0xc000277d44 | out: lpFileInformation=0xc000277d44) returned 1 [0155.122] GetFileInformationByHandleEx (in: hFile=0x7c4, FileInformationClass=0x9, lpFileInformation=0xc000277d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000277d28) returned 1 [0155.122] ReadFile (in: hFile=0x7c4, lpBuffer=0xc00002c580, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c580*, lpNumberOfBytesRead=0xc000277c04*=0x85, lpOverlapped=0x0) returned 1 [0155.125] ReadFile (in: hFile=0x7c4, lpBuffer=0xc00002c605, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c605*, lpNumberOfBytesRead=0xc000277c04*=0x0, lpOverlapped=0x0) returned 1 [0155.125] CloseHandle (hObject=0x7c4) returned 1 [0155.125] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0155.127] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000277d04 | out: lpMode=0xc000277d04) returned 0 [0155.156] GetFileType (hFile=0x7c4) returned 0x1 [0155.157] WriteFile (in: hFile=0x7c4, lpBuffer=0xc000078090*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc000277cec, lpOverlapped=0x0 | out: lpBuffer=0xc000078090*, lpNumberOfBytesWritten=0xc000277cec*=0x90, lpOverlapped=0x0) returned 1 [0155.159] CloseHandle (hObject=0x7c4) returned 1 [0155.159] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0155.161] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0155.161] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0155.163] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0155.164] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0155.166] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0155.167] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0155.168] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0155.169] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000277d64 | out: lpMode=0xc000277d64) returned 0 [0155.187] GetFileType (hFile=0x7c4) returned 0x1 [0155.187] WriteFile (in: hFile=0x7c4, lpBuffer=0xc000104dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000277d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104dc0*, lpNumberOfBytesWritten=0xc000277d4c*=0x158, lpOverlapped=0x0) returned 1 [0155.188] CloseHandle (hObject=0x7c4) returned 1 [0155.188] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at home.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\encry-Microsoft At Home.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\encry-microsoft at home.url"), dwFlags=0x1) returned 1 [0155.190] VirtualFree (lpAddress=0xc0004a8000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0155.192] SetEvent (hEvent=0xb58) returned 1 [0155.192] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0155.207] SetEvent (hEvent=0x43c) returned 1 [0155.208] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0155.282] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0155.283] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc00044bcf4 | out: lpMode=0xc00044bcf4) returned 0 [0155.287] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0155.389] SetEvent (hEvent=0x9e8) returned 1 [0155.389] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0155.391] SetEvent (hEvent=0x100) returned 1 [0155.391] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0155.960] SetEvent (hEvent=0x1b4) returned 1 [0155.960] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0156.019] SetEvent (hEvent=0x9e8) returned 1 [0156.019] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0156.019] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*", lpFindFileData=0xc00039b9f8 | out: lpFindFileData=0xc00039b9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0156.020] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00039b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0156.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4qXpp.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4qxpp.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x79c [0156.021] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc00026fcf4 | out: lpMode=0xc00026fcf4) returned 0 [0156.030] GetFileType (hFile=0x79c) returned 0x1 [0156.030] GetFileType (hFile=0x79c) returned 0x1 [0156.030] GetFileInformationByHandle (in: hFile=0x79c, lpFileInformation=0xc00026fd44 | out: lpFileInformation=0xc00026fd44) returned 1 [0156.031] GetFileInformationByHandleEx (in: hFile=0x79c, FileInformationClass=0x9, lpFileInformation=0xc00026fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026fd28) returned 1 [0156.031] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0156.037] ReadFile (in: hFile=0x79c, lpBuffer=0xc000542000, nNumberOfBytesToRead=0x135a7, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesRead=0xc00026fc04*=0x133a7, lpOverlapped=0x0) returned 1 [0156.040] ReadFile (in: hFile=0x79c, lpBuffer=0xc0005553a7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0005553a7*, lpNumberOfBytesRead=0xc00026fc04*=0x0, lpOverlapped=0x0) returned 1 [0156.040] CloseHandle (hObject=0x79c) returned 1 [0156.040] VirtualAlloc (lpAddress=0xc000556000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000556000 [0156.047] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4qXpp.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4qxpp.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0156.051] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc00026fd04 | out: lpMode=0xc00026fd04) returned 0 [0156.076] GetFileType (hFile=0x79c) returned 0x1 [0156.077] WriteFile (in: hFile=0x79c, lpBuffer=0xc000556000*, nNumberOfBytesToWrite=0x133b0, lpNumberOfBytesWritten=0xc00026fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000556000*, lpNumberOfBytesWritten=0xc00026fcec*=0x133b0, lpOverlapped=0x0) returned 1 [0156.082] CloseHandle (hObject=0x79c) returned 1 [0156.082] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2f01 | out: pbBuffer=0xc0001c2f01) returned 1 [0156.082] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4qXpp.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4qxpp.m4a"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0156.082] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc00026fd64 | out: lpMode=0xc00026fd64) returned 0 [0156.085] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0156.307] SetEvent (hEvent=0xc64) returned 1 [0156.307] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0161.229] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0161.230] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0161.231] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\b-Rfp5Hen4HuNy07Wh3.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\b-rfp5hen4huny07wh3.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x40c [0162.061] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc0003a7cf4 | out: lpMode=0xc0003a7cf4) returned 0 [0162.412] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0162.585] SetEvent (hEvent=0xc04) returned 1 [0162.585] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) returned 0x0 [0163.681] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000126120*, nNumberOfCharsToWrite=0x46, lpNumberOfCharsWritten=0xc000515808, lpReserved=0x0 | out: lpBuffer=0xc000126120*, lpNumberOfCharsWritten=0xc000515808*=0x46) returned 1 [0163.682] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b401 | out: pbBuffer=0xc00031b401) returned 1 [0163.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0166.389] VirtualAlloc (lpAddress=0xc00030a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030a000 [0166.390] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1\\*", lpFindFileData=0xc000515a68 | out: lpFindFileData=0xc000515a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0166.390] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc000515720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0166.390] WaitForSingleObject (hHandle=0x208, dwMilliseconds=0xffffffff) Thread: id = 43 os_tid = 0xb0 [0115.878] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2c09fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2c09fea0*=0x150) returned 1 [0115.878] VirtualQuery (in: lpAddress=0x2c09fec0, lpBuffer=0x2c09fec0, dwLength=0x30 | out: lpBuffer=0x2c09fec0*(BaseAddress=0x2c09f000, AllocationBase=0x2bea0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0115.879] GetFileType (hFile=0x1b0) returned 0x1 [0115.879] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00027c000*, nNumberOfBytesToWrite=0x36e0, lpNumberOfBytesWritten=0xc000271cec, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesWritten=0xc000271cec*=0x36e0, lpOverlapped=0x0) returned 1 [0115.880] CloseHandle (hObject=0x1b0) returned 1 [0115.884] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1e8 [0115.884] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x290 [0115.884] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0115.950] SetEvent (hEvent=0x1f8) returned 1 [0115.950] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0116.081] SetEvent (hEvent=0x148) returned 1 [0116.081] SetEvent (hEvent=0x234) returned 1 [0116.081] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0116.084] SetEvent (hEvent=0x148) returned 1 [0116.084] SetEvent (hEvent=0x15c) returned 1 [0116.085] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0116.100] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0116.101] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000045cf4 | out: lpMode=0xc000045cf4) returned 0 [0116.102] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0116.108] GetFileType (hFile=0x2e8) returned 0x1 [0116.108] GetFileType (hFile=0x2e8) returned 0x1 [0116.108] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc000045d44 | out: lpFileInformation=0xc000045d44) returned 1 [0116.108] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc000045d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000045d28) returned 1 [0116.108] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x2137, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc000045c04*=0x1f37, lpOverlapped=0x0) returned 1 [0116.112] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000347f37, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc000347f37*, lpNumberOfBytesRead=0xc000045c04*=0x0, lpOverlapped=0x0) returned 1 [0116.112] CloseHandle (hObject=0x2e8) returned 1 [0116.112] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0116.212] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0116.215] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000045d04 | out: lpMode=0xc000045d04) returned 0 [0116.217] GetFileType (hFile=0x370) returned 0x1 [0116.217] WriteFile (in: hFile=0x370, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x1f40, lpNumberOfBytesWritten=0xc000045cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc000045cec*=0x1f40, lpOverlapped=0x0) returned 1 [0116.219] CloseHandle (hObject=0x370) returned 1 [0116.221] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2101 | out: pbBuffer=0xc0001c2101) returned 1 [0116.221] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0116.221] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0116.222] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0116.222] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0116.222] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000045d64 | out: lpMode=0xc000045d64) returned 0 [0116.223] GetFileType (hFile=0x2c4) returned 0x1 [0116.223] WriteFile (in: hFile=0x2c4, lpBuffer=0xc0000be420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000045d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be420*, lpNumberOfBytesWritten=0xc000045d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.223] CloseHandle (hObject=0x2c4) returned 1 [0116.224] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBzaxY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzaxy[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBzaxY[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbbzaxy[1].jpg"), dwFlags=0x1) returned 1 [0116.683] SetEvent (hEvent=0xc0) returned 1 [0116.683] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c09f698, ulCount=0x10, ulNumEntriesRemoved=0x2c09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c09f698, ulNumEntriesRemoved=0x2c09f66c) returned 0 [0116.683] SetEvent (hEvent=0x2b0) returned 1 [0116.683] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c09fe08*=0x1e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.684] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c09f6a0, ulNumEntriesRemoved=0x2c09f674) returned 0 [0116.684] SetEvent (hEvent=0x2b0) returned 1 [0116.684] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c09fe18*=0x1e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.685] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0117.395] VirtualAlloc (lpAddress=0xc0002d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d0000 [0117.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x284 [0117.396] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc00015dcf4 | out: lpMode=0xc00015dcf4) returned 0 [0117.396] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0117.544] GetFileType (hFile=0x284) returned 0x1 [0117.544] GetFileType (hFile=0x284) returned 0x1 [0117.544] GetFileInformationByHandle (in: hFile=0x284, lpFileInformation=0xc00015dd44 | out: lpFileInformation=0xc00015dd44) returned 1 [0117.544] GetFileInformationByHandleEx (in: hFile=0x284, FileInformationClass=0x9, lpFileInformation=0xc00015dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015dd28) returned 1 [0117.544] VirtualAlloc (lpAddress=0xc00046e000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00046e000 [0117.545] ReadFile (in: hFile=0x284, lpBuffer=0xc00046e000, nNumberOfBytesToRead=0x32be, lpNumberOfBytesRead=0xc00015dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00046e000*, lpNumberOfBytesRead=0xc00015dc04*=0x30be, lpOverlapped=0x0) returned 1 [0117.548] ReadFile (in: hFile=0x284, lpBuffer=0xc0004710be, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004710be*, lpNumberOfBytesRead=0xc00015dc04*=0x0, lpOverlapped=0x0) returned 1 [0117.548] CloseHandle (hObject=0x284) returned 1 [0117.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0117.736] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0117.758] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc00015dd04 | out: lpMode=0xc00015dd04) returned 0 [0117.759] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1f0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2c09f920, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2c09f920*=0x2cc) returned 1 [0117.759] SwitchToThread () returned 1 [0117.761] SuspendThread (hThread=0x2cc) returned 0x0 [0117.761] GetThreadContext (in: hThread=0x2cc, lpContext=0x2c09f930 | out: lpContext=0x2c09f930*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2b49fbc8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab135a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0117.766] ResumeThread (hThread=0x2cc) returned 0x1 [0117.766] CloseHandle (hObject=0x2cc) returned 1 [0117.766] GetFileType (hFile=0x3bc) returned 0x1 [0117.766] WriteFile (in: hFile=0x3bc, lpBuffer=0xc000471500*, nNumberOfBytesToWrite=0x30c0, lpNumberOfBytesWritten=0xc00015dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000471500*, lpNumberOfBytesWritten=0xc00015dcec*=0x30c0, lpOverlapped=0x0) returned 1 [0117.768] CloseHandle (hObject=0x3bc) returned 1 [0117.768] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001801 | out: pbBuffer=0xc000001801) returned 1 [0117.769] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0117.769] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc00015dd64 | out: lpMode=0xc00015dd64) returned 0 [0117.770] GetFileType (hFile=0x3bc) returned 0x1 [0117.770] WriteFile (in: hFile=0x3bc, lpBuffer=0xc0004cf8c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0004cf8c0*, lpNumberOfBytesWritten=0xc00015dd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.770] CloseHandle (hObject=0x3bc) returned 1 [0117.771] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-bs-util[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bs-util[1].css"), dwFlags=0x1) returned 1 [0118.406] SwitchToThread () returned 1 [0118.407] SetEvent (hEvent=0x274) returned 1 [0118.407] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0118.408] SetEvent (hEvent=0x274) returned 1 [0118.408] SetEvent (hEvent=0x354) returned 1 [0118.408] SetEvent (hEvent=0x29c) returned 1 [0118.408] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0118.410] SetEvent (hEvent=0x274) returned 1 [0118.410] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0118.410] SetEvent (hEvent=0x274) returned 1 [0118.411] SetEvent (hEvent=0x15c) returned 1 [0118.411] VirtualFree (lpAddress=0xc000584000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.411] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.411] SwitchToThread () returned 1 [0118.412] SetEvent (hEvent=0x274) returned 1 [0118.412] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0118.413] SetEvent (hEvent=0x274) returned 1 [0118.413] SetEvent (hEvent=0x15c) returned 1 [0118.413] SetEvent (hEvent=0x29c) returned 1 [0118.413] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0118.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0118.797] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001f5cf4 | out: lpMode=0xc0001f5cf4) returned 0 [0118.803] GetFileType (hFile=0x2cc) returned 0x1 [0118.803] GetFileType (hFile=0x2cc) returned 0x1 [0118.803] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc0001f5d44 | out: lpFileInformation=0xc0001f5d44) returned 1 [0118.803] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc0001f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f5d28) returned 1 [0118.803] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0118.805] ReadFile (in: hFile=0x2cc, lpBuffer=0xc000300000, nNumberOfBytesToRead=0x406b, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesRead=0xc0001f5c04*=0x3e6b, lpOverlapped=0x0) returned 1 [0118.813] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0118.888] ReadFile (in: hFile=0x2cc, lpBuffer=0xc000303e6b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000303e6b*, lpNumberOfBytesRead=0xc0001f5c04*=0x0, lpOverlapped=0x0) returned 1 [0118.888] CloseHandle (hObject=0x2cc) returned 1 [0118.888] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0118.891] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0118.893] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001f5d04 | out: lpMode=0xc0001f5d04) returned 0 [0118.900] GetFileType (hFile=0x2cc) returned 0x1 [0118.900] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0002c4000*, nNumberOfBytesToWrite=0x3e70, lpNumberOfBytesWritten=0xc0001f5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002c4000*, lpNumberOfBytesWritten=0xc0001f5cec*=0x3e70, lpOverlapped=0x0) returned 1 [0118.902] CloseHandle (hObject=0x2cc) returned 1 [0118.902] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001201 | out: pbBuffer=0xc000001201) returned 1 [0118.902] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0118.902] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001f5d64 | out: lpMode=0xc0001f5d64) returned 0 [0118.905] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0119.038] GetFileType (hFile=0x2cc) returned 0x1 [0119.038] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0001c02c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c02c0*, lpNumberOfBytesWritten=0xc0001f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.038] CloseHandle (hObject=0x2cc) returned 1 [0119.044] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBMyVh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbmyvh[1].jpg"), dwFlags=0x1) returned 1 [0119.264] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0119.265] SetEvent (hEvent=0x2a8) returned 1 [0119.265] SetEvent (hEvent=0x9c) returned 1 [0119.265] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001db818, lpReserved=0x0 | out: lpBuffer=0xc000586018*, lpNumberOfCharsWritten=0xc0001db818*=0x3) returned 1 [0119.266] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0119.268] SetEvent (hEvent=0x2a8) returned 1 [0119.268] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0119.269] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0119.274] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0119.277] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0119.284] SetEvent (hEvent=0x28c) returned 1 [0119.284] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0119.286] SetEvent (hEvent=0x28c) returned 1 [0119.286] SetEvent (hEvent=0xb8) returned 1 [0119.286] VirtualFree (lpAddress=0xc0002cc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0119.287] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.287] VirtualFree (lpAddress=0xc00004c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0119.288] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.288] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001c9818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc0001c9818*=0x3) returned 1 [0119.289] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0119.293] SetEvent (hEvent=0x28c) returned 1 [0119.293] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0119.295] SetEvent (hEvent=0x28c) returned 1 [0119.295] SetEvent (hEvent=0xb8) returned 1 [0119.295] SwitchToThread () returned 1 [0119.392] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0119.491] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0141.500] SetEvent (hEvent=0x24c) returned 1 [0141.500] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0141.501] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x380 [0141.501] GetConsoleMode (in: hConsoleHandle=0x380, lpMode=0xc0001a3cf4 | out: lpMode=0xc0001a3cf4) returned 0 [0141.502] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0141.629] GetFileType (hFile=0x380) returned 0x1 [0141.629] GetFileType (hFile=0x380) returned 0x1 [0141.629] GetFileInformationByHandle (in: hFile=0x380, lpFileInformation=0xc0001a3d44 | out: lpFileInformation=0xc0001a3d44) returned 1 [0141.629] GetFileInformationByHandleEx (in: hFile=0x380, FileInformationClass=0x9, lpFileInformation=0xc0001a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a3d28) returned 1 [0141.629] VirtualAlloc (lpAddress=0xc000514000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000514000 [0141.633] ReadFile (in: hFile=0x380, lpBuffer=0xc000514000, nNumberOfBytesToRead=0x1ba00, lpNumberOfBytesRead=0xc0001a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000514000*, lpNumberOfBytesRead=0xc0001a3c04*=0x1b800, lpOverlapped=0x0) returned 1 [0142.571] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0143.433] SetEvent (hEvent=0xc0) returned 1 [0143.433] ReadFile (in: hFile=0x380, lpBuffer=0xc00052f800, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00052f800*, lpNumberOfBytesRead=0xc0001a3c04*=0x0, lpOverlapped=0x0) returned 1 [0143.433] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0144.124] SetEvent (hEvent=0x324) returned 1 [0144.124] CloseHandle (hObject=0x380) returned 1 [0144.124] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) returned 0x0 [0144.581] SetEvent (hEvent=0xa00) returned 1 [0144.581] WaitForSingleObject (hHandle=0x1e8, dwMilliseconds=0xffffffff) Thread: id = 44 os_tid = 0x5e4 [0115.887] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2c29fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2c29fea0*=0x294) returned 1 [0115.887] VirtualQuery (in: lpAddress=0x2c29fec0, lpBuffer=0x2c29fec0, dwLength=0x30 | out: lpBuffer=0x2c29fec0*(BaseAddress=0x2c29f000, AllocationBase=0x2c0a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0115.887] SetEvent (hEvent=0x100) returned 1 [0115.887] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x29c [0115.887] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2a0 [0115.887] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0115.937] VirtualAlloc (lpAddress=0xc00033c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033c000 [0115.938] SwitchToThread () returned 1 [0115.939] SwitchToThread () returned 1 [0115.941] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1b8, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2c29f840, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2c29f840*=0x22c) returned 1 [0115.941] SuspendThread (hThread=0x22c) returned 0x0 [0115.941] GetThreadContext (in: hThread=0x22c, lpContext=0x2c29f850 | out: lpContext=0x2c29f850*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2a29f728, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab153a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0115.941] ResumeThread (hThread=0x22c) returned 0x1 [0115.941] CloseHandle (hObject=0x22c) returned 1 [0115.942] SwitchToThread () returned 1 [0115.943] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c29fe08*=0x29c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.945] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c29fe08*=0x29c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.952] SetEvent (hEvent=0x1f8) returned 1 [0115.952] SetEvent (hEvent=0x234) returned 1 [0115.952] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c29fe08*=0x29c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.957] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c29fe30*=0x29c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0115.957] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c29f6a0, ulNumEntriesRemoved=0x2c29f674) returned 0 [0115.957] SetEvent (hEvent=0xc0) returned 1 [0115.958] SetEvent (hEvent=0x9c) returned 1 [0115.958] SetEvent (hEvent=0x15c) returned 1 [0115.958] SetEvent (hEvent=0x114) returned 1 [0115.958] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c29fe18*=0x29c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0115.966] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0115.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x22c [0115.967] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc00024bcf4 | out: lpMode=0xc00024bcf4) returned 0 [0115.968] GetFileType (hFile=0x22c) returned 0x1 [0115.968] VirtualAlloc (lpAddress=0xc000334000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000334000 [0115.968] GetFileType (hFile=0x22c) returned 0x1 [0115.968] GetFileInformationByHandle (in: hFile=0x22c, lpFileInformation=0xc00024bd44 | out: lpFileInformation=0xc00024bd44) returned 1 [0115.969] GetFileInformationByHandleEx (in: hFile=0x22c, FileInformationClass=0x9, lpFileInformation=0xc00024bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024bd28) returned 1 [0115.969] VirtualAlloc (lpAddress=0xc000346000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0115.971] ReadFile (in: hFile=0x22c, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x24a0, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc00024bc04*=0x22a0, lpOverlapped=0x0) returned 1 [0115.978] ReadFile (in: hFile=0x22c, lpBuffer=0xc0003482a0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003482a0*, lpNumberOfBytesRead=0xc00024bc04*=0x0, lpOverlapped=0x0) returned 1 [0115.978] CloseHandle (hObject=0x22c) returned 1 [0115.978] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0116.030] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc00024bd04 | out: lpMode=0xc00024bd04) returned 0 [0116.035] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0116.039] GetFileType (hFile=0x2c4) returned 0x1 [0116.039] WriteFile (in: hFile=0x2c4, lpBuffer=0xc000348500*, nNumberOfBytesToWrite=0x22b0, lpNumberOfBytesWritten=0xc00024bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000348500*, lpNumberOfBytesWritten=0xc00024bcec*=0x22b0, lpOverlapped=0x0) returned 1 [0116.040] CloseHandle (hObject=0x2c4) returned 1 [0116.066] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0116.080] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0e01 | out: pbBuffer=0xc0002f0e01) returned 1 [0116.080] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0116.081] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc00024bd64 | out: lpMode=0xc00024bd64) returned 0 [0116.082] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0116.102] GetFileType (hFile=0x2c4) returned 0x1 [0116.102] WriteFile (in: hFile=0x2c4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00024bd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.102] CloseHandle (hObject=0x2c4) returned 1 [0116.105] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc04o2[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBC04o2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbc04o2[1].jpg"), dwFlags=0x1) returned 1 [0116.647] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0116.648] SetEvent (hEvent=0x188) returned 1 [0116.648] SetEvent (hEvent=0x144) returned 1 [0116.648] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc000072008*, lpNumberOfCharsWritten=0xc000247818*=0x3) returned 1 [0116.649] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0116.651] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0116.652] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0116.653] SetEvent (hEvent=0x188) returned 1 [0116.653] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0116.655] SetEvent (hEvent=0x188) returned 1 [0116.655] SetEvent (hEvent=0x144) returned 1 [0116.655] SetEvent (hEvent=0x2b0) returned 1 [0116.655] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0116.657] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0116.658] SetEvent (hEvent=0x188) returned 1 [0116.658] SetEvent (hEvent=0x2b0) returned 1 [0116.658] SwitchToThread () returned 1 [0116.659] SetEvent (hEvent=0x188) returned 1 [0116.659] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0116.660] SetEvent (hEvent=0x188) returned 1 [0116.660] SetEvent (hEvent=0x2b0) returned 1 [0116.660] SetEvent (hEvent=0x9c) returned 1 [0116.661] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0117.423] SetEvent (hEvent=0x364) returned 1 [0117.424] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0117.439] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0117.440] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0117.442] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0117.554] GetFileType (hFile=0x240) returned 0x1 [0117.554] GetFileType (hFile=0x240) returned 0x1 [0117.554] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0117.554] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0117.554] ReadFile (in: hFile=0x240, lpBuffer=0xc00024e900, nNumberOfBytesToRead=0x80c, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc00024e900*, lpNumberOfBytesRead=0xc000175c04*=0x60c, lpOverlapped=0x0) returned 1 [0117.560] ReadFile (in: hFile=0x240, lpBuffer=0xc00024ef0c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc00024ef0c*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0117.560] CloseHandle (hObject=0x240) returned 1 [0117.560] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0117.560] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0117.742] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0117.758] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000175d04 | out: lpMode=0xc000175d04) returned 0 [0117.760] GetFileType (hFile=0x36c) returned 0x1 [0117.760] WriteFile (in: hFile=0x36c, lpBuffer=0xc00007a700*, nNumberOfBytesToWrite=0x610, lpNumberOfBytesWritten=0xc000175cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007a700*, lpNumberOfBytesWritten=0xc000175cec*=0x610, lpOverlapped=0x0) returned 1 [0117.761] CloseHandle (hObject=0x36c) returned 1 [0117.762] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a301 | out: pbBuffer=0xc00028a301) returned 1 [0117.762] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0117.763] VirtualAlloc (lpAddress=0xc000582000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000582000 [0117.763] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0117.764] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0117.766] GetFileType (hFile=0x36c) returned 0x1 [0117.766] WriteFile (in: hFile=0x36c, lpBuffer=0xc000183760*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000183760*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.766] CloseHandle (hObject=0x36c) returned 1 [0117.769] VirtualAlloc (lpAddress=0xc000584000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000584000 [0117.769] VirtualAlloc (lpAddress=0xc000588000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000588000 [0117.770] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-chrome_throbber_fast_16[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-chrome_throbber_fast_16[1].gif"), dwFlags=0x1) returned 1 [0118.404] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.404] SetEvent (hEvent=0x274) returned 1 [0118.404] SetEvent (hEvent=0x354) returned 1 [0118.404] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.405] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a7818, lpReserved=0x0 | out: lpBuffer=0xc000072008*, lpNumberOfCharsWritten=0xc0001a7818*=0x3) returned 1 [0118.406] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.408] SetEvent (hEvent=0x274) returned 1 [0118.408] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc000072030*, lpNumberOfCharsWritten=0xc0006e1818*=0x3) returned 1 [0118.409] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.412] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010118*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018d818, lpReserved=0x0 | out: lpBuffer=0xc000010118*, lpNumberOfCharsWritten=0xc00018d818*=0x3) returned 1 [0118.413] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.414] SetEvent (hEvent=0x15c) returned 1 [0118.414] SetEvent (hEvent=0x274) returned 1 [0118.414] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000720b8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015d818, lpReserved=0x0 | out: lpBuffer=0xc0000720b8*, lpNumberOfCharsWritten=0xc00015d818*=0x3) returned 1 [0118.415] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc000175818*=0x3) returned 1 [0118.416] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0118.417] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000047818, lpReserved=0x0 | out: lpBuffer=0xc000586016*, lpNumberOfCharsWritten=0xc000047818*=0x3) returned 1 [0118.419] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.421] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b9818, lpReserved=0x0 | out: lpBuffer=0xc000072010*, lpNumberOfCharsWritten=0xc0001b9818*=0x3) returned 1 [0118.423] VirtualAlloc (lpAddress=0xc00053c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00053c000 [0118.423] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.774] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2fc [0118.775] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc0001d1cf4 | out: lpMode=0xc0001d1cf4) returned 0 [0118.781] GetFileType (hFile=0x2fc) returned 0x1 [0118.781] GetFileType (hFile=0x2fc) returned 0x1 [0118.781] GetFileInformationByHandle (in: hFile=0x2fc, lpFileInformation=0xc0001d1d44 | out: lpFileInformation=0xc0001d1d44) returned 1 [0118.781] GetFileInformationByHandleEx (in: hFile=0x2fc, FileInformationClass=0x9, lpFileInformation=0xc0001d1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d1d28) returned 1 [0118.781] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0118.782] ReadFile (in: hFile=0x2fc, lpBuffer=0xc0001b4000, nNumberOfBytesToRead=0x9b8, lpNumberOfBytesRead=0xc0001d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b4000*, lpNumberOfBytesRead=0xc0001d1c04*=0x7b8, lpOverlapped=0x0) returned 1 [0118.788] ReadFile (in: hFile=0x2fc, lpBuffer=0xc0001b47b8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b47b8*, lpNumberOfBytesRead=0xc0001d1c04*=0x0, lpOverlapped=0x0) returned 1 [0118.788] CloseHandle (hObject=0x2fc) returned 1 [0118.788] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0118.788] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0118.789] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc0001d1d04 | out: lpMode=0xc0001d1d04) returned 0 [0118.792] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.848] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.850] SetEvent (hEvent=0x364) returned 1 [0118.850] SetEvent (hEvent=0x26c) returned 1 [0118.850] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.857] SetEvent (hEvent=0x234) returned 1 [0118.857] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.868] SetEvent (hEvent=0x15c) returned 1 [0118.868] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.885] SetEvent (hEvent=0x12c) returned 1 [0118.885] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.907] SetEvent (hEvent=0x318) returned 1 [0118.907] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.924] SetEvent (hEvent=0x334) returned 1 [0118.924] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.950] SetEvent (hEvent=0x264) returned 1 [0118.950] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.958] SetEvent (hEvent=0x334) returned 1 [0118.958] SetEvent (hEvent=0x114) returned 1 [0118.958] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.959] SetEvent (hEvent=0x234) returned 1 [0118.959] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.981] SetEvent (hEvent=0x1f8) returned 1 [0118.981] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0118.989] SetEvent (hEvent=0x13c) returned 1 [0118.989] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0119.003] GetFileType (hFile=0x3d4) returned 0x1 [0119.003] WriteFile (in: hFile=0x3d4, lpBuffer=0xc0000e61e0*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0xc0000f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e61e0*, lpNumberOfBytesWritten=0xc0000f3cec*=0x1d0, lpOverlapped=0x0) returned 1 [0119.004] CloseHandle (hObject=0x3d4) returned 1 [0119.011] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0119.084] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0119.085] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a001 | out: pbBuffer=0xc00031a001) returned 1 [0119.085] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x22c [0119.085] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc0000f3d64 | out: lpMode=0xc0000f3d64) returned 0 [0119.087] GetFileType (hFile=0x22c) returned 0x1 [0119.087] WriteFile (in: hFile=0x22c, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc0000f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.087] CloseHandle (hObject=0x22c) returned 1 [0119.091] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-AA61Ofl[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-aa61ofl[1].png"), dwFlags=0x1) returned 1 [0119.395] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001bf818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc0001bf818*=0x3) returned 1 [0119.491] SetEvent (hEvent=0x28c) returned 1 [0119.491] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0119.507] SetEvent (hEvent=0x28c) returned 1 [0119.507] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0119.508] SetEvent (hEvent=0x28c) returned 1 [0119.508] SetEvent (hEvent=0x264) returned 1 [0119.508] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010068*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f3818, lpReserved=0x0 | out: lpBuffer=0xc000010068*, lpNumberOfCharsWritten=0xc0000f3818*=0x3) returned 1 [0119.512] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0119.513] SetEvent (hEvent=0x274) returned 1 [0119.513] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0119.515] SetEvent (hEvent=0x274) returned 1 [0119.515] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0119.516] SetEvent (hEvent=0x274) returned 1 [0119.516] SetEvent (hEvent=0x264) returned 1 [0119.516] SetEvent (hEvent=0x1f8) returned 1 [0119.516] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0119.517] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0119.517] SetEvent (hEvent=0x274) returned 1 [0119.517] SetEvent (hEvent=0x1f8) returned 1 [0119.517] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001eb818, lpReserved=0x0 | out: lpBuffer=0xc0005863a0*, lpNumberOfCharsWritten=0xc0001eb818*=0x3) returned 1 [0119.518] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0119.523] SetEvent (hEvent=0x35c) returned 1 [0119.523] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0119.524] SetEvent (hEvent=0x35c) returned 1 [0119.524] SetEvent (hEvent=0x1f8) returned 1 [0119.524] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0119.566] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.566] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.566] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001c7818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc0001c7818*=0x3) returned 1 [0119.568] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0119.569] SetEvent (hEvent=0x120) returned 1 [0119.570] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0119.570] SetEvent (hEvent=0x120) returned 1 [0119.570] SetEvent (hEvent=0x1f8) returned 1 [0119.570] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.570] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.571] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863a8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004d9818, lpReserved=0x0 | out: lpBuffer=0xc0005863a8*, lpNumberOfCharsWritten=0xc0004d9818*=0x3) returned 1 [0119.572] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0119.573] SetEvent (hEvent=0x30c) returned 1 [0119.573] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0119.574] SetEvent (hEvent=0x30c) returned 1 [0119.574] SetEvent (hEvent=0x1f8) returned 1 [0119.574] SwitchToThread () returned 1 [0119.671] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0141.487] SetEvent (hEvent=0x9c) returned 1 [0141.487] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0141.489] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4rI99TmpDHL6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4ri99tmpdhl6.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x284 [0141.490] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc000229cf4 | out: lpMode=0xc000229cf4) returned 0 [0141.490] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0141.534] GetFileType (hFile=0x284) returned 0x1 [0141.534] GetFileType (hFile=0x284) returned 0x1 [0141.534] GetFileInformationByHandle (in: hFile=0x284, lpFileInformation=0xc000229d44 | out: lpFileInformation=0xc000229d44) returned 1 [0141.534] GetFileInformationByHandleEx (in: hFile=0x284, FileInformationClass=0x9, lpFileInformation=0xc000229d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000229d28) returned 1 [0141.534] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0141.535] ReadFile (in: hFile=0x284, lpBuffer=0xc0002bc000, nNumberOfBytesToRead=0x118c, lpNumberOfBytesRead=0xc000229c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002bc000*, lpNumberOfBytesRead=0xc000229c04*=0xf8c, lpOverlapped=0x0) returned 1 [0142.516] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0143.066] ReadFile (in: hFile=0x284, lpBuffer=0xc0002bcf8c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000229c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002bcf8c*, lpNumberOfBytesRead=0xc000229c04*=0x0, lpOverlapped=0x0) returned 1 [0143.066] CloseHandle (hObject=0x284) returned 1 [0143.066] VirtualAlloc (lpAddress=0xc0006aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006aa000 [0143.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4rI99TmpDHL6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4ri99tmpdhl6.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0143.068] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc000229d04 | out: lpMode=0xc000229d04) returned 0 [0143.075] GetFileType (hFile=0x284) returned 0x1 [0143.075] WriteFile (in: hFile=0x284, lpBuffer=0xc0006aa000*, nNumberOfBytesToWrite=0xf90, lpNumberOfBytesWritten=0xc000229cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006aa000*, lpNumberOfBytesWritten=0xc000229cec*=0xf90, lpOverlapped=0x0) returned 1 [0143.076] CloseHandle (hObject=0x284) returned 1 [0143.076] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0143.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4rI99TmpDHL6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4ri99tmpdhl6.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0143.076] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc000229d64 | out: lpMode=0xc000229d64) returned 0 [0143.089] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0144.388] GetFileType (hFile=0x284) returned 0x1 [0144.388] WriteFile (in: hFile=0x284, lpBuffer=0xc0006142c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000229d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006142c0*, lpNumberOfBytesWritten=0xc000229d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.388] CloseHandle (hObject=0x284) returned 1 [0144.388] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4rI99TmpDHL6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4ri99tmpdhl6.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-4rI99TmpDHL6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-4ri99tmpdhl6.lnk"), dwFlags=0x1) returned 1 [0144.390] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c29fe30*=0x29c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.391] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c29f698, ulCount=0x10, ulNumEntriesRemoved=0x2c29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c29f698, ulNumEntriesRemoved=0x2c29f66c) returned 0 [0144.391] SetEvent (hEvent=0x3dc) returned 1 [0144.391] SetEvent (hEvent=0xc3c) returned 1 [0144.391] SetEvent (hEvent=0xbc0) returned 1 [0144.393] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c29fe08*=0x29c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.394] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0144.394] SetEvent (hEvent=0xbc0) returned 1 [0144.394] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c29fe08*=0x29c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.401] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c29fe30*=0x29c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.402] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0144.402] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c29f6a0, ulNumEntriesRemoved=0x2c29f674) returned 0 [0144.402] SetEvent (hEvent=0xc0) returned 1 [0144.402] SetEvent (hEvent=0xc3c) returned 1 [0144.402] SetEvent (hEvent=0x5cc) returned 1 [0144.402] SetEvent (hEvent=0xbc0) returned 1 [0144.402] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c29fe18*=0x29c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.404] SetEvent (hEvent=0x8b8) returned 1 [0144.404] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0144.416] SetEvent (hEvent=0x8b8) returned 1 [0144.416] SetEvent (hEvent=0xbe8) returned 1 [0144.416] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0144.427] SetEvent (hEvent=0xbd0) returned 1 [0144.427] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0144.481] SetEvent (hEvent=0x8c8) returned 1 [0144.481] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) returned 0x0 [0144.497] SetEvent (hEvent=0xb38) returned 1 [0144.497] WaitForSingleObject (hHandle=0x29c, dwMilliseconds=0xffffffff) Thread: id = 45 os_tid = 0x1c4 [0115.893] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2c49fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2c49fea0*=0x2a4) returned 1 [0115.893] VirtualQuery (in: lpAddress=0x2c49fec0, lpBuffer=0x2c49fec0, dwLength=0x30 | out: lpBuffer=0x2c49fec0*(BaseAddress=0x2c49f000, AllocationBase=0x2c2a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0115.893] SetEvent (hEvent=0x8c) returned 1 [0115.893] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2a8 [0115.893] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2ac [0115.893] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0115.906] SetEvent (hEvent=0x15c) returned 1 [0115.906] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0115.914] SetEvent (hEvent=0xec) returned 1 [0115.914] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0115.918] SetEvent (hEvent=0x208) returned 1 [0115.918] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0115.931] SetEvent (hEvent=0x148) returned 1 [0115.931] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0115.938] SetEvent (hEvent=0x24c) returned 1 [0115.938] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0115.943] SetEvent (hEvent=0xfc) returned 1 [0115.943] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0116.114] SetEvent (hEvent=0x2b0) returned 1 [0116.114] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0116.118] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d0 [0116.118] GetConsoleMode (in: hConsoleHandle=0x2d0, lpMode=0xc00023fcf4 | out: lpMode=0xc00023fcf4) returned 0 [0116.121] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0116.143] GetFileType (hFile=0x2d0) returned 0x1 [0116.143] GetFileType (hFile=0x2d0) returned 0x1 [0116.143] GetFileInformationByHandle (in: hFile=0x2d0, lpFileInformation=0xc00023fd44 | out: lpFileInformation=0xc00023fd44) returned 1 [0116.143] GetFileInformationByHandleEx (in: hFile=0x2d0, FileInformationClass=0x9, lpFileInformation=0xc00023fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023fd28) returned 1 [0116.143] VirtualAlloc (lpAddress=0xc000360000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000360000 [0116.144] VirtualAlloc (lpAddress=0xc000362000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000362000 [0116.145] ReadFile (in: hFile=0x2d0, lpBuffer=0xc000362000, nNumberOfBytesToRead=0x484, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000362000*, lpNumberOfBytesRead=0xc00023fc04*=0x284, lpOverlapped=0x0) returned 1 [0116.149] ReadFile (in: hFile=0x2d0, lpBuffer=0xc000362284, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000362284*, lpNumberOfBytesRead=0xc00023fc04*=0x0, lpOverlapped=0x0) returned 1 [0116.150] CloseHandle (hObject=0x2d0) returned 1 [0116.150] VirtualAlloc (lpAddress=0xc000364000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000364000 [0116.150] VirtualAlloc (lpAddress=0xc000366000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000366000 [0116.151] VirtualAlloc (lpAddress=0xc000368000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000368000 [0116.151] VirtualAlloc (lpAddress=0xc00036a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036a000 [0116.152] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x230 [0116.241] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0116.245] GetConsoleMode (in: hConsoleHandle=0x230, lpMode=0xc00023fd04 | out: lpMode=0xc00023fd04) returned 0 [0116.247] GetFileType (hFile=0x230) returned 0x1 [0116.247] WriteFile (in: hFile=0x230, lpBuffer=0xc00036a000*, nNumberOfBytesToWrite=0x290, lpNumberOfBytesWritten=0xc00023fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00036a000*, lpNumberOfBytesWritten=0xc00023fcec*=0x290, lpOverlapped=0x0) returned 1 [0116.248] CloseHandle (hObject=0x230) returned 1 [0116.250] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2101 | out: pbBuffer=0xc0001c2101) returned 1 [0116.250] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0116.250] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00023fd64 | out: lpMode=0xc00023fd64) returned 0 [0116.257] GetFileType (hFile=0x2e8) returned 0x1 [0116.258] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000be2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be2c0*, lpNumberOfBytesWritten=0xc00023fd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.258] CloseHandle (hObject=0x2e8) returned 1 [0116.266] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBDk44m[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbdk44m[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBDk44m[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbdk44m[1].png"), dwFlags=0x1) returned 1 [0116.689] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000111818, lpReserved=0x0 | out: lpBuffer=0xc000072010*, lpNumberOfCharsWritten=0xc000111818*=0x3) returned 1 [0116.788] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0117.393] SetEvent (hEvent=0x340) returned 1 [0117.393] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0117.394] SetEvent (hEvent=0x3c0) returned 1 [0117.395] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0117.398] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x22c [0117.398] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc0001bdcf4 | out: lpMode=0xc0001bdcf4) returned 0 [0117.402] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0117.569] GetFileType (hFile=0x22c) returned 0x1 [0117.570] GetFileType (hFile=0x22c) returned 0x1 [0117.570] GetFileInformationByHandle (in: hFile=0x22c, lpFileInformation=0xc0001bdd44 | out: lpFileInformation=0xc0001bdd44) returned 1 [0117.570] GetFileInformationByHandleEx (in: hFile=0x22c, FileInformationClass=0x9, lpFileInformation=0xc0001bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bdd28) returned 1 [0117.570] VirtualAlloc (lpAddress=0xc0004a4000, dwSize=0x26000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004a4000 [0117.574] ReadFile (in: hFile=0x22c, lpBuffer=0xc0004a4000, nNumberOfBytesToRead=0x256f1, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004a4000*, lpNumberOfBytesRead=0xc0001bdc04*=0x254f1, lpOverlapped=0x0) returned 1 [0117.589] ReadFile (in: hFile=0x22c, lpBuffer=0xc0004c94f1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004c94f1*, lpNumberOfBytesRead=0xc0001bdc04*=0x0, lpOverlapped=0x0) returned 1 [0117.589] CloseHandle (hObject=0x22c) returned 1 [0117.590] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x26000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0117.595] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0117.757] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0117.771] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0001bdd04 | out: lpMode=0xc0001bdd04) returned 0 [0117.771] SetEvent (hEvent=0x15c) returned 1 [0117.771] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0117.834] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a901 | out: pbBuffer=0xc00028a901) returned 1 [0117.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0117.834] GetConsoleMode (in: hConsoleHandle=0x254, lpMode=0xc00018fd64 | out: lpMode=0xc00018fd64) returned 0 [0117.836] GetFileType (hFile=0x254) returned 0x1 [0117.836] WriteFile (in: hFile=0x254, lpBuffer=0xc000182b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000182b00*, lpNumberOfBytesWritten=0xc00018fd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.836] CloseHandle (hObject=0x254) returned 1 [0117.838] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEf306[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbef306[1].jpg"), dwFlags=0x1) returned 1 [0118.560] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0118.562] SetEvent (hEvent=0x274) returned 1 [0118.562] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0118.567] SwitchToThread () returned 1 [0118.568] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0118.752] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d0 [0118.753] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc0001dbcf4 | out: lpMode=0xc0001dbcf4) returned 0 [0118.754] GetFileType (hFile=0x3d0) returned 0x1 [0118.755] GetFileType (hFile=0x3d0) returned 0x1 [0118.755] GetFileInformationByHandle (in: hFile=0x3d0, lpFileInformation=0xc0001dbd44 | out: lpFileInformation=0xc0001dbd44) returned 1 [0118.755] GetFileInformationByHandleEx (in: hFile=0x3d0, FileInformationClass=0x9, lpFileInformation=0xc0001dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001dbd28) returned 1 [0118.755] ReadFile (in: hFile=0x3d0, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0x1729, lpNumberOfBytesRead=0xc0001dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc0001dbc04*=0x1529, lpOverlapped=0x0) returned 1 [0118.763] ReadFile (in: hFile=0x3d0, lpBuffer=0xc00006b529, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006b529*, lpNumberOfBytesRead=0xc0001dbc04*=0x0, lpOverlapped=0x0) returned 1 [0118.763] CloseHandle (hObject=0x3d0) returned 1 [0118.763] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0118.764] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc0001dbd04 | out: lpMode=0xc0001dbd04) returned 0 [0118.772] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0118.850] GetFileType (hFile=0x3d0) returned 0x1 [0118.850] WriteFile (in: hFile=0x3d0, lpBuffer=0xc00006b800*, nNumberOfBytesToWrite=0x1530, lpNumberOfBytesWritten=0xc0001dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00006b800*, lpNumberOfBytesWritten=0xc0001dbcec*=0x1530, lpOverlapped=0x0) returned 1 [0118.851] CloseHandle (hObject=0x3d0) returned 1 [0118.858] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0119.030] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a801 | out: pbBuffer=0xc00028a801) returned 1 [0119.030] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0119.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e0 [0119.031] GetConsoleMode (in: hConsoleHandle=0x2e0, lpMode=0xc0001dbd64 | out: lpMode=0xc0001dbd64) returned 0 [0119.033] GetFileType (hFile=0x2e0) returned 0x1 [0119.033] WriteFile (in: hFile=0x2e0, lpBuffer=0xc0000bcdc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000bcdc0*, lpNumberOfBytesWritten=0xc0001dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0119.033] CloseHandle (hObject=0x2e0) returned 1 [0119.039] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBO4dZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbo4dz[1].jpg"), dwFlags=0x1) returned 1 [0119.263] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c49f698, ulCount=0x10, ulNumEntriesRemoved=0x2c49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c49f698, ulNumEntriesRemoved=0x2c49f66c) returned 0 [0119.263] SetEvent (hEvent=0x9c) returned 1 [0119.264] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c49fe08*=0x2a8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.264] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c49f6a0, ulNumEntriesRemoved=0x2c49f674) returned 0 [0119.264] SetEvent (hEvent=0x1e8) returned 1 [0119.264] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c49fe18*=0x2a8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.265] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c49fe30*=0x2a8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.266] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c49f698, ulCount=0x10, ulNumEntriesRemoved=0x2c49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c49f698, ulNumEntriesRemoved=0x2c49f66c) returned 0 [0119.266] SetEvent (hEvent=0x9c) returned 1 [0119.267] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c49fe08*=0x2a8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.267] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c49fe08*=0x2a8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.268] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c49f6a0, ulNumEntriesRemoved=0x2c49f674) returned 0 [0119.268] SetEvent (hEvent=0x9c) returned 1 [0119.268] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c49fe18*=0x2a8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.269] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0141.505] SetEvent (hEvent=0x258) returned 1 [0141.505] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0141.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0S06kHtuWg41.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0s06khtuwg41.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2dc [0141.509] GetConsoleMode (in: hConsoleHandle=0x2dc, lpMode=0xc000137cf4 | out: lpMode=0xc000137cf4) returned 0 [0141.509] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0141.923] GetFileType (hFile=0x2dc) returned 0x1 [0141.923] GetFileType (hFile=0x2dc) returned 0x1 [0141.923] GetFileInformationByHandle (in: hFile=0x2dc, lpFileInformation=0xc000137d44 | out: lpFileInformation=0xc000137d44) returned 1 [0141.923] GetFileInformationByHandleEx (in: hFile=0x2dc, FileInformationClass=0x9, lpFileInformation=0xc000137d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000137d28) returned 1 [0141.923] ReadFile (in: hFile=0x2dc, lpBuffer=0xc000187200, nNumberOfBytesToRead=0x5fc, lpNumberOfBytesRead=0xc000137c04, lpOverlapped=0x0 | out: lpBuffer=0xc000187200*, lpNumberOfBytesRead=0xc000137c04*=0x3fc, lpOverlapped=0x0) returned 1 [0142.653] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0143.201] ReadFile (in: hFile=0x2dc, lpBuffer=0xc0001875fc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000137c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001875fc*, lpNumberOfBytesRead=0xc000137c04*=0x0, lpOverlapped=0x0) returned 1 [0143.201] CloseHandle (hObject=0x2dc) returned 1 [0143.201] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0S06kHtuWg41.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0s06khtuwg41.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2dc [0143.202] GetConsoleMode (in: hConsoleHandle=0x2dc, lpMode=0xc000137d04 | out: lpMode=0xc000137d04) returned 0 [0143.216] GetFileType (hFile=0x2dc) returned 0x1 [0143.216] WriteFile (in: hFile=0x2dc, lpBuffer=0xc00011e800*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0xc000137cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011e800*, lpNumberOfBytesWritten=0xc000137cec*=0x400, lpOverlapped=0x0) returned 1 [0143.217] CloseHandle (hObject=0x2dc) returned 1 [0143.217] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0143.218] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0S06kHtuWg41.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0s06khtuwg41.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2dc [0143.218] GetConsoleMode (in: hConsoleHandle=0x2dc, lpMode=0xc000137d64 | out: lpMode=0xc000137d64) returned 0 [0143.221] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0144.063] GetFileType (hFile=0x2dc) returned 0x1 [0144.063] WriteFile (in: hFile=0x2dc, lpBuffer=0xc000682b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000137d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000682b00*, lpNumberOfBytesWritten=0xc000137d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.064] CloseHandle (hObject=0x2dc) returned 1 [0144.064] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0S06kHtuWg41.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0s06khtuwg41.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-0S06kHtuWg41.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-0s06khtuwg41.lnk"), dwFlags=0x1) returned 1 [0144.065] SetEvent (hEvent=0x8f8) returned 1 [0144.066] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0144.071] SetEvent (hEvent=0x324) returned 1 [0144.072] SetEvent (hEvent=0xad8) returned 1 [0144.072] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) returned 0x0 [0144.082] SetEvent (hEvent=0x958) returned 1 [0144.082] WaitForSingleObject (hHandle=0x2a8, dwMilliseconds=0xffffffff) Thread: id = 46 os_tid = 0xa98 [0115.947] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2c69fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2c69fea0*=0x200) returned 1 [0115.947] VirtualQuery (in: lpAddress=0x2c69fec0, lpBuffer=0x2c69fec0, dwLength=0x30 | out: lpBuffer=0x2c69fec0*(BaseAddress=0x2c69f000, AllocationBase=0x2c4a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0115.947] SetEvent (hEvent=0x29c) returned 1 [0115.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0115.948] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000179cf4 | out: lpMode=0xc000179cf4) returned 0 [0115.949] GetFileType (hFile=0x2c4) returned 0x1 [0115.949] GetFileType (hFile=0x2c4) returned 0x1 [0115.949] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc000179d44 | out: lpFileInformation=0xc000179d44) returned 1 [0115.949] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc000179d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000179d28) returned 1 [0115.949] ReadFile (in: hFile=0x2c4, lpBuffer=0xc00030d500, nNumberOfBytesToRead=0x31d1, lpNumberOfBytesRead=0xc000179c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030d500*, lpNumberOfBytesRead=0xc000179c04*=0x2fd1, lpOverlapped=0x0) returned 1 [0115.955] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1b4 [0115.955] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2c0 [0115.955] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0115.988] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0003104d1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000179c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003104d1*, lpNumberOfBytesRead=0xc000179c04*=0x0, lpOverlapped=0x0) returned 1 [0115.988] CloseHandle (hObject=0x2c4) returned 1 [0115.988] VirtualAlloc (lpAddress=0xc0003cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003cc000 [0115.989] VirtualAlloc (lpAddress=0xc0003f6000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f6000 [0115.990] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0116.038] GetConsoleMode (in: hConsoleHandle=0x2d0, lpMode=0xc000179d04 | out: lpMode=0xc000179d04) returned 0 [0116.041] GetFileType (hFile=0x2d0) returned 0x1 [0116.041] WriteFile (in: hFile=0x2d0, lpBuffer=0xc0003f6000*, nNumberOfBytesToWrite=0x2fe0, lpNumberOfBytesWritten=0xc000179cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003f6000*, lpNumberOfBytesWritten=0xc000179cec*=0x2fe0, lpOverlapped=0x0) returned 1 [0116.042] CloseHandle (hObject=0x2d0) returned 1 [0116.066] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0116.072] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0b01 | out: pbBuffer=0xc0002f0b01) returned 1 [0116.072] VirtualAlloc (lpAddress=0xc000336000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000336000 [0116.073] VirtualAlloc (lpAddress=0xc00035a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00035a000 [0116.073] VirtualAlloc (lpAddress=0xc00035c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00035c000 [0116.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d0 [0116.074] GetConsoleMode (in: hConsoleHandle=0x2d0, lpMode=0xc000179d64 | out: lpMode=0xc000179d64) returned 0 [0116.077] GetFileType (hFile=0x2d0) returned 0x1 [0116.077] WriteFile (in: hFile=0x2d0, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000179d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc000179d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.078] CloseHandle (hObject=0x2d0) returned 1 [0116.080] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0116.087] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0FXU[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0fxu[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBC0FXU[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbc0fxu[2].jpg"), dwFlags=0x1) returned 1 [0116.634] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0116.634] SetEvent (hEvent=0x144) returned 1 [0116.634] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.635] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0116.635] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0116.635] SetEvent (hEvent=0x144) returned 1 [0116.635] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.636] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0116.636] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0117.451] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0117.452] ReadFile (in: hFile=0x380, lpBuffer=0xc0002e2000, nNumberOfBytesToRead=0x3a60, lpNumberOfBytesRead=0xc000191c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesRead=0xc000191c04*=0x3860, lpOverlapped=0x0) returned 1 [0117.458] ReadFile (in: hFile=0x380, lpBuffer=0xc0002e5860, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000191c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e5860*, lpNumberOfBytesRead=0xc000191c04*=0x0, lpOverlapped=0x0) returned 1 [0117.458] CloseHandle (hObject=0x380) returned 1 [0117.459] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0117.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0117.557] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000191d04 | out: lpMode=0xc000191d04) returned 0 [0117.561] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0117.687] GetFileType (hFile=0x2e8) returned 0x1 [0117.687] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0002ea000*, nNumberOfBytesToWrite=0x3870, lpNumberOfBytesWritten=0xc000191cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002ea000*, lpNumberOfBytesWritten=0xc000191cec*=0x3870, lpOverlapped=0x0) returned 1 [0117.689] CloseHandle (hObject=0x2e8) returned 1 [0117.691] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0117.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0117.691] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc000191d64 | out: lpMode=0xc000191d64) returned 0 [0117.695] GetFileType (hFile=0x284) returned 0x1 [0117.695] WriteFile (in: hFile=0x284, lpBuffer=0xc0004ce580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000191d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0004ce580*, lpNumberOfBytesWritten=0xc000191d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.695] CloseHandle (hObject=0x284) returned 1 [0117.699] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEfBbH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbefbbh[1].jpg"), dwFlags=0x1) returned 1 [0118.183] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b5818, lpReserved=0x0 | out: lpBuffer=0xc000072018*, lpNumberOfCharsWritten=0xc0001b5818*=0x3) returned 1 [0118.282] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0119.013] SetEvent (hEvent=0x26c) returned 1 [0119.013] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0119.016] GetFileType (hFile=0x254) returned 0x1 [0119.016] WriteFile (in: hFile=0x254, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0xc00004bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc00004bcec*=0x1a0, lpOverlapped=0x0) returned 1 [0119.017] CloseHandle (hObject=0x254) returned 1 [0119.018] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0119.087] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a501 | out: pbBuffer=0xc00028a501) returned 1 [0119.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x22c [0119.088] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc00004bd64 | out: lpMode=0xc00004bd64) returned 0 [0119.089] GetFileType (hFile=0x22c) returned 0x1 [0119.089] WriteFile (in: hFile=0x22c, lpBuffer=0xc0000bc840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00004bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc840*, lpNumberOfBytesWritten=0xc00004bd4c*=0x158, lpOverlapped=0x0) returned 1 [0119.089] CloseHandle (hObject=0x22c) returned 1 [0119.098] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0119.164] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-AAa1vhm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-aaa1vhm[1].png"), dwFlags=0x1) returned 1 [0119.881] SwitchToThread () returned 1 [0119.884] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0120.603] GetFileType (hFile=0x2c4) returned 0x1 [0120.603] GetFileType (hFile=0x2c4) returned 0x1 [0120.603] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc00020fd44 | out: lpFileInformation=0xc00020fd44) returned 1 [0120.603] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc00020fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020fd28) returned 1 [0120.603] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0120.604] ReadFile (in: hFile=0x2c4, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x2b78, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc00020fc04*=0x2978, lpOverlapped=0x0) returned 1 [0120.606] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0120.630] ReadFile (in: hFile=0x2c4, lpBuffer=0xc000214978, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000214978*, lpNumberOfBytesRead=0xc00020fc04*=0x0, lpOverlapped=0x0) returned 1 [0120.630] CloseHandle (hObject=0x2c4) returned 1 [0120.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0120.669] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00020fd04 | out: lpMode=0xc00020fd04) returned 0 [0120.671] GetFileType (hFile=0x2e8) returned 0x1 [0120.671] WriteFile (in: hFile=0x2e8, lpBuffer=0xc000076a80*, nNumberOfBytesToWrite=0x2980, lpNumberOfBytesWritten=0xc00020fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000076a80*, lpNumberOfBytesWritten=0xc00020fcec*=0x2980, lpOverlapped=0x0) returned 1 [0120.673] CloseHandle (hObject=0x2e8) returned 1 [0120.675] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a901 | out: pbBuffer=0xc00031a901) returned 1 [0120.676] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0120.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0120.676] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00020fd64 | out: lpMode=0xc00020fd64) returned 0 [0120.679] GetFileType (hFile=0x2e8) returned 0x1 [0120.679] WriteFile (in: hFile=0x2e8, lpBuffer=0xc000187a20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000187a20*, lpNumberOfBytesWritten=0xc00020fd4c*=0x158, lpOverlapped=0x0) returned 1 [0120.679] CloseHandle (hObject=0x2e8) returned 1 [0120.692] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEfRKA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbefrka[1].jpg"), dwFlags=0x1) returned 1 [0120.927] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0120.930] SwitchToThread () returned 1 [0120.932] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0120.933] SetEvent (hEvent=0x12c) returned 1 [0120.933] SetEvent (hEvent=0x1a0) returned 1 [0120.933] SetEvent (hEvent=0xfc) returned 1 [0120.933] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0120.937] SetEvent (hEvent=0x12c) returned 1 [0120.937] SetEvent (hEvent=0x13c) returned 1 [0120.937] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0120.939] SetEvent (hEvent=0x30c) returned 1 [0120.939] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0120.977] SetEvent (hEvent=0xfc) returned 1 [0120.977] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.005] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.038] SetEvent (hEvent=0x13c) returned 1 [0121.038] VirtualAlloc (lpAddress=0xc00033e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033e000 [0121.038] VirtualAlloc (lpAddress=0xc000340000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000340000 [0121.039] VirtualAlloc (lpAddress=0xc000342000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000342000 [0121.040] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0121.040] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3dc [0121.041] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc0001bdcf4 | out: lpMode=0xc0001bdcf4) returned 0 [0121.042] GetFileType (hFile=0x3dc) returned 0x1 [0121.042] GetFileType (hFile=0x3dc) returned 0x1 [0121.042] GetFileInformationByHandle (in: hFile=0x3dc, lpFileInformation=0xc0001bdd44 | out: lpFileInformation=0xc0001bdd44) returned 1 [0121.042] GetFileInformationByHandleEx (in: hFile=0x3dc, FileInformationClass=0x9, lpFileInformation=0xc0001bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bdd28) returned 1 [0121.042] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0121.043] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0121.045] ReadFile (in: hFile=0x3dc, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x5444, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0001bdc04*=0x5244, lpOverlapped=0x0) returned 1 [0121.047] ReadFile (in: hFile=0x3dc, lpBuffer=0xc0002a9244, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a9244*, lpNumberOfBytesRead=0xc0001bdc04*=0x0, lpOverlapped=0x0) returned 1 [0121.047] CloseHandle (hObject=0x3dc) returned 1 [0121.047] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0121.048] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0121.049] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.066] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001bdd04 | out: lpMode=0xc0001bdd04) returned 0 [0121.079] GetFileType (hFile=0x1b0) returned 0x1 [0121.080] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0002a9500*, nNumberOfBytesToWrite=0x5250, lpNumberOfBytesWritten=0xc0001bdcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a9500*, lpNumberOfBytesWritten=0xc0001bdcec*=0x5250, lpOverlapped=0x0) returned 1 [0121.081] CloseHandle (hObject=0x1b0) returned 1 [0121.082] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0121.082] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0121.082] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0121.083] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0121.084] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.084] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001bdd64 | out: lpMode=0xc0001bdd64) returned 0 [0121.084] GetFileType (hFile=0x1b0) returned 0x1 [0121.084] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0121.085] CloseHandle (hObject=0x1b0) returned 1 [0121.085] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\eula-win[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\eula-win[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-eula-win[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-eula-win[1].jpg"), dwFlags=0x1) returned 1 [0121.157] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0121.157] SetEvent (hEvent=0xfc) returned 1 [0121.157] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.159] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.164] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0121.164] SetEvent (hEvent=0x354) returned 1 [0121.164] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.176] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.176] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.178] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.178] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0121.178] SetEvent (hEvent=0xc0) returned 1 [0121.178] SetEvent (hEvent=0x30c) returned 1 [0121.178] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.182] SetEvent (hEvent=0x30c) returned 1 [0121.182] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.187] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0121.187] SetEvent (hEvent=0x354) returned 1 [0121.188] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.191] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.225] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.231] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.246] SetEvent (hEvent=0x3c0) returned 1 [0121.246] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.249] SetEvent (hEvent=0x3c0) returned 1 [0121.249] SetEvent (hEvent=0x13c) returned 1 [0121.249] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0121.250] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.251] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.251] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.251] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.252] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.252] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.253] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.253] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.253] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000be010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000115818, lpReserved=0x0 | out: lpBuffer=0xc0000be010*, lpNumberOfCharsWritten=0xc000115818*=0x2) returned 1 [0121.257] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.263] SetEvent (hEvent=0xfc) returned 1 [0121.263] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.265] SetEvent (hEvent=0xfc) returned 1 [0121.265] SetEvent (hEvent=0x13c) returned 1 [0121.265] VirtualFree (lpAddress=0xc000266000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.266] VirtualFree (lpAddress=0xc0001e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.266] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.267] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.267] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.268] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.268] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.268] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.269] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001d5818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc0001d5818*=0x2) returned 1 [0121.272] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.279] SetEvent (hEvent=0x13c) returned 1 [0121.279] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0121.279] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0121.280] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[1].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0121.281] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001d5cf4 | out: lpMode=0xc0001d5cf4) returned 0 [0121.281] GetFileType (hFile=0x3cc) returned 0x1 [0121.282] GetFileType (hFile=0x3cc) returned 0x1 [0121.282] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc0001d5d44 | out: lpFileInformation=0xc0001d5d44) returned 1 [0121.282] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc0001d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d5d28) returned 1 [0121.282] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0121.283] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0000b6000, nNumberOfBytesToRead=0x7354, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesRead=0xc0001d5c04*=0x7154, lpOverlapped=0x0) returned 1 [0121.285] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0000bd154, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000bd154*, lpNumberOfBytesRead=0xc0001d5c04*=0x0, lpOverlapped=0x0) returned 1 [0121.285] CloseHandle (hObject=0x3cc) returned 1 [0121.285] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0121.286] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[1].eot"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0121.289] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001d5d04 | out: lpMode=0xc0001d5d04) returned 0 [0121.291] GetFileType (hFile=0x1ec) returned 0x1 [0121.292] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000e4000*, nNumberOfBytesToWrite=0x7160, lpNumberOfBytesWritten=0xc0001d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesWritten=0xc0001d5cec*=0x7160, lpOverlapped=0x0) returned 1 [0121.293] CloseHandle (hObject=0x1ec) returned 1 [0121.294] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0121.295] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[1].eot"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0121.295] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001d5d64 | out: lpMode=0xc0001d5d64) returned 0 [0121.301] GetFileType (hFile=0x1ec) returned 0x1 [0121.301] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0121.301] CloseHandle (hObject=0x1ec) returned 1 [0121.302] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0121.302] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-latest[1].eot"), dwFlags=0x1) returned 1 [0121.348] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0121.348] SetEvent (hEvent=0xfc) returned 1 [0121.348] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0121.350] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.351] SetEvent (hEvent=0x3c0) returned 1 [0121.351] SetEvent (hEvent=0x1a0) returned 1 [0121.351] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.358] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0121.358] SetEvent (hEvent=0x1a0) returned 1 [0121.359] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.365] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.384] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.412] SetEvent (hEvent=0x354) returned 1 [0121.412] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.424] SetEvent (hEvent=0x354) returned 1 [0121.424] SetEvent (hEvent=0x13c) returned 1 [0121.424] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.424] VirtualFree (lpAddress=0xc0000b6000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0121.425] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010080*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00012d818, lpReserved=0x0 | out: lpBuffer=0xc000010080*, lpNumberOfCharsWritten=0xc00012d818*=0x2) returned 1 [0121.427] SwitchToThread () returned 1 [0121.429] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.449] SetEvent (hEvent=0xfc) returned 1 [0121.449] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.451] SetEvent (hEvent=0xfc) returned 1 [0121.451] SetEvent (hEvent=0x13c) returned 1 [0121.451] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001f7818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0001f7818*=0x2) returned 1 [0121.453] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.458] SetEvent (hEvent=0x1a0) returned 1 [0121.458] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.463] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\v2[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0121.464] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001f7cf4 | out: lpMode=0xc0001f7cf4) returned 0 [0121.465] GetFileType (hFile=0x3cc) returned 0x1 [0121.465] GetFileType (hFile=0x3cc) returned 0x1 [0121.465] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc0001f7d44 | out: lpFileInformation=0xc0001f7d44) returned 1 [0121.465] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc0001f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f7d28) returned 1 [0121.465] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0121.467] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0x3525, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc0001f7c04*=0x3325, lpOverlapped=0x0) returned 1 [0121.473] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0001e5325, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e5325*, lpNumberOfBytesRead=0xc0001f7c04*=0x0, lpOverlapped=0x0) returned 1 [0121.473] CloseHandle (hObject=0x3cc) returned 1 [0121.473] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0121.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\v2[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0121.477] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001f7d04 | out: lpMode=0xc0001f7d04) returned 0 [0121.477] GetFileType (hFile=0x3cc) returned 0x1 [0121.477] WriteFile (in: hFile=0x3cc, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x3330, lpNumberOfBytesWritten=0xc0001f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc0001f7cec*=0x3330, lpOverlapped=0x0) returned 1 [0121.479] CloseHandle (hObject=0x3cc) returned 1 [0121.480] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0121.480] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0121.481] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\v2[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\v2[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0121.481] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001f7d64 | out: lpMode=0xc0001f7d64) returned 0 [0121.481] GetFileType (hFile=0x1ec) returned 0x1 [0121.481] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0121.481] CloseHandle (hObject=0x1ec) returned 1 [0121.494] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.498] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.499] SetEvent (hEvent=0x3c0) returned 1 [0121.499] SetEvent (hEvent=0x30c) returned 1 [0121.499] SetEvent (hEvent=0x13c) returned 1 [0121.499] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.508] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0121.509] VirtualFree (lpAddress=0xc0001e2000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0121.510] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.510] VirtualFree (lpAddress=0xc000072000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.510] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0121.511] SetEvent (hEvent=0x12c) returned 1 [0121.511] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\msimgsiz.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0121.566] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0004dbcf4 | out: lpMode=0xc0004dbcf4) returned 0 [0121.576] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.664] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.665] SetEvent (hEvent=0xfc) returned 1 [0121.665] SetEvent (hEvent=0x1a0) returned 1 [0121.665] VirtualFree (lpAddress=0xc000346000, dwSize=0x26000, dwFreeType=0x4000) returned 1 [0121.666] VirtualFree (lpAddress=0xc00028c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.667] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.667] VirtualFree (lpAddress=0xc000184000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.667] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.668] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.668] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.669] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0121.669] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.670] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.670] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.671] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.671] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.671] VirtualFree (lpAddress=0xc000072000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0121.672] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.673] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.673] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.673] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.674] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0121.674] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0121.674] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0121.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0121.675] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc0001fdd64 | out: lpMode=0xc0001fdd64) returned 0 [0121.676] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.678] GetFileType (hFile=0x3dc) returned 0x1 [0121.678] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001fdd4c*=0x158, lpOverlapped=0x0) returned 1 [0121.678] CloseHandle (hObject=0x3dc) returned 1 [0121.678] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0121.679] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0121.679] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0121.680] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.694] SetEvent (hEvent=0xfc) returned 1 [0121.694] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.695] SetEvent (hEvent=0x1a0) returned 1 [0121.695] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.698] SetEvent (hEvent=0xfc) returned 1 [0121.698] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.706] SetEvent (hEvent=0xfc) returned 1 [0121.706] SetEvent (hEvent=0x3c0) returned 1 [0121.706] VirtualFree (lpAddress=0xc0001a4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.707] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.707] VirtualFree (lpAddress=0xc000198000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.708] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.708] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.709] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat.log2"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.709] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2\\*", lpFindFileData=0xc00015d9f8 | out: lpFindFileData=0xc00015d9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0121.709] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc00015d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0121.709] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0121.710] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0121.710] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc00023fcf4 | out: lpMode=0xc00023fcf4) returned 0 [0121.715] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.717] GetFileType (hFile=0x3cc) returned 0x1 [0121.717] GetFileType (hFile=0x3cc) returned 0x1 [0121.717] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc00023fd44 | out: lpFileInformation=0xc00023fd44) returned 1 [0121.717] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc00023fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023fd28) returned 1 [0121.717] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0121.719] ReadFile (in: hFile=0x3cc, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x10200, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc00023fc04*=0x10000, lpOverlapped=0x0) returned 1 [0121.739] ReadFile (in: hFile=0x3cc, lpBuffer=0xc000222000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000222000*, lpNumberOfBytesRead=0xc00023fc04*=0x0, lpOverlapped=0x0) returned 1 [0121.739] CloseHandle (hObject=0x3cc) returned 1 [0121.741] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0121.742] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0121.744] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0121.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tm.blf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.745] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0121.746] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TM.blf\\*", lpFindFileData=0xc00023fa08 | out: lpFindFileData=0xc00023fa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0121.746] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00023f720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0121.746] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0121.747] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.747] VirtualFree (lpAddress=0xc000162000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.747] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.748] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\*", lpFindFileData=0xc0001f5530 | out: lpFindFileData=0xc0001f5530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c881c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.755] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001f5560 | out: lpFindFileData=0xc0001f5560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c881c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.755] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001f5560 | out: lpFindFileData=0xc0001f5560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67dcad6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x5e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", cAlternateFileName="ACCOUN~3.OEA")) returned 1 [0121.755] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0121.756] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001f5560 | out: lpFindFileData=0xc0001f5560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf657b4d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x2a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", cAlternateFileName="ACCOUN~2.OEA")) returned 1 [0121.756] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001f5560 | out: lpFindFileData=0xc0001f5560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67b6975, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x6c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", cAlternateFileName="ACCOUN~1.OEA")) returned 1 [0121.756] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001f5560 | out: lpFindFileData=0xc0001f5560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b9ed580, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9ed580, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Backup", cAlternateFileName="")) returned 1 [0121.756] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001f5560 | out: lpFindFileData=0xc0001f5560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e562a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e562a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="edb.chk", cAlternateFileName="")) returned 1 [0121.756] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001f5560 | out: lpFindFileData=0xc0001f5560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e30140, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e30140, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x0, cFileName="edb.log", cAlternateFileName="")) returned 1 [0121.756] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001f5560 | out: lpFindFileData=0xc0001f5560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e30140, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e30140, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b29966, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x0, cFileName="edb00001.log", cAlternateFileName="")) returned 1 [0121.756] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001f5560 | out: lpFindFileData=0xc0001f5560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e30140, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e30140, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2027392, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x0, cFileName="edbres00001.jrs", cAlternateFileName="EDBRES~2.JRS")) returned 1 [0121.756] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001f5560 | out: lpFindFileData=0xc0001f5560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2216575, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x0, cFileName="edbres00002.jrs", cAlternateFileName="EDBRES~1.JRS")) returned 1 [0121.756] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001f5560 | out: lpFindFileData=0xc0001f5560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67dcad6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x0, dwReserved1=0x0, cFileName="oeold.xml", cAlternateFileName="")) returned 1 [0121.756] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001f5560 | out: lpFindFileData=0xc0001f5560*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Stationery", cAlternateFileName="STATIO~1")) returned 1 [0121.756] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001f5560 | out: lpFindFileData=0xc0001f5560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x204000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsMail.MSMessageStore", cAlternateFileName="WINDOW~1.MSM")) returned 1 [0121.756] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001f5560 | out: lpFindFileData=0xc0001f5560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9a12c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 1 [0121.756] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001f5560 | out: lpFindFileData=0xc0001f5560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.756] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.757] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0121.758] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup"), fInfoLevelId=0x0, lpFileInformation=0xc0000536a0 | out: lpFileInformation=0xc0000536a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b9ed580, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9ed580, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.760] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\*", lpFindFileData=0xc000053458 | out: lpFindFileData=0xc000053458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b9ed580, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9ed580, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.760] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b9ed580, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9ed580, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.760] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="old", cAlternateFileName="")) returned 1 [0121.760] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.760] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.760] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.761] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\*", lpFindFileData=0xc000053380 | out: lpFindFileData=0xc000053380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.792] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000533b0 | out: lpFindFileData=0xc0000533b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f7a14e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.792] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000533b0 | out: lpFindFileData=0xc0000533b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e562a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e562a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f2de8d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000, dwReserved0=0x0, dwReserved1=0x0, cFileName="edb00001.log", cAlternateFileName="")) returned 1 [0121.792] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000533b0 | out: lpFindFileData=0xc0000533b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e562a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e562a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2ab7545, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x206000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsMail.MSMessageStore", cAlternateFileName="WINDOW~1.MSM")) returned 1 [0121.792] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000533b0 | out: lpFindFileData=0xc0000533b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e562a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e562a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2fec56f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsMail.pat", cAlternateFileName="WINDOW~1.PAT")) returned 1 [0121.792] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000533b0 | out: lpFindFileData=0xc0000533b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.792] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.793] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0121.794] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore"), fInfoLevelId=0x0, lpFileInformation=0xc0000534f0 | out: lpFileInformation=0xc0000534f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e562a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e562a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2ab7545, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x206000)) returned 1 [0121.812] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0121.816] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0121.817] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0121.817] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0121.818] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.pat"), fInfoLevelId=0x0, lpFileInformation=0xc0000534f0 | out: lpFileInformation=0xc0000534f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e562a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e562a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2fec56f, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0121.818] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log"), fInfoLevelId=0x0, lpFileInformation=0xc0000534f0 | out: lpFileInformation=0xc0000534f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e562a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e562a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2f2de8d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000)) returned 1 [0121.818] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0121.819] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery"), fInfoLevelId=0x0, lpFileInformation=0xc0000536a0 | out: lpFileInformation=0xc0000536a0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0121.819] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.819] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\*", lpFindFileData=0xc000053458 | out: lpFindFileData=0xc000053458*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0121.829] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0121.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf690d5d8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0121.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xcdfff30e, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xff, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bears.htm", cAlternateFileName="")) returned 1 [0121.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa352261, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x432, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bears.jpg", cAlternateFileName="")) returned 1 [0121.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7bf1d2d9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x285, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0121.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce04b5c8, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Garden.htm", cAlternateFileName="")) returned 1 [0121.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa410937, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x5d3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Garden.jpg", cAlternateFileName="")) returned 1 [0121.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce071725, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x0, cFileName="Green Bubbles.htm", cAlternateFileName="GREENB~1.HTM")) returned 1 [0121.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa436a95, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1906, dwReserved0=0x0, dwReserved1=0x0, cFileName="GreenBubbles.jpg", cAlternateFileName="GREENB~1.JPG")) returned 1 [0121.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce0bd9df, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hand Prints.htm", cAlternateFileName="HANDPR~1.HTM")) returned 1 [0121.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa45cbf3, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x107e, dwReserved0=0x0, dwReserved1=0x0, cFileName="HandPrints.jpg", cAlternateFileName="HANDPR~1.JPG")) returned 1 [0121.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce0e3b3c, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x0, cFileName="Orange Circles.htm", cAlternateFileName="ORANGE~1.HTM")) returned 1 [0121.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa4cf00d, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x18ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="OrangeCircles.jpg", cAlternateFileName="ORANGE~1.JPG")) returned 1 [0121.830] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce109c99, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Peacock.htm", cAlternateFileName="")) returned 1 [0121.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa51b2c9, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x13fb, dwReserved0=0x0, dwReserved1=0x0, cFileName="Peacock.jpg", cAlternateFileName="")) returned 1 [0121.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce12fdf6, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roses.htm", cAlternateFileName="")) returned 1 [0121.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa567585, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x780, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roses.jpg", cAlternateFileName="")) returned 1 [0121.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce17c0b0, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shades of Blue.htm", cAlternateFileName="SHADES~1.HTM")) returned 1 [0121.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa58d6e3, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x127e, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShadesOfBlue.jpg", cAlternateFileName="SHADES~1.JPG")) returned 1 [0121.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce1a220d, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Soft Blue.htm", cAlternateFileName="SOFTBL~1.HTM")) returned 1 [0121.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5b3841, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x2949, dwReserved0=0x0, dwReserved1=0x0, cFileName="SoftBlue.jpg", cAlternateFileName="")) returned 1 [0121.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce1c836a, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Stars.htm", cAlternateFileName="")) returned 1 [0121.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5ffafd, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1d51, dwReserved0=0x0, dwReserved1=0x0, cFileName="Stars.jpg", cAlternateFileName="")) returned 1 [0121.831] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0121.831] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0121.832] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0121.833] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.htm"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xcdfff30e, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xff)) returned 1 [0121.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa352261, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x432)) returned 1 [0121.950] GetFileType (hFile=0x2bc) returned 0x1 [0121.950] GetFileType (hFile=0x1b0) returned 0x1 [0121.950] SwitchToThread () returned 1 [0122.019] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.178] SetEvent (hEvent=0x354) returned 1 [0122.178] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0122.179] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7bf1d2d9, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x285)) returned 1 [0122.179] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0122.179] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0122.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce04b5c8, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe7)) returned 1 [0122.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa410937, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x5d3f)) returned 1 [0122.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Green Bubbles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\green bubbles.htm"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce071725, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed)) returned 1 [0122.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa436a95, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1906)) returned 1 [0122.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Hand Prints.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\hand prints.htm"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce0bd9df, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xeb)) returned 1 [0122.181] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\HandPrints.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\handprints.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa45cbf3, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x107e)) returned 1 [0122.181] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0122.181] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0122.182] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce0e3b3c, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed)) returned 1 [0122.183] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.238] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0122.239] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa4cf00d, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x18ed)) returned 1 [0122.243] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.250] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce109c99, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe8)) returned 1 [0122.250] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa51b2c9, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x13fb)) returned 1 [0122.250] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0122.251] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0122.251] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.htm"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce12fdf6, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe9)) returned 1 [0122.251] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa567585, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x780)) returned 1 [0122.252] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0122.252] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0122.253] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce17c0b0, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xed)) returned 1 [0122.253] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28f3aae0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28f3aae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa58d6e3, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x127e)) returned 1 [0122.253] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce1a220d, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe8)) returned 1 [0122.253] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5b3841, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x2949)) returned 1 [0122.256] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.274] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xce1c836a, ftLastWriteTime.dwHighDateTime=0x1ca040d, nFileSizeHigh=0x0, nFileSizeLow=0xe6)) returned 1 [0122.275] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaa5ffafd, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x1d51)) returned 1 [0122.275] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), fInfoLevelId=0x0, lpFileInformation=0xc0000536a0 | out: lpFileInformation=0xc0000536a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x204000)) returned 1 [0122.275] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), fInfoLevelId=0x0, lpFileInformation=0xc0000536a0 | out: lpFileInformation=0xc0000536a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b9a12c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0122.279] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0122.279] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), fInfoLevelId=0x0, lpFileInformation=0xc0000536a0 | out: lpFileInformation=0xc0000536a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67dcad6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x5e4)) returned 1 [0122.280] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), fInfoLevelId=0x0, lpFileInformation=0xc0000536a0 | out: lpFileInformation=0xc0000536a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf657b4d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x2a0)) returned 1 [0122.280] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount"), fInfoLevelId=0x0, lpFileInformation=0xc0000536a0 | out: lpFileInformation=0xc0000536a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e7c400, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e7c400, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67b6975, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x6c8)) returned 1 [0122.280] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.chk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.chk"), fInfoLevelId=0x0, lpFileInformation=0xc0000536a0 | out: lpFileInformation=0xc0000536a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e562a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e562a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0122.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log"), fInfoLevelId=0x0, lpFileInformation=0xc0000536a0 | out: lpFileInformation=0xc0000536a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e30140, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e30140, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c881c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x200000)) returned 1 [0122.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), fInfoLevelId=0x0, lpFileInformation=0xc0000536a0 | out: lpFileInformation=0xc0000536a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e30140, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e30140, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2b29966, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000)) returned 1 [0122.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00001.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00001.jrs"), fInfoLevelId=0x0, lpFileInformation=0xc0000536a0 | out: lpFileInformation=0xc0000536a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e30140, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e30140, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2027392, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000)) returned 1 [0122.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), fInfoLevelId=0x0, lpFileInformation=0xc0000536a0 | out: lpFileInformation=0xc0000536a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2216575, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x200000)) returned 1 [0122.281] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), fInfoLevelId=0x0, lpFileInformation=0xc0000536a0 | out: lpFileInformation=0xc0000536a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28e09fe0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28e09fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf67dcad6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x104)) returned 1 [0122.282] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media"), fInfoLevelId=0x0, lpFileInformation=0xc000053778 | out: lpFileInformation=0xc000053778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0122.282] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0122.282] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\*", lpFindFileData=0xc000053530 | out: lpFindFileData=0xc000053530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0122.282] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053560 | out: lpFindFileData=0xc000053560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0122.282] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053560 | out: lpFindFileData=0xc000053560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="12.0", cAlternateFileName="")) returned 1 [0122.282] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053560 | out: lpFindFileData=0xc000053560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0122.282] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0122.282] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0"), fInfoLevelId=0x0, lpFileInformation=0xc0000536a0 | out: lpFileInformation=0xc0000536a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0122.283] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0122.283] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\*", lpFindFileData=0xc000053458 | out: lpFindFileData=0xc000053458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0122.283] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf928f5c4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0122.283] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1f2, dwReserved0=0x0, dwReserved1=0x0, cFileName="WMSDKNS.DTD", cAlternateFileName="")) returned 1 [0122.283] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9269464, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x27cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="WMSDKNS.XML", cAlternateFileName="")) returned 1 [0122.283] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0122.283] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0122.283] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf7de167e, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1f2)) returned 1 [0122.283] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.XML" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.xml"), fInfoLevelId=0x0, lpFileInformation=0xc0000535c8 | out: lpFileInformation=0xc0000535c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9269464, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x27cf)) returned 1 [0122.290] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.347] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar"), fInfoLevelId=0x0, lpFileInformation=0xc000053778 | out: lpFileInformation=0xc000053778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0122.348] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0122.348] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\*", lpFindFileData=0xc000053530 | out: lpFindFileData=0xc000053530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0122.348] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053560 | out: lpFindFileData=0xc000053560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0122.348] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053560 | out: lpFindFileData=0xc000053560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Gadgets", cAlternateFileName="")) returned 1 [0122.348] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053560 | out: lpFindFileData=0xc000053560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x54, dwReserved0=0x0, dwReserved1=0x0, cFileName="Settings.ini", cAlternateFileName="")) returned 1 [0122.348] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053560 | out: lpFindFileData=0xc000053560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0122.348] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0122.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\gadgets"), fInfoLevelId=0x0, lpFileInformation=0xc0000536a0 | out: lpFileInformation=0xc0000536a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0122.348] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\gadgets"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0122.349] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Gadgets\\*", lpFindFileData=0xc000053458 | out: lpFindFileData=0xc000053458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0122.349] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0122.349] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000053488 | out: lpFindFileData=0xc000053488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0122.349] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0122.349] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0122.349] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0000536a0 | out: lpFileInformation=0xc0000536a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28de3e80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x54)) returned 1 [0122.356] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.496] SetEvent (hEvent=0x12c) returned 1 [0122.496] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.497] SetEvent (hEvent=0x354) returned 1 [0122.497] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.552] SetEvent (hEvent=0x1a0) returned 1 [0122.552] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.624] SetEvent (hEvent=0x324) returned 1 [0122.624] SetEvent (hEvent=0x354) returned 1 [0122.624] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.625] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0122.625] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000159cf4 | out: lpMode=0xc000159cf4) returned 0 [0122.626] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.636] SetEvent (hEvent=0x324) returned 1 [0122.636] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.637] SwitchToThread () returned 1 [0122.637] GetFileType (hFile=0x36c) returned 0x1 [0122.637] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc00017dd44 | out: lpFileInformation=0xc00017dd44) returned 1 [0122.638] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc00017dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00017dd28) returned 1 [0122.638] ReadFile (in: hFile=0x36c, lpBuffer=0xc000286000, nNumberOfBytesToRead=0x2e7, lpNumberOfBytesRead=0xc00017dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000286000*, lpNumberOfBytesRead=0xc00017dc04*=0xe7, lpOverlapped=0x0) returned 1 [0122.639] ReadFile (in: hFile=0x36c, lpBuffer=0xc0002860e7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00017dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002860e7*, lpNumberOfBytesRead=0xc00017dc04*=0x0, lpOverlapped=0x0) returned 1 [0122.639] CloseHandle (hObject=0x36c) returned 1 [0122.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0122.640] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00017dd04 | out: lpMode=0xc00017dd04) returned 0 [0122.681] GetFileType (hFile=0x36c) returned 0x1 [0122.681] WriteFile (in: hFile=0x36c, lpBuffer=0xc0002941e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00017dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002941e0*, lpNumberOfBytesWritten=0xc00017dcec*=0xf0, lpOverlapped=0x0) returned 1 [0122.682] CloseHandle (hObject=0x36c) returned 1 [0122.682] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0122.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0122.683] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00017dd64 | out: lpMode=0xc00017dd64) returned 0 [0122.692] GetFileType (hFile=0x36c) returned 0x1 [0122.692] WriteFile (in: hFile=0x36c, lpBuffer=0xc000076420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00017dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000076420*, lpNumberOfBytesWritten=0xc00017dd4c*=0x158, lpOverlapped=0x0) returned 1 [0122.692] CloseHandle (hObject=0x36c) returned 1 [0122.692] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-garden.htm"), dwFlags=0x1) returned 1 [0122.693] GetFileType (hFile=0x240) returned 0x1 [0122.693] GetFileType (hFile=0x240) returned 0x1 [0122.693] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc00013dd44 | out: lpFileInformation=0xc00013dd44) returned 1 [0122.693] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc00013dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013dd28) returned 1 [0122.694] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x206000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.694] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x206000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.694] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x103000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ea000 [0122.697] VirtualAlloc (lpAddress=0xc0007ed000, dwSize=0x103000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.697] VirtualAlloc (lpAddress=0xc0007ed000, dwSize=0x81000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.697] VirtualAlloc (lpAddress=0xc0007ed000, dwSize=0x40000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.697] VirtualAlloc (lpAddress=0xc0007ed000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.697] VirtualAlloc (lpAddress=0xc0007ed000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ed000 [0122.698] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0xf3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.698] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x79000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.698] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.698] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.698] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0xf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.698] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.698] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fd000 [0122.698] VirtualAlloc (lpAddress=0xc000800000, dwSize=0xf0000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0122.733] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0122.733] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001abcf4 | out: lpMode=0xc0001abcf4) returned 0 [0122.735] GetFileType (hFile=0x36c) returned 0x1 [0122.735] GetFileType (hFile=0x36c) returned 0x1 [0122.735] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0001abd44 | out: lpFileInformation=0xc0001abd44) returned 1 [0122.735] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0001abd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001abd28) returned 1 [0122.735] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0122.736] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0122.737] WriteFile (in: hFile=0x2f0, lpBuffer=0xc000076580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000076580*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0122.738] CloseHandle (hObject=0x2f0) returned 1 [0122.738] GetFileType (hFile=0x3d8) returned 0x1 [0122.738] GetFileType (hFile=0x3d8) returned 0x1 [0122.738] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc000171d44 | out: lpFileInformation=0xc000171d44) returned 1 [0122.738] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc000171d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000171d28) returned 1 [0122.738] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0122.738] GetFileType (hFile=0x1ec) returned 0x1 [0122.738] GetFileType (hFile=0x1ec) returned 0x1 [0122.738] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc000159d44 | out: lpFileInformation=0xc000159d44) returned 1 [0122.739] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc000159d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000159d28) returned 1 [0122.739] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.756] SetEvent (hEvent=0x324) returned 1 [0122.757] SetEvent (hEvent=0x39c) returned 1 [0122.757] SetEvent (hEvent=0x1a0) returned 1 [0122.757] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.810] SetEvent (hEvent=0x324) returned 1 [0122.810] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.821] SetEvent (hEvent=0x39c) returned 1 [0122.821] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.827] SetEvent (hEvent=0x39c) returned 1 [0122.827] SetEvent (hEvent=0x3c0) returned 1 [0122.827] SetEvent (hEvent=0x324) returned 1 [0122.827] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.834] GetFileType (hFile=0x384) returned 0x1 [0122.834] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc00023dd44 | out: lpFileInformation=0xc00023dd44) returned 1 [0122.834] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc00023dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023dd28) returned 1 [0122.835] ReadFile (in: hFile=0x384, lpBuffer=0xc0000ea000, nNumberOfBytesToRead=0x980, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea000*, lpNumberOfBytesRead=0xc00023dc04*=0x780, lpOverlapped=0x0) returned 1 [0122.849] ReadFile (in: hFile=0x384, lpBuffer=0xc0000ea780, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea780*, lpNumberOfBytesRead=0xc00023dc04*=0x0, lpOverlapped=0x0) returned 1 [0122.849] CloseHandle (hObject=0x384) returned 1 [0122.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0122.850] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00023dd04 | out: lpMode=0xc00023dd04) returned 0 [0122.855] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.924] GetFileType (hFile=0x384) returned 0x1 [0122.924] WriteFile (in: hFile=0x384, lpBuffer=0xc000072800*, nNumberOfBytesToWrite=0x790, lpNumberOfBytesWritten=0xc00023dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000072800*, lpNumberOfBytesWritten=0xc00023dcec*=0x790, lpOverlapped=0x0) returned 1 [0122.925] CloseHandle (hObject=0x384) returned 1 [0122.925] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0122.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0122.925] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00023dd64 | out: lpMode=0xc00023dd64) returned 0 [0122.933] GetFileType (hFile=0x384) returned 0x1 [0122.933] WriteFile (in: hFile=0x384, lpBuffer=0xc00003cb00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00003cb00*, lpNumberOfBytesWritten=0xc00023dd4c*=0x158, lpOverlapped=0x0) returned 1 [0122.933] CloseHandle (hObject=0x384) returned 1 [0122.933] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0122.934] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0122.934] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\roses.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-Roses.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-roses.jpg"), dwFlags=0x1) returned 1 [0122.935] SetEvent (hEvent=0x1a0) returned 1 [0122.935] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0122.941] SetEvent (hEvent=0x39c) returned 1 [0122.941] ReadFile (in: hFile=0x36c, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x5f3f, lpNumberOfBytesRead=0xc0001abc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc0001abc04*=0x5d3f, lpOverlapped=0x0) returned 1 [0122.953] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0123.020] ReadFile (in: hFile=0x36c, lpBuffer=0xc000051d3f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001abc04, lpOverlapped=0x0 | out: lpBuffer=0xc000051d3f*, lpNumberOfBytesRead=0xc0001abc04*=0x0, lpOverlapped=0x0) returned 1 [0123.020] CloseHandle (hObject=0x36c) returned 1 [0123.021] VirtualFree (lpAddress=0xc000230000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0123.021] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.021] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0123.022] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.022] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.023] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.023] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.023] SetEvent (hEvent=0x1a0) returned 1 [0123.023] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0123.828] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0123.828] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-softblue.jpg"), dwFlags=0x1) returned 1 [0124.584] SetEvent (hEvent=0x1a0) returned 1 [0124.584] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0124.586] SetEvent (hEvent=0x324) returned 1 [0124.586] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0124.846] SetEvent (hEvent=0x3c8) returned 1 [0124.846] SetEvent (hEvent=0x1a0) returned 1 [0124.846] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0124.935] SetEvent (hEvent=0x3c8) returned 1 [0124.935] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0125.505] SetEvent (hEvent=0x3c8) returned 1 [0125.505] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0125.510] SetEvent (hEvent=0xec) returned 1 [0125.510] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0125.533] SetEvent (hEvent=0x3c8) returned 1 [0125.533] SetEvent (hEvent=0xec) returned 1 [0125.534] SetEvent (hEvent=0x114) returned 1 [0125.534] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0125.546] SetEvent (hEvent=0x3c8) returned 1 [0125.546] SetEvent (hEvent=0x324) returned 1 [0125.546] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0125.607] SetEvent (hEvent=0x114) returned 1 [0125.607] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0125.622] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0125.634] SetEvent (hEvent=0x3c8) returned 1 [0125.634] SetEvent (hEvent=0xec) returned 1 [0125.634] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0125.636] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0125.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0125.638] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0002dfd04 | out: lpMode=0xc0002dfd04) returned 0 [0125.641] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0125.644] GetFileType (hFile=0x384) returned 0x1 [0125.644] WriteFile (in: hFile=0x384, lpBuffer=0xc000212000*, nNumberOfBytesToWrite=0x10d30, lpNumberOfBytesWritten=0xc0002dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesWritten=0xc0002dfcec*=0x10d30, lpOverlapped=0x0) returned 1 [0125.646] CloseHandle (hObject=0x384) returned 1 [0125.646] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0125.646] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0125.647] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0002dfd64 | out: lpMode=0xc0002dfd64) returned 0 [0125.709] GetFileType (hFile=0x384) returned 0x1 [0125.710] WriteFile (in: hFile=0x384, lpBuffer=0xc00011c580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c580*, lpNumberOfBytesWritten=0xc0002dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0125.710] CloseHandle (hObject=0x384) returned 1 [0125.710] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\885eed01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\E\\69\\encry-885EEd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\e\\69\\encry-885eed01"), dwFlags=0x1) returned 1 [0125.711] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0125.712] SetEvent (hEvent=0x3c8) returned 1 [0125.712] SetEvent (hEvent=0x1a0) returned 1 [0125.712] VirtualFree (lpAddress=0xc00031c000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0125.713] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0125.714] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.715] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.715] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.715] VirtualFree (lpAddress=0xc000076000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0125.716] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.716] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.717] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.717] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.717] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0125.718] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc0001bbcf4 | out: lpMode=0xc0001bbcf4) returned 0 [0125.719] GetFileType (hFile=0x23c) returned 0x1 [0125.719] GetFileType (hFile=0x23c) returned 0x1 [0125.719] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc0001bbd44 | out: lpFileInformation=0xc0001bbd44) returned 1 [0125.719] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc0001bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bbd28) returned 1 [0125.719] VirtualAlloc (lpAddress=0xc000ae6000, dwSize=0x402000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.719] VirtualAlloc (lpAddress=0xc000ae6000, dwSize=0x402000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.719] VirtualAlloc (lpAddress=0xc000ae6000, dwSize=0x201000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.719] VirtualAlloc (lpAddress=0xc000ae6000, dwSize=0x100000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000ae6000 [0125.722] VirtualAlloc (lpAddress=0xc000be6000, dwSize=0x302000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.722] VirtualAlloc (lpAddress=0xc000be6000, dwSize=0x181000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.723] VirtualAlloc (lpAddress=0xc000be6000, dwSize=0xc0000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.723] VirtualAlloc (lpAddress=0xc000be6000, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.723] VirtualAlloc (lpAddress=0xc000be6000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.723] VirtualAlloc (lpAddress=0xc000be6000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000be6000 [0125.723] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x2ea000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.723] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x175000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.723] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0xba000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.723] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x5d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.724] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x2e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.724] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x17000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.724] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.724] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0125.724] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000bfe000 [0125.724] VirtualAlloc (lpAddress=0xc000c00000, dwSize=0x2e8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000c00000 [0125.803] ReadFile (in: hFile=0x23c, lpBuffer=0xc000ae6000, nNumberOfBytesToRead=0x400200, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000ae6000*, lpNumberOfBytesRead=0xc0001bbc04*=0x400000, lpOverlapped=0x0) returned 1 [0125.997] SwitchToThread () returned 1 [0125.997] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.043] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.072] ReadFile (in: hFile=0x23c, lpBuffer=0xc000ee6000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000ee6000*, lpNumberOfBytesRead=0xc0001bbc04*=0x0, lpOverlapped=0x0) returned 1 [0126.072] CloseHandle (hObject=0x23c) returned 1 [0126.072] SetEvent (hEvent=0x324) returned 1 [0126.072] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.184] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0126.185] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00020dcf4 | out: lpMode=0xc00020dcf4) returned 0 [0126.191] GetFileType (hFile=0x2e8) returned 0x1 [0126.192] GetFileType (hFile=0x2e8) returned 0x1 [0126.192] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc00020dd44 | out: lpFileInformation=0xc00020dd44) returned 1 [0126.192] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc00020dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020dd28) returned 1 [0126.192] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0001e6000, nNumberOfBytesToRead=0x201, lpNumberOfBytesRead=0xc00020dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e6000*, lpNumberOfBytesRead=0xc00020dc04*=0x1, lpOverlapped=0x0) returned 1 [0126.194] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0001e6001, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e6001*, lpNumberOfBytesRead=0xc00020dc04*=0x0, lpOverlapped=0x0) returned 1 [0126.194] CloseHandle (hObject=0x2e8) returned 1 [0126.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0126.195] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00020dd04 | out: lpMode=0xc00020dd04) returned 0 [0126.207] GetFileType (hFile=0x2e8) returned 0x1 [0126.207] WriteFile (in: hFile=0x2e8, lpBuffer=0xc00005e280*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc00020dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00005e280*, lpNumberOfBytesWritten=0xc00020dcec*=0x10, lpOverlapped=0x0) returned 1 [0126.208] CloseHandle (hObject=0x2e8) returned 1 [0126.208] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0126.209] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0126.209] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00020dd64 | out: lpMode=0xc00020dd64) returned 0 [0126.211] GetFileType (hFile=0x2e8) returned 0x1 [0126.211] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00020dd4c*=0x158, lpOverlapped=0x0) returned 1 [0126.211] CloseHandle (hObject=0x2e8) returned 1 [0126.211] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0126.212] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0126.212] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\_CACHE_CLEAN_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\_cache_clean_"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-_CACHE_CLEAN_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-_cache_clean_"), dwFlags=0x1) returned 1 [0126.213] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0126.214] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.214] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0126.214] SetEvent (hEvent=0xc0) returned 1 [0126.214] SetEvent (hEvent=0x114) returned 1 [0126.214] SetEvent (hEvent=0x354) returned 1 [0126.215] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0126.217] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.217] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.223] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0126.223] SetEvent (hEvent=0x324) returned 1 [0126.223] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.273] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001ff818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0001ff818*=0x3) returned 1 [0126.298] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010046*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f3818, lpReserved=0x0 | out: lpBuffer=0xc000010046*, lpNumberOfCharsWritten=0xc0000f3818*=0x3) returned 1 [0126.432] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.436] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e070*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00016f818, lpReserved=0x0 | out: lpBuffer=0xc00005e070*, lpNumberOfCharsWritten=0xc00016f818*=0x3) returned 1 [0126.437] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.572] SetEvent (hEvent=0x324) returned 1 [0126.572] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.587] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d7818, lpReserved=0x0 | out: lpBuffer=0xc00005e020*, lpNumberOfCharsWritten=0xc0001d7818*=0x3) returned 1 [0126.594] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e026*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004df818, lpReserved=0x0 | out: lpBuffer=0xc00005e026*, lpNumberOfCharsWritten=0xc0004df818*=0x3) returned 1 [0126.597] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001c9818, lpReserved=0x0 | out: lpBuffer=0xc00005e040*, lpNumberOfCharsWritten=0xc0001c9818*=0x3) returned 1 [0126.635] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e046*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000249818, lpReserved=0x0 | out: lpBuffer=0xc00005e046*, lpNumberOfCharsWritten=0xc000249818*=0x3) returned 1 [0126.636] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.647] SetEvent (hEvent=0x354) returned 1 [0126.647] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0126.648] SetEvent (hEvent=0x324) returned 1 [0126.648] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e050*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000157818, lpReserved=0x0 | out: lpBuffer=0xc00005e050*, lpNumberOfCharsWritten=0xc000157818*=0x3) returned 1 [0126.649] SetEvent (hEvent=0x354) returned 1 [0126.649] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00010e000*, nNumberOfCharsToWrite=0x72, lpNumberOfCharsWritten=0xc000159808, lpReserved=0x0 | out: lpBuffer=0xc00010e000*, lpNumberOfCharsWritten=0xc000159808*=0x72) returned 1 [0126.650] SetEvent (hEvent=0x354) returned 1 [0126.650] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0126.651] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0126.651] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0126.651] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0126.652] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0126.652] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0126.653] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0126.653] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0126.654] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0126.654] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000159d64 | out: lpMode=0xc000159d64) returned 0 [0126.655] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.692] GetFileType (hFile=0x2e8) returned 0x1 [0126.692] WriteFile (in: hFile=0x2e8, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000159d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc000159d4c*=0x158, lpOverlapped=0x0) returned 1 [0126.693] CloseHandle (hObject=0x2e8) returned 1 [0126.694] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0126.695] SwitchToThread () returned 1 [0126.704] WriteFile (in: hFile=0x2c4, lpBuffer=0xc00011c420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c420*, lpNumberOfBytesWritten=0xc0001f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0126.704] CloseHandle (hObject=0x2c4) returned 1 [0126.704] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\encry-_CACHE_001_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\encry-_cache_001_"), dwFlags=0x1) returned 1 [0126.711] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.713] SetEvent (hEvent=0x324) returned 1 [0126.713] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.715] SetEvent (hEvent=0x324) returned 1 [0126.715] SetEvent (hEvent=0x13c) returned 1 [0126.715] SetEvent (hEvent=0x354) returned 1 [0126.715] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.716] SwitchToThread () returned 1 [0126.719] SetEvent (hEvent=0x324) returned 1 [0126.719] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.720] SetEvent (hEvent=0x354) returned 1 [0126.720] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.728] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.731] SetEvent (hEvent=0x114) returned 1 [0126.731] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.732] SetEvent (hEvent=0x114) returned 1 [0126.732] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.733] SetEvent (hEvent=0x114) returned 1 [0126.733] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.734] SetEvent (hEvent=0x114) returned 1 [0126.734] SetEvent (hEvent=0x324) returned 1 [0126.734] SetEvent (hEvent=0x354) returned 1 [0126.734] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.740] SetEvent (hEvent=0x114) returned 1 [0126.740] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.740] SetEvent (hEvent=0x114) returned 1 [0126.741] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.741] SetEvent (hEvent=0x114) returned 1 [0126.741] SetEvent (hEvent=0x324) returned 1 [0126.741] SetEvent (hEvent=0x354) returned 1 [0126.741] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.764] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.765] SetEvent (hEvent=0x114) returned 1 [0126.765] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.769] SetEvent (hEvent=0x114) returned 1 [0126.769] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.789] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.794] SetEvent (hEvent=0x354) returned 1 [0126.794] SwitchToThread () returned 1 [0126.852] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.875] SetEvent (hEvent=0x354) returned 1 [0126.875] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.878] SetEvent (hEvent=0x3c8) returned 1 [0126.878] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0126.905] SetEvent (hEvent=0x1a0) returned 1 [0126.905] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0127.551] SetEvent (hEvent=0x39c) returned 1 [0127.551] SetEvent (hEvent=0xfc) returned 1 [0127.551] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0127.574] SetEvent (hEvent=0x39c) returned 1 [0127.574] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\N178QRCD61cLBymM6sr.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\n178qrcd61clbymm6sr.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0127.575] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000195cf4 | out: lpMode=0xc000195cf4) returned 0 [0127.586] GetFileType (hFile=0x2c4) returned 0x1 [0127.586] GetFileType (hFile=0x2c4) returned 0x1 [0127.586] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc000195d44 | out: lpFileInformation=0xc000195d44) returned 1 [0127.586] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc000195d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000195d28) returned 1 [0127.586] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0127.587] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x10bb7, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000195c04*=0x109b7, lpOverlapped=0x0) returned 1 [0127.589] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0002b49b7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b49b7*, lpNumberOfBytesRead=0xc000195c04*=0x0, lpOverlapped=0x0) returned 1 [0127.589] CloseHandle (hObject=0x2c4) returned 1 [0127.589] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\N178QRCD61cLBymM6sr.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\n178qrcd61clbymm6sr.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0127.590] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000195d04 | out: lpMode=0xc000195d04) returned 0 [0127.591] GetFileType (hFile=0x2c4) returned 0x1 [0127.591] WriteFile (in: hFile=0x2c4, lpBuffer=0xc0002f6000*, nNumberOfBytesToWrite=0x109c0, lpNumberOfBytesWritten=0xc000195cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesWritten=0xc000195cec*=0x109c0, lpOverlapped=0x0) returned 1 [0127.594] CloseHandle (hObject=0x2c4) returned 1 [0127.594] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0127.594] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0127.595] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\N178QRCD61cLBymM6sr.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\n178qrcd61clbymm6sr.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0127.595] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000195d64 | out: lpMode=0xc000195d64) returned 0 [0127.597] GetFileType (hFile=0x2c4) returned 0x1 [0127.597] WriteFile (in: hFile=0x2c4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000195d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000195d4c*=0x158, lpOverlapped=0x0) returned 1 [0127.597] CloseHandle (hObject=0x2c4) returned 1 [0127.597] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\N178QRCD61cLBymM6sr.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\n178qrcd61clbymm6sr.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-N178QRCD61cLBymM6sr.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-n178qrcd61clbymm6sr.png"), dwFlags=0x1) returned 1 [0127.599] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0127.599] SetEvent (hEvent=0x324) returned 1 [0127.599] SetEvent (hEvent=0xfc) returned 1 [0127.599] SetEvent (hEvent=0x3c8) returned 1 [0127.600] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.605] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0127.605] SetEvent (hEvent=0xfc) returned 1 [0127.605] SetEvent (hEvent=0x30c) returned 1 [0127.605] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.608] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0127.608] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.609] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0127.609] SetEvent (hEvent=0xc0) returned 1 [0127.609] SetEvent (hEvent=0x39c) returned 1 [0127.609] SetEvent (hEvent=0x354) returned 1 [0127.609] SetEvent (hEvent=0x30c) returned 1 [0127.609] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.610] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0127.610] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OkNvEKjY32_Yd.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\oknvekjy32_yd.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0127.611] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000191cf4 | out: lpMode=0xc000191cf4) returned 0 [0127.618] GetFileType (hFile=0x2e8) returned 0x1 [0127.618] GetFileType (hFile=0x2e8) returned 0x1 [0127.618] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc000191d44 | out: lpFileInformation=0xc000191d44) returned 1 [0127.618] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc000191d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000191d28) returned 1 [0127.618] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0127.618] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0127.621] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0x4e45, lpNumberOfBytesRead=0xc000191c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc000191c04*=0x4c45, lpOverlapped=0x0) returned 1 [0127.622] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0001e6c45, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000191c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e6c45*, lpNumberOfBytesRead=0xc000191c04*=0x0, lpOverlapped=0x0) returned 1 [0127.622] CloseHandle (hObject=0x2e8) returned 1 [0127.622] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0127.623] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OkNvEKjY32_Yd.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\oknvekjy32_yd.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0127.624] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000191d04 | out: lpMode=0xc000191d04) returned 0 [0127.637] GetFileType (hFile=0x2e8) returned 0x1 [0127.637] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0001e7000*, nNumberOfBytesToWrite=0x4c50, lpNumberOfBytesWritten=0xc000191cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e7000*, lpNumberOfBytesWritten=0xc000191cec*=0x4c50, lpOverlapped=0x0) returned 1 [0127.638] CloseHandle (hObject=0x2e8) returned 1 [0127.638] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0127.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OkNvEKjY32_Yd.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\oknvekjy32_yd.m4a"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0127.639] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000191d64 | out: lpMode=0xc000191d64) returned 0 [0127.642] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0127.670] GetFileType (hFile=0x2e8) returned 0x1 [0127.670] WriteFile (in: hFile=0x2e8, lpBuffer=0xc000162420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000191d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000162420*, lpNumberOfBytesWritten=0xc000191d4c*=0x158, lpOverlapped=0x0) returned 1 [0127.670] CloseHandle (hObject=0x2e8) returned 1 [0127.670] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\OkNvEKjY32_Yd.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\oknvekjy32_yd.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-OkNvEKjY32_Yd.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-oknvekjy32_yd.m4a"), dwFlags=0x1) returned 1 [0127.672] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.673] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0127.673] SetEvent (hEvent=0x1a0) returned 1 [0127.673] SetEvent (hEvent=0x354) returned 1 [0127.673] SetEvent (hEvent=0xec) returned 1 [0127.674] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.681] SetEvent (hEvent=0xec) returned 1 [0127.681] SetEvent (hEvent=0x354) returned 1 [0127.681] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.689] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0127.689] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.690] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0127.690] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0127.690] SetEvent (hEvent=0x354) returned 1 [0127.690] SetEvent (hEvent=0x324) returned 1 [0127.690] SetEvent (hEvent=0xec) returned 1 [0127.690] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.697] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0127.698] SetEvent (hEvent=0x30c) returned 1 [0127.698] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0127.705] SetEvent (hEvent=0x1a0) returned 1 [0127.705] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0127.706] SetEvent (hEvent=0x30c) returned 1 [0127.706] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0127.826] SetEvent (hEvent=0x1a0) returned 1 [0127.826] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0128.039] SetEvent (hEvent=0x114) returned 1 [0128.039] SetEvent (hEvent=0x30c) returned 1 [0128.039] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0128.080] SetEvent (hEvent=0x1a0) returned 1 [0128.080] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0128.127] SetEvent (hEvent=0x114) returned 1 [0128.127] SwitchToThread () returned 1 [0128.130] SetEvent (hEvent=0x114) returned 1 [0128.130] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0128.140] SetEvent (hEvent=0x114) returned 1 [0128.140] SetEvent (hEvent=0xec) returned 1 [0128.140] SwitchToThread () returned 1 [0128.147] GetFileType (hFile=0x384) returned 0x1 [0128.147] GetFileType (hFile=0x384) returned 0x1 [0128.147] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc000243d44 | out: lpFileInformation=0xc000243d44) returned 1 [0128.147] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc000243d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000243d28) returned 1 [0128.147] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0128.149] ReadFile (in: hFile=0x384, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x11ece, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000243c04*=0x11cce, lpOverlapped=0x0) returned 1 [0128.150] ReadFile (in: hFile=0x384, lpBuffer=0xc0002b5cce, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b5cce*, lpNumberOfBytesRead=0xc000243c04*=0x0, lpOverlapped=0x0) returned 1 [0128.150] CloseHandle (hObject=0x384) returned 1 [0128.150] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0128.152] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3qSKcqe3.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\3qskcqe3.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0128.153] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000243d04 | out: lpMode=0xc000243d04) returned 0 [0128.157] GetFileType (hFile=0x384) returned 0x1 [0128.157] WriteFile (in: hFile=0x384, lpBuffer=0xc0002f6000*, nNumberOfBytesToWrite=0x11cd0, lpNumberOfBytesWritten=0xc000243cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesWritten=0xc000243cec*=0x11cd0, lpOverlapped=0x0) returned 1 [0128.159] CloseHandle (hObject=0x384) returned 1 [0128.159] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0101 | out: pbBuffer=0xc0002f0101) returned 1 [0128.159] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0128.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3qSKcqe3.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\3qskcqe3.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0128.160] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000243d64 | out: lpMode=0xc000243d64) returned 0 [0128.163] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0128.164] SetEvent (hEvent=0x114) returned 1 [0128.165] GetFileType (hFile=0x384) returned 0x1 [0128.165] WriteFile (in: hFile=0x384, lpBuffer=0xc000074420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000243d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000074420*, lpNumberOfBytesWritten=0xc000243d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.165] CloseHandle (hObject=0x384) returned 1 [0128.165] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3qSKcqe3.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\3qskcqe3.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-3qSKcqe3.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-3qskcqe3.flv"), dwFlags=0x1) returned 1 [0128.166] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0128.169] SetEvent (hEvent=0x1a0) returned 1 [0128.169] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.170] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0128.170] SetEvent (hEvent=0xc0) returned 1 [0128.170] SetEvent (hEvent=0xec) returned 1 [0128.170] SetEvent (hEvent=0x1a0) returned 1 [0128.170] SetEvent (hEvent=0x3c8) returned 1 [0128.170] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.177] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.177] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0128.177] SetEvent (hEvent=0x3c8) returned 1 [0128.177] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.181] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\5NVv9weiChBBQW9eqI.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\5nvv9weichbbqw9eqi.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0128.181] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00020fcf4 | out: lpMode=0xc00020fcf4) returned 0 [0128.186] GetFileType (hFile=0x370) returned 0x1 [0128.186] GetFileType (hFile=0x370) returned 0x1 [0128.186] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc00020fd44 | out: lpFileInformation=0xc00020fd44) returned 1 [0128.186] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc00020fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020fd28) returned 1 [0128.186] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0128.187] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0128.188] ReadFile (in: hFile=0x370, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0x8088, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc00020fc04*=0x7e88, lpOverlapped=0x0) returned 1 [0128.189] ReadFile (in: hFile=0x370, lpBuffer=0xc0001e9e88, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e9e88*, lpNumberOfBytesRead=0xc00020fc04*=0x0, lpOverlapped=0x0) returned 1 [0128.189] CloseHandle (hObject=0x370) returned 1 [0128.189] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0128.189] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0128.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\5NVv9weiChBBQW9eqI.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\5nvv9weichbbqw9eqi.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0128.191] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00020fd04 | out: lpMode=0xc00020fd04) returned 0 [0128.201] GetFileType (hFile=0x370) returned 0x1 [0128.201] WriteFile (in: hFile=0x370, lpBuffer=0xc000180000*, nNumberOfBytesToWrite=0x7e90, lpNumberOfBytesWritten=0xc00020fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesWritten=0xc00020fcec*=0x7e90, lpOverlapped=0x0) returned 1 [0128.202] CloseHandle (hObject=0x370) returned 1 [0128.202] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0128.202] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0128.203] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0128.203] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0128.203] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0128.204] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\5NVv9weiChBBQW9eqI.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\5nvv9weichbbqw9eqi.doc"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0128.204] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00020fd64 | out: lpMode=0xc00020fd64) returned 0 [0128.216] GetFileType (hFile=0x370) returned 0x1 [0128.216] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0128.217] WriteFile (in: hFile=0x370, lpBuffer=0xc00010e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00010e000*, lpNumberOfBytesWritten=0xc00020fd4c*=0x158, lpOverlapped=0x0) returned 1 [0128.217] CloseHandle (hObject=0x370) returned 1 [0128.217] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0128.217] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0128.218] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0128.218] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0128.219] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\5NVv9weiChBBQW9eqI.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\5nvv9weichbbqw9eqi.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-5NVv9weiChBBQW9eqI.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-5nvv9weichbbqw9eqi.doc"), dwFlags=0x1) returned 1 [0128.220] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.221] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0128.221] SetEvent (hEvent=0xc0) returned 1 [0128.221] SetEvent (hEvent=0x30c) returned 1 [0128.221] SetEvent (hEvent=0x1a0) returned 1 [0128.221] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0128.222] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.227] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.233] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0128.233] SetEvent (hEvent=0xec) returned 1 [0128.233] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0128.242] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0128.242] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.250] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0128.250] SetEvent (hEvent=0xc0) returned 1 [0128.250] SetEvent (hEvent=0xec) returned 1 [0128.250] SetEvent (hEvent=0x30c) returned 1 [0128.250] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0128.252] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.256] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.260] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0128.260] SetEvent (hEvent=0x114) returned 1 [0128.260] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.272] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.273] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0128.273] SetEvent (hEvent=0xc0) returned 1 [0128.273] SetEvent (hEvent=0xec) returned 1 [0128.273] SetEvent (hEvent=0x30c) returned 1 [0128.274] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.277] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.280] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0128.280] SetEvent (hEvent=0x114) returned 1 [0128.280] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.284] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.284] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0128.284] SetEvent (hEvent=0xec) returned 1 [0128.284] SetEvent (hEvent=0x30c) returned 1 [0128.285] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.291] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.295] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0128.295] SetEvent (hEvent=0xec) returned 1 [0128.295] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0128.300] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0128.300] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.301] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0128.301] SetEvent (hEvent=0xc0) returned 1 [0128.301] SetEvent (hEvent=0xec) returned 1 [0128.301] SetEvent (hEvent=0x30c) returned 1 [0128.301] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0128.303] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.306] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0128.306] SetEvent (hEvent=0x30c) returned 1 [0128.306] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.318] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0128.318] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0128.318] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0128.319] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0128.319] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0128.320] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\uMc2SvFU7si.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\umc2svfu7si.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0128.320] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000063cf4 | out: lpMode=0xc000063cf4) returned 0 [0128.335] GetFileType (hFile=0x3d8) returned 0x1 [0128.335] GetFileType (hFile=0x3d8) returned 0x1 [0128.335] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc000063d44 | out: lpFileInformation=0xc000063d44) returned 1 [0128.335] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc000063d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000063d28) returned 1 [0128.335] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0128.336] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x28ae, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc000063c04*=0x26ae, lpOverlapped=0x0) returned 1 [0128.336] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0000506ae, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000506ae*, lpNumberOfBytesRead=0xc000063c04*=0x0, lpOverlapped=0x0) returned 1 [0128.337] CloseHandle (hObject=0x3d8) returned 1 [0128.337] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0128.337] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0128.337] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0128.338] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\uMc2SvFU7si.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\umc2svfu7si.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0128.339] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000063d04 | out: lpMode=0xc000063d04) returned 0 [0128.361] GetFileType (hFile=0x3d8) returned 0x1 [0128.361] WriteFile (in: hFile=0x3d8, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x26b0, lpNumberOfBytesWritten=0xc000063cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc000063cec*=0x26b0, lpOverlapped=0x0) returned 1 [0128.362] CloseHandle (hObject=0x3d8) returned 1 [0128.363] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0128.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\uMc2SvFU7si.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\umc2svfu7si.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0128.363] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000063d64 | out: lpMode=0xc000063d64) returned 0 [0128.377] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0128.381] GetFileType (hFile=0x3d8) returned 0x1 [0128.381] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0002042c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000063d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002042c0*, lpNumberOfBytesWritten=0xc000063d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.381] CloseHandle (hObject=0x3d8) returned 1 [0128.381] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\uMc2SvFU7si.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\umc2svfu7si.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-uMc2SvFU7si.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-umc2svfu7si.jpg"), dwFlags=0x1) returned 1 [0128.382] SetEvent (hEvent=0xec) returned 1 [0128.383] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0128.463] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0128.464] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WnQe2fjSA2R.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\wnqe2fjsa2r.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0128.465] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0000c5cf4 | out: lpMode=0xc0000c5cf4) returned 0 [0128.469] GetFileType (hFile=0x370) returned 0x1 [0128.469] GetFileType (hFile=0x370) returned 0x1 [0128.470] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc0000c5d44 | out: lpFileInformation=0xc0000c5d44) returned 1 [0128.470] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc0000c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c5d28) returned 1 [0128.470] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0128.471] ReadFile (in: hFile=0x370, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x94d9, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0000c5c04*=0x92d9, lpOverlapped=0x0) returned 1 [0128.472] ReadFile (in: hFile=0x370, lpBuffer=0xc0002392d9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002392d9*, lpNumberOfBytesRead=0xc0000c5c04*=0x0, lpOverlapped=0x0) returned 1 [0128.472] CloseHandle (hObject=0x370) returned 1 [0128.472] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0128.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WnQe2fjSA2R.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\wnqe2fjsa2r.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0130.611] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0000c5d04 | out: lpMode=0xc0000c5d04) returned 0 [0130.659] GetFileType (hFile=0x3cc) returned 0x1 [0130.659] WriteFile (in: hFile=0x3cc, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x92e0, lpNumberOfBytesWritten=0xc0000c5cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc0000c5cec*=0x92e0, lpOverlapped=0x0) returned 1 [0130.661] CloseHandle (hObject=0x3cc) returned 1 [0130.662] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0130.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WnQe2fjSA2R.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\wnqe2fjsa2r.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0130.662] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0000c5d64 | out: lpMode=0xc0000c5d64) returned 0 [0130.689] GetFileType (hFile=0x3cc) returned 0x1 [0130.689] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0001862c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001862c0*, lpNumberOfBytesWritten=0xc0000c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0130.689] CloseHandle (hObject=0x3cc) returned 1 [0130.690] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\WnQe2fjSA2R.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\wnqe2fjsa2r.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-WnQe2fjSA2R.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-wnqe2fjsa2r.mp3"), dwFlags=0x1) returned 1 [0130.691] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\5a2sp8_ePr.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\5a2sp8_epr.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-5a2sp8_ePr.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-5a2sp8_epr.wav"), dwFlags=0x1) returned 1 [0130.692] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bjmV65oG2TWTY.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bjmv65og2twty.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-bjmV65oG2TWTY.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-bjmv65og2twty.gif"), dwFlags=0x1) returned 1 [0130.694] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.694] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat\\*", lpFindFileData=0xc00029da08 | out: lpFindFileData=0xc00029da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0130.694] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00029d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0130.694] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x94000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0130.741] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0130.743] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0130.751] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc00020dd04 | out: lpMode=0xc00020dd04) returned 0 [0130.758] GetFileType (hFile=0x3cc) returned 0x1 [0130.759] WriteFile (in: hFile=0x3cc, lpBuffer=0xc00058e000*, nNumberOfBytesToWrite=0x927d0, lpNumberOfBytesWritten=0xc00020dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesWritten=0xc00020dcec*=0x927d0, lpOverlapped=0x0) returned 1 [0130.775] CloseHandle (hObject=0x3cc) returned 1 [0130.775] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000083001 | out: pbBuffer=0xc000083001) returned 1 [0130.776] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0130.776] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc00020dd64 | out: lpMode=0xc00020dd64) returned 0 [0130.780] GetFileType (hFile=0x3cc) returned 0x1 [0130.780] WriteFile (in: hFile=0x3cc, lpBuffer=0xc000186f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000186f20*, lpNumberOfBytesWritten=0xc00020dd4c*=0x158, lpOverlapped=0x0) returned 1 [0130.781] CloseHandle (hObject=0x3cc) returned 1 [0130.781] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\update.mar"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\encry-update.mar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates\\0\\encry-update.mar"), dwFlags=0x1) returned 1 [0130.783] SetEvent (hEvent=0x39c) returned 1 [0130.783] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0130.797] SetEvent (hEvent=0x39c) returned 1 [0130.797] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0130.854] SetEvent (hEvent=0x324) returned 1 [0130.854] SetEvent (hEvent=0x3c0) returned 1 [0130.854] VirtualFree (lpAddress=0xc00058e000, dwSize=0x94000, dwFreeType=0x4000) returned 1 [0130.858] VirtualFree (lpAddress=0xc000400000, dwSize=0x92000, dwFreeType=0x4000) returned 1 [0130.862] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.862] VirtualFree (lpAddress=0xc00027c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.862] VirtualFree (lpAddress=0xc00025a000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0130.863] VirtualFree (lpAddress=0xc000230000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0130.863] VirtualFree (lpAddress=0xc000202000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0130.864] VirtualFree (lpAddress=0xc0001a6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.864] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.865] VirtualFree (lpAddress=0xc000184000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0130.865] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.866] VirtualFree (lpAddress=0xc000162000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0130.866] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.866] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0130.867] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0130.867] VirtualFree (lpAddress=0xc00010e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0130.868] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0130.868] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.869] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.869] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.869] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.870] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e2a8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015b818, lpReserved=0x0 | out: lpBuffer=0xc00005e2a8*, lpNumberOfCharsWritten=0xc00015b818*=0x3) returned 1 [0130.896] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0130.897] SetEvent (hEvent=0x12c) returned 1 [0130.897] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e2b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f5818, lpReserved=0x0 | out: lpBuffer=0xc00005e2b0*, lpNumberOfCharsWritten=0xc0000f5818*=0x3) returned 1 [0130.898] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0130.899] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0130.900] SetEvent (hEvent=0x324) returned 1 [0130.900] SetEvent (hEvent=0x12c) returned 1 [0130.900] VirtualFree (lpAddress=0xc0002a4000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0130.901] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0130.901] VirtualFree (lpAddress=0xc000234000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0130.902] VirtualFree (lpAddress=0xc000212000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0130.902] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.903] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.903] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.904] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.904] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.904] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.905] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.905] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.906] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0130.906] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.906] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.907] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfCharsWritten=0xc00024d818*=0x3) returned 1 [0130.911] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c5818, lpReserved=0x0 | out: lpBuffer=0xc00005e006*, lpNumberOfCharsWritten=0xc0000c5818*=0x3) returned 1 [0130.917] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004d9818, lpReserved=0x0 | out: lpBuffer=0xc00005e010*, lpNumberOfCharsWritten=0xc0004d9818*=0x3) returned 1 [0130.919] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0130.925] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0130.925] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000201818, lpReserved=0x0 | out: lpBuffer=0xc00005e016*, lpNumberOfCharsWritten=0xc000201818*=0x3) returned 1 [0130.926] SetEvent (hEvent=0x39c) returned 1 [0130.926] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cf818, lpReserved=0x0 | out: lpBuffer=0xc00005e020*, lpNumberOfCharsWritten=0xc0001cf818*=0x3) returned 1 [0130.927] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0130.950] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0130.953] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000247818*=0x3) returned 1 [0130.962] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cd818, lpReserved=0x0 | out: lpBuffer=0xc000586006*, lpNumberOfCharsWritten=0xc0001cd818*=0x3) returned 1 [0130.965] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020d818, lpReserved=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfCharsWritten=0xc00020d818*=0x3) returned 1 [0130.976] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024b818, lpReserved=0x0 | out: lpBuffer=0xc00005e006*, lpNumberOfCharsWritten=0xc00024b818*=0x3) returned 1 [0130.978] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00026d818, lpReserved=0x0 | out: lpBuffer=0xc00005e010*, lpNumberOfCharsWritten=0xc00026d818*=0x3) returned 1 [0130.981] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000143818, lpReserved=0x0 | out: lpBuffer=0xc00005e016*, lpNumberOfCharsWritten=0xc000143818*=0x3) returned 1 [0130.982] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00026f818, lpReserved=0x0 | out: lpBuffer=0xc00005e020*, lpNumberOfCharsWritten=0xc00026f818*=0x3) returned 1 [0130.982] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e026*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c7818, lpReserved=0x0 | out: lpBuffer=0xc00005e026*, lpNumberOfCharsWritten=0xc0000c7818*=0x3) returned 1 [0130.985] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00029d818, lpReserved=0x0 | out: lpBuffer=0xc00005e030*, lpNumberOfCharsWritten=0xc00029d818*=0x3) returned 1 [0130.989] SetEvent (hEvent=0x39c) returned 1 [0130.989] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e036*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015f818, lpReserved=0x0 | out: lpBuffer=0xc00005e036*, lpNumberOfCharsWritten=0xc00015f818*=0x3) returned 1 [0130.991] SetEvent (hEvent=0x39c) returned 1 [0130.991] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000195818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc000195818*=0x3) returned 1 [0131.002] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.008] SetEvent (hEvent=0xfc) returned 1 [0131.008] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0131.009] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0131.009] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000063808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000063808*=0xac) returned 1 [0131.013] SetEvent (hEvent=0xfc) returned 1 [0131.013] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0131.014] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0131.014] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0131.015] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0131.015] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0131.016] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0131.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0131.017] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000063d64 | out: lpMode=0xc000063d64) returned 0 [0131.019] GetFileType (hFile=0x2e8) returned 0x1 [0131.019] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0131.020] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0131.020] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000063d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000063d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.020] CloseHandle (hObject=0x2e8) returned 1 [0131.035] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwFlags=0x1) returned 1 [0131.094] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0131.094] SetEvent (hEvent=0x3c4) returned 1 [0131.094] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0131.096] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.097] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.097] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0131.097] SetEvent (hEvent=0x39c) returned 1 [0131.098] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.112] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.112] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.114] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.114] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0131.114] SetEvent (hEvent=0xc0) returned 1 [0131.114] SetEvent (hEvent=0x3c4) returned 1 [0131.115] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.116] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.117] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0131.117] SetEvent (hEvent=0xfc) returned 1 [0131.117] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.123] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.123] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0131.123] SetEvent (hEvent=0x39c) returned 1 [0131.124] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.127] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.135] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0131.135] SetEvent (hEvent=0x320) returned 1 [0131.135] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.137] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.138] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0131.138] SetEvent (hEvent=0x12c) returned 1 [0131.138] SetEvent (hEvent=0x39c) returned 1 [0131.138] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0131.140] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.145] SetEvent (hEvent=0x39c) returned 1 [0131.145] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.149] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.149] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0131.149] SetEvent (hEvent=0x39c) returned 1 [0131.149] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.152] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.152] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.258] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.269] SetEvent (hEvent=0x258) returned 1 [0131.269] SetEvent (hEvent=0x39c) returned 1 [0131.269] VirtualFree (lpAddress=0xc0002b6000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0131.270] VirtualFree (lpAddress=0xc0002b0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.271] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.271] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.272] VirtualFree (lpAddress=0xc000204000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.272] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.273] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.273] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.273] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.274] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.274] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.274] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.274] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.275] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.275] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e028*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00029d818, lpReserved=0x0 | out: lpBuffer=0xc00005e028*, lpNumberOfCharsWritten=0xc00029d818*=0x2) returned 1 [0131.277] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.284] SetEvent (hEvent=0x39c) returned 1 [0131.284] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0131.285] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0131.285] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00029dcf4 | out: lpMode=0xc00029dcf4) returned 0 [0131.288] GetFileType (hFile=0x370) returned 0x1 [0131.288] GetFileType (hFile=0x370) returned 0x1 [0131.288] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc00029dd44 | out: lpFileInformation=0xc00029dd44) returned 1 [0131.288] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc00029dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029dd28) returned 1 [0131.288] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0131.289] ReadFile (in: hFile=0x370, lpBuffer=0xc0002ca000, nNumberOfBytesToRead=0x848, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ca000*, lpNumberOfBytesRead=0xc00029dc04*=0x648, lpOverlapped=0x0) returned 1 [0131.292] ReadFile (in: hFile=0x370, lpBuffer=0xc0002ca648, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ca648*, lpNumberOfBytesRead=0xc00029dc04*=0x0, lpOverlapped=0x0) returned 1 [0131.292] CloseHandle (hObject=0x370) returned 1 [0131.292] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0131.292] VirtualAlloc (lpAddress=0xc0002ce000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ce000 [0131.293] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.298] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0131.299] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21\\*", lpFindFileData=0xc00029da08 | out: lpFindFileData=0xc00029da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.299] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00029d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.299] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc00029d808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc00029d808*=0xac) returned 1 [0131.306] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0131.306] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0131.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0131.306] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc00029dd64 | out: lpMode=0xc00029dd64) returned 0 [0131.308] GetFileType (hFile=0x2b4) returned 0x1 [0131.308] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00029dd4c*=0x158, lpOverlapped=0x0) returned 1 [0131.308] CloseHandle (hObject=0x2b4) returned 1 [0131.308] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), dwFlags=0x1) returned 1 [0131.361] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.361] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0131.362] SetEvent (hEvent=0x320) returned 1 [0131.362] SetEvent (hEvent=0xfc) returned 1 [0131.362] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.365] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0131.365] SetEvent (hEvent=0xfc) returned 1 [0131.365] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.368] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.434] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.551] SetEvent (hEvent=0x148) returned 1 [0131.551] SetEvent (hEvent=0xfc) returned 1 [0131.551] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.557] SetEvent (hEvent=0x148) returned 1 [0131.558] VirtualFree (lpAddress=0xc0002fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.558] VirtualFree (lpAddress=0xc00010c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0131.559] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.559] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.559] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.560] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00014d818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc00014d818*=0x2) returned 1 [0131.564] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.595] SetEvent (hEvent=0x320) returned 1 [0131.595] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.598] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0131.599] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0002a3cf4 | out: lpMode=0xc0002a3cf4) returned 0 [0131.601] GetFileType (hFile=0x2bc) returned 0x1 [0131.601] GetFileType (hFile=0x2bc) returned 0x1 [0131.601] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0002a3d44 | out: lpFileInformation=0xc0002a3d44) returned 1 [0131.601] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0002a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a3d28) returned 1 [0131.601] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000054900, nNumberOfBytesToRead=0x8e3, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000054900*, lpNumberOfBytesRead=0xc0002a3c04*=0x6e3, lpOverlapped=0x0) returned 1 [0131.608] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000054fe3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000054fe3*, lpNumberOfBytesRead=0xc0002a3c04*=0x0, lpOverlapped=0x0) returned 1 [0131.608] CloseHandle (hObject=0x2bc) returned 1 [0131.608] SwitchToThread () returned 1 [0131.612] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0131.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.628] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0131.628] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD\\*", lpFindFileData=0xc0002a3a08 | out: lpFindFileData=0xc0002a3a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.628] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0131.629] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002a3720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.629] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0131.629] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0131.630] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0131.630] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000dc000*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0002a3808, lpReserved=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfCharsWritten=0xc0002a3808*=0xac) returned 1 [0131.634] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0131.634] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0131.635] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0131.635] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0131.636] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0131.636] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0131.636] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0131.637] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0131.637] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0131.638] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0131.638] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0002a3d64 | out: lpMode=0xc0002a3d64) returned 0 [0131.640] GetFileType (hFile=0x2b4) returned 0x1 [0131.640] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0131.640] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0001122c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001122c0*, lpNumberOfBytesWritten=0xc0002a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.641] CloseHandle (hObject=0x2b4) returned 1 [0131.642] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwFlags=0x1) returned 1 [0131.694] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0131.694] SetEvent (hEvent=0xfc) returned 1 [0131.695] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.695] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0131.695] SetEvent (hEvent=0xfc) returned 1 [0131.695] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.701] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.725] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.740] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.748] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.751] SetEvent (hEvent=0x258) returned 1 [0131.751] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.751] SetEvent (hEvent=0x258) returned 1 [0131.751] SetEvent (hEvent=0x148) returned 1 [0131.752] VirtualFree (lpAddress=0xc0001b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.752] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.752] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.753] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.753] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.754] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.754] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.754] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.755] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00029d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc00029d818*=0x2) returned 1 [0131.756] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.766] SetEvent (hEvent=0xfc) returned 1 [0131.766] SetEvent (hEvent=0x148) returned 1 [0131.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0131.767] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000195cf4 | out: lpMode=0xc000195cf4) returned 0 [0131.768] GetFileType (hFile=0x370) returned 0x1 [0131.768] GetFileType (hFile=0x370) returned 0x1 [0131.768] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc000195d44 | out: lpFileInformation=0xc000195d44) returned 1 [0131.768] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc000195d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000195d28) returned 1 [0131.768] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0131.769] ReadFile (in: hFile=0x370, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x3cf, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc000195c04*=0x1cf, lpOverlapped=0x0) returned 1 [0131.770] ReadFile (in: hFile=0x370, lpBuffer=0xc0001601cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001601cf*, lpNumberOfBytesRead=0xc000195c04*=0x0, lpOverlapped=0x0) returned 1 [0131.770] CloseHandle (hObject=0x370) returned 1 [0131.770] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0131.771] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0131.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.778] SetEvent (hEvent=0xc0) returned 1 [0131.778] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED\\*", lpFindFileData=0xc000195a08 | out: lpFindFileData=0xc000195a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.778] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000195720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.778] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000195808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000195808*=0xac) returned 1 [0131.780] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0131.780] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0131.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0131.781] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000195d64 | out: lpMode=0xc000195d64) returned 0 [0131.781] GetFileType (hFile=0x370) returned 0x1 [0131.781] WriteFile (in: hFile=0x370, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000195d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000195d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.782] CloseHandle (hObject=0x370) returned 1 [0131.782] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), dwFlags=0x1) returned 1 [0131.816] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0131.816] SetEvent (hEvent=0xfc) returned 1 [0131.816] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.820] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.820] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0131.820] SetEvent (hEvent=0xfc) returned 1 [0131.820] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.824] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0131.824] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0131.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0131.825] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0002d5cf4 | out: lpMode=0xc0002d5cf4) returned 0 [0131.826] GetFileType (hFile=0x370) returned 0x1 [0131.826] GetFileType (hFile=0x370) returned 0x1 [0131.826] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc0002d5d44 | out: lpFileInformation=0xc0002d5d44) returned 1 [0131.827] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc0002d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d5d28) returned 1 [0131.827] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0131.827] ReadFile (in: hFile=0x370, lpBuffer=0xc0001ec000, nNumberOfBytesToRead=0x3cf, lpNumberOfBytesRead=0xc0002d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ec000*, lpNumberOfBytesRead=0xc0002d5c04*=0x1cf, lpOverlapped=0x0) returned 1 [0131.828] ReadFile (in: hFile=0x370, lpBuffer=0xc0001ec1cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ec1cf*, lpNumberOfBytesRead=0xc0002d5c04*=0x0, lpOverlapped=0x0) returned 1 [0131.829] CloseHandle (hObject=0x370) returned 1 [0131.829] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0131.829] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0131.830] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.831] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB\\*", lpFindFileData=0xc0002d5a08 | out: lpFindFileData=0xc0002d5a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.832] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0131.832] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002d5720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.832] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d66e0*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0002d5808, lpReserved=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfCharsWritten=0xc0002d5808*=0xac) returned 1 [0131.834] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0131.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0131.834] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0002d5d64 | out: lpMode=0xc0002d5d64) returned 0 [0131.834] GetFileType (hFile=0x370) returned 0x1 [0131.835] WriteFile (in: hFile=0x370, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0002d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.835] CloseHandle (hObject=0x370) returned 1 [0131.835] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwFlags=0x1) returned 1 [0131.889] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0131.889] SetEvent (hEvent=0x258) returned 1 [0131.889] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.890] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0131.890] SetEvent (hEvent=0x258) returned 1 [0131.890] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.006] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.017] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.027] SetEvent (hEvent=0xfc) returned 1 [0132.027] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.028] SetEvent (hEvent=0xfc) returned 1 [0132.028] SetEvent (hEvent=0x258) returned 1 [0132.028] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.029] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0132.029] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.029] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.030] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.030] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.030] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.031] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.031] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000f9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc0000f9818*=0x2) returned 1 [0132.032] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.036] SetEvent (hEvent=0x258) returned 1 [0132.036] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0132.037] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0132.037] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0000f9cf4 | out: lpMode=0xc0000f9cf4) returned 0 [0132.039] GetFileType (hFile=0x2e8) returned 0x1 [0132.040] GetFileType (hFile=0x2e8) returned 0x1 [0132.040] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc0000f9d44 | out: lpFileInformation=0xc0000f9d44) returned 1 [0132.040] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc0000f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f9d28) returned 1 [0132.040] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0132.042] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xd4da, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0000f9c04*=0xd2da, lpOverlapped=0x0) returned 1 [0132.046] ReadFile (in: hFile=0x2e8, lpBuffer=0xc00021f2da, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021f2da*, lpNumberOfBytesRead=0xc0000f9c04*=0x0, lpOverlapped=0x0) returned 1 [0132.046] CloseHandle (hObject=0x2e8) returned 1 [0132.046] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0132.048] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.056] SetEvent (hEvent=0xc0) returned 1 [0132.056] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.057] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015\\*", lpFindFileData=0xc0000f9a08 | out: lpFindFileData=0xc0000f9a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.057] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000f9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.057] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.057] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d2000*, nNumberOfCharsToWrite=0x8b, lpNumberOfCharsWritten=0xc0000f9808, lpReserved=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfCharsWritten=0xc0000f9808*=0x8b) returned 1 [0132.059] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.059] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0132.060] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0132.060] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0000f9d64 | out: lpMode=0xc0000f9d64) returned 0 [0132.061] GetFileType (hFile=0x370) returned 0x1 [0132.061] WriteFile (in: hFile=0x370, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0000f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.062] CloseHandle (hObject=0x370) returned 1 [0132.065] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0132.066] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-94308059b57b3142e455b38a6eb92015"), dwFlags=0x1) returned 1 [0132.114] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0132.114] SetEvent (hEvent=0x148) returned 1 [0132.114] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0132.116] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.117] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0132.117] SetEvent (hEvent=0x148) returned 1 [0132.117] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.123] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.146] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.156] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.167] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.178] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.185] SetEvent (hEvent=0x3c0) returned 1 [0132.185] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.186] SetEvent (hEvent=0x3c0) returned 1 [0132.186] SetEvent (hEvent=0xfc) returned 1 [0132.186] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.187] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.187] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.188] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.188] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.189] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.189] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.189] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.190] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000031818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc000031818*=0x2) returned 1 [0132.191] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.199] SetEvent (hEvent=0xfc) returned 1 [0132.199] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0132.201] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0132.201] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0132.202] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00011bcf4 | out: lpMode=0xc00011bcf4) returned 0 [0132.203] GetFileType (hFile=0x2e8) returned 0x1 [0132.203] GetFileType (hFile=0x2e8) returned 0x1 [0132.203] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc00011bd44 | out: lpFileInformation=0xc00011bd44) returned 1 [0132.204] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc00011bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00011bd28) returned 1 [0132.204] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0132.205] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x852, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc00011bc04*=0x652, lpOverlapped=0x0) returned 1 [0132.207] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000a2652, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2652*, lpNumberOfBytesRead=0xc00011bc04*=0x0, lpOverlapped=0x0) returned 1 [0132.207] CloseHandle (hObject=0x2e8) returned 1 [0132.207] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0132.208] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0132.209] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.219] SetEvent (hEvent=0xc0) returned 1 [0132.219] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0132.220] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852\\*", lpFindFileData=0xc00011ba08 | out: lpFindFileData=0xc00011ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.220] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00011b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.220] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc00011b808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc00011b808*=0xac) returned 1 [0132.222] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.223] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.223] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.223] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0132.224] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00011bd64 | out: lpMode=0xc00011bd64) returned 0 [0132.224] GetFileType (hFile=0x2e8) returned 0x1 [0132.224] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00011bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00011bd4c*=0x158, lpOverlapped=0x0) returned 1 [0132.224] CloseHandle (hObject=0x2e8) returned 1 [0132.225] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwFlags=0x1) returned 1 [0132.275] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0132.275] SetEvent (hEvent=0x320) returned 1 [0132.275] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0132.277] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.278] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0132.278] SetEvent (hEvent=0x320) returned 1 [0132.278] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.283] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.418] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.430] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.440] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.447] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.451] SetEvent (hEvent=0x148) returned 1 [0132.451] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.451] SetEvent (hEvent=0x148) returned 1 [0132.451] SetEvent (hEvent=0x3c0) returned 1 [0132.452] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.452] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.452] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.453] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.453] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000141818, lpReserved=0x0 | out: lpBuffer=0xc00005e018*, lpNumberOfCharsWritten=0xc000141818*=0x2) returned 1 [0132.454] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.459] SetEvent (hEvent=0x3c0) returned 1 [0132.459] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.460] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0132.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0132.461] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000189cf4 | out: lpMode=0xc000189cf4) returned 0 [0132.462] GetFileType (hFile=0x2b4) returned 0x1 [0132.462] GetFileType (hFile=0x2b4) returned 0x1 [0132.462] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc000189d44 | out: lpFileInformation=0xc000189d44) returned 1 [0132.462] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc000189d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000189d28) returned 1 [0132.462] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0132.463] ReadFile (in: hFile=0x2b4, lpBuffer=0xc000060000, nNumberOfBytesToRead=0x7ae, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesRead=0xc000189c04*=0x5ae, lpOverlapped=0x0) returned 1 [0132.465] ReadFile (in: hFile=0x2b4, lpBuffer=0xc0000605ae, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000605ae*, lpNumberOfBytesRead=0xc000189c04*=0x0, lpOverlapped=0x0) returned 1 [0132.465] CloseHandle (hObject=0x2b4) returned 1 [0132.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.474] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC\\*", lpFindFileData=0xc000189a08 | out: lpFindFileData=0xc000189a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.474] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000189720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.474] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000189808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000189808*=0xac) returned 1 [0132.475] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0132.476] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000189d64 | out: lpMode=0xc000189d64) returned 0 [0132.477] GetFileType (hFile=0x370) returned 0x1 [0132.477] WriteFile (in: hFile=0x370, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000189d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000189d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.477] CloseHandle (hObject=0x370) returned 1 [0132.480] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwFlags=0x1) returned 1 [0132.526] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0132.526] SetEvent (hEvent=0xfc) returned 1 [0132.527] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.527] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.527] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0132.527] SetEvent (hEvent=0xfc) returned 1 [0132.528] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.532] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.564] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0132.565] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0132.565] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0132.565] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0132.566] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0132.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0132.567] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000201cf4 | out: lpMode=0xc000201cf4) returned 0 [0132.594] GetFileType (hFile=0x2bc) returned 0x1 [0132.594] GetFileType (hFile=0x2bc) returned 0x1 [0132.594] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000201d44 | out: lpFileInformation=0xc000201d44) returned 1 [0132.594] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000201d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000201d28) returned 1 [0132.594] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000070000, nNumberOfBytesToRead=0x394, lpNumberOfBytesRead=0xc000201c04, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesRead=0xc000201c04*=0x194, lpOverlapped=0x0) returned 1 [0132.595] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000070194, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000201c04, lpOverlapped=0x0 | out: lpBuffer=0xc000070194*, lpNumberOfBytesRead=0xc000201c04*=0x0, lpOverlapped=0x0) returned 1 [0132.595] CloseHandle (hObject=0x2bc) returned 1 [0132.595] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0132.596] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0132.597] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0132.597] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0132.598] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.598] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973\\*", lpFindFileData=0xc000201a08 | out: lpFindFileData=0xc000201a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.598] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0132.599] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000201720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.599] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0132.599] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0132.600] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0132.600] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0132.601] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000243cf4 | out: lpMode=0xc000243cf4) returned 0 [0132.608] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.624] SetEvent (hEvent=0x12c) returned 1 [0132.624] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.668] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwFlags=0x1) returned 1 [0132.670] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0132.670] SetEvent (hEvent=0xfc) returned 1 [0132.670] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0132.672] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.677] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.677] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.678] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0132.678] SetEvent (hEvent=0x3c4) returned 1 [0132.678] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.684] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0132.783] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0132.783] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0132.784] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0132.784] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0132.785] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0132.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0132.786] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000149d64 | out: lpMode=0xc000149d64) returned 0 [0132.797] GetFileType (hFile=0x2e8) returned 0x1 [0132.797] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000149d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000149d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.797] CloseHandle (hObject=0x2e8) returned 1 [0132.849] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0132.850] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0132.851] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-23b523c9e7746f715d33c6527c18eb9d"), dwFlags=0x1) returned 1 [0133.003] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0133.003] SetEvent (hEvent=0x144) returned 1 [0133.003] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0133.005] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.006] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0133.006] SetEvent (hEvent=0x320) returned 1 [0133.006] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.018] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.019] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0133.019] SetEvent (hEvent=0xc0) returned 1 [0133.019] SetEvent (hEvent=0x144) returned 1 [0133.020] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.022] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.022] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0133.022] SetEvent (hEvent=0x320) returned 1 [0133.022] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.031] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.031] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0133.031] SetEvent (hEvent=0x208) returned 1 [0133.032] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.033] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.034] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0133.034] SetEvent (hEvent=0x12c) returned 1 [0133.034] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.036] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.037] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0133.037] SetEvent (hEvent=0xc0) returned 1 [0133.037] SetEvent (hEvent=0x320) returned 1 [0133.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.039] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.039] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0133.039] SetEvent (hEvent=0x13c) returned 1 [0133.039] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.041] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.042] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f698, ulCount=0x10, ulNumEntriesRemoved=0x2c69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f698, ulNumEntriesRemoved=0x2c69f66c) returned 0 [0133.042] SetEvent (hEvent=0x13c) returned 1 [0133.043] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.044] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe08*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.045] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe30*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.046] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c69f6a0, ulNumEntriesRemoved=0x2c69f674) returned 0 [0133.046] SetEvent (hEvent=0x13c) returned 1 [0133.046] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c69fe18*=0x1b4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.047] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.047] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.048] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0133.048] SetEvent (hEvent=0x324) returned 1 [0133.048] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0133.055] SetEvent (hEvent=0x324) returned 1 [0133.055] SetEvent (hEvent=0x13c) returned 1 [0133.055] SetEvent (hEvent=0x334) returned 1 [0133.055] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0133.058] SetEvent (hEvent=0x324) returned 1 [0133.058] SetEvent (hEvent=0x12c) returned 1 [0133.058] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0133.069] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0133.077] SetEvent (hEvent=0x324) returned 1 [0133.077] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0133.079] SetEvent (hEvent=0x324) returned 1 [0133.079] SetEvent (hEvent=0x148) returned 1 [0133.079] SetEvent (hEvent=0x24c) returned 1 [0133.079] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0133.080] SwitchToThread () returned 1 [0133.178] SwitchToThread () returned 1 [0133.179] SetEvent (hEvent=0x324) returned 1 [0133.179] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0133.180] SetEvent (hEvent=0x324) returned 1 [0133.180] SetEvent (hEvent=0x24c) returned 1 [0133.180] VirtualFree (lpAddress=0xc0002ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.181] VirtualFree (lpAddress=0xc0002e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.181] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.182] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000141818, lpReserved=0x0 | out: lpBuffer=0xc000586030*, lpNumberOfCharsWritten=0xc000141818*=0x3) returned 1 [0133.183] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0133.185] SetEvent (hEvent=0x324) returned 1 [0133.185] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000279818, lpReserved=0x0 | out: lpBuffer=0xc0005861a0*, lpNumberOfCharsWritten=0xc000279818*=0x3) returned 1 [0133.188] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001fb818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc0001fb818*=0x3) returned 1 [0133.287] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0141.051] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0141.052] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc00014bcf4 | out: lpMode=0xc00014bcf4) returned 0 [0141.059] GetFileType (hFile=0x2c4) returned 0x1 [0141.059] GetFileType (hFile=0x2c4) returned 0x1 [0141.060] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc00014bd44 | out: lpFileInformation=0xc00014bd44) returned 1 [0141.060] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc00014bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014bd28) returned 1 [0141.060] ReadFile (in: hFile=0x2c4, lpBuffer=0xc000186300, nNumberOfBytesToRead=0x2c4, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000186300*, lpNumberOfBytesRead=0xc00014bc04*=0xc4, lpOverlapped=0x0) returned 1 [0141.061] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0001863c4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001863c4*, lpNumberOfBytesRead=0xc00014bc04*=0x0, lpOverlapped=0x0) returned 1 [0141.061] CloseHandle (hObject=0x2c4) returned 1 [0141.061] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0141.062] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc00014bd04 | out: lpMode=0xc00014bd04) returned 0 [0141.070] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0141.192] SetEvent (hEvent=0x148) returned 1 [0141.192] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0141.193] SetEvent (hEvent=0x3c8) returned 1 [0141.193] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0141.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3U_CJfI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\3u_cjfi.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x348 [0141.461] GetConsoleMode (in: hConsoleHandle=0x348, lpMode=0xc0001afcf4 | out: lpMode=0xc0001afcf4) returned 0 [0141.462] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0141.546] GetFileType (hFile=0x348) returned 0x1 [0141.546] GetFileType (hFile=0x348) returned 0x1 [0141.546] GetFileInformationByHandle (in: hFile=0x348, lpFileInformation=0xc0001afd44 | out: lpFileInformation=0xc0001afd44) returned 1 [0141.546] GetFileInformationByHandleEx (in: hFile=0x348, FileInformationClass=0x9, lpFileInformation=0xc0001afd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001afd28) returned 1 [0141.546] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0141.546] ReadFile (in: hFile=0x348, lpBuffer=0xc00027c000, nNumberOfBytesToRead=0x4ca, lpNumberOfBytesRead=0xc0001afc04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesRead=0xc0001afc04*=0x2ca, lpOverlapped=0x0) returned 1 [0142.528] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0142.840] SetEvent (hEvent=0x144) returned 1 [0142.840] ReadFile (in: hFile=0x348, lpBuffer=0xc00027c2ca, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001afc04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c2ca*, lpNumberOfBytesRead=0xc0001afc04*=0x0, lpOverlapped=0x0) returned 1 [0142.840] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0143.834] CloseHandle (hObject=0x348) returned 1 [0143.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3U_CJfI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\3u_cjfi.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374 [0143.866] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0144.404] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc0001afd04 | out: lpMode=0xc0001afd04) returned 0 [0144.406] GetFileType (hFile=0x374) returned 0x1 [0144.406] WriteFile (in: hFile=0x374, lpBuffer=0xc0006f8300*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0xc0001afcec, lpOverlapped=0x0 | out: lpBuffer=0xc0006f8300*, lpNumberOfBytesWritten=0xc0001afcec*=0x2d0, lpOverlapped=0x0) returned 1 [0144.408] CloseHandle (hObject=0x374) returned 1 [0144.408] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533501 | out: pbBuffer=0xc000533501) returned 1 [0144.408] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3U_CJfI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\3u_cjfi.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374 [0144.408] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc0001afd64 | out: lpMode=0xc0001afd64) returned 0 [0144.416] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0144.953] GetFileType (hFile=0x374) returned 0x1 [0144.953] WriteFile (in: hFile=0x374, lpBuffer=0xc000614000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001afd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614000*, lpNumberOfBytesWritten=0xc0001afd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.954] CloseHandle (hObject=0x374) returned 1 [0144.959] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0145.628] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3U_CJfI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\3u_cjfi.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-3U_CJfI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-3u_cjfi.lnk"), dwFlags=0x1) returned 1 [0148.150] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.155] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.156] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.157] SetEvent (hEvent=0x28c) returned 1 [0148.157] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.158] SetEvent (hEvent=0x28c) returned 1 [0148.158] SetEvent (hEvent=0x43c) returned 1 [0148.158] SetEvent (hEvent=0xac8) returned 1 [0148.158] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.173] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.174] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.176] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.177] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.178] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.179] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.180] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.180] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.181] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.181] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.182] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.182] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.183] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.184] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.184] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.185] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.186] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0148.187] SetEvent (hEvent=0x28c) returned 1 [0148.188] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000533400*, nNumberOfCharsToWrite=0x80, lpNumberOfCharsWritten=0xc0002a1808, lpReserved=0x0 | out: lpBuffer=0xc000533400*, lpNumberOfCharsWritten=0xc0002a1808*=0x80) returned 1 [0148.189] SetEvent (hEvent=0x28c) returned 1 [0148.189] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0148.201] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533501 | out: pbBuffer=0xc000533501) returned 1 [0148.201] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0148.208] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0148.222] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0148.223] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0148.224] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc0002a1d64 | out: lpMode=0xc0002a1d64) returned 0 [0148.226] GetFileType (hFile=0x79c) returned 0x1 [0148.226] WriteFile (in: hFile=0x79c, lpBuffer=0xc0002ec420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ec420*, lpNumberOfBytesWritten=0xc0002a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0149.318] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0149.359] CloseHandle (hObject=0x79c) returned 1 [0149.384] VirtualAlloc (lpAddress=0xc000342000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000342000 [0149.385] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0150.840] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0150.843] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0150.853] SetEvent (hEvent=0xb50) returned 1 [0150.853] SetEvent (hEvent=0xae0) returned 1 [0150.853] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\hPGCgHVp8qAhlLW.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hpgcghvp8qahllw.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-hPGCgHVp8qAhlLW.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-hpgcghvp8qahllw.rtf"), dwFlags=0x1) returned 1 [0153.356] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0153.364] SetEvent (hEvent=0x43c) returned 1 [0153.364] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0153.377] SetEvent (hEvent=0x9a8) returned 1 [0153.377] SetEvent (hEvent=0x208) returned 1 [0153.377] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0154.907] SetEvent (hEvent=0x9f0) returned 1 [0154.907] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x404 [0154.908] GetConsoleMode (in: hConsoleHandle=0x404, lpMode=0xc00027bcf4 | out: lpMode=0xc00027bcf4) returned 0 [0154.919] GetFileType (hFile=0x404) returned 0x1 [0154.919] GetFileType (hFile=0x404) returned 0x1 [0154.919] GetFileInformationByHandle (in: hFile=0x404, lpFileInformation=0xc00027bd44 | out: lpFileInformation=0xc00027bd44) returned 1 [0154.919] GetFileInformationByHandleEx (in: hFile=0x404, FileInformationClass=0x9, lpFileInformation=0xc00027bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027bd28) returned 1 [0154.920] ReadFile (in: hFile=0x404, lpBuffer=0xc00002c000, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c000*, lpNumberOfBytesRead=0xc00027bc04*=0x85, lpOverlapped=0x0) returned 1 [0154.922] ReadFile (in: hFile=0x404, lpBuffer=0xc00002c085, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c085*, lpNumberOfBytesRead=0xc00027bc04*=0x0, lpOverlapped=0x0) returned 1 [0154.922] CloseHandle (hObject=0x404) returned 1 [0154.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0154.924] GetConsoleMode (in: hConsoleHandle=0x404, lpMode=0xc00027bd04 | out: lpMode=0xc00027bd04) returned 0 [0154.939] GetFileType (hFile=0x404) returned 0x1 [0154.940] WriteFile (in: hFile=0x404, lpBuffer=0xc000040000*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc00027bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesWritten=0xc00027bcec*=0x90, lpOverlapped=0x0) returned 1 [0154.946] CloseHandle (hObject=0x404) returned 1 [0154.947] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0154.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0154.947] GetConsoleMode (in: hConsoleHandle=0x404, lpMode=0xc00027bd64 | out: lpMode=0xc00027bd64) returned 0 [0154.952] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0154.999] GetFileType (hFile=0x404) returned 0x1 [0154.999] WriteFile (in: hFile=0x404, lpBuffer=0xc000104000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesWritten=0xc00027bd4c*=0x158, lpOverlapped=0x0) returned 1 [0155.000] CloseHandle (hObject=0x404) returned 1 [0155.000] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft at work.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\encry-Microsoft At Work.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\encry-microsoft at work.url"), dwFlags=0x1) returned 1 [0155.001] SetEvent (hEvent=0xb58) returned 1 [0155.001] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0155.069] SetEvent (hEvent=0x100) returned 1 [0155.069] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0155.207] SetEvent (hEvent=0x9a8) returned 1 [0155.207] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0155.283] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x748 [0155.284] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc000411cf4 | out: lpMode=0xc000411cf4) returned 0 [0155.288] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0155.379] GetFileType (hFile=0x748) returned 0x1 [0155.379] GetFileType (hFile=0x748) returned 0x1 [0155.379] GetFileInformationByHandle (in: hFile=0x748, lpFileInformation=0xc000411d44 | out: lpFileInformation=0xc000411d44) returned 1 [0155.380] GetFileInformationByHandleEx (in: hFile=0x748, FileInformationClass=0x9, lpFileInformation=0xc000411d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000411d28) returned 1 [0155.380] ReadFile (in: hFile=0x748, lpBuffer=0xc0000fe000, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0xc000411c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesRead=0xc000411c04*=0x85, lpOverlapped=0x0) returned 1 [0155.382] ReadFile (in: hFile=0x748, lpBuffer=0xc0000fe085, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000411c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe085*, lpNumberOfBytesRead=0xc000411c04*=0x0, lpOverlapped=0x0) returned 1 [0155.382] CloseHandle (hObject=0x748) returned 1 [0155.382] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0155.384] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0155.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x748 [0155.387] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc000411d04 | out: lpMode=0xc000411d04) returned 0 [0155.389] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0156.013] GetFileType (hFile=0x748) returned 0x1 [0156.013] WriteFile (in: hFile=0x748, lpBuffer=0xc000074090*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc000411cec, lpOverlapped=0x0 | out: lpBuffer=0xc000074090*, lpNumberOfBytesWritten=0xc000411cec*=0x90, lpOverlapped=0x0) returned 1 [0156.015] CloseHandle (hObject=0x748) returned 1 [0156.015] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0156.017] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0156.017] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0156.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x748 [0156.018] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc000411d64 | out: lpMode=0xc000411d64) returned 0 [0156.025] GetFileType (hFile=0x748) returned 0x1 [0156.026] WriteFile (in: hFile=0x748, lpBuffer=0xc000284dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000411d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284dc0*, lpNumberOfBytesWritten=0xc000411d4c*=0x158, lpOverlapped=0x0) returned 1 [0156.026] CloseHandle (hObject=0x748) returned 1 [0156.026] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0156.027] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live mail.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\encry-Windows Live Mail.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\encry-windows live mail.url"), dwFlags=0x1) returned 1 [0156.029] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\ritr.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\ritr.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x748 [0156.029] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc0002cdcf4 | out: lpMode=0xc0002cdcf4) returned 0 [0156.058] GetFileType (hFile=0x748) returned 0x1 [0156.059] GetFileType (hFile=0x748) returned 0x1 [0156.059] GetFileInformationByHandle (in: hFile=0x748, lpFileInformation=0xc0002cdd44 | out: lpFileInformation=0xc0002cdd44) returned 1 [0156.059] GetFileInformationByHandleEx (in: hFile=0x748, FileInformationClass=0x9, lpFileInformation=0xc0002cdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002cdd28) returned 1 [0156.059] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0156.061] VirtualAlloc (lpAddress=0xc000524000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000524000 [0156.065] ReadFile (in: hFile=0x748, lpBuffer=0xc000524000, nNumberOfBytesToRead=0xa627, lpNumberOfBytesRead=0xc0002cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000524000*, lpNumberOfBytesRead=0xc0002cdc04*=0xa427, lpOverlapped=0x0) returned 1 [0156.067] ReadFile (in: hFile=0x748, lpBuffer=0xc00052e427, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00052e427*, lpNumberOfBytesRead=0xc0002cdc04*=0x0, lpOverlapped=0x0) returned 1 [0156.067] CloseHandle (hObject=0x748) returned 1 [0156.067] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0156.069] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0156.070] VirtualAlloc (lpAddress=0xc00056a000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00056a000 [0156.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\ritr.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\ritr.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x748 [0156.076] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc0002cdd04 | out: lpMode=0xc0002cdd04) returned 0 [0156.084] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0156.543] VirtualFree (lpAddress=0xc00058e000, dwSize=0x50000, dwFreeType=0x4000) returned 1 [0156.547] VirtualFree (lpAddress=0xc000542000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0156.550] VirtualFree (lpAddress=0xc000524000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0156.551] VirtualFree (lpAddress=0xc00027c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0156.553] VirtualFree (lpAddress=0xc000232000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0156.554] VirtualFree (lpAddress=0xc000222000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.554] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.555] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.556] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.557] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.558] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.558] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.559] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.560] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.561] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.561] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.562] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.563] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.564] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0156.565] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.565] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.566] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.567] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.567] GetFileType (hFile=0x63c) returned 0x1 [0156.568] WriteFile (in: hFile=0x63c, lpBuffer=0xc0000dc000*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0xc000047cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesWritten=0xc000047cec*=0x4a0, lpOverlapped=0x0) returned 1 [0156.569] CloseHandle (hObject=0x63c) returned 1 [0156.570] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0156.570] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x63c [0156.570] GetConsoleMode (in: hConsoleHandle=0x63c, lpMode=0xc000047d64 | out: lpMode=0xc000047d64) returned 0 [0156.574] GetFileType (hFile=0x63c) returned 0x1 [0156.574] WriteFile (in: hFile=0x63c, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000047d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000047d4c*=0x158, lpOverlapped=0x0) returned 1 [0156.574] CloseHandle (hObject=0x63c) returned 1 [0156.574] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\encry-asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\encry-asdlfk poopvy.contact"), dwFlags=0x1) returned 1 [0156.577] GetFileType (hFile=0x510) returned 0x1 [0156.577] WriteFile (in: hFile=0x510, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000429d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000429d4c*=0x158, lpOverlapped=0x0) returned 1 [0156.577] CloseHandle (hObject=0x510) returned 1 [0156.577] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\encry-MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\encry-msn autos.url"), dwFlags=0x1) returned 1 [0156.579] GetFileType (hFile=0x524) returned 0x1 [0156.579] WriteFile (in: hFile=0x524, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000177d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc000177d4c*=0x158, lpOverlapped=0x0) returned 1 [0156.579] CloseHandle (hObject=0x524) returned 1 [0156.580] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XT0rtZ_l-eS-ZJIBw.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xt0rtz_l-es-zjibw.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-XT0rtZ_l-eS-ZJIBw.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-xt0rtz_l-es-zjibw.flv"), dwFlags=0x1) returned 1 [0156.581] GetFileType (hFile=0x848) returned 0x1 [0156.581] GetFileType (hFile=0x848) returned 0x1 [0156.581] GetFileInformationByHandle (in: hFile=0x848, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0156.582] GetFileInformationByHandleEx (in: hFile=0x848, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0156.582] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0156.584] ReadFile (in: hFile=0x848, lpBuffer=0xc000230000, nNumberOfBytesToRead=0xb6c8, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc000247c04*=0xb4c8, lpOverlapped=0x0) returned 1 [0156.585] ReadFile (in: hFile=0x848, lpBuffer=0xc00023b4c8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc00023b4c8*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0156.585] CloseHandle (hObject=0x848) returned 1 [0156.586] VirtualAlloc (lpAddress=0xc000524000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000524000 [0156.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\x3Tqy 4iwG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\x3tqy 4iwg.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0156.591] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc000247d04 | out: lpMode=0xc000247d04) returned 0 [0156.695] GetFileType (hFile=0x848) returned 0x1 [0156.695] WriteFile (in: hFile=0x848, lpBuffer=0xc000524000*, nNumberOfBytesToWrite=0xb4d0, lpNumberOfBytesWritten=0xc000247cec, lpOverlapped=0x0 | out: lpBuffer=0xc000524000*, lpNumberOfBytesWritten=0xc000247cec*=0xb4d0, lpOverlapped=0x0) returned 1 [0156.699] CloseHandle (hObject=0x848) returned 1 [0156.699] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2f01 | out: pbBuffer=0xc0001c2f01) returned 1 [0156.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\x3Tqy 4iwG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\x3tqy 4iwg.csv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0156.699] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0156.802] SwitchToThread () returned 1 [0156.904] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0156.928] GetFileType (hFile=0x848) returned 0x1 [0156.928] WriteFile (in: hFile=0x848, lpBuffer=0xc000050420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050420*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0156.928] CloseHandle (hObject=0x848) returned 1 [0156.929] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0156.930] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\x3Tqy 4iwG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\x3tqy 4iwg.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\encry-x3Tqy 4iwG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\encry-x3tqy 4iwg.csv"), dwFlags=0x1) returned 1 [0156.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x848 [0156.933] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc00029fcf4 | out: lpMode=0xc00029fcf4) returned 0 [0156.943] GetFileType (hFile=0x848) returned 0x1 [0156.943] GetFileType (hFile=0x848) returned 0x1 [0156.943] GetFileInformationByHandle (in: hFile=0x848, lpFileInformation=0xc00029fd44 | out: lpFileInformation=0xc00029fd44) returned 1 [0156.943] GetFileInformationByHandleEx (in: hFile=0x848, FileInformationClass=0x9, lpFileInformation=0xc00029fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029fd28) returned 1 [0156.943] ReadFile (in: hFile=0x848, lpBuffer=0xc000102000, nNumberOfBytesToRead=0x31a, lpNumberOfBytesRead=0xc00029fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfBytesRead=0xc00029fc04*=0x11a, lpOverlapped=0x0) returned 1 [0156.945] ReadFile (in: hFile=0x848, lpBuffer=0xc00010211a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00010211a*, lpNumberOfBytesRead=0xc00029fc04*=0x0, lpOverlapped=0x0) returned 1 [0156.945] CloseHandle (hObject=0x848) returned 1 [0156.946] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0156.946] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini\\*", lpFindFileData=0xc00029fa08 | out: lpFindFileData=0xc00029fa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0156.946] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00029f720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0157.040] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0157.057] SetEvent (hEvent=0x254) returned 1 [0157.057] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qP7z mewstU.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qp7z mewstu.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0157.058] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000441cf4 | out: lpMode=0xc000441cf4) returned 0 [0157.080] GetFileType (hFile=0x6a4) returned 0x1 [0157.080] GetFileType (hFile=0x6a4) returned 0x1 [0157.080] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc000441d44 | out: lpFileInformation=0xc000441d44) returned 1 [0157.080] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc000441d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000441d28) returned 1 [0157.081] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0157.082] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0157.086] ReadFile (in: hFile=0x6a4, lpBuffer=0xc00058e000, nNumberOfBytesToRead=0xe25e, lpNumberOfBytesRead=0xc000441c04, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesRead=0xc000441c04*=0xe05e, lpOverlapped=0x0) returned 1 [0157.088] ReadFile (in: hFile=0x6a4, lpBuffer=0xc00059c05e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000441c04, lpOverlapped=0x0 | out: lpBuffer=0xc00059c05e*, lpNumberOfBytesRead=0xc000441c04*=0x0, lpOverlapped=0x0) returned 1 [0157.089] CloseHandle (hObject=0x6a4) returned 1 [0157.089] VirtualAlloc (lpAddress=0xc00059e000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00059e000 [0157.097] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qP7z mewstU.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qp7z mewstu.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0157.100] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000441d04 | out: lpMode=0xc000441d04) returned 0 [0157.130] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0157.134] GetFileType (hFile=0x6a4) returned 0x1 [0157.134] WriteFile (in: hFile=0x6a4, lpBuffer=0xc00059e000*, nNumberOfBytesToWrite=0xe060, lpNumberOfBytesWritten=0xc000441cec, lpOverlapped=0x0 | out: lpBuffer=0xc00059e000*, lpNumberOfBytesWritten=0xc000441cec*=0xe060, lpOverlapped=0x0) returned 1 [0157.138] CloseHandle (hObject=0x6a4) returned 1 [0157.138] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2f01 | out: pbBuffer=0xc0001c2f01) returned 1 [0157.138] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0157.140] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qP7z mewstU.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qp7z mewstu.pptx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0157.140] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000441d64 | out: lpMode=0xc000441d64) returned 0 [0157.164] GetFileType (hFile=0x6a4) returned 0x1 [0157.164] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000050000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000441d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesWritten=0xc000441d4c*=0x158, lpOverlapped=0x0) returned 1 [0157.164] CloseHandle (hObject=0x6a4) returned 1 [0157.165] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\qP7z mewstU.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\qp7z mewstu.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-qP7z mewstU.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-qp7z mewstu.pptx"), dwFlags=0x1) returned 1 [0157.167] VirtualFree (lpAddress=0xc000800000, dwSize=0x364000, dwFreeType=0x4000) returned 1 [0157.208] VirtualFree (lpAddress=0xc0006e4000, dwSize=0x11c000, dwFreeType=0x4000) returned 1 [0157.220] VirtualFree (lpAddress=0xc00058e000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0157.222] VirtualFree (lpAddress=0xc000542000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0157.225] VirtualFree (lpAddress=0xc000498000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0157.226] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0157.227] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.228] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.228] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.229] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.230] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\IuZWYjdszrZaN4GI1.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\iuzwyjdszrzan4gi1.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0157.231] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000471cf4 | out: lpMode=0xc000471cf4) returned 0 [0157.233] GetFileType (hFile=0x6a4) returned 0x1 [0157.233] GetFileType (hFile=0x6a4) returned 0x1 [0157.233] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc000471d44 | out: lpFileInformation=0xc000471d44) returned 1 [0157.233] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc000471d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000471d28) returned 1 [0157.233] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0157.234] VirtualAlloc (lpAddress=0xc000498000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0157.237] ReadFile (in: hFile=0x6a4, lpBuffer=0xc000498000, nNumberOfBytesToRead=0x205a, lpNumberOfBytesRead=0xc000471c04, lpOverlapped=0x0 | out: lpBuffer=0xc000498000*, lpNumberOfBytesRead=0xc000471c04*=0x1e5a, lpOverlapped=0x0) returned 1 [0157.280] ReadFile (in: hFile=0x6a4, lpBuffer=0xc000499e5a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000471c04, lpOverlapped=0x0 | out: lpBuffer=0xc000499e5a*, lpNumberOfBytesRead=0xc000471c04*=0x0, lpOverlapped=0x0) returned 1 [0157.280] CloseHandle (hObject=0x6a4) returned 1 [0157.280] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0157.282] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\IuZWYjdszrZaN4GI1.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\iuzwyjdszrzan4gi1.pps"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0157.284] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000471d04 | out: lpMode=0xc000471d04) returned 0 [0157.340] GetFileType (hFile=0x6a4) returned 0x1 [0157.340] WriteFile (in: hFile=0x6a4, lpBuffer=0xc0000f0000*, nNumberOfBytesToWrite=0x1e60, lpNumberOfBytesWritten=0xc000471cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesWritten=0xc000471cec*=0x1e60, lpOverlapped=0x0) returned 1 [0157.342] CloseHandle (hObject=0x6a4) returned 1 [0157.342] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0157.342] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0157.344] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\IuZWYjdszrZaN4GI1.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\iuzwyjdszrzan4gi1.pps"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0157.344] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000471d64 | out: lpMode=0xc000471d64) returned 0 [0157.365] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0157.527] GetFileType (hFile=0x6a4) returned 0x1 [0157.527] WriteFile (in: hFile=0x6a4, lpBuffer=0xc0000506e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000471d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000506e0*, lpNumberOfBytesWritten=0xc000471d4c*=0x158, lpOverlapped=0x0) returned 1 [0157.527] CloseHandle (hObject=0x6a4) returned 1 [0157.527] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\IuZWYjdszrZaN4GI1.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\iuzwyjdszrzan4gi1.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\encry-IuZWYjdszrZaN4GI1.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\encry-iuzwyjdszrzan4gi1.pps"), dwFlags=0x1) returned 1 [0157.529] SwitchToThread () returned 1 [0157.580] SwitchToThread () returned 1 [0157.581] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0157.587] SetEvent (hEvent=0x43c) returned 1 [0157.587] SetEvent (hEvent=0xb58) returned 1 [0157.588] VirtualFree (lpAddress=0xc00059e000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0157.589] VirtualFree (lpAddress=0xc000498000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0157.590] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.591] VirtualFree (lpAddress=0xc000264000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0157.592] VirtualFree (lpAddress=0xc00025e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0157.593] VirtualFree (lpAddress=0xc00025a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.593] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.594] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0157.595] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.596] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.597] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0157.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vHiL hTnat.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vhil htnat.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x728 [0157.597] GetConsoleMode (in: hConsoleHandle=0x728, lpMode=0xc0001dbd64 | out: lpMode=0xc0001dbd64) returned 0 [0157.601] GetFileType (hFile=0x728) returned 0x1 [0157.601] WriteFile (in: hFile=0x728, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0157.601] CloseHandle (hObject=0x728) returned 1 [0157.601] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vHiL hTnat.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vhil htnat.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-vHiL hTnat.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-vhil htnat.png"), dwFlags=0x1) returned 1 [0157.604] GetFileType (hFile=0x36c) returned 0x1 [0157.604] WriteFile (in: hFile=0x36c, lpBuffer=0xc000212000*, nNumberOfBytesToWrite=0x3750, lpNumberOfBytesWritten=0xc0003c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesWritten=0xc0003c7cec*=0x3750, lpOverlapped=0x0) returned 1 [0157.607] CloseHandle (hObject=0x36c) returned 1 [0157.608] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0157.608] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\VevaAlv2kwFWSA56eyl.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\vevaalv2kwfwsa56eyl.swf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0157.608] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0003c7d64 | out: lpMode=0xc0003c7d64) returned 0 [0157.636] GetFileType (hFile=0x36c) returned 0x1 [0157.636] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000d74a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d74a0*, lpNumberOfBytesWritten=0xc0003c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0157.636] CloseHandle (hObject=0x36c) returned 1 [0157.637] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\VevaAlv2kwFWSA56eyl.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\vevaalv2kwfwsa56eyl.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\encry-VevaAlv2kwFWSA56eyl.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\encry-vevaalv2kwfwsa56eyl.swf"), dwFlags=0x1) returned 1 [0157.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeEUqq nGOo.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeeuqq ngoo.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0157.640] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0000c7cf4 | out: lpMode=0xc0000c7cf4) returned 0 [0157.643] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0157.659] SetEvent (hEvent=0x43c) returned 1 [0157.659] GetFileType (hFile=0x36c) returned 0x1 [0157.659] GetFileType (hFile=0x36c) returned 0x1 [0157.659] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0000c7d44 | out: lpFileInformation=0xc0000c7d44) returned 1 [0157.659] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0000c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c7d28) returned 1 [0157.659] VirtualAlloc (lpAddress=0xc0005be000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005be000 [0157.664] ReadFile (in: hFile=0x36c, lpBuffer=0xc0005be000, nNumberOfBytesToRead=0x1152b, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005be000*, lpNumberOfBytesRead=0xc0000c7c04*=0x1132b, lpOverlapped=0x0) returned 1 [0157.667] ReadFile (in: hFile=0x36c, lpBuffer=0xc0005cf32b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005cf32b*, lpNumberOfBytesRead=0xc0000c7c04*=0x0, lpOverlapped=0x0) returned 1 [0157.667] CloseHandle (hObject=0x36c) returned 1 [0157.667] VirtualAlloc (lpAddress=0xc0005d0000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005d0000 [0157.672] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0157.673] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeEUqq nGOo.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeeuqq ngoo.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0157.679] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0000c7d04 | out: lpMode=0xc0000c7d04) returned 0 [0157.685] GetFileType (hFile=0x36c) returned 0x1 [0157.685] WriteFile (in: hFile=0x36c, lpBuffer=0xc0005d0000*, nNumberOfBytesToWrite=0x11330, lpNumberOfBytesWritten=0xc0000c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005d0000*, lpNumberOfBytesWritten=0xc0000c7cec*=0x11330, lpOverlapped=0x0) returned 1 [0157.690] CloseHandle (hObject=0x36c) returned 1 [0157.691] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0157.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeEUqq nGOo.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeeuqq ngoo.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0157.691] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0000c7d64 | out: lpMode=0xc0000c7d64) returned 0 [0157.695] GetFileType (hFile=0x36c) returned 0x1 [0157.695] WriteFile (in: hFile=0x36c, lpBuffer=0xc0002846e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002846e0*, lpNumberOfBytesWritten=0xc0000c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0157.695] CloseHandle (hObject=0x36c) returned 1 [0157.696] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\aeEUqq nGOo.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\aeeuqq ngoo.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-aeEUqq nGOo.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-aeeuqq ngoo.flv"), dwFlags=0x1) returned 1 [0157.699] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0157.706] SetEvent (hEvent=0x43c) returned 1 [0157.706] SetEvent (hEvent=0xb58) returned 1 [0157.706] VirtualFree (lpAddress=0xc00058e000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0157.708] VirtualFree (lpAddress=0xc000542000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0157.711] VirtualFree (lpAddress=0xc000292000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0157.712] VirtualFree (lpAddress=0xc000262000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.713] VirtualFree (lpAddress=0xc000212000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0157.715] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.716] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0157.718] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.718] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.719] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0157.720] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.721] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.722] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.723] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.724] GetFileType (hFile=0x3e0) returned 0x1 [0157.724] GetFileType (hFile=0x3e0) returned 0x1 [0157.724] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc00044bd44 | out: lpFileInformation=0xc00044bd44) returned 1 [0157.725] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc00044bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00044bd28) returned 1 [0157.725] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0157.726] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000058000, nNumberOfBytesToRead=0x392, lpNumberOfBytesRead=0xc00044bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesRead=0xc00044bc04*=0x192, lpOverlapped=0x0) returned 1 [0157.728] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000058192, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00044bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000058192*, lpNumberOfBytesRead=0xc00044bc04*=0x0, lpOverlapped=0x0) returned 1 [0157.728] CloseHandle (hObject=0x3e0) returned 1 [0157.728] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0157.730] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0157.730] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini\\*", lpFindFileData=0xc00044ba08 | out: lpFindFileData=0xc00044ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0157.730] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00044b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0157.730] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\RTEhwpoz7DC1cQI8j.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\rtehwpoz7dc1cqi8j.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0157.732] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc00034dcf4 | out: lpMode=0xc00034dcf4) returned 0 [0157.734] GetFileType (hFile=0x3e0) returned 0x1 [0157.734] GetFileType (hFile=0x3e0) returned 0x1 [0157.734] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc00034dd44 | out: lpFileInformation=0xc00034dd44) returned 1 [0157.734] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc00034dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00034dd28) returned 1 [0157.734] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0157.740] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x6ead, lpNumberOfBytesRead=0xc00034dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc00034dc04*=0x6cad, lpOverlapped=0x0) returned 1 [0157.746] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000218cad, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00034dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000218cad*, lpNumberOfBytesRead=0xc00034dc04*=0x0, lpOverlapped=0x0) returned 1 [0157.746] CloseHandle (hObject=0x3e0) returned 1 [0157.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\RTEhwpoz7DC1cQI8j.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\rtehwpoz7dc1cqi8j.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0157.749] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc00034dd04 | out: lpMode=0xc00034dd04) returned 0 [0157.756] GetFileType (hFile=0x3e0) returned 0x1 [0157.756] WriteFile (in: hFile=0x3e0, lpBuffer=0xc000219000*, nNumberOfBytesToWrite=0x6cb0, lpNumberOfBytesWritten=0xc00034dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000219000*, lpNumberOfBytesWritten=0xc00034dcec*=0x6cb0, lpOverlapped=0x0) returned 1 [0157.759] CloseHandle (hObject=0x3e0) returned 1 [0157.759] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0157.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\RTEhwpoz7DC1cQI8j.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\rtehwpoz7dc1cqi8j.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0157.759] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc00034dd64 | out: lpMode=0xc00034dd64) returned 0 [0157.768] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0157.819] SetEvent (hEvent=0x43c) returned 1 [0157.819] GetFileType (hFile=0x3e0) returned 0x1 [0157.819] WriteFile (in: hFile=0x3e0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00034dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00034dd4c*=0x158, lpOverlapped=0x0) returned 1 [0157.820] CloseHandle (hObject=0x3e0) returned 1 [0157.820] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0157.961] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\RTEhwpoz7DC1cQI8j.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\rtehwpoz7dc1cqi8j.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\encry-RTEhwpoz7DC1cQI8j.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\encry-rtehwpoz7dc1cqi8j.jpg"), dwFlags=0x1) returned 1 [0157.963] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0158.015] SetEvent (hEvent=0x43c) returned 1 [0158.016] SetEvent (hEvent=0x254) returned 1 [0158.016] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0158.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\kEv94GQePX7n.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\kev94gqepx7n.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0158.019] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000355cf4 | out: lpMode=0xc000355cf4) returned 0 [0158.050] GetFileType (hFile=0x6a4) returned 0x1 [0158.050] GetFileType (hFile=0x6a4) returned 0x1 [0158.050] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc000355d44 | out: lpFileInformation=0xc000355d44) returned 1 [0158.050] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc000355d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000355d28) returned 1 [0158.051] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0158.052] ReadFile (in: hFile=0x6a4, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xa900, lpNumberOfBytesRead=0xc000355c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc000355c04*=0xa700, lpOverlapped=0x0) returned 1 [0158.055] ReadFile (in: hFile=0x6a4, lpBuffer=0xc00021c700, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000355c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021c700*, lpNumberOfBytesRead=0xc000355c04*=0x0, lpOverlapped=0x0) returned 1 [0158.055] CloseHandle (hObject=0x6a4) returned 1 [0158.055] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0158.072] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0158.074] VirtualAlloc (lpAddress=0xc000498000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0158.081] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\kEv94GQePX7n.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\kev94gqepx7n.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0158.084] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000355d04 | out: lpMode=0xc000355d04) returned 0 [0158.132] GetFileType (hFile=0x6a4) returned 0x1 [0158.132] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000498000*, nNumberOfBytesToWrite=0xa710, lpNumberOfBytesWritten=0xc000355cec, lpOverlapped=0x0 | out: lpBuffer=0xc000498000*, lpNumberOfBytesWritten=0xc000355cec*=0xa710, lpOverlapped=0x0) returned 1 [0158.142] CloseHandle (hObject=0x6a4) returned 1 [0158.142] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0158.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\kEv94GQePX7n.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\kev94gqepx7n.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0158.143] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000355d64 | out: lpMode=0xc000355d64) returned 0 [0158.153] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0158.195] SetEvent (hEvent=0x43c) returned 1 [0158.195] GetFileType (hFile=0x6a4) returned 0x1 [0158.195] WriteFile (in: hFile=0x6a4, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000355d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc000355d4c*=0x158, lpOverlapped=0x0) returned 1 [0158.195] CloseHandle (hObject=0x6a4) returned 1 [0158.196] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\kEv94GQePX7n.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\kev94gqepx7n.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\encry-kEv94GQePX7n.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\encry-kev94gqepx7n.png"), dwFlags=0x1) returned 1 [0158.198] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0158.336] SetEvent (hEvent=0xb58) returned 1 [0158.336] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\vfJbgc7tLtAOeJn.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vfjbgc7tltaoejn.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0158.338] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc00035dcf4 | out: lpMode=0xc00035dcf4) returned 0 [0158.355] GetFileType (hFile=0x6a4) returned 0x1 [0158.355] GetFileType (hFile=0x6a4) returned 0x1 [0158.355] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc00035dd44 | out: lpFileInformation=0xc00035dd44) returned 1 [0158.355] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc00035dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00035dd28) returned 1 [0158.355] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0158.357] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0158.361] ReadFile (in: hFile=0x6a4, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0xd531, lpNumberOfBytesRead=0xc00035dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc00035dc04*=0xd331, lpOverlapped=0x0) returned 1 [0158.363] ReadFile (in: hFile=0x6a4, lpBuffer=0xc000267331, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00035dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000267331*, lpNumberOfBytesRead=0xc00035dc04*=0x0, lpOverlapped=0x0) returned 1 [0158.363] CloseHandle (hObject=0x6a4) returned 1 [0158.363] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0158.364] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0158.365] VirtualAlloc (lpAddress=0xc000498000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0158.369] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\vfJbgc7tLtAOeJn.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vfjbgc7tltaoejn.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0158.372] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc00035dd04 | out: lpMode=0xc00035dd04) returned 0 [0158.388] GetFileType (hFile=0x6a4) returned 0x1 [0158.388] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000498000*, nNumberOfBytesToWrite=0xd340, lpNumberOfBytesWritten=0xc00035dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000498000*, lpNumberOfBytesWritten=0xc00035dcec*=0xd340, lpOverlapped=0x0) returned 1 [0158.392] CloseHandle (hObject=0x6a4) returned 1 [0158.392] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0301 | out: pbBuffer=0xc0002f0301) returned 1 [0158.392] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0158.394] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0158.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\vfJbgc7tLtAOeJn.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vfjbgc7tltaoejn.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0158.396] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc00035dd64 | out: lpMode=0xc00035dd64) returned 0 [0158.403] GetFileType (hFile=0x6a4) returned 0x1 [0158.403] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000050b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00035dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050b00*, lpNumberOfBytesWritten=0xc00035dd4c*=0x158, lpOverlapped=0x0) returned 1 [0158.403] CloseHandle (hObject=0x6a4) returned 1 [0158.404] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\vfJbgc7tLtAOeJn.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vfjbgc7tltaoejn.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\encry-vfJbgc7tLtAOeJn.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\encry-vfjbgc7tltaoejn.png"), dwFlags=0x1) returned 1 [0158.406] SwitchToThread () returned 1 [0158.437] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0158.476] SetEvent (hEvent=0xb58) returned 1 [0158.476] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\ayjS6X.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\ayjs6x.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0158.477] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000365cf4 | out: lpMode=0xc000365cf4) returned 0 [0158.487] GetFileType (hFile=0x1b0) returned 0x1 [0158.487] GetFileType (hFile=0x1b0) returned 0x1 [0158.487] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000365d44 | out: lpFileInformation=0xc000365d44) returned 1 [0158.487] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000365d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000365d28) returned 1 [0158.488] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0158.489] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0158.493] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000542000, nNumberOfBytesToRead=0x6340, lpNumberOfBytesRead=0xc000365c04, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesRead=0xc000365c04*=0x6140, lpOverlapped=0x0) returned 1 [0158.495] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000548140, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000365c04, lpOverlapped=0x0 | out: lpBuffer=0xc000548140*, lpNumberOfBytesRead=0xc000365c04*=0x0, lpOverlapped=0x0) returned 1 [0158.495] CloseHandle (hObject=0x1b0) returned 1 [0158.495] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0158.497] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\ayjS6X.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\ayjs6x.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0158.499] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000365d04 | out: lpMode=0xc000365d04) returned 0 [0158.535] GetFileType (hFile=0x1b0) returned 0x1 [0158.535] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000548a80*, nNumberOfBytesToWrite=0x6150, lpNumberOfBytesWritten=0xc000365cec, lpOverlapped=0x0 | out: lpBuffer=0xc000548a80*, lpNumberOfBytesWritten=0xc000365cec*=0x6150, lpOverlapped=0x0) returned 1 [0158.538] CloseHandle (hObject=0x1b0) returned 1 [0158.538] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0158.538] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0158.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\ayjS6X.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\ayjs6x.bmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0158.540] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000365d64 | out: lpMode=0xc000365d64) returned 0 [0158.548] GetFileType (hFile=0x1b0) returned 0x1 [0158.548] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0002846e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000365d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002846e0*, lpNumberOfBytesWritten=0xc000365d4c*=0x158, lpOverlapped=0x0) returned 1 [0158.549] CloseHandle (hObject=0x1b0) returned 1 [0158.549] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\ayjS6X.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\ayjs6x.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\encry-ayjS6X.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\encry-ayjs6x.bmp"), dwFlags=0x1) returned 1 [0158.551] SwitchToThread () returned 1 [0158.626] SwitchToThread () returned 1 [0158.631] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0158.642] SetEvent (hEvent=0xb58) returned 1 [0158.642] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0158.643] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YfH6-Fb2pe.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yfh6-fb2pe.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0158.646] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc00036dcf4 | out: lpMode=0xc00036dcf4) returned 0 [0158.660] GetFileType (hFile=0x3e0) returned 0x1 [0158.660] GetFileType (hFile=0x3e0) returned 0x1 [0158.660] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc00036dd44 | out: lpFileInformation=0xc00036dd44) returned 1 [0158.660] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc00036dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00036dd28) returned 1 [0158.660] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0158.661] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0158.663] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000078000, nNumberOfBytesToRead=0x1123, lpNumberOfBytesRead=0xc00036dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000078000*, lpNumberOfBytesRead=0xc00036dc04*=0xf23, lpOverlapped=0x0) returned 1 [0158.665] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000078f23, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00036dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000078f23*, lpNumberOfBytesRead=0xc00036dc04*=0x0, lpOverlapped=0x0) returned 1 [0158.665] CloseHandle (hObject=0x3e0) returned 1 [0158.665] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0158.666] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0158.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YfH6-Fb2pe.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yfh6-fb2pe.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0158.669] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc00036dd04 | out: lpMode=0xc00036dd04) returned 0 [0158.677] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0158.684] GetFileType (hFile=0x3e0) returned 0x1 [0158.684] WriteFile (in: hFile=0x3e0, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0xf30, lpNumberOfBytesWritten=0xc00036dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc00036dcec*=0xf30, lpOverlapped=0x0) returned 1 [0158.686] CloseHandle (hObject=0x3e0) returned 1 [0158.686] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0158.686] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0158.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YfH6-Fb2pe.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yfh6-fb2pe.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0158.688] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc00036dd64 | out: lpMode=0xc00036dd64) returned 0 [0158.692] GetFileType (hFile=0x3e0) returned 0x1 [0158.692] WriteFile (in: hFile=0x3e0, lpBuffer=0xc000050580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00036dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050580*, lpNumberOfBytesWritten=0xc00036dd4c*=0x158, lpOverlapped=0x0) returned 1 [0158.692] CloseHandle (hObject=0x3e0) returned 1 [0158.692] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\YfH6-Fb2pe.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\yfh6-fb2pe.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\encry-YfH6-Fb2pe.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\encry-yfh6-fb2pe.png"), dwFlags=0x1) returned 1 [0158.785] SetEvent (hEvent=0x43c) returned 1 [0158.785] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0158.789] SetEvent (hEvent=0x43c) returned 1 [0158.789] SetEvent (hEvent=0x254) returned 1 [0158.789] VirtualFree (lpAddress=0xc000542000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0158.792] VirtualFree (lpAddress=0xc000498000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0158.793] VirtualFree (lpAddress=0xc000284000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.794] VirtualFree (lpAddress=0xc000212000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0158.796] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.796] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.797] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.798] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.799] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.800] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.800] VirtualFree (lpAddress=0xc000078000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0158.801] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.803] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.803] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\zZGqA7r9Vz.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zzgqa7r9vz.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0158.805] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000369cf4 | out: lpMode=0xc000369cf4) returned 0 [0158.812] GetFileType (hFile=0x6a4) returned 0x1 [0158.812] GetFileType (hFile=0x6a4) returned 0x1 [0158.812] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc000369d44 | out: lpFileInformation=0xc000369d44) returned 1 [0158.812] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc000369d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000369d28) returned 1 [0158.812] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0158.813] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0158.817] ReadFile (in: hFile=0x6a4, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xebec, lpNumberOfBytesRead=0xc000369c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc000369c04*=0xe9ec, lpOverlapped=0x0) returned 1 [0158.820] ReadFile (in: hFile=0x6a4, lpBuffer=0xc0002209ec, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000369c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002209ec*, lpNumberOfBytesRead=0xc000369c04*=0x0, lpOverlapped=0x0) returned 1 [0158.820] CloseHandle (hObject=0x6a4) returned 1 [0158.820] VirtualAlloc (lpAddress=0xc000498000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0158.824] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\zZGqA7r9Vz.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zzgqa7r9vz.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0158.826] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000369d04 | out: lpMode=0xc000369d04) returned 0 [0158.835] GetFileType (hFile=0x6a4) returned 0x1 [0158.835] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000498000*, nNumberOfBytesToWrite=0xe9f0, lpNumberOfBytesWritten=0xc000369cec, lpOverlapped=0x0 | out: lpBuffer=0xc000498000*, lpNumberOfBytesWritten=0xc000369cec*=0xe9f0, lpOverlapped=0x0) returned 1 [0158.838] CloseHandle (hObject=0x6a4) returned 1 [0158.838] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0158.839] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0158.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\zZGqA7r9Vz.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zzgqa7r9vz.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0158.840] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000369d64 | out: lpMode=0xc000369d64) returned 0 [0158.842] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0158.852] GetFileType (hFile=0x6a4) returned 0x1 [0158.853] WriteFile (in: hFile=0x6a4, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000369d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000369d4c*=0x158, lpOverlapped=0x0) returned 1 [0158.853] CloseHandle (hObject=0x6a4) returned 1 [0158.853] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\zZGqA7r9Vz.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\zzgqa7r9vz.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\encry-zZGqA7r9Vz.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\encry-zzgqa7r9vz.jpg"), dwFlags=0x1) returned 1 [0158.916] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0159.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\V7JntJoDcO8ectz.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\v7jntjodco8ectz.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0159.011] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004a9cf4 | out: lpMode=0xc0004a9cf4) returned 0 [0159.055] GetFileType (hFile=0x6a4) returned 0x1 [0159.055] GetFileType (hFile=0x6a4) returned 0x1 [0159.055] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc0004a9d44 | out: lpFileInformation=0xc0004a9d44) returned 1 [0159.056] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc0004a9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004a9d28) returned 1 [0159.056] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0159.057] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0159.061] ReadFile (in: hFile=0x6a4, lpBuffer=0xc000230000, nNumberOfBytesToRead=0xb86f, lpNumberOfBytesRead=0xc0004a9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0004a9c04*=0xb66f, lpOverlapped=0x0) returned 1 [0159.063] ReadFile (in: hFile=0x6a4, lpBuffer=0xc00023b66f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004a9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00023b66f*, lpNumberOfBytesRead=0xc0004a9c04*=0x0, lpOverlapped=0x0) returned 1 [0159.063] CloseHandle (hObject=0x6a4) returned 1 [0159.064] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0159.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\V7JntJoDcO8ectz.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\v7jntjodco8ectz.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0159.069] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004a9d04 | out: lpMode=0xc0004a9d04) returned 0 [0159.071] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0159.113] GetFileType (hFile=0x6a4) returned 0x1 [0159.113] WriteFile (in: hFile=0x6a4, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0xb670, lpNumberOfBytesWritten=0xc0004a9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc0004a9cec*=0xb670, lpOverlapped=0x0) returned 1 [0159.116] CloseHandle (hObject=0x6a4) returned 1 [0159.116] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a101 | out: pbBuffer=0xc00028a101) returned 1 [0159.116] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0159.117] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0159.118] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0159.120] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0159.121] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0159.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\V7JntJoDcO8ectz.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\v7jntjodco8ectz.mp4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0159.122] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004a9d64 | out: lpMode=0xc0004a9d64) returned 0 [0159.126] GetFileType (hFile=0x6a4) returned 0x1 [0159.126] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000104420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004a9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104420*, lpNumberOfBytesWritten=0xc0004a9d4c*=0x158, lpOverlapped=0x0) returned 1 [0159.126] CloseHandle (hObject=0x6a4) returned 1 [0159.127] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\V7JntJoDcO8ectz.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\v7jntjodco8ectz.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\encry-V7JntJoDcO8ectz.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\encry-v7jntjodco8ectz.mp4"), dwFlags=0x1) returned 1 [0159.128] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0159.130] SetEvent (hEvent=0x43c) returned 1 [0159.130] SetEvent (hEvent=0x254) returned 1 [0159.131] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0159.132] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.133] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.134] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.135] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.136] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.137] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YejaMSz7lpMmlIxMVnQ.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\yejamsz7lpmmlixmvnq.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0159.138] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004b7cf4 | out: lpMode=0xc0004b7cf4) returned 0 [0159.142] GetFileType (hFile=0x3e0) returned 0x1 [0159.142] GetFileType (hFile=0x3e0) returned 0x1 [0159.142] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc0004b7d44 | out: lpFileInformation=0xc0004b7d44) returned 1 [0159.142] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc0004b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004b7d28) returned 1 [0159.142] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0159.148] ReadFile (in: hFile=0x3e0, lpBuffer=0xc00058e000, nNumberOfBytesToRead=0x138ae, lpNumberOfBytesRead=0xc0004b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesRead=0xc0004b7c04*=0x136ae, lpOverlapped=0x0) returned 1 [0159.151] ReadFile (in: hFile=0x3e0, lpBuffer=0xc0005a16ae, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005a16ae*, lpNumberOfBytesRead=0xc0004b7c04*=0x0, lpOverlapped=0x0) returned 1 [0159.151] CloseHandle (hObject=0x3e0) returned 1 [0159.151] VirtualAlloc (lpAddress=0xc0005a2000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005a2000 [0159.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YejaMSz7lpMmlIxMVnQ.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\yejamsz7lpmmlixmvnq.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0159.160] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004b7d04 | out: lpMode=0xc0004b7d04) returned 0 [0159.200] GetFileType (hFile=0x3e0) returned 0x1 [0159.200] WriteFile (in: hFile=0x3e0, lpBuffer=0xc0005a2000*, nNumberOfBytesToWrite=0x136b0, lpNumberOfBytesWritten=0xc0004b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005a2000*, lpNumberOfBytesWritten=0xc0004b7cec*=0x136b0, lpOverlapped=0x0) returned 1 [0159.204] CloseHandle (hObject=0x3e0) returned 1 [0159.212] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0159.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YejaMSz7lpMmlIxMVnQ.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\yejamsz7lpmmlixmvnq.swf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0159.212] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004b7d64 | out: lpMode=0xc0004b7d64) returned 0 [0159.214] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0159.228] SetEvent (hEvent=0x43c) returned 1 [0159.228] GetFileType (hFile=0x3e0) returned 0x1 [0159.228] WriteFile (in: hFile=0x3e0, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc0004b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0159.229] CloseHandle (hObject=0x3e0) returned 1 [0159.229] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\YejaMSz7lpMmlIxMVnQ.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\yejamsz7lpmmlixmvnq.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\encry-YejaMSz7lpMmlIxMVnQ.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\encry-yejamsz7lpmmlixmvnq.swf"), dwFlags=0x1) returned 1 [0159.231] SwitchToThread () returned 1 [0159.285] SetEvent (hEvent=0x43c) returned 1 [0159.286] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0159.336] SetEvent (hEvent=0x43c) returned 1 [0159.336] SetEvent (hEvent=0xb58) returned 1 [0159.336] SetEvent (hEvent=0x254) returned 1 [0159.336] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0159.360] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0159.361] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\7QI6ij4UJl4T.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\7qi6ij4ujl4t.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0159.361] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004bfcf4 | out: lpMode=0xc0004bfcf4) returned 0 [0159.388] GetFileType (hFile=0x3e0) returned 0x1 [0159.388] GetFileType (hFile=0x3e0) returned 0x1 [0159.388] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc0004bfd44 | out: lpFileInformation=0xc0004bfd44) returned 1 [0159.389] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc0004bfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004bfd28) returned 1 [0159.389] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0159.393] ReadFile (in: hFile=0x3e0, lpBuffer=0xc00058e000, nNumberOfBytesToRead=0x6783, lpNumberOfBytesRead=0xc0004bfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesRead=0xc0004bfc04*=0x6583, lpOverlapped=0x0) returned 1 [0159.394] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000594583, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004bfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000594583*, lpNumberOfBytesRead=0xc0004bfc04*=0x0, lpOverlapped=0x0) returned 1 [0159.394] CloseHandle (hObject=0x3e0) returned 1 [0159.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\7QI6ij4UJl4T.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\7qi6ij4ujl4t.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0159.397] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004bfd04 | out: lpMode=0xc0004bfd04) returned 0 [0159.406] GetFileType (hFile=0x3e0) returned 0x1 [0159.406] WriteFile (in: hFile=0x3e0, lpBuffer=0xc000594a80*, nNumberOfBytesToWrite=0x6590, lpNumberOfBytesWritten=0xc0004bfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000594a80*, lpNumberOfBytesWritten=0xc0004bfcec*=0x6590, lpOverlapped=0x0) returned 1 [0159.409] CloseHandle (hObject=0x3e0) returned 1 [0159.409] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0159.409] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\7QI6ij4UJl4T.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\7qi6ij4ujl4t.mp4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0159.409] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004bfd64 | out: lpMode=0xc0004bfd64) returned 0 [0159.445] GetFileType (hFile=0x3e0) returned 0x1 [0159.445] WriteFile (in: hFile=0x3e0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004bfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0004bfd4c*=0x158, lpOverlapped=0x0) returned 1 [0159.446] CloseHandle (hObject=0x3e0) returned 1 [0159.446] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0159.447] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\7QI6ij4UJl4T.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\7qi6ij4ujl4t.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\encry-7QI6ij4UJl4T.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\encry-7qi6ij4ujl4t.mp4"), dwFlags=0x1) returned 1 [0159.449] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0159.483] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\Tl6eJPwksSzh4C.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\tl6ejpwksszh4c.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0159.485] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004e1cf4 | out: lpMode=0xc0004e1cf4) returned 0 [0159.522] GetFileType (hFile=0x36c) returned 0x1 [0159.522] GetFileType (hFile=0x36c) returned 0x1 [0159.522] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0004e1d44 | out: lpFileInformation=0xc0004e1d44) returned 1 [0159.522] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0004e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004e1d28) returned 1 [0159.522] VirtualAlloc (lpAddress=0xc000576000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000576000 [0159.526] ReadFile (in: hFile=0x36c, lpBuffer=0xc000576000, nNumberOfBytesToRead=0xca91, lpNumberOfBytesRead=0xc0004e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000576000*, lpNumberOfBytesRead=0xc0004e1c04*=0xc891, lpOverlapped=0x0) returned 1 [0159.530] ReadFile (in: hFile=0x36c, lpBuffer=0xc000582891, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000582891*, lpNumberOfBytesRead=0xc0004e1c04*=0x0, lpOverlapped=0x0) returned 1 [0159.531] CloseHandle (hObject=0x36c) returned 1 [0159.531] VirtualAlloc (lpAddress=0xc0005a2000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005a2000 [0159.534] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\Tl6eJPwksSzh4C.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\tl6ejpwksszh4c.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0159.537] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004e1d04 | out: lpMode=0xc0004e1d04) returned 0 [0159.542] GetFileType (hFile=0x36c) returned 0x1 [0159.542] WriteFile (in: hFile=0x36c, lpBuffer=0xc0005a2000*, nNumberOfBytesToWrite=0xc8a0, lpNumberOfBytesWritten=0xc0004e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005a2000*, lpNumberOfBytesWritten=0xc0004e1cec*=0xc8a0, lpOverlapped=0x0) returned 1 [0159.545] CloseHandle (hObject=0x36c) returned 1 [0159.546] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533701 | out: pbBuffer=0xc000533701) returned 1 [0159.546] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0159.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\Tl6eJPwksSzh4C.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\tl6ejpwksszh4c.mp4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0159.548] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004e1d64 | out: lpMode=0xc0004e1d64) returned 0 [0159.583] SwitchToThread () returned 1 [0159.586] GetFileType (hFile=0x36c) returned 0x1 [0159.586] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc0004e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0159.586] CloseHandle (hObject=0x36c) returned 1 [0159.586] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\Tl6eJPwksSzh4C.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\tl6ejpwksszh4c.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\encry-Tl6eJPwksSzh4C.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\encry-tl6ejpwksszh4c.mp4"), dwFlags=0x1) returned 1 [0159.589] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0159.626] SwitchToThread () returned 1 [0159.633] SetEvent (hEvent=0x43c) returned 1 [0159.633] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0159.636] SetEvent (hEvent=0xb58) returned 1 [0159.636] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0159.653] SwitchToThread () returned 1 [0159.660] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0159.802] SwitchToThread () returned 1 [0159.827] SetEvent (hEvent=0x43c) returned 1 [0159.827] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0159.852] SetEvent (hEvent=0x254) returned 1 [0159.853] SwitchToThread () returned 1 [0159.875] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0159.876] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0159.877] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0159.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\FfgTdr1eaVS eQs.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\ffgtdr1eavs eqs.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0159.880] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004f3cf4 | out: lpMode=0xc0004f3cf4) returned 0 [0159.906] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0159.908] GetFileType (hFile=0x6a4) returned 0x1 [0159.908] GetFileType (hFile=0x6a4) returned 0x1 [0159.908] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc0004f3d44 | out: lpFileInformation=0xc0004f3d44) returned 1 [0159.908] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc0004f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004f3d28) returned 1 [0159.908] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0159.909] VirtualAlloc (lpAddress=0xc0005d6000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005d6000 [0159.915] ReadFile (in: hFile=0x6a4, lpBuffer=0xc0005d6000, nNumberOfBytesToRead=0x1902d, lpNumberOfBytesRead=0xc0004f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005d6000*, lpNumberOfBytesRead=0xc0004f3c04*=0x18e2d, lpOverlapped=0x0) returned 1 [0159.917] ReadFile (in: hFile=0x6a4, lpBuffer=0xc0005eee2d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005eee2d*, lpNumberOfBytesRead=0xc0004f3c04*=0x0, lpOverlapped=0x0) returned 1 [0159.917] CloseHandle (hObject=0x6a4) returned 1 [0159.917] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0159.918] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0159.919] VirtualAlloc (lpAddress=0xc000690000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000690000 [0159.927] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\FfgTdr1eaVS eQs.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\ffgtdr1eavs eqs.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0159.930] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004f3d04 | out: lpMode=0xc0004f3d04) returned 0 [0159.936] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0159.940] GetFileType (hFile=0x6a4) returned 0x1 [0159.940] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0159.963] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000690000*, nNumberOfBytesToWrite=0x18e30, lpNumberOfBytesWritten=0xc0004f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000690000*, lpNumberOfBytesWritten=0xc0004f3cec*=0x18e30, lpOverlapped=0x0) returned 1 [0159.967] CloseHandle (hObject=0x6a4) returned 1 [0159.967] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0159.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\FfgTdr1eaVS eQs.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\ffgtdr1eavs eqs.mkv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0159.968] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004f3d64 | out: lpMode=0xc0004f3d64) returned 0 [0159.996] GetFileType (hFile=0x6a4) returned 0x1 [0159.996] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000104420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104420*, lpNumberOfBytesWritten=0xc0004f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0159.997] CloseHandle (hObject=0x6a4) returned 1 [0159.997] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\FfgTdr1eaVS eQs.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\ffgtdr1eavs eqs.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\encry-FfgTdr1eaVS eQs.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\encry-ffgtdr1eavs eqs.mkv"), dwFlags=0x1) returned 1 [0159.999] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0160.164] SetEvent (hEvent=0x254) returned 1 [0160.164] SwitchToThread () returned 1 [0160.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\hLvshZCB9ciVQ3Z8HyO.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\hlvshzcb9civq3z8hyo.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0160.236] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000505cf4 | out: lpMode=0xc000505cf4) returned 0 [0160.276] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0160.304] GetFileType (hFile=0x36c) returned 0x1 [0160.304] GetFileType (hFile=0x36c) returned 0x1 [0160.304] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc000505d44 | out: lpFileInformation=0xc000505d44) returned 1 [0160.304] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc000505d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000505d28) returned 1 [0160.304] VirtualAlloc (lpAddress=0xc000576000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000576000 [0160.308] ReadFile (in: hFile=0x36c, lpBuffer=0xc000576000, nNumberOfBytesToRead=0xc251, lpNumberOfBytesRead=0xc000505c04, lpOverlapped=0x0 | out: lpBuffer=0xc000576000*, lpNumberOfBytesRead=0xc000505c04*=0xc051, lpOverlapped=0x0) returned 1 [0160.310] ReadFile (in: hFile=0x36c, lpBuffer=0xc000582051, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000505c04, lpOverlapped=0x0 | out: lpBuffer=0xc000582051*, lpNumberOfBytesRead=0xc000505c04*=0x0, lpOverlapped=0x0) returned 1 [0160.310] CloseHandle (hObject=0x36c) returned 1 [0160.310] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0160.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\hLvshZCB9ciVQ3Z8HyO.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\hlvshzcb9civq3z8hyo.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0160.314] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000505d04 | out: lpMode=0xc000505d04) returned 0 [0160.319] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0160.346] GetFileType (hFile=0x36c) returned 0x1 [0160.346] WriteFile (in: hFile=0x36c, lpBuffer=0xc00058e000*, nNumberOfBytesToWrite=0xc060, lpNumberOfBytesWritten=0xc000505cec, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesWritten=0xc000505cec*=0xc060, lpOverlapped=0x0) returned 1 [0160.350] CloseHandle (hObject=0x36c) returned 1 [0160.350] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0160.350] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0160.351] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0160.352] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\hLvshZCB9ciVQ3Z8HyO.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\hlvshzcb9civq3z8hyo.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0160.353] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000505d64 | out: lpMode=0xc000505d64) returned 0 [0160.366] GetFileType (hFile=0x36c) returned 0x1 [0160.366] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000505d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000505d4c*=0x158, lpOverlapped=0x0) returned 1 [0160.367] CloseHandle (hObject=0x36c) returned 1 [0160.367] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0160.368] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\hLvshZCB9ciVQ3Z8HyO.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\hlvshzcb9civq3z8hyo.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\encry-hLvshZCB9ciVQ3Z8HyO.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\encry-hlvshzcb9civq3z8hyo.flv"), dwFlags=0x1) returned 1 [0160.371] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0160.372] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\tCq9.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\tcq9.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0160.373] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000519cf4 | out: lpMode=0xc000519cf4) returned 0 [0160.392] GetFileType (hFile=0x36c) returned 0x1 [0160.392] GetFileType (hFile=0x36c) returned 0x1 [0160.392] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc000519d44 | out: lpFileInformation=0xc000519d44) returned 1 [0160.392] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc000519d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000519d28) returned 1 [0160.392] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0160.396] ReadFile (in: hFile=0x36c, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x102bd, lpNumberOfBytesRead=0xc000519c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc000519c04*=0x100bd, lpOverlapped=0x0) returned 1 [0160.399] ReadFile (in: hFile=0x36c, lpBuffer=0xc0002220bd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000519c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002220bd*, lpNumberOfBytesRead=0xc000519c04*=0x0, lpOverlapped=0x0) returned 1 [0160.399] CloseHandle (hObject=0x36c) returned 1 [0160.399] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0160.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\tCq9.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\tcq9.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0160.404] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000519d04 | out: lpMode=0xc000519d04) returned 0 [0160.413] GetFileType (hFile=0x36c) returned 0x1 [0160.413] WriteFile (in: hFile=0x36c, lpBuffer=0xc000542000*, nNumberOfBytesToWrite=0x100c0, lpNumberOfBytesWritten=0xc000519cec, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesWritten=0xc000519cec*=0x100c0, lpOverlapped=0x0) returned 1 [0160.417] CloseHandle (hObject=0x36c) returned 1 [0160.418] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0160.418] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\tCq9.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\tcq9.mp4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0160.418] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000519d64 | out: lpMode=0xc000519d64) returned 0 [0160.492] SwitchToThread () returned 1 [0160.496] GetFileType (hFile=0x36c) returned 0x1 [0160.496] WriteFile (in: hFile=0x36c, lpBuffer=0xc000050420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000519d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050420*, lpNumberOfBytesWritten=0xc000519d4c*=0x158, lpOverlapped=0x0) returned 1 [0160.496] CloseHandle (hObject=0x36c) returned 1 [0160.496] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\tCq9.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\tcq9.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\encry-tCq9.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\encry-tcq9.mp4"), dwFlags=0x1) returned 1 [0160.499] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0160.520] SetEvent (hEvent=0xc64) returned 1 [0160.520] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0160.521] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0160.522] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Sg8J.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sg8j.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0160.523] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0000c3cf4 | out: lpMode=0xc0000c3cf4) returned 0 [0160.566] GetFileType (hFile=0x3e0) returned 0x1 [0160.566] GetFileType (hFile=0x3e0) returned 0x1 [0160.566] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc0000c3d44 | out: lpFileInformation=0xc0000c3d44) returned 1 [0160.566] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc0000c3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c3d28) returned 1 [0160.566] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0160.568] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0160.572] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x9e76, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0000c3c04*=0x9c76, lpOverlapped=0x0) returned 1 [0160.574] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000239c76, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000239c76*, lpNumberOfBytesRead=0xc0000c3c04*=0x0, lpOverlapped=0x0) returned 1 [0160.574] CloseHandle (hObject=0x3e0) returned 1 [0160.575] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0160.578] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Sg8J.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sg8j.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0160.580] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0000c3d04 | out: lpMode=0xc0000c3d04) returned 0 [0160.589] GetFileType (hFile=0x3e0) returned 0x1 [0160.589] WriteFile (in: hFile=0x3e0, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x9c80, lpNumberOfBytesWritten=0xc0000c3cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc0000c3cec*=0x9c80, lpOverlapped=0x0) returned 1 [0160.593] CloseHandle (hObject=0x3e0) returned 1 [0160.594] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0160.594] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0160.595] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0160.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Sg8J.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sg8j.m4a"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0160.597] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0000c3d64 | out: lpMode=0xc0000c3d64) returned 0 [0160.599] GetFileType (hFile=0x3e0) returned 0x1 [0160.599] WriteFile (in: hFile=0x3e0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0000c3d4c*=0x158, lpOverlapped=0x0) returned 1 [0160.599] CloseHandle (hObject=0x3e0) returned 1 [0160.600] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0160.602] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Sg8J.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sg8j.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-Sg8J.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-sg8j.m4a"), dwFlags=0x1) returned 1 [0160.604] SwitchToThread () returned 1 [0160.625] SetEvent (hEvent=0xb58) returned 1 [0160.625] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0160.627] SetEvent (hEvent=0xb58) returned 1 [0160.627] SetEvent (hEvent=0x9e8) returned 1 [0160.627] SetEvent (hEvent=0x43c) returned 1 [0160.628] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0160.649] SwitchToThread () returned 1 [0160.683] SetEvent (hEvent=0xb58) returned 1 [0160.683] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0160.687] SetEvent (hEvent=0x9e8) returned 1 [0160.688] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0160.695] SwitchToThread () returned 1 [0160.721] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0160.726] SetEvent (hEvent=0x9e8) returned 1 [0160.727] VirtualFree (lpAddress=0xc00058e000, dwSize=0x26000, dwFreeType=0x4000) returned 1 [0160.729] VirtualFree (lpAddress=0xc000554000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0160.731] VirtualFree (lpAddress=0xc00025a000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0160.732] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.733] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.734] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.734] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0160.735] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.736] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.736] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.737] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\CyAhUxZ0u2J2NUf.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\cyahuxz0u2j2nuf.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0160.739] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000303cf4 | out: lpMode=0xc000303cf4) returned 0 [0160.749] GetFileType (hFile=0x3e0) returned 0x1 [0160.749] GetFileType (hFile=0x3e0) returned 0x1 [0160.749] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc000303d44 | out: lpFileInformation=0xc000303d44) returned 1 [0160.749] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc000303d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000303d28) returned 1 [0160.749] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0160.753] ReadFile (in: hFile=0x3e0, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0xd814, lpNumberOfBytesRead=0xc000303c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc000303c04*=0xd614, lpOverlapped=0x0) returned 1 [0160.755] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000267614, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000303c04, lpOverlapped=0x0 | out: lpBuffer=0xc000267614*, lpNumberOfBytesRead=0xc000303c04*=0x0, lpOverlapped=0x0) returned 1 [0160.755] CloseHandle (hObject=0x3e0) returned 1 [0160.755] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0160.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\CyAhUxZ0u2J2NUf.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\cyahuxz0u2j2nuf.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0160.762] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000303d04 | out: lpMode=0xc000303d04) returned 0 [0160.789] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0160.793] GetFileType (hFile=0x3e0) returned 0x1 [0160.793] WriteFile (in: hFile=0x3e0, lpBuffer=0xc0002b4000*, nNumberOfBytesToWrite=0xd620, lpNumberOfBytesWritten=0xc000303cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b4000*, lpNumberOfBytesWritten=0xc000303cec*=0xd620, lpOverlapped=0x0) returned 1 [0160.797] CloseHandle (hObject=0x3e0) returned 1 [0160.797] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0301 | out: pbBuffer=0xc0002f0301) returned 1 [0160.797] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0160.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\CyAhUxZ0u2J2NUf.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\cyahuxz0u2j2nuf.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0160.799] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000303d64 | out: lpMode=0xc000303d64) returned 0 [0160.814] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0160.819] GetFileType (hFile=0x3e0) returned 0x1 [0160.820] WriteFile (in: hFile=0x3e0, lpBuffer=0xc000050000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000303d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesWritten=0xc000303d4c*=0x158, lpOverlapped=0x0) returned 1 [0160.820] CloseHandle (hObject=0x3e0) returned 1 [0160.820] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\CyAhUxZ0u2J2NUf.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\cyahuxz0u2j2nuf.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\encry-CyAhUxZ0u2J2NUf.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\encry-cyahuxz0u2j2nuf.jpg"), dwFlags=0x1) returned 1 [0160.822] SetEvent (hEvent=0x43c) returned 1 [0160.822] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0160.850] SetEvent (hEvent=0xa8) returned 1 [0160.850] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0160.855] SetEvent (hEvent=0x43c) returned 1 [0160.855] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0160.907] SetEvent (hEvent=0x9e8) returned 1 [0160.907] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0160.996] SwitchToThread () returned 1 [0161.020] SetEvent (hEvent=0x9e8) returned 1 [0161.020] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0161.025] SetEvent (hEvent=0xa8) returned 1 [0161.025] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0161.041] SwitchToThread () returned 1 [0161.093] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0161.157] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0161.158] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060000*, nNumberOfCharsToWrite=0x52, lpNumberOfCharsWritten=0xc00022d808, lpReserved=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfCharsWritten=0xc00022d808*=0x52) returned 1 [0161.164] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0161.165] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0161.166] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0161.167] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0161.168] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x704 [0162.065] GetConsoleMode (in: hConsoleHandle=0x704, lpMode=0xc00022dd64 | out: lpMode=0xc00022dd64) returned 0 [0162.413] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0162.598] SetEvent (hEvent=0x9e8) returned 1 [0162.599] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0163.503] WriteFile (in: hFile=0x7c4, lpBuffer=0xc00061e000*, nNumberOfBytesToWrite=0x18a20, lpNumberOfBytesWritten=0xc000069cec, lpOverlapped=0x0 | out: lpBuffer=0xc00061e000*, lpNumberOfBytesWritten=0xc000069cec*=0x18a20, lpOverlapped=0x0) returned 1 [0166.354] CloseHandle (hObject=0x7c4) returned 1 [0166.708] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0166.837] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3301 | out: pbBuffer=0xc0001c3301) returned 1 [0166.837] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\4R9tZtrZGT_1B.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\4r9tztrzgt_1b.bmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8 [0166.858] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc000069d64 | out: lpMode=0xc000069d64) returned 0 [0166.868] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) returned 0x0 [0167.000] GetFileType (hFile=0x4d8) returned 0x1 [0167.000] WriteFile (in: hFile=0x4d8, lpBuffer=0xc0000c2000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000069d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000c2000*, lpNumberOfBytesWritten=0xc000069d4c*=0x158, lpOverlapped=0x0) returned 1 [0167.000] CloseHandle (hObject=0x4d8) returned 1 [0167.001] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0167.002] VirtualAlloc (lpAddress=0xc0002da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002da000 [0167.003] VirtualAlloc (lpAddress=0xc0002dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002dc000 [0167.004] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\4R9tZtrZGT_1B.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\4r9tztrzgt_1b.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\encry-4R9tZtrZGT_1B.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\encry-4r9tztrzgt_1b.bmp"), dwFlags=0x1) returned 1 [0167.397] WaitForSingleObject (hHandle=0x1b4, dwMilliseconds=0xffffffff) Thread: id = 47 os_tid = 0xb40 [0116.127] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2c89fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2c89fea0*=0x300) returned 1 [0116.127] VirtualQuery (in: lpAddress=0x2c89fec0, lpBuffer=0x2c89fec0, dwLength=0x30 | out: lpBuffer=0x2c89fec0*(BaseAddress=0x2c89f000, AllocationBase=0x2c6a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.127] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x304 [0116.127] GetConsoleMode (in: hConsoleHandle=0x304, lpMode=0xc00013fcf4 | out: lpMode=0xc00013fcf4) returned 0 [0116.128] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x30c [0116.128] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x310 [0116.128] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0116.195] VirtualFree (lpAddress=0xc0003f6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0116.196] VirtualFree (lpAddress=0xc0003d4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.196] VirtualFree (lpAddress=0xc0003cc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.197] VirtualFree (lpAddress=0xc000354000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0116.197] VirtualFree (lpAddress=0xc000324000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0116.198] VirtualFree (lpAddress=0xc000314000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.198] VirtualFree (lpAddress=0xc0002f2000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0116.199] VirtualFree (lpAddress=0xc0002e4000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0116.199] VirtualFree (lpAddress=0xc0002ce000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.200] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.200] VirtualFree (lpAddress=0xc0002bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.201] VirtualFree (lpAddress=0xc0002b8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.201] VirtualFree (lpAddress=0xc000298000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.201] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.202] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.202] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.202] VirtualFree (lpAddress=0xc000212000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.203] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0116.203] SetEvent (hEvent=0x120) returned 1 [0116.203] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0116.288] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0116.434] GetConsoleMode (in: hConsoleHandle=0x228, lpMode=0xc00018dd04 | out: lpMode=0xc00018dd04) returned 0 [0116.436] GetFileType (hFile=0x228) returned 0x1 [0116.436] WriteFile (in: hFile=0x228, lpBuffer=0xc00016cb40*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0xc00018dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00016cb40*, lpNumberOfBytesWritten=0xc00018dcec*=0x210, lpOverlapped=0x0) returned 1 [0116.437] CloseHandle (hObject=0x228) returned 1 [0116.439] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0301 | out: pbBuffer=0xc0000e0301) returned 1 [0116.439] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0116.440] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0116.441] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0116.441] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0116.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0116.442] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc00018dd64 | out: lpMode=0xc00018dd64) returned 0 [0116.442] GetFileType (hFile=0x3bc) returned 0x1 [0116.442] WriteFile (in: hFile=0x3bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00018dd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.442] CloseHandle (hObject=0x3bc) returned 1 [0116.446] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AA61ILp[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aa61ilp[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-AA61ILp[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-aa61ilp[2].png"), dwFlags=0x1) returned 1 [0117.141] SwitchToThread () returned 1 [0117.143] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0117.344] SetEvent (hEvent=0x340) returned 1 [0117.344] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0117.347] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MSNIdSync[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\msnidsync[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0117.348] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc00018bcf4 | out: lpMode=0xc00018bcf4) returned 0 [0117.349] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0117.383] GetFileType (hFile=0x23c) returned 0x1 [0117.383] GetFileType (hFile=0x23c) returned 0x1 [0117.383] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc00018bd44 | out: lpFileInformation=0xc00018bd44) returned 1 [0117.383] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc00018bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018bd28) returned 1 [0117.383] VirtualAlloc (lpAddress=0xc000380000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000380000 [0117.384] ReadFile (in: hFile=0x23c, lpBuffer=0xc000380000, nNumberOfBytesToRead=0x10c5, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000380000*, lpNumberOfBytesRead=0xc00018bc04*=0xec5, lpOverlapped=0x0) returned 1 [0117.394] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0117.587] ReadFile (in: hFile=0x23c, lpBuffer=0xc000380ec5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000380ec5*, lpNumberOfBytesRead=0xc00018bc04*=0x0, lpOverlapped=0x0) returned 1 [0117.587] CloseHandle (hObject=0x23c) returned 1 [0117.587] VirtualAlloc (lpAddress=0xc0003f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f2000 [0117.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MSNIdSync[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\msnidsync[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0117.754] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0117.768] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc00018bd04 | out: lpMode=0xc00018bd04) returned 0 [0117.768] SetEvent (hEvent=0x144) returned 1 [0117.768] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0117.839] SetEvent (hEvent=0x144) returned 1 [0117.839] SetEvent (hEvent=0x1dc) returned 1 [0117.839] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0117.839] SetEvent (hEvent=0x144) returned 1 [0117.840] SwitchToThread () returned 1 [0117.840] SetEvent (hEvent=0x144) returned 1 [0117.840] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0117.842] SetEvent (hEvent=0x144) returned 1 [0117.842] SetEvent (hEvent=0x1dc) returned 1 [0117.842] VirtualFree (lpAddress=0xc00058e000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0117.843] VirtualFree (lpAddress=0xc000588000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.843] VirtualFree (lpAddress=0xc000542000, dwSize=0x40000, dwFreeType=0x4000) returned 1 [0117.845] VirtualFree (lpAddress=0xc000514000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0117.846] VirtualFree (lpAddress=0xc000500000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0117.846] VirtualFree (lpAddress=0xc0004fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0117.846] VirtualFree (lpAddress=0xc0004e0000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0117.847] VirtualFree (lpAddress=0xc0004d2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0117.848] VirtualFree (lpAddress=0xc000400000, dwSize=0xd0000, dwFreeType=0x4000) returned 1 [0117.853] VirtualFree (lpAddress=0xc0003f2000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0117.853] VirtualFree (lpAddress=0xc0003d8000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0117.854] VirtualFree (lpAddress=0xc0003d4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.854] VirtualFree (lpAddress=0xc0003cc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0117.854] VirtualFree (lpAddress=0xc000380000, dwSize=0x4a000, dwFreeType=0x4000) returned 1 [0117.856] VirtualFree (lpAddress=0xc00037a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0117.856] VirtualFree (lpAddress=0xc000370000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0117.857] VirtualFree (lpAddress=0xc000346000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0117.858] VirtualFree (lpAddress=0xc000342000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.858] VirtualFree (lpAddress=0xc00033c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0117.859] VirtualFree (lpAddress=0xc00031c000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0117.859] VirtualFree (lpAddress=0xc0002f2000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0117.861] VirtualFree (lpAddress=0xc0002e2000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0117.861] VirtualFree (lpAddress=0xc0002ca000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0117.862] VirtualFree (lpAddress=0xc0002c6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.862] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x1e000, dwFreeType=0x4000) returned 1 [0117.863] VirtualFree (lpAddress=0xc000292000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0117.864] VirtualFree (lpAddress=0xc00027c000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0117.864] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.865] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0117.865] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0117.866] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.866] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0117.867] VirtualFree (lpAddress=0xc000222000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0117.867] VirtualFree (lpAddress=0xc000212000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0117.867] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0117.868] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0117.868] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.868] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.868] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.869] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.869] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0117.869] VirtualFree (lpAddress=0xc000160000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0117.870] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0117.870] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.870] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0117.871] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.871] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.871] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0117.872] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.872] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.872] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0117.873] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.873] VirtualFree (lpAddress=0xc00007a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0117.873] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.873] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc00023f818*=0x3) returned 1 [0117.933] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0117.941] VirtualAlloc (lpAddress=0xc0004fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004fe000 [0117.942] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0117.944] SetEvent (hEvent=0x144) returned 1 [0117.944] SetEvent (hEvent=0x1dc) returned 1 [0117.944] SetEvent (hEvent=0x264) returned 1 [0117.944] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0117.947] VirtualFree (lpAddress=0xc0002ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.948] VirtualFree (lpAddress=0xc00029a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.948] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.949] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.950] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.951] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.951] VirtualFree (lpAddress=0xc00006a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0117.951] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.952] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.952] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000045818, lpReserved=0x0 | out: lpBuffer=0xc000072008*, lpNumberOfCharsWritten=0xc000045818*=0x3) returned 1 [0117.955] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000ee000*, nNumberOfCharsToWrite=0x94, lpNumberOfCharsWritten=0xc000211808, lpReserved=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfCharsWritten=0xc000211808*=0x94) returned 1 [0117.958] VirtualAlloc (lpAddress=0xc00058a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058a000 [0117.958] VirtualAlloc (lpAddress=0xc0005bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005bc000 [0117.959] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0117.959] VirtualAlloc (lpAddress=0xc0005be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005be000 [0117.960] VirtualAlloc (lpAddress=0xc0005c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005c0000 [0117.960] VirtualAlloc (lpAddress=0xc0005c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005c2000 [0117.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0117.961] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000211d64 | out: lpMode=0xc000211d64) returned 0 [0117.962] GetFileType (hFile=0x3d8) returned 0x1 [0117.962] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000211d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000211d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.963] CloseHandle (hObject=0x3d8) returned 1 [0117.966] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0118.573] SetEvent (hEvent=0x264) returned 1 [0118.573] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0118.734] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x254 [0118.734] GetConsoleMode (in: hConsoleHandle=0x254, lpMode=0xc00004bcf4 | out: lpMode=0xc00004bcf4) returned 0 [0118.739] GetFileType (hFile=0x254) returned 0x1 [0118.739] GetFileType (hFile=0x254) returned 0x1 [0118.739] GetFileInformationByHandle (in: hFile=0x254, lpFileInformation=0xc00004bd44 | out: lpFileInformation=0xc00004bd44) returned 1 [0118.739] GetFileInformationByHandleEx (in: hFile=0x254, FileInformationClass=0x9, lpFileInformation=0xc00004bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00004bd28) returned 1 [0118.739] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0118.740] ReadFile (in: hFile=0x254, lpBuffer=0xc00010c000, nNumberOfBytesToRead=0x39e, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00010c000*, lpNumberOfBytesRead=0xc00004bc04*=0x19e, lpOverlapped=0x0) returned 1 [0118.748] ReadFile (in: hFile=0x254, lpBuffer=0xc00010c19e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00010c19e*, lpNumberOfBytesRead=0xc00004bc04*=0x0, lpOverlapped=0x0) returned 1 [0118.748] CloseHandle (hObject=0x254) returned 1 [0118.748] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0118.749] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0118.749] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0118.749] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0118.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x254 [0118.751] GetConsoleMode (in: hConsoleHandle=0x254, lpMode=0xc00004bd04 | out: lpMode=0xc00004bd04) returned 0 [0118.752] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0118.848] SetEvent (hEvent=0x364) returned 1 [0118.848] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0118.849] SetEvent (hEvent=0x2a8) returned 1 [0118.850] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0118.856] SetEvent (hEvent=0x114) returned 1 [0118.857] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0118.868] SetEvent (hEvent=0x1f8) returned 1 [0118.868] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0118.886] SetEvent (hEvent=0x1e8) returned 1 [0118.886] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0118.905] SetEvent (hEvent=0x208) returned 1 [0118.905] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0118.907] SetEvent (hEvent=0x208) returned 1 [0118.907] SetEvent (hEvent=0x35c) returned 1 [0118.907] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0118.924] SetEvent (hEvent=0x208) returned 1 [0118.924] SetEvent (hEvent=0x354) returned 1 [0118.925] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0118.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x22c [0118.931] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc000253cf4 | out: lpMode=0xc000253cf4) returned 0 [0118.938] GetFileType (hFile=0x22c) returned 0x1 [0118.938] GetFileType (hFile=0x22c) returned 0x1 [0118.938] GetFileInformationByHandle (in: hFile=0x22c, lpFileInformation=0xc000253d44 | out: lpFileInformation=0xc000253d44) returned 1 [0118.938] GetFileInformationByHandleEx (in: hFile=0x22c, FileInformationClass=0x9, lpFileInformation=0xc000253d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000253d28) returned 1 [0118.939] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0118.939] ReadFile (in: hFile=0x22c, lpBuffer=0xc0000be000, nNumberOfBytesToRead=0x345, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfBytesRead=0xc000253c04*=0x145, lpOverlapped=0x0) returned 1 [0118.950] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0119.049] ReadFile (in: hFile=0x22c, lpBuffer=0xc0000be145, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000be145*, lpNumberOfBytesRead=0xc000253c04*=0x0, lpOverlapped=0x0) returned 1 [0119.049] CloseHandle (hObject=0x22c) returned 1 [0119.049] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0119.050] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0119.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0119.087] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000253d04 | out: lpMode=0xc000253d04) returned 0 [0119.088] GetFileType (hFile=0x1b0) returned 0x1 [0119.088] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000bcf20*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0xc000253cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000bcf20*, lpNumberOfBytesWritten=0xc000253cec*=0x150, lpOverlapped=0x0) returned 1 [0119.089] CloseHandle (hObject=0x1b0) returned 1 [0119.098] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0119.138] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a301 | out: pbBuffer=0xc00031a301) returned 1 [0119.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0119.139] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc000253d64 | out: lpMode=0xc000253d64) returned 0 [0119.139] GetFileType (hFile=0x308) returned 0x1 [0119.139] WriteFile (in: hFile=0x308, lpBuffer=0xc0001c0580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000253d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0580*, lpNumberOfBytesWritten=0xc000253d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.140] CloseHandle (hObject=0x308) returned 1 [0119.143] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BB56XTo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bb56xto[1].png"), dwFlags=0x1) returned 1 [0119.572] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f698, ulCount=0x10, ulNumEntriesRemoved=0x2c89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f698, ulNumEntriesRemoved=0x2c89f66c) returned 0 [0119.572] SetEvent (hEvent=0x29c) returned 1 [0119.572] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.573] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f6a0, ulNumEntriesRemoved=0x2c89f674) returned 0 [0119.573] SetEvent (hEvent=0x29c) returned 1 [0119.573] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe18*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.671] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe30*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0119.672] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe30*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0119.673] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0119.673] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f698, ulCount=0x10, ulNumEntriesRemoved=0x2c89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f698, ulNumEntriesRemoved=0x2c89f66c) returned 0 [0119.674] SetEvent (hEvent=0xc0) returned 1 [0119.674] SetEvent (hEvent=0x334) returned 1 [0119.674] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.675] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.676] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f6a0, ulNumEntriesRemoved=0x2c89f674) returned 0 [0119.676] SetEvent (hEvent=0x354) returned 1 [0119.676] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe18*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.678] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe30*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.678] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f698, ulCount=0x10, ulNumEntriesRemoved=0x2c89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f698, ulNumEntriesRemoved=0x2c89f66c) returned 0 [0119.678] SetEvent (hEvent=0x354) returned 1 [0119.679] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.679] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.776] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe30*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0119.777] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0119.777] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f6a0, ulNumEntriesRemoved=0x2c89f674) returned 0 [0119.777] SetEvent (hEvent=0xc0) returned 1 [0119.777] SetEvent (hEvent=0x144) returned 1 [0119.777] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe18*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0119.779] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0119.779] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe30*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.780] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f698, ulCount=0x10, ulNumEntriesRemoved=0x2c89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f698, ulNumEntriesRemoved=0x2c89f66c) returned 0 [0119.780] SetEvent (hEvent=0x320) returned 1 [0119.780] SetEvent (hEvent=0x24c) returned 1 [0119.780] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.782] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.882] SwitchToThread () returned 1 [0119.885] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f6a0, ulNumEntriesRemoved=0x2c89f674) returned 0 [0119.885] SetEvent (hEvent=0x144) returned 1 [0119.885] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe18*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0119.887] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0119.887] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe30*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.888] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f698, ulCount=0x10, ulNumEntriesRemoved=0x2c89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f698, ulNumEntriesRemoved=0x2c89f66c) returned 0 [0119.888] SetEvent (hEvent=0xc0) returned 1 [0119.888] SetEvent (hEvent=0xec) returned 1 [0119.889] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0119.890] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0119.890] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.891] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe30*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.892] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f6a0, ulNumEntriesRemoved=0x2c89f674) returned 0 [0119.892] SetEvent (hEvent=0x3c4) returned 1 [0119.892] SetEvent (hEvent=0x324) returned 1 [0119.893] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe18*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.894] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe30*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.895] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f698, ulCount=0x10, ulNumEntriesRemoved=0x2c89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f698, ulNumEntriesRemoved=0x2c89f66c) returned 0 [0119.895] SetEvent (hEvent=0x324) returned 1 [0119.896] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.896] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.898] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f6a0, ulNumEntriesRemoved=0x2c89f674) returned 0 [0119.898] SetEvent (hEvent=0x12c) returned 1 [0119.898] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe18*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.901] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe30*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.902] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f698, ulCount=0x10, ulNumEntriesRemoved=0x2c89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f698, ulNumEntriesRemoved=0x2c89f66c) returned 0 [0119.902] SetEvent (hEvent=0x12c) returned 1 [0119.902] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.903] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.905] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe30*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.906] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f6a0, ulNumEntriesRemoved=0x2c89f674) returned 0 [0119.906] SetEvent (hEvent=0xc0) returned 1 [0119.906] SetEvent (hEvent=0x39c) returned 1 [0119.906] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe18*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.907] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0119.908] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEdrqt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbedrqt[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458a2cf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2fe3)) returned 1 [0119.915] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0119.916] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeEwt[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeewt[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459ad690, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x857)) returned 1 [0119.923] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0119.925] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0119.926] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeKvV[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeekvv[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a1fab0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8c5)) returned 1 [0119.926] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeNd8[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeend8[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a91ed0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a91ed0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xef00)) returned 1 [0119.926] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45987530, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x9d7)) returned 1 [0119.926] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeis3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeeis3[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4593b270, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4593b270, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4593b270, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x7d9)) returned 1 [0119.926] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3323)) returned 1 [0119.927] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEf6s4[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbef6s4[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2d32)) returned 1 [0119.927] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b2a450, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b2a450, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b2a450, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x85d)) returned 1 [0119.927] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRKA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrka[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45915110, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2978)) returned 1 [0119.927] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457721f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2b6c)) returned 1 [0119.928] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfY4X[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefy4x[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45856a30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xb41)) returned 1 [0119.928] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfgDi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefgdi[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45510bf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45510bf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45510bf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x197c)) returned 1 [0119.929] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xb7e)) returned 1 [0119.929] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfkgi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefkgi[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457be4b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457be4b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457be4b0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1b14)) returned 1 [0119.929] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45478670, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45478670, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45478670, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2676)) returned 1 [0119.929] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgD9f[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegd9f[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x25f6)) returned 1 [0119.929] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x819)) returned 1 [0119.929] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0119.930] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgX5G[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegx5g[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x918)) returned 1 [0119.930] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgsWA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegswa[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b2a450, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b2a450, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b2a450, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x916)) returned 1 [0119.930] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51256470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51256470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51256470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3a2)) returned 1 [0119.930] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe4ca790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x24c)) returned 1 [0119.931] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBndhJA[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbndhja[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459f9950, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459f9950, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459f9950, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x398)) returned 1 [0119.931] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBoqF0J[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bboqf0j[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458c8e50, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x230)) returned 1 [0119.931] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53063a30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116)) returned 1 [0119.931] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0119.932] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0119.932] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0119.932] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\activityi;src=2542116;cat=chrom00;type=clien612;ord=2366422437621[1].htm"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c161a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x64c161a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x64e9d900, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x39f)) returned 1 [0119.936] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adex[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adex[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2eca30, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf2eca30, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf312b90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x91dd)) returned 1 [0119.936] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adfscript[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x540e72d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540e72d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x540e72d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2874)) returned 1 [0119.936] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0119.937] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\adsWrapperMSNI[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\adswrappermsni[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbdb6b0f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbdb6b0f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbdb6b0f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x525b)) returned 1 [0119.937] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0119.938] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe967230, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe967230, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe9b34f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8217)) returned 1 [0119.938] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ast[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ast[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe112530, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe112530, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe15e7f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1183b)) returned 1 [0119.938] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58798580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58798580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x58798580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13a9)) returned 1 [0119.939] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.013] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0120.014] SetEvent (hEvent=0xc0) returned 1 [0120.014] SetEvent (hEvent=0x1a0) returned 1 [0120.014] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\benefits-1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\benefits-1[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60cdb940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60cdb940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60d4dd60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1fdaf)) returned 1 [0120.015] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.029] SetEvent (hEvent=0x258) returned 1 [0120.029] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.074] SetEvent (hEvent=0x1a0) returned 1 [0120.074] SetEvent (hEvent=0x364) returned 1 [0120.074] SetEvent (hEvent=0x3c0) returned 1 [0120.074] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.077] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0120.078] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.078] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0120.079] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.079] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.080] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.080] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.081] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.081] VirtualFree (lpAddress=0xc00003e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.081] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018b818, lpReserved=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfCharsWritten=0xc00018b818*=0x3) returned 1 [0120.088] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc000060008*, lpNumberOfCharsWritten=0xc0006e1818*=0x2) returned 1 [0120.096] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.103] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000179818, lpReserved=0x0 | out: lpBuffer=0xc000060010*, lpNumberOfCharsWritten=0xc000179818*=0x3) returned 1 [0120.106] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.113] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000193818, lpReserved=0x0 | out: lpBuffer=0xc000060020*, lpNumberOfCharsWritten=0xc000193818*=0x3) returned 1 [0120.116] SwitchToThread () returned 1 [0120.119] SetEvent (hEvent=0x3c0) returned 1 [0120.119] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.120] SetEvent (hEvent=0x258) returned 1 [0120.120] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.131] SetEvent (hEvent=0x258) returned 1 [0120.132] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.133] SetEvent (hEvent=0x9c) returned 1 [0120.133] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.135] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.137] SetEvent (hEvent=0x258) returned 1 [0120.137] SetEvent (hEvent=0x9c) returned 1 [0120.137] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.138] VirtualFree (lpAddress=0xc00010e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.138] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.138] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.139] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.139] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.139] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d3818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc0001d3818*=0x3) returned 1 [0120.143] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0120.143] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0120.144] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0120.144] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0120.145] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc000151cf4 | out: lpMode=0xc000151cf4) returned 0 [0120.151] GetFileType (hFile=0x2f4) returned 0x1 [0120.151] GetFileType (hFile=0x2f4) returned 0x1 [0120.151] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc000151d44 | out: lpFileInformation=0xc000151d44) returned 1 [0120.152] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc000151d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000151d28) returned 1 [0120.152] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0120.152] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0120.153] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x5a2, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc000151c04*=0x3a2, lpOverlapped=0x0) returned 1 [0120.312] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.317] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0000a23a2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a23a2*, lpNumberOfBytesRead=0xc000151c04*=0x0, lpOverlapped=0x0) returned 1 [0120.317] CloseHandle (hObject=0x2f4) returned 1 [0120.317] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0120.318] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0120.318] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0120.319] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0120.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0120.320] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc000151d04 | out: lpMode=0xc000151d04) returned 0 [0120.321] GetFileType (hFile=0x2f4) returned 0x1 [0120.322] WriteFile (in: hFile=0x2f4, lpBuffer=0xc0001b2000*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0xc000151cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001b2000*, lpNumberOfBytesWritten=0xc000151cec*=0x3b0, lpOverlapped=0x0) returned 1 [0120.323] CloseHandle (hObject=0x2f4) returned 1 [0120.323] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0101 | out: pbBuffer=0xc0002f0101) returned 1 [0120.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0120.323] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc000151d64 | out: lpMode=0xc000151d64) returned 0 [0120.324] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.366] GetFileType (hFile=0x2f4) returned 0x1 [0120.366] WriteFile (in: hFile=0x2f4, lpBuffer=0xc000186420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000151d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000186420*, lpNumberOfBytesWritten=0xc000151d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.366] CloseHandle (hObject=0x2f4) returned 1 [0120.366] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0120.367] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBih5H[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbih5h[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBih5H[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbih5h[1].png"), dwFlags=0x1) returned 1 [0120.368] VirtualFree (lpAddress=0xc00031c000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0120.369] VirtualFree (lpAddress=0xc000266000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.370] VirtualFree (lpAddress=0xc00025a000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0120.370] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.371] SetEvent (hEvent=0x258) returned 1 [0120.371] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.525] SetEvent (hEvent=0x258) returned 1 [0120.525] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.534] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0120.535] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0004dfcf4 | out: lpMode=0xc0004dfcf4) returned 0 [0120.535] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.546] GetFileType (hFile=0x2f4) returned 0x1 [0120.546] GetFileType (hFile=0x2f4) returned 0x1 [0120.546] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc0004dfd44 | out: lpFileInformation=0xc0004dfd44) returned 1 [0120.546] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc0004dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dfd28) returned 1 [0120.546] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0000e6a80, nNumberOfBytesToRead=0x2876, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e6a80*, lpNumberOfBytesRead=0xc0004dfc04*=0x2676, lpOverlapped=0x0) returned 1 [0120.553] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0000e90f6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e90f6*, lpNumberOfBytesRead=0xc0004dfc04*=0x0, lpOverlapped=0x0) returned 1 [0120.554] CloseHandle (hObject=0x2f4) returned 1 [0120.554] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0120.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0120.630] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0004dfd04 | out: lpMode=0xc0004dfd04) returned 0 [0120.634] GetFileType (hFile=0x384) returned 0x1 [0120.634] WriteFile (in: hFile=0x384, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x2680, lpNumberOfBytesWritten=0xc0004dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc0004dfcec*=0x2680, lpOverlapped=0x0) returned 1 [0120.635] CloseHandle (hObject=0x384) returned 1 [0120.637] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028aa01 | out: pbBuffer=0xc00028aa01) returned 1 [0120.637] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0120.637] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0120.638] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0120.639] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0120.639] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0120.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0120.640] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0004dfd64 | out: lpMode=0xc0004dfd64) returned 0 [0120.642] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.658] GetFileType (hFile=0x2f0) returned 0x1 [0120.658] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0002802c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002802c0*, lpNumberOfBytesWritten=0xc0004dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0120.658] CloseHandle (hObject=0x2f0) returned 1 [0120.663] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefwtu[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEfwtU[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbefwtu[1].jpg"), dwFlags=0x1) returned 1 [0120.915] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.916] SetEvent (hEvent=0x12c) returned 1 [0120.916] SetEvent (hEvent=0x39c) returned 1 [0120.916] VirtualFree (lpAddress=0xc000316000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0120.917] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00017d818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc00017d818*=0x3) returned 1 [0120.918] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.921] SetEvent (hEvent=0x1a0) returned 1 [0120.921] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010090*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000159818, lpReserved=0x0 | out: lpBuffer=0xc000010090*, lpNumberOfCharsWritten=0xc000159818*=0x3) returned 1 [0120.922] SetEvent (hEvent=0x1a0) returned 1 [0120.922] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0120.922] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010096*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001fd818, lpReserved=0x0 | out: lpBuffer=0xc000010096*, lpNumberOfCharsWritten=0xc0001fd818*=0x3) returned 1 [0120.923] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.926] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004db818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc0004db818*=0x3) returned 1 [0120.927] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.931] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004df818, lpReserved=0x0 | out: lpBuffer=0xc0000a0030*, lpNumberOfCharsWritten=0xc0004df818*=0x3) returned 1 [0120.932] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.937] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012d818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc00012d818*=0x3) returned 1 [0120.938] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.939] SetEvent (hEvent=0xfc) returned 1 [0120.939] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc000586016*, lpNumberOfCharsWritten=0xc000175818*=0x3) returned 1 [0120.941] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.950] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010088*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f9818, lpReserved=0x0 | out: lpBuffer=0xc000010088*, lpNumberOfCharsWritten=0xc0000f9818*=0x3) returned 1 [0120.951] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc0001b9818*=0x3) returned 1 [0120.952] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc00020f818*=0x3) returned 1 [0120.959] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001f7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc0001f7818*=0x2) returned 1 [0120.967] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0120.972] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00022f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0030*, lpNumberOfCharsWritten=0xc00022f818*=0x3) returned 1 [0120.975] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0036*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0036*, lpNumberOfCharsWritten=0xc0001d5818*=0x3) returned 1 [0120.978] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0121.005] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0121.012] GetFileType (hFile=0x2bc) returned 0x1 [0121.012] GetFileType (hFile=0x2bc) returned 0x1 [0121.012] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0121.012] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0121.012] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x4e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.012] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x4e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.012] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x27000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.013] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x13000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.013] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x9000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.013] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.013] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0121.013] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x4c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0121.021] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0003fe000, nNumberOfBytesToRead=0x4d7b9, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesRead=0xc000175c04*=0x4d5b9, lpOverlapped=0x0) returned 1 [0121.070] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00044b5b9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc00044b5b9*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0121.070] CloseHandle (hObject=0x2bc) returned 1 [0121.070] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0121.070] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x4e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0121.079] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0121.090] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000175d04 | out: lpMode=0xc000175d04) returned 0 [0121.090] GetFileType (hFile=0x2bc) returned 0x1 [0121.090] WriteFile (in: hFile=0x2bc, lpBuffer=0xc000346000*, nNumberOfBytesToWrite=0x4d5c0, lpNumberOfBytesWritten=0xc000175cec, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesWritten=0xc000175cec*=0x4d5c0, lpOverlapped=0x0) returned 1 [0121.099] CloseHandle (hObject=0x2bc) returned 1 [0121.099] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082c01 | out: pbBuffer=0xc000082c01) returned 1 [0121.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0121.100] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0121.100] GetFileType (hFile=0x2bc) returned 0x1 [0121.100] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0121.100] CloseHandle (hObject=0x2bc) returned 1 [0121.102] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ebHtml5Banner[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ebhtml5banner[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-ebHtml5Banner[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-ebhtml5banner[1].js"), dwFlags=0x1) returned 1 [0121.159] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.177] SetEvent (hEvent=0x1b4) returned 1 [0121.177] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.181] SetEvent (hEvent=0x1b4) returned 1 [0121.181] SetEvent (hEvent=0x1a0) returned 1 [0121.181] SetEvent (hEvent=0xfc) returned 1 [0121.181] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.184] SetEvent (hEvent=0x1b4) returned 1 [0121.185] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.191] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.199] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.212] SetEvent (hEvent=0x13c) returned 1 [0121.212] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.215] SetEvent (hEvent=0x13c) returned 1 [0121.215] SetEvent (hEvent=0x1b4) returned 1 [0121.215] VirtualFree (lpAddress=0xc0002ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.216] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0121.216] VirtualFree (lpAddress=0xc000264000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.217] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.217] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.218] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.218] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0121.219] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.219] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.219] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.220] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.220] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000be008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002a1818, lpReserved=0x0 | out: lpBuffer=0xc0000be008*, lpNumberOfCharsWritten=0xc0002a1818*=0x2) returned 1 [0121.225] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.228] SetEvent (hEvent=0x1b4) returned 1 [0121.228] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0121.229] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0121.229] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0121.230] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0121.230] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0002a1cf4 | out: lpMode=0xc0002a1cf4) returned 0 [0121.231] GetFileType (hFile=0x1ec) returned 0x1 [0121.232] GetFileType (hFile=0x1ec) returned 0x1 [0121.232] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc0002a1d44 | out: lpFileInformation=0xc0002a1d44) returned 1 [0121.232] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc0002a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a1d28) returned 1 [0121.232] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0121.233] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0000b6000, nNumberOfBytesToRead=0x6b8, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesRead=0xc0002a1c04*=0x4b8, lpOverlapped=0x0) returned 1 [0121.235] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0000b64b8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b64b8*, lpNumberOfBytesRead=0xc0002a1c04*=0x0, lpOverlapped=0x0) returned 1 [0121.235] CloseHandle (hObject=0x1ec) returned 1 [0121.235] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0121.236] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.238] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0002a1d04 | out: lpMode=0xc0002a1d04) returned 0 [0121.238] GetFileType (hFile=0x1b0) returned 0x1 [0121.238] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000a4000*, nNumberOfBytesToWrite=0x4c0, lpNumberOfBytesWritten=0xc0002a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a4000*, lpNumberOfBytesWritten=0xc0002a1cec*=0x4c0, lpOverlapped=0x0) returned 1 [0121.239] CloseHandle (hObject=0x1b0) returned 1 [0121.240] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0121.240] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0121.241] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0121.242] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0121.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0121.242] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0002a1d64 | out: lpMode=0xc0002a1d64) returned 0 [0121.243] GetFileType (hFile=0x2bc) returned 0x1 [0121.243] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000ce2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce2c0*, lpNumberOfBytesWritten=0xc0002a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0121.243] CloseHandle (hObject=0x2bc) returned 1 [0121.247] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0121.248] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-js[1]"), dwFlags=0x1) returned 1 [0121.304] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe30*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.304] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f698, ulCount=0x10, ulNumEntriesRemoved=0x2c89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f698, ulNumEntriesRemoved=0x2c89f66c) returned 0 [0121.304] SetEvent (hEvent=0x13c) returned 1 [0121.305] SetEvent (hEvent=0xfc) returned 1 [0121.305] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0121.306] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.308] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.308] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f6a0, ulNumEntriesRemoved=0x2c89f674) returned 0 [0121.308] SetEvent (hEvent=0xfc) returned 1 [0121.308] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe18*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.315] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.315] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.340] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.352] SetEvent (hEvent=0x354) returned 1 [0121.352] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.497] SetEvent (hEvent=0x3c0) returned 1 [0121.497] SetEvent (hEvent=0x12c) returned 1 [0121.498] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.500] SetEvent (hEvent=0x1b4) returned 1 [0121.500] SetEvent (hEvent=0x1a0) returned 1 [0121.500] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.566] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000000a00*, nNumberOfCharsToWrite=0x7f, lpNumberOfCharsWritten=0xc0001fd808, lpReserved=0x0 | out: lpBuffer=0xc000000a00*, lpNumberOfCharsWritten=0xc0001fd808*=0x7f) returned 1 [0121.576] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0121.646] SetEvent (hEvent=0x12c) returned 1 [0121.646] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0122.277] SetEvent (hEvent=0xfc) returned 1 [0122.277] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0122.292] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0122.293] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0122.293] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0122.297] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0122.304] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0122.305] SetEvent (hEvent=0x3c0) returned 1 [0122.305] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0122.346] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0122.346] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc000179cf4 | out: lpMode=0xc000179cf4) returned 0 [0122.347] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0122.495] SetEvent (hEvent=0x1b4) returned 1 [0122.495] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0122.865] SetEvent (hEvent=0x39c) returned 1 [0122.865] SetEvent (hEvent=0x3c0) returned 1 [0122.865] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0122.870] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0122.870] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0122.871] ReadFile (in: hFile=0x240, lpBuffer=0xc0006ea000, nNumberOfBytesToRead=0x204200, lpNumberOfBytesRead=0xc00013dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0006ea000*, lpNumberOfBytesRead=0xc00013dc04*=0x204000, lpOverlapped=0x0) returned 1 [0122.917] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0122.967] ReadFile (in: hFile=0x240, lpBuffer=0xc0008ee000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0008ee000*, lpNumberOfBytesRead=0xc00013dc04*=0x0, lpOverlapped=0x0) returned 1 [0122.967] CloseHandle (hObject=0x240) returned 1 [0122.967] VirtualAlloc (lpAddress=0xc0008f0000, dwSize=0x206000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0008f0000 [0123.003] SetEvent (hEvent=0xec) returned 1 [0123.003] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0123.012] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.020] SetEvent (hEvent=0x12c) returned 1 [0123.020] SetEvent (hEvent=0x13c) returned 1 [0123.020] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0123.026] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0123.026] SetEvent (hEvent=0x12c) returned 1 [0123.026] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.027] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe30*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.028] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f6a0, ulNumEntriesRemoved=0x2c89f674) returned 0 [0123.028] SetEvent (hEvent=0x3c0) returned 1 [0123.028] SetEvent (hEvent=0x324) returned 1 [0123.028] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe18*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0123.031] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0000c3cf4 | out: lpMode=0xc0000c3cf4) returned 0 [0123.038] GetFileType (hFile=0x2cc) returned 0x1 [0123.038] GetFileType (hFile=0x2cc) returned 0x1 [0123.038] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc0000c3d44 | out: lpFileInformation=0xc0000c3d44) returned 1 [0123.038] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc0000c3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c3d28) returned 1 [0123.039] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0123.039] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0006ea000, nNumberOfBytesToRead=0x200200, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006ea000*, lpNumberOfBytesRead=0xc0000c3c04*=0x200000, lpOverlapped=0x0) returned 1 [0123.091] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0008ea000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0008ea000*, lpNumberOfBytesRead=0xc0000c3c04*=0x0, lpOverlapped=0x0) returned 1 [0123.091] CloseHandle (hObject=0x2cc) returned 1 [0123.091] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edb00001.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0123.092] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001d7cf4 | out: lpMode=0xc0001d7cf4) returned 0 [0123.168] GetFileType (hFile=0x2cc) returned 0x1 [0123.169] GetFileType (hFile=0x2cc) returned 0x1 [0123.169] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc0001d7d44 | out: lpFileInformation=0xc0001d7d44) returned 1 [0123.169] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc0001d7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d7d28) returned 1 [0123.169] VirtualAlloc (lpAddress=0xc000af6000, dwSize=0x202000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.169] VirtualAlloc (lpAddress=0xc000af6000, dwSize=0x202000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.169] VirtualAlloc (lpAddress=0xc000af6000, dwSize=0x101000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000af6000 [0123.173] VirtualAlloc (lpAddress=0xc000bf7000, dwSize=0x101000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.173] VirtualAlloc (lpAddress=0xc000bf7000, dwSize=0x80000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.173] VirtualAlloc (lpAddress=0xc000bf7000, dwSize=0x40000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.173] VirtualAlloc (lpAddress=0xc000bf7000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.173] VirtualAlloc (lpAddress=0xc000bf7000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.173] VirtualAlloc (lpAddress=0xc000bf7000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000bf7000 [0123.174] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0xf9000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.174] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x7c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.174] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x3e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.174] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x1f000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.174] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0xf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.174] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.174] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0123.174] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000bff000 [0123.174] VirtualAlloc (lpAddress=0xc000c00000, dwSize=0xf8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000c00000 [0123.215] SetEvent (hEvent=0xc0) returned 1 [0123.215] SetEvent (hEvent=0x39c) returned 1 [0123.215] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0123.220] ReadFile (in: hFile=0x2cc, lpBuffer=0xc000af6000, nNumberOfBytesToRead=0x200200, lpNumberOfBytesRead=0xc0001d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000af6000*, lpNumberOfBytesRead=0xc0001d7c04*=0x200000, lpOverlapped=0x0) returned 1 [0123.260] ReadFile (in: hFile=0x2cc, lpBuffer=0xc000cf6000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000cf6000*, lpNumberOfBytesRead=0xc0001d7c04*=0x0, lpOverlapped=0x0) returned 1 [0123.260] CloseHandle (hObject=0x2cc) returned 1 [0123.260] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\edbres00002.jrs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\edbres00002.jrs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0123.261] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001dbcf4 | out: lpMode=0xc0001dbcf4) returned 0 [0123.268] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0123.291] SetEvent (hEvent=0x13c) returned 1 [0123.292] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0123.567] SetEvent (hEvent=0x3c0) returned 1 [0123.567] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0123.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0123.751] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000153d64 | out: lpMode=0xc000153d64) returned 0 [0123.756] GetFileType (hFile=0x3d8) returned 0x1 [0123.756] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000dc2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000153d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc2c0*, lpNumberOfBytesWritten=0xc000153d4c*=0x158, lpOverlapped=0x0) returned 1 [0123.757] CloseHandle (hObject=0x3d8) returned 1 [0123.758] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0123.759] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-soft blue.htm"), dwFlags=0x1) returned 1 [0124.084] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0124.087] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0124.163] SetEvent (hEvent=0x114) returned 1 [0124.163] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0124.429] SetEvent (hEvent=0xfc) returned 1 [0124.429] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0124.526] SetEvent (hEvent=0x114) returned 1 [0124.526] SetEvent (hEvent=0xfc) returned 1 [0124.526] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0124.532] SetEvent (hEvent=0x114) returned 1 [0124.532] SetEvent (hEvent=0xec) returned 1 [0124.532] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0126.434] SetEvent (hEvent=0x324) returned 1 [0126.434] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0126.436] SetEvent (hEvent=0x1b4) returned 1 [0126.436] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0126.437] SetEvent (hEvent=0x114) returned 1 [0126.437] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0126.594] SetEvent (hEvent=0x354) returned 1 [0126.594] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0126.636] SetEvent (hEvent=0x354) returned 1 [0126.636] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0127.607] SetEvent (hEvent=0x1b4) returned 1 [0127.607] SetEvent (hEvent=0x354) returned 1 [0127.608] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0127.610] SetEvent (hEvent=0x1b4) returned 1 [0127.610] SetEvent (hEvent=0x324) returned 1 [0127.610] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0127.642] SetEvent (hEvent=0x1a0) returned 1 [0127.642] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0127.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Ow_NPfCevcI.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ow_npfcevci.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0127.645] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000047cf4 | out: lpMode=0xc000047cf4) returned 0 [0127.646] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0127.703] SetEvent (hEvent=0x114) returned 1 [0127.703] GetFileType (hFile=0x23c) returned 0x1 [0127.703] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0127.711] GetFileType (hFile=0x23c) returned 0x1 [0127.711] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc000047d44 | out: lpFileInformation=0xc000047d44) returned 1 [0127.711] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc000047d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000047d28) returned 1 [0127.711] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0127.713] ReadFile (in: hFile=0x23c, lpBuffer=0xc00028c000, nNumberOfBytesToRead=0xeaea, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesRead=0xc000047c04*=0xe8ea, lpOverlapped=0x0) returned 1 [0127.714] ReadFile (in: hFile=0x23c, lpBuffer=0xc00029a8ea, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029a8ea*, lpNumberOfBytesRead=0xc000047c04*=0x0, lpOverlapped=0x0) returned 1 [0127.714] CloseHandle (hObject=0x23c) returned 1 [0127.714] VirtualAlloc (lpAddress=0xc000308000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000308000 [0127.716] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0127.716] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Ow_NPfCevcI.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ow_npfcevci.pps"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0127.717] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000047d04 | out: lpMode=0xc000047d04) returned 0 [0127.718] GetFileType (hFile=0x23c) returned 0x1 [0127.718] WriteFile (in: hFile=0x23c, lpBuffer=0xc000308000*, nNumberOfBytesToWrite=0xe8f0, lpNumberOfBytesWritten=0xc000047cec, lpOverlapped=0x0 | out: lpBuffer=0xc000308000*, lpNumberOfBytesWritten=0xc000047cec*=0xe8f0, lpOverlapped=0x0) returned 1 [0127.720] CloseHandle (hObject=0x23c) returned 1 [0127.720] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0127.720] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Ow_NPfCevcI.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ow_npfcevci.pps"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0127.720] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000047d64 | out: lpMode=0xc000047d64) returned 0 [0127.765] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0127.768] GetFileType (hFile=0x23c) returned 0x1 [0127.768] WriteFile (in: hFile=0x23c, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000047d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000047d4c*=0x158, lpOverlapped=0x0) returned 1 [0127.769] CloseHandle (hObject=0x23c) returned 1 [0127.769] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Ow_NPfCevcI.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\ow_npfcevci.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-Ow_NPfCevcI.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-ow_npfcevci.pps"), dwFlags=0x1) returned 1 [0127.774] SwitchToThread () returned 1 [0127.790] SetEvent (hEvent=0x114) returned 1 [0127.790] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0127.801] SetEvent (hEvent=0x3c8) returned 1 [0127.801] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0127.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Fa_rU7uTnnsW1u.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fa_ru7utnnsw1u.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0127.803] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc00020bcf4 | out: lpMode=0xc00020bcf4) returned 0 [0127.810] GetFileType (hFile=0x3d8) returned 0x1 [0127.810] GetFileType (hFile=0x3d8) returned 0x1 [0127.810] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc00020bd44 | out: lpFileInformation=0xc00020bd44) returned 1 [0127.810] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc00020bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020bd28) returned 1 [0127.810] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0127.811] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0127.811] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0001a0000, nNumberOfBytesToRead=0x78f3, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a0000*, lpNumberOfBytesRead=0xc00020bc04*=0x76f3, lpOverlapped=0x0) returned 1 [0127.812] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0001a76f3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a76f3*, lpNumberOfBytesRead=0xc00020bc04*=0x0, lpOverlapped=0x0) returned 1 [0127.812] CloseHandle (hObject=0x3d8) returned 1 [0127.813] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0127.813] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0127.813] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0127.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Fa_rU7uTnnsW1u.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fa_ru7utnnsw1u.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0127.816] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc00020bd04 | out: lpMode=0xc00020bd04) returned 0 [0127.823] GetFileType (hFile=0x3d8) returned 0x1 [0127.823] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0001e2000*, nNumberOfBytesToWrite=0x7700, lpNumberOfBytesWritten=0xc00020bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesWritten=0xc00020bcec*=0x7700, lpOverlapped=0x0) returned 1 [0127.825] CloseHandle (hObject=0x3d8) returned 1 [0127.825] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0127.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Fa_rU7uTnnsW1u.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fa_ru7utnnsw1u.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0127.825] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc00020bd64 | out: lpMode=0xc00020bd64) returned 0 [0127.828] GetFileType (hFile=0x3d8) returned 0x1 [0127.828] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000ba840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ba840*, lpNumberOfBytesWritten=0xc00020bd4c*=0x158, lpOverlapped=0x0) returned 1 [0127.828] CloseHandle (hObject=0x3d8) returned 1 [0127.828] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Fa_rU7uTnnsW1u.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\fa_ru7utnnsw1u.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-Fa_rU7uTnnsW1u.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-fa_ru7utnnsw1u.flv"), dwFlags=0x1) returned 1 [0127.855] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0127.865] SetEvent (hEvent=0x3c8) returned 1 [0127.865] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0127.866] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0127.867] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0127.868] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0127.869] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00026dcf4 | out: lpMode=0xc00026dcf4) returned 0 [0127.880] GetFileType (hFile=0x370) returned 0x1 [0127.880] GetFileType (hFile=0x370) returned 0x1 [0127.880] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc00026dd44 | out: lpFileInformation=0xc00026dd44) returned 1 [0127.880] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc00026dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026dd28) returned 1 [0127.880] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0127.881] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0127.881] ReadFile (in: hFile=0x370, lpBuffer=0xc000126000, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000126000*, lpNumberOfBytesRead=0xc00026dc04*=0x43, lpOverlapped=0x0) returned 1 [0127.882] ReadFile (in: hFile=0x370, lpBuffer=0xc000126043, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000126043*, lpNumberOfBytesRead=0xc00026dc04*=0x0, lpOverlapped=0x0) returned 1 [0127.882] CloseHandle (hObject=0x370) returned 1 [0127.882] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0127.883] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0127.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\xt1rpyg9\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.884] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\XT1RPYG9\\desktop.ini\\*", lpFindFileData=0xc00026da08 | out: lpFindFileData=0xc00026da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0127.884] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00026d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0127.884] SwitchToThread () returned 1 [0127.886] SetEvent (hEvent=0x114) returned 1 [0127.886] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0127.888] SetEvent (hEvent=0x3c8) returned 1 [0127.888] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0127.892] SwitchToThread () returned 1 [0127.958] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0127.966] SetEvent (hEvent=0x114) returned 1 [0127.966] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0127.967] SetEvent (hEvent=0x1a0) returned 1 [0127.967] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0127.977] SetEvent (hEvent=0x114) returned 1 [0127.977] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0127.986] SetEvent (hEvent=0x114) returned 1 [0127.986] SetEvent (hEvent=0x3c8) returned 1 [0127.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\j Nm.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\j nm.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0127.987] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000279cf4 | out: lpMode=0xc000279cf4) returned 0 [0127.987] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0127.994] SetEvent (hEvent=0x114) returned 1 [0127.995] GetFileType (hFile=0x2bc) returned 0x1 [0127.995] GetFileType (hFile=0x2bc) returned 0x1 [0127.995] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000279d44 | out: lpFileInformation=0xc000279d44) returned 1 [0127.995] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000279d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000279d28) returned 1 [0127.995] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0127.995] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0127.997] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0xc462, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc000279c04*=0xc262, lpOverlapped=0x0) returned 1 [0127.998] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000266262, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000279c04, lpOverlapped=0x0 | out: lpBuffer=0xc000266262*, lpNumberOfBytesRead=0xc000279c04*=0x0, lpOverlapped=0x0) returned 1 [0127.998] CloseHandle (hObject=0x2bc) returned 1 [0127.998] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0127.998] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0127.999] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0128.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\j Nm.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\j nm.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0128.002] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000279d04 | out: lpMode=0xc000279d04) returned 0 [0128.007] GetFileType (hFile=0x2bc) returned 0x1 [0128.007] WriteFile (in: hFile=0x2bc, lpBuffer=0xc00027c000*, nNumberOfBytesToWrite=0xc270, lpNumberOfBytesWritten=0xc000279cec, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesWritten=0xc000279cec*=0xc270, lpOverlapped=0x0) returned 1 [0128.009] CloseHandle (hObject=0x2bc) returned 1 [0128.009] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0128.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\j Nm.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\j nm.rtf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0128.009] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000279d64 | out: lpMode=0xc000279d64) returned 0 [0128.013] GetFileType (hFile=0x2bc) returned 0x1 [0128.013] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0001b2580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000279d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001b2580*, lpNumberOfBytesWritten=0xc000279d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.014] CloseHandle (hObject=0x2bc) returned 1 [0128.014] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\j Nm.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\j nm.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-j Nm.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-j nm.rtf"), dwFlags=0x1) returned 1 [0128.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\nNST4cr.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nnst4cr.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0128.015] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00012fcf4 | out: lpMode=0xc00012fcf4) returned 0 [0128.020] GetFileType (hFile=0x2bc) returned 0x1 [0128.020] GetFileType (hFile=0x2bc) returned 0x1 [0128.020] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc00012fd44 | out: lpFileInformation=0xc00012fd44) returned 1 [0128.020] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc00012fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012fd28) returned 1 [0128.020] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0128.022] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0002f6000, nNumberOfBytesToRead=0x43b6, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesRead=0xc00012fc04*=0x41b6, lpOverlapped=0x0) returned 1 [0128.023] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0002fa1b6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fa1b6*, lpNumberOfBytesRead=0xc00012fc04*=0x0, lpOverlapped=0x0) returned 1 [0128.023] CloseHandle (hObject=0x2bc) returned 1 [0128.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\nNST4cr.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nnst4cr.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0128.025] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00012fd04 | out: lpMode=0xc00012fd04) returned 0 [0128.033] GetFileType (hFile=0x2bc) returned 0x1 [0128.033] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0002fa800*, nNumberOfBytesToWrite=0x41c0, lpNumberOfBytesWritten=0xc00012fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002fa800*, lpNumberOfBytesWritten=0xc00012fcec*=0x41c0, lpOverlapped=0x0) returned 1 [0128.034] CloseHandle (hObject=0x2bc) returned 1 [0128.034] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001101 | out: pbBuffer=0xc000001101) returned 1 [0128.034] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0128.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\nNST4cr.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nnst4cr.odt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0128.035] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00012fd64 | out: lpMode=0xc00012fd64) returned 0 [0128.039] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.044] SetEvent (hEvent=0x114) returned 1 [0128.045] GetFileType (hFile=0x2bc) returned 0x1 [0128.045] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0001b29a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001b29a0*, lpNumberOfBytesWritten=0xc00012fd4c*=0x158, lpOverlapped=0x0) returned 1 [0128.045] CloseHandle (hObject=0x2bc) returned 1 [0128.045] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\nNST4cr.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\nnst4cr.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-nNST4cr.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-nnst4cr.odt"), dwFlags=0x1) returned 1 [0128.046] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.054] SetEvent (hEvent=0x114) returned 1 [0128.054] SetEvent (hEvent=0x1a0) returned 1 [0128.054] SwitchToThread () returned 1 [0128.063] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tgvQx_X7G.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tgvqx_x7g.ots"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0128.064] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000149cf4 | out: lpMode=0xc000149cf4) returned 0 [0128.069] GetFileType (hFile=0x3d8) returned 0x1 [0128.069] GetFileType (hFile=0x3d8) returned 0x1 [0128.069] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc000149d44 | out: lpFileInformation=0xc000149d44) returned 1 [0128.069] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc000149d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000149d28) returned 1 [0128.069] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0128.070] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0128.071] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xc494, lpNumberOfBytesRead=0xc000149c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc000149c04*=0xc294, lpOverlapped=0x0) returned 1 [0128.073] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00021e294, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000149c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021e294*, lpNumberOfBytesRead=0xc000149c04*=0x0, lpOverlapped=0x0) returned 1 [0128.073] CloseHandle (hObject=0x3d8) returned 1 [0128.073] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0128.073] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0128.074] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0128.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tgvQx_X7G.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tgvqx_x7g.ots"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0128.077] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000149d04 | out: lpMode=0xc000149d04) returned 0 [0128.080] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.088] SetEvent (hEvent=0x114) returned 1 [0128.089] GetFileType (hFile=0x3d8) returned 0x1 [0128.089] WriteFile (in: hFile=0x3d8, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0xc2a0, lpNumberOfBytesWritten=0xc000149cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc000149cec*=0xc2a0, lpOverlapped=0x0) returned 1 [0128.090] CloseHandle (hObject=0x3d8) returned 1 [0128.090] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0128.090] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0128.091] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tgvQx_X7G.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tgvqx_x7g.ots"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0128.091] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000149d64 | out: lpMode=0xc000149d64) returned 0 [0128.095] GetFileType (hFile=0x3d8) returned 0x1 [0128.095] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0128.095] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000102000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000149d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfBytesWritten=0xc000149d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.095] CloseHandle (hObject=0x3d8) returned 1 [0128.096] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0128.096] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\tgvQx_X7G.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\tgvqx_x7g.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-tgvQx_X7G.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-tgvqx_x7g.ots"), dwFlags=0x1) returned 1 [0128.097] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0128.098] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0128.099] VirtualFree (lpAddress=0xc00028c000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0128.099] VirtualFree (lpAddress=0xc000212000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0128.100] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0128.100] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.101] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.101] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.101] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.101] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\yZD2.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yzd2.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0128.102] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000065cf4 | out: lpMode=0xc000065cf4) returned 0 [0128.104] GetFileType (hFile=0x3d8) returned 0x1 [0128.105] GetFileType (hFile=0x3d8) returned 0x1 [0128.105] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc000065d44 | out: lpFileInformation=0xc000065d44) returned 1 [0128.105] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc000065d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000065d28) returned 1 [0128.105] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0128.107] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x161bb, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000065c04*=0x15fbb, lpOverlapped=0x0) returned 1 [0128.108] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0002b9fbb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b9fbb*, lpNumberOfBytesRead=0xc000065c04*=0x0, lpOverlapped=0x0) returned 1 [0128.108] CloseHandle (hObject=0x3d8) returned 1 [0128.108] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0128.111] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\yZD2.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yzd2.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0128.112] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000065d04 | out: lpMode=0xc000065d04) returned 0 [0128.115] GetFileType (hFile=0x3d8) returned 0x1 [0128.115] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0002f6000*, nNumberOfBytesToWrite=0x15fc0, lpNumberOfBytesWritten=0xc000065cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesWritten=0xc000065cec*=0x15fc0, lpOverlapped=0x0) returned 1 [0128.117] CloseHandle (hObject=0x3d8) returned 1 [0128.117] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0128.117] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0128.117] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\yZD2.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yzd2.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0128.118] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000065d64 | out: lpMode=0xc000065d64) returned 0 [0128.126] GetFileType (hFile=0x3d8) returned 0x1 [0128.126] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000102420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000065d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000102420*, lpNumberOfBytesWritten=0xc000065d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.126] CloseHandle (hObject=0x3d8) returned 1 [0128.126] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\yZD2.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\yzd2.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-yZD2.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-yzd2.jpg"), dwFlags=0x1) returned 1 [0128.127] SwitchToThread () returned 1 [0128.128] SetEvent (hEvent=0x1a0) returned 1 [0128.128] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.163] SetEvent (hEvent=0xec) returned 1 [0128.163] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.220] SetEvent (hEvent=0x1b4) returned 1 [0128.220] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.223] SetEvent (hEvent=0xec) returned 1 [0128.223] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.227] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.250] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.252] SetEvent (hEvent=0x1b4) returned 1 [0128.252] SwitchToThread () returned 1 [0128.256] SetEvent (hEvent=0xec) returned 1 [0128.256] SetEvent (hEvent=0x1b4) returned 1 [0128.256] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.274] SetEvent (hEvent=0x1b4) returned 1 [0128.274] SetEvent (hEvent=0xec) returned 1 [0128.274] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.285] SetEvent (hEvent=0x1b4) returned 1 [0128.285] SetEvent (hEvent=0xec) returned 1 [0128.285] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.300] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.303] SetEvent (hEvent=0x1b4) returned 1 [0128.303] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.312] SetEvent (hEvent=0x1b4) returned 1 [0128.312] SetEvent (hEvent=0xec) returned 1 [0128.312] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0128.313] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0128.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\oiYA0G1ngBz3jgT.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\oiya0g1ngbz3jgt.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0128.314] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00014dcf4 | out: lpMode=0xc00014dcf4) returned 0 [0128.324] GetFileType (hFile=0x2bc) returned 0x1 [0128.324] GetFileType (hFile=0x2bc) returned 0x1 [0128.324] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc00014dd44 | out: lpFileInformation=0xc00014dd44) returned 1 [0128.324] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc00014dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014dd28) returned 1 [0128.324] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0128.325] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0128.327] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0002f6000, nNumberOfBytesToRead=0x6326, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesRead=0xc00014dc04*=0x6126, lpOverlapped=0x0) returned 1 [0128.328] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0002fc126, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fc126*, lpNumberOfBytesRead=0xc00014dc04*=0x0, lpOverlapped=0x0) returned 1 [0128.328] CloseHandle (hObject=0x2bc) returned 1 [0128.328] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0128.328] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0128.329] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\oiYA0G1ngBz3jgT.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\oiya0g1ngbz3jgt.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0128.330] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00014dd04 | out: lpMode=0xc00014dd04) returned 0 [0128.352] GetFileType (hFile=0x2bc) returned 0x1 [0128.352] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0002fca80*, nNumberOfBytesToWrite=0x6130, lpNumberOfBytesWritten=0xc00014dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002fca80*, lpNumberOfBytesWritten=0xc00014dcec*=0x6130, lpOverlapped=0x0) returned 1 [0128.353] CloseHandle (hObject=0x2bc) returned 1 [0128.353] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0128.353] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0128.354] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0128.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\oiYA0G1ngBz3jgT.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\oiya0g1ngbz3jgt.swf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0128.354] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00014dd64 | out: lpMode=0xc00014dd64) returned 0 [0128.368] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.377] GetFileType (hFile=0x2bc) returned 0x1 [0128.377] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.383] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00014dd4c*=0x158, lpOverlapped=0x0) returned 1 [0128.383] CloseHandle (hObject=0x2bc) returned 1 [0128.383] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\oiYA0G1ngBz3jgT.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\oiya0g1ngbz3jgt.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-oiYA0G1ngBz3jgT.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-oiya0g1ngbz3jgt.swf"), dwFlags=0x1) returned 1 [0128.385] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.409] SetEvent (hEvent=0x114) returned 1 [0128.409] SetEvent (hEvent=0xec) returned 1 [0128.409] SwitchToThread () returned 1 [0128.410] SetEvent (hEvent=0x114) returned 1 [0128.410] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0128.421] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0128.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\5a2sp8_ePr.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\5a2sp8_epr.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0128.422] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0004d9cf4 | out: lpMode=0xc0004d9cf4) returned 0 [0128.431] GetFileType (hFile=0x3d8) returned 0x1 [0128.431] GetFileType (hFile=0x3d8) returned 0x1 [0128.431] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc0004d9d44 | out: lpFileInformation=0xc0004d9d44) returned 1 [0128.431] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc0004d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004d9d28) returned 1 [0128.431] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0128.432] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0128.432] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000224000, nNumberOfBytesToRead=0xef7, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000224000*, lpNumberOfBytesRead=0xc0004d9c04*=0xcf7, lpOverlapped=0x0) returned 1 [0128.433] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000224cf7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000224cf7*, lpNumberOfBytesRead=0xc0004d9c04*=0x0, lpOverlapped=0x0) returned 1 [0128.433] CloseHandle (hObject=0x3d8) returned 1 [0128.434] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0128.434] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0128.435] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0128.436] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\5a2sp8_ePr.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\5a2sp8_epr.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0128.437] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0004d9d04 | out: lpMode=0xc0004d9d04) returned 0 [0128.444] GetFileType (hFile=0x3d8) returned 0x1 [0128.445] WriteFile (in: hFile=0x3d8, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0xd00, lpNumberOfBytesWritten=0xc0004d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc0004d9cec*=0xd00, lpOverlapped=0x0) returned 1 [0128.446] CloseHandle (hObject=0x3d8) returned 1 [0128.446] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0128.446] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0128.447] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0128.447] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0128.448] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0128.448] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0128.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\5a2sp8_ePr.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\5a2sp8_epr.wav"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0128.449] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0004d9d64 | out: lpMode=0xc0004d9d64) returned 0 [0128.457] GetFileType (hFile=0x3d8) returned 0x1 [0128.457] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000204420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000204420*, lpNumberOfBytesWritten=0xc0004d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0128.457] CloseHandle (hObject=0x3d8) returned 1 [0130.663] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0132.878] SetEvent (hEvent=0x39c) returned 1 [0132.878] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0132.962] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0132.963] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0048*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0048*, lpNumberOfCharsWritten=0xc00024d818*=0x3) returned 1 [0132.965] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000260580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc000129808, lpReserved=0x0 | out: lpBuffer=0xc000260580*, lpNumberOfCharsWritten=0xc000129808*=0xad) returned 1 [0132.967] SetEvent (hEvent=0x1a0) returned 1 [0132.967] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0132.968] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.968] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0132.969] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0132.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0132.969] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000129d64 | out: lpMode=0xc000129d64) returned 0 [0132.971] GetFileType (hFile=0x2cc) returned 0x1 [0132.971] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0002609a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000129d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002609a0*, lpNumberOfBytesWritten=0xc000129d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.971] CloseHandle (hObject=0x2cc) returned 1 [0132.977] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwFlags=0x1) returned 1 [0133.307] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.307] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.308] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.308] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e028*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d7818, lpReserved=0x0 | out: lpBuffer=0xc00005e028*, lpNumberOfCharsWritten=0xc0002d7818*=0x2) returned 1 [0133.409] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.412] SetEvent (hEvent=0xec) returned 1 [0133.412] SetEvent (hEvent=0x324) returned 1 [0133.412] SetEvent (hEvent=0x1a0) returned 1 [0133.412] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.413] SetEvent (hEvent=0xec) returned 1 [0133.413] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0133.414] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0002d7cf4 | out: lpMode=0xc0002d7cf4) returned 0 [0133.414] GetFileType (hFile=0x2f0) returned 0x1 [0133.414] GetFileType (hFile=0x2f0) returned 0x1 [0133.414] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0002d7d44 | out: lpFileInformation=0xc0002d7d44) returned 1 [0133.414] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0002d7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d7d28) returned 1 [0133.414] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0133.415] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0002f2000, nNumberOfBytesToRead=0x394, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f2000*, lpNumberOfBytesRead=0xc0002d7c04*=0x194, lpOverlapped=0x0) returned 1 [0133.416] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0002f2194, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f2194*, lpNumberOfBytesRead=0xc0002d7c04*=0x0, lpOverlapped=0x0) returned 1 [0133.416] CloseHandle (hObject=0x2f0) returned 1 [0133.416] VirtualAlloc (lpAddress=0xc0002f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f4000 [0133.417] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.428] VirtualAlloc (lpAddress=0xc0002f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f8000 [0133.428] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6\\*", lpFindFileData=0xc0002d7a08 | out: lpFindFileData=0xc0002d7a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.429] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002d7720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.429] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0133.429] SetEvent (hEvent=0x1a0) returned 1 [0133.429] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.431] SetEvent (hEvent=0xec) returned 1 [0133.431] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.435] SetEvent (hEvent=0xec) returned 1 [0133.435] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.436] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0133.437] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0133.438] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000243cf4 | out: lpMode=0xc000243cf4) returned 0 [0133.438] GetFileType (hFile=0x2f0) returned 0x1 [0133.438] GetFileType (hFile=0x2f0) returned 0x1 [0133.438] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc000243d44 | out: lpFileInformation=0xc000243d44) returned 1 [0133.438] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc000243d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000243d28) returned 1 [0133.439] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0133.439] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0000dc000, nNumberOfBytesToRead=0x398, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesRead=0xc000243c04*=0x198, lpOverlapped=0x0) returned 1 [0133.440] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0000dc198, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc198*, lpNumberOfBytesRead=0xc000243c04*=0x0, lpOverlapped=0x0) returned 1 [0133.440] CloseHandle (hObject=0x2f0) returned 1 [0133.440] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.448] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0133.449] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD\\*", lpFindFileData=0xc000243a08 | out: lpFindFileData=0xc000243a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.449] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000243720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.449] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc000243808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000243808*=0xad) returned 1 [0133.451] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0133.452] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.452] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0133.452] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0133.452] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000243d64 | out: lpMode=0xc000243d64) returned 0 [0133.453] GetFileType (hFile=0x2cc) returned 0x1 [0133.453] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000243d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000243d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.457] CloseHandle (hObject=0x2cc) returned 1 [0133.461] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), dwFlags=0x1) returned 1 [0133.491] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe30*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.492] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f698, ulCount=0x10, ulNumEntriesRemoved=0x2c89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f698, ulNumEntriesRemoved=0x2c89f66c) returned 0 [0133.492] SetEvent (hEvent=0x334) returned 1 [0133.492] SetEvent (hEvent=0x39c) returned 1 [0133.492] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0133.494] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.498] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f6a0, ulNumEntriesRemoved=0x2c89f674) returned 0 [0133.499] SetEvent (hEvent=0x39c) returned 1 [0133.499] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe18*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.501] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.514] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.528] SetEvent (hEvent=0x324) returned 1 [0133.528] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.532] SetEvent (hEvent=0x324) returned 1 [0133.532] SetEvent (hEvent=0xec) returned 1 [0133.532] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.533] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e068*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001fb818, lpReserved=0x0 | out: lpBuffer=0xc00005e068*, lpNumberOfCharsWritten=0xc0001fb818*=0x2) returned 1 [0133.534] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.541] SetEvent (hEvent=0x334) returned 1 [0133.541] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.542] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0133.543] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001fbcf4 | out: lpMode=0xc0001fbcf4) returned 0 [0133.543] GetFileType (hFile=0x2f0) returned 0x1 [0133.543] GetFileType (hFile=0x2f0) returned 0x1 [0133.543] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0001fbd44 | out: lpFileInformation=0xc0001fbd44) returned 1 [0133.543] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0001fbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fbd28) returned 1 [0133.543] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00002c400, nNumberOfBytesToRead=0x382, lpNumberOfBytesRead=0xc0001fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c400*, lpNumberOfBytesRead=0xc0001fbc04*=0x182, lpOverlapped=0x0) returned 1 [0133.544] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00002c582, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c582*, lpNumberOfBytesRead=0xc0001fbc04*=0x0, lpOverlapped=0x0) returned 1 [0133.544] CloseHandle (hObject=0x2f0) returned 1 [0133.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.551] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778\\*", lpFindFileData=0xc0001fba08 | out: lpFindFileData=0xc0001fba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.551] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001fb720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.551] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0001fb808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0001fb808*=0xad) returned 1 [0133.554] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.554] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0133.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0133.555] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0001fbd64 | out: lpMode=0xc0001fbd64) returned 0 [0133.556] GetFileType (hFile=0x2f4) returned 0x1 [0133.556] WriteFile (in: hFile=0x2f4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001fbd4c*=0x158, lpOverlapped=0x0) returned 1 [0133.556] CloseHandle (hObject=0x2f4) returned 1 [0133.559] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0133.560] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), dwFlags=0x1) returned 1 [0133.626] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe30*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.627] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f698, ulCount=0x10, ulNumEntriesRemoved=0x2c89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f698, ulNumEntriesRemoved=0x2c89f66c) returned 0 [0133.627] SetEvent (hEvent=0xc0) returned 1 [0133.627] SetEvent (hEvent=0x334) returned 1 [0133.628] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.629] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.629] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.631] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f6a0, ulNumEntriesRemoved=0x2c89f674) returned 0 [0133.631] SetEvent (hEvent=0x324) returned 1 [0133.631] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe18*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.639] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.661] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.670] SetEvent (hEvent=0x1a0) returned 1 [0133.670] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.674] SetEvent (hEvent=0x1a0) returned 1 [0133.674] SetEvent (hEvent=0xec) returned 1 [0133.674] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.674] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.675] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.675] VirtualFree (lpAddress=0xc00006a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0133.676] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.676] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.677] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc00005e008*, lpNumberOfCharsWritten=0xc00024d818*=0x2) returned 1 [0133.679] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.686] SetEvent (hEvent=0x334) returned 1 [0133.686] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.688] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0133.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0133.689] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0002d9cf4 | out: lpMode=0xc0002d9cf4) returned 0 [0133.690] GetFileType (hFile=0x2f4) returned 0x1 [0133.690] GetFileType (hFile=0x2f4) returned 0x1 [0133.690] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc0002d9d44 | out: lpFileInformation=0xc0002d9d44) returned 1 [0133.690] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc0002d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d9d28) returned 1 [0133.690] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0133.690] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0000b8000, nNumberOfBytesToRead=0x388, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b8000*, lpNumberOfBytesRead=0xc0002d9c04*=0x188, lpOverlapped=0x0) returned 1 [0133.692] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0000b8188, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b8188*, lpNumberOfBytesRead=0xc0002d9c04*=0x0, lpOverlapped=0x0) returned 1 [0133.692] CloseHandle (hObject=0x2f4) returned 1 [0133.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.698] SetEvent (hEvent=0xc0) returned 1 [0133.698] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F\\*", lpFindFileData=0xc0002d9a08 | out: lpFindFileData=0xc0002d9a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.698] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002d9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.699] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0002d9808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0002d9808*=0xad) returned 1 [0133.701] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.701] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0133.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0133.702] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0002d9d64 | out: lpMode=0xc0002d9d64) returned 0 [0133.704] GetFileType (hFile=0x2cc) returned 0x1 [0133.704] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0002d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.704] CloseHandle (hObject=0x2cc) returned 1 [0133.710] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0133.711] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwFlags=0x1) returned 1 [0133.759] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f698, ulCount=0x10, ulNumEntriesRemoved=0x2c89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f698, ulNumEntriesRemoved=0x2c89f66c) returned 0 [0133.759] SetEvent (hEvent=0x1a0) returned 1 [0133.759] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.760] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.760] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f6a0, ulNumEntriesRemoved=0x2c89f674) returned 0 [0133.760] SetEvent (hEvent=0x1a0) returned 1 [0133.760] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe18*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.766] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.778] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.786] SetEvent (hEvent=0xec) returned 1 [0133.786] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.788] SetEvent (hEvent=0xec) returned 1 [0133.788] SetEvent (hEvent=0x39c) returned 1 [0133.788] VirtualFree (lpAddress=0xc0002fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.789] VirtualFree (lpAddress=0xc00010c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0133.789] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.790] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.790] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.791] VirtualFree (lpAddress=0xc00006c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0133.791] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.792] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.792] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.793] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000c5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc0000c5818*=0x2) returned 1 [0133.796] SetEvent (hEvent=0x39c) returned 1 [0133.796] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc000279808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000279808*=0xad) returned 1 [0133.797] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.798] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0133.798] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0133.799] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0133.799] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc000279d64 | out: lpMode=0xc000279d64) returned 0 [0133.799] GetFileType (hFile=0x2f4) returned 0x1 [0133.800] WriteFile (in: hFile=0x2f4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000279d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000279d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.800] CloseHandle (hObject=0x2f4) returned 1 [0133.800] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), dwFlags=0x1) returned 1 [0133.850] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f698, ulCount=0x10, ulNumEntriesRemoved=0x2c89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f698, ulNumEntriesRemoved=0x2c89f66c) returned 0 [0133.850] SetEvent (hEvent=0x324) returned 1 [0133.851] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.852] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.852] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f6a0, ulNumEntriesRemoved=0x2c89f674) returned 0 [0133.852] SetEvent (hEvent=0x324) returned 1 [0133.853] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe18*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.856] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.867] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.872] SetEvent (hEvent=0x39c) returned 1 [0133.872] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.873] SetEvent (hEvent=0x39c) returned 1 [0133.873] SetEvent (hEvent=0x334) returned 1 [0133.873] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.874] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.875] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.875] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.876] VirtualFree (lpAddress=0xc000078000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.876] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.877] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.877] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.878] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00015b818, lpReserved=0x0 | out: lpBuffer=0xc00005e008*, lpNumberOfCharsWritten=0xc00015b818*=0x2) returned 1 [0133.880] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.889] SetEvent (hEvent=0x334) returned 1 [0133.889] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0133.889] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0133.890] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0133.891] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000129cf4 | out: lpMode=0xc000129cf4) returned 0 [0133.891] GetFileType (hFile=0x2f0) returned 0x1 [0133.891] GetFileType (hFile=0x2f0) returned 0x1 [0133.891] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc000129d44 | out: lpFileInformation=0xc000129d44) returned 1 [0133.891] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc000129d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000129d28) returned 1 [0133.891] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0133.892] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0000ce000, nNumberOfBytesToRead=0x3ec, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesRead=0xc000129c04*=0x1ec, lpOverlapped=0x0) returned 1 [0133.893] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0000ce1ec, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce1ec*, lpNumberOfBytesRead=0xc000129c04*=0x0, lpOverlapped=0x0) returned 1 [0133.893] CloseHandle (hObject=0x2f0) returned 1 [0133.893] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0133.894] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0133.894] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.902] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0133.902] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001\\*", lpFindFileData=0xc000129a08 | out: lpFindFileData=0xc000129a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.902] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000129720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.902] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc000129808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000129808*=0xad) returned 1 [0133.904] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0133.904] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.905] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0133.905] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0133.905] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000129d64 | out: lpMode=0xc000129d64) returned 0 [0133.906] GetFileType (hFile=0x2f0) returned 0x1 [0133.906] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000129d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000129d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.906] CloseHandle (hObject=0x2f0) returned 1 [0133.908] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), dwFlags=0x1) returned 1 [0133.960] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f698, ulCount=0x10, ulNumEntriesRemoved=0x2c89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f698, ulNumEntriesRemoved=0x2c89f66c) returned 0 [0133.960] SetEvent (hEvent=0xec) returned 1 [0133.960] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.982] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0133.983] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f6a0, ulNumEntriesRemoved=0x2c89f674) returned 0 [0133.983] SetEvent (hEvent=0xec) returned 1 [0133.983] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe18*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.987] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.004] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.014] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.018] SetEvent (hEvent=0x39c) returned 1 [0134.018] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.019] SetEvent (hEvent=0x39c) returned 1 [0134.019] SetEvent (hEvent=0x334) returned 1 [0134.019] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.019] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.020] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.020] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.021] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.021] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.022] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.022] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00015b818, lpReserved=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfCharsWritten=0xc00015b818*=0x2) returned 1 [0134.025] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.033] SetEvent (hEvent=0x334) returned 1 [0134.033] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0134.033] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0134.034] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0134.035] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc00015bcf4 | out: lpMode=0xc00015bcf4) returned 0 [0134.036] GetFileType (hFile=0x2f0) returned 0x1 [0134.036] GetFileType (hFile=0x2f0) returned 0x1 [0134.036] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc00015bd44 | out: lpFileInformation=0xc00015bd44) returned 1 [0134.036] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc00015bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015bd28) returned 1 [0134.036] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0134.037] ReadFile (in: hFile=0x2f0, lpBuffer=0xc000056000, nNumberOfBytesToRead=0x38e, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesRead=0xc00015bc04*=0x18e, lpOverlapped=0x0) returned 1 [0134.038] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00005618e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005618e*, lpNumberOfBytesRead=0xc00015bc04*=0x0, lpOverlapped=0x0) returned 1 [0134.038] CloseHandle (hObject=0x2f0) returned 1 [0134.038] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0134.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.045] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0134.046] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE\\*", lpFindFileData=0xc00015ba08 | out: lpFindFileData=0xc00015ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0134.046] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00015b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0134.046] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc00015b808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc00015b808*=0xad) returned 1 [0134.048] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0134.048] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0134.048] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0134.049] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0134.049] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc00015bd64 | out: lpMode=0xc00015bd64) returned 0 [0134.049] GetFileType (hFile=0x2f0) returned 0x1 [0134.050] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00015bd4c*=0x158, lpOverlapped=0x0) returned 1 [0134.050] CloseHandle (hObject=0x2f0) returned 1 [0134.050] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), dwFlags=0x1) returned 1 [0134.102] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f698, ulCount=0x10, ulNumEntriesRemoved=0x2c89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f698, ulNumEntriesRemoved=0x2c89f66c) returned 0 [0134.102] SetEvent (hEvent=0xec) returned 1 [0134.102] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0134.104] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe08*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.104] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.104] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2c89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2c89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2c89f6a0, ulNumEntriesRemoved=0x2c89f674) returned 0 [0134.105] SetEvent (hEvent=0xec) returned 1 [0134.105] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2c89fe18*=0x30c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.109] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.132] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.143] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.148] SetEvent (hEvent=0x39c) returned 1 [0134.148] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.149] SetEvent (hEvent=0x39c) returned 1 [0134.149] SetEvent (hEvent=0x334) returned 1 [0134.149] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.150] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.150] VirtualFree (lpAddress=0xc00004c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0134.151] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.151] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.152] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.152] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000c3818, lpReserved=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfCharsWritten=0xc0000c3818*=0x2) returned 1 [0134.154] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.165] SetEvent (hEvent=0x334) returned 1 [0134.165] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0134.165] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0134.166] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0134.167] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001cbcf4 | out: lpMode=0xc0001cbcf4) returned 0 [0134.184] GetFileType (hFile=0x2f0) returned 0x1 [0134.184] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0134.184] GetFileType (hFile=0x2f0) returned 0x1 [0134.185] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0001cbd44 | out: lpFileInformation=0xc0001cbd44) returned 1 [0134.185] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0001cbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cbd28) returned 1 [0134.185] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0134.185] ReadFile (in: hFile=0x2f0, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x3a0, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc0001cbc04*=0x1a0, lpOverlapped=0x0) returned 1 [0134.186] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0000941a0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000941a0*, lpNumberOfBytesRead=0xc0001cbc04*=0x0, lpOverlapped=0x0) returned 1 [0134.187] CloseHandle (hObject=0x2f0) returned 1 [0134.187] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0134.187] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0134.188] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0134.189] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.251] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.277] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0134.278] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1\\*", lpFindFileData=0xc0001cba08 | out: lpFindFileData=0xc0001cba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0134.278] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001cb720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0134.278] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0134.279] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0001cb808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0001cb808*=0xad) returned 1 [0134.284] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a101 | out: pbBuffer=0xc00028a101) returned 1 [0134.284] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0134.284] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001cbd64 | out: lpMode=0xc0001cbd64) returned 0 [0134.302] GetFileType (hFile=0x1b0) returned 0x1 [0134.302] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000058580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000058580*, lpNumberOfBytesWritten=0xc0001cbd4c*=0x158, lpOverlapped=0x0) returned 1 [0134.302] CloseHandle (hObject=0x1b0) returned 1 [0134.302] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0134.303] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwFlags=0x1) returned 1 [0134.305] SetEvent (hEvent=0xec) returned 1 [0134.305] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.562] SetEvent (hEvent=0x39c) returned 1 [0134.562] SetEvent (hEvent=0xfc) returned 1 [0134.562] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.913] SetEvent (hEvent=0x114) returned 1 [0134.914] SetEvent (hEvent=0xfc) returned 1 [0134.914] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.950] SetEvent (hEvent=0x114) returned 1 [0134.950] SetEvent (hEvent=0x334) returned 1 [0134.950] SetEvent (hEvent=0xfc) returned 1 [0134.950] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.954] SetEvent (hEvent=0x324) returned 1 [0134.955] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0134.957] SetEvent (hEvent=0x334) returned 1 [0134.957] VirtualFree (lpAddress=0xc00010c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.957] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.958] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.958] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.959] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.959] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.959] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.960] VirtualFree (lpAddress=0xc00004c000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0134.960] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.961] VirtualFree (lpAddress=0xc000260000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0134.961] SetEvent (hEvent=0x324) returned 1 [0134.961] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0135.652] SetEvent (hEvent=0x114) returned 1 [0135.652] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0006e4000, nNumberOfBytesToRead=0x182ae2a, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0006e4000*, lpNumberOfBytesRead=0xc00013fc04*=0x182ac2a, lpOverlapped=0x0) returned 1 [0136.782] ReadFile (in: hFile=0x2f4, lpBuffer=0xc001f0ec2a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc001f0ec2a*, lpNumberOfBytesRead=0xc00013fc04*=0x0, lpOverlapped=0x0) returned 1 [0136.782] CloseHandle (hObject=0x2f4) returned 1 [0136.782] VirtualAlloc (lpAddress=0xc003000000, dwSize=0x1c00000, flAllocationType=0x2000, flProtect=0x4) returned 0xc003000000 [0136.784] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x2e9f0000 [0136.784] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x2ea20000 [0136.784] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x2ea50000 [0136.785] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x2ea80000 [0136.785] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x2eab0000 [0136.786] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x2eae0000 [0136.786] VirtualAlloc (lpAddress=0x0, dwSize=0x21088, flAllocationType=0x3000, flProtect=0x4) returned 0x2eb10000 [0136.787] VirtualAlloc (lpAddress=0xc001f10000, dwSize=0x182c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.787] VirtualAlloc (lpAddress=0xc001f10000, dwSize=0x182c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.787] VirtualAlloc (lpAddress=0xc001f10000, dwSize=0xc16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc001f10000 [0136.823] VirtualAlloc (lpAddress=0xc002b26000, dwSize=0xc16000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.823] VirtualAlloc (lpAddress=0xc002b26000, dwSize=0x60b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.823] VirtualAlloc (lpAddress=0xc002b26000, dwSize=0x305000, flAllocationType=0x1000, flProtect=0x4) returned 0xc002b26000 [0136.833] VirtualAlloc (lpAddress=0xc002e2b000, dwSize=0x911000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.833] VirtualAlloc (lpAddress=0xc002e2b000, dwSize=0x488000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.833] VirtualAlloc (lpAddress=0xc002e2b000, dwSize=0x244000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.833] VirtualAlloc (lpAddress=0xc002e2b000, dwSize=0x122000, flAllocationType=0x1000, flProtect=0x4) returned 0xc002e2b000 [0136.837] VirtualAlloc (lpAddress=0xc002f4d000, dwSize=0x7ef000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.837] VirtualAlloc (lpAddress=0xc002f4d000, dwSize=0x3f7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.837] VirtualAlloc (lpAddress=0xc002f4d000, dwSize=0x1fb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.837] VirtualAlloc (lpAddress=0xc002f4d000, dwSize=0xfd000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.837] VirtualAlloc (lpAddress=0xc002f4d000, dwSize=0x7e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc002f4d000 [0136.839] VirtualAlloc (lpAddress=0xc002fcb000, dwSize=0x771000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.839] VirtualAlloc (lpAddress=0xc002fcb000, dwSize=0x3b8000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.839] VirtualAlloc (lpAddress=0xc002fcb000, dwSize=0x1dc000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.839] VirtualAlloc (lpAddress=0xc002fcb000, dwSize=0xee000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.839] VirtualAlloc (lpAddress=0xc002fcb000, dwSize=0x77000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.839] VirtualAlloc (lpAddress=0xc002fcb000, dwSize=0x3b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.839] VirtualAlloc (lpAddress=0xc002fcb000, dwSize=0x1d000, flAllocationType=0x1000, flProtect=0x4) returned 0xc002fcb000 [0136.840] VirtualAlloc (lpAddress=0xc002fe8000, dwSize=0x754000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.840] VirtualAlloc (lpAddress=0xc002fe8000, dwSize=0x3aa000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.840] VirtualAlloc (lpAddress=0xc002fe8000, dwSize=0x1d5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.840] VirtualAlloc (lpAddress=0xc002fe8000, dwSize=0xea000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.840] VirtualAlloc (lpAddress=0xc002fe8000, dwSize=0x75000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.840] VirtualAlloc (lpAddress=0xc002fe8000, dwSize=0x3a000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.840] VirtualAlloc (lpAddress=0xc002fe8000, dwSize=0x1d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.840] VirtualAlloc (lpAddress=0xc002fe8000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc002fe8000 [0136.841] VirtualAlloc (lpAddress=0xc002ff6000, dwSize=0x746000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.841] VirtualAlloc (lpAddress=0xc002ff6000, dwSize=0x3a3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.841] VirtualAlloc (lpAddress=0xc002ff6000, dwSize=0x1d1000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.841] VirtualAlloc (lpAddress=0xc002ff6000, dwSize=0xe8000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.841] VirtualAlloc (lpAddress=0xc002ff6000, dwSize=0x74000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.841] VirtualAlloc (lpAddress=0xc002ff6000, dwSize=0x3a000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.841] VirtualAlloc (lpAddress=0xc002ff6000, dwSize=0x1d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.841] VirtualAlloc (lpAddress=0xc002ff6000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.841] VirtualAlloc (lpAddress=0xc002ff6000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0xc002ff6000 [0136.842] VirtualAlloc (lpAddress=0xc002ffd000, dwSize=0x73f000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.842] VirtualAlloc (lpAddress=0xc002ffd000, dwSize=0x39f000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.842] VirtualAlloc (lpAddress=0xc002ffd000, dwSize=0x1cf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.842] VirtualAlloc (lpAddress=0xc002ffd000, dwSize=0xe7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.842] VirtualAlloc (lpAddress=0xc002ffd000, dwSize=0x73000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.842] VirtualAlloc (lpAddress=0xc002ffd000, dwSize=0x39000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.842] VirtualAlloc (lpAddress=0xc002ffd000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.842] VirtualAlloc (lpAddress=0xc002ffd000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.842] VirtualAlloc (lpAddress=0xc002ffd000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0136.842] VirtualAlloc (lpAddress=0xc002ffd000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0xc002ffd000 [0136.843] VirtualAlloc (lpAddress=0xc003000000, dwSize=0x73c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc003000000 [0136.887] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0136.888] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0136.888] VirtualFree (lpAddress=0xc000232000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0136.889] VirtualFree (lpAddress=0xc00021e000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0136.889] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0136.890] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0136.890] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0136.891] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0136.891] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0136.891] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0136.892] VirtualFree (lpAddress=0xc00010c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0136.892] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0136.893] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0136.893] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0136.894] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0136.894] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0136.895] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0136.895] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0136.895] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0136.896] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0136.896] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0136.897] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0136.897] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0136.897] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0136.898] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0136.898] SetEvent (hEvent=0xfc) returned 1 [0136.898] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0137.163] SetEvent (hEvent=0x324) returned 1 [0137.163] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0137.167] SetEvent (hEvent=0x334) returned 1 [0137.167] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0137.175] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0137.176] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0002d5d04 | out: lpMode=0xc0002d5d04) returned 0 [0137.177] GetFileType (hFile=0x384) returned 0x1 [0137.177] WriteFile (in: hFile=0x384, lpBuffer=0xc0001a6000*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0xc0002d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001a6000*, lpNumberOfBytesWritten=0xc0002d5cec*=0x5b0, lpOverlapped=0x0) returned 1 [0137.178] CloseHandle (hObject=0x384) returned 1 [0137.179] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0101 | out: pbBuffer=0xc0002f0101) returned 1 [0137.179] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0137.179] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0137.180] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0002d5d64 | out: lpMode=0xc0002d5d64) returned 0 [0137.182] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0137.312] GetFileType (hFile=0x384) returned 0x1 [0137.312] WriteFile (in: hFile=0x384, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0002d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0137.312] CloseHandle (hObject=0x384) returned 1 [0137.313] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\encry-Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\encry-internet explorer.lnk"), dwFlags=0x1) returned 1 [0137.774] SwitchToThread () returned 1 [0137.787] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0137.793] SetEvent (hEvent=0x39c) returned 1 [0137.793] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0137.797] VirtualFree (lpAddress=0xc00025a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0137.798] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0137.798] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0137.799] VirtualFree (lpAddress=0xc00021c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0137.804] VirtualFree (lpAddress=0xc000208000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0137.804] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0137.805] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0137.806] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0137.806] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0137.806] VirtualFree (lpAddress=0xc000198000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0137.807] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0137.807] VirtualFree (lpAddress=0xc00004c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0137.808] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0137.808] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0137.808] SetEvent (hEvent=0xec) returned 1 [0137.808] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0138.015] SetEvent (hEvent=0x39c) returned 1 [0138.015] SetEvent (hEvent=0x354) returned 1 [0138.015] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0138.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0138.532] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000047cf4 | out: lpMode=0xc000047cf4) returned 0 [0138.533] GetFileType (hFile=0x384) returned 0x1 [0138.533] GetFileType (hFile=0x384) returned 0x1 [0138.533] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc000047d44 | out: lpFileInformation=0xc000047d44) returned 1 [0138.533] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc000047d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000047d28) returned 1 [0138.533] ReadFile (in: hFile=0x384, lpBuffer=0xc00010c700, nNumberOfBytesToRead=0x6cc, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc00010c700*, lpNumberOfBytesRead=0xc000047c04*=0x4cc, lpOverlapped=0x0) returned 1 [0138.548] ReadFile (in: hFile=0x384, lpBuffer=0xc00010cbcc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc00010cbcc*, lpNumberOfBytesRead=0xc000047c04*=0x0, lpOverlapped=0x0) returned 1 [0138.548] CloseHandle (hObject=0x384) returned 1 [0138.548] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0138.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0138.550] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000047d04 | out: lpMode=0xc000047d04) returned 0 [0138.558] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0138.620] SwitchToThread () returned 1 [0138.621] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0138.713] SetEvent (hEvent=0x12c) returned 1 [0138.713] SetEvent (hEvent=0x354) returned 1 [0138.713] SwitchToThread () returned 1 [0138.747] SetEvent (hEvent=0x12c) returned 1 [0138.747] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0138.762] SwitchToThread () returned 1 [0138.772] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00027b818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc00027b818*=0x3) returned 1 [0138.798] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010036*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001f9818, lpReserved=0x0 | out: lpBuffer=0xc000010036*, lpNumberOfCharsWritten=0xc0001f9818*=0x3) returned 1 [0138.808] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0138.826] SetEvent (hEvent=0x3c8) returned 1 [0138.826] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0138.827] SetEvent (hEvent=0x354) returned 1 [0138.828] SetEvent (hEvent=0x334) returned 1 [0138.828] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0138.829] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00027bcf4 | out: lpMode=0xc00027bcf4) returned 0 [0138.830] GetFileType (hFile=0x36c) returned 0x1 [0138.830] GetFileType (hFile=0x36c) returned 0x1 [0138.830] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc00027bd44 | out: lpFileInformation=0xc00027bd44) returned 1 [0138.830] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc00027bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027bd28) returned 1 [0138.830] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0138.831] ReadFile (in: hFile=0x36c, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x9582, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc00027bc04*=0x9382, lpOverlapped=0x0) returned 1 [0138.840] ReadFile (in: hFile=0x36c, lpBuffer=0xc00021b382, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021b382*, lpNumberOfBytesRead=0xc00027bc04*=0x0, lpOverlapped=0x0) returned 1 [0138.840] CloseHandle (hObject=0x36c) returned 1 [0138.840] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0138.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0138.843] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00027bd04 | out: lpMode=0xc00027bd04) returned 0 [0138.847] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0138.941] SetEvent (hEvent=0x39c) returned 1 [0138.942] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0139.149] SetEvent (hEvent=0x39c) returned 1 [0139.149] SetEvent (hEvent=0x3c8) returned 1 [0139.149] VirtualFree (lpAddress=0xc000212000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0139.150] VirtualFree (lpAddress=0xc0001a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.150] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.151] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0139.151] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.151] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.152] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0139.152] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.152] VirtualFree (lpAddress=0xc000076000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0139.153] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.153] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.153] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.154] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.154] GetFileType (hFile=0x2f0) returned 0x1 [0139.155] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0001b0160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00011bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001b0160*, lpNumberOfBytesWritten=0xc00011bd4c*=0x158, lpOverlapped=0x0) returned 1 [0139.155] CloseHandle (hObject=0x2f0) returned 1 [0139.155] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0139.156] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0139.156] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\encry-Shows Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\encry-shows desktop.lnk"), dwFlags=0x1) returned 1 [0139.158] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0139.158] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0139.160] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0139.161] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0139.161] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat\\*", lpFindFileData=0xc0006e3a08 | out: lpFindFileData=0xc0006e3a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0139.161] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0006e3720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0139.161] GetFileType (hFile=0x384) returned 0x1 [0139.161] WriteFile (in: hFile=0x384, lpBuffer=0xc000040000*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0xc000047cec, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesWritten=0xc000047cec*=0x4d0, lpOverlapped=0x0) returned 1 [0139.162] CloseHandle (hObject=0x384) returned 1 [0139.163] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0101 | out: pbBuffer=0xc0002f0101) returned 1 [0139.164] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0139.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0139.164] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000047d64 | out: lpMode=0xc000047d64) returned 0 [0139.279] GetFileType (hFile=0x384) returned 0x1 [0139.279] WriteFile (in: hFile=0x384, lpBuffer=0xc0001b0580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000047d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001b0580*, lpNumberOfBytesWritten=0xc000047d4c*=0x158, lpOverlapped=0x0) returned 1 [0139.279] CloseHandle (hObject=0x384) returned 1 [0139.279] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\encry-Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\encry-windows explorer.lnk"), dwFlags=0x1) returned 1 [0139.282] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0139.282] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0001fdd64 | out: lpMode=0xc0001fdd64) returned 0 [0139.363] GetFileType (hFile=0x384) returned 0x1 [0139.363] WriteFile (in: hFile=0x384, lpBuffer=0xc0001b09a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001b09a0*, lpNumberOfBytesWritten=0xc0001fdd4c*=0x158, lpOverlapped=0x0) returned 1 [0139.363] CloseHandle (hObject=0x384) returned 1 [0139.363] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\encry-Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\encry-launch internet explorer browser.lnk"), dwFlags=0x1) returned 1 [0139.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0139.556] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0004ddcf4 | out: lpMode=0xc0004ddcf4) returned 0 [0139.624] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0139.675] SetEvent (hEvent=0x39c) returned 1 [0139.675] GetFileType (hFile=0x384) returned 0x1 [0139.675] GetFileType (hFile=0x384) returned 0x1 [0139.675] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc0004ddd44 | out: lpFileInformation=0xc0004ddd44) returned 1 [0139.675] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc0004ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004ddd28) returned 1 [0139.675] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0139.687] ReadFile (in: hFile=0x384, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x5f800, lpNumberOfBytesRead=0xc0004ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc0004ddc04*=0x5f600, lpOverlapped=0x0) returned 1 [0139.701] ReadFile (in: hFile=0x384, lpBuffer=0xc0003a5600, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003a5600*, lpNumberOfBytesRead=0xc0004ddc04*=0x0, lpOverlapped=0x0) returned 1 [0139.701] CloseHandle (hObject=0x384) returned 1 [0139.701] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0139.701] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0139.701] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0139.701] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0139.701] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0139.701] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0139.701] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0139.701] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0139.702] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x5f000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0139.702] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x2f000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0139.702] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x17000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0139.702] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0139.702] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0139.702] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0139.702] VirtualAlloc (lpAddress=0xc0003ff000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ff000 [0139.703] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x5e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0139.713] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0139.713] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0139.719] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0004ddd04 | out: lpMode=0xc0004ddd04) returned 0 [0139.735] GetFileType (hFile=0x384) returned 0x1 [0139.735] WriteFile (in: hFile=0x384, lpBuffer=0xc0003fe000*, nNumberOfBytesToWrite=0x5f610, lpNumberOfBytesWritten=0xc0004ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesWritten=0xc0004ddcec*=0x5f610, lpOverlapped=0x0) returned 1 [0139.743] CloseHandle (hObject=0x384) returned 1 [0139.743] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0139.743] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0139.744] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0139.745] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0139.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0139.745] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0004ddd64 | out: lpMode=0xc0004ddd64) returned 0 [0139.763] GetFileType (hFile=0x384) returned 0x1 [0139.763] WriteFile (in: hFile=0x384, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0004ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0139.764] CloseHandle (hObject=0x384) returned 1 [0139.764] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0139.765] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0139.765] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\encry-Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\encry-global.mpt"), dwFlags=0x1) returned 1 [0139.767] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0139.768] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0001cfcf4 | out: lpMode=0xc0001cfcf4) returned 0 [0139.779] GetFileType (hFile=0x384) returned 0x1 [0139.779] GetFileType (hFile=0x384) returned 0x1 [0139.779] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc0001cfd44 | out: lpFileInformation=0xc0001cfd44) returned 1 [0139.779] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc0001cfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cfd28) returned 1 [0139.779] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0139.780] ReadFile (in: hFile=0x384, lpBuffer=0xc0000ce000, nNumberOfBytesToRead=0x79a, lpNumberOfBytesRead=0xc0001cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesRead=0xc0001cfc04*=0x59a, lpOverlapped=0x0) returned 1 [0139.798] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0139.812] ReadFile (in: hFile=0x384, lpBuffer=0xc0000ce59a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce59a*, lpNumberOfBytesRead=0xc0001cfc04*=0x0, lpOverlapped=0x0) returned 1 [0139.813] CloseHandle (hObject=0x384) returned 1 [0139.813] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0139.814] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0139.815] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0139.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0139.816] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0001cfd04 | out: lpMode=0xc0001cfd04) returned 0 [0139.825] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0139.841] GetFileType (hFile=0x384) returned 0x1 [0139.841] WriteFile (in: hFile=0x384, lpBuffer=0xc00006a000*, nNumberOfBytesToWrite=0x5a0, lpNumberOfBytesWritten=0xc0001cfcec, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesWritten=0xc0001cfcec*=0x5a0, lpOverlapped=0x0) returned 1 [0139.842] CloseHandle (hObject=0x384) returned 1 [0139.842] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0139.843] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0139.843] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0001cfd64 | out: lpMode=0xc0001cfd64) returned 0 [0139.858] GetFileType (hFile=0x384) returned 0x1 [0139.858] WriteFile (in: hFile=0x384, lpBuffer=0xc000104580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104580*, lpNumberOfBytesWritten=0xc0001cfd4c*=0x158, lpOverlapped=0x0) returned 1 [0139.858] CloseHandle (hObject=0x384) returned 1 [0139.858] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\encry-Global.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\encry-global.lnk"), dwFlags=0x1) returned 1 [0139.860] SetEvent (hEvent=0x3c8) returned 1 [0139.860] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0139.873] SetEvent (hEvent=0x39c) returned 1 [0139.873] SetEvent (hEvent=0xfc) returned 1 [0139.873] SetEvent (hEvent=0xec) returned 1 [0139.874] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0139.896] SetEvent (hEvent=0x3c8) returned 1 [0139.896] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0139.978] SetEvent (hEvent=0x39c) returned 1 [0139.978] SetEvent (hEvent=0x12c) returned 1 [0139.978] SetEvent (hEvent=0x3c8) returned 1 [0139.978] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.084] SetEvent (hEvent=0x12c) returned 1 [0140.084] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.157] SetEvent (hEvent=0x39c) returned 1 [0140.157] SetEvent (hEvent=0x12c) returned 1 [0140.157] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.162] SetEvent (hEvent=0x354) returned 1 [0140.162] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.192] SetEvent (hEvent=0x12c) returned 1 [0140.192] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.199] SetEvent (hEvent=0xfc) returned 1 [0140.199] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.468] SetEvent (hEvent=0x39c) returned 1 [0140.468] SetEvent (hEvent=0x3c8) returned 1 [0140.468] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.537] SetEvent (hEvent=0x354) returned 1 [0140.537] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.542] SetEvent (hEvent=0x354) returned 1 [0140.542] SetEvent (hEvent=0x324) returned 1 [0140.542] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.542] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.543] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0140.543] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.543] VirtualFree (lpAddress=0xc000078000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.544] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.544] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.545] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.545] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.545] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.546] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.546] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.546] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0140.548] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001b9cf4 | out: lpMode=0xc0001b9cf4) returned 0 [0140.555] GetFileType (hFile=0x2f0) returned 0x1 [0140.555] GetFileType (hFile=0x2f0) returned 0x1 [0140.555] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0001b9d44 | out: lpFileInformation=0xc0001b9d44) returned 1 [0140.555] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0001b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b9d28) returned 1 [0140.555] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0140.558] ReadFile (in: hFile=0x2f0, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x529b, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0001b9c04*=0x509b, lpOverlapped=0x0) returned 1 [0140.580] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00021709b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021709b*, lpNumberOfBytesRead=0xc0001b9c04*=0x0, lpOverlapped=0x0) returned 1 [0140.580] CloseHandle (hObject=0x2f0) returned 1 [0140.581] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0140.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0140.583] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001b9d04 | out: lpMode=0xc0001b9d04) returned 0 [0140.593] GetFileType (hFile=0x2f0) returned 0x1 [0140.593] WriteFile (in: hFile=0x2f0, lpBuffer=0xc000217500*, nNumberOfBytesToWrite=0x50a0, lpNumberOfBytesWritten=0xc0001b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000217500*, lpNumberOfBytesWritten=0xc0001b9cec*=0x50a0, lpOverlapped=0x0) returned 1 [0140.595] CloseHandle (hObject=0x2f0) returned 1 [0140.595] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0140.595] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0140.596] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0140.597] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0140.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0140.598] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001b9d64 | out: lpMode=0xc0001b9d64) returned 0 [0140.607] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.617] GetFileType (hFile=0x2f0) returned 0x1 [0140.617] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.626] SetEvent (hEvent=0xfc) returned 1 [0140.626] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.628] SetEvent (hEvent=0x324) returned 1 [0140.628] SetEvent (hEvent=0x12c) returned 1 [0140.629] SetEvent (hEvent=0xfc) returned 1 [0140.629] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.632] VirtualFree (lpAddress=0xc000212000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0140.633] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.634] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.634] VirtualFree (lpAddress=0xc0001a6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.634] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.635] VirtualFree (lpAddress=0xc000198000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.635] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.636] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.636] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.636] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0140.637] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.637] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.638] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.638] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.639] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.639] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.640] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.641] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.641] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.671] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.672] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.672] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.673] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.674] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.674] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.674] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.675] SetEvent (hEvent=0xfc) returned 1 [0140.675] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.731] SetEvent (hEvent=0x12c) returned 1 [0140.731] SetEvent (hEvent=0x3c8) returned 1 [0140.731] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.742] SetEvent (hEvent=0x12c) returned 1 [0140.742] SetEvent (hEvent=0x354) returned 1 [0140.742] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.747] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.747] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.748] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.748] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.748] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.749] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.749] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0210*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000155818, lpReserved=0x0 | out: lpBuffer=0xc0000a0210*, lpNumberOfCharsWritten=0xc000155818*=0x3) returned 1 [0140.756] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0140.757] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000036000*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000049808, lpReserved=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfCharsWritten=0xc000049808*=0xac) returned 1 [0140.761] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.767] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0140.767] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0301 | out: pbBuffer=0xc0002f0301) returned 1 [0140.767] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0140.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0140.768] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000049d64 | out: lpMode=0xc000049d64) returned 0 [0140.770] GetFileType (hFile=0x2f0) returned 0x1 [0140.770] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0001e2840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000049d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2840*, lpNumberOfBytesWritten=0xc000049d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.771] CloseHandle (hObject=0x2f0) returned 1 [0140.772] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\encry-915f9e3b-485d-4f89-a291-82a5ad3b0ee7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\encry-915f9e3b-485d-4f89-a291-82a5ad3b0ee7"), dwFlags=0x1) returned 1 [0140.774] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.776] SetEvent (hEvent=0x12c) returned 1 [0140.776] SetEvent (hEvent=0x324) returned 1 [0140.776] VirtualFree (lpAddress=0xc0001e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.777] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.777] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.778] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.778] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.779] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.779] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.780] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000135818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc000135818*=0x3) returned 1 [0140.781] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.785] SetEvent (hEvent=0x12c) returned 1 [0140.785] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010036*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000151818, lpReserved=0x0 | out: lpBuffer=0xc000010036*, lpNumberOfCharsWritten=0xc000151818*=0x3) returned 1 [0140.786] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0210*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000277818, lpReserved=0x0 | out: lpBuffer=0xc0000a0210*, lpNumberOfCharsWritten=0xc000277818*=0x3) returned 1 [0140.793] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0216*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00026d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0216*, lpNumberOfCharsWritten=0xc00026d818*=0x3) returned 1 [0140.804] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.815] SetEvent (hEvent=0xfc) returned 1 [0140.815] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0140.815] SetEvent (hEvent=0x324) returned 1 [0140.815] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.825] SetEvent (hEvent=0x324) returned 1 [0140.825] SetEvent (hEvent=0x12c) returned 1 [0140.825] SwitchToThread () returned 1 [0140.829] SetEvent (hEvent=0x324) returned 1 [0140.829] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.841] SetEvent (hEvent=0x324) returned 1 [0140.841] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.843] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002060c8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000243818, lpReserved=0x0 | out: lpBuffer=0xc0002060c8*, lpNumberOfCharsWritten=0xc000243818*=0x3) returned 1 [0140.847] SetEvent (hEvent=0xfc) returned 1 [0140.847] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.851] SetEvent (hEvent=0x324) returned 1 [0140.851] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.859] SetEvent (hEvent=0x324) returned 1 [0140.860] SetEvent (hEvent=0xfc) returned 1 [0140.860] SwitchToThread () returned 1 [0140.860] SetEvent (hEvent=0x324) returned 1 [0140.861] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.862] SetEvent (hEvent=0x3c8) returned 1 [0140.862] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.864] SetEvent (hEvent=0x324) returned 1 [0140.864] SetEvent (hEvent=0x3c8) returned 1 [0140.864] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.868] SetEvent (hEvent=0x324) returned 1 [0140.868] SetEvent (hEvent=0x39c) returned 1 [0140.868] SetEvent (hEvent=0x3c8) returned 1 [0140.868] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.876] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f7818, lpReserved=0x0 | out: lpBuffer=0xc000010080*, lpNumberOfCharsWritten=0xc0000f7818*=0x3) returned 1 [0140.878] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010086*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001f9818, lpReserved=0x0 | out: lpBuffer=0xc000010086*, lpNumberOfCharsWritten=0xc0001f9818*=0x3) returned 1 [0140.883] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.884] SetEvent (hEvent=0x3c8) returned 1 [0140.884] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.884] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004dd818, lpReserved=0x0 | out: lpBuffer=0xc000010060*, lpNumberOfCharsWritten=0xc0004dd818*=0x3) returned 1 [0140.890] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000b6000*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0001cd808, lpReserved=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfCharsWritten=0xc0001cd808*=0xac) returned 1 [0140.892] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.901] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0140.901] SetEvent (hEvent=0x3c8) returned 1 [0140.901] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0140.902] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0140.902] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0140.902] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001cdd64 | out: lpMode=0xc0001cdd64) returned 0 [0140.906] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.908] GetFileType (hFile=0x1ec) returned 0x1 [0140.908] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000b6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6580*, lpNumberOfBytesWritten=0xc0001cdd4c*=0x158, lpOverlapped=0x0) returned 1 [0140.909] CloseHandle (hObject=0x1ec) returned 1 [0140.909] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\encry-102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\encry-102a7bc8-3f85-4bb4-840a-38257d2965d2"), dwFlags=0x1) returned 1 [0140.911] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0140.912] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.912] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000b6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6840*, lpNumberOfBytesWritten=0xc0002dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0140.913] CloseHandle (hObject=0x36c) returned 1 [0140.913] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0140.914] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\encry-Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\encry-preferred"), dwFlags=0x1) returned 1 [0140.915] GetFileType (hFile=0x2cc) returned 0x1 [0140.915] GetFileType (hFile=0x2cc) returned 0x1 [0140.915] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc000135d44 | out: lpFileInformation=0xc000135d44) returned 1 [0140.915] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc000135d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000135d28) returned 1 [0140.916] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00004c780, nNumberOfBytesToRead=0x256, lpNumberOfBytesRead=0xc000135c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c780*, lpNumberOfBytesRead=0xc000135c04*=0x56, lpOverlapped=0x0) returned 1 [0140.916] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00004c7d6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000135c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c7d6*, lpNumberOfBytesRead=0xc000135c04*=0x0, lpOverlapped=0x0) returned 1 [0140.917] CloseHandle (hObject=0x2cc) returned 1 [0140.917] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0140.918] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000135d04 | out: lpMode=0xc000135d04) returned 0 [0140.921] GetFileType (hFile=0x2cc) returned 0x1 [0140.921] WriteFile (in: hFile=0x2cc, lpBuffer=0xc000344000*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0xc000135cec, lpOverlapped=0x0 | out: lpBuffer=0xc000344000*, lpNumberOfBytesWritten=0xc000135cec*=0x60, lpOverlapped=0x0) returned 1 [0140.922] CloseHandle (hObject=0x2cc) returned 1 [0140.922] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0401 | out: pbBuffer=0xc0002f0401) returned 1 [0140.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0140.923] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000135d64 | out: lpMode=0xc000135d64) returned 0 [0140.923] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.925] SetEvent (hEvent=0x3c8) returned 1 [0140.925] GetFileType (hFile=0x2cc) returned 0x1 [0140.925] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000135d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000135d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.926] CloseHandle (hObject=0x2cc) returned 1 [0140.926] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0140.926] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0140.927] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0140.927] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\encry-5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\encry-5p5nrgjn0js_halpmcxz@ml314[1].txt"), dwFlags=0x1) returned 1 [0140.929] SwitchToThread () returned 1 [0140.930] SetEvent (hEvent=0x3c8) returned 1 [0140.930] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.930] SetEvent (hEvent=0x3c8) returned 1 [0140.930] SetEvent (hEvent=0x12c) returned 1 [0140.930] SetEvent (hEvent=0xec) returned 1 [0140.930] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.942] SwitchToThread () returned 1 [0140.943] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0140.945] SetEvent (hEvent=0x3c8) returned 1 [0140.945] SetEvent (hEvent=0x12c) returned 1 [0140.945] VirtualFree (lpAddress=0xc0001ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.945] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.945] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.946] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.946] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.947] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.947] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.947] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.947] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.948] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0140.948] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44eb6480, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44eb6480, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44eb6480, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x66, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt", cAlternateFileName="5P9943~1.TXT")) returned 1 [0140.948] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0140.949] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44bd95f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44bd95f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44bd95f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x66, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt", cAlternateFileName="5P37D9~1.TXT")) returned 1 [0140.949] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf73d210, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf73d210, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf73d210, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5d, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adformdsp[1].txt", cAlternateFileName="5P2CBA~1.TXT")) returned 1 [0140.949] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2a0770, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf7d5790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7d5790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adform[1].txt", cAlternateFileName="5P8600~1.TXT")) returned 1 [0140.949] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0140.949] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe5d5130, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0x45f08810, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45f08810, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x242, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adnxs[1].txt", cAlternateFileName="5P89EF~1.TXT")) returned 1 [0140.949] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fcb4b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fcb4b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x65, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adtech[2].txt", cAlternateFileName="5PC5B2~1.TXT")) returned 1 [0140.949] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53c70990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53c70990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53c70990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adtr02[1].txt", cAlternateFileName="5P5NRG~3.TXT")) returned 1 [0140.949] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x517fd8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51332930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x51332930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x125, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@advertising[1].txt", cAlternateFileName="5P5NRG~1.TXT")) returned 1 [0140.949] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54cce0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54cce0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54cce0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@api.bing[2].txt", cAlternateFileName="5P40FC~1.TXT")) returned 1 [0140.950] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4611db50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4611db50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4611db50, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x201, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@at.atwola[1].txt", cAlternateFileName="5P74F0~1.TXT")) returned 1 [0140.950] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x534b4210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x562c6900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x562c6900, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@bing[1].txt", cAlternateFileName="5PBE12~1.TXT")) returned 1 [0140.950] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0140.950] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@c.bing[1].txt", cAlternateFileName="5P5NRG~2.TXT")) returned 1 [0140.950] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbdf95770, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbdf95770, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbdf95770, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x82, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@c.msn[1].txt", cAlternateFileName="5PB89C~1.TXT")) returned 1 [0140.950] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6301df20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63a15b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x63a15b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@doubleclick[2].txt", cAlternateFileName="5P93CC~1.TXT")) returned 1 [0140.950] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61093ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61093ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61093ba0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x256, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@google[1].txt", cAlternateFileName="5P12F9~1.TXT")) returned 1 [0140.950] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x610b9d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61282d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61282d80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@google[3].txt", cAlternateFileName="5P692F~1.TXT")) returned 1 [0140.950] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e777a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x64e777a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x64e777a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x21f, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@google[4].txt", cAlternateFileName="5P3B8C~1.TXT")) returned 1 [0140.950] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x465ba5f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x465ba5f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x465ba5f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@linkedin[1].txt", cAlternateFileName="5P1C80~1.TXT")) returned 1 [0140.950] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfa5cef0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfa5cef0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfa5cef0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x76, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@m.exactag[1].txt", cAlternateFileName="5PD7A3~1.TXT")) returned 1 [0140.950] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50b50050, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50b50050, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50b50050, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x337, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@msn[1].txt", cAlternateFileName="5PBFF9~1.TXT")) returned 1 [0140.950] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5348e0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5348e0b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5348e0b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt", cAlternateFileName="5P5NRG~4.TXT")) returned 1 [0140.950] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf73d210, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf73d210, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf73d210, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x6c, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt", cAlternateFileName="5P4910~1.TXT")) returned 1 [0140.950] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf99e810, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf99e810, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf99e810, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x68, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@skadtec[1].txt", cAlternateFileName="5P37A2~1.TXT")) returned 1 [0140.950] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf54e030, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf54e030, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf54e030, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@track.adform[2].txt", cAlternateFileName="5PD4D3~1.TXT")) returned 1 [0140.951] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x555a9a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x555a9a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x555a9a10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@www.bing[2].txt", cAlternateFileName="5PA943~1.TXT")) returned 1 [0140.951] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54d8c7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54d8c7b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54d8c7b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa9, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@www.linkedin[1].txt", cAlternateFileName="5PC3D9~1.TXT")) returned 1 [0140.951] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4523d1d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x526fc010, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x526fc010, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x402, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@www.msn[2].txt", cAlternateFileName="5PD551~1.TXT")) returned 1 [0140.951] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x432daef0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0140.951] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.951] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0140.951] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.952] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0140.953] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44eb6480, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44eb6480, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44eb6480, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x66)) returned 1 [0140.954] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0140.954] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0140.955] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adfarm1.adition[2].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44bd95f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44bd95f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44bd95f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x66)) returned 1 [0140.955] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0140.955] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0140.956] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adform[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adform[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2a0770, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf7d5790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7d5790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xea)) returned 1 [0140.956] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adformdsp[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf73d210, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf73d210, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf73d210, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5d)) returned 1 [0140.956] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe5d5130, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0x45f08810, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45f08810, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x242)) returned 1 [0140.956] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fcb4b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fcb4b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x65)) returned 1 [0140.957] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtr02[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53c70990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53c70990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53c70990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x52)) returned 1 [0140.957] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@advertising[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@advertising[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x517fd8b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51332930, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x51332930, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x125)) returned 1 [0140.957] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@api.bing[2].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54cce0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54cce0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54cce0d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd)) returned 1 [0140.957] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4611db50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4611db50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4611db50, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x201)) returned 1 [0140.957] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@bing[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x534b4210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x562c6900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x562c6900, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1ea)) returned 1 [0140.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1c8)) returned 1 [0140.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbdf95770, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbdf95770, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbdf95770, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x82)) returned 1 [0140.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@doubleclick[2].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6301df20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63a15b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x63a15b40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110)) returned 1 [0140.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61093ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61093ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61093ba0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x256)) returned 1 [0140.958] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x610b9d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61282d80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61282d80, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc4)) returned 1 [0140.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[4].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[4].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64e777a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x64e777a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x64e777a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x21f)) returned 1 [0140.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x465ba5f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x465ba5f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x465ba5f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x110)) returned 1 [0140.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfa5cef0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfa5cef0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfa5cef0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x76)) returned 1 [0140.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@msn[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50b50050, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50b50050, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50b50050, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x337)) returned 1 [0140.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5348e0b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5348e0b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5348e0b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce)) returned 1 [0140.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf73d210, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf73d210, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf73d210, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x6c)) returned 1 [0140.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf99e810, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf99e810, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf99e810, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x68)) returned 1 [0140.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@track.adform[2].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf54e030, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf54e030, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf54e030, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xb2)) returned 1 [0140.961] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x555a9a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x555a9a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x555a9a10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7)) returned 1 [0140.961] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54d8c7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54d8c7b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54d8c7b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa9)) returned 1 [0140.961] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4523d1d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x526fc010, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x526fc010, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x402)) returned 1 [0140.961] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x432daef0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0140.962] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe2a9ffc0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0140.962] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\iecompatcache"), fInfoLevelId=0x0, lpFileInformation=0xc00005b6a0 | out: lpFileInformation=0xc00005b6a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.962] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\iecompatcache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.963] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\*", lpFindFileData=0xc00005b458 | out: lpFindFileData=0xc00005b458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.963] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.963] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0140.963] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.963] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.963] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\low"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\iecompatcache\\low"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.963] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IECompatCache\\Low\\*", lpFindFileData=0xc00005b380 | out: lpFindFileData=0xc00005b380*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.963] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.963] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.964] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.964] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache"), fInfoLevelId=0x0, lpFileInformation=0xc00005b6a0 | out: lpFileInformation=0xc00005b6a0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.964] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.964] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\*", lpFindFileData=0xc00005b458 | out: lpFindFileData=0xc00005b458*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.964] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.964] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb1912e90, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0140.964] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4f0dcf10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f0dcf10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0140.964] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.964] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.964] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4f0dcf10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f0dcf10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.965] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\*", lpFindFileData=0xc00005b380 | out: lpFindFileData=0xc00005b380*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4f0dcf10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f0dcf10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.965] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4f0dcf10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f0dcf10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.965] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f0dcf10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f0dcf10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x64c3a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0140.965] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.966] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.966] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0140.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x4f0dcf10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f0dcf10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x64c3a3c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x40000)) returned 1 [0140.966] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb1912e90, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x40000)) returned 1 [0140.967] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries"), fInfoLevelId=0x0, lpFileInformation=0xc00005b6a0 | out: lpFileInformation=0xc00005b6a0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d22d5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0140.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.967] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\*", lpFindFileData=0xc00005b458 | out: lpFindFileData=0xc00005b458*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d22d5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.967] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d22d5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.967] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0140.967] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d1e12e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents.library-ms", cAlternateFileName="DOCUME~1.LIB")) returned 1 [0140.967] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d22d5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music.library-ms", cAlternateFileName="MUSIC~1.LIB")) returned 1 [0140.967] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d207440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe23, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures.library-ms", cAlternateFileName="PICTUR~1.LIB")) returned 1 [0140.967] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d207440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe0e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos.library-ms", cAlternateFileName="VIDEOS~1.LIB")) returned 1 [0140.967] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.967] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.967] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d1e12e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2b)) returned 1 [0140.967] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d22d5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe00)) returned 1 [0140.968] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d207440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe23)) returned 1 [0140.968] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d207440, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe0e)) returned 1 [0140.968] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x112)) returned 1 [0140.968] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\network shortcuts"), fInfoLevelId=0x0, lpFileInformation=0xc00005b6a0 | out: lpFileInformation=0xc00005b6a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\network shortcuts"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.968] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\*", lpFindFileData=0xc00005b458 | out: lpFindFileData=0xc00005b458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.969] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.969] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.969] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.969] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\printer shortcuts"), fInfoLevelId=0x0, lpFileInformation=0xc00005b6a0 | out: lpFileInformation=0xc00005b6a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\printer shortcuts"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.969] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\*", lpFindFileData=0xc00005b458 | out: lpFindFileData=0xc00005b458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.969] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0140.970] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.970] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.970] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.970] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie"), fInfoLevelId=0x0, lpFileInformation=0xc00005b6a0 | out: lpFileInformation=0xc00005b6a0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x94fde710, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0x94fde710, ftLastWriteTime.dwHighDateTime=0x1d2fab5, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.971] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.971] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\*", lpFindFileData=0xc00005b458 | out: lpFindFileData=0xc00005b458*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x94fde710, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0x94fde710, ftLastWriteTime.dwHighDateTime=0x1d2fab5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.971] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x94fde710, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0x94fde710, ftLastWriteTime.dwHighDateTime=0x1d2fab5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.971] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x94fde710, ftCreationTime.dwHighDateTime=0x1d2fab5, ftLastAccessTime.dwLowDateTime=0x94fde710, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0x2bc126f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0140.971] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50fa8bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0140.971] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.971] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.971] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50fa8bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.971] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.971] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\*", lpFindFileData=0xc00005b380 | out: lpFindFileData=0xc00005b380*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50fa8bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.972] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x50fa8bb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.972] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x50fa8bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0140.972] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.972] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.972] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x50fa8bb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50fa8bb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1c000)) returned 1 [0140.972] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x94fde710, ftCreationTime.dwHighDateTime=0x1d2fab5, ftLastAccessTime.dwLowDateTime=0x94fde710, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0x2bc126f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0140.980] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent"), fInfoLevelId=0x0, lpFileInformation=0xc00005b6a0 | out: lpFileInformation=0xc00005b6a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe4a9e6a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4a9e6a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xc000)) returned 1 [0140.980] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.980] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\*", lpFindFileData=0xc00005b458 | out: lpFindFileData=0xc00005b458*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe4a9e6a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4a9e6a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.980] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe4a9e6a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4a9e6a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.980] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2200f40, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe36fb120, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe36fb120, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1eaa, dwReserved0=0x0, dwReserved1=0x0, cFileName="-S72hWfUsGFs.lnk", cAlternateFileName="-S72HW~1.LNK")) returned 1 [0140.980] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4412a20, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4412a20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4412a20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1f51, dwReserved0=0x0, dwReserved1=0x0, cFileName="0OwJbeK2.lnk", cAlternateFileName="")) returned 1 [0140.980] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3d60c40, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3d60c40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3d60c40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="0S06kHtuWg41.lnk", cAlternateFileName="0S06KH~1.LNK")) returned 1 [0140.980] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe17bd060, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe17bd060, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe17bd060, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="0S4Zi2d7.ots.lnk", cAlternateFileName="0S4ZI2~1.LNK")) returned 1 [0140.980] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe28d8e80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe28d8e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe28fefe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x12ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="12b49.lnk", cAlternateFileName="")) returned 1 [0140.980] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe17e31c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe469a180, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe46c02e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x9f0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1EyRx-bxddwZPbzqj.lnk", cAlternateFileName="1EYRX-~1.LNK")) returned 1 [0140.980] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2b3a480, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2b3a480, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2b3a480, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1973, dwReserved0=0x0, dwReserved1=0x0, cFileName="1V44lGoDEt.lnk", cAlternateFileName="1V44LG~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0bfc3c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3e1f320, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3e1f320, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x207, dwReserved0=0x0, dwReserved1=0x0, cFileName="1WwC7yDS7iD6Z0TXpq.lnk", cAlternateFileName="1WWC7Y~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3238520, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3238520, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3238520, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x424, dwReserved0=0x0, dwReserved1=0x0, cFileName="2h7BX4wZQWnTK69Gg7f-.mkv.lnk", cAlternateFileName="2H7BX4~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe400e500, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe400e500, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4034660, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1ff0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2SDE9RzJoWYu4.lnk", cAlternateFileName="2SDE9R~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe458f7e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe458f7e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe458f7e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x410, dwReserved0=0x0, dwReserved1=0x0, cFileName="2u4kZIIXg6dDX L4.lnk", cAlternateFileName="2U4KZI~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe41d7580, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe41d7580, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe41d7580, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x2ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="3U_CJfI.lnk", cAlternateFileName="")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe28fefe0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe28fefe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2925140, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xee4, dwReserved0=0x0, dwReserved1=0x0, cFileName="4bT5vX6999HZ.mkv.lnk", cAlternateFileName="4BT5VX~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4484e40, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4484e40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4484e40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x9ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="4dkRC_taB152.flv.lnk", cAlternateFileName="4DKRC_~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe33db440, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe33db440, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe33db440, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x261d, dwReserved0=0x0, dwReserved1=0x0, cFileName="4R9tZtrZGT_1B.lnk", cAlternateFileName="4R9TZT~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2e0dea0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2e0dea0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2e0dea0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf8c, dwReserved0=0x0, dwReserved1=0x0, cFileName="4rI99TmpDHL6.lnk", cAlternateFileName="4RI99T~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe32847e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe32847e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe32847e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xed9, dwReserved0=0x0, dwReserved1=0x0, cFileName="6m-whhzR4vM.mkv.lnk", cAlternateFileName="6M-WHH~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe32123c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe32123c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe32123c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="7apLvZczBPp2aSR6j.flv.lnk", cAlternateFileName="7APLVZ~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe31c6100, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe31c6100, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe31c6100, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x13c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="7znj_LIq7Lm-2.lnk", cAlternateFileName="7ZNJ_L~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe325e680, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe325e680, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe325e680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xe74, dwReserved0=0x0, dwReserved1=0x0, cFileName="88w R.lnk", cAlternateFileName="88WR~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3851d80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3851d80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3851d80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x30c, dwReserved0=0x0, dwReserved1=0x0, cFileName="98_inOjtBT.lnk", cAlternateFileName="98_INO~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4165160, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4165160, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4165160, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1374, dwReserved0=0x0, dwReserved1=0x0, cFileName="a2lzUytuvD.lnk", cAlternateFileName="A2LZUY~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe41b1420, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe41b1420, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe41b1420, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="aeEUqq nGOo.flv.lnk", cAlternateFileName="AEEUQQ~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4bce65c0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x4bce65c0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AutomaticDestinations", cAlternateFileName="AUTOMA~1")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4601c00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4601c00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4601c00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1344, dwReserved0=0x0, dwReserved1=0x0, cFileName="ayjS6X.lnk", cAlternateFileName="")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3805ac0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3805ac0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3805ac0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x9f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bba6tvsVHX1ZrSnNfIY.lnk", cAlternateFileName="BBA6TV~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3f4fe20, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3f4fe20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3f4fe20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3e8, dwReserved0=0x0, dwReserved1=0x0, cFileName="BEvYNIg0.flv.lnk", cAlternateFileName="BEVYNI~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe44aafa0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe44aafa0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe44aafa0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x41a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bmK73ApGWN4iut5fSy.flv.lnk", cAlternateFileName="BMK73A~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4627d60, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4627d60, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4627d60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1995, dwReserved0=0x0, dwReserved1=0x0, cFileName="C 8U8ApsNoX.lnk", cAlternateFileName="C8U8AP~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2f18840, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2f18840, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2f18840, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf51, dwReserved0=0x0, dwReserved1=0x0, cFileName="CBj_-_.lnk", cAlternateFileName="")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe42e1f20, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe42e1f20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe42e1f20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1f9e, dwReserved0=0x0, dwReserved1=0x0, cFileName="cLHsCJaGwG6vjGL.lnk", cAlternateFileName="CLHSCJ~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4674020, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4674020, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe469a180, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa42, dwReserved0=0x0, dwReserved1=0x0, cFileName="CNheGrQAl0z.lnk", cAlternateFileName="CNHEGR~1.LNK")) returned 1 [0140.981] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8e1924d0, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x8e1924d0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CustomDestinations", cAlternateFileName="CUSTOM~1")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3688d00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3688d00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3688d00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="cwHJA1yE5fN.flv.lnk", cAlternateFileName="CWHJA1~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3cee820, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3cee820, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3cee820, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x13da, dwReserved0=0x0, dwReserved1=0x0, cFileName="CyAhUxZ0u2J2NUf.lnk", cAlternateFileName="CYAHUX~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4295c60, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4295c60, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4295c60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="CZwCUzEmtmNh.lnk", cAlternateFileName="CZWCUZ~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe41fd6e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe41fd6e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe41fd6e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1331, dwReserved0=0x0, dwReserved1=0x0, cFileName="DaGVD.lnk", cAlternateFileName="")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1b0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe338f180, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe338f180, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe338f180, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="dlkfd.lnk", cAlternateFileName="")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1bc1580, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe1bc1580, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1bc1580, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1ff0, dwReserved0=0x0, dwReserved1=0x0, cFileName="eLsstNNsEvVxA.lnk", cAlternateFileName="ELSSTN~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe44f7260, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe44f7260, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe44f7260, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1377, dwReserved0=0x0, dwReserved1=0x0, cFileName="esOLLOsE8Cg.lnk", cAlternateFileName="ESOLLO~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe08dc6e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe43c6760, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe43c6760, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xe82, dwReserved0=0x0, dwReserved1=0x0, cFileName="eZAa8LdzP4i7tw-W_U.lnk", cAlternateFileName="EZAA8L~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3dacf00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3dacf00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3dacf00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf05, dwReserved0=0x0, dwReserved1=0x0, cFileName="FfgTdr1eaVS eQs.mkv.lnk", cAlternateFileName="FFGTDR~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1f9f940, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe1f9f940, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1f9f940, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa84, dwReserved0=0x0, dwReserved1=0x0, cFileName="FwQWWx1OR2 gTb6tE.lnk", cAlternateFileName="FWQWWX~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1f2d520, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4674020, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4674020, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="FzNv_DLmFAz.lnk", cAlternateFileName="FZNV_D~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4223840, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4223840, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4223840, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1374, dwReserved0=0x0, dwReserved1=0x0, cFileName="F_JGkxr6yc.lnk", cAlternateFileName="F_JGKX~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3d86da0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3d86da0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3d86da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xeb8, dwReserved0=0x0, dwReserved1=0x0, cFileName="g518f4w-.flv.lnk", cAlternateFileName="G518F4~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe22994c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe22994c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe22994c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x2011, dwReserved0=0x0, dwReserved1=0x0, cFileName="GLGpik5CbMztQ7Qi.lnk", cAlternateFileName="GLGPIK~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0dc5440, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4308080, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4308080, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1337, dwReserved0=0x0, dwReserved1=0x0, cFileName="G_thYPOc-7akcO8.lnk", cAlternateFileName="G_THYP~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1f797e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe1f797e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1f797e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x390, dwReserved0=0x0, dwReserved1=0x0, cFileName="H8Eiq3-yxnk9.ots.lnk", cAlternateFileName="H8EIQ3~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe136c880, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe136c880, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe136c880, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x19ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="HcjK5UBAn9LkA.lnk", cAlternateFileName="HCJK5U~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe41d7580, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe41d7580, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe41fd6e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="HM13Y6G8DOsAcipgZ2d.lnk", cAlternateFileName="HM13Y6~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe211c700, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe211c700, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe211c700, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x40b, dwReserved0=0x0, dwReserved1=0x0, cFileName="hPGCgHVp8qAhlLW.lnk", cAlternateFileName="HPGCGH~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2ea6420, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2ea6420, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2ea6420, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x2633, dwReserved0=0x0, dwReserved1=0x0, cFileName="icpx0TggJcrh30S.lnk", cAlternateFileName="ICPX0T~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3aff640, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3aff640, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3aff640, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x203d, dwReserved0=0x0, dwReserved1=0x0, cFileName="If v7 jC2QExN6bjyff.lnk", cAlternateFileName="IFV7JC~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe36aee60, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe36aee60, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe36aee60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x195b, dwReserved0=0x0, dwReserved1=0x0, cFileName="IhGRZo.lnk", cAlternateFileName="")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2925140, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2925140, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2925140, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa63, dwReserved0=0x0, dwReserved1=0x0, cFileName="IRGFUbZDrY001k.lnk", cAlternateFileName="IRGFUB~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe36168e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe36168e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe36168e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="IuZWYjdszrZaN4GI1.lnk", cAlternateFileName="IUZWYJ~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3cc86c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3cc86c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3cc86c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x19f9, dwReserved0=0x0, dwReserved1=0x0, cFileName="IVEiiNEKbFiWetwReL-r.lnk", cAlternateFileName="IVEIIN~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe32f6c00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe32f6c00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe32f6c00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x2630, dwReserved0=0x0, dwReserved1=0x0, cFileName="jHuL_YLH6suGmW.lnk", cAlternateFileName="JHUL_Y~1.LNK")) returned 1 [0140.982] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3d14980, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3d14980, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3d14980, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x232, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpeHTkf.flv.lnk", cAlternateFileName="JPEHTK~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe42499a0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe42499a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe42499a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x19a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="kEv94GQePX7n.lnk", cAlternateFileName="KEV94G~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe46e6440, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe46e6440, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe46e6440, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="KmAiPt.mkv.lnk", cAlternateFileName="KMAIPT~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe081e000, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4034660, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4034660, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x18eb, dwReserved0=0x0, dwReserved1=0x0, cFileName="KwrrYDZuohOISdt.lnk", cAlternateFileName="KWRRYD~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2520c20, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2520c20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2520c20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x19aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="kx6 uo3mEQ_UuXg.lnk", cAlternateFileName="KX6UO3~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3851d80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3851d80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3877ee0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1978, dwReserved0=0x0, dwReserved1=0x0, cFileName="LelFc_r3.lnk", cAlternateFileName="")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3095600, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4412a20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4412a20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x18a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="LIcVHKu.lnk", cAlternateFileName="")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4a78540, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4a78540, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4a78540, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x9bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="lS65fyrP8XMrnQyKww.lnk", cAlternateFileName="LS65FY~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe13929e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe13929e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe13929e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x22d, dwReserved0=0x0, dwReserved1=0x0, cFileName="LWPism.lnk", cAlternateFileName="")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2a09980, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2a09980, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2a2fae0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="mBCou1Ppf2tg_e1rt.lnk", cAlternateFileName="MBCOU1~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2a2fae0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2a2fae0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2a2fae0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xeb1, dwReserved0=0x0, dwReserved1=0x0, cFileName="mEPVZo.lnk", cAlternateFileName="")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe363ca40, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe363ca40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3662ba0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1f7d, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMjUHDiGq7OE.lnk", cAlternateFileName="MMJUHD~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1d3e340, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3edda00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3edda00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x52a, dwReserved0=0x0, dwReserved1=0x0, cFileName="My Music.lnk", cAlternateFileName="MYMUSI~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0b63e40, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3805ac0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3805ac0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x54f, dwReserved0=0x0, dwReserved1=0x0, cFileName="My Pictures.lnk", cAlternateFileName="MYPICT~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2cdd3a0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe46c02e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe46c02e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x539, dwReserved0=0x0, dwReserved1=0x0, cFileName="My Videos.lnk", cAlternateFileName="MYVIDE~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3d3aae0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3d3aae0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3d3aae0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa63, dwReserved0=0x0, dwReserved1=0x0, cFileName="N3 iiKK5mP8C2F.lnk", cAlternateFileName="N3IIKK~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe30bb760, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe30bb760, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe30bb760, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x25d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="nmnOXj.lnk", cAlternateFileName="")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2e34000, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2e34000, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2e34000, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x226, dwReserved0=0x0, dwReserved1=0x0, cFileName="NnN1r.lnk", cAlternateFileName="")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe136c880, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe464dec0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe464dec0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x133c, dwReserved0=0x0, dwReserved1=0x0, cFileName="NosD2-mwYoe_KW3.lnk", cAlternateFileName="NOSD2-~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4354340, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4354340, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4354340, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xed2, dwReserved0=0x0, dwReserved1=0x0, cFileName="nz S7KVsk.lnk", cAlternateFileName="NZS7KV~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe37df960, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe37df960, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe37df960, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xfd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="NZuv2Qads 2CLaHFUH.lnk", cAlternateFileName="NZUV2Q~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe02c2e80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe02c2e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe02c2e80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x41a, dwReserved0=0x0, dwReserved1=0x0, cFileName="ODSPCiJy6FPPAz71hM.lnk", cAlternateFileName="ODSPCI~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d29660, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2d29660, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2d29660, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa58, dwReserved0=0x0, dwReserved1=0x0, cFileName="oeX7FVsDs_QXQ.lnk", cAlternateFileName="OEX7FV~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe382bc20, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe382bc20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe382bc20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x13a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="OkUCx.ots.lnk", cAlternateFileName="OKUCXO~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3910460, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3910460, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3910460, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf10, dwReserved0=0x0, dwReserved1=0x0, cFileName="oNHryRMM0bAcl8 0.flv.lnk", cAlternateFileName="ONHRYR~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0ce0c00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe0ce0c00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0d06d60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa79, dwReserved0=0x0, dwReserved1=0x0, cFileName="oVS-uFdkCnpg7C9Q.lnk", cAlternateFileName="OVS-UF~1.LNK")) returned 1 [0140.983] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe445ece0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe445ece0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe445ece0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1424, dwReserved0=0x0, dwReserved1=0x0, cFileName="P3LpCoP8sODQy.lnk", cAlternateFileName="P3LPCO~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1b9b420, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2ecc580, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2ecc580, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xe84, dwReserved0=0x0, dwReserved1=0x0, cFileName="pApDKzHUyE.lnk", cAlternateFileName="PAPDKZ~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4308080, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4308080, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4308080, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x195b, dwReserved0=0x0, dwReserved1=0x0, cFileName="PF7RnC.lnk", cAlternateFileName="")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1d8a600, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe1d8a600, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1d8a600, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x23e, dwReserved0=0x0, dwReserved1=0x0, cFileName="PFNUYD06e.lnk", cAlternateFileName="PFNUYD~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe451d3c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe451d3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe451d3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xee8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pk78- 0HqIk.lnk", cAlternateFileName="PK78-0~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe21b4c80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe21b4c80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2200f40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x265f, dwReserved0=0x0, dwReserved1=0x0, cFileName="plkB4TD2QZSfN1cFlc0.lnk", cAlternateFileName="PLKB4T~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2273360, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2273360, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2273360, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa4d, dwReserved0=0x0, dwReserved1=0x0, cFileName="PQC qu7jynQj.lnk", cAlternateFileName="PQCQU7~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe38ea300, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe38ea300, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe38ea300, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pr3tvmM8VB9VEp IpuI.lnk", cAlternateFileName="PR3TVM~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2a2fae0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe437a4a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe437a4a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x991, dwReserved0=0x0, dwReserved1=0x0, cFileName="q7uHgHX5.lnk", cAlternateFileName="")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3369020, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3369020, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3369020, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x140c, dwReserved0=0x0, dwReserved1=0x0, cFileName="QlKeywISbwT_7p T.mkv.lnk", cAlternateFileName="QLKEYW~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1dd68c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe1dd68c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1dd68c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa42, dwReserved0=0x0, dwReserved1=0x0, cFileName="qP7z mewstU.lnk", cAlternateFileName="QP7ZME~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe14e9640, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3a1ae00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3a40f60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1333, dwReserved0=0x0, dwReserved1=0x0, cFileName="r7rMtS6.lnk", cAlternateFileName="")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe350bf40, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3f29cc0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3f29cc0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x96b, dwReserved0=0x0, dwReserved1=0x0, cFileName="r8d4hNszM.lnk", cAlternateFileName="R8D4HN~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3df91c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3df91c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3df91c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rd9uI.lnk", cAlternateFileName="")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe24d4960, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe445ece0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe445ece0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xe37, dwReserved0=0x0, dwReserved1=0x0, cFileName="rE2C8WmYD.lnk", cAlternateFileName="RE2C8W~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3427700, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3427700, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3427700, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3f2, dwReserved0=0x0, dwReserved1=0x0, cFileName="REINuLLmhp.lnk", cAlternateFileName="REINUL~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe20d0440, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2ecc580, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2ecc580, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x202, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rf3i_Q4-ueWKmRVO6.lnk", cAlternateFileName="RF3I_Q~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe39365c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe39365c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe39365c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xeaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="RhM0SUlFme.lnk", cAlternateFileName="RHM0SU~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0b89fa0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3dacf00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3dacf00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x997, dwReserved0=0x0, dwReserved1=0x0, cFileName="rmSNLUbTcd5Ti.lnk", cAlternateFileName="RMSNLU~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe048bf00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe46e6440, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe46e6440, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x303, dwReserved0=0x0, dwReserved1=0x0, cFileName="Roaming.lnk", cAlternateFileName="")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe161a140, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe161a140, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe161a140, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xe93, dwReserved0=0x0, dwReserved1=0x0, cFileName="RqAQO.mkv.lnk", cAlternateFileName="RQAQOM~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3fe83a0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3fe83a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3fe83a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x13c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="RRrMZFNcPf9FA.lnk", cAlternateFileName="RRRMZF~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3095600, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3095600, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3095600, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1fb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="RTEhwpoz7DC1cQI8j.lnk", cAlternateFileName="RTEHWP~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2aee1c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2aee1c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2aee1c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x401, dwReserved0=0x0, dwReserved1=0x0, cFileName="snAEk-WZcVK4W.lnk", cAlternateFileName="SNAEK-~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1215c20, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe45b5940, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe45b5940, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x973, dwReserved0=0x0, dwReserved1=0x0, cFileName="SNa_Kj_.lnk", cAlternateFileName="")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe28d8e80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe28d8e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe28d8e80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x191a, dwReserved0=0x0, dwReserved1=0x0, cFileName="T02XdS0VdAldzPJ.lnk", cAlternateFileName="T02XDS~1.LNK")) returned 1 [0140.984] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2bac8a0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2bac8a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2bac8a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf93, dwReserved0=0x0, dwReserved1=0x0, cFileName="ueeHKPXYbc0Mi.lnk", cAlternateFileName="UEEHKP~1.LNK")) returned 1 [0140.985] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe45b5940, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe45b5940, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe45b5940, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xee6, dwReserved0=0x0, dwReserved1=0x0, cFileName="vfJbgc7tLtAOeJn.lnk", cAlternateFileName="VFJBGC~1.LNK")) returned 1 [0140.985] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe24d4960, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe24d4960, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe24d4960, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x13d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="VH3znN.lnk", cAlternateFileName="")) returned 1 [0140.985] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4543520, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4543520, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4569680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="vJidzl.lnk", cAlternateFileName="")) returned 1 [0140.985] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe363ca40, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4543520, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4543520, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x991, dwReserved0=0x0, dwReserved1=0x0, cFileName="vn4CibFz.lnk", cAlternateFileName="")) returned 1 [0140.985] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe36d4fc0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe36d4fc0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe36fb120, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x25d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="vOTqYx.lnk", cAlternateFileName="")) returned 1 [0140.985] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe31ec260, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe400e500, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe400e500, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xdf7, dwReserved0=0x0, dwReserved1=0x0, cFileName="VZDot6k.lnk", cAlternateFileName="")) returned 1 [0140.985] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4674020, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4674020, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4674020, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x2e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WffK55LsjI-.ots.lnk", cAlternateFileName="WFFK55~1.LNK")) returned 1 [0140.985] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe22270a0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe22270a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe22270a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa42, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wfqsgh z BG.lnk", cAlternateFileName="WFQSGH~1.LNK")) returned 1 [0140.985] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4a9e6a0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4a9e6a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4a9e6a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="wOX68Cxezv6Oloa.lnk", cAlternateFileName="WOX68C~1.LNK")) returned 1 [0140.985] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2aa1f00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2aa1f00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2aa1f00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x311, dwReserved0=0x0, dwReserved1=0x0, cFileName="wQBLRGmmPpS.lnk", cAlternateFileName="WQBLRG~1.LNK")) returned 1 [0140.985] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2735f60, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe43ec8c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe43ec8c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x979, dwReserved0=0x0, dwReserved1=0x0, cFileName="X cLPSc5bC0q.lnk", cAlternateFileName="XCLPSC~1.LNK")) returned 1 [0140.985] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1f2d520, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe1f2d520, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1f2d520, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x2f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="X0WBB2qkG0k1puf.mkv.lnk", cAlternateFileName="X0WBB2~1.LNK")) returned 1 [0140.985] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe395c720, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe395c720, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3a1ae00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1973, dwReserved0=0x0, dwReserved1=0x0, cFileName="x3Tqy 4iwG.lnk", cAlternateFileName="X3TQY4~1.LNK")) returned 1 [0140.985] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2a55c40, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2a55c40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2a55c40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x2ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="xe1i.lnk", cAlternateFileName="")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe41b1420, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe41b1420, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe41b1420, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="XGa8DIo5V.lnk", cAlternateFileName="XGA8DI~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe43a0600, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe43a0600, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe43a0600, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x41a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xl2kGcwhye6UXJEFYf.lnk", cAlternateFileName="XL2KGC~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe23a3e60, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe464dec0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe464dec0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x9bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="XOJvpFkLvx0P7joh8C.lnk", cAlternateFileName="XOJVPF~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4569680, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4569680, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4569680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x266, dwReserved0=0x0, dwReserved1=0x0, cFileName="XT0rtZ_l-eS-ZJIBw.flv.lnk", cAlternateFileName="XT0RTZ~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe07f7ea0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe07f7ea0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe07f7ea0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1fda, dwReserved0=0x0, dwReserved1=0x0, cFileName="XZs4zFMR9uZ.lnk", cAlternateFileName="XZS4ZF~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe32d0aa0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe32d0aa0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe32d0aa0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x9d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Y138cXvDjo.mkv.lnk", cAlternateFileName="Y138CX~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2782220, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2782220, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2782220, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa21, dwReserved0=0x0, dwReserved1=0x0, cFileName="y6tP2hHT.lnk", cAlternateFileName="")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4601c00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4601c00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4601c00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x261, dwReserved0=0x0, dwReserved1=0x0, cFileName="yhHe_4FFUOdFU932.lnk", cAlternateFileName="YHHE_4~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4354340, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4354340, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4354340, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="yhJPwSlO2BlhGko_W58.lnk", cAlternateFileName="YHJPWS~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3688d00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3688d00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3688d00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="YO_gGIZglHHyF 7e.mkv.lnk", cAlternateFileName="YO_GGI~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe432e1e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe432e1e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe432e1e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZP3EtF2zN8ybT3QrgX8N.lnk", cAlternateFileName="ZP3ETF~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3eb78a0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3eb78a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3eb78a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x406, dwReserved0=0x0, dwReserved1=0x0, cFileName="zUbQnUQ_Do w-B.lnk", cAlternateFileName="ZUBQNU~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe418b2c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4601c00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4601c00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xdd6, dwReserved0=0x0, dwReserved1=0x0, cFileName="zxXR.lnk", cAlternateFileName="")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe14e9640, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe14e9640, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe14e9640, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1968, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zy3m6BoJYB p.ots.lnk", cAlternateFileName="ZY3M6B~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3805ac0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3805ac0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3805ac0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa1b, dwReserved0=0x0, dwReserved1=0x0, cFileName="zZGqA7r9Vz.lnk", cAlternateFileName="ZZGQA7~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0dc5440, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe0dc5440, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0dc5440, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1966, dwReserved0=0x0, dwReserved1=0x0, cFileName="_A5x CK.lnk", cAlternateFileName="_A5XCK~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0a7f600, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe38c41a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe38c41a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xe1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="_aS6CtfrDr8.lnk", cAlternateFileName="_AS6CT~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe469a180, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe469a180, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe469a180, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xfbf, dwReserved0=0x0, dwReserved1=0x0, cFileName="_pE9j8 9q1yztDImt.lnk", cAlternateFileName="_PE9J8~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe389e040, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe389e040, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe389e040, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x19c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="_wc27dzsWvOBAVe.lnk", cAlternateFileName="_WC27D~1.LNK")) returned 1 [0140.986] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.986] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0140.987] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.987] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\-S72hWfUsGFs.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\-s72hwfusgfs.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2200f40, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe36fb120, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe36fb120, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1eaa)) returned 1 [0140.988] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0OwJbeK2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0owjbek2.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4412a20, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4412a20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4412a20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1f51)) returned 1 [0140.988] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0S06kHtuWg41.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0s06khtuwg41.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3d60c40, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3d60c40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3d60c40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3fc)) returned 1 [0140.988] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0140.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\0S4Zi2d7.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\0s4zi2d7.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe17bd060, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe17bd060, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe17bd060, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf3f)) returned 1 [0140.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\12b49.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\12b49.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe28d8e80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe28d8e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe28fefe0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x12ca)) returned 1 [0140.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1EyRx-bxddwZPbzqj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1eyrx-bxddwzpbzqj.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe17e31c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe469a180, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe46c02e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x9f0)) returned 1 [0140.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1V44lGoDEt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1v44lgodet.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2b3a480, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2b3a480, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2b3a480, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1973)) returned 1 [0140.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1WwC7yDS7iD6Z0TXpq.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1wwc7yds7id6z0txpq.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0bfc3c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3e1f320, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3e1f320, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x207)) returned 1 [0140.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2SDE9RzJoWYu4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2sde9rzjowyu4.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe400e500, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe400e500, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4034660, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1ff0)) returned 1 [0140.989] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0140.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2h7BX4wZQWnTK69Gg7f-.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2h7bx4wzqwntk69gg7f-.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3238520, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3238520, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3238520, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x424)) returned 1 [0140.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2u4kZIIXg6dDX L4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2u4kziixg6ddx l4.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe458f7e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe458f7e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe458f7e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x410)) returned 1 [0140.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\3U_CJfI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\3u_cjfi.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe41d7580, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe41d7580, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe41d7580, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x2ca)) returned 1 [0140.990] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4R9tZtrZGT_1B.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4r9tztrzgt_1b.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe33db440, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe33db440, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe33db440, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x261d)) returned 1 [0140.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4bT5vX6999HZ.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4bt5vx6999hz.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe28fefe0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe28fefe0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2925140, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xee4)) returned 1 [0140.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4dkRC_taB152.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4dkrc_tab152.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4484e40, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4484e40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4484e40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x9ee)) returned 1 [0140.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4rI99TmpDHL6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4ri99tmpdhl6.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2e0dea0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2e0dea0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2e0dea0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf8c)) returned 1 [0140.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\6m-whhzR4vM.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\6m-whhzr4vm.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe32847e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe32847e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe32847e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xed9)) returned 1 [0140.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7apLvZczBPp2aSR6j.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7aplvzczbpp2asr6j.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe32123c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe32123c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe32123c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf1b)) returned 1 [0140.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7znj_LIq7Lm-2.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7znj_liq7lm-2.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe31c6100, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe31c6100, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe31c6100, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x13c4)) returned 1 [0140.991] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\88w R.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\88w r.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe325e680, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe325e680, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe325e680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xe74)) returned 1 [0140.991] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0140.992] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\98_inOjtBT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\98_inojtbt.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3851d80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3851d80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3851d80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x30c)) returned 1 [0140.992] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4bce65c0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x4bce65c0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0140.993] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.993] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\*", lpFindFileData=0xc00005b380 | out: lpFindFileData=0xc00005b380*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4bce65c0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x4bce65c0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.993] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x4bce65c0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x4bce65c0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.993] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe470b600, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1b800, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.automaticDestinations-ms", cAlternateFileName="1B4DD6~1.AUT")) returned 1 [0140.993] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc606a140, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc606a140, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80e1f4a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="7e4dca80246863e3.automaticDestinations-ms", cAlternateFileName="7E4DCA~1.AUT")) returned 1 [0140.993] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bce65c0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x4bce65c0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x4bce4e50, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0xe00, dwReserved0=0x0, dwReserved1=0x0, cFileName="eb282ead62b4db87.automaticDestinations-ms", cAlternateFileName="EB282E~1.AUT")) returned 1 [0140.993] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.993] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe470b600, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1b800)) returned 1 [0140.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc606a140, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc606a140, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80e1f4a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1e00)) returned 1 [0140.994] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4bce65c0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x4bce65c0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x4bce4e50, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0xe00)) returned 1 [0141.004] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0141.122] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BEvYNIg0.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bevynig0.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3f4fe20, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3f4fe20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3f4fe20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3e8)) returned 1 [0141.122] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Bba6tvsVHX1ZrSnNfIY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bba6tvsvhx1zrsnnfiy.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3805ac0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3805ac0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3805ac0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x9f7)) returned 1 [0141.122] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0141.123] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\C 8U8ApsNoX.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\c 8u8apsnox.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4627d60, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4627d60, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4627d60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1995)) returned 1 [0141.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CBj_-_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cbj_-_.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2f18840, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2f18840, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2f18840, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf51)) returned 1 [0141.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNheGrQAl0z.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cnhegrqal0z.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4674020, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4674020, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe469a180, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa42)) returned 1 [0141.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CZwCUzEmtmNh.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\czwcuzemtmnh.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4295c60, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4295c60, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4295c60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3fc)) returned 1 [0141.124] VirtualAlloc (lpAddress=0xc000380000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000380000 [0141.125] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8e1924d0, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x8e1924d0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0141.125] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0141.125] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\*", lpFindFileData=0xc00005b380 | out: lpFindFileData=0xc00005b380*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8e1924d0, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x8e1924d0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0141.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8e1924d0, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x8e1924d0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0141.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc975e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dc975e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="1b4dd67f29cb1962.customDestinations-ms", cAlternateFileName="1B4DD6~1.CUS")) returned 1 [0141.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe22bfd60, ftCreationTime.dwHighDateTime=0x1d2fab5, ftLastAccessTime.dwLowDateTime=0x8e16c370, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x8e1924d0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x1f68, dwReserved0=0x0, dwReserved1=0x0, cFileName="590aee7bdd69b59b.customDestinations-ms", cAlternateFileName="590AEE~1.CUS")) returned 1 [0141.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2da822a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2daa8400, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x43a3, dwReserved0=0x0, dwReserved1=0x0, cFileName="5afe4de1b92fc382.customDestinations-ms", cAlternateFileName="5AFE4D~1.CUS")) returned 1 [0141.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x17d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="5d696d521de238c3.customDestinations-ms", cAlternateFileName="5D696D~1.CUS")) returned 1 [0141.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc975e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dc975e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="7e4dca80246863e3.customDestinations-ms", cAlternateFileName="7E4DCA~1.CUS")) returned 1 [0141.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cb126c0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5ddd1400, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5ddd1400, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x23ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="be71009ff8bb02a2.customDestinations-ms", cAlternateFileName="BE7100~1.CUS")) returned 1 [0141.126] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a388960, ftCreationTime.dwHighDateTime=0x1d42023, ftLastAccessTime.dwLowDateTime=0xce5f0760, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xce5f0760, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x1f68, dwReserved0=0x0, dwReserved1=0x0, cFileName="d93f411851d7c929.customDestinations-ms", cAlternateFileName="D93F41~1.CUS")) returned 1 [0141.126] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0141.126] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0141.126] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc975e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dc975e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x18)) returned 1 [0141.127] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe22bfd60, ftCreationTime.dwHighDateTime=0x1d2fab5, ftLastAccessTime.dwLowDateTime=0x8e16c370, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x8e1924d0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x1f68)) returned 1 [0141.127] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2da822a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2daa8400, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x43a3)) returned 1 [0141.128] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5d696d521de238c3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5d696d521de238c3.customdestinations-ms"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85096390, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x96ec4eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x96ec4eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x17d4)) returned 1 [0141.128] VirtualAlloc (lpAddress=0xc000388000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000388000 [0141.129] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7e4dca80246863e3.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\7e4dca80246863e3.customdestinations-ms"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc975e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dc975e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x18)) returned 1 [0141.130] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cb126c0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5ddd1400, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5ddd1400, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x23ff)) returned 1 [0141.132] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0141.133] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1a388960, ftCreationTime.dwHighDateTime=0x1d42023, ftLastAccessTime.dwLowDateTime=0xce5f0760, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xce5f0760, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x1f68)) returned 1 [0141.135] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0141.136] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CyAhUxZ0u2J2NUf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cyahuxz0u2j2nuf.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3cee820, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3cee820, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3cee820, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x13da)) returned 1 [0141.136] VirtualAlloc (lpAddress=0xc000390000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000390000 [0141.137] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DaGVD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dagvd.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe41fd6e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe41fd6e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe41fd6e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1331)) returned 1 [0141.137] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F_JGkxr6yc.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f_jgkxr6yc.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4223840, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4223840, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4223840, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1374)) returned 1 [0141.137] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FfgTdr1eaVS eQs.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ffgtdr1eavs eqs.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3dacf00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3dacf00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3dacf00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf05)) returned 1 [0141.138] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FwQWWx1OR2 gTb6tE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fwqwwx1or2 gtb6te.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1f9f940, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe1f9f940, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1f9f940, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa84)) returned 1 [0141.138] VirtualAlloc (lpAddress=0xc000398000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000398000 [0141.139] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FzNv_DLmFAz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fznv_dlmfaz.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1f2d520, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4674020, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4674020, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1e4)) returned 1 [0141.139] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GLGpik5CbMztQ7Qi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\glgpik5cbmztq7qi.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe22994c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe22994c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe22994c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x2011)) returned 1 [0141.139] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\G_thYPOc-7akcO8.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\g_thypoc-7akco8.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0dc5440, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4308080, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4308080, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1337)) returned 1 [0141.139] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H8Eiq3-yxnk9.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h8eiq3-yxnk9.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1f797e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe1f797e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1f797e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x390)) returned 1 [0141.139] VirtualAlloc (lpAddress=0xc0003a0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a0000 [0141.140] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HM13Y6G8DOsAcipgZ2d.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hm13y6g8dosacipgz2d.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe41d7580, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe41d7580, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe41fd6e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa9a)) returned 1 [0141.140] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HcjK5UBAn9LkA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hcjk5uban9lka.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe136c880, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe136c880, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe136c880, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x19ab)) returned 1 [0141.140] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IRGFUbZDrY001k.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\irgfubzdry001k.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2925140, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2925140, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2925140, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa63)) returned 1 [0141.141] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IVEiiNEKbFiWetwReL-r.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iveiinekbfiwetwrel-r.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3cc86c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3cc86c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3cc86c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x19f9)) returned 1 [0141.141] VirtualAlloc (lpAddress=0xc0003a8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a8000 [0141.142] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\If v7 jC2QExN6bjyff.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\if v7 jc2qexn6bjyff.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3aff640, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3aff640, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3aff640, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x203d)) returned 1 [0141.142] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IhGRZo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ihgrzo.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe36aee60, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe36aee60, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe36aee60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x195b)) returned 1 [0141.142] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IuZWYjdszrZaN4GI1.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iuzwyjdszrzan4gi1.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe36168e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe36168e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe36168e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf2a)) returned 1 [0141.142] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KmAiPt.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kmaipt.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe46e6440, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe46e6440, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe46e6440, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3dc)) returned 1 [0141.142] VirtualAlloc (lpAddress=0xc0003b0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003b0000 [0141.143] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KwrrYDZuohOISdt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kwrrydzuohoisdt.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe081e000, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4034660, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4034660, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x18eb)) returned 1 [0141.144] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LIcVHKu.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\licvhku.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3095600, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4412a20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4412a20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x18a3)) returned 1 [0141.144] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0141.144] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LWPism.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lwpism.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe13929e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe13929e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe13929e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x22d)) returned 1 [0141.144] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LelFc_r3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lelfc_r3.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3851d80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3851d80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3877ee0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1978)) returned 1 [0141.145] VirtualAlloc (lpAddress=0xc0003b8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003b8000 [0141.145] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0141.146] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MMjUHDiGq7OE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mmjuhdigq7oe.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe363ca40, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe363ca40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3662ba0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1f7d)) returned 1 [0141.146] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0141.147] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1d3e340, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3edda00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3edda00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x52a)) returned 1 [0141.147] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0b63e40, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3805ac0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3805ac0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x54f)) returned 1 [0141.147] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0141.148] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2cdd3a0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe46c02e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe46c02e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x539)) returned 1 [0141.148] VirtualAlloc (lpAddress=0xc0003c0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c0000 [0141.149] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N3 iiKK5mP8C2F.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\n3 iikk5mp8c2f.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3d3aae0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3d3aae0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3d3aae0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa63)) returned 1 [0141.149] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NZuv2Qads 2CLaHFUH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nzuv2qads 2clahfuh.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe37df960, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe37df960, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe37df960, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xfd7)) returned 1 [0141.149] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NnN1r.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nnn1r.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2e34000, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2e34000, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2e34000, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x226)) returned 1 [0141.149] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NosD2-mwYoe_KW3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nosd2-mwyoe_kw3.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe136c880, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe464dec0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe464dec0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x133c)) returned 1 [0141.149] VirtualAlloc (lpAddress=0xc0003d8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d8000 [0141.150] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ODSPCiJy6FPPAz71hM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\odspcijy6fppaz71hm.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe02c2e80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe02c2e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe02c2e80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x41a)) returned 1 [0141.150] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OkUCx.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\okucx.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe382bc20, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe382bc20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe382bc20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x13a7)) returned 1 [0141.151] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P3LpCoP8sODQy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\p3lpcop8sodqy.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe445ece0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe445ece0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe445ece0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1424)) returned 1 [0141.151] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PF7RnC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pf7rnc.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4308080, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4308080, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4308080, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x195b)) returned 1 [0141.151] VirtualAlloc (lpAddress=0xc0003e0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e0000 [0141.152] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PFNUYD06e.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pfnuyd06e.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1d8a600, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe1d8a600, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1d8a600, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x23e)) returned 1 [0141.152] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PQC qu7jynQj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pqc qu7jynqj.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2273360, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2273360, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2273360, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa4d)) returned 1 [0141.152] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pk78- 0HqIk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pk78- 0hqik.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe451d3c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe451d3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe451d3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xee8)) returned 1 [0141.153] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0141.153] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pr3tvmM8VB9VEp IpuI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pr3tvmm8vb9vep ipui.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe38ea300, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe38ea300, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe38ea300, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa9a)) returned 1 [0141.153] VirtualAlloc (lpAddress=0xc0003e8000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003e8000 [0141.154] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0141.154] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QlKeywISbwT_7p T.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qlkeywisbwt_7p t.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3369020, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3369020, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3369020, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x140c)) returned 1 [0141.155] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\REINuLLmhp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\reinullmhp.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3427700, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3427700, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3427700, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3f2)) returned 1 [0141.155] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RRrMZFNcPf9FA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rrrmzfncpf9fa.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3fe83a0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3fe83a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3fe83a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x13c4)) returned 1 [0141.155] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0141.156] VirtualAlloc (lpAddress=0xc0003c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c8000 [0141.156] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RTEhwpoz7DC1cQI8j.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rtehwpoz7dc1cqi8j.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3095600, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3095600, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3095600, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1fb4)) returned 1 [0141.156] VirtualAlloc (lpAddress=0xc0003f0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f0000 [0141.157] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Rd9uI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rd9ui.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3df91c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3df91c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3df91c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3d5)) returned 1 [0141.157] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Rf3i_Q4-ueWKmRVO6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rf3i_q4-uewkmrvo6.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe20d0440, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2ecc580, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2ecc580, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x202)) returned 1 [0141.157] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RhM0SUlFme.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rhm0sulfme.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe39365c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe39365c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe39365c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xeaf)) returned 1 [0141.158] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe048bf00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe46e6440, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe46e6440, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x303)) returned 1 [0141.158] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0141.158] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RqAQO.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rqaqo.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe161a140, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe161a140, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe161a140, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xe93)) returned 1 [0141.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SNa_Kj_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\sna_kj_.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1215c20, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe45b5940, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe45b5940, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x973)) returned 1 [0141.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T02XdS0VdAldzPJ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t02xds0vdaldzpj.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe28d8e80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe28d8e80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe28d8e80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x191a)) returned 1 [0141.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VH3znN.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vh3znn.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe24d4960, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe24d4960, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe24d4960, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x13d7)) returned 1 [0141.159] VirtualAlloc (lpAddress=0xc000408000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000408000 [0141.160] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VZDot6k.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vzdot6k.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe31ec260, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe400e500, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe400e500, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xdf7)) returned 1 [0141.160] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WffK55LsjI-.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wffk55lsji-.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4674020, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4674020, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4674020, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x2e0)) returned 1 [0141.160] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wfqsgh z BG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wfqsgh z bg.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe22270a0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe22270a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe22270a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa42)) returned 1 [0141.161] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\X cLPSc5bC0q.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x clpsc5bc0q.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2735f60, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe43ec8c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe43ec8c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x979)) returned 1 [0141.161] VirtualAlloc (lpAddress=0xc000410000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000410000 [0141.161] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\X0WBB2qkG0k1puf.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x0wbb2qkg0k1puf.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1f2d520, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe1f2d520, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1f2d520, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x2f4)) returned 1 [0141.162] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XGa8DIo5V.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xga8dio5v.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe41b1420, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe41b1420, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe41b1420, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3ed)) returned 1 [0141.162] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XOJvpFkLvx0P7joh8C.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xojvpfklvx0p7joh8c.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe23a3e60, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe464dec0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe464dec0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x9bb)) returned 1 [0141.162] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XT0rtZ_l-eS-ZJIBw.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xt0rtz_l-es-zjibw.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4569680, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4569680, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4569680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x266)) returned 1 [0141.162] VirtualAlloc (lpAddress=0xc000418000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000418000 [0141.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XZs4zFMR9uZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xzs4zfmr9uz.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe07f7ea0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe07f7ea0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe07f7ea0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1fda)) returned 1 [0141.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xl2kGcwhye6UXJEFYf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xl2kgcwhye6uxjefyf.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe43a0600, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe43a0600, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe43a0600, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x41a)) returned 1 [0141.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Y138cXvDjo.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\y138cxvdjo.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe32d0aa0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe32d0aa0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe32d0aa0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x9d8)) returned 1 [0141.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YO_gGIZglHHyF 7e.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yo_ggizglhhyf 7e.mkv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3688d00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3688d00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3688d00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf1b)) returned 1 [0141.164] VirtualAlloc (lpAddress=0xc0003cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003cc000 [0141.164] VirtualAlloc (lpAddress=0xc000420000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000420000 [0141.165] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZP3EtF2zN8ybT3QrgX8N.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zp3etf2zn8ybt3qrgx8n.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe432e1e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe432e1e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe432e1e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf1d)) returned 1 [0141.165] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Zy3m6BoJYB p.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zy3m6bojyb p.ots.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe14e9640, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe14e9640, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe14e9640, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1968)) returned 1 [0141.165] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_A5x CK.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_a5x ck.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0dc5440, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe0dc5440, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0dc5440, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1966)) returned 1 [0141.165] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_aS6CtfrDr8.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_as6ctfrdr8.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0a7f600, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe38c41a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe38c41a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xe1f)) returned 1 [0141.166] VirtualAlloc (lpAddress=0xc000428000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000428000 [0141.166] VirtualAlloc (lpAddress=0xc0003ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ce000 [0141.167] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_pE9j8 9q1yztDImt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_pe9j8 9q1yztdimt.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe469a180, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe469a180, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe469a180, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xfbf)) returned 1 [0141.167] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_wc27dzsWvOBAVe.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_wc27dzswvobave.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe389e040, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe389e040, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe389e040, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x19c1)) returned 1 [0141.167] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\a2lzUytuvD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\a2lzuytuvd.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4165160, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4165160, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4165160, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1374)) returned 1 [0141.167] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aeEUqq nGOo.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aeeuqq ngoo.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe41b1420, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe41b1420, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe41b1420, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x248)) returned 1 [0141.168] VirtualAlloc (lpAddress=0xc000430000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000430000 [0141.168] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ayjS6X.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ayjs6x.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4601c00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4601c00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4601c00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1344)) returned 1 [0141.168] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bmK73ApGWN4iut5fSy.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bmk73apgwn4iut5fsy.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe44aafa0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe44aafa0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe44aafa0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x41a)) returned 1 [0141.169] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cLHsCJaGwG6vjGL.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\clhscjagwg6vjgl.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe42e1f20, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe42e1f20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe42e1f20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1f9e)) returned 1 [0141.169] VirtualAlloc (lpAddress=0xc0003d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d4000 [0141.169] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cwHJA1yE5fN.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cwhja1ye5fn.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3688d00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3688d00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3688d00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x248)) returned 1 [0141.169] VirtualAlloc (lpAddress=0xc000438000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000438000 [0141.170] VirtualAlloc (lpAddress=0xc0003f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f8000 [0141.171] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1b0)) returned 1 [0141.171] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dlkfd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dlkfd.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe338f180, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe338f180, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe338f180, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa00)) returned 1 [0141.171] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eLsstNNsEvVxA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\elsstnnsevvxa.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1bc1580, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe1bc1580, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1bc1580, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1ff0)) returned 1 [0141.171] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eZAa8LdzP4i7tw-W_U.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ezaa8ldzp4i7tw-w_u.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe08dc6e0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe43c6760, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe43c6760, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xe82)) returned 1 [0141.171] VirtualAlloc (lpAddress=0xc000440000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000440000 [0141.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\esOLLOsE8Cg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\esollose8cg.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe44f7260, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe44f7260, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe44f7260, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1377)) returned 1 [0141.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\g518f4w-.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\g518f4w-.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3d86da0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3d86da0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3d86da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xeb8)) returned 1 [0141.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hPGCgHVp8qAhlLW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hpgcghvp8qahllw.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe211c700, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe211c700, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe211c700, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x40b)) returned 1 [0141.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\icpx0TggJcrh30S.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\icpx0tggjcrh30s.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2ea6420, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2ea6420, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2ea6420, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x2633)) returned 1 [0141.173] VirtualAlloc (lpAddress=0xc000448000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000448000 [0141.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jHuL_YLH6suGmW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jhul_ylh6sugmw.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe32f6c00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe32f6c00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe32f6c00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x2630)) returned 1 [0141.173] VirtualAlloc (lpAddress=0xc0003fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fa000 [0141.174] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jpeHTkf.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jpehtkf.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3d14980, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3d14980, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3d14980, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x232)) returned 1 [0141.174] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kEv94GQePX7n.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kev94gqepx7n.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe42499a0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe42499a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe42499a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x19a1)) returned 1 [0141.174] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kx6 uo3mEQ_UuXg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kx6 uo3meq_uuxg.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2520c20, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2520c20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2520c20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x19aa)) returned 1 [0141.174] VirtualAlloc (lpAddress=0xc000450000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000450000 [0141.175] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0141.176] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lS65fyrP8XMrnQyKww.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ls65fyrp8xmrnqykww.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4a78540, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4a78540, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4a78540, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x9bb)) returned 1 [0141.176] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mBCou1Ppf2tg_e1rt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mbcou1ppf2tg_e1rt.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2a09980, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2a09980, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2a2fae0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf2a)) returned 1 [0141.176] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mEPVZo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mepvzo.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2a2fae0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2a2fae0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2a2fae0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xeb1)) returned 1 [0141.176] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nmnOXj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nmnoxj.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe30bb760, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe30bb760, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe30bb760, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x25d4)) returned 1 [0141.177] VirtualAlloc (lpAddress=0xc000458000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000458000 [0141.177] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nz S7KVsk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nz s7kvsk.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4354340, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4354340, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4354340, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xed2)) returned 1 [0141.178] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oNHryRMM0bAcl8 0.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\onhryrmm0bacl8 0.flv.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3910460, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3910460, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3910460, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf10)) returned 1 [0141.178] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oVS-uFdkCnpg7C9Q.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ovs-ufdkcnpg7c9q.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0ce0c00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe0ce0c00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe0d06d60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa79)) returned 1 [0141.178] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oeX7FVsDs_QXQ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oex7fvsds_qxq.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d29660, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2d29660, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2d29660, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa58)) returned 1 [0141.178] VirtualAlloc (lpAddress=0xc000460000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000460000 [0141.179] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pApDKzHUyE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\papdkzhuye.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1b9b420, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2ecc580, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2ecc580, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xe84)) returned 1 [0141.179] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\plkB4TD2QZSfN1cFlc0.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\plkb4td2qzsfn1cflc0.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe21b4c80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe21b4c80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2200f40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x265f)) returned 1 [0141.179] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q7uHgHX5.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\q7uhghx5.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2a2fae0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe437a4a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe437a4a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x991)) returned 1 [0141.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qP7z mewstU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qp7z mewstu.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe1dd68c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe1dd68c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1dd68c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa42)) returned 1 [0141.180] VirtualAlloc (lpAddress=0xc000468000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000468000 [0141.181] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r7rMtS6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\r7rmts6.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe14e9640, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3a1ae00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3a40f60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1333)) returned 1 [0141.181] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r8d4hNszM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\r8d4hnszm.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe350bf40, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3f29cc0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3f29cc0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x96b)) returned 1 [0141.181] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rE2C8WmYD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\re2c8wmyd.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe24d4960, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe445ece0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe445ece0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xe37)) returned 1 [0141.181] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rmSNLUbTcd5Ti.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rmsnlubtcd5ti.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe0b89fa0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3dacf00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3dacf00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x997)) returned 1 [0141.181] VirtualAlloc (lpAddress=0xc000470000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000470000 [0141.182] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snAEk-WZcVK4W.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\snaek-wzcvk4w.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2aee1c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2aee1c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2aee1c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x401)) returned 1 [0141.182] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ueeHKPXYbc0Mi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ueehkpxybc0mi.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2bac8a0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2bac8a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2bac8a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xf93)) returned 1 [0141.183] VirtualAlloc (lpAddress=0xc000478000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000478000 [0141.183] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vJidzl.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vjidzl.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4543520, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4543520, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4569680, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3dc)) returned 1 [0141.183] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vOTqYx.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\votqyx.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe36d4fc0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe36d4fc0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe36fb120, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x25d4)) returned 1 [0141.183] VirtualAlloc (lpAddress=0xc000480000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000480000 [0141.184] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vfJbgc7tLtAOeJn.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vfjbgc7tltaoejn.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe45b5940, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe45b5940, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe45b5940, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xee6)) returned 1 [0141.184] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vn4CibFz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vn4cibfz.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe363ca40, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4543520, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4543520, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x991)) returned 1 [0141.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wOX68Cxezv6Oloa.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wox68cxezv6oloa.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4a9e6a0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4a9e6a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4a9e6a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa6e)) returned 1 [0141.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wQBLRGmmPpS.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wqblrgmmpps.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2aa1f00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2aa1f00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2aa1f00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x311)) returned 1 [0141.185] VirtualAlloc (lpAddress=0xc000488000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000488000 [0141.186] VirtualAlloc (lpAddress=0xc00047a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00047a000 [0141.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\x3Tqy 4iwG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x3tqy 4iwg.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe395c720, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe395c720, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3a1ae00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1973)) returned 1 [0141.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xe1i.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xe1i.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2a55c40, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2a55c40, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2a55c40, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x2ea)) returned 1 [0141.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\y6tP2hHT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\y6tp2hht.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2782220, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe2782220, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe2782220, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa21)) returned 1 [0141.187] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yhHe_4FFUOdFU932.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yhhe_4ffuodfu932.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4601c00, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4601c00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4601c00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x261)) returned 1 [0141.187] VirtualAlloc (lpAddress=0xc000490000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000490000 [0141.188] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yhJPwSlO2BlhGko_W58.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yhjpwslo2blhgko_w58.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe4354340, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4354340, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4354340, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa9a)) returned 1 [0141.188] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zUbQnUQ_Do w-B.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zubqnuq_do w-b.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3eb78a0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3eb78a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3eb78a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x406)) returned 1 [0141.188] VirtualAlloc (lpAddress=0xc00047c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00047c000 [0141.188] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zZGqA7r9Vz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zzgqa7r9vz.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3805ac0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe3805ac0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe3805ac0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xa1b)) returned 1 [0141.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zxXR.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zxxr.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe418b2c0, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0xe4601c00, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4601c00, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0xdd6)) returned 1 [0141.189] VirtualAlloc (lpAddress=0xc000498000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0141.190] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto"), fInfoLevelId=0x0, lpFileInformation=0xc00005b6a0 | out: lpFileInformation=0xc00005b6a0*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0141.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0141.190] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\*", lpFindFileData=0xc00005b458 | out: lpFindFileData=0xc00005b458*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0142.487] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0142.799] SetEvent (hEvent=0xfc) returned 1 [0142.799] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0142.999] SetEvent (hEvent=0x9c) returned 1 [0142.999] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) returned 0x0 [0143.013] SetEvent (hEvent=0x334) returned 1 [0143.013] WaitForSingleObject (hHandle=0x30c, dwMilliseconds=0xffffffff) Thread: id = 48 os_tid = 0xa90 [0116.132] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2ca9fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2ca9fea0*=0x314) returned 1 [0116.133] VirtualQuery (in: lpAddress=0x2ca9fec0, lpBuffer=0x2ca9fec0, dwLength=0x30 | out: lpBuffer=0x2ca9fec0*(BaseAddress=0x2ca9f000, AllocationBase=0x2c8a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.133] SetEvent (hEvent=0x234) returned 1 [0116.133] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x318 [0116.133] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x31c [0116.133] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0116.139] SetEvent (hEvent=0x258) returned 1 [0116.139] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0116.142] SetEvent (hEvent=0x2a8) returned 1 [0116.142] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0116.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x32c [0116.148] GetConsoleMode (in: hConsoleHandle=0x32c, lpMode=0xc000133cf4 | out: lpMode=0xc000133cf4) returned 0 [0116.153] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0116.204] SetEvent (hEvent=0x324) returned 1 [0116.204] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0116.210] SetEvent (hEvent=0x340) returned 1 [0116.210] SetEvent (hEvent=0x334) returned 1 [0116.210] SetEvent (hEvent=0x198) returned 1 [0116.210] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0116.213] SetEvent (hEvent=0x1e8) returned 1 [0116.213] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0116.245] SetEvent (hEvent=0x12c) returned 1 [0116.245] SetEvent (hEvent=0x1a0) returned 1 [0116.245] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0116.248] SetEvent (hEvent=0x12c) returned 1 [0116.248] SwitchToThread () returned 1 [0116.249] SetEvent (hEvent=0x12c) returned 1 [0116.249] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0116.250] SetEvent (hEvent=0x12c) returned 1 [0116.250] SetEvent (hEvent=0x340) returned 1 [0116.251] VirtualFree (lpAddress=0xc000360000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.251] VirtualFree (lpAddress=0xc000334000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.251] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0116.252] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0116.253] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.253] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.253] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.254] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.254] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.254] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.255] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.255] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.255] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.256] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.256] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.256] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000193818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc000193818*=0x3) returned 1 [0116.262] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d5818, lpReserved=0x0 | out: lpBuffer=0xc000586016*, lpNumberOfCharsWritten=0xc0001d5818*=0x3) returned 1 [0116.263] VirtualAlloc (lpAddress=0xc000374000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000374000 [0116.264] VirtualAlloc (lpAddress=0xc000376000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000376000 [0116.264] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0201 | out: pbBuffer=0xc0000e0201) returned 1 [0116.264] VirtualAlloc (lpAddress=0xc000378000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000378000 [0116.265] VirtualAlloc (lpAddress=0xc00037a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037a000 [0116.265] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0116.266] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0116.267] GetFileType (hFile=0x2e8) returned 0x1 [0116.267] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0001822c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001822c0*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.267] CloseHandle (hObject=0x2e8) returned 1 [0116.267] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\7962161087[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\7962161087[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-7962161087[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-7962161087[1].js"), dwFlags=0x1) returned 1 [0116.789] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0116.790] SetEvent (hEvent=0x234) returned 1 [0116.790] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0116.791] SetEvent (hEvent=0x234) returned 1 [0116.791] SwitchToThread () returned 1 [0116.792] SetEvent (hEvent=0x2b0) returned 1 [0116.792] SetEvent (hEvent=0x234) returned 1 [0116.792] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0116.797] SetEvent (hEvent=0x1dc) returned 1 [0116.797] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0116.801] SetEvent (hEvent=0x1dc) returned 1 [0116.801] SetEvent (hEvent=0x234) returned 1 [0116.801] SetEvent (hEvent=0x9c) returned 1 [0116.802] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0117.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0117.386] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000047cf4 | out: lpMode=0xc000047cf4) returned 0 [0117.389] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0117.463] GetFileType (hFile=0x36c) returned 0x1 [0117.463] GetFileType (hFile=0x36c) returned 0x1 [0117.463] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc000047d44 | out: lpFileInformation=0xc000047d44) returned 1 [0117.463] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc000047d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000047d28) returned 1 [0117.463] ReadFile (in: hFile=0x36c, lpBuffer=0xc0001de800, nNumberOfBytesToRead=0x743, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de800*, lpNumberOfBytesRead=0xc000047c04*=0x543, lpOverlapped=0x0) returned 1 [0117.482] ReadFile (in: hFile=0x36c, lpBuffer=0xc0001ded43, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ded43*, lpNumberOfBytesRead=0xc000047c04*=0x0, lpOverlapped=0x0) returned 1 [0117.482] CloseHandle (hObject=0x36c) returned 1 [0117.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0117.603] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000047d04 | out: lpMode=0xc000047d04) returned 0 [0117.604] GetFileType (hFile=0x23c) returned 0x1 [0117.604] WriteFile (in: hFile=0x23c, lpBuffer=0xc0001e2580*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0xc000047cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2580*, lpNumberOfBytesWritten=0xc000047cec*=0x550, lpOverlapped=0x0) returned 1 [0117.606] CloseHandle (hObject=0x23c) returned 1 [0117.615] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0117.706] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001001 | out: pbBuffer=0xc000001001) returned 1 [0117.706] VirtualAlloc (lpAddress=0xc0004d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004d2000 [0117.707] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0117.707] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc000047d64 | out: lpMode=0xc000047d64) returned 0 [0117.708] GetFileType (hFile=0x2e4) returned 0x1 [0117.708] WriteFile (in: hFile=0x2e4, lpBuffer=0xc0004cec60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000047d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0004cec60*, lpNumberOfBytesWritten=0xc000047d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.708] CloseHandle (hObject=0x2e4) returned 1 [0117.713] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0117.764] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-async_usersync[1]"), dwFlags=0x1) returned 1 [0118.401] SetEvent (hEvent=0x354) returned 1 [0118.401] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0118.819] SetEvent (hEvent=0x24c) returned 1 [0118.819] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x348 [0118.819] GetConsoleMode (in: hConsoleHandle=0x348, lpMode=0xc000177cf4 | out: lpMode=0xc000177cf4) returned 0 [0118.820] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0118.909] GetFileType (hFile=0x348) returned 0x1 [0118.909] GetFileType (hFile=0x348) returned 0x1 [0118.909] GetFileInformationByHandle (in: hFile=0x348, lpFileInformation=0xc000177d44 | out: lpFileInformation=0xc000177d44) returned 1 [0118.909] GetFileInformationByHandleEx (in: hFile=0x348, FileInformationClass=0x9, lpFileInformation=0xc000177d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000177d28) returned 1 [0118.909] ReadFile (in: hFile=0x348, lpBuffer=0xc000180000, nNumberOfBytesToRead=0xd22, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesRead=0xc000177c04*=0xb22, lpOverlapped=0x0) returned 1 [0118.914] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0119.008] ReadFile (in: hFile=0x348, lpBuffer=0xc000180b22, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc000180b22*, lpNumberOfBytesRead=0xc000177c04*=0x0, lpOverlapped=0x0) returned 1 [0119.008] CloseHandle (hObject=0x348) returned 1 [0119.008] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0119.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0119.032] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc000177d04 | out: lpMode=0xc000177d04) returned 0 [0119.034] GetFileType (hFile=0x2fc) returned 0x1 [0119.034] WriteFile (in: hFile=0x2fc, lpBuffer=0xc000294000*, nNumberOfBytesToWrite=0xb30, lpNumberOfBytesWritten=0xc000177cec, lpOverlapped=0x0 | out: lpBuffer=0xc000294000*, lpNumberOfBytesWritten=0xc000177cec*=0xb30, lpOverlapped=0x0) returned 1 [0119.035] CloseHandle (hObject=0x2fc) returned 1 [0119.038] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000b01 | out: pbBuffer=0xc000000b01) returned 1 [0119.038] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0119.039] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000177d64 | out: lpMode=0xc000177d64) returned 0 [0119.041] GetFileType (hFile=0x2cc) returned 0x1 [0119.041] WriteFile (in: hFile=0x2cc, lpBuffer=0xc000238840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000177d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000238840*, lpNumberOfBytesWritten=0xc000177d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.041] CloseHandle (hObject=0x2cc) returned 1 [0119.044] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0119.135] SetEvent (hEvent=0x120) returned 1 [0119.135] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0119.136] SetEvent (hEvent=0x1a0) returned 1 [0119.136] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0119.138] SetEvent (hEvent=0x24c) returned 1 [0119.138] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0119.150] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBNnTF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbnntf[1].jpg"), dwFlags=0x1) returned 1 [0119.574] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000253818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc000253818*=0x3) returned 1 [0119.672] SetEvent (hEvent=0x334) returned 1 [0119.672] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0141.131] SetEvent (hEvent=0x354) returned 1 [0141.131] SetEvent (hEvent=0x1a0) returned 1 [0141.131] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0141.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x374 [0141.486] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc000129cf4 | out: lpMode=0xc000129cf4) returned 0 [0141.488] GetFileType (hFile=0x374) returned 0x1 [0141.488] GetFileType (hFile=0x374) returned 0x1 [0141.488] GetFileInformationByHandle (in: hFile=0x374, lpFileInformation=0xc000129d44 | out: lpFileInformation=0xc000129d44) returned 1 [0141.488] GetFileInformationByHandleEx (in: hFile=0x374, FileInformationClass=0x9, lpFileInformation=0xc000129d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000129d28) returned 1 [0141.488] ReadFile (in: hFile=0x374, lpBuffer=0xc00003c500, nNumberOfBytesToRead=0x268, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c500*, lpNumberOfBytesRead=0xc000129c04*=0x68, lpOverlapped=0x0) returned 1 [0142.482] ReadFile (in: hFile=0x374, lpBuffer=0xc00003c568, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000129c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c568*, lpNumberOfBytesRead=0xc000129c04*=0x0, lpOverlapped=0x0) returned 1 [0142.482] CloseHandle (hObject=0x374) returned 1 [0142.483] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc7c [0142.847] GetConsoleMode (in: hConsoleHandle=0xc7c, lpMode=0xc000129d04 | out: lpMode=0xc000129d04) returned 0 [0142.866] GetFileType (hFile=0xc7c) returned 0x1 [0142.866] WriteFile (in: hFile=0xc7c, lpBuffer=0xc000012540*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0xc000129cec, lpOverlapped=0x0 | out: lpBuffer=0xc000012540*, lpNumberOfBytesWritten=0xc000129cec*=0x70, lpOverlapped=0x0) returned 1 [0142.867] CloseHandle (hObject=0xc7c) returned 1 [0142.885] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0144.191] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0144.191] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0144.615] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0144.617] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3f0 [0144.617] GetConsoleMode (in: hConsoleHandle=0x3f0, lpMode=0xc000129d64 | out: lpMode=0xc000129d64) returned 0 [0144.620] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0145.324] GetFileType (hFile=0x3f0) returned 0x1 [0145.324] WriteFile (in: hFile=0x3f0, lpBuffer=0xc000614b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000129d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614b00*, lpNumberOfBytesWritten=0xc000129d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.324] CloseHandle (hObject=0x3f0) returned 1 [0145.324] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0145.326] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@skadtec[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@skadtec[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@skadtec[1].txt"), dwFlags=0x1) returned 1 [0145.327] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ca9fe30*=0x318, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.328] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ca9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ca9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ca9f698, ulNumEntriesRemoved=0x2ca9f66c) returned 0 [0145.329] SetEvent (hEvent=0x1c4) returned 1 [0145.329] SetEvent (hEvent=0xa78) returned 1 [0145.329] SetEvent (hEvent=0xb20) returned 1 [0145.331] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ca9fe08*=0x318, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0145.339] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0145.339] SetEvent (hEvent=0xb20) returned 1 [0145.339] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ca9fe08*=0x318, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0145.341] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0145.342] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ca9fe30*=0x318, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.343] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ca9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ca9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ca9f6a0, ulNumEntriesRemoved=0x2ca9f674) returned 0 [0145.343] SetEvent (hEvent=0xc0) returned 1 [0145.343] SetEvent (hEvent=0xa78) returned 1 [0145.343] SetEvent (hEvent=0xb20) returned 1 [0145.343] SetEvent (hEvent=0xae8) returned 1 [0145.343] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ca9fe18*=0x318, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.352] GetFileType (hFile=0x42c) returned 0x1 [0145.352] WriteFile (in: hFile=0x42c, lpBuffer=0xc0000bc000*, nNumberOfBytesToWrite=0x1f70, lpNumberOfBytesWritten=0xc00038dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc000*, lpNumberOfBytesWritten=0xc00038dcec*=0x1f70, lpOverlapped=0x0) returned 1 [0145.353] CloseHandle (hObject=0x42c) returned 1 [0145.353] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0145.354] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0145.355] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0145.356] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0145.357] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0145.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x42c [0145.358] GetConsoleMode (in: hConsoleHandle=0x42c, lpMode=0xc00038dd64 | out: lpMode=0xc00038dd64) returned 0 [0145.369] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0145.912] GetFileType (hFile=0x42c) returned 0x1 [0145.912] WriteFile (in: hFile=0x42c, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00038dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc00038dd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.913] CloseHandle (hObject=0x42c) returned 1 [0145.913] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0145.914] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\encry-d93f411851d7c929.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\encry-d93f411851d7c929.customdestinations-ms"), dwFlags=0x1) returned 1 [0146.487] SetEvent (hEvent=0xc24) returned 1 [0146.487] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0146.515] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0146.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7f8 [0146.518] GetConsoleMode (in: hConsoleHandle=0x7f8, lpMode=0xc000049cf4 | out: lpMode=0xc000049cf4) returned 0 [0146.520] GetFileType (hFile=0x7f8) returned 0x1 [0146.520] GetFileType (hFile=0x7f8) returned 0x1 [0146.520] GetFileInformationByHandle (in: hFile=0x7f8, lpFileInformation=0xc000049d44 | out: lpFileInformation=0xc000049d44) returned 1 [0146.520] GetFileInformationByHandleEx (in: hFile=0x7f8, FileInformationClass=0x9, lpFileInformation=0xc000049d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000049d28) returned 1 [0146.520] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e4000 [0146.538] ReadFile (in: hFile=0x7f8, lpBuffer=0xc0006e4000, nNumberOfBytesToRead=0x80200, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006e4000*, lpNumberOfBytesRead=0xc000049c04*=0x80000, lpOverlapped=0x0) returned 1 [0146.575] ReadFile (in: hFile=0x7f8, lpBuffer=0xc000764000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc000764000*, lpNumberOfBytesRead=0xc000049c04*=0x0, lpOverlapped=0x0) returned 1 [0146.575] CloseHandle (hObject=0x7f8) returned 1 [0146.575] VirtualAlloc (lpAddress=0xc000798000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0146.575] VirtualAlloc (lpAddress=0xc000798000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0146.575] VirtualAlloc (lpAddress=0xc000798000, dwSize=0x41000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000798000 [0146.577] VirtualAlloc (lpAddress=0xc0007d9000, dwSize=0x41000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0146.577] VirtualAlloc (lpAddress=0xc0007d9000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007d9000 [0146.578] VirtualAlloc (lpAddress=0xc0007f9000, dwSize=0x21000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0146.578] VirtualAlloc (lpAddress=0xc0007f9000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0146.578] VirtualAlloc (lpAddress=0xc0007f9000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0146.578] VirtualAlloc (lpAddress=0xc0007f9000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007f9000 [0146.579] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x1d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0146.579] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0146.579] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0146.579] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fd000 [0146.580] VirtualAlloc (lpAddress=0xc000800000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0146.593] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f8 [0146.599] GetConsoleMode (in: hConsoleHandle=0x7f8, lpMode=0xc000049d04 | out: lpMode=0xc000049d04) returned 0 [0146.608] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0146.896] GetFileType (hFile=0x7f8) returned 0x1 [0146.896] WriteFile (in: hFile=0x7f8, lpBuffer=0xc000798000*, nNumberOfBytesToWrite=0x80010, lpNumberOfBytesWritten=0xc000049cec, lpOverlapped=0x0 | out: lpBuffer=0xc000798000*, lpNumberOfBytesWritten=0xc000049cec*=0x80010, lpOverlapped=0x0) returned 1 [0146.909] CloseHandle (hObject=0x7f8) returned 1 [0146.909] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0146.911] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0146.912] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0146.912] VirtualAlloc (lpAddress=0xc0002f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f4000 [0146.913] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0146.914] VirtualAlloc (lpAddress=0xc0002f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f8000 [0146.915] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0146.916] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0146.917] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0146.918] VirtualAlloc (lpAddress=0xc000282000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000282000 [0146.919] VirtualAlloc (lpAddress=0xc000284000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000284000 [0146.921] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f8 [0146.921] GetConsoleMode (in: hConsoleHandle=0x7f8, lpMode=0xc000049d64 | out: lpMode=0xc000049d64) returned 0 [0146.929] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0146.943] GetFileType (hFile=0x7f8) returned 0x1 [0146.943] WriteFile (in: hFile=0x7f8, lpBuffer=0xc000180000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000049d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesWritten=0xc000049d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.944] CloseHandle (hObject=0x7f8) returned 1 [0146.944] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-cookies.sqlite"), dwFlags=0x1) returned 1 [0146.945] SetEvent (hEvent=0xc1c) returned 1 [0146.945] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0147.010] SetEvent (hEvent=0xbd8) returned 1 [0147.010] SetEvent (hEvent=0x988) returned 1 [0147.010] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0147.090] SetEvent (hEvent=0xa20) returned 1 [0147.091] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0147.109] SetEvent (hEvent=0xbd8) returned 1 [0147.109] SetEvent (hEvent=0xc24) returned 1 [0147.109] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0147.114] SetEvent (hEvent=0xbd8) returned 1 [0147.114] SetEvent (hEvent=0x1f8) returned 1 [0147.114] SetEvent (hEvent=0xa20) returned 1 [0147.114] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0147.146] SetEvent (hEvent=0xbd8) returned 1 [0147.146] SetEvent (hEvent=0xc24) returned 1 [0147.146] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0147.177] SetEvent (hEvent=0xbd8) returned 1 [0147.177] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0147.179] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e4 [0147.180] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc0000f7cf4 | out: lpMode=0xc0000f7cf4) returned 0 [0147.236] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0147.274] GetFileType (hFile=0x2e4) returned 0x1 [0147.274] GetFileType (hFile=0x2e4) returned 0x1 [0147.274] GetFileInformationByHandle (in: hFile=0x2e4, lpFileInformation=0xc0000f7d44 | out: lpFileInformation=0xc0000f7d44) returned 1 [0147.274] GetFileInformationByHandleEx (in: hFile=0x2e4, FileInformationClass=0x9, lpFileInformation=0xc0000f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f7d28) returned 1 [0147.274] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0147.276] ReadFile (in: hFile=0x2e4, lpBuffer=0xc0002b6000, nNumberOfBytesToRead=0x701, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b6000*, lpNumberOfBytesRead=0xc0000f7c04*=0x501, lpOverlapped=0x0) returned 1 [0147.339] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0147.356] ReadFile (in: hFile=0x2e4, lpBuffer=0xc0002b6501, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b6501*, lpNumberOfBytesRead=0xc0000f7c04*=0x0, lpOverlapped=0x0) returned 1 [0147.356] CloseHandle (hObject=0x2e4) returned 1 [0147.356] VirtualAlloc (lpAddress=0xc0002ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ba000 [0147.357] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0147.358] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0147.359] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0147.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0147.360] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc0000f7d04 | out: lpMode=0xc0000f7d04) returned 0 [0147.374] GetFileType (hFile=0x2e4) returned 0x1 [0147.374] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0147.375] WriteFile (in: hFile=0x2e4, lpBuffer=0xc0002be000*, nNumberOfBytesToWrite=0x510, lpNumberOfBytesWritten=0xc0000f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002be000*, lpNumberOfBytesWritten=0xc0000f7cec*=0x510, lpOverlapped=0x0) returned 1 [0147.376] CloseHandle (hObject=0x2e4) returned 1 [0147.376] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0147.376] VirtualAlloc (lpAddress=0xc0002cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002cc000 [0147.377] VirtualAlloc (lpAddress=0xc0002d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d0000 [0147.378] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0147.379] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0147.380] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0147.381] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0147.381] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc0000f7d64 | out: lpMode=0xc0000f7d64) returned 0 [0147.382] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0147.466] GetFileType (hFile=0x2e4) returned 0x1 [0147.466] WriteFile (in: hFile=0x2e4, lpBuffer=0xc0002ec000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ec000*, lpNumberOfBytesWritten=0xc0000f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0147.466] CloseHandle (hObject=0x2e4) returned 1 [0147.467] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-localstore.rdf"), dwFlags=0x1) returned 1 [0147.468] SetEvent (hEvent=0x3c4) returned 1 [0147.468] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0147.604] SetEvent (hEvent=0xa20) returned 1 [0147.604] VirtualFree (lpAddress=0xc0006e4000, dwSize=0xa2000, dwFreeType=0x4000) returned 1 [0147.833] VirtualFree (lpAddress=0xc0002ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.834] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.834] VirtualFree (lpAddress=0xc0002ca000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0147.835] VirtualFree (lpAddress=0xc0002ba000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0147.836] VirtualFree (lpAddress=0xc0002b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.837] VirtualFree (lpAddress=0xc00025c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0147.837] VirtualFree (lpAddress=0xc000234000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.838] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0147.839] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.840] SetEvent (hEvent=0x1f8) returned 1 [0147.840] SwitchToThread () returned 1 [0147.840] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0147.842] SetEvent (hEvent=0xa20) returned 1 [0147.842] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0147.847] SetEvent (hEvent=0xa20) returned 1 [0147.847] SetEvent (hEvent=0xc1c) returned 1 [0147.847] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0147.855] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0147.856] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x698 [0147.857] GetConsoleMode (in: hConsoleHandle=0x698, lpMode=0xc0001e9cf4 | out: lpMode=0xc0001e9cf4) returned 0 [0147.859] GetFileType (hFile=0x698) returned 0x1 [0147.859] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0147.860] GetFileType (hFile=0x698) returned 0x1 [0147.860] GetFileInformationByHandle (in: hFile=0x698, lpFileInformation=0xc0001e9d44 | out: lpFileInformation=0xc0001e9d44) returned 1 [0147.860] GetFileInformationByHandleEx (in: hFile=0x698, FileInformationClass=0x9, lpFileInformation=0xc0001e9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001e9d28) returned 1 [0147.860] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0147.861] ReadFile (in: hFile=0x698, lpBuffer=0xc000040000, nNumberOfBytesToRead=0x21d, lpNumberOfBytesRead=0xc0001e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesRead=0xc0001e9c04*=0x1d, lpOverlapped=0x0) returned 1 [0148.502] ReadFile (in: hFile=0x698, lpBuffer=0xc00004001d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004001d*, lpNumberOfBytesRead=0xc0001e9c04*=0x0, lpOverlapped=0x0) returned 1 [0148.502] CloseHandle (hObject=0x698) returned 1 [0148.502] VirtualAlloc (lpAddress=0xc000284000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000284000 [0148.503] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0148.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0149.661] SetEvent (hEvent=0xc0) returned 1 [0149.661] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0001e9d04 | out: lpMode=0xc0001e9d04) returned 0 [0149.663] GetFileType (hFile=0x6a4) returned 0x1 [0149.663] WriteFile (in: hFile=0x6a4, lpBuffer=0xc00000e460*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xc0001e9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00000e460*, lpNumberOfBytesWritten=0xc0001e9cec*=0x20, lpOverlapped=0x0) returned 1 [0149.684] CloseHandle (hObject=0x6a4) returned 1 [0149.709] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0149.709] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0149.709] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc0001e9d64 | out: lpMode=0xc0001e9d64) returned 0 [0149.712] GetFileType (hFile=0x79c) returned 0x1 [0149.712] WriteFile (in: hFile=0x79c, lpBuffer=0xc0000406e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001e9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000406e0*, lpNumberOfBytesWritten=0xc0001e9d4c*=0x158, lpOverlapped=0x0) returned 1 [0149.738] CloseHandle (hObject=0x79c) returned 1 [0149.742] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0149.744] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0149.745] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-times.json"), dwFlags=0x1) returned 1 [0151.776] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0152.322] VirtualFree (lpAddress=0xc0004b2000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0152.324] VirtualFree (lpAddress=0xc00047a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.325] VirtualFree (lpAddress=0xc00029a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.326] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.327] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.328] VirtualFree (lpAddress=0xc000040000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0152.329] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.329] SetEvent (hEvent=0xb50) returned 1 [0152.329] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0161.327] SetEvent (hEvent=0xb50) returned 1 [0161.327] SwitchToThread () returned 1 [0161.330] SetEvent (hEvent=0xc44) returned 1 [0161.330] SetEvent (hEvent=0xb50) returned 1 [0161.330] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0161.334] SetEvent (hEvent=0xc44) returned 1 [0161.334] VirtualFree (lpAddress=0xc000604000, dwSize=0x82000, dwFreeType=0x4000) returned 1 [0161.340] VirtualFree (lpAddress=0xc00056a000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0161.341] VirtualFree (lpAddress=0xc0004c0000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0161.343] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.343] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0161.344] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.345] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.345] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.346] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.347] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.347] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.348] VirtualFree (lpAddress=0xc000076000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0161.349] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.350] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.351] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.351] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0161.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\F_JGkxr6yc.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\f_jgkxr6yc.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x8a4 [0162.037] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc000359cf4 | out: lpMode=0xc000359cf4) returned 0 [0162.385] GetFileType (hFile=0x8a4) returned 0x1 [0162.385] GetFileType (hFile=0x8a4) returned 0x1 [0162.385] GetFileInformationByHandle (in: hFile=0x8a4, lpFileInformation=0xc000359d44 | out: lpFileInformation=0xc000359d44) returned 1 [0162.385] GetFileInformationByHandleEx (in: hFile=0x8a4, FileInformationClass=0x9, lpFileInformation=0xc000359d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000359d28) returned 1 [0162.385] VirtualAlloc (lpAddress=0xc0004cc000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004cc000 [0162.386] ReadFile (in: hFile=0x8a4, lpBuffer=0xc0004cc000, nNumberOfBytesToRead=0xac65, lpNumberOfBytesRead=0xc000359c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004cc000*, lpNumberOfBytesRead=0xc000359c04*=0xaa65, lpOverlapped=0x0) returned 1 [0162.388] ReadFile (in: hFile=0x8a4, lpBuffer=0xc0004d6a65, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000359c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004d6a65*, lpNumberOfBytesRead=0xc000359c04*=0x0, lpOverlapped=0x0) returned 1 [0162.388] CloseHandle (hObject=0x8a4) returned 1 [0162.389] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\F_JGkxr6yc.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\f_jgkxr6yc.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0162.391] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc000359d04 | out: lpMode=0xc000359d04) returned 0 [0162.421] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0162.592] SetEvent (hEvent=0xb50) returned 1 [0162.592] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0163.593] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00007a300*, nNumberOfCharsToWrite=0x40, lpNumberOfCharsWritten=0xc00037b808, lpReserved=0x0 | out: lpBuffer=0xc00007a300*, lpNumberOfCharsWritten=0xc00037b808*=0x40) returned 1 [0163.594] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0401 | out: pbBuffer=0xc0002f0401) returned 1 [0163.594] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0163.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0166.397] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*", lpFindFileData=0xc00037ba68 | out: lpFindFileData=0xc00037ba68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0166.397] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00037b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0166.397] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) returned 0x0 [0166.784] SetEvent (hEvent=0x354) returned 1 [0166.785] WaitForSingleObject (hHandle=0x318, dwMilliseconds=0xffffffff) Thread: id = 49 os_tid = 0x34c [0116.140] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2cc9fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2cc9fea0*=0x2ec) returned 1 [0116.140] VirtualQuery (in: lpAddress=0x2cc9fec0, lpBuffer=0x2cc9fec0, dwLength=0x30 | out: lpBuffer=0x2cc9fec0*(BaseAddress=0x2cc9f000, AllocationBase=0x2caa0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.140] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x308 [0116.141] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc000195cf4 | out: lpMode=0xc000195cf4) returned 0 [0116.142] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x324 [0116.142] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x328 [0116.142] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0116.183] GetFileType (hFile=0x308) returned 0x1 [0116.183] GetFileType (hFile=0x308) returned 0x1 [0116.183] GetFileInformationByHandle (in: hFile=0x308, lpFileInformation=0xc000195d44 | out: lpFileInformation=0xc000195d44) returned 1 [0116.183] GetFileInformationByHandleEx (in: hFile=0x308, FileInformationClass=0x9, lpFileInformation=0xc000195d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000195d28) returned 1 [0116.183] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0116.184] ReadFile (in: hFile=0x308, lpBuffer=0xc000104000, nNumberOfBytesToRead=0x1e9b, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesRead=0xc000195c04*=0x1c9b, lpOverlapped=0x0) returned 1 [0116.193] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0116.208] SetEvent (hEvent=0x340) returned 1 [0116.208] ReadFile (in: hFile=0x308, lpBuffer=0xc000105c9b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc000105c9b*, lpNumberOfBytesRead=0xc000195c04*=0x0, lpOverlapped=0x0) returned 1 [0116.209] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0116.213] CloseHandle (hObject=0x308) returned 1 [0116.213] VirtualAlloc (lpAddress=0xc00036c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036c000 [0116.213] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x348 [0116.275] GetConsoleMode (in: hConsoleHandle=0x348, lpMode=0xc000195d04 | out: lpMode=0xc000195d04) returned 0 [0116.275] GetFileType (hFile=0x348) returned 0x1 [0116.275] WriteFile (in: hFile=0x348, lpBuffer=0xc00036c000*, nNumberOfBytesToWrite=0x1ca0, lpNumberOfBytesWritten=0xc000195cec, lpOverlapped=0x0 | out: lpBuffer=0xc00036c000*, lpNumberOfBytesWritten=0xc000195cec*=0x1ca0, lpOverlapped=0x0) returned 1 [0116.277] CloseHandle (hObject=0x348) returned 1 [0116.285] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0501 | out: pbBuffer=0xc0000e0501) returned 1 [0116.285] VirtualAlloc (lpAddress=0xc00037c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037c000 [0116.286] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0116.286] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000195d64 | out: lpMode=0xc000195d64) returned 0 [0116.289] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0116.293] GetFileType (hFile=0x23c) returned 0x1 [0116.293] WriteFile (in: hFile=0x23c, lpBuffer=0xc0001826e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000195d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001826e0*, lpNumberOfBytesWritten=0xc000195d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.294] CloseHandle (hObject=0x23c) returned 1 [0116.296] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE8aLO[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe8alo[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBE8aLO[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbe8alo[1].jpg"), dwFlags=0x1) returned 1 [0116.806] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0116.812] SetEvent (hEvent=0x1dc) returned 1 [0116.812] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0116.814] SetEvent (hEvent=0x1dc) returned 1 [0116.815] SetEvent (hEvent=0x334) returned 1 [0116.815] SetEvent (hEvent=0x9c) returned 1 [0116.815] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0117.382] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0117.382] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0117.383] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0117.538] GetFileType (hFile=0x2e8) returned 0x1 [0117.538] GetFileType (hFile=0x2e8) returned 0x1 [0117.538] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0117.538] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0117.538] VirtualAlloc (lpAddress=0xc00046a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00046a000 [0117.539] ReadFile (in: hFile=0x2e8, lpBuffer=0xc00046a000, nNumberOfBytesToRead=0x56e, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00046a000*, lpNumberOfBytesRead=0xc0006e1c04*=0x36e, lpOverlapped=0x0) returned 1 [0117.541] ReadFile (in: hFile=0x2e8, lpBuffer=0xc00046a36e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00046a36e*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0117.541] CloseHandle (hObject=0x2e8) returned 1 [0117.542] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0117.712] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0117.714] GetFileType (hFile=0x1b0) returned 0x1 [0117.714] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00026a380*, nNumberOfBytesToWrite=0x370, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00026a380*, lpNumberOfBytesWritten=0xc0006e1cec*=0x370, lpOverlapped=0x0) returned 1 [0117.715] CloseHandle (hObject=0x1b0) returned 1 [0117.718] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000532001 | out: pbBuffer=0xc000532001) returned 1 [0117.718] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e0 [0117.718] GetConsoleMode (in: hConsoleHandle=0x2e0, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0117.723] GetFileType (hFile=0x2e0) returned 0x1 [0117.723] WriteFile (in: hFile=0x2e0, lpBuffer=0xc0000fd600*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fd600*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.724] CloseHandle (hObject=0x2e0) returned 1 [0117.731] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBo1lFJ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbo1lfj[2].png"), dwFlags=0x1) returned 1 [0118.299] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.299] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f7818, lpReserved=0x0 | out: lpBuffer=0xc000072018*, lpNumberOfCharsWritten=0xc0000f7818*=0x3) returned 1 [0118.400] SetEvent (hEvent=0x274) returned 1 [0118.400] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0118.402] SetEvent (hEvent=0x274) returned 1 [0118.402] SwitchToThread () returned 1 [0118.403] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0118.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0118.813] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001d9cf4 | out: lpMode=0xc0001d9cf4) returned 0 [0118.817] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0118.865] SetEvent (hEvent=0x28c) returned 1 [0118.865] GetFileType (hFile=0x1ec) returned 0x1 [0118.865] GetFileType (hFile=0x1ec) returned 0x1 [0118.865] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc0001d9d44 | out: lpFileInformation=0xc0001d9d44) returned 1 [0118.865] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc0001d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d9d28) returned 1 [0118.865] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0000e9500, nNumberOfBytesToRead=0xa12, lpNumberOfBytesRead=0xc0001d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e9500*, lpNumberOfBytesRead=0xc0001d9c04*=0x812, lpOverlapped=0x0) returned 1 [0118.868] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0118.976] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0000e9d12, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e9d12*, lpNumberOfBytesRead=0xc0001d9c04*=0x0, lpOverlapped=0x0) returned 1 [0118.976] CloseHandle (hObject=0x1ec) returned 1 [0118.976] VirtualAlloc (lpAddress=0xc0002f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f8000 [0118.977] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0118.977] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0118.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0118.983] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0119.067] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001d9d04 | out: lpMode=0xc0001d9d04) returned 0 [0119.070] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0119.125] GetFileType (hFile=0x240) returned 0x1 [0119.125] WriteFile (in: hFile=0x240, lpBuffer=0xc0002fc000*, nNumberOfBytesToWrite=0x820, lpNumberOfBytesWritten=0xc0001d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002fc000*, lpNumberOfBytesWritten=0xc0001d9cec*=0x820, lpOverlapped=0x0) returned 1 [0119.126] CloseHandle (hObject=0x240) returned 1 [0119.133] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a001 | out: pbBuffer=0xc00031a001) returned 1 [0119.133] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0119.134] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0119.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0119.134] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001d9d64 | out: lpMode=0xc0001d9d64) returned 0 [0119.135] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0119.179] GetFileType (hFile=0x240) returned 0x1 [0119.179] WriteFile (in: hFile=0x240, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc0001d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.179] CloseHandle (hObject=0x240) returned 1 [0119.180] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBNAf7[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbnaf7[1].jpg"), dwFlags=0x1) returned 1 [0119.891] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0119.892] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0119.893] SetEvent (hEvent=0x30c) returned 1 [0119.893] SwitchToThread () returned 1 [0119.894] SetEvent (hEvent=0x30c) returned 1 [0119.894] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0119.896] SetEvent (hEvent=0x30c) returned 1 [0119.896] SetEvent (hEvent=0x3c4) returned 1 [0119.896] SetEvent (hEvent=0xfc) returned 1 [0119.896] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0120.541] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0120.542] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001b9cf4 | out: lpMode=0xc0001b9cf4) returned 0 [0120.547] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0120.590] GetFileType (hFile=0x36c) returned 0x1 [0120.590] GetFileType (hFile=0x36c) returned 0x1 [0120.590] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0001b9d44 | out: lpFileInformation=0xc0001b9d44) returned 1 [0120.590] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0001b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b9d28) returned 1 [0120.590] ReadFile (in: hFile=0x36c, lpBuffer=0xc000094a80, nNumberOfBytesToRead=0xa5d, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094a80*, lpNumberOfBytesRead=0xc0001b9c04*=0x85d, lpOverlapped=0x0) returned 1 [0120.594] ReadFile (in: hFile=0x36c, lpBuffer=0xc0000952dd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000952dd*, lpNumberOfBytesRead=0xc0001b9c04*=0x0, lpOverlapped=0x0) returned 1 [0120.594] CloseHandle (hObject=0x36c) returned 1 [0120.594] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0120.647] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0120.659] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001b9d04 | out: lpMode=0xc0001b9d04) returned 0 [0120.660] GetFileType (hFile=0x240) returned 0x1 [0120.660] WriteFile (in: hFile=0x240, lpBuffer=0xc0000b8900*, nNumberOfBytesToWrite=0x860, lpNumberOfBytesWritten=0xc0001b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000b8900*, lpNumberOfBytesWritten=0xc0001b9cec*=0x860, lpOverlapped=0x0) returned 1 [0120.661] CloseHandle (hObject=0x240) returned 1 [0120.665] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a501 | out: pbBuffer=0xc00031a501) returned 1 [0120.665] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0120.665] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0001b9d64 | out: lpMode=0xc0001b9d64) returned 0 [0120.665] GetFileType (hFile=0x3d8) returned 0x1 [0120.665] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000187600*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000187600*, lpNumberOfBytesWritten=0xc0001b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.666] CloseHandle (hObject=0x3d8) returned 1 [0120.666] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfAc5[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefac5[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEfAc5[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbefac5[1].jpg"), dwFlags=0x1) returned 1 [0120.920] SetEvent (hEvent=0xec) returned 1 [0120.920] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0122.301] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0122.301] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0122.302] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000153cf4 | out: lpMode=0xc000153cf4) returned 0 [0122.303] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0122.477] GetFileType (hFile=0x23c) returned 0x1 [0122.477] GetFileType (hFile=0x23c) returned 0x1 [0122.478] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc000153d44 | out: lpFileInformation=0xc000153d44) returned 1 [0122.478] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc000153d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000153d28) returned 1 [0122.478] ReadFile (in: hFile=0x23c, lpBuffer=0xc000286300, nNumberOfBytesToRead=0x2e8, lpNumberOfBytesRead=0xc000153c04, lpOverlapped=0x0 | out: lpBuffer=0xc000286300*, lpNumberOfBytesRead=0xc000153c04*=0xe8, lpOverlapped=0x0) returned 1 [0122.479] ReadFile (in: hFile=0x23c, lpBuffer=0xc0002863e8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000153c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002863e8*, lpNumberOfBytesRead=0xc000153c04*=0x0, lpOverlapped=0x0) returned 1 [0122.479] CloseHandle (hObject=0x23c) returned 1 [0122.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Soft Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\soft blue.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0122.480] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000153d04 | out: lpMode=0xc000153d04) returned 0 [0122.488] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0122.560] GetFileType (hFile=0x23c) returned 0x1 [0122.560] SwitchToThread () returned 1 [0122.561] SetEvent (hEvent=0x12c) returned 1 [0122.561] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0122.569] SetEvent (hEvent=0x1b4) returned 1 [0122.570] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.624] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0122.624] SetEvent (hEvent=0x1b4) returned 1 [0122.624] SetEvent (hEvent=0x39c) returned 1 [0122.624] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.626] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0122.626] SetEvent (hEvent=0x1a0) returned 1 [0122.626] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.636] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0122.636] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.636] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0122.637] SetEvent (hEvent=0xc0) returned 1 [0122.637] SetEvent (hEvent=0x1b4) returned 1 [0122.637] SetEvent (hEvent=0x12c) returned 1 [0122.637] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.692] SetEvent (hEvent=0x39c) returned 1 [0122.692] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0122.739] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.740] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0122.740] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0122.740] SetEvent (hEvent=0xc0) returned 1 [0122.740] SetEvent (hEvent=0x3c0) returned 1 [0122.740] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0122.741] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.742] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.754] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.755] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0122.755] SetEvent (hEvent=0x3c0) returned 1 [0122.755] SetEvent (hEvent=0x1b4) returned 1 [0122.755] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.782] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0122.782] VirtualFree (lpAddress=0xc0008f2000, dwSize=0x208000, dwFreeType=0x4000) returned 1 [0122.794] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0122.795] VirtualFree (lpAddress=0xc0002e2000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0122.795] VirtualFree (lpAddress=0xc0002cc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0122.795] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0122.796] VirtualFree (lpAddress=0xc0002c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.797] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.797] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.797] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0122.798] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.798] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0122.799] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.799] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.799] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.800] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.800] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.800] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.801] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.801] GetFileType (hFile=0x2c4) returned 0x1 [0122.801] WriteFile (in: hFile=0x2c4, lpBuffer=0xc000300000*, nNumberOfBytesToWrite=0x2950, lpNumberOfBytesWritten=0xc000193cec, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesWritten=0xc000193cec*=0x2950, lpOverlapped=0x0) returned 1 [0122.802] CloseHandle (hObject=0x2c4) returned 1 [0122.810] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0122.814] VirtualAlloc (lpAddress=0xc0002d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d0000 [0122.815] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0122.815] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0122.815] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0122.816] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0122.816] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0122.817] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0122.817] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0122.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\SoftBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\softblue.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0122.818] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000193d64 | out: lpMode=0xc000193d64) returned 0 [0122.821] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0122.830] SwitchToThread () returned 1 [0122.833] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\oeold.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\oeold.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0122.833] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0001c5cf4 | out: lpMode=0xc0001c5cf4) returned 0 [0122.834] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0122.880] SetEvent (hEvent=0x12c) returned 1 [0122.880] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0122.920] SetEvent (hEvent=0x1b4) returned 1 [0122.920] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0122.941] SetEvent (hEvent=0x3c8) returned 1 [0122.941] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0122.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0122.954] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001c7cf4 | out: lpMode=0xc0001c7cf4) returned 0 [0122.961] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0123.027] SetEvent (hEvent=0xfc) returned 1 [0123.027] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0123.029] SetEvent (hEvent=0x30c) returned 1 [0123.029] SetEvent (hEvent=0x354) returned 1 [0123.029] SetEvent (hEvent=0x13c) returned 1 [0123.029] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0123.286] SetEvent (hEvent=0x3c0) returned 1 [0123.287] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00007e000, nNumberOfBytesToRead=0x3f2, lpNumberOfBytesRead=0xc0001c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesRead=0xc0001c7c04*=0x1f2, lpOverlapped=0x0) returned 1 [0123.288] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00007e1f2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e1f2*, lpNumberOfBytesRead=0xc0001c7c04*=0x0, lpOverlapped=0x0) returned 1 [0123.288] CloseHandle (hObject=0x2f0) returned 1 [0123.288] GetFileType (hFile=0x2bc) returned 0x1 [0123.288] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0001d9d44 | out: lpFileInformation=0xc0001d9d44) returned 1 [0123.288] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0001d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d9d28) returned 1 [0123.288] SetEvent (hEvent=0x30c) returned 1 [0123.288] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0123.292] SetEvent (hEvent=0x3c0) returned 1 [0123.292] WriteFile (in: hFile=0x3d8, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000171d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc000171d4c*=0x158, lpOverlapped=0x0) returned 1 [0123.292] CloseHandle (hObject=0x3d8) returned 1 [0123.292] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0123.381] SetEvent (hEvent=0x3c0) returned 1 [0123.381] SetEvent (hEvent=0xfc) returned 1 [0123.381] SwitchToThread () returned 1 [0123.412] SetEvent (hEvent=0x3c0) returned 1 [0123.412] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0123.519] SwitchToThread () returned 1 [0123.564] SetEvent (hEvent=0x3c0) returned 1 [0123.564] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0123.567] SetEvent (hEvent=0xfc) returned 1 [0123.567] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0123.757] SetEvent (hEvent=0x13c) returned 1 [0123.757] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0123.798] SetEvent (hEvent=0x354) returned 1 [0123.798] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0123.798] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-orangecircles.jpg"), dwFlags=0x1) returned 1 [0124.515] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0000dc6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc6e0*, lpNumberOfBytesWritten=0xc0004ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0124.515] CloseHandle (hObject=0x3cc) returned 1 [0124.515] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0124.515] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0124.516] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\b60f3d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\98\\encry-B60F3d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\98\\encry-b60f3d01"), dwFlags=0x1) returned 1 [0124.517] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0124.517] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc000173cf4 | out: lpMode=0xc000173cf4) returned 0 [0124.525] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0124.527] GetFileType (hFile=0x3cc) returned 0x1 [0124.527] GetFileType (hFile=0x3cc) returned 0x1 [0124.527] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc000173d44 | out: lpFileInformation=0xc000173d44) returned 1 [0124.527] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc000173d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000173d28) returned 1 [0124.527] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0124.528] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0xac05, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc000173c04*=0xaa05, lpOverlapped=0x0) returned 1 [0124.534] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0124.573] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0001eca05, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001eca05*, lpNumberOfBytesRead=0xc000173c04*=0x0, lpOverlapped=0x0) returned 1 [0124.573] CloseHandle (hObject=0x3cc) returned 1 [0124.573] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0124.575] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0124.575] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0124.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\C2\\0B619d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\c2\\0b619d01"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0124.577] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc000173d04 | out: lpMode=0xc000173d04) returned 0 [0124.582] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0124.588] SwitchToThread () returned 1 [0124.685] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0124.697] SwitchToThread () returned 1 [0124.701] SetEvent (hEvent=0x114) returned 1 [0124.702] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0124.703] SetEvent (hEvent=0x3c8) returned 1 [0124.703] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0124.706] SwitchToThread () returned 1 [0124.709] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0124.710] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0124.807] GetFileType (hFile=0x2c4) returned 0x1 [0124.807] GetFileType (hFile=0x2c4) returned 0x1 [0124.807] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0124.807] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0124.808] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x22000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0124.811] ReadFile (in: hFile=0x2c4, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x20743, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc000175c04*=0x20543, lpOverlapped=0x0) returned 1 [0124.813] ReadFile (in: hFile=0x2c4, lpBuffer=0xc000366543, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc000366543*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0124.813] CloseHandle (hObject=0x2c4) returned 1 [0124.813] VirtualAlloc (lpAddress=0xc000368000, dwSize=0x22000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000368000 [0124.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0124.820] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000175d04 | out: lpMode=0xc000175d04) returned 0 [0124.837] GetFileType (hFile=0x2c4) returned 0x1 [0124.837] WriteFile (in: hFile=0x2c4, lpBuffer=0xc000368000*, nNumberOfBytesToWrite=0x20550, lpNumberOfBytesWritten=0xc000175cec, lpOverlapped=0x0 | out: lpBuffer=0xc000368000*, lpNumberOfBytesWritten=0xc000175cec*=0x20550, lpOverlapped=0x0) returned 1 [0124.840] CloseHandle (hObject=0x2c4) returned 1 [0124.840] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0124.840] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0124.841] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0124.842] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0124.842] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0124.843] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0124.843] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0124.844] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0124.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0124.845] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0124.847] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0124.863] SetEvent (hEvent=0xc0) returned 1 [0124.863] SetEvent (hEvent=0x3c8) returned 1 [0124.863] GetFileType (hFile=0x2c4) returned 0x1 [0124.863] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0124.871] WriteFile (in: hFile=0x2c4, lpBuffer=0xc0000dc000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0124.871] CloseHandle (hObject=0x2c4) returned 1 [0124.872] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\1d8fdd01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\3\\4B\\encry-1D8FDd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\3\\4b\\encry-1d8fdd01"), dwFlags=0x1) returned 1 [0124.873] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\encry-Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\encry-settings.ini"), dwFlags=0x1) returned 1 [0124.874] WriteFile (in: hFile=0x2bc, lpBuffer=0xc00023a2d0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0001d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00023a2d0*, lpNumberOfBytesWritten=0xc0001d9cec*=0xf0, lpOverlapped=0x0) returned 1 [0124.875] CloseHandle (hObject=0x2bc) returned 1 [0124.875] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0124.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0124.875] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001d9d64 | out: lpMode=0xc0001d9d64) returned 0 [0124.878] GetFileType (hFile=0x2bc) returned 0x1 [0124.878] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000dc840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc840*, lpNumberOfBytesWritten=0xc0001d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0124.878] CloseHandle (hObject=0x2bc) returned 1 [0124.878] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-shades of blue.htm"), dwFlags=0x1) returned 1 [0124.881] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0124.889] SwitchToThread () returned 1 [0124.895] SetEvent (hEvent=0x3c8) returned 1 [0124.895] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0124.904] SetEvent (hEvent=0x3c8) returned 1 [0124.904] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0124.905] SetEvent (hEvent=0xec) returned 1 [0124.905] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0124.915] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0124.916] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0124.917] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0124.917] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0124.918] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0002d3cf4 | out: lpMode=0xc0002d3cf4) returned 0 [0124.924] GetFileType (hFile=0x3d8) returned 0x1 [0124.924] GetFileType (hFile=0x3d8) returned 0x1 [0124.924] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc0002d3d44 | out: lpFileInformation=0xc0002d3d44) returned 1 [0124.925] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc0002d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d3d28) returned 1 [0124.925] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0124.926] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x8466, lpNumberOfBytesRead=0xc0002d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0002d3c04*=0x8266, lpOverlapped=0x0) returned 1 [0124.936] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000238266, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000238266*, lpNumberOfBytesRead=0xc0002d3c04*=0x0, lpOverlapped=0x0) returned 1 [0124.936] CloseHandle (hObject=0x3d8) returned 1 [0124.936] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0124.937] SetEvent (hEvent=0x3c8) returned 1 [0124.937] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0124.938] SetEvent (hEvent=0x1a0) returned 1 [0124.938] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0124.941] SetEvent (hEvent=0x3c8) returned 1 [0124.941] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0124.942] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0124.943] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.943] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.943] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.944] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0124.944] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.944] SetEvent (hEvent=0x114) returned 1 [0124.944] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0125.000] SwitchToThread () returned 1 [0125.099] SwitchToThread () returned 1 [0125.129] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0125.405] GetFileType (hFile=0x384) returned 0x1 [0125.405] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0125.406] WriteFile (in: hFile=0x384, lpBuffer=0xc000180000*, nNumberOfBytesToWrite=0x5d40, lpNumberOfBytesWritten=0xc0001abcec, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesWritten=0xc0001abcec*=0x5d40, lpOverlapped=0x0) returned 1 [0125.407] CloseHandle (hObject=0x384) returned 1 [0125.407] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0125.408] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0125.408] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0125.408] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0125.409] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0125.409] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0125.410] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0125.410] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0125.410] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0125.411] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0125.411] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0001abd64 | out: lpMode=0xc0001abd64) returned 0 [0125.427] GetFileType (hFile=0x384) returned 0x1 [0125.427] WriteFile (in: hFile=0x384, lpBuffer=0xc00007e2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001abd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e2c0*, lpNumberOfBytesWritten=0xc0001abd4c*=0x158, lpOverlapped=0x0) returned 1 [0125.427] CloseHandle (hObject=0x384) returned 1 [0125.428] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-Garden.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-garden.jpg"), dwFlags=0x1) returned 1 [0125.429] GetFileType (hFile=0x2e8) returned 0x1 [0125.429] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000fe000*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0xc0001c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesWritten=0xc0001c7cec*=0x200, lpOverlapped=0x0) returned 1 [0125.430] CloseHandle (hObject=0x2e8) returned 1 [0125.430] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0125.430] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0125.430] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0001c7d64 | out: lpMode=0xc0001c7d64) returned 0 [0125.432] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0125.435] GetFileType (hFile=0x2e8) returned 0x1 [0125.435] WriteFile (in: hFile=0x2e8, lpBuffer=0xc00007e840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e840*, lpNumberOfBytesWritten=0xc0001c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0125.436] CloseHandle (hObject=0x2e8) returned 1 [0125.436] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\wmsdkns.dtd"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Media\\12.0\\encry-WMSDKNS.DTD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows media\\12.0\\encry-wmsdkns.dtd"), dwFlags=0x1) returned 1 [0125.437] SwitchToThread () returned 1 [0125.439] SetEvent (hEvent=0x3c8) returned 1 [0125.439] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0125.442] SetEvent (hEvent=0x3c8) returned 1 [0125.442] SetEvent (hEvent=0x114) returned 1 [0125.442] VirtualFree (lpAddress=0xc000c00000, dwSize=0x2e8000, dwFreeType=0x4000) returned 1 [0125.459] VirtualFree (lpAddress=0xc000800000, dwSize=0x400000, dwFreeType=0x4000) returned 1 [0125.483] VirtualFree (lpAddress=0xc0006e4000, dwSize=0x11c000, dwFreeType=0x4000) returned 1 [0125.491] VirtualFree (lpAddress=0xc000266000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.491] VirtualFree (lpAddress=0xc000212000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0125.492] VirtualFree (lpAddress=0xc0001ea000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0125.492] VirtualFree (lpAddress=0xc0001b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.492] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0125.493] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.493] VirtualFree (lpAddress=0xc000180000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0125.494] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0125.494] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.494] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.495] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.495] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.496] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.496] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.496] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.497] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.497] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0125.497] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0125.498] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0125.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0125.499] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0002a1cf4 | out: lpMode=0xc0002a1cf4) returned 0 [0125.503] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0125.505] GetFileType (hFile=0x2e8) returned 0x1 [0125.505] GetFileType (hFile=0x2e8) returned 0x1 [0125.505] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc0002a1d44 | out: lpFileInformation=0xc0002a1d44) returned 1 [0125.506] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc0002a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a1d28) returned 1 [0125.506] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0125.508] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x135d5, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0002a1c04*=0x133d5, lpOverlapped=0x0) returned 1 [0125.531] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0125.534] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0002b73d5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b73d5*, lpNumberOfBytesRead=0xc0002a1c04*=0x0, lpOverlapped=0x0) returned 1 [0125.534] CloseHandle (hObject=0x2e8) returned 1 [0125.534] VirtualAlloc (lpAddress=0xc000368000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000368000 [0125.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0125.539] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0002a1d04 | out: lpMode=0xc0002a1d04) returned 0 [0125.546] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0125.582] GetFileType (hFile=0x2e8) returned 0x1 [0125.582] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0125.583] WriteFile (in: hFile=0x2e8, lpBuffer=0xc000368000*, nNumberOfBytesToWrite=0x133e0, lpNumberOfBytesWritten=0xc0002a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000368000*, lpNumberOfBytesWritten=0xc0002a1cec*=0x133e0, lpOverlapped=0x0) returned 1 [0125.586] CloseHandle (hObject=0x2e8) returned 1 [0125.586] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0125.586] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0125.586] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0125.587] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0125.587] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0125.588] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0125.589] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0125.590] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0125.590] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0002a1d64 | out: lpMode=0xc0002a1d64) returned 0 [0125.591] GetFileType (hFile=0x2e8) returned 0x1 [0125.591] WriteFile (in: hFile=0x2e8, lpBuffer=0xc00011c580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c580*, lpNumberOfBytesWritten=0xc0002a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0125.592] CloseHandle (hObject=0x2e8) returned 1 [0125.592] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\24b53d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\9\\2C\\encry-24B53d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\9\\2c\\encry-24b53d01"), dwFlags=0x1) returned 1 [0125.593] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0125.596] SetEvent (hEvent=0x3c8) returned 1 [0125.596] SetEvent (hEvent=0x114) returned 1 [0125.596] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x22000, dwFreeType=0x4000) returned 1 [0125.597] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0125.598] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0125.598] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-shadesofblue.jpg"), dwFlags=0x1) returned 1 [0125.641] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0125.644] SetEvent (hEvent=0x114) returned 1 [0125.644] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.054] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0126.054] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0126.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0126.065] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0001f3d04 | out: lpMode=0xc0001f3d04) returned 0 [0126.066] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.072] GetFileType (hFile=0x2e8) returned 0x1 [0126.072] WriteFile (in: hFile=0x2e8, lpBuffer=0xc000ee8000*, nNumberOfBytesToWrite=0x400010, lpNumberOfBytesWritten=0xc0001f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000ee8000*, lpNumberOfBytesWritten=0xc0001f3cec*=0x400010, lpOverlapped=0x0) returned 1 [0126.184] CloseHandle (hObject=0x2e8) returned 1 [0126.184] SwitchToThread () returned 1 [0126.189] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0126.190] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0126.190] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0126.191] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_001_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_001_"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0126.191] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc0001f3d64 | out: lpMode=0xc0001f3d64) returned 0 [0126.207] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.213] GetFileType (hFile=0x2c4) returned 0x1 [0126.214] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.223] SetEvent (hEvent=0x1b4) returned 1 [0126.223] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.223] SetEvent (hEvent=0x1b4) returned 1 [0126.223] SetEvent (hEvent=0x114) returned 1 [0126.223] VirtualFree (lpAddress=0xc001000000, dwSize=0x2ea000, dwFreeType=0x4000) returned 1 [0126.238] VirtualFree (lpAddress=0xc000ee8000, dwSize=0x118000, dwFreeType=0x4000) returned 1 [0126.244] VirtualFree (lpAddress=0xc000800000, dwSize=0x2e6000, dwFreeType=0x4000) returned 1 [0126.259] VirtualFree (lpAddress=0xc0006e4000, dwSize=0x11c000, dwFreeType=0x4000) returned 1 [0126.265] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.265] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.265] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.266] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.266] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0126.266] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.267] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0126.267] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.267] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.267] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.268] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.268] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.268] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.268] VirtualFree (lpAddress=0xc00004c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0126.269] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0126.269] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.269] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0126.270] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0126.271] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0126.271] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0126.272] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0126.273] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0002d3d04 | out: lpMode=0xc0002d3d04) returned 0 [0126.276] GetFileType (hFile=0x2e8) returned 0x1 [0126.276] WriteFile (in: hFile=0x2e8, lpBuffer=0xc000212000*, nNumberOfBytesToWrite=0x8270, lpNumberOfBytesWritten=0xc0002d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesWritten=0xc0002d3cec*=0x8270, lpOverlapped=0x0) returned 1 [0126.295] CloseHandle (hObject=0x2e8) returned 1 [0126.296] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0126.296] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0126.296] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0126.297] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0002d3d64 | out: lpMode=0xc0002d3d64) returned 0 [0126.430] GetFileType (hFile=0x2e8) returned 0x1 [0126.430] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0002d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0126.430] CloseHandle (hObject=0x2e8) returned 1 [0126.430] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\71469d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\D\\08\\encry-71469d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\d\\08\\encry-71469d01"), dwFlags=0x1) returned 1 [0126.432] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0126.435] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.435] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0126.435] SetEvent (hEvent=0xc0) returned 1 [0126.435] SetEvent (hEvent=0x30c) returned 1 [0126.435] SetEvent (hEvent=0xfc) returned 1 [0126.435] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.437] SetEvent (hEvent=0xfc) returned 1 [0126.437] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.572] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.586] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0126.586] SetEvent (hEvent=0xc0) returned 1 [0126.586] SetEvent (hEvent=0x1b4) returned 1 [0126.586] SetEvent (hEvent=0xfc) returned 1 [0126.586] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.634] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0126.634] SetEvent (hEvent=0x30c) returned 1 [0126.634] SetEvent (hEvent=0xfc) returned 1 [0126.635] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.640] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0126.654] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.654] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.655] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0126.655] SetEvent (hEvent=0xc0) returned 1 [0126.655] SetEvent (hEvent=0x354) returned 1 [0126.655] SetEvent (hEvent=0x13c) returned 1 [0126.655] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.711] SetEvent (hEvent=0x1b4) returned 1 [0126.711] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0126.713] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.713] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0126.713] SetEvent (hEvent=0xc0) returned 1 [0126.713] SetEvent (hEvent=0x1b4) returned 1 [0126.714] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.715] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.719] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.720] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0126.720] SetEvent (hEvent=0x1b4) returned 1 [0126.720] SetEvent (hEvent=0x13c) returned 1 [0126.720] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.727] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.734] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.736] SetEvent (hEvent=0x114) returned 1 [0126.736] SetEvent (hEvent=0x1b4) returned 1 [0126.736] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0126.737] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.737] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.737] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.738] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.738] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.738] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0126.739] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.744] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.746] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.747] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.748] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.749] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.750] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.750] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.751] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.752] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.754] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.754] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.755] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.757] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.759] SetEvent (hEvent=0x1b4) returned 1 [0126.759] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.878] SetEvent (hEvent=0x354) returned 1 [0126.878] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0126.879] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0126.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0126.880] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001fdcf4 | out: lpMode=0xc0001fdcf4) returned 0 [0126.905] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.906] GetFileType (hFile=0x3cc) returned 0x1 [0126.906] GetFileType (hFile=0x3cc) returned 0x1 [0126.906] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc0001fdd44 | out: lpFileInformation=0xc0001fdd44) returned 1 [0126.906] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc0001fdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fdd28) returned 1 [0126.906] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0126.908] ReadFile (in: hFile=0x3cc, lpBuffer=0xc000120000, nNumberOfBytesToRead=0x2e8, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesRead=0xc0001fdc04*=0xe8, lpOverlapped=0x0) returned 1 [0126.909] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0001200e8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001200e8*, lpNumberOfBytesRead=0xc0001fdc04*=0x0, lpOverlapped=0x0) returned 1 [0126.909] CloseHandle (hObject=0x3cc) returned 1 [0126.909] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0126.910] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0126.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0126.912] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001fdd04 | out: lpMode=0xc0001fdd04) returned 0 [0126.921] GetFileType (hFile=0x3cc) returned 0x1 [0126.921] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0001241e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0001fdcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001241e0*, lpNumberOfBytesWritten=0xc0001fdcec*=0xf0, lpOverlapped=0x0) returned 1 [0126.922] CloseHandle (hObject=0x3cc) returned 1 [0126.922] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0126.922] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0126.923] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0126.924] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0126.924] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001fdd64 | out: lpMode=0xc0001fdd64) returned 0 [0126.925] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.937] GetFileType (hFile=0x3cc) returned 0x1 [0126.937] WriteFile (in: hFile=0x3cc, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc0001fdd4c*=0x158, lpOverlapped=0x0) returned 1 [0126.937] CloseHandle (hObject=0x3cc) returned 1 [0126.937] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.sbstore"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\encry-test-malware-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\encry-test-malware-simple.sbstore"), dwFlags=0x1) returned 1 [0126.939] SwitchToThread () returned 1 [0126.941] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.943] SetEvent (hEvent=0x354) returned 1 [0126.943] SwitchToThread () returned 1 [0126.946] SetEvent (hEvent=0x39c) returned 1 [0126.946] SetEvent (hEvent=0x354) returned 1 [0126.947] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.965] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.967] SetEvent (hEvent=0x354) returned 1 [0126.967] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.977] SetEvent (hEvent=0x354) returned 1 [0126.977] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.978] SetEvent (hEvent=0xec) returned 1 [0126.978] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0126.981] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0126.981] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0126.982] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0126.982] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000277cf4 | out: lpMode=0xc000277cf4) returned 0 [0126.983] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.032] GetFileType (hFile=0x2bc) returned 0x1 [0127.032] GetFileType (hFile=0x2bc) returned 0x1 [0127.032] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000277d44 | out: lpFileInformation=0xc000277d44) returned 1 [0127.032] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000277d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000277d28) returned 1 [0127.032] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0127.033] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000ee000, nNumberOfBytesToRead=0x210, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee000*, lpNumberOfBytesRead=0xc000277c04*=0x10, lpOverlapped=0x0) returned 1 [0127.034] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000ee010, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee010*, lpNumberOfBytesRead=0xc000277c04*=0x0, lpOverlapped=0x0) returned 1 [0127.034] CloseHandle (hObject=0x2bc) returned 1 [0127.034] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0127.034] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0127.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0127.036] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000277d04 | out: lpMode=0xc000277d04) returned 0 [0127.036] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.042] SetEvent (hEvent=0x354) returned 1 [0127.042] GetFileType (hFile=0x2bc) returned 0x1 [0127.042] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.046] WriteFile (in: hFile=0x2bc, lpBuffer=0xc00000e220*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xc000277cec, lpOverlapped=0x0 | out: lpBuffer=0xc00000e220*, lpNumberOfBytesWritten=0xc000277cec*=0x20, lpOverlapped=0x0) returned 1 [0127.049] CloseHandle (hObject=0x2bc) returned 1 [0127.050] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0127.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0127.050] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000277d64 | out: lpMode=0xc000277d64) returned 0 [0127.058] GetFileType (hFile=0x2bc) returned 0x1 [0127.058] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000277d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000277d4c*=0x158, lpOverlapped=0x0) returned 1 [0127.058] CloseHandle (hObject=0x2bc) returned 1 [0127.058] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.pset"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\encry-test-phish-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\encry-test-phish-simple.pset"), dwFlags=0x1) returned 1 [0127.070] SetEvent (hEvent=0x39c) returned 1 [0127.070] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.073] SetEvent (hEvent=0xec) returned 1 [0127.073] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.079] SetEvent (hEvent=0x39c) returned 1 [0127.079] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.116] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0127.117] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001f5cf4 | out: lpMode=0xc0001f5cf4) returned 0 [0127.117] GetFileType (hFile=0x370) returned 0x1 [0127.117] GetFileType (hFile=0x370) returned 0x1 [0127.117] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc0001f5d44 | out: lpFileInformation=0xc0001f5d44) returned 1 [0127.117] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc0001f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f5d28) returned 1 [0127.117] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0127.120] ReadFile (in: hFile=0x370, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x1c562, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0001f5c04*=0x1c362, lpOverlapped=0x0) returned 1 [0127.236] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.279] ReadFile (in: hFile=0x370, lpBuffer=0xc0002c0362, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002c0362*, lpNumberOfBytesRead=0xc0001f5c04*=0x0, lpOverlapped=0x0) returned 1 [0127.279] CloseHandle (hObject=0x370) returned 1 [0127.279] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0127.291] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0127.293] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001f5d04 | out: lpMode=0xc0001f5d04) returned 0 [0127.294] GetFileType (hFile=0x370) returned 0x1 [0127.295] WriteFile (in: hFile=0x370, lpBuffer=0xc000346000*, nNumberOfBytesToWrite=0x1c370, lpNumberOfBytesWritten=0xc0001f5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesWritten=0xc0001f5cec*=0x1c370, lpOverlapped=0x0) returned 1 [0127.298] CloseHandle (hObject=0x370) returned 1 [0127.298] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0127.298] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0127.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0127.299] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001f5d64 | out: lpMode=0xc0001f5d64) returned 0 [0127.303] GetFileType (hFile=0x370) returned 0x1 [0127.303] WriteFile (in: hFile=0x370, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0127.303] CloseHandle (hObject=0x370) returned 1 [0127.304] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\ce8c0453589216a67cddb50284fbfe8d.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\encry-ce8c0453589216a67cddb50284fbfe8d.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\encry-ce8c0453589216a67cddb50284fbfe8d.png"), dwFlags=0x1) returned 1 [0127.305] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0127.305] SetEvent (hEvent=0x1a0) returned 1 [0127.305] SetEvent (hEvent=0x3c8) returned 1 [0127.305] SetEvent (hEvent=0xfc) returned 1 [0127.306] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.315] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.315] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.363] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.363] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0127.363] SetEvent (hEvent=0xfc) returned 1 [0127.363] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.413] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0127.413] SetEvent (hEvent=0x114) returned 1 [0127.413] SetEvent (hEvent=0xfc) returned 1 [0127.413] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.420] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.420] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.426] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.426] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.427] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.427] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0127.427] SetEvent (hEvent=0xc0) returned 1 [0127.427] SetEvent (hEvent=0xec) returned 1 [0127.427] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.467] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.467] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0127.467] SetEvent (hEvent=0x39c) returned 1 [0127.467] SetEvent (hEvent=0x114) returned 1 [0127.468] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.476] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.476] SetEvent (hEvent=0x39c) returned 1 [0127.476] SetEvent (hEvent=0x13c) returned 1 [0127.476] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.478] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.478] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.480] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.480] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0127.480] SetEvent (hEvent=0x13c) returned 1 [0127.480] SetEvent (hEvent=0x354) returned 1 [0127.480] SetEvent (hEvent=0x39c) returned 1 [0127.480] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.514] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0127.515] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0127.515] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0127.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0127.517] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001f9cf4 | out: lpMode=0xc0001f9cf4) returned 0 [0127.530] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.552] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.573] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.573] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\*", lpFindFileData=0xc0002579f8 | out: lpFindFileData=0xc0002579f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0127.573] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000257720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0127.573] SetEvent (hEvent=0x13c) returned 1 [0127.574] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.600] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0127.601] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0127.602] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0127.605] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.616] GetFileType (hFile=0x2c4) returned 0x1 [0127.616] GetFileType (hFile=0x2c4) returned 0x1 [0127.616] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0127.616] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0127.616] ReadFile (in: hFile=0x2c4, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc000247c04*=0x43, lpOverlapped=0x0) returned 1 [0127.617] ReadFile (in: hFile=0x2c4, lpBuffer=0xc00003c043, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c043*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0127.617] CloseHandle (hObject=0x2c4) returned 1 [0127.617] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.617] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini\\*", lpFindFileData=0xc000247a08 | out: lpFindFileData=0xc000247a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0127.617] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000247720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0127.617] SetEvent (hEvent=0x3c8) returned 1 [0127.617] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.642] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.646] SetEvent (hEvent=0x1a0) returned 1 [0127.646] SetEvent (hEvent=0x39c) returned 1 [0127.646] SetEvent (hEvent=0xec) returned 1 [0127.646] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.657] SetEvent (hEvent=0x1a0) returned 1 [0127.657] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\PBijruVM9GhXBrY K_pi.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pbijruvm9ghxbry k_pi.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0127.658] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000045cf4 | out: lpMode=0xc000045cf4) returned 0 [0127.662] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.672] GetFileType (hFile=0x2c4) returned 0x1 [0127.672] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.689] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0127.691] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0127.691] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.692] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.692] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.692] SetEvent (hEvent=0x114) returned 1 [0127.692] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0128.368] GetFileType (hFile=0x1b0) returned 0x1 [0128.368] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00031c000*, nNumberOfBytesToWrite=0xf700, lpNumberOfBytesWritten=0xc000201cec, lpOverlapped=0x0 | out: lpBuffer=0xc00031c000*, lpNumberOfBytesWritten=0xc000201cec*=0xf700, lpOverlapped=0x0) returned 1 [0128.370] CloseHandle (hObject=0x1b0) returned 1 [0128.371] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0128.371] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0128.371] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0128.372] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0128.373] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0128.373] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0128.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bjmV65oG2TWTY.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bjmv65og2twty.gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0128.374] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000201d64 | out: lpMode=0xc000201d64) returned 0 [0128.377] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0128.387] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0128.387] SetEvent (hEvent=0x114) returned 1 [0128.387] SetEvent (hEvent=0xec) returned 1 [0128.388] VirtualFree (lpAddress=0xc000346000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0128.389] VirtualFree (lpAddress=0xc00031c000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0128.389] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0128.390] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0128.391] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.392] VirtualFree (lpAddress=0xc000266000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.396] VirtualFree (lpAddress=0xc00025a000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0128.396] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.397] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0128.397] VirtualFree (lpAddress=0xc000202000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.398] VirtualFree (lpAddress=0xc0001e2000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0128.398] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.399] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.399] VirtualFree (lpAddress=0xc000182000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.399] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.400] VirtualFree (lpAddress=0xc000162000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.400] VirtualFree (lpAddress=0xc00010e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.401] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.401] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.401] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.402] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.402] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.402] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.403] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.403] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.404] VirtualFree (lpAddress=0xc00005a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.404] VirtualFree (lpAddress=0xc00004e000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0128.405] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0128.405] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.406] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.406] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e048*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000177818, lpReserved=0x0 | out: lpBuffer=0xc00005e048*, lpNumberOfCharsWritten=0xc000177818*=0x3) returned 1 [0128.407] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0128.409] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e140*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000277818, lpReserved=0x0 | out: lpBuffer=0xc00005e140*, lpNumberOfCharsWritten=0xc000277818*=0x3) returned 1 [0128.410] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc0001b9818*=0x3) returned 1 [0128.411] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000151818, lpReserved=0x0 | out: lpBuffer=0xc0000a0030*, lpNumberOfCharsWritten=0xc000151818*=0x3) returned 1 [0128.420] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0036*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000155818, lpReserved=0x0 | out: lpBuffer=0xc0000a0036*, lpNumberOfCharsWritten=0xc000155818*=0x3) returned 1 [0128.430] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000211818, lpReserved=0x0 | out: lpBuffer=0xc0000a0060*, lpNumberOfCharsWritten=0xc000211818*=0x3) returned 1 [0128.444] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0066*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001f5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0066*, lpNumberOfCharsWritten=0xc0001f5818*=0x3) returned 1 [0128.457] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010318*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00011b818, lpReserved=0x0 | out: lpBuffer=0xc000010318*, lpNumberOfCharsWritten=0xc00011b818*=0x3) returned 1 [0128.465] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010328*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000133818, lpReserved=0x0 | out: lpBuffer=0xc000010328*, lpNumberOfCharsWritten=0xc000133818*=0x3) returned 1 [0128.474] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0128.481] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010330*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001ff818, lpReserved=0x0 | out: lpBuffer=0xc000010330*, lpNumberOfCharsWritten=0xc0001ff818*=0x3) returned 1 [0128.486] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010336*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc000010336*, lpNumberOfCharsWritten=0xc0006dd818*=0x3) returned 1 [0128.487] SetEvent (hEvent=0x3c0) returned 1 [0128.487] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0128.488] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005a000*, nNumberOfCharsToWrite=0x5d, lpNumberOfCharsWritten=0xc000257808, lpReserved=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfCharsWritten=0xc000257808*=0x5d) returned 1 [0128.489] SetEvent (hEvent=0x3c0) returned 1 [0128.489] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0128.490] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0128.490] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.490] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\*", lpFindFileData=0xc000257a08 | out: lpFindFileData=0xc000257a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0128.491] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000257720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0128.491] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005a0c0*, nNumberOfCharsToWrite=0x5d, lpNumberOfCharsWritten=0xc000257808, lpReserved=0x0 | out: lpBuffer=0xc00005a0c0*, lpNumberOfCharsWritten=0xc000257808*=0x5d) returned 1 [0128.492] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a501 | out: pbBuffer=0xc00028a501) returned 1 [0128.492] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.492] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files\\*", lpFindFileData=0xc000257a68 | out: lpFindFileData=0xc000257a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0128.492] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000257720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0128.492] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005a180*, nNumberOfCharsToWrite=0x5d, lpNumberOfCharsWritten=0xc000257808, lpReserved=0x0 | out: lpBuffer=0xc00005a180*, lpNumberOfCharsWritten=0xc000257808*=0x5d) returned 1 [0128.494] SetEvent (hEvent=0x3c0) returned 1 [0128.494] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c8090*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000257808, lpReserved=0x0 | out: lpBuffer=0xc0000c8090*, lpNumberOfCharsWritten=0xc000257808*=0x11) returned 1 [0128.495] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c80c0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000257808, lpReserved=0x0 | out: lpBuffer=0xc0000c80c0*, lpNumberOfCharsWritten=0xc000257808*=0x11) returned 1 [0128.496] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temporary Internet Files" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temporary internet files"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\encry-Temporary Internet Files" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\encry-temporary internet files"), dwFlags=0x1) returned 1 [0130.650] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0130.650] SetEvent (hEvent=0x24c) returned 1 [0130.652] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0130.668] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0130.668] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0130.668] SetEvent (hEvent=0x24c) returned 1 [0130.668] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0130.784] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0130.784] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0130.787] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0130.787] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0130.787] SetEvent (hEvent=0x148) returned 1 [0130.787] SetEvent (hEvent=0xfc) returned 1 [0130.787] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0130.796] SetEvent (hEvent=0x1b4) returned 1 [0130.796] SetEvent (hEvent=0x3c0) returned 1 [0130.796] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0130.802] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0130.805] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0130.805] SetEvent (hEvent=0xc0) returned 1 [0130.805] SetEvent (hEvent=0x39c) returned 1 [0130.805] SetEvent (hEvent=0x3c0) returned 1 [0130.805] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0130.836] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0130.837] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0130.837] WriteFile (in: hFile=0x2bc, lpBuffer=0xc000216800*, nNumberOfBytesToWrite=0x4750, lpNumberOfBytesWritten=0xc00024dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000216800*, lpNumberOfBytesWritten=0xc00024dcec*=0x4750, lpOverlapped=0x0) returned 1 [0130.839] CloseHandle (hObject=0x2bc) returned 1 [0130.839] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0130.839] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0130.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Taqml-.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\taqml-.avi"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0130.840] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0130.847] GetFileType (hFile=0x2bc) returned 0x1 [0130.847] WriteFile (in: hFile=0x2bc, lpBuffer=0xc00002c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00002c2c0*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0130.848] CloseHandle (hObject=0x2bc) returned 1 [0130.848] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Taqml-.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\taqml-.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-Taqml-.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-taqml-.avi"), dwFlags=0x1) returned 1 [0130.849] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0130.852] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0130.852] SetEvent (hEvent=0xc0) returned 1 [0130.852] SetEvent (hEvent=0x3c0) returned 1 [0130.852] SetEvent (hEvent=0x1b4) returned 1 [0130.853] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0130.895] SetEvent (hEvent=0x148) returned 1 [0130.895] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0130.899] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0130.899] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0130.899] SetEvent (hEvent=0x1b4) returned 1 [0130.899] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0130.918] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0130.918] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0130.919] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0130.919] SetEvent (hEvent=0xc0) returned 1 [0130.919] SetEvent (hEvent=0x39c) returned 1 [0130.919] SetEvent (hEvent=0x148) returned 1 [0130.919] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0130.921] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0130.924] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0130.927] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0130.927] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0130.928] SetEvent (hEvent=0x39c) returned 1 [0130.928] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0130.928] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0130.929] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0130.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\brz"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.930] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\brz\\*", lpFindFileData=0xc0001e92a8 | out: lpFindFileData=0xc0001e92a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.930] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec6bf330, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec6bf330, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec6bf330, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.930] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.930] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.930] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\dan"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb4758f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb4758f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb4758f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.930] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\dan"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.930] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dan\\*", lpFindFileData=0xc0001e92a8 | out: lpFindFileData=0xc0001e92a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb4758f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb4758f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb4758f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.931] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb4758f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb4758f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb4758f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.931] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.931] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.931] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\dut"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xebdabf50, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xebdabf50, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xebdabf50, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.931] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\dut"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.931] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\dut\\*", lpFindFileData=0xc0001e92a8 | out: lpFindFileData=0xc0001e92a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xebdabf50, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xebdabf50, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xebdabf50, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.931] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xebdabf50, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xebdabf50, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xebdabf50, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.931] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.931] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.932] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\eng"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9487bb0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9487bb0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9487bb0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.932] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\eng"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.932] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\eng\\*", lpFindFileData=0xc0001e92a8 | out: lpFindFileData=0xc0001e92a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9487bb0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9487bb0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9487bb0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.932] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9487bb0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9487bb0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9487bb0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.932] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.932] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.932] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\frn"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9d9af90, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9d9af90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9d9af90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\frn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.933] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\frn\\*", lpFindFileData=0xc0001e92a8 | out: lpFindFileData=0xc0001e92a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9d9af90, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9d9af90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9d9af90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.933] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9d9af90, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9d9af90, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9d9af90, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.933] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.933] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.933] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\grm"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9924650, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9924650, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9924650, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\grm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.933] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\grm\\*", lpFindFileData=0xc0001e92a8 | out: lpFindFileData=0xc0001e92a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9924650, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9924650, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9924650, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.934] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe9924650, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe9924650, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe9924650, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.934] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.934] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.934] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\itl"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea6d44d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea6d44d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea6d44d0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\itl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.934] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\itl\\*", lpFindFileData=0xc0001e92a8 | out: lpFindFileData=0xc0001e92a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea6d44d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea6d44d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea6d44d0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.934] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea6d44d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea6d44d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea6d44d0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.934] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.935] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.935] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\nrw"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb90f4b0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb90f4b0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb90f4b0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.935] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\nrw"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.935] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\nrw\\*", lpFindFileData=0xc0001e92a8 | out: lpFindFileData=0xc0001e92a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb90f4b0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb90f4b0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb90f4b0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.936] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0130.936] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeb90f4b0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeb90f4b0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeb90f4b0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.936] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.936] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.937] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\prt"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec2489f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec2489f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec2489f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.937] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\prt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.937] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\prt\\*", lpFindFileData=0xc0001e92a8 | out: lpFindFileData=0xc0001e92a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec2489f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec2489f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec2489f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.937] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec2489f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec2489f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec2489f0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.937] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.937] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.937] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\spn"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea237a30, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea237a30, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea237a30, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\spn"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.938] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\spn\\*", lpFindFileData=0xc0001e92a8 | out: lpFindFileData=0xc0001e92a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea237a30, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea237a30, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea237a30, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.938] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0130.938] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xea237a30, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xea237a30, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xea237a30, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.939] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.939] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.939] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\swd"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.939] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\linguistics\\dictionaries\\adobe custom dictionary\\swd"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.939] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Linguistics\\Dictionaries\\Adobe Custom Dictionary\\swd\\*", lpFindFileData=0xc0001e92a8 | out: lpFindFileData=0xc0001e92a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.939] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeaffa190, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xeaffa190, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xeaffa190, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.939] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.940] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.940] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0130.940] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0130.941] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9850 | out: lpFileInformation=0xc0001e9850*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0130.941] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.941] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\*", lpFindFileData=0xc0001e9608 | out: lpFindFileData=0xc0001e9608*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.941] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.941] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CryptnetUrlCache", cAlternateFileName="CRYPTN~1")) returned 1 [0130.941] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IME12", cAlternateFileName="")) returned 1 [0130.941] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP12", cAlternateFileName="")) returned 1 [0130.941] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP8_1", cAlternateFileName="")) returned 1 [0130.941] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP9_0", cAlternateFileName="")) returned 1 [0130.942] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x510b3550, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5616fca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5616fca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0130.942] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.942] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.942] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9778 | out: lpFileInformation=0xc0001e9778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0130.942] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.942] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\*", lpFindFileData=0xc0001e9530 | out: lpFindFileData=0xc0001e9530*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.942] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a43389, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.942] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Content", cAlternateFileName="")) returned 1 [0130.942] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MetaData", cAlternateFileName="")) returned 1 [0130.942] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.942] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.943] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content"), fInfoLevelId=0x0, lpFileInformation=0xc0001e96a0 | out: lpFileInformation=0xc0001e96a0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7000)) returned 1 [0130.943] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0130.943] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\*", lpFindFileData=0xc0001e9458 | out: lpFindFileData=0xc0001e9458*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0130.943] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.943] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf9eaad0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf9eaad0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf9eaad0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", cAlternateFileName="024823~1")) returned 1 [0130.943] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bd8410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bd8410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe98d390, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x561, dwReserved0=0x0, dwReserved1=0x0, cFileName="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", cAlternateFileName="0F1583~1")) returned 1 [0130.943] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf952550, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf952550, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf952550, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", cAlternateFileName="1BB09B~1")) returned 1 [0130.943] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x4c00edb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c00edb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4c00edb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xf1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="1DAF2884EC4DFA96BA4A58D4DBC9C406", cAlternateFileName="1DAF28~1")) returned 1 [0130.943] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x580eb5c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x580eb5c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaedd4300, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x145, dwReserved0=0x0, dwReserved1=0x0, cFileName="23B523C9E7746F715D33C6527C18EB9D", cAlternateFileName="23B523~1")) returned 1 [0130.943] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xc3791460, ftCreationTime.dwHighDateTime=0x1d2e675, ftLastAccessTime.dwLowDateTime=0xc3791460, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc3791460, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x209, dwReserved0=0x0, dwReserved1=0x0, cFileName="3130B1871A126520A8C47861EFE3ED4D", cAlternateFileName="3130B1~1")) returned 1 [0130.943] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53fdc930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53fdc930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf16fc70, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x58b, dwReserved0=0x0, dwReserved1=0x0, cFileName="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", cAlternateFileName="3388EC~1")) returned 1 [0130.943] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53b19d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b19d30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54583d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb68, dwReserved0=0x0, dwReserved1=0x0, cFileName="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", cAlternateFileName="40E450~1")) returned 1 [0130.944] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54537ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54537ab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae76e7e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", cAlternateFileName="4C8F84~1")) returned 1 [0130.944] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x7295ee20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7295ee20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xadfb2060, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x680, dwReserved0=0x0, dwReserved1=0x0, cFileName="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", cAlternateFileName="4DD397~1")) returned 1 [0130.944] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf8b9fd0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf8b9fd0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf8b9fd0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", cAlternateFileName="5080DC~2")) returned 1 [0130.944] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf86dd10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf86dd10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf86dd10, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", cAlternateFileName="5080DC~1")) returned 1 [0130.944] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7af630, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", cAlternateFileName="5457A8~1")) returned 1 [0130.944] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xed9b0820, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xed9b0820, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xed9b0820, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x32d, dwReserved0=0x0, dwReserved1=0x0, cFileName="696F3DE637E6DE85B458996D49D759AD", cAlternateFileName="696F3D~1")) returned 1 [0130.944] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf763370, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x648, dwReserved0=0x0, dwReserved1=0x0, cFileName="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", cAlternateFileName="705A76~1")) returned 1 [0130.944] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedb2d5e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedb2d5e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedb2d5e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x22a, dwReserved0=0x0, dwReserved1=0x0, cFileName="7396C420A8E1BC1DA97F1AF0D10BAD21", cAlternateFileName="7396C4~1")) returned 1 [0130.944] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x312640, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", cAlternateFileName="7423F8~1")) returned 1 [0130.944] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd0e4c510, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x1fa, dwReserved0=0x0, dwReserved1=0x0, cFileName="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cAlternateFileName="7B2238~1")) returned 1 [0130.944] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b2324c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b2324c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b2324c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x67c, dwReserved0=0x0, dwReserved1=0x0, cFileName="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", cAlternateFileName="7B8944~1")) returned 1 [0130.944] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b199f40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b199f40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b199f40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", cAlternateFileName="7D266D~2")) returned 1 [0130.944] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefaf7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefaf7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaec313e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", cAlternateFileName="7D266D~1")) returned 1 [0130.944] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6056b480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6056b480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1ef687a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", cAlternateFileName="8059E9~3")) returned 1 [0130.944] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61210960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61210960, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaecc9960, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", cAlternateFileName="80273C~1")) returned 1 [0130.944] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58e24200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58e24200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9f5f40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", cAlternateFileName="8059E9~2")) returned 1 [0130.945] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61236ac0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61236ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3b0b01a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", cAlternateFileName="809279~1")) returned 1 [0130.945] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58394060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58394060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f739c0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", cAlternateFileName="8059E9~1")) returned 1 [0130.945] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x62378a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x62378a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9a9c80, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", cAlternateFileName="80E4BE~1")) returned 1 [0130.945] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x613675c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x613675c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69bba4a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", cAlternateFileName="803B9E~1")) returned 1 [0130.945] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x63c50fe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63c50fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb100bf40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", cAlternateFileName="803D37~1")) returned 1 [0130.945] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61021780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61021780, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb1058200, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", cAlternateFileName="8059E9~4")) returned 1 [0130.945] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x636a9ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x636a9ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb139e040, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", cAlternateFileName="800D31~1")) returned 1 [0130.945] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x581f7ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x581f7ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f4d860, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x56e, dwReserved0=0x0, dwReserved1=0x0, cFileName="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", cAlternateFileName="828298~1")) returned 1 [0130.945] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xec3c5340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec3c5340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xb16257a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", cAlternateFileName="8828F3~1")) returned 1 [0130.945] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x8064ac00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8064ac00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80670d60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", cAlternateFileName="8828F3~2")) returned 1 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6aa2c0a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6aa2c0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xadf19ae0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x59d, dwReserved0=0x0, dwReserved1=0x0, cFileName="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", cAlternateFileName="8E4E51~1")) returned 1 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbddd270, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xd2da, dwReserved0=0x0, dwReserved1=0x0, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 1 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6a83cec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a83cec0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaebe5120, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x5e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", cAlternateFileName="955CAB~1")) returned 1 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf3f73d0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf3f73d0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf3f73d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", cAlternateFileName="9BC2FF~1")) returned 1 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe06277d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe06277d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xb15d94e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x652, dwReserved0=0x0, dwReserved1=0x0, cFileName="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", cAlternateFileName="9C888B~1")) returned 1 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe07ca6f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe07ca6f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0x965accc0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x652, dwReserved0=0x0, dwReserved1=0x0, cFileName="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", cAlternateFileName="9C888B~2")) returned 1 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54bc3730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54bc3730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb11d4fc0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", cAlternateFileName="A9E4F7~1")) returned 1 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bfe570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bfe570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe9b34f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", cAlternateFileName="ACF244~1")) returned 1 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe04aaa10, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe04aaa10, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xae4e7080, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x652, dwReserved0=0x0, dwReserved1=0x0, cFileName="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", cAlternateFileName="B3BB9C~2")) returned 1 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefc01b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefc01b00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaa4ee1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x652, dwReserved0=0x0, dwReserved1=0x0, cFileName="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", cAlternateFileName="B3BB9C~1")) returned 1 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54322770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54322770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", cAlternateFileName="BC570E~2")) returned 1 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", cAlternateFileName="BC570E~1")) returned 1 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x56bb3b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x56bb3b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaeca3800, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", cAlternateFileName="C46E7B~2")) returned 1 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x682fbd00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x682fbd00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae0bca00, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", cAlternateFileName="C46E7B~3")) returned 1 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5461c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5461c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf67eb30, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x6e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", cAlternateFileName="C46E7B~1")) returned 1 [0130.946] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x728c68a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x728c68a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xae63dce0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x5ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", cAlternateFileName="D47DBD~2")) returned 1 [0130.947] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x545f6190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x545f6190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69b6e1e0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x5ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", cAlternateFileName="D47DBD~1")) returned 1 [0130.947] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x808d4a70, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x808d4a70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x808d4a70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x663, dwReserved0=0x0, dwReserved1=0x0, cFileName="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", cAlternateFileName="D52C56~1")) returned 1 [0130.947] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x683e0540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x683e0540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f015a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x64b, dwReserved0=0x0, dwReserved1=0x0, cFileName="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", cAlternateFileName="EA6180~1")) returned 1 [0130.947] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf312b90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf312b90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf312b90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x64c, dwReserved0=0x0, dwReserved1=0x0, cFileName="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", cAlternateFileName="F293AE~1")) returned 1 [0130.947] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x226, dwReserved0=0x0, dwReserved1=0x0, cFileName="F90F18257CBB4D84216AC1E1F3BB2C76", cAlternateFileName="F90F18~1")) returned 1 [0130.947] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.947] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0130.947] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0130.948] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf9eaad0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf9eaad0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf9eaad0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1d7)) returned 1 [0130.948] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bd8410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bd8410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe98d390, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x561)) returned 1 [0130.949] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf952550, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf952550, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf952550, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1d8)) returned 1 [0130.951] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0130.962] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0130.966] SetEvent (hEvent=0x12c) returned 1 [0130.966] VirtualFree (lpAddress=0xc0002f4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.966] VirtualFree (lpAddress=0xc000266000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.967] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.967] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.968] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.968] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.969] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.969] VirtualFree (lpAddress=0xc000078000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0130.970] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0130.970] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.970] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.971] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.971] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0130.972] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.972] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0130.973] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0130.973] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x4c00edb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c00edb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4c00edb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xf1d)) returned 1 [0130.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\23b523c9e7746f715d33c6527c18eb9d"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x580eb5c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x580eb5c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaedd4300, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x145)) returned 1 [0131.036] SetEvent (hEvent=0x12c) returned 1 [0131.036] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xc3791460, ftCreationTime.dwHighDateTime=0x1d2e675, ftLastAccessTime.dwLowDateTime=0xc3791460, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc3791460, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x209)) returned 1 [0131.070] SetEvent (hEvent=0x3c0) returned 1 [0131.070] VirtualAlloc (lpAddress=0xc000286000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000286000 [0131.070] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0131.071] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53fdc930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53fdc930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf16fc70, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x58b)) returned 1 [0131.087] SetEvent (hEvent=0x320) returned 1 [0131.087] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53b19d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b19d30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54583d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb68)) returned 1 [0131.135] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54537ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54537ab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae76e7e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1d7)) returned 1 [0131.157] SetEvent (hEvent=0x39c) returned 1 [0131.157] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x7295ee20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7295ee20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xadfb2060, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x680)) returned 1 [0131.174] SetEvent (hEvent=0x258) returned 1 [0131.175] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf8b9fd0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf8b9fd0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf8b9fd0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2d7)) returned 1 [0131.203] SetEvent (hEvent=0x320) returned 1 [0131.203] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf86dd10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf86dd10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf86dd10, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2d7)) returned 1 [0131.221] SetEvent (hEvent=0xc0) returned 1 [0131.221] SetEvent (hEvent=0x3c0) returned 1 [0131.221] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0131.222] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7af630, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1d7)) returned 1 [0131.240] SetEvent (hEvent=0xfc) returned 1 [0131.240] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0131.241] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0131.241] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0131.242] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\696f3de637e6de85b458996d49d759ad"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xed9b0820, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xed9b0820, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xed9b0820, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x32d)) returned 1 [0131.242] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0131.242] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf763370, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x648)) returned 1 [0131.284] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7396c420a8e1bc1da97f1af0d10bad21"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedb2d5e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedb2d5e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedb2d5e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x22a)) returned 1 [0131.309] SetEvent (hEvent=0x258) returned 1 [0131.309] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x312640, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1d7)) returned 1 [0131.328] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0131.328] SetEvent (hEvent=0x39c) returned 1 [0131.328] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0131.329] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0131.329] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0131.330] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd0e4c510, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x1fa)) returned 1 [0131.361] SetEvent (hEvent=0x320) returned 1 [0131.361] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b2324c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b2324c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b2324c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x67c)) returned 1 [0131.372] SetEvent (hEvent=0xfc) returned 1 [0131.372] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0131.372] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b199f40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b199f40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b199f40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x6e3)) returned 1 [0131.544] SetEvent (hEvent=0x3c0) returned 1 [0131.544] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0131.545] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0131.546] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_1d5a876a9113ec07224c45e5a870e3bd"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefaf7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefaf7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaec313e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3)) returned 1 [0131.587] SetEvent (hEvent=0x1b4) returned 1 [0131.587] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6056b480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6056b480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1ef687a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1cf)) returned 1 [0131.620] SetEvent (hEvent=0x320) returned 1 [0131.620] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61210960, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61210960, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaecc9960, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf)) returned 1 [0131.653] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0131.654] SetEvent (hEvent=0x148) returned 1 [0131.654] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58e24200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58e24200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9f5f40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf)) returned 1 [0131.680] SetEvent (hEvent=0x258) returned 1 [0131.680] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61236ac0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61236ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3b0b01a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1cf)) returned 1 [0131.713] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0131.713] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0131.714] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58394060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58394060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f739c0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf)) returned 1 [0131.732] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_74e943f7dab6d19e37e4854057155778"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x62378a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x62378a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9a9c80, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf)) returned 1 [0131.745] SetEvent (hEvent=0x12c) returned 1 [0131.745] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_c080da2ae431c1a7f3b0c147eeb043ed"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x613675c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x613675c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69bba4a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1cf)) returned 1 [0131.765] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0131.766] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_e907d7a04657714b5b06d18bc920971e"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x63c50fe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63c50fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb100bf40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf)) returned 1 [0131.784] SetEvent (hEvent=0x148) returned 1 [0131.784] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61021780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61021780, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb1058200, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf)) returned 1 [0131.801] SetEvent (hEvent=0x258) returned 1 [0131.801] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0131.801] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x636a9ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x636a9ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb139e040, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1cf)) returned 1 [0131.821] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x581f7ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x581f7ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f4d860, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x56e)) returned 1 [0131.837] SetEvent (hEvent=0xfc) returned 1 [0131.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xec3c5340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec3c5340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xb16257a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3)) returned 1 [0131.857] SetEvent (hEvent=0xc0) returned 1 [0131.857] SetEvent (hEvent=0x3c0) returned 1 [0131.858] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_c6ef73e4482b2588b1252d1a64b99416"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x8064ac00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8064ac00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80670d60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x6e3)) returned 1 [0131.882] SetEvent (hEvent=0x148) returned 1 [0131.882] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6aa2c0a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6aa2c0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xadf19ae0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x59d)) returned 1 [0132.012] SetEvent (hEvent=0x320) returned 1 [0132.012] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\94308059b57b3142e455b38a6eb92015"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbddd270, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xd2da)) returned 1 [0132.033] SetEvent (hEvent=0x1b4) returned 1 [0132.033] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0132.034] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\955cab6ff6a24d5820d50b5ba1cf79c7_ad9e7615297a3a83320aace5801a04f9"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6a83cec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a83cec0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaebe5120, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x5e0)) returned 1 [0132.061] SetEvent (hEvent=0x258) returned 1 [0132.061] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0132.061] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf3f73d0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf3f73d0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf3f73d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ab)) returned 1 [0132.085] SetEvent (hEvent=0xfc) returned 1 [0132.085] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe06277d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe06277d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xb15d94e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x652)) returned 1 [0132.107] SetEvent (hEvent=0x3c0) returned 1 [0132.107] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_ebc75728c6119a77e4da8559dd10f061"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe07ca6f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe07ca6f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0x965accc0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x652)) returned 1 [0132.129] SetEvent (hEvent=0x148) returned 1 [0132.129] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54bc3730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54bc3730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb11d4fc0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1d7)) returned 1 [0132.152] SetEvent (hEvent=0x320) returned 1 [0132.152] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\acf244f1a10d4dbed0d88eba0c43a9b5_ba1ab6c2bdfdf57799e8116e4002d001"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bfe570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bfe570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe9b34f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ee)) returned 1 [0132.174] SetEvent (hEvent=0x258) returned 1 [0132.174] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0132.174] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe04aaa10, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe04aaa10, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xae4e7080, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x652)) returned 1 [0132.198] SetEvent (hEvent=0x1b4) returned 1 [0132.198] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0132.199] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefc01b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefc01b00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaa4ee1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x652)) returned 1 [0132.225] SetEvent (hEvent=0xfc) returned 1 [0132.225] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0132.226] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54322770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54322770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ed)) returned 1 [0132.246] SetEvent (hEvent=0x3c0) returned 1 [0132.246] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0132.246] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_f4d449ca9e0eaccfe15946f8fcd349fc"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x5ed)) returned 1 [0132.267] SetEvent (hEvent=0x148) returned 1 [0132.267] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.268] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x56bb3b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x56bb3b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaeca3800, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3)) returned 1 [0132.288] SetEvent (hEvent=0x320) returned 1 [0132.288] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_6043fc604a395e1485af7ac16d16b7ce"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x682fbd00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x682fbd00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae0bca00, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x6e3)) returned 1 [0132.424] SetEvent (hEvent=0x258) returned 1 [0132.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5461c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5461c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf67eb30, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x6e3)) returned 1 [0132.443] SetEvent (hEvent=0xfc) returned 1 [0132.443] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x728c68a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x728c68a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xae63dce0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x5ae)) returned 1 [0132.457] SetEvent (hEvent=0x1b4) returned 1 [0132.457] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0132.458] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x545f6190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x545f6190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69b6e1e0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x5ae)) returned 1 [0132.476] SetEvent (hEvent=0x3c0) returned 1 [0132.476] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0132.477] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d52c56d8f24bec96604372afbaf264e1_e76a2b627dd019eb51d9335f24b14c2c"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x808d4a70, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x808d4a70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x808d4a70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x663)) returned 1 [0132.494] SetEvent (hEvent=0x148) returned 1 [0132.495] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.495] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x683e0540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x683e0540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f015a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x64b)) returned 1 [0132.518] SetEvent (hEvent=0x258) returned 1 [0132.518] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.518] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf312b90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf312b90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf312b90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x64c)) returned 1 [0132.537] SetEvent (hEvent=0xfc) returned 1 [0132.537] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0132.537] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0132.538] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.538] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x226)) returned 1 [0132.538] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.539] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0132.539] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata"), fInfoLevelId=0x0, lpFileInformation=0xc0001e96a0 | out: lpFileInformation=0xc0001e96a0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7000)) returned 1 [0132.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.540] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\*", lpFindFileData=0xc0001e9458 | out: lpFindFileData=0xc0001e9458*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0132.540] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xd0de60b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xd0de60b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0132.540] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf9eaad0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf9eaad0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf9eaad0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x190, dwReserved0=0x0, dwReserved1=0x0, cFileName="024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B", cAlternateFileName="024823~1")) returned 1 [0132.540] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0132.541] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0132.541] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bd8410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bd8410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe98d390, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x166, dwReserved0=0x0, dwReserved1=0x0, cFileName="0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875", cAlternateFileName="0F1583~1")) returned 1 [0132.541] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf952550, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf952550, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf952550, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x0, cFileName="1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973", cAlternateFileName="1BB09B~1")) returned 1 [0132.541] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x4c00edb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c00edb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4c00edb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10c, dwReserved0=0x0, dwReserved1=0x0, cFileName="1DAF2884EC4DFA96BA4A58D4DBC9C406", cAlternateFileName="1DAF28~1")) returned 1 [0132.541] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x580eb5c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x580eb5c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaedd4300, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x124, dwReserved0=0x0, dwReserved1=0x0, cFileName="23B523C9E7746F715D33C6527C18EB9D", cAlternateFileName="23B523~1")) returned 1 [0132.541] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xc3791460, ftCreationTime.dwHighDateTime=0x1d2e675, ftLastAccessTime.dwLowDateTime=0xc3791460, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc3791460, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="3130B1871A126520A8C47861EFE3ED4D", cAlternateFileName="3130B1~1")) returned 1 [0132.541] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53fdc930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53fdc930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf16fc70, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18a, dwReserved0=0x0, dwReserved1=0x0, cFileName="3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D", cAlternateFileName="3388EC~1")) returned 1 [0132.541] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53b19d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b19d30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54583d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x190, dwReserved0=0x0, dwReserved1=0x0, cFileName="40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1", cAlternateFileName="40E450~1")) returned 1 [0132.541] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54537ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54537ab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae76e7e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398", cAlternateFileName="4C8F84~1")) returned 1 [0132.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x7295ee20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7295ee20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xadfb2060, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x0, cFileName="4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9", cAlternateFileName="4DD397~1")) returned 1 [0132.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf8b9fd0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf8b9fd0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf8b9fd0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x0, cFileName="5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77", cAlternateFileName="5080DC~2")) returned 1 [0132.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf86dd10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf86dd10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf86dd10, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x190, dwReserved0=0x0, dwReserved1=0x0, cFileName="5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220", cAlternateFileName="5080DC~1")) returned 1 [0132.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7af630, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x0, cFileName="5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4", cAlternateFileName="5457A8~1")) returned 1 [0132.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xed9b0820, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xed9b0820, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xed9b0820, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0xf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="696F3DE637E6DE85B458996D49D759AD", cAlternateFileName="696F3D~1")) returned 1 [0132.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf763370, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x0, cFileName="705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21", cAlternateFileName="705A76~1")) returned 1 [0132.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedb2d5e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedb2d5e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedb2d5e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x100, dwReserved0=0x0, dwReserved1=0x0, cFileName="7396C420A8E1BC1DA97F1AF0D10BAD21", cAlternateFileName="7396C4~1")) returned 1 [0132.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x312640, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6", cAlternateFileName="7423F8~1")) returned 1 [0132.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd48e2bf0, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0xdc, dwReserved0=0x0, dwReserved1=0x0, cFileName="7B2238AACCEDC3F1FFE8E7EB5F575EC9", cAlternateFileName="7B2238~1")) returned 1 [0132.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b2324c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b2324c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b2324c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x0, cFileName="7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D", cAlternateFileName="7B8944~1")) returned 1 [0132.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b199f40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b199f40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b199f40, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x0, cFileName="7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6", cAlternateFileName="7D266D~2")) returned 1 [0132.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefaf7160, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefaf7160, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaec313e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x0, cFileName="7D266D9E1E69FA1EEFB9699B009B34C8_1D5A876A9113EC07224C45E5A870E3BD", cAlternateFileName="7D266D~1")) returned 1 [0132.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6056b480, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6056b480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x1ef687a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0", cAlternateFileName="8059E9~3")) returned 1 [0132.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x611ea800, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x611ea800, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaecc9960, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E", cAlternateFileName="80273C~1")) returned 1 [0132.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x58e24200, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58e24200, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9f5f40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1", cAlternateFileName="8059E9~2")) returned 1 [0132.542] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61236ac0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61236ac0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3b0b01a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E", cAlternateFileName="809279~1")) returned 1 [0132.543] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5836df00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5836df00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f739c0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4", cAlternateFileName="8059E9~1")) returned 1 [0132.543] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x62378a40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x62378a40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae9a9c80, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_74E943F7DAB6D19E37E4854057155778", cAlternateFileName="80E4BE~1")) returned 1 [0132.543] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x613675c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x613675c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69bba4a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_C080DA2AE431C1A7F3B0C147EEB043ED", cAlternateFileName="803B9E~1")) returned 1 [0132.543] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x63c50fe0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63c50fe0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb100bf40, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_E907D7A04657714B5B06D18BC920971E", cAlternateFileName="803D37~1")) returned 1 [0132.543] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x61021780, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61021780, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb1058200, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30", cAlternateFileName="8059E9~4")) returned 1 [0132.543] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x636a9ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x636a9ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb139e040, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x0, cFileName="8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB", cAlternateFileName="800D31~1")) returned 1 [0132.543] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x581f7ea0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x581f7ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f4d860, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x180, dwReserved0=0x0, dwReserved1=0x0, cFileName="828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56", cAlternateFileName="828298~1")) returned 1 [0132.543] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xec3c5340, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec3c5340, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xb16257a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x188, dwReserved0=0x0, dwReserved1=0x0, cFileName="8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F", cAlternateFileName="8828F3~1")) returned 1 [0132.543] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x8064ac00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x8064ac00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80670d60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x188, dwReserved0=0x0, dwReserved1=0x0, cFileName="8828F39C7C0CE9A14B25C7EB321181BA_C6EF73E4482B2588B1252D1A64B99416", cAlternateFileName="8828F3~2")) returned 1 [0132.543] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6aa2c0a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6aa2c0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xadf19ae0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x196, dwReserved0=0x0, dwReserved1=0x0, cFileName="8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61", cAlternateFileName="8E4E51~1")) returned 1 [0132.543] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0132.544] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbf0dd70, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x156, dwReserved0=0x0, dwReserved1=0x0, cFileName="94308059B57B3142E455B38A6EB92015", cAlternateFileName="943080~1")) returned 1 [0132.544] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6a83cec0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a83cec0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaebe5120, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x0, cFileName="955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9", cAlternateFileName="955CAB~1")) returned 1 [0132.544] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf3f73d0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf3f73d0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf3f73d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x186, dwReserved0=0x0, dwReserved1=0x0, cFileName="9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6", cAlternateFileName="9BC2FF~1")) returned 1 [0132.544] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe06277d0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe06277d0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xb15d94e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x0, cFileName="9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E", cAlternateFileName="9C888B~1")) returned 1 [0132.544] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe07ca6f0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe07ca6f0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0x965accc0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x182, dwReserved0=0x0, dwReserved1=0x0, cFileName="9C888BEABCCBC2A97B0D6D9214C3BA37_EBC75728C6119A77E4DA8559DD10F061", cAlternateFileName="9C888B~2")) returned 1 [0132.544] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54bc3730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54bc3730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb11d4fc0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450", cAlternateFileName="A9E4F7~1")) returned 1 [0132.544] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bfe570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bfe570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe9b34f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001", cAlternateFileName="ACF244~1")) returned 1 [0132.544] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xe04aaa10, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe04aaa10, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xae4e7080, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852", cAlternateFileName="B3BB9C~2")) returned 1 [0132.544] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xefc01b00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xefc01b00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xaa4ee1e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8", cAlternateFileName="B3BB9C~1")) returned 1 [0132.544] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54322770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54322770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x204, dwReserved0=0x0, dwReserved1=0x0, cFileName="BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150", cAlternateFileName="BC570E~2")) returned 1 [0132.545] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf019010, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x204, dwReserved0=0x0, dwReserved1=0x0, cFileName="BC570EC0DE58335AFAF92FDC8E3AA330_F4D449CA9E0EACCFE15946F8FCD349FC", cAlternateFileName="BC570E~1")) returned 1 [0132.545] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x56bb3b80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x56bb3b80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaeca3800, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873", cAlternateFileName="C46E7B~2")) returned 1 [0132.545] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x682fbd00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x682fbd00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae0bca00, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x0, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE", cAlternateFileName="C46E7B~3")) returned 1 [0132.545] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5461c2f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5461c2f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf67eb30, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x0, cFileName="C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF", cAlternateFileName="C46E7B~1")) returned 1 [0132.545] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x728c68a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x728c68a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xae63dce0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x194, dwReserved0=0x0, dwReserved1=0x0, cFileName="D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC", cAlternateFileName="D47DBD~2")) returned 1 [0132.545] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x545f6190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x545f6190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69b6e1e0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x198, dwReserved0=0x0, dwReserved1=0x0, cFileName="D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE", cAlternateFileName="D47DBD~1")) returned 1 [0132.545] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x808d4a70, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x808d4a70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x808d4a70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x1a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="D52C56D8F24BEC96604372AFBAF264E1_E76A2B627DD019EB51D9335F24B14C2C", cAlternateFileName="D52C56~1")) returned 1 [0132.545] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x683e0540, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x683e0540, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xb0f015a0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x18e, dwReserved0=0x0, dwReserved1=0x0, cFileName="EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585", cAlternateFileName="EA6180~1")) returned 1 [0132.545] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf312b90, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf312b90, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf312b90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1", cAlternateFileName="F293AE~1")) returned 1 [0132.545] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0xfc, dwReserved0=0x0, dwReserved1=0x0, cFileName="F90F18257CBB4D84216AC1E1F3BB2C76", cAlternateFileName="F90F18~1")) returned 1 [0132.545] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0132.545] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0132.546] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0132.546] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf9eaad0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf9eaad0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf9eaad0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x190)) returned 1 [0132.547] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53bd8410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53bd8410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbe98d390, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x166)) returned 1 [0132.547] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf952550, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf952550, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf952550, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x194)) returned 1 [0132.548] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x4c00edb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4c00edb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4c00edb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10c)) returned 1 [0132.549] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\23B523C9E7746F715D33C6527C18EB9D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\23b523c9e7746f715d33c6527c18eb9d"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x580eb5c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x580eb5c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xaedd4300, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x124)) returned 1 [0132.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xc3791460, ftCreationTime.dwHighDateTime=0x1d2e675, ftLastAccessTime.dwLowDateTime=0xc3791460, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc3791460, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0xdc)) returned 1 [0132.551] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53fdc930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53fdc930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbf16fc70, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18a)) returned 1 [0132.551] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x53b19d30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b19d30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54583d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x190)) returned 1 [0132.552] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x54537ab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54537ab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xae76e7e0, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x1ae)) returned 1 [0132.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x7295ee20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x7295ee20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xadfb2060, ftLastWriteTime.dwHighDateTime=0x1d2e675, nFileSizeHigh=0x0, nFileSizeLow=0x194)) returned 1 [0132.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf8b9fd0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf8b9fd0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf8b9fd0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x194)) returned 1 [0132.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf86dd10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf86dd10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf86dd10, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x190)) returned 1 [0132.555] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7af630, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18e)) returned 1 [0132.563] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0132.623] SetEvent (hEvent=0x258) returned 1 [0132.623] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0132.624] SetEvent (hEvent=0x1b4) returned 1 [0132.624] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0132.805] SetEvent (hEvent=0x258) returned 1 [0132.805] GetFileType (hFile=0x2bc) returned 0x1 [0132.805] GetFileType (hFile=0x2bc) returned 0x1 [0132.805] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000243d44 | out: lpFileInformation=0xc000243d44) returned 1 [0132.805] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000243d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000243d28) returned 1 [0132.805] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0132.806] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000126000, nNumberOfBytesToRead=0x30c, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc000126000*, lpNumberOfBytesRead=0xc000243c04*=0x10c, lpOverlapped=0x0) returned 1 [0132.807] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00012610c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc00012610c*, lpNumberOfBytesRead=0xc000243c04*=0x0, lpOverlapped=0x0) returned 1 [0132.807] CloseHandle (hObject=0x2bc) returned 1 [0132.807] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0132.808] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0132.809] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.879] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1DAF2884EC4DFA96BA4A58D4DBC9C406\\*", lpFindFileData=0xc000243a08 | out: lpFindFileData=0xc000243a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.879] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000243720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.879] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0132.879] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0132.880] SetEvent (hEvent=0x3c8) returned 1 [0132.880] SetEvent (hEvent=0x39c) returned 1 [0132.880] VirtualFree (lpAddress=0xc0002be000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.881] VirtualFree (lpAddress=0xc0002b8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.881] VirtualFree (lpAddress=0xc0002ac000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.882] VirtualFree (lpAddress=0xc00025c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.882] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.882] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.883] VirtualFree (lpAddress=0xc000230000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.883] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.884] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.884] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.884] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.884] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.885] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.885] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.886] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.886] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0132.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0132.886] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc00015bd64 | out: lpMode=0xc00015bd64) returned 0 [0132.888] GetFileType (hFile=0x2c4) returned 0x1 [0132.888] WriteFile (in: hFile=0x2c4, lpBuffer=0xc0001682c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001682c0*, lpNumberOfBytesWritten=0xc00015bd4c*=0x158, lpOverlapped=0x0) returned 1 [0132.888] CloseHandle (hObject=0x2c4) returned 1 [0132.890] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwFlags=0x1) returned 1 [0133.045] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.052] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.052] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0133.052] SetEvent (hEvent=0xc0) returned 1 [0133.052] SetEvent (hEvent=0x12c) returned 1 [0133.052] SetEvent (hEvent=0x1b4) returned 1 [0133.053] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0133.054] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.057] SetEvent (hEvent=0x1b4) returned 1 [0133.057] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.060] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.061] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0133.061] SetEvent (hEvent=0x12c) returned 1 [0133.062] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.067] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.067] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0133.068] SetEvent (hEvent=0x3c0) returned 1 [0133.068] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.069] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.073] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0133.074] SetEvent (hEvent=0x24c) returned 1 [0133.074] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.077] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.078] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0133.078] SetEvent (hEvent=0x1b4) returned 1 [0133.078] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.080] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.178] SwitchToThread () returned 1 [0133.178] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.179] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0133.179] SetEvent (hEvent=0xc0) returned 1 [0133.179] SetEvent (hEvent=0x1b4) returned 1 [0133.180] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.183] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.183] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0133.183] SetEvent (hEvent=0xc0) returned 1 [0133.184] SetEvent (hEvent=0x24c) returned 1 [0133.184] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.185] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.187] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0133.187] SetEvent (hEvent=0x24c) returned 1 [0133.188] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.286] SwitchToThread () returned 1 [0133.293] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.299] SetEvent (hEvent=0x354) returned 1 [0133.299] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.300] SetEvent (hEvent=0x354) returned 1 [0133.300] SetEvent (hEvent=0x24c) returned 1 [0133.301] VirtualFree (lpAddress=0xc0002ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.301] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.301] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000159818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc000159818*=0x2) returned 1 [0133.303] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.306] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.309] SetEvent (hEvent=0xec) returned 1 [0133.309] SetEvent (hEvent=0x24c) returned 1 [0133.309] SwitchToThread () returned 1 [0133.409] SetEvent (hEvent=0xec) returned 1 [0133.409] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.412] SwitchToThread () returned 1 [0133.414] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.420] SetEvent (hEvent=0xec) returned 1 [0133.421] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.422] SetEvent (hEvent=0xec) returned 1 [0133.422] SetEvent (hEvent=0xfc) returned 1 [0133.422] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.441] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.448] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.461] SetEvent (hEvent=0x39c) returned 1 [0133.462] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.465] SetEvent (hEvent=0x39c) returned 1 [0133.465] SetEvent (hEvent=0x334) returned 1 [0133.466] VirtualFree (lpAddress=0xc0002ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.466] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.466] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d9818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc0002d9818*=0x2) returned 1 [0133.467] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.474] SetEvent (hEvent=0x334) returned 1 [0133.474] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0133.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0133.476] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001fbcf4 | out: lpMode=0xc0001fbcf4) returned 0 [0133.476] GetFileType (hFile=0x1b0) returned 0x1 [0133.476] GetFileType (hFile=0x1b0) returned 0x1 [0133.476] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0001fbd44 | out: lpFileInformation=0xc0001fbd44) returned 1 [0133.476] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0001fbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fbd28) returned 1 [0133.476] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000ee400, nNumberOfBytesToRead=0x386, lpNumberOfBytesRead=0xc0001fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee400*, lpNumberOfBytesRead=0xc0001fbc04*=0x186, lpOverlapped=0x0) returned 1 [0133.477] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000ee586, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ee586*, lpNumberOfBytesRead=0xc0001fbc04*=0x0, lpOverlapped=0x0) returned 1 [0133.477] CloseHandle (hObject=0x1b0) returned 1 [0133.477] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.485] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0133.486] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E\\*", lpFindFileData=0xc0001fba08 | out: lpFindFileData=0xc0001fba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.486] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001fb720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.486] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0001fb808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0001fb808*=0xad) returned 1 [0133.488] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0133.488] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.488] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0133.489] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0133.489] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0001fbd64 | out: lpMode=0xc0001fbd64) returned 0 [0133.490] GetFileType (hFile=0x2f4) returned 0x1 [0133.490] WriteFile (in: hFile=0x2f4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001fbd4c*=0x158, lpOverlapped=0x0) returned 1 [0133.490] CloseHandle (hObject=0x2f4) returned 1 [0133.491] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-8059E9A0D314877E40FE93D8CCFB3C69_294110D6990EE392327F8A606D55BC1E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-8059e9a0d314877e40fe93d8ccfb3c69_294110d6990ee392327f8a606d55bc1e"), dwFlags=0x1) returned 1 [0133.517] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0133.518] SetEvent (hEvent=0x1a0) returned 1 [0133.518] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0133.519] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.525] SetEvent (hEvent=0x30c) returned 1 [0133.525] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.531] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0133.531] SetEvent (hEvent=0x30c) returned 1 [0133.532] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.534] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.550] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.561] SetEvent (hEvent=0x39c) returned 1 [0133.561] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.564] SetEvent (hEvent=0x39c) returned 1 [0133.564] SetEvent (hEvent=0x334) returned 1 [0133.564] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.565] VirtualFree (lpAddress=0xc00006a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0133.565] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000243818, lpReserved=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfCharsWritten=0xc000243818*=0x2) returned 1 [0133.566] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.571] SetEvent (hEvent=0x1a0) returned 1 [0133.571] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.573] SetEvent (hEvent=0x1a0) returned 1 [0133.573] VirtualFree (lpAddress=0xc0002f4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.574] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.574] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.574] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.575] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.575] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e028*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d9818, lpReserved=0x0 | out: lpBuffer=0xc00005e028*, lpNumberOfCharsWritten=0xc0002d9818*=0x2) returned 1 [0133.598] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.631] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.636] SetEvent (hEvent=0x30c) returned 1 [0133.636] SetEvent (hEvent=0x39c) returned 1 [0133.636] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.636] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.637] VirtualFree (lpAddress=0xc000074000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0133.637] VirtualFree (lpAddress=0xc00006a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0133.638] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001fb818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc0001fb818*=0x2) returned 1 [0133.639] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.647] SetEvent (hEvent=0xec) returned 1 [0133.647] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0133.648] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0133.649] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc00026fcf4 | out: lpMode=0xc00026fcf4) returned 0 [0133.652] GetFileType (hFile=0x2f0) returned 0x1 [0133.652] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0133.652] GetFileType (hFile=0x2f0) returned 0x1 [0133.653] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc00026fd44 | out: lpFileInformation=0xc00026fd44) returned 1 [0133.653] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc00026fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026fd28) returned 1 [0133.653] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0133.653] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0133.654] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00006e000, nNumberOfBytesToRead=0x386, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesRead=0xc00026fc04*=0x186, lpOverlapped=0x0) returned 1 [0133.655] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00006e186, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e186*, lpNumberOfBytesRead=0xc00026fc04*=0x0, lpOverlapped=0x0) returned 1 [0133.655] CloseHandle (hObject=0x2f0) returned 1 [0133.655] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0133.656] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0133.657] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.661] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB\\*", lpFindFileData=0xc00026fa08 | out: lpFindFileData=0xc00026fa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.662] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00026f720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.662] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d66e0*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc00026f808, lpReserved=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfCharsWritten=0xc00026f808*=0xad) returned 1 [0133.664] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0133.664] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0133.664] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00026fd64 | out: lpMode=0xc00026fd64) returned 0 [0133.665] GetFileType (hFile=0x2cc) returned 0x1 [0133.665] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc00026fd4c*=0x158, lpOverlapped=0x0) returned 1 [0133.666] CloseHandle (hObject=0x2cc) returned 1 [0133.666] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-8059E9A0D314877E40FE93D8CCFB3C69_F6E15778DC8E326895C606FBFA0392EB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-8059e9a0d314877e40fe93d8ccfb3c69_f6e15778dc8e326895c606fbfa0392eb"), dwFlags=0x1) returned 1 [0133.709] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.710] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0133.710] SetEvent (hEvent=0xec) returned 1 [0133.710] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.713] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.715] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.715] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.716] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0133.716] SetEvent (hEvent=0xc0) returned 1 [0133.716] SetEvent (hEvent=0x1a0) returned 1 [0133.716] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.717] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.718] VirtualFree (lpAddress=0xc000074000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.718] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.718] VirtualFree (lpAddress=0xc00004c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0133.719] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00026f818, lpReserved=0x0 | out: lpBuffer=0xc00005e008*, lpNumberOfCharsWritten=0xc00026f818*=0x2) returned 1 [0133.724] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.728] SetEvent (hEvent=0x39c) returned 1 [0133.728] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.733] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0133.734] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0133.734] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0133.735] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc00026fcf4 | out: lpMode=0xc00026fcf4) returned 0 [0133.738] GetFileType (hFile=0x2f0) returned 0x1 [0133.738] GetFileType (hFile=0x2f0) returned 0x1 [0133.738] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc00026fd44 | out: lpFileInformation=0xc00026fd44) returned 1 [0133.738] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc00026fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026fd28) returned 1 [0133.738] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0133.739] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00005c000, nNumberOfBytesToRead=0x396, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesRead=0xc00026fc04*=0x196, lpOverlapped=0x0) returned 1 [0133.740] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00005c196, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005c196*, lpNumberOfBytesRead=0xc00026fc04*=0x0, lpOverlapped=0x0) returned 1 [0133.740] CloseHandle (hObject=0x2f0) returned 1 [0133.740] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0133.741] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.746] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61\\*", lpFindFileData=0xc00026fa08 | out: lpFindFileData=0xc00026fa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.746] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00026f720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.746] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6b00*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc00026f808, lpReserved=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfCharsWritten=0xc00026f808*=0xad) returned 1 [0133.748] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0133.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0133.748] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc00026fd64 | out: lpMode=0xc00026fd64) returned 0 [0133.749] GetFileType (hFile=0x2f0) returned 0x1 [0133.749] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc00026fd4c*=0x158, lpOverlapped=0x0) returned 1 [0133.750] CloseHandle (hObject=0x2f0) returned 1 [0133.752] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwFlags=0x1) returned 1 [0133.808] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0133.809] SetEvent (hEvent=0xec) returned 1 [0133.809] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0133.810] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.811] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0133.811] SetEvent (hEvent=0xec) returned 1 [0133.811] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.815] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.837] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.848] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.852] SetEvent (hEvent=0x30c) returned 1 [0133.852] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.853] SetEvent (hEvent=0x30c) returned 1 [0133.853] SetEvent (hEvent=0x334) returned 1 [0133.853] VirtualFree (lpAddress=0xc00004c000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0133.854] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.854] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000279818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc000279818*=0x2) returned 1 [0133.856] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.864] SetEvent (hEvent=0x30c) returned 1 [0133.864] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0133.864] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0133.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0133.866] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001f5cf4 | out: lpMode=0xc0001f5cf4) returned 0 [0133.867] GetFileType (hFile=0x2cc) returned 0x1 [0133.867] GetFileType (hFile=0x2cc) returned 0x1 [0133.867] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc0001f5d44 | out: lpFileInformation=0xc0001f5d44) returned 1 [0133.867] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc0001f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f5d28) returned 1 [0133.868] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0133.868] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00007e000, nNumberOfBytesToRead=0x3ae, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesRead=0xc0001f5c04*=0x1ae, lpOverlapped=0x0) returned 1 [0133.869] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00007e1ae, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e1ae*, lpNumberOfBytesRead=0xc0001f5c04*=0x0, lpOverlapped=0x0) returned 1 [0133.869] CloseHandle (hObject=0x2cc) returned 1 [0133.869] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0133.870] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0133.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.881] SetEvent (hEvent=0xc0) returned 1 [0133.881] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0133.881] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450\\*", lpFindFileData=0xc0001f5a08 | out: lpFindFileData=0xc0001f5a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.882] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001f5720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.882] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0001f5808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0001f5808*=0xad) returned 1 [0133.883] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0133.884] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.884] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0133.885] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0133.885] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001f5d64 | out: lpMode=0xc0001f5d64) returned 0 [0133.885] GetFileType (hFile=0x2cc) returned 0x1 [0133.885] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.886] CloseHandle (hObject=0x2cc) returned 1 [0133.886] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwFlags=0x1) returned 1 [0133.938] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0133.938] SetEvent (hEvent=0x1a0) returned 1 [0133.938] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0133.940] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.941] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.941] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0133.941] SetEvent (hEvent=0x1a0) returned 1 [0133.941] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.945] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.987] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0133.996] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.000] SetEvent (hEvent=0x334) returned 1 [0134.000] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.001] SetEvent (hEvent=0x334) returned 1 [0134.001] SetEvent (hEvent=0x30c) returned 1 [0134.001] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.002] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.002] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.003] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.003] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000159818, lpReserved=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfCharsWritten=0xc000159818*=0x2) returned 1 [0134.004] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.011] SetEvent (hEvent=0x30c) returned 1 [0134.011] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0134.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0134.013] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000159cf4 | out: lpMode=0xc000159cf4) returned 0 [0134.014] GetFileType (hFile=0x2cc) returned 0x1 [0134.014] GetFileType (hFile=0x2cc) returned 0x1 [0134.014] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc000159d44 | out: lpFileInformation=0xc000159d44) returned 1 [0134.014] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc000159d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000159d28) returned 1 [0134.014] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0134.015] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x392, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc000159c04*=0x192, lpOverlapped=0x0) returned 1 [0134.016] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00004c192, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c192*, lpNumberOfBytesRead=0xc000159c04*=0x0, lpOverlapped=0x0) returned 1 [0134.016] CloseHandle (hObject=0x2cc) returned 1 [0134.016] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0134.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.026] SetEvent (hEvent=0xc0) returned 1 [0134.026] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0134.027] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873\\*", lpFindFileData=0xc000159a08 | out: lpFindFileData=0xc000159a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0134.027] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000159720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0134.027] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc000159808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000159808*=0xad) returned 1 [0134.029] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0134.030] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0134.030] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0134.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0134.031] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000159d64 | out: lpMode=0xc000159d64) returned 0 [0134.031] GetFileType (hFile=0x2cc) returned 0x1 [0134.031] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000159d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000159d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.031] CloseHandle (hObject=0x2cc) returned 1 [0134.032] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwFlags=0x1) returned 1 [0134.080] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0134.080] SetEvent (hEvent=0x1a0) returned 1 [0134.081] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.082] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0134.082] SetEvent (hEvent=0x1a0) returned 1 [0134.082] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.087] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.110] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.120] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.126] SetEvent (hEvent=0x334) returned 1 [0134.126] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.127] SetEvent (hEvent=0x334) returned 1 [0134.127] SetEvent (hEvent=0x30c) returned 1 [0134.127] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.128] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.128] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.128] VirtualFree (lpAddress=0xc000074000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.129] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.129] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.130] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.130] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.130] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0000c1818, lpReserved=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfCharsWritten=0xc0000c1818*=0x2) returned 1 [0134.132] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.139] SetEvent (hEvent=0x30c) returned 1 [0134.139] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0134.140] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0134.141] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0134.142] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001f9cf4 | out: lpMode=0xc0001f9cf4) returned 0 [0134.143] GetFileType (hFile=0x2cc) returned 0x1 [0134.143] GetFileType (hFile=0x2cc) returned 0x1 [0134.143] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc0001f9d44 | out: lpFileInformation=0xc0001f9d44) returned 1 [0134.143] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc0001f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f9d28) returned 1 [0134.143] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0134.144] ReadFile (in: hFile=0x2cc, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x38e, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc0001f9c04*=0x18e, lpOverlapped=0x0) returned 1 [0134.145] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00003618e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003618e*, lpNumberOfBytesRead=0xc0001f9c04*=0x0, lpOverlapped=0x0) returned 1 [0134.145] CloseHandle (hObject=0x2cc) returned 1 [0134.145] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0134.146] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0134.147] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.155] SetEvent (hEvent=0xc0) returned 1 [0134.156] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0134.157] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585\\*", lpFindFileData=0xc0001f9a08 | out: lpFindFileData=0xc0001f9a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0134.157] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001f9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0134.157] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0001f9808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0001f9808*=0xad) returned 1 [0134.158] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0134.159] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0134.159] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001f9d64 | out: lpMode=0xc0001f9d64) returned 0 [0134.159] GetFileType (hFile=0x2cc) returned 0x1 [0134.159] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.160] CloseHandle (hObject=0x2cc) returned 1 [0134.160] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-EA618097E393409AFA316F0F87E2C202_827C1B837652B048C4C84237D0838585" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-ea618097e393409afa316f0f87e2c202_827c1b837652b048c4c84237d0838585"), dwFlags=0x1) returned 1 [0134.283] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.310] SetEvent (hEvent=0x39c) returned 1 [0134.310] SwitchToThread () returned 1 [0134.311] SetEvent (hEvent=0x39c) returned 1 [0134.311] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.312] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000ba000*, nNumberOfCharsToWrite=0x76, lpNumberOfCharsWritten=0xc000115808, lpReserved=0x0 | out: lpBuffer=0xc0000ba000*, lpNumberOfCharsWritten=0xc000115808*=0x76) returned 1 [0134.322] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0134.323] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0134.323] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0134.324] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0134.324] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0134.325] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000115d64 | out: lpMode=0xc000115d64) returned 0 [0134.326] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.334] SwitchToThread () returned 1 [0134.334] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.335] SetEvent (hEvent=0x39c) returned 1 [0134.335] SetEvent (hEvent=0x334) returned 1 [0134.335] VirtualFree (lpAddress=0xc000212000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0134.336] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.336] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.337] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.337] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0134.338] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.338] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.338] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.339] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.339] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.339] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.340] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00020b818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc00020b818*=0x2) returned 1 [0134.341] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.343] SetEvent (hEvent=0x39c) returned 1 [0134.343] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010088*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001f9818, lpReserved=0x0 | out: lpBuffer=0xc000010088*, lpNumberOfCharsWritten=0xc0001f9818*=0x2) returned 1 [0134.344] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001cb818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc0001cb818*=0x2) returned 1 [0134.361] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0134.362] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0004*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000177818, lpReserved=0x0 | out: lpBuffer=0xc0000a0004*, lpNumberOfCharsWritten=0xc000177818*=0x2) returned 1 [0134.364] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.400] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.525] SetEvent (hEvent=0x39c) returned 1 [0134.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0S06kHtuWg41.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\0s06khtuwg41.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0134.526] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001cbcf4 | out: lpMode=0xc0001cbcf4) returned 0 [0134.531] GetFileType (hFile=0x1ec) returned 0x1 [0134.531] GetFileType (hFile=0x1ec) returned 0x1 [0134.532] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc0001cbd44 | out: lpFileInformation=0xc0001cbd44) returned 1 [0134.532] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc0001cbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cbd28) returned 1 [0134.532] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0134.535] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x654a, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0001cbc04*=0x634a, lpOverlapped=0x0) returned 1 [0134.536] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0002aa34a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002aa34a*, lpNumberOfBytesRead=0xc0001cbc04*=0x0, lpOverlapped=0x0) returned 1 [0134.536] CloseHandle (hObject=0x1ec) returned 1 [0134.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0S06kHtuWg41.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\0s06khtuwg41.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0134.538] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001cbd04 | out: lpMode=0xc0001cbd04) returned 0 [0134.550] GetFileType (hFile=0x1ec) returned 0x1 [0134.550] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0002aaa80*, nNumberOfBytesToWrite=0x6350, lpNumberOfBytesWritten=0xc0001cbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002aaa80*, lpNumberOfBytesWritten=0xc0001cbcec*=0x6350, lpOverlapped=0x0) returned 1 [0134.552] CloseHandle (hObject=0x1ec) returned 1 [0134.552] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000b01 | out: pbBuffer=0xc000000b01) returned 1 [0134.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0S06kHtuWg41.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\0s06khtuwg41.doc"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0134.552] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001cbd64 | out: lpMode=0xc0001cbd64) returned 0 [0134.554] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.564] GetFileType (hFile=0x1ec) returned 0x1 [0134.564] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0001cbd4c*=0x158, lpOverlapped=0x0) returned 1 [0134.564] CloseHandle (hObject=0x1ec) returned 1 [0134.565] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0S06kHtuWg41.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\0s06khtuwg41.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-0S06kHtuWg41.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-0s06khtuwg41.doc"), dwFlags=0x1) returned 1 [0134.566] VirtualFree (lpAddress=0xc00058e000, dwSize=0x90000, dwFreeType=0x4000) returned 1 [0134.569] VirtualFree (lpAddress=0xc000400000, dwSize=0x8e000, dwFreeType=0x4000) returned 1 [0134.573] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.573] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0134.574] VirtualFree (lpAddress=0xc000212000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0134.575] VirtualFree (lpAddress=0xc000202000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.575] VirtualFree (lpAddress=0xc0001a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.576] VirtualFree (lpAddress=0xc000198000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.576] VirtualFree (lpAddress=0xc00010e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.577] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.577] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.577] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.577] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0134.578] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.578] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.579] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.579] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.579] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.598] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.599] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.599] VirtualFree (lpAddress=0xc000074000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.599] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.600] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.601] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.601] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.601] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.602] VirtualFree (lpAddress=0xc00004e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.602] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.602] SetEvent (hEvent=0xfc) returned 1 [0134.603] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.605] SetEvent (hEvent=0x334) returned 1 [0134.605] SetEvent (hEvent=0xfc) returned 1 [0134.605] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.620] SetEvent (hEvent=0x334) returned 1 [0134.620] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0134.621] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.621] VirtualFree (lpAddress=0xc000110000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.621] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.622] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.622] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.622] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.622] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.623] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.623] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.624] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.624] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0134.625] SetEvent (hEvent=0xfc) returned 1 [0134.625] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.655] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.797] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0134.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0134.799] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0000c7cf4 | out: lpMode=0xc0000c7cf4) returned 0 [0134.807] GetFileType (hFile=0x2f4) returned 0x1 [0134.807] GetFileType (hFile=0x2f4) returned 0x1 [0134.807] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc0000c7d44 | out: lpFileInformation=0xc0000c7d44) returned 1 [0134.807] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc0000c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c7d28) returned 1 [0134.807] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0134.808] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0001b6000, nNumberOfBytesToRead=0x20a, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b6000*, lpNumberOfBytesRead=0xc0000c7c04*=0xa, lpOverlapped=0x0) returned 1 [0134.809] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0001b600a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b600a*, lpNumberOfBytesRead=0xc0000c7c04*=0x0, lpOverlapped=0x0) returned 1 [0134.809] CloseHandle (hObject=0x2f4) returned 1 [0134.809] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0134.810] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0134.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0134.811] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0000c7d04 | out: lpMode=0xc0000c7d04) returned 0 [0134.814] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.818] SetEvent (hEvent=0xec) returned 1 [0134.818] GetFileType (hFile=0x2f4) returned 0x1 [0134.818] WriteFile (in: hFile=0x2f4, lpBuffer=0xc000010120*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0000c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000010120*, lpNumberOfBytesWritten=0xc0000c7cec*=0x10, lpOverlapped=0x0) returned 1 [0134.819] CloseHandle (hObject=0x2f4) returned 1 [0134.819] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0134.819] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0134.820] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0134.820] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0134.820] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0000c7d64 | out: lpMode=0xc0000c7d64) returned 0 [0134.823] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.825] GetFileType (hFile=0x2f4) returned 0x1 [0134.825] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.844] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.854] SetEvent (hEvent=0xfc) returned 1 [0134.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5EsJq5j.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5esjq5j.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0134.854] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00026fcf4 | out: lpMode=0xc00026fcf4) returned 0 [0134.875] GetFileType (hFile=0x1b0) returned 0x1 [0134.875] GetFileType (hFile=0x1b0) returned 0x1 [0134.875] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00026fd44 | out: lpFileInformation=0xc00026fd44) returned 1 [0134.875] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00026fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026fd28) returned 1 [0134.875] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0134.876] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0134.877] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0xe024, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc00026fc04*=0xde24, lpOverlapped=0x0) returned 1 [0134.879] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0002b1e24, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b1e24*, lpNumberOfBytesRead=0xc00026fc04*=0x0, lpOverlapped=0x0) returned 1 [0134.879] CloseHandle (hObject=0x1b0) returned 1 [0134.879] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0134.879] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0134.880] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0134.881] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5EsJq5j.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5esjq5j.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0134.883] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00026fd04 | out: lpMode=0xc00026fd04) returned 0 [0134.891] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.894] SetEvent (hEvent=0xfc) returned 1 [0134.894] GetFileType (hFile=0x1b0) returned 0x1 [0134.894] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0002b4000*, nNumberOfBytesToWrite=0xde30, lpNumberOfBytesWritten=0xc00026fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b4000*, lpNumberOfBytesWritten=0xc00026fcec*=0xde30, lpOverlapped=0x0) returned 1 [0134.896] CloseHandle (hObject=0x1b0) returned 1 [0134.896] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0134.896] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0134.897] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0134.897] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0134.897] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0134.898] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0134.898] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0134.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5EsJq5j.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5esjq5j.bmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0134.899] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00026fd64 | out: lpMode=0xc00026fd64) returned 0 [0134.903] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.905] GetFileType (hFile=0x1b0) returned 0x1 [0134.905] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.917] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00026fd4c*=0x158, lpOverlapped=0x0) returned 1 [0134.917] CloseHandle (hObject=0x1b0) returned 1 [0134.917] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5EsJq5j.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5esjq5j.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-5EsJq5j.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-5esjq5j.bmp"), dwFlags=0x1) returned 1 [0134.918] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.924] SetEvent (hEvent=0x114) returned 1 [0134.924] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.925] SetEvent (hEvent=0xfc) returned 1 [0134.925] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.930] SwitchToThread () returned 1 [0134.933] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.940] SetEvent (hEvent=0x114) returned 1 [0134.940] SetEvent (hEvent=0x334) returned 1 [0134.940] WriteFile (in: hFile=0x2f4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0000c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.940] CloseHandle (hObject=0x2f4) returned 1 [0134.940] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0134.941] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0134.942] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0134.942] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0134.943] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\encry-glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\encry-glob.settings.js"), dwFlags=0x1) returned 1 [0134.944] GetFileType (hFile=0x2cc) returned 0x1 [0134.944] GetFileType (hFile=0x2cc) returned 0x1 [0134.944] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc000141d44 | out: lpFileInformation=0xc000141d44) returned 1 [0134.944] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc000141d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000141d28) returned 1 [0134.944] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0134.946] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00006e000, nNumberOfBytesToRead=0x9547, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesRead=0xc000141c04*=0x9347, lpOverlapped=0x0) returned 1 [0134.948] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.950] ReadFile (in: hFile=0x2cc, lpBuffer=0xc000077347, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc000077347*, lpNumberOfBytesRead=0xc000141c04*=0x0, lpOverlapped=0x0) returned 1 [0134.950] CloseHandle (hObject=0x2cc) returned 1 [0134.950] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0134.951] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0134.952] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0134.953] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000141d04 | out: lpMode=0xc000141d04) returned 0 [0134.954] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0134.955] SetEvent (hEvent=0x114) returned 1 [0134.955] GetFileType (hFile=0x2cc) returned 0x1 [0134.955] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0135.174] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0135.272] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2cc9f968, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2cc9f968*=0x1b0) returned 1 [0135.272] SuspendThread (hThread=0x1b0) returned 0x0 [0135.272] GetThreadContext (in: hThread=0x1b0, lpContext=0x2cc9f980 | out: lpContext=0x2cc9f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fe68, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x461683, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0135.273] ResumeThread (hThread=0x1b0) returned 0x1 [0135.273] CloseHandle (hObject=0x1b0) returned 1 [0135.273] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0135.369] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2cc9f968, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2cc9f968*=0x1b0) returned 1 [0135.369] SuspendThread (hThread=0x1b0) returned 0x0 [0135.369] GetThreadContext (in: hThread=0x1b0, lpContext=0x2cc9f980 | out: lpContext=0x2cc9f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fe68, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x461683, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0135.369] ResumeThread (hThread=0x1b0) returned 0x1 [0135.369] CloseHandle (hObject=0x1b0) returned 1 [0135.369] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0135.478] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2cc9f968, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2cc9f968*=0x1b0) returned 1 [0135.478] SuspendThread (hThread=0x1b0) returned 0x0 [0135.478] GetThreadContext (in: hThread=0x1b0, lpContext=0x2cc9f980 | out: lpContext=0x2cc9f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fe68, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x461683, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0135.478] ResumeThread (hThread=0x1b0) returned 0x1 [0135.478] CloseHandle (hObject=0x1b0) returned 1 [0135.479] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0135.608] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2cc9f968, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2cc9f968*=0x1b0) returned 1 [0135.608] SuspendThread (hThread=0x1b0) returned 0x0 [0135.608] GetThreadContext (in: hThread=0x1b0, lpContext=0x2cc9f980 | out: lpContext=0x2cc9f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fe68, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x461683, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0135.608] ResumeThread (hThread=0x1b0) returned 0x1 [0135.608] CloseHandle (hObject=0x1b0) returned 1 [0135.608] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0135.634] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0135.634] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0135.634] SetEvent (hEvent=0xc0) returned 1 [0135.634] SetEvent (hEvent=0x114) returned 1 [0135.634] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0135.635] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0001e2000*, nNumberOfBytesToWrite=0x9350, lpNumberOfBytesWritten=0xc000141cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesWritten=0xc000141cec*=0x9350, lpOverlapped=0x0) returned 1 [0135.637] CloseHandle (hObject=0x2cc) returned 1 [0135.637] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0135.638] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0135.638] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0135.638] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0135.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0135.639] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000141d64 | out: lpMode=0xc000141d64) returned 0 [0135.640] GetFileType (hFile=0x2cc) returned 0x1 [0135.640] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0135.640] WriteFile (in: hFile=0x2cc, lpBuffer=0xc00027c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000141d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesWritten=0xc000141d4c*=0x158, lpOverlapped=0x0) returned 1 [0135.641] CloseHandle (hObject=0x2cc) returned 1 [0135.641] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0135.641] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0135.642] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0135.642] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0135.643] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\encry-A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\encry-a9b8213768adc68af64fcc6409e8be414726687f.crl"), dwFlags=0x1) returned 1 [0135.644] SetEvent (hEvent=0xfc) returned 1 [0135.644] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0135.666] SetEvent (hEvent=0xfc) returned 1 [0135.666] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0135.681] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0135.681] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DBF8dAOE1.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dbf8daoe1.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0135.682] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0000c1cf4 | out: lpMode=0xc0000c1cf4) returned 0 [0135.682] GetFileType (hFile=0x2f0) returned 0x1 [0135.682] GetFileType (hFile=0x2f0) returned 0x1 [0135.682] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0000c1d44 | out: lpFileInformation=0xc0000c1d44) returned 1 [0135.682] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0000c1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c1d28) returned 1 [0135.682] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0135.683] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0x3960, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc0000c1c04*=0x3760, lpOverlapped=0x0) returned 1 [0135.684] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00006d760, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006d760*, lpNumberOfBytesRead=0xc0000c1c04*=0x0, lpOverlapped=0x0) returned 1 [0135.684] CloseHandle (hObject=0x2f0) returned 1 [0135.684] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0135.685] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DBF8dAOE1.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dbf8daoe1.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0135.686] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0000c1d04 | out: lpMode=0xc0000c1d04) returned 0 [0135.686] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0135.733] GetFileType (hFile=0x2f0) returned 0x1 [0135.733] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0001e2000*, nNumberOfBytesToWrite=0x3770, lpNumberOfBytesWritten=0xc0000c1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesWritten=0xc0000c1cec*=0x3770, lpOverlapped=0x0) returned 1 [0135.735] CloseHandle (hObject=0x2f0) returned 1 [0135.735] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0135.735] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DBF8dAOE1.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dbf8daoe1.mp4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0135.735] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0000c1d64 | out: lpMode=0xc0000c1d64) returned 0 [0135.739] GetFileType (hFile=0x2f0) returned 0x1 [0135.739] WriteFile (in: hFile=0x2f0, lpBuffer=0xc000060580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000060580*, lpNumberOfBytesWritten=0xc0000c1d4c*=0x158, lpOverlapped=0x0) returned 1 [0135.740] CloseHandle (hObject=0x2f0) returned 1 [0135.740] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0135.740] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0135.741] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DBF8dAOE1.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dbf8daoe1.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-DBF8dAOE1.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-dbf8daoe1.mp4"), dwFlags=0x1) returned 1 [0135.742] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.743] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0135.743] SetEvent (hEvent=0xc0) returned 1 [0135.743] SetEvent (hEvent=0x354) returned 1 [0135.743] SetEvent (hEvent=0x114) returned 1 [0135.743] SetEvent (hEvent=0x24c) returned 1 [0135.746] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.751] SetEvent (hEvent=0x24c) returned 1 [0135.751] SetEvent (hEvent=0x114) returned 1 [0135.751] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0135.762] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0135.762] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.763] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0135.763] SetEvent (hEvent=0xc0) returned 1 [0135.763] SetEvent (hEvent=0x334) returned 1 [0135.763] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.791] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.792] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0135.792] SetEvent (hEvent=0xc0) returned 1 [0135.792] SetEvent (hEvent=0x334) returned 1 [0135.793] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.793] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.799] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.799] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0135.799] SetEvent (hEvent=0x334) returned 1 [0135.799] SetEvent (hEvent=0x12c) returned 1 [0135.799] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.805] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.805] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0135.805] SetEvent (hEvent=0x12c) returned 1 [0135.806] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.806] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.807] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0135.807] SetEvent (hEvent=0x334) returned 1 [0135.807] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0135.814] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0136.158] SetEvent (hEvent=0x39c) returned 1 [0136.158] SetEvent (hEvent=0xfc) returned 1 [0136.158] SetEvent (hEvent=0x12c) returned 1 [0136.158] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0136.315] SetEvent (hEvent=0x334) returned 1 [0136.315] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0136.316] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0136.317] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0136.317] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0136.318] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0006e3cf4 | out: lpMode=0xc0006e3cf4) returned 0 [0136.425] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0136.526] GetFileType (hFile=0x240) returned 0x1 [0136.526] GetFileType (hFile=0x240) returned 0x1 [0136.526] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc0006e3d44 | out: lpFileInformation=0xc0006e3d44) returned 1 [0136.526] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc0006e3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e3d28) returned 1 [0136.526] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0136.528] ReadFile (in: hFile=0x240, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0x8200, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc0006e3c04*=0x8000, lpOverlapped=0x0) returned 1 [0136.674] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0136.900] ReadFile (in: hFile=0x240, lpBuffer=0xc0001ea000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ea000*, lpNumberOfBytesRead=0xc0006e3c04*=0x0, lpOverlapped=0x0) returned 1 [0136.900] CloseHandle (hObject=0x240) returned 1 [0136.900] SwitchToThread () returned 1 [0136.997] SwitchToThread () returned 1 [0136.997] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0137.111] SwitchToThread () returned 1 [0137.111] SetEvent (hEvent=0x39c) returned 1 [0137.111] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0137.112] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc00014bcf4 | out: lpMode=0xc00014bcf4) returned 0 [0137.156] GetFileType (hFile=0x2f4) returned 0x1 [0137.156] GetFileType (hFile=0x2f4) returned 0x1 [0137.156] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc00014bd44 | out: lpFileInformation=0xc00014bd44) returned 1 [0137.156] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc00014bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014bd28) returned 1 [0137.156] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0137.157] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001fdcf4 | out: lpMode=0xc0001fdcf4) returned 0 [0137.163] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0137.165] GetFileType (hFile=0x240) returned 0x1 [0137.165] GetFileType (hFile=0x240) returned 0x1 [0137.165] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc0001fdd44 | out: lpFileInformation=0xc0001fdd44) returned 1 [0137.165] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc0001fdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fdd28) returned 1 [0137.165] ReadFile (in: hFile=0x240, lpBuffer=0xc000208800, nNumberOfBytesToRead=0x7a7, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000208800*, lpNumberOfBytesRead=0xc0001fdc04*=0x5a7, lpOverlapped=0x0) returned 1 [0137.173] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0137.182] ReadFile (in: hFile=0x240, lpBuffer=0xc000208da7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000208da7*, lpNumberOfBytesRead=0xc0001fdc04*=0x0, lpOverlapped=0x0) returned 1 [0137.182] CloseHandle (hObject=0x240) returned 1 [0137.182] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0137.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0137.184] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001fdd04 | out: lpMode=0xc0001fdd04) returned 0 [0137.283] GetFileType (hFile=0x240) returned 0x1 [0137.284] WriteFile (in: hFile=0x240, lpBuffer=0xc0001a6600*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0xc0001fdcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001a6600*, lpNumberOfBytesWritten=0xc0001fdcec*=0x5b0, lpOverlapped=0x0) returned 1 [0137.285] CloseHandle (hObject=0x240) returned 1 [0137.285] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0137.285] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0137.296] SetEvent (hEvent=0x39c) returned 1 [0137.296] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0137.300] SetEvent (hEvent=0x334) returned 1 [0137.300] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0137.410] SetEvent (hEvent=0x39c) returned 1 [0137.410] SetEvent (hEvent=0x354) returned 1 [0137.410] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0138.614] SetEvent (hEvent=0x12c) returned 1 [0138.614] SetEvent (hEvent=0x30c) returned 1 [0138.614] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0138.809] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0138.815] SetEvent (hEvent=0x12c) returned 1 [0138.815] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0138.825] SetEvent (hEvent=0x30c) returned 1 [0138.825] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0138.832] SetEvent (hEvent=0x3c8) returned 1 [0138.832] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0138.852] SetEvent (hEvent=0x39c) returned 1 [0138.852] SetEvent (hEvent=0x3c8) returned 1 [0138.853] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0139.648] SetEvent (hEvent=0x39c) returned 1 [0139.648] SetEvent (hEvent=0x12c) returned 1 [0139.648] SetEvent (hEvent=0x30c) returned 1 [0139.649] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0139.805] SetEvent (hEvent=0x3c8) returned 1 [0139.805] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0139.819] SetEvent (hEvent=0x39c) returned 1 [0139.819] SetEvent (hEvent=0xec) returned 1 [0139.819] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0139.836] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0139.837] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0002d9cf4 | out: lpMode=0xc0002d9cf4) returned 0 [0139.840] GetFileType (hFile=0x2f0) returned 0x1 [0139.840] GetFileType (hFile=0x2f0) returned 0x1 [0139.840] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0002d9d44 | out: lpFileInformation=0xc0002d9d44) returned 1 [0139.840] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0002d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d9d28) returned 1 [0139.840] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00005a000, nNumberOfBytesToRead=0xba2, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesRead=0xc0002d9c04*=0x9a2, lpOverlapped=0x0) returned 1 [0139.853] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00005a9a2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a9a2*, lpNumberOfBytesRead=0xc0002d9c04*=0x0, lpOverlapped=0x0) returned 1 [0139.853] CloseHandle (hObject=0x2f0) returned 1 [0139.853] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0139.856] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0139.856] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0139.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0139.858] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0002d9d04 | out: lpMode=0xc0002d9d04) returned 0 [0139.866] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0139.908] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0139.936] SetEvent (hEvent=0x12c) returned 1 [0139.936] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0139.938] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00015fcf4 | out: lpMode=0xc00015fcf4) returned 0 [0139.955] GetFileType (hFile=0x2cc) returned 0x1 [0139.955] GetFileType (hFile=0x2cc) returned 0x1 [0139.955] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc00015fd44 | out: lpFileInformation=0xc00015fd44) returned 1 [0139.955] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc00015fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015fd28) returned 1 [0139.955] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0139.957] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0001a0000, nNumberOfBytesToRead=0xc00, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a0000*, lpNumberOfBytesRead=0xc00015fc04*=0xa00, lpOverlapped=0x0) returned 1 [0139.967] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.007] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0001a0a00, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a0a00*, lpNumberOfBytesRead=0xc00015fc04*=0x0, lpOverlapped=0x0) returned 1 [0140.007] CloseHandle (hObject=0x2cc) returned 1 [0140.008] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0140.009] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00015fd04 | out: lpMode=0xc00015fd04) returned 0 [0140.021] GetFileType (hFile=0x2cc) returned 0x1 [0140.021] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000fea80*, nNumberOfBytesToWrite=0xa10, lpNumberOfBytesWritten=0xc00015fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fea80*, lpNumberOfBytesWritten=0xc00015fcec*=0xa10, lpOverlapped=0x0) returned 1 [0140.022] CloseHandle (hObject=0x2cc) returned 1 [0140.022] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0140.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0140.022] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00015fd64 | out: lpMode=0xc00015fd64) returned 0 [0140.025] GetFileType (hFile=0x2cc) returned 0x1 [0140.025] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc00015fd4c*=0x158, lpOverlapped=0x0) returned 1 [0140.025] CloseHandle (hObject=0x2cc) returned 1 [0140.025] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\encry-Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\encry-outlook.srs"), dwFlags=0x1) returned 1 [0140.027] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.052] SetEvent (hEvent=0x12c) returned 1 [0140.052] VirtualFree (lpAddress=0xc00021c000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0140.054] VirtualFree (lpAddress=0xc000184000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.054] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0140.055] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.055] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.056] VirtualFree (lpAddress=0xc00006e000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0140.056] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.057] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof\\*", lpFindFileData=0xc000129530 | out: lpFindFileData=0xc000129530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.057] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.057] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.057] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.057] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect"), fInfoLevelId=0x0, lpFileInformation=0xc000129778 | out: lpFileInformation=0xc000129778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x541f1c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x541f1c70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0140.057] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.057] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0xc000129530 | out: lpFindFileData=0xc000129530*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x541f1c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x541f1c70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.058] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x541f1c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x541f1c70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.058] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x138, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0140.058] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3111613574-2524581245-2586426736-500", cAlternateFileName="S-1-5-~1")) returned 1 [0140.058] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x541f1c70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x89f07f80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x89f07f80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~2")) returned 1 [0140.058] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2b1e4b40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b1e4b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x36031920, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0140.058] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.058] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.058] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0140.059] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist"), fInfoLevelId=0x0, lpFileInformation=0xc0001e96a0 | out: lpFileInformation=0xc0001e96a0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf29f8e64, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x138)) returned 1 [0140.059] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0140.060] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0140.060] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500"), fInfoLevelId=0x0, lpFileInformation=0xc0001e96a0 | out: lpFileInformation=0xc0001e96a0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.061] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.061] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\*", lpFindFileData=0xc0001e9458 | out: lpFindFileData=0xc0001e9458*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28de3e80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.085] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.097] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.107] SetEvent (hEvent=0x39c) returned 1 [0140.107] SetEvent (hEvent=0xfc) returned 1 [0140.107] SetEvent (hEvent=0x12c) returned 1 [0140.108] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.153] SetEvent (hEvent=0xec) returned 1 [0140.153] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.157] SetEvent (hEvent=0x354) returned 1 [0140.157] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.192] SetEvent (hEvent=0x39c) returned 1 [0140.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0140.193] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000191cf4 | out: lpMode=0xc000191cf4) returned 0 [0140.199] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.200] SetEvent (hEvent=0xc0) returned 1 [0140.200] SetEvent (hEvent=0x39c) returned 1 [0140.200] GetFileType (hFile=0x2f0) returned 0x1 [0140.201] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.305] GetFileType (hFile=0x2f0) returned 0x1 [0140.305] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc000191d44 | out: lpFileInformation=0xc000191d44) returned 1 [0140.305] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc000191d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000191d28) returned 1 [0140.305] SwitchToThread () returned 1 [0140.427] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.441] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0140.442] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00002c000, nNumberOfBytesToRead=0x24c, lpNumberOfBytesRead=0xc000191c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c000*, lpNumberOfBytesRead=0xc000191c04*=0x4c, lpOverlapped=0x0) returned 1 [0140.443] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00002c04c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000191c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c04c*, lpNumberOfBytesRead=0xc000191c04*=0x0, lpOverlapped=0x0) returned 1 [0140.443] CloseHandle (hObject=0x2f0) returned 1 [0140.443] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0140.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.444] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST\\*", lpFindFileData=0xc000191a08 | out: lpFindFileData=0xc000191a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0140.445] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000191720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0140.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0140.446] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0000f7cf4 | out: lpMode=0xc0000f7cf4) returned 0 [0140.455] GetFileType (hFile=0x2f0) returned 0x1 [0140.455] GetFileType (hFile=0x2f0) returned 0x1 [0140.455] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0000f7d44 | out: lpFileInformation=0xc0000f7d44) returned 1 [0140.455] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0000f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f7d28) returned 1 [0140.455] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0140.456] ReadFile (in: hFile=0x2f0, lpBuffer=0xc000040000, nNumberOfBytesToRead=0x3d4, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesRead=0xc0000f7c04*=0x1d4, lpOverlapped=0x0) returned 1 [0140.457] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0000401d4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000401d4*, lpNumberOfBytesRead=0xc0000f7c04*=0x0, lpOverlapped=0x0) returned 1 [0140.457] CloseHandle (hObject=0x2f0) returned 1 [0140.457] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0140.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.458] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d\\*", lpFindFileData=0xc0000f7a08 | out: lpFindFileData=0xc0000f7a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0140.458] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000f7720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0140.458] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0140.459] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0140.459] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000050000*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0000f7808, lpReserved=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfCharsWritten=0xc0000f7808*=0xac) returned 1 [0140.467] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.471] SetEvent (hEvent=0x354) returned 1 [0140.471] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.481] SetEvent (hEvent=0x39c) returned 1 [0140.481] SetEvent (hEvent=0x3c8) returned 1 [0140.481] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.500] GetFileType (hFile=0x240) returned 0x1 [0140.500] GetFileType (hFile=0x240) returned 0x1 [0140.500] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc0002dfd44 | out: lpFileInformation=0xc0002dfd44) returned 1 [0140.500] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc0002dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002dfd28) returned 1 [0140.500] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0140.500] ReadFile (in: hFile=0x240, lpBuffer=0xc0000a4000, nNumberOfBytesToRead=0x218, lpNumberOfBytesRead=0xc0002dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a4000*, lpNumberOfBytesRead=0xc0002dfc04*=0x18, lpOverlapped=0x0) returned 1 [0140.501] ReadFile (in: hFile=0x240, lpBuffer=0xc0000a4018, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a4018*, lpNumberOfBytesRead=0xc0002dfc04*=0x0, lpOverlapped=0x0) returned 1 [0140.501] CloseHandle (hObject=0x240) returned 1 [0140.501] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0140.502] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0140.502] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0140.503] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0140.503] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.503] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred\\*", lpFindFileData=0xc0002dfa08 | out: lpFindFileData=0xc0002dfa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0140.503] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0140.504] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002df720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0140.504] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0140.504] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0140.505] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0140.505] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0140.506] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0140.506] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0140.507] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00020dcf4 | out: lpMode=0xc00020dcf4) returned 0 [0140.533] GetFileType (hFile=0x240) returned 0x1 [0140.533] GetFileType (hFile=0x240) returned 0x1 [0140.533] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc00020dd44 | out: lpFileInformation=0xc00020dd44) returned 1 [0140.533] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc00020dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020dd28) returned 1 [0140.534] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0140.534] ReadFile (in: hFile=0x240, lpBuffer=0xc0000e4000, nNumberOfBytesToRead=0x3d4, lpNumberOfBytesRead=0xc00020dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesRead=0xc00020dc04*=0x1d4, lpOverlapped=0x0) returned 1 [0140.535] ReadFile (in: hFile=0x240, lpBuffer=0xc0000e41d4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e41d4*, lpNumberOfBytesRead=0xc00020dc04*=0x0, lpOverlapped=0x0) returned 1 [0140.535] CloseHandle (hObject=0x240) returned 1 [0140.535] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0140.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.536] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c\\*", lpFindFileData=0xc00020da08 | out: lpFindFileData=0xc00020da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0140.536] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00020d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0140.536] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0140.537] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.551] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0140.552] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0140.552] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0140.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0140.554] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001f9cf4 | out: lpMode=0xc0001f9cf4) returned 0 [0140.573] GetFileType (hFile=0x36c) returned 0x1 [0140.573] GetFileType (hFile=0x36c) returned 0x1 [0140.573] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0001f9d44 | out: lpFileInformation=0xc0001f9d44) returned 1 [0140.573] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0001f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f9d28) returned 1 [0140.573] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0140.574] ReadFile (in: hFile=0x36c, lpBuffer=0xc00002c000, nNumberOfBytesToRead=0x2a8, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c000*, lpNumberOfBytesRead=0xc0001f9c04*=0xa8, lpOverlapped=0x0) returned 1 [0140.576] ReadFile (in: hFile=0x36c, lpBuffer=0xc00002c0a8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c0a8*, lpNumberOfBytesRead=0xc0001f9c04*=0x0, lpOverlapped=0x0) returned 1 [0140.576] CloseHandle (hObject=0x36c) returned 1 [0140.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0140.578] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001f9d04 | out: lpMode=0xc0001f9d04) returned 0 [0140.586] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.607] GetFileType (hFile=0x36c) returned 0x1 [0140.607] WriteFile (in: hFile=0x36c, lpBuffer=0xc00005c000*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0xc0001f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesWritten=0xc0001f9cec*=0xb0, lpOverlapped=0x0) returned 1 [0140.609] CloseHandle (hObject=0x36c) returned 1 [0140.609] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0140.609] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0140.609] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0140.610] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0140.611] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0140.611] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0140.612] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0140.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0140.613] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001f9d64 | out: lpMode=0xc0001f9d64) returned 0 [0140.614] GetFileType (hFile=0x36c) returned 0x1 [0140.614] WriteFile (in: hFile=0x36c, lpBuffer=0xc00005a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00005a2c0*, lpNumberOfBytesWritten=0xc0001f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.615] CloseHandle (hObject=0x36c) returned 1 [0140.615] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0140.615] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0140.616] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\encry-ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\encry-contentstore.xml"), dwFlags=0x1) returned 1 [0140.617] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.618] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0140.618] SetEvent (hEvent=0xc0) returned 1 [0140.618] SetEvent (hEvent=0x39c) returned 1 [0140.618] SetEvent (hEvent=0xfc) returned 1 [0140.618] SetEvent (hEvent=0xec) returned 1 [0140.619] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.622] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.622] SetEvent (hEvent=0xec) returned 1 [0140.622] SetEvent (hEvent=0x12c) returned 1 [0140.622] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.627] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.627] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0140.627] SetEvent (hEvent=0x3c8) returned 1 [0140.627] SetEvent (hEvent=0x30c) returned 1 [0140.628] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.629] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0140.630] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000177cf4 | out: lpMode=0xc000177cf4) returned 0 [0140.631] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.700] SetEvent (hEvent=0x12c) returned 1 [0140.700] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.701] SetEvent (hEvent=0x12c) returned 1 [0140.701] SetEvent (hEvent=0x354) returned 1 [0140.701] SetEvent (hEvent=0x39c) returned 1 [0140.701] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.702] VirtualFree (lpAddress=0xc0001a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.713] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.713] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.714] VirtualFree (lpAddress=0xc00010e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0140.714] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.715] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.715] VirtualFree (lpAddress=0xc000070000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0140.716] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.716] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0140.717] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000135cf4 | out: lpMode=0xc000135cf4) returned 0 [0140.730] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.732] GetFileType (hFile=0x240) returned 0x1 [0140.732] GetFileType (hFile=0x240) returned 0x1 [0140.732] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc000135d44 | out: lpFileInformation=0xc000135d44) returned 1 [0140.732] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc000135d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000135d28) returned 1 [0140.732] ReadFile (in: hFile=0x240, lpBuffer=0xc00006c280, nNumberOfBytesToRead=0x26f, lpNumberOfBytesRead=0xc000135c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c280*, lpNumberOfBytesRead=0xc000135c04*=0x6f, lpOverlapped=0x0) returned 1 [0140.733] ReadFile (in: hFile=0x240, lpBuffer=0xc00006c2ef, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000135c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c2ef*, lpNumberOfBytesRead=0xc000135c04*=0x0, lpOverlapped=0x0) returned 1 [0140.734] CloseHandle (hObject=0x240) returned 1 [0140.734] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0140.734] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0140.736] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000135d04 | out: lpMode=0xc000135d04) returned 0 [0140.742] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.750] GetFileType (hFile=0x240) returned 0x1 [0140.750] WriteFile (in: hFile=0x240, lpBuffer=0xc0001c0230*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0xc000135cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0230*, lpNumberOfBytesWritten=0xc000135cec*=0x70, lpOverlapped=0x0) returned 1 [0140.751] CloseHandle (hObject=0x240) returned 1 [0140.751] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0140.752] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0140.752] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0140.752] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000135d64 | out: lpMode=0xc000135d64) returned 0 [0140.758] GetFileType (hFile=0x240) returned 0x1 [0140.758] WriteFile (in: hFile=0x240, lpBuffer=0xc0001e2420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000135d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2420*, lpNumberOfBytesWritten=0xc000135d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.759] CloseHandle (hObject=0x240) returned 1 [0140.759] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\encry-5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\encry-5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt"), dwFlags=0x1) returned 1 [0140.761] SwitchToThread () returned 1 [0140.762] SetEvent (hEvent=0x12c) returned 1 [0140.762] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.763] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0140.764] SetEvent (hEvent=0x354) returned 1 [0140.764] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.766] SwitchToThread () returned 1 [0140.770] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.781] SetEvent (hEvent=0x12c) returned 1 [0140.781] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.782] SetEvent (hEvent=0x354) returned 1 [0140.782] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.784] SetEvent (hEvent=0xfc) returned 1 [0140.784] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.796] GetFileType (hFile=0x36c) returned 0x1 [0140.796] WriteFile (in: hFile=0x36c, lpBuffer=0xc000036000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesWritten=0xc0001cfd4c*=0x158, lpOverlapped=0x0) returned 1 [0140.796] CloseHandle (hObject=0x36c) returned 1 [0140.797] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0140.797] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0140.798] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\encry-5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\encry-5p5nrgjn0js_halpmcxz@adobe[1].txt"), dwFlags=0x1) returned 1 [0140.799] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0140.799] SetEvent (hEvent=0x3c8) returned 1 [0140.800] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.815] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.819] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.819] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0140.819] SetEvent (hEvent=0xfc) returned 1 [0140.820] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.823] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.824] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0140.824] SetEvent (hEvent=0xc0) returned 1 [0140.824] SetEvent (hEvent=0x12c) returned 1 [0140.824] SetEvent (hEvent=0x30c) returned 1 [0140.825] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.828] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.832] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0140.832] SetEvent (hEvent=0x12c) returned 1 [0140.832] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.841] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.842] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0140.842] SetEvent (hEvent=0xc0) returned 1 [0140.842] SetEvent (hEvent=0x354) returned 1 [0140.842] SetEvent (hEvent=0x30c) returned 1 [0140.842] SetEvent (hEvent=0x3c8) returned 1 [0140.843] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.847] SetEvent (hEvent=0x30c) returned 1 [0140.847] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.853] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0140.853] SetEvent (hEvent=0x30c) returned 1 [0140.853] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.860] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.860] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.861] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.861] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0140.861] SetEvent (hEvent=0xc0) returned 1 [0140.861] SetEvent (hEvent=0x30c) returned 1 [0140.861] SetEvent (hEvent=0xfc) returned 1 [0140.861] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.863] SetEvent (hEvent=0x30c) returned 1 [0140.863] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.866] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.867] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0140.867] SetEvent (hEvent=0x354) returned 1 [0140.867] SetEvent (hEvent=0x30c) returned 1 [0140.867] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.869] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0140.869] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0140.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@ml314[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0140.870] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000135cf4 | out: lpMode=0xc000135cf4) returned 0 [0140.875] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.884] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.891] SetEvent (hEvent=0x3c8) returned 1 [0140.891] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.893] SetEvent (hEvent=0x12c) returned 1 [0140.893] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.900] SetEvent (hEvent=0xec) returned 1 [0140.900] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0140.907] SetEvent (hEvent=0x3c8) returned 1 [0140.907] SetEvent (hEvent=0xfc) returned 1 [0140.907] SetEvent (hEvent=0x30c) returned 1 [0140.907] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0141.006] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0141.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0141.007] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0001cfcf4 | out: lpMode=0xc0001cfcf4) returned 0 [0141.014] GetFileType (hFile=0x384) returned 0x1 [0141.014] GetFileType (hFile=0x384) returned 0x1 [0141.014] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc0001cfd44 | out: lpFileInformation=0xc0001cfd44) returned 1 [0141.014] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc0001cfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cfd28) returned 1 [0141.014] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0141.015] ReadFile (in: hFile=0x384, lpBuffer=0xc0000d8000, nNumberOfBytesToRead=0x266, lpNumberOfBytesRead=0xc0001cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesRead=0xc0001cfc04*=0x66, lpOverlapped=0x0) returned 1 [0141.016] ReadFile (in: hFile=0x384, lpBuffer=0xc0000d8066, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8066*, lpNumberOfBytesRead=0xc0001cfc04*=0x0, lpOverlapped=0x0) returned 1 [0141.016] CloseHandle (hObject=0x384) returned 1 [0141.016] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0141.016] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0141.017] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0001cfd04 | out: lpMode=0xc0001cfd04) returned 0 [0141.025] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0141.500] GetFileType (hFile=0x384) returned 0x1 [0141.500] WriteFile (in: hFile=0x384, lpBuffer=0xc0000e4000*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0xc0001cfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesWritten=0xc0001cfcec*=0x70, lpOverlapped=0x0) returned 1 [0142.501] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0142.839] CloseHandle (hObject=0x384) returned 1 [0142.842] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0143.958] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0143.958] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0143.958] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0001cfd64 | out: lpMode=0xc0001cfd64) returned 0 [0143.964] GetFileType (hFile=0x5c4) returned 0x1 [0143.964] WriteFile (in: hFile=0x5c4, lpBuffer=0xc000682b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000682b00*, lpNumberOfBytesWritten=0xc0001cfd4c*=0x158, lpOverlapped=0x0) returned 1 [0143.964] CloseHandle (hObject=0x5c4) returned 1 [0143.965] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@ad13.adfarm1.adition[1].txt"), dwFlags=0x1) returned 1 [0143.966] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.968] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0143.968] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0143.968] SetEvent (hEvent=0xc0) returned 1 [0143.968] SetEvent (hEvent=0x388) returned 1 [0143.968] SetEvent (hEvent=0x234) returned 1 [0143.968] SetEvent (hEvent=0x3c0) returned 1 [0143.970] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.978] SetEvent (hEvent=0x188) returned 1 [0143.978] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.989] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0143.989] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.991] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0143.991] SetEvent (hEvent=0x3c0) returned 1 [0143.991] SetEvent (hEvent=0x188) returned 1 [0143.991] SetEvent (hEvent=0x918) returned 1 [0143.991] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.005] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.006] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0144.006] SetEvent (hEvent=0x918) returned 1 [0144.006] SetEvent (hEvent=0x9c0) returned 1 [0144.006] SetEvent (hEvent=0x188) returned 1 [0144.008] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.015] SetEvent (hEvent=0x8d8) returned 1 [0144.015] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.037] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0144.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.038] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0144.038] SetEvent (hEvent=0xc0) returned 1 [0144.038] SetEvent (hEvent=0xa98) returned 1 [0144.038] SetEvent (hEvent=0xad0) returned 1 [0144.038] SetEvent (hEvent=0x950) returned 1 [0144.038] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.068] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.069] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0144.069] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0144.069] SetEvent (hEvent=0x928) returned 1 [0144.069] SetEvent (hEvent=0xba8) returned 1 [0144.069] SetEvent (hEvent=0x2a8) returned 1 [0144.071] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.079] SetEvent (hEvent=0x2a8) returned 1 [0144.079] SetEvent (hEvent=0xba8) returned 1 [0144.079] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.088] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.089] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0144.090] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0144.090] SetEvent (hEvent=0xba8) returned 1 [0144.090] SetEvent (hEvent=0x930) returned 1 [0144.090] SetEvent (hEvent=0x958) returned 1 [0144.090] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.110] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.111] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0144.111] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f698, ulNumEntriesRemoved=0x2cc9f66c) returned 0 [0144.111] SetEvent (hEvent=0x364) returned 1 [0144.111] SetEvent (hEvent=0x960) returned 1 [0144.111] SetEvent (hEvent=0x458) returned 1 [0144.112] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.114] SetEvent (hEvent=0x458) returned 1 [0144.114] SetEvent (hEvent=0x960) returned 1 [0144.114] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe08*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.124] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe30*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.124] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2cc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2cc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2cc9f6a0, ulNumEntriesRemoved=0x2cc9f674) returned 0 [0144.124] SetEvent (hEvent=0x364) returned 1 [0144.124] SetEvent (hEvent=0x458) returned 1 [0144.124] SetEvent (hEvent=0x938) returned 1 [0144.125] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2cc9fe18*=0x324, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.130] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wfqsgh z BG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wfqsgh z bg.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380 [0144.131] GetConsoleMode (in: hConsoleHandle=0x380, lpMode=0xc00040dd04 | out: lpMode=0xc00040dd04) returned 0 [0144.139] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0144.582] SetEvent (hEvent=0xc6c) returned 1 [0144.582] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0144.583] SetEvent (hEvent=0xc6c) returned 1 [0144.583] SetEvent (hEvent=0xbe0) returned 1 [0144.583] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0144.591] SetEvent (hEvent=0x320) returned 1 [0144.591] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0145.976] SetEvent (hEvent=0x2f4) returned 1 [0145.976] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0145.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x838 [0145.978] GetConsoleMode (in: hConsoleHandle=0x838, lpMode=0xc00029fcf4 | out: lpMode=0xc00029fcf4) returned 0 [0145.980] GetFileType (hFile=0x838) returned 0x1 [0145.980] GetFileType (hFile=0x838) returned 0x1 [0145.980] GetFileInformationByHandle (in: hFile=0x838, lpFileInformation=0xc00029fd44 | out: lpFileInformation=0xc00029fd44) returned 1 [0145.980] GetFileInformationByHandleEx (in: hFile=0x838, FileInformationClass=0x9, lpFileInformation=0xc00029fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029fd28) returned 1 [0145.980] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0145.981] ReadFile (in: hFile=0x838, lpBuffer=0xc000220000, nNumberOfBytesToRead=0x6cc, lpNumberOfBytesRead=0xc00029fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000220000*, lpNumberOfBytesRead=0xc00029fc04*=0x4cc, lpOverlapped=0x0) returned 1 [0145.984] ReadFile (in: hFile=0x838, lpBuffer=0xc0002204cc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002204cc*, lpNumberOfBytesRead=0xc00029fc04*=0x0, lpOverlapped=0x0) returned 1 [0145.984] CloseHandle (hObject=0x838) returned 1 [0145.984] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0145.985] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x838 [0145.987] GetConsoleMode (in: hConsoleHandle=0x838, lpMode=0xc00029fd04 | out: lpMode=0xc00029fd04) returned 0 [0145.989] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0146.267] GetFileType (hFile=0x838) returned 0x1 [0146.267] WriteFile (in: hFile=0x838, lpBuffer=0xc00021c000*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0xc00029fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00021c000*, lpNumberOfBytesWritten=0xc00029fcec*=0x4d0, lpOverlapped=0x0) returned 1 [0146.269] CloseHandle (hObject=0x838) returned 1 [0146.269] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b201 | out: pbBuffer=0xc00031b201) returned 1 [0146.270] VirtualAlloc (lpAddress=0xc0002aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002aa000 [0146.271] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x838 [0146.271] GetConsoleMode (in: hConsoleHandle=0x838, lpMode=0xc00029fd64 | out: lpMode=0xc00029fd64) returned 0 [0146.273] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0146.317] GetFileType (hFile=0x838) returned 0x1 [0146.317] WriteFile (in: hFile=0x838, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc00029fd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.318] CloseHandle (hObject=0x838) returned 1 [0146.327] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0146.352] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0146.353] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0146.354] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0146.355] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\encry-Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\encry-windows explorer.lnk"), dwFlags=0x1) returned 1 [0146.358] SetEvent (hEvent=0x448) returned 1 [0146.358] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0146.362] SetEvent (hEvent=0x3c4) returned 1 [0146.362] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0146.376] SetEvent (hEvent=0x448) returned 1 [0146.376] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0146.480] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0146.481] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0146.482] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0146.483] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x880 [0146.484] GetConsoleMode (in: hConsoleHandle=0x880, lpMode=0xc0001d1cf4 | out: lpMode=0xc0001d1cf4) returned 0 [0146.487] GetFileType (hFile=0x880) returned 0x1 [0146.487] GetFileType (hFile=0x880) returned 0x1 [0146.487] GetFileInformationByHandle (in: hFile=0x880, lpFileInformation=0xc0001d1d44 | out: lpFileInformation=0xc0001d1d44) returned 1 [0146.487] GetFileInformationByHandleEx (in: hFile=0x880, FileInformationClass=0x9, lpFileInformation=0xc0001d1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d1d28) returned 1 [0146.487] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0146.489] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x3a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0146.499] ReadFile (in: hFile=0x880, lpBuffer=0xc000542000, nNumberOfBytesToRead=0x38200, lpNumberOfBytesRead=0xc0001d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesRead=0xc0001d1c04*=0x38000, lpOverlapped=0x0) returned 1 [0146.502] ReadFile (in: hFile=0x880, lpBuffer=0xc00057a000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00057a000*, lpNumberOfBytesRead=0xc0001d1c04*=0x0, lpOverlapped=0x0) returned 1 [0146.502] CloseHandle (hObject=0x880) returned 1 [0146.502] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0146.503] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x3a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0146.510] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x880 [0146.513] GetConsoleMode (in: hConsoleHandle=0x880, lpMode=0xc0001d1d04 | out: lpMode=0xc0001d1d04) returned 0 [0146.514] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0146.853] SetEvent (hEvent=0xc80) returned 1 [0146.853] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0146.858] SetEvent (hEvent=0xc80) returned 1 [0146.858] SetEvent (hEvent=0xbb0) returned 1 [0146.858] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0146.893] SetEvent (hEvent=0x318) returned 1 [0146.893] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0147.916] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0147.917] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XGa8DIo5V.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xga8dio5v.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5b0 [0147.918] GetConsoleMode (in: hConsoleHandle=0x5b0, lpMode=0xc000455cf4 | out: lpMode=0xc000455cf4) returned 0 [0147.922] GetFileType (hFile=0x5b0) returned 0x1 [0147.922] GetFileType (hFile=0x5b0) returned 0x1 [0147.922] GetFileInformationByHandle (in: hFile=0x5b0, lpFileInformation=0xc000455d44 | out: lpFileInformation=0xc000455d44) returned 1 [0147.922] GetFileInformationByHandleEx (in: hFile=0x5b0, FileInformationClass=0x9, lpFileInformation=0xc000455d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000455d28) returned 1 [0147.922] VirtualAlloc (lpAddress=0xc0004a0000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004a0000 [0147.925] ReadFile (in: hFile=0x5b0, lpBuffer=0xc0004a0000, nNumberOfBytesToRead=0x17c72, lpNumberOfBytesRead=0xc000455c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004a0000*, lpNumberOfBytesRead=0xc000455c04*=0x17a72, lpOverlapped=0x0) returned 1 [0148.546] ReadFile (in: hFile=0x5b0, lpBuffer=0xc0004b7a72, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000455c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004b7a72*, lpNumberOfBytesRead=0xc000455c04*=0x0, lpOverlapped=0x0) returned 1 [0148.547] CloseHandle (hObject=0x5b0) returned 1 [0148.547] VirtualAlloc (lpAddress=0xc00061c000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00061c000 [0148.552] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XGa8DIo5V.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xga8dio5v.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0149.387] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc000455d04 | out: lpMode=0xc000455d04) returned 0 [0149.390] GetFileType (hFile=0x5d8) returned 0x1 [0149.390] WriteFile (in: hFile=0x5d8, lpBuffer=0xc00061c000*, nNumberOfBytesToWrite=0x17a80, lpNumberOfBytesWritten=0xc000455cec, lpOverlapped=0x0 | out: lpBuffer=0xc00061c000*, lpNumberOfBytesWritten=0xc000455cec*=0x17a80, lpOverlapped=0x0) returned 1 [0149.614] CloseHandle (hObject=0x5d8) returned 1 [0149.654] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0149.654] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XGa8DIo5V.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xga8dio5v.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0149.654] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc000455d64 | out: lpMode=0xc000455d64) returned 0 [0149.656] GetFileType (hFile=0x3d0) returned 0x1 [0149.656] WriteFile (in: hFile=0x3d0, lpBuffer=0xc00004c420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000455d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00004c420*, lpNumberOfBytesWritten=0xc000455d4c*=0x158, lpOverlapped=0x0) returned 1 [0149.664] CloseHandle (hObject=0x3d0) returned 1 [0149.686] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0149.690] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0149.691] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XGa8DIo5V.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xga8dio5v.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-XGa8DIo5V.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-xga8dio5v.png"), dwFlags=0x1) returned 1 [0152.322] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0152.911] SetEvent (hEvent=0x3b0) returned 1 [0152.911] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0161.262] SetEvent (hEvent=0xa30) returned 1 [0161.262] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc490*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000249818, lpReserved=0x0 | out: lpBuffer=0xc0000bc490*, lpNumberOfCharsWritten=0xc000249818*=0x4) returned 1 [0161.265] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc498*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000409818, lpReserved=0x0 | out: lpBuffer=0xc0000bc498*, lpNumberOfCharsWritten=0xc000409818*=0x4) returned 1 [0161.267] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc4a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000c5818, lpReserved=0x0 | out: lpBuffer=0xc0000bc4a0*, lpNumberOfCharsWritten=0xc0000c5818*=0x4) returned 1 [0161.268] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc4a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00020f818, lpReserved=0x0 | out: lpBuffer=0xc0000bc4a8*, lpNumberOfCharsWritten=0xc00020f818*=0x4) returned 1 [0161.270] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc4b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001e9818, lpReserved=0x0 | out: lpBuffer=0xc0000bc4b0*, lpNumberOfCharsWritten=0xc0001e9818*=0x4) returned 1 [0161.271] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc4b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000419818, lpReserved=0x0 | out: lpBuffer=0xc0000bc4b8*, lpNumberOfCharsWritten=0xc000419818*=0x4) returned 1 [0161.275] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0678*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00046d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0678*, lpNumberOfCharsWritten=0xc00046d818*=0x4) returned 1 [0161.277] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a06b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00040f818, lpReserved=0x0 | out: lpBuffer=0xc0000a06b0*, lpNumberOfCharsWritten=0xc00040f818*=0x4) returned 1 [0161.308] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a06b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00048f818, lpReserved=0x0 | out: lpBuffer=0xc0000a06b8*, lpNumberOfCharsWritten=0xc00048f818*=0x4) returned 1 [0161.309] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a06c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0003f7818, lpReserved=0x0 | out: lpBuffer=0xc0000a06c0*, lpNumberOfCharsWritten=0xc0003f7818*=0x3) returned 1 [0161.314] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a06c8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001bf818, lpReserved=0x0 | out: lpBuffer=0xc0000a06c8*, lpNumberOfCharsWritten=0xc0001bf818*=0x4) returned 1 [0161.321] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a06d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00014f818, lpReserved=0x0 | out: lpBuffer=0xc0000a06d0*, lpNumberOfCharsWritten=0xc00014f818*=0x4) returned 1 [0161.323] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a06d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001d1818, lpReserved=0x0 | out: lpBuffer=0xc0000a06d8*, lpNumberOfCharsWritten=0xc0001d1818*=0x4) returned 1 [0161.326] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010590*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001a5818, lpReserved=0x0 | out: lpBuffer=0xc000010590*, lpNumberOfCharsWritten=0xc0001a5818*=0x4) returned 1 [0161.328] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0161.329] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010598*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000455818, lpReserved=0x0 | out: lpBuffer=0xc000010598*, lpNumberOfCharsWritten=0xc000455818*=0x4) returned 1 [0161.331] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0161.353] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000045818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc000045818*=0x4) returned 1 [0161.355] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00046b818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc00046b818*=0x4) returned 1 [0161.355] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010100*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00042b818, lpReserved=0x0 | out: lpBuffer=0xc000010100*, lpNumberOfCharsWritten=0xc00042b818*=0x3) returned 1 [0161.356] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010108*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004d9818, lpReserved=0x0 | out: lpBuffer=0xc000010108*, lpNumberOfCharsWritten=0xc0004d9818*=0x4) returned 1 [0161.357] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010120*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001d9818, lpReserved=0x0 | out: lpBuffer=0xc000010120*, lpNumberOfCharsWritten=0xc0001d9818*=0x4) returned 1 [0161.357] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010128*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002d7818, lpReserved=0x0 | out: lpBuffer=0xc000010128*, lpNumberOfCharsWritten=0xc0002d7818*=0x4) returned 1 [0161.358] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010130*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000195818, lpReserved=0x0 | out: lpBuffer=0xc000010130*, lpNumberOfCharsWritten=0xc000195818*=0x4) returned 1 [0161.359] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010138*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000493818, lpReserved=0x0 | out: lpBuffer=0xc000010138*, lpNumberOfCharsWritten=0xc000493818*=0x4) returned 1 [0161.359] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010150*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001c5818, lpReserved=0x0 | out: lpBuffer=0xc000010150*, lpNumberOfCharsWritten=0xc0001c5818*=0x4) returned 1 [0161.360] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010158*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000193818, lpReserved=0x0 | out: lpBuffer=0xc000010158*, lpNumberOfCharsWritten=0xc000193818*=0x4) returned 1 [0161.360] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010160*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001b9818, lpReserved=0x0 | out: lpBuffer=0xc000010160*, lpNumberOfCharsWritten=0xc0001b9818*=0x4) returned 1 [0161.361] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010168*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000155818, lpReserved=0x0 | out: lpBuffer=0xc000010168*, lpNumberOfCharsWritten=0xc000155818*=0x4) returned 1 [0161.361] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010180*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002d3818, lpReserved=0x0 | out: lpBuffer=0xc000010180*, lpNumberOfCharsWritten=0xc0002d3818*=0x4) returned 1 [0161.362] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010188*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000381818, lpReserved=0x0 | out: lpBuffer=0xc000010188*, lpNumberOfCharsWritten=0xc000381818*=0x4) returned 1 [0161.362] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010190*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000439818, lpReserved=0x0 | out: lpBuffer=0xc000010190*, lpNumberOfCharsWritten=0xc000439818*=0x4) returned 1 [0161.363] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010198*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc000010198*, lpNumberOfCharsWritten=0xc000175818*=0x4) returned 1 [0161.363] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010200*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000153818, lpReserved=0x0 | out: lpBuffer=0xc000010200*, lpNumberOfCharsWritten=0xc000153818*=0x4) returned 1 [0161.364] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010208*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00014b818, lpReserved=0x0 | out: lpBuffer=0xc000010208*, lpNumberOfCharsWritten=0xc00014b818*=0x4) returned 1 [0161.365] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000067818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc000067818*=0x4) returned 1 [0161.369] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0030*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003e3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0030*, lpNumberOfCharsWritten=0xc0003e3818*=0x4) returned 1 [0161.372] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0161.373] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0038*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001e7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0038*, lpNumberOfCharsWritten=0xc0001e7818*=0x4) returned 1 [0161.380] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0160*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000485818, lpReserved=0x0 | out: lpBuffer=0xc0000a0160*, lpNumberOfCharsWritten=0xc000485818*=0x4) returned 1 [0161.382] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0168*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000421818, lpReserved=0x0 | out: lpBuffer=0xc0000a0168*, lpNumberOfCharsWritten=0xc000421818*=0x4) returned 1 [0161.383] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002a1818, lpReserved=0x0 | out: lpBuffer=0xc0000a01a0*, lpNumberOfCharsWritten=0xc0002a1818*=0x3) returned 1 [0161.385] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060000*, nNumberOfCharsToWrite=0x56, lpNumberOfCharsWritten=0xc0001cd808, lpReserved=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfCharsWritten=0xc0001cd808*=0x56) returned 1 [0161.386] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0161.386] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0161.388] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0161.389] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x728 [0161.993] GetConsoleMode (in: hConsoleHandle=0x728, lpMode=0xc0001cdd64 | out: lpMode=0xc0001cdd64) returned 0 [0162.309] GetFileType (hFile=0x728) returned 0x1 [0162.309] WriteFile (in: hFile=0x728, lpBuffer=0xc000120000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesWritten=0xc0001cdd4c*=0x158, lpOverlapped=0x0) returned 1 [0162.311] CloseHandle (hObject=0x728) returned 1 [0162.311] VirtualAlloc (lpAddress=0xc000298000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000298000 [0162.312] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0162.313] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0166.886] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0167.007] SetEvent (hEvent=0xa60) returned 1 [0167.007] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0167.013] SetEvent (hEvent=0x354) returned 1 [0167.013] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0167.029] SetEvent (hEvent=0xa10) returned 1 [0167.029] SetEvent (hEvent=0xa40) returned 1 [0167.029] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0167.058] SetEvent (hEvent=0xa10) returned 1 [0167.059] VirtualFree (lpAddress=0xc000332000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.059] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.060] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.061] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.061] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.062] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.063] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.064] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.064] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.065] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a2200*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0xc0003a9808, lpReserved=0x0 | out: lpBuffer=0xc0000a2200*, lpNumberOfCharsWritten=0xc0003a9808*=0x3d) returned 1 [0167.067] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c8090*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0003a9808, lpReserved=0x0 | out: lpBuffer=0xc0000c8090*, lpNumberOfCharsWritten=0xc0003a9808*=0x11) returned 1 [0167.071] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c8180*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0003a9808, lpReserved=0x0 | out: lpBuffer=0xc0000c8180*, lpNumberOfCharsWritten=0xc0003a9808*=0x11) returned 1 [0167.076] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) returned 0x0 [0167.100] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-SendTo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-sendto"), dwFlags=0x1) returned 1 [0167.398] WaitForSingleObject (hHandle=0x324, dwMilliseconds=0xffffffff) Thread: id = 50 os_tid = 0x618 [0116.155] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2ce9fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2ce9fea0*=0x330) returned 1 [0116.155] VirtualQuery (in: lpAddress=0x2ce9fec0, lpBuffer=0x2ce9fec0, dwLength=0x30 | out: lpBuffer=0x2ce9fec0*(BaseAddress=0x2ce9f000, AllocationBase=0x2cca0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.155] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x218 [0116.156] GetConsoleMode (in: hConsoleHandle=0x218, lpMode=0xc000273cf4 | out: lpMode=0xc000273cf4) returned 0 [0116.157] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x334 [0116.157] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x338 [0116.157] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0116.204] SetEvent (hEvent=0x1dc) returned 1 [0116.204] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0116.210] SetEvent (hEvent=0x318) returned 1 [0116.211] SetEvent (hEvent=0x324) returned 1 [0116.211] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0116.280] GetFileType (hFile=0x240) returned 0x1 [0116.280] WriteFile (in: hFile=0x240, lpBuffer=0xc0000be420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000be420*, lpNumberOfBytesWritten=0xc0002a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.280] CloseHandle (hObject=0x240) returned 1 [0116.284] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUL3E[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbul3e[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBUL3E[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbbul3e[1].jpg"), dwFlags=0x1) returned 1 [0116.802] SetEvent (hEvent=0x2b0) returned 1 [0116.802] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0116.808] SetEvent (hEvent=0x1dc) returned 1 [0116.808] SetEvent (hEvent=0x324) returned 1 [0116.808] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0116.815] SetEvent (hEvent=0x2b0) returned 1 [0116.815] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0117.369] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0117.370] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0117.374] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0117.455] GetFileType (hFile=0x2f4) returned 0x1 [0117.455] GetFileType (hFile=0x2f4) returned 0x1 [0117.455] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0117.456] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0117.456] ReadFile (in: hFile=0x2f4, lpBuffer=0xc000071500, nNumberOfBytesToRead=0xa28, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc000071500*, lpNumberOfBytesRead=0xc000117c04*=0x828, lpOverlapped=0x0) returned 1 [0117.462] ReadFile (in: hFile=0x2f4, lpBuffer=0xc000071d28, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc000071d28*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0117.462] CloseHandle (hObject=0x2f4) returned 1 [0117.462] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0117.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x22c [0117.596] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0117.694] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0117.695] GetFileType (hFile=0x22c) returned 0x1 [0117.695] WriteFile (in: hFile=0x22c, lpBuffer=0xc00024e000*, nNumberOfBytesToWrite=0x830, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc00024e000*, lpNumberOfBytesWritten=0xc000117cec*=0x830, lpOverlapped=0x0) returned 1 [0117.696] CloseHandle (hObject=0x22c) returned 1 [0117.706] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0117.762] SetEvent (hEvent=0x318) returned 1 [0117.762] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0117.966] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0117.979] SetEvent (hEvent=0x304) returned 1 [0117.979] SetEvent (hEvent=0x24c) returned 1 [0117.979] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x230 [0117.980] GetConsoleMode (in: hConsoleHandle=0x230, lpMode=0xc00023fcf4 | out: lpMode=0xc00023fcf4) returned 0 [0117.981] GetFileType (hFile=0x230) returned 0x1 [0117.981] GetFileType (hFile=0x230) returned 0x1 [0117.981] GetFileInformationByHandle (in: hFile=0x230, lpFileInformation=0xc00023fd44 | out: lpFileInformation=0xc00023fd44) returned 1 [0117.981] GetFileInformationByHandleEx (in: hFile=0x230, FileInformationClass=0x9, lpFileInformation=0xc00023fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023fd28) returned 1 [0117.981] VirtualAlloc (lpAddress=0xc0005c4000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005c4000 [0117.983] ReadFile (in: hFile=0x230, lpBuffer=0xc0005c4000, nNumberOfBytesToRead=0x6d6d, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0005c4000*, lpNumberOfBytesRead=0xc00023fc04*=0x6b6d, lpOverlapped=0x0) returned 1 [0117.986] ReadFile (in: hFile=0x230, lpBuffer=0xc0005cab6d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0005cab6d*, lpNumberOfBytesRead=0xc00023fc04*=0x0, lpOverlapped=0x0) returned 1 [0117.986] CloseHandle (hObject=0x230) returned 1 [0117.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x230 [0118.011] SetEvent (hEvent=0xc0) returned 1 [0118.011] GetConsoleMode (in: hConsoleHandle=0x230, lpMode=0xc00023fd04 | out: lpMode=0xc00023fd04) returned 0 [0118.012] GetFileType (hFile=0x230) returned 0x1 [0118.012] WriteFile (in: hFile=0x230, lpBuffer=0xc0005cb000*, nNumberOfBytesToWrite=0x6b70, lpNumberOfBytesWritten=0xc00023fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0005cb000*, lpNumberOfBytesWritten=0xc00023fcec*=0x6b70, lpOverlapped=0x0) returned 1 [0118.013] CloseHandle (hObject=0x230) returned 1 [0118.013] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0118.013] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0118.014] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0118.014] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0118.015] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0118.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x230 [0118.015] GetConsoleMode (in: hConsoleHandle=0x230, lpMode=0xc00023fd64 | out: lpMode=0xc00023fd64) returned 0 [0118.016] GetFileType (hFile=0x230) returned 0x1 [0118.016] WriteFile (in: hFile=0x230, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00023fd4c*=0x158, lpOverlapped=0x0) returned 1 [0118.016] CloseHandle (hObject=0x230) returned 1 [0118.016] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-player[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-player[1].js"), dwFlags=0x1) returned 1 [0118.588] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.596] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.602] SetEvent (hEvent=0x13c) returned 1 [0118.602] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.610] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.613] SetEvent (hEvent=0x39c) returned 1 [0118.613] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.621] SetEvent (hEvent=0x274) returned 1 [0118.621] SetEvent (hEvent=0x13c) returned 1 [0118.621] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.624] SetEvent (hEvent=0x274) returned 1 [0118.625] SetEvent (hEvent=0x24c) returned 1 [0118.625] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.627] SetEvent (hEvent=0x3c8) returned 1 [0118.627] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.629] SetEvent (hEvent=0x24c) returned 1 [0118.629] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.636] SetEvent (hEvent=0x274) returned 1 [0118.636] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.636] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.636] VirtualFree (lpAddress=0xc00007a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.637] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.637] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.637] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.638] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.638] SetEvent (hEvent=0x13c) returned 1 [0118.638] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.649] SetEvent (hEvent=0x274) returned 1 [0118.650] SetEvent (hEvent=0x39c) returned 1 [0118.650] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.714] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x374 [0118.715] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc000035cf4 | out: lpMode=0xc000035cf4) returned 0 [0118.724] GetFileType (hFile=0x374) returned 0x1 [0118.724] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0118.725] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0118.726] GetFileType (hFile=0x374) returned 0x1 [0118.726] GetFileInformationByHandle (in: hFile=0x374, lpFileInformation=0xc000035d44 | out: lpFileInformation=0xc000035d44) returned 1 [0118.726] GetFileInformationByHandleEx (in: hFile=0x374, FileInformationClass=0x9, lpFileInformation=0xc000035d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000035d28) returned 1 [0118.726] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0118.726] ReadFile (in: hFile=0x374, lpBuffer=0xc000104000, nNumberOfBytesToRead=0x4ed, lpNumberOfBytesRead=0xc000035c04, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesRead=0xc000035c04*=0x2ed, lpOverlapped=0x0) returned 1 [0118.731] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.821] SetEvent (hEvent=0xc0) returned 1 [0118.821] ReadFile (in: hFile=0x374, lpBuffer=0xc0001042ed, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000035c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001042ed*, lpNumberOfBytesRead=0xc000035c04*=0x0, lpOverlapped=0x0) returned 1 [0118.821] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.927] CloseHandle (hObject=0x374) returned 1 [0118.927] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374 [0118.928] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc000035d04 | out: lpMode=0xc000035d04) returned 0 [0118.932] GetFileType (hFile=0x374) returned 0x1 [0118.932] WriteFile (in: hFile=0x374, lpBuffer=0xc000060000*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0xc000035cec, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesWritten=0xc000035cec*=0x2f0, lpOverlapped=0x0) returned 1 [0118.934] CloseHandle (hObject=0x374) returned 1 [0118.934] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a101 | out: pbBuffer=0xc00028a101) returned 1 [0118.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374 [0118.934] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc000035d64 | out: lpMode=0xc000035d64) returned 0 [0118.947] GetFileType (hFile=0x374) returned 0x1 [0118.947] WriteFile (in: hFile=0x374, lpBuffer=0xc000238580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000035d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000238580*, lpNumberOfBytesWritten=0xc000035d4c*=0x158, lpOverlapped=0x0) returned 1 [0118.947] CloseHandle (hObject=0x374) returned 1 [0118.947] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-AA6SFRQ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-aa6sfrq[2].png"), dwFlags=0x1) returned 1 [0118.948] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f698, ulNumEntriesRemoved=0x2ce9f66c) returned 0 [0118.948] SetEvent (hEvent=0xec) returned 1 [0118.948] SetEvent (hEvent=0x29c) returned 1 [0118.949] SetEvent (hEvent=0x1a0) returned 1 [0118.949] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe08*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.955] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.955] SetEvent (hEvent=0x29c) returned 1 [0118.955] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe08*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.958] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.958] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe30*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.959] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f6a0, ulNumEntriesRemoved=0x2ce9f674) returned 0 [0118.959] SetEvent (hEvent=0xc0) returned 1 [0118.959] SetEvent (hEvent=0xec) returned 1 [0118.959] SetEvent (hEvent=0x29c) returned 1 [0118.959] SetEvent (hEvent=0x114) returned 1 [0118.959] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe18*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.972] SetEvent (hEvent=0x120) returned 1 [0118.972] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.976] SetEvent (hEvent=0x324) returned 1 [0118.976] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0118.978] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0118.979] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000139cf4 | out: lpMode=0xc000139cf4) returned 0 [0118.979] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0119.098] GetFileType (hFile=0x1ec) returned 0x1 [0119.098] GetFileType (hFile=0x1ec) returned 0x1 [0119.098] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc000139d44 | out: lpFileInformation=0xc000139d44) returned 1 [0119.098] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc000139d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000139d28) returned 1 [0119.098] ReadFile (in: hFile=0x1ec, lpBuffer=0xc000126a80, nNumberOfBytesToRead=0x9fd, lpNumberOfBytesRead=0xc000139c04, lpOverlapped=0x0 | out: lpBuffer=0xc000126a80*, lpNumberOfBytesRead=0xc000139c04*=0x7fd, lpOverlapped=0x0) returned 1 [0119.103] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00012727d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000139c04, lpOverlapped=0x0 | out: lpBuffer=0xc00012727d*, lpNumberOfBytesRead=0xc000139c04*=0x0, lpOverlapped=0x0) returned 1 [0119.103] CloseHandle (hObject=0x1ec) returned 1 [0119.103] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0119.104] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0119.141] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc000139d04 | out: lpMode=0xc000139d04) returned 0 [0119.144] GetFileType (hFile=0x308) returned 0x1 [0119.144] WriteFile (in: hFile=0x308, lpBuffer=0xc000162000*, nNumberOfBytesToWrite=0x800, lpNumberOfBytesWritten=0xc000139cec, lpOverlapped=0x0 | out: lpBuffer=0xc000162000*, lpNumberOfBytesWritten=0xc000139cec*=0x800, lpOverlapped=0x0) returned 1 [0119.145] CloseHandle (hObject=0x308) returned 1 [0119.146] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0101 | out: pbBuffer=0xc0002f0101) returned 1 [0119.146] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0119.147] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0119.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0119.148] GetConsoleMode (in: hConsoleHandle=0x260, lpMode=0xc000139d64 | out: lpMode=0xc000139d64) returned 0 [0119.149] GetFileType (hFile=0x260) returned 0x1 [0119.149] WriteFile (in: hFile=0x260, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000139d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000139d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.149] CloseHandle (hObject=0x260) returned 1 [0119.150] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbc0g7a[1].jpg"), dwFlags=0x1) returned 1 [0119.672] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0119.672] SetEvent (hEvent=0x30c) returned 1 [0119.673] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0119.674] SetEvent (hEvent=0x30c) returned 1 [0119.674] SwitchToThread () returned 1 [0119.675] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0119.678] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0119.679] SwitchToThread () returned 1 [0119.776] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0120.607] GetFileType (hFile=0x2cc) returned 0x1 [0120.607] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0001869a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001869a0*, lpNumberOfBytesWritten=0xc00020dd4c*=0x158, lpOverlapped=0x0) returned 1 [0120.607] CloseHandle (hObject=0x2cc) returned 1 [0120.614] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0120.631] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0120.631] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0120.632] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0120.633] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg"), dwFlags=0x1) returned 1 [0120.894] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0120.896] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0120.897] SetEvent (hEvent=0x12c) returned 1 [0120.897] SetEvent (hEvent=0x148) returned 1 [0120.898] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001ab818, lpReserved=0x0 | out: lpBuffer=0xc000010060*, lpNumberOfCharsWritten=0xc0001ab818*=0x3) returned 1 [0120.898] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0120.903] SetEvent (hEvent=0x12c) returned 1 [0120.903] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0122.303] SetEvent (hEvent=0xfc) returned 1 [0122.303] SetEvent (hEvent=0x30c) returned 1 [0122.303] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0123.849] SetEvent (hEvent=0x12c) returned 1 [0123.849] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0123.863] SetEvent (hEvent=0x114) returned 1 [0123.863] SetEvent (hEvent=0x320) returned 1 [0123.863] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0123.863] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0123.864] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0123.865] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0123.865] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0123.866] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0123.866] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\1\\0B\\FCBF5d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\1\\0b\\fcbf5d01"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0123.867] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001d5cf4 | out: lpMode=0xc0001d5cf4) returned 0 [0123.868] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0123.879] GetFileType (hFile=0x36c) returned 0x1 [0123.879] GetFileType (hFile=0x36c) returned 0x1 [0123.879] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0001d5d44 | out: lpFileInformation=0xc0001d5d44) returned 1 [0123.879] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0001d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d5d28) returned 1 [0123.880] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x22000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0123.884] ReadFile (in: hFile=0x36c, lpBuffer=0xc0002f6000, nNumberOfBytesToRead=0x206fd, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesRead=0xc0001d5c04*=0x204fd, lpOverlapped=0x0) returned 1 [0123.894] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0123.913] ReadFile (in: hFile=0x36c, lpBuffer=0xc0003164fd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003164fd*, lpNumberOfBytesRead=0xc0001d5c04*=0x0, lpOverlapped=0x0) returned 1 [0123.913] CloseHandle (hObject=0x36c) returned 1 [0123.913] SetEvent (hEvent=0xec) returned 1 [0123.913] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0128.521] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00028a000*, nNumberOfCharsToWrite=0x7a, lpNumberOfCharsWritten=0xc00026f808, lpReserved=0x0 | out: lpBuffer=0xc00028a000*, lpNumberOfCharsWritten=0xc00026f808*=0x7a) returned 1 [0128.523] SetEvent (hEvent=0x258) returned 1 [0128.523] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a101 | out: pbBuffer=0xc00028a101) returned 1 [0128.523] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0128.523] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0128.524] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0128.525] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0128.525] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0128.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0130.618] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00026fd64 | out: lpMode=0xc00026fd64) returned 0 [0130.642] GetFileType (hFile=0x240) returned 0x1 [0130.642] WriteFile (in: hFile=0x240, lpBuffer=0xc000094dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000094dc0*, lpNumberOfBytesWritten=0xc00026fd4c*=0x158, lpOverlapped=0x0) returned 1 [0130.643] CloseHandle (hObject=0x240) returned 1 [0130.644] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0130.655] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0132.975] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0132.985] SwitchToThread () returned 1 [0132.985] SetEvent (hEvent=0x144) returned 1 [0132.985] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0132.986] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0132.987] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0132.988] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0000f5cf4 | out: lpMode=0xc0000f5cf4) returned 0 [0132.989] GetFileType (hFile=0x2f4) returned 0x1 [0132.989] GetFileType (hFile=0x2f4) returned 0x1 [0132.989] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc0000f5d44 | out: lpFileInformation=0xc0000f5d44) returned 1 [0132.989] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc0000f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f5d28) returned 1 [0132.989] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0132.990] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0000ba000, nNumberOfBytesToRead=0x2dc, lpNumberOfBytesRead=0xc0000f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ba000*, lpNumberOfBytesRead=0xc0000f5c04*=0xdc, lpOverlapped=0x0) returned 1 [0132.991] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0000ba0dc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ba0dc*, lpNumberOfBytesRead=0xc0000f5c04*=0x0, lpOverlapped=0x0) returned 1 [0132.991] CloseHandle (hObject=0x2f4) returned 1 [0132.992] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0132.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.041] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.041] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0133.042] SetEvent (hEvent=0x1b4) returned 1 [0133.042] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9\\*", lpFindFileData=0xc0000f5a08 | out: lpFindFileData=0xc0000f5a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.042] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.044] SetEvent (hEvent=0x1b4) returned 1 [0133.044] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000f5720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.044] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d2000*, nNumberOfCharsToWrite=0x8c, lpNumberOfCharsWritten=0xc0000f5808, lpReserved=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfCharsWritten=0xc0000f5808*=0x8c) returned 1 [0133.045] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.049] SetEvent (hEvent=0x12c) returned 1 [0133.049] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.049] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0133.050] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0133.050] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0133.050] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0133.051] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0133.051] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc0000f5d64 | out: lpMode=0xc0000f5d64) returned 0 [0133.052] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.057] GetFileType (hFile=0x2c4) returned 0x1 [0133.057] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0133.057] WriteFile (in: hFile=0x2c4, lpBuffer=0xc000074000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000074000*, lpNumberOfBytesWritten=0xc0000f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.058] CloseHandle (hObject=0x2c4) returned 1 [0133.059] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0133.059] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0133.060] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwFlags=0x1) returned 1 [0133.443] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f698, ulNumEntriesRemoved=0x2ce9f66c) returned 0 [0133.443] SetEvent (hEvent=0xec) returned 1 [0133.443] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe08*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.444] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.444] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f6a0, ulNumEntriesRemoved=0x2ce9f674) returned 0 [0133.444] SetEvent (hEvent=0xec) returned 1 [0133.444] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe18*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.448] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.467] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.476] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.480] SetEvent (hEvent=0x1a0) returned 1 [0133.480] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.480] SetEvent (hEvent=0x1a0) returned 1 [0133.480] SetEvent (hEvent=0x39c) returned 1 [0133.481] VirtualFree (lpAddress=0xc0002fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.481] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.481] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.482] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.482] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0133.483] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.483] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.483] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.484] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d7818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc0002d7818*=0x2) returned 1 [0133.485] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.491] SetEvent (hEvent=0x30c) returned 1 [0133.492] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.494] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0133.495] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0002d7cf4 | out: lpMode=0xc0002d7cf4) returned 0 [0133.495] GetFileType (hFile=0x2f0) returned 0x1 [0133.496] GetFileType (hFile=0x2f0) returned 0x1 [0133.496] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0002d7d44 | out: lpFileInformation=0xc0002d7d44) returned 1 [0133.496] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0002d7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d7d28) returned 1 [0133.496] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0133.496] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00002c000, nNumberOfBytesToRead=0x386, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c000*, lpNumberOfBytesRead=0xc0002d7c04*=0x186, lpOverlapped=0x0) returned 1 [0133.498] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00002c186, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c186*, lpNumberOfBytesRead=0xc0002d7c04*=0x0, lpOverlapped=0x0) returned 1 [0133.498] CloseHandle (hObject=0x2f0) returned 1 [0133.498] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0133.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.502] SetEvent (hEvent=0xc0) returned 1 [0133.502] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1\\*", lpFindFileData=0xc0002d7a08 | out: lpFindFileData=0xc0002d7a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.502] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002d7720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.502] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0002d7808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0002d7808*=0xad) returned 1 [0133.505] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.505] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0133.506] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0133.506] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0002d7d64 | out: lpMode=0xc0002d7d64) returned 0 [0133.507] GetFileType (hFile=0x2cc) returned 0x1 [0133.507] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0002d7d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.507] CloseHandle (hObject=0x2cc) returned 1 [0133.508] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0133.509] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-8059E9A0D314877E40FE93D8CCFB3C69_50167909FCFE0C66153F1901439CBBA1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-8059e9a0d314877e40fe93d8ccfb3c69_50167909fcfe0c66153f1901439cbba1"), dwFlags=0x1) returned 1 [0133.541] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe30*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.541] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f698, ulNumEntriesRemoved=0x2ce9f66c) returned 0 [0133.541] SetEvent (hEvent=0x30c) returned 1 [0133.541] SetEvent (hEvent=0xec) returned 1 [0133.542] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe08*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.544] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f6a0, ulNumEntriesRemoved=0x2ce9f674) returned 0 [0133.545] SetEvent (hEvent=0xec) returned 1 [0133.545] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe18*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.550] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.566] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.602] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.627] SetEvent (hEvent=0x30c) returned 1 [0133.627] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.628] SetEvent (hEvent=0x30c) returned 1 [0133.628] SwitchToThread () returned 1 [0133.629] SetEvent (hEvent=0x324) returned 1 [0133.629] SetEvent (hEvent=0x30c) returned 1 [0133.629] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0133.630] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0000c7cf4 | out: lpMode=0xc0000c7cf4) returned 0 [0133.631] GetFileType (hFile=0x2f0) returned 0x1 [0133.631] GetFileType (hFile=0x2f0) returned 0x1 [0133.631] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0000c7d44 | out: lpFileInformation=0xc0000c7d44) returned 1 [0133.631] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0000c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c7d28) returned 1 [0133.631] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0133.632] ReadFile (in: hFile=0x2f0, lpBuffer=0xc000056000, nNumberOfBytesToRead=0x382, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesRead=0xc0000c7c04*=0x182, lpOverlapped=0x0) returned 1 [0133.633] ReadFile (in: hFile=0x2f0, lpBuffer=0xc000056182, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000056182*, lpNumberOfBytesRead=0xc0000c7c04*=0x0, lpOverlapped=0x0) returned 1 [0133.633] CloseHandle (hObject=0x2f0) returned 1 [0133.633] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0133.634] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0133.634] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0133.635] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0133.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.641] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30\\*", lpFindFileData=0xc0000c7a08 | out: lpFindFileData=0xc0000c7a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.641] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000c7720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.641] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0000c7808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0000c7808*=0xad) returned 1 [0133.643] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0133.644] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.644] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0133.645] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0133.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0133.646] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0000c7d64 | out: lpMode=0xc0000c7d64) returned 0 [0133.650] GetFileType (hFile=0x2cc) returned 0x1 [0133.650] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0133.650] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0133.651] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000dc000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesWritten=0xc0000c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.651] CloseHandle (hObject=0x2cc) returned 1 [0133.658] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-8059E9A0D314877E40FE93D8CCFB3C69_F2318F7AB33980A131A265454C39CA30" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-8059e9a0d314877e40fe93d8ccfb3c69_f2318f7ab33980a131a265454c39ca30"), dwFlags=0x1) returned 1 [0133.686] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe30*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.687] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f698, ulNumEntriesRemoved=0x2ce9f66c) returned 0 [0133.687] SetEvent (hEvent=0x30c) returned 1 [0133.687] SetEvent (hEvent=0xec) returned 1 [0133.687] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe08*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.692] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f6a0, ulNumEntriesRemoved=0x2ce9f674) returned 0 [0133.692] SetEvent (hEvent=0xec) returned 1 [0133.692] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe18*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.697] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.720] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.736] SetEvent (hEvent=0x39c) returned 1 [0133.736] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.741] SetEvent (hEvent=0x39c) returned 1 [0133.741] SetEvent (hEvent=0x1a0) returned 1 [0133.741] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.741] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.742] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.742] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d7818, lpReserved=0x0 | out: lpBuffer=0xc00005e018*, lpNumberOfCharsWritten=0xc0002d7818*=0x2) returned 1 [0133.744] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.750] SetEvent (hEvent=0x1a0) returned 1 [0133.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0133.751] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0002d7cf4 | out: lpMode=0xc0002d7cf4) returned 0 [0133.753] GetFileType (hFile=0x2f0) returned 0x1 [0133.753] GetFileType (hFile=0x2f0) returned 0x1 [0133.753] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0002d7d44 | out: lpFileInformation=0xc0002d7d44) returned 1 [0133.753] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0002d7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d7d28) returned 1 [0133.753] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0133.754] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0133.755] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0000f0000, nNumberOfBytesToRead=0x356, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesRead=0xc0002d7c04*=0x156, lpOverlapped=0x0) returned 1 [0133.756] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0000f0156, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0156*, lpNumberOfBytesRead=0xc0002d7c04*=0x0, lpOverlapped=0x0) returned 1 [0133.756] CloseHandle (hObject=0x2f0) returned 1 [0133.756] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0133.757] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0133.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.767] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0133.767] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015\\*", lpFindFileData=0xc0002d7a08 | out: lpFindFileData=0xc0002d7a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.768] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002d7720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.768] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0133.768] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d2000*, nNumberOfCharsToWrite=0x8c, lpNumberOfCharsWritten=0xc0002d7808, lpReserved=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfCharsWritten=0xc0002d7808*=0x8c) returned 1 [0133.770] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.770] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0133.771] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0133.771] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0002d7d64 | out: lpMode=0xc0002d7d64) returned 0 [0133.771] GetFileType (hFile=0x2cc) returned 0x1 [0133.771] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000fc420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc420*, lpNumberOfBytesWritten=0xc0002d7d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.772] CloseHandle (hObject=0x2cc) returned 1 [0133.774] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0133.774] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-94308059B57B3142E455B38A6EB92015" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-94308059b57b3142e455b38a6eb92015"), dwFlags=0x1) returned 1 [0133.829] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f698, ulNumEntriesRemoved=0x2ce9f66c) returned 0 [0133.829] SetEvent (hEvent=0x1a0) returned 1 [0133.829] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0133.831] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe08*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.831] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f6a0, ulNumEntriesRemoved=0x2ce9f674) returned 0 [0133.832] SetEvent (hEvent=0x1a0) returned 1 [0133.832] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe18*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.837] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.856] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.866] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.880] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.891] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.896] SetEvent (hEvent=0xec) returned 1 [0133.896] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.897] SetEvent (hEvent=0xec) returned 1 [0133.897] SetEvent (hEvent=0x39c) returned 1 [0133.897] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.897] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.898] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.898] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.899] VirtualFree (lpAddress=0xc00004c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0133.899] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00012f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc00012f818*=0x2) returned 1 [0133.901] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0133.908] SetEvent (hEvent=0x39c) returned 1 [0133.908] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0133.909] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0133.909] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0133.910] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000159cf4 | out: lpMode=0xc000159cf4) returned 0 [0133.911] GetFileType (hFile=0x1b0) returned 0x1 [0133.911] GetFileType (hFile=0x1b0) returned 0x1 [0133.911] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000159d44 | out: lpFileInformation=0xc000159d44) returned 1 [0133.911] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000159d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000159d28) returned 1 [0133.911] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0133.912] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00002c000, nNumberOfBytesToRead=0x3a0, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c000*, lpNumberOfBytesRead=0xc000159c04*=0x1a0, lpOverlapped=0x0) returned 1 [0133.913] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00002c1a0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000159c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c1a0*, lpNumberOfBytesRead=0xc000159c04*=0x0, lpOverlapped=0x0) returned 1 [0133.913] CloseHandle (hObject=0x1b0) returned 1 [0133.913] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0133.914] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0133.915] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.924] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0133.925] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852\\*", lpFindFileData=0xc000159a08 | out: lpFindFileData=0xc000159a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.925] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000159720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.925] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc000159808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000159808*=0xad) returned 1 [0133.926] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0133.927] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.927] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0133.928] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0133.928] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000159d64 | out: lpMode=0xc000159d64) returned 0 [0133.928] GetFileType (hFile=0x1b0) returned 0x1 [0133.928] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000159d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000159d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.929] CloseHandle (hObject=0x1b0) returned 1 [0133.929] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-B3BB9C1BA2D19E090AE305B2683903A0_6F0A84CE2BA99BD19D42C92610275852" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-b3bb9c1ba2d19e090ae305b2683903a0_6f0a84ce2ba99bd19d42c92610275852"), dwFlags=0x1) returned 1 [0133.999] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f698, ulNumEntriesRemoved=0x2ce9f66c) returned 0 [0133.999] SetEvent (hEvent=0x324) returned 1 [0133.999] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe08*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.000] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f6a0, ulNumEntriesRemoved=0x2ce9f674) returned 0 [0134.000] SetEvent (hEvent=0x324) returned 1 [0134.001] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe18*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.004] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.025] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.036] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.040] SetEvent (hEvent=0x1a0) returned 1 [0134.040] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.041] SetEvent (hEvent=0x1a0) returned 1 [0134.041] SetEvent (hEvent=0x39c) returned 1 [0134.041] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.041] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.042] VirtualFree (lpAddress=0xc000056000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.042] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.042] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.043] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000201818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc000201818*=0x2) returned 1 [0134.045] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.053] SetEvent (hEvent=0x39c) returned 1 [0134.053] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0134.054] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0134.054] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0134.055] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0000c1cf4 | out: lpMode=0xc0000c1cf4) returned 0 [0134.056] GetFileType (hFile=0x1b0) returned 0x1 [0134.056] GetFileType (hFile=0x1b0) returned 0x1 [0134.056] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0000c1d44 | out: lpFileInformation=0xc0000c1d44) returned 1 [0134.056] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0000c1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c1d28) returned 1 [0134.056] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0134.057] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00005a000, nNumberOfBytesToRead=0x38e, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfBytesRead=0xc0000c1c04*=0x18e, lpOverlapped=0x0) returned 1 [0134.058] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00005a18e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005a18e*, lpNumberOfBytesRead=0xc0000c1c04*=0x0, lpOverlapped=0x0) returned 1 [0134.058] CloseHandle (hObject=0x1b0) returned 1 [0134.058] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0134.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.067] SetEvent (hEvent=0xc0) returned 1 [0134.067] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0134.068] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF\\*", lpFindFileData=0xc0000c1a08 | out: lpFindFileData=0xc0000c1a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0134.068] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000c1720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0134.068] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0000c1808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0000c1808*=0xad) returned 1 [0134.069] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0134.070] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0134.070] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0134.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0134.071] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0000c1d64 | out: lpMode=0xc0000c1d64) returned 0 [0134.071] GetFileType (hFile=0x1b0) returned 0x1 [0134.071] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0000c1d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.072] CloseHandle (hObject=0x1b0) returned 1 [0134.073] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-c46e7b0f942663a1edc8d9d6d7869173_d9b9f37ece595b0b7b6aa12451d392cf"), dwFlags=0x1) returned 1 [0134.124] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f698, ulNumEntriesRemoved=0x2ce9f66c) returned 0 [0134.124] SetEvent (hEvent=0x324) returned 1 [0134.124] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0134.126] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe08*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.127] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f6a0, ulNumEntriesRemoved=0x2ce9f674) returned 0 [0134.127] SetEvent (hEvent=0x324) returned 1 [0134.127] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe18*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.132] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.154] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.179] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0134.180] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0134.181] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0134.181] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0134.182] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0134.182] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0134.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0134.184] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc00027bcf4 | out: lpMode=0xc00027bcf4) returned 0 [0134.200] GetFileType (hFile=0x2f4) returned 0x1 [0134.200] GetFileType (hFile=0x2f4) returned 0x1 [0134.200] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc00027bd44 | out: lpFileInformation=0xc00027bd44) returned 1 [0134.200] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc00027bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027bd28) returned 1 [0134.200] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0134.201] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0001c0000, nNumberOfBytesToRead=0x2fc, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0000*, lpNumberOfBytesRead=0xc00027bc04*=0xfc, lpOverlapped=0x0) returned 1 [0134.202] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0001c00fc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001c00fc*, lpNumberOfBytesRead=0xc00027bc04*=0x0, lpOverlapped=0x0) returned 1 [0134.202] CloseHandle (hObject=0x2f4) returned 1 [0134.202] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0134.203] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0134.203] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.254] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76\\*", lpFindFileData=0xc00027ba08 | out: lpFindFileData=0xc00027ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0134.254] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0134.255] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00027b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0134.255] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0134.255] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d2360*, nNumberOfCharsToWrite=0x8c, lpNumberOfCharsWritten=0xc00027b808, lpReserved=0x0 | out: lpBuffer=0xc0003d2360*, lpNumberOfCharsWritten=0xc00027b808*=0x8c) returned 1 [0134.258] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.271] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0134.271] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0134.272] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0134.272] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0134.272] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc00027bd64 | out: lpMode=0xc00027bd64) returned 0 [0134.274] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.284] GetFileType (hFile=0x1ec) returned 0x1 [0134.284] WriteFile (in: hFile=0x1ec, lpBuffer=0xc000058000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesWritten=0xc00027bd4c*=0x158, lpOverlapped=0x0) returned 1 [0134.285] CloseHandle (hObject=0x1ec) returned 1 [0134.285] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0134.285] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\f90f18257cbb4d84216ac1e1f3bb2c76"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-f90f18257cbb4d84216ac1e1f3bb2c76"), dwFlags=0x1) returned 1 [0134.288] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.288] VirtualFree (lpAddress=0xc0001ea000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.289] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.289] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.290] VirtualFree (lpAddress=0xc0001a4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.290] VirtualFree (lpAddress=0xc000198000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.291] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.291] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0134.291] VirtualFree (lpAddress=0xc00010c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0134.292] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.293] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.293] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.293] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.294] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.294] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.295] VirtualFree (lpAddress=0xc00005a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.295] VirtualFree (lpAddress=0xc00004e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.295] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.296] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.296] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001cf818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc0001cf818*=0x2) returned 1 [0134.305] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.311] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.325] SetEvent (hEvent=0x39c) returned 1 [0134.325] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.327] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00027b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0040*, lpNumberOfCharsWritten=0xc00027b818*=0x2) returned 1 [0134.333] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0044*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001d3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0044*, lpNumberOfCharsWritten=0xc0001d3818*=0x2) returned 1 [0134.334] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.341] SetEvent (hEvent=0x39c) returned 1 [0134.341] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.342] SetEvent (hEvent=0x39c) returned 1 [0134.342] SetEvent (hEvent=0x12c) returned 1 [0134.342] SetEvent (hEvent=0x324) returned 1 [0134.343] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.344] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.345] SetEvent (hEvent=0x39c) returned 1 [0134.345] SetEvent (hEvent=0x12c) returned 1 [0134.345] VirtualFree (lpAddress=0xc0001ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.346] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.346] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.346] VirtualFree (lpAddress=0xc000162000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.347] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.347] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.348] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.348] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.348] GetFileType (hFile=0x2f0) returned 0x1 [0134.349] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000115d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000115d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.349] CloseHandle (hObject=0x2f0) returned 1 [0134.349] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0134.350] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0134.350] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0134.351] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0134.352] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\encry-index.dat"), dwFlags=0x1) returned 1 [0134.353] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0134.354] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7eec92c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7eec92c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eec92c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2d400)) returned 1 [0134.354] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment"), fInfoLevelId=0x0, lpFileInformation=0xc0001e96a0 | out: lpFileInformation=0xc0001e96a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1ea6db0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.355] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\*", lpFindFileData=0xc0001e9458 | out: lpFindFileData=0xc0001e9458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1ea6db0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.355] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1ea6db0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.355] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa1ea6db0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xfec5c570, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x2cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="deployment.properties", cAlternateFileName="DEPLOY~1.PRO")) returned 1 [0134.355] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1e5aaf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e5aaf0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e5aaf0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="security", cAlternateFileName="")) returned 1 [0134.355] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tmp", cAlternateFileName="")) returned 1 [0134.355] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.355] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.355] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\deployment.properties" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\deployment.properties"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa1ea6db0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1ea6db0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xfec5c570, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x2cf)) returned 1 [0134.355] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\security"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1e5aaf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e5aaf0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e5aaf0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\security"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.356] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\security\\*", lpFindFileData=0xc0001e9380 | out: lpFindFileData=0xc0001e9380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1e5aaf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e5aaf0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e5aaf0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.356] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1e5aaf0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e5aaf0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e5aaf0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.356] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.356] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.356] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\tmp"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\tmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.356] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\*", lpFindFileData=0xc0001e9380 | out: lpFindFileData=0xc0001e9380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.356] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1dc2570, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1dc2570, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.357] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfaeead90, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="si", cAlternateFileName="")) returned 1 [0134.357] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.357] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.357] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\tmp\\si"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfeca8830, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfeca8830, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.357] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\deployment\\tmp\\si"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.357] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\Deployment\\tmp\\si\\*", lpFindFileData=0xc0001e92a8 | out: lpFindFileData=0xc0001e92a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfeca8830, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.358] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xa1dc2570, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xfaeead90, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xfeca8830, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.358] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.358] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.359] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45"), fInfoLevelId=0x0, lpFileInformation=0xc0001e96a0 | out: lpFileInformation=0xc0001e96a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.359] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.360] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\*", lpFindFileData=0xc0001e9458 | out: lpFindFileData=0xc0001e9458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.360] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.360] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x182ac2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Data1.cab", cAlternateFileName="")) returned 1 [0134.360] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68d26e60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xdd600, dwReserved0=0x0, dwReserved1=0x0, cFileName="jre1.7.0_45.msi", cAlternateFileName="JRE170~1.MSI")) returned 1 [0134.360] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.360] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.360] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68cb4a40, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68cb4a40, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x182ac2a)) returned 1 [0134.392] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0134.392] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x68d26e60, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x68d26e60, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x68d26e60, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xdd600)) returned 1 [0134.401] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0134.401] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0134.402] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0134.403] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9928 | out: lpFileInformation=0xc0001e9928*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdbe2d4a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbe2d4a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x3000)) returned 1 [0134.403] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.403] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0134.403] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\*", lpFindFileData=0xc0001e96e0 | out: lpFindFileData=0xc0001e96e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdbe2d4a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbe2d4a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.404] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0134.404] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xdbe2d4a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xdbe2d4a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.405] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x618a0260, ftCreationTime.dwHighDateTime=0x1d5e595, ftLastAccessTime.dwLowDateTime=0x858cf8e0, ftLastAccessTime.dwHighDateTime=0x1d5e6e7, ftLastWriteTime.dwLowDateTime=0x858cf8e0, ftLastWriteTime.dwHighDateTime=0x1d5e6e7, nFileSizeHigh=0x0, nFileSizeLow=0x634a, dwReserved0=0x0, dwReserved1=0x0, cFileName="0S06kHtuWg41.doc", cAlternateFileName="0S06KH~1.DOC")) returned 1 [0134.405] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0134.405] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe3a16e00, ftCreationTime.dwHighDateTime=0x1d5e31a, ftLastAccessTime.dwLowDateTime=0x93e19700, ftLastAccessTime.dwHighDateTime=0x1d5dfb4, ftLastWriteTime.dwLowDateTime=0x93e19700, ftLastWriteTime.dwHighDateTime=0x1d5dfb4, nFileSizeHigh=0x0, nFileSizeLow=0xfb9e, dwReserved0=0x0, dwReserved1=0x0, cFileName="2h7BX4wZQWnTK69Gg7f-.mkv", cAlternateFileName="2H7BX4~1.MKV")) returned 1 [0134.405] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60c6b420, ftCreationTime.dwHighDateTime=0x1d5e3ad, ftLastAccessTime.dwLowDateTime=0x4b6aeb40, ftLastAccessTime.dwHighDateTime=0x1d5e14c, ftLastWriteTime.dwLowDateTime=0x4b6aeb40, ftLastWriteTime.dwHighDateTime=0x1d5e14c, nFileSizeHigh=0x0, nFileSizeLow=0x85a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="2tBPjbJWqnfoG7bq.swf", cAlternateFileName="2TBPJB~1.SWF")) returned 1 [0134.405] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0134.406] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9791a6a0, ftCreationTime.dwHighDateTime=0x1d5d925, ftLastAccessTime.dwLowDateTime=0x121bc870, ftLastAccessTime.dwHighDateTime=0x1d5e48d, ftLastWriteTime.dwLowDateTime=0x121bc870, ftLastWriteTime.dwHighDateTime=0x1d5e48d, nFileSizeHigh=0x0, nFileSizeLow=0xeabd, dwReserved0=0x0, dwReserved1=0x0, cFileName="2u4kZIIXg6dDX L4.csv", cAlternateFileName="2U4KZI~1.CSV")) returned 1 [0134.406] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93db3d00, ftCreationTime.dwHighDateTime=0x1d5e3a7, ftLastAccessTime.dwLowDateTime=0xad44530, ftLastAccessTime.dwHighDateTime=0x1d5e5c1, ftLastWriteTime.dwLowDateTime=0xad44530, ftLastWriteTime.dwHighDateTime=0x1d5e5c1, nFileSizeHigh=0x0, nFileSizeLow=0x11a9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="4KM8RoG4CYMjN HTZo.mp3", cAlternateFileName="4KM8RO~1.MP3")) returned 1 [0134.406] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x243cb70, ftCreationTime.dwHighDateTime=0x1d5dc66, ftLastAccessTime.dwLowDateTime=0x71441bf0, ftLastAccessTime.dwHighDateTime=0x1d5e12b, ftLastWriteTime.dwLowDateTime=0x71441bf0, ftLastWriteTime.dwHighDateTime=0x1d5e12b, nFileSizeHigh=0x0, nFileSizeLow=0x573a, dwReserved0=0x0, dwReserved1=0x0, cFileName="4VdmrOA.mp3", cAlternateFileName="")) returned 1 [0134.406] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc5be6a50, ftCreationTime.dwHighDateTime=0x1d5d8f7, ftLastAccessTime.dwLowDateTime=0xcd8a2160, ftLastAccessTime.dwHighDateTime=0x1d5e23a, ftLastWriteTime.dwLowDateTime=0xcd8a2160, ftLastWriteTime.dwHighDateTime=0x1d5e23a, nFileSizeHigh=0x0, nFileSizeLow=0xde24, dwReserved0=0x0, dwReserved1=0x0, cFileName="5EsJq5j.bmp", cAlternateFileName="")) returned 1 [0134.406] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe8f3da30, ftCreationTime.dwHighDateTime=0x1d5e6d7, ftLastAccessTime.dwLowDateTime=0x5a9a1220, ftLastAccessTime.dwHighDateTime=0x1d5e562, ftLastWriteTime.dwLowDateTime=0x5a9a1220, ftLastWriteTime.dwHighDateTime=0x1d5e562, nFileSizeHigh=0x0, nFileSizeLow=0x2112, dwReserved0=0x0, dwReserved1=0x0, cFileName="7-E6e0AC2.swf", cAlternateFileName="7-E6E0~1.SWF")) returned 1 [0134.406] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6bd97d0, ftCreationTime.dwHighDateTime=0x1d5e53a, ftLastAccessTime.dwLowDateTime=0x440865c0, ftLastAccessTime.dwHighDateTime=0x1d5d897, ftLastWriteTime.dwLowDateTime=0x440865c0, ftLastWriteTime.dwHighDateTime=0x1d5d897, nFileSizeHigh=0x0, nFileSizeLow=0x161ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="9wAeN8VqF.mp3", cAlternateFileName="9WAEN8~1.MP3")) returned 1 [0134.406] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0134.406] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x479cdf0, ftCreationTime.dwHighDateTime=0x1d5df8a, ftLastAccessTime.dwLowDateTime=0x5ee99a10, ftLastAccessTime.dwHighDateTime=0x1d5e389, ftLastWriteTime.dwLowDateTime=0x5ee99a10, ftLastWriteTime.dwHighDateTime=0x1d5e389, nFileSizeHigh=0x0, nFileSizeLow=0x137e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="BEvYNIg0.flv", cAlternateFileName="")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88e38dc0, ftCreationTime.dwHighDateTime=0x1d5e290, ftLastAccessTime.dwLowDateTime=0xab98c390, ftLastAccessTime.dwHighDateTime=0x1d5df79, ftLastWriteTime.dwLowDateTime=0xab98c390, ftLastWriteTime.dwHighDateTime=0x1d5df79, nFileSizeHigh=0x0, nFileSizeLow=0x5fc9, dwReserved0=0x0, dwReserved1=0x0, cFileName="bmK73ApGWN4iut5fSy.flv", cAlternateFileName="BMK73A~1.FLV")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e670ad0, ftCreationTime.dwHighDateTime=0x1d5e732, ftLastAccessTime.dwLowDateTime=0xd9148b40, ftLastAccessTime.dwHighDateTime=0x1d5dde1, ftLastWriteTime.dwLowDateTime=0xd9148b40, ftLastWriteTime.dwHighDateTime=0x1d5dde1, nFileSizeHigh=0x0, nFileSizeLow=0x130e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="CZwCUzEmtmNh.gif", cAlternateFileName="CZWCUZ~1.GIF")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa65f5850, ftCreationTime.dwHighDateTime=0x1d5dae5, ftLastAccessTime.dwLowDateTime=0x185856a0, ftLastAccessTime.dwHighDateTime=0x1d5e130, ftLastWriteTime.dwLowDateTime=0x185856a0, ftLastWriteTime.dwHighDateTime=0x1d5e130, nFileSizeHigh=0x0, nFileSizeLow=0x3760, dwReserved0=0x0, dwReserved1=0x0, cFileName="DBF8dAOE1.mp4", cAlternateFileName="DBF8DA~1.MP4")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x40d25860, ftCreationTime.dwHighDateTime=0x1d5dcc6, ftLastAccessTime.dwLowDateTime=0xeedb13b0, ftLastAccessTime.dwHighDateTime=0x1d5e5af, ftLastWriteTime.dwLowDateTime=0xeedb13b0, ftLastWriteTime.dwHighDateTime=0x1d5e5af, nFileSizeHigh=0x0, nFileSizeLow=0x16e77, dwReserved0=0x0, dwReserved1=0x0, cFileName="fCFRlqHAPk6E4PaQwthT.m4a", cAlternateFileName="FCFRLQ~1.M4A")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd43f8f10, ftCreationTime.dwHighDateTime=0x1d5e10c, ftLastAccessTime.dwLowDateTime=0x6c9a4d10, ftLastAccessTime.dwHighDateTime=0x1d5da53, ftLastWriteTime.dwLowDateTime=0x6c9a4d10, ftLastWriteTime.dwHighDateTime=0x1d5da53, nFileSizeHigh=0x0, nFileSizeLow=0xf7c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="g1 bkExWw19GGl.png", cAlternateFileName="G1BKEX~1.PNG")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x57abfb50, ftCreationTime.dwHighDateTime=0x1d5e701, ftLastAccessTime.dwLowDateTime=0x3ffe52f0, ftLastAccessTime.dwHighDateTime=0x1d5ddec, ftLastWriteTime.dwLowDateTime=0x3ffe52f0, ftLastWriteTime.dwHighDateTime=0x1d5ddec, nFileSizeHigh=0x0, nFileSizeLow=0x16380, dwReserved0=0x0, dwReserved1=0x0, cFileName="hPGCgHVp8qAhlLW.rtf", cAlternateFileName="HPGCGH~1.RTF")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbeccd120, ftCreationTime.dwHighDateTime=0x1d5e2f0, ftLastAccessTime.dwLowDateTime=0xf07210c0, ftLastAccessTime.dwHighDateTime=0x1d5e807, ftLastWriteTime.dwLowDateTime=0xf07210c0, ftLastWriteTime.dwHighDateTime=0x1d5e807, nFileSizeHigh=0x0, nFileSizeLow=0x13563, dwReserved0=0x0, dwReserved1=0x0, cFileName="kiJhDIFPL-rrySe2rYEX.m4a", cAlternateFileName="KIJHDI~1.M4A")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4887560, ftCreationTime.dwHighDateTime=0x1d5e34a, ftLastAccessTime.dwLowDateTime=0xdc5b8ae0, ftLastAccessTime.dwHighDateTime=0x1d5df8c, ftLastWriteTime.dwLowDateTime=0xdc5b8ae0, ftLastWriteTime.dwHighDateTime=0x1d5df8c, nFileSizeHigh=0x0, nFileSizeLow=0x4afc, dwReserved0=0x0, dwReserved1=0x0, cFileName="KmAiPt.mkv", cAlternateFileName="")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6b695060, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6b695060, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Macromedia", cAlternateFileName="MACROM~1")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb12f9fc0, ftCreationTime.dwHighDateTime=0x1d5dd78, ftLastAccessTime.dwLowDateTime=0xe03c3f30, ftLastAccessTime.dwHighDateTime=0x1d5e3b8, ftLastWriteTime.dwLowDateTime=0xe03c3f30, ftLastWriteTime.dwHighDateTime=0x1d5e3b8, nFileSizeHigh=0x0, nFileSizeLow=0xf556, dwReserved0=0x0, dwReserved1=0x0, cFileName="ODSPCiJy6FPPAz71hM.odt", cAlternateFileName="ODSPCI~1.ODT")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xced520e0, ftCreationTime.dwHighDateTime=0x1d5ddb9, ftLastAccessTime.dwLowDateTime=0x23019520, ftLastAccessTime.dwHighDateTime=0x1d5e523, ftLastWriteTime.dwLowDateTime=0x23019520, ftLastWriteTime.dwHighDateTime=0x1d5e523, nFileSizeHigh=0x0, nFileSizeLow=0x1999, dwReserved0=0x0, dwReserved1=0x0, cFileName="PL8Q.flv", cAlternateFileName="")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2b9015f0, ftCreationTime.dwHighDateTime=0x1d5e621, ftLastAccessTime.dwLowDateTime=0xe326cbb0, ftLastAccessTime.dwHighDateTime=0x1d5e5cb, ftLastWriteTime.dwLowDateTime=0xe326cbb0, ftLastWriteTime.dwHighDateTime=0x1d5e5cb, nFileSizeHigh=0x0, nFileSizeLow=0x957a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Rd9uI.gif", cAlternateFileName="")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7edf340, ftCreationTime.dwHighDateTime=0x1d5e38c, ftLastAccessTime.dwLowDateTime=0x24edc060, ftLastAccessTime.dwHighDateTime=0x1d5de62, ftLastWriteTime.dwLowDateTime=0x24edc060, ftLastWriteTime.dwHighDateTime=0x1d5de62, nFileSizeHigh=0x0, nFileSizeLow=0xc293, dwReserved0=0x0, dwReserved1=0x0, cFileName="REINuLLmhp.xls", cAlternateFileName="REINUL~1.XLS")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c713b60, ftCreationTime.dwHighDateTime=0x1d5de64, ftLastAccessTime.dwLowDateTime=0x3aef1110, ftLastAccessTime.dwHighDateTime=0x1d5d9bd, ftLastWriteTime.dwLowDateTime=0x3aef1110, ftLastWriteTime.dwHighDateTime=0x1d5d9bd, nFileSizeHigh=0x0, nFileSizeLow=0x1421e, dwReserved0=0x0, dwReserved1=0x0, cFileName="siwYarWYoo8E913xq.swf", cAlternateFileName="SIWYAR~1.SWF")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x414abc80, ftCreationTime.dwHighDateTime=0x1d5da30, ftLastAccessTime.dwLowDateTime=0x79f93510, ftLastAccessTime.dwHighDateTime=0x1d5e10c, ftLastWriteTime.dwLowDateTime=0x79f93510, ftLastWriteTime.dwHighDateTime=0x1d5e10c, nFileSizeHigh=0x0, nFileSizeLow=0x8d1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="snAEk-WZcVK4W.jpg", cAlternateFileName="SNAEK-~1.JPG")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x38926170, ftCreationTime.dwHighDateTime=0x1d5e4f7, ftLastAccessTime.dwLowDateTime=0xa49dd860, ftLastAccessTime.dwHighDateTime=0x1d5e6fd, ftLastWriteTime.dwLowDateTime=0xa49dd860, ftLastWriteTime.dwHighDateTime=0x1d5e6fd, nFileSizeHigh=0x0, nFileSizeLow=0x7680, dwReserved0=0x0, dwReserved1=0x0, cFileName="uLo5RP3LW6sBTkCtxh.bmp", cAlternateFileName="ULO5RP~1.BMP")) returned 1 [0134.407] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x94b4cd20, ftCreationTime.dwHighDateTime=0x1d5df12, ftLastAccessTime.dwLowDateTime=0x7f44af20, ftLastAccessTime.dwHighDateTime=0x1d5dd44, ftLastWriteTime.dwLowDateTime=0x7f44af20, ftLastWriteTime.dwHighDateTime=0x1d5dd44, nFileSizeHigh=0x0, nFileSizeLow=0x10c6c, dwReserved0=0x0, dwReserved1=0x0, cFileName="vHiL hTnat.png", cAlternateFileName="VHILHT~1.PNG")) returned 1 [0134.408] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4d77c00, ftCreationTime.dwHighDateTime=0x1d5e03f, ftLastAccessTime.dwLowDateTime=0x23a17bc0, ftLastAccessTime.dwHighDateTime=0x1d5e62d, ftLastWriteTime.dwLowDateTime=0x23a17bc0, ftLastWriteTime.dwHighDateTime=0x1d5e62d, nFileSizeHigh=0x0, nFileSizeLow=0xae86, dwReserved0=0x0, dwReserved1=0x0, cFileName="vJidzl.png", cAlternateFileName="")) returned 1 [0134.408] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9103c270, ftCreationTime.dwHighDateTime=0x1d5d8c4, ftLastAccessTime.dwLowDateTime=0xb812b400, ftLastAccessTime.dwHighDateTime=0x1d5e267, ftLastWriteTime.dwLowDateTime=0xb812b400, ftLastWriteTime.dwHighDateTime=0x1d5e267, nFileSizeHigh=0x0, nFileSizeLow=0x7bc0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x6ncJiE.mp3", cAlternateFileName="")) returned 1 [0134.408] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x96c413f0, ftCreationTime.dwHighDateTime=0x1d5d855, ftLastAccessTime.dwLowDateTime=0x911d2af0, ftLastAccessTime.dwHighDateTime=0x1d5db42, ftLastWriteTime.dwLowDateTime=0x911d2af0, ftLastWriteTime.dwHighDateTime=0x1d5db42, nFileSizeHigh=0x0, nFileSizeLow=0x17a72, dwReserved0=0x0, dwReserved1=0x0, cFileName="XGa8DIo5V.png", cAlternateFileName="XGA8DI~1.PNG")) returned 1 [0134.408] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1743fc60, ftCreationTime.dwHighDateTime=0x1d5dfaf, ftLastAccessTime.dwLowDateTime=0x4f72e9e0, ftLastAccessTime.dwHighDateTime=0x1d5e197, ftLastWriteTime.dwLowDateTime=0x4f72e9e0, ftLastWriteTime.dwHighDateTime=0x1d5e197, nFileSizeHigh=0x0, nFileSizeLow=0xe61b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Xl2kGcwhye6UXJEFYf.png", cAlternateFileName="XL2KGC~1.PNG")) returned 1 [0134.408] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70ab1df0, ftCreationTime.dwHighDateTime=0x1d5e465, ftLastAccessTime.dwLowDateTime=0xd15f0250, ftLastAccessTime.dwHighDateTime=0x1d5da93, ftLastWriteTime.dwLowDateTime=0xd15f0250, ftLastWriteTime.dwHighDateTime=0x1d5da93, nFileSizeHigh=0x0, nFileSizeLow=0x676e, dwReserved0=0x0, dwReserved1=0x0, cFileName="YBaYP.m4a", cAlternateFileName="")) returned 1 [0134.408] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd8306620, ftCreationTime.dwHighDateTime=0x1d5df3c, ftLastAccessTime.dwLowDateTime=0x53dff800, ftLastAccessTime.dwHighDateTime=0x1d5e247, ftLastWriteTime.dwLowDateTime=0x53dff800, ftLastWriteTime.dwHighDateTime=0x1d5e247, nFileSizeHigh=0x0, nFileSizeLow=0x69a, dwReserved0=0x0, dwReserved1=0x0, cFileName="YJ1 bBWpUBUXjXklo.mp4", cAlternateFileName="YJ1BBW~1.MP4")) returned 1 [0134.408] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ee9a70, ftCreationTime.dwHighDateTime=0x1d5d7c7, ftLastAccessTime.dwLowDateTime=0x990025b0, ftLastAccessTime.dwHighDateTime=0x1d5df02, ftLastWriteTime.dwLowDateTime=0x990025b0, ftLastWriteTime.dwHighDateTime=0x1d5df02, nFileSizeHigh=0x0, nFileSizeLow=0xb4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="zUbQnUQ_Do w-B.rtf", cAlternateFileName="ZUBQNU~1.RTF")) returned 1 [0134.408] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9710 | out: lpFindFileData=0xc0001e9710*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.408] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.408] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0134.409] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\0S06kHtuWg41.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\0s06khtuwg41.doc"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9850 | out: lpFileInformation=0xc0001e9850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x618a0260, ftCreationTime.dwHighDateTime=0x1d5e595, ftLastAccessTime.dwLowDateTime=0x858cf8e0, ftLastAccessTime.dwHighDateTime=0x1d5e6e7, ftLastWriteTime.dwLowDateTime=0x858cf8e0, ftLastWriteTime.dwHighDateTime=0x1d5e6e7, nFileSizeHigh=0x0, nFileSizeLow=0x634a)) returned 1 [0134.409] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0134.410] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0134.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\2h7BX4wZQWnTK69Gg7f-.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\2h7bx4wzqwntk69gg7f-.mkv"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9850 | out: lpFileInformation=0xc0001e9850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe3a16e00, ftCreationTime.dwHighDateTime=0x1d5e31a, ftLastAccessTime.dwLowDateTime=0x93e19700, ftLastAccessTime.dwHighDateTime=0x1d5dfb4, ftLastWriteTime.dwLowDateTime=0x93e19700, ftLastWriteTime.dwHighDateTime=0x1d5dfb4, nFileSizeHigh=0x0, nFileSizeLow=0xfb9e)) returned 1 [0134.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\2tBPjbJWqnfoG7bq.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\2tbpjbjwqnfog7bq.swf"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9850 | out: lpFileInformation=0xc0001e9850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60c6b420, ftCreationTime.dwHighDateTime=0x1d5e3ad, ftLastAccessTime.dwLowDateTime=0x4b6aeb40, ftLastAccessTime.dwHighDateTime=0x1d5e14c, ftLastWriteTime.dwLowDateTime=0x4b6aeb40, ftLastWriteTime.dwHighDateTime=0x1d5e14c, nFileSizeHigh=0x0, nFileSizeLow=0x85a2)) returned 1 [0134.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\2u4kZIIXg6dDX L4.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\2u4kziixg6ddx l4.csv"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9850 | out: lpFileInformation=0xc0001e9850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9791a6a0, ftCreationTime.dwHighDateTime=0x1d5d925, ftLastAccessTime.dwLowDateTime=0x121bc870, ftLastAccessTime.dwHighDateTime=0x1d5e48d, ftLastWriteTime.dwLowDateTime=0x121bc870, ftLastWriteTime.dwHighDateTime=0x1d5e48d, nFileSizeHigh=0x0, nFileSizeLow=0xeabd)) returned 1 [0134.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4KM8RoG4CYMjN HTZo.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4km8rog4cymjn htzo.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9850 | out: lpFileInformation=0xc0001e9850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x93db3d00, ftCreationTime.dwHighDateTime=0x1d5e3a7, ftLastAccessTime.dwLowDateTime=0xad44530, ftLastAccessTime.dwHighDateTime=0x1d5e5c1, ftLastWriteTime.dwLowDateTime=0xad44530, ftLastWriteTime.dwHighDateTime=0x1d5e5c1, nFileSizeHigh=0x0, nFileSizeLow=0x11a9d)) returned 1 [0134.411] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0134.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\4VdmrOA.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\4vdmroa.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9850 | out: lpFileInformation=0xc0001e9850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x243cb70, ftCreationTime.dwHighDateTime=0x1d5dc66, ftLastAccessTime.dwLowDateTime=0x71441bf0, ftLastAccessTime.dwHighDateTime=0x1d5e12b, ftLastWriteTime.dwLowDateTime=0x71441bf0, ftLastWriteTime.dwHighDateTime=0x1d5e12b, nFileSizeHigh=0x0, nFileSizeLow=0x573a)) returned 1 [0134.411] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\5EsJq5j.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\5esjq5j.bmp"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9850 | out: lpFileInformation=0xc0001e9850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc5be6a50, ftCreationTime.dwHighDateTime=0x1d5d8f7, ftLastAccessTime.dwLowDateTime=0xcd8a2160, ftLastAccessTime.dwHighDateTime=0x1d5e23a, ftLastWriteTime.dwLowDateTime=0xcd8a2160, ftLastWriteTime.dwHighDateTime=0x1d5e23a, nFileSizeHigh=0x0, nFileSizeLow=0xde24)) returned 1 [0134.412] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\7-E6e0AC2.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\7-e6e0ac2.swf"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9850 | out: lpFileInformation=0xc0001e9850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe8f3da30, ftCreationTime.dwHighDateTime=0x1d5e6d7, ftLastAccessTime.dwLowDateTime=0x5a9a1220, ftLastAccessTime.dwHighDateTime=0x1d5e562, ftLastWriteTime.dwLowDateTime=0x5a9a1220, ftLastWriteTime.dwHighDateTime=0x1d5e562, nFileSizeHigh=0x0, nFileSizeLow=0x2112)) returned 1 [0134.412] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9wAeN8VqF.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\9waen8vqf.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9850 | out: lpFileInformation=0xc0001e9850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6bd97d0, ftCreationTime.dwHighDateTime=0x1d5e53a, ftLastAccessTime.dwLowDateTime=0x440865c0, ftLastAccessTime.dwHighDateTime=0x1d5d897, ftLastWriteTime.dwLowDateTime=0x440865c0, ftLastWriteTime.dwHighDateTime=0x1d5d897, nFileSizeHigh=0x0, nFileSizeLow=0x161ec)) returned 1 [0134.412] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0134.413] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0134.413] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9850 | out: lpFileInformation=0xc0001e9850*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.414] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.414] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0134.415] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\*", lpFindFileData=0xc0001e9608 | out: lpFindFileData=0xc0001e9608*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.438] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.438] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0134.438] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0134.438] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Headlights", cAlternateFileName="HEADLI~1")) returned 1 [0134.439] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Linguistics", cAlternateFileName="LINGUI~1")) returned 1 [0134.439] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LogTransport2", cAlternateFileName="LOGTRA~1")) returned 1 [0134.439] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9638 | out: lpFindFileData=0xc0001e9638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.439] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.440] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9778 | out: lpFileInformation=0xc0001e9778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.441] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\*", lpFindFileData=0xc0001e9530 | out: lpFindFileData=0xc0001e9530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.441] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.441] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0134.441] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.441] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.441] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0"), fInfoLevelId=0x0, lpFileInformation=0xc0001e96a0 | out: lpFileInformation=0xc0001e96a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.442] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0xc0001e9458 | out: lpFindFileData=0xc0001e9458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.442] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.442] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Collab", cAlternateFileName="")) returned 1 [0134.442] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Forms", cAlternateFileName="")) returned 1 [0134.442] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JavaScripts", cAlternateFileName="JAVASC~1")) returned 1 [0134.442] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Security", cAlternateFileName="")) returned 1 [0134.442] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.442] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.442] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\collab"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.443] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\collab"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.443] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0134.443] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Collab\\*", lpFindFileData=0xc0001e9380 | out: lpFindFileData=0xc0001e9380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.444] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9f48400, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9f48400, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9f48400, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.444] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.444] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\forms"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\forms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.444] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Forms\\*", lpFindFileData=0xc0001e9380 | out: lpFindFileData=0xc0001e9380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.445] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0134.445] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd9df17a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9df17a0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xd9df17a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.445] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.445] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.446] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.446] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.446] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\*", lpFindFileData=0xc0001e9380 | out: lpFindFileData=0xc0001e9380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.446] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xec7c9cd0, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.446] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="glob.js", cAlternateFileName="")) returned 1 [0134.446] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x0, dwReserved1=0x0, cFileName="glob.settings.js", cAlternateFileName="GLOBSE~1.JS")) returned 1 [0134.446] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.446] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.446] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0134.447] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.js"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.447] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0134.448] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\JavaScripts\\glob.settings.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\javascripts\\glob.settings.js"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xec7c9cd0, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xec7c9cd0, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xedc00b50, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0xa)) returned 1 [0134.448] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.448] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.448] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\*", lpFindFileData=0xc0001e9380 | out: lpFindFileData=0xc0001e9380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.448] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda28e240, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8cdc00, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.449] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda8cdc00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8f3d60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x1517, dwReserved0=0x0, dwReserved1=0x0, cFileName="addressbook.acrodata", cAlternateFileName="ADDRES~1.ACR")) returned 1 [0134.449] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLCache", cAlternateFileName="")) returned 1 [0134.449] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.449] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.449] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.486] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.486] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\*", lpFindFileData=0xc0001e92a8 | out: lpFindFileData=0xc0001e92a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.487] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xda2b43a0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda5adf20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.487] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda5adf20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xdefc97c0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x3a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="48B76449F3D5FEFA1133AA805E420F0FCA643651.crl", cAlternateFileName="48B764~1.CRL")) returned 1 [0134.487] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0134.488] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda3e4ea0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda3e4ea0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xdefa3660, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x9347, dwReserved0=0x0, dwReserved1=0x0, cFileName="A9B8213768ADC68AF64FCC6409E8BE414726687F.crl", cAlternateFileName="A9B821~1.CRL")) returned 1 [0134.488] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e92d8 | out: lpFindFileData=0xc0001e92d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.488] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.488] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0134.488] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9418 | out: lpFileInformation=0xc0001e9418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda5adf20, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda5adf20, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xdefc97c0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x3a5)) returned 1 [0134.489] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\a9b8213768adc68af64fcc6409e8be414726687f.crl"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9418 | out: lpFileInformation=0xc0001e9418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda3e4ea0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda3e4ea0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xdefa3660, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0x9347)) returned 1 [0134.489] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), fInfoLevelId=0x0, lpFileInformation=0xc0001e94f0 | out: lpFileInformation=0xc0001e94f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xda8cdc00, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xda8cdc00, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xda8f3d60, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x1517)) returned 1 [0134.489] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9778 | out: lpFileInformation=0xc0001e9778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.525] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.529] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\*", lpFindFileData=0xc0001e9530 | out: lpFindFileData=0xc0001e9530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.530] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.530] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssetCache", cAlternateFileName="ASSETC~1")) returned 1 [0134.530] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.530] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.530] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache"), fInfoLevelId=0x0, lpFileInformation=0xc0001e96a0 | out: lpFileInformation=0xc0001e96a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.530] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.530] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\*", lpFindFileData=0xc0001e9458 | out: lpFindFileData=0xc0001e9458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.530] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.531] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="D5NTRC6R", cAlternateFileName="")) returned 1 [0134.531] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.531] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.531] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache\\d5ntrc6r"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\flash player\\assetcache\\d5ntrc6r"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.548] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\D5NTRC6R\\*", lpFindFileData=0xc0001e9380 | out: lpFindFileData=0xc0001e9380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.549] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d40bff0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d40bff0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d40bff0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.549] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e93b0 | out: lpFindFileData=0xc0001e93b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.549] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.549] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\headlights"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9778 | out: lpFileInformation=0xc0001e9778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\headlights"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.549] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Headlights\\*", lpFindFileData=0xc0001e9530 | out: lpFindFileData=0xc0001e9530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0134.549] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0134.549] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0001e9560 | out: lpFindFileData=0xc0001e9560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0134.550] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0134.550] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9778 | out: lpFileInformation=0xc0001e9778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0134.554] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.563] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.564] SetEvent (hEvent=0x324) returned 1 [0134.564] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.603] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.604] SetEvent (hEvent=0x39c) returned 1 [0134.605] SetEvent (hEvent=0x324) returned 1 [0134.605] SetEvent (hEvent=0xec) returned 1 [0134.605] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.610] SwitchToThread () returned 1 [0134.618] SetEvent (hEvent=0x39c) returned 1 [0134.618] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.619] SetEvent (hEvent=0x39c) returned 1 [0134.619] SetEvent (hEvent=0x324) returned 1 [0134.619] SetEvent (hEvent=0xec) returned 1 [0134.619] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.632] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0134.633] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0134.633] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0134.633] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0134.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0134.635] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000177cf4 | out: lpMode=0xc000177cf4) returned 0 [0134.653] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.661] SetEvent (hEvent=0xec) returned 1 [0134.661] GetFileType (hFile=0x2f0) returned 0x1 [0134.661] GetFileType (hFile=0x2f0) returned 0x1 [0134.661] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc000177d44 | out: lpFileInformation=0xc000177d44) returned 1 [0134.661] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc000177d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000177d28) returned 1 [0134.661] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0xde000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0134.685] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00058e000, nNumberOfBytesToRead=0xdd800, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesRead=0xc000177c04*=0xdd600, lpOverlapped=0x0) returned 1 [0134.720] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00066b600, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc00066b600*, lpNumberOfBytesRead=0xc000177c04*=0x0, lpOverlapped=0x0) returned 1 [0134.720] CloseHandle (hObject=0x2f0) returned 1 [0134.720] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0xde000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e4000 [0134.741] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0134.742] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0134.751] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000177d04 | out: lpMode=0xc000177d04) returned 0 [0134.780] GetFileType (hFile=0x2f0) returned 0x1 [0134.780] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0006e4000*, nNumberOfBytesToWrite=0xdd610, lpNumberOfBytesWritten=0xc000177cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006e4000*, lpNumberOfBytesWritten=0xc000177cec*=0xdd610, lpOverlapped=0x0) returned 1 [0134.796] CloseHandle (hObject=0x2f0) returned 1 [0134.797] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0134.797] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0134.797] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000177d64 | out: lpMode=0xc000177d64) returned 0 [0134.805] GetFileType (hFile=0x2f0) returned 0x1 [0134.806] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0001eac60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000177d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001eac60*, lpNumberOfBytesWritten=0xc000177d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.806] CloseHandle (hObject=0x2f0) returned 1 [0134.806] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\jre1.7.0_45.msi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\encry-jre1.7.0_45.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\encry-jre1.7.0_45.msi"), dwFlags=0x1) returned 1 [0134.807] SwitchToThread () returned 1 [0134.814] SetEvent (hEvent=0xec) returned 1 [0134.814] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.816] SetEvent (hEvent=0x39c) returned 1 [0134.816] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.818] SwitchToThread () returned 1 [0134.823] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.825] SetEvent (hEvent=0x114) returned 1 [0134.825] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe30*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.825] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f698, ulNumEntriesRemoved=0x2ce9f66c) returned 0 [0134.825] SetEvent (hEvent=0x39c) returned 1 [0134.825] SetEvent (hEvent=0x114) returned 1 [0134.825] SetEvent (hEvent=0xfc) returned 1 [0134.826] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe08*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.844] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.844] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe08*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.844] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f6a0, ulNumEntriesRemoved=0x2ce9f674) returned 0 [0134.845] SetEvent (hEvent=0xec) returned 1 [0134.845] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe18*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.851] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0134.852] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0134.852] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0134.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\2u4kZIIXg6dDX L4.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\2u4kziixg6ddx l4.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0134.853] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001d1cf4 | out: lpMode=0xc0001d1cf4) returned 0 [0134.860] GetFileType (hFile=0x2f0) returned 0x1 [0134.860] GetFileType (hFile=0x2f0) returned 0x1 [0134.861] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0001d1d44 | out: lpFileInformation=0xc0001d1d44) returned 1 [0134.861] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0001d1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d1d28) returned 1 [0134.861] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0134.863] ReadFile (in: hFile=0x2f0, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xecbd, lpNumberOfBytesRead=0xc0001d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0001d1c04*=0xeabd, lpOverlapped=0x0) returned 1 [0134.864] ReadFile (in: hFile=0x2f0, lpBuffer=0xc000220abd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000220abd*, lpNumberOfBytesRead=0xc0001d1c04*=0x0, lpOverlapped=0x0) returned 1 [0134.864] CloseHandle (hObject=0x2f0) returned 1 [0134.864] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0134.865] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0134.865] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0134.867] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\2u4kZIIXg6dDX L4.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\2u4kziixg6ddx l4.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0134.868] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001d1d04 | out: lpMode=0xc0001d1d04) returned 0 [0134.887] GetFileType (hFile=0x2f0) returned 0x1 [0134.887] WriteFile (in: hFile=0x2f0, lpBuffer=0xc00028c000*, nNumberOfBytesToWrite=0xeac0, lpNumberOfBytesWritten=0xc0001d1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesWritten=0xc0001d1cec*=0xeac0, lpOverlapped=0x0) returned 1 [0134.889] CloseHandle (hObject=0x2f0) returned 1 [0134.889] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0134.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\2u4kZIIXg6dDX L4.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\2u4kziixg6ddx l4.csv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0134.889] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001d1d64 | out: lpMode=0xc0001d1d64) returned 0 [0134.891] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.903] GetFileType (hFile=0x2f0) returned 0x1 [0134.903] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.914] WriteFile (in: hFile=0x2f0, lpBuffer=0xc00006a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006a2c0*, lpNumberOfBytesWritten=0xc0001d1d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.914] CloseHandle (hObject=0x2f0) returned 1 [0134.914] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0134.915] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\2u4kZIIXg6dDX L4.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\2u4kziixg6ddx l4.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-2u4kZIIXg6dDX L4.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-2u4kziixg6ddx l4.csv"), dwFlags=0x1) returned 1 [0134.916] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.926] SetEvent (hEvent=0x114) returned 1 [0134.926] SetEvent (hEvent=0x324) returned 1 [0134.926] SwitchToThread () returned 1 [0134.930] SetEvent (hEvent=0x114) returned 1 [0134.930] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.948] SetEvent (hEvent=0x114) returned 1 [0134.948] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.949] SetEvent (hEvent=0x324) returned 1 [0134.949] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.953] SetEvent (hEvent=0x30c) returned 1 [0134.953] SwitchToThread () returned 1 [0134.955] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0134.955] SetEvent (hEvent=0x114) returned 1 [0134.955] SetEvent (hEvent=0x30c) returned 1 [0134.955] SetEvent (hEvent=0xfc) returned 1 [0134.956] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.071] SwitchToThread () returned 1 [0135.170] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0135.171] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.174] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.644] GetFileType (hFile=0x1ec) returned 0x1 [0135.645] GetFileType (hFile=0x1ec) returned 0x1 [0135.645] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc0001d3d44 | out: lpFileInformation=0xc0001d3d44) returned 1 [0135.645] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc0001d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d3d28) returned 1 [0135.645] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0135.645] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x2e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0135.650] ReadFile (in: hFile=0x1ec, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x2d600, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc0001d3c04*=0x2d400, lpOverlapped=0x0) returned 1 [0135.680] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.687] ReadFile (in: hFile=0x1ec, lpBuffer=0xc000373400, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000373400*, lpNumberOfBytesRead=0xc0001d3c04*=0x0, lpOverlapped=0x0) returned 1 [0135.687] CloseHandle (hObject=0x1ec) returned 1 [0135.687] VirtualAlloc (lpAddress=0xc000374000, dwSize=0x2e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000374000 [0135.692] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0135.693] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0135.695] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001d3d04 | out: lpMode=0xc0001d3d04) returned 0 [0135.700] GetFileType (hFile=0x1ec) returned 0x1 [0135.700] WriteFile (in: hFile=0x1ec, lpBuffer=0xc000374000*, nNumberOfBytesToWrite=0x2d410, lpNumberOfBytesWritten=0xc0001d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000374000*, lpNumberOfBytesWritten=0xc0001d3cec*=0x2d410, lpOverlapped=0x0) returned 1 [0135.705] CloseHandle (hObject=0x1ec) returned 1 [0135.705] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0135.705] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0135.705] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0135.706] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001d3d64 | out: lpMode=0xc0001d3d64) returned 0 [0135.723] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.742] GetFileType (hFile=0x1ec) returned 0x1 [0135.742] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.762] SetEvent (hEvent=0x324) returned 1 [0135.762] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.763] SetEvent (hEvent=0x324) returned 1 [0135.763] SetEvent (hEvent=0xec) returned 1 [0135.763] SetEvent (hEvent=0xfc) returned 1 [0135.763] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.766] VirtualFree (lpAddress=0xc000346000, dwSize=0x5c000, dwFreeType=0x4000) returned 1 [0135.768] VirtualFree (lpAddress=0xc0002f2000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0135.769] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0135.770] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.770] VirtualFree (lpAddress=0xc000212000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0135.771] VirtualFree (lpAddress=0xc0001e2000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0135.772] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.772] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.772] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.773] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.773] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0135.773] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0135.774] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.774] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.775] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.775] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.775] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.776] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.776] VirtualFree (lpAddress=0xc000076000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0135.777] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0135.777] VirtualFree (lpAddress=0xc00005a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0135.778] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.778] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.779] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.779] GetFileType (hFile=0x1b0) returned 0x1 [0135.779] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00016c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016c000*, lpNumberOfBytesWritten=0xc0000c3d4c*=0x158, lpOverlapped=0x0) returned 1 [0135.780] CloseHandle (hObject=0x1b0) returned 1 [0135.780] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0135.780] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CZwCUzEmtmNh.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\czwcuzemtmnh.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-CZwCUzEmtmNh.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-czwcuzemtmnh.gif"), dwFlags=0x1) returned 1 [0135.782] WriteFile (in: hFile=0x1ec, lpBuffer=0xc00016c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00016c2c0*, lpNumberOfBytesWritten=0xc0001d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0135.782] CloseHandle (hObject=0x1ec) returned 1 [0135.783] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\au.msi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\AU\\encry-au.msi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\au\\encry-au.msi"), dwFlags=0x1) returned 1 [0135.784] SwitchToThread () returned 1 [0135.791] SetEvent (hEvent=0x324) returned 1 [0135.792] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.793] SetEvent (hEvent=0x324) returned 1 [0135.793] SetEvent (hEvent=0xfc) returned 1 [0135.793] SetEvent (hEvent=0x12c) returned 1 [0135.793] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.798] SwitchToThread () returned 1 [0135.799] SetEvent (hEvent=0x324) returned 1 [0135.799] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.799] SetEvent (hEvent=0x354) returned 1 [0135.799] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.805] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.806] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.807] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.808] SetEvent (hEvent=0x324) returned 1 [0135.808] SetEvent (hEvent=0x12c) returned 1 [0135.808] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.809] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.809] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.810] VirtualFree (lpAddress=0xc000110000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0135.810] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.810] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.811] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.811] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.811] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.812] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.812] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0135.813] SwitchToThread () returned 1 [0135.814] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.815] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.817] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.818] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.818] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.819] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0135.820] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0136.139] SetEvent (hEvent=0x39c) returned 1 [0136.139] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0136.141] SetEvent (hEvent=0x39c) returned 1 [0136.141] SetEvent (hEvent=0x12c) returned 1 [0136.141] SetEvent (hEvent=0x354) returned 1 [0136.141] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0136.154] SetEvent (hEvent=0x39c) returned 1 [0136.154] SetEvent (hEvent=0x3c8) returned 1 [0136.154] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0136.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0136.158] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00027bcf4 | out: lpMode=0xc00027bcf4) returned 0 [0136.159] GetFileType (hFile=0x1b0) returned 0x1 [0136.159] GetFileType (hFile=0x1b0) returned 0x1 [0136.159] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00027bd44 | out: lpFileInformation=0xc00027bd44) returned 1 [0136.159] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00027bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027bd28) returned 1 [0136.159] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0001b6000, nNumberOfBytesToRead=0x23d, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b6000*, lpNumberOfBytesRead=0xc00027bc04*=0x3d, lpOverlapped=0x0) returned 1 [0136.160] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0001b603d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b603d*, lpNumberOfBytesRead=0xc00027bc04*=0x0, lpOverlapped=0x0) returned 1 [0136.160] CloseHandle (hObject=0x1b0) returned 1 [0136.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.160] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f\\*", lpFindFileData=0xc00027ba08 | out: lpFindFileData=0xc00027ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0136.160] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00027b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0136.160] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0136.161] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0136.162] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000244000*, nNumberOfCharsToWrite=0xd0, lpNumberOfCharsWritten=0xc00027b808, lpReserved=0x0 | out: lpBuffer=0xc000244000*, lpNumberOfCharsWritten=0xc00027b808*=0xd0) returned 1 [0136.166] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0136.167] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0136.167] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0136.167] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00027bd64 | out: lpMode=0xc00027bd64) returned 0 [0136.212] GetFileType (hFile=0x240) returned 0x1 [0136.212] WriteFile (in: hFile=0x240, lpBuffer=0xc000236420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000236420*, lpNumberOfBytesWritten=0xc00027bd4c*=0x158, lpOverlapped=0x0) returned 1 [0136.212] CloseHandle (hObject=0x240) returned 1 [0136.212] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\encry-fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\encry-fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwFlags=0x1) returned 1 [0136.214] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f698, ulNumEntriesRemoved=0x2ce9f66c) returned 0 [0136.214] SetEvent (hEvent=0xfc) returned 1 [0136.214] SetEvent (hEvent=0x12c) returned 1 [0136.214] SetEvent (hEvent=0x324) returned 1 [0136.214] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe08*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0136.319] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0136.319] SetEvent (hEvent=0x12c) returned 1 [0136.319] SetEvent (hEvent=0xec) returned 1 [0136.319] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe08*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0136.673] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe30*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0136.781] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0136.781] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f6a0, ulNumEntriesRemoved=0x2ce9f674) returned 0 [0136.781] SetEvent (hEvent=0xc0) returned 1 [0136.781] SetEvent (hEvent=0x3c8) returned 1 [0136.782] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe18*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0136.997] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0136.997] SwitchToThread () returned 1 [0136.998] SetEvent (hEvent=0xfc) returned 1 [0136.999] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ce9fe30*=0x334, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0137.000] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ce9f698, ulCount=0x10, ulNumEntriesRemoved=0x2ce9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ce9f698, ulNumEntriesRemoved=0x2ce9f66c) returned 0 [0137.000] SetEvent (hEvent=0xc0) returned 1 [0137.000] SetEvent (hEvent=0xfc) returned 1 [0137.157] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0137.158] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0137.158] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0137.159] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0137.159] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc00011bcf4 | out: lpMode=0xc00011bcf4) returned 0 [0137.163] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0137.173] SetEvent (hEvent=0xc0) returned 1 [0137.174] SetEvent (hEvent=0xfc) returned 1 [0137.174] GetFileType (hFile=0x2f0) returned 0x1 [0137.174] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0137.307] GetFileType (hFile=0x2f0) returned 0x1 [0137.307] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc00011bd44 | out: lpFileInformation=0xc00011bd44) returned 1 [0137.307] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc00011bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00011bd28) returned 1 [0137.307] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0137.308] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00007e000, nNumberOfBytesToRead=0x322, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesRead=0xc00011bc04*=0x122, lpOverlapped=0x0) returned 1 [0137.309] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00007e122, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e122*, lpNumberOfBytesRead=0xc00011bc04*=0x0, lpOverlapped=0x0) returned 1 [0137.309] CloseHandle (hObject=0x2f0) returned 1 [0137.310] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0137.310] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0137.311] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc00011bd04 | out: lpMode=0xc00011bd04) returned 0 [0137.409] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0137.909] GetFileType (hFile=0x2f0) returned 0x1 [0137.909] WriteFile (in: hFile=0x2f0, lpBuffer=0xc000104000*, nNumberOfBytesToWrite=0x130, lpNumberOfBytesWritten=0xc00011bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesWritten=0xc00011bcec*=0x130, lpOverlapped=0x0) returned 1 [0137.910] CloseHandle (hObject=0x2f0) returned 1 [0137.910] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0137.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0137.911] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc00011bd64 | out: lpMode=0xc00011bd64) returned 0 [0138.014] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0138.116] GetFileType (hFile=0x2cc) returned 0x1 [0138.116] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc000211d44 | out: lpFileInformation=0xc000211d44) returned 1 [0138.116] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc000211d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000211d28) returned 1 [0138.116] ReadFile (in: hFile=0x2cc, lpBuffer=0xc000260900, nNumberOfBytesToRead=0x80b, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc000260900*, lpNumberOfBytesRead=0xc000211c04*=0x60b, lpOverlapped=0x0) returned 1 [0138.117] ReadFile (in: hFile=0x2cc, lpBuffer=0xc000260f0b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc000260f0b*, lpNumberOfBytesRead=0xc000211c04*=0x0, lpOverlapped=0x0) returned 1 [0138.117] CloseHandle (hObject=0x2cc) returned 1 [0138.118] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0138.138] SetEvent (hEvent=0x39c) returned 1 [0138.138] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0138.139] SetEvent (hEvent=0x39c) returned 1 [0138.139] SetEvent (hEvent=0x12c) returned 1 [0138.139] SetEvent (hEvent=0x3c8) returned 1 [0138.139] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0138.141] VirtualFree (lpAddress=0xc001c00000, dwSize=0x310000, dwFreeType=0x4000) returned 1 [0138.157] VirtualFree (lpAddress=0xc001800000, dwSize=0x400000, dwFreeType=0x4000) returned 1 [0138.186] VirtualFree (lpAddress=0xc001400000, dwSize=0x400000, dwFreeType=0x4000) returned 1 [0138.210] VirtualFree (lpAddress=0xc001000000, dwSize=0x400000, dwFreeType=0x4000) returned 1 [0138.331] VirtualFree (lpAddress=0xc000c00000, dwSize=0x400000, dwFreeType=0x4000) returned 1 [0138.485] VirtualFree (lpAddress=0xc000800000, dwSize=0x400000, dwFreeType=0x4000) returned 1 [0138.515] VirtualFree (lpAddress=0xc0006e4000, dwSize=0x11c000, dwFreeType=0x4000) returned 1 [0138.523] VirtualFree (lpAddress=0xc000264000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0138.535] VirtualFree (lpAddress=0xc000202000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0138.536] VirtualFree (lpAddress=0xc0001ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.536] VirtualFree (lpAddress=0xc0001a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.537] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.537] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.538] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.538] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.539] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.539] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0138.540] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.540] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.541] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.541] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.541] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.542] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.542] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.543] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0138.543] SetEvent (hEvent=0x39c) returned 1 [0138.544] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0138.569] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0138.613] SetEvent (hEvent=0x354) returned 1 [0138.613] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0138.825] SetEvent (hEvent=0x354) returned 1 [0138.825] SetEvent (hEvent=0x12c) returned 1 [0138.825] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0138.829] SetEvent (hEvent=0x324) returned 1 [0138.830] SetEvent (hEvent=0x39c) returned 1 [0138.830] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0138.848] VirtualFree (lpAddress=0xc0001a4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0138.848] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.849] VirtualFree (lpAddress=0xc000198000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0138.849] VirtualFree (lpAddress=0xc000184000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.850] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.850] VirtualFree (lpAddress=0xc000162000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0138.850] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.851] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0138.851] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0138.852] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0138.852] SetEvent (hEvent=0x354) returned 1 [0138.852] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0139.805] SetEvent (hEvent=0x30c) returned 1 [0139.805] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0139.836] SetEvent (hEvent=0x12c) returned 1 [0139.836] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0141.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0141.033] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0000f9cf4 | out: lpMode=0xc0000f9cf4) returned 0 [0141.038] GetFileType (hFile=0x1ec) returned 0x1 [0141.038] GetFileType (hFile=0x1ec) returned 0x1 [0141.038] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc0000f9d44 | out: lpFileInformation=0xc0000f9d44) returned 1 [0141.038] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc0000f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f9d28) returned 1 [0141.038] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0141.039] ReadFile (in: hFile=0x1ec, lpBuffer=0xc000198000, nNumberOfBytesToRead=0x456, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000198000*, lpNumberOfBytesRead=0xc0000f9c04*=0x256, lpOverlapped=0x0) returned 1 [0141.069] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0141.266] SetEvent (hEvent=0xc0) returned 1 [0141.266] ReadFile (in: hFile=0x1ec, lpBuffer=0xc000198256, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000198256*, lpNumberOfBytesRead=0xc0000f9c04*=0x0, lpOverlapped=0x0) returned 1 [0141.267] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0141.498] CloseHandle (hObject=0x1ec) returned 1 [0141.498] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0141.498] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0141.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0142.467] GetConsoleMode (in: hConsoleHandle=0x260, lpMode=0xc0000f9d04 | out: lpMode=0xc0000f9d04) returned 0 [0142.484] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0142.531] SetEvent (hEvent=0xc0) returned 1 [0142.531] SetEvent (hEvent=0x144) returned 1 [0142.531] GetFileType (hFile=0x260) returned 0x1 [0142.531] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0143.013] WriteFile (in: hFile=0x260, lpBuffer=0xc00025e000*, nNumberOfBytesToWrite=0x260, lpNumberOfBytesWritten=0xc0000f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025e000*, lpNumberOfBytesWritten=0xc0000f9cec*=0x260, lpOverlapped=0x0) returned 1 [0143.015] CloseHandle (hObject=0x260) returned 1 [0143.015] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0143.016] VirtualAlloc (lpAddress=0xc000722000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000722000 [0143.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x260 [0143.017] GetConsoleMode (in: hConsoleHandle=0x260, lpMode=0xc0000f9d64 | out: lpMode=0xc0000f9d64) returned 0 [0143.027] GetFileType (hFile=0x260) returned 0x1 [0143.027] WriteFile (in: hFile=0x260, lpBuffer=0xc0006142c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006142c0*, lpNumberOfBytesWritten=0xc0000f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.027] CloseHandle (hObject=0x260) returned 1 [0143.028] VirtualAlloc (lpAddress=0xc000724000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000724000 [0143.029] VirtualAlloc (lpAddress=0xc000726000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000726000 [0143.030] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@google[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@google[1].txt"), dwFlags=0x1) returned 1 [0143.032] SetEvent (hEvent=0x35c) returned 1 [0143.032] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0143.041] SetEvent (hEvent=0x208) returned 1 [0143.041] SetEvent (hEvent=0x3dc) returned 1 [0143.041] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0143.053] SetEvent (hEvent=0x108) returned 1 [0143.053] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0143.063] SetEvent (hEvent=0x29c) returned 1 [0143.063] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0143.089] SetEvent (hEvent=0x3c8) returned 1 [0143.089] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0143.092] SetEvent (hEvent=0x8c8) returned 1 [0143.092] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0143.101] SetEvent (hEvent=0x3c8) returned 1 [0143.101] SetEvent (hEvent=0x8d0) returned 1 [0143.101] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0143.110] SetEvent (hEvent=0x3c8) returned 1 [0143.110] SetEvent (hEvent=0x8d8) returned 1 [0143.110] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0143.171] SetEvent (hEvent=0x3c8) returned 1 [0143.171] SetEvent (hEvent=0x8e0) returned 1 [0143.171] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0143.180] SetEvent (hEvent=0x3c8) returned 1 [0143.180] SetEvent (hEvent=0x2b0) returned 1 [0143.180] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) returned 0x0 [0143.201] SetEvent (hEvent=0x2a8) returned 1 [0143.201] WaitForSingleObject (hHandle=0x334, dwMilliseconds=0xffffffff) Thread: id = 51 os_tid = 0xa40 [0116.157] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2d09fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2d09fea0*=0x33c) returned 1 [0116.157] VirtualQuery (in: lpAddress=0x2d09fec0, lpBuffer=0x2d09fec0, dwLength=0x30 | out: lpBuffer=0x2d09fec0*(BaseAddress=0x2d09f000, AllocationBase=0x2cea0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.157] SetEvent (hEvent=0x120) returned 1 [0116.158] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x340 [0116.158] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x344 [0116.158] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0116.166] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x118, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2d09f840, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2d09f840*=0x34c) returned 1 [0116.166] SuspendThread (hThread=0x34c) returned 0x0 [0116.166] GetThreadContext (in: hThread=0x34c, lpContext=0x2d09f850 | out: lpContext=0x2d09f850*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28b0f728, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab153a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0116.166] ResumeThread (hThread=0x34c) returned 0x1 [0116.166] CloseHandle (hObject=0x34c) returned 1 [0116.174] SwitchToThread () returned 1 [0116.179] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x462490, lpParameter=0xc00013aa80, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x34c [0116.180] CloseHandle (hObject=0x34c) returned 1 [0116.180] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d09fe08*=0x340, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0116.193] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0116.193] SetEvent (hEvent=0x364) returned 1 [0116.193] SetEvent (hEvent=0x35c) returned 1 [0116.193] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d09fe08*=0x340, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.208] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d09fe30*=0x340, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.209] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d09f6a0, ulNumEntriesRemoved=0x2d09f674) returned 0 [0116.209] SetEvent (hEvent=0xc0) returned 1 [0116.209] SetEvent (hEvent=0x318) returned 1 [0116.209] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d09fe18*=0x340, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0116.215] SetEvent (hEvent=0x1f8) returned 1 [0116.215] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0116.233] SetEvent (hEvent=0x12c) returned 1 [0116.233] SetEvent (hEvent=0x1a0) returned 1 [0116.233] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0116.239] SetEvent (hEvent=0x12c) returned 1 [0116.239] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0116.244] SetEvent (hEvent=0x2a8) returned 1 [0116.245] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0116.259] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0116.260] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0116.260] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0116.261] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0116.261] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0116.262] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x218 [0116.363] GetConsoleMode (in: hConsoleHandle=0x218, lpMode=0xc000171d04 | out: lpMode=0xc000171d04) returned 0 [0116.368] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0116.377] GetFileType (hFile=0x218) returned 0x1 [0116.377] WriteFile (in: hFile=0x218, lpBuffer=0xc000162000*, nNumberOfBytesToWrite=0x780, lpNumberOfBytesWritten=0xc000171cec, lpOverlapped=0x0 | out: lpBuffer=0xc000162000*, lpNumberOfBytesWritten=0xc000171cec*=0x780, lpOverlapped=0x0) returned 1 [0116.378] CloseHandle (hObject=0x218) returned 1 [0116.384] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0116.384] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0116.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x32c [0116.385] GetConsoleMode (in: hConsoleHandle=0x32c, lpMode=0xc000171d64 | out: lpMode=0xc000171d64) returned 0 [0116.388] GetFileType (hFile=0x32c) returned 0x1 [0116.388] WriteFile (in: hFile=0x32c, lpBuffer=0xc0000d74a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000171d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d74a0*, lpNumberOfBytesWritten=0xc000171d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.388] CloseHandle (hObject=0x32c) returned 1 [0116.400] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0116.401] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBX3z0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbx3z0[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBX3z0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbbx3z0[1].jpg"), dwFlags=0x1) returned 1 [0117.037] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0117.040] SetEvent (hEvent=0x1dc) returned 1 [0117.040] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0117.042] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc000117818*=0x3) returned 1 [0117.043] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010046*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00010d818, lpReserved=0x0 | out: lpBuffer=0xc000010046*, lpNumberOfCharsWritten=0xc00010d818*=0x3) returned 1 [0117.141] SwitchToThread () returned 1 [0117.143] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0018*, lpNumberOfCharsWritten=0xc0001a5818*=0x3) returned 1 [0117.145] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000211818, lpReserved=0x0 | out: lpBuffer=0xc000072020*, lpNumberOfCharsWritten=0xc000211818*=0x3) returned 1 [0117.147] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072026*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000141818, lpReserved=0x0 | out: lpBuffer=0xc000072026*, lpNumberOfCharsWritten=0xc000141818*=0x3) returned 1 [0117.148] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0117.152] SetEvent (hEvent=0x1dc) returned 1 [0117.152] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0028*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000171818, lpReserved=0x0 | out: lpBuffer=0xc0000a0028*, lpNumberOfCharsWritten=0xc000171818*=0x3) returned 1 [0117.153] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc000175818*=0x3) returned 1 [0117.154] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0006*, lpNumberOfCharsWritten=0xc00018f818*=0x3) returned 1 [0117.155] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0117.158] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010120*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018d818, lpReserved=0x0 | out: lpBuffer=0xc000010120*, lpNumberOfCharsWritten=0xc00018d818*=0x3) returned 1 [0117.159] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0117.160] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0117.162] SetEvent (hEvent=0x1dc) returned 1 [0117.162] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0117.164] SetEvent (hEvent=0x1dc) returned 1 [0117.164] SetEvent (hEvent=0x39c) returned 1 [0117.164] SetEvent (hEvent=0x3c4) returned 1 [0117.164] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0117.188] SetEvent (hEvent=0x1dc) returned 1 [0117.188] SetEvent (hEvent=0x304) returned 1 [0117.188] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0117.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3bc [0117.195] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc00015bcf4 | out: lpMode=0xc00015bcf4) returned 0 [0117.199] GetFileType (hFile=0x3bc) returned 0x1 [0117.199] GetFileType (hFile=0x3bc) returned 0x1 [0117.199] GetFileInformationByHandle (in: hFile=0x3bc, lpFileInformation=0xc00015bd44 | out: lpFileInformation=0xc00015bd44) returned 1 [0117.199] GetFileInformationByHandleEx (in: hFile=0x3bc, FileInformationClass=0x9, lpFileInformation=0xc00015bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015bd28) returned 1 [0117.199] ReadFile (in: hFile=0x3bc, lpBuffer=0xc0000e4c00, nNumberOfBytesToRead=0xaf9, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4c00*, lpNumberOfBytesRead=0xc00015bc04*=0x8f9, lpOverlapped=0x0) returned 1 [0117.202] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0117.215] ReadFile (in: hFile=0x3bc, lpBuffer=0xc0000e54f9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e54f9*, lpNumberOfBytesRead=0xc00015bc04*=0x0, lpOverlapped=0x0) returned 1 [0117.215] CloseHandle (hObject=0x3bc) returned 1 [0117.215] SetEvent (hEvent=0x3c8) returned 1 [0117.215] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0117.217] SetEvent (hEvent=0x1dc) returned 1 [0117.217] SetEvent (hEvent=0x3c8) returned 1 [0117.217] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0117.240] SetEvent (hEvent=0x1dc) returned 1 [0117.240] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0117.249] SetEvent (hEvent=0x3c4) returned 1 [0117.249] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0117.261] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x374 [0117.262] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc00029dcf4 | out: lpMode=0xc00029dcf4) returned 0 [0117.264] GetFileType (hFile=0x374) returned 0x1 [0117.264] GetFileType (hFile=0x374) returned 0x1 [0117.264] GetFileInformationByHandle (in: hFile=0x374, lpFileInformation=0xc00029dd44 | out: lpFileInformation=0xc00029dd44) returned 1 [0117.264] GetFileInformationByHandleEx (in: hFile=0x374, FileInformationClass=0x9, lpFileInformation=0xc00029dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029dd28) returned 1 [0117.264] ReadFile (in: hFile=0x374, lpBuffer=0xc00007a000, nNumberOfBytesToRead=0x6c9, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesRead=0xc00029dc04*=0x4c9, lpOverlapped=0x0) returned 1 [0117.268] ReadFile (in: hFile=0x374, lpBuffer=0xc00007a4c9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a4c9*, lpNumberOfBytesRead=0xc00029dc04*=0x0, lpOverlapped=0x0) returned 1 [0117.268] CloseHandle (hObject=0x374) returned 1 [0117.268] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0117.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0117.279] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0117.288] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00029dd04 | out: lpMode=0xc00029dd04) returned 0 [0117.289] GetFileType (hFile=0x384) returned 0x1 [0117.289] WriteFile (in: hFile=0x384, lpBuffer=0xc000050000*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0xc00029dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesWritten=0xc00029dcec*=0x4d0, lpOverlapped=0x0) returned 1 [0117.290] CloseHandle (hObject=0x384) returned 1 [0117.299] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a001 | out: pbBuffer=0xc00031a001) returned 1 [0117.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0117.299] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc00029dd64 | out: lpMode=0xc00029dd64) returned 0 [0117.307] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0117.346] GetFileType (hFile=0x23c) returned 0x1 [0117.346] WriteFile (in: hFile=0x23c, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc00029dd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.347] CloseHandle (hObject=0x23c) returned 1 [0117.352] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0117.394] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-js[1]"), dwFlags=0x1) returned 1 [0118.027] SwitchToThread () returned 1 [0118.027] SetEvent (hEvent=0x3c4) returned 1 [0118.027] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0118.028] SetEvent (hEvent=0x3c4) returned 1 [0118.028] SetEvent (hEvent=0x258) returned 1 [0118.028] SetEvent (hEvent=0x24c) returned 1 [0118.028] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0119.066] SetEvent (hEvent=0x354) returned 1 [0119.066] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0119.070] SetEvent (hEvent=0xec) returned 1 [0119.070] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0141.536] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02f0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00011b818, lpReserved=0x0 | out: lpBuffer=0xc0000a02f0*, lpNumberOfCharsWritten=0xc00011b818*=0x3) returned 1 [0141.537] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) returned 0x0 [0142.334] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0b78*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00020f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0b78*, lpNumberOfCharsWritten=0xc00020f818*=0x4) returned 1 [0142.342] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0b80*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000047818, lpReserved=0x0 | out: lpBuffer=0xc0000a0b80*, lpNumberOfCharsWritten=0xc000047818*=0x4) returned 1 [0142.345] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0b88*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000141818, lpReserved=0x0 | out: lpBuffer=0xc0000a0b88*, lpNumberOfCharsWritten=0xc000141818*=0x4) returned 1 [0142.347] WaitForSingleObject (hHandle=0x340, dwMilliseconds=0xffffffff) Thread: id = 52 os_tid = 0xb3c [0116.166] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2d29fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2d29fea0*=0x350) returned 1 [0116.166] VirtualQuery (in: lpAddress=0x2d29fec0, lpBuffer=0x2d29fec0, dwLength=0x30 | out: lpBuffer=0x2d29fec0*(BaseAddress=0x2d29f000, AllocationBase=0x2d0a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.166] SetEvent (hEvent=0x1dc) returned 1 [0116.166] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x354 [0116.166] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x358 [0116.166] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0116.180] SetEvent (hEvent=0x114) returned 1 [0116.180] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0116.306] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b301 | out: pbBuffer=0xc00031b301) returned 1 [0116.306] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0116.307] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x244 [0116.307] GetConsoleMode (in: hConsoleHandle=0x244, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0116.308] GetFileType (hFile=0x244) returned 0x1 [0116.308] WriteFile (in: hFile=0x244, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.308] CloseHandle (hObject=0x244) returned 1 [0116.316] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0116.323] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAmUyV2[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aamuyv2[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-AAmUyV2[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-aamuyv2[1].png"), dwFlags=0x1) returned 1 [0116.928] SetEvent (hEvent=0x364) returned 1 [0116.928] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0117.360] SetEvent (hEvent=0x320) returned 1 [0117.360] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0117.364] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2fc [0117.365] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc00018dcf4 | out: lpMode=0xc00018dcf4) returned 0 [0117.367] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0117.488] GetFileType (hFile=0x2fc) returned 0x1 [0117.488] GetFileType (hFile=0x2fc) returned 0x1 [0117.488] GetFileInformationByHandle (in: hFile=0x2fc, lpFileInformation=0xc00018dd44 | out: lpFileInformation=0xc00018dd44) returned 1 [0117.488] GetFileInformationByHandleEx (in: hFile=0x2fc, FileInformationClass=0x9, lpFileInformation=0xc00018dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018dd28) returned 1 [0117.488] VirtualAlloc (lpAddress=0xc000332000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000332000 [0117.489] ReadFile (in: hFile=0x2fc, lpBuffer=0xc000332000, nNumberOfBytesToRead=0x1ea7, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000332000*, lpNumberOfBytesRead=0xc00018dc04*=0x1ca7, lpOverlapped=0x0) returned 1 [0117.499] ReadFile (in: hFile=0x2fc, lpBuffer=0xc000333ca7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000333ca7*, lpNumberOfBytesRead=0xc00018dc04*=0x0, lpOverlapped=0x0) returned 1 [0117.499] CloseHandle (hObject=0x2fc) returned 1 [0117.499] VirtualAlloc (lpAddress=0xc000334000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000334000 [0117.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0117.611] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00018dd04 | out: lpMode=0xc00018dd04) returned 0 [0117.615] GetFileType (hFile=0x2bc) returned 0x1 [0117.615] WriteFile (in: hFile=0x2bc, lpBuffer=0xc000334000*, nNumberOfBytesToWrite=0x1cb0, lpNumberOfBytesWritten=0xc00018dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000334000*, lpNumberOfBytesWritten=0xc00018dcec*=0x1cb0, lpOverlapped=0x0) returned 1 [0117.616] CloseHandle (hObject=0x2bc) returned 1 [0117.623] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0117.738] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001401 | out: pbBuffer=0xc000001401) returned 1 [0117.738] VirtualAlloc (lpAddress=0xc0004f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004f8000 [0117.739] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0117.739] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00018dd64 | out: lpMode=0xc00018dd64) returned 0 [0117.740] GetFileType (hFile=0x36c) returned 0x1 [0117.740] WriteFile (in: hFile=0x36c, lpBuffer=0xc0004cf4a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0004cf4a0*, lpNumberOfBytesWritten=0xc00018dd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.741] CloseHandle (hObject=0x36c) returned 1 [0117.744] VirtualAlloc (lpAddress=0xc0004fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004fa000 [0117.745] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.746] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0117.746] SetEvent (hEvent=0xc0) returned 1 [0117.746] SetEvent (hEvent=0x24c) returned 1 [0117.746] VirtualAlloc (lpAddress=0xc0005b4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005b4000 [0117.748] VirtualAlloc (lpAddress=0xc0004fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004fc000 [0117.748] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEedPR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbeedpr[1].jpg"), dwFlags=0x1) returned 1 [0118.399] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0118.403] SwitchToThread () returned 1 [0118.403] SetEvent (hEvent=0x274) returned 1 [0118.403] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0118.406] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0118.408] SwitchToThread () returned 1 [0118.409] SetEvent (hEvent=0x1e8) returned 1 [0118.409] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0118.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0118.812] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc00016fcf4 | out: lpMode=0xc00016fcf4) returned 0 [0118.817] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0118.928] GetFileType (hFile=0x2f4) returned 0x1 [0118.929] GetFileType (hFile=0x2f4) returned 0x1 [0118.929] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc00016fd44 | out: lpFileInformation=0xc00016fd44) returned 1 [0118.929] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc00016fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00016fd28) returned 1 [0118.929] ReadFile (in: hFile=0x2f4, lpBuffer=0xc00050d980, nNumberOfBytesToRead=0x18f5, lpNumberOfBytesRead=0xc00016fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesRead=0xc00016fc04*=0x16f5, lpOverlapped=0x0) returned 1 [0118.935] ReadFile (in: hFile=0x2f4, lpBuffer=0xc00050f075, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00016fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00050f075*, lpNumberOfBytesRead=0xc00016fc04*=0x0, lpOverlapped=0x0) returned 1 [0118.935] CloseHandle (hObject=0x2f4) returned 1 [0118.935] VirtualAlloc (lpAddress=0xc0002cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002cc000 [0118.936] VirtualAlloc (lpAddress=0xc0002ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ce000 [0118.937] VirtualAlloc (lpAddress=0xc0002d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d0000 [0118.937] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0118.938] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc00016fd04 | out: lpMode=0xc00016fd04) returned 0 [0118.949] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0119.067] GetFileType (hFile=0x2f4) returned 0x1 [0119.067] WriteFile (in: hFile=0x2f4, lpBuffer=0xc00006b800*, nNumberOfBytesToWrite=0x1700, lpNumberOfBytesWritten=0xc00016fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00006b800*, lpNumberOfBytesWritten=0xc00016fcec*=0x1700, lpOverlapped=0x0) returned 1 [0119.068] CloseHandle (hObject=0x2f4) returned 1 [0119.071] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0119.146] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001101 | out: pbBuffer=0xc000001101) returned 1 [0119.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0119.146] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc00016fd64 | out: lpMode=0xc00016fd64) returned 0 [0119.148] GetFileType (hFile=0x308) returned 0x1 [0119.149] WriteFile (in: hFile=0x308, lpBuffer=0xc0000bc580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00016fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc580*, lpNumberOfBytesWritten=0xc00016fd4c*=0x158, lpOverlapped=0x0) returned 1 [0119.149] CloseHandle (hObject=0x308) returned 1 [0119.150] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbyfeh[1].jpg"), dwFlags=0x1) returned 1 [0119.675] SwitchToThread () returned 1 [0119.675] SetEvent (hEvent=0x30c) returned 1 [0119.676] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0119.677] SetEvent (hEvent=0x30c) returned 1 [0119.677] SetEvent (hEvent=0x334) returned 1 [0119.677] SwitchToThread () returned 1 [0119.678] SetEvent (hEvent=0x30c) returned 1 [0119.678] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0119.679] SetEvent (hEvent=0x30c) returned 1 [0119.679] SetEvent (hEvent=0x334) returned 1 [0119.679] SetEvent (hEvent=0x24c) returned 1 [0119.679] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0120.629] SetEvent (hEvent=0x3c8) returned 1 [0120.629] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0120.642] SetEvent (hEvent=0x1a0) returned 1 [0120.642] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0120.658] SetEvent (hEvent=0x3c4) returned 1 [0120.658] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0120.659] SetEvent (hEvent=0xec) returned 1 [0120.660] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0120.666] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0120.671] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0120.681] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0120.682] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc00022fcf4 | out: lpMode=0xc00022fcf4) returned 0 [0120.688] GetFileType (hFile=0x3cc) returned 0x1 [0120.688] GetFileType (hFile=0x3cc) returned 0x1 [0120.688] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc00022fd44 | out: lpFileInformation=0xc00022fd44) returned 1 [0120.689] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc00022fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022fd28) returned 1 [0120.689] VirtualAlloc (lpAddress=0xc00039a000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00039a000 [0120.690] ReadFile (in: hFile=0x3cc, lpBuffer=0xc00039a000, nNumberOfBytesToRead=0x84d8, lpNumberOfBytesRead=0xc00022fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00039a000*, lpNumberOfBytesRead=0xc00022fc04*=0x82d8, lpOverlapped=0x0) returned 1 [0120.693] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0003a22d8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003a22d8*, lpNumberOfBytesRead=0xc00022fc04*=0x0, lpOverlapped=0x0) returned 1 [0120.693] CloseHandle (hObject=0x3cc) returned 1 [0120.693] VirtualAlloc (lpAddress=0xc0003a4000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a4000 [0120.695] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0120.730] SetEvent (hEvent=0xc0) returned 1 [0120.730] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00022fd04 | out: lpMode=0xc00022fd04) returned 0 [0120.730] GetFileType (hFile=0x2bc) returned 0x1 [0120.730] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0003a4000*, nNumberOfBytesToWrite=0x82e0, lpNumberOfBytesWritten=0xc00022fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003a4000*, lpNumberOfBytesWritten=0xc00022fcec*=0x82e0, lpOverlapped=0x0) returned 1 [0120.732] CloseHandle (hObject=0x2bc) returned 1 [0120.733] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0120.733] VirtualAlloc (lpAddress=0xc000286000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000286000 [0120.734] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0120.734] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0120.735] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00022fd64 | out: lpMode=0xc00022fd64) returned 0 [0120.735] GetFileType (hFile=0x2bc) returned 0x1 [0120.735] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00022fd4c*=0x158, lpOverlapped=0x0) returned 1 [0120.735] CloseHandle (hObject=0x2bc) returned 1 [0120.735] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-chartbeat[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-chartbeat[1].js"), dwFlags=0x1) returned 1 [0120.937] SetEvent (hEvent=0xfc) returned 1 [0120.937] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.066] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.105] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.111] SetEvent (hEvent=0x3c0) returned 1 [0121.111] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.112] SetEvent (hEvent=0x3c0) returned 1 [0121.113] SetEvent (hEvent=0x114) returned 1 [0121.113] VirtualFree (lpAddress=0xc000400000, dwSize=0x4c000, dwFreeType=0x4000) returned 1 [0121.115] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.116] VirtualFree (lpAddress=0xc000346000, dwSize=0x4e000, dwFreeType=0x4000) returned 1 [0121.118] VirtualFree (lpAddress=0xc000342000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.119] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.119] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0121.120] VirtualFree (lpAddress=0xc000262000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.120] VirtualFree (lpAddress=0xc0001ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.121] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0121.121] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.122] VirtualFree (lpAddress=0xc000110000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.122] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0121.123] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.123] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.123] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.124] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d3818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc0002d3818*=0x2) returned 1 [0121.128] SwitchToThread () returned 1 [0121.129] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.140] SetEvent (hEvent=0x3c0) returned 1 [0121.140] SetEvent (hEvent=0x13c) returned 1 [0121.140] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.149] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.159] SetEvent (hEvent=0x1b4) returned 1 [0121.159] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.174] SetEvent (hEvent=0x1b4) returned 1 [0121.174] SetEvent (hEvent=0x30c) returned 1 [0121.174] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.175] VirtualFree (lpAddress=0xc00006a000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0121.175] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010048*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001bd818, lpReserved=0x0 | out: lpBuffer=0xc000010048*, lpNumberOfCharsWritten=0xc0001bd818*=0x2) returned 1 [0121.177] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.185] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0121.185] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.188] SetEvent (hEvent=0x1b4) returned 1 [0121.188] SetEvent (hEvent=0x30c) returned 1 [0121.188] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.188] VirtualFree (lpAddress=0xc000074000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.189] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.189] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010088*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc000010088*, lpNumberOfCharsWritten=0xc000175818*=0x2) returned 1 [0121.192] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.197] SetEvent (hEvent=0x30c) returned 1 [0121.197] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0121.197] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\jquery-1.11.1.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\jquery-1.11.1.min[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0121.198] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00022fcf4 | out: lpMode=0xc00022fcf4) returned 0 [0121.199] GetFileType (hFile=0x1b0) returned 0x1 [0121.199] GetFileType (hFile=0x1b0) returned 0x1 [0121.199] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00022fd44 | out: lpFileInformation=0xc00022fd44) returned 1 [0121.199] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00022fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022fd28) returned 1 [0121.199] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0121.202] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x1782e, lpNumberOfBytesRead=0xc00022fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc00022fc04*=0x1762e, lpOverlapped=0x0) returned 1 [0121.206] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0002bb62e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002bb62e*, lpNumberOfBytesRead=0xc00022fc04*=0x0, lpOverlapped=0x0) returned 1 [0121.206] CloseHandle (hObject=0x1b0) returned 1 [0121.206] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0121.207] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0121.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\jquery-1.11.1.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\jquery-1.11.1.min[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.215] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00022fd04 | out: lpMode=0xc00022fd04) returned 0 [0121.221] GetFileType (hFile=0x1b0) returned 0x1 [0121.221] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0002f6000*, nNumberOfBytesToWrite=0x17630, lpNumberOfBytesWritten=0xc00022fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesWritten=0xc00022fcec*=0x17630, lpOverlapped=0x0) returned 1 [0121.224] CloseHandle (hObject=0x1b0) returned 1 [0121.226] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0121.227] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0121.227] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0121.228] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\jquery-1.11.1.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\jquery-1.11.1.min[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.228] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00022fd64 | out: lpMode=0xc00022fd64) returned 0 [0121.231] GetFileType (hFile=0x1b0) returned 0x1 [0121.231] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00022fd4c*=0x158, lpOverlapped=0x0) returned 1 [0121.231] CloseHandle (hObject=0x1b0) returned 1 [0121.236] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\jquery-1.11.1.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\jquery-1.11.1.min[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-jquery-1.11.1.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-jquery-1.11.1.min[1].js"), dwFlags=0x1) returned 1 [0121.289] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0121.289] SetEvent (hEvent=0x13c) returned 1 [0121.290] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0121.291] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.294] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.294] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0121.294] SetEvent (hEvent=0x13c) returned 1 [0121.294] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.301] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.318] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.327] SetEvent (hEvent=0x3c0) returned 1 [0121.327] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[3].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[3].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0121.332] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00012dcf4 | out: lpMode=0xc00012dcf4) returned 0 [0121.332] GetFileType (hFile=0x2bc) returned 0x1 [0121.333] GetFileType (hFile=0x2bc) returned 0x1 [0121.333] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc00012dd44 | out: lpFileInformation=0xc00012dd44) returned 1 [0121.333] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc00012dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012dd28) returned 1 [0121.333] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0121.334] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00006e000, nNumberOfBytesToRead=0x79b3, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesRead=0xc00012dc04*=0x77b3, lpOverlapped=0x0) returned 1 [0121.340] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000757b3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000757b3*, lpNumberOfBytesRead=0xc00012dc04*=0x0, lpOverlapped=0x0) returned 1 [0121.340] CloseHandle (hObject=0x2bc) returned 1 [0121.340] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0121.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[3].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[3].eot"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0121.343] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00012dd04 | out: lpMode=0xc00012dd04) returned 0 [0121.343] GetFileType (hFile=0x2bc) returned 0x1 [0121.343] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000b6000*, nNumberOfBytesToWrite=0x77c0, lpNumberOfBytesWritten=0xc00012dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesWritten=0xc00012dcec*=0x77c0, lpOverlapped=0x0) returned 1 [0121.345] CloseHandle (hObject=0x2bc) returned 1 [0121.346] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0121.346] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0121.347] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[3].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[3].eot"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0121.347] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc00012dd64 | out: lpMode=0xc00012dd64) returned 0 [0121.347] GetFileType (hFile=0x1ec) returned 0x1 [0121.348] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00012dd4c*=0x158, lpOverlapped=0x0) returned 1 [0121.348] CloseHandle (hObject=0x1ec) returned 1 [0121.351] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.352] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0121.353] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0121.354] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0121.354] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0121.355] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0121.355] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\latest[3].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\latest[3].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-latest[3].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-latest[3].eot"), dwFlags=0x1) returned 1 [0121.393] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.408] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0121.408] SetEvent (hEvent=0xc0) returned 1 [0121.409] SetEvent (hEvent=0x3c0) returned 1 [0121.409] SetEvent (hEvent=0x1b4) returned 1 [0121.409] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.412] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.412] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0121.412] SetEvent (hEvent=0x1b4) returned 1 [0121.412] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.430] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.445] SetEvent (hEvent=0xfc) returned 1 [0121.445] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.447] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0121.448] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\uid[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\uid[1].htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0121.449] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001bdcf4 | out: lpMode=0xc0001bdcf4) returned 0 [0121.449] GetFileType (hFile=0x3cc) returned 0x1 [0121.449] GetFileType (hFile=0x3cc) returned 0x1 [0121.450] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc0001bdd44 | out: lpFileInformation=0xc0001bdd44) returned 1 [0121.450] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc0001bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bdd28) returned 1 [0121.450] ReadFile (in: hFile=0x3cc, lpBuffer=0xc000056000, nNumberOfBytesToRead=0xc33, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesRead=0xc0001bdc04*=0xa33, lpOverlapped=0x0) returned 1 [0121.452] ReadFile (in: hFile=0x3cc, lpBuffer=0xc000056a33, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000056a33*, lpNumberOfBytesRead=0xc0001bdc04*=0x0, lpOverlapped=0x0) returned 1 [0121.453] CloseHandle (hObject=0x3cc) returned 1 [0121.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\uid[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\uid[1].htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0121.455] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001bdd04 | out: lpMode=0xc0001bdd04) returned 0 [0121.455] GetFileType (hFile=0x3cc) returned 0x1 [0121.455] WriteFile (in: hFile=0x3cc, lpBuffer=0xc00003e000*, nNumberOfBytesToWrite=0xa40, lpNumberOfBytesWritten=0xc0001bdcec, lpOverlapped=0x0 | out: lpBuffer=0xc00003e000*, lpNumberOfBytesWritten=0xc0001bdcec*=0xa40, lpOverlapped=0x0) returned 1 [0121.456] CloseHandle (hObject=0x3cc) returned 1 [0121.457] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0121.457] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\uid[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\uid[1].htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.457] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001bdd64 | out: lpMode=0xc0001bdd64) returned 0 [0121.458] GetFileType (hFile=0x1b0) returned 0x1 [0121.458] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0121.458] CloseHandle (hObject=0x1b0) returned 1 [0121.461] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0121.461] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0121.462] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0121.462] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0121.463] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\uid[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\uid[1].htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-uid[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-uid[1].htm"), dwFlags=0x1) returned 1 [0121.496] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.582] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0121.583] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0121.583] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0121.584] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0121.584] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0121.585] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0121.646] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.650] GetFileType (hFile=0x2e8) returned 0x1 [0121.650] GetFileType (hFile=0x2e8) returned 0x1 [0121.650] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0121.650] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0121.650] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000182280, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000182280*, lpNumberOfBytesRead=0xc0006e1c04*=0x43, lpOverlapped=0x0) returned 1 [0121.652] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0001822c3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001822c3*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0121.652] CloseHandle (hObject=0x2e8) returned 1 [0121.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.652] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini\\*", lpFindFileData=0xc0006e1a08 | out: lpFindFileData=0xc0006e1a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0121.652] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0006e1720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0121.652] SetEvent (hEvent=0x1a0) returned 1 [0121.653] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.816] SetEvent (hEvent=0x1a0) returned 1 [0121.816] SetEvent (hEvent=0x13c) returned 1 [0121.816] SetEvent (hEvent=0x3c0) returned 1 [0121.816] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0121.827] SetEvent (hEvent=0x1a0) returned 1 [0121.827] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0121.828] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0121.829] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001d5cf4 | out: lpMode=0xc0001d5cf4) returned 0 [0121.839] GetFileType (hFile=0x3cc) returned 0x1 [0121.839] GetFileType (hFile=0x3cc) returned 0x1 [0121.839] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc0001d5d44 | out: lpFileInformation=0xc0001d5d44) returned 1 [0121.839] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc0001d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d5d28) returned 1 [0121.839] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x202000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.839] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x202000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.839] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x101000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ea000 [0121.842] VirtualAlloc (lpAddress=0xc0007eb000, dwSize=0x101000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.842] VirtualAlloc (lpAddress=0xc0007eb000, dwSize=0x80000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.842] VirtualAlloc (lpAddress=0xc0007eb000, dwSize=0x40000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.842] VirtualAlloc (lpAddress=0xc0007eb000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.843] VirtualAlloc (lpAddress=0xc0007eb000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007eb000 [0121.843] VirtualAlloc (lpAddress=0xc0007fb000, dwSize=0xf1000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.843] VirtualAlloc (lpAddress=0xc0007fb000, dwSize=0x78000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.843] VirtualAlloc (lpAddress=0xc0007fb000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.843] VirtualAlloc (lpAddress=0xc0007fb000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.843] VirtualAlloc (lpAddress=0xc0007fb000, dwSize=0xf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.843] VirtualAlloc (lpAddress=0xc0007fb000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.843] VirtualAlloc (lpAddress=0xc0007fb000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fb000 [0121.844] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0xee000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.844] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x77000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.844] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x3b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.844] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x1d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.844] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.844] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.844] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.844] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fe000 [0121.845] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0xed000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.845] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x76000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.845] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x3b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.845] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x1d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.845] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.845] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.845] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.845] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ff000 [0121.845] VirtualAlloc (lpAddress=0xc000800000, dwSize=0xec000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0121.871] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0006ea000, nNumberOfBytesToRead=0x200200, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006ea000*, lpNumberOfBytesRead=0xc0001d5c04*=0x200000, lpOverlapped=0x0) returned 1 [0121.920] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0008ea000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0008ea000*, lpNumberOfBytesRead=0xc0001d5c04*=0x0, lpOverlapped=0x0) returned 1 [0121.920] CloseHandle (hObject=0x3cc) returned 1 [0121.920] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0121.921] VirtualAlloc (lpAddress=0xc0008ec000, dwSize=0x202000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0008ec000 [0121.950] SwitchToThread () returned 1 [0122.019] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0122.183] SetEvent (hEvent=0x1a0) returned 1 [0122.183] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0122.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0122.184] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc00004bcf4 | out: lpMode=0xc00004bcf4) returned 0 [0122.185] GetFileType (hFile=0x3cc) returned 0x1 [0122.185] GetFileType (hFile=0x3cc) returned 0x1 [0122.185] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc00004bd44 | out: lpFileInformation=0xc00004bd44) returned 1 [0122.185] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc00004bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00004bd28) returned 1 [0122.185] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0122.185] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x632, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc00004bc04*=0x432, lpOverlapped=0x0) returned 1 [0122.235] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0000a2432, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00004bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2432*, lpNumberOfBytesRead=0xc00004bc04*=0x0, lpOverlapped=0x0) returned 1 [0122.235] CloseHandle (hObject=0x3cc) returned 1 [0122.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0122.236] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc00004bd04 | out: lpMode=0xc00004bd04) returned 0 [0122.242] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0122.245] GetFileType (hFile=0x3cc) returned 0x1 [0122.245] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0122.245] WriteFile (in: hFile=0x3cc, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x440, lpNumberOfBytesWritten=0xc00004bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc00004bcec*=0x440, lpOverlapped=0x0) returned 1 [0122.246] CloseHandle (hObject=0x3cc) returned 1 [0122.246] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0122.246] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0122.247] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0122.247] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0122.248] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0122.248] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0122.249] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0122.249] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0122.249] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc00004bd64 | out: lpMode=0xc00004bd64) returned 0 [0122.255] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0122.343] GetFileType (hFile=0x3cc) returned 0x1 [0122.343] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0000dc000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00004bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesWritten=0xc00004bd4c*=0x158, lpOverlapped=0x0) returned 1 [0122.343] CloseHandle (hObject=0x3cc) returned 1 [0122.343] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\bears.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-Bears.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-bears.jpg"), dwFlags=0x1) returned 1 [0122.344] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0122.344] SetEvent (hEvent=0x30c) returned 1 [0122.344] SetEvent (hEvent=0x13c) returned 1 [0122.344] SetEvent (hEvent=0xfc) returned 1 [0122.345] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.347] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0122.347] SetEvent (hEvent=0xfc) returned 1 [0122.347] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.354] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0122.354] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.356] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0122.356] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0122.356] SetEvent (hEvent=0xc0) returned 1 [0122.356] SetEvent (hEvent=0x13c) returned 1 [0122.356] SetEvent (hEvent=0xfc) returned 1 [0122.356] SetEvent (hEvent=0x114) returned 1 [0122.356] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.364] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0122.365] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0122.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\windowsmail.msmessagestore"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0122.366] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004dfcf4 | out: lpMode=0xc0004dfcf4) returned 0 [0122.376] GetFileType (hFile=0x36c) returned 0x1 [0122.376] GetFileType (hFile=0x36c) returned 0x1 [0122.376] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0004dfd44 | out: lpFileInformation=0xc0004dfd44) returned 1 [0122.376] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0004dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dfd28) returned 1 [0122.376] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x208000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.376] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x208000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.376] VirtualAlloc (lpAddress=0xc0006ea000, dwSize=0x104000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ea000 [0122.379] VirtualAlloc (lpAddress=0xc0007ee000, dwSize=0x104000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.379] VirtualAlloc (lpAddress=0xc0007ee000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.379] VirtualAlloc (lpAddress=0xc0007ee000, dwSize=0x41000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.379] VirtualAlloc (lpAddress=0xc0007ee000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.379] VirtualAlloc (lpAddress=0xc0007ee000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ee000 [0122.380] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0xf4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.380] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x7a000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.380] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x3d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.380] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.380] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0xf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.380] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.380] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.380] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fe000 [0122.380] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0xf3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.380] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x79000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.380] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.381] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.381] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0xf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.381] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.381] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0122.381] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ff000 [0122.381] VirtualAlloc (lpAddress=0xc000800000, dwSize=0xf2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0122.412] ReadFile (in: hFile=0x36c, lpBuffer=0xc0006ea000, nNumberOfBytesToRead=0x206200, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0006ea000*, lpNumberOfBytesRead=0xc0004dfc04*=0x206000, lpOverlapped=0x0) returned 1 [0122.473] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0122.498] ReadFile (in: hFile=0x36c, lpBuffer=0xc0008f0000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0008f0000*, lpNumberOfBytesRead=0xc0004dfc04*=0x0, lpOverlapped=0x0) returned 1 [0122.498] CloseHandle (hObject=0x36c) returned 1 [0122.498] VirtualAlloc (lpAddress=0xc0008f2000, dwSize=0x208000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0008f2000 [0122.521] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0122.521] VirtualFree (lpAddress=0xc000290000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0122.522] VirtualFree (lpAddress=0xc00028c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.522] VirtualFree (lpAddress=0xc000280000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0122.523] VirtualFree (lpAddress=0xc00021c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.523] VirtualFree (lpAddress=0xc000212000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0122.523] VirtualFree (lpAddress=0xc000208000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.524] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0122.524] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.524] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.525] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.525] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.525] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.526] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.526] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.526] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.551] GetFileType (hFile=0x2f0) returned 0x1 [0122.551] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Garden.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\garden.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0122.552] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00017dcf4 | out: lpMode=0xc00017dcf4) returned 0 [0122.553] GetFileType (hFile=0x36c) returned 0x1 [0122.553] GetFileType (hFile=0x1ec) returned 0x1 [0122.553] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000762c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000762c0*, lpNumberOfBytesWritten=0xc0001c9d4c*=0x158, lpOverlapped=0x0) returned 1 [0122.553] CloseHandle (hObject=0x1ec) returned 1 [0122.553] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0122.554] GetFileType (hFile=0x2b4) returned 0x1 [0122.554] GetFileType (hFile=0x2b4) returned 0x1 [0122.554] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0122.554] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0122.554] GetFileType (hFile=0x240) returned 0x1 [0122.554] WriteFile (in: hFile=0x240, lpBuffer=0xc0000766e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000189d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000766e0*, lpNumberOfBytesWritten=0xc000189d4c*=0x158, lpOverlapped=0x0) returned 1 [0122.554] CloseHandle (hObject=0x240) returned 1 [0122.555] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0122.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0122.556] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00013dcf4 | out: lpMode=0xc00013dcf4) returned 0 [0122.560] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0122.625] SetEvent (hEvent=0x1a0) returned 1 [0122.625] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0122.837] SetEvent (hEvent=0x39c) returned 1 [0122.837] VirtualFree (lpAddress=0xc000400000, dwSize=0x80000, dwFreeType=0x4000) returned 1 [0122.840] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.841] VirtualFree (lpAddress=0xc000346000, dwSize=0x82000, dwFreeType=0x4000) returned 1 [0122.844] VirtualFree (lpAddress=0xc000300000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0122.845] VirtualFree (lpAddress=0xc0002ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.845] VirtualFree (lpAddress=0xc000298000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.845] VirtualFree (lpAddress=0xc000286000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.846] VirtualFree (lpAddress=0xc000220000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.846] VirtualFree (lpAddress=0xc0001a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.847] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0122.847] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.847] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.848] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.848] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.848] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.849] SetEvent (hEvent=0x12c) returned 1 [0122.849] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0122.860] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\wc-addons[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\wc-addons[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-wc-addons[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-wc-addons[1].css"), dwFlags=0x1) returned 1 [0122.862] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0122.862] ReadFile (in: hFile=0x3cc, lpBuffer=0xc00007e000, nNumberOfBytesToRead=0x2e6, lpNumberOfBytesRead=0xc000179c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesRead=0xc000179c04*=0xe6, lpOverlapped=0x0) returned 1 [0122.863] ReadFile (in: hFile=0x3cc, lpBuffer=0xc00007e0e6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000179c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e0e6*, lpNumberOfBytesRead=0xc000179c04*=0x0, lpOverlapped=0x0) returned 1 [0122.863] CloseHandle (hObject=0x3cc) returned 1 [0122.863] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0122.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0122.865] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc000179d04 | out: lpMode=0xc000179d04) returned 0 [0122.867] GetFileType (hFile=0x3cc) returned 0x1 [0122.867] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0002882d0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000179cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002882d0*, lpNumberOfBytesWritten=0xc000179cec*=0xf0, lpOverlapped=0x0) returned 1 [0122.869] CloseHandle (hObject=0x3cc) returned 1 [0122.869] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0122.869] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0122.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0122.870] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc000179d64 | out: lpMode=0xc000179d64) returned 0 [0122.870] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0122.961] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0122.962] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x254, lpNumberOfBytesRead=0xc000171c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc000171c04*=0x54, lpOverlapped=0x0) returned 1 [0122.963] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00006c054, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000171c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c054*, lpNumberOfBytesRead=0xc000171c04*=0x0, lpOverlapped=0x0) returned 1 [0122.963] CloseHandle (hObject=0x3d8) returned 1 [0122.964] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0122.965] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000171d04 | out: lpMode=0xc000171d04) returned 0 [0122.965] GetFileType (hFile=0x3d8) returned 0x1 [0122.965] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000086120*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0xc000171cec, lpOverlapped=0x0 | out: lpBuffer=0xc000086120*, lpNumberOfBytesWritten=0xc000171cec*=0x60, lpOverlapped=0x0) returned 1 [0122.967] CloseHandle (hObject=0x3d8) returned 1 [0122.967] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0122.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Sidebar\\Settings.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows sidebar\\settings.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0122.967] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000171d64 | out: lpMode=0xc000171d64) returned 0 [0123.003] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0123.027] SetEvent (hEvent=0x39c) returned 1 [0123.027] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0123.031] SetEvent (hEvent=0xfc) returned 1 [0123.031] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0123.092] SetEvent (hEvent=0xfc) returned 1 [0123.092] VirtualFree (lpAddress=0xc0008ec000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0123.093] VirtualFree (lpAddress=0xc000300000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0123.093] VirtualFree (lpAddress=0xc0002d0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.094] VirtualFree (lpAddress=0xc0002be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.094] VirtualFree (lpAddress=0xc00028e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.095] VirtualFree (lpAddress=0xc000234000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.095] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0123.096] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.096] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.097] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.097] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.097] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft Help" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft help"), fInfoLevelId=0x0, lpFileInformation=0xc00018d850 | out: lpFileInformation=0xc00018d850*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe80ff230, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xe80ff230, ftLastAccessTime.dwHighDateTime=0x1d2dda1, ftLastWriteTime.dwLowDateTime=0xe80ff230, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0123.099] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0123.100] WriteFile (in: hFile=0x23c, lpBuffer=0xc0002943c0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc000153cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002943c0*, lpNumberOfBytesWritten=0xc000153cec*=0xf0, lpOverlapped=0x0) returned 1 [0123.101] CloseHandle (hObject=0x23c) returned 1 [0123.101] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0101 | out: pbBuffer=0xc0002f0101) returned 1 [0123.102] GetFileType (hFile=0x2b4) returned 0x1 [0123.102] GetFileType (hFile=0x2b4) returned 0x1 [0123.102] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc0001c5d44 | out: lpFileInformation=0xc0001c5d44) returned 1 [0123.102] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc0001c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c5d28) returned 1 [0123.102] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0123.102] WriteFile (in: hFile=0x2c4, lpBuffer=0xc000222000*, nNumberOfBytesToWrite=0x1d60, lpNumberOfBytesWritten=0xc00017bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000222000*, lpNumberOfBytesWritten=0xc00017bcec*=0x1d60, lpOverlapped=0x0) returned 1 [0123.104] CloseHandle (hObject=0x2c4) returned 1 [0123.104] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0123.104] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0123.105] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0006e3d4c*=0x158, lpOverlapped=0x0) returned 1 [0123.105] CloseHandle (hObject=0x1b0) returned 1 [0123.105] GetFileType (hFile=0x3cc) returned 0x1 [0123.105] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000179d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000179d4c*=0x158, lpOverlapped=0x0) returned 1 [0123.105] CloseHandle (hObject=0x3cc) returned 1 [0123.105] GetFileType (hFile=0x3dc) returned 0x1 [0123.105] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc00029fd4c*=0x158, lpOverlapped=0x0) returned 1 [0123.106] CloseHandle (hObject=0x3dc) returned 1 [0123.106] GetFileType (hFile=0x2e8) returned 0x1 [0123.106] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000193d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc000193d4c*=0x158, lpOverlapped=0x0) returned 1 [0123.106] CloseHandle (hObject=0x2e8) returned 1 [0123.106] GetFileType (hFile=0x2bc) returned 0x1 [0123.106] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d71e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d71e0*, lpNumberOfBytesWritten=0xc0004dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0123.106] CloseHandle (hObject=0x2bc) returned 1 [0123.107] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0123.107] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Shades of Blue.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shades of blue.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0123.108] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001d9cf4 | out: lpMode=0xc0001d9cf4) returned 0 [0123.193] GetFileType (hFile=0x2bc) returned 0x1 [0123.193] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0123.194] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x300, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2d29f968, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2d29f968*=0x370) returned 1 [0123.194] SuspendThread (hThread=0x370) returned 0x0 [0123.194] GetThreadContext (in: hThread=0x370, lpContext=0x2d29f980 | out: lpContext=0x2d29f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2c89fe68, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x461683, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0123.196] ResumeThread (hThread=0x370) returned 0x1 [0123.196] CloseHandle (hObject=0x370) returned 1 [0123.196] SetEvent (hEvent=0x3c0) returned 1 [0123.196] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0123.215] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.216] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0123.216] SetEvent (hEvent=0xc0) returned 1 [0123.216] SetEvent (hEvent=0x39c) returned 1 [0123.216] SetEvent (hEvent=0x3c0) returned 1 [0123.216] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0123.217] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0123.217] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0000f3d64 | out: lpMode=0xc0000f3d64) returned 0 [0123.219] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0123.265] GetFileType (hFile=0x370) returned 0x1 [0123.265] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0123.265] WriteFile (in: hFile=0x370, lpBuffer=0xc0000dc6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc6e0*, lpNumberOfBytesWritten=0xc0000f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0123.266] CloseHandle (hObject=0x370) returned 1 [0123.266] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0123.266] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\greenbubbles.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-GreenBubbles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-greenbubbles.jpg"), dwFlags=0x1) returned 1 [0123.268] SetEvent (hEvent=0x39c) returned 1 [0123.268] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0123.799] SetEvent (hEvent=0x13c) returned 1 [0123.800] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0123.805] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0123.806] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-Stars.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-stars.htm"), dwFlags=0x1) returned 1 [0124.578] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0124.586] SetEvent (hEvent=0x3c8) returned 1 [0124.586] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0124.846] SetEvent (hEvent=0x39c) returned 1 [0124.846] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.217] SetEvent (hEvent=0x1b4) returned 1 [0126.217] SetEvent (hEvent=0x114) returned 1 [0126.217] SetEvent (hEvent=0x324) returned 1 [0126.217] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.299] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0126.299] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0126.300] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x402000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.300] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x402000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.300] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x201000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.300] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x100000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e4000 [0126.303] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0x302000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.303] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0x181000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.303] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0xc0000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.303] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0x60000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.303] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0x30000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.303] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007e4000 [0126.304] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x2ea000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.304] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x175000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.304] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0xba000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.304] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x5d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.304] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x2e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.304] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x17000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.304] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.304] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.304] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fc000 [0126.304] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x2e8000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.304] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x174000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.305] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0xba000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.305] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x5d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.305] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x2e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.305] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x17000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.305] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0xb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.305] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.305] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fe000 [0126.305] VirtualAlloc (lpAddress=0xc000800000, dwSize=0x2e6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0126.408] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0126.408] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0126.409] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0126.434] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.437] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0001bbd04 | out: lpMode=0xc0001bbd04) returned 0 [0126.441] GetFileType (hFile=0x2e8) returned 0x1 [0126.441] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0006e4000*, nNumberOfBytesToWrite=0x400010, lpNumberOfBytesWritten=0xc0001bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0006e4000*, lpNumberOfBytesWritten=0xc0001bbcec*=0x400010, lpOverlapped=0x0) returned 1 [0126.586] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.598] CloseHandle (hObject=0x2e8) returned 1 [0126.598] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0126.598] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0126.598] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0126.599] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0126.599] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0126.600] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0126.600] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0001bbd64 | out: lpMode=0xc0001bbd64) returned 0 [0126.635] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.636] GetFileType (hFile=0x2e8) returned 0x1 [0126.636] WriteFile (in: hFile=0x2e8, lpBuffer=0xc00011c6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c6e0*, lpNumberOfBytesWritten=0xc0001bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0126.637] CloseHandle (hObject=0x2e8) returned 1 [0126.637] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\_CACHE_003_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\_cache_003_"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\encry-_CACHE_003_" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\encry-_cache_003_"), dwFlags=0x1) returned 1 [0126.640] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.649] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.650] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.654] SetEvent (hEvent=0x324) returned 1 [0126.654] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.655] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000197818, lpReserved=0x0 | out: lpBuffer=0xc00005e020*, lpNumberOfCharsWritten=0xc000197818*=0x3) returned 1 [0126.656] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e026*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004db818, lpReserved=0x0 | out: lpBuffer=0xc00005e026*, lpNumberOfCharsWritten=0xc0004db818*=0x3) returned 1 [0126.695] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e070*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cb818, lpReserved=0x0 | out: lpBuffer=0xc00005e070*, lpNumberOfCharsWritten=0xc0001cb818*=0x3) returned 1 [0126.711] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.715] SetEvent (hEvent=0x324) returned 1 [0126.715] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01a8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018d818, lpReserved=0x0 | out: lpBuffer=0xc0000a01a8*, lpNumberOfCharsWritten=0xc00018d818*=0x3) returned 1 [0126.719] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.725] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0126.725] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0126.726] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000036000*, nNumberOfCharsToWrite=0x14e, lpNumberOfCharsWritten=0xc00023f808, lpReserved=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfCharsWritten=0xc00023f808*=0x14e) returned 1 [0126.731] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e028*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c3818, lpReserved=0x0 | out: lpBuffer=0xc00005e028*, lpNumberOfCharsWritten=0xc0000c3818*=0x3) returned 1 [0126.732] SetEvent (hEvent=0x1b4) returned 1 [0126.732] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000153818, lpReserved=0x0 | out: lpBuffer=0xc00005e030*, lpNumberOfCharsWritten=0xc000153818*=0x3) returned 1 [0126.732] SetEvent (hEvent=0x1b4) returned 1 [0126.732] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001db818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc0001db818*=0x3) returned 1 [0126.733] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.734] SetEvent (hEvent=0x114) returned 1 [0126.734] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.735] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00014f818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc00014f818*=0x3) returned 1 [0126.739] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010046*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00017b818, lpReserved=0x0 | out: lpBuffer=0xc000010046*, lpNumberOfCharsWritten=0xc00017b818*=0x3) returned 1 [0126.740] SetEvent (hEvent=0x1b4) returned 1 [0126.740] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000179818, lpReserved=0x0 | out: lpBuffer=0xc00005e040*, lpNumberOfCharsWritten=0xc000179818*=0x3) returned 1 [0126.741] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.744] SetEvent (hEvent=0x324) returned 1 [0126.745] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001c5818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc0001c5818*=0x3) returned 1 [0126.746] SetEvent (hEvent=0x324) returned 1 [0126.746] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010036*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000193818, lpReserved=0x0 | out: lpBuffer=0xc000010036*, lpNumberOfCharsWritten=0xc000193818*=0x3) returned 1 [0126.747] SetEvent (hEvent=0x324) returned 1 [0126.747] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000067818, lpReserved=0x0 | out: lpBuffer=0xc000010080*, lpNumberOfCharsWritten=0xc000067818*=0x3) returned 1 [0126.748] SetEvent (hEvent=0x324) returned 1 [0126.748] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010086*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00013d818, lpReserved=0x0 | out: lpBuffer=0xc000010086*, lpNumberOfCharsWritten=0xc00013d818*=0x3) returned 1 [0126.749] SetEvent (hEvent=0x324) returned 1 [0126.749] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100d0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000171818, lpReserved=0x0 | out: lpBuffer=0xc0000100d0*, lpNumberOfCharsWritten=0xc000171818*=0x3) returned 1 [0126.750] SetEvent (hEvent=0x324) returned 1 [0126.750] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100d6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc0000100d6*, lpNumberOfCharsWritten=0xc000175818*=0x3) returned 1 [0126.751] SetEvent (hEvent=0x324) returned 1 [0126.751] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100e0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001bf818, lpReserved=0x0 | out: lpBuffer=0xc0000100e0*, lpNumberOfCharsWritten=0xc0001bf818*=0x3) returned 1 [0126.751] SetEvent (hEvent=0x324) returned 1 [0126.751] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100e6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d9818, lpReserved=0x0 | out: lpBuffer=0xc0000100e6*, lpNumberOfCharsWritten=0xc0001d9818*=0x3) returned 1 [0126.752] SetEvent (hEvent=0x324) returned 1 [0126.752] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0126.753] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010140*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000253818, lpReserved=0x0 | out: lpBuffer=0xc000010140*, lpNumberOfCharsWritten=0xc000253818*=0x3) returned 1 [0126.754] SetEvent (hEvent=0x324) returned 1 [0126.754] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010146*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004dd818, lpReserved=0x0 | out: lpBuffer=0xc000010146*, lpNumberOfCharsWritten=0xc0004dd818*=0x3) returned 1 [0126.755] SetEvent (hEvent=0x324) returned 1 [0126.755] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010150*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e3818, lpReserved=0x0 | out: lpBuffer=0xc000010150*, lpNumberOfCharsWritten=0xc0006e3818*=0x3) returned 1 [0126.755] SetEvent (hEvent=0x324) returned 1 [0126.755] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00011c000*, nNumberOfCharsToWrite=0xa6, lpNumberOfCharsWritten=0xc00015d808, lpReserved=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfCharsWritten=0xc00015d808*=0xa6) returned 1 [0126.757] SetEvent (hEvent=0x324) returned 1 [0126.757] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0126.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat.log2"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0126.758] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2\\*", lpFindFileData=0xc00015da08 | out: lpFindFileData=0xc00015da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0126.758] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00015d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0126.758] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000058000*, nNumberOfCharsToWrite=0x68, lpNumberOfCharsWritten=0xc00015d808, lpReserved=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfCharsWritten=0xc00015d808*=0x68) returned 1 [0126.759] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0126.759] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0126.760] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0126.760] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0126.761] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0126.762] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat.log2"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0126.762] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0126.762] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2\\*", lpFindFileData=0xc00015da68 | out: lpFindFileData=0xc00015da68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0126.763] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc00015d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0126.763] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0126.763] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d69a0*, nNumberOfCharsToWrite=0xa6, lpNumberOfCharsWritten=0xc00015d808, lpReserved=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfCharsWritten=0xc00015d808*=0xa6) returned 1 [0126.765] SetEvent (hEvent=0x1b4) returned 1 [0126.765] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00000a1e0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc00015d808, lpReserved=0x0 | out: lpBuffer=0xc00000a1e0*, lpNumberOfCharsWritten=0xc00015d808*=0x11) returned 1 [0126.765] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00000a210*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc00015d808, lpReserved=0x0 | out: lpBuffer=0xc00000a210*, lpNumberOfCharsWritten=0xc00015d808*=0x11) returned 1 [0126.766] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat.log2"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\encry-UsrClass.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\encry-usrclass.dat.log2"), dwFlags=0x1) returned 0 [0126.766] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc00015d6e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0126.766] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0126.767] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0126.768] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00004e000*, nNumberOfCharsToWrite=0xfe, lpNumberOfCharsWritten=0xc00015d808, lpReserved=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfCharsWritten=0xc00015d808*=0xfe) returned 1 [0126.769] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.769] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0126.770] SetEvent (hEvent=0x114) returned 1 [0126.770] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0126.776] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.779] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.789] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0126.789] SetEvent (hEvent=0x1b4) returned 1 [0126.789] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0126.874] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.874] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0126.876] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.876] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0126.876] SetEvent (hEvent=0xc0) returned 1 [0126.876] SetEvent (hEvent=0xfc) returned 1 [0126.876] SetEvent (hEvent=0x1b4) returned 1 [0126.876] SetEvent (hEvent=0x324) returned 1 [0126.876] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0126.878] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.904] SetEvent (hEvent=0x1b4) returned 1 [0126.904] SetEvent (hEvent=0xfc) returned 1 [0126.904] SetEvent (hEvent=0x13c) returned 1 [0126.905] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.924] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.925] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0126.925] SetEvent (hEvent=0xc0) returned 1 [0126.925] SetEvent (hEvent=0xec) returned 1 [0126.925] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.941] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.942] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0126.942] SetEvent (hEvent=0x39c) returned 1 [0126.942] SetEvent (hEvent=0x324) returned 1 [0126.943] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.946] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0126.950] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.950] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0126.950] SetEvent (hEvent=0x39c) returned 1 [0126.951] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0126.964] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.964] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0126.965] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.965] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0126.965] SetEvent (hEvent=0xc0) returned 1 [0126.965] SetEvent (hEvent=0x39c) returned 1 [0126.965] SetEvent (hEvent=0x324) returned 1 [0126.965] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0126.967] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.968] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0126.969] SetEvent (hEvent=0xec) returned 1 [0126.969] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.976] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.977] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0126.977] SetEvent (hEvent=0x324) returned 1 [0126.977] SetEvent (hEvent=0x39c) returned 1 [0126.977] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.981] SetEvent (hEvent=0x3c8) returned 1 [0126.981] SetEvent (hEvent=0x114) returned 1 [0126.981] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0126.983] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0126.983] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.985] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0126.985] SetEvent (hEvent=0x114) returned 1 [0126.985] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.986] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c8060*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000177808, lpReserved=0x0 | out: lpBuffer=0xc0000c8060*, lpNumberOfCharsWritten=0xc000177808*=0x11) returned 1 [0127.012] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0127.013] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0127.014] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\encry-UsrClass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\encry-usrclass.dat{0f6d7aa7-f51a-11df-ae0e-001d09f21116}.tmcontainer00000000000000000001.regtrans-ms"), dwFlags=0x1) returned 0 [0127.014] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0001776e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0127.014] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0127.015] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0127.016] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000070000*, nNumberOfCharsToWrite=0x198, lpNumberOfCharsWritten=0xc000177808, lpReserved=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfCharsWritten=0xc000177808*=0x198) returned 1 [0127.022] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.025] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0127.025] SetEvent (hEvent=0x1a0) returned 1 [0127.025] SetEvent (hEvent=0x3c8) returned 1 [0127.026] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.036] SetEvent (hEvent=0x13c) returned 1 [0127.036] SetEvent (hEvent=0xfc) returned 1 [0127.036] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.042] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.045] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0127.045] SetEvent (hEvent=0xc0) returned 1 [0127.045] SetEvent (hEvent=0xfc) returned 1 [0127.045] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.070] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.072] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0127.072] SetEvent (hEvent=0x324) returned 1 [0127.072] SetEvent (hEvent=0x13c) returned 1 [0127.073] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.079] SetEvent (hEvent=0x13c) returned 1 [0127.079] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.085] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.085] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.086] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0127.086] SetEvent (hEvent=0xfc) returned 1 [0127.086] SetEvent (hEvent=0x39c) returned 1 [0127.086] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.098] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.098] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0127.098] SetEvent (hEvent=0xc0) returned 1 [0127.098] SetEvent (hEvent=0xfc) returned 1 [0127.098] SetEvent (hEvent=0x13c) returned 1 [0127.099] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.101] SetEvent (hEvent=0x13c) returned 1 [0127.101] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.109] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.109] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.111] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.111] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0127.111] SetEvent (hEvent=0x13c) returned 1 [0127.111] SetEvent (hEvent=0xfc) returned 1 [0127.111] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.126] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.126] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000243818, lpReserved=0x0 | out: lpBuffer=0xc0000a0030*, lpNumberOfCharsWritten=0xc000243818*=0x3) returned 1 [0127.129] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0036*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0036*, lpNumberOfCharsWritten=0xc0000f9818*=0x3) returned 1 [0127.131] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.137] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0120*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001f9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0120*, lpNumberOfCharsWritten=0xc0001f9818*=0x3) returned 1 [0127.153] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0127.170] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0126*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002df818, lpReserved=0x0 | out: lpBuffer=0xc0000a0126*, lpNumberOfCharsWritten=0xc0002df818*=0x3) returned 1 [0127.237] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.294] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020d818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc00020d818*=0x3) returned 1 [0127.302] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002d3818, lpReserved=0x0 | out: lpBuffer=0xc000586016*, lpNumberOfCharsWritten=0xc0002d3818*=0x3) returned 1 [0127.306] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.362] SetEvent (hEvent=0x324) returned 1 [0127.362] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e038*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00022f818, lpReserved=0x0 | out: lpBuffer=0xc00005e038*, lpNumberOfCharsWritten=0xc00022f818*=0x3) returned 1 [0127.388] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0127.389] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001bb818, lpReserved=0x0 | out: lpBuffer=0xc000586020*, lpNumberOfCharsWritten=0xc0001bb818*=0x3) returned 1 [0127.404] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586026*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001f3818, lpReserved=0x0 | out: lpBuffer=0xc000586026*, lpNumberOfCharsWritten=0xc0001f3818*=0x3) returned 1 [0127.411] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586350*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000159818, lpReserved=0x0 | out: lpBuffer=0xc000586350*, lpNumberOfCharsWritten=0xc000159818*=0x3) returned 1 [0127.419] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.424] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0127.425] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0198*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0198*, lpNumberOfCharsWritten=0xc0001d1818*=0x3) returned 1 [0127.426] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.466] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023f818, lpReserved=0x0 | out: lpBuffer=0xc000586020*, lpNumberOfCharsWritten=0xc00023f818*=0x3) returned 1 [0127.471] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.480] SetEvent (hEvent=0x324) returned 1 [0127.480] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.481] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00029f818, lpReserved=0x0 | out: lpBuffer=0xc00005e040*, lpNumberOfCharsWritten=0xc00029f818*=0x3) returned 1 [0127.490] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e046*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000035818, lpReserved=0x0 | out: lpBuffer=0xc00005e046*, lpNumberOfCharsWritten=0xc000035818*=0x3) returned 1 [0127.507] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e070*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000173818, lpReserved=0x0 | out: lpBuffer=0xc00005e070*, lpNumberOfCharsWritten=0xc000173818*=0x3) returned 1 [0127.526] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e076*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012d818, lpReserved=0x0 | out: lpBuffer=0xc00005e076*, lpNumberOfCharsWritten=0xc00012d818*=0x3) returned 1 [0127.531] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.581] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001ab818, lpReserved=0x0 | out: lpBuffer=0xc00005e020*, lpNumberOfCharsWritten=0xc0001ab818*=0x3) returned 1 [0127.591] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e026*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015d818, lpReserved=0x0 | out: lpBuffer=0xc00005e026*, lpNumberOfCharsWritten=0xc00015d818*=0x3) returned 1 [0127.596] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018b818, lpReserved=0x0 | out: lpBuffer=0xc00005e030*, lpNumberOfCharsWritten=0xc00018b818*=0x3) returned 1 [0127.600] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.608] SetEvent (hEvent=0x1b4) returned 1 [0127.608] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.610] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001c7818, lpReserved=0x0 | out: lpBuffer=0xc00005e020*, lpNumberOfCharsWritten=0xc0001c7818*=0x3) returned 1 [0127.615] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e026*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc00005e026*, lpNumberOfCharsWritten=0xc000241818*=0x3) returned 1 [0127.628] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023d818, lpReserved=0x0 | out: lpBuffer=0xc00005e060*, lpNumberOfCharsWritten=0xc00023d818*=0x3) returned 1 [0127.642] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.658] SetEvent (hEvent=0x3c8) returned 1 [0127.658] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.670] SetEvent (hEvent=0x13c) returned 1 [0127.670] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.674] SetEvent (hEvent=0x114) returned 1 [0127.674] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.685] SetEvent (hEvent=0x1b4) returned 1 [0127.685] VirtualFree (lpAddress=0xc000308000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0127.685] VirtualFree (lpAddress=0xc0002b6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0127.686] VirtualFree (lpAddress=0xc00028c000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0127.686] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.687] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.687] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.688] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.688] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.688] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.689] SetEvent (hEvent=0x1a0) returned 1 [0127.689] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0127.690] SetEvent (hEvent=0x13c) returned 1 [0127.690] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0128.377] SetEvent (hEvent=0x114) returned 1 [0128.378] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0128.380] SetEvent (hEvent=0x1b4) returned 1 [0128.380] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0128.383] SetEvent (hEvent=0x324) returned 1 [0128.383] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0128.458] SetEvent (hEvent=0x1a0) returned 1 [0128.458] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0128.458] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.458] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\*", lpFindFileData=0xc000259608 | out: lpFindFileData=0xc000259608*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0128.458] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000259638 | out: lpFindFileData=0xc000259638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0128.458] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000259638 | out: lpFindFileData=0xc000259638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd6e27e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd6e27e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Acrobat", cAlternateFileName="")) returned 1 [0128.459] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000259638 | out: lpFindFileData=0xc000259638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd708940, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd708940, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd708940, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Linguistics", cAlternateFileName="LINGUI~1")) returned 1 [0128.459] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000259638 | out: lpFindFileData=0xc000259638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0128.459] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0128.459] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat"), fInfoLevelId=0x0, lpFileInformation=0xc000259778 | out: lpFileInformation=0xc000259778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd6e27e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd6e27e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0128.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.459] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\*", lpFindFileData=0xc000259530 | out: lpFindFileData=0xc000259530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd6e27e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd6e27e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0128.459] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000259560 | out: lpFindFileData=0xc000259560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd6e27e0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd6e27e0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0128.459] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000259560 | out: lpFindFileData=0xc000259560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe5b04330, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xe5b04330, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="10.0", cAlternateFileName="")) returned 1 [0128.459] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000259560 | out: lpFindFileData=0xc000259560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0128.460] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0128.460] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0"), fInfoLevelId=0x0, lpFileInformation=0xc0002596a0 | out: lpFileInformation=0xc0002596a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe5b04330, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xe5b04330, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0128.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.460] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0128.461] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0128.462] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\*", lpFindFileData=0xc0001e9458 | out: lpFindFileData=0xc0001e9458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe5b04330, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xe5b04330, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cb700 [0130.421] SetEvent (hEvent=0xc0) returned 1 [0130.422] FindNextFileW (in: hFindFile=0x7cb700, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd6e27e0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe5b04330, ftLastAccessTime.dwHighDateTime=0x1d35d05, ftLastWriteTime.dwLowDateTime=0xe5b04330, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0130.422] FindNextFileW (in: hFindFile=0x7cb700, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd9b6a040, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xd9b6a040, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xde963ca0, ftLastWriteTime.dwHighDateTime=0x1d2e625, nFileSizeHigh=0x0, nFileSizeLow=0xa5ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="rdrmessage.zip", cAlternateFileName="RDRMES~1.ZIP")) returned 1 [0130.422] FindNextFileW (in: hFindFile=0x7cb700, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xce824760, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xce824760, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe5ab8070, ftLastWriteTime.dwHighDateTime=0x1d35d05, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReaderMessages", cAlternateFileName="READER~1")) returned 1 [0130.422] FindNextFileW (in: hFindFile=0x7cb700, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe8287550, ftCreationTime.dwHighDateTime=0x1d2ddf4, ftLastAccessTime.dwLowDateTime=0xe8287550, ftLastAccessTime.dwHighDateTime=0x1d2ddf4, ftLastWriteTime.dwLowDateTime=0xe8287550, ftLastWriteTime.dwHighDateTime=0x1d2ddf4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Search", cAlternateFileName="")) returned 1 [0130.422] FindNextFileW (in: hFindFile=0x7cb700, lpFindFileData=0xc0001e9488 | out: lpFindFileData=0xc0001e9488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0130.422] FindClose (in: hFindFile=0x7cb700 | out: hFindFile=0x7cb700) returned 1 [0130.667] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0132.812] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0132.812] SetEvent (hEvent=0x13c) returned 1 [0132.812] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0132.814] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.817] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0132.817] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.821] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0132.821] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.821] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0132.821] SetEvent (hEvent=0xc0) returned 1 [0132.822] SetEvent (hEvent=0x13c) returned 1 [0132.822] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.833] GetFileType (hFile=0x370) returned 0x1 [0132.833] GetFileType (hFile=0x370) returned 0x1 [0132.833] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc0001fbd44 | out: lpFileInformation=0xc0001fbd44) returned 1 [0132.834] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc0001fbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fbd28) returned 1 [0132.834] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0132.834] ReadFile (in: hFile=0x370, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x2dc, lpNumberOfBytesRead=0xc0001fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc0001fbc04*=0xdc, lpOverlapped=0x0) returned 1 [0132.836] ReadFile (in: hFile=0x370, lpBuffer=0xc00004e0dc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e0dc*, lpNumberOfBytesRead=0xc0001fbc04*=0x0, lpOverlapped=0x0) returned 1 [0132.836] CloseHandle (hObject=0x370) returned 1 [0132.836] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0132.836] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0132.837] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.897] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0132.903] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0132.911] SetEvent (hEvent=0x3c8) returned 1 [0132.911] SetEvent (hEvent=0x39c) returned 1 [0132.912] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0132.929] VirtualFree (lpAddress=0xc0002b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.948] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.948] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.949] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.949] VirtualFree (lpAddress=0xc000074000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0132.950] VirtualFree (lpAddress=0xc00006a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0132.950] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.950] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.951] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfCharsWritten=0xc0006e1818*=0x3) returned 1 [0132.954] SetEvent (hEvent=0x114) returned 1 [0132.954] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc000159808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000159808*=0xad) returned 1 [0132.958] SetEvent (hEvent=0x114) returned 1 [0132.958] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0132.958] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0132.959] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000159d64 | out: lpMode=0xc000159d64) returned 0 [0132.960] GetFileType (hFile=0x2cc) returned 0x1 [0132.960] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.961] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0132.961] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000159d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000159d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.961] CloseHandle (hObject=0x2cc) returned 1 [0132.963] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-0F1583FFF42FFF476A09801ACB69213F_E3F4A8C96454D7D3441D2C1BCE81F875" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-0f1583fff42fff476a09801acb69213f_e3f4a8c96454d7d3441d2c1bce81f875"), dwFlags=0x1) returned 1 [0133.293] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0133.293] SetEvent (hEvent=0x324) returned 1 [0133.293] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0133.295] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.299] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0133.299] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0133.299] SetEvent (hEvent=0x324) returned 1 [0133.299] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.302] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0133.302] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0134.264] SetEvent (hEvent=0x24c) returned 1 [0134.264] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0135.746] VirtualFree (lpAddress=0xc00027c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0135.746] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000141818, lpReserved=0x0 | out: lpBuffer=0xc0005862a0*, lpNumberOfCharsWritten=0xc000141818*=0x3) returned 1 [0135.748] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862a6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002d9818, lpReserved=0x0 | out: lpBuffer=0xc0005862a6*, lpNumberOfCharsWritten=0xc0002d9818*=0x3) returned 1 [0135.761] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0135.790] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001f5818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc0001f5818*=0x3) returned 1 [0135.792] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0135.798] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0028*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0028*, lpNumberOfCharsWritten=0xc00015f818*=0x3) returned 1 [0135.799] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0135.804] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d1818, lpReserved=0x0 | out: lpBuffer=0xc000586020*, lpNumberOfCharsWritten=0xc0001d1818*=0x3) returned 1 [0135.805] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0135.806] SetEvent (hEvent=0x334) returned 1 [0135.806] SetEvent (hEvent=0x324) returned 1 [0135.806] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586026*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00026f818, lpReserved=0x0 | out: lpBuffer=0xc000586026*, lpNumberOfCharsWritten=0xc00026f818*=0x3) returned 1 [0135.808] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000271818, lpReserved=0x0 | out: lpBuffer=0xc0000a0020*, lpNumberOfCharsWritten=0xc000271818*=0x3) returned 1 [0135.813] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0135.813] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0026*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0026*, lpNumberOfCharsWritten=0xc0000c7818*=0x3) returned 1 [0135.815] SetEvent (hEvent=0x334) returned 1 [0135.815] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0230*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002d7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0230*, lpNumberOfCharsWritten=0xc0002d7818*=0x3) returned 1 [0135.815] SetEvent (hEvent=0x334) returned 1 [0135.816] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0236*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0236*, lpNumberOfCharsWritten=0xc0000c1818*=0x3) returned 1 [0135.817] SetEvent (hEvent=0x334) returned 1 [0135.817] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0240*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0240*, lpNumberOfCharsWritten=0xc00015b818*=0x3) returned 1 [0135.818] SetEvent (hEvent=0x334) returned 1 [0135.818] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0246*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0246*, lpNumberOfCharsWritten=0xc0001d3818*=0x3) returned 1 [0135.818] SetEvent (hEvent=0x334) returned 1 [0135.819] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0250*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0250*, lpNumberOfCharsWritten=0xc0000c3818*=0x3) returned 1 [0135.819] SetEvent (hEvent=0x334) returned 1 [0135.819] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0256*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001f9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0256*, lpNumberOfCharsWritten=0xc0001f9818*=0x3) returned 1 [0135.820] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0136.129] SetEvent (hEvent=0x334) returned 1 [0136.130] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0136.130] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0136.130] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0136.131] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001f9cf4 | out: lpMode=0xc0001f9cf4) returned 0 [0136.139] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0136.150] GetFileType (hFile=0x36c) returned 0x1 [0136.150] GetFileType (hFile=0x36c) returned 0x1 [0136.150] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0001f9d44 | out: lpFileInformation=0xc0001f9d44) returned 1 [0136.150] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0001f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f9d28) returned 1 [0136.150] ReadFile (in: hFile=0x36c, lpBuffer=0xc0000fe000, nNumberOfBytesToRead=0x3d6, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesRead=0xc0001f9c04*=0x1d6, lpOverlapped=0x0) returned 1 [0136.151] ReadFile (in: hFile=0x36c, lpBuffer=0xc0000fe1d6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe1d6*, lpNumberOfBytesRead=0xc0001f9c04*=0x0, lpOverlapped=0x0) returned 1 [0136.151] CloseHandle (hObject=0x36c) returned 1 [0136.151] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0136.151] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0136.152] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0136.152] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0136.153] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0136.154] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001f9d04 | out: lpMode=0xc0001f9d04) returned 0 [0136.155] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0136.202] GetFileType (hFile=0x36c) returned 0x1 [0136.202] WriteFile (in: hFile=0x36c, lpBuffer=0xc000112000*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0xc0001f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000112000*, lpNumberOfBytesWritten=0xc0001f9cec*=0x1e0, lpOverlapped=0x0) returned 1 [0136.203] CloseHandle (hObject=0x36c) returned 1 [0136.203] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0136.203] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0136.204] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0136.205] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0136.206] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0136.206] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0136.207] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0136.207] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0136.207] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001f9d64 | out: lpMode=0xc0001f9d64) returned 0 [0136.313] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0136.419] GetFileType (hFile=0x36c) returned 0x1 [0136.419] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0136.420] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0136.421] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0136.421] WriteFile (in: hFile=0x36c, lpBuffer=0xc000060000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesWritten=0xc0001f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0136.422] CloseHandle (hObject=0x36c) returned 1 [0136.422] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0136.423] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\encry-settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\encry-settings.sol"), dwFlags=0x1) returned 1 [0136.425] SetEvent (hEvent=0x39c) returned 1 [0136.425] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0137.180] SetEvent (hEvent=0x324) returned 1 [0137.180] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0137.283] GetFileType (hFile=0x1b0) returned 0x1 [0137.283] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000155d44 | out: lpFileInformation=0xc000155d44) returned 1 [0137.283] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000155d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000155d28) returned 1 [0137.283] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0137.295] SwitchToThread () returned 1 [0137.295] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0137.297] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000260000, nNumberOfBytesToRead=0x80b, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc000260000*, lpNumberOfBytesRead=0xc000155c04*=0x60b, lpOverlapped=0x0) returned 1 [0137.300] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0137.508] SwitchToThread () returned 1 [0137.607] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0137.793] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00026060b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc00026060b*, lpNumberOfBytesRead=0xc000155c04*=0x0, lpOverlapped=0x0) returned 1 [0137.794] CloseHandle (hObject=0x1b0) returned 1 [0137.794] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0137.795] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0137.797] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000155d04 | out: lpMode=0xc000155d04) returned 0 [0137.890] GetFileType (hFile=0x1b0) returned 0x1 [0137.891] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000264000*, nNumberOfBytesToWrite=0x610, lpNumberOfBytesWritten=0xc000155cec, lpOverlapped=0x0 | out: lpBuffer=0xc000264000*, lpNumberOfBytesWritten=0xc000155cec*=0x610, lpOverlapped=0x0) returned 1 [0137.892] CloseHandle (hObject=0x1b0) returned 1 [0137.893] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0137.893] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0137.893] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000155d64 | out: lpMode=0xc000155d64) returned 0 [0137.902] GetFileType (hFile=0x1b0) returned 0x1 [0137.902] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000e4580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000155d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4580*, lpNumberOfBytesWritten=0xc000155d4c*=0x158, lpOverlapped=0x0) returned 1 [0137.903] CloseHandle (hObject=0x1b0) returned 1 [0137.903] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\encry-Windows Media Player.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\encry-windows media player.lnk"), dwFlags=0x1) returned 1 [0137.906] VirtualFree (lpAddress=0xc0001b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0137.907] VirtualFree (lpAddress=0xc0001a6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0137.907] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0137.908] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0137.909] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0000f9cf4 | out: lpMode=0xc0000f9cf4) returned 0 [0138.014] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0138.016] SwitchToThread () returned 1 [0138.017] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0138.115] SetEvent (hEvent=0x39c) returned 1 [0138.115] GetFileType (hFile=0x1b0) returned 0x1 [0138.116] GetFileType (hFile=0x1b0) returned 0x1 [0138.116] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0000f9d44 | out: lpFileInformation=0xc0000f9d44) returned 1 [0138.116] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0000f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f9d28) returned 1 [0138.116] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0138.121] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000f0000, nNumberOfBytesToRead=0x7ad, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesRead=0xc0000f9c04*=0x5ad, lpOverlapped=0x0) returned 1 [0138.122] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000f05ad, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f05ad*, lpNumberOfBytesRead=0xc0000f9c04*=0x0, lpOverlapped=0x0) returned 1 [0138.122] CloseHandle (hObject=0x1b0) returned 1 [0138.122] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0138.123] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0138.123] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0138.124] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0138.126] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0000f9d04 | out: lpMode=0xc0000f9d04) returned 0 [0138.127] SwitchToThread () returned 1 [0138.137] GetFileType (hFile=0x1b0) returned 0x1 [0138.137] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0138.614] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000036000*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0xc0000f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesWritten=0xc0000f9cec*=0x5b0, lpOverlapped=0x0) returned 1 [0138.615] CloseHandle (hObject=0x1b0) returned 1 [0138.616] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0138.616] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0138.617] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0138.617] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0138.618] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0000f9d64 | out: lpMode=0xc0000f9d64) returned 0 [0138.620] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0138.621] GetFileType (hFile=0x1b0) returned 0x1 [0138.621] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000054160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000054160*, lpNumberOfBytesWritten=0xc0000f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0138.622] CloseHandle (hObject=0x1b0) returned 1 [0138.622] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0138.623] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0138.623] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\encry-Internet Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\encry-internet explorer (2).lnk"), dwFlags=0x1) returned 1 [0138.628] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0138.711] SetEvent (hEvent=0x12c) returned 1 [0138.711] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0138.713] SetEvent (hEvent=0x3c8) returned 1 [0138.713] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0138.747] SwitchToThread () returned 1 [0138.748] SetEvent (hEvent=0x12c) returned 1 [0138.748] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0138.749] SetEvent (hEvent=0x12c) returned 1 [0138.749] SetEvent (hEvent=0x3c8) returned 1 [0138.749] VirtualFree (lpAddress=0xc00027e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.750] VirtualFree (lpAddress=0xc00021a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.750] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.750] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.751] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.751] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.752] VirtualFree (lpAddress=0xc000058000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0138.752] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.752] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.753] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.753] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0138.755] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000277cf4 | out: lpMode=0xc000277cf4) returned 0 [0138.757] GetFileType (hFile=0x1b0) returned 0x1 [0138.757] GetFileType (hFile=0x1b0) returned 0x1 [0138.757] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000277d44 | out: lpFileInformation=0xc000277d44) returned 1 [0138.758] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000277d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000277d28) returned 1 [0138.758] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0138.758] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000198000, nNumberOfBytesToRead=0x2dd, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc000198000*, lpNumberOfBytesRead=0xc000277c04*=0xdd, lpOverlapped=0x0) returned 1 [0138.759] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0001980dd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001980dd*, lpNumberOfBytesRead=0xc000277c04*=0x0, lpOverlapped=0x0) returned 1 [0138.759] CloseHandle (hObject=0x1b0) returned 1 [0138.759] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0138.760] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0138.760] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini\\*", lpFindFileData=0xc000277a08 | out: lpFindFileData=0xc000277a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0138.760] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000277720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0138.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0138.761] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000135cf4 | out: lpMode=0xc000135cf4) returned 0 [0138.764] GetFileType (hFile=0x1b0) returned 0x1 [0138.764] GetFileType (hFile=0x1b0) returned 0x1 [0138.764] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000135d44 | out: lpFileInformation=0xc000135d44) returned 1 [0138.764] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000135d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000135d28) returned 1 [0138.764] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0138.765] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0001a4000, nNumberOfBytesToRead=0x691, lpNumberOfBytesRead=0xc000135c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a4000*, lpNumberOfBytesRead=0xc000135c04*=0x491, lpOverlapped=0x0) returned 1 [0138.766] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0001a4491, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000135c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a4491*, lpNumberOfBytesRead=0xc000135c04*=0x0, lpOverlapped=0x0) returned 1 [0138.766] CloseHandle (hObject=0x1b0) returned 1 [0138.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0138.769] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000135d04 | out: lpMode=0xc000135d04) returned 0 [0138.787] GetFileType (hFile=0x1b0) returned 0x1 [0138.787] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000040500*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0xc000135cec, lpOverlapped=0x0 | out: lpBuffer=0xc000040500*, lpNumberOfBytesWritten=0xc000135cec*=0x4a0, lpOverlapped=0x0) returned 1 [0138.788] CloseHandle (hObject=0x1b0) returned 1 [0138.789] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000a01 | out: pbBuffer=0xc000000a01) returned 1 [0138.789] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0138.790] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0138.790] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000135d64 | out: lpMode=0xc000135d64) returned 0 [0138.803] GetFileType (hFile=0x1b0) returned 0x1 [0138.803] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000164000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000135d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000164000*, lpNumberOfBytesWritten=0xc000135d4c*=0x158, lpOverlapped=0x0) returned 1 [0138.803] CloseHandle (hObject=0x1b0) returned 1 [0138.804] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0138.804] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\encry-Mozilla Firefox.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\encry-mozilla firefox.lnk"), dwFlags=0x1) returned 1 [0138.808] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0138.809] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0138.809] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0138.809] SetEvent (hEvent=0xc0) returned 1 [0138.809] SetEvent (hEvent=0x324) returned 1 [0138.813] SetEvent (hEvent=0xec) returned 1 [0138.813] SetEvent (hEvent=0x39c) returned 1 [0138.813] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0138.814] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0138.824] SetEvent (hEvent=0xec) returned 1 [0138.824] SetEvent (hEvent=0x324) returned 1 [0138.824] SetEvent (hEvent=0x334) returned 1 [0138.824] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0138.826] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0138.827] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0138.827] SetEvent (hEvent=0x30c) returned 1 [0138.827] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0138.834] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0138.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0138.838] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00013fd04 | out: lpMode=0xc00013fd04) returned 0 [0138.847] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0138.857] GetFileType (hFile=0x240) returned 0x1 [0138.857] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0138.858] WriteFile (in: hFile=0x240, lpBuffer=0xc001f10000*, nNumberOfBytesToWrite=0x182ac30, lpNumberOfBytesWritten=0xc00013fcec, lpOverlapped=0x0 | out: lpBuffer=0xc001f10000*, lpNumberOfBytesWritten=0xc00013fcec*=0x182ac30, lpOverlapped=0x0) returned 1 [0140.150] CloseHandle (hObject=0x240) returned 1 [0140.150] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0140.150] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0140.150] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0140.151] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0140.151] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00013fd64 | out: lpMode=0xc00013fd64) returned 0 [0140.156] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.158] SetEvent (hEvent=0xc0) returned 1 [0140.158] GetFileType (hFile=0x240) returned 0x1 [0140.158] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.179] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0140.180] WriteFile (in: hFile=0x240, lpBuffer=0xc0000b6000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesWritten=0xc00013fd4c*=0x158, lpOverlapped=0x0) returned 1 [0140.180] CloseHandle (hObject=0x240) returned 1 [0140.180] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0140.181] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\Data1.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\data1.cab"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Sun\\Java\\jre1.7.0_45\\encry-Data1.cab" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\sun\\java\\jre1.7.0_45\\encry-data1.cab"), dwFlags=0x1) returned 1 [0140.182] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0140.183] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xdc5ea830, ftCreationTime.dwHighDateTime=0x1d41fce, ftLastAccessTime.dwLowDateTime=0xdc5ea830, ftLastAccessTime.dwHighDateTime=0x1d41fce, ftLastWriteTime.dwLowDateTime=0xdc5ea830, ftLastWriteTime.dwHighDateTime=0x1d41fce, nFileSizeHigh=0x0, nFileSizeLow=0x1d4)) returned 1 [0140.184] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0xf6409280, ftCreationTime.dwHighDateTime=0x1d4ae2c, ftLastAccessTime.dwLowDateTime=0xf6409280, ftLastAccessTime.dwHighDateTime=0x1d4ae2c, ftLastWriteTime.dwLowDateTime=0xf6409280, ftLastWriteTime.dwHighDateTime=0x1d4ae2c, nFileSizeHigh=0x0, nFileSizeLow=0x1d4)) returned 1 [0140.184] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542b0350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542b0350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x542b0350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d4)) returned 1 [0140.184] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x89f07f80, ftCreationTime.dwHighDateTime=0x1d5e82a, ftLastAccessTime.dwLowDateTime=0x89f07f80, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x89f07f80, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x1d4)) returned 1 [0140.185] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0140.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x542fc610, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x542fc610, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x89f54240, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x18)) returned 1 [0140.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x17ffec90, ftCreationTime.dwHighDateTime=0x1d3373c, ftLastAccessTime.dwLowDateTime=0x17ffec90, ftLastAccessTime.dwHighDateTime=0x1d3373c, ftLastWriteTime.dwLowDateTime=0x18024df0, ftLastWriteTime.dwHighDateTime=0x1d3373c, nFileSizeHigh=0x0, nFileSizeLow=0x1d4)) returned 1 [0140.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist"), fInfoLevelId=0x0, lpFileInformation=0xc0001e96a0 | out: lpFileInformation=0xc0001e96a0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x2b1e4b40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2b1e4b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x36031920, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x4c)) returned 1 [0140.186] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0140.187] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher"), fInfoLevelId=0x0, lpFileInformation=0xc0001e9778 | out: lpFileInformation=0xc0001e9778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.191] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.200] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.201] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001fd818, lpReserved=0x0 | out: lpBuffer=0xc000206010*, lpNumberOfCharsWritten=0xc0001fd818*=0x3) returned 1 [0140.203] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206016*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000047818, lpReserved=0x0 | out: lpBuffer=0xc000206016*, lpNumberOfCharsWritten=0xc000047818*=0x3) returned 1 [0140.305] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020f818, lpReserved=0x0 | out: lpBuffer=0xc000206030*, lpNumberOfCharsWritten=0xc00020f818*=0x3) returned 1 [0140.428] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206036*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00011b818, lpReserved=0x0 | out: lpBuffer=0xc000206036*, lpNumberOfCharsWritten=0xc00011b818*=0x3) returned 1 [0140.439] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0140.439] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00006a000*, nNumberOfCharsToWrite=0xd0, lpNumberOfCharsWritten=0xc000243808, lpReserved=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfCharsWritten=0xc000243808*=0xd0) returned 1 [0140.451] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0140.452] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0140.452] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0140.453] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0140.453] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0140.454] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0140.455] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0140.455] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000243d64 | out: lpMode=0xc000243d64) returned 0 [0140.467] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.469] GetFileType (hFile=0x36c) returned 0x1 [0140.469] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000702c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000243d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000702c0*, lpNumberOfBytesWritten=0xc000243d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.469] CloseHandle (hObject=0x36c) returned 1 [0140.469] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\encry-932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\encry-932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwFlags=0x1) returned 1 [0140.471] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.471] SetEvent (hEvent=0x39c) returned 1 [0140.471] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.472] SetEvent (hEvent=0x39c) returned 1 [0140.472] SetEvent (hEvent=0x3c8) returned 1 [0140.472] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.473] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0140.473] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.473] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.474] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.474] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.474] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.475] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.475] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.475] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.475] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.476] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.476] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.476] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.477] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.477] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.477] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.477] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.478] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0140.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0140.479] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00024bcf4 | out: lpMode=0xc00024bcf4) returned 0 [0140.480] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.481] GetFileType (hFile=0x36c) returned 0x1 [0140.481] GetFileType (hFile=0x36c) returned 0x1 [0140.481] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc00024bd44 | out: lpFileInformation=0xc00024bd44) returned 1 [0140.481] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc00024bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024bd28) returned 1 [0140.482] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0140.482] ReadFile (in: hFile=0x36c, lpBuffer=0xc000036000, nNumberOfBytesToRead=0x3d4, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesRead=0xc00024bc04*=0x1d4, lpOverlapped=0x0) returned 1 [0140.484] ReadFile (in: hFile=0x36c, lpBuffer=0xc0000361d4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000361d4*, lpNumberOfBytesRead=0xc00024bc04*=0x0, lpOverlapped=0x0) returned 1 [0140.484] CloseHandle (hObject=0x36c) returned 1 [0140.484] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0140.485] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0140.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.485] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c\\*", lpFindFileData=0xc00024ba08 | out: lpFindFileData=0xc00024ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0140.486] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00024b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0140.486] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.491] SetEvent (hEvent=0x324) returned 1 [0140.491] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0140.491] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0140.491] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0140.492] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0140.492] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0140.493] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0140.493] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0140.494] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0140.494] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0140.494] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0000f7d64 | out: lpMode=0xc0000f7d64) returned 0 [0140.508] GetFileType (hFile=0x2f0) returned 0x1 [0140.508] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0140.508] WriteFile (in: hFile=0x2f0, lpBuffer=0xc00006c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00006c2c0*, lpNumberOfBytesWritten=0xc0000f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.509] CloseHandle (hObject=0x2f0) returned 1 [0140.509] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\2be989a0-16a1-424b-9211-51aa3bb43e5d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\encry-2be989a0-16a1-424b-9211-51aa3bb43e5d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\encry-2be989a0-16a1-424b-9211-51aa3bb43e5d"), dwFlags=0x1) returned 1 [0140.517] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0140.517] SetEvent (hEvent=0x30c) returned 1 [0140.518] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0140.520] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.537] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.537] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0140.538] SetEvent (hEvent=0x30c) returned 1 [0140.538] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.578] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0140.579] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0140.580] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0004ddcf4 | out: lpMode=0xc0004ddcf4) returned 0 [0140.586] GetFileType (hFile=0x240) returned 0x1 [0140.586] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0140.587] GetFileType (hFile=0x240) returned 0x1 [0140.587] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc0004ddd44 | out: lpFileInformation=0xc0004ddd44) returned 1 [0140.587] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc0004ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004ddd28) returned 1 [0140.587] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0140.588] ReadFile (in: hFile=0x240, lpBuffer=0xc000058000, nNumberOfBytesToRead=0x202, lpNumberOfBytesRead=0xc0004ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesRead=0xc0004ddc04*=0x2, lpOverlapped=0x0) returned 1 [0140.590] ReadFile (in: hFile=0x240, lpBuffer=0xc000058002, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000058002*, lpNumberOfBytesRead=0xc0004ddc04*=0x0, lpOverlapped=0x0) returned 1 [0140.590] CloseHandle (hObject=0x240) returned 1 [0140.590] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0140.591] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0140.591] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0140.592] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0140.593] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0004ddd04 | out: lpMode=0xc0004ddd04) returned 0 [0140.604] GetFileType (hFile=0x240) returned 0x1 [0140.604] WriteFile (in: hFile=0x240, lpBuffer=0xc0000a02e0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0004ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a02e0*, lpNumberOfBytesWritten=0xc0004ddcec*=0x10, lpOverlapped=0x0) returned 1 [0140.605] CloseHandle (hObject=0x240) returned 1 [0140.605] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0140.605] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0140.606] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0140.607] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0140.607] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0004ddd64 | out: lpMode=0xc0004ddd64) returned 0 [0140.614] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.623] GetFileType (hFile=0x240) returned 0x1 [0140.623] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0140.624] WriteFile (in: hFile=0x240, lpBuffer=0xc0001e2000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesWritten=0xc0004ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0140.624] CloseHandle (hObject=0x240) returned 1 [0140.624] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\encry-CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\encry-custom.dic"), dwFlags=0x1) returned 1 [0140.625] SetEvent (hEvent=0x30c) returned 1 [0140.625] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.675] SetEvent (hEvent=0x12c) returned 1 [0140.675] SetEvent (hEvent=0x3c8) returned 1 [0140.675] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.697] SetEvent (hEvent=0x12c) returned 1 [0140.697] SetEvent (hEvent=0x324) returned 1 [0140.697] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.701] SetEvent (hEvent=0x324) returned 1 [0140.701] SetEvent (hEvent=0x3c8) returned 1 [0140.701] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.730] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0240*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0240*, lpNumberOfCharsWritten=0xc0006e3818*=0x3) returned 1 [0140.732] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.742] SetEvent (hEvent=0x12c) returned 1 [0140.743] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.744] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000052000*, nNumberOfCharsToWrite=0x61, lpNumberOfCharsWritten=0xc000191808, lpReserved=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfCharsWritten=0xc000191808*=0x61) returned 1 [0140.745] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0140.745] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0140.746] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0140.746] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000191d64 | out: lpMode=0xc000191d64) returned 0 [0140.753] GetFileType (hFile=0x384) returned 0x1 [0140.753] WriteFile (in: hFile=0x384, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000191d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000191d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.754] CloseHandle (hObject=0x384) returned 1 [0140.754] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\synchist"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\encry-SYNCHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\encry-synchist"), dwFlags=0x1) returned 1 [0140.756] SwitchToThread () returned 1 [0140.761] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc0001b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.761] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.764] CloseHandle (hObject=0x2f0) returned 1 [0140.765] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\encry-Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\encry-normal.dotm"), dwFlags=0x1) returned 1 [0140.766] SwitchToThread () returned 1 [0140.769] SetEvent (hEvent=0x12c) returned 1 [0140.769] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000521a0*, nNumberOfCharsToWrite=0x68, lpNumberOfCharsWritten=0xc0001d1808, lpReserved=0x0 | out: lpBuffer=0xc0000521a0*, lpNumberOfCharsWritten=0xc0001d1808*=0x68) returned 1 [0140.774] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0140.774] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0140.776] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0140.776] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001d1d64 | out: lpMode=0xc0001d1d64) returned 0 [0140.781] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.783] GetFileType (hFile=0x2f0) returned 0x1 [0140.783] WriteFile (in: hFile=0x2f0, lpBuffer=0xc000036420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000036420*, lpNumberOfBytesWritten=0xc0001d1d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.784] CloseHandle (hObject=0x2f0) returned 1 [0140.784] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\encry-index.dat"), dwFlags=0x1) returned 1 [0140.801] SwitchToThread () returned 1 [0140.809] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0140.809] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.843] SetEvent (hEvent=0x12c) returned 1 [0140.843] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.864] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.867] SetEvent (hEvent=0x324) returned 1 [0140.867] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.867] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000b62c0*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc00020d808, lpReserved=0x0 | out: lpBuffer=0xc0000b62c0*, lpNumberOfCharsWritten=0xc00020d808*=0xac) returned 1 [0140.868] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0140.868] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0140.869] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00020dd64 | out: lpMode=0xc00020dd64) returned 0 [0140.875] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0140.879] GetFileType (hFile=0x384) returned 0x1 [0140.879] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0140.880] WriteFile (in: hFile=0x384, lpBuffer=0xc000036000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesWritten=0xc00020dd4c*=0x158, lpOverlapped=0x0) returned 1 [0140.880] CloseHandle (hObject=0x384) returned 1 [0140.881] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0140.881] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0140.882] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\0e15476d-d8fe-46ca-8099-ebdcf80f637c"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\encry-0e15476d-d8fe-46ca-8099-ebdcf80f637c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\encry-0e15476d-d8fe-46ca-8099-ebdcf80f637c"), dwFlags=0x1) returned 1 [0140.883] SetEvent (hEvent=0x324) returned 1 [0140.883] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0141.007] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0141.008] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0141.008] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0141.009] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0141.009] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0141.010] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0141.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0141.011] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc00011bcf4 | out: lpMode=0xc00011bcf4) returned 0 [0141.017] GetFileType (hFile=0x2f4) returned 0x1 [0141.017] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0141.018] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0141.018] GetFileType (hFile=0x2f4) returned 0x1 [0141.018] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc00011bd44 | out: lpFileInformation=0xc00011bd44) returned 1 [0141.018] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc00011bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00011bd28) returned 1 [0141.019] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0141.019] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0141.020] ReadFile (in: hFile=0x2f4, lpBuffer=0xc000208000, nNumberOfBytesToRead=0x401, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000208000*, lpNumberOfBytesRead=0xc00011bc04*=0x201, lpOverlapped=0x0) returned 1 [0141.021] ReadFile (in: hFile=0x2f4, lpBuffer=0xc000208201, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000208201*, lpNumberOfBytesRead=0xc00011bc04*=0x0, lpOverlapped=0x0) returned 1 [0141.021] CloseHandle (hObject=0x2f4) returned 1 [0141.021] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0141.021] VirtualAlloc (lpAddress=0xc000214000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000214000 [0141.022] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0141.023] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc00011bd04 | out: lpMode=0xc00011bd04) returned 0 [0141.025] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0141.096] GetFileType (hFile=0x2f4) returned 0x1 [0141.096] WriteFile (in: hFile=0x2f4, lpBuffer=0xc000214000*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0xc00011bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000214000*, lpNumberOfBytesWritten=0xc00011bcec*=0x210, lpOverlapped=0x0) returned 1 [0141.098] CloseHandle (hObject=0x2f4) returned 1 [0141.098] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0141.098] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0141.099] VirtualAlloc (lpAddress=0xc000302000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000302000 [0141.100] VirtualAlloc (lpAddress=0xc000304000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000304000 [0141.100] VirtualAlloc (lpAddress=0xc000306000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000306000 [0141.101] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0141.101] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc00011bd64 | out: lpMode=0xc00011bd64) returned 0 [0141.111] GetFileType (hFile=0x2f4) returned 0x1 [0141.111] WriteFile (in: hFile=0x2f4, lpBuffer=0xc0003062c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00011bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0003062c0*, lpNumberOfBytesWritten=0xc00011bd4c*=0x158, lpOverlapped=0x0) returned 1 [0141.112] CloseHandle (hObject=0x2f4) returned 1 [0141.112] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@at.atwola[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@at.atwola[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@at.atwola[1].txt"), dwFlags=0x1) returned 1 [0141.113] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0141.113] SetEvent (hEvent=0x3c4) returned 1 [0141.113] SetEvent (hEvent=0x144) returned 1 [0141.113] SetEvent (hEvent=0x9c) returned 1 [0141.113] VirtualAlloc (lpAddress=0xc000308000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000308000 [0141.115] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0141.122] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0141.122] SetEvent (hEvent=0x3c4) returned 1 [0141.122] SetEvent (hEvent=0x318) returned 1 [0141.122] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0141.192] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0141.192] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0141.192] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0141.192] SetEvent (hEvent=0xc0) returned 1 [0141.192] SetEvent (hEvent=0x1b4) returned 1 [0141.192] SetEvent (hEvent=0x114) returned 1 [0141.193] SetEvent (hEvent=0x148) returned 1 [0141.193] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0141.266] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0141.267] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0141.267] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0141.267] SetEvent (hEvent=0x24c) returned 1 [0141.267] SetEvent (hEvent=0x3c0) returned 1 [0141.267] SetEvent (hEvent=0x148) returned 1 [0141.268] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0141.275] SetEvent (hEvent=0x148) returned 1 [0141.275] SetEvent (hEvent=0x3c0) returned 1 [0141.275] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0141.442] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0141.442] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0141.443] SetEvent (hEvent=0xc0) returned 1 [0141.443] SetEvent (hEvent=0x3c0) returned 1 [0141.443] SetEvent (hEvent=0x320) returned 1 [0141.443] SetEvent (hEvent=0x114) returned 1 [0141.443] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0141.448] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0141.448] VirtualAlloc (lpAddress=0xc000310000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000310000 [0141.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2h7BX4wZQWnTK69Gg7f-.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2h7bx4wzqwntk69gg7f-.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0141.450] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000255cf4 | out: lpMode=0xc000255cf4) returned 0 [0141.451] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0141.503] GetFileType (hFile=0x240) returned 0x1 [0141.503] GetFileType (hFile=0x240) returned 0x1 [0141.503] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc000255d44 | out: lpFileInformation=0xc000255d44) returned 1 [0141.503] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc000255d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000255d28) returned 1 [0141.503] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0141.504] ReadFile (in: hFile=0x240, lpBuffer=0xc000262000, nNumberOfBytesToRead=0x624, lpNumberOfBytesRead=0xc000255c04, lpOverlapped=0x0 | out: lpBuffer=0xc000262000*, lpNumberOfBytesRead=0xc000255c04*=0x424, lpOverlapped=0x0) returned 1 [0142.509] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0142.889] ReadFile (in: hFile=0x240, lpBuffer=0xc000262424, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000255c04, lpOverlapped=0x0 | out: lpBuffer=0xc000262424*, lpNumberOfBytesRead=0xc000255c04*=0x0, lpOverlapped=0x0) returned 1 [0142.889] CloseHandle (hObject=0x240) returned 1 [0142.889] VirtualAlloc (lpAddress=0xc00069c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00069c000 [0142.891] VirtualAlloc (lpAddress=0xc00069e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00069e000 [0142.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2h7BX4wZQWnTK69Gg7f-.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2h7bx4wzqwntk69gg7f-.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0142.894] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000255d04 | out: lpMode=0xc000255d04) returned 0 [0142.998] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0144.240] SetEvent (hEvent=0xbc0) returned 1 [0144.240] GetFileType (hFile=0x240) returned 0x1 [0144.241] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0144.594] WriteFile (in: hFile=0x240, lpBuffer=0xc000198000*, nNumberOfBytesToWrite=0x430, lpNumberOfBytesWritten=0xc000255cec, lpOverlapped=0x0 | out: lpBuffer=0xc000198000*, lpNumberOfBytesWritten=0xc000255cec*=0x430, lpOverlapped=0x0) returned 1 [0144.596] CloseHandle (hObject=0x240) returned 1 [0144.596] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b301 | out: pbBuffer=0xc00031b301) returned 1 [0144.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2h7BX4wZQWnTK69Gg7f-.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2h7bx4wzqwntk69gg7f-.mkv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0144.596] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000255d64 | out: lpMode=0xc000255d64) returned 0 [0144.600] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0145.455] SetEvent (hEvent=0xc0) returned 1 [0145.455] SetEvent (hEvent=0xb70) returned 1 [0145.455] GetFileType (hFile=0x240) returned 0x1 [0145.455] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0145.912] WriteFile (in: hFile=0x240, lpBuffer=0xc000291080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000255d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000291080*, lpNumberOfBytesWritten=0xc000255d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.912] CloseHandle (hObject=0x240) returned 1 [0145.924] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0146.149] SetEvent (hEvent=0xa80) returned 1 [0146.149] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2h7BX4wZQWnTK69Gg7f-.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2h7bx4wzqwntk69gg7f-.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-2h7BX4wZQWnTK69Gg7f-.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-2h7bx4wzqwntk69gg7f-.mkv.lnk"), dwFlags=0x1) returned 1 [0150.684] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0151.191] SetEvent (hEvent=0xb50) returned 1 [0151.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\xe1i.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\xe1i.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x710 [0151.192] GetConsoleMode (in: hConsoleHandle=0x710, lpMode=0xc000393cf4 | out: lpMode=0xc000393cf4) returned 0 [0151.193] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0151.612] SetEvent (hEvent=0xc0) returned 1 [0151.612] SetEvent (hEvent=0xa68) returned 1 [0151.612] GetFileType (hFile=0x710) returned 0x1 [0151.612] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0152.128] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0152.130] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\kx6 uo3mEQ_UuXg.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kx6 uo3meq_uuxg.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x70c [0152.131] GetConsoleMode (in: hConsoleHandle=0x70c, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0152.131] GetFileType (hFile=0x70c) returned 0x1 [0152.132] GetFileType (hFile=0x70c) returned 0x1 [0152.132] GetFileInformationByHandle (in: hFile=0x70c, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0152.132] GetFileInformationByHandleEx (in: hFile=0x70c, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0152.132] ReadFile (in: hFile=0x70c, lpBuffer=0xc00027c000, nNumberOfBytesToRead=0xcd8, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesRead=0xc0006e1c04*=0xad8, lpOverlapped=0x0) returned 1 [0152.133] ReadFile (in: hFile=0x70c, lpBuffer=0xc00027cad8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00027cad8*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0152.133] CloseHandle (hObject=0x70c) returned 1 [0152.133] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\kx6 uo3mEQ_UuXg.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kx6 uo3meq_uuxg.pps"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x70c [0152.134] GetConsoleMode (in: hConsoleHandle=0x70c, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0152.139] GetFileType (hFile=0x70c) returned 0x1 [0152.140] WriteFile (in: hFile=0x70c, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0xae0, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc0006e1cec*=0xae0, lpOverlapped=0x0) returned 1 [0152.142] CloseHandle (hObject=0x70c) returned 1 [0152.142] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0152.142] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\kx6 uo3mEQ_UuXg.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kx6 uo3meq_uuxg.pps"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x70c [0152.142] GetConsoleMode (in: hConsoleHandle=0x70c, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0152.149] GetFileType (hFile=0x70c) returned 0x1 [0152.150] WriteFile (in: hFile=0x70c, lpBuffer=0xc000284c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284c60*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0152.150] CloseHandle (hObject=0x70c) returned 1 [0152.150] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\kx6 uo3mEQ_UuXg.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kx6 uo3meq_uuxg.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\encry-kx6 uo3mEQ_UuXg.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\encry-kx6 uo3meq_uuxg.pps"), dwFlags=0x1) returned 1 [0152.152] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0152.152] SetEvent (hEvent=0xa48) returned 1 [0152.152] SetEvent (hEvent=0xa50) returned 1 [0152.153] SetEvent (hEvent=0x990) returned 1 [0152.154] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0152.172] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0152.172] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0152.176] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0152.177] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0152.177] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0152.177] SetEvent (hEvent=0xc0) returned 1 [0152.177] SetEvent (hEvent=0xb38) returned 1 [0152.272] SetEvent (hEvent=0x9c8) returned 1 [0152.272] SetEvent (hEvent=0xb70) returned 1 [0152.272] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0152.293] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0152.294] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f698, ulCount=0x10, ulNumEntriesRemoved=0x2d29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f698, ulNumEntriesRemoved=0x2d29f66c) returned 0 [0152.294] SetEvent (hEvent=0xa20) returned 1 [0152.294] SetEvent (hEvent=0x8f8) returned 1 [0152.294] SetEvent (hEvent=0xbd8) returned 1 [0152.295] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0152.304] SetEvent (hEvent=0xbd8) returned 1 [0152.304] SetEvent (hEvent=0x8f8) returned 1 [0152.304] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe08*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0152.307] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0152.307] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe30*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0152.308] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0152.308] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d29f6a0, ulNumEntriesRemoved=0x2d29f674) returned 0 [0152.308] SetEvent (hEvent=0xc44) returned 1 [0152.308] SetEvent (hEvent=0x3b0) returned 1 [0152.308] SetEvent (hEvent=0x9a8) returned 1 [0152.308] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d29fe18*=0x354, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0152.316] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XT0rtZ_l-eS-ZJIBw.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xt0rtz_l-es-zjibw.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x524 [0152.317] GetConsoleMode (in: hConsoleHandle=0x524, lpMode=0xc000177cf4 | out: lpMode=0xc000177cf4) returned 0 [0152.319] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0152.792] GetFileType (hFile=0x524) returned 0x1 [0152.792] GetFileType (hFile=0x524) returned 0x1 [0152.792] GetFileInformationByHandle (in: hFile=0x524, lpFileInformation=0xc000177d44 | out: lpFileInformation=0xc000177d44) returned 1 [0152.792] GetFileInformationByHandleEx (in: hFile=0x524, FileInformationClass=0x9, lpFileInformation=0xc000177d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000177d28) returned 1 [0152.792] ReadFile (in: hFile=0x524, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x3db6, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc000177c04*=0x3bb6, lpOverlapped=0x0) returned 1 [0152.793] ReadFile (in: hFile=0x524, lpBuffer=0xc0000fdbb6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fdbb6*, lpNumberOfBytesRead=0xc000177c04*=0x0, lpOverlapped=0x0) returned 1 [0152.793] CloseHandle (hObject=0x524) returned 1 [0152.794] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0152.795] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XT0rtZ_l-eS-ZJIBw.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xt0rtz_l-es-zjibw.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x524 [0152.797] GetConsoleMode (in: hConsoleHandle=0x524, lpMode=0xc000177d04 | out: lpMode=0xc000177d04) returned 0 [0152.840] GetFileType (hFile=0x524) returned 0x1 [0152.840] WriteFile (in: hFile=0x524, lpBuffer=0xc00004e000*, nNumberOfBytesToWrite=0x3bc0, lpNumberOfBytesWritten=0xc000177cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesWritten=0xc000177cec*=0x3bc0, lpOverlapped=0x0) returned 1 [0152.842] CloseHandle (hObject=0x524) returned 1 [0152.842] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0152.843] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\XT0rtZ_l-eS-ZJIBw.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\xt0rtz_l-es-zjibw.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x524 [0152.843] GetConsoleMode (in: hConsoleHandle=0x524, lpMode=0xc000177d64 | out: lpMode=0xc000177d64) returned 0 [0152.880] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0152.914] SetEvent (hEvent=0x8e8) returned 1 [0152.914] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0161.253] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0161.254] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0161.256] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\fB7kA7Be.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\fb7ka7be.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0162.052] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0002a5cf4 | out: lpMode=0xc0002a5cf4) returned 0 [0162.408] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0162.598] SetEvent (hEvent=0x1b4) returned 1 [0162.598] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0163.504] WriteFile (in: hFile=0x7a0, lpBuffer=0xc000565500*, nNumberOfBytesToWrite=0x65e0, lpNumberOfBytesWritten=0xc000313cec, lpOverlapped=0x0 | out: lpBuffer=0xc000565500*, lpNumberOfBytesWritten=0xc000313cec*=0x65e0, lpOverlapped=0x0) returned 1 [0166.357] CloseHandle (hObject=0x7a0) returned 1 [0166.708] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0166.823] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0166.823] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0166.827] VirtualAlloc (lpAddress=0xc0002b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b8000 [0166.828] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\jHuL_YLH6suGmW.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\jhul_ylh6sugmw.gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0166.860] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000313d64 | out: lpMode=0xc000313d64) returned 0 [0166.868] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) returned 0x0 [0167.024] GetFileType (hFile=0x3e0) returned 0x1 [0167.025] WriteFile (in: hFile=0x3e0, lpBuffer=0xc0000c2580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000313d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000c2580*, lpNumberOfBytesWritten=0xc000313d4c*=0x158, lpOverlapped=0x0) returned 1 [0167.026] CloseHandle (hObject=0x3e0) returned 1 [0167.026] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\jHuL_YLH6suGmW.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\jhul_ylh6sugmw.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\encry-jHuL_YLH6suGmW.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\encry-jhul_ylh6sugmw.gif"), dwFlags=0x1) returned 1 [0167.392] WaitForSingleObject (hHandle=0x354, dwMilliseconds=0xffffffff) Thread: id = 53 os_tid = 0x10c [0116.181] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2d49fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2d49fea0*=0x34c) returned 1 [0116.181] VirtualQuery (in: lpAddress=0x2d49fec0, lpBuffer=0x2d49fec0, dwLength=0x30 | out: lpBuffer=0x2d49fec0*(BaseAddress=0x2d49f000, AllocationBase=0x2d2a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.181] SetEvent (hEvent=0x324) returned 1 [0116.181] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x35c [0116.181] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x360 [0116.181] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0116.195] SetEvent (hEvent=0x340) returned 1 [0116.195] SetEvent (hEvent=0x334) returned 1 [0116.195] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0116.295] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031aa01 | out: pbBuffer=0xc00031aa01) returned 1 [0116.295] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0116.295] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000191d64 | out: lpMode=0xc000191d64) returned 0 [0116.297] GetFileType (hFile=0x23c) returned 0x1 [0116.297] WriteFile (in: hFile=0x23c, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000191d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000191d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.297] CloseHandle (hObject=0x23c) returned 1 [0116.300] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\AAbyinC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\aabyinc[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-AAbyinC[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-aabyinc[1].png"), dwFlags=0x1) returned 1 [0116.815] SetEvent (hEvent=0x148) returned 1 [0116.815] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0117.370] SetEvent (hEvent=0x1f8) returned 1 [0117.370] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0117.377] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0117.378] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001bbcf4 | out: lpMode=0xc0001bbcf4) returned 0 [0117.382] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0117.490] GetFileType (hFile=0x2f0) returned 0x1 [0117.490] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0117.491] GetFileType (hFile=0x2f0) returned 0x1 [0117.491] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0001bbd44 | out: lpFileInformation=0xc0001bbd44) returned 1 [0117.491] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0001bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bbd28) returned 1 [0117.491] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x22000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0117.494] ReadFile (in: hFile=0x2f0, lpBuffer=0xc000400000, nNumberOfBytesToRead=0x213dd, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000400000*, lpNumberOfBytesRead=0xc0001bbc04*=0x211dd, lpOverlapped=0x0) returned 1 [0117.501] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0004211dd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004211dd*, lpNumberOfBytesRead=0xc0001bbc04*=0x0, lpOverlapped=0x0) returned 1 [0117.501] CloseHandle (hObject=0x2f0) returned 1 [0117.501] VirtualAlloc (lpAddress=0xc000422000, dwSize=0x22000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000422000 [0117.506] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0117.620] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0117.717] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001bbd04 | out: lpMode=0xc0001bbd04) returned 0 [0117.719] GetFileType (hFile=0x370) returned 0x1 [0117.719] WriteFile (in: hFile=0x370, lpBuffer=0xc000422000*, nNumberOfBytesToWrite=0x211e0, lpNumberOfBytesWritten=0xc0001bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000422000*, lpNumberOfBytesWritten=0xc0001bbcec*=0x211e0, lpOverlapped=0x0) returned 1 [0117.723] CloseHandle (hObject=0x370) returned 1 [0117.724] VirtualAlloc (lpAddress=0xc0004d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004d4000 [0117.724] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001201 | out: pbBuffer=0xc000001201) returned 1 [0117.725] VirtualAlloc (lpAddress=0xc0004d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004d6000 [0117.725] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e0 [0117.725] GetConsoleMode (in: hConsoleHandle=0x2e0, lpMode=0xc0001bbd64 | out: lpMode=0xc0001bbd64) returned 0 [0117.726] GetFileType (hFile=0x2e0) returned 0x1 [0117.726] WriteFile (in: hFile=0x2e0, lpBuffer=0xc0004cf080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0004cf080*, lpNumberOfBytesWritten=0xc0001bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.727] CloseHandle (hObject=0x2e0) returned 1 [0117.730] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0117.777] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0117.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0117.785] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc00026dd64 | out: lpMode=0xc00026dd64) returned 0 [0117.788] GetFileType (hFile=0x2fc) returned 0x1 [0117.788] WriteFile (in: hFile=0x2fc, lpBuffer=0xc0000fc2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc2c0*, lpNumberOfBytesWritten=0xc00026dd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.788] CloseHandle (hObject=0x2fc) returned 1 [0117.794] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BByazif[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbyazif[2].jpg"), dwFlags=0x1) returned 1 [0118.414] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0118.796] SetEvent (hEvent=0x24c) returned 1 [0118.796] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0118.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x380 [0118.812] GetConsoleMode (in: hConsoleHandle=0x380, lpMode=0xc0001c7cf4 | out: lpMode=0xc0001c7cf4) returned 0 [0118.817] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0118.910] SetEvent (hEvent=0x208) returned 1 [0118.910] GetFileType (hFile=0x380) returned 0x1 [0118.910] GetFileType (hFile=0x380) returned 0x1 [0118.910] GetFileInformationByHandle (in: hFile=0x380, lpFileInformation=0xc0001c7d44 | out: lpFileInformation=0xc0001c7d44) returned 1 [0118.910] GetFileInformationByHandleEx (in: hFile=0x380, FileInformationClass=0x9, lpFileInformation=0xc0001c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c7d28) returned 1 [0118.910] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0118.911] ReadFile (in: hFile=0x380, lpBuffer=0xc0002ca000, nNumberOfBytesToRead=0xa2a, lpNumberOfBytesRead=0xc0001c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ca000*, lpNumberOfBytesRead=0xc0001c7c04*=0x82a, lpOverlapped=0x0) returned 1 [0118.914] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0119.017] ReadFile (in: hFile=0x380, lpBuffer=0xc0002ca82a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ca82a*, lpNumberOfBytesRead=0xc0001c7c04*=0x0, lpOverlapped=0x0) returned 1 [0119.017] CloseHandle (hObject=0x380) returned 1 [0119.017] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0119.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0119.052] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc0001c7d04 | out: lpMode=0xc0001c7d04) returned 0 [0119.054] GetFileType (hFile=0x284) returned 0x1 [0119.054] WriteFile (in: hFile=0x284, lpBuffer=0xc000198000*, nNumberOfBytesToWrite=0x830, lpNumberOfBytesWritten=0xc0001c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000198000*, lpNumberOfBytesWritten=0xc0001c7cec*=0x830, lpOverlapped=0x0) returned 1 [0119.055] CloseHandle (hObject=0x284) returned 1 [0119.062] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001201 | out: pbBuffer=0xc000001201) returned 1 [0119.062] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x22c [0119.062] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc0001c7d64 | out: lpMode=0xc0001c7d64) returned 0 [0119.064] GetFileType (hFile=0x22c) returned 0x1 [0119.064] WriteFile (in: hFile=0x22c, lpBuffer=0xc000238c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000238c60*, lpNumberOfBytesWritten=0xc0001c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.064] CloseHandle (hObject=0x22c) returned 1 [0119.066] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0119.125] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBOcIb[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbocib[1].jpg"), dwFlags=0x1) returned 1 [0119.523] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d49f698, ulCount=0x10, ulNumEntriesRemoved=0x2d49f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d49f698, ulNumEntriesRemoved=0x2d49f66c) returned 0 [0119.523] SetEvent (hEvent=0x29c) returned 1 [0119.523] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d49fe08*=0x35c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.523] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d49f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d49f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d49f6a0, ulNumEntriesRemoved=0x2d49f674) returned 0 [0119.524] SetEvent (hEvent=0x29c) returned 1 [0119.524] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d49fe18*=0x35c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.568] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0141.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7apLvZczBPp2aSR6j.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7aplvzczbpp2asr6j.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x230 [0141.494] GetConsoleMode (in: hConsoleHandle=0x230, lpMode=0xc0002e1cf4 | out: lpMode=0xc0002e1cf4) returned 0 [0141.495] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0141.551] GetFileType (hFile=0x230) returned 0x1 [0141.551] GetFileType (hFile=0x230) returned 0x1 [0141.551] GetFileInformationByHandle (in: hFile=0x230, lpFileInformation=0xc0002e1d44 | out: lpFileInformation=0xc0002e1d44) returned 1 [0141.551] GetFileInformationByHandleEx (in: hFile=0x230, FileInformationClass=0x9, lpFileInformation=0xc0002e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002e1d28) returned 1 [0141.552] ReadFile (in: hFile=0x230, lpBuffer=0xc0002be600, nNumberOfBytesToRead=0x111b, lpNumberOfBytesRead=0xc0002e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002be600*, lpNumberOfBytesRead=0xc0002e1c04*=0xf1b, lpOverlapped=0x0) returned 1 [0142.532] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0143.038] SetEvent (hEvent=0xc0) returned 1 [0143.038] SetEvent (hEvent=0x208) returned 1 [0143.038] ReadFile (in: hFile=0x230, lpBuffer=0xc0002bf51b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002bf51b*, lpNumberOfBytesRead=0xc0002e1c04*=0x0, lpOverlapped=0x0) returned 1 [0143.038] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0144.310] CloseHandle (hObject=0x230) returned 1 [0144.310] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0144.683] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0144.684] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0144.685] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0144.686] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7apLvZczBPp2aSR6j.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7aplvzczbpp2asr6j.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0144.687] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc0002e1d04 | out: lpMode=0xc0002e1d04) returned 0 [0144.689] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0145.400] GetFileType (hFile=0x2e4) returned 0x1 [0145.400] WriteFile (in: hFile=0x2e4, lpBuffer=0xc000673000*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0xc0002e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000673000*, lpNumberOfBytesWritten=0xc0002e1cec*=0xf20, lpOverlapped=0x0) returned 1 [0145.401] CloseHandle (hObject=0x2e4) returned 1 [0145.410] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0145.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7apLvZczBPp2aSR6j.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7aplvzczbpp2asr6j.flv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0145.410] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0002e1d64 | out: lpMode=0xc0002e1d64) returned 0 [0145.415] GetFileType (hFile=0x3e0) returned 0x1 [0145.415] WriteFile (in: hFile=0x3e0, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0002e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.416] CloseHandle (hObject=0x3e0) returned 1 [0145.417] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0146.041] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\7apLvZczBPp2aSR6j.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\7aplvzczbpp2asr6j.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-7apLvZczBPp2aSR6j.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-7aplvzczbpp2asr6j.flv.lnk"), dwFlags=0x1) returned 1 [0150.659] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) returned 0x0 [0161.768] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001c0900*, nNumberOfCharsToWrite=0x40, lpNumberOfCharsWritten=0xc0004ad808, lpReserved=0x0 | out: lpBuffer=0xc0001c0900*, lpNumberOfCharsWritten=0xc0004ad808*=0x40) returned 1 [0161.769] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.052] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*", lpFindFileData=0xc0004ada08 | out: lpFindFileData=0xc0004ada08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.052] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0004ad720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.052] WaitForSingleObject (hHandle=0x35c, dwMilliseconds=0xffffffff) Thread: id = 54 os_tid = 0xb48 [0116.191] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2d69fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2d69fea0*=0x2f8) returned 1 [0116.191] VirtualQuery (in: lpAddress=0x2d69fec0, lpBuffer=0x2d69fec0, dwLength=0x30 | out: lpBuffer=0x2d69fec0*(BaseAddress=0x2d69f000, AllocationBase=0x2d4a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.191] SetEvent (hEvent=0x340) returned 1 [0116.192] SetEvent (hEvent=0x148) returned 1 [0116.192] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x364 [0116.192] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x368 [0116.192] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0116.194] SetEvent (hEvent=0x30c) returned 1 [0116.195] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0116.300] GetFileType (hFile=0x244) returned 0x1 [0116.300] WriteFile (in: hFile=0x244, lpBuffer=0xc00003d200*, nNumberOfBytesToWrite=0x880, lpNumberOfBytesWritten=0xc000211cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003d200*, lpNumberOfBytesWritten=0xc000211cec*=0x880, lpOverlapped=0x0) returned 1 [0116.302] CloseHandle (hObject=0x244) returned 1 [0116.303] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1101 | out: pbBuffer=0xc0000e1101) returned 1 [0116.303] VirtualAlloc (lpAddress=0xc00037e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037e000 [0116.304] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x378 [0116.304] GetConsoleMode (in: hConsoleHandle=0x378, lpMode=0xc000211d64 | out: lpMode=0xc000211d64) returned 0 [0116.308] GetFileType (hFile=0x378) returned 0x1 [0116.308] WriteFile (in: hFile=0x378, lpBuffer=0xc000182b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000211d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000182b00*, lpNumberOfBytesWritten=0xc000211d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.308] CloseHandle (hObject=0x378) returned 1 [0116.317] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBUqkT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbuqkt[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBUqkT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbbuqkt[1].jpg"), dwFlags=0x1) returned 1 [0116.921] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.922] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.922] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.923] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000195818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc000195818*=0x3) returned 1 [0116.925] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002a3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0020*, lpNumberOfCharsWritten=0xc0002a3818*=0x3) returned 1 [0116.926] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0116.929] SetEvent (hEvent=0x1dc) returned 1 [0117.026] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0117.354] SetEvent (hEvent=0x388) returned 1 [0117.354] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0117.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0117.357] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc00016fcf4 | out: lpMode=0xc00016fcf4) returned 0 [0117.359] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0117.437] GetFileType (hFile=0x2c4) returned 0x1 [0117.437] GetFileType (hFile=0x2c4) returned 0x1 [0117.437] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc00016fd44 | out: lpFileInformation=0xc00016fd44) returned 1 [0117.437] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc00016fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00016fd28) returned 1 [0117.437] ReadFile (in: hFile=0x2c4, lpBuffer=0xc000214a80, nNumberOfBytesToRead=0x2a70, lpNumberOfBytesRead=0xc00016fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000214a80*, lpNumberOfBytesRead=0xc00016fc04*=0x2870, lpOverlapped=0x0) returned 1 [0117.442] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0002172f0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00016fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002172f0*, lpNumberOfBytesRead=0xc00016fc04*=0x0, lpOverlapped=0x0) returned 1 [0117.442] CloseHandle (hObject=0x2c4) returned 1 [0117.442] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x348 [0117.515] GetConsoleMode (in: hConsoleHandle=0x348, lpMode=0xc00016fd04 | out: lpMode=0xc00016fd04) returned 0 [0117.519] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0117.685] GetFileType (hFile=0x348) returned 0x1 [0117.685] WriteFile (in: hFile=0x348, lpBuffer=0xc000217500*, nNumberOfBytesToWrite=0x2880, lpNumberOfBytesWritten=0xc00016fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000217500*, lpNumberOfBytesWritten=0xc00016fcec*=0x2880, lpOverlapped=0x0) returned 1 [0117.687] CloseHandle (hObject=0x348) returned 1 [0117.692] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0117.742] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0117.742] VirtualAlloc (lpAddress=0xc0003f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f8000 [0117.743] VirtualAlloc (lpAddress=0xc0003fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fa000 [0117.744] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0117.744] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00016fd64 | out: lpMode=0xc00016fd64) returned 0 [0117.745] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0117.777] SetEvent (hEvent=0x114) returned 1 [0117.777] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0117.789] GetFileType (hFile=0x2f0) returned 0x1 [0117.789] WriteFile (in: hFile=0x2f0, lpBuffer=0xc000542000*, nNumberOfBytesToWrite=0x2a040, lpNumberOfBytesWritten=0xc000139cec, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesWritten=0xc000139cec*=0x2a040, lpOverlapped=0x0) returned 1 [0117.794] CloseHandle (hObject=0x2f0) returned 1 [0117.815] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000d01 | out: pbBuffer=0xc000000d01) returned 1 [0117.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0117.816] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc000139d64 | out: lpMode=0xc000139d64) returned 0 [0117.822] GetFileType (hFile=0x184) returned 0x1 [0117.822] WriteFile (in: hFile=0x184, lpBuffer=0xc0004ce6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000139d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0004ce6e0*, lpNumberOfBytesWritten=0xc000139d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.822] CloseHandle (hObject=0x184) returned 1 [0117.827] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-chrome.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-chrome.min[1].css"), dwFlags=0x1) returned 1 [0118.424] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0118.427] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0118.429] SwitchToThread () returned 1 [0118.558] SwitchToThread () returned 1 [0118.558] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0118.753] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0118.754] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001cfcf4 | out: lpMode=0xc0001cfcf4) returned 0 [0118.759] GetFileType (hFile=0x3cc) returned 0x1 [0118.759] GetFileType (hFile=0x3cc) returned 0x1 [0118.759] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc0001cfd44 | out: lpFileInformation=0xc0001cfd44) returned 1 [0118.759] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc0001cfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cfd28) returned 1 [0118.760] ReadFile (in: hFile=0x3cc, lpBuffer=0xc000104500, nNumberOfBytesToRead=0x4c1, lpNumberOfBytesRead=0xc0001cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000104500*, lpNumberOfBytesRead=0xc0001cfc04*=0x2c1, lpOverlapped=0x0) returned 1 [0118.767] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0001047c1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001047c1*, lpNumberOfBytesRead=0xc0001cfc04*=0x0, lpOverlapped=0x0) returned 1 [0118.767] CloseHandle (hObject=0x3cc) returned 1 [0118.767] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0118.767] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0118.768] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001cfd04 | out: lpMode=0xc0001cfd04) returned 0 [0118.772] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0118.827] GetFileType (hFile=0x3cc) returned 0x1 [0118.827] WriteFile (in: hFile=0x3cc, lpBuffer=0xc000186000*, nNumberOfBytesToWrite=0x2d0, lpNumberOfBytesWritten=0xc0001cfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000186000*, lpNumberOfBytesWritten=0xc0001cfcec*=0x2d0, lpOverlapped=0x0) returned 1 [0118.828] CloseHandle (hObject=0x3cc) returned 1 [0118.828] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0118.828] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0118.828] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0118.829] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001cfd64 | out: lpMode=0xc0001cfd64) returned 0 [0118.832] GetFileType (hFile=0x3cc) returned 0x1 [0118.832] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001cfd4c*=0x158, lpOverlapped=0x0) returned 1 [0118.832] CloseHandle (hObject=0x3cc) returned 1 [0118.834] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0118.834] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-AAa1xJF[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-aaa1xjf[1].png"), dwFlags=0x1) returned 1 [0118.841] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d69f698, ulCount=0x10, ulNumEntriesRemoved=0x2d69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d69f698, ulNumEntriesRemoved=0x2d69f66c) returned 0 [0118.841] SetEvent (hEvent=0x2b0) returned 1 [0118.841] SetEvent (hEvent=0x188) returned 1 [0118.841] SetEvent (hEvent=0x24c) returned 1 [0118.842] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d69fe08*=0x364, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.846] SetEvent (hEvent=0x188) returned 1 [0118.846] SetEvent (hEvent=0x1a0) returned 1 [0118.846] SetEvent (hEvent=0xec) returned 1 [0118.847] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d69fe08*=0x364, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.848] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d69fe30*=0x364, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.849] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d69f6a0, ulNumEntriesRemoved=0x2d69f674) returned 0 [0118.849] SetEvent (hEvent=0x13c) returned 1 [0118.849] SetEvent (hEvent=0x30c) returned 1 [0118.849] SetEvent (hEvent=0x29c) returned 1 [0118.849] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d69fe18*=0x364, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.852] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d0 [0118.852] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc000211cf4 | out: lpMode=0xc000211cf4) returned 0 [0118.854] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0118.984] GetFileType (hFile=0x3d0) returned 0x1 [0118.984] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0118.985] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0118.985] GetFileType (hFile=0x3d0) returned 0x1 [0118.985] GetFileInformationByHandle (in: hFile=0x3d0, lpFileInformation=0xc000211d44 | out: lpFileInformation=0xc000211d44) returned 1 [0118.985] GetFileInformationByHandleEx (in: hFile=0x3d0, FileInformationClass=0x9, lpFileInformation=0xc000211d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000211d28) returned 1 [0118.985] VirtualAlloc (lpAddress=0xc000280000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0118.986] ReadFile (in: hFile=0x3d0, lpBuffer=0xc000280000, nNumberOfBytesToRead=0x316b, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc000280000*, lpNumberOfBytesRead=0xc000211c04*=0x2f6b, lpOverlapped=0x0) returned 1 [0118.988] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0119.091] ReadFile (in: hFile=0x3d0, lpBuffer=0xc000282f6b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc000282f6b*, lpNumberOfBytesRead=0xc000211c04*=0x0, lpOverlapped=0x0) returned 1 [0119.091] CloseHandle (hObject=0x3d0) returned 1 [0119.091] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0119.137] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0119.184] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000211d04 | out: lpMode=0xc000211d04) returned 0 [0119.186] GetFileType (hFile=0x2cc) returned 0x1 [0119.186] WriteFile (in: hFile=0x2cc, lpBuffer=0xc00004c000*, nNumberOfBytesToWrite=0x2f70, lpNumberOfBytesWritten=0xc000211cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesWritten=0xc000211cec*=0x2f70, lpOverlapped=0x0) returned 1 [0119.187] CloseHandle (hObject=0x2cc) returned 1 [0119.191] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028b201 | out: pbBuffer=0xc00028b201) returned 1 [0119.191] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x174 [0119.192] GetConsoleMode (in: hConsoleHandle=0x174, lpMode=0xc000211d64 | out: lpMode=0xc000211d64) returned 0 [0119.192] GetFileType (hFile=0x174) returned 0x1 [0119.192] WriteFile (in: hFile=0x174, lpBuffer=0xc000036dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000211d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000036dc0*, lpNumberOfBytesWritten=0xc000211d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.192] CloseHandle (hObject=0x174) returned 1 [0119.193] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBBR4yQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbbr4yq[1].jpg"), dwFlags=0x1) returned 1 [0119.902] SetEvent (hEvent=0x198) returned 1 [0119.902] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0119.903] SwitchToThread () returned 1 [0119.904] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0119.911] SetEvent (hEvent=0x1a0) returned 1 [0119.911] SetEvent (hEvent=0x258) returned 1 [0119.911] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0120.029] SetEvent (hEvent=0x1a0) returned 1 [0120.029] SetEvent (hEvent=0x3c0) returned 1 [0120.029] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0120.074] SetEvent (hEvent=0x30c) returned 1 [0120.074] SetEvent (hEvent=0x9c) returned 1 [0120.074] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0120.096] SetEvent (hEvent=0x3c0) returned 1 [0120.096] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0120.098] SetEvent (hEvent=0x30c) returned 1 [0120.098] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0120.134] SetEvent (hEvent=0x258) returned 1 [0120.134] SetEvent (hEvent=0x30c) returned 1 [0120.134] SetEvent (hEvent=0x3c0) returned 1 [0120.134] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0120.147] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0120.147] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0120.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0120.149] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001f7cf4 | out: lpMode=0xc0001f7cf4) returned 0 [0120.157] GetFileType (hFile=0x2cc) returned 0x1 [0120.157] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0120.157] GetFileType (hFile=0x2cc) returned 0x1 [0120.157] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc0001f7d44 | out: lpFileInformation=0xc0001f7d44) returned 1 [0120.158] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc0001f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f7d28) returned 1 [0120.158] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0120.158] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0120.159] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00005e000, nNumberOfBytesToRead=0x44c, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesRead=0xc0001f7c04*=0x24c, lpOverlapped=0x0) returned 1 [0120.190] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00005e24c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005e24c*, lpNumberOfBytesRead=0xc0001f7c04*=0x0, lpOverlapped=0x0) returned 1 [0120.190] CloseHandle (hObject=0x2cc) returned 1 [0120.190] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0120.191] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0120.191] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0120.193] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001f7d04 | out: lpMode=0xc0001f7d04) returned 0 [0120.204] GetFileType (hFile=0x2cc) returned 0x1 [0120.204] WriteFile (in: hFile=0x2cc, lpBuffer=0xc00004c000*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0xc0001f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesWritten=0xc0001f7cec*=0x250, lpOverlapped=0x0) returned 1 [0120.205] CloseHandle (hObject=0x2cc) returned 1 [0120.206] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0120.206] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0120.207] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0120.207] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0120.208] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0120.209] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0120.209] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0001f7d64 | out: lpMode=0xc0001f7d64) returned 0 [0120.221] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0120.228] GetFileType (hFile=0x2cc) returned 0x1 [0120.228] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.228] CloseHandle (hObject=0x2cc) returned 1 [0120.228] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0120.229] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBmUxRK[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbmuxrk[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBmUxRK[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbmuxrk[1].png"), dwFlags=0x1) returned 1 [0120.230] SetEvent (hEvent=0x198) returned 1 [0120.230] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0120.314] SetEvent (hEvent=0x258) returned 1 [0120.314] SetEvent (hEvent=0x39c) returned 1 [0120.315] SetEvent (hEvent=0x30c) returned 1 [0120.315] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0120.321] SetEvent (hEvent=0x258) returned 1 [0120.321] SetEvent (hEvent=0x3c0) returned 1 [0120.321] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0120.324] SetEvent (hEvent=0x1a0) returned 1 [0120.325] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0120.353] SetEvent (hEvent=0x148) returned 1 [0120.353] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0120.526] GetFileType (hFile=0x36c) returned 0x1 [0120.526] WriteFile (in: hFile=0x36c, lpBuffer=0xc0001866e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000115d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001866e0*, lpNumberOfBytesWritten=0xc000115d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.526] CloseHandle (hObject=0x36c) returned 1 [0120.537] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBzjV9E[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbzjv9e[1].png"), dwFlags=0x1) returned 1 [0120.860] SetEvent (hEvent=0xc0) returned 1 [0120.860] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d69f698, ulCount=0x10, ulNumEntriesRemoved=0x2d69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d69f698, ulNumEntriesRemoved=0x2d69f66c) returned 0 [0120.860] SetEvent (hEvent=0x148) returned 1 [0120.860] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0120.862] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d69fe08*=0x364, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.865] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d69f6a0, ulNumEntriesRemoved=0x2d69f674) returned 0 [0120.865] SetEvent (hEvent=0x148) returned 1 [0120.865] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d69fe18*=0x364, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.870] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0141.092] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0141.093] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x254 [0141.094] GetConsoleMode (in: hConsoleHandle=0x254, lpMode=0xc000031cf4 | out: lpMode=0xc000031cf4) returned 0 [0141.107] GetFileType (hFile=0x254) returned 0x1 [0141.107] GetFileType (hFile=0x254) returned 0x1 [0141.107] GetFileInformationByHandle (in: hFile=0x254, lpFileInformation=0xc000031d44 | out: lpFileInformation=0xc000031d44) returned 1 [0141.107] GetFileInformationByHandleEx (in: hFile=0x254, FileInformationClass=0x9, lpFileInformation=0xc000031d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000031d28) returned 1 [0141.107] ReadFile (in: hFile=0x254, lpBuffer=0xc00028ea80, nNumberOfBytesToRead=0x312, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028ea80*, lpNumberOfBytesRead=0xc000031c04*=0x112, lpOverlapped=0x0) returned 1 [0141.108] ReadFile (in: hFile=0x254, lpBuffer=0xc00028eb92, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028eb92*, lpNumberOfBytesRead=0xc000031c04*=0x0, lpOverlapped=0x0) returned 1 [0141.108] CloseHandle (hObject=0x254) returned 1 [0141.109] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0141.109] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini\\*", lpFindFileData=0xc000031a08 | out: lpFindFileData=0xc000031a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0141.109] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000031720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0141.109] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x254 [0141.110] GetConsoleMode (in: hConsoleHandle=0x254, lpMode=0xc00014dcf4 | out: lpMode=0xc00014dcf4) returned 0 [0141.117] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0141.455] GetFileType (hFile=0x254) returned 0x1 [0141.455] GetFileType (hFile=0x254) returned 0x1 [0141.455] GetFileInformationByHandle (in: hFile=0x254, lpFileInformation=0xc00014dd44 | out: lpFileInformation=0xc00014dd44) returned 1 [0141.455] GetFileInformationByHandleEx (in: hFile=0x254, FileInformationClass=0x9, lpFileInformation=0xc00014dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014dd28) returned 1 [0141.455] VirtualAlloc (lpAddress=0xc0004a0000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004a0000 [0141.459] ReadFile (in: hFile=0x254, lpBuffer=0xc0004a0000, nNumberOfBytesToRead=0x1c200, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004a0000*, lpNumberOfBytesRead=0xc00014dc04*=0x1c000, lpOverlapped=0x0) returned 1 [0142.491] ReadFile (in: hFile=0x254, lpBuffer=0xc0004bc000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004bc000*, lpNumberOfBytesRead=0xc00014dc04*=0x0, lpOverlapped=0x0) returned 1 [0142.491] CloseHandle (hObject=0x254) returned 1 [0142.491] VirtualAlloc (lpAddress=0xc00061c000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00061c000 [0142.496] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0142.497] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat\\*", lpFindFileData=0xc00014da08 | out: lpFindFileData=0xc00014da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0142.497] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00014d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0142.497] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00004c2a0*, nNumberOfCharsToWrite=0x6f, lpNumberOfCharsWritten=0xc00014d808, lpReserved=0x0 | out: lpBuffer=0xc00004c2a0*, lpNumberOfCharsWritten=0xc00014d808*=0x6f) returned 1 [0142.538] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0143.236] VirtualAlloc (lpAddress=0xc000734000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000734000 [0143.237] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b101 | out: pbBuffer=0xc00031b101) returned 1 [0143.238] VirtualAlloc (lpAddress=0xc000736000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000736000 [0143.239] VirtualAlloc (lpAddress=0xc000738000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000738000 [0143.240] VirtualAlloc (lpAddress=0xc00073a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00073a000 [0143.241] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6f4 [0143.241] GetConsoleMode (in: hConsoleHandle=0x6f4, lpMode=0xc00014dd64 | out: lpMode=0xc00014dd64) returned 0 [0143.247] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0144.094] GetFileType (hFile=0x6f4) returned 0x1 [0144.094] WriteFile (in: hFile=0x6f4, lpBuffer=0xc000682000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000682000*, lpNumberOfBytesWritten=0xc00014dd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.095] CloseHandle (hObject=0x6f4) returned 1 [0144.096] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\Low\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\low\\encry-index.dat"), dwFlags=0x1) returned 1 [0144.097] SetEvent (hEvent=0x604) returned 1 [0144.097] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0144.113] SetEvent (hEvent=0xb28) returned 1 [0144.113] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0144.125] SetEvent (hEvent=0xbc0) returned 1 [0144.125] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) returned 0x0 [0144.139] SetEvent (hEvent=0x900) returned 1 [0144.139] WaitForSingleObject (hHandle=0x364, dwMilliseconds=0xffffffff) Thread: id = 55 os_tid = 0xa3c [0116.315] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2d89fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2d89fea0*=0x244) returned 1 [0116.315] VirtualQuery (in: lpAddress=0x2d89fec0, lpBuffer=0x2d89fec0, dwLength=0x30 | out: lpBuffer=0x2d89fec0*(BaseAddress=0x2d89f000, AllocationBase=0x2d6a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x378 [0116.316] GetConsoleMode (in: hConsoleHandle=0x378, lpMode=0xc000139cf4 | out: lpMode=0xc000139cf4) returned 0 [0116.317] GetFileType (hFile=0x378) returned 0x1 [0116.317] GetFileType (hFile=0x378) returned 0x1 [0116.317] GetFileInformationByHandle (in: hFile=0x378, lpFileInformation=0xc000139d44 | out: lpFileInformation=0xc000139d44) returned 1 [0116.317] GetFileInformationByHandleEx (in: hFile=0x378, FileInformationClass=0x9, lpFileInformation=0xc000139d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000139d28) returned 1 [0116.317] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0116.318] ReadFile (in: hFile=0x378, lpBuffer=0xc0001e2000, nNumberOfBytesToRead=0xcf3, lpNumberOfBytesRead=0xc000139c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesRead=0xc000139c04*=0xaf3, lpOverlapped=0x0) returned 1 [0116.321] ReadFile (in: hFile=0x378, lpBuffer=0xc0001e2af3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000139c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2af3*, lpNumberOfBytesRead=0xc000139c04*=0x0, lpOverlapped=0x0) returned 1 [0116.321] CloseHandle (hObject=0x378) returned 1 [0116.321] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0116.322] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0116.511] SetEvent (hEvent=0xc0) returned 1 [0116.511] GetConsoleMode (in: hConsoleHandle=0x228, lpMode=0xc000139d04 | out: lpMode=0xc000139d04) returned 0 [0116.512] GetFileType (hFile=0x228) returned 0x1 [0116.512] WriteFile (in: hFile=0x228, lpBuffer=0xc000212000*, nNumberOfBytesToWrite=0xb00, lpNumberOfBytesWritten=0xc000139cec, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesWritten=0xc000139cec*=0xb00, lpOverlapped=0x0) returned 1 [0116.513] CloseHandle (hObject=0x228) returned 1 [0116.514] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a101 | out: pbBuffer=0xc00031a101) returned 1 [0116.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x228 [0116.514] GetConsoleMode (in: hConsoleHandle=0x228, lpMode=0xc000139d64 | out: lpMode=0xc000139d64) returned 0 [0116.515] GetFileType (hFile=0x228) returned 0x1 [0116.515] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0116.516] WriteFile (in: hFile=0x228, lpBuffer=0xc0001de000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000139d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001de000*, lpNumberOfBytesWritten=0xc000139d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.516] CloseHandle (hObject=0x228) returned 1 [0116.517] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0116.518] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0tci[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBC0tCi[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbc0tci[1].jpg"), dwFlags=0x1) returned 1 [0117.151] SetEvent (hEvent=0x340) returned 1 [0117.151] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c0 [0117.151] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x228 [0117.151] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0117.327] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0117.328] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0117.328] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[2]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x308 [0117.329] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc000141cf4 | out: lpMode=0xc000141cf4) returned 0 [0117.330] GetFileType (hFile=0x308) returned 0x1 [0117.330] GetFileType (hFile=0x308) returned 0x1 [0117.330] GetFileInformationByHandle (in: hFile=0x308, lpFileInformation=0xc000141d44 | out: lpFileInformation=0xc000141d44) returned 1 [0117.330] GetFileInformationByHandleEx (in: hFile=0x308, FileInformationClass=0x9, lpFileInformation=0xc000141d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000141d28) returned 1 [0117.330] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0117.331] ReadFile (in: hFile=0x308, lpBuffer=0xc0001de000, nNumberOfBytesToRead=0x762, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de000*, lpNumberOfBytesRead=0xc000141c04*=0x562, lpOverlapped=0x0) returned 1 [0117.337] ReadFile (in: hFile=0x308, lpBuffer=0xc0001de562, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de562*, lpNumberOfBytesRead=0xc000141c04*=0x0, lpOverlapped=0x0) returned 1 [0117.338] CloseHandle (hObject=0x308) returned 1 [0117.338] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0117.341] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[2]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0117.359] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0117.396] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000141d04 | out: lpMode=0xc000141d04) returned 0 [0117.398] GetFileType (hFile=0x370) returned 0x1 [0117.399] WriteFile (in: hFile=0x370, lpBuffer=0xc0001e2000*, nNumberOfBytesToWrite=0x570, lpNumberOfBytesWritten=0xc000141cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesWritten=0xc000141cec*=0x570, lpOverlapped=0x0) returned 1 [0117.400] CloseHandle (hObject=0x370) returned 1 [0117.407] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0c01 | out: pbBuffer=0xc0002f0c01) returned 1 [0117.407] VirtualAlloc (lpAddress=0xc000318000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000318000 [0117.408] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[2]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0117.408] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000141d64 | out: lpMode=0xc000141d64) returned 0 [0117.412] GetFileType (hFile=0x1ec) returned 0x1 [0117.412] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000d7600*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000141d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7600*, lpNumberOfBytesWritten=0xc000141d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.412] CloseHandle (hObject=0x1ec) returned 1 [0117.441] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[2]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-js[2]"), dwFlags=0x1) returned 1 [0118.033] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0118.033] SetEvent (hEvent=0x24c) returned 1 [0118.033] VirtualAlloc (lpAddress=0xc000534000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000534000 [0118.034] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.035] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0118.035] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0118.035] SetEvent (hEvent=0x24c) returned 1 [0118.035] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.037] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.046] SetEvent (hEvent=0x208) returned 1 [0119.046] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.062] SetEvent (hEvent=0x3c8) returned 1 [0119.062] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.064] SetEvent (hEvent=0x234) returned 1 [0119.064] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.065] SetEvent (hEvent=0x234) returned 1 [0119.065] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.066] SetEvent (hEvent=0x234) returned 1 [0119.066] SetEvent (hEvent=0x1a0) returned 1 [0119.066] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.070] SetEvent (hEvent=0x24c) returned 1 [0119.071] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.110] SetEvent (hEvent=0x120) returned 1 [0119.110] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.113] SetEvent (hEvent=0x120) returned 1 [0119.113] SetEvent (hEvent=0x39c) returned 1 [0119.113] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.117] SetEvent (hEvent=0xfc) returned 1 [0119.117] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.124] SetEvent (hEvent=0x120) returned 1 [0119.124] SetEvent (hEvent=0x324) returned 1 [0119.124] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.127] SetEvent (hEvent=0x148) returned 1 [0119.127] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.183] SetEvent (hEvent=0x12c) returned 1 [0119.183] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.190] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.214] SetEvent (hEvent=0x9c) returned 1 [0119.215] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x280 [0119.215] GetConsoleMode (in: hConsoleHandle=0x280, lpMode=0xc00017bcf4 | out: lpMode=0xc00017bcf4) returned 0 [0119.216] GetFileType (hFile=0x280) returned 0x1 [0119.216] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0119.217] GetFileType (hFile=0x280) returned 0x1 [0119.217] GetFileInformationByHandle (in: hFile=0x280, lpFileInformation=0xc00017bd44 | out: lpFileInformation=0xc00017bd44) returned 1 [0119.217] GetFileInformationByHandleEx (in: hFile=0x280, FileInformationClass=0x9, lpFileInformation=0xc00017bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00017bd28) returned 1 [0119.217] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0119.218] ReadFile (in: hFile=0x280, lpBuffer=0xc00010c000, nNumberOfBytesToRead=0xbc5, lpNumberOfBytesRead=0xc00017bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00010c000*, lpNumberOfBytesRead=0xc00017bc04*=0x9c5, lpOverlapped=0x0) returned 1 [0119.220] ReadFile (in: hFile=0x280, lpBuffer=0xc00010c9c5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00017bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00010c9c5*, lpNumberOfBytesRead=0xc00017bc04*=0x0, lpOverlapped=0x0) returned 1 [0119.220] CloseHandle (hObject=0x280) returned 1 [0119.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0119.241] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc00017bd04 | out: lpMode=0xc00017bd04) returned 0 [0119.241] GetFileType (hFile=0x2f0) returned 0x1 [0119.241] WriteFile (in: hFile=0x2f0, lpBuffer=0xc000126a80*, nNumberOfBytesToWrite=0x9d0, lpNumberOfBytesWritten=0xc00017bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000126a80*, lpNumberOfBytesWritten=0xc00017bcec*=0x9d0, lpOverlapped=0x0) returned 1 [0119.243] CloseHandle (hObject=0x2f0) returned 1 [0119.244] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0119.244] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0119.245] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0119.246] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0119.246] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc00017bd64 | out: lpMode=0xc00017bd64) returned 0 [0119.246] GetFileType (hFile=0x2f0) returned 0x1 [0119.246] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00017bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00017bd4c*=0x158, lpOverlapped=0x0) returned 1 [0119.247] CloseHandle (hObject=0x2f0) returned 1 [0119.247] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBE8IlA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbe8ila[1].jpg"), dwFlags=0x1) returned 1 [0119.913] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.917] SwitchToThread () returned 1 [0119.918] SetEvent (hEvent=0x144) returned 1 [0119.918] SetEvent (hEvent=0x1a0) returned 1 [0119.919] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.924] SetEvent (hEvent=0x1a0) returned 1 [0119.924] SetEvent (hEvent=0x148) returned 1 [0119.924] SetEvent (hEvent=0x30c) returned 1 [0119.924] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.933] SetEvent (hEvent=0x1a0) returned 1 [0119.933] SetEvent (hEvent=0x144) returned 1 [0119.933] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0119.944] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000153818, lpReserved=0x0 | out: lpBuffer=0xc0000a0060*, lpNumberOfCharsWritten=0xc000153818*=0x3) returned 1 [0119.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0119.958] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000193cf4 | out: lpMode=0xc000193cf4) returned 0 [0119.973] GetFileType (hFile=0x2c4) returned 0x1 [0119.973] GetFileType (hFile=0x2c4) returned 0x1 [0119.973] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc000193d44 | out: lpFileInformation=0xc000193d44) returned 1 [0119.974] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc000193d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000193d28) returned 1 [0119.974] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0120.003] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0xd7e, lpNumberOfBytesRead=0xc000193c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc000193c04*=0xb7e, lpOverlapped=0x0) returned 1 [0120.029] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.032] ReadFile (in: hFile=0x2c4, lpBuffer=0xc0000fab7e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000193c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fab7e*, lpNumberOfBytesRead=0xc000193c04*=0x0, lpOverlapped=0x0) returned 1 [0120.032] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.074] CloseHandle (hObject=0x2c4) returned 1 [0120.075] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0120.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0120.077] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000193d04 | out: lpMode=0xc000193d04) returned 0 [0120.085] GetFileType (hFile=0x2c4) returned 0x1 [0120.085] WriteFile (in: hFile=0x2c4, lpBuffer=0xc00006c000*, nNumberOfBytesToWrite=0xb80, lpNumberOfBytesWritten=0xc000193cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesWritten=0xc000193cec*=0xb80, lpOverlapped=0x0) returned 1 [0120.086] CloseHandle (hObject=0x2c4) returned 1 [0120.086] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0120.086] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0120.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0120.087] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000193d64 | out: lpMode=0xc000193d64) returned 0 [0120.094] GetFileType (hFile=0x2c4) returned 0x1 [0120.094] WriteFile (in: hFile=0x2c4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000193d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000193d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.094] CloseHandle (hObject=0x2c4) returned 1 [0120.094] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefjut[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEfjuT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbefjut[1].jpg"), dwFlags=0x1) returned 1 [0120.095] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe30*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.096] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0120.096] SetEvent (hEvent=0x144) returned 1 [0120.096] SetEvent (hEvent=0x364) returned 1 [0120.096] SetEvent (hEvent=0x148) returned 1 [0120.097] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.098] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.099] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.106] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.106] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe30*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.106] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.107] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0120.107] SetEvent (hEvent=0x9c) returned 1 [0120.107] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.116] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe30*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.119] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0120.119] SetEvent (hEvent=0x30c) returned 1 [0120.119] SetEvent (hEvent=0x9c) returned 1 [0120.120] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0120.121] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0120.121] SetEvent (hEvent=0x9c) returned 1 [0120.121] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0120.128] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.128] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0120.129] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEeZ0k[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeez0k[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0120.130] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0120.132] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.135] SetEvent (hEvent=0x258) returned 1 [0120.135] GetFileType (hFile=0x2c4) returned 0x1 [0120.135] GetFileType (hFile=0x2c4) returned 0x1 [0120.135] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0120.135] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0120.135] ReadFile (in: hFile=0x2c4, lpBuffer=0xc00006cc00, nNumberOfBytesToRead=0xbd7, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006cc00*, lpNumberOfBytesRead=0xc000175c04*=0x9d7, lpOverlapped=0x0) returned 1 [0120.311] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.323] SetEvent (hEvent=0x258) returned 1 [0120.324] ReadFile (in: hFile=0x2c4, lpBuffer=0xc00006d5d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006d5d7*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0120.324] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.372] SetEvent (hEvent=0xc0) returned 1 [0120.372] CloseHandle (hObject=0x2c4) returned 1 [0120.372] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.394] SetEvent (hEvent=0x198) returned 1 [0120.394] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.410] SetEvent (hEvent=0x9c) returned 1 [0120.410] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.414] SetEvent (hEvent=0x9c) returned 1 [0120.414] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.423] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0120.424] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0120.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6157c900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6157c900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x615c8bc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12282)) returned 1 [0120.473] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chartbeat[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chartbeat[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50fa0830, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50fa0830, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50fa0830, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x82d8)) returned 1 [0120.679] SetEvent (hEvent=0x354) returned 1 [0120.679] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome-installer.min[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome-installer.min[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60c8f680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60c8f680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60d01aa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3bf20)) returned 1 [0120.745] SetEvent (hEvent=0x114) returned 1 [0120.747] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\chrome_logo_2x[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\chrome_logo_2x[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60aec760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60aec760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60aec760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1622)) returned 1 [0120.897] VirtualAlloc (lpAddress=0xc000316000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000316000 [0120.897] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x610b9d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x610b9d00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x610b9d00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13d)) returned 1 [0120.937] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.939] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.942] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.943] SetEvent (hEvent=0x12c) returned 1 [0120.943] SetEvent (hEvent=0x114) returned 1 [0120.943] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.950] SwitchToThread () returned 1 [0120.951] SetEvent (hEvent=0x12c) returned 1 [0120.951] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0120.963] SetEvent (hEvent=0xfc) returned 1 [0120.963] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0120.964] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0120.964] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0120.965] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0120.966] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0120.966] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0002d3cf4 | out: lpMode=0xc0002d3cf4) returned 0 [0120.969] GetFileType (hFile=0x1ec) returned 0x1 [0120.969] GetFileType (hFile=0x1ec) returned 0x1 [0120.969] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc0002d3d44 | out: lpFileInformation=0xc0002d3d44) returned 1 [0120.969] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc0002d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d3d28) returned 1 [0120.969] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0120.969] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0001ec000, nNumberOfBytesToRead=0x33d, lpNumberOfBytesRead=0xc0002d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ec000*, lpNumberOfBytesRead=0xc0002d3c04*=0x13d, lpOverlapped=0x0) returned 1 [0120.975] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0001ec13d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001ec13d*, lpNumberOfBytesRead=0xc0002d3c04*=0x0, lpOverlapped=0x0) returned 1 [0120.975] CloseHandle (hObject=0x1ec) returned 1 [0120.975] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0120.976] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0120.998] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0002d3d04 | out: lpMode=0xc0002d3d04) returned 0 [0120.998] GetFileType (hFile=0x1ec) returned 0x1 [0120.999] WriteFile (in: hFile=0x1ec, lpBuffer=0xc000052000*, nNumberOfBytesToWrite=0x140, lpNumberOfBytesWritten=0xc0002d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000052000*, lpNumberOfBytesWritten=0xc0002d3cec*=0x140, lpOverlapped=0x0) returned 1 [0121.000] CloseHandle (hObject=0x1ec) returned 1 [0121.000] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0121.000] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0121.001] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0002d3d64 | out: lpMode=0xc0002d3d64) returned 0 [0121.001] GetFileType (hFile=0x1ec) returned 0x1 [0121.001] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000562c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000562c0*, lpNumberOfBytesWritten=0xc0002d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0121.002] CloseHandle (hObject=0x1ec) returned 1 [0121.006] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\close-icon[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\close-icon[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-close-icon[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-close-icon[1].png"), dwFlags=0x1) returned 1 [0121.109] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0121.109] SetEvent (hEvent=0x354) returned 1 [0121.109] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0121.111] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.112] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0121.112] SetEvent (hEvent=0x354) returned 1 [0121.112] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.130] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.132] SetEvent (hEvent=0x1a0) returned 1 [0121.132] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.137] SetEvent (hEvent=0x1a0) returned 1 [0121.137] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.140] SetEvent (hEvent=0x1a0) returned 1 [0121.140] SetEvent (hEvent=0x354) returned 1 [0121.140] SetEvent (hEvent=0xfc) returned 1 [0121.140] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.142] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0121.142] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0121.143] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc000115cf4 | out: lpMode=0xc000115cf4) returned 0 [0121.144] GetFileType (hFile=0x3cc) returned 0x1 [0121.144] GetFileType (hFile=0x3cc) returned 0x1 [0121.144] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc000115d44 | out: lpFileInformation=0xc000115d44) returned 1 [0121.144] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc000115d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000115d28) returned 1 [0121.144] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0121.145] ReadFile (in: hFile=0x3cc, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0xac3, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc000115c04*=0x8c3, lpOverlapped=0x0) returned 1 [0121.153] ReadFile (in: hFile=0x3cc, lpBuffer=0xc00006a8c3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a8c3*, lpNumberOfBytesRead=0xc000115c04*=0x0, lpOverlapped=0x0) returned 1 [0121.153] CloseHandle (hObject=0x3cc) returned 1 [0121.153] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0121.154] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0121.155] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.164] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000115d04 | out: lpMode=0xc000115d04) returned 0 [0121.165] GetFileType (hFile=0x1b0) returned 0x1 [0121.165] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000074000*, nNumberOfBytesToWrite=0x8d0, lpNumberOfBytesWritten=0xc000115cec, lpOverlapped=0x0 | out: lpBuffer=0xc000074000*, lpNumberOfBytesWritten=0xc000115cec*=0x8d0, lpOverlapped=0x0) returned 1 [0121.174] CloseHandle (hObject=0x1b0) returned 1 [0121.179] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0121.179] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0121.180] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0121.180] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.181] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000115d64 | out: lpMode=0xc000115d64) returned 0 [0121.181] GetFileType (hFile=0x1b0) returned 0x1 [0121.181] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000115d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000115d4c*=0x158, lpOverlapped=0x0) returned 1 [0121.182] CloseHandle (hObject=0x1b0) returned 1 [0121.185] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0121.186] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0121.186] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0121.187] MoveFileExW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1c;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]"), dwFlags=0x1) returned 1 [0121.243] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0121.243] SetEvent (hEvent=0x1b4) returned 1 [0121.244] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0121.245] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.248] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0121.248] SetEvent (hEvent=0x1b4) returned 1 [0121.248] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.255] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0121.256] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[2]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0121.256] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000031cf4 | out: lpMode=0xc000031cf4) returned 0 [0121.258] GetFileType (hFile=0x1b0) returned 0x1 [0121.258] GetFileType (hFile=0x1b0) returned 0x1 [0121.258] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000031d44 | out: lpFileInformation=0xc000031d44) returned 1 [0121.258] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000031d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000031d28) returned 1 [0121.258] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0121.259] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000fc000, nNumberOfBytesToRead=0x5c1, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc000*, lpNumberOfBytesRead=0xc000031c04*=0x3c1, lpOverlapped=0x0) returned 1 [0121.261] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000fc3c1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc3c1*, lpNumberOfBytesRead=0xc000031c04*=0x0, lpOverlapped=0x0) returned 1 [0121.261] CloseHandle (hObject=0x1b0) returned 1 [0121.261] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0121.262] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[2]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.265] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000031d04 | out: lpMode=0xc000031d04) returned 0 [0121.270] GetFileType (hFile=0x1b0) returned 0x1 [0121.270] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000fe000*, nNumberOfBytesToWrite=0x3d0, lpNumberOfBytesWritten=0xc000031cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesWritten=0xc000031cec*=0x3d0, lpOverlapped=0x0) returned 1 [0121.271] CloseHandle (hObject=0x1b0) returned 1 [0121.272] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0121.272] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0121.273] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0121.273] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0121.274] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0121.275] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0121.275] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[2]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0121.276] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000031d64 | out: lpMode=0xc000031d64) returned 0 [0121.276] GetFileType (hFile=0x1b0) returned 0x1 [0121.276] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000031d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000031d4c*=0x158, lpOverlapped=0x0) returned 1 [0121.276] CloseHandle (hObject=0x1b0) returned 1 [0121.277] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0121.277] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\js[2]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-js[2]"), dwFlags=0x1) returned 1 [0121.327] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe30*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.328] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0121.328] SetEvent (hEvent=0xc0) returned 1 [0121.328] SetEvent (hEvent=0x354) returned 1 [0121.328] SetEvent (hEvent=0xfc) returned 1 [0121.328] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.332] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.332] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0121.332] SetEvent (hEvent=0xfc) returned 1 [0121.332] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.339] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.352] SetEvent (hEvent=0xfc) returned 1 [0121.352] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.365] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.375] SetEvent (hEvent=0x13c) returned 1 [0121.375] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.379] SetEvent (hEvent=0x13c) returned 1 [0121.379] SetEvent (hEvent=0x1b4) returned 1 [0121.379] VirtualFree (lpAddress=0xc00010c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0121.380] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.380] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0121.381] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.381] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.381] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.382] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.382] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010040*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc000010040*, lpNumberOfCharsWritten=0xc000175818*=0x2) returned 1 [0121.385] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.393] SetEvent (hEvent=0x354) returned 1 [0121.393] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\thirdparty[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\thirdparty[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0121.412] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000175cf4 | out: lpMode=0xc000175cf4) returned 0 [0121.413] GetFileType (hFile=0x2bc) returned 0x1 [0121.413] GetFileType (hFile=0x2bc) returned 0x1 [0121.413] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000175d44 | out: lpFileInformation=0xc000175d44) returned 1 [0121.413] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000175d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000175d28) returned 1 [0121.413] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0121.423] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00007c000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000175c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesRead=0xc000175c04*=0x0, lpOverlapped=0x0) returned 1 [0121.423] CloseHandle (hObject=0x2bc) returned 1 [0121.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\thirdparty[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\thirdparty[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0121.430] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc000175d04 | out: lpMode=0xc000175d04) returned 0 [0121.437] GetFileType (hFile=0x3cc) returned 0x1 [0121.437] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0005863c0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000175cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005863c0*, lpNumberOfBytesWritten=0xc000175cec*=0x10, lpOverlapped=0x0) returned 1 [0121.438] CloseHandle (hObject=0x3cc) returned 1 [0121.441] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0121.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\thirdparty[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\thirdparty[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0121.441] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc000175d64 | out: lpMode=0xc000175d64) returned 0 [0121.442] GetFileType (hFile=0x3cc) returned 0x1 [0121.442] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000175d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000175d4c*=0x158, lpOverlapped=0x0) returned 1 [0121.442] CloseHandle (hObject=0x3cc) returned 1 [0121.443] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\thirdparty[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\thirdparty[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-thirdparty[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-thirdparty[1]"), dwFlags=0x1) returned 1 [0121.482] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0121.482] SetEvent (hEvent=0x13c) returned 1 [0121.482] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.494] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.494] SetEvent (hEvent=0x1a0) returned 1 [0121.494] SetEvent (hEvent=0x30c) returned 1 [0121.494] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0121.498] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.498] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe30*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.499] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0121.499] SetEvent (hEvent=0x1b4) returned 1 [0121.499] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0121.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0121.500] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001fdcf4 | out: lpMode=0xc0001fdcf4) returned 0 [0121.504] GetFileType (hFile=0x3cc) returned 0x1 [0121.504] GetFileType (hFile=0x3cc) returned 0x1 [0121.504] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc0001fdd44 | out: lpFileInformation=0xc0001fdd44) returned 1 [0121.504] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc0001fdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fdd28) returned 1 [0121.504] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0121.505] ReadFile (in: hFile=0x3cc, lpBuffer=0xc00003e000, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003e000*, lpNumberOfBytesRead=0xc0001fdc04*=0x43, lpOverlapped=0x0) returned 1 [0121.506] ReadFile (in: hFile=0x3cc, lpBuffer=0xc00003e043, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003e043*, lpNumberOfBytesRead=0xc0001fdc04*=0x0, lpOverlapped=0x0) returned 1 [0121.506] CloseHandle (hObject=0x3cc) returned 1 [0121.506] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0121.507] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0121.507] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.507] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\desktop.ini\\*", lpFindFileData=0xc0001fda08 | out: lpFindFileData=0xc0001fda08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0121.507] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001fd720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0121.508] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0121.508] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0000f9cf4 | out: lpMode=0xc0000f9cf4) returned 0 [0121.536] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.585] GetFileType (hFile=0x3cc) returned 0x1 [0121.585] GetFileType (hFile=0x3cc) returned 0x1 [0121.585] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc0000f9d44 | out: lpFileInformation=0xc0000f9d44) returned 1 [0121.585] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc0000f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f9d28) returned 1 [0121.585] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x56000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.586] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x56000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.586] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.586] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x15000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.586] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.586] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0121.586] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0121.586] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x54000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0121.594] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0003fe000, nNumberOfBytesToRead=0x54200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesRead=0xc0000f9c04*=0x54000, lpOverlapped=0x0) returned 1 [0121.650] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.653] ReadFile (in: hFile=0x3cc, lpBuffer=0xc000452000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000452000*, lpNumberOfBytesRead=0xc0000f9c04*=0x0, lpOverlapped=0x0) returned 1 [0121.653] CloseHandle (hObject=0x3cc) returned 1 [0121.653] VirtualAlloc (lpAddress=0xc000454000, dwSize=0x56000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000454000 [0121.661] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0121.661] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0121.662] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0121.662] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\index.dat\\*", lpFindFileData=0xc0000f9a08 | out: lpFindFileData=0xc0000f9a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0121.662] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000f9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0121.662] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0121.663] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0121.664] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.677] SetEvent (hEvent=0xfc) returned 1 [0121.677] SetEvent (hEvent=0x1a0) returned 1 [0121.677] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.695] SetEvent (hEvent=0xfc) returned 1 [0121.695] SetEvent (hEvent=0x1b4) returned 1 [0121.695] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.715] SetEvent (hEvent=0xfc) returned 1 [0121.715] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.716] SetEvent (hEvent=0x1b4) returned 1 [0121.716] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.721] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.750] SetEvent (hEvent=0xfc) returned 1 [0121.750] SetEvent (hEvent=0x13c) returned 1 [0121.750] SwitchToThread () returned 1 [0121.763] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0121.763] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WindowsUpdate.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\windowsupdate.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0121.764] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000117cf4 | out: lpMode=0xc000117cf4) returned 0 [0121.795] GetFileType (hFile=0x3d8) returned 0x1 [0121.795] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0121.796] GetFileType (hFile=0x3d8) returned 0x1 [0121.796] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc000117d44 | out: lpFileInformation=0xc000117d44) returned 1 [0121.796] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc000117d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000117d28) returned 1 [0121.796] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0121.797] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0001dc000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000117c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001dc000*, lpNumberOfBytesRead=0xc000117c04*=0x0, lpOverlapped=0x0) returned 1 [0121.797] CloseHandle (hObject=0x3d8) returned 1 [0121.797] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0121.798] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0121.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WindowsUpdate.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\windowsupdate.log"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0121.799] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000117d04 | out: lpMode=0xc000117d04) returned 0 [0121.812] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.821] GetFileType (hFile=0x3d8) returned 0x1 [0121.821] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000586300*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000117cec, lpOverlapped=0x0 | out: lpBuffer=0xc000586300*, lpNumberOfBytesWritten=0xc000117cec*=0x10, lpOverlapped=0x0) returned 1 [0121.823] CloseHandle (hObject=0x3d8) returned 1 [0121.823] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0121.823] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0121.824] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0121.824] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0121.825] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0121.826] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0121.826] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0121.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WindowsUpdate.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\windowsupdate.log"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0121.827] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000117d64 | out: lpMode=0xc000117d64) returned 0 [0121.835] GetFileType (hFile=0x3d8) returned 0x1 [0121.835] WriteFile (in: hFile=0x3d8, lpBuffer=0xc00011e2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000117d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011e2c0*, lpNumberOfBytesWritten=0xc000117d4c*=0x158, lpOverlapped=0x0) returned 1 [0121.836] CloseHandle (hObject=0x3d8) returned 1 [0121.836] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0121.837] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\WindowsUpdate.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\windowsupdate.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\encry-WindowsUpdate.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\encry-windowsupdate.log"), dwFlags=0x1) returned 1 [0121.838] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0121.879] SetEvent (hEvent=0x1a0) returned 1 [0121.879] VirtualFree (lpAddress=0xc00058e000, dwSize=0x82000, dwFreeType=0x4000) returned 1 [0121.883] VirtualFree (lpAddress=0xc000400000, dwSize=0x80000, dwFreeType=0x4000) returned 1 [0121.885] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.886] VirtualFree (lpAddress=0xc00036c000, dwSize=0x26000, dwFreeType=0x4000) returned 1 [0121.887] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0121.887] VirtualFree (lpAddress=0xc000212000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0121.888] VirtualFree (lpAddress=0xc000202000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0121.889] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.889] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.890] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.890] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.890] VirtualFree (lpAddress=0xc000182000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.891] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.891] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.892] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.892] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.892] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.893] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0121.893] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.893] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0121.894] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000175818, lpReserved=0x0 | out: lpBuffer=0xc00005e008*, lpNumberOfCharsWritten=0xc000175818*=0x2) returned 1 [0122.171] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.172] SetEvent (hEvent=0x1a0) returned 1 [0122.172] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.173] SetEvent (hEvent=0x1a0) returned 1 [0122.173] SwitchToThread () returned 1 [0122.173] SetEvent (hEvent=0x1b4) returned 1 [0122.177] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0122.177] SetEvent (hEvent=0x1a0) returned 1 [0122.177] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0122.178] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0001d5d04 | out: lpMode=0xc0001d5d04) returned 0 [0122.183] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.192] GetFileType (hFile=0x3d8) returned 0x1 [0122.192] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0008ec000*, nNumberOfBytesToWrite=0x200010, lpNumberOfBytesWritten=0xc0001d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0008ec000*, lpNumberOfBytesWritten=0xc0001d5cec*=0x200010, lpOverlapped=0x0) returned 1 [0122.234] CloseHandle (hObject=0x3d8) returned 1 [0122.234] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0101 | out: pbBuffer=0xc0002f0101) returned 1 [0122.234] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0122.235] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0122.235] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0001d5d64 | out: lpMode=0xc0001d5d64) returned 0 [0122.240] GetFileType (hFile=0x3d8) returned 0x1 [0122.240] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0122.240] CloseHandle (hObject=0x3d8) returned 1 [0122.240] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\edb00001.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Backup\\old\\encry-edb00001.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\backup\\old\\encry-edb00001.log"), dwFlags=0x1) returned 1 [0122.241] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0122.241] SetEvent (hEvent=0xfc) returned 1 [0122.241] SetEvent (hEvent=0x13c) returned 1 [0122.241] SetEvent (hEvent=0x12c) returned 1 [0122.242] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.244] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.244] SetEvent (hEvent=0x12c) returned 1 [0122.244] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.255] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.255] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0122.255] SetEvent (hEvent=0x320) returned 1 [0122.255] SetEvent (hEvent=0x3c8) returned 1 [0122.255] SetEvent (hEvent=0x13c) returned 1 [0122.255] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.269] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0122.270] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0122.270] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat\\*", lpFindFileData=0xc0002419f8 | out: lpFindFileData=0xc0002419f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0122.270] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc000241720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0122.270] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xa1, lpNumberOfCharsWritten=0xc000241808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000241808*=0xa1) returned 1 [0122.272] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0122.272] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0122.273] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0122.273] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat\\*", lpFindFileData=0xc000241a08 | out: lpFindFileData=0xc000241a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0122.273] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000241720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0122.273] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a4000*, nNumberOfCharsToWrite=0x63, lpNumberOfCharsWritten=0xc000241808, lpReserved=0x0 | out: lpBuffer=0xc0000a4000*, lpNumberOfCharsWritten=0xc000241808*=0x63) returned 1 [0122.277] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0122.277] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0122.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0122.278] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat\\*", lpFindFileData=0xc000241a68 | out: lpFindFileData=0xc000241a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0122.278] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc000241720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0122.278] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d69a0*, nNumberOfCharsToWrite=0xa1, lpNumberOfCharsWritten=0xc000241808, lpReserved=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfCharsWritten=0xc000241808*=0xa1) returned 1 [0122.289] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.307] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001e2000*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000241808, lpReserved=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfCharsWritten=0xc000241808*=0x11) returned 1 [0122.342] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001e2030*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000241808, lpReserved=0x0 | out: lpBuffer=0xc0001e2030*, lpNumberOfCharsWritten=0xc000241808*=0x11) returned 1 [0122.345] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.475] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\usrclass.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\encry-UsrClass.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\encry-usrclass.dat"), dwFlags=0x1) returned 0 [0122.476] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0002416e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0122.476] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0122.476] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00021e000*, nNumberOfCharsToWrite=0xf4, lpNumberOfCharsWritten=0xc000241808, lpReserved=0x0 | out: lpBuffer=0xc00021e000*, lpNumberOfCharsWritten=0xc000241808*=0xf4) returned 1 [0122.488] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.552] SetEvent (hEvent=0x324) returned 1 [0122.552] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.622] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0122.623] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0122.624] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006e3cf4 | out: lpMode=0xc0006e3cf4) returned 0 [0122.625] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.628] GetFileType (hFile=0x1b0) returned 0x1 [0122.628] GetFileType (hFile=0x1b0) returned 0x1 [0122.628] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0006e3d44 | out: lpFileInformation=0xc0006e3d44) returned 1 [0122.628] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0006e3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e3d28) returned 1 [0122.628] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0122.630] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0002e2000, nNumberOfBytesToRead=0x1aed, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesRead=0xc0006e3c04*=0x18ed, lpOverlapped=0x0) returned 1 [0122.636] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.678] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0002e38ed, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e38ed*, lpNumberOfBytesRead=0xc0006e3c04*=0x0, lpOverlapped=0x0) returned 1 [0122.678] CloseHandle (hObject=0x1b0) returned 1 [0122.678] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0122.679] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0122.680] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006e3d04 | out: lpMode=0xc0006e3d04) returned 0 [0122.687] GetFileType (hFile=0x1b0) returned 0x1 [0122.687] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00050d980*, nNumberOfBytesToWrite=0x18f0, lpNumberOfBytesWritten=0xc0006e3cec, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesWritten=0xc0006e3cec*=0x18f0, lpOverlapped=0x0) returned 1 [0122.689] CloseHandle (hObject=0x1b0) returned 1 [0122.689] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0122.689] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0122.689] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0122.690] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0122.690] VirtualAlloc (lpAddress=0xc0002cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002cc000 [0122.691] VirtualAlloc (lpAddress=0xc0002ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ce000 [0122.691] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\OrangeCircles.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orangecircles.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0122.691] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006e3d64 | out: lpMode=0xc0006e3d64) returned 0 [0122.735] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.739] SetEvent (hEvent=0x324) returned 1 [0122.739] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.742] SetEvent (hEvent=0x324) returned 1 [0122.742] SetEvent (hEvent=0x12c) returned 1 [0122.742] SetEvent (hEvent=0x1a0) returned 1 [0122.742] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.755] SetEvent (hEvent=0x324) returned 1 [0122.755] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.756] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\orange circles.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-Orange Circles.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-orange circles.htm"), dwFlags=0x1) returned 1 [0122.826] SetEvent (hEvent=0x1a0) returned 1 [0122.826] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.829] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0122.829] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0122.830] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000249cf4 | out: lpMode=0xc000249cf4) returned 0 [0122.830] GetFileType (hFile=0x2f0) returned 0x1 [0122.830] GetFileType (hFile=0x2f0) returned 0x1 [0122.830] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc000249d44 | out: lpFileInformation=0xc000249d44) returned 1 [0122.831] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc000249d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000249d28) returned 1 [0122.831] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0122.831] ReadFile (in: hFile=0x2f0, lpBuffer=0xc000072000, nNumberOfBytesToRead=0x7e4, lpNumberOfBytesRead=0xc000249c04, lpOverlapped=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfBytesRead=0xc000249c04*=0x5e4, lpOverlapped=0x0) returned 1 [0122.834] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.870] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0000725e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000249c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000725e4*, lpNumberOfBytesRead=0xc000249c04*=0x0, lpOverlapped=0x0) returned 1 [0122.870] CloseHandle (hObject=0x2f0) returned 1 [0122.870] SetEvent (hEvent=0x324) returned 1 [0122.870] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3dc [0122.919] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00029fcf4 | out: lpMode=0xc00029fcf4) returned 0 [0122.921] GetFileType (hFile=0x3dc) returned 0x1 [0122.921] GetFileType (hFile=0x3dc) returned 0x1 [0122.921] GetFileInformationByHandle (in: hFile=0x3dc, lpFileInformation=0xc00029fd44 | out: lpFileInformation=0xc00029fd44) returned 1 [0122.921] GetFileInformationByHandleEx (in: hFile=0x3dc, FileInformationClass=0x9, lpFileInformation=0xc00029fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029fd28) returned 1 [0122.921] ReadFile (in: hFile=0x3dc, lpBuffer=0xc00007e300, nNumberOfBytesToRead=0x2e8, lpNumberOfBytesRead=0xc00029fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e300*, lpNumberOfBytesRead=0xc00029fc04*=0xe8, lpOverlapped=0x0) returned 1 [0122.922] ReadFile (in: hFile=0x3dc, lpBuffer=0xc00007e3e8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007e3e8*, lpNumberOfBytesRead=0xc00029fc04*=0x0, lpOverlapped=0x0) returned 1 [0122.922] CloseHandle (hObject=0x3dc) returned 1 [0122.923] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0122.924] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00029fd04 | out: lpMode=0xc00029fd04) returned 0 [0122.931] GetFileType (hFile=0x3dc) returned 0x1 [0122.931] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0002885a0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00029fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002885a0*, lpNumberOfBytesWritten=0xc00029fcec*=0xf0, lpOverlapped=0x0) returned 1 [0122.932] CloseHandle (hObject=0x3dc) returned 1 [0122.932] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0122.932] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0122.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0122.933] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00029fd64 | out: lpMode=0xc00029fd64) returned 0 [0122.939] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.961] SetEvent (hEvent=0x39c) returned 1 [0122.961] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0122.965] SetEvent (hEvent=0x30c) returned 1 [0122.965] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0123.012] SetEvent (hEvent=0x30c) returned 1 [0123.013] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001e2000*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc00023f808, lpReserved=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfCharsWritten=0xc00023f808*=0x11) returned 1 [0123.020] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0123.027] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0123.028] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000117818, lpReserved=0x0 | out: lpBuffer=0xc00005e080*, lpNumberOfCharsWritten=0xc000117818*=0x3) returned 1 [0123.029] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d2000*, nNumberOfCharsToWrite=0x89, lpNumberOfCharsWritten=0xc0000f9808, lpReserved=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfCharsWritten=0xc0000f9808*=0x89) returned 1 [0123.035] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0123.035] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0123.037] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0123.037] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0123.038] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0123.038] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0000f9d64 | out: lpMode=0xc0000f9d64) returned 0 [0123.050] GetFileType (hFile=0x240) returned 0x1 [0123.050] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0123.051] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e0a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001bd818, lpReserved=0x0 | out: lpBuffer=0xc00005e0a0*, lpNumberOfCharsWritten=0xc0001bd818*=0x3) returned 1 [0123.167] SetEvent (hEvent=0x39c) returned 1 [0123.168] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e0a6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001f7818, lpReserved=0x0 | out: lpBuffer=0xc00005e0a6*, lpNumberOfCharsWritten=0xc0001f7818*=0x3) returned 1 [0123.195] SwitchToThread () returned 1 [0123.196] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0123.215] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0123.219] SetEvent (hEvent=0x30c) returned 1 [0123.219] SetEvent (hEvent=0xfc) returned 1 [0123.219] SetEvent (hEvent=0x13c) returned 1 [0123.219] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.264] SetEvent (hEvent=0x13c) returned 1 [0123.265] SetEvent (hEvent=0x324) returned 1 [0123.265] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0123.288] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0123.288] SetEvent (hEvent=0x324) returned 1 [0123.289] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0123.301] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0123.301] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0123.301] SetEvent (hEvent=0x13c) returned 1 [0123.301] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0123.377] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0123.378] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe30*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.378] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0123.378] SetEvent (hEvent=0xc0) returned 1 [0123.378] SetEvent (hEvent=0xfc) returned 1 [0123.378] SetEvent (hEvent=0x324) returned 1 [0123.380] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.411] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.461] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0123.461] SetEvent (hEvent=0x13c) returned 1 [0123.461] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.564] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe30*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.565] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0123.565] SetEvent (hEvent=0xc0) returned 1 [0123.565] SetEvent (hEvent=0x324) returned 1 [0123.565] SetEvent (hEvent=0x30c) returned 1 [0123.567] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.626] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xf0, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2d89f940, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2d89f940*=0x3d8) returned 1 [0123.626] SuspendThread (hThread=0x3d8) returned 0x0 [0123.626] GetThreadContext (in: hThread=0x3d8, lpContext=0x2d89f950 | out: lpContext=0x2d89f950*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x206, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc000157d40, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x493bec, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0123.627] SetEvent (hEvent=0xc0) returned 1 [0123.627] ResumeThread (hThread=0x3d8) returned 0x1 [0123.627] CloseHandle (hObject=0x3d8) returned 1 [0123.627] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.727] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0123.727] SetEvent (hEvent=0x13c) returned 1 [0123.727] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.755] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0123.755] SetEvent (hEvent=0x324) returned 1 [0123.755] SetEvent (hEvent=0x39c) returned 1 [0123.756] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0123.758] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0123.758] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0123.764] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0123.764] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0123.764] SetEvent (hEvent=0x39c) returned 1 [0123.764] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0123.796] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0123.796] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0123.797] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0123.849] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0123.874] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0123.875] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Desktop.ini\\*", lpFindFileData=0xc000159a08 | out: lpFindFileData=0xc000159a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0123.875] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0123.888] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0123.889] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000159720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0123.889] SetEvent (hEvent=0x13c) returned 1 [0123.889] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0123.908] SetEvent (hEvent=0x1a0) returned 1 [0123.908] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0123.915] SetEvent (hEvent=0x114) returned 1 [0123.915] SetEvent (hEvent=0x1a0) returned 1 [0123.915] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.487] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.489] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.492] SetEvent (hEvent=0xfc) returned 1 [0128.492] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.494] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.494] SetEvent (hEvent=0xfc) returned 1 [0128.495] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.497] SetEvent (hEvent=0xfc) returned 1 [0128.497] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586370*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000191818, lpReserved=0x0 | out: lpBuffer=0xc000586370*, lpNumberOfCharsWritten=0xc000191818*=0x3) returned 1 [0128.497] SetEvent (hEvent=0xfc) returned 1 [0128.498] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586376*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d5818, lpReserved=0x0 | out: lpBuffer=0xc000586376*, lpNumberOfCharsWritten=0xc0001d5818*=0x3) returned 1 [0128.498] SetEvent (hEvent=0xfc) returned 1 [0128.498] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0128.499] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586380*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002df818, lpReserved=0x0 | out: lpBuffer=0xc000586380*, lpNumberOfCharsWritten=0xc0002df818*=0x3) returned 1 [0128.500] SetEvent (hEvent=0xfc) returned 1 [0128.500] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586386*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000049818, lpReserved=0x0 | out: lpBuffer=0xc000586386*, lpNumberOfCharsWritten=0xc000049818*=0x3) returned 1 [0128.501] SetEvent (hEvent=0xfc) returned 1 [0128.501] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f7818, lpReserved=0x0 | out: lpBuffer=0xc0005863a0*, lpNumberOfCharsWritten=0xc0000f7818*=0x3) returned 1 [0128.501] SetEvent (hEvent=0xfc) returned 1 [0128.501] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0128.502] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000ea000*, nNumberOfCharsToWrite=0xee, lpNumberOfCharsWritten=0xc0002a3808, lpReserved=0x0 | out: lpBuffer=0xc0000ea000*, lpNumberOfCharsWritten=0xc0002a3808*=0xee) returned 1 [0128.503] SetEvent (hEvent=0xfc) returned 1 [0128.504] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe30*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.504] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0128.504] SetEvent (hEvent=0xfc) returned 1 [0128.505] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.505] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0128.506] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0128.506] SetEvent (hEvent=0x258) returned 1 [0128.506] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0128.520] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.520] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.527] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.528] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.529] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.530] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.531] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.532] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.533] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.534] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.535] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.536] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.537] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.538] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.539] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.539] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.540] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.541] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.542] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.543] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.544] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0128.550] SetEvent (hEvent=0x12c) returned 1 [0128.550] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0128.551] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000b6000*, nNumberOfCharsToWrite=0x69, lpNumberOfCharsWritten=0xc0001cd808, lpReserved=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfCharsWritten=0xc0001cd808*=0x69) returned 1 [0128.552] SetEvent (hEvent=0x12c) returned 1 [0128.552] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a301 | out: pbBuffer=0xc00028a301) returned 1 [0128.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0130.618] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0001cdd64 | out: lpMode=0xc0001cdd64) returned 0 [0130.637] GetFileType (hFile=0x2e8) returned 0x1 [0130.637] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0130.638] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000949a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000949a0*, lpNumberOfBytesWritten=0xc0001cdd4c*=0x158, lpOverlapped=0x0) returned 1 [0130.639] CloseHandle (hObject=0x2e8) returned 1 [0130.639] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0130.687] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0130.779] SetEvent (hEvent=0xfc) returned 1 [0130.779] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0130.798] SetEvent (hEvent=0x324) returned 1 [0130.798] SetEvent (hEvent=0xfc) returned 1 [0130.798] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0130.807] SetEvent (hEvent=0x324) returned 1 [0130.807] SetEvent (hEvent=0x39c) returned 1 [0130.807] SetEvent (hEvent=0x12c) returned 1 [0130.807] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0130.850] SetEvent (hEvent=0x324) returned 1 [0130.850] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0130.853] SetEvent (hEvent=0x148) returned 1 [0130.853] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0130.895] SetEvent (hEvent=0x39c) returned 1 [0130.895] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.039] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.071] SetEvent (hEvent=0x320) returned 1 [0131.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0131.073] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc00029dcf4 | out: lpMode=0xc00029dcf4) returned 0 [0131.073] GetFileType (hFile=0x3d8) returned 0x1 [0131.073] GetFileType (hFile=0x3d8) returned 0x1 [0131.074] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc00029dd44 | out: lpFileInformation=0xc00029dd44) returned 1 [0131.074] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc00029dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029dd28) returned 1 [0131.074] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0131.074] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0x409, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc00029dc04*=0x209, lpOverlapped=0x0) returned 1 [0131.076] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00011c209, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c209*, lpNumberOfBytesRead=0xc00029dc04*=0x0, lpOverlapped=0x0) returned 1 [0131.076] CloseHandle (hObject=0x3d8) returned 1 [0131.076] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.080] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D\\*", lpFindFileData=0xc00029da08 | out: lpFindFileData=0xc00029da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.080] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00029d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.080] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0131.081] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00010c240*, nNumberOfCharsToWrite=0x8b, lpNumberOfCharsWritten=0xc00029d808, lpReserved=0x0 | out: lpBuffer=0xc00010c240*, lpNumberOfCharsWritten=0xc00029d808*=0x8b) returned 1 [0131.083] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0131.083] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0131.083] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc00029dd64 | out: lpMode=0xc00029dd64) returned 0 [0131.084] GetFileType (hFile=0x3d8) returned 0x1 [0131.084] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000104840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104840*, lpNumberOfBytesWritten=0xc00029dd4c*=0x158, lpOverlapped=0x0) returned 1 [0131.084] CloseHandle (hObject=0x3d8) returned 1 [0131.085] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0131.085] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3130b1871a126520a8c47861efe3ed4d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-3130b1871a126520a8c47861efe3ed4d"), dwFlags=0x1) returned 1 [0131.154] SetEvent (hEvent=0xc0) returned 1 [0131.154] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0131.154] SetEvent (hEvent=0x39c) returned 1 [0131.154] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0131.156] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.157] SetEvent (hEvent=0x258) returned 1 [0131.157] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.165] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0131.166] SetEvent (hEvent=0x258) returned 1 [0131.166] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.170] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.202] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.206] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.215] SetEvent (hEvent=0x12c) returned 1 [0131.215] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.216] SetEvent (hEvent=0x12c) returned 1 [0131.216] SetEvent (hEvent=0xfc) returned 1 [0131.216] VirtualFree (lpAddress=0xc0002a6000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0131.217] VirtualFree (lpAddress=0xc000220000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0131.217] VirtualFree (lpAddress=0xc000208000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.218] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.218] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.218] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.219] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.219] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00015f818, lpReserved=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfCharsWritten=0xc00015f818*=0x2) returned 1 [0131.220] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.224] SetEvent (hEvent=0xfc) returned 1 [0131.224] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0131.225] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0131.225] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0131.226] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc00015fcf4 | out: lpMode=0xc00015fcf4) returned 0 [0131.228] GetFileType (hFile=0x3d8) returned 0x1 [0131.228] GetFileType (hFile=0x3d8) returned 0x1 [0131.228] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc00015fd44 | out: lpFileInformation=0xc00015fd44) returned 1 [0131.228] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc00015fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015fd28) returned 1 [0131.228] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0131.228] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00002c000, nNumberOfBytesToRead=0x4d7, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c000*, lpNumberOfBytesRead=0xc00015fc04*=0x2d7, lpOverlapped=0x0) returned 1 [0131.237] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00002c2d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c2d7*, lpNumberOfBytesRead=0xc00015fc04*=0x0, lpOverlapped=0x0) returned 1 [0131.237] CloseHandle (hObject=0x3d8) returned 1 [0131.237] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0131.238] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0131.238] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0131.239] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.256] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.258] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0131.258] SetEvent (hEvent=0x258) returned 1 [0131.258] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220\\*", lpFindFileData=0xc00015fa08 | out: lpFindFileData=0xc00015fa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.258] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0131.259] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00015f720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.259] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc00015f808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc00015f808*=0xac) returned 1 [0131.267] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0131.267] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0131.268] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0131.268] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0131.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0131.269] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00015fd64 | out: lpMode=0xc00015fd64) returned 0 [0131.276] GetFileType (hFile=0x2bc) returned 0x1 [0131.276] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000ce2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce2c0*, lpNumberOfBytesWritten=0xc00015fd4c*=0x158, lpOverlapped=0x0) returned 1 [0131.276] CloseHandle (hObject=0x2bc) returned 1 [0131.277] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-5080dc7a65db6a5960ecd874088f3328_6cba2c06d5985dd95ae59af8fc7c6220"), dwFlags=0x1) returned 1 [0131.324] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0131.324] SetEvent (hEvent=0x39c) returned 1 [0131.324] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0131.326] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.330] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.330] SetEvent (hEvent=0x320) returned 1 [0131.330] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.332] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.333] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0131.333] SetEvent (hEvent=0x320) returned 1 [0131.333] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.341] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.341] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe30*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.342] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0131.342] SetEvent (hEvent=0xc0) returned 1 [0131.342] SetEvent (hEvent=0x148) returned 1 [0131.343] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.345] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.345] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.346] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0131.346] SetEvent (hEvent=0x148) returned 1 [0131.346] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.350] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe30*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.351] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0131.351] SetEvent (hEvent=0x12c) returned 1 [0131.352] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.353] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.355] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0131.355] SetEvent (hEvent=0x320) returned 1 [0131.355] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.360] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.368] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.416] SetEvent (hEvent=0x258) returned 1 [0131.416] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.422] SetEvent (hEvent=0x258) returned 1 [0131.422] SetEvent (hEvent=0x1b4) returned 1 [0131.422] VirtualFree (lpAddress=0xc0002f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.423] VirtualFree (lpAddress=0xc0002b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.423] VirtualFree (lpAddress=0xc000238000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.424] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.424] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.424] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.425] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000195818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc000195818*=0x2) returned 1 [0131.434] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.542] SetEvent (hEvent=0x148) returned 1 [0131.543] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.549] SetEvent (hEvent=0x258) returned 1 [0131.549] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0131.550] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0131.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0131.551] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000195cf4 | out: lpMode=0xc000195cf4) returned 0 [0131.553] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.561] GetFileType (hFile=0x370) returned 0x1 [0131.561] GetFileType (hFile=0x370) returned 0x1 [0131.561] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc000195d44 | out: lpFileInformation=0xc000195d44) returned 1 [0131.562] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc000195d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000195d28) returned 1 [0131.562] ReadFile (in: hFile=0x370, lpBuffer=0xc000054000, nNumberOfBytesToRead=0x8e3, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesRead=0xc000195c04*=0x6e3, lpOverlapped=0x0) returned 1 [0131.566] ReadFile (in: hFile=0x370, lpBuffer=0xc0000546e3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000546e3*, lpNumberOfBytesRead=0xc000195c04*=0x0, lpOverlapped=0x0) returned 1 [0131.566] CloseHandle (hObject=0x370) returned 1 [0131.566] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.602] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6\\*", lpFindFileData=0xc000195a08 | out: lpFindFileData=0xc000195a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.602] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000195720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.602] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000195808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000195808*=0xac) returned 1 [0131.610] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0131.610] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0131.611] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0131.611] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000195d64 | out: lpMode=0xc000195d64) returned 0 [0131.614] GetFileType (hFile=0x2bc) returned 0x1 [0131.614] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000195d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000195d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.614] CloseHandle (hObject=0x2bc) returned 1 [0131.616] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0131.616] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-7d266d9e1e69fa1eefb9699b009b34c8_0a9bfdd75b598c2110cbf610c078e6e6"), dwFlags=0x1) returned 1 [0131.677] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0131.677] SetEvent (hEvent=0x258) returned 1 [0131.678] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0131.679] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.680] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.681] SetEvent (hEvent=0x12c) returned 1 [0131.681] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.683] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.683] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe30*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.684] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0131.684] SetEvent (hEvent=0xc0) returned 1 [0131.684] SetEvent (hEvent=0xfc) returned 1 [0131.684] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.685] VirtualFree (lpAddress=0xc000202000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0131.686] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.686] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.686] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.686] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.687] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.687] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.687] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.688] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.688] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.688] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000195818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc000195818*=0x2) returned 1 [0131.692] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.701] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.719] SetEvent (hEvent=0x320) returned 1 [0131.719] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.723] SetEvent (hEvent=0x320) returned 1 [0131.723] SetEvent (hEvent=0x12c) returned 1 [0131.723] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.724] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000141818, lpReserved=0x0 | out: lpBuffer=0xc00005e018*, lpNumberOfCharsWritten=0xc000141818*=0x2) returned 1 [0131.726] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.732] SetEvent (hEvent=0x148) returned 1 [0131.732] SetEvent (hEvent=0x12c) returned 1 [0131.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0131.733] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000141cf4 | out: lpMode=0xc000141cf4) returned 0 [0131.734] GetFileType (hFile=0x2e8) returned 0x1 [0131.734] GetFileType (hFile=0x2e8) returned 0x1 [0131.734] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc000141d44 | out: lpFileInformation=0xc000141d44) returned 1 [0131.734] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc000141d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000141d28) returned 1 [0131.734] ReadFile (in: hFile=0x2e8, lpBuffer=0xc00007c400, nNumberOfBytesToRead=0x3cf, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c400*, lpNumberOfBytesRead=0xc000141c04*=0x1cf, lpOverlapped=0x0) returned 1 [0131.735] ReadFile (in: hFile=0x2e8, lpBuffer=0xc00007c5cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c5cf*, lpNumberOfBytesRead=0xc000141c04*=0x0, lpOverlapped=0x0) returned 1 [0131.735] CloseHandle (hObject=0x2e8) returned 1 [0131.735] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.741] SetEvent (hEvent=0xc0) returned 1 [0131.741] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4\\*", lpFindFileData=0xc000141a08 | out: lpFindFileData=0xc000141a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.741] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000141720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.742] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000141808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000141808*=0xac) returned 1 [0131.743] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0131.743] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0131.744] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0131.744] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000141d64 | out: lpMode=0xc000141d64) returned 0 [0131.744] GetFileType (hFile=0x2e8) returned 0x1 [0131.744] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000141d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000141d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.744] CloseHandle (hObject=0x2e8) returned 1 [0131.745] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-8059E9A0D314877E40FE93D8CCFB3C69_5EA65844B9EF5670A9C002CBD85B10A4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-8059e9a0d314877e40fe93d8ccfb3c69_5ea65844b9ef5670a9c002cbd85b10a4"), dwFlags=0x1) returned 1 [0131.784] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe30*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.785] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0131.785] SetEvent (hEvent=0x148) returned 1 [0131.785] SetEvent (hEvent=0x258) returned 1 [0131.785] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0131.787] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.791] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0131.791] SetEvent (hEvent=0x258) returned 1 [0131.791] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.795] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.812] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.826] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.842] SetEvent (hEvent=0x148) returned 1 [0131.842] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.848] SetEvent (hEvent=0x148) returned 1 [0131.849] SetEvent (hEvent=0x12c) returned 1 [0131.849] VirtualFree (lpAddress=0xc0001ea000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0131.849] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.850] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.850] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.850] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.851] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.851] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00014d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc00014d818*=0x2) returned 1 [0131.855] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.858] SetEvent (hEvent=0x258) returned 1 [0131.858] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0131.861] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0131.862] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000195cf4 | out: lpMode=0xc000195cf4) returned 0 [0131.863] GetFileType (hFile=0x2e8) returned 0x1 [0131.863] GetFileType (hFile=0x2e8) returned 0x1 [0131.863] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc000195d44 | out: lpFileInformation=0xc000195d44) returned 1 [0131.863] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc000195d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000195d28) returned 1 [0131.863] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0131.864] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000076000, nNumberOfBytesToRead=0x8e3, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc000076000*, lpNumberOfBytesRead=0xc000195c04*=0x6e3, lpOverlapped=0x0) returned 1 [0131.868] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000766e3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000766e3*, lpNumberOfBytesRead=0xc000195c04*=0x0, lpOverlapped=0x0) returned 1 [0131.868] CloseHandle (hObject=0x2e8) returned 1 [0131.868] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0131.869] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0131.869] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0131.870] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0131.871] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0131.871] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0131.872] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.879] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F\\*", lpFindFileData=0xc000195a08 | out: lpFindFileData=0xc000195a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.879] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000195720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.879] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005c420*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000195808, lpReserved=0x0 | out: lpBuffer=0xc00005c420*, lpNumberOfCharsWritten=0xc000195808*=0xac) returned 1 [0131.881] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082901 | out: pbBuffer=0xc000082901) returned 1 [0131.881] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0131.881] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000195d64 | out: lpMode=0xc000195d64) returned 0 [0131.882] GetFileType (hFile=0x2b4) returned 0x1 [0131.882] WriteFile (in: hFile=0x2b4, lpBuffer=0xc00005c840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000195d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00005c840*, lpNumberOfBytesWritten=0xc000195d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.883] CloseHandle (hObject=0x2b4) returned 1 [0131.885] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-8828F39C7C0CE9A14B25C7EB321181BA_3DF94EB797096674F7793A562A778C5F" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-8828f39c7c0ce9a14b25c7eb321181ba_3df94eb797096674f7793a562a778c5f"), dwFlags=0x1) returned 1 [0132.049] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0132.049] SetEvent (hEvent=0x258) returned 1 [0132.049] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.050] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.050] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0132.050] SetEvent (hEvent=0x258) returned 1 [0132.050] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.055] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.055] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.080] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.089] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.095] SetEvent (hEvent=0x320) returned 1 [0132.095] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.096] SetEvent (hEvent=0x320) returned 1 [0132.096] SetEvent (hEvent=0x148) returned 1 [0132.096] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.097] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.097] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.098] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.098] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.098] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.099] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000031818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc000031818*=0x2) returned 1 [0132.101] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.108] SetEvent (hEvent=0x148) returned 1 [0132.108] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0132.108] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0132.109] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0132.110] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000031cf4 | out: lpMode=0xc000031cf4) returned 0 [0132.111] GetFileType (hFile=0x2bc) returned 0x1 [0132.111] GetFileType (hFile=0x2bc) returned 0x1 [0132.111] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc000031d44 | out: lpFileInformation=0xc000031d44) returned 1 [0132.111] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc000031d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000031d28) returned 1 [0132.111] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0132.112] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000a2000, nNumberOfBytesToRead=0x852, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesRead=0xc000031c04*=0x652, lpOverlapped=0x0) returned 1 [0132.114] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000a2652, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2652*, lpNumberOfBytesRead=0xc000031c04*=0x0, lpOverlapped=0x0) returned 1 [0132.114] CloseHandle (hObject=0x2bc) returned 1 [0132.114] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.124] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0132.125] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E\\*", lpFindFileData=0xc000031a08 | out: lpFindFileData=0xc000031a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.125] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000031720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.125] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0132.125] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000031808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000031808*=0xac) returned 1 [0132.127] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0132.127] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.128] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0132.128] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0132.128] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000031d64 | out: lpMode=0xc000031d64) returned 0 [0132.129] GetFileType (hFile=0x2bc) returned 0x1 [0132.129] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000031d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000031d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.130] CloseHandle (hObject=0x2bc) returned 1 [0132.134] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-9C888BEABCCBC2A97B0D6D9214C3BA37_1213DC6F71E4C3B05E7BCEEBC203A31E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-9c888beabccbc2a97b0d6d9214c3ba37_1213dc6f71e4c3b05e7bceebc203a31e"), dwFlags=0x1) returned 1 [0132.183] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0132.184] SetEvent (hEvent=0x1b4) returned 1 [0132.184] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.185] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.186] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0132.186] SetEvent (hEvent=0x1b4) returned 1 [0132.186] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.191] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.218] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.230] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.235] SetEvent (hEvent=0x320) returned 1 [0132.235] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.236] SetEvent (hEvent=0x320) returned 1 [0132.236] SetEvent (hEvent=0x148) returned 1 [0132.236] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.236] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.237] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0132.238] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.238] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.238] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.239] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.239] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0001ff818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc0001ff818*=0x2) returned 1 [0132.241] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.248] SetEvent (hEvent=0x148) returned 1 [0132.248] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0132.249] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0132.250] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0132.250] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001fdcf4 | out: lpMode=0xc0001fdcf4) returned 0 [0132.251] GetFileType (hFile=0x2bc) returned 0x1 [0132.251] GetFileType (hFile=0x2bc) returned 0x1 [0132.251] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0001fdd44 | out: lpFileInformation=0xc0001fdd44) returned 1 [0132.251] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0001fdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fdd28) returned 1 [0132.252] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0132.252] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000ce000, nNumberOfBytesToRead=0x7ed, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesRead=0xc0001fdc04*=0x5ed, lpOverlapped=0x0) returned 1 [0132.255] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0000ce5ed, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce5ed*, lpNumberOfBytesRead=0xc0001fdc04*=0x0, lpOverlapped=0x0) returned 1 [0132.255] CloseHandle (hObject=0x2bc) returned 1 [0132.256] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0132.256] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.257] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.263] SetEvent (hEvent=0xc0) returned 1 [0132.263] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150\\*", lpFindFileData=0xc0001fda08 | out: lpFindFileData=0xc0001fda08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.263] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001fd720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.264] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0001fd808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0001fd808*=0xac) returned 1 [0132.265] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0132.266] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.266] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0132.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0132.267] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001fdd64 | out: lpMode=0xc0001fdd64) returned 0 [0132.268] GetFileType (hFile=0x2bc) returned 0x1 [0132.268] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001fdd4c*=0x158, lpOverlapped=0x0) returned 1 [0132.268] CloseHandle (hObject=0x2bc) returned 1 [0132.272] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-BC570EC0DE58335AFAF92FDC8E3AA330_6CE6E578B5C8485B4BE3C4D58E12F150" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-bc570ec0de58335afaf92fdc8e3aa330_6ce6e578b5c8485b4be3c4d58e12f150"), dwFlags=0x1) returned 1 [0132.434] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0132.434] SetEvent (hEvent=0xfc) returned 1 [0132.435] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.437] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.437] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0132.437] SetEvent (hEvent=0xfc) returned 1 [0132.437] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.440] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.454] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.462] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.468] SetEvent (hEvent=0x320) returned 1 [0132.468] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.469] SetEvent (hEvent=0x320) returned 1 [0132.469] SetEvent (hEvent=0x148) returned 1 [0132.469] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.469] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.470] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.470] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.470] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.471] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.471] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.471] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.471] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.472] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.472] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.473] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010038*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00011b818, lpReserved=0x0 | out: lpBuffer=0xc000010038*, lpNumberOfCharsWritten=0xc00011b818*=0x2) returned 1 [0132.474] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.478] SetEvent (hEvent=0x148) returned 1 [0132.478] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0132.478] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0132.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0132.479] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0004d9cf4 | out: lpMode=0xc0004d9cf4) returned 0 [0132.480] GetFileType (hFile=0x370) returned 0x1 [0132.480] GetFileType (hFile=0x370) returned 0x1 [0132.480] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc0004d9d44 | out: lpFileInformation=0xc0004d9d44) returned 1 [0132.480] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc0004d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004d9d28) returned 1 [0132.480] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.481] ReadFile (in: hFile=0x370, lpBuffer=0xc000040000, nNumberOfBytesToRead=0x7ae, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesRead=0xc0004d9c04*=0x5ae, lpOverlapped=0x0) returned 1 [0132.482] ReadFile (in: hFile=0x370, lpBuffer=0xc0000405ae, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000405ae*, lpNumberOfBytesRead=0xc0004d9c04*=0x0, lpOverlapped=0x0) returned 1 [0132.482] CloseHandle (hObject=0x370) returned 1 [0132.483] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.483] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.490] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0132.491] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE\\*", lpFindFileData=0xc0004d9a08 | out: lpFindFileData=0xc0004d9a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.491] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0004d9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.491] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0004d9808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0004d9808*=0xac) returned 1 [0132.492] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0132.493] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.493] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0132.494] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0132.494] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0004d9d64 | out: lpMode=0xc0004d9d64) returned 0 [0132.495] GetFileType (hFile=0x2bc) returned 0x1 [0132.495] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0004d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.496] CloseHandle (hObject=0x2bc) returned 1 [0132.498] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-d47dbd2f9e3365fbbe008d71fb06716f_d33192d58aa9ca2b9097e848e9fe86de"), dwFlags=0x1) returned 1 [0132.607] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe30*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.610] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0132.610] SetEvent (hEvent=0xc0) returned 1 [0132.610] SetEvent (hEvent=0x39c) returned 1 [0132.610] SetEvent (hEvent=0x3c4) returned 1 [0132.610] SetEvent (hEvent=0x24c) returned 1 [0132.610] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0132.611] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.623] SetEvent (hEvent=0x324) returned 1 [0132.623] SetEvent (hEvent=0x3c4) returned 1 [0132.623] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.624] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe30*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.625] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0132.625] SetEvent (hEvent=0x12c) returned 1 [0132.625] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.626] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0132.626] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0002d9cf4 | out: lpMode=0xc0002d9cf4) returned 0 [0132.631] GetFileType (hFile=0x3cc) returned 0x1 [0132.631] GetFileType (hFile=0x3cc) returned 0x1 [0132.631] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc0002d9d44 | out: lpFileInformation=0xc0002d9d44) returned 1 [0132.631] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc0002d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d9d28) returned 1 [0132.631] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0132.631] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0001a2000, nNumberOfBytesToRead=0x38a, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a2000*, lpNumberOfBytesRead=0xc0002d9c04*=0x18a, lpOverlapped=0x0) returned 1 [0132.633] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0001a218a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a218a*, lpNumberOfBytesRead=0xc0002d9c04*=0x0, lpOverlapped=0x0) returned 1 [0132.633] CloseHandle (hObject=0x3cc) returned 1 [0132.633] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0132.634] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0132.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.635] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D\\*", lpFindFileData=0xc0002d9a08 | out: lpFindFileData=0xc0002d9a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.635] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002d9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.635] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\696F3DE637E6DE85B458996D49D759AD" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\696f3de637e6de85b458996d49d759ad"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xed9b0820, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xed9b0820, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xed9b0820, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0xf4)) returned 1 [0132.635] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\705A76DE71EA2CAEBB8F0907449CE086_9752C5B2D53EE7A19F7764B52968EC21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\705a76de71ea2caebb8f0907449ce086_9752c5b2d53ee7a19f7764b52968ec21"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xbf763370, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf763370, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf763370, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x18e)) returned 1 [0132.635] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7396C420A8E1BC1DA97F1AF0D10BAD21" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7396c420a8e1bc1da97f1af0d10bad21"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xedb2d5e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedb2d5e0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedb2d5e0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x100)) returned 1 [0132.821] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0132.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7423f88c7f265f0defc08ea88c3bde45_d975bba8033175c8d112023d8a7a8ad6"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x540c1170, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540c1170, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x312640, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x1b2)) returned 1 [0132.921] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd48e2bf0, ftLastWriteTime.dwHighDateTime=0x1d2dda1, nFileSizeHigh=0x0, nFileSizeLow=0xdc)) returned 1 [0132.985] SetEvent (hEvent=0x334) returned 1 [0132.985] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), fInfoLevelId=0x0, lpFileInformation=0xc0001e95c8 | out: lpFileInformation=0xc0001e95c8*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x6b2324c0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x6b2324c0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x6b2324c0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x194)) returned 1 [0133.056] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0133.058] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0133.067] SetEvent (hEvent=0x324) returned 1 [0133.067] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0133.068] SetEvent (hEvent=0x324) returned 1 [0133.068] SetEvent (hEvent=0x1b4) returned 1 [0133.068] SetEvent (hEvent=0x24c) returned 1 [0133.068] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0141.054] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0141.054] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000047cf4 | out: lpMode=0xc000047cf4) returned 0 [0141.066] GetFileType (hFile=0x2b4) returned 0x1 [0141.066] GetFileType (hFile=0x2b4) returned 0x1 [0141.066] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc000047d44 | out: lpFileInformation=0xc000047d44) returned 1 [0141.066] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc000047d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000047d28) returned 1 [0141.066] ReadFile (in: hFile=0x2b4, lpBuffer=0xc00021c400, nNumberOfBytesToRead=0x3c8, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021c400*, lpNumberOfBytesRead=0xc000047c04*=0x1c8, lpOverlapped=0x0) returned 1 [0141.068] ReadFile (in: hFile=0x2b4, lpBuffer=0xc00021c5c8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021c5c8*, lpNumberOfBytesRead=0xc000047c04*=0x0, lpOverlapped=0x0) returned 1 [0141.068] CloseHandle (hObject=0x2b4) returned 1 [0141.068] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0141.069] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000047d04 | out: lpMode=0xc000047d04) returned 0 [0141.070] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0141.199] GetFileType (hFile=0x2b4) returned 0x1 [0141.199] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0001683c0*, nNumberOfBytesToWrite=0x1d0, lpNumberOfBytesWritten=0xc000047cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001683c0*, lpNumberOfBytesWritten=0xc000047cec*=0x1d0, lpOverlapped=0x0) returned 1 [0141.200] CloseHandle (hObject=0x2b4) returned 1 [0141.200] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0141.200] VirtualAlloc (lpAddress=0xc000296000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000296000 [0141.201] VirtualAlloc (lpAddress=0xc000298000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000298000 [0141.201] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0141.209] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0141.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0141.210] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000047d64 | out: lpMode=0xc000047d64) returned 0 [0141.262] GetFileType (hFile=0x2b4) returned 0x1 [0141.262] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000047d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc000047d4c*=0x158, lpOverlapped=0x0) returned 1 [0141.262] CloseHandle (hObject=0x2b4) returned 1 [0141.262] VirtualAlloc (lpAddress=0xc0002a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a6000 [0141.263] VirtualAlloc (lpAddress=0xc0002a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a8000 [0141.264] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.bing[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@c.bing[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@c.bing[1].txt"), dwFlags=0x1) returned 1 [0141.266] SetEvent (hEvent=0x13c) returned 1 [0141.266] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0141.269] SetEvent (hEvent=0x258) returned 1 [0141.269] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0141.279] SetEvent (hEvent=0x354) returned 1 [0141.279] SetEvent (hEvent=0x320) returned 1 [0141.279] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0141.443] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x260 [0141.445] GetConsoleMode (in: hConsoleHandle=0x260, lpMode=0xc0001cbcf4 | out: lpMode=0xc0001cbcf4) returned 0 [0141.445] GetFileType (hFile=0x260) returned 0x1 [0141.445] GetFileType (hFile=0x260) returned 0x1 [0141.446] GetFileInformationByHandle (in: hFile=0x260, lpFileInformation=0xc0001cbd44 | out: lpFileInformation=0xc0001cbd44) returned 1 [0141.446] GetFileInformationByHandleEx (in: hFile=0x260, FileInformationClass=0x9, lpFileInformation=0xc0001cbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cbd28) returned 1 [0141.446] ReadFile (in: hFile=0x260, lpBuffer=0xc00005c000, nNumberOfBytesToRead=0x2ce, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesRead=0xc0001cbc04*=0xce, lpOverlapped=0x0) returned 1 [0142.465] ReadFile (in: hFile=0x260, lpBuffer=0xc00005c0ce, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005c0ce*, lpNumberOfBytesRead=0xc0001cbc04*=0x0, lpOverlapped=0x0) returned 1 [0142.465] CloseHandle (hObject=0x260) returned 1 [0142.466] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0142.841] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0143.842] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0001cbd04 | out: lpMode=0xc0001cbd04) returned 0 [0143.845] GetFileType (hFile=0x384) returned 0x1 [0143.845] WriteFile (in: hFile=0x384, lpBuffer=0xc0000524e0*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc0001cbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000524e0*, lpNumberOfBytesWritten=0xc0001cbcec*=0xd0, lpOverlapped=0x0) returned 1 [0143.846] CloseHandle (hObject=0x384) returned 1 [0143.846] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b101 | out: pbBuffer=0xc00031b101) returned 1 [0143.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0143.847] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0001cbd64 | out: lpMode=0xc0001cbd64) returned 0 [0143.849] GetFileType (hFile=0x384) returned 0x1 [0143.850] WriteFile (in: hFile=0x384, lpBuffer=0xc0002914a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002914a0*, lpNumberOfBytesWritten=0xc0001cbd4c*=0x158, lpOverlapped=0x0) returned 1 [0143.850] CloseHandle (hObject=0x384) returned 1 [0143.850] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@scorecardresearch[2].txt"), dwFlags=0x1) returned 1 [0143.851] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe30*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.852] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f698, ulCount=0x10, ulNumEntriesRemoved=0x2d89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f698, ulNumEntriesRemoved=0x2d89f66c) returned 0 [0143.853] SetEvent (hEvent=0xc0) returned 1 [0143.853] SetEvent (hEvent=0xc2c) returned 1 [0143.853] SetEvent (hEvent=0x234) returned 1 [0143.853] SetEvent (hEvent=0x148) returned 1 [0143.855] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.863] SetEvent (hEvent=0x388) returned 1 [0143.863] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe08*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.871] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe30*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.871] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2d89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2d89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2d89f6a0, ulNumEntriesRemoved=0x2d89f674) returned 0 [0143.872] SetEvent (hEvent=0xc0) returned 1 [0143.872] SetEvent (hEvent=0x148) returned 1 [0143.872] SetEvent (hEvent=0x388) returned 1 [0143.872] SetEvent (hEvent=0x234) returned 1 [0143.872] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2d89fe18*=0x3c0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.956] SetEvent (hEvent=0x324) returned 1 [0143.956] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0143.964] SetEvent (hEvent=0xb70) returned 1 [0143.964] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0143.968] SetEvent (hEvent=0x324) returned 1 [0143.968] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0143.971] SetEvent (hEvent=0x324) returned 1 [0143.971] SetEvent (hEvent=0x918) returned 1 [0143.971] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) returned 0x0 [0143.991] SetEvent (hEvent=0xc74) returned 1 [0143.991] WaitForSingleObject (hHandle=0x3c0, dwMilliseconds=0xffffffff) Thread: id = 56 os_tid = 0xa94 [0116.322] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2da9fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2da9fea0*=0x378) returned 1 [0116.322] VirtualQuery (in: lpAddress=0x2da9fec0, lpBuffer=0x2da9fec0, dwLength=0x30 | out: lpBuffer=0x2da9fec0*(BaseAddress=0x2da9f000, AllocationBase=0x2d8a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.322] SetEvent (hEvent=0x354) returned 1 [0116.322] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x388 [0116.322] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x38c [0116.322] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0116.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x390 [0116.324] GetConsoleMode (in: hConsoleHandle=0x390, lpMode=0xc0001a7cf4 | out: lpMode=0xc0001a7cf4) returned 0 [0116.326] GetFileType (hFile=0x390) returned 0x1 [0116.326] GetFileType (hFile=0x390) returned 0x1 [0116.326] GetFileInformationByHandle (in: hFile=0x390, lpFileInformation=0xc0001a7d44 | out: lpFileInformation=0xc0001a7d44) returned 1 [0116.326] GetFileInformationByHandleEx (in: hFile=0x390, FileInformationClass=0x9, lpFileInformation=0xc0001a7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a7d28) returned 1 [0116.326] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0116.328] ReadFile (in: hFile=0x390, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x2331, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc0001a7c04*=0x2131, lpOverlapped=0x0) returned 1 [0116.331] ReadFile (in: hFile=0x390, lpBuffer=0xc00025c131, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025c131*, lpNumberOfBytesRead=0xc0001a7c04*=0x0, lpOverlapped=0x0) returned 1 [0116.331] CloseHandle (hObject=0x390) returned 1 [0116.331] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0116.332] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0116.333] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0116.522] GetConsoleMode (in: hConsoleHandle=0x21c, lpMode=0xc0001a7d04 | out: lpMode=0xc0001a7d04) returned 0 [0116.522] GetFileType (hFile=0x21c) returned 0x1 [0116.522] WriteFile (in: hFile=0x21c, lpBuffer=0xc00025c500*, nNumberOfBytesToWrite=0x2140, lpNumberOfBytesWritten=0xc0001a7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025c500*, lpNumberOfBytesWritten=0xc0001a7cec*=0x2140, lpOverlapped=0x0) returned 1 [0116.524] CloseHandle (hObject=0x21c) returned 1 [0116.524] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a101 | out: pbBuffer=0xc00031a101) returned 1 [0116.524] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0116.525] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0116.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0116.525] GetConsoleMode (in: hConsoleHandle=0x21c, lpMode=0xc0001a7d64 | out: lpMode=0xc0001a7d64) returned 0 [0116.526] GetFileType (hFile=0x21c) returned 0x1 [0116.526] WriteFile (in: hFile=0x21c, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001a7d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.526] CloseHandle (hObject=0x21c) returned 1 [0116.528] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZzuz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbzzuz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBZzuz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbbzzuz[1].jpg"), dwFlags=0x1) returned 1 [0117.152] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0117.153] SetEvent (hEvent=0x1dc) returned 1 [0117.153] SetEvent (hEvent=0x198) returned 1 [0117.154] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.154] SwitchToThread () returned 1 [0117.155] SetEvent (hEvent=0x1dc) returned 1 [0117.155] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0117.157] SetEvent (hEvent=0x1dc) returned 1 [0117.157] SetEvent (hEvent=0x39c) returned 1 [0117.157] SetEvent (hEvent=0x340) returned 1 [0117.157] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0117.204] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0117.204] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006e3cf4 | out: lpMode=0xc0006e3cf4) returned 0 [0117.206] GetFileType (hFile=0x1b0) returned 0x1 [0117.206] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0117.206] GetFileType (hFile=0x1b0) returned 0x1 [0117.206] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0006e3d44 | out: lpFileInformation=0xc0006e3d44) returned 1 [0117.206] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0006e3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e3d28) returned 1 [0117.206] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0117.207] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x111f, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc0006e3c04*=0xf1f, lpOverlapped=0x0) returned 1 [0117.213] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0117.217] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000faf1f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000faf1f*, lpNumberOfBytesRead=0xc0006e3c04*=0x0, lpOverlapped=0x0) returned 1 [0117.217] CloseHandle (hObject=0x1b0) returned 1 [0117.217] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0117.219] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006e3d04 | out: lpMode=0xc0006e3d04) returned 0 [0117.225] GetFileType (hFile=0x1b0) returned 0x1 [0117.225] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00005e000*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0xc0006e3cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesWritten=0xc0006e3cec*=0xf20, lpOverlapped=0x0) returned 1 [0117.226] CloseHandle (hObject=0x1b0) returned 1 [0117.226] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a101 | out: pbBuffer=0xc00031a101) returned 1 [0117.226] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0117.227] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0117.227] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006e3d64 | out: lpMode=0xc0006e3d64) returned 0 [0117.234] GetFileType (hFile=0x1b0) returned 0x1 [0117.234] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006e3d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.235] CloseHandle (hObject=0x1b0) returned 1 [0117.235] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1]"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-adfserve[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-adfserve[1]"), dwFlags=0x1) returned 1 [0117.236] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2da9fe30*=0x388, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0117.239] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0117.239] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2da9f698, ulCount=0x10, ulNumEntriesRemoved=0x2da9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2da9f698, ulNumEntriesRemoved=0x2da9f66c) returned 0 [0117.239] SetEvent (hEvent=0xc0) returned 1 [0117.239] SetEvent (hEvent=0x340) returned 1 [0117.239] SetEvent (hEvent=0x9c) returned 1 [0117.239] SetEvent (hEvent=0x3c4) returned 1 [0117.240] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2da9fe08*=0x388, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.248] SetEvent (hEvent=0x9c) returned 1 [0117.248] SetEvent (hEvent=0x340) returned 1 [0117.248] SetEvent (hEvent=0x304) returned 1 [0117.248] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2da9fe08*=0x388, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.253] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2da9fe30*=0x388, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.256] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2da9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2da9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2da9f6a0, ulNumEntriesRemoved=0x2da9f674) returned 0 [0117.256] SetEvent (hEvent=0x3c8) returned 1 [0117.256] SetEvent (hEvent=0x304) returned 1 [0117.256] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2da9fe18*=0x388, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0117.266] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000135cf4 | out: lpMode=0xc000135cf4) returned 0 [0117.269] GetFileType (hFile=0x23c) returned 0x1 [0117.269] GetFileType (hFile=0x23c) returned 0x1 [0117.269] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc000135d44 | out: lpFileInformation=0xc000135d44) returned 1 [0117.269] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc000135d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000135d28) returned 1 [0117.269] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0117.272] ReadFile (in: hFile=0x23c, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x11a35, lpNumberOfBytesRead=0xc000135c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000135c04*=0x11835, lpOverlapped=0x0) returned 1 [0117.280] ReadFile (in: hFile=0x23c, lpBuffer=0xc0002b5835, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000135c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b5835*, lpNumberOfBytesRead=0xc000135c04*=0x0, lpOverlapped=0x0) returned 1 [0117.280] CloseHandle (hObject=0x23c) returned 1 [0117.280] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0117.283] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0117.295] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000135d04 | out: lpMode=0xc000135d04) returned 0 [0117.300] GetFileType (hFile=0x384) returned 0x1 [0117.300] WriteFile (in: hFile=0x384, lpBuffer=0xc0002f2000*, nNumberOfBytesToWrite=0x11840, lpNumberOfBytesWritten=0xc000135cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f2000*, lpNumberOfBytesWritten=0xc000135cec*=0x11840, lpOverlapped=0x0) returned 1 [0117.304] CloseHandle (hObject=0x384) returned 1 [0117.314] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0117.355] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a801 | out: pbBuffer=0xc00031a801) returned 1 [0117.355] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0117.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0117.356] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000135d64 | out: lpMode=0xc000135d64) returned 0 [0117.358] GetFileType (hFile=0x370) returned 0x1 [0117.358] WriteFile (in: hFile=0x370, lpBuffer=0xc0000fc9a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000135d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc9a0*, lpNumberOfBytesWritten=0xc000135d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.359] CloseHandle (hObject=0x370) returned 1 [0117.361] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-ast[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-ast[2].js"), dwFlags=0x1) returned 1 [0117.992] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2da9f698, ulCount=0x10, ulNumEntriesRemoved=0x2da9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2da9f698, ulNumEntriesRemoved=0x2da9f66c) returned 0 [0117.992] SetEvent (hEvent=0x24c) returned 1 [0117.992] VirtualAlloc (lpAddress=0xc000524000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000524000 [0117.994] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2da9fe08*=0x388, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0117.995] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0117.995] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2da9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2da9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2da9f6a0, ulNumEntriesRemoved=0x2da9f674) returned 0 [0117.995] SetEvent (hEvent=0x24c) returned 1 [0117.995] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2da9fe18*=0x388, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.000] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0119.066] SetEvent (hEvent=0x324) returned 1 [0119.066] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0119.071] SetEvent (hEvent=0x234) returned 1 [0119.071] SetEvent (hEvent=0x188) returned 1 [0119.071] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0119.092] VirtualFree (lpAddress=0xc000300000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0119.092] VirtualFree (lpAddress=0xc0002ca000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.093] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0119.093] VirtualFree (lpAddress=0xc000294000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0119.094] VirtualFree (lpAddress=0xc00025a000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0119.094] VirtualFree (lpAddress=0xc000238000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.094] VirtualFree (lpAddress=0xc000222000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.095] VirtualFree (lpAddress=0xc000212000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0119.095] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0119.095] VirtualFree (lpAddress=0xc000198000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0119.096] VirtualFree (lpAddress=0xc000180000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0119.096] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0119.096] VirtualFree (lpAddress=0xc000110000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0119.097] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.097] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.097] SetEvent (hEvent=0x334) returned 1 [0119.097] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0119.102] SetEvent (hEvent=0x274) returned 1 [0119.102] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0119.110] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0119.112] SetEvent (hEvent=0x13c) returned 1 [0119.112] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0141.527] VirtualAlloc (lpAddress=0xc000316000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000316000 [0141.527] VirtualAlloc (lpAddress=0xc000318000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000318000 [0141.528] VirtualAlloc (lpAddress=0xc00031c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031c000 [0141.528] VirtualAlloc (lpAddress=0xc00031e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031e000 [0141.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374 [0142.484] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc0004ddd04 | out: lpMode=0xc0004ddd04) returned 0 [0142.523] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0143.093] GetFileType (hFile=0x374) returned 0x1 [0143.093] WriteFile (in: hFile=0x374, lpBuffer=0xc000318000*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0xc0004ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc000318000*, lpNumberOfBytesWritten=0xc0004ddcec*=0x250, lpOverlapped=0x0) returned 1 [0143.094] CloseHandle (hObject=0x374) returned 1 [0143.094] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0143.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374 [0143.094] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc0004ddd64 | out: lpMode=0xc0004ddd64) returned 0 [0143.100] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0143.859] GetFileType (hFile=0x374) returned 0x1 [0143.859] WriteFile (in: hFile=0x374, lpBuffer=0xc0006142c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006142c0*, lpNumberOfBytesWritten=0xc0004ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0143.859] CloseHandle (hObject=0x374) returned 1 [0143.860] VirtualAlloc (lpAddress=0xc0006fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006fe000 [0143.861] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0143.862] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adnxs[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@adnxs[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@adnxs[1].txt"), dwFlags=0x1) returned 1 [0143.863] SetEvent (hEvent=0x8c8) returned 1 [0143.863] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0143.867] SetEvent (hEvent=0x3c0) returned 1 [0143.867] SetEvent (hEvent=0xc5c) returned 1 [0143.867] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0143.873] SetEvent (hEvent=0x8d0) returned 1 [0143.873] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) returned 0x0 [0143.971] SetEvent (hEvent=0xc6c) returned 1 [0143.971] WaitForSingleObject (hHandle=0x388, dwMilliseconds=0xffffffff) Thread: id = 57 os_tid = 0xa10 [0116.324] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2dc9fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2dc9fea0*=0x394) returned 1 [0116.324] VirtualQuery (in: lpAddress=0x2dc9fec0, lpBuffer=0x2dc9fec0, dwLength=0x30 | out: lpBuffer=0x2dc9fec0*(BaseAddress=0x2dc9f000, AllocationBase=0x2daa0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.324] GetFileType (hFile=0x320) returned 0x1 [0116.324] WriteFile (in: hFile=0x320, lpBuffer=0xc0000e7000*, nNumberOfBytesToWrite=0x2cb0, lpNumberOfBytesWritten=0xc0001a5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e7000*, lpNumberOfBytesWritten=0xc0001a5cec*=0x2cb0, lpOverlapped=0x0) returned 1 [0116.326] CloseHandle (hObject=0x320) returned 1 [0116.330] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1601 | out: pbBuffer=0xc0000e1601) returned 1 [0116.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x398 [0116.331] GetConsoleMode (in: hConsoleHandle=0x398, lpMode=0xc0001a5d64 | out: lpMode=0xc0001a5d64) returned 0 [0116.333] GetFileType (hFile=0x398) returned 0x1 [0116.333] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0116.334] WriteFile (in: hFile=0x398, lpBuffer=0xc000182f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000182f20*, lpNumberOfBytesWritten=0xc0001a5d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.334] CloseHandle (hObject=0x398) returned 1 [0116.338] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBBZ20W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbbz20w[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBBZ20W[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbbz20w[1].jpg"), dwFlags=0x1) returned 1 [0117.026] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x320 [0117.026] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c [0117.026] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0117.027] SetEvent (hEvent=0x1dc) returned 1 [0117.027] SetEvent (hEvent=0x1f8) returned 1 [0117.027] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.028] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.028] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.029] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.029] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.029] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.030] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a3818, lpReserved=0x0 | out: lpBuffer=0xc000072018*, lpNumberOfCharsWritten=0xc0001a3818*=0x3) returned 1 [0117.031] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0117.033] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010138*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00010f818, lpReserved=0x0 | out: lpBuffer=0xc000010138*, lpNumberOfCharsWritten=0xc00010f818*=0x3) returned 1 [0117.034] SetEvent (hEvent=0x1a0) returned 1 [0117.034] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0117.035] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010140*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000191818, lpReserved=0x0 | out: lpBuffer=0xc000010140*, lpNumberOfCharsWritten=0xc000191818*=0x3) returned 1 [0117.036] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0117.039] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0117.042] SetEvent (hEvent=0x1dc) returned 1 [0117.042] SetEvent (hEvent=0x1f8) returned 1 [0117.042] SetEvent (hEvent=0x12c) returned 1 [0117.042] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0117.141] SwitchToThread () returned 1 [0117.144] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0117.147] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0117.151] SwitchToThread () returned 1 [0117.152] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0117.214] SetEvent (hEvent=0x1dc) returned 1 [0117.214] SetEvent (hEvent=0x9c) returned 1 [0117.214] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0117.318] SetEvent (hEvent=0x3c4) returned 1 [0117.318] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0117.322] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0117.322] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00015fcf4 | out: lpMode=0xc00015fcf4) returned 0 [0117.325] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0117.362] GetFileType (hFile=0x384) returned 0x1 [0117.362] GetFileType (hFile=0x384) returned 0x1 [0117.362] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc00015fd44 | out: lpFileInformation=0xc00015fd44) returned 1 [0117.362] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc00015fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015fd28) returned 1 [0117.362] VirtualAlloc (lpAddress=0xc000304000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000304000 [0117.363] ReadFile (in: hFile=0x384, lpBuffer=0xc000304000, nNumberOfBytesToRead=0x2eb0, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000304000*, lpNumberOfBytesRead=0xc00015fc04*=0x2cb0, lpOverlapped=0x0) returned 1 [0117.366] ReadFile (in: hFile=0x384, lpBuffer=0xc000306cb0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000306cb0*, lpNumberOfBytesRead=0xc00015fc04*=0x0, lpOverlapped=0x0) returned 1 [0117.367] CloseHandle (hObject=0x384) returned 1 [0117.367] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e0 [0117.392] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0117.533] GetConsoleMode (in: hConsoleHandle=0x2e0, lpMode=0xc00015fd04 | out: lpMode=0xc00015fd04) returned 0 [0117.534] GetFileType (hFile=0x2e0) returned 0x1 [0117.534] WriteFile (in: hFile=0x2e0, lpBuffer=0xc000307000*, nNumberOfBytesToWrite=0x2cc0, lpNumberOfBytesWritten=0xc00015fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000307000*, lpNumberOfBytesWritten=0xc00015fcec*=0x2cc0, lpOverlapped=0x0) returned 1 [0117.535] CloseHandle (hObject=0x2e0) returned 1 [0117.540] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0117.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0117.541] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00015fd64 | out: lpMode=0xc00015fd64) returned 0 [0117.542] GetFileType (hFile=0x384) returned 0x1 [0117.542] VirtualAlloc (lpAddress=0xc0003f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f0000 [0117.542] WriteFile (in: hFile=0x384, lpBuffer=0xc0001829a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001829a0*, lpNumberOfBytesWritten=0xc00015fd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.543] CloseHandle (hObject=0x384) returned 1 [0117.548] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0117.625] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBu9sWQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbu9swq[1].jpg"), dwFlags=0x1) returned 1 [0118.065] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2dc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2dc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2dc9f698, ulNumEntriesRemoved=0x2dc9f66c) returned 0 [0118.065] SetEvent (hEvent=0x258) returned 1 [0118.065] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2dc9fe08*=0x320, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.068] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2dc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2dc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2dc9f6a0, ulNumEntriesRemoved=0x2dc9f674) returned 0 [0118.068] SetEvent (hEvent=0x258) returned 1 [0118.068] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2dc9fe18*=0x320, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.073] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0119.029] SetEvent (hEvent=0x1dc) returned 1 [0119.029] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0119.035] SetEvent (hEvent=0x1e8) returned 1 [0119.035] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0119.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x284 [0119.040] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc000209cf4 | out: lpMode=0xc000209cf4) returned 0 [0119.042] GetFileType (hFile=0x284) returned 0x1 [0119.042] GetFileType (hFile=0x284) returned 0x1 [0119.043] GetFileInformationByHandle (in: hFile=0x284, lpFileInformation=0xc000209d44 | out: lpFileInformation=0xc000209d44) returned 1 [0119.043] GetFileInformationByHandleEx (in: hFile=0x284, FileInformationClass=0x9, lpFileInformation=0xc000209d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000209d28) returned 1 [0119.043] ReadFile (in: hFile=0x284, lpBuffer=0xc00006d000, nNumberOfBytesToRead=0x172c, lpNumberOfBytesRead=0xc000209c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006d000*, lpNumberOfBytesRead=0xc000209c04*=0x152c, lpOverlapped=0x0) returned 1 [0119.046] ReadFile (in: hFile=0x284, lpBuffer=0xc00006e52c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000209c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e52c*, lpNumberOfBytesRead=0xc000209c04*=0x0, lpOverlapped=0x0) returned 1 [0119.046] CloseHandle (hObject=0x284) returned 1 [0119.046] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0119.081] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000209d04 | out: lpMode=0xc000209d04) returned 0 [0119.081] GetFileType (hFile=0x2e8) returned 0x1 [0119.082] WriteFile (in: hFile=0x2e8, lpBuffer=0xc00006e800*, nNumberOfBytesToWrite=0x1530, lpNumberOfBytesWritten=0xc000209cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006e800*, lpNumberOfBytesWritten=0xc000209cec*=0x1530, lpOverlapped=0x0) returned 1 [0119.082] CloseHandle (hObject=0x2e8) returned 1 [0119.083] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0119.084] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0119.084] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0119.084] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000209d64 | out: lpMode=0xc000209d64) returned 0 [0119.087] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0119.156] GetFileType (hFile=0x2e8) returned 0x1 [0119.156] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000bc6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000209d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc6e0*, lpNumberOfBytesWritten=0xc000209d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.156] CloseHandle (hObject=0x2e8) returned 1 [0119.158] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBALZyp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbalzyp[1].jpg"), dwFlags=0x1) returned 1 [0119.777] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0119.779] SetEvent (hEvent=0x30c) returned 1 [0119.779] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0119.781] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00016f818, lpReserved=0x0 | out: lpBuffer=0xc000010060*, lpNumberOfCharsWritten=0xc00016f818*=0x3) returned 1 [0119.782] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010066*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000189818, lpReserved=0x0 | out: lpBuffer=0xc000010066*, lpNumberOfCharsWritten=0xc000189818*=0x3) returned 1 [0119.882] SwitchToThread () returned 1 [0119.884] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0120.588] SetEvent (hEvent=0x198) returned 1 [0120.588] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0120.592] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0120.593] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0000f9cf4 | out: lpMode=0xc0000f9cf4) returned 0 [0120.595] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0120.624] GetFileType (hFile=0x384) returned 0x1 [0120.624] GetFileType (hFile=0x384) returned 0x1 [0120.624] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc0000f9d44 | out: lpFileInformation=0xc0000f9d44) returned 1 [0120.624] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc0000f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f9d28) returned 1 [0120.624] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0120.625] ReadFile (in: hFile=0x384, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x2d6c, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc0000f9c04*=0x2b6c, lpOverlapped=0x0) returned 1 [0120.627] ReadFile (in: hFile=0x384, lpBuffer=0xc0000fcb6c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fcb6c*, lpNumberOfBytesRead=0xc0000f9c04*=0x0, lpOverlapped=0x0) returned 1 [0120.628] CloseHandle (hObject=0x384) returned 1 [0120.628] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0120.668] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc0000f9d04 | out: lpMode=0xc0000f9d04) returned 0 [0120.669] GetFileType (hFile=0x3dc) returned 0x1 [0120.669] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0000fd000*, nNumberOfBytesToWrite=0x2b70, lpNumberOfBytesWritten=0xc0000f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fd000*, lpNumberOfBytesWritten=0xc0000f9cec*=0x2b70, lpOverlapped=0x0) returned 1 [0120.671] CloseHandle (hObject=0x3dc) returned 1 [0120.673] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028b101 | out: pbBuffer=0xc00028b101) returned 1 [0120.673] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0120.673] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0000f9d64 | out: lpMode=0xc0000f9d64) returned 0 [0120.675] GetFileType (hFile=0x2e8) returned 0x1 [0120.675] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0002806e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002806e0*, lpNumberOfBytesWritten=0xc0000f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0120.675] CloseHandle (hObject=0x2e8) returned 1 [0120.681] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEfRwv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbefrwv[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEfRwv[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbefrwv[1].jpg"), dwFlags=0x1) returned 1 [0120.923] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0121.582] SetEvent (hEvent=0xfc) returned 1 [0121.582] SetEvent (hEvent=0x30c) returned 1 [0121.582] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0121.646] SetEvent (hEvent=0x354) returned 1 [0121.646] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0122.256] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002f0000*, nNumberOfCharsToWrite=0x7b, lpNumberOfCharsWritten=0xc0006e1808, lpReserved=0x0 | out: lpBuffer=0xc0002f0000*, lpNumberOfCharsWritten=0xc0006e1808*=0x7b) returned 1 [0122.258] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0122.258] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0122.258] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0122.264] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0122.303] SetEvent (hEvent=0x114) returned 1 [0122.303] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0123.849] SetEvent (hEvent=0x13c) returned 1 [0123.849] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0123.868] SetEvent (hEvent=0x3c4) returned 1 [0123.868] SetEvent (hEvent=0x13c) returned 1 [0123.868] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0128.573] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0128.574] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0128.575] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0128.576] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0128.576] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0128.578] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0128.579] SetEvent (hEvent=0x148) returned 1 [0128.579] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000126360*, nNumberOfCharsToWrite=0x83, lpNumberOfCharsWritten=0xc000247808, lpReserved=0x0 | out: lpBuffer=0xc000126360*, lpNumberOfCharsWritten=0xc000247808*=0x83) returned 1 [0128.580] SetEvent (hEvent=0x148) returned 1 [0128.581] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0128.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0130.618] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0130.631] GetFileType (hFile=0x2c4) returned 0x1 [0130.631] WriteFile (in: hFile=0x2c4, lpBuffer=0xc00010e6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00010e6e0*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0130.632] CloseHandle (hObject=0x2c4) returned 1 [0130.632] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0130.633] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0130.634] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\VB18B0KB\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\vb18b0kb\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0130.684] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0130.776] SetEvent (hEvent=0x258) returned 1 [0130.776] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.073] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.087] SetEvent (hEvent=0x3c4) returned 1 [0131.087] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0131.088] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000275cf4 | out: lpMode=0xc000275cf4) returned 0 [0131.089] GetFileType (hFile=0x2c4) returned 0x1 [0131.089] GetFileType (hFile=0x2c4) returned 0x1 [0131.089] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc000275d44 | out: lpFileInformation=0xc000275d44) returned 1 [0131.089] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc000275d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000275d28) returned 1 [0131.089] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0131.090] ReadFile (in: hFile=0x2c4, lpBuffer=0xc00028c000, nNumberOfBytesToRead=0x78b, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesRead=0xc000275c04*=0x58b, lpOverlapped=0x0) returned 1 [0131.092] ReadFile (in: hFile=0x2c4, lpBuffer=0xc00028c58b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028c58b*, lpNumberOfBytesRead=0xc000275c04*=0x0, lpOverlapped=0x0) returned 1 [0131.092] CloseHandle (hObject=0x2c4) returned 1 [0131.092] VirtualAlloc (lpAddress=0xc00028e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028e000 [0131.093] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\3388ecc3f7bc4a9271c10ed8621e5a65_f55c512047947b70f94de5dec6d6838d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.124] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0131.125] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\3388ECC3F7BC4A9271C10ED8621E5A65_F55C512047947B70F94DE5DEC6D6838D\\*", lpFindFileData=0xc000275a08 | out: lpFindFileData=0xc000275a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.125] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000275720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.125] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0131.125] SetEvent (hEvent=0xfc) returned 1 [0131.125] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.127] SwitchToThread () returned 1 [0131.134] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.136] SetEvent (hEvent=0x1b4) returned 1 [0131.136] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00014d818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc00014d818*=0x2) returned 1 [0131.137] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.145] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010034*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000031818, lpReserved=0x0 | out: lpBuffer=0xc000010034*, lpNumberOfCharsWritten=0xc000031818*=0x2) returned 1 [0131.149] VirtualFree (lpAddress=0xc000300000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0131.150] VirtualFree (lpAddress=0xc00028e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.150] VirtualFree (lpAddress=0xc000212000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.150] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.151] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e010*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000195818, lpReserved=0x0 | out: lpBuffer=0xc00005e010*, lpNumberOfCharsWritten=0xc000195818*=0x2) returned 1 [0131.152] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.170] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.177] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.196] SetEvent (hEvent=0xfc) returned 1 [0131.196] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.197] SetEvent (hEvent=0xfc) returned 1 [0131.197] SetEvent (hEvent=0x3c0) returned 1 [0131.197] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.197] VirtualFree (lpAddress=0xc000290000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0131.198] VirtualFree (lpAddress=0xc000216000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0131.198] VirtualFree (lpAddress=0xc0001ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.199] VirtualFree (lpAddress=0xc0001b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.199] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.199] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.200] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.200] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.200] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0131.201] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e018*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000275818, lpReserved=0x0 | out: lpBuffer=0xc00005e018*, lpNumberOfCharsWritten=0xc000275818*=0x2) returned 1 [0131.203] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.204] SetEvent (hEvent=0x3c0) returned 1 [0131.204] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0131.205] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0131.206] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000045cf4 | out: lpMode=0xc000045cf4) returned 0 [0131.206] GetFileType (hFile=0x3d8) returned 0x1 [0131.206] GetFileType (hFile=0x3d8) returned 0x1 [0131.206] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc000045d44 | out: lpFileInformation=0xc000045d44) returned 1 [0131.206] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc000045d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000045d28) returned 1 [0131.206] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0131.207] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000222000, nNumberOfBytesToRead=0x4d7, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc000222000*, lpNumberOfBytesRead=0xc000045c04*=0x2d7, lpOverlapped=0x0) returned 1 [0131.212] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0002222d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002222d7*, lpNumberOfBytesRead=0xc000045c04*=0x0, lpOverlapped=0x0) returned 1 [0131.212] CloseHandle (hObject=0x3d8) returned 1 [0131.212] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0131.212] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0131.213] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.222] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77\\*", lpFindFileData=0xc000045a08 | out: lpFindFileData=0xc000045a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.223] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000045720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.223] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000045808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000045808*=0xac) returned 1 [0131.226] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0131.227] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0131.227] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0131.227] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0131.227] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000045d64 | out: lpMode=0xc000045d64) returned 0 [0131.230] GetFileType (hFile=0x2b4) returned 0x1 [0131.230] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000045d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000045d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.230] CloseHandle (hObject=0x2b4) returned 1 [0131.231] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-5080dc7a65db6a5960ecd874088f3328_2908f682dfc81a793bd240cf29711c77"), dwFlags=0x1) returned 1 [0131.297] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2dc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2dc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2dc9f698, ulNumEntriesRemoved=0x2dc9f66c) returned 0 [0131.297] SetEvent (hEvent=0x39c) returned 1 [0131.297] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2dc9fe08*=0x320, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.298] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.298] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2dc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2dc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2dc9f6a0, ulNumEntriesRemoved=0x2dc9f674) returned 0 [0131.298] SetEvent (hEvent=0x39c) returned 1 [0131.298] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2dc9fe18*=0x320, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.305] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.305] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.332] SetEvent (hEvent=0x3c0) returned 1 [0131.332] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.337] SetEvent (hEvent=0x3c0) returned 1 [0131.337] SetEvent (hEvent=0x148) returned 1 [0131.337] VirtualFree (lpAddress=0xc0002f2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.338] VirtualFree (lpAddress=0xc0002e4000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0131.338] VirtualFree (lpAddress=0xc0002ce000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.339] VirtualFree (lpAddress=0xc00025c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.339] VirtualFree (lpAddress=0xc000206000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.339] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.340] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010038*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00015f818, lpReserved=0x0 | out: lpBuffer=0xc000010038*, lpNumberOfCharsWritten=0xc00015f818*=0x2) returned 1 [0131.342] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.345] SetEvent (hEvent=0x3c0) returned 1 [0131.346] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.353] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.355] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.358] SetEvent (hEvent=0x3c0) returned 1 [0131.358] SetEvent (hEvent=0xfc) returned 1 [0131.358] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010060*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000275818, lpReserved=0x0 | out: lpBuffer=0xc000010060*, lpNumberOfCharsWritten=0xc000275818*=0x2) returned 1 [0131.360] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.361] SetEvent (hEvent=0x1b4) returned 1 [0131.361] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.362] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0131.363] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000275cf4 | out: lpMode=0xc000275cf4) returned 0 [0131.363] GetFileType (hFile=0x370) returned 0x1 [0131.363] GetFileType (hFile=0x370) returned 0x1 [0131.363] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc000275d44 | out: lpFileInformation=0xc000275d44) returned 1 [0131.363] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc000275d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000275d28) returned 1 [0131.364] ReadFile (in: hFile=0x370, lpBuffer=0xc00004e000, nNumberOfBytesToRead=0x3fa, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesRead=0xc000275c04*=0x1fa, lpOverlapped=0x0) returned 1 [0131.364] ReadFile (in: hFile=0x370, lpBuffer=0xc00004e1fa, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000275c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004e1fa*, lpNumberOfBytesRead=0xc000275c04*=0x0, lpOverlapped=0x0) returned 1 [0131.365] CloseHandle (hObject=0x370) returned 1 [0131.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.369] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9\\*", lpFindFileData=0xc000275a08 | out: lpFindFileData=0xc000275a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.369] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000275720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.369] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d2000*, nNumberOfCharsToWrite=0x8b, lpNumberOfCharsWritten=0xc000275808, lpReserved=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfCharsWritten=0xc000275808*=0x8b) returned 1 [0131.370] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0131.370] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0131.371] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0131.371] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc000275d64 | out: lpMode=0xc000275d64) returned 0 [0131.372] GetFileType (hFile=0x2bc) returned 0x1 [0131.372] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000275d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000275d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.373] CloseHandle (hObject=0x2bc) returned 1 [0131.375] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0131.401] VirtualAlloc (lpAddress=0xc0002fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fc000 [0131.406] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\7b2238aaccedc3f1ffe8e7eb5f575ec9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-7B2238AACCEDC3F1FFE8E7EB5F575EC9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-7b2238aaccedc3f1ffe8e7eb5f575ec9"), dwFlags=0x1) returned 1 [0131.595] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2dc9fe30*=0x320, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.597] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2dc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2dc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2dc9f698, ulNumEntriesRemoved=0x2dc9f66c) returned 0 [0131.597] SetEvent (hEvent=0xc0) returned 1 [0131.597] SetEvent (hEvent=0x1b4) returned 1 [0131.597] SetEvent (hEvent=0x148) returned 1 [0131.597] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2dc9fe08*=0x320, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.602] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2dc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2dc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2dc9f6a0, ulNumEntriesRemoved=0x2dc9f674) returned 0 [0131.602] SetEvent (hEvent=0x148) returned 1 [0131.602] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2dc9fe18*=0x320, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.613] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000275818, lpReserved=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfCharsWritten=0xc000275818*=0x2) returned 1 [0131.615] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.620] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0131.621] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0131.622] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000141cf4 | out: lpMode=0xc000141cf4) returned 0 [0131.624] GetFileType (hFile=0x2b4) returned 0x1 [0131.624] GetFileType (hFile=0x2b4) returned 0x1 [0131.624] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc000141d44 | out: lpFileInformation=0xc000141d44) returned 1 [0131.624] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc000141d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000141d28) returned 1 [0131.624] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0131.625] ReadFile (in: hFile=0x2b4, lpBuffer=0xc000050000, nNumberOfBytesToRead=0x3cf, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesRead=0xc000141c04*=0x1cf, lpOverlapped=0x0) returned 1 [0131.626] ReadFile (in: hFile=0x2b4, lpBuffer=0xc0000501cf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000501cf*, lpNumberOfBytesRead=0xc000141c04*=0x0, lpOverlapped=0x0) returned 1 [0131.626] CloseHandle (hObject=0x2b4) returned 1 [0131.626] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0131.626] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0131.627] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0131.627] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.646] SetEvent (hEvent=0xc0) returned 1 [0131.646] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0\\*", lpFindFileData=0xc000141a08 | out: lpFindFileData=0xc000141a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.646] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000141720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.646] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000078000*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000141808, lpReserved=0x0 | out: lpBuffer=0xc000078000*, lpNumberOfCharsWritten=0xc000141808*=0xac) returned 1 [0131.648] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0131.648] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0131.648] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0131.651] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0131.651] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0131.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0131.652] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000141d64 | out: lpMode=0xc000141d64) returned 0 [0131.652] GetFileType (hFile=0x2e8) returned 0x1 [0131.652] WriteFile (in: hFile=0x2e8, lpBuffer=0xc000078420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000141d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000078420*, lpNumberOfBytesWritten=0xc000141d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.653] CloseHandle (hObject=0x2e8) returned 1 [0131.654] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-8059E9A0D314877E40FE93D8CCFB3C69_234CB5D64705D4DBB4DA839716359AF0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-8059e9a0d314877e40fe93d8ccfb3c69_234cb5d64705d4dbb4da839716359af0"), dwFlags=0x1) returned 1 [0131.706] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2dc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2dc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2dc9f698, ulNumEntriesRemoved=0x2dc9f66c) returned 0 [0131.706] SetEvent (hEvent=0xfc) returned 1 [0131.706] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0131.707] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2dc9fe08*=0x320, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.718] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.718] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2dc9fe08*=0x320, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.722] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.722] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2dc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2dc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2dc9f6a0, ulNumEntriesRemoved=0x2dc9f674) returned 0 [0131.722] SetEvent (hEvent=0x3c0) returned 1 [0131.722] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2dc9fe18*=0x320, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0131.725] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0131.725] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.006] SwitchToThread () returned 1 [0132.007] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.013] SetEvent (hEvent=0x1b4) returned 1 [0132.013] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0132.014] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0132.015] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0132.016] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000031cf4 | out: lpMode=0xc000031cf4) returned 0 [0132.017] GetFileType (hFile=0x370) returned 0x1 [0132.017] GetFileType (hFile=0x370) returned 0x1 [0132.017] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc000031d44 | out: lpFileInformation=0xc000031d44) returned 1 [0132.017] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc000031d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000031d28) returned 1 [0132.017] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0132.018] ReadFile (in: hFile=0x370, lpBuffer=0xc0000b8000, nNumberOfBytesToRead=0x79d, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b8000*, lpNumberOfBytesRead=0xc000031c04*=0x59d, lpOverlapped=0x0) returned 1 [0132.020] ReadFile (in: hFile=0x370, lpBuffer=0xc0000b859d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b859d*, lpNumberOfBytesRead=0xc000031c04*=0x0, lpOverlapped=0x0) returned 1 [0132.020] CloseHandle (hObject=0x370) returned 1 [0132.020] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0132.020] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0132.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.034] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0132.034] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61\\*", lpFindFileData=0xc000031a08 | out: lpFindFileData=0xc000031a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.035] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000031720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.035] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc000031808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000031808*=0xac) returned 1 [0132.038] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0132.038] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.038] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0132.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0132.039] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc000031d64 | out: lpMode=0xc000031d64) returned 0 [0132.044] GetFileType (hFile=0x370) returned 0x1 [0132.044] WriteFile (in: hFile=0x370, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000031d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000031d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.045] CloseHandle (hObject=0x370) returned 1 [0132.048] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-8E4E510F44A56B8C8ECFEC352907C373_411140098D71F028134E9B8A21255C61" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-8e4e510f44a56b8c8ecfec352907c373_411140098d71f028134e9b8a21255c61"), dwFlags=0x1) returned 1 [0132.094] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2dc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2dc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2dc9f698, ulNumEntriesRemoved=0x2dc9f66c) returned 0 [0132.094] SetEvent (hEvent=0x3c0) returned 1 [0132.095] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2dc9fe08*=0x320, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.095] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.095] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2dc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2dc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2dc9f6a0, ulNumEntriesRemoved=0x2dc9f674) returned 0 [0132.096] SetEvent (hEvent=0x3c0) returned 1 [0132.096] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2dc9fe18*=0x320, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.100] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.123] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.135] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.140] SetEvent (hEvent=0x258) returned 1 [0132.140] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.141] SetEvent (hEvent=0x258) returned 1 [0132.141] SetEvent (hEvent=0x1b4) returned 1 [0132.141] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.142] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.142] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.142] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.143] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.143] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.143] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.144] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.144] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.145] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000195818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc000195818*=0x2) returned 1 [0132.146] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.153] SetEvent (hEvent=0x258) returned 1 [0132.153] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0132.154] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.154] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0132.155] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001ffcf4 | out: lpMode=0xc0001ffcf4) returned 0 [0132.156] GetFileType (hFile=0x370) returned 0x1 [0132.157] GetFileType (hFile=0x370) returned 0x1 [0132.157] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc0001ffd44 | out: lpFileInformation=0xc0001ffd44) returned 1 [0132.157] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc0001ffd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001ffd28) returned 1 [0132.157] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.157] ReadFile (in: hFile=0x370, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x3d7, lpNumberOfBytesRead=0xc0001ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc0001ffc04*=0x1d7, lpOverlapped=0x0) returned 1 [0132.159] ReadFile (in: hFile=0x370, lpBuffer=0xc00004c1d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c1d7*, lpNumberOfBytesRead=0xc0001ffc04*=0x0, lpOverlapped=0x0) returned 1 [0132.159] CloseHandle (hObject=0x370) returned 1 [0132.159] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0132.159] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0132.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.168] SetEvent (hEvent=0xc0) returned 1 [0132.168] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.168] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450\\*", lpFindFileData=0xc0001ffa08 | out: lpFindFileData=0xc0001ffa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.169] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001ff720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.169] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0001ff808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0001ff808*=0xac) returned 1 [0132.170] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.171] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.171] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0132.172] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0132.172] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001ffd64 | out: lpMode=0xc0001ffd64) returned 0 [0132.172] GetFileType (hFile=0x370) returned 0x1 [0132.172] WriteFile (in: hFile=0x370, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001ffd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001ffd4c*=0x158, lpOverlapped=0x0) returned 1 [0132.173] CloseHandle (hObject=0x370) returned 1 [0132.173] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-A9E4F776657345B52012CE8E279D314C_183A5BE0B233CC1D513955FABECF9450" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-a9e4f776657345b52012ce8e279d314c_183a5be0b233cc1d513955fabecf9450"), dwFlags=0x1) returned 1 [0132.234] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2dc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2dc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2dc9f698, ulNumEntriesRemoved=0x2dc9f66c) returned 0 [0132.234] SetEvent (hEvent=0x3c0) returned 1 [0132.234] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2dc9fe08*=0x320, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.235] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2dc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2dc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2dc9f6a0, ulNumEntriesRemoved=0x2dc9f674) returned 0 [0132.235] SetEvent (hEvent=0x3c0) returned 1 [0132.235] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2dc9fe18*=0x320, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.240] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.262] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.272] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.277] SetEvent (hEvent=0x1b4) returned 1 [0132.277] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.279] SetEvent (hEvent=0x1b4) returned 1 [0132.279] SetEvent (hEvent=0x258) returned 1 [0132.279] VirtualFree (lpAddress=0xc00010c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0132.279] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.280] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.280] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.281] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.281] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.281] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.282] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.282] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010038*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc00011b818, lpReserved=0x0 | out: lpBuffer=0xc000010038*, lpNumberOfCharsWritten=0xc00011b818*=0x2) returned 1 [0132.283] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.290] SetEvent (hEvent=0x258) returned 1 [0132.290] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0132.291] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0132.291] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x370 [0132.292] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00011bcf4 | out: lpMode=0xc00011bcf4) returned 0 [0132.293] GetFileType (hFile=0x370) returned 0x1 [0132.293] GetFileType (hFile=0x370) returned 0x1 [0132.293] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc00011bd44 | out: lpFileInformation=0xc00011bd44) returned 1 [0132.293] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc00011bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00011bd28) returned 1 [0132.293] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0132.294] ReadFile (in: hFile=0x370, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x8e3, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc00011bc04*=0x6e3, lpOverlapped=0x0) returned 1 [0132.297] ReadFile (in: hFile=0x370, lpBuffer=0xc0000fa6e3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa6e3*, lpNumberOfBytesRead=0xc00011bc04*=0x0, lpOverlapped=0x0) returned 1 [0132.298] CloseHandle (hObject=0x370) returned 1 [0132.298] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0132.298] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0132.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.422] SetEvent (hEvent=0xc0) returned 1 [0132.422] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873\\*", lpFindFileData=0xc00011ba08 | out: lpFindFileData=0xc00011ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.422] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00011b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.422] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc00011b808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc00011b808*=0xac) returned 1 [0132.425] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0132.425] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.425] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0132.426] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.426] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.427] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0132.427] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0132.427] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00011bd64 | out: lpMode=0xc00011bd64) returned 0 [0132.430] GetFileType (hFile=0x370) returned 0x1 [0132.430] WriteFile (in: hFile=0x370, lpBuffer=0xc00004c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00011bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00004c2c0*, lpNumberOfBytesWritten=0xc00011bd4c*=0x158, lpOverlapped=0x0) returned 1 [0132.431] CloseHandle (hObject=0x370) returned 1 [0132.433] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-C46E7B0F942663A1EDC8D9D6D7869173_42820CDFEA41DC84AAB89A6B63561873" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-c46e7b0f942663a1edc8d9d6d7869173_42820cdfea41dc84aab89a6b63561873"), dwFlags=0x1) returned 1 [0132.466] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2dc9f698, ulCount=0x10, ulNumEntriesRemoved=0x2dc9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2dc9f698, ulNumEntriesRemoved=0x2dc9f66c) returned 0 [0132.466] SetEvent (hEvent=0x3c0) returned 1 [0132.467] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0132.468] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2dc9fe08*=0x320, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.469] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2dc9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2dc9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2dc9f6a0, ulNumEntriesRemoved=0x2dc9f674) returned 0 [0132.469] SetEvent (hEvent=0x3c0) returned 1 [0132.469] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2dc9fe18*=0x320, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.473] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.489] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.498] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.513] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.522] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.532] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0132.563] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0132.571] GetFileType (hFile=0x2e8) returned 0x1 [0132.571] GetFileType (hFile=0x2e8) returned 0x1 [0132.571] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0132.571] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0132.571] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0132.572] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x84c, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc00024dc04*=0x64c, lpOverlapped=0x0) returned 1 [0132.601] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.625] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0000fa64c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa64c*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0132.625] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.647] CloseHandle (hObject=0x2e8) returned 1 [0132.648] VirtualAlloc (lpAddress=0xc000284000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000284000 [0132.648] VirtualAlloc (lpAddress=0xc000286000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000286000 [0132.648] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0132.649] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0132.650] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0132.650] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.650] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0132.651] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1\\*", lpFindFileData=0xc00024da08 | out: lpFindFileData=0xc00024da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.651] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00024d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.651] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0132.651] VirtualAlloc (lpAddress=0xc000296000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000296000 [0132.652] VirtualAlloc (lpAddress=0xc000298000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000298000 [0132.652] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0132.653] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0132.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0132.654] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000189cf4 | out: lpMode=0xc000189cf4) returned 0 [0132.661] GetFileType (hFile=0x2e8) returned 0x1 [0132.661] VirtualAlloc (lpAddress=0xc0002a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a6000 [0132.661] GetFileType (hFile=0x2e8) returned 0x1 [0132.661] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc000189d44 | out: lpFileInformation=0xc000189d44) returned 1 [0132.661] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc000189d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000189d28) returned 1 [0132.661] VirtualAlloc (lpAddress=0xc0002a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a8000 [0132.662] VirtualAlloc (lpAddress=0xc0002aa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002aa000 [0132.662] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0002aa000, nNumberOfBytesToRead=0x38e, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002aa000*, lpNumberOfBytesRead=0xc000189c04*=0x18e, lpOverlapped=0x0) returned 1 [0132.663] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0002aa18e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002aa18e*, lpNumberOfBytesRead=0xc000189c04*=0x0, lpOverlapped=0x0) returned 1 [0132.664] CloseHandle (hObject=0x2e8) returned 1 [0132.664] VirtualAlloc (lpAddress=0xc0002ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ac000 [0132.664] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.814] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4\\*", lpFindFileData=0xc000189a08 | out: lpFindFileData=0xc000189a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.815] VirtualAlloc (lpAddress=0xc0002ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ba000 [0132.815] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000189720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.815] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0132.816] SwitchToThread () returned 1 [0132.817] SetEvent (hEvent=0x13c) returned 1 [0132.817] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0132.845] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc00014b808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc00014b808*=0xad) returned 1 [0132.848] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0132.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0132.849] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00014bd64 | out: lpMode=0xc00014bd64) returned 0 [0132.855] GetFileType (hFile=0x2e8) returned 0x1 [0132.855] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0132.856] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0132.856] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00014bd4c*=0x158, lpOverlapped=0x0) returned 1 [0132.857] CloseHandle (hObject=0x2e8) returned 1 [0132.862] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-40E450F7CE13419A2CCC2A5445035A0A_06F02B1F13AB4B11B8FC669BDE565AF1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-40e450f7ce13419a2ccc2a5445035a0a_06f02b1f13ab4b11b8fc669bde565af1"), dwFlags=0x1) returned 1 [0133.006] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0133.007] SetEvent (hEvent=0x1b4) returned 1 [0133.007] SetEvent (hEvent=0x144) returned 1 [0133.007] VirtualFree (lpAddress=0xc0002e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.007] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.007] VirtualFree (lpAddress=0xc0002cc000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0133.008] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.008] VirtualFree (lpAddress=0xc0002bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.009] VirtualFree (lpAddress=0xc0002b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.009] VirtualFree (lpAddress=0xc000298000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.009] VirtualFree (lpAddress=0xc000282000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.009] VirtualFree (lpAddress=0xc00027c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.010] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.010] VirtualFree (lpAddress=0xc000260000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.010] VirtualFree (lpAddress=0xc00025a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.011] VirtualFree (lpAddress=0xc0001ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.011] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.011] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.012] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.012] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.013] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.013] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.014] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.014] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.015] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.015] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.016] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.016] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.016] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.017] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000149818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000149818*=0x3) returned 1 [0133.019] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0133.022] SetEvent (hEvent=0x1b4) returned 1 [0133.022] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0133.023] SetEvent (hEvent=0x1b4) returned 1 [0133.023] SetEvent (hEvent=0x208) returned 1 [0133.023] VirtualFree (lpAddress=0xc0002ca000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.023] VirtualFree (lpAddress=0xc000296000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.025] VirtualFree (lpAddress=0xc000264000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.026] VirtualFree (lpAddress=0xc000234000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.026] VirtualFree (lpAddress=0xc000206000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.027] VirtualFree (lpAddress=0xc000202000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.027] VirtualFree (lpAddress=0xc0001ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.027] VirtualFree (lpAddress=0xc000162000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.028] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.028] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.028] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.029] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.029] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00014b818, lpReserved=0x0 | out: lpBuffer=0xc000586010*, lpNumberOfCharsWritten=0xc00014b818*=0x3) returned 1 [0133.031] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0133.033] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0133.036] SetEvent (hEvent=0x1b4) returned 1 [0133.036] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0133.038] SetEvent (hEvent=0x1b4) returned 1 [0133.038] SetEvent (hEvent=0x13c) returned 1 [0133.038] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0141.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0141.074] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001fdcf4 | out: lpMode=0xc0001fdcf4) returned 0 [0141.082] GetFileType (hFile=0x2bc) returned 0x1 [0141.082] GetFileType (hFile=0x2bc) returned 0x1 [0141.082] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0001fdd44 | out: lpFileInformation=0xc0001fdd44) returned 1 [0141.082] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0001fdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fdd28) returned 1 [0141.082] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0141.083] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000220000, nNumberOfBytesToRead=0x282, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000220000*, lpNumberOfBytesRead=0xc0001fdc04*=0x82, lpOverlapped=0x0) returned 1 [0141.084] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000220082, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000220082*, lpNumberOfBytesRead=0xc0001fdc04*=0x0, lpOverlapped=0x0) returned 1 [0141.084] CloseHandle (hObject=0x2bc) returned 1 [0141.085] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0141.085] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@c.msn[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0141.086] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001fdd04 | out: lpMode=0xc0001fdd04) returned 0 [0141.090] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0141.442] SetEvent (hEvent=0x354) returned 1 [0141.442] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0141.445] SetEvent (hEvent=0x198) returned 1 [0141.445] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0141.454] SetEvent (hEvent=0x364) returned 1 [0141.454] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0141.459] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d4 [0141.460] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc000273cf4 | out: lpMode=0xc000273cf4) returned 0 [0141.462] GetFileType (hFile=0x2d4) returned 0x1 [0141.462] GetFileType (hFile=0x2d4) returned 0x1 [0141.462] GetFileInformationByHandle (in: hFile=0x2d4, lpFileInformation=0xc000273d44 | out: lpFileInformation=0xc000273d44) returned 1 [0141.462] GetFileInformationByHandleEx (in: hFile=0x2d4, FileInformationClass=0x9, lpFileInformation=0xc000273d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000273d28) returned 1 [0141.462] ReadFile (in: hFile=0x2d4, lpBuffer=0xc00003c280, nNumberOfBytesToRead=0x26c, lpNumberOfBytesRead=0xc000273c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c280*, lpNumberOfBytesRead=0xc000273c04*=0x6c, lpOverlapped=0x0) returned 1 [0142.472] ReadFile (in: hFile=0x2d4, lpBuffer=0xc00003c2ec, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000273c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c2ec*, lpNumberOfBytesRead=0xc000273c04*=0x0, lpOverlapped=0x0) returned 1 [0142.472] CloseHandle (hObject=0x2d4) returned 1 [0142.473] VirtualAlloc (lpAddress=0xc000784000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000784000 [0142.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0142.845] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0144.147] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000273d04 | out: lpMode=0xc000273d04) returned 0 [0144.156] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0144.592] GetFileType (hFile=0x2cc) returned 0x1 [0144.592] WriteFile (in: hFile=0x2cc, lpBuffer=0xc00030e0e0*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0xc000273cec, lpOverlapped=0x0 | out: lpBuffer=0xc00030e0e0*, lpNumberOfBytesWritten=0xc000273cec*=0x70, lpOverlapped=0x0) returned 1 [0144.593] CloseHandle (hObject=0x2cc) returned 1 [0144.593] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3401 | out: pbBuffer=0xc0001c3401) returned 1 [0144.594] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0144.594] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000273d64 | out: lpMode=0xc000273d64) returned 0 [0144.600] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0145.450] GetFileType (hFile=0x2cc) returned 0x1 [0145.450] WriteFile (in: hFile=0x2cc, lpBuffer=0xc000615600*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000273d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000615600*, lpNumberOfBytesWritten=0xc000273d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.450] CloseHandle (hObject=0x2cc) returned 1 [0145.451] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@server.adformdsp[1].txt"), dwFlags=0x1) returned 1 [0145.453] SetEvent (hEvent=0x354) returned 1 [0145.453] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0145.457] SetEvent (hEvent=0xb70) returned 1 [0145.457] SetEvent (hEvent=0xc34) returned 1 [0145.457] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0145.489] SetEvent (hEvent=0x9b8) returned 1 [0145.489] SetEvent (hEvent=0xc74) returned 1 [0145.489] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0145.501] SetEvent (hEvent=0x9b8) returned 1 [0145.501] SetEvent (hEvent=0x968) returned 1 [0145.501] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0145.507] GetFileType (hFile=0x720) returned 0x1 [0145.507] WriteFile (in: hFile=0x720, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00044bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc00044bd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.507] CloseHandle (hObject=0x720) returned 1 [0145.517] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0145.983] SetEvent (hEvent=0x968) returned 1 [0145.983] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0145.991] SetEvent (hEvent=0xa10) returned 1 [0145.991] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0146.011] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jpeHTkf.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jpehtkf.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-jpeHTkf.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-jpehtkf.flv.lnk"), dwFlags=0x1) returned 1 [0150.658] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.777] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.778] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.779] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.781] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.783] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.784] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.786] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.787] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.789] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.790] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.792] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.793] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.794] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.795] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.799] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.800] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.802] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.806] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) returned 0x0 [0161.806] SetEvent (hEvent=0x980) returned 1 [0161.806] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001b2ea0*, nNumberOfCharsToWrite=0x84, lpNumberOfCharsWritten=0xc000517808, lpReserved=0x0 | out: lpBuffer=0xc0001b2ea0*, lpNumberOfCharsWritten=0xc000517808*=0x84) returned 1 [0161.808] SetEvent (hEvent=0x980) returned 1 [0161.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.044] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2\\*", lpFindFileData=0xc000517a08 | out: lpFindFileData=0xc000517a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.044] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000517720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.045] WaitForSingleObject (hHandle=0x320, dwMilliseconds=0xffffffff) Thread: id = 58 os_tid = 0x9e0 [0116.335] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2de9fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2de9fea0*=0x398) returned 1 [0116.335] VirtualQuery (in: lpAddress=0x2de9fec0, lpBuffer=0x2de9fec0, dwLength=0x30 | out: lpBuffer=0x2de9fec0*(BaseAddress=0x2de9f000, AllocationBase=0x2dca0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.335] GetFileType (hFile=0x304) returned 0x1 [0116.335] GetFileType (hFile=0x304) returned 0x1 [0116.335] GetFileInformationByHandle (in: hFile=0x304, lpFileInformation=0xc00013fd44 | out: lpFileInformation=0xc00013fd44) returned 1 [0116.335] GetFileInformationByHandleEx (in: hFile=0x304, FileInformationClass=0x9, lpFileInformation=0xc00013fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013fd28) returned 1 [0116.335] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0116.336] ReadFile (in: hFile=0x304, lpBuffer=0xc000102000, nNumberOfBytesToRead=0x4b5, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000102000*, lpNumberOfBytesRead=0xc00013fc04*=0x2b5, lpOverlapped=0x0) returned 1 [0116.340] ReadFile (in: hFile=0x304, lpBuffer=0xc0001022b5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001022b5*, lpNumberOfBytesRead=0xc00013fc04*=0x0, lpOverlapped=0x0) returned 1 [0116.340] CloseHandle (hObject=0x304) returned 1 [0116.340] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0116.527] GetConsoleMode (in: hConsoleHandle=0x21c, lpMode=0xc00013fd04 | out: lpMode=0xc00013fd04) returned 0 [0116.528] GetFileType (hFile=0x21c) returned 0x1 [0116.528] WriteFile (in: hFile=0x21c, lpBuffer=0xc00036a2c0*, nNumberOfBytesToWrite=0x2c0, lpNumberOfBytesWritten=0xc00013fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00036a2c0*, lpNumberOfBytesWritten=0xc00013fcec*=0x2c0, lpOverlapped=0x0) returned 1 [0116.529] CloseHandle (hObject=0x21c) returned 1 [0116.529] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0401 | out: pbBuffer=0xc0000e0401) returned 1 [0116.529] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0116.530] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0116.530] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0116.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x21c [0116.531] GetConsoleMode (in: hConsoleHandle=0x21c, lpMode=0xc00013fd64 | out: lpMode=0xc00013fd64) returned 0 [0116.531] GetFileType (hFile=0x21c) returned 0x1 [0116.531] WriteFile (in: hFile=0x21c, lpBuffer=0xc0001de420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001de420*, lpNumberOfBytesWritten=0xc00013fd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.532] CloseHandle (hObject=0x21c) returned 1 [0116.532] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBE7GLE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbe7gle[1].png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBE7GLE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbe7gle[1].png"), dwFlags=0x1) returned 1 [0117.155] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c8 [0117.155] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x21c [0117.155] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0117.158] SetEvent (hEvent=0xb8) returned 1 [0117.158] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0117.195] SetEvent (hEvent=0x1dc) returned 1 [0117.195] SetEvent (hEvent=0x304) returned 1 [0117.195] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0117.205] SetEvent (hEvent=0x1dc) returned 1 [0117.205] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0117.205] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0002a1cf4 | out: lpMode=0xc0002a1cf4) returned 0 [0117.213] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0117.215] SetEvent (hEvent=0x1dc) returned 1 [0117.215] GetFileType (hFile=0x2b4) returned 0x1 [0117.215] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0117.220] GetFileType (hFile=0x2b4) returned 0x1 [0117.220] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc0002a1d44 | out: lpFileInformation=0xc0002a1d44) returned 1 [0117.220] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc0002a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a1d28) returned 1 [0117.220] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0117.222] ReadFile (in: hFile=0x2b4, lpBuffer=0xc00007a000, nNumberOfBytesToRead=0x427, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesRead=0xc0002a1c04*=0x227, lpOverlapped=0x0) returned 1 [0117.230] ReadFile (in: hFile=0x2b4, lpBuffer=0xc00007a227, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a227*, lpNumberOfBytesRead=0xc0002a1c04*=0x0, lpOverlapped=0x0) returned 1 [0117.231] CloseHandle (hObject=0x2b4) returned 1 [0117.231] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0117.231] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0117.232] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0117.232] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0117.233] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0117.234] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0002a1d04 | out: lpMode=0xc0002a1d04) returned 0 [0117.237] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0117.250] SetEvent (hEvent=0x39c) returned 1 [0117.250] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0117.256] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0117.257] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0117.258] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc00023fcf4 | out: lpMode=0xc00023fcf4) returned 0 [0117.258] GetFileType (hFile=0x23c) returned 0x1 [0117.258] GetFileType (hFile=0x23c) returned 0x1 [0117.258] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc00023fd44 | out: lpFileInformation=0xc00023fd44) returned 1 [0117.258] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc00023fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023fd28) returned 1 [0117.258] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0117.259] ReadFile (in: hFile=0x23c, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x1505, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc00023fc04*=0x1305, lpOverlapped=0x0) returned 1 [0117.263] ReadFile (in: hFile=0x23c, lpBuffer=0xc000161305, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000161305*, lpNumberOfBytesRead=0xc00023fc04*=0x0, lpOverlapped=0x0) returned 1 [0117.263] CloseHandle (hObject=0x23c) returned 1 [0117.263] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0117.268] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00023fd04 | out: lpMode=0xc00023fd04) returned 0 [0117.276] GetFileType (hFile=0x384) returned 0x1 [0117.276] WriteFile (in: hFile=0x384, lpBuffer=0xc0000d1500*, nNumberOfBytesToWrite=0x1310, lpNumberOfBytesWritten=0xc00023fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesWritten=0xc00023fcec*=0x1310, lpOverlapped=0x0) returned 1 [0117.278] CloseHandle (hObject=0x384) returned 1 [0117.284] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0117.307] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0117.308] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0501 | out: pbBuffer=0xc0000e0501) returned 1 [0117.308] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0117.308] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0117.309] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0117.309] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0117.311] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0117.311] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0117.312] CreateFileW (lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0117.312] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc00023fd64 | out: lpMode=0xc00023fd64) returned 0 [0117.314] GetFileType (hFile=0x3bc) returned 0x1 [0117.314] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0117.315] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0117.315] WriteFile (in: hFile=0x3bc, lpBuffer=0xc0001822c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001822c0*, lpNumberOfBytesWritten=0xc00023fd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.315] CloseHandle (hObject=0x3bc) returned 1 [0117.323] MoveFileExW (lpExistingFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]"), lpNewFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]"), dwFlags=0x1) returned 1 [0117.776] SetEvent (hEvent=0x364) returned 1 [0117.776] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0117.816] SetEvent (hEvent=0x208) returned 1 [0117.816] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0117.831] GetFileType (hFile=0x36c) returned 0x1 [0117.831] WriteFile (in: hFile=0x36c, lpBuffer=0xc00056e000*, nNumberOfBytesToWrite=0x6540, lpNumberOfBytesWritten=0xc000173cec, lpOverlapped=0x0 | out: lpBuffer=0xc00056e000*, lpNumberOfBytesWritten=0xc000173cec*=0x6540, lpOverlapped=0x0) returned 1 [0117.833] CloseHandle (hObject=0x36c) returned 1 [0117.835] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082e01 | out: pbBuffer=0xc000082e01) returned 1 [0117.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0117.835] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000173d64 | out: lpMode=0xc000173d64) returned 0 [0117.836] GetFileType (hFile=0x36c) returned 0x1 [0117.836] WriteFile (in: hFile=0x36c, lpBuffer=0xc00036a6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000173d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00036a6e0*, lpNumberOfBytesWritten=0xc000173d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.836] CloseHandle (hObject=0x36c) returned 1 [0117.838] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-cb=gapi[2].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-cb=gapi[2].loaded_0"), dwFlags=0x1) returned 1 [0118.558] SwitchToThread () returned 1 [0118.560] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.562] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.567] SetEvent (hEvent=0x274) returned 1 [0118.567] SwitchToThread () returned 1 [0118.569] SetEvent (hEvent=0x274) returned 1 [0118.569] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.574] SwitchToThread () returned 1 [0118.579] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.581] SetEvent (hEvent=0x274) returned 1 [0118.581] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.582] SetEvent (hEvent=0x274) returned 1 [0118.582] SetEvent (hEvent=0x1dc) returned 1 [0118.582] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.583] SetEvent (hEvent=0x13c) returned 1 [0118.583] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.588] SwitchToThread () returned 1 [0118.589] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.591] SetEvent (hEvent=0x274) returned 1 [0118.591] SetEvent (hEvent=0x334) returned 1 [0118.591] VirtualFree (lpAddress=0xc0004f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.592] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.592] VirtualFree (lpAddress=0xc000340000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.592] VirtualFree (lpAddress=0xc000288000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.593] VirtualFree (lpAddress=0xc000184000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.593] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.593] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.594] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.594] SwitchToThread () returned 1 [0118.596] SetEvent (hEvent=0x274) returned 1 [0118.596] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.600] SetEvent (hEvent=0x274) returned 1 [0118.600] SetEvent (hEvent=0x334) returned 1 [0118.600] SetEvent (hEvent=0x39c) returned 1 [0118.600] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.603] SetEvent (hEvent=0x274) returned 1 [0118.603] SetEvent (hEvent=0x24c) returned 1 [0118.603] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.607] SetEvent (hEvent=0x274) returned 1 [0118.607] SetEvent (hEvent=0x334) returned 1 [0118.607] SetEvent (hEvent=0x264) returned 1 [0118.607] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.612] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3dc [0118.612] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc000173cf4 | out: lpMode=0xc000173cf4) returned 0 [0118.613] GetFileType (hFile=0x3dc) returned 0x1 [0118.613] GetFileType (hFile=0x3dc) returned 0x1 [0118.614] GetFileInformationByHandle (in: hFile=0x3dc, lpFileInformation=0xc000173d44 | out: lpFileInformation=0xc000173d44) returned 1 [0118.614] GetFileInformationByHandleEx (in: hFile=0x3dc, FileInformationClass=0x9, lpFileInformation=0xc000173d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000173d28) returned 1 [0118.614] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0118.614] ReadFile (in: hFile=0x3dc, lpBuffer=0xc0000e4000, nNumberOfBytesToRead=0xb11, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4000*, lpNumberOfBytesRead=0xc000173c04*=0x911, lpOverlapped=0x0) returned 1 [0118.620] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.622] SetEvent (hEvent=0xc0) returned 1 [0118.622] ReadFile (in: hFile=0x3dc, lpBuffer=0xc0000e4911, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e4911*, lpNumberOfBytesRead=0xc000173c04*=0x0, lpOverlapped=0x0) returned 1 [0118.622] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.628] CloseHandle (hObject=0x3dc) returned 1 [0118.628] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0118.628] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0118.629] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc000173d04 | out: lpMode=0xc000173d04) returned 0 [0118.630] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.638] GetFileType (hFile=0x3dc) returned 0x1 [0118.638] WriteFile (in: hFile=0x3dc, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x920, lpNumberOfBytesWritten=0xc000173cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc000173cec*=0x920, lpOverlapped=0x0) returned 1 [0118.639] CloseHandle (hObject=0x3dc) returned 1 [0118.639] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0118.640] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0118.640] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0118.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0118.641] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc000173d64 | out: lpMode=0xc000173d64) returned 0 [0118.646] GetFileType (hFile=0x3dc) returned 0x1 [0118.646] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000173d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000173d4c*=0x158, lpOverlapped=0x0) returned 1 [0118.646] CloseHandle (hObject=0x3dc) returned 1 [0118.646] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-th[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-th[1].jpg"), dwFlags=0x1) returned 1 [0118.647] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.648] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0118.649] SetEvent (hEvent=0x274) returned 1 [0118.649] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.649] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.655] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.657] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.657] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0118.657] SetEvent (hEvent=0xc0) returned 1 [0118.657] SetEvent (hEvent=0x13c) returned 1 [0118.657] SetEvent (hEvent=0x274) returned 1 [0118.657] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.662] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.662] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.663] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0118.663] SetEvent (hEvent=0xc0) returned 1 [0118.663] SetEvent (hEvent=0x274) returned 1 [0118.664] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.664] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.667] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.668] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0118.668] SetEvent (hEvent=0x274) returned 1 [0118.668] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.670] VirtualFree (lpAddress=0xc0005fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.670] VirtualFree (lpAddress=0xc000582000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.671] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0118.671] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0118.672] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.672] VirtualFree (lpAddress=0xc00010c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0118.672] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.673] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.673] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.673] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.674] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.674] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.674] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.690] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0118.691] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0118.691] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0118.692] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0118.692] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x308 [0118.693] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc0001c9cf4 | out: lpMode=0xc0001c9cf4) returned 0 [0118.705] GetFileType (hFile=0x308) returned 0x1 [0118.705] GetFileType (hFile=0x308) returned 0x1 [0118.705] GetFileInformationByHandle (in: hFile=0x308, lpFileInformation=0xc0001c9d44 | out: lpFileInformation=0xc0001c9d44) returned 1 [0118.705] GetFileInformationByHandleEx (in: hFile=0x308, FileInformationClass=0x9, lpFileInformation=0xc0001c9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c9d28) returned 1 [0118.705] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0118.705] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0118.706] ReadFile (in: hFile=0x308, lpBuffer=0xc0000b6000, nNumberOfBytesToRead=0x817e, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesRead=0xc0001c9c04*=0x7f7e, lpOverlapped=0x0) returned 1 [0118.716] ReadFile (in: hFile=0x308, lpBuffer=0xc0000bdf7e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000bdf7e*, lpNumberOfBytesRead=0xc0001c9c04*=0x0, lpOverlapped=0x0) returned 1 [0118.716] CloseHandle (hObject=0x308) returned 1 [0118.716] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0118.717] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0118.718] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0118.719] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc0001c9d04 | out: lpMode=0xc0001c9d04) returned 0 [0118.731] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.848] SetEvent (hEvent=0x13c) returned 1 [0118.848] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.906] SetEvent (hEvent=0x1dc) returned 1 [0118.907] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0118.914] VirtualFree (lpAddress=0xc0002be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.915] VirtualFree (lpAddress=0xc0002b2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.915] VirtualFree (lpAddress=0xc000294000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0118.916] VirtualFree (lpAddress=0xc000290000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.916] VirtualFree (lpAddress=0xc000288000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.916] VirtualFree (lpAddress=0xc000280000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.917] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0118.917] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.917] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.918] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.918] VirtualFree (lpAddress=0xc000230000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0118.918] VirtualFree (lpAddress=0xc000222000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.919] VirtualFree (lpAddress=0xc000218000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.919] VirtualFree (lpAddress=0xc000212000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.919] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.920] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.920] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.920] VirtualFree (lpAddress=0xc0001b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.921] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.921] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.921] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.922] VirtualFree (lpAddress=0xc000160000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.922] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.923] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.923] VirtualFree (lpAddress=0xc000110000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0118.923] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0118.924] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000157818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc000157818*=0x3) returned 1 [0118.926] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0118.927] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001a1cf4 | out: lpMode=0xc0001a1cf4) returned 0 [0118.931] GetFileType (hFile=0x1b0) returned 0x1 [0118.931] GetFileType (hFile=0x1b0) returned 0x1 [0118.931] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0001a1d44 | out: lpFileInformation=0xc0001a1d44) returned 1 [0118.931] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0001a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a1d28) returned 1 [0118.931] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000d8000, nNumberOfBytesToRead=0x1cfe, lpNumberOfBytesRead=0xc0001a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d8000*, lpNumberOfBytesRead=0xc0001a1c04*=0x1afe, lpOverlapped=0x0) returned 1 [0118.941] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000d9afe, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000d9afe*, lpNumberOfBytesRead=0xc0001a1c04*=0x0, lpOverlapped=0x0) returned 1 [0118.941] CloseHandle (hObject=0x1b0) returned 1 [0118.941] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0118.943] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0118.947] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001a1d04 | out: lpMode=0xc0001a1d04) returned 0 [0118.950] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0119.063] GetFileType (hFile=0x1b0) returned 0x1 [0119.063] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x1b00, lpNumberOfBytesWritten=0xc0001a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc0001a1cec*=0x1b00, lpOverlapped=0x0) returned 1 [0119.064] CloseHandle (hObject=0x1b0) returned 1 [0119.065] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0119.122] SetEvent (hEvent=0x120) returned 1 [0119.122] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000f01 | out: pbBuffer=0xc000000f01) returned 1 [0119.122] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0119.177] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0119.178] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0119.178] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0001a1d64 | out: lpMode=0xc0001a1d64) returned 0 [0119.179] GetFileType (hFile=0x2bc) returned 0x1 [0119.179] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000369a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000369a0*, lpNumberOfBytesWritten=0xc0001a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.179] CloseHandle (hObject=0x2bc) returned 1 [0119.180] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBC0mK1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbc0mk1[1].jpg"), dwFlags=0x1) returned 1 [0119.893] SetEvent (hEvent=0x144) returned 1 [0119.893] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0120.555] GetFileType (hFile=0x2f0) returned 0x1 [0120.556] GetFileType (hFile=0x2f0) returned 0x1 [0120.556] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc00012dd44 | out: lpFileInformation=0xc00012dd44) returned 1 [0120.556] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc00012dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012dd28) returned 1 [0120.556] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0120.557] ReadFile (in: hFile=0x2f0, lpBuffer=0xc000202000, nNumberOfBytesToRead=0x15a9, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000202000*, lpNumberOfBytesRead=0xc00012dc04*=0x13a9, lpOverlapped=0x0) returned 1 [0120.587] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0120.633] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0002033a9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002033a9*, lpNumberOfBytesRead=0xc00012dc04*=0x0, lpOverlapped=0x0) returned 1 [0120.633] CloseHandle (hObject=0x2f0) returned 1 [0120.633] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3dc [0120.675] GetConsoleMode (in: hConsoleHandle=0x3dc, lpMode=0xc00012dd04 | out: lpMode=0xc00012dd04) returned 0 [0120.677] GetFileType (hFile=0x3dc) returned 0x1 [0120.677] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0120.677] WriteFile (in: hFile=0x3dc, lpBuffer=0xc0000d1500*, nNumberOfBytesToWrite=0x13b0, lpNumberOfBytesWritten=0xc00012dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesWritten=0xc00012dcec*=0x13b0, lpOverlapped=0x0) returned 1 [0120.678] CloseHandle (hObject=0x3dc) returned 1 [0120.679] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028b701 | out: pbBuffer=0xc00028b701) returned 1 [0120.679] VirtualAlloc (lpAddress=0xc000284000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000284000 [0120.680] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0120.680] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00012dd64 | out: lpMode=0xc00012dd64) returned 0 [0120.686] GetFileType (hFile=0x2e8) returned 0x1 [0120.687] WriteFile (in: hFile=0x2e8, lpBuffer=0xc000187b80*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000187b80*, lpNumberOfBytesWritten=0xc00012dd4c*=0x158, lpOverlapped=0x0) returned 1 [0120.687] CloseHandle (hObject=0x2e8) returned 1 [0120.692] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\autotrack[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\autotrack[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-autotrack[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-autotrack[1].js"), dwFlags=0x1) returned 1 [0120.925] SetEvent (hEvent=0x30c) returned 1 [0120.925] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0120.926] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0120.930] SetEvent (hEvent=0x30c) returned 1 [0120.930] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0121.578] SetEvent (hEvent=0xfc) returned 1 [0121.578] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0121.582] SetEvent (hEvent=0x3c0) returned 1 [0121.582] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0121.650] SetEvent (hEvent=0xfc) returned 1 [0121.650] SetEvent (hEvent=0x13c) returned 1 [0121.650] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0122.257] SetEvent (hEvent=0x1a0) returned 1 [0122.257] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0122.272] SetEvent (hEvent=0x1b4) returned 1 [0122.272] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0122.276] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0122.276] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0001cbcf4 | out: lpMode=0xc0001cbcf4) returned 0 [0122.284] GetFileType (hFile=0x2e8) returned 0x1 [0122.284] GetFileType (hFile=0x2e8) returned 0x1 [0122.284] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc0001cbd44 | out: lpFileInformation=0xc0001cbd44) returned 1 [0122.284] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc0001cbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cbd28) returned 1 [0122.284] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0122.285] ReadFile (in: hFile=0x2e8, lpBuffer=0xc000280000, nNumberOfBytesToRead=0x15fb, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000280000*, lpNumberOfBytesRead=0xc0001cbc04*=0x13fb, lpOverlapped=0x0) returned 1 [0122.290] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0122.362] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0002813fb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002813fb*, lpNumberOfBytesRead=0xc0001cbc04*=0x0, lpOverlapped=0x0) returned 1 [0122.362] CloseHandle (hObject=0x2e8) returned 1 [0122.362] VirtualAlloc (lpAddress=0xc000208000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000208000 [0122.362] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0122.363] VirtualAlloc (lpAddress=0xc000214000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000214000 [0122.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0122.364] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0001cbd04 | out: lpMode=0xc0001cbd04) returned 0 [0122.372] GetFileType (hFile=0x2e8) returned 0x1 [0122.373] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d1500*, nNumberOfBytesToWrite=0x1400, lpNumberOfBytesWritten=0xc0001cbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesWritten=0xc0001cbcec*=0x1400, lpOverlapped=0x0) returned 1 [0122.373] CloseHandle (hObject=0x2e8) returned 1 [0122.374] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0122.374] VirtualAlloc (lpAddress=0xc000216000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000216000 [0122.374] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0122.375] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0122.375] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0122.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0122.376] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc0001cbd64 | out: lpMode=0xc0001cbd64) returned 0 [0122.432] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0122.495] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0122.857] GetFileType (hFile=0x2bc) returned 0x1 [0122.857] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0004dbd44 | out: lpFileInformation=0xc0004dbd44) returned 1 [0122.857] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0004dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dbd28) returned 1 [0122.857] VirtualAlloc (lpAddress=0xc000300000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0122.859] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000300000, nNumberOfBytesToRead=0x4200, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesRead=0xc0004dbc04*=0x4000, lpOverlapped=0x0) returned 1 [0122.866] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000304000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000304000*, lpNumberOfBytesRead=0xc0004dbc04*=0x0, lpOverlapped=0x0) returned 1 [0122.866] CloseHandle (hObject=0x2bc) returned 1 [0122.866] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\msimgsiz.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0122.867] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0004dbd04 | out: lpMode=0xc0004dbd04) returned 0 [0122.870] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0122.945] GetFileType (hFile=0x2bc) returned 0x1 [0122.945] WriteFile (in: hFile=0x2bc, lpBuffer=0xc000304800*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0xc0004dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000304800*, lpNumberOfBytesWritten=0xc0004dbcec*=0x4010, lpOverlapped=0x0) returned 1 [0122.951] CloseHandle (hObject=0x2bc) returned 1 [0122.951] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0401 | out: pbBuffer=0xc0002f0401) returned 1 [0122.951] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0122.952] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\MSIMGSIZ.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\msimgsiz.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0122.952] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0004dbd64 | out: lpMode=0xc0004dbd64) returned 0 [0122.953] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0123.026] SetEvent (hEvent=0x324) returned 1 [0123.027] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0123.818] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\peacock.htm"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-Peacock.htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-peacock.htm"), dwFlags=0x1) returned 1 [0124.584] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0124.686] SetEvent (hEvent=0x1a0) returned 1 [0124.686] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0124.695] SetEvent (hEvent=0x324) returned 1 [0124.695] SwitchToThread () returned 1 [0124.697] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0124.698] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0124.698] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000067cf4 | out: lpMode=0xc000067cf4) returned 0 [0124.702] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0124.703] GetFileType (hFile=0x3d8) returned 0x1 [0124.703] GetFileType (hFile=0x3d8) returned 0x1 [0124.704] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc000067d44 | out: lpFileInformation=0xc000067d44) returned 1 [0124.704] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc000067d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000067d28) returned 1 [0124.704] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0124.704] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x4a0, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc000067c04*=0x2a0, lpOverlapped=0x0) returned 1 [0124.707] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00003c2a0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000067c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c2a0*, lpNumberOfBytesRead=0xc000067c04*=0x0, lpOverlapped=0x0) returned 1 [0124.707] CloseHandle (hObject=0x3d8) returned 1 [0124.707] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0124.708] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0124.709] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000067d04 | out: lpMode=0xc000067d04) returned 0 [0124.713] GetFileType (hFile=0x3d8) returned 0x1 [0124.713] WriteFile (in: hFile=0x3d8, lpBuffer=0xc00003e000*, nNumberOfBytesToWrite=0x2b0, lpNumberOfBytesWritten=0xc000067cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003e000*, lpNumberOfBytesWritten=0xc000067cec*=0x2b0, lpOverlapped=0x0) returned 1 [0124.804] CloseHandle (hObject=0x3d8) returned 1 [0124.804] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0124.805] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0124.805] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0124.806] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0124.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0124.807] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000067d64 | out: lpMode=0xc000067d64) returned 0 [0124.833] GetFileType (hFile=0x3d8) returned 0x1 [0124.833] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000067d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000067d4c*=0x158, lpOverlapped=0x0) returned 1 [0124.834] CloseHandle (hObject=0x3d8) returned 1 [0124.834] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0124.834] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\encry-account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\encry-account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount"), dwFlags=0x1) returned 1 [0124.835] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0124.836] SetEvent (hEvent=0x354) returned 1 [0124.836] SetEvent (hEvent=0x1b4) returned 1 [0124.836] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0124.846] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0124.847] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0124.862] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0124.862] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0124.864] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0124.864] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0124.864] SetEvent (hEvent=0x114) returned 1 [0124.864] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.879] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.881] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0124.881] SetEvent (hEvent=0x39c) returned 1 [0124.881] SetEvent (hEvent=0x114) returned 1 [0124.881] SetEvent (hEvent=0xec) returned 1 [0124.882] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.889] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.902] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0124.904] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0124.904] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0124.904] SetEvent (hEvent=0xc0) returned 1 [0124.904] SetEvent (hEvent=0x324) returned 1 [0124.905] SetEvent (hEvent=0x114) returned 1 [0124.905] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.927] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0124.928] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0124.928] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0124.928] SetEvent (hEvent=0xec) returned 1 [0124.928] SetEvent (hEvent=0x39c) returned 1 [0124.929] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.932] SetEvent (hEvent=0x1b4) returned 1 [0124.932] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.937] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.938] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0124.938] SetEvent (hEvent=0x324) returned 1 [0124.938] SetEvent (hEvent=0x114) returned 1 [0124.938] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.939] GetFileType (hFile=0x23c) returned 0x1 [0124.939] WriteFile (in: hFile=0x23c, lpBuffer=0xc0000dc000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000253d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc000*, lpNumberOfBytesWritten=0xc000253d4c*=0x158, lpOverlapped=0x0) returned 1 [0124.940] CloseHandle (hObject=0x23c) returned 1 [0124.940] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\c3b7bd01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\0\\A8\\encry-C3B7Bd01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\0\\a8\\encry-c3b7bd01"), dwFlags=0x1) returned 1 [0124.941] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0124.941] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0124.941] SetEvent (hEvent=0x324) returned 1 [0124.941] SetEvent (hEvent=0xec) returned 1 [0124.942] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0125.000] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0125.000] SetEvent (hEvent=0xec) returned 1 [0125.000] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.099] SwitchToThread () returned 1 [0125.268] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0125.269] SetEvent (hEvent=0x1a0) returned 1 [0125.269] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.431] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.432] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0125.432] SetEvent (hEvent=0xc0) returned 1 [0125.432] SetEvent (hEvent=0x114) returned 1 [0125.432] SetEvent (hEvent=0xec) returned 1 [0125.432] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0125.434] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.437] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.441] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.441] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0125.441] SetEvent (hEvent=0x114) returned 1 [0125.441] SetEvent (hEvent=0x324) returned 1 [0125.442] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.503] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.503] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0125.503] SetEvent (hEvent=0xc0) returned 1 [0125.504] SetEvent (hEvent=0xec) returned 1 [0125.504] SetEvent (hEvent=0x114) returned 1 [0125.504] SetEvent (hEvent=0x1b4) returned 1 [0125.505] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.510] SetEvent (hEvent=0x114) returned 1 [0125.510] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.515] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.515] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0125.515] SetEvent (hEvent=0xec) returned 1 [0125.515] SetEvent (hEvent=0x114) returned 1 [0125.515] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.531] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.532] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0125.532] SetEvent (hEvent=0xc0) returned 1 [0125.532] SetEvent (hEvent=0xec) returned 1 [0125.532] SetEvent (hEvent=0x1b4) returned 1 [0125.533] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.539] SetEvent (hEvent=0x1b4) returned 1 [0125.539] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0125.594] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0125.594] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.595] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0125.595] SetEvent (hEvent=0xc0) returned 1 [0125.595] SetEvent (hEvent=0x114) returned 1 [0125.595] SetEvent (hEvent=0x324) returned 1 [0125.595] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.605] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0125.605] SetEvent (hEvent=0x1b4) returned 1 [0125.605] SetEvent (hEvent=0xec) returned 1 [0125.606] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.617] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.622] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0125.622] SetEvent (hEvent=0x1b4) returned 1 [0125.622] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0125.639] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0125.640] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0125.642] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0125.642] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0125.642] SetEvent (hEvent=0xc0) returned 1 [0125.642] SetEvent (hEvent=0xec) returned 1 [0125.642] SetEvent (hEvent=0x39c) returned 1 [0125.643] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.644] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.712] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0125.712] SetEvent (hEvent=0x1b4) returned 1 [0125.712] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0125.915] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xe4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2de9f968, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2de9f968*=0x2e8) returned 1 [0125.915] SuspendThread (hThread=0x2e8) returned 0x0 [0125.915] GetThreadContext (in: hThread=0x2e8, lpContext=0x2de9f980 | out: lpContext=0x2de9f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2890fe68, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x461683, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0125.998] ResumeThread (hThread=0x2e8) returned 0x1 [0125.998] CloseHandle (hObject=0x2e8) returned 1 [0125.998] SetEvent (hEvent=0x1b4) returned 1 [0125.998] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0126.043] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0126.043] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0126.043] SetEvent (hEvent=0x324) returned 1 [0126.043] SetEvent (hEvent=0x114) returned 1 [0126.043] SetEvent (hEvent=0x39c) returned 1 [0126.043] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0126.045] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0126.065] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0126.065] SetEvent (hEvent=0x39c) returned 1 [0126.065] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.152] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0126.152] SetEvent (hEvent=0x1b4) returned 1 [0126.152] SetEvent (hEvent=0x39c) returned 1 [0126.152] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0126.209] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0126.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0126.210] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000115cf4 | out: lpMode=0xc000115cf4) returned 0 [0126.213] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0126.217] GetFileType (hFile=0x3d8) returned 0x1 [0126.217] GetFileType (hFile=0x3d8) returned 0x1 [0126.217] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc000115d44 | out: lpFileInformation=0xc000115d44) returned 1 [0126.217] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc000115d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000115d28) returned 1 [0126.218] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0126.218] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x22000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0126.222] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0002f6000, nNumberOfBytesToRead=0x21a39, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesRead=0xc000115c04*=0x21839, lpOverlapped=0x0) returned 1 [0126.866] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000317839, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc000317839*, lpNumberOfBytesRead=0xc000115c04*=0x0, lpOverlapped=0x0) returned 1 [0126.866] CloseHandle (hObject=0x3d8) returned 1 [0126.866] VirtualAlloc (lpAddress=0xc000388000, dwSize=0x22000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000388000 [0126.870] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0126.871] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0126.873] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000115d04 | out: lpMode=0xc000115d04) returned 0 [0126.875] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0126.894] GetFileType (hFile=0x3d8) returned 0x1 [0126.894] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000388000*, nNumberOfBytesToWrite=0x21840, lpNumberOfBytesWritten=0xc000115cec, lpOverlapped=0x0 | out: lpBuffer=0xc000388000*, lpNumberOfBytesWritten=0xc000115cec*=0x21840, lpOverlapped=0x0) returned 1 [0126.904] CloseHandle (hObject=0x3d8) returned 1 [0126.904] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0601 | out: pbBuffer=0xc0002f0601) returned 1 [0126.904] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0126.904] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc000115d64 | out: lpMode=0xc000115d64) returned 0 [0126.905] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0126.924] SetEvent (hEvent=0x354) returned 1 [0126.924] GetFileType (hFile=0x3d8) returned 0x1 [0126.924] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0126.926] WriteFile (in: hFile=0x3d8, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000115d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc000115d4c*=0x158, lpOverlapped=0x0) returned 1 [0126.926] CloseHandle (hObject=0x3d8) returned 1 [0126.926] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\9dcb7d01"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\Cache\\C\\E6\\encry-9DCB7d01" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\cache\\c\\e6\\encry-9dcb7d01"), dwFlags=0x1) returned 1 [0126.928] SetEvent (hEvent=0x39c) returned 1 [0126.928] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0126.983] SetEvent (hEvent=0x39c) returned 1 [0126.983] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0126.986] SetEvent (hEvent=0x1a0) returned 1 [0126.986] SetEvent (hEvent=0x39c) returned 1 [0126.986] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.026] SetEvent (hEvent=0x354) returned 1 [0127.026] SetEvent (hEvent=0x1a0) returned 1 [0127.026] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.027] VirtualFree (lpAddress=0xc0001a6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.027] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.028] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.030] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.030] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.031] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.031] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0127.031] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010110*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000031818, lpReserved=0x0 | out: lpBuffer=0xc000010110*, lpNumberOfCharsWritten=0xc000031818*=0x3) returned 1 [0127.036] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.041] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863f8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000211818, lpReserved=0x0 | out: lpBuffer=0xc0005863f8*, lpNumberOfCharsWritten=0xc000211818*=0x3) returned 1 [0127.045] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.057] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010070*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc000010070*, lpNumberOfCharsWritten=0xc0006e1818*=0x3) returned 1 [0127.071] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.079] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863c8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc0005863c8*, lpNumberOfCharsWritten=0xc0006dd818*=0x3) returned 1 [0127.085] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.097] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002a1818, lpReserved=0x0 | out: lpBuffer=0xc000010080*, lpNumberOfCharsWritten=0xc0002a1818*=0x3) returned 1 [0127.098] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.109] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d5818, lpReserved=0x0 | out: lpBuffer=0xc00005e040*, lpNumberOfCharsWritten=0xc0001d5818*=0x3) returned 1 [0127.111] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.117] SetEvent (hEvent=0x39c) returned 1 [0127.117] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.131] SetEvent (hEvent=0x39c) returned 1 [0127.132] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.133] VirtualFree (lpAddress=0xc0001e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.134] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0127.134] SetEvent (hEvent=0x354) returned 1 [0127.134] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.235] SetEvent (hEvent=0xec) returned 1 [0127.235] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.278] SetEvent (hEvent=0x39c) returned 1 [0127.279] SetEvent (hEvent=0x1a0) returned 1 [0127.279] SetEvent (hEvent=0x324) returned 1 [0127.279] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.293] SetEvent (hEvent=0xec) returned 1 [0127.294] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.314] SetEvent (hEvent=0x114) returned 1 [0127.315] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.531] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.537] SetEvent (hEvent=0x114) returned 1 [0127.537] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.551] SetEvent (hEvent=0x324) returned 1 [0127.551] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.602] SetEvent (hEvent=0x1b4) returned 1 [0127.602] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0127.603] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0127.604] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0127.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bjmV65oG2TWTY.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bjmv65og2twty.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0127.605] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000201cf4 | out: lpMode=0xc000201cf4) returned 0 [0127.607] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.628] GetFileType (hFile=0x1b0) returned 0x1 [0127.628] GetFileType (hFile=0x1b0) returned 0x1 [0127.628] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000201d44 | out: lpFileInformation=0xc000201d44) returned 1 [0127.628] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000201d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000201d28) returned 1 [0127.628] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0127.630] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00028c000, nNumberOfBytesToRead=0xf8fb, lpNumberOfBytesRead=0xc000201c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesRead=0xc000201c04*=0xf6fb, lpOverlapped=0x0) returned 1 [0127.632] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00029b6fb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000201c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029b6fb*, lpNumberOfBytesRead=0xc000201c04*=0x0, lpOverlapped=0x0) returned 1 [0127.632] CloseHandle (hObject=0x1b0) returned 1 [0127.632] VirtualAlloc (lpAddress=0xc00031c000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031c000 [0127.635] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\bjmV65oG2TWTY.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\bjmv65og2twty.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0127.636] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000201d04 | out: lpMode=0xc000201d04) returned 0 [0127.642] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.662] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.664] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QYpp_r7.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qypp_r7.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0127.664] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0000f7cf4 | out: lpMode=0xc0000f7cf4) returned 0 [0127.665] GetFileType (hFile=0x2bc) returned 0x1 [0127.665] GetFileType (hFile=0x2bc) returned 0x1 [0127.665] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0000f7d44 | out: lpFileInformation=0xc0000f7d44) returned 1 [0127.665] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0000f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f7d28) returned 1 [0127.665] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0127.666] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0001a0000, nNumberOfBytesToRead=0x7159, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a0000*, lpNumberOfBytesRead=0xc0000f7c04*=0x6f59, lpOverlapped=0x0) returned 1 [0127.667] ReadFile (in: hFile=0x2bc, lpBuffer=0xc0001a6f59, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a6f59*, lpNumberOfBytesRead=0xc0000f7c04*=0x0, lpOverlapped=0x0) returned 1 [0127.667] CloseHandle (hObject=0x2bc) returned 1 [0127.667] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0127.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QYpp_r7.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qypp_r7.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0127.670] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0000f7d04 | out: lpMode=0xc0000f7d04) returned 0 [0127.672] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.681] GetFileType (hFile=0x2bc) returned 0x1 [0127.681] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0127.682] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0001e2000*, nNumberOfBytesToWrite=0x6f60, lpNumberOfBytesWritten=0xc0000f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2000*, lpNumberOfBytesWritten=0xc0000f7cec*=0x6f60, lpOverlapped=0x0) returned 1 [0127.683] CloseHandle (hObject=0x2bc) returned 1 [0127.684] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0127.684] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QYpp_r7.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qypp_r7.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0127.684] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0000f7d64 | out: lpMode=0xc0000f7d64) returned 0 [0127.689] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.703] GetFileType (hFile=0x2bc) returned 0x1 [0127.703] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.706] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0000ba000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ba000*, lpNumberOfBytesWritten=0xc0000f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0127.706] CloseHandle (hObject=0x2bc) returned 1 [0127.706] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\QYpp_r7.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\qypp_r7.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-QYpp_r7.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-qypp_r7.mp3"), dwFlags=0x1) returned 1 [0127.709] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.768] SetEvent (hEvent=0x114) returned 1 [0127.768] SetEvent (hEvent=0x1a0) returned 1 [0127.768] SetEvent (hEvent=0x13c) returned 1 [0127.768] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.805] GetFileType (hFile=0x370) returned 0x1 [0127.805] GetFileType (hFile=0x370) returned 0x1 [0127.805] GetFileInformationByHandle (in: hFile=0x370, lpFileInformation=0xc0001f9d44 | out: lpFileInformation=0xc0001f9d44) returned 1 [0127.805] GetFileInformationByHandleEx (in: hFile=0x370, FileInformationClass=0x9, lpFileInformation=0xc0001f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f9d28) returned 1 [0127.805] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0127.806] ReadFile (in: hFile=0x370, lpBuffer=0xc000058000, nNumberOfBytesToRead=0x239, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesRead=0xc0001f9c04*=0x39, lpOverlapped=0x0) returned 1 [0127.807] ReadFile (in: hFile=0x370, lpBuffer=0xc000058039, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000058039*, lpNumberOfBytesRead=0xc0001f9c04*=0x0, lpOverlapped=0x0) returned 1 [0127.807] CloseHandle (hObject=0x370) returned 1 [0127.807] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0127.807] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0127.808] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0127.808] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0127.808] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0127.809] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0127.810] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001f9d04 | out: lpMode=0xc0001f9d04) returned 0 [0127.819] GetFileType (hFile=0x370) returned 0x1 [0127.819] WriteFile (in: hFile=0x370, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0xc0001f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc0001f9cec*=0x40, lpOverlapped=0x0) returned 1 [0127.820] CloseHandle (hObject=0x370) returned 1 [0127.820] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0127.820] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0127.821] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0127.822] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0127.822] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0127.823] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0127.823] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0127.823] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc0001f9d64 | out: lpMode=0xc0001f9d64) returned 0 [0127.826] GetFileType (hFile=0x370) returned 0x1 [0127.826] WriteFile (in: hFile=0x370, lpBuffer=0xc0000ba6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000ba6e0*, lpNumberOfBytesWritten=0xc0001f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0127.826] CloseHandle (hObject=0x370) returned 1 [0127.827] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\updates.xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\encry-updates.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\updates\\e7cf176e110c211b\\encry-updates.xml"), dwFlags=0x1) returned 1 [0127.828] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.876] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0127.877] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0127.878] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0127.878] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0127.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0127.880] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00026fcf4 | out: lpMode=0xc00026fcf4) returned 0 [0127.886] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.888] GetFileType (hFile=0x2bc) returned 0x1 [0127.888] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0127.889] GetFileType (hFile=0x2bc) returned 0x1 [0127.889] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc00026fd44 | out: lpFileInformation=0xc00026fd44) returned 1 [0127.889] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc00026fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026fd28) returned 1 [0127.889] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0127.889] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0127.890] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc00026fc04*=0x43, lpOverlapped=0x0) returned 1 [0127.891] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000094043, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000094043*, lpNumberOfBytesRead=0xc00026fc04*=0x0, lpOverlapped=0x0) returned 1 [0127.891] CloseHandle (hObject=0x2bc) returned 1 [0127.891] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0127.891] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0127.892] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0127.892] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\desktop.ini\\*", lpFindFileData=0xc00026fa08 | out: lpFindFileData=0xc00026fa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0127.892] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00026f720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0127.892] SwitchToThread () returned 1 [0127.958] SetEvent (hEvent=0x114) returned 1 [0127.958] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.967] SetEvent (hEvent=0x114) returned 1 [0127.967] SetEvent (hEvent=0x30c) returned 1 [0127.967] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.987] SetEvent (hEvent=0x114) returned 1 [0127.987] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.988] SetEvent (hEvent=0x1a0) returned 1 [0127.988] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0127.994] SetEvent (hEvent=0xec) returned 1 [0127.994] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0128.039] SetEvent (hEvent=0xec) returned 1 [0128.039] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0128.080] SetEvent (hEvent=0x114) returned 1 [0128.080] SetEvent (hEvent=0x30c) returned 1 [0128.080] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0128.127] SetEvent (hEvent=0xec) returned 1 [0128.127] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0128.163] SetEvent (hEvent=0x114) returned 1 [0128.163] SetEvent (hEvent=0x1b4) returned 1 [0128.163] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0128.176] SetEvent (hEvent=0x1b4) returned 1 [0128.176] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0128.177] SetEvent (hEvent=0x1b4) returned 1 [0128.177] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0128.177] SetEvent (hEvent=0x1b4) returned 1 [0128.177] SetEvent (hEvent=0x114) returned 1 [0128.177] VirtualFree (lpAddress=0xc0001a6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.178] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.178] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.178] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.178] VirtualFree (lpAddress=0xc000074000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.179] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.179] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0128.179] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0128.179] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0128.180] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0128.180] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0128.181] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc00024bcf4 | out: lpMode=0xc00024bcf4) returned 0 [0128.183] GetFileType (hFile=0x23c) returned 0x1 [0128.183] GetFileType (hFile=0x23c) returned 0x1 [0128.183] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc00024bd44 | out: lpFileInformation=0xc00024bd44) returned 1 [0128.183] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc00024bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024bd28) returned 1 [0128.184] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0128.184] ReadFile (in: hFile=0x23c, lpBuffer=0xc0000ea000, nNumberOfBytesToRead=0x243, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea000*, lpNumberOfBytesRead=0xc00024bc04*=0x43, lpOverlapped=0x0) returned 1 [0128.185] ReadFile (in: hFile=0x23c, lpBuffer=0xc0000ea043, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea043*, lpNumberOfBytesRead=0xc00024bc04*=0x0, lpOverlapped=0x0) returned 1 [0128.185] CloseHandle (hObject=0x23c) returned 1 [0128.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\ketajp6d\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0128.185] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\KETAJP6D\\desktop.ini\\*", lpFindFileData=0xc00024ba08 | out: lpFindFileData=0xc00024ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0128.186] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00024b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0128.186] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\history\\history.ie5\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0128.186] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc00029dcf4 | out: lpMode=0xc00029dcf4) returned 0 [0128.198] GetFileType (hFile=0x23c) returned 0x1 [0128.198] GetFileType (hFile=0x23c) returned 0x1 [0128.198] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc00029dd44 | out: lpFileInformation=0xc00029dd44) returned 1 [0128.198] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc00029dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029dd28) returned 1 [0128.198] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0128.200] ReadFile (in: hFile=0x23c, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x4200, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc00029dc04*=0x4000, lpOverlapped=0x0) returned 1 [0130.602] ReadFile (in: hFile=0x23c, lpBuffer=0xc000216000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000216000*, lpNumberOfBytesRead=0xc00029dc04*=0x0, lpOverlapped=0x0) returned 1 [0130.602] CloseHandle (hObject=0x23c) returned 1 [0130.666] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0132.861] SetEvent (hEvent=0x3c4) returned 1 [0132.861] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0132.864] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586270*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004d9818, lpReserved=0x0 | out: lpBuffer=0xc000586270*, lpNumberOfCharsWritten=0xc0004d9818*=0x3) returned 1 [0132.865] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002b8160*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc00024d808, lpReserved=0x0 | out: lpBuffer=0xc0002b8160*, lpNumberOfCharsWritten=0xc00024d808*=0xac) returned 1 [0132.867] SetEvent (hEvent=0x39c) returned 1 [0132.868] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0132.868] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0132.868] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0132.869] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0132.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0132.870] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0132.871] GetFileType (hFile=0x3d8) returned 0x1 [0132.872] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0002b8580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002b8580*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0132.872] CloseHandle (hObject=0x3d8) returned 1 [0132.872] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-F293AEAD5E84FACFB686C4A620718928_C8424A0B24A72939B13720D0C000C9C1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-f293aead5e84facfb686c4a620718928_c8424a0b24a72939b13720d0c000c9c1"), dwFlags=0x1) returned 1 [0132.874] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0132.875] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0132.875] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0132.875] SetEvent (hEvent=0xc0) returned 1 [0132.875] SetEvent (hEvent=0x1a0) returned 1 [0132.875] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0132.877] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.878] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.879] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0132.880] SetEvent (hEvent=0x324) returned 1 [0132.880] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.887] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfCharsWritten=0xc000247818*=0x3) returned 1 [0132.888] SetEvent (hEvent=0x39c) returned 1 [0132.888] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d2120*, nNumberOfCharsToWrite=0x8b, lpNumberOfCharsWritten=0xc0006e1808, lpReserved=0x0 | out: lpBuffer=0xc0003d2120*, lpNumberOfCharsWritten=0xc0006e1808*=0x8b) returned 1 [0132.890] SetEvent (hEvent=0x39c) returned 1 [0132.890] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082301 | out: pbBuffer=0xc000082301) returned 1 [0132.890] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0132.891] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0132.891] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0132.894] GetFileType (hFile=0x1b0) returned 0x1 [0132.894] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.895] CloseHandle (hObject=0x1b0) returned 1 [0132.895] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-f90f18257cbb4d84216ac1e1f3bb2c76"), dwFlags=0x1) returned 1 [0132.897] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.898] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0132.898] SetEvent (hEvent=0xc0) returned 1 [0132.898] SetEvent (hEvent=0xfc) returned 1 [0132.898] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.901] SetEvent (hEvent=0xfc) returned 1 [0132.901] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.908] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.909] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0132.909] SetEvent (hEvent=0xc0) returned 1 [0132.909] SetEvent (hEvent=0xfc) returned 1 [0132.909] SetEvent (hEvent=0x354) returned 1 [0132.909] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0132.914] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0132.915] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D\\*", lpFindFileData=0xc0001fba08 | out: lpFindFileData=0xc0001fba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.915] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001fb720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.915] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000262240*, nNumberOfCharsToWrite=0x8c, lpNumberOfCharsWritten=0xc0001fb808, lpReserved=0x0 | out: lpBuffer=0xc000262240*, lpNumberOfCharsWritten=0xc0001fb808*=0x8c) returned 1 [0132.916] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0132.916] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0132.916] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001fbd64 | out: lpMode=0xc0001fbd64) returned 0 [0132.918] GetFileType (hFile=0x240) returned 0x1 [0132.918] WriteFile (in: hFile=0x240, lpBuffer=0xc0002c46e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002c46e0*, lpNumberOfBytesWritten=0xc0001fbd4c*=0x158, lpOverlapped=0x0) returned 1 [0132.918] CloseHandle (hObject=0x240) returned 1 [0132.919] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0132.920] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\3130b1871a126520a8c47861efe3ed4d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-3130B1871A126520A8C47861EFE3ED4D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-3130b1871a126520a8c47861efe3ed4d"), dwFlags=0x1) returned 1 [0133.078] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0133.178] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0133.185] SetEvent (hEvent=0x24c) returned 1 [0133.185] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0133.286] SwitchToThread () returned 1 [0133.288] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0134.264] SetEvent (hEvent=0x334) returned 1 [0134.264] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0135.733] SetEvent (hEvent=0x114) returned 1 [0135.733] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0135.735] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0135.736] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0135.736] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0135.736] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0135.737] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\*", lpFindFileData=0xc000075458 | out: lpFindFileData=0xc000075458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0135.737] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0135.737] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0135.738] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="P7Y3F7QB", cAlternateFileName="")) returned 1 [0135.738] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0135.738] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0135.738] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0135.738] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0135.739] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\p7y3f7qb"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.114] SetEvent (hEvent=0xc0) returned 1 [0136.114] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0136.115] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\p7y3f7qb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.115] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\P7Y3F7QB\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.116] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.116] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.116] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.116] VirtualAlloc (lpAddress=0xc0001a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a2000 [0136.116] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.117] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.117] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\*", lpFindFileData=0xc000075458 | out: lpFindFileData=0xc000075458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.117] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.117] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="support", cAlternateFileName="")) returned 1 [0136.117] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.117] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.117] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.117] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.117] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.118] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d241020, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.118] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="flashplayer", cAlternateFileName="FLASHP~1")) returned 1 [0136.118] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.118] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.118] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0136.119] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0136.119] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.119] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.119] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.120] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d9d7640, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d9d7640, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.120] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="sys", cAlternateFileName="")) returned 1 [0136.120] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.120] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.120] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.120] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.120] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\*", lpFindFileData=0xc0000751d0 | out: lpFindFileData=0xc0000751d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.120] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.120] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.sol", cAlternateFileName="")) returned 1 [0136.120] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075200 | out: lpFindFileData=0xc000075200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.120] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.121] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0136.121] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol"), fInfoLevelId=0x0, lpFileInformation=0xc000075340 | out: lpFileInformation=0xc000075340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d9d7640, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1d6)) returned 1 [0136.125] SetEvent (hEvent=0x354) returned 1 [0136.125] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft"), fInfoLevelId=0x0, lpFileInformation=0xc000075850 | out: lpFileInformation=0xc000075850*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0136.125] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.125] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0xc000075608 | out: lpFindFileData=0xc000075608*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0136.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0136.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crypto", cAlternateFileName="")) returned 1 [0136.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0136.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0136.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IME12", cAlternateFileName="")) returned 1 [0136.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP12", cAlternateFileName="")) returned 1 [0136.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP8_1", cAlternateFileName="")) returned 1 [0136.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IMJP9_0", cAlternateFileName="")) returned 1 [0136.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0136.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMC", cAlternateFileName="")) returned 1 [0136.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MS Project", cAlternateFileName="MSPROJ~1")) returned 1 [0136.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0136.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dae0390, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dae0390, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0136.125] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0136.126] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PowerPoint", cAlternateFileName="POWERP~1")) returned 1 [0136.126] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Proof", cAlternateFileName="")) returned 1 [0136.126] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x541f1c70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x541f1c70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0136.126] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Publisher", cAlternateFileName="PUBLIS~1")) returned 1 [0136.126] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbec39d0, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Publisher Building Blocks", cAlternateFileName="PUBLIS~2")) returned 1 [0136.126] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Speech", cAlternateFileName="")) returned 1 [0136.126] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0136.126] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2795d470, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x2795d470, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0136.126] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UProof", cAlternateFileName="")) returned 1 [0136.126] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0136.126] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0136.126] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.126] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.126] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\addins"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.132] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\addins"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.132] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0136.132] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\AddIns\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.133] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7c36290, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x7c36290, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x7c36290, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.133] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.133] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.133] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\credentials"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.133] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\credentials"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.133] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.133] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xea43994d, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.133] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.133] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.133] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.134] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.134] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.134] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RSA", cAlternateFileName="")) returned 1 [0136.134] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.134] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.134] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.135] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.135] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\*", lpFindFileData=0xc000075458 | out: lpFindFileData=0xc000075458*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.135] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.135] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0136.135] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.135] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.135] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0136.136] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.136] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.136] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.141] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0136.142] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0136.142] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.142] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xa1e34990, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2d, dwReserved0=0x0, dwReserved1=0x0, cFileName="83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="83AA4C~1")) returned 1 [0136.142] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0136.143] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0136.143] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x57, dwReserved0=0x0, dwReserved1=0x0, cFileName="932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="932A2D~1")) returned 1 [0136.143] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xb0aa1fc0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0aa1fc0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0aa1fc0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d, dwReserved0=0x0, dwReserved1=0x0, cFileName="fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f", cAlternateFileName="FDA992~1")) returned 1 [0136.143] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.143] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.144] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0136.144] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0136.145] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0136.145] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\83aa4cc77f591dfc2374580bbd95f6ba_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xa1e34990, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0xa1e34990, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0xa1e34990, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2d)) returned 1 [0136.146] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x681f1360, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x681f1360, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x681f1360, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x57)) returned 1 [0136.146] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fda992c8d564f97e48410a19a2e459f6_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0xb0aa1fc0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0aa1fc0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0aa1fc0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d)) returned 1 [0136.154] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0136.155] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0136.155] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0136.156] SetEvent (hEvent=0xc0) returned 1 [0136.156] SetEvent (hEvent=0x39c) returned 1 [0136.156] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.157] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0136.168] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.168] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.168] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.168] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0136.168] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.168] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.168] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.169] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.169] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*", lpFindFileData=0xc000075458 | out: lpFindFileData=0xc000075458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.169] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.169] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="14", cAlternateFileName="")) returned 1 [0136.169] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.169] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.169] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0136.170] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0136.170] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.170] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.171] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.171] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f766d30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.171] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4e2b7e00, ftLastWriteTime.dwHighDateTime=0x1ca911e, nFileSizeHigh=0x0, nFileSizeLow=0x3fe4ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="Built-In Building Blocks.dotx", cAlternateFileName="BUILT-~1.DOT")) returned 1 [0136.171] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.171] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.171] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0136.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f766d30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f766d30, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4e2b7e00, ftLastWriteTime.dwHighDateTime=0x1ca911e, nFileSizeHigh=0x0, nFileSizeLow=0x3fe4ab)) returned 1 [0136.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.173] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.173] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.173] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1c1e0470, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.173] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0136.173] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.173] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.173] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0136.174] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0136.174] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel\\xlstart"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.175] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\excel\\xlstart"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.175] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\*", lpFindFileData=0xc000075458 | out: lpFindFileData=0xc000075458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.175] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xd01394e0, ftCreationTime.dwHighDateTime=0x1d301bc, ftLastAccessTime.dwLowDateTime=0xd01394e0, ftLastAccessTime.dwHighDateTime=0x1d301bc, ftLastWriteTime.dwLowDateTime=0xd01394e0, ftLastWriteTime.dwHighDateTime=0x1d301bc, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.175] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.175] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.175] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ime12"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.176] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ime12"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.176] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IME12\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.176] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.176] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.176] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.176] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp12"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.177] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp12"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.177] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP12\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.177] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.177] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.177] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.177] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp8_1"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.178] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp8_1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.178] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP8_1\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.178] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.178] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.178] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.178] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp9_0"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.179] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\imjp9_0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.179] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\IMJP9_0\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.179] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.179] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.179] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.180] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0136.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.180] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.180] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.180] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.180] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbda554a0, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xbda554a0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0136.180] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 1 [0136.181] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.181] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.181] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbda554a0, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xbda554a0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0136.181] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.181] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*", lpFindFileData=0xc000075458 | out: lpFindFileData=0xc000075458*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbda554a0, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xbda554a0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.181] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xbda554a0, ftLastAccessTime.dwHighDateTime=0x1d301bd, ftLastWriteTime.dwLowDateTime=0xbda554a0, ftLastWriteTime.dwHighDateTime=0x1d301bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.181] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4eb35ad0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0136.181] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df47e00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df47e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a683760, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x8e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0136.181] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eb0f970, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb0f970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4eb0f970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Launch Internet Explorer Browser.lnk", cAlternateFileName="LAUNCH~1.LNK")) returned 1 [0136.181] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0136.181] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0136.181] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0136.181] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.181] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.182] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0136.182] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0136.183] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df47e00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df47e00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a683760, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x8e9)) returned 1 [0136.183] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Launch Internet Explorer Browser.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\launch internet explorer browser.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4eb0f970, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4eb0f970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4eb0f970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5a7)) returned 1 [0136.184] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Shows Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\shows desktop.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e11d030, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x122)) returned 1 [0136.185] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0136.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.186] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.186] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.186] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x119ccee, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.186] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0136.186] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0136.186] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.186] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.186] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.187] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.187] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.187] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf98cef90, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.187] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.187] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.187] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0136.188] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.188] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.188] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.188] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dc4b320, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0136.188] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e02c640, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7e02c640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df47e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0136.188] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc251c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc251c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (2).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0136.188] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0136.188] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0de7e00, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x491, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0136.188] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc4b320, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc4b320, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer (2).lnk", cAlternateFileName="WINDOW~3.LNK")) returned 1 [0136.188] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~2.LNK")) returned 1 [0136.188] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc4b320, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc4b320, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd869fe87, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player (2).lnk", cAlternateFileName="WINDOW~4.LNK")) returned 1 [0136.188] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Media Player.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0136.188] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.189] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\google chrome.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e02c640, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7e02c640, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df47e00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8dd)) returned 1 [0136.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer (2).lnk"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc251c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc251c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5ad)) returned 1 [0136.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\internet explorer.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x921e7f, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x5a9)) returned 1 [0136.190] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Mozilla Firefox.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\mozilla firefox.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0de7e00, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb65d71b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb65d71b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x491)) returned 1 [0136.190] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc4b320, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc4b320, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc)) returned 1 [0136.190] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc)) returned 1 [0136.190] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2dc4b320, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dc4b320, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd869fe87, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x60b)) returned 1 [0136.191] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2e24b3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x60b)) returned 1 [0136.191] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dc4b320, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c)) returned 1 [0136.191] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e143190, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x110)) returned 1 [0136.192] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x4eb35ad0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd)) returned 1 [0136.192] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.192] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*", lpFindFileData=0xc000075458 | out: lpFindFileData=0xc000075458*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.192] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b77470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b77470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.193] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0136.193] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.193] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.193] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.193] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.193] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.193] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0136.194] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b77470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.194] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="65UX3YG0", cAlternateFileName="")) returned 1 [0136.194] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AY721QDR", cAlternateFileName="")) returned 1 [0136.194] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DZBKZBIC", cAlternateFileName="")) returned 1 [0136.194] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0136.194] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VRLZOZ0E", cAlternateFileName="")) returned 1 [0136.194] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.194] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0136.195] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.195] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\65ux3yg0"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\65ux3yg0"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.195] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\65UX3YG0\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.195] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.195] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.195] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.195] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\ay721qdr"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.196] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\ay721qdr"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.196] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\AY721QDR\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.196] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.196] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.196] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.196] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\dzbkzbic"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.196] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\dzbkzbic"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.196] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\DZBKZBIC\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.197] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.197] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.197] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.197] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\vrlzoz0e"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.197] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\vrlzoz0e"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.197] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\VRLZOZ0E\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.197] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.197] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.197] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.197] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbaf619f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8000)) returned 1 [0136.197] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\mmc"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\mmc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0136.198] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MMC\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0136.198] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0136.199] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2f5d6350, ftCreationTime.dwHighDateTime=0x1d2fa9b, ftLastAccessTime.dwLowDateTime=0x2f5d6350, ftLastAccessTime.dwHighDateTime=0x1d2fa9b, ftLastWriteTime.dwLowDateTime=0x2f5d6350, ftLastWriteTime.dwHighDateTime=0x1d2fa9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0136.199] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0136.199] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0136.199] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0136.426] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0136.670] SwitchToThread () returned 1 [0136.781] SetEvent (hEvent=0x334) returned 1 [0136.781] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0136.878] SetEvent (hEvent=0x334) returned 1 [0136.878] SetEvent (hEvent=0x39c) returned 1 [0136.878] SetEvent (hEvent=0x324) returned 1 [0136.879] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0137.163] SetEvent (hEvent=0xfc) returned 1 [0137.163] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player (2).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0137.164] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000211cf4 | out: lpMode=0xc000211cf4) returned 0 [0137.166] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0138.016] SwitchToThread () returned 1 [0138.018] GetFileType (hFile=0x2cc) returned 0x1 [0138.120] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0138.127] SwitchToThread () returned 1 [0138.127] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0138.137] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0138.141] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00014bd04 | out: lpMode=0xc00014bd04) returned 0 [0138.338] GetFileType (hFile=0x384) returned 0x1 [0138.338] WriteFile (in: hFile=0x384, lpBuffer=0xc003b3c000*, nNumberOfBytesToWrite=0x3fe4b0, lpNumberOfBytesWritten=0xc00014bcec, lpOverlapped=0x0 | out: lpBuffer=0xc003b3c000*, lpNumberOfBytesWritten=0xc00014bcec*=0x3fe4b0, lpOverlapped=0x0) returned 1 [0138.531] CloseHandle (hObject=0x384) returned 1 [0138.531] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0138.531] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0138.545] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0138.545] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0138.546] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0138.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0138.547] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00014bd64 | out: lpMode=0xc00014bd64) returned 0 [0138.558] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0138.618] GetFileType (hFile=0x2cc) returned 0x1 [0138.618] WriteFile (in: hFile=0x2cc, lpBuffer=0xc000054000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesWritten=0xc00014bd4c*=0x158, lpOverlapped=0x0) returned 1 [0138.618] CloseHandle (hObject=0x2cc) returned 1 [0138.619] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\built-in building blocks.dotx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\14\\encry-Built-In Building Blocks.dotx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\document building blocks\\1033\\14\\encry-built-in building blocks.dotx"), dwFlags=0x1) returned 1 [0138.620] SetEvent (hEvent=0x39c) returned 1 [0138.620] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0138.621] SetEvent (hEvent=0x12c) returned 1 [0138.621] SwitchToThread () returned 1 [0138.628] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0138.629] SetEvent (hEvent=0x12c) returned 1 [0138.629] SetEvent (hEvent=0x354) returned 1 [0138.629] VirtualFree (lpAddress=0xc003c00000, dwSize=0x33c000, dwFreeType=0x4000) returned 1 [0138.669] VirtualFree (lpAddress=0xc003800000, dwSize=0x400000, dwFreeType=0x4000) returned 1 [0138.696] VirtualFree (lpAddress=0xc00373c000, dwSize=0xc4000, dwFreeType=0x4000) returned 1 [0138.703] VirtualFree (lpAddress=0xc00027c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.703] VirtualFree (lpAddress=0xc000260000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0138.704] VirtualFree (lpAddress=0xc00010c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0138.704] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0138.705] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.705] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.706] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.706] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.706] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0138.707] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.707] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.708] VirtualFree (lpAddress=0xc000076000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0138.709] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.709] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0138.709] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0138.710] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000151cf4 | out: lpMode=0xc000151cf4) returned 0 [0138.711] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0138.714] GetFileType (hFile=0x2cc) returned 0x1 [0138.714] GetFileType (hFile=0x2cc) returned 0x1 [0138.714] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc000151d44 | out: lpFileInformation=0xc000151d44) returned 1 [0138.714] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc000151d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000151d28) returned 1 [0138.714] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0138.715] ReadFile (in: hFile=0x2cc, lpBuffer=0xc000184000, nNumberOfBytesToRead=0x39c, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc000184000*, lpNumberOfBytesRead=0xc000151c04*=0x19c, lpOverlapped=0x0) returned 1 [0138.716] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00018419c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc00018419c*, lpNumberOfBytesRead=0xc000151c04*=0x0, lpOverlapped=0x0) returned 1 [0138.716] CloseHandle (hObject=0x2cc) returned 1 [0138.716] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0138.716] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0138.717] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini\\*", lpFindFileData=0xc000151a08 | out: lpFindFileData=0xc000151a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0138.717] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000151720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0138.748] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0138.755] SetEvent (hEvent=0x30c) returned 1 [0138.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0138.755] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\*", lpFindFileData=0xc000129530 | out: lpFindFileData=0xc000129530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0138.755] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.755] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="14", cAlternateFileName="")) returned 1 [0138.756] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0138.756] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0138.756] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14"), fInfoLevelId=0x0, lpFileInformation=0xc0001296a0 | out: lpFileInformation=0xc0001296a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0138.762] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0138.763] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\*", lpFindFileData=0xc000075458 | out: lpFindFileData=0xc000075458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0138.763] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8d940a0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8d940a0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.763] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0138.763] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0138.763] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0138.763] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0138.778] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0138.778] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0138.779] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8d940a0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x8e064c0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.779] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8e064c0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0xfee79d60, ftLastWriteTime.dwHighDateTime=0x1d3aab9, nFileSizeHigh=0x0, nFileSizeLow=0x5f600, dwReserved0=0x0, dwReserved1=0x0, cFileName="Global.MPT", cAlternateFileName="")) returned 1 [0138.779] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0138.779] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0138.779] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\MS Project\\14\\1033\\Global.MPT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\ms project\\14\\1033\\global.mpt"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8e064c0, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x8e064c0, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0xfee79d60, ftLastWriteTime.dwHighDateTime=0x1d3aab9, nFileSizeHigh=0x0, nFileSizeLow=0x5f600)) returned 1 [0138.779] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0138.780] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0138.780] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0138.780] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.780] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0138.780] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0138.780] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0138.780] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0138.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0138.781] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*", lpFindFileData=0xc000075458 | out: lpFindFileData=0xc000075458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0138.781] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.781] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pbk", cAlternateFileName="")) returned 1 [0138.781] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0138.781] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0138.781] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0138.781] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0138.782] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*", lpFindFileData=0xc000075380 | out: lpFindFileData=0xc000075380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0138.782] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.782] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 1 [0138.782] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000753b0 | out: lpFindFileData=0xc0000753b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0138.782] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0138.782] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk"), fInfoLevelId=0x0, lpFileInformation=0xc0000754f0 | out: lpFileInformation=0xc0000754f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0138.782] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0138.782] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*", lpFindFileData=0xc0000752a8 | out: lpFindFileData=0xc0000752a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0138.783] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.783] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 1 [0138.783] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000752d8 | out: lpFindFileData=0xc0000752d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0138.783] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0138.783] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0138.784] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0138.784] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0138.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk"), fInfoLevelId=0x0, lpFileInformation=0xc000075418 | out: lpFileInformation=0xc000075418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x31a325d0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x31a325d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x31a325d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0138.785] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dae0390, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dae0390, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0138.799] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0138.799] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dae0390, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dae0390, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0138.800] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0138.801] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43c8ae30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dae0390, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dae0390, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.801] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f6ce7b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f6ce7b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f6ce7b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x9382, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSO1033.acl", cAlternateFileName="")) returned 1 [0138.801] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0138.801] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0138.801] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0138.801] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4f6ce7b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4f6ce7b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x4f6ce7b0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x9382)) returned 1 [0138.809] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0138.821] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0138.821] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0138.822] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0138.822] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0138.823] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0138.824] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0138.827] SetEvent (hEvent=0x354) returned 1 [0138.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0138.827] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0138.838] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*", lpFindFileData=0xc000075458 | out: lpFindFileData=0xc000075458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0138.838] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5dae0390, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90b3d80, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0138.838] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90b3d80, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90d9ee0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x59a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Global.LNK", cAlternateFileName="")) returned 1 [0138.838] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x90d9ee0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x34, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0138.838] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dc5d150, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x472, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 1 [0138.838] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0138.838] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0138.838] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Global.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\global.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x90b3d80, ftCreationTime.dwHighDateTime=0x1d305fe, ftLastAccessTime.dwLowDateTime=0x90b3d80, ftLastAccessTime.dwHighDateTime=0x1d305fe, ftLastWriteTime.dwLowDateTime=0x90d9ee0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x59a)) returned 1 [0138.839] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\Templates.LNK" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\templates.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5dc5d150, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x472)) returned 1 [0138.847] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0138.941] SetEvent (hEvent=0x39c) returned 1 [0138.941] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0139.273] SetEvent (hEvent=0x12c) returned 1 [0139.273] GetFileType (hFile=0x2f4) returned 0x1 [0139.273] WriteFile (in: hFile=0x2f4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00020fd4c*=0x158, lpOverlapped=0x0) returned 1 [0139.273] CloseHandle (hObject=0x2f4) returned 1 [0139.274] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\encry-Windows Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\encry-windows explorer (2).lnk"), dwFlags=0x1) returned 1 [0139.276] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0139.277] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0139.277] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0139.278] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0139.279] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0001b9cf4 | out: lpMode=0xc0001b9cf4) returned 0 [0139.357] GetFileType (hFile=0x2f4) returned 0x1 [0139.357] GetFileType (hFile=0x2f4) returned 0x1 [0139.358] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc0001b9d44 | out: lpFileInformation=0xc0001b9d44) returned 1 [0139.358] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc0001b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b9d28) returned 1 [0139.358] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0139.359] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0000fe000, nNumberOfBytesToRead=0x310, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesRead=0xc0001b9c04*=0x110, lpOverlapped=0x0) returned 1 [0139.360] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0000fe110, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe110*, lpNumberOfBytesRead=0xc0001b9c04*=0x0, lpOverlapped=0x0) returned 1 [0139.360] CloseHandle (hObject=0x2f4) returned 1 [0139.360] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0139.361] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0139.361] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0139.362] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0001b9d04 | out: lpMode=0xc0001b9d04) returned 0 [0139.621] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0139.672] GetFileType (hFile=0x2f4) returned 0x1 [0139.672] WriteFile (in: hFile=0x2f4, lpBuffer=0xc00007a360*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc0001b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007a360*, lpNumberOfBytesWritten=0xc0001b9cec*=0x120, lpOverlapped=0x0) returned 1 [0139.673] CloseHandle (hObject=0x2f4) returned 1 [0139.673] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0801 | out: pbBuffer=0xc0002f0801) returned 1 [0139.673] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0139.675] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0139.675] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0001b9d64 | out: lpMode=0xc0001b9d64) returned 0 [0139.694] GetFileType (hFile=0x2f4) returned 0x1 [0139.694] WriteFile (in: hFile=0x2f4, lpBuffer=0xc0001b0f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001b0f20*, lpNumberOfBytesWritten=0xc0001b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0139.695] CloseHandle (hObject=0x2f4) returned 1 [0139.695] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0139.696] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Window Switcher.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\window switcher.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\encry-Window Switcher.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\encry-window switcher.lnk"), dwFlags=0x1) returned 1 [0139.697] SwitchToThread () returned 1 [0139.734] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0139.751] SetEvent (hEvent=0x39c) returned 1 [0139.751] SetEvent (hEvent=0x12c) returned 1 [0139.751] VirtualFree (lpAddress=0xc000212000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0139.752] VirtualFree (lpAddress=0xc0001e2000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0139.753] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.753] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.753] VirtualFree (lpAddress=0xc00010c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0139.754] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.754] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0139.755] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.755] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.755] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.755] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.756] VirtualFree (lpAddress=0xc00006e000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0139.756] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.756] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.757] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.757] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.757] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.758] GetFileType (hFile=0x1ec) returned 0x1 [0139.758] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc000243d44 | out: lpFileInformation=0xc000243d44) returned 1 [0139.758] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc000243d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000243d28) returned 1 [0139.758] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0139.758] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00002c000, nNumberOfBytesToRead=0x257, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c000*, lpNumberOfBytesRead=0xc000243c04*=0x57, lpOverlapped=0x0) returned 1 [0139.759] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00002c057, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c057*, lpNumberOfBytesRead=0xc000243c04*=0x0, lpOverlapped=0x0) returned 1 [0139.759] CloseHandle (hObject=0x1ec) returned 1 [0139.759] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0139.760] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0139.760] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0139.761] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f\\*", lpFindFileData=0xc000243a08 | out: lpFindFileData=0xc000243a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0139.761] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000243720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0139.761] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0139.761] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0139.762] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0xc0000755c8 | out: lpFileInformation=0xc0000755c8*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0x5dc5d150, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5dc5d150, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x90d9ee0, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x34)) returned 1 [0139.763] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0139.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0139.777] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0139.777] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x5c734300, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0139.777] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5de69980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5de69980, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5e0c9040, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0139.777] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6215c440, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x9a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml", cAlternateFileName="")) returned 1 [0139.777] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0139.777] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0139.778] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.srs"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5de69980, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x5de69980, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x5e0c9040, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0xa00)) returned 1 [0139.796] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6215c440, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x6215c440, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x6215c440, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x9a2)) returned 1 [0139.796] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\powerpoint"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0139.805] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0139.816] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0139.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\powerpoint"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0139.817] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\PowerPoint\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0139.817] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0139.818] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x33c0ebb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x33c0ebb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x33c0ebb0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0139.818] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0139.818] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0139.818] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\proof"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x510b16f0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x510b16f0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x510b16f0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0139.826] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0139.866] SetEvent (hEvent=0xc0) returned 1 [0139.866] SetEvent (hEvent=0x39c) returned 1 [0139.866] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Proof" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\proof"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0139.866] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0139.909] SetEvent (hEvent=0x39c) returned 1 [0139.909] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0139.917] SetEvent (hEvent=0x39c) returned 1 [0139.917] SetEvent (hEvent=0x324) returned 1 [0139.917] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.918] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.918] VirtualFree (lpAddress=0xc00010c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0139.921] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.922] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.922] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.923] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0139.923] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.923] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.924] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.924] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.925] VirtualFree (lpAddress=0xc000058000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0139.925] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.926] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0139.926] GetFileType (hFile=0x36c) returned 0x1 [0139.926] WriteFile (in: hFile=0x36c, lpBuffer=0xc00021c000*, nNumberOfBytesToWrite=0x9390, lpNumberOfBytesWritten=0xc00027bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00021c000*, lpNumberOfBytesWritten=0xc00027bcec*=0x9390, lpOverlapped=0x0) returned 1 [0139.928] CloseHandle (hObject=0x36c) returned 1 [0139.928] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0139.929] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0139.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0139.930] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00027bd64 | out: lpMode=0xc00027bd64) returned 0 [0139.938] GetFileType (hFile=0x36c) returned 0x1 [0139.938] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00027bd4c*=0x158, lpOverlapped=0x0) returned 1 [0139.938] CloseHandle (hObject=0x36c) returned 1 [0139.938] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\mso1033.acl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Office\\encry-MSO1033.acl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\office\\encry-mso1033.acl"), dwFlags=0x1) returned 1 [0139.940] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206078*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0006e1818, lpReserved=0x0 | out: lpBuffer=0xc000206078*, lpNumberOfCharsWritten=0xc0006e1818*=0x3) returned 1 [0139.967] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.010] SetEvent (hEvent=0x39c) returned 1 [0140.010] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0310*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000177818, lpReserved=0x0 | out: lpBuffer=0xc0000a0310*, lpNumberOfCharsWritten=0xc000177818*=0x3) returned 1 [0140.023] SetEvent (hEvent=0x12c) returned 1 [0140.023] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0316*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000155818, lpReserved=0x0 | out: lpBuffer=0xc0000a0316*, lpNumberOfCharsWritten=0xc000155818*=0x3) returned 1 [0140.027] SetEvent (hEvent=0x12c) returned 1 [0140.027] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0320*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000211818, lpReserved=0x0 | out: lpBuffer=0xc0000a0320*, lpNumberOfCharsWritten=0xc000211818*=0x3) returned 1 [0140.036] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.063] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0140.064] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000130000*, nNumberOfCharsToWrite=0x8f, lpNumberOfCharsWritten=0xc000151808, lpReserved=0x0 | out: lpBuffer=0xc000130000*, lpNumberOfCharsWritten=0xc000151808*=0x8f) returned 1 [0140.071] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0140.071] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0140.071] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0140.072] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0140.073] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0140.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0140.074] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000151d64 | out: lpMode=0xc000151d64) returned 0 [0140.083] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.090] SetEvent (hEvent=0x324) returned 1 [0140.090] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.153] SetEvent (hEvent=0x39c) returned 1 [0140.153] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0140.154] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0140.155] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0140.156] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00026dcf4 | out: lpMode=0xc00026dcf4) returned 0 [0140.157] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.162] GetFileType (hFile=0x2cc) returned 0x1 [0140.162] GetFileType (hFile=0x2cc) returned 0x1 [0140.162] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc00026dd44 | out: lpFileInformation=0xc00026dd44) returned 1 [0140.162] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc00026dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026dd28) returned 1 [0140.162] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0140.163] ReadFile (in: hFile=0x2cc, lpBuffer=0xc000056000, nNumberOfBytesToRead=0x3d4, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000056000*, lpNumberOfBytesRead=0xc00026dc04*=0x1d4, lpOverlapped=0x0) returned 1 [0140.164] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0000561d4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000561d4*, lpNumberOfBytesRead=0xc00026dc04*=0x0, lpOverlapped=0x0) returned 1 [0140.164] CloseHandle (hObject=0x2cc) returned 1 [0140.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.164] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9\\*", lpFindFileData=0xc00026da08 | out: lpFindFileData=0xc00026da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0140.165] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00026d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0140.165] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d66e0*, nNumberOfCharsToWrite=0xab, lpNumberOfCharsWritten=0xc00026d808, lpReserved=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfCharsWritten=0xc00026d808*=0xab) returned 1 [0140.187] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0140.188] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0140.189] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0140.189] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00026dd64 | out: lpMode=0xc00026dd64) returned 0 [0140.191] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.203] GetFileType (hFile=0x240) returned 0x1 [0140.203] WriteFile (in: hFile=0x240, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00026dd4c*=0x158, lpOverlapped=0x0) returned 1 [0140.204] CloseHandle (hObject=0x240) returned 1 [0140.204] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0140.205] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\encry-be5b4fbd-cb99-45f5-9462-5f896dd3a6b9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\encry-be5b4fbd-cb99-45f5-9462-5f896dd3a6b9"), dwFlags=0x1) returned 1 [0140.206] VirtualFree (lpAddress=0xc003400000, dwSize=0x33c000, dwFreeType=0x4000) returned 1 [0140.243] VirtualFree (lpAddress=0xc003000000, dwSize=0x400000, dwFreeType=0x4000) returned 1 [0140.281] VirtualFree (lpAddress=0xc002c00000, dwSize=0x400000, dwFreeType=0x4000) returned 1 [0140.322] VirtualFree (lpAddress=0xc002800000, dwSize=0x400000, dwFreeType=0x4000) returned 1 [0140.373] VirtualFree (lpAddress=0xc002400000, dwSize=0x400000, dwFreeType=0x4000) returned 1 [0140.399] VirtualFree (lpAddress=0xc002000000, dwSize=0x400000, dwFreeType=0x4000) returned 1 [0140.420] VirtualFree (lpAddress=0xc001f10000, dwSize=0xf0000, dwFreeType=0x4000) returned 1 [0140.430] VirtualFree (lpAddress=0xc0001ea000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0140.431] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.431] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.432] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.432] VirtualFree (lpAddress=0xc0001a6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.433] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.433] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.433] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0140.434] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.434] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.435] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0140.435] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.436] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.437] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.437] SetEvent (hEvent=0x324) returned 1 [0140.437] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0140.438] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001cdcf4 | out: lpMode=0xc0001cdcf4) returned 0 [0140.446] GetFileType (hFile=0x240) returned 0x1 [0140.446] GetFileType (hFile=0x240) returned 0x1 [0140.446] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc0001cdd44 | out: lpFileInformation=0xc0001cdd44) returned 1 [0140.446] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc0001cdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cdd28) returned 1 [0140.446] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0140.447] ReadFile (in: hFile=0x240, lpBuffer=0xc0000fe000, nNumberOfBytesToRead=0x3d4, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfBytesRead=0xc0001cdc04*=0x1d4, lpOverlapped=0x0) returned 1 [0140.448] ReadFile (in: hFile=0x240, lpBuffer=0xc0000fe1d4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe1d4*, lpNumberOfBytesRead=0xc0001cdc04*=0x0, lpOverlapped=0x0) returned 1 [0140.448] CloseHandle (hObject=0x240) returned 1 [0140.449] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0140.449] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.450] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\102a7bc8-3f85-4bb4-840a-38257d2965d2\\*", lpFindFileData=0xc0001cda08 | out: lpFindFileData=0xc0001cda08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0140.450] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001cd720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0140.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0140.451] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000049cf4 | out: lpMode=0xc000049cf4) returned 0 [0140.461] GetFileType (hFile=0x240) returned 0x1 [0140.461] GetFileType (hFile=0x240) returned 0x1 [0140.461] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc000049d44 | out: lpFileInformation=0xc000049d44) returned 1 [0140.461] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc000049d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000049d28) returned 1 [0140.461] ReadFile (in: hFile=0x240, lpBuffer=0xc0000fe400, nNumberOfBytesToRead=0x3d4, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe400*, lpNumberOfBytesRead=0xc000049c04*=0x1d4, lpOverlapped=0x0) returned 1 [0140.462] ReadFile (in: hFile=0x240, lpBuffer=0xc0000fe5d4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000049c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fe5d4*, lpNumberOfBytesRead=0xc000049c04*=0x0, lpOverlapped=0x0) returned 1 [0140.462] CloseHandle (hObject=0x240) returned 1 [0140.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.462] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\915f9e3b-485d-4f89-a291-82a5ad3b0ee7\\*", lpFindFileData=0xc000049a08 | out: lpFindFileData=0xc000049a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0140.462] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000049720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0140.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\preferred"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0140.463] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0002dfcf4 | out: lpMode=0xc0002dfcf4) returned 0 [0140.467] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.471] SetEvent (hEvent=0x39c) returned 1 [0140.471] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.479] SetEvent (hEvent=0x39c) returned 1 [0140.479] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.481] SetEvent (hEvent=0x354) returned 1 [0140.481] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.486] SetEvent (hEvent=0x39c) returned 1 [0140.486] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.486] SetEvent (hEvent=0x39c) returned 1 [0140.486] SetEvent (hEvent=0x354) returned 1 [0140.486] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.487] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.487] VirtualFree (lpAddress=0xc000070000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0140.487] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.488] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0140.488] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.489] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher\\*", lpFindFileData=0xc000129530 | out: lpFindFileData=0xc000129530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.489] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x43bcc750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x43bcc750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x43bcc750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.489] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.489] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.489] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks"), fInfoLevelId=0x0, lpFileInformation=0xc000129778 | out: lpFileInformation=0xc000129778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbec39d0, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.495] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\*", lpFindFileData=0xc000129530 | out: lpFindFileData=0xc000129530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbec39d0, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.495] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbec39d0, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.496] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0xa8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ContentStore.xml", cAlternateFileName="CONTEN~1.XML")) returned 1 [0140.496] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.496] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.496] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0140.496] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0140.497] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Publisher Building Blocks\\ContentStore.xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\publisher building blocks\\contentstore.xml"), fInfoLevelId=0x0, lpFileInformation=0xc0000776a0 | out: lpFileInformation=0xc0000776a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4bb4c1b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x4bb4c1b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbec39d0, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0xa8)) returned 1 [0140.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\speech"), fInfoLevelId=0x0, lpFileInformation=0xc000077778 | out: lpFileInformation=0xc000077778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.522] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\speech"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.522] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0140.523] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0140.523] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Speech\\*", lpFindFileData=0xc000077530 | out: lpFindFileData=0xc000077530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.523] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0140.524] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.524] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.524] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.524] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates"), fInfoLevelId=0x0, lpFileInformation=0xc000077778 | out: lpFileInformation=0xc000077778*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.525] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.525] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0xc000077530 | out: lpFindFileData=0xc000077530*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.525] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.525] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0140.525] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.526] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0140.526] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.526] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my"), fInfoLevelId=0x0, lpFileInformation=0xc0000776a0 | out: lpFileInformation=0xc0000776a0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.527] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.527] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*", lpFindFileData=0xc000077458 | out: lpFindFileData=0xc000077458*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.527] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.527] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0140.527] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLs", cAlternateFileName="")) returned 1 [0140.527] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 1 [0140.527] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.527] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.527] VirtualAlloc (lpAddress=0xc0001a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a4000 [0140.528] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls"), fInfoLevelId=0x0, lpFileInformation=0xc0000775c8 | out: lpFileInformation=0xc0000775c8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.528] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.528] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*", lpFindFileData=0xc000077380 | out: lpFindFileData=0xc000077380*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.529] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000773b0 | out: lpFindFileData=0xc0000773b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.529] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000773b0 | out: lpFindFileData=0xc0000773b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.529] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.529] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls"), fInfoLevelId=0x0, lpFileInformation=0xc0000775c8 | out: lpFileInformation=0xc0000775c8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.529] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*", lpFindFileData=0xc000077380 | out: lpFindFileData=0xc000077380*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.529] VirtualAlloc (lpAddress=0xc0001a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a6000 [0140.530] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000773b0 | out: lpFindFileData=0xc0000773b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.530] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000773b0 | out: lpFindFileData=0xc0000773b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.530] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.530] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0140.530] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates"), fInfoLevelId=0x0, lpFileInformation=0xc0000775c8 | out: lpFileInformation=0xc0000775c8*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.531] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*", lpFindFileData=0xc000077380 | out: lpFindFileData=0xc000077380*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.531] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000773b0 | out: lpFindFileData=0xc0000773b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x96779c3, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.531] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc0000773b0 | out: lpFindFileData=0xc0000773b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.531] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.531] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates"), fInfoLevelId=0x0, lpFileInformation=0xc000077778 | out: lpFileInformation=0xc000077778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2795d470, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x2795d470, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.539] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.539] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\*", lpFindFileData=0xc000077530 | out: lpFindFileData=0xc000077530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2795d470, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x2795d470, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.539] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x31d42f10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x2795d470, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x2795d470, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.539] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5db2c650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5db2c650, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5db78910, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x509b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 1 [0140.539] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.540] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.540] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\templates\\normal.dotm"), fInfoLevelId=0x0, lpFileInformation=0xc0000776a0 | out: lpFileInformation=0xc0000776a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5db2c650, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x5db2c650, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x5db78910, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x509b)) returned 1 [0140.540] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof"), fInfoLevelId=0x0, lpFileInformation=0xc000077778 | out: lpFileInformation=0xc000077778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0140.549] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.549] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\*", lpFindFileData=0xc000077530 | out: lpFindFileData=0xc000077530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.549] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.549] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="CUSTOM.DIC", cAlternateFileName="")) returned 1 [0140.549] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.549] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.549] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\UProof\\CUSTOM.DIC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\uproof\\custom.dic"), fInfoLevelId=0x0, lpFileInformation=0xc0000776a0 | out: lpFileInformation=0xc0000776a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbab2410, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbab2410, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbab2410, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x2)) returned 1 [0140.561] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows"), fInfoLevelId=0x0, lpFileInformation=0xc000077778 | out: lpFileInformation=0xc000077778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0140.561] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.561] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\*", lpFindFileData=0xc000077530 | out: lpFindFileData=0xc000077530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.561] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf96b9c4c, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.561] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c7870d0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2c7870d0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0140.561] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xedd0e6f6, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IECompatCache", cAlternateFileName="IECOMP~1")) returned 1 [0140.561] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe9256a4, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IETldCache", cAlternateFileName="IETLDC~1")) returned 1 [0140.562] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d22d5a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d22d5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0140.562] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaeeef71c, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Shortcuts", cAlternateFileName="NETWOR~1")) returned 1 [0140.562] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb9c40b55, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Printer Shortcuts", cAlternateFileName="PRINTE~1")) returned 1 [0140.562] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x94fde710, ftLastAccessTime.dwHighDateTime=0x1d2fab5, ftLastWriteTime.dwLowDateTime=0x94fde710, ftLastWriteTime.dwHighDateTime=0x1d2fab5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PrivacIE", cAlternateFileName="")) returned 1 [0140.562] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe4a9e6a0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe4a9e6a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0140.562] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0140.562] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0140.562] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0140.562] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Themes", cAlternateFileName="")) returned 1 [0140.562] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077560 | out: lpFindFileData=0xc000077560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.562] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0140.563] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.563] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies"), fInfoLevelId=0x0, lpFileInformation=0xc0000776a0 | out: lpFileInformation=0xc0000776a0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c7870d0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2c7870d0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0140.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.564] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\*", lpFindFileData=0xc000077458 | out: lpFindFileData=0xc000077458*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c7870d0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2c7870d0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0140.564] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2c7870d0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2c7870d0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0140.564] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1c3625f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1c3625f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1c3625f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x53, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adobe[1].txt", cAlternateFileName="5P5NRG~1.TXT")) returned 1 [0140.564] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d72bcd0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e6a4bd0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1e6a4bd0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x227, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@adobe[3].txt", cAlternateFileName="5P0100~1.TXT")) returned 1 [0140.564] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d8f4d50, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e658910, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1e658910, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xf1, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@demdex[1].txt", cAlternateFileName="5PFFE8~1.TXT")) returned 1 [0140.564] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1e658910, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e658910, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1e658910, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x6f, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt", cAlternateFileName="5PB43E~1.TXT")) returned 1 [0140.564] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1dcf9270, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1dcf9270, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1dcf9270, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x6e, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@everesttech[1].txt", cAlternateFileName="5P5NRG~4.TXT")) returned 1 [0140.564] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86af2d0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x2c7870d0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2c7870d0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x114, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@google[2].txt", cAlternateFileName="5P5NRG~2.TXT")) returned 1 [0140.564] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1dcf9270, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1dcf9270, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1dcf9270, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x56, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@ml314[1].txt", cAlternateFileName="5P0DBF~1.TXT")) returned 1 [0140.565] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1e5e64f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e5e64f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1e5e64f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x19e, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5nrgjn0js_halpmcxz@rlcdn[2].txt", cAlternateFileName="5P94E6~1.TXT")) returned 1 [0140.565] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28dbdd20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe2a9ffc0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x8000, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0140.565] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x2bc9ae40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52878dd0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x52878dd0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0140.565] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000077488 | out: lpFindFileData=0xc000077488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0140.565] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0140.565] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0140.566] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0140.567] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0140.567] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc0000775c8 | out: lpFileInformation=0xc0000775c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1c3625f0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1c3625f0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1c3625f0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x53)) returned 1 [0140.569] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@adobe[3].txt"), fInfoLevelId=0x0, lpFileInformation=0xc0000775c8 | out: lpFileInformation=0xc0000775c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d72bcd0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e6a4bd0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1e6a4bd0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x227)) returned 1 [0140.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@demdex[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc0000775c8 | out: lpFileInformation=0xc0000775c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1d8f4d50, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e658910, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1e658910, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0xf1)) returned 1 [0140.599] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0140.600] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0140.600] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0140.601] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@dpm.demdex[2].txt"), fInfoLevelId=0x0, lpFileInformation=0xc0000775c8 | out: lpFileInformation=0xc0000775c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1e658910, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1e658910, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1e658910, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x6f)) returned 1 [0140.602] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@everesttech[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc0000775c8 | out: lpFileInformation=0xc0000775c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1dcf9270, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1dcf9270, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1dcf9270, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x6e)) returned 1 [0140.603] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@google[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@google[2].txt"), fInfoLevelId=0x0, lpFileInformation=0xc0000775c8 | out: lpFileInformation=0xc0000775c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86af2d0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x2c7870d0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x2c7870d0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x114)) returned 1 [0140.614] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.627] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.628] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002d5818, lpReserved=0x0 | out: lpBuffer=0xc000206040*, lpNumberOfCharsWritten=0xc0002d5818*=0x3) returned 1 [0140.629] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206046*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002d9818, lpReserved=0x0 | out: lpBuffer=0xc000206046*, lpNumberOfCharsWritten=0xc0002d9818*=0x3) returned 1 [0140.631] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.691] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000094120*, nNumberOfCharsToWrite=0x90, lpNumberOfCharsWritten=0xc000143808, lpReserved=0x0 | out: lpBuffer=0xc000094120*, lpNumberOfCharsWritten=0xc000143808*=0x90) returned 1 [0140.700] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.717] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0140.718] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0140.718] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0140.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0140.719] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000143d64 | out: lpMode=0xc000143d64) returned 0 [0140.730] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.736] GetFileType (hFile=0x2cc) returned 0x1 [0140.736] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000143d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000143d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.737] CloseHandle (hObject=0x2cc) returned 1 [0140.737] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0140.738] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0140.739] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0140.739] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\preferred"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3111613574-2524581245-2586426736-500\\encry-Preferred" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3111613574-2524581245-2586426736-500\\encry-preferred"), dwFlags=0x1) returned 1 [0140.741] SetEvent (hEvent=0xfc) returned 1 [0140.741] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.808] SetEvent (hEvent=0x324) returned 1 [0140.808] SetEvent (hEvent=0x30c) returned 1 [0140.808] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.844] SetEvent (hEvent=0x324) returned 1 [0140.844] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0140.844] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0140.845] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0140.845] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0002d9cf4 | out: lpMode=0xc0002d9cf4) returned 0 [0140.847] GetFileType (hFile=0x1ec) returned 0x1 [0140.847] GetFileType (hFile=0x1ec) returned 0x1 [0140.847] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc0002d9d44 | out: lpFileInformation=0xc0002d9d44) returned 1 [0140.847] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc0002d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d9d28) returned 1 [0140.847] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0140.848] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0000ba000, nNumberOfBytesToRead=0x39e, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ba000*, lpNumberOfBytesRead=0xc0002d9c04*=0x19e, lpOverlapped=0x0) returned 1 [0140.849] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0000ba19e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ba19e*, lpNumberOfBytesRead=0xc0002d9c04*=0x0, lpOverlapped=0x0) returned 1 [0140.849] CloseHandle (hObject=0x1ec) returned 1 [0140.849] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0140.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0140.850] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0002d9d04 | out: lpMode=0xc0002d9d04) returned 0 [0140.851] GetFileType (hFile=0x1ec) returned 0x1 [0140.851] WriteFile (in: hFile=0x1ec, lpBuffer=0xc000104000*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0xc0002d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesWritten=0xc0002d9cec*=0x1a0, lpOverlapped=0x0) returned 1 [0140.852] CloseHandle (hObject=0x1ec) returned 1 [0140.852] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0140.852] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0140.853] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0140.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0140.853] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0002d9d64 | out: lpMode=0xc0002d9d64) returned 0 [0140.854] GetFileType (hFile=0x1ec) returned 0x1 [0140.854] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0002d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.854] CloseHandle (hObject=0x1ec) returned 1 [0140.854] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\5p5nrgjn0js_halpmcxz@rlcdn[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\encry-5p5nrgjn0js_halpmcxz@rlcdn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\encry-5p5nrgjn0js_halpmcxz@rlcdn[2].txt"), dwFlags=0x1) returned 1 [0140.856] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.856] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.856] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.856] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.857] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.857] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0140.857] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.858] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.858] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.858] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d69a0*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0001d5808, lpReserved=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfCharsWritten=0xc0001d5808*=0xac) returned 1 [0140.860] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.862] SetEvent (hEvent=0xfc) returned 1 [0140.862] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0140.862] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0140.863] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0140.863] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0001d5d64 | out: lpMode=0xc0001d5d64) returned 0 [0140.864] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.867] GetFileType (hFile=0x1ec) returned 0x1 [0140.867] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.871] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0001d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.872] CloseHandle (hObject=0x1ec) returned 1 [0140.872] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\encry-fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\encry-fbbe72db-afd8-443b-88dd-64b20388700d"), dwFlags=0x1) returned 1 [0140.874] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.875] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0140.875] SetEvent (hEvent=0x30c) returned 1 [0140.876] SetEvent (hEvent=0x39c) returned 1 [0140.876] SetEvent (hEvent=0xec) returned 1 [0140.876] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.879] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.879] SetEvent (hEvent=0xec) returned 1 [0140.879] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.884] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.884] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0140.884] SetEvent (hEvent=0x30c) returned 1 [0140.884] SetEvent (hEvent=0x12c) returned 1 [0140.884] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.891] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.892] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0140.892] SetEvent (hEvent=0x324) returned 1 [0140.892] SetEvent (hEvent=0xec) returned 1 [0140.893] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.900] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.905] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.905] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.906] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0140.906] SetEvent (hEvent=0xc0) returned 1 [0140.906] SetEvent (hEvent=0xec) returned 1 [0140.906] SetEvent (hEvent=0x324) returned 1 [0140.906] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.923] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.923] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0140.923] SetEvent (hEvent=0xc0) returned 1 [0140.923] SetEvent (hEvent=0x12c) returned 1 [0140.923] SetEvent (hEvent=0xfc) returned 1 [0140.924] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.925] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.929] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.930] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0140.930] SetEvent (hEvent=0x30c) returned 1 [0140.930] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.930] GetFileType (hFile=0x240) returned 0x1 [0140.930] WriteFile (in: hFile=0x240, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc00024bd4c*=0x158, lpOverlapped=0x0) returned 1 [0140.931] CloseHandle (hObject=0x240) returned 1 [0140.932] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\02540a10-7eb7-4b20-a8c7-470f8986389c"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\encry-02540a10-7eb7-4b20-a8c7-470f8986389c" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\encry-02540a10-7eb7-4b20-a8c7-470f8986389c"), dwFlags=0x1) returned 1 [0140.933] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.934] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0140.934] SetEvent (hEvent=0xec) returned 1 [0140.934] SetEvent (hEvent=0x12c) returned 1 [0140.934] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.942] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.943] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0140.943] SetEvent (hEvent=0x30c) returned 1 [0140.943] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.973] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0140.973] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0140.973] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0140.974] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0140.974] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0140.975] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000141cf4 | out: lpMode=0xc000141cf4) returned 0 [0140.995] GetFileType (hFile=0x2f0) returned 0x1 [0140.995] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0140.995] GetFileType (hFile=0x2f0) returned 0x1 [0140.995] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc000141d44 | out: lpFileInformation=0xc000141d44) returned 1 [0140.995] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc000141d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000141d28) returned 1 [0140.995] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0140.996] VirtualAlloc (lpAddress=0xc0000b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b8000 [0140.996] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0000b8000, nNumberOfBytesToRead=0x310, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b8000*, lpNumberOfBytesRead=0xc000141c04*=0x110, lpOverlapped=0x0) returned 1 [0140.997] ReadFile (in: hFile=0x2f0, lpBuffer=0xc0000b8110, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000141c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b8110*, lpNumberOfBytesRead=0xc000141c04*=0x0, lpOverlapped=0x0) returned 1 [0140.997] CloseHandle (hObject=0x2f0) returned 1 [0140.998] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0140.998] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0140.999] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0141.000] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000141d04 | out: lpMode=0xc000141d04) returned 0 [0141.005] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0141.194] GetFileType (hFile=0x2f0) returned 0x1 [0141.194] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0000bc000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc000141cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc000*, lpNumberOfBytesWritten=0xc000141cec*=0x120, lpOverlapped=0x0) returned 1 [0141.195] CloseHandle (hObject=0x2f0) returned 1 [0141.195] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0141.195] VirtualAlloc (lpAddress=0xc00047e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00047e000 [0141.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0141.195] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000141d64 | out: lpMode=0xc000141d64) returned 0 [0141.210] GetFileType (hFile=0x2f0) returned 0x1 [0141.210] WriteFile (in: hFile=0x2f0, lpBuffer=0xc00007a2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000141d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007a2c0*, lpNumberOfBytesWritten=0xc000141d4c*=0x158, lpOverlapped=0x0) returned 1 [0141.211] CloseHandle (hObject=0x2f0) returned 1 [0141.211] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@linkedin[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@linkedin[1].txt"), dwFlags=0x1) returned 1 [0141.257] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0141.258] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001a5cf4 | out: lpMode=0xc0001a5cf4) returned 0 [0141.266] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0141.492] GetFileType (hFile=0x2f0) returned 0x1 [0141.492] GetFileType (hFile=0x2f0) returned 0x1 [0141.492] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0001a5d44 | out: lpFileInformation=0xc0001a5d44) returned 1 [0141.492] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0001a5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a5d28) returned 1 [0141.492] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0141.493] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00025c000, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025c000*, lpNumberOfBytesRead=0xc0001a5c04*=0x1e00, lpOverlapped=0x0) returned 1 [0142.535] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0143.063] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00025de00, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025de00*, lpNumberOfBytesRead=0xc0001a5c04*=0x0, lpOverlapped=0x0) returned 1 [0143.063] CloseHandle (hObject=0x2f0) returned 1 [0143.063] VirtualAlloc (lpAddress=0xc000730000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000730000 [0143.065] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0143.066] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001a5d04 | out: lpMode=0xc0001a5d04) returned 0 [0143.072] GetFileType (hFile=0x2f0) returned 0x1 [0143.072] WriteFile (in: hFile=0x2f0, lpBuffer=0xc000730000*, nNumberOfBytesToWrite=0x1e10, lpNumberOfBytesWritten=0xc0001a5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000730000*, lpNumberOfBytesWritten=0xc0001a5cec*=0x1e10, lpOverlapped=0x0) returned 1 [0143.074] CloseHandle (hObject=0x2f0) returned 1 [0143.074] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b101 | out: pbBuffer=0xc00031b101) returned 1 [0143.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0143.074] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001a5d64 | out: lpMode=0xc0001a5d64) returned 0 [0143.086] GetFileType (hFile=0x2f0) returned 0x1 [0143.086] WriteFile (in: hFile=0x2f0, lpBuffer=0xc000290840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290840*, lpNumberOfBytesWritten=0xc0001a5d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.086] CloseHandle (hObject=0x2f0) returned 1 [0143.086] VirtualAlloc (lpAddress=0xc000732000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000732000 [0143.087] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\7e4dca80246863e3.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\7e4dca80246863e3.automaticdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\encry-7e4dca80246863e3.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\encry-7e4dca80246863e3.automaticdestinations-ms"), dwFlags=0x1) returned 1 [0143.089] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.090] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0143.090] SetEvent (hEvent=0xc0) returned 1 [0143.090] SetEvent (hEvent=0x258) returned 1 [0143.090] SetEvent (hEvent=0x334) returned 1 [0143.090] SetEvent (hEvent=0xfc) returned 1 [0143.092] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.097] SetEvent (hEvent=0xfc) returned 1 [0143.097] SetEvent (hEvent=0x334) returned 1 [0143.097] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.109] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.109] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0143.109] SetEvent (hEvent=0xc0) returned 1 [0143.109] SetEvent (hEvent=0x258) returned 1 [0143.109] SetEvent (hEvent=0xfc) returned 1 [0143.109] SetEvent (hEvent=0x334) returned 1 [0143.110] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.122] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f698, ulCount=0x10, ulNumEntriesRemoved=0x2de9f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f698, ulNumEntriesRemoved=0x2de9f66c) returned 0 [0143.123] SetEvent (hEvent=0x258) returned 1 [0143.123] SetEvent (hEvent=0xfc) returned 1 [0143.123] SetEvent (hEvent=0x334) returned 1 [0143.124] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.173] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0143.173] SetEvent (hEvent=0x334) returned 1 [0143.173] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe08*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.198] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0143.198] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe30*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.200] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0143.200] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2de9f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2de9f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2de9f6a0, ulNumEntriesRemoved=0x2de9f674) returned 0 [0143.200] SetEvent (hEvent=0x334) returned 1 [0143.200] SetEvent (hEvent=0xa90) returned 1 [0143.200] SetEvent (hEvent=0x8e0) returned 1 [0143.200] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2de9fe18*=0x3c8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.221] SetEvent (hEvent=0x274) returned 1 [0143.221] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0143.227] SetEvent (hEvent=0x9c8) returned 1 [0143.227] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0143.236] SetEvent (hEvent=0xaa8) returned 1 [0143.236] SetEvent (hEvent=0x900) returned 1 [0143.236] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0143.247] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000600e0*, nNumberOfCharsToWrite=0x6b, lpNumberOfCharsWritten=0xc000133808, lpReserved=0x0 | out: lpBuffer=0xc0000600e0*, lpNumberOfCharsWritten=0xc000133808*=0x6b) returned 1 [0143.258] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0144.113] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0144.114] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x464 [0144.114] GetConsoleMode (in: hConsoleHandle=0x464, lpMode=0xc000133d64 | out: lpMode=0xc000133d64) returned 0 [0144.116] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0144.531] GetFileType (hFile=0x464) returned 0x1 [0144.531] WriteFile (in: hFile=0x464, lpBuffer=0xc000614160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000133d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614160*, lpNumberOfBytesWritten=0xc000133d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.532] CloseHandle (hObject=0x464) returned 1 [0144.533] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\PrivacIE\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\privacie\\encry-index.dat"), dwFlags=0x1) returned 1 [0144.534] SetEvent (hEvent=0x960) returned 1 [0144.534] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0144.539] SetEvent (hEvent=0x8b8) returned 1 [0144.539] SetEvent (hEvent=0xa40) returned 1 [0144.539] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0144.559] SetEvent (hEvent=0xc6c) returned 1 [0144.559] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0144.562] SetEvent (hEvent=0xc6c) returned 1 [0144.563] SetEvent (hEvent=0xaf8) returned 1 [0144.563] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) returned 0x0 [0144.580] SetEvent (hEvent=0x1e8) returned 1 [0144.580] WaitForSingleObject (hHandle=0x3c8, dwMilliseconds=0xffffffff) Thread: id = 59 os_tid = 0xb34 [0116.343] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2e09fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2e09fea0*=0x390) returned 1 [0116.343] VirtualQuery (in: lpAddress=0x2e09fec0, lpBuffer=0x2e09fec0, dwLength=0x30 | out: lpBuffer=0x2e09fec0*(BaseAddress=0x2e09f000, AllocationBase=0x2dea0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.343] SetEvent (hEvent=0x1a0) returned 1 [0116.343] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x39c [0116.343] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a0 [0116.343] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0116.346] GetFileType (hFile=0x218) returned 0x1 [0116.346] GetFileType (hFile=0x218) returned 0x1 [0116.346] GetFileInformationByHandle (in: hFile=0x218, lpFileInformation=0xc000273d44 | out: lpFileInformation=0xc000273d44) returned 1 [0116.346] GetFileInformationByHandleEx (in: hFile=0x218, FileInformationClass=0x9, lpFileInformation=0xc000273d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000273d28) returned 1 [0116.346] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0116.347] ReadFile (in: hFile=0x218, lpBuffer=0xc000198000, nNumberOfBytesToRead=0xc7b, lpNumberOfBytesRead=0xc000273c04, lpOverlapped=0x0 | out: lpBuffer=0xc000198000*, lpNumberOfBytesRead=0xc000273c04*=0xa7b, lpOverlapped=0x0) returned 1 [0116.355] ReadFile (in: hFile=0x218, lpBuffer=0xc000198a7b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000273c04, lpOverlapped=0x0 | out: lpBuffer=0xc000198a7b*, lpNumberOfBytesRead=0xc000273c04*=0x0, lpOverlapped=0x0) returned 1 [0116.355] CloseHandle (hObject=0x218) returned 1 [0116.355] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0116.356] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c4 [0116.533] GetConsoleMode (in: hConsoleHandle=0x3c4, lpMode=0xc000273d04 | out: lpMode=0xc000273d04) returned 0 [0116.535] GetFileType (hFile=0x3c4) returned 0x1 [0116.535] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0116.535] WriteFile (in: hFile=0x3c4, lpBuffer=0xc0001c0000*, nNumberOfBytesToWrite=0xa80, lpNumberOfBytesWritten=0xc000273cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0000*, lpNumberOfBytesWritten=0xc000273cec*=0xa80, lpOverlapped=0x0) returned 1 [0116.537] CloseHandle (hObject=0x3c4) returned 1 [0116.539] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0101 | out: pbBuffer=0xc0002f0101) returned 1 [0116.539] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0116.540] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0116.540] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0116.541] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0116.541] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0116.542] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0116.543] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0116.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c8 [0116.543] GetConsoleMode (in: hConsoleHandle=0x3c8, lpMode=0xc000273d64 | out: lpMode=0xc000273d64) returned 0 [0116.544] GetFileType (hFile=0x3c8) returned 0x1 [0116.544] WriteFile (in: hFile=0x3c8, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000273d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000273d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.544] CloseHandle (hObject=0x3c8) returned 1 [0116.546] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[2].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBC0mkg[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbc0mkg[2].jpg"), dwFlags=0x1) returned 1 [0117.157] SetEvent (hEvent=0x3c8) returned 1 [0117.157] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0117.158] SwitchToThread () returned 1 [0117.159] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0117.165] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0117.166] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0117.167] SetEvent (hEvent=0x1dc) returned 1 [0117.167] SetEvent (hEvent=0x9c) returned 1 [0117.167] VirtualFree (lpAddress=0xc0002b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.168] VirtualFree (lpAddress=0xc0002b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.168] VirtualFree (lpAddress=0xc00027c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.169] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.169] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0117.170] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEedPR[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeedpr[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe4ca790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1ca7)) returned 1 [0117.170] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf306[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef306[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x86f)) returned 1 [0117.171] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEf54R[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbef54r[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459613d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x828)) returned 1 [0117.171] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4587cb90, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4587cb90, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4587cb90, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3860)) returned 1 [0117.171] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBq0[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbq0[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457be4b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457be4b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457be4b0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x19a5)) returned 1 [0117.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBrz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbrz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45bc29d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2619)) returned 1 [0117.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfXl6[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefxl6[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b76710, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b76710, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b76710, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1f84)) returned 1 [0117.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgEH3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegeh3[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbded7090, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbded7090, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbded7090, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1c7e)) returned 1 [0117.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgTxB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegtxb[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4574c090, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x9b7)) returned 1 [0117.172] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEgsz3[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbegsz3[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8f9)) returned 1 [0117.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBaK3Nm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbak3nm[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x227)) returned 1 [0117.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBo1lFJ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbo1lfj[2].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45bc29d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x36e)) returned 1 [0117.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBs47TE[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbs47te[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x455f5430, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x455f5430, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x455f5430, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x23f)) returned 1 [0117.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBu9sWQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbu9swq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45987530, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2cb0)) returned 1 [0117.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BByazif[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbyazif[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45bc29d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45bc29d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45bc29d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x228c)) returned 1 [0117.174] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0117.174] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ContainerTag[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\containertag[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe8f4e10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe8f4e10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe8f4e10, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7b1)) returned 1 [0117.174] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0117.175] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\GoogleInstaller_de[1].application" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\googleinstaller_de[1].application"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x659c6020, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x659c6020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x65c99a40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6c)) returned 1 [0117.175] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MSNIdSync[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\msnidsync[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457e4610, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457e4610, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457e4610, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xec5)) returned 1 [0117.175] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MemMDL2.2.17[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\memmdl2.2.17[1].eot"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54cce0d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54cce0d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54d1a390, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a114)) returned 1 [0117.176] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0117.176] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0117.177] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0117.177] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\activityi;src=2542116;type=clien612;cat=chrom0;ord=1;num=7814394060213[1].htm"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61be2420, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61be2420, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61be2420, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x650)) returned 1 [0117.177] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0117.178] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfscript[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfscript[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2a0770, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf2a0770, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf2a0770, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x2870)) returned 1 [0117.178] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\adfserve[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\adfserve[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf54e030, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf54e030, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf54e030, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0xf1f)) returned 1 [0117.178] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ast[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ast[2].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533a9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533a9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533a9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11835)) returned 1 [0117.180] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0117.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\async_usersync[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\async_usersync[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53d7b330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53d7b330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53d7b330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x543)) returned 1 [0117.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\b2fd15[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\b2fd15[1].eot"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5108d3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5108d3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x510b3550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x86e6)) returned 1 [0117.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-components[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-components[1].css"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b51310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b51310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b51310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xaf13)) returned 1 [0117.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\bs-util[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bs-util[1].css"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54b9d5d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54b9d5d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54b9d5d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x30be)) returned 1 [0117.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\c7-bdbd0d-91cdfbc1[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\c7-bdbd0d-91cdfbc1[1].txt"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd97bf10, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbd97bf10, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbd9a2070, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x254f1)) returned 1 [0117.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[1].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[1].loaded_0"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x614e4380, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x614e4380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x614e4380, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x211dd)) returned 1 [0117.190] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\cb=gapi[2].loaded_0" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\cb=gapi[2].loaded_0"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x63c04d20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x63c04d20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x63c04d20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x653e)) returned 1 [0117.193] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0117.210] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome.min[1].css" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome.min[1].css"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x584c4b60, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x584c4b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x58510e20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2a03f)) returned 1 [0117.211] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\chrome_throbber_fast_16[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\chrome_throbber_fast_16[1].gif"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60c69520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60c69520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60c69520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x60c)) returned 1 [0117.211] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\collect[1].gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\collect[1].gif"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x55333bf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x55333bf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x55333bf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2b)) returned 1 [0117.212] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43)) returned 1 [0117.212] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\eula-mac[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\eula-mac[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60d9a020, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60d9a020, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60de62e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x48ba)) returned 1 [0117.212] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61093ba0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x61093ba0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x61093ba0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa84a)) returned 1 [0117.214] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0117.237] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0117.237] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0117.238] SetEvent (hEvent=0x388) returned 1 [0117.238] GetFileAttributesExW (in: lpFileName="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1D;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\getype=homepage;kvpg=msn%2fde-de;kvugc=0;kvmn=msndede1d;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=5;target=_blank;aduho=600;grp=852361999[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe15e7f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe15e7f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe1f6d70, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1305)) returned 1 [0117.238] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0117.247] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0117.247] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0117.248] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[1]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[1]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf03f170, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf03f170, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf0652d0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x4c9)) returned 1 [0117.249] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0117.254] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0117.254] SetEvent (hEvent=0x388) returned 1 [0117.254] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\js[2]" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\js[2]"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2544b0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf2544b0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf2544b0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x562)) returned 1 [0117.255] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0117.262] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\latest[1].eot"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54feddb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54feddb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x550601d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7a43)) returned 1 [0117.262] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\modernizr[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\modernizr[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x605b7740, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x605b7740, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x605b7740, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x46c9)) returned 1 [0117.319] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\only[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\only[1].htm"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfbb3b50, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfbb3b50, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfbb3b50, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0117.393] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0117.554] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[1].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x6b6d)) returned 1 [0117.979] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\player[2].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\player[2].js"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45856a30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x5f44)) returned 1 [0118.045] SetEvent (hEvent=0x24c) returned 1 [0118.045] VirtualAlloc (lpAddress=0xc00052c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00052c000 [0118.045] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\tecjslog[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\tecjslog[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbfb41730, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbfb41730, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbfb41730, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x67)) returned 1 [0118.559] SetEvent (hEvent=0x188) returned 1 [0118.559] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0118.559] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\th[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\th[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x55c14b20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x55c14b20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x55c14b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x911)) returned 1 [0118.597] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0118.602] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0118.602] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\thankyou[1].htm" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\thankyou[1].htm"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x692027e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x692027e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x69232580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x805a)) returned 1 [0118.604] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0118.604] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0118.605] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8"), fInfoLevelId=0x0, lpFileInformation=0xc000221418 | out: lpFileInformation=0xc000221418*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50fa0830, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50fa0830, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0118.606] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0118.616] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0118.616] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0118.617] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0118.617] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\*", lpFindFileData=0xc0002211d0 | out: lpFindFileData=0xc0002211d0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50fa0830, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50fa0830, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0118.623] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x50fa0830, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50fa0830, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0118.630] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0118.634] SetEvent (hEvent=0x274) returned 1 [0118.634] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe967230, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe967230, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe9b34f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7f7e, dwReserved0=0x0, dwReserved1=0x0, cFileName="0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg", cAlternateFileName="0FF929~1.JPG")) returned 1 [0118.634] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0118.648] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0118.648] SetEvent (hEvent=0x3c8) returned 1 [0118.648] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54a20810, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54a20810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54a46970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc05f, dwReserved0=0x0, dwReserved1=0x0, cFileName="26158[1].png", cAlternateFileName="26158_~1.PNG")) returned 1 [0118.648] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458eefb0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458eefb0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458eefb0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3e3, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA42x3V[1].png", cAlternateFileName="AA42X3~1.PNG")) returned 1 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5341bc90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5341bc90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5341bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA58NQj[1].png", cAlternateFileName="AA58NQ~1.PNG")) returned 1 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x515e8570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA61Ofl[1].png", cAlternateFileName="AA61OF~1.PNG")) returned 1 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45915110, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="AA6SFRQ[2].png", cAlternateFileName="AA6SFR~2.PNG")) returned 1 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4580a770, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4580a770, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4580a770, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x19e, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAa1vhm[1].png", cAlternateFileName="AAA1VH~1.PNG")) returned 1 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53846310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53846310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53846310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAa1xJF[1].png", cAlternateFileName="AAA1XJ~1.PNG")) returned 1 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5159c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5159c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5159c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAlG41q[1].jpg", cAlternateFileName="AALG41~1.JPG")) returned 1 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x157, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAmin0Z[1].png", cAlternateFileName="AAMIN0~1.PNG")) returned 1 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533f5b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533f5b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5341bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36b1, dwReserved0=0x0, dwReserved1=0x0, cFileName="AAnhRyj[1].jpg", cAlternateFileName="AANHRY~1.JPG")) returned 1 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64c161a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x64c161a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x64e9d900, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x39f, dwReserved0=0x0, dwReserved1=0x0, cFileName="activityi;src=2542116;cat=Chrom00;type=clien612;ord=2366422437621[1].htm", cAlternateFileName="ACTIVI~1.HTM")) returned 1 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf2eca30, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf2eca30, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf312b90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x91dd, dwReserved0=0x0, dwReserved1=0x0, cFileName="adex[1].js", cAlternateFileName="ADEX_1~1.JS")) returned 1 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x540e72d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x540e72d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x540e72d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2874, dwReserved0=0x0, dwReserved1=0x0, cFileName="adfscript[1]", cAlternateFileName="ADFSCR~1")) returned 1 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbdb6b0f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbdb6b0f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbdb6b0f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x525b, dwReserved0=0x0, dwReserved1=0x0, cFileName="adsWrapperMSNI[1].js", cAlternateFileName="ADSWRA~1.JS")) returned 1 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe967230, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe967230, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe9b34f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x8217, dwReserved0=0x0, dwReserved1=0x0, cFileName="ae8e984b-1820-4a8d-93dc-392ed6563fb6[1].jpg", cAlternateFileName="AE8E98~1.JPG")) returned 1 [0118.654] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe112530, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe112530, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe15e7f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1183b, dwReserved0=0x0, dwReserved1=0x0, cFileName="ast[1].js", cAlternateFileName="AST_1_~1.JS")) returned 1 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58798580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58798580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x58798580, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13a9, dwReserved0=0x0, dwReserved1=0x0, cFileName="autotrack[1].js", cAlternateFileName="AUTOTR~1.JS")) returned 1 [0118.654] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45987530, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x145, dwReserved0=0x0, dwReserved1=0x0, cFileName="BB56XTo[1].png", cAlternateFileName="BB56XT~1.PNG")) returned 1 [0118.655] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e28590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="BB5vO0g[1].png", cAlternateFileName="BB5VO0~1.PNG")) returned 1 [0118.655] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x156, dwReserved0=0x0, dwReserved1=0x0, cFileName="BB8AdqN[1].png", cAlternateFileName="BB8ADQ~1.PNG")) returned 1 [0118.655] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45be8b30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45be8b30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ca7210, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x152c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBALZyp[1].jpg", cAlternateFileName="BBALZY~1.JPG")) returned 1 [0118.655] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5360ae70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5360ae70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5360ae70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x97c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBImKp[1].jpg", cAlternateFileName="BBBIMK~1.JPG")) returned 1 [0118.655] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53598a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53598a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53630fd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBMGJo[1].jpg", cAlternateFileName="BBBMGJ~1.JPG")) returned 1 [0118.655] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539049f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x862, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBMKDF[1].jpg", cAlternateFileName="BBBMKD~1.JPG")) returned 1 [0118.655] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53846310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53846310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53846310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x142e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBMQch[1].jpg", cAlternateFileName="BBBMQC~1.JPG")) returned 1 [0118.655] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58321c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58321c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x58321c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBMyVh[1].jpg", cAlternateFileName="BBBMYV~1.JPG")) returned 1 [0118.655] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53337450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x812, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBNAf7[1].jpg", cAlternateFileName="BBBNAF~1.JPG")) returned 1 [0118.655] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533a9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533a9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533a9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb22, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBNnTF[1].jpg", cAlternateFileName="BBBNNT~1.JPG")) returned 1 [0118.655] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539c30d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539c30d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539c30d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1529, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBO4dZ[1].jpg", cAlternateFileName="BBBO4D~1.JPG")) returned 1 [0118.663] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0118.664] SetEvent (hEvent=0x3c8) returned 1 [0118.664] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538b8730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1e61, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBO8ow[1].jpg", cAlternateFileName="BBBO8O~1.JPG")) returned 1 [0118.664] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x532eb190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x636, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBOaeS[1].jpg", cAlternateFileName="BBBOAE~1.JPG")) returned 1 [0118.664] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53278d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53278d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53278d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x82a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBOcIb[1].jpg", cAlternateFileName="BBBOCI~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53b8c150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b8c150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53b8c150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x161e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBOddp[1].jpg", cAlternateFileName="BBBODD~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a1fd500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a1fd500, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a223660, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5685, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBOmar[1].jpg", cAlternateFileName="BBBOMA~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f7f1f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f7f1f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f7f1f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2f6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBR4yQ[1].jpg", cAlternateFileName="BBBR4Y~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e4e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e4e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e4e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x264b, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBUPaj[1].jpg", cAlternateFileName="BBBUPA~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e275160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5e275160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5e275160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e08, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBVEOW[1].jpg", cAlternateFileName="BBBVEO~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f32f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f32f30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f32f30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBVLcG[1].jpg", cAlternateFileName="BBBVLC~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x530afcf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x82d, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBVSkP[1].jpg", cAlternateFileName="BBBVSK~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x612a8ee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x612a8ee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x612a8ee0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x16f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBYfEH[1].jpg", cAlternateFileName="BBBYFE~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53017770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53017770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53017770, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc20, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBBZ5vT[1].jpg", cAlternateFileName="BBBZ5V~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x514ddbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x514ddbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x514ddbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x86e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC02Gr[1].jpg", cAlternateFileName="BBC02G~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5392ab50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5392ab50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5392ab50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x86e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC02Gr[2].jpg", cAlternateFileName="BBC02G~2.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fa5350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fa5350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fa5350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x89a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC03B1[1].jpg", cAlternateFileName="BBC03B~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f0cdd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f0cdd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f0cdd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC06Ub[1].jpg", cAlternateFileName="BBC06U~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e74850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0Djg[1].jpg", cAlternateFileName="BBC0DJ~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ec0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ec0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52ec0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7fd, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0g7a[1].jpg", cAlternateFileName="BBC0G7~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fcb4b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fcb4b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x82f, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0lf2[1].jpg", cAlternateFileName="BBC0LF~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b2e35a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5b2e35a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5b2e35a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1afe, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0mK1[1].jpg", cAlternateFileName="BBC0MK~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53089b90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53089b90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53089b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1fc3, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBC0qlB[1].jpg", cAlternateFileName="BBC0QL~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458308d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2ecb, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBE7KPZ[1].jpg", cAlternateFileName="BBE7KP~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a6bd70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a6bd70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a6bd70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x9c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBE8IlA[1].jpg", cAlternateFileName="BBE8IL~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b9c870, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b9c870, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b9c870, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2669, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBE972F[1].jpg", cAlternateFileName="BBE972~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458308d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2a77, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBE9tdx[1].jpg", cAlternateFileName="BBE9TD~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458a2cf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458a2cf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458a2cf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2fe3, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEdrqt[1].jpg", cAlternateFileName="BBEDRQ~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459ad690, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459ad690, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459ad690, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x857, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEeEwt[1].jpg", cAlternateFileName="BBEEEW~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4593b270, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4593b270, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4593b270, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x7d9, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEeis3[1].jpg", cAlternateFileName="BBEEIS~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a1fab0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a1fab0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a1fab0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x8c5, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEeKvV[1].jpg", cAlternateFileName="BBEEKV~1.JPG")) returned 1 [0118.665] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a91ed0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a91ed0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xef00, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEeNd8[1].png", cAlternateFileName="BBEEND~1.PNG")) returned 1 [0118.666] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3323, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEewZB[1].jpg", cAlternateFileName="BBEEWZ~1.JPG")) returned 1 [0118.666] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459613d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459613d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45987530, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x9d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEeZ0k[1].jpg", cAlternateFileName="BBEEZ0~1.JPG")) returned 1 [0118.668] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b042f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b042f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b042f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2d32, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEf6s4[1].jpg", cAlternateFileName="BBEF6S~1.JPG")) returned 1 [0118.668] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b2a450, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b2a450, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b2a450, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x85d, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEfAc5[1].jpg", cAlternateFileName="BBEFAC~1.JPG")) returned 1 [0118.668] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45510bf0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45510bf0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45510bf0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x197c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEfgDi[1].jpg", cAlternateFileName="BBEFGD~1.JPG")) returned 1 [0118.668] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xb7e, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEfjuT[1].jpg", cAlternateFileName="BBEFJU~1.JPG")) returned 1 [0118.668] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x457be4b0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x457be4b0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457be4b0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x1b14, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEfkgi[1].jpg", cAlternateFileName="BBEFKG~1.JPG")) returned 1 [0118.668] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45915110, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2978, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEfRKA[1].jpg", cAlternateFileName="BBEFRK~1.JPG")) returned 1 [0118.668] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4574c090, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4574c090, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x457721f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2b6c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEfRwv[1].jpg", cAlternateFileName="BBEFRW~1.JPG")) returned 1 [0118.668] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45478670, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45478670, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45478670, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2676, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEfwtU[1].jpg", cAlternateFileName="BBEFWT~1.JPG")) returned 1 [0118.668] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45856a30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45856a30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45856a30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0xb41, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEfY4X[1].jpg", cAlternateFileName="BBEFY4~1.JPG")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x25f6, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgD9f[1].jpg", cAlternateFileName="BBEGD9~1.JPG")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45ab8030, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45ab8030, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ab8030, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x819, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgJfz[1].jpg", cAlternateFileName="BBEGJF~1.JPG")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b2a450, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b2a450, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b2a450, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x916, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgsWA[1].jpg", cAlternateFileName="BBEGSW~1.JPG")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45725f30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45725f30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45725f30, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x918, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBEgX5G[1].jpg", cAlternateFileName="BBEGX5~1.JPG")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x51256470, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x51256470, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51256470, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBih5H[1].png", cAlternateFileName="BBIH5H~1.PNG")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe4ca790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe4ca790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe4ca790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x24c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBmUxRK[1].png", cAlternateFileName="BBMUXR~1.PNG")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x459f9950, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x459f9950, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x459f9950, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x398, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBndhJA[1].png", cAlternateFileName="BBNDHJ~1.PNG")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458c8e50, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458c8e50, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458c8e50, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x230, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBoqF0J[1].png", cAlternateFileName="BBOQF0~1.PNG")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53063a30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53063a30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53063a30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBzjV9E[1].png", cAlternateFileName="BBZJV9~1.PNG")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60cdb940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60cdb940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60d4dd60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1fdaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="benefits-1[1].jpg", cAlternateFileName="BENEFI~1.JPG")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6157c900, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6157c900, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x615c8bc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x12282, dwReserved0=0x0, dwReserved1=0x0, cFileName="cb=gapi[1].loaded_1", cAlternateFileName="CB_GAP~1.LOA")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x50fa0830, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x50fa0830, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x50fa0830, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x82d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="chartbeat[1].js", cAlternateFileName="CHARTB~1.JS")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60c8f680, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60c8f680, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60d01aa0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3bf20, dwReserved0=0x0, dwReserved1=0x0, cFileName="chrome-installer.min[1].js", cAlternateFileName="CHROME~1.JS")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x60aec760, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x60aec760, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x60aec760, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1622, dwReserved0=0x0, dwReserved1=0x0, cFileName="chrome_logo_2x[1].png", cAlternateFileName="CHROME~1.PNG")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x610b9d00, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x610b9d00, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x610b9d00, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x13d, dwReserved0=0x0, dwReserved1=0x0, cFileName="close-icon[1].png", cAlternateFileName="CLOSE-~1.PNG")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54e4ae90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54e4ae90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54e4ae90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x269b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="css[1].txt", cAlternateFileName="CSS_1_~1.TXT")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x4f090c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x4f090c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x4f090c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x43, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf7af630, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf7af630, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf821a50, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x4d5b9, dwReserved0=0x0, dwReserved1=0x0, cFileName="ebHtml5Banner[1].js", cAlternateFileName="EBHTML~1.JS")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x64009240, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x64009240, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6402f3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5244, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula-win[1].jpg", cAlternateFileName="EULA-W~1.JPG")) returned 1 [0118.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe15e7f0, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe15e7f0, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe15e7f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x1303, dwReserved0=0x0, dwReserved1=0x0, cFileName="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1B;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=3;target=_blank;aduho=600;grp=852361999[1]", cAlternateFileName="GETYPE~3")) returned 1 [0118.675] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0118.676] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x530afcf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=627518548;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=627518548[1]", cAlternateFileName="GETYPE~1")) returned 1 [0118.676] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe138690, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe138690, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe138690, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x972, dwReserved0=0x0, dwReserved1=0x0, cFileName="getype=homepage;kvpg=msn%2Fde-de;kvugc=0;kvmn=MSNDEDE1C;kvgrp=852361999;kvismob=2;extmirroring=0;kvtile=4;target=_blank;aduho=600;grp=852361999[1]", cAlternateFileName="GETYPE~2")) returned 1 [0118.676] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x510ff810, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x510ff810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x51125970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1762e, dwReserved0=0x0, dwReserved1=0x0, cFileName="jquery-1.11.1.min[1].js", cAlternateFileName="JQUERY~1.JS")) returned 1 [0118.676] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5442d110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5442d110, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5442d110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="js[1]", cAlternateFileName="JS_1_~1")) returned 1 [0118.676] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x44bd95f0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x44bd95f0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x44bd95f0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="js[2]", cAlternateFileName="JS_2_~1")) returned 1 [0118.676] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54d66650, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54d66650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54e70ff0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7154, dwReserved0=0x0, dwReserved1=0x0, cFileName="latest[1].eot", cAlternateFileName="LATEST~1.EOT")) returned 1 [0118.676] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54d8c7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54d8c7b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54e97150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x6e9b, dwReserved0=0x0, dwReserved1=0x0, cFileName="latest[2].eot", cAlternateFileName="LATEST~2.EOT")) returned 1 [0118.676] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54d8c7b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54d8c7b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54e97150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x77b3, dwReserved0=0x0, dwReserved1=0x0, cFileName="latest[3].eot", cAlternateFileName="LATEST~3.EOT")) returned 1 [0118.676] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e4e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e4e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53122110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x922, dwReserved0=0x0, dwReserved1=0x0, cFileName="msn[1].htm", cAlternateFileName="MSN_1_~1.HTM")) returned 1 [0118.676] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6378e3e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6378e3e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x637b4540, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3112, dwReserved0=0x0, dwReserved1=0x0, cFileName="rpc_shindig_random[1].js", cAlternateFileName="RPC_SH~1.JS")) returned 1 [0118.676] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0118.677] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2000, ftCreationTime.dwLowDateTime=0xbf7d5790, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbf7d5790, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbf7d5790, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="thirdparty[1]", cAlternateFileName="THIRDP~1")) returned 1 [0118.677] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54a20810, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54a20810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54adeef0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa33, dwReserved0=0x0, dwReserved1=0x0, cFileName="uid[1].htm", cAlternateFileName="UID_1_~1.HTM")) returned 1 [0118.677] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe5d5130, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe5d5130, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe5d5130, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x3325, dwReserved0=0x0, dwReserved1=0x0, cFileName="v2[1]", cAlternateFileName="V2_1_~1")) returned 1 [0118.677] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54c35b50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54c35b50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54c5bcb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x24fea, dwReserved0=0x0, dwReserved1=0x0, cFileName="wc-addons[1].css", cAlternateFileName="WC-ADD~1.CSS")) returned 1 [0118.677] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000221200 | out: lpFindFileData=0xc000221200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0118.677] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0118.678] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbe967230, ftCreationTime.dwHighDateTime=0x1d2faf2, ftLastAccessTime.dwLowDateTime=0xbe967230, ftLastAccessTime.dwHighDateTime=0x1d2faf2, ftLastWriteTime.dwLowDateTime=0xbe9b34f0, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x7f7e)) returned 1 [0118.679] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0118.680] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0118.680] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\26158[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\26158[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x54a20810, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x54a20810, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x54a46970, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc05f)) returned 1 [0118.680] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA42x3V[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa42x3v[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458eefb0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458eefb0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458eefb0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x3e3)) returned 1 [0118.681] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA58NQj[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa58nqj[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5341bc90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5341bc90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5341bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d0)) returned 1 [0118.681] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA61Ofl[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa61ofl[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x515e8570, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x515e8570, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x515e8570, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c4)) returned 1 [0118.681] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AA6SFRQ[2].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aa6sfrq[2].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45915110, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45915110, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45915110, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2ed)) returned 1 [0118.681] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1vhm[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1vhm[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4580a770, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x4580a770, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x4580a770, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x19e)) returned 1 [0118.682] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAa1xJF[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aaa1xjf[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53846310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53846310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53846310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2c1)) returned 1 [0118.682] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAlG41q[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aalg41q[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5159c2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5159c2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5159c2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7b8)) returned 1 [0118.682] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAmin0Z[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aamin0z[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45798350, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45798350, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45798350, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x157)) returned 1 [0118.682] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\AAnhRyj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\aanhryj[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533f5b30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533f5b30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5341bc90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x36b1)) returned 1 [0118.682] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB56XTo[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb56xto[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45987530, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45987530, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45987530, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x145)) returned 1 [0118.683] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB5vO0g[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb5vo0g[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e28590, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e28590, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e28590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1b6)) returned 1 [0118.683] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BB8AdqN[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bb8adqn[1].png"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x456d9c70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x456d9c70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x456d9c70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x156)) returned 1 [0118.683] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBALZyp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbalzyp[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45be8b30, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45be8b30, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45ca7210, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x152c)) returned 1 [0118.683] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBImKp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbimkp[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5360ae70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5360ae70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5360ae70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x97c)) returned 1 [0118.683] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMGJo[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmgjo[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53598a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53598a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53630fd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29ca)) returned 1 [0118.684] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0118.684] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMKDF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmkdf[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539049f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539049f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539049f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x862)) returned 1 [0118.684] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMQch[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmqch[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53846310, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53846310, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53846310, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x142e)) returned 1 [0118.684] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBMyVh[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbmyvh[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58321c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x58321c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x58321c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e6b)) returned 1 [0118.685] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNAf7[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnaf7[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53337450, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53337450, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53337450, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x812)) returned 1 [0118.685] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBNnTF[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbnntf[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x533a9870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x533a9870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x533a9870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb22)) returned 1 [0118.685] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO4dZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo4dz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x539c30d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x539c30d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x539c30d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1529)) returned 1 [0118.686] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBO8ow[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbo8ow[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x538b8730, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x538b8730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x538b8730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1e61)) returned 1 [0118.686] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOaeS[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboaes[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x532eb190, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x532eb190, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x532eb190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x636)) returned 1 [0118.686] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOcIb[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbocib[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53278d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53278d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53278d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x82a)) returned 1 [0118.686] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOddp[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbboddp[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53b8c150, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53b8c150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53b8c150, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x161e)) returned 1 [0118.686] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBOmar[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbomar[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a1fd500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x6a1fd500, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x6a223660, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5685)) returned 1 [0118.690] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBR4yQ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbr4yq[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f7f1f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f7f1f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f7f1f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2f6b)) returned 1 [0118.699] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBUPaj[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbupaj[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e4e6f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e4e6f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e4e6f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x264b)) returned 1 [0118.700] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVEOW[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbveow[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e275160, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5e275160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5e275160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3e08)) returned 1 [0118.700] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVLcG[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvlcg[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f32f30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f32f30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f32f30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa1f)) returned 1 [0118.700] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBVSkP[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbvskp[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x530afcf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x530afcf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x530afcf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x82d)) returned 1 [0118.700] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0118.701] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0118.701] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBYfEH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbyfeh[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x612a8ee0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x612a8ee0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x612a8ee0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x16f5)) returned 1 [0118.702] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0118.702] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBBZ5vT[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbbz5vt[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53017770, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53017770, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53017770, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc20)) returned 1 [0118.702] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x514ddbd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x514ddbd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x514ddbd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x86e)) returned 1 [0118.702] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5392ab50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5392ab50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5392ab50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x86e)) returned 1 [0118.703] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC03B1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc03b1[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fa5350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fa5350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fa5350, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x89a)) returned 1 [0118.703] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52f0cdd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52f0cdd0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52f0cdd0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7bb)) returned 1 [0118.703] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0Djg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0djg[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52e74850, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52e74850, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52e74850, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9ab)) returned 1 [0118.703] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0g7a[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0g7a[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52ec0b10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52ec0b10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52ec0b10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x7fd)) returned 1 [0118.712] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0118.829] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0118.829] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0lf2[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0lf2[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x52fcb4b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52fcb4b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x82f)) returned 1 [0118.839] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0mK1[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0mk1[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5b2e35a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x5b2e35a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x5b2e35a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1afe)) returned 1 [0118.840] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x53089b90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x53089b90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x53089b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1fc3)) returned 1 [0118.850] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0118.971] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0118.972] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0118.972] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE7KPZ[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe7kpz[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458308d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2ecb)) returned 1 [0118.980] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0119.114] SetEvent (hEvent=0x120) returned 1 [0119.114] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE8IlA[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe8ila[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45a6bd70, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45a6bd70, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45a6bd70, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x9c5)) returned 1 [0119.214] SetEvent (hEvent=0xc0) returned 1 [0119.214] SetEvent (hEvent=0x3c0) returned 1 [0119.214] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE972F[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe972f[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x45b9c870, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x45b9c870, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x45b9c870, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2669)) returned 1 [0119.274] SetEvent (hEvent=0x9c) returned 1 [0119.274] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0119.275] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBE9tdx[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbe9tdx[1].jpg"), fInfoLevelId=0x0, lpFileInformation=0xc000221340 | out: lpFileInformation=0xc000221340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x458308d0, ftCreationTime.dwHighDateTime=0x1d2faf3, ftLastAccessTime.dwLowDateTime=0x458308d0, ftLastAccessTime.dwHighDateTime=0x1d2faf3, ftLastWriteTime.dwLowDateTime=0x458308d0, ftLastWriteTime.dwHighDateTime=0x1d2faf3, nFileSizeHigh=0x0, nFileSizeLow=0x2a77)) returned 1 [0119.901] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0119.904] SetEvent (hEvent=0x30c) returned 1 [0119.904] SwitchToThread () returned 1 [0119.905] SetEvent (hEvent=0x30c) returned 1 [0119.905] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0119.906] SetEvent (hEvent=0x30c) returned 1 [0119.906] SetEvent (hEvent=0x1a0) returned 1 [0119.906] SetEvent (hEvent=0x144) returned 1 [0119.906] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0119.908] SetEvent (hEvent=0x1a0) returned 1 [0119.908] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0119.910] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.910] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0119.910] VirtualFree (lpAddress=0xc00003e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0119.911] SetEvent (hEvent=0x148) returned 1 [0119.911] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.165] SetEvent (hEvent=0x258) returned 1 [0120.165] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.168] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.175] SetEvent (hEvent=0x198) returned 1 [0120.175] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0120.176] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000115cf4 | out: lpMode=0xc000115cf4) returned 0 [0120.186] GetFileType (hFile=0x36c) returned 0x1 [0120.186] GetFileType (hFile=0x36c) returned 0x1 [0120.186] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc000115d44 | out: lpFileInformation=0xc000115d44) returned 1 [0120.186] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc000115d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000115d28) returned 1 [0120.186] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0120.186] ReadFile (in: hFile=0x36c, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x316, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc000115c04*=0x116, lpOverlapped=0x0) returned 1 [0120.201] ReadFile (in: hFile=0x36c, lpBuffer=0xc000094116, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000115c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094116*, lpNumberOfBytesRead=0xc000115c04*=0x0, lpOverlapped=0x0) returned 1 [0120.201] CloseHandle (hObject=0x36c) returned 1 [0120.201] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0120.202] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0120.202] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0120.203] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0120.204] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000115d04 | out: lpMode=0xc000115d04) returned 0 [0120.219] GetFileType (hFile=0x36c) returned 0x1 [0120.219] WriteFile (in: hFile=0x36c, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0xc000115cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc000115cec*=0x120, lpOverlapped=0x0) returned 1 [0120.220] CloseHandle (hObject=0x36c) returned 1 [0120.220] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0120.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBzjV9E[1].png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbzjv9e[1].png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0120.220] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000115d64 | out: lpMode=0xc000115d64) returned 0 [0120.224] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.239] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.264] GetFileType (hFile=0x2f0) returned 0x1 [0120.264] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0000b9500*, nNumberOfBytesToWrite=0x3330, lpNumberOfBytesWritten=0xc0001bdcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000b9500*, lpNumberOfBytesWritten=0xc0001bdcec*=0x3330, lpOverlapped=0x0) returned 1 [0120.266] CloseHandle (hObject=0x2f0) returned 1 [0120.266] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0120.266] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0120.267] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f0 [0120.267] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc0001bdd64 | out: lpMode=0xc0001bdd64) returned 0 [0120.273] GetFileType (hFile=0x2f0) returned 0x1 [0120.273] WriteFile (in: hFile=0x2f0, lpBuffer=0xc0002446e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002446e0*, lpNumberOfBytesWritten=0xc0001bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0120.273] CloseHandle (hObject=0x2f0) returned 1 [0120.274] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEewZB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbeewzb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEewZB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbeewzb[1].jpg"), dwFlags=0x1) returned 1 [0120.275] SwitchToThread () returned 1 [0120.278] SetEvent (hEvent=0x258) returned 1 [0120.278] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.281] SwitchToThread () returned 1 [0120.285] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.313] SetEvent (hEvent=0x258) returned 1 [0120.313] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.314] SetEvent (hEvent=0x148) returned 1 [0120.314] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.317] SetEvent (hEvent=0x198) returned 1 [0120.317] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.324] SetEvent (hEvent=0x9c) returned 1 [0120.324] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.353] SetEvent (hEvent=0x9c) returned 1 [0120.353] SetEvent (hEvent=0x30c) returned 1 [0120.353] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.371] SetEvent (hEvent=0x3c0) returned 1 [0120.371] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0120.487] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001abcf4 | out: lpMode=0xc0001abcf4) returned 0 [0120.519] GetFileType (hFile=0x1b0) returned 0x1 [0120.519] GetFileType (hFile=0x1b0) returned 0x1 [0120.519] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0001abd44 | out: lpFileInformation=0xc0001abd44) returned 1 [0120.519] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0001abd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001abd28) returned 1 [0120.519] VirtualAlloc (lpAddress=0xc00031c000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031c000 [0120.521] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00031c000, nNumberOfBytesToRead=0x12482, lpNumberOfBytesRead=0xc0001abc04, lpOverlapped=0x0 | out: lpBuffer=0xc00031c000*, lpNumberOfBytesRead=0xc0001abc04*=0x12282, lpOverlapped=0x0) returned 1 [0120.527] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00032e282, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001abc04, lpOverlapped=0x0 | out: lpBuffer=0xc00032e282*, lpNumberOfBytesRead=0xc0001abc04*=0x0, lpOverlapped=0x0) returned 1 [0120.527] CloseHandle (hObject=0x1b0) returned 1 [0120.527] VirtualAlloc (lpAddress=0xc000386000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000386000 [0120.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0120.598] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0001abd04 | out: lpMode=0xc0001abd04) returned 0 [0120.600] GetFileType (hFile=0x2f4) returned 0x1 [0120.600] WriteFile (in: hFile=0x2f4, lpBuffer=0xc000386000*, nNumberOfBytesToWrite=0x12290, lpNumberOfBytesWritten=0xc0001abcec, lpOverlapped=0x0 | out: lpBuffer=0xc000386000*, lpNumberOfBytesWritten=0xc0001abcec*=0x12290, lpOverlapped=0x0) returned 1 [0120.602] CloseHandle (hObject=0x2f4) returned 1 [0120.614] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000001101 | out: pbBuffer=0xc000001101) returned 1 [0120.614] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0120.615] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0120.615] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001abd64 | out: lpMode=0xc0001abd64) returned 0 [0120.617] GetFileType (hFile=0x240) returned 0x1 [0120.617] WriteFile (in: hFile=0x240, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001abd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc0001abd4c*=0x158, lpOverlapped=0x0) returned 1 [0120.617] CloseHandle (hObject=0x240) returned 1 [0120.623] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\cb=gapi[1].loaded_1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-cb=gapi[1].loaded_1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-cb=gapi[1].loaded_1"), dwFlags=0x1) returned 1 [0120.891] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.893] SetEvent (hEvent=0x12c) returned 1 [0120.893] SetEvent (hEvent=0x148) returned 1 [0120.893] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010058*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001ff818, lpReserved=0x0 | out: lpBuffer=0xc000010058*, lpNumberOfCharsWritten=0xc0001ff818*=0x3) returned 1 [0120.894] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.896] SetEvent (hEvent=0x12c) returned 1 [0120.896] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.900] SetEvent (hEvent=0x12c) returned 1 [0120.901] SetEvent (hEvent=0x148) returned 1 [0120.901] SetEvent (hEvent=0x334) returned 1 [0120.901] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.905] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.906] SetEvent (hEvent=0x12c) returned 1 [0120.906] SetEvent (hEvent=0x258) returned 1 [0120.906] VirtualFree (lpAddress=0xc0002ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.907] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0120.908] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020d818, lpReserved=0x0 | out: lpBuffer=0xc000010080*, lpNumberOfCharsWritten=0xc00020d818*=0x3) returned 1 [0120.911] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.915] SwitchToThread () returned 1 [0120.915] SetEvent (hEvent=0x12c) returned 1 [0120.915] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.918] SetEvent (hEvent=0x12c) returned 1 [0120.918] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0120.920] SetEvent (hEvent=0x12c) returned 1 [0120.920] SetEvent (hEvent=0x1a0) returned 1 [0120.920] SetEvent (hEvent=0x30c) returned 1 [0120.920] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0122.298] VirtualFree (lpAddress=0xc000aec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.299] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0122.299] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0122.300] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0122.300] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0122.301] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0001f9cf4 | out: lpMode=0xc0001f9cf4) returned 0 [0122.303] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0122.366] GetFileType (hFile=0x3d8) returned 0x1 [0122.366] GetFileType (hFile=0x3d8) returned 0x1 [0122.366] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc0001f9d44 | out: lpFileInformation=0xc0001f9d44) returned 1 [0122.366] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc0001f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f9d28) returned 1 [0122.366] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0122.367] ReadFile (in: hFile=0x3d8, lpBuffer=0xc000290000, nNumberOfBytesToRead=0x147e, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesRead=0xc0001f9c04*=0x127e, lpOverlapped=0x0) returned 1 [0122.424] ReadFile (in: hFile=0x3d8, lpBuffer=0xc00029127e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029127e*, lpNumberOfBytesRead=0xc0001f9c04*=0x0, lpOverlapped=0x0) returned 1 [0122.424] CloseHandle (hObject=0x3d8) returned 1 [0122.424] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0122.425] VirtualAlloc (lpAddress=0xc000296000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000296000 [0122.425] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0122.426] VirtualAlloc (lpAddress=0xc000298000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000298000 [0122.427] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0122.427] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\ShadesOfBlue.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\shadesofblue.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0122.428] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0001f9d04 | out: lpMode=0xc0001f9d04) returned 0 [0122.473] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0122.496] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0122.497] SetEvent (hEvent=0x12c) returned 1 [0122.497] SetEvent (hEvent=0x1b4) returned 1 [0122.497] SetEvent (hEvent=0x3c0) returned 1 [0122.497] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0122.626] SetEvent (hEvent=0x324) returned 1 [0122.626] SetEvent (hEvent=0x12c) returned 1 [0122.626] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0122.640] VirtualFree (lpAddress=0xc000800000, dwSize=0xf2000, dwFreeType=0x4000) returned 1 [0122.645] VirtualFree (lpAddress=0xc0006ea000, dwSize=0x116000, dwFreeType=0x4000) returned 1 [0122.651] VirtualFree (lpAddress=0xc0002b6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0122.651] VirtualFree (lpAddress=0xc000296000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.651] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.652] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.652] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.652] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.653] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0122.653] VirtualFree (lpAddress=0xc00004c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0122.653] SetEvent (hEvent=0x1a0) returned 1 [0122.653] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0122.735] SetEvent (hEvent=0x3c0) returned 1 [0122.735] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0122.803] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2c4 [0122.803] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000243cf4 | out: lpMode=0xc000243cf4) returned 0 [0122.807] GetFileType (hFile=0x2c4) returned 0x1 [0122.808] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0122.808] GetFileType (hFile=0x2c4) returned 0x1 [0122.808] GetFileInformationByHandle (in: hFile=0x2c4, lpFileInformation=0xc000243d44 | out: lpFileInformation=0xc000243d44) returned 1 [0122.808] GetFileInformationByHandleEx (in: hFile=0x2c4, FileInformationClass=0x9, lpFileInformation=0xc000243d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000243d28) returned 1 [0122.808] ReadFile (in: hFile=0x2c4, lpBuffer=0xc00021e000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021e000*, lpNumberOfBytesRead=0xc000243c04*=0x0, lpOverlapped=0x0) returned 1 [0122.808] CloseHandle (hObject=0x2c4) returned 1 [0122.808] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0122.809] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0122.809] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000243d04 | out: lpMode=0xc000243d04) returned 0 [0122.811] GetFileType (hFile=0x2c4) returned 0x1 [0122.811] WriteFile (in: hFile=0x2c4, lpBuffer=0xc000010130*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000243cec, lpOverlapped=0x0 | out: lpBuffer=0xc000010130*, lpNumberOfBytesWritten=0xc000243cec*=0x10, lpOverlapped=0x0) returned 1 [0122.813] CloseHandle (hObject=0x2c4) returned 1 [0122.813] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0122.813] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0122.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2c4 [0122.813] GetConsoleMode (in: hConsoleHandle=0x2c4, lpMode=0xc000243d64 | out: lpMode=0xc000243d64) returned 0 [0122.818] GetFileType (hFile=0x2c4) returned 0x1 [0122.818] WriteFile (in: hFile=0x2c4, lpBuffer=0xc0000769a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000243d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000769a0*, lpNumberOfBytesWritten=0xc000243d4c*=0x158, lpOverlapped=0x0) returned 1 [0122.818] CloseHandle (hObject=0x2c4) returned 1 [0122.818] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0122.819] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0122.819] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.pat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\encry-WindowsMail.pat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\encry-windowsmail.pat"), dwFlags=0x1) returned 1 [0122.821] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.823] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0122.823] SetEvent (hEvent=0xc0) returned 1 [0122.823] SetEvent (hEvent=0x1b4) returned 1 [0122.823] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0122.825] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.829] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.833] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0122.834] SetEvent (hEvent=0x1b4) returned 1 [0122.834] SetEvent (hEvent=0x1a0) returned 1 [0122.834] SetEvent (hEvent=0x354) returned 1 [0122.834] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.854] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.855] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0122.855] SetEvent (hEvent=0x3c8) returned 1 [0122.856] SetEvent (hEvent=0x354) returned 1 [0122.856] SetEvent (hEvent=0x30c) returned 1 [0122.857] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.870] SetEvent (hEvent=0x30c) returned 1 [0122.870] SetEvent (hEvent=0xec) returned 1 [0122.870] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.880] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0122.880] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.917] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0122.918] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0122.918] SetEvent (hEvent=0xc0) returned 1 [0122.918] SetEvent (hEvent=0x3c0) returned 1 [0122.918] SetEvent (hEvent=0x324) returned 1 [0122.918] SetEvent (hEvent=0x12c) returned 1 [0122.918] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.939] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.939] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0122.939] SetEvent (hEvent=0xfc) returned 1 [0122.939] SetEvent (hEvent=0x324) returned 1 [0122.940] SetEvent (hEvent=0x1b4) returned 1 [0122.940] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0122.952] SetEvent (hEvent=0x324) returned 1 [0122.952] SetEvent (hEvent=0x114) returned 1 [0122.952] SetEvent (hEvent=0x13c) returned 1 [0122.953] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.960] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0122.960] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0122.961] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0122.961] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0122.962] SetEvent (hEvent=0xc0) returned 1 [0122.962] SetEvent (hEvent=0x354) returned 1 [0122.962] SetEvent (hEvent=0x3c0) returned 1 [0122.962] SetEvent (hEvent=0x13c) returned 1 [0122.962] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0123.003] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0123.004] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0123.004] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0123.004] SetEvent (hEvent=0xc0) returned 1 [0123.004] SetEvent (hEvent=0x30c) returned 1 [0123.004] SetEvent (hEvent=0xec) returned 1 [0123.004] SetEvent (hEvent=0x13c) returned 1 [0123.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0123.011] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00013dd04 | out: lpMode=0xc00013dd04) returned 0 [0123.012] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0123.028] GetFileType (hFile=0x370) returned 0x1 [0123.028] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0123.108] WriteFile (in: hFile=0x370, lpBuffer=0xc0008f0000*, nNumberOfBytesToWrite=0x204010, lpNumberOfBytesWritten=0xc00013dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0008f0000*, lpNumberOfBytesWritten=0xc00013dcec*=0x204010, lpOverlapped=0x0) returned 1 [0123.165] CloseHandle (hObject=0x370) returned 1 [0123.166] GetFileType (hFile=0x3d8) returned 0x1 [0123.166] GetFileType (hFile=0x2f0) returned 0x1 [0123.166] GetFileType (hFile=0x2f0) returned 0x1 [0123.166] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc0001c7d44 | out: lpFileInformation=0xc0001c7d44) returned 1 [0123.166] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc0001c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c7d28) returned 1 [0123.166] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0123.167] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0123.195] SwitchToThread () returned 1 [0123.195] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0123.216] SetEvent (hEvent=0x354) returned 1 [0123.216] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0123.218] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e0b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d5818, lpReserved=0x0 | out: lpBuffer=0xc00005e0b0*, lpNumberOfCharsWritten=0xc0001d5818*=0x3) returned 1 [0123.219] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0123.289] SetEvent (hEvent=0xfc) returned 1 [0123.289] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0123.758] SetEvent (hEvent=0x3c0) returned 1 [0123.758] SwitchToThread () returned 1 [0123.763] SetEvent (hEvent=0x3c0) returned 1 [0123.763] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0123.766] SetEvent (hEvent=0x3c0) returned 1 [0123.766] SetEvent (hEvent=0x324) returned 1 [0123.767] VirtualFree (lpAddress=0xc000c00000, dwSize=0x2f2000, dwFreeType=0x4000) returned 1 [0123.786] VirtualFree (lpAddress=0xc000aee000, dwSize=0x112000, dwFreeType=0x4000) returned 1 [0123.793] VirtualFree (lpAddress=0xc0006e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.794] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.794] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.795] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.795] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.795] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0123.796] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x370 [0123.796] GetConsoleMode (in: hConsoleHandle=0x370, lpMode=0xc00017bd64 | out: lpMode=0xc00017bd64) returned 0 [0123.799] GetFileType (hFile=0x370) returned 0x1 [0123.799] WriteFile (in: hFile=0x370, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00017bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00017bd4c*=0x158, lpOverlapped=0x0) returned 1 [0123.799] CloseHandle (hObject=0x370) returned 1 [0123.800] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0123.801] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0123.801] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\stars.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\Stationery\\encry-Stars.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\stationery\\encry-stars.jpg"), dwFlags=0x1) returned 1 [0124.535] SetEvent (hEvent=0x324) returned 1 [0124.535] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0124.578] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0124.584] SetEvent (hEvent=0x114) returned 1 [0124.584] SetEvent (hEvent=0x1b4) returned 1 [0124.584] SetEvent (hEvent=0x354) returned 1 [0124.584] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0124.588] SetEvent (hEvent=0x114) returned 1 [0124.588] SwitchToThread () returned 1 [0124.685] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0124.703] SetEvent (hEvent=0x114) returned 1 [0124.703] SetEvent (hEvent=0x324) returned 1 [0124.703] SetEvent (hEvent=0x1a0) returned 1 [0124.703] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0124.820] SetEvent (hEvent=0x114) returned 1 [0124.820] VirtualFree (lpAddress=0xc0002ca000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.821] VirtualFree (lpAddress=0xc000230000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.821] VirtualFree (lpAddress=0xc0001b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.821] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.822] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.822] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.823] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0124.823] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.823] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0124.824] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000082801 | out: pbBuffer=0xc000082801) returned 1 [0124.824] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0124.825] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0124.825] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0124.826] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0124.826] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0124.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0124.827] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00013dd64 | out: lpMode=0xc00013dd64) returned 0 [0124.845] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0124.847] GetFileType (hFile=0x1b0) returned 0x1 [0124.847] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0124.848] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00011c160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c160*, lpNumberOfBytesWritten=0xc00013dd4c*=0x158, lpOverlapped=0x0) returned 1 [0124.848] CloseHandle (hObject=0x1b0) returned 1 [0124.848] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0124.849] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0124.849] VirtualAlloc (lpAddress=0xc000112000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000112000 [0124.850] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0124.851] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\windowsmail.msmessagestore"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows Mail\\encry-WindowsMail.MSMessageStore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows mail\\encry-windowsmail.msmessagestore"), dwFlags=0x1) returned 1 [0124.852] SetEvent (hEvent=0x324) returned 1 [0124.852] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0124.865] SetEvent (hEvent=0x114) returned 1 [0124.865] VirtualFree (lpAddress=0xc000346000, dwSize=0x22000, dwFreeType=0x4000) returned 1 [0124.867] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0124.867] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0124.868] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.868] VirtualFree (lpAddress=0xc000074000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0124.869] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.869] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.869] VirtualFree (lpAddress=0xc000058000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0124.870] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0124.870] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0124.871] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0124.871] SetEvent (hEvent=0x1a0) returned 1 [0124.871] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0124.883] SetEvent (hEvent=0x1a0) returned 1 [0124.883] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0124.930] SetEvent (hEvent=0x3c8) returned 1 [0124.930] SetEvent (hEvent=0xec) returned 1 [0124.930] SwitchToThread () returned 1 [0124.932] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0125.643] SetEvent (hEvent=0x3c8) returned 1 [0125.643] SetEvent (hEvent=0xec) returned 1 [0125.643] SetEvent (hEvent=0x1b4) returned 1 [0125.643] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0126.065] SetEvent (hEvent=0x3c8) returned 1 [0126.065] SetEvent (hEvent=0xec) returned 1 [0126.065] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0126.072] SetEvent (hEvent=0x3c8) returned 1 [0126.072] SetEvent (hEvent=0x1b4) returned 1 [0126.072] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0126.185] SetEvent (hEvent=0x3c8) returned 1 [0126.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x23c [0126.186] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000189cf4 | out: lpMode=0xc000189cf4) returned 0 [0126.196] GetFileType (hFile=0x23c) returned 0x1 [0126.196] GetFileType (hFile=0x23c) returned 0x1 [0126.196] GetFileInformationByHandle (in: hFile=0x23c, lpFileInformation=0xc000189d44 | out: lpFileInformation=0xc000189d44) returned 1 [0126.196] GetFileInformationByHandleEx (in: hFile=0x23c, FileInformationClass=0x9, lpFileInformation=0xc000189d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000189d28) returned 1 [0126.196] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x42000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0126.204] ReadFile (in: hFile=0x23c, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x40200, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc000189c04*=0x40000, lpOverlapped=0x0) returned 1 [0126.865] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0126.881] ReadFile (in: hFile=0x23c, lpBuffer=0xc000386000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc000386000*, lpNumberOfBytesRead=0xc000189c04*=0x0, lpOverlapped=0x0) returned 1 [0126.881] CloseHandle (hObject=0x23c) returned 1 [0126.881] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x42000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.881] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x42000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.881] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x21000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.881] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.881] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.881] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0126.881] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0126.882] VirtualAlloc (lpAddress=0xc000400000, dwSize=0x40000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000400000 [0126.890] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0126.893] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000189d04 | out: lpMode=0xc000189d04) returned 0 [0126.905] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0126.913] GetFileType (hFile=0x23c) returned 0x1 [0126.913] WriteFile (in: hFile=0x23c, lpBuffer=0xc0003fe000*, nNumberOfBytesToWrite=0x40010, lpNumberOfBytesWritten=0xc000189cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesWritten=0xc000189cec*=0x40010, lpOverlapped=0x0) returned 1 [0126.920] CloseHandle (hObject=0x23c) returned 1 [0126.920] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0801 | out: pbBuffer=0xc0002f0801) returned 1 [0126.920] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x23c [0126.921] GetConsoleMode (in: hConsoleHandle=0x23c, lpMode=0xc000189d64 | out: lpMode=0xc000189d64) returned 0 [0126.924] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0126.939] GetFileType (hFile=0x23c) returned 0x1 [0126.939] WriteFile (in: hFile=0x23c, lpBuffer=0xc00007e160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000189d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e160*, lpNumberOfBytesWritten=0xc000189d4c*=0x158, lpOverlapped=0x0) returned 1 [0126.939] CloseHandle (hObject=0x23c) returned 1 [0126.939] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0126.940] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\index.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\OfflineCache\\encry-index.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\offlinecache\\encry-index.sqlite"), dwFlags=0x1) returned 1 [0126.941] SwitchToThread () returned 1 [0126.941] SetEvent (hEvent=0x354) returned 1 [0126.941] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0126.943] SetEvent (hEvent=0xec) returned 1 [0126.943] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0126.950] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0126.964] SetEvent (hEvent=0x354) returned 1 [0126.964] SetEvent (hEvent=0x324) returned 1 [0126.964] SwitchToThread () returned 1 [0126.965] SetEvent (hEvent=0x354) returned 1 [0126.965] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0126.967] SetEvent (hEvent=0xec) returned 1 [0126.967] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0126.978] SetEvent (hEvent=0x354) returned 1 [0126.978] SetEvent (hEvent=0x324) returned 1 [0126.978] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0126.978] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0126.979] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0126.979] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000151cf4 | out: lpMode=0xc000151cf4) returned 0 [0126.983] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0126.984] SetEvent (hEvent=0xc0) returned 1 [0126.984] GetFileType (hFile=0x384) returned 0x1 [0126.984] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.018] GetFileType (hFile=0x384) returned 0x1 [0127.018] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc000151d44 | out: lpFileInformation=0xc000151d44) returned 1 [0127.018] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc000151d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000151d28) returned 1 [0127.018] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0127.019] ReadFile (in: hFile=0x384, lpBuffer=0xc0001de000, nNumberOfBytesToRead=0x22c, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de000*, lpNumberOfBytesRead=0xc000151c04*=0x2c, lpOverlapped=0x0) returned 1 [0127.020] ReadFile (in: hFile=0x384, lpBuffer=0xc0001de02c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001de02c*, lpNumberOfBytesRead=0xc000151c04*=0x0, lpOverlapped=0x0) returned 1 [0127.020] CloseHandle (hObject=0x384) returned 1 [0127.020] VirtualAlloc (lpAddress=0xc0001e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e2000 [0127.020] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0127.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0127.022] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000151d04 | out: lpMode=0xc000151d04) returned 0 [0127.023] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.037] GetFileType (hFile=0x384) returned 0x1 [0127.037] WriteFile (in: hFile=0x384, lpBuffer=0xc0001e4000*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0xc000151cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001e4000*, lpNumberOfBytesWritten=0xc000151cec*=0x30, lpOverlapped=0x0) returned 1 [0127.038] CloseHandle (hObject=0x384) returned 1 [0127.038] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0101 | out: pbBuffer=0xc0002f0101) returned 1 [0127.038] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0127.038] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0127.039] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0127.039] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0127.040] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0127.040] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0127.041] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0127.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0127.041] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000151d64 | out: lpMode=0xc000151d64) returned 0 [0127.043] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.071] SetEvent (hEvent=0xc0) returned 1 [0127.071] SetEvent (hEvent=0x354) returned 1 [0127.071] GetFileType (hFile=0x384) returned 0x1 [0127.072] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.081] WriteFile (in: hFile=0x384, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000151d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc000151d4c*=0x158, lpOverlapped=0x0) returned 1 [0127.081] CloseHandle (hObject=0x384) returned 1 [0127.081] VirtualAlloc (lpAddress=0xc0001e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e8000 [0127.082] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0127.083] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0127.083] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0127.084] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.cache"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\encry-test-phish-simple.cache" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\encry-test-phish-simple.cache"), dwFlags=0x1) returned 1 [0127.085] SetEvent (hEvent=0xec) returned 1 [0127.085] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.087] SetEvent (hEvent=0x354) returned 1 [0127.087] SetEvent (hEvent=0xfc) returned 1 [0127.087] VirtualFree (lpAddress=0xc0001e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.087] VirtualFree (lpAddress=0xc0001b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.088] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.088] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.088] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.088] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.089] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.093] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.093] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0127.097] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000211cf4 | out: lpMode=0xc000211cf4) returned 0 [0127.098] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.101] GetFileType (hFile=0x384) returned 0x1 [0127.101] GetFileType (hFile=0x384) returned 0x1 [0127.101] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc000211d44 | out: lpFileInformation=0xc000211d44) returned 1 [0127.101] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc000211d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000211d28) returned 1 [0127.102] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0127.104] ReadFile (in: hFile=0x384, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x42b0, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc000211c04*=0x40b0, lpOverlapped=0x0) returned 1 [0127.115] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.121] ReadFile (in: hFile=0x384, lpBuffer=0xc0002160b0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002160b0*, lpNumberOfBytesRead=0xc000211c04*=0x0, lpOverlapped=0x0) returned 1 [0127.121] CloseHandle (hObject=0x384) returned 1 [0127.122] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0127.124] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0127.124] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0127.125] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000211d04 | out: lpMode=0xc000211d04) returned 0 [0127.126] GetFileType (hFile=0x384) returned 0x1 [0127.126] WriteFile (in: hFile=0x384, lpBuffer=0xc0002f6000*, nNumberOfBytesToWrite=0x40c0, lpNumberOfBytesWritten=0xc000211cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesWritten=0xc000211cec*=0x40c0, lpOverlapped=0x0) returned 1 [0127.128] CloseHandle (hObject=0x384) returned 1 [0127.128] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0127.128] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0127.128] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0127.129] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0127.129] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000211d64 | out: lpMode=0xc000211d64) returned 0 [0127.130] GetFileType (hFile=0x384) returned 0x1 [0127.130] WriteFile (in: hFile=0x384, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000211d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000211d4c*=0x158, lpOverlapped=0x0) returned 1 [0127.130] CloseHandle (hObject=0x384) returned 1 [0127.130] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\4cc87c1409819bf06f42b782d4902b2f.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\thumbnails\\encry-4cc87c1409819bf06f42b782d4902b2f.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\thumbnails\\encry-4cc87c1409819bf06f42b782d4902b2f.png"), dwFlags=0x1) returned 1 [0127.131] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.132] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0127.132] SetEvent (hEvent=0xc0) returned 1 [0127.132] SetEvent (hEvent=0xfc) returned 1 [0127.132] SetEvent (hEvent=0x3c8) returned 1 [0127.132] SetEvent (hEvent=0x1a0) returned 1 [0127.133] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.137] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.137] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.235] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.278] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.278] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0127.278] SetEvent (hEvent=0x3c8) returned 1 [0127.278] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.299] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0127.300] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0127.301] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00011bcf4 | out: lpMode=0xc00011bcf4) returned 0 [0127.306] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.316] GetFileType (hFile=0x384) returned 0x1 [0127.316] GetFileType (hFile=0x384) returned 0x1 [0127.316] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc00011bd44 | out: lpFileInformation=0xc00011bd44) returned 1 [0127.316] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc00011bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00011bd28) returned 1 [0127.316] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0127.317] ReadFile (in: hFile=0x384, lpBuffer=0xc0000ba000, nNumberOfBytesToRead=0x2e8, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ba000*, lpNumberOfBytesRead=0xc00011bc04*=0xe8, lpOverlapped=0x0) returned 1 [0127.318] ReadFile (in: hFile=0x384, lpBuffer=0xc0000ba0e8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ba0e8*, lpNumberOfBytesRead=0xc00011bc04*=0x0, lpOverlapped=0x0) returned 1 [0127.318] CloseHandle (hObject=0x384) returned 1 [0127.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0127.320] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00011bd04 | out: lpMode=0xc00011bd04) returned 0 [0127.363] GetFileType (hFile=0x384) returned 0x1 [0127.363] WriteFile (in: hFile=0x384, lpBuffer=0xc0000563c0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc00011bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000563c0*, lpNumberOfBytesWritten=0xc00011bcec*=0xf0, lpOverlapped=0x0) returned 1 [0127.364] CloseHandle (hObject=0x384) returned 1 [0127.365] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0101 | out: pbBuffer=0xc0002f0101) returned 1 [0127.365] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0127.366] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0127.366] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00011bd64 | out: lpMode=0xc00011bd64) returned 0 [0127.390] GetFileType (hFile=0x384) returned 0x1 [0127.390] WriteFile (in: hFile=0x384, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00011bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc00011bd4c*=0x158, lpOverlapped=0x0) returned 1 [0127.391] CloseHandle (hObject=0x384) returned 1 [0127.391] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-phish-simple.sbstore"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\encry-test-phish-simple.sbstore" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\encry-test-phish-simple.sbstore"), dwFlags=0x1) returned 1 [0127.392] VirtualFree (lpAddress=0xc000346000, dwSize=0x1e000, dwFreeType=0x4000) returned 1 [0127.394] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x1e000, dwFreeType=0x4000) returned 1 [0127.395] VirtualFree (lpAddress=0xc000212000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0127.396] VirtualFree (lpAddress=0xc0001e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.396] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.397] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.397] VirtualFree (lpAddress=0xc000052000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.397] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.398] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.398] GetFileType (hFile=0x3d8) returned 0x1 [0127.398] GetFileType (hFile=0x3d8) returned 0x1 [0127.398] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc0001ffd44 | out: lpFileInformation=0xc0001ffd44) returned 1 [0127.398] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc0001ffd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001ffd28) returned 1 [0127.399] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0000598c0, nNumberOfBytesToRead=0x210, lpNumberOfBytesRead=0xc0001ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000598c0*, lpNumberOfBytesRead=0xc0001ffc04*=0x10, lpOverlapped=0x0) returned 1 [0127.400] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0000598d0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000598d0*, lpNumberOfBytesRead=0xc0001ffc04*=0x0, lpOverlapped=0x0) returned 1 [0127.400] CloseHandle (hObject=0x3d8) returned 1 [0127.400] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0127.402] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0001ffd04 | out: lpMode=0xc0001ffd04) returned 0 [0127.408] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.420] GetFileType (hFile=0x3d8) returned 0x1 [0127.420] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0003fc1a0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xc0001ffcec, lpOverlapped=0x0 | out: lpBuffer=0xc0003fc1a0*, lpNumberOfBytesWritten=0xc0001ffcec*=0x20, lpOverlapped=0x0) returned 1 [0127.422] CloseHandle (hObject=0x3d8) returned 1 [0127.422] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0127.422] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0127.423] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0127.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0127.424] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0001ffd64 | out: lpMode=0xc0001ffd64) returned 0 [0127.426] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.454] GetFileType (hFile=0x3d8) returned 0x1 [0127.454] WriteFile (in: hFile=0x3d8, lpBuffer=0xc000072420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001ffd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000072420*, lpNumberOfBytesWritten=0xc0001ffd4c*=0x158, lpOverlapped=0x0) returned 1 [0127.454] CloseHandle (hObject=0x3d8) returned 1 [0127.454] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\test-malware-simple.pset"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\safebrowsing\\encry-test-malware-simple.pset" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\mozilla\\firefox\\profiles\\silmbjec.default\\safebrowsing\\encry-test-malware-simple.pset"), dwFlags=0x1) returned 1 [0127.456] SetEvent (hEvent=0x354) returned 1 [0127.456] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.471] SetEvent (hEvent=0xfc) returned 1 [0127.471] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.478] SetEvent (hEvent=0x114) returned 1 [0127.478] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.482] SetEvent (hEvent=0x324) returned 1 [0127.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Gu0BUM3r4YyI.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\gu0bum3r4yyi.odp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0127.482] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001d3cf4 | out: lpMode=0xc0001d3cf4) returned 0 [0127.491] GetFileType (hFile=0x3cc) returned 0x1 [0127.491] GetFileType (hFile=0x3cc) returned 0x1 [0127.491] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc0001d3d44 | out: lpFileInformation=0xc0001d3d44) returned 1 [0127.491] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc0001d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d3d28) returned 1 [0127.491] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0127.494] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x17e97, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0001d3c04*=0x17c97, lpOverlapped=0x0) returned 1 [0127.496] ReadFile (in: hFile=0x3cc, lpBuffer=0xc0002bbc97, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002bbc97*, lpNumberOfBytesRead=0xc0001d3c04*=0x0, lpOverlapped=0x0) returned 1 [0127.496] CloseHandle (hObject=0x3cc) returned 1 [0127.496] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0127.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Gu0BUM3r4YyI.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\gu0bum3r4yyi.odp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0127.502] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001d3d04 | out: lpMode=0xc0001d3d04) returned 0 [0127.508] GetFileType (hFile=0x3cc) returned 0x1 [0127.508] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0002f6000*, nNumberOfBytesToWrite=0x17ca0, lpNumberOfBytesWritten=0xc0001d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f6000*, lpNumberOfBytesWritten=0xc0001d3cec*=0x17ca0, lpOverlapped=0x0) returned 1 [0127.511] CloseHandle (hObject=0x3cc) returned 1 [0127.512] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0127.512] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0127.513] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0127.513] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Gu0BUM3r4YyI.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\gu0bum3r4yyi.odp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0127.514] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0001d3d64 | out: lpMode=0xc0001d3d64) returned 0 [0127.527] GetFileType (hFile=0x3cc) returned 0x1 [0127.527] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0127.528] CloseHandle (hObject=0x3cc) returned 1 [0127.528] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Gu0BUM3r4YyI.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\gu0bum3r4yyi.odp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\encry-Gu0BUM3r4YyI.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\encry-gu0bum3r4yyi.odp"), dwFlags=0x1) returned 1 [0127.530] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.531] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.531] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0127.531] SetEvent (hEvent=0xc0) returned 1 [0127.532] SetEvent (hEvent=0x13c) returned 1 [0127.532] SetEvent (hEvent=0x3c8) returned 1 [0127.532] SetEvent (hEvent=0x1a0) returned 1 [0127.532] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.544] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.544] SetEvent (hEvent=0x3c8) returned 1 [0127.544] SetEvent (hEvent=0x1b4) returned 1 [0127.545] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.551] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.551] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0127.552] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.552] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0127.552] SetEvent (hEvent=0xc0) returned 1 [0127.552] SetEvent (hEvent=0x324) returned 1 [0127.552] SetEvent (hEvent=0xfc) returned 1 [0127.552] SetEvent (hEvent=0x1b4) returned 1 [0127.552] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0127.595] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\3qSKcqe3.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\3qskcqe3.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0127.596] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000243cf4 | out: lpMode=0xc000243cf4) returned 0 [0127.600] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.608] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.609] SetEvent (hEvent=0x1a0) returned 1 [0127.609] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0127.646] VirtualFree (lpAddress=0xc00025a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0127.647] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.648] VirtualFree (lpAddress=0xc000160000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0127.648] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0127.649] VirtualFree (lpAddress=0xc000110000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0127.649] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0127.650] SetEvent (hEvent=0x354) returned 1 [0127.650] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0128.481] SetEvent (hEvent=0x324) returned 1 [0128.481] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0128.482] SetEvent (hEvent=0x3c0) returned 1 [0128.482] GetFileType (hFile=0x384) returned 0x1 [0128.482] GetFileType (hFile=0x384) returned 0x1 [0128.482] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0128.482] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0128.482] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0128.484] ReadFile (in: hFile=0x384, lpBuffer=0xc00028c000, nNumberOfBytesToRead=0x4946, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesRead=0xc00024dc04*=0x4746, lpOverlapped=0x0) returned 1 [0128.485] ReadFile (in: hFile=0x384, lpBuffer=0xc000290746, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000290746*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0128.486] CloseHandle (hObject=0x384) returned 1 [0128.486] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Taqml-.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\taqml-.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0130.659] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00024dd04 | out: lpMode=0xc00024dd04) returned 0 [0130.689] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0130.786] SetEvent (hEvent=0xc0) returned 1 [0130.786] GetFileType (hFile=0x2bc) returned 0x1 [0130.786] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0130.801] SetEvent (hEvent=0x148) returned 1 [0130.801] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0130.807] SetEvent (hEvent=0xfc) returned 1 [0130.807] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0130.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0130.813] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000195cf4 | out: lpMode=0xc000195cf4) returned 0 [0130.826] GetFileType (hFile=0x2e8) returned 0x1 [0130.826] GetFileType (hFile=0x2e8) returned 0x1 [0130.826] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc000195d44 | out: lpFileInformation=0xc000195d44) returned 1 [0130.827] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc000195d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000195d28) returned 1 [0130.827] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0130.829] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0xa7ff, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000195c04*=0xa5ff, lpOverlapped=0x0) returned 1 [0130.842] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0002ae5ff, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ae5ff*, lpNumberOfBytesRead=0xc000195c04*=0x0, lpOverlapped=0x0) returned 1 [0130.842] CloseHandle (hObject=0x2e8) returned 1 [0130.842] VirtualAlloc (lpAddress=0xc0002b0000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b0000 [0130.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Adobe\\Acrobat\\10.0\\rdrmessage.zip" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\adobe\\acrobat\\10.0\\rdrmessage.zip"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0130.845] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000195d04 | out: lpMode=0xc000195d04) returned 0 [0130.851] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0130.897] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0130.912] SwitchToThread () returned 1 [0130.918] SetEvent (hEvent=0x324) returned 1 [0130.918] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0130.922] SetEvent (hEvent=0x12c) returned 1 [0130.922] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0130.924] SwitchToThread () returned 1 [0130.926] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0130.927] SetEvent (hEvent=0x324) returned 1 [0130.927] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0130.928] SetEvent (hEvent=0x324) returned 1 [0130.928] SetEvent (hEvent=0x12c) returned 1 [0130.928] SetEvent (hEvent=0x1b4) returned 1 [0130.928] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0130.951] SetEvent (hEvent=0x12c) returned 1 [0130.951] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0130.953] VirtualFree (lpAddress=0xc0002b0000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0130.954] VirtualFree (lpAddress=0xc00028c000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0130.955] VirtualFree (lpAddress=0xc000280000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0130.955] VirtualFree (lpAddress=0xc000264000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.956] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.956] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.957] VirtualFree (lpAddress=0xc0001a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0130.957] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.957] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.958] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.958] VirtualFree (lpAddress=0xc0000b8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0130.958] SetEvent (hEvent=0x324) returned 1 [0130.959] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0130.989] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0130.991] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0130.993] SetEvent (hEvent=0xfc) returned 1 [0130.993] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0130.994] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0130.994] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0130.995] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0131.000] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0131.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e8 [0131.002] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00015fcf4 | out: lpMode=0xc00015fcf4) returned 0 [0131.003] GetFileType (hFile=0x2e8) returned 0x1 [0131.003] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0131.003] GetFileType (hFile=0x2e8) returned 0x1 [0131.003] GetFileInformationByHandle (in: hFile=0x2e8, lpFileInformation=0xc00015fd44 | out: lpFileInformation=0xc00015fd44) returned 1 [0131.004] GetFileInformationByHandleEx (in: hFile=0x2e8, FileInformationClass=0x9, lpFileInformation=0xc00015fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015fd28) returned 1 [0131.004] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0131.004] VirtualAlloc (lpAddress=0xc0001a0000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001a0000 [0131.005] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0001a0000, nNumberOfBytesToRead=0x111d, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a0000*, lpNumberOfBytesRead=0xc00015fc04*=0xf1d, lpOverlapped=0x0) returned 1 [0131.011] ReadFile (in: hFile=0x2e8, lpBuffer=0xc0001a0f1d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001a0f1d*, lpNumberOfBytesRead=0xc00015fc04*=0x0, lpOverlapped=0x0) returned 1 [0131.011] CloseHandle (hObject=0x2e8) returned 1 [0131.011] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0131.012] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0131.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.031] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406\\*", lpFindFileData=0xc00015fa08 | out: lpFindFileData=0xc00015fa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.031] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00015f720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.031] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0131.032] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0131.033] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d2360*, nNumberOfCharsToWrite=0x8b, lpNumberOfCharsWritten=0xc00015f808, lpReserved=0x0 | out: lpBuffer=0xc0003d2360*, lpNumberOfCharsWritten=0xc00015f808*=0x8b) returned 1 [0131.034] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0131.034] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0131.034] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc00015fd64 | out: lpMode=0xc00015fd64) returned 0 [0131.035] GetFileType (hFile=0x2e8) returned 0x1 [0131.035] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc00015fd4c*=0x158, lpOverlapped=0x0) returned 1 [0131.035] CloseHandle (hObject=0x2e8) returned 1 [0131.036] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0131.037] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\1daf2884ec4dfa96ba4a58d4dbc9c406"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-1DAF2884EC4DFA96BA4A58D4DBC9C406" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-1daf2884ec4dfa96ba4a58d4dbc9c406"), dwFlags=0x1) returned 1 [0131.097] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.099] SetEvent (hEvent=0x1b4) returned 1 [0131.099] SetEvent (hEvent=0x3c4) returned 1 [0131.099] VirtualFree (lpAddress=0xc00028c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.100] VirtualFree (lpAddress=0xc000288000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.100] VirtualFree (lpAddress=0xc000284000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.100] VirtualFree (lpAddress=0xc00027e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.101] VirtualFree (lpAddress=0xc0001ea000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.102] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.102] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.102] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.103] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0131.103] VirtualFree (lpAddress=0xc000198000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.104] VirtualFree (lpAddress=0xc000180000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0131.104] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0131.105] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.105] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.106] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.106] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.107] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.107] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.107] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.108] VirtualFree (lpAddress=0xc000074000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0131.108] VirtualFree (lpAddress=0xc00006a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.109] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.109] VirtualFree (lpAddress=0xc000058000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0131.109] VirtualFree (lpAddress=0xc00004e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0131.110] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.110] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.111] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.111] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000063818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc000063818*=0x2) returned 1 [0131.114] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.117] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.123] SetEvent (hEvent=0x1b4) returned 1 [0131.123] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.126] SetEvent (hEvent=0x1b4) returned 1 [0131.126] SetEvent (hEvent=0x320) returned 1 [0131.126] SwitchToThread () returned 1 [0131.127] SetEvent (hEvent=0x1b4) returned 1 [0131.127] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.142] SetEvent (hEvent=0x1b4) returned 1 [0131.142] SetEvent (hEvent=0x258) returned 1 [0131.142] SetEvent (hEvent=0x320) returned 1 [0131.142] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.146] SetEvent (hEvent=0x1b4) returned 1 [0131.146] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.152] SetEvent (hEvent=0x1b4) returned 1 [0131.152] SetEvent (hEvent=0x258) returned 1 [0131.152] SwitchToThread () returned 1 [0131.153] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.156] SetEvent (hEvent=0x3c0) returned 1 [0131.156] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.159] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0131.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d8 [0131.161] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0002a3cf4 | out: lpMode=0xc0002a3cf4) returned 0 [0131.162] GetFileType (hFile=0x3d8) returned 0x1 [0131.162] GetFileType (hFile=0x3d8) returned 0x1 [0131.162] GetFileInformationByHandle (in: hFile=0x3d8, lpFileInformation=0xc0002a3d44 | out: lpFileInformation=0xc0002a3d44) returned 1 [0131.163] GetFileInformationByHandleEx (in: hFile=0x3d8, FileInformationClass=0x9, lpFileInformation=0xc0002a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a3d28) returned 1 [0131.163] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0131.163] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0000ea000, nNumberOfBytesToRead=0x3d7, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea000*, lpNumberOfBytesRead=0xc0002a3c04*=0x1d7, lpOverlapped=0x0) returned 1 [0131.164] ReadFile (in: hFile=0x3d8, lpBuffer=0xc0000ea1d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea1d7*, lpNumberOfBytesRead=0xc0002a3c04*=0x0, lpOverlapped=0x0) returned 1 [0131.164] CloseHandle (hObject=0x3d8) returned 1 [0131.165] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0131.165] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0131.171] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398\\*", lpFindFileData=0xc0002a3a08 | out: lpFindFileData=0xc0002a3a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0131.171] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0131.172] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002a3720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0131.172] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6b00*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0002a3808, lpReserved=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfCharsWritten=0xc0002a3808*=0xac) returned 1 [0131.173] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000801 | out: pbBuffer=0xc000000801) returned 1 [0131.174] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d8 [0131.174] GetConsoleMode (in: hConsoleHandle=0x3d8, lpMode=0xc0002a3d64 | out: lpMode=0xc0002a3d64) returned 0 [0131.175] GetFileType (hFile=0x3d8) returned 0x1 [0131.175] WriteFile (in: hFile=0x3d8, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc0002a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0131.175] CloseHandle (hObject=0x3d8) returned 1 [0131.177] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\encry-4C8F841FB02DEC8C10108028DB86A08D_8DAFFFD2D43BDC7A1717F5B61C303398" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\encry-4c8f841fb02dec8c10108028db86a08d_8dafffd2d43bdc7a1717f5b61c303398"), dwFlags=0x1) returned 1 [0131.231] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0131.231] SetEvent (hEvent=0xfc) returned 1 [0131.231] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0131.233] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.234] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0131.234] SetEvent (hEvent=0xfc) returned 1 [0131.234] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0131.236] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.256] SetEvent (hEvent=0x258) returned 1 [0131.256] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.257] SetEvent (hEvent=0x258) returned 1 [0131.257] SetEvent (hEvent=0x1b4) returned 1 [0131.257] SetEvent (hEvent=0x3c0) returned 1 [0131.257] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.277] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.288] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.298] SetEvent (hEvent=0x320) returned 1 [0131.298] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.300] SetEvent (hEvent=0x320) returned 1 [0131.300] SetEvent (hEvent=0x258) returned 1 [0131.300] VirtualFree (lpAddress=0xc0002ca000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.301] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.301] VirtualFree (lpAddress=0xc0002c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.302] VirtualFree (lpAddress=0xc000282000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.302] VirtualFree (lpAddress=0xc00027c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.302] VirtualFree (lpAddress=0xc000262000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.303] VirtualFree (lpAddress=0xc00025e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.303] VirtualFree (lpAddress=0xc00025a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.303] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.303] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.304] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.304] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0131.304] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.305] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0131.305] SwitchToThread () returned 1 [0131.307] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.313] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.327] SetEvent (hEvent=0x3c0) returned 1 [0131.327] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.332] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.341] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0131.345] SetEvent (hEvent=0x148) returned 1 [0131.345] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0132.607] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0132.612] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0132.613] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0132.615] GetFileType (hFile=0x2b4) returned 0x1 [0132.615] GetFileType (hFile=0x2b4) returned 0x1 [0132.615] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0132.615] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0132.616] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0132.616] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0132.616] ReadFile (in: hFile=0x2b4, lpBuffer=0xc0000ce000, nNumberOfBytesToRead=0x426, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesRead=0xc0006e1c04*=0x226, lpOverlapped=0x0) returned 1 [0132.617] ReadFile (in: hFile=0x2b4, lpBuffer=0xc0000ce226, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce226*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0132.617] CloseHandle (hObject=0x2b4) returned 1 [0132.617] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0132.618] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0132.618] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0132.620] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\content\\f90f18257cbb4d84216ac1e1f3bb2c76"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.620] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\F90F18257CBB4D84216AC1E1F3BB2C76\\*", lpFindFileData=0xc0006e1a08 | out: lpFindFileData=0xc0006e1a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.620] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0132.621] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0132.621] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0006e1720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.621] VirtualAlloc (lpAddress=0xc000282000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000282000 [0132.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0132.623] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc00015bcf4 | out: lpMode=0xc00015bcf4) returned 0 [0132.624] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0132.654] GetFileType (hFile=0x2b4) returned 0x1 [0132.654] GetFileType (hFile=0x2b4) returned 0x1 [0132.654] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc00015bd44 | out: lpFileInformation=0xc00015bd44) returned 1 [0132.655] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc00015bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015bd28) returned 1 [0132.655] ReadFile (in: hFile=0x2b4, lpBuffer=0xc000120400, nNumberOfBytesToRead=0x390, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000120400*, lpNumberOfBytesRead=0xc00015bc04*=0x190, lpOverlapped=0x0) returned 1 [0132.656] ReadFile (in: hFile=0x2b4, lpBuffer=0xc000120590, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000120590*, lpNumberOfBytesRead=0xc00015bc04*=0x0, lpOverlapped=0x0) returned 1 [0132.656] CloseHandle (hObject=0x2b4) returned 1 [0132.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\024823b39fbeaccdb5c06426a8168e99_6d5cab161a1c65362a913d29be09d91b"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.678] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\024823B39FBEACCDB5C06426A8168E99_6D5CAB161A1C65362A913D29BE09D91B\\*", lpFindFileData=0xc00015ba08 | out: lpFindFileData=0xc00015ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.678] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00015b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.678] VirtualFree (lpAddress=0xc0002aa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.678] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.679] VirtualFree (lpAddress=0xc00029a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.679] VirtualFree (lpAddress=0xc000294000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.679] VirtualFree (lpAddress=0xc00028c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.680] VirtualFree (lpAddress=0xc000288000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.680] VirtualFree (lpAddress=0xc000212000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0132.680] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.681] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.681] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0132.681] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.682] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.682] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0132.682] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3cc [0132.683] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc0002d7cf4 | out: lpMode=0xc0002d7cf4) returned 0 [0132.778] GetFileType (hFile=0x3cc) returned 0x1 [0132.779] GetFileType (hFile=0x3cc) returned 0x1 [0132.779] GetFileInformationByHandle (in: hFile=0x3cc, lpFileInformation=0xc0002d7d44 | out: lpFileInformation=0xc0002d7d44) returned 1 [0132.779] GetFileInformationByHandleEx (in: hFile=0x3cc, FileInformationClass=0x9, lpFileInformation=0xc0002d7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d7d28) returned 1 [0132.779] ReadFile (in: hFile=0x3cc, lpBuffer=0xc000120000, nNumberOfBytesToRead=0x394, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesRead=0xc0002d7c04*=0x194, lpOverlapped=0x0) returned 1 [0132.780] ReadFile (in: hFile=0x3cc, lpBuffer=0xc000120194, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000120194*, lpNumberOfBytesRead=0xc0002d7c04*=0x0, lpOverlapped=0x0) returned 1 [0132.780] CloseHandle (hObject=0x3cc) returned 1 [0132.780] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\4dd39726d4b55ac3b4119b35a893323c_46cccfb940a93f39a734f69efcdd76e9"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0132.867] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9\\*", lpFindFileData=0xc0002d7a08 | out: lpFindFileData=0xc0002d7a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0132.867] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002d7720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0132.867] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0132.870] SetEvent (hEvent=0x1a0) returned 1 [0132.870] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001689a0*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc00015b808, lpReserved=0x0 | out: lpBuffer=0xc0001689a0*, lpNumberOfCharsWritten=0xc00015b808*=0xad) returned 1 [0132.874] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0132.879] SetEvent (hEvent=0x324) returned 1 [0132.879] SetEvent (hEvent=0x3c8) returned 1 [0132.879] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0132.888] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0132.890] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0132.891] SetEvent (hEvent=0xfc) returned 1 [0132.891] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0132.892] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002c4000*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc000189808, lpReserved=0x0 | out: lpBuffer=0xc0002c4000*, lpNumberOfCharsWritten=0xc000189808*=0xad) returned 1 [0132.897] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0132.899] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0132.899] VirtualAlloc (lpAddress=0xc0002c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c6000 [0132.900] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0132.900] VirtualAlloc (lpAddress=0xc0002cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002cc000 [0132.901] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0132.901] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000189d64 | out: lpMode=0xc000189d64) returned 0 [0132.903] GetFileType (hFile=0x1b0) returned 0x1 [0132.903] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000168420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000189d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000168420*, lpNumberOfBytesWritten=0xc000189d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.904] CloseHandle (hObject=0x1b0) returned 1 [0132.909] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0132.913] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-5457a8ce4b2a7499f8299a013b6e1c7c_ce50f893881d43dc0c815e4d80faf2b4"), dwFlags=0x1) returned 1 [0133.062] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.062] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005e018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015b818, lpReserved=0x0 | out: lpBuffer=0xc00005e018*, lpNumberOfCharsWritten=0xc00015b818*=0x3) returned 1 [0133.065] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0133.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0133.066] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0002d9cf4 | out: lpMode=0xc0002d9cf4) returned 0 [0133.067] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.070] SetEvent (hEvent=0x324) returned 1 [0133.070] GetFileType (hFile=0x384) returned 0x1 [0133.070] GetFileType (hFile=0x384) returned 0x1 [0133.070] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc0002d9d44 | out: lpFileInformation=0xc0002d9d44) returned 1 [0133.070] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc0002d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d9d28) returned 1 [0133.070] VirtualAlloc (lpAddress=0xc0002e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e8000 [0133.071] ReadFile (in: hFile=0x384, lpBuffer=0xc0002e8000, nNumberOfBytesToRead=0x394, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e8000*, lpNumberOfBytesRead=0xc0002d9c04*=0x194, lpOverlapped=0x0) returned 1 [0133.072] ReadFile (in: hFile=0x384, lpBuffer=0xc0002e8194, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e8194*, lpNumberOfBytesRead=0xc0002d9c04*=0x0, lpOverlapped=0x0) returned 1 [0133.072] CloseHandle (hObject=0x384) returned 1 [0133.072] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0133.072] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0133.073] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.289] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0133.290] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D\\*", lpFindFileData=0xc0002d9a08 | out: lpFindFileData=0xc0002d9a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.290] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002d9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.290] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0133.291] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0002d9808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0002d9808*=0xad) returned 1 [0133.295] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.295] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0133.296] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0133.297] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0133.297] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0133.298] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0133.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0133.299] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0002d9d64 | out: lpMode=0xc0002d9d64) returned 0 [0133.300] GetFileType (hFile=0x240) returned 0x1 [0133.300] WriteFile (in: hFile=0x240, lpBuffer=0xc0000d82c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d82c0*, lpNumberOfBytesWritten=0xc0002d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.300] CloseHandle (hObject=0x240) returned 1 [0133.303] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-7B8944BA8AD0EFDF0E01A43EF62BECD0_B2DB1CC4B5F2D2A802D56AAED525802D" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-7b8944ba8ad0efdf0e01a43ef62becd0_b2db1cc4b5f2d2a802d56aaed525802d"), dwFlags=0x1) returned 1 [0133.457] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0133.457] SetEvent (hEvent=0xec) returned 1 [0133.458] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.461] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.461] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.465] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0133.465] SetEvent (hEvent=0x324) returned 1 [0133.465] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.467] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.485] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.495] SetEvent (hEvent=0x30c) returned 1 [0133.495] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.499] SetEvent (hEvent=0x30c) returned 1 [0133.499] SetEvent (hEvent=0x1a0) returned 1 [0133.499] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.500] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000243818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000243818*=0x2) returned 1 [0133.501] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.507] SetEvent (hEvent=0xec) returned 1 [0133.507] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.509] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f0 [0133.510] GetConsoleMode (in: hConsoleHandle=0x2f0, lpMode=0xc000243cf4 | out: lpMode=0xc000243cf4) returned 0 [0133.510] GetFileType (hFile=0x2f0) returned 0x1 [0133.511] GetFileType (hFile=0x2f0) returned 0x1 [0133.511] GetFileInformationByHandle (in: hFile=0x2f0, lpFileInformation=0xc000243d44 | out: lpFileInformation=0xc000243d44) returned 1 [0133.511] GetFileInformationByHandleEx (in: hFile=0x2f0, FileInformationClass=0x9, lpFileInformation=0xc000243d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000243d28) returned 1 [0133.511] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00002c400, nNumberOfBytesToRead=0x382, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c400*, lpNumberOfBytesRead=0xc000243c04*=0x182, lpOverlapped=0x0) returned 1 [0133.512] ReadFile (in: hFile=0x2f0, lpBuffer=0xc00002c582, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c582*, lpNumberOfBytesRead=0xc000243c04*=0x0, lpOverlapped=0x0) returned 1 [0133.512] CloseHandle (hObject=0x2f0) returned 1 [0133.512] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.516] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E\\*", lpFindFileData=0xc000243a08 | out: lpFindFileData=0xc000243a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.516] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000243720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.516] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc000243808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc000243808*=0xad) returned 1 [0133.519] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0133.520] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.520] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0133.520] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0133.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0133.521] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc000243d64 | out: lpMode=0xc000243d64) returned 0 [0133.522] GetFileType (hFile=0x2f4) returned 0x1 [0133.522] WriteFile (in: hFile=0x2f4, lpBuffer=0xc00004c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000243d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00004c2c0*, lpNumberOfBytesWritten=0xc000243d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.522] CloseHandle (hObject=0x2f4) returned 1 [0133.525] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-8059E9A0D314877E40FE93D8CCFB3C69_581C904DB5924E46A6C1A8637614A40E" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-8059e9a0d314877e40fe93d8ccfb3c69_581c904db5924e46a6c1a8637614a40e"), dwFlags=0x1) returned 1 [0133.557] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.557] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0133.557] SetEvent (hEvent=0xec) returned 1 [0133.557] SetEvent (hEvent=0x324) returned 1 [0133.557] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0133.559] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.564] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0133.564] SetEvent (hEvent=0x324) returned 1 [0133.564] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.566] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.639] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.657] SetEvent (hEvent=0xec) returned 1 [0133.657] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.658] SetEvent (hEvent=0xec) returned 1 [0133.658] SetEvent (hEvent=0x30c) returned 1 [0133.658] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.659] VirtualFree (lpAddress=0xc000056000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0133.659] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010038*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d7818, lpReserved=0x0 | out: lpBuffer=0xc000010038*, lpNumberOfCharsWritten=0xc0002d7818*=0x2) returned 1 [0133.661] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.668] SetEvent (hEvent=0x1a0) returned 1 [0133.668] SetEvent (hEvent=0x30c) returned 1 [0133.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0133.669] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0002d7cf4 | out: lpMode=0xc0002d7cf4) returned 0 [0133.670] GetFileType (hFile=0x2f4) returned 0x1 [0133.670] GetFileType (hFile=0x2f4) returned 0x1 [0133.670] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc0002d7d44 | out: lpFileInformation=0xc0002d7d44) returned 1 [0133.670] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc0002d7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d7d28) returned 1 [0133.670] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0133.671] ReadFile (in: hFile=0x2f4, lpBuffer=0xc000078000, nNumberOfBytesToRead=0x380, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000078000*, lpNumberOfBytesRead=0xc0002d7c04*=0x180, lpOverlapped=0x0) returned 1 [0133.672] ReadFile (in: hFile=0x2f4, lpBuffer=0xc000078180, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000078180*, lpNumberOfBytesRead=0xc0002d7c04*=0x0, lpOverlapped=0x0) returned 1 [0133.672] CloseHandle (hObject=0x2f4) returned 1 [0133.673] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.680] SetEvent (hEvent=0xc0) returned 1 [0133.680] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56\\*", lpFindFileData=0xc0002d7a08 | out: lpFindFileData=0xc0002d7a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.680] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002d7720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.680] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0002d7808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0002d7808*=0xad) returned 1 [0133.683] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.683] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0133.683] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0002d7d64 | out: lpMode=0xc0002d7d64) returned 0 [0133.683] GetFileType (hFile=0x2f4) returned 0x1 [0133.683] WriteFile (in: hFile=0x2f4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0002d7d4c*=0x158, lpOverlapped=0x0) returned 1 [0133.684] CloseHandle (hObject=0x2f4) returned 1 [0133.685] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-828298824EA5549947C17DDABF6871F5_0206EFBC540300C3BF0163CDBC3D7D56" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-828298824ea5549947c17ddabf6871f5_0206efbc540300c3bf0163cdbc3d7d56"), dwFlags=0x1) returned 1 [0133.725] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0133.725] SetEvent (hEvent=0x324) returned 1 [0133.725] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0133.727] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.730] SetEvent (hEvent=0x334) returned 1 [0133.730] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.736] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.736] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0133.736] SetEvent (hEvent=0x334) returned 1 [0133.736] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0133.743] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.743] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.766] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.778] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.795] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.797] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.803] SetEvent (hEvent=0xec) returned 1 [0133.803] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0133.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0133.805] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00015bcf4 | out: lpMode=0xc00015bcf4) returned 0 [0133.806] GetFileType (hFile=0x1b0) returned 0x1 [0133.806] GetFileType (hFile=0x1b0) returned 0x1 [0133.806] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00015bd44 | out: lpFileInformation=0xc00015bd44) returned 1 [0133.806] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00015bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015bd28) returned 1 [0133.806] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0133.807] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00006a000, nNumberOfBytesToRead=0x386, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a000*, lpNumberOfBytesRead=0xc00015bc04*=0x186, lpOverlapped=0x0) returned 1 [0133.808] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00006a186, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a186*, lpNumberOfBytesRead=0xc00015bc04*=0x0, lpOverlapped=0x0) returned 1 [0133.808] CloseHandle (hObject=0x1b0) returned 1 [0133.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.816] SetEvent (hEvent=0xc0) returned 1 [0133.816] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0133.817] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6\\*", lpFindFileData=0xc00015ba08 | out: lpFindFileData=0xc00015ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.817] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00015b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.817] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc00015b808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc00015b808*=0xad) returned 1 [0133.819] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.819] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0133.820] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0133.820] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00015bd64 | out: lpMode=0xc00015bd64) returned 0 [0133.820] GetFileType (hFile=0x1b0) returned 0x1 [0133.820] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00015bd4c*=0x158, lpOverlapped=0x0) returned 1 [0133.821] CloseHandle (hObject=0x1b0) returned 1 [0133.822] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-9BC2FFC5D9591E1BD3545230E9B7CC36_CF30943571F9BEE96C487B2D9F0436E6" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-9bc2ffc5d9591e1bd3545230e9b7cc36_cf30943571f9bee96c487b2d9f0436e6"), dwFlags=0x1) returned 1 [0133.871] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0133.871] SetEvent (hEvent=0x30c) returned 1 [0133.872] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.873] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0133.873] SetEvent (hEvent=0x30c) returned 1 [0133.873] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0133.880] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.901] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.911] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.918] SetEvent (hEvent=0x1a0) returned 1 [0133.918] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.918] SetEvent (hEvent=0x1a0) returned 1 [0133.918] SetEvent (hEvent=0xec) returned 1 [0133.919] VirtualFree (lpAddress=0xc00010c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0133.919] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0133.920] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.920] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.920] VirtualFree (lpAddress=0xc000054000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0133.921] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.921] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0133.922] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc0002d7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc0002d7818*=0x2) returned 1 [0133.923] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0133.932] SetEvent (hEvent=0x1a0) returned 1 [0133.932] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0133.933] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0133.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0133.934] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00015bcf4 | out: lpMode=0xc00015bcf4) returned 0 [0133.935] GetFileType (hFile=0x2cc) returned 0x1 [0133.935] GetFileType (hFile=0x2cc) returned 0x1 [0133.935] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc00015bd44 | out: lpFileInformation=0xc00015bd44) returned 1 [0133.935] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc00015bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015bd28) returned 1 [0133.935] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0133.936] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00007c000, nNumberOfBytesToRead=0x3a0, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c000*, lpNumberOfBytesRead=0xc00015bc04*=0x1a0, lpOverlapped=0x0) returned 1 [0133.937] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00007c1a0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007c1a0*, lpNumberOfBytesRead=0xc00015bc04*=0x0, lpOverlapped=0x0) returned 1 [0133.937] CloseHandle (hObject=0x2cc) returned 1 [0133.937] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0133.938] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0133.946] SetEvent (hEvent=0xc0) returned 1 [0133.947] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0133.947] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8\\*", lpFindFileData=0xc00015ba08 | out: lpFindFileData=0xc00015ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0133.947] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00015b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0133.947] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc00015b808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc00015b808*=0xad) returned 1 [0133.949] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0133.950] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0133.950] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0133.950] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0133.951] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00015bd64 | out: lpMode=0xc00015bd64) returned 0 [0133.951] GetFileType (hFile=0x2cc) returned 0x1 [0133.951] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00015bd4c*=0x158, lpOverlapped=0x0) returned 1 [0133.952] CloseHandle (hObject=0x2cc) returned 1 [0133.953] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-B3BB9C1BA2D19E090AE305B2683903A0_B89A63AC6877BD1ED812438CE82C3EB8" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-b3bb9c1ba2d19e090ae305b2683903a0_b89a63ac6877bd1ed812438ce82c3eb8"), dwFlags=0x1) returned 1 [0134.017] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0134.017] SetEvent (hEvent=0x30c) returned 1 [0134.018] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.018] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0134.018] SetEvent (hEvent=0x30c) returned 1 [0134.018] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.025] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.045] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.056] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.060] SetEvent (hEvent=0xec) returned 1 [0134.060] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.061] SetEvent (hEvent=0xec) returned 1 [0134.061] SetEvent (hEvent=0x1a0) returned 1 [0134.061] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.062] VirtualFree (lpAddress=0xc000074000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.062] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.062] VirtualFree (lpAddress=0xc00005a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.063] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.063] VirtualFree (lpAddress=0xc00003e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.064] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.064] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x2, lpNumberOfCharsWritten=0xc000129818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000129818*=0x2) returned 1 [0134.066] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.073] SetEvent (hEvent=0x1a0) returned 1 [0134.073] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0134.074] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0134.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0134.076] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0000c3cf4 | out: lpMode=0xc0000c3cf4) returned 0 [0134.077] GetFileType (hFile=0x2f4) returned 0x1 [0134.077] GetFileType (hFile=0x2f4) returned 0x1 [0134.077] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc0000c3d44 | out: lpFileInformation=0xc0000c3d44) returned 1 [0134.077] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc0000c3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c3d28) returned 1 [0134.077] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0134.078] ReadFile (in: hFile=0x2f4, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x394, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc0000c3c04*=0x194, lpOverlapped=0x0) returned 1 [0134.079] ReadFile (in: hFile=0x2f4, lpBuffer=0xc000094194, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094194*, lpNumberOfBytesRead=0xc0000c3c04*=0x0, lpOverlapped=0x0) returned 1 [0134.079] CloseHandle (hObject=0x2f4) returned 1 [0134.079] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0134.080] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0134.088] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0134.088] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC\\*", lpFindFileData=0xc0000c3a08 | out: lpFindFileData=0xc0000c3a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0134.088] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0000c3720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0134.088] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000d6580*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc0000c3808, lpReserved=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfCharsWritten=0xc0000c3808*=0xad) returned 1 [0134.090] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0134.090] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0134.091] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0134.091] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0134.091] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0000c3d64 | out: lpMode=0xc0000c3d64) returned 0 [0134.092] GetFileType (hFile=0x2f4) returned 0x1 [0134.092] WriteFile (in: hFile=0x2f4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0000c3d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.092] CloseHandle (hObject=0x2f4) returned 1 [0134.092] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-d47dbd2f9e3365fbbe008d71fb06716f_4dd1053bcc726da41115fff4c7d6e9cc"), dwFlags=0x1) returned 1 [0134.147] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0134.147] SetEvent (hEvent=0x30c) returned 1 [0134.148] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.149] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.149] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0134.149] SetEvent (hEvent=0x30c) returned 1 [0134.149] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.154] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.154] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.204] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0134.204] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0001cfcf4 | out: lpMode=0xc0001cfcf4) returned 0 [0134.210] GetFileType (hFile=0x2f4) returned 0x1 [0134.210] GetFileType (hFile=0x2f4) returned 0x1 [0134.210] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc0001cfd44 | out: lpFileInformation=0xc0001cfd44) returned 1 [0134.210] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc0001cfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cfd28) returned 1 [0134.210] ReadFile (in: hFile=0x2f4, lpBuffer=0xc000054000, nNumberOfBytesToRead=0x20d, lpNumberOfBytesRead=0xc0001cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesRead=0xc0001cfc04*=0xd, lpOverlapped=0x0) returned 1 [0134.212] ReadFile (in: hFile=0x2f4, lpBuffer=0xc00005400d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005400d*, lpNumberOfBytesRead=0xc0001cfc04*=0x0, lpOverlapped=0x0) returned 1 [0134.212] CloseHandle (hObject=0x2f4) returned 1 [0134.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0134.213] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0001cfd04 | out: lpMode=0xc0001cfd04) returned 0 [0134.221] GetFileType (hFile=0x2f4) returned 0x1 [0134.221] WriteFile (in: hFile=0x2f4, lpBuffer=0xc000010150*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0001cfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000010150*, lpNumberOfBytesWritten=0xc0001cfcec*=0x10, lpOverlapped=0x0) returned 1 [0134.222] CloseHandle (hObject=0x2f4) returned 1 [0134.222] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a101 | out: pbBuffer=0xc00028a101) returned 1 [0134.223] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0134.223] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0134.224] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0134.224] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc0001cfd64 | out: lpMode=0xc0001cfd64) returned 0 [0134.229] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.247] GetFileType (hFile=0x2f4) returned 0x1 [0134.247] WriteFile (in: hFile=0x2f4, lpBuffer=0xc00005c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesWritten=0xc0001cfd4c*=0x158, lpOverlapped=0x0) returned 1 [0134.248] CloseHandle (hObject=0x2f4) returned 1 [0134.248] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0134.248] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0134.249] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0134.249] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\imagesrv.adition[1].xml"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\36USA68T\\encry-imagesrv.adition[1].xml" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\36usa68t\\encry-imagesrv.adition[1].xml"), dwFlags=0x1) returned 1 [0134.251] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.253] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.253] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0134.253] SetEvent (hEvent=0xc0) returned 1 [0134.253] SetEvent (hEvent=0x1a0) returned 1 [0134.254] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.258] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.258] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.273] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.275] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0134.275] SetEvent (hEvent=0xc0) returned 1 [0134.275] SetEvent (hEvent=0xfc) returned 1 [0134.275] SetEvent (hEvent=0x24c) returned 1 [0134.275] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.301] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0134.301] SetEvent (hEvent=0xfc) returned 1 [0134.301] SetEvent (hEvent=0x24c) returned 1 [0134.301] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.306] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.306] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.311] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.311] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.311] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0134.311] SetEvent (hEvent=0xc0) returned 1 [0134.311] SetEvent (hEvent=0x324) returned 1 [0134.311] SetEvent (hEvent=0x12c) returned 1 [0134.312] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.325] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.326] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0134.326] SetEvent (hEvent=0xc0) returned 1 [0134.326] SetEvent (hEvent=0x114) returned 1 [0134.326] SetEvent (hEvent=0x334) returned 1 [0134.326] SetEvent (hEvent=0xec) returned 1 [0134.327] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.333] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.335] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0134.335] SetEvent (hEvent=0x324) returned 1 [0134.335] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.341] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.341] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0134.341] SetEvent (hEvent=0xc0) returned 1 [0134.341] SetEvent (hEvent=0x334) returned 1 [0134.342] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.343] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.343] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.344] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0134.344] SetEvent (hEvent=0x334) returned 1 [0134.344] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.363] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.364] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0134.364] SetEvent (hEvent=0xc0) returned 1 [0134.364] SetEvent (hEvent=0x12c) returned 1 [0134.364] SetEvent (hEvent=0xec) returned 1 [0134.365] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.395] SetEvent (hEvent=0xec) returned 1 [0134.396] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.505] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.505] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0134.505] SetEvent (hEvent=0xec) returned 1 [0134.505] SetEvent (hEvent=0x324) returned 1 [0134.505] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.553] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0134.553] SetEvent (hEvent=0xfc) returned 1 [0134.553] SetEvent (hEvent=0x24c) returned 1 [0134.553] SetEvent (hEvent=0xec) returned 1 [0134.553] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.557] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.557] SetEvent (hEvent=0x24c) returned 1 [0134.557] SetEvent (hEvent=0x30c) returned 1 [0134.557] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.562] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.562] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.563] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0134.563] SetEvent (hEvent=0x334) returned 1 [0134.563] SetEvent (hEvent=0x114) returned 1 [0134.563] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.603] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.604] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0134.604] SetEvent (hEvent=0x334) returned 1 [0134.604] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0134.605] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.605] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.618] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.618] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0134.619] SetEvent (hEvent=0x334) returned 1 [0134.619] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0134.619] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0134.620] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000243cf4 | out: lpMode=0xc000243cf4) returned 0 [0134.629] GetFileType (hFile=0x1ec) returned 0x1 [0134.629] GetFileType (hFile=0x1ec) returned 0x1 [0134.629] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc000243d44 | out: lpFileInformation=0xc000243d44) returned 1 [0134.630] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc000243d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000243d28) returned 1 [0134.630] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0134.631] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x1717, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc000243c04*=0x1517, lpOverlapped=0x0) returned 1 [0134.649] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00003d517, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003d517*, lpNumberOfBytesRead=0xc000243c04*=0x0, lpOverlapped=0x0) returned 1 [0134.650] CloseHandle (hObject=0x1ec) returned 1 [0134.650] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0134.650] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0134.651] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0134.651] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0134.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0134.653] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000243d04 | out: lpMode=0xc000243d04) returned 0 [0134.655] GetFileType (hFile=0x1ec) returned 0x1 [0134.655] WriteFile (in: hFile=0x1ec, lpBuffer=0xc000054000*, nNumberOfBytesToWrite=0x1520, lpNumberOfBytesWritten=0xc000243cec, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesWritten=0xc000243cec*=0x1520, lpOverlapped=0x0) returned 1 [0134.656] CloseHandle (hObject=0x1ec) returned 1 [0134.657] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0134.657] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0134.657] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0134.658] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0134.658] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0134.659] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0134.660] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0134.660] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0134.660] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0134.661] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000243d64 | out: lpMode=0xc000243d64) returned 0 [0134.700] GetFileType (hFile=0x1ec) returned 0x1 [0134.701] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0001ea000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000243d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001ea000*, lpNumberOfBytesWritten=0xc000243d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.701] CloseHandle (hObject=0x1ec) returned 1 [0134.701] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0134.702] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0134.703] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\addressbook.acrodata"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\encry-addressbook.acrodata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\encry-addressbook.acrodata"), dwFlags=0x1) returned 1 [0134.704] VirtualFree (lpAddress=0xc00028c000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0134.705] VirtualFree (lpAddress=0xc000224000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.706] VirtualFree (lpAddress=0xc000212000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0134.706] VirtualFree (lpAddress=0xc000208000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.707] VirtualFree (lpAddress=0xc000204000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.707] VirtualFree (lpAddress=0xc0001de000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.707] VirtualFree (lpAddress=0xc0001b4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.708] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.708] VirtualFree (lpAddress=0xc0001a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.708] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.709] VirtualFree (lpAddress=0xc000160000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0134.709] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0134.709] VirtualFree (lpAddress=0xc000112000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.710] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.710] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0134.711] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9wAeN8VqF.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\9waen8vqf.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0134.711] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0002d9cf4 | out: lpMode=0xc0002d9cf4) returned 0 [0134.753] GetFileType (hFile=0x1ec) returned 0x1 [0134.753] GetFileType (hFile=0x1ec) returned 0x1 [0134.753] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc0002d9d44 | out: lpFileInformation=0xc0002d9d44) returned 1 [0134.753] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc0002d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d9d28) returned 1 [0134.754] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0134.756] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x163ec, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0002d9c04*=0x161ec, lpOverlapped=0x0) returned 1 [0134.758] ReadFile (in: hFile=0x1ec, lpBuffer=0xc0002ba1ec, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ba1ec*, lpNumberOfBytesRead=0xc0002d9c04*=0x0, lpOverlapped=0x0) returned 1 [0134.758] CloseHandle (hObject=0x1ec) returned 1 [0134.758] VirtualAlloc (lpAddress=0xc00031c000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031c000 [0134.778] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9wAeN8VqF.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\9waen8vqf.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0134.780] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0002d9d04 | out: lpMode=0xc0002d9d04) returned 0 [0134.802] GetFileType (hFile=0x1ec) returned 0x1 [0134.802] WriteFile (in: hFile=0x1ec, lpBuffer=0xc00031c000*, nNumberOfBytesToWrite=0x161f0, lpNumberOfBytesWritten=0xc0002d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00031c000*, lpNumberOfBytesWritten=0xc0002d9cec*=0x161f0, lpOverlapped=0x0) returned 1 [0134.805] CloseHandle (hObject=0x1ec) returned 1 [0134.805] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0401 | out: pbBuffer=0xc0002f0401) returned 1 [0134.805] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9wAeN8VqF.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\9waen8vqf.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1ec [0134.805] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0002d9d64 | out: lpMode=0xc0002d9d64) returned 0 [0134.813] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.816] GetFileType (hFile=0x1ec) returned 0x1 [0134.816] WriteFile (in: hFile=0x1ec, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0002d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0134.816] CloseHandle (hObject=0x1ec) returned 1 [0134.816] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\9wAeN8VqF.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\9waen8vqf.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-9wAeN8VqF.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-9waen8vqf.mp3"), dwFlags=0x1) returned 1 [0134.818] SetEvent (hEvent=0x114) returned 1 [0134.818] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.826] VirtualFree (lpAddress=0xc0006e4000, dwSize=0xde000, dwFreeType=0x4000) returned 1 [0134.831] VirtualFree (lpAddress=0xc00058e000, dwSize=0xde000, dwFreeType=0x4000) returned 1 [0134.836] VirtualFree (lpAddress=0xc00031c000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0134.837] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0134.838] VirtualFree (lpAddress=0xc000236000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.838] VirtualFree (lpAddress=0xc000232000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.838] VirtualFree (lpAddress=0xc0001ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.839] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.839] VirtualFree (lpAddress=0xc0001a0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.839] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.840] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.840] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0134.841] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.841] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.842] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.842] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.842] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0134.842] VirtualFree (lpAddress=0xc000054000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0134.843] VirtualFree (lpAddress=0xc00003c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0134.843] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0134.844] SetEvent (hEvent=0x324) returned 1 [0134.844] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.894] SetEvent (hEvent=0x114) returned 1 [0134.894] SetEvent (hEvent=0xec) returned 1 [0134.894] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0134.906] SetEvent (hEvent=0x334) returned 1 [0134.906] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0135.666] SetEvent (hEvent=0x114) returned 1 [0135.667] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0135.667] SetEvent (hEvent=0x114) returned 1 [0135.667] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0135.667] SetEvent (hEvent=0x114) returned 1 [0135.667] SetEvent (hEvent=0xfc) returned 1 [0135.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0135.668] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\*", lpFindFileData=0xc000129530 | out: lpFindFileData=0xc000129530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0135.668] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0135.668] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Dictionaries", cAlternateFileName="DICTIO~1")) returned 1 [0135.668] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000129560 | out: lpFindFileData=0xc000129560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0135.668] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0135.668] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics\\dictionaries"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0135.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\linguistics\\dictionaries"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0135.668] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Linguistics\\Dictionaries\\*", lpFindFileData=0xc000075458 | out: lpFindFileData=0xc000075458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0135.668] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0135.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075488 | out: lpFindFileData=0xc000075488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0135.669] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0135.669] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\logtransport2"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0135.669] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\logtransport2"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0135.669] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\LogTransport2\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0135.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xcd72eaa0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xcd72eaa0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xcd72eaa0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0135.669] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0135.669] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0135.669] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0135.670] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\BEvYNIg0.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bevynig0.flv"), fInfoLevelId=0x0, lpFileInformation=0xc000075850 | out: lpFileInformation=0xc000075850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x479cdf0, ftCreationTime.dwHighDateTime=0x1d5df8a, ftLastAccessTime.dwLowDateTime=0x5ee99a10, ftLastAccessTime.dwHighDateTime=0x1d5e389, ftLastWriteTime.dwLowDateTime=0x5ee99a10, ftLastWriteTime.dwHighDateTime=0x1d5e389, nFileSizeHigh=0x0, nFileSizeLow=0x137e4)) returned 1 [0135.670] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\CZwCUzEmtmNh.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\czwcuzemtmnh.gif"), fInfoLevelId=0x0, lpFileInformation=0xc000075850 | out: lpFileInformation=0xc000075850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5e670ad0, ftCreationTime.dwHighDateTime=0x1d5e732, ftLastAccessTime.dwLowDateTime=0xd9148b40, ftLastAccessTime.dwHighDateTime=0x1d5dde1, ftLastWriteTime.dwLowDateTime=0xd9148b40, ftLastWriteTime.dwHighDateTime=0x1d5dde1, nFileSizeHigh=0x0, nFileSizeLow=0x130e4)) returned 1 [0135.670] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\DBF8dAOE1.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\dbf8daoe1.mp4"), fInfoLevelId=0x0, lpFileInformation=0xc000075850 | out: lpFileInformation=0xc000075850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa65f5850, ftCreationTime.dwHighDateTime=0x1d5dae5, ftLastAccessTime.dwLowDateTime=0x185856a0, ftLastAccessTime.dwHighDateTime=0x1d5e130, ftLastWriteTime.dwLowDateTime=0x185856a0, ftLastWriteTime.dwHighDateTime=0x1d5e130, nFileSizeHigh=0x0, nFileSizeLow=0x3760)) returned 1 [0135.670] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities"), fInfoLevelId=0x0, lpFileInformation=0xc000075850 | out: lpFileInformation=0xc000075850*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0135.671] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0135.671] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\*", lpFindFileData=0xc000075608 | out: lpFindFileData=0xc000075608*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0135.671] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0135.671] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0135.671] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0135.671] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0135.671] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0135.672] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0135.672] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0135.672] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\identities\\{31810c36-5d23-4cce-a3b4-316ded195c38}"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0135.673] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0135.673] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0135.673] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0135.673] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0135.673] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\KmAiPt.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kmaipt.mkv"), fInfoLevelId=0x0, lpFileInformation=0xc000075850 | out: lpFileInformation=0xc000075850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc4887560, ftCreationTime.dwHighDateTime=0x1d5e34a, ftLastAccessTime.dwLowDateTime=0xdc5b8ae0, ftLastAccessTime.dwHighDateTime=0x1d5df8c, ftLastWriteTime.dwLowDateTime=0xdc5b8ae0, ftLastWriteTime.dwHighDateTime=0x1d5df8c, nFileSizeHigh=0x0, nFileSizeLow=0x4afc)) returned 1 [0135.673] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia"), fInfoLevelId=0x0, lpFileInformation=0xc000075850 | out: lpFileInformation=0xc000075850*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6b695060, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6b695060, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0135.673] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0135.673] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\*", lpFindFileData=0xc000075608 | out: lpFindFileData=0xc000075608*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6b695060, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6b695060, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0135.673] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6b695060, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6b695060, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0135.674] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0135.674] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075638 | out: lpFindFileData=0xc000075638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0135.674] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0135.674] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player"), fInfoLevelId=0x0, lpFileInformation=0xc000075778 | out: lpFileInformation=0xc000075778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0135.674] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0135.674] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\*", lpFindFileData=0xc000075530 | out: lpFindFileData=0xc000075530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0135.674] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0135.674] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="#SharedObjects", cAlternateFileName="#SHARE~1")) returned 1 [0135.674] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6b695060, ftCreationTime.dwHighDateTime=0x1d2dda5, ftLastAccessTime.dwLowDateTime=0x6d241020, ftLastAccessTime.dwHighDateTime=0x1d2dda5, ftLastWriteTime.dwLowDateTime=0x6d241020, ftLastWriteTime.dwHighDateTime=0x1d2dda5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="macromedia.com", cAlternateFileName="MACROM~1.COM")) returned 1 [0135.674] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc000075560 | out: lpFindFileData=0xc000075560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0135.674] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0135.674] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects"), fInfoLevelId=0x0, lpFileInformation=0xc0000756a0 | out: lpFileInformation=0xc0000756a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x1d4582b0, ftCreationTime.dwHighDateTime=0x1d35d06, ftLastAccessTime.dwLowDateTime=0x1d4582b0, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0x1d4582b0, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0135.680] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0135.686] SetEvent (hEvent=0xec) returned 1 [0135.686] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0135.687] SetEvent (hEvent=0x334) returned 1 [0135.687] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0135.696] SetEvent (hEvent=0xec) returned 1 [0135.696] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0135.720] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0135.721] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0135.721] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0135.722] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0000c5cf4 | out: lpMode=0xc0000c5cf4) returned 0 [0135.731] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0135.748] GetFileType (hFile=0x240) returned 0x1 [0135.749] GetFileType (hFile=0x240) returned 0x1 [0135.749] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc0000c5d44 | out: lpFileInformation=0xc0000c5d44) returned 1 [0135.749] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc0000c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c5d28) returned 1 [0135.749] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0135.749] ReadFile (in: hFile=0x240, lpBuffer=0xc000180000, nNumberOfBytesToRead=0x5a5, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesRead=0xc0000c5c04*=0x3a5, lpOverlapped=0x0) returned 1 [0136.122] ReadFile (in: hFile=0x240, lpBuffer=0xc0001803a5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001803a5*, lpNumberOfBytesRead=0xc0000c5c04*=0x0, lpOverlapped=0x0) returned 1 [0136.122] CloseHandle (hObject=0x240) returned 1 [0136.122] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0136.123] VirtualAlloc (lpAddress=0xc0001b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b4000 [0136.123] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0136.124] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0000c5d04 | out: lpMode=0xc0000c5d04) returned 0 [0136.127] GetFileType (hFile=0x240) returned 0x1 [0136.127] WriteFile (in: hFile=0x240, lpBuffer=0xc0001b4000*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0xc0000c5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001b4000*, lpNumberOfBytesWritten=0xc0000c5cec*=0x3b0, lpOverlapped=0x0) returned 1 [0136.128] CloseHandle (hObject=0x240) returned 1 [0136.128] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a301 | out: pbBuffer=0xc00028a301) returned 1 [0136.128] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0136.129] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0136.129] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0136.129] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0000c5d64 | out: lpMode=0xc0000c5d64) returned 0 [0136.137] GetFileType (hFile=0x240) returned 0x1 [0136.137] WriteFile (in: hFile=0x240, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0000c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0136.137] CloseHandle (hObject=0x240) returned 1 [0136.137] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\48b76449f3d5fefa1133aa805e420f0fca643651.crl"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Adobe\\Acrobat\\10.0\\Security\\CRLCache\\encry-48B76449F3D5FEFA1133AA805E420F0FCA643651.crl" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\adobe\\acrobat\\10.0\\security\\crlcache\\encry-48b76449f3d5fefa1133aa805e420f0fca643651.crl"), dwFlags=0x1) returned 1 [0136.139] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0136.139] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0136.139] SetEvent (hEvent=0xc0) returned 1 [0136.139] SetEvent (hEvent=0x334) returned 1 [0136.139] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0136.140] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0136.147] SetEvent (hEvent=0x334) returned 1 [0136.147] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0136.154] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0136.155] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0136.157] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0136.157] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0136.157] SetEvent (hEvent=0x334) returned 1 [0136.157] SetEvent (hEvent=0x324) returned 1 [0136.157] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0136.208] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0136.208] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0136.209] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0136.209] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0136.210] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0136.210] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0136.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-3388679973-3930757225-3770151564-1000\\932a2db58c237abd381d22df4c63a04a_0303d5b4-ffe9-470e-9dd8-7d9ec416e53f"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0136.212] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc000243cf4 | out: lpMode=0xc000243cf4) returned 0 [0136.313] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0136.524] SetEvent (hEvent=0x3c8) returned 1 [0136.524] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0136.898] GetFileType (hFile=0x1ec) returned 0x1 [0136.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows media player.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0136.900] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000155cf4 | out: lpMode=0xc000155cf4) returned 0 [0136.901] GetFileType (hFile=0x1b0) returned 0x1 [0136.997] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0137.153] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0137.154] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0137.154] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0137.155] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0006e1cf4 | out: lpMode=0xc0006e1cf4) returned 0 [0137.160] GetFileType (hFile=0x36c) returned 0x1 [0137.160] GetFileType (hFile=0x36c) returned 0x1 [0137.160] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0006e1d44 | out: lpFileInformation=0xc0006e1d44) returned 1 [0137.160] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0006e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e1d28) returned 1 [0137.161] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0137.161] ReadFile (in: hFile=0x36c, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0xae9, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc0006e1c04*=0x8e9, lpOverlapped=0x0) returned 1 [0137.165] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0137.180] ReadFile (in: hFile=0x36c, lpBuffer=0xc00004c8e9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c8e9*, lpNumberOfBytesRead=0xc0006e1c04*=0x0, lpOverlapped=0x0) returned 1 [0137.180] CloseHandle (hObject=0x36c) returned 1 [0137.180] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0137.181] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0006e1d04 | out: lpMode=0xc0006e1d04) returned 0 [0137.184] GetFileType (hFile=0x36c) returned 0x1 [0137.184] WriteFile (in: hFile=0x36c, lpBuffer=0xc0001dc000*, nNumberOfBytesToWrite=0x8f0, lpNumberOfBytesWritten=0xc0006e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001dc000*, lpNumberOfBytesWritten=0xc0006e1cec*=0x8f0, lpOverlapped=0x0) returned 1 [0137.185] CloseHandle (hObject=0x36c) returned 1 [0137.185] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0137.185] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0137.186] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0137.186] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0137.187] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0137.187] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0006e1d64 | out: lpMode=0xc0006e1d64) returned 0 [0137.285] GetFileType (hFile=0x36c) returned 0x1 [0137.285] WriteFile (in: hFile=0x36c, lpBuffer=0xc00003e2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00003e2c0*, lpNumberOfBytesWritten=0xc0006e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0137.285] CloseHandle (hObject=0x36c) returned 1 [0137.285] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\google chrome.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\encry-Google Chrome.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\encry-google chrome.lnk"), dwFlags=0x1) returned 1 [0137.292] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x14c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2e09f968, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2e09f968*=0x36c) returned 1 [0137.292] SuspendThread (hThread=0x36c) returned 0x0 [0137.293] GetThreadContext (in: hThread=0x36c, lpContext=0x2e09f980 | out: lpContext=0x2e09f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00013fd38, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x4922c2, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0137.295] ResumeThread (hThread=0x36c) returned 0x1 [0137.295] CloseHandle (hObject=0x36c) returned 1 [0137.295] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x2ec, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2e09f968, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2e09f968*=0x36c) returned 1 [0137.295] SuspendThread (hThread=0x36c) returned 0x0 [0137.295] GetThreadContext (in: hThread=0x36c, lpContext=0x2e09f980 | out: lpContext=0x2e09f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2cc9fc78, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab149a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0137.295] ResumeThread (hThread=0x36c) returned 0x1 [0137.295] CloseHandle (hObject=0x36c) returned 1 [0137.296] SetEvent (hEvent=0x354) returned 1 [0137.296] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0137.298] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0137.298] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0137.298] SetEvent (hEvent=0xc0) returned 1 [0137.299] SetEvent (hEvent=0xfc) returned 1 [0137.299] SetEvent (hEvent=0x324) returned 1 [0137.299] SetEvent (hEvent=0x12c) returned 1 [0137.299] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0137.311] SetEvent (hEvent=0x12c) returned 1 [0137.311] SetEvent (hEvent=0x324) returned 1 [0137.312] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0137.410] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0137.410] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2e09f968, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2e09f968*=0x384) returned 1 [0137.410] SuspendThread (hThread=0x384) returned 0x0 [0137.410] GetThreadContext (in: hThread=0x384, lpContext=0x2e09f980 | out: lpContext=0x2e09f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x28d0fbb8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab149a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0137.787] ResumeThread (hThread=0x384) returned 0x1 [0137.787] CloseHandle (hObject=0x384) returned 1 [0137.787] SetEvent (hEvent=0x30c) returned 1 [0137.787] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0137.793] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0137.793] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0137.793] SetEvent (hEvent=0x30c) returned 1 [0137.793] SetEvent (hEvent=0x12c) returned 1 [0137.793] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0137.914] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0137.914] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0137.914] SetEvent (hEvent=0xec) returned 1 [0137.914] SetEvent (hEvent=0x30c) returned 1 [0137.915] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0138.015] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0138.015] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x134, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2e09f940, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2e09f940*=0x2f4) returned 1 [0138.016] SuspendThread (hThread=0x2f4) returned 0x0 [0138.016] GetThreadContext (in: hThread=0x2f4, lpContext=0x2e09f950 | out: lpContext=0x2e09f950*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc00014bd38, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x4922c2, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0138.016] SetEvent (hEvent=0xc0) returned 1 [0138.017] ResumeThread (hThread=0x2f4) returned 0x1 [0138.017] CloseHandle (hObject=0x2f4) returned 1 [0138.017] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x398, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2e09f940, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2e09f940*=0x2f4) returned 1 [0138.017] SuspendThread (hThread=0x2f4) returned 0x0 [0138.017] GetThreadContext (in: hThread=0x2f4, lpContext=0x2e09f950 | out: lpContext=0x2e09f950*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2de9fe68, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab177a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0138.017] ResumeThread (hThread=0x2f4) returned 0x1 [0138.017] CloseHandle (hObject=0x2f4) returned 1 [0138.017] SetEvent (hEvent=0x354) returned 1 [0138.017] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0138.126] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x330, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2e09f968, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2e09f968*=0x384) returned 1 [0138.126] SuspendThread (hThread=0x384) returned 0x0 [0138.126] GetThreadContext (in: hThread=0x384, lpContext=0x2e09f980 | out: lpContext=0x2e09f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2ce9fc78, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab149a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0138.127] ResumeThread (hThread=0x384) returned 0x1 [0138.127] CloseHandle (hObject=0x384) returned 1 [0138.127] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0138.138] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0138.138] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0138.139] SetEvent (hEvent=0xc0) returned 1 [0138.139] SetEvent (hEvent=0x334) returned 1 [0138.139] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0138.425] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2f4 [0138.426] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc00020fcf4 | out: lpMode=0xc00020fcf4) returned 0 [0138.531] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0138.550] GetFileType (hFile=0x2f4) returned 0x1 [0138.550] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0138.551] GetFileType (hFile=0x2f4) returned 0x1 [0138.551] GetFileInformationByHandle (in: hFile=0x2f4, lpFileInformation=0xc00020fd44 | out: lpFileInformation=0xc00020fd44) returned 1 [0138.551] GetFileInformationByHandleEx (in: hFile=0x2f4, FileInformationClass=0x9, lpFileInformation=0xc00020fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020fd28) returned 1 [0138.551] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0138.552] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0000b6000, nNumberOfBytesToRead=0x6cc, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesRead=0xc00020fc04*=0x4cc, lpOverlapped=0x0) returned 1 [0138.552] ReadFile (in: hFile=0x2f4, lpBuffer=0xc0000b64cc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b64cc*, lpNumberOfBytesRead=0xc00020fc04*=0x0, lpOverlapped=0x0) returned 1 [0138.552] CloseHandle (hObject=0x2f4) returned 1 [0138.552] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0138.553] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0138.554] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0138.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0138.556] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc00020fd04 | out: lpMode=0xc00020fd04) returned 0 [0138.559] GetFileType (hFile=0x2f4) returned 0x1 [0138.559] WriteFile (in: hFile=0x2f4, lpBuffer=0xc000076000*, nNumberOfBytesToWrite=0x4d0, lpNumberOfBytesWritten=0xc00020fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000076000*, lpNumberOfBytesWritten=0xc00020fcec*=0x4d0, lpOverlapped=0x0) returned 1 [0138.560] CloseHandle (hObject=0x2f4) returned 1 [0138.561] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0138.561] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0138.561] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0138.562] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0138.563] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0138.564] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0138.564] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer (2).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\windows explorer (2).lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2f4 [0138.564] GetConsoleMode (in: hConsoleHandle=0x2f4, lpMode=0xc00020fd64 | out: lpMode=0xc00020fd64) returned 0 [0138.570] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0138.621] SetEvent (hEvent=0x354) returned 1 [0138.621] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0138.808] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0138.815] SetEvent (hEvent=0x354) returned 1 [0138.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0138.816] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000253cf4 | out: lpMode=0xc000253cf4) returned 0 [0138.824] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0138.825] GetFileType (hFile=0x1b0) returned 0x1 [0138.825] GetFileType (hFile=0x1b0) returned 0x1 [0138.825] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000253d44 | out: lpFileInformation=0xc000253d44) returned 1 [0138.825] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000253d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000253d28) returned 1 [0138.826] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00006a800, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006a800*, lpNumberOfBytesRead=0xc000253c04*=0x0, lpOverlapped=0x0) returned 1 [0138.826] CloseHandle (hObject=0x1b0) returned 1 [0138.826] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0138.826] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000253d04 | out: lpMode=0xc000253d04) returned 0 [0138.827] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0138.833] GetFileType (hFile=0x1b0) returned 0x1 [0138.833] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000a03a0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000253cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a03a0*, lpNumberOfBytesWritten=0xc000253cec*=0x10, lpOverlapped=0x0) returned 1 [0138.834] CloseHandle (hObject=0x1b0) returned 1 [0138.834] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0138.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0138.834] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000253d64 | out: lpMode=0xc000253d64) returned 0 [0138.843] GetFileType (hFile=0x1b0) returned 0x1 [0138.843] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000104420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000253d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104420*, lpNumberOfBytesWritten=0xc000253d4c*=0x158, lpOverlapped=0x0) returned 1 [0138.843] CloseHandle (hObject=0x1b0) returned 1 [0138.843] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0138.844] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0138.844] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\rasphone.pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\rasphone.pbk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\encry-rasphone.pbk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\encry-rasphone.pbk"), dwFlags=0x1) returned 1 [0138.846] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0138.846] SetEvent (hEvent=0xec) returned 1 [0138.846] SetEvent (hEvent=0x334) returned 1 [0138.846] SetEvent (hEvent=0x324) returned 1 [0138.847] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0138.853] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0138.853] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0138.941] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0138.941] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0139.039] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0139.039] SetEvent (hEvent=0xc0) returned 1 [0139.039] SetEvent (hEvent=0x30c) returned 1 [0139.039] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0139.562] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0139.562] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0139.624] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0139.624] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0139.624] SetEvent (hEvent=0xc0) returned 1 [0139.624] SetEvent (hEvent=0x12c) returned 1 [0139.624] SetEvent (hEvent=0x324) returned 1 [0139.624] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0139.626] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0139.649] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0139.649] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0139.734] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0139.735] SetEvent (hEvent=0x3c8) returned 1 [0139.735] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0139.797] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0139.797] SetEvent (hEvent=0x334) returned 1 [0139.797] SetEvent (hEvent=0x324) returned 1 [0139.797] SetEvent (hEvent=0xec) returned 1 [0139.798] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0139.807] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0139.807] SetEvent (hEvent=0x324) returned 1 [0139.807] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0139.819] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0139.819] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0139.826] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0139.826] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0139.826] SetEvent (hEvent=0x334) returned 1 [0139.827] SetEvent (hEvent=0x324) returned 1 [0139.827] SetEvent (hEvent=0xfc) returned 1 [0139.827] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0139.860] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0139.867] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0139.867] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0139.867] SetEvent (hEvent=0x30c) returned 1 [0139.867] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0139.874] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0139.901] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0139.901] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0139.909] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0139.910] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0139.910] SetEvent (hEvent=0xc0) returned 1 [0139.910] SetEvent (hEvent=0x3c8) returned 1 [0139.910] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0139.960] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0139.968] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0139.968] SetEvent (hEvent=0xc0) returned 1 [0139.968] SetEvent (hEvent=0x12c) returned 1 [0139.968] SetEvent (hEvent=0x30c) returned 1 [0139.968] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0139.970] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.009] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.009] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.029] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.036] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0140.037] SetEvent (hEvent=0xc0) returned 1 [0140.037] SetEvent (hEvent=0x12c) returned 1 [0140.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.074] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0140.074] SetEvent (hEvent=0xec) returned 1 [0140.075] SetEvent (hEvent=0x30c) returned 1 [0140.075] SetEvent (hEvent=0xfc) returned 1 [0140.075] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.085] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.085] SetEvent (hEvent=0xfc) returned 1 [0140.085] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.090] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.090] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.098] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.098] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0140.098] SetEvent (hEvent=0xc0) returned 1 [0140.098] SetEvent (hEvent=0xec) returned 1 [0140.098] SetEvent (hEvent=0x324) returned 1 [0140.099] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.147] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0140.147] SetEvent (hEvent=0x324) returned 1 [0140.148] SetEvent (hEvent=0x3c8) returned 1 [0140.148] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0140.149] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.156] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.156] SetEvent (hEvent=0x324) returned 1 [0140.156] SetEvent (hEvent=0x30c) returned 1 [0140.156] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.157] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.157] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.158] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.158] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0140.158] SetEvent (hEvent=0x12c) returned 1 [0140.158] SetEvent (hEvent=0xfc) returned 1 [0140.158] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.189] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0140.189] SetEvent (hEvent=0xfc) returned 1 [0140.189] SetEvent (hEvent=0x30c) returned 1 [0140.189] SetEvent (hEvent=0x324) returned 1 [0140.190] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.194] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.194] SetEvent (hEvent=0x30c) returned 1 [0140.194] SetEvent (hEvent=0xec) returned 1 [0140.194] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.200] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.200] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.201] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.201] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0140.201] SetEvent (hEvent=0x354) returned 1 [0140.201] SetEvent (hEvent=0xfc) returned 1 [0140.201] SetEvent (hEvent=0xec) returned 1 [0140.201] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.428] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.428] SwitchToThread () returned 1 [0140.465] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0140.465] SetEvent (hEvent=0xfc) returned 1 [0140.465] SetEvent (hEvent=0xec) returned 1 [0140.465] SetEvent (hEvent=0x30c) returned 1 [0140.465] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0140.467] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.468] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.468] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.471] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.471] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0140.472] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.472] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0140.472] SetEvent (hEvent=0xc0) returned 1 [0140.472] SetEvent (hEvent=0x354) returned 1 [0140.472] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.479] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe30*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.480] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f698, ulCount=0x10, ulNumEntriesRemoved=0x2e09f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f698, ulNumEntriesRemoved=0x2e09f66c) returned 0 [0140.480] SetEvent (hEvent=0xc0) returned 1 [0140.480] SetEvent (hEvent=0x3c8) returned 1 [0140.480] SetEvent (hEvent=0x324) returned 1 [0140.481] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.486] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe08*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.486] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e09f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e09f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e09f6a0, ulNumEntriesRemoved=0x2e09f674) returned 0 [0140.486] SetEvent (hEvent=0x3c8) returned 1 [0140.486] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e09fe18*=0x39c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0140.489] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0140.490] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001d5cf4 | out: lpMode=0xc0001d5cf4) returned 0 [0140.497] GetFileType (hFile=0x36c) returned 0x1 [0140.497] GetFileType (hFile=0x36c) returned 0x1 [0140.497] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0001d5d44 | out: lpFileInformation=0xc0001d5d44) returned 1 [0140.498] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0001d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d5d28) returned 1 [0140.498] ReadFile (in: hFile=0x36c, lpBuffer=0xc000036400, nNumberOfBytesToRead=0x3d4, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000036400*, lpNumberOfBytesRead=0xc0001d5c04*=0x1d4, lpOverlapped=0x0) returned 1 [0140.498] ReadFile (in: hFile=0x36c, lpBuffer=0xc0000365d4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000365d4*, lpNumberOfBytesRead=0xc0001d5c04*=0x0, lpOverlapped=0x0) returned 1 [0140.499] CloseHandle (hObject=0x36c) returned 1 [0140.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0140.499] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-3388679973-3930757225-3770151564-1000\\fbbe72db-afd8-443b-88dd-64b20388700d\\*", lpFindFileData=0xc0001d5a08 | out: lpFindFileData=0xc0001d5a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0140.499] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001d5720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0140.499] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586270*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b9818, lpReserved=0x0 | out: lpBuffer=0xc000586270*, lpNumberOfCharsWritten=0xc0001b9818*=0x3) returned 1 [0140.532] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0140.532] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863d8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cf818, lpReserved=0x0 | out: lpBuffer=0xc0005863d8*, lpNumberOfCharsWritten=0xc0001cf818*=0x3) returned 1 [0140.541] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010088*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004dd818, lpReserved=0x0 | out: lpBuffer=0xc000010088*, lpNumberOfCharsWritten=0xc0004dd818*=0x3) returned 1 [0140.550] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010128*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00027b818, lpReserved=0x0 | out: lpBuffer=0xc000010128*, lpNumberOfCharsWritten=0xc00027b818*=0x3) returned 1 [0140.572] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010248*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000c5818, lpReserved=0x0 | out: lpBuffer=0xc000010248*, lpNumberOfCharsWritten=0xc0000c5818*=0x3) returned 1 [0140.585] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010250*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015f818, lpReserved=0x0 | out: lpBuffer=0xc000010250*, lpNumberOfCharsWritten=0xc00015f818*=0x3) returned 1 [0140.604] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.617] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.619] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0140.620] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000be000*, nNumberOfCharsToWrite=0x61, lpNumberOfCharsWritten=0xc000155808, lpReserved=0x0 | out: lpBuffer=0xc0000be000*, lpNumberOfCharsWritten=0xc000155808*=0x61) returned 1 [0140.623] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.626] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a401 | out: pbBuffer=0xc00028a401) returned 1 [0140.626] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0140.627] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc000155d64 | out: lpMode=0xc000155d64) returned 0 [0140.627] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.675] GetFileType (hFile=0x240) returned 0x1 [0140.675] WriteFile (in: hFile=0x240, lpBuffer=0xc0001e2160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000155d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001e2160*, lpNumberOfBytesWritten=0xc000155d4c*=0x158, lpOverlapped=0x0) returned 1 [0140.676] CloseHandle (hObject=0x240) returned 1 [0140.676] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\credhist"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Protect\\encry-CREDHIST" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\protect\\encry-credhist"), dwFlags=0x1) returned 1 [0140.699] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.701] SetEvent (hEvent=0xfc) returned 1 [0140.701] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.731] SetEvent (hEvent=0x324) returned 1 [0140.731] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.871] SetEvent (hEvent=0xfc) returned 1 [0140.871] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0140.877] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.877] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0140.878] SetEvent (hEvent=0x354) returned 1 [0140.878] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0141.023] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0141.025] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001f9cf4 | out: lpMode=0xc0001f9cf4) returned 0 [0141.025] GetFileType (hFile=0x36c) returned 0x1 [0141.026] GetFileType (hFile=0x36c) returned 0x1 [0141.026] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0001f9d44 | out: lpFileInformation=0xc0001f9d44) returned 1 [0141.026] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0001f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f9d28) returned 1 [0141.026] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0141.026] ReadFile (in: hFile=0x36c, lpBuffer=0xc000124000, nNumberOfBytesToRead=0x265, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesRead=0xc0001f9c04*=0x65, lpOverlapped=0x0) returned 1 [0141.028] ReadFile (in: hFile=0x36c, lpBuffer=0xc000124065, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000124065*, lpNumberOfBytesRead=0xc0001f9c04*=0x0, lpOverlapped=0x0) returned 1 [0141.028] CloseHandle (hObject=0x36c) returned 1 [0141.028] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0141.028] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0141.029] VirtualAlloc (lpAddress=0xc000282000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000282000 [0141.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0141.032] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0001f9d04 | out: lpMode=0xc0001f9d04) returned 0 [0141.038] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0141.192] SetEvent (hEvent=0x114) returned 1 [0141.192] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0141.461] SetEvent (hEvent=0x144) returned 1 [0141.461] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0141.464] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4R9tZtrZGT_1B.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4r9tztrzgt_1b.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x184 [0141.465] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0001adcf4 | out: lpMode=0xc0001adcf4) returned 0 [0141.465] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0141.506] GetFileType (hFile=0x184) returned 0x1 [0141.506] GetFileType (hFile=0x184) returned 0x1 [0141.506] GetFileInformationByHandle (in: hFile=0x184, lpFileInformation=0xc0001add44 | out: lpFileInformation=0xc0001add44) returned 1 [0141.506] GetFileInformationByHandleEx (in: hFile=0x184, FileInformationClass=0x9, lpFileInformation=0xc0001add28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001add28) returned 1 [0141.506] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0141.508] ReadFile (in: hFile=0x184, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x281d, lpNumberOfBytesRead=0xc0001adc04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0001adc04*=0x261d, lpOverlapped=0x0) returned 1 [0142.510] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0143.004] ReadFile (in: hFile=0x184, lpBuffer=0xc00021461d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001adc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021461d*, lpNumberOfBytesRead=0xc0001adc04*=0x0, lpOverlapped=0x0) returned 1 [0143.004] CloseHandle (hObject=0x184) returned 1 [0143.005] VirtualAlloc (lpAddress=0xc0006a0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006a0000 [0143.006] VirtualAlloc (lpAddress=0xc0006a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006a2000 [0143.007] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4R9tZtrZGT_1B.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4r9tztrzgt_1b.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0143.009] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0001add04 | out: lpMode=0xc0001add04) returned 0 [0143.012] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0144.283] GetFileType (hFile=0x184) returned 0x1 [0144.284] WriteFile (in: hFile=0x184, lpBuffer=0xc000606800*, nNumberOfBytesToWrite=0x2620, lpNumberOfBytesWritten=0xc0001adcec, lpOverlapped=0x0 | out: lpBuffer=0xc000606800*, lpNumberOfBytesWritten=0xc0001adcec*=0x2620, lpOverlapped=0x0) returned 1 [0144.285] CloseHandle (hObject=0x184) returned 1 [0144.285] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b101 | out: pbBuffer=0xc00031b101) returned 1 [0144.286] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4R9tZtrZGT_1B.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4r9tztrzgt_1b.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x184 [0144.286] GetConsoleMode (in: hConsoleHandle=0x184, lpMode=0xc0001add64 | out: lpMode=0xc0001add64) returned 0 [0144.294] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0144.629] GetFileType (hFile=0x184) returned 0x1 [0144.629] WriteFile (in: hFile=0x184, lpBuffer=0xc000683340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001add4c, lpOverlapped=0x0 | out: lpBuffer=0xc000683340*, lpNumberOfBytesWritten=0xc0001add4c*=0x158, lpOverlapped=0x0) returned 1 [0144.630] CloseHandle (hObject=0x184) returned 1 [0144.630] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4R9tZtrZGT_1B.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4r9tztrzgt_1b.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-4R9tZtrZGT_1B.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-4r9tztrzgt_1b.lnk"), dwFlags=0x1) returned 1 [0144.631] SetEvent (hEvent=0xb40) returned 1 [0144.631] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0144.638] SetEvent (hEvent=0xc6c) returned 1 [0144.638] SetEvent (hEvent=0xa68) returned 1 [0144.638] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0145.853] SetEvent (hEvent=0xa60) returned 1 [0145.853] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0145.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0145.859] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0145.862] GetFileType (hFile=0x3e0) returned 0x1 [0145.862] GetFileType (hFile=0x3e0) returned 0x1 [0145.862] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc000241d44 | out: lpFileInformation=0xc000241d44) returned 1 [0145.862] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc000241d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000241d28) returned 1 [0145.862] ReadFile (in: hFile=0x3e0, lpBuffer=0xc00005c000, nNumberOfBytesToRead=0x4a6, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesRead=0xc000241c04*=0x2a6, lpOverlapped=0x0) returned 1 [0145.863] ReadFile (in: hFile=0x3e0, lpBuffer=0xc00005c2a6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000241c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005c2a6*, lpNumberOfBytesRead=0xc000241c04*=0x0, lpOverlapped=0x0) returned 1 [0145.863] CloseHandle (hObject=0x3e0) returned 1 [0145.863] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0145.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0145.865] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini\\*", lpFindFileData=0xc000241a08 | out: lpFindFileData=0xc000241a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0145.865] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000241720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0145.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0145.866] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0001c7cf4 | out: lpMode=0xc0001c7cf4) returned 0 [0145.867] GetFileType (hFile=0x3e0) returned 0x1 [0145.867] GetFileType (hFile=0x3e0) returned 0x1 [0145.867] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc0001c7d44 | out: lpFileInformation=0xc0001c7d44) returned 1 [0145.868] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc0001c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c7d28) returned 1 [0145.868] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000124000, nNumberOfBytesToRead=0x718, lpNumberOfBytesRead=0xc0001c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000124000*, lpNumberOfBytesRead=0xc0001c7c04*=0x518, lpOverlapped=0x0) returned 1 [0145.872] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000124518, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000124518*, lpNumberOfBytesRead=0xc0001c7c04*=0x0, lpOverlapped=0x0) returned 1 [0145.872] CloseHandle (hObject=0x3e0) returned 1 [0145.872] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0145.880] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0001c7d04 | out: lpMode=0xc0001c7d04) returned 0 [0145.882] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0146.126] GetFileType (hFile=0x3e0) returned 0x1 [0146.126] WriteFile (in: hFile=0x3e0, lpBuffer=0xc00010e580*, nNumberOfBytesToWrite=0x520, lpNumberOfBytesWritten=0xc0001c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00010e580*, lpNumberOfBytesWritten=0xc0001c7cec*=0x520, lpOverlapped=0x0) returned 1 [0146.127] CloseHandle (hObject=0x3e0) returned 1 [0146.128] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0146.128] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0146.128] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0001c7d64 | out: lpMode=0xc0001c7d64) returned 0 [0146.129] GetFileType (hFile=0x3e0) returned 0x1 [0146.130] WriteFile (in: hFile=0x3e0, lpBuffer=0xc0002906e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002906e0*, lpNumberOfBytesWritten=0xc0001c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.130] CloseHandle (hObject=0x3e0) returned 1 [0146.130] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0146.131] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0146.132] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\encry-Notepad.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\encry-notepad.lnk"), dwFlags=0x1) returned 1 [0146.135] SetEvent (hEvent=0x264) returned 1 [0146.135] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0146.140] SetEvent (hEvent=0xa80) returned 1 [0146.141] SetEvent (hEvent=0x978) returned 1 [0146.141] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0146.161] SetEvent (hEvent=0xa80) returned 1 [0146.161] SetEvent (hEvent=0x2f4) returned 1 [0146.161] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) returned 0x0 [0146.173] SetEvent (hEvent=0xb50) returned 1 [0146.173] WaitForSingleObject (hHandle=0x39c, dwMilliseconds=0xffffffff) Thread: id = 60 os_tid = 0xaf8 [0116.344] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2e29fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2e29fea0*=0x3a4) returned 1 [0116.344] VirtualQuery (in: lpAddress=0x2e29fec0, lpBuffer=0x2e29fec0, dwLength=0x30 | out: lpBuffer=0x2e29fec0*(BaseAddress=0x2e29f000, AllocationBase=0x2e0a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.344] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000072108*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00029f818, lpReserved=0x0 | out: lpBuffer=0xc000072108*, lpNumberOfCharsWritten=0xc00029f818*=0x3) returned 1 [0116.350] GetFileType (hFile=0x32c) returned 0x1 [0116.350] GetFileType (hFile=0x32c) returned 0x1 [0116.350] GetFileInformationByHandle (in: hFile=0x32c, lpFileInformation=0xc000133d44 | out: lpFileInformation=0xc000133d44) returned 1 [0116.350] GetFileInformationByHandleEx (in: hFile=0x32c, FileInformationClass=0x9, lpFileInformation=0xc000133d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000133d28) returned 1 [0116.350] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0116.351] ReadFile (in: hFile=0x32c, lpBuffer=0xc000371000, nNumberOfBytesToRead=0x2bc3, lpNumberOfBytesRead=0xc000133c04, lpOverlapped=0x0 | out: lpBuffer=0xc000371000*, lpNumberOfBytesRead=0xc000133c04*=0x29c3, lpOverlapped=0x0) returned 1 [0116.356] ReadFile (in: hFile=0x32c, lpBuffer=0xc0003739c3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000133c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003739c3*, lpNumberOfBytesRead=0xc000133c04*=0x0, lpOverlapped=0x0) returned 1 [0116.357] CloseHandle (hObject=0x32c) returned 1 [0116.357] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0116.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c8 [0116.535] GetConsoleMode (in: hConsoleHandle=0x3c8, lpMode=0xc000133d04 | out: lpMode=0xc000133d04) returned 0 [0116.537] GetFileType (hFile=0x3c8) returned 0x1 [0116.537] WriteFile (in: hFile=0x3c8, lpBuffer=0xc000280000*, nNumberOfBytesToWrite=0x29d0, lpNumberOfBytesWritten=0xc000133cec, lpOverlapped=0x0 | out: lpBuffer=0xc000280000*, lpNumberOfBytesWritten=0xc000133cec*=0x29d0, lpOverlapped=0x0) returned 1 [0116.539] CloseHandle (hObject=0x3c8) returned 1 [0116.545] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a901 | out: pbBuffer=0xc00031a901) returned 1 [0116.545] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3c8 [0116.545] GetConsoleMode (in: hConsoleHandle=0x3c8, lpMode=0xc000133d64 | out: lpMode=0xc000133d64) returned 0 [0116.545] GetFileType (hFile=0x3c8) returned 0x1 [0116.545] WriteFile (in: hFile=0x3c8, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000133d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc000133d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.546] CloseHandle (hObject=0x3c8) returned 1 [0116.547] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBC0mkg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbc0mkg[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBC0mkg[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbc0mkg[1].jpg"), dwFlags=0x1) returned 1 [0117.159] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4 [0117.159] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x298 [0117.159] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0117.160] SetEvent (hEvent=0x1dc) returned 1 [0117.160] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0117.161] SetEvent (hEvent=0x1dc) returned 1 [0117.161] SetEvent (hEvent=0x340) returned 1 [0117.162] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010150*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a7818, lpReserved=0x0 | out: lpBuffer=0xc000010150*, lpNumberOfCharsWritten=0xc0001a7818*=0x3) returned 1 [0117.162] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0117.165] SetEvent (hEvent=0x39c) returned 1 [0117.165] SetEvent (hEvent=0x1dc) returned 1 [0117.165] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010160*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000139818, lpReserved=0x0 | out: lpBuffer=0xc000010160*, lpNumberOfCharsWritten=0xc000139818*=0x3) returned 1 [0117.167] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000173818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc000173818*=0x3) returned 1 [0117.179] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0006*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000273818, lpReserved=0x0 | out: lpBuffer=0xc0000a0006*, lpNumberOfCharsWritten=0xc000273818*=0x3) returned 1 [0117.181] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0117.198] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00013f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0020*, lpNumberOfCharsWritten=0xc00013f818*=0x3) returned 1 [0117.202] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0117.215] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0117.216] SetEvent (hEvent=0x388) returned 1 [0117.216] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0117.240] SetEvent (hEvent=0x388) returned 1 [0117.241] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0117.241] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00026fcf4 | out: lpMode=0xc00026fcf4) returned 0 [0117.249] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0117.250] GetFileType (hFile=0x1b0) returned 0x1 [0117.250] GetFileType (hFile=0x1b0) returned 0x1 [0117.250] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00026fd44 | out: lpFileInformation=0xc00026fd44) returned 1 [0117.250] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00026fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00026fd28) returned 1 [0117.250] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0117.252] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0xaa4a, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc00026fc04*=0xa84a, lpOverlapped=0x0) returned 1 [0117.255] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0117.284] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00026484a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00026fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00026484a*, lpNumberOfBytesRead=0xc00026fc04*=0x0, lpOverlapped=0x0) returned 1 [0117.284] CloseHandle (hObject=0x1b0) returned 1 [0117.284] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0117.285] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0117.285] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0117.286] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0117.288] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0117.307] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0117.320] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00026fd04 | out: lpMode=0xc00026fd04) returned 0 [0117.323] GetFileType (hFile=0x1b0) returned 0x1 [0117.323] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0002b6000*, nNumberOfBytesToWrite=0xa850, lpNumberOfBytesWritten=0xc00026fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b6000*, lpNumberOfBytesWritten=0xc00026fcec*=0xa850, lpOverlapped=0x0) returned 1 [0117.325] CloseHandle (hObject=0x1b0) returned 1 [0117.329] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0301 | out: pbBuffer=0xc0002f0301) returned 1 [0117.329] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0117.330] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00026fd64 | out: lpMode=0xc00026fd64) returned 0 [0117.336] GetFileType (hFile=0x240) returned 0x1 [0117.336] WriteFile (in: hFile=0x240, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc00026fd4c*=0x158, lpOverlapped=0x0) returned 1 [0117.336] CloseHandle (hObject=0x240) returned 1 [0117.342] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0117.391] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\ga[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\ga[1].js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-ga[1].js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-ga[1].js"), dwFlags=0x1) returned 1 [0118.020] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e29f698, ulCount=0x10, ulNumEntriesRemoved=0x2e29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e29f698, ulNumEntriesRemoved=0x2e29f66c) returned 0 [0118.020] SetEvent (hEvent=0x24c) returned 1 [0118.020] VirtualAlloc (lpAddress=0xc00006a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006a000 [0118.021] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e29fe08*=0x3c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.023] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e29f6a0, ulNumEntriesRemoved=0x2e29f674) returned 0 [0118.023] SetEvent (hEvent=0x24c) returned 1 [0118.023] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e29fe18*=0x3c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.027] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e29fe30*=0x3c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.027] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e29f698, ulCount=0x10, ulNumEntriesRemoved=0x2e29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e29f698, ulNumEntriesRemoved=0x2e29f66c) returned 0 [0118.028] SetEvent (hEvent=0x340) returned 1 [0118.028] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e29fe08*=0x3c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.029] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e29fe08*=0x3c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.029] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e29f6a0, ulNumEntriesRemoved=0x2e29f674) returned 0 [0118.029] SetEvent (hEvent=0x24c) returned 1 [0118.029] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e29fe18*=0x3c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0118.031] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0119.046] SetEvent (hEvent=0x30c) returned 1 [0119.046] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0119.053] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x22c [0119.053] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0119.055] GetFileType (hFile=0x22c) returned 0x1 [0119.055] GetFileType (hFile=0x22c) returned 0x1 [0119.055] GetFileInformationByHandle (in: hFile=0x22c, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0119.055] GetFileInformationByHandleEx (in: hFile=0x22c, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0119.055] VirtualAlloc (lpAddress=0xc000300000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000300000 [0119.057] ReadFile (in: hFile=0x22c, lpBuffer=0xc000300000, nNumberOfBytesToRead=0x21c3, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000300000*, lpNumberOfBytesRead=0xc00024dc04*=0x1fc3, lpOverlapped=0x0) returned 1 [0119.061] ReadFile (in: hFile=0x22c, lpBuffer=0xc000301fc3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000301fc3*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0119.061] CloseHandle (hObject=0x22c) returned 1 [0119.061] VirtualAlloc (lpAddress=0xc000224000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000224000 [0119.061] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0119.108] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc00024dd04 | out: lpMode=0xc00024dd04) returned 0 [0119.109] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0119.169] GetFileType (hFile=0x2b4) returned 0x1 [0119.169] WriteFile (in: hFile=0x2b4, lpBuffer=0xc000224000*, nNumberOfBytesToWrite=0x1fd0, lpNumberOfBytesWritten=0xc00024dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000224000*, lpNumberOfBytesWritten=0xc00024dcec*=0x1fd0, lpOverlapped=0x0) returned 1 [0119.170] CloseHandle (hObject=0x2b4) returned 1 [0119.173] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0119.173] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0119.173] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0119.174] GetFileType (hFile=0x2bc) returned 0x1 [0119.174] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0001c0f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001c0f20*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0119.174] CloseHandle (hObject=0x2bc) returned 1 [0119.177] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC0qlB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc0qlb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBC0qlB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbc0qlb[1].jpg"), dwFlags=0x1) returned 1 [0119.888] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0119.891] SwitchToThread () returned 1 [0119.892] SetEvent (hEvent=0x30c) returned 1 [0119.892] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0119.893] SwitchToThread () returned 1 [0119.894] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0119.897] SwitchToThread () returned 1 [0119.898] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0120.535] SetEvent (hEvent=0x144) returned 1 [0120.535] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0120.536] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d8 [0120.537] GetConsoleMode (in: hConsoleHandle=0x2d8, lpMode=0xc0004dbcf4 | out: lpMode=0xc0004dbcf4) returned 0 [0120.538] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0120.584] GetFileType (hFile=0x2d8) returned 0x1 [0120.584] GetFileType (hFile=0x2d8) returned 0x1 [0120.584] GetFileInformationByHandle (in: hFile=0x2d8, lpFileInformation=0xc0004dbd44 | out: lpFileInformation=0xc0004dbd44) returned 1 [0120.584] GetFileInformationByHandleEx (in: hFile=0x2d8, FileInformationClass=0x9, lpFileInformation=0xc0004dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dbd28) returned 1 [0120.585] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0120.585] ReadFile (in: hFile=0x2d8, lpBuffer=0xc000126000, nNumberOfBytesToRead=0xa19, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000126000*, lpNumberOfBytesRead=0xc0004dbc04*=0x819, lpOverlapped=0x0) returned 1 [0120.589] ReadFile (in: hFile=0x2d8, lpBuffer=0xc000126819, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000126819*, lpNumberOfBytesRead=0xc0004dbc04*=0x0, lpOverlapped=0x0) returned 1 [0120.589] CloseHandle (hObject=0x2d8) returned 1 [0120.589] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0120.590] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0120.636] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0004dbd04 | out: lpMode=0xc0004dbd04) returned 0 [0120.640] GetFileType (hFile=0x384) returned 0x1 [0120.640] WriteFile (in: hFile=0x384, lpBuffer=0xc000160000*, nNumberOfBytesToWrite=0x820, lpNumberOfBytesWritten=0xc0004dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesWritten=0xc0004dbcec*=0x820, lpOverlapped=0x0) returned 1 [0120.641] CloseHandle (hObject=0x384) returned 1 [0120.644] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0801 | out: pbBuffer=0xc0002f0801) returned 1 [0120.644] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0120.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0120.645] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc0004dbd64 | out: lpMode=0xc0004dbd64) returned 0 [0120.647] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0120.659] GetFileType (hFile=0x2b4) returned 0x1 [0120.659] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000d7760*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7760*, lpNumberOfBytesWritten=0xc0004dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0120.659] CloseHandle (hObject=0x2b4) returned 1 [0120.662] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0120.662] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbegjfz[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBEgJfz[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbegjfz[1].jpg"), dwFlags=0x1) returned 1 [0120.913] SetEvent (hEvent=0x39c) returned 1 [0120.913] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0122.303] SetEvent (hEvent=0x320) returned 1 [0122.303] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0123.870] SetEvent (hEvent=0x12c) returned 1 [0123.870] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0123.877] SetEvent (hEvent=0x334) returned 1 [0123.877] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0128.567] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0128.568] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0128.569] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0128.569] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0128.570] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0128.571] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0128.572] SetEvent (hEvent=0x320) returned 1 [0128.572] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010090*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f9818, lpReserved=0x0 | out: lpBuffer=0xc000010090*, lpNumberOfCharsWritten=0xc0000f9818*=0x3) returned 1 [0128.573] SetEvent (hEvent=0x320) returned 1 [0128.573] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010096*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002d5818, lpReserved=0x0 | out: lpBuffer=0xc000010096*, lpNumberOfCharsWritten=0xc0002d5818*=0x3) returned 1 [0128.574] SetEvent (hEvent=0x320) returned 1 [0128.574] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010140*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000275818, lpReserved=0x0 | out: lpBuffer=0xc000010140*, lpNumberOfCharsWritten=0xc000275818*=0x3) returned 1 [0128.575] SetEvent (hEvent=0x320) returned 1 [0128.575] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010146*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000063818, lpReserved=0x0 | out: lpBuffer=0xc000010146*, lpNumberOfCharsWritten=0xc000063818*=0x3) returned 1 [0128.576] SetEvent (hEvent=0x320) returned 1 [0128.576] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010190*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00014d818, lpReserved=0x0 | out: lpBuffer=0xc000010190*, lpNumberOfCharsWritten=0xc00014d818*=0x3) returned 1 [0128.577] SetEvent (hEvent=0x320) returned 1 [0128.577] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d25a0*, nNumberOfCharsToWrite=0x83, lpNumberOfCharsWritten=0xc0000f5808, lpReserved=0x0 | out: lpBuffer=0xc0003d25a0*, lpNumberOfCharsWritten=0xc0000f5808*=0x83) returned 1 [0128.578] SetEvent (hEvent=0x320) returned 1 [0128.578] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a501 | out: pbBuffer=0xc00028a501) returned 1 [0128.578] VirtualAlloc (lpAddress=0xc0000ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ba000 [0128.579] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0130.617] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0000f5d64 | out: lpMode=0xc0000f5d64) returned 0 [0130.629] GetFileType (hFile=0x1b0) returned 0x1 [0130.629] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0000f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0130.630] CloseHandle (hObject=0x1b0) returned 1 [0130.630] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\03J4UQW0\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\temporary internet files\\content.ie5\\03j4uqw0\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0130.682] SwitchToThread () returned 1 [0130.757] SetEvent (hEvent=0x3c0) returned 1 [0130.758] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0131.089] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0131.097] SetEvent (hEvent=0x1b4) returned 1 [0131.097] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0131.114] SetEvent (hEvent=0x1b4) returned 1 [0131.114] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0131.116] SetEvent (hEvent=0x1b4) returned 1 [0131.116] SetEvent (hEvent=0x258) returned 1 [0131.116] SetEvent (hEvent=0x39c) returned 1 [0131.116] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0132.607] SetEvent (hEvent=0x3c0) returned 1 [0132.607] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0132.613] SetEvent (hEvent=0x324) returned 1 [0132.613] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0132.624] SetEvent (hEvent=0x3c0) returned 1 [0132.624] SetEvent (hEvent=0x148) returned 1 [0132.624] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0132.678] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0132.683] SetEvent (hEvent=0x1b4) returned 1 [0132.683] SetEvent (hEvent=0xfc) returned 1 [0132.684] SwitchToThread () returned 1 [0132.783] SwitchToThread () returned 1 [0132.789] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0132.790] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001c0000*, nNumberOfCharsToWrite=0xad, lpNumberOfCharsWritten=0xc000201808, lpReserved=0x0 | out: lpBuffer=0xc0001c0000*, lpNumberOfCharsWritten=0xc000201808*=0xad) returned 1 [0132.797] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0132.798] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0132.798] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0132.799] VirtualAlloc (lpAddress=0xc0001ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ea000 [0132.800] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0132.800] VirtualAlloc (lpAddress=0xc0001ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ee000 [0132.801] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0132.801] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0132.802] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e8 [0132.802] GetConsoleMode (in: hConsoleHandle=0x2e8, lpMode=0xc000201d64 | out: lpMode=0xc000201d64) returned 0 [0132.809] GetFileType (hFile=0x2e8) returned 0x1 [0132.809] WriteFile (in: hFile=0x2e8, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000201d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000201d4c*=0x158, lpOverlapped=0x0) returned 1 [0132.809] CloseHandle (hObject=0x2e8) returned 1 [0132.857] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0132.863] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\encry-1BB09BEEC155258835C193A7AA85AA5B_A7B2B53AF2A12E2CB0A41B96D21D7973" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\encry-1bb09beec155258835c193a7aa85aa5b_a7b2b53af2a12e2cb0a41b96d21d7973"), dwFlags=0x1) returned 1 [0133.021] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0141.091] SetEvent (hEvent=0xec) returned 1 [0141.091] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0141.117] SetEvent (hEvent=0x30c) returned 1 [0141.118] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0141.131] SetEvent (hEvent=0x12c) returned 1 [0141.131] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0141.486] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4dkRC_taB152.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4dkrc_tab152.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d4 [0141.487] GetConsoleMode (in: hConsoleHandle=0x3d4, lpMode=0xc0001a9cf4 | out: lpMode=0xc0001a9cf4) returned 0 [0141.488] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0141.517] GetFileType (hFile=0x3d4) returned 0x1 [0141.518] GetFileType (hFile=0x3d4) returned 0x1 [0141.518] GetFileInformationByHandle (in: hFile=0x3d4, lpFileInformation=0xc0001a9d44 | out: lpFileInformation=0xc0001a9d44) returned 1 [0141.518] GetFileInformationByHandleEx (in: hFile=0x3d4, FileInformationClass=0x9, lpFileInformation=0xc0001a9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a9d28) returned 1 [0141.518] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0141.519] ReadFile (in: hFile=0x3d4, lpBuffer=0xc0002b6000, nNumberOfBytesToRead=0xbee, lpNumberOfBytesRead=0xc0001a9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b6000*, lpNumberOfBytesRead=0xc0001a9c04*=0x9ee, lpOverlapped=0x0) returned 1 [0142.513] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0143.062] SetEvent (hEvent=0x208) returned 1 [0143.062] ReadFile (in: hFile=0x3d4, lpBuffer=0xc0002b69ee, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b69ee*, lpNumberOfBytesRead=0xc0001a9c04*=0x0, lpOverlapped=0x0) returned 1 [0143.062] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0144.349] SetEvent (hEvent=0xbc0) returned 1 [0144.349] CloseHandle (hObject=0x3d4) returned 1 [0144.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4dkRC_taB152.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4dkrc_tab152.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d4 [0144.351] GetConsoleMode (in: hConsoleHandle=0x3d4, lpMode=0xc0001a9d04 | out: lpMode=0xc0001a9d04) returned 0 [0144.354] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0144.796] SetEvent (hEvent=0x9b8) returned 1 [0144.796] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0144.799] SetEvent (hEvent=0x9b8) returned 1 [0144.799] SetEvent (hEvent=0xb70) returned 1 [0144.799] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0144.813] GetFileType (hFile=0x568) returned 0x1 [0144.813] WriteFile (in: hFile=0x568, lpBuffer=0xc0006149a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000149d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006149a0*, lpNumberOfBytesWritten=0xc000149d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.813] CloseHandle (hObject=0x568) returned 1 [0144.814] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0144.815] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0144.816] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\encry-Pictures.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\encry-pictures.library-ms"), dwFlags=0x1) returned 1 [0144.818] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e29f698, ulCount=0x10, ulNumEntriesRemoved=0x2e29f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e29f698, ulNumEntriesRemoved=0x2e29f66c) returned 0 [0144.818] SetEvent (hEvent=0xa78) returned 1 [0144.818] SetEvent (hEvent=0xb10) returned 1 [0144.818] SetEvent (hEvent=0xae0) returned 1 [0144.820] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e29fe08*=0x3c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.821] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0144.821] SetEvent (hEvent=0xae0) returned 1 [0144.822] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e29fe08*=0x3c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.823] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0144.823] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e29fe30*=0x3c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.826] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e29f6a0, ulNumEntriesRemoved=0x2e29f674) returned 0 [0144.826] SetEvent (hEvent=0xa78) returned 1 [0144.826] SetEvent (hEvent=0xb10) returned 1 [0144.826] SetEvent (hEvent=0xae0) returned 1 [0144.826] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e29fe18*=0x3c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.832] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b340 | out: lpFileInformation=0xc00005b340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1a98407e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ea)) returned 1 [0144.833] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b340 | out: lpFileInformation=0xc00005b340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b733f17, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ee)) returned 1 [0144.834] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b340 | out: lpFileInformation=0xc00005b340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2)) returned 1 [0144.834] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0144.835] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0144.836] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\command prompt.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b418 | out: lpFileInformation=0xc00005b418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2a53d8cd, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x500)) returned 1 [0144.837] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0144.838] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc00005b418 | out: lpFileInformation=0xc00005b418*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2a6)) returned 1 [0144.838] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Notepad.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\notepad.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b418 | out: lpFileInformation=0xc00005b418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d73a72a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x518)) returned 1 [0144.840] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0144.841] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Run.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\run.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b418 | out: lpFileInformation=0xc00005b418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfec52d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106)) returned 1 [0144.842] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools"), fInfoLevelId=0x0, lpFileInformation=0xc00005b418 | out: lpFileInformation=0xc00005b418*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0144.842] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0144.842] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\*", lpFindFileData=0xc00005b1d0 | out: lpFindFileData=0xc00005b1d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0144.842] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0144.842] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0d0d6f, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="computer.lnk", cAlternateFileName="")) returned 1 [0144.843] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e084aaf, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Control Panel.lnk", cAlternateFileName="CONTRO~1.LNK")) returned 1 [0144.843] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0144.843] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5df, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (No Add-ons).lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0144.843] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Private Character Editor.lnk", cAlternateFileName="PRIVAT~1.LNK")) returned 1 [0144.843] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.843] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0144.843] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b340 | out: lpFileInformation=0xc00005b340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e084aaf, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106)) returned 1 [0144.844] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc00005b340 | out: lpFileInformation=0xc00005b340*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2e2)) returned 1 [0144.844] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b340 | out: lpFileInformation=0xc00005b340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5df)) returned 1 [0144.845] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b340 | out: lpFileInformation=0xc00005b340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d424a7b, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x51a)) returned 1 [0144.846] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b340 | out: lpFileInformation=0xc00005b340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0d0d6f, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106)) returned 1 [0144.846] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\windows explorer.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b418 | out: lpFileInformation=0xc00005b418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc)) returned 1 [0144.847] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0144.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0144.848] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\*", lpFindFileData=0xc00005b2a8 | out: lpFindFileData=0xc00005b2a8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0144.848] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0144.848] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0144.848] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.848] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0144.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc00005b418 | out: lpFileInformation=0xc00005b418*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0144.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer (64-bit).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer (64-bit).lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x58b)) returned 1 [0144.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d7ae880, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5ad)) returned 1 [0144.850] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0144.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0144.850] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\*", lpFindFileData=0xc00005b2a8 | out: lpFindFileData=0xc00005b2a8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0144.850] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0144.850] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x13e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0144.850] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0387ee, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help.lnk", cAlternateFileName="")) returned 1 [0144.850] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.850] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0144.850] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc00005b418 | out: lpFileInformation=0xc00005b418*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x13e)) returned 1 [0144.851] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b418 | out: lpFileInformation=0xc00005b418*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e0387ee, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106)) returned 1 [0144.851] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0144.852] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0144.852] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\*", lpFindFileData=0xc00005b2a8 | out: lpFindFileData=0xc00005b2a8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0144.852] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0144.852] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0144.852] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.852] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0144.852] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc00005b418 | out: lpFileInformation=0xc00005b418*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0144.852] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1dc)) returned 1 [0144.852] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae)) returned 1 [0144.853] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\templates"), fInfoLevelId=0x0, lpFileInformation=0xc00005b6a0 | out: lpFileInformation=0xc00005b6a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0144.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\templates"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0144.853] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\*", lpFindFileData=0xc00005b458 | out: lpFindFileData=0xc00005b458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0144.854] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xaef15879, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0144.854] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.854] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0144.854] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes"), fInfoLevelId=0x0, lpFileInformation=0xc00005b6a0 | out: lpFileInformation=0xc00005b6a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0144.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0144.855] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\*", lpFindFileData=0xc00005b458 | out: lpFindFileData=0xc00005b458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0144.855] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xef632f84, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0144.855] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd9d7d3c0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x9cfab, dwReserved0=0x0, dwReserved1=0x0, cFileName="TranscodedWallpaper.jpg", cAlternateFileName="TRANSC~1.JPG")) returned 1 [0144.855] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.855] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0144.855] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd9d7d3c0, ftLastWriteTime.dwHighDateTime=0x1d3373f, nFileSizeHigh=0x0, nFileSizeLow=0x9cfab)) returned 1 [0144.855] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word"), fInfoLevelId=0x0, lpFileInformation=0xc00005b778 | out: lpFileInformation=0xc00005b778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0144.863] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0145.641] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0145.641] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\*", lpFindFileData=0xc00005b530 | out: lpFindFileData=0xc00005b530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cb720 [0145.642] FindNextFileW (in: hFindFile=0x7cb720, lpFindFileData=0xc00005b560 | out: lpFindFileData=0xc00005b560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x4f71aa70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.643] FindNextFileW (in: hFindFile=0x7cb720, lpFindFileData=0xc00005b560 | out: lpFindFileData=0xc00005b560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="STARTUP", cAlternateFileName="")) returned 1 [0145.643] FindNextFileW (in: hFindFile=0x7cb720, lpFindFileData=0xc00005b560 | out: lpFindFileData=0xc00005b560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.643] FindClose (in: hFindFile=0x7cb720 | out: hFindFile=0x7cb720) returned 1 [0145.643] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\startup"), fInfoLevelId=0x0, lpFileInformation=0xc00005b6a0 | out: lpFileInformation=0xc00005b6a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0145.643] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\word\\startup"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0145.644] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\*", lpFindFileData=0xc00005b458 | out: lpFindFileData=0xc00005b458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cb720 [0145.644] FindNextFileW (in: hFindFile=0x7cb720, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27c7d150, ftCreationTime.dwHighDateTime=0x1d3aaba, ftLastAccessTime.dwLowDateTime=0x27c7d150, ftLastAccessTime.dwHighDateTime=0x1d3aaba, ftLastWriteTime.dwLowDateTime=0x27c7d150, ftLastWriteTime.dwHighDateTime=0x1d3aaba, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.644] FindNextFileW (in: hFindFile=0x7cb720, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.644] FindClose (in: hFindFile=0x7cb720 | out: hFindFile=0x7cb720) returned 1 [0145.644] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0145.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0145.645] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\*", lpFindFileData=0xc00005b608 | out: lpFindFileData=0xc00005b608*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cb720 [0145.645] FindNextFileW (in: hFindFile=0x7cb720, lpFindFileData=0xc00005b638 | out: lpFindFileData=0xc00005b638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.645] FindNextFileW (in: hFindFile=0x7cb720, lpFindFileData=0xc00005b638 | out: lpFindFileData=0xc00005b638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extensions", cAlternateFileName="EXTENS~1")) returned 1 [0145.645] FindNextFileW (in: hFindFile=0x7cb720, lpFindFileData=0xc00005b638 | out: lpFindFileData=0xc00005b638*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Firefox", cAlternateFileName="")) returned 1 [0145.645] FindNextFileW (in: hFindFile=0x7cb720, lpFindFileData=0xc00005b638 | out: lpFindFileData=0xc00005b638*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.645] FindClose (in: hFindFile=0x7cb720 | out: hFindFile=0x7cb720) returned 1 [0145.645] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\extensions"), fInfoLevelId=0x0, lpFileInformation=0xc00005b778 | out: lpFileInformation=0xc00005b778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0145.651] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\extensions"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0145.651] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Extensions\\*", lpFindFileData=0xc00005b530 | out: lpFindFileData=0xc00005b530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7cb720 [0145.651] FindNextFileW (in: hFindFile=0x7cb720, lpFindFileData=0xc00005b560 | out: lpFindFileData=0xc00005b560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb458e750, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb458e750, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb458e750, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0145.651] FindNextFileW (in: hFindFile=0x7cb720, lpFindFileData=0xc00005b560 | out: lpFindFileData=0xc00005b560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0145.651] FindClose (in: hFindFile=0x7cb720 | out: hFindFile=0x7cb720) returned 1 [0145.651] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox"), fInfoLevelId=0x0, lpFileInformation=0xc00005b778 | out: lpFileInformation=0xc00005b778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0145.673] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0146.165] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0146.165] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*", lpFindFileData=0xc00005b530 | out: lpFindFileData=0xc00005b530*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0146.165] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b560 | out: lpFindFileData=0xc00005b560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0146.166] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b560 | out: lpFindFileData=0xc00005b560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crash Reports", cAlternateFileName="CRASHR~1")) returned 1 [0146.167] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b560 | out: lpFindFileData=0xc00005b560*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0146.167] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b560 | out: lpFindFileData=0xc00005b560*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x6f, dwReserved0=0x0, dwReserved1=0x0, cFileName="profiles.ini", cAlternateFileName="")) returned 1 [0146.167] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b560 | out: lpFindFileData=0xc00005b560*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0146.167] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0146.167] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports"), fInfoLevelId=0x0, lpFileInformation=0xc00005b6a0 | out: lpFileInformation=0xc00005b6a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0146.172] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0146.278] SetEvent (hEvent=0xc24) returned 1 [0146.278] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0146.278] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0146.330] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0146.331] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*", lpFindFileData=0xc00005b458 | out: lpFindFileData=0xc00005b458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0146.331] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0146.333] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallTime20131025151332", cAlternateFileName="INSTAL~1")) returned 1 [0146.333] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0146.333] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0146.333] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0146.334] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa)) returned 1 [0146.339] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles"), fInfoLevelId=0x0, lpFileInformation=0xc00005b6a0 | out: lpFileInformation=0xc00005b6a0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0146.340] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0146.362] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0146.362] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*", lpFindFileData=0xc00005b458 | out: lpFindFileData=0xc00005b458*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0146.363] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0146.363] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 1 [0146.363] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0146.363] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0146.363] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0146.383] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0146.391] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0146.391] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*", lpFindFileData=0xc00005b380 | out: lpFindFileData=0xc00005b380*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0146.406] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0146.416] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0146.435] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb76a6d10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb76a6d10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb76a6d10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="addons.json", cAlternateFileName="ADDONS~1.JSO")) returned 1 [0146.435] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarkbackups", cAlternateFileName="BOOKMA~1")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb47c9bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb47c9bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="cert8.db", cAlternateFileName="")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="compatibility.ini", cAlternateFileName="COMPAT~1.INI")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5e8ce50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5e8ce50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb639bd10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x38000, dwReserved0=0x0, dwReserved1=0x0, cFileName="content-prefs.sqlite", cAlternateFileName="CONTEN~1.SQL")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5ad4bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5ad4bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x83256a10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="cookies.sqlite", cAlternateFileName="COOKIE~1.SQL")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbc374ed0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbc374ed0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbc555e20, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x0, dwReserved1=0x0, cFileName="downloads.sqlite", cAlternateFileName="DOWNLO~1.SQL")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4b81e50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4b81e50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b81e50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x8d, dwReserved0=0x0, dwReserved1=0x0, cFileName="extensions.ini", cAlternateFileName="EXTENS~1.INI")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb45b48b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb45b48b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b0fa30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x70000, dwReserved0=0x0, dwReserved1=0x0, cFileName="extensions.sqlite", cAlternateFileName="EXTENS~1.SQL")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="indexedDB", cAlternateFileName="INDEXE~1")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4815eb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4815eb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="key3.db", cAlternateFileName="")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x850d63f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x850d63f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x850d63f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x501, dwReserved0=0x0, dwReserved1=0x0, cFileName="localstore.rdf", cAlternateFileName="LOCALS~1.RDF")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x85572e90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39, dwReserved0=0x0, dwReserved1=0x0, cFileName="marionette.log", cAlternateFileName="MARION~1.LOG")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb50b6e70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5175550, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb5175550, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xef3, dwReserved0=0x0, dwReserved1=0x0, cFileName="mimeTypes.rdf", cAlternateFileName="MIMETY~1.RDF")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="minidumps", cAlternateFileName="MINIDU~1")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="parent.lock", cAlternateFileName="PARENT~1.LOC")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb43eb830, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb43eb830, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3b3f6e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="permissions.sqlite", cAlternateFileName="PERMIS~1.SQL")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4c1a3d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4c1a3d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x82b58970, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xa00000, dwReserved0=0x0, dwReserved1=0x0, cFileName="places.sqlite", cAlternateFileName="PLACES~1.SQL")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81fbde30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81fbde30, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81fbde30, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe14, dwReserved0=0x0, dwReserved1=0x0, cFileName="pluginreg.dat", cAlternateFileName="PLUGIN~1.DAT")) returned 1 [0146.436] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84c85c10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x853f60d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x12069be0, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0xfde, dwReserved0=0x0, dwReserved1=0x0, cFileName="prefs.js", cAlternateFileName="")) returned 1 [0146.437] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6fa8c70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6fa8c70, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6fa8c70, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4183, dwReserved0=0x0, dwReserved1=0x0, cFileName="search.json", cAlternateFileName="SEARCH~1.JSO")) returned 1 [0146.437] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb477d930, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb477d930, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb47c9bf0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="secmod.db", cAlternateFileName="")) returned 1 [0146.437] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc3787480, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3787480, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="sessionstore.bak", cAlternateFileName="SESSIO~1.BAK")) returned 1 [0146.437] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x84e029d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x84e029d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="sessionstore.js", cAlternateFileName="SESSIO~1.JS")) returned 1 [0146.437] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6f36850, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x50000, dwReserved0=0x0, dwReserved1=0x0, cFileName="signons.sqlite", cAlternateFileName="SIGNON~1.SQL")) returned 1 [0146.437] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="times.json", cAlternateFileName="TIMES~1.JSO")) returned 1 [0146.437] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="webapps", cAlternateFileName="")) returned 1 [0146.437] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3a63b40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x0, dwReserved1=0x0, cFileName="webappsstore.sqlite", cAlternateFileName="WEBAPP~1.SQL")) returned 1 [0146.437] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0146.437] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0146.438] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb76a6d10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb76a6d10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb76a6d10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18)) returned 1 [0146.440] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0146.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0146.444] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*", lpFindFileData=0xc00005b2a8 | out: lpFindFileData=0xc00005b2a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0146.457] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0146.457] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc37c9330, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc37c9330, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc37df2c0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarks-2017-06-05_5.json", cAlternateFileName="BOOKMA~1.JSO")) returned 1 [0146.457] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarks-2017-06-16_5.json", cAlternateFileName="BOOKMA~2.JSO")) returned 1 [0146.457] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0146.457] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0146.458] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json"), fInfoLevelId=0x0, lpFileInformation=0xc00005b418 | out: lpFileInformation=0xc00005b418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc37c9330, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc37c9330, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc37df2c0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xbdb)) returned 1 [0146.460] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json"), fInfoLevelId=0x0, lpFileInformation=0xc00005b418 | out: lpFileInformation=0xc00005b418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb)) returned 1 [0146.461] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb47c9bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb47c9bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0146.463] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xce)) returned 1 [0146.463] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5e8ce50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5e8ce50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb639bd10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x38000)) returned 1 [0146.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5ad4bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5ad4bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x83256a10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0146.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbc374ed0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbc374ed0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbc555e20, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000)) returned 1 [0146.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4b81e50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4b81e50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b81e50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x8d)) returned 1 [0146.467] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb45b48b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb45b48b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b0fa30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x70000)) returned 1 [0146.467] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0146.471] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0146.611] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0146.612] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*", lpFindFileData=0xc00005b2a8 | out: lpFindFileData=0xc00005b2a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0146.612] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0146.612] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="moz-safe-about+home", cAlternateFileName="MOZ-SA~1")) returned 1 [0146.612] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0146.612] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0146.612] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home"), fInfoLevelId=0x0, lpFileInformation=0xc00005b418 | out: lpFileInformation=0xc00005b418*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0146.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0146.613] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*", lpFindFileData=0xc00005b1d0 | out: lpFindFileData=0xc00005b1d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0146.613] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0146.613] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".metadata", cAlternateFileName="METADA~1")) returned 1 [0146.613] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="idb", cAlternateFileName="")) returned 1 [0146.613] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0146.613] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0146.614] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata"), fInfoLevelId=0x0, lpFileInformation=0xc00005b340 | out: lpFileInformation=0xc00005b340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0146.615] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb"), fInfoLevelId=0x0, lpFileInformation=0xc00005b340 | out: lpFileInformation=0xc00005b340*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0146.615] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0146.615] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*", lpFindFileData=0xc00005b0f8 | out: lpFindFileData=0xc00005b0f8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0146.639] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0146.712] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0146.713] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b128 | out: lpFindFileData=0xc00005b128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0146.713] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b128 | out: lpFindFileData=0xc00005b128*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="818200132aebmoouht", cAlternateFileName="818200~1")) returned 1 [0146.714] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0146.715] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b128 | out: lpFindFileData=0xc00005b128*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb81a92d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa0000, dwReserved0=0x0, dwReserved1=0x0, cFileName="818200132aebmoouht.sqlite", cAlternateFileName="818200~1.SQL")) returned 1 [0146.715] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b128 | out: lpFindFileData=0xc00005b128*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0146.715] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0146.716] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0146.717] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0146.718] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0146.817] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht"), fInfoLevelId=0x0, lpFileInformation=0xc00005b268 | out: lpFileInformation=0xc00005b268*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0146.852] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0146.939] SetEvent (hEvent=0xc24) returned 1 [0146.939] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0147.441] SetEvent (hEvent=0xa38) returned 1 [0147.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d0 [0147.442] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc000437cf4 | out: lpMode=0xc000437cf4) returned 0 [0147.443] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0147.504] GetFileType (hFile=0x3d0) returned 0x1 [0147.504] GetFileType (hFile=0x3d0) returned 0x1 [0147.504] GetFileInformationByHandle (in: hFile=0x3d0, lpFileInformation=0xc000437d44 | out: lpFileInformation=0xc000437d44) returned 1 [0147.504] GetFileInformationByHandleEx (in: hFile=0x3d0, FileInformationClass=0x9, lpFileInformation=0xc000437d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000437d28) returned 1 [0147.504] VirtualAlloc (lpAddress=0xc000828000, dwSize=0xa02000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.505] VirtualAlloc (lpAddress=0xc000828000, dwSize=0xa02000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.505] VirtualAlloc (lpAddress=0xc000828000, dwSize=0x501000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.505] VirtualAlloc (lpAddress=0xc000828000, dwSize=0x280000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000828000 [0147.514] VirtualAlloc (lpAddress=0xc000aa8000, dwSize=0x782000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.514] VirtualAlloc (lpAddress=0xc000aa8000, dwSize=0x3c1000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.514] VirtualAlloc (lpAddress=0xc000aa8000, dwSize=0x1e0000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.514] VirtualAlloc (lpAddress=0xc000aa8000, dwSize=0xf0000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000aa8000 [0147.517] VirtualAlloc (lpAddress=0xc000b98000, dwSize=0x692000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.517] VirtualAlloc (lpAddress=0xc000b98000, dwSize=0x349000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.517] VirtualAlloc (lpAddress=0xc000b98000, dwSize=0x1a4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.517] VirtualAlloc (lpAddress=0xc000b98000, dwSize=0xd2000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.517] VirtualAlloc (lpAddress=0xc000b98000, dwSize=0x69000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.517] VirtualAlloc (lpAddress=0xc000b98000, dwSize=0x34000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000b98000 [0147.518] VirtualAlloc (lpAddress=0xc000bcc000, dwSize=0x65e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.518] VirtualAlloc (lpAddress=0xc000bcc000, dwSize=0x32f000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.518] VirtualAlloc (lpAddress=0xc000bcc000, dwSize=0x197000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.518] VirtualAlloc (lpAddress=0xc000bcc000, dwSize=0xcb000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.518] VirtualAlloc (lpAddress=0xc000bcc000, dwSize=0x65000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.519] VirtualAlloc (lpAddress=0xc000bcc000, dwSize=0x32000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000bcc000 [0147.520] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x62c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.520] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x316000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.520] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x18b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.520] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0xc5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.520] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x62000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.520] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x31000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.520] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.520] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.520] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.520] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.520] VirtualAlloc (lpAddress=0xc000bfe000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000bfe000 [0147.521] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x62b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.521] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x315000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.521] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x18a000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.521] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0xc5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.522] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x62000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.522] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x31000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.522] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.522] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.522] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.522] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.522] VirtualAlloc (lpAddress=0xc000bff000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000bff000 [0147.523] VirtualAlloc (lpAddress=0xc000c00000, dwSize=0x62a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000c00000 [0147.825] ReadFile (in: hFile=0x3d0, lpBuffer=0xc000828000, nNumberOfBytesToRead=0xa00200, lpNumberOfBytesRead=0xc000437c04, lpOverlapped=0x0 | out: lpBuffer=0xc000828000*, lpNumberOfBytesRead=0xc000437c04*=0xa00000, lpOverlapped=0x0) returned 1 [0148.971] ReadFile (in: hFile=0x3d0, lpBuffer=0xc001228000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000437c04, lpOverlapped=0x0 | out: lpBuffer=0xc001228000*, lpNumberOfBytesRead=0xc000437c04*=0x0, lpOverlapped=0x0) returned 1 [0148.972] CloseHandle (hObject=0x3d0) returned 1 [0148.972] VirtualAlloc (lpAddress=0xc00122a000, dwSize=0xa02000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.972] VirtualAlloc (lpAddress=0xc00122a000, dwSize=0xa02000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.972] VirtualAlloc (lpAddress=0xc00122a000, dwSize=0x501000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.972] VirtualAlloc (lpAddress=0xc00122a000, dwSize=0x280000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.972] VirtualAlloc (lpAddress=0xc00122a000, dwSize=0x140000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00122a000 [0148.978] VirtualAlloc (lpAddress=0xc00136a000, dwSize=0x8c2000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.978] VirtualAlloc (lpAddress=0xc00136a000, dwSize=0x461000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.978] VirtualAlloc (lpAddress=0xc00136a000, dwSize=0x230000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.978] VirtualAlloc (lpAddress=0xc00136a000, dwSize=0x118000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.979] VirtualAlloc (lpAddress=0xc00136a000, dwSize=0x8c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00136a000 [0148.982] VirtualAlloc (lpAddress=0xc0013f6000, dwSize=0x836000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.982] VirtualAlloc (lpAddress=0xc0013f6000, dwSize=0x41b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.982] VirtualAlloc (lpAddress=0xc0013f6000, dwSize=0x20d000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.982] VirtualAlloc (lpAddress=0xc0013f6000, dwSize=0x106000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.982] VirtualAlloc (lpAddress=0xc0013f6000, dwSize=0x83000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.982] VirtualAlloc (lpAddress=0xc0013f6000, dwSize=0x41000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.982] VirtualAlloc (lpAddress=0xc0013f6000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.983] VirtualAlloc (lpAddress=0xc0013f6000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.983] VirtualAlloc (lpAddress=0xc0013f6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0013f6000 [0148.984] VirtualAlloc (lpAddress=0xc0013fe000, dwSize=0x82e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.984] VirtualAlloc (lpAddress=0xc0013fe000, dwSize=0x417000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.984] VirtualAlloc (lpAddress=0xc0013fe000, dwSize=0x20b000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.984] VirtualAlloc (lpAddress=0xc0013fe000, dwSize=0x105000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.984] VirtualAlloc (lpAddress=0xc0013fe000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.984] VirtualAlloc (lpAddress=0xc0013fe000, dwSize=0x41000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.985] VirtualAlloc (lpAddress=0xc0013fe000, dwSize=0x20000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.985] VirtualAlloc (lpAddress=0xc0013fe000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.985] VirtualAlloc (lpAddress=0xc0013fe000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.985] VirtualAlloc (lpAddress=0xc0013fe000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0148.985] VirtualAlloc (lpAddress=0xc0013fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0013fe000 [0148.986] VirtualAlloc (lpAddress=0xc001400000, dwSize=0x82c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc001400000 [0149.309] SetEvent (hEvent=0xac8) returned 1 [0149.309] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0149.315] SetEvent (hEvent=0xb48) returned 1 [0149.316] SetEvent (hEvent=0xbe8) returned 1 [0149.316] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e29fe08*=0x3c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0149.349] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0149.350] SetEvent (hEvent=0xbe8) returned 1 [0149.350] SetEvent (hEvent=0xbf0) returned 1 [0149.350] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e29fe08*=0x3c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0149.356] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0149.356] SetEvent (hEvent=0xbf0) returned 1 [0149.356] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e29fe08*=0x3c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0149.360] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0149.360] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e29fe30*=0x3c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0149.364] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e29f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e29f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e29f6a0, ulNumEntriesRemoved=0x2e29f674) returned 0 [0149.364] SetEvent (hEvent=0xbf0) returned 1 [0149.365] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e29fe18*=0x3c4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0149.369] SetEvent (hEvent=0xbd8) returned 1 [0149.369] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) returned 0x0 [0149.397] WaitForSingleObject (hHandle=0x3c4, dwMilliseconds=0xffffffff) Thread: id = 61 os_tid = 0x35c [0116.367] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2e49fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2e49fea0*=0x3ac) returned 1 [0116.367] VirtualQuery (in: lpAddress=0x2e49fec0, lpBuffer=0x2e49fec0, dwLength=0x30 | out: lpBuffer=0x2e49fec0*(BaseAddress=0x2e49f000, AllocationBase=0x2e2a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.367] SetEvent (hEvent=0x12c) returned 1 [0116.368] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b0 [0116.368] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b4 [0116.368] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0116.369] SetEvent (hEvent=0x1a0) returned 1 [0116.369] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0141.559] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x40c [0141.560] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc00038bcf4 | out: lpMode=0xc00038bcf4) returned 0 [0141.561] GetFileType (hFile=0x40c) returned 0x1 [0141.561] GetFileType (hFile=0x40c) returned 0x1 [0141.561] GetFileInformationByHandle (in: hFile=0x40c, lpFileInformation=0xc00038bd44 | out: lpFileInformation=0xc00038bd44) returned 1 [0141.561] GetFileInformationByHandleEx (in: hFile=0x40c, FileInformationClass=0x9, lpFileInformation=0xc00038bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00038bd28) returned 1 [0141.561] VirtualAlloc (lpAddress=0xc0004ea000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004ea000 [0141.563] ReadFile (in: hFile=0x40c, lpBuffer=0xc0004ea000, nNumberOfBytesToRead=0x25ff, lpNumberOfBytesRead=0xc00038bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004ea000*, lpNumberOfBytesRead=0xc00038bc04*=0x23ff, lpOverlapped=0x0) returned 1 [0142.647] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0143.863] ReadFile (in: hFile=0x40c, lpBuffer=0xc0004ec3ff, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00038bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004ec3ff*, lpNumberOfBytesRead=0xc00038bc04*=0x0, lpOverlapped=0x0) returned 1 [0143.863] CloseHandle (hObject=0x40c) returned 1 [0143.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40c [0143.865] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc00038bd04 | out: lpMode=0xc00038bd04) returned 0 [0143.867] GetFileType (hFile=0x40c) returned 0x1 [0143.867] WriteFile (in: hFile=0x40c, lpBuffer=0xc000501900*, nNumberOfBytesToWrite=0x2400, lpNumberOfBytesWritten=0xc00038bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000501900*, lpNumberOfBytesWritten=0xc00038bcec*=0x2400, lpOverlapped=0x0) returned 1 [0143.868] CloseHandle (hObject=0x40c) returned 1 [0143.868] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0143.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40c [0143.869] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc00038bd64 | out: lpMode=0xc00038bd64) returned 0 [0143.871] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0144.432] SetEvent (hEvent=0x8b8) returned 1 [0144.432] GetFileType (hFile=0x40c) returned 0x1 [0144.432] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0145.327] WriteFile (in: hFile=0x40c, lpBuffer=0xc0002909a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00038bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002909a0*, lpNumberOfBytesWritten=0xc00038bd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.328] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0145.813] CloseHandle (hObject=0x40c) returned 1 [0145.813] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0145.814] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\be71009ff8bb02a2.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\be71009ff8bb02a2.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\encry-be71009ff8bb02a2.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\encry-be71009ff8bb02a2.customdestinations-ms"), dwFlags=0x1) returned 1 [0146.316] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0146.342] SetEvent (hEvent=0x324) returned 1 [0146.343] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0146.362] SetEvent (hEvent=0xc24) returned 1 [0146.362] SetEvent (hEvent=0x324) returned 1 [0146.362] SetEvent (hEvent=0xc80) returned 1 [0146.362] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0146.383] SetEvent (hEvent=0xc24) returned 1 [0146.383] SetEvent (hEvent=0x3c4) returned 1 [0146.383] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0146.473] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005865d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000063818, lpReserved=0x0 | out: lpBuffer=0xc0005865d0*, lpNumberOfCharsWritten=0xc000063818*=0x4) returned 1 [0146.476] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005865d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002d5818, lpReserved=0x0 | out: lpBuffer=0xc0005865d8*, lpNumberOfCharsWritten=0xc0002d5818*=0x4) returned 1 [0146.480] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0146.601] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206080*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00012b818, lpReserved=0x0 | out: lpBuffer=0xc000206080*, lpNumberOfCharsWritten=0xc00012b818*=0x4) returned 1 [0146.608] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0146.655] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001cb818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc0001cb818*=0x4) returned 1 [0146.666] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0146.668] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010038*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000f7818, lpReserved=0x0 | out: lpBuffer=0xc000010038*, lpNumberOfCharsWritten=0xc0000f7818*=0x4) returned 1 [0146.673] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0146.938] SetEvent (hEvent=0x1f8) returned 1 [0146.938] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0147.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x838 [0147.446] GetConsoleMode (in: hConsoleHandle=0x838, lpMode=0xc000249cf4 | out: lpMode=0xc000249cf4) returned 0 [0147.448] GetFileType (hFile=0x838) returned 0x1 [0147.448] GetFileType (hFile=0x838) returned 0x1 [0147.448] GetFileInformationByHandle (in: hFile=0x838, lpFileInformation=0xc000249d44 | out: lpFileInformation=0xc000249d44) returned 1 [0147.448] GetFileInformationByHandleEx (in: hFile=0x838, FileInformationClass=0x9, lpFileInformation=0xc000249d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000249d28) returned 1 [0147.448] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0147.451] ReadFile (in: hFile=0x838, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x4200, lpNumberOfBytesRead=0xc000249c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000249c04*=0x4000, lpOverlapped=0x0) returned 1 [0148.642] ReadFile (in: hFile=0x838, lpBuffer=0xc0002a8000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000249c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a8000*, lpNumberOfBytesRead=0xc000249c04*=0x0, lpOverlapped=0x0) returned 1 [0148.642] CloseHandle (hObject=0x838) returned 1 [0148.643] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0148.644] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0148.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0149.705] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc000249d04 | out: lpMode=0xc000249d04) returned 0 [0149.706] GetFileType (hFile=0x3d0) returned 0x1 [0149.706] WriteFile (in: hFile=0x3d0, lpBuffer=0xc0002ad000*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0xc000249cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002ad000*, lpNumberOfBytesWritten=0xc000249cec*=0x4010, lpOverlapped=0x0) returned 1 [0149.714] CloseHandle (hObject=0x3d0) returned 1 [0149.747] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3501 | out: pbBuffer=0xc0001c3501) returned 1 [0149.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0 [0149.747] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc000249d64 | out: lpMode=0xc000249d64) returned 0 [0149.835] GetFileType (hFile=0x5a0) returned 0x1 [0149.835] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0149.837] WriteFile (in: hFile=0x5a0, lpBuffer=0xc000072000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000249d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfBytesWritten=0xc000249d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.250] CloseHandle (hObject=0x5a0) returned 1 [0150.381] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0150.382] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-secmod.db"), dwFlags=0x1) returned 1 [0151.764] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0152.308] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0152.309] SetEvent (hEvent=0xab8) returned 1 [0152.309] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0152.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\x3Tqy 4iwG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\x3tqy 4iwg.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x848 [0152.320] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0152.330] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0152.914] SetEvent (hEvent=0x9a8) returned 1 [0152.914] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0153.079] SetEvent (hEvent=0x9f0) returned 1 [0153.079] SetEvent (hEvent=0x9e8) returned 1 [0153.079] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0161.244] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\O6sK.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\o6sk.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6b4 [0162.057] GetConsoleMode (in: hConsoleHandle=0x6b4, lpMode=0xc00015dcf4 | out: lpMode=0xc00015dcf4) returned 0 [0162.410] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) returned 0x0 [0162.569] GetFileType (hFile=0x6b4) returned 0x1 [0162.569] GetFileType (hFile=0x6b4) returned 0x1 [0162.569] GetFileInformationByHandle (in: hFile=0x6b4, lpFileInformation=0xc00015dd44 | out: lpFileInformation=0xc00015dd44) returned 1 [0162.569] GetFileInformationByHandleEx (in: hFile=0x6b4, FileInformationClass=0x9, lpFileInformation=0xc00015dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015dd28) returned 1 [0162.570] ReadFile (in: hFile=0x6b4, lpBuffer=0xc00072e000, nNumberOfBytesToRead=0xf659, lpNumberOfBytesRead=0xc00015dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00072e000*, lpNumberOfBytesRead=0xc00015dc04*=0xf459, lpOverlapped=0x0) returned 1 [0162.572] ReadFile (in: hFile=0x6b4, lpBuffer=0xc00073d459, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00073d459*, lpNumberOfBytesRead=0xc00015dc04*=0x0, lpOverlapped=0x0) returned 1 [0162.572] CloseHandle (hObject=0x6b4) returned 1 [0162.572] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\O6sK.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\o6sk.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6b4 [0162.575] GetConsoleMode (in: hConsoleHandle=0x6b4, lpMode=0xc00015dd04 | out: lpMode=0xc00015dd04) returned 0 [0162.576] GetFileType (hFile=0x6b4) returned 0x1 [0162.576] WriteFile (in: hFile=0x6b4, lpBuffer=0xc00073e000*, nNumberOfBytesToWrite=0xf460, lpNumberOfBytesWritten=0xc00015dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00073e000*, lpNumberOfBytesWritten=0xc00015dcec*=0xf460, lpOverlapped=0x0) returned 1 [0162.580] CloseHandle (hObject=0x6b4) returned 1 [0162.580] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533b01 | out: pbBuffer=0xc000533b01) returned 1 [0162.580] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\O6sK.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\o6sk.wav"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6b4 [0162.580] GetConsoleMode (in: hConsoleHandle=0x6b4, lpMode=0xc00015dd64 | out: lpMode=0xc00015dd64) returned 0 [0162.581] GetFileType (hFile=0x6b4) returned 0x1 [0162.581] WriteFile (in: hFile=0x6b4, lpBuffer=0xc00002c000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00002c000*, lpNumberOfBytesWritten=0xc00015dd4c*=0x158, lpOverlapped=0x0) returned 1 [0162.581] CloseHandle (hObject=0x6b4) returned 1 [0162.581] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\O6sK.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\o6sk.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\encry-O6sK.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\encry-o6sk.wav"), dwFlags=0x1) returned 1 [0162.583] SetEvent (hEvent=0x920) returned 1 [0162.583] WaitForSingleObject (hHandle=0x3b0, dwMilliseconds=0xffffffff) Thread: id = 62 os_tid = 0xaec [0116.375] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2e69fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2e69fea0*=0x3a8) returned 1 [0116.375] VirtualQuery (in: lpAddress=0x2e69fec0, lpBuffer=0x2e69fec0, dwLength=0x30 | out: lpBuffer=0x2e69fec0*(BaseAddress=0x2e69f000, AllocationBase=0x2e4a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.375] SetEvent (hEvent=0x340) returned 1 [0116.375] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x304 [0116.375] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3b8 [0116.375] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.383] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.388] SetEvent (hEvent=0xf4) returned 1 [0116.388] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.402] SetEvent (hEvent=0xf4) returned 1 [0116.402] VirtualFree (lpAddress=0xc0003e4000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0116.403] VirtualFree (lpAddress=0xc000378000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0116.403] VirtualFree (lpAddress=0xc00036c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0116.404] VirtualFree (lpAddress=0xc0002c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.404] VirtualFree (lpAddress=0xc000222000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.405] VirtualFree (lpAddress=0xc000218000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.405] VirtualFree (lpAddress=0xc0001e2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0116.406] VirtualFree (lpAddress=0xc000198000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.406] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.407] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.407] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.408] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.408] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.408] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.409] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.409] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.409] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0116.410] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.410] VirtualFree (lpAddress=0xc0000d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.411] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.411] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.411] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.412] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.412] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.413] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.413] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.413] VirtualFree (lpAddress=0xc00004c000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0116.414] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.414] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.415] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc0000f7818*=0x3) returned 1 [0116.416] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.422] SetEvent (hEvent=0x108) returned 1 [0116.422] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.423] SetEvent (hEvent=0x108) returned 1 [0116.423] SetEvent (hEvent=0xf4) returned 1 [0116.423] VirtualFree (lpAddress=0xc000374000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.423] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.424] VirtualFree (lpAddress=0xc0002cc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.424] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0116.425] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.425] VirtualFree (lpAddress=0xc000182000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.425] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.426] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.426] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.426] VirtualFree (lpAddress=0xc0000ba000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.427] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.427] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.427] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0018*, lpNumberOfCharsWritten=0xc0000f9818*=0x3) returned 1 [0116.429] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.431] SetEvent (hEvent=0x1c4) returned 1 [0116.431] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.432] SetEvent (hEvent=0x1c4) returned 1 [0116.432] SetEvent (hEvent=0xf4) returned 1 [0116.432] VirtualFree (lpAddress=0xc000238000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.432] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.433] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc00018b818*=0x3) returned 1 [0116.435] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.450] SetEvent (hEvent=0x1d0) returned 1 [0116.450] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.451] SetEvent (hEvent=0x1d0) returned 1 [0116.451] SetEvent (hEvent=0xf4) returned 1 [0116.462] VirtualFree (lpAddress=0xc00029a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.481] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.483] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.503] VirtualFree (lpAddress=0xc00006a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.503] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.504] VirtualFree (lpAddress=0xc00003c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.504] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001b5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc0001b5818*=0x3) returned 1 [0116.509] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.517] SetEvent (hEvent=0x8c) returned 1 [0116.517] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.518] SetEvent (hEvent=0x8c) returned 1 [0116.518] SetEvent (hEvent=0xf4) returned 1 [0116.518] VirtualFree (lpAddress=0xc000212000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0116.519] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.519] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.520] VirtualFree (lpAddress=0xc00004e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.520] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc000241818*=0x3) returned 1 [0116.522] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.549] SetEvent (hEvent=0x164) returned 1 [0116.549] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.556] SetEvent (hEvent=0x164) returned 1 [0116.556] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.558] SetEvent (hEvent=0x164) returned 1 [0116.558] SetEvent (hEvent=0xf4) returned 1 [0116.558] SetEvent (hEvent=0x208) returned 1 [0116.558] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.559] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.559] SetEvent (hEvent=0x164) returned 1 [0116.559] SetEvent (hEvent=0x208) returned 1 [0116.559] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.560] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.560] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.561] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.561] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.561] VirtualFree (lpAddress=0xc00004c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0116.562] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0116.562] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0020*, lpNumberOfCharsWritten=0xc00015f818*=0x3) returned 1 [0116.563] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.569] SetEvent (hEvent=0xfc) returned 1 [0116.570] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.570] SetEvent (hEvent=0xfc) returned 1 [0116.570] SetEvent (hEvent=0x208) returned 1 [0116.570] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0116.571] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0018*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00029d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0018*, lpNumberOfCharsWritten=0xc00029d818*=0x3) returned 1 [0116.572] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.576] SetEvent (hEvent=0x208) returned 1 [0116.576] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0116.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0116.577] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00029dcf4 | out: lpMode=0xc00029dcf4) returned 0 [0116.577] GetFileType (hFile=0x2cc) returned 0x1 [0116.577] GetFileType (hFile=0x2cc) returned 0x1 [0116.578] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc00029dd44 | out: lpFileInformation=0xc00029dd44) returned 1 [0116.578] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc00029dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029dd28) returned 1 [0116.578] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0xbef, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc00029dc04*=0x9ef, lpOverlapped=0x0) returned 1 [0116.581] ReadFile (in: hFile=0x2cc, lpBuffer=0xc00004c9ef, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c9ef*, lpNumberOfBytesRead=0xc00029dc04*=0x0, lpOverlapped=0x0) returned 1 [0116.581] CloseHandle (hObject=0x2cc) returned 1 [0116.581] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0116.581] VirtualAlloc (lpAddress=0xc00003e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003e000 [0116.582] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0116.607] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc00029dd04 | out: lpMode=0xc00029dd04) returned 0 [0116.608] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.610] SetEvent (hEvent=0xec) returned 1 [0116.610] GetFileType (hFile=0x2d4) returned 0x1 [0116.610] WriteFile (in: hFile=0x2d4, lpBuffer=0xc00003e000*, nNumberOfBytesToWrite=0x9f0, lpNumberOfBytesWritten=0xc00029dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00003e000*, lpNumberOfBytesWritten=0xc00029dcec*=0x9f0, lpOverlapped=0x0) returned 1 [0116.611] CloseHandle (hObject=0x2d4) returned 1 [0116.612] SwitchToThread () returned 1 [0116.614] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0001 | out: pbBuffer=0xc0002f0001) returned 1 [0116.614] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0116.615] VirtualAlloc (lpAddress=0xc000056000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000056000 [0116.616] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0116.616] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0116.617] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0116.617] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc00029dd64 | out: lpMode=0xc00029dd64) returned 0 [0116.618] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0116.620] SetEvent (hEvent=0xec) returned 1 [0116.620] GetFileType (hFile=0x2d4) returned 0x1 [0116.620] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0116.621] WriteFile (in: hFile=0x2d4, lpBuffer=0xc000036000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000036000*, lpNumberOfBytesWritten=0xc00029dd4c*=0x158, lpOverlapped=0x0) returned 1 [0116.621] CloseHandle (hObject=0x2d4) returned 1 [0116.622] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0116.622] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEeTpB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeetpb[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEeTpB[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbeetpb[1].jpg"), dwFlags=0x1) returned 1 [0117.165] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0117.183] SetEvent (hEvent=0x1dc) returned 1 [0117.183] SetEvent (hEvent=0x9c) returned 1 [0117.183] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0117.184] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEfBbH[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbefbbh[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x380 [0117.185] GetConsoleMode (in: hConsoleHandle=0x380, lpMode=0xc000191cf4 | out: lpMode=0xc000191cf4) returned 0 [0117.188] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0117.193] SetEvent (hEvent=0x1dc) returned 1 [0117.193] GetFileType (hFile=0x380) returned 0x1 [0117.193] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0117.201] SetEvent (hEvent=0x1dc) returned 1 [0117.202] GetFileType (hFile=0x380) returned 0x1 [0117.202] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0117.214] GetFileInformationByHandle (in: hFile=0x380, lpFileInformation=0xc000191d44 | out: lpFileInformation=0xc000191d44) returned 1 [0117.214] GetFileInformationByHandleEx (in: hFile=0x380, FileInformationClass=0x9, lpFileInformation=0xc000191d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000191d28) returned 1 [0117.214] SetEvent (hEvent=0x3c4) returned 1 [0117.215] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0117.249] SetEvent (hEvent=0x388) returned 1 [0117.250] SetEvent (hEvent=0x1dc) returned 1 [0117.250] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0117.258] SetEvent (hEvent=0x388) returned 1 [0117.258] SetEvent (hEvent=0x340) returned 1 [0117.258] SetEvent (hEvent=0x39c) returned 1 [0117.258] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0117.283] SetEvent (hEvent=0x3c4) returned 1 [0117.283] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0117.304] SetEvent (hEvent=0x3c8) returned 1 [0117.304] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0117.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\latest[1].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0117.313] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0002a3cf4 | out: lpMode=0xc0002a3cf4) returned 0 [0117.315] GetFileType (hFile=0x384) returned 0x1 [0117.315] GetFileType (hFile=0x384) returned 0x1 [0117.316] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc0002a3d44 | out: lpFileInformation=0xc0002a3d44) returned 1 [0117.316] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc0002a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a3d28) returned 1 [0117.316] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0117.317] ReadFile (in: hFile=0x384, lpBuffer=0xc000280000, nNumberOfBytesToRead=0x7c43, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000280000*, lpNumberOfBytesRead=0xc0002a3c04*=0x7a43, lpOverlapped=0x0) returned 1 [0117.320] ReadFile (in: hFile=0x384, lpBuffer=0xc000287a43, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000287a43*, lpNumberOfBytesRead=0xc0002a3c04*=0x0, lpOverlapped=0x0) returned 1 [0117.320] CloseHandle (hObject=0x384) returned 1 [0117.320] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0117.321] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\latest[1].eot"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0117.337] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0002a3d04 | out: lpMode=0xc0002a3d04) returned 0 [0117.342] GetFileType (hFile=0x240) returned 0x1 [0117.342] WriteFile (in: hFile=0x240, lpBuffer=0xc000292000*, nNumberOfBytesToWrite=0x7a50, lpNumberOfBytesWritten=0xc0002a3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000292000*, lpNumberOfBytesWritten=0xc0002a3cec*=0x7a50, lpOverlapped=0x0) returned 1 [0117.344] CloseHandle (hObject=0x240) returned 1 [0117.348] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a501 | out: pbBuffer=0xc00031a501) returned 1 [0117.348] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\latest[1].eot"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x308 [0117.348] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc0002a3d64 | out: lpMode=0xc0002a3d64) returned 0 [0117.351] GetFileType (hFile=0x308) returned 0x1 [0117.351] WriteFile (in: hFile=0x308, lpBuffer=0xc0000fc580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000fc580*, lpNumberOfBytesWritten=0xc0002a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.351] CloseHandle (hObject=0x308) returned 1 [0117.356] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\latest[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-latest[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-latest[1].eot"), dwFlags=0x1) returned 1 [0117.976] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e69f698, ulCount=0x10, ulNumEntriesRemoved=0x2e69f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e69f698, ulNumEntriesRemoved=0x2e69f66c) returned 0 [0117.976] SetEvent (hEvent=0x334) returned 1 [0117.977] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0117.978] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e69fe08*=0x304, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0117.980] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0117.980] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e69fe08*=0x304, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0117.984] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e69f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e69f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e69f6a0, ulNumEntriesRemoved=0x2e69f674) returned 0 [0117.984] SetEvent (hEvent=0x24c) returned 1 [0117.985] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e69fe18*=0x304, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0117.991] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0117.991] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0141.538] GetFileType (hFile=0x36c) returned 0x1 [0141.538] WriteFile (in: hFile=0x36c, lpBuffer=0xc00010e0e0*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0xc0001f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00010e0e0*, lpNumberOfBytesWritten=0xc0001f9cec*=0x70, lpOverlapped=0x0) returned 1 [0142.517] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0142.835] CloseHandle (hObject=0x36c) returned 1 [0142.838] SetEvent (hEvent=0x114) returned 1 [0142.838] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0142.843] SetEvent (hEvent=0x1d0) returned 1 [0142.843] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0142.876] SetEvent (hEvent=0x198) returned 1 [0142.876] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0142.991] VirtualFree (lpAddress=0xc00078e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0142.993] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oNHryRMM0bAcl8 0.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\onhryrmm0bacl8 0.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc88 [0142.993] GetConsoleMode (in: hConsoleHandle=0xc88, lpMode=0xc00045bd04 | out: lpMode=0xc00045bd04) returned 0 [0142.999] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0144.250] SetEvent (hEvent=0xbc0) returned 1 [0144.250] GetFileType (hFile=0xc88) returned 0x1 [0144.250] WriteFile (in: hFile=0xc88, lpBuffer=0xc00061b000*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0xc00045bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00061b000*, lpNumberOfBytesWritten=0xc00045bcec*=0xf20, lpOverlapped=0x0) returned 1 [0144.252] CloseHandle (hObject=0xc88) returned 1 [0144.252] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b501 | out: pbBuffer=0xc00031b501) returned 1 [0144.252] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oNHryRMM0bAcl8 0.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\onhryrmm0bacl8 0.flv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc88 [0144.252] GetConsoleMode (in: hConsoleHandle=0xc88, lpMode=0xc00045bd64 | out: lpMode=0xc00045bd64) returned 0 [0144.261] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0144.612] GetFileType (hFile=0xc88) returned 0x1 [0144.612] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0145.111] WriteFile (in: hFile=0xc88, lpBuffer=0xc000614580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00045bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614580*, lpNumberOfBytesWritten=0xc00045bd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.111] CloseHandle (hObject=0xc88) returned 1 [0145.256] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0145.257] VirtualAlloc (lpAddress=0xc000226000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000226000 [0145.259] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oNHryRMM0bAcl8 0.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\onhryrmm0bacl8 0.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-oNHryRMM0bAcl8 0.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-onhryrmm0bacl8 0.flv.lnk"), dwFlags=0x1) returned 1 [0146.264] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0146.314] SetEvent (hEvent=0x324) returned 1 [0146.314] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0146.326] SetEvent (hEvent=0x3c4) returned 1 [0146.326] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0146.676] SetEvent (hEvent=0x1f8) returned 1 [0146.676] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0146.854] VirtualFree (lpAddress=0xc0002ea000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0146.856] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.856] VirtualFree (lpAddress=0xc0002d0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.857] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.858] SetEvent (hEvent=0xbd8) returned 1 [0146.858] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0147.918] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ODSPCiJy6FPPAz71hM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\odspcijy6fppaz71hm.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x584 [0147.918] GetConsoleMode (in: hConsoleHandle=0x584, lpMode=0xc000137cf4 | out: lpMode=0xc000137cf4) returned 0 [0147.925] GetFileType (hFile=0x584) returned 0x1 [0147.925] GetFileType (hFile=0x584) returned 0x1 [0147.925] GetFileInformationByHandle (in: hFile=0x584, lpFileInformation=0xc000137d44 | out: lpFileInformation=0xc000137d44) returned 1 [0147.925] GetFileInformationByHandleEx (in: hFile=0x584, FileInformationClass=0x9, lpFileInformation=0xc000137d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000137d28) returned 1 [0147.925] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0147.927] ReadFile (in: hFile=0x584, lpBuffer=0xc0002fe000, nNumberOfBytesToRead=0xf756, lpNumberOfBytesRead=0xc000137c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fe000*, lpNumberOfBytesRead=0xc000137c04*=0xf556, lpOverlapped=0x0) returned 1 [0148.554] ReadFile (in: hFile=0x584, lpBuffer=0xc00030d556, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000137c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030d556*, lpNumberOfBytesRead=0xc000137c04*=0x0, lpOverlapped=0x0) returned 1 [0148.554] CloseHandle (hObject=0x584) returned 1 [0148.554] VirtualAlloc (lpAddress=0xc000634000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000634000 [0148.581] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ODSPCiJy6FPPAz71hM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\odspcijy6fppaz71hm.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0149.707] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000137d04 | out: lpMode=0xc000137d04) returned 0 [0149.708] GetFileType (hFile=0x6a4) returned 0x1 [0149.708] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000634000*, nNumberOfBytesToWrite=0xf560, lpNumberOfBytesWritten=0xc000137cec, lpOverlapped=0x0 | out: lpBuffer=0xc000634000*, lpNumberOfBytesWritten=0xc000137cec*=0xf560, lpOverlapped=0x0) returned 1 [0149.735] CloseHandle (hObject=0x6a4) returned 1 [0149.940] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b201 | out: pbBuffer=0xc00031b201) returned 1 [0149.940] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0149.942] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0149.943] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0149.945] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0149.946] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ODSPCiJy6FPPAz71hM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\odspcijy6fppaz71hm.odt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x808 [0149.947] GetConsoleMode (in: hConsoleHandle=0x808, lpMode=0xc000137d64 | out: lpMode=0xc000137d64) returned 0 [0150.138] GetFileType (hFile=0x808) returned 0x1 [0150.138] WriteFile (in: hFile=0x808, lpBuffer=0xc000072420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000137d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000072420*, lpNumberOfBytesWritten=0xc000137d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.252] CloseHandle (hObject=0x808) returned 1 [0150.369] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0150.377] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ODSPCiJy6FPPAz71hM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\odspcijy6fppaz71hm.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-ODSPCiJy6FPPAz71hM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-odspcijy6fppaz71hm.odt"), dwFlags=0x1) returned 1 [0152.175] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0152.356] SetEvent (hEvent=0x9f0) returned 1 [0152.356] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0152.361] SetEvent (hEvent=0x9f0) returned 1 [0152.361] SetEvent (hEvent=0xbd0) returned 1 [0152.361] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0152.398] SetEvent (hEvent=0x9f0) returned 1 [0152.398] SetEvent (hEvent=0xb48) returned 1 [0152.398] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0152.426] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x494 [0152.428] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc0001a5cf4 | out: lpMode=0xc0001a5cf4) returned 0 [0152.430] GetFileType (hFile=0x494) returned 0x1 [0152.430] GetFileType (hFile=0x494) returned 0x1 [0152.430] GetFileInformationByHandle (in: hFile=0x494, lpFileInformation=0xc0001a5d44 | out: lpFileInformation=0xc0001a5d44) returned 1 [0152.430] GetFileInformationByHandleEx (in: hFile=0x494, FileInformationClass=0x9, lpFileInformation=0xc0001a5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a5d28) returned 1 [0152.430] ReadFile (in: hFile=0x494, lpBuffer=0xc00006c580, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c580*, lpNumberOfBytesRead=0xc0001a5c04*=0x85, lpOverlapped=0x0) returned 1 [0152.452] ReadFile (in: hFile=0x494, lpBuffer=0xc00006c605, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c605*, lpNumberOfBytesRead=0xc0001a5c04*=0x0, lpOverlapped=0x0) returned 1 [0152.452] CloseHandle (hObject=0x494) returned 1 [0152.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494 [0152.454] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc0001a5d04 | out: lpMode=0xc0001a5d04) returned 0 [0152.571] GetFileType (hFile=0x494) returned 0x1 [0152.571] WriteFile (in: hFile=0x494, lpBuffer=0xc000126900*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc0001a5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000126900*, lpNumberOfBytesWritten=0xc0001a5cec*=0x90, lpOverlapped=0x0) returned 1 [0152.572] CloseHandle (hObject=0x494) returned 1 [0152.572] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533901 | out: pbBuffer=0xc000533901) returned 1 [0152.572] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494 [0152.572] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc0001a5d64 | out: lpMode=0xc0001a5d64) returned 0 [0152.609] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0152.898] GetFileType (hFile=0x494) returned 0x1 [0152.898] WriteFile (in: hFile=0x494, lpBuffer=0xc000104b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104b00*, lpNumberOfBytesWritten=0xc0001a5d4c*=0x158, lpOverlapped=0x0) returned 1 [0152.898] CloseHandle (hObject=0x494) returned 1 [0152.898] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn sports.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\encry-MSN Sports.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\encry-msn sports.url"), dwFlags=0x1) returned 1 [0152.900] VirtualFree (lpAddress=0xc000498000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0152.901] VirtualFree (lpAddress=0xc000358000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0152.903] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0152.903] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0152.904] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.905] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.905] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.906] SetEvent (hEvent=0x354) returned 1 [0152.906] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0152.914] SetEvent (hEvent=0x9f0) returned 1 [0152.914] SetEvent (hEvent=0x264) returned 1 [0152.914] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0161.251] SetEvent (hEvent=0x354) returned 1 [0161.252] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\YihWu5R2TptPSX1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\yihwu5r2tptpsx1.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x854 [0162.054] GetConsoleMode (in: hConsoleHandle=0x854, lpMode=0xc0002abcf4 | out: lpMode=0xc0002abcf4) returned 0 [0162.408] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) returned 0x0 [0162.438] GetFileType (hFile=0x854) returned 0x1 [0162.439] VirtualAlloc (lpAddress=0xc000334000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000334000 [0162.441] VirtualAlloc (lpAddress=0xc000336000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000336000 [0162.442] GetFileType (hFile=0x854) returned 0x1 [0162.442] GetFileInformationByHandle (in: hFile=0x854, lpFileInformation=0xc0002abd44 | out: lpFileInformation=0xc0002abd44) returned 1 [0162.442] GetFileInformationByHandleEx (in: hFile=0x854, FileInformationClass=0x9, lpFileInformation=0xc0002abd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002abd28) returned 1 [0162.442] VirtualAlloc (lpAddress=0xc00033c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033c000 [0162.443] VirtualAlloc (lpAddress=0xc0006b4000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006b4000 [0162.446] ReadFile (in: hFile=0x854, lpBuffer=0xc0006b4000, nNumberOfBytesToRead=0xe914, lpNumberOfBytesRead=0xc0002abc04, lpOverlapped=0x0 | out: lpBuffer=0xc0006b4000*, lpNumberOfBytesRead=0xc0002abc04*=0xe714, lpOverlapped=0x0) returned 1 [0162.448] ReadFile (in: hFile=0x854, lpBuffer=0xc0006c2714, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002abc04, lpOverlapped=0x0 | out: lpBuffer=0xc0006c2714*, lpNumberOfBytesRead=0xc0002abc04*=0x0, lpOverlapped=0x0) returned 1 [0162.448] CloseHandle (hObject=0x854) returned 1 [0162.448] VirtualAlloc (lpAddress=0xc000340000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000340000 [0162.449] VirtualAlloc (lpAddress=0xc000342000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000342000 [0162.450] VirtualAlloc (lpAddress=0xc00036e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036e000 [0162.451] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\YihWu5R2TptPSX1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\yihwu5r2tptpsx1.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0162.454] GetConsoleMode (in: hConsoleHandle=0x854, lpMode=0xc0002abd04 | out: lpMode=0xc0002abd04) returned 0 [0162.456] GetFileType (hFile=0x854) returned 0x1 [0162.456] WriteFile (in: hFile=0x854, lpBuffer=0xc00070c000*, nNumberOfBytesToWrite=0xe720, lpNumberOfBytesWritten=0xc0002abcec, lpOverlapped=0x0 | out: lpBuffer=0xc00070c000*, lpNumberOfBytesWritten=0xc0002abcec*=0xe720, lpOverlapped=0x0) returned 1 [0162.460] CloseHandle (hObject=0x854) returned 1 [0162.460] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0162.460] VirtualAlloc (lpAddress=0xc000372000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000372000 [0162.462] VirtualAlloc (lpAddress=0xc00037e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037e000 [0162.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\YihWu5R2TptPSX1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\yihwu5r2tptpsx1.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0162.500] GetConsoleMode (in: hConsoleHandle=0x854, lpMode=0xc0002abd64 | out: lpMode=0xc0002abd64) returned 0 [0162.500] GetFileType (hFile=0x854) returned 0x1 [0162.500] WriteFile (in: hFile=0x854, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002abd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0002abd4c*=0x158, lpOverlapped=0x0) returned 1 [0162.501] CloseHandle (hObject=0x854) returned 1 [0162.501] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\YihWu5R2TptPSX1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\yihwu5r2tptpsx1.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\encry-YihWu5R2TptPSX1.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\encry-yihwu5r2tptpsx1.mp3"), dwFlags=0x1) returned 1 [0162.503] SetEvent (hEvent=0x8e8) returned 1 [0162.503] WaitForSingleObject (hHandle=0x304, dwMilliseconds=0xffffffff) Thread: id = 63 os_tid = 0xb04 [0116.379] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2e89fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2e89fea0*=0x218) returned 1 [0116.379] VirtualQuery (in: lpAddress=0x2e89fec0, lpBuffer=0x2e89fec0, dwLength=0x30 | out: lpBuffer=0x2e89fec0*(BaseAddress=0x2e89f000, AllocationBase=0x2e6a0000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0116.379] GetFileType (hFile=0x2b4) returned 0x1 [0116.379] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0003e4000*, nNumberOfBytesToWrite=0xacb0, lpNumberOfBytesWritten=0xc000141cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003e4000*, lpNumberOfBytesWritten=0xc000141cec*=0xacb0, lpOverlapped=0x0) returned 1 [0116.381] CloseHandle (hObject=0x2b4) returned 1 [0116.383] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031bb01 | out: pbBuffer=0xc00031bb01) returned 1 [0116.383] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x28c [0116.383] GetConsoleMode (in: hConsoleHandle=0x28c, lpMode=0xc000141d64 | out: lpMode=0xc000141d64) returned 0 [0116.387] GetFileType (hFile=0x28c) returned 0x1 [0116.387] WriteFile (in: hFile=0x28c, lpBuffer=0xc0000bef20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000141d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000bef20*, lpNumberOfBytesWritten=0xc000141d4c*=0x158, lpOverlapped=0x0) returned 1 [0116.388] CloseHandle (hObject=0x28c) returned 1 [0116.402] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\BBEdDNm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\bbeddnm[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-BBEdDNm[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-bbeddnm[1].jpg"), dwFlags=0x1) returned 1 [0117.038] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.039] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0117.039] SetEvent (hEvent=0x340) returned 1 [0117.039] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x28c [0117.039] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x32c [0117.039] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0117.348] SetEvent (hEvent=0x198) returned 1 [0117.348] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0117.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MemMDL2.2.17[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\memmdl2.2.17[1].eot"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x308 [0117.352] GetConsoleMode (in: hConsoleHandle=0x308, lpMode=0xc0000f7cf4 | out: lpMode=0xc0000f7cf4) returned 0 [0117.353] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0117.412] GetFileType (hFile=0x308) returned 0x1 [0117.412] GetFileType (hFile=0x308) returned 0x1 [0117.412] GetFileInformationByHandle (in: hFile=0x308, lpFileInformation=0xc0000f7d44 | out: lpFileInformation=0xc0000f7d44) returned 1 [0117.412] GetFileInformationByHandleEx (in: hFile=0x308, FileInformationClass=0x9, lpFileInformation=0xc0000f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f7d28) returned 1 [0117.413] VirtualAlloc (lpAddress=0xc00038c000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00038c000 [0117.415] ReadFile (in: hFile=0x308, lpBuffer=0xc00038c000, nNumberOfBytesToRead=0x1a314, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00038c000*, lpNumberOfBytesRead=0xc0000f7c04*=0x1a114, lpOverlapped=0x0) returned 1 [0117.420] ReadFile (in: hFile=0x308, lpBuffer=0xc0003a6114, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003a6114*, lpNumberOfBytesRead=0xc0000f7c04*=0x0, lpOverlapped=0x0) returned 1 [0117.420] CloseHandle (hObject=0x308) returned 1 [0117.420] VirtualAlloc (lpAddress=0xc0003a8000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003a8000 [0117.422] VirtualAlloc (lpAddress=0xc0001e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e6000 [0117.423] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MemMDL2.2.17[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\memmdl2.2.17[1].eot"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0117.480] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc0000f7d04 | out: lpMode=0xc0000f7d04) returned 0 [0117.483] GetFileType (hFile=0x2d4) returned 0x1 [0117.483] WriteFile (in: hFile=0x2d4, lpBuffer=0xc0003a8000*, nNumberOfBytesToWrite=0x1a120, lpNumberOfBytesWritten=0xc0000f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003a8000*, lpNumberOfBytesWritten=0xc0000f7cec*=0x1a120, lpOverlapped=0x0) returned 1 [0117.486] CloseHandle (hObject=0x2d4) returned 1 [0117.496] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e0d01 | out: pbBuffer=0xc0000e0d01) returned 1 [0117.496] VirtualAlloc (lpAddress=0xc0003da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003da000 [0117.497] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MemMDL2.2.17[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\memmdl2.2.17[1].eot"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0117.497] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0000f7d64 | out: lpMode=0xc0000f7d64) returned 0 [0117.506] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0117.710] GetFileType (hFile=0x1b0) returned 0x1 [0117.710] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000183080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000183080*, lpNumberOfBytesWritten=0xc0000f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0117.711] CloseHandle (hObject=0x1b0) returned 1 [0117.712] VirtualAlloc (lpAddress=0xc0003f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f6000 [0117.713] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\MemMDL2.2.17[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\memmdl2.2.17[1].eot"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\IKQEEPZR\\encry-MemMDL2.2.17[1].eot" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\ikqeepzr\\encry-memmdl2.2.17[1].eot"), dwFlags=0x1) returned 1 [0118.291] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0118.296] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0118.821] SetEvent (hEvent=0x1dc) returned 1 [0118.821] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0118.822] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2d4 [0118.823] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc00015bcf4 | out: lpMode=0xc00015bcf4) returned 0 [0118.823] GetFileType (hFile=0x2d4) returned 0x1 [0118.824] GetFileType (hFile=0x2d4) returned 0x1 [0118.824] GetFileInformationByHandle (in: hFile=0x2d4, lpFileInformation=0xc00015bd44 | out: lpFileInformation=0xc00015bd44) returned 1 [0118.824] GetFileInformationByHandleEx (in: hFile=0x2d4, FileInformationClass=0x9, lpFileInformation=0xc00015bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015bd28) returned 1 [0118.824] ReadFile (in: hFile=0x2d4, lpBuffer=0xc0000e9500, nNumberOfBytesToRead=0x9bb, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e9500*, lpNumberOfBytesRead=0xc00015bc04*=0x7bb, lpOverlapped=0x0) returned 1 [0118.830] ReadFile (in: hFile=0x2d4, lpBuffer=0xc0000e9cbb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e9cbb*, lpNumberOfBytesRead=0xc00015bc04*=0x0, lpOverlapped=0x0) returned 1 [0118.830] CloseHandle (hObject=0x2d4) returned 1 [0118.830] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0118.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3cc [0118.833] GetConsoleMode (in: hConsoleHandle=0x3cc, lpMode=0xc00015bd04 | out: lpMode=0xc00015bd04) returned 0 [0118.835] GetFileType (hFile=0x3cc) returned 0x1 [0118.835] WriteFile (in: hFile=0x3cc, lpBuffer=0xc0001b6800*, nNumberOfBytesToWrite=0x7c0, lpNumberOfBytesWritten=0xc00015bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001b6800*, lpNumberOfBytesWritten=0xc00015bcec*=0x7c0, lpOverlapped=0x0) returned 1 [0118.836] CloseHandle (hObject=0x3cc) returned 1 [0118.837] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031a201 | out: pbBuffer=0xc00031a201) returned 1 [0118.837] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0118.837] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0118.838] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2d4 [0118.838] GetConsoleMode (in: hConsoleHandle=0x2d4, lpMode=0xc00015bd64 | out: lpMode=0xc00015bd64) returned 0 [0118.838] GetFileType (hFile=0x2d4) returned 0x1 [0118.838] WriteFile (in: hFile=0x2d4, lpBuffer=0xc0000d82c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d82c0*, lpNumberOfBytesWritten=0xc00015bd4c*=0x158, lpOverlapped=0x0) returned 1 [0118.838] CloseHandle (hObject=0x2d4) returned 1 [0118.839] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc06ub[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-BBC06Ub[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-bbc06ub[1].jpg"), dwFlags=0x1) returned 1 [0118.854] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f698, ulCount=0x10, ulNumEntriesRemoved=0x2e89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f698, ulNumEntriesRemoved=0x2e89f66c) returned 0 [0118.854] SetEvent (hEvent=0x30c) returned 1 [0118.854] SetEvent (hEvent=0x29c) returned 1 [0118.854] SetEvent (hEvent=0x13c) returned 1 [0118.854] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe08*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.857] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0118.857] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe08*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.866] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0118.866] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f6a0, ulNumEntriesRemoved=0x2e89f674) returned 0 [0118.867] SetEvent (hEvent=0x30c) returned 1 [0118.867] SetEvent (hEvent=0x29c) returned 1 [0118.867] SetEvent (hEvent=0x13c) returned 1 [0118.867] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe18*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0118.882] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0118.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\BBC02Gr[2].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\bbc02gr[2].jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x230 [0118.883] GetConsoleMode (in: hConsoleHandle=0x230, lpMode=0xc000241cf4 | out: lpMode=0xc000241cf4) returned 0 [0118.884] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0118.988] SetEvent (hEvent=0x144) returned 1 [0118.988] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0118.989] SetEvent (hEvent=0x144) returned 1 [0118.989] SetEvent (hEvent=0x274) returned 1 [0118.989] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0119.000] GetFileType (hFile=0x308) returned 0x1 [0119.000] WriteFile (in: hFile=0x308, lpBuffer=0xc00004c000*, nNumberOfBytesToWrite=0x7f80, lpNumberOfBytesWritten=0xc0001c9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesWritten=0xc0001c9cec*=0x7f80, lpOverlapped=0x0) returned 1 [0119.002] CloseHandle (hObject=0x308) returned 1 [0119.005] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0401 | out: pbBuffer=0xc0002f0401) returned 1 [0119.005] VirtualAlloc (lpAddress=0xc0000d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000d8000 [0119.005] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0119.005] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0119.006] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0119.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d4 [0119.006] GetConsoleMode (in: hConsoleHandle=0x3d4, lpMode=0xc0001c9d64 | out: lpMode=0xc0001c9d64) returned 0 [0119.009] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0119.076] GetFileType (hFile=0x3d4) returned 0x1 [0119.076] WriteFile (in: hFile=0x3d4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0001c9d4c*=0x158, lpOverlapped=0x0) returned 1 [0119.076] CloseHandle (hObject=0x3d4) returned 1 [0119.078] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0119.079] VirtualAlloc (lpAddress=0xc0001de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001de000 [0119.079] VirtualAlloc (lpAddress=0xc0001e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001e4000 [0119.080] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Low\\Content.IE5\\YG1R61Z8\\encry-0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\low\\content.ie5\\yg1r61z8\\encry-0ff92924-f857-491e-a2ee-c0fe20f0d064[1].jpg"), dwFlags=0x1) returned 1 [0119.282] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f698, ulCount=0x10, ulNumEntriesRemoved=0x2e89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f698, ulNumEntriesRemoved=0x2e89f66c) returned 0 [0119.282] SetEvent (hEvent=0x1e8) returned 1 [0119.282] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0119.284] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe08*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0119.285] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0119.285] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f6a0, ulNumEntriesRemoved=0x2e89f674) returned 0 [0119.286] SetEvent (hEvent=0x1e8) returned 1 [0119.286] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe18*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.289] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe30*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0119.290] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0119.290] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f698, ulCount=0x10, ulNumEntriesRemoved=0x2e89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f698, ulNumEntriesRemoved=0x2e89f66c) returned 0 [0119.290] SetEvent (hEvent=0xc0) returned 1 [0119.290] SetEvent (hEvent=0x188) returned 1 [0119.290] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0119.291] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe08*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.293] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe08*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.293] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f6a0, ulNumEntriesRemoved=0x2e89f674) returned 0 [0119.293] SetEvent (hEvent=0x1e8) returned 1 [0119.294] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe18*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.392] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe30*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.393] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f698, ulCount=0x10, ulNumEntriesRemoved=0x2e89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f698, ulNumEntriesRemoved=0x2e89f66c) returned 0 [0119.393] SetEvent (hEvent=0xc0) returned 1 [0119.393] SetEvent (hEvent=0x264) returned 1 [0119.393] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe08*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0119.394] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0119.394] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f6a0, ulNumEntriesRemoved=0x2e89f674) returned 0 [0119.394] SetEvent (hEvent=0x264) returned 1 [0119.394] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe18*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.491] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe30*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.492] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f698, ulCount=0x10, ulNumEntriesRemoved=0x2e89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f698, ulNumEntriesRemoved=0x2e89f66c) returned 0 [0119.506] SetEvent (hEvent=0xc0) returned 1 [0119.506] SetEvent (hEvent=0x29c) returned 1 [0119.507] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe08*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.508] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f6a0, ulNumEntriesRemoved=0x2e89f674) returned 0 [0119.508] SetEvent (hEvent=0x29c) returned 1 [0119.508] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe18*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0119.511] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0141.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\98_inOjtBT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\98_inojtbt.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1ec [0141.500] GetConsoleMode (in: hConsoleHandle=0x1ec, lpMode=0xc0002dbcf4 | out: lpMode=0xc0002dbcf4) returned 0 [0141.501] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0141.611] GetFileType (hFile=0x1ec) returned 0x1 [0141.611] GetFileType (hFile=0x1ec) returned 0x1 [0141.611] GetFileInformationByHandle (in: hFile=0x1ec, lpFileInformation=0xc0002dbd44 | out: lpFileInformation=0xc0002dbd44) returned 1 [0141.611] GetFileInformationByHandleEx (in: hFile=0x1ec, FileInformationClass=0x9, lpFileInformation=0xc0002dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002dbd28) returned 1 [0141.612] ReadFile (in: hFile=0x1ec, lpBuffer=0xc000072580, nNumberOfBytesToRead=0x50c, lpNumberOfBytesRead=0xc0002dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000072580*, lpNumberOfBytesRead=0xc0002dbc04*=0x30c, lpOverlapped=0x0) returned 1 [0142.562] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0143.418] SetEvent (hEvent=0xc0) returned 1 [0143.418] SetEvent (hEvent=0x9f8) returned 1 [0143.418] ReadFile (in: hFile=0x1ec, lpBuffer=0xc00007288c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007288c*, lpNumberOfBytesRead=0xc0002dbc04*=0x0, lpOverlapped=0x0) returned 1 [0143.418] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0144.089] SetEvent (hEvent=0xc0) returned 1 [0144.089] CloseHandle (hObject=0x1ec) returned 1 [0144.089] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0144.908] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\98_inOjtBT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\98_inojtbt.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x880 [0145.287] GetConsoleMode (in: hConsoleHandle=0x880, lpMode=0xc0002dbd04 | out: lpMode=0xc0002dbd04) returned 0 [0145.315] GetFileType (hFile=0x880) returned 0x1 [0145.315] WriteFile (in: hFile=0x880, lpBuffer=0xc0000eaa80*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xc0002dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000eaa80*, lpNumberOfBytesWritten=0xc0002dbcec*=0x310, lpOverlapped=0x0) returned 1 [0145.317] CloseHandle (hObject=0x880) returned 1 [0145.321] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0145.641] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0145.641] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\98_inOjtBT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\98_inojtbt.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0145.641] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0002dbd64 | out: lpMode=0xc0002dbd64) returned 0 [0145.650] GetFileType (hFile=0x6a4) returned 0x1 [0145.650] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000290f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290f20*, lpNumberOfBytesWritten=0xc0002dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.650] CloseHandle (hObject=0x6a4) returned 1 [0145.674] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\98_inOjtBT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\98_inojtbt.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-98_inOjtBT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-98_inojtbt.lnk"), dwFlags=0x1) returned 1 [0148.132] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe30*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.133] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f698, ulCount=0x10, ulNumEntriesRemoved=0x2e89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f698, ulNumEntriesRemoved=0x2e89f66c) returned 0 [0148.133] SetEvent (hEvent=0xc0) returned 1 [0148.133] SetEvent (hEvent=0x9f0) returned 1 [0148.135] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe08*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.136] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe08*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.138] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe30*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.138] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f6a0, ulNumEntriesRemoved=0x2e89f674) returned 0 [0148.138] SetEvent (hEvent=0x9f0) returned 1 [0148.138] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe18*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.139] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe30*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.141] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f698, ulCount=0x10, ulNumEntriesRemoved=0x2e89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f698, ulNumEntriesRemoved=0x2e89f66c) returned 0 [0148.141] SetEvent (hEvent=0xae0) returned 1 [0148.141] SetEvent (hEvent=0xab8) returned 1 [0148.142] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe08*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.145] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe08*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.146] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe30*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.147] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f6a0, ulNumEntriesRemoved=0x2e89f674) returned 0 [0148.147] SetEvent (hEvent=0xab8) returned 1 [0148.147] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe18*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.149] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe30*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.150] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f698, ulCount=0x10, ulNumEntriesRemoved=0x2e89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f698, ulNumEntriesRemoved=0x2e89f66c) returned 0 [0148.150] SetEvent (hEvent=0xac8) returned 1 [0148.150] SetEvent (hEvent=0x43c) returned 1 [0148.152] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe08*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.154] SetEvent (hEvent=0x43c) returned 1 [0148.155] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe08*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.157] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe30*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.158] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f6a0, ulNumEntriesRemoved=0x2e89f674) returned 0 [0148.158] SetEvent (hEvent=0x1b4) returned 1 [0148.158] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe18*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.158] VirtualFree (lpAddress=0xc0002ca000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0148.160] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe30*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.160] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f698, ulCount=0x10, ulNumEntriesRemoved=0x2e89f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f698, ulNumEntriesRemoved=0x2e89f66c) returned 0 [0148.160] SetEvent (hEvent=0xac8) returned 1 [0148.160] SetEvent (hEvent=0x43c) returned 1 [0148.160] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0148.164] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe08*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.167] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe08*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0148.169] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0148.169] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe30*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.170] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2e89f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2e89f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2e89f6a0, ulNumEntriesRemoved=0x2e89f674) returned 0 [0148.170] SetEvent (hEvent=0xc0) returned 1 [0148.170] SetEvent (hEvent=0x43c) returned 1 [0148.170] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2e89fe18*=0x28c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0148.172] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0148.172] VirtualFree (lpAddress=0xc0002ca000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0148.173] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0148.189] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0148.224] SetEvent (hEvent=0x43c) returned 1 [0148.224] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0148.225] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00019a000*, nNumberOfCharsToWrite=0x78, lpNumberOfCharsWritten=0xc00017b808, lpReserved=0x0 | out: lpBuffer=0xc00019a000*, lpNumberOfCharsWritten=0xc00017b808*=0x78) returned 1 [0148.227] SetEvent (hEvent=0x43c) returned 1 [0148.227] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0148.227] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0148.228] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0148.229] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0148.230] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0148.231] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0148.232] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0148.233] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0148.234] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x70c [0148.234] GetConsoleMode (in: hConsoleHandle=0x70c, lpMode=0xc00017bd64 | out: lpMode=0xc00017bd64) returned 0 [0148.237] GetFileType (hFile=0x70c) returned 0x1 [0148.237] WriteFile (in: hFile=0x70c, lpBuffer=0xc00007e2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00017bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e2c0*, lpNumberOfBytesWritten=0xc00017bd4c*=0x158, lpOverlapped=0x0) returned 1 [0149.235] CloseHandle (hObject=0x70c) returned 1 [0149.373] VirtualAlloc (lpAddress=0xc00033c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033c000 [0149.375] VirtualAlloc (lpAddress=0xc000340000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000340000 [0149.376] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0150.857] SwitchToThread () returned 1 [0150.956] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0151.019] SetEvent (hEvent=0xb50) returned 1 [0151.019] SetEvent (hEvent=0xae0) returned 1 [0151.019] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.019] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0151.020] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0xc0001419f8 | out: lpFindFileData=0xc0001419f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0151.020] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000141720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0151.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x668 [0151.022] GetConsoleMode (in: hConsoleHandle=0x668, lpMode=0xc000493cf4 | out: lpMode=0xc000493cf4) returned 0 [0151.035] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0151.255] SetEvent (hEvent=0xb50) returned 1 [0151.255] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0151.258] SetEvent (hEvent=0xb50) returned 1 [0151.258] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x454 [0151.258] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0xc000491cf4 | out: lpMode=0xc000491cf4) returned 0 [0151.271] GetFileType (hFile=0x454) returned 0x1 [0151.271] GetFileType (hFile=0x454) returned 0x1 [0151.271] GetFileInformationByHandle (in: hFile=0x454, lpFileInformation=0xc000491d44 | out: lpFileInformation=0xc000491d44) returned 1 [0151.271] GetFileInformationByHandleEx (in: hFile=0x454, FileInformationClass=0x9, lpFileInformation=0xc000491d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000491d28) returned 1 [0151.271] ReadFile (in: hFile=0x454, lpBuffer=0xc0000fa000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000491c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesRead=0xc000491c04*=0x0, lpOverlapped=0x0) returned 1 [0151.271] CloseHandle (hObject=0x454) returned 1 [0151.271] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454 [0151.272] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0xc000491d04 | out: lpMode=0xc000491d04) returned 0 [0151.281] GetFileType (hFile=0x454) returned 0x1 [0151.281] WriteFile (in: hFile=0x454, lpBuffer=0xc0000101b0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000491cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000101b0*, lpNumberOfBytesWritten=0xc000491cec*=0x10, lpOverlapped=0x0) returned 1 [0151.283] CloseHandle (hObject=0x454) returned 1 [0151.283] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0151.283] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454 [0151.283] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0xc000491d64 | out: lpMode=0xc000491d64) returned 0 [0151.294] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0151.635] GetFileType (hFile=0x454) returned 0x1 [0151.635] WriteFile (in: hFile=0x454, lpBuffer=0xc0001046e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000491d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001046e0*, lpNumberOfBytesWritten=0xc000491d4c*=0x158, lpOverlapped=0x0) returned 1 [0151.636] CloseHandle (hObject=0x454) returned 1 [0151.636] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\favorites.vss"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\encry-Favorites.vss" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\encry-favorites.vss"), dwFlags=0x1) returned 1 [0151.645] SetEvent (hEvent=0xb50) returned 1 [0151.646] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0151.660] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010170*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00040b818, lpReserved=0x0 | out: lpBuffer=0xc000010170*, lpNumberOfCharsWritten=0xc00040b818*=0x3) returned 1 [0151.669] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010176*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00041f818, lpReserved=0x0 | out: lpBuffer=0xc000010176*, lpNumberOfCharsWritten=0xc00041f818*=0x3) returned 1 [0151.670] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0152.172] SetEvent (hEvent=0x1f8) returned 1 [0152.172] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0161.416] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0161.417] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\MMjUHDiGq7OE.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\mmjuhdigq7oe.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x374 [0161.988] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc00034bcf4 | out: lpMode=0xc00034bcf4) returned 0 [0162.159] GetFileType (hFile=0x374) returned 0x1 [0162.160] GetFileType (hFile=0x374) returned 0x1 [0162.160] GetFileInformationByHandle (in: hFile=0x374, lpFileInformation=0xc00034bd44 | out: lpFileInformation=0xc00034bd44) returned 1 [0162.160] GetFileInformationByHandleEx (in: hFile=0x374, FileInformationClass=0x9, lpFileInformation=0xc00034bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00034bd28) returned 1 [0162.160] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0162.161] VirtualAlloc (lpAddress=0xc00056c000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00056c000 [0162.166] ReadFile (in: hFile=0x374, lpBuffer=0xc00056c000, nNumberOfBytesToRead=0x140c4, lpNumberOfBytesRead=0xc00034bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00056c000*, lpNumberOfBytesRead=0xc00034bc04*=0x13ec4, lpOverlapped=0x0) returned 1 [0162.168] ReadFile (in: hFile=0x374, lpBuffer=0xc00057fec4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00034bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00057fec4*, lpNumberOfBytesRead=0xc00034bc04*=0x0, lpOverlapped=0x0) returned 1 [0162.169] CloseHandle (hObject=0x374) returned 1 [0162.169] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0162.173] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0162.174] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\MMjUHDiGq7OE.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\mmjuhdigq7oe.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x374 [0162.176] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc00034bd04 | out: lpMode=0xc00034bd04) returned 0 [0162.416] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0162.586] SetEvent (hEvent=0x990) returned 1 [0162.587] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) returned 0x0 [0163.657] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0280*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002cf818, lpReserved=0x0 | out: lpBuffer=0xc0000a0280*, lpNumberOfCharsWritten=0xc0002cf818*=0x3) returned 1 [0163.657] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0286*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002af818, lpReserved=0x0 | out: lpBuffer=0xc0000a0286*, lpNumberOfCharsWritten=0xc0002af818*=0x3) returned 1 [0163.658] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0290*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002ad818, lpReserved=0x0 | out: lpBuffer=0xc0000a0290*, lpNumberOfCharsWritten=0xc0002ad818*=0x3) returned 1 [0163.659] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0296*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002a5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0296*, lpNumberOfCharsWritten=0xc0002a5818*=0x3) returned 1 [0163.660] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000481818, lpReserved=0x0 | out: lpBuffer=0xc0000a02a0*, lpNumberOfCharsWritten=0xc000481818*=0x3) returned 1 [0163.660] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02a6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000115818, lpReserved=0x0 | out: lpBuffer=0xc0000a02a6*, lpNumberOfCharsWritten=0xc000115818*=0x3) returned 1 [0163.661] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000141818, lpReserved=0x0 | out: lpBuffer=0xc0000a02b0*, lpNumberOfCharsWritten=0xc000141818*=0x3) returned 1 [0163.662] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0163.663] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02b6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015f818, lpReserved=0x0 | out: lpBuffer=0xc0000a02b6*, lpNumberOfCharsWritten=0xc00015f818*=0x3) returned 1 [0163.664] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0003a7818, lpReserved=0x0 | out: lpBuffer=0xc0000a02c0*, lpNumberOfCharsWritten=0xc0003a7818*=0x3) returned 1 [0163.664] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a02c6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000453818, lpReserved=0x0 | out: lpBuffer=0xc0000a02c6*, lpNumberOfCharsWritten=0xc000453818*=0x3) returned 1 [0163.665] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0163.666] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00016c000*, nNumberOfCharsToWrite=0xd1, lpNumberOfCharsWritten=0xc0002f7808, lpReserved=0x0 | out: lpBuffer=0xc00016c000*, lpNumberOfCharsWritten=0xc0002f7808*=0xd1) returned 1 [0163.667] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001100c0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0002f7808, lpReserved=0x0 | out: lpBuffer=0xc0001100c0*, lpNumberOfCharsWritten=0xc0002f7808*=0x11) returned 1 [0163.668] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001100f0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0002f7808, lpReserved=0x0 | out: lpBuffer=0xc0001100f0*, lpNumberOfCharsWritten=0xc0002f7808*=0x11) returned 1 [0163.668] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwFlags=0x1) returned 0 [0166.391] VirtualAlloc (lpAddress=0xc00030c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030c000 [0166.392] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0002f76e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0166.392] WaitForSingleObject (hHandle=0x28c, dwMilliseconds=0xffffffff) Thread: id = 64 os_tid = 0xa8c [0141.566] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2ed3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2ed3fea0*=0x410) returned 1 [0141.567] VirtualQuery (in: lpAddress=0x2ed3fec0, lpBuffer=0x2ed3fec0, dwLength=0x30 | out: lpBuffer=0x2ed3fec0*(BaseAddress=0x2ed3f000, AllocationBase=0x2eb40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.567] SetEvent (hEvent=0x274) returned 1 [0141.567] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x414 [0141.567] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x418 [0141.567] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0141.570] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ODSPCiJy6FPPAz71hM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\odspcijy6fppaz71hm.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x408 [0141.571] GetConsoleMode (in: hConsoleHandle=0x408, lpMode=0xc0003c1cf4 | out: lpMode=0xc0003c1cf4) returned 0 [0141.574] GetFileType (hFile=0x408) returned 0x1 [0141.574] GetFileType (hFile=0x408) returned 0x1 [0141.574] GetFileInformationByHandle (in: hFile=0x408, lpFileInformation=0xc0003c1d44 | out: lpFileInformation=0xc0003c1d44) returned 1 [0141.574] GetFileInformationByHandleEx (in: hFile=0x408, FileInformationClass=0x9, lpFileInformation=0xc0003c1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003c1d28) returned 1 [0141.574] ReadFile (in: hFile=0x408, lpBuffer=0xc000262e00, nNumberOfBytesToRead=0x61a, lpNumberOfBytesRead=0xc0003c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000262e00*, lpNumberOfBytesRead=0xc0003c1c04*=0x41a, lpOverlapped=0x0) returned 1 [0142.540] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.260] ReadFile (in: hFile=0x408, lpBuffer=0xc00026321a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00026321a*, lpNumberOfBytesRead=0xc0003c1c04*=0x0, lpOverlapped=0x0) returned 1 [0143.260] CloseHandle (hObject=0x408) returned 1 [0143.260] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ODSPCiJy6FPPAz71hM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\odspcijy6fppaz71hm.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0143.261] GetConsoleMode (in: hConsoleHandle=0x408, lpMode=0xc0003c1d04 | out: lpMode=0xc0003c1d04) returned 0 [0143.266] GetFileType (hFile=0x408) returned 0x1 [0143.266] WriteFile (in: hFile=0x408, lpBuffer=0xc000198480*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0xc0003c1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000198480*, lpNumberOfBytesWritten=0xc0003c1cec*=0x420, lpOverlapped=0x0) returned 1 [0143.267] CloseHandle (hObject=0x408) returned 1 [0143.268] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0143.268] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ODSPCiJy6FPPAz71hM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\odspcijy6fppaz71hm.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x408 [0143.268] GetConsoleMode (in: hConsoleHandle=0x408, lpMode=0xc0003c1d64 | out: lpMode=0xc0003c1d64) returned 0 [0143.284] GetFileType (hFile=0x408) returned 0x1 [0143.284] WriteFile (in: hFile=0x408, lpBuffer=0xc000614420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003c1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614420*, lpNumberOfBytesWritten=0xc0003c1d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.284] CloseHandle (hObject=0x408) returned 1 [0143.284] VirtualAlloc (lpAddress=0xc00073c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00073c000 [0143.286] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ODSPCiJy6FPPAz71hM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\odspcijy6fppaz71hm.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-ODSPCiJy6FPPAz71hM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-odspcijy6fppaz71hm.lnk"), dwFlags=0x1) returned 1 [0143.288] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ed3f698, ulCount=0x10, ulNumEntriesRemoved=0x2ed3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ed3f698, ulNumEntriesRemoved=0x2ed3f66c) returned 0 [0143.288] SetEvent (hEvent=0xaa0) returned 1 [0143.288] SetEvent (hEvent=0x8f0) returned 1 [0143.288] SetEvent (hEvent=0xaa8) returned 1 [0143.290] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ed3fe08*=0x414, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.292] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.292] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ed3fe08*=0x414, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.299] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.300] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ed3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ed3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ed3f6a0, ulNumEntriesRemoved=0x2ed3f674) returned 0 [0143.300] SetEvent (hEvent=0xaa0) returned 1 [0143.300] SetEvent (hEvent=0x8f0) returned 1 [0143.300] SetEvent (hEvent=0xaa8) returned 1 [0143.300] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ed3fe18*=0x414, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.301] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.301] SetEvent (hEvent=0x2f4) returned 1 [0143.301] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.327] SetEvent (hEvent=0xac0) returned 1 [0143.327] SetEvent (hEvent=0x918) returned 1 [0143.327] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.342] SetEvent (hEvent=0xac0) returned 1 [0143.342] SetEvent (hEvent=0x920) returned 1 [0143.342] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.377] SetEvent (hEvent=0xad0) returned 1 [0143.377] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.390] SetEvent (hEvent=0xb78) returned 1 [0143.390] SetEvent (hEvent=0xb80) returned 1 [0143.390] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.396] SetEvent (hEvent=0xb78) returned 1 [0143.396] SetEvent (hEvent=0x930) returned 1 [0143.396] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.421] SetEvent (hEvent=0xae0) returned 1 [0143.421] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.432] SetEvent (hEvent=0x9f8) returned 1 [0143.432] SetEvent (hEvent=0xae8) returned 1 [0143.432] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.440] SetEvent (hEvent=0x9f8) returned 1 [0143.440] SetEvent (hEvent=0x940) returned 1 [0143.440] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.463] SetEvent (hEvent=0xaf8) returned 1 [0143.463] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.473] SetEvent (hEvent=0x9f8) returned 1 [0143.473] SetEvent (hEvent=0xb00) returned 1 [0143.473] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.492] SetEvent (hEvent=0xb08) returned 1 [0143.492] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.527] SetEvent (hEvent=0x120) returned 1 [0143.527] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.531] SetEvent (hEvent=0x120) returned 1 [0143.531] SetEvent (hEvent=0x958) returned 1 [0143.531] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.541] SetEvent (hEvent=0xbb0) returned 1 [0143.541] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.551] SetEvent (hEvent=0xb20) returned 1 [0143.551] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.580] SetEvent (hEvent=0x970) returned 1 [0143.580] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.587] SetEvent (hEvent=0xbc8) returned 1 [0143.587] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.601] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.607] SetEvent (hEvent=0xa10) returned 1 [0143.607] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.614] SetEvent (hEvent=0x970) returned 1 [0143.614] SetEvent (hEvent=0xa18) returned 1 [0143.614] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.619] SetEvent (hEvent=0x970) returned 1 [0143.619] SetEvent (hEvent=0xb40) returned 1 [0143.619] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.641] SetEvent (hEvent=0xb48) returned 1 [0143.641] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) returned 0x0 [0143.648] SetEvent (hEvent=0xb50) returned 1 [0143.648] WaitForSingleObject (hHandle=0x414, dwMilliseconds=0xffffffff) Thread: id = 65 os_tid = 0xabc [0141.573] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2ef3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2ef3fea0*=0x420) returned 1 [0141.573] VirtualQuery (in: lpAddress=0x2ef3fec0, lpBuffer=0x2ef3fec0, dwLength=0x30 | out: lpBuffer=0x2ef3fec0*(BaseAddress=0x2ef3f000, AllocationBase=0x2ed40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.573] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x424 [0141.574] GetConsoleMode (in: hConsoleHandle=0x424, lpMode=0xc0000f5cf4 | out: lpMode=0xc0000f5cf4) returned 0 [0141.575] GetFileType (hFile=0x424) returned 0x1 [0141.575] GetFileType (hFile=0x424) returned 0x1 [0141.575] GetFileInformationByHandle (in: hFile=0x424, lpFileInformation=0xc0000f5d44 | out: lpFileInformation=0xc0000f5d44) returned 1 [0141.575] GetFileInformationByHandleEx (in: hFile=0x424, FileInformationClass=0x9, lpFileInformation=0xc0000f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f5d28) returned 1 [0141.575] VirtualAlloc (lpAddress=0xc000326000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000326000 [0141.576] ReadFile (in: hFile=0x424, lpBuffer=0xc000326000, nNumberOfBytesToRead=0x2d7, lpNumberOfBytesRead=0xc0000f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000326000*, lpNumberOfBytesRead=0xc0000f5c04*=0xd7, lpOverlapped=0x0) returned 1 [0142.541] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2f4 [0142.541] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3cc [0142.541] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) returned 0x0 [0143.308] ReadFile (in: hFile=0x424, lpBuffer=0xc0003260d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003260d7*, lpNumberOfBytesRead=0xc0000f5c04*=0x0, lpOverlapped=0x0) returned 1 [0143.308] CloseHandle (hObject=0x424) returned 1 [0143.308] VirtualAlloc (lpAddress=0xc00073e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00073e000 [0143.310] VirtualAlloc (lpAddress=0xc000740000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000740000 [0143.311] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x424 [0143.312] GetConsoleMode (in: hConsoleHandle=0x424, lpMode=0xc0000f5d04 | out: lpMode=0xc0000f5d04) returned 0 [0143.326] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) returned 0x0 [0144.240] SetEvent (hEvent=0xc0) returned 1 [0144.240] GetFileType (hFile=0x424) returned 0x1 [0144.240] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) returned 0x0 [0144.588] SetEvent (hEvent=0xc6c) returned 1 [0144.588] WriteFile (in: hFile=0x424, lpBuffer=0xc0000601c0*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0xc0000f5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000601c0*, lpNumberOfBytesWritten=0xc0000f5cec*=0xe0, lpOverlapped=0x0) returned 1 [0144.589] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) returned 0x0 [0145.349] CloseHandle (hObject=0x424) returned 1 [0145.350] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0145.350] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0145.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x424 [0145.351] GetConsoleMode (in: hConsoleHandle=0x424, lpMode=0xc0000f5d64 | out: lpMode=0xc0000f5d64) returned 0 [0145.366] GetFileType (hFile=0x424) returned 0x1 [0145.366] WriteFile (in: hFile=0x424, lpBuffer=0xc000290580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290580*, lpNumberOfBytesWritten=0xc0000f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.367] CloseHandle (hObject=0x424) returned 1 [0145.367] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.bing[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@www.bing[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@www.bing[2].txt"), dwFlags=0x1) returned 1 [0145.369] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ef3fe30*=0x2f4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.370] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ef3f698, ulCount=0x10, ulNumEntriesRemoved=0x2ef3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ef3f698, ulNumEntriesRemoved=0x2ef3f66c) returned 0 [0145.370] SetEvent (hEvent=0xc0) returned 1 [0145.370] SetEvent (hEvent=0x1c4) returned 1 [0145.370] SetEvent (hEvent=0xa78) returned 1 [0145.370] SetEvent (hEvent=0xb20) returned 1 [0145.372] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ef3fe08*=0x2f4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0145.374] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) returned 0x0 [0145.374] SetEvent (hEvent=0xb20) returned 1 [0145.374] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ef3fe08*=0x2f4, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0145.378] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) returned 0x0 [0145.378] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ef3fe30*=0x2f4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.381] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ef3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ef3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ef3f6a0, ulNumEntriesRemoved=0x2ef3f674) returned 0 [0145.381] SetEvent (hEvent=0x1c4) returned 1 [0145.381] SetEvent (hEvent=0xa78) returned 1 [0145.381] SetEvent (hEvent=0xb20) returned 1 [0145.381] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ef3fe18*=0x2f4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.401] GetFileType (hFile=0xc7c) returned 0x1 [0145.401] WriteFile (in: hFile=0xc7c, lpBuffer=0xc00047ce70*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0xc000189cec, lpOverlapped=0x0 | out: lpBuffer=0xc00047ce70*, lpNumberOfBytesWritten=0xc000189cec*=0xb0, lpOverlapped=0x0) returned 1 [0145.403] CloseHandle (hObject=0xc7c) returned 1 [0145.403] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0145.403] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc7c [0145.404] GetConsoleMode (in: hConsoleHandle=0xc7c, lpMode=0xc000189d64 | out: lpMode=0xc000189d64) returned 0 [0145.407] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) returned 0x0 [0145.950] GetFileType (hFile=0xc7c) returned 0x1 [0145.950] WriteFile (in: hFile=0xc7c, lpBuffer=0xc000614420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000189d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614420*, lpNumberOfBytesWritten=0xc000189d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.950] CloseHandle (hObject=0xc7c) returned 1 [0145.950] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@www.linkedin[1].txt"), dwFlags=0x1) returned 1 [0145.952] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ef3fe30*=0x2f4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.953] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ef3f698, ulCount=0x10, ulNumEntriesRemoved=0x2ef3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ef3f698, ulNumEntriesRemoved=0x2ef3f66c) returned 0 [0145.953] SetEvent (hEvent=0xc0) returned 1 [0145.953] SetEvent (hEvent=0x948) returned 1 [0145.953] SetEvent (hEvent=0xc80) returned 1 [0145.953] SetEvent (hEvent=0xbd8) returned 1 [0145.955] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ef3fe08*=0x2f4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.974] SetEvent (hEvent=0x948) returned 1 [0145.974] SetEvent (hEvent=0xbe0) returned 1 [0145.974] SetEvent (hEvent=0x324) returned 1 [0145.974] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ef3fe08*=0x2f4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.988] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ef3fe30*=0x2f4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.990] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2ef3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2ef3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2ef3f6a0, ulNumEntriesRemoved=0x2ef3f674) returned 0 [0145.990] SetEvent (hEvent=0xc0) returned 1 [0145.990] SetEvent (hEvent=0xc4c) returned 1 [0145.990] SetEvent (hEvent=0x320) returned 1 [0145.990] SetEvent (hEvent=0x968) returned 1 [0145.990] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2ef3fe18*=0x2f4, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.006] GetFileType (hFile=0x63c) returned 0x1 [0146.006] WriteFile (in: hFile=0x63c, lpBuffer=0xc0006ce000*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xc00041fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0006ce000*, lpNumberOfBytesWritten=0xc00041fcec*=0x270, lpOverlapped=0x0) returned 1 [0146.008] CloseHandle (hObject=0x63c) returned 1 [0146.011] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) returned 0x0 [0146.170] SetEvent (hEvent=0xa80) returned 1 [0146.170] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533801 | out: pbBuffer=0xc000533801) returned 1 [0146.170] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XT0rtZ_l-eS-ZJIBw.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xt0rtz_l-es-zjibw.flv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x584 [0146.171] GetConsoleMode (in: hConsoleHandle=0x584, lpMode=0xc00041fd64 | out: lpMode=0xc00041fd64) returned 0 [0146.172] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) returned 0x0 [0146.286] GetFileType (hFile=0x584) returned 0x1 [0146.286] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0146.287] WriteFile (in: hFile=0x584, lpBuffer=0xc00027e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00041fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00027e000*, lpNumberOfBytesWritten=0xc00041fd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.287] CloseHandle (hObject=0x584) returned 1 [0146.293] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) returned 0x0 [0146.340] SetEvent (hEvent=0xc24) returned 1 [0146.340] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) returned 0x0 [0146.342] SetEvent (hEvent=0xbd8) returned 1 [0146.342] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) returned 0x0 [0146.609] SetEvent (hEvent=0x3c4) returned 1 [0146.609] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) returned 0x0 [0146.641] SetEvent (hEvent=0x448) returned 1 [0146.641] SetEvent (hEvent=0xc24) returned 1 [0146.641] SetEvent (hEvent=0xc80) returned 1 [0146.641] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) returned 0x0 [0146.655] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nmnOXj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nmnoxj.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-nmnOXj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-nmnoxj.lnk"), dwFlags=0x1) returned 1 [0150.660] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) returned 0x0 [0161.764] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000040120*, nNumberOfCharsToWrite=0x41, lpNumberOfCharsWritten=0xc0003ab808, lpReserved=0x0 | out: lpBuffer=0xc000040120*, lpNumberOfCharsWritten=0xc0003ab808*=0x41) returned 1 [0161.765] VirtualAlloc (lpAddress=0xc00031c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031c000 [0161.766] VirtualAlloc (lpAddress=0xc00031e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031e000 [0161.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.053] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*", lpFindFileData=0xc0003aba08 | out: lpFindFileData=0xc0003aba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.053] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0003ab720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.053] WaitForSingleObject (hHandle=0x2f4, dwMilliseconds=0xffffffff) Thread: id = 66 os_tid = 0xac4 [0141.579] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2f13fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2f13fea0*=0x428) returned 1 [0141.579] VirtualQuery (in: lpAddress=0x2f13fec0, lpBuffer=0x2f13fec0, dwLength=0x30 | out: lpBuffer=0x2f13fec0*(BaseAddress=0x2f13f000, AllocationBase=0x2ef40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.579] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x42c [0141.580] GetConsoleMode (in: hConsoleHandle=0x42c, lpMode=0xc00038dcf4 | out: lpMode=0xc00038dcf4) returned 0 [0141.581] GetFileType (hFile=0x42c) returned 0x1 [0141.581] GetFileType (hFile=0x42c) returned 0x1 [0141.581] GetFileInformationByHandle (in: hFile=0x42c, lpFileInformation=0xc00038dd44 | out: lpFileInformation=0xc00038dd44) returned 1 [0141.582] GetFileInformationByHandleEx (in: hFile=0x42c, FileInformationClass=0x9, lpFileInformation=0xc00038dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00038dd28) returned 1 [0141.582] VirtualAlloc (lpAddress=0xc0004f6000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004f6000 [0141.584] ReadFile (in: hFile=0x42c, lpBuffer=0xc0004f6000, nNumberOfBytesToRead=0x2168, lpNumberOfBytesRead=0xc00038dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004f6000*, lpNumberOfBytesRead=0xc00038dc04*=0x1f68, lpOverlapped=0x0) returned 1 [0142.657] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d0 [0142.657] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d4 [0142.657] WaitForSingleObject (hHandle=0x9d0, dwMilliseconds=0xffffffff) returned 0x0 [0143.258] SetEvent (hEvent=0xc0) returned 1 [0143.258] SetEvent (hEvent=0xaa8) returned 1 [0143.258] ReadFile (in: hFile=0x42c, lpBuffer=0xc0004f7f68, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00038dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004f7f68*, lpNumberOfBytesRead=0xc00038dc04*=0x0, lpOverlapped=0x0) returned 1 [0143.258] WaitForSingleObject (hHandle=0x9d0, dwMilliseconds=0xffffffff) returned 0x0 [0144.127] CloseHandle (hObject=0x42c) returned 1 [0144.127] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0144.129] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\d93f411851d7c929.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\d93f411851d7c929.customdestinations-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x42c [0144.130] GetConsoleMode (in: hConsoleHandle=0x42c, lpMode=0xc00038dd04 | out: lpMode=0xc00038dd04) returned 0 [0144.139] WaitForSingleObject (hHandle=0x9d0, dwMilliseconds=0xffffffff) returned 0x0 [0144.582] SetEvent (hEvent=0x324) returned 1 [0144.582] WaitForSingleObject (hHandle=0x9d0, dwMilliseconds=0xffffffff) returned 0x0 [0144.583] SetEvent (hEvent=0xae8) returned 1 [0144.583] WaitForSingleObject (hHandle=0x9d0, dwMilliseconds=0xffffffff) Thread: id = 67 os_tid = 0xacc [0141.585] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2f33fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2f33fea0*=0x41c) returned 1 [0141.585] VirtualQuery (in: lpAddress=0x2f33fec0, lpBuffer=0x2f33fec0, dwLength=0x30 | out: lpBuffer=0x2f33fec0*(BaseAddress=0x2f33f000, AllocationBase=0x2f140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.586] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\X cLPSc5bC0q.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x clpsc5bc0q.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x430 [0141.587] GetConsoleMode (in: hConsoleHandle=0x430, lpMode=0xc000417cf4 | out: lpMode=0xc000417cf4) returned 0 [0141.588] GetFileType (hFile=0x430) returned 0x1 [0141.588] GetFileType (hFile=0x430) returned 0x1 [0141.588] GetFileInformationByHandle (in: hFile=0x430, lpFileInformation=0xc000417d44 | out: lpFileInformation=0xc000417d44) returned 1 [0141.588] GetFileInformationByHandleEx (in: hFile=0x430, FileInformationClass=0x9, lpFileInformation=0xc000417d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000417d28) returned 1 [0141.588] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0141.596] ReadFile (in: hFile=0x430, lpBuffer=0xc000232000, nNumberOfBytesToRead=0xb79, lpNumberOfBytesRead=0xc000417c04, lpOverlapped=0x0 | out: lpBuffer=0xc000232000*, lpNumberOfBytesRead=0xc000417c04*=0x979, lpOverlapped=0x0) returned 1 [0142.544] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x254 [0142.544] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2d4 [0142.544] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0143.328] ReadFile (in: hFile=0x430, lpBuffer=0xc000232979, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000417c04, lpOverlapped=0x0 | out: lpBuffer=0xc000232979*, lpNumberOfBytesRead=0xc000417c04*=0x0, lpOverlapped=0x0) returned 1 [0143.328] CloseHandle (hObject=0x430) returned 1 [0143.328] VirtualAlloc (lpAddress=0xc000742000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000742000 [0143.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\X cLPSc5bC0q.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x clpsc5bc0q.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x430 [0143.331] GetConsoleMode (in: hConsoleHandle=0x430, lpMode=0xc000417d04 | out: lpMode=0xc000417d04) returned 0 [0143.341] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0143.949] GetFileType (hFile=0x430) returned 0x1 [0143.949] WriteFile (in: hFile=0x430, lpBuffer=0xc000742000*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0xc000417cec, lpOverlapped=0x0 | out: lpBuffer=0xc000742000*, lpNumberOfBytesWritten=0xc000417cec*=0x980, lpOverlapped=0x0) returned 1 [0143.950] CloseHandle (hObject=0x430) returned 1 [0143.952] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0143.952] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\X cLPSc5bC0q.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x clpsc5bc0q.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0143.952] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc000417d64 | out: lpMode=0xc000417d64) returned 0 [0143.957] GetFileType (hFile=0x5c4) returned 0x1 [0143.957] WriteFile (in: hFile=0x5c4, lpBuffer=0xc0006154a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000417d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006154a0*, lpNumberOfBytesWritten=0xc000417d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.958] CloseHandle (hObject=0x5c4) returned 1 [0143.970] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0144.534] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\X cLPSc5bC0q.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x clpsc5bc0q.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-X cLPSc5bC0q.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-x clpsc5bc0q.lnk"), dwFlags=0x1) returned 1 [0144.536] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0144.901] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe30*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.903] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f33f698, ulCount=0x10, ulNumEntriesRemoved=0x2f33f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f33f698, ulNumEntriesRemoved=0x2f33f66c) returned 0 [0144.903] SetEvent (hEvent=0xc0) returned 1 [0144.904] SetEvent (hEvent=0xa78) returned 1 [0144.904] SetEvent (hEvent=0xb10) returned 1 [0144.904] SetEvent (hEvent=0xae0) returned 1 [0144.905] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe08*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.909] SetEvent (hEvent=0xae0) returned 1 [0144.909] SetEvent (hEvent=0xb10) returned 1 [0144.909] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe08*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.914] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe30*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.915] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f33f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f33f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f33f6a0, ulNumEntriesRemoved=0x2f33f674) returned 0 [0144.915] SetEvent (hEvent=0xa78) returned 1 [0144.915] SetEvent (hEvent=0xae0) returned 1 [0144.915] SetEvent (hEvent=0xb10) returned 1 [0144.915] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe18*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.931] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0144.931] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe30*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.932] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f33f698, ulCount=0x10, ulNumEntriesRemoved=0x2f33f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f33f698, ulNumEntriesRemoved=0x2f33f66c) returned 0 [0144.932] SetEvent (hEvent=0xb10) returned 1 [0144.932] SetEvent (hEvent=0xb20) returned 1 [0144.932] SetEvent (hEvent=0x208) returned 1 [0144.933] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe08*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.952] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0144.952] SetEvent (hEvent=0x208) returned 1 [0144.953] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe08*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.958] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0144.958] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f33f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f33f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f33f6a0, ulNumEntriesRemoved=0x2f33f674) returned 0 [0144.958] SetEvent (hEvent=0x8d0) returned 1 [0144.958] SetEvent (hEvent=0xa78) returned 1 [0144.958] SetEvent (hEvent=0xb20) returned 1 [0144.958] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe18*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0145.029] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0145.029] SetEvent (hEvent=0xb68) returned 1 [0145.029] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0145.260] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0145.271] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0145.273] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc00011bcf4 | out: lpMode=0xc00011bcf4) returned 0 [0145.276] GetFileType (hFile=0x6a4) returned 0x1 [0145.276] GetFileType (hFile=0x6a4) returned 0x1 [0145.276] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc00011bd44 | out: lpFileInformation=0xc00011bd44) returned 1 [0145.276] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc00011bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00011bd28) returned 1 [0145.276] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0145.277] ReadFile (in: hFile=0x6a4, lpBuffer=0xc000070000, nNumberOfBytesToRead=0x6d6, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesRead=0xc00011bc04*=0x4d6, lpOverlapped=0x0) returned 1 [0145.288] ReadFile (in: hFile=0x6a4, lpBuffer=0xc0000704d6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000704d6*, lpNumberOfBytesRead=0xc00011bc04*=0x0, lpOverlapped=0x0) returned 1 [0145.288] CloseHandle (hObject=0x6a4) returned 1 [0145.288] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0145.290] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0145.292] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc00011bd04 | out: lpMode=0xc00011bd04) returned 0 [0145.317] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0145.504] GetFileType (hFile=0x6a4) returned 0x1 [0145.504] WriteFile (in: hFile=0x6a4, lpBuffer=0xc0001dc000*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0xc00011bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001dc000*, lpNumberOfBytesWritten=0xc00011bcec*=0x4e0, lpOverlapped=0x0) returned 1 [0145.506] CloseHandle (hObject=0x6a4) returned 1 [0145.506] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0145.506] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0145.506] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc00011bd64 | out: lpMode=0xc00011bd64) returned 0 [0145.513] GetFileType (hFile=0x6a4) returned 0x1 [0145.513] WriteFile (in: hFile=0x6a4, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00011bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc00011bd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.513] CloseHandle (hObject=0x6a4) returned 1 [0145.513] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\encry-Fax Recipient.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\encry-fax recipient.lnk"), dwFlags=0x1) returned 1 [0145.515] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe30*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0145.517] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0145.517] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f33f698, ulCount=0x10, ulNumEntriesRemoved=0x2f33f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f33f698, ulNumEntriesRemoved=0x2f33f66c) returned 0 [0145.517] SetEvent (hEvent=0xc0) returned 1 [0145.518] SetEvent (hEvent=0x114) returned 1 [0145.518] SetEvent (hEvent=0x920) returned 1 [0145.518] SetEvent (hEvent=0xbd0) returned 1 [0145.520] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe08*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.522] SetEvent (hEvent=0x8f8) returned 1 [0145.522] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe08*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.525] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe30*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.525] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f33f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f33f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f33f6a0, ulNumEntriesRemoved=0x2f33f674) returned 0 [0145.526] SetEvent (hEvent=0x920) returned 1 [0145.526] SetEvent (hEvent=0xbd0) returned 1 [0145.526] SetEvent (hEvent=0x8f8) returned 1 [0145.526] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe18*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.528] GetFileType (hFile=0x2b4) returned 0x1 [0145.528] WriteFile (in: hFile=0x2b4, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc00014bd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.528] CloseHandle (hObject=0x2b4) returned 1 [0145.528] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@google[3].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@google[3].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@google[3].txt"), dwFlags=0x1) returned 1 [0145.533] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f33f698, ulCount=0x10, ulNumEntriesRemoved=0x2f33f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f33f698, ulNumEntriesRemoved=0x2f33f66c) returned 0 [0145.534] SetEvent (hEvent=0x920) returned 1 [0145.534] SetEvent (hEvent=0xbd0) returned 1 [0145.534] SetEvent (hEvent=0x8f8) returned 1 [0145.536] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe08*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.549] SetEvent (hEvent=0x8f8) returned 1 [0145.549] SetEvent (hEvent=0xbd0) returned 1 [0145.549] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe08*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.556] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe30*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0145.559] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0145.559] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f33f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f33f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f33f6a0, ulNumEntriesRemoved=0x2f33f674) returned 0 [0145.559] SetEvent (hEvent=0xc0) returned 1 [0145.559] SetEvent (hEvent=0x8f8) returned 1 [0145.559] SetEvent (hEvent=0xc54) returned 1 [0145.559] SetEvent (hEvent=0xbc8) returned 1 [0145.559] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f33fe18*=0x254, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.574] GetFileType (hFile=0x554) returned 0x1 [0145.574] WriteFile (in: hFile=0x554, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003a9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc0003a9d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.575] CloseHandle (hObject=0x554) returned 1 [0145.583] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KwrrYDZuohOISdt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kwrrydzuohoisdt.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-KwrrYDZuohOISdt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-kwrrydzuohoisdt.lnk"), dwFlags=0x1) returned 1 [0147.939] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0147.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kiJhDIFPL-rrySe2rYEX.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kijhdifpl-rryse2ryex.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xc88 [0147.977] GetConsoleMode (in: hConsoleHandle=0xc88, lpMode=0xc000193cf4 | out: lpMode=0xc000193cf4) returned 0 [0147.981] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0147.982] SetEvent (hEvent=0xc0) returned 1 [0147.982] SetEvent (hEvent=0x274) returned 1 [0147.982] GetFileType (hFile=0xc88) returned 0x1 [0147.982] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0147.994] GetFileType (hFile=0xc88) returned 0x1 [0147.994] GetFileInformationByHandle (in: hFile=0xc88, lpFileInformation=0xc000193d44 | out: lpFileInformation=0xc000193d44) returned 1 [0147.994] GetFileInformationByHandleEx (in: hFile=0xc88, FileInformationClass=0x9, lpFileInformation=0xc000193d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000193d28) returned 1 [0147.994] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0147.995] VirtualAlloc (lpAddress=0xc0004f8000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004f8000 [0147.997] ReadFile (in: hFile=0xc88, lpBuffer=0xc0004f8000, nNumberOfBytesToRead=0x13763, lpNumberOfBytesRead=0xc000193c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004f8000*, lpNumberOfBytesRead=0xc000193c04*=0x13563, lpOverlapped=0x0) returned 1 [0148.632] ReadFile (in: hFile=0xc88, lpBuffer=0xc00050b563, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000193c04, lpOverlapped=0x0 | out: lpBuffer=0xc00050b563*, lpNumberOfBytesRead=0xc000193c04*=0x0, lpOverlapped=0x0) returned 1 [0148.632] CloseHandle (hObject=0xc88) returned 1 [0148.632] VirtualAlloc (lpAddress=0xc000690000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000690000 [0148.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kiJhDIFPL-rrySe2rYEX.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kijhdifpl-rryse2ryex.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0150.586] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000193d04 | out: lpMode=0xc000193d04) returned 0 [0150.596] GetFileType (hFile=0x7a0) returned 0x1 [0150.596] WriteFile (in: hFile=0x7a0, lpBuffer=0xc000690000*, nNumberOfBytesToWrite=0x13570, lpNumberOfBytesWritten=0xc000193cec, lpOverlapped=0x0 | out: lpBuffer=0xc000690000*, lpNumberOfBytesWritten=0xc000193cec*=0x13570, lpOverlapped=0x0) returned 1 [0150.603] CloseHandle (hObject=0x7a0) returned 1 [0150.718] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0150.718] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0150.719] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kiJhDIFPL-rrySe2rYEX.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kijhdifpl-rryse2ryex.m4a"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x380 [0150.719] GetConsoleMode (in: hConsoleHandle=0x380, lpMode=0xc000193d64 | out: lpMode=0xc000193d64) returned 0 [0150.734] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0150.751] SetEvent (hEvent=0xb50) returned 1 [0150.751] GetFileType (hFile=0x380) returned 0x1 [0150.751] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0150.778] SetEvent (hEvent=0xc0) returned 1 [0150.778] WriteFile (in: hFile=0x380, lpBuffer=0xc0000a22c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000193d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a22c0*, lpNumberOfBytesWritten=0xc000193d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.778] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0150.799] SetEvent (hEvent=0xb50) returned 1 [0150.799] CloseHandle (hObject=0x380) returned 1 [0150.801] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0150.802] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kiJhDIFPL-rrySe2rYEX.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kijhdifpl-rryse2ryex.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-kiJhDIFPL-rrySe2rYEX.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-kijhdifpl-rryse2ryex.m4a"), dwFlags=0x1) returned 1 [0153.200] VirtualFree (lpAddress=0xc000498000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0153.202] VirtualFree (lpAddress=0xc000358000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0153.204] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0153.205] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.206] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.206] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.207] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0153.208] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.209] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.210] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.211] VirtualFree (lpAddress=0xc000072000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0153.211] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.212] SetEvent (hEvent=0x9a8) returned 1 [0153.213] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0153.274] SetEvent (hEvent=0x9a8) returned 1 [0153.275] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0154.995] SetEvent (hEvent=0x9f0) returned 1 [0154.995] SetEvent (hEvent=0x1b4) returned 1 [0154.995] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0155.208] SetEvent (hEvent=0x9f0) returned 1 [0155.208] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0155.209] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0155.210] VirtualFree (lpAddress=0xc00005a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0155.211] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0155.212] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5a0 [0155.213] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc0000f9cf4 | out: lpMode=0xc0000f9cf4) returned 0 [0155.225] GetFileType (hFile=0x5a0) returned 0x1 [0155.225] GetFileType (hFile=0x5a0) returned 0x1 [0155.225] GetFileInformationByHandle (in: hFile=0x5a0, lpFileInformation=0xc0000f9d44 | out: lpFileInformation=0xc0000f9d44) returned 1 [0155.225] GetFileInformationByHandleEx (in: hFile=0x5a0, FileInformationClass=0x9, lpFileInformation=0xc0000f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f9d28) returned 1 [0155.225] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0155.227] ReadFile (in: hFile=0x5a0, lpBuffer=0xc000162000, nNumberOfBytesToRead=0x5a1, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000162000*, lpNumberOfBytesRead=0xc0000f9c04*=0x3a1, lpOverlapped=0x0) returned 1 [0155.256] ReadFile (in: hFile=0x5a0, lpBuffer=0xc0001623a1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001623a1*, lpNumberOfBytesRead=0xc0000f9c04*=0x0, lpOverlapped=0x0) returned 1 [0155.256] CloseHandle (hObject=0x5a0) returned 1 [0155.256] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0155.258] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0 [0155.259] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc0000f9d04 | out: lpMode=0xc0000f9d04) returned 0 [0155.266] GetFileType (hFile=0x5a0) returned 0x1 [0155.266] WriteFile (in: hFile=0x5a0, lpBuffer=0xc000168000*, nNumberOfBytesToWrite=0x3b0, lpNumberOfBytesWritten=0xc0000f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000168000*, lpNumberOfBytesWritten=0xc0000f9cec*=0x3b0, lpOverlapped=0x0) returned 1 [0155.268] CloseHandle (hObject=0x5a0) returned 1 [0155.269] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0155.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0 [0155.269] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc0000f9d64 | out: lpMode=0xc0000f9d64) returned 0 [0155.280] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0155.393] GetFileType (hFile=0x5a0) returned 0x1 [0155.393] WriteFile (in: hFile=0x5a0, lpBuffer=0xc000284000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284000*, lpNumberOfBytesWritten=0xc0000f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0155.394] CloseHandle (hObject=0x5a0) returned 1 [0155.394] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0155.395] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0155.396] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\downloads.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\encry-Downloads.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\encry-downloads.lnk"), dwFlags=0x1) returned 1 [0155.398] SetEvent (hEvent=0x43c) returned 1 [0155.398] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0155.960] SetEvent (hEvent=0x9e8) returned 1 [0155.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5a0 [0155.962] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc000401cf4 | out: lpMode=0xc000401cf4) returned 0 [0156.019] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0156.428] SwitchToThread () returned 1 [0156.541] PostQueuedCompletionStatus (CompletionPort=0xdc, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0156.541] PostQueuedCompletionStatus (CompletionPort=0xdc, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0156.541] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0157.076] WriteFile (in: hFile=0x728, lpBuffer=0xc00049d500*, nNumberOfBytesToWrite=0x5100, lpNumberOfBytesWritten=0xc000403cec, lpOverlapped=0x0 | out: lpBuffer=0xc00049d500*, lpNumberOfBytesWritten=0xc000403cec*=0x5100, lpOverlapped=0x0) returned 1 [0157.079] CloseHandle (hObject=0x728) returned 1 [0157.079] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0157.079] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\nz S7KVsk.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\nz s7kvsk.rtf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x728 [0157.080] GetConsoleMode (in: hConsoleHandle=0x728, lpMode=0xc000403d64 | out: lpMode=0xc000403d64) returned 0 [0157.126] GetFileType (hFile=0x728) returned 0x1 [0157.126] WriteFile (in: hFile=0x728, lpBuffer=0xc000284000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000403d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284000*, lpNumberOfBytesWritten=0xc000403d4c*=0x158, lpOverlapped=0x0) returned 1 [0157.126] CloseHandle (hObject=0x728) returned 1 [0157.126] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0157.128] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\nz S7KVsk.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\nz s7kvsk.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\encry-nz S7KVsk.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\encry-nz s7kvsk.rtf"), dwFlags=0x1) returned 1 [0157.130] SwitchToThread () returned 1 [0157.134] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0157.238] SwitchToThread () returned 1 [0157.284] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0157.286] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0157.286] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0xc00023d9f8 | out: lpFindFileData=0xc00023d9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0157.286] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0157.287] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00023d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0157.287] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0157.288] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\GLGpik5CbMztQ7Qi.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\glgpik5cbmztq7qi.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0157.290] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0002dfcf4 | out: lpMode=0xc0002dfcf4) returned 0 [0157.345] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0157.365] GetFileType (hFile=0x1b0) returned 0x1 [0157.365] GetFileType (hFile=0x1b0) returned 0x1 [0157.366] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0002dfd44 | out: lpFileInformation=0xc0002dfd44) returned 1 [0157.366] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0002dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002dfd28) returned 1 [0157.366] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0157.367] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0157.370] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000542000, nNumberOfBytesToRead=0x11df5, lpNumberOfBytesRead=0xc0002dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesRead=0xc0002dfc04*=0x11bf5, lpOverlapped=0x0) returned 1 [0157.373] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000553bf5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000553bf5*, lpNumberOfBytesRead=0xc0002dfc04*=0x0, lpOverlapped=0x0) returned 1 [0157.373] CloseHandle (hObject=0x1b0) returned 1 [0157.373] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0157.374] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0157.375] VirtualAlloc (lpAddress=0xc000554000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000554000 [0157.379] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\GLGpik5CbMztQ7Qi.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\glgpik5cbmztq7qi.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0157.495] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0002dfd04 | out: lpMode=0xc0002dfd04) returned 0 [0157.503] GetFileType (hFile=0x1b0) returned 0x1 [0157.503] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000554000*, nNumberOfBytesToWrite=0x11c00, lpNumberOfBytesWritten=0xc0002dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc000554000*, lpNumberOfBytesWritten=0xc0002dfcec*=0x11c00, lpOverlapped=0x0) returned 1 [0157.516] CloseHandle (hObject=0x1b0) returned 1 [0157.516] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0157.516] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0157.517] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0157.519] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0157.520] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0157.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\GLGpik5CbMztQ7Qi.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\glgpik5cbmztq7qi.xls"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0157.521] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0002dfd64 | out: lpMode=0xc0002dfd64) returned 0 [0157.531] GetFileType (hFile=0x1b0) returned 0x1 [0157.531] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000284420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284420*, lpNumberOfBytesWritten=0xc0002dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0157.531] CloseHandle (hObject=0x1b0) returned 1 [0157.531] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0157.532] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0157.534] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\GLGpik5CbMztQ7Qi.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\glgpik5cbmztq7qi.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\encry-GLGpik5CbMztQ7Qi.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\encry-glgpik5cbmztq7qi.xls"), dwFlags=0x1) returned 1 [0157.581] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0157.613] SwitchToThread () returned 1 [0157.642] SetEvent (hEvent=0x43c) returned 1 [0157.642] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0157.650] SetEvent (hEvent=0xb58) returned 1 [0157.651] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0157.658] SwitchToThread () returned 1 [0157.685] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0157.751] SwitchToThread () returned 1 [0157.768] SetEvent (hEvent=0x43c) returned 1 [0157.768] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0157.773] SetEvent (hEvent=0xb58) returned 1 [0157.773] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0157.819] SwitchToThread () returned 1 [0157.960] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0158.047] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0158.048] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\RRrMZFNcPf9FA.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\rrrmzfncpf9fa.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0158.050] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00034fcf4 | out: lpMode=0xc00034fcf4) returned 0 [0158.103] GetFileType (hFile=0x1b0) returned 0x1 [0158.103] GetFileType (hFile=0x1b0) returned 0x1 [0158.103] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00034fd44 | out: lpFileInformation=0xc00034fd44) returned 1 [0158.103] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00034fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00034fd28) returned 1 [0158.104] VirtualAlloc (lpAddress=0xc000292000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0158.107] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000292000, nNumberOfBytesToRead=0x811d, lpNumberOfBytesRead=0xc00034fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000292000*, lpNumberOfBytesRead=0xc00034fc04*=0x7f1d, lpOverlapped=0x0) returned 1 [0158.124] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000299f1d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00034fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000299f1d*, lpNumberOfBytesRead=0xc00034fc04*=0x0, lpOverlapped=0x0) returned 1 [0158.124] CloseHandle (hObject=0x1b0) returned 1 [0158.125] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0158.129] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\RRrMZFNcPf9FA.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\rrrmzfncpf9fa.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0158.132] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00034fd04 | out: lpMode=0xc00034fd04) returned 0 [0158.153] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0158.186] GetFileType (hFile=0x1b0) returned 0x1 [0158.186] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00027c000*, nNumberOfBytesToWrite=0x7f20, lpNumberOfBytesWritten=0xc00034fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesWritten=0xc00034fcec*=0x7f20, lpOverlapped=0x0) returned 1 [0158.189] CloseHandle (hObject=0x1b0) returned 1 [0158.190] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0158.190] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0158.191] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0158.193] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0158.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\RRrMZFNcPf9FA.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\rrrmzfncpf9fa.gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0158.194] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00034fd64 | out: lpMode=0xc00034fd64) returned 0 [0158.301] GetFileType (hFile=0x1b0) returned 0x1 [0158.301] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000050420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00034fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050420*, lpNumberOfBytesWritten=0xc00034fd4c*=0x158, lpOverlapped=0x0) returned 1 [0158.301] CloseHandle (hObject=0x1b0) returned 1 [0158.302] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\RRrMZFNcPf9FA.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\rrrmzfncpf9fa.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\encry-RRrMZFNcPf9FA.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\encry-rrrmzfncpf9fa.gif"), dwFlags=0x1) returned 1 [0158.304] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0158.307] SetEvent (hEvent=0x43c) returned 1 [0158.307] SetEvent (hEvent=0x1b4) returned 1 [0158.307] VirtualFree (lpAddress=0xc000542000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0158.310] VirtualFree (lpAddress=0xc000498000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0158.312] VirtualFree (lpAddress=0xc00030e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.313] VirtualFree (lpAddress=0xc000292000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0158.315] VirtualFree (lpAddress=0xc00025e000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0158.316] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.317] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0158.318] VirtualFree (lpAddress=0xc000212000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0158.320] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0158.321] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.322] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.323] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.323] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.325] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.325] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.326] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.327] VirtualFree (lpAddress=0xc00007a000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0158.328] VirtualFree (lpAddress=0xc000072000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0158.329] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.330] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.331] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.332] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.333] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\iOBn1bkbua7.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\iobn1bkbua7.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0158.335] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00035bcf4 | out: lpMode=0xc00035bcf4) returned 0 [0158.338] GetFileType (hFile=0x1b0) returned 0x1 [0158.338] GetFileType (hFile=0x1b0) returned 0x1 [0158.338] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc00035bd44 | out: lpFileInformation=0xc00035bd44) returned 1 [0158.338] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc00035bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00035bd28) returned 1 [0158.338] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0158.340] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0158.342] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00007a000, nNumberOfBytesToRead=0x5645, lpNumberOfBytesRead=0xc00035bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a000*, lpNumberOfBytesRead=0xc00035bc04*=0x5445, lpOverlapped=0x0) returned 1 [0158.344] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00007f445, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00035bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007f445*, lpNumberOfBytesRead=0xc00035bc04*=0x0, lpOverlapped=0x0) returned 1 [0158.344] CloseHandle (hObject=0x1b0) returned 1 [0158.344] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0158.346] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0158.350] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\iOBn1bkbua7.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\iobn1bkbua7.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0158.352] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00035bd04 | out: lpMode=0xc00035bd04) returned 0 [0158.372] GetFileType (hFile=0x1b0) returned 0x1 [0158.372] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000212000*, nNumberOfBytesToWrite=0x5450, lpNumberOfBytesWritten=0xc00035bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesWritten=0xc00035bcec*=0x5450, lpOverlapped=0x0) returned 1 [0158.375] CloseHandle (hObject=0x1b0) returned 1 [0158.376] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0158.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\iOBn1bkbua7.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\iobn1bkbua7.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0158.376] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00035bd64 | out: lpMode=0xc00035bd64) returned 0 [0158.396] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0158.406] GetFileType (hFile=0x1b0) returned 0x1 [0158.406] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000284000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00035bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284000*, lpNumberOfBytesWritten=0xc00035bd4c*=0x158, lpOverlapped=0x0) returned 1 [0158.407] CloseHandle (hObject=0x1b0) returned 1 [0158.407] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0158.408] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0158.409] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\iOBn1bkbua7.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\iobn1bkbua7.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\encry-iOBn1bkbua7.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\encry-iobn1bkbua7.png"), dwFlags=0x1) returned 1 [0158.437] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0158.441] SetEvent (hEvent=0x43c) returned 1 [0158.441] SetEvent (hEvent=0x1b4) returned 1 [0158.441] VirtualFree (lpAddress=0xc00027c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0158.443] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0158.445] VirtualFree (lpAddress=0xc000212000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0158.446] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.464] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.465] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.466] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.467] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.468] VirtualFree (lpAddress=0xc000078000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0158.469] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.471] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.471] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.472] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.474] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\a2lzUytuvD.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\a2lzuytuvd.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0158.475] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000363cf4 | out: lpMode=0xc000363cf4) returned 0 [0158.477] GetFileType (hFile=0x3e0) returned 0x1 [0158.477] GetFileType (hFile=0x3e0) returned 0x1 [0158.478] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc000363d44 | out: lpFileInformation=0xc000363d44) returned 1 [0158.478] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc000363d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000363d28) returned 1 [0158.478] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0158.480] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000078000, nNumberOfBytesToRead=0x153d, lpNumberOfBytesRead=0xc000363c04, lpOverlapped=0x0 | out: lpBuffer=0xc000078000*, lpNumberOfBytesRead=0xc000363c04*=0x133d, lpOverlapped=0x0) returned 1 [0158.481] ReadFile (in: hFile=0x3e0, lpBuffer=0xc00007933d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000363c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007933d*, lpNumberOfBytesRead=0xc000363c04*=0x0, lpOverlapped=0x0) returned 1 [0158.482] CloseHandle (hObject=0x3e0) returned 1 [0158.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\a2lzUytuvD.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\a2lzuytuvd.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0158.484] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000363d04 | out: lpMode=0xc000363d04) returned 0 [0158.499] GetFileType (hFile=0x3e0) returned 0x1 [0158.499] WriteFile (in: hFile=0x3e0, lpBuffer=0xc0000d1500*, nNumberOfBytesToWrite=0x1340, lpNumberOfBytesWritten=0xc000363cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesWritten=0xc000363cec*=0x1340, lpOverlapped=0x0) returned 1 [0158.501] CloseHandle (hObject=0x3e0) returned 1 [0158.501] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0158.502] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\a2lzUytuvD.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\a2lzuytuvd.gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0158.502] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000363d64 | out: lpMode=0xc000363d64) returned 0 [0158.541] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0158.551] GetFileType (hFile=0x3e0) returned 0x1 [0158.551] WriteFile (in: hFile=0x3e0, lpBuffer=0xc000050000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000363d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesWritten=0xc000363d4c*=0x158, lpOverlapped=0x0) returned 1 [0158.552] CloseHandle (hObject=0x3e0) returned 1 [0158.552] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\a2lzUytuvD.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\a2lzuytuvd.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\encry-a2lzUytuvD.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\encry-a2lzuytuvd.gif"), dwFlags=0x1) returned 1 [0158.626] SwitchToThread () returned 1 [0158.631] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0158.633] SetEvent (hEvent=0x43c) returned 1 [0158.633] SetEvent (hEvent=0x1b4) returned 1 [0158.633] VirtualFree (lpAddress=0xc000498000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0158.635] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.635] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0158.636] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.637] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.638] VirtualFree (lpAddress=0xc000078000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0158.639] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0158.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\WS3nVrMR4-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ws3nvrmr4-.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0158.642] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc00036bcf4 | out: lpMode=0xc00036bcf4) returned 0 [0158.646] GetFileType (hFile=0x6a4) returned 0x1 [0158.646] GetFileType (hFile=0x6a4) returned 0x1 [0158.646] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc00036bd44 | out: lpFileInformation=0xc00036bd44) returned 1 [0158.646] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc00036bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00036bd28) returned 1 [0158.646] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0158.649] ReadFile (in: hFile=0x6a4, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xe712, lpNumberOfBytesRead=0xc00036bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc00036bc04*=0xe512, lpOverlapped=0x0) returned 1 [0158.652] ReadFile (in: hFile=0x6a4, lpBuffer=0xc000220512, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00036bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000220512*, lpNumberOfBytesRead=0xc00036bc04*=0x0, lpOverlapped=0x0) returned 1 [0158.652] CloseHandle (hObject=0x6a4) returned 1 [0158.652] VirtualAlloc (lpAddress=0xc000498000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0158.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\WS3nVrMR4-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ws3nvrmr4-.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0158.658] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc00036bd04 | out: lpMode=0xc00036bd04) returned 0 [0158.670] GetFileType (hFile=0x6a4) returned 0x1 [0158.670] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000498000*, nNumberOfBytesToWrite=0xe520, lpNumberOfBytesWritten=0xc00036bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000498000*, lpNumberOfBytesWritten=0xc00036bcec*=0xe520, lpOverlapped=0x0) returned 1 [0158.674] CloseHandle (hObject=0x6a4) returned 1 [0158.674] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0158.674] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\WS3nVrMR4-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ws3nvrmr4-.bmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0158.675] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc00036bd64 | out: lpMode=0xc00036bd64) returned 0 [0158.677] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0158.689] SetEvent (hEvent=0x43c) returned 1 [0158.689] GetFileType (hFile=0x6a4) returned 0x1 [0158.689] WriteFile (in: hFile=0x6a4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00036bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00036bd4c*=0x158, lpOverlapped=0x0) returned 1 [0158.689] CloseHandle (hObject=0x6a4) returned 1 [0158.689] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\WS3nVrMR4-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ws3nvrmr4-.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\encry-WS3nVrMR4-.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\encry-ws3nvrmr4-.bmp"), dwFlags=0x1) returned 1 [0158.691] SwitchToThread () returned 1 [0158.784] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0158.807] SetEvent (hEvent=0xb58) returned 1 [0158.807] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0158.807] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0158.809] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*", lpFindFileData=0xc00037b9f8 | out: lpFindFileData=0xc00037b9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0158.809] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0158.810] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00037b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0158.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0158.810] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*", lpFindFileData=0xc00037d9f8 | out: lpFindFileData=0xc00037d9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0158.810] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00037d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0158.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0158.812] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000377cf4 | out: lpMode=0xc000377cf4) returned 0 [0158.828] GetFileType (hFile=0x36c) returned 0x1 [0158.828] GetFileType (hFile=0x36c) returned 0x1 [0158.828] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc000377d44 | out: lpFileInformation=0xc000377d44) returned 1 [0158.828] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc000377d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000377d28) returned 1 [0158.828] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0158.830] ReadFile (in: hFile=0x36c, lpBuffer=0xc000094700, nNumberOfBytesToRead=0x31a, lpNumberOfBytesRead=0xc000377c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094700*, lpNumberOfBytesRead=0xc000377c04*=0x11a, lpOverlapped=0x0) returned 1 [0158.831] ReadFile (in: hFile=0x36c, lpBuffer=0xc00009481a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000377c04, lpOverlapped=0x0 | out: lpBuffer=0xc00009481a*, lpNumberOfBytesRead=0xc000377c04*=0x0, lpOverlapped=0x0) returned 1 [0158.831] CloseHandle (hObject=0x36c) returned 1 [0158.831] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0158.833] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0158.833] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini\\*", lpFindFileData=0xc000377a08 | out: lpFindFileData=0xc000377a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0158.833] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000377720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0158.833] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0158.834] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000379cf4 | out: lpMode=0xc000379cf4) returned 0 [0158.842] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0158.847] GetFileType (hFile=0x36c) returned 0x1 [0158.847] GetFileType (hFile=0x36c) returned 0x1 [0158.848] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc000379d44 | out: lpFileInformation=0xc000379d44) returned 1 [0158.848] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc000379d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000379d28) returned 1 [0158.848] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0158.849] ReadFile (in: hFile=0x36c, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0x2f8, lpNumberOfBytesRead=0xc000379c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc000379c04*=0xf8, lpOverlapped=0x0) returned 1 [0158.851] ReadFile (in: hFile=0x36c, lpBuffer=0xc00004c0f8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000379c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c0f8*, lpNumberOfBytesRead=0xc000379c04*=0x0, lpOverlapped=0x0) returned 1 [0158.851] CloseHandle (hObject=0x36c) returned 1 [0158.851] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0158.852] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms\\*", lpFindFileData=0xc000379a08 | out: lpFindFileData=0xc000379a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0158.852] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000379720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0158.852] SwitchToThread () returned 1 [0158.914] SwitchToThread () returned 1 [0158.955] SetEvent (hEvent=0x43c) returned 1 [0158.955] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0159.000] SetEvent (hEvent=0x1b4) returned 1 [0159.000] SwitchToThread () returned 1 [0159.011] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0159.013] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0159.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XkaR bZzz.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xkar bzzz.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0159.015] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004abcf4 | out: lpMode=0xc0004abcf4) returned 0 [0159.069] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0159.071] GetFileType (hFile=0x3e0) returned 0x1 [0159.071] GetFileType (hFile=0x3e0) returned 0x1 [0159.071] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc0004abd44 | out: lpFileInformation=0xc0004abd44) returned 1 [0159.071] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc0004abd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004abd28) returned 1 [0159.072] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0159.073] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0159.078] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000542000, nNumberOfBytesToRead=0x12b3c, lpNumberOfBytesRead=0xc0004abc04, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesRead=0xc0004abc04*=0x1293c, lpOverlapped=0x0) returned 1 [0159.081] ReadFile (in: hFile=0x3e0, lpBuffer=0xc00055493c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004abc04, lpOverlapped=0x0 | out: lpBuffer=0xc00055493c*, lpNumberOfBytesRead=0xc0004abc04*=0x0, lpOverlapped=0x0) returned 1 [0159.081] CloseHandle (hObject=0x3e0) returned 1 [0159.081] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0159.083] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0159.084] VirtualAlloc (lpAddress=0xc000556000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000556000 [0159.089] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XkaR bZzz.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xkar bzzz.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0159.092] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004abd04 | out: lpMode=0xc0004abd04) returned 0 [0159.100] GetFileType (hFile=0x3e0) returned 0x1 [0159.100] WriteFile (in: hFile=0x3e0, lpBuffer=0xc000556000*, nNumberOfBytesToWrite=0x12940, lpNumberOfBytesWritten=0xc0004abcec, lpOverlapped=0x0 | out: lpBuffer=0xc000556000*, lpNumberOfBytesWritten=0xc0004abcec*=0x12940, lpOverlapped=0x0) returned 1 [0159.105] CloseHandle (hObject=0x3e0) returned 1 [0159.105] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0159.105] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0159.107] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0159.109] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0159.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XkaR bZzz.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xkar bzzz.avi"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0159.110] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004abd64 | out: lpMode=0xc0004abd64) returned 0 [0159.123] GetFileType (hFile=0x3e0) returned 0x1 [0159.123] WriteFile (in: hFile=0x3e0, lpBuffer=0xc000050420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004abd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050420*, lpNumberOfBytesWritten=0xc0004abd4c*=0x158, lpOverlapped=0x0) returned 1 [0159.124] CloseHandle (hObject=0x3e0) returned 1 [0159.124] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\XkaR bZzz.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\xkar bzzz.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\encry-XkaR bZzz.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\encry-xkar bzzz.avi"), dwFlags=0x1) returned 1 [0159.126] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0159.142] SetEvent (hEvent=0xb58) returned 1 [0159.142] SwitchToThread () returned 1 [0159.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\QlKeywISbwT_7p T.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\qlkeywisbwt_7p t.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0159.199] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004e7cf4 | out: lpMode=0xc0004e7cf4) returned 0 [0159.214] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0159.221] GetFileType (hFile=0x6a4) returned 0x1 [0159.221] GetFileType (hFile=0x6a4) returned 0x1 [0159.221] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc0004e7d44 | out: lpFileInformation=0xc0004e7d44) returned 1 [0159.221] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc0004e7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004e7d28) returned 1 [0159.222] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0159.223] ReadFile (in: hFile=0x6a4, lpBuffer=0xc000126000, nNumberOfBytesToRead=0xa0b, lpNumberOfBytesRead=0xc0004e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000126000*, lpNumberOfBytesRead=0xc0004e7c04*=0x80b, lpOverlapped=0x0) returned 1 [0159.224] ReadFile (in: hFile=0x6a4, lpBuffer=0xc00012680b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00012680b*, lpNumberOfBytesRead=0xc0004e7c04*=0x0, lpOverlapped=0x0) returned 1 [0159.225] CloseHandle (hObject=0x6a4) returned 1 [0159.225] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0159.226] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\QlKeywISbwT_7p T.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\qlkeywisbwt_7p t.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0159.227] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004e7d04 | out: lpMode=0xc0004e7d04) returned 0 [0159.273] GetFileType (hFile=0x6a4) returned 0x1 [0159.273] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000168000*, nNumberOfBytesToWrite=0x810, lpNumberOfBytesWritten=0xc0004e7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000168000*, lpNumberOfBytesWritten=0xc0004e7cec*=0x810, lpOverlapped=0x0) returned 1 [0159.275] CloseHandle (hObject=0x6a4) returned 1 [0159.276] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0159.276] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\QlKeywISbwT_7p T.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\qlkeywisbwt_7p t.mkv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0159.276] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004e7d64 | out: lpMode=0xc0004e7d64) returned 0 [0159.334] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0159.354] GetFileType (hFile=0x6a4) returned 0x1 [0159.354] WriteFile (in: hFile=0x6a4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004e7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0004e7d4c*=0x158, lpOverlapped=0x0) returned 1 [0159.354] CloseHandle (hObject=0x6a4) returned 1 [0159.355] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0159.356] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\QlKeywISbwT_7p T.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\qlkeywisbwt_7p t.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\encry-QlKeywISbwT_7p T.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\encry-qlkeywisbwt_7p t.mkv"), dwFlags=0x1) returned 1 [0159.357] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\7KD C2CNEpJN.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\7kd c2cnepjn.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0159.358] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004bdcf4 | out: lpMode=0xc0004bdcf4) returned 0 [0159.372] GetFileType (hFile=0x6a4) returned 0x1 [0159.372] GetFileType (hFile=0x6a4) returned 0x1 [0159.372] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc0004bdd44 | out: lpFileInformation=0xc0004bdd44) returned 1 [0159.372] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc0004bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004bdd28) returned 1 [0159.372] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0159.373] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0159.376] ReadFile (in: hFile=0x6a4, lpBuffer=0xc000542000, nNumberOfBytesToRead=0x12e23, lpNumberOfBytesRead=0xc0004bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesRead=0xc0004bdc04*=0x12c23, lpOverlapped=0x0) returned 1 [0159.378] ReadFile (in: hFile=0x6a4, lpBuffer=0xc000554c23, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000554c23*, lpNumberOfBytesRead=0xc0004bdc04*=0x0, lpOverlapped=0x0) returned 1 [0159.378] CloseHandle (hObject=0x6a4) returned 1 [0159.378] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0159.379] VirtualAlloc (lpAddress=0xc000556000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000556000 [0159.381] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\7KD C2CNEpJN.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\7kd c2cnepjn.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0159.385] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004bdd04 | out: lpMode=0xc0004bdd04) returned 0 [0159.404] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0159.437] GetFileType (hFile=0x6a4) returned 0x1 [0159.437] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000556000*, nNumberOfBytesToWrite=0x12c30, lpNumberOfBytesWritten=0xc0004bdcec, lpOverlapped=0x0 | out: lpBuffer=0xc000556000*, lpNumberOfBytesWritten=0xc0004bdcec*=0x12c30, lpOverlapped=0x0) returned 1 [0159.441] CloseHandle (hObject=0x6a4) returned 1 [0159.442] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a101 | out: pbBuffer=0xc00028a101) returned 1 [0159.442] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0159.443] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0159.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\7KD C2CNEpJN.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\7kd c2cnepjn.mp4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0159.444] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004bdd64 | out: lpMode=0xc0004bdd64) returned 0 [0159.450] GetFileType (hFile=0x6a4) returned 0x1 [0159.450] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000050420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050420*, lpNumberOfBytesWritten=0xc0004bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0159.450] CloseHandle (hObject=0x6a4) returned 1 [0159.450] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0159.452] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\7KD C2CNEpJN.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\7kd c2cnepjn.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\encry-7KD C2CNEpJN.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\encry-7kd c2cnepjn.mp4"), dwFlags=0x1) returned 1 [0159.453] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0159.457] SetEvent (hEvent=0x43c) returned 1 [0159.457] SetEvent (hEvent=0xb58) returned 1 [0159.457] VirtualFree (lpAddress=0xc000542000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0159.458] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.459] VirtualFree (lpAddress=0xc000212000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0159.461] VirtualFree (lpAddress=0xc000168000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0159.461] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.462] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.463] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.464] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.464] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.465] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.466] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0159.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\CfVP2kcsDlqOrsb wuX.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\cfvp2kcsdlqorsb wux.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0159.468] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004bbcf4 | out: lpMode=0xc0004bbcf4) returned 0 [0159.471] GetFileType (hFile=0x6a4) returned 0x1 [0159.471] GetFileType (hFile=0x6a4) returned 0x1 [0159.471] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc0004bbd44 | out: lpFileInformation=0xc0004bbd44) returned 1 [0159.471] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc0004bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004bbd28) returned 1 [0159.471] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0159.473] ReadFile (in: hFile=0x6a4, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x5660, lpNumberOfBytesRead=0xc0004bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0004bbc04*=0x5460, lpOverlapped=0x0) returned 1 [0159.475] ReadFile (in: hFile=0x6a4, lpBuffer=0xc000217460, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000217460*, lpNumberOfBytesRead=0xc0004bbc04*=0x0, lpOverlapped=0x0) returned 1 [0159.476] CloseHandle (hObject=0x6a4) returned 1 [0159.476] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0159.480] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\CfVP2kcsDlqOrsb wuX.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\cfvp2kcsdlqorsb wux.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0159.482] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004bbd04 | out: lpMode=0xc0004bbd04) returned 0 [0159.513] GetFileType (hFile=0x6a4) returned 0x1 [0159.513] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000542000*, nNumberOfBytesToWrite=0x5470, lpNumberOfBytesWritten=0xc0004bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesWritten=0xc0004bbcec*=0x5470, lpOverlapped=0x0) returned 1 [0159.516] CloseHandle (hObject=0x6a4) returned 1 [0159.516] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0159.516] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0159.518] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\CfVP2kcsDlqOrsb wuX.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\cfvp2kcsdlqorsb wux.mp4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0159.518] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004bbd64 | out: lpMode=0xc0004bbd64) returned 0 [0159.540] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0159.552] GetFileType (hFile=0x6a4) returned 0x1 [0159.552] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000104580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104580*, lpNumberOfBytesWritten=0xc0004bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0159.552] CloseHandle (hObject=0x6a4) returned 1 [0159.553] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0159.554] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0159.556] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0159.557] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\CfVP2kcsDlqOrsb wuX.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\cfvp2kcsdlqorsb wux.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\encry-CfVP2kcsDlqOrsb wuX.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\encry-cfvp2kcsdlqorsb wux.mp4"), dwFlags=0x1) returned 1 [0159.584] SwitchToThread () returned 1 [0159.589] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0159.592] SetEvent (hEvent=0x43c) returned 1 [0159.592] SetEvent (hEvent=0xb58) returned 1 [0159.593] VirtualFree (lpAddress=0xc00058e000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0159.595] VirtualFree (lpAddress=0xc000556000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0159.597] VirtualFree (lpAddress=0xc000542000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0159.598] VirtualFree (lpAddress=0xc000498000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0159.600] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0159.602] VirtualFree (lpAddress=0xc000212000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0159.603] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.604] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.604] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.605] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.606] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.607] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.608] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.609] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\rQmymTZOi.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\rqmymtzoi.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0159.610] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004edcf4 | out: lpMode=0xc0004edcf4) returned 0 [0159.611] GetFileType (hFile=0x1b0) returned 0x1 [0159.612] GetFileType (hFile=0x1b0) returned 0x1 [0159.612] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0004edd44 | out: lpFileInformation=0xc0004edd44) returned 1 [0159.612] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0004edd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004edd28) returned 1 [0159.612] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0159.616] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xb65f, lpNumberOfBytesRead=0xc0004edc04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0004edc04*=0xb45f, lpOverlapped=0x0) returned 1 [0159.618] ReadFile (in: hFile=0x1b0, lpBuffer=0xc00021d45f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004edc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021d45f*, lpNumberOfBytesRead=0xc0004edc04*=0x0, lpOverlapped=0x0) returned 1 [0159.618] CloseHandle (hObject=0x1b0) returned 1 [0159.619] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0159.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\rQmymTZOi.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\rqmymtzoi.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0159.625] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004edd04 | out: lpMode=0xc0004edd04) returned 0 [0159.628] GetFileType (hFile=0x1b0) returned 0x1 [0159.628] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0xb460, lpNumberOfBytesWritten=0xc0004edcec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc0004edcec*=0xb460, lpOverlapped=0x0) returned 1 [0159.631] CloseHandle (hObject=0x1b0) returned 1 [0159.631] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0159.631] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\rQmymTZOi.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\rqmymtzoi.mp4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0159.632] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004edd64 | out: lpMode=0xc0004edd64) returned 0 [0159.633] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0159.653] SetEvent (hEvent=0x43c) returned 1 [0159.653] GetFileType (hFile=0x1b0) returned 0x1 [0159.653] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004edd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0004edd4c*=0x158, lpOverlapped=0x0) returned 1 [0159.653] CloseHandle (hObject=0x1b0) returned 1 [0159.653] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\rQmymTZOi.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\rqmymtzoi.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\encry-rQmymTZOi.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\encry-rqmymtzoi.mp4"), dwFlags=0x1) returned 1 [0159.655] SwitchToThread () returned 1 [0159.660] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0159.713] SetEvent (hEvent=0x43c) returned 1 [0159.713] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0159.801] SetEvent (hEvent=0x43c) returned 1 [0159.801] SwitchToThread () returned 1 [0159.827] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0159.873] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\99C5XwNIs.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\99c5xwnis.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0159.874] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004f1cf4 | out: lpMode=0xc0004f1cf4) returned 0 [0159.893] GetFileType (hFile=0x1b0) returned 0x1 [0159.893] GetFileType (hFile=0x1b0) returned 0x1 [0159.893] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0004f1d44 | out: lpFileInformation=0xc0004f1d44) returned 1 [0159.893] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0004f1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004f1d28) returned 1 [0159.893] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0159.895] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0159.898] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x3424, lpNumberOfBytesRead=0xc0004f1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0004f1c04*=0x3224, lpOverlapped=0x0) returned 1 [0159.900] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000215224, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004f1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000215224*, lpNumberOfBytesRead=0xc0004f1c04*=0x0, lpOverlapped=0x0) returned 1 [0159.900] CloseHandle (hObject=0x1b0) returned 1 [0159.900] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0159.901] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0159.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\99C5XwNIs.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\99c5xwnis.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0159.905] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004f1d04 | out: lpMode=0xc0004f1d04) returned 0 [0159.907] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0159.937] SetEvent (hEvent=0xc0) returned 1 [0159.937] SetEvent (hEvent=0x43c) returned 1 [0159.937] GetFileType (hFile=0x1b0) returned 0x1 [0159.937] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0159.956] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000215500*, nNumberOfBytesToWrite=0x3230, lpNumberOfBytesWritten=0xc0004f1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000215500*, lpNumberOfBytesWritten=0xc0004f1cec*=0x3230, lpOverlapped=0x0) returned 1 [0159.959] CloseHandle (hObject=0x1b0) returned 1 [0159.959] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0159.959] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0159.961] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0159.962] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\99C5XwNIs.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\99c5xwnis.avi"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0159.962] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004f1d64 | out: lpMode=0xc0004f1d64) returned 0 [0159.992] GetFileType (hFile=0x1b0) returned 0x1 [0159.993] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004f1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0004f1d4c*=0x158, lpOverlapped=0x0) returned 1 [0159.993] CloseHandle (hObject=0x1b0) returned 1 [0159.993] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\99C5XwNIs.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\99c5xwnis.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\encry-99C5XwNIs.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\encry-99c5xwnis.avi"), dwFlags=0x1) returned 1 [0159.996] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0160.234] SwitchToThread () returned 1 [0160.276] SetEvent (hEvent=0xb58) returned 1 [0160.276] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0160.302] SetEvent (hEvent=0x1b4) returned 1 [0160.302] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0160.315] SwitchToThread () returned 1 [0160.319] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0160.322] SetEvent (hEvent=0xb58) returned 1 [0160.322] SetEvent (hEvent=0x43c) returned 1 [0160.323] VirtualFree (lpAddress=0xc000690000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0160.325] VirtualFree (lpAddress=0xc000542000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0160.327] VirtualFree (lpAddress=0xc000498000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0160.329] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0160.331] VirtualFree (lpAddress=0xc000212000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0160.332] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.333] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.336] VirtualFree (lpAddress=0xc000078000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0160.337] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.338] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.339] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.340] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.341] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.341] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.342] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\oNHryRMM0bAcl8 0.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\onhryrmm0bacl8 0.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0160.343] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000501cf4 | out: lpMode=0xc000501cf4) returned 0 [0160.355] GetFileType (hFile=0x6a4) returned 0x1 [0160.355] GetFileType (hFile=0x6a4) returned 0x1 [0160.355] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc000501d44 | out: lpFileInformation=0xc000501d44) returned 1 [0160.355] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc000501d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000501d28) returned 1 [0160.355] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0160.357] ReadFile (in: hFile=0x6a4, lpBuffer=0xc000078000, nNumberOfBytesToRead=0x5871, lpNumberOfBytesRead=0xc000501c04, lpOverlapped=0x0 | out: lpBuffer=0xc000078000*, lpNumberOfBytesRead=0xc000501c04*=0x5671, lpOverlapped=0x0) returned 1 [0160.360] ReadFile (in: hFile=0x6a4, lpBuffer=0xc00007d671, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000501c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007d671*, lpNumberOfBytesRead=0xc000501c04*=0x0, lpOverlapped=0x0) returned 1 [0160.360] CloseHandle (hObject=0x6a4) returned 1 [0160.360] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0160.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\oNHryRMM0bAcl8 0.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\onhryrmm0bacl8 0.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0160.365] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000501d04 | out: lpMode=0xc000501d04) returned 0 [0160.383] GetFileType (hFile=0x6a4) returned 0x1 [0160.383] WriteFile (in: hFile=0x6a4, lpBuffer=0xc00011c000*, nNumberOfBytesToWrite=0x5680, lpNumberOfBytesWritten=0xc000501cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesWritten=0xc000501cec*=0x5680, lpOverlapped=0x0) returned 1 [0160.385] CloseHandle (hObject=0x6a4) returned 1 [0160.386] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0160.386] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0160.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\oNHryRMM0bAcl8 0.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\onhryrmm0bacl8 0.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0160.387] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000501d64 | out: lpMode=0xc000501d64) returned 0 [0160.411] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0160.422] GetFileType (hFile=0x6a4) returned 0x1 [0160.422] WriteFile (in: hFile=0x6a4, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000501d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc000501d4c*=0x158, lpOverlapped=0x0) returned 1 [0160.422] CloseHandle (hObject=0x6a4) returned 1 [0160.422] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0160.424] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\oNHryRMM0bAcl8 0.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\onhryrmm0bacl8 0.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\encry-oNHryRMM0bAcl8 0.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\encry-onhryrmm0bacl8 0.flv"), dwFlags=0x1) returned 1 [0160.495] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0160.598] SetEvent (hEvent=0x43c) returned 1 [0160.598] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0160.688] SetEvent (hEvent=0xb58) returned 1 [0160.688] SetEvent (hEvent=0x1b4) returned 1 [0160.688] SetEvent (hEvent=0x43c) returned 1 [0160.688] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0160.791] SetEvent (hEvent=0x1b4) returned 1 [0160.791] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0160.819] SetEvent (hEvent=0xa8) returned 1 [0160.819] SetEvent (hEvent=0x9e8) returned 1 [0160.819] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0160.850] SetEvent (hEvent=0xb58) returned 1 [0160.851] SetEvent (hEvent=0x1b4) returned 1 [0160.851] SetEvent (hEvent=0x9e8) returned 1 [0160.851] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0160.865] SetEvent (hEvent=0xb58) returned 1 [0160.865] SetEvent (hEvent=0xa8) returned 1 [0160.865] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0160.888] VirtualFree (lpAddress=0xc00058e000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0160.891] VirtualFree (lpAddress=0xc000542000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0160.893] VirtualFree (lpAddress=0xc0002b4000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0160.894] VirtualFree (lpAddress=0xc000292000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0160.896] VirtualFree (lpAddress=0xc00027c000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0160.897] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0160.898] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0160.898] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.899] VirtualFree (lpAddress=0xc000078000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0160.900] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.901] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.902] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.903] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.903] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.904] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.905] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.906] SetEvent (hEvent=0xa8) returned 1 [0160.906] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0161.170] SetEvent (hEvent=0x9e8) returned 1 [0161.170] SwitchToThread () returned 1 [0161.172] SetEvent (hEvent=0x8d0) returned 1 [0161.172] SetEvent (hEvent=0x9e8) returned 1 [0161.172] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0161.176] SetEvent (hEvent=0x8d0) returned 1 [0161.176] VirtualFree (lpAddress=0xc0005a6000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0161.178] VirtualFree (lpAddress=0xc000168000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0161.179] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.180] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.181] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0161.182] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.183] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.184] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.185] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.186] VirtualFree (lpAddress=0xc00005a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0161.187] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.187] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.188] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.189] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.190] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0161.210] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\4pWNhvf6lh.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\4pwnhvf6lh.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x70c [0162.064] GetConsoleMode (in: hConsoleHandle=0x70c, lpMode=0xc000115cf4 | out: lpMode=0xc000115cf4) returned 0 [0162.413] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0162.600] SetEvent (hEvent=0xa40) returned 1 [0162.600] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0162.815] SwitchToThread () returned 1 [0162.925] SetEvent (hEvent=0xb58) returned 1 [0162.925] SetEvent (hEvent=0xa8) returned 1 [0162.925] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0163.105] SetEvent (hEvent=0xc0c) returned 1 [0163.105] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0163.121] SetEvent (hEvent=0xc0c) returned 1 [0163.121] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0163.128] SetEvent (hEvent=0x8d0) returned 1 [0163.128] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0163.132] SwitchToThread () returned 1 [0163.182] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0163.272] SwitchToThread () returned 1 [0163.279] SetEvent (hEvent=0xc0c) returned 1 [0163.279] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0163.284] SetEvent (hEvent=0xa8) returned 1 [0163.284] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0163.320] SetEvent (hEvent=0xc0c) returned 1 [0163.320] SetEvent (hEvent=0x8d0) returned 1 [0163.321] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0163.358] SetEvent (hEvent=0xc0c) returned 1 [0163.358] SetEvent (hEvent=0x8d0) returned 1 [0163.358] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0163.387] SetEvent (hEvent=0xc0c) returned 1 [0163.387] SetEvent (hEvent=0x8d0) returned 1 [0163.387] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0163.424] SetEvent (hEvent=0xc0c) returned 1 [0163.424] SetEvent (hEvent=0xa8) returned 1 [0163.424] SwitchToThread () returned 1 [0163.431] SetEvent (hEvent=0xc0c) returned 1 [0163.431] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0163.468] SwitchToThread () returned 1 [0163.469] SetEvent (hEvent=0xc0c) returned 1 [0163.469] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0163.471] SwitchToThread () returned 1 [0163.472] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0163.483] SetEvent (hEvent=0xa40) returned 1 [0163.483] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0163.484] WriteFile (in: hFile=0x3e0, lpBuffer=0xc0004c0000*, nNumberOfBytesToWrite=0xb170, lpNumberOfBytesWritten=0xc0004e3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0004c0000*, lpNumberOfBytesWritten=0xc0004e3cec*=0xb170, lpOverlapped=0x0) returned 1 [0166.148] CloseHandle (hObject=0x3e0) returned 1 [0166.712] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0166.771] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0166.776] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0166.778] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0166.779] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\_tkp Vlu9vP97SBcBC.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\_tkp vlu9vp97sbcbc.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x808 [0166.861] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0167.070] GetConsoleMode (in: hConsoleHandle=0x808, lpMode=0xc0004e3d64 | out: lpMode=0xc0004e3d64) returned 0 [0167.073] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) returned 0x0 [0167.079] SetEvent (hEvent=0xa10) returned 1 [0167.079] GetFileType (hFile=0x808) returned 0x1 [0167.080] WriteFile (in: hFile=0x808, lpBuffer=0xc0000c22c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004e3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000c22c0*, lpNumberOfBytesWritten=0xc0004e3d4c*=0x158, lpOverlapped=0x0) returned 1 [0167.080] CloseHandle (hObject=0x808) returned 1 [0167.080] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\_tkp Vlu9vP97SBcBC.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\_tkp vlu9vp97sbcbc.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\encry-_tkp Vlu9vP97SBcBC.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\encry-_tkp vlu9vp97sbcbc.flv"), dwFlags=0x1) returned 1 [0167.385] WaitForSingleObject (hHandle=0x254, dwMilliseconds=0xffffffff) Thread: id = 68 os_tid = 0xad0 [0141.596] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2f53fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2f53fea0*=0x438) returned 1 [0141.597] VirtualQuery (in: lpAddress=0x2f53fec0, lpBuffer=0x2f53fec0, dwLength=0x30 | out: lpBuffer=0x2f53fec0*(BaseAddress=0x2f53f000, AllocationBase=0x2f340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.597] SetEvent (hEvent=0x120) returned 1 [0141.597] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x43c [0141.597] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x440 [0141.597] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0141.601] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0141.603] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0141.603] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CyAhUxZ0u2J2NUf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cyahuxz0u2j2nuf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x44c [0141.604] GetConsoleMode (in: hConsoleHandle=0x44c, lpMode=0xc000397cf4 | out: lpMode=0xc000397cf4) returned 0 [0141.605] GetFileType (hFile=0x44c) returned 0x1 [0141.605] GetFileType (hFile=0x44c) returned 0x1 [0141.606] GetFileInformationByHandle (in: hFile=0x44c, lpFileInformation=0xc000397d44 | out: lpFileInformation=0xc000397d44) returned 1 [0141.606] GetFileInformationByHandleEx (in: hFile=0x44c, FileInformationClass=0x9, lpFileInformation=0xc000397d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000397d28) returned 1 [0141.606] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0141.607] ReadFile (in: hFile=0x44c, lpBuffer=0xc000280000, nNumberOfBytesToRead=0x15da, lpNumberOfBytesRead=0xc000397c04, lpOverlapped=0x0 | out: lpBuffer=0xc000280000*, lpNumberOfBytesRead=0xc000397c04*=0x13da, lpOverlapped=0x0) returned 1 [0142.555] ReadFile (in: hFile=0x44c, lpBuffer=0xc0002813da, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000397c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002813da*, lpNumberOfBytesRead=0xc000397c04*=0x0, lpOverlapped=0x0) returned 1 [0142.555] CloseHandle (hObject=0x44c) returned 1 [0142.555] VirtualAlloc (lpAddress=0xc00063a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00063a000 [0142.557] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CyAhUxZ0u2J2NUf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cyahuxz0u2j2nuf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x44c [0142.558] GetConsoleMode (in: hConsoleHandle=0x44c, lpMode=0xc000397d04 | out: lpMode=0xc000397d04) returned 0 [0142.693] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0143.675] GetFileType (hFile=0x44c) returned 0x1 [0143.675] WriteFile (in: hFile=0x44c, lpBuffer=0xc00063a000*, nNumberOfBytesToWrite=0x13e0, lpNumberOfBytesWritten=0xc000397cec, lpOverlapped=0x0 | out: lpBuffer=0xc00063a000*, lpNumberOfBytesWritten=0xc000397cec*=0x13e0, lpOverlapped=0x0) returned 1 [0143.686] CloseHandle (hObject=0x44c) returned 1 [0143.689] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0144.364] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0144.364] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0144.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CyAhUxZ0u2J2NUf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cyahuxz0u2j2nuf.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x568 [0144.821] GetConsoleMode (in: hConsoleHandle=0x568, lpMode=0xc000397d64 | out: lpMode=0xc000397d64) returned 0 [0144.823] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0145.549] GetFileType (hFile=0x568) returned 0x1 [0145.549] WriteFile (in: hFile=0x568, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000397d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000397d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.550] CloseHandle (hObject=0x568) returned 1 [0145.552] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0145.554] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0145.555] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CyAhUxZ0u2J2NUf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cyahuxz0u2j2nuf.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-CyAhUxZ0u2J2NUf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-cyahuxz0u2j2nuf.lnk"), dwFlags=0x1) returned 1 [0148.138] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0148.145] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0148.149] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0148.153] SetEvent (hEvent=0x28c) returned 1 [0148.153] SetEvent (hEvent=0xab8) returned 1 [0148.154] SetEvent (hEvent=0x1b4) returned 1 [0148.154] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0148.156] SetEvent (hEvent=0x28c) returned 1 [0148.156] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0148.160] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0148.165] SetEvent (hEvent=0x28c) returned 1 [0148.165] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0148.167] SetEvent (hEvent=0x28c) returned 1 [0148.168] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0148.169] SetEvent (hEvent=0x28c) returned 1 [0148.169] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0148.171] SetEvent (hEvent=0x28c) returned 1 [0148.171] SetEvent (hEvent=0x1b4) returned 1 [0148.171] SetEvent (hEvent=0xac8) returned 1 [0148.171] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0148.227] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0148.235] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0148.236] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000162000*, nNumberOfCharsToWrite=0x6f, lpNumberOfCharsWritten=0xc00018d808, lpReserved=0x0 | out: lpBuffer=0xc000162000*, lpNumberOfCharsWritten=0xc00018d808*=0x6f) returned 1 [0148.238] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0148.240] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0148.240] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0148.241] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0148.242] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0148.243] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0148.244] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0148.245] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0148.246] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0148.248] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x728 [0148.248] GetConsoleMode (in: hConsoleHandle=0x728, lpMode=0xc00018dd64 | out: lpMode=0xc00018dd64) returned 0 [0148.250] GetFileType (hFile=0x728) returned 0x1 [0148.250] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0148.251] WriteFile (in: hFile=0x728, lpBuffer=0xc000124420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000124420*, lpNumberOfBytesWritten=0xc00018dd4c*=0x158, lpOverlapped=0x0) returned 1 [0149.015] CloseHandle (hObject=0x728) returned 1 [0149.347] VirtualAlloc (lpAddress=0xc000326000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000326000 [0149.348] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0150.957] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0150.958] SetEvent (hEvent=0xb50) returned 1 [0150.958] SetEvent (hEvent=0x274) returned 1 [0150.959] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.960] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.960] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.962] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.962] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0150.964] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.965] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.966] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.967] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.968] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.969] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vJidzl.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vjidzl.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-vJidzl.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-vjidzl.png"), dwFlags=0x1) returned 1 [0153.346] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\nz S7KVsk.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\nz s7kvsk.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x728 [0153.347] GetConsoleMode (in: hConsoleHandle=0x728, lpMode=0xc000403cf4 | out: lpMode=0xc000403cf4) returned 0 [0153.356] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0153.367] GetFileType (hFile=0x728) returned 0x1 [0153.367] GetFileType (hFile=0x728) returned 0x1 [0153.367] GetFileInformationByHandle (in: hFile=0x728, lpFileInformation=0xc000403d44 | out: lpFileInformation=0xc000403d44) returned 1 [0153.367] GetFileInformationByHandleEx (in: hFile=0x728, FileInformationClass=0x9, lpFileInformation=0xc000403d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000403d28) returned 1 [0153.367] VirtualAlloc (lpAddress=0xc000498000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0153.371] ReadFile (in: hFile=0x728, lpBuffer=0xc000498000, nNumberOfBytesToRead=0x52ff, lpNumberOfBytesRead=0xc000403c04, lpOverlapped=0x0 | out: lpBuffer=0xc000498000*, lpNumberOfBytesRead=0xc000403c04*=0x50ff, lpOverlapped=0x0) returned 1 [0153.373] ReadFile (in: hFile=0x728, lpBuffer=0xc00049d0ff, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000403c04, lpOverlapped=0x0 | out: lpBuffer=0xc00049d0ff*, lpNumberOfBytesRead=0xc000403c04*=0x0, lpOverlapped=0x0) returned 1 [0153.373] CloseHandle (hObject=0x728) returned 1 [0153.373] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\nz S7KVsk.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\nz s7kvsk.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x728 [0153.374] GetConsoleMode (in: hConsoleHandle=0x728, lpMode=0xc000403d04 | out: lpMode=0xc000403d04) returned 0 [0153.375] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0153.396] GetFileType (hFile=0x728) returned 0x1 [0153.396] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0153.412] SetEvent (hEvent=0x8d0) returned 1 [0153.412] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0153.490] SetEvent (hEvent=0x9f0) returned 1 [0153.490] SetEvent (hEvent=0x8d0) returned 1 [0153.490] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0153.514] SetEvent (hEvent=0x9f0) returned 1 [0153.515] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0153.567] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0153.569] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5c4 [0153.570] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0003e5cf4 | out: lpMode=0xc0003e5cf4) returned 0 [0153.588] GetFileType (hFile=0x5c4) returned 0x1 [0153.588] GetFileType (hFile=0x5c4) returned 0x1 [0153.588] GetFileInformationByHandle (in: hFile=0x5c4, lpFileInformation=0xc0003e5d44 | out: lpFileInformation=0xc0003e5d44) returned 1 [0153.588] GetFileInformationByHandleEx (in: hFile=0x5c4, FileInformationClass=0x9, lpFileInformation=0xc0003e5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003e5d28) returned 1 [0153.588] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0153.590] ReadFile (in: hFile=0x5c4, lpBuffer=0xc000054000, nNumberOfBytesToRead=0x2e2, lpNumberOfBytesRead=0xc0003e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000054000*, lpNumberOfBytesRead=0xc0003e5c04*=0xe2, lpOverlapped=0x0) returned 1 [0153.592] ReadFile (in: hFile=0x5c4, lpBuffer=0xc0000540e2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000540e2*, lpNumberOfBytesRead=0xc0003e5c04*=0x0, lpOverlapped=0x0) returned 1 [0153.593] CloseHandle (hObject=0x5c4) returned 1 [0153.593] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0153.595] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0153.606] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0003e5d04 | out: lpMode=0xc0003e5d04) returned 0 [0153.609] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0153.624] GetFileType (hFile=0x5c4) returned 0x1 [0153.624] WriteFile (in: hFile=0x5c4, lpBuffer=0xc0000601e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0003e5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000601e0*, lpNumberOfBytesWritten=0xc0003e5cec*=0xf0, lpOverlapped=0x0) returned 1 [0153.626] CloseHandle (hObject=0x5c4) returned 1 [0153.626] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3501 | out: pbBuffer=0xc0001c3501) returned 1 [0153.627] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0153.628] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0153.629] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0153.630] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0003e5d64 | out: lpMode=0xc0003e5d64) returned 0 [0153.687] GetFileType (hFile=0x5c4) returned 0x1 [0153.691] WriteFile (in: hFile=0x5c4, lpBuffer=0xc000284840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003e5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284840*, lpNumberOfBytesWritten=0xc0003e5d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.692] CloseHandle (hObject=0x5c4) returned 1 [0153.692] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\web slice gallery.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\encry-Web Slice Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\encry-web slice gallery.url"), dwFlags=0x1) returned 1 [0153.722] VirtualFree (lpAddress=0xc0004e0000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0153.725] VirtualFree (lpAddress=0xc0004a8000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0153.726] VirtualFree (lpAddress=0xc000356000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0153.728] VirtualFree (lpAddress=0xc0002e2000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0153.729] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0153.731] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.732] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0153.733] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.734] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.734] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.735] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.736] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.737] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N3 iiKK5mP8C2F.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n3 iikk5mp8c2f.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5c4 [0153.739] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0003b9cf4 | out: lpMode=0xc0003b9cf4) returned 0 [0153.742] GetFileType (hFile=0x5c4) returned 0x1 [0153.743] GetFileType (hFile=0x5c4) returned 0x1 [0153.743] GetFileInformationByHandle (in: hFile=0x5c4, lpFileInformation=0xc0003b9d44 | out: lpFileInformation=0xc0003b9d44) returned 1 [0153.743] GetFileInformationByHandleEx (in: hFile=0x5c4, FileInformationClass=0x9, lpFileInformation=0xc0003b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003b9d28) returned 1 [0153.743] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0153.745] ReadFile (in: hFile=0x5c4, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x11c1, lpNumberOfBytesRead=0xc0003b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0003b9c04*=0xfc1, lpOverlapped=0x0) returned 1 [0153.746] ReadFile (in: hFile=0x5c4, lpBuffer=0xc000230fc1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230fc1*, lpNumberOfBytesRead=0xc0003b9c04*=0x0, lpOverlapped=0x0) returned 1 [0153.746] CloseHandle (hObject=0x5c4) returned 1 [0153.746] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0153.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N3 iiKK5mP8C2F.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n3 iikk5mp8c2f.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0153.749] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0003b9d04 | out: lpMode=0xc0003b9d04) returned 0 [0153.774] GetFileType (hFile=0x5c4) returned 0x1 [0153.774] WriteFile (in: hFile=0x5c4, lpBuffer=0xc0001b2000*, nNumberOfBytesToWrite=0xfd0, lpNumberOfBytesWritten=0xc0003b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0001b2000*, lpNumberOfBytesWritten=0xc0003b9cec*=0xfd0, lpOverlapped=0x0) returned 1 [0153.776] CloseHandle (hObject=0x5c4) returned 1 [0153.776] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0153.776] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N3 iiKK5mP8C2F.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n3 iikk5mp8c2f.pptx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0153.777] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0003b9d64 | out: lpMode=0xc0003b9d64) returned 0 [0153.823] GetFileType (hFile=0x5c4) returned 0x1 [0153.823] WriteFile (in: hFile=0x5c4, lpBuffer=0xc0002849a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002849a0*, lpNumberOfBytesWritten=0xc0003b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.824] CloseHandle (hObject=0x5c4) returned 1 [0153.824] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\N3 iiKK5mP8C2F.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\n3 iikk5mp8c2f.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-N3 iiKK5mP8C2F.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-n3 iikk5mp8c2f.pptx"), dwFlags=0x1) returned 1 [0153.826] SwitchToThread () returned 1 [0153.829] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0153.892] SetEvent (hEvent=0x9f0) returned 1 [0153.892] SwitchToThread () returned 1 [0153.931] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0153.933] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0153.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\eLsstNNsEvVxA.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\elsstnnsevvxa.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x720 [0153.935] GetConsoleMode (in: hConsoleHandle=0x720, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0153.944] GetFileType (hFile=0x720) returned 0x1 [0153.944] GetFileType (hFile=0x720) returned 0x1 [0153.944] GetFileInformationByHandle (in: hFile=0x720, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0153.944] GetFileInformationByHandleEx (in: hFile=0x720, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0153.944] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0153.946] VirtualAlloc (lpAddress=0xc0004a8000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004a8000 [0153.950] ReadFile (in: hFile=0x720, lpBuffer=0xc0004a8000, nNumberOfBytesToRead=0x1255a, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004a8000*, lpNumberOfBytesRead=0xc00024dc04*=0x1235a, lpOverlapped=0x0) returned 1 [0153.952] ReadFile (in: hFile=0x720, lpBuffer=0xc0004ba35a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004ba35a*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0153.952] CloseHandle (hObject=0x720) returned 1 [0153.952] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0153.953] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0153.955] VirtualAlloc (lpAddress=0xc0004e0000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004e0000 [0153.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\eLsstNNsEvVxA.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\elsstnnsevvxa.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x720 [0153.962] GetConsoleMode (in: hConsoleHandle=0x720, lpMode=0xc00024dd04 | out: lpMode=0xc00024dd04) returned 0 [0153.976] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0153.983] SetEvent (hEvent=0x9f0) returned 1 [0153.984] GetFileType (hFile=0x720) returned 0x1 [0153.984] WriteFile (in: hFile=0x720, lpBuffer=0xc0004e0000*, nNumberOfBytesToWrite=0x12360, lpNumberOfBytesWritten=0xc00024dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0004e0000*, lpNumberOfBytesWritten=0xc00024dcec*=0x12360, lpOverlapped=0x0) returned 1 [0153.987] CloseHandle (hObject=0x720) returned 1 [0153.987] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533801 | out: pbBuffer=0xc000533801) returned 1 [0153.988] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\eLsstNNsEvVxA.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\elsstnnsevvxa.pdf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x720 [0153.988] GetConsoleMode (in: hConsoleHandle=0x720, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0153.989] GetFileType (hFile=0x720) returned 0x1 [0153.989] WriteFile (in: hFile=0x720, lpBuffer=0xc0000d74a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d74a0*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0153.989] CloseHandle (hObject=0x720) returned 1 [0153.989] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\eLsstNNsEvVxA.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\elsstnnsevvxa.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\encry-eLsstNNsEvVxA.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\encry-elsstnnsevvxa.pdf"), dwFlags=0x1) returned 1 [0153.991] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0153.993] SetEvent (hEvent=0x9f0) returned 1 [0153.993] SetEvent (hEvent=0x9a8) returned 1 [0153.993] VirtualFree (lpAddress=0xc000604000, dwSize=0x44000, dwFreeType=0x4000) returned 1 [0153.997] VirtualFree (lpAddress=0xc0004a8000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0153.998] VirtualFree (lpAddress=0xc00035a000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0154.000] VirtualFree (lpAddress=0xc000346000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0154.001] VirtualFree (lpAddress=0xc0002a4000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0154.002] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0154.003] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.004] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.005] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.006] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.007] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.007] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.008] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0154.009] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.010] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.011] VirtualFree (lpAddress=0xc00006e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.012] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.014] VirtualFree (lpAddress=0xc000050000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0154.015] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.016] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.017] GetFileType (hFile=0x710) returned 0x1 [0154.017] GetFileInformationByHandle (in: hFile=0x710, lpFileInformation=0xc000393d44 | out: lpFileInformation=0xc000393d44) returned 1 [0154.018] GetFileInformationByHandleEx (in: hFile=0x710, FileInformationClass=0x9, lpFileInformation=0xc000393d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000393d28) returned 1 [0154.018] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0154.020] ReadFile (in: hFile=0x710, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x8ba3, lpNumberOfBytesRead=0xc000393c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc000393c04*=0x89a3, lpOverlapped=0x0) returned 1 [0154.021] ReadFile (in: hFile=0x710, lpBuffer=0xc0002389a3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000393c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002389a3*, lpNumberOfBytesRead=0xc000393c04*=0x0, lpOverlapped=0x0) returned 1 [0154.022] CloseHandle (hObject=0x710) returned 1 [0154.022] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0154.024] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0154.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\xe1i.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\xe1i.pps"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x710 [0154.028] GetConsoleMode (in: hConsoleHandle=0x710, lpMode=0xc000393d04 | out: lpMode=0xc000393d04) returned 0 [0154.029] GetFileType (hFile=0x710) returned 0x1 [0154.029] WriteFile (in: hFile=0x710, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0x89b0, lpNumberOfBytesWritten=0xc000393cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc000393cec*=0x89b0, lpOverlapped=0x0) returned 1 [0154.032] CloseHandle (hObject=0x710) returned 1 [0154.033] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0154.033] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\xe1i.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\xe1i.pps"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x710 [0154.033] GetConsoleMode (in: hConsoleHandle=0x710, lpMode=0xc000393d64 | out: lpMode=0xc000393d64) returned 0 [0154.070] GetFileType (hFile=0x710) returned 0x1 [0154.070] WriteFile (in: hFile=0x710, lpBuffer=0xc000104580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000393d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104580*, lpNumberOfBytesWritten=0xc000393d4c*=0x158, lpOverlapped=0x0) returned 1 [0154.070] CloseHandle (hObject=0x710) returned 1 [0154.070] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\xe1i.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\xe1i.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\encry-xe1i.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\encry-xe1i.pps"), dwFlags=0x1) returned 1 [0154.073] GetFileType (hFile=0x2bc) returned 0x1 [0154.073] WriteFile (in: hFile=0x2bc, lpBuffer=0xc000104840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104840*, lpNumberOfBytesWritten=0xc0003c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0154.073] CloseHandle (hObject=0x2bc) returned 1 [0154.074] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0154.075] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\_pE9j8 9q1yztDImt.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\_pe9j8 9q1yztdimt.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\encry-_pE9j8 9q1yztDImt.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\encry-_pe9j8 9q1yztdimt.rtf"), dwFlags=0x1) returned 1 [0154.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\ZWxVOaF4Gr.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\zwxvoaf4gr.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0154.079] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0000c1cf4 | out: lpMode=0xc0000c1cf4) returned 0 [0154.081] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0154.089] SetEvent (hEvent=0x9f0) returned 1 [0154.089] GetFileType (hFile=0x2bc) returned 0x1 [0154.089] GetFileType (hFile=0x2bc) returned 0x1 [0154.090] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0000c1d44 | out: lpFileInformation=0xc0000c1d44) returned 1 [0154.090] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0000c1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c1d28) returned 1 [0154.090] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0154.093] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000346000, nNumberOfBytesToRead=0xf577, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc0000c1c04*=0xf377, lpOverlapped=0x0) returned 1 [0154.094] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000355377, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000355377*, lpNumberOfBytesRead=0xc0000c1c04*=0x0, lpOverlapped=0x0) returned 1 [0154.094] CloseHandle (hObject=0x2bc) returned 1 [0154.095] VirtualAlloc (lpAddress=0xc000356000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000356000 [0154.099] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0154.100] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\ZWxVOaF4Gr.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\zwxvoaf4gr.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0154.102] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0000c1d04 | out: lpMode=0xc0000c1d04) returned 0 [0154.106] GetFileType (hFile=0x2bc) returned 0x1 [0154.106] WriteFile (in: hFile=0x2bc, lpBuffer=0xc000356000*, nNumberOfBytesToWrite=0xf380, lpNumberOfBytesWritten=0xc0000c1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000356000*, lpNumberOfBytesWritten=0xc0000c1cec*=0xf380, lpOverlapped=0x0) returned 1 [0154.109] CloseHandle (hObject=0x2bc) returned 1 [0154.109] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0154.111] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0154.111] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0154.113] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0154.147] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\ZWxVOaF4Gr.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\zwxvoaf4gr.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8 [0154.147] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc0000c1d64 | out: lpMode=0xc0000c1d64) returned 0 [0154.180] GetFileType (hFile=0x4d8) returned 0x1 [0154.180] WriteFile (in: hFile=0x4d8, lpBuffer=0xc000104420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104420*, lpNumberOfBytesWritten=0xc0000c1d4c*=0x158, lpOverlapped=0x0) returned 1 [0154.180] CloseHandle (hObject=0x4d8) returned 1 [0154.181] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\ZWxVOaF4Gr.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\zwxvoaf4gr.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\encry-ZWxVOaF4Gr.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\encry-zwxvoaf4gr.jpg"), dwFlags=0x1) returned 1 [0154.183] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0154.185] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0154.187] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PFNUYD06e.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pfnuyd06e.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4d8 [0154.188] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc000435cf4 | out: lpMode=0xc000435cf4) returned 0 [0154.205] GetFileType (hFile=0x4d8) returned 0x1 [0154.205] GetFileType (hFile=0x4d8) returned 0x1 [0154.205] GetFileInformationByHandle (in: hFile=0x4d8, lpFileInformation=0xc000435d44 | out: lpFileInformation=0xc000435d44) returned 1 [0154.205] GetFileInformationByHandleEx (in: hFile=0x4d8, FileInformationClass=0x9, lpFileInformation=0xc000435d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000435d28) returned 1 [0154.205] ReadFile (in: hFile=0x4d8, lpBuffer=0xc00028c000, nNumberOfBytesToRead=0x302e, lpNumberOfBytesRead=0xc000435c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesRead=0xc000435c04*=0x2e2e, lpOverlapped=0x0) returned 1 [0154.206] ReadFile (in: hFile=0x4d8, lpBuffer=0xc00028ee2e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000435c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028ee2e*, lpNumberOfBytesRead=0xc000435c04*=0x0, lpOverlapped=0x0) returned 1 [0154.206] CloseHandle (hObject=0x4d8) returned 1 [0154.206] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0154.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PFNUYD06e.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pfnuyd06e.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8 [0154.210] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc000435d04 | out: lpMode=0xc000435d04) returned 0 [0154.219] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0154.226] GetFileType (hFile=0x4d8) returned 0x1 [0154.226] WriteFile (in: hFile=0x4d8, lpBuffer=0xc000058000*, nNumberOfBytesToWrite=0x2e30, lpNumberOfBytesWritten=0xc000435cec, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesWritten=0xc000435cec*=0x2e30, lpOverlapped=0x0) returned 1 [0154.230] CloseHandle (hObject=0x4d8) returned 1 [0154.230] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3301 | out: pbBuffer=0xc0001c3301) returned 1 [0154.230] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PFNUYD06e.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pfnuyd06e.csv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8 [0154.231] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc000435d64 | out: lpMode=0xc000435d64) returned 0 [0154.232] GetFileType (hFile=0x4d8) returned 0x1 [0154.232] WriteFile (in: hFile=0x4d8, lpBuffer=0xc000284f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000435d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284f20*, lpNumberOfBytesWritten=0xc000435d4c*=0x158, lpOverlapped=0x0) returned 1 [0154.232] CloseHandle (hObject=0x4d8) returned 1 [0154.232] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PFNUYD06e.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pfnuyd06e.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-PFNUYD06e.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-pfnuyd06e.csv"), dwFlags=0x1) returned 1 [0154.235] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0154.236] SetEvent (hEvent=0x9f0) returned 1 [0154.236] SetEvent (hEvent=0x8d0) returned 1 [0154.237] VirtualFree (lpAddress=0xc0004e0000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0154.238] VirtualFree (lpAddress=0xc0004a8000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0154.240] VirtualFree (lpAddress=0xc000346000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0154.242] VirtualFree (lpAddress=0xc0002fe000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0154.243] VirtualFree (lpAddress=0xc0002e2000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0154.245] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.246] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.247] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0154.248] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.249] VirtualFree (lpAddress=0xc00006e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0154.250] VirtualFree (lpAddress=0xc00005e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0154.251] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.252] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.253] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.254] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\LnNwGu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\lnnwgu.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x8a4 [0154.256] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc000425cf4 | out: lpMode=0xc000425cf4) returned 0 [0154.304] GetFileType (hFile=0x8a4) returned 0x1 [0154.304] GetFileType (hFile=0x8a4) returned 0x1 [0154.304] GetFileInformationByHandle (in: hFile=0x8a4, lpFileInformation=0xc000425d44 | out: lpFileInformation=0xc000425d44) returned 1 [0154.305] GetFileInformationByHandleEx (in: hFile=0x8a4, FileInformationClass=0x9, lpFileInformation=0xc000425d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000425d28) returned 1 [0154.305] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0154.309] ReadFile (in: hFile=0x8a4, lpBuffer=0xc0002fe000, nNumberOfBytesToRead=0xf083, lpNumberOfBytesRead=0xc000425c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fe000*, lpNumberOfBytesRead=0xc000425c04*=0xee83, lpOverlapped=0x0) returned 1 [0154.312] ReadFile (in: hFile=0x8a4, lpBuffer=0xc00030ce83, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000425c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030ce83*, lpNumberOfBytesRead=0xc000425c04*=0x0, lpOverlapped=0x0) returned 1 [0154.312] CloseHandle (hObject=0x8a4) returned 1 [0154.312] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0154.316] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\LnNwGu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\lnnwgu.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0154.318] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc000425d04 | out: lpMode=0xc000425d04) returned 0 [0154.325] GetFileType (hFile=0x8a4) returned 0x1 [0154.326] WriteFile (in: hFile=0x8a4, lpBuffer=0xc000346000*, nNumberOfBytesToWrite=0xee90, lpNumberOfBytesWritten=0xc000425cec, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesWritten=0xc000425cec*=0xee90, lpOverlapped=0x0) returned 1 [0154.329] CloseHandle (hObject=0x8a4) returned 1 [0154.329] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0154.329] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0154.331] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\LnNwGu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\lnnwgu.wav"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0154.331] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc000425d64 | out: lpMode=0xc000425d64) returned 0 [0154.345] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0154.349] SetEvent (hEvent=0x9f0) returned 1 [0154.349] GetFileType (hFile=0x8a4) returned 0x1 [0154.353] WriteFile (in: hFile=0x8a4, lpBuffer=0xc0002842c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000425d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002842c0*, lpNumberOfBytesWritten=0xc000425d4c*=0x158, lpOverlapped=0x0) returned 1 [0154.354] CloseHandle (hObject=0x8a4) returned 1 [0154.354] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\LnNwGu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\lnnwgu.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\encry-LnNwGu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\encry-lnnwgu.wav"), dwFlags=0x1) returned 1 [0154.357] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0154.364] SetEvent (hEvent=0x100) returned 1 [0154.364] VirtualFree (lpAddress=0xc000346000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0154.366] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0154.368] VirtualFree (lpAddress=0xc00025a000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0154.369] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.370] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.371] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.372] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.373] VirtualFree (lpAddress=0xc000078000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0154.374] VirtualFree (lpAddress=0xc000072000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0154.375] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.376] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.376] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.377] GetFileType (hFile=0x3fc) returned 0x1 [0154.377] GetFileType (hFile=0x3fc) returned 0x1 [0154.377] GetFileInformationByHandle (in: hFile=0x3fc, lpFileInformation=0xc0004dbd44 | out: lpFileInformation=0xc0004dbd44) returned 1 [0154.378] GetFileInformationByHandleEx (in: hFile=0x3fc, FileInformationClass=0x9, lpFileInformation=0xc0004dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dbd28) returned 1 [0154.378] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0154.382] ReadFile (in: hFile=0x3fc, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x1275d, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc0004dbc04*=0x1255d, lpOverlapped=0x0) returned 1 [0154.384] ReadFile (in: hFile=0x3fc, lpBuffer=0xc00035855d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00035855d*, lpNumberOfBytesRead=0xc0004dbc04*=0x0, lpOverlapped=0x0) returned 1 [0154.384] CloseHandle (hObject=0x3fc) returned 1 [0154.385] VirtualAlloc (lpAddress=0xc00035a000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00035a000 [0154.389] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CNheGrQAl0z.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cnhegrqal0z.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3fc [0154.391] GetConsoleMode (in: hConsoleHandle=0x3fc, lpMode=0xc0004dbd04 | out: lpMode=0xc0004dbd04) returned 0 [0154.399] GetFileType (hFile=0x3fc) returned 0x1 [0154.399] WriteFile (in: hFile=0x3fc, lpBuffer=0xc00035a000*, nNumberOfBytesToWrite=0x12560, lpNumberOfBytesWritten=0xc0004dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00035a000*, lpNumberOfBytesWritten=0xc0004dbcec*=0x12560, lpOverlapped=0x0) returned 1 [0154.439] CloseHandle (hObject=0x3fc) returned 1 [0154.439] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0154.447] SetEvent (hEvent=0x100) returned 1 [0154.447] SetEvent (hEvent=0xc0) returned 1 [0154.447] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0154.451] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000104a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000473818, lpReserved=0x0 | out: lpBuffer=0xc0000104a0*, lpNumberOfCharsWritten=0xc000473818*=0x3) returned 1 [0154.456] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000104a6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000391818, lpReserved=0x0 | out: lpBuffer=0xc0000104a6*, lpNumberOfCharsWritten=0xc000391818*=0x3) returned 1 [0154.463] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000104b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00045d818, lpReserved=0x0 | out: lpBuffer=0xc0000104b0*, lpNumberOfCharsWritten=0xc00045d818*=0x3) returned 1 [0154.465] SetEvent (hEvent=0x100) returned 1 [0154.465] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000104b6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001a9818, lpReserved=0x0 | out: lpBuffer=0xc0000104b6*, lpNumberOfCharsWritten=0xc0001a9818*=0x3) returned 1 [0154.467] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0154.482] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0310*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000407818, lpReserved=0x0 | out: lpBuffer=0xc0000a0310*, lpNumberOfCharsWritten=0xc000407818*=0x3) returned 1 [0154.548] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0316*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0003b5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0316*, lpNumberOfCharsWritten=0xc0003b5818*=0x3) returned 1 [0154.556] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0154.597] SetEvent (hEvent=0x8d0) returned 1 [0154.598] SetEvent (hEvent=0x9f0) returned 1 [0154.598] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0340*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000447818, lpReserved=0x0 | out: lpBuffer=0xc0000a0340*, lpNumberOfCharsWritten=0xc000447818*=0x3) returned 1 [0154.633] SetEvent (hEvent=0x8d0) returned 1 [0154.633] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0346*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0003db818, lpReserved=0x0 | out: lpBuffer=0xc0000a0346*, lpNumberOfCharsWritten=0xc0003db818*=0x3) returned 1 [0154.668] SetEvent (hEvent=0x8d0) returned 1 [0154.668] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0370*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0003a3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0370*, lpNumberOfCharsWritten=0xc0003a3818*=0x3) returned 1 [0154.704] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0154.748] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00043d818, lpReserved=0x0 | out: lpBuffer=0xc000586030*, lpNumberOfCharsWritten=0xc00043d818*=0x3) returned 1 [0154.789] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586036*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000405818, lpReserved=0x0 | out: lpBuffer=0xc000586036*, lpNumberOfCharsWritten=0xc000405818*=0x3) returned 1 [0154.793] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0154.918] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0310*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000489818, lpReserved=0x0 | out: lpBuffer=0xc0000a0310*, lpNumberOfCharsWritten=0xc000489818*=0x3) returned 1 [0154.937] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0154.939] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0316*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0003b1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0316*, lpNumberOfCharsWritten=0xc0003b1818*=0x3) returned 1 [0154.952] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0154.996] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00048d818, lpReserved=0x0 | out: lpBuffer=0xc000586030*, lpNumberOfCharsWritten=0xc00048d818*=0x3) returned 1 [0155.003] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586036*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0003bf818, lpReserved=0x0 | out: lpBuffer=0xc000586036*, lpNumberOfCharsWritten=0xc0003bf818*=0x3) returned 1 [0155.067] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586210*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00039b818, lpReserved=0x0 | out: lpBuffer=0xc000586210*, lpNumberOfCharsWritten=0xc00039b818*=0x3) returned 1 [0155.120] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0155.217] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586200*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000401818, lpReserved=0x0 | out: lpBuffer=0xc000586200*, lpNumberOfCharsWritten=0xc000401818*=0x3) returned 1 [0155.255] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586206*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00013d818, lpReserved=0x0 | out: lpBuffer=0xc000586206*, lpNumberOfCharsWritten=0xc00013d818*=0x3) returned 1 [0155.266] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586460*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000135818, lpReserved=0x0 | out: lpBuffer=0xc000586460*, lpNumberOfCharsWritten=0xc000135818*=0x3) returned 1 [0155.280] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0155.362] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000105d0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000255818, lpReserved=0x0 | out: lpBuffer=0xc0000105d0*, lpNumberOfCharsWritten=0xc000255818*=0x3) returned 1 [0155.374] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000105d6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000241818, lpReserved=0x0 | out: lpBuffer=0xc0000105d6*, lpNumberOfCharsWritten=0xc000241818*=0x3) returned 1 [0155.388] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0155.543] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861e0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00022f818, lpReserved=0x0 | out: lpBuffer=0xc0005861e0*, lpNumberOfCharsWritten=0xc00022f818*=0x3) returned 1 [0155.835] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0156.084] SetEvent (hEvent=0x9e8) returned 1 [0156.084] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0156.090] SetEvent (hEvent=0x9e8) returned 1 [0156.090] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\9voZIQI2Tpt4.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\9voziqi2tpt4.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x768 [0156.091] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc0001f5cf4 | out: lpMode=0xc0001f5cf4) returned 0 [0156.131] GetFileType (hFile=0x768) returned 0x1 [0156.131] GetFileType (hFile=0x768) returned 0x1 [0156.131] GetFileInformationByHandle (in: hFile=0x768, lpFileInformation=0xc0001f5d44 | out: lpFileInformation=0xc0001f5d44) returned 1 [0156.131] GetFileInformationByHandleEx (in: hFile=0x768, FileInformationClass=0x9, lpFileInformation=0xc0001f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f5d28) returned 1 [0156.132] VirtualAlloc (lpAddress=0xc0005a0000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005a0000 [0156.144] ReadFile (in: hFile=0x768, lpBuffer=0xc0005a0000, nNumberOfBytesToRead=0x152d7, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005a0000*, lpNumberOfBytesRead=0xc0001f5c04*=0x150d7, lpOverlapped=0x0) returned 1 [0156.147] ReadFile (in: hFile=0x768, lpBuffer=0xc0005b50d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005b50d7*, lpNumberOfBytesRead=0xc0001f5c04*=0x0, lpOverlapped=0x0) returned 1 [0156.147] CloseHandle (hObject=0x768) returned 1 [0156.147] VirtualAlloc (lpAddress=0xc0005b6000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005b6000 [0156.154] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\9voZIQI2Tpt4.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\9voziqi2tpt4.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x768 [0156.157] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc0001f5d04 | out: lpMode=0xc0001f5d04) returned 0 [0156.216] GetFileType (hFile=0x768) returned 0x1 [0156.216] WriteFile (in: hFile=0x768, lpBuffer=0xc0005b6000*, nNumberOfBytesToWrite=0x150e0, lpNumberOfBytesWritten=0xc0001f5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005b6000*, lpNumberOfBytesWritten=0xc0001f5cec*=0x150e0, lpOverlapped=0x0) returned 1 [0156.227] CloseHandle (hObject=0x768) returned 1 [0156.227] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0156.227] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\9voZIQI2Tpt4.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\9voziqi2tpt4.m4a"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x768 [0156.227] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc0001f5d64 | out: lpMode=0xc0001f5d64) returned 0 [0156.271] GetFileType (hFile=0x768) returned 0x1 [0156.271] WriteFile (in: hFile=0x768, lpBuffer=0xc000104b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104b00*, lpNumberOfBytesWritten=0xc0001f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0156.272] CloseHandle (hObject=0x768) returned 1 [0156.272] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\9voZIQI2Tpt4.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\9voziqi2tpt4.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\encry-9voZIQI2Tpt4.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\encry-9voziqi2tpt4.m4a"), dwFlags=0x1) returned 1 [0156.274] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe30*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0156.284] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0156.284] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0156.284] SetEvent (hEvent=0xc0) returned 1 [0156.284] SetEvent (hEvent=0xbd0) returned 1 [0156.284] SetEvent (hEvent=0xa80) returned 1 [0156.284] SetEvent (hEvent=0x9f0) returned 1 [0156.286] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0156.306] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0156.542] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 1 [0156.542] PostQueuedCompletionStatus (CompletionPort=0xdc, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0156.542] PostQueuedCompletionStatus (CompletionPort=0xdc, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0156.542] SetEvent (hEvent=0xb58) returned 1 [0156.542] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0156.802] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x78c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2f53f968, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2f53f968*=0x1b0) returned 1 [0156.802] SuspendThread (hThread=0x1b0) returned 0x0 [0156.802] GetThreadContext (in: hThread=0x1b0, lpContext=0x2f53f980 | out: lpContext=0x2f53f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3bb3fc78, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab149a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0156.921] ResumeThread (hThread=0x1b0) returned 0x1 [0156.921] CloseHandle (hObject=0x1b0) returned 1 [0156.921] SetEvent (hEvent=0xa8) returned 1 [0156.921] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe30*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0156.924] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0156.924] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 1 [0156.925] PostQueuedCompletionStatus (CompletionPort=0xdc, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0156.925] PostQueuedCompletionStatus (CompletionPort=0xdc, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0156.925] SetEvent (hEvent=0xa8) returned 1 [0156.925] SetEvent (hEvent=0xb58) returned 1 [0156.927] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0156.942] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0156.942] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0157.042] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0157.042] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0157.042] SetEvent (hEvent=0xb58) returned 1 [0157.042] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0157.122] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0157.122] SetEvent (hEvent=0xc64) returned 1 [0157.123] SetEvent (hEvent=0x9e8) returned 1 [0157.125] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0157.133] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0157.133] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0157.162] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0157.162] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0157.163] SetEvent (hEvent=0xb58) returned 1 [0157.163] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0157.303] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0157.304] SetEvent (hEvent=0x9e8) returned 1 [0157.304] SetEvent (hEvent=0xc64) returned 1 [0157.305] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0157.346] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0157.346] SetEvent (hEvent=0xc64) returned 1 [0157.346] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0157.580] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0157.580] SwitchToThread () returned 1 [0157.586] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0157.586] SetEvent (hEvent=0x1b4) returned 1 [0157.586] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0157.640] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe30*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0157.643] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0157.643] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0157.643] SetEvent (hEvent=0xc0) returned 1 [0157.643] SetEvent (hEvent=0x254) returned 1 [0157.643] SetEvent (hEvent=0xc64) returned 1 [0157.645] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0157.658] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0157.700] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0157.700] SetEvent (hEvent=0x1b4) returned 1 [0157.700] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0157.760] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe30*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0157.768] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0157.768] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0157.768] SetEvent (hEvent=0xc0) returned 1 [0157.769] SetEvent (hEvent=0x254) returned 1 [0157.769] SetEvent (hEvent=0xc64) returned 1 [0157.771] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0157.818] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0157.969] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0157.969] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0157.969] SetEvent (hEvent=0x1b4) returned 1 [0157.970] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0158.143] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0158.143] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0158.143] SetEvent (hEvent=0xc64) returned 1 [0158.143] SetEvent (hEvent=0x9e8) returned 1 [0158.146] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0158.184] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0158.184] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0158.305] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0158.306] SetEvent (hEvent=0x254) returned 1 [0158.306] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0158.377] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0158.377] SetEvent (hEvent=0x9e8) returned 1 [0158.377] SetEvent (hEvent=0xc64) returned 1 [0158.379] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0158.398] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0158.398] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0158.439] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0158.440] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0158.440] SetEvent (hEvent=0x254) returned 1 [0158.440] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0158.502] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0158.502] SetEvent (hEvent=0xc64) returned 1 [0158.502] SetEvent (hEvent=0x9e8) returned 1 [0158.505] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0158.541] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0158.541] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0158.631] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0158.631] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0158.631] SetEvent (hEvent=0x254) returned 1 [0158.631] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0158.675] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0158.675] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe30*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0158.681] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0158.681] SetEvent (hEvent=0xc0) returned 1 [0158.681] SetEvent (hEvent=0xb58) returned 1 [0158.681] SetEvent (hEvent=0x9e8) returned 1 [0158.682] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0158.688] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0158.784] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe30*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0158.786] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0158.786] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0158.786] SetEvent (hEvent=0xc0) returned 1 [0158.786] SetEvent (hEvent=0x1b4) returned 1 [0158.786] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0158.840] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0158.841] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe30*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0158.843] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0158.843] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0158.843] SetEvent (hEvent=0xc0) returned 1 [0158.843] SetEvent (hEvent=0xb58) returned 1 [0158.844] SetEvent (hEvent=0x9e8) returned 1 [0158.846] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0158.852] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0158.915] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0158.984] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0158.984] SetEvent (hEvent=0xb58) returned 1 [0158.984] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.023] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.023] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0159.023] SetEvent (hEvent=0x9e8) returned 1 [0159.023] SetEvent (hEvent=0xc64) returned 1 [0159.023] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0159.029] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.070] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.070] SetEvent (hEvent=0xc64) returned 1 [0159.070] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.129] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.129] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0159.129] SetEvent (hEvent=0x1b4) returned 1 [0159.129] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.213] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.213] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe30*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.215] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.215] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0159.215] SetEvent (hEvent=0xc0) returned 1 [0159.215] SetEvent (hEvent=0xb58) returned 1 [0159.215] SetEvent (hEvent=0xc64) returned 1 [0159.215] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0159.219] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0159.228] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0159.285] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe30*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0159.334] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0159.334] SetEvent (hEvent=0xc0) returned 1 [0159.334] SetEvent (hEvent=0x1b4) returned 1 [0159.335] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0159.386] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0159.386] SetEvent (hEvent=0xc64) returned 1 [0159.386] SetEvent (hEvent=0x9e8) returned 1 [0159.388] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.406] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.406] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.455] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.455] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0159.455] SetEvent (hEvent=0x254) returned 1 [0159.456] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0159.519] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0159.519] SetEvent (hEvent=0x9e8) returned 1 [0159.519] SetEvent (hEvent=0xc64) returned 1 [0159.521] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.541] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.541] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.590] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.591] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0159.591] SetEvent (hEvent=0x254) returned 1 [0159.591] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0159.632] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe30*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.634] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.634] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0159.634] SetEvent (hEvent=0xc0) returned 1 [0159.634] SetEvent (hEvent=0x1b4) returned 1 [0159.634] SetEvent (hEvent=0xc64) returned 1 [0159.636] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0159.652] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0159.664] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0159.664] SetEvent (hEvent=0xb58) returned 1 [0159.664] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.712] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.712] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe30*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.764] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.764] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0159.764] SetEvent (hEvent=0xa8) returned 1 [0159.764] SetEvent (hEvent=0x254) returned 1 [0159.766] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.802] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.802] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.841] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.841] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0159.841] SetEvent (hEvent=0xb58) returned 1 [0159.841] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.889] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.889] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f698, ulCount=0x10, ulNumEntriesRemoved=0x2f53f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f698, ulNumEntriesRemoved=0x2f53f66c) returned 0 [0159.890] SetEvent (hEvent=0xa8) returned 1 [0159.890] SetEvent (hEvent=0xc64) returned 1 [0159.892] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.907] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.907] SetEvent (hEvent=0xc64) returned 1 [0159.907] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe08*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.935] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.936] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe30*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0159.937] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f53f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f53f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f53f6a0, ulNumEntriesRemoved=0x2f53f674) returned 0 [0159.937] SetEvent (hEvent=0xc64) returned 1 [0159.937] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f53fe18*=0x43c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0159.939] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\YO_gGIZglHHyF 7e.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\yo_ggizglhhyf 7e.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0159.940] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004ffcf4 | out: lpMode=0xc0004ffcf4) returned 0 [0159.941] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0159.968] SetEvent (hEvent=0xb58) returned 1 [0159.968] GetFileType (hFile=0x36c) returned 0x1 [0159.968] GetFileType (hFile=0x36c) returned 0x1 [0159.969] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0004ffd44 | out: lpFileInformation=0xc0004ffd44) returned 1 [0159.969] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0004ffd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004ffd28) returned 1 [0159.969] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0159.974] ReadFile (in: hFile=0x36c, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0xce1b, lpNumberOfBytesRead=0xc0004ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc0004ffc04*=0xcc1b, lpOverlapped=0x0) returned 1 [0159.978] ReadFile (in: hFile=0x36c, lpBuffer=0xc000266c1b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc000266c1b*, lpNumberOfBytesRead=0xc0004ffc04*=0x0, lpOverlapped=0x0) returned 1 [0159.978] CloseHandle (hObject=0x36c) returned 1 [0159.978] VirtualAlloc (lpAddress=0xc000498000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0159.983] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0159.985] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\YO_gGIZglHHyF 7e.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\yo_ggizglhhyf 7e.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0159.990] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004ffd04 | out: lpMode=0xc0004ffd04) returned 0 [0160.000] GetFileType (hFile=0x36c) returned 0x1 [0160.000] WriteFile (in: hFile=0x36c, lpBuffer=0xc000498000*, nNumberOfBytesToWrite=0xcc20, lpNumberOfBytesWritten=0xc0004ffcec, lpOverlapped=0x0 | out: lpBuffer=0xc000498000*, lpNumberOfBytesWritten=0xc0004ffcec*=0xcc20, lpOverlapped=0x0) returned 1 [0160.008] CloseHandle (hObject=0x36c) returned 1 [0160.008] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0160.010] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0160.010] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0160.068] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0160.149] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0160.151] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0160.151] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\YO_gGIZglHHyF 7e.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\yo_ggizglhhyf 7e.mkv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0160.152] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004ffd64 | out: lpMode=0xc0004ffd64) returned 0 [0160.153] GetFileType (hFile=0x36c) returned 0x1 [0160.153] WriteFile (in: hFile=0x36c, lpBuffer=0xc000050420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004ffd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050420*, lpNumberOfBytesWritten=0xc0004ffd4c*=0x158, lpOverlapped=0x0) returned 1 [0160.153] CloseHandle (hObject=0x36c) returned 1 [0160.153] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\YO_gGIZglHHyF 7e.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\yo_ggizglhhyf 7e.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\encry-YO_gGIZglHHyF 7e.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\encry-yo_ggizglhhyf 7e.mkv"), dwFlags=0x1) returned 1 [0160.155] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0160.157] SetEvent (hEvent=0xb58) returned 1 [0160.157] SetEvent (hEvent=0x1b4) returned 1 [0160.157] VirtualFree (lpAddress=0xc0005d6000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0160.158] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.159] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.160] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.160] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.161] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.162] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\g518f4w-.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\g518f4w-.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0160.163] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004fbcf4 | out: lpMode=0xc0004fbcf4) returned 0 [0160.164] GetFileType (hFile=0x3e0) returned 0x1 [0160.164] GetFileType (hFile=0x3e0) returned 0x1 [0160.164] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc0004fbd44 | out: lpFileInformation=0xc0004fbd44) returned 1 [0160.164] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc0004fbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004fbd28) returned 1 [0160.164] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0160.167] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000542000, nNumberOfBytesToRead=0xe888, lpNumberOfBytesRead=0xc0004fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesRead=0xc0004fbc04*=0xe688, lpOverlapped=0x0) returned 1 [0160.169] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000550688, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000550688*, lpNumberOfBytesRead=0xc0004fbc04*=0x0, lpOverlapped=0x0) returned 1 [0160.169] CloseHandle (hObject=0x3e0) returned 1 [0160.170] VirtualAlloc (lpAddress=0xc000552000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000552000 [0160.174] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\g518f4w-.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\g518f4w-.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0160.177] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004fbd04 | out: lpMode=0xc0004fbd04) returned 0 [0160.236] GetFileType (hFile=0x3e0) returned 0x1 [0160.237] WriteFile (in: hFile=0x3e0, lpBuffer=0xc000552000*, nNumberOfBytesToWrite=0xe690, lpNumberOfBytesWritten=0xc0004fbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000552000*, lpNumberOfBytesWritten=0xc0004fbcec*=0xe690, lpOverlapped=0x0) returned 1 [0160.241] CloseHandle (hObject=0x3e0) returned 1 [0160.241] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0401 | out: pbBuffer=0xc0002f0401) returned 1 [0160.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\g518f4w-.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\g518f4w-.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0160.242] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004fbd64 | out: lpMode=0xc0004fbd64) returned 0 [0160.276] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0160.315] SetEvent (hEvent=0xb58) returned 1 [0160.315] GetFileType (hFile=0x3e0) returned 0x1 [0160.315] WriteFile (in: hFile=0x3e0, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004fbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc0004fbd4c*=0x158, lpOverlapped=0x0) returned 1 [0160.315] CloseHandle (hObject=0x3e0) returned 1 [0160.315] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\g518f4w-.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\g518f4w-.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\encry-g518f4w-.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\encry-g518f4w-.flv"), dwFlags=0x1) returned 1 [0160.317] SwitchToThread () returned 1 [0160.320] SetEvent (hEvent=0xb58) returned 1 [0160.320] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0160.322] SetEvent (hEvent=0x1b4) returned 1 [0160.322] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0160.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\rBgMNoO4indbBosabk.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\rbgmnoo4indbbosabk.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0160.354] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000503cf4 | out: lpMode=0xc000503cf4) returned 0 [0160.374] GetFileType (hFile=0x1b0) returned 0x1 [0160.374] GetFileType (hFile=0x1b0) returned 0x1 [0160.374] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc000503d44 | out: lpFileInformation=0xc000503d44) returned 1 [0160.374] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc000503d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000503d28) returned 1 [0160.374] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0160.376] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0160.377] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000a4000, nNumberOfBytesToRead=0x1bca, lpNumberOfBytesRead=0xc000503c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a4000*, lpNumberOfBytesRead=0xc000503c04*=0x19ca, lpOverlapped=0x0) returned 1 [0160.379] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000a59ca, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000503c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000a59ca*, lpNumberOfBytesRead=0xc000503c04*=0x0, lpOverlapped=0x0) returned 1 [0160.379] CloseHandle (hObject=0x1b0) returned 1 [0160.379] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0160.380] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\rBgMNoO4indbBosabk.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\rbgmnoo4indbbosabk.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0160.382] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000503d04 | out: lpMode=0xc000503d04) returned 0 [0160.405] GetFileType (hFile=0x1b0) returned 0x1 [0160.405] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0002b9a80*, nNumberOfBytesToWrite=0x19d0, lpNumberOfBytesWritten=0xc000503cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b9a80*, lpNumberOfBytesWritten=0xc000503cec*=0x19d0, lpOverlapped=0x0) returned 1 [0160.406] CloseHandle (hObject=0x1b0) returned 1 [0160.407] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0160.407] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0160.408] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0160.409] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0160.410] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\rBgMNoO4indbBosabk.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\rbgmnoo4indbbosabk.swf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0160.411] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000503d64 | out: lpMode=0xc000503d64) returned 0 [0160.418] GetFileType (hFile=0x1b0) returned 0x1 [0160.419] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0001046e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000503d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001046e0*, lpNumberOfBytesWritten=0xc000503d4c*=0x158, lpOverlapped=0x0) returned 1 [0160.419] CloseHandle (hObject=0x1b0) returned 1 [0160.419] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\rBgMNoO4indbBosabk.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\rbgmnoo4indbbosabk.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\encry-rBgMNoO4indbBosabk.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\encry-rbgmnoo4indbbosabk.swf"), dwFlags=0x1) returned 1 [0160.421] SwitchToThread () returned 1 [0160.493] SwitchToThread () returned 1 [0160.499] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0160.502] SetEvent (hEvent=0xb58) returned 1 [0160.503] SetEvent (hEvent=0x1b4) returned 1 [0160.503] VirtualFree (lpAddress=0xc00058e000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0160.505] VirtualFree (lpAddress=0xc000576000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0160.506] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0160.507] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.508] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.509] VirtualFree (lpAddress=0xc000078000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0160.510] VirtualFree (lpAddress=0xc00005e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.511] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.512] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.513] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.514] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0160.515] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0160.515] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1\\*", lpFindFileData=0xc0005159f8 | out: lpFindFileData=0xc0005159f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0160.515] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc000515720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0160.515] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0160.516] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2\\*", lpFindFileData=0xc0005179f8 | out: lpFindFileData=0xc0005179f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0160.516] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc000517720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0160.516] GetFileType (hFile=0x7a0) returned 0x1 [0160.516] WriteFile (in: hFile=0x7a0, lpBuffer=0xc0002b8000*, nNumberOfBytesToWrite=0x19f0, lpNumberOfBytesWritten=0xc0001fdcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b8000*, lpNumberOfBytesWritten=0xc0001fdcec*=0x19f0, lpOverlapped=0x0) returned 1 [0160.518] CloseHandle (hObject=0x7a0) returned 1 [0160.518] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0160.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Pr3tvmM8VB9VEp IpuI.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pr3tvmm8vb9vep ipui.xlsx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0160.519] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc0001fdd64 | out: lpMode=0xc0001fdd64) returned 0 [0160.524] GetFileType (hFile=0x7a0) returned 0x1 [0160.524] WriteFile (in: hFile=0x7a0, lpBuffer=0xc0000506e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000506e0*, lpNumberOfBytesWritten=0xc0001fdd4c*=0x158, lpOverlapped=0x0) returned 1 [0160.524] CloseHandle (hObject=0x7a0) returned 1 [0160.524] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Pr3tvmM8VB9VEp IpuI.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pr3tvmm8vb9vep ipui.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-Pr3tvmM8VB9VEp IpuI.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-pr3tvmm8vb9vep ipui.xlsx"), dwFlags=0x1) returned 1 [0160.583] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0160.583] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0xc0002f99f8 | out: lpFindFileData=0xc0002f99f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0160.583] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002f9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0160.583] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0160.584] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Bba6tvsVHX1ZrSnNfIY\\NZuv2Qads 2CLaHFUH.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bba6tvsvhx1zrsnnfiy\\nzuv2qads 2clahfuh.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7a0 [0160.585] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc0002f3cf4 | out: lpMode=0xc0002f3cf4) returned 0 [0160.597] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0160.605] GetFileType (hFile=0x7a0) returned 0x1 [0160.605] GetFileType (hFile=0x7a0) returned 0x1 [0160.605] GetFileInformationByHandle (in: hFile=0x7a0, lpFileInformation=0xc0002f3d44 | out: lpFileInformation=0xc0002f3d44) returned 1 [0160.605] GetFileInformationByHandleEx (in: hFile=0x7a0, FileInformationClass=0x9, lpFileInformation=0xc0002f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002f3d28) returned 1 [0160.605] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0160.606] VirtualAlloc (lpAddress=0xc000554000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000554000 [0160.610] ReadFile (in: hFile=0x7a0, lpBuffer=0xc000554000, nNumberOfBytesToRead=0x10df6, lpNumberOfBytesRead=0xc0002f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000554000*, lpNumberOfBytesRead=0xc0002f3c04*=0x10bf6, lpOverlapped=0x0) returned 1 [0160.613] ReadFile (in: hFile=0x7a0, lpBuffer=0xc000564bf6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000564bf6*, lpNumberOfBytesRead=0xc0002f3c04*=0x0, lpOverlapped=0x0) returned 1 [0160.613] CloseHandle (hObject=0x7a0) returned 1 [0160.613] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0160.614] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0160.615] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0160.620] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Bba6tvsVHX1ZrSnNfIY\\NZuv2Qads 2CLaHFUH.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bba6tvsvhx1zrsnnfiy\\nzuv2qads 2clahfuh.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0160.622] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc0002f3d04 | out: lpMode=0xc0002f3d04) returned 0 [0160.625] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0160.642] GetFileType (hFile=0x7a0) returned 0x1 [0160.642] WriteFile (in: hFile=0x7a0, lpBuffer=0xc00058e000*, nNumberOfBytesToWrite=0x10c00, lpNumberOfBytesWritten=0xc0002f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesWritten=0xc0002f3cec*=0x10c00, lpOverlapped=0x0) returned 1 [0160.646] CloseHandle (hObject=0x7a0) returned 1 [0160.647] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0160.647] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Bba6tvsVHX1ZrSnNfIY\\NZuv2Qads 2CLaHFUH.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bba6tvsvhx1zrsnnfiy\\nzuv2qads 2clahfuh.gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0160.647] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc0002f3d64 | out: lpMode=0xc0002f3d64) returned 0 [0160.678] GetFileType (hFile=0x7a0) returned 0x1 [0160.679] WriteFile (in: hFile=0x7a0, lpBuffer=0xc000050580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050580*, lpNumberOfBytesWritten=0xc0002f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0160.679] CloseHandle (hObject=0x7a0) returned 1 [0160.679] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Bba6tvsVHX1ZrSnNfIY\\NZuv2Qads 2CLaHFUH.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bba6tvsvhx1zrsnnfiy\\nzuv2qads 2clahfuh.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Bba6tvsVHX1ZrSnNfIY\\encry-NZuv2Qads 2CLaHFUH.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\bba6tvsvhx1zrsnnfiy\\encry-nzuv2qads 2clahfuh.gif"), dwFlags=0x1) returned 1 [0160.681] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\RhM0SUlFme.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\rhm0sulfme.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7a0 [0160.682] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000307cf4 | out: lpMode=0xc000307cf4) returned 0 [0160.684] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0160.695] SetEvent (hEvent=0xb58) returned 1 [0160.695] GetFileType (hFile=0x7a0) returned 0x1 [0160.695] GetFileType (hFile=0x7a0) returned 0x1 [0160.696] GetFileInformationByHandle (in: hFile=0x7a0, lpFileInformation=0xc000307d44 | out: lpFileInformation=0xc000307d44) returned 1 [0160.696] GetFileInformationByHandleEx (in: hFile=0x7a0, FileInformationClass=0x9, lpFileInformation=0xc000307d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000307d28) returned 1 [0160.696] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0160.699] ReadFile (in: hFile=0x7a0, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xb1b7, lpNumberOfBytesRead=0xc000307c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc000307c04*=0xafb7, lpOverlapped=0x0) returned 1 [0160.702] ReadFile (in: hFile=0x7a0, lpBuffer=0xc00021cfb7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000307c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021cfb7*, lpNumberOfBytesRead=0xc000307c04*=0x0, lpOverlapped=0x0) returned 1 [0160.702] CloseHandle (hObject=0x7a0) returned 1 [0160.702] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0160.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\RhM0SUlFme.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\rhm0sulfme.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0160.708] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000307d04 | out: lpMode=0xc000307d04) returned 0 [0160.722] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0160.740] GetFileType (hFile=0x7a0) returned 0x1 [0160.740] WriteFile (in: hFile=0x7a0, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0xafc0, lpNumberOfBytesWritten=0xc000307cec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc000307cec*=0xafc0, lpOverlapped=0x0) returned 1 [0160.744] CloseHandle (hObject=0x7a0) returned 1 [0160.744] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0160.744] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\RhM0SUlFme.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\rhm0sulfme.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0160.744] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000307d64 | out: lpMode=0xc000307d64) returned 0 [0160.762] GetFileType (hFile=0x7a0) returned 0x1 [0160.762] WriteFile (in: hFile=0x7a0, lpBuffer=0xc000050420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000307d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050420*, lpNumberOfBytesWritten=0xc000307d4c*=0x158, lpOverlapped=0x0) returned 1 [0160.762] CloseHandle (hObject=0x7a0) returned 1 [0160.763] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\RhM0SUlFme.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\rhm0sulfme.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\encry-RhM0SUlFme.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\encry-rhm0sulfme.png"), dwFlags=0x1) returned 1 [0160.765] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0160.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\IhGRZo.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\ihgrzo.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7a0 [0160.767] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000317cf4 | out: lpMode=0xc000317cf4) returned 0 [0160.789] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0160.799] GetFileType (hFile=0x7a0) returned 0x1 [0160.799] GetFileType (hFile=0x7a0) returned 0x1 [0160.799] GetFileInformationByHandle (in: hFile=0x7a0, lpFileInformation=0xc000317d44 | out: lpFileInformation=0xc000317d44) returned 1 [0160.799] GetFileInformationByHandleEx (in: hFile=0x7a0, FileInformationClass=0x9, lpFileInformation=0xc000317d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000317d28) returned 1 [0160.799] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0160.802] ReadFile (in: hFile=0x7a0, lpBuffer=0xc00027c000, nNumberOfBytesToRead=0x874b, lpNumberOfBytesRead=0xc000317c04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesRead=0xc000317c04*=0x854b, lpOverlapped=0x0) returned 1 [0160.804] ReadFile (in: hFile=0x7a0, lpBuffer=0xc00028454b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000317c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028454b*, lpNumberOfBytesRead=0xc000317c04*=0x0, lpOverlapped=0x0) returned 1 [0160.804] CloseHandle (hObject=0x7a0) returned 1 [0160.804] VirtualAlloc (lpAddress=0xc000292000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0160.807] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0160.808] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0160.810] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\IhGRZo.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\ihgrzo.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0160.812] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000317d04 | out: lpMode=0xc000317d04) returned 0 [0160.815] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0160.835] GetFileType (hFile=0x7a0) returned 0x1 [0160.835] WriteFile (in: hFile=0x7a0, lpBuffer=0xc000292000*, nNumberOfBytesToWrite=0x8550, lpNumberOfBytesWritten=0xc000317cec, lpOverlapped=0x0 | out: lpBuffer=0xc000292000*, lpNumberOfBytesWritten=0xc000317cec*=0x8550, lpOverlapped=0x0) returned 1 [0160.838] CloseHandle (hObject=0x7a0) returned 1 [0160.838] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0160.838] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0160.840] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0160.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\IhGRZo.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\ihgrzo.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0160.841] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000317d64 | out: lpMode=0xc000317d64) returned 0 [0160.846] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0160.865] GetFileType (hFile=0x7a0) returned 0x1 [0160.865] WriteFile (in: hFile=0x7a0, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000317d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000317d4c*=0x158, lpOverlapped=0x0) returned 1 [0160.866] CloseHandle (hObject=0x7a0) returned 1 [0160.866] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0160.867] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\IhGRZo.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\ihgrzo.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\encry-IhGRZo.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\encry-ihgrzo.png"), dwFlags=0x1) returned 1 [0160.869] SwitchToThread () returned 1 [0160.871] SetEvent (hEvent=0xb58) returned 1 [0160.871] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0160.873] SetEvent (hEvent=0xb58) returned 1 [0160.873] SetEvent (hEvent=0x9e8) returned 1 [0160.873] SetEvent (hEvent=0xa8) returned 1 [0160.873] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0160.879] SetEvent (hEvent=0x9e8) returned 1 [0160.879] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0160.906] SetEvent (hEvent=0xb58) returned 1 [0160.907] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0161.025] SetEvent (hEvent=0x9e8) returned 1 [0161.025] SetEvent (hEvent=0x1b4) returned 1 [0161.026] SetEvent (hEvent=0xb58) returned 1 [0161.026] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0161.169] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0618*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00017b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0618*, lpNumberOfCharsWritten=0xc00017b818*=0x3) returned 1 [0161.171] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc380*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0003df818, lpReserved=0x0 | out: lpBuffer=0xc0000bc380*, lpNumberOfCharsWritten=0xc0003df818*=0x3) returned 1 [0161.174] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0161.211] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc390*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003dd818, lpReserved=0x0 | out: lpBuffer=0xc0000bc390*, lpNumberOfCharsWritten=0xc0003dd818*=0x4) returned 1 [0161.222] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc398*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00046f818, lpReserved=0x0 | out: lpBuffer=0xc0000bc398*, lpNumberOfCharsWritten=0xc00046f818*=0x3) returned 1 [0161.223] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0161.225] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000078000*, nNumberOfCharsToWrite=0x5e, lpNumberOfCharsWritten=0xc0003bd808, lpReserved=0x0 | out: lpBuffer=0xc000078000*, lpNumberOfCharsWritten=0xc0003bd808*=0x5e) returned 1 [0161.226] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0161.228] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0161.228] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0161.229] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac [0162.062] GetConsoleMode (in: hConsoleHandle=0x4ac, lpMode=0xc0003bdd64 | out: lpMode=0xc0003bdd64) returned 0 [0162.412] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0162.534] GetFileType (hFile=0x4ac) returned 0x1 [0162.534] WriteFile (in: hFile=0x4ac, lpBuffer=0xc000120420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000120420*, lpNumberOfBytesWritten=0xc0003bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0162.536] CloseHandle (hObject=0x4ac) returned 1 [0162.536] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0162.537] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0162.539] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\encry-folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\encry-folder.ico"), dwFlags=0x1) returned 1 [0166.883] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0166.993] SetEvent (hEvent=0xa10) returned 1 [0166.993] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0166.996] SetEvent (hEvent=0xa10) returned 1 [0166.996] SetEvent (hEvent=0x1b4) returned 1 [0166.996] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0167.014] SetEvent (hEvent=0xa10) returned 1 [0167.014] SetEvent (hEvent=0xbb0) returned 1 [0167.014] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0167.029] SetEvent (hEvent=0xb58) returned 1 [0167.029] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0167.166] SetEvent (hEvent=0xb48) returned 1 [0167.166] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0167.170] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0167.172] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0167.174] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0167.175] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0167.177] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0167.178] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0167.180] SetEvent (hEvent=0xbb0) returned 1 [0167.180] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) returned 0x0 [0167.184] SetEvent (hEvent=0xbb0) returned 1 [0167.184] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0010*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0003bd818, lpReserved=0x0 | out: lpBuffer=0xc0000a0010*, lpNumberOfCharsWritten=0xc0003bd818*=0x3) returned 1 [0167.185] SetEvent (hEvent=0xbb0) returned 1 [0167.185] VirtualAlloc (lpAddress=0xc00036e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036e000 [0167.187] VirtualAlloc (lpAddress=0xc000372000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000372000 [0167.188] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c4240*, nNumberOfCharsToWrite=0x5b, lpNumberOfCharsWritten=0xc0003ad808, lpReserved=0x0 | out: lpBuffer=0xc0000c4240*, lpNumberOfCharsWritten=0xc0003ad808*=0x5b) returned 1 [0167.190] SetEvent (hEvent=0xbb0) returned 1 [0167.190] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00000a2d0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0003ad808, lpReserved=0x0 | out: lpBuffer=0xc00000a2d0*, lpNumberOfCharsWritten=0xc0003ad808*=0x11) returned 1 [0167.192] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00000a300*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0003ad808, lpReserved=0x0 | out: lpBuffer=0xc00000a300*, lpNumberOfCharsWritten=0xc0003ad808*=0x11) returned 1 [0167.193] VirtualAlloc (lpAddress=0xc00037e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037e000 [0167.195] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\encry-Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\encry-indexed locations.search-ms"), dwFlags=0x1) returned 1 [0167.384] WaitForSingleObject (hHandle=0x43c, dwMilliseconds=0xffffffff) Thread: id = 69 os_tid = 0xad4 [0141.600] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2f73fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2f73fea0*=0x444) returned 1 [0141.600] VirtualQuery (in: lpAddress=0x2f73fec0, lpBuffer=0x2f73fec0, dwLength=0x30 | out: lpBuffer=0x2f73fec0*(BaseAddress=0x2f73f000, AllocationBase=0x2f540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.600] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x448 [0141.601] GetConsoleMode (in: hConsoleHandle=0x448, lpMode=0xc000189cf4 | out: lpMode=0xc000189cf4) returned 0 [0141.605] GetFileType (hFile=0x448) returned 0x1 [0141.605] GetFileType (hFile=0x448) returned 0x1 [0141.605] GetFileInformationByHandle (in: hFile=0x448, lpFileInformation=0xc000189d44 | out: lpFileInformation=0xc000189d44) returned 1 [0141.605] GetFileInformationByHandleEx (in: hFile=0x448, FileInformationClass=0x9, lpFileInformation=0xc000189d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000189d28) returned 1 [0141.605] ReadFile (in: hFile=0x448, lpBuffer=0xc0003222c0, nNumberOfBytesToRead=0x2a9, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003222c0*, lpNumberOfBytesRead=0xc000189c04*=0xa9, lpOverlapped=0x0) returned 1 [0142.553] ReadFile (in: hFile=0x448, lpBuffer=0xc000322369, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc000322369*, lpNumberOfBytesRead=0xc000189c04*=0x0, lpOverlapped=0x0) returned 1 [0142.554] CloseHandle (hObject=0x448) returned 1 [0142.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.linkedin[1].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc7c [0142.876] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc80 [0142.876] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc84 [0142.876] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0144.165] SetEvent (hEvent=0xc0) returned 1 [0144.165] SetEvent (hEvent=0xbc0) returned 1 [0144.165] GetConsoleMode (in: hConsoleHandle=0xc7c, lpMode=0xc000189d04 | out: lpMode=0xc000189d04) returned 0 [0144.166] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0144.605] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0144.606] VirtualFree (lpAddress=0xc00075a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.607] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.607] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.608] SetEvent (hEvent=0x304) returned 1 [0144.608] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0144.615] SetEvent (hEvent=0xa20) returned 1 [0144.615] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0145.948] SetEvent (hEvent=0x2f4) returned 1 [0145.948] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0145.952] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0145.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xc7c [0145.964] GetConsoleMode (in: hConsoleHandle=0xc7c, lpMode=0xc0002dfcf4 | out: lpMode=0xc0002dfcf4) returned 0 [0145.968] GetFileType (hFile=0xc7c) returned 0x1 [0145.968] GetFileType (hFile=0xc7c) returned 0x1 [0145.968] GetFileInformationByHandle (in: hFile=0xc7c, lpFileInformation=0xc0002dfd44 | out: lpFileInformation=0xc0002dfd44) returned 1 [0145.968] GetFileInformationByHandleEx (in: hFile=0xc7c, FileInformationClass=0x9, lpFileInformation=0xc0002dfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002dfd28) returned 1 [0145.968] VirtualAlloc (lpAddress=0xc000282000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000282000 [0145.969] ReadFile (in: hFile=0xc7c, lpBuffer=0xc000282000, nNumberOfBytesToRead=0x74e, lpNumberOfBytesRead=0xc0002dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc000282000*, lpNumberOfBytesRead=0xc0002dfc04*=0x54e, lpOverlapped=0x0) returned 1 [0145.976] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0146.233] ReadFile (in: hFile=0xc7c, lpBuffer=0xc00028254e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002dfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00028254e*, lpNumberOfBytesRead=0xc0002dfc04*=0x0, lpOverlapped=0x0) returned 1 [0146.233] CloseHandle (hObject=0xc7c) returned 1 [0146.233] VirtualAlloc (lpAddress=0xc0002a8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a8000 [0146.234] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc7c [0146.236] GetConsoleMode (in: hConsoleHandle=0xc7c, lpMode=0xc0002dfd04 | out: lpMode=0xc0002dfd04) returned 0 [0146.245] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0146.303] GetFileType (hFile=0xc7c) returned 0x1 [0146.303] WriteFile (in: hFile=0xc7c, lpBuffer=0xc00010e000*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0xc0002dfcec, lpOverlapped=0x0 | out: lpBuffer=0xc00010e000*, lpNumberOfBytesWritten=0xc0002dfcec*=0x550, lpOverlapped=0x0) returned 1 [0146.304] CloseHandle (hObject=0xc7c) returned 1 [0146.305] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b901 | out: pbBuffer=0xc00031b901) returned 1 [0146.305] VirtualAlloc (lpAddress=0xc0002b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b2000 [0146.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc7c [0146.306] GetConsoleMode (in: hConsoleHandle=0xc7c, lpMode=0xc0002dfd64 | out: lpMode=0xc0002dfd64) returned 0 [0146.309] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0146.343] GetFileType (hFile=0xc7c) returned 0x1 [0146.343] WriteFile (in: hFile=0xc7c, lpBuffer=0xc00007e2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002dfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e2c0*, lpNumberOfBytesWritten=0xc0002dfd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.343] CloseHandle (hObject=0xc7c) returned 1 [0146.344] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\encry-Ease of Access.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\encry-ease of access.lnk"), dwFlags=0x1) returned 1 [0146.346] VirtualFree (lpAddress=0xc000230000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.347] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.348] VirtualFree (lpAddress=0xc00010e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0146.348] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.349] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.350] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.350] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xc7c [0146.351] GetConsoleMode (in: hConsoleHandle=0xc7c, lpMode=0xc000243cf4 | out: lpMode=0xc000243cf4) returned 0 [0146.359] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0146.376] GetFileType (hFile=0xc7c) returned 0x1 [0146.376] GetFileType (hFile=0xc7c) returned 0x1 [0146.376] GetFileInformationByHandle (in: hFile=0xc7c, lpFileInformation=0xc000243d44 | out: lpFileInformation=0xc000243d44) returned 1 [0146.377] GetFileInformationByHandleEx (in: hFile=0xc7c, FileInformationClass=0x9, lpFileInformation=0xc000243d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000243d28) returned 1 [0146.377] ReadFile (in: hFile=0xc7c, lpBuffer=0xc000264000, nNumberOfBytesToRead=0x20a, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc000264000*, lpNumberOfBytesRead=0xc000243c04*=0xa, lpOverlapped=0x0) returned 1 [0146.378] ReadFile (in: hFile=0xc7c, lpBuffer=0xc00026400a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000243c04, lpOverlapped=0x0 | out: lpBuffer=0xc00026400a*, lpNumberOfBytesRead=0xc000243c04*=0x0, lpOverlapped=0x0) returned 1 [0146.378] CloseHandle (hObject=0xc7c) returned 1 [0146.378] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0146.380] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc7c [0146.382] GetConsoleMode (in: hConsoleHandle=0xc7c, lpMode=0xc000243d04 | out: lpMode=0xc000243d04) returned 0 [0146.388] GetFileType (hFile=0xc7c) returned 0x1 [0146.388] WriteFile (in: hFile=0xc7c, lpBuffer=0xc000586580*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000243cec, lpOverlapped=0x0 | out: lpBuffer=0xc000586580*, lpNumberOfBytesWritten=0xc000243cec*=0x10, lpOverlapped=0x0) returned 1 [0146.389] CloseHandle (hObject=0xc7c) returned 1 [0146.389] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b301 | out: pbBuffer=0xc00031b301) returned 1 [0146.389] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0146.390] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc7c [0146.390] GetConsoleMode (in: hConsoleHandle=0xc7c, lpMode=0xc000243d64 | out: lpMode=0xc000243d64) returned 0 [0146.400] GetFileType (hFile=0xc7c) returned 0x1 [0146.400] WriteFile (in: hFile=0xc7c, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000243d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000243d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.400] CloseHandle (hObject=0xc7c) returned 1 [0146.400] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0146.401] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0146.403] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\encry-InstallTime20131025151332" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\encry-installtime20131025151332"), dwFlags=0x1) returned 1 [0146.404] SetEvent (hEvent=0xbb0) returned 1 [0146.405] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0146.469] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x464 [0146.470] GetConsoleMode (in: hConsoleHandle=0x464, lpMode=0xc000143cf4 | out: lpMode=0xc000143cf4) returned 0 [0146.471] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0146.540] GetFileType (hFile=0x464) returned 0x1 [0146.540] GetFileType (hFile=0x464) returned 0x1 [0146.540] GetFileInformationByHandle (in: hFile=0x464, lpFileInformation=0xc000143d44 | out: lpFileInformation=0xc000143d44) returned 1 [0146.540] GetFileInformationByHandleEx (in: hFile=0x464, FileInformationClass=0x9, lpFileInformation=0xc000143d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000143d28) returned 1 [0146.540] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0146.543] ReadFile (in: hFile=0x464, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x18200, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc000143c04*=0x18000, lpOverlapped=0x0) returned 1 [0146.600] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0146.647] ReadFile (in: hFile=0x464, lpBuffer=0xc00035e000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc00035e000*, lpNumberOfBytesRead=0xc000143c04*=0x0, lpOverlapped=0x0) returned 1 [0146.647] CloseHandle (hObject=0x464) returned 1 [0146.647] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0146.650] VirtualAlloc (lpAddress=0xc0002d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d0000 [0146.651] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0146.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x464 [0146.654] GetConsoleMode (in: hConsoleHandle=0x464, lpMode=0xc000143d04 | out: lpMode=0xc000143d04) returned 0 [0146.656] GetFileType (hFile=0x464) returned 0x1 [0146.656] WriteFile (in: hFile=0x464, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0x18010, lpNumberOfBytesWritten=0xc000143cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc000143cec*=0x18010, lpOverlapped=0x0) returned 1 [0146.660] CloseHandle (hObject=0x464) returned 1 [0146.660] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1701 | out: pbBuffer=0xc0000e1701) returned 1 [0146.660] VirtualAlloc (lpAddress=0xc0002e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e4000 [0146.662] VirtualAlloc (lpAddress=0xc0002e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e6000 [0146.663] VirtualAlloc (lpAddress=0xc0002e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e8000 [0146.664] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0146.665] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0146.666] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x464 [0146.666] GetConsoleMode (in: hConsoleHandle=0x464, lpMode=0xc000143d64 | out: lpMode=0xc000143d64) returned 0 [0146.669] GetFileType (hFile=0x464) returned 0x1 [0146.669] WriteFile (in: hFile=0x464, lpBuffer=0xc0002ec2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000143d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ec2c0*, lpNumberOfBytesWritten=0xc000143d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.670] CloseHandle (hObject=0x464) returned 1 [0146.670] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\downloads.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-downloads.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-downloads.sqlite"), dwFlags=0x1) returned 1 [0146.672] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f73fe30*=0xc80, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.674] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f73f698, ulCount=0x10, ulNumEntriesRemoved=0x2f73f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f73f698, ulNumEntriesRemoved=0x2f73f66c) returned 0 [0146.674] SetEvent (hEvent=0x304) returned 1 [0146.674] SetEvent (hEvent=0xc24) returned 1 [0146.674] SetEvent (hEvent=0x264) returned 1 [0146.676] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f73fe08*=0xc80, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.712] SetEvent (hEvent=0x264) returned 1 [0146.712] SetEvent (hEvent=0xc24) returned 1 [0146.712] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f73fe08*=0xc80, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.851] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0146.851] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f73fe30*=0xc80, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.853] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0146.853] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f73f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f73f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f73f6a0, ulNumEntriesRemoved=0x2f73f674) returned 0 [0146.853] SetEvent (hEvent=0xc0) returned 1 [0146.854] SetEvent (hEvent=0x304) returned 1 [0146.854] SetEvent (hEvent=0x264) returned 1 [0146.854] SetEvent (hEvent=0x324) returned 1 [0146.854] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f73fe18*=0xc80, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.886] SetEvent (hEvent=0xa20) returned 1 [0146.886] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0146.893] VirtualFree (lpAddress=0xc000346000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0146.894] VirtualFree (lpAddress=0xc0002b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0146.895] SetEvent (hEvent=0xc1c) returned 1 [0146.896] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0146.930] SetEvent (hEvent=0xbd8) returned 1 [0146.930] SetEvent (hEvent=0x3b0) returned 1 [0146.930] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0147.878] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Rd9uI.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\rd9ui.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x880 [0147.879] GetConsoleMode (in: hConsoleHandle=0x880, lpMode=0xc0001fbcf4 | out: lpMode=0xc0001fbcf4) returned 0 [0147.883] GetFileType (hFile=0x880) returned 0x1 [0147.883] GetFileType (hFile=0x880) returned 0x1 [0147.883] GetFileInformationByHandle (in: hFile=0x880, lpFileInformation=0xc0001fbd44 | out: lpFileInformation=0xc0001fbd44) returned 1 [0147.883] GetFileInformationByHandleEx (in: hFile=0x880, FileInformationClass=0x9, lpFileInformation=0xc0001fbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fbd28) returned 1 [0147.883] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0147.885] ReadFile (in: hFile=0x880, lpBuffer=0xc00028c000, nNumberOfBytesToRead=0x977a, lpNumberOfBytesRead=0xc0001fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesRead=0xc0001fbc04*=0x957a, lpOverlapped=0x0) returned 1 [0148.509] ReadFile (in: hFile=0x880, lpBuffer=0xc00029557a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00029557a*, lpNumberOfBytesRead=0xc0001fbc04*=0x0, lpOverlapped=0x0) returned 1 [0148.509] CloseHandle (hObject=0x880) returned 1 [0148.509] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0148.525] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0148.527] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Rd9uI.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\rd9ui.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a0 [0149.132] GetConsoleMode (in: hConsoleHandle=0x8a0, lpMode=0xc0001fbd04 | out: lpMode=0xc0001fbd04) returned 0 [0149.135] GetFileType (hFile=0x8a0) returned 0x1 [0149.135] WriteFile (in: hFile=0x8a0, lpBuffer=0xc0002e2000*, nNumberOfBytesToWrite=0x9580, lpNumberOfBytesWritten=0xc0001fbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesWritten=0xc0001fbcec*=0x9580, lpOverlapped=0x0) returned 1 [0149.367] CloseHandle (hObject=0x8a0) returned 1 [0149.609] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0149.609] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Rd9uI.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\rd9ui.gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x524 [0149.609] GetConsoleMode (in: hConsoleHandle=0x524, lpMode=0xc0001fbd64 | out: lpMode=0xc0001fbd64) returned 0 [0149.616] GetFileType (hFile=0x524) returned 0x1 [0149.616] WriteFile (in: hFile=0x524, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0001fbd4c*=0x158, lpOverlapped=0x0) returned 1 [0149.638] CloseHandle (hObject=0x524) returned 1 [0149.691] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0149.704] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Rd9uI.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\rd9ui.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-Rd9uI.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-rd9ui.gif"), dwFlags=0x1) returned 1 [0152.308] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0152.610] SetEvent (hEvent=0x9f0) returned 1 [0152.610] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0152.701] VirtualFree (lpAddress=0xc000230000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0152.702] SetEvent (hEvent=0x354) returned 1 [0152.702] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0152.797] SetEvent (hEvent=0xa68) returned 1 [0152.797] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0152.897] SetEvent (hEvent=0x304) returned 1 [0152.897] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0161.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\NHHgzTyvVDR.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\nhhgztyvvdr.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x53c [0162.049] GetConsoleMode (in: hConsoleHandle=0x53c, lpMode=0xc0002cfcf4 | out: lpMode=0xc0002cfcf4) returned 0 [0162.406] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0162.597] SetEvent (hEvent=0xa68) returned 1 [0162.597] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0163.507] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000e8000*, nNumberOfBytesToWrite=0x6f0, lpNumberOfBytesWritten=0xc0004f5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e8000*, lpNumberOfBytesWritten=0xc0004f5cec*=0x6f0, lpOverlapped=0x0) returned 1 [0166.342] CloseHandle (hObject=0x1b0) returned 1 [0166.709] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0166.762] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0166.762] VirtualAlloc (lpAddress=0xc00031e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00031e000 [0166.763] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\7apLvZczBPp2aSR6j.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\7aplvzczbpp2asr6j.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0166.861] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) returned 0x0 [0167.079] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc0004f5d64 | out: lpMode=0xc0004f5d64) returned 0 [0167.082] GetFileType (hFile=0x2fc) returned 0x1 [0167.082] WriteFile (in: hFile=0x2fc, lpBuffer=0xc000184000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000184000*, lpNumberOfBytesWritten=0xc0004f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0167.082] CloseHandle (hObject=0x2fc) returned 1 [0167.082] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\7apLvZczBPp2aSR6j.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\7aplvzczbpp2asr6j.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\encry-7apLvZczBPp2aSR6j.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\encry-7aplvzczbpp2asr6j.flv"), dwFlags=0x1) returned 1 [0167.383] WaitForSingleObject (hHandle=0xc80, dwMilliseconds=0xffffffff) Thread: id = 70 os_tid = 0xac8 [0141.608] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2f93fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2f93fea0*=0x450) returned 1 [0141.608] VirtualQuery (in: lpAddress=0x2f93fec0, lpBuffer=0x2f93fec0, dwLength=0x30 | out: lpBuffer=0x2f93fec0*(BaseAddress=0x2f93f000, AllocationBase=0x2f740000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.608] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OkUCx.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\okucx.ots.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x454 [0141.610] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0xc0003dbcf4 | out: lpMode=0xc0003dbcf4) returned 0 [0141.610] GetFileType (hFile=0x454) returned 0x1 [0141.610] GetFileType (hFile=0x454) returned 0x1 [0141.610] GetFileInformationByHandle (in: hFile=0x454, lpFileInformation=0xc0003dbd44 | out: lpFileInformation=0xc0003dbd44) returned 1 [0141.610] GetFileInformationByHandleEx (in: hFile=0x454, FileInformationClass=0x9, lpFileInformation=0xc0003dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003dbd28) returned 1 [0141.610] ReadFile (in: hFile=0x454, lpBuffer=0xc0000e7800, nNumberOfBytesToRead=0x15a7, lpNumberOfBytesRead=0xc0003dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e7800*, lpNumberOfBytesRead=0xc0003dbc04*=0x13a7, lpOverlapped=0x0) returned 1 [0142.559] ReadFile (in: hFile=0x454, lpBuffer=0xc0000e8ba7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e8ba7*, lpNumberOfBytesRead=0xc0003dbc04*=0x0, lpOverlapped=0x0) returned 1 [0142.559] CloseHandle (hObject=0x454) returned 1 [0142.560] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OkUCx.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\okucx.ots.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454 [0142.561] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0xc0003dbd04 | out: lpMode=0xc0003dbd04) returned 0 [0142.730] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa68 [0142.730] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa6c [0142.730] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0143.781] SetEvent (hEvent=0x148) returned 1 [0143.781] GetFileType (hFile=0x454) returned 0x1 [0143.781] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0144.644] WriteFile (in: hFile=0x454, lpBuffer=0xc00063b500*, nNumberOfBytesToWrite=0x13b0, lpNumberOfBytesWritten=0xc0003dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00063b500*, lpNumberOfBytesWritten=0xc0003dbcec*=0x13b0, lpOverlapped=0x0) returned 1 [0144.645] CloseHandle (hObject=0x454) returned 1 [0144.656] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b301 | out: pbBuffer=0xc00031b301) returned 1 [0144.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OkUCx.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\okucx.ots.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454 [0144.656] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0xc0003dbd64 | out: lpMode=0xc0003dbd64) returned 0 [0144.661] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0145.491] GetFileType (hFile=0x454) returned 0x1 [0145.491] WriteFile (in: hFile=0x454, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0003dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.491] CloseHandle (hObject=0x454) returned 1 [0145.495] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0146.037] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\OkUCx.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\okucx.ots.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-OkUCx.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-okucx.ots.lnk"), dwFlags=0x1) returned 1 [0150.671] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0151.256] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\Dha6Z.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\dha6z.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5c4 [0151.257] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0003ddcf4 | out: lpMode=0xc0003ddcf4) returned 0 [0151.259] GetFileType (hFile=0x5c4) returned 0x1 [0151.259] GetFileType (hFile=0x5c4) returned 0x1 [0151.259] GetFileInformationByHandle (in: hFile=0x5c4, lpFileInformation=0xc0003ddd44 | out: lpFileInformation=0xc0003ddd44) returned 1 [0151.259] GetFileInformationByHandleEx (in: hFile=0x5c4, FileInformationClass=0x9, lpFileInformation=0xc0003ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003ddd28) returned 1 [0151.259] ReadFile (in: hFile=0x5c4, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xbe87, lpNumberOfBytesRead=0xc0003ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0003ddc04*=0xbc87, lpOverlapped=0x0) returned 1 [0151.261] ReadFile (in: hFile=0x5c4, lpBuffer=0xc00021dc87, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021dc87*, lpNumberOfBytesRead=0xc0003ddc04*=0x0, lpOverlapped=0x0) returned 1 [0151.261] CloseHandle (hObject=0x5c4) returned 1 [0151.262] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\Dha6Z.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\dha6z.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0151.263] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0003ddd04 | out: lpMode=0xc0003ddd04) returned 0 [0151.273] GetFileType (hFile=0x5c4) returned 0x1 [0151.273] WriteFile (in: hFile=0x5c4, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0xbc90, lpNumberOfBytesWritten=0xc0003ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc0003ddcec*=0xbc90, lpOverlapped=0x0) returned 1 [0151.275] CloseHandle (hObject=0x5c4) returned 1 [0151.275] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0151.275] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0151.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\Dha6Z.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\dha6z.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0151.277] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0003ddd64 | out: lpMode=0xc0003ddd64) returned 0 [0151.291] GetFileType (hFile=0x5c4) returned 0x1 [0151.291] WriteFile (in: hFile=0x5c4, lpBuffer=0xc000198420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000198420*, lpNumberOfBytesWritten=0xc0003ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0151.292] CloseHandle (hObject=0x5c4) returned 1 [0151.292] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\Dha6Z.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\dha6z.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\encry-Dha6Z.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\encry-dha6z.mp3"), dwFlags=0x1) returned 1 [0151.294] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe30*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.295] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f93f698, ulCount=0x10, ulNumEntriesRemoved=0x2f93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f93f698, ulNumEntriesRemoved=0x2f93f66c) returned 0 [0151.295] SetEvent (hEvent=0xc0) returned 1 [0151.295] SetEvent (hEvent=0x114) returned 1 [0151.295] SetEvent (hEvent=0xb10) returned 1 [0151.295] SetEvent (hEvent=0xa40) returned 1 [0151.297] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe08*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.318] SetEvent (hEvent=0xa10) returned 1 [0151.318] SetEvent (hEvent=0xc5c) returned 1 [0151.318] SetEvent (hEvent=0xa88) returned 1 [0151.318] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe08*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.360] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f93f6a0, ulNumEntriesRemoved=0x2f93f674) returned 0 [0151.360] SetEvent (hEvent=0x8e8) returned 1 [0151.360] SetEvent (hEvent=0xa60) returned 1 [0151.360] SetEvent (hEvent=0xb18) returned 1 [0151.360] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe18*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0151.402] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0151.402] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f93f698, ulCount=0x10, ulNumEntriesRemoved=0x2f93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f93f698, ulNumEntriesRemoved=0x2f93f66c) returned 0 [0151.402] SetEvent (hEvent=0x978) returned 1 [0151.402] SetEvent (hEvent=0xc34) returned 1 [0151.402] SetEvent (hEvent=0xa50) returned 1 [0151.403] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe08*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0151.414] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0151.414] SetEvent (hEvent=0xc34) returned 1 [0151.414] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe08*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.462] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe30*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.464] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f93f6a0, ulNumEntriesRemoved=0x2f93f674) returned 0 [0151.464] SetEvent (hEvent=0xc0) returned 1 [0151.464] SetEvent (hEvent=0xae0) returned 1 [0151.464] SetEvent (hEvent=0x988) returned 1 [0151.464] SetEvent (hEvent=0xab8) returned 1 [0151.464] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe18*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.505] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f93f698, ulCount=0x10, ulNumEntriesRemoved=0x2f93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f93f698, ulNumEntriesRemoved=0x2f93f66c) returned 0 [0151.505] SetEvent (hEvent=0xa38) returned 1 [0151.506] SetEvent (hEvent=0x988) returned 1 [0151.506] SetEvent (hEvent=0xae0) returned 1 [0151.507] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe08*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0151.527] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0151.527] SetEvent (hEvent=0x988) returned 1 [0151.528] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe08*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.611] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe30*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0151.613] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0151.613] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f93f6a0, ulNumEntriesRemoved=0x2f93f674) returned 0 [0151.613] SetEvent (hEvent=0x1f8) returned 1 [0151.613] SetEvent (hEvent=0xa38) returned 1 [0151.613] SetEvent (hEvent=0x990) returned 1 [0151.613] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe18*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.654] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe30*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0151.657] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0151.657] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f93f698, ulCount=0x10, ulNumEntriesRemoved=0x2f93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f93f698, ulNumEntriesRemoved=0x2f93f66c) returned 0 [0151.657] SetEvent (hEvent=0xc0) returned 1 [0151.657] SetEvent (hEvent=0x9b8) returned 1 [0151.657] SetEvent (hEvent=0x28c) returned 1 [0151.657] SetEvent (hEvent=0xb50) returned 1 [0151.659] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe08*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.669] SetEvent (hEvent=0x9b8) returned 1 [0151.670] SetEvent (hEvent=0xa38) returned 1 [0151.670] SetEvent (hEvent=0x1f8) returned 1 [0151.670] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe08*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.680] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe30*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.682] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f93f6a0, ulNumEntriesRemoved=0x2f93f674) returned 0 [0151.683] SetEvent (hEvent=0xc0) returned 1 [0151.683] SetEvent (hEvent=0xa38) returned 1 [0151.683] SetEvent (hEvent=0xa40) returned 1 [0151.683] SetEvent (hEvent=0x114) returned 1 [0151.683] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe18*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.750] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe30*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0151.752] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0151.752] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f93f698, ulCount=0x10, ulNumEntriesRemoved=0x2f93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f93f698, ulNumEntriesRemoved=0x2f93f66c) returned 0 [0151.752] SetEvent (hEvent=0xa40) returned 1 [0151.753] SetEvent (hEvent=0xb10) returned 1 [0151.753] SetEvent (hEvent=0xa38) returned 1 [0151.754] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe08*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.763] SetEvent (hEvent=0xc5c) returned 1 [0151.763] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe08*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0151.775] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0151.775] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe30*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.777] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f93f6a0, ulNumEntriesRemoved=0x2f93f674) returned 0 [0151.777] SetEvent (hEvent=0xc0) returned 1 [0151.777] SetEvent (hEvent=0xb80) returned 1 [0151.777] SetEvent (hEvent=0xc1c) returned 1 [0151.777] SetEvent (hEvent=0xb70) returned 1 [0151.777] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe18*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.826] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe30*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.829] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f93f698, ulCount=0x10, ulNumEntriesRemoved=0x2f93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f93f698, ulNumEntriesRemoved=0x2f93f66c) returned 0 [0151.829] SetEvent (hEvent=0xc0) returned 1 [0151.829] SetEvent (hEvent=0x8e8) returned 1 [0151.829] SetEvent (hEvent=0xa20) returned 1 [0151.829] SetEvent (hEvent=0xa60) returned 1 [0151.831] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe08*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.868] SetEvent (hEvent=0x8e8) returned 1 [0151.869] SetEvent (hEvent=0xc1c) returned 1 [0151.869] SetEvent (hEvent=0xb80) returned 1 [0151.869] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe08*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0151.967] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0151.967] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe30*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0151.968] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0151.968] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f93f6a0, ulNumEntriesRemoved=0x2f93f674) returned 0 [0151.969] SetEvent (hEvent=0xb48) returned 1 [0151.969] SetEvent (hEvent=0xc1c) returned 1 [0151.969] SetEvent (hEvent=0x988) returned 1 [0151.969] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe18*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0152.037] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe30*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0152.039] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0152.039] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f93f698, ulCount=0x10, ulNumEntriesRemoved=0x2f93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f93f698, ulNumEntriesRemoved=0x2f93f66c) returned 0 [0152.039] SetEvent (hEvent=0xc0) returned 1 [0152.040] SetEvent (hEvent=0x9a8) returned 1 [0152.040] SetEvent (hEvent=0xab8) returned 1 [0152.040] SetEvent (hEvent=0x1a0) returned 1 [0152.041] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe08*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0152.082] SetEvent (hEvent=0x1a0) returned 1 [0152.083] SetEvent (hEvent=0x988) returned 1 [0152.083] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe08*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0152.127] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0152.127] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe30*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0152.129] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0152.129] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2f93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2f93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2f93f6a0, ulNumEntriesRemoved=0x2f93f674) returned 0 [0152.129] SetEvent (hEvent=0xc0) returned 1 [0152.129] SetEvent (hEvent=0x354) returned 1 [0152.129] SetEvent (hEvent=0xa50) returned 1 [0152.129] SetEvent (hEvent=0x990) returned 1 [0152.129] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2f93fe18*=0xa68, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0152.147] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0152.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\WJrxKCY4JIYa8.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\wjrxkcy4jiya8.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0152.149] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0003b7cf4 | out: lpMode=0xc0003b7cf4) returned 0 [0152.156] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0152.356] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0152.359] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\y6tP2hHT.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\y6tp2hht.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x454 [0152.360] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0xc0006e3cf4 | out: lpMode=0xc0006e3cf4) returned 0 [0152.364] GetFileType (hFile=0x454) returned 0x1 [0152.364] GetFileType (hFile=0x454) returned 0x1 [0152.364] GetFileInformationByHandle (in: hFile=0x454, lpFileInformation=0xc0006e3d44 | out: lpFileInformation=0xc0006e3d44) returned 1 [0152.364] GetFileInformationByHandleEx (in: hFile=0x454, FileInformationClass=0x9, lpFileInformation=0xc0006e3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e3d28) returned 1 [0152.365] VirtualAlloc (lpAddress=0xc000358000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000358000 [0152.367] ReadFile (in: hFile=0x454, lpBuffer=0xc000358000, nNumberOfBytesToRead=0x15b2e, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000358000*, lpNumberOfBytesRead=0xc0006e3c04*=0x1592e, lpOverlapped=0x0) returned 1 [0152.369] ReadFile (in: hFile=0x454, lpBuffer=0xc00036d92e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00036d92e*, lpNumberOfBytesRead=0xc0006e3c04*=0x0, lpOverlapped=0x0) returned 1 [0152.369] CloseHandle (hObject=0x454) returned 1 [0152.370] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0152.371] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0152.372] VirtualAlloc (lpAddress=0xc000498000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0152.375] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\y6tP2hHT.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\y6tp2hht.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454 [0152.377] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0xc0006e3d04 | out: lpMode=0xc0006e3d04) returned 0 [0152.386] GetFileType (hFile=0x454) returned 0x1 [0152.386] WriteFile (in: hFile=0x454, lpBuffer=0xc000498000*, nNumberOfBytesToWrite=0x15930, lpNumberOfBytesWritten=0xc0006e3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000498000*, lpNumberOfBytesWritten=0xc0006e3cec*=0x15930, lpOverlapped=0x0) returned 1 [0152.390] CloseHandle (hObject=0x454) returned 1 [0152.390] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0152.390] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\y6tP2hHT.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\y6tp2hht.pptx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454 [0152.391] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0xc0006e3d64 | out: lpMode=0xc0006e3d64) returned 0 [0152.392] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0152.843] GetFileType (hFile=0x454) returned 0x1 [0152.843] WriteFile (in: hFile=0x454, lpBuffer=0xc000284000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284000*, lpNumberOfBytesWritten=0xc0006e3d4c*=0x158, lpOverlapped=0x0) returned 1 [0152.844] CloseHandle (hObject=0x454) returned 1 [0152.844] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\y6tP2hHT.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\y6tp2hht.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-y6tP2hHT.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-y6tp2hht.pptx"), dwFlags=0x1) returned 1 [0152.846] SetEvent (hEvent=0x8e8) returned 1 [0152.846] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0152.897] SetEvent (hEvent=0x9f0) returned 1 [0152.897] SetEvent (hEvent=0x324) returned 1 [0152.897] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0161.263] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0161.264] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\tjkg54Eo9XUb.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\tjkg54eo9xub.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x380 [0162.049] GetConsoleMode (in: hConsoleHandle=0x380, lpMode=0xc0002a7cf4 | out: lpMode=0xc0002a7cf4) returned 0 [0162.407] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0162.597] SetEvent (hEvent=0xa30) returned 1 [0162.597] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0163.506] WriteFile (in: hFile=0x3d0, lpBuffer=0xc00021e000*, nNumberOfBytesToWrite=0x5940, lpNumberOfBytesWritten=0xc000507cec, lpOverlapped=0x0 | out: lpBuffer=0xc00021e000*, lpNumberOfBytesWritten=0xc000507cec*=0x5940, lpOverlapped=0x0) returned 1 [0166.348] CloseHandle (hObject=0x3d0) returned 1 [0166.708] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0166.849] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3501 | out: pbBuffer=0xc0001c3501) returned 1 [0166.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\m6SCx-BQNd.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\m6scx-bqnd.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0166.856] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc000507d64 | out: lpMode=0xc000507d64) returned 0 [0166.867] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) returned 0x0 [0166.912] GetFileType (hFile=0x1b0) returned 0x1 [0166.912] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000c3600*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000507d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000c3600*, lpNumberOfBytesWritten=0xc000507d4c*=0x158, lpOverlapped=0x0) returned 1 [0166.913] CloseHandle (hObject=0x1b0) returned 1 [0166.913] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\m6SCx-BQNd.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\m6scx-bqnd.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\encry-m6SCx-BQNd.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\encry-m6scx-bqnd.flv"), dwFlags=0x1) returned 1 [0167.385] WaitForSingleObject (hHandle=0xa68, dwMilliseconds=0xffffffff) Thread: id = 71 os_tid = 0xaa4 [0141.611] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2fb3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2fb3fea0*=0x434) returned 1 [0141.611] VirtualQuery (in: lpAddress=0x2fb3fec0, lpBuffer=0x2fb3fec0, dwLength=0x30 | out: lpBuffer=0x2fb3fec0*(BaseAddress=0x2fb3f000, AllocationBase=0x2f940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.611] SetEvent (hEvent=0x28c) returned 1 [0141.611] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x458 [0141.611] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x45c [0141.611] WaitForSingleObject (hHandle=0x458, dwMilliseconds=0xffffffff) returned 0x0 [0141.615] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0141.616] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0141.617] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DaGVD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dagvd.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x464 [0141.618] GetConsoleMode (in: hConsoleHandle=0x464, lpMode=0xc000389cf4 | out: lpMode=0xc000389cf4) returned 0 [0141.618] GetFileType (hFile=0x464) returned 0x1 [0141.619] GetFileType (hFile=0x464) returned 0x1 [0141.619] GetFileInformationByHandle (in: hFile=0x464, lpFileInformation=0xc000389d44 | out: lpFileInformation=0xc000389d44) returned 1 [0141.619] GetFileInformationByHandleEx (in: hFile=0x464, FileInformationClass=0x9, lpFileInformation=0xc000389d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000389d28) returned 1 [0141.619] ReadFile (in: hFile=0x464, lpBuffer=0xc000281800, nNumberOfBytesToRead=0x1531, lpNumberOfBytesRead=0xc000389c04, lpOverlapped=0x0 | out: lpBuffer=0xc000281800*, lpNumberOfBytesRead=0xc000389c04*=0x1331, lpOverlapped=0x0) returned 1 [0142.563] WaitForSingleObject (hHandle=0x458, dwMilliseconds=0xffffffff) returned 0x0 [0143.422] ReadFile (in: hFile=0x464, lpBuffer=0xc000282b31, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000389c04, lpOverlapped=0x0 | out: lpBuffer=0xc000282b31*, lpNumberOfBytesRead=0xc000389c04*=0x0, lpOverlapped=0x0) returned 1 [0143.422] CloseHandle (hObject=0x464) returned 1 [0143.422] VirtualAlloc (lpAddress=0xc000746000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000746000 [0143.423] VirtualAlloc (lpAddress=0xc000748000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000748000 [0143.425] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DaGVD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dagvd.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x464 [0143.426] GetConsoleMode (in: hConsoleHandle=0x464, lpMode=0xc000389d04 | out: lpMode=0xc000389d04) returned 0 [0143.431] WaitForSingleObject (hHandle=0x458, dwMilliseconds=0xffffffff) returned 0x0 [0144.097] GetFileType (hFile=0x464) returned 0x1 [0144.097] WriteFile (in: hFile=0x464, lpBuffer=0xc0007d9500*, nNumberOfBytesToWrite=0x1340, lpNumberOfBytesWritten=0xc000389cec, lpOverlapped=0x0 | out: lpBuffer=0xc0007d9500*, lpNumberOfBytesWritten=0xc000389cec*=0x1340, lpOverlapped=0x0) returned 1 [0144.099] CloseHandle (hObject=0x464) returned 1 [0144.099] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b201 | out: pbBuffer=0xc00031b201) returned 1 [0144.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DaGVD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dagvd.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x464 [0144.099] GetConsoleMode (in: hConsoleHandle=0x464, lpMode=0xc000389d64 | out: lpMode=0xc000389d64) returned 0 [0144.105] GetFileType (hFile=0x464) returned 0x1 [0144.105] WriteFile (in: hFile=0x464, lpBuffer=0xc000614f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000389d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614f20*, lpNumberOfBytesWritten=0xc000389d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.105] CloseHandle (hObject=0x464) returned 1 [0144.106] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\DaGVD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dagvd.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-DaGVD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-dagvd.lnk"), dwFlags=0x1) returned 1 [0144.108] SetEvent (hEvent=0xae0) returned 1 [0144.110] WaitForSingleObject (hHandle=0x458, dwMilliseconds=0xffffffff) returned 0x0 [0144.113] SetEvent (hEvent=0x324) returned 1 [0144.113] SetEvent (hEvent=0x938) returned 1 [0144.113] WaitForSingleObject (hHandle=0x458, dwMilliseconds=0xffffffff) returned 0x0 [0144.116] SetEvent (hEvent=0xa00) returned 1 [0144.116] WaitForSingleObject (hHandle=0x458, dwMilliseconds=0xffffffff) returned 0x0 [0144.125] SetEvent (hEvent=0x9d0) returned 1 [0144.125] WaitForSingleObject (hHandle=0x458, dwMilliseconds=0xffffffff) returned 0x0 [0144.139] SetEvent (hEvent=0x320) returned 1 [0144.140] WaitForSingleObject (hHandle=0x458, dwMilliseconds=0xffffffff) Thread: id = 72 os_tid = 0xa7c [0141.620] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2fd3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2fd3fea0*=0x468) returned 1 [0141.620] VirtualQuery (in: lpAddress=0x2fd3fec0, lpBuffer=0x2fd3fec0, dwLength=0x30 | out: lpBuffer=0x2fd3fec0*(BaseAddress=0x2fd3f000, AllocationBase=0x2fb40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.620] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\X0WBB2qkG0k1puf.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x0wbb2qkg0k1puf.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x46c [0141.621] GetConsoleMode (in: hConsoleHandle=0x46c, lpMode=0xc000409cf4 | out: lpMode=0xc000409cf4) returned 0 [0141.622] GetFileType (hFile=0x46c) returned 0x1 [0141.622] GetFileType (hFile=0x46c) returned 0x1 [0141.623] GetFileInformationByHandle (in: hFile=0x46c, lpFileInformation=0xc000409d44 | out: lpFileInformation=0xc000409d44) returned 1 [0141.623] GetFileInformationByHandleEx (in: hFile=0x46c, FileInformationClass=0x9, lpFileInformation=0xc000409d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000409d28) returned 1 [0141.623] VirtualAlloc (lpAddress=0xc00032a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032a000 [0141.624] ReadFile (in: hFile=0x46c, lpBuffer=0xc00032a000, nNumberOfBytesToRead=0x4f4, lpNumberOfBytesRead=0xc000409c04, lpOverlapped=0x0 | out: lpBuffer=0xc00032a000*, lpNumberOfBytesRead=0xc000409c04*=0x2f4, lpOverlapped=0x0) returned 1 [0142.565] ReadFile (in: hFile=0x46c, lpBuffer=0xc00032a2f4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000409c04, lpOverlapped=0x0 | out: lpBuffer=0xc00032a2f4*, lpNumberOfBytesRead=0xc000409c04*=0x0, lpOverlapped=0x0) returned 1 [0142.565] CloseHandle (hObject=0x46c) returned 1 [0142.565] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\X0WBB2qkG0k1puf.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x0wbb2qkg0k1puf.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x46c [0142.566] GetConsoleMode (in: hConsoleHandle=0x46c, lpMode=0xc000409d04 | out: lpMode=0xc000409d04) returned 0 [0142.746] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac0 [0142.746] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac4 [0142.746] WaitForSingleObject (hHandle=0xac0, dwMilliseconds=0xffffffff) returned 0x0 [0143.303] GetFileType (hFile=0x46c) returned 0x1 [0143.303] WriteFile (in: hFile=0x46c, lpBuffer=0xc000326300*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0xc000409cec, lpOverlapped=0x0 | out: lpBuffer=0xc000326300*, lpNumberOfBytesWritten=0xc000409cec*=0x300, lpOverlapped=0x0) returned 1 [0143.304] CloseHandle (hObject=0x46c) returned 1 [0143.304] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b101 | out: pbBuffer=0xc00031b101) returned 1 [0143.305] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\X0WBB2qkG0k1puf.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x0wbb2qkg0k1puf.mkv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x46c [0143.305] GetConsoleMode (in: hConsoleHandle=0x46c, lpMode=0xc000409d64 | out: lpMode=0xc000409d64) returned 0 [0143.320] GetFileType (hFile=0x46c) returned 0x1 [0143.320] WriteFile (in: hFile=0x46c, lpBuffer=0xc00007ef20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000409d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007ef20*, lpNumberOfBytesWritten=0xc000409d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.320] CloseHandle (hObject=0x46c) returned 1 [0143.320] VirtualAlloc (lpAddress=0xc000664000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000664000 [0143.321] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\X0WBB2qkG0k1puf.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x0wbb2qkg0k1puf.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-X0WBB2qkG0k1puf.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-x0wbb2qkg0k1puf.mkv.lnk"), dwFlags=0x1) returned 1 [0143.324] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2fd3f698, ulCount=0x10, ulNumEntriesRemoved=0x2fd3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2fd3f698, ulNumEntriesRemoved=0x2fd3f66c) returned 0 [0143.324] SetEvent (hEvent=0x8f0) returned 1 [0143.324] SetEvent (hEvent=0xaa8) returned 1 [0143.324] SetEvent (hEvent=0x414) returned 1 [0143.326] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2fd3fe08*=0xac0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.328] WaitForSingleObject (hHandle=0xac0, dwMilliseconds=0xffffffff) returned 0x0 [0143.328] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2fd3fe08*=0xac0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.340] WaitForSingleObject (hHandle=0xac0, dwMilliseconds=0xffffffff) returned 0x0 [0143.340] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x2fd3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x2fd3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x2fd3f6a0, ulNumEntriesRemoved=0x2fd3f674) returned 0 [0143.340] SetEvent (hEvent=0x8f0) returned 1 [0143.340] SetEvent (hEvent=0xaa8) returned 1 [0143.340] SetEvent (hEvent=0x414) returned 1 [0143.340] WaitForMultipleObjects (nCount=0x2, lpHandles=0x2fd3fe18*=0xac0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.369] SetEvent (hEvent=0xac8) returned 1 [0143.369] WaitForSingleObject (hHandle=0xac0, dwMilliseconds=0xffffffff) returned 0x0 [0143.373] SetEvent (hEvent=0xb78) returned 1 [0143.373] WaitForSingleObject (hHandle=0xac0, dwMilliseconds=0xffffffff) returned 0x0 [0143.377] SetEvent (hEvent=0xb78) returned 1 [0143.377] SetEvent (hEvent=0x928) returned 1 [0143.377] WaitForSingleObject (hHandle=0xac0, dwMilliseconds=0xffffffff) returned 0x0 [0143.389] SetEvent (hEvent=0x9f0) returned 1 [0143.390] WaitForSingleObject (hHandle=0xac0, dwMilliseconds=0xffffffff) returned 0x0 [0143.396] SetEvent (hEvent=0xad8) returned 1 [0143.396] WaitForSingleObject (hHandle=0xac0, dwMilliseconds=0xffffffff) returned 0x0 [0143.421] SetEvent (hEvent=0x458) returned 1 [0143.421] WaitForSingleObject (hHandle=0xac0, dwMilliseconds=0xffffffff) returned 0x0 [0143.434] VirtualAlloc (lpAddress=0xc00074a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00074a000 [0143.435] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0143.435] VirtualAlloc (lpAddress=0xc00074c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00074c000 [0143.436] VirtualAlloc (lpAddress=0xc00074e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00074e000 [0143.437] VirtualAlloc (lpAddress=0xc000750000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000750000 [0143.438] VirtualAlloc (lpAddress=0xc000752000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000752000 [0143.439] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0143.439] GetConsoleMode (in: hConsoleHandle=0x7ac, lpMode=0xc0001f9d64 | out: lpMode=0xc0001f9d64) returned 0 [0143.441] GetFileType (hFile=0x7ac) returned 0x1 [0143.441] WriteFile (in: hFile=0x7ac, lpBuffer=0xc00007ef20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007ef20*, lpNumberOfBytesWritten=0xc0001f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.441] CloseHandle (hObject=0x7ac) returned 1 [0143.441] VirtualAlloc (lpAddress=0xc000754000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000754000 [0143.442] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@adtech[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@adtech[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@adtech[2].txt"), dwFlags=0x1) returned 1 [0143.444] VirtualFree (lpAddress=0xc000840000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0143.445] SetEvent (hEvent=0xb88) returned 1 [0143.445] WaitForSingleObject (hHandle=0xac0, dwMilliseconds=0xffffffff) returned 0x0 [0143.463] SetEvent (hEvent=0x9f8) returned 1 [0143.463] SetEvent (hEvent=0x164) returned 1 [0143.463] WaitForSingleObject (hHandle=0xac0, dwMilliseconds=0xffffffff) returned 0x0 [0143.473] SetEvent (hEvent=0xb98) returned 1 [0143.473] WaitForSingleObject (hHandle=0xac0, dwMilliseconds=0xffffffff) returned 0x0 [0143.492] SetEvent (hEvent=0xba0) returned 1 [0143.492] WaitForSingleObject (hHandle=0xac0, dwMilliseconds=0xffffffff) Thread: id = 73 os_tid = 0xa78 [0141.625] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x2ff3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x2ff3fea0*=0x460) returned 1 [0141.625] VirtualQuery (in: lpAddress=0x2ff3fec0, lpBuffer=0x2ff3fec0, dwLength=0x30 | out: lpBuffer=0x2ff3fec0*(BaseAddress=0x2ff3f000, AllocationBase=0x2fd40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.625] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P3LpCoP8sODQy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\p3lpcop8sodqy.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x470 [0141.626] GetConsoleMode (in: hConsoleHandle=0x470, lpMode=0xc0003ddcf4 | out: lpMode=0xc0003ddcf4) returned 0 [0141.628] GetFileType (hFile=0x470) returned 0x1 [0141.628] GetFileType (hFile=0x470) returned 0x1 [0141.628] GetFileInformationByHandle (in: hFile=0x470, lpFileInformation=0xc0003ddd44 | out: lpFileInformation=0xc0003ddd44) returned 1 [0141.628] GetFileInformationByHandleEx (in: hFile=0x470, FileInformationClass=0x9, lpFileInformation=0xc0003ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003ddd28) returned 1 [0141.628] ReadFile (in: hFile=0x470, lpBuffer=0xc0000e9000, nNumberOfBytesToRead=0x1624, lpNumberOfBytesRead=0xc0003ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e9000*, lpNumberOfBytesRead=0xc0003ddc04*=0x1424, lpOverlapped=0x0) returned 1 [0142.567] ReadFile (in: hFile=0x470, lpBuffer=0xc0000ea424, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea424*, lpNumberOfBytesRead=0xc0003ddc04*=0x0, lpOverlapped=0x0) returned 1 [0142.567] CloseHandle (hObject=0x470) returned 1 [0142.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P3LpCoP8sODQy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\p3lpcop8sodqy.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x470 [0142.569] GetConsoleMode (in: hConsoleHandle=0x470, lpMode=0xc0003ddd04 | out: lpMode=0xc0003ddd04) returned 0 [0142.756] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xaf8 [0142.756] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xafc [0142.756] WaitForSingleObject (hHandle=0xaf8, dwMilliseconds=0xffffffff) returned 0x0 [0143.465] GetFileType (hFile=0x470) returned 0x1 [0143.465] WriteFile (in: hFile=0x470, lpBuffer=0xc00063ca00*, nNumberOfBytesToWrite=0x1430, lpNumberOfBytesWritten=0xc0003ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc00063ca00*, lpNumberOfBytesWritten=0xc0003ddcec*=0x1430, lpOverlapped=0x0) returned 1 [0143.467] CloseHandle (hObject=0x470) returned 1 [0143.467] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0143.467] VirtualAlloc (lpAddress=0xc00066c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00066c000 [0143.468] VirtualAlloc (lpAddress=0xc00066e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00066e000 [0143.469] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P3LpCoP8sODQy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\p3lpcop8sodqy.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x470 [0143.470] GetConsoleMode (in: hConsoleHandle=0x470, lpMode=0xc0003ddd64 | out: lpMode=0xc0003ddd64) returned 0 [0143.472] WaitForSingleObject (hHandle=0xaf8, dwMilliseconds=0xffffffff) returned 0x0 [0144.191] SetEvent (hEvent=0xbc0) returned 1 [0144.191] GetFileType (hFile=0x470) returned 0x1 [0144.191] WaitForSingleObject (hHandle=0xaf8, dwMilliseconds=0xffffffff) returned 0x0 [0144.576] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0144.577] WriteFile (in: hFile=0x470, lpBuffer=0xc000682000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000682000*, lpNumberOfBytesWritten=0xc0003ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.578] CloseHandle (hObject=0x470) returned 1 [0144.578] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\P3LpCoP8sODQy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\p3lpcop8sodqy.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-P3LpCoP8sODQy.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-p3lpcop8sodqy.lnk"), dwFlags=0x1) returned 1 [0144.579] SetEvent (hEvent=0xbf8) returned 1 [0144.579] WaitForSingleObject (hHandle=0xaf8, dwMilliseconds=0xffffffff) Thread: id = 74 os_tid = 0x72c [0141.628] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3013fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3013fea0*=0x478) returned 1 [0141.628] VirtualQuery (in: lpAddress=0x3013fec0, lpBuffer=0x3013fec0, dwLength=0x30 | out: lpBuffer=0x3013fec0*(BaseAddress=0x3013f000, AllocationBase=0x2ff40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.628] SetEvent (hEvent=0x1e8) returned 1 [0141.628] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x47c [0141.628] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x480 [0141.628] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0141.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x48c [0141.637] GetConsoleMode (in: hConsoleHandle=0x48c, lpMode=0xc00012bcf4 | out: lpMode=0xc00012bcf4) returned 0 [0141.638] GetFileType (hFile=0x48c) returned 0x1 [0141.638] GetFileType (hFile=0x48c) returned 0x1 [0141.638] GetFileInformationByHandle (in: hFile=0x48c, lpFileInformation=0xc00012bd44 | out: lpFileInformation=0xc00012bd44) returned 1 [0141.638] GetFileInformationByHandleEx (in: hFile=0x48c, FileInformationClass=0x9, lpFileInformation=0xc00012bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012bd28) returned 1 [0141.638] VirtualAlloc (lpAddress=0xc00032c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032c000 [0141.640] ReadFile (in: hFile=0x48c, lpBuffer=0xc00032c000, nNumberOfBytesToRead=0x602, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00032c000*, lpNumberOfBytesRead=0xc00012bc04*=0x402, lpOverlapped=0x0) returned 1 [0142.796] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.621] ReadFile (in: hFile=0x48c, lpBuffer=0xc00032c402, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00032c402*, lpNumberOfBytesRead=0xc00012bc04*=0x0, lpOverlapped=0x0) returned 1 [0143.621] CloseHandle (hObject=0x48c) returned 1 [0143.621] VirtualAlloc (lpAddress=0xc000764000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000764000 [0143.622] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c [0143.623] GetConsoleMode (in: hConsoleHandle=0x48c, lpMode=0xc00012bd04 | out: lpMode=0xc00012bd04) returned 0 [0143.627] GetFileType (hFile=0x48c) returned 0x1 [0143.628] WriteFile (in: hFile=0x48c, lpBuffer=0xc000198480*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0xc00012bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000198480*, lpNumberOfBytesWritten=0xc00012bcec*=0x410, lpOverlapped=0x0) returned 1 [0143.629] CloseHandle (hObject=0x48c) returned 1 [0143.629] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0143.629] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c [0143.629] GetConsoleMode (in: hConsoleHandle=0x48c, lpMode=0xc00012bd64 | out: lpMode=0xc00012bd64) returned 0 [0143.631] GetFileType (hFile=0x48c) returned 0x1 [0143.631] WriteFile (in: hFile=0x48c, lpBuffer=0xc000291080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000291080*, lpNumberOfBytesWritten=0xc00012bd4c*=0x158, lpOverlapped=0x0) returned 1 [0143.631] CloseHandle (hObject=0x48c) returned 1 [0143.631] VirtualAlloc (lpAddress=0xc000766000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000766000 [0143.633] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@www.msn[2].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@www.msn[2].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@www.msn[2].txt"), dwFlags=0x1) returned 1 [0143.635] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3013f698, ulCount=0x10, ulNumEntriesRemoved=0x3013f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3013f698, ulNumEntriesRemoved=0x3013f66c) returned 0 [0143.635] SetEvent (hEvent=0x120) returned 1 [0143.635] SetEvent (hEvent=0x414) returned 1 [0143.635] SetEvent (hEvent=0x970) returned 1 [0143.640] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3013fe08*=0x47c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.642] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.642] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3013fe08*=0x47c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.646] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.646] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3013f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3013f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3013f6a0, ulNumEntriesRemoved=0x3013f674) returned 0 [0143.646] SetEvent (hEvent=0x120) returned 1 [0143.646] SetEvent (hEvent=0x414) returned 1 [0143.646] SetEvent (hEvent=0x970) returned 1 [0143.646] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3013fe18*=0x47c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.648] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.648] SetEvent (hEvent=0x49c) returned 1 [0143.649] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.668] SetEvent (hEvent=0x898) returned 1 [0143.668] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.688] SetEvent (hEvent=0xbe8) returned 1 [0143.689] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.692] SetEvent (hEvent=0x990) returned 1 [0143.692] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.696] SetEvent (hEvent=0xbf0) returned 1 [0143.696] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.701] SetEvent (hEvent=0x998) returned 1 [0143.701] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.702] SetEvent (hEvent=0xbf8) returned 1 [0143.702] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.731] SetEvent (hEvent=0xa48) returned 1 [0143.731] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.739] SetEvent (hEvent=0x13c) returned 1 [0143.739] SetEvent (hEvent=0xa50) returned 1 [0143.739] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.747] SetEvent (hEvent=0x13c) returned 1 [0143.747] SetEvent (hEvent=0x9a8) returned 1 [0143.747] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.774] SetEvent (hEvent=0xa60) returned 1 [0143.774] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.779] SetEvent (hEvent=0x148) returned 1 [0143.779] SetEvent (hEvent=0xa68) returned 1 [0143.779] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.784] SetEvent (hEvent=0x148) returned 1 [0143.784] SetEvent (hEvent=0x5cc) returned 1 [0143.784] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.811] SetEvent (hEvent=0xc3c) returned 1 [0143.811] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) returned 0x0 [0143.819] SetEvent (hEvent=0xc44) returned 1 [0143.819] WaitForSingleObject (hHandle=0x47c, dwMilliseconds=0xffffffff) Thread: id = 75 os_tid = 0x748 [0141.635] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3033fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3033fea0*=0x484) returned 1 [0141.635] VirtualQuery (in: lpAddress=0x3033fec0, lpBuffer=0x3033fec0, dwLength=0x30 | out: lpBuffer=0x3033fec0*(BaseAddress=0x3033f000, AllocationBase=0x30140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.635] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F_JGkxr6yc.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f_jgkxr6yc.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x488 [0141.636] GetConsoleMode (in: hConsoleHandle=0x488, lpMode=0xc000393cf4 | out: lpMode=0xc000393cf4) returned 0 [0141.638] GetFileType (hFile=0x488) returned 0x1 [0141.638] GetFileType (hFile=0x488) returned 0x1 [0141.638] GetFileInformationByHandle (in: hFile=0x488, lpFileInformation=0xc000393d44 | out: lpFileInformation=0xc000393d44) returned 1 [0141.638] GetFileInformationByHandleEx (in: hFile=0x488, FileInformationClass=0x9, lpFileInformation=0xc000393d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000393d28) returned 1 [0141.638] ReadFile (in: hFile=0x488, lpBuffer=0xc000283000, nNumberOfBytesToRead=0x1574, lpNumberOfBytesRead=0xc000393c04, lpOverlapped=0x0 | out: lpBuffer=0xc000283000*, lpNumberOfBytesRead=0xc000393c04*=0x1374, lpOverlapped=0x0) returned 1 [0142.573] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x448 [0142.573] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x2d8 [0142.573] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0143.009] SetEvent (hEvent=0x208) returned 1 [0143.009] ReadFile (in: hFile=0x488, lpBuffer=0xc000284374, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000393c04, lpOverlapped=0x0 | out: lpBuffer=0xc000284374*, lpNumberOfBytesRead=0xc000393c04*=0x0, lpOverlapped=0x0) returned 1 [0143.009] CloseHandle (hObject=0x488) returned 1 [0143.009] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F_JGkxr6yc.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f_jgkxr6yc.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x488 [0143.011] GetConsoleMode (in: hConsoleHandle=0x488, lpMode=0xc000393d04 | out: lpMode=0xc000393d04) returned 0 [0143.012] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0144.295] GetFileType (hFile=0x488) returned 0x1 [0144.295] WriteFile (in: hFile=0x488, lpBuffer=0xc0000d2a00*, nNumberOfBytesToWrite=0x1380, lpNumberOfBytesWritten=0xc000393cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d2a00*, lpNumberOfBytesWritten=0xc000393cec*=0x1380, lpOverlapped=0x0) returned 1 [0144.297] CloseHandle (hObject=0x488) returned 1 [0144.297] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b301 | out: pbBuffer=0xc00031b301) returned 1 [0144.297] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F_JGkxr6yc.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f_jgkxr6yc.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x488 [0144.297] GetConsoleMode (in: hConsoleHandle=0x488, lpMode=0xc000393d64 | out: lpMode=0xc000393d64) returned 0 [0144.303] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0144.641] GetFileType (hFile=0x488) returned 0x1 [0144.641] WriteFile (in: hFile=0x488, lpBuffer=0xc000683b80*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000393d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000683b80*, lpNumberOfBytesWritten=0xc000393d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.642] CloseHandle (hObject=0x488) returned 1 [0144.642] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\F_JGkxr6yc.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\f_jgkxr6yc.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-F_JGkxr6yc.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-f_jgkxr6yc.lnk"), dwFlags=0x1) returned 1 [0144.643] SetEvent (hEvent=0x980) returned 1 [0144.643] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0145.816] SetEvent (hEvent=0xec) returned 1 [0145.816] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0145.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x8a0 [0145.818] GetConsoleMode (in: hConsoleHandle=0x8a0, lpMode=0xc0001bbcf4 | out: lpMode=0xc0001bbcf4) returned 0 [0145.823] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0146.214] GetFileType (hFile=0x8a0) returned 0x1 [0146.214] GetFileType (hFile=0x8a0) returned 0x1 [0146.214] GetFileInformationByHandle (in: hFile=0x8a0, lpFileInformation=0xc0001bbd44 | out: lpFileInformation=0xc0001bbd44) returned 1 [0146.214] GetFileInformationByHandleEx (in: hFile=0x8a0, FileInformationClass=0x9, lpFileInformation=0xc0001bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bbd28) returned 1 [0146.214] ReadFile (in: hFile=0x8a0, lpBuffer=0xc000282800, nNumberOfBytesToRead=0x7ad, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000282800*, lpNumberOfBytesRead=0xc0001bbc04*=0x5ad, lpOverlapped=0x0) returned 1 [0146.229] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0146.274] ReadFile (in: hFile=0x8a0, lpBuffer=0xc000282dad, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000282dad*, lpNumberOfBytesRead=0xc0001bbc04*=0x0, lpOverlapped=0x0) returned 1 [0146.274] CloseHandle (hObject=0x8a0) returned 1 [0146.274] VirtualAlloc (lpAddress=0xc0002ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ac000 [0146.275] VirtualAlloc (lpAddress=0xc0002ae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ae000 [0146.276] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a0 [0146.277] GetConsoleMode (in: hConsoleHandle=0x8a0, lpMode=0xc0001bbd04 | out: lpMode=0xc0001bbd04) returned 0 [0146.278] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0146.328] GetFileType (hFile=0x8a0) returned 0x1 [0146.328] WriteFile (in: hFile=0x8a0, lpBuffer=0xc0000be600*, nNumberOfBytesToWrite=0x5b0, lpNumberOfBytesWritten=0xc0001bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000be600*, lpNumberOfBytesWritten=0xc0001bbcec*=0x5b0, lpOverlapped=0x0) returned 1 [0146.329] CloseHandle (hObject=0x8a0) returned 1 [0146.330] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0146.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a0 [0146.330] GetConsoleMode (in: hConsoleHandle=0x8a0, lpMode=0xc0001bbd64 | out: lpMode=0xc0001bbd64) returned 0 [0146.338] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0146.359] SetEvent (hEvent=0xc0) returned 1 [0146.359] SetEvent (hEvent=0xc24) returned 1 [0146.359] GetFileType (hFile=0x8a0) returned 0x1 [0146.359] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0146.383] WriteFile (in: hFile=0x8a0, lpBuffer=0xc00007e580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e580*, lpNumberOfBytesWritten=0xc0001bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.384] CloseHandle (hObject=0x8a0) returned 1 [0146.385] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\internet explorer.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\encry-Internet Explorer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\encry-internet explorer.lnk"), dwFlags=0x1) returned 1 [0146.388] SetEvent (hEvent=0x1f8) returned 1 [0146.388] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0146.470] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3033fe30*=0x448, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.471] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0146.471] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3033f698, ulCount=0x10, ulNumEntriesRemoved=0x3033f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3033f698, ulNumEntriesRemoved=0x3033f66c) returned 0 [0146.471] SetEvent (hEvent=0xc0) returned 1 [0146.471] SetEvent (hEvent=0x3b0) returned 1 [0146.471] SetEvent (hEvent=0x1f8) returned 1 [0146.472] SetEvent (hEvent=0xbb0) returned 1 [0146.473] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3033fe08*=0x448, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.479] SetEvent (hEvent=0x324) returned 1 [0146.479] SetEvent (hEvent=0xbd8) returned 1 [0146.479] SetEvent (hEvent=0xc1c) returned 1 [0146.479] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3033fe08*=0x448, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.513] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3033fe30*=0x448, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.515] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0146.515] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3033f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3033f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3033f6a0, ulNumEntriesRemoved=0x3033f674) returned 0 [0146.515] SetEvent (hEvent=0xc0) returned 1 [0146.515] SetEvent (hEvent=0x318) returned 1 [0146.515] SetEvent (hEvent=0xc24) returned 1 [0146.515] SetEvent (hEvent=0xa20) returned 1 [0146.515] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3033fe18*=0x448, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.602] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3033f698, ulCount=0x10, ulNumEntriesRemoved=0x3033f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3033f698, ulNumEntriesRemoved=0x3033f66c) returned 0 [0146.602] SetEvent (hEvent=0x2f4) returned 1 [0146.602] SetEvent (hEvent=0xc24) returned 1 [0146.602] SetEvent (hEvent=0xae8) returned 1 [0146.603] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3033fe08*=0x448, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.611] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0146.611] SetEvent (hEvent=0xc24) returned 1 [0146.611] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3033fe08*=0x448, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.639] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0146.639] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3033fe30*=0x448, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.640] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3033f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3033f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3033f6a0, ulNumEntriesRemoved=0x3033f674) returned 0 [0146.640] SetEvent (hEvent=0xc24) returned 1 [0146.640] SetEvent (hEvent=0x2f4) returned 1 [0146.641] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3033fe18*=0x448, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.643] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0146.643] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0146.645] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x584 [0146.646] GetConsoleMode (in: hConsoleHandle=0x584, lpMode=0xc000177cf4 | out: lpMode=0xc000177cf4) returned 0 [0146.655] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0146.861] GetFileType (hFile=0x584) returned 0x1 [0146.861] GetFileType (hFile=0x584) returned 0x1 [0146.861] GetFileInformationByHandle (in: hFile=0x584, lpFileInformation=0xc000177d44 | out: lpFileInformation=0xc000177d44) returned 1 [0146.861] GetFileInformationByHandleEx (in: hFile=0x584, FileInformationClass=0x9, lpFileInformation=0xc000177d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000177d28) returned 1 [0146.861] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0146.862] ReadFile (in: hFile=0x584, lpBuffer=0xc000040000, nNumberOfBytesToRead=0x2ce, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesRead=0xc000177c04*=0xce, lpOverlapped=0x0) returned 1 [0146.864] ReadFile (in: hFile=0x584, lpBuffer=0xc0000400ce, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000177c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000400ce*, lpNumberOfBytesRead=0xc000177c04*=0x0, lpOverlapped=0x0) returned 1 [0146.864] CloseHandle (hObject=0x584) returned 1 [0146.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x584 [0146.865] GetConsoleMode (in: hConsoleHandle=0x584, lpMode=0xc000177d04 | out: lpMode=0xc000177d04) returned 0 [0146.876] GetFileType (hFile=0x584) returned 0x1 [0146.876] WriteFile (in: hFile=0x584, lpBuffer=0xc00007a0d0*, nNumberOfBytesToWrite=0xd0, lpNumberOfBytesWritten=0xc000177cec, lpOverlapped=0x0 | out: lpBuffer=0xc00007a0d0*, lpNumberOfBytesWritten=0xc000177cec*=0xd0, lpOverlapped=0x0) returned 1 [0146.877] CloseHandle (hObject=0x584) returned 1 [0146.878] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0146.878] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0146.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x584 [0146.879] GetConsoleMode (in: hConsoleHandle=0x584, lpMode=0xc000177d64 | out: lpMode=0xc000177d64) returned 0 [0146.889] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0146.933] GetFileType (hFile=0x584) returned 0x1 [0146.933] WriteFile (in: hFile=0x584, lpBuffer=0xc0002802c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000177d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002802c0*, lpNumberOfBytesWritten=0xc000177d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.934] CloseHandle (hObject=0x584) returned 1 [0146.934] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0146.935] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0146.936] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\compatibility.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-compatibility.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-compatibility.ini"), dwFlags=0x1) returned 1 [0146.938] SetEvent (hEvent=0xbb0) returned 1 [0146.938] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0147.445] SetEvent (hEvent=0x988) returned 1 [0147.445] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0147.465] SetEvent (hEvent=0x318) returned 1 [0147.465] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0147.865] SetEvent (hEvent=0xa48) returned 1 [0147.865] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0147.867] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zUbQnUQ_Do w-B.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zubqnuq_do w-b.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x564 [0147.868] GetConsoleMode (in: hConsoleHandle=0x564, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0147.873] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0147.951] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0147.958] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.959] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0147.959] SetEvent (hEvent=0xb68) returned 1 [0147.960] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0147.975] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\g1 bkExWw19GGl.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\g1 bkexww19ggl.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xc7c [0147.976] GetConsoleMode (in: hConsoleHandle=0xc7c, lpMode=0xc00013dcf4 | out: lpMode=0xc00013dcf4) returned 0 [0147.978] GetFileType (hFile=0xc7c) returned 0x1 [0147.978] GetFileType (hFile=0xc7c) returned 0x1 [0147.978] GetFileInformationByHandle (in: hFile=0xc7c, lpFileInformation=0xc00013dd44 | out: lpFileInformation=0xc00013dd44) returned 1 [0147.978] GetFileInformationByHandleEx (in: hFile=0xc7c, FileInformationClass=0x9, lpFileInformation=0xc00013dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013dd28) returned 1 [0147.978] VirtualAlloc (lpAddress=0xc0004c8000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004c8000 [0147.981] ReadFile (in: hFile=0xc7c, lpBuffer=0xc0004c8000, nNumberOfBytesToRead=0xf9c5, lpNumberOfBytesRead=0xc00013dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004c8000*, lpNumberOfBytesRead=0xc00013dc04*=0xf7c5, lpOverlapped=0x0) returned 1 [0148.621] ReadFile (in: hFile=0xc7c, lpBuffer=0xc0004d77c5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004d77c5*, lpNumberOfBytesRead=0xc00013dc04*=0x0, lpOverlapped=0x0) returned 1 [0148.622] CloseHandle (hObject=0xc7c) returned 1 [0148.622] VirtualAlloc (lpAddress=0xc000678000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000678000 [0148.626] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\g1 bkExWw19GGl.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\g1 bkexww19ggl.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x808 [0150.253] GetConsoleMode (in: hConsoleHandle=0x808, lpMode=0xc00013dd04 | out: lpMode=0xc00013dd04) returned 0 [0150.257] GetFileType (hFile=0x808) returned 0x1 [0150.258] WriteFile (in: hFile=0x808, lpBuffer=0xc000678000*, nNumberOfBytesToWrite=0xf7d0, lpNumberOfBytesWritten=0xc00013dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000678000*, lpNumberOfBytesWritten=0xc00013dcec*=0xf7d0, lpOverlapped=0x0) returned 1 [0150.379] CloseHandle (hObject=0x808) returned 1 [0150.399] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3401 | out: pbBuffer=0xc0001c3401) returned 1 [0150.399] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0150.401] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0150.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\g1 bkExWw19GGl.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\g1 bkexww19ggl.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0150.402] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc00013dd64 | out: lpMode=0xc00013dd64) returned 0 [0150.406] GetFileType (hFile=0x2bc) returned 0x1 [0150.407] WriteFile (in: hFile=0x2bc, lpBuffer=0xc00011c6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c6e0*, lpNumberOfBytesWritten=0xc00013dd4c*=0x158, lpOverlapped=0x0) returned 1 [0150.439] CloseHandle (hObject=0x2bc) returned 1 [0150.527] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0150.528] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\g1 bkExWw19GGl.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\g1 bkexww19ggl.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-g1 bkExWw19GGl.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-g1 bkexww19ggl.png"), dwFlags=0x1) returned 1 [0150.661] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0161.754] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0161.756] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0161.757] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) returned 0x0 [0161.762] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000070580*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0xc0003a9808, lpReserved=0x0 | out: lpBuffer=0xc000070580*, lpNumberOfCharsWritten=0xc0003a9808*=0x3d) returned 1 [0161.763] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.054] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*", lpFindFileData=0xc0003a9a08 | out: lpFindFileData=0xc0003a9a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.054] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0003a9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.054] WaitForSingleObject (hHandle=0x448, dwMilliseconds=0xffffffff) Thread: id = 76 os_tid = 0x1c0 [0141.642] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3053fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3053fea0*=0x490) returned 1 [0141.642] VirtualQuery (in: lpAddress=0x3053fec0, lpBuffer=0x3053fec0, dwLength=0x30 | out: lpBuffer=0x3053fec0*(BaseAddress=0x3053f000, AllocationBase=0x30340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PF7RnC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pf7rnc.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x494 [0141.643] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc0003e7cf4 | out: lpMode=0xc0003e7cf4) returned 0 [0141.643] GetFileType (hFile=0x494) returned 0x1 [0141.643] GetFileType (hFile=0x494) returned 0x1 [0141.643] GetFileInformationByHandle (in: hFile=0x494, lpFileInformation=0xc0003e7d44 | out: lpFileInformation=0xc0003e7d44) returned 1 [0141.643] GetFileInformationByHandleEx (in: hFile=0x494, FileInformationClass=0x9, lpFileInformation=0xc0003e7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003e7d28) returned 1 [0141.643] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0141.644] ReadFile (in: hFile=0x494, lpBuffer=0xc0000ce000, nNumberOfBytesToRead=0x1b5b, lpNumberOfBytesRead=0xc0003e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesRead=0xc0003e7c04*=0x195b, lpOverlapped=0x0) returned 1 [0142.575] ReadFile (in: hFile=0x494, lpBuffer=0xc0000cf95b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000cf95b*, lpNumberOfBytesRead=0xc0003e7c04*=0x0, lpOverlapped=0x0) returned 1 [0142.575] CloseHandle (hObject=0x494) returned 1 [0142.575] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PF7RnC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pf7rnc.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494 [0142.576] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc0003e7d04 | out: lpMode=0xc0003e7d04) returned 0 [0142.775] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb60 [0142.775] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb64 [0142.775] WaitForSingleObject (hHandle=0xb60, dwMilliseconds=0xffffffff) returned 0x0 [0143.690] GetFileType (hFile=0x494) returned 0x1 [0143.690] WriteFile (in: hFile=0x494, lpBuffer=0xc00050d980*, nNumberOfBytesToWrite=0x1960, lpNumberOfBytesWritten=0xc0003e7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesWritten=0xc0003e7cec*=0x1960, lpOverlapped=0x0) returned 1 [0143.691] CloseHandle (hObject=0x494) returned 1 [0143.696] WaitForSingleObject (hHandle=0xb60, dwMilliseconds=0xffffffff) returned 0x0 [0144.390] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b201 | out: pbBuffer=0xc00031b201) returned 1 [0144.390] WaitForSingleObject (hHandle=0xb60, dwMilliseconds=0xffffffff) returned 0x0 [0144.687] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0144.688] SetEvent (hEvent=0x1c4) returned 1 [0144.688] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PF7RnC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pf7rnc.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3fc [0144.688] GetConsoleMode (in: hConsoleHandle=0x3fc, lpMode=0xc0003e7d64 | out: lpMode=0xc0003e7d64) returned 0 [0144.689] WaitForSingleObject (hHandle=0xb60, dwMilliseconds=0xffffffff) returned 0x0 [0145.421] GetFileType (hFile=0x3fc) returned 0x1 [0145.421] WriteFile (in: hFile=0x3fc, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003e7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc0003e7d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.421] CloseHandle (hObject=0x3fc) returned 1 [0145.441] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PF7RnC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pf7rnc.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-PF7RnC.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-pf7rnc.lnk"), dwFlags=0x1) returned 1 [0147.119] WaitForSingleObject (hHandle=0xb60, dwMilliseconds=0xffffffff) returned 0x0 [0147.149] SetEvent (hEvent=0x1a0) returned 1 [0147.149] WaitForSingleObject (hHandle=0xb60, dwMilliseconds=0xffffffff) returned 0x0 [0147.242] SetEvent (hEvent=0xbd8) returned 1 [0147.242] SetEvent (hEvent=0x318) returned 1 [0147.242] WaitForSingleObject (hHandle=0xb60, dwMilliseconds=0xffffffff) returned 0x0 [0147.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5b0 [0147.299] GetConsoleMode (in: hConsoleHandle=0x5b0, lpMode=0xc000157cf4 | out: lpMode=0xc000157cf4) returned 0 [0147.301] WaitForSingleObject (hHandle=0xb60, dwMilliseconds=0xffffffff) returned 0x0 [0147.328] GetFileType (hFile=0x5b0) returned 0x1 [0147.328] GetFileType (hFile=0x5b0) returned 0x1 [0147.329] GetFileInformationByHandle (in: hFile=0x5b0, lpFileInformation=0xc000157d44 | out: lpFileInformation=0xc000157d44) returned 1 [0147.329] GetFileInformationByHandleEx (in: hFile=0x5b0, FileInformationClass=0x9, lpFileInformation=0xc000157d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000157d28) returned 1 [0147.329] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0147.330] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0147.331] ReadFile (in: hFile=0x5b0, lpBuffer=0xc000236000, nNumberOfBytesToRead=0x10f3, lpNumberOfBytesRead=0xc000157c04, lpOverlapped=0x0 | out: lpBuffer=0xc000236000*, lpNumberOfBytesRead=0xc000157c04*=0xef3, lpOverlapped=0x0) returned 1 [0147.708] WaitForSingleObject (hHandle=0xb60, dwMilliseconds=0xffffffff) returned 0x0 [0147.881] ReadFile (in: hFile=0x5b0, lpBuffer=0xc000236ef3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000157c04, lpOverlapped=0x0 | out: lpBuffer=0xc000236ef3*, lpNumberOfBytesRead=0xc000157c04*=0x0, lpOverlapped=0x0) returned 1 [0147.881] CloseHandle (hObject=0x5b0) returned 1 [0147.882] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0147.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40c [0149.131] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc000157d04 | out: lpMode=0xc000157d04) returned 0 [0149.133] GetFileType (hFile=0x40c) returned 0x1 [0149.133] WriteFile (in: hFile=0x40c, lpBuffer=0xc00004d000*, nNumberOfBytesToWrite=0xf00, lpNumberOfBytesWritten=0xc000157cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004d000*, lpNumberOfBytesWritten=0xc000157cec*=0xf00, lpOverlapped=0x0) returned 1 [0149.363] WaitForSingleObject (hHandle=0xb60, dwMilliseconds=0xffffffff) returned 0x0 [0149.371] CloseHandle (hObject=0x40c) returned 1 [0149.454] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0149.455] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0149.455] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc000157d64 | out: lpMode=0xc000157d64) returned 0 [0149.459] GetFileType (hFile=0x2e4) returned 0x1 [0149.459] WriteFile (in: hFile=0x2e4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000157d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000157d4c*=0x158, lpOverlapped=0x0) returned 1 [0149.636] CloseHandle (hObject=0x2e4) returned 1 [0149.681] WaitForSingleObject (hHandle=0xb60, dwMilliseconds=0xffffffff) returned 0x0 [0149.689] SetEvent (hEvent=0xa38) returned 1 [0149.689] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-mimetypes.rdf"), dwFlags=0x1) returned 1 [0151.828] WaitForSingleObject (hHandle=0xb60, dwMilliseconds=0xffffffff) returned 0x0 [0152.280] VirtualFree (lpAddress=0xc000542000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0152.281] VirtualFree (lpAddress=0xc0004cc000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0152.282] VirtualFree (lpAddress=0xc0002fe000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0152.283] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0152.284] VirtualFree (lpAddress=0xc000288000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.285] VirtualFree (lpAddress=0xc00027c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0152.285] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.286] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.287] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.288] SetEvent (hEvent=0x8f8) returned 1 [0152.288] WaitForSingleObject (hHandle=0xb60, dwMilliseconds=0xffffffff) returned 0x0 [0161.381] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\_tkp Vlu9vP97SBcBC.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\_tkp vlu9vp97sbcbc.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0161.992] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004e3cf4 | out: lpMode=0xc0004e3cf4) returned 0 [0162.293] GetFileType (hFile=0x3e0) returned 0x1 [0162.293] GetFileType (hFile=0x3e0) returned 0x1 [0162.293] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc0004e3d44 | out: lpFileInformation=0xc0004e3d44) returned 1 [0162.293] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc0004e3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004e3d28) returned 1 [0162.293] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0162.295] ReadFile (in: hFile=0x3e0, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0xb360, lpNumberOfBytesRead=0xc0004e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc0004e3c04*=0xb160, lpOverlapped=0x0) returned 1 [0162.297] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000265160, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000265160*, lpNumberOfBytesRead=0xc0004e3c04*=0x0, lpOverlapped=0x0) returned 1 [0162.297] CloseHandle (hObject=0x3e0) returned 1 [0162.297] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0162.299] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0162.300] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\_tkp Vlu9vP97SBcBC.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\_tkp vlu9vp97sbcbc.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0162.303] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004e3d04 | out: lpMode=0xc0004e3d04) returned 0 [0162.418] WaitForSingleObject (hHandle=0xb60, dwMilliseconds=0xffffffff) returned 0x0 [0162.587] SetEvent (hEvent=0xc14) returned 1 [0162.588] WaitForSingleObject (hHandle=0xb60, dwMilliseconds=0xffffffff) returned 0x0 [0163.630] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0163.631] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000126000*, nNumberOfCharsToWrite=0x45, lpNumberOfCharsWritten=0xc00039b808, lpReserved=0x0 | out: lpBuffer=0xc000126000*, lpNumberOfCharsWritten=0xc00039b808*=0x45) returned 1 [0163.631] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b101 | out: pbBuffer=0xc00031b101) returned 1 [0163.632] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0163.632] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0166.393] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*", lpFindFileData=0xc00039ba68 | out: lpFindFileData=0xc00039ba68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0166.393] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00039b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0166.393] WaitForSingleObject (hHandle=0xb60, dwMilliseconds=0xffffffff) Thread: id = 77 os_tid = 0x6d8 [0141.646] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3073fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3073fea0*=0x498) returned 1 [0141.646] VirtualQuery (in: lpAddress=0x3073fec0, lpBuffer=0x3073fec0, dwLength=0x30 | out: lpBuffer=0x3073fec0*(BaseAddress=0x3073f000, AllocationBase=0x30540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.646] SetEvent (hEvent=0x264) returned 1 [0141.646] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x49c [0141.646] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4a0 [0141.646] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0xffffffff) returned 0x0 [0141.650] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x474 [0141.651] GetConsoleMode (in: hConsoleHandle=0x474, lpMode=0xc000247cf4 | out: lpMode=0xc000247cf4) returned 0 [0141.653] GetFileType (hFile=0x474) returned 0x1 [0141.653] VirtualAlloc (lpAddress=0xc000330000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000330000 [0141.654] GetFileType (hFile=0x474) returned 0x1 [0141.654] GetFileInformationByHandle (in: hFile=0x474, lpFileInformation=0xc000247d44 | out: lpFileInformation=0xc000247d44) returned 1 [0141.654] GetFileInformationByHandleEx (in: hFile=0x474, FileInformationClass=0x9, lpFileInformation=0xc000247d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000247d28) returned 1 [0141.654] VirtualAlloc (lpAddress=0xc000346000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0141.656] ReadFile (in: hFile=0x474, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x8200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc000247c04*=0x8000, lpOverlapped=0x0) returned 1 [0142.797] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0xffffffff) returned 0x0 [0143.652] ReadFile (in: hFile=0x474, lpBuffer=0xc00034e000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000247c04, lpOverlapped=0x0 | out: lpBuffer=0xc00034e000*, lpNumberOfBytesRead=0xc000247c04*=0x0, lpOverlapped=0x0) returned 1 [0143.652] CloseHandle (hObject=0x474) returned 1 [0143.652] VirtualAlloc (lpAddress=0xc000768000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000768000 [0143.654] VirtualAlloc (lpAddress=0xc00076a000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00076a000 [0143.656] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0143.657] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat\\*", lpFindFileData=0xc000247a08 | out: lpFindFileData=0xc000247a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0143.657] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000247720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0143.657] SetEvent (hEvent=0xbe0) returned 1 [0143.657] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0xffffffff) returned 0x0 [0143.663] SetEvent (hEvent=0xb58) returned 1 [0143.664] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0xffffffff) returned 0x0 [0143.668] SetEvent (hEvent=0x43c) returned 1 [0143.668] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0xffffffff) returned 0x0 [0143.689] SetEvent (hEvent=0xb60) returned 1 [0143.689] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0xffffffff) returned 0x0 [0143.691] SetEvent (hEvent=0xa38) returned 1 [0143.692] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0xffffffff) returned 0x0 [0143.696] SetEvent (hEvent=0xb68) returned 1 [0143.696] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0xffffffff) returned 0x0 [0143.701] SetEvent (hEvent=0xa40) returned 1 [0143.701] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0xffffffff) returned 0x0 [0143.702] SetEvent (hEvent=0x13c) returned 1 [0143.703] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0xffffffff) returned 0x0 [0143.714] SetEvent (hEvent=0x13c) returned 1 [0143.714] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0xffffffff) returned 0x0 [0143.731] SetEvent (hEvent=0x13c) returned 1 [0143.731] SetEvent (hEvent=0x9a0) returned 1 [0143.731] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0xffffffff) returned 0x0 [0143.739] SetEvent (hEvent=0xc0c) returned 1 [0143.739] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0xffffffff) returned 0x0 [0143.747] SetEvent (hEvent=0xa58) returned 1 [0143.747] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0xffffffff) returned 0x0 [0143.774] SetEvent (hEvent=0xc1c) returned 1 [0143.774] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0xffffffff) returned 0x0 [0143.784] SetEvent (hEvent=0xc2c) returned 1 [0143.784] WaitForSingleObject (hHandle=0x49c, dwMilliseconds=0xffffffff) Thread: id = 78 os_tid = 0x7bc [0141.652] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3093fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3093fea0*=0x4a8) returned 1 [0141.652] VirtualQuery (in: lpAddress=0x3093fec0, lpBuffer=0x3093fec0, dwLength=0x30 | out: lpBuffer=0x3093fec0*(BaseAddress=0x3093f000, AllocationBase=0x30740000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FfgTdr1eaVS eQs.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ffgtdr1eavs eqs.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4ac [0141.653] GetConsoleMode (in: hConsoleHandle=0x4ac, lpMode=0xc000395cf4 | out: lpMode=0xc000395cf4) returned 0 [0141.657] GetFileType (hFile=0x4ac) returned 0x1 [0141.657] GetFileType (hFile=0x4ac) returned 0x1 [0141.657] GetFileInformationByHandle (in: hFile=0x4ac, lpFileInformation=0xc000395d44 | out: lpFileInformation=0xc000395d44) returned 1 [0141.657] GetFileInformationByHandleEx (in: hFile=0x4ac, FileInformationClass=0x9, lpFileInformation=0xc000395d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000395d28) returned 1 [0141.657] ReadFile (in: hFile=0x4ac, lpBuffer=0xc000077300, nNumberOfBytesToRead=0x1105, lpNumberOfBytesRead=0xc000395c04, lpOverlapped=0x0 | out: lpBuffer=0xc000077300*, lpNumberOfBytesRead=0xc000395c04*=0xf05, lpOverlapped=0x0) returned 1 [0142.581] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3dc [0142.581] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8b4 [0142.581] WaitForSingleObject (hHandle=0x3dc, dwMilliseconds=0xffffffff) returned 0x0 [0143.050] ReadFile (in: hFile=0x4ac, lpBuffer=0xc000078205, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000395c04, lpOverlapped=0x0 | out: lpBuffer=0xc000078205*, lpNumberOfBytesRead=0xc000395c04*=0x0, lpOverlapped=0x0) returned 1 [0143.050] CloseHandle (hObject=0x4ac) returned 1 [0143.050] VirtualAlloc (lpAddress=0xc0007b4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007b4000 [0143.051] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FfgTdr1eaVS eQs.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ffgtdr1eavs eqs.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac [0143.052] GetConsoleMode (in: hConsoleHandle=0x4ac, lpMode=0xc000395d04 | out: lpMode=0xc000395d04) returned 0 [0143.053] GetFileType (hFile=0x4ac) returned 0x1 [0143.053] WriteFile (in: hFile=0x4ac, lpBuffer=0xc0002fb000*, nNumberOfBytesToWrite=0xf10, lpNumberOfBytesWritten=0xc000395cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002fb000*, lpNumberOfBytesWritten=0xc000395cec*=0xf10, lpOverlapped=0x0) returned 1 [0143.056] CloseHandle (hObject=0x4ac) returned 1 [0143.056] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b301 | out: pbBuffer=0xc00031b301) returned 1 [0143.057] VirtualAlloc (lpAddress=0xc0007b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007b6000 [0143.058] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FfgTdr1eaVS eQs.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ffgtdr1eavs eqs.mkv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac [0143.058] GetConsoleMode (in: hConsoleHandle=0x4ac, lpMode=0xc000395d64 | out: lpMode=0xc000395d64) returned 0 [0143.062] WaitForSingleObject (hHandle=0x3dc, dwMilliseconds=0xffffffff) returned 0x0 [0144.359] GetFileType (hFile=0x4ac) returned 0x1 [0144.359] WriteFile (in: hFile=0x4ac, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000395d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc000395d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.360] CloseHandle (hObject=0x4ac) returned 1 [0144.360] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0144.361] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FfgTdr1eaVS eQs.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ffgtdr1eavs eqs.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-FfgTdr1eaVS eQs.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-ffgtdr1eavs eqs.mkv.lnk"), dwFlags=0x1) returned 1 [0144.363] SetEvent (hEvent=0x108) returned 1 [0144.363] WaitForSingleObject (hHandle=0x3dc, dwMilliseconds=0xffffffff) returned 0x0 [0144.372] SetEvent (hEvent=0xbc0) returned 1 [0144.372] SetEvent (hEvent=0x988) returned 1 [0144.372] WaitForSingleObject (hHandle=0x3dc, dwMilliseconds=0xffffffff) returned 0x0 [0144.377] VirtualFree (lpAddress=0xc000776000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.379] VirtualFree (lpAddress=0xc00025a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.379] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.380] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.381] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.382] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.383] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.384] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.384] SetEvent (hEvent=0x29c) returned 1 [0144.384] WaitForSingleObject (hHandle=0x3dc, dwMilliseconds=0xffffffff) returned 0x0 [0144.393] SetEvent (hEvent=0xa08) returned 1 [0144.393] WaitForSingleObject (hHandle=0x3dc, dwMilliseconds=0xffffffff) Thread: id = 79 os_tid = 0x518 [0141.658] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x30b3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x30b3fea0*=0x4b0) returned 1 [0141.659] VirtualQuery (in: lpAddress=0x30b3fec0, lpBuffer=0x30b3fec0, dwLength=0x30 | out: lpBuffer=0x30b3fec0*(BaseAddress=0x30b3f000, AllocationBase=0x30940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PFNUYD06e.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pfnuyd06e.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4b4 [0141.660] GetConsoleMode (in: hConsoleHandle=0x4b4, lpMode=0xc0003d9cf4 | out: lpMode=0xc0003d9cf4) returned 0 [0141.660] GetFileType (hFile=0x4b4) returned 0x1 [0141.660] GetFileType (hFile=0x4b4) returned 0x1 [0141.660] GetFileInformationByHandle (in: hFile=0x4b4, lpFileInformation=0xc0003d9d44 | out: lpFileInformation=0xc0003d9d44) returned 1 [0141.660] GetFileInformationByHandleEx (in: hFile=0x4b4, FileInformationClass=0x9, lpFileInformation=0xc0003d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003d9d28) returned 1 [0141.660] ReadFile (in: hFile=0x4b4, lpBuffer=0xc000198480, nNumberOfBytesToRead=0x43e, lpNumberOfBytesRead=0xc0003d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000198480*, lpNumberOfBytesRead=0xc0003d9c04*=0x23e, lpOverlapped=0x0) returned 1 [0142.582] ReadFile (in: hFile=0x4b4, lpBuffer=0xc0001986be, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001986be*, lpNumberOfBytesRead=0xc0003d9c04*=0x0, lpOverlapped=0x0) returned 1 [0142.582] CloseHandle (hObject=0x4b4) returned 1 [0142.582] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PFNUYD06e.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pfnuyd06e.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b4 [0142.583] GetConsoleMode (in: hConsoleHandle=0x4b4, lpMode=0xc0003d9d04 | out: lpMode=0xc0003d9d04) returned 0 [0142.791] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbb8 [0142.791] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbbc [0142.791] WaitForSingleObject (hHandle=0xbb8, dwMilliseconds=0xffffffff) returned 0x0 [0143.551] GetFileType (hFile=0x4b4) returned 0x1 [0143.551] WriteFile (in: hFile=0x4b4, lpBuffer=0xc000250fc0*, nNumberOfBytesToWrite=0x240, lpNumberOfBytesWritten=0xc0003d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000250fc0*, lpNumberOfBytesWritten=0xc0003d9cec*=0x240, lpOverlapped=0x0) returned 1 [0143.552] CloseHandle (hObject=0x4b4) returned 1 [0143.553] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0143.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PFNUYD06e.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pfnuyd06e.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b4 [0143.553] GetConsoleMode (in: hConsoleHandle=0x4b4, lpMode=0xc0003d9d64 | out: lpMode=0xc0003d9d64) returned 0 [0143.557] GetFileType (hFile=0x4b4) returned 0x1 [0143.557] WriteFile (in: hFile=0x4b4, lpBuffer=0xc000682f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000682f20*, lpNumberOfBytesWritten=0xc0003d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.557] CloseHandle (hObject=0x4b4) returned 1 [0143.557] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PFNUYD06e.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pfnuyd06e.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-PFNUYD06e.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-pfnuyd06e.lnk"), dwFlags=0x1) returned 1 [0143.640] WaitForSingleObject (hHandle=0xbb8, dwMilliseconds=0xffffffff) returned 0x0 [0144.194] SetEvent (hEvent=0x908) returned 1 [0144.194] WaitForSingleObject (hHandle=0xbb8, dwMilliseconds=0xffffffff) returned 0x0 [0144.211] SetEvent (hEvent=0xbc0) returned 1 [0144.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7c4 [0144.212] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc0001cdcf4 | out: lpMode=0xc0001cdcf4) returned 0 [0144.216] WaitForSingleObject (hHandle=0xbb8, dwMilliseconds=0xffffffff) returned 0x0 [0144.582] WaitForSingleObject (hHandle=0xbb8, dwMilliseconds=0xffffffff) returned 0x0 [0144.583] SetEvent (hEvent=0x948) returned 1 [0144.583] WaitForSingleObject (hHandle=0xbb8, dwMilliseconds=0xffffffff) Thread: id = 80 os_tid = 0x7ec [0141.661] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x30d3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x30d3fea0*=0x4b8) returned 1 [0141.662] VirtualQuery (in: lpAddress=0x30d3fec0, lpBuffer=0x30d3fec0, dwLength=0x30 | out: lpBuffer=0x30d3fec0*(BaseAddress=0x30d3f000, AllocationBase=0x30b40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.662] VirtualAlloc (lpAddress=0xc0002d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d0000 [0141.662] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0141.663] VirtualAlloc (lpAddress=0xc0002f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f4000 [0141.664] VirtualAlloc (lpAddress=0xc0002f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f6000 [0141.664] VirtualAlloc (lpAddress=0xc0002f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f8000 [0141.665] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4bc [0141.666] GetConsoleMode (in: hConsoleHandle=0x4bc, lpMode=0xc0002d9cf4 | out: lpMode=0xc0002d9cf4) returned 0 [0141.667] GetFileType (hFile=0x4bc) returned 0x1 [0141.667] GetFileType (hFile=0x4bc) returned 0x1 [0141.667] GetFileInformationByHandle (in: hFile=0x4bc, lpFileInformation=0xc0002d9d44 | out: lpFileInformation=0xc0002d9d44) returned 1 [0141.667] GetFileInformationByHandleEx (in: hFile=0x4bc, FileInformationClass=0x9, lpFileInformation=0xc0002d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d9d28) returned 1 [0141.667] VirtualAlloc (lpAddress=0xc0002fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fa000 [0141.667] ReadFile (in: hFile=0x4bc, lpBuffer=0xc0002fa000, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fa000*, lpNumberOfBytesRead=0xc0002d9c04*=0xe00, lpOverlapped=0x0) returned 1 [0142.797] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbe0 [0142.797] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbe4 [0142.797] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) returned 0x0 [0143.659] ReadFile (in: hFile=0x4bc, lpBuffer=0xc0002fae00, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fae00*, lpNumberOfBytesRead=0xc0002d9c04*=0x0, lpOverlapped=0x0) returned 1 [0143.659] CloseHandle (hObject=0x4bc) returned 1 [0143.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4bc [0143.661] GetConsoleMode (in: hConsoleHandle=0x4bc, lpMode=0xc0002d9d04 | out: lpMode=0xc0002d9d04) returned 0 [0143.664] GetFileType (hFile=0x4bc) returned 0x1 [0143.664] WriteFile (in: hFile=0x4bc, lpBuffer=0xc000763000*, nNumberOfBytesToWrite=0xe10, lpNumberOfBytesWritten=0xc0002d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000763000*, lpNumberOfBytesWritten=0xc0002d9cec*=0xe10, lpOverlapped=0x0) returned 1 [0143.665] CloseHandle (hObject=0x4bc) returned 1 [0143.665] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0143.666] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4bc [0143.666] GetConsoleMode (in: hConsoleHandle=0x4bc, lpMode=0xc0002d9d64 | out: lpMode=0xc0002d9d64) returned 0 [0143.668] GetFileType (hFile=0x4bc) returned 0x1 [0143.668] WriteFile (in: hFile=0x4bc, lpBuffer=0xc000682f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000682f20*, lpNumberOfBytesWritten=0xc0002d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.668] CloseHandle (hObject=0x4bc) returned 1 [0143.669] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\eb282ead62b4db87.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\eb282ead62b4db87.automaticdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\encry-eb282ead62b4db87.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\encry-eb282ead62b4db87.automaticdestinations-ms"), dwFlags=0x1) returned 1 [0143.764] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) returned 0x0 [0144.587] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) returned 0x0 [0144.591] SetEvent (hEvent=0xc6c) returned 1 [0144.591] SetEvent (hEvent=0xa48) returned 1 [0144.592] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) returned 0x0 [0144.600] VirtualFree (lpAddress=0xc00067a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0144.601] VirtualFree (lpAddress=0xc0002a6000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0144.602] VirtualFree (lpAddress=0xc000184000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.603] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.603] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.604] SetEvent (hEvent=0xc80) returned 1 [0144.604] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) returned 0x0 [0145.975] SetEvent (hEvent=0xc4c) returned 1 [0145.975] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) returned 0x0 [0146.026] SetEvent (hEvent=0xc54) returned 1 [0146.026] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) returned 0x0 [0146.037] SetEvent (hEvent=0xa68) returned 1 [0146.037] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) returned 0x0 [0146.048] SetEvent (hEvent=0xb10) returned 1 [0146.048] SetEvent (hEvent=0x9e8) returned 1 [0146.048] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) returned 0x0 [0146.067] VirtualFree (lpAddress=0xc000756000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.068] VirtualFree (lpAddress=0xc0006ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.069] VirtualFree (lpAddress=0xc000284000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.070] VirtualFree (lpAddress=0xc000234000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0146.070] VirtualFree (lpAddress=0xc000226000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.071] VirtualFree (lpAddress=0xc000220000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0146.071] VirtualFree (lpAddress=0xc00021a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.072] VirtualFree (lpAddress=0xc000216000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.073] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.073] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.074] SetEvent (hEvent=0xa40) returned 1 [0146.074] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) returned 0x0 [0146.077] SetEvent (hEvent=0xb80) returned 1 [0146.077] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) returned 0x0 [0146.096] SetEvent (hEvent=0xc24) returned 1 [0146.096] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) returned 0x0 [0146.105] SetEvent (hEvent=0xa08) returned 1 [0146.105] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) returned 0x0 [0146.123] SetEvent (hEvent=0xc5c) returned 1 [0146.123] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) returned 0x0 [0146.129] SetEvent (hEvent=0xa80) returned 1 [0146.129] SetEvent (hEvent=0xc0c) returned 1 [0146.129] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) returned 0x0 [0146.140] SetEvent (hEvent=0x108) returned 1 [0146.140] WaitForSingleObject (hHandle=0xbe0, dwMilliseconds=0xffffffff) Thread: id = 81 os_tid = 0x774 [0141.668] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x30f3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x30f3fea0*=0x4a4) returned 1 [0141.668] VirtualQuery (in: lpAddress=0x30f3fec0, lpBuffer=0x30f3fec0, dwLength=0x30 | out: lpBuffer=0x30f3fec0*(BaseAddress=0x30f3f000, AllocationBase=0x30d40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.668] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FwQWWx1OR2 gTb6tE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fwqwwx1or2 gtb6te.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4c0 [0141.669] GetConsoleMode (in: hConsoleHandle=0x4c0, lpMode=0xc00039fcf4 | out: lpMode=0xc00039fcf4) returned 0 [0141.670] GetFileType (hFile=0x4c0) returned 0x1 [0141.670] GetFileType (hFile=0x4c0) returned 0x1 [0141.670] GetFileInformationByHandle (in: hFile=0x4c0, lpFileInformation=0xc00039fd44 | out: lpFileInformation=0xc00039fd44) returned 1 [0141.670] GetFileInformationByHandleEx (in: hFile=0x4c0, FileInformationClass=0x9, lpFileInformation=0xc00039fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00039fd28) returned 1 [0141.670] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0141.671] ReadFile (in: hFile=0x4c0, lpBuffer=0xc000292000, nNumberOfBytesToRead=0xc84, lpNumberOfBytesRead=0xc00039fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000292000*, lpNumberOfBytesRead=0xc00039fc04*=0xa84, lpOverlapped=0x0) returned 1 [0142.586] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8b8 [0142.586] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8bc [0142.586] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0143.068] ReadFile (in: hFile=0x4c0, lpBuffer=0xc000292a84, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00039fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000292a84*, lpNumberOfBytesRead=0xc00039fc04*=0x0, lpOverlapped=0x0) returned 1 [0143.068] CloseHandle (hObject=0x4c0) returned 1 [0143.068] VirtualAlloc (lpAddress=0xc0007b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007b8000 [0143.069] VirtualAlloc (lpAddress=0xc0007ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ba000 [0143.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FwQWWx1OR2 gTb6tE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fwqwwx1or2 gtb6te.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0 [0143.071] GetConsoleMode (in: hConsoleHandle=0x4c0, lpMode=0xc00039fd04 | out: lpMode=0xc00039fd04) returned 0 [0143.076] GetFileType (hFile=0x4c0) returned 0x1 [0143.076] WriteFile (in: hFile=0x4c0, lpBuffer=0xc000234400*, nNumberOfBytesToWrite=0xa90, lpNumberOfBytesWritten=0xc00039fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000234400*, lpNumberOfBytesWritten=0xc00039fcec*=0xa90, lpOverlapped=0x0) returned 1 [0143.078] CloseHandle (hObject=0x4c0) returned 1 [0143.078] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0143.078] VirtualAlloc (lpAddress=0xc0007bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007bc000 [0143.079] VirtualAlloc (lpAddress=0xc0007be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007be000 [0143.080] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FwQWWx1OR2 gTb6tE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fwqwwx1or2 gtb6te.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4c0 [0143.080] GetConsoleMode (in: hConsoleHandle=0x4c0, lpMode=0xc00039fd64 | out: lpMode=0xc00039fd64) returned 0 [0143.089] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0144.408] GetFileType (hFile=0x4c0) returned 0x1 [0144.408] WriteFile (in: hFile=0x4c0, lpBuffer=0xc0006142c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00039fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006142c0*, lpNumberOfBytesWritten=0xc00039fd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.409] CloseHandle (hObject=0x4c0) returned 1 [0144.410] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0144.411] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FwQWWx1OR2 gTb6tE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fwqwwx1or2 gtb6te.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-FwQWWx1OR2 gTb6tE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-fwqwwx1or2 gtb6te.lnk"), dwFlags=0x1) returned 1 [0144.414] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x30f3f698, ulCount=0x10, ulNumEntriesRemoved=0x30f3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x30f3f698, ulNumEntriesRemoved=0x30f3f66c) returned 0 [0144.414] SetEvent (hEvent=0x5cc) returned 1 [0144.414] SetEvent (hEvent=0xbc0) returned 1 [0144.414] SetEvent (hEvent=0x29c) returned 1 [0144.415] WaitForMultipleObjects (nCount=0x2, lpHandles=0x30f3fe08*=0x8b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.426] SetEvent (hEvent=0x29c) returned 1 [0144.426] SetEvent (hEvent=0xbc0) returned 1 [0144.426] WaitForMultipleObjects (nCount=0x2, lpHandles=0x30f3fe08*=0x8b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.431] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0144.431] WaitForMultipleObjects (nCount=0x2, lpHandles=0x30f3fe30*=0x8b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.432] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x30f3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x30f3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x30f3f6a0, ulNumEntriesRemoved=0x30f3f674) returned 0 [0144.432] SetEvent (hEvent=0x5cc) returned 1 [0144.433] SetEvent (hEvent=0x29c) returned 1 [0144.433] SetEvent (hEvent=0xbc0) returned 1 [0144.433] WaitForMultipleObjects (nCount=0x2, lpHandles=0x30f3fe18*=0x8b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.494] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0144.494] WaitForMultipleObjects (nCount=0x2, lpHandles=0x30f3fe30*=0x8b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.495] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x30f3f698, ulCount=0x10, ulNumEntriesRemoved=0x30f3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x30f3f698, ulNumEntriesRemoved=0x30f3f66c) returned 0 [0144.495] SetEvent (hEvent=0x29c) returned 1 [0144.495] SetEvent (hEvent=0xbc0) returned 1 [0144.495] SetEvent (hEvent=0x8c8) returned 1 [0144.497] WaitForMultipleObjects (nCount=0x2, lpHandles=0x30f3fe08*=0x8b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.500] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0144.501] SetEvent (hEvent=0x8c8) returned 1 [0144.501] WaitForMultipleObjects (nCount=0x2, lpHandles=0x30f3fe08*=0x8b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.508] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0144.508] WaitForMultipleObjects (nCount=0x2, lpHandles=0x30f3fe30*=0x8b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.509] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0144.509] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x30f3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x30f3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x30f3f6a0, ulNumEntriesRemoved=0x30f3f674) returned 0 [0144.509] SetEvent (hEvent=0x8c8) returned 1 [0144.509] SetEvent (hEvent=0x26c) returned 1 [0144.509] SetEvent (hEvent=0xb20) returned 1 [0144.509] WaitForMultipleObjects (nCount=0x2, lpHandles=0x30f3fe18*=0x8b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.524] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0144.524] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x30f3f698, ulCount=0x10, ulNumEntriesRemoved=0x30f3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x30f3f698, ulNumEntriesRemoved=0x30f3f66c) returned 0 [0144.524] SetEvent (hEvent=0xb20) returned 1 [0144.524] SetEvent (hEvent=0x604) returned 1 [0144.524] SetEvent (hEvent=0xc54) returned 1 [0144.526] WaitForMultipleObjects (nCount=0x2, lpHandles=0x30f3fe08*=0x8b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.529] SetEvent (hEvent=0xc54) returned 1 [0144.529] SetEvent (hEvent=0x604) returned 1 [0144.529] WaitForMultipleObjects (nCount=0x2, lpHandles=0x30f3fe08*=0x8b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.534] WaitForMultipleObjects (nCount=0x2, lpHandles=0x30f3fe30*=0x8b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.537] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x30f3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x30f3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x30f3f6a0, ulNumEntriesRemoved=0x30f3f674) returned 0 [0144.537] SetEvent (hEvent=0xc54) returned 1 [0144.537] SetEvent (hEvent=0x604) returned 1 [0144.537] SetEvent (hEvent=0x3c8) returned 1 [0144.537] WaitForMultipleObjects (nCount=0x2, lpHandles=0x30f3fe18*=0x8b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.554] GetFileType (hFile=0x710) returned 0x1 [0144.554] WriteFile (in: hFile=0x710, lpBuffer=0xc00021ab00*, nNumberOfBytesToWrite=0x550, lpNumberOfBytesWritten=0xc0003bdcec, lpOverlapped=0x0 | out: lpBuffer=0xc00021ab00*, lpNumberOfBytesWritten=0xc0003bdcec*=0x550, lpOverlapped=0x0) returned 1 [0144.555] CloseHandle (hObject=0x710) returned 1 [0144.555] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0144.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x710 [0144.555] GetConsoleMode (in: hConsoleHandle=0x710, lpMode=0xc0003bdd64 | out: lpMode=0xc0003bdd64) returned 0 [0144.559] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0144.889] GetFileType (hFile=0x710) returned 0x1 [0144.889] WriteFile (in: hFile=0x710, lpBuffer=0xc0002909a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003bdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002909a0*, lpNumberOfBytesWritten=0xc0003bdd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.889] CloseHandle (hObject=0x710) returned 1 [0144.894] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-My Pictures.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-my pictures.lnk"), dwFlags=0x1) returned 1 [0146.138] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0146.254] SetEvent (hEvent=0x978) returned 1 [0146.254] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0146.267] SetEvent (hEvent=0xc24) returned 1 [0146.267] SetEvent (hEvent=0xc74) returned 1 [0146.267] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0146.274] SetEvent (hEvent=0x448) returned 1 [0146.274] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0146.279] SetEvent (hEvent=0xbd8) returned 1 [0146.279] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0146.296] VirtualFree (lpAddress=0xc000614000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.297] VirtualFree (lpAddress=0xc0002a8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.297] VirtualFree (lpAddress=0xc000290000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.298] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.299] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.299] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.300] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.300] SetEvent (hEvent=0xc1c) returned 1 [0146.300] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0147.950] SetEvent (hEvent=0x274) returned 1 [0147.950] SetEvent (hEvent=0x1f8) returned 1 [0147.950] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0147.975] SetEvent (hEvent=0x254) returned 1 [0147.975] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0147.988] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0147.990] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010080*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000195818, lpReserved=0x0 | out: lpBuffer=0xc000010080*, lpNumberOfCharsWritten=0xc000195818*=0x4) returned 1 [0147.991] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010088*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002a3818, lpReserved=0x0 | out: lpBuffer=0xc000010088*, lpNumberOfCharsWritten=0xc0002a3818*=0x4) returned 1 [0147.998] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206138*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00044f818, lpReserved=0x0 | out: lpBuffer=0xc000206138*, lpNumberOfCharsWritten=0xc00044f818*=0x4) returned 1 [0147.999] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0147.999] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002062f0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000389818, lpReserved=0x0 | out: lpBuffer=0xc0002062f0*, lpNumberOfCharsWritten=0xc000389818*=0x4) returned 1 [0148.001] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0148.007] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206060*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000257818, lpReserved=0x0 | out: lpBuffer=0xc000206060*, lpNumberOfCharsWritten=0xc000257818*=0x4) returned 1 [0148.012] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206068*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003c7818, lpReserved=0x0 | out: lpBuffer=0xc000206068*, lpNumberOfCharsWritten=0xc0003c7818*=0x4) returned 1 [0148.018] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206080*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000425818, lpReserved=0x0 | out: lpBuffer=0xc000206080*, lpNumberOfCharsWritten=0xc000425818*=0x4) returned 1 [0148.024] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010120*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00029d818, lpReserved=0x0 | out: lpBuffer=0xc000010120*, lpNumberOfCharsWritten=0xc00029d818*=0x4) returned 1 [0148.032] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010128*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000475818, lpReserved=0x0 | out: lpBuffer=0xc000010128*, lpNumberOfCharsWritten=0xc000475818*=0x4) returned 1 [0148.040] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0120*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003f3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0120*, lpNumberOfCharsWritten=0xc0003f3818*=0x4) returned 1 [0148.044] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0128*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000395818, lpReserved=0x0 | out: lpBuffer=0xc0000a0128*, lpNumberOfCharsWritten=0xc000395818*=0x4) returned 1 [0148.050] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0130*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001cf818, lpReserved=0x0 | out: lpBuffer=0xc0000a0130*, lpNumberOfCharsWritten=0xc0001cf818*=0x4) returned 1 [0148.055] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0138*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00039f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0138*, lpNumberOfCharsWritten=0xc00039f818*=0x4) returned 1 [0148.062] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0140*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000133818, lpReserved=0x0 | out: lpBuffer=0xc0000a0140*, lpNumberOfCharsWritten=0xc000133818*=0x4) returned 1 [0148.064] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0148*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000279818, lpReserved=0x0 | out: lpBuffer=0xc0000a0148*, lpNumberOfCharsWritten=0xc000279818*=0x4) returned 1 [0148.071] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0160*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000253818, lpReserved=0x0 | out: lpBuffer=0xc0000a0160*, lpNumberOfCharsWritten=0xc000253818*=0x4) returned 1 [0148.075] SetEvent (hEvent=0x9a0) returned 1 [0148.075] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0168*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003ab818, lpReserved=0x0 | out: lpBuffer=0xc0000a0168*, lpNumberOfCharsWritten=0xc0003ab818*=0x4) returned 1 [0148.076] SetEvent (hEvent=0x9a0) returned 1 [0148.076] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010388*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000467818, lpReserved=0x0 | out: lpBuffer=0xc000010388*, lpNumberOfCharsWritten=0xc000467818*=0x4) returned 1 [0148.077] SetEvent (hEvent=0x9a0) returned 1 [0148.077] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010390*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00041b818, lpReserved=0x0 | out: lpBuffer=0xc000010390*, lpNumberOfCharsWritten=0xc00041b818*=0x4) returned 1 [0148.078] SetEvent (hEvent=0x9a0) returned 1 [0148.078] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010398*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00049f818, lpReserved=0x0 | out: lpBuffer=0xc000010398*, lpNumberOfCharsWritten=0xc00049f818*=0x4) returned 1 [0148.078] SetEvent (hEvent=0x9a0) returned 1 [0148.078] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000103c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000275818, lpReserved=0x0 | out: lpBuffer=0xc0000103c0*, lpNumberOfCharsWritten=0xc000275818*=0x4) returned 1 [0148.079] SetEvent (hEvent=0x9a0) returned 1 [0148.079] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0148.080] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0170*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001e7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0170*, lpNumberOfCharsWritten=0xc0001e7818*=0x4) returned 1 [0148.081] SetEvent (hEvent=0x9a0) returned 1 [0148.081] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0178*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003ad818, lpReserved=0x0 | out: lpBuffer=0xc0000a0178*, lpNumberOfCharsWritten=0xc0003ad818*=0x4) returned 1 [0148.081] SetEvent (hEvent=0x9a0) returned 1 [0148.082] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0180*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000383818, lpReserved=0x0 | out: lpBuffer=0xc0000a0180*, lpNumberOfCharsWritten=0xc000383818*=0x4) returned 1 [0148.082] SetEvent (hEvent=0x9a0) returned 1 [0148.082] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586588*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000229818, lpReserved=0x0 | out: lpBuffer=0xc000586588*, lpNumberOfCharsWritten=0xc000229818*=0x4) returned 1 [0148.083] SetEvent (hEvent=0x9a0) returned 1 [0148.083] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586590*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003e1818, lpReserved=0x0 | out: lpBuffer=0xc000586590*, lpNumberOfCharsWritten=0xc0003e1818*=0x4) returned 1 [0148.084] SetEvent (hEvent=0x9a0) returned 1 [0148.084] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586598*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003ed818, lpReserved=0x0 | out: lpBuffer=0xc000586598*, lpNumberOfCharsWritten=0xc0003ed818*=0x4) returned 1 [0148.085] SetEvent (hEvent=0x9a0) returned 1 [0148.085] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005865d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001fd818, lpReserved=0x0 | out: lpBuffer=0xc0005865d0*, lpNumberOfCharsWritten=0xc0001fd818*=0x4) returned 1 [0148.086] SetEvent (hEvent=0x9a0) returned 1 [0148.086] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0148.087] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000040240*, nNumberOfCharsToWrite=0x108, lpNumberOfCharsWritten=0xc00049d808, lpReserved=0x0 | out: lpBuffer=0xc000040240*, lpNumberOfCharsWritten=0xc00049d808*=0x108) returned 1 [0148.089] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0148.093] SetEvent (hEvent=0xb48) returned 1 [0148.093] SetEvent (hEvent=0xbf0) returned 1 [0148.093] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005865e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002d9818, lpReserved=0x0 | out: lpBuffer=0xc0005865e0*, lpNumberOfCharsWritten=0xc0002d9818*=0x4) returned 1 [0148.095] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010080*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001ad818, lpReserved=0x0 | out: lpBuffer=0xc000010080*, lpNumberOfCharsWritten=0xc0001ad818*=0x4) returned 1 [0148.104] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000fe000*, nNumberOfCharsToWrite=0x6b, lpNumberOfCharsWritten=0xc000047808, lpReserved=0x0 | out: lpBuffer=0xc0000fe000*, lpNumberOfCharsWritten=0xc000047808*=0x6b) returned 1 [0148.106] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0148.110] SetEvent (hEvent=0xbf0) returned 1 [0148.110] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0148.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0148.111] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000047d64 | out: lpMode=0xc000047d64) returned 0 [0148.113] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0148.117] GetFileType (hFile=0x2b4) returned 0x1 [0148.117] WriteFile (in: hFile=0x2b4, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000047d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000047d4c*=0x158, lpOverlapped=0x0) returned 1 [0149.232] CloseHandle (hObject=0x2b4) returned 1 [0149.370] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\encry-Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0149.617] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x30f3f698, ulCount=0x10, ulNumEntriesRemoved=0x30f3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x30f3f698, ulNumEntriesRemoved=0x30f3f66c) returned 0 [0149.617] SetEvent (hEvent=0xc24) returned 1 [0149.618] WaitForMultipleObjects (nCount=0x2, lpHandles=0x30f3fe08*=0x8b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0149.619] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0149.619] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x30f3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x30f3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x30f3f6a0, ulNumEntriesRemoved=0x30f3f674) returned 0 [0149.620] SetEvent (hEvent=0xc24) returned 1 [0149.620] WaitForMultipleObjects (nCount=0x2, lpHandles=0x30f3fe18*=0x8b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0149.635] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0149.635] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0149.687] SetEvent (hEvent=0x324) returned 1 [0149.687] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0149.704] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) returned 0x0 [0150.361] SetEvent (hEvent=0xc1c) returned 1 [0150.362] WaitForSingleObject (hHandle=0x8b8, dwMilliseconds=0xffffffff) Thread: id = 82 os_tid = 0x7a4 [0141.671] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3113fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3113fea0*=0x4c8) returned 1 [0141.671] VirtualQuery (in: lpAddress=0x3113fec0, lpBuffer=0x3113fec0, dwLength=0x30 | out: lpBuffer=0x3113fec0*(BaseAddress=0x3113f000, AllocationBase=0x30f40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.671] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4cc [0141.672] GetConsoleMode (in: hConsoleHandle=0x4cc, lpMode=0xc00024dcf4 | out: lpMode=0xc00024dcf4) returned 0 [0141.674] GetFileType (hFile=0x4cc) returned 0x1 [0141.674] GetFileType (hFile=0x4cc) returned 0x1 [0141.674] GetFileInformationByHandle (in: hFile=0x4cc, lpFileInformation=0xc00024dd44 | out: lpFileInformation=0xc00024dd44) returned 1 [0141.674] GetFileInformationByHandleEx (in: hFile=0x4cc, FileInformationClass=0x9, lpFileInformation=0xc00024dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00024dd28) returned 1 [0141.674] VirtualAlloc (lpAddress=0xc000350000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000350000 [0141.675] ReadFile (in: hFile=0x4cc, lpBuffer=0xc000350000, nNumberOfBytesToRead=0x8200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000350000*, lpNumberOfBytesRead=0xc00024dc04*=0x8000, lpOverlapped=0x0) returned 1 [0142.589] ReadFile (in: hFile=0x4cc, lpBuffer=0xc000358000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00024dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000358000*, lpNumberOfBytesRead=0xc00024dc04*=0x0, lpOverlapped=0x0) returned 1 [0142.589] CloseHandle (hObject=0x4cc) returned 1 [0142.589] SetEvent (hEvent=0x30c) returned 1 [0142.589] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4cc [0142.589] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8c0 [0142.589] WaitForSingleObject (hHandle=0x4cc, dwMilliseconds=0xffffffff) Thread: id = 83 os_tid = 0x704 [0141.676] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3133fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3133fea0*=0x4c4) returned 1 [0141.676] VirtualQuery (in: lpAddress=0x3133fec0, lpBuffer=0x3133fec0, dwLength=0x30 | out: lpBuffer=0x3133fec0*(BaseAddress=0x3133f000, AllocationBase=0x31140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\PQC qu7jynQj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pqc qu7jynqj.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4d0 [0141.677] GetConsoleMode (in: hConsoleHandle=0x4d0, lpMode=0xc0003e3cf4 | out: lpMode=0xc0003e3cf4) returned 0 [0141.677] GetFileType (hFile=0x4d0) returned 0x1 [0141.677] GetFileType (hFile=0x4d0) returned 0x1 [0141.677] GetFileInformationByHandle (in: hFile=0x4d0, lpFileInformation=0xc0003e3d44 | out: lpFileInformation=0xc0003e3d44) returned 1 [0141.677] GetFileInformationByHandleEx (in: hFile=0x4d0, FileInformationClass=0x9, lpFileInformation=0xc0003e3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003e3d28) returned 1 [0141.677] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0141.678] ReadFile (in: hFile=0x4d0, lpBuffer=0xc000180000, nNumberOfBytesToRead=0xc4d, lpNumberOfBytesRead=0xc0003e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesRead=0xc0003e3c04*=0xa4d, lpOverlapped=0x0) returned 1 [0142.591] ReadFile (in: hFile=0x4d0, lpBuffer=0xc000180a4d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000180a4d*, lpNumberOfBytesRead=0xc0003e3c04*=0x0, lpOverlapped=0x0) returned 1 [0142.591] CloseHandle (hObject=0x4d0) returned 1 [0142.591] SetEvent (hEvent=0x234) returned 1 [0142.591] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x4d0 [0142.591] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8c4 [0142.591] WaitForSingleObject (hHandle=0x4d0, dwMilliseconds=0xffffffff) Thread: id = 84 os_tid = 0x694 [0141.678] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3153fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3153fea0*=0x4d4) returned 1 [0141.678] VirtualQuery (in: lpAddress=0x3153fec0, lpBuffer=0x3153fec0, dwLength=0x30 | out: lpBuffer=0x3153fec0*(BaseAddress=0x3153f000, AllocationBase=0x31340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.678] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0141.679] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BEvYNIg0.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bevynig0.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4d8 [0141.680] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc000253cf4 | out: lpMode=0xc000253cf4) returned 0 [0141.680] GetFileType (hFile=0x4d8) returned 0x1 [0141.680] GetFileType (hFile=0x4d8) returned 0x1 [0141.680] GetFileInformationByHandle (in: hFile=0x4d8, lpFileInformation=0xc000253d44 | out: lpFileInformation=0xc000253d44) returned 1 [0141.680] GetFileInformationByHandleEx (in: hFile=0x4d8, FileInformationClass=0x9, lpFileInformation=0xc000253d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000253d28) returned 1 [0141.680] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0141.681] ReadFile (in: hFile=0x4d8, lpBuffer=0xc000186000, nNumberOfBytesToRead=0x5e8, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc000186000*, lpNumberOfBytesRead=0xc000253c04*=0x3e8, lpOverlapped=0x0) returned 1 [0142.592] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8c8 [0142.592] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8cc [0142.592] WaitForSingleObject (hHandle=0x8c8, dwMilliseconds=0xffffffff) returned 0x0 [0143.094] ReadFile (in: hFile=0x4d8, lpBuffer=0xc0001863e8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000253c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001863e8*, lpNumberOfBytesRead=0xc000253c04*=0x0, lpOverlapped=0x0) returned 1 [0143.094] CloseHandle (hObject=0x4d8) returned 1 [0143.094] VirtualAlloc (lpAddress=0xc0007c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007c0000 [0143.096] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BEvYNIg0.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bevynig0.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8 [0143.097] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc000253d04 | out: lpMode=0xc000253d04) returned 0 [0143.100] WaitForSingleObject (hHandle=0x8c8, dwMilliseconds=0xffffffff) returned 0x0 [0143.866] GetFileType (hFile=0x4d8) returned 0x1 [0143.866] WriteFile (in: hFile=0x4d8, lpBuffer=0xc00011e400*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0xc000253cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011e400*, lpNumberOfBytesWritten=0xc000253cec*=0x3f0, lpOverlapped=0x0) returned 1 [0143.867] CloseHandle (hObject=0x4d8) returned 1 [0143.871] WaitForSingleObject (hHandle=0x8c8, dwMilliseconds=0xffffffff) returned 0x0 [0144.482] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3401 | out: pbBuffer=0xc0001c3401) returned 1 [0144.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BEvYNIg0.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bevynig0.flv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac [0144.482] GetConsoleMode (in: hConsoleHandle=0x4ac, lpMode=0xc000253d64 | out: lpMode=0xc000253d64) returned 0 [0144.487] GetFileType (hFile=0x4ac) returned 0x1 [0144.487] WriteFile (in: hFile=0x4ac, lpBuffer=0xc000290840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000253d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290840*, lpNumberOfBytesWritten=0xc000253d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.487] CloseHandle (hObject=0x4ac) returned 1 [0144.487] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\BEvYNIg0.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bevynig0.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-BEvYNIg0.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-bevynig0.flv.lnk"), dwFlags=0x1) returned 1 [0144.489] SetEvent (hEvent=0xa88) returned 1 [0144.489] WaitForSingleObject (hHandle=0x8c8, dwMilliseconds=0xffffffff) returned 0x0 [0144.500] SetEvent (hEvent=0x8b8) returned 1 [0144.500] SetEvent (hEvent=0xa38) returned 1 [0144.500] WaitForSingleObject (hHandle=0x8c8, dwMilliseconds=0xffffffff) returned 0x0 [0144.508] SetEvent (hEvent=0x8b8) returned 1 [0144.508] SetEvent (hEvent=0xb20) returned 1 [0144.508] WaitForSingleObject (hHandle=0x8c8, dwMilliseconds=0xffffffff) returned 0x0 [0144.510] SetEvent (hEvent=0x604) returned 1 [0144.510] WaitForSingleObject (hHandle=0x8c8, dwMilliseconds=0xffffffff) Thread: id = 85 os_tid = 0x7e4 [0141.683] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3173fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3173fea0*=0x4e0) returned 1 [0141.683] VirtualQuery (in: lpAddress=0x3173fec0, lpBuffer=0x3173fec0, dwLength=0x30 | out: lpBuffer=0x3173fec0*(BaseAddress=0x3173f000, AllocationBase=0x31540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.683] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FzNv_DLmFAz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fznv_dlmfaz.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4e4 [0141.684] GetConsoleMode (in: hConsoleHandle=0x4e4, lpMode=0xc000391cf4 | out: lpMode=0xc000391cf4) returned 0 [0141.685] GetFileType (hFile=0x4e4) returned 0x1 [0141.685] GetFileType (hFile=0x4e4) returned 0x1 [0141.685] GetFileInformationByHandle (in: hFile=0x4e4, lpFileInformation=0xc000391d44 | out: lpFileInformation=0xc000391d44) returned 1 [0141.685] GetFileInformationByHandleEx (in: hFile=0x4e4, FileInformationClass=0x9, lpFileInformation=0xc000391d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000391d28) returned 1 [0141.685] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0141.686] ReadFile (in: hFile=0x4e4, lpBuffer=0xc00011e000, nNumberOfBytesToRead=0x3e4, lpNumberOfBytesRead=0xc000391c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011e000*, lpNumberOfBytesRead=0xc000391c04*=0x1e4, lpOverlapped=0x0) returned 1 [0142.593] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8d0 [0142.593] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8d4 [0142.593] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0143.109] SetEvent (hEvent=0x3c8) returned 1 [0143.109] ReadFile (in: hFile=0x4e4, lpBuffer=0xc00011e1e4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000391c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011e1e4*, lpNumberOfBytesRead=0xc000391c04*=0x0, lpOverlapped=0x0) returned 1 [0143.109] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0143.948] CloseHandle (hObject=0x4e4) returned 1 [0143.948] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0143.949] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FzNv_DLmFAz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fznv_dlmfaz.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0143.967] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0144.509] SetEvent (hEvent=0xc0) returned 1 [0144.509] SetEvent (hEvent=0x8b8) returned 1 [0144.509] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc000391d04 | out: lpMode=0xc000391d04) returned 0 [0144.510] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0144.794] SetEvent (hEvent=0xae0) returned 1 [0144.795] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0145.027] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x704 [0145.028] GetConsoleMode (in: hConsoleHandle=0x704, lpMode=0xc000047cf4 | out: lpMode=0xc000047cf4) returned 0 [0145.108] GetFileType (hFile=0x704) returned 0x1 [0145.108] GetFileType (hFile=0x704) returned 0x1 [0145.108] GetFileInformationByHandle (in: hFile=0x704, lpFileInformation=0xc000047d44 | out: lpFileInformation=0xc000047d44) returned 1 [0145.108] GetFileInformationByHandleEx (in: hFile=0x704, FileInformationClass=0x9, lpFileInformation=0xc000047d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000047d28) returned 1 [0145.108] ReadFile (in: hFile=0x704, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x42e, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000047c04*=0x22e, lpOverlapped=0x0) returned 1 [0145.109] ReadFile (in: hFile=0x704, lpBuffer=0xc0002a422e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a422e*, lpNumberOfBytesRead=0xc000047c04*=0x0, lpOverlapped=0x0) returned 1 [0145.109] CloseHandle (hObject=0x704) returned 1 [0145.109] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0145.110] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini\\*", lpFindFileData=0xc000047a08 | out: lpFindFileData=0xc000047a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0145.110] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000047720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0145.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x704 [0145.111] GetConsoleMode (in: hConsoleHandle=0x704, lpMode=0xc00020fcf4 | out: lpMode=0xc00020fcf4) returned 0 [0145.160] GetFileType (hFile=0x704) returned 0x1 [0145.160] GetFileType (hFile=0x704) returned 0x1 [0145.160] GetFileInformationByHandle (in: hFile=0x704, lpFileInformation=0xc00020fd44 | out: lpFileInformation=0xc00020fd44) returned 1 [0145.160] GetFileInformationByHandleEx (in: hFile=0x704, FileInformationClass=0x9, lpFileInformation=0xc00020fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020fd28) returned 1 [0145.160] ReadFile (in: hFile=0x704, lpBuffer=0xc00010e200, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00010e200*, lpNumberOfBytesRead=0xc00020fc04*=0x0, lpOverlapped=0x0) returned 1 [0145.240] CloseHandle (hObject=0x704) returned 1 [0145.254] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x704 [0145.254] GetConsoleMode (in: hConsoleHandle=0x704, lpMode=0xc00020fd04 | out: lpMode=0xc00020fd04) returned 0 [0145.260] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0145.819] GetFileType (hFile=0x704) returned 0x1 [0145.819] WriteFile (in: hFile=0x704, lpBuffer=0xc000586510*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc00020fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000586510*, lpNumberOfBytesWritten=0xc00020fcec*=0x10, lpOverlapped=0x0) returned 1 [0145.820] CloseHandle (hObject=0x704) returned 1 [0145.820] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533801 | out: pbBuffer=0xc000533801) returned 1 [0145.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x704 [0145.821] GetConsoleMode (in: hConsoleHandle=0x704, lpMode=0xc00020fd64 | out: lpMode=0xc00020fd64) returned 0 [0145.824] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0146.231] GetFileType (hFile=0x704) returned 0x1 [0146.231] WriteFile (in: hFile=0x704, lpBuffer=0xc0000d7340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7340*, lpNumberOfBytesWritten=0xc00020fd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.231] CloseHandle (hObject=0x704) returned 1 [0146.231] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\encry-Documents.mydocs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\encry-documents.mydocs"), dwFlags=0x1) returned 1 [0146.233] SetEvent (hEvent=0x100) returned 1 [0146.233] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0146.247] SetEvent (hEvent=0xc34) returned 1 [0146.247] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0148.048] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\REINuLLmhp.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\reinullmhp.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x808 [0148.049] GetConsoleMode (in: hConsoleHandle=0x808, lpMode=0xc000381cf4 | out: lpMode=0xc000381cf4) returned 0 [0148.051] GetFileType (hFile=0x808) returned 0x1 [0148.051] GetFileType (hFile=0x808) returned 0x1 [0148.051] GetFileInformationByHandle (in: hFile=0x808, lpFileInformation=0xc000381d44 | out: lpFileInformation=0xc000381d44) returned 1 [0148.051] GetFileInformationByHandleEx (in: hFile=0x808, FileInformationClass=0x9, lpFileInformation=0xc000381d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000381d28) returned 1 [0148.051] VirtualAlloc (lpAddress=0xc00032a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032a000 [0148.053] ReadFile (in: hFile=0x808, lpBuffer=0xc00032a000, nNumberOfBytesToRead=0xc493, lpNumberOfBytesRead=0xc000381c04, lpOverlapped=0x0 | out: lpBuffer=0xc00032a000*, lpNumberOfBytesRead=0xc000381c04*=0xc293, lpOverlapped=0x0) returned 1 [0148.709] ReadFile (in: hFile=0x808, lpBuffer=0xc000336293, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000381c04, lpOverlapped=0x0 | out: lpBuffer=0xc000336293*, lpNumberOfBytesRead=0xc000381c04*=0x0, lpOverlapped=0x0) returned 1 [0148.709] CloseHandle (hObject=0x808) returned 1 [0148.709] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e4000 [0148.712] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\REINuLLmhp.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\reinullmhp.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0150.624] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000381d04 | out: lpMode=0xc000381d04) returned 0 [0150.628] GetFileType (hFile=0x7a0) returned 0x1 [0150.628] WriteFile (in: hFile=0x7a0, lpBuffer=0xc0006e4000*, nNumberOfBytesToWrite=0xc2a0, lpNumberOfBytesWritten=0xc000381cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006e4000*, lpNumberOfBytesWritten=0xc000381cec*=0xc2a0, lpOverlapped=0x0) returned 1 [0150.630] CloseHandle (hObject=0x7a0) returned 1 [0150.732] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0150.760] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0150.760] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\REINuLLmhp.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\reinullmhp.xls"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x740 [0150.760] GetConsoleMode (in: hConsoleHandle=0x740, lpMode=0xc000381d64 | out: lpMode=0xc000381d64) returned 0 [0150.762] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0150.792] GetFileType (hFile=0x740) returned 0x1 [0150.792] WriteFile (in: hFile=0x740, lpBuffer=0xc0000a2580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000381d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2580*, lpNumberOfBytesWritten=0xc000381d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.792] CloseHandle (hObject=0x740) returned 1 [0150.795] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0150.818] SetEvent (hEvent=0xc0) returned 1 [0150.818] SetEvent (hEvent=0xb50) returned 1 [0150.818] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\REINuLLmhp.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\reinullmhp.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-REINuLLmhp.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-reinullmhp.xls"), dwFlags=0x1) returned 1 [0153.288] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0153.318] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0153.319] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0153.320] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\mBCou1Ppf2tg_e1rt.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\mbcou1ppf2tg_e1rt.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0153.321] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000443cf4 | out: lpMode=0xc000443cf4) returned 0 [0153.332] GetFileType (hFile=0x384) returned 0x1 [0153.332] GetFileType (hFile=0x384) returned 0x1 [0153.333] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc000443d44 | out: lpFileInformation=0xc000443d44) returned 1 [0153.333] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc000443d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000443d28) returned 1 [0153.333] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0153.334] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0153.337] ReadFile (in: hFile=0x384, lpBuffer=0xc0002fe000, nNumberOfBytesToRead=0xf130, lpNumberOfBytesRead=0xc000443c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fe000*, lpNumberOfBytesRead=0xc000443c04*=0xef30, lpOverlapped=0x0) returned 1 [0153.339] ReadFile (in: hFile=0x384, lpBuffer=0xc00030cf30, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000443c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030cf30*, lpNumberOfBytesRead=0xc000443c04*=0x0, lpOverlapped=0x0) returned 1 [0153.339] CloseHandle (hObject=0x384) returned 1 [0153.339] VirtualAlloc (lpAddress=0xc000358000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000358000 [0153.342] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\mBCou1Ppf2tg_e1rt.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\mbcou1ppf2tg_e1rt.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0153.344] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000443d04 | out: lpMode=0xc000443d04) returned 0 [0153.355] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0153.359] GetFileType (hFile=0x384) returned 0x1 [0153.359] WriteFile (in: hFile=0x384, lpBuffer=0xc000358000*, nNumberOfBytesToWrite=0xef40, lpNumberOfBytesWritten=0xc000443cec, lpOverlapped=0x0 | out: lpBuffer=0xc000358000*, lpNumberOfBytesWritten=0xc000443cec*=0xef40, lpOverlapped=0x0) returned 1 [0153.362] CloseHandle (hObject=0x384) returned 1 [0153.363] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0153.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\mBCou1Ppf2tg_e1rt.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\mbcou1ppf2tg_e1rt.csv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0153.363] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000443d64 | out: lpMode=0xc000443d64) returned 0 [0153.364] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0153.397] SetEvent (hEvent=0xc0) returned 1 [0153.397] SetEvent (hEvent=0x9f0) returned 1 [0153.397] GetFileType (hFile=0x384) returned 0x1 [0153.397] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0153.417] SwitchToThread () returned 1 [0153.418] SetEvent (hEvent=0x9f0) returned 1 [0153.419] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0153.419] SetEvent (hEvent=0x9f0) returned 1 [0153.419] SetEvent (hEvent=0x208) returned 1 [0153.420] VirtualFree (lpAddress=0xc0004a8000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0153.421] VirtualFree (lpAddress=0xc000358000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0153.423] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.424] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.424] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.425] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.426] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.427] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.427] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.428] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0153.429] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.430] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.431] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0153.433] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\12b49\\T02XdS0VdAldzPJ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\12b49\\t02xds0vdaldzpj.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x554 [0153.434] GetConsoleMode (in: hConsoleHandle=0x554, lpMode=0xc0001a3cf4 | out: lpMode=0xc0001a3cf4) returned 0 [0153.434] GetFileType (hFile=0x554) returned 0x1 [0153.435] GetFileType (hFile=0x554) returned 0x1 [0153.435] GetFileInformationByHandle (in: hFile=0x554, lpFileInformation=0xc0001a3d44 | out: lpFileInformation=0xc0001a3d44) returned 1 [0153.435] GetFileInformationByHandleEx (in: hFile=0x554, FileInformationClass=0x9, lpFileInformation=0xc0001a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a3d28) returned 1 [0153.435] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0153.439] ReadFile (in: hFile=0x554, lpBuffer=0xc0002fe000, nNumberOfBytesToRead=0xf7fd, lpNumberOfBytesRead=0xc0001a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fe000*, lpNumberOfBytesRead=0xc0001a3c04*=0xf5fd, lpOverlapped=0x0) returned 1 [0153.441] ReadFile (in: hFile=0x554, lpBuffer=0xc00030d5fd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030d5fd*, lpNumberOfBytesRead=0xc0001a3c04*=0x0, lpOverlapped=0x0) returned 1 [0153.441] CloseHandle (hObject=0x554) returned 1 [0153.442] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0153.446] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\12b49\\T02XdS0VdAldzPJ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\12b49\\t02xds0vdaldzpj.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554 [0153.449] GetConsoleMode (in: hConsoleHandle=0x554, lpMode=0xc0001a3d04 | out: lpMode=0xc0001a3d04) returned 0 [0153.460] GetFileType (hFile=0x554) returned 0x1 [0153.460] WriteFile (in: hFile=0x554, lpBuffer=0xc000346000*, nNumberOfBytesToWrite=0xf600, lpNumberOfBytesWritten=0xc0001a3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesWritten=0xc0001a3cec*=0xf600, lpOverlapped=0x0) returned 1 [0153.464] CloseHandle (hObject=0x554) returned 1 [0153.464] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0153.464] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0153.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\12b49\\T02XdS0VdAldzPJ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\12b49\\t02xds0vdaldzpj.xlsx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554 [0153.465] GetConsoleMode (in: hConsoleHandle=0x554, lpMode=0xc0001a3d64 | out: lpMode=0xc0001a3d64) returned 0 [0153.490] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0153.511] GetFileType (hFile=0x554) returned 0x1 [0153.511] WriteFile (in: hFile=0x554, lpBuffer=0xc0002849a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002849a0*, lpNumberOfBytesWritten=0xc0001a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.511] CloseHandle (hObject=0x554) returned 1 [0153.512] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\12b49\\T02XdS0VdAldzPJ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\12b49\\t02xds0vdaldzpj.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\12b49\\encry-T02XdS0VdAldzPJ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\12b49\\encry-t02xds0vdaldzpj.xlsx"), dwFlags=0x1) returned 1 [0153.514] SetEvent (hEvent=0x100) returned 1 [0153.514] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0153.607] SetEvent (hEvent=0x208) returned 1 [0153.607] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0153.827] SetEvent (hEvent=0x9f0) returned 1 [0153.827] SetEvent (hEvent=0x9a8) returned 1 [0153.827] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0153.976] SetEvent (hEvent=0x9a8) returned 1 [0153.976] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0154.218] SetEvent (hEvent=0x9f0) returned 1 [0154.218] SwitchToThread () returned 1 [0154.225] SetEvent (hEvent=0x9f0) returned 1 [0154.225] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0154.256] SetEvent (hEvent=0x100) returned 1 [0154.257] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0310*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000465818, lpReserved=0x0 | out: lpBuffer=0xc0000a0310*, lpNumberOfCharsWritten=0xc000465818*=0x3) returned 1 [0154.324] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0316*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000411818, lpReserved=0x0 | out: lpBuffer=0xc0000a0316*, lpNumberOfCharsWritten=0xc000411818*=0x3) returned 1 [0154.345] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0154.348] SetEvent (hEvent=0x100) returned 1 [0154.348] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010488*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000065818, lpReserved=0x0 | out: lpBuffer=0xc000010488*, lpNumberOfCharsWritten=0xc000065818*=0x3) returned 1 [0154.357] SetEvent (hEvent=0x100) returned 1 [0154.357] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010490*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001ab818, lpReserved=0x0 | out: lpBuffer=0xc000010490*, lpNumberOfCharsWritten=0xc0001ab818*=0x3) returned 1 [0154.359] SetEvent (hEvent=0x100) returned 1 [0154.359] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010496*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000483818, lpReserved=0x0 | out: lpBuffer=0xc000010496*, lpNumberOfCharsWritten=0xc000483818*=0x3) returned 1 [0154.361] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0154.392] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010470*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00039d818, lpReserved=0x0 | out: lpBuffer=0xc000010470*, lpNumberOfCharsWritten=0xc00039d818*=0x3) returned 1 [0154.439] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0154.441] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010476*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0003c3818, lpReserved=0x0 | out: lpBuffer=0xc000010476*, lpNumberOfCharsWritten=0xc0003c3818*=0x3) returned 1 [0154.444] SwitchToThread () returned 1 [0154.445] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0154.447] SetEvent (hEvent=0x9f0) returned 1 [0154.448] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0154.452] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0154.454] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CNheGrQAl0z.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cnhegrqal0z.pptx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3fc [0154.454] GetConsoleMode (in: hConsoleHandle=0x3fc, lpMode=0xc0004dbd64 | out: lpMode=0xc0004dbd64) returned 0 [0154.457] GetFileType (hFile=0x3fc) returned 0x1 [0154.457] WriteFile (in: hFile=0x3fc, lpBuffer=0xc000284b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284b00*, lpNumberOfBytesWritten=0xc0004dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0154.457] CloseHandle (hObject=0x3fc) returned 1 [0154.457] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\CNheGrQAl0z.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\cnhegrqal0z.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-CNheGrQAl0z.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-cnhegrqal0z.pptx"), dwFlags=0x1) returned 1 [0154.459] SwitchToThread () returned 1 [0154.464] SetEvent (hEvent=0x9f0) returned 1 [0154.464] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0154.470] SetEvent (hEvent=0x100) returned 1 [0154.470] VirtualFree (lpAddress=0xc000346000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0154.473] VirtualFree (lpAddress=0xc00028c000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0154.474] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.475] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.476] VirtualFree (lpAddress=0xc000036000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.477] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.478] GetFileType (hFile=0x404) returned 0x1 [0154.478] WriteFile (in: hFile=0x404, lpBuffer=0xc00005b000*, nNumberOfBytesToWrite=0x2ac0, lpNumberOfBytesWritten=0xc0001adcec, lpOverlapped=0x0 | out: lpBuffer=0xc00005b000*, lpNumberOfBytesWritten=0xc0001adcec*=0x2ac0, lpOverlapped=0x0) returned 1 [0154.480] CloseHandle (hObject=0x404) returned 1 [0154.480] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0154.480] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0154.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\EnPoS1F1VYf.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\enpos1f1vyf.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0154.482] GetConsoleMode (in: hConsoleHandle=0x404, lpMode=0xc0001add64 | out: lpMode=0xc0001add64) returned 0 [0154.535] GetFileType (hFile=0x404) returned 0x1 [0154.535] WriteFile (in: hFile=0x404, lpBuffer=0xc000284c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001add4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284c60*, lpNumberOfBytesWritten=0xc0001add4c*=0x158, lpOverlapped=0x0) returned 1 [0154.536] CloseHandle (hObject=0x404) returned 1 [0154.536] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\EnPoS1F1VYf.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\enpos1f1vyf.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\encry-EnPoS1F1VYf.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\encry-enpos1f1vyf.png"), dwFlags=0x1) returned 1 [0154.538] GetFileType (hFile=0x6a4) returned 0x1 [0154.538] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000285080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001ffd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000285080*, lpNumberOfBytesWritten=0xc0001ffd4c*=0x158, lpOverlapped=0x0) returned 1 [0154.538] CloseHandle (hObject=0x6a4) returned 1 [0154.538] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0154.540] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Wfqsgh z BG.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wfqsgh z bg.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-Wfqsgh z BG.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-wfqsgh z bg.docx"), dwFlags=0x1) returned 1 [0154.541] GetFileType (hFile=0x7c4) returned 0x1 [0154.542] WriteFile (in: hFile=0x7c4, lpBuffer=0xc00032a000*, nNumberOfBytesToWrite=0xab20, lpNumberOfBytesWritten=0xc00041dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00032a000*, lpNumberOfBytesWritten=0xc00041dcec*=0xab20, lpOverlapped=0x0) returned 1 [0154.545] CloseHandle (hObject=0x7c4) returned 1 [0154.545] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3401 | out: pbBuffer=0xc0001c3401) returned 1 [0154.545] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0154.547] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\VH3znN.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\vh3znn.ppt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0154.547] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc00041dd64 | out: lpMode=0xc00041dd64) returned 0 [0154.556] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0154.594] GetFileType (hFile=0x7c4) returned 0x1 [0154.595] WriteFile (in: hFile=0x7c4, lpBuffer=0xc0002854a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00041dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002854a0*, lpNumberOfBytesWritten=0xc00041dd4c*=0x158, lpOverlapped=0x0) returned 1 [0154.595] CloseHandle (hObject=0x7c4) returned 1 [0154.595] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\VH3znN.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\vh3znn.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\encry-VH3znN.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\encry-vh3znn.ppt"), dwFlags=0x1) returned 1 [0154.597] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0154.633] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0154.667] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0154.703] SetEvent (hEvent=0x9f0) returned 1 [0154.704] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0154.729] SetEvent (hEvent=0x9f0) returned 1 [0154.729] SetEvent (hEvent=0x100) returned 1 [0154.730] SetEvent (hEvent=0x43c) returned 1 [0154.730] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0154.751] GetFileType (hFile=0x3e0) returned 0x1 [0154.751] GetFileType (hFile=0x3e0) returned 0x1 [0154.751] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc0003b7d44 | out: lpFileInformation=0xc0003b7d44) returned 1 [0154.752] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc0003b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003b7d28) returned 1 [0154.752] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0154.753] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0154.759] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x15a6a, lpNumberOfBytesRead=0xc0003b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc0003b7c04*=0x1586a, lpOverlapped=0x0) returned 1 [0154.761] ReadFile (in: hFile=0x3e0, lpBuffer=0xc00035b86a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00035b86a*, lpNumberOfBytesRead=0xc0003b7c04*=0x0, lpOverlapped=0x0) returned 1 [0154.761] CloseHandle (hObject=0x3e0) returned 1 [0154.762] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0154.763] VirtualAlloc (lpAddress=0xc0004a8000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004a8000 [0154.769] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\WJrxKCY4JIYa8.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\wjrxkcy4jiya8.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0154.773] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0003b7d04 | out: lpMode=0xc0003b7d04) returned 0 [0154.793] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0154.848] GetFileType (hFile=0x3e0) returned 0x1 [0154.848] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0154.850] WriteFile (in: hFile=0x3e0, lpBuffer=0xc0004a8000*, nNumberOfBytesToWrite=0x15870, lpNumberOfBytesWritten=0xc0003b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0004a8000*, lpNumberOfBytesWritten=0xc0003b7cec*=0x15870, lpOverlapped=0x0) returned 1 [0154.854] CloseHandle (hObject=0x3e0) returned 1 [0154.855] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0154.856] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0154.856] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0154.858] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0154.860] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0154.861] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\WJrxKCY4JIYa8.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\wjrxkcy4jiya8.avi"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0154.861] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0003b7d64 | out: lpMode=0xc0003b7d64) returned 0 [0154.880] GetFileType (hFile=0x3e0) returned 0x1 [0154.880] WriteFile (in: hFile=0x3e0, lpBuffer=0xc000104000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesWritten=0xc0003b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0154.881] CloseHandle (hObject=0x3e0) returned 1 [0154.881] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\WJrxKCY4JIYa8.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\wjrxkcy4jiya8.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\encry-WJrxKCY4JIYa8.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\encry-wjrxkcy4jiya8.avi"), dwFlags=0x1) returned 1 [0154.893] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0154.895] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0154.896] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0003e7cf4 | out: lpMode=0xc0003e7cf4) returned 0 [0154.910] GetFileType (hFile=0x3e0) returned 0x1 [0154.910] GetFileType (hFile=0x3e0) returned 0x1 [0154.910] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc0003e7d44 | out: lpFileInformation=0xc0003e7d44) returned 1 [0154.910] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc0003e7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003e7d28) returned 1 [0154.910] ReadFile (in: hFile=0x3e0, lpBuffer=0xc0000fa2c0, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0xc0003e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa2c0*, lpNumberOfBytesRead=0xc0003e7c04*=0x85, lpOverlapped=0x0) returned 1 [0154.913] ReadFile (in: hFile=0x3e0, lpBuffer=0xc0000fa345, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa345*, lpNumberOfBytesRead=0xc0003e7c04*=0x0, lpOverlapped=0x0) returned 1 [0154.913] CloseHandle (hObject=0x3e0) returned 1 [0154.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0154.915] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0003e7d04 | out: lpMode=0xc0003e7d04) returned 0 [0154.926] GetFileType (hFile=0x3e0) returned 0x1 [0154.927] WriteFile (in: hFile=0x3e0, lpBuffer=0xc000070120*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc0003e7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000070120*, lpNumberOfBytesWritten=0xc0003e7cec*=0x90, lpOverlapped=0x0) returned 1 [0154.928] CloseHandle (hObject=0x3e0) returned 1 [0154.928] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3301 | out: pbBuffer=0xc0001c3301) returned 1 [0154.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0154.929] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0003e7d64 | out: lpMode=0xc0003e7d64) returned 0 [0154.951] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0154.997] GetFileType (hFile=0x3e0) returned 0x1 [0154.997] WriteFile (in: hFile=0x3e0, lpBuffer=0xc000284000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003e7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284000*, lpNumberOfBytesWritten=0xc0003e7d4c*=0x158, lpOverlapped=0x0) returned 1 [0154.997] CloseHandle (hObject=0x3e0) returned 1 [0154.997] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\ie site on microsoft.com.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\encry-IE site on Microsoft.com.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\encry-ie site on microsoft.com.url"), dwFlags=0x1) returned 1 [0154.999] SetEvent (hEvent=0x9a8) returned 1 [0154.999] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0155.069] SetEvent (hEvent=0x9f0) returned 1 [0155.069] SetEvent (hEvent=0x208) returned 1 [0155.069] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0155.128] SetEvent (hEvent=0x9f0) returned 1 [0155.128] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0155.129] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0155.131] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x404 [0155.132] GetConsoleMode (in: hConsoleHandle=0x404, lpMode=0xc0001abcf4 | out: lpMode=0xc0001abcf4) returned 0 [0155.169] GetFileType (hFile=0x404) returned 0x1 [0155.169] GetFileType (hFile=0x404) returned 0x1 [0155.169] GetFileInformationByHandle (in: hFile=0x404, lpFileInformation=0xc0001abd44 | out: lpFileInformation=0xc0001abd44) returned 1 [0155.169] GetFileInformationByHandleEx (in: hFile=0x404, FileInformationClass=0x9, lpFileInformation=0xc0001abd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001abd28) returned 1 [0155.169] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0155.173] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0155.174] ReadFile (in: hFile=0x404, lpBuffer=0xc00006e000, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0xc0001abc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesRead=0xc0001abc04*=0x85, lpOverlapped=0x0) returned 1 [0155.177] ReadFile (in: hFile=0x404, lpBuffer=0xc00006e085, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001abc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e085*, lpNumberOfBytesRead=0xc0001abc04*=0x0, lpOverlapped=0x0) returned 1 [0155.177] CloseHandle (hObject=0x404) returned 1 [0155.177] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0155.178] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0155.179] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0155.181] GetConsoleMode (in: hConsoleHandle=0x404, lpMode=0xc0001abd04 | out: lpMode=0xc0001abd04) returned 0 [0155.192] GetFileType (hFile=0x404) returned 0x1 [0155.193] WriteFile (in: hFile=0x404, lpBuffer=0xc000074000*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc0001abcec, lpOverlapped=0x0 | out: lpBuffer=0xc000074000*, lpNumberOfBytesWritten=0xc0001abcec*=0x90, lpOverlapped=0x0) returned 1 [0155.196] CloseHandle (hObject=0x404) returned 1 [0155.196] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0155.196] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0155.198] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0155.200] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0155.201] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0155.202] GetConsoleMode (in: hConsoleHandle=0x404, lpMode=0xc0001abd64 | out: lpMode=0xc0001abd64) returned 0 [0155.205] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0155.370] GetFileType (hFile=0x404) returned 0x1 [0155.371] WriteFile (in: hFile=0x404, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001abd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0001abd4c*=0x158, lpOverlapped=0x0) returned 1 [0155.371] CloseHandle (hObject=0x404) returned 1 [0155.371] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\get windows live.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\encry-Get Windows Live.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\encry-get windows live.url"), dwFlags=0x1) returned 1 [0155.373] SetEvent (hEvent=0x1b4) returned 1 [0155.373] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0155.391] SetEvent (hEvent=0x9e8) returned 1 [0155.391] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2fc [0155.392] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc00013dcf4 | out: lpMode=0xc00013dcf4) returned 0 [0155.505] GetFileType (hFile=0x2fc) returned 0x1 [0155.505] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0155.507] GetFileType (hFile=0x2fc) returned 0x1 [0155.507] GetFileInformationByHandle (in: hFile=0x2fc, lpFileInformation=0xc00013dd44 | out: lpFileInformation=0xc00013dd44) returned 1 [0155.507] GetFileInformationByHandleEx (in: hFile=0x2fc, FileInformationClass=0x9, lpFileInformation=0xc00013dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013dd28) returned 1 [0155.507] VirtualAlloc (lpAddress=0xc000226000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000226000 [0155.508] ReadFile (in: hFile=0x2fc, lpBuffer=0xc000198000, nNumberOfBytesToRead=0x36b, lpNumberOfBytesRead=0xc00013dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000198000*, lpNumberOfBytesRead=0xc00013dc04*=0x16b, lpOverlapped=0x0) returned 1 [0155.511] ReadFile (in: hFile=0x2fc, lpBuffer=0xc00019816b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00019816b*, lpNumberOfBytesRead=0xc00013dc04*=0x0, lpOverlapped=0x0) returned 1 [0155.511] CloseHandle (hObject=0x2fc) returned 1 [0155.511] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0155.513] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0155.515] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc00013dd04 | out: lpMode=0xc00013dd04) returned 0 [0155.807] GetFileType (hFile=0x2fc) returned 0x1 [0155.807] WriteFile (in: hFile=0x2fc, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0xc00013dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc00013dcec*=0x170, lpOverlapped=0x0) returned 1 [0155.809] CloseHandle (hObject=0x2fc) returned 1 [0155.809] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0155.809] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0155.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\recentplaces.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0155.811] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc00013dd64 | out: lpMode=0xc00013dd64) returned 0 [0155.958] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0156.317] SetEvent (hEvent=0x254) returned 1 [0156.402] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0161.174] SetEvent (hEvent=0x9e8) returned 1 [0161.174] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0161.176] SetEvent (hEvent=0x9e8) returned 1 [0161.176] SetEvent (hEvent=0x254) returned 1 [0161.176] SetEvent (hEvent=0x43c) returned 1 [0161.176] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0161.222] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\KblR1WYH.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\kblr1wyh.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x564 [0162.063] GetConsoleMode (in: hConsoleHandle=0x564, lpMode=0xc00038fcf4 | out: lpMode=0xc00038fcf4) returned 0 [0162.413] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0162.599] SetEvent (hEvent=0x254) returned 1 [0162.600] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0162.925] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0163.036] SetEvent (hEvent=0xb58) returned 1 [0163.036] GetFileType (hFile=0x554) returned 0x1 [0163.036] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0163.037] GetFileType (hFile=0x554) returned 0x1 [0163.037] GetFileInformationByHandle (in: hFile=0x554, lpFileInformation=0xc0002afd44 | out: lpFileInformation=0xc0002afd44) returned 1 [0163.037] GetFileInformationByHandleEx (in: hFile=0x554, FileInformationClass=0x9, lpFileInformation=0xc0002afd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002afd28) returned 1 [0163.037] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0163.039] VirtualAlloc (lpAddress=0xc000790000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000790000 [0163.044] ReadFile (in: hFile=0x554, lpBuffer=0xc000790000, nNumberOfBytesToRead=0x18402, lpNumberOfBytesRead=0xc0002afc04, lpOverlapped=0x0 | out: lpBuffer=0xc000790000*, lpNumberOfBytesRead=0xc0002afc04*=0x18202, lpOverlapped=0x0) returned 1 [0163.047] ReadFile (in: hFile=0x554, lpBuffer=0xc0007a8202, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002afc04, lpOverlapped=0x0 | out: lpBuffer=0xc0007a8202*, lpNumberOfBytesRead=0xc0002afc04*=0x0, lpOverlapped=0x0) returned 1 [0163.048] CloseHandle (hObject=0x554) returned 1 [0163.048] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0163.049] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0163.050] VirtualAlloc (lpAddress=0xc0007aa000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007aa000 [0163.056] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0163.057] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0163.058] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0163.059] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\G72JCxubkxh.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\g72jcxubkxh.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554 [0163.062] GetConsoleMode (in: hConsoleHandle=0x554, lpMode=0xc0002afd04 | out: lpMode=0xc0002afd04) returned 0 [0163.094] GetFileType (hFile=0x554) returned 0x1 [0163.094] WriteFile (in: hFile=0x554, lpBuffer=0xc0007aa000*, nNumberOfBytesToWrite=0x18210, lpNumberOfBytesWritten=0xc0002afcec, lpOverlapped=0x0 | out: lpBuffer=0xc0007aa000*, lpNumberOfBytesWritten=0xc0002afcec*=0x18210, lpOverlapped=0x0) returned 1 [0163.100] CloseHandle (hObject=0x554) returned 1 [0163.100] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0163.101] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a101 | out: pbBuffer=0xc00028a101) returned 1 [0163.101] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0163.102] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0163.103] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0163.104] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\G72JCxubkxh.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\g72jcxubkxh.wav"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554 [0163.104] GetConsoleMode (in: hConsoleHandle=0x554, lpMode=0xc0002afd64 | out: lpMode=0xc0002afd64) returned 0 [0163.114] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0163.129] GetFileType (hFile=0x554) returned 0x1 [0163.129] WriteFile (in: hFile=0x554, lpBuffer=0xc000318f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002afd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000318f20*, lpNumberOfBytesWritten=0xc0002afd4c*=0x158, lpOverlapped=0x0) returned 1 [0163.130] CloseHandle (hObject=0x554) returned 1 [0163.130] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\G72JCxubkxh.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\g72jcxubkxh.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\encry-G72JCxubkxh.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\encry-g72jcxubkxh.wav"), dwFlags=0x1) returned 1 [0163.132] SetEvent (hEvent=0xae0) returned 1 [0163.132] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0163.284] SetEvent (hEvent=0xc0c) returned 1 [0163.284] SwitchToThread () returned 1 [0163.288] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0163.316] SetEvent (hEvent=0xc0c) returned 1 [0163.316] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0163.320] SetEvent (hEvent=0xa8) returned 1 [0163.320] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0163.326] SetEvent (hEvent=0xc0c) returned 1 [0163.326] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0163.353] SetEvent (hEvent=0xc0c) returned 1 [0163.353] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0163.358] SetEvent (hEvent=0xa8) returned 1 [0163.358] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0163.364] SetEvent (hEvent=0xc0c) returned 1 [0163.364] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0163.384] SetEvent (hEvent=0xc0c) returned 1 [0163.384] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0163.387] SetEvent (hEvent=0xa8) returned 1 [0163.387] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0163.391] SetEvent (hEvent=0xc0c) returned 1 [0163.391] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0163.392] SetEvent (hEvent=0xc0c) returned 1 [0163.392] SetEvent (hEvent=0xa8) returned 1 [0163.392] VirtualFree (lpAddress=0xc000604000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0163.396] VirtualFree (lpAddress=0xc000542000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0163.397] VirtualFree (lpAddress=0xc00027c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.398] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.398] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.399] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.400] GetFileType (hFile=0x40c) returned 0x1 [0163.400] GetFileInformationByHandle (in: hFile=0x40c, lpFileInformation=0xc0003a7d44 | out: lpFileInformation=0xc0003a7d44) returned 1 [0163.400] GetFileInformationByHandleEx (in: hFile=0x40c, FileInformationClass=0x9, lpFileInformation=0xc0003a7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003a7d28) returned 1 [0163.400] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0163.401] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0163.405] ReadFile (in: hFile=0x40c, lpBuffer=0xc000542000, nNumberOfBytesToRead=0x116dd, lpNumberOfBytesRead=0xc0003a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesRead=0xc0003a7c04*=0x114dd, lpOverlapped=0x0) returned 1 [0163.407] ReadFile (in: hFile=0x40c, lpBuffer=0xc0005534dd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005534dd*, lpNumberOfBytesRead=0xc0003a7c04*=0x0, lpOverlapped=0x0) returned 1 [0163.407] CloseHandle (hObject=0x40c) returned 1 [0163.407] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0163.408] VirtualAlloc (lpAddress=0xc0005d6000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005d6000 [0163.412] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0163.413] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0163.414] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\b-Rfp5Hen4HuNy07Wh3.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\b-rfp5hen4huny07wh3.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40c [0163.416] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc0003a7d04 | out: lpMode=0xc0003a7d04) returned 0 [0163.418] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0163.425] GetFileType (hFile=0x40c) returned 0x1 [0163.425] WriteFile (in: hFile=0x40c, lpBuffer=0xc0005d6000*, nNumberOfBytesToWrite=0x114e0, lpNumberOfBytesWritten=0xc0003a7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005d6000*, lpNumberOfBytesWritten=0xc0003a7cec*=0x114e0, lpOverlapped=0x0) returned 1 [0163.428] CloseHandle (hObject=0x40c) returned 1 [0163.429] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0163.429] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0163.430] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\b-Rfp5Hen4HuNy07Wh3.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\b-rfp5hen4huny07wh3.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40c [0163.430] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc0003a7d64 | out: lpMode=0xc0003a7d64) returned 0 [0163.432] GetFileType (hFile=0x40c) returned 0x1 [0163.432] WriteFile (in: hFile=0x40c, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003a7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0003a7d4c*=0x158, lpOverlapped=0x0) returned 1 [0163.432] CloseHandle (hObject=0x40c) returned 1 [0163.432] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0163.433] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0163.434] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0163.435] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0163.445] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\b-Rfp5Hen4HuNy07Wh3.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\b-rfp5hen4huny07wh3.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\encry-b-Rfp5Hen4HuNy07Wh3.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\encry-b-rfp5hen4huny07wh3.mp3"), dwFlags=0x1) returned 1 [0163.447] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0163.467] SetEvent (hEvent=0x254) returned 1 [0163.467] WriteFile (in: hFile=0x768, lpBuffer=0xc00055ea80*, nNumberOfBytesToWrite=0x66f0, lpNumberOfBytesWritten=0xc000331cec, lpOverlapped=0x0 | out: lpBuffer=0xc00055ea80*, lpNumberOfBytesWritten=0xc000331cec*=0x66f0, lpOverlapped=0x0) returned 1 [0166.337] CloseHandle (hObject=0x768) returned 1 [0166.710] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0166.843] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b401 | out: pbBuffer=0xc00031b401) returned 1 [0166.844] VirtualAlloc (lpAddress=0xc000320000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000320000 [0166.845] VirtualAlloc (lpAddress=0xc000322000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000322000 [0166.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\plkB4TD2QZSfN1cFlc0.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\plkb4td2qzsfn1cflc0.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x768 [0166.858] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0166.912] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc000331d64 | out: lpMode=0xc000331d64) returned 0 [0166.917] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) returned 0x0 [0167.018] GetFileType (hFile=0x768) returned 0x1 [0167.019] WriteFile (in: hFile=0x768, lpBuffer=0xc000120000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000331d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesWritten=0xc000331d4c*=0x158, lpOverlapped=0x0) returned 1 [0167.019] CloseHandle (hObject=0x768) returned 1 [0167.019] VirtualAlloc (lpAddress=0xc00033c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033c000 [0167.020] VirtualAlloc (lpAddress=0xc000340000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000340000 [0167.021] VirtualAlloc (lpAddress=0xc000342000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000342000 [0167.023] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\plkB4TD2QZSfN1cFlc0.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\plkb4td2qzsfn1cflc0.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\encry-plkB4TD2QZSfN1cFlc0.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\encry-plkb4td2qzsfn1cflc0.jpg"), dwFlags=0x1) returned 1 [0167.393] WaitForSingleObject (hHandle=0x8d0, dwMilliseconds=0xffffffff) Thread: id = 86 os_tid = 0x5dc [0141.686] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3193fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3193fea0*=0x4dc) returned 1 [0141.686] VirtualQuery (in: lpAddress=0x3193fec0, lpBuffer=0x3193fec0, dwLength=0x30 | out: lpBuffer=0x3193fec0*(BaseAddress=0x3193f000, AllocationBase=0x31740000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.687] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4e8 [0141.687] GetConsoleMode (in: hConsoleHandle=0x4e8, lpMode=0xc0006ddcf4 | out: lpMode=0xc0006ddcf4) returned 0 [0141.690] GetFileType (hFile=0x4e8) returned 0x1 [0141.690] GetFileType (hFile=0x4e8) returned 0x1 [0141.690] GetFileInformationByHandle (in: hFile=0x4e8, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0141.690] GetFileInformationByHandleEx (in: hFile=0x4e8, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0141.691] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x42000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0141.717] ReadFile (in: hFile=0x4e8, lpBuffer=0xc000542000, nNumberOfBytesToRead=0x40200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesRead=0xc0006ddc04*=0x40000, lpOverlapped=0x0) returned 1 [0142.812] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc2c [0142.812] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc30 [0142.812] WaitForSingleObject (hHandle=0xc2c, dwMilliseconds=0xffffffff) returned 0x0 [0143.785] ReadFile (in: hFile=0x4e8, lpBuffer=0xc000582000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000582000*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0143.785] CloseHandle (hObject=0x4e8) returned 1 [0143.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0143.786] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\index.dat\\*", lpFindFileData=0xc0006dda08 | out: lpFindFileData=0xc0006dda08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0143.787] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0006dd720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0143.787] SetEvent (hEvent=0xc34) returned 1 [0143.787] WaitForSingleObject (hHandle=0xc2c, dwMilliseconds=0xffffffff) returned 0x0 [0143.811] SetEvent (hEvent=0xa78) returned 1 [0143.811] WaitForSingleObject (hHandle=0xc2c, dwMilliseconds=0xffffffff) returned 0x0 [0143.819] SetEvent (hEvent=0xa80) returned 1 [0143.819] WaitForSingleObject (hHandle=0xc2c, dwMilliseconds=0xffffffff) returned 0x0 [0143.857] SetEvent (hEvent=0xc54) returned 1 [0143.857] WaitForSingleObject (hHandle=0xc2c, dwMilliseconds=0xffffffff) Thread: id = 87 os_tid = 0x25c [0141.717] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x31b3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x31b3fea0*=0x4f0) returned 1 [0141.717] VirtualQuery (in: lpAddress=0x31b3fec0, lpBuffer=0x31b3fec0, dwLength=0x30 | out: lpBuffer=0x31b3fec0*(BaseAddress=0x31b3f000, AllocationBase=0x31940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.717] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pk78- 0HqIk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pk78- 0hqik.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4f4 [0141.719] GetConsoleMode (in: hConsoleHandle=0x4f4, lpMode=0xc0003e5cf4 | out: lpMode=0xc0003e5cf4) returned 0 [0141.719] GetFileType (hFile=0x4f4) returned 0x1 [0141.719] GetFileType (hFile=0x4f4) returned 0x1 [0141.719] GetFileInformationByHandle (in: hFile=0x4f4, lpFileInformation=0xc0003e5d44 | out: lpFileInformation=0xc0003e5d44) returned 1 [0141.720] GetFileInformationByHandleEx (in: hFile=0x4f4, FileInformationClass=0x9, lpFileInformation=0xc0003e5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003e5d28) returned 1 [0141.720] VirtualAlloc (lpAddress=0xc000302000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000302000 [0141.722] ReadFile (in: hFile=0x4f4, lpBuffer=0xc000302000, nNumberOfBytesToRead=0x10e8, lpNumberOfBytesRead=0xc0003e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000302000*, lpNumberOfBytesRead=0xc0003e5c04*=0xee8, lpOverlapped=0x0) returned 1 [0142.603] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8d8 [0142.603] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8dc [0142.603] WaitForSingleObject (hHandle=0x8d8, dwMilliseconds=0xffffffff) returned 0x0 [0143.113] ReadFile (in: hFile=0x4f4, lpBuffer=0xc000302ee8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000302ee8*, lpNumberOfBytesRead=0xc0003e5c04*=0x0, lpOverlapped=0x0) returned 1 [0143.113] CloseHandle (hObject=0x4f4) returned 1 [0143.113] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pk78- 0HqIk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pk78- 0hqik.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4f4 [0143.114] GetConsoleMode (in: hConsoleHandle=0x4f4, lpMode=0xc0003e5d04 | out: lpMode=0xc0003e5d04) returned 0 [0143.121] GetFileType (hFile=0x4f4) returned 0x1 [0143.121] WriteFile (in: hFile=0x4f4, lpBuffer=0xc0002fb000*, nNumberOfBytesToWrite=0xef0, lpNumberOfBytesWritten=0xc0003e5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002fb000*, lpNumberOfBytesWritten=0xc0003e5cec*=0xef0, lpOverlapped=0x0) returned 1 [0143.122] CloseHandle (hObject=0x4f4) returned 1 [0143.122] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0143.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pk78- 0HqIk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pk78- 0hqik.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4f4 [0143.122] GetConsoleMode (in: hConsoleHandle=0x4f4, lpMode=0xc0003e5d64 | out: lpMode=0xc0003e5d64) returned 0 [0143.125] WaitForSingleObject (hHandle=0x8d8, dwMilliseconds=0xffffffff) returned 0x0 [0144.009] GetFileType (hFile=0x4f4) returned 0x1 [0144.009] WriteFile (in: hFile=0x4f4, lpBuffer=0xc000615080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003e5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000615080*, lpNumberOfBytesWritten=0xc0003e5d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.009] CloseHandle (hObject=0x4f4) returned 1 [0144.009] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pk78- 0HqIk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pk78- 0hqik.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-Pk78- 0HqIk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-pk78- 0hqik.lnk"), dwFlags=0x1) returned 1 [0144.011] SetEvent (hEvent=0x5ec) returned 1 [0144.011] WaitForSingleObject (hHandle=0x8d8, dwMilliseconds=0xffffffff) returned 0x0 [0144.030] SetEvent (hEvent=0x324) returned 1 [0144.030] SetEvent (hEvent=0x62c) returned 1 [0144.030] WaitForSingleObject (hHandle=0x8d8, dwMilliseconds=0xffffffff) Thread: id = 88 os_tid = 0x248 [0141.725] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x31d3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x31d3fea0*=0x4f8) returned 1 [0141.725] VirtualQuery (in: lpAddress=0x31d3fec0, lpBuffer=0x31d3fec0, dwLength=0x30 | out: lpBuffer=0x31d3fec0*(BaseAddress=0x31d3f000, AllocationBase=0x31b40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.725] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0141.726] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0141.726] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Bba6tvsVHX1ZrSnNfIY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bba6tvsvhx1zrsnnfiy.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4fc [0141.728] GetConsoleMode (in: hConsoleHandle=0x4fc, lpMode=0xc0001e9cf4 | out: lpMode=0xc0001e9cf4) returned 0 [0141.729] GetFileType (hFile=0x4fc) returned 0x1 [0141.729] GetFileType (hFile=0x4fc) returned 0x1 [0141.729] GetFileInformationByHandle (in: hFile=0x4fc, lpFileInformation=0xc0001e9d44 | out: lpFileInformation=0xc0001e9d44) returned 1 [0141.730] GetFileInformationByHandleEx (in: hFile=0x4fc, FileInformationClass=0x9, lpFileInformation=0xc0001e9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001e9d28) returned 1 [0141.730] ReadFile (in: hFile=0x4fc, lpBuffer=0xc0002b6c00, nNumberOfBytesToRead=0xbf7, lpNumberOfBytesRead=0xc0001e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b6c00*, lpNumberOfBytesRead=0xc0001e9c04*=0x9f7, lpOverlapped=0x0) returned 1 [0142.604] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8e0 [0142.604] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8e4 [0142.604] WaitForSingleObject (hHandle=0x8e0, dwMilliseconds=0xffffffff) returned 0x0 [0143.175] ReadFile (in: hFile=0x4fc, lpBuffer=0xc0002b75f7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b75f7*, lpNumberOfBytesRead=0xc0001e9c04*=0x0, lpOverlapped=0x0) returned 1 [0143.175] CloseHandle (hObject=0x4fc) returned 1 [0143.175] VirtualAlloc (lpAddress=0xc0007c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007c2000 [0143.176] VirtualAlloc (lpAddress=0xc0007c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007c4000 [0143.178] VirtualAlloc (lpAddress=0xc0007c6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007c6000 [0143.179] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Bba6tvsVHX1ZrSnNfIY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bba6tvsvhx1zrsnnfiy.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4fc [0143.180] GetConsoleMode (in: hConsoleHandle=0x4fc, lpMode=0xc0001e9d04 | out: lpMode=0xc0001e9d04) returned 0 [0143.182] GetFileType (hFile=0x4fc) returned 0x1 [0143.183] WriteFile (in: hFile=0x4fc, lpBuffer=0xc0007c2000*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0xc0001e9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0007c2000*, lpNumberOfBytesWritten=0xc0001e9cec*=0xa00, lpOverlapped=0x0) returned 1 [0143.184] CloseHandle (hObject=0x4fc) returned 1 [0143.184] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0143.184] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Bba6tvsVHX1ZrSnNfIY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bba6tvsvhx1zrsnnfiy.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4fc [0143.184] GetConsoleMode (in: hConsoleHandle=0x4fc, lpMode=0xc0001e9d64 | out: lpMode=0xc0001e9d64) returned 0 [0143.191] GetFileType (hFile=0x4fc) returned 0x1 [0143.191] WriteFile (in: hFile=0x4fc, lpBuffer=0xc00007f340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001e9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007f340*, lpNumberOfBytesWritten=0xc0001e9d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.191] CloseHandle (hObject=0x4fc) returned 1 [0143.192] VirtualAlloc (lpAddress=0xc0007c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007c8000 [0143.193] VirtualAlloc (lpAddress=0xc0007ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ca000 [0143.194] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Bba6tvsVHX1ZrSnNfIY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bba6tvsvhx1zrsnnfiy.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-Bba6tvsVHX1ZrSnNfIY.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-bba6tvsvhx1zrsnnfiy.lnk"), dwFlags=0x1) returned 1 [0143.196] SetEvent (hEvent=0x8e8) returned 1 [0143.196] WaitForSingleObject (hHandle=0x8e0, dwMilliseconds=0xffffffff) returned 0x0 [0143.201] SetEvent (hEvent=0x3c8) returned 1 [0143.201] SetEvent (hEvent=0x8f0) returned 1 [0143.201] WaitForSingleObject (hHandle=0x8e0, dwMilliseconds=0xffffffff) returned 0x0 [0143.259] SetEvent (hEvent=0x414) returned 1 [0143.259] WaitForSingleObject (hHandle=0x8e0, dwMilliseconds=0xffffffff) Thread: id = 89 os_tid = 0x790 [0141.731] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x31f3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x31f3fea0*=0x4ec) returned 1 [0141.731] VirtualQuery (in: lpAddress=0x31f3fec0, lpBuffer=0x31f3fec0, dwLength=0x30 | out: lpBuffer=0x31f3fec0*(BaseAddress=0x31f3f000, AllocationBase=0x31d40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.732] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GLGpik5CbMztQ7Qi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\glgpik5cbmztq7qi.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x500 [0141.733] GetConsoleMode (in: hConsoleHandle=0x500, lpMode=0xc00039bcf4 | out: lpMode=0xc00039bcf4) returned 0 [0141.735] GetFileType (hFile=0x500) returned 0x1 [0141.735] GetFileType (hFile=0x500) returned 0x1 [0141.735] GetFileInformationByHandle (in: hFile=0x500, lpFileInformation=0xc00039bd44 | out: lpFileInformation=0xc00039bd44) returned 1 [0141.735] GetFileInformationByHandleEx (in: hFile=0x500, FileInformationClass=0x9, lpFileInformation=0xc00039bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00039bd28) returned 1 [0141.735] ReadFile (in: hFile=0x500, lpBuffer=0xc0004f8500, nNumberOfBytesToRead=0x2211, lpNumberOfBytesRead=0xc00039bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004f8500*, lpNumberOfBytesRead=0xc00039bc04*=0x2011, lpOverlapped=0x0) returned 1 [0142.605] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8e8 [0142.605] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8ec [0142.605] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) returned 0x0 [0143.199] SetEvent (hEvent=0x3c8) returned 1 [0143.199] ReadFile (in: hFile=0x500, lpBuffer=0xc0004fa511, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00039bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004fa511*, lpNumberOfBytesRead=0xc00039bc04*=0x0, lpOverlapped=0x0) returned 1 [0143.200] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) returned 0x0 [0144.037] CloseHandle (hObject=0x500) returned 1 [0144.038] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) returned 0x0 [0144.754] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0144.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GLGpik5CbMztQ7Qi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\glgpik5cbmztq7qi.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0144.757] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00039bd04 | out: lpMode=0xc00039bd04) returned 0 [0144.777] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) returned 0x0 [0145.428] GetFileType (hFile=0x1b0) returned 0x1 [0145.428] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0004f6000*, nNumberOfBytesToWrite=0x2020, lpNumberOfBytesWritten=0xc00039bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0004f6000*, lpNumberOfBytesWritten=0xc00039bcec*=0x2020, lpOverlapped=0x0) returned 1 [0145.430] CloseHandle (hObject=0x1b0) returned 1 [0145.431] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0145.432] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0145.432] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0145.434] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0145.435] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0145.436] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0145.437] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0145.439] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0145.440] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GLGpik5CbMztQ7Qi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\glgpik5cbmztq7qi.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3fc [0145.440] GetConsoleMode (in: hConsoleHandle=0x3fc, lpMode=0xc00039bd64 | out: lpMode=0xc00039bd64) returned 0 [0145.447] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) returned 0x0 [0145.871] GetFileType (hFile=0x3fc) returned 0x1 [0145.871] WriteFile (in: hFile=0x3fc, lpBuffer=0xc000290f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00039bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290f20*, lpNumberOfBytesWritten=0xc00039bd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.871] CloseHandle (hObject=0x3fc) returned 1 [0145.884] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0145.885] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\GLGpik5CbMztQ7Qi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\glgpik5cbmztq7qi.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-GLGpik5CbMztQ7Qi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-glgpik5cbmztq7qi.lnk"), dwFlags=0x1) returned 1 [0150.666] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) returned 0x0 [0151.361] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PEhXrq.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pehxrq.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x510 [0151.362] GetConsoleMode (in: hConsoleHandle=0x510, lpMode=0xc00011bcf4 | out: lpMode=0xc00011bcf4) returned 0 [0151.364] GetFileType (hFile=0x510) returned 0x1 [0151.364] GetFileType (hFile=0x510) returned 0x1 [0151.364] GetFileInformationByHandle (in: hFile=0x510, lpFileInformation=0xc00011bd44 | out: lpFileInformation=0xc00011bd44) returned 1 [0151.365] GetFileInformationByHandleEx (in: hFile=0x510, FileInformationClass=0x9, lpFileInformation=0xc00011bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00011bd28) returned 1 [0151.365] ReadFile (in: hFile=0x510, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xa280, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc00011bc04*=0xa080, lpOverlapped=0x0) returned 1 [0151.366] ReadFile (in: hFile=0x510, lpBuffer=0xc00021c080, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00011bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021c080*, lpNumberOfBytesRead=0xc00011bc04*=0x0, lpOverlapped=0x0) returned 1 [0151.366] CloseHandle (hObject=0x510) returned 1 [0151.367] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PEhXrq.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pehxrq.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x510 [0151.368] GetConsoleMode (in: hConsoleHandle=0x510, lpMode=0xc00011bd04 | out: lpMode=0xc00011bd04) returned 0 [0151.389] GetFileType (hFile=0x510) returned 0x1 [0151.389] WriteFile (in: hFile=0x510, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0xa090, lpNumberOfBytesWritten=0xc00011bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc00011bcec*=0xa090, lpOverlapped=0x0) returned 1 [0151.392] CloseHandle (hObject=0x510) returned 1 [0151.393] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0151.393] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PEhXrq.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pehxrq.bmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x510 [0151.393] GetConsoleMode (in: hConsoleHandle=0x510, lpMode=0xc00011bd64 | out: lpMode=0xc00011bd64) returned 0 [0151.405] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) returned 0x0 [0151.793] GetFileType (hFile=0x510) returned 0x1 [0151.793] WriteFile (in: hFile=0x510, lpBuffer=0xc000284000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00011bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284000*, lpNumberOfBytesWritten=0xc00011bd4c*=0x158, lpOverlapped=0x0) returned 1 [0151.794] CloseHandle (hObject=0x510) returned 1 [0151.794] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\PEhXrq.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\pehxrq.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-PEhXrq.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-pehxrq.bmp"), dwFlags=0x1) returned 1 [0151.798] SetEvent (hEvent=0xa60) returned 1 [0151.798] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) returned 0x0 [0151.831] SetEvent (hEvent=0x9c8) returned 1 [0151.832] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) returned 0x0 [0151.870] VirtualFree (lpAddress=0xc00032a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0151.872] VirtualFree (lpAddress=0xc0002f2000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0151.874] VirtualFree (lpAddress=0xc0002c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.875] VirtualFree (lpAddress=0xc0002b8000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0151.877] VirtualFree (lpAddress=0xc000298000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.878] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.879] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.880] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0151.882] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\OkUCx.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\okucx.ots"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e4 [0151.883] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc00041bcf4 | out: lpMode=0xc00041bcf4) returned 0 [0151.885] GetFileType (hFile=0x2e4) returned 0x1 [0151.886] GetFileType (hFile=0x2e4) returned 0x1 [0151.886] GetFileInformationByHandle (in: hFile=0x2e4, lpFileInformation=0xc00041bd44 | out: lpFileInformation=0xc00041bd44) returned 1 [0151.886] GetFileInformationByHandleEx (in: hFile=0x2e4, FileInformationClass=0x9, lpFileInformation=0xc00041bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00041bd28) returned 1 [0151.886] VirtualAlloc (lpAddress=0xc000358000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000358000 [0151.935] ReadFile (in: hFile=0x2e4, lpBuffer=0xc000358000, nNumberOfBytesToRead=0x109d2, lpNumberOfBytesRead=0xc00041bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000358000*, lpNumberOfBytesRead=0xc00041bc04*=0x107d2, lpOverlapped=0x0) returned 1 [0151.937] ReadFile (in: hFile=0x2e4, lpBuffer=0xc0003687d2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00041bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0003687d2*, lpNumberOfBytesRead=0xc00041bc04*=0x0, lpOverlapped=0x0) returned 1 [0151.937] CloseHandle (hObject=0x2e4) returned 1 [0151.937] VirtualAlloc (lpAddress=0xc0004e0000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004e0000 [0151.942] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\OkUCx.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\okucx.ots"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0151.945] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc00041bd04 | out: lpMode=0xc00041bd04) returned 0 [0151.952] GetFileType (hFile=0x2e4) returned 0x1 [0151.952] WriteFile (in: hFile=0x2e4, lpBuffer=0xc0004e0000*, nNumberOfBytesToWrite=0x107e0, lpNumberOfBytesWritten=0xc00041bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0004e0000*, lpNumberOfBytesWritten=0xc00041bcec*=0x107e0, lpOverlapped=0x0) returned 1 [0151.956] CloseHandle (hObject=0x2e4) returned 1 [0151.957] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0151.957] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0151.960] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\OkUCx.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\okucx.ots"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0151.960] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc00041bd64 | out: lpMode=0xc00041bd64) returned 0 [0151.967] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) returned 0x0 [0152.294] GetFileType (hFile=0x2e4) returned 0x1 [0152.294] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) returned 0x0 [0152.392] SetEvent (hEvent=0xc0) returned 1 [0152.392] SetEvent (hEvent=0x9f0) returned 1 [0152.392] WriteFile (in: hFile=0x2e4, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00041bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc00041bd4c*=0x158, lpOverlapped=0x0) returned 1 [0152.392] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) returned 0x0 [0152.881] SetEvent (hEvent=0xc0) returned 1 [0152.881] SetEvent (hEvent=0x9f0) returned 1 [0152.881] CloseHandle (hObject=0x2e4) returned 1 [0152.881] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) returned 0x0 [0152.931] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) returned 0x0 [0153.078] SetEvent (hEvent=0xbd0) returned 1 [0153.078] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) returned 0x0 [0161.249] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\TwBqafWEHQ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\twbqafwehq.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6c4 [0162.055] GetConsoleMode (in: hConsoleHandle=0x6c4, lpMode=0xc0002a9cf4 | out: lpMode=0xc0002a9cf4) returned 0 [0162.408] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) returned 0x0 [0162.503] GetFileType (hFile=0x6c4) returned 0x1 [0162.504] GetFileType (hFile=0x6c4) returned 0x1 [0162.504] GetFileInformationByHandle (in: hFile=0x6c4, lpFileInformation=0xc0002a9d44 | out: lpFileInformation=0xc0002a9d44) returned 1 [0162.504] GetFileInformationByHandleEx (in: hFile=0x6c4, FileInformationClass=0x9, lpFileInformation=0xc0002a9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a9d28) returned 1 [0162.504] ReadFile (in: hFile=0x6c4, lpBuffer=0xc0005d6000, nNumberOfBytesToRead=0xb8b9, lpNumberOfBytesRead=0xc0002a9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005d6000*, lpNumberOfBytesRead=0xc0002a9c04*=0xb6b9, lpOverlapped=0x0) returned 1 [0162.526] ReadFile (in: hFile=0x6c4, lpBuffer=0xc0005e16b9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005e16b9*, lpNumberOfBytesRead=0xc0002a9c04*=0x0, lpOverlapped=0x0) returned 1 [0162.526] CloseHandle (hObject=0x6c4) returned 1 [0162.526] VirtualAlloc (lpAddress=0xc000680000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000680000 [0162.529] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\TwBqafWEHQ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\twbqafwehq.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6c4 [0162.532] GetConsoleMode (in: hConsoleHandle=0x6c4, lpMode=0xc0002a9d04 | out: lpMode=0xc0002a9d04) returned 0 [0162.540] GetFileType (hFile=0x6c4) returned 0x1 [0162.540] WriteFile (in: hFile=0x6c4, lpBuffer=0xc000680000*, nNumberOfBytesToWrite=0xb6c0, lpNumberOfBytesWritten=0xc0002a9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000680000*, lpNumberOfBytesWritten=0xc0002a9cec*=0xb6c0, lpOverlapped=0x0) returned 1 [0162.543] CloseHandle (hObject=0x6c4) returned 1 [0162.543] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0162.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\TwBqafWEHQ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\twbqafwehq.m4a"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6c4 [0162.544] GetConsoleMode (in: hConsoleHandle=0x6c4, lpMode=0xc0002a9d64 | out: lpMode=0xc0002a9d64) returned 0 [0162.544] GetFileType (hFile=0x6c4) returned 0x1 [0162.544] WriteFile (in: hFile=0x6c4, lpBuffer=0xc0000d7600*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002a9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7600*, lpNumberOfBytesWritten=0xc0002a9d4c*=0x158, lpOverlapped=0x0) returned 1 [0162.544] CloseHandle (hObject=0x6c4) returned 1 [0162.544] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\TwBqafWEHQ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\twbqafwehq.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\encry-TwBqafWEHQ.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\encry-twbqafwehq.m4a"), dwFlags=0x1) returned 1 [0162.546] SetEvent (hEvent=0xa18) returned 1 [0162.546] WaitForSingleObject (hHandle=0x8e8, dwMilliseconds=0xffffffff) Thread: id = 90 os_tid = 0x24c [0141.735] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3213fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3213fea0*=0x508) returned 1 [0141.735] VirtualQuery (in: lpAddress=0x3213fec0, lpBuffer=0x3213fec0, dwLength=0x30 | out: lpBuffer=0x3213fec0*(BaseAddress=0x3213f000, AllocationBase=0x31f40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.736] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x50c [0141.737] GetConsoleMode (in: hConsoleHandle=0x50c, lpMode=0xc0004d9cf4 | out: lpMode=0xc0004d9cf4) returned 0 [0141.738] GetFileType (hFile=0x50c) returned 0x1 [0141.738] GetFileType (hFile=0x50c) returned 0x1 [0141.738] GetFileInformationByHandle (in: hFile=0x50c, lpFileInformation=0xc0004d9d44 | out: lpFileInformation=0xc0004d9d44) returned 1 [0141.738] GetFileInformationByHandleEx (in: hFile=0x50c, FileInformationClass=0x9, lpFileInformation=0xc0004d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004d9d28) returned 1 [0141.738] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x42000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0141.748] ReadFile (in: hFile=0x50c, lpBuffer=0xc00058e000, nNumberOfBytesToRead=0x40200, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesRead=0xc0004d9c04*=0x40000, lpOverlapped=0x0) returned 1 [0142.609] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8f0 [0142.609] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8f4 [0142.609] WaitForSingleObject (hHandle=0x8f0, dwMilliseconds=0xffffffff) returned 0x0 [0143.204] ReadFile (in: hFile=0x50c, lpBuffer=0xc0005ce000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005ce000*, lpNumberOfBytesRead=0xc0004d9c04*=0x0, lpOverlapped=0x0) returned 1 [0143.204] CloseHandle (hObject=0x50c) returned 1 [0143.204] VirtualAlloc (lpAddress=0xc000800000, dwSize=0x42000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0143.213] VirtualAlloc (lpAddress=0xc0007cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007cc000 [0143.214] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0143.215] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat\\*", lpFindFileData=0xc0004d9a08 | out: lpFindFileData=0xc0004d9a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0143.215] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0004d9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0143.215] SetEvent (hEvent=0x8f8) returned 1 [0143.215] WaitForSingleObject (hHandle=0x8f0, dwMilliseconds=0xffffffff) returned 0x0 [0143.236] SetEvent (hEvent=0x604) returned 1 [0143.236] WaitForSingleObject (hHandle=0x8f0, dwMilliseconds=0xffffffff) returned 0x0 [0143.253] SetEvent (hEvent=0xaa8) returned 1 [0143.253] SetEvent (hEvent=0x9d0) returned 1 [0143.253] WaitForSingleObject (hHandle=0x8f0, dwMilliseconds=0xffffffff) returned 0x0 [0143.259] SetEvent (hEvent=0xaa8) returned 1 [0143.259] SetEvent (hEvent=0x15c) returned 1 [0143.259] WaitForSingleObject (hHandle=0x8f0, dwMilliseconds=0xffffffff) returned 0x0 [0143.291] SetEvent (hEvent=0xab8) returned 1 [0143.291] WaitForSingleObject (hHandle=0x8f0, dwMilliseconds=0xffffffff) returned 0x0 [0143.301] SetEvent (hEvent=0xac0) returned 1 [0143.301] WaitForSingleObject (hHandle=0x8f0, dwMilliseconds=0xffffffff) returned 0x0 [0143.327] SetEvent (hEvent=0x254) returned 1 [0143.327] WaitForSingleObject (hHandle=0x8f0, dwMilliseconds=0xffffffff) returned 0x0 [0143.341] SetEvent (hEvent=0xb78) returned 1 [0143.341] WaitForSingleObject (hHandle=0x8f0, dwMilliseconds=0xffffffff) Thread: id = 91 os_tid = 0x69c [0141.749] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3233fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3233fea0*=0x504) returned 1 [0141.749] VirtualQuery (in: lpAddress=0x3233fec0, lpBuffer=0x3233fec0, dwLength=0x30 | out: lpBuffer=0x3233fec0*(BaseAddress=0x3233f000, AllocationBase=0x32140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pr3tvmM8VB9VEp IpuI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pr3tvmm8vb9vep ipui.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x510 [0141.750] GetConsoleMode (in: hConsoleHandle=0x510, lpMode=0xc0003efcf4 | out: lpMode=0xc0003efcf4) returned 0 [0141.754] GetFileType (hFile=0x510) returned 0x1 [0141.754] GetFileType (hFile=0x510) returned 0x1 [0141.754] GetFileInformationByHandle (in: hFile=0x510, lpFileInformation=0xc0003efd44 | out: lpFileInformation=0xc0003efd44) returned 1 [0141.755] GetFileInformationByHandleEx (in: hFile=0x510, FileInformationClass=0x9, lpFileInformation=0xc0003efd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003efd28) returned 1 [0141.755] VirtualAlloc (lpAddress=0xc0004d0000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004d0000 [0141.756] ReadFile (in: hFile=0x510, lpBuffer=0xc0004d0000, nNumberOfBytesToRead=0xc9a, lpNumberOfBytesRead=0xc0003efc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004d0000*, lpNumberOfBytesRead=0xc0003efc04*=0xa9a, lpOverlapped=0x0) returned 1 [0142.610] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8f8 [0142.610] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8fc [0142.610] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0143.220] ReadFile (in: hFile=0x510, lpBuffer=0xc0004d0a9a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003efc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004d0a9a*, lpNumberOfBytesRead=0xc0003efc04*=0x0, lpOverlapped=0x0) returned 1 [0143.220] CloseHandle (hObject=0x510) returned 1 [0143.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pr3tvmM8VB9VEp IpuI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pr3tvmm8vb9vep ipui.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x510 [0143.221] GetConsoleMode (in: hConsoleHandle=0x510, lpMode=0xc0003efd04 | out: lpMode=0xc0003efd04) returned 0 [0143.223] GetFileType (hFile=0x510) returned 0x1 [0143.223] WriteFile (in: hFile=0x510, lpBuffer=0xc000234400*, nNumberOfBytesToWrite=0xaa0, lpNumberOfBytesWritten=0xc0003efcec, lpOverlapped=0x0 | out: lpBuffer=0xc000234400*, lpNumberOfBytesWritten=0xc0003efcec*=0xaa0, lpOverlapped=0x0) returned 1 [0143.224] CloseHandle (hObject=0x510) returned 1 [0143.224] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0143.225] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pr3tvmM8VB9VEp IpuI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pr3tvmm8vb9vep ipui.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x510 [0143.225] GetConsoleMode (in: hConsoleHandle=0x510, lpMode=0xc0003efd64 | out: lpMode=0xc0003efd64) returned 0 [0143.232] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0144.069] SetEvent (hEvent=0x324) returned 1 [0144.069] GetFileType (hFile=0x510) returned 0x1 [0144.069] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0144.801] WriteFile (in: hFile=0x510, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003efd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0003efd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.801] CloseHandle (hObject=0x510) returned 1 [0144.801] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Pr3tvmM8VB9VEp IpuI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\pr3tvmm8vb9vep ipui.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-Pr3tvmM8VB9VEp IpuI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-pr3tvmm8vb9vep ipui.lnk"), dwFlags=0x1) returned 1 [0144.906] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0145.521] SetEvent (hEvent=0xa40) returned 1 [0145.521] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0145.523] SetEvent (hEvent=0x254) returned 1 [0145.523] SetEvent (hEvent=0xa88) returned 1 [0145.523] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0145.527] SetEvent (hEvent=0x254) returned 1 [0145.527] SetEvent (hEvent=0xb80) returned 1 [0145.527] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0145.538] SetEvent (hEvent=0x254) returned 1 [0145.538] VirtualFree (lpAddress=0xc0006f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.539] VirtualFree (lpAddress=0xc000672000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.540] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.541] VirtualFree (lpAddress=0xc00025e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.542] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.542] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.543] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.544] VirtualFree (lpAddress=0xc00010e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.545] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.546] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.547] SetEvent (hEvent=0x43c) returned 1 [0145.547] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0145.550] SetEvent (hEvent=0xc54) returned 1 [0145.550] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0145.561] SetEvent (hEvent=0xae0) returned 1 [0145.561] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0145.582] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x698 [0145.583] GetConsoleMode (in: hConsoleHandle=0x698, lpMode=0xc000155cf4 | out: lpMode=0xc000155cf4) returned 0 [0145.583] GetFileType (hFile=0x698) returned 0x1 [0145.583] GetFileType (hFile=0x698) returned 0x1 [0145.584] GetFileInformationByHandle (in: hFile=0x698, lpFileInformation=0xc000155d44 | out: lpFileInformation=0xc000155d44) returned 1 [0145.584] GetFileInformationByHandleEx (in: hFile=0x698, FileInformationClass=0x9, lpFileInformation=0xc000155d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000155d28) returned 1 [0145.584] ReadFile (in: hFile=0x698, lpBuffer=0xc00010e700, nNumberOfBytesToRead=0x6e2, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc00010e700*, lpNumberOfBytesRead=0xc000155c04*=0x4e2, lpOverlapped=0x0) returned 1 [0145.587] ReadFile (in: hFile=0x698, lpBuffer=0xc00010ebe2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000155c04, lpOverlapped=0x0 | out: lpBuffer=0xc00010ebe2*, lpNumberOfBytesRead=0xc000155c04*=0x0, lpOverlapped=0x0) returned 1 [0145.587] CloseHandle (hObject=0x698) returned 1 [0145.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x698 [0145.590] GetConsoleMode (in: hConsoleHandle=0x698, lpMode=0xc000155d04 | out: lpMode=0xc000155d04) returned 0 [0145.596] GetFileType (hFile=0x698) returned 0x1 [0145.597] WriteFile (in: hFile=0x698, lpBuffer=0xc00016c500*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0xc000155cec, lpOverlapped=0x0 | out: lpBuffer=0xc00016c500*, lpNumberOfBytesWritten=0xc000155cec*=0x4f0, lpOverlapped=0x0) returned 1 [0145.598] CloseHandle (hObject=0x698) returned 1 [0145.598] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b701 | out: pbBuffer=0xc00031b701) returned 1 [0145.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x698 [0145.599] GetConsoleMode (in: hConsoleHandle=0x698, lpMode=0xc000155d64 | out: lpMode=0xc000155d64) returned 0 [0145.601] GetFileType (hFile=0x698) returned 0x1 [0145.601] WriteFile (in: hFile=0x698, lpBuffer=0xc000614c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000155d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614c60*, lpNumberOfBytesWritten=0xc000155d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.601] CloseHandle (hObject=0x698) returned 1 [0145.602] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\On-Screen Keyboard.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\on-screen keyboard.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\encry-On-Screen Keyboard.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\encry-on-screen keyboard.lnk"), dwFlags=0x1) returned 1 [0145.606] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3233fe30*=0x8f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.607] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3233f698, ulCount=0x10, ulNumEntriesRemoved=0x3233f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3233f698, ulNumEntriesRemoved=0x3233f66c) returned 0 [0145.607] SetEvent (hEvent=0xc0) returned 1 [0145.607] SetEvent (hEvent=0x980) returned 1 [0145.607] SetEvent (hEvent=0x920) returned 1 [0145.607] SetEvent (hEvent=0x9e8) returned 1 [0145.609] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3233fe08*=0x8f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.614] SetEvent (hEvent=0x9e8) returned 1 [0145.614] SetEvent (hEvent=0x920) returned 1 [0145.614] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3233fe08*=0x8f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.628] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3233fe30*=0x8f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.629] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3233f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3233f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3233f6a0, ulNumEntriesRemoved=0x3233f674) returned 0 [0145.629] SetEvent (hEvent=0xc0) returned 1 [0145.629] SetEvent (hEvent=0xec) returned 1 [0145.629] SetEvent (hEvent=0x9e8) returned 1 [0145.629] SetEvent (hEvent=0x920) returned 1 [0145.629] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3233fe18*=0x8f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.652] GetFileType (hFile=0x7c4) returned 0x1 [0145.653] GetFileType (hFile=0x7c4) returned 0x1 [0145.653] GetFileInformationByHandle (in: hFile=0x7c4, lpFileInformation=0xc0001cdd44 | out: lpFileInformation=0xc0001cdd44) returned 1 [0145.653] GetFileInformationByHandleEx (in: hFile=0x7c4, FileInformationClass=0x9, lpFileInformation=0xc0001cdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cdd28) returned 1 [0145.653] ReadFile (in: hFile=0x7c4, lpBuffer=0xc000040000, nNumberOfBytesToRead=0x203, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesRead=0xc0001cdc04*=0x3, lpOverlapped=0x0) returned 1 [0145.654] ReadFile (in: hFile=0x7c4, lpBuffer=0xc000040003, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000040003*, lpNumberOfBytesRead=0xc0001cdc04*=0x0, lpOverlapped=0x0) returned 1 [0145.654] CloseHandle (hObject=0x7c4) returned 1 [0145.654] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0145.670] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0145.671] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0145.672] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc0001cdd04 | out: lpMode=0xc0001cdd04) returned 0 [0145.675] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0146.174] GetFileType (hFile=0x7c4) returned 0x1 [0146.174] WriteFile (in: hFile=0x7c4, lpBuffer=0xc000586450*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0001cdcec, lpOverlapped=0x0 | out: lpBuffer=0xc000586450*, lpNumberOfBytesWritten=0xc0001cdcec*=0x10, lpOverlapped=0x0) returned 1 [0146.175] CloseHandle (hObject=0x7c4) returned 1 [0146.175] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0146.175] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0146.176] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc0001cdd64 | out: lpMode=0xc0001cdd64) returned 0 [0146.176] GetFileType (hFile=0x7c4) returned 0x1 [0146.176] WriteFile (in: hFile=0x7c4, lpBuffer=0xc000290420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001cdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290420*, lpNumberOfBytesWritten=0xc0001cdd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.176] CloseHandle (hObject=0x7c4) returned 1 [0146.177] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\encry-Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\encry-compressed (zipped) folder.zfsendtotarget"), dwFlags=0x1) returned 1 [0146.178] SetEvent (hEvent=0x920) returned 1 [0146.178] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0146.181] SetEvent (hEvent=0xa80) returned 1 [0146.181] SetEvent (hEvent=0xbc8) returned 1 [0146.181] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0146.191] SetEvent (hEvent=0xa88) returned 1 [0146.191] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0146.213] SetEvent (hEvent=0xb80) returned 1 [0146.213] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0146.230] SetEvent (hEvent=0xc80) returned 1 [0146.230] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0148.058] GetFileType (hFile=0x8a0) returned 0x1 [0148.058] GetFileType (hFile=0x8a0) returned 0x1 [0148.058] GetFileInformationByHandle (in: hFile=0x8a0, lpFileInformation=0xc000211d44 | out: lpFileInformation=0xc000211d44) returned 1 [0148.059] GetFileInformationByHandleEx (in: hFile=0x8a0, FileInformationClass=0x9, lpFileInformation=0xc000211d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000211d28) returned 1 [0148.059] VirtualAlloc (lpAddress=0xc00056a000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00056a000 [0148.061] ReadFile (in: hFile=0x8a0, lpBuffer=0xc00056a000, nNumberOfBytesToRead=0x18200, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc00056a000*, lpNumberOfBytesRead=0xc000211c04*=0x18000, lpOverlapped=0x0) returned 1 [0148.881] ReadFile (in: hFile=0x8a0, lpBuffer=0xc000582000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000211c04, lpOverlapped=0x0 | out: lpBuffer=0xc000582000*, lpNumberOfBytesRead=0xc000211c04*=0x0, lpOverlapped=0x0) returned 1 [0148.881] CloseHandle (hObject=0x8a0) returned 1 [0148.881] VirtualAlloc (lpAddress=0xc00077e000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00077e000 [0148.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x510 [0150.600] GetConsoleMode (in: hConsoleHandle=0x510, lpMode=0xc000211d04 | out: lpMode=0xc000211d04) returned 0 [0150.600] GetFileType (hFile=0x510) returned 0x1 [0150.600] WriteFile (in: hFile=0x510, lpBuffer=0xc00077e000*, nNumberOfBytesToWrite=0x18010, lpNumberOfBytesWritten=0xc000211cec, lpOverlapped=0x0 | out: lpBuffer=0xc00077e000*, lpNumberOfBytesWritten=0xc000211cec*=0x18010, lpOverlapped=0x0) returned 1 [0150.610] SetEvent (hEvent=0xc0) returned 1 [0150.610] CloseHandle (hObject=0x510) returned 1 [0150.733] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0150.754] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3401 | out: pbBuffer=0xc0001c3401) returned 1 [0150.754] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0150.756] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x890 [0150.756] GetConsoleMode (in: hConsoleHandle=0x890, lpMode=0xc000211d64 | out: lpMode=0xc000211d64) returned 0 [0150.757] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0150.803] GetFileType (hFile=0x890) returned 0x1 [0150.803] WriteFile (in: hFile=0x890, lpBuffer=0xc000104580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000211d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104580*, lpNumberOfBytesWritten=0xc000211d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.803] CloseHandle (hObject=0x890) returned 1 [0150.803] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0150.805] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0150.806] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-webappsstore.sqlite"), dwFlags=0x1) returned 1 [0151.978] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0152.293] SetEvent (hEvent=0xb48) returned 1 [0152.293] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0152.296] SetEvent (hEvent=0xb40) returned 1 [0152.296] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0152.307] SetEvent (hEvent=0x354) returned 1 [0152.307] SetEvent (hEvent=0x9a8) returned 1 [0152.307] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) returned 0x0 [0161.365] SetEvent (hEvent=0xc1c) returned 1 [0161.365] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0161.367] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x524 [0162.033] GetConsoleMode (in: hConsoleHandle=0x524, lpMode=0xc000367cf4 | out: lpMode=0xc000367cf4) returned 0 [0162.339] GetFileType (hFile=0x524) returned 0x1 [0162.340] GetFileType (hFile=0x524) returned 0x1 [0162.340] GetFileInformationByHandle (in: hFile=0x524, lpFileInformation=0xc000367d44 | out: lpFileInformation=0xc000367d44) returned 1 [0162.340] GetFileInformationByHandleEx (in: hFile=0x524, FileInformationClass=0x9, lpFileInformation=0xc000367d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000367d28) returned 1 [0162.340] ReadFile (in: hFile=0x524, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x3f8, lpNumberOfBytesRead=0xc000367c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc000367c04*=0x1f8, lpOverlapped=0x0) returned 1 [0162.341] ReadFile (in: hFile=0x524, lpBuffer=0xc00003c1f8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000367c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c1f8*, lpNumberOfBytesRead=0xc000367c04*=0x0, lpOverlapped=0x0) returned 1 [0162.341] CloseHandle (hObject=0x524) returned 1 [0162.342] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.342] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini\\*", lpFindFileData=0xc000367a08 | out: lpFindFileData=0xc000367a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.342] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000367720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.342] SetEvent (hEvent=0xb70) returned 1 [0162.342] WaitForSingleObject (hHandle=0x8f8, dwMilliseconds=0xffffffff) Thread: id = 92 os_tid = 0x3f8 [0141.757] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3253fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3253fea0*=0x518) returned 1 [0141.757] VirtualQuery (in: lpAddress=0x3253fec0, lpBuffer=0x3253fec0, dwLength=0x30 | out: lpBuffer=0x3253fec0*(BaseAddress=0x3253f000, AllocationBase=0x32340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.757] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\C 8U8ApsNoX.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\c 8u8apsnox.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x51c [0141.758] GetConsoleMode (in: hConsoleHandle=0x51c, lpMode=0xc0001a1cf4 | out: lpMode=0xc0001a1cf4) returned 0 [0141.759] GetFileType (hFile=0x51c) returned 0x1 [0141.759] GetFileType (hFile=0x51c) returned 0x1 [0141.759] GetFileInformationByHandle (in: hFile=0x51c, lpFileInformation=0xc0001a1d44 | out: lpFileInformation=0xc0001a1d44) returned 1 [0141.759] GetFileInformationByHandleEx (in: hFile=0x51c, FileInformationClass=0x9, lpFileInformation=0xc0001a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a1d28) returned 1 [0141.759] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0141.760] ReadFile (in: hFile=0x51c, lpBuffer=0xc0001dc000, nNumberOfBytesToRead=0x1b95, lpNumberOfBytesRead=0xc0001a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001dc000*, lpNumberOfBytesRead=0xc0001a1c04*=0x1995, lpOverlapped=0x0) returned 1 [0142.612] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x900 [0142.612] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x904 [0142.612] WaitForSingleObject (hHandle=0x900, dwMilliseconds=0xffffffff) returned 0x0 [0143.245] ReadFile (in: hFile=0x51c, lpBuffer=0xc0001dd995, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001dd995*, lpNumberOfBytesRead=0xc0001a1c04*=0x0, lpOverlapped=0x0) returned 1 [0143.245] CloseHandle (hObject=0x51c) returned 1 [0143.245] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\C 8U8ApsNoX.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\c 8u8apsnox.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x51c [0143.247] GetConsoleMode (in: hConsoleHandle=0x51c, lpMode=0xc0001a1d04 | out: lpMode=0xc0001a1d04) returned 0 [0143.253] GetFileType (hFile=0x51c) returned 0x1 [0143.253] WriteFile (in: hFile=0x51c, lpBuffer=0xc0004e1a80*, nNumberOfBytesToWrite=0x19a0, lpNumberOfBytesWritten=0xc0001a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0004e1a80*, lpNumberOfBytesWritten=0xc0001a1cec*=0x19a0, lpOverlapped=0x0) returned 1 [0143.254] CloseHandle (hObject=0x51c) returned 1 [0143.255] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0143.255] VirtualAlloc (lpAddress=0xc0007ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ce000 [0143.256] VirtualAlloc (lpAddress=0xc0007d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007d0000 [0143.257] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\C 8U8ApsNoX.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\c 8u8apsnox.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x51c [0143.257] GetConsoleMode (in: hConsoleHandle=0x51c, lpMode=0xc0001a1d64 | out: lpMode=0xc0001a1d64) returned 0 [0143.258] WaitForSingleObject (hHandle=0x900, dwMilliseconds=0xffffffff) returned 0x0 [0144.144] GetFileType (hFile=0x51c) returned 0x1 [0144.144] WriteFile (in: hFile=0x51c, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc0001a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.145] CloseHandle (hObject=0x51c) returned 1 [0144.145] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\C 8U8ApsNoX.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\c 8u8apsnox.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-C 8U8ApsNoX.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-c 8u8apsnox.lnk"), dwFlags=0x1) returned 1 [0144.147] SetEvent (hEvent=0x9d8) returned 1 [0144.147] WaitForSingleObject (hHandle=0x900, dwMilliseconds=0xffffffff) returned 0x0 [0144.156] SetEvent (hEvent=0xbc0) returned 1 [0144.156] SetEvent (hEvent=0x1d4) returned 1 [0144.156] WaitForSingleObject (hHandle=0x900, dwMilliseconds=0xffffffff) Thread: id = 93 os_tid = 0x760 [0141.762] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3273fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3273fea0*=0x520) returned 1 [0141.762] VirtualQuery (in: lpAddress=0x3273fec0, lpBuffer=0x3273fec0, dwLength=0x30 | out: lpBuffer=0x3273fec0*(BaseAddress=0x3273f000, AllocationBase=0x32540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.762] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\G_thYPOc-7akcO8.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\g_thypoc-7akco8.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x524 [0141.763] GetConsoleMode (in: hConsoleHandle=0x524, lpMode=0xc00039dcf4 | out: lpMode=0xc00039dcf4) returned 0 [0141.764] GetFileType (hFile=0x524) returned 0x1 [0141.764] GetFileType (hFile=0x524) returned 0x1 [0141.765] GetFileInformationByHandle (in: hFile=0x524, lpFileInformation=0xc00039dd44 | out: lpFileInformation=0xc00039dd44) returned 1 [0141.765] GetFileInformationByHandleEx (in: hFile=0x524, FileInformationClass=0x9, lpFileInformation=0xc00039dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00039dd28) returned 1 [0141.765] ReadFile (in: hFile=0x524, lpBuffer=0xc000284800, nNumberOfBytesToRead=0x1537, lpNumberOfBytesRead=0xc00039dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000284800*, lpNumberOfBytesRead=0xc00039dc04*=0x1337, lpOverlapped=0x0) returned 1 [0142.613] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x908 [0142.613] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x90c [0142.613] WaitForSingleObject (hHandle=0x908, dwMilliseconds=0xffffffff) returned 0x0 [0143.295] SetEvent (hEvent=0x414) returned 1 [0143.295] ReadFile (in: hFile=0x524, lpBuffer=0xc000285b37, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00039dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000285b37*, lpNumberOfBytesRead=0xc00039dc04*=0x0, lpOverlapped=0x0) returned 1 [0143.296] CloseHandle (hObject=0x524) returned 1 [0143.296] VirtualAlloc (lpAddress=0xc0007d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007d2000 [0143.297] VirtualAlloc (lpAddress=0xc0007d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007d4000 [0143.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\G_thYPOc-7akcO8.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\g_thypoc-7akco8.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x524 [0143.299] GetConsoleMode (in: hConsoleHandle=0x524, lpMode=0xc00039dd04 | out: lpMode=0xc00039dd04) returned 0 [0143.300] WaitForSingleObject (hHandle=0x908, dwMilliseconds=0xffffffff) returned 0x0 [0144.206] GetFileType (hFile=0x524) returned 0x1 [0144.206] WriteFile (in: hFile=0x524, lpBuffer=0xc00072ca00*, nNumberOfBytesToWrite=0x1340, lpNumberOfBytesWritten=0xc00039dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00072ca00*, lpNumberOfBytesWritten=0xc00039dcec*=0x1340, lpOverlapped=0x0) returned 1 [0144.208] CloseHandle (hObject=0x524) returned 1 [0144.208] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533801 | out: pbBuffer=0xc000533801) returned 1 [0144.208] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0144.209] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\G_thYPOc-7akcO8.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\g_thypoc-7akco8.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x524 [0144.210] GetConsoleMode (in: hConsoleHandle=0x524, lpMode=0xc00039dd64 | out: lpMode=0xc00039dd64) returned 0 [0144.216] WaitForSingleObject (hHandle=0x908, dwMilliseconds=0xffffffff) returned 0x0 [0144.582] SetEvent (hEvent=0xbb8) returned 1 [0144.582] WaitForSingleObject (hHandle=0x908, dwMilliseconds=0xffffffff) Thread: id = 94 os_tid = 0x330 [0141.765] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3293fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3293fea0*=0x514) returned 1 [0141.766] VirtualQuery (in: lpAddress=0x3293fec0, lpBuffer=0x3293fec0, dwLength=0x30 | out: lpBuffer=0x3293fec0*(BaseAddress=0x3293f000, AllocationBase=0x32740000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.766] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x528 [0141.767] GetConsoleMode (in: hConsoleHandle=0x528, lpMode=0xc0001fbcf4 | out: lpMode=0xc0001fbcf4) returned 0 [0141.769] GetFileType (hFile=0x528) returned 0x1 [0141.769] GetFileType (hFile=0x528) returned 0x1 [0141.769] GetFileInformationByHandle (in: hFile=0x528, lpFileInformation=0xc0001fbd44 | out: lpFileInformation=0xc0001fbd44) returned 1 [0141.769] GetFileInformationByHandleEx (in: hFile=0x528, FileInformationClass=0x9, lpFileInformation=0xc0001fbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fbd28) returned 1 [0141.769] VirtualAlloc (lpAddress=0xc000332000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000332000 [0141.771] ReadFile (in: hFile=0x528, lpBuffer=0xc000332000, nNumberOfBytesToRead=0x102b, lpNumberOfBytesRead=0xc0001fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000332000*, lpNumberOfBytesRead=0xc0001fbc04*=0xe2b, lpOverlapped=0x0) returned 1 [0142.614] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x910 [0142.614] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x914 [0142.614] WaitForSingleObject (hHandle=0x910, dwMilliseconds=0xffffffff) returned 0x0 [0143.305] ReadFile (in: hFile=0x528, lpBuffer=0xc000332e2b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000332e2b*, lpNumberOfBytesRead=0xc0001fbc04*=0x0, lpOverlapped=0x0) returned 1 [0143.305] CloseHandle (hObject=0x528) returned 1 [0143.305] VirtualAlloc (lpAddress=0xc0007d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007d6000 [0143.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x528 [0143.308] GetConsoleMode (in: hConsoleHandle=0x528, lpMode=0xc0001fbd04 | out: lpMode=0xc0001fbd04) returned 0 [0143.326] WaitForSingleObject (hHandle=0x910, dwMilliseconds=0xffffffff) returned 0x0 [0144.217] GetFileType (hFile=0x528) returned 0x1 [0144.217] WriteFile (in: hFile=0x528, lpBuffer=0xc0007d6000*, nNumberOfBytesToWrite=0xe30, lpNumberOfBytesWritten=0xc0001fbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0007d6000*, lpNumberOfBytesWritten=0xc0001fbcec*=0xe30, lpOverlapped=0x0) returned 1 [0144.218] CloseHandle (hObject=0x528) returned 1 [0144.219] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0144.219] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x528 [0144.219] GetConsoleMode (in: hConsoleHandle=0x528, lpMode=0xc0001fbd64 | out: lpMode=0xc0001fbd64) returned 0 [0144.225] GetFileType (hFile=0x528) returned 0x1 [0144.225] WriteFile (in: hFile=0x528, lpBuffer=0xc0006149a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001fbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006149a0*, lpNumberOfBytesWritten=0xc0001fbd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.225] CloseHandle (hObject=0x528) returned 1 [0144.226] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0144.227] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0144.228] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\documents.library-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\encry-Documents.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\encry-documents.library-ms"), dwFlags=0x1) returned 1 [0144.231] SetEvent (hEvent=0x2f4) returned 1 [0144.231] WaitForSingleObject (hHandle=0x910, dwMilliseconds=0xffffffff) returned 0x0 [0144.243] SetEvent (hEvent=0x198) returned 1 [0144.244] WaitForSingleObject (hHandle=0x910, dwMilliseconds=0xffffffff) Thread: id = 95 os_tid = 0x710 [0141.771] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x32b3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x32b3fea0*=0x530) returned 1 [0141.771] VirtualQuery (in: lpAddress=0x32b3fec0, lpBuffer=0x32b3fec0, dwLength=0x30 | out: lpBuffer=0x32b3fec0*(BaseAddress=0x32b3f000, AllocationBase=0x32940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.772] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QlKeywISbwT_7p T.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qlkeywisbwt_7p t.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x534 [0141.774] GetConsoleMode (in: hConsoleHandle=0x534, lpMode=0xc0003e1cf4 | out: lpMode=0xc0003e1cf4) returned 0 [0141.774] GetFileType (hFile=0x534) returned 0x1 [0141.774] GetFileType (hFile=0x534) returned 0x1 [0141.774] GetFileInformationByHandle (in: hFile=0x534, lpFileInformation=0xc0003e1d44 | out: lpFileInformation=0xc0003e1d44) returned 1 [0141.774] GetFileInformationByHandleEx (in: hFile=0x534, FileInformationClass=0x9, lpFileInformation=0xc0003e1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003e1d28) returned 1 [0141.774] ReadFile (in: hFile=0x534, lpBuffer=0xc0000ea800, nNumberOfBytesToRead=0x160c, lpNumberOfBytesRead=0xc0003e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea800*, lpNumberOfBytesRead=0xc0003e1c04*=0x140c, lpOverlapped=0x0) returned 1 [0142.615] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x918 [0142.615] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x91c [0142.615] WaitForSingleObject (hHandle=0x918, dwMilliseconds=0xffffffff) returned 0x0 [0143.336] SetEvent (hEvent=0xac0) returned 1 [0143.336] ReadFile (in: hFile=0x534, lpBuffer=0xc0000ebc0c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003e1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ebc0c*, lpNumberOfBytesRead=0xc0003e1c04*=0x0, lpOverlapped=0x0) returned 1 [0143.337] CloseHandle (hObject=0x534) returned 1 [0143.337] VirtualAlloc (lpAddress=0xc0007d8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007d8000 [0143.338] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QlKeywISbwT_7p T.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qlkeywisbwt_7p t.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x534 [0143.340] GetConsoleMode (in: hConsoleHandle=0x534, lpMode=0xc0003e1d04 | out: lpMode=0xc0003e1d04) returned 0 [0143.341] WaitForSingleObject (hHandle=0x918, dwMilliseconds=0xffffffff) returned 0x0 [0143.978] GetFileType (hFile=0x534) returned 0x1 [0143.978] WriteFile (in: hFile=0x534, lpBuffer=0xc0007d8000*, nNumberOfBytesToWrite=0x1410, lpNumberOfBytesWritten=0xc0003e1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0007d8000*, lpNumberOfBytesWritten=0xc0003e1cec*=0x1410, lpOverlapped=0x0) returned 1 [0143.979] CloseHandle (hObject=0x534) returned 1 [0143.980] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533801 | out: pbBuffer=0xc000533801) returned 1 [0143.980] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QlKeywISbwT_7p T.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qlkeywisbwt_7p t.mkv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x534 [0143.980] GetConsoleMode (in: hConsoleHandle=0x534, lpMode=0xc0003e1d64 | out: lpMode=0xc0003e1d64) returned 0 [0143.987] GetFileType (hFile=0x534) returned 0x1 [0143.987] WriteFile (in: hFile=0x534, lpBuffer=0xc0006158c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003e1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006158c0*, lpNumberOfBytesWritten=0xc0003e1d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.987] CloseHandle (hObject=0x534) returned 1 [0143.987] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\QlKeywISbwT_7p T.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qlkeywisbwt_7p t.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-QlKeywISbwT_7p T.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-qlkeywisbwt_7p t.mkv.lnk"), dwFlags=0x1) returned 1 [0143.989] SetEvent (hEvent=0x9e8) returned 1 [0143.989] WaitForSingleObject (hHandle=0x918, dwMilliseconds=0xffffffff) returned 0x0 [0144.000] SetEvent (hEvent=0x324) returned 1 [0144.000] SetEvent (hEvent=0x920) returned 1 [0144.000] WaitForSingleObject (hHandle=0x918, dwMilliseconds=0xffffffff) returned 0x0 [0144.008] SetEvent (hEvent=0x8d8) returned 1 [0144.008] WaitForSingleObject (hHandle=0x918, dwMilliseconds=0xffffffff) Thread: id = 96 os_tid = 0x38c [0141.783] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x32d3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x32d3fea0*=0x538) returned 1 [0141.783] VirtualQuery (in: lpAddress=0x32d3fec0, lpBuffer=0x32d3fec0, dwLength=0x30 | out: lpBuffer=0x32d3fec0*(BaseAddress=0x32d3f000, AllocationBase=0x32b40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.783] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CBj_-_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cbj_-_.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x53c [0141.784] GetConsoleMode (in: hConsoleHandle=0x53c, lpMode=0xc0001e5cf4 | out: lpMode=0xc0001e5cf4) returned 0 [0141.785] GetFileType (hFile=0x53c) returned 0x1 [0141.786] GetFileType (hFile=0x53c) returned 0x1 [0141.786] GetFileInformationByHandle (in: hFile=0x53c, lpFileInformation=0xc0001e5d44 | out: lpFileInformation=0xc0001e5d44) returned 1 [0141.786] GetFileInformationByHandleEx (in: hFile=0x53c, FileInformationClass=0x9, lpFileInformation=0xc0001e5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001e5d28) returned 1 [0141.786] ReadFile (in: hFile=0x53c, lpBuffer=0xc0002c0c00, nNumberOfBytesToRead=0x1151, lpNumberOfBytesRead=0xc0001e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002c0c00*, lpNumberOfBytesRead=0xc0001e5c04*=0xf51, lpOverlapped=0x0) returned 1 [0142.617] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x920 [0142.617] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x924 [0142.617] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0143.346] ReadFile (in: hFile=0x53c, lpBuffer=0xc0002c1b51, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002c1b51*, lpNumberOfBytesRead=0xc0001e5c04*=0x0, lpOverlapped=0x0) returned 1 [0143.346] CloseHandle (hObject=0x53c) returned 1 [0143.346] VirtualAlloc (lpAddress=0xc0007dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007dc000 [0143.347] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CBj_-_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cbj_-_.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x53c [0143.348] GetConsoleMode (in: hConsoleHandle=0x53c, lpMode=0xc0001e5d04 | out: lpMode=0xc0001e5d04) returned 0 [0143.360] GetFileType (hFile=0x53c) returned 0x1 [0143.360] WriteFile (in: hFile=0x53c, lpBuffer=0xc0007d7000*, nNumberOfBytesToWrite=0xf60, lpNumberOfBytesWritten=0xc0001e5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0007d7000*, lpNumberOfBytesWritten=0xc0001e5cec*=0xf60, lpOverlapped=0x0) returned 1 [0143.362] CloseHandle (hObject=0x53c) returned 1 [0143.362] VirtualAlloc (lpAddress=0xc0007de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007de000 [0143.363] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0143.363] VirtualAlloc (lpAddress=0xc0007e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007e0000 [0143.364] VirtualAlloc (lpAddress=0xc0007e2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007e2000 [0143.365] VirtualAlloc (lpAddress=0xc0007e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007e4000 [0143.367] VirtualAlloc (lpAddress=0xc0007e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007e6000 [0143.368] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CBj_-_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cbj_-_.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x53c [0143.368] GetConsoleMode (in: hConsoleHandle=0x53c, lpMode=0xc0001e5d64 | out: lpMode=0xc0001e5d64) returned 0 [0143.373] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0144.005] GetFileType (hFile=0x53c) returned 0x1 [0144.005] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0144.707] WriteFile (in: hFile=0x53c, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001e5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001e5d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.707] CloseHandle (hObject=0x53c) returned 1 [0144.708] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CBj_-_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cbj_-_.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-CBj_-_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-cbj_-_.lnk"), dwFlags=0x1) returned 1 [0144.710] SetEvent (hEvent=0xc74) returned 1 [0144.710] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0144.739] SetEvent (hEvent=0xa88) returned 1 [0144.739] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0144.753] SetEvent (hEvent=0x8e8) returned 1 [0144.753] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0145.448] SetEvent (hEvent=0xb40) returned 1 [0145.448] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0145.457] SetEvent (hEvent=0xa48) returned 1 [0145.457] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0145.475] VirtualFree (lpAddress=0xc000774000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.476] VirtualFree (lpAddress=0xc000762000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.477] VirtualFree (lpAddress=0xc000514000, dwSize=0x1c000, dwFreeType=0x4000) returned 1 [0145.479] VirtualFree (lpAddress=0xc0004f6000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0145.480] VirtualFree (lpAddress=0xc00027c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0145.481] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.482] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.482] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.483] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0145.484] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.485] VirtualFree (lpAddress=0xc000110000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.486] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0145.487] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.487] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.488] SetEvent (hEvent=0x274) returned 1 [0145.488] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0145.495] SetEvent (hEvent=0xc4c) returned 1 [0145.495] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0145.520] SetEvent (hEvent=0xa10) returned 1 [0145.520] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0145.526] SetEvent (hEvent=0xbb0) returned 1 [0145.526] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0145.537] SetEvent (hEvent=0x898) returned 1 [0145.537] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0145.583] SetEvent (hEvent=0x9f0) returned 1 [0145.583] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0145.600] SetEvent (hEvent=0xb10) returned 1 [0145.600] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0145.606] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0145.611] SetEvent (hEvent=0xc5c) returned 1 [0145.611] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0145.618] SetEvent (hEvent=0x8f8) returned 1 [0145.618] SetEvent (hEvent=0xc0c) returned 1 [0145.618] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0145.630] SetEvent (hEvent=0x8f8) returned 1 [0145.630] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.631] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0145.632] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.633] VirtualFree (lpAddress=0xc00010e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0145.634] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.635] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0145.636] VirtualFree (lpAddress=0xc000070000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0145.637] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.637] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.638] SetEvent (hEvent=0x3c4) returned 1 [0145.638] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0145.675] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0145.676] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x698 [0145.677] GetConsoleMode (in: hConsoleHandle=0x698, lpMode=0xc000135cf4 | out: lpMode=0xc000135cf4) returned 0 [0145.681] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0146.179] SetEvent (hEvent=0xa80) returned 1 [0146.179] GetFileType (hFile=0x698) returned 0x1 [0146.179] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0146.306] SetEvent (hEvent=0xc24) returned 1 [0146.306] SetEvent (hEvent=0xbd0) returned 1 [0146.306] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0146.311] SetEvent (hEvent=0xb68) returned 1 [0146.311] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0147.931] SetEvent (hEvent=0xb20) returned 1 [0147.931] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0147.939] VirtualFree (lpAddress=0xc000800000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0147.941] VirtualFree (lpAddress=0xc000786000, dwSize=0x7a000, dwFreeType=0x4000) returned 1 [0147.944] VirtualFree (lpAddress=0xc0006c6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.945] VirtualFree (lpAddress=0xc0002d0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.946] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.946] VirtualFree (lpAddress=0xc0002b8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.947] VirtualFree (lpAddress=0xc000260000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.948] VirtualFree (lpAddress=0xc00025a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.948] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0147.949] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.949] VirtualFree (lpAddress=0xc000222000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.950] SetEvent (hEvent=0xc44) returned 1 [0147.950] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0148.026] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0148.027] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0148.028] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0148.029] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0148.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YBaYP.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ybayp.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x818 [0148.031] GetConsoleMode (in: hConsoleHandle=0x818, lpMode=0xc0001d9cf4 | out: lpMode=0xc0001d9cf4) returned 0 [0148.033] GetFileType (hFile=0x818) returned 0x1 [0148.033] GetFileType (hFile=0x818) returned 0x1 [0148.033] GetFileInformationByHandle (in: hFile=0x818, lpFileInformation=0xc0001d9d44 | out: lpFileInformation=0xc0001d9d44) returned 1 [0148.033] GetFileInformationByHandleEx (in: hFile=0x818, FileInformationClass=0x9, lpFileInformation=0xc0001d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d9d28) returned 1 [0148.033] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0148.035] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0148.038] ReadFile (in: hFile=0x818, lpBuffer=0xc000542000, nNumberOfBytesToRead=0x696e, lpNumberOfBytesRead=0xc0001d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesRead=0xc0001d9c04*=0x676e, lpOverlapped=0x0) returned 1 [0148.674] ReadFile (in: hFile=0x818, lpBuffer=0xc00054876e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00054876e*, lpNumberOfBytesRead=0xc0001d9c04*=0x0, lpOverlapped=0x0) returned 1 [0148.674] CloseHandle (hObject=0x818) returned 1 [0148.675] VirtualAlloc (lpAddress=0xc0003c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c8000 [0148.676] VirtualAlloc (lpAddress=0xc0003d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d4000 [0148.700] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YBaYP.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ybayp.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0150.612] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc0001d9d04 | out: lpMode=0xc0001d9d04) returned 0 [0150.614] GetFileType (hFile=0x7a0) returned 0x1 [0150.614] WriteFile (in: hFile=0x7a0, lpBuffer=0xc00055ca80*, nNumberOfBytesToWrite=0x6770, lpNumberOfBytesWritten=0xc0001d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00055ca80*, lpNumberOfBytesWritten=0xc0001d9cec*=0x6770, lpOverlapped=0x0) returned 1 [0150.616] CloseHandle (hObject=0x7a0) returned 1 [0150.729] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0150.739] SetEvent (hEvent=0xb50) returned 1 [0150.739] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533a01 | out: pbBuffer=0xc000533a01) returned 1 [0150.739] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0150.740] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YBaYP.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ybayp.m4a"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d4 [0150.740] GetConsoleMode (in: hConsoleHandle=0x3d4, lpMode=0xc0001d9d64 | out: lpMode=0xc0001d9d64) returned 0 [0150.751] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0150.762] GetFileType (hFile=0x3d4) returned 0x1 [0150.762] WriteFile (in: hFile=0x3d4, lpBuffer=0xc000104580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104580*, lpNumberOfBytesWritten=0xc0001d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.762] CloseHandle (hObject=0x3d4) returned 1 [0150.764] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0150.794] SetEvent (hEvent=0xb50) returned 1 [0150.794] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YBaYP.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ybayp.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-YBaYP.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-ybayp.m4a"), dwFlags=0x1) returned 1 [0153.077] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0153.174] SetEvent (hEvent=0xc64) returned 1 [0153.174] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0161.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\LLYs3yiQVYC_7Z9szy.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\llys3yiqvyc_7z9szy.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d4 [0162.057] GetConsoleMode (in: hConsoleHandle=0x3d4, lpMode=0xc00012dcf4 | out: lpMode=0xc00012dcf4) returned 0 [0162.410] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) returned 0x0 [0162.583] SetEvent (hEvent=0x9a8) returned 1 [0162.583] WaitForSingleObject (hHandle=0x920, dwMilliseconds=0xffffffff) Thread: id = 97 os_tid = 0x15c [0141.795] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x32f3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x32f3fea0*=0x540) returned 1 [0141.795] VirtualQuery (in: lpAddress=0x32f3fec0, lpBuffer=0x32f3fec0, dwLength=0x30 | out: lpBuffer=0x32f3fec0*(BaseAddress=0x32f3f000, AllocationBase=0x32d40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.795] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H8Eiq3-yxnk9.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h8eiq3-yxnk9.ots.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x544 [0141.797] GetConsoleMode (in: hConsoleHandle=0x544, lpMode=0xc0003a7cf4 | out: lpMode=0xc0003a7cf4) returned 0 [0141.799] GetFileType (hFile=0x544) returned 0x1 [0141.799] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0141.800] GetFileType (hFile=0x544) returned 0x1 [0141.800] GetFileInformationByHandle (in: hFile=0x544, lpFileInformation=0xc0003a7d44 | out: lpFileInformation=0xc0003a7d44) returned 1 [0141.800] GetFileInformationByHandleEx (in: hFile=0x544, FileInformationClass=0x9, lpFileInformation=0xc0003a7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003a7d28) returned 1 [0141.800] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0141.801] ReadFile (in: hFile=0x544, lpBuffer=0xc000130000, nNumberOfBytesToRead=0x590, lpNumberOfBytesRead=0xc0003a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000130000*, lpNumberOfBytesRead=0xc0003a7c04*=0x390, lpOverlapped=0x0) returned 1 [0142.618] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x928 [0142.618] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x92c [0142.618] WaitForSingleObject (hHandle=0x928, dwMilliseconds=0xffffffff) returned 0x0 [0143.387] ReadFile (in: hFile=0x544, lpBuffer=0xc000130390, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003a7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000130390*, lpNumberOfBytesRead=0xc0003a7c04*=0x0, lpOverlapped=0x0) returned 1 [0143.387] CloseHandle (hObject=0x544) returned 1 [0143.387] VirtualAlloc (lpAddress=0xc0007e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007e8000 [0143.388] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H8Eiq3-yxnk9.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h8eiq3-yxnk9.ots.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x544 [0143.389] GetConsoleMode (in: hConsoleHandle=0x544, lpMode=0xc0003a7d04 | out: lpMode=0xc0003a7d04) returned 0 [0143.390] GetFileType (hFile=0x544) returned 0x1 [0143.390] WriteFile (in: hFile=0x544, lpBuffer=0xc0007e8000*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0xc0003a7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0007e8000*, lpNumberOfBytesWritten=0xc0003a7cec*=0x3a0, lpOverlapped=0x0) returned 1 [0143.391] CloseHandle (hObject=0x544) returned 1 [0143.391] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0143.391] VirtualAlloc (lpAddress=0xc0007ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ea000 [0143.393] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H8Eiq3-yxnk9.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h8eiq3-yxnk9.ots.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x544 [0143.393] GetConsoleMode (in: hConsoleHandle=0x544, lpMode=0xc0003a7d64 | out: lpMode=0xc0003a7d64) returned 0 [0143.395] WaitForSingleObject (hHandle=0x928, dwMilliseconds=0xffffffff) returned 0x0 [0144.051] GetFileType (hFile=0x544) returned 0x1 [0144.051] WriteFile (in: hFile=0x544, lpBuffer=0xc000614000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003a7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614000*, lpNumberOfBytesWritten=0xc0003a7d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.052] CloseHandle (hObject=0x544) returned 1 [0144.052] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0144.053] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\H8Eiq3-yxnk9.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\h8eiq3-yxnk9.ots.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-H8Eiq3-yxnk9.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-h8eiq3-yxnk9.ots.lnk"), dwFlags=0x1) returned 1 [0144.059] SetEvent (hEvent=0x9f0) returned 1 [0144.059] WaitForSingleObject (hHandle=0x928, dwMilliseconds=0xffffffff) returned 0x0 [0144.071] SetEvent (hEvent=0xb18) returned 1 [0144.071] WaitForSingleObject (hHandle=0x928, dwMilliseconds=0xffffffff) Thread: id = 98 os_tid = 0x758 [0141.804] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3313fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3313fea0*=0x52c) returned 1 [0141.804] VirtualQuery (in: lpAddress=0x3313fec0, lpBuffer=0x3313fec0, dwLength=0x30 | out: lpBuffer=0x3313fec0*(BaseAddress=0x3313f000, AllocationBase=0x32f40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.805] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x548 [0141.806] GetConsoleMode (in: hConsoleHandle=0x548, lpMode=0xc000201cf4 | out: lpMode=0xc000201cf4) returned 0 [0141.807] GetFileType (hFile=0x548) returned 0x1 [0141.807] GetFileType (hFile=0x548) returned 0x1 [0141.807] GetFileInformationByHandle (in: hFile=0x548, lpFileInformation=0xc000201d44 | out: lpFileInformation=0xc000201d44) returned 1 [0141.807] GetFileInformationByHandleEx (in: hFile=0x548, FileInformationClass=0x9, lpFileInformation=0xc000201d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000201d28) returned 1 [0141.807] VirtualAlloc (lpAddress=0xc00033c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00033c000 [0141.808] ReadFile (in: hFile=0x548, lpBuffer=0xc00033c000, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xc000201c04, lpOverlapped=0x0 | out: lpBuffer=0xc00033c000*, lpNumberOfBytesRead=0xc000201c04*=0xe00, lpOverlapped=0x0) returned 1 [0142.620] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x930 [0142.620] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x934 [0142.620] WaitForSingleObject (hHandle=0x930, dwMilliseconds=0xffffffff) returned 0x0 [0143.400] ReadFile (in: hFile=0x548, lpBuffer=0xc00033ce00, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000201c04, lpOverlapped=0x0 | out: lpBuffer=0xc00033ce00*, lpNumberOfBytesRead=0xc000201c04*=0x0, lpOverlapped=0x0) returned 1 [0143.400] CloseHandle (hObject=0x548) returned 1 [0143.400] VirtualAlloc (lpAddress=0xc0007ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ec000 [0143.401] VirtualAlloc (lpAddress=0xc0007ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ee000 [0143.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x548 [0143.404] GetConsoleMode (in: hConsoleHandle=0x548, lpMode=0xc000201d04 | out: lpMode=0xc000201d04) returned 0 [0143.409] GetFileType (hFile=0x548) returned 0x1 [0143.409] WriteFile (in: hFile=0x548, lpBuffer=0xc0007d7000*, nNumberOfBytesToWrite=0xe10, lpNumberOfBytesWritten=0xc000201cec, lpOverlapped=0x0 | out: lpBuffer=0xc0007d7000*, lpNumberOfBytesWritten=0xc000201cec*=0xe10, lpOverlapped=0x0) returned 1 [0143.410] CloseHandle (hObject=0x548) returned 1 [0143.411] VirtualAlloc (lpAddress=0xc0007f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007f0000 [0143.412] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0143.412] VirtualAlloc (lpAddress=0xc0007f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007f2000 [0143.413] VirtualAlloc (lpAddress=0xc0007f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007f4000 [0143.414] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x548 [0143.414] GetConsoleMode (in: hConsoleHandle=0x548, lpMode=0xc000201d64 | out: lpMode=0xc000201d64) returned 0 [0143.418] WaitForSingleObject (hHandle=0x930, dwMilliseconds=0xffffffff) returned 0x0 [0144.083] GetFileType (hFile=0x548) returned 0x1 [0144.083] WriteFile (in: hFile=0x548, lpBuffer=0xc0002914a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000201d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002914a0*, lpNumberOfBytesWritten=0xc000201d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.083] CloseHandle (hObject=0x548) returned 1 [0144.084] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\music.library-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\encry-Music.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\encry-music.library-ms"), dwFlags=0x1) returned 1 [0144.086] SetEvent (hEvent=0x28c) returned 1 [0144.086] WaitForSingleObject (hHandle=0x930, dwMilliseconds=0xffffffff) returned 0x0 [0144.093] SetEvent (hEvent=0x364) returned 1 [0144.093] WaitForSingleObject (hHandle=0x930, dwMilliseconds=0xffffffff) Thread: id = 99 os_tid = 0xa68 [0141.808] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3333fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3333fea0*=0x550) returned 1 [0141.808] VirtualQuery (in: lpAddress=0x3333fec0, lpBuffer=0x3333fec0, dwLength=0x30 | out: lpBuffer=0x3333fec0*(BaseAddress=0x3333f000, AllocationBase=0x33140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.808] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\REINuLLmhp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\reinullmhp.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x554 [0141.809] GetConsoleMode (in: hConsoleHandle=0x554, lpMode=0xc0003ebcf4 | out: lpMode=0xc0003ebcf4) returned 0 [0141.809] GetFileType (hFile=0x554) returned 0x1 [0141.810] GetFileType (hFile=0x554) returned 0x1 [0141.810] GetFileInformationByHandle (in: hFile=0x554, lpFileInformation=0xc0003ebd44 | out: lpFileInformation=0xc0003ebd44) returned 1 [0141.810] GetFileInformationByHandleEx (in: hFile=0x554, FileInformationClass=0x9, lpFileInformation=0xc0003ebd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003ebd28) returned 1 [0141.810] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0141.810] ReadFile (in: hFile=0x554, lpBuffer=0xc0000f0000, nNumberOfBytesToRead=0x5f2, lpNumberOfBytesRead=0xc0003ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesRead=0xc0003ebc04*=0x3f2, lpOverlapped=0x0) returned 1 [0142.621] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x938 [0142.621] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x93c [0142.621] WaitForSingleObject (hHandle=0x938, dwMilliseconds=0xffffffff) returned 0x0 [0143.428] ReadFile (in: hFile=0x554, lpBuffer=0xc0000f03f2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f03f2*, lpNumberOfBytesRead=0xc0003ebc04*=0x0, lpOverlapped=0x0) returned 1 [0143.428] CloseHandle (hObject=0x554) returned 1 [0143.429] VirtualAlloc (lpAddress=0xc0007f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007f6000 [0143.430] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\REINuLLmhp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\reinullmhp.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554 [0143.431] GetConsoleMode (in: hConsoleHandle=0x554, lpMode=0xc0003ebd04 | out: lpMode=0xc0003ebd04) returned 0 [0143.432] WaitForSingleObject (hHandle=0x938, dwMilliseconds=0xffffffff) returned 0x0 [0144.114] GetFileType (hFile=0x554) returned 0x1 [0144.114] WriteFile (in: hFile=0x554, lpBuffer=0xc0007e8400*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0xc0003ebcec, lpOverlapped=0x0 | out: lpBuffer=0xc0007e8400*, lpNumberOfBytesWritten=0xc0003ebcec*=0x400, lpOverlapped=0x0) returned 1 [0144.115] CloseHandle (hObject=0x554) returned 1 [0144.115] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b401 | out: pbBuffer=0xc00031b401) returned 1 [0144.115] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\REINuLLmhp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\reinullmhp.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554 [0144.115] GetConsoleMode (in: hConsoleHandle=0x554, lpMode=0xc0003ebd64 | out: lpMode=0xc0003ebd64) returned 0 [0144.121] GetFileType (hFile=0x554) returned 0x1 [0144.121] WriteFile (in: hFile=0x554, lpBuffer=0xc000615b80*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003ebd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000615b80*, lpNumberOfBytesWritten=0xc0003ebd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.121] CloseHandle (hObject=0x554) returned 1 [0144.121] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\REINuLLmhp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\reinullmhp.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-REINuLLmhp.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-reinullmhp.lnk"), dwFlags=0x1) returned 1 [0144.123] SetEvent (hEvent=0x1e8) returned 1 [0144.123] WaitForSingleObject (hHandle=0x938, dwMilliseconds=0xffffffff) returned 0x0 [0144.125] SetEvent (hEvent=0x324) returned 1 [0144.125] SetEvent (hEvent=0xae8) returned 1 [0144.125] WaitForSingleObject (hHandle=0x938, dwMilliseconds=0xffffffff) returned 0x0 [0144.140] SetEvent (hEvent=0xbc0) returned 1 [0144.140] VirtualFree (lpAddress=0xc0002fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.141] VirtualFree (lpAddress=0xc000226000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.142] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.142] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.143] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.144] SetEvent (hEvent=0xb88) returned 1 [0144.144] WaitForSingleObject (hHandle=0x938, dwMilliseconds=0xffffffff) Thread: id = 100 os_tid = 0x894 [0141.811] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3353fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3353fea0*=0x558) returned 1 [0141.812] VirtualQuery (in: lpAddress=0x3353fec0, lpBuffer=0x3353fec0, dwLength=0x30 | out: lpBuffer=0x3353fec0*(BaseAddress=0x3353f000, AllocationBase=0x33340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.812] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNheGrQAl0z.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cnhegrqal0z.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x55c [0141.813] GetConsoleMode (in: hConsoleHandle=0x55c, lpMode=0xc0001e7cf4 | out: lpMode=0xc0001e7cf4) returned 0 [0141.813] GetFileType (hFile=0x55c) returned 0x1 [0141.813] GetFileType (hFile=0x55c) returned 0x1 [0141.813] GetFileInformationByHandle (in: hFile=0x55c, lpFileInformation=0xc0001e7d44 | out: lpFileInformation=0xc0001e7d44) returned 1 [0141.813] GetFileInformationByHandleEx (in: hFile=0x55c, FileInformationClass=0x9, lpFileInformation=0xc0001e7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001e7d28) returned 1 [0141.813] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0141.814] ReadFile (in: hFile=0x55c, lpBuffer=0xc000202000, nNumberOfBytesToRead=0xc42, lpNumberOfBytesRead=0xc0001e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000202000*, lpNumberOfBytesRead=0xc0001e7c04*=0xa42, lpOverlapped=0x0) returned 1 [0142.623] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x940 [0142.623] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x944 [0142.623] WaitForSingleObject (hHandle=0x940, dwMilliseconds=0xffffffff) returned 0x0 [0143.447] ReadFile (in: hFile=0x55c, lpBuffer=0xc000202a42, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001e7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000202a42*, lpNumberOfBytesRead=0xc0001e7c04*=0x0, lpOverlapped=0x0) returned 1 [0143.447] CloseHandle (hObject=0x55c) returned 1 [0143.447] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNheGrQAl0z.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cnhegrqal0z.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c [0143.448] GetConsoleMode (in: hConsoleHandle=0x55c, lpMode=0xc0001e7d04 | out: lpMode=0xc0001e7d04) returned 0 [0143.453] GetFileType (hFile=0x55c) returned 0x1 [0143.453] WriteFile (in: hFile=0x55c, lpBuffer=0xc000743500*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0xc0001e7cec, lpOverlapped=0x0 | out: lpBuffer=0xc000743500*, lpNumberOfBytesWritten=0xc0001e7cec*=0xa50, lpOverlapped=0x0) returned 1 [0143.455] CloseHandle (hObject=0x55c) returned 1 [0143.455] VirtualAlloc (lpAddress=0xc0007f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007f8000 [0143.456] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b101 | out: pbBuffer=0xc00031b101) returned 1 [0143.456] VirtualAlloc (lpAddress=0xc0007fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fa000 [0143.457] VirtualAlloc (lpAddress=0xc0007fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fc000 [0143.458] VirtualAlloc (lpAddress=0xc0007fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fe000 [0143.459] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0143.460] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNheGrQAl0z.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cnhegrqal0z.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x55c [0143.460] GetConsoleMode (in: hConsoleHandle=0x55c, lpMode=0xc0001e7d64 | out: lpMode=0xc0001e7d64) returned 0 [0143.463] WaitForSingleObject (hHandle=0x940, dwMilliseconds=0xffffffff) returned 0x0 [0144.164] WaitForSingleObject (hHandle=0x940, dwMilliseconds=0xffffffff) returned 0x0 [0144.170] SetEvent (hEvent=0x1d0) returned 1 [0144.171] WaitForSingleObject (hHandle=0x940, dwMilliseconds=0xffffffff) Thread: id = 101 os_tid = 0x500 [0141.818] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3373fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3373fea0*=0x560) returned 1 [0141.818] VirtualQuery (in: lpAddress=0x3373fec0, lpBuffer=0x3373fec0, dwLength=0x30 | out: lpBuffer=0x3373fec0*(BaseAddress=0x3373f000, AllocationBase=0x33540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HM13Y6G8DOsAcipgZ2d.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hm13y6g8dosacipgz2d.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x564 [0141.820] GetConsoleMode (in: hConsoleHandle=0x564, lpMode=0xc000399cf4 | out: lpMode=0xc000399cf4) returned 0 [0141.821] GetFileType (hFile=0x564) returned 0x1 [0141.821] GetFileType (hFile=0x564) returned 0x1 [0141.821] GetFileInformationByHandle (in: hFile=0x564, lpFileInformation=0xc000399d44 | out: lpFileInformation=0xc000399d44) returned 1 [0141.821] GetFileInformationByHandleEx (in: hFile=0x564, FileInformationClass=0x9, lpFileInformation=0xc000399d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000399d28) returned 1 [0141.821] ReadFile (in: hFile=0x564, lpBuffer=0xc000292d80, nNumberOfBytesToRead=0xc9a, lpNumberOfBytesRead=0xc000399c04, lpOverlapped=0x0 | out: lpBuffer=0xc000292d80*, lpNumberOfBytesRead=0xc000399c04*=0xa9a, lpOverlapped=0x0) returned 1 [0142.625] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x948 [0142.625] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x94c [0142.625] WaitForSingleObject (hHandle=0x948, dwMilliseconds=0xffffffff) returned 0x0 [0143.491] SetEvent (hEvent=0xc0) returned 1 [0143.491] SetEvent (hEvent=0x9f8) returned 1 [0143.491] ReadFile (in: hFile=0x564, lpBuffer=0xc00029381a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000399c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029381a*, lpNumberOfBytesRead=0xc000399c04*=0x0, lpOverlapped=0x0) returned 1 [0143.491] WaitForSingleObject (hHandle=0x948, dwMilliseconds=0xffffffff) returned 0x0 [0144.200] CloseHandle (hObject=0x564) returned 1 [0144.201] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0144.202] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0144.203] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0144.204] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HM13Y6G8DOsAcipgZ2d.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hm13y6g8dosacipgz2d.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x564 [0144.206] GetConsoleMode (in: hConsoleHandle=0x564, lpMode=0xc000399d04 | out: lpMode=0xc000399d04) returned 0 [0144.212] GetFileType (hFile=0x564) returned 0x1 [0144.212] WriteFile (in: hFile=0x564, lpBuffer=0xc0002b6c00*, nNumberOfBytesToWrite=0xaa0, lpNumberOfBytesWritten=0xc000399cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002b6c00*, lpNumberOfBytesWritten=0xc000399cec*=0xaa0, lpOverlapped=0x0) returned 1 [0144.214] CloseHandle (hObject=0x564) returned 1 [0144.214] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3401 | out: pbBuffer=0xc0001c3401) returned 1 [0144.214] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HM13Y6G8DOsAcipgZ2d.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hm13y6g8dosacipgz2d.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x564 [0144.214] GetConsoleMode (in: hConsoleHandle=0x564, lpMode=0xc000399d64 | out: lpMode=0xc000399d64) returned 0 [0144.216] WaitForSingleObject (hHandle=0x948, dwMilliseconds=0xffffffff) returned 0x0 [0144.585] GetFileType (hFile=0x564) returned 0x1 [0144.585] WriteFile (in: hFile=0x564, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000399d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc000399d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.585] CloseHandle (hObject=0x564) returned 1 [0144.586] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HM13Y6G8DOsAcipgZ2d.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hm13y6g8dosacipgz2d.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-HM13Y6G8DOsAcipgZ2d.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-hm13y6g8dosacipgz2d.lnk"), dwFlags=0x1) returned 1 [0144.587] SetEvent (hEvent=0x2f4) returned 1 [0144.587] WaitForSingleObject (hHandle=0x948, dwMilliseconds=0xffffffff) returned 0x0 [0144.591] SetEvent (hEvent=0x354) returned 1 [0144.591] WaitForSingleObject (hHandle=0x948, dwMilliseconds=0xffffffff) returned 0x0 [0144.604] SetEvent (hEvent=0xc6c) returned 1 [0144.604] SetEvent (hEvent=0xbd8) returned 1 [0144.604] WaitForSingleObject (hHandle=0x948, dwMilliseconds=0xffffffff) returned 0x0 [0144.606] SetEvent (hEvent=0xab8) returned 1 [0144.606] WaitForSingleObject (hHandle=0x948, dwMilliseconds=0xffffffff) returned 0x0 [0144.615] SetEvent (hEvent=0x318) returned 1 [0144.615] WaitForSingleObject (hHandle=0x948, dwMilliseconds=0xffffffff) returned 0x0 [0145.956] VirtualFree (lpAddress=0xc000202000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0145.957] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.958] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.959] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.959] VirtualFree (lpAddress=0xc00016a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0145.960] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.961] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.962] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.963] SetEvent (hEvent=0xc34) returned 1 [0145.963] WaitForSingleObject (hHandle=0x948, dwMilliseconds=0xffffffff) returned 0x0 [0145.975] SetEvent (hEvent=0xb70) returned 1 [0145.975] WaitForSingleObject (hHandle=0x948, dwMilliseconds=0xffffffff) returned 0x0 [0146.014] VirtualFree (lpAddress=0xc000742000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.015] VirtualFree (lpAddress=0xc000682000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.016] VirtualFree (lpAddress=0xc000280000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.017] VirtualFree (lpAddress=0xc000212000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0146.018] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0146.019] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.020] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.021] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.022] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.023] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.025] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.026] SetEvent (hEvent=0xc74) returned 1 [0146.026] WaitForSingleObject (hHandle=0x948, dwMilliseconds=0xffffffff) Thread: id = 102 os_tid = 0x7f0 [0141.822] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3393fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3393fea0*=0x54c) returned 1 [0141.822] VirtualQuery (in: lpAddress=0x3393fec0, lpBuffer=0x3393fec0, dwLength=0x30 | out: lpBuffer=0x3393fec0*(BaseAddress=0x3393f000, AllocationBase=0x33740000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.822] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x568 [0141.823] GetConsoleMode (in: hConsoleHandle=0x568, lpMode=0xc000149cf4 | out: lpMode=0xc000149cf4) returned 0 [0141.826] GetFileType (hFile=0x568) returned 0x1 [0141.826] GetFileType (hFile=0x568) returned 0x1 [0141.827] GetFileInformationByHandle (in: hFile=0x568, lpFileInformation=0xc000149d44 | out: lpFileInformation=0xc000149d44) returned 1 [0141.827] GetFileInformationByHandleEx (in: hFile=0x568, FileInformationClass=0x9, lpFileInformation=0xc000149d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000149d28) returned 1 [0141.827] ReadFile (in: hFile=0x568, lpBuffer=0xc000333300, nNumberOfBytesToRead=0x1023, lpNumberOfBytesRead=0xc000149c04, lpOverlapped=0x0 | out: lpBuffer=0xc000333300*, lpNumberOfBytesRead=0xc000149c04*=0xe23, lpOverlapped=0x0) returned 1 [0142.626] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x950 [0142.626] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x954 [0142.626] WaitForSingleObject (hHandle=0x950, dwMilliseconds=0xffffffff) returned 0x0 [0143.496] ReadFile (in: hFile=0x568, lpBuffer=0xc000334123, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000149c04, lpOverlapped=0x0 | out: lpBuffer=0xc000334123*, lpNumberOfBytesRead=0xc000149c04*=0x0, lpOverlapped=0x0) returned 1 [0143.497] CloseHandle (hObject=0x568) returned 1 [0143.497] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x568 [0143.498] GetConsoleMode (in: hConsoleHandle=0x568, lpMode=0xc000149d04 | out: lpMode=0xc000149d04) returned 0 [0143.518] GetFileType (hFile=0x568) returned 0x1 [0143.519] WriteFile (in: hFile=0x568, lpBuffer=0xc000653000*, nNumberOfBytesToWrite=0xe30, lpNumberOfBytesWritten=0xc000149cec, lpOverlapped=0x0 | out: lpBuffer=0xc000653000*, lpNumberOfBytesWritten=0xc000149cec*=0xe30, lpOverlapped=0x0) returned 1 [0143.520] CloseHandle (hObject=0x568) returned 1 [0143.520] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0143.520] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0143.522] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0143.523] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\pictures.library-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x568 [0143.523] GetConsoleMode (in: hConsoleHandle=0x568, lpMode=0xc000149d64 | out: lpMode=0xc000149d64) returned 0 [0143.527] WaitForSingleObject (hHandle=0x950, dwMilliseconds=0xffffffff) returned 0x0 [0144.037] WaitForSingleObject (hHandle=0x950, dwMilliseconds=0xffffffff) returned 0x0 [0144.039] SetEvent (hEvent=0x324) returned 1 [0144.039] SetEvent (hEvent=0x928) returned 1 [0144.039] WaitForSingleObject (hHandle=0x950, dwMilliseconds=0xffffffff) Thread: id = 103 os_tid = 0x360 [0141.827] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x33b3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x33b3fea0*=0x570) returned 1 [0141.827] VirtualQuery (in: lpAddress=0x33b3fec0, lpBuffer=0x33b3fec0, dwLength=0x30 | out: lpBuffer=0x33b3fec0*(BaseAddress=0x33b3f000, AllocationBase=0x33940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.827] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RRrMZFNcPf9FA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rrrmzfncpf9fa.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x574 [0141.828] GetConsoleMode (in: hConsoleHandle=0x574, lpMode=0xc0003edcf4 | out: lpMode=0xc0003edcf4) returned 0 [0141.829] GetFileType (hFile=0x574) returned 0x1 [0141.829] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0141.830] GetFileType (hFile=0x574) returned 0x1 [0141.830] GetFileInformationByHandle (in: hFile=0x574, lpFileInformation=0xc0003edd44 | out: lpFileInformation=0xc0003edd44) returned 1 [0141.830] GetFileInformationByHandleEx (in: hFile=0x574, FileInformationClass=0x9, lpFileInformation=0xc0003edd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003edd28) returned 1 [0141.830] VirtualAlloc (lpAddress=0xc000504000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000504000 [0141.832] ReadFile (in: hFile=0x574, lpBuffer=0xc000504000, nNumberOfBytesToRead=0x15c4, lpNumberOfBytesRead=0xc0003edc04, lpOverlapped=0x0 | out: lpBuffer=0xc000504000*, lpNumberOfBytesRead=0xc0003edc04*=0x13c4, lpOverlapped=0x0) returned 1 [0142.628] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x958 [0142.628] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x95c [0142.628] WaitForSingleObject (hHandle=0x958, dwMilliseconds=0xffffffff) returned 0x0 [0143.539] ReadFile (in: hFile=0x574, lpBuffer=0xc0005053c4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003edc04, lpOverlapped=0x0 | out: lpBuffer=0xc0005053c4*, lpNumberOfBytesRead=0xc0003edc04*=0x0, lpOverlapped=0x0) returned 1 [0143.539] CloseHandle (hObject=0x574) returned 1 [0143.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RRrMZFNcPf9FA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rrrmzfncpf9fa.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x574 [0143.541] GetConsoleMode (in: hConsoleHandle=0x574, lpMode=0xc0003edd04 | out: lpMode=0xc0003edd04) returned 0 [0143.541] GetFileType (hFile=0x574) returned 0x1 [0143.542] WriteFile (in: hFile=0x574, lpBuffer=0xc0007daa00*, nNumberOfBytesToWrite=0x13d0, lpNumberOfBytesWritten=0xc0003edcec, lpOverlapped=0x0 | out: lpBuffer=0xc0007daa00*, lpNumberOfBytesWritten=0xc0003edcec*=0x13d0, lpOverlapped=0x0) returned 1 [0143.543] CloseHandle (hObject=0x574) returned 1 [0143.543] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1601 | out: pbBuffer=0xc0000e1601) returned 1 [0143.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RRrMZFNcPf9FA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rrrmzfncpf9fa.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x574 [0143.543] GetConsoleMode (in: hConsoleHandle=0x574, lpMode=0xc0003edd64 | out: lpMode=0xc0003edd64) returned 0 [0143.549] WaitForSingleObject (hHandle=0x958, dwMilliseconds=0xffffffff) returned 0x0 [0144.086] GetFileType (hFile=0x574) returned 0x1 [0144.086] WriteFile (in: hFile=0x574, lpBuffer=0xc00007f760*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003edd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007f760*, lpNumberOfBytesWritten=0xc0003edd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.086] CloseHandle (hObject=0x574) returned 1 [0144.086] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RRrMZFNcPf9FA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rrrmzfncpf9fa.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-RRrMZFNcPf9FA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-rrrmzfncpf9fa.lnk"), dwFlags=0x1) returned 1 [0144.088] SetEvent (hEvent=0xbb0) returned 1 [0144.088] WaitForSingleObject (hHandle=0x958, dwMilliseconds=0xffffffff) returned 0x0 [0144.094] SetEvent (hEvent=0x324) returned 1 [0144.094] SetEvent (hEvent=0x458) returned 1 [0144.094] WaitForSingleObject (hHandle=0x958, dwMilliseconds=0xffffffff) Thread: id = 104 os_tid = 0x5d4 [0141.833] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x33d3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x33d3fea0*=0x578) returned 1 [0141.833] VirtualQuery (in: lpAddress=0x33d3fec0, lpBuffer=0x33d3fec0, dwLength=0x30 | out: lpBuffer=0x33d3fec0*(BaseAddress=0x33d3f000, AllocationBase=0x33b40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.833] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CZwCUzEmtmNh.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\czwcuzemtmnh.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x57c [0141.835] GetConsoleMode (in: hConsoleHandle=0x57c, lpMode=0xc000387cf4 | out: lpMode=0xc000387cf4) returned 0 [0141.835] GetFileType (hFile=0x57c) returned 0x1 [0141.835] GetFileType (hFile=0x57c) returned 0x1 [0141.835] GetFileInformationByHandle (in: hFile=0x57c, lpFileInformation=0xc000387d44 | out: lpFileInformation=0xc000387d44) returned 1 [0141.835] GetFileInformationByHandleEx (in: hFile=0x57c, FileInformationClass=0x9, lpFileInformation=0xc000387d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000387d28) returned 1 [0141.835] ReadFile (in: hFile=0x57c, lpBuffer=0xc000186600, nNumberOfBytesToRead=0x5fc, lpNumberOfBytesRead=0xc000387c04, lpOverlapped=0x0 | out: lpBuffer=0xc000186600*, lpNumberOfBytesRead=0xc000387c04*=0x3fc, lpOverlapped=0x0) returned 1 [0142.629] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x960 [0142.629] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x964 [0142.629] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0143.555] ReadFile (in: hFile=0x57c, lpBuffer=0xc0001869fc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000387c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001869fc*, lpNumberOfBytesRead=0xc000387c04*=0x0, lpOverlapped=0x0) returned 1 [0143.555] CloseHandle (hObject=0x57c) returned 1 [0143.555] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CZwCUzEmtmNh.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\czwcuzemtmnh.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x57c [0143.556] GetConsoleMode (in: hConsoleHandle=0x57c, lpMode=0xc000387d04 | out: lpMode=0xc000387d04) returned 0 [0143.560] GetFileType (hFile=0x57c) returned 0x1 [0143.560] WriteFile (in: hFile=0x57c, lpBuffer=0xc0007e8000*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0xc000387cec, lpOverlapped=0x0 | out: lpBuffer=0xc0007e8000*, lpNumberOfBytesWritten=0xc000387cec*=0x400, lpOverlapped=0x0) returned 1 [0143.561] CloseHandle (hObject=0x57c) returned 1 [0143.564] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0144.094] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0144.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CZwCUzEmtmNh.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\czwcuzemtmnh.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x60c [0144.094] GetConsoleMode (in: hConsoleHandle=0x60c, lpMode=0xc000387d64 | out: lpMode=0xc000387d64) returned 0 [0144.099] GetFileType (hFile=0x60c) returned 0x1 [0144.099] WriteFile (in: hFile=0x60c, lpBuffer=0xc0002911e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000387d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002911e0*, lpNumberOfBytesWritten=0xc000387d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.100] CloseHandle (hObject=0x60c) returned 1 [0144.100] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CZwCUzEmtmNh.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\czwcuzemtmnh.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-CZwCUzEmtmNh.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-czwcuzemtmnh.lnk"), dwFlags=0x1) returned 1 [0144.101] SetEvent (hEvent=0xb20) returned 1 [0144.102] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0144.113] SetEvent (hEvent=0x3c8) returned 1 [0144.113] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0144.116] SetEvent (hEvent=0x324) returned 1 [0144.116] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060380*, nNumberOfCharsToWrite=0x6a, lpNumberOfCharsWritten=0xc00024d808, lpReserved=0x0 | out: lpBuffer=0xc000060380*, lpNumberOfCharsWritten=0xc00024d808*=0x6a) returned 1 [0144.124] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0144.537] SetEvent (hEvent=0x8b8) returned 1 [0144.537] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031bc01 | out: pbBuffer=0xc00031bc01) returned 1 [0144.537] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0145.281] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0145.282] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0145.283] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0145.283] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00024dd64 | out: lpMode=0xc00024dd64) returned 0 [0145.292] GetFileType (hFile=0x36c) returned 0x1 [0145.292] WriteFile (in: hFile=0x36c, lpBuffer=0xc00007f080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00024dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007f080*, lpNumberOfBytesWritten=0xc00024dd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.298] CloseHandle (hObject=0x36c) returned 1 [0145.299] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\encry-index.dat"), dwFlags=0x1) returned 0 [0145.299] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc00024d6e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0145.299] GetFileType (hFile=0x524) returned 0x1 [0145.299] WriteFile (in: hFile=0x524, lpBuffer=0xc00007f760*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00039dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007f760*, lpNumberOfBytesWritten=0xc00039dd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.299] CloseHandle (hObject=0x524) returned 1 [0145.321] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0145.804] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0145.806] SetEvent (hEvent=0xec) returned 1 [0145.806] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\G_thYPOc-7akcO8.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\g_thypoc-7akco8.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-G_thYPOc-7akcO8.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-g_thypoc-7akco8.lnk"), dwFlags=0x1) returned 1 [0150.682] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0151.200] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0151.201] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\WffK55LsjI-.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\wffk55lsji-.ots"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x598 [0151.201] GetConsoleMode (in: hConsoleHandle=0x598, lpMode=0xc000461cf4 | out: lpMode=0xc000461cf4) returned 0 [0151.208] GetFileType (hFile=0x598) returned 0x1 [0151.208] GetFileType (hFile=0x598) returned 0x1 [0151.208] GetFileInformationByHandle (in: hFile=0x598, lpFileInformation=0xc000461d44 | out: lpFileInformation=0xc000461d44) returned 1 [0151.208] GetFileInformationByHandleEx (in: hFile=0x598, FileInformationClass=0x9, lpFileInformation=0xc000461d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000461d28) returned 1 [0151.208] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0151.210] ReadFile (in: hFile=0x598, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xfd09, lpNumberOfBytesRead=0xc000461c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc000461c04*=0xfb09, lpOverlapped=0x0) returned 1 [0151.211] ReadFile (in: hFile=0x598, lpBuffer=0xc000221b09, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000461c04, lpOverlapped=0x0 | out: lpBuffer=0xc000221b09*, lpNumberOfBytesRead=0xc000461c04*=0x0, lpOverlapped=0x0) returned 1 [0151.211] CloseHandle (hObject=0x598) returned 1 [0151.211] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0151.213] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0151.214] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\WffK55LsjI-.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\wffk55lsji-.ots"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x598 [0151.216] GetConsoleMode (in: hConsoleHandle=0x598, lpMode=0xc000461d04 | out: lpMode=0xc000461d04) returned 0 [0151.236] GetFileType (hFile=0x598) returned 0x1 [0151.236] WriteFile (in: hFile=0x598, lpBuffer=0xc00028c000*, nNumberOfBytesToWrite=0xfb10, lpNumberOfBytesWritten=0xc000461cec, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesWritten=0xc000461cec*=0xfb10, lpOverlapped=0x0) returned 1 [0151.239] CloseHandle (hObject=0x598) returned 1 [0151.239] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b101 | out: pbBuffer=0xc00031b101) returned 1 [0151.239] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0151.240] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\WffK55LsjI-.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\wffk55lsji-.ots"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x598 [0151.241] GetConsoleMode (in: hConsoleHandle=0x598, lpMode=0xc000461d64 | out: lpMode=0xc000461d64) returned 0 [0151.246] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0151.758] GetFileType (hFile=0x598) returned 0x1 [0151.758] WriteFile (in: hFile=0x598, lpBuffer=0xc0001046e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000461d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001046e0*, lpNumberOfBytesWritten=0xc000461d4c*=0x158, lpOverlapped=0x0) returned 1 [0151.758] CloseHandle (hObject=0x598) returned 1 [0151.758] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\WffK55LsjI-.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\wffk55lsji-.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\encry-WffK55LsjI-.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\encry-wffk55lsji-.ots"), dwFlags=0x1) returned 1 [0151.761] SetEvent (hEvent=0xc04) returned 1 [0151.761] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0161.537] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0161.538] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0161.539] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0161.541] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0161.543] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0161.544] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0161.545] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0161.546] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0161.547] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0161.549] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0161.554] SetEvent (hEvent=0xb10) returned 1 [0161.554] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000e23c0*, nNumberOfCharsToWrite=0x4a, lpNumberOfCharsWritten=0xc00029f808, lpReserved=0x0 | out: lpBuffer=0xc0000e23c0*, lpNumberOfCharsWritten=0xc00029f808*=0x4a) returned 1 [0161.555] SetEvent (hEvent=0xb10) returned 1 [0161.555] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0161.556] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0161.557] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0161.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0162.103] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00029fd64 | out: lpMode=0xc00029fd64) returned 0 [0162.414] WaitForSingleObject (hHandle=0x960, dwMilliseconds=0xffffffff) returned 0x0 [0162.601] GetQueuedCompletionStatusEx (CompletionPort=0xdc, lpCompletionPortEntries=0x33d3f5a0, ulCount=0x10, ulNumEntriesRemoved=0x33d3f574, dwMilliseconds=0x3b9aca00, fAlertable=0) Thread: id = 105 os_tid = 0x138 [0141.837] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x33f3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x33f3fea0*=0x580) returned 1 [0141.837] VirtualQuery (in: lpAddress=0x33f3fec0, lpBuffer=0x33f3fec0, dwLength=0x30 | out: lpBuffer=0x33f3fec0*(BaseAddress=0x33f3f000, AllocationBase=0x33d40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.837] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HcjK5UBAn9LkA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hcjk5uban9lka.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x584 [0141.838] GetConsoleMode (in: hConsoleHandle=0x584, lpMode=0xc0003a3cf4 | out: lpMode=0xc0003a3cf4) returned 0 [0141.839] GetFileType (hFile=0x584) returned 0x1 [0141.839] GetFileType (hFile=0x584) returned 0x1 [0141.839] GetFileInformationByHandle (in: hFile=0x584, lpFileInformation=0xc0003a3d44 | out: lpFileInformation=0xc0003a3d44) returned 1 [0141.839] GetFileInformationByHandleEx (in: hFile=0x584, FileInformationClass=0x9, lpFileInformation=0xc0003a3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003a3d28) returned 1 [0141.839] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0141.841] ReadFile (in: hFile=0x584, lpBuffer=0xc000160000, nNumberOfBytesToRead=0x1bab, lpNumberOfBytesRead=0xc0003a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000160000*, lpNumberOfBytesRead=0xc0003a3c04*=0x19ab, lpOverlapped=0x0) returned 1 [0142.630] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x968 [0142.630] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x96c [0142.630] WaitForSingleObject (hHandle=0x968, dwMilliseconds=0xffffffff) returned 0x0 [0143.568] ReadFile (in: hFile=0x584, lpBuffer=0xc0001619ab, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003a3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001619ab*, lpNumberOfBytesRead=0xc0003a3c04*=0x0, lpOverlapped=0x0) returned 1 [0143.568] CloseHandle (hObject=0x584) returned 1 [0143.568] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0143.569] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0143.570] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0143.571] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HcjK5UBAn9LkA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hcjk5uban9lka.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x768 [0143.588] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc0003a3d04 | out: lpMode=0xc0003a3d04) returned 0 [0143.593] GetFileType (hFile=0x768) returned 0x1 [0143.593] WriteFile (in: hFile=0x768, lpBuffer=0xc0002fe000*, nNumberOfBytesToWrite=0x19b0, lpNumberOfBytesWritten=0xc0003a3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002fe000*, lpNumberOfBytesWritten=0xc0003a3cec*=0x19b0, lpOverlapped=0x0) returned 1 [0143.594] CloseHandle (hObject=0x768) returned 1 [0143.603] WaitForSingleObject (hHandle=0x968, dwMilliseconds=0xffffffff) returned 0x0 [0144.391] SetEvent (hEvent=0x29c) returned 1 [0144.391] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2f01 | out: pbBuffer=0xc0001c2f01) returned 1 [0144.391] WaitForSingleObject (hHandle=0x968, dwMilliseconds=0xffffffff) returned 0x0 [0144.710] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0144.711] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HcjK5UBAn9LkA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hcjk5uban9lka.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x53c [0144.711] GetConsoleMode (in: hConsoleHandle=0x53c, lpMode=0xc0003a3d64 | out: lpMode=0xc0003a3d64) returned 0 [0144.736] WaitForSingleObject (hHandle=0x968, dwMilliseconds=0xffffffff) returned 0x0 [0145.506] GetFileType (hFile=0x53c) returned 0x1 [0145.506] WriteFile (in: hFile=0x53c, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc0003a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.507] CloseHandle (hObject=0x53c) returned 1 [0145.517] WaitForSingleObject (hHandle=0x968, dwMilliseconds=0xffffffff) returned 0x0 [0145.988] SetEvent (hEvent=0x2f4) returned 1 [0145.988] WaitForSingleObject (hHandle=0x968, dwMilliseconds=0xffffffff) returned 0x0 [0145.991] SetEvent (hEvent=0x2f4) returned 1 [0145.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3f0 [0145.993] GetConsoleMode (in: hConsoleHandle=0x3f0, lpMode=0xc00023fcf4 | out: lpMode=0xc00023fcf4) returned 0 [0145.996] GetFileType (hFile=0x3f0) returned 0x1 [0145.996] GetFileType (hFile=0x3f0) returned 0x1 [0145.997] GetFileInformationByHandle (in: hFile=0x3f0, lpFileInformation=0xc00023fd44 | out: lpFileInformation=0xc00023fd44) returned 1 [0145.997] GetFileInformationByHandleEx (in: hFile=0x3f0, FileInformationClass=0x9, lpFileInformation=0xc00023fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00023fd28) returned 1 [0145.997] VirtualAlloc (lpAddress=0xc000226000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000226000 [0145.998] ReadFile (in: hFile=0x3f0, lpBuffer=0xc000226000, nNumberOfBytesToRead=0x2ae, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000226000*, lpNumberOfBytesRead=0xc00023fc04*=0xae, lpOverlapped=0x0) returned 1 [0145.999] ReadFile (in: hFile=0x3f0, lpBuffer=0xc0002260ae, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00023fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002260ae*, lpNumberOfBytesRead=0xc00023fc04*=0x0, lpOverlapped=0x0) returned 1 [0145.999] CloseHandle (hObject=0x3f0) returned 1 [0146.000] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0146.000] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini\\*", lpFindFileData=0xc00023fa08 | out: lpFindFileData=0xc00023fa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0146.000] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00023f720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0146.000] GetFileType (hFile=0x3d4) returned 0x1 [0146.000] WriteFile (in: hFile=0x3d4, lpBuffer=0xc000756000*, nNumberOfBytesToWrite=0x9f0, lpNumberOfBytesWritten=0xc0001a9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000756000*, lpNumberOfBytesWritten=0xc0001a9cec*=0x9f0, lpOverlapped=0x0) returned 1 [0146.002] CloseHandle (hObject=0x3d4) returned 1 [0146.003] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0146.003] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0146.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4dkRC_taB152.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4dkrc_tab152.flv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0146.005] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0001a9d64 | out: lpMode=0xc0001a9d64) returned 0 [0146.008] GetFileType (hFile=0x5c4) returned 0x1 [0146.008] WriteFile (in: hFile=0x5c4, lpBuffer=0xc000614580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614580*, lpNumberOfBytesWritten=0xc0001a9d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.008] CloseHandle (hObject=0x5c4) returned 1 [0146.009] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0146.011] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\4dkRC_taB152.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\4dkrc_tab152.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-4dkRC_taB152.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-4dkrc_tab152.flv.lnk"), dwFlags=0x1) returned 1 [0150.678] WaitForSingleObject (hHandle=0x968, dwMilliseconds=0xffffffff) returned 0x0 [0151.251] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.251] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*", lpFindFileData=0xc0001299f8 | out: lpFindFileData=0xc0001299f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0151.251] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000129720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0151.251] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0151.252] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\98_inOjtBT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\98_inojtbt.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x79c [0151.253] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc000413cf4 | out: lpMode=0xc000413cf4) returned 0 [0151.255] WaitForSingleObject (hHandle=0x968, dwMilliseconds=0xffffffff) returned 0x0 [0151.820] GetFileType (hFile=0x79c) returned 0x1 [0151.820] GetFileType (hFile=0x79c) returned 0x1 [0151.820] GetFileInformationByHandle (in: hFile=0x79c, lpFileInformation=0xc000413d44 | out: lpFileInformation=0xc000413d44) returned 1 [0151.820] GetFileInformationByHandleEx (in: hFile=0x79c, FileInformationClass=0x9, lpFileInformation=0xc000413d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000413d28) returned 1 [0151.820] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0151.823] ReadFile (in: hFile=0x79c, lpBuffer=0xc00028c000, nNumberOfBytesToRead=0x3442, lpNumberOfBytesRead=0xc000413c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesRead=0xc000413c04*=0x3242, lpOverlapped=0x0) returned 1 [0151.824] ReadFile (in: hFile=0x79c, lpBuffer=0xc00028f242, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000413c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028f242*, lpNumberOfBytesRead=0xc000413c04*=0x0, lpOverlapped=0x0) returned 1 [0151.825] CloseHandle (hObject=0x79c) returned 1 [0151.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\98_inOjtBT.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\98_inojtbt.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0151.826] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc000413d04 | out: lpMode=0xc000413d04) returned 0 [0151.828] WaitForSingleObject (hHandle=0x968, dwMilliseconds=0xffffffff) returned 0x0 [0152.174] SetEvent (hEvent=0xa60) returned 1 [0152.174] WaitForSingleObject (hHandle=0x968, dwMilliseconds=0xffffffff) returned 0x0 [0161.400] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\7znj_LIq7Lm-2.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\7znj_liq7lm-2.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x79c [0161.990] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc000301cf4 | out: lpMode=0xc000301cf4) returned 0 [0162.247] GetFileType (hFile=0x79c) returned 0x1 [0162.247] GetFileType (hFile=0x79c) returned 0x1 [0162.247] GetFileInformationByHandle (in: hFile=0x79c, lpFileInformation=0xc000301d44 | out: lpFileInformation=0xc000301d44) returned 1 [0162.247] GetFileInformationByHandleEx (in: hFile=0x79c, FileInformationClass=0x9, lpFileInformation=0xc000301d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000301d28) returned 1 [0162.248] VirtualAlloc (lpAddress=0xc0005d6000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005d6000 [0162.251] ReadFile (in: hFile=0x79c, lpBuffer=0xc0005d6000, nNumberOfBytesToRead=0xc8d5, lpNumberOfBytesRead=0xc000301c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005d6000*, lpNumberOfBytesRead=0xc000301c04*=0xc6d5, lpOverlapped=0x0) returned 1 [0162.253] ReadFile (in: hFile=0x79c, lpBuffer=0xc0005e26d5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000301c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005e26d5*, lpNumberOfBytesRead=0xc000301c04*=0x0, lpOverlapped=0x0) returned 1 [0162.253] CloseHandle (hObject=0x79c) returned 1 [0162.254] VirtualAlloc (lpAddress=0xc0005e4000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005e4000 [0162.257] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x33f3f698, ulCount=0x10, ulNumEntriesRemoved=0x33f3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x33f3f698, ulNumEntriesRemoved=0x33f3f66c) returned 0 [0162.257] SetEvent (hEvent=0xa48) returned 1 [0162.257] VirtualAlloc (lpAddress=0xc0005f2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005f2000 [0162.260] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\7znj_LIq7Lm-2.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\7znj_liq7lm-2.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0162.262] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc000301d04 | out: lpMode=0xc000301d04) returned 0 [0162.417] WaitForSingleObject (hHandle=0x968, dwMilliseconds=0xffffffff) returned 0x0 [0162.588] SetEvent (hEvent=0x1f8) returned 1 [0162.588] WaitForSingleObject (hHandle=0x968, dwMilliseconds=0xffffffff) returned 0x0 [0163.621] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000040000*, nNumberOfCharsToWrite=0x43, lpNumberOfCharsWritten=0xc0002e7808, lpReserved=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfCharsWritten=0xc0002e7808*=0x43) returned 1 [0163.622] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1a01 | out: pbBuffer=0xc0000e1a01) returned 1 [0163.622] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0163.623] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0166.392] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0xc0002e7a68 | out: lpFindFileData=0xc0002e7a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0166.393] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002e7720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0166.393] WaitForSingleObject (hHandle=0x968, dwMilliseconds=0xffffffff) Thread: id = 106 os_tid = 0x6a0 [0141.847] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3413fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3413fea0*=0x56c) returned 1 [0141.848] VirtualQuery (in: lpAddress=0x3413fec0, lpBuffer=0x3413fec0, dwLength=0x30 | out: lpBuffer=0x3413fec0*(BaseAddress=0x3413f000, AllocationBase=0x33f40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x588 [0141.849] GetConsoleMode (in: hConsoleHandle=0x588, lpMode=0xc0001ffcf4 | out: lpMode=0xc0001ffcf4) returned 0 [0141.851] GetFileType (hFile=0x588) returned 0x1 [0141.851] GetFileType (hFile=0x588) returned 0x1 [0141.852] GetFileInformationByHandle (in: hFile=0x588, lpFileInformation=0xc0001ffd44 | out: lpFileInformation=0xc0001ffd44) returned 1 [0141.852] GetFileInformationByHandleEx (in: hFile=0x588, FileInformationClass=0x9, lpFileInformation=0xc0001ffd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001ffd28) returned 1 [0141.852] ReadFile (in: hFile=0x588, lpBuffer=0xc000334600, nNumberOfBytesToRead=0x100e, lpNumberOfBytesRead=0xc0001ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc000334600*, lpNumberOfBytesRead=0xc0001ffc04*=0xe0e, lpOverlapped=0x0) returned 1 [0142.631] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x970 [0142.631] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x974 [0142.631] WaitForSingleObject (hHandle=0x970, dwMilliseconds=0xffffffff) returned 0x0 [0143.585] ReadFile (in: hFile=0x588, lpBuffer=0xc00033540e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc00033540e*, lpNumberOfBytesRead=0xc0001ffc04*=0x0, lpOverlapped=0x0) returned 1 [0143.585] CloseHandle (hObject=0x588) returned 1 [0143.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x588 [0143.587] GetConsoleMode (in: hConsoleHandle=0x588, lpMode=0xc0001ffd04 | out: lpMode=0xc0001ffd04) returned 0 [0143.589] GetFileType (hFile=0x588) returned 0x1 [0143.589] WriteFile (in: hFile=0x588, lpBuffer=0xc000673000*, nNumberOfBytesToWrite=0xe10, lpNumberOfBytesWritten=0xc0001ffcec, lpOverlapped=0x0 | out: lpBuffer=0xc000673000*, lpNumberOfBytesWritten=0xc0001ffcec*=0xe10, lpOverlapped=0x0) returned 1 [0143.590] CloseHandle (hObject=0x588) returned 1 [0143.590] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0143.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x588 [0143.591] GetConsoleMode (in: hConsoleHandle=0x588, lpMode=0xc0001ffd64 | out: lpMode=0xc0001ffd64) returned 0 [0143.595] GetFileType (hFile=0x588) returned 0x1 [0143.595] WriteFile (in: hFile=0x588, lpBuffer=0xc0006151e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001ffd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006151e0*, lpNumberOfBytesWritten=0xc0001ffd4c*=0x158, lpOverlapped=0x0) returned 1 [0143.595] CloseHandle (hObject=0x588) returned 1 [0143.596] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0143.597] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Videos.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\videos.library-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\encry-Videos.library-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\libraries\\encry-videos.library-ms"), dwFlags=0x1) returned 1 [0143.600] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3413fe30*=0x970, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.603] WaitForSingleObject (hHandle=0x970, dwMilliseconds=0xffffffff) returned 0x0 [0143.603] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3413f698, ulCount=0x10, ulNumEntriesRemoved=0x3413f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3413f698, ulNumEntriesRemoved=0x3413f66c) returned 0 [0143.603] SetEvent (hEvent=0xc0) returned 1 [0143.603] SetEvent (hEvent=0x164) returned 1 [0143.604] SetEvent (hEvent=0x414) returned 1 [0143.604] SetEvent (hEvent=0x120) returned 1 [0143.605] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3413fe08*=0x970, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.612] SetEvent (hEvent=0x120) returned 1 [0143.612] SetEvent (hEvent=0x414) returned 1 [0143.612] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3413fe08*=0x970, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.616] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3413fe30*=0x970, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.617] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3413f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3413f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3413f6a0, ulNumEntriesRemoved=0x3413f674) returned 0 [0143.617] SetEvent (hEvent=0x164) returned 1 [0143.617] SetEvent (hEvent=0x120) returned 1 [0143.617] SetEvent (hEvent=0x414) returned 1 [0143.617] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3413fe18*=0x970, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.620] WaitForSingleObject (hHandle=0x970, dwMilliseconds=0xffffffff) returned 0x0 [0143.620] SetEvent (hEvent=0x978) returned 1 [0143.620] WaitForSingleObject (hHandle=0x970, dwMilliseconds=0xffffffff) returned 0x0 [0143.641] SetEvent (hEvent=0x47c) returned 1 [0143.641] SetEvent (hEvent=0x980) returned 1 [0143.641] WaitForSingleObject (hHandle=0x970, dwMilliseconds=0xffffffff) returned 0x0 [0143.648] SetEvent (hEvent=0x47c) returned 1 [0143.648] SetEvent (hEvent=0x988) returned 1 [0143.648] WaitForSingleObject (hHandle=0x970, dwMilliseconds=0xffffffff) returned 0x0 [0143.730] SetEvent (hEvent=0xc04) returned 1 [0143.730] WaitForSingleObject (hHandle=0x970, dwMilliseconds=0xffffffff) returned 0x0 [0143.746] SetEvent (hEvent=0xc14) returned 1 [0143.746] WaitForSingleObject (hHandle=0x970, dwMilliseconds=0xffffffff) Thread: id = 107 os_tid = 0x130 [0141.852] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3433fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3433fea0*=0x58c) returned 1 [0141.852] VirtualQuery (in: lpAddress=0x3433fec0, lpBuffer=0x3433fec0, dwLength=0x30 | out: lpBuffer=0x3433fec0*(BaseAddress=0x3433f000, AllocationBase=0x34140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.852] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RTEhwpoz7DC1cQI8j.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rtehwpoz7dc1cqi8j.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x590 [0141.853] GetConsoleMode (in: hConsoleHandle=0x590, lpMode=0xc0003f7cf4 | out: lpMode=0xc0003f7cf4) returned 0 [0141.854] GetFileType (hFile=0x590) returned 0x1 [0141.854] GetFileType (hFile=0x590) returned 0x1 [0141.854] GetFileInformationByHandle (in: hFile=0x590, lpFileInformation=0xc0003f7d44 | out: lpFileInformation=0xc0003f7d44) returned 1 [0141.854] GetFileInformationByHandleEx (in: hFile=0x590, FileInformationClass=0x9, lpFileInformation=0xc0003f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003f7d28) returned 1 [0141.855] VirtualAlloc (lpAddress=0xc0005d0000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005d0000 [0141.857] ReadFile (in: hFile=0x590, lpBuffer=0xc0005d0000, nNumberOfBytesToRead=0x21b4, lpNumberOfBytesRead=0xc0003f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005d0000*, lpNumberOfBytesRead=0xc0003f7c04*=0x1fb4, lpOverlapped=0x0) returned 1 [0142.633] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x978 [0142.633] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x97c [0142.633] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0143.625] ReadFile (in: hFile=0x590, lpBuffer=0xc0005d1fb4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005d1fb4*, lpNumberOfBytesRead=0xc0003f7c04*=0x0, lpOverlapped=0x0) returned 1 [0143.626] CloseHandle (hObject=0x590) returned 1 [0143.626] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0143.627] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RTEhwpoz7DC1cQI8j.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rtehwpoz7dc1cqi8j.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x678 [0143.650] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0144.310] SetEvent (hEvent=0xbc0) returned 1 [0144.310] GetConsoleMode (in: hConsoleHandle=0x678, lpMode=0xc0003f7d04 | out: lpMode=0xc0003f7d04) returned 0 [0144.313] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0144.626] GetFileType (hFile=0x678) returned 0x1 [0144.626] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0145.378] SetEvent (hEvent=0xc0) returned 1 [0145.379] SetEvent (hEvent=0x2f4) returned 1 [0145.379] WriteFile (in: hFile=0x678, lpBuffer=0xc00003c000*, nNumberOfBytesToWrite=0x1fc0, lpNumberOfBytesWritten=0xc0003f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesWritten=0xc0003f7cec*=0x1fc0, lpOverlapped=0x0) returned 1 [0145.380] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0145.896] CloseHandle (hObject=0x678) returned 1 [0145.911] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0146.144] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0146.144] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RTEhwpoz7DC1cQI8j.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rtehwpoz7dc1cqi8j.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0146.144] GetConsoleMode (in: hConsoleHandle=0x404, lpMode=0xc0003f7d64 | out: lpMode=0xc0003f7d64) returned 0 [0146.148] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0146.256] GetFileType (hFile=0x404) returned 0x1 [0146.256] WriteFile (in: hFile=0x404, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc0003f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.256] CloseHandle (hObject=0x404) returned 1 [0146.264] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0146.312] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0146.313] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0146.314] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RTEhwpoz7DC1cQI8j.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rtehwpoz7dc1cqi8j.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-RTEhwpoz7DC1cQI8j.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-rtehwpoz7dc1cqi8j.lnk"), dwFlags=0x1) returned 1 [0150.664] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0151.405] SetEvent (hEvent=0x1f8) returned 1 [0151.405] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0161.581] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0161.582] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0161.584] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0161.585] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0161.586] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0161.588] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0161.589] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0161.591] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0161.592] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0161.596] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0161.602] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) returned 0x0 [0161.605] SetEvent (hEvent=0x9b8) returned 1 [0161.605] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc550*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000259818, lpReserved=0x0 | out: lpBuffer=0xc0000bc550*, lpNumberOfCharsWritten=0xc000259818*=0x4) returned 1 [0161.607] SetEvent (hEvent=0x9b8) returned 1 [0161.607] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc558*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000c7818, lpReserved=0x0 | out: lpBuffer=0xc0000bc558*, lpNumberOfCharsWritten=0xc0000c7818*=0x4) returned 1 [0161.609] SetEvent (hEvent=0x9b8) returned 1 [0161.609] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc560*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00034d818, lpReserved=0x0 | out: lpBuffer=0xc0000bc560*, lpNumberOfCharsWritten=0xc00034d818*=0x4) returned 1 [0161.610] SetEvent (hEvent=0x9b8) returned 1 [0161.610] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc568*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000347818, lpReserved=0x0 | out: lpBuffer=0xc0000bc568*, lpNumberOfCharsWritten=0xc000347818*=0x4) returned 1 [0161.611] SetEvent (hEvent=0x9b8) returned 1 [0161.618] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc570*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000353818, lpReserved=0x0 | out: lpBuffer=0xc0000bc570*, lpNumberOfCharsWritten=0xc000353818*=0x4) returned 1 [0161.619] SetEvent (hEvent=0x9b8) returned 1 [0161.619] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc578*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000355818, lpReserved=0x0 | out: lpBuffer=0xc0000bc578*, lpNumberOfCharsWritten=0xc000355818*=0x4) returned 1 [0161.621] SetEvent (hEvent=0xc74) returned 1 [0161.621] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000106d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00034f818, lpReserved=0x0 | out: lpBuffer=0xc0000106d8*, lpNumberOfCharsWritten=0xc00034f818*=0x4) returned 1 [0161.624] SetEvent (hEvent=0x9b8) returned 1 [0161.624] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0780*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00035d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0780*, lpNumberOfCharsWritten=0xc00035d818*=0x4) returned 1 [0161.625] SetEvent (hEvent=0xc74) returned 1 [0161.625] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc580*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00035b818, lpReserved=0x0 | out: lpBuffer=0xc0000bc580*, lpNumberOfCharsWritten=0xc00035b818*=0x4) returned 1 [0161.627] SetEvent (hEvent=0xc74) returned 1 [0161.627] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010730*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000357818, lpReserved=0x0 | out: lpBuffer=0xc000010730*, lpNumberOfCharsWritten=0xc000357818*=0x4) returned 1 [0161.628] SetEvent (hEvent=0x9b8) returned 1 [0161.628] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc588*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00035f818, lpReserved=0x0 | out: lpBuffer=0xc0000bc588*, lpNumberOfCharsWritten=0xc00035f818*=0x4) returned 1 [0161.630] SetEvent (hEvent=0xc74) returned 1 [0161.630] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0788*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000365818, lpReserved=0x0 | out: lpBuffer=0xc0000a0788*, lpNumberOfCharsWritten=0xc000365818*=0x4) returned 1 [0161.631] SetEvent (hEvent=0x9b8) returned 1 [0161.631] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010738*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000363818, lpReserved=0x0 | out: lpBuffer=0xc000010738*, lpNumberOfCharsWritten=0xc000363818*=0x4) returned 1 [0161.633] SetEvent (hEvent=0xc74) returned 1 [0161.633] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000fa400*, nNumberOfCharsToWrite=0x40, lpNumberOfCharsWritten=0xc00037b808, lpReserved=0x0 | out: lpBuffer=0xc0000fa400*, lpNumberOfCharsWritten=0xc00037b808*=0x40) returned 1 [0161.635] SetEvent (hEvent=0x9b8) returned 1 [0161.636] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.083] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood\\*", lpFindFileData=0xc00037ba08 | out: lpFindFileData=0xc00037ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.083] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00037b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.083] WaitForSingleObject (hHandle=0x978, dwMilliseconds=0xffffffff) Thread: id = 108 os_tid = 0x320 [0141.858] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3453fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3453fea0*=0x594) returned 1 [0141.858] VirtualQuery (in: lpAddress=0x3453fec0, lpBuffer=0x3453fec0, dwLength=0x30 | out: lpBuffer=0x3453fec0*(BaseAddress=0x3453f000, AllocationBase=0x34340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x598 [0141.860] GetConsoleMode (in: hConsoleHandle=0x598, lpMode=0xc0001e3cf4 | out: lpMode=0xc0001e3cf4) returned 0 [0141.861] GetFileType (hFile=0x598) returned 0x1 [0141.861] GetFileType (hFile=0x598) returned 0x1 [0141.861] GetFileInformationByHandle (in: hFile=0x598, lpFileInformation=0xc0001e3d44 | out: lpFileInformation=0xc0001e3d44) returned 1 [0141.861] GetFileInformationByHandleEx (in: hFile=0x598, FileInformationClass=0x9, lpFileInformation=0xc0001e3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001e3d28) returned 1 [0141.861] ReadFile (in: hFile=0x598, lpBuffer=0xc000184480, nNumberOfBytesToRead=0x218, lpNumberOfBytesRead=0xc0001e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000184480*, lpNumberOfBytesRead=0xc0001e3c04*=0x18, lpOverlapped=0x0) returned 1 [0142.634] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x980 [0142.634] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x984 [0142.635] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0143.644] SetEvent (hEvent=0x47c) returned 1 [0143.644] ReadFile (in: hFile=0x598, lpBuffer=0xc000184498, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000184498*, lpNumberOfBytesRead=0xc0001e3c04*=0x0, lpOverlapped=0x0) returned 1 [0143.644] CloseHandle (hObject=0x598) returned 1 [0143.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x598 [0143.645] GetConsoleMode (in: hConsoleHandle=0x598, lpMode=0xc0001e3d04 | out: lpMode=0xc0001e3d04) returned 0 [0143.648] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0144.298] SetEvent (hEvent=0xbc0) returned 1 [0144.298] GetFileType (hFile=0x598) returned 0x1 [0144.298] WriteFile (in: hFile=0x598, lpBuffer=0xc00009e060*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xc0001e3cec, lpOverlapped=0x0 | out: lpBuffer=0xc00009e060*, lpNumberOfBytesWritten=0xc0001e3cec*=0x20, lpOverlapped=0x0) returned 1 [0144.299] CloseHandle (hObject=0x598) returned 1 [0144.299] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3401 | out: pbBuffer=0xc0001c3401) returned 1 [0144.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x598 [0144.300] GetConsoleMode (in: hConsoleHandle=0x598, lpMode=0xc0001e3d64 | out: lpMode=0xc0001e3d64) returned 0 [0144.303] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0144.659] SetEvent (hEvent=0xc6c) returned 1 [0144.659] GetFileType (hFile=0x598) returned 0x1 [0144.659] WriteFile (in: hFile=0x598, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001e3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0001e3d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.659] CloseHandle (hObject=0x598) returned 1 [0144.659] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\1b4dd67f29cb1962.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\encry-1b4dd67f29cb1962.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\encry-1b4dd67f29cb1962.customdestinations-ms"), dwFlags=0x1) returned 1 [0144.661] SetEvent (hEvent=0xc1c) returned 1 [0144.661] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0144.663] SetEvent (hEvent=0xc6c) returned 1 [0144.663] SetEvent (hEvent=0x988) returned 1 [0144.663] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0144.679] SetEvent (hEvent=0x1c4) returned 1 [0144.679] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.680] SetEvent (hEvent=0xb60) returned 1 [0144.680] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0144.690] SetEvent (hEvent=0x1c4) returned 1 [0144.690] SetEvent (hEvent=0xbd0) returned 1 [0144.690] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0145.610] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a05e8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000409818, lpReserved=0x0 | out: lpBuffer=0xc0000a05e8*, lpNumberOfCharsWritten=0xc000409818*=0x4) returned 1 [0145.612] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a05f0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001a5818, lpReserved=0x0 | out: lpBuffer=0xc0000a05f0*, lpNumberOfCharsWritten=0xc0001a5818*=0x4) returned 1 [0145.615] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0146.109] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002061b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00038f818, lpReserved=0x0 | out: lpBuffer=0xc0002061b0*, lpNumberOfCharsWritten=0xc00038f818*=0x4) returned 1 [0146.117] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002061b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001f9818, lpReserved=0x0 | out: lpBuffer=0xc0002061b8*, lpNumberOfCharsWritten=0xc0001f9818*=0x4) returned 1 [0146.119] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0146.414] SetEvent (hEvent=0xc24) returned 1 [0146.415] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0146.423] GetFileType (hFile=0x384) returned 0x1 [0146.423] GetFileType (hFile=0x384) returned 0x1 [0146.423] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc00012dd44 | out: lpFileInformation=0xc00012dd44) returned 1 [0146.423] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc00012dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012dd28) returned 1 [0146.423] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0146.425] ReadFile (in: hFile=0x384, lpBuffer=0xc0002c4000, nNumberOfBytesToRead=0x7df, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002c4000*, lpNumberOfBytesRead=0xc00012dc04*=0x5df, lpOverlapped=0x0) returned 1 [0146.433] ReadFile (in: hFile=0x384, lpBuffer=0xc0002c45df, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002c45df*, lpNumberOfBytesRead=0xc00012dc04*=0x0, lpOverlapped=0x0) returned 1 [0146.433] CloseHandle (hObject=0x384) returned 1 [0146.433] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0146.435] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00012dd04 | out: lpMode=0xc00012dd04) returned 0 [0146.442] GetFileType (hFile=0x384) returned 0x1 [0146.442] WriteFile (in: hFile=0x384, lpBuffer=0xc0000be600*, nNumberOfBytesToWrite=0x5e0, lpNumberOfBytesWritten=0xc00012dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000be600*, lpNumberOfBytesWritten=0xc00012dcec*=0x5e0, lpOverlapped=0x0) returned 1 [0146.443] CloseHandle (hObject=0x384) returned 1 [0146.443] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1601 | out: pbBuffer=0xc0000e1601) returned 1 [0146.444] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0146.444] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00012dd64 | out: lpMode=0xc00012dd64) returned 0 [0146.448] GetFileType (hFile=0x384) returned 0x1 [0146.449] WriteFile (in: hFile=0x384, lpBuffer=0xc000050580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050580*, lpNumberOfBytesWritten=0xc00012dd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.449] CloseHandle (hObject=0x384) returned 1 [0146.449] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0146.451] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\encry-Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\encry-internet explorer (no add-ons).lnk"), dwFlags=0x1) returned 1 [0146.454] VirtualAlloc (lpAddress=0xc0002cc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002cc000 [0146.456] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XT0rtZ_l-eS-ZJIBw.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xt0rtz_l-es-zjibw.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-XT0rtZ_l-eS-ZJIBw.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-xt0rtz_l-es-zjibw.flv.lnk"), dwFlags=0x1) returned 1 [0150.658] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0161.796] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0161.797] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0161.798] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0161.802] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0161.803] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0161.804] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0161.805] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0161.807] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0161.809] SetEvent (hEvent=0xa70) returned 1 [0161.809] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586aa0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001a7818, lpReserved=0x0 | out: lpBuffer=0xc000586aa0*, lpNumberOfCharsWritten=0xc0001a7818*=0x4) returned 1 [0161.810] SetEvent (hEvent=0xa70) returned 1 [0161.811] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586aa8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000157818, lpReserved=0x0 | out: lpBuffer=0xc000586aa8*, lpNumberOfCharsWritten=0xc000157818*=0x4) returned 1 [0161.812] SetEvent (hEvent=0xa70) returned 1 [0161.812] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586ab0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00027b818, lpReserved=0x0 | out: lpBuffer=0xc000586ab0*, lpNumberOfCharsWritten=0xc00027b818*=0x4) returned 1 [0161.813] SetEvent (hEvent=0xa70) returned 1 [0161.813] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586ab8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001c9818, lpReserved=0x0 | out: lpBuffer=0xc000586ab8*, lpNumberOfCharsWritten=0xc0001c9818*=0x4) returned 1 [0161.814] SetEvent (hEvent=0xa70) returned 1 [0161.814] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586ac0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000465818, lpReserved=0x0 | out: lpBuffer=0xc000586ac0*, lpNumberOfCharsWritten=0xc000465818*=0x4) returned 1 [0161.816] SetEvent (hEvent=0xa70) returned 1 [0161.816] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000dc2d0*, nNumberOfCharsToWrite=0x41, lpNumberOfCharsWritten=0xc000521808, lpReserved=0x0 | out: lpBuffer=0xc0000dc2d0*, lpNumberOfCharsWritten=0xc000521808*=0x41) returned 1 [0161.816] SetEvent (hEvent=0xa70) returned 1 [0161.817] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b401 | out: pbBuffer=0xc00031b401) returned 1 [0161.817] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x678 [0162.044] GetConsoleMode (in: hConsoleHandle=0x678, lpMode=0xc000521d64 | out: lpMode=0xc000521d64) returned 0 [0162.405] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0162.595] SetEvent (hEvent=0xa38) returned 1 [0162.595] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0163.520] SetEvent (hEvent=0xa38) returned 1 [0163.520] SwitchToThread () returned 1 [0163.521] SetEvent (hEvent=0xb68) returned 1 [0163.522] SetEvent (hEvent=0xa38) returned 1 [0163.522] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0163.524] SetEvent (hEvent=0xa38) returned 1 [0163.524] SetEvent (hEvent=0xb68) returned 1 [0163.566] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00043b818, lpReserved=0x0 | out: lpBuffer=0xc000586008*, lpNumberOfCharsWritten=0xc00043b818*=0x3) returned 1 [0163.568] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000fa000*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0xc0003a9808, lpReserved=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfCharsWritten=0xc0003a9808*=0x3d) returned 1 [0163.569] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0163.571] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0163.571] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0163.572] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0163.573] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0163.574] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0163.575] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0163.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0166.402] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*", lpFindFileData=0xc0003a9a68 | out: lpFindFileData=0xc0003a9a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0166.402] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0003a9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0166.403] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0166.518] SetEvent (hEvent=0xc44) returned 1 [0166.518] SwitchToThread () returned 1 [0166.717] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0166.823] SetEvent (hEvent=0xa8) returned 1 [0166.823] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0166.836] SetEvent (hEvent=0xb68) returned 1 [0166.836] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0166.838] SetEvent (hEvent=0xa40) returned 1 [0166.838] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0166.848] SetEvent (hEvent=0xa60) returned 1 [0166.848] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0166.855] SetEvent (hEvent=0xb70) returned 1 [0166.855] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0166.866] SetEvent (hEvent=0xb40) returned 1 [0166.867] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0166.870] SetEvent (hEvent=0xa30) returned 1 [0166.870] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0166.894] SetEvent (hEvent=0xc5c) returned 1 [0166.894] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0166.908] SetEvent (hEvent=0xa68) returned 1 [0166.908] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0166.914] SetEvent (hEvent=0xb58) returned 1 [0166.914] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0166.918] SetEvent (hEvent=0xa10) returned 1 [0166.918] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0166.971] SetEvent (hEvent=0xa10) returned 1 [0166.971] SetEvent (hEvent=0xc0c) returned 1 [0166.971] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0166.981] SetEvent (hEvent=0xa10) returned 1 [0166.981] SetEvent (hEvent=0xb68) returned 1 [0166.981] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0166.996] SetEvent (hEvent=0xb70) returned 1 [0166.996] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0167.224] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0167.261] SetEvent (hEvent=0xc1c) returned 1 [0167.261] SetEvent (hEvent=0xae0) returned 1 [0167.261] VirtualFree (lpAddress=0xc00037e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.263] VirtualFree (lpAddress=0xc00030c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.264] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.265] VirtualFree (lpAddress=0xc0002ec000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0167.266] VirtualFree (lpAddress=0xc0002de000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0167.267] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.269] VirtualFree (lpAddress=0xc000264000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0167.270] VirtualFree (lpAddress=0xc000184000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.271] SwitchToThread () returned 1 [0167.283] SetEvent (hEvent=0xc1c) returned 1 [0167.283] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0167.288] SetEvent (hEvent=0xc1c) returned 1 [0167.289] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0167.292] SetEvent (hEvent=0xc1c) returned 1 [0167.292] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0167.317] SetEvent (hEvent=0xc1c) returned 1 [0167.317] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0167.327] SetEvent (hEvent=0xc14) returned 1 [0167.327] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0167.346] SwitchToThread () returned 1 [0167.353] SetEvent (hEvent=0x1a0) returned 1 [0167.353] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a4000*, nNumberOfCharsToWrite=0x84, lpNumberOfCharsWritten=0xc000517808, lpReserved=0x0 | out: lpBuffer=0xc0000a4000*, lpNumberOfCharsWritten=0xc000517808*=0x84) returned 1 [0167.362] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) returned 0x0 [0167.400] SetEvent (hEvent=0xa80) returned 1 [0167.400] WaitForSingleObject (hHandle=0x980, dwMilliseconds=0xffffffff) Thread: id = 109 os_tid = 0xa24 [0141.863] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3473fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3473fea0*=0x59c) returned 1 [0141.863] VirtualQuery (in: lpAddress=0x3473fec0, lpBuffer=0x3473fec0, dwLength=0x30 | out: lpBuffer=0x3473fec0*(BaseAddress=0x3473f000, AllocationBase=0x34540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.863] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IRGFUbZDrY001k.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\irgfubzdry001k.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5a0 [0141.864] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc0003a5cf4 | out: lpMode=0xc0003a5cf4) returned 0 [0141.866] GetFileType (hFile=0x5a0) returned 0x1 [0141.866] GetFileType (hFile=0x5a0) returned 0x1 [0141.866] GetFileInformationByHandle (in: hFile=0x5a0, lpFileInformation=0xc0003a5d44 | out: lpFileInformation=0xc0003a5d44) returned 1 [0141.866] GetFileInformationByHandleEx (in: hFile=0x5a0, FileInformationClass=0x9, lpFileInformation=0xc0003a5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003a5d28) returned 1 [0141.866] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0141.868] ReadFile (in: hFile=0x5a0, lpBuffer=0xc00016a000, nNumberOfBytesToRead=0xc63, lpNumberOfBytesRead=0xc0003a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016a000*, lpNumberOfBytesRead=0xc0003a5c04*=0xa63, lpOverlapped=0x0) returned 1 [0142.636] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x988 [0142.636] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x98c [0142.636] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0143.651] ReadFile (in: hFile=0x5a0, lpBuffer=0xc00016aa63, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016aa63*, lpNumberOfBytesRead=0xc0003a5c04*=0x0, lpOverlapped=0x0) returned 1 [0143.651] CloseHandle (hObject=0x5a0) returned 1 [0143.652] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IRGFUbZDrY001k.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\irgfubzdry001k.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494 [0143.693] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0144.375] SetEvent (hEvent=0xbc0) returned 1 [0144.375] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc0003a5d04 | out: lpMode=0xc0003a5d04) returned 0 [0144.377] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0144.672] GetFileType (hFile=0x494) returned 0x1 [0144.672] WriteFile (in: hFile=0x494, lpBuffer=0xc000757500*, nNumberOfBytesToWrite=0xa70, lpNumberOfBytesWritten=0xc0003a5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000757500*, lpNumberOfBytesWritten=0xc0003a5cec*=0xa70, lpOverlapped=0x0) returned 1 [0144.673] CloseHandle (hObject=0x494) returned 1 [0144.673] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0144.673] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0144.674] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IRGFUbZDrY001k.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\irgfubzdry001k.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494 [0144.674] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc0003a5d64 | out: lpMode=0xc0003a5d64) returned 0 [0144.678] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0145.374] GetFileType (hFile=0x494) returned 0x1 [0145.374] WriteFile (in: hFile=0x494, lpBuffer=0xc00007e160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003a5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e160*, lpNumberOfBytesWritten=0xc0003a5d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.375] CloseHandle (hObject=0x494) returned 1 [0145.378] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IRGFUbZDrY001k.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\irgfubzdry001k.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-IRGFUbZDrY001k.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-irgfubzdry001k.lnk"), dwFlags=0x1) returned 1 [0146.939] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0146.959] WriteFile (in: hFile=0x568, lpBuffer=0xc00021c500*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0xc00020dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00021c500*, lpNumberOfBytesWritten=0xc00020dcec*=0x4f0, lpOverlapped=0x0) returned 1 [0146.961] CloseHandle (hObject=0x568) returned 1 [0146.961] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0146.961] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0146.962] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x568 [0146.963] GetConsoleMode (in: hConsoleHandle=0x568, lpMode=0xc00020dd64 | out: lpMode=0xc00020dd64) returned 0 [0146.989] GetFileType (hFile=0x568) returned 0x1 [0146.989] WriteFile (in: hFile=0x568, lpBuffer=0xc0002806e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002806e0*, lpNumberOfBytesWritten=0xc00020dd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.989] CloseHandle (hObject=0x568) returned 1 [0146.989] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\encry-Magnify.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\encry-magnify.lnk"), dwFlags=0x1) returned 1 [0146.992] GetFileType (hFile=0x880) returned 0x1 [0146.992] WriteFile (in: hFile=0x880, lpBuffer=0xc00058e000*, nNumberOfBytesToWrite=0x38010, lpNumberOfBytesWritten=0xc0001d1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesWritten=0xc0001d1cec*=0x38010, lpOverlapped=0x0) returned 1 [0146.999] CloseHandle (hObject=0x880) returned 1 [0146.999] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1b01 | out: pbBuffer=0xc0000e1b01) returned 1 [0147.000] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0147.001] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0147.002] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x880 [0147.003] GetConsoleMode (in: hConsoleHandle=0x880, lpMode=0xc0001d1d64 | out: lpMode=0xc0001d1d64) returned 0 [0147.010] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0147.029] SetEvent (hEvent=0xbd8) returned 1 [0147.029] GetFileType (hFile=0x880) returned 0x1 [0147.029] WriteFile (in: hFile=0x880, lpBuffer=0xc0001809a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001809a0*, lpNumberOfBytesWritten=0xc0001d1d4c*=0x158, lpOverlapped=0x0) returned 1 [0147.030] CloseHandle (hObject=0x880) returned 1 [0147.036] VirtualAlloc (lpAddress=0xc00028e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028e000 [0147.037] VirtualAlloc (lpAddress=0xc000290000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000290000 [0147.038] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\content-prefs.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-content-prefs.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-content-prefs.sqlite"), dwFlags=0x1) returned 1 [0147.040] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0147.074] SetEvent (hEvent=0xbd8) returned 1 [0147.074] SetEvent (hEvent=0xc1c) returned 1 [0147.074] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0147.074] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*", lpFindFileData=0xc00005b020 | out: lpFindFileData=0xc00005b020*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0147.074] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b050 | out: lpFindFileData=0xc00005b050*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0147.074] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b050 | out: lpFindFileData=0xc00005b050*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0147.074] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0147.075] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0147.076] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), fInfoLevelId=0x0, lpFileInformation=0xc00005b268 | out: lpFileInformation=0xc00005b268*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb81a92d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa0000)) returned 1 [0147.078] VirtualAlloc (lpAddress=0xc000294000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000294000 [0147.080] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4815eb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4815eb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0147.081] VirtualAlloc (lpAddress=0xc000296000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000296000 [0147.083] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\localstore.rdf"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x850d63f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x850d63f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x850d63f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x501)) returned 1 [0147.116] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0147.117] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x85572e90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39)) returned 1 [0147.279] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\mimetypes.rdf"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb50b6e70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5175550, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb5175550, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xef3)) returned 1 [0147.287] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\minidumps"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0147.298] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0147.301] VirtualAlloc (lpAddress=0xc0002b8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b8000 [0147.302] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\minidumps"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0147.302] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*", lpFindFileData=0xc00005b2a8 | out: lpFindFileData=0xc00005b2a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0147.302] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0147.302] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0147.302] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0147.302] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0147.304] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0147.325] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0147.326] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb43eb830, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb43eb830, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3b3f6e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0147.327] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4c1a3d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4c1a3d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x82b58970, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xa00000)) returned 1 [0147.327] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\pluginreg.dat"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81fbde30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81fbde30, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81fbde30, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe14)) returned 1 [0147.327] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84c85c10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x853f60d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x12069be0, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0xfde)) returned 1 [0147.333] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6fa8c70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6fa8c70, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6fa8c70, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4183)) returned 1 [0147.335] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\secmod.db"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb477d930, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb477d930, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb47c9bf0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4000)) returned 1 [0147.340] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0147.370] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0147.371] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0147.372] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc3787480, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3787480, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d6)) returned 1 [0147.372] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0147.373] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0147.373] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x84e029d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x84e029d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbc5)) returned 1 [0147.382] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0147.447] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6f36850, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x50000)) returned 1 [0147.447] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\times.json"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1d)) returned 1 [0147.455] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0147.456] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0147.457] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*", lpFindFileData=0xc00005b2a8 | out: lpFindFileData=0xc00005b2a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0147.457] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0147.457] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80cff0f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="webapps.json", cAlternateFileName="WEBAPP~1.JSO")) returned 1 [0147.457] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0147.457] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0147.457] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json"), fInfoLevelId=0x0, lpFileInformation=0xc00005b418 | out: lpFileInformation=0xc00005b418*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80cff0f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2)) returned 1 [0147.457] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webappsstore.sqlite"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3a63b40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000)) returned 1 [0147.465] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0147.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), fInfoLevelId=0x0, lpFileInformation=0xc00005b6a0 | out: lpFileInformation=0xc00005b6a0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x6f)) returned 1 [0147.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\ODSPCiJy6FPPAz71hM.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\odspcijy6fppaz71hm.odt"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb12f9fc0, ftCreationTime.dwHighDateTime=0x1d5dd78, ftLastAccessTime.dwLowDateTime=0xe03c3f30, ftLastAccessTime.dwHighDateTime=0x1d5e3b8, ftLastWriteTime.dwLowDateTime=0xe03c3f30, ftLastWriteTime.dwHighDateTime=0x1d5e3b8, nFileSizeHigh=0x0, nFileSizeLow=0xf556)) returned 1 [0147.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PL8Q.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\pl8q.flv"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xced520e0, ftCreationTime.dwHighDateTime=0x1d5ddb9, ftLastAccessTime.dwLowDateTime=0x23019520, ftLastAccessTime.dwHighDateTime=0x1d5e523, ftLastWriteTime.dwLowDateTime=0x23019520, ftLastWriteTime.dwHighDateTime=0x1d5e523, nFileSizeHigh=0x0, nFileSizeLow=0x1999)) returned 1 [0147.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\REINuLLmhp.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\reinullmhp.xls"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7edf340, ftCreationTime.dwHighDateTime=0x1d5e38c, ftLastAccessTime.dwLowDateTime=0x24edc060, ftLastAccessTime.dwHighDateTime=0x1d5de62, ftLastWriteTime.dwLowDateTime=0x24edc060, ftLastWriteTime.dwHighDateTime=0x1d5de62, nFileSizeHigh=0x0, nFileSizeLow=0xc293)) returned 1 [0147.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Rd9uI.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\rd9ui.gif"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2b9015f0, ftCreationTime.dwHighDateTime=0x1d5e621, ftLastAccessTime.dwLowDateTime=0xe326cbb0, ftLastAccessTime.dwHighDateTime=0x1d5e5cb, ftLastWriteTime.dwLowDateTime=0xe326cbb0, ftLastWriteTime.dwHighDateTime=0x1d5e5cb, nFileSizeHigh=0x0, nFileSizeLow=0x957a)) returned 1 [0147.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\XGa8DIo5V.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xga8dio5v.png"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x96c413f0, ftCreationTime.dwHighDateTime=0x1d5d855, ftLastAccessTime.dwLowDateTime=0x911d2af0, ftLastAccessTime.dwHighDateTime=0x1d5db42, ftLastWriteTime.dwLowDateTime=0x911d2af0, ftLastWriteTime.dwHighDateTime=0x1d5db42, nFileSizeHigh=0x0, nFileSizeLow=0x17a72)) returned 1 [0147.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Xl2kGcwhye6UXJEFYf.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xl2kgcwhye6uxjefyf.png"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1743fc60, ftCreationTime.dwHighDateTime=0x1d5dfaf, ftLastAccessTime.dwLowDateTime=0x4f72e9e0, ftLastAccessTime.dwHighDateTime=0x1d5e197, ftLastWriteTime.dwLowDateTime=0x4f72e9e0, ftLastWriteTime.dwHighDateTime=0x1d5e197, nFileSizeHigh=0x0, nFileSizeLow=0xe61b)) returned 1 [0147.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YBaYP.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ybayp.m4a"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70ab1df0, ftCreationTime.dwHighDateTime=0x1d5e465, ftLastAccessTime.dwLowDateTime=0xd15f0250, ftLastAccessTime.dwHighDateTime=0x1d5da93, ftLastWriteTime.dwLowDateTime=0xd15f0250, ftLastWriteTime.dwHighDateTime=0x1d5da93, nFileSizeHigh=0x0, nFileSizeLow=0x676e)) returned 1 [0147.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YJ1 bBWpUBUXjXklo.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yj1 bbwpubuxjxklo.mp4"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd8306620, ftCreationTime.dwHighDateTime=0x1d5df3c, ftLastAccessTime.dwLowDateTime=0x53dff800, ftLastAccessTime.dwHighDateTime=0x1d5e247, ftLastWriteTime.dwLowDateTime=0x53dff800, ftLastWriteTime.dwHighDateTime=0x1d5e247, nFileSizeHigh=0x0, nFileSizeLow=0x69a)) returned 1 [0147.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\bmK73ApGWN4iut5fSy.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\bmk73apgwn4iut5fsy.flv"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88e38dc0, ftCreationTime.dwHighDateTime=0x1d5e290, ftLastAccessTime.dwLowDateTime=0xab98c390, ftLastAccessTime.dwHighDateTime=0x1d5df79, ftLastWriteTime.dwLowDateTime=0xab98c390, ftLastWriteTime.dwHighDateTime=0x1d5df79, nFileSizeHigh=0x0, nFileSizeLow=0x5fc9)) returned 1 [0147.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\fCFRlqHAPk6E4PaQwthT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\fcfrlqhapk6e4paqwtht.m4a"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x40d25860, ftCreationTime.dwHighDateTime=0x1d5dcc6, ftLastAccessTime.dwLowDateTime=0xeedb13b0, ftLastAccessTime.dwHighDateTime=0x1d5e5af, ftLastWriteTime.dwLowDateTime=0xeedb13b0, ftLastWriteTime.dwHighDateTime=0x1d5e5af, nFileSizeHigh=0x0, nFileSizeLow=0x16e77)) returned 1 [0147.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\g1 bkExWw19GGl.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\g1 bkexww19ggl.png"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd43f8f10, ftCreationTime.dwHighDateTime=0x1d5e10c, ftLastAccessTime.dwLowDateTime=0x6c9a4d10, ftLastAccessTime.dwHighDateTime=0x1d5da53, ftLastWriteTime.dwLowDateTime=0x6c9a4d10, ftLastWriteTime.dwHighDateTime=0x1d5da53, nFileSizeHigh=0x0, nFileSizeLow=0xf7c5)) returned 1 [0147.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\hPGCgHVp8qAhlLW.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\hpgcghvp8qahllw.rtf"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x57abfb50, ftCreationTime.dwHighDateTime=0x1d5e701, ftLastAccessTime.dwLowDateTime=0x3ffe52f0, ftLastAccessTime.dwHighDateTime=0x1d5ddec, ftLastWriteTime.dwLowDateTime=0x3ffe52f0, ftLastWriteTime.dwHighDateTime=0x1d5ddec, nFileSizeHigh=0x0, nFileSizeLow=0x16380)) returned 1 [0147.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\kiJhDIFPL-rrySe2rYEX.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\kijhdifpl-rryse2ryex.m4a"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbeccd120, ftCreationTime.dwHighDateTime=0x1d5e2f0, ftLastAccessTime.dwLowDateTime=0xf07210c0, ftLastAccessTime.dwHighDateTime=0x1d5e807, ftLastWriteTime.dwLowDateTime=0xf07210c0, ftLastWriteTime.dwHighDateTime=0x1d5e807, nFileSizeHigh=0x0, nFileSizeLow=0x13563)) returned 1 [0147.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\siwYarWYoo8E913xq.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\siwyarwyoo8e913xq.swf"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c713b60, ftCreationTime.dwHighDateTime=0x1d5de64, ftLastAccessTime.dwLowDateTime=0x3aef1110, ftLastAccessTime.dwHighDateTime=0x1d5d9bd, ftLastWriteTime.dwLowDateTime=0x3aef1110, ftLastWriteTime.dwHighDateTime=0x1d5d9bd, nFileSizeHigh=0x0, nFileSizeLow=0x1421e)) returned 1 [0147.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\snAEk-WZcVK4W.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\snaek-wzcvk4w.jpg"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x414abc80, ftCreationTime.dwHighDateTime=0x1d5da30, ftLastAccessTime.dwLowDateTime=0x79f93510, ftLastAccessTime.dwHighDateTime=0x1d5e10c, ftLastWriteTime.dwLowDateTime=0x79f93510, ftLastWriteTime.dwHighDateTime=0x1d5e10c, nFileSizeHigh=0x0, nFileSizeLow=0x8d1e)) returned 1 [0147.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uLo5RP3LW6sBTkCtxh.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ulo5rp3lw6sbtkctxh.bmp"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x38926170, ftCreationTime.dwHighDateTime=0x1d5e4f7, ftLastAccessTime.dwLowDateTime=0xa49dd860, ftLastAccessTime.dwHighDateTime=0x1d5e6fd, ftLastWriteTime.dwLowDateTime=0xa49dd860, ftLastWriteTime.dwHighDateTime=0x1d5e6fd, nFileSizeHigh=0x0, nFileSizeLow=0x7680)) returned 1 [0147.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vHiL hTnat.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vhil htnat.png"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x94b4cd20, ftCreationTime.dwHighDateTime=0x1d5df12, ftLastAccessTime.dwLowDateTime=0x7f44af20, ftLastAccessTime.dwHighDateTime=0x1d5dd44, ftLastWriteTime.dwLowDateTime=0x7f44af20, ftLastWriteTime.dwHighDateTime=0x1d5dd44, nFileSizeHigh=0x0, nFileSizeLow=0x10c6c)) returned 1 [0147.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vJidzl.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vjidzl.png"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4d77c00, ftCreationTime.dwHighDateTime=0x1d5e03f, ftLastAccessTime.dwLowDateTime=0x23a17bc0, ftLastAccessTime.dwHighDateTime=0x1d5e62d, ftLastWriteTime.dwLowDateTime=0x23a17bc0, ftLastWriteTime.dwHighDateTime=0x1d5e62d, nFileSizeHigh=0x0, nFileSizeLow=0xae86)) returned 1 [0147.850] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\x6ncJiE.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\x6ncjie.mp3"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9103c270, ftCreationTime.dwHighDateTime=0x1d5d8c4, ftLastAccessTime.dwLowDateTime=0xb812b400, ftLastAccessTime.dwHighDateTime=0x1d5e267, ftLastWriteTime.dwLowDateTime=0xb812b400, ftLastWriteTime.dwHighDateTime=0x1d5e267, nFileSizeHigh=0x0, nFileSizeLow=0x7bc0)) returned 1 [0147.850] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zUbQnUQ_Do w-B.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zubqnuq_do w-b.rtf"), fInfoLevelId=0x0, lpFileInformation=0xc00005b850 | out: lpFileInformation=0xc00005b850*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x76ee9a70, ftCreationTime.dwHighDateTime=0x1d5d7c7, ftLastAccessTime.dwLowDateTime=0x990025b0, ftLastAccessTime.dwHighDateTime=0x1d5df02, ftLastWriteTime.dwLowDateTime=0x990025b0, ftLastWriteTime.dwHighDateTime=0x1d5df02, nFileSizeHigh=0x0, nFileSizeLow=0xb4c)) returned 1 [0147.850] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data"), fInfoLevelId=0x0, lpFileInformation=0xc00005ba00 | out: lpFileInformation=0xc00005ba00*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x29103b60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29103b60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29103b60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0150.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data"), dwDesiredAccess=0x0, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2200000, hTemplateFile=0x0) returned 0x748 [0150.483] GetFileInformationByHandle (in: hFile=0x748, lpFileInformation=0xc00005b954 | out: lpFileInformation=0xc00005b954) returned 1 [0150.483] GetFileInformationByHandleEx (in: hFile=0x748, FileInformationClass=0x9, lpFileInformation=0xc00005b938, dwBufferSize=0x8 | out: lpFileInformation=0xc00005b938) returned 1 [0150.483] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0150.484] CloseHandle (hObject=0x748) returned 1 [0150.485] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts"), fInfoLevelId=0x0, lpFileInformation=0xc00005ba00 | out: lpFileInformation=0xc00005ba00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0150.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0150.485] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\*", lpFindFileData=0xc00005b7b8 | out: lpFindFileData=0xc00005b7b8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b60f0 [0150.485] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc00005b7e8 | out: lpFindFileData=0xc00005b7e8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0150.485] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc00005b7e8 | out: lpFindFileData=0xc00005b7e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ea7ef20, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2ea7ef20, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2ea7ef20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x49a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Aclviho ASldjfl.contact", cAlternateFileName="ACLVIH~1.CON")) returned 1 [0150.485] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc00005b7e8 | out: lpFindFileData=0xc00005b7e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0150.485] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc00005b7e8 | out: lpFindFileData=0xc00005b7e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaa5080, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaa5080, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaa5080, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x493, dwReserved0=0x0, dwReserved1=0x0, cFileName="asdlfk poopvy.contact", cAlternateFileName="ASDLFK~1.CON")) returned 1 [0150.486] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc00005b7e8 | out: lpFindFileData=0xc00005b7e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eacb1e0, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eacb1e0, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eacb1e0, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x499, dwReserved0=0x0, dwReserved1=0x0, cFileName="chucu jadnvk.contact", cAlternateFileName="CHUCUJ~1.CON")) returned 1 [0150.486] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc00005b7e8 | out: lpFindFileData=0xc00005b7e8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0150.486] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc00005b7e8 | out: lpFindFileData=0xc00005b7e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x496, dwReserved0=0x0, dwReserved1=0x0, cFileName="lulcit amkdfe.contact", cAlternateFileName="LULCIT~1.CON")) returned 1 [0150.486] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc00005b7e8 | out: lpFindFileData=0xc00005b7e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2eaf1340, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2eaf1340, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2eaf1340, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x494, dwReserved0=0x0, dwReserved1=0x0, cFileName="sikvnb huvuib.contact", cAlternateFileName="SIKVNB~1.CON")) returned 1 [0150.486] FindNextFileW (in: hFindFile=0x7b60f0, lpFindFileData=0xc00005b7e8 | out: lpFindFileData=0xc00005b7e8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0150.486] FindClose (in: hFindFile=0x7b60f0 | out: hFindFile=0x7b60f0) returned 1 [0150.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), fInfoLevelId=0x0, lpFileInformation=0xc00005b928 | out: lpFileInformation=0xc00005b928*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2ea7ef20, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x2ea7ef20, ftLastAccessTime.dwHighDateTime=0x1d2fad7, ftLastWriteTime.dwLowDateTime=0x2ea7ef20, ftLastWriteTime.dwHighDateTime=0x1d2fad7, nFileSizeHigh=0x0, nFileSizeLow=0x49a)) returned 1 [0150.685] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0150.734] SetEvent (hEvent=0xb50) returned 1 [0150.734] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0150.737] SetEvent (hEvent=0xb50) returned 1 [0150.737] SetEvent (hEvent=0x274) returned 1 [0150.737] SetEvent (hEvent=0x920) returned 1 [0150.737] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0150.741] SetEvent (hEvent=0x254) returned 1 [0150.741] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0150.753] SetEvent (hEvent=0xb50) returned 1 [0150.753] SetEvent (hEvent=0xc64) returned 1 [0150.753] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0150.759] SetEvent (hEvent=0xa38) returned 1 [0150.759] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0150.765] VirtualFree (lpAddress=0xc00047c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.766] VirtualFree (lpAddress=0xc0003ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.767] VirtualFree (lpAddress=0xc000232000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.768] VirtualFree (lpAddress=0xc00021e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.769] VirtualFree (lpAddress=0xc00010e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.770] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.771] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.772] VirtualFree (lpAddress=0xc000054000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0150.773] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.774] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.775] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc028*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00040d818, lpReserved=0x0 | out: lpBuffer=0xc0000bc028*, lpNumberOfCharsWritten=0xc00040d818*=0x3) returned 1 [0150.778] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0150.797] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00045f818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc00045f818*=0x3) returned 1 [0150.798] SetEvent (hEvent=0x254) returned 1 [0150.798] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0150.802] SetEvent (hEvent=0x8f8) returned 1 [0150.803] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0150.816] SetEvent (hEvent=0xb50) returned 1 [0150.816] SetEvent (hEvent=0x8d0) returned 1 [0150.817] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0150.820] SetEvent (hEvent=0x100) returned 1 [0150.820] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0150.838] SetEvent (hEvent=0x9f0) returned 1 [0150.838] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0151.042] SetEvent (hEvent=0xb50) returned 1 [0151.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\wQBLRGmmPpS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\wqblrgmmpps.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5b8 [0151.042] GetConsoleMode (in: hConsoleHandle=0x5b8, lpMode=0xc000045cf4 | out: lpMode=0xc000045cf4) returned 0 [0151.059] GetFileType (hFile=0x5b8) returned 0x1 [0151.059] GetFileType (hFile=0x5b8) returned 0x1 [0151.059] GetFileInformationByHandle (in: hFile=0x5b8, lpFileInformation=0xc000045d44 | out: lpFileInformation=0xc000045d44) returned 1 [0151.060] GetFileInformationByHandleEx (in: hFile=0x5b8, FileInformationClass=0x9, lpFileInformation=0xc000045d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000045d28) returned 1 [0151.060] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0151.061] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0151.064] ReadFile (in: hFile=0x5b8, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0xcafb, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc000045c04*=0xc8fb, lpOverlapped=0x0) returned 1 [0151.066] ReadFile (in: hFile=0x5b8, lpBuffer=0xc0002668fb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000045c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002668fb*, lpNumberOfBytesRead=0xc000045c04*=0x0, lpOverlapped=0x0) returned 1 [0151.066] CloseHandle (hObject=0x5b8) returned 1 [0151.066] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0151.068] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0151.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\wQBLRGmmPpS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\wqblrgmmpps.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b8 [0151.073] GetConsoleMode (in: hConsoleHandle=0x5b8, lpMode=0xc000045d04 | out: lpMode=0xc000045d04) returned 0 [0151.180] GetFileType (hFile=0x5b8) returned 0x1 [0151.180] WriteFile (in: hFile=0x5b8, lpBuffer=0xc00028c000*, nNumberOfBytesToWrite=0xc900, lpNumberOfBytesWritten=0xc000045cec, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesWritten=0xc000045cec*=0xc900, lpOverlapped=0x0) returned 1 [0151.182] CloseHandle (hObject=0x5b8) returned 1 [0151.182] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0151.182] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0151.184] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0151.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\wQBLRGmmPpS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\wqblrgmmpps.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b8 [0151.186] GetConsoleMode (in: hConsoleHandle=0x5b8, lpMode=0xc000045d64 | out: lpMode=0xc000045d64) returned 0 [0151.189] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0151.463] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0151.467] SetEvent (hEvent=0x9a8) returned 1 [0151.467] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0151.510] VirtualFree (lpAddress=0xc000498000, dwSize=0x36000, dwFreeType=0x4000) returned 1 [0151.513] VirtualFree (lpAddress=0xc0002fe000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0151.514] VirtualFree (lpAddress=0xc0002e2000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0151.516] VirtualFree (lpAddress=0xc00028c000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0151.517] VirtualFree (lpAddress=0xc00027c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0151.518] VirtualFree (lpAddress=0xc000238000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0151.519] VirtualFree (lpAddress=0xc00021e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0151.520] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.521] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.521] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.522] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.523] VirtualFree (lpAddress=0xc000070000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0151.524] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.524] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.525] SetEvent (hEvent=0x274) returned 1 [0151.525] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0151.554] SetEvent (hEvent=0xa68) returned 1 [0151.554] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\CBj_-_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\cbj_-_.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4d8 [0151.555] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc00042dcf4 | out: lpMode=0xc00042dcf4) returned 0 [0151.584] GetFileType (hFile=0x4d8) returned 0x1 [0151.584] GetFileType (hFile=0x4d8) returned 0x1 [0151.585] GetFileInformationByHandle (in: hFile=0x4d8, lpFileInformation=0xc00042dd44 | out: lpFileInformation=0xc00042dd44) returned 1 [0151.585] GetFileInformationByHandleEx (in: hFile=0x4d8, FileInformationClass=0x9, lpFileInformation=0xc00042dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00042dd28) returned 1 [0151.585] VirtualAlloc (lpAddress=0xc000498000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0151.591] ReadFile (in: hFile=0x4d8, lpBuffer=0xc000498000, nNumberOfBytesToRead=0x1618a, lpNumberOfBytesRead=0xc00042dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000498000*, lpNumberOfBytesRead=0xc00042dc04*=0x15f8a, lpOverlapped=0x0) returned 1 [0151.594] ReadFile (in: hFile=0x4d8, lpBuffer=0xc0004adf8a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00042dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004adf8a*, lpNumberOfBytesRead=0xc00042dc04*=0x0, lpOverlapped=0x0) returned 1 [0151.594] CloseHandle (hObject=0x4d8) returned 1 [0151.595] VirtualAlloc (lpAddress=0xc0004b0000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004b0000 [0151.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\CBj_-_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\cbj_-_.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8 [0151.601] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc00042dd04 | out: lpMode=0xc00042dd04) returned 0 [0151.606] GetFileType (hFile=0x4d8) returned 0x1 [0151.607] WriteFile (in: hFile=0x4d8, lpBuffer=0xc0004b0000*, nNumberOfBytesToWrite=0x15f90, lpNumberOfBytesWritten=0xc00042dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0004b0000*, lpNumberOfBytesWritten=0xc00042dcec*=0x15f90, lpOverlapped=0x0) returned 1 [0151.610] CloseHandle (hObject=0x4d8) returned 1 [0151.610] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3301 | out: pbBuffer=0xc0001c3301) returned 1 [0151.610] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\CBj_-_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\cbj_-_.docx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8 [0151.611] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc00042dd64 | out: lpMode=0xc00042dd64) returned 0 [0151.613] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0151.968] SetEvent (hEvent=0xa68) returned 1 [0151.968] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0151.976] SetEvent (hEvent=0xa68) returned 1 [0151.976] SetEvent (hEvent=0x9a8) returned 1 [0151.977] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0152.104] SetEvent (hEvent=0xa68) returned 1 [0152.104] SetEvent (hEvent=0xa48) returned 1 [0152.104] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0161.516] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0161.520] SetEvent (hEvent=0xc34) returned 1 [0161.520] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0161.521] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000f0000*, nNumberOfCharsToWrite=0x6e, lpNumberOfCharsWritten=0xc0002e3808, lpReserved=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfCharsWritten=0xc0002e3808*=0x6e) returned 1 [0161.523] SetEvent (hEvent=0xc34) returned 1 [0161.523] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0161.523] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.106] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf\\*", lpFindFileData=0xc0002e3a68 | out: lpFindFileData=0xc0002e3a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.106] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0002e3720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0162.106] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) returned 0x0 [0162.266] SetEvent (hEvent=0xac8) returned 1 [0162.266] WaitForSingleObject (hHandle=0x988, dwMilliseconds=0xffffffff) Thread: id = 110 os_tid = 0x984 [0141.868] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3493fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3493fea0*=0x5a8) returned 1 [0141.868] VirtualQuery (in: lpAddress=0x3493fec0, lpBuffer=0x3493fec0, dwLength=0x30 | out: lpBuffer=0x3493fec0*(BaseAddress=0x3493f000, AllocationBase=0x34740000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.868] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2SDE9RzJoWYu4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2sde9rzjowyu4.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5ac [0141.869] GetConsoleMode (in: hConsoleHandle=0x5ac, lpMode=0xc000069cf4 | out: lpMode=0xc000069cf4) returned 0 [0141.871] GetFileType (hFile=0x5ac) returned 0x1 [0141.872] GetFileType (hFile=0x5ac) returned 0x1 [0141.872] GetFileInformationByHandle (in: hFile=0x5ac, lpFileInformation=0xc000069d44 | out: lpFileInformation=0xc000069d44) returned 1 [0141.872] GetFileInformationByHandleEx (in: hFile=0x5ac, FileInformationClass=0x9, lpFileInformation=0xc000069d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000069d28) returned 1 [0141.872] VirtualAlloc (lpAddress=0xc00035a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00035a000 [0141.874] ReadFile (in: hFile=0x5ac, lpBuffer=0xc00035a000, nNumberOfBytesToRead=0x21f0, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc00035a000*, lpNumberOfBytesRead=0xc000069c04*=0x1ff0, lpOverlapped=0x0) returned 1 [0142.637] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x990 [0142.637] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x994 [0142.637] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0143.695] ReadFile (in: hFile=0x5ac, lpBuffer=0xc00035bff0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000069c04, lpOverlapped=0x0 | out: lpBuffer=0xc00035bff0*, lpNumberOfBytesRead=0xc000069c04*=0x0, lpOverlapped=0x0) returned 1 [0143.695] CloseHandle (hObject=0x5ac) returned 1 [0143.695] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2SDE9RzJoWYu4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2sde9rzjowyu4.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x81c [0143.713] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0144.482] GetConsoleMode (in: hConsoleHandle=0x81c, lpMode=0xc000069d04 | out: lpMode=0xc000069d04) returned 0 [0144.489] GetFileType (hFile=0x81c) returned 0x1 [0144.489] WriteFile (in: hFile=0x81c, lpBuffer=0xc00004e000*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0xc000069cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004e000*, lpNumberOfBytesWritten=0xc000069cec*=0x2000, lpOverlapped=0x0) returned 1 [0144.490] CloseHandle (hObject=0x81c) returned 1 [0144.490] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b301 | out: pbBuffer=0xc00031b301) returned 1 [0144.490] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0144.492] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0144.492] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0144.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2SDE9RzJoWYu4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2sde9rzjowyu4.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x81c [0144.493] GetConsoleMode (in: hConsoleHandle=0x81c, lpMode=0xc000069d64 | out: lpMode=0xc000069d64) returned 0 [0144.495] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0144.753] SetEvent (hEvent=0xc0) returned 1 [0144.753] SetEvent (hEvent=0x1c4) returned 1 [0144.753] GetFileType (hFile=0x81c) returned 0x1 [0144.753] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0145.375] WriteFile (in: hFile=0x81c, lpBuffer=0xc0006146e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000069d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006146e0*, lpNumberOfBytesWritten=0xc000069d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.375] CloseHandle (hObject=0x81c) returned 1 [0145.376] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0145.377] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\2SDE9RzJoWYu4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\2sde9rzjowyu4.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-2SDE9RzJoWYu4.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-2sde9rzjowyu4.lnk"), dwFlags=0x1) returned 1 [0147.361] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0147.385] SetEvent (hEvent=0xc24) returned 1 [0147.385] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0147.425] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5d8 [0147.426] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc0003bbcf4 | out: lpMode=0xc0003bbcf4) returned 0 [0147.429] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0147.869] GetFileType (hFile=0x5d8) returned 0x1 [0147.869] GetFileType (hFile=0x5d8) returned 0x1 [0147.869] GetFileInformationByHandle (in: hFile=0x5d8, lpFileInformation=0xc0003bbd44 | out: lpFileInformation=0xc0003bbd44) returned 1 [0147.869] GetFileInformationByHandleEx (in: hFile=0x5d8, FileInformationClass=0x9, lpFileInformation=0xc0003bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003bbd28) returned 1 [0147.869] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0147.871] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0147.873] ReadFile (in: hFile=0x5d8, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x10200, lpNumberOfBytesRead=0xc0003bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc0003bbc04*=0x10000, lpOverlapped=0x0) returned 1 [0148.859] ReadFile (in: hFile=0x5d8, lpBuffer=0xc000356000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000356000*, lpNumberOfBytesRead=0xc0003bbc04*=0x0, lpOverlapped=0x0) returned 1 [0148.859] CloseHandle (hObject=0x5d8) returned 1 [0148.859] VirtualAlloc (lpAddress=0xc00071a000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00071a000 [0148.862] VirtualAlloc (lpAddress=0xc0002d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002d0000 [0148.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0150.441] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc0003bbd04 | out: lpMode=0xc0003bbd04) returned 0 [0150.441] GetFileType (hFile=0x79c) returned 0x1 [0150.441] WriteFile (in: hFile=0x79c, lpBuffer=0xc00071a000*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0xc0003bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00071a000*, lpNumberOfBytesWritten=0xc0003bbcec*=0x10010, lpOverlapped=0x0) returned 1 [0150.471] CloseHandle (hObject=0x79c) returned 1 [0150.564] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0150.564] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0150.565] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0150.566] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0150.567] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0150.568] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0150.569] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x510 [0150.570] GetConsoleMode (in: hConsoleHandle=0x510, lpMode=0xc0003bbd64 | out: lpMode=0xc0003bbd64) returned 0 [0150.571] GetFileType (hFile=0x510) returned 0x1 [0150.571] WriteFile (in: hFile=0x510, lpBuffer=0xc0000a22c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a22c0*, lpNumberOfBytesWritten=0xc0003bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0150.598] CloseHandle (hObject=0x510) returned 1 [0150.684] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0151.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\3U_CJfI.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\3u_cjfi.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3fc [0151.191] GetConsoleMode (in: hConsoleHandle=0x3fc, lpMode=0xc000423cf4 | out: lpMode=0xc000423cf4) returned 0 [0151.193] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0151.529] GetFileType (hFile=0x3fc) returned 0x1 [0151.529] GetFileType (hFile=0x3fc) returned 0x1 [0151.529] GetFileInformationByHandle (in: hFile=0x3fc, lpFileInformation=0xc000423d44 | out: lpFileInformation=0xc000423d44) returned 1 [0151.529] GetFileInformationByHandleEx (in: hFile=0x3fc, FileInformationClass=0x9, lpFileInformation=0xc000423d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000423d28) returned 1 [0151.529] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0151.540] ReadFile (in: hFile=0x3fc, lpBuffer=0xc00028c000, nNumberOfBytesToRead=0x98da, lpNumberOfBytesRead=0xc000423c04, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesRead=0xc000423c04*=0x96da, lpOverlapped=0x0) returned 1 [0151.542] ReadFile (in: hFile=0x3fc, lpBuffer=0xc0002956da, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000423c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002956da*, lpNumberOfBytesRead=0xc000423c04*=0x0, lpOverlapped=0x0) returned 1 [0151.542] CloseHandle (hObject=0x3fc) returned 1 [0151.542] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0151.545] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\3U_CJfI.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\3u_cjfi.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3fc [0151.548] GetConsoleMode (in: hConsoleHandle=0x3fc, lpMode=0xc000423d04 | out: lpMode=0xc000423d04) returned 0 [0151.573] GetFileType (hFile=0x3fc) returned 0x1 [0151.578] WriteFile (in: hFile=0x3fc, lpBuffer=0xc0002e2000*, nNumberOfBytesToWrite=0x96e0, lpNumberOfBytesWritten=0xc000423cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesWritten=0xc000423cec*=0x96e0, lpOverlapped=0x0) returned 1 [0151.582] CloseHandle (hObject=0x3fc) returned 1 [0151.582] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0151.582] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\3U_CJfI.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\3u_cjfi.bmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3fc [0151.582] GetConsoleMode (in: hConsoleHandle=0x3fc, lpMode=0xc000423d64 | out: lpMode=0xc000423d64) returned 0 [0151.602] GetFileType (hFile=0x3fc) returned 0x1 [0151.602] WriteFile (in: hFile=0x3fc, lpBuffer=0xc0002849a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000423d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002849a0*, lpNumberOfBytesWritten=0xc000423d4c*=0x158, lpOverlapped=0x0) returned 1 [0151.603] CloseHandle (hObject=0x3fc) returned 1 [0151.603] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\3U_CJfI.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\3u_cjfi.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\encry-3U_CJfI.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\encry-3u_cjfi.bmp"), dwFlags=0x1) returned 1 [0151.605] SetEvent (hEvent=0x354) returned 1 [0151.605] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0151.616] SetEvent (hEvent=0xa68) returned 1 [0151.617] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\_pE9j8 9q1yztDImt.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\_pe9j8 9q1yztdimt.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2bc [0151.618] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0003c5cf4 | out: lpMode=0xc0003c5cf4) returned 0 [0151.625] GetFileType (hFile=0x2bc) returned 0x1 [0151.625] GetFileType (hFile=0x2bc) returned 0x1 [0151.625] GetFileInformationByHandle (in: hFile=0x2bc, lpFileInformation=0xc0003c5d44 | out: lpFileInformation=0xc0003c5d44) returned 1 [0151.625] GetFileInformationByHandleEx (in: hFile=0x2bc, FileInformationClass=0x9, lpFileInformation=0xc0003c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003c5d28) returned 1 [0151.626] VirtualAlloc (lpAddress=0xc000358000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000358000 [0151.627] ReadFile (in: hFile=0x2bc, lpBuffer=0xc000358000, nNumberOfBytesToRead=0x173ff, lpNumberOfBytesRead=0xc0003c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000358000*, lpNumberOfBytesRead=0xc0003c5c04*=0x171ff, lpOverlapped=0x0) returned 1 [0151.629] ReadFile (in: hFile=0x2bc, lpBuffer=0xc00036f1ff, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00036f1ff*, lpNumberOfBytesRead=0xc0003c5c04*=0x0, lpOverlapped=0x0) returned 1 [0151.629] CloseHandle (hObject=0x2bc) returned 1 [0151.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\_pE9j8 9q1yztDImt.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\_pe9j8 9q1yztdimt.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0151.632] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0003c5d04 | out: lpMode=0xc0003c5d04) returned 0 [0151.646] GetFileType (hFile=0x2bc) returned 0x1 [0151.646] WriteFile (in: hFile=0x2bc, lpBuffer=0xc0004e0000*, nNumberOfBytesToWrite=0x17200, lpNumberOfBytesWritten=0xc0003c5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0004e0000*, lpNumberOfBytesWritten=0xc0003c5cec*=0x17200, lpOverlapped=0x0) returned 1 [0151.651] CloseHandle (hObject=0x2bc) returned 1 [0151.653] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0151.653] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\_pE9j8 9q1yztDImt.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\_pe9j8 9q1yztdimt.rtf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2bc [0151.653] GetConsoleMode (in: hConsoleHandle=0x2bc, lpMode=0xc0003c5d64 | out: lpMode=0xc0003c5d64) returned 0 [0151.656] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0152.129] SetEvent (hEvent=0xa68) returned 1 [0152.129] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0152.131] SetEvent (hEvent=0xa68) returned 1 [0152.131] SetEvent (hEvent=0x274) returned 1 [0152.131] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0152.171] SetEvent (hEvent=0x354) returned 1 [0152.171] SetEvent (hEvent=0xb20) returned 1 [0152.171] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0161.418] SetEvent (hEvent=0x9c8) returned 1 [0161.418] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0161.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RgWfaxbyNSn.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rgwfaxbynsn.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x748 [0161.989] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc00020bcf4 | out: lpMode=0xc00020bcf4) returned 0 [0162.176] GetFileType (hFile=0x748) returned 0x1 [0162.176] VirtualAlloc (lpAddress=0xc000332000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000332000 [0162.178] GetFileType (hFile=0x748) returned 0x1 [0162.178] GetFileInformationByHandle (in: hFile=0x748, lpFileInformation=0xc00020bd44 | out: lpFileInformation=0xc00020bd44) returned 1 [0162.178] GetFileInformationByHandleEx (in: hFile=0x748, FileInformationClass=0x9, lpFileInformation=0xc00020bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020bd28) returned 1 [0162.178] VirtualAlloc (lpAddress=0xc0005a2000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005a2000 [0162.182] ReadFile (in: hFile=0x748, lpBuffer=0xc0005a2000, nNumberOfBytesToRead=0x12254, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0005a2000*, lpNumberOfBytesRead=0xc00020bc04*=0x12054, lpOverlapped=0x0) returned 1 [0162.184] ReadFile (in: hFile=0x748, lpBuffer=0xc0005b4054, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0005b4054*, lpNumberOfBytesRead=0xc00020bc04*=0x0, lpOverlapped=0x0) returned 1 [0162.184] CloseHandle (hObject=0x748) returned 1 [0162.184] VirtualAlloc (lpAddress=0xc0005b6000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005b6000 [0162.189] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RgWfaxbyNSn.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rgwfaxbynsn.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x748 [0162.192] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc00020bd04 | out: lpMode=0xc00020bd04) returned 0 [0162.416] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0162.587] SetEvent (hEvent=0xa50) returned 1 [0162.587] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0163.640] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010128*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000401818, lpReserved=0x0 | out: lpBuffer=0xc000010128*, lpNumberOfCharsWritten=0xc000401818*=0x3) returned 1 [0163.640] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010130*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000377818, lpReserved=0x0 | out: lpBuffer=0xc000010130*, lpNumberOfCharsWritten=0xc000377818*=0x3) returned 1 [0163.641] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010136*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002a9818, lpReserved=0x0 | out: lpBuffer=0xc000010136*, lpNumberOfCharsWritten=0xc0002a9818*=0x3) returned 1 [0163.642] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010140*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0003af818, lpReserved=0x0 | out: lpBuffer=0xc000010140*, lpNumberOfCharsWritten=0xc0003af818*=0x3) returned 1 [0163.642] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010146*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002b3818, lpReserved=0x0 | out: lpBuffer=0xc000010146*, lpNumberOfCharsWritten=0xc0002b3818*=0x3) returned 1 [0163.644] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010150*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015d818, lpReserved=0x0 | out: lpBuffer=0xc000010150*, lpNumberOfCharsWritten=0xc00015d818*=0x3) returned 1 [0163.644] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0163.645] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010156*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012b818, lpReserved=0x0 | out: lpBuffer=0xc000010156*, lpNumberOfCharsWritten=0xc00012b818*=0x3) returned 1 [0163.646] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010170*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002d1818, lpReserved=0x0 | out: lpBuffer=0xc000010170*, lpNumberOfCharsWritten=0xc0002d1818*=0x3) returned 1 [0163.646] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010176*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002cb818, lpReserved=0x0 | out: lpBuffer=0xc000010176*, lpNumberOfCharsWritten=0xc0002cb818*=0x3) returned 1 [0163.647] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010180*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00024b818, lpReserved=0x0 | out: lpBuffer=0xc000010180*, lpNumberOfCharsWritten=0xc00024b818*=0x3) returned 1 [0163.648] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010186*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004b9818, lpReserved=0x0 | out: lpBuffer=0xc000010186*, lpNumberOfCharsWritten=0xc0004b9818*=0x3) returned 1 [0163.648] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010190*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000521818, lpReserved=0x0 | out: lpBuffer=0xc000010190*, lpNumberOfCharsWritten=0xc000521818*=0x3) returned 1 [0163.649] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010196*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002cd818, lpReserved=0x0 | out: lpBuffer=0xc000010196*, lpNumberOfCharsWritten=0xc0002cd818*=0x3) returned 1 [0163.650] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000301818, lpReserved=0x0 | out: lpBuffer=0xc0000101a0*, lpNumberOfCharsWritten=0xc000301818*=0x3) returned 1 [0163.650] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101a6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00012d818, lpReserved=0x0 | out: lpBuffer=0xc0000101a6*, lpNumberOfCharsWritten=0xc00012d818*=0x3) returned 1 [0163.651] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0003a5818, lpReserved=0x0 | out: lpBuffer=0xc0000101b0*, lpNumberOfCharsWritten=0xc0003a5818*=0x3) returned 1 [0163.652] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101b6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00038d818, lpReserved=0x0 | out: lpBuffer=0xc0000101b6*, lpNumberOfCharsWritten=0xc00038d818*=0x3) returned 1 [0163.652] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000101c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00015b818, lpReserved=0x0 | out: lpBuffer=0xc0000101c0*, lpNumberOfCharsWritten=0xc00015b818*=0x3) returned 1 [0163.653] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000040090*, nNumberOfCharsToWrite=0x48, lpNumberOfCharsWritten=0xc0002b1808, lpReserved=0x0 | out: lpBuffer=0xc000040090*, lpNumberOfCharsWritten=0xc0002b1808*=0x48) returned 1 [0163.654] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1c01 | out: pbBuffer=0xc0000e1c01) returned 1 [0163.654] VirtualAlloc (lpAddress=0xc000282000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000282000 [0163.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0166.391] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0002b1d64 | out: lpMode=0xc0002b1d64) returned 0 [0166.473] GetFileType (hFile=0x6a4) returned 0x1 [0166.473] WriteFile (in: hFile=0x6a4, lpBuffer=0xc0001218c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002b1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001218c0*, lpNumberOfBytesWritten=0xc0002b1d4c*=0x158, lpOverlapped=0x0) returned 1 [0166.476] CloseHandle (hObject=0x6a4) returned 1 [0166.476] VirtualAlloc (lpAddress=0xc00030e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030e000 [0166.480] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0166.995] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0167.067] SetEvent (hEvent=0xa60) returned 1 [0167.067] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0167.077] SetEvent (hEvent=0xc80) returned 1 [0167.077] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0167.115] SetEvent (hEvent=0xa10) returned 1 [0167.116] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) returned 0x0 [0167.123] SetEvent (hEvent=0xa10) returned 1 [0167.123] SetEvent (hEvent=0xa80) returned 1 [0167.123] VirtualFree (lpAddress=0xc0003ca000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.124] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.125] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.127] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.128] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.128] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.129] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc058*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000379818, lpReserved=0x0 | out: lpBuffer=0xc0000bc058*, lpNumberOfCharsWritten=0xc000379818*=0x3) returned 1 [0167.133] SetEvent (hEvent=0xa80) returned 1 [0167.134] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d6000*, nNumberOfCharsToWrite=0x49, lpNumberOfCharsWritten=0xc0001d3808, lpReserved=0x0 | out: lpBuffer=0xc0003d6000*, lpNumberOfCharsWritten=0xc0001d3808*=0x49) returned 1 [0167.136] SetEvent (hEvent=0xa80) returned 1 [0167.136] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0167.138] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c8090*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0001d3808, lpReserved=0x0 | out: lpBuffer=0xc0000c8090*, lpNumberOfCharsWritten=0xc0001d3808*=0x11) returned 1 [0167.140] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c80c0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0001d3808, lpReserved=0x0 | out: lpBuffer=0xc0000c80c0*, lpNumberOfCharsWritten=0xc0001d3808*=0x11) returned 1 [0167.143] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-My Music" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-my music"), dwFlags=0x1) returned 1 [0167.378] WaitForSingleObject (hHandle=0x990, dwMilliseconds=0xffffffff) Thread: id = 111 os_tid = 0x150 [0141.875] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x34b3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x34b3fea0*=0x5a4) returned 1 [0141.875] VirtualQuery (in: lpAddress=0x34b3fec0, lpBuffer=0x34b3fec0, dwLength=0x30 | out: lpBuffer=0x34b3fec0*(BaseAddress=0x34b3f000, AllocationBase=0x34940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Rd9uI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rd9ui.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5b0 [0141.877] GetConsoleMode (in: hConsoleHandle=0x5b0, lpMode=0xc0003e9cf4 | out: lpMode=0xc0003e9cf4) returned 0 [0141.879] GetFileType (hFile=0x5b0) returned 0x1 [0141.879] GetFileType (hFile=0x5b0) returned 0x1 [0141.879] GetFileInformationByHandle (in: hFile=0x5b0, lpFileInformation=0xc0003e9d44 | out: lpFileInformation=0xc0003e9d44) returned 1 [0141.879] GetFileInformationByHandleEx (in: hFile=0x5b0, FileInformationClass=0x9, lpFileInformation=0xc0003e9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003e9d28) returned 1 [0141.879] ReadFile (in: hFile=0x5b0, lpBuffer=0xc0000f0600, nNumberOfBytesToRead=0x5d5, lpNumberOfBytesRead=0xc0003e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0600*, lpNumberOfBytesRead=0xc0003e9c04*=0x3d5, lpOverlapped=0x0) returned 1 [0142.638] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x998 [0142.639] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x99c [0142.639] WaitForSingleObject (hHandle=0x998, dwMilliseconds=0xffffffff) returned 0x0 [0143.702] ReadFile (in: hFile=0x5b0, lpBuffer=0xc0000f09d5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f09d5*, lpNumberOfBytesRead=0xc0003e9c04*=0x0, lpOverlapped=0x0) returned 1 [0143.702] CloseHandle (hObject=0x5b0) returned 1 [0143.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Rd9uI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rd9ui.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x698 [0143.744] GetConsoleMode (in: hConsoleHandle=0x698, lpMode=0xc0003e9d04 | out: lpMode=0xc0003e9d04) returned 0 [0143.746] WaitForSingleObject (hHandle=0x998, dwMilliseconds=0xffffffff) returned 0x0 [0144.582] SetEvent (hEvent=0xc04) returned 1 [0144.582] WaitForSingleObject (hHandle=0x998, dwMilliseconds=0xffffffff) Thread: id = 112 os_tid = 0x284 [0141.880] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x34d3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x34d3fea0*=0x5b4) returned 1 [0141.880] VirtualQuery (in: lpAddress=0x34d3fec0, lpBuffer=0x34d3fec0, dwLength=0x30 | out: lpBuffer=0x34d3fec0*(BaseAddress=0x34d3f000, AllocationBase=0x34b40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XGa8DIo5V.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xga8dio5v.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5b8 [0141.881] GetConsoleMode (in: hConsoleHandle=0x5b8, lpMode=0xc000413cf4 | out: lpMode=0xc000413cf4) returned 0 [0141.883] GetFileType (hFile=0x5b8) returned 0x1 [0141.883] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0141.885] GetFileType (hFile=0x5b8) returned 0x1 [0141.885] GetFileInformationByHandle (in: hFile=0x5b8, lpFileInformation=0xc000413d44 | out: lpFileInformation=0xc000413d44) returned 1 [0141.885] GetFileInformationByHandleEx (in: hFile=0x5b8, FileInformationClass=0x9, lpFileInformation=0xc000413d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000413d28) returned 1 [0141.885] ReadFile (in: hFile=0x5b8, lpBuffer=0xc000186c00, nNumberOfBytesToRead=0x5ed, lpNumberOfBytesRead=0xc000413c04, lpOverlapped=0x0 | out: lpBuffer=0xc000186c00*, lpNumberOfBytesRead=0xc000413c04*=0x3ed, lpOverlapped=0x0) returned 1 [0142.640] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9a0 [0142.640] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9a4 [0142.640] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0143.738] ReadFile (in: hFile=0x5b8, lpBuffer=0xc000186fed, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000413c04, lpOverlapped=0x0 | out: lpBuffer=0xc000186fed*, lpNumberOfBytesRead=0xc000413c04*=0x0, lpOverlapped=0x0) returned 1 [0143.738] CloseHandle (hObject=0x5b8) returned 1 [0143.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XGa8DIo5V.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xga8dio5v.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6ac [0143.757] GetConsoleMode (in: hConsoleHandle=0x6ac, lpMode=0xc000413d04 | out: lpMode=0xc000413d04) returned 0 [0143.764] GetFileType (hFile=0x6ac) returned 0x1 [0143.764] WriteFile (in: hFile=0x6ac, lpBuffer=0xc0007e8800*, nNumberOfBytesToWrite=0x3f0, lpNumberOfBytesWritten=0xc000413cec, lpOverlapped=0x0 | out: lpBuffer=0xc0007e8800*, lpNumberOfBytesWritten=0xc000413cec*=0x3f0, lpOverlapped=0x0) returned 1 [0143.765] CloseHandle (hObject=0x6ac) returned 1 [0143.774] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0144.619] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b501 | out: pbBuffer=0xc00031b501) returned 1 [0144.620] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XGa8DIo5V.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xga8dio5v.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c [0144.620] GetConsoleMode (in: hConsoleHandle=0x48c, lpMode=0xc000413d64 | out: lpMode=0xc000413d64) returned 0 [0144.623] GetFileType (hFile=0x48c) returned 0x1 [0144.623] WriteFile (in: hFile=0x48c, lpBuffer=0xc00007f8c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000413d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007f8c0*, lpNumberOfBytesWritten=0xc000413d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.623] CloseHandle (hObject=0x48c) returned 1 [0144.623] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XGa8DIo5V.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xga8dio5v.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-XGa8DIo5V.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-xga8dio5v.lnk"), dwFlags=0x1) returned 1 [0144.625] SetEvent (hEvent=0xa50) returned 1 [0144.625] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0144.627] SetEvent (hEvent=0xc6c) returned 1 [0144.627] SetEvent (hEvent=0xc14) returned 1 [0144.627] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0144.634] SetEvent (hEvent=0x264) returned 1 [0144.634] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0145.925] SetEvent (hEvent=0xae8) returned 1 [0145.925] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0145.931] SetEvent (hEvent=0xb50) returned 1 [0145.931] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Internet Explorer (No Add-ons).lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\internet explorer (no add-ons).lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0145.932] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00012dcf4 | out: lpMode=0xc00012dcf4) returned 0 [0145.933] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0146.171] SetEvent (hEvent=0xa80) returned 1 [0146.171] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0146.173] SetEvent (hEvent=0xa80) returned 1 [0146.173] SetEvent (hEvent=0xb58) returned 1 [0146.173] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0146.181] SetEvent (hEvent=0xa20) returned 1 [0146.181] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0148.075] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0148.076] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0148.077] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0148.077] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0148.078] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0148.079] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0148.081] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0148.081] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0148.082] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0148.083] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0148.083] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0148.085] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0148.086] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0148.089] SetEvent (hEvent=0xbf0) returned 1 [0148.089] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0148.093] SetEvent (hEvent=0xbf0) returned 1 [0148.093] SetEvent (hEvent=0xb48) returned 1 [0148.093] SetEvent (hEvent=0x8b8) returned 1 [0148.093] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0149.398] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0149.453] SetEvent (hEvent=0xc24) returned 1 [0149.454] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0149.459] SetEvent (hEvent=0xc24) returned 1 [0149.459] SetEvent (hEvent=0xbf0) returned 1 [0149.459] VirtualFree (lpAddress=0xc001000000, dwSize=0x22a000, dwFreeType=0x4000) returned 1 [0149.477] VirtualFree (lpAddress=0xc000c00000, dwSize=0x400000, dwFreeType=0x4000) returned 1 [0149.506] VirtualFree (lpAddress=0xc000828000, dwSize=0x3d8000, dwFreeType=0x4000) returned 1 [0149.538] VirtualFree (lpAddress=0xc0006ce000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0149.539] VirtualFree (lpAddress=0xc000604000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0149.540] VirtualFree (lpAddress=0xc00058e000, dwSize=0x68000, dwFreeType=0x4000) returned 1 [0149.544] VirtualFree (lpAddress=0xc00056a000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0149.545] VirtualFree (lpAddress=0xc000542000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0149.547] VirtualFree (lpAddress=0xc000514000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0149.548] VirtualFree (lpAddress=0xc0004e0000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0149.550] VirtualFree (lpAddress=0xc000498000, dwSize=0x40000, dwFreeType=0x4000) returned 1 [0149.553] VirtualFree (lpAddress=0xc0003f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.554] VirtualFree (lpAddress=0xc0003d4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.554] VirtualFree (lpAddress=0xc0003c8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.555] VirtualFree (lpAddress=0xc0003a8000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0149.561] VirtualFree (lpAddress=0xc000372000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.562] VirtualFree (lpAddress=0xc000346000, dwSize=0x2a000, dwFreeType=0x4000) returned 1 [0149.563] VirtualFree (lpAddress=0xc000340000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0149.565] VirtualFree (lpAddress=0xc00033c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.566] VirtualFree (lpAddress=0xc00032a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0149.567] VirtualFree (lpAddress=0xc000326000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.568] VirtualFree (lpAddress=0xc000318000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.569] VirtualFree (lpAddress=0xc000310000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0149.570] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0149.572] VirtualFree (lpAddress=0xc0002ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.572] VirtualFree (lpAddress=0xc0002e2000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0149.573] VirtualFree (lpAddress=0xc0002d0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.574] VirtualFree (lpAddress=0xc0002c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.575] VirtualFree (lpAddress=0xc0002b6000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0149.576] VirtualFree (lpAddress=0xc00028c000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0149.578] VirtualFree (lpAddress=0xc000288000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.579] VirtualFree (lpAddress=0xc00027c000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0149.580] VirtualFree (lpAddress=0xc00026a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.580] VirtualFree (lpAddress=0xc00025a000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0149.582] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.582] VirtualFree (lpAddress=0xc000234000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0149.583] VirtualFree (lpAddress=0xc000230000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.584] VirtualFree (lpAddress=0xc000220000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0149.585] VirtualFree (lpAddress=0xc00021a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0149.586] VirtualFree (lpAddress=0xc000202000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.587] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.588] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.589] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.589] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.590] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.591] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.592] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.593] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.594] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.595] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.596] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0149.597] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.598] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.599] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.600] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.601] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.601] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.602] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.603] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0028*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002d5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0028*, lpNumberOfCharsWritten=0xc0002d5818*=0x3) returned 1 [0149.610] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0149.635] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) returned 0x0 [0149.686] SetEvent (hEvent=0xb60) returned 1 [0149.686] WaitForSingleObject (hHandle=0x9a0, dwMilliseconds=0xffffffff) Thread: id = 113 os_tid = 0x74c [0141.889] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x34f3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x34f3fea0*=0x5bc) returned 1 [0141.889] VirtualQuery (in: lpAddress=0x34f3fec0, lpBuffer=0x34f3fec0, dwLength=0x30 | out: lpBuffer=0x34f3fec0*(BaseAddress=0x34f3f000, AllocationBase=0x34d40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IVEiiNEKbFiWetwReL-r.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iveiinekbfiwetwrel-r.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5c0 [0141.891] GetConsoleMode (in: hConsoleHandle=0x5c0, lpMode=0xc0003afcf4 | out: lpMode=0xc0003afcf4) returned 0 [0141.892] GetFileType (hFile=0x5c0) returned 0x1 [0141.892] GetFileType (hFile=0x5c0) returned 0x1 [0141.892] GetFileInformationByHandle (in: hFile=0x5c0, lpFileInformation=0xc0003afd44 | out: lpFileInformation=0xc0003afd44) returned 1 [0141.892] GetFileInformationByHandleEx (in: hFile=0x5c0, FileInformationClass=0x9, lpFileInformation=0xc0003afd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003afd28) returned 1 [0141.892] VirtualAlloc (lpAddress=0xc00028e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028e000 [0141.894] ReadFile (in: hFile=0x5c0, lpBuffer=0xc00028e000, nNumberOfBytesToRead=0x1bf9, lpNumberOfBytesRead=0xc0003afc04, lpOverlapped=0x0 | out: lpBuffer=0xc00028e000*, lpNumberOfBytesRead=0xc0003afc04*=0x19f9, lpOverlapped=0x0) returned 1 [0142.641] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9a8 [0142.641] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9ac [0142.641] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0143.754] ReadFile (in: hFile=0x5c0, lpBuffer=0xc00028f9f9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003afc04, lpOverlapped=0x0 | out: lpBuffer=0xc00028f9f9*, lpNumberOfBytesRead=0xc0003afc04*=0x0, lpOverlapped=0x0) returned 1 [0143.754] CloseHandle (hObject=0x5c0) returned 1 [0143.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IVEiiNEKbFiWetwReL-r.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iveiinekbfiwetwrel-r.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0143.783] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0144.276] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc0003afd04 | out: lpMode=0xc0003afd04) returned 0 [0144.281] GetFileType (hFile=0x848) returned 0x1 [0144.281] WriteFile (in: hFile=0x848, lpBuffer=0xc0002a9500*, nNumberOfBytesToWrite=0x1a00, lpNumberOfBytesWritten=0xc0003afcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a9500*, lpNumberOfBytesWritten=0xc0003afcec*=0x1a00, lpOverlapped=0x0) returned 1 [0144.283] CloseHandle (hObject=0x848) returned 1 [0144.283] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0144.283] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IVEiiNEKbFiWetwReL-r.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iveiinekbfiwetwrel-r.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0144.283] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc0003afd64 | out: lpMode=0xc0003afd64) returned 0 [0144.294] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0144.625] SetEvent (hEvent=0xc0) returned 1 [0144.626] GetFileType (hFile=0x848) returned 0x1 [0144.626] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0145.373] WriteFile (in: hFile=0x848, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003afd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc0003afd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.374] CloseHandle (hObject=0x848) returned 1 [0145.378] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0145.867] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IVEiiNEKbFiWetwReL-r.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iveiinekbfiwetwrel-r.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-IVEiiNEKbFiWetwReL-r.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-iveiinekbfiwetwrel-r.lnk"), dwFlags=0x1) returned 1 [0148.115] SetEvent (hEvent=0x8b8) returned 1 [0148.115] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0148.117] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0148.120] SetEvent (hEvent=0xbf0) returned 1 [0148.120] SetEvent (hEvent=0x9f0) returned 1 [0148.120] SwitchToThread () returned 1 [0148.121] SetEvent (hEvent=0xbf0) returned 1 [0148.122] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0148.128] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0148.261] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0148.262] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0148.262] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0148.263] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0148.264] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0148.265] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0148.266] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0148.266] SetEvent (hEvent=0xbf0) returned 1 [0148.266] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0018*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000443818, lpReserved=0x0 | out: lpBuffer=0xc0000a0018*, lpNumberOfCharsWritten=0xc000443818*=0x4) returned 1 [0148.267] SetEvent (hEvent=0xbf0) returned 1 [0148.267] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0030*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000031818, lpReserved=0x0 | out: lpBuffer=0xc0000a0030*, lpNumberOfCharsWritten=0xc000031818*=0x4) returned 1 [0148.268] SetEvent (hEvent=0xbf0) returned 1 [0148.268] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0038*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001d5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0038*, lpNumberOfCharsWritten=0xc0001d5818*=0x4) returned 1 [0148.269] SetEvent (hEvent=0xbf0) returned 1 [0148.269] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0040*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003b9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0040*, lpNumberOfCharsWritten=0xc0003b9818*=0x4) returned 1 [0148.270] SetEvent (hEvent=0xbf0) returned 1 [0148.270] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0048*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00023d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0048*, lpNumberOfCharsWritten=0xc00023d818*=0x4) returned 1 [0148.270] SetEvent (hEvent=0xbf0) returned 1 [0148.270] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0060*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000457818, lpReserved=0x0 | out: lpBuffer=0xc0000a0060*, lpNumberOfCharsWritten=0xc000457818*=0x4) returned 1 [0148.271] SetEvent (hEvent=0xbf0) returned 1 [0148.271] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0068*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000491818, lpReserved=0x0 | out: lpBuffer=0xc0000a0068*, lpNumberOfCharsWritten=0xc000491818*=0x4) returned 1 [0148.272] SetEvent (hEvent=0xbf0) returned 1 [0148.272] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0120*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00043f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0120*, lpNumberOfCharsWritten=0xc00043f818*=0x4) returned 1 [0148.272] SetEvent (hEvent=0xbf0) returned 1 [0148.272] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0128*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001cd818, lpReserved=0x0 | out: lpBuffer=0xc0000a0128*, lpNumberOfCharsWritten=0xc0001cd818*=0x4) returned 1 [0148.273] SetEvent (hEvent=0xbf0) returned 1 [0148.273] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0148.274] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0130*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004db818, lpReserved=0x0 | out: lpBuffer=0xc0000a0130*, lpNumberOfCharsWritten=0xc0004db818*=0x4) returned 1 [0148.275] SetEvent (hEvent=0xbf0) returned 1 [0148.275] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0138*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000141818, lpReserved=0x0 | out: lpBuffer=0xc0000a0138*, lpNumberOfCharsWritten=0xc000141818*=0x4) returned 1 [0148.275] SetEvent (hEvent=0xbf0) returned 1 [0148.276] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0140*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003c5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0140*, lpNumberOfCharsWritten=0xc0003c5818*=0x4) returned 1 [0148.276] SetEvent (hEvent=0xbf0) returned 1 [0148.276] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0148*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000439818, lpReserved=0x0 | out: lpBuffer=0xc0000a0148*, lpNumberOfCharsWritten=0xc000439818*=0x4) returned 1 [0148.277] SetEvent (hEvent=0xbf0) returned 1 [0148.277] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0160*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00024b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0160*, lpNumberOfCharsWritten=0xc00024b818*=0x4) returned 1 [0148.278] SetEvent (hEvent=0xbf0) returned 1 [0148.278] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0168*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00020f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0168*, lpNumberOfCharsWritten=0xc00020f818*=0x4) returned 1 [0148.278] SetEvent (hEvent=0xbf0) returned 1 [0148.278] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0170*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000173818, lpReserved=0x0 | out: lpBuffer=0xc0000a0170*, lpNumberOfCharsWritten=0xc000173818*=0x4) returned 1 [0148.279] SetEvent (hEvent=0xbf0) returned 1 [0148.279] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0178*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00042d818, lpReserved=0x0 | out: lpBuffer=0xc0000a0178*, lpNumberOfCharsWritten=0xc00042d818*=0x4) returned 1 [0148.280] SetEvent (hEvent=0xbf0) returned 1 [0148.280] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0190*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00048b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0190*, lpNumberOfCharsWritten=0xc00048b818*=0x4) returned 1 [0148.280] SetEvent (hEvent=0xbf0) returned 1 [0148.280] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0198*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001c7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0198*, lpNumberOfCharsWritten=0xc0001c7818*=0x4) returned 1 [0148.281] SetEvent (hEvent=0xbf0) returned 1 [0148.281] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00029f818, lpReserved=0x0 | out: lpBuffer=0xc0000a01a0*, lpNumberOfCharsWritten=0xc00029f818*=0x4) returned 1 [0148.282] SetEvent (hEvent=0xbf0) returned 1 [0148.282] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00018b818, lpReserved=0x0 | out: lpBuffer=0xc0000a01a8*, lpNumberOfCharsWritten=0xc00018b818*=0x4) returned 1 [0148.282] SetEvent (hEvent=0xbf0) returned 1 [0148.282] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002df818, lpReserved=0x0 | out: lpBuffer=0xc0000a01b0*, lpNumberOfCharsWritten=0xc0002df818*=0x4) returned 1 [0148.283] SetEvent (hEvent=0xbf0) returned 1 [0148.283] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00038b818, lpReserved=0x0 | out: lpBuffer=0xc0000a01b8*, lpNumberOfCharsWritten=0xc00038b818*=0x4) returned 1 [0148.285] SetEvent (hEvent=0xbf0) returned 1 [0148.285] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002d3818, lpReserved=0x0 | out: lpBuffer=0xc0000a01c0*, lpNumberOfCharsWritten=0xc0002d3818*=0x4) returned 1 [0148.285] SetEvent (hEvent=0xbf0) returned 1 [0148.285] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01c8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003bd818, lpReserved=0x0 | out: lpBuffer=0xc0000a01c8*, lpNumberOfCharsWritten=0xc0003bd818*=0x4) returned 1 [0148.286] SetEvent (hEvent=0xbf0) returned 1 [0148.286] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0148.287] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00045b818, lpReserved=0x0 | out: lpBuffer=0xc0000a01d0*, lpNumberOfCharsWritten=0xc00045b818*=0x4) returned 1 [0148.287] SetEvent (hEvent=0xbf0) returned 1 [0148.288] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586348*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000035818, lpReserved=0x0 | out: lpBuffer=0xc000586348*, lpNumberOfCharsWritten=0xc000035818*=0x4) returned 1 [0148.288] SetEvent (hEvent=0xbf0) returned 1 [0148.288] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586350*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000243818, lpReserved=0x0 | out: lpBuffer=0xc000586350*, lpNumberOfCharsWritten=0xc000243818*=0x4) returned 1 [0148.289] SetEvent (hEvent=0xbf0) returned 1 [0148.289] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586358*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001bb818, lpReserved=0x0 | out: lpBuffer=0xc000586358*, lpNumberOfCharsWritten=0xc0001bb818*=0x4) returned 1 [0148.289] SetEvent (hEvent=0xbf0) returned 1 [0148.289] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586360*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001f3818, lpReserved=0x0 | out: lpBuffer=0xc000586360*, lpNumberOfCharsWritten=0xc0001f3818*=0x4) returned 1 [0148.290] SetEvent (hEvent=0xbf0) returned 1 [0148.290] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586368*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001a3818, lpReserved=0x0 | out: lpBuffer=0xc000586368*, lpNumberOfCharsWritten=0xc0001a3818*=0x4) returned 1 [0148.290] SetEvent (hEvent=0xbf0) returned 1 [0148.290] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586370*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00012d818, lpReserved=0x0 | out: lpBuffer=0xc000586370*, lpNumberOfCharsWritten=0xc00012d818*=0x4) returned 1 [0148.291] SetEvent (hEvent=0xbf0) returned 1 [0148.291] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586378*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000143818, lpReserved=0x0 | out: lpBuffer=0xc000586378*, lpNumberOfCharsWritten=0xc000143818*=0x4) returned 1 [0148.291] SetEvent (hEvent=0xbf0) returned 1 [0148.291] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00027b818, lpReserved=0x0 | out: lpBuffer=0xc0000a01d8*, lpNumberOfCharsWritten=0xc00027b818*=0x4) returned 1 [0148.292] SetEvent (hEvent=0xbf0) returned 1 [0148.292] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00015d818, lpReserved=0x0 | out: lpBuffer=0xc0000a01e0*, lpNumberOfCharsWritten=0xc00015d818*=0x4) returned 1 [0148.292] SetEvent (hEvent=0xbf0) returned 1 [0148.292] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586380*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00038d818, lpReserved=0x0 | out: lpBuffer=0xc000586380*, lpNumberOfCharsWritten=0xc00038d818*=0x4) returned 1 [0148.293] SetEvent (hEvent=0xbf0) returned 1 [0148.293] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586388*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00020d818, lpReserved=0x0 | out: lpBuffer=0xc000586388*, lpNumberOfCharsWritten=0xc00020d818*=0x4) returned 1 [0148.293] SetEvent (hEvent=0xbf0) returned 1 [0148.293] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01e8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000177818, lpReserved=0x0 | out: lpBuffer=0xc0000a01e8*, lpNumberOfCharsWritten=0xc000177818*=0x4) returned 1 [0148.294] SetEvent (hEvent=0xbf0) returned 1 [0148.294] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01f0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003a5818, lpReserved=0x0 | out: lpBuffer=0xc0000a01f0*, lpNumberOfCharsWritten=0xc0003a5818*=0x4) returned 1 [0148.294] SetEvent (hEvent=0xbf0) returned 1 [0148.294] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586390*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000277818, lpReserved=0x0 | out: lpBuffer=0xc000586390*, lpNumberOfCharsWritten=0xc000277818*=0x4) returned 1 [0148.295] SetEvent (hEvent=0xbf0) returned 1 [0148.295] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586398*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000049818, lpReserved=0x0 | out: lpBuffer=0xc000586398*, lpNumberOfCharsWritten=0xc000049818*=0x4) returned 1 [0148.295] SetEvent (hEvent=0xbf0) returned 1 [0148.295] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a01f8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000151818, lpReserved=0x0 | out: lpBuffer=0xc0000a01f8*, lpNumberOfCharsWritten=0xc000151818*=0x4) returned 1 [0148.296] SetEvent (hEvent=0xbf0) returned 1 [0148.296] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0200*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00048f818, lpReserved=0x0 | out: lpBuffer=0xc0000a0200*, lpNumberOfCharsWritten=0xc00048f818*=0x4) returned 1 [0148.296] SetEvent (hEvent=0xbf0) returned 1 [0148.297] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0208*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001a5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0208*, lpNumberOfCharsWritten=0xc0001a5818*=0x4) returned 1 [0148.297] SetEvent (hEvent=0xbf0) returned 1 [0148.297] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0230*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001d1818, lpReserved=0x0 | out: lpBuffer=0xc0000a0230*, lpNumberOfCharsWritten=0xc0001d1818*=0x4) returned 1 [0148.297] SetEvent (hEvent=0xbf0) returned 1 [0148.297] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00010c140*, nNumberOfCharsToWrite=0x92, lpNumberOfCharsWritten=0xc000135808, lpReserved=0x0 | out: lpBuffer=0xc00010c140*, lpNumberOfCharsWritten=0xc000135808*=0x92) returned 1 [0148.298] SetEvent (hEvent=0xbf0) returned 1 [0148.299] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b201 | out: pbBuffer=0xc00031b201) returned 1 [0148.299] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0148.300] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x668 [0148.300] GetConsoleMode (in: hConsoleHandle=0x668, lpMode=0xc000135d64 | out: lpMode=0xc000135d64) returned 0 [0148.301] GetFileType (hFile=0x668) returned 0x1 [0148.301] WriteFile (in: hFile=0x668, lpBuffer=0xc000124840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000135d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000124840*, lpNumberOfBytesWritten=0xc000135d4c*=0x158, lpOverlapped=0x0) returned 1 [0149.314] CloseHandle (hObject=0x668) returned 1 [0149.376] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0149.377] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\encry-Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0150.820] SetEvent (hEvent=0x274) returned 1 [0150.820] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0150.838] SetEvent (hEvent=0xb50) returned 1 [0150.838] SetEvent (hEvent=0x274) returned 1 [0150.838] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0151.037] SetEvent (hEvent=0xb50) returned 1 [0151.037] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Bq NMVPj7nVIWKjV9Ya.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bq nmvpj7nviwkjv9ya.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x750 [0151.038] GetConsoleMode (in: hConsoleHandle=0x750, lpMode=0xc000415cf4 | out: lpMode=0xc000415cf4) returned 0 [0151.039] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0151.472] GetFileType (hFile=0x750) returned 0x1 [0151.472] GetFileType (hFile=0x750) returned 0x1 [0151.472] GetFileInformationByHandle (in: hFile=0x750, lpFileInformation=0xc000415d44 | out: lpFileInformation=0xc000415d44) returned 1 [0151.473] GetFileInformationByHandleEx (in: hFile=0x750, FileInformationClass=0x9, lpFileInformation=0xc000415d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000415d28) returned 1 [0151.473] VirtualAlloc (lpAddress=0xc000358000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000358000 [0151.474] ReadFile (in: hFile=0x750, lpBuffer=0xc000358000, nNumberOfBytesToRead=0x15b67, lpNumberOfBytesRead=0xc000415c04, lpOverlapped=0x0 | out: lpBuffer=0xc000358000*, lpNumberOfBytesRead=0xc000415c04*=0x15967, lpOverlapped=0x0) returned 1 [0151.477] ReadFile (in: hFile=0x750, lpBuffer=0xc00036d967, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000415c04, lpOverlapped=0x0 | out: lpBuffer=0xc00036d967*, lpNumberOfBytesRead=0xc000415c04*=0x0, lpOverlapped=0x0) returned 1 [0151.477] CloseHandle (hObject=0x750) returned 1 [0151.477] VirtualAlloc (lpAddress=0xc000556000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000556000 [0151.482] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Bq NMVPj7nVIWKjV9Ya.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bq nmvpj7nviwkjv9ya.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x750 [0151.485] GetConsoleMode (in: hConsoleHandle=0x750, lpMode=0xc000415d04 | out: lpMode=0xc000415d04) returned 0 [0151.494] GetFileType (hFile=0x750) returned 0x1 [0151.494] WriteFile (in: hFile=0x750, lpBuffer=0xc000556000*, nNumberOfBytesToWrite=0x15970, lpNumberOfBytesWritten=0xc000415cec, lpOverlapped=0x0 | out: lpBuffer=0xc000556000*, lpNumberOfBytesWritten=0xc000415cec*=0x15970, lpOverlapped=0x0) returned 1 [0151.499] CloseHandle (hObject=0x750) returned 1 [0151.500] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533501 | out: pbBuffer=0xc000533501) returned 1 [0151.500] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Bq NMVPj7nVIWKjV9Ya.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bq nmvpj7nviwkjv9ya.m4a"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x750 [0151.500] GetConsoleMode (in: hConsoleHandle=0x750, lpMode=0xc000415d64 | out: lpMode=0xc000415d64) returned 0 [0151.508] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0151.998] GetFileType (hFile=0x750) returned 0x1 [0151.998] WriteFile (in: hFile=0x750, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000415d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000415d4c*=0x158, lpOverlapped=0x0) returned 1 [0151.998] CloseHandle (hObject=0x750) returned 1 [0151.998] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Bq NMVPj7nVIWKjV9Ya.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bq nmvpj7nviwkjv9ya.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-Bq NMVPj7nVIWKjV9Ya.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-bq nmvpj7nviwkjv9ya.m4a"), dwFlags=0x1) returned 1 [0152.022] SetEvent (hEvent=0xab8) returned 1 [0152.022] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0152.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\VH3znN.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\vh3znn.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7c4 [0152.043] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc00041dcf4 | out: lpMode=0xc00041dcf4) returned 0 [0152.047] GetFileType (hFile=0x7c4) returned 0x1 [0152.047] GetFileType (hFile=0x7c4) returned 0x1 [0152.047] GetFileInformationByHandle (in: hFile=0x7c4, lpFileInformation=0xc00041dd44 | out: lpFileInformation=0xc00041dd44) returned 1 [0152.047] GetFileInformationByHandleEx (in: hFile=0x7c4, FileInformationClass=0x9, lpFileInformation=0xc00041dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00041dd28) returned 1 [0152.047] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0152.050] ReadFile (in: hFile=0x7c4, lpBuffer=0xc0002fe000, nNumberOfBytesToRead=0xad1d, lpNumberOfBytesRead=0xc00041dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fe000*, lpNumberOfBytesRead=0xc00041dc04*=0xab1d, lpOverlapped=0x0) returned 1 [0152.052] ReadFile (in: hFile=0x7c4, lpBuffer=0xc000308b1d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00041dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000308b1d*, lpNumberOfBytesRead=0xc00041dc04*=0x0, lpOverlapped=0x0) returned 1 [0152.052] CloseHandle (hObject=0x7c4) returned 1 [0152.052] VirtualAlloc (lpAddress=0xc00032a000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032a000 [0152.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\VH3znN.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\vh3znn.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0152.057] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc00041dd04 | out: lpMode=0xc00041dd04) returned 0 [0152.101] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0152.308] SetEvent (hEvent=0x354) returned 1 [0152.308] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0152.309] SetEvent (hEvent=0x354) returned 1 [0152.309] SetEvent (hEvent=0x9f0) returned 1 [0152.309] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0152.321] SetEvent (hEvent=0x9f0) returned 1 [0152.321] SetEvent (hEvent=0x1a0) returned 1 [0152.321] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0152.332] SetEvent (hEvent=0x9f0) returned 1 [0152.332] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wOX68Cxezv6Oloa.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wox68cxezv6oloa.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d0 [0152.333] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc000197cf4 | out: lpMode=0xc000197cf4) returned 0 [0152.338] GetFileType (hFile=0x3d0) returned 0x1 [0152.338] GetFileType (hFile=0x3d0) returned 0x1 [0152.338] GetFileInformationByHandle (in: hFile=0x3d0, lpFileInformation=0xc000197d44 | out: lpFileInformation=0xc000197d44) returned 1 [0152.338] GetFileInformationByHandleEx (in: hFile=0x3d0, FileInformationClass=0x9, lpFileInformation=0xc000197d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000197d28) returned 1 [0152.338] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0152.339] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0152.341] ReadFile (in: hFile=0x3d0, lpBuffer=0xc000168000, nNumberOfBytesToRead=0x5506, lpNumberOfBytesRead=0xc000197c04, lpOverlapped=0x0 | out: lpBuffer=0xc000168000*, lpNumberOfBytesRead=0xc000197c04*=0x5306, lpOverlapped=0x0) returned 1 [0152.342] ReadFile (in: hFile=0x3d0, lpBuffer=0xc00016d306, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000197c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016d306*, lpNumberOfBytesRead=0xc000197c04*=0x0, lpOverlapped=0x0) returned 1 [0152.342] CloseHandle (hObject=0x3d0) returned 1 [0152.342] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0152.345] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wOX68Cxezv6Oloa.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wox68cxezv6oloa.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0152.346] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc000197d04 | out: lpMode=0xc000197d04) returned 0 [0152.347] GetFileType (hFile=0x3d0) returned 0x1 [0152.347] WriteFile (in: hFile=0x3d0, lpBuffer=0xc0002fe000*, nNumberOfBytesToWrite=0x5310, lpNumberOfBytesWritten=0xc000197cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002fe000*, lpNumberOfBytesWritten=0xc000197cec*=0x5310, lpOverlapped=0x0) returned 1 [0152.349] CloseHandle (hObject=0x3d0) returned 1 [0152.349] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0152.349] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0152.350] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0152.351] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0152.352] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0152.354] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0152.355] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\wOX68Cxezv6Oloa.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wox68cxezv6oloa.pptx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0152.355] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc000197d64 | out: lpMode=0xc000197d64) returned 0 [0152.356] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0152.931] SetEvent (hEvent=0x9f0) returned 1 [0152.932] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0152.946] VirtualFree (lpAddress=0xc000204000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.947] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.948] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.951] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.952] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.953] VirtualFree (lpAddress=0xc00004e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0152.954] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.954] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.955] SetEvent (hEvent=0xbd0) returned 1 [0152.955] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0152.970] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0152.971] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bjKx6gsVtGcVAin.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bjkx6gsvtgcvain.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x720 [0152.972] GetConsoleMode (in: hConsoleHandle=0x720, lpMode=0xc0002d3cf4 | out: lpMode=0xc0002d3cf4) returned 0 [0153.009] GetFileType (hFile=0x720) returned 0x1 [0153.009] GetFileType (hFile=0x720) returned 0x1 [0153.009] GetFileInformationByHandle (in: hFile=0x720, lpFileInformation=0xc0002d3d44 | out: lpFileInformation=0xc0002d3d44) returned 1 [0153.010] GetFileInformationByHandleEx (in: hFile=0x720, FileInformationClass=0x9, lpFileInformation=0xc0002d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d3d28) returned 1 [0153.010] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0153.011] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0153.015] ReadFile (in: hFile=0x720, lpBuffer=0xc0002fe000, nNumberOfBytesToRead=0xefeb, lpNumberOfBytesRead=0xc0002d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fe000*, lpNumberOfBytesRead=0xc0002d3c04*=0xedeb, lpOverlapped=0x0) returned 1 [0153.016] ReadFile (in: hFile=0x720, lpBuffer=0xc00030cdeb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030cdeb*, lpNumberOfBytesRead=0xc0002d3c04*=0x0, lpOverlapped=0x0) returned 1 [0153.017] CloseHandle (hObject=0x720) returned 1 [0153.017] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0153.018] VirtualAlloc (lpAddress=0xc0004ac000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004ac000 [0153.021] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bjKx6gsVtGcVAin.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bjkx6gsvtgcvain.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x720 [0153.048] GetConsoleMode (in: hConsoleHandle=0x720, lpMode=0xc0002d3d04 | out: lpMode=0xc0002d3d04) returned 0 [0153.059] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0153.189] GetFileType (hFile=0x720) returned 0x1 [0153.189] WriteFile (in: hFile=0x720, lpBuffer=0xc0004ac000*, nNumberOfBytesToWrite=0xedf0, lpNumberOfBytesWritten=0xc0002d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0004ac000*, lpNumberOfBytesWritten=0xc0002d3cec*=0xedf0, lpOverlapped=0x0) returned 1 [0153.193] CloseHandle (hObject=0x720) returned 1 [0153.193] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533a01 | out: pbBuffer=0xc000533a01) returned 1 [0153.193] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0153.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bjKx6gsVtGcVAin.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bjkx6gsvtgcvain.bmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x720 [0153.195] GetConsoleMode (in: hConsoleHandle=0x720, lpMode=0xc0002d3d64 | out: lpMode=0xc0002d3d64) returned 0 [0153.197] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0153.223] GetFileType (hFile=0x720) returned 0x1 [0153.223] WriteFile (in: hFile=0x720, lpBuffer=0xc000104000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesWritten=0xc0002d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.223] CloseHandle (hObject=0x720) returned 1 [0153.223] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bjKx6gsVtGcVAin.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bjkx6gsvtgcvain.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-bjKx6gsVtGcVAin.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-bjkx6gsvtgcvain.bmp"), dwFlags=0x1) returned 1 [0153.225] GetFileType (hFile=0x384) returned 0x1 [0153.225] GetFileType (hFile=0x384) returned 0x1 [0153.225] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc00014bd44 | out: lpFileInformation=0xc00014bd44) returned 1 [0153.225] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc00014bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014bd28) returned 1 [0153.225] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0153.227] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0153.228] ReadFile (in: hFile=0x384, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x1239, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc00014bc04*=0x1039, lpOverlapped=0x0) returned 1 [0153.257] ReadFile (in: hFile=0x384, lpBuffer=0xc000231039, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000231039*, lpNumberOfBytesRead=0xc00014bc04*=0x0, lpOverlapped=0x0) returned 1 [0153.258] CloseHandle (hObject=0x384) returned 1 [0153.258] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\X0WBB2qkG0k1puf.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\x0wbb2qkg0k1puf.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0153.259] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00014bd04 | out: lpMode=0xc00014bd04) returned 0 [0153.274] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0153.277] GetFileType (hFile=0x384) returned 0x1 [0153.277] WriteFile (in: hFile=0x384, lpBuffer=0xc000231300*, nNumberOfBytesToWrite=0x1040, lpNumberOfBytesWritten=0xc00014bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000231300*, lpNumberOfBytesWritten=0xc00014bcec*=0x1040, lpOverlapped=0x0) returned 1 [0153.279] CloseHandle (hObject=0x384) returned 1 [0153.279] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0153.280] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\X0WBB2qkG0k1puf.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\x0wbb2qkg0k1puf.mkv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0153.280] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00014bd64 | out: lpMode=0xc00014bd64) returned 0 [0153.292] GetFileType (hFile=0x384) returned 0x1 [0153.292] WriteFile (in: hFile=0x384, lpBuffer=0xc000104000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesWritten=0xc00014bd4c*=0x158, lpOverlapped=0x0) returned 1 [0153.293] CloseHandle (hObject=0x384) returned 1 [0153.293] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\X0WBB2qkG0k1puf.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\x0wbb2qkg0k1puf.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\encry-X0WBB2qkG0k1puf.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\encry-x0wbb2qkg0k1puf.mkv"), dwFlags=0x1) returned 1 [0153.295] SetEvent (hEvent=0x8d0) returned 1 [0153.295] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0153.359] SetEvent (hEvent=0x9f0) returned 1 [0153.359] SetEvent (hEvent=0x9e8) returned 1 [0153.359] SetEvent (hEvent=0x1b4) returned 1 [0153.359] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0153.364] SetEvent (hEvent=0x9f0) returned 1 [0153.364] SetEvent (hEvent=0x208) returned 1 [0153.364] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0153.376] SetEvent (hEvent=0x9f0) returned 1 [0153.376] SetEvent (hEvent=0x1b4) returned 1 [0153.377] SetEvent (hEvent=0xb58) returned 1 [0153.377] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0153.379] SetEvent (hEvent=0x43c) returned 1 [0153.379] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0153.400] SetEvent (hEvent=0x9f0) returned 1 [0153.400] SetEvent (hEvent=0xb58) returned 1 [0153.400] VirtualFree (lpAddress=0xc000346000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0153.402] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0153.403] VirtualFree (lpAddress=0xc000230000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0153.404] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.405] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.405] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0153.406] VirtualFree (lpAddress=0xc00006c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0153.407] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.408] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.409] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.410] SetEvent (hEvent=0x43c) returned 1 [0153.410] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0153.416] SetEvent (hEvent=0x9f0) returned 1 [0153.416] SetEvent (hEvent=0x100) returned 1 [0153.417] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0153.490] SetEvent (hEvent=0x208) returned 1 [0153.490] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0153.607] SetEvent (hEvent=0x9f0) returned 1 [0153.607] SetEvent (hEvent=0x100) returned 1 [0153.607] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0153.619] SetEvent (hEvent=0x9f0) returned 1 [0153.619] SwitchToThread () returned 1 [0153.631] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0153.739] SetEvent (hEvent=0x9f0) returned 1 [0153.739] SetEvent (hEvent=0x100) returned 1 [0153.739] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0153.740] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x678 [0153.741] GetConsoleMode (in: hConsoleHandle=0x678, lpMode=0xc0001d5cf4 | out: lpMode=0xc0001d5cf4) returned 0 [0153.759] GetFileType (hFile=0x678) returned 0x1 [0153.759] GetFileType (hFile=0x678) returned 0x1 [0153.759] GetFileInformationByHandle (in: hFile=0x678, lpFileInformation=0xc0001d5d44 | out: lpFileInformation=0xc0001d5d44) returned 1 [0153.759] GetFileInformationByHandleEx (in: hFile=0x678, FileInformationClass=0x9, lpFileInformation=0xc0001d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d5d28) returned 1 [0153.759] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x44000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0153.770] ReadFile (in: hFile=0x678, lpBuffer=0xc00058e000, nNumberOfBytesToRead=0x42600, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesRead=0xc0001d5c04*=0x42400, lpOverlapped=0x0) returned 1 [0153.798] ReadFile (in: hFile=0x678, lpBuffer=0xc0005d0400, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005d0400*, lpNumberOfBytesRead=0xc0001d5c04*=0x0, lpOverlapped=0x0) returned 1 [0153.798] CloseHandle (hObject=0x678) returned 1 [0153.798] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0153.800] VirtualAlloc (lpAddress=0xc000604000, dwSize=0x44000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000604000 [0153.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x678 [0153.819] GetConsoleMode (in: hConsoleHandle=0x678, lpMode=0xc0001d5d04 | out: lpMode=0xc0001d5d04) returned 0 [0153.826] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0153.835] SetEvent (hEvent=0x9f0) returned 1 [0153.836] GetFileType (hFile=0x678) returned 0x1 [0153.836] WriteFile (in: hFile=0x678, lpBuffer=0xc000604000*, nNumberOfBytesToWrite=0x42410, lpNumberOfBytesWritten=0xc0001d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000604000*, lpNumberOfBytesWritten=0xc0001d5cec*=0x42410, lpOverlapped=0x0) returned 1 [0153.851] CloseHandle (hObject=0x678) returned 1 [0153.851] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0153.851] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0153.853] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0153.854] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0153.856] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x678 [0153.856] GetConsoleMode (in: hConsoleHandle=0x678, lpMode=0xc0001d5d64 | out: lpMode=0xc0001d5d64) returned 0 [0153.885] GetFileType (hFile=0x678) returned 0x1 [0153.885] WriteFile (in: hFile=0x678, lpBuffer=0xc000284000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284000*, lpNumberOfBytesWritten=0xc0001d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.885] CloseHandle (hObject=0x678) returned 1 [0153.885] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0153.886] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\encry-voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\encry-voeimd@djhreuu.uhd.pst"), dwFlags=0x1) returned 1 [0153.887] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0153.888] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0153.890] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0153.891] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\XZs4zFMR9uZ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\xzs4zfmr9uz.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x678 [0153.892] GetConsoleMode (in: hConsoleHandle=0x678, lpMode=0xc0002ddcf4 | out: lpMode=0xc0002ddcf4) returned 0 [0153.903] GetFileType (hFile=0x678) returned 0x1 [0153.903] GetFileType (hFile=0x678) returned 0x1 [0153.903] GetFileInformationByHandle (in: hFile=0x678, lpFileInformation=0xc0002ddd44 | out: lpFileInformation=0xc0002ddd44) returned 1 [0153.903] GetFileInformationByHandleEx (in: hFile=0x678, FileInformationClass=0x9, lpFileInformation=0xc0002ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002ddd28) returned 1 [0153.903] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0153.918] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0153.921] ReadFile (in: hFile=0x678, lpBuffer=0xc000230000, nNumberOfBytesToRead=0xa0f6, lpNumberOfBytesRead=0xc0002ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc0002ddc04*=0x9ef6, lpOverlapped=0x0) returned 1 [0153.923] ReadFile (in: hFile=0x678, lpBuffer=0xc000239ef6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000239ef6*, lpNumberOfBytesRead=0xc0002ddc04*=0x0, lpOverlapped=0x0) returned 1 [0153.923] CloseHandle (hObject=0x678) returned 1 [0153.923] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0153.925] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0153.926] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0153.929] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\XZs4zFMR9uZ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\xzs4zfmr9uz.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x678 [0153.931] GetConsoleMode (in: hConsoleHandle=0x678, lpMode=0xc0002ddd04 | out: lpMode=0xc0002ddd04) returned 0 [0153.939] GetFileType (hFile=0x678) returned 0x1 [0153.939] WriteFile (in: hFile=0x678, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0x9f00, lpNumberOfBytesWritten=0xc0002ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc0002ddcec*=0x9f00, lpOverlapped=0x0) returned 1 [0153.943] CloseHandle (hObject=0x678) returned 1 [0153.943] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0153.943] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\XZs4zFMR9uZ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\xzs4zfmr9uz.rtf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x678 [0153.944] GetConsoleMode (in: hConsoleHandle=0x678, lpMode=0xc0002ddd64 | out: lpMode=0xc0002ddd64) returned 0 [0153.975] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0153.979] GetFileType (hFile=0x678) returned 0x1 [0153.979] WriteFile (in: hFile=0x678, lpBuffer=0xc000104420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104420*, lpNumberOfBytesWritten=0xc0002ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0153.979] CloseHandle (hObject=0x678) returned 1 [0153.980] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0153.981] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\XZs4zFMR9uZ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\xzs4zfmr9uz.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\r7rMtS6\\KwrrYDZuohOISdt\\encry-XZs4zFMR9uZ.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\r7rmts6\\kwrrydzuohoisdt\\encry-xzs4zfmr9uz.rtf"), dwFlags=0x1) returned 1 [0153.983] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0154.029] SetEvent (hEvent=0x100) returned 1 [0154.029] SwitchToThread () returned 1 [0154.034] GetFileType (hFile=0x8a4) returned 0x1 [0154.034] GetFileType (hFile=0x8a4) returned 0x1 [0154.035] GetFileInformationByHandle (in: hFile=0x8a4, lpFileInformation=0xc00048bd44 | out: lpFileInformation=0xc00048bd44) returned 1 [0154.035] GetFileInformationByHandleEx (in: hFile=0x8a4, FileInformationClass=0x9, lpFileInformation=0xc00048bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00048bd28) returned 1 [0154.035] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0154.037] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0154.040] ReadFile (in: hFile=0x8a4, lpBuffer=0xc0002e2000, nNumberOfBytesToRead=0xa2e8, lpNumberOfBytesRead=0xc00048bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesRead=0xc00048bc04*=0xa0e8, lpOverlapped=0x0) returned 1 [0154.042] ReadFile (in: hFile=0x8a4, lpBuffer=0xc0002ec0e8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00048bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ec0e8*, lpNumberOfBytesRead=0xc00048bc04*=0x0, lpOverlapped=0x0) returned 1 [0154.042] CloseHandle (hObject=0x8a4) returned 1 [0154.043] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0154.044] VirtualAlloc (lpAddress=0xc000036000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000036000 [0154.063] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0154.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\yhHe_4FFUOdFU932.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\yhhe_4ffuodfu932.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0154.070] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc00048bd04 | out: lpMode=0xc00048bd04) returned 0 [0154.080] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0154.085] GetFileType (hFile=0x8a4) returned 0x1 [0154.085] WriteFile (in: hFile=0x8a4, lpBuffer=0xc0002fe000*, nNumberOfBytesToWrite=0xa0f0, lpNumberOfBytesWritten=0xc00048bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002fe000*, lpNumberOfBytesWritten=0xc00048bcec*=0xa0f0, lpOverlapped=0x0) returned 1 [0154.087] CloseHandle (hObject=0x8a4) returned 1 [0154.088] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0154.088] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\yhHe_4FFUOdFU932.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\yhhe_4ffuodfu932.gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0154.088] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc00048bd64 | out: lpMode=0xc00048bd64) returned 0 [0154.103] GetFileType (hFile=0x8a4) returned 0x1 [0154.103] WriteFile (in: hFile=0x8a4, lpBuffer=0xc000104f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00048bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104f20*, lpNumberOfBytesWritten=0xc00048bd4c*=0x158, lpOverlapped=0x0) returned 1 [0154.103] CloseHandle (hObject=0x8a4) returned 1 [0154.104] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\yhHe_4FFUOdFU932.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\yhhe_4ffuodfu932.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-yhHe_4FFUOdFU932.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-yhhe_4ffuodfu932.gif"), dwFlags=0x1) returned 1 [0154.118] VirtualFree (lpAddress=0xc0004e0000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0154.120] VirtualFree (lpAddress=0xc0002e2000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0154.122] VirtualFree (lpAddress=0xc0002a4000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0154.123] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0154.124] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.125] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.126] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0154.128] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.129] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0154.130] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.131] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.132] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.132] VirtualFree (lpAddress=0xc000070000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0154.134] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.135] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.136] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0154.138] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0154.140] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0154.141] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0154.143] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\deITjFDVBGMK37.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\deitjfdvbgmk37.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x8a4 [0154.144] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc000257cf4 | out: lpMode=0xc000257cf4) returned 0 [0154.148] GetFileType (hFile=0x8a4) returned 0x1 [0154.149] GetFileType (hFile=0x8a4) returned 0x1 [0154.149] GetFileInformationByHandle (in: hFile=0x8a4, lpFileInformation=0xc000257d44 | out: lpFileInformation=0xc000257d44) returned 1 [0154.149] GetFileInformationByHandleEx (in: hFile=0x8a4, FileInformationClass=0x9, lpFileInformation=0xc000257d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000257d28) returned 1 [0154.149] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0154.153] ReadFile (in: hFile=0x8a4, lpBuffer=0xc0002e2000, nNumberOfBytesToRead=0x240b, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesRead=0xc000257c04*=0x220b, lpOverlapped=0x0) returned 1 [0154.154] ReadFile (in: hFile=0x8a4, lpBuffer=0xc0002e420b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000257c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e420b*, lpNumberOfBytesRead=0xc000257c04*=0x0, lpOverlapped=0x0) returned 1 [0154.154] CloseHandle (hObject=0x8a4) returned 1 [0154.154] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\deITjFDVBGMK37.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\deitjfdvbgmk37.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0154.156] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc000257d04 | out: lpMode=0xc000257d04) returned 0 [0154.188] GetFileType (hFile=0x8a4) returned 0x1 [0154.188] WriteFile (in: hFile=0x8a4, lpBuffer=0xc0002e4500*, nNumberOfBytesToWrite=0x2210, lpNumberOfBytesWritten=0xc000257cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002e4500*, lpNumberOfBytesWritten=0xc000257cec*=0x2210, lpOverlapped=0x0) returned 1 [0154.190] CloseHandle (hObject=0x8a4) returned 1 [0154.190] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0154.191] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0154.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\deITjFDVBGMK37.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\deitjfdvbgmk37.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0154.192] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc000257d64 | out: lpMode=0xc000257d64) returned 0 [0154.211] GetFileType (hFile=0x8a4) returned 0x1 [0154.211] WriteFile (in: hFile=0x8a4, lpBuffer=0xc0002849a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000257d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002849a0*, lpNumberOfBytesWritten=0xc000257d4c*=0x158, lpOverlapped=0x0) returned 1 [0154.212] CloseHandle (hObject=0x8a4) returned 1 [0154.212] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0154.213] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0154.215] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\deITjFDVBGMK37.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\deitjfdvbgmk37.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\encry-deITjFDVBGMK37.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\encry-deitjfdvbgmk37.mp3"), dwFlags=0x1) returned 1 [0154.217] SwitchToThread () returned 1 [0154.219] SetEvent (hEvent=0x43c) returned 1 [0154.219] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0154.346] SetEvent (hEvent=0x8d0) returned 1 [0154.346] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0154.557] SetEvent (hEvent=0x9f0) returned 1 [0154.557] SetEvent (hEvent=0x43c) returned 1 [0154.557] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0154.795] SetEvent (hEvent=0x9f0) returned 1 [0154.795] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0154.797] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2fc [0154.798] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc000465cf4 | out: lpMode=0xc000465cf4) returned 0 [0154.867] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0154.960] GetFileType (hFile=0x2fc) returned 0x1 [0154.961] GetFileType (hFile=0x2fc) returned 0x1 [0154.961] GetFileInformationByHandle (in: hFile=0x2fc, lpFileInformation=0xc000465d44 | out: lpFileInformation=0xc000465d44) returned 1 [0154.961] GetFileInformationByHandleEx (in: hFile=0x2fc, FileInformationClass=0x9, lpFileInformation=0xc000465d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000465d28) returned 1 [0154.961] ReadFile (in: hFile=0x2fc, lpBuffer=0xc00002c2c0, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0xc000465c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c2c0*, lpNumberOfBytesRead=0xc000465c04*=0x85, lpOverlapped=0x0) returned 1 [0154.963] ReadFile (in: hFile=0x2fc, lpBuffer=0xc00002c345, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000465c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c345*, lpNumberOfBytesRead=0xc000465c04*=0x0, lpOverlapped=0x0) returned 1 [0154.963] CloseHandle (hObject=0x2fc) returned 1 [0154.964] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0154.966] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc000465d04 | out: lpMode=0xc000465d04) returned 0 [0154.991] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0155.003] GetFileType (hFile=0x2fc) returned 0x1 [0155.004] WriteFile (in: hFile=0x2fc, lpBuffer=0xc000040090*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc000465cec, lpOverlapped=0x0 | out: lpBuffer=0xc000040090*, lpNumberOfBytesWritten=0xc000465cec*=0x90, lpOverlapped=0x0) returned 1 [0155.009] CloseHandle (hObject=0x2fc) returned 1 [0155.010] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0155.010] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0155.010] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc000465d64 | out: lpMode=0xc000465d64) returned 0 [0155.068] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0155.214] GetFileType (hFile=0x2fc) returned 0x1 [0155.214] WriteFile (in: hFile=0x2fc, lpBuffer=0xc000104000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000465d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesWritten=0xc000465d4c*=0x158, lpOverlapped=0x0) returned 1 [0155.214] CloseHandle (hObject=0x2fc) returned 1 [0155.214] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msnbc news.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\encry-MSNBC News.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\encry-msnbc news.url"), dwFlags=0x1) returned 1 [0155.216] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2fc [0155.216] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc000065cf4 | out: lpMode=0xc000065cf4) returned 0 [0155.252] GetFileType (hFile=0x2fc) returned 0x1 [0155.252] GetFileType (hFile=0x2fc) returned 0x1 [0155.252] GetFileInformationByHandle (in: hFile=0x2fc, lpFileInformation=0xc000065d44 | out: lpFileInformation=0xc000065d44) returned 1 [0155.252] GetFileInformationByHandleEx (in: hFile=0x2fc, FileInformationClass=0x9, lpFileInformation=0xc000065d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000065d28) returned 1 [0155.252] ReadFile (in: hFile=0x2fc, lpBuffer=0xc00002c000, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c000*, lpNumberOfBytesRead=0xc000065c04*=0x85, lpOverlapped=0x0) returned 1 [0155.254] ReadFile (in: hFile=0x2fc, lpBuffer=0xc00002c085, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000065c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c085*, lpNumberOfBytesRead=0xc000065c04*=0x0, lpOverlapped=0x0) returned 1 [0155.254] CloseHandle (hObject=0x2fc) returned 1 [0155.254] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0155.255] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc000065d04 | out: lpMode=0xc000065d04) returned 0 [0155.263] GetFileType (hFile=0x2fc) returned 0x1 [0155.263] WriteFile (in: hFile=0x2fc, lpBuffer=0xc0000781b0*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc000065cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000781b0*, lpNumberOfBytesWritten=0xc000065cec*=0x90, lpOverlapped=0x0) returned 1 [0155.265] CloseHandle (hObject=0x2fc) returned 1 [0155.265] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0155.265] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0155.265] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc000065d64 | out: lpMode=0xc000065d64) returned 0 [0155.280] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0155.354] GetFileType (hFile=0x2fc) returned 0x1 [0155.355] WriteFile (in: hFile=0x2fc, lpBuffer=0xc000104b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000065d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104b00*, lpNumberOfBytesWritten=0xc000065d4c*=0x158, lpOverlapped=0x0) returned 1 [0155.355] CloseHandle (hObject=0x2fc) returned 1 [0155.355] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0155.357] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live gallery.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\encry-Windows Live Gallery.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\encry-windows live gallery.url"), dwFlags=0x1) returned 1 [0155.358] SetEvent (hEvent=0x43c) returned 1 [0155.358] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0161.239] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0161.240] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0161.241] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\IsNsA90uev.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\isnsa90uev.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x494 [0162.058] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc00015bcf4 | out: lpMode=0xc00015bcf4) returned 0 [0162.410] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) returned 0x0 [0162.584] SetEvent (hEvent=0x9f0) returned 1 [0162.584] WaitForSingleObject (hHandle=0x9a8, dwMilliseconds=0xffffffff) Thread: id = 114 os_tid = 0xa5c [0141.894] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3513fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3513fea0*=0x5c8) returned 1 [0141.894] VirtualQuery (in: lpAddress=0x3513fec0, lpBuffer=0x3513fec0, dwLength=0x30 | out: lpBuffer=0x3513fec0*(BaseAddress=0x3513f000, AllocationBase=0x34f40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.894] VirtualFree (lpAddress=0xc000308000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0141.895] SetEvent (hEvent=0x1dc) returned 1 [0141.895] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5cc [0141.895] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5d0 [0141.895] WaitForSingleObject (hHandle=0x5cc, dwMilliseconds=0xffffffff) returned 0x0 [0141.897] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5c4 [0141.898] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc000383cf4 | out: lpMode=0xc000383cf4) returned 0 [0141.900] GetFileType (hFile=0x5c4) returned 0x1 [0141.900] GetFileType (hFile=0x5c4) returned 0x1 [0141.900] GetFileInformationByHandle (in: hFile=0x5c4, lpFileInformation=0xc000383d44 | out: lpFileInformation=0xc000383d44) returned 1 [0141.900] GetFileInformationByHandleEx (in: hFile=0x5c4, FileInformationClass=0x9, lpFileInformation=0xc000383d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000383d28) returned 1 [0141.900] ReadFile (in: hFile=0x5c4, lpBuffer=0xc0002e4500, nNumberOfBytesToRead=0x2168, lpNumberOfBytesRead=0xc000383c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e4500*, lpNumberOfBytesRead=0xc000383c04*=0x1f68, lpOverlapped=0x0) returned 1 [0142.643] WaitForSingleObject (hHandle=0x5cc, dwMilliseconds=0xffffffff) returned 0x0 [0143.789] ReadFile (in: hFile=0x5c4, lpBuffer=0xc0002e6468, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000383c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e6468*, lpNumberOfBytesRead=0xc000383c04*=0x0, lpOverlapped=0x0) returned 1 [0143.789] CloseHandle (hObject=0x5c4) returned 1 [0143.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0143.791] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc000383d04 | out: lpMode=0xc000383d04) returned 0 [0143.796] GetFileType (hFile=0x5c4) returned 0x1 [0143.796] WriteFile (in: hFile=0x5c4, lpBuffer=0xc00005e000*, nNumberOfBytesToWrite=0x1f70, lpNumberOfBytesWritten=0xc000383cec, lpOverlapped=0x0 | out: lpBuffer=0xc00005e000*, lpNumberOfBytesWritten=0xc000383cec*=0x1f70, lpOverlapped=0x0) returned 1 [0143.798] CloseHandle (hObject=0x5c4) returned 1 [0143.798] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0143.798] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0143.798] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc000383d64 | out: lpMode=0xc000383d64) returned 0 [0143.802] GetFileType (hFile=0x5c4) returned 0x1 [0143.802] WriteFile (in: hFile=0x5c4, lpBuffer=0xc000682dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000383d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000682dc0*, lpNumberOfBytesWritten=0xc000383d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.803] CloseHandle (hObject=0x5c4) returned 1 [0143.803] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\590aee7bdd69b59b.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\590aee7bdd69b59b.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\encry-590aee7bdd69b59b.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\encry-590aee7bdd69b59b.customdestinations-ms"), dwFlags=0x1) returned 1 [0143.857] WaitForSingleObject (hHandle=0x5cc, dwMilliseconds=0xffffffff) returned 0x0 [0144.395] SetEvent (hEvent=0x9b8) returned 1 [0144.395] WaitForSingleObject (hHandle=0x5cc, dwMilliseconds=0xffffffff) returned 0x0 [0144.403] SetEvent (hEvent=0x1b4) returned 1 [0144.403] WaitForSingleObject (hHandle=0x5cc, dwMilliseconds=0xffffffff) returned 0x0 [0144.416] SetEvent (hEvent=0xa18) returned 1 [0144.416] WaitForSingleObject (hHandle=0x5cc, dwMilliseconds=0xffffffff) returned 0x0 [0144.471] VirtualFree (lpAddress=0xc000342000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.476] VirtualFree (lpAddress=0xc0002b6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0144.478] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.479] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.479] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.480] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.480] SetEvent (hEvent=0xa10) returned 1 [0144.480] WaitForSingleObject (hHandle=0x5cc, dwMilliseconds=0xffffffff) Thread: id = 115 os_tid = 0xa58 [0141.898] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3533fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3533fea0*=0x5d4) returned 1 [0141.899] VirtualQuery (in: lpAddress=0x3533fec0, lpBuffer=0x3533fec0, dwLength=0x30 | out: lpBuffer=0x3533fec0*(BaseAddress=0x3533f000, AllocationBase=0x35140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Rf3i_Q4-ueWKmRVO6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rf3i_q4-uewkmrvo6.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5d8 [0141.900] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc0003f3cf4 | out: lpMode=0xc0003f3cf4) returned 0 [0141.901] GetFileType (hFile=0x5d8) returned 0x1 [0141.901] GetFileType (hFile=0x5d8) returned 0x1 [0141.901] GetFileInformationByHandle (in: hFile=0x5d8, lpFileInformation=0xc0003f3d44 | out: lpFileInformation=0xc0003f3d44) returned 1 [0141.901] GetFileInformationByHandleEx (in: hFile=0x5d8, FileInformationClass=0x9, lpFileInformation=0xc0003f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003f3d28) returned 1 [0141.901] ReadFile (in: hFile=0x5d8, lpBuffer=0xc000198900, nNumberOfBytesToRead=0x402, lpNumberOfBytesRead=0xc0003f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000198900*, lpNumberOfBytesRead=0xc0003f3c04*=0x202, lpOverlapped=0x0) returned 1 [0142.644] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9b0 [0142.644] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9b4 [0142.644] WaitForSingleObject (hHandle=0x9b0, dwMilliseconds=0xffffffff) returned 0x0 [0143.816] SetEvent (hEvent=0x234) returned 1 [0143.816] ReadFile (in: hFile=0x5d8, lpBuffer=0xc000198b02, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000198b02*, lpNumberOfBytesRead=0xc0003f3c04*=0x0, lpOverlapped=0x0) returned 1 [0143.816] CloseHandle (hObject=0x5d8) returned 1 [0143.816] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Rf3i_Q4-ueWKmRVO6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rf3i_q4-uewkmrvo6.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5e0 [0143.828] GetConsoleMode (in: hConsoleHandle=0x5e0, lpMode=0xc0003f3d04 | out: lpMode=0xc0003f3d04) returned 0 [0143.832] GetFileType (hFile=0x5e0) returned 0x1 [0143.832] WriteFile (in: hFile=0x5e0, lpBuffer=0xc0002518c0*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0xc0003f3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002518c0*, lpNumberOfBytesWritten=0xc0003f3cec*=0x210, lpOverlapped=0x0) returned 1 [0143.833] CloseHandle (hObject=0x5e0) returned 1 [0143.835] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0143.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Rf3i_Q4-ueWKmRVO6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rf3i_q4-uewkmrvo6.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x348 [0143.835] GetConsoleMode (in: hConsoleHandle=0x348, lpMode=0xc0003f3d64 | out: lpMode=0xc0003f3d64) returned 0 [0143.836] WaitForSingleObject (hHandle=0x9b0, dwMilliseconds=0xffffffff) returned 0x0 [0144.356] GetFileType (hFile=0x348) returned 0x1 [0144.356] WriteFile (in: hFile=0x348, lpBuffer=0xc000614b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003f3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614b00*, lpNumberOfBytesWritten=0xc0003f3d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.357] CloseHandle (hObject=0x348) returned 1 [0144.357] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Rf3i_Q4-ueWKmRVO6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rf3i_q4-uewkmrvo6.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-Rf3i_Q4-ueWKmRVO6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-rf3i_q4-uewkmrvo6.lnk"), dwFlags=0x1) returned 1 [0144.359] SetEvent (hEvent=0xc44) returned 1 [0144.359] WaitForSingleObject (hHandle=0x9b0, dwMilliseconds=0xffffffff) returned 0x0 [0144.372] SetEvent (hEvent=0xc4c) returned 1 [0144.372] WaitForSingleObject (hHandle=0x9b0, dwMilliseconds=0xffffffff) returned 0x0 [0144.377] SetEvent (hEvent=0x114) returned 1 [0144.377] WaitForSingleObject (hHandle=0x9b0, dwMilliseconds=0xffffffff) Thread: id = 116 os_tid = 0x75c [0141.903] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3553fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3553fea0*=0x5dc) returned 1 [0141.903] VirtualQuery (in: lpAddress=0x3553fec0, lpBuffer=0x3553fec0, dwLength=0x30 | out: lpBuffer=0x3553fec0*(BaseAddress=0x3553f000, AllocationBase=0x35340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\If v7 jC2QExN6bjyff.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\if v7 jc2qexn6bjyff.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5e0 [0141.904] GetConsoleMode (in: hConsoleHandle=0x5e0, lpMode=0xc0003a1cf4 | out: lpMode=0xc0003a1cf4) returned 0 [0141.906] GetFileType (hFile=0x5e0) returned 0x1 [0141.906] GetFileType (hFile=0x5e0) returned 0x1 [0141.906] GetFileInformationByHandle (in: hFile=0x5e0, lpFileInformation=0xc0003a1d44 | out: lpFileInformation=0xc0003a1d44) returned 1 [0141.906] GetFileInformationByHandleEx (in: hFile=0x5e0, FileInformationClass=0x9, lpFileInformation=0xc0003a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003a1d28) returned 1 [0141.906] ReadFile (in: hFile=0x5e0, lpBuffer=0xc0004faa00, nNumberOfBytesToRead=0x223d, lpNumberOfBytesRead=0xc0003a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004faa00*, lpNumberOfBytesRead=0xc0003a1c04*=0x203d, lpOverlapped=0x0) returned 1 [0142.646] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9b8 [0142.646] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9bc [0142.646] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0143.821] ReadFile (in: hFile=0x5e0, lpBuffer=0xc0004fca3d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004fca3d*, lpNumberOfBytesRead=0xc0003a1c04*=0x0, lpOverlapped=0x0) returned 1 [0143.821] CloseHandle (hObject=0x5e0) returned 1 [0143.821] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\If v7 jC2QExN6bjyff.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\if v7 jc2qexn6bjyff.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x86c [0143.844] GetConsoleMode (in: hConsoleHandle=0x86c, lpMode=0xc0003a1d04 | out: lpMode=0xc0003a1d04) returned 0 [0143.848] GetFileType (hFile=0x86c) returned 0x1 [0143.848] WriteFile (in: hFile=0x86c, lpBuffer=0xc0004ff400*, nNumberOfBytesToWrite=0x2040, lpNumberOfBytesWritten=0xc0003a1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0004ff400*, lpNumberOfBytesWritten=0xc0003a1cec*=0x2040, lpOverlapped=0x0) returned 1 [0143.849] CloseHandle (hObject=0x86c) returned 1 [0143.858] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0144.395] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533701 | out: pbBuffer=0xc000533701) returned 1 [0144.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\If v7 jC2QExN6bjyff.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\if v7 jc2qexn6bjyff.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0144.397] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc0003a1d64 | out: lpMode=0xc0003a1d64) returned 0 [0144.402] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0144.769] GetFileType (hFile=0x284) returned 0x1 [0144.769] WriteFile (in: hFile=0x284, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003a1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc0003a1d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.770] CloseHandle (hObject=0x284) returned 1 [0144.770] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0144.771] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0144.772] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0144.773] VirtualAlloc (lpAddress=0xc000226000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000226000 [0144.774] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\If v7 jC2QExN6bjyff.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\if v7 jc2qexn6bjyff.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-If v7 jC2QExN6bjyff.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-if v7 jc2qexn6bjyff.lnk"), dwFlags=0x1) returned 1 [0144.777] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3553fe30*=0x9b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.779] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0144.779] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3553f698, ulCount=0x10, ulNumEntriesRemoved=0x3553f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3553f698, ulNumEntriesRemoved=0x3553f66c) returned 0 [0144.779] SetEvent (hEvent=0xbd0) returned 1 [0144.779] SetEvent (hEvent=0x100) returned 1 [0144.779] SetEvent (hEvent=0x1c4) returned 1 [0144.781] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3553fe08*=0x9b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.786] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0144.786] SetEvent (hEvent=0x1c4) returned 1 [0144.786] SetEvent (hEvent=0x100) returned 1 [0144.786] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3553fe08*=0x9b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.795] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3553fe30*=0x9b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.796] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0144.796] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3553f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3553f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3553f6a0, ulNumEntriesRemoved=0x3553f674) returned 0 [0144.796] SetEvent (hEvent=0xc0) returned 1 [0144.796] SetEvent (hEvent=0xb10) returned 1 [0144.796] SetEvent (hEvent=0xae0) returned 1 [0144.796] SetEvent (hEvent=0x3c4) returned 1 [0144.796] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3553fe18*=0x9b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.804] GetFileType (hFile=0x740) returned 0x1 [0144.804] WriteFile (in: hFile=0x740, lpBuffer=0xc000614000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00044dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614000*, lpNumberOfBytesWritten=0xc00044dd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.804] CloseHandle (hObject=0x740) returned 1 [0144.810] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0144.811] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0144.812] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kEv94GQePX7n.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kev94gqepx7n.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-kEv94GQePX7n.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-kev94gqepx7n.lnk"), dwFlags=0x1) returned 1 [0145.471] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3553f698, ulCount=0x10, ulNumEntriesRemoved=0x3553f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3553f698, ulNumEntriesRemoved=0x3553f66c) returned 0 [0145.471] SetEvent (hEvent=0x920) returned 1 [0145.471] SetEvent (hEvent=0xbd0) returned 1 [0145.472] SetEvent (hEvent=0x320) returned 1 [0145.474] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3553fe08*=0x9b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0145.490] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0145.490] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3553fe08*=0x9b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0145.494] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0145.494] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3553f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3553f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3553f6a0, ulNumEntriesRemoved=0x3553f674) returned 0 [0145.494] SetEvent (hEvent=0x920) returned 1 [0145.494] SetEvent (hEvent=0xbd0) returned 1 [0145.494] SetEvent (hEvent=0x320) returned 1 [0145.494] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3553fe18*=0x9b8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0145.501] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0145.502] WriteFile (in: hFile=0x748, lpBuffer=0xc000672000*, nNumberOfBytesToWrite=0xe90, lpNumberOfBytesWritten=0xc000447cec, lpOverlapped=0x0 | out: lpBuffer=0xc000672000*, lpNumberOfBytesWritten=0xc000447cec*=0xe90, lpOverlapped=0x0) returned 1 [0145.503] CloseHandle (hObject=0x748) returned 1 [0145.507] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0145.508] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0145.509] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0145.510] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0145.511] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eZAa8LdzP4i7tw-W_U.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ezaa8ldzp4i7tw-w_u.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x720 [0145.511] GetConsoleMode (in: hConsoleHandle=0x720, lpMode=0xc000447d64 | out: lpMode=0xc000447d64) returned 0 [0145.516] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0145.936] GetFileType (hFile=0x720) returned 0x1 [0145.936] WriteFile (in: hFile=0x720, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000447d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000447d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.936] CloseHandle (hObject=0x720) returned 1 [0145.949] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0146.191] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eZAa8LdzP4i7tw-W_U.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ezaa8ldzp4i7tw-w_u.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-eZAa8LdzP4i7tw-W_U.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-ezaa8ldzp4i7tw-w_u.lnk"), dwFlags=0x1) returned 1 [0150.672] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0151.254] SetEvent (hEvent=0xb50) returned 1 [0151.254] SetEvent (hEvent=0x28c) returned 1 [0151.254] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0151.257] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LWPism.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lwpism.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3f0 [0151.258] GetConsoleMode (in: hConsoleHandle=0x3f0, lpMode=0xc0003efcf4 | out: lpMode=0xc0003efcf4) returned 0 [0151.264] GetFileType (hFile=0x3f0) returned 0x1 [0151.264] GetFileType (hFile=0x3f0) returned 0x1 [0151.264] GetFileInformationByHandle (in: hFile=0x3f0, lpFileInformation=0xc0003efd44 | out: lpFileInformation=0xc0003efd44) returned 1 [0151.264] GetFileInformationByHandleEx (in: hFile=0x3f0, FileInformationClass=0x9, lpFileInformation=0xc0003efd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003efd28) returned 1 [0151.264] ReadFile (in: hFile=0x3f0, lpBuffer=0xc00028c000, nNumberOfBytesToRead=0xadda, lpNumberOfBytesRead=0xc0003efc04, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesRead=0xc0003efc04*=0xabda, lpOverlapped=0x0) returned 1 [0151.265] ReadFile (in: hFile=0x3f0, lpBuffer=0xc000296bda, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003efc04, lpOverlapped=0x0 | out: lpBuffer=0xc000296bda*, lpNumberOfBytesRead=0xc0003efc04*=0x0, lpOverlapped=0x0) returned 1 [0151.265] CloseHandle (hObject=0x3f0) returned 1 [0151.266] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0151.268] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LWPism.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lwpism.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3f0 [0151.270] GetConsoleMode (in: hConsoleHandle=0x3f0, lpMode=0xc0003efd04 | out: lpMode=0xc0003efd04) returned 0 [0151.277] GetFileType (hFile=0x3f0) returned 0x1 [0151.278] WriteFile (in: hFile=0x3f0, lpBuffer=0xc0002e2000*, nNumberOfBytesToWrite=0xabe0, lpNumberOfBytesWritten=0xc0003efcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesWritten=0xc0003efcec*=0xabe0, lpOverlapped=0x0) returned 1 [0151.280] CloseHandle (hObject=0x3f0) returned 1 [0151.280] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0151.281] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LWPism.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lwpism.pdf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3f0 [0151.281] GetConsoleMode (in: hConsoleHandle=0x3f0, lpMode=0xc0003efd64 | out: lpMode=0xc0003efd64) returned 0 [0151.294] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0151.621] GetFileType (hFile=0x3f0) returned 0x1 [0151.621] WriteFile (in: hFile=0x3f0, lpBuffer=0xc000104000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003efd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesWritten=0xc0003efd4c*=0x158, lpOverlapped=0x0) returned 1 [0151.622] CloseHandle (hObject=0x3f0) returned 1 [0151.622] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LWPism.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lwpism.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-LWPism.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-lwpism.pdf"), dwFlags=0x1) returned 1 [0151.625] SetEvent (hEvent=0x28c) returned 1 [0151.625] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0151.660] SetEvent (hEvent=0xc6c) returned 1 [0151.660] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0151.671] SetEvent (hEvent=0xbb0) returned 1 [0151.671] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0161.581] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0161.606] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0161.608] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0161.610] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0161.611] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0161.619] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0161.620] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0161.623] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0161.625] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0161.626] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0161.629] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0161.631] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0161.632] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0161.635] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0161.637] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0161.637] SetEvent (hEvent=0x108) returned 1 [0161.688] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d0320*, nNumberOfCharsToWrite=0x4e, lpNumberOfCharsWritten=0xc000377808, lpReserved=0x0 | out: lpBuffer=0xc0003d0320*, lpNumberOfCharsWritten=0xc000377808*=0x4e) returned 1 [0161.741] SetEvent (hEvent=0x108) returned 1 [0161.741] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533501 | out: pbBuffer=0xc000533501) returned 1 [0161.741] VirtualAlloc (lpAddress=0xc00030a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030a000 [0161.743] VirtualAlloc (lpAddress=0xc00030c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030c000 [0161.744] VirtualAlloc (lpAddress=0xc00030e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030e000 [0161.746] VirtualAlloc (lpAddress=0xc000318000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000318000 [0161.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0162.062] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc000377d64 | out: lpMode=0xc000377d64) returned 0 [0162.412] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) returned 0x0 [0162.454] GetFileType (hFile=0x284) returned 0x1 [0162.454] WriteFile (in: hFile=0x284, lpBuffer=0xc0001202c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000377d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001202c0*, lpNumberOfBytesWritten=0xc000377d4c*=0x158, lpOverlapped=0x0) returned 1 [0162.455] CloseHandle (hObject=0x284) returned 1 [0162.455] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Saved Games\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\saved games\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0162.534] SetEvent (hEvent=0x43c) returned 1 [0162.534] WaitForSingleObject (hHandle=0x9b8, dwMilliseconds=0xffffffff) Thread: id = 117 os_tid = 0x5b4 [0141.906] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3573fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3573fea0*=0x5e8) returned 1 [0141.906] VirtualQuery (in: lpAddress=0x3573fec0, lpBuffer=0x3573fec0, dwLength=0x30 | out: lpBuffer=0x3573fec0*(BaseAddress=0x3573f000, AllocationBase=0x35540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.906] SetEvent (hEvent=0x26c) returned 1 [0141.906] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5ec [0141.906] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x5f0 [0141.906] WaitForSingleObject (hHandle=0x5ec, dwMilliseconds=0xffffffff) returned 0x0 [0141.910] SetEvent (hEvent=0x188) returned 1 [0141.910] WaitForSingleObject (hHandle=0x5ec, dwMilliseconds=0xffffffff) returned 0x0 [0141.914] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IhGRZo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ihgrzo.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5fc [0141.915] GetConsoleMode (in: hConsoleHandle=0x5fc, lpMode=0xc0003abcf4 | out: lpMode=0xc0003abcf4) returned 0 [0141.915] GetFileType (hFile=0x5fc) returned 0x1 [0141.915] GetFileType (hFile=0x5fc) returned 0x1 [0141.915] GetFileInformationByHandle (in: hFile=0x5fc, lpFileInformation=0xc0003abd44 | out: lpFileInformation=0xc0003abd44) returned 1 [0141.915] GetFileInformationByHandleEx (in: hFile=0x5fc, FileInformationClass=0x9, lpFileInformation=0xc0003abd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003abd28) returned 1 [0141.915] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0141.917] ReadFile (in: hFile=0x5fc, lpBuffer=0xc00029a000, nNumberOfBytesToRead=0x1b5b, lpNumberOfBytesRead=0xc0003abc04, lpOverlapped=0x0 | out: lpBuffer=0xc00029a000*, lpNumberOfBytesRead=0xc0003abc04*=0x195b, lpOverlapped=0x0) returned 1 [0142.651] WaitForSingleObject (hHandle=0x5ec, dwMilliseconds=0xffffffff) returned 0x0 [0143.171] ReadFile (in: hFile=0x5fc, lpBuffer=0xc00029b95b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003abc04, lpOverlapped=0x0 | out: lpBuffer=0xc00029b95b*, lpNumberOfBytesRead=0xc0003abc04*=0x0, lpOverlapped=0x0) returned 1 [0143.171] CloseHandle (hObject=0x5fc) returned 1 [0143.171] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IhGRZo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ihgrzo.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5fc [0143.172] GetConsoleMode (in: hConsoleHandle=0x5fc, lpMode=0xc0003abd04 | out: lpMode=0xc0003abd04) returned 0 [0143.180] WaitForSingleObject (hHandle=0x5ec, dwMilliseconds=0xffffffff) returned 0x0 [0144.027] GetFileType (hFile=0x5fc) returned 0x1 [0144.028] WriteFile (in: hFile=0x5fc, lpBuffer=0xc00050f300*, nNumberOfBytesToWrite=0x1960, lpNumberOfBytesWritten=0xc0003abcec, lpOverlapped=0x0 | out: lpBuffer=0xc00050f300*, lpNumberOfBytesWritten=0xc0003abcec*=0x1960, lpOverlapped=0x0) returned 1 [0144.029] CloseHandle (hObject=0x5fc) returned 1 [0144.029] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0144.030] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IhGRZo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ihgrzo.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5fc [0144.030] GetConsoleMode (in: hConsoleHandle=0x5fc, lpMode=0xc0003abd64 | out: lpMode=0xc0003abd64) returned 0 [0144.034] GetFileType (hFile=0x5fc) returned 0x1 [0144.034] WriteFile (in: hFile=0x5fc, lpBuffer=0xc000615ce0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003abd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000615ce0*, lpNumberOfBytesWritten=0xc0003abd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.034] CloseHandle (hObject=0x5fc) returned 1 [0144.034] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IhGRZo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ihgrzo.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-IhGRZo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-ihgrzo.lnk"), dwFlags=0x1) returned 1 [0144.036] SetEvent (hEvent=0xa98) returned 1 [0144.036] WaitForSingleObject (hHandle=0x5ec, dwMilliseconds=0xffffffff) Thread: id = 118 os_tid = 0x6cc [0141.910] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3593fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3593fea0*=0x5e4) returned 1 [0141.910] VirtualQuery (in: lpAddress=0x3593fec0, lpBuffer=0x3593fec0, dwLength=0x30 | out: lpBuffer=0x3593fec0*(BaseAddress=0x3593f000, AllocationBase=0x35740000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.911] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RhM0SUlFme.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rhm0sulfme.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5f4 [0141.912] GetConsoleMode (in: hConsoleHandle=0x5f4, lpMode=0xc0003f5cf4 | out: lpMode=0xc0003f5cf4) returned 0 [0141.913] GetFileType (hFile=0x5f4) returned 0x1 [0141.913] GetFileType (hFile=0x5f4) returned 0x1 [0141.913] GetFileInformationByHandle (in: hFile=0x5f4, lpFileInformation=0xc0003f5d44 | out: lpFileInformation=0xc0003f5d44) returned 1 [0141.913] GetFileInformationByHandleEx (in: hFile=0x5f4, FileInformationClass=0x9, lpFileInformation=0xc0003f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003f5d28) returned 1 [0141.914] ReadFile (in: hFile=0x5f4, lpBuffer=0xc000303300, nNumberOfBytesToRead=0x10af, lpNumberOfBytesRead=0xc0003f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000303300*, lpNumberOfBytesRead=0xc0003f5c04*=0xeaf, lpOverlapped=0x0) returned 1 [0142.649] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9c0 [0142.649] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9c4 [0142.649] WaitForSingleObject (hHandle=0x9c0, dwMilliseconds=0xffffffff) returned 0x0 [0143.111] ReadFile (in: hFile=0x5f4, lpBuffer=0xc0003041af, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003041af*, lpNumberOfBytesRead=0xc0003f5c04*=0x0, lpOverlapped=0x0) returned 1 [0143.111] CloseHandle (hObject=0x5f4) returned 1 [0143.111] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RhM0SUlFme.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rhm0sulfme.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f4 [0143.112] GetConsoleMode (in: hConsoleHandle=0x5f4, lpMode=0xc0003f5d04 | out: lpMode=0xc0003f5d04) returned 0 [0143.114] GetFileType (hFile=0x5f4) returned 0x1 [0143.114] WriteFile (in: hFile=0x5f4, lpBuffer=0xc000653000*, nNumberOfBytesToWrite=0xeb0, lpNumberOfBytesWritten=0xc0003f5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000653000*, lpNumberOfBytesWritten=0xc0003f5cec*=0xeb0, lpOverlapped=0x0) returned 1 [0143.115] CloseHandle (hObject=0x5f4) returned 1 [0143.115] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0143.115] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RhM0SUlFme.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rhm0sulfme.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5f4 [0143.115] GetConsoleMode (in: hConsoleHandle=0x5f4, lpMode=0xc0003f5d64 | out: lpMode=0xc0003f5d64) returned 0 [0143.124] WaitForSingleObject (hHandle=0x9c0, dwMilliseconds=0xffffffff) returned 0x0 [0144.002] GetFileType (hFile=0x5f4) returned 0x1 [0144.002] WriteFile (in: hFile=0x5f4, lpBuffer=0xc000614000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614000*, lpNumberOfBytesWritten=0xc0003f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.003] CloseHandle (hObject=0x5f4) returned 1 [0144.003] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RhM0SUlFme.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rhm0sulfme.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-RhM0SUlFme.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-rhm0sulfme.lnk"), dwFlags=0x1) returned 1 [0144.005] SetEvent (hEvent=0x100) returned 1 [0144.005] WaitForSingleObject (hHandle=0x9c0, dwMilliseconds=0xffffffff) returned 0x0 [0144.008] SetEvent (hEvent=0xac8) returned 1 [0144.008] WaitForSingleObject (hHandle=0x9c0, dwMilliseconds=0xffffffff) Thread: id = 119 os_tid = 0xa6c [0141.918] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x35b3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x35b3fea0*=0x600) returned 1 [0141.918] VirtualQuery (in: lpAddress=0x35b3fec0, lpBuffer=0x35b3fec0, dwLength=0x30 | out: lpBuffer=0x35b3fec0*(BaseAddress=0x35b3f000, AllocationBase=0x35940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.918] SetEvent (hEvent=0x2b0) returned 1 [0141.918] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x604 [0141.918] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x608 [0141.918] WaitForSingleObject (hHandle=0x604, dwMilliseconds=0xffffffff) returned 0x0 [0141.921] SetEvent (hEvent=0x2a8) returned 1 [0141.921] WaitForSingleObject (hHandle=0x604, dwMilliseconds=0xffffffff) returned 0x0 [0141.923] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IuZWYjdszrZaN4GI1.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iuzwyjdszrzan4gi1.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x610 [0141.924] GetConsoleMode (in: hConsoleHandle=0x610, lpMode=0xc0003adcf4 | out: lpMode=0xc0003adcf4) returned 0 [0141.927] GetFileType (hFile=0x610) returned 0x1 [0141.927] GetFileType (hFile=0x610) returned 0x1 [0141.927] GetFileInformationByHandle (in: hFile=0x610, lpFileInformation=0xc0003add44 | out: lpFileInformation=0xc0003add44) returned 1 [0141.927] GetFileInformationByHandleEx (in: hFile=0x610, FileInformationClass=0x9, lpFileInformation=0xc0003add28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003add28) returned 1 [0141.927] ReadFile (in: hFile=0x610, lpBuffer=0xc000078600, nNumberOfBytesToRead=0x112a, lpNumberOfBytesRead=0xc0003adc04, lpOverlapped=0x0 | out: lpBuffer=0xc000078600*, lpNumberOfBytesRead=0xc0003adc04*=0xf2a, lpOverlapped=0x0) returned 1 [0142.656] WaitForSingleObject (hHandle=0x604, dwMilliseconds=0xffffffff) returned 0x0 [0143.241] ReadFile (in: hFile=0x610, lpBuffer=0xc00007952a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003adc04, lpOverlapped=0x0 | out: lpBuffer=0xc00007952a*, lpNumberOfBytesRead=0xc0003adc04*=0x0, lpOverlapped=0x0) returned 1 [0143.241] CloseHandle (hObject=0x610) returned 1 [0143.241] VirtualAlloc (lpAddress=0xc0006ae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ae000 [0143.242] VirtualAlloc (lpAddress=0xc0006b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006b0000 [0143.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IuZWYjdszrZaN4GI1.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iuzwyjdszrzan4gi1.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x610 [0143.245] GetConsoleMode (in: hConsoleHandle=0x610, lpMode=0xc0003add04 | out: lpMode=0xc0003add04) returned 0 [0143.247] WaitForSingleObject (hHandle=0x604, dwMilliseconds=0xffffffff) returned 0x0 [0144.102] GetFileType (hFile=0x610) returned 0x1 [0144.102] WriteFile (in: hFile=0x610, lpBuffer=0xc0002fb000*, nNumberOfBytesToWrite=0xf30, lpNumberOfBytesWritten=0xc0003adcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002fb000*, lpNumberOfBytesWritten=0xc0003adcec*=0xf30, lpOverlapped=0x0) returned 1 [0144.103] CloseHandle (hObject=0x610) returned 1 [0144.103] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0144.104] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0144.104] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0144.105] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IuZWYjdszrZaN4GI1.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iuzwyjdszrzan4gi1.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x610 [0144.105] GetConsoleMode (in: hConsoleHandle=0x610, lpMode=0xc0003add64 | out: lpMode=0xc0003add64) returned 0 [0144.110] WaitForSingleObject (hHandle=0x604, dwMilliseconds=0xffffffff) returned 0x0 [0144.510] GetFileType (hFile=0x610) returned 0x1 [0144.510] WriteFile (in: hFile=0x610, lpBuffer=0xc000682000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003add4c, lpOverlapped=0x0 | out: lpBuffer=0xc000682000*, lpNumberOfBytesWritten=0xc0003add4c*=0x158, lpOverlapped=0x0) returned 1 [0144.511] CloseHandle (hObject=0x610) returned 1 [0144.511] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0144.512] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\IuZWYjdszrZaN4GI1.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\iuzwyjdszrzan4gi1.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-IuZWYjdszrZaN4GI1.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-iuzwyjdszrzan4gi1.lnk"), dwFlags=0x1) returned 1 [0144.513] SetEvent (hEvent=0xae0) returned 1 [0144.514] WaitForSingleObject (hHandle=0x604, dwMilliseconds=0xffffffff) returned 0x0 [0144.526] SetEvent (hEvent=0xc64) returned 1 [0144.526] WaitForSingleObject (hHandle=0x604, dwMilliseconds=0xffffffff) returned 0x0 [0144.529] SetEvent (hEvent=0x8b8) returned 1 [0144.529] SetEvent (hEvent=0x254) returned 1 [0144.529] WaitForSingleObject (hHandle=0x604, dwMilliseconds=0xffffffff) returned 0x0 [0144.539] SetEvent (hEvent=0xc6c) returned 1 [0144.539] WaitForSingleObject (hHandle=0x604, dwMilliseconds=0xffffffff) returned 0x0 [0144.562] SetEvent (hEvent=0x208) returned 1 [0144.562] WaitForSingleObject (hHandle=0x604, dwMilliseconds=0xffffffff) returned 0x0 [0144.580] SetEvent (hEvent=0xc6c) returned 1 [0144.580] SetEvent (hEvent=0x828) returned 1 [0144.580] WaitForSingleObject (hHandle=0x604, dwMilliseconds=0xffffffff) Thread: id = 120 os_tid = 0x614 [0141.921] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x35d3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x35d3fea0*=0x5f8) returned 1 [0141.921] VirtualQuery (in: lpAddress=0x35d3fec0, lpBuffer=0x35d3fec0, dwLength=0x30 | out: lpBuffer=0x35d3fec0*(BaseAddress=0x35d3f000, AllocationBase=0x35b40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.921] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x60c [0141.923] GetConsoleMode (in: hConsoleHandle=0x60c, lpMode=0xc000407cf4 | out: lpMode=0xc000407cf4) returned 0 [0141.925] GetFileType (hFile=0x60c) returned 0x1 [0141.925] GetFileType (hFile=0x60c) returned 0x1 [0141.925] GetFileInformationByHandle (in: hFile=0x60c, lpFileInformation=0xc000407d44 | out: lpFileInformation=0xc000407d44) returned 1 [0141.926] GetFileInformationByHandleEx (in: hFile=0x60c, FileInformationClass=0x9, lpFileInformation=0xc000407d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000407d28) returned 1 [0141.926] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0141.927] ReadFile (in: hFile=0x60c, lpBuffer=0xc00021a000, nNumberOfBytesToRead=0x503, lpNumberOfBytesRead=0xc000407c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021a000*, lpNumberOfBytesRead=0xc000407c04*=0x303, lpOverlapped=0x0) returned 1 [0142.654] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9c8 [0142.654] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9cc [0142.654] WaitForSingleObject (hHandle=0x9c8, dwMilliseconds=0xffffffff) returned 0x0 [0143.232] SetEvent (hEvent=0xaa8) returned 1 [0143.232] ReadFile (in: hFile=0x60c, lpBuffer=0xc00021a303, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000407c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021a303*, lpNumberOfBytesRead=0xc000407c04*=0x0, lpOverlapped=0x0) returned 1 [0143.232] WaitForSingleObject (hHandle=0x9c8, dwMilliseconds=0xffffffff) returned 0x0 [0144.088] CloseHandle (hObject=0x60c) returned 1 [0144.089] WaitForSingleObject (hHandle=0x9c8, dwMilliseconds=0xffffffff) returned 0x0 [0144.896] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0144.897] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0144.897] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0144.898] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x890 [0145.031] WaitForSingleObject (hHandle=0x9c8, dwMilliseconds=0xffffffff) returned 0x0 [0145.812] GetConsoleMode (in: hConsoleHandle=0x890, lpMode=0xc000407d04 | out: lpMode=0xc000407d04) returned 0 [0145.815] WaitForSingleObject (hHandle=0x9c8, dwMilliseconds=0xffffffff) returned 0x0 [0146.194] GetFileType (hFile=0x890) returned 0x1 [0146.194] WriteFile (in: hFile=0x890, lpBuffer=0xc0000ea700*, nNumberOfBytesToWrite=0x310, lpNumberOfBytesWritten=0xc000407cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea700*, lpNumberOfBytesWritten=0xc000407cec*=0x310, lpOverlapped=0x0) returned 1 [0146.196] CloseHandle (hObject=0x890) returned 1 [0146.196] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0146.196] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x890 [0146.196] GetConsoleMode (in: hConsoleHandle=0x890, lpMode=0xc000407d64 | out: lpMode=0xc000407d64) returned 0 [0146.196] GetFileType (hFile=0x890) returned 0x1 [0146.197] WriteFile (in: hFile=0x890, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000407d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc000407d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.197] CloseHandle (hObject=0x890) returned 1 [0146.197] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Roaming.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\roaming.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-Roaming.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-roaming.lnk"), dwFlags=0x1) returned 1 [0150.672] WaitForSingleObject (hHandle=0x9c8, dwMilliseconds=0xffffffff) returned 0x0 [0151.253] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KPl98.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kpl98.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2fc [0151.253] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc0001f3cf4 | out: lpMode=0xc0001f3cf4) returned 0 [0151.255] WaitForSingleObject (hHandle=0x9c8, dwMilliseconds=0xffffffff) returned 0x0 [0151.834] GetFileType (hFile=0x2fc) returned 0x1 [0151.835] GetFileType (hFile=0x2fc) returned 0x1 [0151.835] GetFileInformationByHandle (in: hFile=0x2fc, lpFileInformation=0xc0001f3d44 | out: lpFileInformation=0xc0001f3d44) returned 1 [0151.835] GetFileInformationByHandleEx (in: hFile=0x2fc, FileInformationClass=0x9, lpFileInformation=0xc0001f3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f3d28) returned 1 [0151.835] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0151.838] ReadFile (in: hFile=0x2fc, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x97ef, lpNumberOfBytesRead=0xc0001f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0001f3c04*=0x95ef, lpOverlapped=0x0) returned 1 [0151.840] ReadFile (in: hFile=0x2fc, lpBuffer=0xc0002ad5ef, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ad5ef*, lpNumberOfBytesRead=0xc0001f3c04*=0x0, lpOverlapped=0x0) returned 1 [0151.840] CloseHandle (hObject=0x2fc) returned 1 [0151.840] VirtualAlloc (lpAddress=0xc0002ae000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ae000 [0151.843] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KPl98.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kpl98.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0151.846] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc0001f3d04 | out: lpMode=0xc0001f3d04) returned 0 [0151.870] WaitForSingleObject (hHandle=0x9c8, dwMilliseconds=0xffffffff) returned 0x0 [0152.176] WaitForSingleObject (hHandle=0x9c8, dwMilliseconds=0xffffffff) returned 0x0 [0152.273] SetEvent (hEvent=0xa20) returned 1 [0152.273] WaitForSingleObject (hHandle=0x9c8, dwMilliseconds=0xffffffff) returned 0x0 [0161.389] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586800*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000437818, lpReserved=0x0 | out: lpBuffer=0xc000586800*, lpNumberOfCharsWritten=0xc000437818*=0x4) returned 1 [0161.390] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586808*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000173818, lpReserved=0x0 | out: lpBuffer=0xc000586808*, lpNumberOfCharsWritten=0xc000173818*=0x4) returned 1 [0161.392] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0161.393] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586810*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001a3818, lpReserved=0x0 | out: lpBuffer=0xc000586810*, lpNumberOfCharsWritten=0xc0001a3818*=0x4) returned 1 [0161.395] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586818*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000463818, lpReserved=0x0 | out: lpBuffer=0xc000586818*, lpNumberOfCharsWritten=0xc000463818*=0x4) returned 1 [0161.396] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586820*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000469818, lpReserved=0x0 | out: lpBuffer=0xc000586820*, lpNumberOfCharsWritten=0xc000469818*=0x4) returned 1 [0161.398] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586828*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00042d818, lpReserved=0x0 | out: lpBuffer=0xc000586828*, lpNumberOfCharsWritten=0xc00042d818*=0x4) returned 1 [0161.399] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586830*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000451818, lpReserved=0x0 | out: lpBuffer=0xc000586830*, lpNumberOfCharsWritten=0xc000451818*=0x4) returned 1 [0161.404] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586860*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003e5818, lpReserved=0x0 | out: lpBuffer=0xc000586860*, lpNumberOfCharsWritten=0xc0003e5818*=0x4) returned 1 [0161.405] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586868*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001d5818, lpReserved=0x0 | out: lpBuffer=0xc000586868*, lpNumberOfCharsWritten=0xc0001d5818*=0x4) returned 1 [0161.408] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586870*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003b9818, lpReserved=0x0 | out: lpBuffer=0xc000586870*, lpNumberOfCharsWritten=0xc0003b9818*=0x4) returned 1 [0161.409] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0161.410] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586878*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002db818, lpReserved=0x0 | out: lpBuffer=0xc000586878*, lpNumberOfCharsWritten=0xc0002db818*=0x4) returned 1 [0161.415] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586880*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003c5818, lpReserved=0x0 | out: lpBuffer=0xc000586880*, lpNumberOfCharsWritten=0xc0003c5818*=0x4) returned 1 [0161.417] WaitForSingleObject (hHandle=0x9c8, dwMilliseconds=0xffffffff) returned 0x0 [0161.418] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586888*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000393818, lpReserved=0x0 | out: lpBuffer=0xc000586888*, lpNumberOfCharsWritten=0xc000393818*=0x4) returned 1 [0161.420] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586890*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000f7818, lpReserved=0x0 | out: lpBuffer=0xc000586890*, lpNumberOfCharsWritten=0xc0000f7818*=0x4) returned 1 [0161.421] SetEvent (hEvent=0xa48) returned 1 [0161.421] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586898*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002dd818, lpReserved=0x0 | out: lpBuffer=0xc000586898*, lpNumberOfCharsWritten=0xc0002dd818*=0x4) returned 1 [0161.422] SetEvent (hEvent=0xa48) returned 1 [0161.422] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005868a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc0005868a0*, lpNumberOfCharsWritten=0xc00024d818*=0x4) returned 1 [0161.424] SetEvent (hEvent=0xa48) returned 1 [0161.424] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005868a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000c1818, lpReserved=0x0 | out: lpBuffer=0xc0005868a8*, lpNumberOfCharsWritten=0xc0000c1818*=0x4) returned 1 [0161.425] SetEvent (hEvent=0xa48) returned 1 [0161.425] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005868b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00048b818, lpReserved=0x0 | out: lpBuffer=0xc0005868b0*, lpNumberOfCharsWritten=0xc00048b818*=0x4) returned 1 [0161.426] SetEvent (hEvent=0xa48) returned 1 [0161.426] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005868b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000461818, lpReserved=0x0 | out: lpBuffer=0xc0005868b8*, lpNumberOfCharsWritten=0xc000461818*=0x4) returned 1 [0161.427] SetEvent (hEvent=0xa48) returned 1 [0161.428] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005868c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00029d818, lpReserved=0x0 | out: lpBuffer=0xc0005868c0*, lpNumberOfCharsWritten=0xc00029d818*=0x4) returned 1 [0161.428] SetEvent (hEvent=0xa48) returned 1 [0161.429] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005868c8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000435818, lpReserved=0x0 | out: lpBuffer=0xc0005868c8*, lpNumberOfCharsWritten=0xc000435818*=0x4) returned 1 [0161.430] SetEvent (hEvent=0xa48) returned 1 [0161.430] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005868d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000257818, lpReserved=0x0 | out: lpBuffer=0xc0005868d0*, lpNumberOfCharsWritten=0xc000257818*=0x4) returned 1 [0161.431] SetEvent (hEvent=0xa48) returned 1 [0161.431] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005868d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000389818, lpReserved=0x0 | out: lpBuffer=0xc0005868d8*, lpNumberOfCharsWritten=0xc000389818*=0x4) returned 1 [0161.432] SetEvent (hEvent=0xa48) returned 1 [0161.432] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005868e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003eb818, lpReserved=0x0 | out: lpBuffer=0xc0005868e0*, lpNumberOfCharsWritten=0xc0003eb818*=0x4) returned 1 [0161.433] SetEvent (hEvent=0xa48) returned 1 [0161.433] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005868e8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000425818, lpReserved=0x0 | out: lpBuffer=0xc0005868e8*, lpNumberOfCharsWritten=0xc000425818*=0x4) returned 1 [0161.434] SetEvent (hEvent=0xa48) returned 1 [0161.434] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d60a0*, nNumberOfCharsToWrite=0x4c, lpNumberOfCharsWritten=0xc00043f808, lpReserved=0x0 | out: lpBuffer=0xc0003d60a0*, lpNumberOfCharsWritten=0xc00043f808*=0x4c) returned 1 [0161.436] SetEvent (hEvent=0xa48) returned 1 [0161.436] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0161.436] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0161.463] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0161.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x808 [0162.109] GetConsoleMode (in: hConsoleHandle=0x808, lpMode=0xc00043fd64 | out: lpMode=0xc00043fd64) returned 0 [0162.415] WaitForSingleObject (hHandle=0x9c8, dwMilliseconds=0xffffffff) returned 0x0 [0162.586] SetEvent (hEvent=0xc6c) returned 1 [0162.586] WaitForSingleObject (hHandle=0x9c8, dwMilliseconds=0xffffffff) returned 0x0 [0163.671] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc0a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002ab818, lpReserved=0x0 | out: lpBuffer=0xc0000bc0a0*, lpNumberOfCharsWritten=0xc0002ab818*=0x3) returned 1 [0163.672] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00029a2d0*, nNumberOfCharsToWrite=0x41, lpNumberOfCharsWritten=0xc0003ab808, lpReserved=0x0 | out: lpBuffer=0xc00029a2d0*, lpNumberOfCharsWritten=0xc0003ab808*=0x41) returned 1 [0163.673] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533e01 | out: pbBuffer=0xc000533e01) returned 1 [0163.673] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0166.383] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*", lpFindFileData=0xc0003aba68 | out: lpFindFileData=0xc0003aba68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0166.383] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0003ab720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0166.383] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00029a480*, nNumberOfCharsToWrite=0x41, lpNumberOfCharsWritten=0xc0003ab808, lpReserved=0x0 | out: lpBuffer=0xc00029a480*, lpNumberOfCharsWritten=0xc0003ab808*=0x41) returned 1 [0166.473] SetEvent (hEvent=0xb48) returned 1 [0166.473] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c83c0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0003ab808, lpReserved=0x0 | out: lpBuffer=0xc0000c83c0*, lpNumberOfCharsWritten=0xc0003ab808*=0x11) returned 1 [0166.500] SetEvent (hEvent=0xb48) returned 1 [0166.500] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c83f0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0003ab808, lpReserved=0x0 | out: lpBuffer=0xc0000c83f0*, lpNumberOfCharsWritten=0xc0003ab808*=0x11) returned 1 [0166.506] SetEvent (hEvent=0xb48) returned 1 [0166.506] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-Start Menu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-start menu"), dwFlags=0x1) returned 1 [0167.380] WaitForSingleObject (hHandle=0x9c8, dwMilliseconds=0xffffffff) Thread: id = 121 os_tid = 0x690 [0141.931] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x35f3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x35f3fea0*=0x618) returned 1 [0141.932] VirtualQuery (in: lpAddress=0x35f3fec0, lpBuffer=0x35f3fec0, dwLength=0x30 | out: lpBuffer=0x35f3fec0*(BaseAddress=0x35f3f000, AllocationBase=0x35d40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.932] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XOJvpFkLvx0P7joh8C.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xojvpfklvx0p7joh8c.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x61c [0141.933] GetConsoleMode (in: hConsoleHandle=0x61c, lpMode=0xc000415cf4 | out: lpMode=0xc000415cf4) returned 0 [0141.934] GetFileType (hFile=0x61c) returned 0x1 [0141.934] VirtualAlloc (lpAddress=0xc000342000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000342000 [0141.935] GetFileType (hFile=0x61c) returned 0x1 [0141.935] GetFileInformationByHandle (in: hFile=0x61c, lpFileInformation=0xc000415d44 | out: lpFileInformation=0xc000415d44) returned 1 [0141.935] GetFileInformationByHandleEx (in: hFile=0x61c, FileInformationClass=0x9, lpFileInformation=0xc000415d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000415d28) returned 1 [0141.935] ReadFile (in: hFile=0x61c, lpBuffer=0xc000368c00, nNumberOfBytesToRead=0xbbb, lpNumberOfBytesRead=0xc000415c04, lpOverlapped=0x0 | out: lpBuffer=0xc000368c00*, lpNumberOfBytesRead=0xc000415c04*=0x9bb, lpOverlapped=0x0) returned 1 [0142.658] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9d8 [0142.658] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9dc [0142.658] WaitForSingleObject (hHandle=0x9d8, dwMilliseconds=0xffffffff) returned 0x0 [0143.261] ReadFile (in: hFile=0x61c, lpBuffer=0xc0003695bb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000415c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003695bb*, lpNumberOfBytesRead=0xc000415c04*=0x0, lpOverlapped=0x0) returned 1 [0143.261] CloseHandle (hObject=0x61c) returned 1 [0143.261] VirtualAlloc (lpAddress=0xc0006b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006b2000 [0143.263] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XOJvpFkLvx0P7joh8C.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xojvpfklvx0p7joh8c.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x61c [0143.264] GetConsoleMode (in: hConsoleHandle=0x61c, lpMode=0xc000415d04 | out: lpMode=0xc000415d04) returned 0 [0143.268] GetFileType (hFile=0x61c) returned 0x1 [0143.268] WriteFile (in: hFile=0x61c, lpBuffer=0xc0007c2000*, nNumberOfBytesToWrite=0x9c0, lpNumberOfBytesWritten=0xc000415cec, lpOverlapped=0x0 | out: lpBuffer=0xc0007c2000*, lpNumberOfBytesWritten=0xc000415cec*=0x9c0, lpOverlapped=0x0) returned 1 [0143.274] CloseHandle (hObject=0x61c) returned 1 [0143.274] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0143.274] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XOJvpFkLvx0P7joh8C.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xojvpfklvx0p7joh8c.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x61c [0143.275] GetConsoleMode (in: hConsoleHandle=0x61c, lpMode=0xc000415d64 | out: lpMode=0xc000415d64) returned 0 [0143.290] WaitForSingleObject (hHandle=0x9d8, dwMilliseconds=0xffffffff) returned 0x0 [0144.151] GetFileType (hFile=0x61c) returned 0x1 [0144.151] WriteFile (in: hFile=0x61c, lpBuffer=0xc000290420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000415d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290420*, lpNumberOfBytesWritten=0xc000415d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.152] CloseHandle (hObject=0x61c) returned 1 [0144.152] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0144.153] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XOJvpFkLvx0P7joh8C.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xojvpfklvx0p7joh8c.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-XOJvpFkLvx0P7joh8C.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-xojvpfklvx0p7joh8c.lnk"), dwFlags=0x1) returned 1 [0144.156] SetEvent (hEvent=0xab0) returned 1 [0144.156] WaitForSingleObject (hHandle=0x9d8, dwMilliseconds=0xffffffff) Thread: id = 122 os_tid = 0x8f4 [0141.938] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3613fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3613fea0*=0x614) returned 1 [0141.938] VirtualQuery (in: lpAddress=0x3613fec0, lpBuffer=0x3613fec0, dwLength=0x30 | out: lpBuffer=0x3613fec0*(BaseAddress=0x3613f000, AllocationBase=0x35f40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.939] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RqAQO.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rqaqo.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x620 [0141.940] GetConsoleMode (in: hConsoleHandle=0x620, lpMode=0xc0003f1cf4 | out: lpMode=0xc0003f1cf4) returned 0 [0141.941] GetFileType (hFile=0x620) returned 0x1 [0141.941] GetFileType (hFile=0x620) returned 0x1 [0141.941] GetFileInformationByHandle (in: hFile=0x620, lpFileInformation=0xc0003f1d44 | out: lpFileInformation=0xc0003f1d44) returned 1 [0141.941] GetFileInformationByHandleEx (in: hFile=0x620, FileInformationClass=0x9, lpFileInformation=0xc0003f1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003f1d28) returned 1 [0141.941] ReadFile (in: hFile=0x620, lpBuffer=0xc000304600, nNumberOfBytesToRead=0x1093, lpNumberOfBytesRead=0xc0003f1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000304600*, lpNumberOfBytesRead=0xc0003f1c04*=0xe93, lpOverlapped=0x0) returned 1 [0142.660] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9e0 [0142.660] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9e4 [0142.660] WaitForSingleObject (hHandle=0x9e0, dwMilliseconds=0xffffffff) returned 0x0 [0143.292] ReadFile (in: hFile=0x620, lpBuffer=0xc000305493, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003f1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000305493*, lpNumberOfBytesRead=0xc0003f1c04*=0x0, lpOverlapped=0x0) returned 1 [0143.292] CloseHandle (hObject=0x620) returned 1 [0143.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RqAQO.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rqaqo.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x620 [0143.293] GetConsoleMode (in: hConsoleHandle=0x620, lpMode=0xc0003f1d04 | out: lpMode=0xc0003f1d04) returned 0 [0143.300] WaitForSingleObject (hHandle=0x9e0, dwMilliseconds=0xffffffff) returned 0x0 [0144.171] GetFileType (hFile=0x620) returned 0x1 [0144.171] WriteFile (in: hFile=0x620, lpBuffer=0xc00061a000*, nNumberOfBytesToWrite=0xea0, lpNumberOfBytesWritten=0xc0003f1cec, lpOverlapped=0x0 | out: lpBuffer=0xc00061a000*, lpNumberOfBytesWritten=0xc0003f1cec*=0xea0, lpOverlapped=0x0) returned 1 [0144.173] CloseHandle (hObject=0x620) returned 1 [0144.173] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0144.173] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RqAQO.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rqaqo.mkv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x620 [0144.173] GetConsoleMode (in: hConsoleHandle=0x620, lpMode=0xc0003f1d64 | out: lpMode=0xc0003f1d64) returned 0 [0144.181] GetFileType (hFile=0x620) returned 0x1 [0144.181] WriteFile (in: hFile=0x620, lpBuffer=0xc00007f760*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003f1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007f760*, lpNumberOfBytesWritten=0xc0003f1d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.181] CloseHandle (hObject=0x620) returned 1 [0144.181] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\RqAQO.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rqaqo.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-RqAQO.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-rqaqo.mkv.lnk"), dwFlags=0x1) returned 1 [0144.184] SetEvent (hEvent=0xab8) returned 1 [0144.184] WaitForSingleObject (hHandle=0x9e0, dwMilliseconds=0xffffffff) returned 0x0 [0144.193] SetEvent (hEvent=0xbb8) returned 1 [0144.194] WaitForSingleObject (hHandle=0x9e0, dwMilliseconds=0xffffffff) returned 0x0 [0144.216] SetEvent (hEvent=0x910) returned 1 [0144.216] WaitForSingleObject (hHandle=0x9e0, dwMilliseconds=0xffffffff) Thread: id = 123 os_tid = 0x7d8 [0141.941] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3633fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3633fea0*=0x628) returned 1 [0141.941] VirtualQuery (in: lpAddress=0x3633fec0, lpBuffer=0x3633fec0, dwLength=0x30 | out: lpBuffer=0x3633fec0*(BaseAddress=0x3633f000, AllocationBase=0x36140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.942] SetEvent (hEvent=0xb8) returned 1 [0141.942] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x62c [0141.942] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x630 [0141.942] WaitForSingleObject (hHandle=0x62c, dwMilliseconds=0xffffffff) returned 0x0 [0141.948] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XT0rtZ_l-eS-ZJIBw.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xt0rtz_l-es-zjibw.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x63c [0141.949] GetConsoleMode (in: hConsoleHandle=0x63c, lpMode=0xc00041fcf4 | out: lpMode=0xc00041fcf4) returned 0 [0141.950] GetFileType (hFile=0x63c) returned 0x1 [0141.950] GetFileType (hFile=0x63c) returned 0x1 [0141.950] GetFileInformationByHandle (in: hFile=0x63c, lpFileInformation=0xc00041fd44 | out: lpFileInformation=0xc00041fd44) returned 1 [0141.950] GetFileInformationByHandleEx (in: hFile=0x63c, FileInformationClass=0x9, lpFileInformation=0xc00041fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00041fd28) returned 1 [0141.950] VirtualAlloc (lpAddress=0xc00036e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00036e000 [0141.952] ReadFile (in: hFile=0x63c, lpBuffer=0xc00036e000, nNumberOfBytesToRead=0x466, lpNumberOfBytesRead=0xc00041fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00036e000*, lpNumberOfBytesRead=0xc00041fc04*=0x266, lpOverlapped=0x0) returned 1 [0142.664] WaitForSingleObject (hHandle=0x62c, dwMilliseconds=0xffffffff) returned 0x0 [0143.377] ReadFile (in: hFile=0x63c, lpBuffer=0xc00036e266, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00041fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00036e266*, lpNumberOfBytesRead=0xc00041fc04*=0x0, lpOverlapped=0x0) returned 1 [0143.377] CloseHandle (hObject=0x63c) returned 1 [0143.377] VirtualAlloc (lpAddress=0xc0006ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ce000 [0143.378] VirtualAlloc (lpAddress=0xc0006d0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006d0000 [0143.379] VirtualAlloc (lpAddress=0xc0006d2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006d2000 [0143.380] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XT0rtZ_l-eS-ZJIBw.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xt0rtz_l-es-zjibw.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x63c [0143.382] GetConsoleMode (in: hConsoleHandle=0x63c, lpMode=0xc00041fd04 | out: lpMode=0xc00041fd04) returned 0 [0143.389] WaitForSingleObject (hHandle=0x62c, dwMilliseconds=0xffffffff) returned 0x0 [0144.036] SetEvent (hEvent=0xad0) returned 1 [0144.036] WaitForSingleObject (hHandle=0x62c, dwMilliseconds=0xffffffff) Thread: id = 124 os_tid = 0x5d8 [0141.947] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3653fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3653fea0*=0x634) returned 1 [0141.947] VirtualQuery (in: lpAddress=0x3653fec0, lpBuffer=0x3653fec0, dwLength=0x30 | out: lpBuffer=0x3653fec0*(BaseAddress=0x3653f000, AllocationBase=0x36340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.947] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KmAiPt.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kmaipt.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x638 [0141.948] GetConsoleMode (in: hConsoleHandle=0x638, lpMode=0xc0003b7cf4 | out: lpMode=0xc0003b7cf4) returned 0 [0141.950] GetFileType (hFile=0x638) returned 0x1 [0141.950] GetFileType (hFile=0x638) returned 0x1 [0141.950] GetFileInformationByHandle (in: hFile=0x638, lpFileInformation=0xc0003b7d44 | out: lpFileInformation=0xc0003b7d44) returned 1 [0141.950] GetFileInformationByHandleEx (in: hFile=0x638, FileInformationClass=0x9, lpFileInformation=0xc0003b7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003b7d28) returned 1 [0141.950] ReadFile (in: hFile=0x638, lpBuffer=0xc000130600, nNumberOfBytesToRead=0x5dc, lpNumberOfBytesRead=0xc0003b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000130600*, lpNumberOfBytesRead=0xc0003b7c04*=0x3dc, lpOverlapped=0x0) returned 1 [0142.662] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9e8 [0142.662] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9ec [0142.662] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0143.344] ReadFile (in: hFile=0x638, lpBuffer=0xc0001309dc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003b7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001309dc*, lpNumberOfBytesRead=0xc0003b7c04*=0x0, lpOverlapped=0x0) returned 1 [0143.344] CloseHandle (hObject=0x638) returned 1 [0143.344] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KmAiPt.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kmaipt.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x638 [0143.345] GetConsoleMode (in: hConsoleHandle=0x638, lpMode=0xc0003b7d04 | out: lpMode=0xc0003b7d04) returned 0 [0143.351] GetFileType (hFile=0x638) returned 0x1 [0143.351] WriteFile (in: hFile=0x638, lpBuffer=0xc00011e800*, nNumberOfBytesToWrite=0x3e0, lpNumberOfBytesWritten=0xc0003b7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011e800*, lpNumberOfBytesWritten=0xc0003b7cec*=0x3e0, lpOverlapped=0x0) returned 1 [0143.352] CloseHandle (hObject=0x638) returned 1 [0143.352] VirtualAlloc (lpAddress=0xc0006c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006c0000 [0143.354] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b101 | out: pbBuffer=0xc00031b101) returned 1 [0143.354] VirtualAlloc (lpAddress=0xc0006c2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006c2000 [0143.356] VirtualAlloc (lpAddress=0xc0006c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006c8000 [0143.358] VirtualAlloc (lpAddress=0xc0006ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ca000 [0143.360] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KmAiPt.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kmaipt.mkv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x638 [0143.360] GetConsoleMode (in: hConsoleHandle=0x638, lpMode=0xc0003b7d64 | out: lpMode=0xc0003b7d64) returned 0 [0143.373] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0143.990] SetEvent (hEvent=0x324) returned 1 [0143.990] GetFileType (hFile=0x638) returned 0x1 [0143.990] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0144.690] WriteFile (in: hFile=0x638, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003b7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0003b7d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.691] CloseHandle (hObject=0x638) returned 1 [0144.691] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KmAiPt.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kmaipt.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-KmAiPt.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-kmaipt.mkv.lnk"), dwFlags=0x1) returned 1 [0144.693] VirtualFree (lpAddress=0xc000616000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.694] VirtualFree (lpAddress=0xc000288000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.694] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.695] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.695] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.696] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.697] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.697] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0144.698] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.699] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.699] SetEvent (hEvent=0x920) returned 1 [0144.699] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0145.607] SetEvent (hEvent=0x8f8) returned 1 [0145.607] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0145.611] SetEvent (hEvent=0x8f8) returned 1 [0145.612] SetEvent (hEvent=0x108) returned 1 [0145.612] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0145.615] VirtualFree (lpAddress=0xc0004ea000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0145.617] VirtualFree (lpAddress=0xc000250000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.618] SetEvent (hEvent=0x1b4) returned 1 [0145.618] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0145.630] SetEvent (hEvent=0x28c) returned 1 [0145.630] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0145.678] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0145.679] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x748 [0145.680] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc0004dbcf4 | out: lpMode=0xc0004dbcf4) returned 0 [0145.681] GetFileType (hFile=0x748) returned 0x1 [0145.681] GetFileType (hFile=0x748) returned 0x1 [0145.681] GetFileInformationByHandle (in: hFile=0x748, lpFileInformation=0xc0004dbd44 | out: lpFileInformation=0xc0004dbd44) returned 1 [0145.681] GetFileInformationByHandleEx (in: hFile=0x748, FileInformationClass=0x9, lpFileInformation=0xc0004dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004dbd28) returned 1 [0145.681] VirtualAlloc (lpAddress=0xc000798000, dwSize=0x9e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0145.682] VirtualAlloc (lpAddress=0xc000798000, dwSize=0x9e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0145.682] VirtualAlloc (lpAddress=0xc000798000, dwSize=0x4f000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000798000 [0145.684] VirtualAlloc (lpAddress=0xc0007e7000, dwSize=0x4f000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0145.684] VirtualAlloc (lpAddress=0xc0007e7000, dwSize=0x27000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0145.685] VirtualAlloc (lpAddress=0xc0007e7000, dwSize=0x13000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007e7000 [0145.686] VirtualAlloc (lpAddress=0xc0007fa000, dwSize=0x3c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0145.686] VirtualAlloc (lpAddress=0xc0007fa000, dwSize=0x1e000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0145.686] VirtualAlloc (lpAddress=0xc0007fa000, dwSize=0xf000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0145.686] VirtualAlloc (lpAddress=0xc0007fa000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0145.687] VirtualAlloc (lpAddress=0xc0007fa000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fa000 [0145.688] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x39000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0145.688] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0145.688] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0145.688] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x7000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0145.688] VirtualAlloc (lpAddress=0xc0007fd000, dwSize=0x3000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007fd000 [0145.689] VirtualAlloc (lpAddress=0xc000800000, dwSize=0x36000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0145.711] ReadFile (in: hFile=0x748, lpBuffer=0xc000798000, nNumberOfBytesToRead=0x9d1ab, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000798000*, lpNumberOfBytesRead=0xc0004dbc04*=0x9cfab, lpOverlapped=0x0) returned 1 [0145.724] ReadFile (in: hFile=0x748, lpBuffer=0xc000834fab, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000834fab*, lpNumberOfBytesRead=0xc0004dbc04*=0x0, lpOverlapped=0x0) returned 1 [0145.724] CloseHandle (hObject=0x748) returned 1 [0145.724] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0145.726] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0145.727] VirtualAlloc (lpAddress=0xc000836000, dwSize=0x9e000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000836000 [0145.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x748 [0145.766] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc0004dbd04 | out: lpMode=0xc0004dbd04) returned 0 [0145.799] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0146.049] GetFileType (hFile=0x748) returned 0x1 [0146.049] WriteFile (in: hFile=0x748, lpBuffer=0xc000836000*, nNumberOfBytesToWrite=0x9cfb0, lpNumberOfBytesWritten=0xc0004dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000836000*, lpNumberOfBytesWritten=0xc0004dbcec*=0x9cfb0, lpOverlapped=0x0) returned 1 [0146.065] CloseHandle (hObject=0x748) returned 1 [0146.066] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0146.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x748 [0146.066] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc0004dbd64 | out: lpMode=0xc0004dbd64) returned 0 [0146.075] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0146.185] GetFileType (hFile=0x748) returned 0x1 [0146.186] WriteFile (in: hFile=0x748, lpBuffer=0xc0002906e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004dbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002906e0*, lpNumberOfBytesWritten=0xc0004dbd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.186] CloseHandle (hObject=0x748) returned 1 [0146.186] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\transcodedwallpaper.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\encry-TranscodedWallpaper.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\themes\\encry-transcodedwallpaper.jpg"), dwFlags=0x1) returned 1 [0146.187] SetEvent (hEvent=0xa78) returned 1 [0146.188] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0146.189] SetEvent (hEvent=0xa80) returned 1 [0146.189] SetEvent (hEvent=0xa58) returned 1 [0146.189] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0146.191] SetEvent (hEvent=0xa80) returned 1 [0146.191] SetEvent (hEvent=0xa50) returned 1 [0146.191] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0146.213] SetEvent (hEvent=0xbd8) returned 1 [0146.213] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0146.229] SetEvent (hEvent=0x8d0) returned 1 [0146.230] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0148.063] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uLo5RP3LW6sBTkCtxh.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ulo5rp3lw6sbtkctxh.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5a0 [0148.064] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc00014fcf4 | out: lpMode=0xc00014fcf4) returned 0 [0148.065] GetFileType (hFile=0x5a0) returned 0x1 [0148.065] GetFileType (hFile=0x5a0) returned 0x1 [0148.065] GetFileInformationByHandle (in: hFile=0x5a0, lpFileInformation=0xc00014fd44 | out: lpFileInformation=0xc00014fd44) returned 1 [0148.065] GetFileInformationByHandleEx (in: hFile=0x5a0, FileInformationClass=0x9, lpFileInformation=0xc00014fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00014fd28) returned 1 [0148.065] VirtualAlloc (lpAddress=0xc0002b6000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b6000 [0148.066] ReadFile (in: hFile=0x5a0, lpBuffer=0xc0002b6000, nNumberOfBytesToRead=0x7880, lpNumberOfBytesRead=0xc00014fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b6000*, lpNumberOfBytesRead=0xc00014fc04*=0x7680, lpOverlapped=0x0) returned 1 [0148.723] ReadFile (in: hFile=0x5a0, lpBuffer=0xc0002bd680, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00014fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002bd680*, lpNumberOfBytesRead=0xc00014fc04*=0x0, lpOverlapped=0x0) returned 1 [0148.723] CloseHandle (hObject=0x5a0) returned 1 [0148.724] VirtualAlloc (lpAddress=0xc00066c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00066c000 [0148.726] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uLo5RP3LW6sBTkCtxh.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ulo5rp3lw6sbtkctxh.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0150.617] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc00014fd04 | out: lpMode=0xc00014fd04) returned 0 [0150.621] GetFileType (hFile=0x7a0) returned 0x1 [0150.621] WriteFile (in: hFile=0x7a0, lpBuffer=0xc00066c000*, nNumberOfBytesToWrite=0x7690, lpNumberOfBytesWritten=0xc00014fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00066c000*, lpNumberOfBytesWritten=0xc00014fcec*=0x7690, lpOverlapped=0x0) returned 1 [0150.622] CloseHandle (hObject=0x7a0) returned 1 [0150.730] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0150.730] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uLo5RP3LW6sBTkCtxh.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ulo5rp3lw6sbtkctxh.bmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x678 [0150.730] GetConsoleMode (in: hConsoleHandle=0x678, lpMode=0xc00014fd64 | out: lpMode=0xc00014fd64) returned 0 [0150.734] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0150.761] GetFileType (hFile=0x678) returned 0x1 [0150.761] WriteFile (in: hFile=0x678, lpBuffer=0xc0000a2000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00014fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesWritten=0xc00014fd4c*=0x158, lpOverlapped=0x0) returned 1 [0150.761] CloseHandle (hObject=0x678) returned 1 [0150.763] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\uLo5RP3LW6sBTkCtxh.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\ulo5rp3lw6sbtkctxh.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-uLo5RP3LW6sBTkCtxh.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-ulo5rp3lw6sbtkctxh.bmp"), dwFlags=0x1) returned 1 [0152.934] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0152.973] GetFileType (hFile=0x668) returned 0x1 [0152.973] GetFileType (hFile=0x668) returned 0x1 [0152.973] GetFileInformationByHandle (in: hFile=0x668, lpFileInformation=0xc000493d44 | out: lpFileInformation=0xc000493d44) returned 1 [0152.973] GetFileInformationByHandleEx (in: hFile=0x668, FileInformationClass=0x9, lpFileInformation=0xc000493d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000493d28) returned 1 [0152.973] ReadFile (in: hFile=0x668, lpBuffer=0xc000072000, nNumberOfBytesToRead=0x69a, lpNumberOfBytesRead=0xc000493c04, lpOverlapped=0x0 | out: lpBuffer=0xc000072000*, lpNumberOfBytesRead=0xc000493c04*=0x49a, lpOverlapped=0x0) returned 1 [0153.050] ReadFile (in: hFile=0x668, lpBuffer=0xc00007249a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000493c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007249a*, lpNumberOfBytesRead=0xc000493c04*=0x0, lpOverlapped=0x0) returned 1 [0153.050] CloseHandle (hObject=0x668) returned 1 [0153.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x668 [0153.052] GetConsoleMode (in: hConsoleHandle=0x668, lpMode=0xc000493d04 | out: lpMode=0xc000493d04) returned 0 [0153.077] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0153.174] SetEvent (hEvent=0x9f0) returned 1 [0153.174] GetFileType (hFile=0x668) returned 0x1 [0153.174] WriteFile (in: hFile=0x668, lpBuffer=0xc0000dc500*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0xc000493cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000dc500*, lpNumberOfBytesWritten=0xc000493cec*=0x4a0, lpOverlapped=0x0) returned 1 [0153.175] CloseHandle (hObject=0x668) returned 1 [0153.176] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0153.176] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0153.177] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x668 [0153.178] GetConsoleMode (in: hConsoleHandle=0x668, lpMode=0xc000493d64 | out: lpMode=0xc000493d64) returned 0 [0153.185] GetFileType (hFile=0x668) returned 0x1 [0153.185] WriteFile (in: hFile=0x668, lpBuffer=0xc000104840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000493d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104840*, lpNumberOfBytesWritten=0xc000493d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.185] CloseHandle (hObject=0x668) returned 1 [0153.186] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\aclviho asldjfl.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\encry-Aclviho ASldjfl.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\encry-aclviho asldjfl.contact"), dwFlags=0x1) returned 1 [0153.187] SwitchToThread () returned 1 [0153.196] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0153.213] GetFileType (hFile=0x5c4) returned 0x1 [0153.213] WriteFile (in: hFile=0x5c4, lpBuffer=0xc00034a800*, nNumberOfBytesToWrite=0x45f0, lpNumberOfBytesWritten=0xc000155cec, lpOverlapped=0x0 | out: lpBuffer=0xc00034a800*, lpNumberOfBytesWritten=0xc000155cec*=0x45f0, lpOverlapped=0x0) returned 1 [0153.216] CloseHandle (hObject=0x5c4) returned 1 [0153.216] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0153.216] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NU5PyMWWm9NWMGJd_.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nu5pymwwm9nwmgjd_.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0153.216] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc000155d64 | out: lpMode=0xc000155d64) returned 0 [0153.260] GetFileType (hFile=0x5c4) returned 0x1 [0153.260] WriteFile (in: hFile=0x5c4, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000155d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000155d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.260] CloseHandle (hObject=0x5c4) returned 1 [0153.260] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NU5PyMWWm9NWMGJd_.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nu5pymwwm9nwmgjd_.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-NU5PyMWWm9NWMGJd_.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-nu5pymwwm9nwmgjd_.mp3"), dwFlags=0x1) returned 1 [0153.263] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0153.264] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dlkfd.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dlkfd.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5c4 [0153.265] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc000439cf4 | out: lpMode=0xc000439cf4) returned 0 [0153.274] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0153.280] GetFileType (hFile=0x5c4) returned 0x1 [0153.280] GetFileType (hFile=0x5c4) returned 0x1 [0153.280] GetFileInformationByHandle (in: hFile=0x5c4, lpFileInformation=0xc000439d44 | out: lpFileInformation=0xc000439d44) returned 1 [0153.280] GetFileInformationByHandleEx (in: hFile=0x5c4, FileInformationClass=0x9, lpFileInformation=0xc000439d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000439d28) returned 1 [0153.281] ReadFile (in: hFile=0x5c4, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x41c1, lpNumberOfBytesRead=0xc000439c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc000439c04*=0x3fc1, lpOverlapped=0x0) returned 1 [0153.282] ReadFile (in: hFile=0x5c4, lpBuffer=0xc000349fc1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000439c04, lpOverlapped=0x0 | out: lpBuffer=0xc000349fc1*, lpNumberOfBytesRead=0xc000439c04*=0x0, lpOverlapped=0x0) returned 1 [0153.283] CloseHandle (hObject=0x5c4) returned 1 [0153.283] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0153.285] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0153.286] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dlkfd.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dlkfd.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0153.288] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc000439d04 | out: lpMode=0xc000439d04) returned 0 [0153.295] GetFileType (hFile=0x5c4) returned 0x1 [0153.295] WriteFile (in: hFile=0x5c4, lpBuffer=0xc0000e8000*, nNumberOfBytesToWrite=0x3fd0, lpNumberOfBytesWritten=0xc000439cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e8000*, lpNumberOfBytesWritten=0xc000439cec*=0x3fd0, lpOverlapped=0x0) returned 1 [0153.297] CloseHandle (hObject=0x5c4) returned 1 [0153.297] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0153.297] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0153.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dlkfd.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dlkfd.docx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0153.299] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc000439d64 | out: lpMode=0xc000439d64) returned 0 [0153.321] GetFileType (hFile=0x5c4) returned 0x1 [0153.321] WriteFile (in: hFile=0x5c4, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000439d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc000439d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.321] CloseHandle (hObject=0x5c4) returned 1 [0153.322] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\dlkfd.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\dlkfd.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-dlkfd.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-dlkfd.docx"), dwFlags=0x1) returned 1 [0153.323] SwitchToThread () returned 1 [0153.344] SetEvent (hEvent=0x208) returned 1 [0153.344] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0153.359] SetEvent (hEvent=0x8d0) returned 1 [0153.359] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0153.363] SetEvent (hEvent=0x100) returned 1 [0153.363] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0154.952] SetEvent (hEvent=0x9a8) returned 1 [0154.953] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0154.994] SetEvent (hEvent=0x43c) returned 1 [0154.995] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0155.285] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe30*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0155.288] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0155.289] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3653f698, ulCount=0x10, ulNumEntriesRemoved=0x3653f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3653f698, ulNumEntriesRemoved=0x3653f66c) returned 0 [0155.289] SetEvent (hEvent=0xc64) returned 1 [0155.289] SetEvent (hEvent=0xa80) returned 1 [0155.289] SetEvent (hEvent=0xbd0) returned 1 [0155.291] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe08*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0155.354] SetEvent (hEvent=0xbd0) returned 1 [0155.354] SetEvent (hEvent=0xa80) returned 1 [0155.354] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe08*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0155.387] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0155.387] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe30*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0155.389] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0155.389] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3653f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3653f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3653f6a0, ulNumEntriesRemoved=0x3653f674) returned 0 [0155.389] SetEvent (hEvent=0xc0) returned 1 [0155.389] SetEvent (hEvent=0x9f0) returned 1 [0155.389] SetEvent (hEvent=0x208) returned 1 [0155.390] SetEvent (hEvent=0x8d0) returned 1 [0155.390] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe18*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0155.832] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3653f698, ulCount=0x10, ulNumEntriesRemoved=0x3653f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3653f698, ulNumEntriesRemoved=0x3653f66c) returned 0 [0155.832] SetEvent (hEvent=0x9f0) returned 1 [0155.832] SetEvent (hEvent=0x208) returned 1 [0155.833] SetEvent (hEvent=0x254) returned 1 [0155.835] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe08*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0155.962] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0155.962] SetEvent (hEvent=0x208) returned 1 [0155.962] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe08*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0156.083] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe30*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0156.085] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0156.085] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3653f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3653f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3653f6a0, ulNumEntriesRemoved=0x3653f674) returned 0 [0156.085] SetEvent (hEvent=0xc0) returned 1 [0156.085] SetEvent (hEvent=0xc64) returned 1 [0156.085] SetEvent (hEvent=0xb58) returned 1 [0156.085] SetEvent (hEvent=0x43c) returned 1 [0156.086] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe18*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0156.229] GetFileType (hFile=0x780) returned 0x1 [0156.229] WriteFile (in: hFile=0x780, lpBuffer=0xc00027c000*, nNumberOfBytesToWrite=0x7f30, lpNumberOfBytesWritten=0xc000031cec, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesWritten=0xc000031cec*=0x7f30, lpOverlapped=0x0) returned 1 [0156.232] CloseHandle (hObject=0x780) returned 1 [0156.233] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0156.233] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PQC qu7jynQj.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pqc qu7jynqj.docx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0156.233] GetConsoleMode (in: hConsoleHandle=0x780, lpMode=0xc000031d64 | out: lpMode=0xc000031d64) returned 0 [0156.275] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0156.403] SetEvent (hEvent=0x43c) returned 1 [0156.403] SetEvent (hEvent=0xb58) returned 1 [0156.403] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0157.132] SetEvent (hEvent=0x43c) returned 1 [0157.132] SetEvent (hEvent=0xb58) returned 1 [0157.132] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0157.345] SetEvent (hEvent=0x254) returned 1 [0157.346] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0158.184] SetEvent (hEvent=0x43c) returned 1 [0158.184] SetEvent (hEvent=0x1b4) returned 1 [0158.184] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0158.396] SetEvent (hEvent=0x254) returned 1 [0158.396] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0158.541] SetEvent (hEvent=0x43c) returned 1 [0158.541] SwitchToThread () returned 1 [0158.624] SwitchToThread () returned 1 [0158.626] SetEvent (hEvent=0x43c) returned 1 [0158.626] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0158.683] SetEvent (hEvent=0x43c) returned 1 [0158.684] SetEvent (hEvent=0xb58) returned 1 [0158.684] SetEvent (hEvent=0x254) returned 1 [0158.684] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0158.846] SetEvent (hEvent=0x43c) returned 1 [0158.847] SetEvent (hEvent=0xb58) returned 1 [0158.847] SetEvent (hEvent=0x1b4) returned 1 [0158.847] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0159.069] SetEvent (hEvent=0x254) returned 1 [0159.069] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0159.405] SetEvent (hEvent=0x43c) returned 1 [0159.405] SwitchToThread () returned 1 [0159.445] SetEvent (hEvent=0x43c) returned 1 [0159.445] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0159.540] SetEvent (hEvent=0x254) returned 1 [0159.540] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0159.955] SetEvent (hEvent=0xb58) returned 1 [0159.955] SetEvent (hEvent=0x43c) returned 1 [0159.955] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0160.302] SetEvent (hEvent=0xb58) returned 1 [0160.302] SetEvent (hEvent=0x254) returned 1 [0160.303] SetEvent (hEvent=0x43c) returned 1 [0160.303] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0160.412] SetEvent (hEvent=0x254) returned 1 [0160.412] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0160.598] SetEvent (hEvent=0xb58) returned 1 [0160.598] SwitchToThread () returned 1 [0160.623] SetEvent (hEvent=0xb58) returned 1 [0160.623] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0160.628] SetEvent (hEvent=0x1b4) returned 1 [0160.628] VirtualFree (lpAddress=0xc000542000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0160.630] VirtualFree (lpAddress=0xc0002b8000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0160.631] VirtualFree (lpAddress=0xc000230000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0160.632] VirtualFree (lpAddress=0xc000212000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0160.633] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.634] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.635] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.635] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.636] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.637] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.637] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0160.638] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.639] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.639] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.640] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\88w R.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\88w r.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7c4 [0160.641] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000305cf4 | out: lpMode=0xc000305cf4) returned 0 [0160.649] GetFileType (hFile=0x7c4) returned 0x1 [0160.649] GetFileType (hFile=0x7c4) returned 0x1 [0160.649] GetFileInformationByHandle (in: hFile=0x7c4, lpFileInformation=0xc000305d44 | out: lpFileInformation=0xc000305d44) returned 1 [0160.649] GetFileInformationByHandleEx (in: hFile=0x7c4, FileInformationClass=0x9, lpFileInformation=0xc000305d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000305d28) returned 1 [0160.650] VirtualAlloc (lpAddress=0xc0005a0000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005a0000 [0160.655] ReadFile (in: hFile=0x7c4, lpBuffer=0xc0005a0000, nNumberOfBytesToRead=0x138fd, lpNumberOfBytesRead=0xc000305c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005a0000*, lpNumberOfBytesRead=0xc000305c04*=0x136fd, lpOverlapped=0x0) returned 1 [0160.658] ReadFile (in: hFile=0x7c4, lpBuffer=0xc0005b36fd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000305c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005b36fd*, lpNumberOfBytesRead=0xc000305c04*=0x0, lpOverlapped=0x0) returned 1 [0160.658] CloseHandle (hObject=0x7c4) returned 1 [0160.658] VirtualAlloc (lpAddress=0xc0005b4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005b4000 [0160.663] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\88w R.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\88w r.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0160.678] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000305d04 | out: lpMode=0xc000305d04) returned 0 [0160.683] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0160.689] GetFileType (hFile=0x7c4) returned 0x1 [0160.689] WriteFile (in: hFile=0x7c4, lpBuffer=0xc0005b4000*, nNumberOfBytesToWrite=0x13700, lpNumberOfBytesWritten=0xc000305cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005b4000*, lpNumberOfBytesWritten=0xc000305cec*=0x13700, lpOverlapped=0x0) returned 1 [0160.693] CloseHandle (hObject=0x7c4) returned 1 [0160.693] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a301 | out: pbBuffer=0xc00028a301) returned 1 [0160.693] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0160.694] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\88w R.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\88w r.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0160.695] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000305d64 | out: lpMode=0xc000305d64) returned 0 [0160.709] GetFileType (hFile=0x7c4) returned 0x1 [0160.709] WriteFile (in: hFile=0x7c4, lpBuffer=0xc000050dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000305d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050dc0*, lpNumberOfBytesWritten=0xc000305d4c*=0x158, lpOverlapped=0x0) returned 1 [0160.709] CloseHandle (hObject=0x7c4) returned 1 [0160.718] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\88w R.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\88w r.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\encry-88w R.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\encry-88w r.jpg"), dwFlags=0x1) returned 1 [0160.721] SwitchToThread () returned 1 [0160.724] SetEvent (hEvent=0xb58) returned 1 [0160.724] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0160.725] SetEvent (hEvent=0xb58) returned 1 [0160.726] SetEvent (hEvent=0x1b4) returned 1 [0160.726] SetEvent (hEvent=0x43c) returned 1 [0160.726] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0160.746] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0160.747] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0160.748] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\IVEiiNEKbFiWetwReL-r.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\iveiinekbfiwetwrel-r.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7c4 [0160.749] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000315cf4 | out: lpMode=0xc000315cf4) returned 0 [0160.770] GetFileType (hFile=0x7c4) returned 0x1 [0160.770] GetFileType (hFile=0x7c4) returned 0x1 [0160.771] GetFileInformationByHandle (in: hFile=0x7c4, lpFileInformation=0xc000315d44 | out: lpFileInformation=0xc000315d44) returned 1 [0160.771] GetFileInformationByHandleEx (in: hFile=0x7c4, FileInformationClass=0x9, lpFileInformation=0xc000315d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000315d28) returned 1 [0160.771] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0160.772] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0160.778] ReadFile (in: hFile=0x7c4, lpBuffer=0xc000542000, nNumberOfBytesToRead=0x16c47, lpNumberOfBytesRead=0xc000315c04, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesRead=0xc000315c04*=0x16a47, lpOverlapped=0x0) returned 1 [0160.781] ReadFile (in: hFile=0x7c4, lpBuffer=0xc000558a47, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000315c04, lpOverlapped=0x0 | out: lpBuffer=0xc000558a47*, lpNumberOfBytesRead=0xc000315c04*=0x0, lpOverlapped=0x0) returned 1 [0160.781] CloseHandle (hObject=0x7c4) returned 1 [0160.781] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0160.786] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\IVEiiNEKbFiWetwReL-r.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\iveiinekbfiwetwrel-r.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0160.788] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000315d04 | out: lpMode=0xc000315d04) returned 0 [0160.792] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0160.815] SetEvent (hEvent=0xc0) returned 1 [0160.815] SetEvent (hEvent=0xb58) returned 1 [0160.815] GetFileType (hFile=0x7c4) returned 0x1 [0160.815] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0160.829] WriteFile (in: hFile=0x7c4, lpBuffer=0xc00058e000*, nNumberOfBytesToWrite=0x16a50, lpNumberOfBytesWritten=0xc000315cec, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesWritten=0xc000315cec*=0x16a50, lpOverlapped=0x0) returned 1 [0160.834] CloseHandle (hObject=0x7c4) returned 1 [0160.834] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0160.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\IVEiiNEKbFiWetwReL-r.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\iveiinekbfiwetwrel-r.bmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0160.835] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000315d64 | out: lpMode=0xc000315d64) returned 0 [0160.846] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0160.855] GetFileType (hFile=0x7c4) returned 0x1 [0160.855] WriteFile (in: hFile=0x7c4, lpBuffer=0xc000050b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000315d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050b00*, lpNumberOfBytesWritten=0xc000315d4c*=0x158, lpOverlapped=0x0) returned 1 [0160.857] CloseHandle (hObject=0x7c4) returned 1 [0160.857] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0160.858] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0160.859] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0160.861] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0160.862] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\IVEiiNEKbFiWetwReL-r.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\iveiinekbfiwetwrel-r.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\encry-IVEiiNEKbFiWetwReL-r.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\encry-iveiinekbfiwetwrel-r.bmp"), dwFlags=0x1) returned 1 [0160.864] SwitchToThread () returned 1 [0160.869] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0160.877] SetEvent (hEvent=0x43c) returned 1 [0160.877] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe30*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0160.880] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3653f698, ulCount=0x10, ulNumEntriesRemoved=0x3653f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3653f698, ulNumEntriesRemoved=0x3653f66c) returned 0 [0160.885] SetEvent (hEvent=0x254) returned 1 [0160.885] SetEvent (hEvent=0x43c) returned 1 [0160.885] SetEvent (hEvent=0x1b4) returned 1 [0160.887] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe08*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.907] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0160.907] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe08*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.972] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0160.972] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3653f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3653f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3653f6a0, ulNumEntriesRemoved=0x3653f674) returned 0 [0160.972] SetEvent (hEvent=0xb58) returned 1 [0160.972] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe18*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0161.018] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0161.018] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe30*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0161.021] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0161.021] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3653f698, ulCount=0x10, ulNumEntriesRemoved=0x3653f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3653f698, ulNumEntriesRemoved=0x3653f66c) returned 0 [0161.021] SetEvent (hEvent=0xc0) returned 1 [0161.021] SetEvent (hEvent=0x1b4) returned 1 [0161.021] SetEvent (hEvent=0x43c) returned 1 [0161.023] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe08*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0161.041] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe08*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0161.096] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3653f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3653f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3653f6a0, ulNumEntriesRemoved=0x3653f674) returned 0 [0161.097] SetEvent (hEvent=0xa8) returned 1 [0161.097] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe18*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0161.160] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0161.160] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3653f698, ulCount=0x10, ulNumEntriesRemoved=0x3653f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3653f698, ulNumEntriesRemoved=0x3653f66c) returned 0 [0161.160] SetEvent (hEvent=0x43c) returned 1 [0161.160] SetEvent (hEvent=0x254) returned 1 [0161.163] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe08*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0161.170] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0161.170] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe08*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0161.173] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0161.173] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe30*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0161.174] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0161.175] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3653f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3653f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3653f6a0, ulNumEntriesRemoved=0x3653f674) returned 0 [0161.175] SetEvent (hEvent=0xc0) returned 1 [0161.175] SetEvent (hEvent=0x8d0) returned 1 [0161.175] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3653fe18*=0x9e8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0161.223] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\7A0bSuhSHPgM.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\7a0bsuhshpgm.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e4 [0162.063] GetConsoleMode (in: hConsoleHandle=0x3e4, lpMode=0xc000481cf4 | out: lpMode=0xc000481cf4) returned 0 [0162.412] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0162.599] SetEvent (hEvent=0x8d0) returned 1 [0162.599] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0163.503] WriteFile (in: hFile=0x5d8, lpBuffer=0xc00064c000*, nNumberOfBytesToWrite=0x13af0, lpNumberOfBytesWritten=0xc00051bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00064c000*, lpNumberOfBytesWritten=0xc00051bcec*=0x13af0, lpOverlapped=0x0) returned 1 [0166.363] CloseHandle (hObject=0x5d8) returned 1 [0166.708] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) returned 0x0 [0166.903] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0166.903] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\w-DmknS18kHsIOAq9rA.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\w-dmkns18khsioaq9ra.swf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40c [0166.904] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc00051bd64 | out: lpMode=0xc00051bd64) returned 0 [0166.906] GetFileType (hFile=0x40c) returned 0x1 [0166.906] WriteFile (in: hFile=0x40c, lpBuffer=0xc000184f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00051bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000184f20*, lpNumberOfBytesWritten=0xc00051bd4c*=0x158, lpOverlapped=0x0) returned 1 [0166.906] CloseHandle (hObject=0x40c) returned 1 [0166.907] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\w-DmknS18kHsIOAq9rA.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\w-dmkns18khsioaq9ra.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\encry-w-DmknS18kHsIOAq9rA.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\encry-w-dmkns18khsioaq9ra.swf"), dwFlags=0x1) returned 1 [0167.389] WaitForSingleObject (hHandle=0x9e8, dwMilliseconds=0xffffffff) Thread: id = 125 os_tid = 0xae8 [0141.953] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3673fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3673fea0*=0x640) returned 1 [0141.953] VirtualQuery (in: lpAddress=0x3673fec0, lpBuffer=0x3673fec0, dwLength=0x30 | out: lpBuffer=0x3673fec0*(BaseAddress=0x3673f000, AllocationBase=0x36540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.953] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SNa_Kj_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\sna_kj_.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x644 [0141.955] GetConsoleMode (in: hConsoleHandle=0x644, lpMode=0xc000403cf4 | out: lpMode=0xc000403cf4) returned 0 [0141.955] GetFileType (hFile=0x644) returned 0x1 [0141.955] GetFileType (hFile=0x644) returned 0x1 [0141.955] GetFileInformationByHandle (in: hFile=0x644, lpFileInformation=0xc000403d44 | out: lpFileInformation=0xc000403d44) returned 1 [0141.955] GetFileInformationByHandleEx (in: hFile=0x644, FileInformationClass=0x9, lpFileInformation=0xc000403d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000403d28) returned 1 [0141.955] ReadFile (in: hFile=0x644, lpBuffer=0xc000232c00, nNumberOfBytesToRead=0xb73, lpNumberOfBytesRead=0xc000403c04, lpOverlapped=0x0 | out: lpBuffer=0xc000232c00*, lpNumberOfBytesRead=0xc000403c04*=0x973, lpOverlapped=0x0) returned 1 [0142.665] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9f0 [0142.665] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9f4 [0142.665] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0143.393] ReadFile (in: hFile=0x644, lpBuffer=0xc000233573, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000403c04, lpOverlapped=0x0 | out: lpBuffer=0xc000233573*, lpNumberOfBytesRead=0xc000403c04*=0x0, lpOverlapped=0x0) returned 1 [0143.393] CloseHandle (hObject=0x644) returned 1 [0143.393] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SNa_Kj_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\sna_kj_.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x644 [0143.394] GetConsoleMode (in: hConsoleHandle=0x644, lpMode=0xc000403d04 | out: lpMode=0xc000403d04) returned 0 [0143.395] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0144.066] GetFileType (hFile=0x644) returned 0x1 [0144.066] WriteFile (in: hFile=0x644, lpBuffer=0xc000742a80*, nNumberOfBytesToWrite=0x980, lpNumberOfBytesWritten=0xc000403cec, lpOverlapped=0x0 | out: lpBuffer=0xc000742a80*, lpNumberOfBytesWritten=0xc000403cec*=0x980, lpOverlapped=0x0) returned 1 [0144.067] CloseHandle (hObject=0x644) returned 1 [0144.067] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0144.067] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SNa_Kj_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\sna_kj_.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x644 [0144.067] GetConsoleMode (in: hConsoleHandle=0x644, lpMode=0xc000403d64 | out: lpMode=0xc000403d64) returned 0 [0144.069] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0144.822] GetFileType (hFile=0x644) returned 0x1 [0144.822] WriteFile (in: hFile=0x644, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000403d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000403d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.822] CloseHandle (hObject=0x644) returned 1 [0144.824] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0145.586] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\SNa_Kj_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\sna_kj_.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-SNa_Kj_.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-sna_kj_.lnk"), dwFlags=0x1) returned 1 [0148.111] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0148.114] SetEvent (hEvent=0xbf0) returned 1 [0148.114] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0148.115] SetEvent (hEvent=0xbf0) returned 1 [0148.115] SetEvent (hEvent=0x9a8) returned 1 [0148.115] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.116] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.116] SetEvent (hEvent=0xae0) returned 1 [0148.116] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0148.121] SwitchToThread () returned 1 [0148.122] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0148.124] SetEvent (hEvent=0xbf0) returned 1 [0148.124] SetEvent (hEvent=0x9a8) returned 1 [0148.124] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.125] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.126] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.126] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.127] SwitchToThread () returned 1 [0148.128] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0148.131] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0148.132] SetEvent (hEvent=0x28c) returned 1 [0148.132] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0148.135] SetEvent (hEvent=0x28c) returned 1 [0148.135] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0148.137] SetEvent (hEvent=0x28c) returned 1 [0148.137] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0148.138] SetEvent (hEvent=0x28c) returned 1 [0148.138] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0148.139] SetEvent (hEvent=0x28c) returned 1 [0148.139] SetEvent (hEvent=0xab8) returned 1 [0148.139] SetEvent (hEvent=0xae0) returned 1 [0148.139] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0148.253] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0148.254] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0148.255] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0148.257] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0148.258] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0148.260] SetEvent (hEvent=0x9a8) returned 1 [0148.260] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002060b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00044d818, lpReserved=0x0 | out: lpBuffer=0xc0002060b8*, lpNumberOfCharsWritten=0xc00044d818*=0x4) returned 1 [0148.261] SetEvent (hEvent=0x9a8) returned 1 [0148.261] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002060e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003ef818, lpReserved=0x0 | out: lpBuffer=0xc0002060e0*, lpNumberOfCharsWritten=0xc0003ef818*=0x4) returned 1 [0148.262] SetEvent (hEvent=0x9a8) returned 1 [0148.262] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002060e8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00011b818, lpReserved=0x0 | out: lpBuffer=0xc0002060e8*, lpNumberOfCharsWritten=0xc00011b818*=0x4) returned 1 [0148.262] SetEvent (hEvent=0x9a8) returned 1 [0148.263] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206110*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00014b818, lpReserved=0x0 | out: lpBuffer=0xc000206110*, lpNumberOfCharsWritten=0xc00014b818*=0x4) returned 1 [0148.263] SetEvent (hEvent=0x9a8) returned 1 [0148.263] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206118*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000155818, lpReserved=0x0 | out: lpBuffer=0xc000206118*, lpNumberOfCharsWritten=0xc000155818*=0x4) returned 1 [0148.264] SetEvent (hEvent=0x9a8) returned 1 [0148.264] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206120*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000189818, lpReserved=0x0 | out: lpBuffer=0xc000206120*, lpNumberOfCharsWritten=0xc000189818*=0x4) returned 1 [0148.265] SetEvent (hEvent=0x9a8) returned 1 [0148.265] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001b0140*, nNumberOfCharsToWrite=0x91, lpNumberOfCharsWritten=0xc0001ab808, lpReserved=0x0 | out: lpBuffer=0xc0001b0140*, lpNumberOfCharsWritten=0xc0001ab808*=0x91) returned 1 [0148.266] SetEvent (hEvent=0x9a8) returned 1 [0148.266] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533701 | out: pbBuffer=0xc000533701) returned 1 [0148.266] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554 [0148.266] GetConsoleMode (in: hConsoleHandle=0x554, lpMode=0xc0001abd64 | out: lpMode=0xc0001abd64) returned 0 [0148.267] GetFileType (hFile=0x554) returned 0x1 [0148.267] WriteFile (in: hFile=0x554, lpBuffer=0xc0002ec840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001abd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ec840*, lpNumberOfBytesWritten=0xc0001abd4c*=0x158, lpOverlapped=0x0) returned 1 [0149.309] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0149.350] CloseHandle (hObject=0x554) returned 1 [0149.381] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0149.382] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\encry-Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0150.826] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0150.826] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0150.828] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0150.829] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0150.830] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0150.830] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc000409d64 | out: lpMode=0xc000409d64) returned 0 [0150.837] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0150.841] GetFileType (hFile=0x2cc) returned 0x1 [0150.841] WriteFile (in: hFile=0x2cc, lpBuffer=0xc0001042c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000409d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001042c0*, lpNumberOfBytesWritten=0xc000409d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.841] CloseHandle (hObject=0x2cc) returned 1 [0150.841] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-signons.sqlite"), dwFlags=0x1) returned 1 [0152.100] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0152.317] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0152.317] SetEvent (hEvent=0xc44) returned 1 [0152.317] SetEvent (hEvent=0x3b0) returned 1 [0152.317] SetEvent (hEvent=0x9a8) returned 1 [0152.318] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0152.321] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0152.321] SetEvent (hEvent=0x9a8) returned 1 [0152.321] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0152.355] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0152.355] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0152.357] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0152.357] SetEvent (hEvent=0xc0) returned 1 [0152.357] SetEvent (hEvent=0xa30) returned 1 [0152.357] SetEvent (hEvent=0xa68) returned 1 [0152.357] SetEvent (hEvent=0x304) returned 1 [0152.357] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0152.391] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0152.393] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0152.393] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0152.393] SetEvent (hEvent=0xbd0) returned 1 [0152.393] SetEvent (hEvent=0x264) returned 1 [0152.393] SetEvent (hEvent=0x304) returned 1 [0152.394] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0152.414] SetEvent (hEvent=0x304) returned 1 [0152.414] SetEvent (hEvent=0x274) returned 1 [0152.415] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0152.573] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0152.573] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0152.610] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0152.610] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0152.610] SetEvent (hEvent=0xc0) returned 1 [0152.610] SetEvent (hEvent=0xc80) returned 1 [0152.610] SetEvent (hEvent=0xab8) returned 1 [0152.610] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0152.880] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0152.880] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0152.892] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0152.893] SetEvent (hEvent=0xc80) returned 1 [0152.893] SetEvent (hEvent=0xa30) returned 1 [0152.893] SetEvent (hEvent=0xa68) returned 1 [0152.894] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0152.911] SetEvent (hEvent=0x304) returned 1 [0152.911] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0152.931] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0152.931] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0152.935] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0152.935] SetEvent (hEvent=0xc0) returned 1 [0152.935] SetEvent (hEvent=0x9a8) returned 1 [0152.935] SetEvent (hEvent=0x264) returned 1 [0152.935] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0153.056] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0153.056] SetEvent (hEvent=0x8e8) returned 1 [0153.056] SetEvent (hEvent=0x264) returned 1 [0153.056] SetEvent (hEvent=0x3b0) returned 1 [0153.058] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0153.079] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0153.079] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0153.196] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0153.196] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0153.197] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0153.198] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0153.198] SetEvent (hEvent=0xc0) returned 1 [0153.198] SetEvent (hEvent=0xa80) returned 1 [0153.198] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0153.271] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0153.271] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0153.271] SetEvent (hEvent=0x254) returned 1 [0153.271] SetEvent (hEvent=0xa80) returned 1 [0153.273] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0153.277] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0153.277] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0153.291] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0153.291] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0153.292] SetEvent (hEvent=0xb58) returned 1 [0153.292] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0153.355] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0153.356] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0153.356] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0153.357] SetEvent (hEvent=0x9e8) returned 1 [0153.357] SetEvent (hEvent=0x9a8) returned 1 [0153.358] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0153.363] SetEvent (hEvent=0x9a8) returned 1 [0153.363] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0153.375] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0153.376] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0153.376] SetEvent (hEvent=0xc0) returned 1 [0153.376] SetEvent (hEvent=0x9a8) returned 1 [0153.376] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0153.396] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0153.397] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0153.397] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0153.397] SetEvent (hEvent=0xb58) returned 1 [0153.397] SetEvent (hEvent=0x9a8) returned 1 [0153.399] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0153.412] SetEvent (hEvent=0x9a8) returned 1 [0153.412] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0153.418] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0153.418] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0153.419] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0153.419] SetEvent (hEvent=0xc0) returned 1 [0153.419] SetEvent (hEvent=0x8d0) returned 1 [0153.419] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0153.466] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0153.466] SetEvent (hEvent=0x9a8) returned 1 [0153.466] SetEvent (hEvent=0x43c) returned 1 [0153.468] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0153.490] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0153.491] SetEvent (hEvent=0x43c) returned 1 [0153.491] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0153.544] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0153.544] SetEvent (hEvent=0x100) returned 1 [0153.544] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0153.585] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0153.585] SetEvent (hEvent=0x8d0) returned 1 [0153.585] SetEvent (hEvent=0x9a8) returned 1 [0153.587] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0153.607] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0153.608] SetEvent (hEvent=0x9a8) returned 1 [0153.608] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0153.693] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0153.693] SetEvent (hEvent=0x9a8) returned 1 [0153.693] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0153.820] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0153.820] SetEvent (hEvent=0x208) returned 1 [0153.820] SetEvent (hEvent=0x8d0) returned 1 [0153.822] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0153.827] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0153.827] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0153.856] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0153.857] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0153.857] SetEvent (hEvent=0x43c) returned 1 [0153.857] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0153.962] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0153.963] SetEvent (hEvent=0x8d0) returned 1 [0153.963] SetEvent (hEvent=0x208) returned 1 [0153.965] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0153.977] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0153.977] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0153.992] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0153.992] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0153.992] SetEvent (hEvent=0x43c) returned 1 [0153.993] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0154.079] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0154.079] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0154.081] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0154.081] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0154.081] SetEvent (hEvent=0xc0) returned 1 [0154.081] SetEvent (hEvent=0x100) returned 1 [0154.081] SetEvent (hEvent=0x208) returned 1 [0154.083] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0154.089] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0154.105] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0154.105] SetEvent (hEvent=0x100) returned 1 [0154.105] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0154.202] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0154.202] SetEvent (hEvent=0x208) returned 1 [0154.202] SetEvent (hEvent=0x8d0) returned 1 [0154.204] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0154.218] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0154.218] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0154.235] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0154.235] SetEvent (hEvent=0x43c) returned 1 [0154.236] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0154.332] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0154.332] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0154.332] SetEvent (hEvent=0x9a8) returned 1 [0154.332] SetEvent (hEvent=0x208) returned 1 [0154.334] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0154.347] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0154.347] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0154.360] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0154.360] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0154.361] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0154.362] SetEvent (hEvent=0xc0) returned 1 [0154.362] SetEvent (hEvent=0x100) returned 1 [0154.362] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0154.442] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0154.442] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x438, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3673f968, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3673f968*=0x3fc) returned 1 [0154.442] SuspendThread (hThread=0x3fc) returned 0x0 [0154.442] GetThreadContext (in: hThread=0x3fc, lpContext=0x3673f980 | out: lpContext=0x3673f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x287, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0004db7e0, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x4da7cb, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0154.445] SetThreadContext (hThread=0x3fc, lpContext=0x3673f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x287, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0xc0004db7d8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x461ec0, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0154.446] ResumeThread (hThread=0x3fc) returned 0x1 [0154.446] CloseHandle (hObject=0x3fc) returned 1 [0154.446] SetEvent (hEvent=0x8d0) returned 1 [0154.447] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0154.448] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0154.449] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0154.449] SetEvent (hEvent=0xc0) returned 1 [0154.449] SetEvent (hEvent=0x43c) returned 1 [0154.449] SetEvent (hEvent=0x8d0) returned 1 [0154.449] SetEvent (hEvent=0x208) returned 1 [0154.451] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0154.459] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0154.465] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0154.467] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0154.468] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0154.468] SetEvent (hEvent=0x100) returned 1 [0154.468] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0154.549] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0154.549] SetEvent (hEvent=0x208) returned 1 [0154.549] SetEvent (hEvent=0x9a8) returned 1 [0154.551] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0154.565] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0154.594] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0154.703] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0154.724] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0154.724] SetEvent (hEvent=0xc0) returned 1 [0154.724] SetEvent (hEvent=0x8d0) returned 1 [0154.724] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0154.791] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0154.791] SetEvent (hEvent=0xb58) returned 1 [0154.791] SetEvent (hEvent=0x208) returned 1 [0154.791] SetEvent (hEvent=0x9a8) returned 1 [0154.792] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0154.799] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0154.799] SetEvent (hEvent=0x208) returned 1 [0154.799] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0154.869] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0154.869] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0154.869] SetEvent (hEvent=0xb58) returned 1 [0154.869] SetEvent (hEvent=0x1b4) returned 1 [0154.870] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0154.947] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0154.948] SetEvent (hEvent=0x9e8) returned 1 [0154.948] SetEvent (hEvent=0xb58) returned 1 [0154.948] SetEvent (hEvent=0xa80) returned 1 [0154.950] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0154.959] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0154.959] SetEvent (hEvent=0xa80) returned 1 [0154.959] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0154.990] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0154.990] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0154.992] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0154.992] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0154.993] SetEvent (hEvent=0x9e8) returned 1 [0154.993] SetEvent (hEvent=0xa80) returned 1 [0154.993] SetEvent (hEvent=0x254) returned 1 [0154.993] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0155.016] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f698, ulCount=0x10, ulNumEntriesRemoved=0x3673f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f698, ulNumEntriesRemoved=0x3673f66c) returned 0 [0155.016] SetEvent (hEvent=0x1b4) returned 1 [0155.016] SetEvent (hEvent=0x8d0) returned 1 [0155.018] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0155.069] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0155.069] SetEvent (hEvent=0x8d0) returned 1 [0155.069] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe08*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0155.202] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0155.202] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe30*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0155.205] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0155.205] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3673f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3673f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3673f6a0, ulNumEntriesRemoved=0x3673f674) returned 0 [0155.206] SetEvent (hEvent=0x1b4) returned 1 [0155.206] SetEvent (hEvent=0x208) returned 1 [0155.206] SetEvent (hEvent=0x254) returned 1 [0155.206] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3673fe18*=0x9f0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0155.260] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0155.261] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7c4 [0155.262] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc00040bcf4 | out: lpMode=0xc00040bcf4) returned 0 [0155.270] GetFileType (hFile=0x7c4) returned 0x1 [0155.270] GetFileType (hFile=0x7c4) returned 0x1 [0155.270] GetFileInformationByHandle (in: hFile=0x7c4, lpFileInformation=0xc00040bd44 | out: lpFileInformation=0xc00040bd44) returned 1 [0155.271] GetFileInformationByHandleEx (in: hFile=0x7c4, FileInformationClass=0x9, lpFileInformation=0xc00040bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00040bd28) returned 1 [0155.271] ReadFile (in: hFile=0x7c4, lpBuffer=0xc00006e2c0, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0xc00040bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e2c0*, lpNumberOfBytesRead=0xc00040bc04*=0x85, lpOverlapped=0x0) returned 1 [0155.273] ReadFile (in: hFile=0x7c4, lpBuffer=0xc00006e345, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00040bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e345*, lpNumberOfBytesRead=0xc00040bc04*=0x0, lpOverlapped=0x0) returned 1 [0155.273] CloseHandle (hObject=0x7c4) returned 1 [0155.273] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0155.274] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0155.276] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0155.277] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0155.279] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc00040bd04 | out: lpMode=0xc00040bd04) returned 0 [0155.281] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0155.363] GetFileType (hFile=0x7c4) returned 0x1 [0155.363] WriteFile (in: hFile=0x7c4, lpBuffer=0xc000040000*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc00040bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000040000*, lpNumberOfBytesWritten=0xc00040bcec*=0x90, lpOverlapped=0x0) returned 1 [0155.365] CloseHandle (hObject=0x7c4) returned 1 [0155.366] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0155.366] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0155.367] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0155.369] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0155.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0155.370] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc00040bd64 | out: lpMode=0xc00040bd64) returned 0 [0155.375] GetFileType (hFile=0x7c4) returned 0x1 [0155.375] WriteFile (in: hFile=0x7c4, lpBuffer=0xc0002849a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00040bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002849a0*, lpNumberOfBytesWritten=0xc00040bd4c*=0x158, lpOverlapped=0x0) returned 1 [0155.375] CloseHandle (hObject=0x7c4) returned 1 [0155.376] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0155.377] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\windows live spaces.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Windows Live\\encry-Windows Live Spaces.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\windows live\\encry-windows live spaces.url"), dwFlags=0x1) returned 1 [0155.379] SetEvent (hEvent=0x208) returned 1 [0155.379] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0155.391] SetEvent (hEvent=0x254) returned 1 [0155.391] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0155.959] SetEvent (hEvent=0xc64) returned 1 [0155.959] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0156.275] SetEvent (hEvent=0x43c) returned 1 [0156.275] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0156.289] SetEvent (hEvent=0x43c) returned 1 [0156.289] VirtualFree (lpAddress=0xc00031c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0156.291] VirtualFree (lpAddress=0xc0002ea000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0156.292] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.292] VirtualFree (lpAddress=0xc0002b4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0156.294] VirtualFree (lpAddress=0xc000292000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0156.295] VirtualFree (lpAddress=0xc00028c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0156.296] VirtualFree (lpAddress=0xc000288000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.297] VirtualFree (lpAddress=0xc000230000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.298] VirtualFree (lpAddress=0xc000226000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.299] VirtualFree (lpAddress=0xc000220000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.300] VirtualFree (lpAddress=0xc000206000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.301] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.302] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.302] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.303] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0156.304] SetEvent (hEvent=0x208) returned 1 [0156.304] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0161.235] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0161.236] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\ed_BIDg3.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ed_bidg3.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e4 [0162.059] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc00012bcf4 | out: lpMode=0xc00012bcf4) returned 0 [0162.411] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) returned 0x0 [0162.584] SetEvent (hEvent=0xbd0) returned 1 [0162.584] WaitForSingleObject (hHandle=0x9f0, dwMilliseconds=0xffffffff) Thread: id = 126 os_tid = 0xb08 [0141.957] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3693fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3693fea0*=0x648) returned 1 [0141.958] VirtualQuery (in: lpAddress=0x3693fec0, lpBuffer=0x3693fec0, dwLength=0x30 | out: lpBuffer=0x3693fec0*(BaseAddress=0x3693f000, AllocationBase=0x36740000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.958] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aeEUqq nGOo.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aeeuqq ngoo.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x64c [0141.959] GetConsoleMode (in: hConsoleHandle=0x64c, lpMode=0xc000437cf4 | out: lpMode=0xc000437cf4) returned 0 [0141.960] GetFileType (hFile=0x64c) returned 0x1 [0141.960] GetFileType (hFile=0x64c) returned 0x1 [0141.960] GetFileInformationByHandle (in: hFile=0x64c, lpFileInformation=0xc000437d44 | out: lpFileInformation=0xc000437d44) returned 1 [0141.960] GetFileInformationByHandleEx (in: hFile=0x64c, FileInformationClass=0x9, lpFileInformation=0xc000437d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000437d28) returned 1 [0141.960] ReadFile (in: hFile=0x64c, lpBuffer=0xc000120900, nNumberOfBytesToRead=0x448, lpNumberOfBytesRead=0xc000437c04, lpOverlapped=0x0 | out: lpBuffer=0xc000120900*, lpNumberOfBytesRead=0xc000437c04*=0x248, lpOverlapped=0x0) returned 1 [0142.667] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9f8 [0142.667] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x9fc [0142.667] WaitForSingleObject (hHandle=0x9f8, dwMilliseconds=0xffffffff) returned 0x0 [0143.397] ReadFile (in: hFile=0x64c, lpBuffer=0xc000120b48, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000437c04, lpOverlapped=0x0 | out: lpBuffer=0xc000120b48*, lpNumberOfBytesRead=0xc000437c04*=0x0, lpOverlapped=0x0) returned 1 [0143.397] CloseHandle (hObject=0x64c) returned 1 [0143.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aeEUqq nGOo.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aeeuqq ngoo.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x64c [0143.398] GetConsoleMode (in: hConsoleHandle=0x64c, lpMode=0xc000437d04 | out: lpMode=0xc000437d04) returned 0 [0143.404] GetFileType (hFile=0x64c) returned 0x1 [0143.404] WriteFile (in: hFile=0x64c, lpBuffer=0xc0006ce280*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0xc000437cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006ce280*, lpNumberOfBytesWritten=0xc000437cec*=0x250, lpOverlapped=0x0) returned 1 [0143.405] CloseHandle (hObject=0x64c) returned 1 [0143.405] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0143.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aeEUqq nGOo.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aeeuqq ngoo.flv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x64c [0143.406] GetConsoleMode (in: hConsoleHandle=0x64c, lpMode=0xc000437d64 | out: lpMode=0xc000437d64) returned 0 [0143.415] GetFileType (hFile=0x64c) returned 0x1 [0143.415] WriteFile (in: hFile=0x64c, lpBuffer=0xc0006829a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000437d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006829a0*, lpNumberOfBytesWritten=0xc000437d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.415] CloseHandle (hObject=0x64c) returned 1 [0143.415] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\aeEUqq nGOo.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\aeeuqq ngoo.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-aeEUqq nGOo.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-aeeuqq ngoo.flv.lnk"), dwFlags=0x1) returned 1 [0143.417] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3693fe30*=0x9f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.419] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3693f698, ulCount=0x10, ulNumEntriesRemoved=0x3693f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3693f698, ulNumEntriesRemoved=0x3693f66c) returned 0 [0143.419] SetEvent (hEvent=0xac0) returned 1 [0143.419] SetEvent (hEvent=0x414) returned 1 [0143.419] SetEvent (hEvent=0xb78) returned 1 [0143.421] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3693fe08*=0x9f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.428] SetEvent (hEvent=0xb78) returned 1 [0143.428] SetEvent (hEvent=0x414) returned 1 [0143.428] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3693fe08*=0x9f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.432] WaitForSingleObject (hHandle=0x9f8, dwMilliseconds=0xffffffff) returned 0x0 [0143.432] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3693fe30*=0x9f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.433] WaitForSingleObject (hHandle=0x9f8, dwMilliseconds=0xffffffff) returned 0x0 [0143.433] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3693f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3693f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3693f6a0, ulNumEntriesRemoved=0x3693f674) returned 0 [0143.433] SetEvent (hEvent=0xac0) returned 1 [0143.433] SetEvent (hEvent=0xb78) returned 1 [0143.434] SetEvent (hEvent=0x414) returned 1 [0143.434] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3693fe18*=0x9f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.460] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3693f698, ulCount=0x10, ulNumEntriesRemoved=0x3693f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3693f698, ulNumEntriesRemoved=0x3693f66c) returned 0 [0143.460] SetEvent (hEvent=0xb78) returned 1 [0143.461] SetEvent (hEvent=0x414) returned 1 [0143.461] SetEvent (hEvent=0xac0) returned 1 [0143.462] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3693fe08*=0x9f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.470] SetEvent (hEvent=0xac0) returned 1 [0143.470] SetEvent (hEvent=0x414) returned 1 [0143.470] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3693fe08*=0x9f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.491] WaitForSingleObject (hHandle=0x9f8, dwMilliseconds=0xffffffff) returned 0x0 [0143.491] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3693fe30*=0x9f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.492] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3693f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3693f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3693f6a0, ulNumEntriesRemoved=0x3693f674) returned 0 [0143.492] SetEvent (hEvent=0xac0) returned 1 [0143.492] SetEvent (hEvent=0x414) returned 1 [0143.492] SetEvent (hEvent=0x164) returned 1 [0143.492] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3693fe18*=0x9f8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.496] SetEvent (hEvent=0x120) returned 1 [0143.496] WaitForSingleObject (hHandle=0x9f8, dwMilliseconds=0xffffffff) returned 0x0 [0143.527] WaitForSingleObject (hHandle=0x9f8, dwMilliseconds=0xffffffff) returned 0x0 [0143.530] SetEvent (hEvent=0xba8) returned 1 [0143.530] WaitForSingleObject (hHandle=0x9f8, dwMilliseconds=0xffffffff) returned 0x0 [0143.551] SetEvent (hEvent=0xbb8) returned 1 [0143.551] WaitForSingleObject (hHandle=0x9f8, dwMilliseconds=0xffffffff) Thread: id = 127 os_tid = 0xb20 [0141.963] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x36b3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x36b3fea0*=0x624) returned 1 [0141.963] VirtualQuery (in: lpAddress=0x36b3fec0, lpBuffer=0x36b3fec0, dwLength=0x30 | out: lpBuffer=0x36b3fec0*(BaseAddress=0x36b3f000, AllocationBase=0x36940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.963] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KwrrYDZuohOISdt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kwrrydzuohoisdt.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x650 [0141.964] GetConsoleMode (in: hConsoleHandle=0x650, lpMode=0xc0003a9cf4 | out: lpMode=0xc0003a9cf4) returned 0 [0141.969] GetFileType (hFile=0x650) returned 0x1 [0141.969] GetFileType (hFile=0x650) returned 0x1 [0141.969] GetFileInformationByHandle (in: hFile=0x650, lpFileInformation=0xc0003a9d44 | out: lpFileInformation=0xc0003a9d44) returned 1 [0141.969] GetFileInformationByHandleEx (in: hFile=0x650, FileInformationClass=0x9, lpFileInformation=0xc0003a9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003a9d28) returned 1 [0141.969] VirtualAlloc (lpAddress=0xc0005de000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005de000 [0141.971] ReadFile (in: hFile=0x650, lpBuffer=0xc0005de000, nNumberOfBytesToRead=0x1aeb, lpNumberOfBytesRead=0xc0003a9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005de000*, lpNumberOfBytesRead=0xc0003a9c04*=0x18eb, lpOverlapped=0x0) returned 1 [0142.669] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa00 [0142.669] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa04 [0142.669] WaitForSingleObject (hHandle=0xa00, dwMilliseconds=0xffffffff) returned 0x0 [0143.562] ReadFile (in: hFile=0x650, lpBuffer=0xc0005df8eb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003a9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005df8eb*, lpNumberOfBytesRead=0xc0003a9c04*=0x0, lpOverlapped=0x0) returned 1 [0143.562] CloseHandle (hObject=0x650) returned 1 [0143.562] VirtualAlloc (lpAddress=0xc0006d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006d4000 [0143.564] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KwrrYDZuohOISdt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kwrrydzuohoisdt.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x584 [0143.573] GetConsoleMode (in: hConsoleHandle=0x584, lpMode=0xc0003a9d04 | out: lpMode=0xc0003a9d04) returned 0 [0143.576] GetFileType (hFile=0x584) returned 0x1 [0143.576] WriteFile (in: hFile=0x584, lpBuffer=0xc000512600*, nNumberOfBytesToWrite=0x18f0, lpNumberOfBytesWritten=0xc0003a9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000512600*, lpNumberOfBytesWritten=0xc0003a9cec*=0x18f0, lpOverlapped=0x0) returned 1 [0143.578] CloseHandle (hObject=0x584) returned 1 [0143.580] WaitForSingleObject (hHandle=0xa00, dwMilliseconds=0xffffffff) returned 0x0 [0144.123] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0144.123] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\KwrrYDZuohOISdt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kwrrydzuohoisdt.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554 [0144.124] GetConsoleMode (in: hConsoleHandle=0x554, lpMode=0xc0003a9d64 | out: lpMode=0xc0003a9d64) returned 0 [0144.124] WaitForSingleObject (hHandle=0xa00, dwMilliseconds=0xffffffff) returned 0x0 [0144.581] SetEvent (hEvent=0x9d0) returned 1 [0144.581] WaitForSingleObject (hHandle=0xa00, dwMilliseconds=0xffffffff) Thread: id = 128 os_tid = 0xa44 [0141.972] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x36d3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x36d3fea0*=0x658) returned 1 [0141.972] VirtualQuery (in: lpAddress=0x36d3fec0, lpBuffer=0x36d3fec0, dwLength=0x30 | out: lpBuffer=0x36d3fec0*(BaseAddress=0x36d3f000, AllocationBase=0x36b40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.972] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XZs4zFMR9uZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xzs4zfmr9uz.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x65c [0141.973] GetConsoleMode (in: hConsoleHandle=0x65c, lpMode=0xc000411cf4 | out: lpMode=0xc000411cf4) returned 0 [0141.974] GetFileType (hFile=0x65c) returned 0x1 [0141.974] GetFileType (hFile=0x65c) returned 0x1 [0141.974] GetFileInformationByHandle (in: hFile=0x65c, lpFileInformation=0xc000411d44 | out: lpFileInformation=0xc000411d44) returned 1 [0141.974] GetFileInformationByHandleEx (in: hFile=0x65c, FileInformationClass=0x9, lpFileInformation=0xc000411d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000411d28) returned 1 [0141.974] ReadFile (in: hFile=0x65c, lpBuffer=0xc00035c500, nNumberOfBytesToRead=0x21da, lpNumberOfBytesRead=0xc000411c04, lpOverlapped=0x0 | out: lpBuffer=0xc00035c500*, lpNumberOfBytesRead=0xc000411c04*=0x1fda, lpOverlapped=0x0) returned 1 [0142.685] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa08 [0142.685] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa0c [0142.685] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0143.580] ReadFile (in: hFile=0x65c, lpBuffer=0xc00035e4da, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000411c04, lpOverlapped=0x0 | out: lpBuffer=0xc00035e4da*, lpNumberOfBytesRead=0xc000411c04*=0x0, lpOverlapped=0x0) returned 1 [0143.580] CloseHandle (hObject=0x65c) returned 1 [0143.581] VirtualAlloc (lpAddress=0xc0006d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006d6000 [0143.582] VirtualAlloc (lpAddress=0xc0006d8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006d8000 [0143.583] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XZs4zFMR9uZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xzs4zfmr9uz.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x588 [0143.607] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0144.394] GetConsoleMode (in: hConsoleHandle=0x588, lpMode=0xc000411d04 | out: lpMode=0xc000411d04) returned 0 [0144.395] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0144.745] GetFileType (hFile=0x588) returned 0x1 [0144.745] WriteFile (in: hFile=0x588, lpBuffer=0xc0006d6000*, nNumberOfBytesToWrite=0x1fe0, lpNumberOfBytesWritten=0xc000411cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006d6000*, lpNumberOfBytesWritten=0xc000411cec*=0x1fe0, lpOverlapped=0x0) returned 1 [0144.746] CloseHandle (hObject=0x588) returned 1 [0144.747] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0144.747] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XZs4zFMR9uZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xzs4zfmr9uz.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x588 [0144.747] GetConsoleMode (in: hConsoleHandle=0x588, lpMode=0xc000411d64 | out: lpMode=0xc000411d64) returned 0 [0144.752] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0145.527] GetFileType (hFile=0x588) returned 0x1 [0145.527] WriteFile (in: hFile=0x588, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000411d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc000411d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.528] CloseHandle (hObject=0x588) returned 1 [0145.536] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0146.107] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\XZs4zFMR9uZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xzs4zfmr9uz.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-XZs4zFMR9uZ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-xzs4zfmr9uz.lnk"), dwFlags=0x1) returned 1 [0150.655] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0161.821] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0161.822] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0161.823] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0161.824] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0161.825] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0161.826] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0161.828] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0161.829] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0161.830] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0161.831] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0161.832] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0161.833] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0161.834] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0161.835] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0161.836] SetEvent (hEvent=0xa78) returned 1 [0161.836] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010800*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00032d818, lpReserved=0x0 | out: lpBuffer=0xc000010800*, lpNumberOfCharsWritten=0xc00032d818*=0x4) returned 1 [0161.837] SetEvent (hEvent=0xa78) returned 1 [0161.837] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010808*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00013d818, lpReserved=0x0 | out: lpBuffer=0xc000010808*, lpNumberOfCharsWritten=0xc00013d818*=0x4) returned 1 [0161.839] SetEvent (hEvent=0xa78) returned 1 [0161.839] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010810*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00026f818, lpReserved=0x0 | out: lpBuffer=0xc000010810*, lpNumberOfCharsWritten=0xc00026f818*=0x4) returned 1 [0161.840] SetEvent (hEvent=0xa78) returned 1 [0161.840] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010818*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00032b818, lpReserved=0x0 | out: lpBuffer=0xc000010818*, lpNumberOfCharsWritten=0xc00032b818*=0x4) returned 1 [0161.841] SetEvent (hEvent=0xa78) returned 1 [0161.842] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010820*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000031818, lpReserved=0x0 | out: lpBuffer=0xc000010820*, lpNumberOfCharsWritten=0xc000031818*=0x4) returned 1 [0161.843] SetEvent (hEvent=0xa78) returned 1 [0161.843] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010828*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0006e3818, lpReserved=0x0 | out: lpBuffer=0xc000010828*, lpNumberOfCharsWritten=0xc0006e3818*=0x4) returned 1 [0161.844] SetEvent (hEvent=0xa78) returned 1 [0161.844] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010830*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000137818, lpReserved=0x0 | out: lpBuffer=0xc000010830*, lpNumberOfCharsWritten=0xc000137818*=0x4) returned 1 [0161.845] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) returned 0x0 [0161.905] WaitForSingleObject (hHandle=0xa08, dwMilliseconds=0xffffffff) Thread: id = 129 os_tid = 0x224 [0141.977] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x36f3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x36f3fea0*=0x654) returned 1 [0141.977] VirtualQuery (in: lpAddress=0x36f3fec0, lpBuffer=0x36f3fec0, dwLength=0x30 | out: lpBuffer=0x36f3fec0*(BaseAddress=0x36f3f000, AllocationBase=0x36d40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.977] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T02XdS0VdAldzPJ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t02xds0vdaldzpj.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x660 [0141.979] GetConsoleMode (in: hConsoleHandle=0x660, lpMode=0xc000405cf4 | out: lpMode=0xc000405cf4) returned 0 [0141.984] GetFileType (hFile=0x660) returned 0x1 [0141.984] GetFileType (hFile=0x660) returned 0x1 [0141.984] GetFileInformationByHandle (in: hFile=0x660, lpFileInformation=0xc000405d44 | out: lpFileInformation=0xc000405d44) returned 1 [0141.985] GetFileInformationByHandleEx (in: hFile=0x660, FileInformationClass=0x9, lpFileInformation=0xc000405d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000405d28) returned 1 [0141.985] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0141.987] ReadFile (in: hFile=0x660, lpBuffer=0xc000220000, nNumberOfBytesToRead=0x1b1a, lpNumberOfBytesRead=0xc000405c04, lpOverlapped=0x0 | out: lpBuffer=0xc000220000*, lpNumberOfBytesRead=0xc000405c04*=0x191a, lpOverlapped=0x0) returned 1 [0142.686] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa10 [0142.687] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa14 [0142.687] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0143.610] ReadFile (in: hFile=0x660, lpBuffer=0xc00022191a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000405c04, lpOverlapped=0x0 | out: lpBuffer=0xc00022191a*, lpNumberOfBytesRead=0xc000405c04*=0x0, lpOverlapped=0x0) returned 1 [0143.610] CloseHandle (hObject=0x660) returned 1 [0143.610] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e4000 [0143.612] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T02XdS0VdAldzPJ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t02xds0vdaldzpj.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x660 [0143.618] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0144.481] GetConsoleMode (in: hConsoleHandle=0x660, lpMode=0xc000405d04 | out: lpMode=0xc000405d04) returned 0 [0144.483] GetFileType (hFile=0x660) returned 0x1 [0144.483] WriteFile (in: hFile=0x660, lpBuffer=0xc0006e4000*, nNumberOfBytesToWrite=0x1920, lpNumberOfBytesWritten=0xc000405cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006e4000*, lpNumberOfBytesWritten=0xc000405cec*=0x1920, lpOverlapped=0x0) returned 1 [0144.485] CloseHandle (hObject=0x660) returned 1 [0144.485] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533501 | out: pbBuffer=0xc000533501) returned 1 [0144.485] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0144.486] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T02XdS0VdAldzPJ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t02xds0vdaldzpj.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x660 [0144.486] GetConsoleMode (in: hConsoleHandle=0x660, lpMode=0xc000405d64 | out: lpMode=0xc000405d64) returned 0 [0144.494] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0144.736] SetEvent (hEvent=0x1c4) returned 1 [0144.736] GetFileType (hFile=0x660) returned 0x1 [0144.736] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0145.521] WriteFile (in: hFile=0x660, lpBuffer=0xc00007e160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000405d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e160*, lpNumberOfBytesWritten=0xc000405d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.522] CloseHandle (hObject=0x660) returned 1 [0145.524] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0145.994] VirtualAlloc (lpAddress=0xc000284000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000284000 [0145.996] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\T02XdS0VdAldzPJ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\t02xds0vdaldzpj.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-T02XdS0VdAldzPJ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-t02xds0vdaldzpj.lnk"), dwFlags=0x1) returned 1 [0150.668] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0151.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NnN1r.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nnn1r.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4ac [0151.320] GetConsoleMode (in: hConsoleHandle=0x4ac, lpMode=0xc00044dcf4 | out: lpMode=0xc00044dcf4) returned 0 [0151.323] GetFileType (hFile=0x4ac) returned 0x1 [0151.323] GetFileType (hFile=0x4ac) returned 0x1 [0151.323] GetFileInformationByHandle (in: hFile=0x4ac, lpFileInformation=0xc00044dd44 | out: lpFileInformation=0xc00044dd44) returned 1 [0151.323] GetFileInformationByHandleEx (in: hFile=0x4ac, FileInformationClass=0x9, lpFileInformation=0xc00044dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00044dd28) returned 1 [0151.323] ReadFile (in: hFile=0x4ac, lpBuffer=0xc000070000, nNumberOfBytesToRead=0x2c05, lpNumberOfBytesRead=0xc00044dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000070000*, lpNumberOfBytesRead=0xc00044dc04*=0x2a05, lpOverlapped=0x0) returned 1 [0151.324] ReadFile (in: hFile=0x4ac, lpBuffer=0xc000072a05, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00044dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000072a05*, lpNumberOfBytesRead=0xc00044dc04*=0x0, lpOverlapped=0x0) returned 1 [0151.324] CloseHandle (hObject=0x4ac) returned 1 [0151.324] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0151.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NnN1r.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nnn1r.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac [0151.328] GetConsoleMode (in: hConsoleHandle=0x4ac, lpMode=0xc00044dd04 | out: lpMode=0xc00044dd04) returned 0 [0151.343] GetFileType (hFile=0x4ac) returned 0x1 [0151.344] WriteFile (in: hFile=0x4ac, lpBuffer=0xc00027c000*, nNumberOfBytesToWrite=0x2a10, lpNumberOfBytesWritten=0xc00044dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesWritten=0xc00044dcec*=0x2a10, lpOverlapped=0x0) returned 1 [0151.345] CloseHandle (hObject=0x4ac) returned 1 [0151.345] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533701 | out: pbBuffer=0xc000533701) returned 1 [0151.346] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NnN1r.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nnn1r.bmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac [0151.346] GetConsoleMode (in: hConsoleHandle=0x4ac, lpMode=0xc00044dd64 | out: lpMode=0xc00044dd64) returned 0 [0151.360] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0151.751] SetEvent (hEvent=0xc0) returned 1 [0151.751] SetEvent (hEvent=0xa68) returned 1 [0151.751] GetFileType (hFile=0x4ac) returned 0x1 [0151.752] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0152.274] WriteFile (in: hFile=0x4ac, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00044dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00044dd4c*=0x158, lpOverlapped=0x0) returned 1 [0152.274] CloseHandle (hObject=0x4ac) returned 1 [0152.274] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\NnN1r.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\nnn1r.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-NnN1r.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-nnn1r.bmp"), dwFlags=0x1) returned 1 [0152.276] SetEvent (hEvent=0x114) returned 1 [0152.276] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0161.383] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\4bT5vX6999HZ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\4bt5vx6999hz.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0161.993] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004e9cf4 | out: lpMode=0xc0004e9cf4) returned 0 [0162.303] GetFileType (hFile=0x6a4) returned 0x1 [0162.303] GetFileType (hFile=0x6a4) returned 0x1 [0162.303] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc0004e9d44 | out: lpFileInformation=0xc0004e9d44) returned 1 [0162.303] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc0004e9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004e9d28) returned 1 [0162.304] ReadFile (in: hFile=0x6a4, lpBuffer=0xc0000c0000, nNumberOfBytesToRead=0x71d2, lpNumberOfBytesRead=0xc0004e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000c0000*, lpNumberOfBytesRead=0xc0004e9c04*=0x6fd2, lpOverlapped=0x0) returned 1 [0162.305] ReadFile (in: hFile=0x6a4, lpBuffer=0xc0000c6fd2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004e9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000c6fd2*, lpNumberOfBytesRead=0xc0004e9c04*=0x0, lpOverlapped=0x0) returned 1 [0162.305] CloseHandle (hObject=0x6a4) returned 1 [0162.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\4bT5vX6999HZ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\4bt5vx6999hz.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0162.308] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0004e9d04 | out: lpMode=0xc0004e9d04) returned 0 [0162.418] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0162.589] SetEvent (hEvent=0xb18) returned 1 [0162.589] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0163.610] WriteFile (in: hFile=0x4d8, lpBuffer=0xc0006f8000*, nNumberOfBytesToWrite=0x12c20, lpNumberOfBytesWritten=0xc000351cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006f8000*, lpNumberOfBytesWritten=0xc000351cec*=0x12c20, lpOverlapped=0x0) returned 1 [0166.318] CloseHandle (hObject=0x4d8) returned 1 [0166.378] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0166.379] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00021a001 | out: pbBuffer=0xc00021a001) returned 1 [0166.379] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0166.381] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\ZP3EtF2zN8ybT3QrgX8N.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zp3etf2zn8ybt3qrgx8n.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0166.381] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000351d64 | out: lpMode=0xc000351d64) returned 0 [0166.455] GetFileType (hFile=0x384) returned 0x1 [0166.455] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0166.457] WriteFile (in: hFile=0x384, lpBuffer=0xc0000c34a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000351d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000c34a0*, lpNumberOfBytesWritten=0xc000351d4c*=0x158, lpOverlapped=0x0) returned 1 [0166.458] CloseHandle (hObject=0x384) returned 1 [0166.458] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\ZP3EtF2zN8ybT3QrgX8N.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zp3etf2zn8ybt3qrgx8n.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\encry-ZP3EtF2zN8ybT3QrgX8N.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\encry-zp3etf2zn8ybt3qrgx8n.png"), dwFlags=0x1) returned 1 [0166.916] WaitForMultipleObjects (nCount=0x2, lpHandles=0x36f3fe30*=0xa10, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0166.919] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x36f3f698, ulCount=0x10, ulNumEntriesRemoved=0x36f3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x36f3f698, ulNumEntriesRemoved=0x36f3f66c) returned 0 [0166.919] SetEvent (hEvent=0xc0) returned 1 [0166.919] SetEvent (hEvent=0xb38) returned 1 [0166.919] SetEvent (hEvent=0xc44) returned 1 [0166.919] SetEvent (hEvent=0x980) returned 1 [0166.921] WaitForMultipleObjects (nCount=0x2, lpHandles=0x36f3fe08*=0xa10, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.977] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0166.977] SetEvent (hEvent=0x980) returned 1 [0166.977] WaitForMultipleObjects (nCount=0x2, lpHandles=0x36f3fe08*=0xa10, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0166.991] WaitForMultipleObjects (nCount=0x2, lpHandles=0x36f3fe30*=0xa10, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.994] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0166.994] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x36f3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x36f3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x36f3f6a0, ulNumEntriesRemoved=0x36f3f674) returned 0 [0166.994] SetEvent (hEvent=0xc0) returned 1 [0166.994] SetEvent (hEvent=0x980) returned 1 [0166.994] SetEvent (hEvent=0xc14) returned 1 [0166.994] SetEvent (hEvent=0x43c) returned 1 [0166.994] WaitForMultipleObjects (nCount=0x2, lpHandles=0x36f3fe18*=0xa10, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.008] WaitForMultipleObjects (nCount=0x2, lpHandles=0x36f3fe30*=0xa10, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.010] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x36f3f698, ulCount=0x10, ulNumEntriesRemoved=0x36f3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x36f3f698, ulNumEntriesRemoved=0x36f3f66c) returned 0 [0167.010] SetEvent (hEvent=0xc1c) returned 1 [0167.010] SetEvent (hEvent=0x324) returned 1 [0167.010] SetEvent (hEvent=0x43c) returned 1 [0167.011] WaitForMultipleObjects (nCount=0x2, lpHandles=0x36f3fe08*=0xa10, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.026] SetEvent (hEvent=0x43c) returned 1 [0167.027] SetEvent (hEvent=0x324) returned 1 [0167.027] WaitForMultipleObjects (nCount=0x2, lpHandles=0x36f3fe08*=0xa10, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0167.036] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0167.036] WaitForMultipleObjects (nCount=0x2, lpHandles=0x36f3fe30*=0xa10, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0167.037] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0167.040] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x36f3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x36f3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x36f3f6a0, ulNumEntriesRemoved=0x36f3f674) returned 0 [0167.040] SetEvent (hEvent=0xc0) returned 1 [0167.040] SetEvent (hEvent=0xb48) returned 1 [0167.040] SetEvent (hEvent=0xa80) returned 1 [0167.040] SetEvent (hEvent=0x324) returned 1 [0167.041] WaitForMultipleObjects (nCount=0x2, lpHandles=0x36f3fe18*=0xa10, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.072] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x36f3f698, ulCount=0x10, ulNumEntriesRemoved=0x36f3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x36f3f698, ulNumEntriesRemoved=0x36f3f66c) returned 0 [0167.072] SetEvent (hEvent=0x990) returned 1 [0167.072] SetEvent (hEvent=0x114) returned 1 [0167.072] SetEvent (hEvent=0xa80) returned 1 [0167.073] WaitForMultipleObjects (nCount=0x2, lpHandles=0x36f3fe08*=0xa10, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0167.078] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0167.078] WaitForMultipleObjects (nCount=0x2, lpHandles=0x36f3fe08*=0xa10, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0167.081] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0167.081] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x36f3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x36f3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x36f3f6a0, ulNumEntriesRemoved=0x36f3f674) returned 0 [0167.081] SetEvent (hEvent=0xa80) returned 1 [0167.081] SetEvent (hEvent=0x114) returned 1 [0167.081] WaitForMultipleObjects (nCount=0x2, lpHandles=0x36f3fe18*=0xa10, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0167.107] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0167.107] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x36f3f698, ulCount=0x10, ulNumEntriesRemoved=0x36f3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x36f3f698, ulNumEntriesRemoved=0x36f3f66c) returned 0 [0167.107] SetEvent (hEvent=0xa80) returned 1 [0167.107] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0167.110] WaitForMultipleObjects (nCount=0x2, lpHandles=0x36f3fe08*=0xa10, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0167.112] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0167.112] SetEvent (hEvent=0x990) returned 1 [0167.112] WaitForMultipleObjects (nCount=0x2, lpHandles=0x36f3fe08*=0xa10, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0167.116] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0167.116] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x36f3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x36f3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x36f3f6a0, ulNumEntriesRemoved=0x36f3f674) returned 0 [0167.116] SetEvent (hEvent=0x990) returned 1 [0167.116] WaitForMultipleObjects (nCount=0x2, lpHandles=0x36f3fe18*=0xa10, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0167.131] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0167.131] VirtualFree (lpAddress=0xc00025a000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0167.132] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0167.142] SetEvent (hEvent=0xa80) returned 1 [0167.142] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0167.146] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0167.148] SetEvent (hEvent=0xb48) returned 1 [0167.148] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) returned 0x0 [0167.154] SetEvent (hEvent=0xb48) returned 1 [0167.154] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000351818, lpReserved=0x0 | out: lpBuffer=0xc000010080*, lpNumberOfCharsWritten=0xc000351818*=0x3) returned 1 [0167.155] SetEvent (hEvent=0xb48) returned 1 [0167.155] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010086*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00022d818, lpReserved=0x0 | out: lpBuffer=0xc000010086*, lpNumberOfCharsWritten=0xc00022d818*=0x3) returned 1 [0167.157] SetEvent (hEvent=0xb48) returned 1 [0167.157] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0167.158] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010090*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000271818, lpReserved=0x0 | out: lpBuffer=0xc000010090*, lpNumberOfCharsWritten=0xc000271818*=0x3) returned 1 [0167.160] SetEvent (hEvent=0xb48) returned 1 [0167.160] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000fa080*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0xc00037d808, lpReserved=0x0 | out: lpBuffer=0xc0000fa080*, lpNumberOfCharsWritten=0xc00037d808*=0x3d) returned 1 [0167.161] SetEvent (hEvent=0xb48) returned 1 [0167.162] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0167.163] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000262000*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc00037d808, lpReserved=0x0 | out: lpBuffer=0xc000262000*, lpNumberOfCharsWritten=0xc00037d808*=0x11) returned 1 [0167.165] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000262030*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc00037d808, lpReserved=0x0 | out: lpBuffer=0xc000262030*, lpNumberOfCharsWritten=0xc00037d808*=0x11) returned 1 [0167.167] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0167.168] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-Recent" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-recent"), dwFlags=0x1) returned 1 [0167.376] WaitForSingleObject (hHandle=0xa10, dwMilliseconds=0xffffffff) Thread: id = 130 os_tid = 0xb10 [0141.985] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3713fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3713fea0*=0x664) returned 1 [0141.985] VirtualQuery (in: lpAddress=0x3713fec0, lpBuffer=0x3713fec0, dwLength=0x30 | out: lpBuffer=0x3713fec0*(BaseAddress=0x3713f000, AllocationBase=0x36f40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.988] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ayjS6X.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ayjs6x.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x668 [0141.989] GetConsoleMode (in: hConsoleHandle=0x668, lpMode=0xc000429cf4 | out: lpMode=0xc000429cf4) returned 0 [0141.992] GetFileType (hFile=0x668) returned 0x1 [0141.992] GetFileType (hFile=0x668) returned 0x1 [0141.992] GetFileInformationByHandle (in: hFile=0x668, lpFileInformation=0xc000429d44 | out: lpFileInformation=0xc000429d44) returned 1 [0141.992] GetFileInformationByHandleEx (in: hFile=0x668, FileInformationClass=0x9, lpFileInformation=0xc000429d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000429d28) returned 1 [0141.992] ReadFile (in: hFile=0x668, lpBuffer=0xc0002cb800, nNumberOfBytesToRead=0x1544, lpNumberOfBytesRead=0xc000429c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002cb800*, lpNumberOfBytesRead=0xc000429c04*=0x1344, lpOverlapped=0x0) returned 1 [0142.688] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa18 [0142.688] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa1c [0142.688] WaitForSingleObject (hHandle=0xa18, dwMilliseconds=0xffffffff) returned 0x0 [0143.616] SetEvent (hEvent=0x970) returned 1 [0143.616] ReadFile (in: hFile=0x668, lpBuffer=0xc0002ccb44, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000429c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ccb44*, lpNumberOfBytesRead=0xc000429c04*=0x0, lpOverlapped=0x0) returned 1 [0143.616] WaitForSingleObject (hHandle=0xa18, dwMilliseconds=0xffffffff) returned 0x0 [0144.417] CloseHandle (hObject=0x668) returned 1 [0144.417] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0144.418] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ayjS6X.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ayjs6x.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x668 [0144.420] GetConsoleMode (in: hConsoleHandle=0x668, lpMode=0xc000429d04 | out: lpMode=0xc000429d04) returned 0 [0144.427] WaitForSingleObject (hHandle=0xa18, dwMilliseconds=0xffffffff) returned 0x0 [0145.112] GetFileType (hFile=0x668) returned 0x1 [0145.112] WriteFile (in: hFile=0x668, lpBuffer=0xc00072b500*, nNumberOfBytesToWrite=0x1350, lpNumberOfBytesWritten=0xc000429cec, lpOverlapped=0x0 | out: lpBuffer=0xc00072b500*, lpNumberOfBytesWritten=0xc000429cec*=0x1350, lpOverlapped=0x0) returned 1 [0145.113] CloseHandle (hObject=0x668) returned 1 [0145.255] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0145.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ayjS6X.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ayjs6x.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x668 [0145.256] GetConsoleMode (in: hConsoleHandle=0x668, lpMode=0xc000429d64 | out: lpMode=0xc000429d64) returned 0 [0145.260] WaitForSingleObject (hHandle=0xa18, dwMilliseconds=0xffffffff) returned 0x0 [0145.826] GetFileType (hFile=0x668) returned 0x1 [0145.826] WriteFile (in: hFile=0x668, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000429d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc000429d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.827] CloseHandle (hObject=0x668) returned 1 [0145.837] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ayjS6X.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ayjs6x.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-ayjS6X.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-ayjs6x.lnk"), dwFlags=0x1) returned 1 [0150.662] WaitForSingleObject (hHandle=0xa18, dwMilliseconds=0xffffffff) returned 0x0 [0161.750] WaitForSingleObject (hHandle=0xa18, dwMilliseconds=0xffffffff) returned 0x0 [0161.753] SetEvent (hEvent=0x448) returned 1 [0161.753] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc5e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00036d818, lpReserved=0x0 | out: lpBuffer=0xc0000bc5e0*, lpNumberOfCharsWritten=0xc00036d818*=0x4) returned 1 [0161.755] SetEvent (hEvent=0x448) returned 1 [0161.755] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc5e8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00036b818, lpReserved=0x0 | out: lpBuffer=0xc0000bc5e8*, lpNumberOfCharsWritten=0xc00036b818*=0x4) returned 1 [0161.756] SetEvent (hEvent=0x448) returned 1 [0161.756] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00021e140*, nNumberOfCharsToWrite=0x4b, lpNumberOfCharsWritten=0xc0003af808, lpReserved=0x0 | out: lpBuffer=0xc00021e140*, lpNumberOfCharsWritten=0xc0003af808*=0x4b) returned 1 [0161.758] SetEvent (hEvent=0x448) returned 1 [0161.758] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0161.758] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0161.760] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0161.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x740 [0162.055] GetConsoleMode (in: hConsoleHandle=0x740, lpMode=0xc0003afd64 | out: lpMode=0xc0003afd64) returned 0 [0162.409] WaitForSingleObject (hHandle=0xa18, dwMilliseconds=0xffffffff) returned 0x0 [0162.547] GetFileType (hFile=0x740) returned 0x1 [0162.547] WriteFile (in: hFile=0x740, lpBuffer=0xc0000d7760*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003afd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7760*, lpNumberOfBytesWritten=0xc0003afd4c*=0x158, lpOverlapped=0x0) returned 1 [0162.547] CloseHandle (hObject=0x740) returned 1 [0162.547] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0162.557] SetEvent (hEvent=0x264) returned 1 [0162.557] WaitForSingleObject (hHandle=0xa18, dwMilliseconds=0xffffffff) Thread: id = 131 os_tid = 0x6a8 [0141.993] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3733fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3733fea0*=0x670) returned 1 [0141.993] VirtualQuery (in: lpAddress=0x3733fec0, lpBuffer=0x3733fec0, dwLength=0x30 | out: lpBuffer=0x3733fec0*(BaseAddress=0x3733f000, AllocationBase=0x37140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0141.993] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LIcVHKu.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\licvhku.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x674 [0141.995] GetConsoleMode (in: hConsoleHandle=0x674, lpMode=0xc0003b3cf4 | out: lpMode=0xc0003b3cf4) returned 0 [0141.996] GetFileType (hFile=0x674) returned 0x1 [0141.996] GetFileType (hFile=0x674) returned 0x1 [0141.996] GetFileInformationByHandle (in: hFile=0x674, lpFileInformation=0xc0003b3d44 | out: lpFileInformation=0xc0003b3d44) returned 1 [0141.996] GetFileInformationByHandleEx (in: hFile=0x674, FileInformationClass=0x9, lpFileInformation=0xc0003b3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003b3d28) returned 1 [0141.996] ReadFile (in: hFile=0x674, lpBuffer=0xc0005dfb00, nNumberOfBytesToRead=0x1aa3, lpNumberOfBytesRead=0xc0003b3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005dfb00*, lpNumberOfBytesRead=0xc0003b3c04*=0x18a3, lpOverlapped=0x0) returned 1 [0142.689] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa20 [0142.689] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa24 [0142.689] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0143.624] ReadFile (in: hFile=0x674, lpBuffer=0xc0005e13a3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003b3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005e13a3*, lpNumberOfBytesRead=0xc0003b3c04*=0x0, lpOverlapped=0x0) returned 1 [0143.624] CloseHandle (hObject=0x674) returned 1 [0143.624] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LIcVHKu.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\licvhku.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c [0143.643] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0144.250] GetConsoleMode (in: hConsoleHandle=0x48c, lpMode=0xc0003b3d04 | out: lpMode=0xc0003b3d04) returned 0 [0144.253] GetFileType (hFile=0x48c) returned 0x1 [0144.253] WriteFile (in: hFile=0x48c, lpBuffer=0xc0006e5980*, nNumberOfBytesToWrite=0x18b0, lpNumberOfBytesWritten=0xc0003b3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006e5980*, lpNumberOfBytesWritten=0xc0003b3cec*=0x18b0, lpOverlapped=0x0) returned 1 [0144.255] CloseHandle (hObject=0x48c) returned 1 [0144.255] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0144.255] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LIcVHKu.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\licvhku.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x48c [0144.255] GetConsoleMode (in: hConsoleHandle=0x48c, lpMode=0xc0003b3d64 | out: lpMode=0xc0003b3d64) returned 0 [0144.262] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0144.617] GetFileType (hFile=0x48c) returned 0x1 [0144.617] WriteFile (in: hFile=0x48c, lpBuffer=0xc000682000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003b3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000682000*, lpNumberOfBytesWritten=0xc0003b3d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.617] CloseHandle (hObject=0x48c) returned 1 [0144.617] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LIcVHKu.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\licvhku.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-LIcVHKu.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-licvhku.lnk"), dwFlags=0x1) returned 1 [0144.619] SetEvent (hEvent=0xa58) returned 1 [0144.619] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0144.623] SetEvent (hEvent=0xc6c) returned 1 [0144.623] SetEvent (hEvent=0x978) returned 1 [0144.623] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0144.627] SetEvent (hEvent=0x39c) returned 1 [0144.627] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0145.925] SetEvent (hEvent=0xb38) returned 1 [0145.925] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0145.934] SetEvent (hEvent=0xb50) returned 1 [0145.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x598 [0145.935] GetConsoleMode (in: hConsoleHandle=0x598, lpMode=0xc000173cf4 | out: lpMode=0xc000173cf4) returned 0 [0145.937] GetFileType (hFile=0x598) returned 0x1 [0145.937] GetFileType (hFile=0x598) returned 0x1 [0145.937] GetFileInformationByHandle (in: hFile=0x598, lpFileInformation=0xc000173d44 | out: lpFileInformation=0xc000173d44) returned 1 [0145.937] GetFileInformationByHandleEx (in: hFile=0x598, FileInformationClass=0x9, lpFileInformation=0xc000173d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000173d28) returned 1 [0145.937] VirtualAlloc (lpAddress=0xc000214000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000214000 [0145.939] ReadFile (in: hFile=0x598, lpBuffer=0xc000214000, nNumberOfBytesToRead=0x71a, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc000214000*, lpNumberOfBytesRead=0xc000173c04*=0x51a, lpOverlapped=0x0) returned 1 [0145.944] ReadFile (in: hFile=0x598, lpBuffer=0xc00021451a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021451a*, lpNumberOfBytesRead=0xc000173c04*=0x0, lpOverlapped=0x0) returned 1 [0145.944] CloseHandle (hObject=0x598) returned 1 [0145.944] VirtualAlloc (lpAddress=0xc000216000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000216000 [0145.946] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x598 [0145.947] GetConsoleMode (in: hConsoleHandle=0x598, lpMode=0xc000173d04 | out: lpMode=0xc000173d04) returned 0 [0145.948] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0146.181] GetFileType (hFile=0x598) returned 0x1 [0146.181] WriteFile (in: hFile=0x598, lpBuffer=0xc00010eb00*, nNumberOfBytesToWrite=0x520, lpNumberOfBytesWritten=0xc000173cec, lpOverlapped=0x0 | out: lpBuffer=0xc00010eb00*, lpNumberOfBytesWritten=0xc000173cec*=0x520, lpOverlapped=0x0) returned 1 [0146.182] CloseHandle (hObject=0x598) returned 1 [0146.183] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0146.183] VirtualAlloc (lpAddress=0xc000298000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000298000 [0146.184] VirtualAlloc (lpAddress=0xc00029a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00029a000 [0146.185] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x598 [0146.185] GetConsoleMode (in: hConsoleHandle=0x598, lpMode=0xc000173d64 | out: lpMode=0xc000173d64) returned 0 [0146.189] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0146.280] GetFileType (hFile=0x598) returned 0x1 [0146.280] WriteFile (in: hFile=0x598, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000173d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc000173d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.280] CloseHandle (hObject=0x598) returned 1 [0146.280] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Private Character Editor.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\private character editor.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\encry-Private Character Editor.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\encry-private character editor.lnk"), dwFlags=0x1) returned 1 [0146.283] SetEvent (hEvent=0xa58) returned 1 [0146.283] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0146.301] SetEvent (hEvent=0xc24) returned 1 [0146.301] SetEvent (hEvent=0x920) returned 1 [0146.301] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0146.311] SetEvent (hEvent=0xc24) returned 1 [0146.311] SetEvent (hEvent=0x304) returned 1 [0146.311] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0146.326] SetEvent (hEvent=0xc24) returned 1 [0146.327] SetEvent (hEvent=0xa58) returned 1 [0146.327] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0146.342] SetEvent (hEvent=0xc24) returned 1 [0146.342] SetEvent (hEvent=0x3b0) returned 1 [0146.342] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0146.518] SetEvent (hEvent=0x448) returned 1 [0146.518] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x40c [0146.519] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc000151cf4 | out: lpMode=0xc000151cf4) returned 0 [0146.545] GetFileType (hFile=0x40c) returned 0x1 [0146.545] GetFileType (hFile=0x40c) returned 0x1 [0146.545] GetFileInformationByHandle (in: hFile=0x40c, lpFileInformation=0xc000151d44 | out: lpFileInformation=0xc000151d44) returned 1 [0146.545] GetFileInformationByHandleEx (in: hFile=0x40c, FileInformationClass=0x9, lpFileInformation=0xc000151d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000151d28) returned 1 [0146.545] VirtualAlloc (lpAddress=0xc000604000, dwSize=0x72000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000604000 [0146.558] ReadFile (in: hFile=0x40c, lpBuffer=0xc000604000, nNumberOfBytesToRead=0x70200, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc000604000*, lpNumberOfBytesRead=0xc000151c04*=0x70000, lpOverlapped=0x0) returned 1 [0146.608] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0146.889] SetEvent (hEvent=0xbd8) returned 1 [0146.889] ReadFile (in: hFile=0x40c, lpBuffer=0xc000674000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000151c04, lpOverlapped=0x0 | out: lpBuffer=0xc000674000*, lpNumberOfBytesRead=0xc000151c04*=0x0, lpOverlapped=0x0) returned 1 [0146.889] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0146.940] SetEvent (hEvent=0xc0) returned 1 [0146.941] CloseHandle (hObject=0x40c) returned 1 [0146.941] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0146.966] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x72000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e4000 [0146.983] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40c [0146.989] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc000151d04 | out: lpMode=0xc000151d04) returned 0 [0147.009] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0147.011] GetFileType (hFile=0x40c) returned 0x1 [0147.011] WriteFile (in: hFile=0x40c, lpBuffer=0xc0006e4000*, nNumberOfBytesToWrite=0x70010, lpNumberOfBytesWritten=0xc000151cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006e4000*, lpNumberOfBytesWritten=0xc000151cec*=0x70010, lpOverlapped=0x0) returned 1 [0147.028] CloseHandle (hObject=0x40c) returned 1 [0147.028] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1e01 | out: pbBuffer=0xc0000e1e01) returned 1 [0147.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40c [0147.029] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc000151d64 | out: lpMode=0xc000151d64) returned 0 [0147.041] GetFileType (hFile=0x40c) returned 0x1 [0147.042] WriteFile (in: hFile=0x40c, lpBuffer=0xc0002022c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000151d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002022c0*, lpNumberOfBytesWritten=0xc000151d4c*=0x158, lpOverlapped=0x0) returned 1 [0147.042] CloseHandle (hObject=0x40c) returned 1 [0147.042] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-extensions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-extensions.sqlite"), dwFlags=0x1) returned 1 [0147.044] VirtualFree (lpAddress=0xc000800000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0147.046] VirtualFree (lpAddress=0xc000798000, dwSize=0x68000, dwFreeType=0x4000) returned 1 [0147.049] VirtualFree (lpAddress=0xc000604000, dwSize=0x72000, dwFreeType=0x4000) returned 1 [0147.054] VirtualFree (lpAddress=0xc00058e000, dwSize=0x3a000, dwFreeType=0x4000) returned 1 [0147.057] VirtualFree (lpAddress=0xc0002f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.058] VirtualFree (lpAddress=0xc0002ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.058] VirtualFree (lpAddress=0xc00028c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.059] VirtualFree (lpAddress=0xc000288000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.061] VirtualFree (lpAddress=0xc000282000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0147.062] VirtualFree (lpAddress=0xc00021c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.063] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.063] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.064] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.065] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.066] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.067] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.067] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.068] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000103b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00013f818, lpReserved=0x0 | out: lpBuffer=0xc0000103b0*, lpNumberOfCharsWritten=0xc00013f818*=0x4) returned 1 [0147.077] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000103b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003e3818, lpReserved=0x0 | out: lpBuffer=0xc0000103b8*, lpNumberOfCharsWritten=0xc0003e3818*=0x4) returned 1 [0147.084] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000103c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000455818, lpReserved=0x0 | out: lpBuffer=0xc0000103c0*, lpNumberOfCharsWritten=0xc000455818*=0x4) returned 1 [0147.090] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0147.100] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005864d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001fb818, lpReserved=0x0 | out: lpBuffer=0xc0005864d8*, lpNumberOfCharsWritten=0xc0001fb818*=0x4) returned 1 [0147.110] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0147.117] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586270*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000381818, lpReserved=0x0 | out: lpBuffer=0xc000586270*, lpNumberOfCharsWritten=0xc000381818*=0x4) returned 1 [0147.120] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586278*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001ff818, lpReserved=0x0 | out: lpBuffer=0xc000586278*, lpNumberOfCharsWritten=0xc0001ff818*=0x4) returned 1 [0147.122] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0147.273] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a04a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004dd818, lpReserved=0x0 | out: lpBuffer=0xc0000a04a0*, lpNumberOfCharsWritten=0xc0004dd818*=0x4) returned 1 [0147.284] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0147.285] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a04a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003a7818, lpReserved=0x0 | out: lpBuffer=0xc0000a04a8*, lpNumberOfCharsWritten=0xc0003a7818*=0x4) returned 1 [0147.296] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0147.297] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a06a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00046d818, lpReserved=0x0 | out: lpBuffer=0xc0000a06a0*, lpNumberOfCharsWritten=0xc00046d818*=0x4) returned 1 [0147.300] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0147.324] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206000*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000137818, lpReserved=0x0 | out: lpBuffer=0xc000206000*, lpNumberOfCharsWritten=0xc000137818*=0x4) returned 1 [0147.332] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206008*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000387818, lpReserved=0x0 | out: lpBuffer=0xc000206008*, lpNumberOfCharsWritten=0xc000387818*=0x4) returned 1 [0147.334] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206010*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000211818, lpReserved=0x0 | out: lpBuffer=0xc000206010*, lpNumberOfCharsWritten=0xc000211818*=0x4) returned 1 [0147.339] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0147.385] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00024e0e0*, nNumberOfCharsToWrite=0x6e, lpNumberOfCharsWritten=0xc000247808, lpReserved=0x0 | out: lpBuffer=0xc00024e0e0*, lpNumberOfCharsWritten=0xc000247808*=0x6e) returned 1 [0147.416] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0147.417] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a0 [0147.417] GetConsoleMode (in: hConsoleHandle=0x8a0, lpMode=0xc000247d64 | out: lpMode=0xc000247d64) returned 0 [0147.424] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0147.458] GetFileType (hFile=0x8a0) returned 0x1 [0147.458] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0147.459] WriteFile (in: hFile=0x8a0, lpBuffer=0xc0000a2000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000247d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesWritten=0xc000247d4c*=0x158, lpOverlapped=0x0) returned 1 [0147.460] CloseHandle (hObject=0x8a0) returned 1 [0147.460] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0147.461] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-index.dat"), dwFlags=0x1) returned 1 [0147.463] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3733f698, ulCount=0x10, ulNumEntriesRemoved=0x3733f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3733f698, ulNumEntriesRemoved=0x3733f66c) returned 0 [0147.463] SetEvent (hEvent=0x448) returned 1 [0147.463] SetEvent (hEvent=0xa38) returned 1 [0147.463] SetEvent (hEvent=0xae8) returned 1 [0147.464] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3733fe08*=0xa20, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.502] SetEvent (hEvent=0x318) returned 1 [0147.502] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3733fe08*=0xa20, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.826] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0147.826] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x314, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3733f968, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3733f968*=0x2e4) returned 1 [0147.826] SuspendThread (hThread=0x2e4) returned 0x0 [0147.826] GetThreadContext (in: hThread=0x2e4, lpContext=0x3733f980 | out: lpContext=0x3733f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x286, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2ca9fc18, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab14fa, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0147.830] ResumeThread (hThread=0x2e4) returned 0x1 [0147.830] CloseHandle (hObject=0x2e4) returned 1 [0147.830] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x1f4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3733f968, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3733f968*=0x2e4) returned 1 [0147.830] SuspendThread (hThread=0x2e4) returned 0x0 [0147.830] GetThreadContext (in: hThread=0x2e4, lpContext=0x3733f980 | out: lpContext=0x3733f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2aa9fbd8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab135a, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0147.840] ResumeThread (hThread=0x2e4) returned 0x1 [0147.840] CloseHandle (hObject=0x2e4) returned 1 [0147.840] SetEvent (hEvent=0x318) returned 1 [0147.840] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3733fe30*=0xa20, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.842] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0147.842] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3733f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3733f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3733f6a0, ulNumEntriesRemoved=0x3733f674) returned 0 [0147.843] SetEvent (hEvent=0xae8) returned 1 [0147.843] SetEvent (hEvent=0x1f8) returned 1 [0147.843] SetEvent (hEvent=0x318) returned 1 [0147.843] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3733fe18*=0xa20, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.851] SetEvent (hEvent=0xbd8) returned 1 [0147.851] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0147.852] SetEvent (hEvent=0xbb0) returned 1 [0147.852] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0147.854] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e4 [0147.855] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc0001f9cf4 | out: lpMode=0xc0001f9cf4) returned 0 [0147.858] GetFileType (hFile=0x2e4) returned 0x1 [0147.858] GetFileType (hFile=0x2e4) returned 0x1 [0147.858] GetFileInformationByHandle (in: hFile=0x2e4, lpFileInformation=0xc0001f9d44 | out: lpFileInformation=0xc0001f9d44) returned 1 [0147.858] GetFileInformationByHandleEx (in: hFile=0x2e4, FileInformationClass=0x9, lpFileInformation=0xc0001f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001f9d28) returned 1 [0147.858] ReadFile (in: hFile=0x2e4, lpBuffer=0xc00004c000, nNumberOfBytesToRead=0xdc5, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesRead=0xc0001f9c04*=0xbc5, lpOverlapped=0x0) returned 1 [0148.854] ReadFile (in: hFile=0x2e4, lpBuffer=0xc00004cbc5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00004cbc5*, lpNumberOfBytesRead=0xc0001f9c04*=0x0, lpOverlapped=0x0) returned 1 [0148.854] CloseHandle (hObject=0x2e4) returned 1 [0148.855] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0148.856] VirtualAlloc (lpAddress=0xc000226000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000226000 [0148.857] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0149.636] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc0001f9d04 | out: lpMode=0xc0001f9d04) returned 0 [0149.637] GetFileType (hFile=0x3d0) returned 0x1 [0149.637] WriteFile (in: hFile=0x3d0, lpBuffer=0xc000526c00*, nNumberOfBytesToWrite=0xbd0, lpNumberOfBytesWritten=0xc0001f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000526c00*, lpNumberOfBytesWritten=0xc0001f9cec*=0xbd0, lpOverlapped=0x0) returned 1 [0149.652] CloseHandle (hObject=0x3d0) returned 1 [0149.668] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0149.669] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0149.669] GetConsoleMode (in: hConsoleHandle=0x854, lpMode=0xc0001f9d64 | out: lpMode=0xc0001f9d64) returned 0 [0149.679] GetFileType (hFile=0x854) returned 0x1 [0149.680] WriteFile (in: hFile=0x854, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0149.700] CloseHandle (hObject=0x854) returned 1 [0149.707] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-sessionstore.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-sessionstore.js"), dwFlags=0x1) returned 1 [0151.813] SetEvent (hEvent=0x968) returned 1 [0151.814] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0151.832] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Pk78- 0HqIk.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\pk78- 0hqik.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5d8 [0151.833] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc000457cf4 | out: lpMode=0xc000457cf4) returned 0 [0151.846] GetFileType (hFile=0x5d8) returned 0x1 [0151.846] GetFileType (hFile=0x5d8) returned 0x1 [0151.846] GetFileInformationByHandle (in: hFile=0x5d8, lpFileInformation=0xc000457d44 | out: lpFileInformation=0xc000457d44) returned 1 [0151.846] GetFileInformationByHandleEx (in: hFile=0x5d8, FileInformationClass=0x9, lpFileInformation=0xc000457d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000457d28) returned 1 [0151.846] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0151.848] VirtualAlloc (lpAddress=0xc000498000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0151.853] ReadFile (in: hFile=0x5d8, lpBuffer=0xc000498000, nNumberOfBytesToRead=0x18d4f, lpNumberOfBytesRead=0xc000457c04, lpOverlapped=0x0 | out: lpBuffer=0xc000498000*, lpNumberOfBytesRead=0xc000457c04*=0x18b4f, lpOverlapped=0x0) returned 1 [0151.856] ReadFile (in: hFile=0x5d8, lpBuffer=0xc0004b0b4f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000457c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004b0b4f*, lpNumberOfBytesRead=0xc000457c04*=0x0, lpOverlapped=0x0) returned 1 [0151.856] CloseHandle (hObject=0x5d8) returned 1 [0151.856] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0151.858] VirtualAlloc (lpAddress=0xc0004b2000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004b2000 [0151.865] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Pk78- 0HqIk.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\pk78- 0hqik.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0151.868] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc000457d04 | out: lpMode=0xc000457d04) returned 0 [0151.870] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0152.276] GetFileType (hFile=0x5d8) returned 0x1 [0152.276] WriteFile (in: hFile=0x5d8, lpBuffer=0xc0004b2000*, nNumberOfBytesToWrite=0x18b50, lpNumberOfBytesWritten=0xc000457cec, lpOverlapped=0x0 | out: lpBuffer=0xc0004b2000*, lpNumberOfBytesWritten=0xc000457cec*=0x18b50, lpOverlapped=0x0) returned 1 [0152.279] CloseHandle (hObject=0x5d8) returned 1 [0152.279] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0152.279] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Pk78- 0HqIk.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\pk78- 0hqik.doc"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0152.279] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc000457d64 | out: lpMode=0xc000457d64) returned 0 [0152.291] GetFileType (hFile=0x5d8) returned 0x1 [0152.291] WriteFile (in: hFile=0x5d8, lpBuffer=0xc000284580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000457d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284580*, lpNumberOfBytesWritten=0xc000457d4c*=0x158, lpOverlapped=0x0) returned 1 [0152.291] CloseHandle (hObject=0x5d8) returned 1 [0152.291] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Pk78- 0HqIk.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\pk78- 0hqik.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\encry-Pk78- 0HqIk.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\encry-pk78- 0hqik.doc"), dwFlags=0x1) returned 1 [0152.293] SetEvent (hEvent=0x8e8) returned 1 [0152.293] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0152.295] SetEvent (hEvent=0xa38) returned 1 [0152.295] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0161.372] SetEvent (hEvent=0x324) returned 1 [0161.373] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0161.374] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x404 [0162.035] GetConsoleMode (in: hConsoleHandle=0x404, lpMode=0xc0004b1cf4 | out: lpMode=0xc0004b1cf4) returned 0 [0162.360] GetFileType (hFile=0x404) returned 0x1 [0162.361] GetFileType (hFile=0x404) returned 0x1 [0162.361] GetFileInformationByHandle (in: hFile=0x404, lpFileInformation=0xc0004b1d44 | out: lpFileInformation=0xc0004b1d44) returned 1 [0162.361] GetFileInformationByHandleEx (in: hFile=0x404, FileInformationClass=0x9, lpFileInformation=0xc0004b1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004b1d28) returned 1 [0162.361] ReadFile (in: hFile=0x404, lpBuffer=0xc00003c400, nNumberOfBytesToRead=0x3f8, lpNumberOfBytesRead=0xc0004b1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c400*, lpNumberOfBytesRead=0xc0004b1c04*=0x1f8, lpOverlapped=0x0) returned 1 [0162.363] ReadFile (in: hFile=0x404, lpBuffer=0xc00003c5f8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004b1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c5f8*, lpNumberOfBytesRead=0xc0004b1c04*=0x0, lpOverlapped=0x0) returned 1 [0162.363] CloseHandle (hObject=0x404) returned 1 [0162.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.363] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini\\*", lpFindFileData=0xc0004b1a08 | out: lpFindFileData=0xc0004b1a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.363] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0004b1720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.364] SetEvent (hEvent=0xb38) returned 1 [0162.364] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) returned 0x0 [0162.438] SetEvent (hEvent=0xbd8) returned 1 [0162.438] SetEvent (hEvent=0x304) returned 1 [0162.438] WaitForSingleObject (hHandle=0xa20, dwMilliseconds=0xffffffff) Thread: id = 132 os_tid = 0xb0c [0142.000] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3753fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3753fea0*=0x66c) returned 1 [0142.000] VirtualQuery (in: lpAddress=0x3753fec0, lpBuffer=0x3753fec0, dwLength=0x30 | out: lpBuffer=0x3753fec0*(BaseAddress=0x3753f000, AllocationBase=0x37340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.000] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xl2kGcwhye6UXJEFYf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xl2kgcwhye6uxjefyf.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x678 [0142.002] GetConsoleMode (in: hConsoleHandle=0x678, lpMode=0xc00041bcf4 | out: lpMode=0xc00041bcf4) returned 0 [0142.003] GetFileType (hFile=0x678) returned 0x1 [0142.003] GetFileType (hFile=0x678) returned 0x1 [0142.003] GetFileInformationByHandle (in: hFile=0x678, lpFileInformation=0xc00041bd44 | out: lpFileInformation=0xc00041bd44) returned 1 [0142.003] GetFileInformationByHandleEx (in: hFile=0x678, FileInformationClass=0x9, lpFileInformation=0xc00041bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00041bd28) returned 1 [0142.003] ReadFile (in: hFile=0x678, lpBuffer=0xc00032c700, nNumberOfBytesToRead=0x61a, lpNumberOfBytesRead=0xc00041bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00032c700*, lpNumberOfBytesRead=0xc00041bc04*=0x41a, lpOverlapped=0x0) returned 1 [0142.691] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa28 [0142.691] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa2c [0142.691] WaitForSingleObject (hHandle=0xa28, dwMilliseconds=0xffffffff) returned 0x0 [0143.643] ReadFile (in: hFile=0x678, lpBuffer=0xc00032cb1a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00041bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00032cb1a*, lpNumberOfBytesRead=0xc00041bc04*=0x0, lpOverlapped=0x0) returned 1 [0143.643] CloseHandle (hObject=0x678) returned 1 [0143.643] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xl2kGcwhye6UXJEFYf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xl2kgcwhye6uxjefyf.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x474 [0143.659] GetConsoleMode (in: hConsoleHandle=0x474, lpMode=0xc00041bd04 | out: lpMode=0xc00041bd04) returned 0 [0143.662] GetFileType (hFile=0x474) returned 0x1 [0143.662] WriteFile (in: hFile=0x474, lpBuffer=0xc0002a4900*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0xc00041bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4900*, lpNumberOfBytesWritten=0xc00041bcec*=0x420, lpOverlapped=0x0) returned 1 [0143.663] CloseHandle (hObject=0x474) returned 1 [0143.674] WaitForSingleObject (hHandle=0xa28, dwMilliseconds=0xffffffff) returned 0x0 [0144.348] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0144.348] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xl2kGcwhye6UXJEFYf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xl2kgcwhye6uxjefyf.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x22c [0144.348] GetConsoleMode (in: hConsoleHandle=0x22c, lpMode=0xc00041bd64 | out: lpMode=0xc00041bd64) returned 0 [0144.351] GetFileType (hFile=0x22c) returned 0x1 [0144.351] WriteFile (in: hFile=0x22c, lpBuffer=0xc000614dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00041bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614dc0*, lpNumberOfBytesWritten=0xc00041bd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.351] CloseHandle (hObject=0x22c) returned 1 [0144.351] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Xl2kGcwhye6UXJEFYf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xl2kgcwhye6uxjefyf.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-Xl2kGcwhye6UXJEFYf.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-xl2kgcwhye6uxjefyf.lnk"), dwFlags=0x1) returned 1 [0144.353] SetEvent (hEvent=0xb50) returned 1 [0144.353] WaitForSingleObject (hHandle=0xa28, dwMilliseconds=0xffffffff) returned 0x0 [0144.356] SetEvent (hEvent=0xbc0) returned 1 [0144.356] SetEvent (hEvent=0x43c) returned 1 [0144.356] WaitForSingleObject (hHandle=0xa28, dwMilliseconds=0xffffffff) returned 0x0 [0144.371] SetEvent (hEvent=0xc3c) returned 1 [0144.372] WaitForSingleObject (hHandle=0xa28, dwMilliseconds=0xffffffff) Thread: id = 133 os_tid = 0x4e8 [0142.004] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3773fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3773fea0*=0x680) returned 1 [0142.004] VirtualQuery (in: lpAddress=0x3773fec0, lpBuffer=0x3773fec0, dwLength=0x30 | out: lpBuffer=0x3773fec0*(BaseAddress=0x3773f000, AllocationBase=0x37540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VH3znN.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vh3znn.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x684 [0142.005] GetConsoleMode (in: hConsoleHandle=0x684, lpMode=0xc00040fcf4 | out: lpMode=0xc00040fcf4) returned 0 [0142.005] GetFileType (hFile=0x684) returned 0x1 [0142.005] GetFileType (hFile=0x684) returned 0x1 [0142.006] GetFileInformationByHandle (in: hFile=0x684, lpFileInformation=0xc00040fd44 | out: lpFileInformation=0xc00040fd44) returned 1 [0142.006] GetFileInformationByHandleEx (in: hFile=0x684, FileInformationClass=0x9, lpFileInformation=0xc00040fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00040fd28) returned 1 [0142.006] ReadFile (in: hFile=0x684, lpBuffer=0xc000505800, nNumberOfBytesToRead=0x15d7, lpNumberOfBytesRead=0xc00040fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000505800*, lpNumberOfBytesRead=0xc00040fc04*=0x13d7, lpOverlapped=0x0) returned 1 [0142.692] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa30 [0142.692] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa34 [0142.692] WaitForSingleObject (hHandle=0xa30, dwMilliseconds=0xffffffff) returned 0x0 [0143.650] ReadFile (in: hFile=0x684, lpBuffer=0xc000506bd7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00040fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000506bd7*, lpNumberOfBytesRead=0xc00040fc04*=0x0, lpOverlapped=0x0) returned 1 [0143.650] CloseHandle (hObject=0x684) returned 1 [0143.650] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VH3znN.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vh3znn.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x474 [0143.667] WaitForSingleObject (hHandle=0xa30, dwMilliseconds=0xffffffff) returned 0x0 [0144.333] SetEvent (hEvent=0xbc0) returned 1 [0144.333] GetConsoleMode (in: hConsoleHandle=0x474, lpMode=0xc00040fd04 | out: lpMode=0xc00040fd04) returned 0 [0144.336] WaitForSingleObject (hHandle=0xa30, dwMilliseconds=0xffffffff) returned 0x0 [0144.782] GetFileType (hFile=0x474) returned 0x1 [0144.782] WriteFile (in: hFile=0x474, lpBuffer=0xc0007daa00*, nNumberOfBytesToWrite=0x13e0, lpNumberOfBytesWritten=0xc00040fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0007daa00*, lpNumberOfBytesWritten=0xc00040fcec*=0x13e0, lpOverlapped=0x0) returned 1 [0144.783] CloseHandle (hObject=0x474) returned 1 [0144.784] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533501 | out: pbBuffer=0xc000533501) returned 1 [0144.784] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VH3znN.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vh3znn.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x474 [0144.784] GetConsoleMode (in: hConsoleHandle=0x474, lpMode=0xc00040fd64 | out: lpMode=0xc00040fd64) returned 0 [0144.794] WaitForSingleObject (hHandle=0xa30, dwMilliseconds=0xffffffff) returned 0x0 [0145.522] GetFileType (hFile=0x474) returned 0x1 [0145.522] WriteFile (in: hFile=0x474, lpBuffer=0xc000290c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00040fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290c60*, lpNumberOfBytesWritten=0xc00040fd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.522] CloseHandle (hObject=0x474) returned 1 [0145.524] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VH3znN.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vh3znn.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-VH3znN.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-vh3znn.lnk"), dwFlags=0x1) returned 1 [0147.984] VirtualFree (lpAddress=0xc00027c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.985] VirtualFree (lpAddress=0xc000262000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.985] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.986] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.986] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\snAEk-WZcVK4W.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\snaek-wzcvk4w.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x660 [0147.987] GetConsoleMode (in: hConsoleHandle=0x660, lpMode=0xc000179cf4 | out: lpMode=0xc000179cf4) returned 0 [0147.988] WaitForSingleObject (hHandle=0xa30, dwMilliseconds=0xffffffff) returned 0x0 [0147.992] GetFileType (hFile=0x660) returned 0x1 [0147.992] GetFileType (hFile=0x660) returned 0x1 [0147.992] GetFileInformationByHandle (in: hFile=0x660, lpFileInformation=0xc000179d44 | out: lpFileInformation=0xc000179d44) returned 1 [0147.992] GetFileInformationByHandleEx (in: hFile=0x660, FileInformationClass=0x9, lpFileInformation=0xc000179d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000179d28) returned 1 [0147.992] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0147.994] ReadFile (in: hFile=0x660, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x8f1e, lpNumberOfBytesRead=0xc000179c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc000179c04*=0x8d1e, lpOverlapped=0x0) returned 1 [0148.627] ReadFile (in: hFile=0x660, lpBuffer=0xc000262d1e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000179c04, lpOverlapped=0x0 | out: lpBuffer=0xc000262d1e*, lpNumberOfBytesRead=0xc000179c04*=0x0, lpOverlapped=0x0) returned 1 [0148.627] CloseHandle (hObject=0x660) returned 1 [0148.627] VirtualAlloc (lpAddress=0xc000376000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000376000 [0148.630] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\snAEk-WZcVK4W.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\snaek-wzcvk4w.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0149.741] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc000179d04 | out: lpMode=0xc000179d04) returned 0 [0149.746] GetFileType (hFile=0x8a4) returned 0x1 [0149.746] WriteFile (in: hFile=0x8a4, lpBuffer=0xc000376000*, nNumberOfBytesToWrite=0x8d20, lpNumberOfBytesWritten=0xc000179cec, lpOverlapped=0x0 | out: lpBuffer=0xc000376000*, lpNumberOfBytesWritten=0xc000179cec*=0x8d20, lpOverlapped=0x0) returned 1 [0150.135] CloseHandle (hObject=0x8a4) returned 1 [0150.374] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0150.374] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0150.376] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\snAEk-WZcVK4W.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\snaek-wzcvk4w.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0150.376] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc000179d64 | out: lpMode=0xc000179d64) returned 0 [0150.379] GetFileType (hFile=0x8a4) returned 0x1 [0150.380] WriteFile (in: hFile=0x8a4, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000179d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000179d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.391] CloseHandle (hObject=0x8a4) returned 1 [0150.398] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\snAEk-WZcVK4W.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\snaek-wzcvk4w.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-snAEk-WZcVK4W.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-snaek-wzcvk4w.jpg"), dwFlags=0x1) returned 1 [0152.171] WaitForSingleObject (hHandle=0xa30, dwMilliseconds=0xffffffff) returned 0x0 [0152.347] SetEvent (hEvent=0x304) returned 1 [0152.347] WaitForSingleObject (hHandle=0xa30, dwMilliseconds=0xffffffff) returned 0x0 [0152.358] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x40c [0152.359] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc00048fcf4 | out: lpMode=0xc00048fcf4) returned 0 [0152.361] GetFileType (hFile=0x40c) returned 0x1 [0152.361] GetFileType (hFile=0x40c) returned 0x1 [0152.361] GetFileInformationByHandle (in: hFile=0x40c, lpFileInformation=0xc00048fd44 | out: lpFileInformation=0xc00048fd44) returned 1 [0152.361] GetFileInformationByHandleEx (in: hFile=0x40c, FileInformationClass=0x9, lpFileInformation=0xc00048fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00048fd28) returned 1 [0152.361] ReadFile (in: hFile=0x40c, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0xc00048fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc00048fc04*=0x85, lpOverlapped=0x0) returned 1 [0152.362] ReadFile (in: hFile=0x40c, lpBuffer=0xc00006c085, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00048fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c085*, lpNumberOfBytesRead=0xc00048fc04*=0x0, lpOverlapped=0x0) returned 1 [0152.363] CloseHandle (hObject=0x40c) returned 1 [0152.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40c [0152.364] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc00048fd04 | out: lpMode=0xc00048fd04) returned 0 [0152.384] GetFileType (hFile=0x40c) returned 0x1 [0152.384] WriteFile (in: hFile=0x40c, lpBuffer=0xc0001265a0*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc00048fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0001265a0*, lpNumberOfBytesWritten=0xc00048fcec*=0x90, lpOverlapped=0x0) returned 1 [0152.385] CloseHandle (hObject=0x40c) returned 1 [0152.386] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0152.386] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40c [0152.386] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc00048fd64 | out: lpMode=0xc00048fd64) returned 0 [0152.391] WaitForSingleObject (hHandle=0xa30, dwMilliseconds=0xffffffff) returned 0x0 [0152.797] GetFileType (hFile=0x40c) returned 0x1 [0152.797] WriteFile (in: hFile=0x40c, lpBuffer=0xc000104000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00048fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesWritten=0xc00048fd4c*=0x158, lpOverlapped=0x0) returned 1 [0152.797] CloseHandle (hObject=0x40c) returned 1 [0152.798] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\encry-MSN.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\encry-msn.url"), dwFlags=0x1) returned 1 [0152.799] SetEvent (hEvent=0x264) returned 1 [0152.799] WaitForSingleObject (hHandle=0xa30, dwMilliseconds=0xffffffff) returned 0x0 [0152.897] SetEvent (hEvent=0xbd0) returned 1 [0152.897] WaitForSingleObject (hHandle=0xa30, dwMilliseconds=0xffffffff) returned 0x0 [0161.264] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x424 [0162.051] GetConsoleMode (in: hConsoleHandle=0x424, lpMode=0xc0002b1cf4 | out: lpMode=0xc0002b1cf4) returned 0 [0162.407] WaitForSingleObject (hHandle=0xa30, dwMilliseconds=0xffffffff) returned 0x0 [0162.597] SetEvent (hEvent=0x100) returned 1 [0162.598] WaitForSingleObject (hHandle=0xa30, dwMilliseconds=0xffffffff) returned 0x0 [0163.506] WriteFile (in: hFile=0x848, lpBuffer=0xc0005a2000*, nNumberOfBytesToWrite=0x24e0, lpNumberOfBytesWritten=0xc0004f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005a2000*, lpNumberOfBytesWritten=0xc0004f9cec*=0x24e0, lpOverlapped=0x0) returned 1 [0166.345] CloseHandle (hObject=0x848) returned 1 [0166.709] WaitForSingleObject (hHandle=0xa30, dwMilliseconds=0xffffffff) returned 0x0 [0166.891] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3701 | out: pbBuffer=0xc0001c3701) returned 1 [0166.891] VirtualAlloc (lpAddress=0xc0002ba000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ba000 [0166.893] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\Z1ORm.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\z1orm.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0166.893] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc0004f9d64 | out: lpMode=0xc0004f9d64) returned 0 [0166.896] GetFileType (hFile=0x3d0) returned 0x1 [0166.896] WriteFile (in: hFile=0x3d0, lpBuffer=0xc0000c34a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000c34a0*, lpNumberOfBytesWritten=0xc0004f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0166.896] CloseHandle (hObject=0x3d0) returned 1 [0166.896] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\Z1ORm.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\z1orm.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\encry-Z1ORm.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\encry-z1orm.flv"), dwFlags=0x1) returned 1 [0167.391] WaitForSingleObject (hHandle=0xa30, dwMilliseconds=0xffffffff) Thread: id = 134 os_tid = 0x73c [0142.008] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3793fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3793fea0*=0x688) returned 1 [0142.008] VirtualQuery (in: lpAddress=0x3793fec0, lpBuffer=0x3793fec0, dwLength=0x30 | out: lpBuffer=0x3793fec0*(BaseAddress=0x3793f000, AllocationBase=0x37740000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.008] VirtualAlloc (lpAddress=0xc00030e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00030e000 [0142.010] VirtualAlloc (lpAddress=0xc0003c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c8000 [0142.011] VirtualAlloc (lpAddress=0xc0003f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f8000 [0142.011] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bmK73ApGWN4iut5fSy.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bmk73apgwn4iut5fsy.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x68c [0142.013] GetConsoleMode (in: hConsoleHandle=0x68c, lpMode=0xc000433cf4 | out: lpMode=0xc000433cf4) returned 0 [0142.013] GetFileType (hFile=0x68c) returned 0x1 [0142.013] GetFileType (hFile=0x68c) returned 0x1 [0142.013] GetFileInformationByHandle (in: hFile=0x68c, lpFileInformation=0xc000433d44 | out: lpFileInformation=0xc000433d44) returned 1 [0142.014] GetFileInformationByHandleEx (in: hFile=0x68c, FileInformationClass=0x9, lpFileInformation=0xc000433d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000433d28) returned 1 [0142.014] VirtualAlloc (lpAddress=0xc000534000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000534000 [0142.015] ReadFile (in: hFile=0x68c, lpBuffer=0xc000534000, nNumberOfBytesToRead=0x61a, lpNumberOfBytesRead=0xc000433c04, lpOverlapped=0x0 | out: lpBuffer=0xc000534000*, lpNumberOfBytesRead=0xc000433c04*=0x41a, lpOverlapped=0x0) returned 1 [0142.694] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa38 [0142.694] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa3c [0142.694] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0143.693] ReadFile (in: hFile=0x68c, lpBuffer=0xc00053441a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000433c04, lpOverlapped=0x0 | out: lpBuffer=0xc00053441a*, lpNumberOfBytesRead=0xc000433c04*=0x0, lpOverlapped=0x0) returned 1 [0143.693] CloseHandle (hObject=0x68c) returned 1 [0143.693] VirtualAlloc (lpAddress=0xc0006da000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006da000 [0143.695] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bmK73ApGWN4iut5fSy.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bmk73apgwn4iut5fsy.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x694 [0143.708] GetConsoleMode (in: hConsoleHandle=0x694, lpMode=0xc000433d04 | out: lpMode=0xc000433d04) returned 0 [0143.714] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0144.501] GetFileType (hFile=0x694) returned 0x1 [0144.501] WriteFile (in: hFile=0x694, lpBuffer=0xc0002a4d80*, nNumberOfBytesToWrite=0x420, lpNumberOfBytesWritten=0xc000433cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4d80*, lpNumberOfBytesWritten=0xc000433cec*=0x420, lpOverlapped=0x0) returned 1 [0144.502] CloseHandle (hObject=0x694) returned 1 [0144.502] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b501 | out: pbBuffer=0xc00031b501) returned 1 [0144.502] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0144.504] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0144.505] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0144.506] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0144.507] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bmK73ApGWN4iut5fSy.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bmk73apgwn4iut5fsy.flv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x694 [0144.507] GetConsoleMode (in: hConsoleHandle=0x694, lpMode=0xc000433d64 | out: lpMode=0xc000433d64) returned 0 [0144.508] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0144.786] GetFileType (hFile=0x694) returned 0x1 [0144.786] WriteFile (in: hFile=0x694, lpBuffer=0xc00007e840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000433d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e840*, lpNumberOfBytesWritten=0xc000433d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.786] CloseHandle (hObject=0x694) returned 1 [0144.787] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0144.788] VirtualAlloc (lpAddress=0xc00004e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004e000 [0144.789] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\bmK73ApGWN4iut5fSy.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\bmk73apgwn4iut5fsy.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-bmK73ApGWN4iut5fSy.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-bmk73apgwn4iut5fsy.flv.lnk"), dwFlags=0x1) returned 1 [0144.791] VirtualFree (lpAddress=0xc000648000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.792] VirtualFree (lpAddress=0xc00053c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.793] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0144.794] SetEvent (hEvent=0x8d0) returned 1 [0144.794] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0145.418] SetEvent (hEvent=0xb60) returned 1 [0145.418] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0145.421] GetFileType (hFile=0x6ac) returned 0x1 [0145.421] WriteFile (in: hFile=0x6ac, lpBuffer=0xc000614dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00048fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614dc0*, lpNumberOfBytesWritten=0xc00048fd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.422] CloseHandle (hObject=0x6ac) returned 1 [0145.440] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wQBLRGmmPpS.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wqblrgmmpps.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-wQBLRGmmPpS.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-wqblrgmmpps.lnk"), dwFlags=0x1) returned 1 [0147.111] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0147.119] SetEvent (hEvent=0xc24) returned 1 [0147.120] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0147.126] VirtualFree (lpAddress=0xc0006e4000, dwSize=0x72000, dwFreeType=0x4000) returned 1 [0147.132] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.133] VirtualFree (lpAddress=0xc0002fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.134] VirtualFree (lpAddress=0xc0002f2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0147.135] VirtualFree (lpAddress=0xc00028e000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0147.136] VirtualFree (lpAddress=0xc000280000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.137] VirtualFree (lpAddress=0xc000202000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0147.138] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.138] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.139] VirtualFree (lpAddress=0xc000184000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.140] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.141] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.142] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.142] VirtualFree (lpAddress=0xc000110000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.143] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.144] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.145] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.146] SetEvent (hEvent=0xb60) returned 1 [0147.146] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0147.303] SetEvent (hEvent=0xbd8) returned 1 [0147.303] SetEvent (hEvent=0xc1c) returned 1 [0147.303] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0147.306] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5d8 [0147.307] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc000197cf4 | out: lpMode=0xc000197cf4) returned 0 [0147.319] GetFileType (hFile=0x5d8) returned 0x1 [0147.319] GetFileType (hFile=0x5d8) returned 0x1 [0147.319] GetFileInformationByHandle (in: hFile=0x5d8, lpFileInformation=0xc000197d44 | out: lpFileInformation=0xc000197d44) returned 1 [0147.319] GetFileInformationByHandleEx (in: hFile=0x5d8, FileInformationClass=0x9, lpFileInformation=0xc000197d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000197d28) returned 1 [0147.319] ReadFile (in: hFile=0x5d8, lpBuffer=0xc000222000, nNumberOfBytesToRead=0x239, lpNumberOfBytesRead=0xc000197c04, lpOverlapped=0x0 | out: lpBuffer=0xc000222000*, lpNumberOfBytesRead=0xc000197c04*=0x39, lpOverlapped=0x0) returned 1 [0147.320] ReadFile (in: hFile=0x5d8, lpBuffer=0xc000222039, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000197c04, lpOverlapped=0x0 | out: lpBuffer=0xc000222039*, lpNumberOfBytesRead=0xc000197c04*=0x0, lpOverlapped=0x0) returned 1 [0147.320] CloseHandle (hObject=0x5d8) returned 1 [0147.320] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0147.321] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0147.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0147.324] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc000197d04 | out: lpMode=0xc000197d04) returned 0 [0147.328] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0147.336] GetFileType (hFile=0x5d8) returned 0x1 [0147.336] WriteFile (in: hFile=0x5d8, lpBuffer=0xc00000c280*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0xc000197cec, lpOverlapped=0x0 | out: lpBuffer=0xc00000c280*, lpNumberOfBytesWritten=0xc000197cec*=0x40, lpOverlapped=0x0) returned 1 [0147.337] CloseHandle (hObject=0x5d8) returned 1 [0147.337] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0147.337] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0147.339] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0147.339] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc000197d64 | out: lpMode=0xc000197d64) returned 0 [0147.340] GetFileType (hFile=0x5d8) returned 0x1 [0147.340] WriteFile (in: hFile=0x5d8, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000197d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc000197d4c*=0x158, lpOverlapped=0x0) returned 1 [0147.340] CloseHandle (hObject=0x5d8) returned 1 [0147.340] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0147.341] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0147.342] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\marionette.log"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-marionette.log" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-marionette.log"), dwFlags=0x1) returned 1 [0147.344] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe30*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.345] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3793f698, ulCount=0x10, ulNumEntriesRemoved=0x3793f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3793f698, ulNumEntriesRemoved=0x3793f66c) returned 0 [0147.345] SetEvent (hEvent=0xc0) returned 1 [0147.345] SetEvent (hEvent=0xbd8) returned 1 [0147.345] SetEvent (hEvent=0x1f8) returned 1 [0147.345] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0147.349] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe08*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.356] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe08*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.381] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0147.381] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3793f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3793f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3793f6a0, ulNumEntriesRemoved=0x3793f674) returned 0 [0147.381] SetEvent (hEvent=0x1f8) returned 1 [0147.381] SetEvent (hEvent=0xc44) returned 1 [0147.381] SetEvent (hEvent=0xbd8) returned 1 [0147.381] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe18*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.421] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3793f698, ulCount=0x10, ulNumEntriesRemoved=0x3793f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3793f698, ulNumEntriesRemoved=0x3793f66c) returned 0 [0147.421] SetEvent (hEvent=0xc44) returned 1 [0147.421] SetEvent (hEvent=0x990) returned 1 [0147.421] SetEvent (hEvent=0x1f8) returned 1 [0147.422] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe08*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.428] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0147.428] SetEvent (hEvent=0x1a0) returned 1 [0147.429] SetEvent (hEvent=0xbb0) returned 1 [0147.429] SetEvent (hEvent=0x3c4) returned 1 [0147.429] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe08*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.442] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0147.442] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe30*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.443] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0147.444] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3793f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3793f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3793f6a0, ulNumEntriesRemoved=0x3793f674) returned 0 [0147.444] SetEvent (hEvent=0x448) returned 1 [0147.444] SetEvent (hEvent=0x3b0) returned 1 [0147.444] SetEvent (hEvent=0x1a0) returned 1 [0147.444] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe18*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.456] SetEvent (hEvent=0xa20) returned 1 [0147.456] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0147.465] SetEvent (hEvent=0xc24) returned 1 [0147.465] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0147.865] SetEvent (hEvent=0xc24) returned 1 [0147.865] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0147.879] SetEvent (hEvent=0xa48) returned 1 [0147.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7f8 [0147.880] GetConsoleMode (in: hConsoleHandle=0x7f8, lpMode=0xc000387cf4 | out: lpMode=0xc000387cf4) returned 0 [0147.885] GetFileType (hFile=0x7f8) returned 0x1 [0147.885] GetFileType (hFile=0x7f8) returned 0x1 [0147.885] GetFileInformationByHandle (in: hFile=0x7f8, lpFileInformation=0xc000387d44 | out: lpFileInformation=0xc000387d44) returned 1 [0147.885] GetFileInformationByHandleEx (in: hFile=0x7f8, FileInformationClass=0x9, lpFileInformation=0xc000387d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000387d28) returned 1 [0147.885] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0147.886] ReadFile (in: hFile=0x7f8, lpBuffer=0xc00005c000, nNumberOfBytesToRead=0x26f, lpNumberOfBytesRead=0xc000387c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesRead=0xc000387c04*=0x6f, lpOverlapped=0x0) returned 1 [0148.530] ReadFile (in: hFile=0x7f8, lpBuffer=0xc00005c06f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000387c04, lpOverlapped=0x0 | out: lpBuffer=0xc00005c06f*, lpNumberOfBytesRead=0xc000387c04*=0x0, lpOverlapped=0x0) returned 1 [0148.530] CloseHandle (hObject=0x7f8) returned 1 [0148.530] VirtualAlloc (lpAddress=0xc000310000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000310000 [0148.532] VirtualAlloc (lpAddress=0xc000312000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000312000 [0148.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x728 [0149.133] GetConsoleMode (in: hConsoleHandle=0x728, lpMode=0xc000387d04 | out: lpMode=0xc000387d04) returned 0 [0149.233] GetFileType (hFile=0x728) returned 0x1 [0149.233] WriteFile (in: hFile=0x728, lpBuffer=0xc0000120e0*, nNumberOfBytesToWrite=0x70, lpNumberOfBytesWritten=0xc000387cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000120e0*, lpNumberOfBytesWritten=0xc000387cec*=0x70, lpOverlapped=0x0) returned 1 [0149.373] CloseHandle (hObject=0x728) returned 1 [0149.395] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0149.395] VirtualAlloc (lpAddress=0xc000372000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000372000 [0149.396] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0149.396] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc000387d64 | out: lpMode=0xc000387d64) returned 0 [0149.397] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0149.398] GetFileType (hFile=0x3d0) returned 0x1 [0149.398] WriteFile (in: hFile=0x3d0, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000387d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000387d4c*=0x158, lpOverlapped=0x0) returned 1 [0149.635] CloseHandle (hObject=0x3d0) returned 1 [0149.645] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\encry-profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\encry-profiles.ini"), dwFlags=0x1) returned 1 [0149.665] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3793f698, ulCount=0x10, ulNumEntriesRemoved=0x3793f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3793f698, ulNumEntriesRemoved=0x3793f66c) returned 0 [0149.665] SetEvent (hEvent=0xc24) returned 1 [0149.667] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe08*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0149.668] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3793f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3793f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3793f6a0, ulNumEntriesRemoved=0x3793f674) returned 0 [0149.668] SetEvent (hEvent=0xc24) returned 1 [0149.668] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe18*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0149.680] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe30*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0149.681] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3793f698, ulCount=0x10, ulNumEntriesRemoved=0x3793f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3793f698, ulNumEntriesRemoved=0x3793f66c) returned 0 [0149.681] SetEvent (hEvent=0xc0) returned 1 [0149.681] SetEvent (hEvent=0xae8) returned 1 [0149.682] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe08*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0149.686] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe08*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0149.692] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3793f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3793f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3793f6a0, ulNumEntriesRemoved=0x3793f674) returned 0 [0149.692] SetEvent (hEvent=0xc24) returned 1 [0149.692] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe18*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0149.700] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0149.700] VirtualFree (lpAddress=0xc000212000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0149.702] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.703] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0008*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0000f9818, lpReserved=0x0 | out: lpBuffer=0xc0000a0008*, lpNumberOfCharsWritten=0xc0000f9818*=0x3) returned 1 [0149.705] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0149.730] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.259] SetEvent (hEvent=0xec) returned 1 [0150.259] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.260] SetEvent (hEvent=0xec) returned 1 [0150.260] SetEvent (hEvent=0x8b8) returned 1 [0150.260] VirtualFree (lpAddress=0xc001c00000, dwSize=0x2c000, dwFreeType=0x4000) returned 1 [0150.263] VirtualFree (lpAddress=0xc001800000, dwSize=0x400000, dwFreeType=0x4000) returned 1 [0150.298] VirtualFree (lpAddress=0xc001400000, dwSize=0x400000, dwFreeType=0x4000) returned 1 [0150.328] VirtualFree (lpAddress=0xc00122a000, dwSize=0x1d6000, dwFreeType=0x4000) returned 1 [0150.341] VirtualFree (lpAddress=0xc000634000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0150.343] VirtualFree (lpAddress=0xc000376000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0150.345] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0150.346] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0150.347] VirtualFree (lpAddress=0xc00016a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.349] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.350] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.351] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.352] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.353] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.354] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.354] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.355] VirtualFree (lpAddress=0xc000072000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0150.356] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.357] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.362] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.363] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.364] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000431818, lpReserved=0x0 | out: lpBuffer=0xc000586000*, lpNumberOfCharsWritten=0xc000431818*=0x3) returned 1 [0150.371] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.398] SetEvent (hEvent=0xbb0) returned 1 [0150.398] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.438] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.450] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.462] SetEvent (hEvent=0xb50) returned 1 [0150.462] VirtualFree (lpAddress=0xc000654000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0150.464] VirtualFree (lpAddress=0xc000316000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.465] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010058*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000459818, lpReserved=0x0 | out: lpBuffer=0xc000010058*, lpNumberOfCharsWritten=0xc000459818*=0x3) returned 1 [0150.468] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0150.505] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*", lpFindFileData=0xc0004219f8 | out: lpFindFileData=0xc0004219f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0150.505] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000421720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0150.505] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.509] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.570] SetEvent (hEvent=0xbc8) returned 1 [0150.570] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.571] SetEvent (hEvent=0xbc8) returned 1 [0150.572] SetEvent (hEvent=0xa78) returned 1 [0150.572] VirtualFree (lpAddress=0xc0006a4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0150.573] VirtualFree (lpAddress=0xc000212000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0150.575] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.575] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.576] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.577] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.578] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.579] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.580] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.581] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0003e9818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc0003e9818*=0x3) returned 1 [0150.585] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.635] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.686] SetEvent (hEvent=0xb50) returned 1 [0150.686] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.687] SetEvent (hEvent=0xb50) returned 1 [0150.687] SetEvent (hEvent=0x988) returned 1 [0150.687] VirtualFree (lpAddress=0xc00072c000, dwSize=0x6c000, dwFreeType=0x4000) returned 1 [0150.692] VirtualFree (lpAddress=0xc0006e4000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0150.694] VirtualFree (lpAddress=0xc000690000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0150.696] VirtualFree (lpAddress=0xc00066c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0150.697] VirtualFree (lpAddress=0xc000556000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0150.698] VirtualFree (lpAddress=0xc000526000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0150.700] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.700] VirtualFree (lpAddress=0xc00031c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0150.701] VirtualFree (lpAddress=0xc0002ca000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0150.702] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.703] VirtualFree (lpAddress=0xc00024e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0150.704] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.705] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.706] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.707] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.708] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.709] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.710] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.711] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.712] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.713] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.714] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.714] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.715] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.717] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000421818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc000421818*=0x3) returned 1 [0150.734] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.761] SetEvent (hEvent=0x920) returned 1 [0150.761] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.762] SetEvent (hEvent=0xb50) returned 1 [0150.762] SetEvent (hEvent=0xa80) returned 1 [0150.762] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.776] SetEvent (hEvent=0xb50) returned 1 [0150.776] SetEvent (hEvent=0xb58) returned 1 [0150.776] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.782] SetEvent (hEvent=0x100) returned 1 [0150.782] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.784] SetEvent (hEvent=0x8d0) returned 1 [0150.784] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0150.795] SetEvent (hEvent=0x208) returned 1 [0150.796] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0151.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EuhSMC2pzLMt_.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\euhsmc2pzlmt_.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6b4 [0151.042] GetConsoleMode (in: hConsoleHandle=0x6b4, lpMode=0xc00046bcf4 | out: lpMode=0xc00046bcf4) returned 0 [0151.052] GetFileType (hFile=0x6b4) returned 0x1 [0151.052] GetFileType (hFile=0x6b4) returned 0x1 [0151.052] GetFileInformationByHandle (in: hFile=0x6b4, lpFileInformation=0xc00046bd44 | out: lpFileInformation=0xc00046bd44) returned 1 [0151.053] GetFileInformationByHandleEx (in: hFile=0x6b4, FileInformationClass=0x9, lpFileInformation=0xc00046bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00046bd28) returned 1 [0151.053] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0151.055] ReadFile (in: hFile=0x6b4, lpBuffer=0xc000058000, nNumberOfBytesToRead=0x10c8, lpNumberOfBytesRead=0xc00046bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesRead=0xc00046bc04*=0xec8, lpOverlapped=0x0) returned 1 [0151.056] ReadFile (in: hFile=0x6b4, lpBuffer=0xc000058ec8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00046bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000058ec8*, lpNumberOfBytesRead=0xc00046bc04*=0x0, lpOverlapped=0x0) returned 1 [0151.056] CloseHandle (hObject=0x6b4) returned 1 [0151.056] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0151.057] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EuhSMC2pzLMt_.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\euhsmc2pzlmt_.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6b4 [0151.059] GetConsoleMode (in: hConsoleHandle=0x6b4, lpMode=0xc00046bd04 | out: lpMode=0xc00046bd04) returned 0 [0151.173] GetFileType (hFile=0x6b4) returned 0x1 [0151.173] WriteFile (in: hFile=0x6b4, lpBuffer=0xc000060000*, nNumberOfBytesToWrite=0xed0, lpNumberOfBytesWritten=0xc00046bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesWritten=0xc00046bcec*=0xed0, lpOverlapped=0x0) returned 1 [0151.174] CloseHandle (hObject=0x6b4) returned 1 [0151.175] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1e01 | out: pbBuffer=0xc0000e1e01) returned 1 [0151.175] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0151.176] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0151.178] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0151.179] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EuhSMC2pzLMt_.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\euhsmc2pzlmt_.avi"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6b4 [0151.179] GetConsoleMode (in: hConsoleHandle=0x6b4, lpMode=0xc00046bd64 | out: lpMode=0xc00046bd64) returned 0 [0151.189] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0151.453] SetEvent (hEvent=0x988) returned 1 [0151.453] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0151.509] SetEvent (hEvent=0x990) returned 1 [0151.509] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0151.616] SetEvent (hEvent=0x9b8) returned 1 [0151.616] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0151.671] SetEvent (hEvent=0xa40) returned 1 [0151.671] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0151.684] SetEvent (hEvent=0xb38) returned 1 [0151.684] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0151.755] SetEvent (hEvent=0xa68) returned 1 [0151.755] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PQC qu7jynQj.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pqc qu7jynqj.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x780 [0151.756] GetConsoleMode (in: hConsoleHandle=0x780, lpMode=0xc000031cf4 | out: lpMode=0xc000031cf4) returned 0 [0151.764] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0152.296] GetFileType (hFile=0x780) returned 0x1 [0152.296] GetFileType (hFile=0x780) returned 0x1 [0152.296] GetFileInformationByHandle (in: hFile=0x780, lpFileInformation=0xc000031d44 | out: lpFileInformation=0xc000031d44) returned 1 [0152.296] GetFileInformationByHandleEx (in: hFile=0x780, FileInformationClass=0x9, lpFileInformation=0xc000031d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000031d28) returned 1 [0152.296] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0152.298] ReadFile (in: hFile=0x780, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x812c, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc000031c04*=0x7f2c, lpOverlapped=0x0) returned 1 [0152.299] ReadFile (in: hFile=0x780, lpBuffer=0xc0002abf2c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000031c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002abf2c*, lpNumberOfBytesRead=0xc000031c04*=0x0, lpOverlapped=0x0) returned 1 [0152.299] CloseHandle (hObject=0x780) returned 1 [0152.299] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0152.301] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\PQC qu7jynQj.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pqc qu7jynqj.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0152.303] GetConsoleMode (in: hConsoleHandle=0x780, lpMode=0xc000031d04 | out: lpMode=0xc000031d04) returned 0 [0152.306] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0152.458] SetEvent (hEvent=0xb40) returned 1 [0152.458] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0161.276] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\hvX0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\hvx0.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5c4 [0162.046] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0002cbcf4 | out: lpMode=0xc0002cbcf4) returned 0 [0162.405] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0162.595] SetEvent (hEvent=0xc5c) returned 1 [0162.596] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0163.511] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0163.511] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0163.513] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0163.514] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0163.515] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oeX7FVsDs_QXQ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\oex7fvsds_qxq.xlsx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40c [0163.515] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc00043bd64 | out: lpMode=0xc00043bd64) returned 0 [0163.515] GetFileType (hFile=0x40c) returned 0x1 [0163.516] WriteFile (in: hFile=0x40c, lpBuffer=0xc0001202c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00043bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001202c0*, lpNumberOfBytesWritten=0xc00043bd4c*=0x158, lpOverlapped=0x0) returned 1 [0163.516] CloseHandle (hObject=0x40c) returned 1 [0163.516] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oeX7FVsDs_QXQ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\oex7fvsds_qxq.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-oeX7FVsDs_QXQ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-oex7fvsds_qxq.xlsx"), dwFlags=0x1) returned 1 [0163.518] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3793f698, ulCount=0x10, ulNumEntriesRemoved=0x3793f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3793f698, ulNumEntriesRemoved=0x3793f66c) returned 0 [0163.518] SetEvent (hEvent=0x980) returned 1 [0163.519] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe08*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0163.520] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0163.520] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe08*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0163.522] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe08*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.522] SwitchToThread () returned 1 [0163.523] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3793f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3793f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3793f6a0, ulNumEntriesRemoved=0x3793f674) returned 0 [0163.523] SetEvent (hEvent=0x980) returned 1 [0163.523] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3793fe18*=0xa38, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.576] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00029a090*, nNumberOfCharsToWrite=0x46, lpNumberOfCharsWritten=0xc000517808, lpReserved=0x0 | out: lpBuffer=0xc00029a090*, lpNumberOfCharsWritten=0xc000517808*=0x46) returned 1 [0163.581] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0163.582] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0163.582] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0163.583] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0163.584] VirtualAlloc (lpAddress=0xc0000e4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e4000 [0163.585] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0163.586] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0166.441] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2\\*", lpFindFileData=0xc000517a68 | out: lpFindFileData=0xc000517a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0166.441] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc000517720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0166.441] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0166.517] SetEvent (hEvent=0xb48) returned 1 [0166.517] SetEvent (hEvent=0x980) returned 1 [0166.517] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d4090*, nNumberOfCharsToWrite=0x43, lpNumberOfCharsWritten=0xc0002e7808, lpReserved=0x0 | out: lpBuffer=0xc0003d4090*, lpNumberOfCharsWritten=0xc0002e7808*=0x43) returned 1 [0166.691] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) returned 0x0 [0166.747] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00000a1e0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0002e7808, lpReserved=0x0 | out: lpBuffer=0xc00000a1e0*, lpNumberOfCharsWritten=0xc0002e7808*=0x11) returned 1 [0166.748] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00000a210*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0002e7808, lpReserved=0x0 | out: lpBuffer=0xc00000a210*, lpNumberOfCharsWritten=0xc0002e7808*=0x11) returned 1 [0166.749] VirtualAlloc (lpAddress=0xc0003f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f8000 [0166.751] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-My Documents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-my documents"), dwFlags=0x1) returned 1 [0167.379] WaitForSingleObject (hHandle=0xa38, dwMilliseconds=0xffffffff) Thread: id = 135 os_tid = 0xae0 [0142.017] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x37b3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x37b3fea0*=0x690) returned 1 [0142.017] VirtualQuery (in: lpAddress=0x37b3fec0, lpBuffer=0x37b3fec0, dwLength=0x30 | out: lpBuffer=0x37b3fec0*(BaseAddress=0x37b3f000, AllocationBase=0x37940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LWPism.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lwpism.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x694 [0142.018] GetConsoleMode (in: hConsoleHandle=0x694, lpMode=0xc0003b5cf4 | out: lpMode=0xc0003b5cf4) returned 0 [0142.019] GetFileType (hFile=0x694) returned 0x1 [0142.019] GetFileType (hFile=0x694) returned 0x1 [0142.019] GetFileInformationByHandle (in: hFile=0x694, lpFileInformation=0xc0003b5d44 | out: lpFileInformation=0xc0003b5d44) returned 1 [0142.020] GetFileInformationByHandleEx (in: hFile=0x694, FileInformationClass=0x9, lpFileInformation=0xc0003b5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003b5d28) returned 1 [0142.020] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0142.022] ReadFile (in: hFile=0x694, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x42d, lpNumberOfBytesRead=0xc0003b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0003b5c04*=0x22d, lpOverlapped=0x0) returned 1 [0142.696] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa40 [0142.696] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa44 [0142.696] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0143.702] ReadFile (in: hFile=0x694, lpBuffer=0xc0002a422d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a422d*, lpNumberOfBytesRead=0xc0003b5c04*=0x0, lpOverlapped=0x0) returned 1 [0143.702] CloseHandle (hObject=0x694) returned 1 [0143.702] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LWPism.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lwpism.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b8 [0143.740] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0144.556] GetConsoleMode (in: hConsoleHandle=0x5b8, lpMode=0xc0003b5d04 | out: lpMode=0xc0003b5d04) returned 0 [0144.559] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0144.907] GetFileType (hFile=0x5b8) returned 0x1 [0144.907] WriteFile (in: hFile=0x5b8, lpBuffer=0xc000250000*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0xc0003b5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000250000*, lpNumberOfBytesWritten=0xc0003b5cec*=0x230, lpOverlapped=0x0) returned 1 [0144.908] CloseHandle (hObject=0x5b8) returned 1 [0144.913] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0145.523] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0145.523] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LWPism.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lwpism.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x474 [0145.523] GetConsoleMode (in: hConsoleHandle=0x474, lpMode=0xc0003b5d64 | out: lpMode=0xc0003b5d64) returned 0 [0145.524] GetFileType (hFile=0x474) returned 0x1 [0145.524] WriteFile (in: hFile=0x474, lpBuffer=0xc0006151e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003b5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006151e0*, lpNumberOfBytesWritten=0xc0003b5d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.525] CloseHandle (hObject=0x474) returned 1 [0145.526] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0146.075] SetEvent (hEvent=0xc0) returned 1 [0146.075] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LWPism.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lwpism.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-LWPism.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-lwpism.lnk"), dwFlags=0x1) returned 1 [0150.670] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0151.295] SetEvent (hEvent=0xa68) returned 1 [0151.295] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0151.299] SetEvent (hEvent=0xa68) returned 1 [0151.299] VirtualFree (lpAddress=0xc0006d8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.301] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0151.302] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0151.303] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\main.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\main.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0151.304] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc00018bcf4 | out: lpMode=0xc00018bcf4) returned 0 [0151.319] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0151.680] SetEvent (hEvent=0x114) returned 1 [0151.680] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0151.684] SetEvent (hEvent=0xb10) returned 1 [0151.685] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0151.755] SetEvent (hEvent=0x960) returned 1 [0151.755] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0161.560] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0161.561] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0161.562] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0161.564] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0161.565] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0161.568] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0161.569] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0161.570] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0161.571] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0161.572] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0161.574] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0161.575] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0161.576] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0161.578] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0161.579] SetEvent (hEvent=0x978) returned 1 [0161.580] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc500*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000441818, lpReserved=0x0 | out: lpBuffer=0xc0000bc500*, lpNumberOfCharsWritten=0xc000441818*=0x4) returned 1 [0161.581] SetEvent (hEvent=0x978) returned 1 [0161.582] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc508*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000443818, lpReserved=0x0 | out: lpBuffer=0xc0000bc508*, lpNumberOfCharsWritten=0xc000443818*=0x4) returned 1 [0161.583] SetEvent (hEvent=0x978) returned 1 [0161.583] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc510*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000403818, lpReserved=0x0 | out: lpBuffer=0xc0000bc510*, lpNumberOfCharsWritten=0xc000403818*=0x4) returned 1 [0161.584] SetEvent (hEvent=0x978) returned 1 [0161.584] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc518*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001e5818, lpReserved=0x0 | out: lpBuffer=0xc0000bc518*, lpNumberOfCharsWritten=0xc0001e5818*=0x4) returned 1 [0161.585] SetEvent (hEvent=0x978) returned 1 [0161.585] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc520*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003c7818, lpReserved=0x0 | out: lpBuffer=0xc0000bc520*, lpNumberOfCharsWritten=0xc0003c7818*=0x4) returned 1 [0161.586] SetEvent (hEvent=0x978) returned 1 [0161.586] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc528*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000445818, lpReserved=0x0 | out: lpBuffer=0xc0000bc528*, lpNumberOfCharsWritten=0xc000445818*=0x4) returned 1 [0161.588] SetEvent (hEvent=0x978) returned 1 [0161.588] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc530*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001db818, lpReserved=0x0 | out: lpBuffer=0xc0000bc530*, lpNumberOfCharsWritten=0xc0001db818*=0x4) returned 1 [0161.589] SetEvent (hEvent=0x978) returned 1 [0161.590] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc538*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000467818, lpReserved=0x0 | out: lpBuffer=0xc0000bc538*, lpNumberOfCharsWritten=0xc000467818*=0x4) returned 1 [0161.591] SetEvent (hEvent=0x978) returned 1 [0161.591] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc540*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000471818, lpReserved=0x0 | out: lpBuffer=0xc0000bc540*, lpNumberOfCharsWritten=0xc000471818*=0x4) returned 1 [0161.592] SetEvent (hEvent=0x978) returned 1 [0161.592] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc548*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002df818, lpReserved=0x0 | out: lpBuffer=0xc0000bc548*, lpNumberOfCharsWritten=0xc0002df818*=0x4) returned 1 [0161.597] SetEvent (hEvent=0x978) returned 1 [0161.597] VirtualAlloc (lpAddress=0xc00021c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021c000 [0161.599] VirtualAlloc (lpAddress=0xc00021e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021e000 [0161.601] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00021e000*, nNumberOfCharsToWrite=0x4c, lpNumberOfCharsWritten=0xc00044b808, lpReserved=0x0 | out: lpBuffer=0xc00021e000*, lpNumberOfCharsWritten=0xc00044b808*=0x4c) returned 1 [0161.602] SetEvent (hEvent=0x978) returned 1 [0161.602] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0161.603] VirtualAlloc (lpAddress=0xc000282000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000282000 [0161.604] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x474 [0162.101] GetConsoleMode (in: hConsoleHandle=0x474, lpMode=0xc00044bd64 | out: lpMode=0xc00044bd64) returned 0 [0162.414] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0162.600] SetEvent (hEvent=0xb58) returned 1 [0162.601] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0162.705] SetEvent (hEvent=0xa8) returned 1 [0162.705] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0162.770] WriteFile (in: hFile=0x79c, lpBuffer=0xc0005e4000*, nNumberOfBytesToWrite=0xc6e0, lpNumberOfBytesWritten=0xc000301cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005e4000*, lpNumberOfBytesWritten=0xc000301cec*=0xc6e0, lpOverlapped=0x0) returned 1 [0162.773] CloseHandle (hObject=0x79c) returned 1 [0162.774] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0162.774] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\7znj_LIq7Lm-2.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\7znj_liq7lm-2.gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0162.774] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc000301d64 | out: lpMode=0xc000301d64) returned 0 [0162.774] GetFileType (hFile=0x79c) returned 0x1 [0162.774] WriteFile (in: hFile=0x79c, lpBuffer=0xc0001206e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000301d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001206e0*, lpNumberOfBytesWritten=0xc000301d4c*=0x158, lpOverlapped=0x0) returned 1 [0162.774] CloseHandle (hObject=0x79c) returned 1 [0162.775] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\7znj_LIq7Lm-2.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\7znj_liq7lm-2.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\encry-7znj_LIq7Lm-2.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\encry-7znj_liq7lm-2.gif"), dwFlags=0x1) returned 1 [0162.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\LLYs3yiQVYC_7Z9szy.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\llys3yiqvyc_7z9szy.m4a"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0162.777] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc00012dd64 | out: lpMode=0xc00012dd64) returned 0 [0162.777] GetFileType (hFile=0x79c) returned 0x1 [0162.777] WriteFile (in: hFile=0x79c, lpBuffer=0xc000120c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000120c60*, lpNumberOfBytesWritten=0xc00012dd4c*=0x158, lpOverlapped=0x0) returned 1 [0162.777] CloseHandle (hObject=0x79c) returned 1 [0162.777] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\LLYs3yiQVYC_7Z9szy.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\llys3yiqvyc_7z9szy.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\encry-LLYs3yiQVYC_7Z9szy.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\encry-llys3yiqvyc_7z9szy.m4a"), dwFlags=0x1) returned 1 [0162.779] GetFileType (hFile=0x454) returned 0x1 [0162.779] GetFileInformationByHandle (in: hFile=0x454, lpFileInformation=0xc0003a5d44 | out: lpFileInformation=0xc0003a5d44) returned 1 [0162.779] GetFileInformationByHandleEx (in: hFile=0x454, FileInformationClass=0x9, lpFileInformation=0xc0003a5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003a5d28) returned 1 [0162.779] ReadFile (in: hFile=0x454, lpBuffer=0xc000060000, nNumberOfBytesToRead=0x1cf5, lpNumberOfBytesRead=0xc0003a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfBytesRead=0xc0003a5c04*=0x1af5, lpOverlapped=0x0) returned 1 [0162.781] ReadFile (in: hFile=0x454, lpBuffer=0xc000061af5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000061af5*, lpNumberOfBytesRead=0xc0003a5c04*=0x0, lpOverlapped=0x0) returned 1 [0162.781] CloseHandle (hObject=0x454) returned 1 [0162.781] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0162.785] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\Ih6s_VaPthnsN.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\ih6s_vapthnsn.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454 [0162.786] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0xc0003a5d04 | out: lpMode=0xc0003a5d04) returned 0 [0162.787] GetFileType (hFile=0x454) returned 0x1 [0162.787] WriteFile (in: hFile=0x454, lpBuffer=0xc000230000*, nNumberOfBytesToWrite=0x1b00, lpNumberOfBytesWritten=0xc0003a5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesWritten=0xc0003a5cec*=0x1b00, lpOverlapped=0x0) returned 1 [0162.789] CloseHandle (hObject=0x454) returned 1 [0162.789] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0301 | out: pbBuffer=0xc0002f0301) returned 1 [0162.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\Ih6s_VaPthnsN.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\ih6s_vapthnsn.m4a"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454 [0162.789] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0xc0003a5d64 | out: lpMode=0xc0003a5d64) returned 0 [0162.790] GetFileType (hFile=0x454) returned 0x1 [0162.790] WriteFile (in: hFile=0x454, lpBuffer=0xc0001211e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003a5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001211e0*, lpNumberOfBytesWritten=0xc0003a5d4c*=0x158, lpOverlapped=0x0) returned 1 [0162.790] CloseHandle (hObject=0x454) returned 1 [0162.790] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\Ih6s_VaPthnsN.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\ih6s_vapthnsn.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\encry-Ih6s_VaPthnsN.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\encry-ih6s_vapthnsn.m4a"), dwFlags=0x1) returned 1 [0162.792] GetFileType (hFile=0x568) returned 0x1 [0162.792] GetFileInformationByHandle (in: hFile=0x568, lpFileInformation=0xc00038dd44 | out: lpFileInformation=0xc00038dd44) returned 1 [0162.792] GetFileInformationByHandleEx (in: hFile=0x568, FileInformationClass=0x9, lpFileInformation=0xc00038dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00038dd28) returned 1 [0162.792] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e4000 [0162.797] ReadFile (in: hFile=0x568, lpBuffer=0xc0006e4000, nNumberOfBytesToRead=0x10dac, lpNumberOfBytesRead=0xc00038dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0006e4000*, lpNumberOfBytesRead=0xc00038dc04*=0x10bac, lpOverlapped=0x0) returned 1 [0162.799] ReadFile (in: hFile=0x568, lpBuffer=0xc0006f4bac, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00038dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0006f4bac*, lpNumberOfBytesRead=0xc00038dc04*=0x0, lpOverlapped=0x0) returned 1 [0162.799] CloseHandle (hObject=0x568) returned 1 [0162.800] VirtualAlloc (lpAddress=0xc000766000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000766000 [0162.804] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\lBbcWrlgX.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\lbbcwrlgx.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x568 [0162.806] GetConsoleMode (in: hConsoleHandle=0x568, lpMode=0xc00038dd04 | out: lpMode=0xc00038dd04) returned 0 [0162.807] GetFileType (hFile=0x568) returned 0x1 [0162.807] WriteFile (in: hFile=0x568, lpBuffer=0xc000766000*, nNumberOfBytesToWrite=0x10bb0, lpNumberOfBytesWritten=0xc00038dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000766000*, lpNumberOfBytesWritten=0xc00038dcec*=0x10bb0, lpOverlapped=0x0) returned 1 [0162.811] CloseHandle (hObject=0x568) returned 1 [0162.811] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0162.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\lBbcWrlgX.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\lbbcwrlgx.m4a"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x568 [0162.811] GetConsoleMode (in: hConsoleHandle=0x568, lpMode=0xc00038dd64 | out: lpMode=0xc00038dd64) returned 0 [0162.812] GetFileType (hFile=0x568) returned 0x1 [0162.812] WriteFile (in: hFile=0x568, lpBuffer=0xc0001218c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00038dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001218c0*, lpNumberOfBytesWritten=0xc00038dd4c*=0x158, lpOverlapped=0x0) returned 1 [0162.812] CloseHandle (hObject=0x568) returned 1 [0162.812] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\lBbcWrlgX.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\lbbcwrlgx.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\encry-lBbcWrlgX.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\encry-lbbcwrlgx.m4a"), dwFlags=0x1) returned 1 [0162.814] SwitchToThread () returned 1 [0162.925] SetEvent (hEvent=0xae0) returned 1 [0162.925] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0163.484] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0163.485] WriteFile (in: hFile=0x2fc, lpBuffer=0xc0005ca000*, nNumberOfBytesToWrite=0xb650, lpNumberOfBytesWritten=0xc0002f5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005ca000*, lpNumberOfBytesWritten=0xc0002f5cec*=0xb650, lpOverlapped=0x0) returned 1 [0166.121] SetEvent (hEvent=0xc0) returned 1 [0166.121] CloseHandle (hObject=0x2fc) returned 1 [0166.713] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0166.847] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0166.847] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\-7NpFxydsa0tJA.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\-7npfxydsa0tja.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0166.857] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0166.986] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc0002f5d64 | out: lpMode=0xc0002f5d64) returned 0 [0166.989] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) returned 0x0 [0167.032] GetFileType (hFile=0x8a4) returned 0x1 [0167.032] WriteFile (in: hFile=0x8a4, lpBuffer=0xc0000c2b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002f5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000c2b00*, lpNumberOfBytesWritten=0xc0002f5d4c*=0x158, lpOverlapped=0x0) returned 1 [0167.032] CloseHandle (hObject=0x8a4) returned 1 [0167.032] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\-7NpFxydsa0tJA.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\-7npfxydsa0tja.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\encry--7NpFxydsa0tJA.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\encry--7npfxydsa0tja.png"), dwFlags=0x1) returned 1 [0167.390] WaitForSingleObject (hHandle=0xa40, dwMilliseconds=0xffffffff) Thread: id = 136 os_tid = 0xab0 [0142.023] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x37d3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x37d3fea0*=0x67c) returned 1 [0142.025] VirtualQuery (in: lpAddress=0x37d3fec0, lpBuffer=0x37d3fec0, dwLength=0x30 | out: lpBuffer=0x37d3fec0*(BaseAddress=0x37d3f000, AllocationBase=0x37b40000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.025] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Y138cXvDjo.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\y138cxvdjo.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x698 [0142.026] GetConsoleMode (in: hConsoleHandle=0x698, lpMode=0xc00041dcf4 | out: lpMode=0xc00041dcf4) returned 0 [0142.027] GetFileType (hFile=0x698) returned 0x1 [0142.027] GetFileType (hFile=0x698) returned 0x1 [0142.027] GetFileInformationByHandle (in: hFile=0x698, lpFileInformation=0xc00041dd44 | out: lpFileInformation=0xc00041dd44) returned 1 [0142.028] GetFileInformationByHandleEx (in: hFile=0x698, FileInformationClass=0x9, lpFileInformation=0xc00041dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00041dd28) returned 1 [0142.028] ReadFile (in: hFile=0x698, lpBuffer=0xc000369800, nNumberOfBytesToRead=0xbd8, lpNumberOfBytesRead=0xc00041dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000369800*, lpNumberOfBytesRead=0xc00041dc04*=0x9d8, lpOverlapped=0x0) returned 1 [0142.697] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa48 [0142.697] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa4c [0142.697] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0143.735] ReadFile (in: hFile=0x698, lpBuffer=0xc00036a1d8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00041dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00036a1d8*, lpNumberOfBytesRead=0xc00041dc04*=0x0, lpOverlapped=0x0) returned 1 [0143.735] CloseHandle (hObject=0x698) returned 1 [0143.735] VirtualAlloc (lpAddress=0xc0006ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ec000 [0143.736] VirtualAlloc (lpAddress=0xc0006ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ee000 [0143.738] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Y138cXvDjo.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\y138cxvdjo.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c0 [0143.755] GetConsoleMode (in: hConsoleHandle=0x5c0, lpMode=0xc00041dd04 | out: lpMode=0xc00041dd04) returned 0 [0143.757] GetFileType (hFile=0x5c0) returned 0x1 [0143.757] WriteFile (in: hFile=0x5c0, lpBuffer=0xc0006ec000*, nNumberOfBytesToWrite=0x9e0, lpNumberOfBytesWritten=0xc00041dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0006ec000*, lpNumberOfBytesWritten=0xc00041dcec*=0x9e0, lpOverlapped=0x0) returned 1 [0143.758] CloseHandle (hObject=0x5c0) returned 1 [0143.770] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0144.597] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533501 | out: pbBuffer=0xc000533501) returned 1 [0144.597] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0144.598] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0144.599] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0144.600] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Y138cXvDjo.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\y138cxvdjo.mkv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x564 [0144.600] GetConsoleMode (in: hConsoleHandle=0x564, lpMode=0xc00041dd64 | out: lpMode=0xc00041dd64) returned 0 [0144.605] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0145.459] GetFileType (hFile=0x564) returned 0x1 [0145.459] WriteFile (in: hFile=0x564, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00041dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc00041dd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.459] CloseHandle (hObject=0x564) returned 1 [0145.471] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Y138cXvDjo.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\y138cxvdjo.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-Y138cXvDjo.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-y138cxvdjo.mkv.lnk"), dwFlags=0x1) returned 1 [0147.862] WaitForMultipleObjects (nCount=0x2, lpHandles=0x37d3fe30*=0xa48, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.863] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x37d3f698, ulCount=0x10, ulNumEntriesRemoved=0x37d3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x37d3f698, ulNumEntriesRemoved=0x37d3f66c) returned 0 [0147.863] SetEvent (hEvent=0xa38) returned 1 [0147.863] SetEvent (hEvent=0x1f8) returned 1 [0147.863] SetEvent (hEvent=0x448) returned 1 [0147.864] WaitForMultipleObjects (nCount=0x2, lpHandles=0x37d3fe08*=0xa48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.868] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0147.868] SetEvent (hEvent=0x1f8) returned 1 [0147.868] WaitForMultipleObjects (nCount=0x2, lpHandles=0x37d3fe08*=0xa48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.877] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0147.877] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x37d3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x37d3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x37d3f6a0, ulNumEntriesRemoved=0x37d3f674) returned 0 [0147.877] SetEvent (hEvent=0x264) returned 1 [0147.877] SetEvent (hEvent=0xc80) returned 1 [0147.877] SetEvent (hEvent=0xa38) returned 1 [0147.878] WaitForMultipleObjects (nCount=0x2, lpHandles=0x37d3fe18*=0xa48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.880] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0147.880] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x494 [0147.881] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc000409cf4 | out: lpMode=0xc000409cf4) returned 0 [0147.886] GetFileType (hFile=0x494) returned 0x1 [0147.886] GetFileType (hFile=0x494) returned 0x1 [0147.886] GetFileInformationByHandle (in: hFile=0x494, lpFileInformation=0xc000409d44 | out: lpFileInformation=0xc000409d44) returned 1 [0147.886] GetFileInformationByHandleEx (in: hFile=0x494, FileInformationClass=0x9, lpFileInformation=0xc000409d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000409d28) returned 1 [0147.886] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x52000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0147.913] ReadFile (in: hFile=0x494, lpBuffer=0xc00058e000, nNumberOfBytesToRead=0x50200, lpNumberOfBytesRead=0xc000409c04, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesRead=0xc000409c04*=0x50000, lpOverlapped=0x0) returned 1 [0148.867] ReadFile (in: hFile=0x494, lpBuffer=0xc0005de000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000409c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005de000*, lpNumberOfBytesRead=0xc000409c04*=0x0, lpOverlapped=0x0) returned 1 [0148.867] CloseHandle (hObject=0x494) returned 1 [0148.867] VirtualAlloc (lpAddress=0xc00072c000, dwSize=0x52000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00072c000 [0148.879] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\signons.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x748 [0150.508] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0150.519] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc000409d04 | out: lpMode=0xc000409d04) returned 0 [0150.529] GetFileType (hFile=0x748) returned 0x1 [0150.529] WriteFile (in: hFile=0x748, lpBuffer=0xc00072c000*, nNumberOfBytesToWrite=0x50010, lpNumberOfBytesWritten=0xc000409cec, lpOverlapped=0x0 | out: lpBuffer=0xc00072c000*, lpNumberOfBytesWritten=0xc000409cec*=0x50010, lpOverlapped=0x0) returned 1 [0150.596] CloseHandle (hObject=0x748) returned 1 [0150.683] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0151.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x704 [0151.194] GetConsoleMode (in: hConsoleHandle=0x704, lpMode=0xc0002d5cf4 | out: lpMode=0xc0002d5cf4) returned 0 [0151.198] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0151.619] GetFileType (hFile=0x704) returned 0x1 [0151.619] GetFileType (hFile=0x704) returned 0x1 [0151.619] GetFileInformationByHandle (in: hFile=0x704, lpFileInformation=0xc0002d5d44 | out: lpFileInformation=0xc0002d5d44) returned 1 [0151.619] GetFileInformationByHandleEx (in: hFile=0x704, FileInformationClass=0x9, lpFileInformation=0xc0002d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d5d28) returned 1 [0151.619] ReadFile (in: hFile=0x704, lpBuffer=0xc00011ce00, nNumberOfBytesToRead=0x699, lpNumberOfBytesRead=0xc0002d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011ce00*, lpNumberOfBytesRead=0xc0002d5c04*=0x499, lpOverlapped=0x0) returned 1 [0151.633] ReadFile (in: hFile=0x704, lpBuffer=0xc00011d299, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011d299*, lpNumberOfBytesRead=0xc0002d5c04*=0x0, lpOverlapped=0x0) returned 1 [0151.633] CloseHandle (hObject=0x704) returned 1 [0151.634] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x704 [0151.635] GetConsoleMode (in: hConsoleHandle=0x704, lpMode=0xc0002d5d04 | out: lpMode=0xc0002d5d04) returned 0 [0151.655] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0152.114] GetFileType (hFile=0x704) returned 0x1 [0152.114] WriteFile (in: hFile=0x704, lpBuffer=0xc00006c000*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0xc0002d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesWritten=0xc0002d5cec*=0x4a0, lpOverlapped=0x0) returned 1 [0152.117] CloseHandle (hObject=0x704) returned 1 [0152.117] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0152.117] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x704 [0152.118] GetConsoleMode (in: hConsoleHandle=0x704, lpMode=0xc0002d5d64 | out: lpMode=0xc0002d5d64) returned 0 [0152.125] GetFileType (hFile=0x704) returned 0x1 [0152.125] WriteFile (in: hFile=0x704, lpBuffer=0xc0001049a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001049a0*, lpNumberOfBytesWritten=0xc0002d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0152.125] CloseHandle (hObject=0x704) returned 1 [0152.125] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\chucu jadnvk.contact"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\encry-chucu jadnvk.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\encry-chucu jadnvk.contact"), dwFlags=0x1) returned 1 [0152.127] SetEvent (hEvent=0x990) returned 1 [0152.127] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0152.156] VirtualFree (lpAddress=0xc000514000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0152.158] VirtualFree (lpAddress=0xc0004e0000, dwSize=0x24000, dwFreeType=0x4000) returned 1 [0152.160] VirtualFree (lpAddress=0xc000498000, dwSize=0x1a000, dwFreeType=0x4000) returned 1 [0152.162] VirtualFree (lpAddress=0xc000358000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0152.163] VirtualFree (lpAddress=0xc0002ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.164] VirtualFree (lpAddress=0xc0002e2000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0152.166] VirtualFree (lpAddress=0xc0002ca000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0152.167] VirtualFree (lpAddress=0xc0002aa000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0152.168] VirtualFree (lpAddress=0xc000282000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.169] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.170] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.171] SetEvent (hEvent=0x28c) returned 1 [0152.171] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0161.421] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0161.422] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0161.423] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0161.425] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0161.426] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0161.427] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0161.428] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0161.430] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0161.431] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0161.432] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0161.433] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0161.434] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0161.435] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0161.466] SetEvent (hEvent=0xac8) returned 1 [0161.466] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0640*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000413818, lpReserved=0x0 | out: lpBuffer=0xc0000a0640*, lpNumberOfCharsWritten=0xc000413818*=0x4) returned 1 [0161.467] SetEvent (hEvent=0xac8) returned 1 [0161.468] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0161.469] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0648*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001ad818, lpReserved=0x0 | out: lpBuffer=0xc0000a0648*, lpNumberOfCharsWritten=0xc0001ad818*=0x4) returned 1 [0161.471] SetEvent (hEvent=0xac8) returned 1 [0161.471] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0650*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000273818, lpReserved=0x0 | out: lpBuffer=0xc0000a0650*, lpNumberOfCharsWritten=0xc000273818*=0x4) returned 1 [0161.472] SetEvent (hEvent=0xac8) returned 1 [0161.472] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0658*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001cb818, lpReserved=0x0 | out: lpBuffer=0xc0000a0658*, lpNumberOfCharsWritten=0xc0001cb818*=0x4) returned 1 [0161.473] SetEvent (hEvent=0xac8) returned 1 [0161.473] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0660*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004db818, lpReserved=0x0 | out: lpBuffer=0xc0000a0660*, lpNumberOfCharsWritten=0xc0004db818*=0x4) returned 1 [0161.474] SetEvent (hEvent=0xac8) returned 1 [0161.475] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0668*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002d5818, lpReserved=0x0 | out: lpBuffer=0xc0000a0668*, lpNumberOfCharsWritten=0xc0002d5818*=0x4) returned 1 [0161.485] SetEvent (hEvent=0xac8) returned 1 [0161.485] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc410*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000457818, lpReserved=0x0 | out: lpBuffer=0xc0000bc410*, lpNumberOfCharsWritten=0xc000457818*=0x4) returned 1 [0161.487] SetEvent (hEvent=0xae0) returned 1 [0161.487] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0670*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000211818, lpReserved=0x0 | out: lpBuffer=0xc0000a0670*, lpNumberOfCharsWritten=0xc000211818*=0x4) returned 1 [0161.489] SetEvent (hEvent=0xae0) returned 1 [0161.489] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586900*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003c1818, lpReserved=0x0 | out: lpBuffer=0xc000586900*, lpNumberOfCharsWritten=0xc0003c1818*=0x4) returned 1 [0161.491] SetEvent (hEvent=0xae0) returned 1 [0161.491] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0678*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003bb818, lpReserved=0x0 | out: lpBuffer=0xc0000a0678*, lpNumberOfCharsWritten=0xc0003bb818*=0x4) returned 1 [0161.493] SetEvent (hEvent=0xae0) returned 1 [0161.493] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586908*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00020d818, lpReserved=0x0 | out: lpBuffer=0xc000586908*, lpNumberOfCharsWritten=0xc00020d818*=0x4) returned 1 [0161.494] SetEvent (hEvent=0xae0) returned 1 [0161.494] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0680*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001ff818, lpReserved=0x0 | out: lpBuffer=0xc0000a0680*, lpNumberOfCharsWritten=0xc0001ff818*=0x4) returned 1 [0161.496] SetEvent (hEvent=0xac8) returned 1 [0161.497] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586920*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001f3818, lpReserved=0x0 | out: lpBuffer=0xc000586920*, lpNumberOfCharsWritten=0xc0001f3818*=0x4) returned 1 [0161.498] SetEvent (hEvent=0xae0) returned 1 [0161.499] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0161.500] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc418*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003b7818, lpReserved=0x0 | out: lpBuffer=0xc0000bc418*, lpNumberOfCharsWritten=0xc0003b7818*=0x4) returned 1 [0161.502] SetEvent (hEvent=0xae0) returned 1 [0161.502] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0688*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003e7818, lpReserved=0x0 | out: lpBuffer=0xc0000a0688*, lpNumberOfCharsWritten=0xc0003e7818*=0x4) returned 1 [0161.503] SetEvent (hEvent=0xae0) returned 1 [0161.504] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc430*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000277818, lpReserved=0x0 | out: lpBuffer=0xc0000bc430*, lpNumberOfCharsWritten=0xc000277818*=0x4) returned 1 [0161.505] SetEvent (hEvent=0xac8) returned 1 [0161.505] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001621b0*, nNumberOfCharsToWrite=0x45, lpNumberOfCharsWritten=0xc00039b808, lpReserved=0x0 | out: lpBuffer=0xc0001621b0*, lpNumberOfCharsWritten=0xc00039b808*=0x45) returned 1 [0161.506] SetEvent (hEvent=0xac8) returned 1 [0161.506] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0161.507] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.108] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings\\*", lpFindFileData=0xc00039ba08 | out: lpFindFileData=0xc00039ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.108] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00039b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.108] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) returned 0x0 [0162.263] SetEvent (hEvent=0xac8) returned 1 [0162.263] SetEvent (hEvent=0xae0) returned 1 [0162.264] WaitForMultipleObjects (nCount=0x2, lpHandles=0x37d3fe08*=0xa48, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0162.267] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x37d3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x37d3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x37d3f6a0, ulNumEntriesRemoved=0x37d3f674) returned 0 [0162.267] SetEvent (hEvent=0xae0) returned 1 [0162.268] WaitForMultipleObjects (nCount=0x2, lpHandles=0x37d3fe18*=0xa48, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0162.270] WaitForSingleObject (hHandle=0xa48, dwMilliseconds=0xffffffff) Thread: id = 137 os_tid = 0x4dc [0142.028] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x37f3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x37f3fea0*=0x6a0) returned 1 [0142.028] VirtualQuery (in: lpAddress=0x37f3fec0, lpBuffer=0x37f3fec0, dwLength=0x30 | out: lpBuffer=0x37f3fec0*(BaseAddress=0x37f3f000, AllocationBase=0x37d40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VZDot6k.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vzdot6k.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0142.029] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000401cf4 | out: lpMode=0xc000401cf4) returned 0 [0142.030] GetFileType (hFile=0x6a4) returned 0x1 [0142.030] GetFileType (hFile=0x6a4) returned 0x1 [0142.030] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc000401d44 | out: lpFileInformation=0xc000401d44) returned 1 [0142.030] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc000401d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000401d28) returned 1 [0142.030] ReadFile (in: hFile=0x6a4, lpBuffer=0xc00025b000, nNumberOfBytesToRead=0xff7, lpNumberOfBytesRead=0xc000401c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025b000*, lpNumberOfBytesRead=0xc000401c04*=0xdf7, lpOverlapped=0x0) returned 1 [0142.698] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa50 [0142.722] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa54 [0142.726] WaitForSingleObject (hHandle=0xa50, dwMilliseconds=0xffffffff) returned 0x0 [0143.741] ReadFile (in: hFile=0x6a4, lpBuffer=0xc00025bdf7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000401c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025bdf7*, lpNumberOfBytesRead=0xc000401c04*=0x0, lpOverlapped=0x0) returned 1 [0143.741] CloseHandle (hObject=0x6a4) returned 1 [0143.741] VirtualAlloc (lpAddress=0xc0006f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006f0000 [0143.743] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VZDot6k.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vzdot6k.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0143.778] WaitForSingleObject (hHandle=0xa50, dwMilliseconds=0xffffffff) returned 0x0 [0144.626] SetEvent (hEvent=0xc6c) returned 1 [0144.626] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000401d04 | out: lpMode=0xc000401d04) returned 0 [0144.627] WaitForSingleObject (hHandle=0xa50, dwMilliseconds=0xffffffff) returned 0x0 [0145.398] GetFileType (hFile=0x3e0) returned 0x1 [0145.398] WriteFile (in: hFile=0x3e0, lpBuffer=0xc0006f0000*, nNumberOfBytesToWrite=0xe00, lpNumberOfBytesWritten=0xc000401cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006f0000*, lpNumberOfBytesWritten=0xc000401cec*=0xe00, lpOverlapped=0x0) returned 1 [0145.399] CloseHandle (hObject=0x3e0) returned 1 [0145.410] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0145.410] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0145.412] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0145.413] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0145.415] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VZDot6k.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vzdot6k.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x740 [0145.415] GetConsoleMode (in: hConsoleHandle=0x740, lpMode=0xc000401d64 | out: lpMode=0xc000401d64) returned 0 [0145.416] WaitForSingleObject (hHandle=0xa50, dwMilliseconds=0xffffffff) returned 0x0 [0146.033] SetEvent (hEvent=0xb18) returned 1 [0146.033] GetFileType (hFile=0x740) returned 0x1 [0146.033] WriteFile (in: hFile=0x740, lpBuffer=0xc000290160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000401d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290160*, lpNumberOfBytesWritten=0xc000401d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.034] CloseHandle (hObject=0x740) returned 1 [0146.036] WaitForSingleObject (hHandle=0xa50, dwMilliseconds=0xffffffff) returned 0x0 [0146.193] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0146.194] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\VZDot6k.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vzdot6k.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-VZDot6k.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-vzdot6k.lnk"), dwFlags=0x1) returned 1 [0150.665] WaitForSingleObject (hHandle=0xa50, dwMilliseconds=0xffffffff) returned 0x0 [0151.413] SetEvent (hEvent=0xa68) returned 1 [0151.413] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\yhHe_4FFUOdFU932.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\yhhe_4ffuodfu932.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x8a4 [0151.414] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc00048bcf4 | out: lpMode=0xc00048bcf4) returned 0 [0151.428] WaitForSingleObject (hHandle=0xa50, dwMilliseconds=0xffffffff) returned 0x0 [0152.128] WaitForSingleObject (hHandle=0xa50, dwMilliseconds=0xffffffff) returned 0x0 [0152.131] SetEvent (hEvent=0xb50) returned 1 [0152.131] WaitForSingleObject (hHandle=0xa50, dwMilliseconds=0xffffffff) returned 0x0 [0152.171] SetEvent (hEvent=0xc6c) returned 1 [0152.171] WaitForSingleObject (hHandle=0xa50, dwMilliseconds=0xffffffff) returned 0x0 [0161.419] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\PF7RnC.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\pf7rnc.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0161.989] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000349cf4 | out: lpMode=0xc000349cf4) returned 0 [0162.220] GetFileType (hFile=0x36c) returned 0x1 [0162.220] GetFileType (hFile=0x36c) returned 0x1 [0162.221] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc000349d44 | out: lpFileInformation=0xc000349d44) returned 1 [0162.221] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc000349d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000349d28) returned 1 [0162.221] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0162.222] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0162.226] ReadFile (in: hFile=0x36c, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0xdee7, lpNumberOfBytesRead=0xc000349c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc000349c04*=0xdce7, lpOverlapped=0x0) returned 1 [0162.228] ReadFile (in: hFile=0x36c, lpBuffer=0xc000267ce7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000349c04, lpOverlapped=0x0 | out: lpBuffer=0xc000267ce7*, lpNumberOfBytesRead=0xc000349c04*=0x0, lpOverlapped=0x0) returned 1 [0162.228] CloseHandle (hObject=0x36c) returned 1 [0162.228] VirtualAlloc (lpAddress=0xc000498000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0162.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\PF7RnC.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\pf7rnc.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0162.234] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000349d04 | out: lpMode=0xc000349d04) returned 0 [0162.417] WaitForSingleObject (hHandle=0xa50, dwMilliseconds=0xffffffff) returned 0x0 [0162.587] SetEvent (hEvent=0xb60) returned 1 [0162.587] WaitForSingleObject (hHandle=0xa50, dwMilliseconds=0xffffffff) returned 0x0 [0163.633] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c40c0*, nNumberOfCharsToWrite=0x5b, lpNumberOfCharsWritten=0xc0003ad808, lpReserved=0x0 | out: lpBuffer=0xc0000c40c0*, lpNumberOfCharsWritten=0xc0003ad808*=0x5b) returned 1 [0163.634] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533c01 | out: pbBuffer=0xc000533c01) returned 1 [0163.634] VirtualAlloc (lpAddress=0xc000216000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000216000 [0163.635] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0166.394] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms\\*", lpFindFileData=0xc0003ada68 | out: lpFindFileData=0xc0003ada68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0166.394] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0003ad720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0166.394] WaitForSingleObject (hHandle=0xa50, dwMilliseconds=0xffffffff) Thread: id = 138 os_tid = 0x7a8 [0142.031] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3813fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3813fea0*=0x6a8) returned 1 [0142.032] VirtualQuery (in: lpAddress=0x3813fec0, lpBuffer=0x3813fec0, dwLength=0x30 | out: lpBuffer=0x3813fec0*(BaseAddress=0x3813f000, AllocationBase=0x37f40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.032] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cLHsCJaGwG6vjGL.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\clhscjagwg6vjgl.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6ac [0142.033] GetConsoleMode (in: hConsoleHandle=0x6ac, lpMode=0xc000435cf4 | out: lpMode=0xc000435cf4) returned 0 [0142.033] GetFileType (hFile=0x6ac) returned 0x1 [0142.033] GetFileType (hFile=0x6ac) returned 0x1 [0142.034] GetFileInformationByHandle (in: hFile=0x6ac, lpFileInformation=0xc000435d44 | out: lpFileInformation=0xc000435d44) returned 1 [0142.034] GetFileInformationByHandleEx (in: hFile=0x6ac, FileInformationClass=0x9, lpFileInformation=0xc000435d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000435d28) returned 1 [0142.034] ReadFile (in: hFile=0x6ac, lpBuffer=0xc0002e8f00, nNumberOfBytesToRead=0x219e, lpNumberOfBytesRead=0xc000435c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002e8f00*, lpNumberOfBytesRead=0xc000435c04*=0x1f9e, lpOverlapped=0x0) returned 1 [0142.728] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa58 [0142.728] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa5c [0142.728] WaitForSingleObject (hHandle=0xa58, dwMilliseconds=0xffffffff) returned 0x0 [0143.749] ReadFile (in: hFile=0x6ac, lpBuffer=0xc0002eae9e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000435c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002eae9e*, lpNumberOfBytesRead=0xc000435c04*=0x0, lpOverlapped=0x0) returned 1 [0143.749] CloseHandle (hObject=0x6ac) returned 1 [0143.749] VirtualAlloc (lpAddress=0xc0006f2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006f2000 [0143.752] VirtualAlloc (lpAddress=0xc0006f4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006f4000 [0143.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cLHsCJaGwG6vjGL.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\clhscjagwg6vjgl.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x850 [0143.782] WaitForSingleObject (hHandle=0xa58, dwMilliseconds=0xffffffff) returned 0x0 [0144.250] GetConsoleMode (in: hConsoleHandle=0x850, lpMode=0xc000435d04 | out: lpMode=0xc000435d04) returned 0 [0144.256] GetFileType (hFile=0x850) returned 0x1 [0144.256] WriteFile (in: hFile=0x850, lpBuffer=0xc0006f2000*, nNumberOfBytesToWrite=0x1fa0, lpNumberOfBytesWritten=0xc000435cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006f2000*, lpNumberOfBytesWritten=0xc000435cec*=0x1fa0, lpOverlapped=0x0) returned 1 [0144.258] CloseHandle (hObject=0x850) returned 1 [0144.259] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0144.259] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0144.260] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cLHsCJaGwG6vjGL.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\clhscjagwg6vjgl.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x850 [0144.261] GetConsoleMode (in: hConsoleHandle=0x850, lpMode=0xc000435d64 | out: lpMode=0xc000435d64) returned 0 [0144.262] WaitForSingleObject (hHandle=0xa58, dwMilliseconds=0xffffffff) returned 0x0 [0144.620] GetFileType (hFile=0x850) returned 0x1 [0144.620] WriteFile (in: hFile=0x850, lpBuffer=0xc000682b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000435d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000682b00*, lpNumberOfBytesWritten=0xc000435d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.620] CloseHandle (hObject=0x850) returned 1 [0144.621] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cLHsCJaGwG6vjGL.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\clhscjagwg6vjgl.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-cLHsCJaGwG6vjGL.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-clhscjagwg6vjgl.lnk"), dwFlags=0x1) returned 1 [0144.623] SetEvent (hEvent=0x9a8) returned 1 [0144.623] WaitForSingleObject (hHandle=0xa58, dwMilliseconds=0xffffffff) returned 0x0 [0144.627] SetEvent (hEvent=0xc24) returned 1 [0144.627] WaitForSingleObject (hHandle=0xa58, dwMilliseconds=0xffffffff) returned 0x0 [0145.934] SetEvent (hEvent=0xc6c) returned 1 [0145.934] WaitForSingleObject (hHandle=0xa58, dwMilliseconds=0xffffffff) returned 0x0 [0145.942] GetFileType (hFile=0x380) returned 0x1 [0145.942] WriteFile (in: hFile=0x380, lpBuffer=0xc000742a80*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0xc00040dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000742a80*, lpNumberOfBytesWritten=0xc00040dcec*=0xa50, lpOverlapped=0x0) returned 1 [0145.943] CloseHandle (hObject=0x380) returned 1 [0145.949] WaitForSingleObject (hHandle=0xa58, dwMilliseconds=0xffffffff) returned 0x0 [0146.190] SetEvent (hEvent=0xa80) returned 1 [0146.190] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1701 | out: pbBuffer=0xc0000e1701) returned 1 [0146.190] WaitForSingleObject (hHandle=0xa58, dwMilliseconds=0xffffffff) returned 0x0 [0146.288] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wfqsgh z BG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wfqsgh z bg.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x880 [0146.288] GetConsoleMode (in: hConsoleHandle=0x880, lpMode=0xc00040dd64 | out: lpMode=0xc00040dd64) returned 0 [0146.293] WaitForSingleObject (hHandle=0xa58, dwMilliseconds=0xffffffff) returned 0x0 [0146.334] SetEvent (hEvent=0xc24) returned 1 [0146.335] GetFileType (hFile=0x880) returned 0x1 [0146.335] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0146.336] WriteFile (in: hFile=0x880, lpBuffer=0xc000050000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00040dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesWritten=0xc00040dd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.336] CloseHandle (hObject=0x880) returned 1 [0146.340] WaitForSingleObject (hHandle=0xa58, dwMilliseconds=0xffffffff) returned 0x0 [0146.352] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wfqsgh z BG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wfqsgh z bg.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-Wfqsgh z BG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-wfqsgh z bg.lnk"), dwFlags=0x1) returned 1 [0150.659] WaitForSingleObject (hHandle=0xa58, dwMilliseconds=0xffffffff) returned 0x0 [0161.770] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586988*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000369818, lpReserved=0x0 | out: lpBuffer=0xc000586988*, lpNumberOfCharsWritten=0xc000369818*=0x4) returned 1 [0161.776] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005869e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004a9818, lpReserved=0x0 | out: lpBuffer=0xc0005869e0*, lpNumberOfCharsWritten=0xc0004a9818*=0x4) returned 1 [0161.777] SetEvent (hEvent=0x320) returned 1 [0161.777] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005869e8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004ab818, lpReserved=0x0 | out: lpBuffer=0xc0005869e8*, lpNumberOfCharsWritten=0xc0004ab818*=0x4) returned 1 [0161.778] SetEvent (hEvent=0x320) returned 1 [0161.778] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005869f0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004af818, lpReserved=0x0 | out: lpBuffer=0xc0005869f0*, lpNumberOfCharsWritten=0xc0004af818*=0x4) returned 1 [0161.780] SetEvent (hEvent=0x320) returned 1 [0161.780] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005869f8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004e7818, lpReserved=0x0 | out: lpBuffer=0xc0005869f8*, lpNumberOfCharsWritten=0xc0004e7818*=0x4) returned 1 [0161.781] SetEvent (hEvent=0x320) returned 1 [0161.782] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586a00*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004b7818, lpReserved=0x0 | out: lpBuffer=0xc000586a00*, lpNumberOfCharsWritten=0xc0004b7818*=0x4) returned 1 [0161.783] SetEvent (hEvent=0x320) returned 1 [0161.783] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586a08*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004b3818, lpReserved=0x0 | out: lpBuffer=0xc000586a08*, lpNumberOfCharsWritten=0xc0004b3818*=0x4) returned 1 [0161.785] SetEvent (hEvent=0x320) returned 1 [0161.785] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586a10*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004bf818, lpReserved=0x0 | out: lpBuffer=0xc000586a10*, lpNumberOfCharsWritten=0xc0004bf818*=0x4) returned 1 [0161.786] SetEvent (hEvent=0x320) returned 1 [0161.786] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586a18*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004bd818, lpReserved=0x0 | out: lpBuffer=0xc000586a18*, lpNumberOfCharsWritten=0xc0004bd818*=0x4) returned 1 [0161.788] SetEvent (hEvent=0x320) returned 1 [0161.788] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586a20*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004e5818, lpReserved=0x0 | out: lpBuffer=0xc000586a20*, lpNumberOfCharsWritten=0xc0004e5818*=0x4) returned 1 [0161.789] SetEvent (hEvent=0x320) returned 1 [0161.789] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586a28*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004bb818, lpReserved=0x0 | out: lpBuffer=0xc000586a28*, lpNumberOfCharsWritten=0xc0004bb818*=0x4) returned 1 [0161.791] SetEvent (hEvent=0x320) returned 1 [0161.791] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586a30*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004e1818, lpReserved=0x0 | out: lpBuffer=0xc000586a30*, lpNumberOfCharsWritten=0xc0004e1818*=0x4) returned 1 [0161.792] SetEvent (hEvent=0x320) returned 1 [0161.792] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586a38*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004ed818, lpReserved=0x0 | out: lpBuffer=0xc000586a38*, lpNumberOfCharsWritten=0xc0004ed818*=0x4) returned 1 [0161.793] SetEvent (hEvent=0x320) returned 1 [0161.793] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586a40*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004ef818, lpReserved=0x0 | out: lpBuffer=0xc000586a40*, lpNumberOfCharsWritten=0xc0004ef818*=0x4) returned 1 [0161.794] SetEvent (hEvent=0x980) returned 1 [0161.795] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0840*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004eb818, lpReserved=0x0 | out: lpBuffer=0xc0000a0840*, lpNumberOfCharsWritten=0xc0004eb818*=0x4) returned 1 [0161.796] SetEvent (hEvent=0x980) returned 1 [0161.796] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000107a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004f7818, lpReserved=0x0 | out: lpBuffer=0xc0000107a0*, lpNumberOfCharsWritten=0xc0004f7818*=0x4) returned 1 [0161.798] SetEvent (hEvent=0x320) returned 1 [0161.798] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0848*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004ff818, lpReserved=0x0 | out: lpBuffer=0xc0000a0848*, lpNumberOfCharsWritten=0xc0004ff818*=0x4) returned 1 [0161.799] SetEvent (hEvent=0x320) returned 1 [0161.799] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586a48*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004f1818, lpReserved=0x0 | out: lpBuffer=0xc000586a48*, lpNumberOfCharsWritten=0xc0004f1818*=0x4) returned 1 [0161.801] SetEvent (hEvent=0x980) returned 1 [0161.801] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0850*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004f3818, lpReserved=0x0 | out: lpBuffer=0xc0000a0850*, lpNumberOfCharsWritten=0xc0004f3818*=0x4) returned 1 [0161.802] SetEvent (hEvent=0x980) returned 1 [0161.802] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0858*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000505818, lpReserved=0x0 | out: lpBuffer=0xc0000a0858*, lpNumberOfCharsWritten=0xc000505818*=0x4) returned 1 [0161.803] SetEvent (hEvent=0x980) returned 1 [0161.803] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000107a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004fb818, lpReserved=0x0 | out: lpBuffer=0xc0000107a8*, lpNumberOfCharsWritten=0xc0004fb818*=0x4) returned 1 [0161.804] SetEvent (hEvent=0x320) returned 1 [0161.805] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001b2d80*, nNumberOfCharsToWrite=0x84, lpNumberOfCharsWritten=0xc000515808, lpReserved=0x0 | out: lpBuffer=0xc0001b2d80*, lpNumberOfCharsWritten=0xc000515808*=0x84) returned 1 [0161.806] SetEvent (hEvent=0x320) returned 1 [0161.806] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.045] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1\\*", lpFindFileData=0xc000515a08 | out: lpFindFileData=0xc000515a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.045] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000515720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.045] WaitForSingleObject (hHandle=0xa58, dwMilliseconds=0xffffffff) Thread: id = 139 os_tid = 0xa64 [0142.035] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3833fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3833fea0*=0x6b0) returned 1 [0142.035] VirtualQuery (in: lpAddress=0x3833fec0, lpBuffer=0x3833fec0, dwLength=0x30 | out: lpBuffer=0x3833fec0*(BaseAddress=0x3833f000, AllocationBase=0x38140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LelFc_r3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lelfc_r3.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6b4 [0142.036] GetConsoleMode (in: hConsoleHandle=0x6b4, lpMode=0xc0003bfcf4 | out: lpMode=0xc0003bfcf4) returned 0 [0142.039] GetFileType (hFile=0x6b4) returned 0x1 [0142.039] VirtualAlloc (lpAddress=0xc00047e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00047e000 [0142.041] GetFileType (hFile=0x6b4) returned 0x1 [0142.041] GetFileInformationByHandle (in: hFile=0x6b4, lpFileInformation=0xc0003bfd44 | out: lpFileInformation=0xc0003bfd44) returned 1 [0142.041] GetFileInformationByHandleEx (in: hFile=0x6b4, FileInformationClass=0x9, lpFileInformation=0xc0003bfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003bfd28) returned 1 [0142.041] VirtualAlloc (lpAddress=0xc0004d6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004d6000 [0142.042] ReadFile (in: hFile=0x6b4, lpBuffer=0xc0004d6000, nNumberOfBytesToRead=0x1b78, lpNumberOfBytesRead=0xc0003bfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004d6000*, lpNumberOfBytesRead=0xc0003bfc04*=0x1978, lpOverlapped=0x0) returned 1 [0142.730] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa60 [0142.730] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa64 [0142.730] WaitForSingleObject (hHandle=0xa60, dwMilliseconds=0xffffffff) returned 0x0 [0143.776] ReadFile (in: hFile=0x6b4, lpBuffer=0xc0004d7978, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003bfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004d7978*, lpNumberOfBytesRead=0xc0003bfc04*=0x0, lpOverlapped=0x0) returned 1 [0143.776] CloseHandle (hObject=0x6b4) returned 1 [0143.777] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LelFc_r3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lelfc_r3.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6b8 [0143.792] GetConsoleMode (in: hConsoleHandle=0x6b8, lpMode=0xc0003bfd04 | out: lpMode=0xc0003bfd04) returned 0 [0143.800] GetFileType (hFile=0x6b8) returned 0x1 [0143.800] WriteFile (in: hFile=0x6b8, lpBuffer=0xc0006e7300*, nNumberOfBytesToWrite=0x1980, lpNumberOfBytesWritten=0xc0003bfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0006e7300*, lpNumberOfBytesWritten=0xc0003bfcec*=0x1980, lpOverlapped=0x0) returned 1 [0143.801] CloseHandle (hObject=0x6b8) returned 1 [0143.810] WaitForSingleObject (hHandle=0xa60, dwMilliseconds=0xffffffff) returned 0x0 [0144.309] SetEvent (hEvent=0xc0) returned 1 [0144.309] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0144.310] WaitForSingleObject (hHandle=0xa60, dwMilliseconds=0xffffffff) returned 0x0 [0144.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LelFc_r3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lelfc_r3.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x598 [0144.667] GetConsoleMode (in: hConsoleHandle=0x598, lpMode=0xc0003bfd64 | out: lpMode=0xc0003bfd64) returned 0 [0144.678] WaitForSingleObject (hHandle=0xa60, dwMilliseconds=0xffffffff) returned 0x0 [0145.339] GetFileType (hFile=0x598) returned 0x1 [0145.340] WriteFile (in: hFile=0x598, lpBuffer=0xc00007fce0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003bfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007fce0*, lpNumberOfBytesWritten=0xc0003bfd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.340] CloseHandle (hObject=0x598) returned 1 [0145.342] WaitForSingleObject (hHandle=0xa60, dwMilliseconds=0xffffffff) returned 0x0 [0145.858] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\LelFc_r3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\lelfc_r3.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-LelFc_r3.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-lelfc_r3.lnk"), dwFlags=0x1) returned 1 [0150.666] WaitForSingleObject (hHandle=0xa60, dwMilliseconds=0xffffffff) returned 0x0 [0151.362] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\IRGFUbZDrY001k.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\irgfubzdry001k.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x768 [0151.363] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc00013fcf4 | out: lpMode=0xc00013fcf4) returned 0 [0151.369] GetFileType (hFile=0x768) returned 0x1 [0151.369] GetFileType (hFile=0x768) returned 0x1 [0151.369] GetFileInformationByHandle (in: hFile=0x768, lpFileInformation=0xc00013fd44 | out: lpFileInformation=0xc00013fd44) returned 1 [0151.369] GetFileInformationByHandleEx (in: hFile=0x768, FileInformationClass=0x9, lpFileInformation=0xc00013fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00013fd28) returned 1 [0151.369] ReadFile (in: hFile=0x768, lpBuffer=0xc00028c000, nNumberOfBytesToRead=0xb53e, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesRead=0xc00013fc04*=0xb33e, lpOverlapped=0x0) returned 1 [0151.370] ReadFile (in: hFile=0x768, lpBuffer=0xc00029733e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00013fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00029733e*, lpNumberOfBytesRead=0xc00013fc04*=0x0, lpOverlapped=0x0) returned 1 [0151.370] CloseHandle (hObject=0x768) returned 1 [0151.371] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\IRGFUbZDrY001k.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\irgfubzdry001k.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x768 [0151.372] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc00013fd04 | out: lpMode=0xc00013fd04) returned 0 [0151.393] GetFileType (hFile=0x768) returned 0x1 [0151.393] WriteFile (in: hFile=0x768, lpBuffer=0xc0002e2000*, nNumberOfBytesToWrite=0xb340, lpNumberOfBytesWritten=0xc00013fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002e2000*, lpNumberOfBytesWritten=0xc00013fcec*=0xb340, lpOverlapped=0x0) returned 1 [0151.397] CloseHandle (hObject=0x768) returned 1 [0151.397] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0151.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\IRGFUbZDrY001k.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\irgfubzdry001k.xlsx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x768 [0151.397] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc00013fd64 | out: lpMode=0xc00013fd64) returned 0 [0151.405] WaitForSingleObject (hHandle=0xa60, dwMilliseconds=0xffffffff) returned 0x0 [0151.814] GetFileType (hFile=0x768) returned 0x1 [0151.815] WriteFile (in: hFile=0x768, lpBuffer=0xc000284580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00013fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284580*, lpNumberOfBytesWritten=0xc00013fd4c*=0x158, lpOverlapped=0x0) returned 1 [0151.815] CloseHandle (hObject=0x768) returned 1 [0151.815] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\IRGFUbZDrY001k.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\irgfubzdry001k.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-IRGFUbZDrY001k.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-irgfubzdry001k.xlsx"), dwFlags=0x1) returned 1 [0151.817] SetEvent (hEvent=0xb18) returned 1 [0151.817] WaitForSingleObject (hHandle=0xa60, dwMilliseconds=0xffffffff) returned 0x0 [0151.833] SetEvent (hEvent=0xa68) returned 1 [0151.833] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x768 [0151.834] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc00043fcf4 | out: lpMode=0xc00043fcf4) returned 0 [0151.869] WaitForSingleObject (hHandle=0xa60, dwMilliseconds=0xffffffff) returned 0x0 [0152.175] SetEvent (hEvent=0x9c8) returned 1 [0152.176] WaitForSingleObject (hHandle=0xa60, dwMilliseconds=0xffffffff) returned 0x0 [0161.394] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\m6SCx-BQNd.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\m6scx-bqnd.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3d0 [0161.996] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc000507cf4 | out: lpMode=0xc000507cf4) returned 0 [0162.322] GetFileType (hFile=0x3d0) returned 0x1 [0162.322] GetFileType (hFile=0x3d0) returned 0x1 [0162.322] GetFileInformationByHandle (in: hFile=0x3d0, lpFileInformation=0xc000507d44 | out: lpFileInformation=0xc000507d44) returned 1 [0162.322] GetFileInformationByHandleEx (in: hFile=0x3d0, FileInformationClass=0x9, lpFileInformation=0xc000507d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000507d28) returned 1 [0162.322] ReadFile (in: hFile=0x3d0, lpBuffer=0xc000180000, nNumberOfBytesToRead=0x5b32, lpNumberOfBytesRead=0xc000507c04, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesRead=0xc000507c04*=0x5932, lpOverlapped=0x0) returned 1 [0162.324] ReadFile (in: hFile=0x3d0, lpBuffer=0xc000185932, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000507c04, lpOverlapped=0x0 | out: lpBuffer=0xc000185932*, lpNumberOfBytesRead=0xc000507c04*=0x0, lpOverlapped=0x0) returned 1 [0162.324] CloseHandle (hObject=0x3d0) returned 1 [0162.324] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0162.325] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0162.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\m6SCx-BQNd.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\m6scx-bqnd.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0162.328] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc000507d04 | out: lpMode=0xc000507d04) returned 0 [0162.419] WaitForSingleObject (hHandle=0xa60, dwMilliseconds=0xffffffff) returned 0x0 [0162.590] SetEvent (hEvent=0xb70) returned 1 [0162.590] WaitForSingleObject (hHandle=0xa60, dwMilliseconds=0xffffffff) returned 0x0 [0163.604] WriteFile (in: hFile=0x374, lpBuffer=0xc00058e000*, nNumberOfBytesToWrite=0x13ed0, lpNumberOfBytesWritten=0xc00034bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesWritten=0xc00034bcec*=0x13ed0, lpOverlapped=0x0) returned 1 [0166.701] WaitForSingleObject (hHandle=0xa60, dwMilliseconds=0xffffffff) returned 0x0 [0166.849] CloseHandle (hObject=0x374) returned 1 [0166.886] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0401 | out: pbBuffer=0xc0002f0401) returned 1 [0166.886] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\MMjUHDiGq7OE.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\mmjuhdigq7oe.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x728 [0166.886] GetConsoleMode (in: hConsoleHandle=0x728, lpMode=0xc00034bd64 | out: lpMode=0xc00034bd64) returned 0 [0166.895] WaitForSingleObject (hHandle=0xa60, dwMilliseconds=0xffffffff) returned 0x0 [0167.008] SetEvent (hEvent=0xa10) returned 1 [0167.008] GetFileType (hFile=0x728) returned 0x1 [0167.008] WaitForSingleObject (hHandle=0xa60, dwMilliseconds=0xffffffff) returned 0x0 [0167.068] WriteFile (in: hFile=0x728, lpBuffer=0xc0000c2000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00034bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000c2000*, lpNumberOfBytesWritten=0xc00034bd4c*=0x158, lpOverlapped=0x0) returned 1 [0167.069] CloseHandle (hObject=0x728) returned 1 [0167.069] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\MMjUHDiGq7OE.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\mmjuhdigq7oe.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\encry-MMjUHDiGq7OE.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\encry-mmjuhdigq7oe.jpg"), dwFlags=0x1) returned 1 [0167.387] WaitForSingleObject (hHandle=0xa60, dwMilliseconds=0xffffffff) Thread: id = 140 os_tid = 0xa54 [0142.045] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3853fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3853fea0*=0x69c) returned 1 [0142.046] VirtualQuery (in: lpAddress=0x3853fec0, lpBuffer=0x3853fec0, dwLength=0x30 | out: lpBuffer=0x3853fec0*(BaseAddress=0x3853f000, AllocationBase=0x38340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.046] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YO_gGIZglHHyF 7e.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yo_ggizglhhyf 7e.mkv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6b8 [0142.047] GetConsoleMode (in: hConsoleHandle=0x6b8, lpMode=0xc000427cf4 | out: lpMode=0xc000427cf4) returned 0 [0142.055] GetFileType (hFile=0x6b8) returned 0x1 [0142.055] GetFileType (hFile=0x6b8) returned 0x1 [0142.055] GetFileInformationByHandle (in: hFile=0x6b8, lpFileInformation=0xc000427d44 | out: lpFileInformation=0xc000427d44) returned 1 [0142.055] GetFileInformationByHandleEx (in: hFile=0x6b8, FileInformationClass=0x9, lpFileInformation=0xc000427d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000427d28) returned 1 [0142.055] ReadFile (in: hFile=0x6b8, lpBuffer=0xc000335900, nNumberOfBytesToRead=0x111b, lpNumberOfBytesRead=0xc000427c04, lpOverlapped=0x0 | out: lpBuffer=0xc000335900*, lpNumberOfBytesRead=0xc000427c04*=0xf1b, lpOverlapped=0x0) returned 1 [0142.732] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa70 [0142.732] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa74 [0142.732] WaitForSingleObject (hHandle=0xa70, dwMilliseconds=0xffffffff) returned 0x0 [0143.787] ReadFile (in: hFile=0x6b8, lpBuffer=0xc00033681b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000427c04, lpOverlapped=0x0 | out: lpBuffer=0xc00033681b*, lpNumberOfBytesRead=0xc000427c04*=0x0, lpOverlapped=0x0) returned 1 [0143.787] CloseHandle (hObject=0x6b8) returned 1 [0143.787] VirtualAlloc (lpAddress=0xc0006f6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006f6000 [0143.789] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YO_gGIZglHHyF 7e.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yo_ggizglhhyf 7e.mkv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0143.812] WaitForSingleObject (hHandle=0xa70, dwMilliseconds=0xffffffff) returned 0x0 [0144.325] GetConsoleMode (in: hConsoleHandle=0x854, lpMode=0xc000427d04 | out: lpMode=0xc000427d04) returned 0 [0144.325] WaitForSingleObject (hHandle=0xa70, dwMilliseconds=0xffffffff) returned 0x0 [0144.662] WaitForSingleObject (hHandle=0xa70, dwMilliseconds=0xffffffff) returned 0x0 [0144.663] SetEvent (hEvent=0x1c4) returned 1 [0144.663] WaitForSingleObject (hHandle=0xa70, dwMilliseconds=0xffffffff) returned 0x0 [0144.679] SetEvent (hEvent=0x1f8) returned 1 [0144.679] WaitForSingleObject (hHandle=0xa70, dwMilliseconds=0xffffffff) returned 0x0 [0145.800] GetFileType (hFile=0x5d8) returned 0x1 [0145.800] WriteFile (in: hFile=0x5d8, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00040bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc00040bd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.801] CloseHandle (hObject=0x5d8) returned 1 [0145.806] WaitForSingleObject (hHandle=0xa70, dwMilliseconds=0xffffffff) returned 0x0 [0146.097] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0146.098] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0146.099] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WffK55LsjI-.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wffk55lsji-.ots.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-WffK55LsjI-.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-wffk55lsji-.ots.lnk"), dwFlags=0x1) returned 1 [0150.657] WaitForSingleObject (hHandle=0xa70, dwMilliseconds=0xffffffff) returned 0x0 [0161.810] WaitForSingleObject (hHandle=0xa70, dwMilliseconds=0xffffffff) returned 0x0 [0161.812] WaitForSingleObject (hHandle=0xa70, dwMilliseconds=0xffffffff) returned 0x0 [0161.813] WaitForSingleObject (hHandle=0xa70, dwMilliseconds=0xffffffff) returned 0x0 [0161.814] WaitForSingleObject (hHandle=0xa70, dwMilliseconds=0xffffffff) returned 0x0 [0161.815] WaitForSingleObject (hHandle=0xa70, dwMilliseconds=0xffffffff) returned 0x0 [0161.816] WaitForSingleObject (hHandle=0xa70, dwMilliseconds=0xffffffff) returned 0x0 [0161.817] SetEvent (hEvent=0xc0c) returned 1 [0161.817] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00007a680*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0xc0002f9808, lpReserved=0x0 | out: lpBuffer=0xc00007a680*, lpNumberOfCharsWritten=0xc0002f9808*=0x3e) returned 1 [0161.818] SetEvent (hEvent=0xc0c) returned 1 [0161.818] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\nethood"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.043] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0xc0002f9a08 | out: lpFindFileData=0xc0002f9a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.043] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002f9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.044] WaitForSingleObject (hHandle=0xa70, dwMilliseconds=0xffffffff) Thread: id = 141 os_tid = 0xab4 [0142.055] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3873fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3873fea0*=0x6c0) returned 1 [0142.055] VirtualQuery (in: lpAddress=0x3873fec0, lpBuffer=0x3873fec0, dwLength=0x30 | out: lpBuffer=0x3873fec0*(BaseAddress=0x3873f000, AllocationBase=0x38540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.055] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WffK55LsjI-.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wffk55lsji-.ots.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6c4 [0142.056] GetConsoleMode (in: hConsoleHandle=0x6c4, lpMode=0xc00040bcf4 | out: lpMode=0xc00040bcf4) returned 0 [0142.057] GetFileType (hFile=0x6c4) returned 0x1 [0142.057] GetFileType (hFile=0x6c4) returned 0x1 [0142.057] GetFileInformationByHandle (in: hFile=0x6c4, lpFileInformation=0xc00040bd44 | out: lpFileInformation=0xc00040bd44) returned 1 [0142.057] GetFileInformationByHandleEx (in: hFile=0x6c4, FileInformationClass=0x9, lpFileInformation=0xc00040bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00040bd28) returned 1 [0142.057] ReadFile (in: hFile=0x6c4, lpBuffer=0xc00027c500, nNumberOfBytesToRead=0x4e0, lpNumberOfBytesRead=0xc00040bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c500*, lpNumberOfBytesRead=0xc00040bc04*=0x2e0, lpOverlapped=0x0) returned 1 [0142.733] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa78 [0142.733] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa7c [0142.733] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0143.813] ReadFile (in: hFile=0x6c4, lpBuffer=0xc00027c7e0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00040bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c7e0*, lpNumberOfBytesRead=0xc00040bc04*=0x0, lpOverlapped=0x0) returned 1 [0143.813] CloseHandle (hObject=0x6c4) returned 1 [0143.813] VirtualAlloc (lpAddress=0xc0006f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006f8000 [0143.815] VirtualAlloc (lpAddress=0xc0006fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006fa000 [0143.816] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WffK55LsjI-.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wffk55lsji-.ots.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0143.826] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc00040bd04 | out: lpMode=0xc00040bd04) returned 0 [0143.828] GetFileType (hFile=0x3bc) returned 0x1 [0143.829] WriteFile (in: hFile=0x3bc, lpBuffer=0xc0006f8000*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0xc00040bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0006f8000*, lpNumberOfBytesWritten=0xc00040bcec*=0x2f0, lpOverlapped=0x0) returned 1 [0143.831] CloseHandle (hObject=0x3bc) returned 1 [0143.835] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0144.349] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b301 | out: pbBuffer=0xc00031b301) returned 1 [0144.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\WffK55LsjI-.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wffk55lsji-.ots.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0144.349] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc00040bd64 | out: lpMode=0xc00040bd64) returned 0 [0144.354] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0144.795] SetEvent (hEvent=0x3c4) returned 1 [0144.795] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0144.820] SetEvent (hEvent=0x43c) returned 1 [0144.820] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0144.827] SetEvent (hEvent=0xc44) returned 1 [0144.827] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0144.906] SetEvent (hEvent=0xa40) returned 1 [0144.906] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0144.916] SetEvent (hEvent=0xb20) returned 1 [0144.916] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0145.028] SetEvent (hEvent=0x304) returned 1 [0145.029] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0145.273] SetEvent (hEvent=0x960) returned 1 [0145.273] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0145.320] SetEvent (hEvent=0x318) returned 1 [0145.320] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0145.331] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.332] VirtualFree (lpAddress=0xc00025c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.333] VirtualFree (lpAddress=0xc000220000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.334] VirtualFree (lpAddress=0xc000218000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.334] VirtualFree (lpAddress=0xc000202000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0145.335] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.336] VirtualFree (lpAddress=0xc000184000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.337] SetEvent (hEvent=0xa60) returned 1 [0145.337] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0145.344] SetEvent (hEvent=0x2f4) returned 1 [0145.344] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0145.373] SetEvent (hEvent=0x988) returned 1 [0145.373] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0145.395] SetEvent (hEvent=0x35c) returned 1 [0145.395] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0145.417] GetFileType (hFile=0x854) returned 0x1 [0145.417] WriteFile (in: hFile=0x854, lpBuffer=0xc000763000*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0xc000427cec, lpOverlapped=0x0 | out: lpBuffer=0xc000763000*, lpNumberOfBytesWritten=0xc000427cec*=0xf20, lpOverlapped=0x0) returned 1 [0145.418] CloseHandle (hObject=0x854) returned 1 [0145.427] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0145.427] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YO_gGIZglHHyF 7e.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yo_ggizglhhyf 7e.mkv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6ac [0145.428] GetConsoleMode (in: hConsoleHandle=0x6ac, lpMode=0xc000427d64 | out: lpMode=0xc000427d64) returned 0 [0145.430] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0146.048] GetFileType (hFile=0x6ac) returned 0x1 [0146.048] WriteFile (in: hFile=0x6ac, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000427d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc000427d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.049] CloseHandle (hObject=0x6ac) returned 1 [0146.075] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0146.189] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\YO_gGIZglHHyF 7e.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yo_ggizglhhyf 7e.mkv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-YO_gGIZglHHyF 7e.mkv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-yo_ggizglhhyf 7e.mkv.lnk"), dwFlags=0x1) returned 1 [0150.477] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3873f698, ulCount=0x10, ulNumEntriesRemoved=0x3873f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3873f698, ulNumEntriesRemoved=0x3873f66c) returned 0 [0150.477] SetEvent (hEvent=0xb50) returned 1 [0150.478] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3873fe08*=0xa78, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.480] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0150.480] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3873f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3873f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3873f6a0, ulNumEntriesRemoved=0x3873f674) returned 0 [0150.480] SetEvent (hEvent=0xb50) returned 1 [0150.481] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3873fe18*=0xa78, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.503] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0150.503] SetEvent (hEvent=0xbb0) returned 1 [0150.503] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0150.508] SetEvent (hEvent=0xa48) returned 1 [0150.509] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0150.585] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0161.837] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0161.839] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0161.840] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0161.841] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0161.842] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0161.844] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) returned 0x0 [0161.845] WaitForSingleObject (hHandle=0xa78, dwMilliseconds=0xffffffff) Thread: id = 142 os_tid = 0xb24 [0142.066] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3893fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3893fea0*=0x6c8) returned 1 [0142.066] VirtualQuery (in: lpAddress=0x3893fec0, lpBuffer=0x3893fec0, dwLength=0x30 | out: lpBuffer=0x3893fec0*(BaseAddress=0x3893f000, AllocationBase=0x38740000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.066] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cwHJA1yE5fN.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cwhja1ye5fn.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6cc [0142.067] GetConsoleMode (in: hConsoleHandle=0x6cc, lpMode=0xc00043fcf4 | out: lpMode=0xc00043fcf4) returned 0 [0142.067] GetFileType (hFile=0x6cc) returned 0x1 [0142.067] GetFileType (hFile=0x6cc) returned 0x1 [0142.067] GetFileInformationByHandle (in: hFile=0x6cc, lpFileInformation=0xc00043fd44 | out: lpFileInformation=0xc00043fd44) returned 1 [0142.068] GetFileInformationByHandleEx (in: hFile=0x6cc, FileInformationClass=0x9, lpFileInformation=0xc00043fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00043fd28) returned 1 [0142.068] ReadFile (in: hFile=0x6cc, lpBuffer=0xc000120d80, nNumberOfBytesToRead=0x448, lpNumberOfBytesRead=0xc00043fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000120d80*, lpNumberOfBytesRead=0xc00043fc04*=0x248, lpOverlapped=0x0) returned 1 [0142.735] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa80 [0142.735] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa84 [0142.735] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0143.820] ReadFile (in: hFile=0x6cc, lpBuffer=0xc000120fc8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00043fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000120fc8*, lpNumberOfBytesRead=0xc00043fc04*=0x0, lpOverlapped=0x0) returned 1 [0143.820] CloseHandle (hObject=0x6cc) returned 1 [0143.820] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cwHJA1yE5fN.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cwhja1ye5fn.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e4 [0143.842] GetConsoleMode (in: hConsoleHandle=0x3e4, lpMode=0xc00043fd04 | out: lpMode=0xc00043fd04) returned 0 [0143.844] GetFileType (hFile=0x3e4) returned 0x1 [0143.844] WriteFile (in: hFile=0x3e4, lpBuffer=0xc0006ce280*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0xc00043fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0006ce280*, lpNumberOfBytesWritten=0xc00043fcec*=0x250, lpOverlapped=0x0) returned 1 [0143.845] CloseHandle (hObject=0x3e4) returned 1 [0143.852] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0144.376] SetEvent (hEvent=0xc0) returned 1 [0144.376] SetEvent (hEvent=0xbc0) returned 1 [0144.376] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b101 | out: pbBuffer=0xc00031b101) returned 1 [0144.376] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0144.868] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0144.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cwHJA1yE5fN.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cwhja1ye5fn.flv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5ac [0144.870] GetConsoleMode (in: hConsoleHandle=0x5ac, lpMode=0xc00043fd64 | out: lpMode=0xc00043fd64) returned 0 [0144.884] GetFileType (hFile=0x5ac) returned 0x1 [0144.884] WriteFile (in: hFile=0x5ac, lpBuffer=0xc000614f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00043fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614f20*, lpNumberOfBytesWritten=0xc00043fd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.885] CloseHandle (hObject=0x5ac) returned 1 [0144.886] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0144.887] VirtualAlloc (lpAddress=0xc000182000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000182000 [0144.889] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\cwHJA1yE5fN.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cwhja1ye5fn.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-cwHJA1yE5fN.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-cwhja1ye5fn.flv.lnk"), dwFlags=0x1) returned 1 [0146.118] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3893fe30*=0xa80, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.120] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0146.120] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3893f698, ulCount=0x10, ulNumEntriesRemoved=0x3893f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3893f698, ulNumEntriesRemoved=0x3893f66c) returned 0 [0146.120] SetEvent (hEvent=0xc4c) returned 1 [0146.120] SetEvent (hEvent=0xbe0) returned 1 [0146.120] SetEvent (hEvent=0xc54) returned 1 [0146.122] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3893fe08*=0xa80, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.126] SetEvent (hEvent=0xc54) returned 1 [0146.126] SetEvent (hEvent=0xbe0) returned 1 [0146.126] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3893fe08*=0xa80, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.136] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3893fe30*=0xa80, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.139] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3893f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3893f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3893f6a0, ulNumEntriesRemoved=0x3893f674) returned 0 [0146.139] SetEvent (hEvent=0xc0) returned 1 [0146.139] SetEvent (hEvent=0xc54) returned 1 [0146.139] SetEvent (hEvent=0xbe0) returned 1 [0146.139] SetEvent (hEvent=0x39c) returned 1 [0146.139] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3893fe18*=0xa80, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.148] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3893fe30*=0xa80, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.149] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3893f698, ulCount=0x10, ulNumEntriesRemoved=0x3893f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3893f698, ulNumEntriesRemoved=0x3893f66c) returned 0 [0146.149] SetEvent (hEvent=0xb30) returned 1 [0146.149] SetEvent (hEvent=0xb28) returned 1 [0146.149] SetEvent (hEvent=0x39c) returned 1 [0146.150] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3893fe08*=0xa80, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.161] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0146.161] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3893fe08*=0xa80, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.171] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0146.171] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3893fe30*=0xa80, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.172] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0146.172] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3893f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3893f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3893f6a0, ulNumEntriesRemoved=0x3893f674) returned 0 [0146.172] SetEvent (hEvent=0xc0) returned 1 [0146.172] SetEvent (hEvent=0x39c) returned 1 [0146.172] SetEvent (hEvent=0xb48) returned 1 [0146.172] SetEvent (hEvent=0x9a0) returned 1 [0146.172] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3893fe18*=0xa80, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.178] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3893fe30*=0xa80, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.179] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3893f698, ulCount=0x10, ulNumEntriesRemoved=0x3893f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3893f698, ulNumEntriesRemoved=0x3893f66c) returned 0 [0146.179] SetEvent (hEvent=0x9a0) returned 1 [0146.179] SetEvent (hEvent=0xb58) returned 1 [0146.179] SetEvent (hEvent=0x8f8) returned 1 [0146.180] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3893fe08*=0xa80, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.188] SetEvent (hEvent=0x9e8) returned 1 [0146.188] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3893fe08*=0xa80, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.190] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3893fe30*=0xa80, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.190] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3893f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3893f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3893f6a0, ulNumEntriesRemoved=0x3893f674) returned 0 [0146.190] SetEvent (hEvent=0xb58) returned 1 [0146.190] SetEvent (hEvent=0x8f8) returned 1 [0146.190] SetEvent (hEvent=0x9e8) returned 1 [0146.190] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3893fe18*=0xa80, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.193] SetEvent (hEvent=0x9c8) returned 1 [0146.193] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0146.206] VirtualFree (lpAddress=0xc000292000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0146.207] VirtualFree (lpAddress=0xc00028e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.208] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.209] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.209] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0146.210] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.211] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.211] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.212] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.212] SetEvent (hEvent=0x448) returned 1 [0146.212] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0148.066] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0148.068] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0148.068] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0148.069] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\siwYarWYoo8E913xq.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\siwyarwyoo8e913xq.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e4 [0148.070] GetConsoleMode (in: hConsoleHandle=0x3e4, lpMode=0xc0001c5cf4 | out: lpMode=0xc0001c5cf4) returned 0 [0148.071] GetFileType (hFile=0x3e4) returned 0x1 [0148.071] GetFileType (hFile=0x3e4) returned 0x1 [0148.072] GetFileInformationByHandle (in: hFile=0x3e4, lpFileInformation=0xc0001c5d44 | out: lpFileInformation=0xc0001c5d44) returned 1 [0148.072] GetFileInformationByHandleEx (in: hFile=0x3e4, FileInformationClass=0x9, lpFileInformation=0xc0001c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c5d28) returned 1 [0148.072] VirtualAlloc (lpAddress=0xc0005e0000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005e0000 [0148.075] ReadFile (in: hFile=0x3e4, lpBuffer=0xc0005e0000, nNumberOfBytesToRead=0x1441e, lpNumberOfBytesRead=0xc0001c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005e0000*, lpNumberOfBytesRead=0xc0001c5c04*=0x1421e, lpOverlapped=0x0) returned 1 [0148.729] ReadFile (in: hFile=0x3e4, lpBuffer=0xc0005f421e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005f421e*, lpNumberOfBytesRead=0xc0001c5c04*=0x0, lpOverlapped=0x0) returned 1 [0148.729] CloseHandle (hObject=0x3e4) returned 1 [0148.729] VirtualAlloc (lpAddress=0xc0006f2000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006f2000 [0148.733] VirtualAlloc (lpAddress=0xc0003f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f8000 [0148.735] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0148.736] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\siwYarWYoo8E913xq.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\siwyarwyoo8e913xq.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac [0150.633] GetConsoleMode (in: hConsoleHandle=0x4ac, lpMode=0xc0001c5d04 | out: lpMode=0xc0001c5d04) returned 0 [0150.636] GetFileType (hFile=0x4ac) returned 0x1 [0150.636] WriteFile (in: hFile=0x4ac, lpBuffer=0xc0006f2000*, nNumberOfBytesToWrite=0x14220, lpNumberOfBytesWritten=0xc0001c5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006f2000*, lpNumberOfBytesWritten=0xc0001c5cec*=0x14220, lpOverlapped=0x0) returned 1 [0150.639] CloseHandle (hObject=0x4ac) returned 1 [0150.733] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0150.741] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0150.741] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0150.742] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0150.743] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0150.745] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0150.746] VirtualAlloc (lpAddress=0xc00007c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007c000 [0150.747] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0150.748] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0150.749] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0150.750] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\siwYarWYoo8E913xq.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\siwyarwyoo8e913xq.swf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6c4 [0150.750] GetConsoleMode (in: hConsoleHandle=0x6c4, lpMode=0xc0001c5d64 | out: lpMode=0xc0001c5d64) returned 0 [0150.751] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0150.763] SetEvent (hEvent=0xb50) returned 1 [0150.763] GetFileType (hFile=0x6c4) returned 0x1 [0150.763] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0150.796] WriteFile (in: hFile=0x6c4, lpBuffer=0xc0000a2000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesWritten=0xc0001c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.797] CloseHandle (hObject=0x6c4) returned 1 [0150.798] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\siwYarWYoo8E913xq.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\siwyarwyoo8e913xq.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-siwYarWYoo8E913xq.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-siwyarwyoo8e913xq.swf"), dwFlags=0x1) returned 1 [0153.178] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0153.196] SwitchToThread () returned 1 [0153.197] SetEvent (hEvent=0x9f0) returned 1 [0153.197] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0153.199] SetEvent (hEvent=0x9f0) returned 1 [0153.200] SetEvent (hEvent=0x9e8) returned 1 [0153.200] SetEvent (hEvent=0x208) returned 1 [0153.200] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0153.275] SetEvent (hEvent=0x9f0) returned 1 [0153.275] SetEvent (hEvent=0x9e8) returned 1 [0153.275] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0154.959] SetEvent (hEvent=0x9f0) returned 1 [0154.959] SetEvent (hEvent=0x100) returned 1 [0154.959] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0154.967] SetEvent (hEvent=0x9f0) returned 1 [0154.968] SetEvent (hEvent=0x208) returned 1 [0154.968] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0154.995] SetEvent (hEvent=0x8d0) returned 1 [0154.995] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0155.284] SetEvent (hEvent=0x100) returned 1 [0155.285] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0155.296] SetEvent (hEvent=0xb58) returned 1 [0155.296] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0155.361] SetEvent (hEvent=0x9e8) returned 1 [0155.361] SetEvent (hEvent=0x8d0) returned 1 [0155.361] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0156.288] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x768 [0156.289] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc0002f7cf4 | out: lpMode=0xc0002f7cf4) returned 0 [0156.305] GetFileType (hFile=0x768) returned 0x1 [0156.305] GetFileType (hFile=0x768) returned 0x1 [0156.305] GetFileInformationByHandle (in: hFile=0x768, lpFileInformation=0xc0002f7d44 | out: lpFileInformation=0xc0002f7d44) returned 1 [0156.306] GetFileInformationByHandleEx (in: hFile=0x768, FileInformationClass=0x9, lpFileInformation=0xc0002f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002f7d28) returned 1 [0156.306] SetEvent (hEvent=0x9e8) returned 1 [0156.306] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0161.232] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\eZAa8LdzP4i7tw-W_U\\lBbcWrlgX.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ezaa8ldzp4i7tw-w_u\\lbbcwrlgx.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x568 [0162.060] GetConsoleMode (in: hConsoleHandle=0x568, lpMode=0xc00038dcf4 | out: lpMode=0xc00038dcf4) returned 0 [0162.411] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0162.585] SetEvent (hEvent=0x208) returned 1 [0162.585] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0163.683] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000214160*, nNumberOfCharsToWrite=0x54, lpNumberOfCharsWritten=0xc000379808, lpReserved=0x0 | out: lpBuffer=0xc000214160*, lpNumberOfCharsWritten=0xc000379808*=0x54) returned 1 [0163.684] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c8120*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000379808, lpReserved=0x0 | out: lpBuffer=0xc0000c8120*, lpNumberOfCharsWritten=0xc000379808*=0x11) returned 1 [0163.685] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c8150*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000379808, lpReserved=0x0 | out: lpBuffer=0xc0000c8150*, lpNumberOfCharsWritten=0xc000379808*=0x11) returned 1 [0163.686] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0163.687] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\everywhere.search-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\encry-Everywhere.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\encry-everywhere.search-ms"), dwFlags=0x1) returned 1 [0166.986] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.037] SetEvent (hEvent=0xa10) returned 1 [0167.037] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.058] SetEvent (hEvent=0x114) returned 1 [0167.058] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.077] SetEvent (hEvent=0xa10) returned 1 [0167.077] SetEvent (hEvent=0x254) returned 1 [0167.077] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.085] SetEvent (hEvent=0x324) returned 1 [0167.085] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.112] SetEvent (hEvent=0xa10) returned 1 [0167.112] SwitchToThread () returned 1 [0167.114] VirtualFree (lpAddress=0xc000292000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0167.115] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.133] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.136] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.140] SetEvent (hEvent=0xa10) returned 1 [0167.140] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.144] SetEvent (hEvent=0xa10) returned 1 [0167.144] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a2100*, nNumberOfCharsToWrite=0x40, lpNumberOfCharsWritten=0xc00037b808, lpReserved=0x0 | out: lpBuffer=0xc0000a2100*, lpNumberOfCharsWritten=0xc00037b808*=0x40) returned 1 [0167.146] SetEvent (hEvent=0xa10) returned 1 [0167.146] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000e6000*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc00037b808, lpReserved=0x0 | out: lpBuffer=0xc0000e6000*, lpNumberOfCharsWritten=0xc00037b808*=0x11) returned 1 [0167.148] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000e6060*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc00037b808, lpReserved=0x0 | out: lpBuffer=0xc0000e6060*, lpNumberOfCharsWritten=0xc00037b808*=0x11) returned 1 [0167.150] VirtualAlloc (lpAddress=0xc0002de000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002de000 [0167.152] VirtualAlloc (lpAddress=0xc0002e0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e0000 [0167.153] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\PrintHood" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\printhood"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-PrintHood" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-printhood"), dwFlags=0x1) returned 1 [0167.398] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.404] SetEvent (hEvent=0xc1c) returned 1 [0167.404] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.417] SetEvent (hEvent=0xc14) returned 1 [0167.418] SwitchToThread () returned 1 [0167.421] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.433] SwitchToThread () returned 1 [0167.434] SetEvent (hEvent=0xc14) returned 1 [0167.435] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.445] SetEvent (hEvent=0xc14) returned 1 [0167.445] VirtualFree (lpAddress=0xc0006cc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.447] VirtualFree (lpAddress=0xc0003f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.447] VirtualFree (lpAddress=0xc0003d4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0167.448] VirtualFree (lpAddress=0xc000340000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.449] VirtualFree (lpAddress=0xc00031c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.450] VirtualFree (lpAddress=0xc0002fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.451] VirtualFree (lpAddress=0xc0002da000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.452] VirtualFree (lpAddress=0xc0002bc000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0167.453] VirtualFree (lpAddress=0xc000290000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.453] VirtualFree (lpAddress=0xc000262000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.454] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.455] VirtualFree (lpAddress=0xc000204000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.456] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.456] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.457] VirtualFree (lpAddress=0xc0000c2000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0167.459] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0167.460] VirtualFree (lpAddress=0xc00007a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.460] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.461] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.462] VirtualFree (lpAddress=0xc000056000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.463] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.465] SwitchToThread () returned 1 [0167.468] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.552] SwitchToThread () returned 1 [0167.554] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.556] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.558] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.560] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.561] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.565] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.566] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.568] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.572] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.575] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.578] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.580] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.582] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.584] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.586] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.588] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.589] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.591] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.595] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.597] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.599] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.600] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.601] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.602] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.603] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.606] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.611] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.613] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.614] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.615] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.616] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) returned 0x0 [0167.622] WaitForSingleObject (hHandle=0xa80, dwMilliseconds=0xffffffff) Thread: id = 143 os_tid = 0x6c8 [0142.070] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x38b3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x38b3fea0*=0x6d0) returned 1 [0142.070] VirtualQuery (in: lpAddress=0x38b3fec0, lpBuffer=0x38b3fec0, dwLength=0x30 | out: lpBuffer=0x38b3fec0*(BaseAddress=0x38b3f000, AllocationBase=0x38940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MMjUHDiGq7OE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mmjuhdigq7oe.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6d4 [0142.071] GetConsoleMode (in: hConsoleHandle=0x6d4, lpMode=0xc0003b1cf4 | out: lpMode=0xc0003b1cf4) returned 0 [0142.072] GetFileType (hFile=0x6d4) returned 0x1 [0142.072] GetFileType (hFile=0x6d4) returned 0x1 [0142.072] GetFileInformationByHandle (in: hFile=0x6d4, lpFileInformation=0xc0003b1d44 | out: lpFileInformation=0xc0003b1d44) returned 1 [0142.072] GetFileInformationByHandleEx (in: hFile=0x6d4, FileInformationClass=0x9, lpFileInformation=0xc0003b1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003b1d28) returned 1 [0142.072] ReadFile (in: hFile=0x6d4, lpBuffer=0xc0004fcf00, nNumberOfBytesToRead=0x217d, lpNumberOfBytesRead=0xc0003b1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004fcf00*, lpNumberOfBytesRead=0xc0003b1c04*=0x1f7d, lpOverlapped=0x0) returned 1 [0142.737] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa88 [0142.737] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa8c [0142.737] WaitForSingleObject (hHandle=0xa88, dwMilliseconds=0xffffffff) returned 0x0 [0143.837] ReadFile (in: hFile=0x6d4, lpBuffer=0xc0004fee7d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003b1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004fee7d*, lpNumberOfBytesRead=0xc0003b1c04*=0x0, lpOverlapped=0x0) returned 1 [0143.837] CloseHandle (hObject=0x6d4) returned 1 [0143.837] VirtualAlloc (lpAddress=0xc0006fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006fc000 [0143.839] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MMjUHDiGq7OE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mmjuhdigq7oe.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8 [0143.870] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc0003b1d04 | out: lpMode=0xc0003b1d04) returned 0 [0143.871] WaitForSingleObject (hHandle=0xa88, dwMilliseconds=0xffffffff) returned 0x0 [0144.495] SetEvent (hEvent=0xc0) returned 1 [0144.495] SetEvent (hEvent=0x8b8) returned 1 [0144.495] GetFileType (hFile=0x4d8) returned 0x1 [0144.495] WaitForSingleObject (hHandle=0xa88, dwMilliseconds=0xffffffff) returned 0x0 [0144.743] WriteFile (in: hFile=0x4d8, lpBuffer=0xc0006fc000*, nNumberOfBytesToWrite=0x1f80, lpNumberOfBytesWritten=0xc0003b1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006fc000*, lpNumberOfBytesWritten=0xc0003b1cec*=0x1f80, lpOverlapped=0x0) returned 1 [0144.744] CloseHandle (hObject=0x4d8) returned 1 [0144.745] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533701 | out: pbBuffer=0xc000533701) returned 1 [0144.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MMjUHDiGq7OE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mmjuhdigq7oe.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8 [0144.745] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc0003b1d64 | out: lpMode=0xc0003b1d64) returned 0 [0144.752] WaitForSingleObject (hHandle=0xa88, dwMilliseconds=0xffffffff) returned 0x0 [0145.525] SetEvent (hEvent=0x254) returned 1 [0145.525] GetFileType (hFile=0x4d8) returned 0x1 [0145.525] WaitForSingleObject (hHandle=0xa88, dwMilliseconds=0xffffffff) returned 0x0 [0146.048] WriteFile (in: hFile=0x4d8, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003b1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc0003b1d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.048] CloseHandle (hObject=0x4d8) returned 1 [0146.075] WaitForSingleObject (hHandle=0xa88, dwMilliseconds=0xffffffff) returned 0x0 [0146.191] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0146.193] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\MMjUHDiGq7OE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mmjuhdigq7oe.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-MMjUHDiGq7OE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-mmjuhdigq7oe.lnk"), dwFlags=0x1) returned 1 [0150.667] WaitForSingleObject (hHandle=0xa88, dwMilliseconds=0xffffffff) returned 0x0 [0151.322] SetEvent (hEvent=0xa68) returned 1 [0151.322] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qejopG361M8.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qejopg361m8.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7a0 [0151.322] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000189cf4 | out: lpMode=0xc000189cf4) returned 0 [0151.336] GetFileType (hFile=0x7a0) returned 0x1 [0151.336] GetFileType (hFile=0x7a0) returned 0x1 [0151.336] GetFileInformationByHandle (in: hFile=0x7a0, lpFileInformation=0xc000189d44 | out: lpFileInformation=0xc000189d44) returned 1 [0151.336] GetFileInformationByHandleEx (in: hFile=0x7a0, FileInformationClass=0x9, lpFileInformation=0xc000189d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000189d28) returned 1 [0151.336] ReadFile (in: hFile=0x7a0, lpBuffer=0xc00021e000, nNumberOfBytesToRead=0x3d41, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021e000*, lpNumberOfBytesRead=0xc000189c04*=0x3b41, lpOverlapped=0x0) returned 1 [0151.337] ReadFile (in: hFile=0x7a0, lpBuffer=0xc000221b41, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000189c04, lpOverlapped=0x0 | out: lpBuffer=0xc000221b41*, lpNumberOfBytesRead=0xc000189c04*=0x0, lpOverlapped=0x0) returned 1 [0151.337] CloseHandle (hObject=0x7a0) returned 1 [0151.337] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0151.339] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0151.340] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0151.342] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qejopG361M8.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qejopg361m8.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0151.343] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000189d04 | out: lpMode=0xc000189d04) returned 0 [0151.349] GetFileType (hFile=0x7a0) returned 0x1 [0151.349] WriteFile (in: hFile=0x7a0, lpBuffer=0xc000238000*, nNumberOfBytesToWrite=0x3b50, lpNumberOfBytesWritten=0xc000189cec, lpOverlapped=0x0 | out: lpBuffer=0xc000238000*, lpNumberOfBytesWritten=0xc000189cec*=0x3b50, lpOverlapped=0x0) returned 1 [0151.351] CloseHandle (hObject=0x7a0) returned 1 [0151.351] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0151.352] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0151.353] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0151.354] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0151.357] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0151.358] VirtualAlloc (lpAddress=0xc000284000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000284000 [0151.359] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qejopG361M8.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qejopg361m8.mkv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0151.359] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000189d64 | out: lpMode=0xc000189d64) returned 0 [0151.361] WaitForSingleObject (hHandle=0xa88, dwMilliseconds=0xffffffff) returned 0x0 [0151.767] GetFileType (hFile=0x7a0) returned 0x1 [0151.767] WriteFile (in: hFile=0x7a0, lpBuffer=0xc0000d7340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000189d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7340*, lpNumberOfBytesWritten=0xc000189d4c*=0x158, lpOverlapped=0x0) returned 1 [0151.768] CloseHandle (hObject=0x7a0) returned 1 [0151.768] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\qejopG361M8.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\qejopg361m8.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-qejopG361M8.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-qejopg361m8.mkv"), dwFlags=0x1) returned 1 [0151.771] SetEvent (hEvent=0xc1c) returned 1 [0151.771] WaitForSingleObject (hHandle=0xa88, dwMilliseconds=0xffffffff) returned 0x0 [0161.532] SetEvent (hEvent=0xc04) returned 1 [0161.532] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001c0680*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0xc000129808, lpReserved=0x0 | out: lpBuffer=0xc0001c0680*, lpNumberOfCharsWritten=0xc000129808*=0x3e) returned 1 [0161.534] SetEvent (hEvent=0xc04) returned 1 [0161.534] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.104] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*", lpFindFileData=0xc000129a08 | out: lpFindFileData=0xc000129a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.104] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000129720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.105] WaitForSingleObject (hHandle=0xa88, dwMilliseconds=0xffffffff) Thread: id = 144 os_tid = 0xa50 [0142.075] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x38d3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x38d3fea0*=0x6bc) returned 1 [0142.075] VirtualQuery (in: lpAddress=0x38d3fec0, lpBuffer=0x38d3fec0, dwLength=0x30 | out: lpBuffer=0x38d3fec0*(BaseAddress=0x38d3f000, AllocationBase=0x38b40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZP3EtF2zN8ybT3QrgX8N.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zp3etf2zn8ybt3qrgx8n.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6d8 [0142.076] GetConsoleMode (in: hConsoleHandle=0x6d8, lpMode=0xc000419cf4 | out: lpMode=0xc000419cf4) returned 0 [0142.077] GetFileType (hFile=0x6d8) returned 0x1 [0142.077] GetFileType (hFile=0x6d8) returned 0x1 [0142.077] GetFileInformationByHandle (in: hFile=0x6d8, lpFileInformation=0xc000419d44 | out: lpFileInformation=0xc000419d44) returned 1 [0142.077] GetFileInformationByHandleEx (in: hFile=0x6d8, FileInformationClass=0x9, lpFileInformation=0xc000419d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000419d28) returned 1 [0142.078] ReadFile (in: hFile=0x6d8, lpBuffer=0xc000336c00, nNumberOfBytesToRead=0x111d, lpNumberOfBytesRead=0xc000419c04, lpOverlapped=0x0 | out: lpBuffer=0xc000336c00*, lpNumberOfBytesRead=0xc000419c04*=0xf1d, lpOverlapped=0x0) returned 1 [0142.739] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa90 [0142.739] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa94 [0142.739] WaitForSingleObject (hHandle=0xa90, dwMilliseconds=0xffffffff) returned 0x0 [0143.173] ReadFile (in: hFile=0x6d8, lpBuffer=0xc000337b1d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000419c04, lpOverlapped=0x0 | out: lpBuffer=0xc000337b1d*, lpNumberOfBytesRead=0xc000419c04*=0x0, lpOverlapped=0x0) returned 1 [0143.173] CloseHandle (hObject=0x6d8) returned 1 [0143.173] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZP3EtF2zN8ybT3QrgX8N.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zp3etf2zn8ybt3qrgx8n.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6d8 [0143.175] GetConsoleMode (in: hConsoleHandle=0x6d8, lpMode=0xc000419d04 | out: lpMode=0xc000419d04) returned 0 [0143.180] GetFileType (hFile=0x6d8) returned 0x1 [0143.181] WriteFile (in: hFile=0x6d8, lpBuffer=0xc00061a000*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0xc000419cec, lpOverlapped=0x0 | out: lpBuffer=0xc00061a000*, lpNumberOfBytesWritten=0xc000419cec*=0xf20, lpOverlapped=0x0) returned 1 [0143.182] CloseHandle (hObject=0x6d8) returned 1 [0143.182] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1a01 | out: pbBuffer=0xc0000e1a01) returned 1 [0143.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZP3EtF2zN8ybT3QrgX8N.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zp3etf2zn8ybt3qrgx8n.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6d8 [0143.182] GetConsoleMode (in: hConsoleHandle=0x6d8, lpMode=0xc000419d64 | out: lpMode=0xc000419d64) returned 0 [0143.187] GetFileType (hFile=0x6d8) returned 0x1 [0143.187] WriteFile (in: hFile=0x6d8, lpBuffer=0xc000683080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000419d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000683080*, lpNumberOfBytesWritten=0xc000419d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.187] CloseHandle (hObject=0x6d8) returned 1 [0143.187] VirtualAlloc (lpAddress=0xc000656000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000656000 [0143.189] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ZP3EtF2zN8ybT3QrgX8N.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zp3etf2zn8ybt3qrgx8n.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-ZP3EtF2zN8ybT3QrgX8N.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-zp3etf2zn8ybt3qrgx8n.lnk"), dwFlags=0x1) returned 1 [0143.191] SetEvent (hEvent=0xa98) returned 1 [0143.191] WaitForSingleObject (hHandle=0xa90, dwMilliseconds=0xffffffff) returned 0x0 [0143.201] SetEvent (hEvent=0xaa0) returned 1 [0143.201] WaitForSingleObject (hHandle=0xa90, dwMilliseconds=0xffffffff) Thread: id = 145 os_tid = 0xa60 [0142.078] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x38f3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x38f3fea0*=0x6e0) returned 1 [0142.078] VirtualQuery (in: lpAddress=0x38f3fec0, lpBuffer=0x38f3fec0, dwLength=0x30 | out: lpBuffer=0x38f3fec0*(BaseAddress=0x38f3f000, AllocationBase=0x38d40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Wfqsgh z BG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wfqsgh z bg.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6e4 [0142.079] GetConsoleMode (in: hConsoleHandle=0x6e4, lpMode=0xc00040dcf4 | out: lpMode=0xc00040dcf4) returned 0 [0142.079] GetFileType (hFile=0x6e4) returned 0x1 [0142.079] VirtualAlloc (lpAddress=0xc000226000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000226000 [0142.081] GetFileType (hFile=0x6e4) returned 0x1 [0142.081] GetFileInformationByHandle (in: hFile=0x6e4, lpFileInformation=0xc00040dd44 | out: lpFileInformation=0xc00040dd44) returned 1 [0142.081] GetFileInformationByHandleEx (in: hFile=0x6e4, FileInformationClass=0x9, lpFileInformation=0xc00040dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00040dd28) returned 1 [0142.081] ReadFile (in: hFile=0x6e4, lpBuffer=0xc000180c80, nNumberOfBytesToRead=0xc42, lpNumberOfBytesRead=0xc00040dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000180c80*, lpNumberOfBytesRead=0xc00040dc04*=0xa42, lpOverlapped=0x0) returned 1 [0142.740] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa98 [0142.740] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xa9c [0142.741] WaitForSingleObject (hHandle=0xa98, dwMilliseconds=0xffffffff) returned 0x0 [0143.199] SetEvent (hEvent=0xc0) returned 1 [0143.199] ReadFile (in: hFile=0x6e4, lpBuffer=0xc0001816c2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00040dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001816c2*, lpNumberOfBytesRead=0xc00040dc04*=0x0, lpOverlapped=0x0) returned 1 [0143.199] WaitForSingleObject (hHandle=0xa98, dwMilliseconds=0xffffffff) returned 0x0 [0144.036] CloseHandle (hObject=0x6e4) returned 1 [0144.037] SetEvent (hEvent=0x8e8) returned 1 [0144.037] WaitForSingleObject (hHandle=0xa98, dwMilliseconds=0xffffffff) returned 0x0 [0144.039] SetEvent (hEvent=0xba8) returned 1 [0144.039] WaitForSingleObject (hHandle=0xa98, dwMilliseconds=0xffffffff) Thread: id = 146 os_tid = 0xa70 [0142.086] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3913fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3913fea0*=0x6e8) returned 1 [0142.086] VirtualQuery (in: lpAddress=0x3913fec0, lpBuffer=0x3913fec0, dwLength=0x30 | out: lpBuffer=0x3913fec0*(BaseAddress=0x3913f000, AllocationBase=0x38f40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.086] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6ec [0142.087] GetConsoleMode (in: hConsoleHandle=0x6ec, lpMode=0xc000431cf4 | out: lpMode=0xc000431cf4) returned 0 [0142.087] GetFileType (hFile=0x6ec) returned 0x1 [0142.087] GetFileType (hFile=0x6ec) returned 0x1 [0142.087] GetFileInformationByHandle (in: hFile=0x6ec, lpFileInformation=0xc000431d44 | out: lpFileInformation=0xc000431d44) returned 1 [0142.087] GetFileInformationByHandleEx (in: hFile=0x6ec, FileInformationClass=0x9, lpFileInformation=0xc000431d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000431d28) returned 1 [0142.087] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0142.088] ReadFile (in: hFile=0x6ec, lpBuffer=0xc0003fe000, nNumberOfBytesToRead=0x3b0, lpNumberOfBytesRead=0xc000431c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe000*, lpNumberOfBytesRead=0xc000431c04*=0x1b0, lpOverlapped=0x0) returned 1 [0142.741] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xaa0 [0142.741] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xaa4 [0142.742] WaitForSingleObject (hHandle=0xaa0, dwMilliseconds=0xffffffff) returned 0x0 [0143.203] ReadFile (in: hFile=0x6ec, lpBuffer=0xc0003fe1b0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000431c04, lpOverlapped=0x0 | out: lpBuffer=0xc0003fe1b0*, lpNumberOfBytesRead=0xc000431c04*=0x0, lpOverlapped=0x0) returned 1 [0143.203] CloseHandle (hObject=0x6ec) returned 1 [0143.203] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0143.203] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini\\*", lpFindFileData=0xc000431a08 | out: lpFindFileData=0xc000431a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0143.203] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000431720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0143.203] SetEvent (hEvent=0xaa8) returned 1 [0143.203] WaitForSingleObject (hHandle=0xaa0, dwMilliseconds=0xffffffff) returned 0x0 [0143.236] SetEvent (hEvent=0x364) returned 1 [0143.236] WaitForSingleObject (hHandle=0xaa0, dwMilliseconds=0xffffffff) returned 0x0 [0143.259] SetEvent (hEvent=0x9d8) returned 1 [0143.259] WaitForSingleObject (hHandle=0xaa0, dwMilliseconds=0xffffffff) returned 0x0 [0143.291] SetEvent (hEvent=0x9e0) returned 1 [0143.291] WaitForSingleObject (hHandle=0xaa0, dwMilliseconds=0xffffffff) returned 0x0 [0143.300] SetEvent (hEvent=0xb8) returned 1 [0143.300] WaitForSingleObject (hHandle=0xaa0, dwMilliseconds=0xffffffff) Thread: id = 147 os_tid = 0xa4c [0142.090] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3933fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3933fea0*=0x6f0) returned 1 [0142.090] VirtualQuery (in: lpAddress=0x3933fec0, lpBuffer=0x3933fec0, dwLength=0x30 | out: lpBuffer=0x3933fec0*(BaseAddress=0x3933f000, AllocationBase=0x39140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.090] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6f4 [0142.091] GetConsoleMode (in: hConsoleHandle=0x6f4, lpMode=0xc0003bbcf4 | out: lpMode=0xc0003bbcf4) returned 0 [0142.092] GetFileType (hFile=0x6f4) returned 0x1 [0142.092] GetFileType (hFile=0x6f4) returned 0x1 [0142.092] GetFileInformationByHandle (in: hFile=0x6f4, lpFileInformation=0xc0003bbd44 | out: lpFileInformation=0xc0003bbd44) returned 1 [0142.092] GetFileInformationByHandleEx (in: hFile=0x6f4, FileInformationClass=0x9, lpFileInformation=0xc0003bbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003bbd28) returned 1 [0142.092] VirtualAlloc (lpAddress=0xc00050a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00050a000 [0142.093] ReadFile (in: hFile=0x6f4, lpBuffer=0xc00050a000, nNumberOfBytesToRead=0x72a, lpNumberOfBytesRead=0xc0003bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00050a000*, lpNumberOfBytesRead=0xc0003bbc04*=0x52a, lpOverlapped=0x0) returned 1 [0142.743] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xaa8 [0142.743] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xaac [0142.743] WaitForSingleObject (hHandle=0xaa8, dwMilliseconds=0xffffffff) returned 0x0 [0143.218] ReadFile (in: hFile=0x6f4, lpBuffer=0xc00050a52a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003bbc04, lpOverlapped=0x0 | out: lpBuffer=0xc00050a52a*, lpNumberOfBytesRead=0xc0003bbc04*=0x0, lpOverlapped=0x0) returned 1 [0143.218] CloseHandle (hObject=0x6f4) returned 1 [0143.218] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6f4 [0143.219] GetConsoleMode (in: hConsoleHandle=0x6f4, lpMode=0xc0003bbd04 | out: lpMode=0xc0003bbd04) returned 0 [0143.221] GetFileType (hFile=0x6f4) returned 0x1 [0143.222] WriteFile (in: hFile=0x6f4, lpBuffer=0xc00021ab00*, nNumberOfBytesToWrite=0x530, lpNumberOfBytesWritten=0xc0003bbcec, lpOverlapped=0x0 | out: lpBuffer=0xc00021ab00*, lpNumberOfBytesWritten=0xc0003bbcec*=0x530, lpOverlapped=0x0) returned 1 [0143.223] CloseHandle (hObject=0x6f4) returned 1 [0143.223] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0143.223] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6f4 [0143.223] GetConsoleMode (in: hConsoleHandle=0x6f4, lpMode=0xc0003bbd64 | out: lpMode=0xc0003bbd64) returned 0 [0143.227] GetFileType (hFile=0x6f4) returned 0x1 [0143.227] WriteFile (in: hFile=0x6f4, lpBuffer=0xc000683340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003bbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000683340*, lpNumberOfBytesWritten=0xc0003bbd4c*=0x158, lpOverlapped=0x0) returned 1 [0143.227] CloseHandle (hObject=0x6f4) returned 1 [0143.227] VirtualAlloc (lpAddress=0xc000658000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000658000 [0143.228] VirtualAlloc (lpAddress=0xc00065a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00065a000 [0143.229] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Music.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my music.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-My Music.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-my music.lnk"), dwFlags=0x1) returned 1 [0143.232] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3933fe30*=0xaa8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.233] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3933f698, ulCount=0x10, ulNumEntriesRemoved=0x3933f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3933f698, ulNumEntriesRemoved=0x3933f66c) returned 0 [0143.233] SetEvent (hEvent=0xc0) returned 1 [0143.233] SetEvent (hEvent=0xaa0) returned 1 [0143.233] SetEvent (hEvent=0x8f0) returned 1 [0143.233] SetEvent (hEvent=0x3c8) returned 1 [0143.235] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3933fe08*=0xaa8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.245] SetEvent (hEvent=0x3c8) returned 1 [0143.245] SetEvent (hEvent=0x8f0) returned 1 [0143.245] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3933fe08*=0xaa8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0143.258] WaitForSingleObject (hHandle=0xaa8, dwMilliseconds=0xffffffff) returned 0x0 [0143.258] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3933fe30*=0xaa8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.259] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3933f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3933f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3933f6a0, ulNumEntriesRemoved=0x3933f674) returned 0 [0143.259] SetEvent (hEvent=0x8e0) returned 1 [0143.259] SetEvent (hEvent=0xaa0) returned 1 [0143.259] SetEvent (hEvent=0x8f0) returned 1 [0143.259] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3933fe18*=0xaa8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.264] SetEvent (hEvent=0xab0) returned 1 [0143.264] WaitForSingleObject (hHandle=0xaa8, dwMilliseconds=0xffffffff) returned 0x0 [0143.291] SetEvent (hEvent=0x414) returned 1 [0143.291] SetEvent (hEvent=0x908) returned 1 [0143.291] WaitForSingleObject (hHandle=0xaa8, dwMilliseconds=0xffffffff) returned 0x0 [0143.301] SetEvent (hEvent=0x414) returned 1 [0143.301] SetEvent (hEvent=0x910) returned 1 [0143.301] WaitForSingleObject (hHandle=0xaa8, dwMilliseconds=0xffffffff) returned 0x0 [0143.327] SetEvent (hEvent=0xb70) returned 1 [0143.327] WaitForSingleObject (hHandle=0xaa8, dwMilliseconds=0xffffffff) returned 0x0 [0143.342] SetEvent (hEvent=0x9e8) returned 1 [0143.342] WaitForSingleObject (hHandle=0xaa8, dwMilliseconds=0xffffffff) returned 0x0 [0143.376] SetEvent (hEvent=0x62c) returned 1 [0143.377] WaitForSingleObject (hHandle=0xaa8, dwMilliseconds=0xffffffff) returned 0x0 [0143.396] SetEvent (hEvent=0x9f8) returned 1 [0143.396] WaitForSingleObject (hHandle=0xaa8, dwMilliseconds=0xffffffff) Thread: id = 148 os_tid = 0xa48 [0142.094] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3953fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3953fea0*=0x6dc) returned 1 [0142.094] VirtualQuery (in: lpAddress=0x3953fec0, lpBuffer=0x3953fec0, dwLength=0x30 | out: lpBuffer=0x3953fec0*(BaseAddress=0x3953f000, AllocationBase=0x39340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.094] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Zy3m6BoJYB p.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zy3m6bojyb p.ots.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6f8 [0142.095] GetConsoleMode (in: hConsoleHandle=0x6f8, lpMode=0xc000423cf4 | out: lpMode=0xc000423cf4) returned 0 [0142.096] GetFileType (hFile=0x6f8) returned 0x1 [0142.096] GetFileType (hFile=0x6f8) returned 0x1 [0142.096] GetFileInformationByHandle (in: hFile=0x6f8, lpFileInformation=0xc000423d44 | out: lpFileInformation=0xc000423d44) returned 1 [0142.096] GetFileInformationByHandleEx (in: hFile=0x6f8, FileInformationClass=0x9, lpFileInformation=0xc000423d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000423d28) returned 1 [0142.096] VirtualAlloc (lpAddress=0xc000372000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000372000 [0142.097] ReadFile (in: hFile=0x6f8, lpBuffer=0xc000372000, nNumberOfBytesToRead=0x1b68, lpNumberOfBytesRead=0xc000423c04, lpOverlapped=0x0 | out: lpBuffer=0xc000372000*, lpNumberOfBytesRead=0xc000423c04*=0x1968, lpOverlapped=0x0) returned 1 [0142.745] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xab0 [0142.745] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xab4 [0142.745] WaitForSingleObject (hHandle=0xab0, dwMilliseconds=0xffffffff) returned 0x0 [0143.275] ReadFile (in: hFile=0x6f8, lpBuffer=0xc000373968, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000423c04, lpOverlapped=0x0 | out: lpBuffer=0xc000373968*, lpNumberOfBytesRead=0xc000423c04*=0x0, lpOverlapped=0x0) returned 1 [0143.275] CloseHandle (hObject=0x6f8) returned 1 [0143.275] VirtualAlloc (lpAddress=0xc00065c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00065c000 [0143.276] VirtualAlloc (lpAddress=0xc00065e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00065e000 [0143.278] VirtualAlloc (lpAddress=0xc000660000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000660000 [0143.279] VirtualAlloc (lpAddress=0xc000662000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000662000 [0143.280] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Zy3m6BoJYB p.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zy3m6bojyb p.ots.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6f8 [0143.281] GetConsoleMode (in: hConsoleHandle=0x6f8, lpMode=0xc000423d04 | out: lpMode=0xc000423d04) returned 0 [0143.290] WaitForSingleObject (hHandle=0xab0, dwMilliseconds=0xffffffff) returned 0x0 [0144.158] GetFileType (hFile=0x6f8) returned 0x1 [0144.158] WriteFile (in: hFile=0x6f8, lpBuffer=0xc000510c80*, nNumberOfBytesToWrite=0x1970, lpNumberOfBytesWritten=0xc000423cec, lpOverlapped=0x0 | out: lpBuffer=0xc000510c80*, lpNumberOfBytesWritten=0xc000423cec*=0x1970, lpOverlapped=0x0) returned 1 [0144.160] CloseHandle (hObject=0x6f8) returned 1 [0144.160] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0144.160] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Zy3m6BoJYB p.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zy3m6bojyb p.ots.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6f8 [0144.160] GetConsoleMode (in: hConsoleHandle=0x6f8, lpMode=0xc000423d64 | out: lpMode=0xc000423d64) returned 0 [0144.161] GetFileType (hFile=0x6f8) returned 0x1 [0144.161] WriteFile (in: hFile=0x6f8, lpBuffer=0xc0002911e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000423d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002911e0*, lpNumberOfBytesWritten=0xc000423d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.161] CloseHandle (hObject=0x6f8) returned 1 [0144.162] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Zy3m6BoJYB p.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zy3m6bojyb p.ots.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-Zy3m6BoJYB p.ots.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-zy3m6bojyb p.ots.lnk"), dwFlags=0x1) returned 1 [0144.164] SetEvent (hEvent=0x15c) returned 1 [0144.164] WaitForSingleObject (hHandle=0xab0, dwMilliseconds=0xffffffff) Thread: id = 149 os_tid = 0x264 [0142.097] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3973fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3973fea0*=0x700) returned 1 [0142.097] VirtualQuery (in: lpAddress=0x3973fec0, lpBuffer=0x3973fec0, dwLength=0x30 | out: lpBuffer=0x3973fec0*(BaseAddress=0x3973f000, AllocationBase=0x39540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.097] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jHuL_YLH6suGmW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jhul_ylh6sugmw.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x704 [0142.098] GetConsoleMode (in: hConsoleHandle=0x704, lpMode=0xc000441cf4 | out: lpMode=0xc000441cf4) returned 0 [0142.099] GetFileType (hFile=0x704) returned 0x1 [0142.099] GetFileType (hFile=0x704) returned 0x1 [0142.099] GetFileInformationByHandle (in: hFile=0x704, lpFileInformation=0xc000441d44 | out: lpFileInformation=0xc000441d44) returned 1 [0142.099] GetFileInformationByHandleEx (in: hFile=0x704, FileInformationClass=0x9, lpFileInformation=0xc000441d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000441d28) returned 1 [0142.099] VirtualAlloc (lpAddress=0xc0005ea000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005ea000 [0142.108] ReadFile (in: hFile=0x704, lpBuffer=0xc0005ea000, nNumberOfBytesToRead=0x2830, lpNumberOfBytesRead=0xc000441c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005ea000*, lpNumberOfBytesRead=0xc000441c04*=0x2630, lpOverlapped=0x0) returned 1 [0142.746] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xab8 [0142.746] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xabc [0142.746] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0143.293] ReadFile (in: hFile=0x704, lpBuffer=0xc0005ec630, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000441c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005ec630*, lpNumberOfBytesRead=0xc000441c04*=0x0, lpOverlapped=0x0) returned 1 [0143.294] CloseHandle (hObject=0x704) returned 1 [0143.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jHuL_YLH6suGmW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jhul_ylh6sugmw.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x704 [0143.295] GetConsoleMode (in: hConsoleHandle=0x704, lpMode=0xc000441d04 | out: lpMode=0xc000441d04) returned 0 [0143.300] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0144.190] SetEvent (hEvent=0xc0) returned 1 [0144.190] GetFileType (hFile=0x704) returned 0x1 [0144.190] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0144.611] WriteFile (in: hFile=0x704, lpBuffer=0xc000609000*, nNumberOfBytesToWrite=0x2640, lpNumberOfBytesWritten=0xc000441cec, lpOverlapped=0x0 | out: lpBuffer=0xc000609000*, lpNumberOfBytesWritten=0xc000441cec*=0x2640, lpOverlapped=0x0) returned 1 [0144.612] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0144.953] CloseHandle (hObject=0x704) returned 1 [0144.959] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0145.639] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0145.639] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jHuL_YLH6suGmW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jhul_ylh6sugmw.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x728 [0145.640] GetConsoleMode (in: hConsoleHandle=0x728, lpMode=0xc000441d64 | out: lpMode=0xc000441d64) returned 0 [0145.649] GetFileType (hFile=0x728) returned 0x1 [0145.649] WriteFile (in: hFile=0x728, lpBuffer=0xc00007e580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000441d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e580*, lpNumberOfBytesWritten=0xc000441d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.649] CloseHandle (hObject=0x728) returned 1 [0145.674] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jHuL_YLH6suGmW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jhul_ylh6sugmw.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-jHuL_YLH6suGmW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-jhul_ylh6sugmw.lnk"), dwFlags=0x1) returned 1 [0148.135] SetEvent (hEvent=0xae0) returned 1 [0148.135] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0148.140] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0148.144] SetEvent (hEvent=0x28c) returned 1 [0148.144] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0148.145] SetEvent (hEvent=0x28c) returned 1 [0148.145] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0148.146] SetEvent (hEvent=0x28c) returned 1 [0148.146] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0148.148] SetEvent (hEvent=0x28c) returned 1 [0148.148] SetEvent (hEvent=0x43c) returned 1 [0148.148] SetEvent (hEvent=0xac8) returned 1 [0148.149] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0148.155] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0148.248] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d25a0*, nNumberOfCharsToWrite=0x84, lpNumberOfCharsWritten=0xc000241808, lpReserved=0x0 | out: lpBuffer=0xc0003d25a0*, lpNumberOfCharsWritten=0xc000241808*=0x84) returned 1 [0148.251] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0148.252] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0148.252] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000241d64 | out: lpMode=0xc000241d64) returned 0 [0148.253] GetFileType (hFile=0x6a4) returned 0x1 [0148.253] WriteFile (in: hFile=0x6a4, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000241d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc000241d4c*=0x158, lpOverlapped=0x0) returned 1 [0149.238] SwitchToThread () returned 1 [0149.239] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0149.358] CloseHandle (hObject=0x6a4) returned 1 [0149.383] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\encry-Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0150.836] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0150.837] SwitchToThread () returned 1 [0150.841] SetEvent (hEvent=0x1b4) returned 1 [0150.841] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0151.036] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\846qyHVIL2d.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\846qyhvil2d.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2b4 [0151.036] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000195cf4 | out: lpMode=0xc000195cf4) returned 0 [0151.039] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0151.463] SetEvent (hEvent=0xa68) returned 1 [0151.463] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0151.467] SetEvent (hEvent=0xa68) returned 1 [0151.467] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\0S4Zi2d7.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\0s4zi2d7.ots"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7c4 [0151.468] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc0001c7cf4 | out: lpMode=0xc0001c7cf4) returned 0 [0151.485] GetFileType (hFile=0x7c4) returned 0x1 [0151.486] GetFileType (hFile=0x7c4) returned 0x1 [0151.486] GetFileInformationByHandle (in: hFile=0x7c4, lpFileInformation=0xc0001c7d44 | out: lpFileInformation=0xc0001c7d44) returned 1 [0151.486] GetFileInformationByHandleEx (in: hFile=0x7c4, FileInformationClass=0x9, lpFileInformation=0xc0001c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c7d28) returned 1 [0151.486] ReadFile (in: hFile=0x7c4, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xa96c, lpNumberOfBytesRead=0xc0001c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0001c7c04*=0xa76c, lpOverlapped=0x0) returned 1 [0151.488] ReadFile (in: hFile=0x7c4, lpBuffer=0xc00021c76c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00021c76c*, lpNumberOfBytesRead=0xc0001c7c04*=0x0, lpOverlapped=0x0) returned 1 [0151.488] CloseHandle (hObject=0x7c4) returned 1 [0151.488] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\0S4Zi2d7.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\0s4zi2d7.ots"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0151.490] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc0001c7d04 | out: lpMode=0xc0001c7d04) returned 0 [0151.501] GetFileType (hFile=0x7c4) returned 0x1 [0151.501] WriteFile (in: hFile=0x7c4, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0xa770, lpNumberOfBytesWritten=0xc0001c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc0001c7cec*=0xa770, lpOverlapped=0x0) returned 1 [0151.504] CloseHandle (hObject=0x7c4) returned 1 [0151.504] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0151.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\0S4Zi2d7.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\0s4zi2d7.ots"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0151.505] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc0001c7d64 | out: lpMode=0xc0001c7d64) returned 0 [0151.508] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0152.034] GetFileType (hFile=0x7c4) returned 0x1 [0152.035] WriteFile (in: hFile=0x7c4, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc0001c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0152.035] CloseHandle (hObject=0x7c4) returned 1 [0152.035] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\0S4Zi2d7.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\0s4zi2d7.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\encry-0S4Zi2d7.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\encry-0s4zi2d7.ots"), dwFlags=0x1) returned 1 [0152.037] SetEvent (hEvent=0x1a0) returned 1 [0152.037] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0152.044] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x510 [0152.045] GetConsoleMode (in: hConsoleHandle=0x510, lpMode=0xc000429cf4 | out: lpMode=0xc000429cf4) returned 0 [0152.057] GetFileType (hFile=0x510) returned 0x1 [0152.057] GetFileType (hFile=0x510) returned 0x1 [0152.058] GetFileInformationByHandle (in: hFile=0x510, lpFileInformation=0xc000429d44 | out: lpFileInformation=0xc000429d44) returned 1 [0152.058] GetFileInformationByHandleEx (in: hFile=0x510, FileInformationClass=0x9, lpFileInformation=0xc000429d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000429d28) returned 1 [0152.058] ReadFile (in: hFile=0x510, lpBuffer=0xc0000f02c0, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0xc000429c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f02c0*, lpNumberOfBytesRead=0xc000429c04*=0x85, lpOverlapped=0x0) returned 1 [0152.080] ReadFile (in: hFile=0x510, lpBuffer=0xc0000f0345, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000429c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0345*, lpNumberOfBytesRead=0xc000429c04*=0x0, lpOverlapped=0x0) returned 1 [0152.080] CloseHandle (hObject=0x510) returned 1 [0152.081] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x510 [0152.082] GetConsoleMode (in: hConsoleHandle=0x510, lpMode=0xc000429d04 | out: lpMode=0xc000429d04) returned 0 [0152.101] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0152.314] GetFileType (hFile=0x510) returned 0x1 [0152.314] WriteFile (in: hFile=0x510, lpBuffer=0xc0002c43f0*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc000429cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002c43f0*, lpNumberOfBytesWritten=0xc000429cec*=0x90, lpOverlapped=0x0) returned 1 [0152.315] CloseHandle (hObject=0x510) returned 1 [0152.315] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0152.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x510 [0152.315] GetConsoleMode (in: hConsoleHandle=0x510, lpMode=0xc000429d64 | out: lpMode=0xc000429d64) returned 0 [0152.319] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0152.609] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0152.702] SetEvent (hEvent=0x9f0) returned 1 [0152.703] SetEvent (hEvent=0xc80) returned 1 [0152.703] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.704] SetEvent (hEvent=0xa30) returned 1 [0152.704] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0161.268] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\1nrsYWYoyXhGH4G0oF8.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\1nrsywyoyxhgh4g0of8.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3bc [0162.048] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc0002adcf4 | out: lpMode=0xc0002adcf4) returned 0 [0162.406] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0162.596] SetEvent (hEvent=0xc80) returned 1 [0162.597] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0163.507] WriteFile (in: hFile=0x8a4, lpBuffer=0xc000524000*, nNumberOfBytesToWrite=0xaa70, lpNumberOfBytesWritten=0xc000359cec, lpOverlapped=0x0 | out: lpBuffer=0xc000524000*, lpNumberOfBytesWritten=0xc000359cec*=0xaa70, lpOverlapped=0x0) returned 1 [0166.340] CloseHandle (hObject=0x8a4) returned 1 [0166.710] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0166.829] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b201 | out: pbBuffer=0xc00031b201) returned 1 [0166.830] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\F_JGkxr6yc.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\f_jgkxr6yc.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0166.859] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) returned 0x0 [0167.079] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000359d64 | out: lpMode=0xc000359d64) returned 0 [0167.084] GetFileType (hFile=0x36c) returned 0x1 [0167.084] WriteFile (in: hFile=0x36c, lpBuffer=0xc000184160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000359d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000184160*, lpNumberOfBytesWritten=0xc000359d4c*=0x158, lpOverlapped=0x0) returned 1 [0167.084] CloseHandle (hObject=0x36c) returned 1 [0167.084] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\F_JGkxr6yc.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\f_jgkxr6yc.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\encry-F_JGkxr6yc.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\encry-f_jgkxr6yc.png"), dwFlags=0x1) returned 1 [0167.382] WaitForSingleObject (hHandle=0xab8, dwMilliseconds=0xffffffff) Thread: id = 150 os_tid = 0x524 [0142.109] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3993fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3993fea0*=0x708) returned 1 [0142.109] VirtualQuery (in: lpAddress=0x3993fec0, lpBuffer=0x3993fec0, dwLength=0x30 | out: lpBuffer=0x3993fec0*(BaseAddress=0x3993f000, AllocationBase=0x39740000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.110] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dlkfd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dlkfd.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x70c [0142.111] GetConsoleMode (in: hConsoleHandle=0x70c, lpMode=0xc00043bcf4 | out: lpMode=0xc00043bcf4) returned 0 [0142.112] GetFileType (hFile=0x70c) returned 0x1 [0142.112] GetFileType (hFile=0x70c) returned 0x1 [0142.113] GetFileInformationByHandle (in: hFile=0x70c, lpFileInformation=0xc00043bd44 | out: lpFileInformation=0xc00043bd44) returned 1 [0142.113] GetFileInformationByHandleEx (in: hFile=0x70c, FileInformationClass=0x9, lpFileInformation=0xc00043bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00043bd28) returned 1 [0142.113] ReadFile (in: hFile=0x70c, lpBuffer=0xc0002b7800, nNumberOfBytesToRead=0xc00, lpNumberOfBytesRead=0xc00043bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b7800*, lpNumberOfBytesRead=0xc00043bc04*=0xa00, lpOverlapped=0x0) returned 1 [0142.748] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xac8 [0142.748] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xacc [0142.748] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0143.373] ReadFile (in: hFile=0x70c, lpBuffer=0xc0002b8200, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00043bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b8200*, lpNumberOfBytesRead=0xc00043bc04*=0x0, lpOverlapped=0x0) returned 1 [0143.373] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0144.012] CloseHandle (hObject=0x70c) returned 1 [0144.012] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0144.013] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dlkfd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dlkfd.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x70c [0144.014] GetConsoleMode (in: hConsoleHandle=0x70c, lpMode=0xc00043bd04 | out: lpMode=0xc00043bd04) returned 0 [0144.030] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0144.747] GetFileType (hFile=0x70c) returned 0x1 [0144.747] WriteFile (in: hFile=0x70c, lpBuffer=0xc000742000*, nNumberOfBytesToWrite=0xa10, lpNumberOfBytesWritten=0xc00043bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000742000*, lpNumberOfBytesWritten=0xc00043bcec*=0xa10, lpOverlapped=0x0) returned 1 [0144.749] CloseHandle (hObject=0x70c) returned 1 [0144.749] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0144.749] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0144.750] VirtualAlloc (lpAddress=0xc000126000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000126000 [0144.751] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dlkfd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dlkfd.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x70c [0144.752] GetConsoleMode (in: hConsoleHandle=0x70c, lpMode=0xc00043bd64 | out: lpMode=0xc00043bd64) returned 0 [0144.752] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0145.548] GetFileType (hFile=0x70c) returned 0x1 [0145.548] WriteFile (in: hFile=0x70c, lpBuffer=0xc000290580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00043bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290580*, lpNumberOfBytesWritten=0xc00043bd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.549] CloseHandle (hObject=0x70c) returned 1 [0145.555] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\dlkfd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\dlkfd.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-dlkfd.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-dlkfd.lnk"), dwFlags=0x1) returned 1 [0148.143] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002db818, lpReserved=0x0 | out: lpBuffer=0xc0005861d8*, lpNumberOfCharsWritten=0xc0002db818*=0x4) returned 1 [0148.144] SetEvent (hEvent=0xab8) returned 1 [0148.144] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586210*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003b7818, lpReserved=0x0 | out: lpBuffer=0xc000586210*, lpNumberOfCharsWritten=0xc0003b7818*=0x4) returned 1 [0148.145] SetEvent (hEvent=0xab8) returned 1 [0148.145] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206080*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001a1818, lpReserved=0x0 | out: lpBuffer=0xc000206080*, lpNumberOfCharsWritten=0xc0001a1818*=0x4) returned 1 [0148.146] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0148.149] SetEvent (hEvent=0x28c) returned 1 [0148.150] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0148.153] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100f0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000487818, lpReserved=0x0 | out: lpBuffer=0xc0000100f0*, lpNumberOfCharsWritten=0xc000487818*=0x4) returned 1 [0148.154] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000100f8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000259818, lpReserved=0x0 | out: lpBuffer=0xc0000100f8*, lpNumberOfCharsWritten=0xc000259818*=0x4) returned 1 [0148.155] SetEvent (hEvent=0x1b4) returned 1 [0148.155] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861e8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001e5818, lpReserved=0x0 | out: lpBuffer=0xc0005861e8*, lpNumberOfCharsWritten=0xc0001e5818*=0x4) returned 1 [0148.156] SetEvent (hEvent=0x1b4) returned 1 [0148.156] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586220*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000477818, lpReserved=0x0 | out: lpBuffer=0xc000586220*, lpNumberOfCharsWritten=0xc000477818*=0x4) returned 1 [0148.157] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0148.160] SetEvent (hEvent=0x28c) returned 1 [0148.160] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0148.165] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586210*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00042f818, lpReserved=0x0 | out: lpBuffer=0xc000586210*, lpNumberOfCharsWritten=0xc00042f818*=0x4) returned 1 [0148.166] SetEvent (hEvent=0x43c) returned 1 [0148.166] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586218*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003e5818, lpReserved=0x0 | out: lpBuffer=0xc000586218*, lpNumberOfCharsWritten=0xc0003e5818*=0x4) returned 1 [0148.168] SetEvent (hEvent=0x43c) returned 1 [0148.168] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206080*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003f5818, lpReserved=0x0 | out: lpBuffer=0xc000206080*, lpNumberOfCharsWritten=0xc0003f5818*=0x4) returned 1 [0148.169] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0148.173] SetEvent (hEvent=0x1b4) returned 1 [0148.173] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586220*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000399818, lpReserved=0x0 | out: lpBuffer=0xc000586220*, lpNumberOfCharsWritten=0xc000399818*=0x4) returned 1 [0148.175] SetEvent (hEvent=0x1b4) returned 1 [0148.175] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586228*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00022b818, lpReserved=0x0 | out: lpBuffer=0xc000586228*, lpNumberOfCharsWritten=0xc00022b818*=0x4) returned 1 [0148.176] SetEvent (hEvent=0x1b4) returned 1 [0148.176] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586280*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00012f818, lpReserved=0x0 | out: lpBuffer=0xc000586280*, lpNumberOfCharsWritten=0xc00012f818*=0x4) returned 1 [0148.177] SetEvent (hEvent=0x1b4) returned 1 [0148.177] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586288*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001e3818, lpReserved=0x0 | out: lpBuffer=0xc000586288*, lpNumberOfCharsWritten=0xc0001e3818*=0x4) returned 1 [0148.178] SetEvent (hEvent=0x1b4) returned 1 [0148.179] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000449818, lpReserved=0x0 | out: lpBuffer=0xc0005862c0*, lpNumberOfCharsWritten=0xc000449818*=0x4) returned 1 [0148.179] SetEvent (hEvent=0x1b4) returned 1 [0148.179] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862c8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000433818, lpReserved=0x0 | out: lpBuffer=0xc0005862c8*, lpNumberOfCharsWritten=0xc000433818*=0x4) returned 1 [0148.180] SetEvent (hEvent=0x1b4) returned 1 [0148.180] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003a1818, lpReserved=0x0 | out: lpBuffer=0xc0005862d0*, lpNumberOfCharsWritten=0xc0003a1818*=0x4) returned 1 [0148.180] SetEvent (hEvent=0x1b4) returned 1 [0148.180] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000417818, lpReserved=0x0 | out: lpBuffer=0xc0005862d8*, lpNumberOfCharsWritten=0xc000417818*=0x4) returned 1 [0148.181] SetEvent (hEvent=0x1b4) returned 1 [0148.181] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003f1818, lpReserved=0x0 | out: lpBuffer=0xc0005862e0*, lpNumberOfCharsWritten=0xc0003f1818*=0x4) returned 1 [0148.182] SetEvent (hEvent=0x1b4) returned 1 [0148.182] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862e8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000201818, lpReserved=0x0 | out: lpBuffer=0xc0005862e8*, lpNumberOfCharsWritten=0xc000201818*=0x4) returned 1 [0148.182] SetEvent (hEvent=0x1b4) returned 1 [0148.182] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862f0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00014d818, lpReserved=0x0 | out: lpBuffer=0xc0005862f0*, lpNumberOfCharsWritten=0xc00014d818*=0x4) returned 1 [0148.183] SetEvent (hEvent=0x1b4) returned 1 [0148.183] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005862f8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000191818, lpReserved=0x0 | out: lpBuffer=0xc0005862f8*, lpNumberOfCharsWritten=0xc000191818*=0x4) returned 1 [0148.183] SetEvent (hEvent=0x1b4) returned 1 [0148.183] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586300*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000497818, lpReserved=0x0 | out: lpBuffer=0xc000586300*, lpNumberOfCharsWritten=0xc000497818*=0x4) returned 1 [0148.184] SetEvent (hEvent=0x1b4) returned 1 [0148.184] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586308*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000159818, lpReserved=0x0 | out: lpBuffer=0xc000586308*, lpNumberOfCharsWritten=0xc000159818*=0x4) returned 1 [0148.184] SetEvent (hEvent=0x1b4) returned 1 [0148.185] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586310*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000149818, lpReserved=0x0 | out: lpBuffer=0xc000586310*, lpNumberOfCharsWritten=0xc000149818*=0x4) returned 1 [0148.185] SetEvent (hEvent=0x1b4) returned 1 [0148.185] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d2000*, nNumberOfCharsToWrite=0x84, lpNumberOfCharsWritten=0xc00022f808, lpReserved=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfCharsWritten=0xc00022f808*=0x84) returned 1 [0148.186] SetEvent (hEvent=0x1b4) returned 1 [0148.186] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0148.187] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x524 [0148.187] GetConsoleMode (in: hConsoleHandle=0x524, lpMode=0xc00022fd64 | out: lpMode=0xc00022fd64) returned 0 [0148.188] GetFileType (hFile=0x524) returned 0x1 [0148.188] WriteFile (in: hFile=0x524, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc00022fd4c*=0x158, lpOverlapped=0x0) returned 1 [0148.843] CloseHandle (hObject=0x524) returned 1 [0149.234] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0149.235] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0149.237] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x3a4, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3993f968, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3993f968*=0x70c) returned 1 [0149.237] SuspendThread (hThread=0x70c) returned 0x0 [0149.237] GetThreadContext (in: hThread=0x70c, lpContext=0x3993f980 | out: lpContext=0x3993f980*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x10202, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x2e29fe68, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x461683, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0149.238] ResumeThread (hThread=0x70c) returned 0x1 [0149.238] CloseHandle (hObject=0x70c) returned 1 [0149.238] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3993fe30*=0xac8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0149.310] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0149.310] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3993f698, ulCount=0x10, ulNumEntriesRemoved=0x3993f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3993f698, ulNumEntriesRemoved=0x3993f66c) returned 0 [0149.310] SetEvent (hEvent=0xc0) returned 1 [0149.310] SetEvent (hEvent=0x3c4) returned 1 [0149.310] VirtualAlloc (lpAddress=0xc0006ce000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006ce000 [0149.312] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\encry-Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0150.845] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.846] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.847] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.848] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.849] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0150.851] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0150.852] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\permissions.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-permissions.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-permissions.sqlite"), dwFlags=0x1) returned 1 [0152.125] SetEvent (hEvent=0xa50) returned 1 [0152.125] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0161.467] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0161.470] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0161.472] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0161.473] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0161.474] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0161.485] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0161.486] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0161.488] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0161.498] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0161.501] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0161.506] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0161.508] SetEvent (hEvent=0xae0) returned 1 [0161.508] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000dc240*, nNumberOfCharsToWrite=0x43, lpNumberOfCharsWritten=0xc0002e7808, lpReserved=0x0 | out: lpBuffer=0xc0000dc240*, lpNumberOfCharsWritten=0xc0002e7808*=0x43) returned 1 [0161.509] SetEvent (hEvent=0xae0) returned 1 [0161.509] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0161.511] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0161.512] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0161.513] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.107] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0xc0002e7a08 | out: lpFindFileData=0xc0002e7a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.107] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002e7720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.107] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0162.264] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0162.265] SetEvent (hEvent=0x988) returned 1 [0162.265] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0162.266] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) returned 0x0 [0162.270] WaitForSingleObject (hHandle=0xac8, dwMilliseconds=0xffffffff) Thread: id = 151 os_tid = 0xaa0 [0142.113] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x39b3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x39b3fea0*=0x6fc) returned 1 [0142.114] VirtualQuery (in: lpAddress=0x39b3fec0, lpBuffer=0x39b3fec0, dwLength=0x30 | out: lpBuffer=0x39b3fec0*(BaseAddress=0x39b3f000, AllocationBase=0x39940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.114] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x710 [0142.114] GetConsoleMode (in: hConsoleHandle=0x710, lpMode=0xc0003bdcf4 | out: lpMode=0xc0003bdcf4) returned 0 [0142.115] GetFileType (hFile=0x710) returned 0x1 [0142.115] GetFileType (hFile=0x710) returned 0x1 [0142.116] GetFileInformationByHandle (in: hFile=0x710, lpFileInformation=0xc0003bdd44 | out: lpFileInformation=0xc0003bdd44) returned 1 [0142.116] GetFileInformationByHandleEx (in: hFile=0x710, FileInformationClass=0x9, lpFileInformation=0xc0003bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003bdd28) returned 1 [0142.116] ReadFile (in: hFile=0x710, lpBuffer=0xc00050a800, nNumberOfBytesToRead=0x74f, lpNumberOfBytesRead=0xc0003bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00050a800*, lpNumberOfBytesRead=0xc0003bdc04*=0x54f, lpOverlapped=0x0) returned 1 [0142.749] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xad0 [0142.749] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xad4 [0142.749] WaitForSingleObject (hHandle=0xad0, dwMilliseconds=0xffffffff) returned 0x0 [0143.382] ReadFile (in: hFile=0x710, lpBuffer=0xc00050ad4f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00050ad4f*, lpNumberOfBytesRead=0xc0003bdc04*=0x0, lpOverlapped=0x0) returned 1 [0143.382] CloseHandle (hObject=0x710) returned 1 [0143.382] VirtualAlloc (lpAddress=0xc000666000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000666000 [0143.383] VirtualAlloc (lpAddress=0xc000668000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000668000 [0143.384] VirtualAlloc (lpAddress=0xc00066a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00066a000 [0143.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Pictures.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my pictures.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x710 [0143.386] GetConsoleMode (in: hConsoleHandle=0x710, lpMode=0xc0003bdd04 | out: lpMode=0xc0003bdd04) returned 0 [0143.389] WaitForSingleObject (hHandle=0xad0, dwMilliseconds=0xffffffff) returned 0x0 [0144.037] SetEvent (hEvent=0xb80) returned 1 [0144.037] WaitForSingleObject (hHandle=0xad0, dwMilliseconds=0xffffffff) returned 0x0 [0144.039] SetEvent (hEvent=0x2b0) returned 1 [0144.039] WaitForSingleObject (hHandle=0xad0, dwMilliseconds=0xffffffff) Thread: id = 152 os_tid = 0xc04 [0142.116] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x39d3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x39d3fea0*=0x718) returned 1 [0142.116] VirtualQuery (in: lpAddress=0x39d3fec0, lpBuffer=0x39d3fec0, dwLength=0x30 | out: lpBuffer=0x39d3fec0*(BaseAddress=0x39d3f000, AllocationBase=0x39b40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.116] VirtualAlloc (lpAddress=0xc000376000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000376000 [0142.117] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_A5x CK.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_a5x ck.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x71c [0142.118] GetConsoleMode (in: hConsoleHandle=0x71c, lpMode=0xc000425cf4 | out: lpMode=0xc000425cf4) returned 0 [0142.120] GetFileType (hFile=0x71c) returned 0x1 [0142.120] GetFileType (hFile=0x71c) returned 0x1 [0142.120] GetFileInformationByHandle (in: hFile=0x71c, lpFileInformation=0xc000425d44 | out: lpFileInformation=0xc000425d44) returned 1 [0142.120] GetFileInformationByHandleEx (in: hFile=0x71c, FileInformationClass=0x9, lpFileInformation=0xc000425d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000425d28) returned 1 [0142.120] VirtualAlloc (lpAddress=0xc000378000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000378000 [0142.121] ReadFile (in: hFile=0x71c, lpBuffer=0xc000378000, nNumberOfBytesToRead=0x1b66, lpNumberOfBytesRead=0xc000425c04, lpOverlapped=0x0 | out: lpBuffer=0xc000378000*, lpNumberOfBytesRead=0xc000425c04*=0x1966, lpOverlapped=0x0) returned 1 [0142.751] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xad8 [0142.751] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xadc [0142.751] WaitForSingleObject (hHandle=0xad8, dwMilliseconds=0xffffffff) returned 0x0 [0143.398] ReadFile (in: hFile=0x71c, lpBuffer=0xc000379966, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000425c04, lpOverlapped=0x0 | out: lpBuffer=0xc000379966*, lpNumberOfBytesRead=0xc000425c04*=0x0, lpOverlapped=0x0) returned 1 [0143.398] CloseHandle (hObject=0x71c) returned 1 [0143.398] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_A5x CK.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_a5x ck.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x71c [0143.399] GetConsoleMode (in: hConsoleHandle=0x71c, lpMode=0xc000425d04 | out: lpMode=0xc000425d04) returned 0 [0143.406] GetFileType (hFile=0x71c) returned 0x1 [0143.406] WriteFile (in: hFile=0x71c, lpBuffer=0xc000512600*, nNumberOfBytesToWrite=0x1970, lpNumberOfBytesWritten=0xc000425cec, lpOverlapped=0x0 | out: lpBuffer=0xc000512600*, lpNumberOfBytesWritten=0xc000425cec*=0x1970, lpOverlapped=0x0) returned 1 [0143.408] CloseHandle (hObject=0x71c) returned 1 [0143.408] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b101 | out: pbBuffer=0xc00031b101) returned 1 [0143.408] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_A5x CK.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_a5x ck.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x71c [0143.409] GetConsoleMode (in: hConsoleHandle=0x71c, lpMode=0xc000425d64 | out: lpMode=0xc000425d64) returned 0 [0143.418] WaitForSingleObject (hHandle=0xad8, dwMilliseconds=0xffffffff) returned 0x0 [0144.079] GetFileType (hFile=0x71c) returned 0x1 [0144.080] WriteFile (in: hFile=0x71c, lpBuffer=0xc000615760*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000425d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000615760*, lpNumberOfBytesWritten=0xc000425d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.080] CloseHandle (hObject=0x71c) returned 1 [0144.080] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_A5x CK.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_a5x ck.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-_A5x CK.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-_a5x ck.lnk"), dwFlags=0x1) returned 1 [0144.082] SetEvent (hEvent=0x930) returned 1 [0144.082] WaitForSingleObject (hHandle=0xad8, dwMilliseconds=0xffffffff) Thread: id = 153 os_tid = 0xc08 [0142.122] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x39f3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x39f3fea0*=0x714) returned 1 [0142.122] VirtualQuery (in: lpAddress=0x39f3fec0, lpBuffer=0x39f3fec0, dwLength=0x30 | out: lpBuffer=0x39f3fec0*(BaseAddress=0x39f3f000, AllocationBase=0x39d40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jpeHTkf.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jpehtkf.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x720 [0142.123] GetConsoleMode (in: hConsoleHandle=0x720, lpMode=0xc00044bcf4 | out: lpMode=0xc00044bcf4) returned 0 [0142.124] GetFileType (hFile=0x720) returned 0x1 [0142.124] GetFileType (hFile=0x720) returned 0x1 [0142.124] GetFileInformationByHandle (in: hFile=0x720, lpFileInformation=0xc00044bd44 | out: lpFileInformation=0xc00044bd44) returned 1 [0142.124] GetFileInformationByHandleEx (in: hFile=0x720, FileInformationClass=0x9, lpFileInformation=0xc00044bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00044bd28) returned 1 [0142.124] ReadFile (in: hFile=0x720, lpBuffer=0xc000198d80, nNumberOfBytesToRead=0x432, lpNumberOfBytesRead=0xc00044bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000198d80*, lpNumberOfBytesRead=0xc00044bc04*=0x232, lpOverlapped=0x0) returned 1 [0142.753] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xae0 [0142.753] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xae4 [0142.753] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0143.426] ReadFile (in: hFile=0x720, lpBuffer=0xc000198fb2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00044bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000198fb2*, lpNumberOfBytesRead=0xc00044bc04*=0x0, lpOverlapped=0x0) returned 1 [0143.426] CloseHandle (hObject=0x720) returned 1 [0143.427] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jpeHTkf.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jpehtkf.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x720 [0143.428] GetConsoleMode (in: hConsoleHandle=0x720, lpMode=0xc00044bd04 | out: lpMode=0xc00044bd04) returned 0 [0143.431] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0144.111] SetEvent (hEvent=0xc0) returned 1 [0144.111] SetEvent (hEvent=0x324) returned 1 [0144.111] GetFileType (hFile=0x720) returned 0x1 [0144.111] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0144.516] WriteFile (in: hFile=0x720, lpBuffer=0xc000288d80*, nNumberOfBytesToWrite=0x240, lpNumberOfBytesWritten=0xc00044bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000288d80*, lpNumberOfBytesWritten=0xc00044bcec*=0x240, lpOverlapped=0x0) returned 1 [0144.517] CloseHandle (hObject=0x720) returned 1 [0144.517] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b301 | out: pbBuffer=0xc00031b301) returned 1 [0144.517] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\jpeHTkf.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\jpehtkf.flv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x720 [0144.517] GetConsoleMode (in: hConsoleHandle=0x720, lpMode=0xc00044bd64 | out: lpMode=0xc00044bd64) returned 0 [0144.526] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0144.795] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0144.798] SetEvent (hEvent=0x8f8) returned 1 [0144.799] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0144.820] SetEvent (hEvent=0x3c4) returned 1 [0144.820] SetEvent (hEvent=0xbf0) returned 1 [0144.821] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0144.823] SetEvent (hEvent=0x3c4) returned 1 [0144.823] SetEvent (hEvent=0x108) returned 1 [0144.823] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0144.827] SetEvent (hEvent=0x3c4) returned 1 [0144.827] SetEvent (hEvent=0xb28) returned 1 [0144.827] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0144.864] SetEvent (hEvent=0xb58) returned 1 [0144.864] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0144.866] SetEvent (hEvent=0xc64) returned 1 [0144.866] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0144.868] SetEvent (hEvent=0xa80) returned 1 [0144.868] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0144.872] VirtualFree (lpAddress=0xc0007d6000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0144.873] VirtualFree (lpAddress=0xc0006fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.874] VirtualFree (lpAddress=0xc0006d6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.874] VirtualFree (lpAddress=0xc000678000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.875] VirtualFree (lpAddress=0xc000652000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.876] VirtualFree (lpAddress=0xc00047e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.877] VirtualFree (lpAddress=0xc000234000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0144.878] VirtualFree (lpAddress=0xc000230000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.880] VirtualFree (lpAddress=0xc000218000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.881] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.882] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.883] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.884] SetEvent (hEvent=0x274) returned 1 [0144.884] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0144.886] SetEvent (hEvent=0x8b8) returned 1 [0144.886] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0144.902] SetEvent (hEvent=0x254) returned 1 [0144.902] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0144.906] SetEvent (hEvent=0x254) returned 1 [0144.906] SetEvent (hEvent=0x898) returned 1 [0144.906] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0144.910] SetEvent (hEvent=0xc54) returned 1 [0144.910] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0144.916] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.917] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.917] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.918] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.919] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0144.919] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.920] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.921] VirtualFree (lpAddress=0xc000070000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.921] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.922] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.923] GetFileType (hFile=0x2bc) returned 0x1 [0144.923] WriteFile (in: hFile=0x2bc, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000159d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc000159d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.923] CloseHandle (hObject=0x2bc) returned 1 [0144.923] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0144.924] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\5p5nrgjn0js_halpmcxz@m.exactag[1].txt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\encry-5p5nrgjn0js_halpmcxz@m.exactag[1].txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\encry-5p5nrgjn0js_halpmcxz@m.exactag[1].txt"), dwFlags=0x1) returned 1 [0144.926] GetFileType (hFile=0x6a4) returned 0x1 [0144.926] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000198480*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0xc000469cec, lpOverlapped=0x0 | out: lpBuffer=0xc000198480*, lpNumberOfBytesWritten=0xc000469cec*=0x410, lpOverlapped=0x0) returned 1 [0144.927] CloseHandle (hObject=0x6a4) returned 1 [0144.931] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0145.563] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0145.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snAEk-WZcVK4W.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\snaek-wzcvk4w.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x588 [0145.563] GetConsoleMode (in: hConsoleHandle=0x588, lpMode=0xc000469d64 | out: lpMode=0xc000469d64) returned 0 [0145.570] GetFileType (hFile=0x588) returned 0x1 [0145.570] WriteFile (in: hFile=0x588, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000469d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc000469d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.570] CloseHandle (hObject=0x588) returned 1 [0145.578] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snAEk-WZcVK4W.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\snaek-wzcvk4w.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-snAEk-WZcVK4W.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-snaek-wzcvk4w.lnk"), dwFlags=0x1) returned 1 [0148.106] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0148.111] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000b6000*, nNumberOfCharsToWrite=0x102, lpNumberOfCharsWritten=0xc00024d808, lpReserved=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfCharsWritten=0xc00024d808*=0x102) returned 1 [0148.114] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0148.117] SetEvent (hEvent=0xbf0) returned 1 [0148.117] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0148.119] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003d9818, lpReserved=0x0 | out: lpBuffer=0xc0005861a8*, lpNumberOfCharsWritten=0xc0003d9818*=0x4) returned 1 [0148.121] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000393818, lpReserved=0x0 | out: lpBuffer=0xc0005861d0*, lpNumberOfCharsWritten=0xc000393818*=0x4) returned 1 [0148.122] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206068*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000045818, lpReserved=0x0 | out: lpBuffer=0xc000206068*, lpNumberOfCharsWritten=0xc000045818*=0x4) returned 1 [0148.123] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206080*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000485818, lpReserved=0x0 | out: lpBuffer=0xc000206080*, lpNumberOfCharsWritten=0xc000485818*=0x4) returned 1 [0148.127] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206088*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003dd818, lpReserved=0x0 | out: lpBuffer=0xc000206088*, lpNumberOfCharsWritten=0xc0003dd818*=0x4) returned 1 [0148.129] SetEvent (hEvent=0x9f0) returned 1 [0148.129] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002060a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000413818, lpReserved=0x0 | out: lpBuffer=0xc0002060a0*, lpNumberOfCharsWritten=0xc000413818*=0x4) returned 1 [0148.131] SetEvent (hEvent=0x9f0) returned 1 [0148.131] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002060a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000435818, lpReserved=0x0 | out: lpBuffer=0xc0002060a8*, lpNumberOfCharsWritten=0xc000435818*=0x4) returned 1 [0148.132] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0148.136] SetEvent (hEvent=0x9f0) returned 1 [0148.136] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010098*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003b3818, lpReserved=0x0 | out: lpBuffer=0xc000010098*, lpNumberOfCharsWritten=0xc0003b3818*=0x4) returned 1 [0148.137] SetEvent (hEvent=0x9f0) returned 1 [0148.137] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005861e0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000385818, lpReserved=0x0 | out: lpBuffer=0xc0005861e0*, lpNumberOfCharsWritten=0xc000385818*=0x4) returned 1 [0148.138] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0148.140] SetEvent (hEvent=0x28c) returned 1 [0148.140] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0148.143] SetEvent (hEvent=0x43c) returned 1 [0148.143] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0148.252] SetEvent (hEvent=0x9f0) returned 1 [0148.252] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010118*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000129818, lpReserved=0x0 | out: lpBuffer=0xc000010118*, lpNumberOfCharsWritten=0xc000129818*=0x4) returned 1 [0148.253] SetEvent (hEvent=0x9f0) returned 1 [0148.253] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010120*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000f5818, lpReserved=0x0 | out: lpBuffer=0xc000010120*, lpNumberOfCharsWritten=0xc0000f5818*=0x4) returned 1 [0148.255] SetEvent (hEvent=0x9f0) returned 1 [0148.255] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010128*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000273818, lpReserved=0x0 | out: lpBuffer=0xc000010128*, lpNumberOfCharsWritten=0xc000273818*=0x4) returned 1 [0148.255] SetEvent (hEvent=0x9f0) returned 1 [0148.256] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010130*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000453818, lpReserved=0x0 | out: lpBuffer=0xc000010130*, lpNumberOfCharsWritten=0xc000453818*=0x4) returned 1 [0148.257] SetEvent (hEvent=0x9f0) returned 1 [0148.257] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000050240*, nNumberOfCharsToWrite=0x8d, lpNumberOfCharsWritten=0xc00023f808, lpReserved=0x0 | out: lpBuffer=0xc000050240*, lpNumberOfCharsWritten=0xc00023f808*=0x8d) returned 1 [0148.258] SetEvent (hEvent=0x9f0) returned 1 [0148.258] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0148.259] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0148.260] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2cc [0148.260] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00023fd64 | out: lpMode=0xc00023fd64) returned 0 [0148.261] GetFileType (hFile=0x2cc) returned 0x1 [0148.261] WriteFile (in: hFile=0x2cc, lpBuffer=0xc00007e6e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00023fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e6e0*, lpNumberOfBytesWritten=0xc00023fd4c*=0x158, lpOverlapped=0x0) returned 1 [0149.239] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0149.349] CloseHandle (hObject=0x2cc) returned 1 [0149.380] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0150.843] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0150.854] SetEvent (hEvent=0xb50) returned 1 [0150.854] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0150.956] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0150.971] SwitchToThread () returned 1 [0151.015] SetEvent (hEvent=0xb50) returned 1 [0151.015] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0151.018] SetEvent (hEvent=0x274) returned 1 [0151.018] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0151.028] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0151.030] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0151.031] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0151.032] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0151.034] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\gq8bXea9Vy.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\gq8bxea9vy.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x494 [0151.035] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc000485cf4 | out: lpMode=0xc000485cf4) returned 0 [0151.039] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0151.418] GetFileType (hFile=0x494) returned 0x1 [0151.418] GetFileType (hFile=0x494) returned 0x1 [0151.418] GetFileInformationByHandle (in: hFile=0x494, lpFileInformation=0xc000485d44 | out: lpFileInformation=0xc000485d44) returned 1 [0151.418] GetFileInformationByHandleEx (in: hFile=0x494, FileInformationClass=0x9, lpFileInformation=0xc000485d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000485d28) returned 1 [0151.418] VirtualAlloc (lpAddress=0xc0004e0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004e0000 [0151.421] ReadFile (in: hFile=0x494, lpBuffer=0xc0004e0000, nNumberOfBytesToRead=0xfdbd, lpNumberOfBytesRead=0xc000485c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004e0000*, lpNumberOfBytesRead=0xc000485c04*=0xfbbd, lpOverlapped=0x0) returned 1 [0151.423] ReadFile (in: hFile=0x494, lpBuffer=0xc0004efbbd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000485c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004efbbd*, lpNumberOfBytesRead=0xc000485c04*=0x0, lpOverlapped=0x0) returned 1 [0151.423] CloseHandle (hObject=0x494) returned 1 [0151.423] VirtualAlloc (lpAddress=0xc0004f0000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004f0000 [0151.426] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\gq8bXea9Vy.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\gq8bxea9vy.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494 [0151.428] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc000485d04 | out: lpMode=0xc000485d04) returned 0 [0151.432] GetFileType (hFile=0x494) returned 0x1 [0151.432] WriteFile (in: hFile=0x494, lpBuffer=0xc0004f0000*, nNumberOfBytesToWrite=0xfbc0, lpNumberOfBytesWritten=0xc000485cec, lpOverlapped=0x0 | out: lpBuffer=0xc0004f0000*, lpNumberOfBytesWritten=0xc000485cec*=0xfbc0, lpOverlapped=0x0) returned 1 [0151.435] CloseHandle (hObject=0x494) returned 1 [0151.435] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0151.435] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\gq8bXea9Vy.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\gq8bxea9vy.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494 [0151.435] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc000485d64 | out: lpMode=0xc000485d64) returned 0 [0151.453] GetFileType (hFile=0x494) returned 0x1 [0151.453] WriteFile (in: hFile=0x494, lpBuffer=0xc0001049a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000485d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001049a0*, lpNumberOfBytesWritten=0xc000485d4c*=0x158, lpOverlapped=0x0) returned 1 [0151.454] CloseHandle (hObject=0x494) returned 1 [0151.454] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\gq8bXea9Vy.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\gq8bxea9vy.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\encry-gq8bXea9Vy.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\encry-gq8bxea9vy.mp3"), dwFlags=0x1) returned 1 [0151.456] SetEvent (hEvent=0xab8) returned 1 [0151.456] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0151.465] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x494 [0151.466] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc00022dcf4 | out: lpMode=0xc00022dcf4) returned 0 [0151.469] GetFileType (hFile=0x494) returned 0x1 [0151.469] GetFileType (hFile=0x494) returned 0x1 [0151.469] GetFileInformationByHandle (in: hFile=0x494, lpFileInformation=0xc00022dd44 | out: lpFileInformation=0xc00022dd44) returned 1 [0151.469] GetFileInformationByHandleEx (in: hFile=0x494, FileInformationClass=0x9, lpFileInformation=0xc00022dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022dd28) returned 1 [0151.469] ReadFile (in: hFile=0x494, lpBuffer=0xc00005c000, nNumberOfBytesToRead=0x250, lpNumberOfBytesRead=0xc00022dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005c000*, lpNumberOfBytesRead=0xc00022dc04*=0x50, lpOverlapped=0x0) returned 1 [0151.471] ReadFile (in: hFile=0x494, lpBuffer=0xc00005c050, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005c050*, lpNumberOfBytesRead=0xc00022dc04*=0x0, lpOverlapped=0x0) returned 1 [0151.471] CloseHandle (hObject=0x494) returned 1 [0151.472] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.472] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini\\*", lpFindFileData=0xc00022da08 | out: lpFindFileData=0xc00022da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0151.472] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00022d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0151.472] SetEvent (hEvent=0xb40) returned 1 [0151.472] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0151.526] SetEvent (hEvent=0xa68) returned 1 [0151.526] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\4rI99TmpDHL6.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\4ri99tmpdhl6.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x474 [0151.527] GetConsoleMode (in: hConsoleHandle=0x474, lpMode=0xc00020dcf4 | out: lpMode=0xc00020dcf4) returned 0 [0151.553] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0152.083] GetFileType (hFile=0x474) returned 0x1 [0152.083] GetFileType (hFile=0x474) returned 0x1 [0152.083] GetFileInformationByHandle (in: hFile=0x474, lpFileInformation=0xc00020dd44 | out: lpFileInformation=0xc00020dd44) returned 1 [0152.083] GetFileInformationByHandleEx (in: hFile=0x474, FileInformationClass=0x9, lpFileInformation=0xc00020dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020dd28) returned 1 [0152.083] VirtualAlloc (lpAddress=0xc0004cc000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004cc000 [0152.089] ReadFile (in: hFile=0x474, lpBuffer=0xc0004cc000, nNumberOfBytesToRead=0xb74f, lpNumberOfBytesRead=0xc00020dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004cc000*, lpNumberOfBytesRead=0xc00020dc04*=0xb54f, lpOverlapped=0x0) returned 1 [0152.091] ReadFile (in: hFile=0x474, lpBuffer=0xc0004d754f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004d754f*, lpNumberOfBytesRead=0xc00020dc04*=0x0, lpOverlapped=0x0) returned 1 [0152.091] CloseHandle (hObject=0x474) returned 1 [0152.091] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0152.092] VirtualAlloc (lpAddress=0xc000542000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0152.095] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\4rI99TmpDHL6.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\4ri99tmpdhl6.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x474 [0152.098] GetConsoleMode (in: hConsoleHandle=0x474, lpMode=0xc00020dd04 | out: lpMode=0xc00020dd04) returned 0 [0152.104] GetFileType (hFile=0x474) returned 0x1 [0152.104] WriteFile (in: hFile=0x474, lpBuffer=0xc000542000*, nNumberOfBytesToWrite=0xb550, lpNumberOfBytesWritten=0xc00020dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesWritten=0xc00020dcec*=0xb550, lpOverlapped=0x0) returned 1 [0152.107] CloseHandle (hObject=0x474) returned 1 [0152.108] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533501 | out: pbBuffer=0xc000533501) returned 1 [0152.108] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0152.109] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\4rI99TmpDHL6.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\4ri99tmpdhl6.pdf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x474 [0152.109] GetConsoleMode (in: hConsoleHandle=0x474, lpMode=0xc00020dd64 | out: lpMode=0xc00020dd64) returned 0 [0152.118] GetFileType (hFile=0x474) returned 0x1 [0152.118] WriteFile (in: hFile=0x474, lpBuffer=0xc0000d7340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7340*, lpNumberOfBytesWritten=0xc00020dd4c*=0x158, lpOverlapped=0x0) returned 1 [0152.119] CloseHandle (hObject=0x474) returned 1 [0152.119] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0152.121] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\4rI99TmpDHL6.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\4ri99tmpdhl6.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\encry-4rI99TmpDHL6.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\encry-4ri99tmpdhl6.pdf"), dwFlags=0x1) returned 1 [0152.123] SetEvent (hEvent=0x354) returned 1 [0152.123] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0161.488] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0161.491] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0161.492] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0161.494] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0161.496] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0161.498] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0161.501] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0161.503] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0161.504] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0161.505] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0161.509] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0161.514] SetEvent (hEvent=0x988) returned 1 [0161.514] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000000600*, nNumberOfCharsToWrite=0x7f, lpNumberOfCharsWritten=0xc0002e9808, lpReserved=0x0 | out: lpBuffer=0xc000000600*, lpNumberOfCharsWritten=0xc0002e9808*=0x7f) returned 1 [0161.516] SetEvent (hEvent=0x988) returned 1 [0161.516] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0161.517] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0161.519] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.107] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT\\*", lpFindFileData=0xc0002e9a08 | out: lpFindFileData=0xc0002e9a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.107] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002e9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.107] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0162.264] SetEvent (hEvent=0xa48) returned 1 [0162.264] SetEvent (hEvent=0xac8) returned 1 [0162.264] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x67c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x39f3f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x39f3f928*=0x874) returned 1 [0162.264] SuspendThread (hThread=0x874) returned 0x0 [0162.265] GetThreadContext (in: hThread=0x874, lpContext=0x39f3f940 | out: lpContext=0x39f3f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x37d3fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0162.265] ResumeThread (hThread=0x874) returned 0x1 [0162.265] CloseHandle (hObject=0x874) returned 1 [0162.265] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x67c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x39f3f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x39f3f928*=0x874) returned 1 [0162.265] SuspendThread (hThread=0x874) returned 0x0 [0162.266] GetThreadContext (in: hThread=0x874, lpContext=0x39f3f940 | out: lpContext=0x39f3f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x37d3fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0162.266] ResumeThread (hThread=0x874) returned 0x1 [0162.266] CloseHandle (hObject=0x874) returned 1 [0162.266] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x67c, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x39f3f928, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x39f3f928*=0x874) returned 1 [0162.266] SuspendThread (hThread=0x874) returned 0x0 [0162.267] GetThreadContext (in: hThread=0x874, lpContext=0x39f3f940 | out: lpContext=0x39f3f940*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x37d3fb08, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab18ca, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0162.267] ResumeThread (hThread=0x874) returned 0x1 [0162.267] CloseHandle (hObject=0x874) returned 1 [0162.267] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0162.268] SetEvent (hEvent=0xa48) returned 1 [0162.268] SetEvent (hEvent=0xac8) returned 1 [0162.268] VirtualFree (lpAddress=0xc000446000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.269] SwitchToThread () returned 1 [0162.433] SetEvent (hEvent=0xc0c) returned 1 [0162.434] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0162.438] SetEvent (hEvent=0xc0c) returned 1 [0162.438] SetEvent (hEvent=0xa20) returned 1 [0162.593] SetEvent (hEvent=0xc64) returned 1 [0162.601] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0162.702] SetEvent (hEvent=0xc0c) returned 1 [0162.702] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0162.753] GetFileType (hFile=0x2e4) returned 0x1 [0162.753] GetFileType (hFile=0x2e4) returned 0x1 [0162.753] GetFileInformationByHandle (in: hFile=0x2e4, lpFileInformation=0xc00012bd44 | out: lpFileInformation=0xc00012bd44) returned 1 [0162.753] GetFileInformationByHandleEx (in: hFile=0x2e4, FileInformationClass=0x9, lpFileInformation=0xc00012bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00012bd28) returned 1 [0162.753] VirtualAlloc (lpAddress=0xc000690000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000690000 [0162.757] ReadFile (in: hFile=0x2e4, lpBuffer=0xc000690000, nNumberOfBytesToRead=0x5415, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000690000*, lpNumberOfBytesRead=0xc00012bc04*=0x5215, lpOverlapped=0x0) returned 1 [0162.759] ReadFile (in: hFile=0x2e4, lpBuffer=0xc000695215, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00012bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000695215*, lpNumberOfBytesRead=0xc00012bc04*=0x0, lpOverlapped=0x0) returned 1 [0162.759] CloseHandle (hObject=0x2e4) returned 1 [0162.759] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\ed_BIDg3.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ed_bidg3.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0162.761] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc00012bd04 | out: lpMode=0xc00012bd04) returned 0 [0162.924] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0162.929] GetFileType (hFile=0x2e4) returned 0x1 [0162.929] WriteFile (in: hFile=0x2e4, lpBuffer=0xc000695500*, nNumberOfBytesToWrite=0x5220, lpNumberOfBytesWritten=0xc00012bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000695500*, lpNumberOfBytesWritten=0xc00012bcec*=0x5220, lpOverlapped=0x0) returned 1 [0162.931] CloseHandle (hObject=0x2e4) returned 1 [0162.931] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0162.931] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\ed_BIDg3.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ed_bidg3.wav"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0162.931] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc00012bd64 | out: lpMode=0xc00012bd64) returned 0 [0162.934] GetFileType (hFile=0x2e4) returned 0x1 [0162.934] WriteFile (in: hFile=0x2e4, lpBuffer=0xc000318000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00012bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000318000*, lpNumberOfBytesWritten=0xc00012bd4c*=0x158, lpOverlapped=0x0) returned 1 [0162.934] CloseHandle (hObject=0x2e4) returned 1 [0162.934] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\ed_BIDg3.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\ed_bidg3.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\encry-ed_BIDg3.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\encry-ed_bidg3.wav"), dwFlags=0x1) returned 1 [0162.936] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0162.970] SetEvent (hEvent=0xa8) returned 1 [0162.970] SwitchToThread () returned 1 [0162.983] GetFileType (hFile=0x720) returned 0x1 [0162.983] WriteFile (in: hFile=0x720, lpBuffer=0xc000318160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002cdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000318160*, lpNumberOfBytesWritten=0xc0002cdd4c*=0x158, lpOverlapped=0x0) returned 1 [0162.983] CloseHandle (hObject=0x720) returned 1 [0162.984] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\ritr.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\ritr.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\encry-ritr.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\encry-ritr.mp3"), dwFlags=0x1) returned 1 [0162.985] GetFileType (hFile=0x678) returned 0x1 [0162.985] WriteFile (in: hFile=0x678, lpBuffer=0xc0003182c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000521d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0003182c0*, lpNumberOfBytesWritten=0xc000521d4c*=0x158, lpOverlapped=0x0) returned 1 [0162.986] CloseHandle (hObject=0x678) returned 1 [0162.986] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0162.987] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-ntuser.ini"), dwFlags=0x1) returned 1 [0162.989] GetFileType (hFile=0x5c4) returned 0x1 [0162.989] GetFileType (hFile=0x5c4) returned 0x1 [0162.989] GetFileInformationByHandle (in: hFile=0x5c4, lpFileInformation=0xc0002cbd44 | out: lpFileInformation=0xc0002cbd44) returned 1 [0162.989] GetFileInformationByHandleEx (in: hFile=0x5c4, FileInformationClass=0x9, lpFileInformation=0xc0002cbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002cbd28) returned 1 [0162.989] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0162.990] VirtualAlloc (lpAddress=0xc000722000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000722000 [0162.995] ReadFile (in: hFile=0x5c4, lpBuffer=0xc000722000, nNumberOfBytesToRead=0x17200, lpNumberOfBytesRead=0xc0002cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000722000*, lpNumberOfBytesRead=0xc0002cbc04*=0x17000, lpOverlapped=0x0) returned 1 [0162.998] ReadFile (in: hFile=0x5c4, lpBuffer=0xc000739000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000739000*, lpNumberOfBytesRead=0xc0002cbc04*=0x0, lpOverlapped=0x0) returned 1 [0162.998] CloseHandle (hObject=0x5c4) returned 1 [0162.998] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0162.999] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0163.000] VirtualAlloc (lpAddress=0xc000778000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000778000 [0163.005] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\hvX0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\hvx0.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0163.009] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0002cbd04 | out: lpMode=0xc0002cbd04) returned 0 [0163.023] GetFileType (hFile=0x5c4) returned 0x1 [0163.023] WriteFile (in: hFile=0x5c4, lpBuffer=0xc000778000*, nNumberOfBytesToWrite=0x17010, lpNumberOfBytesWritten=0xc0002cbcec, lpOverlapped=0x0 | out: lpBuffer=0xc000778000*, lpNumberOfBytesWritten=0xc0002cbcec*=0x17010, lpOverlapped=0x0) returned 1 [0163.029] CloseHandle (hObject=0x5c4) returned 1 [0163.029] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3601 | out: pbBuffer=0xc0001c3601) returned 1 [0163.029] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0163.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\hvX0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\hvx0.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0163.031] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc0002cbd64 | out: lpMode=0xc0002cbd64) returned 0 [0163.076] GetFileType (hFile=0x5c4) returned 0x1 [0163.076] WriteFile (in: hFile=0x5c4, lpBuffer=0xc0003186e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002cbd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0003186e0*, lpNumberOfBytesWritten=0xc0002cbd4c*=0x158, lpOverlapped=0x0) returned 1 [0163.076] CloseHandle (hObject=0x5c4) returned 1 [0163.076] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\hvX0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\hvx0.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\encry-hvX0.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\encry-hvx0.mp3"), dwFlags=0x1) returned 1 [0163.078] GetFileType (hFile=0x53c) returned 0x1 [0163.078] GetFileType (hFile=0x53c) returned 0x1 [0163.078] GetFileInformationByHandle (in: hFile=0x53c, lpFileInformation=0xc0002cfd44 | out: lpFileInformation=0xc0002cfd44) returned 1 [0163.078] GetFileInformationByHandleEx (in: hFile=0x53c, FileInformationClass=0x9, lpFileInformation=0xc0002cfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002cfd28) returned 1 [0163.079] VirtualAlloc (lpAddress=0xc00073a000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00073a000 [0163.083] ReadFile (in: hFile=0x53c, lpBuffer=0xc00073a000, nNumberOfBytesToRead=0x122ab, lpNumberOfBytesRead=0xc0002cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00073a000*, lpNumberOfBytesRead=0xc0002cfc04*=0x120ab, lpOverlapped=0x0) returned 1 [0163.085] ReadFile (in: hFile=0x53c, lpBuffer=0xc00074c0ab, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002cfc04, lpOverlapped=0x0 | out: lpBuffer=0xc00074c0ab*, lpNumberOfBytesRead=0xc0002cfc04*=0x0, lpOverlapped=0x0) returned 1 [0163.086] CloseHandle (hObject=0x53c) returned 1 [0163.086] VirtualAlloc (lpAddress=0xc0007c4000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007c4000 [0163.091] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\NHHgzTyvVDR.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\nhhgztyvvdr.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x53c [0163.093] GetConsoleMode (in: hConsoleHandle=0x53c, lpMode=0xc0002cfd04 | out: lpMode=0xc0002cfd04) returned 0 [0163.109] GetFileType (hFile=0x53c) returned 0x1 [0163.109] WriteFile (in: hFile=0x53c, lpBuffer=0xc0007c4000*, nNumberOfBytesToWrite=0x120b0, lpNumberOfBytesWritten=0xc0002cfcec, lpOverlapped=0x0 | out: lpBuffer=0xc0007c4000*, lpNumberOfBytesWritten=0xc0002cfcec*=0x120b0, lpOverlapped=0x0) returned 1 [0163.113] CloseHandle (hObject=0x53c) returned 1 [0163.113] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3801 | out: pbBuffer=0xc0001c3801) returned 1 [0163.113] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\NHHgzTyvVDR.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\nhhgztyvvdr.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x53c [0163.113] GetConsoleMode (in: hConsoleHandle=0x53c, lpMode=0xc0002cfd64 | out: lpMode=0xc0002cfd64) returned 0 [0163.123] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0163.140] SetEvent (hEvent=0xc0c) returned 1 [0163.140] GetFileType (hFile=0x53c) returned 0x1 [0163.140] WriteFile (in: hFile=0x53c, lpBuffer=0xc000319340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002cfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000319340*, lpNumberOfBytesWritten=0xc0002cfd4c*=0x158, lpOverlapped=0x0) returned 1 [0163.140] CloseHandle (hObject=0x53c) returned 1 [0163.140] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\NHHgzTyvVDR.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\nhhgztyvvdr.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\encry-NHHgzTyvVDR.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\encry-nhhgztyvvdr.mp3"), dwFlags=0x1) returned 1 [0163.184] SetEvent (hEvent=0xc0c) returned 1 [0163.185] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0163.187] SetEvent (hEvent=0xc0c) returned 1 [0163.187] SetEvent (hEvent=0xa8) returned 1 [0163.187] VirtualFree (lpAddress=0xc00070c000, dwSize=0xcc000, dwFreeType=0x4000) returned 1 [0163.195] VirtualFree (lpAddress=0xc0006e4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0163.197] VirtualFree (lpAddress=0xc000690000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0163.198] VirtualFree (lpAddress=0xc000660000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0163.199] VirtualFree (lpAddress=0xc000638000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0163.200] VirtualFree (lpAddress=0xc000604000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0163.201] VirtualFree (lpAddress=0xc0005e4000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0163.221] VirtualFree (lpAddress=0xc00037e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.222] VirtualFree (lpAddress=0xc000372000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.223] VirtualFree (lpAddress=0xc00036e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.223] VirtualFree (lpAddress=0xc000340000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0163.224] VirtualFree (lpAddress=0xc00033c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.225] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.226] VirtualFree (lpAddress=0xc0002ea000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0163.227] VirtualFree (lpAddress=0xc0002da000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0163.228] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.228] VirtualFree (lpAddress=0xc0002be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.229] VirtualFree (lpAddress=0xc000298000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.230] VirtualFree (lpAddress=0xc000292000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.230] VirtualFree (lpAddress=0xc00027e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.231] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0163.232] VirtualFree (lpAddress=0xc00021c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.233] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.234] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.234] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.235] VirtualFree (lpAddress=0xc000126000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.236] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.237] VirtualFree (lpAddress=0xc000110000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.237] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.238] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.239] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.239] VirtualFree (lpAddress=0xc0000c0000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0163.240] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0163.241] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.242] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.242] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.243] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.244] VirtualFree (lpAddress=0xc00006c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0163.244] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.245] VirtualFree (lpAddress=0xc00005a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0163.246] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0163.247] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.247] GetFileType (hFile=0x424) returned 0x1 [0163.247] GetFileType (hFile=0x424) returned 0x1 [0163.247] GetFileInformationByHandle (in: hFile=0x424, lpFileInformation=0xc0002b1d44 | out: lpFileInformation=0xc0002b1d44) returned 1 [0163.248] GetFileInformationByHandleEx (in: hFile=0x424, FileInformationClass=0x9, lpFileInformation=0xc0002b1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002b1d28) returned 1 [0163.248] VirtualAlloc (lpAddress=0xc000226000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000226000 [0163.249] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0163.250] ReadFile (in: hFile=0x424, lpBuffer=0xc000244000, nNumberOfBytesToRead=0x3f8, lpNumberOfBytesRead=0xc0002b1c04, lpOverlapped=0x0 | out: lpBuffer=0xc000244000*, lpNumberOfBytesRead=0xc0002b1c04*=0x1f8, lpOverlapped=0x0) returned 1 [0163.251] ReadFile (in: hFile=0x424, lpBuffer=0xc0002441f8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002b1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002441f8*, lpNumberOfBytesRead=0xc0002b1c04*=0x0, lpOverlapped=0x0) returned 1 [0163.251] CloseHandle (hObject=0x424) returned 1 [0163.251] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0163.253] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0163.254] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0163.254] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0163.255] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\desktop.ini\\*", lpFindFileData=0xc0002b1a08 | out: lpFindFileData=0xc0002b1a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0163.256] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002b1720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0163.256] GetFileType (hFile=0x668) returned 0x1 [0163.256] WriteFile (in: hFile=0x668, lpBuffer=0xc000120000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000271d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000120000*, lpNumberOfBytesWritten=0xc000271d4c*=0x158, lpOverlapped=0x0) returned 1 [0163.257] CloseHandle (hObject=0x668) returned 1 [0163.257] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Downloads\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\downloads\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0166.980] SetEvent (hEvent=0xa40) returned 1 [0166.980] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) returned 0x0 [0167.282] WaitForSingleObject (hHandle=0xae0, dwMilliseconds=0xffffffff) Thread: id = 154 os_tid = 0xc0c [0142.124] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3a13fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3a13fea0*=0x724) returned 1 [0142.124] VirtualQuery (in: lpAddress=0x3a13fec0, lpBuffer=0x3a13fec0, dwLength=0x30 | out: lpBuffer=0x3a13fec0*(BaseAddress=0x3a13f000, AllocationBase=0x39f40000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.125] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eLsstNNsEvVxA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\elsstnnsevvxa.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x728 [0142.125] GetConsoleMode (in: hConsoleHandle=0x728, lpMode=0xc00043dcf4 | out: lpMode=0xc00043dcf4) returned 0 [0142.127] GetFileType (hFile=0x728) returned 0x1 [0142.127] VirtualAlloc (lpAddress=0xc000588000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000588000 [0142.128] GetFileType (hFile=0x728) returned 0x1 [0142.128] GetFileInformationByHandle (in: hFile=0x728, lpFileInformation=0xc00043dd44 | out: lpFileInformation=0xc00043dd44) returned 1 [0142.128] GetFileInformationByHandleEx (in: hFile=0x728, FileInformationClass=0x9, lpFileInformation=0xc00043dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00043dd28) returned 1 [0142.128] ReadFile (in: hFile=0x728, lpBuffer=0xc0002eb400, nNumberOfBytesToRead=0x21f0, lpNumberOfBytesRead=0xc00043dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002eb400*, lpNumberOfBytesRead=0xc00043dc04*=0x1ff0, lpOverlapped=0x0) returned 1 [0142.754] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xae8 [0142.755] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xaec [0142.755] WaitForSingleObject (hHandle=0xae8, dwMilliseconds=0xffffffff) returned 0x0 [0143.433] SetEvent (hEvent=0x9f8) returned 1 [0143.433] ReadFile (in: hFile=0x728, lpBuffer=0xc0002ed3f0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00043dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ed3f0*, lpNumberOfBytesRead=0xc00043dc04*=0x0, lpOverlapped=0x0) returned 1 [0143.433] WaitForSingleObject (hHandle=0xae8, dwMilliseconds=0xffffffff) returned 0x0 [0144.131] CloseHandle (hObject=0x728) returned 1 [0144.131] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0144.132] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0144.133] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0144.134] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eLsstNNsEvVxA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\elsstnnsevvxa.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x728 [0144.135] GetConsoleMode (in: hConsoleHandle=0x728, lpMode=0xc00043dd04 | out: lpMode=0xc00043dd04) returned 0 [0144.139] WaitForSingleObject (hHandle=0xae8, dwMilliseconds=0xffffffff) returned 0x0 [0144.583] GetFileType (hFile=0x728) returned 0x1 [0144.583] WriteFile (in: hFile=0x728, lpBuffer=0xc00011e000*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0xc00043dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00011e000*, lpNumberOfBytesWritten=0xc00043dcec*=0x2000, lpOverlapped=0x0) returned 1 [0144.585] CloseHandle (hObject=0x728) returned 1 [0144.585] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0144.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eLsstNNsEvVxA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\elsstnnsevvxa.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x728 [0144.585] GetConsoleMode (in: hConsoleHandle=0x728, lpMode=0xc00043dd64 | out: lpMode=0xc00043dd64) returned 0 [0144.588] WaitForSingleObject (hHandle=0xae8, dwMilliseconds=0xffffffff) returned 0x0 [0145.342] SetEvent (hEvent=0x318) returned 1 [0145.342] WaitForSingleObject (hHandle=0xae8, dwMilliseconds=0xffffffff) returned 0x0 [0145.344] SetEvent (hEvent=0x318) returned 1 [0145.344] VirtualAlloc (lpAddress=0xc0002a6000, dwSize=0x1c000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a6000 [0145.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b0 [0145.349] GetConsoleMode (in: hConsoleHandle=0x5b0, lpMode=0xc0001a3d04 | out: lpMode=0xc0001a3d04) returned 0 [0145.358] GetFileType (hFile=0x5b0) returned 0x1 [0145.358] WriteFile (in: hFile=0x5b0, lpBuffer=0xc0002a6000*, nNumberOfBytesToWrite=0x1b810, lpNumberOfBytesWritten=0xc0001a3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a6000*, lpNumberOfBytesWritten=0xc0001a3cec*=0x1b810, lpOverlapped=0x0) returned 1 [0145.362] CloseHandle (hObject=0x5b0) returned 1 [0145.363] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0145.363] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0145.364] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0145.365] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b0 [0145.366] GetConsoleMode (in: hConsoleHandle=0x5b0, lpMode=0xc0001a3d64 | out: lpMode=0xc0001a3d64) returned 0 [0145.369] WaitForSingleObject (hHandle=0xae8, dwMilliseconds=0xffffffff) returned 0x0 [0145.928] GetFileType (hFile=0x5b0) returned 0x1 [0145.928] WriteFile (in: hFile=0x5b0, lpBuffer=0xc0000d71e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d71e0*, lpNumberOfBytesWritten=0xc0001a3d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.928] CloseHandle (hObject=0x5b0) returned 1 [0145.929] VirtualAlloc (lpAddress=0xc000280000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000280000 [0145.930] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\1b4dd67f29cb1962.automaticdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\encry-1b4dd67f29cb1962.automaticDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\encry-1b4dd67f29cb1962.automaticdestinations-ms"), dwFlags=0x1) returned 1 [0146.567] SetEvent (hEvent=0x3b0) returned 1 [0146.567] WaitForSingleObject (hHandle=0xae8, dwMilliseconds=0xffffffff) returned 0x0 [0146.609] SetEvent (hEvent=0x448) returned 1 [0146.609] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x42c [0146.610] GetConsoleMode (in: hConsoleHandle=0x42c, lpMode=0xc000277cf4 | out: lpMode=0xc000277cf4) returned 0 [0146.638] WaitForSingleObject (hHandle=0xae8, dwMilliseconds=0xffffffff) returned 0x0 [0146.706] GetFileType (hFile=0x42c) returned 0x1 [0146.706] GetFileType (hFile=0x42c) returned 0x1 [0146.707] GetFileInformationByHandle (in: hFile=0x42c, lpFileInformation=0xc000277d44 | out: lpFileInformation=0xc000277d44) returned 1 [0146.707] GetFileInformationByHandleEx (in: hFile=0x42c, FileInformationClass=0x9, lpFileInformation=0xc000277d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000277d28) returned 1 [0146.707] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0146.708] ReadFile (in: hFile=0x42c, lpBuffer=0xc00006c000, nNumberOfBytesToRead=0x28d, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesRead=0xc000277c04*=0x8d, lpOverlapped=0x0) returned 1 [0146.709] ReadFile (in: hFile=0x42c, lpBuffer=0xc00006c08d, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000277c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c08d*, lpNumberOfBytesRead=0xc000277c04*=0x0, lpOverlapped=0x0) returned 1 [0146.709] CloseHandle (hObject=0x42c) returned 1 [0146.709] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0146.710] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x42c [0146.712] GetConsoleMode (in: hConsoleHandle=0x42c, lpMode=0xc000277d04 | out: lpMode=0xc000277d04) returned 0 [0146.849] WaitForSingleObject (hHandle=0xae8, dwMilliseconds=0xffffffff) returned 0x0 [0146.924] GetFileType (hFile=0x42c) returned 0x1 [0146.924] WriteFile (in: hFile=0x42c, lpBuffer=0xc00002c000*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc000277cec, lpOverlapped=0x0 | out: lpBuffer=0xc00002c000*, lpNumberOfBytesWritten=0xc000277cec*=0x90, lpOverlapped=0x0) returned 1 [0146.926] CloseHandle (hObject=0x42c) returned 1 [0146.926] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0146.926] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0146.927] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x42c [0146.927] GetConsoleMode (in: hConsoleHandle=0x42c, lpMode=0xc000277d64 | out: lpMode=0xc000277d64) returned 0 [0146.930] GetFileType (hFile=0x42c) returned 0x1 [0146.931] WriteFile (in: hFile=0x42c, lpBuffer=0xc000180580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000277d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000180580*, lpNumberOfBytesWritten=0xc000277d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.931] CloseHandle (hObject=0x42c) returned 1 [0146.931] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\extensions.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-extensions.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-extensions.ini"), dwFlags=0x1) returned 1 [0146.933] SetEvent (hEvent=0x3c4) returned 1 [0146.933] WaitForSingleObject (hHandle=0xae8, dwMilliseconds=0xffffffff) returned 0x0 [0147.465] SetEvent (hEvent=0xa20) returned 1 [0147.465] SetEvent (hEvent=0x1f8) returned 1 [0147.465] WaitForSingleObject (hHandle=0xae8, dwMilliseconds=0xffffffff) returned 0x0 [0147.843] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.844] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.845] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.846] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x590 [0147.847] GetConsoleMode (in: hConsoleHandle=0x590, lpMode=0xc0000f9cf4 | out: lpMode=0xc0000f9cf4) returned 0 [0147.847] GetFileType (hFile=0x590) returned 0x1 [0147.847] GetFileType (hFile=0x590) returned 0x1 [0147.847] GetFileInformationByHandle (in: hFile=0x590, lpFileInformation=0xc0000f9d44 | out: lpFileInformation=0xc0000f9d44) returned 1 [0147.848] GetFileInformationByHandleEx (in: hFile=0x590, FileInformationClass=0x9, lpFileInformation=0xc0000f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000f9d28) returned 1 [0147.848] ReadFile (in: hFile=0x590, lpBuffer=0xc0000b6b40, nNumberOfBytesToRead=0x202, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6b40*, lpNumberOfBytesRead=0xc0000f9c04*=0x2, lpOverlapped=0x0) returned 1 [0148.388] SetEvent (hEvent=0xc0) returned 1 [0148.388] ReadFile (in: hFile=0x590, lpBuffer=0xc0000b6b42, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6b42*, lpNumberOfBytesRead=0xc0000f9c04*=0x0, lpOverlapped=0x0) returned 1 [0148.388] CloseHandle (hObject=0x590) returned 1 [0148.388] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0148.389] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0149.022] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc0000f9d04 | out: lpMode=0xc0000f9d04) returned 0 [0149.023] GetFileType (hFile=0x3d0) returned 0x1 [0149.023] WriteFile (in: hFile=0x3d0, lpBuffer=0xc000586600*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0000f9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000586600*, lpNumberOfBytesWritten=0xc0000f9cec*=0x10, lpOverlapped=0x0) returned 1 [0149.358] WaitForSingleObject (hHandle=0xae8, dwMilliseconds=0xffffffff) returned 0x0 [0149.370] CloseHandle (hObject=0x3d0) returned 1 [0149.390] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b201 | out: pbBuffer=0xc00031b201) returned 1 [0149.390] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0149.391] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0149.393] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0149.394] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0149.394] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0000f9d64 | out: lpMode=0xc0000f9d64) returned 0 [0149.394] GetFileType (hFile=0x6a4) returned 0x1 [0149.395] WriteFile (in: hFile=0x6a4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000f9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0000f9d4c*=0x158, lpOverlapped=0x0) returned 1 [0149.619] CloseHandle (hObject=0x6a4) returned 1 [0149.644] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\webapps.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\encry-webapps.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\webapps\\encry-webapps.json"), dwFlags=0x1) returned 1 [0149.667] WaitForSingleObject (hHandle=0xae8, dwMilliseconds=0xffffffff) returned 0x0 [0149.680] SetEvent (hEvent=0xa38) returned 1 [0149.680] WaitForSingleObject (hHandle=0xae8, dwMilliseconds=0xffffffff) returned 0x0 [0149.686] SetEvent (hEvent=0xa38) returned 1 [0149.686] SetEvent (hEvent=0x8b8) returned 1 [0149.686] SetEvent (hEvent=0xc24) returned 1 [0149.686] WaitForSingleObject (hHandle=0xae8, dwMilliseconds=0xffffffff) Thread: id = 155 os_tid = 0xc10 [0142.130] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3a33fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3a33fea0*=0x72c) returned 1 [0142.130] VirtualQuery (in: lpAddress=0x3a33fec0, lpBuffer=0x3a33fec0, dwLength=0x30 | out: lpBuffer=0x3a33fec0*(BaseAddress=0x3a33f000, AllocationBase=0x3a140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.131] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x730 [0142.131] GetConsoleMode (in: hConsoleHandle=0x730, lpMode=0xc0003c7cf4 | out: lpMode=0xc0003c7cf4) returned 0 [0142.138] GetFileType (hFile=0x730) returned 0x1 [0142.138] GetFileType (hFile=0x730) returned 0x1 [0142.138] GetFileInformationByHandle (in: hFile=0x730, lpFileInformation=0xc0003c7d44 | out: lpFileInformation=0xc0003c7d44) returned 1 [0142.138] GetFileInformationByHandleEx (in: hFile=0x730, FileInformationClass=0x9, lpFileInformation=0xc0003c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003c7d28) returned 1 [0142.138] ReadFile (in: hFile=0x730, lpBuffer=0xc00050b000, nNumberOfBytesToRead=0x739, lpNumberOfBytesRead=0xc0003c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00050b000*, lpNumberOfBytesRead=0xc0003c7c04*=0x539, lpOverlapped=0x0) returned 1 [0142.756] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xaf0 [0142.756] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xaf4 [0142.756] WaitForSingleObject (hHandle=0xaf0, dwMilliseconds=0xffffffff) returned 0x0 [0143.445] ReadFile (in: hFile=0x730, lpBuffer=0xc00050b539, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc00050b539*, lpNumberOfBytesRead=0xc0003c7c04*=0x0, lpOverlapped=0x0) returned 1 [0143.445] CloseHandle (hObject=0x730) returned 1 [0143.445] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x730 [0143.446] GetConsoleMode (in: hConsoleHandle=0x730, lpMode=0xc0003c7d04 | out: lpMode=0xc0003c7d04) returned 0 [0143.451] GetFileType (hFile=0x730) returned 0x1 [0143.452] WriteFile (in: hFile=0x730, lpBuffer=0xc00021b080*, nNumberOfBytesToWrite=0x540, lpNumberOfBytesWritten=0xc0003c7cec, lpOverlapped=0x0 | out: lpBuffer=0xc00021b080*, lpNumberOfBytesWritten=0xc0003c7cec*=0x540, lpOverlapped=0x0) returned 1 [0143.453] CloseHandle (hObject=0x730) returned 1 [0143.453] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0143.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x730 [0143.453] GetConsoleMode (in: hConsoleHandle=0x730, lpMode=0xc0003c7d64 | out: lpMode=0xc0003c7d64) returned 0 [0143.463] WaitForSingleObject (hHandle=0xaf0, dwMilliseconds=0xffffffff) returned 0x0 [0144.161] SetEvent (hEvent=0x940) returned 1 [0144.161] WaitForSingleObject (hHandle=0xaf0, dwMilliseconds=0xffffffff) Thread: id = 156 os_tid = 0xc14 [0142.138] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3a53fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3a53fea0*=0x738) returned 1 [0142.138] VirtualQuery (in: lpAddress=0x3a53fec0, lpBuffer=0x3a53fec0, dwLength=0x30 | out: lpBuffer=0x3a53fec0*(BaseAddress=0x3a53f000, AllocationBase=0x3a340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.138] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_aS6CtfrDr8.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_as6ctfrdr8.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x73c [0142.139] GetConsoleMode (in: hConsoleHandle=0x73c, lpMode=0xc00042fcf4 | out: lpMode=0xc00042fcf4) returned 0 [0142.140] GetFileType (hFile=0x73c) returned 0x1 [0142.140] GetFileType (hFile=0x73c) returned 0x1 [0142.140] GetFileInformationByHandle (in: hFile=0x73c, lpFileInformation=0xc00042fd44 | out: lpFileInformation=0xc00042fd44) returned 1 [0142.140] GetFileInformationByHandleEx (in: hFile=0x73c, FileInformationClass=0x9, lpFileInformation=0xc00042fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00042fd28) returned 1 [0142.140] VirtualAlloc (lpAddress=0xc00037a000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00037a000 [0142.142] ReadFile (in: hFile=0x73c, lpBuffer=0xc00037a000, nNumberOfBytesToRead=0x101f, lpNumberOfBytesRead=0xc00042fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00037a000*, lpNumberOfBytesRead=0xc00042fc04*=0xe1f, lpOverlapped=0x0) returned 1 [0142.758] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb00 [0142.758] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb04 [0142.758] WaitForSingleObject (hHandle=0xb00, dwMilliseconds=0xffffffff) returned 0x0 [0143.479] ReadFile (in: hFile=0x73c, lpBuffer=0xc00037ae1f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00042fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00037ae1f*, lpNumberOfBytesRead=0xc00042fc04*=0x0, lpOverlapped=0x0) returned 1 [0143.479] CloseHandle (hObject=0x73c) returned 1 [0143.479] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_aS6CtfrDr8.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_as6ctfrdr8.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x73c [0143.481] GetConsoleMode (in: hConsoleHandle=0x73c, lpMode=0xc00042fd04 | out: lpMode=0xc00042fd04) returned 0 [0143.487] GetFileType (hFile=0x73c) returned 0x1 [0143.487] WriteFile (in: hFile=0x73c, lpBuffer=0xc0007d7000*, nNumberOfBytesToWrite=0xe20, lpNumberOfBytesWritten=0xc00042fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0007d7000*, lpNumberOfBytesWritten=0xc00042fcec*=0xe20, lpOverlapped=0x0) returned 1 [0143.489] CloseHandle (hObject=0x73c) returned 1 [0143.489] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533801 | out: pbBuffer=0xc000533801) returned 1 [0143.489] VirtualAlloc (lpAddress=0xc000670000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000670000 [0143.490] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_aS6CtfrDr8.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_as6ctfrdr8.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x73c [0143.490] GetConsoleMode (in: hConsoleHandle=0x73c, lpMode=0xc00042fd64 | out: lpMode=0xc00042fd64) returned 0 [0143.492] WaitForSingleObject (hHandle=0xb00, dwMilliseconds=0xffffffff) returned 0x0 [0144.015] GetFileType (hFile=0x73c) returned 0x1 [0144.015] WriteFile (in: hFile=0x73c, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00042fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc00042fd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.015] CloseHandle (hObject=0x73c) returned 1 [0144.015] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_aS6CtfrDr8.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_as6ctfrdr8.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-_aS6CtfrDr8.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-_as6ctfrdr8.lnk"), dwFlags=0x1) returned 1 [0144.017] VirtualFree (lpAddress=0xc000746000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.019] VirtualFree (lpAddress=0xc000710000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0144.020] VirtualFree (lpAddress=0xc000668000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.021] VirtualFree (lpAddress=0xc00027c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.022] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.023] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.025] VirtualFree (lpAddress=0xc000104000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.026] SetEvent (hEvent=0xba0) returned 1 [0144.026] WaitForSingleObject (hHandle=0xb00, dwMilliseconds=0xffffffff) Thread: id = 157 os_tid = 0xc18 [0142.143] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3a73fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3a73fea0*=0x734) returned 1 [0142.143] VirtualQuery (in: lpAddress=0x3a73fec0, lpBuffer=0x3a73fec0, dwLength=0x30 | out: lpBuffer=0x3a73fec0*(BaseAddress=0x3a73f000, AllocationBase=0x3a540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.143] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kEv94GQePX7n.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kev94gqepx7n.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x740 [0142.144] GetConsoleMode (in: hConsoleHandle=0x740, lpMode=0xc00044dcf4 | out: lpMode=0xc00044dcf4) returned 0 [0142.145] GetFileType (hFile=0x740) returned 0x1 [0142.145] GetFileType (hFile=0x740) returned 0x1 [0142.145] GetFileInformationByHandle (in: hFile=0x740, lpFileInformation=0xc00044dd44 | out: lpFileInformation=0xc00044dd44) returned 1 [0142.145] GetFileInformationByHandleEx (in: hFile=0x740, FileInformationClass=0x9, lpFileInformation=0xc00044dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00044dd28) returned 1 [0142.145] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0142.146] ReadFile (in: hFile=0x740, lpBuffer=0xc00023a000, nNumberOfBytesToRead=0x1ba1, lpNumberOfBytesRead=0xc00044dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00023a000*, lpNumberOfBytesRead=0xc00044dc04*=0x19a1, lpOverlapped=0x0) returned 1 [0142.759] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb08 [0142.759] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb0c [0142.759] WaitForSingleObject (hHandle=0xb08, dwMilliseconds=0xffffffff) returned 0x0 [0143.495] ReadFile (in: hFile=0x740, lpBuffer=0xc00023b9a1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00044dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00023b9a1*, lpNumberOfBytesRead=0xc00044dc04*=0x0, lpOverlapped=0x0) returned 1 [0143.495] CloseHandle (hObject=0x740) returned 1 [0143.495] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kEv94GQePX7n.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kev94gqepx7n.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x740 [0143.496] GetConsoleMode (in: hConsoleHandle=0x740, lpMode=0xc00044dd04 | out: lpMode=0xc00044dd04) returned 0 [0143.514] GetFileType (hFile=0x740) returned 0x1 [0143.515] WriteFile (in: hFile=0x740, lpBuffer=0xc0004e1a80*, nNumberOfBytesToWrite=0x19b0, lpNumberOfBytesWritten=0xc00044dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0004e1a80*, lpNumberOfBytesWritten=0xc00044dcec*=0x19b0, lpOverlapped=0x0) returned 1 [0143.516] CloseHandle (hObject=0x740) returned 1 [0143.516] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0143.516] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kEv94GQePX7n.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kev94gqepx7n.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x740 [0143.516] GetConsoleMode (in: hConsoleHandle=0x740, lpMode=0xc00044dd64 | out: lpMode=0xc00044dd64) returned 0 [0143.524] WaitForSingleObject (hHandle=0xb08, dwMilliseconds=0xffffffff) returned 0x0 [0144.036] SetEvent (hEvent=0x950) returned 1 [0144.036] WaitForSingleObject (hHandle=0xb08, dwMilliseconds=0xffffffff) Thread: id = 158 os_tid = 0xc1c [0142.146] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3a93fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3a93fea0*=0x744) returned 1 [0142.146] VirtualQuery (in: lpAddress=0x3a93fec0, lpBuffer=0x3a93fec0, dwLength=0x30 | out: lpBuffer=0x3a93fec0*(BaseAddress=0x3a93f000, AllocationBase=0x3a740000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eZAa8LdzP4i7tw-W_U.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ezaa8ldzp4i7tw-w_u.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x748 [0142.147] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc000447cf4 | out: lpMode=0xc000447cf4) returned 0 [0142.147] GetFileType (hFile=0x748) returned 0x1 [0142.147] GetFileType (hFile=0x748) returned 0x1 [0142.148] GetFileInformationByHandle (in: hFile=0x748, lpFileInformation=0xc000447d44 | out: lpFileInformation=0xc000447d44) returned 1 [0142.148] GetFileInformationByHandleEx (in: hFile=0x748, FileInformationClass=0x9, lpFileInformation=0xc000447d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000447d28) returned 1 [0142.148] ReadFile (in: hFile=0x748, lpBuffer=0xc000309300, nNumberOfBytesToRead=0x1082, lpNumberOfBytesRead=0xc000447c04, lpOverlapped=0x0 | out: lpBuffer=0xc000309300*, lpNumberOfBytesRead=0xc000447c04*=0xe82, lpOverlapped=0x0) returned 1 [0142.760] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb10 [0142.760] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb14 [0142.760] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0143.534] ReadFile (in: hFile=0x748, lpBuffer=0xc00030a182, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000447c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030a182*, lpNumberOfBytesRead=0xc000447c04*=0x0, lpOverlapped=0x0) returned 1 [0143.534] CloseHandle (hObject=0x748) returned 1 [0143.534] VirtualAlloc (lpAddress=0xc000672000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000672000 [0143.535] VirtualAlloc (lpAddress=0xc000674000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000674000 [0143.536] VirtualAlloc (lpAddress=0xc000676000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000676000 [0143.537] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\eZAa8LdzP4i7tw-W_U.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ezaa8ldzp4i7tw-w_u.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x748 [0143.538] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc000447d04 | out: lpMode=0xc000447d04) returned 0 [0143.541] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0144.068] SetEvent (hEvent=0xc0) returned 1 [0144.068] GetFileType (hFile=0x748) returned 0x1 [0144.068] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0144.795] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0144.797] VirtualFree (lpAddress=0xc000226000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.797] VirtualFree (lpAddress=0xc00021e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0144.798] SetEvent (hEvent=0xb50) returned 1 [0144.798] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0144.820] SetEvent (hEvent=0x9f0) returned 1 [0144.820] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0144.827] SetEvent (hEvent=0xb18) returned 1 [0144.827] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0144.886] SetEvent (hEvent=0xb30) returned 1 [0144.886] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0144.895] SetEvent (hEvent=0x9c8) returned 1 [0144.895] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0144.899] SetEvent (hEvent=0xc4c) returned 1 [0144.899] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0144.901] SetEvent (hEvent=0x254) returned 1 [0144.901] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0144.902] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0144.906] SetEvent (hEvent=0x28c) returned 1 [0144.906] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0144.910] SetEvent (hEvent=0x254) returned 1 [0144.911] SetEvent (hEvent=0xbb0) returned 1 [0144.911] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0144.927] SetEvent (hEvent=0x254) returned 1 [0144.927] SetEvent (hEvent=0xbc8) returned 1 [0144.927] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0144.934] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0144.935] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000186000*, nNumberOfCharsToWrite=0x71, lpNumberOfCharsWritten=0xc000491808, lpReserved=0x0 | out: lpBuffer=0xc000186000*, lpNumberOfCharsWritten=0xc000491808*=0x71) returned 1 [0144.953] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0145.606] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0145.606] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0146.038] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0146.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0146.039] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc000491d64 | out: lpMode=0xc000491d64) returned 0 [0146.042] GetFileType (hFile=0x284) returned 0x1 [0146.042] WriteFile (in: hFile=0x284, lpBuffer=0xc000614580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000491d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614580*, lpNumberOfBytesWritten=0xc000491d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.043] CloseHandle (hObject=0x284) returned 1 [0146.043] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\low\\encry-index.dat"), dwFlags=0x1) returned 1 [0146.045] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3a93f698, ulCount=0x10, ulNumEntriesRemoved=0x3a93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3a93f698, ulNumEntriesRemoved=0x3a93f66c) returned 0 [0146.045] SetEvent (hEvent=0xc4c) returned 1 [0146.045] SetEvent (hEvent=0xc54) returned 1 [0146.045] SetEvent (hEvent=0xbe0) returned 1 [0146.047] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3a93fe08*=0xb10, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.049] SetEvent (hEvent=0xbe0) returned 1 [0146.049] SetEvent (hEvent=0xc54) returned 1 [0146.049] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3a93fe08*=0xb10, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.074] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0146.074] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3a93fe30*=0xb10, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.076] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0146.076] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3a93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3a93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3a93f6a0, ulNumEntriesRemoved=0x3a93f674) returned 0 [0146.077] SetEvent (hEvent=0xc4c) returned 1 [0146.077] SetEvent (hEvent=0xbe0) returned 1 [0146.077] SetEvent (hEvent=0xc54) returned 1 [0146.077] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3a93fe18*=0xb10, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.082] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0146.083] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\HcjK5UBAn9LkA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hcjk5uban9lka.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-HcjK5UBAn9LkA.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-hcjk5uban9lka.lnk"), dwFlags=0x1) returned 1 [0150.670] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0151.298] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jpeHTkf.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jpehtkf.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x780 [0151.299] GetConsoleMode (in: hConsoleHandle=0x780, lpMode=0xc00029dcf4 | out: lpMode=0xc00029dcf4) returned 0 [0151.308] GetFileType (hFile=0x780) returned 0x1 [0151.308] GetFileType (hFile=0x780) returned 0x1 [0151.308] GetFileInformationByHandle (in: hFile=0x780, lpFileInformation=0xc00029dd44 | out: lpFileInformation=0xc00029dd44) returned 1 [0151.309] GetFileInformationByHandleEx (in: hFile=0x780, FileInformationClass=0x9, lpFileInformation=0xc00029dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00029dd28) returned 1 [0151.309] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0151.312] ReadFile (in: hFile=0x780, lpBuffer=0xc0002fe000, nNumberOfBytesToRead=0xce31, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002fe000*, lpNumberOfBytesRead=0xc00029dc04*=0xcc31, lpOverlapped=0x0) returned 1 [0151.313] ReadFile (in: hFile=0x780, lpBuffer=0xc00030ac31, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00029dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00030ac31*, lpNumberOfBytesRead=0xc00029dc04*=0x0, lpOverlapped=0x0) returned 1 [0151.313] CloseHandle (hObject=0x780) returned 1 [0151.314] VirtualAlloc (lpAddress=0xc00032a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00032a000 [0151.316] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jpeHTkf.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jpehtkf.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0151.318] GetConsoleMode (in: hConsoleHandle=0x780, lpMode=0xc00029dd04 | out: lpMode=0xc00029dd04) returned 0 [0151.319] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0151.690] GetFileType (hFile=0x780) returned 0x1 [0151.690] WriteFile (in: hFile=0x780, lpBuffer=0xc00032a000*, nNumberOfBytesToWrite=0xcc40, lpNumberOfBytesWritten=0xc00029dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00032a000*, lpNumberOfBytesWritten=0xc00029dcec*=0xcc40, lpOverlapped=0x0) returned 1 [0151.695] CloseHandle (hObject=0x780) returned 1 [0151.696] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0151.696] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jpeHTkf.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jpehtkf.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0151.696] GetConsoleMode (in: hConsoleHandle=0x780, lpMode=0xc00029dd64 | out: lpMode=0xc00029dd64) returned 0 [0151.711] GetFileType (hFile=0x780) returned 0x1 [0151.711] WriteFile (in: hFile=0x780, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc00029dd4c*=0x158, lpOverlapped=0x0) returned 1 [0151.711] CloseHandle (hObject=0x780) returned 1 [0151.712] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jpeHTkf.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jpehtkf.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-jpeHTkf.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-jpehtkf.flv"), dwFlags=0x1) returned 1 [0151.715] VirtualFree (lpAddress=0xc000542000, dwSize=0x2a000, dwFreeType=0x4000) returned 1 [0151.719] VirtualFree (lpAddress=0xc000514000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0151.721] VirtualFree (lpAddress=0xc0004e0000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0151.723] VirtualFree (lpAddress=0xc000498000, dwSize=0x2e000, dwFreeType=0x4000) returned 1 [0151.726] VirtualFree (lpAddress=0xc000358000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0151.729] VirtualFree (lpAddress=0xc0002e2000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0151.730] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0151.732] VirtualFree (lpAddress=0xc00028c000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0151.733] VirtualFree (lpAddress=0xc000264000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0151.734] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.736] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.737] VirtualFree (lpAddress=0xc00021c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.737] VirtualFree (lpAddress=0xc000206000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.739] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.740] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.741] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.742] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0151.743] SetEvent (hEvent=0xa10) returned 1 [0151.743] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0151.755] SetEvent (hEvent=0xc5c) returned 1 [0151.755] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0161.555] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) returned 0x0 [0161.559] SetEvent (hEvent=0xa40) returned 1 [0161.559] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010670*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000197818, lpReserved=0x0 | out: lpBuffer=0xc000010670*, lpNumberOfCharsWritten=0xc000197818*=0x4) returned 1 [0161.560] SetEvent (hEvent=0xa40) returned 1 [0161.560] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010678*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00026d818, lpReserved=0x0 | out: lpBuffer=0xc000010678*, lpNumberOfCharsWritten=0xc00026d818*=0x4) returned 1 [0161.561] SetEvent (hEvent=0xa40) returned 1 [0161.562] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010680*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00041b818, lpReserved=0x0 | out: lpBuffer=0xc000010680*, lpNumberOfCharsWritten=0xc00041b818*=0x4) returned 1 [0161.563] SetEvent (hEvent=0xa40) returned 1 [0161.563] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010688*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000177818, lpReserved=0x0 | out: lpBuffer=0xc000010688*, lpNumberOfCharsWritten=0xc000177818*=0x4) returned 1 [0161.564] SetEvent (hEvent=0xa40) returned 1 [0161.564] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010690*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001fb818, lpReserved=0x0 | out: lpBuffer=0xc000010690*, lpNumberOfCharsWritten=0xc0001fb818*=0x4) returned 1 [0161.565] SetEvent (hEvent=0xa40) returned 1 [0161.565] VirtualAlloc (lpAddress=0xc000308000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000308000 [0161.567] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010698*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000047818, lpReserved=0x0 | out: lpBuffer=0xc000010698*, lpNumberOfCharsWritten=0xc000047818*=0x4) returned 1 [0161.568] SetEvent (hEvent=0xa40) returned 1 [0161.568] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000106a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000429818, lpReserved=0x0 | out: lpBuffer=0xc0000106a0*, lpNumberOfCharsWritten=0xc000429818*=0x4) returned 1 [0161.569] SetEvent (hEvent=0xa40) returned 1 [0161.570] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000106a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000171818, lpReserved=0x0 | out: lpBuffer=0xc0000106a8*, lpNumberOfCharsWritten=0xc000171818*=0x4) returned 1 [0161.570] SetEvent (hEvent=0xa40) returned 1 [0161.571] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000106b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0004dd818, lpReserved=0x0 | out: lpBuffer=0xc0000106b0*, lpNumberOfCharsWritten=0xc0004dd818*=0x4) returned 1 [0161.572] SetEvent (hEvent=0xa40) returned 1 [0161.572] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000106b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc0000106b8*, lpNumberOfCharsWritten=0xc000247818*=0x4) returned 1 [0161.573] SetEvent (hEvent=0xa40) returned 1 [0161.573] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000106c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023f818, lpReserved=0x0 | out: lpBuffer=0xc0000106c0*, lpNumberOfCharsWritten=0xc00023f818*=0x3) returned 1 [0161.574] SetEvent (hEvent=0xa40) returned 1 [0161.574] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000106c8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000f5818, lpReserved=0x0 | out: lpBuffer=0xc0000106c8*, lpNumberOfCharsWritten=0xc0000f5818*=0x4) returned 1 [0161.575] SetEvent (hEvent=0xa40) returned 1 [0161.575] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000106d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0006dd818, lpReserved=0x0 | out: lpBuffer=0xc0000106d0*, lpNumberOfCharsWritten=0xc0006dd818*=0x4) returned 1 [0161.577] SetEvent (hEvent=0xa40) returned 1 [0161.577] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d0280*, nNumberOfCharsToWrite=0x4a, lpNumberOfCharsWritten=0xc00023d808, lpReserved=0x0 | out: lpBuffer=0xc0003d0280*, lpNumberOfCharsWritten=0xc00023d808*=0x4a) returned 1 [0161.579] SetEvent (hEvent=0xa40) returned 1 [0161.579] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.102] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0xc00023da08 | out: lpFindFileData=0xc00023da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.102] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00023d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.102] WaitForSingleObject (hHandle=0xb10, dwMilliseconds=0xffffffff) Thread: id = 159 os_tid = 0xc20 [0142.149] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3ab3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3ab3fea0*=0x74c) returned 1 [0142.149] VirtualQuery (in: lpAddress=0x3ab3fec0, lpBuffer=0x3ab3fec0, dwLength=0x30 | out: lpBuffer=0x3ab3fec0*(BaseAddress=0x3ab3f000, AllocationBase=0x3a940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.149] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N3 iiKK5mP8C2F.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\n3 iikk5mp8c2f.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x750 [0142.150] GetConsoleMode (in: hConsoleHandle=0x750, lpMode=0xc0003b9cf4 | out: lpMode=0xc0003b9cf4) returned 0 [0142.151] GetFileType (hFile=0x750) returned 0x1 [0142.151] GetFileType (hFile=0x750) returned 0x1 [0142.151] GetFileInformationByHandle (in: hFile=0x750, lpFileInformation=0xc0003b9d44 | out: lpFileInformation=0xc0003b9d44) returned 1 [0142.151] GetFileInformationByHandleEx (in: hFile=0x750, FileInformationClass=0x9, lpFileInformation=0xc0003b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003b9d28) returned 1 [0142.151] ReadFile (in: hFile=0x750, lpBuffer=0xc00016ac80, nNumberOfBytesToRead=0xc63, lpNumberOfBytesRead=0xc0003b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016ac80*, lpNumberOfBytesRead=0xc0003b9c04*=0xa63, lpOverlapped=0x0) returned 1 [0142.762] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb18 [0142.762] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb1c [0142.762] WaitForSingleObject (hHandle=0xb18, dwMilliseconds=0xffffffff) returned 0x0 [0143.549] SetEvent (hEvent=0x120) returned 1 [0143.549] ReadFile (in: hFile=0x750, lpBuffer=0xc00016b6e3, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016b6e3*, lpNumberOfBytesRead=0xc0003b9c04*=0x0, lpOverlapped=0x0) returned 1 [0143.549] WaitForSingleObject (hHandle=0xb18, dwMilliseconds=0xffffffff) returned 0x0 [0144.072] CloseHandle (hObject=0x750) returned 1 [0144.072] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N3 iiKK5mP8C2F.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\n3 iikk5mp8c2f.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x750 [0144.073] GetConsoleMode (in: hConsoleHandle=0x750, lpMode=0xc0003b9d04 | out: lpMode=0xc0003b9d04) returned 0 [0144.082] WaitForSingleObject (hHandle=0xb18, dwMilliseconds=0xffffffff) returned 0x0 [0144.829] GetFileType (hFile=0x750) returned 0x1 [0144.829] WriteFile (in: hFile=0x750, lpBuffer=0xc000078a80*, nNumberOfBytesToWrite=0xa70, lpNumberOfBytesWritten=0xc0003b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000078a80*, lpNumberOfBytesWritten=0xc0003b9cec*=0xa70, lpOverlapped=0x0) returned 1 [0144.832] CloseHandle (hObject=0x750) returned 1 [0144.857] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533501 | out: pbBuffer=0xc000533501) returned 1 [0144.857] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0144.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N3 iiKK5mP8C2F.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\n3 iikk5mp8c2f.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x750 [0144.859] GetConsoleMode (in: hConsoleHandle=0x750, lpMode=0xc0003b9d64 | out: lpMode=0xc0003b9d64) returned 0 [0144.863] GetFileType (hFile=0x750) returned 0x1 [0144.863] WriteFile (in: hFile=0x750, lpBuffer=0xc00007e9a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e9a0*, lpNumberOfBytesWritten=0xc0003b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.864] CloseHandle (hObject=0x750) returned 1 [0144.865] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\N3 iiKK5mP8C2F.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\n3 iikk5mp8c2f.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-N3 iiKK5mP8C2F.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-n3 iikk5mp8c2f.lnk"), dwFlags=0x1) returned 1 [0146.012] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3ab3f698, ulCount=0x10, ulNumEntriesRemoved=0x3ab3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3ab3f698, ulNumEntriesRemoved=0x3ab3f66c) returned 0 [0146.012] SetEvent (hEvent=0x948) returned 1 [0146.012] SetEvent (hEvent=0xbe0) returned 1 [0146.012] SetEvent (hEvent=0xc4c) returned 1 [0146.014] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3ab3fe08*=0xb18, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.027] WaitForSingleObject (hHandle=0xb18, dwMilliseconds=0xffffffff) returned 0x0 [0146.027] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3ab3fe08*=0xb18, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.035] WaitForSingleObject (hHandle=0xb18, dwMilliseconds=0xffffffff) returned 0x0 [0146.035] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3ab3fe30*=0xb18, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.036] WaitForSingleObject (hHandle=0xb18, dwMilliseconds=0xffffffff) returned 0x0 [0146.036] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3ab3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3ab3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3ab3f6a0, ulNumEntriesRemoved=0x3ab3f674) returned 0 [0146.036] SetEvent (hEvent=0xbe0) returned 1 [0146.036] SetEvent (hEvent=0xc4c) returned 1 [0146.036] SetEvent (hEvent=0xc54) returned 1 [0146.036] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3ab3fe18*=0xb18, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.040] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0146.041] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\y6tP2hHT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\y6tp2hht.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-y6tP2hHT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-y6tp2hht.lnk"), dwFlags=0x1) returned 1 [0150.667] WaitForSingleObject (hHandle=0xb18, dwMilliseconds=0xffffffff) returned 0x0 [0151.363] SetEvent (hEvent=0xa68) returned 1 [0151.363] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vdvT1tPyjbv-YZK70.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vdvt1tpyjbv-yzk70.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x748 [0151.364] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc0001cbcf4 | out: lpMode=0xc0001cbcf4) returned 0 [0151.373] GetFileType (hFile=0x748) returned 0x1 [0151.373] GetFileType (hFile=0x748) returned 0x1 [0151.373] GetFileInformationByHandle (in: hFile=0x748, lpFileInformation=0xc0001cbd44 | out: lpFileInformation=0xc0001cbd44) returned 1 [0151.373] GetFileInformationByHandleEx (in: hFile=0x748, FileInformationClass=0x9, lpFileInformation=0xc0001cbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001cbd28) returned 1 [0151.373] VirtualAlloc (lpAddress=0xc0004aa000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004aa000 [0151.377] ReadFile (in: hFile=0x748, lpBuffer=0xc0004aa000, nNumberOfBytesToRead=0x11273, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004aa000*, lpNumberOfBytesRead=0xc0001cbc04*=0x11073, lpOverlapped=0x0) returned 1 [0151.378] ReadFile (in: hFile=0x748, lpBuffer=0xc0004bb073, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001cbc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004bb073*, lpNumberOfBytesRead=0xc0001cbc04*=0x0, lpOverlapped=0x0) returned 1 [0151.379] CloseHandle (hObject=0x748) returned 1 [0151.379] VirtualAlloc (lpAddress=0xc0004bc000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004bc000 [0151.383] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vdvT1tPyjbv-YZK70.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vdvt1tpyjbv-yzk70.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x748 [0151.388] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc0001cbd04 | out: lpMode=0xc0001cbd04) returned 0 [0151.397] GetFileType (hFile=0x748) returned 0x1 [0151.398] WriteFile (in: hFile=0x748, lpBuffer=0xc0004bc000*, nNumberOfBytesToWrite=0x11080, lpNumberOfBytesWritten=0xc0001cbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0004bc000*, lpNumberOfBytesWritten=0xc0001cbcec*=0x11080, lpOverlapped=0x0) returned 1 [0151.401] CloseHandle (hObject=0x748) returned 1 [0151.401] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0151.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vdvT1tPyjbv-YZK70.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vdvt1tpyjbv-yzk70.m4a"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x748 [0151.401] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc0001cbd64 | out: lpMode=0xc0001cbd64) returned 0 [0151.405] WaitForSingleObject (hHandle=0xb18, dwMilliseconds=0xffffffff) returned 0x0 [0151.827] SetEvent (hEvent=0xa68) returned 1 [0151.827] GetFileType (hFile=0x748) returned 0x1 [0151.827] WaitForSingleObject (hHandle=0xb18, dwMilliseconds=0xffffffff) returned 0x0 [0152.176] SetEvent (hEvent=0xb70) returned 1 [0152.176] WaitForSingleObject (hHandle=0xb18, dwMilliseconds=0xffffffff) returned 0x0 [0161.391] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\Z1ORm.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\z1orm.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x848 [0161.995] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc0004f9cf4 | out: lpMode=0xc0004f9cf4) returned 0 [0162.315] GetFileType (hFile=0x848) returned 0x1 [0162.315] GetFileType (hFile=0x848) returned 0x1 [0162.315] GetFileInformationByHandle (in: hFile=0x848, lpFileInformation=0xc0004f9d44 | out: lpFileInformation=0xc0004f9d44) returned 1 [0162.315] GetFileInformationByHandleEx (in: hFile=0x848, FileInformationClass=0x9, lpFileInformation=0xc0004f9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004f9d28) returned 1 [0162.315] VirtualAlloc (lpAddress=0xc0002b4000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b4000 [0162.318] ReadFile (in: hFile=0x848, lpBuffer=0xc0002b4000, nNumberOfBytesToRead=0x26d0, lpNumberOfBytesRead=0xc0004f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b4000*, lpNumberOfBytesRead=0xc0004f9c04*=0x24d0, lpOverlapped=0x0) returned 1 [0162.320] ReadFile (in: hFile=0x848, lpBuffer=0xc0002b64d0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004f9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b64d0*, lpNumberOfBytesRead=0xc0004f9c04*=0x0, lpOverlapped=0x0) returned 1 [0162.320] CloseHandle (hObject=0x848) returned 1 [0162.320] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\Z1ORm.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\z1orm.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0162.322] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc0004f9d04 | out: lpMode=0xc0004f9d04) returned 0 [0162.419] WaitForSingleObject (hHandle=0xb18, dwMilliseconds=0xffffffff) returned 0x0 [0162.589] SetEvent (hEvent=0xa60) returned 1 [0162.589] WaitForSingleObject (hHandle=0xb18, dwMilliseconds=0xffffffff) returned 0x0 [0163.604] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d0280*, nNumberOfCharsToWrite=0x49, lpNumberOfCharsWritten=0xc0001d3808, lpReserved=0x0 | out: lpBuffer=0xc0003d0280*, lpNumberOfCharsWritten=0xc0001d3808*=0x49) returned 1 [0163.605] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1701 | out: pbBuffer=0xc0000e1701) returned 1 [0163.605] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0163.607] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0163.608] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0166.394] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0xc0001d3a68 | out: lpFindFileData=0xc0001d3a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0166.394] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001d3720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0166.395] WaitForSingleObject (hHandle=0xb18, dwMilliseconds=0xffffffff) Thread: id = 160 os_tid = 0xc24 [0142.152] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3ad3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3ad3fea0*=0x758) returned 1 [0142.152] VirtualQuery (in: lpAddress=0x3ad3fec0, lpBuffer=0x3ad3fec0, dwLength=0x30 | out: lpBuffer=0x3ad3fec0*(BaseAddress=0x3ad3f000, AllocationBase=0x3ab40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.152] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_pE9j8 9q1yztDImt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_pe9j8 9q1yztdimt.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x75c [0142.152] GetConsoleMode (in: hConsoleHandle=0x75c, lpMode=0xc000421cf4 | out: lpMode=0xc000421cf4) returned 0 [0142.153] GetFileType (hFile=0x75c) returned 0x1 [0142.153] GetFileType (hFile=0x75c) returned 0x1 [0142.153] GetFileInformationByHandle (in: hFile=0x75c, lpFileInformation=0xc000421d44 | out: lpFileInformation=0xc000421d44) returned 1 [0142.153] GetFileInformationByHandleEx (in: hFile=0x75c, FileInformationClass=0x9, lpFileInformation=0xc000421d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000421d28) returned 1 [0142.153] ReadFile (in: hFile=0x75c, lpBuffer=0xc00037b300, nNumberOfBytesToRead=0x11bf, lpNumberOfBytesRead=0xc000421c04, lpOverlapped=0x0 | out: lpBuffer=0xc00037b300*, lpNumberOfBytesRead=0xc000421c04*=0xfbf, lpOverlapped=0x0) returned 1 [0142.763] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb20 [0142.763] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb24 [0142.763] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0143.553] ReadFile (in: hFile=0x75c, lpBuffer=0xc00037c2bf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000421c04, lpOverlapped=0x0 | out: lpBuffer=0xc00037c2bf*, lpNumberOfBytesRead=0xc000421c04*=0x0, lpOverlapped=0x0) returned 1 [0143.553] CloseHandle (hObject=0x75c) returned 1 [0143.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_pE9j8 9q1yztDImt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_pe9j8 9q1yztdimt.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x75c [0143.554] GetConsoleMode (in: hConsoleHandle=0x75c, lpMode=0xc000421d04 | out: lpMode=0xc000421d04) returned 0 [0143.558] GetFileType (hFile=0x75c) returned 0x1 [0143.558] WriteFile (in: hFile=0x75c, lpBuffer=0xc000653000*, nNumberOfBytesToWrite=0xfc0, lpNumberOfBytesWritten=0xc000421cec, lpOverlapped=0x0 | out: lpBuffer=0xc000653000*, lpNumberOfBytesWritten=0xc000421cec*=0xfc0, lpOverlapped=0x0) returned 1 [0143.559] CloseHandle (hObject=0x75c) returned 1 [0143.564] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0144.110] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0144.110] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0144.508] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0144.510] SetEvent (hEvent=0x8b8) returned 1 [0144.510] SetEvent (hEvent=0xbf0) returned 1 [0144.510] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0144.526] SetEvent (hEvent=0xb28) returned 1 [0144.526] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0144.561] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000600e0*, nNumberOfCharsToWrite=0x6d, lpNumberOfCharsWritten=0xc00049d808, lpReserved=0x0 | out: lpBuffer=0xc0000600e0*, lpNumberOfCharsWritten=0xc00049d808*=0x6d) returned 1 [0144.563] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b501 | out: pbBuffer=0xc00031b501) returned 1 [0144.563] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x890 [0144.563] GetConsoleMode (in: hConsoleHandle=0x890, lpMode=0xc00049dd64 | out: lpMode=0xc00049dd64) returned 0 [0144.580] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0144.928] GetFileType (hFile=0x890) returned 0x1 [0144.928] WriteFile (in: hFile=0x890, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00049dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00049dd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.929] CloseHandle (hObject=0x890) returned 1 [0144.929] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0144.930] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\encry-index.dat" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\encry-index.dat"), dwFlags=0x1) returned 0 [0144.930] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc00049d6e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0144.930] SetEvent (hEvent=0x208) returned 1 [0144.930] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0144.940] VirtualFree (lpAddress=0xc0006e4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0144.941] VirtualFree (lpAddress=0xc00063a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0144.942] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.943] VirtualFree (lpAddress=0xc000244000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.945] VirtualFree (lpAddress=0xc000238000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0144.947] VirtualFree (lpAddress=0xc00021a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0144.948] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.949] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0144.950] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.952] SetEvent (hEvent=0xab8) returned 1 [0144.952] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0145.029] SetEvent (hEvent=0x254) returned 1 [0145.029] SetEvent (hEvent=0xa18) returned 1 [0145.029] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0145.273] SetEvent (hEvent=0xc0c) returned 1 [0145.273] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0145.320] SetEvent (hEvent=0x3b0) returned 1 [0145.320] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0145.328] SetEvent (hEvent=0x318) returned 1 [0145.328] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0145.337] SetEvent (hEvent=0x318) returned 1 [0145.337] SetEvent (hEvent=0xbe8) returned 1 [0145.337] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0145.341] SetEvent (hEvent=0x318) returned 1 [0145.341] SetEvent (hEvent=0xae8) returned 1 [0145.341] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0145.344] SetEvent (hEvent=0xc6c) returned 1 [0145.344] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0145.369] SetEvent (hEvent=0x2f4) returned 1 [0145.369] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0145.373] SetEvent (hEvent=0x2f4) returned 1 [0145.373] SetEvent (hEvent=0x990) returned 1 [0145.373] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0145.375] SetEvent (hEvent=0x2f4) returned 1 [0145.375] SetEvent (hEvent=0x978) returned 1 [0145.375] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0145.395] SetEvent (hEvent=0x2f4) returned 1 [0145.395] VirtualFree (lpAddress=0xc000264000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0145.397] SetEvent (hEvent=0xc44) returned 1 [0145.397] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0145.407] GetFileType (hFile=0x590) returned 0x1 [0145.407] WriteFile (in: hFile=0x590, lpBuffer=0xc000614b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000451d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614b00*, lpNumberOfBytesWritten=0xc000451d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.408] CloseHandle (hObject=0x590) returned 1 [0145.409] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nz S7KVsk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nz s7kvsk.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-nz S7KVsk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-nz s7kvsk.lnk"), dwFlags=0x1) returned 1 [0147.841] SetEvent (hEvent=0xc0) returned 1 [0147.841] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0147.935] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0147.936] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0149.386] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc000445d04 | out: lpMode=0xc000445d04) returned 0 [0149.386] GetFileType (hFile=0x79c) returned 0x1 [0149.386] WriteFile (in: hFile=0x79c, lpBuffer=0xc00006c000*, nNumberOfBytesToWrite=0xfe0, lpNumberOfBytesWritten=0xc000445cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006c000*, lpNumberOfBytesWritten=0xc000445cec*=0xfe0, lpOverlapped=0x0) returned 1 [0149.558] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0149.610] CloseHandle (hObject=0x79c) returned 1 [0149.645] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0149.645] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0149.647] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0149.648] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0149.649] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0149.650] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0149.651] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0149.651] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc000445d64 | out: lpMode=0xc000445d64) returned 0 [0149.654] GetFileType (hFile=0x5d8) returned 0x1 [0149.654] WriteFile (in: hFile=0x5d8, lpBuffer=0xc00004c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000445d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00004c2c0*, lpNumberOfBytesWritten=0xc000445d4c*=0x158, lpOverlapped=0x0) returned 1 [0149.664] CloseHandle (hObject=0x5d8) returned 1 [0149.710] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0149.712] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\prefs.js"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-prefs.js" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-prefs.js"), dwFlags=0x1) returned 1 [0151.779] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0152.172] SetEvent (hEvent=0x354) returned 1 [0152.173] SetEvent (hEvent=0xc14) returned 1 [0152.173] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0161.405] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0161.407] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0161.408] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\jHuL_YLH6suGmW.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\jhul_ylh6sugmw.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7a0 [0161.991] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000313cf4 | out: lpMode=0xc000313cf4) returned 0 [0162.282] GetFileType (hFile=0x7a0) returned 0x1 [0162.282] GetFileType (hFile=0x7a0) returned 0x1 [0162.282] GetFileInformationByHandle (in: hFile=0x7a0, lpFileInformation=0xc000313d44 | out: lpFileInformation=0xc000313d44) returned 1 [0162.282] GetFileInformationByHandleEx (in: hFile=0x7a0, FileInformationClass=0x9, lpFileInformation=0xc000313d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000313d28) returned 1 [0162.282] VirtualAlloc (lpAddress=0xc0003c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c8000 [0162.284] ReadFile (in: hFile=0x7a0, lpBuffer=0xc000558000, nNumberOfBytesToRead=0x67d8, lpNumberOfBytesRead=0xc000313c04, lpOverlapped=0x0 | out: lpBuffer=0xc000558000*, lpNumberOfBytesRead=0xc000313c04*=0x65d8, lpOverlapped=0x0) returned 1 [0162.286] ReadFile (in: hFile=0x7a0, lpBuffer=0xc00055e5d8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000313c04, lpOverlapped=0x0 | out: lpBuffer=0xc00055e5d8*, lpNumberOfBytesRead=0xc000313c04*=0x0, lpOverlapped=0x0) returned 1 [0162.286] CloseHandle (hObject=0x7a0) returned 1 [0162.286] VirtualAlloc (lpAddress=0xc0003ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ce000 [0162.287] VirtualAlloc (lpAddress=0xc0003d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d4000 [0162.288] VirtualAlloc (lpAddress=0xc0003f8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003f8000 [0162.289] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0162.291] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\jHuL_YLH6suGmW.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\jhul_ylh6sugmw.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0162.293] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000313d04 | out: lpMode=0xc000313d04) returned 0 [0162.418] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0162.589] SetEvent (hEvent=0xa10) returned 1 [0162.589] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) returned 0x0 [0163.610] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000120b00*, nNumberOfCharsToWrite=0xac, lpNumberOfCharsWritten=0xc0002e3808, lpReserved=0x0 | out: lpBuffer=0xc000120b00*, lpNumberOfCharsWritten=0xc0002e3808*=0xac) returned 1 [0163.611] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000110030*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0002e3808, lpReserved=0x0 | out: lpBuffer=0xc000110030*, lpNumberOfCharsWritten=0xc0002e3808*=0x11) returned 1 [0163.612] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000110060*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0002e3808, lpReserved=0x0 | out: lpBuffer=0xc000110060*, lpNumberOfCharsWritten=0xc0002e3808*=0x11) returned 1 [0163.613] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0163.614] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0163.616] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0163.617] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwFlags=0x1) returned 0 [0166.395] VirtualAlloc (lpAddress=0xc000226000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000226000 [0166.396] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0002e36e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0166.396] WaitForSingleObject (hHandle=0xb20, dwMilliseconds=0xffffffff) Thread: id = 161 os_tid = 0xc28 [0142.154] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3af3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3af3fea0*=0x754) returned 1 [0142.154] VirtualQuery (in: lpAddress=0x3af3fec0, lpBuffer=0x3af3fec0, dwLength=0x30 | out: lpBuffer=0x3af3fec0*(BaseAddress=0x3af3f000, AllocationBase=0x3ad40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.154] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kx6 uo3mEQ_UuXg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kx6 uo3meq_uuxg.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x760 [0142.155] GetConsoleMode (in: hConsoleHandle=0x760, lpMode=0xc000457cf4 | out: lpMode=0xc000457cf4) returned 0 [0142.156] GetFileType (hFile=0x760) returned 0x1 [0142.156] GetFileType (hFile=0x760) returned 0x1 [0142.156] GetFileInformationByHandle (in: hFile=0x760, lpFileInformation=0xc000457d44 | out: lpFileInformation=0xc000457d44) returned 1 [0142.156] GetFileInformationByHandleEx (in: hFile=0x760, FileInformationClass=0x9, lpFileInformation=0xc000457d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000457d28) returned 1 [0142.156] VirtualAlloc (lpAddress=0xc000600000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000600000 [0142.157] ReadFile (in: hFile=0x760, lpBuffer=0xc000600000, nNumberOfBytesToRead=0x1baa, lpNumberOfBytesRead=0xc000457c04, lpOverlapped=0x0 | out: lpBuffer=0xc000600000*, lpNumberOfBytesRead=0xc000457c04*=0x19aa, lpOverlapped=0x0) returned 1 [0142.765] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb28 [0142.765] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb2c [0142.765] WaitForSingleObject (hHandle=0xb28, dwMilliseconds=0xffffffff) returned 0x0 [0143.565] ReadFile (in: hFile=0x760, lpBuffer=0xc0006019aa, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000457c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006019aa*, lpNumberOfBytesRead=0xc000457c04*=0x0, lpOverlapped=0x0) returned 1 [0143.565] CloseHandle (hObject=0x760) returned 1 [0143.565] VirtualAlloc (lpAddress=0xc0002a6000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a6000 [0143.567] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kx6 uo3mEQ_UuXg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kx6 uo3meq_uuxg.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x584 [0143.579] WaitForSingleObject (hHandle=0xb28, dwMilliseconds=0xffffffff) returned 0x0 [0144.113] GetConsoleMode (in: hConsoleHandle=0x584, lpMode=0xc000457d04 | out: lpMode=0xc000457d04) returned 0 [0144.116] WaitForSingleObject (hHandle=0xb28, dwMilliseconds=0xffffffff) returned 0x0 [0144.527] GetFileType (hFile=0x584) returned 0x1 [0144.527] WriteFile (in: hFile=0x584, lpBuffer=0xc0002a6000*, nNumberOfBytesToWrite=0x19b0, lpNumberOfBytesWritten=0xc000457cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a6000*, lpNumberOfBytesWritten=0xc000457cec*=0x19b0, lpOverlapped=0x0) returned 1 [0144.528] CloseHandle (hObject=0x584) returned 1 [0144.528] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b901 | out: pbBuffer=0xc00031b901) returned 1 [0144.528] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kx6 uo3mEQ_UuXg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kx6 uo3meq_uuxg.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x584 [0144.528] GetConsoleMode (in: hConsoleHandle=0x584, lpMode=0xc000457d64 | out: lpMode=0xc000457d64) returned 0 [0144.529] WaitForSingleObject (hHandle=0xb28, dwMilliseconds=0xffffffff) returned 0x0 [0144.839] GetFileType (hFile=0x584) returned 0x1 [0144.839] WriteFile (in: hFile=0x584, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000457d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc000457d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.839] CloseHandle (hObject=0x584) returned 1 [0144.856] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\kx6 uo3mEQ_UuXg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\kx6 uo3meq_uuxg.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-kx6 uo3mEQ_UuXg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-kx6 uo3meq_uuxg.lnk"), dwFlags=0x1) returned 1 [0145.912] WaitForSingleObject (hHandle=0xb28, dwMilliseconds=0xffffffff) returned 0x0 [0146.148] SetEvent (hEvent=0x354) returned 1 [0146.148] WaitForSingleObject (hHandle=0xb28, dwMilliseconds=0xffffffff) returned 0x0 [0146.161] SetEvent (hEvent=0x3c4) returned 1 [0146.161] WaitForSingleObject (hHandle=0xb28, dwMilliseconds=0xffffffff) Thread: id = 162 os_tid = 0xc2c [0142.158] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3b13fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3b13fea0*=0x764) returned 1 [0142.158] VirtualQuery (in: lpAddress=0x3b13fec0, lpBuffer=0x3b13fec0, dwLength=0x30 | out: lpBuffer=0x3b13fec0*(BaseAddress=0x3b13f000, AllocationBase=0x3af40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.158] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\esOLLOsE8Cg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\esollose8cg.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x768 [0142.158] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc000439cf4 | out: lpMode=0xc000439cf4) returned 0 [0142.159] GetFileType (hFile=0x768) returned 0x1 [0142.159] GetFileType (hFile=0x768) returned 0x1 [0142.159] GetFileInformationByHandle (in: hFile=0x768, lpFileInformation=0xc000439d44 | out: lpFileInformation=0xc000439d44) returned 1 [0142.159] GetFileInformationByHandleEx (in: hFile=0x768, FileInformationClass=0x9, lpFileInformation=0xc000439d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000439d28) returned 1 [0142.159] ReadFile (in: hFile=0x768, lpBuffer=0xc0002cd000, nNumberOfBytesToRead=0x1577, lpNumberOfBytesRead=0xc000439c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002cd000*, lpNumberOfBytesRead=0xc000439c04*=0x1377, lpOverlapped=0x0) returned 1 [0142.767] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb30 [0142.767] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb34 [0142.767] WaitForSingleObject (hHandle=0xb30, dwMilliseconds=0xffffffff) returned 0x0 [0143.583] ReadFile (in: hFile=0x768, lpBuffer=0xc0002ce377, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000439c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ce377*, lpNumberOfBytesRead=0xc000439c04*=0x0, lpOverlapped=0x0) returned 1 [0143.583] CloseHandle (hObject=0x768) returned 1 [0143.584] VirtualAlloc (lpAddress=0xc000678000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000678000 [0143.585] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\esOLLOsE8Cg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\esollose8cg.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x768 [0143.609] WaitForSingleObject (hHandle=0xb30, dwMilliseconds=0xffffffff) returned 0x0 [0144.401] SetEvent (hEvent=0x29c) returned 1 [0144.401] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc000439d04 | out: lpMode=0xc000439d04) returned 0 [0144.402] WaitForSingleObject (hHandle=0xb30, dwMilliseconds=0xffffffff) returned 0x0 [0144.889] GetFileType (hFile=0x768) returned 0x1 [0144.889] WriteFile (in: hFile=0x768, lpBuffer=0xc00063ca00*, nNumberOfBytesToWrite=0x1380, lpNumberOfBytesWritten=0xc000439cec, lpOverlapped=0x0 | out: lpBuffer=0xc00063ca00*, lpNumberOfBytesWritten=0xc000439cec*=0x1380, lpOverlapped=0x0) returned 1 [0144.891] CloseHandle (hObject=0x768) returned 1 [0144.891] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1b01 | out: pbBuffer=0xc0000e1b01) returned 1 [0144.891] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0144.893] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0144.894] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\esOLLOsE8Cg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\esollose8cg.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x768 [0144.894] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc000439d64 | out: lpMode=0xc000439d64) returned 0 [0144.895] GetFileType (hFile=0x768) returned 0x1 [0144.895] WriteFile (in: hFile=0x768, lpBuffer=0xc0000d74a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000439d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d74a0*, lpNumberOfBytesWritten=0xc000439d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.895] CloseHandle (hObject=0x768) returned 1 [0144.899] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\esOLLOsE8Cg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\esollose8cg.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-esOLLOsE8Cg.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-esollose8cg.lnk"), dwFlags=0x1) returned 1 [0146.145] SetEvent (hEvent=0xb28) returned 1 [0146.145] WaitForSingleObject (hHandle=0xb30, dwMilliseconds=0xffffffff) returned 0x0 [0146.151] VirtualFree (lpAddress=0xc000836000, dwSize=0x9e000, dwFreeType=0x4000) returned 1 [0146.155] VirtualFree (lpAddress=0xc00028c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.156] VirtualFree (lpAddress=0xc000288000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.156] VirtualFree (lpAddress=0xc000238000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.157] VirtualFree (lpAddress=0xc000218000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.157] VirtualFree (lpAddress=0xc000184000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.158] VirtualFree (lpAddress=0xc0000bc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.159] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.159] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.160] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.160] SetEvent (hEvent=0xb48) returned 1 [0146.161] WaitForSingleObject (hHandle=0xb30, dwMilliseconds=0xffffffff) Thread: id = 163 os_tid = 0xc30 [0142.161] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3b33fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3b33fea0*=0x76c) returned 1 [0142.161] VirtualQuery (in: lpAddress=0x3b33fec0, lpBuffer=0x3b33fec0, dwLength=0x30 | out: lpBuffer=0x3b33fec0*(BaseAddress=0x3b33f000, AllocationBase=0x3b140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.161] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NZuv2Qads 2CLaHFUH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nzuv2qads 2clahfuh.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x770 [0142.162] GetConsoleMode (in: hConsoleHandle=0x770, lpMode=0xc0003c3cf4 | out: lpMode=0xc0003c3cf4) returned 0 [0142.164] GetFileType (hFile=0x770) returned 0x1 [0142.164] GetFileType (hFile=0x770) returned 0x1 [0142.164] GetFileInformationByHandle (in: hFile=0x770, lpFileInformation=0xc0003c3d44 | out: lpFileInformation=0xc0003c3d44) returned 1 [0142.164] GetFileInformationByHandleEx (in: hFile=0x770, FileInformationClass=0x9, lpFileInformation=0xc0003c3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003c3d28) returned 1 [0142.164] ReadFile (in: hFile=0x770, lpBuffer=0xc000079900, nNumberOfBytesToRead=0x11d7, lpNumberOfBytesRead=0xc0003c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000079900*, lpNumberOfBytesRead=0xc0003c3c04*=0xfd7, lpOverlapped=0x0) returned 1 [0142.768] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb38 [0142.768] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb3c [0142.768] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0143.612] ReadFile (in: hFile=0x770, lpBuffer=0xc00007a8d7, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003c3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007a8d7*, lpNumberOfBytesRead=0xc0003c3c04*=0x0, lpOverlapped=0x0) returned 1 [0143.612] CloseHandle (hObject=0x770) returned 1 [0143.613] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NZuv2Qads 2CLaHFUH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nzuv2qads 2clahfuh.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f8 [0143.620] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0144.500] GetConsoleMode (in: hConsoleHandle=0x7f8, lpMode=0xc0003c3d04 | out: lpMode=0xc0003c3d04) returned 0 [0144.507] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0144.757] GetFileType (hFile=0x7f8) returned 0x1 [0144.757] WriteFile (in: hFile=0x7f8, lpBuffer=0xc0007d7000*, nNumberOfBytesToWrite=0xfe0, lpNumberOfBytesWritten=0xc0003c3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0007d7000*, lpNumberOfBytesWritten=0xc0003c3cec*=0xfe0, lpOverlapped=0x0) returned 1 [0144.758] CloseHandle (hObject=0x7f8) returned 1 [0144.758] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0144.759] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0144.760] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0144.761] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NZuv2Qads 2CLaHFUH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nzuv2qads 2clahfuh.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f8 [0144.761] GetConsoleMode (in: hConsoleHandle=0x7f8, lpMode=0xc0003c3d64 | out: lpMode=0xc0003c3d64) returned 0 [0144.777] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0145.454] SetEvent (hEvent=0xb70) returned 1 [0145.454] GetFileType (hFile=0x7f8) returned 0x1 [0145.454] WriteFile (in: hFile=0x7f8, lpBuffer=0xc00007e9a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003c3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e9a0*, lpNumberOfBytesWritten=0xc0003c3d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.454] CloseHandle (hObject=0x7f8) returned 1 [0145.456] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0145.928] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NZuv2Qads 2CLaHFUH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nzuv2qads 2clahfuh.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-NZuv2Qads 2CLaHFUH.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-nzuv2qads 2clahfuh.lnk"), dwFlags=0x1) returned 1 [0150.682] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0151.199] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5a0 [0151.199] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc000453cf4 | out: lpMode=0xc000453cf4) returned 0 [0151.202] GetFileType (hFile=0x5a0) returned 0x1 [0151.202] GetFileType (hFile=0x5a0) returned 0x1 [0151.203] GetFileInformationByHandle (in: hFile=0x5a0, lpFileInformation=0xc000453d44 | out: lpFileInformation=0xc000453d44) returned 1 [0151.203] GetFileInformationByHandleEx (in: hFile=0x5a0, FileInformationClass=0x9, lpFileInformation=0xc000453d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000453d28) returned 1 [0151.203] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0151.204] ReadFile (in: hFile=0x5a0, lpBuffer=0xc00010c000, nNumberOfBytesToRead=0x39c, lpNumberOfBytesRead=0xc000453c04, lpOverlapped=0x0 | out: lpBuffer=0xc00010c000*, lpNumberOfBytesRead=0xc000453c04*=0x19c, lpOverlapped=0x0) returned 1 [0151.205] ReadFile (in: hFile=0x5a0, lpBuffer=0xc00010c19c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000453c04, lpOverlapped=0x0 | out: lpBuffer=0xc00010c19c*, lpNumberOfBytesRead=0xc000453c04*=0x0, lpOverlapped=0x0) returned 1 [0151.205] CloseHandle (hObject=0x5a0) returned 1 [0151.205] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0151.207] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.207] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini\\*", lpFindFileData=0xc000453a08 | out: lpFindFileData=0xc000453a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0151.207] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000453720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0151.207] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5a0 [0151.208] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc000273cf4 | out: lpMode=0xc000273cf4) returned 0 [0151.233] GetFileType (hFile=0x5a0) returned 0x1 [0151.233] GetFileType (hFile=0x5a0) returned 0x1 [0151.233] GetFileInformationByHandle (in: hFile=0x5a0, lpFileInformation=0xc000273d44 | out: lpFileInformation=0xc000273d44) returned 1 [0151.233] GetFileInformationByHandleEx (in: hFile=0x5a0, FileInformationClass=0x9, lpFileInformation=0xc000273d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000273d28) returned 1 [0151.233] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0151.235] ReadFile (in: hFile=0x5a0, lpBuffer=0xc00011c000, nNumberOfBytesToRead=0x696, lpNumberOfBytesRead=0xc000273c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c000*, lpNumberOfBytesRead=0xc000273c04*=0x496, lpOverlapped=0x0) returned 1 [0151.246] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0151.687] ReadFile (in: hFile=0x5a0, lpBuffer=0xc00011c496, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000273c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c496*, lpNumberOfBytesRead=0xc000273c04*=0x0, lpOverlapped=0x0) returned 1 [0151.687] CloseHandle (hObject=0x5a0) returned 1 [0151.687] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0 [0151.690] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc000273d04 | out: lpMode=0xc000273d04) returned 0 [0151.708] GetFileType (hFile=0x5a0) returned 0x1 [0151.708] WriteFile (in: hFile=0x5a0, lpBuffer=0xc00006c500*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0xc000273cec, lpOverlapped=0x0 | out: lpBuffer=0xc00006c500*, lpNumberOfBytesWritten=0xc000273cec*=0x4a0, lpOverlapped=0x0) returned 1 [0151.710] CloseHandle (hObject=0x5a0) returned 1 [0151.710] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2f01 | out: pbBuffer=0xc0001c2f01) returned 1 [0151.710] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\lulcit amkdfe.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\lulcit amkdfe.contact"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0 [0151.711] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc000273d64 | out: lpMode=0xc000273d64) returned 0 [0151.751] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0152.176] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0152.272] SetEvent (hEvent=0xa10) returned 1 [0152.272] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0161.391] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\RqAQO.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\rqaqo.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0161.994] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0004fdcf4 | out: lpMode=0xc0004fdcf4) returned 0 [0162.314] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0162.364] GetFileType (hFile=0x384) returned 0x1 [0162.364] GetFileType (hFile=0x384) returned 0x1 [0162.364] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc0004fdd44 | out: lpFileInformation=0xc0004fdd44) returned 1 [0162.364] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc0004fdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004fdd28) returned 1 [0162.364] ReadFile (in: hFile=0x384, lpBuffer=0xc000660000, nNumberOfBytesToRead=0xf11f, lpNumberOfBytesRead=0xc0004fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000660000*, lpNumberOfBytesRead=0xc0004fdc04*=0xef1f, lpOverlapped=0x0) returned 1 [0162.367] ReadFile (in: hFile=0x384, lpBuffer=0xc00066ef1f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00066ef1f*, lpNumberOfBytesRead=0xc0004fdc04*=0x0, lpOverlapped=0x0) returned 1 [0162.367] CloseHandle (hObject=0x384) returned 1 [0162.367] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\RqAQO.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\rqaqo.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0162.370] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc0004fdd04 | out: lpMode=0xc0004fdd04) returned 0 [0162.420] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0162.591] SetEvent (hEvent=0xc44) returned 1 [0162.591] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0163.599] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000070400*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0xc000129808, lpReserved=0x0 | out: lpBuffer=0xc000070400*, lpNumberOfCharsWritten=0xc000129808*=0x3e) returned 1 [0163.600] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0163.600] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0166.398] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies\\*", lpFindFileData=0xc000129a68 | out: lpFindFileData=0xc000129a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0166.398] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000129720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0166.398] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0166.518] SetEvent (hEvent=0xb48) returned 1 [0166.717] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0166.755] SetEvent (hEvent=0xb48) returned 1 [0166.755] SetEvent (hEvent=0xc80) returned 1 [0166.755] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0166.819] SetEvent (hEvent=0xc6c) returned 1 [0166.823] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) returned 0x0 [0166.922] SetEvent (hEvent=0x100) returned 1 [0166.922] WaitForSingleObject (hHandle=0xb38, dwMilliseconds=0xffffffff) Thread: id = 164 os_tid = 0xc34 [0142.164] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3b53fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3b53fea0*=0x778) returned 1 [0142.164] VirtualQuery (in: lpAddress=0x3b53fec0, lpBuffer=0x3b53fec0, dwLength=0x30 | out: lpBuffer=0x3b53fec0*(BaseAddress=0x3b53f000, AllocationBase=0x3b340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_wc27dzsWvOBAVe.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_wc27dzswvobave.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x77c [0142.165] GetConsoleMode (in: hConsoleHandle=0x77c, lpMode=0xc00042bcf4 | out: lpMode=0xc00042bcf4) returned 0 [0142.166] GetFileType (hFile=0x77c) returned 0x1 [0142.166] GetFileType (hFile=0x77c) returned 0x1 [0142.166] GetFileInformationByHandle (in: hFile=0x77c, lpFileInformation=0xc00042bd44 | out: lpFileInformation=0xc00042bd44) returned 1 [0142.166] GetFileInformationByHandleEx (in: hFile=0x77c, FileInformationClass=0x9, lpFileInformation=0xc00042bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00042bd28) returned 1 [0142.166] VirtualAlloc (lpAddress=0xc000680000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000680000 [0142.167] ReadFile (in: hFile=0x77c, lpBuffer=0xc000680000, nNumberOfBytesToRead=0x1bc1, lpNumberOfBytesRead=0xc00042bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000680000*, lpNumberOfBytesRead=0xc00042bc04*=0x19c1, lpOverlapped=0x0) returned 1 [0142.770] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb40 [0142.770] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb44 [0142.770] WaitForSingleObject (hHandle=0xb40, dwMilliseconds=0xffffffff) returned 0x0 [0143.624] ReadFile (in: hFile=0x77c, lpBuffer=0xc0006819c1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00042bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0006819c1*, lpNumberOfBytesRead=0xc00042bc04*=0x0, lpOverlapped=0x0) returned 1 [0143.624] CloseHandle (hObject=0x77c) returned 1 [0143.624] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_wc27dzsWvOBAVe.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_wc27dzswvobave.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0143.647] WaitForSingleObject (hHandle=0xb40, dwMilliseconds=0xffffffff) returned 0x0 [0144.281] GetConsoleMode (in: hConsoleHandle=0x780, lpMode=0xc00042bd04 | out: lpMode=0xc00042bd04) returned 0 [0144.286] GetFileType (hFile=0x780) returned 0x1 [0144.286] WriteFile (in: hFile=0x780, lpBuffer=0xc0002a7a80*, nNumberOfBytesToWrite=0x19d0, lpNumberOfBytesWritten=0xc00042bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a7a80*, lpNumberOfBytesWritten=0xc00042bcec*=0x19d0, lpOverlapped=0x0) returned 1 [0144.288] CloseHandle (hObject=0x780) returned 1 [0144.288] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0144.288] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0144.289] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_wc27dzsWvOBAVe.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_wc27dzswvobave.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x780 [0144.290] GetConsoleMode (in: hConsoleHandle=0x780, lpMode=0xc00042bd64 | out: lpMode=0xc00042bd64) returned 0 [0144.294] WaitForSingleObject (hHandle=0xb40, dwMilliseconds=0xffffffff) returned 0x0 [0144.632] SetEvent (hEvent=0xc6c) returned 1 [0144.633] GetFileType (hFile=0x780) returned 0x1 [0144.633] WaitForSingleObject (hHandle=0xb40, dwMilliseconds=0xffffffff) returned 0x0 [0145.453] WriteFile (in: hFile=0x780, lpBuffer=0xc000290b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00042bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290b00*, lpNumberOfBytesWritten=0xc00042bd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.453] CloseHandle (hObject=0x780) returned 1 [0145.456] WaitForSingleObject (hHandle=0xb40, dwMilliseconds=0xffffffff) returned 0x0 [0145.949] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\_wc27dzsWvOBAVe.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\_wc27dzswvobave.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-_wc27dzsWvOBAVe.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-_wc27dzswvobave.lnk"), dwFlags=0x1) returned 1 [0150.684] WaitForSingleObject (hHandle=0xb40, dwMilliseconds=0xffffffff) returned 0x0 [0151.189] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x63c [0151.190] GetConsoleMode (in: hConsoleHandle=0x63c, lpMode=0xc000047cf4 | out: lpMode=0xc000047cf4) returned 0 [0151.193] WaitForSingleObject (hHandle=0xb40, dwMilliseconds=0xffffffff) returned 0x0 [0151.491] GetFileType (hFile=0x63c) returned 0x1 [0151.492] GetFileType (hFile=0x63c) returned 0x1 [0151.492] GetFileInformationByHandle (in: hFile=0x63c, lpFileInformation=0xc000047d44 | out: lpFileInformation=0xc000047d44) returned 1 [0151.492] GetFileInformationByHandleEx (in: hFile=0x63c, FileInformationClass=0x9, lpFileInformation=0xc000047d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000047d28) returned 1 [0151.492] ReadFile (in: hFile=0x63c, lpBuffer=0xc00011c700, nNumberOfBytesToRead=0x693, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011c700*, lpNumberOfBytesRead=0xc000047c04*=0x493, lpOverlapped=0x0) returned 1 [0151.508] WaitForSingleObject (hHandle=0xb40, dwMilliseconds=0xffffffff) returned 0x0 [0151.967] SetEvent (hEvent=0xc0) returned 1 [0151.967] ReadFile (in: hFile=0x63c, lpBuffer=0xc00011cb93, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000047c04, lpOverlapped=0x0 | out: lpBuffer=0xc00011cb93*, lpNumberOfBytesRead=0xc000047c04*=0x0, lpOverlapped=0x0) returned 1 [0151.967] WaitForSingleObject (hHandle=0xb40, dwMilliseconds=0xffffffff) returned 0x0 [0152.303] CloseHandle (hObject=0x63c) returned 1 [0152.303] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\asdlfk poopvy.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\asdlfk poopvy.contact"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x63c [0152.304] GetConsoleMode (in: hConsoleHandle=0x63c, lpMode=0xc000047d04 | out: lpMode=0xc000047d04) returned 0 [0152.307] WaitForSingleObject (hHandle=0xb40, dwMilliseconds=0xffffffff) returned 0x0 [0152.573] SetEvent (hEvent=0xc80) returned 1 [0152.573] WaitForSingleObject (hHandle=0xb40, dwMilliseconds=0xffffffff) returned 0x0 [0161.269] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\G72JCxubkxh.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\g72jcxubkxh.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x554 [0162.047] GetConsoleMode (in: hConsoleHandle=0x554, lpMode=0xc0002afcf4 | out: lpMode=0xc0002afcf4) returned 0 [0162.406] WaitForSingleObject (hHandle=0xb40, dwMilliseconds=0xffffffff) returned 0x0 [0162.596] SetEvent (hEvent=0xab8) returned 1 [0162.596] WaitForSingleObject (hHandle=0xb40, dwMilliseconds=0xffffffff) returned 0x0 [0163.510] WriteFile (in: hFile=0x384, lpBuffer=0xc000670000*, nNumberOfBytesToWrite=0xef20, lpNumberOfBytesWritten=0xc0004fdcec, lpOverlapped=0x0 | out: lpBuffer=0xc000670000*, lpNumberOfBytesWritten=0xc0004fdcec*=0xef20, lpOverlapped=0x0) returned 1 [0166.374] CloseHandle (hObject=0x384) returned 1 [0166.707] WaitForSingleObject (hHandle=0xb40, dwMilliseconds=0xffffffff) returned 0x0 [0166.869] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000601 | out: pbBuffer=0xc000000601) returned 1 [0166.869] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\RqAQO.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\rqaqo.mkv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x750 [0166.870] GetConsoleMode (in: hConsoleHandle=0x750, lpMode=0xc0004fdd64 | out: lpMode=0xc0004fdd64) returned 0 [0166.889] GetFileType (hFile=0x750) returned 0x1 [0166.889] WriteFile (in: hFile=0x750, lpBuffer=0xc0001849a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004fdd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001849a0*, lpNumberOfBytesWritten=0xc0004fdd4c*=0x158, lpOverlapped=0x0) returned 1 [0166.890] CloseHandle (hObject=0x750) returned 1 [0166.890] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\RqAQO.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\rqaqo.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\encry-RqAQO.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\encry-rqaqo.mkv"), dwFlags=0x1) returned 1 [0167.394] WaitForSingleObject (hHandle=0xb40, dwMilliseconds=0xffffffff) Thread: id = 165 os_tid = 0xc38 [0142.168] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3b73fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3b73fea0*=0x774) returned 1 [0142.168] VirtualQuery (in: lpAddress=0x3b73fec0, lpBuffer=0x3b73fec0, dwLength=0x30 | out: lpBuffer=0x3b73fec0*(BaseAddress=0x3b73f000, AllocationBase=0x3b540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.168] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lS65fyrP8XMrnQyKww.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ls65fyrp8xmrnqykww.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x780 [0142.169] GetConsoleMode (in: hConsoleHandle=0x780, lpMode=0xc000449cf4 | out: lpMode=0xc000449cf4) returned 0 [0142.169] GetFileType (hFile=0x780) returned 0x1 [0142.169] GetFileType (hFile=0x780) returned 0x1 [0142.169] GetFileInformationByHandle (in: hFile=0x780, lpFileInformation=0xc000449d44 | out: lpFileInformation=0xc000449d44) returned 1 [0142.169] GetFileInformationByHandleEx (in: hFile=0x780, FileInformationClass=0x9, lpFileInformation=0xc000449d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000449d28) returned 1 [0142.169] ReadFile (in: hFile=0x780, lpBuffer=0xc000233800, nNumberOfBytesToRead=0xbbb, lpNumberOfBytesRead=0xc000449c04, lpOverlapped=0x0 | out: lpBuffer=0xc000233800*, lpNumberOfBytesRead=0xc000449c04*=0x9bb, lpOverlapped=0x0) returned 1 [0142.772] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb48 [0142.772] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb4c [0142.772] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0143.644] ReadFile (in: hFile=0x780, lpBuffer=0xc0002341bb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000449c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002341bb*, lpNumberOfBytesRead=0xc000449c04*=0x0, lpOverlapped=0x0) returned 1 [0143.644] CloseHandle (hObject=0x780) returned 1 [0143.644] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lS65fyrP8XMrnQyKww.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ls65fyrp8xmrnqykww.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0 [0143.662] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0144.322] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc000449d04 | out: lpMode=0xc000449d04) returned 0 [0144.323] GetFileType (hFile=0x5a0) returned 0x1 [0144.323] WriteFile (in: hFile=0x5a0, lpBuffer=0xc000756a80*, nNumberOfBytesToWrite=0x9c0, lpNumberOfBytesWritten=0xc000449cec, lpOverlapped=0x0 | out: lpBuffer=0xc000756a80*, lpNumberOfBytesWritten=0xc000449cec*=0x9c0, lpOverlapped=0x0) returned 1 [0144.324] CloseHandle (hObject=0x5a0) returned 1 [0144.324] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0144.324] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lS65fyrP8XMrnQyKww.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ls65fyrp8xmrnqykww.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0 [0144.324] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc000449d64 | out: lpMode=0xc000449d64) returned 0 [0144.325] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0144.657] GetFileType (hFile=0x5a0) returned 0x1 [0144.657] WriteFile (in: hFile=0x5a0, lpBuffer=0xc0002909a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000449d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002909a0*, lpNumberOfBytesWritten=0xc000449d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.657] CloseHandle (hObject=0x5a0) returned 1 [0144.657] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\lS65fyrP8XMrnQyKww.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ls65fyrp8xmrnqykww.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-lS65fyrP8XMrnQyKww.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-ls65fyrp8xmrnqykww.lnk"), dwFlags=0x1) returned 1 [0144.659] SetEvent (hEvent=0xa70) returned 1 [0144.659] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0145.803] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0145.809] SetEvent (hEvent=0x3b0) returned 1 [0145.809] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0145.815] SetEvent (hEvent=0x8d0) returned 1 [0145.815] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0145.824] SetEvent (hEvent=0xbe8) returned 1 [0145.824] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0145.843] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0145.844] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc0002a1cf4 | out: lpMode=0xc0002a1cf4) returned 0 [0145.849] GetFileType (hFile=0x2cc) returned 0x1 [0145.849] GetFileType (hFile=0x2cc) returned 0x1 [0145.849] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc0002a1d44 | out: lpFileInformation=0xc0002a1d44) returned 1 [0145.849] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc0002a1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002a1d28) returned 1 [0145.849] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0000b6000, nNumberOfBytesToRead=0x2ae, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b6000*, lpNumberOfBytesRead=0xc0002a1c04*=0xae, lpOverlapped=0x0) returned 1 [0145.850] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0000b60ae, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002a1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b60ae*, lpNumberOfBytesRead=0xc0002a1c04*=0x0, lpOverlapped=0x0) returned 1 [0145.850] CloseHandle (hObject=0x2cc) returned 1 [0145.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0145.851] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini\\*", lpFindFileData=0xc0002a1a08 | out: lpFindFileData=0xc0002a1a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0145.851] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002a1720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0145.851] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0145.852] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00017bcf4 | out: lpMode=0xc00017bcf4) returned 0 [0145.853] GetFileType (hFile=0x2cc) returned 0x1 [0145.853] GetFileType (hFile=0x2cc) returned 0x1 [0145.854] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc00017bd44 | out: lpFileInformation=0xc00017bd44) returned 1 [0145.854] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc00017bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00017bd28) returned 1 [0145.854] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0000e6000, nNumberOfBytesToRead=0x3dc, lpNumberOfBytesRead=0xc00017bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e6000*, lpNumberOfBytesRead=0xc00017bc04*=0x1dc, lpOverlapped=0x0) returned 1 [0145.855] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0000e61dc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00017bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000e61dc*, lpNumberOfBytesRead=0xc00017bc04*=0x0, lpOverlapped=0x0) returned 1 [0145.855] CloseHandle (hObject=0x2cc) returned 1 [0145.855] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0145.855] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini\\*", lpFindFileData=0xc00017ba08 | out: lpFindFileData=0xc00017ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0145.855] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00017b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0145.856] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2cc [0145.856] GetConsoleMode (in: hConsoleHandle=0x2cc, lpMode=0xc00018dcf4 | out: lpMode=0xc00018dcf4) returned 0 [0145.859] GetFileType (hFile=0x2cc) returned 0x1 [0145.859] GetFileType (hFile=0x2cc) returned 0x1 [0145.860] GetFileInformationByHandle (in: hFile=0x2cc, lpFileInformation=0xc00018dd44 | out: lpFileInformation=0xc00018dd44) returned 1 [0145.860] GetFileInformationByHandleEx (in: hFile=0x2cc, FileInformationClass=0x9, lpFileInformation=0xc00018dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00018dd28) returned 1 [0145.860] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0000b62c0, nNumberOfBytesToRead=0x2ae, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b62c0*, lpNumberOfBytesRead=0xc00018dc04*=0xae, lpOverlapped=0x0) returned 1 [0145.861] ReadFile (in: hFile=0x2cc, lpBuffer=0xc0000b636e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00018dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000b636e*, lpNumberOfBytesRead=0xc00018dc04*=0x0, lpOverlapped=0x0) returned 1 [0145.861] CloseHandle (hObject=0x2cc) returned 1 [0145.861] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0145.861] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini\\*", lpFindFileData=0xc00018da08 | out: lpFindFileData=0xc00018da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0145.861] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00018d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0145.861] SetEvent (hEvent=0x9a8) returned 1 [0145.861] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0145.869] SetEvent (hEvent=0x8e8) returned 1 [0145.869] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0145.889] SetEvent (hEvent=0x978) returned 1 [0145.889] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0145.903] SetEvent (hEvent=0x354) returned 1 [0145.903] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0145.917] SetEvent (hEvent=0xb50) returned 1 [0145.917] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0145.925] SetEvent (hEvent=0xb50) returned 1 [0145.925] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x584 [0145.927] GetConsoleMode (in: hConsoleHandle=0x584, lpMode=0xc0001abcf4 | out: lpMode=0xc0001abcf4) returned 0 [0145.931] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0146.161] GetFileType (hFile=0x584) returned 0x1 [0146.161] GetFileType (hFile=0x584) returned 0x1 [0146.162] GetFileInformationByHandle (in: hFile=0x584, lpFileInformation=0xc0001abd44 | out: lpFileInformation=0xc0001abd44) returned 1 [0146.162] GetFileInformationByHandleEx (in: hFile=0x584, FileInformationClass=0x9, lpFileInformation=0xc0001abd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001abd28) returned 1 [0146.162] ReadFile (in: hFile=0x584, lpBuffer=0xc00021ca00, nNumberOfBytesToRead=0x4e2, lpNumberOfBytesRead=0xc0001abc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021ca00*, lpNumberOfBytesRead=0xc0001abc04*=0x2e2, lpOverlapped=0x0) returned 1 [0146.163] ReadFile (in: hFile=0x584, lpBuffer=0xc00021cce2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001abc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021cce2*, lpNumberOfBytesRead=0xc0001abc04*=0x0, lpOverlapped=0x0) returned 1 [0146.163] CloseHandle (hObject=0x584) returned 1 [0146.163] VirtualAlloc (lpAddress=0xc000296000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000296000 [0146.164] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0146.165] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini\\*", lpFindFileData=0xc0001aba08 | out: lpFindFileData=0xc0001aba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0146.165] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001ab720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0146.165] SetEvent (hEvent=0x9a0) returned 1 [0146.165] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0146.173] SetEvent (hEvent=0x8f8) returned 1 [0146.173] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.093] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.094] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.095] SetEvent (hEvent=0xbf0) returned 1 [0148.095] SetEvent (hEvent=0xbe8) returned 1 [0148.095] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.096] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.097] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.098] VirtualFree (lpAddress=0xc00011e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0148.099] VirtualFree (lpAddress=0xc000110000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.099] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.100] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.100] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.101] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.102] VirtualFree (lpAddress=0xc000072000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0148.103] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.103] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.104] SwitchToThread () returned 1 [0148.106] SetEvent (hEvent=0xbf0) returned 1 [0148.106] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.109] SetEvent (hEvent=0xbf0) returned 1 [0148.109] SetEvent (hEvent=0xbe8) returned 1 [0148.109] SetEvent (hEvent=0x8b8) returned 1 [0148.109] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.111] SetEvent (hEvent=0x9f0) returned 1 [0148.111] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.301] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.302] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.302] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.303] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.304] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.304] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.305] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.306] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.306] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.307] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.308] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.308] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.309] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.310] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.311] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.311] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.312] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.313] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.314] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.314] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.315] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.316] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.317] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.318] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.318] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.319] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.320] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0148.320] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0149.345] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0149.739] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc000437d04 | out: lpMode=0xc000437d04) returned 0 [0149.740] GetFileType (hFile=0x79c) returned 0x1 [0149.740] WriteFile (in: hFile=0x79c, lpBuffer=0xc00122a000*, nNumberOfBytesToWrite=0xa00010, lpNumberOfBytesWritten=0xc000437cec, lpOverlapped=0x0 | out: lpBuffer=0xc00122a000*, lpNumberOfBytesWritten=0xc000437cec*=0xa00010, lpOverlapped=0x0) returned 1 [0150.248] CloseHandle (hObject=0x79c) returned 1 [0150.383] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0150.383] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0150.384] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0150.386] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0150.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0150.387] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000437d64 | out: lpMode=0xc000437d64) returned 0 [0150.390] GetFileType (hFile=0x3e0) returned 0x1 [0150.390] WriteFile (in: hFile=0x3e0, lpBuffer=0xc00011c2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000437d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00011c2c0*, lpNumberOfBytesWritten=0xc000437d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.397] CloseHandle (hObject=0x3e0) returned 1 [0150.466] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0150.467] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\places.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-places.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-places.sqlite"), dwFlags=0x1) returned 1 [0151.465] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0151.961] SetEvent (hEvent=0xb40) returned 1 [0151.961] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0151.970] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\P3LpCoP8sODQy.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\p3lpcop8sodqy.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x568 [0151.971] GetConsoleMode (in: hConsoleHandle=0x568, lpMode=0xc00040fcf4 | out: lpMode=0xc00040fcf4) returned 0 [0151.978] GetFileType (hFile=0x568) returned 0x1 [0151.979] GetFileType (hFile=0x568) returned 0x1 [0151.979] GetFileInformationByHandle (in: hFile=0x568, lpFileInformation=0xc00040fd44 | out: lpFileInformation=0xc00040fd44) returned 1 [0151.979] GetFileInformationByHandleEx (in: hFile=0x568, FileInformationClass=0x9, lpFileInformation=0xc00040fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00040fd28) returned 1 [0151.979] VirtualAlloc (lpAddress=0xc0004f2000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004f2000 [0151.983] ReadFile (in: hFile=0x568, lpBuffer=0xc0004f2000, nNumberOfBytesToRead=0x1194a, lpNumberOfBytesRead=0xc00040fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004f2000*, lpNumberOfBytesRead=0xc00040fc04*=0x1174a, lpOverlapped=0x0) returned 1 [0151.985] ReadFile (in: hFile=0x568, lpBuffer=0xc00050374a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00040fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00050374a*, lpNumberOfBytesRead=0xc00040fc04*=0x0, lpOverlapped=0x0) returned 1 [0151.985] CloseHandle (hObject=0x568) returned 1 [0151.985] VirtualAlloc (lpAddress=0xc000514000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000514000 [0151.990] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\P3LpCoP8sODQy.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\p3lpcop8sodqy.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x568 [0151.993] GetConsoleMode (in: hConsoleHandle=0x568, lpMode=0xc00040fd04 | out: lpMode=0xc00040fd04) returned 0 [0152.023] GetFileType (hFile=0x568) returned 0x1 [0152.023] WriteFile (in: hFile=0x568, lpBuffer=0xc000514000*, nNumberOfBytesToWrite=0x11750, lpNumberOfBytesWritten=0xc00040fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000514000*, lpNumberOfBytesWritten=0xc00040fcec*=0x11750, lpOverlapped=0x0) returned 1 [0152.029] CloseHandle (hObject=0x568) returned 1 [0152.029] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0152.029] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\P3LpCoP8sODQy.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\p3lpcop8sodqy.pdf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x568 [0152.030] GetConsoleMode (in: hConsoleHandle=0x568, lpMode=0xc00040fd64 | out: lpMode=0xc00040fd64) returned 0 [0152.038] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0152.294] SetEvent (hEvent=0x354) returned 1 [0152.294] GetFileType (hFile=0x568) returned 0x1 [0152.294] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0152.415] WriteFile (in: hFile=0x568, lpBuffer=0xc0000d7080*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00040fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d7080*, lpNumberOfBytesWritten=0xc00040fd4c*=0x158, lpOverlapped=0x0) returned 1 [0152.415] CloseHandle (hObject=0x568) returned 1 [0152.415] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\P3LpCoP8sODQy.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\p3lpcop8sodqy.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\rE2C8WmYD\\encry-P3LpCoP8sODQy.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\re2c8wmyd\\encry-p3lpcop8sodqy.pdf"), dwFlags=0x1) returned 1 [0152.424] SetEvent (hEvent=0xb68) returned 1 [0152.425] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0161.315] GetFileType (hFile=0x374) returned 0x1 [0161.315] WriteFile (in: hFile=0x374, lpBuffer=0xc0004c0000*, nNumberOfBytesToWrite=0x161e0, lpNumberOfBytesWritten=0xc00043bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0004c0000*, lpNumberOfBytesWritten=0xc00043bcec*=0x161e0, lpOverlapped=0x0) returned 1 [0161.320] CloseHandle (hObject=0x374) returned 1 [0162.423] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0162.592] SetEvent (hEvent=0xa8) returned 1 [0162.593] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0163.587] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a2080*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0xc00037d808, lpReserved=0x0 | out: lpBuffer=0xc0000a2080*, lpNumberOfCharsWritten=0xc00037d808*=0x3d) returned 1 [0163.588] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0163.588] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0166.442] VirtualAlloc (lpAddress=0xc000232000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000232000 [0166.443] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*", lpFindFileData=0xc00037da68 | out: lpFindFileData=0xc00037da68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0166.444] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00037d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0166.444] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0166.473] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0166.501] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0166.507] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000050ea0*, nNumberOfCharsToWrite=0x84, lpNumberOfCharsWritten=0xc000515808, lpReserved=0x0 | out: lpBuffer=0xc000050ea0*, lpNumberOfCharsWritten=0xc000515808*=0x84) returned 1 [0166.509] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000e62a0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000515808, lpReserved=0x0 | out: lpBuffer=0xc0000e62a0*, lpNumberOfCharsWritten=0xc000515808*=0x11) returned 1 [0166.509] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000e62d0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000515808, lpReserved=0x0 | out: lpBuffer=0xc0000e62d0*, lpNumberOfCharsWritten=0xc000515808*=0x11) returned 1 [0166.510] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log1"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-ntuser.dat.LOG1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-ntuser.dat.log1"), dwFlags=0x1) returned 0 [0166.510] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0005156e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0166.510] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0166.512] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00028c000*, nNumberOfCharsToWrite=0xba, lpNumberOfCharsWritten=0xc000515808, lpReserved=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfCharsWritten=0xc000515808*=0xba) returned 1 [0166.513] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b73f698, ulCount=0x10, ulNumEntriesRemoved=0x3b73f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b73f698, ulNumEntriesRemoved=0x3b73f66c) returned 0 [0166.513] SetEvent (hEvent=0xa38) returned 1 [0166.513] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0166.517] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe08*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0166.517] SetEvent (hEvent=0xb38) returned 1 [0166.517] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe08*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0166.688] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.689] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.690] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.691] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.692] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.693] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.694] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.695] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.696] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.697] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.698] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.699] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.700] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.701] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.702] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0166.703] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0166.718] SwitchToThread () returned 1 [0166.743] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b73f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3b73f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b73f6a0, ulNumEntriesRemoved=0x3b73f674) returned 0 [0166.743] SetEvent (hEvent=0xc0) returned 1 [0166.743] SetEvent (hEvent=0xc44) returned 1 [0166.743] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe18*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0166.754] SetEvent (hEvent=0x100) returned 1 [0166.755] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0166.761] SetEvent (hEvent=0x254) returned 1 [0166.762] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0166.782] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000000500*, nNumberOfCharsToWrite=0x7f, lpNumberOfCharsWritten=0xc0002e9808, lpReserved=0x0 | out: lpBuffer=0xc000000500*, lpNumberOfCharsWritten=0xc0002e9808*=0x7f) returned 1 [0166.819] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0166.978] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c8060*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0002e9808, lpReserved=0x0 | out: lpBuffer=0xc0000c8060*, lpNumberOfCharsWritten=0xc0002e9808*=0x11) returned 1 [0166.982] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0167.029] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c80c0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0002e9808, lpReserved=0x0 | out: lpBuffer=0xc0000c80c0*, lpNumberOfCharsWritten=0xc0002e9808*=0x11) returned 1 [0167.033] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-ntuser.dat"), dwFlags=0x1) returned 0 [0167.033] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0002e96e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0167.033] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000184000*, nNumberOfCharsToWrite=0xb0, lpNumberOfCharsWritten=0xc0002e9808, lpReserved=0x0 | out: lpBuffer=0xc000184000*, lpNumberOfCharsWritten=0xc0002e9808*=0xb0) returned 1 [0167.036] SetEvent (hEvent=0xa80) returned 1 [0167.036] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0167.042] VirtualFree (lpAddress=0xc0005d6000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0167.044] VirtualFree (lpAddress=0xc00058e000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0167.045] VirtualFree (lpAddress=0xc0003fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.046] VirtualFree (lpAddress=0xc000334000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.047] VirtualFree (lpAddress=0xc000326000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.048] VirtualFree (lpAddress=0xc00031e000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0167.048] VirtualFree (lpAddress=0xc0002b4000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0167.049] VirtualFree (lpAddress=0xc000280000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.050] VirtualFree (lpAddress=0xc00024e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.051] VirtualFree (lpAddress=0xc00023a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.051] VirtualFree (lpAddress=0xc000236000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.052] VirtualFree (lpAddress=0xc00019a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.053] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.054] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.055] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.056] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.056] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.057] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.058] SetEvent (hEvent=0x990) returned 1 [0167.058] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0167.149] SetEvent (hEvent=0xa10) returned 1 [0167.150] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0167.155] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0167.156] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0167.160] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0167.161] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0167.165] SetEvent (hEvent=0x43c) returned 1 [0167.165] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0167.169] SetEvent (hEvent=0x43c) returned 1 [0167.169] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000367818, lpReserved=0x0 | out: lpBuffer=0xc000586020*, lpNumberOfCharsWritten=0xc000367818*=0x3) returned 1 [0167.170] SetEvent (hEvent=0x43c) returned 1 [0167.170] VirtualAlloc (lpAddress=0xc0002ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ea000 [0167.172] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586026*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002b1818, lpReserved=0x0 | out: lpBuffer=0xc000586026*, lpNumberOfCharsWritten=0xc0002b1818*=0x3) returned 1 [0167.173] SetEvent (hEvent=0x43c) returned 1 [0167.173] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002a7818, lpReserved=0x0 | out: lpBuffer=0xc000586030*, lpNumberOfCharsWritten=0xc0002a7818*=0x3) returned 1 [0167.174] SetEvent (hEvent=0x43c) returned 1 [0167.174] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586036*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001cd818, lpReserved=0x0 | out: lpBuffer=0xc000586036*, lpNumberOfCharsWritten=0xc0001cd818*=0x3) returned 1 [0167.176] SetEvent (hEvent=0x43c) returned 1 [0167.176] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00029f818, lpReserved=0x0 | out: lpBuffer=0xc000586060*, lpNumberOfCharsWritten=0xc00029f818*=0x3) returned 1 [0167.177] SetEvent (hEvent=0x43c) returned 1 [0167.177] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d43f0*, nNumberOfCharsToWrite=0x45, lpNumberOfCharsWritten=0xc00039b808, lpReserved=0x0 | out: lpBuffer=0xc0003d43f0*, lpNumberOfCharsWritten=0xc00039b808*=0x45) returned 1 [0167.178] SetEvent (hEvent=0x43c) returned 1 [0167.178] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000e6150*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc00039b808, lpReserved=0x0 | out: lpBuffer=0xc0000e6150*, lpNumberOfCharsWritten=0xc00039b808*=0x11) returned 1 [0167.180] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000e6180*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc00039b808, lpReserved=0x0 | out: lpBuffer=0xc0000e6180*, lpNumberOfCharsWritten=0xc00039b808*=0x11) returned 1 [0167.182] VirtualAlloc (lpAddress=0xc0002ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ec000 [0167.183] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Local Settings" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\local settings"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-Local Settings" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-local settings"), dwFlags=0x1) returned 1 [0167.406] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0167.412] SetEvent (hEvent=0xc1c) returned 1 [0167.412] SetEvent (hEvent=0xa80) returned 1 [0167.412] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.413] VirtualFree (lpAddress=0xc00004e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.414] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.415] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010128*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002e3818, lpReserved=0x0 | out: lpBuffer=0xc000010128*, lpNumberOfCharsWritten=0xc0002e3818*=0x3) returned 1 [0167.418] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010140*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002f7818, lpReserved=0x0 | out: lpBuffer=0xc000010140*, lpNumberOfCharsWritten=0xc0002f7818*=0x3) returned 1 [0167.422] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0167.423] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010146*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002f9818, lpReserved=0x0 | out: lpBuffer=0xc000010146*, lpNumberOfCharsWritten=0xc0002f9818*=0x3) returned 1 [0167.426] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0167.433] SetEvent (hEvent=0xc1c) returned 1 [0167.433] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c8090*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000517808, lpReserved=0x0 | out: lpBuffer=0xc0000c8090*, lpNumberOfCharsWritten=0xc000517808*=0x11) returned 1 [0167.436] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0167.465] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c8000*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000517808, lpReserved=0x0 | out: lpBuffer=0xc0000c8000*, lpNumberOfCharsWritten=0xc000517808*=0x11) returned 1 [0167.468] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0167.469] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0167.471] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat.log2"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-ntuser.dat.LOG2" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-ntuser.dat.log2"), dwFlags=0x1) returned 0 [0167.471] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0005176e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0167.471] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0167.472] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0167.474] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00005a000*, nNumberOfCharsToWrite=0xba, lpNumberOfCharsWritten=0xc000517808, lpReserved=0x0 | out: lpBuffer=0xc00005a000*, lpNumberOfCharsWritten=0xc000517808*=0xba) returned 1 [0167.477] SetEvent (hEvent=0xc14) returned 1 [0167.477] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe30*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0167.479] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) returned 0x0 [0167.479] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b73f698, ulCount=0x10, ulNumEntriesRemoved=0x3b73f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b73f698, ulNumEntriesRemoved=0x3b73f66c) returned 0 [0167.479] SetEvent (hEvent=0xc0) returned 1 [0167.479] SetEvent (hEvent=0xc14) returned 1 [0167.479] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0167.482] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe08*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.485] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe08*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.507] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b73f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3b73f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b73f6a0, ulNumEntriesRemoved=0x3b73f674) returned 0 [0167.507] SetEvent (hEvent=0xc1c) returned 1 [0167.507] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b73fe18*=0xb48, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.556] WaitForSingleObject (hHandle=0xb48, dwMilliseconds=0xffffffff) Thread: id = 166 os_tid = 0xc3c [0142.170] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3b93fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3b93fea0*=0x784) returned 1 [0142.170] VirtualQuery (in: lpAddress=0x3b93fec0, lpBuffer=0x3b93fec0, dwLength=0x30 | out: lpBuffer=0x3b93fec0*(BaseAddress=0x3b93f000, AllocationBase=0x3b740000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.170] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\g518f4w-.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\g518f4w-.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x788 [0142.170] GetConsoleMode (in: hConsoleHandle=0x788, lpMode=0xc000443cf4 | out: lpMode=0xc000443cf4) returned 0 [0142.171] GetFileType (hFile=0x788) returned 0x1 [0142.171] GetFileType (hFile=0x788) returned 0x1 [0142.171] GetFileInformationByHandle (in: hFile=0x788, lpFileInformation=0xc000443d44 | out: lpFileInformation=0xc000443d44) returned 1 [0142.171] GetFileInformationByHandleEx (in: hFile=0x788, FileInformationClass=0x9, lpFileInformation=0xc000443d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000443d28) returned 1 [0142.171] ReadFile (in: hFile=0x788, lpBuffer=0xc00030a600, nNumberOfBytesToRead=0x10b8, lpNumberOfBytesRead=0xc000443c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030a600*, lpNumberOfBytesRead=0xc000443c04*=0xeb8, lpOverlapped=0x0) returned 1 [0142.773] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb50 [0142.773] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb54 [0142.773] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0143.651] ReadFile (in: hFile=0x788, lpBuffer=0xc00030b4b8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000443c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030b4b8*, lpNumberOfBytesRead=0xc000443c04*=0x0, lpOverlapped=0x0) returned 1 [0143.651] CloseHandle (hObject=0x788) returned 1 [0143.651] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\g518f4w-.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\g518f4w-.flv.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0143.688] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0144.355] SetEvent (hEvent=0xc0) returned 1 [0144.355] SetEvent (hEvent=0xbc0) returned 1 [0144.355] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc000443d04 | out: lpMode=0xc000443d04) returned 0 [0144.356] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0144.799] GetFileType (hFile=0x8a4) returned 0x1 [0144.799] WriteFile (in: hFile=0x8a4, lpBuffer=0xc000653000*, nNumberOfBytesToWrite=0xec0, lpNumberOfBytesWritten=0xc000443cec, lpOverlapped=0x0 | out: lpBuffer=0xc000653000*, lpNumberOfBytesWritten=0xc000443cec*=0xec0, lpOverlapped=0x0) returned 1 [0144.800] CloseHandle (hObject=0x8a4) returned 1 [0144.800] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0144.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\g518f4w-.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\g518f4w-.flv.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0144.801] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc000443d64 | out: lpMode=0xc000443d64) returned 0 [0144.803] GetFileType (hFile=0x8a4) returned 0x1 [0144.803] WriteFile (in: hFile=0x8a4, lpBuffer=0xc00007f1e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000443d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007f1e0*, lpNumberOfBytesWritten=0xc000443d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.803] CloseHandle (hObject=0x8a4) returned 1 [0144.804] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0144.805] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\g518f4w-.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\g518f4w-.flv.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-g518f4w-.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-g518f4w-.flv.lnk"), dwFlags=0x1) returned 1 [0145.407] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0145.922] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f698, ulCount=0x10, ulNumEntriesRemoved=0x3b93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f698, ulNumEntriesRemoved=0x3b93f66c) returned 0 [0145.922] SetEvent (hEvent=0xa20) returned 1 [0145.922] SetEvent (hEvent=0x9a0) returned 1 [0145.922] SetEvent (hEvent=0xb48) returned 1 [0145.924] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0145.927] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0145.927] SetEvent (hEvent=0x9a0) returned 1 [0145.927] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0145.932] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0145.932] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3b93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f6a0, ulNumEntriesRemoved=0x3b93f674) returned 0 [0145.932] SetEvent (hEvent=0xbd8) returned 1 [0145.932] SetEvent (hEvent=0xa58) returned 1 [0145.933] SetEvent (hEvent=0xa20) returned 1 [0145.933] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe18*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0145.935] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0145.935] WriteFile (in: hFile=0x770, lpBuffer=0xc000614000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000459d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614000*, lpNumberOfBytesWritten=0xc000459d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.936] CloseHandle (hObject=0x770) returned 1 [0145.942] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0146.174] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pApDKzHUyE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\papdkzhuye.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-pApDKzHUyE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-papdkzhuye.lnk"), dwFlags=0x1) returned 1 [0150.442] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe30*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.445] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f698, ulCount=0x10, ulNumEntriesRemoved=0x3b93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f698, ulNumEntriesRemoved=0x3b93f66c) returned 0 [0150.445] SetEvent (hEvent=0xec) returned 1 [0150.446] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.450] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0150.450] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.454] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3b93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f6a0, ulNumEntriesRemoved=0x3b93f674) returned 0 [0150.454] SetEvent (hEvent=0xa38) returned 1 [0150.455] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe18*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.465] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0150.465] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0150.476] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0150.479] SetEvent (hEvent=0xa78) returned 1 [0150.479] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0150.487] SetEvent (hEvent=0xa78) returned 1 [0150.487] SetEvent (hEvent=0xa38) returned 1 [0150.487] VirtualFree (lpAddress=0xc00071a000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0150.489] VirtualFree (lpAddress=0xc0006b6000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0150.490] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.492] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.493] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.494] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.496] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.497] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.498] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.499] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.500] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.501] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000427818, lpReserved=0x0 | out: lpBuffer=0xc000010030*, lpNumberOfCharsWritten=0xc000427818*=0x3) returned 1 [0150.505] SetEvent (hEvent=0xa38) returned 1 [0150.505] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000126090*, nNumberOfCharsToWrite=0x47, lpNumberOfCharsWritten=0xc000421808, lpReserved=0x0 | out: lpBuffer=0xc000126090*, lpNumberOfCharsWritten=0xc000421808*=0x47) returned 1 [0150.509] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0150.510] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0150.511] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0150.512] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*", lpFindFileData=0xc000421a08 | out: lpFindFileData=0xc000421a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0150.512] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000421720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0150.512] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0150.513] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0001261b0*, nNumberOfCharsToWrite=0x47, lpNumberOfCharsWritten=0xc000421808, lpReserved=0x0 | out: lpBuffer=0xc0001261b0*, lpNumberOfCharsWritten=0xc000421808*=0x47) returned 1 [0150.520] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3401 | out: pbBuffer=0xc0001c3401) returned 1 [0150.520] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0150.521] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0150.521] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0150.522] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data\\*", lpFindFileData=0xc000421a68 | out: lpFindFileData=0xc000421a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0150.523] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000421720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0150.523] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0150.524] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002c4000*, nNumberOfCharsToWrite=0x47, lpNumberOfCharsWritten=0xc000421808, lpReserved=0x0 | out: lpBuffer=0xc0002c4000*, lpNumberOfCharsWritten=0xc000421808*=0x47) returned 1 [0150.530] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000ee060*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000421808, lpReserved=0x0 | out: lpBuffer=0xc0000ee060*, lpNumberOfCharsWritten=0xc000421808*=0x11) returned 1 [0150.534] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000ee090*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000421808, lpReserved=0x0 | out: lpBuffer=0xc0000ee090*, lpNumberOfCharsWritten=0xc000421808*=0x11) returned 1 [0150.561] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0150.563] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Application Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\application data"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-Application Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-application data"), dwFlags=0x1) returned 1 [0150.654] SetEvent (hEvent=0xc0) returned 1 [0150.654] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f698, ulCount=0x10, ulNumEntriesRemoved=0x3b93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f698, ulNumEntriesRemoved=0x3b93f66c) returned 0 [0150.654] SetEvent (hEvent=0xa38) returned 1 [0150.655] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.686] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0150.686] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3b93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f6a0, ulNumEntriesRemoved=0x3b93f674) returned 0 [0150.686] SetEvent (hEvent=0xa38) returned 1 [0150.686] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe18*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.733] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe30*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.735] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f698, ulCount=0x10, ulNumEntriesRemoved=0x3b93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f698, ulNumEntriesRemoved=0x3b93f66c) returned 0 [0150.735] SetEvent (hEvent=0xc0) returned 1 [0150.735] SetEvent (hEvent=0x988) returned 1 [0150.736] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.738] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0150.738] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.750] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe30*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.752] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3b93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f6a0, ulNumEntriesRemoved=0x3b93f674) returned 0 [0150.752] SetEvent (hEvent=0xc44) returned 1 [0150.752] SetEvent (hEvent=0x274) returned 1 [0150.752] SetEvent (hEvent=0x988) returned 1 [0150.752] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe18*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.756] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0150.756] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe30*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.758] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f698, ulCount=0x10, ulNumEntriesRemoved=0x3b93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f698, ulNumEntriesRemoved=0x3b93f66c) returned 0 [0150.758] SetEvent (hEvent=0x274) returned 1 [0150.758] SetEvent (hEvent=0x988) returned 1 [0150.758] SetEvent (hEvent=0xc44) returned 1 [0150.759] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.761] SetEvent (hEvent=0xa38) returned 1 [0150.761] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.763] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe30*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.764] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3b93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f6a0, ulNumEntriesRemoved=0x3b93f674) returned 0 [0150.764] SetEvent (hEvent=0x988) returned 1 [0150.764] SetEvent (hEvent=0xc44) returned 1 [0150.764] SetEvent (hEvent=0xa38) returned 1 [0150.764] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe18*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.777] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0150.777] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe30*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.779] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0150.779] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f698, ulCount=0x10, ulNumEntriesRemoved=0x3b93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f698, ulNumEntriesRemoved=0x3b93f66c) returned 0 [0150.779] SetEvent (hEvent=0xa38) returned 1 [0150.779] SetEvent (hEvent=0xc44) returned 1 [0150.781] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.783] SetEvent (hEvent=0xc44) returned 1 [0150.783] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.794] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe30*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.795] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3b93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f6a0, ulNumEntriesRemoved=0x3b93f674) returned 0 [0150.795] SetEvent (hEvent=0xa38) returned 1 [0150.795] SetEvent (hEvent=0xc44) returned 1 [0150.795] SetEvent (hEvent=0x274) returned 1 [0150.795] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe18*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.799] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe30*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.799] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f698, ulCount=0x10, ulNumEntriesRemoved=0x3b93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f698, ulNumEntriesRemoved=0x3b93f66c) returned 0 [0150.799] SetEvent (hEvent=0x988) returned 1 [0150.799] SetEvent (hEvent=0x274) returned 1 [0150.801] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.807] SetEvent (hEvent=0x274) returned 1 [0150.808] SetEvent (hEvent=0x988) returned 1 [0150.808] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.817] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0150.817] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe30*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.818] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0150.818] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3b93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f6a0, ulNumEntriesRemoved=0x3b93f674) returned 0 [0150.819] SetEvent (hEvent=0x988) returned 1 [0150.819] SetEvent (hEvent=0xc44) returned 1 [0150.819] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe18*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.832] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f698, ulCount=0x10, ulNumEntriesRemoved=0x3b93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f698, ulNumEntriesRemoved=0x3b93f66c) returned 0 [0150.832] SetEvent (hEvent=0x988) returned 1 [0150.832] SetEvent (hEvent=0x9a8) returned 1 [0150.833] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.840] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0150.840] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.844] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3b93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f6a0, ulNumEntriesRemoved=0x3b93f674) returned 0 [0150.844] SetEvent (hEvent=0x1b4) returned 1 [0150.844] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe18*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.854] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0150.854] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe30*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.854] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0150.854] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f698, ulCount=0x10, ulNumEntriesRemoved=0x3b93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f698, ulNumEntriesRemoved=0x3b93f66c) returned 0 [0150.855] SetEvent (hEvent=0xc0) returned 1 [0150.855] SetEvent (hEvent=0xae0) returned 1 [0150.855] SetEvent (hEvent=0x274) returned 1 [0150.856] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.956] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0150.956] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.958] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3b93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f6a0, ulNumEntriesRemoved=0x3b93f674) returned 0 [0150.958] SetEvent (hEvent=0x43c) returned 1 [0150.958] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe18*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.015] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe30*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.016] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f698, ulCount=0x10, ulNumEntriesRemoved=0x3b93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f698, ulNumEntriesRemoved=0x3b93f66c) returned 0 [0151.016] SetEvent (hEvent=0xc0) returned 1 [0151.016] SetEvent (hEvent=0xae0) returned 1 [0151.017] SetEvent (hEvent=0x28c) returned 1 [0151.018] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.028] SetEvent (hEvent=0xab8) returned 1 [0151.028] SetEvent (hEvent=0x9a8) returned 1 [0151.028] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0151.038] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0151.038] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3b93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f6a0, ulNumEntriesRemoved=0x3b93f674) returned 0 [0151.038] SetEvent (hEvent=0x1f8) returned 1 [0151.038] SetEvent (hEvent=0xa38) returned 1 [0151.038] SetEvent (hEvent=0x988) returned 1 [0151.038] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe18*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.186] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f698, ulCount=0x10, ulNumEntriesRemoved=0x3b93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f698, ulNumEntriesRemoved=0x3b93f66c) returned 0 [0151.186] SetEvent (hEvent=0xb40) returned 1 [0151.186] SetEvent (hEvent=0x990) returned 1 [0151.186] SetEvent (hEvent=0x354) returned 1 [0151.188] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0151.193] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0151.193] SetEvent (hEvent=0xa48) returned 1 [0151.193] SetEvent (hEvent=0xc6c) returned 1 [0151.193] SetEvent (hEvent=0xbb0) returned 1 [0151.193] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0151.197] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0151.198] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3b93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f6a0, ulNumEntriesRemoved=0x3b93f674) returned 0 [0151.198] SetEvent (hEvent=0xb38) returned 1 [0151.198] SetEvent (hEvent=0x960) returned 1 [0151.198] SetEvent (hEvent=0xc04) returned 1 [0151.198] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe18*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.244] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f698, ulCount=0x10, ulNumEntriesRemoved=0x3b93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f698, ulNumEntriesRemoved=0x3b93f66c) returned 0 [0151.244] SetEvent (hEvent=0xb80) returned 1 [0151.244] SetEvent (hEvent=0xb70) returned 1 [0151.244] SetEvent (hEvent=0xc14) returned 1 [0151.246] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0151.249] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0151.250] SetEvent (hEvent=0x968) returned 1 [0151.250] SetEvent (hEvent=0x9c8) returned 1 [0151.250] SetEvent (hEvent=0x9b8) returned 1 [0151.250] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0151.254] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0151.255] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe30*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.255] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3b93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f6a0, ulNumEntriesRemoved=0x3b93f674) returned 0 [0151.255] SetEvent (hEvent=0xc0) returned 1 [0151.256] SetEvent (hEvent=0xa68) returned 1 [0151.256] SetEvent (hEvent=0x9b8) returned 1 [0151.256] SetEvent (hEvent=0x28c) returned 1 [0151.256] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe18*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0151.283] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0020*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00044b818, lpReserved=0x0 | out: lpBuffer=0xc0000a0020*, lpNumberOfCharsWritten=0xc00044b818*=0x3) returned 1 [0151.295] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0151.655] SetEvent (hEvent=0xa68) returned 1 [0151.656] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0151.661] SetEvent (hEvent=0xa68) returned 1 [0151.661] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\ueeHKPXYbc0Mi.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\ueehkpxybc0mi.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x454 [0151.662] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0xc00020fcf4 | out: lpMode=0xc00020fcf4) returned 0 [0151.670] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0152.135] GetFileType (hFile=0x454) returned 0x1 [0152.135] GetFileType (hFile=0x454) returned 0x1 [0152.135] GetFileInformationByHandle (in: hFile=0x454, lpFileInformation=0xc00020fd44 | out: lpFileInformation=0xc00020fd44) returned 1 [0152.135] GetFileInformationByHandleEx (in: hFile=0x454, FileInformationClass=0x9, lpFileInformation=0xc00020fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020fd28) returned 1 [0152.135] ReadFile (in: hFile=0x454, lpBuffer=0xc00028c000, nNumberOfBytesToRead=0x32cb, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00028c000*, lpNumberOfBytesRead=0xc00020fc04*=0x30cb, lpOverlapped=0x0) returned 1 [0152.136] ReadFile (in: hFile=0x454, lpBuffer=0xc00028f0cb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00028f0cb*, lpNumberOfBytesRead=0xc00020fc04*=0x0, lpOverlapped=0x0) returned 1 [0152.136] CloseHandle (hObject=0x454) returned 1 [0152.136] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\ueeHKPXYbc0Mi.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\ueehkpxybc0mi.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454 [0152.138] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0xc00020fd04 | out: lpMode=0xc00020fd04) returned 0 [0152.142] GetFileType (hFile=0x454) returned 0x1 [0152.143] WriteFile (in: hFile=0x454, lpBuffer=0xc000292a00*, nNumberOfBytesToWrite=0x30d0, lpNumberOfBytesWritten=0xc00020fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000292a00*, lpNumberOfBytesWritten=0xc00020fcec*=0x30d0, lpOverlapped=0x0) returned 1 [0152.145] CloseHandle (hObject=0x454) returned 1 [0152.145] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0152.145] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\ueeHKPXYbc0Mi.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\ueehkpxybc0mi.odt"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x454 [0152.145] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0xc00020fd64 | out: lpMode=0xc00020fd64) returned 0 [0152.154] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0152.333] GetFileType (hFile=0x454) returned 0x1 [0152.334] WriteFile (in: hFile=0x454, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00020fd4c*=0x158, lpOverlapped=0x0) returned 1 [0152.334] CloseHandle (hObject=0x454) returned 1 [0152.334] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\ueeHKPXYbc0Mi.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\ueehkpxybc0mi.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1EyRx-bxddwZPbzqj\\encry-ueeHKPXYbc0Mi.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1eyrx-bxddwzpbzqj\\encry-ueehkpxybc0mi.odt"), dwFlags=0x1) returned 1 [0152.335] SetEvent (hEvent=0x274) returned 1 [0152.336] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0161.323] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f698, ulCount=0x10, ulNumEntriesRemoved=0x3b93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f698, ulNumEntriesRemoved=0x3b93f66c) returned 0 [0161.324] SetEvent (hEvent=0x318) returned 1 [0161.325] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0161.327] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0161.327] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe08*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0161.330] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0161.331] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe30*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0161.332] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0161.332] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3b93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3b93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3b93f6a0, ulNumEntriesRemoved=0x3b93f674) returned 0 [0161.332] SetEvent (hEvent=0xc0) returned 1 [0161.332] SetEvent (hEvent=0xc44) returned 1 [0161.332] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3b93fe18*=0xb50, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0161.333] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\ZP3EtF2zN8ybT3QrgX8N.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zp3etf2zn8ybt3qrgx8n.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x4d8 [0162.038] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc000351cf4 | out: lpMode=0xc000351cf4) returned 0 [0162.391] GetFileType (hFile=0x4d8) returned 0x1 [0162.391] GetFileType (hFile=0x4d8) returned 0x1 [0162.391] GetFileInformationByHandle (in: hFile=0x4d8, lpFileInformation=0xc000351d44 | out: lpFileInformation=0xc000351d44) returned 1 [0162.391] GetFileInformationByHandleEx (in: hFile=0x4d8, FileInformationClass=0x9, lpFileInformation=0xc000351d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000351d28) returned 1 [0162.391] ReadFile (in: hFile=0x4d8, lpBuffer=0xc0006e4000, nNumberOfBytesToRead=0x12e10, lpNumberOfBytesRead=0xc000351c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006e4000*, lpNumberOfBytesRead=0xc000351c04*=0x12c10, lpOverlapped=0x0) returned 1 [0162.394] ReadFile (in: hFile=0x4d8, lpBuffer=0xc0006f6c10, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000351c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006f6c10*, lpNumberOfBytesRead=0xc000351c04*=0x0, lpOverlapped=0x0) returned 1 [0162.394] CloseHandle (hObject=0x4d8) returned 1 [0162.394] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\ZP3EtF2zN8ybT3QrgX8N.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zp3etf2zn8ybt3qrgx8n.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4d8 [0162.397] GetConsoleMode (in: hConsoleHandle=0x4d8, lpMode=0xc000351d04 | out: lpMode=0xc000351d04) returned 0 [0162.421] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0162.592] SetEvent (hEvent=0xb48) returned 1 [0162.592] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0163.593] GetFileType (hFile=0x474) returned 0x1 [0163.593] WriteFile (in: hFile=0x474, lpBuffer=0xc0001842c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00044bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001842c0*, lpNumberOfBytesWritten=0xc00044bd4c*=0x158, lpOverlapped=0x0) returned 1 [0166.720] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) returned 0x0 [0166.900] CloseHandle (hObject=0x474) returned 1 [0166.900] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0167.392] WaitForSingleObject (hHandle=0xb50, dwMilliseconds=0xffffffff) Thread: id = 167 os_tid = 0xc40 [0142.175] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3bb3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3bb3fea0*=0x78c) returned 1 [0142.175] VirtualQuery (in: lpAddress=0x3bb3fec0, lpBuffer=0x3bb3fec0, dwLength=0x30 | out: lpBuffer=0x3bb3fec0*(BaseAddress=0x3bb3f000, AllocationBase=0x3b940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.175] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NnN1r.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nnn1r.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x790 [0142.176] GetConsoleMode (in: hConsoleHandle=0x790, lpMode=0xc0003c5cf4 | out: lpMode=0xc0003c5cf4) returned 0 [0142.177] GetFileType (hFile=0x790) returned 0x1 [0142.177] GetFileType (hFile=0x790) returned 0x1 [0142.177] GetFileInformationByHandle (in: hFile=0x790, lpFileInformation=0xc0003c5d44 | out: lpFileInformation=0xc0003c5d44) returned 1 [0142.178] GetFileInformationByHandleEx (in: hFile=0x790, FileInformationClass=0x9, lpFileInformation=0xc0003c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003c5d28) returned 1 [0142.178] ReadFile (in: hFile=0x790, lpBuffer=0xc0002a4480, nNumberOfBytesToRead=0x426, lpNumberOfBytesRead=0xc0003c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4480*, lpNumberOfBytesRead=0xc0003c5c04*=0x226, lpOverlapped=0x0) returned 1 [0142.775] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb58 [0142.775] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb5c [0142.775] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0143.667] ReadFile (in: hFile=0x790, lpBuffer=0xc0002a46a6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a46a6*, lpNumberOfBytesRead=0xc0003c5c04*=0x0, lpOverlapped=0x0) returned 1 [0143.667] CloseHandle (hObject=0x790) returned 1 [0143.667] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NnN1r.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nnn1r.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5ac [0143.697] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0144.395] GetConsoleMode (in: hConsoleHandle=0x5ac, lpMode=0xc0003c5d04 | out: lpMode=0xc0003c5d04) returned 0 [0144.397] GetFileType (hFile=0x5ac) returned 0x1 [0144.398] WriteFile (in: hFile=0x5ac, lpBuffer=0xc000288000*, nNumberOfBytesToWrite=0x230, lpNumberOfBytesWritten=0xc0003c5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000288000*, lpNumberOfBytesWritten=0xc0003c5cec*=0x230, lpOverlapped=0x0) returned 1 [0144.399] CloseHandle (hObject=0x5ac) returned 1 [0144.399] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b301 | out: pbBuffer=0xc00031b301) returned 1 [0144.399] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0144.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NnN1r.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nnn1r.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5ac [0144.401] GetConsoleMode (in: hConsoleHandle=0x5ac, lpMode=0xc0003c5d64 | out: lpMode=0xc0003c5d64) returned 0 [0144.402] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0144.865] GetFileType (hFile=0x5ac) returned 0x1 [0144.865] WriteFile (in: hFile=0x5ac, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0003c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.866] CloseHandle (hObject=0x5ac) returned 1 [0144.867] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\NnN1r.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nnn1r.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-NnN1r.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-nnn1r.lnk"), dwFlags=0x1) returned 1 [0146.027] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0146.176] SetEvent (hEvent=0xc74) returned 1 [0146.176] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0146.181] SetEvent (hEvent=0x9e8) returned 1 [0146.181] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0146.191] SetEvent (hEvent=0x9b8) returned 1 [0146.191] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0146.213] SetEvent (hEvent=0xc24) returned 1 [0146.213] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0146.230] SetEvent (hEvent=0xc24) returned 1 [0146.230] SetEvent (hEvent=0xc1c) returned 1 [0146.230] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0146.247] SetEvent (hEvent=0x8b8) returned 1 [0146.247] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0148.053] GetFileType (hFile=0x564) returned 0x1 [0148.053] GetFileType (hFile=0x564) returned 0x1 [0148.053] GetFileInformationByHandle (in: hFile=0x564, lpFileInformation=0xc0006ddd44 | out: lpFileInformation=0xc0006ddd44) returned 1 [0148.053] GetFileInformationByHandleEx (in: hFile=0x564, FileInformationClass=0x9, lpFileInformation=0xc0006ddd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006ddd28) returned 1 [0148.053] VirtualAlloc (lpAddress=0xc000296000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000296000 [0148.055] ReadFile (in: hFile=0x564, lpBuffer=0xc000296000, nNumberOfBytesToRead=0xd4c, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000296000*, lpNumberOfBytesRead=0xc0006ddc04*=0xb4c, lpOverlapped=0x0) returned 1 [0148.713] ReadFile (in: hFile=0x564, lpBuffer=0xc000296b4c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006ddc04, lpOverlapped=0x0 | out: lpBuffer=0xc000296b4c*, lpNumberOfBytesRead=0xc0006ddc04*=0x0, lpOverlapped=0x0) returned 1 [0148.713] CloseHandle (hObject=0x564) returned 1 [0148.714] VirtualAlloc (lpAddress=0xc000526000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000526000 [0148.715] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zUbQnUQ_Do w-B.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zubqnuq_do w-b.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x874 [0150.621] GetConsoleMode (in: hConsoleHandle=0x874, lpMode=0xc0006ddd04 | out: lpMode=0xc0006ddd04) returned 0 [0150.624] GetFileType (hFile=0x874) returned 0x1 [0150.624] WriteFile (in: hFile=0x874, lpBuffer=0xc000526000*, nNumberOfBytesToWrite=0xb50, lpNumberOfBytesWritten=0xc0006ddcec, lpOverlapped=0x0 | out: lpBuffer=0xc000526000*, lpNumberOfBytesWritten=0xc0006ddcec*=0xb50, lpOverlapped=0x0) returned 1 [0150.626] CloseHandle (hObject=0x874) returned 1 [0150.731] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533801 | out: pbBuffer=0xc000533801) returned 1 [0150.731] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zUbQnUQ_Do w-B.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zubqnuq_do w-b.rtf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x53c [0150.731] GetConsoleMode (in: hConsoleHandle=0x53c, lpMode=0xc0006ddd64 | out: lpMode=0xc0006ddd64) returned 0 [0150.734] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0150.778] SetEvent (hEvent=0xb50) returned 1 [0150.778] GetFileType (hFile=0x53c) returned 0x1 [0150.779] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0150.808] WriteFile (in: hFile=0x53c, lpBuffer=0xc0000a2420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006ddd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2420*, lpNumberOfBytesWritten=0xc0006ddd4c*=0x158, lpOverlapped=0x0) returned 1 [0150.808] CloseHandle (hObject=0x53c) returned 1 [0150.817] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\zUbQnUQ_Do w-B.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\zubqnuq_do w-b.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-zUbQnUQ_Do w-B.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-zubqnuq_do w-b.rtf"), dwFlags=0x1) returned 1 [0153.273] SwitchToThread () returned 1 [0153.276] SetEvent (hEvent=0x208) returned 1 [0153.276] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0153.312] SetEvent (hEvent=0x9f0) returned 1 [0153.312] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0153.313] VirtualFree (lpAddress=0xc000072000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0153.314] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0153.315] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0153.316] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x554 [0153.317] GetConsoleMode (in: hConsoleHandle=0x554, lpMode=0xc0003e3cf4 | out: lpMode=0xc0003e3cf4) returned 0 [0153.324] GetFileType (hFile=0x554) returned 0x1 [0153.324] GetFileType (hFile=0x554) returned 0x1 [0153.324] GetFileInformationByHandle (in: hFile=0x554, lpFileInformation=0xc0003e3d44 | out: lpFileInformation=0xc0003e3d44) returned 1 [0153.325] GetFileInformationByHandleEx (in: hFile=0x554, FileInformationClass=0x9, lpFileInformation=0xc0003e3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003e3d28) returned 1 [0153.325] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0153.326] ReadFile (in: hFile=0x554, lpBuffer=0xc00006e000, nNumberOfBytesToRead=0x2ec, lpNumberOfBytesRead=0xc0003e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e000*, lpNumberOfBytesRead=0xc0003e3c04*=0xec, lpOverlapped=0x0) returned 1 [0153.329] ReadFile (in: hFile=0x554, lpBuffer=0xc00006e0ec, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006e0ec*, lpNumberOfBytesRead=0xc0003e3c04*=0x0, lpOverlapped=0x0) returned 1 [0153.329] CloseHandle (hObject=0x554) returned 1 [0153.329] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0153.330] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554 [0153.332] GetConsoleMode (in: hConsoleHandle=0x554, lpMode=0xc0003e3d04 | out: lpMode=0xc0003e3d04) returned 0 [0153.353] GetFileType (hFile=0x554) returned 0x1 [0153.353] WriteFile (in: hFile=0x554, lpBuffer=0xc0000721e0*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0xc0003e3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000721e0*, lpNumberOfBytesWritten=0xc0003e3cec*=0xf0, lpOverlapped=0x0) returned 1 [0153.354] CloseHandle (hObject=0x554) returned 1 [0153.354] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2f01 | out: pbBuffer=0xc0001c2f01) returned 1 [0153.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x554 [0153.355] GetConsoleMode (in: hConsoleHandle=0x554, lpMode=0xc0003e3d64 | out: lpMode=0xc0003e3d64) returned 0 [0153.356] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0153.377] GetFileType (hFile=0x554) returned 0x1 [0153.377] WriteFile (in: hFile=0x554, lpBuffer=0xc000284000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003e3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284000*, lpNumberOfBytesWritten=0xc0003e3d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.378] CloseHandle (hObject=0x554) returned 1 [0153.378] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\suggested sites.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\encry-Suggested Sites.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\encry-suggested sites.url"), dwFlags=0x1) returned 1 [0153.396] SetEvent (hEvent=0x8d0) returned 1 [0153.396] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0153.400] SetEvent (hEvent=0x100) returned 1 [0153.400] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0153.412] SetEvent (hEvent=0x208) returned 1 [0153.412] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0154.794] SetEvent (hEvent=0x8d0) returned 1 [0154.794] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0154.907] SetEvent (hEvent=0x43c) returned 1 [0154.907] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0154.953] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0154.955] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0154.956] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0154.958] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc00038bcf4 | out: lpMode=0xc00038bcf4) returned 0 [0154.966] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0155.010] GetFileType (hFile=0x6a4) returned 0x1 [0155.010] GetFileType (hFile=0x6a4) returned 0x1 [0155.011] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc00038bd44 | out: lpFileInformation=0xc00038bd44) returned 1 [0155.011] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc00038bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00038bd28) returned 1 [0155.011] ReadFile (in: hFile=0x6a4, lpBuffer=0xc00002c000, nNumberOfBytesToRead=0x286, lpNumberOfBytesRead=0xc00038bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c000*, lpNumberOfBytesRead=0xc00038bc04*=0x86, lpOverlapped=0x0) returned 1 [0155.013] ReadFile (in: hFile=0x6a4, lpBuffer=0xc00002c086, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00038bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c086*, lpNumberOfBytesRead=0xc00038bc04*=0x0, lpOverlapped=0x0) returned 1 [0155.013] CloseHandle (hObject=0x6a4) returned 1 [0155.014] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0155.015] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc00038bd04 | out: lpMode=0xc00038bd04) returned 0 [0155.068] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0155.205] SetEvent (hEvent=0xc0) returned 1 [0155.205] SetEvent (hEvent=0x9f0) returned 1 [0155.205] GetFileType (hFile=0x6a4) returned 0x1 [0155.205] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0155.350] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000078000*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc00038bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000078000*, lpNumberOfBytesWritten=0xc00038bcec*=0x90, lpOverlapped=0x0) returned 1 [0155.353] CloseHandle (hObject=0x6a4) returned 1 [0155.353] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0155.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0155.354] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc00038bd64 | out: lpMode=0xc00038bd64) returned 0 [0155.360] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0156.054] GetFileType (hFile=0x6a4) returned 0x1 [0156.054] WriteFile (in: hFile=0x6a4, lpBuffer=0xc000104c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00038bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104c60*, lpNumberOfBytesWritten=0xc00038bd4c*=0x158, lpOverlapped=0x0) returned 1 [0156.054] CloseHandle (hObject=0x6a4) returned 1 [0156.054] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0156.056] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\microsoft store.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\encry-Microsoft Store.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\microsoft websites\\encry-microsoft store.url"), dwFlags=0x1) returned 1 [0156.058] SetEvent (hEvent=0x43c) returned 1 [0156.058] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0156.088] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\my documents"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0156.088] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0xc0002e79f8 | out: lpFindFileData=0xc0002e79f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0156.088] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002e7720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0156.088] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0156.088] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT\\*", lpFindFileData=0xc0002e99f8 | out: lpFindFileData=0xc0002e99f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0156.088] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0002e9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0156.089] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x404 [0156.090] GetConsoleMode (in: hConsoleHandle=0x404, lpMode=0xc0002e3cf4 | out: lpMode=0xc0002e3cf4) returned 0 [0156.096] GetFileType (hFile=0x404) returned 0x1 [0156.096] GetFileType (hFile=0x404) returned 0x1 [0156.096] GetFileInformationByHandle (in: hFile=0x404, lpFileInformation=0xc0002e3d44 | out: lpFileInformation=0xc0002e3d44) returned 1 [0156.096] GetFileInformationByHandleEx (in: hFile=0x404, FileInformationClass=0x9, lpFileInformation=0xc0002e3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002e3d28) returned 1 [0156.096] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0156.100] ReadFile (in: hFile=0x404, lpBuffer=0xc00058e000, nNumberOfBytesToRead=0x10200, lpNumberOfBytesRead=0xc0002e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesRead=0xc0002e3c04*=0x10000, lpOverlapped=0x0) returned 1 [0156.201] ReadFile (in: hFile=0x404, lpBuffer=0xc00059e000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc00059e000*, lpNumberOfBytesRead=0xc0002e3c04*=0x0, lpOverlapped=0x0) returned 1 [0156.202] CloseHandle (hObject=0x404) returned 1 [0156.204] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0156.206] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0156.208] VirtualAlloc (lpAddress=0xc0005cc000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005cc000 [0156.214] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0156.214] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf\\*", lpFindFileData=0xc0002e3a08 | out: lpFindFileData=0xc0002e3a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0156.214] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002e3720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0156.214] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x404 [0156.215] GetConsoleMode (in: hConsoleHandle=0x404, lpMode=0xc0002e5cf4 | out: lpMode=0xc0002e5cf4) returned 0 [0156.235] GetFileType (hFile=0x404) returned 0x1 [0156.235] GetFileType (hFile=0x404) returned 0x1 [0156.236] GetFileInformationByHandle (in: hFile=0x404, lpFileInformation=0xc0002e5d44 | out: lpFileInformation=0xc0002e5d44) returned 1 [0156.236] GetFileInformationByHandleEx (in: hFile=0x404, FileInformationClass=0x9, lpFileInformation=0xc0002e5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002e5d28) returned 1 [0156.236] VirtualAlloc (lpAddress=0xc000604000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000604000 [0156.265] ReadFile (in: hFile=0x404, lpBuffer=0xc000604000, nNumberOfBytesToRead=0x80200, lpNumberOfBytesRead=0xc0002e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000604000*, lpNumberOfBytesRead=0xc0002e5c04*=0x80000, lpOverlapped=0x0) returned 1 [0156.283] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0156.428] ReadFile (in: hFile=0x404, lpBuffer=0xc000684000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000684000*, lpNumberOfBytesRead=0xc0002e5c04*=0x0, lpOverlapped=0x0) returned 1 [0156.428] CloseHandle (hObject=0x404) returned 1 [0156.438] SwitchToThread () returned 1 [0156.541] PostQueuedCompletionStatus (CompletionPort=0xdc, dwNumberOfBytesTransferred=0x0, dwCompletionKey=0x0, lpOverlapped=0x0) returned 1 [0156.542] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0156.573] SetEvent (hEvent=0x43c) returned 1 [0156.574] SwitchToThread () returned 1 [0156.693] SwitchToThread () returned 1 [0156.802] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0156.923] SetEvent (hEvent=0x1b4) returned 1 [0156.924] SetEvent (hEvent=0xc0) returned 1 [0156.924] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0156.934] SetEvent (hEvent=0x43c) returned 1 [0156.939] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0156.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\main.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\main.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0156.940] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0156.942] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\main.exe\\*", lpFindFileData=0xc00018ba08 | out: lpFindFileData=0xc00018ba08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0156.942] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc00018b720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0156.942] SwitchToThread () returned 1 [0157.040] SwitchToThread () returned 1 [0157.041] SetEvent (hEvent=0x43c) returned 1 [0157.041] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0157.043] SetEvent (hEvent=0x43c) returned 1 [0157.044] SetEvent (hEvent=0x1b4) returned 1 [0157.044] VirtualFree (lpAddress=0xc000524000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0157.045] VirtualFree (lpAddress=0xc0002fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.046] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0157.047] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.048] VirtualFree (lpAddress=0xc000124000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0157.049] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.049] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.050] VirtualFree (lpAddress=0xc00007c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0157.051] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.051] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.052] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.053] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.053] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0157.054] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oVS-uFdkCnpg7C9Q.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ovs-ufdkcnpg7c9q.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0157.056] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001e5cf4 | out: lpMode=0xc0001e5cf4) returned 0 [0157.058] GetFileType (hFile=0x1b0) returned 0x1 [0157.058] GetFileType (hFile=0x1b0) returned 0x1 [0157.058] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0001e5d44 | out: lpFileInformation=0xc0001e5d44) returned 1 [0157.059] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0001e5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001e5d28) returned 1 [0157.059] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0157.062] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000542000, nNumberOfBytesToRead=0xfe5e, lpNumberOfBytesRead=0xc0001e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesRead=0xc0001e5c04*=0xfc5e, lpOverlapped=0x0) returned 1 [0157.065] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000551c5e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000551c5e*, lpNumberOfBytesRead=0xc0001e5c04*=0x0, lpOverlapped=0x0) returned 1 [0157.065] CloseHandle (hObject=0x1b0) returned 1 [0157.065] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0157.066] VirtualAlloc (lpAddress=0xc000552000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000552000 [0157.070] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oVS-uFdkCnpg7C9Q.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ovs-ufdkcnpg7c9q.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0157.073] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001e5d04 | out: lpMode=0xc0001e5d04) returned 0 [0157.101] GetFileType (hFile=0x1b0) returned 0x1 [0157.101] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000552000*, nNumberOfBytesToWrite=0xfc60, lpNumberOfBytesWritten=0xc0001e5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000552000*, lpNumberOfBytesWritten=0xc0001e5cec*=0xfc60, lpOverlapped=0x0) returned 1 [0157.116] CloseHandle (hObject=0x1b0) returned 1 [0157.116] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0401 | out: pbBuffer=0xc0002f0401) returned 1 [0157.116] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0157.118] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0157.119] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0157.120] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0157.122] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oVS-uFdkCnpg7C9Q.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ovs-ufdkcnpg7c9q.docx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0157.122] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0001e5d64 | out: lpMode=0xc0001e5d64) returned 0 [0157.132] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0157.140] SetEvent (hEvent=0x43c) returned 1 [0157.140] GetFileType (hFile=0x1b0) returned 0x1 [0157.140] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001e5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0001e5d4c*=0x158, lpOverlapped=0x0) returned 1 [0157.141] CloseHandle (hObject=0x1b0) returned 1 [0157.141] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0157.142] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\oVS-uFdkCnpg7C9Q.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ovs-ufdkcnpg7c9q.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-oVS-uFdkCnpg7C9Q.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-ovs-ufdkcnpg7c9q.docx"), dwFlags=0x1) returned 1 [0157.162] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0157.232] SetEvent (hEvent=0x43c) returned 1 [0157.232] SetEvent (hEvent=0x254) returned 1 [0157.232] SwitchToThread () returned 1 [0157.238] WriteFile (in: hFile=0x384, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000443d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000443d4c*=0x158, lpOverlapped=0x0) returned 1 [0157.239] CloseHandle (hObject=0x384) returned 1 [0157.239] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\mBCou1Ppf2tg_e1rt.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\mbcou1ppf2tg_e1rt.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\q7uHgHX5\\encry-mBCou1Ppf2tg_e1rt.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\q7uhghx5\\encry-mbcou1ppf2tg_e1rt.csv"), dwFlags=0x1) returned 1 [0157.241] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0157.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\LelFc_r3.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\lelfc_r3.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0157.244] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000467cf4 | out: lpMode=0xc000467cf4) returned 0 [0157.290] GetFileType (hFile=0x384) returned 0x1 [0157.290] GetFileType (hFile=0x384) returned 0x1 [0157.291] GetFileInformationByHandle (in: hFile=0x384, lpFileInformation=0xc000467d44 | out: lpFileInformation=0xc000467d44) returned 1 [0157.291] GetFileInformationByHandleEx (in: hFile=0x384, FileInformationClass=0x9, lpFileInformation=0xc000467d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000467d28) returned 1 [0157.291] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0157.292] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0157.294] ReadFile (in: hFile=0x384, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x881e, lpNumberOfBytesRead=0xc000467c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc000467c04*=0x861e, lpOverlapped=0x0) returned 1 [0157.296] ReadFile (in: hFile=0x384, lpBuffer=0xc00023861e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000467c04, lpOverlapped=0x0 | out: lpBuffer=0xc00023861e*, lpNumberOfBytesRead=0xc000467c04*=0x0, lpOverlapped=0x0) returned 1 [0157.296] CloseHandle (hObject=0x384) returned 1 [0157.297] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0157.297] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0157.298] VirtualAlloc (lpAddress=0xc000292000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0157.300] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\LelFc_r3.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\lelfc_r3.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0157.303] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000467d04 | out: lpMode=0xc000467d04) returned 0 [0157.345] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0157.496] GetFileType (hFile=0x384) returned 0x1 [0157.496] WriteFile (in: hFile=0x384, lpBuffer=0xc000292000*, nNumberOfBytesToWrite=0x8620, lpNumberOfBytesWritten=0xc000467cec, lpOverlapped=0x0 | out: lpBuffer=0xc000292000*, lpNumberOfBytesWritten=0xc000467cec*=0x8620, lpOverlapped=0x0) returned 1 [0157.498] CloseHandle (hObject=0x384) returned 1 [0157.499] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0157.499] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0157.501] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\LelFc_r3.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\lelfc_r3.xls"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0157.501] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000467d64 | out: lpMode=0xc000467d64) returned 0 [0157.522] GetFileType (hFile=0x384) returned 0x1 [0157.522] WriteFile (in: hFile=0x384, lpBuffer=0xc0000d71e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000467d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d71e0*, lpNumberOfBytesWritten=0xc000467d4c*=0x158, lpOverlapped=0x0) returned 1 [0157.522] CloseHandle (hObject=0x384) returned 1 [0157.522] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0157.523] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0157.524] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\LelFc_r3.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\lelfc_r3.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\vn4CibFz\\Oqpv\\NosD2-mwYoe_KW3\\encry-LelFc_r3.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\vn4cibfz\\oqpv\\nosd2-mwyoe_kw3\\encry-lelfc_r3.xls"), dwFlags=0x1) returned 1 [0157.526] SwitchToThread () returned 1 [0157.580] SwitchToThread () returned 1 [0157.581] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0157.599] SetEvent (hEvent=0x254) returned 1 [0157.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\DXhcl.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\dxhcl.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0157.600] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000259cf4 | out: lpMode=0xc000259cf4) returned 0 [0157.614] GetFileType (hFile=0x6a4) returned 0x1 [0157.614] GetFileType (hFile=0x6a4) returned 0x1 [0157.614] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc000259d44 | out: lpFileInformation=0xc000259d44) returned 1 [0157.614] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc000259d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000259d28) returned 1 [0157.614] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0157.622] ReadFile (in: hFile=0x6a4, lpBuffer=0xc00058e000, nNumberOfBytesToRead=0x17f0e, lpNumberOfBytesRead=0xc000259c04, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesRead=0xc000259c04*=0x17d0e, lpOverlapped=0x0) returned 1 [0157.625] ReadFile (in: hFile=0x6a4, lpBuffer=0xc0005a5d0e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000259c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005a5d0e*, lpNumberOfBytesRead=0xc000259c04*=0x0, lpOverlapped=0x0) returned 1 [0157.625] CloseHandle (hObject=0x6a4) returned 1 [0157.626] VirtualAlloc (lpAddress=0xc0005a6000, dwSize=0x18000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005a6000 [0157.632] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\DXhcl.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\dxhcl.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0157.635] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000259d04 | out: lpMode=0xc000259d04) returned 0 [0157.642] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0157.652] GetFileType (hFile=0x6a4) returned 0x1 [0157.652] WriteFile (in: hFile=0x6a4, lpBuffer=0xc0005a6000*, nNumberOfBytesToWrite=0x17d10, lpNumberOfBytesWritten=0xc000259cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005a6000*, lpNumberOfBytesWritten=0xc000259cec*=0x17d10, lpOverlapped=0x0) returned 1 [0157.657] CloseHandle (hObject=0x6a4) returned 1 [0157.657] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3501 | out: pbBuffer=0xc0001c3501) returned 1 [0157.657] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\DXhcl.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\dxhcl.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0157.658] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000259d64 | out: lpMode=0xc000259d64) returned 0 [0157.681] GetFileType (hFile=0x6a4) returned 0x1 [0157.681] WriteFile (in: hFile=0x6a4, lpBuffer=0xc0000d78c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000259d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d78c0*, lpNumberOfBytesWritten=0xc000259d4c*=0x158, lpOverlapped=0x0) returned 1 [0157.681] CloseHandle (hObject=0x6a4) returned 1 [0157.681] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\DXhcl.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\dxhcl.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Rf3i_Q4-ueWKmRVO6\\encry-DXhcl.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rf3i_q4-uewkmrvo6\\encry-dxhcl.mp3"), dwFlags=0x1) returned 1 [0157.684] SwitchToThread () returned 1 [0157.694] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0157.734] SetEvent (hEvent=0x254) returned 1 [0157.734] SwitchToThread () returned 1 [0157.751] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0157.753] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0157.754] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\cLHsCJaGwG6vjGL.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\clhscjagwg6vjgl.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0157.756] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000347cf4 | out: lpMode=0xc000347cf4) returned 0 [0157.768] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0157.798] GetFileType (hFile=0x36c) returned 0x1 [0157.798] GetFileType (hFile=0x36c) returned 0x1 [0157.799] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc000347d44 | out: lpFileInformation=0xc000347d44) returned 1 [0157.799] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc000347d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000347d28) returned 1 [0157.799] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0157.801] VirtualAlloc (lpAddress=0xc000230000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0157.807] ReadFile (in: hFile=0x36c, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x9bfa, lpNumberOfBytesRead=0xc000347c04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc000347c04*=0x99fa, lpOverlapped=0x0) returned 1 [0157.810] ReadFile (in: hFile=0x36c, lpBuffer=0xc0002399fa, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000347c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002399fa*, lpNumberOfBytesRead=0xc000347c04*=0x0, lpOverlapped=0x0) returned 1 [0157.810] CloseHandle (hObject=0x36c) returned 1 [0157.810] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0157.812] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0157.815] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\cLHsCJaGwG6vjGL.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\clhscjagwg6vjgl.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0157.818] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000347d04 | out: lpMode=0xc000347d04) returned 0 [0157.951] GetFileType (hFile=0x36c) returned 0x1 [0157.952] WriteFile (in: hFile=0x36c, lpBuffer=0xc00025e000*, nNumberOfBytesToWrite=0x9a00, lpNumberOfBytesWritten=0xc000347cec, lpOverlapped=0x0 | out: lpBuffer=0xc00025e000*, lpNumberOfBytesWritten=0xc000347cec*=0x9a00, lpOverlapped=0x0) returned 1 [0157.959] CloseHandle (hObject=0x36c) returned 1 [0157.960] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0157.960] VirtualAlloc (lpAddress=0xc0000fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fc000 [0157.968] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\cLHsCJaGwG6vjGL.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\clhscjagwg6vjgl.bmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0157.968] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000347d64 | out: lpMode=0xc000347d64) returned 0 [0157.970] GetFileType (hFile=0x3e0) returned 0x1 [0157.970] WriteFile (in: hFile=0x3e0, lpBuffer=0xc000284000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000347d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284000*, lpNumberOfBytesWritten=0xc000347d4c*=0x158, lpOverlapped=0x0) returned 1 [0157.971] CloseHandle (hObject=0x3e0) returned 1 [0157.971] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0157.973] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\cLHsCJaGwG6vjGL.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\clhscjagwg6vjgl.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\encry-cLHsCJaGwG6vjGL.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\encry-clhscjagwg6vjgl.bmp"), dwFlags=0x1) returned 1 [0157.976] VirtualFree (lpAddress=0xc0005a6000, dwSize=0x3c000, dwFreeType=0x4000) returned 1 [0158.010] VirtualFree (lpAddress=0xc00025c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.011] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0158.013] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\_A5x CK.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\_a5x ck.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0158.014] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000353cf4 | out: lpMode=0xc000353cf4) returned 0 [0158.019] GetFileType (hFile=0x3e0) returned 0x1 [0158.019] GetFileType (hFile=0x3e0) returned 0x1 [0158.019] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc000353d44 | out: lpFileInformation=0xc000353d44) returned 1 [0158.020] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc000353d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000353d28) returned 1 [0158.020] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0158.032] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000542000, nNumberOfBytesToRead=0x12777, lpNumberOfBytesRead=0xc000353c04, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesRead=0xc000353c04*=0x12577, lpOverlapped=0x0) returned 1 [0158.036] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000554577, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000353c04, lpOverlapped=0x0 | out: lpBuffer=0xc000554577*, lpNumberOfBytesRead=0xc000353c04*=0x0, lpOverlapped=0x0) returned 1 [0158.036] CloseHandle (hObject=0x3e0) returned 1 [0158.036] VirtualAlloc (lpAddress=0xc000556000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000556000 [0158.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\_A5x CK.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\_a5x ck.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0158.045] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000353d04 | out: lpMode=0xc000353d04) returned 0 [0158.084] GetFileType (hFile=0x3e0) returned 0x1 [0158.085] WriteFile (in: hFile=0x3e0, lpBuffer=0xc000556000*, nNumberOfBytesToWrite=0x12580, lpNumberOfBytesWritten=0xc000353cec, lpOverlapped=0x0 | out: lpBuffer=0xc000556000*, lpNumberOfBytesWritten=0xc000353cec*=0x12580, lpOverlapped=0x0) returned 1 [0158.091] CloseHandle (hObject=0x3e0) returned 1 [0158.091] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0158.091] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\_A5x CK.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\_a5x ck.gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0158.091] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000353d64 | out: lpMode=0xc000353d64) returned 0 [0158.146] GetFileType (hFile=0x3e0) returned 0x1 [0158.146] WriteFile (in: hFile=0x3e0, lpBuffer=0xc000284b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000353d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284b00*, lpNumberOfBytesWritten=0xc000353d4c*=0x158, lpOverlapped=0x0) returned 1 [0158.146] CloseHandle (hObject=0x3e0) returned 1 [0158.147] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0158.148] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0158.150] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\_A5x CK.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\_a5x ck.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\encry-_A5x CK.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\encry-_a5x ck.gif"), dwFlags=0x1) returned 1 [0158.152] SwitchToThread () returned 1 [0158.185] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0158.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\DaGVD.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\dagvd.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0158.354] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000357cf4 | out: lpMode=0xc000357cf4) returned 0 [0158.380] GetFileType (hFile=0x3e0) returned 0x1 [0158.380] GetFileType (hFile=0x3e0) returned 0x1 [0158.380] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc000357d44 | out: lpFileInformation=0xc000357d44) returned 1 [0158.381] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc000357d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000357d28) returned 1 [0158.381] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0158.382] ReadFile (in: hFile=0x3e0, lpBuffer=0xc000094000, nNumberOfBytesToRead=0x1b1f, lpNumberOfBytesRead=0xc000357c04, lpOverlapped=0x0 | out: lpBuffer=0xc000094000*, lpNumberOfBytesRead=0xc000357c04*=0x191f, lpOverlapped=0x0) returned 1 [0158.384] ReadFile (in: hFile=0x3e0, lpBuffer=0xc00009591f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000357c04, lpOverlapped=0x0 | out: lpBuffer=0xc00009591f*, lpNumberOfBytesRead=0xc000357c04*=0x0, lpOverlapped=0x0) returned 1 [0158.385] CloseHandle (hObject=0x3e0) returned 1 [0158.385] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\DaGVD.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\dagvd.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0158.387] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000357d04 | out: lpMode=0xc000357d04) returned 0 [0158.399] GetFileType (hFile=0x3e0) returned 0x1 [0158.399] WriteFile (in: hFile=0x3e0, lpBuffer=0xc00050d980*, nNumberOfBytesToWrite=0x1920, lpNumberOfBytesWritten=0xc000357cec, lpOverlapped=0x0 | out: lpBuffer=0xc00050d980*, lpNumberOfBytesWritten=0xc000357cec*=0x1920, lpOverlapped=0x0) returned 1 [0158.402] CloseHandle (hObject=0x3e0) returned 1 [0158.402] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0158.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\DaGVD.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\dagvd.gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0158.402] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc000357d64 | out: lpMode=0xc000357d64) returned 0 [0158.431] GetFileType (hFile=0x3e0) returned 0x1 [0158.431] WriteFile (in: hFile=0x3e0, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000357d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000357d4c*=0x158, lpOverlapped=0x0) returned 1 [0158.432] CloseHandle (hObject=0x3e0) returned 1 [0158.432] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0158.434] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\DaGVD.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\dagvd.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\encry-DaGVD.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\encry-dagvd.gif"), dwFlags=0x1) returned 1 [0158.436] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0158.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\esOLLOsE8Cg.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\esollose8cg.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0158.486] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00035fcf4 | out: lpMode=0xc00035fcf4) returned 0 [0158.523] GetFileType (hFile=0x36c) returned 0x1 [0158.523] GetFileType (hFile=0x36c) returned 0x1 [0158.523] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc00035fd44 | out: lpFileInformation=0xc00035fd44) returned 1 [0158.523] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc00035fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00035fd28) returned 1 [0158.523] ReadFile (in: hFile=0x36c, lpBuffer=0xc00054f500, nNumberOfBytesToRead=0x67a8, lpNumberOfBytesRead=0xc00035fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00054f500*, lpNumberOfBytesRead=0xc00035fc04*=0x65a8, lpOverlapped=0x0) returned 1 [0158.526] ReadFile (in: hFile=0x36c, lpBuffer=0xc000555aa8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00035fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000555aa8*, lpNumberOfBytesRead=0xc00035fc04*=0x0, lpOverlapped=0x0) returned 1 [0158.526] CloseHandle (hObject=0x36c) returned 1 [0158.526] VirtualAlloc (lpAddress=0xc000556000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000556000 [0158.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\esOLLOsE8Cg.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\esollose8cg.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0158.534] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00035fd04 | out: lpMode=0xc00035fd04) returned 0 [0158.543] GetFileType (hFile=0x36c) returned 0x1 [0158.543] WriteFile (in: hFile=0x36c, lpBuffer=0xc000556000*, nNumberOfBytesToWrite=0x65b0, lpNumberOfBytesWritten=0xc00035fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000556000*, lpNumberOfBytesWritten=0xc00035fcec*=0x65b0, lpOverlapped=0x0) returned 1 [0158.546] CloseHandle (hObject=0x36c) returned 1 [0158.546] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533801 | out: pbBuffer=0xc000533801) returned 1 [0158.546] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0158.548] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\esOLLOsE8Cg.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\esollose8cg.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0158.548] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00035fd64 | out: lpMode=0xc00035fd64) returned 0 [0158.626] SwitchToThread () returned 1 [0158.628] GetFileType (hFile=0x36c) returned 0x1 [0158.628] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00035fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc00035fd4c*=0x158, lpOverlapped=0x0) returned 1 [0158.628] CloseHandle (hObject=0x36c) returned 1 [0158.629] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\esOLLOsE8Cg.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\esollose8cg.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\zxXR\\encry-esOLLOsE8Cg.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\zxxr\\encry-esollose8cg.jpg"), dwFlags=0x1) returned 1 [0158.631] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0158.659] SwitchToThread () returned 1 [0158.676] SetEvent (hEvent=0x43c) returned 1 [0158.676] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0158.683] SetEvent (hEvent=0x1b4) returned 1 [0158.683] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0158.689] SwitchToThread () returned 1 [0158.783] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0158.828] SwitchToThread () returned 1 [0158.841] SetEvent (hEvent=0x43c) returned 1 [0158.841] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0158.846] SetEvent (hEvent=0x254) returned 1 [0158.846] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0158.852] SwitchToThread () returned 1 [0158.915] SwitchToThread () returned 1 [0158.955] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0158.985] SetEvent (hEvent=0x43c) returned 1 [0158.985] SetEvent (hEvent=0x254) returned 1 [0158.985] VirtualFree (lpAddress=0xc000498000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0158.987] VirtualFree (lpAddress=0xc000212000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0158.989] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.989] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.990] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.991] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.992] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.993] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.995] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0158.996] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0158.997] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0158.998] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0003afcf4 | out: lpMode=0xc0003afcf4) returned 0 [0159.000] GetFileType (hFile=0x36c) returned 0x1 [0159.000] GetFileType (hFile=0x36c) returned 0x1 [0159.000] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0003afd44 | out: lpFileInformation=0xc0003afd44) returned 1 [0159.001] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0003afd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003afd28) returned 1 [0159.001] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0159.002] ReadFile (in: hFile=0x36c, lpBuffer=0xc00003c000, nNumberOfBytesToRead=0x40c, lpNumberOfBytesRead=0xc0003afc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c000*, lpNumberOfBytesRead=0xc0003afc04*=0x20c, lpOverlapped=0x0) returned 1 [0159.004] ReadFile (in: hFile=0x36c, lpBuffer=0xc00003c20c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003afc04, lpOverlapped=0x0 | out: lpBuffer=0xc00003c20c*, lpNumberOfBytesRead=0xc0003afc04*=0x0, lpOverlapped=0x0) returned 1 [0159.004] CloseHandle (hObject=0x36c) returned 1 [0159.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0159.004] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\desktop.ini\\*", lpFindFileData=0xc0003afa08 | out: lpFindFileData=0xc0003afa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0159.004] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0003af720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0159.004] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\sendto"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0159.005] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\SendTo\\*", lpFindFileData=0xc0003a99f8 | out: lpFindFileData=0xc0003a99f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0159.005] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0003a9720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0159.005] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0159.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\start menu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0159.006] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Start Menu\\*", lpFindFileData=0xc0003ab9f8 | out: lpFindFileData=0xc0003ab9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0159.006] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0003ab720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0159.007] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0159.007] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*", lpFindFileData=0xc0004ad9f8 | out: lpFindFileData=0xc0004ad9f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0159.007] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0004ad720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0159.007] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\4dkRC_taB152.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\4dkrc_tab152.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0159.008] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004afcf4 | out: lpMode=0xc0004afcf4) returned 0 [0159.015] GetFileType (hFile=0x36c) returned 0x1 [0159.015] GetFileType (hFile=0x36c) returned 0x1 [0159.015] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0004afd44 | out: lpFileInformation=0xc0004afd44) returned 1 [0159.015] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0004afd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004afd28) returned 1 [0159.016] ReadFile (in: hFile=0x36c, lpBuffer=0xc000180000, nNumberOfBytesToRead=0x7891, lpNumberOfBytesRead=0xc0004afc04, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesRead=0xc0004afc04*=0x7691, lpOverlapped=0x0) returned 1 [0159.017] ReadFile (in: hFile=0x36c, lpBuffer=0xc000187691, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004afc04, lpOverlapped=0x0 | out: lpBuffer=0xc000187691*, lpNumberOfBytesRead=0xc0004afc04*=0x0, lpOverlapped=0x0) returned 1 [0159.018] CloseHandle (hObject=0x36c) returned 1 [0159.018] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0159.020] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\4dkRC_taB152.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\4dkrc_tab152.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0159.022] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004afd04 | out: lpMode=0xc0004afd04) returned 0 [0159.069] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0159.092] GetFileType (hFile=0x36c) returned 0x1 [0159.093] WriteFile (in: hFile=0x36c, lpBuffer=0xc000212000*, nNumberOfBytesToWrite=0x76a0, lpNumberOfBytesWritten=0xc0004afcec, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesWritten=0xc0004afcec*=0x76a0, lpOverlapped=0x0) returned 1 [0159.095] CloseHandle (hObject=0x36c) returned 1 [0159.096] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0159.096] VirtualAlloc (lpAddress=0xc000072000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000072000 [0159.098] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\4dkRC_taB152.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\4dkrc_tab152.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0159.098] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004afd64 | out: lpMode=0xc0004afd64) returned 0 [0159.111] GetFileType (hFile=0x36c) returned 0x1 [0159.111] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004afd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0004afd4c*=0x158, lpOverlapped=0x0) returned 1 [0159.111] CloseHandle (hObject=0x36c) returned 1 [0159.111] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\4dkRC_taB152.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\4dkrc_tab152.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\encry-4dkRC_taB152.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\encry-4dkrc_tab152.flv"), dwFlags=0x1) returned 1 [0159.113] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0159.198] SwitchToThread () returned 1 [0159.214] SetEvent (hEvent=0x43c) returned 1 [0159.214] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0159.220] SetEvent (hEvent=0x254) returned 1 [0159.220] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0159.228] SwitchToThread () returned 1 [0159.285] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0159.337] SetEvent (hEvent=0x1b4) returned 1 [0159.337] VirtualFree (lpAddress=0xc00058e000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0159.340] VirtualFree (lpAddress=0xc000542000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0159.342] VirtualFree (lpAddress=0xc00025a000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0159.343] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0159.344] VirtualFree (lpAddress=0xc000212000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0159.345] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.346] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.347] VirtualFree (lpAddress=0xc00011c000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0159.348] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.348] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.349] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.350] VirtualFree (lpAddress=0xc000078000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0159.350] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.351] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.352] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0159.353] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\6aYA.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\6aya.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0159.354] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004b3cf4 | out: lpMode=0xc0004b3cf4) returned 0 [0159.362] GetFileType (hFile=0x1b0) returned 0x1 [0159.362] GetFileType (hFile=0x1b0) returned 0x1 [0159.362] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0004b3d44 | out: lpFileInformation=0xc0004b3d44) returned 1 [0159.362] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0004b3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004b3d28) returned 1 [0159.362] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0159.365] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000212000, nNumberOfBytesToRead=0xed49, lpNumberOfBytesRead=0xc0004b3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0004b3c04*=0xeb49, lpOverlapped=0x0) returned 1 [0159.367] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000220b49, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004b3c04, lpOverlapped=0x0 | out: lpBuffer=0xc000220b49*, lpNumberOfBytesRead=0xc0004b3c04*=0x0, lpOverlapped=0x0) returned 1 [0159.367] CloseHandle (hObject=0x1b0) returned 1 [0159.367] VirtualAlloc (lpAddress=0xc000498000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0159.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\6aYA.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\6aya.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0159.372] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004b3d04 | out: lpMode=0xc0004b3d04) returned 0 [0159.398] GetFileType (hFile=0x1b0) returned 0x1 [0159.398] WriteFile (in: hFile=0x1b0, lpBuffer=0xc000498000*, nNumberOfBytesToWrite=0xeb50, lpNumberOfBytesWritten=0xc0004b3cec, lpOverlapped=0x0 | out: lpBuffer=0xc000498000*, lpNumberOfBytesWritten=0xc0004b3cec*=0xeb50, lpOverlapped=0x0) returned 1 [0159.403] CloseHandle (hObject=0x1b0) returned 1 [0159.403] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0301 | out: pbBuffer=0xc0002f0301) returned 1 [0159.403] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\6aYA.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\6aya.mp4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0159.403] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004b3d64 | out: lpMode=0xc0004b3d64) returned 0 [0159.410] GetFileType (hFile=0x1b0) returned 0x1 [0159.410] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0001049a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004b3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001049a0*, lpNumberOfBytesWritten=0xc0004b3d4c*=0x158, lpOverlapped=0x0) returned 1 [0159.410] CloseHandle (hObject=0x1b0) returned 1 [0159.410] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\6aYA.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\6aya.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\encry-6aYA.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\encry-6aya.mp4"), dwFlags=0x1) returned 1 [0159.412] SwitchToThread () returned 1 [0159.449] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0159.469] SetEvent (hEvent=0x1b4) returned 1 [0159.469] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\Jqh94fvtU.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\jqh94fvtu.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x3e0 [0159.470] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004e5cf4 | out: lpMode=0xc0004e5cf4) returned 0 [0159.485] GetFileType (hFile=0x3e0) returned 0x1 [0159.485] GetFileType (hFile=0x3e0) returned 0x1 [0159.485] GetFileInformationByHandle (in: hFile=0x3e0, lpFileInformation=0xc0004e5d44 | out: lpFileInformation=0xc0004e5d44) returned 1 [0159.485] GetFileInformationByHandleEx (in: hFile=0x3e0, FileInformationClass=0x9, lpFileInformation=0xc0004e5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004e5d28) returned 1 [0159.485] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0159.500] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0159.504] ReadFile (in: hFile=0x3e0, lpBuffer=0xc00025a000, nNumberOfBytesToRead=0x21b9, lpNumberOfBytesRead=0xc0004e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesRead=0xc0004e5c04*=0x1fb9, lpOverlapped=0x0) returned 1 [0159.506] ReadFile (in: hFile=0x3e0, lpBuffer=0xc00025bfb9, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004e5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025bfb9*, lpNumberOfBytesRead=0xc0004e5c04*=0x0, lpOverlapped=0x0) returned 1 [0159.506] CloseHandle (hObject=0x3e0) returned 1 [0159.507] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0159.508] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0159.509] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0159.510] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\Jqh94fvtU.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\jqh94fvtu.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0159.513] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004e5d04 | out: lpMode=0xc0004e5d04) returned 0 [0159.537] GetFileType (hFile=0x3e0) returned 0x1 [0159.537] WriteFile (in: hFile=0x3e0, lpBuffer=0xc0000a4000*, nNumberOfBytesToWrite=0x1fc0, lpNumberOfBytesWritten=0xc0004e5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000a4000*, lpNumberOfBytesWritten=0xc0004e5cec*=0x1fc0, lpOverlapped=0x0) returned 1 [0159.539] CloseHandle (hObject=0x3e0) returned 1 [0159.539] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0159.540] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\Jqh94fvtU.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\jqh94fvtu.mp4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3e0 [0159.540] GetConsoleMode (in: hConsoleHandle=0x3e0, lpMode=0xc0004e5d64 | out: lpMode=0xc0004e5d64) returned 0 [0159.548] GetFileType (hFile=0x3e0) returned 0x1 [0159.548] WriteFile (in: hFile=0x3e0, lpBuffer=0xc000050b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004e5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050b00*, lpNumberOfBytesWritten=0xc0004e5d4c*=0x158, lpOverlapped=0x0) returned 1 [0159.549] CloseHandle (hObject=0x3e0) returned 1 [0159.549] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\Jqh94fvtU.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\jqh94fvtu.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\encry-Jqh94fvtU.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\encry-jqh94fvtu.mp4"), dwFlags=0x1) returned 1 [0159.552] SwitchToThread () returned 1 [0159.584] SwitchToThread () returned 1 [0159.589] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0159.611] SetEvent (hEvent=0x1b4) returned 1 [0159.611] SwitchToThread () returned 1 [0159.626] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\xk_R3F.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\xk_r3f.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0159.627] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004efcf4 | out: lpMode=0xc0004efcf4) returned 0 [0159.633] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0159.642] GetFileType (hFile=0x36c) returned 0x1 [0159.642] GetFileType (hFile=0x36c) returned 0x1 [0159.642] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0004efd44 | out: lpFileInformation=0xc0004efd44) returned 1 [0159.642] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0004efd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004efd28) returned 1 [0159.642] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0159.643] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0159.647] ReadFile (in: hFile=0x36c, lpBuffer=0xc000542000, nNumberOfBytesToRead=0x46c2, lpNumberOfBytesRead=0xc0004efc04, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesRead=0xc0004efc04*=0x44c2, lpOverlapped=0x0) returned 1 [0159.649] ReadFile (in: hFile=0x36c, lpBuffer=0xc0005464c2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004efc04, lpOverlapped=0x0 | out: lpBuffer=0xc0005464c2*, lpNumberOfBytesRead=0xc0004efc04*=0x0, lpOverlapped=0x0) returned 1 [0159.649] CloseHandle (hObject=0x36c) returned 1 [0159.649] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0159.650] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\xk_R3F.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\xk_r3f.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0159.652] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004efd04 | out: lpMode=0xc0004efd04) returned 0 [0159.656] GetFileType (hFile=0x36c) returned 0x1 [0159.656] WriteFile (in: hFile=0x36c, lpBuffer=0xc000546800*, nNumberOfBytesToWrite=0x44d0, lpNumberOfBytesWritten=0xc0004efcec, lpOverlapped=0x0 | out: lpBuffer=0xc000546800*, lpNumberOfBytesWritten=0xc0004efcec*=0x44d0, lpOverlapped=0x0) returned 1 [0159.658] CloseHandle (hObject=0x36c) returned 1 [0159.658] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0159.658] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0159.659] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\xk_R3F.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\xk_r3f.swf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0159.659] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004efd64 | out: lpMode=0xc0004efd64) returned 0 [0159.661] GetFileType (hFile=0x36c) returned 0x1 [0159.661] WriteFile (in: hFile=0x36c, lpBuffer=0xc000104420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004efd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104420*, lpNumberOfBytesWritten=0xc0004efd4c*=0x158, lpOverlapped=0x0) returned 1 [0159.661] CloseHandle (hObject=0x36c) returned 1 [0159.661] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\xk_R3F.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\xk_r3f.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\_aS6CtfrDr8\\encry-xk_R3F.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\_as6ctfrdr8\\encry-xk_r3f.swf"), dwFlags=0x1) returned 1 [0159.663] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0159.665] SetEvent (hEvent=0x43c) returned 1 [0159.665] SetEvent (hEvent=0x254) returned 1 [0159.665] VirtualFree (lpAddress=0xc0005a2000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0159.667] VirtualFree (lpAddress=0xc000576000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0159.669] VirtualFree (lpAddress=0xc000230000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0159.670] VirtualFree (lpAddress=0xc000212000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0159.671] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.672] VirtualFree (lpAddress=0xc00011c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.672] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.673] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.674] VirtualFree (lpAddress=0xc0000a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.674] VirtualFree (lpAddress=0xc000072000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0159.675] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.676] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.676] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.677] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\6m-whhzR4vM.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\6m-whhzr4vm.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0159.678] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004ebcf4 | out: lpMode=0xc0004ebcf4) returned 0 [0159.713] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0159.808] GetFileType (hFile=0x1b0) returned 0x1 [0159.808] GetFileType (hFile=0x1b0) returned 0x1 [0159.808] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0004ebd44 | out: lpFileInformation=0xc0004ebd44) returned 1 [0159.808] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0004ebd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004ebd28) returned 1 [0159.808] VirtualAlloc (lpAddress=0xc000554000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000554000 [0159.814] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000554000, nNumberOfBytesToRead=0x12408, lpNumberOfBytesRead=0xc0004ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc000554000*, lpNumberOfBytesRead=0xc0004ebc04*=0x12208, lpOverlapped=0x0) returned 1 [0159.817] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000566208, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc000566208*, lpNumberOfBytesRead=0xc0004ebc04*=0x0, lpOverlapped=0x0) returned 1 [0159.817] CloseHandle (hObject=0x1b0) returned 1 [0159.817] VirtualAlloc (lpAddress=0xc00058e000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00058e000 [0159.823] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\6m-whhzR4vM.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\6m-whhzr4vm.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0159.827] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004ebd04 | out: lpMode=0xc0004ebd04) returned 0 [0159.828] GetFileType (hFile=0x1b0) returned 0x1 [0159.828] WriteFile (in: hFile=0x1b0, lpBuffer=0xc00058e000*, nNumberOfBytesToWrite=0x12210, lpNumberOfBytesWritten=0xc0004ebcec, lpOverlapped=0x0 | out: lpBuffer=0xc00058e000*, lpNumberOfBytesWritten=0xc0004ebcec*=0x12210, lpOverlapped=0x0) returned 1 [0159.833] CloseHandle (hObject=0x1b0) returned 1 [0159.834] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a001 | out: pbBuffer=0xc00028a001) returned 1 [0159.834] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\6m-whhzR4vM.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\6m-whhzr4vm.mkv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0159.834] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004ebd64 | out: lpMode=0xc0004ebd64) returned 0 [0159.837] GetFileType (hFile=0x1b0) returned 0x1 [0159.837] WriteFile (in: hFile=0x1b0, lpBuffer=0xc0000d6c60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004ebd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6c60*, lpNumberOfBytesWritten=0xc0004ebd4c*=0x158, lpOverlapped=0x0) returned 1 [0159.838] CloseHandle (hObject=0x1b0) returned 1 [0159.838] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\6m-whhzR4vM.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\6m-whhzr4vm.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\encry-6m-whhzR4vM.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\encry-6m-whhzr4vm.mkv"), dwFlags=0x1) returned 1 [0159.841] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0159.845] SetEvent (hEvent=0x43c) returned 1 [0159.845] SetEvent (hEvent=0x1b4) returned 1 [0159.845] VirtualFree (lpAddress=0xc000542000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0159.847] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.848] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.848] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\97O9Qr2oKzuINtlG3tb.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\97o9qr2okzuintlg3tb.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0159.850] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004f7cf4 | out: lpMode=0xc0004f7cf4) returned 0 [0159.853] GetFileType (hFile=0x36c) returned 0x1 [0159.853] GetFileType (hFile=0x36c) returned 0x1 [0159.853] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0004f7d44 | out: lpFileInformation=0xc0004f7d44) returned 1 [0159.853] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0004f7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004f7d28) returned 1 [0159.853] VirtualAlloc (lpAddress=0xc0005a2000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005a2000 [0159.858] ReadFile (in: hFile=0x36c, lpBuffer=0xc0005a2000, nNumberOfBytesToRead=0x185bf, lpNumberOfBytesRead=0xc0004f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005a2000*, lpNumberOfBytesRead=0xc0004f7c04*=0x183bf, lpOverlapped=0x0) returned 1 [0159.861] ReadFile (in: hFile=0x36c, lpBuffer=0xc0005ba3bf, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0005ba3bf*, lpNumberOfBytesRead=0xc0004f7c04*=0x0, lpOverlapped=0x0) returned 1 [0159.862] CloseHandle (hObject=0x36c) returned 1 [0159.862] VirtualAlloc (lpAddress=0xc0005bc000, dwSize=0x1a000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005bc000 [0159.868] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\97O9Qr2oKzuINtlG3tb.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\97o9qr2okzuintlg3tb.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0159.872] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004f7d04 | out: lpMode=0xc0004f7d04) returned 0 [0159.880] GetFileType (hFile=0x36c) returned 0x1 [0159.881] WriteFile (in: hFile=0x36c, lpBuffer=0xc0005bc000*, nNumberOfBytesToWrite=0x183c0, lpNumberOfBytesWritten=0xc0004f7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005bc000*, lpNumberOfBytesWritten=0xc0004f7cec*=0x183c0, lpOverlapped=0x0) returned 1 [0159.886] CloseHandle (hObject=0x36c) returned 1 [0159.887] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00028a201 | out: pbBuffer=0xc00028a201) returned 1 [0159.887] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0159.889] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\97O9Qr2oKzuINtlG3tb.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\97o9qr2okzuintlg3tb.swf"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0159.889] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0004f7d64 | out: lpMode=0xc0004f7d64) returned 0 [0159.906] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0159.930] GetFileType (hFile=0x36c) returned 0x1 [0159.930] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004f7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc0004f7d4c*=0x158, lpOverlapped=0x0) returned 1 [0159.930] CloseHandle (hObject=0x36c) returned 1 [0159.931] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0159.932] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\97O9Qr2oKzuINtlG3tb.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\97o9qr2okzuintlg3tb.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\encry-97O9Qr2oKzuINtlG3tb.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\encry-97o9qr2okzuintlg3tb.swf"), dwFlags=0x1) returned 1 [0159.934] SetEvent (hEvent=0x254) returned 1 [0159.934] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0159.940] SetEvent (hEvent=0xc64) returned 1 [0159.940] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe30*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0159.942] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bb3f698, ulCount=0x10, ulNumEntriesRemoved=0x3bb3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bb3f698, ulNumEntriesRemoved=0x3bb3f66c) returned 0 [0159.942] SetEvent (hEvent=0xa8) returned 1 [0159.942] SetEvent (hEvent=0xc64) returned 1 [0159.942] SetEvent (hEvent=0x9e8) returned 1 [0159.944] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe08*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0159.955] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0159.956] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe08*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0160.156] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bb3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3bb3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bb3f6a0, ulNumEntriesRemoved=0x3bb3f674) returned 0 [0160.156] SetEvent (hEvent=0x43c) returned 1 [0160.156] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe18*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0160.242] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe30*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.276] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.276] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bb3f698, ulCount=0x10, ulNumEntriesRemoved=0x3bb3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bb3f698, ulNumEntriesRemoved=0x3bb3f66c) returned 0 [0160.276] SetEvent (hEvent=0xc0) returned 1 [0160.276] SetEvent (hEvent=0x254) returned 1 [0160.277] SetEvent (hEvent=0x9e8) returned 1 [0160.279] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe08*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.303] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.303] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe08*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.319] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.319] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe30*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0160.320] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bb3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3bb3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bb3f6a0, ulNumEntriesRemoved=0x3bb3f674) returned 0 [0160.320] SetEvent (hEvent=0xc0) returned 1 [0160.320] SetEvent (hEvent=0x43c) returned 1 [0160.320] SetEvent (hEvent=0x254) returned 1 [0160.321] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe18*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0160.389] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bb3f698, ulCount=0x10, ulNumEntriesRemoved=0x3bb3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bb3f698, ulNumEntriesRemoved=0x3bb3f66c) returned 0 [0160.389] SetEvent (hEvent=0x9e8) returned 1 [0160.389] SetEvent (hEvent=0xc64) returned 1 [0160.391] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe08*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.412] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.412] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe08*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.500] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.500] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bb3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3bb3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bb3f6a0, ulNumEntriesRemoved=0x3bb3f674) returned 0 [0160.500] SetEvent (hEvent=0x43c) returned 1 [0160.500] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe18*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.586] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.586] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bb3f698, ulCount=0x10, ulNumEntriesRemoved=0x3bb3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bb3f698, ulNumEntriesRemoved=0x3bb3f66c) returned 0 [0160.586] SetEvent (hEvent=0x254) returned 1 [0160.586] SetEvent (hEvent=0x9e8) returned 1 [0160.588] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe08*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.598] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.598] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe08*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.623] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.623] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe30*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.625] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.626] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bb3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3bb3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bb3f6a0, ulNumEntriesRemoved=0x3bb3f674) returned 0 [0160.626] SetEvent (hEvent=0xc0) returned 1 [0160.626] SetEvent (hEvent=0x1b4) returned 1 [0160.626] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe18*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0160.683] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe30*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0160.685] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bb3f698, ulCount=0x10, ulNumEntriesRemoved=0x3bb3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bb3f698, ulNumEntriesRemoved=0x3bb3f66c) returned 0 [0160.685] SetEvent (hEvent=0xc0) returned 1 [0160.685] SetEvent (hEvent=0x1b4) returned 1 [0160.685] SetEvent (hEvent=0x254) returned 1 [0160.686] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe08*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0160.695] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe08*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0160.721] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe30*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.724] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.724] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bb3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3bb3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bb3f6a0, ulNumEntriesRemoved=0x3bb3f674) returned 0 [0160.724] SetEvent (hEvent=0xc0) returned 1 [0160.724] SetEvent (hEvent=0x9e8) returned 1 [0160.724] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe18*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0160.768] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bb3f698, ulCount=0x10, ulNumEntriesRemoved=0x3bb3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bb3f698, ulNumEntriesRemoved=0x3bb3f66c) returned 0 [0160.768] SetEvent (hEvent=0x254) returned 1 [0160.768] SetEvent (hEvent=0xa8) returned 1 [0160.770] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe08*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.792] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.792] SetEvent (hEvent=0xa8) returned 1 [0160.792] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe08*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.813] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.813] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe30*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.816] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.816] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bb3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3bb3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bb3f6a0, ulNumEntriesRemoved=0x3bb3f674) returned 0 [0160.816] SetEvent (hEvent=0xa8) returned 1 [0160.816] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe18*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.841] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.841] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe30*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0160.847] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bb3f698, ulCount=0x10, ulNumEntriesRemoved=0x3bb3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bb3f698, ulNumEntriesRemoved=0x3bb3f66c) returned 0 [0160.847] SetEvent (hEvent=0xc0) returned 1 [0160.847] SetEvent (hEvent=0x1b4) returned 1 [0160.847] SetEvent (hEvent=0x254) returned 1 [0160.849] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe08*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0160.854] SetEvent (hEvent=0x254) returned 1 [0160.854] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe08*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0160.870] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.870] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe30*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0160.872] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bb3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3bb3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bb3f6a0, ulNumEntriesRemoved=0x3bb3f674) returned 0 [0160.872] SetEvent (hEvent=0x43c) returned 1 [0160.872] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe18*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0160.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\nmnOXj.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\nmnoxj.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7a0 [0160.876] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc00032fcf4 | out: lpMode=0xc00032fcf4) returned 0 [0160.879] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.925] SetEvent (hEvent=0x9e8) returned 1 [0160.925] GetFileType (hFile=0x7a0) returned 0x1 [0160.926] GetFileType (hFile=0x7a0) returned 0x1 [0160.926] GetFileInformationByHandle (in: hFile=0x7a0, lpFileInformation=0xc00032fd44 | out: lpFileInformation=0xc00032fd44) returned 1 [0160.926] GetFileInformationByHandleEx (in: hFile=0x7a0, FileInformationClass=0x9, lpFileInformation=0xc00032fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00032fd28) returned 1 [0160.926] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0160.927] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0160.931] ReadFile (in: hFile=0x7a0, lpBuffer=0xc000542000, nNumberOfBytesToRead=0x102b5, lpNumberOfBytesRead=0xc00032fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesRead=0xc00032fc04*=0x100b5, lpOverlapped=0x0) returned 1 [0160.934] ReadFile (in: hFile=0x7a0, lpBuffer=0xc0005520b5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00032fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0005520b5*, lpNumberOfBytesRead=0xc00032fc04*=0x0, lpOverlapped=0x0) returned 1 [0160.934] CloseHandle (hObject=0x7a0) returned 1 [0160.934] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0160.935] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0160.936] VirtualAlloc (lpAddress=0xc000554000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000554000 [0160.940] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\nmnOXj.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\nmnoxj.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0160.943] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc00032fd04 | out: lpMode=0xc00032fd04) returned 0 [0160.952] GetFileType (hFile=0x7a0) returned 0x1 [0160.952] WriteFile (in: hFile=0x7a0, lpBuffer=0xc000554000*, nNumberOfBytesToWrite=0x100c0, lpNumberOfBytesWritten=0xc00032fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000554000*, lpNumberOfBytesWritten=0xc00032fcec*=0x100c0, lpOverlapped=0x0) returned 1 [0160.956] CloseHandle (hObject=0x7a0) returned 1 [0160.956] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0201 | out: pbBuffer=0xc0002f0201) returned 1 [0160.956] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0160.958] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0160.959] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0160.960] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0160.961] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\nmnOXj.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\nmnoxj.bmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0160.961] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc00032fd64 | out: lpMode=0xc00032fd64) returned 0 [0160.967] GetFileType (hFile=0x7a0) returned 0x1 [0160.967] WriteFile (in: hFile=0x7a0, lpBuffer=0xc0000d6f20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00032fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6f20*, lpNumberOfBytesWritten=0xc00032fd4c*=0x158, lpOverlapped=0x0) returned 1 [0160.967] CloseHandle (hObject=0x7a0) returned 1 [0160.967] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0160.969] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0160.970] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\nmnOXj.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\nmnoxj.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\encry-nmnOXj.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\encry-nmnoxj.bmp"), dwFlags=0x1) returned 1 [0160.972] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0160.974] SetEvent (hEvent=0x9e8) returned 1 [0160.974] SetEvent (hEvent=0xa8) returned 1 [0160.974] VirtualAlloc (lpAddress=0xc00005e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005e000 [0160.975] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.976] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.977] VirtualFree (lpAddress=0xc00007c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.977] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0160.978] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\vOTqYx.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\votqyx.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0160.979] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00032bcf4 | out: lpMode=0xc00032bcf4) returned 0 [0160.985] GetFileType (hFile=0x36c) returned 0x1 [0160.985] GetFileType (hFile=0x36c) returned 0x1 [0160.985] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc00032bd44 | out: lpFileInformation=0xc00032bd44) returned 1 [0160.985] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc00032bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00032bd28) returned 1 [0160.985] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0160.987] ReadFile (in: hFile=0x36c, lpBuffer=0xc000230000, nNumberOfBytesToRead=0x72e1, lpNumberOfBytesRead=0xc00032bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000230000*, lpNumberOfBytesRead=0xc00032bc04*=0x70e1, lpOverlapped=0x0) returned 1 [0160.990] ReadFile (in: hFile=0x36c, lpBuffer=0xc0002370e1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00032bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002370e1*, lpNumberOfBytesRead=0xc00032bc04*=0x0, lpOverlapped=0x0) returned 1 [0160.990] CloseHandle (hObject=0x36c) returned 1 [0160.990] VirtualAlloc (lpAddress=0xc00025a000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025a000 [0160.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\vOTqYx.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\votqyx.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0160.995] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00032bd04 | out: lpMode=0xc00032bd04) returned 0 [0161.014] GetFileType (hFile=0x36c) returned 0x1 [0161.014] WriteFile (in: hFile=0x36c, lpBuffer=0xc00025a000*, nNumberOfBytesToWrite=0x70f0, lpNumberOfBytesWritten=0xc00032bcec, lpOverlapped=0x0 | out: lpBuffer=0xc00025a000*, lpNumberOfBytesWritten=0xc00032bcec*=0x70f0, lpOverlapped=0x0) returned 1 [0161.017] CloseHandle (hObject=0x36c) returned 1 [0161.018] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0002f0401 | out: pbBuffer=0xc0002f0401) returned 1 [0161.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\vOTqYx.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\votqyx.bmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0161.018] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc00032bd64 | out: lpMode=0xc00032bd64) returned 0 [0161.021] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0161.041] SetEvent (hEvent=0x9e8) returned 1 [0161.041] GetFileType (hFile=0x36c) returned 0x1 [0161.041] WriteFile (in: hFile=0x36c, lpBuffer=0xc000050840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00032bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000050840*, lpNumberOfBytesWritten=0xc00032bd4c*=0x158, lpOverlapped=0x0) returned 1 [0161.041] CloseHandle (hObject=0x36c) returned 1 [0161.042] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\vOTqYx.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\votqyx.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\encry-vOTqYx.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\encry-votqyx.bmp"), dwFlags=0x1) returned 1 [0161.044] SwitchToThread () returned 1 [0161.094] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0161.140] SetEvent (hEvent=0x1b4) returned 1 [0161.140] GetFileType (hFile=0x5a0) returned 0x1 [0161.140] GetFileType (hFile=0x5a0) returned 0x1 [0161.140] GetFileInformationByHandle (in: hFile=0x5a0, lpFileInformation=0xc000401d44 | out: lpFileInformation=0xc000401d44) returned 1 [0161.141] GetFileInformationByHandleEx (in: hFile=0x5a0, FileInformationClass=0x9, lpFileInformation=0xc000401d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000401d28) returned 1 [0161.141] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0161.143] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0161.144] ReadFile (in: hFile=0x5a0, lpBuffer=0xc00002c000, nNumberOfBytesToRead=0x444, lpNumberOfBytesRead=0xc000401c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c000*, lpNumberOfBytesRead=0xc000401c04*=0x244, lpOverlapped=0x0) returned 1 [0161.147] ReadFile (in: hFile=0x5a0, lpBuffer=0xc00002c244, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000401c04, lpOverlapped=0x0 | out: lpBuffer=0xc00002c244*, lpNumberOfBytesRead=0xc000401c04*=0x0, lpOverlapped=0x0) returned 1 [0161.147] CloseHandle (hObject=0x5a0) returned 1 [0161.147] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0161.148] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0161.149] VirtualAlloc (lpAddress=0xc00005a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005a000 [0161.151] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0161.151] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini\\*", lpFindFileData=0xc000401a08 | out: lpFindFileData=0xc000401a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0161.151] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000401720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0161.151] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\QtgFSWvjw70Lo7.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\qtgfswvjw70lo7.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5a0 [0161.153] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc00015fcf4 | out: lpMode=0xc00015fcf4) returned 0 [0161.160] GetFileType (hFile=0x5a0) returned 0x1 [0161.160] GetFileType (hFile=0x5a0) returned 0x1 [0161.160] GetFileInformationByHandle (in: hFile=0x5a0, lpFileInformation=0xc00015fd44 | out: lpFileInformation=0xc00015fd44) returned 1 [0162.065] GetFileInformationByHandleEx (in: hFile=0x5a0, FileInformationClass=0x9, lpFileInformation=0xc00015fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015fd28) returned 1 [0162.065] VirtualAlloc (lpAddress=0xc000322000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000322000 [0162.066] VirtualAlloc (lpAddress=0xc0004c0000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004c0000 [0162.071] ReadFile (in: hFile=0x5a0, lpBuffer=0xc0004c0000, nNumberOfBytesToRead=0x15dc5, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004c0000*, lpNumberOfBytesRead=0xc00015fc04*=0x15bc5, lpOverlapped=0x0) returned 1 [0162.073] ReadFile (in: hFile=0x5a0, lpBuffer=0xc0004d5bc5, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004d5bc5*, lpNumberOfBytesRead=0xc00015fc04*=0x0, lpOverlapped=0x0) returned 1 [0162.073] CloseHandle (hObject=0x5a0) returned 1 [0162.073] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0162.078] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\QtgFSWvjw70Lo7.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\qtgfswvjw70lo7.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0 [0162.080] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc00015fd04 | out: lpMode=0xc00015fd04) returned 0 [0162.414] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0162.601] SetEvent (hEvent=0x960) returned 1 [0162.601] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0162.704] SetEvent (hEvent=0xa40) returned 1 [0162.704] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0x834, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3bb3f840, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3bb3f840*=0x6b4) returned 1 [0162.704] SuspendThread (hThread=0x6b4) returned 0x0 [0162.704] GetThreadContext (in: hThread=0x6b4, lpContext=0x3bb3f850 | out: lpContext=0x3bb3f850*(P1Home=0x0, P2Home=0x0, P3Home=0x0, P4Home=0x0, P5Home=0x0, P6Home=0x0, ContextFlags=0x100001, MxCsr=0x0, SegCs=0x33, SegDs=0x0, SegEs=0x0, SegFs=0x0, SegGs=0x0, SegSs=0x2b, EFlags=0x246, Dr0=0x0, Dr1=0x0, Dr2=0x0, Dr3=0x0, Dr6=0x0, Dr7=0x0, Rax=0x0, Rcx=0x0, Rdx=0x0, Rbx=0x0, Rsp=0x3e33fcc8, Rbp=0x0, Rsi=0x0, Rdi=0x0, R8=0x0, R9=0x0, R10=0x0, R11=0x0, R12=0x0, R13=0x0, R14=0x0, R15=0x0, Rip=0x77ab13fa, FltSave.ControlWord=0x0, FltSave.StatusWord=0x0, FltSave.TagWord=0x0, FltSave.Reserved1=0x0, FltSave.ErrorOpcode=0x0, FltSave.ErrorOffset=0x0, FltSave.ErrorSelector=0x0, FltSave.Reserved2=0x0, FltSave.DataOffset=0x0, FltSave.DataSelector=0x0, FltSave.Reserved3=0x0, FltSave.MxCsr=0x0, FltSave.MxCsr_Mask=0x0, FltSave.FloatRegisters.Low=0x0, FltSave.FloatRegisters.High=0x0, FltSave.XmmRegisters.Low=0x0, FltSave.XmmRegisters.High=0x0, FltSave.Reserved4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0, [8]=0x0, [9]=0x0, [10]=0x0, [11]=0x0, [12]=0x0, [13]=0x0, [14]=0x0, [15]=0x0, [16]=0x0, [17]=0x0, [18]=0x0, [19]=0x0, [20]=0x0, [21]=0x0, [22]=0x0, [23]=0x0, [24]=0x0, [25]=0x0, [26]=0x0, [27]=0x0, [28]=0x0, [29]=0x0, [30]=0x0, [31]=0x0, [32]=0x0, [33]=0x0, [34]=0x0, [35]=0x0, [36]=0x0, [37]=0x0, [38]=0x0, [39]=0x0, [40]=0x0, [41]=0x0, [42]=0x0, [43]=0x0, [44]=0x0, [45]=0x0, [46]=0x0, [47]=0x0, [48]=0x0, [49]=0x0, [50]=0x0, [51]=0x0, [52]=0x0, [53]=0x0, [54]=0x0, [55]=0x0, [56]=0x0, [57]=0x0, [58]=0x0, [59]=0x0, [60]=0x0, [61]=0x0, [62]=0x0, [63]=0x0, [64]=0x0, [65]=0x0, [66]=0x0, [67]=0x0, [68]=0x0, [69]=0x0, [70]=0x0, [71]=0x0, [72]=0x0, [73]=0x0, [74]=0x0, [75]=0x0, [76]=0x0, [77]=0x0, [78]=0x0, [79]=0x0, [80]=0x0, [81]=0x0, [82]=0x0, [83]=0x0, [84]=0x0, [85]=0x0, [86]=0x0, [87]=0x0, [88]=0x0, [89]=0x0, [90]=0x0, [91]=0x0, [92]=0x0, [93]=0x0, [94]=0x0, [95]=0x0, [96]=0x0, [97]=0x0, [98]=0x0, [99]=0x0, [100]=0x0, [101]=0x0, [102]=0x0, [103]=0x0, [104]=0x0, [105]=0x0, [106]=0x0, [107]=0x0, [108]=0x0, [109]=0x0, [110]=0x0, [111]=0x0, [112]=0x0, [113]=0x0, [114]=0x0, [115]=0x0, [116]=0x0, [117]=0x0, [118]=0x0, [119]=0x0, [120]=0x0, [121]=0x0, [122]=0x0, [123]=0x0, [124]=0x0, [125]=0x0, [126]=0x0, [127]=0x0, [128]=0x0, [129]=0x0, [130]=0x0, [131]=0x0, [132]=0x0, [133]=0x0, [134]=0x0, [135]=0x0, [136]=0x0, [137]=0x0, [138]=0x0, [139]=0x0, [140]=0x0, [141]=0x0, [142]=0x0, [143]=0x0, [144]=0x0, [145]=0x0, [146]=0x0, [147]=0x0, [148]=0x0, [149]=0x0, [150]=0x0, [151]=0x0, [152]=0x0, [153]=0x0, [154]=0x0, [155]=0x0, [156]=0x0, [157]=0x0, [158]=0x0, [159]=0x0, [160]=0x0, [161]=0x0, [162]=0x0, [163]=0x0, [164]=0x0, [165]=0x0, [166]=0x0, [167]=0x0, [168]=0x0, [169]=0x0, [170]=0x0, [171]=0x0, [172]=0x0, [173]=0x0, [174]=0x0, [175]=0x0, [176]=0x0, [177]=0x0, [178]=0x0, [179]=0x0, [180]=0x0, [181]=0x0, [182]=0x0, [183]=0x0, [184]=0x0, [185]=0x0, [186]=0x0, [187]=0x0, [188]=0x0, [189]=0x0, [190]=0x0, [191]=0x0), FltSave.StackControl=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0), FltSave.Cr0NpxState=0x0, Header.Low=0x0, Header.High=0x0, Legacy.Low=0x0, Legacy.High=0x0, Xmm0.Low=0x0, Xmm0.High=0x0, Xmm1.Low=0x0, Xmm1.High=0x0, Xmm2.Low=0x0, Xmm2.High=0x0, Xmm3.Low=0x0, Xmm3.High=0x0, Xmm4.Low=0x0, Xmm4.High=0x0, Xmm5.Low=0x0, Xmm5.High=0x0, Xmm6.Low=0x0, Xmm6.High=0x0, Xmm7.Low=0x0, Xmm7.High=0x0, Xmm8.Low=0x0, Xmm8.High=0x0, Xmm9.Low=0x0, Xmm9.High=0x0, Xmm10.Low=0x0, Xmm10.High=0x0, Xmm11.Low=0x0, Xmm11.High=0x0, Xmm12.Low=0x0, Xmm12.High=0x0, Xmm13.Low=0x0, Xmm13.High=0x0, Xmm14.Low=0x0, Xmm14.High=0x0, Xmm15.Low=0x0, Xmm15.High=0x0, VectorRegister.Low=0x0, VectorRegister.High=0x0, VectorControl=0x0, DebugControl=0x0, LastBranchToRip=0x0, LastBranchFromRip=0x0, LastExceptionToRip=0x0, LastExceptionFromRip=0x0)) returned 1 [0162.705] ResumeThread (hThread=0x6b4) returned 0x1 [0162.705] CloseHandle (hObject=0x6b4) returned 1 [0162.737] SwitchToThread () returned 1 [0162.770] SetEvent (hEvent=0xa40) returned 1 [0162.815] SetEvent (hEvent=0x254) returned 1 [0162.816] SetEvent (hEvent=0x8d0) returned 1 [0162.914] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe08*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0162.936] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0162.936] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bb3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3bb3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bb3f6a0, ulNumEntriesRemoved=0x3bb3f674) returned 0 [0162.936] SetEvent (hEvent=0xc0c) returned 1 [0162.936] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bb3fe18*=0xb58, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0163.019] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0163.019] SetEvent (hEvent=0x8d0) returned 1 [0163.019] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0163.094] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0163.128] SetEvent (hEvent=0xc0c) returned 1 [0163.129] SetEvent (hEvent=0x254) returned 1 [0163.129] SetEvent (hEvent=0xa8) returned 1 [0163.129] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0163.471] SetEvent (hEvent=0xc0c) returned 1 [0163.471] SwitchToThread () returned 1 [0163.472] SetEvent (hEvent=0xc0c) returned 1 [0163.472] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0163.473] SetEvent (hEvent=0xc0c) returned 1 [0163.473] SetEvent (hEvent=0x254) returned 1 [0163.474] VirtualFree (lpAddress=0xc0005d6000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0163.475] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.476] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.476] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.477] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.478] VirtualFree (lpAddress=0xc0000f0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.478] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.479] VirtualFree (lpAddress=0xc000042000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.480] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.480] VirtualFree (lpAddress=0xc00002c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0163.481] WriteFile (in: hFile=0x748, lpBuffer=0xc0005b6000*, nNumberOfBytesToWrite=0x12060, lpNumberOfBytesWritten=0xc00020bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0005b6000*, lpNumberOfBytesWritten=0xc00020bcec*=0x12060, lpOverlapped=0x0) returned 1 [0166.312] CloseHandle (hObject=0x748) returned 1 [0166.742] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0166.918] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031bf01 | out: pbBuffer=0xc00031bf01) returned 1 [0166.918] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) returned 0x0 [0167.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RgWfaxbyNSn.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rgwfaxbynsn.wav"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0167.031] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc00020bd64 | out: lpMode=0xc00020bd64) returned 0 [0167.035] GetFileType (hFile=0x7a0) returned 0x1 [0167.035] WriteFile (in: hFile=0x7a0, lpBuffer=0xc0001209a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00020bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001209a0*, lpNumberOfBytesWritten=0xc00020bd4c*=0x158, lpOverlapped=0x0) returned 1 [0167.035] CloseHandle (hObject=0x7a0) returned 1 [0167.035] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\RgWfaxbyNSn.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rgwfaxbynsn.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\encry-RgWfaxbyNSn.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\encry-rgwfaxbynsn.wav"), dwFlags=0x1) returned 1 [0167.389] WaitForSingleObject (hHandle=0xb58, dwMilliseconds=0xffffffff) Thread: id = 168 os_tid = 0xc44 [0142.178] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3bd3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3bd3fea0*=0x798) returned 1 [0142.178] VirtualQuery (in: lpAddress=0x3bd3fec0, lpBuffer=0x3bd3fec0, dwLength=0x30 | out: lpBuffer=0x3bd3fec0*(BaseAddress=0x3bd3f000, AllocationBase=0x3bb40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.178] VirtualAlloc (lpAddress=0xc000682000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000682000 [0142.179] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\a2lzUytuvD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\a2lzuytuvd.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x79c [0142.180] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc00042dcf4 | out: lpMode=0xc00042dcf4) returned 0 [0142.181] GetFileType (hFile=0x79c) returned 0x1 [0142.181] VirtualAlloc (lpAddress=0xc000684000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000684000 [0142.182] GetFileType (hFile=0x79c) returned 0x1 [0142.182] GetFileInformationByHandle (in: hFile=0x79c, lpFileInformation=0xc00042dd44 | out: lpFileInformation=0xc00042dd44) returned 1 [0142.182] GetFileInformationByHandleEx (in: hFile=0x79c, FileInformationClass=0x9, lpFileInformation=0xc00042dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00042dd28) returned 1 [0142.182] VirtualAlloc (lpAddress=0xc000686000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000686000 [0142.183] ReadFile (in: hFile=0x79c, lpBuffer=0xc000686000, nNumberOfBytesToRead=0x1574, lpNumberOfBytesRead=0xc00042dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000686000*, lpNumberOfBytesRead=0xc00042dc04*=0x1374, lpOverlapped=0x0) returned 1 [0142.777] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb68 [0142.777] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb6c [0142.777] WaitForSingleObject (hHandle=0xb68, dwMilliseconds=0xffffffff) returned 0x0 [0143.698] ReadFile (in: hFile=0x79c, lpBuffer=0xc000687374, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00042dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000687374*, lpNumberOfBytesRead=0xc00042dc04*=0x0, lpOverlapped=0x0) returned 1 [0143.698] CloseHandle (hObject=0x79c) returned 1 [0143.698] VirtualAlloc (lpAddress=0xc00067a000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00067a000 [0143.699] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\a2lzUytuvD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\a2lzuytuvd.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x68c [0143.733] WaitForSingleObject (hHandle=0xb68, dwMilliseconds=0xffffffff) returned 0x0 [0144.529] GetConsoleMode (in: hConsoleHandle=0x68c, lpMode=0xc00042dd04 | out: lpMode=0xc00042dd04) returned 0 [0144.530] GetFileType (hFile=0x68c) returned 0x1 [0144.530] WriteFile (in: hFile=0x68c, lpBuffer=0xc00067a000*, nNumberOfBytesToWrite=0x1380, lpNumberOfBytesWritten=0xc00042dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00067a000*, lpNumberOfBytesWritten=0xc00042dcec*=0x1380, lpOverlapped=0x0) returned 1 [0144.531] CloseHandle (hObject=0x68c) returned 1 [0144.531] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533701 | out: pbBuffer=0xc000533701) returned 1 [0144.531] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\a2lzUytuvD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\a2lzuytuvd.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x68c [0144.531] GetConsoleMode (in: hConsoleHandle=0x68c, lpMode=0xc00042dd64 | out: lpMode=0xc00042dd64) returned 0 [0144.536] WaitForSingleObject (hHandle=0xb68, dwMilliseconds=0xffffffff) returned 0x0 [0145.113] GetFileType (hFile=0x68c) returned 0x1 [0145.113] WriteFile (in: hFile=0x68c, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00042dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc00042dd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.113] CloseHandle (hObject=0x68c) returned 1 [0145.255] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\a2lzUytuvD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\a2lzuytuvd.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-a2lzUytuvD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-a2lzuytuvd.lnk"), dwFlags=0x1) returned 1 [0146.245] WaitForSingleObject (hHandle=0xb68, dwMilliseconds=0xffffffff) returned 0x0 [0146.312] SetEvent (hEvent=0x264) returned 1 [0146.312] WaitForSingleObject (hHandle=0xb68, dwMilliseconds=0xffffffff) returned 0x0 [0146.321] VirtualFree (lpAddress=0xc0002ae000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0146.322] VirtualFree (lpAddress=0xc0002aa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.322] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.323] VirtualFree (lpAddress=0xc000298000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.323] VirtualFree (lpAddress=0xc000282000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.324] VirtualFree (lpAddress=0xc00027c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0146.325] VirtualFree (lpAddress=0xc000262000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.326] SetEvent (hEvent=0x448) returned 1 [0146.326] WaitForSingleObject (hHandle=0xb68, dwMilliseconds=0xffffffff) returned 0x0 [0147.928] SetEvent (hEvent=0x274) returned 1 [0147.928] WaitForSingleObject (hHandle=0xb68, dwMilliseconds=0xffffffff) returned 0x0 [0147.934] SetEvent (hEvent=0x274) returned 1 [0147.934] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PL8Q.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\pl8q.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x42c [0147.935] GetConsoleMode (in: hConsoleHandle=0x42c, lpMode=0xc00046dcf4 | out: lpMode=0xc00046dcf4) returned 0 [0147.939] WaitForSingleObject (hHandle=0xb68, dwMilliseconds=0xffffffff) returned 0x0 [0147.966] GetFileType (hFile=0x42c) returned 0x1 [0147.966] GetFileType (hFile=0x42c) returned 0x1 [0147.966] GetFileInformationByHandle (in: hFile=0x42c, lpFileInformation=0xc00046dd44 | out: lpFileInformation=0xc00046dd44) returned 1 [0147.966] GetFileInformationByHandleEx (in: hFile=0x42c, FileInformationClass=0x9, lpFileInformation=0xc00046dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00046dd28) returned 1 [0147.966] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0147.967] ReadFile (in: hFile=0x42c, lpBuffer=0xc000184000, nNumberOfBytesToRead=0x1b99, lpNumberOfBytesRead=0xc00046dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000184000*, lpNumberOfBytesRead=0xc00046dc04*=0x1999, lpOverlapped=0x0) returned 1 [0148.599] ReadFile (in: hFile=0x42c, lpBuffer=0xc000185999, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00046dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000185999*, lpNumberOfBytesRead=0xc00046dc04*=0x0, lpOverlapped=0x0) returned 1 [0148.599] CloseHandle (hObject=0x42c) returned 1 [0148.599] VirtualAlloc (lpAddress=0xc0002f2000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002f2000 [0148.601] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PL8Q.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\pl8q.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2e4 [0149.637] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc00046dd04 | out: lpMode=0xc00046dd04) returned 0 [0149.638] GetFileType (hFile=0x2e4) returned 0x1 [0149.638] WriteFile (in: hFile=0x2e4, lpBuffer=0xc0002f2000*, nNumberOfBytesToWrite=0x19a0, lpNumberOfBytesWritten=0xc00046dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002f2000*, lpNumberOfBytesWritten=0xc00046dcec*=0x19a0, lpOverlapped=0x0) returned 1 [0149.657] CloseHandle (hObject=0x2e4) returned 1 [0149.687] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0149.687] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0149.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PL8Q.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\pl8q.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0149.689] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc00046dd64 | out: lpMode=0xc00046dd64) returned 0 [0149.691] GetFileType (hFile=0x6a4) returned 0x1 [0149.692] WriteFile (in: hFile=0x6a4, lpBuffer=0xc0000402c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00046dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000402c0*, lpNumberOfBytesWritten=0xc00046dd4c*=0x158, lpOverlapped=0x0) returned 1 [0149.706] CloseHandle (hObject=0x6a4) returned 1 [0149.729] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\PL8Q.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\pl8q.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-PL8Q.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-pl8q.flv"), dwFlags=0x1) returned 1 [0152.296] WaitForSingleObject (hHandle=0xb68, dwMilliseconds=0xffffffff) returned 0x0 [0152.429] SetEvent (hEvent=0xa38) returned 1 [0152.429] WaitForSingleObject (hHandle=0xb68, dwMilliseconds=0xffffffff) returned 0x0 [0161.310] SetEvent (hEvent=0xb48) returned 1 [0161.310] GetFileType (hFile=0x748) returned 0x1 [0161.310] WriteFile (in: hFile=0x748, lpBuffer=0xc00056a000*, nNumberOfBytesToWrite=0xa430, lpNumberOfBytesWritten=0xc0002cdcec, lpOverlapped=0x0 | out: lpBuffer=0xc00056a000*, lpNumberOfBytesWritten=0xc0002cdcec*=0xa430, lpOverlapped=0x0) returned 1 [0161.314] CloseHandle (hObject=0x748) returned 1 [0162.042] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b701 | out: pbBuffer=0xc00031b701) returned 1 [0162.042] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\ritr.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\ritr.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x720 [0162.042] GetConsoleMode (in: hConsoleHandle=0x720, lpMode=0xc0002cdd64 | out: lpMode=0xc0002cdd64) returned 0 [0162.404] WaitForSingleObject (hHandle=0xb68, dwMilliseconds=0xffffffff) returned 0x0 [0162.595] SetEvent (hEvent=0x980) returned 1 [0162.595] WaitForSingleObject (hHandle=0xb68, dwMilliseconds=0xffffffff) returned 0x0 [0163.521] WaitForSingleObject (hHandle=0xb68, dwMilliseconds=0xffffffff) returned 0x0 [0163.525] SetEvent (hEvent=0x1a0) returned 1 [0163.525] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000000501 | out: pbBuffer=0xc000000501) returned 1 [0163.525] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0163.526] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0163.527] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0163.527] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms\\*", lpFindFileData=0xc0002f7a68 | out: lpFindFileData=0xc0002f7a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0163.528] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0002f7720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0163.528] GetFileType (hFile=0x63c) returned 0x1 [0163.528] GetFileType (hFile=0x63c) returned 0x1 [0163.528] GetFileInformationByHandle (in: hFile=0x63c, lpFileInformation=0xc0004b5d44 | out: lpFileInformation=0xc0004b5d44) returned 1 [0163.528] GetFileInformationByHandleEx (in: hFile=0x63c, FileInformationClass=0x9, lpFileInformation=0xc0004b5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004b5d28) returned 1 [0163.528] VirtualAlloc (lpAddress=0xc000102000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000102000 [0163.530] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0163.535] ReadFile (in: hFile=0x63c, lpBuffer=0xc000542000, nNumberOfBytesToRead=0x15e03, lpNumberOfBytesRead=0xc0004b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesRead=0xc0004b5c04*=0x15c03, lpOverlapped=0x0) returned 1 [0163.537] ReadFile (in: hFile=0x63c, lpBuffer=0xc000557c03, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004b5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000557c03*, lpNumberOfBytesRead=0xc0004b5c04*=0x0, lpOverlapped=0x0) returned 1 [0163.537] CloseHandle (hObject=0x63c) returned 1 [0163.537] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0163.539] VirtualAlloc (lpAddress=0xc0005d6000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005d6000 [0163.543] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Y138cXvDjo.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\y138cxvdjo.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0166.694] WaitForSingleObject (hHandle=0xb68, dwMilliseconds=0xffffffff) returned 0x0 [0166.837] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc0004b5d04 | out: lpMode=0xc0004b5d04) returned 0 [0166.839] GetFileType (hFile=0x848) returned 0x1 [0166.839] WriteFile (in: hFile=0x848, lpBuffer=0xc0005d6000*, nNumberOfBytesToWrite=0x15c10, lpNumberOfBytesWritten=0xc0004b5cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005d6000*, lpNumberOfBytesWritten=0xc0004b5cec*=0x15c10, lpOverlapped=0x0) returned 1 [0166.843] CloseHandle (hObject=0x848) returned 1 [0166.869] WaitForSingleObject (hHandle=0xb68, dwMilliseconds=0xffffffff) returned 0x0 [0166.987] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0166.987] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Y138cXvDjo.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\y138cxvdjo.mkv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x770 [0166.987] GetConsoleMode (in: hConsoleHandle=0x770, lpMode=0xc0004b5d64 | out: lpMode=0xc0004b5d64) returned 0 [0166.990] GetFileType (hFile=0x770) returned 0x1 [0166.990] WriteFile (in: hFile=0x770, lpBuffer=0xc000185600*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004b5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000185600*, lpNumberOfBytesWritten=0xc0004b5d4c*=0x158, lpOverlapped=0x0) returned 1 [0166.990] CloseHandle (hObject=0x770) returned 1 [0166.991] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Y138cXvDjo.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\y138cxvdjo.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\encry-Y138cXvDjo.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\encry-y138cxvdjo.mkv"), dwFlags=0x1) returned 1 [0167.380] WaitForSingleObject (hHandle=0xb68, dwMilliseconds=0xffffffff) Thread: id = 169 os_tid = 0xc48 [0142.187] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3bf3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3bf3fea0*=0x794) returned 1 [0142.187] VirtualQuery (in: lpAddress=0x3bf3fec0, lpBuffer=0x3bf3fec0, dwLength=0x30 | out: lpBuffer=0x3bf3fec0*(BaseAddress=0x3bf3f000, AllocationBase=0x3bd40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.187] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mBCou1Ppf2tg_e1rt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mbcou1ppf2tg_e1rt.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7a0 [0142.188] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000453cf4 | out: lpMode=0xc000453cf4) returned 0 [0142.189] GetFileType (hFile=0x7a0) returned 0x1 [0142.189] GetFileType (hFile=0x7a0) returned 0x1 [0142.189] GetFileInformationByHandle (in: hFile=0x7a0, lpFileInformation=0xc000453d44 | out: lpFileInformation=0xc000453d44) returned 1 [0142.189] GetFileInformationByHandleEx (in: hFile=0x7a0, FileInformationClass=0x9, lpFileInformation=0xc000453d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000453d28) returned 1 [0142.189] ReadFile (in: hFile=0x7a0, lpBuffer=0xc000305900, nNumberOfBytesToRead=0x112a, lpNumberOfBytesRead=0xc000453c04, lpOverlapped=0x0 | out: lpBuffer=0xc000305900*, lpNumberOfBytesRead=0xc000453c04*=0xf2a, lpOverlapped=0x0) returned 1 [0142.779] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb70 [0142.779] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb74 [0142.779] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0143.331] ReadFile (in: hFile=0x7a0, lpBuffer=0xc00030682a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000453c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030682a*, lpNumberOfBytesRead=0xc000453c04*=0x0, lpOverlapped=0x0) returned 1 [0143.331] CloseHandle (hObject=0x7a0) returned 1 [0143.331] VirtualAlloc (lpAddress=0xc0006bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006bc000 [0143.333] VirtualAlloc (lpAddress=0xc0006be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006be000 [0143.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mBCou1Ppf2tg_e1rt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mbcou1ppf2tg_e1rt.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0143.336] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000453d04 | out: lpMode=0xc000453d04) returned 0 [0143.341] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0143.968] GetFileType (hFile=0x7a0) returned 0x1 [0143.968] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0144.518] WriteFile (in: hFile=0x7a0, lpBuffer=0xc0006bc000*, nNumberOfBytesToWrite=0xf30, lpNumberOfBytesWritten=0xc000453cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006bc000*, lpNumberOfBytesWritten=0xc000453cec*=0xf30, lpOverlapped=0x0) returned 1 [0144.519] CloseHandle (hObject=0x7a0) returned 1 [0144.519] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0144.519] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0144.520] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mBCou1Ppf2tg_e1rt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mbcou1ppf2tg_e1rt.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0144.520] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000453d64 | out: lpMode=0xc000453d64) returned 0 [0144.526] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0144.802] GetFileType (hFile=0x7a0) returned 0x1 [0144.802] WriteFile (in: hFile=0x7a0, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000453d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc000453d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.802] CloseHandle (hObject=0x7a0) returned 1 [0144.806] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0144.807] VirtualAlloc (lpAddress=0xc00006e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006e000 [0144.807] VirtualAlloc (lpAddress=0xc000070000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000070000 [0144.808] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0144.810] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mBCou1Ppf2tg_e1rt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mbcou1ppf2tg_e1rt.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-mBCou1Ppf2tg_e1rt.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-mbcou1ppf2tg_e1rt.lnk"), dwFlags=0x1) returned 1 [0145.444] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bf3f698, ulCount=0x10, ulNumEntriesRemoved=0x3bf3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bf3f698, ulNumEntriesRemoved=0x3bf3f66c) returned 0 [0145.445] SetEvent (hEvent=0x114) returned 1 [0145.445] SetEvent (hEvent=0x920) returned 1 [0145.445] SetEvent (hEvent=0xbd0) returned 1 [0145.447] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bf3fe08*=0xb70, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0145.449] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0145.449] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bf3fe08*=0xb70, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0145.455] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0145.455] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bf3fe30*=0xb70, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.456] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3bf3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3bf3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3bf3f6a0, ulNumEntriesRemoved=0x3bf3f674) returned 0 [0145.456] SetEvent (hEvent=0x920) returned 1 [0145.456] SetEvent (hEvent=0xbd0) returned 1 [0145.457] SetEvent (hEvent=0x320) returned 1 [0145.457] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3bf3fe18*=0xb70, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0145.461] GetFileType (hFile=0x5c4) returned 0x1 [0145.461] WriteFile (in: hFile=0x5c4, lpBuffer=0xc00010e000*, nNumberOfBytesToWrite=0x1f0, lpNumberOfBytesWritten=0xc000391cec, lpOverlapped=0x0 | out: lpBuffer=0xc00010e000*, lpNumberOfBytesWritten=0xc000391cec*=0x1f0, lpOverlapped=0x0) returned 1 [0145.462] CloseHandle (hObject=0x5c4) returned 1 [0145.466] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0145.466] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FzNv_DLmFAz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fznv_dlmfaz.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c4 [0145.466] GetConsoleMode (in: hConsoleHandle=0x5c4, lpMode=0xc000391d64 | out: lpMode=0xc000391d64) returned 0 [0145.474] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0145.979] GetFileType (hFile=0x5c4) returned 0x1 [0145.979] WriteFile (in: hFile=0x5c4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000391d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000391d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.979] CloseHandle (hObject=0x5c4) returned 1 [0145.988] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\FzNv_DLmFAz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\fznv_dlmfaz.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-FzNv_DLmFAz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-fznv_dlmfaz.lnk"), dwFlags=0x1) returned 1 [0150.680] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0151.248] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\X0WBB2qkG0k1puf.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\x0wbb2qkg0k1puf.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x384 [0151.248] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc00014bcf4 | out: lpMode=0xc00014bcf4) returned 0 [0151.250] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0151.776] SetEvent (hEvent=0xa68) returned 1 [0151.776] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0151.780] SetEvent (hEvent=0xa68) returned 1 [0151.780] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Wfqsgh z BG.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wfqsgh z bg.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x6a4 [0151.781] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0001ffcf4 | out: lpMode=0xc0001ffcf4) returned 0 [0151.798] GetFileType (hFile=0x6a4) returned 0x1 [0151.798] GetFileType (hFile=0x6a4) returned 0x1 [0151.798] GetFileInformationByHandle (in: hFile=0x6a4, lpFileInformation=0xc0001ffd44 | out: lpFileInformation=0xc0001ffd44) returned 1 [0151.798] GetFileInformationByHandleEx (in: hFile=0x6a4, FileInformationClass=0x9, lpFileInformation=0xc0001ffd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001ffd28) returned 1 [0151.799] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0151.800] VirtualAlloc (lpAddress=0xc0002cc000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002cc000 [0151.802] ReadFile (in: hFile=0x6a4, lpBuffer=0xc0002cc000, nNumberOfBytesToRead=0x58bd, lpNumberOfBytesRead=0xc0001ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002cc000*, lpNumberOfBytesRead=0xc0001ffc04*=0x56bd, lpOverlapped=0x0) returned 1 [0151.804] ReadFile (in: hFile=0x6a4, lpBuffer=0xc0002d16bd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001ffc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002d16bd*, lpNumberOfBytesRead=0xc0001ffc04*=0x0, lpOverlapped=0x0) returned 1 [0151.804] CloseHandle (hObject=0x6a4) returned 1 [0151.804] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0151.806] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0151.809] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Wfqsgh z BG.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wfqsgh z bg.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0151.811] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0001ffd04 | out: lpMode=0xc0001ffd04) returned 0 [0151.817] GetFileType (hFile=0x6a4) returned 0x1 [0151.817] WriteFile (in: hFile=0x6a4, lpBuffer=0xc0000e6000*, nNumberOfBytesToWrite=0x56c0, lpNumberOfBytesWritten=0xc0001ffcec, lpOverlapped=0x0 | out: lpBuffer=0xc0000e6000*, lpNumberOfBytesWritten=0xc0001ffcec*=0x56c0, lpOverlapped=0x0) returned 1 [0151.819] CloseHandle (hObject=0x6a4) returned 1 [0151.819] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0151.819] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Wfqsgh z BG.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\wfqsgh z bg.docx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0151.819] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc0001ffd64 | out: lpMode=0xc0001ffd64) returned 0 [0151.827] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0152.177] SetEvent (hEvent=0x354) returned 1 [0152.177] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0152.273] SetEvent (hEvent=0x354) returned 1 [0152.273] SetEvent (hEvent=0xb60) returned 1 [0152.273] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0161.384] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\7apLvZczBPp2aSR6j.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\7aplvzczbpp2asr6j.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1b0 [0161.993] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004f5cf4 | out: lpMode=0xc0004f5cf4) returned 0 [0162.308] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0162.342] GetFileType (hFile=0x1b0) returned 0x1 [0162.343] GetFileType (hFile=0x1b0) returned 0x1 [0162.343] GetFileInformationByHandle (in: hFile=0x1b0, lpFileInformation=0xc0004f5d44 | out: lpFileInformation=0xc0004f5d44) returned 1 [0162.343] GetFileInformationByHandleEx (in: hFile=0x1b0, FileInformationClass=0x9, lpFileInformation=0xc0004f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004f5d28) returned 1 [0162.343] ReadFile (in: hFile=0x1b0, lpBuffer=0xc000076000, nNumberOfBytesToRead=0x8e8, lpNumberOfBytesRead=0xc0004f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000076000*, lpNumberOfBytesRead=0xc0004f5c04*=0x6e8, lpOverlapped=0x0) returned 1 [0162.344] ReadFile (in: hFile=0x1b0, lpBuffer=0xc0000766e8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000766e8*, lpNumberOfBytesRead=0xc0004f5c04*=0x0, lpOverlapped=0x0) returned 1 [0162.345] CloseHandle (hObject=0x1b0) returned 1 [0162.345] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\7apLvZczBPp2aSR6j.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\7aplvzczbpp2asr6j.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x1b0 [0162.346] GetConsoleMode (in: hConsoleHandle=0x1b0, lpMode=0xc0004f5d04 | out: lpMode=0xc0004f5d04) returned 0 [0162.419] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0162.590] SetEvent (hEvent=0xbb0) returned 1 [0162.590] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0163.604] WriteFile (in: hFile=0x750, lpBuffer=0xc0001209a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00018bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001209a0*, lpNumberOfBytesWritten=0xc00018bd4c*=0x158, lpOverlapped=0x0) returned 1 [0166.720] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0166.866] CloseHandle (hObject=0x750) returned 1 [0166.871] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) returned 0x0 [0166.998] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\main.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\main.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-main.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-main.exe"), dwFlags=0x1) returned 1 [0167.395] WaitForSingleObject (hHandle=0xb70, dwMilliseconds=0xffffffff) Thread: id = 170 os_tid = 0xc4c [0142.189] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3c13fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3c13fea0*=0x7a8) returned 1 [0142.189] VirtualQuery (in: lpAddress=0x3c13fec0, lpBuffer=0x3c13fec0, dwLength=0x30 | out: lpBuffer=0x3c13fec0*(BaseAddress=0x3c13f000, AllocationBase=0x3bf40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.190] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hPGCgHVp8qAhlLW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hpgcghvp8qahllw.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7ac [0142.191] GetConsoleMode (in: hConsoleHandle=0x7ac, lpMode=0xc000445cf4 | out: lpMode=0xc000445cf4) returned 0 [0142.191] GetFileType (hFile=0x7ac) returned 0x1 [0142.191] GetFileType (hFile=0x7ac) returned 0x1 [0142.191] GetFileInformationByHandle (in: hFile=0x7ac, lpFileInformation=0xc000445d44 | out: lpFileInformation=0xc000445d44) returned 1 [0142.191] GetFileInformationByHandleEx (in: hFile=0x7ac, FileInformationClass=0x9, lpFileInformation=0xc000445d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000445d28) returned 1 [0142.191] ReadFile (in: hFile=0x7ac, lpBuffer=0xc000534700, nNumberOfBytesToRead=0x60b, lpNumberOfBytesRead=0xc000445c04, lpOverlapped=0x0 | out: lpBuffer=0xc000534700*, lpNumberOfBytesRead=0xc000445c04*=0x40b, lpOverlapped=0x0) returned 1 [0142.781] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb78 [0142.781] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb7c [0142.781] WaitForSingleObject (hHandle=0xb78, dwMilliseconds=0xffffffff) returned 0x0 [0143.342] ReadFile (in: hFile=0x7ac, lpBuffer=0xc000534b0b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000445c04, lpOverlapped=0x0 | out: lpBuffer=0xc000534b0b*, lpNumberOfBytesRead=0xc000445c04*=0x0, lpOverlapped=0x0) returned 1 [0143.342] CloseHandle (hObject=0x7ac) returned 1 [0143.342] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hPGCgHVp8qAhlLW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hpgcghvp8qahllw.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0143.344] GetConsoleMode (in: hConsoleHandle=0x7ac, lpMode=0xc000445d04 | out: lpMode=0xc000445d04) returned 0 [0143.349] GetFileType (hFile=0x7ac) returned 0x1 [0143.349] WriteFile (in: hFile=0x7ac, lpBuffer=0xc000198480*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0xc000445cec, lpOverlapped=0x0 | out: lpBuffer=0xc000198480*, lpNumberOfBytesWritten=0xc000445cec*=0x410, lpOverlapped=0x0) returned 1 [0143.350] CloseHandle (hObject=0x7ac) returned 1 [0143.350] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0143.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hPGCgHVp8qAhlLW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hpgcghvp8qahllw.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7ac [0143.351] GetConsoleMode (in: hConsoleHandle=0x7ac, lpMode=0xc000445d64 | out: lpMode=0xc000445d64) returned 0 [0143.369] GetFileType (hFile=0x7ac) returned 0x1 [0143.369] WriteFile (in: hFile=0x7ac, lpBuffer=0xc00007ec60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000445d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007ec60*, lpNumberOfBytesWritten=0xc000445d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.369] CloseHandle (hObject=0x7ac) returned 1 [0143.369] VirtualAlloc (lpAddress=0xc000744000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000744000 [0143.371] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\hPGCgHVp8qAhlLW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\hpgcghvp8qahllw.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-hPGCgHVp8qAhlLW.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-hpgcghvp8qahllw.lnk"), dwFlags=0x1) returned 1 [0143.373] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3c13fe30*=0xb78, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.374] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3c13f698, ulCount=0x10, ulNumEntriesRemoved=0x3c13f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3c13f698, ulNumEntriesRemoved=0x3c13f66c) returned 0 [0143.374] SetEvent (hEvent=0xc0) returned 1 [0143.374] SetEvent (hEvent=0xaa8) returned 1 [0143.374] SetEvent (hEvent=0x414) returned 1 [0143.374] SetEvent (hEvent=0xac0) returned 1 [0143.376] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3c13fe08*=0xb78, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.386] SetEvent (hEvent=0xac0) returned 1 [0143.386] SetEvent (hEvent=0x414) returned 1 [0143.387] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3c13fe08*=0xb78, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.395] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3c13fe30*=0xb78, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.395] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3c13f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3c13f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3c13f6a0, ulNumEntriesRemoved=0x3c13f674) returned 0 [0143.395] SetEvent (hEvent=0xc0) returned 1 [0143.395] SetEvent (hEvent=0xaa8) returned 1 [0143.395] SetEvent (hEvent=0xac0) returned 1 [0143.396] SetEvent (hEvent=0x414) returned 1 [0143.396] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3c13fe18*=0xb78, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0143.415] SetEvent (hEvent=0x28c) returned 1 [0143.415] WaitForSingleObject (hHandle=0xb78, dwMilliseconds=0xffffffff) returned 0x0 [0143.421] SetEvent (hEvent=0x9f8) returned 1 [0143.421] SetEvent (hEvent=0x938) returned 1 [0143.422] WaitForSingleObject (hHandle=0xb78, dwMilliseconds=0xffffffff) returned 0x0 [0143.432] SetEvent (hEvent=0x1e8) returned 1 [0143.432] WaitForSingleObject (hHandle=0xb78, dwMilliseconds=0xffffffff) returned 0x0 [0143.440] SetEvent (hEvent=0xaf0) returned 1 [0143.440] WaitForSingleObject (hHandle=0xb78, dwMilliseconds=0xffffffff) returned 0x0 [0143.463] SetEvent (hEvent=0xb90) returned 1 [0143.463] WaitForSingleObject (hHandle=0xb78, dwMilliseconds=0xffffffff) Thread: id = 171 os_tid = 0xc50 [0142.192] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3c33fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3c33fea0*=0x7b0) returned 1 [0142.192] VirtualQuery (in: lpAddress=0x3c33fec0, lpBuffer=0x3c33fec0, dwLength=0x30 | out: lpBuffer=0x3c33fec0*(BaseAddress=0x3c33f000, AllocationBase=0x3c140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.192] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oVS-uFdkCnpg7C9Q.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ovs-ufdkcnpg7c9q.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7b4 [0142.193] GetConsoleMode (in: hConsoleHandle=0x7b4, lpMode=0xc00045dcf4 | out: lpMode=0xc00045dcf4) returned 0 [0142.194] GetFileType (hFile=0x7b4) returned 0x1 [0142.194] GetFileType (hFile=0x7b4) returned 0x1 [0142.194] GetFileInformationByHandle (in: hFile=0x7b4, lpFileInformation=0xc00045dd44 | out: lpFileInformation=0xc00045dd44) returned 1 [0142.194] GetFileInformationByHandleEx (in: hFile=0x7b4, FileInformationClass=0x9, lpFileInformation=0xc00045dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00045dd28) returned 1 [0142.194] ReadFile (in: hFile=0x7b4, lpBuffer=0xc00016b900, nNumberOfBytesToRead=0xc79, lpNumberOfBytesRead=0xc00045dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016b900*, lpNumberOfBytesRead=0xc00045dc04*=0xa79, lpOverlapped=0x0) returned 1 [0142.783] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb80 [0142.783] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb84 [0142.783] WaitForSingleObject (hHandle=0xb80, dwMilliseconds=0xffffffff) returned 0x0 [0143.395] SetEvent (hEvent=0xb78) returned 1 [0143.395] ReadFile (in: hFile=0x7b4, lpBuffer=0xc00016c379, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00045dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c379*, lpNumberOfBytesRead=0xc00045dc04*=0x0, lpOverlapped=0x0) returned 1 [0143.395] WaitForSingleObject (hHandle=0xb80, dwMilliseconds=0xffffffff) returned 0x0 [0144.038] SetEvent (hEvent=0x324) returned 1 [0144.038] CloseHandle (hObject=0x7b4) returned 1 [0144.038] WaitForSingleObject (hHandle=0xb80, dwMilliseconds=0xffffffff) returned 0x0 [0144.784] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oVS-uFdkCnpg7C9Q.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ovs-ufdkcnpg7c9q.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0144.786] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc00045dd04 | out: lpMode=0xc00045dd04) returned 0 [0144.794] WaitForSingleObject (hHandle=0xb80, dwMilliseconds=0xffffffff) returned 0x0 [0145.530] GetFileType (hFile=0x284) returned 0x1 [0145.530] WriteFile (in: hFile=0x284, lpBuffer=0xc000743500*, nNumberOfBytesToWrite=0xa80, lpNumberOfBytesWritten=0xc00045dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000743500*, lpNumberOfBytesWritten=0xc00045dcec*=0xa80, lpOverlapped=0x0) returned 1 [0145.532] CloseHandle (hObject=0x284) returned 1 [0145.536] WaitForSingleObject (hHandle=0xb80, dwMilliseconds=0xffffffff) returned 0x0 [0146.082] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0146.082] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oVS-uFdkCnpg7C9Q.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ovs-ufdkcnpg7c9q.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6ac [0146.082] GetConsoleMode (in: hConsoleHandle=0x6ac, lpMode=0xc00045dd64 | out: lpMode=0xc00045dd64) returned 0 [0146.088] GetFileType (hFile=0x6ac) returned 0x1 [0146.088] WriteFile (in: hFile=0x6ac, lpBuffer=0xc00007e580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00045dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e580*, lpNumberOfBytesWritten=0xc00045dd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.088] CloseHandle (hObject=0x6ac) returned 1 [0146.097] WaitForSingleObject (hHandle=0xb80, dwMilliseconds=0xffffffff) returned 0x0 [0146.221] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0146.222] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oVS-uFdkCnpg7C9Q.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ovs-ufdkcnpg7c9q.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-oVS-uFdkCnpg7C9Q.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-ovs-ufdkcnpg7c9q.lnk"), dwFlags=0x1) returned 1 [0150.678] WaitForSingleObject (hHandle=0xb80, dwMilliseconds=0xffffffff) returned 0x0 [0151.246] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\sikvnb huvuib.contact" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\sikvnb huvuib.contact"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x374 [0151.247] GetConsoleMode (in: hConsoleHandle=0x374, lpMode=0xc0000f5cf4 | out: lpMode=0xc0000f5cf4) returned 0 [0151.250] WaitForSingleObject (hHandle=0xb80, dwMilliseconds=0xffffffff) returned 0x0 [0151.774] SetEvent (hEvent=0xb70) returned 1 [0151.774] WaitForSingleObject (hHandle=0xb80, dwMilliseconds=0xffffffff) returned 0x0 [0151.779] SetEvent (hEvent=0xc14) returned 1 [0151.780] WaitForSingleObject (hHandle=0xb80, dwMilliseconds=0xffffffff) returned 0x0 [0151.885] SetEvent (hEvent=0xa68) returned 1 [0151.885] SetEvent (hEvent=0xc34) returned 1 [0151.885] WaitForSingleObject (hHandle=0xb80, dwMilliseconds=0xffffffff) returned 0x0 [0161.526] WaitForSingleObject (hHandle=0xb80, dwMilliseconds=0xffffffff) returned 0x0 [0161.528] WaitForSingleObject (hHandle=0xb80, dwMilliseconds=0xffffffff) returned 0x0 [0161.530] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d6140*, nNumberOfCharsToWrite=0x4b, lpNumberOfCharsWritten=0xc000453808, lpReserved=0x0 | out: lpBuffer=0xc0003d6140*, lpNumberOfCharsWritten=0xc000453808*=0x4b) returned 1 [0161.532] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b201 | out: pbBuffer=0xc00031b201) returned 1 [0161.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Contacts\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\contacts\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x890 [0162.105] GetConsoleMode (in: hConsoleHandle=0x890, lpMode=0xc000453d64 | out: lpMode=0xc000453d64) returned 0 [0162.415] WaitForSingleObject (hHandle=0xb80, dwMilliseconds=0xffffffff) returned 0x0 [0162.585] SetEvent (hEvent=0x9c8) returned 1 [0162.586] WaitForSingleObject (hHandle=0xb80, dwMilliseconds=0xffffffff) returned 0x0 [0163.674] VirtualAlloc (lpAddress=0xc000284000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000284000 [0163.675] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000284000*, nNumberOfCharsToWrite=0xd1, lpNumberOfCharsWritten=0xc0002e5808, lpReserved=0x0 | out: lpBuffer=0xc000284000*, lpNumberOfCharsWritten=0xc0002e5808*=0xd1) returned 1 [0163.676] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000e6240*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0002e5808, lpReserved=0x0 | out: lpBuffer=0xc0000e6240*, lpNumberOfCharsWritten=0xc0002e5808*=0x11) returned 1 [0163.677] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000e6270*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc0002e5808, lpReserved=0x0 | out: lpBuffer=0xc0000e6270*, lpNumberOfCharsWritten=0xc0002e5808*=0x11) returned 1 [0163.677] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwFlags=0x1) returned 0 [0166.384] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x20, dwLanguageId=0x409, lpBuffer=0xc0002e56e8, nSize=0x12c, Arguments=0x0 | out: lpBuffer="The process cannot access the file because it is being used by another process.\r\n") returned 0x51 [0166.384] VirtualAlloc (lpAddress=0xc000288000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000288000 [0166.385] WaitForSingleObject (hHandle=0xb80, dwMilliseconds=0xffffffff) Thread: id = 172 os_tid = 0xc54 [0142.195] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3c53fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3c53fea0*=0x7a4) returned 1 [0142.195] VirtualQuery (in: lpAddress=0x3c53fec0, lpBuffer=0x3c53fec0, dwLength=0x30 | out: lpBuffer=0x3c53fec0*(BaseAddress=0x3c53f000, AllocationBase=0x3c340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.195] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r8d4hNszM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\r8d4hnszm.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7b8 [0142.196] GetConsoleMode (in: hConsoleHandle=0x7b8, lpMode=0xc00046bcf4 | out: lpMode=0xc00046bcf4) returned 0 [0142.198] GetFileType (hFile=0x7b8) returned 0x1 [0142.198] GetFileType (hFile=0x7b8) returned 0x1 [0142.198] GetFileInformationByHandle (in: hFile=0x7b8, lpFileInformation=0xc00046bd44 | out: lpFileInformation=0xc00046bd44) returned 1 [0142.198] GetFileInformationByHandleEx (in: hFile=0x7b8, FileInformationClass=0x9, lpFileInformation=0xc00046bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00046bd28) returned 1 [0142.198] ReadFile (in: hFile=0x7b8, lpBuffer=0xc00036a400, nNumberOfBytesToRead=0xb6b, lpNumberOfBytesRead=0xc00046bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00036a400*, lpNumberOfBytesRead=0xc00046bc04*=0x96b, lpOverlapped=0x0) returned 1 [0142.784] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb88 [0142.784] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb8c [0142.784] WaitForSingleObject (hHandle=0xb88, dwMilliseconds=0xffffffff) returned 0x0 [0143.449] ReadFile (in: hFile=0x7b8, lpBuffer=0xc00036ad6b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00046bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00036ad6b*, lpNumberOfBytesRead=0xc00046bc04*=0x0, lpOverlapped=0x0) returned 1 [0143.449] CloseHandle (hObject=0x7b8) returned 1 [0143.449] VirtualAlloc (lpAddress=0xc000756000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000756000 [0143.450] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r8d4hNszM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\r8d4hnszm.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0143.451] GetConsoleMode (in: hConsoleHandle=0x7b8, lpMode=0xc00046bd04 | out: lpMode=0xc00046bd04) returned 0 [0143.463] WaitForSingleObject (hHandle=0xb88, dwMilliseconds=0xffffffff) returned 0x0 [0144.148] GetFileType (hFile=0x7b8) returned 0x1 [0144.148] WriteFile (in: hFile=0x7b8, lpBuffer=0xc000756000*, nNumberOfBytesToWrite=0x970, lpNumberOfBytesWritten=0xc00046bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000756000*, lpNumberOfBytesWritten=0xc00046bcec*=0x970, lpOverlapped=0x0) returned 1 [0144.149] CloseHandle (hObject=0x7b8) returned 1 [0144.150] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0144.150] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r8d4hNszM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\r8d4hnszm.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7b8 [0144.150] GetConsoleMode (in: hConsoleHandle=0x7b8, lpMode=0xc00046bd64 | out: lpMode=0xc00046bd64) returned 0 [0144.156] GetFileType (hFile=0x7b8) returned 0x1 [0144.156] WriteFile (in: hFile=0x7b8, lpBuffer=0xc00007ec60*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00046bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007ec60*, lpNumberOfBytesWritten=0xc00046bd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.156] CloseHandle (hObject=0x7b8) returned 1 [0144.156] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r8d4hNszM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\r8d4hnszm.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-r8d4hNszM.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-r8d4hnszm.lnk"), dwFlags=0x1) returned 1 [0144.158] SetEvent (hEvent=0xaf0) returned 1 [0144.158] WaitForSingleObject (hHandle=0xb88, dwMilliseconds=0xffffffff) Thread: id = 173 os_tid = 0xc58 [0142.199] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3c73fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3c73fea0*=0x7c0) returned 1 [0142.199] VirtualQuery (in: lpAddress=0x3c73fec0, lpBuffer=0x3c73fec0, dwLength=0x30 | out: lpBuffer=0x3c73fec0*(BaseAddress=0x3c73f000, AllocationBase=0x3c540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.199] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mEPVZo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mepvzo.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7c4 [0142.200] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000455cf4 | out: lpMode=0xc000455cf4) returned 0 [0142.200] GetFileType (hFile=0x7c4) returned 0x1 [0142.200] GetFileType (hFile=0x7c4) returned 0x1 [0142.201] GetFileInformationByHandle (in: hFile=0x7c4, lpFileInformation=0xc000455d44 | out: lpFileInformation=0xc000455d44) returned 1 [0142.201] GetFileInformationByHandleEx (in: hFile=0x7c4, FileInformationClass=0x9, lpFileInformation=0xc000455d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000455d28) returned 1 [0142.201] ReadFile (in: hFile=0x7c4, lpBuffer=0xc000306c00, nNumberOfBytesToRead=0x10b1, lpNumberOfBytesRead=0xc000455c04, lpOverlapped=0x0 | out: lpBuffer=0xc000306c00*, lpNumberOfBytesRead=0xc000455c04*=0xeb1, lpOverlapped=0x0) returned 1 [0142.786] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb90 [0142.786] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb94 [0142.786] WaitForSingleObject (hHandle=0xb90, dwMilliseconds=0xffffffff) returned 0x0 [0143.464] ReadFile (in: hFile=0x7c4, lpBuffer=0xc000307ab1, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000455c04, lpOverlapped=0x0 | out: lpBuffer=0xc000307ab1*, lpNumberOfBytesRead=0xc000455c04*=0x0, lpOverlapped=0x0) returned 1 [0143.464] CloseHandle (hObject=0x7c4) returned 1 [0143.464] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mEPVZo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mepvzo.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0143.465] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000455d04 | out: lpMode=0xc000455d04) returned 0 [0143.472] WaitForSingleObject (hHandle=0xb90, dwMilliseconds=0xffffffff) returned 0x0 [0144.178] GetFileType (hFile=0x7c4) returned 0x1 [0144.178] WriteFile (in: hFile=0x7c4, lpBuffer=0xc00033c000*, nNumberOfBytesToWrite=0xec0, lpNumberOfBytesWritten=0xc000455cec, lpOverlapped=0x0 | out: lpBuffer=0xc00033c000*, lpNumberOfBytesWritten=0xc000455cec*=0xec0, lpOverlapped=0x0) returned 1 [0144.179] CloseHandle (hObject=0x7c4) returned 1 [0144.180] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0144.180] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mEPVZo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mepvzo.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7c4 [0144.180] GetConsoleMode (in: hConsoleHandle=0x7c4, lpMode=0xc000455d64 | out: lpMode=0xc000455d64) returned 0 [0144.187] GetFileType (hFile=0x7c4) returned 0x1 [0144.187] WriteFile (in: hFile=0x7c4, lpBuffer=0xc000291a20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000455d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000291a20*, lpNumberOfBytesWritten=0xc000455d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.187] CloseHandle (hObject=0x7c4) returned 1 [0144.187] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\mEPVZo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\mepvzo.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-mEPVZo.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-mepvzo.lnk"), dwFlags=0x1) returned 1 [0144.189] SetEvent (hEvent=0xaf8) returned 1 [0144.189] WaitForSingleObject (hHandle=0xb90, dwMilliseconds=0xffffffff) returned 0x0 [0144.194] SetEvent (hEvent=0xbc0) returned 1 [0144.194] SetEvent (hEvent=0x948) returned 1 [0144.194] WaitForSingleObject (hHandle=0xb90, dwMilliseconds=0xffffffff) returned 0x0 [0144.216] SetEvent (hEvent=0xbc0) returned 1 [0144.217] SetEvent (hEvent=0xb98) returned 1 [0144.217] WaitForSingleObject (hHandle=0xb90, dwMilliseconds=0xffffffff) Thread: id = 174 os_tid = 0xc5c [0142.202] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3c93fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3c93fea0*=0x7c8) returned 1 [0142.202] VirtualQuery (in: lpAddress=0x3c93fec0, lpBuffer=0x3c93fec0, dwLength=0x30 | out: lpBuffer=0x3c93fec0*(BaseAddress=0x3c93f000, AllocationBase=0x3c740000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.202] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\icpx0TggJcrh30S.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\icpx0tggjcrh30s.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7cc [0142.203] GetConsoleMode (in: hConsoleHandle=0x7cc, lpMode=0xc00044fcf4 | out: lpMode=0xc00044fcf4) returned 0 [0142.204] GetFileType (hFile=0x7cc) returned 0x1 [0142.204] GetFileType (hFile=0x7cc) returned 0x1 [0142.204] GetFileInformationByHandle (in: hFile=0x7cc, lpFileInformation=0xc00044fd44 | out: lpFileInformation=0xc00044fd44) returned 1 [0142.204] GetFileInformationByHandleEx (in: hFile=0x7cc, FileInformationClass=0x9, lpFileInformation=0xc00044fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00044fd28) returned 1 [0142.204] VirtualAlloc (lpAddress=0xc0005f2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005f2000 [0142.206] ReadFile (in: hFile=0x7cc, lpBuffer=0xc0005f2000, nNumberOfBytesToRead=0x2833, lpNumberOfBytesRead=0xc00044fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0005f2000*, lpNumberOfBytesRead=0xc00044fc04*=0x2633, lpOverlapped=0x0) returned 1 [0142.787] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb98 [0142.787] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xb9c [0142.787] WaitForSingleObject (hHandle=0xb98, dwMilliseconds=0xffffffff) returned 0x0 [0143.475] ReadFile (in: hFile=0x7cc, lpBuffer=0xc0005f4633, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00044fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0005f4633*, lpNumberOfBytesRead=0xc00044fc04*=0x0, lpOverlapped=0x0) returned 1 [0143.475] CloseHandle (hObject=0x7cc) returned 1 [0143.475] VirtualAlloc (lpAddress=0xc000758000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000758000 [0143.477] VirtualAlloc (lpAddress=0xc00075a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00075a000 [0143.478] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\icpx0TggJcrh30S.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\icpx0tggjcrh30s.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7cc [0143.479] GetConsoleMode (in: hConsoleHandle=0x7cc, lpMode=0xc00044fd04 | out: lpMode=0xc00044fd04) returned 0 [0143.485] GetFileType (hFile=0x7cc) returned 0x1 [0143.485] WriteFile (in: hFile=0x7cc, lpBuffer=0xc00060b800*, nNumberOfBytesToWrite=0x2640, lpNumberOfBytesWritten=0xc00044fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00060b800*, lpNumberOfBytesWritten=0xc00044fcec*=0x2640, lpOverlapped=0x0) returned 1 [0143.487] CloseHandle (hObject=0x7cc) returned 1 [0143.487] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0143.487] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\icpx0TggJcrh30S.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\icpx0tggjcrh30s.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7cc [0143.487] GetConsoleMode (in: hConsoleHandle=0x7cc, lpMode=0xc00044fd64 | out: lpMode=0xc00044fd64) returned 0 [0143.491] WaitForSingleObject (hHandle=0xb98, dwMilliseconds=0xffffffff) returned 0x0 [0144.221] GetFileType (hFile=0x7cc) returned 0x1 [0144.222] WriteFile (in: hFile=0x7cc, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00044fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc00044fd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.222] CloseHandle (hObject=0x7cc) returned 1 [0144.222] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\icpx0TggJcrh30S.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\icpx0tggjcrh30s.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-icpx0TggJcrh30S.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-icpx0tggjcrh30s.lnk"), dwFlags=0x1) returned 1 [0144.224] SetEvent (hEvent=0xbd8) returned 1 [0144.224] WaitForSingleObject (hHandle=0xb98, dwMilliseconds=0xffffffff) returned 0x0 [0144.243] SetEvent (hEvent=0xb8) returned 1 [0144.243] WaitForSingleObject (hHandle=0xb98, dwMilliseconds=0xffffffff) Thread: id = 175 os_tid = 0xc60 [0142.207] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3cb3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3cb3fea0*=0x7d0) returned 1 [0142.207] VirtualQuery (in: lpAddress=0x3cb3fec0, lpBuffer=0x3cb3fec0, dwLength=0x30 | out: lpBuffer=0x3cb3fec0*(BaseAddress=0x3cb3f000, AllocationBase=0x3c940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.208] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oeX7FVsDs_QXQ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oex7fvsds_qxq.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7d4 [0142.209] GetConsoleMode (in: hConsoleHandle=0x7d4, lpMode=0xc000467cf4 | out: lpMode=0xc000467cf4) returned 0 [0142.210] GetFileType (hFile=0x7d4) returned 0x1 [0142.210] GetFileType (hFile=0x7d4) returned 0x1 [0142.210] GetFileInformationByHandle (in: hFile=0x7d4, lpFileInformation=0xc000467d44 | out: lpFileInformation=0xc000467d44) returned 1 [0142.210] GetFileInformationByHandleEx (in: hFile=0x7d4, FileInformationClass=0x9, lpFileInformation=0xc000467d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000467d28) returned 1 [0142.210] ReadFile (in: hFile=0x7d4, lpBuffer=0xc00016c580, nNumberOfBytesToRead=0xc58, lpNumberOfBytesRead=0xc000467c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016c580*, lpNumberOfBytesRead=0xc000467c04*=0xa58, lpOverlapped=0x0) returned 1 [0142.788] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xba0 [0142.788] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xba4 [0142.788] WaitForSingleObject (hHandle=0xba0, dwMilliseconds=0xffffffff) returned 0x0 [0143.493] ReadFile (in: hFile=0x7d4, lpBuffer=0xc00016cfd8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000467c04, lpOverlapped=0x0 | out: lpBuffer=0xc00016cfd8*, lpNumberOfBytesRead=0xc000467c04*=0x0, lpOverlapped=0x0) returned 1 [0143.493] CloseHandle (hObject=0x7d4) returned 1 [0143.493] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oeX7FVsDs_QXQ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oex7fvsds_qxq.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d4 [0143.494] GetConsoleMode (in: hConsoleHandle=0x7d4, lpMode=0xc000467d04 | out: lpMode=0xc000467d04) returned 0 [0143.498] GetFileType (hFile=0x7d4) returned 0x1 [0143.499] WriteFile (in: hFile=0x7d4, lpBuffer=0xc000743500*, nNumberOfBytesToWrite=0xa60, lpNumberOfBytesWritten=0xc000467cec, lpOverlapped=0x0 | out: lpBuffer=0xc000743500*, lpNumberOfBytesWritten=0xc000467cec*=0xa60, lpOverlapped=0x0) returned 1 [0143.514] CloseHandle (hObject=0x7d4) returned 1 [0143.514] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b101 | out: pbBuffer=0xc00031b101) returned 1 [0143.514] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oeX7FVsDs_QXQ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oex7fvsds_qxq.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d4 [0143.514] GetConsoleMode (in: hConsoleHandle=0x7d4, lpMode=0xc000467d64 | out: lpMode=0xc000467d64) returned 0 [0143.524] WaitForSingleObject (hHandle=0xba0, dwMilliseconds=0xffffffff) returned 0x0 [0144.031] GetFileType (hFile=0x7d4) returned 0x1 [0144.031] WriteFile (in: hFile=0x7d4, lpBuffer=0xc0002911e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000467d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002911e0*, lpNumberOfBytesWritten=0xc000467d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.032] CloseHandle (hObject=0x7d4) returned 1 [0144.032] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oeX7FVsDs_QXQ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\oex7fvsds_qxq.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-oeX7FVsDs_QXQ.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-oex7fvsds_qxq.lnk"), dwFlags=0x1) returned 1 [0144.033] SetEvent (hEvent=0xb08) returned 1 [0144.033] WaitForSingleObject (hHandle=0xba0, dwMilliseconds=0xffffffff) Thread: id = 176 os_tid = 0xc64 [0142.211] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3cd3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3cd3fea0*=0x7bc) returned 1 [0142.211] VirtualQuery (in: lpAddress=0x3cd3fec0, lpBuffer=0x3cd3fec0, dwLength=0x30 | out: lpBuffer=0x3cd3fec0*(BaseAddress=0x3cd3f000, AllocationBase=0x3cb40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.211] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rE2C8WmYD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\re2c8wmyd.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7d8 [0142.212] GetConsoleMode (in: hConsoleHandle=0x7d8, lpMode=0xc00046dcf4 | out: lpMode=0xc00046dcf4) returned 0 [0142.213] GetFileType (hFile=0x7d8) returned 0x1 [0142.213] GetFileType (hFile=0x7d8) returned 0x1 [0142.213] GetFileInformationByHandle (in: hFile=0x7d8, lpFileInformation=0xc00046dd44 | out: lpFileInformation=0xc00046dd44) returned 1 [0142.213] GetFileInformationByHandleEx (in: hFile=0x7d8, FileInformationClass=0x9, lpFileInformation=0xc00046dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00046dd28) returned 1 [0142.213] ReadFile (in: hFile=0x7d8, lpBuffer=0xc00037c600, nNumberOfBytesToRead=0x1037, lpNumberOfBytesRead=0xc00046dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00037c600*, lpNumberOfBytesRead=0xc00046dc04*=0xe37, lpOverlapped=0x0) returned 1 [0142.789] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xba8 [0142.789] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbac [0142.789] WaitForSingleObject (hHandle=0xba8, dwMilliseconds=0xffffffff) returned 0x0 [0143.531] ReadFile (in: hFile=0x7d8, lpBuffer=0xc00037d437, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00046dc04, lpOverlapped=0x0 | out: lpBuffer=0xc00037d437*, lpNumberOfBytesRead=0xc00046dc04*=0x0, lpOverlapped=0x0) returned 1 [0143.531] CloseHandle (hObject=0x7d8) returned 1 [0143.531] VirtualAlloc (lpAddress=0xc00075c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00075c000 [0143.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rE2C8WmYD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\re2c8wmyd.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d8 [0143.534] GetConsoleMode (in: hConsoleHandle=0x7d8, lpMode=0xc00046dd04 | out: lpMode=0xc00046dd04) returned 0 [0143.541] WaitForSingleObject (hHandle=0xba8, dwMilliseconds=0xffffffff) returned 0x0 [0144.039] GetFileType (hFile=0x7d8) returned 0x1 [0144.039] WriteFile (in: hFile=0x7d8, lpBuffer=0xc0006bd000*, nNumberOfBytesToWrite=0xe40, lpNumberOfBytesWritten=0xc00046dcec, lpOverlapped=0x0 | out: lpBuffer=0xc0006bd000*, lpNumberOfBytesWritten=0xc00046dcec*=0xe40, lpOverlapped=0x0) returned 1 [0144.040] CloseHandle (hObject=0x7d8) returned 1 [0144.040] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0144.041] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rE2C8WmYD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\re2c8wmyd.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7d8 [0144.041] GetConsoleMode (in: hConsoleHandle=0x7d8, lpMode=0xc00046dd64 | out: lpMode=0xc00046dd64) returned 0 [0144.060] GetFileType (hFile=0x7d8) returned 0x1 [0144.060] WriteFile (in: hFile=0x7d8, lpBuffer=0xc00007f1e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00046dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007f1e0*, lpNumberOfBytesWritten=0xc00046dd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.060] CloseHandle (hObject=0x7d8) returned 1 [0144.060] VirtualAlloc (lpAddress=0xc00007a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007a000 [0144.061] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rE2C8WmYD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\re2c8wmyd.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-rE2C8WmYD.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-re2c8wmyd.lnk"), dwFlags=0x1) returned 1 [0144.063] SetEvent (hEvent=0xb10) returned 1 [0144.063] WaitForSingleObject (hHandle=0xba8, dwMilliseconds=0xffffffff) returned 0x0 [0144.071] SetEvent (hEvent=0x274) returned 1 [0144.071] WaitForSingleObject (hHandle=0xba8, dwMilliseconds=0xffffffff) returned 0x0 [0144.082] SetEvent (hEvent=0x324) returned 1 [0144.082] SetEvent (hEvent=0x9c8) returned 1 [0144.082] WaitForSingleObject (hHandle=0xba8, dwMilliseconds=0xffffffff) returned 0x0 [0144.090] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.092] VirtualFree (lpAddress=0xc000076000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.092] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0144.093] SetEvent (hEvent=0x960) returned 1 [0144.093] WaitForSingleObject (hHandle=0xba8, dwMilliseconds=0xffffffff) Thread: id = 177 os_tid = 0xc68 [0142.213] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3cf3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3cf3fea0*=0x7e0) returned 1 [0142.213] VirtualQuery (in: lpAddress=0x3cf3fec0, lpBuffer=0x3cf3fec0, dwLength=0x30 | out: lpBuffer=0x3cf3fec0*(BaseAddress=0x3cf3f000, AllocationBase=0x3cd40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.213] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nmnOXj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nmnoxj.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7e4 [0142.214] GetConsoleMode (in: hConsoleHandle=0x7e4, lpMode=0xc00045fcf4 | out: lpMode=0xc00045fcf4) returned 0 [0142.215] GetFileType (hFile=0x7e4) returned 0x1 [0142.215] GetFileType (hFile=0x7e4) returned 0x1 [0142.215] GetFileInformationByHandle (in: hFile=0x7e4, lpFileInformation=0xc00045fd44 | out: lpFileInformation=0xc00045fd44) returned 1 [0142.215] GetFileInformationByHandleEx (in: hFile=0x7e4, FileInformationClass=0x9, lpFileInformation=0xc00045fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00045fd28) returned 1 [0142.215] VirtualAlloc (lpAddress=0xc000604000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000604000 [0142.217] ReadFile (in: hFile=0x7e4, lpBuffer=0xc000604000, nNumberOfBytesToRead=0x27d4, lpNumberOfBytesRead=0xc00045fc04, lpOverlapped=0x0 | out: lpBuffer=0xc000604000*, lpNumberOfBytesRead=0xc00045fc04*=0x25d4, lpOverlapped=0x0) returned 1 [0142.791] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbb0 [0142.791] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbb4 [0142.791] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0143.544] ReadFile (in: hFile=0x7e4, lpBuffer=0xc0006065d4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00045fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0006065d4*, lpNumberOfBytesRead=0xc00045fc04*=0x0, lpOverlapped=0x0) returned 1 [0143.544] CloseHandle (hObject=0x7e4) returned 1 [0143.544] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nmnOXj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nmnoxj.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7e4 [0143.549] GetConsoleMode (in: hConsoleHandle=0x7e4, lpMode=0xc00045fd04 | out: lpMode=0xc00045fd04) returned 0 [0143.550] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0144.089] SetEvent (hEvent=0x324) returned 1 [0144.089] GetFileType (hFile=0x7e4) returned 0x1 [0144.089] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0144.914] SetEvent (hEvent=0x254) returned 1 [0144.914] WriteFile (in: hFile=0x7e4, lpBuffer=0xc0004ec600*, nNumberOfBytesToWrite=0x25e0, lpNumberOfBytesWritten=0xc00045fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0004ec600*, lpNumberOfBytesWritten=0xc00045fcec*=0x25e0, lpOverlapped=0x0) returned 1 [0144.915] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0145.527] CloseHandle (hObject=0x7e4) returned 1 [0145.537] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0146.123] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0146.123] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nmnOXj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nmnoxj.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x464 [0146.123] GetConsoleMode (in: hConsoleHandle=0x464, lpMode=0xc00045fd64 | out: lpMode=0xc00045fd64) returned 0 [0146.129] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0146.412] SetEvent (hEvent=0x980) returned 1 [0146.412] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0146.417] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586480*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001b9818, lpReserved=0x0 | out: lpBuffer=0xc000586480*, lpNumberOfCharsWritten=0xc0001b9818*=0x4) returned 1 [0146.432] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586488*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000445818, lpReserved=0x0 | out: lpBuffer=0xc000586488*, lpNumberOfCharsWritten=0xc000445818*=0x4) returned 1 [0146.441] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005864c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001a7818, lpReserved=0x0 | out: lpBuffer=0xc0005864c0*, lpNumberOfCharsWritten=0xc0001a7818*=0x4) returned 1 [0146.448] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005864c8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000437818, lpReserved=0x0 | out: lpBuffer=0xc0005864c8*, lpNumberOfCharsWritten=0xc000437818*=0x4) returned 1 [0146.462] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005864d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003bb818, lpReserved=0x0 | out: lpBuffer=0xc0005864d0*, lpNumberOfCharsWritten=0xc0003bb818*=0x4) returned 1 [0146.465] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005864d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003c1818, lpReserved=0x0 | out: lpBuffer=0xc0005864d8*, lpNumberOfCharsWritten=0xc0003c1818*=0x4) returned 1 [0146.468] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0146.471] SetEvent (hEvent=0x448) returned 1 [0146.471] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0146.475] SetEvent (hEvent=0x448) returned 1 [0146.475] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5d8 [0146.476] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc00038fcf4 | out: lpMode=0xc00038fcf4) returned 0 [0146.480] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0146.640] SetEvent (hEvent=0xc0) returned 1 [0146.640] SetEvent (hEvent=0x448) returned 1 [0146.640] GetFileType (hFile=0x5d8) returned 0x1 [0146.640] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0146.866] GetFileType (hFile=0x5d8) returned 0x1 [0146.866] GetFileInformationByHandle (in: hFile=0x5d8, lpFileInformation=0xc00038fd44 | out: lpFileInformation=0xc00038fd44) returned 1 [0146.866] GetFileInformationByHandleEx (in: hFile=0x5d8, FileInformationClass=0x9, lpFileInformation=0xc00038fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00038fd28) returned 1 [0146.866] ReadFile (in: hFile=0x5d8, lpBuffer=0xc00011e240, nNumberOfBytesToRead=0x218, lpNumberOfBytesRead=0xc00038fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011e240*, lpNumberOfBytesRead=0xc00038fc04*=0x18, lpOverlapped=0x0) returned 1 [0146.867] ReadFile (in: hFile=0x5d8, lpBuffer=0xc00011e258, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00038fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00011e258*, lpNumberOfBytesRead=0xc00038fc04*=0x0, lpOverlapped=0x0) returned 1 [0146.867] CloseHandle (hObject=0x5d8) returned 1 [0146.867] VirtualAlloc (lpAddress=0xc000124000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000124000 [0146.869] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0146.870] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0146.871] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc00038fd04 | out: lpMode=0xc00038fd04) returned 0 [0146.880] GetFileType (hFile=0x5d8) returned 0x1 [0146.880] WriteFile (in: hFile=0x5d8, lpBuffer=0xc00000e2e0*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xc00038fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00000e2e0*, lpNumberOfBytesWritten=0xc00038fcec*=0x20, lpOverlapped=0x0) returned 1 [0146.881] CloseHandle (hObject=0x5d8) returned 1 [0146.881] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0146.881] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0146.882] VirtualAlloc (lpAddress=0xc000162000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000162000 [0146.883] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0146.884] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0146.885] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0146.886] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc00038fd64 | out: lpMode=0xc00038fd64) returned 0 [0146.889] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0146.939] SetEvent (hEvent=0xa20) returned 1 [0146.939] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0147.437] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0147.438] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0147.439] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x854 [0147.440] GetConsoleMode (in: hConsoleHandle=0x854, lpMode=0xc0001c9cf4 | out: lpMode=0xc0001c9cf4) returned 0 [0147.443] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0147.852] GetFileType (hFile=0x854) returned 0x1 [0147.852] GetFileType (hFile=0x854) returned 0x1 [0147.852] GetFileInformationByHandle (in: hFile=0x854, lpFileInformation=0xc0001c9d44 | out: lpFileInformation=0xc0001c9d44) returned 1 [0147.852] GetFileInformationByHandleEx (in: hFile=0x854, FileInformationClass=0x9, lpFileInformation=0xc0001c9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001c9d28) returned 1 [0147.853] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0147.854] ReadFile (in: hFile=0x854, lpBuffer=0xc000264000, nNumberOfBytesToRead=0x5d6, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000264000*, lpNumberOfBytesRead=0xc0001c9c04*=0x3d6, lpOverlapped=0x0) returned 1 [0148.845] ReadFile (in: hFile=0x854, lpBuffer=0xc0002643d6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001c9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002643d6*, lpNumberOfBytesRead=0xc0001c9c04*=0x0, lpOverlapped=0x0) returned 1 [0148.845] CloseHandle (hObject=0x854) returned 1 [0148.845] VirtualAlloc (lpAddress=0xc000316000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000316000 [0148.846] VirtualAlloc (lpAddress=0xc000318000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000318000 [0148.853] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5a0 [0150.393] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0150.399] GetConsoleMode (in: hConsoleHandle=0x5a0, lpMode=0xc0001c9d04 | out: lpMode=0xc0001c9d04) returned 0 [0150.403] GetFileType (hFile=0x5a0) returned 0x1 [0150.403] WriteFile (in: hFile=0x5a0, lpBuffer=0xc000316000*, nNumberOfBytesToWrite=0x3e0, lpNumberOfBytesWritten=0xc0001c9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000316000*, lpNumberOfBytesWritten=0xc0001c9cec*=0x3e0, lpOverlapped=0x0) returned 1 [0150.429] CloseHandle (hObject=0x5a0) returned 1 [0150.455] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0150.456] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0150.457] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0150.458] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0150.459] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0150.461] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0150.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0150.462] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc0001c9d64 | out: lpMode=0xc0001c9d64) returned 0 [0150.468] GetFileType (hFile=0x7a0) returned 0x1 [0150.468] WriteFile (in: hFile=0x7a0, lpBuffer=0xc0000a22c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001c9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a22c0*, lpNumberOfBytesWritten=0xc0001c9d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.503] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0150.508] CloseHandle (hObject=0x7a0) returned 1 [0150.683] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0151.195] SetEvent (hEvent=0xb50) returned 1 [0151.195] VirtualAlloc (lpAddress=0xc00019a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00019a000 [0151.197] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\EnPoS1F1VYf.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\enpos1f1vyf.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x404 [0151.197] GetConsoleMode (in: hConsoleHandle=0x404, lpMode=0xc0001adcf4 | out: lpMode=0xc0001adcf4) returned 0 [0151.199] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0151.673] GetFileType (hFile=0x404) returned 0x1 [0151.673] GetFileType (hFile=0x404) returned 0x1 [0151.673] GetFileInformationByHandle (in: hFile=0x404, lpFileInformation=0xc0001add44 | out: lpFileInformation=0xc0001add44) returned 1 [0151.674] GetFileInformationByHandleEx (in: hFile=0x404, FileInformationClass=0x9, lpFileInformation=0xc0001add28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001add28) returned 1 [0151.674] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0151.676] ReadFile (in: hFile=0x404, lpBuffer=0xc000058000, nNumberOfBytesToRead=0x2cb0, lpNumberOfBytesRead=0xc0001adc04, lpOverlapped=0x0 | out: lpBuffer=0xc000058000*, lpNumberOfBytesRead=0xc0001adc04*=0x2ab0, lpOverlapped=0x0) returned 1 [0151.677] ReadFile (in: hFile=0x404, lpBuffer=0xc00005aab0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001adc04, lpOverlapped=0x0 | out: lpBuffer=0xc00005aab0*, lpNumberOfBytesRead=0xc0001adc04*=0x0, lpOverlapped=0x0) returned 1 [0151.677] CloseHandle (hObject=0x404) returned 1 [0151.678] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\EnPoS1F1VYf.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\enpos1f1vyf.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x404 [0151.679] GetConsoleMode (in: hConsoleHandle=0x404, lpMode=0xc0001add04 | out: lpMode=0xc0001add04) returned 0 [0151.681] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0152.175] SetEvent (hEvent=0xb38) returned 1 [0152.175] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0161.396] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\w-DmknS18kHsIOAq9rA.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\w-dmkns18khsioaq9ra.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5d8 [0161.996] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc00051bcf4 | out: lpMode=0xc00051bcf4) returned 0 [0162.328] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0162.351] GetFileType (hFile=0x5d8) returned 0x1 [0162.351] GetFileType (hFile=0x5d8) returned 0x1 [0162.352] GetFileInformationByHandle (in: hFile=0x5d8, lpFileInformation=0xc00051bd44 | out: lpFileInformation=0xc00051bd44) returned 1 [0162.353] GetFileInformationByHandleEx (in: hFile=0x5d8, FileInformationClass=0x9, lpFileInformation=0xc00051bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00051bd28) returned 1 [0162.353] ReadFile (in: hFile=0x5d8, lpBuffer=0xc000638000, nNumberOfBytesToRead=0x13ce6, lpNumberOfBytesRead=0xc00051bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000638000*, lpNumberOfBytesRead=0xc00051bc04*=0x13ae6, lpOverlapped=0x0) returned 1 [0162.355] ReadFile (in: hFile=0x5d8, lpBuffer=0xc00064bae6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00051bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00064bae6*, lpNumberOfBytesRead=0xc00051bc04*=0x0, lpOverlapped=0x0) returned 1 [0162.355] CloseHandle (hObject=0x5d8) returned 1 [0162.356] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0162.357] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\rmSNLUbTcd5Ti\\w-DmknS18kHsIOAq9rA.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\rmsnlubtcd5ti\\w-dmkns18khsioaq9ra.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0162.360] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc00051bd04 | out: lpMode=0xc00051bd04) returned 0 [0162.420] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0162.590] SetEvent (hEvent=0xb38) returned 1 [0162.590] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0163.603] GetFileType (hFile=0x2cc) returned 0x1 [0163.603] WriteFile (in: hFile=0x2cc, lpBuffer=0xc000184420*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00029fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000184420*, lpNumberOfBytesWritten=0xc00029fd4c*=0x158, lpOverlapped=0x0) returned 1 [0163.603] CloseHandle (hObject=0x2cc) returned 1 [0166.399] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0166.400] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0166.976] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0167.027] SetEvent (hEvent=0xb48) returned 1 [0167.027] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0167.181] SetEvent (hEvent=0x43c) returned 1 [0167.181] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0167.185] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0167.190] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0167.191] SetEvent (hEvent=0xc1c) returned 1 [0167.191] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) returned 0x0 [0167.195] SetEvent (hEvent=0xc1c) returned 1 [0167.195] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002640a0*, nNumberOfCharsToWrite=0x4a, lpNumberOfCharsWritten=0xc00023d808, lpReserved=0x0 | out: lpBuffer=0xc0002640a0*, lpNumberOfCharsWritten=0xc00023d808*=0x4a) returned 1 [0167.197] SetEvent (hEvent=0xc1c) returned 1 [0167.197] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002620f0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc00023d808, lpReserved=0x0 | out: lpBuffer=0xc0002620f0*, lpNumberOfCharsWritten=0xc00023d808*=0x11) returned 1 [0167.201] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000262120*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc00023d808, lpReserved=0x0 | out: lpBuffer=0xc000262120*, lpNumberOfCharsWritten=0xc00023d808*=0x11) returned 1 [0167.202] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0167.204] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0167.206] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-My Videos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-my videos"), dwFlags=0x1) returned 1 [0167.374] SetEvent (hEvent=0x980) returned 1 [0167.374] WaitForSingleObject (hHandle=0xbb0, dwMilliseconds=0xffffffff) Thread: id = 178 os_tid = 0xc6c [0142.222] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3d13fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3d13fea0*=0x7e8) returned 1 [0142.222] VirtualQuery (in: lpAddress=0x3d13fec0, lpBuffer=0x3d13fec0, dwLength=0x30 | out: lpBuffer=0x3d13fec0*(BaseAddress=0x3d13f000, AllocationBase=0x3cf40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.222] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vOTqYx.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\votqyx.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7ec [0142.224] GetConsoleMode (in: hConsoleHandle=0x7ec, lpMode=0xc000487cf4 | out: lpMode=0xc000487cf4) returned 0 [0142.224] GetFileType (hFile=0x7ec) returned 0x1 [0142.224] GetFileType (hFile=0x7ec) returned 0x1 [0142.224] GetFileInformationByHandle (in: hFile=0x7ec, lpFileInformation=0xc000487d44 | out: lpFileInformation=0xc000487d44) returned 1 [0142.224] GetFileInformationByHandleEx (in: hFile=0x7ec, FileInformationClass=0x9, lpFileInformation=0xc000487d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000487d28) returned 1 [0142.224] VirtualAlloc (lpAddress=0xc000700000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000700000 [0142.227] ReadFile (in: hFile=0x7ec, lpBuffer=0xc000700000, nNumberOfBytesToRead=0x27d4, lpNumberOfBytesRead=0xc000487c04, lpOverlapped=0x0 | out: lpBuffer=0xc000700000*, lpNumberOfBytesRead=0xc000487c04*=0x25d4, lpOverlapped=0x0) returned 1 [0142.792] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbc0 [0142.792] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbc4 [0142.792] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0143.573] ReadFile (in: hFile=0x7ec, lpBuffer=0xc0007025d4, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000487c04, lpOverlapped=0x0 | out: lpBuffer=0xc0007025d4*, lpNumberOfBytesRead=0xc000487c04*=0x0, lpOverlapped=0x0) returned 1 [0143.573] CloseHandle (hObject=0x7ec) returned 1 [0143.573] VirtualAlloc (lpAddress=0xc00075e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00075e000 [0143.574] VirtualAlloc (lpAddress=0xc000760000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000760000 [0143.576] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vOTqYx.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\votqyx.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f4 [0143.593] GetConsoleMode (in: hConsoleHandle=0x7f4, lpMode=0xc000487d04 | out: lpMode=0xc000487d04) returned 0 [0143.601] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.125] GetFileType (hFile=0x7f4) returned 0x1 [0144.125] WriteFile (in: hFile=0x7f4, lpBuffer=0xc0004eec00*, nNumberOfBytesToWrite=0x25e0, lpNumberOfBytesWritten=0xc000487cec, lpOverlapped=0x0 | out: lpBuffer=0xc0004eec00*, lpNumberOfBytesWritten=0xc000487cec*=0x25e0, lpOverlapped=0x0) returned 1 [0144.126] CloseHandle (hObject=0x7f4) returned 1 [0144.127] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0144.127] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vOTqYx.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\votqyx.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f4 [0144.127] GetConsoleMode (in: hConsoleHandle=0x7f4, lpMode=0xc000487d64 | out: lpMode=0xc000487d64) returned 0 [0144.135] GetFileType (hFile=0x7f4) returned 0x1 [0144.135] WriteFile (in: hFile=0x7f4, lpBuffer=0xc000614dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000487d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614dc0*, lpNumberOfBytesWritten=0xc000487d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.136] CloseHandle (hObject=0x7f4) returned 1 [0144.136] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vOTqYx.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\votqyx.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-vOTqYx.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-votqyx.lnk"), dwFlags=0x1) returned 1 [0144.137] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d13f698, ulCount=0x10, ulNumEntriesRemoved=0x3d13f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d13f698, ulNumEntriesRemoved=0x3d13f66c) returned 0 [0144.137] SetEvent (hEvent=0x364) returned 1 [0144.138] SetEvent (hEvent=0x458) returned 1 [0144.138] SetEvent (hEvent=0x938) returned 1 [0144.139] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe08*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.147] SetEvent (hEvent=0x900) returned 1 [0144.147] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe08*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.164] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe30*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.165] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.165] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d13f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3d13f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d13f6a0, ulNumEntriesRemoved=0x3d13f674) returned 0 [0144.166] SetEvent (hEvent=0x24c) returned 1 [0144.166] SetEvent (hEvent=0x940) returned 1 [0144.166] SetEvent (hEvent=0x15c) returned 1 [0144.166] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe18*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.190] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe30*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.191] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.191] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d13f698, ulCount=0x10, ulNumEntriesRemoved=0x3d13f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d13f698, ulNumEntriesRemoved=0x3d13f66c) returned 0 [0144.191] SetEvent (hEvent=0x9e0) returned 1 [0144.191] SetEvent (hEvent=0x144) returned 1 [0144.191] SetEvent (hEvent=0xb90) returned 1 [0144.193] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe08*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.200] SetEvent (hEvent=0xbb8) returned 1 [0144.200] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe08*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.215] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.215] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d13f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3d13f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d13f6a0, ulNumEntriesRemoved=0x3d13f674) returned 0 [0144.215] SetEvent (hEvent=0x9e0) returned 1 [0144.215] SetEvent (hEvent=0x144) returned 1 [0144.215] SetEvent (hEvent=0xb90) returned 1 [0144.215] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe18*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.239] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe30*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.241] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.241] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d13f698, ulCount=0x10, ulNumEntriesRemoved=0x3d13f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d13f698, ulNumEntriesRemoved=0x3d13f66c) returned 0 [0144.241] SetEvent (hEvent=0xb98) returned 1 [0144.241] SetEvent (hEvent=0x910) returned 1 [0144.241] SetEvent (hEvent=0x8c) returned 1 [0144.243] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe08*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.249] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe08*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.261] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d13f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3d13f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d13f6a0, ulNumEntriesRemoved=0x3d13f674) returned 0 [0144.261] SetEvent (hEvent=0x8c) returned 1 [0144.261] SetEvent (hEvent=0xb8) returned 1 [0144.261] SetEvent (hEvent=0x198) returned 1 [0144.261] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe18*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.290] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.290] VirtualAlloc (lpAddress=0xc000104000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000104000 [0144.291] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d13f698, ulCount=0x10, ulNumEntriesRemoved=0x3d13f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d13f698, ulNumEntriesRemoved=0x3d13f66c) returned 0 [0144.291] SetEvent (hEvent=0xb8) returned 1 [0144.291] SetEvent (hEvent=0x198) returned 1 [0144.291] SetEvent (hEvent=0x9c) returned 1 [0144.293] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe08*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.295] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.295] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe08*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.302] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.302] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d13f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3d13f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d13f6a0, ulNumEntriesRemoved=0x3d13f674) returned 0 [0144.302] SetEvent (hEvent=0xb8) returned 1 [0144.302] SetEvent (hEvent=0x198) returned 1 [0144.302] SetEvent (hEvent=0x9c) returned 1 [0144.302] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe18*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.304] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.305] GetFileType (hFile=0x730) returned 0x1 [0144.305] WriteFile (in: hFile=0x730, lpBuffer=0xc0006142c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003c7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006142c0*, lpNumberOfBytesWritten=0xc0003c7d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.305] CloseHandle (hObject=0x730) returned 1 [0144.305] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0144.307] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\My Videos.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\my videos.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-My Videos.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-my videos.lnk"), dwFlags=0x1) returned 1 [0144.309] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe30*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.311] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.311] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d13f698, ulCount=0x10, ulNumEntriesRemoved=0x3d13f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d13f698, ulNumEntriesRemoved=0x3d13f66c) returned 0 [0144.311] SetEvent (hEvent=0xb8) returned 1 [0144.311] SetEvent (hEvent=0x198) returned 1 [0144.311] SetEvent (hEvent=0x9c) returned 1 [0144.313] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe08*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.322] SetEvent (hEvent=0x9c) returned 1 [0144.322] SetEvent (hEvent=0x198) returned 1 [0144.322] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe08*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.325] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe30*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.325] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d13f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3d13f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d13f6a0, ulNumEntriesRemoved=0x3d13f674) returned 0 [0144.325] SetEvent (hEvent=0xb8) returned 1 [0144.325] SetEvent (hEvent=0x9c) returned 1 [0144.325] SetEvent (hEvent=0x198) returned 1 [0144.326] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe18*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.329] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.329] GetFileType (hFile=0x55c) returned 0x1 [0144.329] WriteFile (in: hFile=0x55c, lpBuffer=0xc0002902c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001e7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002902c0*, lpNumberOfBytesWritten=0xc0001e7d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.330] CloseHandle (hObject=0x55c) returned 1 [0144.330] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CNheGrQAl0z.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\cnhegrqal0z.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-CNheGrQAl0z.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-cnhegrqal0z.lnk"), dwFlags=0x1) returned 1 [0144.332] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe30*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.333] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.333] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d13f698, ulCount=0x10, ulNumEntriesRemoved=0x3d13f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d13f698, ulNumEntriesRemoved=0x3d13f66c) returned 0 [0144.333] SetEvent (hEvent=0xb8) returned 1 [0144.333] SetEvent (hEvent=0x9c) returned 1 [0144.334] SetEvent (hEvent=0x198) returned 1 [0144.335] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe08*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.348] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe08*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.354] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.354] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe30*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.355] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d13f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3d13f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d13f6a0, ulNumEntriesRemoved=0x3d13f674) returned 0 [0144.355] SetEvent (hEvent=0x1dc) returned 1 [0144.355] SetEvent (hEvent=0x12c) returned 1 [0144.355] SetEvent (hEvent=0xa28) returned 1 [0144.355] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe18*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.364] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe30*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.369] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d13f698, ulCount=0x10, ulNumEntriesRemoved=0x3d13f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d13f698, ulNumEntriesRemoved=0x3d13f66c) returned 0 [0144.369] SetEvent (hEvent=0xa28) returned 1 [0144.369] SetEvent (hEvent=0x9b0) returned 1 [0144.369] SetEvent (hEvent=0x3dc) returned 1 [0144.371] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe08*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.372] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.372] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe08*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.376] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.376] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe30*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.377] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d13f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3d13f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d13f6a0, ulNumEntriesRemoved=0x3d13f674) returned 0 [0144.377] SetEvent (hEvent=0x9b0) returned 1 [0144.377] SetEvent (hEvent=0x3dc) returned 1 [0144.377] SetEvent (hEvent=0xc3c) returned 1 [0144.377] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d13fe18*=0xbc0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.387] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.387] SetEvent (hEvent=0x968) returned 1 [0144.387] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.394] SetEvent (hEvent=0x29c) returned 1 [0144.394] SetEvent (hEvent=0xb58) returned 1 [0144.394] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.395] SetEvent (hEvent=0x29c) returned 1 [0144.395] SetEvent (hEvent=0xb30) returned 1 [0144.395] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.403] SetEvent (hEvent=0x29c) returned 1 [0144.403] SetEvent (hEvent=0x898) returned 1 [0144.403] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.416] SetEvent (hEvent=0xc5c) returned 1 [0144.416] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.427] SetEvent (hEvent=0x8b8) returned 1 [0144.427] SetEvent (hEvent=0x3b0) returned 1 [0144.427] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.481] SetEvent (hEvent=0x8b8) returned 1 [0144.481] SetEvent (hEvent=0x990) returned 1 [0144.481] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) returned 0x0 [0144.497] VirtualFree (lpAddress=0xc0006f8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.498] VirtualFree (lpAddress=0xc00033c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.499] VirtualFree (lpAddress=0xc000184000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.499] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.500] SetEvent (hEvent=0x26c) returned 1 [0144.500] WaitForSingleObject (hHandle=0xbc0, dwMilliseconds=0xffffffff) Thread: id = 179 os_tid = 0xc70 [0142.228] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3d33fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3d33fea0*=0x7f0) returned 1 [0142.228] VirtualQuery (in: lpAddress=0x3d33fec0, lpBuffer=0x3d33fec0, dwLength=0x30 | out: lpBuffer=0x3d33fec0*(BaseAddress=0x3d33f000, AllocationBase=0x3d140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.228] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pApDKzHUyE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\papdkzhuye.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7f4 [0142.230] GetConsoleMode (in: hConsoleHandle=0x7f4, lpMode=0xc000459cf4 | out: lpMode=0xc000459cf4) returned 0 [0142.231] GetFileType (hFile=0x7f4) returned 0x1 [0142.231] GetFileType (hFile=0x7f4) returned 0x1 [0142.231] GetFileInformationByHandle (in: hFile=0x7f4, lpFileInformation=0xc000459d44 | out: lpFileInformation=0xc000459d44) returned 1 [0142.231] GetFileInformationByHandleEx (in: hFile=0x7f4, FileInformationClass=0x9, lpFileInformation=0xc000459d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000459d28) returned 1 [0142.231] ReadFile (in: hFile=0x7f4, lpBuffer=0xc00007ac00, nNumberOfBytesToRead=0x1084, lpNumberOfBytesRead=0xc000459c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007ac00*, lpNumberOfBytesRead=0xc000459c04*=0xe84, lpOverlapped=0x0) returned 1 [0142.793] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbc8 [0142.793] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbcc [0142.793] WaitForSingleObject (hHandle=0xbc8, dwMilliseconds=0xffffffff) returned 0x0 [0143.591] ReadFile (in: hFile=0x7f4, lpBuffer=0xc00007ba84, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000459c04, lpOverlapped=0x0 | out: lpBuffer=0xc00007ba84*, lpNumberOfBytesRead=0xc000459c04*=0x0, lpOverlapped=0x0) returned 1 [0143.591] CloseHandle (hObject=0x7f4) returned 1 [0143.591] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pApDKzHUyE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\papdkzhuye.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x770 [0143.614] WaitForSingleObject (hHandle=0xbc8, dwMilliseconds=0xffffffff) returned 0x0 [0144.403] GetConsoleMode (in: hConsoleHandle=0x770, lpMode=0xc000459d04 | out: lpMode=0xc000459d04) returned 0 [0144.404] GetFileType (hFile=0x770) returned 0x1 [0144.404] WriteFile (in: hFile=0x770, lpBuffer=0xc00033d000*, nNumberOfBytesToWrite=0xe90, lpNumberOfBytesWritten=0xc000459cec, lpOverlapped=0x0 | out: lpBuffer=0xc00033d000*, lpNumberOfBytesWritten=0xc000459cec*=0xe90, lpOverlapped=0x0) returned 1 [0144.406] CloseHandle (hObject=0x770) returned 1 [0144.406] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b501 | out: pbBuffer=0xc00031b501) returned 1 [0144.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\pApDKzHUyE.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\papdkzhuye.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x770 [0144.406] GetConsoleMode (in: hConsoleHandle=0x770, lpMode=0xc000459d64 | out: lpMode=0xc000459d64) returned 0 [0144.416] WaitForSingleObject (hHandle=0xbc8, dwMilliseconds=0xffffffff) returned 0x0 [0144.931] SetEvent (hEvent=0xc0) returned 1 [0144.931] GetFileType (hFile=0x770) returned 0x1 [0144.931] WaitForSingleObject (hHandle=0xbc8, dwMilliseconds=0xffffffff) returned 0x0 [0145.558] SetEvent (hEvent=0x254) returned 1 [0145.558] WaitForSingleObject (hHandle=0xbc8, dwMilliseconds=0xffffffff) returned 0x0 [0145.562] SetEvent (hEvent=0x254) returned 1 [0145.562] SetEvent (hEvent=0xbf0) returned 1 [0145.562] WaitForSingleObject (hHandle=0xbc8, dwMilliseconds=0xffffffff) returned 0x0 [0145.579] GetFileType (hFile=0x698) returned 0x1 [0145.579] WriteFile (in: hFile=0x698, lpBuffer=0xc0007e8000*, nNumberOfBytesToWrite=0x3e0, lpNumberOfBytesWritten=0xc0003e9cec, lpOverlapped=0x0 | out: lpBuffer=0xc0007e8000*, lpNumberOfBytesWritten=0xc0003e9cec*=0x3e0, lpOverlapped=0x0) returned 1 [0145.581] CloseHandle (hObject=0x698) returned 1 [0145.591] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0145.591] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0145.592] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0145.593] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0145.595] VirtualAlloc (lpAddress=0xc000120000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000120000 [0145.596] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Rd9uI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rd9ui.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x474 [0145.596] GetConsoleMode (in: hConsoleHandle=0x474, lpMode=0xc0003e9d64 | out: lpMode=0xc0003e9d64) returned 0 [0145.599] WaitForSingleObject (hHandle=0xbc8, dwMilliseconds=0xffffffff) returned 0x0 [0146.035] SetEvent (hEvent=0xc0) returned 1 [0146.035] SetEvent (hEvent=0xb18) returned 1 [0146.035] GetFileType (hFile=0x474) returned 0x1 [0146.035] WaitForSingleObject (hHandle=0xbc8, dwMilliseconds=0xffffffff) returned 0x0 [0146.188] WriteFile (in: hFile=0x474, lpBuffer=0xc00007e160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003e9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e160*, lpNumberOfBytesWritten=0xc0003e9d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.188] CloseHandle (hObject=0x474) returned 1 [0146.190] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\Rd9uI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rd9ui.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-Rd9uI.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-rd9ui.lnk"), dwFlags=0x1) returned 1 [0150.535] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d33f698, ulCount=0x10, ulNumEntriesRemoved=0x3d33f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d33f698, ulNumEntriesRemoved=0x3d33f66c) returned 0 [0150.535] SetEvent (hEvent=0xa38) returned 1 [0150.536] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0150.560] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d33fe08*=0xbc8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.570] WaitForSingleObject (hHandle=0xbc8, dwMilliseconds=0xffffffff) returned 0x0 [0150.570] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d33f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3d33f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d33f6a0, ulNumEntriesRemoved=0x3d33f674) returned 0 [0150.570] SetEvent (hEvent=0xa38) returned 1 [0150.571] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d33fe18*=0xbc8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0150.582] WaitForSingleObject (hHandle=0xbc8, dwMilliseconds=0xffffffff) returned 0x0 [0150.582] WaitForSingleObject (hHandle=0xbc8, dwMilliseconds=0xffffffff) Thread: id = 180 os_tid = 0xc74 [0142.232] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3d53fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3d53fea0*=0x7dc) returned 1 [0142.232] VirtualQuery (in: lpAddress=0x3d53fec0, lpBuffer=0x3d53fec0, dwLength=0x30 | out: lpBuffer=0x3d53fec0*(BaseAddress=0x3d53f000, AllocationBase=0x3d340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.232] VirtualAlloc (lpAddress=0xc00068c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00068c000 [0142.233] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rmSNLUbTcd5Ti.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rmsnlubtcd5ti.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7f8 [0142.234] GetConsoleMode (in: hConsoleHandle=0x7f8, lpMode=0xc000477cf4 | out: lpMode=0xc000477cf4) returned 0 [0142.235] GetFileType (hFile=0x7f8) returned 0x1 [0142.235] GetFileType (hFile=0x7f8) returned 0x1 [0142.235] GetFileInformationByHandle (in: hFile=0x7f8, lpFileInformation=0xc000477d44 | out: lpFileInformation=0xc000477d44) returned 1 [0142.235] GetFileInformationByHandleEx (in: hFile=0x7f8, FileInformationClass=0x9, lpFileInformation=0xc000477d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000477d28) returned 1 [0142.235] ReadFile (in: hFile=0x7f8, lpBuffer=0xc00036b000, nNumberOfBytesToRead=0xb97, lpNumberOfBytesRead=0xc000477c04, lpOverlapped=0x0 | out: lpBuffer=0xc00036b000*, lpNumberOfBytesRead=0xc000477c04*=0x997, lpOverlapped=0x0) returned 1 [0142.795] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbd0 [0142.795] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbd4 [0142.795] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0143.609] ReadFile (in: hFile=0x7f8, lpBuffer=0xc00036b997, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000477c04, lpOverlapped=0x0 | out: lpBuffer=0xc00036b997*, lpNumberOfBytesRead=0xc000477c04*=0x0, lpOverlapped=0x0) returned 1 [0143.609] CloseHandle (hObject=0x7f8) returned 1 [0143.609] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rmSNLUbTcd5Ti.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rmsnlubtcd5ti.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x808 [0143.617] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0144.431] SetEvent (hEvent=0xc0) returned 1 [0144.431] GetConsoleMode (in: hConsoleHandle=0x808, lpMode=0xc000477d04 | out: lpMode=0xc000477d04) returned 0 [0144.432] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0144.703] GetFileType (hFile=0x808) returned 0x1 [0144.703] WriteFile (in: hFile=0x808, lpBuffer=0xc000743500*, nNumberOfBytesToWrite=0x9a0, lpNumberOfBytesWritten=0xc000477cec, lpOverlapped=0x0 | out: lpBuffer=0xc000743500*, lpNumberOfBytesWritten=0xc000477cec*=0x9a0, lpOverlapped=0x0) returned 1 [0144.704] CloseHandle (hObject=0x808) returned 1 [0144.704] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533501 | out: pbBuffer=0xc000533501) returned 1 [0144.704] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0144.705] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0144.706] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rmSNLUbTcd5Ti.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rmsnlubtcd5ti.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x808 [0144.706] GetConsoleMode (in: hConsoleHandle=0x808, lpMode=0xc000477d64 | out: lpMode=0xc000477d64) returned 0 [0144.712] GetFileType (hFile=0x808) returned 0x1 [0144.712] WriteFile (in: hFile=0x808, lpBuffer=0xc000290580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000477d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290580*, lpNumberOfBytesWritten=0xc000477d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.712] CloseHandle (hObject=0x808) returned 1 [0144.712] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\rmSNLUbTcd5Ti.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\rmsnlubtcd5ti.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-rmSNLUbTcd5Ti.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-rmsnlubtcd5ti.lnk"), dwFlags=0x1) returned 1 [0144.714] SetEvent (hEvent=0xa10) returned 1 [0144.714] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0144.739] SetEvent (hEvent=0x1c4) returned 1 [0144.739] SetEvent (hEvent=0xa08) returned 1 [0144.739] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0144.754] SetEvent (hEvent=0xb38) returned 1 [0144.754] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0144.781] SetEvent (hEvent=0xa30) returned 1 [0144.781] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0145.449] SetEvent (hEvent=0xb70) returned 1 [0145.449] SetEvent (hEvent=0xb38) returned 1 [0145.449] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0145.457] SetEvent (hEvent=0xc14) returned 1 [0145.457] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0145.489] SetEvent (hEvent=0xa68) returned 1 [0145.489] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0145.495] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.497] VirtualFree (lpAddress=0xc000164000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.499] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0145.501] SetEvent (hEvent=0x254) returned 1 [0145.501] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0145.516] SetEvent (hEvent=0x254) returned 1 [0145.516] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0145.521] SetEvent (hEvent=0x254) returned 1 [0145.521] SetEvent (hEvent=0xa30) returned 1 [0145.521] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0145.526] SetEvent (hEvent=0xa08) returned 1 [0145.526] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0145.537] SetEvent (hEvent=0xac8) returned 1 [0145.537] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0145.550] SetEvent (hEvent=0x254) returned 1 [0145.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x568 [0145.552] GetConsoleMode (in: hConsoleHandle=0x568, lpMode=0xc00020dcf4 | out: lpMode=0xc00020dcf4) returned 0 [0145.557] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0146.141] GetFileType (hFile=0x568) returned 0x1 [0146.141] GetFileType (hFile=0x568) returned 0x1 [0146.141] GetFileInformationByHandle (in: hFile=0x568, lpFileInformation=0xc00020dd44 | out: lpFileInformation=0xc00020dd44) returned 1 [0146.141] GetFileInformationByHandleEx (in: hFile=0x568, FileInformationClass=0x9, lpFileInformation=0xc00020dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00020dd28) returned 1 [0146.141] VirtualAlloc (lpAddress=0xc000292000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000292000 [0146.142] ReadFile (in: hFile=0x568, lpBuffer=0xc000292000, nNumberOfBytesToRead=0x6ea, lpNumberOfBytesRead=0xc00020dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000292000*, lpNumberOfBytesRead=0xc00020dc04*=0x4ea, lpOverlapped=0x0) returned 1 [0146.145] ReadFile (in: hFile=0x568, lpBuffer=0xc0002924ea, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00020dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002924ea*, lpNumberOfBytesRead=0xc00020dc04*=0x0, lpOverlapped=0x0) returned 1 [0146.145] CloseHandle (hObject=0x568) returned 1 [0146.145] VirtualAlloc (lpAddress=0xc00028e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028e000 [0146.146] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Magnify.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\magnify.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x568 [0146.147] GetConsoleMode (in: hConsoleHandle=0x568, lpMode=0xc00020dd04 | out: lpMode=0xc00020dd04) returned 0 [0146.148] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0146.259] SetEvent (hEvent=0xc24) returned 1 [0146.259] GetFileType (hFile=0x568) returned 0x1 [0146.259] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0146.310] SetEvent (hEvent=0xc24) returned 1 [0146.310] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0146.311] SetEvent (hEvent=0x978) returned 1 [0146.311] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0147.931] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0147.932] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0147.932] VirtualAlloc (lpAddress=0xc000180000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000180000 [0147.933] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Xl2kGcwhye6UXJEFYf.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xl2kgcwhye6uxjefyf.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x588 [0147.934] GetConsoleMode (in: hConsoleHandle=0x588, lpMode=0xc0000c5cf4 | out: lpMode=0xc0000c5cf4) returned 0 [0147.936] GetFileType (hFile=0x588) returned 0x1 [0147.936] GetFileType (hFile=0x588) returned 0x1 [0147.936] GetFileInformationByHandle (in: hFile=0x588, lpFileInformation=0xc0000c5d44 | out: lpFileInformation=0xc0000c5d44) returned 1 [0147.936] GetFileInformationByHandleEx (in: hFile=0x588, FileInformationClass=0x9, lpFileInformation=0xc0000c5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0000c5d28) returned 1 [0147.936] VirtualAlloc (lpAddress=0xc0004b8000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004b8000 [0147.938] ReadFile (in: hFile=0x588, lpBuffer=0xc0004b8000, nNumberOfBytesToRead=0xe81b, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004b8000*, lpNumberOfBytesRead=0xc0000c5c04*=0xe61b, lpOverlapped=0x0) returned 1 [0148.592] ReadFile (in: hFile=0x588, lpBuffer=0xc0004c661b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0000c5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0004c661b*, lpNumberOfBytesRead=0xc0000c5c04*=0x0, lpOverlapped=0x0) returned 1 [0148.592] CloseHandle (hObject=0x588) returned 1 [0148.592] VirtualAlloc (lpAddress=0xc000644000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000644000 [0148.595] VirtualAlloc (lpAddress=0xc0002c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c0000 [0148.596] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0148.597] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Xl2kGcwhye6UXJEFYf.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xl2kgcwhye6uxjefyf.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3d0 [0149.664] GetConsoleMode (in: hConsoleHandle=0x3d0, lpMode=0xc0000c5d04 | out: lpMode=0xc0000c5d04) returned 0 [0149.665] GetFileType (hFile=0x3d0) returned 0x1 [0149.665] WriteFile (in: hFile=0x3d0, lpBuffer=0xc000644000*, nNumberOfBytesToWrite=0xe620, lpNumberOfBytesWritten=0xc0000c5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000644000*, lpNumberOfBytesWritten=0xc0000c5cec*=0xe620, lpOverlapped=0x0) returned 1 [0149.697] CloseHandle (hObject=0x3d0) returned 1 [0149.730] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3301 | out: pbBuffer=0xc0001c3301) returned 1 [0149.730] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Xl2kGcwhye6UXJEFYf.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xl2kgcwhye6uxjefyf.png"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0149.731] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc0000c5d64 | out: lpMode=0xc0000c5d64) returned 0 [0149.732] GetFileType (hFile=0x8a4) returned 0x1 [0149.732] WriteFile (in: hFile=0x8a4, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0000c5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc0000c5d4c*=0x158, lpOverlapped=0x0) returned 1 [0149.740] CloseHandle (hObject=0x8a4) returned 1 [0149.838] VirtualAlloc (lpAddress=0xc000074000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000074000 [0149.839] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Xl2kGcwhye6UXJEFYf.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\xl2kgcwhye6uxjefyf.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-Xl2kGcwhye6UXJEFYf.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-xl2kgcwhye6uxjefyf.png"), dwFlags=0x1) returned 1 [0152.177] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0152.377] VirtualFree (lpAddress=0xc0002c4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.378] VirtualFree (lpAddress=0xc0002a4000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0152.379] VirtualFree (lpAddress=0xc000226000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.379] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0152.380] VirtualFree (lpAddress=0xc0000fe000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.381] VirtualFree (lpAddress=0xc0000ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.381] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.382] VirtualFree (lpAddress=0xc000078000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.383] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0152.383] SetEvent (hEvent=0x264) returned 1 [0152.383] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0152.395] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x854 [0152.396] GetConsoleMode (in: hConsoleHandle=0x854, lpMode=0xc0001d1cf4 | out: lpMode=0xc0001d1cf4) returned 0 [0152.398] GetFileType (hFile=0x854) returned 0x1 [0152.398] GetFileType (hFile=0x854) returned 0x1 [0152.398] GetFileInformationByHandle (in: hFile=0x854, lpFileInformation=0xc0001d1d44 | out: lpFileInformation=0xc0001d1d44) returned 1 [0152.398] GetFileInformationByHandleEx (in: hFile=0x854, FileInformationClass=0x9, lpFileInformation=0xc0001d1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d1d28) returned 1 [0152.399] ReadFile (in: hFile=0x854, lpBuffer=0xc00006c2c0, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0xc0001d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c2c0*, lpNumberOfBytesRead=0xc0001d1c04*=0x85, lpOverlapped=0x0) returned 1 [0152.400] ReadFile (in: hFile=0x854, lpBuffer=0xc00006c345, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00006c345*, lpNumberOfBytesRead=0xc0001d1c04*=0x0, lpOverlapped=0x0) returned 1 [0152.400] CloseHandle (hObject=0x854) returned 1 [0152.401] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0152.402] GetConsoleMode (in: hConsoleHandle=0x854, lpMode=0xc0001d1d04 | out: lpMode=0xc0001d1d04) returned 0 [0152.425] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0152.907] GetFileType (hFile=0x854) returned 0x1 [0152.907] WriteFile (in: hFile=0x854, lpBuffer=0xc000126750*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc0001d1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000126750*, lpNumberOfBytesWritten=0xc0001d1cec*=0x90, lpOverlapped=0x0) returned 1 [0152.908] CloseHandle (hObject=0x854) returned 1 [0152.908] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0152.908] VirtualAlloc (lpAddress=0xc000054000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000054000 [0152.909] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0152.910] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0152.911] GetConsoleMode (in: hConsoleHandle=0x854, lpMode=0xc0001d1d64 | out: lpMode=0xc0001d1d64) returned 0 [0152.914] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0152.967] GetFileType (hFile=0x854) returned 0x1 [0152.967] WriteFile (in: hFile=0x854, lpBuffer=0xc000104000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesWritten=0xc0001d1d4c*=0x158, lpOverlapped=0x0) returned 1 [0152.968] CloseHandle (hObject=0x854) returned 1 [0152.968] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn money.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\encry-MSN Money.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\encry-msn money.url"), dwFlags=0x1) returned 1 [0152.969] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cwHJA1yE5fN.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cwhja1ye5fn.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x854 [0152.970] GetConsoleMode (in: hConsoleHandle=0x854, lpMode=0xc0002d7cf4 | out: lpMode=0xc0002d7cf4) returned 0 [0152.997] GetFileType (hFile=0x854) returned 0x1 [0152.997] GetFileType (hFile=0x854) returned 0x1 [0152.997] GetFileInformationByHandle (in: hFile=0x854, lpFileInformation=0xc0002d7d44 | out: lpFileInformation=0xc0002d7d44) returned 1 [0152.997] GetFileInformationByHandleEx (in: hFile=0x854, FileInformationClass=0x9, lpFileInformation=0xc0002d7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d7d28) returned 1 [0152.997] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0152.999] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0153.000] ReadFile (in: hFile=0x854, lpBuffer=0xc0000ce000, nNumberOfBytesToRead=0x1f01, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesRead=0xc0002d7c04*=0x1d01, lpOverlapped=0x0) returned 1 [0153.002] ReadFile (in: hFile=0x854, lpBuffer=0xc0000cfd01, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000cfd01*, lpNumberOfBytesRead=0xc0002d7c04*=0x0, lpOverlapped=0x0) returned 1 [0153.002] CloseHandle (hObject=0x854) returned 1 [0153.002] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0153.004] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0153.005] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0153.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cwHJA1yE5fN.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cwhja1ye5fn.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0153.008] GetConsoleMode (in: hConsoleHandle=0x854, lpMode=0xc0002d7d04 | out: lpMode=0xc0002d7d04) returned 0 [0153.059] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0153.171] GetFileType (hFile=0x854) returned 0x1 [0153.171] WriteFile (in: hFile=0x854, lpBuffer=0xc0000fa000*, nNumberOfBytesToWrite=0x1d10, lpNumberOfBytesWritten=0xc0002d7cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000fa000*, lpNumberOfBytesWritten=0xc0002d7cec*=0x1d10, lpOverlapped=0x0) returned 1 [0153.173] CloseHandle (hObject=0x854) returned 1 [0153.173] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533801 | out: pbBuffer=0xc000533801) returned 1 [0153.173] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cwHJA1yE5fN.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cwhja1ye5fn.flv"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x854 [0153.174] GetConsoleMode (in: hConsoleHandle=0x854, lpMode=0xc0002d7d64 | out: lpMode=0xc0002d7d64) returned 0 [0153.179] GetFileType (hFile=0x854) returned 0x1 [0153.179] WriteFile (in: hFile=0x854, lpBuffer=0xc0000d74a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d7d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d74a0*, lpNumberOfBytesWritten=0xc0002d7d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.179] CloseHandle (hObject=0x854) returned 1 [0153.179] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cwHJA1yE5fN.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cwhja1ye5fn.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-cwHJA1yE5fN.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-cwhja1ye5fn.flv"), dwFlags=0x1) returned 1 [0153.181] SetEvent (hEvent=0x9a8) returned 1 [0153.181] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0155.296] SetEvent (hEvent=0x9e8) returned 1 [0155.296] SetEvent (hEvent=0x9a8) returned 1 [0155.296] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0155.361] SetEvent (hEvent=0x9f0) returned 1 [0155.361] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0156.287] SetEvent (hEvent=0x100) returned 1 [0156.287] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0161.237] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\Ih6s_VaPthnsN.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\ih6s_vapthnsn.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x454 [0162.060] GetConsoleMode (in: hConsoleHandle=0x454, lpMode=0xc0003a5cf4 | out: lpMode=0xc0003a5cf4) returned 0 [0162.411] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0162.584] SetEvent (hEvent=0xa80) returned 1 [0162.584] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) returned 0x0 [0163.689] WaitForSingleObject (hHandle=0xbd0, dwMilliseconds=0xffffffff) Thread: id = 181 os_tid = 0xc78 [0142.235] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3d73fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3d73fea0*=0x804) returned 1 [0142.235] VirtualQuery (in: lpAddress=0x3d73fec0, lpBuffer=0x3d73fec0, dwLength=0x30 | out: lpBuffer=0x3d73fec0*(BaseAddress=0x3d73f000, AllocationBase=0x3d540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.236] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nz S7KVsk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nz s7kvsk.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x808 [0142.237] GetConsoleMode (in: hConsoleHandle=0x808, lpMode=0xc000451cf4 | out: lpMode=0xc000451cf4) returned 0 [0142.237] GetFileType (hFile=0x808) returned 0x1 [0142.237] GetFileType (hFile=0x808) returned 0x1 [0142.237] GetFileInformationByHandle (in: hFile=0x808, lpFileInformation=0xc000451d44 | out: lpFileInformation=0xc000451d44) returned 1 [0142.237] GetFileInformationByHandleEx (in: hFile=0x808, FileInformationClass=0x9, lpFileInformation=0xc000451d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000451d28) returned 1 [0142.237] VirtualAlloc (lpAddress=0xc00060e000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00060e000 [0142.239] ReadFile (in: hFile=0x808, lpBuffer=0xc00060e000, nNumberOfBytesToRead=0x10d2, lpNumberOfBytesRead=0xc000451c04, lpOverlapped=0x0 | out: lpBuffer=0xc00060e000*, lpNumberOfBytesRead=0xc000451c04*=0xed2, lpOverlapped=0x0) returned 1 [0142.796] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbd8 [0142.796] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbdc [0142.796] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0143.614] ReadFile (in: hFile=0x808, lpBuffer=0xc00060eed2, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000451c04, lpOverlapped=0x0 | out: lpBuffer=0xc00060eed2*, lpNumberOfBytesRead=0xc000451c04*=0x0, lpOverlapped=0x0) returned 1 [0143.614] CloseHandle (hObject=0x808) returned 1 [0143.614] VirtualAlloc (lpAddress=0xc000762000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000762000 [0143.616] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nz S7KVsk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nz s7kvsk.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x590 [0143.631] GetConsoleMode (in: hConsoleHandle=0x590, lpMode=0xc000451d04 | out: lpMode=0xc000451d04) returned 0 [0143.641] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0144.235] GetFileType (hFile=0x590) returned 0x1 [0144.235] WriteFile (in: hFile=0x590, lpBuffer=0xc000762000*, nNumberOfBytesToWrite=0xee0, lpNumberOfBytesWritten=0xc000451cec, lpOverlapped=0x0 | out: lpBuffer=0xc000762000*, lpNumberOfBytesWritten=0xc000451cec*=0xee0, lpOverlapped=0x0) returned 1 [0144.237] CloseHandle (hObject=0x590) returned 1 [0144.237] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0144.237] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0144.239] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\nz S7KVsk.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\nz s7kvsk.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x590 [0144.239] GetConsoleMode (in: hConsoleHandle=0x590, lpMode=0xc000451d64 | out: lpMode=0xc000451d64) returned 0 [0144.241] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0144.605] SetEvent (hEvent=0xc6c) returned 1 [0144.605] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0144.608] SetEvent (hEvent=0xc6c) returned 1 [0144.608] SetEvent (hEvent=0xc0c) returned 1 [0144.608] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0144.615] SetEvent (hEvent=0xc6c) returned 1 [0144.615] SetEvent (hEvent=0x9a0) returned 1 [0144.615] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0145.933] SetEvent (hEvent=0x9b8) returned 1 [0145.934] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0145.948] SetEvent (hEvent=0xb40) returned 1 [0145.948] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0145.952] SetEvent (hEvent=0x2f4) returned 1 [0145.952] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0145.964] SetEvent (hEvent=0x2f4) returned 1 [0145.964] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0145.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x770 [0145.966] GetConsoleMode (in: hConsoleHandle=0x770, lpMode=0xc000035cf4 | out: lpMode=0xc000035cf4) returned 0 [0145.974] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0146.215] GetFileType (hFile=0x770) returned 0x1 [0146.216] GetFileType (hFile=0x770) returned 0x1 [0146.216] GetFileInformationByHandle (in: hFile=0x770, lpFileInformation=0xc000035d44 | out: lpFileInformation=0xc000035d44) returned 1 [0146.216] GetFileInformationByHandleEx (in: hFile=0x770, FileInformationClass=0x9, lpFileInformation=0xc000035d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000035d28) returned 1 [0146.216] ReadFile (in: hFile=0x770, lpBuffer=0xc00029a700, nNumberOfBytesToRead=0x306, lpNumberOfBytesRead=0xc000035c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029a700*, lpNumberOfBytesRead=0xc000035c04*=0x106, lpOverlapped=0x0) returned 1 [0146.218] ReadFile (in: hFile=0x770, lpBuffer=0xc00029a806, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000035c04, lpOverlapped=0x0 | out: lpBuffer=0xc00029a806*, lpNumberOfBytesRead=0xc000035c04*=0x0, lpOverlapped=0x0) returned 1 [0146.218] CloseHandle (hObject=0x770) returned 1 [0146.218] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0146.219] VirtualAlloc (lpAddress=0xc0002a6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a6000 [0146.220] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x770 [0146.221] GetConsoleMode (in: hConsoleHandle=0x770, lpMode=0xc000035d04 | out: lpMode=0xc000035d04) returned 0 [0146.229] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0146.283] GetFileType (hFile=0x770) returned 0x1 [0146.283] WriteFile (in: hFile=0x770, lpBuffer=0xc00011cc60*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc000035cec, lpOverlapped=0x0 | out: lpBuffer=0xc00011cc60*, lpNumberOfBytesWritten=0xc000035cec*=0x110, lpOverlapped=0x0) returned 1 [0146.284] CloseHandle (hObject=0x770) returned 1 [0146.285] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0146.285] VirtualAlloc (lpAddress=0xc0002b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b0000 [0146.286] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x770 [0146.286] GetConsoleMode (in: hConsoleHandle=0x770, lpMode=0xc000035d64 | out: lpMode=0xc000035d64) returned 0 [0146.289] GetFileType (hFile=0x770) returned 0x1 [0146.289] WriteFile (in: hFile=0x770, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000035d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000035d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.289] CloseHandle (hObject=0x770) returned 1 [0146.289] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\computer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\computer.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\encry-computer.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\encry-computer.lnk"), dwFlags=0x1) returned 1 [0146.295] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0146.342] SetEvent (hEvent=0xa58) returned 1 [0146.342] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0146.484] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xc7c [0146.485] GetConsoleMode (in: hConsoleHandle=0xc7c, lpMode=0xc00027bcf4 | out: lpMode=0xc00027bcf4) returned 0 [0146.513] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0146.617] GetFileType (hFile=0xc7c) returned 0x1 [0146.618] GetFileType (hFile=0xc7c) returned 0x1 [0146.618] GetFileInformationByHandle (in: hFile=0xc7c, lpFileInformation=0xc00027bd44 | out: lpFileInformation=0xc00027bd44) returned 1 [0146.618] GetFileInformationByHandleEx (in: hFile=0xc7c, FileInformationClass=0x9, lpFileInformation=0xc00027bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00027bd28) returned 1 [0146.618] VirtualAlloc (lpAddress=0xc0004a0000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0004a0000 [0146.637] ReadFile (in: hFile=0xc7c, lpBuffer=0xc0004a0000, nNumberOfBytesToRead=0x10200, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004a0000*, lpNumberOfBytesRead=0xc00027bc04*=0x10000, lpOverlapped=0x0) returned 1 [0146.672] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0146.859] ReadFile (in: hFile=0xc7c, lpBuffer=0xc0004b0000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00027bc04, lpOverlapped=0x0 | out: lpBuffer=0xc0004b0000*, lpNumberOfBytesRead=0xc00027bc04*=0x0, lpOverlapped=0x0) returned 1 [0146.859] CloseHandle (hObject=0xc7c) returned 1 [0146.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc7c [0146.861] GetConsoleMode (in: hConsoleHandle=0xc7c, lpMode=0xc00027bd04 | out: lpMode=0xc00027bd04) returned 0 [0146.872] GetFileType (hFile=0xc7c) returned 0x1 [0146.872] WriteFile (in: hFile=0xc7c, lpBuffer=0xc0002a4000*, nNumberOfBytesToWrite=0x10010, lpNumberOfBytesWritten=0xc00027bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesWritten=0xc00027bcec*=0x10010, lpOverlapped=0x0) returned 1 [0146.874] CloseHandle (hObject=0xc7c) returned 1 [0146.874] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b101 | out: pbBuffer=0xc00031b101) returned 1 [0146.875] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0146.876] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xc7c [0146.876] GetConsoleMode (in: hConsoleHandle=0xc7c, lpMode=0xc00027bd64 | out: lpMode=0xc00027bd64) returned 0 [0146.886] GetFileType (hFile=0xc7c) returned 0x1 [0146.886] WriteFile (in: hFile=0xc7c, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00027bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc00027bd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.887] CloseHandle (hObject=0xc7c) returned 1 [0146.887] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cert8.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-cert8.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-cert8.db"), dwFlags=0x1) returned 1 [0146.889] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe30*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.890] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0146.890] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d73f698, ulCount=0x10, ulNumEntriesRemoved=0x3d73f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d73f698, ulNumEntriesRemoved=0x3d73f66c) returned 0 [0146.890] SetEvent (hEvent=0xc0) returned 1 [0146.890] SetEvent (hEvent=0x324) returned 1 [0146.890] SetEvent (hEvent=0xc80) returned 1 [0146.890] SetEvent (hEvent=0x264) returned 1 [0146.892] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe08*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.924] SetEvent (hEvent=0x264) returned 1 [0146.924] SetEvent (hEvent=0xc80) returned 1 [0146.924] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe08*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.940] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0146.940] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe30*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.941] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0146.941] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d73f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3d73f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d73f6a0, ulNumEntriesRemoved=0x3d73f674) returned 0 [0146.941] SetEvent (hEvent=0xc24) returned 1 [0146.941] SetEvent (hEvent=0x1f8) returned 1 [0146.942] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe18*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.003] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0147.003] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d73f698, ulCount=0x10, ulNumEntriesRemoved=0x3d73f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d73f698, ulNumEntriesRemoved=0x3d73f66c) returned 0 [0147.003] SetEvent (hEvent=0xc24) returned 1 [0147.003] SetEvent (hEvent=0x318) returned 1 [0147.005] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe08*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.011] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0147.011] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe08*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.041] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0147.041] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d73f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3d73f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d73f6a0, ulNumEntriesRemoved=0x3d73f674) returned 0 [0147.041] SetEvent (hEvent=0x988) returned 1 [0147.041] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe18*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.087] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d73f698, ulCount=0x10, ulNumEntriesRemoved=0x3d73f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d73f698, ulNumEntriesRemoved=0x3d73f66c) returned 0 [0147.087] SetEvent (hEvent=0x318) returned 1 [0147.088] SetEvent (hEvent=0xc1c) returned 1 [0147.088] SetEvent (hEvent=0xc24) returned 1 [0147.090] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe08*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.099] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0147.099] SetEvent (hEvent=0x318) returned 1 [0147.099] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe08*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.109] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0147.109] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe30*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.112] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0147.112] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d73f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3d73f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d73f6a0, ulNumEntriesRemoved=0x3d73f674) returned 0 [0147.112] SetEvent (hEvent=0x318) returned 1 [0147.112] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe18*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.121] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe30*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.123] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d73f698, ulCount=0x10, ulNumEntriesRemoved=0x3d73f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d73f698, ulNumEntriesRemoved=0x3d73f66c) returned 0 [0147.123] SetEvent (hEvent=0x1f8) returned 1 [0147.123] SetEvent (hEvent=0xa38) returned 1 [0147.123] SetEvent (hEvent=0x318) returned 1 [0147.125] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe08*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.148] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0147.149] SetEvent (hEvent=0x318) returned 1 [0147.149] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe08*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.181] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0147.181] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe30*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.236] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d73f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3d73f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d73f6a0, ulNumEntriesRemoved=0x3d73f674) returned 0 [0147.236] SetEvent (hEvent=0xc0) returned 1 [0147.236] SetEvent (hEvent=0x1a0) returned 1 [0147.236] SetEvent (hEvent=0xb60) returned 1 [0147.236] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe18*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.292] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d73f698, ulCount=0x10, ulNumEntriesRemoved=0x3d73f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d73f698, ulNumEntriesRemoved=0x3d73f66c) returned 0 [0147.292] SetEvent (hEvent=0xb60) returned 1 [0147.293] SetEvent (hEvent=0x1a0) returned 1 [0147.293] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0147.295] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe08*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.300] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0147.300] SetEvent (hEvent=0x1a0) returned 1 [0147.300] SetEvent (hEvent=0xa38) returned 1 [0147.300] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe08*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.304] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0147.304] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe30*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0147.305] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3d73f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3d73f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3d73f6a0, ulNumEntriesRemoved=0x3d73f674) returned 0 [0147.305] SetEvent (hEvent=0xa38) returned 1 [0147.305] SetEvent (hEvent=0x1a0) returned 1 [0147.305] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3d73fe18*=0xbd8, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0147.307] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0147.307] VirtualFree (lpAddress=0xc000790000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0147.308] VirtualFree (lpAddress=0xc000298000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.309] VirtualFree (lpAddress=0xc000230000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.310] VirtualFree (lpAddress=0xc000226000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.310] VirtualFree (lpAddress=0xc000220000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.311] VirtualFree (lpAddress=0xc000218000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.311] GetFileType (hFile=0x698) returned 0x1 [0147.311] GetFileInformationByHandle (in: hFile=0x698, lpFileInformation=0xc000135d44 | out: lpFileInformation=0xc000135d44) returned 1 [0147.311] GetFileInformationByHandleEx (in: hFile=0x698, FileInformationClass=0x9, lpFileInformation=0xc000135d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000135d28) returned 1 [0147.312] VirtualAlloc (lpAddress=0xc0000ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ce000 [0147.312] ReadFile (in: hFile=0x698, lpBuffer=0xc0000ce000, nNumberOfBytesToRead=0x4c0, lpNumberOfBytesRead=0xc000135c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce000*, lpNumberOfBytesRead=0xc000135c04*=0x2c0, lpOverlapped=0x0) returned 1 [0147.313] ReadFile (in: hFile=0x698, lpBuffer=0xc0000ce2c0, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000135c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ce2c0*, lpNumberOfBytesRead=0xc000135c04*=0x0, lpOverlapped=0x0) returned 1 [0147.313] CloseHandle (hObject=0x698) returned 1 [0147.313] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0147.314] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0147.315] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0147.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0147.316] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini\\*", lpFindFileData=0xc000135a08 | out: lpFindFileData=0xc000135a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0147.316] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000135720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0147.316] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0147.317] VirtualFree (lpAddress=0xc000212000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0147.318] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.318] SetEvent (hEvent=0x988) returned 1 [0147.319] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0147.344] SetEvent (hEvent=0xa38) returned 1 [0147.344] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0147.350] SetEvent (hEvent=0xc44) returned 1 [0147.350] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0147.356] SetEvent (hEvent=0x988) returned 1 [0147.356] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0147.383] SetEvent (hEvent=0xa38) returned 1 [0147.383] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x81c [0147.384] GetConsoleMode (in: hConsoleHandle=0x81c, lpMode=0xc0003c1cf4 | out: lpMode=0xc0003c1cf4) returned 0 [0147.386] GetFileType (hFile=0x81c) returned 0x1 [0147.386] GetFileType (hFile=0x81c) returned 0x1 [0147.386] GetFileInformationByHandle (in: hFile=0x81c, lpFileInformation=0xc0003c1d44 | out: lpFileInformation=0xc0003c1d44) returned 1 [0147.386] GetFileInformationByHandleEx (in: hFile=0x81c, FileInformationClass=0x9, lpFileInformation=0xc0003c1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003c1d28) returned 1 [0147.386] VirtualAlloc (lpAddress=0xc00025c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025c000 [0147.387] ReadFile (in: hFile=0x81c, lpBuffer=0xc00025c000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003c1c04, lpOverlapped=0x0 | out: lpBuffer=0xc00025c000*, lpNumberOfBytesRead=0xc0003c1c04*=0x0, lpOverlapped=0x0) returned 1 [0147.387] CloseHandle (hObject=0x81c) returned 1 [0147.387] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x81c [0147.387] GetConsoleMode (in: hConsoleHandle=0x81c, lpMode=0xc0003c1d04 | out: lpMode=0xc0003c1d04) returned 0 [0147.417] GetFileType (hFile=0x81c) returned 0x1 [0147.417] WriteFile (in: hFile=0x81c, lpBuffer=0xc0005865d0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc0003c1cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005865d0*, lpNumberOfBytesWritten=0xc0003c1cec*=0x10, lpOverlapped=0x0) returned 1 [0147.418] CloseHandle (hObject=0x81c) returned 1 [0147.419] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0147.419] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0147.420] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x81c [0147.420] GetConsoleMode (in: hConsoleHandle=0x81c, lpMode=0xc0003c1d64 | out: lpMode=0xc0003c1d64) returned 0 [0147.424] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0147.851] GetFileType (hFile=0x81c) returned 0x1 [0147.851] WriteFile (in: hFile=0x81c, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0003c1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0003c1d4c*=0x158, lpOverlapped=0x0) returned 1 [0148.498] CloseHandle (hObject=0x81c) returned 1 [0149.361] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0149.371] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\parent.lock"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-parent.lock" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-parent.lock"), dwFlags=0x1) returned 1 [0151.758] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0152.293] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0152.296] SetEvent (hEvent=0x354) returned 1 [0152.296] SetEvent (hEvent=0xc1c) returned 1 [0152.296] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0152.307] SetEvent (hEvent=0x3b0) returned 1 [0152.307] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0161.367] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0161.368] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x510 [0162.034] GetConsoleMode (in: hConsoleHandle=0x510, lpMode=0xc0003adcf4 | out: lpMode=0xc0003adcf4) returned 0 [0162.347] GetFileType (hFile=0x510) returned 0x1 [0162.347] GetFileType (hFile=0x510) returned 0x1 [0162.347] GetFileInformationByHandle (in: hFile=0x510, lpFileInformation=0xc0003add44 | out: lpFileInformation=0xc0003add44) returned 1 [0162.347] GetFileInformationByHandleEx (in: hFile=0x510, FileInformationClass=0x9, lpFileInformation=0xc0003add28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003add28) returned 1 [0162.347] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0162.348] ReadFile (in: hFile=0x510, lpBuffer=0xc000244000, nNumberOfBytesToRead=0x2f8, lpNumberOfBytesRead=0xc0003adc04, lpOverlapped=0x0 | out: lpBuffer=0xc000244000*, lpNumberOfBytesRead=0xc0003adc04*=0xf8, lpOverlapped=0x0) returned 1 [0162.350] ReadFile (in: hFile=0x510, lpBuffer=0xc0002440f8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003adc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002440f8*, lpNumberOfBytesRead=0xc0003adc04*=0x0, lpOverlapped=0x0) returned 1 [0162.350] CloseHandle (hObject=0x510) returned 1 [0162.351] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\searches\\indexed locations.search-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.351] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Searches\\Indexed Locations.search-ms\\*", lpFindFileData=0xc0003ada08 | out: lpFindFileData=0xc0003ada08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.351] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0003ad720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.351] SetEvent (hEvent=0xbb0) returned 1 [0162.351] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) returned 0x0 [0162.438] SetEvent (hEvent=0x9b8) returned 1 [0162.438] WaitForSingleObject (hHandle=0xbd8, dwMilliseconds=0xffffffff) Thread: id = 182 os_tid = 0xc7c [0142.240] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3d93fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3d93fea0*=0x80c) returned 1 [0142.240] VirtualQuery (in: lpAddress=0x3d93fec0, lpBuffer=0x3d93fec0, dwLength=0x30 | out: lpBuffer=0x3d93fec0*(BaseAddress=0x3d93f000, AllocationBase=0x3d740000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.240] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vfJbgc7tLtAOeJn.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vfjbgc7tltaoejn.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x810 [0142.241] GetConsoleMode (in: hConsoleHandle=0x810, lpMode=0xc000471cf4 | out: lpMode=0xc000471cf4) returned 0 [0142.242] GetFileType (hFile=0x810) returned 0x1 [0142.242] GetFileType (hFile=0x810) returned 0x1 [0142.242] GetFileInformationByHandle (in: hFile=0x810, lpFileInformation=0xc000471d44 | out: lpFileInformation=0xc000471d44) returned 1 [0142.242] GetFileInformationByHandleEx (in: hFile=0x810, FileInformationClass=0x9, lpFileInformation=0xc000471d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000471d28) returned 1 [0142.242] ReadFile (in: hFile=0x810, lpBuffer=0xc00030b900, nNumberOfBytesToRead=0x10e6, lpNumberOfBytesRead=0xc000471c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030b900*, lpNumberOfBytesRead=0xc000471c04*=0xee6, lpOverlapped=0x0) returned 1 [0142.798] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbe8 [0142.798] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbec [0142.799] WaitForSingleObject (hHandle=0xbe8, dwMilliseconds=0xffffffff) returned 0x0 [0143.689] ReadFile (in: hFile=0x810, lpBuffer=0xc00030c7e6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000471c04, lpOverlapped=0x0 | out: lpBuffer=0xc00030c7e6*, lpNumberOfBytesRead=0xc000471c04*=0x0, lpOverlapped=0x0) returned 1 [0143.689] CloseHandle (hObject=0x810) returned 1 [0143.690] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vfJbgc7tLtAOeJn.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vfjbgc7tltaoejn.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b0 [0143.704] WaitForSingleObject (hHandle=0xbe8, dwMilliseconds=0xffffffff) returned 0x0 [0144.426] GetConsoleMode (in: hConsoleHandle=0x5b0, lpMode=0xc000471d04 | out: lpMode=0xc000471d04) returned 0 [0144.427] GetFileType (hFile=0x5b0) returned 0x1 [0144.427] WriteFile (in: hFile=0x5b0, lpBuffer=0xc000673000*, nNumberOfBytesToWrite=0xef0, lpNumberOfBytesWritten=0xc000471cec, lpOverlapped=0x0 | out: lpBuffer=0xc000673000*, lpNumberOfBytesWritten=0xc000471cec*=0xef0, lpOverlapped=0x0) returned 1 [0144.429] CloseHandle (hObject=0x5b0) returned 1 [0144.429] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0144.429] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0144.431] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vfJbgc7tLtAOeJn.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vfjbgc7tltaoejn.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b0 [0144.431] GetConsoleMode (in: hConsoleHandle=0x5b0, lpMode=0xc000471d64 | out: lpMode=0xc000471d64) returned 0 [0144.432] WaitForSingleObject (hHandle=0xbe8, dwMilliseconds=0xffffffff) returned 0x0 [0145.340] GetFileType (hFile=0x5b0) returned 0x1 [0145.340] WriteFile (in: hFile=0x5b0, lpBuffer=0xc000290b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000471d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290b00*, lpNumberOfBytesWritten=0xc000471d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.341] CloseHandle (hObject=0x5b0) returned 1 [0145.342] WaitForSingleObject (hHandle=0xbe8, dwMilliseconds=0xffffffff) returned 0x0 [0145.827] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0145.828] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vfJbgc7tLtAOeJn.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vfjbgc7tltaoejn.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-vfJbgc7tLtAOeJn.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-vfjbgc7tltaoejn.lnk"), dwFlags=0x1) returned 1 [0148.093] WaitForSingleObject (hHandle=0xbe8, dwMilliseconds=0xffffffff) returned 0x0 [0148.106] WaitForSingleObject (hHandle=0xbe8, dwMilliseconds=0xffffffff) returned 0x0 [0148.110] SetEvent (hEvent=0xb48) returned 1 [0148.110] SetEvent (hEvent=0xae0) returned 1 [0148.110] WaitForSingleObject (hHandle=0xbe8, dwMilliseconds=0xffffffff) returned 0x0 [0149.346] SetEvent (hEvent=0x3c4) returned 1 [0149.346] SetEvent (hEvent=0x9f0) returned 1 [0149.346] WaitForSingleObject (hHandle=0xbe8, dwMilliseconds=0xffffffff) returned 0x0 [0149.352] SetEvent (hEvent=0xab8) returned 1 [0149.352] WaitForSingleObject (hHandle=0xbe8, dwMilliseconds=0xffffffff) returned 0x0 [0149.370] SetEvent (hEvent=0xb60) returned 1 [0149.370] WaitForSingleObject (hHandle=0xbe8, dwMilliseconds=0xffffffff) returned 0x0 [0149.397] SetEvent (hEvent=0xa38) returned 1 [0149.397] WaitForSingleObject (hHandle=0xbe8, dwMilliseconds=0xffffffff) Thread: id = 183 os_tid = 0xc80 [0142.245] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3db3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3db3fea0*=0x814) returned 1 [0142.245] VirtualQuery (in: lpAddress=0x3db3fec0, lpBuffer=0x3db3fec0, dwLength=0x30 | out: lpBuffer=0x3db3fec0*(BaseAddress=0x3db3f000, AllocationBase=0x3d940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.245] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\plkB4TD2QZSfN1cFlc0.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\plkb4td2qzsfn1cflc0.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x818 [0142.246] GetConsoleMode (in: hConsoleHandle=0x818, lpMode=0xc000463cf4 | out: lpMode=0xc000463cf4) returned 0 [0142.247] GetFileType (hFile=0x818) returned 0x1 [0142.247] GetFileType (hFile=0x818) returned 0x1 [0142.247] GetFileInformationByHandle (in: hFile=0x818, lpFileInformation=0xc000463d44 | out: lpFileInformation=0xc000463d44) returned 1 [0142.247] GetFileInformationByHandleEx (in: hFile=0x818, FileInformationClass=0x9, lpFileInformation=0xc000463d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000463d28) returned 1 [0142.248] ReadFile (in: hFile=0x818, lpBuffer=0xc000214a80, nNumberOfBytesToRead=0x285f, lpNumberOfBytesRead=0xc000463c04, lpOverlapped=0x0 | out: lpBuffer=0xc000214a80*, lpNumberOfBytesRead=0xc000463c04*=0x265f, lpOverlapped=0x0) returned 1 [0142.800] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbf0 [0142.800] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbf4 [0142.800] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0143.697] ReadFile (in: hFile=0x818, lpBuffer=0xc0002170df, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000463c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002170df*, lpNumberOfBytesRead=0xc000463c04*=0x0, lpOverlapped=0x0) returned 1 [0143.697] CloseHandle (hObject=0x818) returned 1 [0143.698] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\plkB4TD2QZSfN1cFlc0.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\plkb4td2qzsfn1cflc0.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x818 [0143.730] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0144.516] GetConsoleMode (in: hConsoleHandle=0x818, lpMode=0xc000463d04 | out: lpMode=0xc000463d04) returned 0 [0144.520] GetFileType (hFile=0x818) returned 0x1 [0144.520] WriteFile (in: hFile=0x818, lpBuffer=0xc000604000*, nNumberOfBytesToWrite=0x2660, lpNumberOfBytesWritten=0xc000463cec, lpOverlapped=0x0 | out: lpBuffer=0xc000604000*, lpNumberOfBytesWritten=0xc000463cec*=0x2660, lpOverlapped=0x0) returned 1 [0144.522] CloseHandle (hObject=0x818) returned 1 [0144.522] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533501 | out: pbBuffer=0xc000533501) returned 1 [0144.522] VirtualAlloc (lpAddress=0xc000184000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000184000 [0144.523] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0144.524] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\plkB4TD2QZSfN1cFlc0.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\plkb4td2qzsfn1cflc0.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x818 [0144.524] GetConsoleMode (in: hConsoleHandle=0x818, lpMode=0xc000463d64 | out: lpMode=0xc000463d64) returned 0 [0144.526] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0144.822] GetFileType (hFile=0x818) returned 0x1 [0144.822] WriteFile (in: hFile=0x818, lpBuffer=0xc000290160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000463d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290160*, lpNumberOfBytesWritten=0xc000463d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.822] CloseHandle (hObject=0x818) returned 1 [0144.824] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0145.568] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0145.569] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\plkB4TD2QZSfN1cFlc0.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\plkb4td2qzsfn1cflc0.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-plkB4TD2QZSfN1cFlc0.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-plkb4td2qzsfn1cflc0.lnk"), dwFlags=0x1) returned 1 [0148.089] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3db3fe30*=0xbf0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.089] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3db3f698, ulCount=0x10, ulNumEntriesRemoved=0x3db3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3db3f698, ulNumEntriesRemoved=0x3db3f66c) returned 0 [0148.089] SetEvent (hEvent=0xc0) returned 1 [0148.089] SetEvent (hEvent=0x9a0) returned 1 [0148.089] VirtualAlloc (lpAddress=0xc0002ca000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ca000 [0148.092] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3db3fe08*=0xbf0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.093] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3db3fe08*=0xbf0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.094] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3db3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3db3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3db3f6a0, ulNumEntriesRemoved=0x3db3f674) returned 0 [0148.094] SetEvent (hEvent=0xb48) returned 1 [0148.094] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3db3fe18*=0xbf0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.106] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3db3fe30*=0xbf0, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0148.106] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.106] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3db3f698, ulCount=0x10, ulNumEntriesRemoved=0x3db3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3db3f698, ulNumEntriesRemoved=0x3db3f66c) returned 0 [0148.106] SetEvent (hEvent=0xb48) returned 1 [0148.108] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3db3fe08*=0xbf0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.110] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3db3fe08*=0xbf0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.112] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3db3fe30*=0xbf0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.114] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3db3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3db3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3db3f6a0, ulNumEntriesRemoved=0x3db3f674) returned 0 [0148.114] SetEvent (hEvent=0x9f0) returned 1 [0148.114] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3db3fe18*=0xbf0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.117] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3db3fe30*=0xbf0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.118] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3db3f698, ulCount=0x10, ulNumEntriesRemoved=0x3db3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3db3f698, ulNumEntriesRemoved=0x3db3f66c) returned 0 [0148.118] SetEvent (hEvent=0xae0) returned 1 [0148.118] SetEvent (hEvent=0x9a8) returned 1 [0148.119] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3db3fe08*=0xbf0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.121] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3db3fe08*=0xbf0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.122] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3db3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3db3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3db3f6a0, ulNumEntriesRemoved=0x3db3f674) returned 0 [0148.122] SetEvent (hEvent=0x9f0) returned 1 [0148.123] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3db3fe18*=0xbf0, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0148.128] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.267] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.268] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.269] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.269] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.270] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.271] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.272] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.272] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.273] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.275] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.275] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.276] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.277] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.278] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.278] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.279] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.280] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.280] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.281] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.282] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.282] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.283] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.284] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.285] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.286] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.287] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.288] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.288] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.289] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.290] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.290] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.291] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.291] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.292] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.292] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.293] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.293] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.294] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.294] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.295] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.295] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.296] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.296] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.297] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.297] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.298] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0148.300] SetEvent (hEvent=0xb48) returned 1 [0148.300] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000481818, lpReserved=0x0 | out: lpBuffer=0xc0005863a0*, lpNumberOfCharsWritten=0xc000481818*=0x4) returned 1 [0148.301] SetEvent (hEvent=0xb48) returned 1 [0148.301] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00022d818, lpReserved=0x0 | out: lpBuffer=0xc0005863a8*, lpNumberOfCharsWritten=0xc00022d818*=0x4) returned 1 [0148.302] SetEvent (hEvent=0xb48) returned 1 [0148.302] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000063818, lpReserved=0x0 | out: lpBuffer=0xc0005863b0*, lpNumberOfCharsWritten=0xc000063818*=0x4) returned 1 [0148.302] SetEvent (hEvent=0xb48) returned 1 [0148.303] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863b8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003e7818, lpReserved=0x0 | out: lpBuffer=0xc0005863b8*, lpNumberOfCharsWritten=0xc0003e7818*=0x4) returned 1 [0148.303] SetEvent (hEvent=0xb48) returned 1 [0148.303] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00038f818, lpReserved=0x0 | out: lpBuffer=0xc0005863c0*, lpNumberOfCharsWritten=0xc00038f818*=0x4) returned 1 [0148.304] SetEvent (hEvent=0xb48) returned 1 [0148.304] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863c8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000197818, lpReserved=0x0 | out: lpBuffer=0xc0005863c8*, lpNumberOfCharsWritten=0xc000197818*=0x4) returned 1 [0148.304] SetEvent (hEvent=0xb48) returned 1 [0148.304] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00026d818, lpReserved=0x0 | out: lpBuffer=0xc0005863d0*, lpNumberOfCharsWritten=0xc00026d818*=0x4) returned 1 [0148.305] SetEvent (hEvent=0xb48) returned 1 [0148.305] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0005863d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0006e3818, lpReserved=0x0 | out: lpBuffer=0xc0005863d8*, lpNumberOfCharsWritten=0xc0006e3818*=0x4) returned 1 [0148.306] SetEvent (hEvent=0xb48) returned 1 [0148.306] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586430*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000069818, lpReserved=0x0 | out: lpBuffer=0xc000586430*, lpNumberOfCharsWritten=0xc000069818*=0x4) returned 1 [0148.306] SetEvent (hEvent=0xb48) returned 1 [0148.306] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586438*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000f7818, lpReserved=0x0 | out: lpBuffer=0xc000586438*, lpNumberOfCharsWritten=0xc0000f7818*=0x4) returned 1 [0148.307] SetEvent (hEvent=0xb48) returned 1 [0148.307] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586460*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000247818, lpReserved=0x0 | out: lpBuffer=0xc000586460*, lpNumberOfCharsWritten=0xc000247818*=0x4) returned 1 [0148.308] SetEvent (hEvent=0xb48) returned 1 [0148.308] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586468*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00041d818, lpReserved=0x0 | out: lpBuffer=0xc000586468*, lpNumberOfCharsWritten=0xc00041d818*=0x4) returned 1 [0148.308] SetEvent (hEvent=0xb48) returned 1 [0148.308] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586470*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002dd818, lpReserved=0x0 | out: lpBuffer=0xc000586470*, lpNumberOfCharsWritten=0xc0002dd818*=0x4) returned 1 [0148.309] SetEvent (hEvent=0xb48) returned 1 [0148.309] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586478*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000451818, lpReserved=0x0 | out: lpBuffer=0xc000586478*, lpNumberOfCharsWritten=0xc000451818*=0x4) returned 1 [0148.310] SetEvent (hEvent=0xb48) returned 1 [0148.310] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586480*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00040f818, lpReserved=0x0 | out: lpBuffer=0xc000586480*, lpNumberOfCharsWritten=0xc00040f818*=0x4) returned 1 [0148.311] SetEvent (hEvent=0xb48) returned 1 [0148.311] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586488*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003a9818, lpReserved=0x0 | out: lpBuffer=0xc000586488*, lpNumberOfCharsWritten=0xc0003a9818*=0x4) returned 1 [0148.312] SetEvent (hEvent=0xb48) returned 1 [0148.312] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586500*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000463818, lpReserved=0x0 | out: lpBuffer=0xc000586500*, lpNumberOfCharsWritten=0xc000463818*=0x4) returned 1 [0148.312] SetEvent (hEvent=0xb48) returned 1 [0148.312] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586508*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00049d818, lpReserved=0x0 | out: lpBuffer=0xc000586508*, lpNumberOfCharsWritten=0xc00049d818*=0x4) returned 1 [0148.313] SetEvent (hEvent=0xb48) returned 1 [0148.313] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586510*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000471818, lpReserved=0x0 | out: lpBuffer=0xc000586510*, lpNumberOfCharsWritten=0xc000471818*=0x4) returned 1 [0148.314] SetEvent (hEvent=0xb48) returned 1 [0148.314] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586518*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00024d818, lpReserved=0x0 | out: lpBuffer=0xc000586518*, lpNumberOfCharsWritten=0xc00024d818*=0x4) returned 1 [0148.315] SetEvent (hEvent=0xb48) returned 1 [0148.315] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586540*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000469818, lpReserved=0x0 | out: lpBuffer=0xc000586540*, lpNumberOfCharsWritten=0xc000469818*=0x4) returned 1 [0148.315] SetEvent (hEvent=0xb48) returned 1 [0148.315] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586548*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003af818, lpReserved=0x0 | out: lpBuffer=0xc000586548*, lpNumberOfCharsWritten=0xc0003af818*=0x4) returned 1 [0148.316] SetEvent (hEvent=0xb48) returned 1 [0148.316] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586550*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000403818, lpReserved=0x0 | out: lpBuffer=0xc000586550*, lpNumberOfCharsWritten=0xc000403818*=0x4) returned 1 [0148.317] SetEvent (hEvent=0xb48) returned 1 [0148.317] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586558*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00015f818, lpReserved=0x0 | out: lpBuffer=0xc000586558*, lpNumberOfCharsWritten=0xc00015f818*=0x4) returned 1 [0148.318] SetEvent (hEvent=0xb48) returned 1 [0148.318] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586560*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000441818, lpReserved=0x0 | out: lpBuffer=0xc000586560*, lpNumberOfCharsWritten=0xc000441818*=0x4) returned 1 [0148.319] SetEvent (hEvent=0xb48) returned 1 [0148.319] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586568*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00043b818, lpReserved=0x0 | out: lpBuffer=0xc000586568*, lpNumberOfCharsWritten=0xc00043b818*=0x4) returned 1 [0148.319] SetEvent (hEvent=0xb48) returned 1 [0148.319] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586580*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000397818, lpReserved=0x0 | out: lpBuffer=0xc000586580*, lpNumberOfCharsWritten=0xc000397818*=0x4) returned 1 [0148.320] SetEvent (hEvent=0xb48) returned 1 [0148.320] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586588*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001af818, lpReserved=0x0 | out: lpBuffer=0xc000586588*, lpNumberOfCharsWritten=0xc0001af818*=0x4) returned 1 [0148.321] VirtualAlloc (lpAddress=0xc000202000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000202000 [0148.322] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0149.016] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0149.130] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0149.133] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0149.234] SetEvent (hEvent=0xac8) returned 1 [0149.234] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0149.237] SwitchToThread () returned 1 [0149.238] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0149.318] SetEvent (hEvent=0xae0) returned 1 [0149.318] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0149.353] SetEvent (hEvent=0x3c4) returned 1 [0149.353] SetEvent (hEvent=0x1b4) returned 1 [0149.356] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0149.360] SetEvent (hEvent=0x3c4) returned 1 [0149.360] SetEvent (hEvent=0xc24) returned 1 [0149.360] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0149.365] SetEvent (hEvent=0x3c4) returned 1 [0149.365] SetEvent (hEvent=0xbe8) returned 1 [0149.365] SetEvent (hEvent=0xae8) returned 1 [0149.365] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0149.398] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) returned 0x0 [0149.559] SetEvent (hEvent=0xb20) returned 1 [0149.559] WaitForSingleObject (hHandle=0xbf0, dwMilliseconds=0xffffffff) Thread: id = 184 os_tid = 0xc84 [0142.249] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3dd3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3dd3fea0*=0x7fc) returned 1 [0142.249] VirtualQuery (in: lpAddress=0x3dd3fec0, lpBuffer=0x3dd3fec0, dwLength=0x30 | out: lpBuffer=0x3dd3fec0*(BaseAddress=0x3dd3f000, AllocationBase=0x3db40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.249] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snAEk-WZcVK4W.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\snaek-wzcvk4w.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x81c [0142.251] GetConsoleMode (in: hConsoleHandle=0x81c, lpMode=0xc000469cf4 | out: lpMode=0xc000469cf4) returned 0 [0142.252] GetFileType (hFile=0x81c) returned 0x1 [0142.252] GetFileType (hFile=0x81c) returned 0x1 [0142.252] GetFileInformationByHandle (in: hFile=0x81c, lpFileInformation=0xc000469d44 | out: lpFileInformation=0xc000469d44) returned 1 [0142.252] GetFileInformationByHandleEx (in: hFile=0x81c, FileInformationClass=0x9, lpFileInformation=0xc000469d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000469d28) returned 1 [0142.252] ReadFile (in: hFile=0x81c, lpBuffer=0xc00032ce00, nNumberOfBytesToRead=0x601, lpNumberOfBytesRead=0xc000469c04, lpOverlapped=0x0 | out: lpBuffer=0xc00032ce00*, lpNumberOfBytesRead=0xc000469c04*=0x401, lpOverlapped=0x0) returned 1 [0142.801] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbf8 [0142.801] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xbfc [0142.801] WaitForSingleObject (hHandle=0xbf8, dwMilliseconds=0xffffffff) returned 0x0 [0143.704] ReadFile (in: hFile=0x81c, lpBuffer=0xc00032d201, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000469c04, lpOverlapped=0x0 | out: lpBuffer=0xc00032d201*, lpNumberOfBytesRead=0xc000469c04*=0x0, lpOverlapped=0x0) returned 1 [0143.704] CloseHandle (hObject=0x81c) returned 1 [0143.704] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\snAEk-WZcVK4W.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\snaek-wzcvk4w.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6a4 [0143.746] WaitForSingleObject (hHandle=0xbf8, dwMilliseconds=0xffffffff) returned 0x0 [0144.580] GetConsoleMode (in: hConsoleHandle=0x6a4, lpMode=0xc000469d04 | out: lpMode=0xc000469d04) returned 0 [0144.581] SetEvent (hEvent=0x998) returned 1 [0144.581] WaitForSingleObject (hHandle=0xbf8, dwMilliseconds=0xffffffff) Thread: id = 185 os_tid = 0xc88 [0142.253] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3df3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3df3fea0*=0x824) returned 1 [0142.253] VirtualQuery (in: lpAddress=0x3df3fec0, lpBuffer=0x3df3fec0, dwLength=0x30 | out: lpBuffer=0x3df3fec0*(BaseAddress=0x3df3f000, AllocationBase=0x3dd40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.253] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\oNHryRMM0bAcl8 0.flv.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\onhryrmm0bacl8 0.flv.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x828 [0142.254] GetConsoleMode (in: hConsoleHandle=0x828, lpMode=0xc00045bcf4 | out: lpMode=0xc00045bcf4) returned 0 [0142.254] GetFileType (hFile=0x828) returned 0x1 [0142.255] GetFileType (hFile=0x828) returned 0x1 [0142.255] GetFileInformationByHandle (in: hFile=0x828, lpFileInformation=0xc00045bd44 | out: lpFileInformation=0xc00045bd44) returned 1 [0142.255] GetFileInformationByHandleEx (in: hFile=0x828, FileInformationClass=0x9, lpFileInformation=0xc00045bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00045bd28) returned 1 [0142.255] ReadFile (in: hFile=0x828, lpBuffer=0xc00060f300, nNumberOfBytesToRead=0x1110, lpNumberOfBytesRead=0xc00045bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00060f300*, lpNumberOfBytesRead=0xc00045bc04*=0xf10, lpOverlapped=0x0) returned 1 [0142.803] ReadFile (in: hFile=0x828, lpBuffer=0xc000610210, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00045bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000610210*, lpNumberOfBytesRead=0xc00045bc04*=0x0, lpOverlapped=0x0) returned 1 [0142.803] CloseHandle (hObject=0x828) returned 1 [0142.803] SetEvent (hEvent=0x304) returned 1 [0142.803] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x828 [0142.803] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x23c [0142.803] WaitForSingleObject (hHandle=0x828, dwMilliseconds=0xffffffff) returned 0x0 [0142.877] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0142.877] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x639ff80f, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Compressed (zipped) Folder.ZFSendToTarget", cAlternateFileName="COMPRE~1.ZFS")) returned 1 [0142.877] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb52ab9, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop (create shortcut).DeskLink", cAlternateFileName="DESKTO~1.DES")) returned 1 [0142.877] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d828fa3, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x22e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0142.877] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents.mydocs", cAlternateFileName="DOCUME~1.MYD")) returned 1 [0142.877] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d802e42, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fax Recipient.lnk", cAlternateFileName="FAXREC~1.LNK")) returned 1 [0142.877] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb9ed75, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mail Recipient.MAPIMail", cAlternateFileName="MAILRE~1.MAP")) returned 1 [0142.877] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0142.877] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0142.878] VirtualAlloc (lpAddress=0xc0007ac000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ac000 [0142.880] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Compressed (zipped) Folder.ZFSendToTarget" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\compressed (zipped) folder.zfsendtotarget"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x639ff80f, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x3)) returned 1 [0142.882] VirtualAlloc (lpAddress=0xc0007ae000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ae000 [0142.884] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop (create shortcut).DeskLink" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop (create shortcut).desklink"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb52ab9, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x7)) returned 1 [0142.991] WaitForSingleObject (hHandle=0x828, dwMilliseconds=0xffffffff) returned 0x0 [0144.194] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d828fa3, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x22e)) returned 1 [0144.195] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Documents.mydocs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\documents.mydocs"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf9b7c855, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0144.195] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Fax Recipient.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\fax recipient.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3d802e42, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4d6)) returned 1 [0144.195] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\Mail Recipient.MAPIMail" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\sendto\\mail recipient.mapimail"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3bb9ed75, ftLastWriteTime.dwHighDateTime=0x1c9ea0c, nFileSizeHigh=0x0, nFileSizeLow=0x4)) returned 1 [0144.195] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu"), fInfoLevelId=0x0, lpFileInformation=0xc00005b6a0 | out: lpFileInformation=0xc00005b6a0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0144.196] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0144.196] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\*", lpFindFileData=0xc00005b458 | out: lpFindFileData=0xc00005b458*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0144.196] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0144.196] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0144.196] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d7ae880, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 1 [0144.196] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b488 | out: lpFindFileData=0xc00005b488*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.196] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0144.196] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs"), fInfoLevelId=0x0, lpFileInformation=0xc00005b5c8 | out: lpFileInformation=0xc00005b5c8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d7ae880, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0144.196] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0144.196] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\*", lpFindFileData=0xc00005b380 | out: lpFindFileData=0xc00005b380*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d7ae880, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0144.197] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d7ae880, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0144.197] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessories", cAlternateFileName="ACCESS~1")) returned 1 [0144.197] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrative Tools", cAlternateFileName="ADMINI~1")) returned 1 [0144.197] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0144.197] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x58b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer (64-bit).lnk", cAlternateFileName="INTERN~2.LNK")) returned 1 [0144.197] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2d7ae880, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x5ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer.lnk", cAlternateFileName="INTERN~1.LNK")) returned 1 [0144.197] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7e05e94e, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Maintenance", cAlternateFileName="MAINTE~1")) returned 1 [0144.197] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Startup", cAlternateFileName="")) returned 1 [0144.197] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b3b0 | out: lpFindFileData=0xc00005b3b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.197] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0144.197] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories"), fInfoLevelId=0x0, lpFileInformation=0xc00005b4f0 | out: lpFileInformation=0xc00005b4f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0144.197] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0144.197] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\*", lpFindFileData=0xc00005b2a8 | out: lpFindFileData=0xc00005b2a8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0144.198] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0144.198] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Accessibility", cAlternateFileName="ACCESS~1")) returned 1 [0144.198] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2a53d8cd, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x500, dwReserved0=0x0, dwReserved1=0x0, cFileName="Command Prompt.lnk", cAlternateFileName="COMMAN~1.LNK")) returned 1 [0144.198] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d76088a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0144.198] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d73a72a, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x518, dwReserved0=0x0, dwReserved1=0x0, cFileName="Notepad.lnk", cAlternateFileName="")) returned 1 [0144.198] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfec52d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x106, dwReserved0=0x0, dwReserved1=0x0, cFileName="Run.lnk", cAlternateFileName="")) returned 1 [0144.198] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d7ae880, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Tools", cAlternateFileName="SYSTEM~1")) returned 1 [0144.198] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x7dfa026d, ftLastWriteTime.dwHighDateTime=0x1ca043e, nFileSizeHigh=0x0, nFileSizeLow=0x4cc, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Explorer.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0144.198] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b2d8 | out: lpFindFileData=0xc00005b2d8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.198] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0144.198] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility"), fInfoLevelId=0x0, lpFileInformation=0xc00005b418 | out: lpFileInformation=0xc00005b418*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0144.198] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0144.198] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\*", lpFindFileData=0xc00005b1d0 | out: lpFindFileData=0xc00005b1d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x7b4140 [0144.199] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28dbdd20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0144.199] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.ini", cAlternateFileName="")) returned 1 [0144.199] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1ab4d101, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x54e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ease of Access.lnk", cAlternateFileName="EASEOF~1.LNK")) returned 1 [0144.199] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1a98407e, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="Magnify.lnk", cAlternateFileName="")) returned 1 [0144.199] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b733f17, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="Narrator.lnk", cAlternateFileName="")) returned 1 [0144.199] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1aa4275f, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x4e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="On-Screen Keyboard.lnk", cAlternateFileName="ON-SCR~1.LNK")) returned 1 [0144.199] FindNextFileW (in: hFindFile=0x7b4140, lpFindFileData=0xc00005b200 | out: lpFindFileData=0xc00005b200*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0144.199] FindClose (in: hFindFile=0x7b4140 | out: hFindFile=0x7b4140) returned 1 [0144.199] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0xc00005b340 | out: lpFileInformation=0xc00005b340*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d97bc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d97bc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1b75a077, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2c0)) returned 1 [0144.199] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Ease of Access.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\ease of access.lnk"), fInfoLevelId=0x0, lpFileInformation=0xc00005b340 | out: lpFileInformation=0xc00005b340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d71a60, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x1ab4d101, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x54e)) returned 1 [0144.211] WaitForSingleObject (hHandle=0x828, dwMilliseconds=0xffffffff) returned 0x0 [0144.581] SetEvent (hEvent=0x908) returned 1 [0144.581] WaitForSingleObject (hHandle=0x828, dwMilliseconds=0xffffffff) Thread: id = 186 os_tid = 0xc8c [0142.258] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3e13fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3e13fea0*=0x82c) returned 1 [0142.258] VirtualQuery (in: lpAddress=0x3e13fec0, lpBuffer=0x3e13fec0, dwLength=0x30 | out: lpBuffer=0x3e13fec0*(BaseAddress=0x3e13f000, AllocationBase=0x3df40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.258] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vn4CibFz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vn4cibfz.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x830 [0142.259] GetConsoleMode (in: hConsoleHandle=0x830, lpMode=0xc000483cf4 | out: lpMode=0xc000483cf4) returned 0 [0142.260] GetFileType (hFile=0x830) returned 0x1 [0142.260] GetFileType (hFile=0x830) returned 0x1 [0142.260] GetFileInformationByHandle (in: hFile=0x830, lpFileInformation=0xc000483d44 | out: lpFileInformation=0xc000483d44) returned 1 [0142.260] GetFileInformationByHandleEx (in: hFile=0x830, FileInformationClass=0x9, lpFileInformation=0xc000483d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000483d28) returned 1 [0142.260] ReadFile (in: hFile=0x830, lpBuffer=0xc0002b8400, nNumberOfBytesToRead=0xb91, lpNumberOfBytesRead=0xc000483c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b8400*, lpNumberOfBytesRead=0xc000483c04*=0x991, lpOverlapped=0x0) returned 1 [0142.805] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc04 [0142.805] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc08 [0142.805] WaitForSingleObject (hHandle=0xc04, dwMilliseconds=0xffffffff) returned 0x0 [0143.733] ReadFile (in: hFile=0x830, lpBuffer=0xc0002b8d91, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000483c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002b8d91*, lpNumberOfBytesRead=0xc000483c04*=0x0, lpOverlapped=0x0) returned 1 [0143.733] CloseHandle (hObject=0x830) returned 1 [0143.733] VirtualAlloc (lpAddress=0xc000774000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000774000 [0143.735] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vn4CibFz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vn4cibfz.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x838 [0143.748] WaitForSingleObject (hHandle=0xc04, dwMilliseconds=0xffffffff) returned 0x0 [0144.582] GetConsoleMode (in: hConsoleHandle=0x838, lpMode=0xc000483d04 | out: lpMode=0xc000483d04) returned 0 [0144.583] WaitForSingleObject (hHandle=0xc04, dwMilliseconds=0xffffffff) returned 0x0 [0145.338] GetFileType (hFile=0x838) returned 0x1 [0145.338] WriteFile (in: hFile=0x838, lpBuffer=0xc000774000*, nNumberOfBytesToWrite=0x9a0, lpNumberOfBytesWritten=0xc000483cec, lpOverlapped=0x0 | out: lpBuffer=0xc000774000*, lpNumberOfBytesWritten=0xc000483cec*=0x9a0, lpOverlapped=0x0) returned 1 [0145.339] CloseHandle (hObject=0x838) returned 1 [0145.342] WaitForSingleObject (hHandle=0xc04, dwMilliseconds=0xffffffff) returned 0x0 [0145.881] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0145.881] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vn4CibFz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vn4cibfz.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3fc [0145.881] GetConsoleMode (in: hConsoleHandle=0x3fc, lpMode=0xc000483d64 | out: lpMode=0xc000483d64) returned 0 [0145.882] GetFileType (hFile=0x3fc) returned 0x1 [0145.882] VirtualAlloc (lpAddress=0xc000160000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000160000 [0145.883] WriteFile (in: hFile=0x3fc, lpBuffer=0xc0000d6dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000483d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6dc0*, lpNumberOfBytesWritten=0xc000483d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.884] CloseHandle (hObject=0x3fc) returned 1 [0145.896] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vn4CibFz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vn4cibfz.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-vn4CibFz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-vn4cibfz.lnk"), dwFlags=0x1) returned 1 [0150.683] WaitForSingleObject (hHandle=0xc04, dwMilliseconds=0xffffffff) returned 0x0 [0151.202] SetEvent (hEvent=0xb50) returned 1 [0151.202] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\H8Eiq3-yxnk9.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\h8eiq3-yxnk9.ots"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x848 [0151.202] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc0002d9cf4 | out: lpMode=0xc0002d9cf4) returned 0 [0151.217] GetFileType (hFile=0x848) returned 0x1 [0151.217] GetFileType (hFile=0x848) returned 0x1 [0151.217] GetFileInformationByHandle (in: hFile=0x848, lpFileInformation=0xc0002d9d44 | out: lpFileInformation=0xc0002d9d44) returned 1 [0151.217] GetFileInformationByHandleEx (in: hFile=0x848, FileInformationClass=0x9, lpFileInformation=0xc0002d9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d9d28) returned 1 [0151.217] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0151.218] VirtualAlloc (lpAddress=0xc000346000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000346000 [0151.222] ReadFile (in: hFile=0x848, lpBuffer=0xc000346000, nNumberOfBytesToRead=0x10d97, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000346000*, lpNumberOfBytesRead=0xc0002d9c04*=0x10b97, lpOverlapped=0x0) returned 1 [0151.224] ReadFile (in: hFile=0x848, lpBuffer=0xc000356b97, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000356b97*, lpNumberOfBytesRead=0xc0002d9c04*=0x0, lpOverlapped=0x0) returned 1 [0151.224] CloseHandle (hObject=0x848) returned 1 [0151.224] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0151.225] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0151.227] VirtualAlloc (lpAddress=0xc000358000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000358000 [0151.230] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\H8Eiq3-yxnk9.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\h8eiq3-yxnk9.ots"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0151.232] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc0002d9d04 | out: lpMode=0xc0002d9d04) returned 0 [0151.241] GetFileType (hFile=0x848) returned 0x1 [0151.241] WriteFile (in: hFile=0x848, lpBuffer=0xc000358000*, nNumberOfBytesToWrite=0x10ba0, lpNumberOfBytesWritten=0xc0002d9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000358000*, lpNumberOfBytesWritten=0xc0002d9cec*=0x10ba0, lpOverlapped=0x0) returned 1 [0151.243] CloseHandle (hObject=0x848) returned 1 [0151.243] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0151.243] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\H8Eiq3-yxnk9.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\h8eiq3-yxnk9.ots"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0151.244] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc0002d9d64 | out: lpMode=0xc0002d9d64) returned 0 [0151.246] WaitForSingleObject (hHandle=0xc04, dwMilliseconds=0xffffffff) returned 0x0 [0151.765] GetFileType (hFile=0x848) returned 0x1 [0151.765] WriteFile (in: hFile=0x848, lpBuffer=0xc000104840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104840*, lpNumberOfBytesWritten=0xc0002d9d4c*=0x158, lpOverlapped=0x0) returned 1 [0151.765] CloseHandle (hObject=0x848) returned 1 [0151.765] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\H8Eiq3-yxnk9.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\h8eiq3-yxnk9.ots"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\encry-H8Eiq3-yxnk9.ots" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\encry-h8eiq3-yxnk9.ots"), dwFlags=0x1) returned 1 [0151.767] SetEvent (hEvent=0xb80) returned 1 [0151.767] WaitForSingleObject (hHandle=0xc04, dwMilliseconds=0xffffffff) returned 0x0 [0161.533] WaitForSingleObject (hHandle=0xc04, dwMilliseconds=0xffffffff) returned 0x0 [0161.535] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc438*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00041d818, lpReserved=0x0 | out: lpBuffer=0xc0000bc438*, lpNumberOfCharsWritten=0xc00041d818*=0x4) returned 1 [0161.535] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc490*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00040b818, lpReserved=0x0 | out: lpBuffer=0xc0000bc490*, lpNumberOfCharsWritten=0xc00040b818*=0x4) returned 1 [0161.536] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc498*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001ab818, lpReserved=0x0 | out: lpBuffer=0xc0000bc498*, lpNumberOfCharsWritten=0xc0001ab818*=0x4) returned 1 [0161.538] SetEvent (hEvent=0x960) returned 1 [0161.538] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc4a0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000065818, lpReserved=0x0 | out: lpBuffer=0xc0000bc4a0*, lpNumberOfCharsWritten=0xc000065818*=0x4) returned 1 [0161.539] SetEvent (hEvent=0x960) returned 1 [0161.539] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc4a8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000179818, lpReserved=0x0 | out: lpBuffer=0xc0000bc4a8*, lpNumberOfCharsWritten=0xc000179818*=0x4) returned 1 [0161.540] SetEvent (hEvent=0x960) returned 1 [0161.540] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc4b0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000063818, lpReserved=0x0 | out: lpBuffer=0xc0000bc4b0*, lpNumberOfCharsWritten=0xc000063818*=0x4) returned 1 [0161.541] SetEvent (hEvent=0x960) returned 1 [0161.541] VirtualAlloc (lpAddress=0xc000214000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000214000 [0161.542] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc4b8*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018d818, lpReserved=0x0 | out: lpBuffer=0xc0000bc4b8*, lpNumberOfCharsWritten=0xc00018d818*=0x3) returned 1 [0161.543] SetEvent (hEvent=0x960) returned 1 [0161.543] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc4c0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001f5818, lpReserved=0x0 | out: lpBuffer=0xc0000bc4c0*, lpNumberOfCharsWritten=0xc0001f5818*=0x4) returned 1 [0161.544] SetEvent (hEvent=0x960) returned 1 [0161.544] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc4c8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000411818, lpReserved=0x0 | out: lpBuffer=0xc0000bc4c8*, lpNumberOfCharsWritten=0xc000411818*=0x4) returned 1 [0161.545] SetEvent (hEvent=0x960) returned 1 [0161.545] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc4d0*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00040d818, lpReserved=0x0 | out: lpBuffer=0xc0000bc4d0*, lpNumberOfCharsWritten=0xc00040d818*=0x4) returned 1 [0161.547] SetEvent (hEvent=0x960) returned 1 [0161.547] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc4d8*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00038b818, lpReserved=0x0 | out: lpBuffer=0xc0000bc4d8*, lpNumberOfCharsWritten=0xc00038b818*=0x4) returned 1 [0161.548] SetEvent (hEvent=0x960) returned 1 [0161.548] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000168240*, nNumberOfCharsToWrite=0x85, lpNumberOfCharsWritten=0xc00018b808, lpReserved=0x0 | out: lpBuffer=0xc000168240*, lpNumberOfCharsWritten=0xc00018b808*=0x85) returned 1 [0161.549] SetEvent (hEvent=0x960) returned 1 [0161.549] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0161.549] VirtualAlloc (lpAddress=0xc000216000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000216000 [0161.551] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0161.552] VirtualAlloc (lpAddress=0xc00021a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00021a000 [0161.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\main.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\main.exe"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x750 [0162.104] GetConsoleMode (in: hConsoleHandle=0x750, lpMode=0xc00018bd64 | out: lpMode=0xc00018bd64) returned 0 [0162.415] WaitForSingleObject (hHandle=0xc04, dwMilliseconds=0xffffffff) returned 0x0 [0162.585] SetEvent (hEvent=0xb80) returned 1 [0162.585] WaitForSingleObject (hHandle=0xc04, dwMilliseconds=0xffffffff) returned 0x0 [0163.679] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000fa200*, nNumberOfCharsToWrite=0x40, lpNumberOfCharsWritten=0xc0004ad808, lpReserved=0x0 | out: lpBuffer=0xc0000fa200*, lpNumberOfCharsWritten=0xc0004ad808*=0x40) returned 1 [0163.679] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3501 | out: pbBuffer=0xc0001c3501) returned 1 [0163.679] VirtualAlloc (lpAddress=0xc0001b0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b0000 [0163.681] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\templates"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0166.386] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0166.387] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0166.388] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Templates\\*", lpFindFileData=0xc0004ada68 | out: lpFindFileData=0xc0004ada68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0166.388] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0004ad720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0166.388] WaitForSingleObject (hHandle=0xc04, dwMilliseconds=0xffffffff) Thread: id = 187 os_tid = 0xc90 [0142.261] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3e33fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3e33fea0*=0x834) returned 1 [0142.261] VirtualQuery (in: lpAddress=0x3e33fec0, lpBuffer=0x3e33fec0, dwLength=0x30 | out: lpBuffer=0x3e33fec0*(BaseAddress=0x3e33f000, AllocationBase=0x3e140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.261] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q7uHgHX5.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\q7uhghx5.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x838 [0142.262] GetConsoleMode (in: hConsoleHandle=0x838, lpMode=0xc000465cf4 | out: lpMode=0xc000465cf4) returned 0 [0142.263] GetFileType (hFile=0x838) returned 0x1 [0142.263] VirtualAlloc (lpAddress=0xc00053c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00053c000 [0142.264] GetFileType (hFile=0x838) returned 0x1 [0142.265] GetFileInformationByHandle (in: hFile=0x838, lpFileInformation=0xc000465d44 | out: lpFileInformation=0xc000465d44) returned 1 [0142.265] GetFileInformationByHandleEx (in: hFile=0x838, FileInformationClass=0x9, lpFileInformation=0xc000465d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000465d28) returned 1 [0142.265] VirtualAlloc (lpAddress=0xc00070a000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00070a000 [0142.266] ReadFile (in: hFile=0x838, lpBuffer=0xc00070a000, nNumberOfBytesToRead=0xb91, lpNumberOfBytesRead=0xc000465c04, lpOverlapped=0x0 | out: lpBuffer=0xc00070a000*, lpNumberOfBytesRead=0xc000465c04*=0x991, lpOverlapped=0x0) returned 1 [0142.806] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc0c [0142.806] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc10 [0142.806] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0143.741] ReadFile (in: hFile=0x838, lpBuffer=0xc00070a991, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000465c04, lpOverlapped=0x0 | out: lpBuffer=0xc00070a991*, lpNumberOfBytesRead=0xc000465c04*=0x0, lpOverlapped=0x0) returned 1 [0143.741] CloseHandle (hObject=0x838) returned 1 [0143.741] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q7uHgHX5.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\q7uhghx5.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0143.773] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0144.612] SetEvent (hEvent=0xc6c) returned 1 [0144.613] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000465d04 | out: lpMode=0xc000465d04) returned 0 [0144.614] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0145.279] GetFileType (hFile=0x36c) returned 0x1 [0145.279] WriteFile (in: hFile=0x36c, lpBuffer=0xc000774a80*, nNumberOfBytesToWrite=0x9a0, lpNumberOfBytesWritten=0xc000465cec, lpOverlapped=0x0 | out: lpBuffer=0xc000774a80*, lpNumberOfBytesWritten=0xc000465cec*=0x9a0, lpOverlapped=0x0) returned 1 [0145.280] CloseHandle (hObject=0x36c) returned 1 [0145.309] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0145.309] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0145.310] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0145.311] VirtualAlloc (lpAddress=0xc000236000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000236000 [0145.312] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0145.314] VirtualAlloc (lpAddress=0xc00006c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00006c000 [0145.315] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q7uHgHX5.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\q7uhghx5.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0145.315] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc000465d64 | out: lpMode=0xc000465d64) returned 0 [0145.319] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0145.628] SetEvent (hEvent=0x8f8) returned 1 [0145.629] GetFileType (hFile=0x36c) returned 0x1 [0145.629] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0146.136] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0146.137] WriteFile (in: hFile=0x36c, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000465d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000465d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.138] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0146.414] SetEvent (hEvent=0xc0) returned 1 [0146.414] CloseHandle (hObject=0x36c) returned 1 [0146.417] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0146.461] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\q7uHgHX5.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\q7uhghx5.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-q7uHgHX5.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-q7uhghx5.lnk"), dwFlags=0x1) returned 1 [0150.657] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0161.818] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0161.819] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc600*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000519818, lpReserved=0x0 | out: lpBuffer=0xc0000bc600*, lpNumberOfCharsWritten=0xc000519818*=0x4) returned 1 [0161.820] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc608*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000503818, lpReserved=0x0 | out: lpBuffer=0xc0000bc608*, lpNumberOfCharsWritten=0xc000503818*=0x4) returned 1 [0161.821] SetEvent (hEvent=0xa08) returned 1 [0161.821] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc610*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000501818, lpReserved=0x0 | out: lpBuffer=0xc0000bc610*, lpNumberOfCharsWritten=0xc000501818*=0x4) returned 1 [0161.822] SetEvent (hEvent=0xa08) returned 1 [0161.822] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc618*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0001fd818, lpReserved=0x0 | out: lpBuffer=0xc0000bc618*, lpNumberOfCharsWritten=0xc0001fd818*=0x4) returned 1 [0161.823] SetEvent (hEvent=0xa08) returned 1 [0161.823] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc620*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000c3818, lpReserved=0x0 | out: lpBuffer=0xc0000bc620*, lpNumberOfCharsWritten=0xc0000c3818*=0x4) returned 1 [0161.824] SetEvent (hEvent=0xa08) returned 1 [0161.825] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc628*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0002f3818, lpReserved=0x0 | out: lpBuffer=0xc0000bc628*, lpNumberOfCharsWritten=0xc0002f3818*=0x4) returned 1 [0161.826] SetEvent (hEvent=0xa08) returned 1 [0161.826] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc630*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000305818, lpReserved=0x0 | out: lpBuffer=0xc0000bc630*, lpNumberOfCharsWritten=0xc000305818*=0x4) returned 1 [0161.827] SetEvent (hEvent=0xa08) returned 1 [0161.827] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc638*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000307818, lpReserved=0x0 | out: lpBuffer=0xc0000bc638*, lpNumberOfCharsWritten=0xc000307818*=0x4) returned 1 [0161.828] SetEvent (hEvent=0xa08) returned 1 [0161.828] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc640*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000303818, lpReserved=0x0 | out: lpBuffer=0xc0000bc640*, lpNumberOfCharsWritten=0xc000303818*=0x4) returned 1 [0161.829] SetEvent (hEvent=0xa08) returned 1 [0161.829] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc648*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000317818, lpReserved=0x0 | out: lpBuffer=0xc0000bc648*, lpNumberOfCharsWritten=0xc000317818*=0x4) returned 1 [0161.830] SetEvent (hEvent=0xa08) returned 1 [0161.830] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc650*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000315818, lpReserved=0x0 | out: lpBuffer=0xc0000bc650*, lpNumberOfCharsWritten=0xc000315818*=0x4) returned 1 [0161.831] SetEvent (hEvent=0xa08) returned 1 [0161.831] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc658*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00032f818, lpReserved=0x0 | out: lpBuffer=0xc0000bc658*, lpNumberOfCharsWritten=0xc00032f818*=0x4) returned 1 [0161.832] SetEvent (hEvent=0xa08) returned 1 [0161.832] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc660*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000311818, lpReserved=0x0 | out: lpBuffer=0xc0000bc660*, lpNumberOfCharsWritten=0xc000311818*=0x4) returned 1 [0161.833] SetEvent (hEvent=0xa08) returned 1 [0161.833] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc668*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000f9818, lpReserved=0x0 | out: lpBuffer=0xc0000bc668*, lpNumberOfCharsWritten=0xc0000f9818*=0x4) returned 1 [0161.834] SetEvent (hEvent=0xa08) returned 1 [0161.834] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00007c1b0*, nNumberOfCharsToWrite=0x48, lpNumberOfCharsWritten=0xc000401808, lpReserved=0x0 | out: lpBuffer=0xc00007c1b0*, lpNumberOfCharsWritten=0xc000401808*=0x48) returned 1 [0161.835] SetEvent (hEvent=0xa08) returned 1 [0161.835] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3301 | out: pbBuffer=0xc0001c3301) returned 1 [0161.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x710 [0162.041] GetConsoleMode (in: hConsoleHandle=0x710, lpMode=0xc000401d64 | out: lpMode=0xc000401d64) returned 0 [0162.397] GetFileType (hFile=0x710) returned 0x1 [0162.398] WriteFile (in: hFile=0x710, lpBuffer=0xc0003182c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000401d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0003182c0*, lpNumberOfBytesWritten=0xc000401d4c*=0x158, lpOverlapped=0x0) returned 1 [0162.398] CloseHandle (hObject=0x710) returned 1 [0162.398] VirtualAlloc (lpAddress=0xc000250000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000250000 [0162.400] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0162.401] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0162.402] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0162.404] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe30*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0162.409] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe30*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0162.425] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe30*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0162.433] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f698, ulCount=0x10, ulNumEntriesRemoved=0x3e33f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f698, ulNumEntriesRemoved=0x3e33f66c) returned 0 [0162.434] SwitchToThread () returned 1 [0162.435] SetEvent (hEvent=0xae0) returned 1 [0162.437] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe08*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0162.602] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe08*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0162.610] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0162.610] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e33f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f6a0, ulNumEntriesRemoved=0x3e33f674) returned 0 [0162.610] SetEvent (hEvent=0xa8) returned 1 [0162.610] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe18*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0162.701] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0162.701] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe30*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0162.703] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0162.703] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f698, ulCount=0x10, ulNumEntriesRemoved=0x3e33f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f698, ulNumEntriesRemoved=0x3e33f66c) returned 0 [0162.703] SetEvent (hEvent=0xc0) returned 1 [0162.703] SetEvent (hEvent=0xae0) returned 1 [0162.703] SetEvent (hEvent=0xb58) returned 1 [0162.737] GetFileType (hFile=0x494) returned 0x1 [0162.737] GetFileType (hFile=0x494) returned 0x1 [0162.738] GetFileInformationByHandle (in: hFile=0x494, lpFileInformation=0xc00015bd44 | out: lpFileInformation=0xc00015bd44) returned 1 [0162.738] GetFileInformationByHandleEx (in: hFile=0x494, FileInformationClass=0x9, lpFileInformation=0xc00015bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015bd28) returned 1 [0162.738] VirtualAlloc (lpAddress=0xc00027e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027e000 [0162.739] VirtualAlloc (lpAddress=0xc000638000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000638000 [0162.743] ReadFile (in: hFile=0x494, lpBuffer=0xc000638000, nNumberOfBytesToRead=0xfc88, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000638000*, lpNumberOfBytesRead=0xc00015bc04*=0xfa88, lpOverlapped=0x0) returned 1 [0162.745] ReadFile (in: hFile=0x494, lpBuffer=0xc000647a88, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015bc04, lpOverlapped=0x0 | out: lpBuffer=0xc000647a88*, lpNumberOfBytesRead=0xc00015bc04*=0x0, lpOverlapped=0x0) returned 1 [0162.745] CloseHandle (hObject=0x494) returned 1 [0162.745] VirtualAlloc (lpAddress=0xc000660000, dwSize=0x10000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000660000 [0162.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\IsNsA90uev.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\isnsa90uev.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494 [0162.752] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc00015bd04 | out: lpMode=0xc00015bd04) returned 0 [0162.914] GetFileType (hFile=0x494) returned 0x1 [0162.914] WriteFile (in: hFile=0x494, lpBuffer=0xc000660000*, nNumberOfBytesToWrite=0xfa90, lpNumberOfBytesWritten=0xc00015bcec, lpOverlapped=0x0 | out: lpBuffer=0xc000660000*, lpNumberOfBytesWritten=0xc00015bcec*=0xfa90, lpOverlapped=0x0) returned 1 [0162.918] CloseHandle (hObject=0x494) returned 1 [0162.918] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0162.918] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0162.920] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0162.921] VirtualAlloc (lpAddress=0xc00004c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00004c000 [0162.922] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\IsNsA90uev.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\isnsa90uev.wav"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x494 [0162.923] GetConsoleMode (in: hConsoleHandle=0x494, lpMode=0xc00015bd64 | out: lpMode=0xc00015bd64) returned 0 [0162.926] GetFileType (hFile=0x494) returned 0x1 [0162.926] WriteFile (in: hFile=0x494, lpBuffer=0xc00002c9a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc00002c9a0*, lpNumberOfBytesWritten=0xc00015bd4c*=0x158, lpOverlapped=0x0) returned 1 [0162.926] CloseHandle (hObject=0x494) returned 1 [0162.926] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\IsNsA90uev.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\isnsa90uev.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\XOJvpFkLvx0P7joh8C\\encry-IsNsA90uev.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xojvpfklvx0p7joh8c\\encry-isnsa90uev.wav"), dwFlags=0x1) returned 1 [0162.928] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0162.936] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0162.938] SetEvent (hEvent=0xb58) returned 1 [0162.938] SetEvent (hEvent=0xae0) returned 1 [0162.938] VirtualFree (lpAddress=0xc00070c000, dwSize=0x42000, dwFreeType=0x4000) returned 1 [0162.941] VirtualFree (lpAddress=0xc0006b4000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0162.943] VirtualFree (lpAddress=0xc000680000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0162.944] VirtualFree (lpAddress=0xc000604000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0162.948] VirtualFree (lpAddress=0xc0005d6000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0162.949] VirtualFree (lpAddress=0xc000336000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.950] VirtualFree (lpAddress=0xc000296000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.951] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0162.952] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.952] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.953] VirtualFree (lpAddress=0xc0000a2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0162.954] GetFileType (hFile=0x3fc) returned 0x1 [0162.954] GetFileType (hFile=0x3fc) returned 0x1 [0162.954] GetFileInformationByHandle (in: hFile=0x3fc, lpFileInformation=0xc0004b9d44 | out: lpFileInformation=0xc0004b9d44) returned 1 [0162.954] GetFileInformationByHandleEx (in: hFile=0x3fc, FileInformationClass=0x9, lpFileInformation=0xc0004b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0004b9d28) returned 1 [0162.954] VirtualAlloc (lpAddress=0xc000604000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000604000 [0162.959] ReadFile (in: hFile=0x3fc, lpBuffer=0xc000604000, nNumberOfBytesToRead=0x148b8, lpNumberOfBytesRead=0xc0004b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc000604000*, lpNumberOfBytesRead=0xc0004b9c04*=0x146b8, lpOverlapped=0x0) returned 1 [0162.962] ReadFile (in: hFile=0x3fc, lpBuffer=0xc0006186b8, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0004b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006186b8*, lpNumberOfBytesRead=0xc0004b9c04*=0x0, lpOverlapped=0x0) returned 1 [0162.962] CloseHandle (hObject=0x3fc) returned 1 [0162.962] VirtualAlloc (lpAddress=0xc00070c000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00070c000 [0162.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\7oLC2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\7olc2.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3fc [0162.969] GetConsoleMode (in: hConsoleHandle=0x3fc, lpMode=0xc0004b9d04 | out: lpMode=0xc0004b9d04) returned 0 [0162.971] GetFileType (hFile=0x3fc) returned 0x1 [0162.971] WriteFile (in: hFile=0x3fc, lpBuffer=0xc00070c000*, nNumberOfBytesToWrite=0x146c0, lpNumberOfBytesWritten=0xc0004b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc00070c000*, lpNumberOfBytesWritten=0xc0004b9cec*=0x146c0, lpOverlapped=0x0) returned 1 [0162.975] CloseHandle (hObject=0x3fc) returned 1 [0162.976] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0162.976] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\7oLC2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\7olc2.avi"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3fc [0162.976] GetConsoleMode (in: hConsoleHandle=0x3fc, lpMode=0xc0004b9d64 | out: lpMode=0xc0004b9d64) returned 0 [0163.009] GetFileType (hFile=0x3fc) returned 0x1 [0163.009] WriteFile (in: hFile=0x3fc, lpBuffer=0xc000120840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000120840*, lpNumberOfBytesWritten=0xc0004b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0163.010] CloseHandle (hObject=0x3fc) returned 1 [0163.010] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\7oLC2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\7olc2.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\r8d4hNszM\\encry-7oLC2.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\r8d4hnszm\\encry-7olc2.avi"), dwFlags=0x1) returned 1 [0163.012] GetFileType (hFile=0x644) returned 0x1 [0163.012] GetFileType (hFile=0x644) returned 0x1 [0163.012] GetFileInformationByHandle (in: hFile=0x644, lpFileInformation=0xc0002d1d44 | out: lpFileInformation=0xc0002d1d44) returned 1 [0163.012] GetFileInformationByHandleEx (in: hFile=0x644, FileInformationClass=0x9, lpFileInformation=0xc0002d1d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d1d28) returned 1 [0163.013] VirtualAlloc (lpAddress=0xc0000c0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000c0000 [0163.014] ReadFile (in: hFile=0x644, lpBuffer=0xc0000c0000, nNumberOfBytesToRead=0x706f, lpNumberOfBytesRead=0xc0002d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000c0000*, lpNumberOfBytesRead=0xc0002d1c04*=0x6e6f, lpOverlapped=0x0) returned 1 [0163.017] ReadFile (in: hFile=0x644, lpBuffer=0xc0000c6e6f, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d1c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000c6e6f*, lpNumberOfBytesRead=0xc0002d1c04*=0x0, lpOverlapped=0x0) returned 1 [0163.017] CloseHandle (hObject=0x644) returned 1 [0163.017] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\WCcPCD-tittU.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\wccpcd-tittu.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x644 [0163.019] GetConsoleMode (in: hConsoleHandle=0x644, lpMode=0xc0002d1d04 | out: lpMode=0xc0002d1d04) returned 0 [0163.031] GetFileType (hFile=0x644) returned 0x1 [0163.031] WriteFile (in: hFile=0x644, lpBuffer=0xc000573000*, nNumberOfBytesToWrite=0x6e70, lpNumberOfBytesWritten=0xc0002d1cec, lpOverlapped=0x0 | out: lpBuffer=0xc000573000*, lpNumberOfBytesWritten=0xc0002d1cec*=0x6e70, lpOverlapped=0x0) returned 1 [0163.034] CloseHandle (hObject=0x644) returned 1 [0163.034] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533701 | out: pbBuffer=0xc000533701) returned 1 [0163.034] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0163.035] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\WCcPCD-tittU.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\wccpcd-tittu.wav"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x644 [0163.035] GetConsoleMode (in: hConsoleHandle=0x644, lpMode=0xc0002d1d64 | out: lpMode=0xc0002d1d64) returned 0 [0163.094] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0163.114] GetFileType (hFile=0x644) returned 0x1 [0163.114] WriteFile (in: hFile=0x644, lpBuffer=0xc00002cf20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00002cf20*, lpNumberOfBytesWritten=0xc0002d1d4c*=0x158, lpOverlapped=0x0) returned 1 [0163.114] CloseHandle (hObject=0x644) returned 1 [0163.114] VirtualAlloc (lpAddress=0xc0000a4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a4000 [0163.116] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0163.119] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\WCcPCD-tittU.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\wccpcd-tittu.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\encry-WCcPCD-tittU.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\encry-wccpcd-tittu.wav"), dwFlags=0x1) returned 1 [0163.121] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe30*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.123] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f698, ulCount=0x10, ulNumEntriesRemoved=0x3e33f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f698, ulNumEntriesRemoved=0x3e33f66c) returned 0 [0163.123] SetEvent (hEvent=0xc0) returned 1 [0163.123] SetEvent (hEvent=0x254) returned 1 [0163.124] SetEvent (hEvent=0xb58) returned 1 [0163.124] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0163.127] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe08*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.132] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe08*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0163.184] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0163.184] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe30*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0163.185] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0163.185] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e33f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f6a0, ulNumEntriesRemoved=0x3e33f674) returned 0 [0163.186] SetEvent (hEvent=0xc0) returned 1 [0163.186] SetEvent (hEvent=0xae0) returned 1 [0163.186] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe18*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0163.278] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0163.278] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe30*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.280] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f698, ulCount=0x10, ulNumEntriesRemoved=0x3e33f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f698, ulNumEntriesRemoved=0x3e33f66c) returned 0 [0163.280] SetEvent (hEvent=0xc0) returned 1 [0163.280] SetEvent (hEvent=0x254) returned 1 [0163.280] SetEvent (hEvent=0x8d0) returned 1 [0163.280] VirtualAlloc (lpAddress=0xc0000c0000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000c0000 [0163.283] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe08*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.287] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe08*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.289] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e33f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f6a0, ulNumEntriesRemoved=0x3e33f674) returned 0 [0163.289] SetEvent (hEvent=0xa8) returned 1 [0163.289] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe18*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.316] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe30*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.317] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f698, ulCount=0x10, ulNumEntriesRemoved=0x3e33f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f698, ulNumEntriesRemoved=0x3e33f66c) returned 0 [0163.317] SetEvent (hEvent=0xc0) returned 1 [0163.317] SetEvent (hEvent=0x8d0) returned 1 [0163.317] SetEvent (hEvent=0x254) returned 1 [0163.318] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe08*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.325] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe08*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.332] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e33f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f6a0, ulNumEntriesRemoved=0x3e33f674) returned 0 [0163.332] SetEvent (hEvent=0xa8) returned 1 [0163.332] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe18*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0163.352] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0163.352] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe30*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0163.355] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0163.355] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f698, ulCount=0x10, ulNumEntriesRemoved=0x3e33f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f698, ulNumEntriesRemoved=0x3e33f66c) returned 0 [0163.355] SetEvent (hEvent=0xc0) returned 1 [0163.356] SetEvent (hEvent=0x8d0) returned 1 [0163.356] SetEvent (hEvent=0x254) returned 1 [0163.357] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe08*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.364] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe08*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.368] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e33f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f6a0, ulNumEntriesRemoved=0x3e33f674) returned 0 [0163.369] SetEvent (hEvent=0xa8) returned 1 [0163.369] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe18*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0163.381] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0163.381] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe30*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.385] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f698, ulCount=0x10, ulNumEntriesRemoved=0x3e33f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f698, ulNumEntriesRemoved=0x3e33f66c) returned 0 [0163.385] SetEvent (hEvent=0xc0) returned 1 [0163.385] SetEvent (hEvent=0x8d0) returned 1 [0163.385] SetEvent (hEvent=0x254) returned 1 [0163.386] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe08*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.391] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe08*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.391] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e33f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f6a0, ulNumEntriesRemoved=0x3e33f674) returned 0 [0163.391] SetEvent (hEvent=0x8d0) returned 1 [0163.392] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe18*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.418] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe30*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.422] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f698, ulCount=0x10, ulNumEntriesRemoved=0x3e33f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f698, ulNumEntriesRemoved=0x3e33f66c) returned 0 [0163.422] SetEvent (hEvent=0xc0) returned 1 [0163.422] SetEvent (hEvent=0xa8) returned 1 [0163.422] SetEvent (hEvent=0x254) returned 1 [0163.423] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe08*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.430] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe08*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.448] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e33f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f6a0, ulNumEntriesRemoved=0x3e33f674) returned 0 [0163.448] SetEvent (hEvent=0xa8) returned 1 [0163.448] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe18*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.468] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe30*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.469] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f698, ulCount=0x10, ulNumEntriesRemoved=0x3e33f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f698, ulNumEntriesRemoved=0x3e33f66c) returned 0 [0163.469] SetEvent (hEvent=0xc0) returned 1 [0163.469] SetEvent (hEvent=0x254) returned 1 [0163.470] SetEvent (hEvent=0xb58) returned 1 [0163.471] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe08*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.472] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe08*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.473] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e33f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e33f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e33f6a0, ulNumEntriesRemoved=0x3e33f674) returned 0 [0163.473] SetEvent (hEvent=0xb58) returned 1 [0163.473] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e33fe18*=0xc0c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0163.483] WriteFile (in: hFile=0x36c, lpBuffer=0xc000498000*, nNumberOfBytesToWrite=0xdcf0, lpNumberOfBytesWritten=0xc000349cec, lpOverlapped=0x0 | out: lpBuffer=0xc000498000*, lpNumberOfBytesWritten=0xc000349cec*=0xdcf0, lpOverlapped=0x0) returned 1 [0166.306] CloseHandle (hObject=0x36c) returned 1 [0166.711] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0166.863] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b701 | out: pbBuffer=0xc00031b701) returned 1 [0166.863] VirtualAlloc (lpAddress=0xc000326000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000326000 [0166.864] VirtualAlloc (lpAddress=0xc000332000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000332000 [0166.866] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\PF7RnC.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\pf7rnc.bmp"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x704 [0166.872] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) returned 0x0 [0166.979] GetConsoleMode (in: hConsoleHandle=0x704, lpMode=0xc000349d64 | out: lpMode=0xc000349d64) returned 0 [0166.982] GetFileType (hFile=0x704) returned 0x1 [0166.982] WriteFile (in: hFile=0x704, lpBuffer=0xc0000c3760*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000349d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000c3760*, lpNumberOfBytesWritten=0xc000349d4c*=0x158, lpOverlapped=0x0) returned 1 [0166.982] CloseHandle (hObject=0x704) returned 1 [0166.982] VirtualAlloc (lpAddress=0xc0002bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002bc000 [0166.984] VirtualAlloc (lpAddress=0xc0002be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002be000 [0166.985] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\PF7RnC.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\pf7rnc.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\encry-PF7RnC.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\encry-pf7rnc.bmp"), dwFlags=0x1) returned 1 [0167.381] WaitForSingleObject (hHandle=0xc0c, dwMilliseconds=0xffffffff) Thread: id = 188 os_tid = 0xc94 [0142.267] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3e53fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3e53fea0*=0x820) returned 1 [0142.267] VirtualQuery (in: lpAddress=0x3e53fec0, lpBuffer=0x3e53fec0, dwLength=0x30 | out: lpBuffer=0x3e53fec0*(BaseAddress=0x3e53f000, AllocationBase=0x3e340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.267] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ueeHKPXYbc0Mi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ueehkpxybc0mi.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x83c [0142.268] GetConsoleMode (in: hConsoleHandle=0x83c, lpMode=0xc000473cf4 | out: lpMode=0xc000473cf4) returned 0 [0142.272] GetFileType (hFile=0x83c) returned 0x1 [0142.272] GetFileType (hFile=0x83c) returned 0x1 [0142.273] GetFileInformationByHandle (in: hFile=0x83c, lpFileInformation=0xc000473d44 | out: lpFileInformation=0xc000473d44) returned 1 [0142.273] GetFileInformationByHandleEx (in: hFile=0x83c, FileInformationClass=0x9, lpFileInformation=0xc000473d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000473d28) returned 1 [0142.273] ReadFile (in: hFile=0x83c, lpBuffer=0xc00037d900, nNumberOfBytesToRead=0x1193, lpNumberOfBytesRead=0xc000473c04, lpOverlapped=0x0 | out: lpBuffer=0xc00037d900*, lpNumberOfBytesRead=0xc000473c04*=0xf93, lpOverlapped=0x0) returned 1 [0142.807] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc14 [0142.807] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc18 [0142.807] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0143.749] ReadFile (in: hFile=0x83c, lpBuffer=0xc00037e893, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000473c04, lpOverlapped=0x0 | out: lpBuffer=0xc00037e893*, lpNumberOfBytesRead=0xc000473c04*=0x0, lpOverlapped=0x0) returned 1 [0143.749] CloseHandle (hObject=0x83c) returned 1 [0143.749] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ueeHKPXYbc0Mi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ueehkpxybc0mi.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6b4 [0143.780] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0144.632] GetConsoleMode (in: hConsoleHandle=0x6b4, lpMode=0xc000473d04 | out: lpMode=0xc000473d04) returned 0 [0144.633] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0145.459] GetFileType (hFile=0x6b4) returned 0x1 [0145.459] WriteFile (in: hFile=0x6b4, lpBuffer=0xc0006f1000*, nNumberOfBytesToWrite=0xfa0, lpNumberOfBytesWritten=0xc000473cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006f1000*, lpNumberOfBytesWritten=0xc000473cec*=0xfa0, lpOverlapped=0x0) returned 1 [0145.461] CloseHandle (hObject=0x6b4) returned 1 [0145.467] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0145.467] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0145.468] VirtualAlloc (lpAddress=0xc000168000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000168000 [0145.470] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ueeHKPXYbc0Mi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ueehkpxybc0mi.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6b4 [0145.471] GetConsoleMode (in: hConsoleHandle=0x6b4, lpMode=0xc000473d64 | out: lpMode=0xc000473d64) returned 0 [0145.475] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0145.993] GetFileType (hFile=0x6b4) returned 0x1 [0145.994] WriteFile (in: hFile=0x6b4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000473d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc000473d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.994] CloseHandle (hObject=0x6b4) returned 1 [0146.005] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\ueeHKPXYbc0Mi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\ueehkpxybc0mi.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-ueeHKPXYbc0Mi.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-ueehkpxybc0mi.lnk"), dwFlags=0x1) returned 1 [0150.681] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0151.249] SetEvent (hEvent=0xb50) returned 1 [0151.249] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\VevaAlv2kwFWSA56eyl.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\vevaalv2kwfwsa56eyl.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x36c [0151.249] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0003c7cf4 | out: lpMode=0xc0003c7cf4) returned 0 [0151.250] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0151.782] GetFileType (hFile=0x36c) returned 0x1 [0151.782] GetFileType (hFile=0x36c) returned 0x1 [0151.782] GetFileInformationByHandle (in: hFile=0x36c, lpFileInformation=0xc0003c7d44 | out: lpFileInformation=0xc0003c7d44) returned 1 [0151.782] GetFileInformationByHandleEx (in: hFile=0x36c, FileInformationClass=0x9, lpFileInformation=0xc0003c7d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003c7d28) returned 1 [0151.782] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0151.785] ReadFile (in: hFile=0x36c, lpBuffer=0xc000050000, nNumberOfBytesToRead=0x3947, lpNumberOfBytesRead=0xc0003c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesRead=0xc0003c7c04*=0x3747, lpOverlapped=0x0) returned 1 [0151.787] ReadFile (in: hFile=0x36c, lpBuffer=0xc000053747, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003c7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000053747*, lpNumberOfBytesRead=0xc0003c7c04*=0x0, lpOverlapped=0x0) returned 1 [0151.787] CloseHandle (hObject=0x36c) returned 1 [0151.787] VirtualAlloc (lpAddress=0xc000212000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0151.789] VirtualAlloc (lpAddress=0xc000040000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000040000 [0151.790] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\zPwegzv\\VevaAlv2kwFWSA56eyl.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\zpwegzv\\vevaalv2kwfwsa56eyl.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x36c [0151.793] GetConsoleMode (in: hConsoleHandle=0x36c, lpMode=0xc0003c7d04 | out: lpMode=0xc0003c7d04) returned 0 [0151.814] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0152.175] SetEvent (hEvent=0xb18) returned 1 [0152.175] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0161.397] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\-7NpFxydsa0tJA.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\-7npfxydsa0tja.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2fc [0161.990] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc0002f5cf4 | out: lpMode=0xc0002f5cf4) returned 0 [0162.235] GetFileType (hFile=0x2fc) returned 0x1 [0162.235] GetFileType (hFile=0x2fc) returned 0x1 [0162.235] GetFileInformationByHandle (in: hFile=0x2fc, lpFileInformation=0xc0002f5d44 | out: lpFileInformation=0xc0002f5d44) returned 1 [0162.235] GetFileInformationByHandleEx (in: hFile=0x2fc, FileInformationClass=0x9, lpFileInformation=0xc0002f5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002f5d28) returned 1 [0162.236] VirtualAlloc (lpAddress=0xc000524000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000524000 [0162.239] ReadFile (in: hFile=0x2fc, lpBuffer=0xc000524000, nNumberOfBytesToRead=0xb845, lpNumberOfBytesRead=0xc0002f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000524000*, lpNumberOfBytesRead=0xc0002f5c04*=0xb645, lpOverlapped=0x0) returned 1 [0162.241] ReadFile (in: hFile=0x2fc, lpBuffer=0xc00052f645, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002f5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00052f645*, lpNumberOfBytesRead=0xc0002f5c04*=0x0, lpOverlapped=0x0) returned 1 [0162.241] CloseHandle (hObject=0x2fc) returned 1 [0162.241] VirtualAlloc (lpAddress=0xc0005ca000, dwSize=0xc000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005ca000 [0162.244] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\-7NpFxydsa0tJA.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\-7npfxydsa0tja.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2fc [0162.247] GetConsoleMode (in: hConsoleHandle=0x2fc, lpMode=0xc0002f5d04 | out: lpMode=0xc0002f5d04) returned 0 [0162.417] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0162.588] SetEvent (hEvent=0x968) returned 1 [0162.588] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0163.626] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002c0140*, nNumberOfCharsToWrite=0x4b, lpNumberOfCharsWritten=0xc000367808, lpReserved=0x0 | out: lpBuffer=0xc0002c0140*, lpNumberOfCharsWritten=0xc000367808*=0x4b) returned 1 [0163.627] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0163.627] VirtualAlloc (lpAddress=0xc000186000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000186000 [0163.628] VirtualAlloc (lpAddress=0xc000198000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000198000 [0163.629] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0166.393] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc000367d64 | out: lpMode=0xc000367d64) returned 0 [0166.481] GetFileType (hFile=0x7a0) returned 0x1 [0166.481] WriteFile (in: hFile=0x7a0, lpBuffer=0xc000121a20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000367d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000121a20*, lpNumberOfBytesWritten=0xc000367d4c*=0x158, lpOverlapped=0x0) returned 1 [0166.483] CloseHandle (hObject=0x7a0) returned 1 [0166.484] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0166.989] SetEvent (hEvent=0x43c) returned 1 [0166.989] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0166.996] SetEvent (hEvent=0xc1c) returned 1 [0166.996] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0167.202] SetEvent (hEvent=0xc1c) returned 1 [0167.202] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0167.207] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0167.214] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0167.215] SetEvent (hEvent=0xc1c) returned 1 [0167.215] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0167.220] SetEvent (hEvent=0xc1c) returned 1 [0167.220] SwitchToThread () returned 1 [0167.221] SetEvent (hEvent=0x980) returned 1 [0167.221] SetEvent (hEvent=0xc1c) returned 1 [0167.221] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc070*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002e5818, lpReserved=0x0 | out: lpBuffer=0xc0000bc070*, lpNumberOfCharsWritten=0xc0002e5818*=0x3) returned 1 [0167.225] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0167.226] VirtualAlloc (lpAddress=0xc0000c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000c0000 [0167.227] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c0000*, nNumberOfCharsToWrite=0x10a, lpNumberOfCharsWritten=0xc0002e3808, lpReserved=0x0 | out: lpBuffer=0xc0000c0000*, lpNumberOfCharsWritten=0xc0002e3808*=0x10a) returned 1 [0167.272] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc028*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000515818, lpReserved=0x0 | out: lpBuffer=0xc0000bc028*, lpNumberOfCharsWritten=0xc000515818*=0x3) returned 1 [0167.283] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0167.289] SetEvent (hEvent=0x980) returned 1 [0167.289] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000fa080*, nNumberOfCharsToWrite=0x3e, lpNumberOfCharsWritten=0xc000129808, lpReserved=0x0 | out: lpBuffer=0xc0000fa080*, lpNumberOfCharsWritten=0xc000129808*=0x3e) returned 1 [0167.292] SetEvent (hEvent=0x980) returned 1 [0167.292] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c8090*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000129808, lpReserved=0x0 | out: lpBuffer=0xc0000c8090*, lpNumberOfCharsWritten=0xc000129808*=0x11) returned 1 [0167.317] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0167.345] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c80c0*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000129808, lpReserved=0x0 | out: lpBuffer=0xc0000c80c0*, lpNumberOfCharsWritten=0xc000129808*=0x11) returned 1 [0167.353] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\cookies"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\encry-Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\encry-cookies"), dwFlags=0x1) returned 1 [0167.403] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0167.420] SwitchToThread () returned 1 [0167.425] SetEvent (hEvent=0xc1c) returned 1 [0167.425] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0167.431] SetEvent (hEvent=0xc1c) returned 1 [0167.431] SetEvent (hEvent=0xa80) returned 1 [0167.432] SetEvent (hEvent=0xb48) returned 1 [0167.432] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0167.437] SetEvent (hEvent=0xc1c) returned 1 [0167.437] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0167.444] SetEvent (hEvent=0xc1c) returned 1 [0167.444] SetEvent (hEvent=0xa80) returned 1 [0167.444] SetEvent (hEvent=0xb48) returned 1 [0167.444] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0167.468] SwitchToThread () returned 1 [0167.476] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0167.478] SetEvent (hEvent=0xb48) returned 1 [0167.478] WaitForSingleObject (hHandle=0xc14, dwMilliseconds=0xffffffff) returned 0x0 [0167.484] SetEvent (hEvent=0xb48) returned 1 [0167.484] SwitchToThread () returned 1 [0167.485] SetEvent (hEvent=0xc1c) returned 1 [0167.486] SetEvent (hEvent=0xb48) returned 1 [0167.486] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010238*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00038f818, lpReserved=0x0 | out: lpBuffer=0xc000010238*, lpNumberOfCharsWritten=0xc00038f818*=0x3) returned 1 [0167.508] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc030*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00034b818, lpReserved=0x0 | out: lpBuffer=0xc0000bc030*, lpNumberOfCharsWritten=0xc00034b818*=0x3) returned 1 [0167.550] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc036*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000507818, lpReserved=0x0 | out: lpBuffer=0xc0000bc036*, lpNumberOfCharsWritten=0xc000507818*=0x3) returned 1 [0167.553] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc040*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004e3818, lpReserved=0x0 | out: lpBuffer=0xc0000bc040*, lpNumberOfCharsWritten=0xc0004e3818*=0x3) returned 1 [0167.554] SetEvent (hEvent=0xa80) returned 1 [0167.554] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc046*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0003ad818, lpReserved=0x0 | out: lpBuffer=0xc0000bc046*, lpNumberOfCharsWritten=0xc0003ad818*=0x3) returned 1 [0167.557] SetEvent (hEvent=0xa80) returned 1 [0167.557] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc050*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004f5818, lpReserved=0x0 | out: lpBuffer=0xc0000bc050*, lpNumberOfCharsWritten=0xc0004f5818*=0x3) returned 1 [0167.558] SetEvent (hEvent=0xa80) returned 1 [0167.559] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc056*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000359818, lpReserved=0x0 | out: lpBuffer=0xc0000bc056*, lpNumberOfCharsWritten=0xc000359818*=0x3) returned 1 [0167.560] SetEvent (hEvent=0xa80) returned 1 [0167.560] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc060*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004e9818, lpReserved=0x0 | out: lpBuffer=0xc0000bc060*, lpNumberOfCharsWritten=0xc0004e9818*=0x3) returned 1 [0167.561] SetEvent (hEvent=0xa80) returned 1 [0167.561] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc066*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000349818, lpReserved=0x0 | out: lpBuffer=0xc0000bc066*, lpNumberOfCharsWritten=0xc000349818*=0x3) returned 1 [0167.565] SetEvent (hEvent=0xa80) returned 1 [0167.565] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc070*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0003ab818, lpReserved=0x0 | out: lpBuffer=0xc0000bc070*, lpNumberOfCharsWritten=0xc0003ab818*=0x3) returned 1 [0167.566] SetEvent (hEvent=0xa80) returned 1 [0167.567] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010140*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00023d818, lpReserved=0x0 | out: lpBuffer=0xc000010140*, lpNumberOfCharsWritten=0xc00023d818*=0x3) returned 1 [0167.568] SetEvent (hEvent=0xa80) returned 1 [0167.568] VirtualAlloc (lpAddress=0xc00002c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00002c000 [0167.569] VirtualAlloc (lpAddress=0xc000052000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000052000 [0167.570] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010146*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004ad818, lpReserved=0x0 | out: lpBuffer=0xc000010146*, lpNumberOfCharsWritten=0xc0004ad818*=0x3) returned 1 [0167.572] SetEvent (hEvent=0xa80) returned 1 [0167.572] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0167.574] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc076*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00037d818, lpReserved=0x0 | out: lpBuffer=0xc0000bc076*, lpNumberOfCharsWritten=0xc00037d818*=0x3) returned 1 [0167.575] SetEvent (hEvent=0xa80) returned 1 [0167.575] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010240*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0001d3818, lpReserved=0x0 | out: lpBuffer=0xc000010240*, lpNumberOfCharsWritten=0xc0001d3818*=0x3) returned 1 [0167.578] SetEvent (hEvent=0xa80) returned 1 [0167.578] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc080*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004f9818, lpReserved=0x0 | out: lpBuffer=0xc0000bc080*, lpNumberOfCharsWritten=0xc0004f9818*=0x3) returned 1 [0167.580] SetEvent (hEvent=0xa80) returned 1 [0167.580] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010246*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002e7818, lpReserved=0x0 | out: lpBuffer=0xc000010246*, lpNumberOfCharsWritten=0xc0002e7818*=0x3) returned 1 [0167.582] SetEvent (hEvent=0xa80) returned 1 [0167.582] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc086*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004b5818, lpReserved=0x0 | out: lpBuffer=0xc0000bc086*, lpNumberOfCharsWritten=0xc0004b5818*=0x3) returned 1 [0167.584] SetEvent (hEvent=0xa80) returned 1 [0167.585] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc090*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000331818, lpReserved=0x0 | out: lpBuffer=0xc0000bc090*, lpNumberOfCharsWritten=0xc000331818*=0x3) returned 1 [0167.586] SetEvent (hEvent=0xa80) returned 1 [0167.586] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc096*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00044b818, lpReserved=0x0 | out: lpBuffer=0xc0000bc096*, lpNumberOfCharsWritten=0xc00044b818*=0x3) returned 1 [0167.588] SetEvent (hEvent=0xa80) returned 1 [0167.588] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc0a0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000313818, lpReserved=0x0 | out: lpBuffer=0xc0000bc0a0*, lpNumberOfCharsWritten=0xc000313818*=0x3) returned 1 [0167.589] SetEvent (hEvent=0xa80) returned 1 [0167.590] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010250*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002f5818, lpReserved=0x0 | out: lpBuffer=0xc000010250*, lpNumberOfCharsWritten=0xc0002f5818*=0x3) returned 1 [0167.591] SetEvent (hEvent=0xa80) returned 1 [0167.591] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010256*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00051b818, lpReserved=0x0 | out: lpBuffer=0xc000010256*, lpNumberOfCharsWritten=0xc00051b818*=0x3) returned 1 [0167.595] SetEvent (hEvent=0xa80) returned 1 [0167.595] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010260*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00020b818, lpReserved=0x0 | out: lpBuffer=0xc000010260*, lpNumberOfCharsWritten=0xc00020b818*=0x3) returned 1 [0167.597] SetEvent (hEvent=0xa80) returned 1 [0167.597] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc0a6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0003a9818, lpReserved=0x0 | out: lpBuffer=0xc0000bc0a6*, lpNumberOfCharsWritten=0xc0003a9818*=0x3) returned 1 [0167.599] SetEvent (hEvent=0xa80) returned 1 [0167.599] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc0b0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00039b818, lpReserved=0x0 | out: lpBuffer=0xc0000bc0b0*, lpNumberOfCharsWritten=0xc00039b818*=0x3) returned 1 [0167.600] SetEvent (hEvent=0xa80) returned 1 [0167.600] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010266*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000129818, lpReserved=0x0 | out: lpBuffer=0xc000010266*, lpNumberOfCharsWritten=0xc000129818*=0x3) returned 1 [0167.601] SetEvent (hEvent=0xa80) returned 1 [0167.601] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010270*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00037b818, lpReserved=0x0 | out: lpBuffer=0xc000010270*, lpNumberOfCharsWritten=0xc00037b818*=0x3) returned 1 [0167.602] SetEvent (hEvent=0xa80) returned 1 [0167.602] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc0b6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00043f818, lpReserved=0x0 | out: lpBuffer=0xc0000bc0b6*, lpNumberOfCharsWritten=0xc00043f818*=0x3) returned 1 [0167.603] SetEvent (hEvent=0xa80) returned 1 [0167.603] VirtualAlloc (lpAddress=0xc00007e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00007e000 [0167.605] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010276*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000069818, lpReserved=0x0 | out: lpBuffer=0xc000010276*, lpNumberOfCharsWritten=0xc000069818*=0x3) returned 1 [0167.606] SetEvent (hEvent=0xa80) returned 1 [0167.606] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc0c0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc00018b818, lpReserved=0x0 | out: lpBuffer=0xc0000bc0c0*, lpNumberOfCharsWritten=0xc00018b818*=0x3) returned 1 [0167.611] SetEvent (hEvent=0xa80) returned 1 [0167.612] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010280*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004fd818, lpReserved=0x0 | out: lpBuffer=0xc000010280*, lpNumberOfCharsWritten=0xc0004fd818*=0x3) returned 1 [0167.613] SetEvent (hEvent=0xa80) returned 1 [0167.613] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc0c6*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0004b1818, lpReserved=0x0 | out: lpBuffer=0xc0000bc0c6*, lpNumberOfCharsWritten=0xc0004b1818*=0x3) returned 1 [0167.614] SetEvent (hEvent=0xa80) returned 1 [0167.614] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010286*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000361818, lpReserved=0x0 | out: lpBuffer=0xc000010286*, lpNumberOfCharsWritten=0xc000361818*=0x3) returned 1 [0167.616] SetEvent (hEvent=0xa80) returned 1 [0167.616] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000bc0d0*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000517818, lpReserved=0x0 | out: lpBuffer=0xc0000bc0d0*, lpNumberOfCharsWritten=0xc000517818*=0x3) returned 1 [0167.617] SetEvent (hEvent=0xa80) returned 1 [0167.617] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc00009e040*, nNumberOfCharsToWrite=0xb, lpNumberOfCharsWritten=0xc00051d8e0, lpReserved=0x0 | out: lpBuffer=0xc00009e040*, lpNumberOfCharsWritten=0xc00051d8e0*=0xb) returned 1 [0167.622] RtlExitUserProcess (ExitCode=0x0) Thread: id = 189 os_tid = 0xc98 [0142.275] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3e73fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3e73fea0*=0x844) returned 1 [0142.275] VirtualQuery (in: lpAddress=0x3e73fec0, lpBuffer=0x3e73fec0, dwLength=0x30 | out: lpBuffer=0x3e73fec0*(BaseAddress=0x3e73f000, AllocationBase=0x3e540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.275] VirtualAlloc (lpAddress=0xc000614000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000614000 [0142.276] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wQBLRGmmPpS.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wqblrgmmpps.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x848 [0142.277] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc00048fcf4 | out: lpMode=0xc00048fcf4) returned 0 [0142.277] GetFileType (hFile=0x848) returned 0x1 [0142.277] GetFileType (hFile=0x848) returned 0x1 [0142.277] GetFileInformationByHandle (in: hFile=0x848, lpFileInformation=0xc00048fd44 | out: lpFileInformation=0xc00048fd44) returned 1 [0142.277] GetFileInformationByHandleEx (in: hFile=0x848, FileInformationClass=0x9, lpFileInformation=0xc00048fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00048fd28) returned 1 [0142.277] ReadFile (in: hFile=0x848, lpBuffer=0xc00021a580, nNumberOfBytesToRead=0x511, lpNumberOfBytesRead=0xc00048fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021a580*, lpNumberOfBytesRead=0xc00048fc04*=0x311, lpOverlapped=0x0) returned 1 [0142.808] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc1c [0142.808] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc20 [0142.808] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0143.775] ReadFile (in: hFile=0x848, lpBuffer=0xc00021a891, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00048fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021a891*, lpNumberOfBytesRead=0xc00048fc04*=0x0, lpOverlapped=0x0) returned 1 [0143.775] CloseHandle (hObject=0x848) returned 1 [0143.775] VirtualAlloc (lpAddress=0xc000776000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000776000 [0143.776] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wQBLRGmmPpS.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wqblrgmmpps.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6ac [0143.785] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0144.295] GetConsoleMode (in: hConsoleHandle=0x6ac, lpMode=0xc00048fd04 | out: lpMode=0xc00048fd04) returned 0 [0144.300] GetFileType (hFile=0x6ac) returned 0x1 [0144.300] WriteFile (in: hFile=0x6ac, lpBuffer=0xc000776000*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0xc00048fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000776000*, lpNumberOfBytesWritten=0xc00048fcec*=0x320, lpOverlapped=0x0) returned 1 [0144.301] CloseHandle (hObject=0x6ac) returned 1 [0144.301] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533801 | out: pbBuffer=0xc000533801) returned 1 [0144.302] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wQBLRGmmPpS.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wqblrgmmpps.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6ac [0144.302] GetConsoleMode (in: hConsoleHandle=0x6ac, lpMode=0xc00048fd64 | out: lpMode=0xc00048fd64) returned 0 [0144.303] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0144.662] SetEvent (hEvent=0xc6c) returned 1 [0144.662] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0144.663] SetEvent (hEvent=0xa60) returned 1 [0144.663] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0144.679] SetEvent (hEvent=0x35c) returned 1 [0144.679] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0145.800] SetEvent (hEvent=0x960) returned 1 [0145.800] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0145.809] SetEvent (hEvent=0x9c8) returned 1 [0145.809] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0145.816] SetEvent (hEvent=0x100) returned 1 [0145.816] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0145.825] SetEvent (hEvent=0xec) returned 1 [0145.825] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7f8 [0145.826] GetConsoleMode (in: hConsoleHandle=0x7f8, lpMode=0xc00022fcf4 | out: lpMode=0xc00022fcf4) returned 0 [0145.829] GetFileType (hFile=0x7f8) returned 0x1 [0145.829] GetFileType (hFile=0x7f8) returned 0x1 [0145.829] GetFileInformationByHandle (in: hFile=0x7f8, lpFileInformation=0xc00022fd44 | out: lpFileInformation=0xc00022fd44) returned 1 [0145.829] GetFileInformationByHandleEx (in: hFile=0x7f8, FileInformationClass=0x9, lpFileInformation=0xc00022fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00022fd28) returned 1 [0145.829] ReadFile (in: hFile=0x7f8, lpBuffer=0xc0000ea000, nNumberOfBytesToRead=0x33e, lpNumberOfBytesRead=0xc00022fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea000*, lpNumberOfBytesRead=0xc00022fc04*=0x13e, lpOverlapped=0x0) returned 1 [0145.830] ReadFile (in: hFile=0x7f8, lpBuffer=0xc0000ea13e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00022fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea13e*, lpNumberOfBytesRead=0xc00022fc04*=0x0, lpOverlapped=0x0) returned 1 [0145.831] CloseHandle (hObject=0x7f8) returned 1 [0145.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0145.831] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini\\*", lpFindFileData=0xc00022fa08 | out: lpFindFileData=0xc00022fa08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0145.831] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00022f720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0145.831] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7f8 [0145.832] GetConsoleMode (in: hConsoleHandle=0x7f8, lpMode=0xc0002d3cf4 | out: lpMode=0xc0002d3cf4) returned 0 [0145.833] GetFileType (hFile=0x7f8) returned 0x1 [0145.833] GetFileType (hFile=0x7f8) returned 0x1 [0145.833] GetFileInformationByHandle (in: hFile=0x7f8, lpFileInformation=0xc0002d3d44 | out: lpFileInformation=0xc0002d3d44) returned 1 [0145.833] GetFileInformationByHandleEx (in: hFile=0x7f8, FileInformationClass=0x9, lpFileInformation=0xc0002d3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d3d28) returned 1 [0145.833] ReadFile (in: hFile=0x7f8, lpBuffer=0xc0000ea380, nNumberOfBytesToRead=0x306, lpNumberOfBytesRead=0xc0002d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea380*, lpNumberOfBytesRead=0xc0002d3c04*=0x106, lpOverlapped=0x0) returned 1 [0145.835] ReadFile (in: hFile=0x7f8, lpBuffer=0xc0000ea486, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0000ea486*, lpNumberOfBytesRead=0xc0002d3c04*=0x0, lpOverlapped=0x0) returned 1 [0145.835] CloseHandle (hObject=0x7f8) returned 1 [0145.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f8 [0145.836] GetConsoleMode (in: hConsoleHandle=0x7f8, lpMode=0xc0002d3d04 | out: lpMode=0xc0002d3d04) returned 0 [0145.840] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0146.075] SetEvent (hEvent=0xb10) returned 1 [0146.076] GetFileType (hFile=0x7f8) returned 0x1 [0146.076] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0146.237] WriteFile (in: hFile=0x7f8, lpBuffer=0xc0003d2000*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc0002d3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0003d2000*, lpNumberOfBytesWritten=0xc0002d3cec*=0x110, lpOverlapped=0x0) returned 1 [0146.238] CloseHandle (hObject=0x7f8) returned 1 [0146.238] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0146.239] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0146.239] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0146.240] VirtualAlloc (lpAddress=0xc000264000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000264000 [0146.241] VirtualAlloc (lpAddress=0xc000266000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000266000 [0146.241] VirtualAlloc (lpAddress=0xc00026a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00026a000 [0146.242] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7f8 [0146.243] GetConsoleMode (in: hConsoleHandle=0x7f8, lpMode=0xc0002d3d64 | out: lpMode=0xc0002d3d64) returned 0 [0146.245] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0146.302] GetFileType (hFile=0x7f8) returned 0x1 [0146.302] WriteFile (in: hFile=0x7f8, lpBuffer=0xc00007e9a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e9a0*, lpNumberOfBytesWritten=0xc0002d3d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.302] CloseHandle (hObject=0x7f8) returned 1 [0146.302] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Help.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\help.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\encry-Help.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\encry-help.lnk"), dwFlags=0x1) returned 1 [0146.309] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0146.342] SetEvent (hEvent=0xc80) returned 1 [0146.342] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0146.485] SetEvent (hEvent=0x448) returned 1 [0146.485] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x838 [0146.485] GetConsoleMode (in: hConsoleHandle=0x838, lpMode=0xc0001a5cf4 | out: lpMode=0xc0001a5cf4) returned 0 [0146.513] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0146.642] GetFileType (hFile=0x838) returned 0x1 [0146.642] GetFileType (hFile=0x838) returned 0x1 [0146.642] GetFileInformationByHandle (in: hFile=0x838, lpFileInformation=0xc0001a5d44 | out: lpFileInformation=0xc0001a5d44) returned 1 [0146.642] GetFileInformationByHandleEx (in: hFile=0x838, FileInformationClass=0x9, lpFileInformation=0xc0001a5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001a5d28) returned 1 [0146.642] ReadFile (in: hFile=0x838, lpBuffer=0xc0002cf000, nNumberOfBytesToRead=0xddb, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002cf000*, lpNumberOfBytesRead=0xc0001a5c04*=0xbdb, lpOverlapped=0x0) returned 1 [0146.673] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0146.921] ReadFile (in: hFile=0x838, lpBuffer=0xc0002cfbdb, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001a5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002cfbdb*, lpNumberOfBytesRead=0xc0001a5c04*=0x0, lpOverlapped=0x0) returned 1 [0146.921] CloseHandle (hObject=0x838) returned 1 [0146.921] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x838 [0146.923] GetConsoleMode (in: hConsoleHandle=0x838, lpMode=0xc0001a5d04 | out: lpMode=0xc0001a5d04) returned 0 [0146.930] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0146.941] SetEvent (hEvent=0xbd8) returned 1 [0146.941] GetFileType (hFile=0x838) returned 0x1 [0146.941] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0146.964] WriteFile (in: hFile=0x838, lpBuffer=0xc000212c00*, nNumberOfBytesToWrite=0xbe0, lpNumberOfBytesWritten=0xc0001a5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000212c00*, lpNumberOfBytesWritten=0xc0001a5cec*=0xbe0, lpOverlapped=0x0) returned 1 [0146.965] CloseHandle (hObject=0x838) returned 1 [0146.965] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3101 | out: pbBuffer=0xc0001c3101) returned 1 [0146.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x838 [0146.966] GetConsoleMode (in: hConsoleHandle=0x838, lpMode=0xc0001a5d64 | out: lpMode=0xc0001a5d64) returned 0 [0147.006] GetFileType (hFile=0x838) returned 0x1 [0147.006] WriteFile (in: hFile=0x838, lpBuffer=0xc000202000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001a5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000202000*, lpNumberOfBytesWritten=0xc0001a5d4c*=0x158, lpOverlapped=0x0) returned 1 [0147.006] CloseHandle (hObject=0x838) returned 1 [0147.006] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\encry-bookmarks-2017-06-05_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\encry-bookmarks-2017-06-05_5.json"), dwFlags=0x1) returned 1 [0147.008] SwitchToThread () returned 1 [0147.011] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0147.078] SetEvent (hEvent=0xc44) returned 1 [0147.078] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0147.091] VirtualAlloc (lpAddress=0xc000218000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000218000 [0147.093] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x2e4 [0147.094] GetConsoleMode (in: hConsoleHandle=0x2e4, lpMode=0xc0006e3cf4 | out: lpMode=0xc0006e3cf4) returned 0 [0147.101] GetFileType (hFile=0x2e4) returned 0x1 [0147.101] GetFileType (hFile=0x2e4) returned 0x1 [0147.101] GetFileInformationByHandle (in: hFile=0x2e4, lpFileInformation=0xc0006e3d44 | out: lpFileInformation=0xc0006e3d44) returned 1 [0147.101] GetFileInformationByHandleEx (in: hFile=0x2e4, FileInformationClass=0x9, lpFileInformation=0xc0006e3d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0006e3d28) returned 1 [0147.101] VirtualAlloc (lpAddress=0xc0002a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002a4000 [0147.106] ReadFile (in: hFile=0x2e4, lpBuffer=0xc0002a4000, nNumberOfBytesToRead=0x4200, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4000*, lpNumberOfBytesRead=0xc0006e3c04*=0x4000, lpOverlapped=0x0) returned 1 [0147.110] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0147.147] ReadFile (in: hFile=0x2e4, lpBuffer=0xc0002a8000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0006e3c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a8000*, lpNumberOfBytesRead=0xc0006e3c04*=0x0, lpOverlapped=0x0) returned 1 [0147.147] CloseHandle (hObject=0x2e4) returned 1 [0147.147] VirtualAlloc (lpAddress=0xc000298000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000298000 [0147.148] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0147.241] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc0006e3d04 | out: lpMode=0xc0006e3d04) returned 0 [0147.249] GetFileType (hFile=0x5d8) returned 0x1 [0147.249] WriteFile (in: hFile=0x5d8, lpBuffer=0xc0002a8800*, nNumberOfBytesToWrite=0x4010, lpNumberOfBytesWritten=0xc0006e3cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a8800*, lpNumberOfBytesWritten=0xc0006e3cec*=0x4010, lpOverlapped=0x0) returned 1 [0147.273] CloseHandle (hObject=0x5d8) returned 1 [0147.286] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3301 | out: pbBuffer=0xc0001c3301) returned 1 [0147.286] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0147.286] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc0006e3d64 | out: lpMode=0xc0006e3d64) returned 0 [0147.297] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0147.304] SetEvent (hEvent=0xbd8) returned 1 [0147.304] GetFileType (hFile=0x8a4) returned 0x1 [0147.305] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0147.366] SetEvent (hEvent=0xa38) returned 1 [0147.366] WriteFile (in: hFile=0x8a4, lpBuffer=0xc0000a2160*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0006e3d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2160*, lpNumberOfBytesWritten=0xc0006e3d4c*=0x158, lpOverlapped=0x0) returned 1 [0147.366] CloseHandle (hObject=0x8a4) returned 1 [0147.366] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0147.368] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\key3.db"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-key3.db" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-key3.db"), dwFlags=0x1) returned 1 [0147.369] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x8a4 [0147.370] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc0001b9cf4 | out: lpMode=0xc0001b9cf4) returned 0 [0147.382] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0147.442] SetEvent (hEvent=0xc0) returned 1 [0147.443] SetEvent (hEvent=0xa38) returned 1 [0147.443] GetFileType (hFile=0x8a4) returned 0x1 [0147.443] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0147.850] GetFileType (hFile=0x8a4) returned 0x1 [0147.850] GetFileInformationByHandle (in: hFile=0x8a4, lpFileInformation=0xc0001b9d44 | out: lpFileInformation=0xc0001b9d44) returned 1 [0147.850] GetFileInformationByHandleEx (in: hFile=0x8a4, FileInformationClass=0x9, lpFileInformation=0xc0001b9d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001b9d28) returned 1 [0147.850] ReadFile (in: hFile=0x8a4, lpBuffer=0xc0002a8800, nNumberOfBytesToRead=0x4383, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002a8800*, lpNumberOfBytesRead=0xc0001b9c04*=0x4183, lpOverlapped=0x0) returned 1 [0148.835] ReadFile (in: hFile=0x8a4, lpBuffer=0xc0002ac983, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001b9c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002ac983*, lpNumberOfBytesRead=0xc0001b9c04*=0x0, lpOverlapped=0x0) returned 1 [0148.836] CloseHandle (hObject=0x8a4) returned 1 [0148.836] VirtualAlloc (lpAddress=0xc000708000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000708000 [0148.839] VirtualAlloc (lpAddress=0xc000314000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000314000 [0148.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a4 [0150.237] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc0001b9d04 | out: lpMode=0xc0001b9d04) returned 0 [0150.251] GetFileType (hFile=0x8a4) returned 0x1 [0150.251] WriteFile (in: hFile=0x8a4, lpBuffer=0xc000708000*, nNumberOfBytesToWrite=0x4190, lpNumberOfBytesWritten=0xc0001b9cec, lpOverlapped=0x0 | out: lpBuffer=0xc000708000*, lpNumberOfBytesWritten=0xc0001b9cec*=0x4190, lpOverlapped=0x0) returned 1 [0150.360] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0150.371] CloseHandle (hObject=0x8a4) returned 1 [0150.415] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0150.415] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0150.417] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0150.418] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0150.418] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc0001b9d64 | out: lpMode=0xc0001b9d64) returned 0 [0150.422] GetFileType (hFile=0x7a0) returned 0x1 [0150.422] WriteFile (in: hFile=0x7a0, lpBuffer=0xc0000d6840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001b9d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6840*, lpNumberOfBytesWritten=0xc0001b9d4c*=0x158, lpOverlapped=0x0) returned 1 [0150.441] CloseHandle (hObject=0x7a0) returned 1 [0150.583] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0150.585] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\search.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-search.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-search.json"), dwFlags=0x1) returned 1 [0151.405] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0151.775] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0151.780] SetEvent (hEvent=0x8e8) returned 1 [0151.780] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0151.883] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x510 [0151.884] GetConsoleMode (in: hConsoleHandle=0x510, lpMode=0xc0003bdcf4 | out: lpMode=0xc0003bdcf4) returned 0 [0151.945] GetFileType (hFile=0x510) returned 0x1 [0151.945] GetFileType (hFile=0x510) returned 0x1 [0151.946] GetFileInformationByHandle (in: hFile=0x510, lpFileInformation=0xc0003bdd44 | out: lpFileInformation=0xc0003bdd44) returned 1 [0151.946] GetFileInformationByHandleEx (in: hFile=0x510, FileInformationClass=0x9, lpFileInformation=0xc0003bdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003bdd28) returned 1 [0151.946] VirtualAlloc (lpAddress=0xc00027c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00027c000 [0151.949] ReadFile (in: hFile=0x510, lpBuffer=0xc00027c000, nNumberOfBytesToRead=0x76e6, lpNumberOfBytesRead=0xc0003bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc00027c000*, lpNumberOfBytesRead=0xc0003bdc04*=0x74e6, lpOverlapped=0x0) returned 1 [0151.962] ReadFile (in: hFile=0x510, lpBuffer=0xc0002834e6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003bdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0002834e6*, lpNumberOfBytesRead=0xc0003bdc04*=0x0, lpOverlapped=0x0) returned 1 [0151.962] CloseHandle (hObject=0x510) returned 1 [0151.962] VirtualAlloc (lpAddress=0xc0002e2000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002e2000 [0151.965] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my shapes\\_private\\folder.ico"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.966] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Shapes\\_private\\folder.ico\\*", lpFindFileData=0xc0003bda08 | out: lpFindFileData=0xc0003bda08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0151.966] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0003bd720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0151.966] SetEvent (hEvent=0x988) returned 1 [0151.966] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0151.971] VirtualFree (lpAddress=0xc000050000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0151.973] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.974] VirtualAlloc (lpAddress=0xc0000dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000dc000 [0151.975] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x848 [0151.976] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc00045fcf4 | out: lpMode=0xc00045fcf4) returned 0 [0151.993] GetFileType (hFile=0x848) returned 0x1 [0151.993] GetFileType (hFile=0x848) returned 0x1 [0151.993] GetFileInformationByHandle (in: hFile=0x848, lpFileInformation=0xc00045fd44 | out: lpFileInformation=0xc00045fd44) returned 1 [0151.993] GetFileInformationByHandleEx (in: hFile=0x848, FileInformationClass=0x9, lpFileInformation=0xc00045fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00045fd28) returned 1 [0151.993] ReadFile (in: hFile=0x848, lpBuffer=0xc0000f0000, nNumberOfBytesToRead=0x285, lpNumberOfBytesRead=0xc00045fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0000*, lpNumberOfBytesRead=0xc00045fc04*=0x85, lpOverlapped=0x0) returned 1 [0151.995] ReadFile (in: hFile=0x848, lpBuffer=0xc0000f0085, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00045fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000f0085*, lpNumberOfBytesRead=0xc00045fc04*=0x0, lpOverlapped=0x0) returned 1 [0151.995] CloseHandle (hObject=0x848) returned 1 [0151.995] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0151.997] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc00045fd04 | out: lpMode=0xc00045fd04) returned 0 [0152.030] GetFileType (hFile=0x848) returned 0x1 [0152.030] WriteFile (in: hFile=0x848, lpBuffer=0xc0002c4000*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0xc00045fcec, lpOverlapped=0x0 | out: lpBuffer=0xc0002c4000*, lpNumberOfBytesWritten=0xc00045fcec*=0x90, lpOverlapped=0x0) returned 1 [0152.032] CloseHandle (hObject=0x848) returned 1 [0152.032] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0152.032] VirtualAlloc (lpAddress=0xc0000fa000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fa000 [0152.034] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x848 [0152.034] GetConsoleMode (in: hConsoleHandle=0x848, lpMode=0xc00045fd64 | out: lpMode=0xc00045fd64) returned 0 [0152.038] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0152.304] GetFileType (hFile=0x848) returned 0x1 [0152.304] WriteFile (in: hFile=0x848, lpBuffer=0xc000104000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00045fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104000*, lpNumberOfBytesWritten=0xc00045fd4c*=0x158, lpOverlapped=0x0) returned 1 [0152.304] CloseHandle (hObject=0x848) returned 1 [0152.305] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\msn entertainment.url"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\MSN Websites\\encry-MSN Entertainment.url" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\msn websites\\encry-msn entertainment.url"), dwFlags=0x1) returned 1 [0152.306] SetEvent (hEvent=0xc44) returned 1 [0152.306] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0161.370] VirtualAlloc (lpAddress=0xc0000fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000fe000 [0161.370] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0161.371] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Y138cXvDjo.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\y138cxvdjo.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x63c [0162.034] GetConsoleMode (in: hConsoleHandle=0x63c, lpMode=0xc0004b5cf4 | out: lpMode=0xc0004b5cf4) returned 0 [0162.360] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0162.594] SetEvent (hEvent=0x114) returned 1 [0162.594] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0163.578] GetFileType (hFile=0x704) returned 0x1 [0163.578] WriteFile (in: hFile=0x704, lpBuffer=0xc0001202c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00022dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001202c0*, lpNumberOfBytesWritten=0xc00022dd4c*=0x158, lpOverlapped=0x0) returned 1 [0163.580] CloseHandle (hObject=0x704) returned 1 [0166.421] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Links\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\favorites\\links\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0166.884] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0167.000] SetEvent (hEvent=0x324) returned 1 [0167.000] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0167.013] SetEvent (hEvent=0x8d0) returned 1 [0167.013] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0167.192] SetEvent (hEvent=0xbb0) returned 1 [0167.193] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0167.197] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0167.200] SetEvent (hEvent=0xc14) returned 1 [0167.200] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0167.206] SetEvent (hEvent=0xc14) returned 1 [0167.206] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586066*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc0002e9818, lpReserved=0x0 | out: lpBuffer=0xc000586066*, lpNumberOfCharsWritten=0xc0002e9818*=0x3) returned 1 [0167.208] SetEvent (hEvent=0xc14) returned 1 [0167.208] VirtualAlloc (lpAddress=0xc0002ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002ee000 [0167.210] VirtualAlloc (lpAddress=0xc0002fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002fe000 [0167.211] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002fe000*, nNumberOfCharsToWrite=0x154, lpNumberOfCharsWritten=0xc0002f7808, lpReserved=0x0 | out: lpBuffer=0xc0002fe000*, lpNumberOfCharsWritten=0xc0002f7808*=0x154) returned 1 [0167.215] SetEvent (hEvent=0xc14) returned 1 [0167.215] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe30*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.216] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e73f698, ulCount=0x10, ulNumEntriesRemoved=0x3e73f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e73f698, ulNumEntriesRemoved=0x3e73f66c) returned 0 [0167.216] SetEvent (hEvent=0xc0) returned 1 [0167.216] SetEvent (hEvent=0xc14) returned 1 [0167.216] VirtualAlloc (lpAddress=0xc00013c000, dwSize=0x8000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00013c000 [0167.219] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe08*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.221] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe08*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.224] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e73f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e73f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e73f6a0, ulNumEntriesRemoved=0x3e73f674) returned 0 [0167.224] SetEvent (hEvent=0x980) returned 1 [0167.224] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe18*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0167.280] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0167.280] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe30*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0167.283] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0167.283] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e73f698, ulCount=0x10, ulNumEntriesRemoved=0x3e73f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e73f698, ulNumEntriesRemoved=0x3e73f66c) returned 0 [0167.283] SetEvent (hEvent=0xc0) returned 1 [0167.283] SetEvent (hEvent=0x980) returned 1 [0167.284] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe08*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.292] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe08*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.317] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe30*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.320] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e73f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e73f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e73f6a0, ulNumEntriesRemoved=0x3e73f674) returned 0 [0167.321] SetEvent (hEvent=0xc0) returned 1 [0167.321] SetEvent (hEvent=0x980) returned 1 [0167.321] SetEvent (hEvent=0x1a0) returned 1 [0167.321] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe18*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.361] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe30*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.368] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e73f698, ulCount=0x10, ulNumEntriesRemoved=0x3e73f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e73f698, ulNumEntriesRemoved=0x3e73f66c) returned 0 [0167.368] SetEvent (hEvent=0xc0) returned 1 [0167.368] SetEvent (hEvent=0x1a0) returned 1 [0167.369] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe08*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.400] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe08*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.410] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e73f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e73f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e73f6a0, ulNumEntriesRemoved=0x3e73f674) returned 0 [0167.410] SetEvent (hEvent=0xb48) returned 1 [0167.410] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe18*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.424] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe30*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0167.427] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0167.427] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e73f698, ulCount=0x10, ulNumEntriesRemoved=0x3e73f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e73f698, ulNumEntriesRemoved=0x3e73f66c) returned 0 [0167.427] SetEvent (hEvent=0xc0) returned 1 [0167.427] SetEvent (hEvent=0xc14) returned 1 [0167.428] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe08*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.432] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe08*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.436] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe30*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.442] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e73f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e73f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e73f6a0, ulNumEntriesRemoved=0x3e73f674) returned 0 [0167.443] SetEvent (hEvent=0xc14) returned 1 [0167.443] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e73fe18*=0xc1c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0167.476] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0167.507] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) returned 0x0 [0167.544] SetEvent (hEvent=0xb48) returned 1 [0167.544] SetEvent (hEvent=0xa80) returned 1 [0167.544] VirtualFree (lpAddress=0xc00013c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0167.546] VirtualFree (lpAddress=0xc0000e6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.547] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.548] VirtualFree (lpAddress=0xc00005a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.548] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.549] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0167.550] SwitchToThread () returned 1 [0167.552] WaitForSingleObject (hHandle=0xc1c, dwMilliseconds=0xffffffff) Thread: id = 190 os_tid = 0xc9c [0142.280] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3e93fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3e93fea0*=0x84c) returned 1 [0142.280] VirtualQuery (in: lpAddress=0x3e93fec0, lpBuffer=0x3e93fec0, dwLength=0x30 | out: lpBuffer=0x3e93fec0*(BaseAddress=0x3e93f000, AllocationBase=0x3e740000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.280] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wOX68Cxezv6Oloa.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wox68cxezv6oloa.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x850 [0142.281] GetConsoleMode (in: hConsoleHandle=0x850, lpMode=0xc000485cf4 | out: lpMode=0xc000485cf4) returned 0 [0142.282] GetFileType (hFile=0x850) returned 0x1 [0142.282] GetFileType (hFile=0x850) returned 0x1 [0142.282] GetFileInformationByHandle (in: hFile=0x850, lpFileInformation=0xc000485d44 | out: lpFileInformation=0xc000485d44) returned 1 [0142.282] GetFileInformationByHandleEx (in: hFile=0x850, FileInformationClass=0x9, lpFileInformation=0xc000485d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000485d28) returned 1 [0142.282] ReadFile (in: hFile=0x850, lpBuffer=0xc000202c80, nNumberOfBytesToRead=0xc6e, lpNumberOfBytesRead=0xc000485c04, lpOverlapped=0x0 | out: lpBuffer=0xc000202c80*, lpNumberOfBytesRead=0xc000485c04*=0xa6e, lpOverlapped=0x0) returned 1 [0142.809] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc24 [0142.810] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc28 [0142.810] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0143.780] ReadFile (in: hFile=0x850, lpBuffer=0xc0002036ee, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000485c04, lpOverlapped=0x0 | out: lpBuffer=0xc0002036ee*, lpNumberOfBytesRead=0xc000485c04*=0x0, lpOverlapped=0x0) returned 1 [0143.780] CloseHandle (hObject=0x850) returned 1 [0143.780] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wOX68Cxezv6Oloa.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wox68cxezv6oloa.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6b8 [0143.805] GetConsoleMode (in: hConsoleHandle=0x6b8, lpMode=0xc000485d04 | out: lpMode=0xc000485d04) returned 0 [0143.811] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0144.314] GetFileType (hFile=0x6b8) returned 0x1 [0144.314] WriteFile (in: hFile=0x6b8, lpBuffer=0xc00004ca80*, nNumberOfBytesToWrite=0xa70, lpNumberOfBytesWritten=0xc000485cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004ca80*, lpNumberOfBytesWritten=0xc000485cec*=0xa70, lpOverlapped=0x0) returned 1 [0144.315] CloseHandle (hObject=0x6b8) returned 1 [0144.316] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2f01 | out: pbBuffer=0xc0001c2f01) returned 1 [0144.316] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0144.319] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wOX68Cxezv6Oloa.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wox68cxezv6oloa.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6b8 [0144.319] GetConsoleMode (in: hConsoleHandle=0x6b8, lpMode=0xc000485d64 | out: lpMode=0xc000485d64) returned 0 [0144.322] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0144.627] GetFileType (hFile=0x6b8) returned 0x1 [0144.627] WriteFile (in: hFile=0x6b8, lpBuffer=0xc00007fce0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000485d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007fce0*, lpNumberOfBytesWritten=0xc000485d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.628] CloseHandle (hObject=0x6b8) returned 1 [0144.628] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\wOX68Cxezv6Oloa.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\wox68cxezv6oloa.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-wOX68Cxezv6Oloa.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-wox68cxezv6oloa.lnk"), dwFlags=0x1) returned 1 [0144.629] SetEvent (hEvent=0x1a0) returned 1 [0144.629] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0144.634] VirtualFree (lpAddress=0xc00075c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.635] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.636] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.637] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.637] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0144.638] SetEvent (hEvent=0x448) returned 1 [0144.638] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0145.903] VirtualFree (lpAddress=0xc000800000, dwSize=0x36000, dwFreeType=0x4000) returned 1 [0145.905] VirtualFree (lpAddress=0xc000798000, dwSize=0x68000, dwFreeType=0x4000) returned 1 [0145.909] VirtualFree (lpAddress=0xc00072a000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0145.910] VirtualAlloc (lpAddress=0xc000164000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000164000 [0145.911] SetEvent (hEvent=0x318) returned 1 [0145.911] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0145.915] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0145.916] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0145.917] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00015dcf4 | out: lpMode=0xc00015dcf4) returned 0 [0145.918] GetFileType (hFile=0x240) returned 0x1 [0145.918] GetFileType (hFile=0x240) returned 0x1 [0145.918] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc00015dd44 | out: lpFileInformation=0xc00015dd44) returned 1 [0145.918] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc00015dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00015dd28) returned 1 [0145.918] ReadFile (in: hFile=0x240, lpBuffer=0xc000202a80, nNumberOfBytesToRead=0x306, lpNumberOfBytesRead=0xc00015dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000202a80*, lpNumberOfBytesRead=0xc00015dc04*=0x106, lpOverlapped=0x0) returned 1 [0145.920] ReadFile (in: hFile=0x240, lpBuffer=0xc000202b86, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00015dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000202b86*, lpNumberOfBytesRead=0xc00015dc04*=0x0, lpOverlapped=0x0) returned 1 [0145.920] CloseHandle (hObject=0x240) returned 1 [0145.920] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0145.921] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00015dd04 | out: lpMode=0xc00015dd04) returned 0 [0145.925] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.100] GetFileType (hFile=0x240) returned 0x1 [0146.100] WriteFile (in: hFile=0x240, lpBuffer=0xc000184360*, nNumberOfBytesToWrite=0x110, lpNumberOfBytesWritten=0xc00015dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000184360*, lpNumberOfBytesWritten=0xc00015dcec*=0x110, lpOverlapped=0x0) returned 1 [0146.101] CloseHandle (hObject=0x240) returned 1 [0146.101] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3301 | out: pbBuffer=0xc0001c3301) returned 1 [0146.101] VirtualAlloc (lpAddress=0xc00028c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00028c000 [0146.103] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x240 [0146.103] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc00015dd64 | out: lpMode=0xc00015dd64) returned 0 [0146.104] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.222] GetFileType (hFile=0x240) returned 0x1 [0146.222] WriteFile (in: hFile=0x240, lpBuffer=0xc0002902c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00015dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002902c0*, lpNumberOfBytesWritten=0xc00015dd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.223] CloseHandle (hObject=0x240) returned 1 [0146.223] VirtualAlloc (lpAddress=0xc000130000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000130000 [0146.224] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Control Panel.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\control panel.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\encry-Control Panel.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\system tools\\encry-control panel.lnk"), dwFlags=0x1) returned 1 [0146.227] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e93f698, ulCount=0x10, ulNumEntriesRemoved=0x3e93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e93f698, ulNumEntriesRemoved=0x3e93f66c) returned 0 [0146.227] SetEvent (hEvent=0x9e8) returned 1 [0146.227] SetEvent (hEvent=0x8f8) returned 1 [0146.227] SetEvent (hEvent=0xb58) returned 1 [0146.228] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe08*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.233] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.233] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe08*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.245] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.245] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe30*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.246] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.246] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e93f6a0, ulNumEntriesRemoved=0x3e93f674) returned 0 [0146.246] SetEvent (hEvent=0xb58) returned 1 [0146.246] SetEvent (hEvent=0x8d0) returned 1 [0146.246] SetEvent (hEvent=0x100) returned 1 [0146.246] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe18*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.259] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe30*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.264] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e93f698, ulCount=0x10, ulNumEntriesRemoved=0x3e93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e93f698, ulNumEntriesRemoved=0x3e93f66c) returned 0 [0146.264] SetEvent (hEvent=0xc64) returned 1 [0146.264] SetEvent (hEvent=0x208) returned 1 [0146.264] SetEvent (hEvent=0x8b8) returned 1 [0146.266] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe08*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.273] SetEvent (hEvent=0x8b8) returned 1 [0146.273] SetEvent (hEvent=0x208) returned 1 [0146.273] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe08*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.277] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe30*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.278] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.278] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e93f6a0, ulNumEntriesRemoved=0x3e93f674) returned 0 [0146.278] SetEvent (hEvent=0xc64) returned 1 [0146.278] SetEvent (hEvent=0x8b8) returned 1 [0146.279] SetEvent (hEvent=0x208) returned 1 [0146.279] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe18*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.290] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e93f698, ulCount=0x10, ulNumEntriesRemoved=0x3e93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e93f698, ulNumEntriesRemoved=0x3e93f66c) returned 0 [0146.290] SetEvent (hEvent=0x8b8) returned 1 [0146.290] SetEvent (hEvent=0x208) returned 1 [0146.290] SetEvent (hEvent=0xa20) returned 1 [0146.292] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe08*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.301] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.301] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe08*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.307] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.307] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe30*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.310] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.310] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e93f6a0, ulNumEntriesRemoved=0x3e93f674) returned 0 [0146.310] SetEvent (hEvent=0xc0) returned 1 [0146.310] SetEvent (hEvent=0x920) returned 1 [0146.310] SetEvent (hEvent=0xbd0) returned 1 [0146.310] SetEvent (hEvent=0xa20) returned 1 [0146.310] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe18*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.319] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e93f698, ulCount=0x10, ulNumEntriesRemoved=0x3e93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e93f698, ulNumEntriesRemoved=0x3e93f66c) returned 0 [0146.319] SetEvent (hEvent=0xb68) returned 1 [0146.319] SetEvent (hEvent=0x304) returned 1 [0146.319] SetEvent (hEvent=0xa20) returned 1 [0146.320] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe08*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.328] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.328] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe08*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.339] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe30*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.341] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.341] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e93f6a0, ulNumEntriesRemoved=0x3e93f674) returned 0 [0146.341] SetEvent (hEvent=0x264) returned 1 [0146.341] SetEvent (hEvent=0x2f4) returned 1 [0146.341] SetEvent (hEvent=0xa20) returned 1 [0146.341] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe18*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.358] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe30*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.359] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.359] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e93f698, ulCount=0x10, ulNumEntriesRemoved=0x3e93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e93f698, ulNumEntriesRemoved=0x3e93f66c) returned 0 [0146.359] SetEvent (hEvent=0x324) returned 1 [0146.359] SetEvent (hEvent=0x3b0) returned 1 [0146.361] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe08*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.376] SetEvent (hEvent=0x3b0) returned 1 [0146.376] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe08*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.413] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe30*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0146.415] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.415] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e93f6a0, ulNumEntriesRemoved=0x3e93f674) returned 0 [0146.415] SetEvent (hEvent=0xbb0) returned 1 [0146.415] SetEvent (hEvent=0x980) returned 1 [0146.415] SetEvent (hEvent=0x1f8) returned 1 [0146.416] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe18*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0146.447] SetEvent (hEvent=0xc0c) returned 1 [0146.447] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.466] GetFileType (hFile=0x464) returned 0x1 [0146.466] WriteFile (in: hFile=0x464, lpBuffer=0xc0000506e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00045fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000506e0*, lpNumberOfBytesWritten=0xc00045fd4c*=0x158, lpOverlapped=0x0) returned 1 [0146.466] CloseHandle (hObject=0x464) returned 1 [0146.471] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.514] SetEvent (hEvent=0x448) returned 1 [0146.514] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.518] SetEvent (hEvent=0xc80) returned 1 [0146.518] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.609] SetEvent (hEvent=0xbd8) returned 1 [0146.609] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.638] SetEvent (hEvent=0x448) returned 1 [0146.638] SetEvent (hEvent=0xbb0) returned 1 [0146.639] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.641] SetEvent (hEvent=0xc1c) returned 1 [0146.641] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.646] SetEvent (hEvent=0x3b0) returned 1 [0146.646] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.673] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.676] SetEvent (hEvent=0xae8) returned 1 [0146.676] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.849] SetEvent (hEvent=0xc80) returned 1 [0146.849] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x5b0 [0146.850] GetConsoleMode (in: hConsoleHandle=0x5b0, lpMode=0xc000063cf4 | out: lpMode=0xc000063cf4) returned 0 [0146.853] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.940] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.942] SetEvent (hEvent=0x318) returned 1 [0146.942] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0146.946] VirtualFree (lpAddress=0xc0004a0000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0146.947] VirtualFree (lpAddress=0xc0002a4000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0146.948] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.949] VirtualFree (lpAddress=0xc000160000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.950] VirtualFree (lpAddress=0xc000130000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.951] VirtualFree (lpAddress=0xc00010e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.952] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.953] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.954] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.954] VirtualFree (lpAddress=0xc000070000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0146.955] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.956] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.957] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0146.959] SetEvent (hEvent=0xa20) returned 1 [0146.959] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0147.010] SetEvent (hEvent=0xa20) returned 1 [0147.010] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0147.094] SetEvent (hEvent=0xbd8) returned 1 [0147.094] VirtualAlloc (lpAddress=0xc0001b2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b2000 [0147.096] VirtualAlloc (lpAddress=0xc0001b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001b6000 [0147.097] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x40c [0147.098] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc0002d5cf4 | out: lpMode=0xc0002d5cf4) returned 0 [0147.108] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0147.111] SetEvent (hEvent=0xc0) returned 1 [0147.111] SetEvent (hEvent=0xbd8) returned 1 [0147.111] GetFileType (hFile=0x40c) returned 0x1 [0147.112] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0147.121] SetEvent (hEvent=0xbd8) returned 1 [0147.122] GetFileType (hFile=0x40c) returned 0x1 [0147.122] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0147.149] GetFileInformationByHandle (in: hFile=0x40c, lpFileInformation=0xc0002d5d44 | out: lpFileInformation=0xc0002d5d44) returned 1 [0147.149] GetFileInformationByHandleEx (in: hFile=0x40c, FileInformationClass=0x9, lpFileInformation=0xc0002d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0002d5d28) returned 1 [0147.149] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0xa2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e4000 [0147.173] ReadFile (in: hFile=0x40c, lpBuffer=0xc0006e4000, nNumberOfBytesToRead=0xa0200, lpNumberOfBytesRead=0xc0002d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006e4000*, lpNumberOfBytesRead=0xc0002d5c04*=0xa0000, lpOverlapped=0x0) returned 1 [0147.366] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0147.388] ReadFile (in: hFile=0x40c, lpBuffer=0xc000784000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc000784000*, lpNumberOfBytesRead=0xc0002d5c04*=0x0, lpOverlapped=0x0) returned 1 [0147.388] CloseHandle (hObject=0x40c) returned 1 [0147.388] VirtualAlloc (lpAddress=0xc0000be000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000be000 [0147.389] VirtualAlloc (lpAddress=0xc000786000, dwSize=0xa2000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.389] VirtualAlloc (lpAddress=0xc000786000, dwSize=0xa2000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.389] VirtualAlloc (lpAddress=0xc000786000, dwSize=0x51000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000786000 [0147.391] VirtualAlloc (lpAddress=0xc0007d7000, dwSize=0x51000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.391] VirtualAlloc (lpAddress=0xc0007d7000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007d7000 [0147.392] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x29000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.392] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.392] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.392] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x5000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.392] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0x0 [0147.392] VirtualAlloc (lpAddress=0xc0007ff000, dwSize=0x1000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0007ff000 [0147.392] VirtualAlloc (lpAddress=0xc000800000, dwSize=0x28000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000800000 [0147.408] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40c [0147.416] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc0002d5d04 | out: lpMode=0xc0002d5d04) returned 0 [0147.423] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0147.468] GetFileType (hFile=0x40c) returned 0x1 [0147.468] WriteFile (in: hFile=0x40c, lpBuffer=0xc000786000*, nNumberOfBytesToWrite=0xa0010, lpNumberOfBytesWritten=0xc0002d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc000786000*, lpNumberOfBytesWritten=0xc0002d5cec*=0xa0010, lpOverlapped=0x0) returned 1 [0147.499] CloseHandle (hObject=0x40c) returned 1 [0147.499] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0147.500] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0147.501] VirtualAlloc (lpAddress=0xc0000f0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000f0000 [0147.502] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x40c [0147.502] GetConsoleMode (in: hConsoleHandle=0x40c, lpMode=0xc0002d5d64 | out: lpMode=0xc0002d5d64) returned 0 [0147.604] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0147.869] GetFileType (hFile=0x40c) returned 0x1 [0147.869] WriteFile (in: hFile=0x40c, lpBuffer=0xc0002ec2c0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0002d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0002ec2c0*, lpNumberOfBytesWritten=0xc0002d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0149.023] CloseHandle (hObject=0x40c) returned 1 [0149.352] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0149.361] SetEvent (hEvent=0xc0) returned 1 [0149.361] SetEvent (hEvent=0x3c4) returned 1 [0149.361] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\encry-818200132aebmoouht.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\idb\\encry-818200132aebmoouht.sqlite"), dwFlags=0x1) returned 1 [0149.420] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e93f698, ulCount=0x10, ulNumEntriesRemoved=0x3e93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e93f698, ulNumEntriesRemoved=0x3e93f66c) returned 0 [0149.420] SetEvent (hEvent=0x9a0) returned 1 [0149.421] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe08*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0149.455] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0149.455] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3e93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3e93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3e93f6a0, ulNumEntriesRemoved=0x3e93f674) returned 0 [0149.456] SetEvent (hEvent=0x9a0) returned 1 [0149.456] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3e93fe18*=0xc24, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0149.556] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0149.557] SwitchToThread () returned 1 [0149.616] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0149.619] SetEvent (hEvent=0x8b8) returned 1 [0149.619] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0149.620] SetEvent (hEvent=0x8b8) returned 1 [0149.621] SetEvent (hEvent=0x9a0) returned 1 [0149.621] VirtualFree (lpAddress=0xc00061c000, dwSize=0x18000, dwFreeType=0x4000) returned 1 [0149.623] VirtualFree (lpAddress=0xc000314000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.625] VirtualFree (lpAddress=0xc0002ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.626] VirtualFree (lpAddress=0xc000206000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.626] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.627] VirtualFree (lpAddress=0xc000184000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.628] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.629] VirtualFree (lpAddress=0xc00010e000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0149.630] VirtualFree (lpAddress=0xc000102000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.631] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.632] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.633] VirtualFree (lpAddress=0xc000040000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.634] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0000*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000047818, lpReserved=0x0 | out: lpBuffer=0xc0000a0000*, lpNumberOfCharsWritten=0xc000047818*=0x3) returned 1 [0149.635] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0149.667] SetEvent (hEvent=0xa38) returned 1 [0149.667] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0149.669] SetEvent (hEvent=0xa38) returned 1 [0149.669] SetEvent (hEvent=0xae8) returned 1 [0149.669] VirtualFree (lpAddress=0xc0002f2000, dwSize=0xa000, dwFreeType=0x4000) returned 1 [0149.671] VirtualFree (lpAddress=0xc000182000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.672] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.673] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.673] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.674] VirtualFree (lpAddress=0xc0000dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.675] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.676] VirtualFree (lpAddress=0xc000050000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.677] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0149.677] VirtualFree (lpAddress=0xc000040000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0149.679] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000a0038*, nNumberOfCharsToWrite=0x3, lpNumberOfCharsWritten=0xc000387818, lpReserved=0x0 | out: lpBuffer=0xc0000a0038*, lpNumberOfCharsWritten=0xc000387818*=0x3) returned 1 [0149.680] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0149.687] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0149.699] SetEvent (hEvent=0xa38) returned 1 [0149.699] SetEvent (hEvent=0x8b8) returned 1 [0149.699] SetEvent (hEvent=0xc80) returned 1 [0149.699] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) returned 0x0 [0150.370] SetEvent (hEvent=0x304) returned 1 [0150.370] WaitForSingleObject (hHandle=0xc24, dwMilliseconds=0xffffffff) Thread: id = 191 os_tid = 0xca0 [0142.286] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3eb3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3eb3fea0*=0x840) returned 1 [0142.286] VirtualQuery (in: lpAddress=0x3eb3fec0, lpBuffer=0x3eb3fec0, dwLength=0x30 | out: lpBuffer=0x3eb3fec0*(BaseAddress=0x3eb3f000, AllocationBase=0x3e940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.286] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qP7z mewstU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qp7z mewstu.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x854 [0142.288] GetConsoleMode (in: hConsoleHandle=0x854, lpMode=0xc00046fcf4 | out: lpMode=0xc00046fcf4) returned 0 [0142.293] GetFileType (hFile=0x854) returned 0x1 [0142.293] GetFileType (hFile=0x854) returned 0x1 [0142.293] GetFileInformationByHandle (in: hFile=0x854, lpFileInformation=0xc00046fd44 | out: lpFileInformation=0xc00046fd44) returned 1 [0142.293] GetFileInformationByHandleEx (in: hFile=0x854, FileInformationClass=0x9, lpFileInformation=0xc00046fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00046fd28) returned 1 [0142.293] ReadFile (in: hFile=0x854, lpBuffer=0xc00016d200, nNumberOfBytesToRead=0xc42, lpNumberOfBytesRead=0xc00046fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016d200*, lpNumberOfBytesRead=0xc00046fc04*=0xa42, lpOverlapped=0x0) returned 1 [0142.813] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc34 [0142.813] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc38 [0142.813] WaitForSingleObject (hHandle=0xc34, dwMilliseconds=0xffffffff) returned 0x0 [0143.792] ReadFile (in: hFile=0x854, lpBuffer=0xc00016dc42, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00046fc04, lpOverlapped=0x0 | out: lpBuffer=0xc00016dc42*, lpNumberOfBytesRead=0xc00046fc04*=0x0, lpOverlapped=0x0) returned 1 [0143.792] CloseHandle (hObject=0x854) returned 1 [0143.792] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qP7z mewstU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qp7z mewstu.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6c4 [0143.819] WaitForSingleObject (hHandle=0xc34, dwMilliseconds=0xffffffff) returned 0x0 [0144.332] SetEvent (hEvent=0xc0) returned 1 [0144.333] GetConsoleMode (in: hConsoleHandle=0x6c4, lpMode=0xc00046fd04 | out: lpMode=0xc00046fd04) returned 0 [0144.335] WaitForSingleObject (hHandle=0xc34, dwMilliseconds=0xffffffff) returned 0x0 [0144.778] SetEvent (hEvent=0xc0) returned 1 [0144.778] SetEvent (hEvent=0x9b8) returned 1 [0144.778] GetFileType (hFile=0x6c4) returned 0x1 [0144.778] WaitForSingleObject (hHandle=0xc34, dwMilliseconds=0xffffffff) returned 0x0 [0145.462] VirtualAlloc (lpAddress=0xc0000e6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e6000 [0145.463] WriteFile (in: hFile=0x6c4, lpBuffer=0xc00004d500*, nNumberOfBytesToWrite=0xa50, lpNumberOfBytesWritten=0xc00046fcec, lpOverlapped=0x0 | out: lpBuffer=0xc00004d500*, lpNumberOfBytesWritten=0xc00046fcec*=0xa50, lpOverlapped=0x0) returned 1 [0145.465] CloseHandle (hObject=0x6c4) returned 1 [0145.465] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0145.466] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qP7z mewstU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qp7z mewstu.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x6c4 [0145.466] GetConsoleMode (in: hConsoleHandle=0x6c4, lpMode=0xc00046fd64 | out: lpMode=0xc00046fd64) returned 0 [0145.474] WaitForSingleObject (hHandle=0xc34, dwMilliseconds=0xffffffff) returned 0x0 [0145.967] GetFileType (hFile=0x6c4) returned 0x1 [0145.967] WriteFile (in: hFile=0x6c4, lpBuffer=0xc0000d66e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00046fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d66e0*, lpNumberOfBytesWritten=0xc00046fd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.968] CloseHandle (hObject=0x6c4) returned 1 [0145.979] WaitForSingleObject (hHandle=0xc34, dwMilliseconds=0xffffffff) returned 0x0 [0146.254] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\qP7z mewstU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\qp7z mewstu.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-qP7z mewstU.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-qp7z mewstu.lnk"), dwFlags=0x1) returned 1 [0150.665] WaitForSingleObject (hHandle=0xc34, dwMilliseconds=0xffffffff) returned 0x0 [0151.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffffffffffff [0151.406] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0xc0001d39f8 | out: lpFindFileData=0xc0001d39f8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0151.406] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001d3720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0151.406] VirtualFree (lpAddress=0xc000676000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.407] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.408] VirtualFree (lpAddress=0xc000168000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.409] VirtualFree (lpAddress=0xc0000fa000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.410] VirtualFree (lpAddress=0xc0000ea000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.411] VirtualFree (lpAddress=0xc000094000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.412] VirtualFree (lpAddress=0xc000058000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0151.412] SetEvent (hEvent=0xae0) returned 1 [0151.412] WaitForSingleObject (hHandle=0xc34, dwMilliseconds=0xffffffff) returned 0x0 [0151.428] SetEvent (hEvent=0xa68) returned 1 [0151.428] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zkhuA1gXTQLWd8.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zkhua1gxtqlwd8.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x644 [0151.429] GetConsoleMode (in: hConsoleHandle=0x644, lpMode=0xc000173cf4 | out: lpMode=0xc000173cf4) returned 0 [0151.436] GetFileType (hFile=0x644) returned 0x1 [0151.436] GetFileType (hFile=0x644) returned 0x1 [0151.436] GetFileInformationByHandle (in: hFile=0x644, lpFileInformation=0xc000173d44 | out: lpFileInformation=0xc000173d44) returned 1 [0151.436] GetFileInformationByHandleEx (in: hFile=0x644, FileInformationClass=0x9, lpFileInformation=0xc000173d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000173d28) returned 1 [0151.436] VirtualAlloc (lpAddress=0xc000514000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000514000 [0151.441] ReadFile (in: hFile=0x644, lpBuffer=0xc000514000, nNumberOfBytesToRead=0x12e3e, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc000514000*, lpNumberOfBytesRead=0xc000173c04*=0x12c3e, lpOverlapped=0x0) returned 1 [0151.443] ReadFile (in: hFile=0x644, lpBuffer=0xc000526c3e, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000173c04, lpOverlapped=0x0 | out: lpBuffer=0xc000526c3e*, lpNumberOfBytesRead=0xc000173c04*=0x0, lpOverlapped=0x0) returned 1 [0151.443] CloseHandle (hObject=0x644) returned 1 [0151.443] VirtualAlloc (lpAddress=0xc000542000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000542000 [0151.448] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zkhuA1gXTQLWd8.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zkhua1gxtqlwd8.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x644 [0151.452] GetConsoleMode (in: hConsoleHandle=0x644, lpMode=0xc000173d04 | out: lpMode=0xc000173d04) returned 0 [0151.457] GetFileType (hFile=0x644) returned 0x1 [0151.457] WriteFile (in: hFile=0x644, lpBuffer=0xc000542000*, nNumberOfBytesToWrite=0x12c40, lpNumberOfBytesWritten=0xc000173cec, lpOverlapped=0x0 | out: lpBuffer=0xc000542000*, lpNumberOfBytesWritten=0xc000173cec*=0x12c40, lpOverlapped=0x0) returned 1 [0151.461] CloseHandle (hObject=0x644) returned 1 [0151.462] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0151.462] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zkhuA1gXTQLWd8.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zkhua1gxtqlwd8.gif"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x644 [0151.462] GetConsoleMode (in: hConsoleHandle=0x644, lpMode=0xc000173d64 | out: lpMode=0xc000173d64) returned 0 [0151.464] WaitForSingleObject (hHandle=0xc34, dwMilliseconds=0xffffffff) returned 0x0 [0151.950] SetEvent (hEvent=0xb48) returned 1 [0151.950] WaitForSingleObject (hHandle=0xc34, dwMilliseconds=0xffffffff) returned 0x0 [0161.522] WaitForSingleObject (hHandle=0xc34, dwMilliseconds=0xffffffff) returned 0x0 [0161.524] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010610*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00045f818, lpReserved=0x0 | out: lpBuffer=0xc000010610*, lpNumberOfCharsWritten=0xc00045f818*=0x4) returned 1 [0161.525] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010618*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00044d818, lpReserved=0x0 | out: lpBuffer=0xc000010618*, lpNumberOfCharsWritten=0xc00044d818*=0x4) returned 1 [0161.527] SetEvent (hEvent=0xb80) returned 1 [0161.527] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d01e0*, nNumberOfCharsToWrite=0x49, lpNumberOfCharsWritten=0xc0001d3808, lpReserved=0x0 | out: lpBuffer=0xc0003d01e0*, lpNumberOfCharsWritten=0xc0001d3808*=0x49) returned 1 [0161.528] SetEvent (hEvent=0xb80) returned 1 [0161.528] VirtualAlloc (lpAddress=0xc000078000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000078000 [0161.530] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my music"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.105] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Music\\*", lpFindFileData=0xc0001d3a08 | out: lpFindFileData=0xc0001d3a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.105] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0001d3720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.105] WaitForSingleObject (hHandle=0xc34, dwMilliseconds=0xffffffff) Thread: id = 192 os_tid = 0xca4 [0142.293] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3ed3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3ed3fea0*=0x85c) returned 1 [0142.294] VirtualQuery (in: lpAddress=0x3ed3fec0, lpBuffer=0x3ed3fec0, dwLength=0x30 | out: lpBuffer=0x3ed3fec0*(BaseAddress=0x3ed3f000, AllocationBase=0x3eb40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vJidzl.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vjidzl.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x860 [0142.295] GetConsoleMode (in: hConsoleHandle=0x860, lpMode=0xc000475cf4 | out: lpMode=0xc000475cf4) returned 0 [0142.296] GetFileType (hFile=0x860) returned 0x1 [0142.296] GetFileType (hFile=0x860) returned 0x1 [0142.296] GetFileInformationByHandle (in: hFile=0x860, lpFileInformation=0xc000475d44 | out: lpFileInformation=0xc000475d44) returned 1 [0142.296] GetFileInformationByHandleEx (in: hFile=0x860, FileInformationClass=0x9, lpFileInformation=0xc000475d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000475d28) returned 1 [0142.296] VirtualAlloc (lpAddress=0xc000690000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000690000 [0142.298] ReadFile (in: hFile=0x860, lpBuffer=0xc000690000, nNumberOfBytesToRead=0x5dc, lpNumberOfBytesRead=0xc000475c04, lpOverlapped=0x0 | out: lpBuffer=0xc000690000*, lpNumberOfBytesRead=0xc000475c04*=0x3dc, lpOverlapped=0x0) returned 1 [0142.814] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc3c [0142.814] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc40 [0142.814] WaitForSingleObject (hHandle=0xc3c, dwMilliseconds=0xffffffff) returned 0x0 [0143.813] ReadFile (in: hFile=0x860, lpBuffer=0xc0006903dc, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000475c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006903dc*, lpNumberOfBytesRead=0xc000475c04*=0x0, lpOverlapped=0x0) returned 1 [0143.813] CloseHandle (hObject=0x860) returned 1 [0143.813] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vJidzl.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vjidzl.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5e0 [0143.822] GetConsoleMode (in: hConsoleHandle=0x5e0, lpMode=0xc000475d04 | out: lpMode=0xc000475d04) returned 0 [0143.826] GetFileType (hFile=0x5e0) returned 0x1 [0143.826] WriteFile (in: hFile=0x5e0, lpBuffer=0xc0007e8800*, nNumberOfBytesToWrite=0x3e0, lpNumberOfBytesWritten=0xc000475cec, lpOverlapped=0x0 | out: lpBuffer=0xc0007e8800*, lpNumberOfBytesWritten=0xc000475cec*=0x3e0, lpOverlapped=0x0) returned 1 [0143.827] CloseHandle (hObject=0x5e0) returned 1 [0143.831] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1301 | out: pbBuffer=0xc0000e1301) returned 1 [0143.832] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vJidzl.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vjidzl.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0143.832] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc000475d64 | out: lpMode=0xc000475d64) returned 0 [0143.834] GetFileType (hFile=0x3bc) returned 0x1 [0143.834] WriteFile (in: hFile=0x3bc, lpBuffer=0xc000683340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000475d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000683340*, lpNumberOfBytesWritten=0xc000475d4c*=0x158, lpOverlapped=0x0) returned 1 [0143.834] CloseHandle (hObject=0x3bc) returned 1 [0143.839] WaitForSingleObject (hHandle=0xc3c, dwMilliseconds=0xffffffff) returned 0x0 [0144.373] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\vJidzl.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\vjidzl.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-vJidzl.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-vjidzl.lnk"), dwFlags=0x1) returned 1 [0144.375] SetEvent (hEvent=0xa80) returned 1 [0144.375] WaitForSingleObject (hHandle=0xc3c, dwMilliseconds=0xffffffff) returned 0x0 [0144.385] SetEvent (hEvent=0xbc0) returned 1 [0144.385] SetEvent (hEvent=0xb60) returned 1 [0144.385] WaitForSingleObject (hHandle=0xc3c, dwMilliseconds=0xffffffff) returned 0x0 [0144.393] SetEvent (hEvent=0x5cc) returned 1 [0144.393] WaitForSingleObject (hHandle=0xc3c, dwMilliseconds=0xffffffff) returned 0x0 [0144.403] SetEvent (hEvent=0xbc8) returned 1 [0144.403] WaitForSingleObject (hHandle=0xc3c, dwMilliseconds=0xffffffff) Thread: id = 193 os_tid = 0xca8 [0142.299] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3ef3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3ef3fea0*=0x858) returned 1 [0142.299] VirtualQuery (in: lpAddress=0x3ef3fec0, lpBuffer=0x3ef3fec0, dwLength=0x30 | out: lpBuffer=0x3ef3fec0*(BaseAddress=0x3ef3f000, AllocationBase=0x3ed40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.299] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\x3Tqy 4iwG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x3tqy 4iwg.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x864 [0142.300] GetConsoleMode (in: hConsoleHandle=0x864, lpMode=0xc000481cf4 | out: lpMode=0xc000481cf4) returned 0 [0142.301] GetFileType (hFile=0x864) returned 0x1 [0142.301] VirtualAlloc (lpAddress=0xc000616000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000616000 [0142.302] GetFileType (hFile=0x864) returned 0x1 [0142.302] GetFileInformationByHandle (in: hFile=0x864, lpFileInformation=0xc000481d44 | out: lpFileInformation=0xc000481d44) returned 1 [0142.303] GetFileInformationByHandleEx (in: hFile=0x864, FileInformationClass=0x9, lpFileInformation=0xc000481d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000481d28) returned 1 [0142.303] VirtualAlloc (lpAddress=0xc000618000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000618000 [0142.307] ReadFile (in: hFile=0x864, lpBuffer=0xc000618000, nNumberOfBytesToRead=0x1b73, lpNumberOfBytesRead=0xc000481c04, lpOverlapped=0x0 | out: lpBuffer=0xc000618000*, lpNumberOfBytesRead=0xc000481c04*=0x1973, lpOverlapped=0x0) returned 1 [0142.816] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc44 [0142.816] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc48 [0142.816] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0143.820] ReadFile (in: hFile=0x864, lpBuffer=0xc000619973, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000481c04, lpOverlapped=0x0 | out: lpBuffer=0xc000619973*, lpNumberOfBytesRead=0xc000481c04*=0x0, lpOverlapped=0x0) returned 1 [0143.820] CloseHandle (hObject=0x864) returned 1 [0143.820] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\x3Tqy 4iwG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x3tqy 4iwg.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0143.837] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0144.364] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc000481d04 | out: lpMode=0xc000481d04) returned 0 [0144.365] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0144.827] GetFileType (hFile=0x3bc) returned 0x1 [0144.827] WriteFile (in: hFile=0x3bc, lpBuffer=0xc0006e7300*, nNumberOfBytesToWrite=0x1980, lpNumberOfBytesWritten=0xc000481cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006e7300*, lpNumberOfBytesWritten=0xc000481cec*=0x1980, lpOverlapped=0x0) returned 1 [0144.829] CloseHandle (hObject=0x3bc) returned 1 [0144.859] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0144.859] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0144.861] VirtualAlloc (lpAddress=0xc0000e8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000e8000 [0144.862] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\x3Tqy 4iwG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x3tqy 4iwg.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x3bc [0144.862] GetConsoleMode (in: hConsoleHandle=0x3bc, lpMode=0xc000481d64 | out: lpMode=0xc000481d64) returned 0 [0144.864] GetFileType (hFile=0x3bc) returned 0x1 [0144.864] WriteFile (in: hFile=0x3bc, lpBuffer=0xc0006149a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000481d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006149a0*, lpNumberOfBytesWritten=0xc000481d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.864] CloseHandle (hObject=0x3bc) returned 1 [0144.867] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0145.405] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\x3Tqy 4iwG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\x3tqy 4iwg.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-x3Tqy 4iwG.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-x3tqy 4iwg.lnk"), dwFlags=0x1) returned 1 [0147.078] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0147.085] GetFileType (hFile=0x5d8) returned 0x1 [0147.085] WriteFile (in: hFile=0x5d8, lpBuffer=0xc000180000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00038fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000180000*, lpNumberOfBytesWritten=0xc00038fd4c*=0x158, lpOverlapped=0x0) returned 1 [0147.085] CloseHandle (hObject=0x5d8) returned 1 [0147.086] VirtualAlloc (lpAddress=0xc000204000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000204000 [0147.087] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\addons.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-addons.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-addons.json"), dwFlags=0x1) returned 1 [0147.242] VirtualFree (lpAddress=0xc0002f6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.243] VirtualFree (lpAddress=0xc0002e4000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0147.244] VirtualFree (lpAddress=0xc00021a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.245] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.246] VirtualFree (lpAddress=0xc0001b2000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0147.247] GetFileType (hFile=0x5b0) returned 0x1 [0147.247] GetFileType (hFile=0x5b0) returned 0x1 [0147.247] GetFileInformationByHandle (in: hFile=0x5b0, lpFileInformation=0xc000063d44 | out: lpFileInformation=0xc000063d44) returned 1 [0147.247] GetFileInformationByHandleEx (in: hFile=0x5b0, FileInformationClass=0x9, lpFileInformation=0xc000063d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000063d28) returned 1 [0147.247] VirtualAlloc (lpAddress=0xc000220000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000220000 [0147.248] ReadFile (in: hFile=0x5b0, lpBuffer=0xc000220000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000063c04, lpOverlapped=0x0 | out: lpBuffer=0xc000220000*, lpNumberOfBytesRead=0xc000063c04*=0x0, lpOverlapped=0x0) returned 1 [0147.248] CloseHandle (hObject=0x5b0) returned 1 [0147.248] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b0 [0147.249] GetConsoleMode (in: hConsoleHandle=0x5b0, lpMode=0xc000063d04 | out: lpMode=0xc000063d04) returned 0 [0147.279] GetFileType (hFile=0x5b0) returned 0x1 [0147.279] WriteFile (in: hFile=0x5b0, lpBuffer=0xc0005865f0*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0xc000063cec, lpOverlapped=0x0 | out: lpBuffer=0xc0005865f0*, lpNumberOfBytesWritten=0xc000063cec*=0x10, lpOverlapped=0x0) returned 1 [0147.280] CloseHandle (hObject=0x5b0) returned 1 [0147.280] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2f01 | out: pbBuffer=0xc0001c2f01) returned 1 [0147.280] VirtualAlloc (lpAddress=0xc000222000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000222000 [0147.282] VirtualAlloc (lpAddress=0xc000226000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000226000 [0147.283] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5b0 [0147.283] GetConsoleMode (in: hConsoleHandle=0x5b0, lpMode=0xc000063d64 | out: lpMode=0xc000063d64) returned 0 [0147.287] GetFileType (hFile=0x5b0) returned 0x1 [0147.287] WriteFile (in: hFile=0x5b0, lpBuffer=0xc0000d6b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000063d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6b00*, lpNumberOfBytesWritten=0xc000063d4c*=0x158, lpOverlapped=0x0) returned 1 [0147.288] CloseHandle (hObject=0x5b0) returned 1 [0147.288] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\.metadata"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\encry-.metadata" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\indexeddb\\moz-safe-about+home\\encry-.metadata"), dwFlags=0x1) returned 1 [0147.290] GetFileType (hFile=0x8a0) returned 0x1 [0147.290] WriteFile (in: hFile=0x8a0, lpBuffer=0xc000212000*, nNumberOfBytesToWrite=0xbe0, lpNumberOfBytesWritten=0xc00026dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesWritten=0xc00026dcec*=0xbe0, lpOverlapped=0x0) returned 1 [0147.291] CloseHandle (hObject=0x8a0) returned 1 [0147.291] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3601 | out: pbBuffer=0xc0001c3601) returned 1 [0147.291] VirtualAlloc (lpAddress=0xc000230000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000230000 [0147.292] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a0 [0147.292] GetConsoleMode (in: hConsoleHandle=0x8a0, lpMode=0xc00026dd64 | out: lpMode=0xc00026dd64) returned 0 [0147.298] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0147.304] SetEvent (hEvent=0xc0) returned 1 [0147.304] GetFileType (hFile=0x8a0) returned 0x1 [0147.304] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0147.351] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0147.352] WriteFile (in: hFile=0x8a0, lpBuffer=0xc0000a2000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00026dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000a2000*, lpNumberOfBytesWritten=0xc00026dd4c*=0x158, lpOverlapped=0x0) returned 1 [0147.352] CloseHandle (hObject=0x8a0) returned 1 [0147.352] VirtualAlloc (lpAddress=0xc0000b6000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000b6000 [0147.354] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\encry-bookmarks-2017-06-16_5.json" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\bookmarkbackups\\encry-bookmarks-2017-06-16_5.json"), dwFlags=0x1) returned 1 [0147.356] SetEvent (hEvent=0xc1c) returned 1 [0147.356] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0147.383] SetEvent (hEvent=0xa20) returned 1 [0147.383] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0147.424] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000010080*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000419818, lpReserved=0x0 | out: lpBuffer=0xc000010080*, lpNumberOfCharsWritten=0xc000419818*=0x4) returned 1 [0147.429] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0147.861] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586038*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000461818, lpReserved=0x0 | out: lpBuffer=0xc000586038*, lpNumberOfCharsWritten=0xc000461818*=0x4) returned 1 [0147.862] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0147.951] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0147.952] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206060*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0003eb818, lpReserved=0x0 | out: lpBuffer=0xc000206060*, lpNumberOfCharsWritten=0xc0003eb818*=0x4) returned 1 [0147.964] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0147.965] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206068*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000423818, lpReserved=0x0 | out: lpBuffer=0xc000206068*, lpNumberOfCharsWritten=0xc000423818*=0x4) returned 1 [0147.972] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206080*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc00046b818, lpReserved=0x0 | out: lpBuffer=0xc000206080*, lpNumberOfCharsWritten=0xc00046b818*=0x4) returned 1 [0147.974] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0147.981] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000206088*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc000415818, lpReserved=0x0 | out: lpBuffer=0xc000206088*, lpNumberOfCharsWritten=0xc000415818*=0x4) returned 1 [0147.982] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0147.988] SetEvent (hEvent=0x274) returned 1 [0147.988] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0147.991] SetEvent (hEvent=0xa30) returned 1 [0147.991] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0148.002] SetEvent (hEvent=0x208) returned 1 [0148.002] VirtualFree (lpAddress=0xc000266000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.003] VirtualFree (lpAddress=0xc000180000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.004] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.005] VirtualFree (lpAddress=0xc00007e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.005] VirtualFree (lpAddress=0xc000074000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0148.006] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vHiL hTnat.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vhil htnat.png"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x240 [0148.007] GetConsoleMode (in: hConsoleHandle=0x240, lpMode=0xc0001dbcf4 | out: lpMode=0xc0001dbcf4) returned 0 [0148.009] GetFileType (hFile=0x240) returned 0x1 [0148.009] GetFileType (hFile=0x240) returned 0x1 [0148.009] GetFileInformationByHandle (in: hFile=0x240, lpFileInformation=0xc0001dbd44 | out: lpFileInformation=0xc0001dbd44) returned 1 [0148.009] GetFileInformationByHandleEx (in: hFile=0x240, FileInformationClass=0x9, lpFileInformation=0xc0001dbd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001dbd28) returned 1 [0148.009] VirtualAlloc (lpAddress=0xc000514000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000514000 [0148.012] ReadFile (in: hFile=0x240, lpBuffer=0xc000514000, nNumberOfBytesToRead=0x10e6c, lpNumberOfBytesRead=0xc0001dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000514000*, lpNumberOfBytesRead=0xc0001dbc04*=0x10c6c, lpOverlapped=0x0) returned 1 [0148.638] ReadFile (in: hFile=0x240, lpBuffer=0xc000524c6c, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001dbc04, lpOverlapped=0x0 | out: lpBuffer=0xc000524c6c*, lpNumberOfBytesRead=0xc0001dbc04*=0x0, lpOverlapped=0x0) returned 1 [0148.638] CloseHandle (hObject=0x240) returned 1 [0148.638] VirtualAlloc (lpAddress=0xc0006a4000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006a4000 [0148.642] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\vHiL hTnat.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\vhil htnat.png"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0150.478] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc0001dbd04 | out: lpMode=0xc0001dbd04) returned 0 [0150.480] GetFileType (hFile=0x79c) returned 0x1 [0150.480] WriteFile (in: hFile=0x79c, lpBuffer=0xc0006a4000*, nNumberOfBytesToWrite=0x10c70, lpNumberOfBytesWritten=0xc0001dbcec, lpOverlapped=0x0 | out: lpBuffer=0xc0006a4000*, lpNumberOfBytesWritten=0xc0001dbcec*=0x10c70, lpOverlapped=0x0) returned 1 [0150.533] CloseHandle (hObject=0x79c) returned 1 [0150.685] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0150.753] SetEvent (hEvent=0x208) returned 1 [0150.753] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0150.760] SetEvent (hEvent=0xb50) returned 1 [0150.760] SetEvent (hEvent=0x9e8) returned 1 [0150.760] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0150.776] SetEvent (hEvent=0x254) returned 1 [0150.776] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0150.782] SetEvent (hEvent=0xb50) returned 1 [0150.782] SetEvent (hEvent=0xa38) returned 1 [0150.782] SetEvent (hEvent=0xc64) returned 1 [0150.782] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0150.784] SetEvent (hEvent=0xb50) returned 1 [0150.785] VirtualFree (lpAddress=0xc00011e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.786] VirtualFree (lpAddress=0xc00010c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.787] VirtualFree (lpAddress=0xc0000be000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.787] VirtualFree (lpAddress=0xc000072000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.788] VirtualFree (lpAddress=0xc000060000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.789] VirtualFree (lpAddress=0xc00005c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.790] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0150.792] SetEvent (hEvent=0x920) returned 1 [0150.792] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0150.796] SetEvent (hEvent=0xa80) returned 1 [0150.796] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0150.820] SetEvent (hEvent=0xb50) returned 1 [0150.820] VirtualFree (lpAddress=0xc0000b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.821] VirtualFree (lpAddress=0xc00006c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.823] VirtualFree (lpAddress=0xc000052000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0150.824] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\sessionstore.bak"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\encry-sessionstore.bak" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\encry-sessionstore.bak"), dwFlags=0x1) returned 1 [0152.046] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0152.307] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0152.309] SetEvent (hEvent=0xc5c) returned 1 [0152.309] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0152.319] SetEvent (hEvent=0x318) returned 1 [0152.319] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0161.331] SetEvent (hEvent=0xb50) returned 1 [0161.331] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0161.333] SetEvent (hEvent=0xb50) returned 1 [0161.333] SetEvent (hEvent=0x318) returned 1 [0161.333] SetEvent (hEvent=0x324) returned 1 [0161.333] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0161.354] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Ub1qdukJq9owd2F8CO.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ub1qdukjq9owd2f8co.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x770 [0162.037] GetConsoleMode (in: hConsoleHandle=0x770, lpMode=0xc000361cf4 | out: lpMode=0xc000361cf4) returned 0 [0162.370] GetFileType (hFile=0x770) returned 0x1 [0162.370] GetFileType (hFile=0x770) returned 0x1 [0162.370] GetFileInformationByHandle (in: hFile=0x770, lpFileInformation=0xc000361d44 | out: lpFileInformation=0xc000361d44) returned 1 [0162.370] GetFileInformationByHandleEx (in: hFile=0x770, FileInformationClass=0x9, lpFileInformation=0xc000361d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000361d28) returned 1 [0162.371] VirtualAlloc (lpAddress=0xc000690000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000690000 [0162.375] ReadFile (in: hFile=0x770, lpBuffer=0xc000690000, nNumberOfBytesToRead=0x10671, lpNumberOfBytesRead=0xc000361c04, lpOverlapped=0x0 | out: lpBuffer=0xc000690000*, lpNumberOfBytesRead=0xc000361c04*=0x10471, lpOverlapped=0x0) returned 1 [0162.377] ReadFile (in: hFile=0x770, lpBuffer=0xc0006a0471, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000361c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006a0471*, lpNumberOfBytesRead=0xc000361c04*=0x0, lpOverlapped=0x0) returned 1 [0162.378] CloseHandle (hObject=0x770) returned 1 [0162.378] VirtualAlloc (lpAddress=0xc0006a2000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006a2000 [0162.382] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Ub1qdukJq9owd2F8CO.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ub1qdukjq9owd2f8co.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x770 [0162.384] GetConsoleMode (in: hConsoleHandle=0x770, lpMode=0xc000361d04 | out: lpMode=0xc000361d04) returned 0 [0162.420] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0162.592] SetEvent (hEvent=0x318) returned 1 [0162.592] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0163.596] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d60a0*, nNumberOfCharsToWrite=0x4a, lpNumberOfCharsWritten=0xc00023d808, lpReserved=0x0 | out: lpBuffer=0xc0003d60a0*, lpNumberOfCharsWritten=0xc00023d808*=0x4a) returned 1 [0163.597] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533801 | out: pbBuffer=0xc000533801) returned 1 [0163.598] VirtualAlloc (lpAddress=0xc000206000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000206000 [0163.599] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my videos"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0166.397] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Videos\\*", lpFindFileData=0xc00023da68 | out: lpFindFileData=0xc00023da68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0166.398] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00023d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0166.398] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0166.687] SwitchToThread () returned 1 [0166.718] SetEvent (hEvent=0xb48) returned 1 [0166.718] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0166.747] SetEvent (hEvent=0xb48) returned 1 [0166.747] SetEvent (hEvent=0xb38) returned 1 [0166.747] SetEvent (hEvent=0xa38) returned 1 [0166.751] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0166.823] SetEvent (hEvent=0xab8) returned 1 [0166.823] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0166.836] SetEvent (hEvent=0x1b4) returned 1 [0166.836] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0166.838] SetEvent (hEvent=0x8d0) returned 1 [0166.838] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0166.848] SetEvent (hEvent=0xa68) returned 1 [0166.848] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0166.855] SetEvent (hEvent=0xc0c) returned 1 [0166.855] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0166.894] SetEvent (hEvent=0xb50) returned 1 [0166.894] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0166.901] SetEvent (hEvent=0x9e8) returned 1 [0166.901] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0166.907] SetEvent (hEvent=0x8d0) returned 1 [0166.907] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) returned 0x0 [0166.922] VirtualFree (lpAddress=0xc0006f8000, dwSize=0x2a000, dwFreeType=0x4000) returned 1 [0166.925] VirtualFree (lpAddress=0xc0006a2000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0166.926] VirtualFree (lpAddress=0xc000670000, dwSize=0x10000, dwFreeType=0x4000) returned 1 [0166.928] VirtualFree (lpAddress=0xc00064c000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0166.930] VirtualFree (lpAddress=0xc00061e000, dwSize=0x28000, dwFreeType=0x4000) returned 1 [0166.932] VirtualFree (lpAddress=0xc000604000, dwSize=0x16000, dwFreeType=0x4000) returned 1 [0166.933] VirtualFree (lpAddress=0xc0005ec000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0166.934] VirtualFree (lpAddress=0xc0005b6000, dwSize=0x20000, dwFreeType=0x4000) returned 1 [0166.936] VirtualFree (lpAddress=0xc0005a2000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0166.938] VirtualFree (lpAddress=0xc000542000, dwSize=0x38000, dwFreeType=0x4000) returned 1 [0166.940] VirtualFree (lpAddress=0xc000524000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0166.942] VirtualFree (lpAddress=0xc0004c0000, dwSize=0xc000, dwFreeType=0x4000) returned 1 [0166.943] VirtualFree (lpAddress=0xc000498000, dwSize=0xe000, dwFreeType=0x4000) returned 1 [0166.944] VirtualFree (lpAddress=0xc000418000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0166.945] VirtualFree (lpAddress=0xc0003ce000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.946] VirtualFree (lpAddress=0xc0003c8000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.947] VirtualFree (lpAddress=0xc000318000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.947] VirtualFree (lpAddress=0xc00030e000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.948] VirtualFree (lpAddress=0xc00030a000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.949] VirtualFree (lpAddress=0xc00028c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.950] VirtualFree (lpAddress=0xc000282000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0166.951] VirtualFree (lpAddress=0xc000230000, dwSize=0x6000, dwFreeType=0x4000) returned 1 [0166.952] VirtualFree (lpAddress=0xc000212000, dwSize=0x12000, dwFreeType=0x4000) returned 1 [0166.953] VirtualFree (lpAddress=0xc000206000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.954] VirtualFree (lpAddress=0xc0001ec000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.955] VirtualFree (lpAddress=0xc0001dc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.956] VirtualFree (lpAddress=0xc0001c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.957] VirtualFree (lpAddress=0xc0001b6000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.958] VirtualFree (lpAddress=0xc0001b0000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0166.958] VirtualFree (lpAddress=0xc000198000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.959] VirtualFree (lpAddress=0xc000186000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.960] VirtualFree (lpAddress=0xc000180000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0166.961] VirtualFree (lpAddress=0xc00016c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.962] VirtualFree (lpAddress=0xc000162000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.962] VirtualFree (lpAddress=0xc00013c000, dwSize=0x8000, dwFreeType=0x4000) returned 1 [0166.963] VirtualFree (lpAddress=0xc000124000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.964] VirtualFree (lpAddress=0xc00011c000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0166.965] VirtualFree (lpAddress=0xc000110000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.966] VirtualFree (lpAddress=0xc000102000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0166.966] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.967] VirtualFree (lpAddress=0xc0000e8000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0166.968] VirtualFree (lpAddress=0xc0000e4000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.969] VirtualFree (lpAddress=0xc0000c0000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0166.970] VirtualAlloc (lpAddress=0xc000336000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000336000 [0166.971] SetEvent (hEvent=0xb48) returned 1 [0166.971] WaitForSingleObject (hHandle=0xc44, dwMilliseconds=0xffffffff) Thread: id = 194 os_tid = 0xcac [0142.308] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3f13fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3f13fea0*=0x868) returned 1 [0142.308] VirtualQuery (in: lpAddress=0x3f13fec0, lpBuffer=0x3f13fec0, dwLength=0x30 | out: lpBuffer=0x3f13fec0*(BaseAddress=0x3f13f000, AllocationBase=0x3ef40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.308] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\y6tP2hHT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\y6tp2hht.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x86c [0142.309] GetConsoleMode (in: hConsoleHandle=0x86c, lpMode=0xc00048dcf4 | out: lpMode=0xc00048dcf4) returned 0 [0142.310] GetFileType (hFile=0x86c) returned 0x1 [0142.310] GetFileType (hFile=0x86c) returned 0x1 [0142.310] GetFileInformationByHandle (in: hFile=0x86c, lpFileInformation=0xc00048dd44 | out: lpFileInformation=0xc00048dd44) returned 1 [0142.310] GetFileInformationByHandleEx (in: hFile=0x86c, FileInformationClass=0x9, lpFileInformation=0xc00048dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00048dd28) returned 1 [0142.310] ReadFile (in: hFile=0x86c, lpBuffer=0xc000203900, nNumberOfBytesToRead=0xc21, lpNumberOfBytesRead=0xc00048dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000203900*, lpNumberOfBytesRead=0xc00048dc04*=0xa21, lpOverlapped=0x0) returned 1 [0142.817] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc4c [0142.817] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc50 [0142.817] WaitForSingleObject (hHandle=0xc4c, dwMilliseconds=0xffffffff) returned 0x0 [0143.840] ReadFile (in: hFile=0x86c, lpBuffer=0xc000204321, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00048dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000204321*, lpNumberOfBytesRead=0xc00048dc04*=0x0, lpOverlapped=0x0) returned 1 [0143.840] CloseHandle (hObject=0x86c) returned 1 [0143.840] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\y6tP2hHT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\y6tp2hht.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x874 [0143.873] WaitForSingleObject (hHandle=0xc4c, dwMilliseconds=0xffffffff) returned 0x0 [0144.375] GetConsoleMode (in: hConsoleHandle=0x874, lpMode=0xc00048dd04 | out: lpMode=0xc00048dd04) returned 0 [0144.376] WaitForSingleObject (hHandle=0xc4c, dwMilliseconds=0xffffffff) returned 0x0 [0144.899] GetFileType (hFile=0x874) returned 0x1 [0144.899] WriteFile (in: hFile=0x874, lpBuffer=0xc000775500*, nNumberOfBytesToWrite=0xa30, lpNumberOfBytesWritten=0xc00048dcec, lpOverlapped=0x0 | out: lpBuffer=0xc000775500*, lpNumberOfBytesWritten=0xc00048dcec*=0xa30, lpOverlapped=0x0) returned 1 [0144.900] CloseHandle (hObject=0x874) returned 1 [0144.901] WaitForSingleObject (hHandle=0xc4c, dwMilliseconds=0xffffffff) returned 0x0 [0145.503] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1201 | out: pbBuffer=0xc0000e1201) returned 1 [0145.504] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\y6tP2hHT.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\y6tp2hht.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x748 [0145.504] GetConsoleMode (in: hConsoleHandle=0x748, lpMode=0xc00048dd64 | out: lpMode=0xc00048dd64) returned 0 [0145.512] GetFileType (hFile=0x748) returned 0x1 [0145.512] WriteFile (in: hFile=0x748, lpBuffer=0xc000614b00*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00048dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614b00*, lpNumberOfBytesWritten=0xc00048dd4c*=0x158, lpOverlapped=0x0) returned 1 [0145.513] CloseHandle (hObject=0x748) returned 1 [0145.517] WaitForSingleObject (hHandle=0xc4c, dwMilliseconds=0xffffffff) returned 0x0 [0145.980] SetEvent (hEvent=0x320) returned 1 [0145.980] WaitForSingleObject (hHandle=0xc4c, dwMilliseconds=0xffffffff) returned 0x0 [0145.991] SetEvent (hEvent=0xc14) returned 1 [0145.991] WaitForSingleObject (hHandle=0xc4c, dwMilliseconds=0xffffffff) returned 0x0 [0146.026] SetEvent (hEvent=0xb18) returned 1 [0146.027] SetEvent (hEvent=0xa50) returned 1 [0146.027] WaitForSingleObject (hHandle=0xc4c, dwMilliseconds=0xffffffff) returned 0x0 [0146.037] SetEvent (hEvent=0xb10) returned 1 [0146.037] WaitForSingleObject (hHandle=0xc4c, dwMilliseconds=0xffffffff) returned 0x0 [0146.047] SetEvent (hEvent=0xa88) returned 1 [0146.047] WaitForSingleObject (hHandle=0xc4c, dwMilliseconds=0xffffffff) returned 0x0 [0146.077] SetEvent (hEvent=0x208) returned 1 [0146.077] WaitForSingleObject (hHandle=0xc4c, dwMilliseconds=0xffffffff) returned 0x0 [0146.096] SetEvent (hEvent=0xa70) returned 1 [0146.096] WaitForSingleObject (hHandle=0xc4c, dwMilliseconds=0xffffffff) returned 0x0 [0146.105] SetEvent (hEvent=0x1f8) returned 1 [0146.105] WaitForSingleObject (hHandle=0xc4c, dwMilliseconds=0xffffffff) returned 0x0 [0146.123] SetEvent (hEvent=0xbb0) returned 1 [0146.123] WaitForSingleObject (hHandle=0xc4c, dwMilliseconds=0xffffffff) Thread: id = 195 os_tid = 0xcb0 [0142.312] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3f33fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3f33fea0*=0x870) returned 1 [0142.312] VirtualQuery (in: lpAddress=0x3f33fec0, lpBuffer=0x3f33fec0, dwLength=0x30 | out: lpBuffer=0x3f33fec0*(BaseAddress=0x3f33f000, AllocationBase=0x3f140000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.312] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r7rMtS6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\r7rmts6.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x874 [0142.313] GetConsoleMode (in: hConsoleHandle=0x874, lpMode=0xc000461cf4 | out: lpMode=0xc000461cf4) returned 0 [0142.314] GetFileType (hFile=0x874) returned 0x1 [0142.314] GetFileType (hFile=0x874) returned 0x1 [0142.314] GetFileInformationByHandle (in: hFile=0x874, lpFileInformation=0xc000461d44 | out: lpFileInformation=0xc000461d44) returned 1 [0142.315] GetFileInformationByHandleEx (in: hFile=0x874, FileInformationClass=0x9, lpFileInformation=0xc000461d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000461d28) returned 1 [0142.315] VirtualAlloc (lpAddress=0xc000710000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000710000 [0142.317] ReadFile (in: hFile=0x874, lpBuffer=0xc000710000, nNumberOfBytesToRead=0x1533, lpNumberOfBytesRead=0xc000461c04, lpOverlapped=0x0 | out: lpBuffer=0xc000710000*, lpNumberOfBytesRead=0xc000461c04*=0x1333, lpOverlapped=0x0) returned 1 [0142.818] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc54 [0142.818] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc58 [0142.818] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0143.859] ReadFile (in: hFile=0x874, lpBuffer=0xc000711333, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000461c04, lpOverlapped=0x0 | out: lpBuffer=0xc000711333*, lpNumberOfBytesRead=0xc000461c04*=0x0, lpOverlapped=0x0) returned 1 [0143.859] CloseHandle (hObject=0x874) returned 1 [0143.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r7rMtS6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\r7rmts6.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x430 [0143.951] GetConsoleMode (in: hConsoleHandle=0x430, lpMode=0xc000461d04 | out: lpMode=0xc000461d04) returned 0 [0143.953] GetFileType (hFile=0x430) returned 0x1 [0143.953] WriteFile (in: hFile=0x430, lpBuffer=0xc0000d1500*, nNumberOfBytesToWrite=0x1340, lpNumberOfBytesWritten=0xc000461cec, lpOverlapped=0x0 | out: lpBuffer=0xc0000d1500*, lpNumberOfBytesWritten=0xc000461cec*=0x1340, lpOverlapped=0x0) returned 1 [0143.956] CloseHandle (hObject=0x430) returned 1 [0143.958] VirtualAlloc (lpAddress=0xc000778000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000778000 [0143.960] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b001 | out: pbBuffer=0xc00031b001) returned 1 [0143.960] VirtualAlloc (lpAddress=0xc00077a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00077a000 [0143.961] VirtualAlloc (lpAddress=0xc00077c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00077c000 [0143.962] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r7rMtS6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\r7rmts6.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4e4 [0143.962] GetConsoleMode (in: hConsoleHandle=0x4e4, lpMode=0xc000461d64 | out: lpMode=0xc000461d64) returned 0 [0143.967] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0144.514] GetFileType (hFile=0x4e4) returned 0x1 [0144.514] WriteFile (in: hFile=0x4e4, lpBuffer=0xc000290000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000461d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290000*, lpNumberOfBytesWritten=0xc000461d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.514] CloseHandle (hObject=0x4e4) returned 1 [0144.514] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\r7rMtS6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\r7rmts6.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-r7rMtS6.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-r7rmts6.lnk"), dwFlags=0x1) returned 1 [0144.515] SetEvent (hEvent=0xb70) returned 1 [0144.515] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0144.526] SetEvent (hEvent=0x8b8) returned 1 [0144.526] SetEvent (hEvent=0xb68) returned 1 [0144.526] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0144.529] SetEvent (hEvent=0x3c8) returned 1 [0144.529] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0144.538] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000586360*, nNumberOfCharsToWrite=0x4, lpNumberOfCharsWritten=0xc0000f9818, lpReserved=0x0 | out: lpBuffer=0xc000586360*, lpNumberOfCharsWritten=0xc0000f9818*=0x4) returned 1 [0144.539] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc000060000*, nNumberOfCharsToWrite=0x6b, lpNumberOfCharsWritten=0xc000431808, lpReserved=0x0 | out: lpBuffer=0xc000060000*, lpNumberOfCharsWritten=0xc000431808*=0x6b) returned 1 [0144.556] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b301 | out: pbBuffer=0xc00031b301) returned 1 [0144.556] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x464 [0144.556] GetConsoleMode (in: hConsoleHandle=0x464, lpMode=0xc000431d64 | out: lpMode=0xc000431d64) returned 0 [0144.559] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0144.913] GetFileType (hFile=0x464) returned 0x1 [0144.913] WriteFile (in: hFile=0x464, lpBuffer=0xc0006151e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000431d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006151e0*, lpNumberOfBytesWritten=0xc000431d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.914] CloseHandle (hObject=0x464) returned 1 [0144.916] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0145.556] SetEvent (hEvent=0xbc8) returned 1 [0145.556] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0145.561] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x284 [0145.562] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc0001d5cf4 | out: lpMode=0xc0001d5cf4) returned 0 [0145.563] GetFileType (hFile=0x284) returned 0x1 [0145.563] GetFileType (hFile=0x284) returned 0x1 [0145.563] GetFileInformationByHandle (in: hFile=0x284, lpFileInformation=0xc0001d5d44 | out: lpFileInformation=0xc0001d5d44) returned 1 [0145.564] GetFileInformationByHandleEx (in: hFile=0x284, FileInformationClass=0x9, lpFileInformation=0xc0001d5d28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001d5d28) returned 1 [0145.564] VirtualAlloc (lpAddress=0xc00010e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010e000 [0145.565] ReadFile (in: hFile=0x284, lpBuffer=0xc00010e000, nNumberOfBytesToRead=0x6ee, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00010e000*, lpNumberOfBytesRead=0xc0001d5c04*=0x4ee, lpOverlapped=0x0) returned 1 [0145.571] ReadFile (in: hFile=0x284, lpBuffer=0xc00010e4ee, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001d5c04, lpOverlapped=0x0 | out: lpBuffer=0xc00010e4ee*, lpNumberOfBytesRead=0xc0001d5c04*=0x0, lpOverlapped=0x0) returned 1 [0145.571] CloseHandle (hObject=0x284) returned 1 [0145.571] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0145.573] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc0001d5d04 | out: lpMode=0xc0001d5d04) returned 0 [0145.575] GetFileType (hFile=0x284) returned 0x1 [0145.575] WriteFile (in: hFile=0x284, lpBuffer=0xc00016c000*, nNumberOfBytesToWrite=0x4f0, lpNumberOfBytesWritten=0xc0001d5cec, lpOverlapped=0x0 | out: lpBuffer=0xc00016c000*, lpNumberOfBytesWritten=0xc0001d5cec*=0x4f0, lpOverlapped=0x0) returned 1 [0145.576] CloseHandle (hObject=0x284) returned 1 [0145.577] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b301 | out: pbBuffer=0xc00031b301) returned 1 [0145.577] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x284 [0145.577] GetConsoleMode (in: hConsoleHandle=0x284, lpMode=0xc0001d5d64 | out: lpMode=0xc0001d5d64) returned 0 [0145.579] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0146.029] GetFileType (hFile=0x284) returned 0x1 [0146.029] WriteFile (in: hFile=0x284, lpBuffer=0xc0006149a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001d5d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0006149a0*, lpNumberOfBytesWritten=0xc0001d5d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.029] CloseHandle (hObject=0x284) returned 1 [0146.030] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Narrator.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\narrator.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\encry-Narrator.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\accessibility\\encry-narrator.lnk"), dwFlags=0x1) returned 1 [0146.033] SetEvent (hEvent=0xbc8) returned 1 [0146.033] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0146.037] SetEvent (hEvent=0xb18) returned 1 [0146.037] SetEvent (hEvent=0x35c) returned 1 [0146.037] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0146.047] SetEvent (hEvent=0xa78) returned 1 [0146.047] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0146.074] SetEvent (hEvent=0xb10) returned 1 [0146.074] SetEvent (hEvent=0xc1c) returned 1 [0146.074] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0146.078] SetEvent (hEvent=0xb10) returned 1 [0146.078] SetEvent (hEvent=0xec) returned 1 [0146.078] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0146.096] SetEvent (hEvent=0xec) returned 1 [0146.097] SetEvent (hEvent=0x114) returned 1 [0146.097] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0146.105] SetEvent (hEvent=0xec) returned 1 [0146.105] SetEvent (hEvent=0x980) returned 1 [0146.105] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0146.118] SetEvent (hEvent=0x1c4) returned 1 [0146.118] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0146.123] SetEvent (hEvent=0xa80) returned 1 [0146.123] SetEvent (hEvent=0x39c) returned 1 [0146.123] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0146.129] SetEvent (hEvent=0x898) returned 1 [0146.129] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) returned 0x0 [0146.140] SetEvent (hEvent=0xbd0) returned 1 [0146.140] WaitForSingleObject (hHandle=0xc54, dwMilliseconds=0xffffffff) Thread: id = 196 os_tid = 0xcb4 [0142.317] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3f53fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3f53fea0*=0x87c) returned 1 [0142.318] VirtualQuery (in: lpAddress=0x3f53fec0, lpBuffer=0x3f53fec0, dwLength=0x30 | out: lpBuffer=0x3f53fec0*(BaseAddress=0x3f53f000, AllocationBase=0x3f340000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.318] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yhJPwSlO2BlhGko_W58.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yhjpwslo2blhgko_w58.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x880 [0142.319] GetConsoleMode (in: hConsoleHandle=0x880, lpMode=0xc000489cf4 | out: lpMode=0xc000489cf4) returned 0 [0142.320] GetFileType (hFile=0x880) returned 0x1 [0142.320] GetFileType (hFile=0x880) returned 0x1 [0142.320] GetFileInformationByHandle (in: hFile=0x880, lpFileInformation=0xc000489d44 | out: lpFileInformation=0xc000489d44) returned 1 [0142.320] GetFileInformationByHandleEx (in: hFile=0x880, FileInformationClass=0x9, lpFileInformation=0xc000489d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000489d28) returned 1 [0142.320] VirtualAlloc (lpAddress=0xc000692000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000692000 [0142.322] ReadFile (in: hFile=0x880, lpBuffer=0xc000692000, nNumberOfBytesToRead=0xc9a, lpNumberOfBytesRead=0xc000489c04, lpOverlapped=0x0 | out: lpBuffer=0xc000692000*, lpNumberOfBytesRead=0xc000489c04*=0xa9a, lpOverlapped=0x0) returned 1 [0142.820] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc5c [0142.820] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc60 [0142.820] WaitForSingleObject (hHandle=0xc5c, dwMilliseconds=0xffffffff) returned 0x0 [0143.871] SetEvent (hEvent=0x3c0) returned 1 [0143.871] ReadFile (in: hFile=0x880, lpBuffer=0xc000692a9a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000489c04, lpOverlapped=0x0 | out: lpBuffer=0xc000692a9a*, lpNumberOfBytesRead=0xc000489c04*=0x0, lpOverlapped=0x0) returned 1 [0143.871] WaitForSingleObject (hHandle=0xc5c, dwMilliseconds=0xffffffff) returned 0x0 [0144.420] CloseHandle (hObject=0x880) returned 1 [0144.420] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0144.422] VirtualAlloc (lpAddress=0xc000212000, dwSize=0x6000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000212000 [0144.423] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0144.424] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yhJPwSlO2BlhGko_W58.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yhjpwslo2blhgko_w58.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x880 [0144.426] GetConsoleMode (in: hConsoleHandle=0x880, lpMode=0xc000489d04 | out: lpMode=0xc000489d04) returned 0 [0144.427] WaitForSingleObject (hHandle=0xc5c, dwMilliseconds=0xffffffff) returned 0x0 [0145.284] GetFileType (hFile=0x880) returned 0x1 [0145.284] WriteFile (in: hFile=0x880, lpBuffer=0xc000212000*, nNumberOfBytesToWrite=0xaa0, lpNumberOfBytesWritten=0xc000489cec, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesWritten=0xc000489cec*=0xaa0, lpOverlapped=0x0) returned 1 [0145.285] CloseHandle (hObject=0x880) returned 1 [0145.306] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1401 | out: pbBuffer=0xc0000e1401) returned 1 [0145.307] VirtualAlloc (lpAddress=0xc000262000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000262000 [0145.308] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yhJPwSlO2BlhGko_W58.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yhjpwslo2blhgko_w58.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x524 [0145.308] GetConsoleMode (in: hConsoleHandle=0x524, lpMode=0xc000489d64 | out: lpMode=0xc000489d64) returned 0 [0145.318] WaitForSingleObject (hHandle=0xc5c, dwMilliseconds=0xffffffff) returned 0x0 [0145.613] GetFileType (hFile=0x524) returned 0x1 [0145.613] WriteFile (in: hFile=0x524, lpBuffer=0xc000291600*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000489d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000291600*, lpNumberOfBytesWritten=0xc000489d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.614] CloseHandle (hObject=0x524) returned 1 [0145.628] WaitForSingleObject (hHandle=0xc5c, dwMilliseconds=0xffffffff) returned 0x0 [0146.124] VirtualAlloc (lpAddress=0xc000244000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000244000 [0146.125] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0146.126] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yhJPwSlO2BlhGko_W58.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yhjpwslo2blhgko_w58.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-yhJPwSlO2BlhGko_W58.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-yhjpwslo2blhgko_w58.lnk"), dwFlags=0x1) returned 1 [0150.668] WaitForSingleObject (hHandle=0xc5c, dwMilliseconds=0xffffffff) returned 0x0 [0151.321] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HM13Y6G8DOsAcipgZ2d.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hm13y6g8dosacipgz2d.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x874 [0151.321] GetConsoleMode (in: hConsoleHandle=0x874, lpMode=0xc000143cf4 | out: lpMode=0xc000143cf4) returned 0 [0151.328] GetFileType (hFile=0x874) returned 0x1 [0151.328] GetFileType (hFile=0x874) returned 0x1 [0151.328] GetFileInformationByHandle (in: hFile=0x874, lpFileInformation=0xc000143d44 | out: lpFileInformation=0xc000143d44) returned 1 [0151.329] GetFileInformationByHandleEx (in: hFile=0x874, FileInformationClass=0x9, lpFileInformation=0xc000143d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000143d28) returned 1 [0151.329] ReadFile (in: hFile=0x874, lpBuffer=0xc000358000, nNumberOfBytesToRead=0x1105a, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc000358000*, lpNumberOfBytesRead=0xc000143c04*=0x10e5a, lpOverlapped=0x0) returned 1 [0151.330] ReadFile (in: hFile=0x874, lpBuffer=0xc000368e5a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000143c04, lpOverlapped=0x0 | out: lpBuffer=0xc000368e5a*, lpNumberOfBytesRead=0xc000143c04*=0x0, lpOverlapped=0x0) returned 1 [0151.330] CloseHandle (hObject=0x874) returned 1 [0151.330] VirtualAlloc (lpAddress=0xc000498000, dwSize=0x12000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0151.334] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HM13Y6G8DOsAcipgZ2d.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hm13y6g8dosacipgz2d.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x874 [0151.335] GetConsoleMode (in: hConsoleHandle=0x874, lpMode=0xc000143d04 | out: lpMode=0xc000143d04) returned 0 [0151.346] GetFileType (hFile=0x874) returned 0x1 [0151.346] WriteFile (in: hFile=0x874, lpBuffer=0xc000498000*, nNumberOfBytesToWrite=0x10e60, lpNumberOfBytesWritten=0xc000143cec, lpOverlapped=0x0 | out: lpBuffer=0xc000498000*, lpNumberOfBytesWritten=0xc000143cec*=0x10e60, lpOverlapped=0x0) returned 1 [0151.348] CloseHandle (hObject=0x874) returned 1 [0151.349] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3401 | out: pbBuffer=0xc0001c3401) returned 1 [0151.349] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HM13Y6G8DOsAcipgZ2d.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hm13y6g8dosacipgz2d.docx"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x874 [0151.349] GetConsoleMode (in: hConsoleHandle=0x874, lpMode=0xc000143d64 | out: lpMode=0xc000143d64) returned 0 [0151.360] WaitForSingleObject (hHandle=0xc5c, dwMilliseconds=0xffffffff) returned 0x0 [0151.761] GetFileType (hFile=0x874) returned 0x1 [0151.761] WriteFile (in: hFile=0x874, lpBuffer=0xc0000d71e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000143d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d71e0*, lpNumberOfBytesWritten=0xc000143d4c*=0x158, lpOverlapped=0x0) returned 1 [0151.761] CloseHandle (hObject=0x874) returned 1 [0151.761] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\HM13Y6G8DOsAcipgZ2d.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\hm13y6g8dosacipgz2d.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\encry-HM13Y6G8DOsAcipgZ2d.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\encry-hm13y6g8dosacipgz2d.docx"), dwFlags=0x1) returned 1 [0151.763] SetEvent (hEvent=0xa88) returned 1 [0151.763] WaitForSingleObject (hHandle=0xc5c, dwMilliseconds=0xffffffff) returned 0x0 [0151.771] SetEvent (hEvent=0xa68) returned 1 [0151.771] VirtualAlloc (lpAddress=0xc0002c4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002c4000 [0151.773] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Pr3tvmM8VB9VEp IpuI.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pr3tvmm8vb9vep ipui.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x7a0 [0151.773] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc0001fdcf4 | out: lpMode=0xc0001fdcf4) returned 0 [0151.775] WaitForSingleObject (hHandle=0xc5c, dwMilliseconds=0xffffffff) returned 0x0 [0152.309] GetFileType (hFile=0x7a0) returned 0x1 [0152.310] GetFileType (hFile=0x7a0) returned 0x1 [0152.310] GetFileInformationByHandle (in: hFile=0x7a0, lpFileInformation=0xc0001fdd44 | out: lpFileInformation=0xc0001fdd44) returned 1 [0152.310] GetFileInformationByHandleEx (in: hFile=0x7a0, FileInformationClass=0x9, lpFileInformation=0xc0001fdd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001fdd28) returned 1 [0152.310] ReadFile (in: hFile=0x7a0, lpBuffer=0xc000050000, nNumberOfBytesToRead=0x1bed, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc000050000*, lpNumberOfBytesRead=0xc0001fdc04*=0x19ed, lpOverlapped=0x0) returned 1 [0152.311] ReadFile (in: hFile=0x7a0, lpBuffer=0xc0000519ed, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001fdc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000519ed*, lpNumberOfBytesRead=0xc0001fdc04*=0x0, lpOverlapped=0x0) returned 1 [0152.311] CloseHandle (hObject=0x7a0) returned 1 [0152.311] VirtualAlloc (lpAddress=0xc0002b8000, dwSize=0xa000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0002b8000 [0152.313] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Pr3tvmM8VB9VEp IpuI.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\pr3tvmm8vb9vep ipui.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x7a0 [0152.314] GetConsoleMode (in: hConsoleHandle=0x7a0, lpMode=0xc0001fdd04 | out: lpMode=0xc0001fdd04) returned 0 [0152.319] WaitForSingleObject (hHandle=0xc5c, dwMilliseconds=0xffffffff) returned 0x0 [0152.573] SetEvent (hEvent=0xab8) returned 1 [0152.573] WaitForSingleObject (hHandle=0xc5c, dwMilliseconds=0xffffffff) returned 0x0 [0161.272] VirtualAlloc (lpAddress=0xc0000ea000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ea000 [0161.273] VirtualAlloc (lpAddress=0xc0000ee000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000ee000 [0161.274] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\lS65fyrP8XMrnQyKww\\pApDKzHUyE\\WCcPCD-tittU.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ls65fyrp8xmrnqykww\\papdkzhuye\\wccpcd-tittu.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x644 [0162.047] GetConsoleMode (in: hConsoleHandle=0x644, lpMode=0xc0002d1cf4 | out: lpMode=0xc0002d1cf4) returned 0 [0162.405] WaitForSingleObject (hHandle=0xc5c, dwMilliseconds=0xffffffff) returned 0x0 [0162.596] SetEvent (hEvent=0xb40) returned 1 [0162.596] WaitForSingleObject (hHandle=0xc5c, dwMilliseconds=0xffffffff) returned 0x0 [0163.511] WriteFile (in: hFile=0x770, lpBuffer=0xc0006a2000*, nNumberOfBytesToWrite=0x10480, lpNumberOfBytesWritten=0xc000361cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006a2000*, lpNumberOfBytesWritten=0xc000361cec*=0x10480, lpOverlapped=0x0) returned 1 [0166.367] CloseHandle (hObject=0x770) returned 1 [0166.741] WaitForSingleObject (hHandle=0xc5c, dwMilliseconds=0xffffffff) returned 0x0 [0166.897] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031bb01 | out: pbBuffer=0xc00031bb01) returned 1 [0166.897] VirtualAlloc (lpAddress=0xc000334000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000334000 [0166.899] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Ub1qdukJq9owd2F8CO.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ub1qdukjq9owd2f8co.jpg"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac [0166.899] GetConsoleMode (in: hConsoleHandle=0x4ac, lpMode=0xc000361d64 | out: lpMode=0xc000361d64) returned 0 [0166.901] GetFileType (hFile=0x4ac) returned 0x1 [0166.901] WriteFile (in: hFile=0x4ac, lpBuffer=0xc000121340*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000361d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000121340*, lpNumberOfBytesWritten=0xc000361d4c*=0x158, lpOverlapped=0x0) returned 1 [0166.902] CloseHandle (hObject=0x4ac) returned 1 [0166.902] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\Ub1qdukJq9owd2F8CO.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\ub1qdukjq9owd2f8co.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\encry-Ub1qdukJq9owd2F8CO.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\encry-ub1qdukjq9owd2f8co.jpg"), dwFlags=0x1) returned 1 [0167.388] WaitForSingleObject (hHandle=0xc5c, dwMilliseconds=0xffffffff) Thread: id = 197 os_tid = 0xcb8 [0142.323] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3f73fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3f73fea0*=0x878) returned 1 [0142.323] VirtualQuery (in: lpAddress=0x3f73fec0, lpBuffer=0x3f73fec0, dwLength=0x30 | out: lpBuffer=0x3f73fec0*(BaseAddress=0x3f73f000, AllocationBase=0x3f540000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.323] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xe1i.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xe1i.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x884 [0142.324] GetConsoleMode (in: hConsoleHandle=0x884, lpMode=0xc00048bcf4 | out: lpMode=0xc00048bcf4) returned 0 [0142.326] GetFileType (hFile=0x884) returned 0x1 [0142.326] GetFileType (hFile=0x884) returned 0x1 [0142.326] GetFileInformationByHandle (in: hFile=0x884, lpFileInformation=0xc00048bd44 | out: lpFileInformation=0xc00048bd44) returned 1 [0142.326] GetFileInformationByHandleEx (in: hFile=0x884, FileInformationClass=0x9, lpFileInformation=0xc00048bd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00048bd28) returned 1 [0142.326] ReadFile (in: hFile=0x884, lpBuffer=0xc00027ca00, nNumberOfBytesToRead=0x4ea, lpNumberOfBytesRead=0xc00048bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00027ca00*, lpNumberOfBytesRead=0xc00048bc04*=0x2ea, lpOverlapped=0x0) returned 1 [0142.821] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc64 [0142.821] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc68 [0142.821] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0143.947] ReadFile (in: hFile=0x884, lpBuffer=0xc00027ccea, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00048bc04, lpOverlapped=0x0 | out: lpBuffer=0xc00027ccea*, lpNumberOfBytesRead=0xc00048bc04*=0x0, lpOverlapped=0x0) returned 1 [0143.948] CloseHandle (hObject=0x884) returned 1 [0143.948] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xe1i.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xe1i.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x430 [0143.957] GetConsoleMode (in: hConsoleHandle=0x430, lpMode=0xc00048bd04 | out: lpMode=0xc00048bd04) returned 0 [0143.963] GetFileType (hFile=0x430) returned 0x1 [0143.963] WriteFile (in: hFile=0x430, lpBuffer=0xc0006f8000*, nNumberOfBytesToWrite=0x2f0, lpNumberOfBytesWritten=0xc00048bcec, lpOverlapped=0x0 | out: lpBuffer=0xc0006f8000*, lpNumberOfBytesWritten=0xc00048bcec*=0x2f0, lpOverlapped=0x0) returned 1 [0143.964] CloseHandle (hObject=0x430) returned 1 [0143.970] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0144.528] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3401 | out: pbBuffer=0xc0001c3401) returned 1 [0144.528] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xe1i.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xe1i.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac [0144.529] GetConsoleMode (in: hConsoleHandle=0x4ac, lpMode=0xc00048bd64 | out: lpMode=0xc00048bd64) returned 0 [0144.529] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0144.866] GetFileType (hFile=0x4ac) returned 0x1 [0144.867] WriteFile (in: hFile=0x4ac, lpBuffer=0xc000290580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00048bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000290580*, lpNumberOfBytesWritten=0xc00048bd4c*=0x158, lpOverlapped=0x0) returned 1 [0144.867] CloseHandle (hObject=0x4ac) returned 1 [0144.870] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0144.871] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\xe1i.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\xe1i.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-xe1i.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-xe1i.lnk"), dwFlags=0x1) returned 1 [0146.077] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0146.254] SetEvent (hEvent=0x208) returned 1 [0146.254] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0146.266] SetEvent (hEvent=0x324) returned 1 [0146.266] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0146.279] SetEvent (hEvent=0xa20) returned 1 [0146.279] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0148.039] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YJ1 bBWpUBUXjXklo.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yj1 bbwpubuxjxklo.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x644 [0148.040] GetConsoleMode (in: hConsoleHandle=0x644, lpMode=0xc0001bfcf4 | out: lpMode=0xc0001bfcf4) returned 0 [0148.041] GetFileType (hFile=0x644) returned 0x1 [0148.041] GetFileType (hFile=0x644) returned 0x1 [0148.041] GetFileInformationByHandle (in: hFile=0x644, lpFileInformation=0xc0001bfd44 | out: lpFileInformation=0xc0001bfd44) returned 1 [0148.041] GetFileInformationByHandleEx (in: hFile=0x644, FileInformationClass=0x9, lpFileInformation=0xc0001bfd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0001bfd28) returned 1 [0148.041] VirtualAlloc (lpAddress=0xc0000bc000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000bc000 [0148.043] ReadFile (in: hFile=0x644, lpBuffer=0xc0000bc000, nNumberOfBytesToRead=0x89a, lpNumberOfBytesRead=0xc0001bfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc000*, lpNumberOfBytesRead=0xc0001bfc04*=0x69a, lpOverlapped=0x0) returned 1 [0148.702] ReadFile (in: hFile=0x644, lpBuffer=0xc0000bc69a, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0001bfc04, lpOverlapped=0x0 | out: lpBuffer=0xc0000bc69a*, lpNumberOfBytesRead=0xc0001bfc04*=0x0, lpOverlapped=0x0) returned 1 [0148.702] CloseHandle (hObject=0x644) returned 1 [0148.702] VirtualAlloc (lpAddress=0xc00024e000, dwSize=0x4000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00024e000 [0148.704] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YJ1 bBWpUBUXjXklo.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yj1 bbwpubuxjxklo.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x510 [0150.610] GetConsoleMode (in: hConsoleHandle=0x510, lpMode=0xc0001bfd04 | out: lpMode=0xc0001bfd04) returned 0 [0150.612] GetFileType (hFile=0x510) returned 0x1 [0150.612] WriteFile (in: hFile=0x510, lpBuffer=0xc00024e000*, nNumberOfBytesToWrite=0x6a0, lpNumberOfBytesWritten=0xc0001bfcec, lpOverlapped=0x0 | out: lpBuffer=0xc00024e000*, lpNumberOfBytesWritten=0xc0001bfcec*=0x6a0, lpOverlapped=0x0) returned 1 [0150.613] CloseHandle (hObject=0x510) returned 1 [0150.720] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533401 | out: pbBuffer=0xc000533401) returned 1 [0150.720] VirtualAlloc (lpAddress=0xc000076000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000076000 [0150.721] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0150.723] VirtualAlloc (lpAddress=0xc000042000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000042000 [0150.724] VirtualAlloc (lpAddress=0xc000050000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000050000 [0150.726] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0150.727] VirtualAlloc (lpAddress=0xc0000a2000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0000a2000 [0150.729] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YJ1 bBWpUBUXjXklo.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yj1 bbwpubuxjxklo.mp4"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x720 [0150.729] GetConsoleMode (in: hConsoleHandle=0x720, lpMode=0xc0001bfd64 | out: lpMode=0xc0001bfd64) returned 0 [0150.734] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0150.757] SetEvent (hEvent=0xc0) returned 1 [0150.757] SetEvent (hEvent=0xb50) returned 1 [0150.757] GetFileType (hFile=0x720) returned 0x1 [0150.757] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0150.784] WriteFile (in: hFile=0x720, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0001bfd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc0001bfd4c*=0x158, lpOverlapped=0x0) returned 1 [0150.784] CloseHandle (hObject=0x720) returned 1 [0150.793] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\YJ1 bBWpUBUXjXklo.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\yj1 bbwpubuxjxklo.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\encry-YJ1 bBWpUBUXjXklo.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\encry-yj1 bbwpubuxjxklo.mp4"), dwFlags=0x1) returned 1 [0152.975] GetFileType (hFile=0x6b4) returned 0x1 [0152.975] WriteFile (in: hFile=0x6b4, lpBuffer=0xc0000d6580*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00046bd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d6580*, lpNumberOfBytesWritten=0xc00046bd4c*=0x158, lpOverlapped=0x0) returned 1 [0152.975] CloseHandle (hObject=0x6b4) returned 1 [0152.975] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\EuhSMC2pzLMt_.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\euhsmc2pzlmt_.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-EuhSMC2pzLMt_.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-euhsmc2pzlmt_.avi"), dwFlags=0x1) returned 1 [0152.976] GetFileType (hFile=0x5b8) returned 0x1 [0152.976] WriteFile (in: hFile=0x5b8, lpBuffer=0xc0000d69a0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000045d4c, lpOverlapped=0x0 | out: lpBuffer=0xc0000d69a0*, lpNumberOfBytesWritten=0xc000045d4c*=0x158, lpOverlapped=0x0) returned 1 [0152.977] CloseHandle (hObject=0x5b8) returned 1 [0152.977] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\wQBLRGmmPpS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\wqblrgmmpps.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\1WwC7yDS7iD6Z0TXpq\\encry-wQBLRGmmPpS.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\1wwc7yds7id6z0txpq\\encry-wqblrgmmpps.jpg"), dwFlags=0x1) returned 1 [0152.978] GetFileType (hFile=0x2b4) returned 0x1 [0152.978] GetFileType (hFile=0x2b4) returned 0x1 [0152.978] GetFileInformationByHandle (in: hFile=0x2b4, lpFileInformation=0xc000195d44 | out: lpFileInformation=0xc000195d44) returned 1 [0152.978] GetFileInformationByHandleEx (in: hFile=0x2b4, FileInformationClass=0x9, lpFileInformation=0xc000195d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000195d28) returned 1 [0152.978] VirtualAlloc (lpAddress=0xc000358000, dwSize=0x16000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000358000 [0152.982] ReadFile (in: hFile=0x2b4, lpBuffer=0xc000358000, nNumberOfBytesToRead=0x14155, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc000358000*, lpNumberOfBytesRead=0xc000195c04*=0x13f55, lpOverlapped=0x0) returned 1 [0152.984] ReadFile (in: hFile=0x2b4, lpBuffer=0xc00036bf55, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000195c04, lpOverlapped=0x0 | out: lpBuffer=0xc00036bf55*, lpNumberOfBytesRead=0xc000195c04*=0x0, lpOverlapped=0x0) returned 1 [0152.985] CloseHandle (hObject=0x2b4) returned 1 [0152.985] VirtualAlloc (lpAddress=0xc00003c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00003c000 [0152.986] VirtualAlloc (lpAddress=0xc000498000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000498000 [0152.992] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\846qyHVIL2d.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\846qyhvil2d.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0152.996] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000195d04 | out: lpMode=0xc000195d04) returned 0 [0153.052] GetFileType (hFile=0x2b4) returned 0x1 [0153.052] WriteFile (in: hFile=0x2b4, lpBuffer=0xc000498000*, nNumberOfBytesToWrite=0x13f60, lpNumberOfBytesWritten=0xc000195cec, lpOverlapped=0x0 | out: lpBuffer=0xc000498000*, lpNumberOfBytesWritten=0xc000195cec*=0x13f60, lpOverlapped=0x0) returned 1 [0153.055] CloseHandle (hObject=0x2b4) returned 1 [0153.055] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533601 | out: pbBuffer=0xc000533601) returned 1 [0153.056] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\846qyHVIL2d.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\846qyhvil2d.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x2b4 [0153.056] GetConsoleMode (in: hConsoleHandle=0x2b4, lpMode=0xc000195d64 | out: lpMode=0xc000195d64) returned 0 [0153.078] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0153.181] GetFileType (hFile=0x2b4) returned 0x1 [0153.181] WriteFile (in: hFile=0x2b4, lpBuffer=0xc000284000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000195d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000284000*, lpNumberOfBytesWritten=0xc000195d4c*=0x158, lpOverlapped=0x0) returned 1 [0153.182] CloseHandle (hObject=0x2b4) returned 1 [0153.182] VirtualAlloc (lpAddress=0xc00011c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011c000 [0153.183] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\846qyHVIL2d.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\846qyhvil2d.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\encry-846qyHVIL2d.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\encry-846qyhvil2d.mp3"), dwFlags=0x1) returned 1 [0153.185] SetEvent (hEvent=0xa80) returned 1 [0153.185] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0155.292] VirtualAlloc (lpAddress=0xc00016a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016a000 [0155.294] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x768 [0155.295] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc00040dcf4 | out: lpMode=0xc00040dcf4) returned 0 [0155.297] GetFileType (hFile=0x768) returned 0x1 [0155.297] GetFileType (hFile=0x768) returned 0x1 [0155.297] GetFileInformationByHandle (in: hFile=0x768, lpFileInformation=0xc00040dd44 | out: lpFileInformation=0xc00040dd44) returned 1 [0155.297] GetFileInformationByHandleEx (in: hFile=0x768, FileInformationClass=0x9, lpFileInformation=0xc00040dd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00040dd28) returned 1 [0155.297] ReadFile (in: hFile=0x768, lpBuffer=0xc000168400, nNumberOfBytesToRead=0x3e6, lpNumberOfBytesRead=0xc00040dc04, lpOverlapped=0x0 | out: lpBuffer=0xc000168400*, lpNumberOfBytesRead=0xc00040dc04*=0x1e6, lpOverlapped=0x0) returned 1 [0155.302] ReadFile (in: hFile=0x768, lpBuffer=0xc0001685e6, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00040dc04, lpOverlapped=0x0 | out: lpBuffer=0xc0001685e6*, lpNumberOfBytesRead=0xc00040dc04*=0x0, lpOverlapped=0x0) returned 1 [0155.346] CloseHandle (hObject=0x768) returned 1 [0155.346] VirtualAlloc (lpAddress=0xc00016c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00016c000 [0155.348] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x768 [0155.350] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc00040dd04 | out: lpMode=0xc00040dd04) returned 0 [0155.360] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0156.007] GetFileType (hFile=0x768) returned 0x1 [0156.007] WriteFile (in: hFile=0x768, lpBuffer=0xc00016c000*, nNumberOfBytesToWrite=0x1f0, lpNumberOfBytesWritten=0xc00040dcec, lpOverlapped=0x0 | out: lpBuffer=0xc00016c000*, lpNumberOfBytesWritten=0xc00040dcec*=0x1f0, lpOverlapped=0x0) returned 1 [0156.010] CloseHandle (hObject=0x768) returned 1 [0156.010] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc00031b201 | out: pbBuffer=0xc00031b201) returned 1 [0156.010] VirtualAlloc (lpAddress=0xc000234000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000234000 [0156.012] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x768 [0156.012] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc00040dd64 | out: lpMode=0xc00040dd64) returned 0 [0156.022] GetFileType (hFile=0x768) returned 0x1 [0156.022] WriteFile (in: hFile=0x768, lpBuffer=0xc000104840*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00040dd4c, lpOverlapped=0x0 | out: lpBuffer=0xc000104840*, lpNumberOfBytesWritten=0xc00040dd4c*=0x158, lpOverlapped=0x0) returned 1 [0156.022] CloseHandle (hObject=0x768) returned 1 [0156.022] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\desktop.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\encry-Desktop.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\links\\encry-desktop.lnk"), dwFlags=0x1) returned 1 [0156.025] SetEvent (hEvent=0xb58) returned 1 [0156.025] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0156.087] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d00a0*, nNumberOfCharsToWrite=0x4c, lpNumberOfCharsWritten=0xc000141808, lpReserved=0x0 | out: lpBuffer=0xc0003d00a0*, lpNumberOfCharsWritten=0xc000141808*=0x4c) returned 1 [0156.092] VirtualAlloc (lpAddress=0xc000238000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000238000 [0156.093] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0156.093] VirtualAlloc (lpAddress=0xc00023a000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00023a000 [0156.095] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0xc000141a08 | out: lpFindFileData=0xc000141a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0156.095] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000141720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0156.095] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d0140*, nNumberOfCharsToWrite=0x4c, lpNumberOfCharsWritten=0xc000141808, lpReserved=0x0 | out: lpBuffer=0xc0003d0140*, lpNumberOfCharsWritten=0xc000141808*=0x4c) returned 1 [0156.188] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0156.189] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\my pictures"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0156.189] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\My Pictures\\*", lpFindFileData=0xc000141a68 | out: lpFindFileData=0xc000141a68*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0156.189] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000141720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0156.189] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003d01e0*, nNumberOfCharsToWrite=0x4c, lpNumberOfCharsWritten=0xc000141808, lpReserved=0x0 | out: lpBuffer=0xc0003d01e0*, lpNumberOfCharsWritten=0xc000141808*=0x4c) returned 1 [0156.234] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000c8060*, nNumberOfCharsToWrite=0x11, lpNumberOfCharsWritten=0xc000141808, lpReserved=0x0 | out: lpBuffer=0xc0000c8060*, lpNumberOfCharsWritten=0xc000141808*=0x11) returned 1 [0156.276] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0156.403] SetEvent (hEvent=0x1b4) returned 1 [0156.403] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0157.132] SetEvent (hEvent=0x1b4) returned 1 [0157.132] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0157.346] SetEvent (hEvent=0x43c) returned 1 [0157.346] SetEvent (hEvent=0xb58) returned 1 [0157.346] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0157.501] SetEvent (hEvent=0x43c) returned 1 [0157.501] SetEvent (hEvent=0x1b4) returned 1 [0157.501] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0157.651] SetEvent (hEvent=0x43c) returned 1 [0157.651] SetEvent (hEvent=0x254) returned 1 [0157.651] SetEvent (hEvent=0x1b4) returned 1 [0157.651] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0157.773] SetEvent (hEvent=0x43c) returned 1 [0157.773] SetEvent (hEvent=0x254) returned 1 [0157.773] SetEvent (hEvent=0x1b4) returned 1 [0157.773] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0158.153] SetEvent (hEvent=0x254) returned 1 [0158.183] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0158.397] SetEvent (hEvent=0x43c) returned 1 [0158.397] SwitchToThread () returned 1 [0158.430] SetEvent (hEvent=0x43c) returned 1 [0158.430] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0158.541] SetEvent (hEvent=0x254) returned 1 [0158.541] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0159.070] SetEvent (hEvent=0x43c) returned 1 [0159.070] SetEvent (hEvent=0xb58) returned 1 [0159.070] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0159.098] SetEvent (hEvent=0x43c) returned 1 [0159.099] SetEvent (hEvent=0x1b4) returned 1 [0159.099] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0159.220] SetEvent (hEvent=0x43c) returned 1 [0159.220] SetEvent (hEvent=0xb58) returned 1 [0159.220] SetEvent (hEvent=0x1b4) returned 1 [0159.220] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0159.405] SetEvent (hEvent=0x254) returned 1 [0159.405] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0159.541] SetEvent (hEvent=0x43c) returned 1 [0159.541] SwitchToThread () returned 1 [0159.582] SwitchToThread () returned 1 [0159.584] SetEvent (hEvent=0x43c) returned 1 [0159.584] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0159.636] SetEvent (hEvent=0x43c) returned 1 [0159.637] SetEvent (hEvent=0x1b4) returned 1 [0159.637] SetEvent (hEvent=0x254) returned 1 [0159.637] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0159.906] SetEvent (hEvent=0x43c) returned 1 [0159.906] SetEvent (hEvent=0xb58) returned 1 [0159.907] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0159.935] SetEvent (hEvent=0x43c) returned 1 [0159.935] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0159.938] SetEvent (hEvent=0x43c) returned 1 [0159.938] SetEvent (hEvent=0xb58) returned 1 [0159.938] SetEvent (hEvent=0x1b4) returned 1 [0159.938] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0159.941] SetEvent (hEvent=0xb58) returned 1 [0159.941] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0159.945] VirtualFree (lpAddress=0xc00058e000, dwSize=0x48000, dwFreeType=0x4000) returned 1 [0159.948] VirtualFree (lpAddress=0xc000554000, dwSize=0x14000, dwFreeType=0x4000) returned 1 [0159.950] VirtualFree (lpAddress=0xc000120000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.951] VirtualFree (lpAddress=0xc0000fc000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.951] VirtualFree (lpAddress=0xc0000ee000, dwSize=0x4000, dwFreeType=0x4000) returned 1 [0159.952] VirtualFree (lpAddress=0xc000054000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.953] VirtualFree (lpAddress=0xc00004c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.954] VirtualFree (lpAddress=0xc00003c000, dwSize=0x2000, dwFreeType=0x4000) returned 1 [0159.955] SetEvent (hEvent=0x1b4) returned 1 [0159.955] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0160.412] SetEvent (hEvent=0xb58) returned 1 [0160.412] SwitchToThread () returned 1 [0160.492] SwitchToThread () returned 1 [0160.495] SetEvent (hEvent=0xb58) returned 1 [0160.495] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0160.527] VirtualAlloc (lpAddress=0xc000058000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000058000 [0160.528] GetFileType (hFile=0x7c4) returned 0x1 [0160.528] GetFileType (hFile=0x7c4) returned 0x1 [0160.529] GetFileInformationByHandle (in: hFile=0x7c4, lpFileInformation=0xc000521d44 | out: lpFileInformation=0xc000521d44) returned 1 [0160.529] GetFileInformationByHandleEx (in: hFile=0x7c4, FileInformationClass=0x9, lpFileInformation=0xc000521d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000521d28) returned 1 [0160.529] ReadFile (in: hFile=0x7c4, lpBuffer=0xc0001b0000, nNumberOfBytesToRead=0x214, lpNumberOfBytesRead=0xc000521c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b0000*, lpNumberOfBytesRead=0xc000521c04*=0x14, lpOverlapped=0x0) returned 1 [0160.531] ReadFile (in: hFile=0x7c4, lpBuffer=0xc0001b0014, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000521c04, lpOverlapped=0x0 | out: lpBuffer=0xc0001b0014*, lpNumberOfBytesRead=0xc000521c04*=0x0, lpOverlapped=0x0) returned 1 [0160.531] CloseHandle (hObject=0x7c4) returned 1 [0160.531] VirtualAlloc (lpAddress=0xc00005c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00005c000 [0160.532] VirtualAlloc (lpAddress=0xc000060000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000060000 [0160.533] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0160.534] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\ntuser.ini\\*", lpFindFileData=0xc000521a08 | out: lpFindFileData=0xc000521a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0160.534] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc000521720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0160.534] VirtualAlloc (lpAddress=0xc0006e4000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0006e4000 [0160.563] ReadFile (in: hFile=0x768, lpBuffer=0xc0006e4000, nNumberOfBytesToRead=0x80200, lpNumberOfBytesRead=0xc0002f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc0006e4000*, lpNumberOfBytesRead=0xc0002f7c04*=0x80000, lpOverlapped=0x0) returned 1 [0161.904] SetEvent (hEvent=0xc0) returned 1 [0161.904] ReadFile (in: hFile=0x768, lpBuffer=0xc000764000, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0002f7c04, lpOverlapped=0x0 | out: lpBuffer=0xc000764000*, lpNumberOfBytesRead=0xc0002f7c04*=0x0, lpOverlapped=0x0) returned 1 [0161.904] CloseHandle (hObject=0x768) returned 1 [0162.005] VirtualAlloc (lpAddress=0xc000604000, dwSize=0x82000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000604000 [0162.029] VirtualAlloc (lpAddress=0xc000320000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000320000 [0162.031] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.031] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms\\*", lpFindFileData=0xc0002f7a08 | out: lpFindFileData=0xc0002f7a08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.031] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc0002f7720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.031] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0003ca500*, nNumberOfCharsToWrite=0x93, lpNumberOfCharsWritten=0xc0002f7808, lpReserved=0x0 | out: lpBuffer=0xc0003ca500*, lpNumberOfCharsWritten=0xc0002f7808*=0x93) returned 1 [0162.339] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0162.593] SetEvent (hEvent=0xc1c) returned 1 [0162.594] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) returned 0x0 [0163.581] GetFileType (hFile=0x564) returned 0x1 [0163.581] GetFileType (hFile=0x564) returned 0x1 [0163.581] GetFileInformationByHandle (in: hFile=0x564, lpFileInformation=0xc00038fd44 | out: lpFileInformation=0xc00038fd44) returned 1 [0166.423] GetFileInformationByHandleEx (in: hFile=0x564, FileInformationClass=0x9, lpFileInformation=0xc00038fd28, dwBufferSize=0x8 | out: lpFileInformation=0xc00038fd28) returned 1 [0166.423] VirtualAlloc (lpAddress=0xc0001c0000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001c0000 [0166.424] VirtualAlloc (lpAddress=0xc0005ec000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005ec000 [0166.428] ReadFile (in: hFile=0x564, lpBuffer=0xc0005ec000, nNumberOfBytesToRead=0xc2fd, lpNumberOfBytesRead=0xc00038fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0005ec000*, lpNumberOfBytesRead=0xc00038fc04*=0xc0fd, lpOverlapped=0x0) returned 1 [0166.431] ReadFile (in: hFile=0x564, lpBuffer=0xc0005f80fd, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc00038fc04, lpOverlapped=0x0 | out: lpBuffer=0xc0005f80fd*, lpNumberOfBytesRead=0xc00038fc04*=0x0, lpOverlapped=0x0) returned 1 [0166.431] CloseHandle (hObject=0x564) returned 1 [0166.431] VirtualAlloc (lpAddress=0xc0001dc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001dc000 [0166.432] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0166.434] VirtualAlloc (lpAddress=0xc000638000, dwSize=0xe000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000638000 [0166.437] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\KblR1WYH.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\kblr1wyh.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x564 [0166.440] GetConsoleMode (in: hConsoleHandle=0x564, lpMode=0xc00038fd04 | out: lpMode=0xc00038fd04) returned 0 [0166.492] GetFileType (hFile=0x564) returned 0x1 [0166.492] VirtualAlloc (lpAddress=0xc0003c8000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003c8000 [0166.493] WriteFile (in: hFile=0x564, lpBuffer=0xc000638000*, nNumberOfBytesToWrite=0xc100, lpNumberOfBytesWritten=0xc00038fcec, lpOverlapped=0x0 | out: lpBuffer=0xc000638000*, lpNumberOfBytesWritten=0xc00038fcec*=0xc100, lpOverlapped=0x0) returned 1 [0166.497] CloseHandle (hObject=0x564) returned 1 [0166.497] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3801 | out: pbBuffer=0xc0001c3801) returned 1 [0166.498] VirtualAlloc (lpAddress=0xc0003ce000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003ce000 [0166.499] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\KblR1WYH.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\kblr1wyh.mp3"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x564 [0166.499] GetConsoleMode (in: hConsoleHandle=0x564, lpMode=0xc00038fd64 | out: lpMode=0xc00038fd64) returned 0 [0166.502] GetFileType (hFile=0x564) returned 0x1 [0166.502] WriteFile (in: hFile=0x564, lpBuffer=0xc0001851e0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc00038fd4c, lpOverlapped=0x0 | out: lpBuffer=0xc0001851e0*, lpNumberOfBytesWritten=0xc00038fd4c*=0x158, lpOverlapped=0x0) returned 1 [0166.502] CloseHandle (hObject=0x564) returned 1 [0166.503] VirtualAlloc (lpAddress=0xc0003d4000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003d4000 [0166.504] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\KblR1WYH.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\kblr1wyh.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\X cLPSc5bC0q\\encry-KblR1WYH.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x clpsc5bc0q\\encry-kblr1wyh.mp3"), dwFlags=0x1) returned 1 [0167.386] WaitForSingleObject (hHandle=0xc64, dwMilliseconds=0xffffffff) Thread: id = 198 os_tid = 0xcbc [0142.326] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3f93fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3f93fea0*=0x88c) returned 1 [0142.326] VirtualQuery (in: lpAddress=0x3f93fec0, lpBuffer=0x3f93fec0, dwLength=0x30 | out: lpBuffer=0x3f93fec0*(BaseAddress=0x3f93f000, AllocationBase=0x3f740000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.326] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yhHe_4FFUOdFU932.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yhhe_4ffuodfu932.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x890 [0142.328] GetConsoleMode (in: hConsoleHandle=0x890, lpMode=0xc000497cf4 | out: lpMode=0xc000497cf4) returned 0 [0142.328] GetFileType (hFile=0x890) returned 0x1 [0142.328] GetFileType (hFile=0x890) returned 0x1 [0142.328] GetFileInformationByHandle (in: hFile=0x890, lpFileInformation=0xc000497d44 | out: lpFileInformation=0xc000497d44) returned 1 [0142.328] GetFileInformationByHandleEx (in: hFile=0x890, FileInformationClass=0x9, lpFileInformation=0xc000497d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000497d28) returned 1 [0142.328] ReadFile (in: hFile=0x890, lpBuffer=0xc000121200, nNumberOfBytesToRead=0x461, lpNumberOfBytesRead=0xc000497c04, lpOverlapped=0x0 | out: lpBuffer=0xc000121200*, lpNumberOfBytesRead=0xc000497c04*=0x261, lpOverlapped=0x0) returned 1 [0142.822] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc6c [0142.822] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc70 [0142.823] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0143.971] ReadFile (in: hFile=0x890, lpBuffer=0xc000121461, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000497c04, lpOverlapped=0x0 | out: lpBuffer=0xc000121461*, lpNumberOfBytesRead=0xc000497c04*=0x0, lpOverlapped=0x0) returned 1 [0143.971] CloseHandle (hObject=0x890) returned 1 [0143.971] VirtualAlloc (lpAddress=0xc00077e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00077e000 [0143.972] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yhHe_4FFUOdFU932.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yhhe_4ffuodfu932.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x890 [0143.974] GetConsoleMode (in: hConsoleHandle=0x890, lpMode=0xc000497d04 | out: lpMode=0xc000497d04) returned 0 [0143.980] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0144.540] GetFileType (hFile=0x890) returned 0x1 [0144.540] WriteFile (in: hFile=0x890, lpBuffer=0xc0006ce280*, nNumberOfBytesToWrite=0x270, lpNumberOfBytesWritten=0xc000497cec, lpOverlapped=0x0 | out: lpBuffer=0xc0006ce280*, lpNumberOfBytesWritten=0xc000497cec*=0x270, lpOverlapped=0x0) returned 1 [0144.553] CloseHandle (hObject=0x890) returned 1 [0144.553] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc000533501 | out: pbBuffer=0xc000533501) returned 1 [0144.553] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yhHe_4FFUOdFU932.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yhhe_4ffuodfu932.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x890 [0144.554] GetConsoleMode (in: hConsoleHandle=0x890, lpMode=0xc000497d64 | out: lpMode=0xc000497d64) returned 0 [0144.557] GetFileType (hFile=0x890) returned 0x1 [0144.557] WriteFile (in: hFile=0x890, lpBuffer=0xc00007fa20*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000497d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007fa20*, lpNumberOfBytesWritten=0xc000497d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.557] CloseHandle (hObject=0x890) returned 1 [0144.557] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\yhHe_4FFUOdFU932.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\yhhe_4ffuodfu932.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-yhHe_4FFUOdFU932.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-yhhe_4ffuodfu932.lnk"), dwFlags=0x1) returned 1 [0144.559] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe30*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.560] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3f93f698, ulCount=0x10, ulNumEntriesRemoved=0x3f93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3f93f698, ulNumEntriesRemoved=0x3f93f66c) returned 0 [0144.560] SetEvent (hEvent=0xc0) returned 1 [0144.560] SetEvent (hEvent=0xb20) returned 1 [0144.560] SetEvent (hEvent=0x604) returned 1 [0144.560] SetEvent (hEvent=0x3c8) returned 1 [0144.561] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe08*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.576] SetEvent (hEvent=0x3c8) returned 1 [0144.576] SetEvent (hEvent=0x604) returned 1 [0144.576] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe08*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.582] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe30*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.583] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3f93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3f93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3f93f6a0, ulNumEntriesRemoved=0x3f93f674) returned 0 [0144.583] SetEvent (hEvent=0x9d0) returned 1 [0144.583] SetEvent (hEvent=0xbb8) returned 1 [0144.583] SetEvent (hEvent=0x324) returned 1 [0144.583] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe18*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.587] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe30*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.589] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3f93f698, ulCount=0x10, ulNumEntriesRemoved=0x3f93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3f93f698, ulNumEntriesRemoved=0x3f93f66c) returned 0 [0144.590] SetEvent (hEvent=0x324) returned 1 [0144.590] SetEvent (hEvent=0x948) returned 1 [0144.590] SetEvent (hEvent=0xbe0) returned 1 [0144.591] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe08*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.596] SetEvent (hEvent=0xbe0) returned 1 [0144.596] SetEvent (hEvent=0x948) returned 1 [0144.596] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe08*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.604] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0144.604] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe30*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.605] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0144.605] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3f93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3f93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3f93f6a0, ulNumEntriesRemoved=0x3f93f674) returned 0 [0144.605] SetEvent (hEvent=0xc0) returned 1 [0144.605] SetEvent (hEvent=0x948) returned 1 [0144.605] SetEvent (hEvent=0xc80) returned 1 [0144.605] SetEvent (hEvent=0xbd8) returned 1 [0144.606] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe18*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.608] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0144.608] GetFileType (hFile=0x3f0) returned 0x1 [0144.608] WriteFile (in: hFile=0x3f0, lpBuffer=0xc000614000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000385d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614000*, lpNumberOfBytesWritten=0xc000385d4c*=0x158, lpOverlapped=0x0) returned 1 [0144.609] CloseHandle (hObject=0x3f0) returned 1 [0144.609] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\5afe4de1b92fc382.customdestinations-ms"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\encry-5afe4de1b92fc382.customDestinations-ms" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\encry-5afe4de1b92fc382.customdestinations-ms"), dwFlags=0x1) returned 1 [0144.611] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe30*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.613] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3f93f698, ulCount=0x10, ulNumEntriesRemoved=0x3f93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3f93f698, ulNumEntriesRemoved=0x3f93f66c) returned 0 [0144.613] SetEvent (hEvent=0x948) returned 1 [0144.613] SetEvent (hEvent=0xc80) returned 1 [0144.613] SetEvent (hEvent=0xbd8) returned 1 [0144.614] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe08*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.619] SetEvent (hEvent=0xa20) returned 1 [0144.619] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe08*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.625] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0144.625] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe30*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.626] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0144.626] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3f93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3f93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3f93f6a0, ulNumEntriesRemoved=0x3f93f674) returned 0 [0144.626] SetEvent (hEvent=0xa58) returned 1 [0144.626] SetEvent (hEvent=0xa20) returned 1 [0144.626] SetEvent (hEvent=0x9a0) returned 1 [0144.626] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe18*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.632] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe30*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.633] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3f93f698, ulCount=0x10, ulNumEntriesRemoved=0x3f93f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3f93f698, ulNumEntriesRemoved=0x3f93f66c) returned 0 [0144.633] SetEvent (hEvent=0x9a0) returned 1 [0144.633] SetEvent (hEvent=0xc24) returned 1 [0144.633] SetEvent (hEvent=0x39c) returned 1 [0144.634] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe08*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0144.643] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe08*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.661] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0144.661] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe30*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.662] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0144.662] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3f93f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3f93f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3f93f6a0, ulNumEntriesRemoved=0x3f93f674) returned 0 [0144.662] SetEvent (hEvent=0xc0) returned 1 [0144.662] SetEvent (hEvent=0xa70) returned 1 [0144.662] SetEvent (hEvent=0xc1c) returned 1 [0144.662] SetEvent (hEvent=0x980) returned 1 [0144.662] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3f93fe18*=0xc6c, bWaitAll=0, dwMilliseconds=0x1) returned 0x102 [0144.667] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0144.667] GetFileType (hFile=0x384) returned 0x1 [0144.668] WriteFile (in: hFile=0x384, lpBuffer=0xc000078000*, nNumberOfBytesToWrite=0xa00, lpNumberOfBytesWritten=0xc000065cec, lpOverlapped=0x0 | out: lpBuffer=0xc000078000*, lpNumberOfBytesWritten=0xc000065cec*=0xa00, lpOverlapped=0x0) returned 1 [0144.669] CloseHandle (hObject=0x384) returned 1 [0144.669] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3201 | out: pbBuffer=0xc0001c3201) returned 1 [0144.669] VirtualAlloc (lpAddress=0xc00010c000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00010c000 [0144.670] VirtualAlloc (lpAddress=0xc000110000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000110000 [0144.671] VirtualAlloc (lpAddress=0xc00011e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00011e000 [0144.672] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1EyRx-bxddwZPbzqj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1eyrx-bxddwzpbzqj.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x384 [0144.672] GetConsoleMode (in: hConsoleHandle=0x384, lpMode=0xc000065d64 | out: lpMode=0xc000065d64) returned 0 [0144.678] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0145.352] GetFileType (hFile=0x384) returned 0x1 [0145.352] WriteFile (in: hFile=0x384, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000065d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc000065d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.352] CloseHandle (hObject=0x384) returned 1 [0145.369] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0145.937] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\1EyRx-bxddwZPbzqj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\1eyrx-bxddwzpbzqj.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-1EyRx-bxddwZPbzqj.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-1eyrx-bxddwzpbzqj.lnk"), dwFlags=0x1) returned 1 [0150.683] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0151.194] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\IekXS.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\iekxs.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x770 [0151.195] GetConsoleMode (in: hConsoleHandle=0x770, lpMode=0xc0003ebcf4 | out: lpMode=0xc0003ebcf4) returned 0 [0151.198] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0151.663] GetFileType (hFile=0x770) returned 0x1 [0151.663] GetFileType (hFile=0x770) returned 0x1 [0151.663] GetFileInformationByHandle (in: hFile=0x770, lpFileInformation=0xc0003ebd44 | out: lpFileInformation=0xc0003ebd44) returned 1 [0151.663] GetFileInformationByHandleEx (in: hFile=0x770, FileInformationClass=0x9, lpFileInformation=0xc0003ebd28, dwBufferSize=0x8 | out: lpFileInformation=0xc0003ebd28) returned 1 [0151.664] ReadFile (in: hFile=0x770, lpBuffer=0xc000212000, nNumberOfBytesToRead=0x8655, lpNumberOfBytesRead=0xc0003ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc000212000*, lpNumberOfBytesRead=0xc0003ebc04*=0x8455, lpOverlapped=0x0) returned 1 [0151.666] ReadFile (in: hFile=0x770, lpBuffer=0xc00021a455, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc0003ebc04, lpOverlapped=0x0 | out: lpBuffer=0xc00021a455*, lpNumberOfBytesRead=0xc0003ebc04*=0x0, lpOverlapped=0x0) returned 1 [0151.666] CloseHandle (hObject=0x770) returned 1 [0151.666] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FzNv_DLmFAz\\IekXS.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\fznv_dlmfaz\\iekxs.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x770 [0151.668] GetConsoleMode (in: hConsoleHandle=0x770, lpMode=0xc0003ebd04 | out: lpMode=0xc0003ebd04) returned 0 [0151.670] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0152.172] SetEvent (hEvent=0x968) returned 1 [0152.172] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0161.412] SetEvent (hEvent=0x28c) returned 1 [0161.412] VirtualAlloc (lpAddress=0xc0001ec000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0001ec000 [0161.413] VirtualAlloc (lpAddress=0xc000094000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000094000 [0161.414] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\plkB4TD2QZSfN1cFlc0.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\plkb4td2qzsfn1cflc0.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x768 [0161.987] SetEvent (hEvent=0xc0) returned 1 [0161.987] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc000331cf4 | out: lpMode=0xc000331cf4) returned 0 [0162.148] GetFileType (hFile=0x768) returned 0x1 [0162.148] GetFileType (hFile=0x768) returned 0x1 [0162.148] GetFileInformationByHandle (in: hFile=0x768, lpFileInformation=0xc000331d44 | out: lpFileInformation=0xc000331d44) returned 1 [0162.148] GetFileInformationByHandleEx (in: hFile=0x768, FileInformationClass=0x9, lpFileInformation=0xc000331d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000331d28) returned 1 [0162.148] VirtualAlloc (lpAddress=0xc000558000, dwSize=0x14000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000558000 [0162.153] ReadFile (in: hFile=0x768, lpBuffer=0xc000558000, nNumberOfBytesToRead=0x68ed, lpNumberOfBytesRead=0xc000331c04, lpOverlapped=0x0 | out: lpBuffer=0xc000558000*, lpNumberOfBytesRead=0xc000331c04*=0x66ed, lpOverlapped=0x0) returned 1 [0162.155] ReadFile (in: hFile=0x768, lpBuffer=0xc00055e6ed, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000331c04, lpOverlapped=0x0 | out: lpBuffer=0xc00055e6ed*, lpNumberOfBytesRead=0xc000331c04*=0x0, lpOverlapped=0x0) returned 1 [0162.155] CloseHandle (hObject=0x768) returned 1 [0162.156] VirtualAlloc (lpAddress=0xc000326000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000326000 [0162.157] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\SNa_Kj_\\VZDot6k\\G_thYPOc-7akcO8\\LIcVHKu\\-S72hWfUsGFs\\plkB4TD2QZSfN1cFlc0.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\sna_kj_\\vzdot6k\\g_thypoc-7akco8\\licvhku\\-s72hwfusgfs\\plkb4td2qzsfn1cflc0.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x768 [0162.159] GetConsoleMode (in: hConsoleHandle=0x768, lpMode=0xc000331d04 | out: lpMode=0xc000331d04) returned 0 [0162.416] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0162.586] SetEvent (hEvent=0x28c) returned 1 [0162.586] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0163.670] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0002c01e0*, nNumberOfCharsToWrite=0x49, lpNumberOfCharsWritten=0xc0004b1808, lpReserved=0x0 | out: lpBuffer=0xc0002c01e0*, lpNumberOfCharsWritten=0xc0004b1808*=0x49) returned 1 [0163.670] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c3301 | out: pbBuffer=0xc0001c3301) returned 1 [0163.671] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5d8 [0166.383] GetConsoleMode (in: hConsoleHandle=0x5d8, lpMode=0xc0004b1d64 | out: lpMode=0xc0004b1d64) returned 0 [0166.459] GetFileType (hFile=0x5d8) returned 0x1 [0166.459] WriteFile (in: hFile=0x5d8, lpBuffer=0xc000184dc0*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc0004b1d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000184dc0*, lpNumberOfBytesWritten=0xc0004b1d4c*=0x158, lpOverlapped=0x0) returned 1 [0166.461] CloseHandle (hObject=0x5d8) returned 1 [0166.692] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) returned 0x0 [0166.819] VirtualAlloc (lpAddress=0xc0003fe000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0003fe000 [0166.822] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\desktop.ini"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\encry-desktop.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\encry-desktop.ini"), dwFlags=0x1) returned 1 [0167.388] WaitForSingleObject (hHandle=0xc6c, dwMilliseconds=0xffffffff) Thread: id = 199 os_tid = 0xcc0 [0142.330] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3fb3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3fb3fea0*=0x894) returned 1 [0142.330] VirtualQuery (in: lpAddress=0x3fb3fec0, lpBuffer=0x3fb3fec0, dwLength=0x30 | out: lpBuffer=0x3fb3fec0*(BaseAddress=0x3fb3f000, AllocationBase=0x3f940000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.330] SetEvent (hEvent=0xec) returned 1 [0142.330] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x898 [0142.330] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x89c [0142.331] WaitForSingleObject (hHandle=0x898, dwMilliseconds=0xffffffff) returned 0x0 [0142.332] SetEvent (hEvent=0x340) returned 1 [0142.332] WaitForSingleObject (hHandle=0x898, dwMilliseconds=0xffffffff) returned 0x0 [0142.339] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zZGqA7r9Vz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zzgqa7r9vz.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x8a4 [0142.340] GetConsoleMode (in: hConsoleHandle=0x8a4, lpMode=0xc000495cf4 | out: lpMode=0xc000495cf4) returned 0 [0142.343] GetFileType (hFile=0x8a4) returned 0x1 [0142.343] VirtualAlloc (lpAddress=0xc0005fc000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc0005fc000 [0142.345] GetFileType (hFile=0x8a4) returned 0x1 [0142.345] GetFileInformationByHandle (in: hFile=0x8a4, lpFileInformation=0xc000495d44 | out: lpFileInformation=0xc000495d44) returned 1 [0142.345] GetFileInformationByHandleEx (in: hFile=0x8a4, FileInformationClass=0x9, lpFileInformation=0xc000495d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000495d28) returned 1 [0142.345] ReadFile (in: hFile=0x8a4, lpBuffer=0xc000204580, nNumberOfBytesToRead=0xc1b, lpNumberOfBytesRead=0xc000495c04, lpOverlapped=0x0 | out: lpBuffer=0xc000204580*, lpNumberOfBytesRead=0xc000495c04*=0xa1b, lpOverlapped=0x0) returned 1 [0142.826] WaitForSingleObject (hHandle=0x898, dwMilliseconds=0xffffffff) returned 0x0 [0143.686] ReadFile (in: hFile=0x8a4, lpBuffer=0xc000204f9b, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000495c04, lpOverlapped=0x0 | out: lpBuffer=0xc000204f9b*, lpNumberOfBytesRead=0xc000495c04*=0x0, lpOverlapped=0x0) returned 1 [0143.687] CloseHandle (hObject=0x8a4) returned 1 [0143.687] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zZGqA7r9Vz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zzgqa7r9vz.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0143.701] WaitForSingleObject (hHandle=0x898, dwMilliseconds=0xffffffff) returned 0x0 [0144.404] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc000495d04 | out: lpMode=0xc000495d04) returned 0 [0144.415] WaitForSingleObject (hHandle=0x898, dwMilliseconds=0xffffffff) returned 0x0 [0144.909] GetFileType (hFile=0x79c) returned 0x1 [0144.909] WriteFile (in: hFile=0x79c, lpBuffer=0xc00004c000*, nNumberOfBytesToWrite=0xa20, lpNumberOfBytesWritten=0xc000495cec, lpOverlapped=0x0 | out: lpBuffer=0xc00004c000*, lpNumberOfBytesWritten=0xc000495cec*=0xa20, lpOverlapped=0x0) returned 1 [0144.910] CloseHandle (hObject=0x79c) returned 1 [0144.911] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0000e1e01 | out: pbBuffer=0xc0000e1e01) returned 1 [0144.911] VirtualAlloc (lpAddress=0xc00025e000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc00025e000 [0144.912] VirtualAlloc (lpAddress=0xc000260000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000260000 [0144.913] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zZGqA7r9Vz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zzgqa7r9vz.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x79c [0144.913] GetConsoleMode (in: hConsoleHandle=0x79c, lpMode=0xc000495d64 | out: lpMode=0xc000495d64) returned 0 [0144.915] WaitForSingleObject (hHandle=0x898, dwMilliseconds=0xffffffff) returned 0x0 [0145.547] GetFileType (hFile=0x79c) returned 0x1 [0145.548] WriteFile (in: hFile=0x79c, lpBuffer=0xc000614000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000495d4c, lpOverlapped=0x0 | out: lpBuffer=0xc000614000*, lpNumberOfBytesWritten=0xc000495d4c*=0x158, lpOverlapped=0x0) returned 1 [0145.548] CloseHandle (hObject=0x79c) returned 1 [0145.556] WaitForSingleObject (hHandle=0x898, dwMilliseconds=0xffffffff) returned 0x0 [0146.136] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zZGqA7r9Vz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zzgqa7r9vz.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-zZGqA7r9Vz.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-zzgqa7r9vz.lnk"), dwFlags=0x1) returned 1 [0150.392] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3fb3fe30*=0x898, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.394] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3fb3f698, ulCount=0x10, ulNumEntriesRemoved=0x3fb3f66c, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3fb3f698, ulNumEntriesRemoved=0x3fb3f66c) returned 0 [0150.394] SetEvent (hEvent=0xc0) returned 1 [0150.394] SetEvent (hEvent=0xec) returned 1 [0150.396] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3fb3fe08*=0x898, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.397] SetEvent (hEvent=0xec) returned 1 [0150.397] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3fb3fe08*=0x898, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.403] GetQueuedCompletionStatusEx (in: CompletionPort=0xdc, lpCompletionPortEntries=0x3fb3f6a0, ulCount=0x10, ulNumEntriesRemoved=0x3fb3f674, dwMilliseconds=0x0, fAlertable=0 | out: lpCompletionPortEntries=0x3fb3f6a0, ulNumEntriesRemoved=0x3fb3f674) returned 0 [0150.403] SetEvent (hEvent=0xec) returned 1 [0150.403] WaitForMultipleObjects (nCount=0x2, lpHandles=0x3fb3fe18*=0x898, bWaitAll=0, dwMilliseconds=0x1) returned 0x0 [0150.418] WaitForSingleObject (hHandle=0x898, dwMilliseconds=0xffffffff) returned 0x0 [0150.438] WaitForSingleObject (hHandle=0x898, dwMilliseconds=0xffffffff) Thread: id = 200 os_tid = 0xcc4 [0142.332] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3fd3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3fd3fea0*=0x888) returned 1 [0142.332] VirtualQuery (in: lpAddress=0x3fd3fec0, lpBuffer=0x3fd3fec0, dwLength=0x30 | out: lpBuffer=0x3fd3fec0*(BaseAddress=0x3fd3f000, AllocationBase=0x3fb40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.332] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zUbQnUQ_Do w-B.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zubqnuq_do w-b.lnk"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x8a0 [0142.333] GetConsoleMode (in: hConsoleHandle=0x8a0, lpMode=0xc000493cf4 | out: lpMode=0xc000493cf4) returned 0 [0142.341] GetFileType (hFile=0x8a0) returned 0x1 [0142.341] GetFileType (hFile=0x8a0) returned 0x1 [0142.341] GetFileInformationByHandle (in: hFile=0x8a0, lpFileInformation=0xc000493d44 | out: lpFileInformation=0xc000493d44) returned 1 [0142.341] GetFileInformationByHandleEx (in: hFile=0x8a0, FileInformationClass=0x9, lpFileInformation=0xc000493d28, dwBufferSize=0x8 | out: lpFileInformation=0xc000493d28) returned 1 [0142.341] ReadFile (in: hFile=0x8a0, lpBuffer=0xc00032d500, nNumberOfBytesToRead=0x606, lpNumberOfBytesRead=0xc000493c04, lpOverlapped=0x0 | out: lpBuffer=0xc00032d500*, lpNumberOfBytesRead=0xc000493c04*=0x406, lpOverlapped=0x0) returned 1 [0142.825] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc74 [0142.825] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0xc78 [0142.825] WaitForSingleObject (hHandle=0xc74, dwMilliseconds=0xffffffff) returned 0x0 [0144.001] ReadFile (in: hFile=0x8a0, lpBuffer=0xc00032d906, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0xc000493c04, lpOverlapped=0x0 | out: lpBuffer=0xc00032d906*, lpNumberOfBytesRead=0xc000493c04*=0x0, lpOverlapped=0x0) returned 1 [0144.001] CloseHandle (hObject=0x8a0) returned 1 [0144.001] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zUbQnUQ_Do w-B.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zubqnuq_do w-b.lnk"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x8a0 [0144.002] GetConsoleMode (in: hConsoleHandle=0x8a0, lpMode=0xc000493d04 | out: lpMode=0xc000493d04) returned 0 [0144.005] WaitForSingleObject (hHandle=0xc74, dwMilliseconds=0xffffffff) returned 0x0 [0144.736] SetEvent (hEvent=0xc0) returned 1 [0144.736] GetFileType (hFile=0x8a0) returned 0x1 [0144.736] WaitForSingleObject (hHandle=0xc74, dwMilliseconds=0xffffffff) returned 0x0 [0145.491] SetEvent (hEvent=0x9b8) returned 1 [0145.492] WriteFile (in: hFile=0x8a0, lpBuffer=0xc0002a4480*, nNumberOfBytesToWrite=0x410, lpNumberOfBytesWritten=0xc000493cec, lpOverlapped=0x0 | out: lpBuffer=0xc0002a4480*, lpNumberOfBytesWritten=0xc000493cec*=0x410, lpOverlapped=0x0) returned 1 [0145.493] CloseHandle (hObject=0x8a0) returned 1 [0145.495] WaitForSingleObject (hHandle=0xc74, dwMilliseconds=0xffffffff) returned 0x0 [0146.028] CryptGenRandom (in: hProv=0x7b24a0, dwLen=0x20, pbBuffer=0xc0001c2e01 | out: pbBuffer=0xc0001c2e01) returned 1 [0146.028] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zUbQnUQ_Do w-B.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zubqnuq_do w-b.lnk"), dwDesiredAccess=0x4, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4ac [0146.028] GetConsoleMode (in: hConsoleHandle=0x4ac, lpMode=0xc000493d64 | out: lpMode=0xc000493d64) returned 0 [0146.035] WaitForSingleObject (hHandle=0xc74, dwMilliseconds=0xffffffff) returned 0x0 [0146.178] GetFileType (hFile=0x4ac) returned 0x1 [0146.178] WriteFile (in: hFile=0x4ac, lpBuffer=0xc00007e000*, nNumberOfBytesToWrite=0x158, lpNumberOfBytesWritten=0xc000493d4c, lpOverlapped=0x0 | out: lpBuffer=0xc00007e000*, lpNumberOfBytesWritten=0xc000493d4c*=0x158, lpOverlapped=0x0) returned 1 [0146.178] CloseHandle (hObject=0x4ac) returned 1 [0146.179] WaitForSingleObject (hHandle=0xc74, dwMilliseconds=0xffffffff) returned 0x0 [0146.273] MoveFileExW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\zUbQnUQ_Do w-B.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\zubqnuq_do w-b.lnk"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\encry-zUbQnUQ_Do w-B.lnk" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\recent\\encry-zubqnuq_do w-b.lnk"), dwFlags=0x1) returned 1 [0150.663] WaitForSingleObject (hHandle=0xc74, dwMilliseconds=0xffffffff) returned 0x0 [0161.623] WaitForSingleObject (hHandle=0xc74, dwMilliseconds=0xffffffff) returned 0x0 [0161.625] WaitForSingleObject (hHandle=0xc74, dwMilliseconds=0xffffffff) returned 0x0 [0161.627] WaitForSingleObject (hHandle=0xc74, dwMilliseconds=0xffffffff) returned 0x0 [0161.628] WaitForSingleObject (hHandle=0xc74, dwMilliseconds=0xffffffff) returned 0x0 [0161.629] WaitForSingleObject (hHandle=0xc74, dwMilliseconds=0xffffffff) returned 0x0 [0161.631] WaitForSingleObject (hHandle=0xc74, dwMilliseconds=0xffffffff) returned 0x0 [0161.632] WaitForSingleObject (hHandle=0xc74, dwMilliseconds=0xffffffff) returned 0x0 [0161.635] WaitForSingleObject (hHandle=0xc74, dwMilliseconds=0xffffffff) returned 0x0 [0161.636] WriteConsoleW (in: hConsoleOutput=0x7, lpBuffer=0xc0000fa500*, nNumberOfCharsToWrite=0x3d, lpNumberOfCharsWritten=0xc00037d808, lpReserved=0x0 | out: lpBuffer=0xc0000fa500*, lpNumberOfCharsWritten=0xc00037d808*=0x3d) returned 1 [0161.637] SetEvent (hEvent=0x9b8) returned 1 [0161.637] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\recent"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0162.081] VirtualAlloc (lpAddress=0xc000226000, dwSize=0x2000, flAllocationType=0x1000, flProtect=0x4) returned 0xc000226000 [0162.082] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Recent\\*", lpFindFileData=0xc00037da08 | out: lpFindFileData=0xc00037da08*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0162.083] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x409, lpBuffer=0xc00037d720, nSize=0x12c, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0162.083] WaitForSingleObject (hHandle=0xc74, dwMilliseconds=0xffffffff) Thread: id = 201 os_tid = 0xcc8 [0142.347] DuplicateHandle (in: hSourceProcessHandle=0xffffffffffffffff, hSourceHandle=0xfffffffffffffffe, hTargetProcessHandle=0xffffffffffffffff, lpTargetHandle=0x3ff3fea0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x3ff3fea0*=0x8a8) returned 1 [0142.347] VirtualQuery (in: lpAddress=0x3ff3fec0, lpBuffer=0x3ff3fec0, dwLength=0x30 | out: lpBuffer=0x3ff3fec0*(BaseAddress=0x3ff3f000, AllocationBase=0x3fd40000, AllocationProtect=0x4, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0142.347] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8ac [0142.347] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x8b0 [0142.347] WaitForSingleObject (hHandle=0x8ac, dwMilliseconds=0xffffffff) returned 0x0 [0142.487] SetEvent (hEvent=0x334) returned 1 [0142.487] WaitForSingleObject (hHandle=0x8ac, dwMilliseconds=0xffffffff) returned 0x0 [0142.659] SetEvent (hEvent=0x144) returned 1 [0142.659] SetEvent (hEvent=0xf4) returned 1 [0142.659] WaitForSingleObject (hHandle=0x8ac, dwMilliseconds=0xffffffff) Process: id = "2" image_name = "powershell.exe" filename = "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x30a26000" os_pid = "0x15c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x5e0" cmd_line = "powershell [Environment]::GetLogicalDrives()" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 7 os_tid = 0x5dc [0080.391] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0080.747] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0080.747] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0080.747] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0080.748] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0081.324] GetVersionExW (in: lpVersionInformation=0x12dbe0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dbe0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0081.328] GetVersionExW (in: lpVersionInformation=0x12dbe0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12dbe0*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0081.337] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d800, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0081.344] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0081.344] GetVersionExW (in: lpVersionInformation=0x12d950*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12d950*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0081.345] SetErrorMode (uMode=0x1) returned 0x1 [0081.346] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12dab0 | out: lpFileInformation=0x12dab0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0081.347] SetErrorMode (uMode=0x1) returned 0x1 [0081.351] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12dd20 | out: lpdwHandle=0x12dd20) returned 0x94c [0081.354] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b16fb0 | out: lpData=0x2b16fb0) returned 1 [0081.356] VerQueryValueW (in: pBlock=0x2b16fb0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dc98, puLen=0x12dc90 | out: lplpBuffer=0x12dc98*=0x2b1704c, puLen=0x12dc90) returned 1 [0081.360] lstrlenW (lpString="䅁") returned 1 [0081.370] VerQueryValueW (in: pBlock=0x2b16fb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12dc08, puLen=0x12dc00 | out: lplpBuffer=0x12dc08*=0x2b17128, puLen=0x12dc00) returned 1 [0081.371] lstrlenW (lpString="Microsoft Corporation") returned 21 [0081.374] CoTaskMemAlloc (cb=0x2e) returned 0x289f90 [0081.374] lstrcpyW (in: lpString1=0x289f90, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0081.375] CoTaskMemFree (pv=0x289f90) [0081.375] VerQueryValueW (in: pBlock=0x2b16fb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12dc08, puLen=0x12dc00 | out: lplpBuffer=0x12dc08*=0x2b1717c, puLen=0x12dc00) returned 1 [0081.375] lstrlenW (lpString="System.Management.Automation") returned 28 [0081.376] CoTaskMemAlloc (cb=0x3c) returned 0x289200 [0081.376] lstrcpyW (in: lpString1=0x289200, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0081.376] CoTaskMemFree (pv=0x289200) [0081.376] VerQueryValueW (in: pBlock=0x2b16fb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12dc08, puLen=0x12dc00 | out: lplpBuffer=0x12dc08*=0x2b171d8, puLen=0x12dc00) returned 1 [0081.376] lstrlenW (lpString="6.1.7601.17514") returned 14 [0081.376] CoTaskMemAlloc (cb=0x20) returned 0x2846d0 [0081.376] lstrcpyW (in: lpString1=0x2846d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0081.376] CoTaskMemFree (pv=0x2846d0) [0081.376] VerQueryValueW (in: pBlock=0x2b16fb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12dc08, puLen=0x12dc00 | out: lplpBuffer=0x12dc08*=0x2b17218, puLen=0x12dc00) returned 1 [0081.376] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0081.376] CoTaskMemAlloc (cb=0x44) returned 0x289200 [0081.376] lstrcpyW (in: lpString1=0x289200, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0081.376] CoTaskMemFree (pv=0x289200) [0081.376] VerQueryValueW (in: pBlock=0x2b16fb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12dc08, puLen=0x12dc00 | out: lplpBuffer=0x12dc08*=0x2b17280, puLen=0x12dc00) returned 1 [0081.376] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0081.376] CoTaskMemAlloc (cb=0x76) returned 0x238820 [0081.376] lstrcpyW (in: lpString1=0x238820, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0081.376] CoTaskMemFree (pv=0x238820) [0081.376] VerQueryValueW (in: pBlock=0x2b16fb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12dc08, puLen=0x12dc00 | out: lplpBuffer=0x12dc08*=0x2b1731c, puLen=0x12dc00) returned 1 [0081.376] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0081.376] CoTaskMemAlloc (cb=0x44) returned 0x289200 [0081.376] lstrcpyW (in: lpString1=0x289200, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0081.376] CoTaskMemFree (pv=0x289200) [0081.376] VerQueryValueW (in: pBlock=0x2b16fb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12dc08, puLen=0x12dc00 | out: lplpBuffer=0x12dc08*=0x2b17380, puLen=0x12dc00) returned 1 [0081.376] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0081.377] CoTaskMemAlloc (cb=0x58) returned 0x1fd0b0 [0081.377] lstrcpyW (in: lpString1=0x1fd0b0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0081.377] CoTaskMemFree (pv=0x1fd0b0) [0081.377] VerQueryValueW (in: pBlock=0x2b16fb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12dc08, puLen=0x12dc00 | out: lplpBuffer=0x12dc08*=0x2b173fc, puLen=0x12dc00) returned 1 [0081.377] lstrlenW (lpString="6.1.7601.17514") returned 14 [0081.377] CoTaskMemAlloc (cb=0x20) returned 0x2846d0 [0081.377] lstrcpyW (in: lpString1=0x2846d0, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0081.377] CoTaskMemFree (pv=0x2846d0) [0081.377] VerQueryValueW (in: pBlock=0x2b16fb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12dc08, puLen=0x12dc00 | out: lplpBuffer=0x12dc08*=0x2b170a4, puLen=0x12dc00) returned 1 [0081.377] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0081.377] CoTaskMemAlloc (cb=0x66) returned 0x20ed40 [0081.377] lstrcpyW (in: lpString1=0x20ed40, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0081.377] CoTaskMemFree (pv=0x20ed40) [0081.377] VerQueryValueW (in: pBlock=0x2b16fb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12dc08, puLen=0x12dc00 | out: lplpBuffer=0x12dc08*=0x0, puLen=0x12dc00) returned 0 [0081.377] VerQueryValueW (in: pBlock=0x2b16fb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12dc08, puLen=0x12dc00 | out: lplpBuffer=0x12dc08*=0x0, puLen=0x12dc00) returned 0 [0081.377] VerQueryValueW (in: pBlock=0x2b16fb0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12dc08, puLen=0x12dc00 | out: lplpBuffer=0x12dc08*=0x0, puLen=0x12dc00) returned 0 [0081.377] VerQueryValueW (in: pBlock=0x2b16fb0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dbd8, puLen=0x12dbd0 | out: lplpBuffer=0x12dbd8*=0x2b1704c, puLen=0x12dbd0) returned 1 [0081.379] CoTaskMemAlloc (cb=0x204) returned 0x242b70 [0081.379] VerLanguageNameW (in: wLang=0x0, szLang=0x242b70, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0081.380] CoTaskMemFree (pv=0x242b70) [0081.380] VerQueryValueW (in: pBlock=0x2b16fb0, lpSubBlock="\\", lplpBuffer=0x12dc28, puLen=0x12dc20 | out: lplpBuffer=0x12dc28*=0x2b16fd8, puLen=0x12dc20) returned 1 [0081.387] GetCurrentProcessId () returned 0x15c [0081.407] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x12cb50 | out: lpLuid=0x12cb50*(LowPart=0x14, HighPart=0)) returned 1 [0081.411] GetCurrentProcess () returned 0xffffffffffffffff [0081.412] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x12cb70 | out: TokenHandle=0x12cb70*=0x2fc) returned 1 [0081.413] AdjustTokenPrivileges (in: TokenHandle=0x2fc, DisableAllPrivileges=0, NewState=0x2b1a828*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0081.415] CloseHandle (hObject=0x2fc) returned 1 [0081.420] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x15c) returned 0x2fc [0081.433] EnumProcessModules (in: hProcess=0x2fc, lphModule=0x2b1a890, cb=0x200, lpcbNeeded=0x12db88 | out: lphModule=0x2b1a890, lpcbNeeded=0x12db88) returned 1 [0081.436] GetModuleInformation (in: hProcess=0x2fc, hModule=0x13fa70000, lpmodinfo=0x2b1ab00, cb=0x18 | out: lpmodinfo=0x2b1ab00*(lpBaseOfDll=0x13fa70000, SizeOfImage=0x77000, EntryPoint=0x13fa7c63c)) returned 1 [0081.438] CoTaskMemAlloc (cb=0x804) returned 0x294900 [0081.438] GetModuleBaseNameW (in: hProcess=0x2fc, hModule=0x13fa70000, lpBaseName=0x294900, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0081.438] CoTaskMemFree (pv=0x294900) [0081.439] CoTaskMemAlloc (cb=0x804) returned 0x294900 [0081.439] GetModuleFileNameExW (in: hProcess=0x2fc, hModule=0x13fa70000, lpFilename=0x294900, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0081.439] CoTaskMemFree (pv=0x294900) [0081.440] CloseHandle (hObject=0x2fc) returned 1 [0081.450] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x15c) returned 0x2fc [0081.452] GetExitCodeProcess (in: hProcess=0x2fc, lpExitCode=0x12dcb8 | out: lpExitCode=0x12dcb8*=0x103) returned 1 [0081.461] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x12b1b088, Length=0x20000, ResultLength=0x12dc80 | out: SystemInformation=0x12b1b088, ResultLength=0x12dc80*=0x11228) returned 0x0 [0081.479] EnumWindows (lpEnumFunc=0x29766ac, lParam=0x0) returned 1 [0081.480] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x538 [0081.480] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.480] GetWindowThreadProcessId (in: hWnd=0x300ee, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.481] GetWindowThreadProcessId (in: hWnd=0x400c0, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.481] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x514 [0081.481] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.481] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x778 [0081.481] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x778 [0081.481] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.481] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.481] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.482] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.482] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.482] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.482] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.482] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.482] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.482] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x458 [0081.482] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.483] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.483] GetWindowThreadProcessId (in: hWnd=0x5011c, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x598 [0081.483] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x9e8 [0081.483] GetWindowThreadProcessId (in: hWnd=0x900a6, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.483] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.483] GetWindowThreadProcessId (in: hWnd=0x400d0, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.483] GetWindowThreadProcessId (in: hWnd=0x400f0, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.483] GetWindowThreadProcessId (in: hWnd=0x300de, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.483] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.484] GetWindowThreadProcessId (in: hWnd=0x400c4, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.484] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.484] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x9d8 [0081.484] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x9c8 [0081.484] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x9b0 [0081.484] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x9a0 [0081.484] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x990 [0081.484] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x980 [0081.485] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x970 [0081.485] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x960 [0081.485] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x950 [0081.485] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x940 [0081.485] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x930 [0081.485] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x920 [0081.485] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x910 [0081.485] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x900 [0081.486] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x8f0 [0081.486] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x8e0 [0081.486] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x8d0 [0081.486] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x8c0 [0081.486] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x8b0 [0081.486] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x8a0 [0081.486] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x890 [0081.486] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x880 [0081.487] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x870 [0081.487] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x860 [0081.487] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x850 [0081.487] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x840 [0081.487] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x830 [0081.487] GetWindowThreadProcessId (in: hWnd=0x101f2, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x820 [0081.487] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x810 [0081.487] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x78c [0081.488] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x408 [0081.488] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x31c [0081.488] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x738 [0081.488] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x644 [0081.490] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x51c [0081.490] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x484 [0081.491] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x23c [0081.491] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x434 [0081.491] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x7b4 [0081.491] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4fc [0081.491] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x648 [0081.491] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x620 [0081.491] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x664 [0081.491] GetWindowThreadProcessId (in: hWnd=0x101b2, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x7dc [0081.492] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x6c0 [0081.492] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x318 [0081.492] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x7e0 [0081.492] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x600 [0081.492] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x3b4 [0081.492] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x304 [0081.492] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x7cc [0081.493] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x414 [0081.493] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x7e8 [0081.493] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x174 [0081.493] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x7a0 [0081.493] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x208 [0081.493] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x60c [0081.493] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x730 [0081.493] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x6a4 [0081.494] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x32c [0081.494] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x670 [0081.494] GetWindowThreadProcessId (in: hWnd=0x20164, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x43c [0081.494] GetWindowThreadProcessId (in: hWnd=0xa010e, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x6ec [0081.494] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4f0 [0081.494] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x514 [0081.494] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x50c [0081.494] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x514 [0081.495] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x50c [0081.495] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x514 [0081.495] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4f0 [0081.495] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4f0 [0081.495] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x58c [0081.495] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x578 [0081.495] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x458 [0081.495] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x530 [0081.496] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.496] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x508 [0081.496] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.496] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4f4 [0081.496] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.496] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.496] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x794 [0081.496] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.496] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.497] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x458 [0081.497] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x458 [0081.497] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x448 [0081.497] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x778 [0081.497] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x458 [0081.519] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x538 [0081.519] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.519] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4ac [0081.519] GetWindowThreadProcessId (in: hWnd=0x50114, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x534 [0081.520] GetWindowThreadProcessId (in: hWnd=0x6011a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x534 [0081.520] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x9e8 [0081.520] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x9d8 [0081.520] GetWindowThreadProcessId (in: hWnd=0x1025c, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x9c8 [0081.520] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x9b0 [0081.520] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x9a0 [0081.520] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x990 [0081.520] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x980 [0081.521] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x970 [0081.521] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x960 [0081.521] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x950 [0081.521] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x940 [0081.521] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x930 [0081.521] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x920 [0081.521] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x910 [0081.521] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x900 [0081.521] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x8f0 [0081.522] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x8e0 [0081.522] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x8d0 [0081.522] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x8c0 [0081.522] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x8b0 [0081.522] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x8a0 [0081.522] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x890 [0081.522] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x880 [0081.522] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x870 [0081.522] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x860 [0081.523] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x850 [0081.523] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x840 [0081.523] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x830 [0081.523] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x820 [0081.523] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x810 [0081.523] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x78c [0081.523] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x408 [0081.523] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x31c [0081.524] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x738 [0081.524] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x644 [0081.524] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x51c [0081.524] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x484 [0081.524] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x23c [0081.524] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x434 [0081.524] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x7b4 [0081.524] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4fc [0081.524] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x648 [0081.525] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x620 [0081.525] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x664 [0081.525] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x7dc [0081.525] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x6c0 [0081.525] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x318 [0081.525] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x7e0 [0081.525] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x600 [0081.525] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x3b4 [0081.525] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x304 [0081.526] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x7cc [0081.526] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x414 [0081.526] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x7e8 [0081.526] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x174 [0081.526] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x7a0 [0081.526] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x208 [0081.526] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x60c [0081.526] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x730 [0081.527] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x6a4 [0081.527] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x32c [0081.527] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x670 [0081.527] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x43c [0081.527] GetWindowThreadProcessId (in: hWnd=0x40106, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x6ec [0081.527] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x50c [0081.527] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x514 [0081.527] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4f0 [0081.527] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x58c [0081.528] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x458 [0081.528] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x4f4 [0081.528] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x794 [0081.528] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x458 [0081.528] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0x12d9e0 | out: lpdwProcessId=0x12d9e0) returned 0x778 [0081.533] WerSetFlags () returned 0x0 [0081.542] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1 [0081.542] CoTaskMemFree (pv=0x0) [0081.543] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12dd48, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12dd40 | out: pulNumLanguages=0x12dd48, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0x12dd40) returned 1 [0081.544] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0x12dd48, pwszLanguagesBuffer=0x2b41310, pcchLanguagesBuffer=0x12dd40 | out: pulNumLanguages=0x12dd48, pwszLanguagesBuffer=0x2b41310, pcchLanguagesBuffer=0x12dd40) returned 1 [0081.550] CoTaskMemAlloc (cb=0x24) returned 0x2844c0 [0081.550] GetUserDefaultLocaleName (in: lpLocaleName=0x2844c0, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6 [0081.551] CoTaskMemFree (pv=0x2844c0) [0081.583] CoTaskMemAlloc (cb=0x104) returned 0x291390 [0081.583] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0081.583] CoTaskMemFree (pv=0x291390) [0081.586] CoTaskMemAlloc (cb=0x104) returned 0x291390 [0081.586] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0081.586] CoTaskMemFree (pv=0x291390) [0081.589] CoTaskMemAlloc (cb=0x104) returned 0x291390 [0081.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0081.589] CoTaskMemFree (pv=0x291390) [0081.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0081.602] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0081.602] SetErrorMode (uMode=0x1) returned 0x1 [0081.602] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0x12d9c0 | out: lpFileInformation=0x12d9c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0081.603] SetErrorMode (uMode=0x1) returned 0x1 [0081.603] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0x12dc30 | out: lpdwHandle=0x12dc30) returned 0x94c [0081.604] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2b44ba0 | out: lpData=0x2b44ba0) returned 1 [0081.605] VerQueryValueW (in: pBlock=0x2b44ba0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dba8, puLen=0x12dba0 | out: lplpBuffer=0x12dba8*=0x2b44c3c, puLen=0x12dba0) returned 1 [0081.605] VerQueryValueW (in: pBlock=0x2b44ba0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0x12db18, puLen=0x12db10 | out: lplpBuffer=0x12db18*=0x2b44d18, puLen=0x12db10) returned 1 [0081.605] lstrlenW (lpString="Microsoft Corporation") returned 21 [0081.605] CoTaskMemAlloc (cb=0x2e) returned 0x28a4d0 [0081.605] lstrcpyW (in: lpString1=0x28a4d0, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0081.606] CoTaskMemFree (pv=0x28a4d0) [0081.606] VerQueryValueW (in: pBlock=0x2b44ba0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0x12db18, puLen=0x12db10 | out: lplpBuffer=0x12db18*=0x2b44d6c, puLen=0x12db10) returned 1 [0081.606] lstrlenW (lpString="System.Management.Automation") returned 28 [0081.606] CoTaskMemAlloc (cb=0x3c) returned 0x297bd0 [0081.606] lstrcpyW (in: lpString1=0x297bd0, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0081.607] CoTaskMemFree (pv=0x297bd0) [0081.607] VerQueryValueW (in: pBlock=0x2b44ba0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0x12db18, puLen=0x12db10 | out: lplpBuffer=0x12db18*=0x2b44dc8, puLen=0x12db10) returned 1 [0081.607] lstrlenW (lpString="6.1.7601.17514") returned 14 [0081.607] CoTaskMemAlloc (cb=0x20) returned 0x290650 [0081.607] lstrcpyW (in: lpString1=0x290650, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0081.607] CoTaskMemFree (pv=0x290650) [0081.607] VerQueryValueW (in: pBlock=0x2b44ba0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0x12db18, puLen=0x12db10 | out: lplpBuffer=0x12db18*=0x2b44e08, puLen=0x12db10) returned 1 [0081.607] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0081.607] CoTaskMemAlloc (cb=0x44) returned 0x297bd0 [0081.607] lstrcpyW (in: lpString1=0x297bd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0081.607] CoTaskMemFree (pv=0x297bd0) [0081.607] VerQueryValueW (in: pBlock=0x2b44ba0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0x12db18, puLen=0x12db10 | out: lplpBuffer=0x12db18*=0x2b44e70, puLen=0x12db10) returned 1 [0081.607] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0081.607] CoTaskMemAlloc (cb=0x76) returned 0x238820 [0081.607] lstrcpyW (in: lpString1=0x238820, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0081.607] CoTaskMemFree (pv=0x238820) [0081.608] VerQueryValueW (in: pBlock=0x2b44ba0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0x12db18, puLen=0x12db10 | out: lplpBuffer=0x12db18*=0x2b44f0c, puLen=0x12db10) returned 1 [0081.608] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0081.608] CoTaskMemAlloc (cb=0x44) returned 0x297bd0 [0081.608] lstrcpyW (in: lpString1=0x297bd0, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0081.608] CoTaskMemFree (pv=0x297bd0) [0081.608] VerQueryValueW (in: pBlock=0x2b44ba0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0x12db18, puLen=0x12db10 | out: lplpBuffer=0x12db18*=0x2b44f70, puLen=0x12db10) returned 1 [0081.608] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0081.608] CoTaskMemAlloc (cb=0x58) returned 0x1fcff0 [0081.608] lstrcpyW (in: lpString1=0x1fcff0, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0081.608] CoTaskMemFree (pv=0x1fcff0) [0081.608] VerQueryValueW (in: pBlock=0x2b44ba0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0x12db18, puLen=0x12db10 | out: lplpBuffer=0x12db18*=0x2b44fec, puLen=0x12db10) returned 1 [0081.608] lstrlenW (lpString="6.1.7601.17514") returned 14 [0081.608] CoTaskMemAlloc (cb=0x20) returned 0x290650 [0081.608] lstrcpyW (in: lpString1=0x290650, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0081.608] CoTaskMemFree (pv=0x290650) [0081.608] VerQueryValueW (in: pBlock=0x2b44ba0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0x12db18, puLen=0x12db10 | out: lplpBuffer=0x12db18*=0x2b44c94, puLen=0x12db10) returned 1 [0081.608] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0081.608] CoTaskMemAlloc (cb=0x66) returned 0x20eb80 [0081.608] lstrcpyW (in: lpString1=0x20eb80, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0081.608] CoTaskMemFree (pv=0x20eb80) [0081.608] VerQueryValueW (in: pBlock=0x2b44ba0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0x12db18, puLen=0x12db10 | out: lplpBuffer=0x12db18*=0x0, puLen=0x12db10) returned 0 [0081.609] VerQueryValueW (in: pBlock=0x2b44ba0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0x12db18, puLen=0x12db10 | out: lplpBuffer=0x12db18*=0x0, puLen=0x12db10) returned 0 [0081.609] VerQueryValueW (in: pBlock=0x2b44ba0, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0x12db18, puLen=0x12db10 | out: lplpBuffer=0x12db18*=0x0, puLen=0x12db10) returned 0 [0081.609] VerQueryValueW (in: pBlock=0x2b44ba0, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0x12dae8, puLen=0x12dae0 | out: lplpBuffer=0x12dae8*=0x2b44c3c, puLen=0x12dae0) returned 1 [0081.609] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0081.609] VerLanguageNameW (in: wLang=0x0, szLang=0x242960, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0081.609] CoTaskMemFree (pv=0x242960) [0081.609] VerQueryValueW (in: pBlock=0x2b44ba0, lpSubBlock="\\", lplpBuffer=0x12db38, puLen=0x12db30 | out: lplpBuffer=0x12db38*=0x2b44bc8, puLen=0x12db30) returned 1 [0081.618] CoTaskMemAlloc (cb=0x104) returned 0x291390 [0081.618] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0081.618] CoTaskMemFree (pv=0x291390) [0081.624] CoTaskMemAlloc (cb=0x104) returned 0x291390 [0081.624] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0081.624] CoTaskMemFree (pv=0x291390) [0081.629] lstrlenW (lpString="䅁") returned 1 [0081.643] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12da08 | out: phkResult=0x12da08*=0x314) returned 0x0 [0081.644] RegOpenKeyExW (in: hKey=0x314, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d9f8 | out: phkResult=0x12d9f8*=0x318) returned 0x0 [0081.644] RegOpenKeyExW (in: hKey=0x318, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12da88 | out: phkResult=0x12da88*=0x31c) returned 0x0 [0081.648] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d9cc, lpData=0x0, lpcbData=0x12d9c8*=0x0 | out: lpType=0x12d9cc*=0x1, lpData=0x0, lpcbData=0x12d9c8*=0x56) returned 0x0 [0081.649] CoTaskMemAlloc (cb=0x5a) returned 0x20ecd0 [0081.649] RegQueryValueExW (in: hKey=0x31c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d99c, lpData=0x20ecd0, lpcbData=0x12d998*=0x56 | out: lpType=0x12d99c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d998*=0x56) returned 0x0 [0081.650] CoTaskMemFree (pv=0x20ecd0) [0081.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0081.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0081.669] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d520, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0081.693] CoTaskMemAlloc (cb=0x104) returned 0x291390 [0081.693] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x291390, nSize=0x80 | out: lpBuffer="") returned 0x0 [0081.693] CoTaskMemFree (pv=0x291390) [0081.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0081.925] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0082.028] CoTaskMemAlloc (cb=0x104) returned 0x29b8f0 [0082.028] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29b8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0082.028] CoTaskMemFree (pv=0x29b8f0) [0082.030] CoTaskMemAlloc (cb=0x104) returned 0x29b8f0 [0082.030] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29b8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0082.030] CoTaskMemFree (pv=0x29b8f0) [0082.066] CoTaskMemAlloc (cb=0x104) returned 0x29b8f0 [0082.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29b8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0082.067] CoTaskMemFree (pv=0x29b8f0) [0082.068] CoTaskMemAlloc (cb=0x104) returned 0x29b8f0 [0082.068] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29b8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0082.069] CoTaskMemFree (pv=0x29b8f0) [0082.069] CoTaskMemAlloc (cb=0x104) returned 0x29b8f0 [0082.069] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29b8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0082.069] CoTaskMemFree (pv=0x29b8f0) [0082.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0082.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0082.346] CoTaskMemAlloc (cb=0x104) returned 0x29b8f0 [0082.346] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29b8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0082.346] CoTaskMemFree (pv=0x29b8f0) [0082.350] CoTaskMemAlloc (cb=0x104) returned 0x29b8f0 [0082.350] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x29b8f0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0082.350] CoTaskMemFree (pv=0x29b8f0) [0082.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0082.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0082.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0082.900] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0083.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0083.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0083.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0083.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0083.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0083.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0083.656] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0083.656] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0083.656] CoTaskMemFree (pv=0x2b95c0) [0083.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0083.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0083.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0083.668] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0083.745] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0x12d6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0083.745] SetErrorMode (uMode=0x1) returned 0x1 [0083.745] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0x12d960 | out: lpFileInformation=0x12d960*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0083.745] SetErrorMode (uMode=0x1) returned 0x1 [0083.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0083.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0083.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d710, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0083.967] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0083.967] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0083.967] CoTaskMemFree (pv=0x2b95c0) [0083.970] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0083.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0083.970] CoTaskMemFree (pv=0x2b95c0) [0083.970] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0083.970] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0083.970] CoTaskMemFree (pv=0x2b95c0) [0083.973] CoCreateGuid (in: pguid=0x12dd28 | out: pguid=0x12dd28*(Data1=0x5c0b8d2a, Data2=0x1b57, Data3=0x4232, Data4=([0]=0x9c, [1]=0x7a, [2]=0x61, [3]=0x3f, [4]=0x27, [5]=0xb5, [6]=0x39, [7]=0x25))) returned 0x0 [0083.977] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0083.977] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0083.977] CoTaskMemFree (pv=0x2b95c0) [0083.980] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0083.980] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0083.980] CoTaskMemFree (pv=0x2b95c0) [0083.983] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0083.983] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0083.983] CoTaskMemFree (pv=0x2b95c0) [0083.989] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0083.991] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x12d9d0 | out: lpConsoleScreenBufferInfo=0x12d9d0) returned 1 [0083.996] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0083.997] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x12d9d0 | out: lpConsoleScreenBufferInfo=0x12d9d0) returned 1 [0083.998] GetVersionExW (in: lpVersionInformation=0x12d960*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x12d960*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0084.001] GetCurrentProcess () returned 0xffffffffffffffff [0084.002] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x2000000, TokenHandle=0x12d9f8 | out: TokenHandle=0x12d9f8*=0x330) returned 1 [0084.006] GetTokenInformation (in: TokenHandle=0x330, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12d918 | out: TokenInformation=0x0, ReturnLength=0x12d918) returned 0 [0084.007] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x20a7a0 [0084.007] GetTokenInformation (in: TokenHandle=0x330, TokenInformationClass=0x8, TokenInformation=0x20a7a0, TokenInformationLength=0x4, ReturnLength=0x12d918 | out: TokenInformation=0x20a7a0, ReturnLength=0x12d918) returned 1 [0084.010] DuplicateTokenEx (in: hExistingToken=0x330, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x12da78 | out: phNewToken=0x12da78*=0x32c) returned 1 [0084.010] GetTokenInformation (in: TokenHandle=0x330, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x12d918 | out: TokenInformation=0x0, ReturnLength=0x12d918) returned 0 [0084.010] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x20a7d0 [0084.010] GetTokenInformation (in: TokenHandle=0x330, TokenInformationClass=0x8, TokenInformation=0x20a7d0, TokenInformationLength=0x4, ReturnLength=0x12d918 | out: TokenInformation=0x20a7d0, ReturnLength=0x12d918) returned 1 [0084.011] CheckTokenMembership (in: TokenHandle=0x32c, SidToCheck=0x2c1f948*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x12da88 | out: IsMember=0x12da88) returned 1 [0084.011] CloseHandle (hObject=0x32c) returned 1 [0084.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.012] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.084] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.089] CoTaskMemAlloc (cb=0x804) returned 0x1b728780 [0084.089] GetConsoleTitleW (in: lpConsoleTitle=0x1b728780, nSize=0x400 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\main.exe") returned 0x2e [0084.090] CoTaskMemFree (pv=0x1b728780) [0084.173] CoTaskMemAlloc (cb=0x804) returned 0x1b728780 [0084.173] GetConsoleTitleW (in: lpConsoleTitle=0x1b728780, nSize=0x400 | out: lpConsoleTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\main.exe") returned 0x2e [0084.173] CoTaskMemFree (pv=0x1b728780) [0084.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.174] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.176] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\main.exe") returned 1 [0084.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.191] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.272] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d550, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.273] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d5a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.280] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d4f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0084.379] SetConsoleCtrlHandler (HandlerRoutine=0x29768dc, Add=1) returned 1 [0084.405] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x334 [0084.407] CoCreateGuid (in: pguid=0x12db70 | out: pguid=0x12db70*(Data1=0x8dab2deb, Data2=0x89df, Data3=0x4f4a, Data4=([0]=0xbd, [1]=0x4d, [2]=0xd0, [3]=0xb3, [4]=0x1, [5]=0x44, [6]=0x10, [7]=0x26))) returned 0x0 [0084.409] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.409] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.409] CoTaskMemFree (pv=0x2b95c0) [0084.438] WinSqmIsOptedIn () returned 0x0 [0084.439] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.439] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.439] CoTaskMemFree (pv=0x2b95c0) [0084.442] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.442] CoTaskMemFree (pv=0x2b95c0) [0084.443] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.443] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.443] CoTaskMemFree (pv=0x2b95c0) [0084.444] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.444] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.444] CoTaskMemFree (pv=0x2b95c0) [0084.446] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.446] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.446] CoTaskMemFree (pv=0x2b95c0) [0084.467] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.467] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.468] CoTaskMemFree (pv=0x2b95c0) [0084.468] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.468] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.468] CoTaskMemFree (pv=0x2b95c0) [0084.469] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.469] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.469] CoTaskMemFree (pv=0x2b95c0) [0084.475] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.475] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.475] CoTaskMemFree (pv=0x2b95c0) [0084.485] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.485] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.485] CoTaskMemFree (pv=0x2b95c0) [0084.490] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.490] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.490] CoTaskMemFree (pv=0x2b95c0) [0084.491] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.491] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.491] CoTaskMemFree (pv=0x2b95c0) [0084.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0084.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0084.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0084.723] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0084.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0084.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0084.845] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0084.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0084.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0084.846] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0084.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0084.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0084.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0084.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cfc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0084.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0084.848] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cf10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0084.851] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.851] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33 [0084.851] CoTaskMemFree (pv=0x2b95c0) [0084.853] CoTaskMemAlloc (cb=0xcc) returned 0x1b726450 [0084.853] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b726450, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0084.854] CoTaskMemFree (pv=0x1b726450) [0084.854] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6e8 | out: phkResult=0x12d6e8*=0x338) returned 0x0 [0084.854] RegQueryValueExW (in: hKey=0x338, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d66c, lpData=0x0, lpcbData=0x12d668*=0x0 | out: lpType=0x12d66c*=0x2, lpData=0x0, lpcbData=0x12d668*=0x6c) returned 0x0 [0084.854] CoTaskMemAlloc (cb=0x70) returned 0x2398a0 [0084.854] RegQueryValueExW (in: hKey=0x338, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d63c, lpData=0x2398a0, lpcbData=0x12d638*=0x6c | out: lpType=0x12d63c*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0x12d638*=0x6c) returned 0x0 [0084.854] CoTaskMemFree (pv=0x2398a0) [0084.854] CoTaskMemAlloc (cb=0xcc) returned 0x1b726450 [0084.854] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x1b726450, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb [0084.854] CoTaskMemFree (pv=0x1b726450) [0084.854] CoTaskMemAlloc (cb=0xcc) returned 0x1b726450 [0084.854] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b726450, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0084.855] CoTaskMemFree (pv=0x1b726450) [0084.858] RegCloseKey (hKey=0x338) returned 0x0 [0084.858] CoTaskMemAlloc (cb=0xcc) returned 0x1b726450 [0084.859] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x1b726450, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0084.859] CoTaskMemFree (pv=0x1b726450) [0084.859] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d6e8 | out: phkResult=0x12d6e8*=0x338) returned 0x0 [0084.859] RegQueryValueExW (in: hKey=0x338, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0x12d66c, lpData=0x0, lpcbData=0x12d668*=0x0 | out: lpType=0x12d66c*=0x0, lpData=0x0, lpcbData=0x12d668*=0x0) returned 0x2 [0084.859] RegCloseKey (hKey=0x338) returned 0x0 [0084.884] CoTaskMemAlloc (cb=0x20c) returned 0x2830c0 [0084.884] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2830c0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0084.886] CoTaskMemFree (pv=0x2830c0) [0084.886] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d270, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0084.887] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1 [0084.900] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.900] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.900] CoTaskMemFree (pv=0x2b95c0) [0084.902] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.902] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.902] CoTaskMemFree (pv=0x2b95c0) [0084.909] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.910] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.910] CoTaskMemFree (pv=0x2b95c0) [0084.910] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.910] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.910] CoTaskMemFree (pv=0x2b95c0) [0084.913] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4d8 | out: phkResult=0x12d4d8*=0x340) returned 0x0 [0084.916] RegQueryValueExW (in: hKey=0x340, lpValueName="path", lpReserved=0x0, lpType=0x12d4ec, lpData=0x0, lpcbData=0x12d4e8*=0x0 | out: lpType=0x12d4ec*=0x1, lpData=0x0, lpcbData=0x12d4e8*=0x74) returned 0x0 [0084.916] RegQueryValueExW (in: hKey=0x340, lpValueName="path", lpReserved=0x0, lpType=0x12d45c, lpData=0x0, lpcbData=0x12d458*=0x0 | out: lpType=0x12d45c*=0x1, lpData=0x0, lpcbData=0x12d458*=0x74) returned 0x0 [0084.916] CoTaskMemAlloc (cb=0x78) returned 0x2398a0 [0084.916] RegQueryValueExW (in: hKey=0x340, lpValueName="path", lpReserved=0x0, lpType=0x12d42c, lpData=0x2398a0, lpcbData=0x12d428*=0x74 | out: lpType=0x12d42c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d428*=0x74) returned 0x0 [0084.917] CoTaskMemFree (pv=0x2398a0) [0084.917] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0084.917] SetErrorMode (uMode=0x1) returned 0x1 [0084.917] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d3b0 | out: lpFileInformation=0x12d3b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0084.917] SetErrorMode (uMode=0x1) returned 0x1 [0084.920] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0084.920] SetErrorMode (uMode=0x1) returned 0x1 [0084.920] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d3b0 | out: lpFileInformation=0x12d3b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0084.920] SetErrorMode (uMode=0x1) returned 0x1 [0084.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0084.926] SetErrorMode (uMode=0x1) returned 0x1 [0084.926] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d3b0 | out: lpFileInformation=0x12d3b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0084.926] SetErrorMode (uMode=0x1) returned 0x1 [0084.931] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.931] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.932] CoTaskMemFree (pv=0x2b95c0) [0084.942] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0084.942] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0084.942] CoTaskMemFree (pv=0x2b95c0) [0084.944] GetACP () returned 0x4e4 [0084.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0084.966] SetErrorMode (uMode=0x1) returned 0x1 [0084.967] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x344 [0084.968] GetFileType (hFile=0x344) returned 0x1 [0084.968] SetErrorMode (uMode=0x1) returned 0x1 [0084.968] GetFileType (hFile=0x344) returned 0x1 [0084.970] ReadFile (in: hFile=0x344, lpBuffer=0x2cab7a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2cab7a8*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0084.972] ReadFile (in: hFile=0x344, lpBuffer=0x2cab7a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2cab7a8*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0084.973] ReadFile (in: hFile=0x344, lpBuffer=0x2cab7a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2cab7a8*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0084.973] ReadFile (in: hFile=0x344, lpBuffer=0x2cab7a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2cab7a8*, lpNumberOfBytesRead=0x12d2e8*=0xcf3, lpOverlapped=0x0) returned 1 [0084.974] ReadFile (in: hFile=0x344, lpBuffer=0x2caac03, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2caac03*, lpNumberOfBytesRead=0x12d2e8*=0x0, lpOverlapped=0x0) returned 1 [0084.974] ReadFile (in: hFile=0x344, lpBuffer=0x2cab7a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2cab7a8*, lpNumberOfBytesRead=0x12d2e8*=0x0, lpOverlapped=0x0) returned 1 [0084.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0084.978] SetErrorMode (uMode=0x1) returned 0x1 [0084.978] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d260 | out: lpFileInformation=0x12d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d6d2bb, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d6d2bb, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe8e83beb, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0084.978] SetErrorMode (uMode=0x1) returned 0x1 [0084.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0084.980] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d348 | out: phkResult=0x12d348*=0x344) returned 0x0 [0084.980] RegQueryValueExW (in: hKey=0x344, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2cc, lpData=0x0, lpcbData=0x12d2c8*=0x0 | out: lpType=0x12d2cc*=0x1, lpData=0x0, lpcbData=0x12d2c8*=0x56) returned 0x0 [0084.980] CoTaskMemAlloc (cb=0x5a) returned 0x29fd60 [0084.980] RegQueryValueExW (in: hKey=0x344, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d29c, lpData=0x29fd60, lpcbData=0x12d298*=0x56 | out: lpType=0x12d29c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d298*=0x56) returned 0x0 [0084.980] CoTaskMemFree (pv=0x29fd60) [0084.980] RegCloseKey (hKey=0x344) returned 0x0 [0084.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0084.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0085.040] GetSystemInfo (in: lpSystemInfo=0x12bf80 | out: lpSystemInfo=0x12bf80*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7fffffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0085.040] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.065] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0085.065] SetErrorMode (uMode=0x1) returned 0x1 [0085.065] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x344 [0085.066] GetFileType (hFile=0x344) returned 0x1 [0085.066] SetErrorMode (uMode=0x1) returned 0x1 [0085.066] GetFileType (hFile=0x344) returned 0x1 [0085.084] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.085] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.089] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.090] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.090] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.090] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.090] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.091] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.091] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.092] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.093] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.093] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.093] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.094] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.094] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.094] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.095] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.097] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.097] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.098] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.098] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.098] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.099] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.099] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.099] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.100] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.100] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.100] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.101] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.101] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.101] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.102] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.102] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.106] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.107] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.107] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.107] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.108] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.108] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.108] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.109] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1000, lpOverlapped=0x0) returned 1 [0085.109] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x1b4, lpOverlapped=0x0) returned 1 [0085.109] ReadFile (in: hFile=0x344, lpBuffer=0x2b753a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d2e8, lpOverlapped=0x0 | out: lpBuffer=0x2b753a0*, lpNumberOfBytesRead=0x12d2e8*=0x0, lpOverlapped=0x0) returned 1 [0085.109] CloseHandle (hObject=0x344) returned 1 [0085.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12d000, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0085.110] SetErrorMode (uMode=0x1) returned 0x1 [0085.110] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d260 | out: lpFileInformation=0x12d260*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe968c5bf, ftCreationTime.dwHighDateTime=0x1c9ea0b, ftLastAccessTime.dwLowDateTime=0xe968c5bf, ftLastAccessTime.dwHighDateTime=0x1c9ea0b, ftLastWriteTime.dwLowDateTime=0xe968c5bf, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0085.110] SetErrorMode (uMode=0x1) returned 0x1 [0085.110] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0085.110] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d348 | out: phkResult=0x12d348*=0x344) returned 0x0 [0085.110] RegQueryValueExW (in: hKey=0x344, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d2cc, lpData=0x0, lpcbData=0x12d2c8*=0x0 | out: lpType=0x12d2cc*=0x1, lpData=0x0, lpcbData=0x12d2c8*=0x56) returned 0x0 [0085.110] CoTaskMemAlloc (cb=0x5a) returned 0x20edb0 [0085.111] RegQueryValueExW (in: hKey=0x344, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d29c, lpData=0x20edb0, lpcbData=0x12d298*=0x56 | out: lpType=0x12d29c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d298*=0x56) returned 0x0 [0085.111] CoTaskMemFree (pv=0x20edb0) [0085.111] RegCloseKey (hKey=0x344) returned 0x0 [0085.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12cf90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0085.111] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0x12ce40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0085.326] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.338] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.342] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.342] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.343] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.343] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.344] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.349] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.361] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.362] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.362] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.362] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.363] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.363] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.364] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.364] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.373] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.381] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.382] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.383] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.384] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.385] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.386] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.386] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.386] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.388] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.388] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.388] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.389] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.389] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.394] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.398] VirtualQuery (in: lpAddress=0x12c040, lpBuffer=0x12cf00, dwLength=0x30 | out: lpBuffer=0x12cf00*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.399] VirtualQuery (in: lpAddress=0x12c040, lpBuffer=0x12cf00, dwLength=0x30 | out: lpBuffer=0x12cf00*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.399] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.401] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.443] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.443] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.444] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.450] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0085.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0085.451] CoTaskMemFree (pv=0x2b95c0) [0085.453] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.458] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.459] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.460] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.461] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.462] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.463] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.465] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.467] VirtualQuery (in: lpAddress=0x12c030, lpBuffer=0x12cef0, dwLength=0x30 | out: lpBuffer=0x12cef0*(BaseAddress=0x12c000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.469] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d4e8 | out: phkResult=0x12d4e8*=0x344) returned 0x0 [0085.469] RegQueryValueExW (in: hKey=0x344, lpValueName="path", lpReserved=0x0, lpType=0x12d4fc, lpData=0x0, lpcbData=0x12d4f8*=0x0 | out: lpType=0x12d4fc*=0x1, lpData=0x0, lpcbData=0x12d4f8*=0x74) returned 0x0 [0085.469] RegQueryValueExW (in: hKey=0x344, lpValueName="path", lpReserved=0x0, lpType=0x12d46c, lpData=0x0, lpcbData=0x12d468*=0x0 | out: lpType=0x12d46c*=0x1, lpData=0x0, lpcbData=0x12d468*=0x74) returned 0x0 [0085.469] CoTaskMemAlloc (cb=0x78) returned 0x2398a0 [0085.469] RegQueryValueExW (in: hKey=0x344, lpValueName="path", lpReserved=0x0, lpType=0x12d43c, lpData=0x2398a0, lpcbData=0x12d438*=0x74 | out: lpType=0x12d43c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0x12d438*=0x74) returned 0x0 [0085.470] CoTaskMemFree (pv=0x2398a0) [0085.470] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0085.470] SetErrorMode (uMode=0x1) returned 0x1 [0085.470] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0x12d3c0 | out: lpFileInformation=0x12d3c0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80093051, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1dba44b2, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1dba44b2, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0085.470] SetErrorMode (uMode=0x1) returned 0x1 [0085.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.471] SetErrorMode (uMode=0x1) returned 0x1 [0085.471] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d3c0 | out: lpFileInformation=0x12d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0085.471] SetErrorMode (uMode=0x1) returned 0x1 [0085.471] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0085.471] SetErrorMode (uMode=0x1) returned 0x1 [0085.471] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d3c0 | out: lpFileInformation=0x12d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0085.471] SetErrorMode (uMode=0x1) returned 0x1 [0085.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.472] SetErrorMode (uMode=0x1) returned 0x1 [0085.472] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d3c0 | out: lpFileInformation=0x12d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0085.472] SetErrorMode (uMode=0x1) returned 0x1 [0085.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.472] SetErrorMode (uMode=0x1) returned 0x1 [0085.472] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d3c0 | out: lpFileInformation=0x12d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0085.472] SetErrorMode (uMode=0x1) returned 0x1 [0085.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0085.473] SetErrorMode (uMode=0x1) returned 0x1 [0085.473] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d3c0 | out: lpFileInformation=0x12d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0085.473] SetErrorMode (uMode=0x1) returned 0x1 [0085.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0085.473] SetErrorMode (uMode=0x1) returned 0x1 [0085.473] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d3c0 | out: lpFileInformation=0x12d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0085.473] SetErrorMode (uMode=0x1) returned 0x1 [0085.473] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0085.473] SetErrorMode (uMode=0x1) returned 0x1 [0085.474] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d3c0 | out: lpFileInformation=0x12d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0085.474] SetErrorMode (uMode=0x1) returned 0x1 [0085.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0085.474] SetErrorMode (uMode=0x1) returned 0x1 [0085.474] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d3c0 | out: lpFileInformation=0x12d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0085.474] SetErrorMode (uMode=0x1) returned 0x1 [0085.474] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0085.474] SetErrorMode (uMode=0x1) returned 0x1 [0085.474] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d3c0 | out: lpFileInformation=0x12d3c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0085.474] SetErrorMode (uMode=0x1) returned 0x1 [0085.475] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0085.475] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0085.475] CoTaskMemFree (pv=0x2b95c0) [0085.481] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0085.481] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0085.482] CoTaskMemFree (pv=0x2b95c0) [0085.483] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0085.483] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0085.483] CoTaskMemFree (pv=0x2b95c0) [0085.485] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0085.485] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0085.485] CoTaskMemFree (pv=0x2b95c0) [0085.486] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.486] SetErrorMode (uMode=0x1) returned 0x1 [0085.486] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x340 [0085.487] GetFileType (hFile=0x340) returned 0x1 [0085.487] SetErrorMode (uMode=0x1) returned 0x1 [0085.487] GetFileType (hFile=0x340) returned 0x1 [0085.487] ReadFile (in: hFile=0x340, lpBuffer=0x321ccb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x321ccb8*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.489] ReadFile (in: hFile=0x340, lpBuffer=0x321ccb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x321ccb8*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.489] ReadFile (in: hFile=0x340, lpBuffer=0x321ccb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x321ccb8*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.490] ReadFile (in: hFile=0x340, lpBuffer=0x321ccb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x321ccb8*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.490] ReadFile (in: hFile=0x340, lpBuffer=0x321ccb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x321ccb8*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.490] ReadFile (in: hFile=0x340, lpBuffer=0x321ccb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x321ccb8*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.491] ReadFile (in: hFile=0x340, lpBuffer=0x321ccb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x321ccb8*, lpNumberOfBytesRead=0x12d058*=0x9e2, lpOverlapped=0x0) returned 1 [0085.491] ReadFile (in: hFile=0x340, lpBuffer=0x321c202, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x321c202*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0085.491] ReadFile (in: hFile=0x340, lpBuffer=0x321ccb8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x321ccb8*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0085.491] CloseHandle (hObject=0x340) returned 1 [0085.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.492] SetErrorMode (uMode=0x1) returned 0x1 [0085.492] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d000 | out: lpFileInformation=0x12d000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67d93418, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67d93418, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e03e37, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0085.492] SetErrorMode (uMode=0x1) returned 0x1 [0085.492] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.492] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0e8 | out: phkResult=0x12d0e8*=0x340) returned 0x0 [0085.492] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d06c, lpData=0x0, lpcbData=0x12d068*=0x0 | out: lpType=0x12d06c*=0x1, lpData=0x0, lpcbData=0x12d068*=0x56) returned 0x0 [0085.492] CoTaskMemAlloc (cb=0x5a) returned 0x20ebf0 [0085.492] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d03c, lpData=0x20ebf0, lpcbData=0x12d038*=0x56 | out: lpType=0x12d03c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d038*=0x56) returned 0x0 [0085.493] CoTaskMemFree (pv=0x20ebf0) [0085.493] RegCloseKey (hKey=0x340) returned 0x0 [0085.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.493] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.504] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xdeec3430, Data2=0x3cd0, Data3=0x4993, Data4=([0]=0x83, [1]=0x57, [2]=0x9b, [3]=0x44, [4]=0x9c, [5]=0xdf, [6]=0x65, [7]=0x3c))) returned 0x0 [0085.519] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x734bffb2, Data2=0xf019, Data3=0x481d, Data4=([0]=0xa9, [1]=0x86, [2]=0xb0, [3]=0xc4, [4]=0xfc, [5]=0x9a, [6]=0xd4, [7]=0x1f))) returned 0x0 [0085.522] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0085.522] SetErrorMode (uMode=0x1) returned 0x1 [0085.523] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x340 [0085.523] GetFileType (hFile=0x340) returned 0x1 [0085.523] SetErrorMode (uMode=0x1) returned 0x1 [0085.523] GetFileType (hFile=0x340) returned 0x1 [0085.523] ReadFile (in: hFile=0x340, lpBuffer=0x3247820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3247820*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.524] ReadFile (in: hFile=0x340, lpBuffer=0x3247820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3247820*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.525] ReadFile (in: hFile=0x340, lpBuffer=0x3247820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3247820*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.526] ReadFile (in: hFile=0x340, lpBuffer=0x3247820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3247820*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.526] ReadFile (in: hFile=0x340, lpBuffer=0x3247820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3247820*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.527] ReadFile (in: hFile=0x340, lpBuffer=0x3247820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3247820*, lpNumberOfBytesRead=0x12d058*=0xfb2, lpOverlapped=0x0) returned 1 [0085.527] ReadFile (in: hFile=0x340, lpBuffer=0x3246f3a, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3246f3a*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0085.527] ReadFile (in: hFile=0x340, lpBuffer=0x3247820, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3247820*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0085.528] CloseHandle (hObject=0x340) returned 1 [0085.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0085.528] SetErrorMode (uMode=0x1) returned 0x1 [0085.528] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d000 | out: lpFileInformation=0x12d000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67f36317, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67f36317, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe6065417, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0085.528] SetErrorMode (uMode=0x1) returned 0x1 [0085.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0085.528] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0e8 | out: phkResult=0x12d0e8*=0x340) returned 0x0 [0085.529] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d06c, lpData=0x0, lpcbData=0x12d068*=0x0 | out: lpType=0x12d06c*=0x1, lpData=0x0, lpcbData=0x12d068*=0x56) returned 0x0 [0085.529] CoTaskMemAlloc (cb=0x5a) returned 0x1b722ca0 [0085.529] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d03c, lpData=0x1b722ca0, lpcbData=0x12d038*=0x56 | out: lpType=0x12d03c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d038*=0x56) returned 0x0 [0085.529] CoTaskMemFree (pv=0x1b722ca0) [0085.529] RegCloseKey (hKey=0x340) returned 0x0 [0085.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0085.529] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0085.532] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x9b911e, Data2=0x148e, Data3=0x4f70, Data4=([0]=0xa0, [1]=0xe3, [2]=0x85, [3]=0x33, [4]=0xb2, [5]=0x53, [6]=0xb5, [7]=0x9))) returned 0x0 [0085.534] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xcfb722b9, Data2=0x9ff4, Data3=0x428a, Data4=([0]=0xa6, [1]=0x4f, [2]=0xa7, [3]=0x6b, [4]=0xbf, [5]=0x3c, [6]=0xdb, [7]=0x31))) returned 0x0 [0085.535] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xe3d1edea, Data2=0xa00b, Data3=0x4205, Data4=([0]=0x94, [1]=0x20, [2]=0xd, [3]=0xca, [4]=0x94, [5]=0x33, [6]=0x6a, [7]=0x4b))) returned 0x0 [0085.536] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x4f28e1ad, Data2=0x2e16, Data3=0x46b5, Data4=([0]=0x97, [1]=0x2a, [2]=0x5d, [3]=0xeb, [4]=0x14, [5]=0x5e, [6]=0x2a, [7]=0xf5))) returned 0x0 [0085.536] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xac1c94ca, Data2=0xa8de, Data3=0x4158, Data4=([0]=0xa5, [1]=0x65, [2]=0x73, [3]=0xf2, [4]=0xd4, [5]=0x76, [6]=0x73, [7]=0xd2))) returned 0x0 [0085.537] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xef3e679b, Data2=0xe1f3, Data3=0x4d7a, Data4=([0]=0x80, [1]=0xc3, [2]=0x25, [3]=0x3e, [4]=0xb6, [5]=0x23, [6]=0x25, [7]=0xbd))) returned 0x0 [0085.537] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.537] SetErrorMode (uMode=0x1) returned 0x1 [0085.538] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x340 [0085.538] GetFileType (hFile=0x340) returned 0x1 [0085.538] SetErrorMode (uMode=0x1) returned 0x1 [0085.538] GetFileType (hFile=0x340) returned 0x1 [0085.538] ReadFile (in: hFile=0x340, lpBuffer=0x3293580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3293580*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.540] ReadFile (in: hFile=0x340, lpBuffer=0x3293580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3293580*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.541] ReadFile (in: hFile=0x340, lpBuffer=0x3293580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3293580*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.541] ReadFile (in: hFile=0x340, lpBuffer=0x3293580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3293580*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.542] ReadFile (in: hFile=0x340, lpBuffer=0x3293580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3293580*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.542] ReadFile (in: hFile=0x340, lpBuffer=0x3293580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3293580*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.542] ReadFile (in: hFile=0x340, lpBuffer=0x3293580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3293580*, lpNumberOfBytesRead=0x12d058*=0xaca, lpOverlapped=0x0) returned 1 [0085.543] ReadFile (in: hFile=0x340, lpBuffer=0x3292bb2, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3292bb2*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0085.543] ReadFile (in: hFile=0x340, lpBuffer=0x3293580, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3293580*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0085.543] CloseHandle (hObject=0x340) returned 1 [0085.543] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.543] SetErrorMode (uMode=0x1) returned 0x1 [0085.543] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d000 | out: lpFileInformation=0x12d000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67ddf6d2, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67ddf6d2, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5dddcd9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0085.543] SetErrorMode (uMode=0x1) returned 0x1 [0085.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.544] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0e8 | out: phkResult=0x12d0e8*=0x340) returned 0x0 [0085.544] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d06c, lpData=0x0, lpcbData=0x12d068*=0x0 | out: lpType=0x12d06c*=0x1, lpData=0x0, lpcbData=0x12d068*=0x56) returned 0x0 [0085.544] CoTaskMemAlloc (cb=0x5a) returned 0x1b722ca0 [0085.544] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d03c, lpData=0x1b722ca0, lpcbData=0x12d038*=0x56 | out: lpType=0x12d03c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d038*=0x56) returned 0x0 [0085.544] CoTaskMemFree (pv=0x1b722ca0) [0085.544] RegCloseKey (hKey=0x340) returned 0x0 [0085.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.544] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c [0085.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0085.593] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0085.601] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.606] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0085.610] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52 [0085.613] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74 [0085.615] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0085.618] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60 [0085.621] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0085.623] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0085.626] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0085.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50 [0085.630] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e [0085.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c [0085.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3c [0085.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0085.636] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0085.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.637] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.638] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.729] VirtualQuery (in: lpAddress=0x12bb80, lpBuffer=0x12ca40, dwLength=0x30 | out: lpBuffer=0x12ca40*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.730] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x1e4dc4f, Data2=0x4508, Data3=0x4e86, Data4=([0]=0xa9, [1]=0x79, [2]=0x40, [3]=0xbe, [4]=0xea, [5]=0x7e, [6]=0xac, [7]=0x35))) returned 0x0 [0085.731] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xeecddb0e, Data2=0x1547, Data3=0x44b4, Data4=([0]=0x83, [1]=0x5b, [2]=0x7e, [3]=0x2e, [4]=0xa6, [5]=0xa8, [6]=0x17, [7]=0xae))) returned 0x0 [0085.732] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.733] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.734] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x813598b, Data2=0x473a, Data3=0x4fed, Data4=([0]=0x9d, [1]=0x1b, [2]=0x8, [3]=0x2, [4]=0xd0, [5]=0x87, [6]=0x71, [7]=0xd8))) returned 0x0 [0085.738] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x9d215c58, Data2=0x5aa0, Data3=0x4797, Data4=([0]=0xbb, [1]=0x2a, [2]=0xc9, [3]=0xe4, [4]=0x17, [5]=0xa8, [6]=0xb0, [7]=0xc0))) returned 0x0 [0085.739] VirtualQuery (in: lpAddress=0x12bf80, lpBuffer=0x12ce40, dwLength=0x30 | out: lpBuffer=0x12ce40*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.740] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.740] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.741] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x60e06e8, Data2=0xee13, Data3=0x4098, Data4=([0]=0x8a, [1]=0xfa, [2]=0xb7, [3]=0x84, [4]=0xda, [5]=0xcd, [6]=0x48, [7]=0x63))) returned 0x0 [0085.741] VirtualQuery (in: lpAddress=0x12bf80, lpBuffer=0x12ce40, dwLength=0x30 | out: lpBuffer=0x12ce40*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.742] VirtualQuery (in: lpAddress=0x12bda0, lpBuffer=0x12cc60, dwLength=0x30 | out: lpBuffer=0x12cc60*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.742] VirtualQuery (in: lpAddress=0x12b5f0, lpBuffer=0x12c4b0, dwLength=0x30 | out: lpBuffer=0x12c4b0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.743] VirtualQuery (in: lpAddress=0x12b5f0, lpBuffer=0x12c4b0, dwLength=0x30 | out: lpBuffer=0x12c4b0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.743] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xf85cbb1a, Data2=0xde31, Data3=0x44be, Data4=([0]=0xaa, [1]=0xa8, [2]=0x73, [3]=0x5f, [4]=0x79, [5]=0x2a, [6]=0x53, [7]=0xa8))) returned 0x0 [0085.744] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x40357285, Data2=0xa9c5, Data3=0x4035, Data4=([0]=0x88, [1]=0xbe, [2]=0xd4, [3]=0xc6, [4]=0x20, [5]=0x58, [6]=0x8b, [7]=0x8d))) returned 0x0 [0085.744] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.745] SetErrorMode (uMode=0x1) returned 0x1 [0085.745] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x340 [0085.745] GetFileType (hFile=0x340) returned 0x1 [0085.745] SetErrorMode (uMode=0x1) returned 0x1 [0085.745] GetFileType (hFile=0x340) returned 0x1 [0085.745] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.747] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.748] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.748] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.749] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.749] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.750] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.750] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.751] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.751] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.752] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.752] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.752] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.753] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.753] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.753] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.755] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.756] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0xbce, lpOverlapped=0x0) returned 1 [0085.756] ReadFile (in: hFile=0x340, lpBuffer=0x33452ae, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x33452ae*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0085.756] ReadFile (in: hFile=0x340, lpBuffer=0x3345b78, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3345b78*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0085.756] CloseHandle (hObject=0x340) returned 1 [0085.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.757] SetErrorMode (uMode=0x1) returned 0x1 [0085.757] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d000 | out: lpFileInformation=0x12d000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e0582f, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e0582f, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e29f95, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0085.757] SetErrorMode (uMode=0x1) returned 0x1 [0085.757] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.757] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0e8 | out: phkResult=0x12d0e8*=0x340) returned 0x0 [0085.757] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d06c, lpData=0x0, lpcbData=0x12d068*=0x0 | out: lpType=0x12d06c*=0x1, lpData=0x0, lpcbData=0x12d068*=0x56) returned 0x0 [0085.757] CoTaskMemAlloc (cb=0x5a) returned 0x1b722bc0 [0085.758] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d03c, lpData=0x1b722bc0, lpcbData=0x12d038*=0x56 | out: lpType=0x12d03c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d038*=0x56) returned 0x0 [0085.758] CoTaskMemFree (pv=0x1b722bc0) [0085.758] RegCloseKey (hKey=0x340) returned 0x0 [0085.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.758] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0085.764] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x5a1eecbb, Data2=0x8bad, Data3=0x47d2, Data4=([0]=0x81, [1]=0x1e, [2]=0xdd, [3]=0x24, [4]=0x42, [5]=0xb9, [6]=0x7b, [7]=0xc3))) returned 0x0 [0085.764] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x6bda42f, Data2=0x5991, Data3=0x4689, Data4=([0]=0x9f, [1]=0xaf, [2]=0x53, [3]=0x7e, [4]=0x86, [5]=0x52, [6]=0xb0, [7]=0xf1))) returned 0x0 [0085.765] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x6259fa72, Data2=0x4d78, Data3=0x4813, Data4=([0]=0x82, [1]=0xf6, [2]=0x4b, [3]=0xd1, [4]=0xed, [5]=0x5b, [6]=0xb5, [7]=0x49))) returned 0x0 [0085.765] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xb0da1127, Data2=0xdc38, Data3=0x477e, Data4=([0]=0xb1, [1]=0x11, [2]=0x46, [3]=0x56, [4]=0xbd, [5]=0x7, [6]=0x13, [7]=0xb1))) returned 0x0 [0085.766] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x8fb9bca0, Data2=0x910e, Data3=0x47a6, Data4=([0]=0x80, [1]=0xb1, [2]=0x3, [3]=0xa, [4]=0xbf, [5]=0x33, [6]=0xe4, [7]=0x3c))) returned 0x0 [0085.766] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x41532ad1, Data2=0x7ccb, Data3=0x4bc2, Data4=([0]=0xb1, [1]=0x81, [2]=0x76, [3]=0x49, [4]=0x44, [5]=0xc8, [6]=0x41, [7]=0xa9))) returned 0x0 [0085.766] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.767] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x5df7ff79, Data2=0xb247, Data3=0x4032, Data4=([0]=0x89, [1]=0x8e, [2]=0x6f, [3]=0xdd, [4]=0x7, [5]=0x53, [6]=0xba, [7]=0x64))) returned 0x0 [0085.767] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.768] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.768] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xf8e47db9, Data2=0xec10, Data3=0x4c1f, Data4=([0]=0xbf, [1]=0x35, [2]=0x41, [3]=0xa4, [4]=0x65, [5]=0x60, [6]=0x3, [7]=0xd1))) returned 0x0 [0085.769] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xd5b35d05, Data2=0x3d45, Data3=0x441a, Data4=([0]=0x86, [1]=0x4f, [2]=0xd8, [3]=0xce, [4]=0x2a, [5]=0xc, [6]=0x92, [7]=0x48))) returned 0x0 [0085.769] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x3134a8de, Data2=0x51ef, Data3=0x46f9, Data4=([0]=0xa8, [1]=0xa3, [2]=0x8f, [3]=0xa, [4]=0x92, [5]=0xff, [6]=0xf9, [7]=0xf8))) returned 0x0 [0085.769] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xdbd1d73f, Data2=0x351a, Data3=0x4f6b, Data4=([0]=0xb5, [1]=0xff, [2]=0xf5, [3]=0xe5, [4]=0x3e, [5]=0x34, [6]=0x74, [7]=0x95))) returned 0x0 [0085.770] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.770] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xbda37e33, Data2=0x45e, Data3=0x495b, Data4=([0]=0x9d, [1]=0xa8, [2]=0x39, [3]=0xae, [4]=0x66, [5]=0xc4, [6]=0x65, [7]=0xf6))) returned 0x0 [0085.771] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.771] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.772] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.773] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.773] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.774] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xfcb89076, Data2=0x7f19, Data3=0x430e, Data4=([0]=0x82, [1]=0x6b, [2]=0xb9, [3]=0x32, [4]=0xf3, [5]=0x21, [6]=0x4e, [7]=0x80))) returned 0x0 [0085.774] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x73bbe609, Data2=0x6b29, Data3=0x441c, Data4=([0]=0xbc, [1]=0xe4, [2]=0xfa, [3]=0xb7, [4]=0x94, [5]=0xe0, [6]=0x95, [7]=0x2c))) returned 0x0 [0085.775] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x120c1dd0, Data2=0xbb37, Data3=0x415d, Data4=([0]=0x97, [1]=0x84, [2]=0x5a, [3]=0x48, [4]=0x14, [5]=0x33, [6]=0x9b, [7]=0x9))) returned 0x0 [0085.775] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xf3803bf3, Data2=0x6826, Data3=0x467b, Data4=([0]=0xb6, [1]=0xb7, [2]=0x52, [3]=0xbb, [4]=0x83, [5]=0x68, [6]=0xef, [7]=0xf7))) returned 0x0 [0085.776] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x3d56c3fb, Data2=0xbf2b, Data3=0x43a7, Data4=([0]=0x94, [1]=0x96, [2]=0x99, [3]=0xf, [4]=0xff, [5]=0x8f, [6]=0xf8, [7]=0xa))) returned 0x0 [0085.776] VirtualQuery (in: lpAddress=0x12bf80, lpBuffer=0x12ce40, dwLength=0x30 | out: lpBuffer=0x12ce40*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.777] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x1a7b529d, Data2=0x5b3d, Data3=0x4c0e, Data4=([0]=0x89, [1]=0x9e, [2]=0x6f, [3]=0x43, [4]=0x97, [5]=0xe9, [6]=0x4e, [7]=0x18))) returned 0x0 [0085.777] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xfbdd701b, Data2=0x6f30, Data3=0x4da5, Data4=([0]=0xbd, [1]=0xbc, [2]=0x1f, [3]=0xe6, [4]=0x76, [5]=0xf8, [6]=0xcd, [7]=0x67))) returned 0x0 [0085.778] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x2d584c8f, Data2=0x3dda, Data3=0x4b1c, Data4=([0]=0xa4, [1]=0x25, [2]=0x59, [3]=0x11, [4]=0x0, [5]=0xca, [6]=0x70, [7]=0xc4))) returned 0x0 [0085.778] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x106cd10b, Data2=0x6771, Data3=0x438d, Data4=([0]=0x84, [1]=0x6d, [2]=0x24, [3]=0xfd, [4]=0x9f, [5]=0x89, [6]=0xfb, [7]=0x8e))) returned 0x0 [0085.779] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x1f17f2cf, Data2=0xa0e3, Data3=0x49c3, Data4=([0]=0xb8, [1]=0x4a, [2]=0x55, [3]=0x11, [4]=0xbd, [5]=0xec, [6]=0x47, [7]=0x7b))) returned 0x0 [0085.779] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x15e048e5, Data2=0x7746, Data3=0x46eb, Data4=([0]=0x84, [1]=0xdf, [2]=0x9b, [3]=0x95, [4]=0x2c, [5]=0x69, [6]=0xc3, [7]=0xd))) returned 0x0 [0085.779] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x6f7bffab, Data2=0x8fb5, Data3=0x4e16, Data4=([0]=0xa9, [1]=0x46, [2]=0x39, [3]=0x8e, [4]=0x40, [5]=0x80, [6]=0x3c, [7]=0xa9))) returned 0x0 [0085.780] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x6f1f00fe, Data2=0x4476, Data3=0x4ef0, Data4=([0]=0x9c, [1]=0x2e, [2]=0x6c, [3]=0x6e, [4]=0x8f, [5]=0x99, [6]=0xe8, [7]=0x72))) returned 0x0 [0085.780] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xb430bb4b, Data2=0x83c6, Data3=0x4774, Data4=([0]=0xb1, [1]=0x7, [2]=0x84, [3]=0xd6, [4]=0x8a, [5]=0xe2, [6]=0x3b, [7]=0xe6))) returned 0x0 [0085.781] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xf64d36b0, Data2=0x2a57, Data3=0x443d, Data4=([0]=0x91, [1]=0x77, [2]=0xca, [3]=0xef, [4]=0x30, [5]=0x60, [6]=0x4f, [7]=0xc2))) returned 0x0 [0085.781] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xd1b6cd00, Data2=0x1185, Data3=0x4a40, Data4=([0]=0x9b, [1]=0xcd, [2]=0xb9, [3]=0xe9, [4]=0x76, [5]=0x73, [6]=0xf5, [7]=0x25))) returned 0x0 [0085.782] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x6ea63da3, Data2=0xe624, Data3=0x4175, Data4=([0]=0xaf, [1]=0x77, [2]=0x40, [3]=0x1a, [4]=0xe2, [5]=0x3d, [6]=0xae, [7]=0x71))) returned 0x0 [0085.782] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x193592e6, Data2=0x1cea, Data3=0x4a10, Data4=([0]=0x8b, [1]=0xa4, [2]=0xcb, [3]=0xbe, [4]=0xbd, [5]=0x8c, [6]=0x76, [7]=0x4f))) returned 0x0 [0085.782] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xd74926fe, Data2=0x38f, Data3=0x4992, Data4=([0]=0xaa, [1]=0x1a, [2]=0x12, [3]=0xc2, [4]=0x7c, [5]=0xf5, [6]=0x55, [7]=0x26))) returned 0x0 [0085.782] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xac790e5b, Data2=0xcbd7, Data3=0x419f, Data4=([0]=0x8a, [1]=0x79, [2]=0xf6, [3]=0xd5, [4]=0x63, [5]=0xc3, [6]=0x17, [7]=0xad))) returned 0x0 [0085.783] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x7cd01a3, Data2=0x4324, Data3=0x4927, Data4=([0]=0xaf, [1]=0x81, [2]=0xc3, [3]=0xdc, [4]=0xca, [5]=0xfd, [6]=0xe4, [7]=0x73))) returned 0x0 [0085.784] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xe54fdca3, Data2=0xd8c1, Data3=0x45e1, Data4=([0]=0xa1, [1]=0xff, [2]=0x63, [3]=0xc7, [4]=0x93, [5]=0x24, [6]=0xd9, [7]=0xab))) returned 0x0 [0085.784] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x6a49c098, Data2=0xbd9b, Data3=0x47c0, Data4=([0]=0x91, [1]=0xcb, [2]=0xfb, [3]=0xa1, [4]=0x8f, [5]=0x80, [6]=0xd1, [7]=0x2e))) returned 0x0 [0085.784] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x4bbc7a11, Data2=0xf608, Data3=0x4410, Data4=([0]=0x80, [1]=0x1e, [2]=0x3d, [3]=0x77, [4]=0x7d, [5]=0x33, [6]=0x77, [7]=0xc8))) returned 0x0 [0085.785] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.785] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.788] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.789] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xe9214bb3, Data2=0xab3d, Data3=0x4989, Data4=([0]=0x99, [1]=0x45, [2]=0x59, [3]=0x2b, [4]=0xf3, [5]=0xca, [6]=0xcf, [7]=0x6))) returned 0x0 [0085.790] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0085.790] SetErrorMode (uMode=0x1) returned 0x1 [0085.790] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x340 [0085.790] GetFileType (hFile=0x340) returned 0x1 [0085.790] SetErrorMode (uMode=0x1) returned 0x1 [0085.791] GetFileType (hFile=0x340) returned 0x1 [0085.791] ReadFile (in: hFile=0x340, lpBuffer=0x3456160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3456160*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.792] ReadFile (in: hFile=0x340, lpBuffer=0x3456160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3456160*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.793] ReadFile (in: hFile=0x340, lpBuffer=0x3456160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3456160*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.793] ReadFile (in: hFile=0x340, lpBuffer=0x3456160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3456160*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.794] ReadFile (in: hFile=0x340, lpBuffer=0x3456160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3456160*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.795] ReadFile (in: hFile=0x340, lpBuffer=0x3456160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3456160*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.795] ReadFile (in: hFile=0x340, lpBuffer=0x3456160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3456160*, lpNumberOfBytesRead=0x12d058*=0x119, lpOverlapped=0x0) returned 1 [0085.795] ReadFile (in: hFile=0x340, lpBuffer=0x3456160, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3456160*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0085.795] CloseHandle (hObject=0x340) returned 1 [0085.795] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0085.795] SetErrorMode (uMode=0x1) returned 0x1 [0085.795] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d000 | out: lpFileInformation=0x12d000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e2b98c, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e2b98c, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e76251, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0085.796] SetErrorMode (uMode=0x1) returned 0x1 [0085.796] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0085.796] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0e8 | out: phkResult=0x12d0e8*=0x340) returned 0x0 [0085.796] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d06c, lpData=0x0, lpcbData=0x12d068*=0x0 | out: lpType=0x12d06c*=0x1, lpData=0x0, lpcbData=0x12d068*=0x56) returned 0x0 [0085.796] CoTaskMemAlloc (cb=0x5a) returned 0x1b722bc0 [0085.796] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d03c, lpData=0x1b722bc0, lpcbData=0x12d038*=0x56 | out: lpType=0x12d03c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d038*=0x56) returned 0x0 [0085.796] CoTaskMemFree (pv=0x1b722bc0) [0085.796] RegCloseKey (hKey=0x340) returned 0x0 [0085.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0085.797] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0085.798] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c670, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.799] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.799] VirtualQuery (in: lpAddress=0x12bb80, lpBuffer=0x12ca40, dwLength=0x30 | out: lpBuffer=0x12ca40*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.799] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xa22a8547, Data2=0x2420, Data3=0x4072, Data4=([0]=0x81, [1]=0xd4, [2]=0xc1, [3]=0xc6, [4]=0x9c, [5]=0x2c, [6]=0x1d, [7]=0x40))) returned 0x0 [0085.799] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.800] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x415491d8, Data2=0x7277, Data3=0x4b33, Data4=([0]=0xb3, [1]=0xa4, [2]=0x45, [3]=0x3d, [4]=0x1a, [5]=0xae, [6]=0xe7, [7]=0xee))) returned 0x0 [0085.800] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x601c56ca, Data2=0x1b87, Data3=0x4797, Data4=([0]=0xaf, [1]=0x23, [2]=0x5e, [3]=0x0, [4]=0xbe, [5]=0xf6, [6]=0x5b, [7]=0x24))) returned 0x0 [0085.800] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xc1a7a371, Data2=0x56fb, Data3=0x48be, Data4=([0]=0x92, [1]=0x2d, [2]=0xa0, [3]=0x60, [4]=0xbf, [5]=0x64, [6]=0xe2, [7]=0x81))) returned 0x0 [0085.800] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.801] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.801] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cad0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0085.801] SetErrorMode (uMode=0x1) returned 0x1 [0085.801] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x340 [0085.801] GetFileType (hFile=0x340) returned 0x1 [0085.801] SetErrorMode (uMode=0x1) returned 0x1 [0085.801] GetFileType (hFile=0x340) returned 0x1 [0085.802] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.804] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.805] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.805] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.806] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.806] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.807] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.807] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.808] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.808] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.809] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.809] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.809] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.810] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.810] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.810] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.813] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.813] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.813] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.814] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.814] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.814] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.815] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.815] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.815] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.816] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.816] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.817] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.817] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.817] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.818] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.818] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.822] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.822] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.823] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.823] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.823] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.824] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.824] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.824] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.825] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.825] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.825] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.825] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.825] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.826] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.826] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.826] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.826] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.826] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.827] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.827] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.827] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.827] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.827] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.828] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.828] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.828] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.828] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.828] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.829] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.829] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0085.829] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0xf37, lpOverlapped=0x0) returned 1 [0085.829] ReadFile (in: hFile=0x340, lpBuffer=0x34b199f, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b199f*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0085.829] ReadFile (in: hFile=0x340, lpBuffer=0x34b2300, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x34b2300*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0085.830] CloseHandle (hObject=0x340) returned 1 [0085.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cda0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0085.830] SetErrorMode (uMode=0x1) returned 0x1 [0085.830] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d000 | out: lpFileInformation=0x12d000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e51ae9, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e51ae9, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe5e9c3af, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0085.830] SetErrorMode (uMode=0x1) returned 0x1 [0085.830] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0085.830] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0e8 | out: phkResult=0x12d0e8*=0x340) returned 0x0 [0085.831] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d06c, lpData=0x0, lpcbData=0x12d068*=0x0 | out: lpType=0x12d06c*=0x1, lpData=0x0, lpcbData=0x12d068*=0x56) returned 0x0 [0085.831] CoTaskMemAlloc (cb=0x5a) returned 0x1b722bc0 [0085.831] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d03c, lpData=0x1b722bc0, lpcbData=0x12d038*=0x56 | out: lpType=0x12d03c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d038*=0x56) returned 0x0 [0085.831] CoTaskMemFree (pv=0x1b722bc0) [0085.831] RegCloseKey (hKey=0x340) returned 0x0 [0085.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cd30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0085.831] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0x12cbe0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0085.846] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x6b996de0, Data2=0x5783, Data3=0x4870, Data4=([0]=0xbc, [1]=0x87, [2]=0x3, [3]=0x14, [4]=0x72, [5]=0x31, [6]=0xac, [7]=0x97))) returned 0x0 [0085.846] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xa2ea1543, Data2=0xd1f5, Data3=0x4bd4, Data4=([0]=0xba, [1]=0x22, [2]=0x4e, [3]=0x79, [4]=0xf4, [5]=0x89, [6]=0x88, [7]=0xc6))) returned 0x0 [0085.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.847] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.910] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.911] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x791f8fad, Data2=0x3fff, Data3=0x4d57, Data4=([0]=0xa9, [1]=0x93, [2]=0xd5, [3]=0xcf, [4]=0x13, [5]=0xe1, [6]=0x83, [7]=0xad))) returned 0x0 [0085.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.911] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.912] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.913] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.914] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.916] VirtualQuery (in: lpAddress=0x12b320, lpBuffer=0x12c1e0, dwLength=0x30 | out: lpBuffer=0x12c1e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.917] VirtualQuery (in: lpAddress=0x12b3b0, lpBuffer=0x12c270, dwLength=0x30 | out: lpBuffer=0x12c270*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.918] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.919] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.919] VirtualQuery (in: lpAddress=0x12bb30, lpBuffer=0x12c9f0, dwLength=0x30 | out: lpBuffer=0x12c9f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.921] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.921] VirtualQuery (in: lpAddress=0x12bb30, lpBuffer=0x12c9f0, dwLength=0x30 | out: lpBuffer=0x12c9f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.923] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.924] VirtualQuery (in: lpAddress=0x12bb30, lpBuffer=0x12c9f0, dwLength=0x30 | out: lpBuffer=0x12c9f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.925] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.925] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.927] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.927] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.928] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.929] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.929] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.930] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.930] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.930] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.932] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.932] VirtualQuery (in: lpAddress=0x12b760, lpBuffer=0x12c620, dwLength=0x30 | out: lpBuffer=0x12c620*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.933] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.934] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.934] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.935] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.935] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x403fd8e2, Data2=0x4971, Data3=0x476e, Data4=([0]=0x9a, [1]=0x8d, [2]=0x8a, [3]=0x34, [4]=0x93, [5]=0xef, [6]=0x69, [7]=0xbe))) returned 0x0 [0085.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.937] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.938] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.939] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.940] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.941] VirtualQuery (in: lpAddress=0x12bb30, lpBuffer=0x12c9f0, dwLength=0x30 | out: lpBuffer=0x12c9f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.941] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.942] VirtualQuery (in: lpAddress=0x12bb30, lpBuffer=0x12c9f0, dwLength=0x30 | out: lpBuffer=0x12c9f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.942] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.942] VirtualQuery (in: lpAddress=0x12bb30, lpBuffer=0x12c9f0, dwLength=0x30 | out: lpBuffer=0x12c9f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.943] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.944] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.945] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.945] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.945] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.946] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.946] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.946] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.947] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.947] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.948] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.948] VirtualQuery (in: lpAddress=0x12b760, lpBuffer=0x12c620, dwLength=0x30 | out: lpBuffer=0x12c620*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.948] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.949] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.949] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.950] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.950] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xf9a20b51, Data2=0x78f1, Data3=0x4432, Data4=([0]=0xa3, [1]=0x28, [2]=0x14, [3]=0x16, [4]=0x2b, [5]=0xd2, [6]=0x95, [7]=0x81))) returned 0x0 [0085.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.950] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.951] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.951] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xea9be060, Data2=0x7b93, Data3=0x4301, Data4=([0]=0xa0, [1]=0xa4, [2]=0x40, [3]=0xd4, [4]=0x86, [5]=0x71, [6]=0xfa, [7]=0x4b))) returned 0x0 [0085.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.952] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.953] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.954] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.954] VirtualQuery (in: lpAddress=0x12b190, lpBuffer=0x12c050, dwLength=0x30 | out: lpBuffer=0x12c050*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.955] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.955] VirtualQuery (in: lpAddress=0x12b190, lpBuffer=0x12c050, dwLength=0x30 | out: lpBuffer=0x12c050*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.955] VirtualQuery (in: lpAddress=0x12b220, lpBuffer=0x12c0e0, dwLength=0x30 | out: lpBuffer=0x12c0e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.956] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.956] VirtualQuery (in: lpAddress=0x12b190, lpBuffer=0x12c050, dwLength=0x30 | out: lpBuffer=0x12c050*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.956] VirtualQuery (in: lpAddress=0x12b220, lpBuffer=0x12c0e0, dwLength=0x30 | out: lpBuffer=0x12c0e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.957] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.957] VirtualQuery (in: lpAddress=0x12b190, lpBuffer=0x12c050, dwLength=0x30 | out: lpBuffer=0x12c050*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.958] VirtualQuery (in: lpAddress=0x12b220, lpBuffer=0x12c0e0, dwLength=0x30 | out: lpBuffer=0x12c0e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.958] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.958] VirtualQuery (in: lpAddress=0x12b190, lpBuffer=0x12c050, dwLength=0x30 | out: lpBuffer=0x12c050*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.958] VirtualQuery (in: lpAddress=0x12b220, lpBuffer=0x12c0e0, dwLength=0x30 | out: lpBuffer=0x12c0e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.959] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.960] VirtualQuery (in: lpAddress=0x12b190, lpBuffer=0x12c050, dwLength=0x30 | out: lpBuffer=0x12c050*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.960] VirtualQuery (in: lpAddress=0x12b220, lpBuffer=0x12c0e0, dwLength=0x30 | out: lpBuffer=0x12c0e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.960] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.961] VirtualQuery (in: lpAddress=0x12b190, lpBuffer=0x12c050, dwLength=0x30 | out: lpBuffer=0x12c050*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.961] VirtualQuery (in: lpAddress=0x12b220, lpBuffer=0x12c0e0, dwLength=0x30 | out: lpBuffer=0x12c0e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.961] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c620, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c490, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.962] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.963] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.963] VirtualQuery (in: lpAddress=0x12bc30, lpBuffer=0x12caf0, dwLength=0x30 | out: lpBuffer=0x12caf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.964] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.965] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.966] VirtualQuery (in: lpAddress=0x12bc30, lpBuffer=0x12caf0, dwLength=0x30 | out: lpBuffer=0x12caf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.966] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bea0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.967] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bdf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.968] VirtualQuery (in: lpAddress=0x12bc30, lpBuffer=0x12caf0, dwLength=0x30 | out: lpBuffer=0x12caf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.968] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c340, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.968] VirtualQuery (in: lpAddress=0x12bc30, lpBuffer=0x12caf0, dwLength=0x30 | out: lpBuffer=0x12caf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.969] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.969] VirtualQuery (in: lpAddress=0x12b320, lpBuffer=0x12c1e0, dwLength=0x30 | out: lpBuffer=0x12c1e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.969] VirtualQuery (in: lpAddress=0x12b3b0, lpBuffer=0x12c270, dwLength=0x30 | out: lpBuffer=0x12c270*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.970] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.970] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.971] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.971] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.971] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.971] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.972] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.972] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.972] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.972] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.973] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.973] VirtualQuery (in: lpAddress=0x12b760, lpBuffer=0x12c620, dwLength=0x30 | out: lpBuffer=0x12c620*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.973] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.974] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.974] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.974] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.975] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xc2012881, Data2=0x7e94, Data3=0x4193, Data4=([0]=0x9d, [1]=0x4b, [2]=0x62, [3]=0x3, [4]=0x4a, [5]=0x6b, [6]=0xd0, [7]=0x3c))) returned 0x0 [0085.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.975] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.978] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.978] VirtualQuery (in: lpAddress=0x12b320, lpBuffer=0x12c1e0, dwLength=0x30 | out: lpBuffer=0x12c1e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.979] VirtualQuery (in: lpAddress=0x12b3b0, lpBuffer=0x12c270, dwLength=0x30 | out: lpBuffer=0x12c270*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.979] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.979] VirtualQuery (in: lpAddress=0x12b5d0, lpBuffer=0x12c490, dwLength=0x30 | out: lpBuffer=0x12c490*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c480, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.980] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x1b7e252b, Data2=0xbacd, Data3=0x4006, Data4=([0]=0xa0, [1]=0x5e, [2]=0xc2, [3]=0xbe, [4]=0xc9, [5]=0xd1, [6]=0xb, [7]=0xe9))) returned 0x0 [0085.980] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.981] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.982] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x6fe4322b, Data2=0x8d8a, Data3=0x48d4, Data4=([0]=0xbc, [1]=0xe1, [2]=0x30, [3]=0x55, [4]=0xc9, [5]=0x96, [6]=0x8f, [7]=0x88))) returned 0x0 [0085.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.983] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xb86cb312, Data2=0x21d9, Data3=0x48af, Data4=([0]=0x96, [1]=0x30, [2]=0x60, [3]=0xf9, [4]=0x42, [5]=0x2c, [6]=0xd7, [7]=0xfe))) returned 0x0 [0085.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.983] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.984] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x4cf0cea8, Data2=0xee24, Data3=0x44b0, Data4=([0]=0x9e, [1]=0xb0, [2]=0xf0, [3]=0x46, [4]=0x8e, [5]=0x1c, [6]=0x61, [7]=0xfb))) returned 0x0 [0085.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.984] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.985] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.985] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xa2b05e73, Data2=0x873d, Data3=0x4938, Data4=([0]=0x84, [1]=0x74, [2]=0x54, [3]=0x15, [4]=0x2, [5]=0x8a, [6]=0x48, [7]=0xc2))) returned 0x0 [0085.985] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xed756650, Data2=0x8177, Data3=0x46f8, Data4=([0]=0xad, [1]=0x10, [2]=0xd3, [3]=0xfa, [4]=0xef, [5]=0x72, [6]=0x64, [7]=0xb2))) returned 0x0 [0085.986] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x4285243b, Data2=0x3317, Data3=0x4866, Data4=([0]=0x9f, [1]=0x97, [2]=0xc0, [3]=0xb5, [4]=0x7b, [5]=0xac, [6]=0xca, [7]=0xbf))) returned 0x0 [0085.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.986] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c700, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.987] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x47276d9d, Data2=0xf47, Data3=0x4e04, Data4=([0]=0xa7, [1]=0x49, [2]=0x75, [3]=0xc, [4]=0x21, [5]=0xc6, [6]=0xa8, [7]=0x78))) returned 0x0 [0085.987] VirtualQuery (in: lpAddress=0x12b190, lpBuffer=0x12c050, dwLength=0x30 | out: lpBuffer=0x12c050*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.987] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.988] VirtualQuery (in: lpAddress=0x12b190, lpBuffer=0x12c050, dwLength=0x30 | out: lpBuffer=0x12c050*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.988] VirtualQuery (in: lpAddress=0x12b220, lpBuffer=0x12c0e0, dwLength=0x30 | out: lpBuffer=0x12c0e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.988] VirtualQuery (in: lpAddress=0x12b190, lpBuffer=0x12c050, dwLength=0x30 | out: lpBuffer=0x12c050*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.989] VirtualQuery (in: lpAddress=0x12b220, lpBuffer=0x12c0e0, dwLength=0x30 | out: lpBuffer=0x12c0e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b950, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12b8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.989] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12bc60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0085.989] VirtualQuery (in: lpAddress=0x12b190, lpBuffer=0x12c050, dwLength=0x30 | out: lpBuffer=0x12c050*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.990] VirtualQuery (in: lpAddress=0x12b220, lpBuffer=0x12c0e0, dwLength=0x30 | out: lpBuffer=0x12c0e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.991] VirtualQuery (in: lpAddress=0x12b190, lpBuffer=0x12c050, dwLength=0x30 | out: lpBuffer=0x12c050*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.991] VirtualQuery (in: lpAddress=0x12b220, lpBuffer=0x12c0e0, dwLength=0x30 | out: lpBuffer=0x12c0e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.992] VirtualQuery (in: lpAddress=0x12b190, lpBuffer=0x12c050, dwLength=0x30 | out: lpBuffer=0x12c050*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.992] VirtualQuery (in: lpAddress=0x12b220, lpBuffer=0x12c0e0, dwLength=0x30 | out: lpBuffer=0x12c0e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.992] VirtualQuery (in: lpAddress=0x12b190, lpBuffer=0x12c050, dwLength=0x30 | out: lpBuffer=0x12c050*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.992] VirtualQuery (in: lpAddress=0x12b220, lpBuffer=0x12c0e0, dwLength=0x30 | out: lpBuffer=0x12c0e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.993] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.993] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.994] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.994] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.994] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.995] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.995] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.995] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x1765b710, Data2=0x33ed, Data3=0x4036, Data4=([0]=0xbb, [1]=0x62, [2]=0x9d, [3]=0x5, [4]=0xd9, [5]=0xf8, [6]=0xae, [7]=0x43))) returned 0x0 [0085.995] VirtualQuery (in: lpAddress=0x12baa0, lpBuffer=0x12c960, dwLength=0x30 | out: lpBuffer=0x12c960*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.996] VirtualQuery (in: lpAddress=0x12baa0, lpBuffer=0x12c960, dwLength=0x30 | out: lpBuffer=0x12c960*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.996] VirtualQuery (in: lpAddress=0x12bb30, lpBuffer=0x12c9f0, dwLength=0x30 | out: lpBuffer=0x12c9f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.996] VirtualQuery (in: lpAddress=0x12baa0, lpBuffer=0x12c960, dwLength=0x30 | out: lpBuffer=0x12c960*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.997] VirtualQuery (in: lpAddress=0x12bb30, lpBuffer=0x12c9f0, dwLength=0x30 | out: lpBuffer=0x12c9f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.997] VirtualQuery (in: lpAddress=0x12baa0, lpBuffer=0x12c960, dwLength=0x30 | out: lpBuffer=0x12c960*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.997] VirtualQuery (in: lpAddress=0x12bb30, lpBuffer=0x12c9f0, dwLength=0x30 | out: lpBuffer=0x12c9f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.998] VirtualQuery (in: lpAddress=0x12baa0, lpBuffer=0x12c960, dwLength=0x30 | out: lpBuffer=0x12c960*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.998] VirtualQuery (in: lpAddress=0x12bb30, lpBuffer=0x12c9f0, dwLength=0x30 | out: lpBuffer=0x12c9f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.998] VirtualQuery (in: lpAddress=0x12baa0, lpBuffer=0x12c960, dwLength=0x30 | out: lpBuffer=0x12c960*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.999] VirtualQuery (in: lpAddress=0x12bb30, lpBuffer=0x12c9f0, dwLength=0x30 | out: lpBuffer=0x12c9f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.999] VirtualQuery (in: lpAddress=0x12baa0, lpBuffer=0x12c960, dwLength=0x30 | out: lpBuffer=0x12c960*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.999] VirtualQuery (in: lpAddress=0x12bb30, lpBuffer=0x12c9f0, dwLength=0x30 | out: lpBuffer=0x12c9f0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0085.999] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.000] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.001] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.001] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.001] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.001] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.001] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.001] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xb566020e, Data2=0x7ec6, Data3=0x4476, Data4=([0]=0xbd, [1]=0x85, [2]=0x29, [3]=0xd8, [4]=0x8b, [5]=0xd2, [6]=0xa7, [7]=0xae))) returned 0x0 [0086.002] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.002] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.003] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.003] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.003] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.003] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.004] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.004] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.004] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.004] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.005] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.005] VirtualQuery (in: lpAddress=0x12b760, lpBuffer=0x12c620, dwLength=0x30 | out: lpBuffer=0x12c620*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.005] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.005] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.006] VirtualQuery (in: lpAddress=0x12ba90, lpBuffer=0x12c950, dwLength=0x30 | out: lpBuffer=0x12c950*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.006] VirtualQuery (in: lpAddress=0x12bb20, lpBuffer=0x12c9e0, dwLength=0x30 | out: lpBuffer=0x12c9e0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.006] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xcb7cf5f0, Data2=0xcb59, Data3=0x4e06, Data4=([0]=0x83, [1]=0x28, [2]=0x77, [3]=0x9f, [4]=0x17, [5]=0x4a, [6]=0x13, [7]=0x30))) returned 0x0 [0086.006] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x2c1806fe, Data2=0x5437, Data3=0x4caf, Data4=([0]=0xb2, [1]=0x4b, [2]=0x9b, [3]=0x18, [4]=0xd7, [5]=0x8e, [6]=0x33, [7]=0x5))) returned 0x0 [0086.007] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x766afa42, Data2=0x30d1, Data3=0x4905, Data4=([0]=0xbd, [1]=0x4c, [2]=0x6c, [3]=0xd3, [4]=0xd9, [5]=0x8d, [6]=0x71, [7]=0x90))) returned 0x0 [0086.007] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x9ec4a1ec, Data2=0xc7c6, Data3=0x4134, Data4=([0]=0xa7, [1]=0xf8, [2]=0x12, [3]=0x1a, [4]=0x60, [5]=0xb3, [6]=0x69, [7]=0x75))) returned 0x0 [0086.008] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x2798304d, Data2=0x8849, Data3=0x42ca, Data4=([0]=0xb2, [1]=0x7e, [2]=0xae, [3]=0x5c, [4]=0x28, [5]=0x8f, [6]=0xc1, [7]=0xa7))) returned 0x0 [0086.008] VirtualQuery (in: lpAddress=0x12b870, lpBuffer=0x12c730, dwLength=0x30 | out: lpBuffer=0x12c730*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.008] VirtualQuery (in: lpAddress=0x12b900, lpBuffer=0x12c7c0, dwLength=0x30 | out: lpBuffer=0x12c7c0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.009] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xc2d5af79, Data2=0xb867, Data3=0x4826, Data4=([0]=0xb3, [1]=0xbe, [2]=0xd9, [3]=0x6b, [4]=0x1d, [5]=0x88, [6]=0x6b, [7]=0x31))) returned 0x0 [0086.009] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xd69f391a, Data2=0x2a7f, Data3=0x4c9d, Data4=([0]=0xb5, [1]=0xd2, [2]=0x52, [3]=0x50, [4]=0xf9, [5]=0x70, [6]=0x9f, [7]=0xf3))) returned 0x0 [0086.009] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x26ff8eff, Data2=0x13bb, Data3=0x408d, Data4=([0]=0x84, [1]=0x38, [2]=0xf5, [3]=0x0, [4]=0x23, [5]=0x3b, [6]=0xba, [7]=0x35))) returned 0x0 [0086.010] SetErrorMode (uMode=0x1) returned 0x1 [0086.010] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x340 [0086.010] SetErrorMode (uMode=0x1) returned 0x1 [0086.010] GetFileType (hFile=0x340) returned 0x1 [0086.010] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.012] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.012] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.012] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.012] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.013] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.013] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.013] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.013] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.014] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.014] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.015] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.015] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.015] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.015] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.015] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.016] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.017] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.017] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.017] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.017] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.018] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0xe67, lpOverlapped=0x0) returned 1 [0086.018] ReadFile (in: hFile=0x340, lpBuffer=0x38f96d7, nNumberOfBytesToRead=0x199, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38f96d7*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0086.018] ReadFile (in: hFile=0x340, lpBuffer=0x38fa108, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x38fa108*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0086.018] SetErrorMode (uMode=0x1) returned 0x1 [0086.019] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d000 | out: lpFileInformation=0x12d000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e9dda3, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67e9dda3, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0086.019] SetErrorMode (uMode=0x1) returned 0x1 [0086.019] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0e8 | out: phkResult=0x12d0e8*=0x340) returned 0x0 [0086.019] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d06c, lpData=0x0, lpcbData=0x12d068*=0x0 | out: lpType=0x12d06c*=0x1, lpData=0x0, lpcbData=0x12d068*=0x56) returned 0x0 [0086.019] CoTaskMemAlloc (cb=0x5a) returned 0x1b722bc0 [0086.019] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d03c, lpData=0x1b722bc0, lpcbData=0x12d038*=0x56 | out: lpType=0x12d03c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d038*=0x56) returned 0x0 [0086.019] CoTaskMemFree (pv=0x1b722bc0) [0086.019] RegCloseKey (hKey=0x340) returned 0x0 [0086.027] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xbb0959dc, Data2=0xea32, Data3=0x4174, Data4=([0]=0x82, [1]=0xfe, [2]=0x37, [3]=0xa, [4]=0x98, [5]=0x95, [6]=0x7a, [7]=0xd4))) returned 0x0 [0086.027] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x9b53b79b, Data2=0x5050, Data3=0x44b4, Data4=([0]=0xa9, [1]=0x95, [2]=0xc, [3]=0x13, [4]=0xf3, [5]=0xc, [6]=0x85, [7]=0x5a))) returned 0x0 [0086.027] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x60f4f256, Data2=0xf41d, Data3=0x4bdd, Data4=([0]=0xb9, [1]=0x1, [2]=0xf5, [3]=0x91, [4]=0xc4, [5]=0x18, [6]=0xe1, [7]=0x2))) returned 0x0 [0086.027] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xcddb966b, Data2=0x3571, Data3=0x4979, Data4=([0]=0x8e, [1]=0xeb, [2]=0xe6, [3]=0xd9, [4]=0xf7, [5]=0x6f, [6]=0x64, [7]=0xe2))) returned 0x0 [0086.028] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x2c17bc1, Data2=0x2523, Data3=0x48c3, Data4=([0]=0x83, [1]=0x7e, [2]=0x25, [3]=0xb8, [4]=0x98, [5]=0x88, [6]=0x4b, [7]=0xc2))) returned 0x0 [0086.028] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x91ecde37, Data2=0xc4fa, Data3=0x47fc, Data4=([0]=0x8a, [1]=0xf0, [2]=0x28, [3]=0x18, [4]=0x69, [5]=0xeb, [6]=0x78, [7]=0xf4))) returned 0x0 [0086.028] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x39aa88f3, Data2=0x90a8, Data3=0x47e9, Data4=([0]=0xbd, [1]=0x61, [2]=0x36, [3]=0x43, [4]=0x65, [5]=0x4b, [6]=0x5b, [7]=0x43))) returned 0x0 [0086.028] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.029] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x925e5838, Data2=0xa884, Data3=0x4e03, Data4=([0]=0xa3, [1]=0xf4, [2]=0xa1, [3]=0x8, [4]=0x53, [5]=0xe0, [6]=0xb1, [7]=0x6c))) returned 0x0 [0086.029] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x2a285f2e, Data2=0x9568, Data3=0x4579, Data4=([0]=0x91, [1]=0x13, [2]=0x6d, [3]=0x6c, [4]=0xbc, [5]=0xde, [6]=0xdd, [7]=0xa3))) returned 0x0 [0086.029] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x505da75c, Data2=0x453e, Data3=0x4bc2, Data4=([0]=0x85, [1]=0x52, [2]=0x20, [3]=0xd4, [4]=0x21, [5]=0xeb, [6]=0x72, [7]=0x96))) returned 0x0 [0086.029] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x7058489e, Data2=0xdd95, Data3=0x4123, Data4=([0]=0xb0, [1]=0x1f, [2]=0x2, [3]=0x5a, [4]=0xa5, [5]=0xae, [6]=0xca, [7]=0x8b))) returned 0x0 [0086.029] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xfea17d51, Data2=0x59a0, Data3=0x4075, Data4=([0]=0xb8, [1]=0x2b, [2]=0xeb, [3]=0xee, [4]=0xd0, [5]=0xd5, [6]=0xb5, [7]=0x42))) returned 0x0 [0086.029] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xeb65df41, Data2=0x7ae0, Data3=0x4b0e, Data4=([0]=0xa0, [1]=0x7, [2]=0x52, [3]=0x50, [4]=0x4b, [5]=0xa9, [6]=0x99, [7]=0x93))) returned 0x0 [0086.030] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xcf8e72c6, Data2=0x740e, Data3=0x4aac, Data4=([0]=0xae, [1]=0x7e, [2]=0xf7, [3]=0xd, [4]=0x13, [5]=0xc2, [6]=0x3c, [7]=0x58))) returned 0x0 [0086.030] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x2a845923, Data2=0xbbe3, Data3=0x4d3e, Data4=([0]=0x8a, [1]=0x63, [2]=0x5c, [3]=0x1b, [4]=0x5b, [5]=0xf4, [6]=0xe8, [7]=0xc0))) returned 0x0 [0086.030] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xaab6b856, Data2=0x2a78, Data3=0x421e, Data4=([0]=0xb3, [1]=0x9b, [2]=0xfc, [3]=0x60, [4]=0xb0, [5]=0xa5, [6]=0x99, [7]=0xe9))) returned 0x0 [0086.030] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x47ec3b9, Data2=0xc4e6, Data3=0x4369, Data4=([0]=0xae, [1]=0x7, [2]=0x6d, [3]=0x2e, [4]=0x72, [5]=0xbc, [6]=0xf5, [7]=0x6))) returned 0x0 [0086.030] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xa15bc033, Data2=0x677a, Data3=0x4521, Data4=([0]=0xb1, [1]=0xeb, [2]=0x53, [3]=0xef, [4]=0x40, [5]=0x19, [6]=0x19, [7]=0xb2))) returned 0x0 [0086.031] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xaaea094b, Data2=0x9841, Data3=0x4731, Data4=([0]=0xa7, [1]=0x52, [2]=0x37, [3]=0x5, [4]=0xd9, [5]=0xd8, [6]=0x2c, [7]=0x67))) returned 0x0 [0086.031] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.031] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.031] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.032] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x4fabc399, Data2=0xa1e8, Data3=0x4428, Data4=([0]=0xae, [1]=0x6c, [2]=0xb1, [3]=0xe7, [4]=0x34, [5]=0x90, [6]=0xba, [7]=0x61))) returned 0x0 [0086.032] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x131bffd, Data2=0xa3f9, Data3=0x404a, Data4=([0]=0x8c, [1]=0xd2, [2]=0x4f, [3]=0x96, [4]=0x61, [5]=0x78, [6]=0x2a, [7]=0x76))) returned 0x0 [0086.032] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xf4db9758, Data2=0xf1da, Data3=0x4d6d, Data4=([0]=0x8b, [1]=0x4e, [2]=0x6b, [3]=0xec, [4]=0x51, [5]=0x3, [6]=0x19, [7]=0x21))) returned 0x0 [0086.032] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xcaca55c2, Data2=0x1fad, Data3=0x4f45, Data4=([0]=0x81, [1]=0x78, [2]=0xb0, [3]=0x70, [4]=0x6e, [5]=0xb3, [6]=0x51, [7]=0xf3))) returned 0x0 [0086.033] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x4528f589, Data2=0x624c, Data3=0x4b32, Data4=([0]=0x9c, [1]=0x4f, [2]=0x4, [3]=0x8b, [4]=0x74, [5]=0x11, [6]=0x59, [7]=0x4e))) returned 0x0 [0086.033] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x2c763db9, Data2=0xa8e8, Data3=0x4b2a, Data4=([0]=0xa0, [1]=0x3f, [2]=0xba, [3]=0xf1, [4]=0x7d, [5]=0x26, [6]=0x35, [7]=0x21))) returned 0x0 [0086.033] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xa0a1d399, Data2=0x981b, Data3=0x4f0c, Data4=([0]=0x95, [1]=0xb2, [2]=0x8f, [3]=0xac, [4]=0xf3, [5]=0x57, [6]=0xed, [7]=0x8c))) returned 0x0 [0086.033] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xab5af9b2, Data2=0xa24, Data3=0x4f5d, Data4=([0]=0x82, [1]=0x4c, [2]=0x65, [3]=0x51, [4]=0x72, [5]=0x68, [6]=0xb9, [7]=0xb5))) returned 0x0 [0086.033] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x979b1931, Data2=0x8e6d, Data3=0x494f, Data4=([0]=0x80, [1]=0xe0, [2]=0x38, [3]=0x26, [4]=0xcc, [5]=0xa1, [6]=0x5f, [7]=0xaa))) returned 0x0 [0086.034] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xab6db531, Data2=0xfb, Data3=0x4881, Data4=([0]=0x83, [1]=0xf8, [2]=0xef, [3]=0x91, [4]=0xad, [5]=0x1d, [6]=0x7a, [7]=0xdc))) returned 0x0 [0086.034] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xc1e5afce, Data2=0x224c, Data3=0x4f0b, Data4=([0]=0x85, [1]=0x83, [2]=0x39, [3]=0x4c, [4]=0x48, [5]=0xb3, [6]=0x70, [7]=0x72))) returned 0x0 [0086.034] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x38ba1926, Data2=0x9093, Data3=0x45d2, Data4=([0]=0xbc, [1]=0x3d, [2]=0x88, [3]=0xf2, [4]=0xc8, [5]=0xc1, [6]=0x72, [7]=0xbd))) returned 0x0 [0086.034] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x9a0526f1, Data2=0x91ee, Data3=0x4fb4, Data4=([0]=0x95, [1]=0x67, [2]=0x7b, [3]=0x76, [4]=0xd9, [5]=0x5a, [6]=0xd, [7]=0x99))) returned 0x0 [0086.034] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.034] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x4b42636a, Data2=0xbb68, Data3=0x4ad8, Data4=([0]=0xb7, [1]=0x8b, [2]=0x42, [3]=0x97, [4]=0x61, [5]=0x69, [6]=0xa3, [7]=0xd6))) returned 0x0 [0086.035] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.037] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.040] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x45d41990, Data2=0x393a, Data3=0x469a, Data4=([0]=0x98, [1]=0x79, [2]=0x2b, [3]=0xe1, [4]=0xe1, [5]=0x2a, [6]=0xa5, [7]=0xaa))) returned 0x0 [0086.040] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.040] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xc70eeeb9, Data2=0x2508, Data3=0x4ffd, Data4=([0]=0x8b, [1]=0xb1, [2]=0x31, [3]=0x69, [4]=0x99, [5]=0x84, [6]=0xc2, [7]=0xc7))) returned 0x0 [0086.040] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x6669c66e, Data2=0xd31, Data3=0x4e6d, Data4=([0]=0xae, [1]=0x47, [2]=0xdd, [3]=0xbe, [4]=0x30, [5]=0x7a, [6]=0x9e, [7]=0x92))) returned 0x0 [0086.041] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x409adcf4, Data2=0xe7ac, Data3=0x452b, Data4=([0]=0x85, [1]=0xbf, [2]=0xbb, [3]=0x60, [4]=0x70, [5]=0x25, [6]=0xa2, [7]=0x8))) returned 0x0 [0086.041] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xc8d9a9cc, Data2=0xa37f, Data3=0x452f, Data4=([0]=0xb8, [1]=0x3c, [2]=0x38, [3]=0x88, [4]=0x61, [5]=0x82, [6]=0x9e, [7]=0xa))) returned 0x0 [0086.041] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x752236d8, Data2=0x4f98, Data3=0x49d2, Data4=([0]=0x97, [1]=0x94, [2]=0xad, [3]=0x97, [4]=0x25, [5]=0x71, [6]=0x33, [7]=0xb3))) returned 0x0 [0086.041] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x78e0246, Data2=0x4572, Data3=0x40c9, Data4=([0]=0xb5, [1]=0xf7, [2]=0x95, [3]=0xd8, [4]=0x2, [5]=0x72, [6]=0x1, [7]=0x6d))) returned 0x0 [0086.042] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x8b7a3ab5, Data2=0x92e1, Data3=0x450b, Data4=([0]=0x82, [1]=0x66, [2]=0x5c, [3]=0x41, [4]=0x85, [5]=0x55, [6]=0x10, [7]=0x6c))) returned 0x0 [0086.042] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.042] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xd2352743, Data2=0xded8, Data3=0x44c8, Data4=([0]=0xbc, [1]=0x59, [2]=0x96, [3]=0xc0, [4]=0xb2, [5]=0x57, [6]=0xdd, [7]=0x66))) returned 0x0 [0086.043] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xed7ea5ff, Data2=0x3608, Data3=0x4503, Data4=([0]=0x80, [1]=0x3a, [2]=0x7a, [3]=0x7e, [4]=0x24, [5]=0xb7, [6]=0x58, [7]=0x7b))) returned 0x0 [0086.043] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xec2d966b, Data2=0xca8b, Data3=0x4a18, Data4=([0]=0xa7, [1]=0x95, [2]=0xd7, [3]=0x33, [4]=0x9d, [5]=0x69, [6]=0x2b, [7]=0xbb))) returned 0x0 [0086.043] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xb3346ddf, Data2=0x400d, Data3=0x47ac, Data4=([0]=0xa0, [1]=0xd8, [2]=0xd0, [3]=0x12, [4]=0x9c, [5]=0xc3, [6]=0x90, [7]=0x1c))) returned 0x0 [0086.043] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xc04201d5, Data2=0xf539, Data3=0x4d39, Data4=([0]=0x85, [1]=0x64, [2]=0x6a, [3]=0xbd, [4]=0x49, [5]=0x8e, [6]=0xd7, [7]=0x2d))) returned 0x0 [0086.043] VirtualQuery (in: lpAddress=0x12bcc0, lpBuffer=0x12cb80, dwLength=0x30 | out: lpBuffer=0x12cb80*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.044] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x76a83729, Data2=0xc42b, Data3=0x4bfd, Data4=([0]=0xbf, [1]=0xa4, [2]=0x3, [3]=0xad, [4]=0xe6, [5]=0x44, [6]=0xb, [7]=0x2f))) returned 0x0 [0086.044] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x6d552b6f, Data2=0x30c4, Data3=0x4d4a, Data4=([0]=0x82, [1]=0x6e, [2]=0xce, [3]=0xc7, [4]=0xdb, [5]=0xae, [6]=0x17, [7]=0x54))) returned 0x0 [0086.044] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.044] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.045] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.045] VirtualQuery (in: lpAddress=0x12bd30, lpBuffer=0x12cbf0, dwLength=0x30 | out: lpBuffer=0x12cbf0*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.045] SetErrorMode (uMode=0x1) returned 0x1 [0086.045] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x340 [0086.045] SetErrorMode (uMode=0x1) returned 0x1 [0086.045] GetFileType (hFile=0x340) returned 0x1 [0086.046] ReadFile (in: hFile=0x340, lpBuffer=0x3a580a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3a580a0*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.047] ReadFile (in: hFile=0x340, lpBuffer=0x3a580a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3a580a0*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.047] ReadFile (in: hFile=0x340, lpBuffer=0x3a580a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3a580a0*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.047] ReadFile (in: hFile=0x340, lpBuffer=0x3a580a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3a580a0*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.048] ReadFile (in: hFile=0x340, lpBuffer=0x3a580a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3a580a0*, lpNumberOfBytesRead=0x12d058*=0x8b4, lpOverlapped=0x0) returned 1 [0086.048] ReadFile (in: hFile=0x340, lpBuffer=0x3a574bc, nNumberOfBytesToRead=0x34c, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3a574bc*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0086.048] ReadFile (in: hFile=0x340, lpBuffer=0x3a580a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3a580a0*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0086.048] SetErrorMode (uMode=0x1) returned 0x1 [0086.049] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d000 | out: lpFileInformation=0x12d000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe601915b, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0086.049] SetErrorMode (uMode=0x1) returned 0x1 [0086.049] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0e8 | out: phkResult=0x12d0e8*=0x340) returned 0x0 [0086.049] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d06c, lpData=0x0, lpcbData=0x12d068*=0x0 | out: lpType=0x12d06c*=0x1, lpData=0x0, lpcbData=0x12d068*=0x56) returned 0x0 [0086.049] CoTaskMemAlloc (cb=0x5a) returned 0x1b722bc0 [0086.049] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d03c, lpData=0x1b722bc0, lpcbData=0x12d038*=0x56 | out: lpType=0x12d03c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d038*=0x56) returned 0x0 [0086.049] CoTaskMemFree (pv=0x1b722bc0) [0086.049] RegCloseKey (hKey=0x340) returned 0x0 [0086.050] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xbf794413, Data2=0x1aae, Data3=0x474c, Data4=([0]=0x82, [1]=0x94, [2]=0xb1, [3]=0x8e, [4]=0x1a, [5]=0x2a, [6]=0xe4, [7]=0x91))) returned 0x0 [0086.051] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x7759f433, Data2=0x362f, Data3=0x4193, Data4=([0]=0xbf, [1]=0xf8, [2]=0xec, [3]=0xa5, [4]=0x31, [5]=0x4d, [6]=0xfc, [7]=0x24))) returned 0x0 [0086.051] SetErrorMode (uMode=0x1) returned 0x1 [0086.051] CreateFileW (lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x340 [0086.051] SetErrorMode (uMode=0x1) returned 0x1 [0086.051] GetFileType (hFile=0x340) returned 0x1 [0086.052] ReadFile (in: hFile=0x340, lpBuffer=0x3a95e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3a95e88*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.054] ReadFile (in: hFile=0x340, lpBuffer=0x3a95e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3a95e88*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.054] ReadFile (in: hFile=0x340, lpBuffer=0x3a95e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3a95e88*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.054] ReadFile (in: hFile=0x340, lpBuffer=0x3a95e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3a95e88*, lpNumberOfBytesRead=0x12d058*=0x1000, lpOverlapped=0x0) returned 1 [0086.055] ReadFile (in: hFile=0x340, lpBuffer=0x3a95e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3a95e88*, lpNumberOfBytesRead=0x12d058*=0xe98, lpOverlapped=0x0) returned 1 [0086.055] ReadFile (in: hFile=0x340, lpBuffer=0x3a95488, nNumberOfBytesToRead=0x168, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3a95488*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0086.055] ReadFile (in: hFile=0x340, lpBuffer=0x3a95e88, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x12d058, lpOverlapped=0x0 | out: lpBuffer=0x3a95e88*, lpNumberOfBytesRead=0x12d058*=0x0, lpOverlapped=0x0) returned 1 [0086.055] SetErrorMode (uMode=0x1) returned 0x1 [0086.055] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x12d000 | out: lpFileInformation=0x12d000*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67eea05d, ftCreationTime.dwHighDateTime=0x1ca03f8, ftLastAccessTime.dwLowDateTime=0x67eea05d, ftLastAccessTime.dwHighDateTime=0x1ca03f8, ftLastWriteTime.dwLowDateTime=0xe603f2b9, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0086.055] SetErrorMode (uMode=0x1) returned 0x1 [0086.056] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d0e8 | out: phkResult=0x12d0e8*=0x340) returned 0x0 [0086.056] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d06c, lpData=0x0, lpcbData=0x12d068*=0x0 | out: lpType=0x12d06c*=0x1, lpData=0x0, lpcbData=0x12d068*=0x56) returned 0x0 [0086.056] CoTaskMemAlloc (cb=0x5a) returned 0x1b722bc0 [0086.056] RegQueryValueExW (in: hKey=0x340, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d03c, lpData=0x1b722bc0, lpcbData=0x12d038*=0x56 | out: lpType=0x12d03c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d038*=0x56) returned 0x0 [0086.056] CoTaskMemFree (pv=0x1b722bc0) [0086.056] RegCloseKey (hKey=0x340) returned 0x0 [0086.057] VirtualQuery (in: lpAddress=0x12bb80, lpBuffer=0x12ca40, dwLength=0x30 | out: lpBuffer=0x12ca40*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0086.057] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0xd49233ea, Data2=0xaae6, Data3=0x44b5, Data4=([0]=0x84, [1]=0xd7, [2]=0xef, [3]=0xa9, [4]=0xc9, [5]=0xc8, [6]=0x69, [7]=0x53))) returned 0x0 [0086.058] CoCreateGuid (in: pguid=0x12d310 | out: pguid=0x12d310*(Data1=0x1255af9a, Data2=0x2d33, Data3=0x4c2e, Data4=([0]=0xb9, [1]=0x1a, [2]=0x4e, [3]=0x2d, [4]=0x12, [5]=0x87, [6]=0xe6, [7]=0x81))) returned 0x0 [0086.082] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0086.083] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0086.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0086.094] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0086.113] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0086.114] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0086.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0086.130] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0086.141] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0086.142] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0086.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0086.192] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0086.208] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0086.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12d0b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0086.284] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0086.285] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0086.285] CoTaskMemFree (pv=0x2b95c0) [0086.286] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0086.286] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0086.286] CoTaskMemFree (pv=0x2b95c0) [0086.288] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0086.288] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0086.288] CoTaskMemFree (pv=0x2b95c0) [0086.290] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0086.290] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0086.290] CoTaskMemFree (pv=0x2b95c0) [0086.300] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0086.300] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0086.301] CoTaskMemFree (pv=0x2b95c0) [0086.303] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0086.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0086.303] CoTaskMemFree (pv=0x2b95c0) [0086.303] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0086.303] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0086.303] CoTaskMemFree (pv=0x2b95c0) [0086.311] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2f8 | out: phkResult=0x12d2f8*=0x340) returned 0x0 [0086.317] RegQueryInfoKeyW (in: hKey=0x340, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d1fc, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d1f8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d1fc*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d1f8*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.317] CoTaskMemFree (pv=0x0) [0086.318] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.318] RegEnumValueW (in: hKey=0x340, dwIndex=0x0, lpValueName=0x242960, lpcchValueName=0x12d2a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d2a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0086.318] CoTaskMemFree (pv=0x242960) [0086.318] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.318] RegEnumValueW (in: hKey=0x340, dwIndex=0x1, lpValueName=0x242960, lpcchValueName=0x12d2a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d2a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0086.318] CoTaskMemFree (pv=0x242960) [0086.318] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.318] RegEnumValueW (in: hKey=0x340, dwIndex=0x2, lpValueName=0x242960, lpcchValueName=0x12d2a8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d2a8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0086.318] CoTaskMemFree (pv=0x242960) [0086.320] RegQueryValueExW (in: hKey=0x340, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d28c, lpData=0x0, lpcbData=0x12d288*=0x0 | out: lpType=0x12d28c*=0x1, lpData=0x0, lpcbData=0x12d288*=0x8) returned 0x0 [0086.320] CoTaskMemAlloc (cb=0xc) returned 0x1b723f80 [0086.320] RegQueryValueExW (in: hKey=0x340, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d25c, lpData=0x1b723f80, lpcbData=0x12d258*=0x8 | out: lpType=0x12d25c*=0x1, lpData="2.0", lpcbData=0x12d258*=0x8) returned 0x0 [0086.320] CoTaskMemFree (pv=0x1b723f80) [0086.407] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d248 | out: phkResult=0x12d248*=0x314) returned 0x0 [0086.408] RegQueryInfoKeyW (in: hKey=0x314, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d14c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d148, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d14c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d148*=0x3, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.408] CoTaskMemFree (pv=0x0) [0086.408] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.408] RegEnumValueW (in: hKey=0x314, dwIndex=0x0, lpValueName=0x242960, lpcchValueName=0x12d1f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0x12d1f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0086.408] CoTaskMemFree (pv=0x242960) [0086.408] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.408] RegEnumValueW (in: hKey=0x314, dwIndex=0x1, lpValueName=0x242960, lpcchValueName=0x12d1f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0x12d1f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0086.408] CoTaskMemFree (pv=0x242960) [0086.408] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.408] RegEnumValueW (in: hKey=0x314, dwIndex=0x2, lpValueName=0x242960, lpcchValueName=0x12d1f8, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="UpdatedConfig", lpcchValueName=0x12d1f8, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0086.408] CoTaskMemFree (pv=0x242960) [0086.408] RegQueryValueExW (in: hKey=0x314, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d1dc, lpData=0x0, lpcbData=0x12d1d8*=0x0 | out: lpType=0x12d1dc*=0x1, lpData=0x0, lpcbData=0x12d1d8*=0x8) returned 0x0 [0086.408] CoTaskMemAlloc (cb=0xc) returned 0x1b723de0 [0086.408] RegQueryValueExW (in: hKey=0x314, lpValueName="StackVersion", lpReserved=0x0, lpType=0x12d1ac, lpData=0x1b723de0, lpcbData=0x12d1a8*=0x8 | out: lpType=0x12d1ac*=0x1, lpData="2.0", lpcbData=0x12d1a8*=0x8) returned 0x0 [0086.408] CoTaskMemFree (pv=0x1b723de0) [0086.410] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0086.410] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0086.410] CoTaskMemFree (pv=0x2b95c0) [0086.416] CoTaskMemAlloc (cb=0x104) returned 0x2b95c0 [0086.416] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b95c0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0086.417] CoTaskMemFree (pv=0x2b95c0) [0086.424] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d278 | out: phkResult=0x12d278*=0x318) returned 0x0 [0086.428] RegQueryInfoKeyW (in: hKey=0x318, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d1ec, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d1e8, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d1ec*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d1e8*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.428] CoTaskMemFree (pv=0x0) [0086.429] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.429] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x0, lpName=0x242960, lpcchName=0x12d278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.429] CoTaskMemFree (pv=0x242960) [0086.429] CoTaskMemFree (pv=0x0) [0086.429] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.429] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x1, lpName=0x242960, lpcchName=0x12d278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.429] CoTaskMemFree (pv=0x242960) [0086.429] CoTaskMemFree (pv=0x0) [0086.429] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.429] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x2, lpName=0x242960, lpcchName=0x12d278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.430] CoTaskMemFree (pv=0x242960) [0086.430] CoTaskMemFree (pv=0x0) [0086.430] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.430] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x3, lpName=0x242960, lpcchName=0x12d278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.430] CoTaskMemFree (pv=0x242960) [0086.430] CoTaskMemFree (pv=0x0) [0086.430] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.430] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x4, lpName=0x242960, lpcchName=0x12d278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.430] CoTaskMemFree (pv=0x242960) [0086.430] CoTaskMemFree (pv=0x0) [0086.430] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.430] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x5, lpName=0x242960, lpcchName=0x12d278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.430] CoTaskMemFree (pv=0x242960) [0086.430] CoTaskMemFree (pv=0x0) [0086.430] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.430] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x6, lpName=0x242960, lpcchName=0x12d278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.430] CoTaskMemFree (pv=0x242960) [0086.430] CoTaskMemFree (pv=0x0) [0086.430] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.430] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x7, lpName=0x242960, lpcchName=0x12d278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.430] CoTaskMemFree (pv=0x242960) [0086.431] CoTaskMemFree (pv=0x0) [0086.431] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.431] RegEnumKeyExW (in: hKey=0x318, dwIndex=0x8, lpName=0x242960, lpcchName=0x12d278, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d278, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.431] CoTaskMemFree (pv=0x242960) [0086.431] CoTaskMemFree (pv=0x0) [0086.431] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x31c) returned 0x0 [0086.431] RegOpenKeyExW (in: hKey=0x31c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x0) returned 0x2 [0086.431] RegOpenKeyExW (in: hKey=0x318, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x330) returned 0x0 [0086.431] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x0) returned 0x2 [0086.431] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x348) returned 0x0 [0086.431] RegOpenKeyExW (in: hKey=0x348, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x0) returned 0x2 [0086.432] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x34c) returned 0x0 [0086.432] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x0) returned 0x2 [0086.432] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x350) returned 0x0 [0086.432] RegOpenKeyExW (in: hKey=0x350, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x0) returned 0x2 [0086.432] RegOpenKeyExW (in: hKey=0x318, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x354) returned 0x0 [0086.432] RegOpenKeyExW (in: hKey=0x354, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x0) returned 0x2 [0086.432] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x358) returned 0x0 [0086.432] RegOpenKeyExW (in: hKey=0x358, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x0) returned 0x2 [0086.433] RegOpenKeyExW (in: hKey=0x318, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x35c) returned 0x0 [0086.433] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x0) returned 0x2 [0086.433] RegOpenKeyExW (in: hKey=0x318, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x360) returned 0x0 [0086.433] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d2d8 | out: phkResult=0x12d2d8*=0x364) returned 0x0 [0086.433] RegCloseKey (hKey=0x364) returned 0x0 [0086.433] RegCloseKey (hKey=0x318) returned 0x0 [0086.434] RegCloseKey (hKey=0x360) returned 0x0 [0086.571] CoTaskMemAlloc (cb=0x804) returned 0x1b72cfa0 [0086.571] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b72cfa0, nSize=0x12d4e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d4e8) returned 0x1 [0086.573] CoTaskMemFree (pv=0x1b72cfa0) [0086.574] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.574] GetUserNameW (in: lpBuffer=0x242960, pcbBuffer=0x12d528 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d528) returned 1 [0086.575] CoTaskMemFree (pv=0x242960) [0086.673] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d228 | out: phkResult=0x12d228*=0x368) returned 0x0 [0086.674] RegQueryInfoKeyW (in: hKey=0x368, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d19c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d198, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d19c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d198*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.674] CoTaskMemFree (pv=0x0) [0086.674] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.674] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x0, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.674] CoTaskMemFree (pv=0x242960) [0086.674] CoTaskMemFree (pv=0x0) [0086.674] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.674] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x1, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.674] CoTaskMemFree (pv=0x242960) [0086.674] CoTaskMemFree (pv=0x0) [0086.674] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.674] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x2, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.674] CoTaskMemFree (pv=0x242960) [0086.674] CoTaskMemFree (pv=0x0) [0086.674] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.674] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x3, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.674] CoTaskMemFree (pv=0x242960) [0086.674] CoTaskMemFree (pv=0x0) [0086.674] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.674] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x4, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.675] CoTaskMemFree (pv=0x242960) [0086.675] CoTaskMemFree (pv=0x0) [0086.675] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.675] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x5, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.675] CoTaskMemFree (pv=0x242960) [0086.675] CoTaskMemFree (pv=0x0) [0086.675] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.675] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x6, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.675] CoTaskMemFree (pv=0x242960) [0086.675] CoTaskMemFree (pv=0x0) [0086.675] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.675] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x7, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.675] CoTaskMemFree (pv=0x242960) [0086.675] CoTaskMemFree (pv=0x0) [0086.675] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.675] RegEnumKeyExW (in: hKey=0x368, dwIndex=0x8, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.675] CoTaskMemFree (pv=0x242960) [0086.675] CoTaskMemFree (pv=0x0) [0086.675] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x36c) returned 0x0 [0086.676] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x0) returned 0x2 [0086.676] RegOpenKeyExW (in: hKey=0x368, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x370) returned 0x0 [0086.676] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x0) returned 0x2 [0086.676] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x374) returned 0x0 [0086.676] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x0) returned 0x2 [0086.676] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x378) returned 0x0 [0086.677] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x0) returned 0x2 [0086.677] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x37c) returned 0x0 [0086.677] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x0) returned 0x2 [0086.677] RegOpenKeyExW (in: hKey=0x368, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x380) returned 0x0 [0086.678] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x0) returned 0x2 [0086.678] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x384) returned 0x0 [0086.678] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x0) returned 0x2 [0086.678] RegOpenKeyExW (in: hKey=0x368, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x388) returned 0x0 [0086.678] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x0) returned 0x2 [0086.678] RegOpenKeyExW (in: hKey=0x368, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x38c) returned 0x0 [0086.678] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x390) returned 0x0 [0086.679] RegCloseKey (hKey=0x390) returned 0x0 [0086.679] RegCloseKey (hKey=0x368) returned 0x0 [0086.679] RegCloseKey (hKey=0x38c) returned 0x0 [0086.681] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d228 | out: phkResult=0x12d228*=0x38c) returned 0x0 [0086.681] RegQueryInfoKeyW (in: hKey=0x38c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d19c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d198, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d19c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d198*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.681] CoTaskMemFree (pv=0x0) [0086.681] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.681] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x0, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.681] CoTaskMemFree (pv=0x242960) [0086.681] CoTaskMemFree (pv=0x0) [0086.681] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.681] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x1, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.681] CoTaskMemFree (pv=0x242960) [0086.681] CoTaskMemFree (pv=0x0) [0086.681] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.681] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x2, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.681] CoTaskMemFree (pv=0x242960) [0086.681] CoTaskMemFree (pv=0x0) [0086.681] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.681] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x3, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.681] CoTaskMemFree (pv=0x242960) [0086.681] CoTaskMemFree (pv=0x0) [0086.682] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.682] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x4, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.682] CoTaskMemFree (pv=0x242960) [0086.682] CoTaskMemFree (pv=0x0) [0086.682] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.682] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x5, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.682] CoTaskMemFree (pv=0x242960) [0086.682] CoTaskMemFree (pv=0x0) [0086.682] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.682] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x6, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.682] CoTaskMemFree (pv=0x242960) [0086.682] CoTaskMemFree (pv=0x0) [0086.682] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.682] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x7, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.682] CoTaskMemFree (pv=0x242960) [0086.682] CoTaskMemFree (pv=0x0) [0086.682] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.682] RegEnumKeyExW (in: hKey=0x38c, dwIndex=0x8, lpName=0x242960, lpcchName=0x12d228, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d228, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.682] CoTaskMemFree (pv=0x242960) [0086.682] CoTaskMemFree (pv=0x0) [0086.682] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x368) returned 0x0 [0086.682] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x0) returned 0x2 [0086.683] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x390) returned 0x0 [0086.683] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x0) returned 0x2 [0086.683] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x394) returned 0x0 [0086.683] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x0) returned 0x2 [0086.683] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x398) returned 0x0 [0086.684] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x0) returned 0x2 [0086.684] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x39c) returned 0x0 [0086.684] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x0) returned 0x2 [0086.684] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x3a0) returned 0x0 [0086.684] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x0) returned 0x2 [0086.684] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x3a4) returned 0x0 [0086.684] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x0) returned 0x2 [0086.685] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x3a8) returned 0x0 [0086.685] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x0) returned 0x2 [0086.685] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x3ac) returned 0x0 [0086.685] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d288 | out: phkResult=0x12d288*=0x3b0) returned 0x0 [0086.685] RegCloseKey (hKey=0x3b0) returned 0x0 [0086.685] RegCloseKey (hKey=0x38c) returned 0x0 [0086.685] RegCloseKey (hKey=0x3ac) returned 0x0 [0086.687] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d1f8 | out: phkResult=0x12d1f8*=0x3ac) returned 0x0 [0086.687] RegQueryInfoKeyW (in: hKey=0x3ac, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x12d16c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d168, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x12d16c*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x12d168*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.687] CoTaskMemFree (pv=0x0) [0086.687] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.687] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x0, lpName=0x242960, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.687] CoTaskMemFree (pv=0x242960) [0086.687] CoTaskMemFree (pv=0x0) [0086.687] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.687] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x1, lpName=0x242960, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.687] CoTaskMemFree (pv=0x242960) [0086.687] CoTaskMemFree (pv=0x0) [0086.687] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.687] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x2, lpName=0x242960, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.688] CoTaskMemFree (pv=0x242960) [0086.688] CoTaskMemFree (pv=0x0) [0086.688] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.688] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x3, lpName=0x242960, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.688] CoTaskMemFree (pv=0x242960) [0086.688] CoTaskMemFree (pv=0x0) [0086.688] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.688] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x4, lpName=0x242960, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.688] CoTaskMemFree (pv=0x242960) [0086.688] CoTaskMemFree (pv=0x0) [0086.688] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.688] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x5, lpName=0x242960, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.688] CoTaskMemFree (pv=0x242960) [0086.688] CoTaskMemFree (pv=0x0) [0086.688] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.688] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x6, lpName=0x242960, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.688] CoTaskMemFree (pv=0x242960) [0086.688] CoTaskMemFree (pv=0x0) [0086.688] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.688] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x7, lpName=0x242960, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.688] CoTaskMemFree (pv=0x242960) [0086.688] CoTaskMemFree (pv=0x0) [0086.688] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.688] RegEnumKeyExW (in: hKey=0x3ac, dwIndex=0x8, lpName=0x242960, lpcchName=0x12d1f8, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0x12d1f8, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0086.689] CoTaskMemFree (pv=0x242960) [0086.689] CoTaskMemFree (pv=0x0) [0086.689] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x38c) returned 0x0 [0086.689] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x0) returned 0x2 [0086.689] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x3b0) returned 0x0 [0086.689] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x0) returned 0x2 [0086.689] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x3b4) returned 0x0 [0086.689] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x0) returned 0x2 [0086.689] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x3b8) returned 0x0 [0086.690] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x0) returned 0x2 [0086.690] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x3bc) returned 0x0 [0086.690] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x0) returned 0x2 [0086.690] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x3c0) returned 0x0 [0086.690] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x0) returned 0x2 [0086.690] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x3c4) returned 0x0 [0086.691] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x0) returned 0x2 [0086.691] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x3c8) returned 0x0 [0086.691] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x0) returned 0x2 [0086.691] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x3cc) returned 0x0 [0086.691] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d258 | out: phkResult=0x12d258*=0x3d0) returned 0x0 [0086.691] RegCloseKey (hKey=0x3d0) returned 0x0 [0086.691] RegCloseKey (hKey=0x3ac) returned 0x0 [0086.692] RegCloseKey (hKey=0x3cc) returned 0x0 [0086.699] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x1b820008 [0086.705] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3b5c798*="WSMan", lpRawData=0x3b5c508) returned 1 [0086.716] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0086.716] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0086.716] CoTaskMemFree (pv=0x2b96d0) [0086.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0086.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0086.718] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0086.719] CoTaskMemAlloc (cb=0x804) returned 0x1b72d430 [0086.719] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b72d430, nSize=0x12d4e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d4e8) returned 0x1 [0086.719] CoTaskMemFree (pv=0x1b72d430) [0086.719] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.719] GetUserNameW (in: lpBuffer=0x242960, pcbBuffer=0x12d528 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d528) returned 1 [0086.720] CoTaskMemFree (pv=0x242960) [0086.721] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3b61cd0*="Alias", lpRawData=0x3b61a60) returned 1 [0086.722] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0086.722] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0086.722] CoTaskMemFree (pv=0x2b96d0) [0086.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0086.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0086.724] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0086.725] CoTaskMemAlloc (cb=0x804) returned 0x1b72d430 [0086.725] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b72d430, nSize=0x12d4e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d4e8) returned 0x1 [0086.726] CoTaskMemFree (pv=0x1b72d430) [0086.726] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.726] GetUserNameW (in: lpBuffer=0x242960, pcbBuffer=0x12d528 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d528) returned 1 [0086.726] CoTaskMemFree (pv=0x242960) [0086.727] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3b672c8*="Environment", lpRawData=0x3b67058) returned 1 [0086.728] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0086.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0086.729] CoTaskMemFree (pv=0x2b96d0) [0086.730] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0086.730] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0086.730] CoTaskMemFree (pv=0x2b96d0) [0086.730] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0086.730] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b [0086.730] CoTaskMemFree (pv=0x2b96d0) [0086.731] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x12d090, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0086.731] SetErrorMode (uMode=0x1) returned 0x1 [0086.731] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x12d2a0 | out: lpFileInformation=0x12d2a0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0086.731] SetErrorMode (uMode=0x1) returned 0x1 [0086.733] GetLogicalDrives () returned 0x4 [0086.734] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12ce00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0086.735] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0086.735] SetErrorMode (uMode=0x1) returned 0x1 [0086.736] CoTaskMemAlloc (cb=0x68) returned 0x1b723020 [0086.736] CoTaskMemAlloc (cb=0x68) returned 0x1b723090 [0086.736] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x1b723020, nVolumeNameSize=0x32, lpVolumeSerialNumber=0x12d270, lpMaximumComponentLength=0x12d26c, lpFileSystemFlags=0x12d268, lpFileSystemNameBuffer=0x1b723090, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x12d270*=0x9c354b42, lpMaximumComponentLength=0x12d26c*=0xff, lpFileSystemFlags=0x12d268*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0086.737] CoTaskMemFree (pv=0x1b723020) [0086.737] CoTaskMemFree (pv=0x1b723090) [0086.737] SetErrorMode (uMode=0x1) returned 0x1 [0086.737] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0086.738] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0086.739] SetErrorMode (uMode=0x1) returned 0x1 [0086.739] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d210 | out: lpFileInformation=0x12d210*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0086.739] SetErrorMode (uMode=0x1) returned 0x1 [0086.739] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cfb0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0086.739] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12ce60, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0086.739] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0086.740] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0086.740] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0086.741] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0086.741] SetErrorMode (uMode=0x1) returned 0x1 [0086.741] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d040 | out: lpFileInformation=0x12d040*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0086.741] SetErrorMode (uMode=0x1) returned 0x1 [0086.741] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0086.742] SetErrorMode (uMode=0x1) returned 0x1 [0086.742] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d040 | out: lpFileInformation=0x12d040*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0086.742] SetErrorMode (uMode=0x1) returned 0x1 [0086.742] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12ce80, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0086.742] SetErrorMode (uMode=0x1) returned 0x1 [0086.742] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d0e0 | out: lpFileInformation=0x12d0e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0086.742] SetErrorMode (uMode=0x1) returned 0x1 [0086.743] CoTaskMemAlloc (cb=0x804) returned 0x1b72d430 [0086.743] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b72d430, nSize=0x12d4e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d4e8) returned 0x1 [0086.743] CoTaskMemFree (pv=0x1b72d430) [0086.743] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.743] GetUserNameW (in: lpBuffer=0x242960, pcbBuffer=0x12d528 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d528) returned 1 [0086.744] CoTaskMemFree (pv=0x242960) [0086.744] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3b6e3b8*="FileSystem", lpRawData=0x3b6e148) returned 1 [0086.746] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0086.746] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0086.746] CoTaskMemFree (pv=0x2b96d0) [0086.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cdc0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0086.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0086.747] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0086.748] CoTaskMemAlloc (cb=0x804) returned 0x1b72d430 [0086.748] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b72d430, nSize=0x12d4e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d4e8) returned 0x1 [0086.748] CoTaskMemFree (pv=0x1b72d430) [0086.749] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0086.749] GetUserNameW (in: lpBuffer=0x242960, pcbBuffer=0x12d528 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d528) returned 1 [0086.749] CoTaskMemFree (pv=0x242960) [0086.750] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3b73bf8*="Function", lpRawData=0x3b73988) returned 1 [0086.754] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0086.754] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0086.754] CoTaskMemFree (pv=0x2b96d0) [0086.804] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0086.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0086.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0086.805] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.099] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.100] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.103] CoTaskMemAlloc (cb=0x804) returned 0x1b72d430 [0087.103] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b72d430, nSize=0x12d4e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d4e8) returned 0x1 [0087.103] CoTaskMemFree (pv=0x1b72d430) [0087.103] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0087.103] GetUserNameW (in: lpBuffer=0x242960, pcbBuffer=0x12d528 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d528) returned 1 [0087.104] CoTaskMemFree (pv=0x242960) [0087.105] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3158b88*="Registry", lpRawData=0x3158918) returned 1 [0087.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.107] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.108] CoTaskMemAlloc (cb=0x804) returned 0x1b72d430 [0087.108] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b72d430, nSize=0x12d4e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d4e8) returned 0x1 [0087.108] CoTaskMemFree (pv=0x1b72d430) [0087.108] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0087.108] GetUserNameW (in: lpBuffer=0x242960, pcbBuffer=0x12d528 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d528) returned 1 [0087.109] CoTaskMemFree (pv=0x242960) [0087.109] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x315dfa0*="Variable", lpRawData=0x315dd30) returned 1 [0087.112] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.112] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.112] CoTaskMemFree (pv=0x2b96d0) [0087.115] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.115] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.116] CoTaskMemFree (pv=0x2b96d0) [0087.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12cd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0087.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0087.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0087.119] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0x12cce0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0087.322] CoTaskMemAlloc (cb=0x804) returned 0x1b72d430 [0087.322] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b72d430, nSize=0x12d4e8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d4e8) returned 0x1 [0087.322] CoTaskMemFree (pv=0x1b72d430) [0087.322] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0087.322] GetUserNameW (in: lpBuffer=0x242960, pcbBuffer=0x12d528 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d528) returned 1 [0087.322] CoTaskMemFree (pv=0x242960) [0087.323] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3171bb8*="Certificate", lpRawData=0x3171948) returned 1 [0087.332] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.332] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.333] CoTaskMemFree (pv=0x2b96d0) [0087.337] GetLogicalDrives () returned 0x4 [0087.337] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12d170, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0087.337] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0087.339] CoTaskMemAlloc (cb=0x20e) returned 0x2830c0 [0087.339] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x2830c0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0087.339] CoTaskMemFree (pv=0x2830c0) [0087.341] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.341] CoTaskMemFree (pv=0x2b96d0) [0087.341] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.341] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.341] CoTaskMemFree (pv=0x2b96d0) [0087.362] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.362] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.363] CoTaskMemFree (pv=0x2b96d0) [0087.451] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.451] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.451] CoTaskMemFree (pv=0x2b96d0) [0087.452] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x12ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0087.452] SetErrorMode (uMode=0x1) returned 0x1 [0087.452] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x12d130 | out: lpFileInformation=0x12d130*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7cb3aee0, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x7cb3aee0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0087.452] SetErrorMode (uMode=0x1) returned 0x1 [0087.452] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x12ced0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0087.452] SetErrorMode (uMode=0x1) returned 0x1 [0087.452] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x12d130 | out: lpFileInformation=0x12d130*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7cb3aee0, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x7cb3aee0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0087.452] SetErrorMode (uMode=0x1) returned 0x1 [0087.453] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.453] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.453] CoTaskMemFree (pv=0x2b96d0) [0087.459] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x12d070, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0087.460] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cee0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0087.460] SetErrorMode (uMode=0x1) returned 0x1 [0087.460] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d0f0 | out: lpFileInformation=0x12d0f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0087.460] SetErrorMode (uMode=0x1) returned 0x1 [0087.460] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cee0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0087.461] SetErrorMode (uMode=0x1) returned 0x1 [0087.461] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x12d0f0 | out: lpFileInformation=0x12d0f0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0087.461] SetErrorMode (uMode=0x1) returned 0x1 [0087.461] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x12cef0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0087.461] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0087.461] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x12cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0087.461] SetErrorMode (uMode=0x1) returned 0x1 [0087.461] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x12d0f0 | out: lpFileInformation=0x12d0f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0087.462] SetErrorMode (uMode=0x1) returned 0x1 [0087.462] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x12cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0087.462] SetErrorMode (uMode=0x1) returned 0x1 [0087.462] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x12d0f0 | out: lpFileInformation=0x12d0f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0087.462] SetErrorMode (uMode=0x1) returned 0x1 [0087.462] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x12cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0087.462] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0087.462] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x12cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0087.462] SetErrorMode (uMode=0x1) returned 0x1 [0087.463] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x12d0f0 | out: lpFileInformation=0x12d0f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0087.463] SetErrorMode (uMode=0x1) returned 0x1 [0087.463] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x12cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0087.463] SetErrorMode (uMode=0x1) returned 0x1 [0087.463] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x12d0f0 | out: lpFileInformation=0x12d0f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0087.463] SetErrorMode (uMode=0x1) returned 0x1 [0087.463] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x12cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0087.463] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\.", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0087.463] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x12cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0087.464] SetErrorMode (uMode=0x1) returned 0x1 [0087.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x12d0f0 | out: lpFileInformation=0x12d0f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7cb3aee0, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x7cb3aee0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0087.464] SetErrorMode (uMode=0x1) returned 0x1 [0087.464] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x12cee0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0087.464] SetErrorMode (uMode=0x1) returned 0x1 [0087.464] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x12d0f0 | out: lpFileInformation=0x12d0f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7cb3aee0, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x7cb3aee0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0087.464] SetErrorMode (uMode=0x1) returned 0x1 [0087.464] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x12cef0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0087.464] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x12cde0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0087.465] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x12cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0087.465] SetErrorMode (uMode=0x1) returned 0x1 [0087.465] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x12d130 | out: lpFileInformation=0x12d130*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0087.465] SetErrorMode (uMode=0x1) returned 0x1 [0087.465] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x12cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0087.465] SetErrorMode (uMode=0x1) returned 0x1 [0087.466] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0x12d130 | out: lpFileInformation=0x12d130*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0087.466] SetErrorMode (uMode=0x1) returned 0x1 [0087.466] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0087.466] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0x12ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0087.466] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x12cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0087.466] SetErrorMode (uMode=0x1) returned 0x1 [0087.466] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x12d130 | out: lpFileInformation=0x12d130*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0087.466] SetErrorMode (uMode=0x1) returned 0x1 [0087.466] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x12cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0087.467] SetErrorMode (uMode=0x1) returned 0x1 [0087.467] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0x12d130 | out: lpFileInformation=0x12d130*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0087.467] SetErrorMode (uMode=0x1) returned 0x1 [0087.467] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0087.467] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\.", nBufferLength=0x105, lpBuffer=0x12ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0087.467] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x12cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0087.467] SetErrorMode (uMode=0x1) returned 0x1 [0087.467] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x12d130 | out: lpFileInformation=0x12d130*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7cb3aee0, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x7cb3aee0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0087.468] SetErrorMode (uMode=0x1) returned 0x1 [0087.468] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x12cf20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0087.468] SetErrorMode (uMode=0x1) returned 0x1 [0087.468] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x12d130 | out: lpFileInformation=0x12d130*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7cb3aee0, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x7cb3aee0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0087.468] SetErrorMode (uMode=0x1) returned 0x1 [0087.468] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x12cf30, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0087.468] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\.", nBufferLength=0x105, lpBuffer=0x12ce20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0087.472] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x12d190, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0087.472] SetErrorMode (uMode=0x1) returned 0x1 [0087.472] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop"), fInfoLevelId=0x0, lpFileInformation=0x12d3f0 | out: lpFileInformation=0x12d3f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x7cb3aee0, ftLastAccessTime.dwHighDateTime=0x1d622af, ftLastWriteTime.dwLowDateTime=0x7cb3aee0, ftLastWriteTime.dwHighDateTime=0x1d622af, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0087.473] SetErrorMode (uMode=0x1) returned 0x1 [0087.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.475] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.535] CoTaskMemAlloc (cb=0x804) returned 0x1b72d430 [0087.536] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b72d430, nSize=0x12d758 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d758) returned 0x1 [0087.536] CoTaskMemFree (pv=0x1b72d430) [0087.536] CoTaskMemAlloc (cb=0x204) returned 0x242960 [0087.537] GetUserNameW (in: lpBuffer=0x242960, pcbBuffer=0x12d798 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d798) returned 1 [0087.537] CoTaskMemFree (pv=0x242960) [0087.539] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x31af600*="Available", lpRawData=0x31af390) returned 1 [0087.540] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.541] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.541] CoTaskMemFree (pv=0x2b96d0) [0087.542] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.542] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.543] CoTaskMemFree (pv=0x2b96d0) [0087.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d260, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d1b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.551] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.551] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.551] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0087.552] CoTaskMemFree (pv=0x2b96d0) [0087.552] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.552] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b [0087.552] CoTaskMemFree (pv=0x2b96d0) [0087.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.552] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.554] GetCurrentProcessId () returned 0x15c [0087.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.556] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.557] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d170, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.558] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d0c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.559] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.560] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d778 | out: phkResult=0x12d778*=0x344) returned 0x0 [0087.560] RegQueryValueExW (in: hKey=0x344, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d6fc, lpData=0x0, lpcbData=0x12d6f8*=0x0 | out: lpType=0x12d6fc*=0x1, lpData=0x0, lpcbData=0x12d6f8*=0x56) returned 0x0 [0087.560] CoTaskMemAlloc (cb=0x5a) returned 0x1b7231e0 [0087.560] RegQueryValueExW (in: hKey=0x344, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d6cc, lpData=0x1b7231e0, lpcbData=0x12d6c8*=0x56 | out: lpType=0x12d6cc*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d6c8*=0x56) returned 0x0 [0087.560] CoTaskMemFree (pv=0x1b7231e0) [0087.560] RegCloseKey (hKey=0x344) returned 0x0 [0087.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d1e0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d130, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d180, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12d0d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.569] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.569] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.569] CoTaskMemFree (pv=0x2b96d0) [0087.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.570] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.571] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.572] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.573] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.574] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.575] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.576] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.577] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.578] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.579] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c1c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.580] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c110, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.591] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.592] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c150, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c0a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0087.679] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0087.685] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.685] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.685] CoTaskMemFree (pv=0x2b96d0) [0087.691] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0087.712] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.712] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.712] CoTaskMemFree (pv=0x2b96d0) [0087.714] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.714] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.714] CoTaskMemFree (pv=0x2b96d0) [0087.718] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.718] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.718] CoTaskMemFree (pv=0x2b96d0) [0087.724] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.724] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.724] CoTaskMemFree (pv=0x2b96d0) [0087.727] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.727] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.727] CoTaskMemFree (pv=0x2b96d0) [0087.728] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.728] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.728] CoTaskMemFree (pv=0x2b96d0) [0087.734] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0087.741] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0087.832] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0087.837] CoTaskMemAlloc (cb=0x104) returned 0x2b96d0 [0087.837] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b96d0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0087.837] CoTaskMemFree (pv=0x2b96d0) [0088.082] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2b97e0 [0088.083] LocalAlloc (uFlags=0x0, uBytes=0x100) returned 0x2b98f0 [0088.275] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.404] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.408] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.408] VirtualQuery (in: lpAddress=0x12a220, lpBuffer=0x12b0e0, dwLength=0x30 | out: lpBuffer=0x12b0e0*(BaseAddress=0x12a000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.440] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.440] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.440] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.440] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.440] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.440] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.440] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.440] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.440] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.440] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.441] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.441] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.441] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.441] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.441] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.441] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.441] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.441] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.441] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.441] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.441] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.441] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.442] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.442] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.442] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.442] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.442] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.442] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.442] VirtualQuery (in: lpAddress=0x12b7d0, lpBuffer=0x12c690, dwLength=0x30 | out: lpBuffer=0x12c690*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.445] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.445] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.445] CoTaskMemFree (pv=0x2b9a00) [0088.471] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.471] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.471] CoTaskMemFree (pv=0x2b9a00) [0088.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0088.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0088.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0088.472] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0088.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c430, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0088.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0088.545] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c380, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0088.545] VirtualQuery (in: lpAddress=0x12ba80, lpBuffer=0x12c940, dwLength=0x30 | out: lpBuffer=0x12c940*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c410, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0088.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0088.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x12c360, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0088.554] VirtualQuery (in: lpAddress=0x12ba80, lpBuffer=0x12c940, dwLength=0x30 | out: lpBuffer=0x12c940*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.554] VirtualQuery (in: lpAddress=0x12b2d0, lpBuffer=0x12c190, dwLength=0x30 | out: lpBuffer=0x12c190*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.554] VirtualQuery (in: lpAddress=0x12b2d0, lpBuffer=0x12c190, dwLength=0x30 | out: lpBuffer=0x12c190*(BaseAddress=0x12b000, AllocationBase=0xb0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.556] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d8d8 | out: phkResult=0x12d8d8*=0x3c4) returned 0x0 [0088.556] RegQueryValueExW (in: hKey=0x3c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d85c, lpData=0x0, lpcbData=0x12d858*=0x0 | out: lpType=0x12d85c*=0x1, lpData=0x0, lpcbData=0x12d858*=0x56) returned 0x0 [0088.556] CoTaskMemAlloc (cb=0x5a) returned 0x1b759e90 [0088.556] RegQueryValueExW (in: hKey=0x3c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d82c, lpData=0x1b759e90, lpcbData=0x12d828*=0x56 | out: lpType=0x12d82c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d828*=0x56) returned 0x0 [0088.556] CoTaskMemFree (pv=0x1b759e90) [0088.557] RegCloseKey (hKey=0x3c4) returned 0x0 [0088.557] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d8d8 | out: phkResult=0x12d8d8*=0x3c4) returned 0x0 [0088.557] RegQueryValueExW (in: hKey=0x3c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d85c, lpData=0x0, lpcbData=0x12d858*=0x0 | out: lpType=0x12d85c*=0x1, lpData=0x0, lpcbData=0x12d858*=0x56) returned 0x0 [0088.557] CoTaskMemAlloc (cb=0x5a) returned 0x1b759e90 [0088.557] RegQueryValueExW (in: hKey=0x3c4, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0x12d82c, lpData=0x1b759e90, lpcbData=0x12d828*=0x56 | out: lpType=0x12d82c*=0x1, lpData="C:\\Windows\\System32\\WindowsPowerShell\\v1.0", lpcbData=0x12d828*=0x56) returned 0x0 [0088.557] CoTaskMemFree (pv=0x1b759e90) [0088.557] RegCloseKey (hKey=0x3c4) returned 0x0 [0088.558] CoTaskMemAlloc (cb=0x20c) returned 0x2b62e0 [0088.558] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2b62e0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0088.558] CoTaskMemFree (pv=0x2b62e0) [0088.558] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0088.558] CoTaskMemAlloc (cb=0x20c) returned 0x2b62e0 [0088.558] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x2b62e0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0088.558] CoTaskMemFree (pv=0x2b62e0) [0088.558] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0x12d490, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0088.561] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", lpFilePart=0x0) returned 0x36 [0088.561] SetErrorMode (uMode=0x1) returned 0x1 [0088.561] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d840 | out: lpFileInformation=0x12d840*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0088.562] SetErrorMode (uMode=0x1) returned 0x1 [0088.562] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12d630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x4b [0088.562] SetErrorMode (uMode=0x1) returned 0x1 [0088.562] GetFileAttributesExW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d840 | out: lpFileInformation=0x12d840*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0088.562] SetErrorMode (uMode=0x1) returned 0x1 [0088.562] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", nBufferLength=0x105, lpBuffer=0x12d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", lpFilePart=0x0) returned 0x45 [0088.562] SetErrorMode (uMode=0x1) returned 0x1 [0088.562] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d840 | out: lpFileInformation=0x12d840*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0088.563] SetErrorMode (uMode=0x1) returned 0x1 [0088.563] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", nBufferLength=0x105, lpBuffer=0x12d630, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", lpFilePart=0x0) returned 0x5a [0088.563] SetErrorMode (uMode=0x1) returned 0x1 [0088.563] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1"), fInfoLevelId=0x0, lpFileInformation=0x12d840 | out: lpFileInformation=0x12d840*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0088.563] SetErrorMode (uMode=0x1) returned 0x1 [0088.566] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.566] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.566] CoTaskMemFree (pv=0x2b9a00) [0088.568] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.568] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.568] CoTaskMemFree (pv=0x2b9a00) [0088.570] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.570] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.570] CoTaskMemFree (pv=0x2b9a00) [0088.573] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.573] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.573] CoTaskMemFree (pv=0x2b9a00) [0088.579] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.579] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.579] CoTaskMemFree (pv=0x2b9a00) [0088.581] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3c4 [0088.581] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x368 [0088.581] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x390 [0088.581] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x394 [0088.581] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398 [0088.581] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x39c [0088.581] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a0 [0088.581] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3a4 [0088.581] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x3a8 [0088.581] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3c8 [0088.581] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x38c [0088.581] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3b0 [0088.583] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.583] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.583] CoTaskMemFree (pv=0x2b9a00) [0088.585] GetStdHandle (nStdHandle=0xfffffff6) returned 0xf8 [0088.585] GetConsoleMode (in: hConsoleHandle=0xf8, lpMode=0x12da20 | out: lpMode=0x12da20) returned 0 [0088.586] GetConsoleCP () returned 0x1b5 [0088.593] GetFileType (hFile=0xf8) returned 0x2 [0088.594] ReadFile (in: hFile=0xf8, lpBuffer=0x2e640b0, nNumberOfBytesToRead=0x0, lpNumberOfBytesRead=0x12d7e8, lpOverlapped=0x0 | out: lpBuffer=0x2e640b0*, lpNumberOfBytesRead=0x12d7e8*=0x0, lpOverlapped=0x0) returned 1 [0088.601] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.601] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.601] CoTaskMemFree (pv=0x2b9a00) [0088.616] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x340 [0088.617] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x314 [0088.619] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.619] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.620] CoTaskMemFree (pv=0x2b9a00) [0088.620] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d7e8 | out: phkResult=0x12d7e8*=0x3b8) returned 0x0 [0088.620] RegQueryValueExW (in: hKey=0x3b8, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x12d76c, lpData=0x0, lpcbData=0x12d768*=0x0 | out: lpType=0x12d76c*=0x0, lpData=0x0, lpcbData=0x12d768*=0x0) returned 0x2 [0088.768] ReadFile (in: hFile=0xf8, lpBuffer=0x2e64160, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x12d7b8, lpOverlapped=0x0 | out: lpBuffer=0x2e64160*, lpNumberOfBytesRead=0x12d7b8*=0x0, lpOverlapped=0x0) returned 1 [0088.770] ReadFile (in: hFile=0xf8, lpBuffer=0x2e64160, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x12d7b8, lpOverlapped=0x0 | out: lpBuffer=0x2e64160*, lpNumberOfBytesRead=0x12d7b8*=0x0, lpOverlapped=0x0) returned 1 [0088.773] SetEvent (hEvent=0x394) returned 1 [0088.773] SetEvent (hEvent=0x3c4) returned 1 [0088.773] SetEvent (hEvent=0x368) returned 1 [0088.774] SetEvent (hEvent=0x390) returned 1 [0089.558] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x354 [0089.558] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x358 [0089.558] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x35c [0089.558] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3bc [0089.558] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x36c [0089.558] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x370 [0089.558] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x374 [0089.558] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x378 [0089.558] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x37c [0089.558] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x380 [0089.558] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x384 [0089.558] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x388 [0089.559] SetEvent (hEvent=0x3bc) returned 1 [0089.559] SetEvent (hEvent=0x354) returned 1 [0089.559] SetEvent (hEvent=0x358) returned 1 [0089.559] SetEvent (hEvent=0x35c) returned 1 [0089.559] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c0 [0089.559] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0x12d808 | out: phkResult=0x12d808*=0x3ac) returned 0x0 [0089.560] RegQueryValueExW (in: hKey=0x3ac, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0x12d78c, lpData=0x0, lpcbData=0x12d788*=0x0 | out: lpType=0x12d78c*=0x0, lpData=0x0, lpcbData=0x12d788*=0x0) returned 0x2 [0089.578] SetEvent (hEvent=0x36c) returned 1 [0089.578] SetEvent (hEvent=0x370) returned 1 [0089.578] SetEvent (hEvent=0x374) returned 1 [0089.586] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0089.586] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0089.586] CoTaskMemFree (pv=0x2b9a00) [0089.590] SetEvent (hEvent=0x334) returned 1 [0089.590] CoTaskMemAlloc (cb=0x804) returned 0x1b7504b0 [0089.590] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x1b7504b0, nSize=0x12d8a8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x12d8a8) returned 0x1 [0089.591] CoTaskMemFree (pv=0x1b7504b0) [0089.591] CoTaskMemAlloc (cb=0x204) returned 0x2431a0 [0089.591] GetUserNameW (in: lpBuffer=0x2431a0, pcbBuffer=0x12d8e8 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x12d8e8) returned 1 [0089.591] CoTaskMemFree (pv=0x2431a0) [0089.605] ReportEventW (hEventLog=0x1b820008, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2dbe6f0*="Stopped", lpRawData=0x2dbe480) returned 1 [0089.608] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0089.611] CoGetContextToken (in: pToken=0x12f470 | out: pToken=0x12f470) returned 0x0 [0089.611] CObjectContext::QueryInterface () returned 0x0 [0089.611] CObjectContext::GetCurrentThreadType () returned 0x0 [0089.611] Release () returned 0x0 [0089.615] CoGetContextToken (in: pToken=0x12f040 | out: pToken=0x12f040) returned 0x0 [0089.615] CObjectContext::QueryInterface () returned 0x0 [0089.616] CObjectContext::GetCurrentThreadType () returned 0x0 [0089.616] Release () returned 0x0 [0089.619] CoGetContextToken (in: pToken=0x12f040 | out: pToken=0x12f040) returned 0x0 [0089.619] CObjectContext::QueryInterface () returned 0x0 [0089.619] CObjectContext::GetCurrentThreadType () returned 0x0 [0089.619] Release () returned 0x0 [0089.627] CoGetContextToken (in: pToken=0x12f040 | out: pToken=0x12f040) returned 0x0 [0089.627] CObjectContext::QueryInterface () returned 0x0 [0089.627] CObjectContext::GetCurrentThreadType () returned 0x0 [0089.627] Release () returned 0x0 [0089.649] CoGetContextToken (in: pToken=0x12f030 | out: pToken=0x12f030) returned 0x0 [0089.649] CObjectContext::QueryInterface () returned 0x0 [0089.649] CObjectContext::GetCurrentThreadType () returned 0x0 [0089.649] Release () returned 0x0 [0089.650] CoUninitialize () Thread: id = 8 os_tid = 0x7a4 Thread: id = 9 os_tid = 0x774 Thread: id = 10 os_tid = 0x704 Thread: id = 11 os_tid = 0x694 Thread: id = 12 os_tid = 0x7e4 [0080.391] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0085.086] LocalFree (hMem=0x20a7d0) returned 0x0 [0085.086] CloseHandle (hObject=0x330) returned 1 [0085.087] CloseHandle (hObject=0x13) returned 1 [0085.087] CloseHandle (hObject=0xf) returned 1 [0085.088] RegCloseKey (hKey=0x31c) returned 0x0 [0085.088] RegCloseKey (hKey=0x318) returned 0x0 [0085.088] RegCloseKey (hKey=0x314) returned 0x0 [0085.089] LocalFree (hMem=0x20a7a0) returned 0x0 [0085.089] RegCloseKey (hKey=0x340) returned 0x0 [0087.019] RegCloseKey (hKey=0x3c0) returned 0x0 [0087.019] RegCloseKey (hKey=0x388) returned 0x0 [0087.020] RegCloseKey (hKey=0x384) returned 0x0 [0087.020] RegCloseKey (hKey=0x380) returned 0x0 [0087.020] RegCloseKey (hKey=0x37c) returned 0x0 [0087.021] RegCloseKey (hKey=0x378) returned 0x0 [0087.021] RegCloseKey (hKey=0x374) returned 0x0 [0087.021] RegCloseKey (hKey=0x370) returned 0x0 [0087.022] RegCloseKey (hKey=0x36c) returned 0x0 [0087.022] RegCloseKey (hKey=0x3bc) returned 0x0 [0087.022] RegCloseKey (hKey=0x35c) returned 0x0 [0087.023] RegCloseKey (hKey=0x358) returned 0x0 [0087.023] RegCloseKey (hKey=0x354) returned 0x0 [0087.023] RegCloseKey (hKey=0x350) returned 0x0 [0087.025] RegCloseKey (hKey=0x34c) returned 0x0 [0087.026] RegCloseKey (hKey=0x348) returned 0x0 [0087.026] RegCloseKey (hKey=0x330) returned 0x0 [0087.026] RegCloseKey (hKey=0x31c) returned 0x0 [0087.026] RegCloseKey (hKey=0x3b8) returned 0x0 [0087.027] RegCloseKey (hKey=0x314) returned 0x0 [0087.027] RegCloseKey (hKey=0x340) returned 0x0 [0087.027] RegCloseKey (hKey=0x3b4) returned 0x0 [0087.028] RegCloseKey (hKey=0x3b0) returned 0x0 [0087.028] RegCloseKey (hKey=0x38c) returned 0x0 [0087.028] RegCloseKey (hKey=0x3c8) returned 0x0 [0087.029] RegCloseKey (hKey=0x3a8) returned 0x0 [0087.029] RegCloseKey (hKey=0x3a4) returned 0x0 [0087.029] RegCloseKey (hKey=0x3a0) returned 0x0 [0087.029] RegCloseKey (hKey=0x39c) returned 0x0 [0087.030] RegCloseKey (hKey=0x398) returned 0x0 [0087.030] RegCloseKey (hKey=0x394) returned 0x0 [0087.030] RegCloseKey (hKey=0x390) returned 0x0 [0087.031] RegCloseKey (hKey=0x368) returned 0x0 [0087.031] RegCloseKey (hKey=0x3c4) returned 0x0 [0087.031] RegCloseKey (hKey=0x344) returned 0x0 [0089.600] CloseHandle (hObject=0x3bc) returned 1 [0089.600] CloseHandle (hObject=0x35c) returned 1 [0089.600] CloseHandle (hObject=0x358) returned 1 [0089.600] CloseHandle (hObject=0x354) returned 1 [0089.601] RegCloseKey (hKey=0x3b8) returned 0x0 [0089.601] CloseHandle (hObject=0x314) returned 1 [0089.601] CloseHandle (hObject=0x340) returned 1 [0089.601] CloseHandle (hObject=0xf) returned 1 [0089.602] CloseHandle (hObject=0x3b0) returned 1 [0089.602] CloseHandle (hObject=0x38c) returned 1 [0089.602] CloseHandle (hObject=0x3c8) returned 1 [0089.602] CloseHandle (hObject=0x3a8) returned 1 [0089.602] CloseHandle (hObject=0x3a4) returned 1 [0089.602] CloseHandle (hObject=0x3a0) returned 1 [0089.603] CloseHandle (hObject=0x39c) returned 1 [0089.603] CloseHandle (hObject=0x398) returned 1 [0089.603] CloseHandle (hObject=0x394) returned 1 [0089.603] CloseHandle (hObject=0x390) returned 1 [0089.603] CloseHandle (hObject=0x368) returned 1 [0089.603] CloseHandle (hObject=0x3c4) returned 1 [0089.604] RegCloseKey (hKey=0x3ac) returned 0x0 [0089.604] CloseHandle (hObject=0x3c0) returned 1 [0089.618] LocalFree (hMem=0x2b98f0) returned 0x0 [0089.619] LocalFree (hMem=0x2b97e0) returned 0x0 [0089.626] DeregisterEventSource (hEventLog=0x1b820008) returned 1 [0089.641] CloseHandle (hObject=0x388) returned 1 [0089.641] CloseHandle (hObject=0x380) returned 1 [0089.641] CloseHandle (hObject=0x37c) returned 1 [0089.642] CloseHandle (hObject=0x384) returned 1 [0089.642] CloseHandle (hObject=0x378) returned 1 [0089.642] CloseHandle (hObject=0x374) returned 1 [0089.643] UnmapViewOfFile (lpBaseAddress=0x2100000) returned 1 [0089.644] CloseHandle (hObject=0x36c) returned 1 [0089.644] CloseHandle (hObject=0x33c) returned 1 [0089.644] RegCloseKey (hKey=0xffffffff80000004) returned 0x0 [0089.645] CloseHandle (hObject=0x3b4) returned 1 [0089.645] CloseHandle (hObject=0x2fc) returned 1 [0089.645] CloseHandle (hObject=0x334) returned 1 [0089.646] UnmapViewOfFile (lpBaseAddress=0x1bc40000) returned 1 [0089.647] CloseHandle (hObject=0x370) returned 1 Thread: id = 13 os_tid = 0x7bc [0088.628] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0088.634] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409 [0088.636] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.636] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.637] CoTaskMemFree (pv=0x2b9a00) [0088.642] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.642] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.642] CoTaskMemFree (pv=0x2b9a00) [0088.644] VirtualQuery (in: lpAddress=0x1c76ddc0, lpBuffer=0x1c76ec80, dwLength=0x30 | out: lpBuffer=0x1c76ec80*(BaseAddress=0x1c76d000, AllocationBase=0x1bde0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.649] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.649] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.650] CoTaskMemFree (pv=0x2b9a00) [0088.653] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.653] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.653] CoTaskMemFree (pv=0x2b9a00) [0088.660] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.660] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.660] CoTaskMemFree (pv=0x2b9a00) [0088.686] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.686] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.686] CoTaskMemFree (pv=0x2b9a00) [0088.689] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.689] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.689] CoTaskMemFree (pv=0x2b9a00) [0088.691] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.691] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.691] CoTaskMemFree (pv=0x2b9a00) [0088.699] VirtualQuery (in: lpAddress=0x1c76e070, lpBuffer=0x1c76ef30, dwLength=0x30 | out: lpBuffer=0x1c76ef30*(BaseAddress=0x1c76e000, AllocationBase=0x1bde0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0088.700] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.700] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.700] CoTaskMemFree (pv=0x2b9a00) [0088.703] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.703] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.703] CoTaskMemFree (pv=0x2b9a00) [0088.704] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.704] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.704] CoTaskMemFree (pv=0x2b9a00) [0088.705] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.705] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.705] CoTaskMemFree (pv=0x2b9a00) [0088.711] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.711] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.711] CoTaskMemFree (pv=0x2b9a00) [0088.795] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.795] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.795] CoTaskMemFree (pv=0x2b9a00) [0088.798] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.798] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.798] CoTaskMemFree (pv=0x2b9a00) [0088.800] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.800] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.800] CoTaskMemFree (pv=0x2b9a00) [0088.803] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.803] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.803] CoTaskMemFree (pv=0x2b9a00) [0088.805] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.805] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.805] CoTaskMemFree (pv=0x2b9a00) [0088.807] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.807] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.807] CoTaskMemFree (pv=0x2b9a00) [0088.809] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.809] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.809] CoTaskMemFree (pv=0x2b9a00) [0088.835] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0088.835] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0088.835] CoTaskMemFree (pv=0x2b9a00) [0089.144] GetLogicalDrives () returned 0x4 [0089.210] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0089.210] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0089.210] CoTaskMemFree (pv=0x2b9a00) [0089.216] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0089.216] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0089.216] CoTaskMemFree (pv=0x2b9a00) [0089.284] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0089.284] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0089.284] CoTaskMemFree (pv=0x2b9a00) [0089.308] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0089.308] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0089.308] CoTaskMemFree (pv=0x2b9a00) [0089.311] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0089.311] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0089.311] CoTaskMemFree (pv=0x2b9a00) [0089.346] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0089.346] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0089.346] CoTaskMemFree (pv=0x2b9a00) [0089.396] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0089.396] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0089.396] CoTaskMemFree (pv=0x2b9a00) [0089.442] CoTaskMemAlloc (cb=0x104) returned 0x2b9a00 [0089.442] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x2b9a00, nSize=0x80 | out: lpBuffer="") returned 0x0 [0089.442] CoTaskMemFree (pv=0x2b9a00) [0089.507] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0089.507] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x1c76e160 | out: lpConsoleScreenBufferInfo=0x1c76e160) returned 1 [0089.511] GetConsoleOutputCP () returned 0x1b5 [0089.513] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x1c76e0f0, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x1c76e0f0) returned 0 [0089.515] GetStdHandle (nStdHandle=0xfffffff5) returned 0xfc [0089.515] GetConsoleMode (in: hConsoleHandle=0xfc, lpMode=0x1c76e140 | out: lpMode=0x1c76e140) returned 0 [0089.515] GetConsoleOutputCP () returned 0x1b5 [0089.515] GetFileType (hFile=0xfc) returned 0x3 [0089.535] WriteFile (in: hFile=0xfc, lpBuffer=0x2f10500*, nNumberOfBytesToWrite=0x3, lpNumberOfBytesWritten=0x1c76dfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f10500*, lpNumberOfBytesWritten=0x1c76dfd8*=0x3, lpOverlapped=0x0) returned 1 [0089.535] WriteFile (in: hFile=0xfc, lpBuffer=0x2f10500*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1c76dfd8, lpOverlapped=0x0 | out: lpBuffer=0x2f10500*, lpNumberOfBytesWritten=0x1c76dfd8*=0x2, lpOverlapped=0x0) returned 1 [0089.545] SetEvent (hEvent=0x3a4) returned 1 [0089.545] SetEvent (hEvent=0x398) returned 1 [0089.545] SetEvent (hEvent=0x39c) returned 1 [0089.546] SetEvent (hEvent=0x3a0) returned 1 [0089.556] SetEvent (hEvent=0x3b0) returned 1 [0089.556] SetEvent (hEvent=0x3a8) returned 1 [0089.556] SetEvent (hEvent=0x3c8) returned 1 [0089.556] SetEvent (hEvent=0x38c) returned 1 [0089.557] SetEvent (hEvent=0x314) returned 1 [0089.557] SetEvent (hEvent=0x340) returned 1 [0089.563] CoUninitialize () Thread: id = 14 os_tid = 0x518 [0089.566] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0089.568] SetThreadUILanguage (LangId=0x0) returned 0x7fffff00409 [0089.569] VirtualQuery (in: lpAddress=0x1d0fd960, lpBuffer=0x1d0fe820, dwLength=0x30 | out: lpBuffer=0x1d0fe820*(BaseAddress=0x1d0fd000, AllocationBase=0x1c770000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0089.569] VirtualQuery (in: lpAddress=0x1d0fdc10, lpBuffer=0x1d0fead0, dwLength=0x30 | out: lpBuffer=0x1d0fead0*(BaseAddress=0x1d0fd000, AllocationBase=0x1c770000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0089.574] SetEvent (hEvent=0x36c) returned 1 [0089.574] SetEvent (hEvent=0x370) returned 1 [0089.574] SetEvent (hEvent=0x378) returned 1 [0089.574] SetEvent (hEvent=0x36c) returned 1 [0089.574] SetEvent (hEvent=0x370) returned 1 [0089.574] SetEvent (hEvent=0x388) returned 1 [0089.575] SetEvent (hEvent=0x37c) returned 1 [0089.575] SetEvent (hEvent=0x380) returned 1 [0089.575] SetEvent (hEvent=0x384) returned 1 [0089.575] SetEvent (hEvent=0x3c0) returned 1 [0089.576] CoUninitialize ()